[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fmsystem-commits] [14879] Merge 14876:14878 from trunk
From: |
Sigurd Nes |
Subject: |
[Fmsystem-commits] [14879] Merge 14876:14878 from trunk |
Date: |
Thu, 31 Mar 2016 10:57:07 +0000 |
Revision: 14879
http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=14879
Author: sigurdne
Date: 2016-03-31 10:57:07 +0000 (Thu, 31 Mar 2016)
Log Message:
-----------
Merge 14876:14878 from trunk
Modified Paths:
--------------
branches/Version-2_0-branch/home.php
branches/Version-2_0-branch/phpgwapi/inc/class.phpgw.inc.php
branches/Version-2_0-branch/phpgwapi/inc/class.sessions.inc.php
branches/Version-2_0-branch/phpgwapi/templates/portico/navbar.inc.php
branches/Version-2_0-branch/phpgwapi/templates/pure/navbar.inc.php
Property Changed:
----------------
branches/Version-2_0-branch/
Property changes on: branches/Version-2_0-branch
___________________________________________________________________
Modified: svn:mergeinfo
- /branches/dev-syncromind:13653
/branches/stavangerkommune:12743-12875,12986
/trunk:14721-14732,14734-14735,14737,14739,14741,14743-14744,14746-14749,14751,14753,14755-14757,14759,14761-14764,14766-14768,14770-14783,14785-14792,14794-14813,14815-14816,14818,14820-14822,14824-14825,14827-14829,14831-14834,14836,14838,14840-14842,14844-14845,14847,14849-14866,14868-14869,14871,14873-14875
+ /branches/dev-syncromind:13653
/branches/stavangerkommune:12743-12875,12986
/trunk:14721-14732,14734-14735,14737,14739,14741,14743-14744,14746-14749,14751,14753,14755-14757,14759,14761-14764,14766-14768,14770-14783,14785-14792,14794-14813,14815-14816,14818,14820-14822,14824-14825,14827-14829,14831-14834,14836,14838,14840-14842,14844-14845,14847,14849-14866,14868-14869,14871,14873-14875,14877-14878
Modified: branches/Version-2_0-branch/home.php
===================================================================
--- branches/Version-2_0-branch/home.php 2016-03-31 10:55:40 UTC (rev
14878)
+++ branches/Version-2_0-branch/home.php 2016-03-31 10:57:07 UTC (rev
14879)
@@ -39,7 +39,7 @@
if (preg_match('/phpgw_/', $name) && ($name !=
'phpgw_forward'))
{
$name = substr($name, 6); // cut 'phpgw_'
- $extra_vars[$name] = $value;
+ $extra_vars[$name] = phpgw::clean_value($value);
}
}
Modified: branches/Version-2_0-branch/phpgwapi/inc/class.phpgw.inc.php
===================================================================
--- branches/Version-2_0-branch/phpgwapi/inc/class.phpgw.inc.php
2016-03-31 10:55:40 UTC (rev 14878)
+++ branches/Version-2_0-branch/phpgwapi/inc/class.phpgw.inc.php
2016-03-31 10:57:07 UTC (rev 14879)
@@ -462,7 +462,7 @@
default:
$value = filter_var($value,
FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
$value =
htmlspecialchars($value, ENT_QUOTES, 'UTF-8');
- $value = str_replace(array('(',
')', ';', '=', '-'),array('(', ')', ';', '=','−'),
$value); // prevent SQL-injection
+ $value = str_replace(array('(',
')', ';', '=', '--'),array('(', ')', ';',
'=','−−'), $value); // prevent SQL-injection
break;
case 'boolean':
@@ -529,7 +529,7 @@
$filtered = filter_var($value,
FILTER_VALIDATE_IP);
if ( $filtered == $value )
{
- return
$filtered;
+ return $filtered;
}
// make the default sane
@@ -545,7 +545,7 @@
$filtered = filter_var($value,
FILTER_VALIDATE_REGEXP, $regex);
if ( $filtered == $value )
{
- return
$filtered;
+ return $filtered;
}
return (string) $default;
@@ -553,11 +553,14 @@
$filtered = filter_var($value,
FILTER_VALIDATE_URL);
if ( $filtered == $value )
{
- if ($filtered) {
+ if ($filtered)
+ {
return
$filtered;
- } else {
- return $value;
- }
+ }
+ else
+ {
+ return $value;
+ }
}
return (string) $default;
Modified: branches/Version-2_0-branch/phpgwapi/inc/class.sessions.inc.php
===================================================================
--- branches/Version-2_0-branch/phpgwapi/inc/class.sessions.inc.php
2016-03-31 10:55:40 UTC (rev 14878)
+++ branches/Version-2_0-branch/phpgwapi/inc/class.sessions.inc.php
2016-03-31 10:57:07 UTC (rev 14879)
@@ -892,13 +892,19 @@
*/
public function read_session($sessionid)
{
+/*
if($sessionid)
{
session_id($sessionid);
}
-
+*/
session_start();
+ if(!session_id() == $sessionid)
+ {
+ return array();
+ }
+
if ( isset($_SESSION['phpgw_session']) &&
is_array($_SESSION['phpgw_session']) )
{
return $_SESSION['phpgw_session'];
@@ -1121,6 +1127,10 @@
$this->_sessionid = $sessionid;
$session = $this->read_session($sessionid);
+ if(!$session)
+ {
+ return false;
+ }
$this->_session_flags = $session['session_flags'];
$lid_data = explode('#', $session['session_lid']);
Modified: branches/Version-2_0-branch/phpgwapi/templates/portico/navbar.inc.php
===================================================================
--- branches/Version-2_0-branch/phpgwapi/templates/portico/navbar.inc.php
2016-03-31 10:55:40 UTC (rev 14878)
+++ branches/Version-2_0-branch/phpgwapi/templates/portico/navbar.inc.php
2016-03-31 10:57:07 UTC (rev 14879)
@@ -9,10 +9,15 @@
}
$user = $GLOBALS['phpgw']->accounts->get(
$GLOBALS['phpgw_info']['user']['id'] );
+ $extra_vars = array();
+ foreach($_GET as $name => $value)
+ {
+ $extra_vars[$name] = phpgw::clean_value($value);
+ }
$var = array
(
- 'print_url' =>
strpos($_SERVER['REQUEST_URI'], '?') ?
"{$_SERVER['REQUEST_URI']}&phpgw_return_as=noframes" :
"{$_SERVER['REQUEST_URI']}?phpgw_return_as=noframes",
+ 'print_url' => "{$_SERVER['PHP_SELF']}?" .
http_build_query(array_merge($extra_vars, array('phpgw_return_as' =>
'noframes'))),
'print_text' => lang('print'),
'home_url' =>
$GLOBALS['phpgw']->link('/home.php'),
'home_text' => lang('home'),
@@ -83,7 +88,7 @@
$current_url = array
(
'id' => $flags['menu_selection'],
- 'url' => phpgw::get_var('REQUEST_URI', 'string',
'SERVER'),
+ 'url' => "{$_SERVER['PHP_SELF']}?" .
http_build_query($extra_vars),
'name' => $var['current_app_title']
);
$breadcrumbs =
phpgwapi_cache::session_get('phpgwapi','breadcrumbs');
Modified: branches/Version-2_0-branch/phpgwapi/templates/pure/navbar.inc.php
===================================================================
--- branches/Version-2_0-branch/phpgwapi/templates/pure/navbar.inc.php
2016-03-31 10:55:40 UTC (rev 14878)
+++ branches/Version-2_0-branch/phpgwapi/templates/pure/navbar.inc.php
2016-03-31 10:57:07 UTC (rev 14879)
@@ -21,8 +21,14 @@
'webserver_url' =>
$GLOBALS['phpgw_info']['server']['webserver_url']
);
+ $extra_vars = array();
+ foreach($_GET as $name => $value)
+ {
+ $extra_vars[$name] = phpgw::clean_value($value);
+ }
+
+ $print_url = "{$_SERVER['PHP_SELF']}?" .
http_build_query(array_merge($extra_vars, array('phpgw_return_as' =>
'noframes')));
$user_fullname = $user->__toString();
- $print_url = strpos($_SERVER['REQUEST_URI'], '?')
? "{$_SERVER['REQUEST_URI']}&phpgw_return_as=noframes" :
"{$_SERVER['REQUEST_URI']}?phpgw_return_as=noframes";
$print_text = lang('print');
$home_url = $GLOBALS['phpgw']->link('/home.php');
$home_text = lang('home');
@@ -126,7 +132,7 @@
$current_url = array
(
'id' => $flags['menu_selection'],
- 'url' => phpgw::get_var('REQUEST_URI', 'string',
'SERVER'),
+ 'url' => "{$_SERVER['PHP_SELF']}?" .
http_build_query($extra_vars),
'name' => $var['current_app_title']
);
$breadcrumbs =
phpgwapi_cache::session_get('phpgwapi','breadcrumbs');
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Fmsystem-commits] [14879] Merge 14876:14878 from trunk,
Sigurd Nes <=