Changeset 159

Timestamp:

Jun 11, 2006 5:41:23 AM (18 years ago)

Author:

scdev

Message:

${1}

Location:

trunk

Files:

• bin/module_maker/skel/admin.php (modified) (3 diffs)
• lib/App.inc.php (modified) (4 diffs)
• lib/Auth_SQL.inc.php (modified) (1 diff)
• lib/Prefs.inc.php (modified) (3 diffs)
• lib/Utilities.inc.php (modified) (5 diffs)
• lib/Version.inc.php (modified) (1 diff)
• services/admins.php (modified) (2 diffs)
• services/lock.php (modified) (1 diff)
• services/versions.php (modified) (1 diff)

trunk/bin/module_maker/skel/admin.php

@@ -300 +300 @@
 
     // Create version.
-    $version = Version::getInstance($GLOBALS['auth']);
+    $version = Version::getInstance($auth);
     $version->create('%DB_TBL%', '%PRIMARY_KEY%', $last_insert_id, $frm['__///__']);
 
@@ -310 +310 @@
 function updateRecord($frm)
 {
-    global $auth, $lock;
+    global $auth;
+    global $lock;
     global $cache;
     $app =& App::getInstance();
@@ -325 +326 @@
 
     // Create version.
-    $version = Version::getInstance($GLOBALS['auth']);
+    $version = Version::getInstance($auth);
     $version->create('%DB_TBL%', '%PRIMARY_KEY%', $frm['%PRIMARY_KEY%'], $frm['__///__']);
 

trunk/lib/App.inc.php

@@ -830 +830 @@
     * @param    mixed   $carry_args     Additional arguments to carry in the URL automatically (see $app->oHREF()).
     * @param    string  $default_url    A default URL if there is not a valid specified boomerang URL.
+    * @param    bool    $queryless_referrer_comparison   Exclude the URL query from the refererIsMe() comparison.
     * @return   bool                    False if the session is not running. No return otherwise.
     * @author   Quinn Comendant <quinn@strangecode.com>
     * @since    31 Mar 2006 19:17:00
     */
-    function dieBoomerangURL($id=null, $carry_args=null, $default_url=null)
+    function dieBoomerangURL($id=null, $carry_args=null, $default_url=null, $queryless_referrer_comparison=false)
     {
         if (!$this->running) {
@@ -854 +855 @@
         } else if (isset($default_url)) {
             $url = $default_url;
-        } else if (!refererIsMe()) {
+        } else if (!refererIsMe(true === $queryless_referrer_comparison)) {
             // Ensure that the redirecting page is not also the referrer.
             $url = getenv('HTTP_REFERER');
@@ -888 +889 @@
         if ('' != $url && is_string($url)) {
             // Delete any boomerang request keys in the query string.
-            $url = preg_replace('/boomerang=[\w]+/', '', $url);
+            $url = preg_replace('/[&?]?boomerang=[\w]+/', '', $url);
 
             if (isset($_SESSION['_app'][$this->_ns]['boomerang']['url']) && is_array($_SESSION['_app'][$this->_ns]['boomerang']['url']) && !empty($_SESSION['_app'][$this->_ns]['boomerang']['url'])) {
@@ -999 +1000 @@
         }
         if ($boomerang_time >= (time() - 2)) {
-            // Last boomerang direction was more than 2 seconds ago.
-            $this->logMsg(sprintf('validBoomerangURL(%s) not valid, boomerang_time too short: %s', $id, time() - $boomerang_time), LOG_DEBUG, __FILE__, __LINE__);
+            // Last boomerang direction was less than 2 seconds ago.
+            $this->logMsg(sprintf('validBoomerangURL(%s) not valid, boomerang_time too short: %s seconds', $id, time() - $boomerang_time), LOG_DEBUG, __FILE__, __LINE__);
             return false;
         }

trunk/lib/Auth_SQL.inc.php

@@ -444 +444 @@
 
             // Update the login counter table with this login access. Convert IP to binary.
+            // TODO: after MySQL 5.0.23 is released this query could benefit from INSERT DELAYED.
             $db->query("
                 INSERT INTO " . $this->_params['db_login_table'] . " (

trunk/lib/Prefs.inc.php

@@ -180 +180 @@
         }
         
+        // Set a persistent perference if...
+        // - there isn't a default.
+        // - the new value is different than the default
+        // - there is a previously existing pesistent key.
         if (!isset($_SESSION['_prefs'][$this->_ns]['defaults'][$key]) || $_SESSION['_prefs'][$this->_ns]['defaults'][$key] != $val || isset($_SESSION['_prefs'][$this->_ns]['persistent'][$key])) {
             $_SESSION['_prefs'][$this->_ns]['persistent'][$key] = $val;            
+            $app->logMsg(sprintf('Setting preference %s to %s', $key, $val), LOG_DEBUG, __FILE__, __LINE__);
+        } else {
+            $app->logMsg(sprintf('not setting %s to %s', $key, $val), LOG_DEBUG, __FILE__, __LINE__);
         }
     }
@@ -347 +354 @@
         $this->initDB();
 
-        if (isset($_SESSION['_prefs'][$this->_ns]['persistent']) && is_array($_SESSION['_prefs'][$this->_ns]['persistent'])) {
+        if (isset($_SESSION['_prefs'][$this->_ns]['persistent']) && is_array($_SESSION['_prefs'][$this->_ns]['persistent']) && !empty($_SESSION['_prefs'][$this->_ns]['persistent'])) {
             // Delete old prefs from database.
             $db->query("
@@ -365 +372 @@
                 );
             }
+            // TODO: after MySQL 5.0.23 is released this query could benefit from INSERT DELAYED.
             $db->query("
-                INSERT LOW_PRIORITY INTO " . $db->escapeString($this->getParam('db_table')) . " 
+                INSERT INTO " . $db->escapeString($this->getParam('db_table')) . " 
                 (user_id, pref_namespace, pref_key, pref_value)
                 VALUES " . join(', ', $insert_values) . "

trunk/lib/Utilities.inc.php

@@ -595 +595 @@
  * @access  public
  * @param   string  $val    The string to sign.
- * @param   string  $seed_key   (Optional) A text key to use for computing the signature.
+ * @param   string  $salt   (Optional) A text key to use for computing the signature.
  * @return  string  The original value with a signature appended.
  */
-function addSignature($val, $seed_key=null)
-{
-    $app =& App::getInstance();
-    
-    if ('' == $val) {
-        $app->logMsg(sprintf('Adding signature to empty string.', null), LOG_NOTICE, __FILE__, __LINE__);
-    }
-
-    if (!isset($seed_key)) {
-        $seed_key = $app->getParam('signing_key');
-    }
-
-    return $val . '-' . substr(md5($val . $seed_key), 0, 18);
+function addSignature($val, $salt=null)
+{
+    $app =& App::getInstance();
+    
+    if ('' == trim($val)) {
+        $app->logMsg(sprintf('Cannot add signature to an empty string.', null), LOG_DEBUG, __FILE__, __LINE__);
+        return '';
+    }
+
+    if (!isset($salt)) {
+        $salt = $app->getParam('signing_key');
+    }
+
+    return $val . '-' . substr(md5($salt . md5($val . $salt)), 0, 18);
 }
 
@@ -631 +632 @@
  * @access  public
  * @param   string  $signed_val A value with appended signature.
- * @param   string  $seed_key       (Optional) A text key to use for computing the signature.
+ * @param   string  $salt       (Optional) A text key to use for computing the signature.
  * @return  bool    True if the signature matches the var.
  */
-function verifySignature($signed_val, $seed_key=null)
+function verifySignature($signed_val, $salt=null)
 {
     // Strip the value from the signed value.
     $val = removeSignature($signed_val);
     // If the signed value matches the original signed value we consider the value safe.
-    if ($signed_val == addSignature($val, $seed_key)) {
+    if ($signed_val == addSignature($val, $salt)) {
         // Signature verified.
         return true;
@@ -716 +717 @@
         return false;
     }
-}
-
-/**
- * If the given $url is on the same web site, return true. This can be used to
- * prevent from sending sensitive info in a get query (like the SID) to another
- * domain.
- *
- * @param  string $url    the URI to test.
- * @return bool True if given $url is this domain or has no domain (is a relative url), false if it's another.
- */
-function isMyDomain($url)
-{
-    static $urls = array();
-
-    if (!isset($urls[$url])) {
-        if (!preg_match('|\w{1,}\.\w{2,5}/|', $url)) {
-            // If we can't find a domain we assume the URL is relative.
-            $urls[$url] = true;
-        } else {
-            $urls[$url] = preg_match('/' . preg_quote(getenv('HTTP_HOST')) . '/', $url);
-        }
-    }
-    return $urls[$url];
-}
-
-/**
- * Takes a URL and returns it without the query or anchor portion
- *
- * @param  string $url   any kind of URI
- * @return string        the URI with ? or # and everything after removed
- */
-function stripQuery($url)
-{
-    return preg_replace('![?#].*!', '', $url);
 }
 
@@ -810 +777 @@
 
 /**
+ * If the given $url is on the same web site, return true. This can be used to
+ * prevent from sending sensitive info in a get query (like the SID) to another
+ * domain.
+ *
+ * @param  string $url    the URI to test.
+ * @return bool True if given $url is our domain or has no domain (is a relative url), false if it's another.
+ */
+function isMyDomain($url)
+{
+    static $urls = array();
+
+    if (!isset($urls[$url])) {
+        if (!preg_match('|https?://[\w.]+/|', $url)) {
+            // If we can't find a domain we assume the URL is local (i.e. "/my/url/path/" or "../img/file.jpg").
+            $urls[$url] = true;
+        } else {
+            $urls[$url] = preg_match('|https?://[\w.]*' . preg_quote(getenv('HTTP_HOST'), '|') . '|i', $url);
+        }
+    }
+    return $urls[$url];
+}
+
+/**
+ * Takes a URL and returns it without the query or anchor portion
+ *
+ * @param  string $url   any kind of URI
+ * @return string        the URI with ? or # and everything after removed
+ */
+function stripQuery($url)
+{
+    return preg_replace('![?#].*!', '', $url);
+}
+
+/**
  * Returns a fully qualified URL to the current script, including the query.
  *
@@ -823 +824 @@
  * Compares the current url with the referring url.
  *
- * @param  string  $compary_query  Include the query string in the comparison.
- * @return bool    true if the current script (or specified valid_referer)
- *                 is the referrer. false otherwise.
+ * @param  bool $exclude_query  Remove the query string first before comparing.
+ * @return bool                 True if the current URL is the same as the refering URL, false otherwise.
  */
 function refererIsMe($exclude_query=false)

trunk/lib/Version.inc.php

@@ -185 +185 @@
 
         // Save as new version.
+        // TODO: after MySQL 5.0.23 is released this query could benefit from INSERT DELAYED.
         $db->query("
             INSERT INTO " . $db->escapeString($this->getParam('db_table')) . " (

trunk/services/admins.php

@@ -405 +405 @@
 
     // Create version.
-    $version = Version::getInstance($GLOBALS['auth']);
+    $version = Version::getInstance($auth);
     $version->create('admin_tbl', 'admin_id', $last_insert_id, $frm['username']);
 
@@ -449 +449 @@
 
     // Create version.
-    $version = Version::getInstance($GLOBALS['auth']);
+    $version = Version::getInstance($auth);
     $version->create('admin_tbl', 'admin_id', $frm['admin_id'], $frm['username']);
 

trunk/services/lock.php

@@ -42 +42 @@
 
 // Titles and navigation header.
-$nav->addPage(sprintf(_("Locked record: %s"), $lock->getTitle()));
+$nav->addPage(sprintf(_("Locked record: <em>%s</em>"), $lock->getTitle()));
 
 // Templates.

trunk/services/versions.php

@@ -17 +17 @@
  *****************************************************************************/
 
-$version = Version::getInstance($GLOBALS['auth']);
+$version = Version::getInstance($auth);
 
 // Query arguments to retain their values between page requests.