Changeset 159
- Timestamp:
- Jun 11, 2006 5:41:23 AM (18 years ago)
- Location:
- trunk
- Files:
-
- 9 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/bin/module_maker/skel/admin.php
r154 r159 300 300 301 301 // Create version. 302 $version = Version::getInstance($ GLOBALS['auth']);302 $version = Version::getInstance($auth); 303 303 $version->create('%DB_TBL%', '%PRIMARY_KEY%', $last_insert_id, $frm['__///__']); 304 304 … … 310 310 function updateRecord($frm) 311 311 { 312 global $auth, $lock; 312 global $auth; 313 global $lock; 313 314 global $cache; 314 315 $app =& App::getInstance(); … … 325 326 326 327 // Create version. 327 $version = Version::getInstance($ GLOBALS['auth']);328 $version = Version::getInstance($auth); 328 329 $version->create('%DB_TBL%', '%PRIMARY_KEY%', $frm['%PRIMARY_KEY%'], $frm['__///__']); 329 330 -
trunk/lib/App.inc.php
r154 r159 830 830 * @param mixed $carry_args Additional arguments to carry in the URL automatically (see $app->oHREF()). 831 831 * @param string $default_url A default URL if there is not a valid specified boomerang URL. 832 * @param bool $queryless_referrer_comparison Exclude the URL query from the refererIsMe() comparison. 832 833 * @return bool False if the session is not running. No return otherwise. 833 834 * @author Quinn Comendant <quinn@strangecode.com> 834 835 * @since 31 Mar 2006 19:17:00 835 836 */ 836 function dieBoomerangURL($id=null, $carry_args=null, $default_url=null )837 function dieBoomerangURL($id=null, $carry_args=null, $default_url=null, $queryless_referrer_comparison=false) 837 838 { 838 839 if (!$this->running) { … … 854 855 } else if (isset($default_url)) { 855 856 $url = $default_url; 856 } else if (!refererIsMe( )) {857 } else if (!refererIsMe(true === $queryless_referrer_comparison)) { 857 858 // Ensure that the redirecting page is not also the referrer. 858 859 $url = getenv('HTTP_REFERER'); … … 888 889 if ('' != $url && is_string($url)) { 889 890 // Delete any boomerang request keys in the query string. 890 $url = preg_replace('/ boomerang=[\w]+/', '', $url);891 $url = preg_replace('/[&?]?boomerang=[\w]+/', '', $url); 891 892 892 893 if (isset($_SESSION['_app'][$this->_ns]['boomerang']['url']) && is_array($_SESSION['_app'][$this->_ns]['boomerang']['url']) && !empty($_SESSION['_app'][$this->_ns]['boomerang']['url'])) { … … 999 1000 } 1000 1001 if ($boomerang_time >= (time() - 2)) { 1001 // Last boomerang direction was morethan 2 seconds ago.1002 $this->logMsg(sprintf('validBoomerangURL(%s) not valid, boomerang_time too short: %s ', $id, time() - $boomerang_time), LOG_DEBUG, __FILE__, __LINE__);1002 // Last boomerang direction was less than 2 seconds ago. 1003 $this->logMsg(sprintf('validBoomerangURL(%s) not valid, boomerang_time too short: %s seconds', $id, time() - $boomerang_time), LOG_DEBUG, __FILE__, __LINE__); 1003 1004 return false; 1004 1005 } -
trunk/lib/Auth_SQL.inc.php
r158 r159 444 444 445 445 // Update the login counter table with this login access. Convert IP to binary. 446 // TODO: after MySQL 5.0.23 is released this query could benefit from INSERT DELAYED. 446 447 $db->query(" 447 448 INSERT INTO " . $this->_params['db_login_table'] . " ( -
trunk/lib/Prefs.inc.php
r158 r159 180 180 } 181 181 182 // Set a persistent perference if... 183 // - there isn't a default. 184 // - the new value is different than the default 185 // - there is a previously existing pesistent key. 182 186 if (!isset($_SESSION['_prefs'][$this->_ns]['defaults'][$key]) || $_SESSION['_prefs'][$this->_ns]['defaults'][$key] != $val || isset($_SESSION['_prefs'][$this->_ns]['persistent'][$key])) { 183 187 $_SESSION['_prefs'][$this->_ns]['persistent'][$key] = $val; 188 $app->logMsg(sprintf('Setting preference %s to %s', $key, $val), LOG_DEBUG, __FILE__, __LINE__); 189 } else { 190 $app->logMsg(sprintf('not setting %s to %s', $key, $val), LOG_DEBUG, __FILE__, __LINE__); 184 191 } 185 192 } … … 347 354 $this->initDB(); 348 355 349 if (isset($_SESSION['_prefs'][$this->_ns]['persistent']) && is_array($_SESSION['_prefs'][$this->_ns]['persistent']) ) {356 if (isset($_SESSION['_prefs'][$this->_ns]['persistent']) && is_array($_SESSION['_prefs'][$this->_ns]['persistent']) && !empty($_SESSION['_prefs'][$this->_ns]['persistent'])) { 350 357 // Delete old prefs from database. 351 358 $db->query(" … … 365 372 ); 366 373 } 374 // TODO: after MySQL 5.0.23 is released this query could benefit from INSERT DELAYED. 367 375 $db->query(" 368 INSERT LOW_PRIORITYINTO " . $db->escapeString($this->getParam('db_table')) . "376 INSERT INTO " . $db->escapeString($this->getParam('db_table')) . " 369 377 (user_id, pref_namespace, pref_key, pref_value) 370 378 VALUES " . join(', ', $insert_values) . " -
trunk/lib/Utilities.inc.php
r154 r159 595 595 * @access public 596 596 * @param string $val The string to sign. 597 * @param string $s eed_key(Optional) A text key to use for computing the signature.597 * @param string $salt (Optional) A text key to use for computing the signature. 598 598 * @return string The original value with a signature appended. 599 599 */ 600 function addSignature($val, $seed_key=null) 601 { 602 $app =& App::getInstance(); 603 604 if ('' == $val) { 605 $app->logMsg(sprintf('Adding signature to empty string.', null), LOG_NOTICE, __FILE__, __LINE__); 606 } 607 608 if (!isset($seed_key)) { 609 $seed_key = $app->getParam('signing_key'); 610 } 611 612 return $val . '-' . substr(md5($val . $seed_key), 0, 18); 600 function addSignature($val, $salt=null) 601 { 602 $app =& App::getInstance(); 603 604 if ('' == trim($val)) { 605 $app->logMsg(sprintf('Cannot add signature to an empty string.', null), LOG_DEBUG, __FILE__, __LINE__); 606 return ''; 607 } 608 609 if (!isset($salt)) { 610 $salt = $app->getParam('signing_key'); 611 } 612 613 return $val . '-' . substr(md5($salt . md5($val . $salt)), 0, 18); 613 614 } 614 615 … … 631 632 * @access public 632 633 * @param string $signed_val A value with appended signature. 633 * @param string $s eed_key(Optional) A text key to use for computing the signature.634 * @param string $salt (Optional) A text key to use for computing the signature. 634 635 * @return bool True if the signature matches the var. 635 636 */ 636 function verifySignature($signed_val, $s eed_key=null)637 function verifySignature($signed_val, $salt=null) 637 638 { 638 639 // Strip the value from the signed value. 639 640 $val = removeSignature($signed_val); 640 641 // If the signed value matches the original signed value we consider the value safe. 641 if ($signed_val == addSignature($val, $s eed_key)) {642 if ($signed_val == addSignature($val, $salt)) { 642 643 // Signature verified. 643 644 return true; … … 716 717 return false; 717 718 } 718 }719 720 /**721 * If the given $url is on the same web site, return true. This can be used to722 * prevent from sending sensitive info in a get query (like the SID) to another723 * domain.724 *725 * @param string $url the URI to test.726 * @return bool True if given $url is this domain or has no domain (is a relative url), false if it's another.727 */728 function isMyDomain($url)729 {730 static $urls = array();731 732 if (!isset($urls[$url])) {733 if (!preg_match('|\w{1,}\.\w{2,5}/|', $url)) {734 // If we can't find a domain we assume the URL is relative.735 $urls[$url] = true;736 } else {737 $urls[$url] = preg_match('/' . preg_quote(getenv('HTTP_HOST')) . '/', $url);738 }739 }740 return $urls[$url];741 }742 743 /**744 * Takes a URL and returns it without the query or anchor portion745 *746 * @param string $url any kind of URI747 * @return string the URI with ? or # and everything after removed748 */749 function stripQuery($url)750 {751 return preg_replace('![?#].*!', '', $url);752 719 } 753 720 … … 810 777 811 778 /** 779 * If the given $url is on the same web site, return true. This can be used to 780 * prevent from sending sensitive info in a get query (like the SID) to another 781 * domain. 782 * 783 * @param string $url the URI to test. 784 * @return bool True if given $url is our domain or has no domain (is a relative url), false if it's another. 785 */ 786 function isMyDomain($url) 787 { 788 static $urls = array(); 789 790 if (!isset($urls[$url])) { 791 if (!preg_match('|https?://[\w.]+/|', $url)) { 792 // If we can't find a domain we assume the URL is local (i.e. "/my/url/path/" or "../img/file.jpg"). 793 $urls[$url] = true; 794 } else { 795 $urls[$url] = preg_match('|https?://[\w.]*' . preg_quote(getenv('HTTP_HOST'), '|') . '|i', $url); 796 } 797 } 798 return $urls[$url]; 799 } 800 801 /** 802 * Takes a URL and returns it without the query or anchor portion 803 * 804 * @param string $url any kind of URI 805 * @return string the URI with ? or # and everything after removed 806 */ 807 function stripQuery($url) 808 { 809 return preg_replace('![?#].*!', '', $url); 810 } 811 812 /** 812 813 * Returns a fully qualified URL to the current script, including the query. 813 814 * … … 823 824 * Compares the current url with the referring url. 824 825 * 825 * @param string $compary_query Include the query string in the comparison. 826 * @return bool true if the current script (or specified valid_referer) 827 * is the referrer. false otherwise. 826 * @param bool $exclude_query Remove the query string first before comparing. 827 * @return bool True if the current URL is the same as the refering URL, false otherwise. 828 828 */ 829 829 function refererIsMe($exclude_query=false) -
trunk/lib/Version.inc.php
r149 r159 185 185 186 186 // Save as new version. 187 // TODO: after MySQL 5.0.23 is released this query could benefit from INSERT DELAYED. 187 188 $db->query(" 188 189 INSERT INTO " . $db->escapeString($this->getParam('db_table')) . " ( -
trunk/services/admins.php
r153 r159 405 405 406 406 // Create version. 407 $version = Version::getInstance($ GLOBALS['auth']);407 $version = Version::getInstance($auth); 408 408 $version->create('admin_tbl', 'admin_id', $last_insert_id, $frm['username']); 409 409 … … 449 449 450 450 // Create version. 451 $version = Version::getInstance($ GLOBALS['auth']);451 $version = Version::getInstance($auth); 452 452 $version->create('admin_tbl', 'admin_id', $frm['admin_id'], $frm['username']); 453 453 -
trunk/services/lock.php
r141 r159 42 42 43 43 // Titles and navigation header. 44 $nav->addPage(sprintf(_("Locked record: %s"), $lock->getTitle()));44 $nav->addPage(sprintf(_("Locked record: <em>%s</em>"), $lock->getTitle())); 45 45 46 46 // Templates. -
trunk/services/versions.php
r143 r159 17 17 *****************************************************************************/ 18 18 19 $version = Version::getInstance($ GLOBALS['auth']);19 $version = Version::getInstance($auth); 20 20 21 21 // Query arguments to retain their values between page requests.
Note: See TracChangeset
for help on using the changeset viewer.