[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gforge-commits] gforge/www/export forum.php, 1.1, 1.2 projhtml.php, 1.
|
From: |
tperdue |
|
Subject: |
[Gforge-commits] gforge/www/export forum.php, 1.1, 1.2 projhtml.php, 1.2, 1.3 projnews.php, 1.3, 1.4 projtitl.php, 1.1, 1.2 rss_sfnewreleases.php, 1.4, 1.5 rss_sfnews.php, 1.7, 1.8 tracker.php, 1.1, 1.2 |
|
Date: |
Wed, 05 May 2004 13:43:42 -0500 |
Update of /cvsroot/gforge/gforge/www/export
In directory db.perdue.net:/home/tperdue/share/dev.gforge.org/www/export
Modified Files:
forum.php projhtml.php projnews.php projtitl.php
rss_sfnewreleases.php rss_sfnews.php tracker.php
Log Message:
Adding Proper Checks And Limits to Proj Exports
Index: forum.php
===================================================================
RCS file: /cvsroot/gforge/gforge/www/export/forum.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- forum.php 29 Apr 2004 18:43:13 -0000 1.1
+++ forum.php 5 May 2004 18:43:36 -0000 1.2
@@ -1,4 +1,7 @@
<?php
+echo "Disabled Until Security Audited and Using Proper Accessor Functions";
+exit;
+
/**
*
* SourceForge Exports: Export project forums in RSS
Index: projhtml.php
===================================================================
RCS file: /cvsroot/gforge/gforge/www/export/projhtml.php,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- projhtml.php 29 Apr 2004 19:27:15 -0000 1.2
+++ projhtml.php 5 May 2004 18:43:36 -0000 1.3
@@ -1,28 +1,69 @@
<?php
/**
- *
- * SourceForge Exports: Export project summary page as HTML
- *
- *
- * SourceForge: Breaking Down the Barriers to Open Source Development
- * Copyright 1999-2001 (c) VA Linux Systems
- * http://sourceforge.net
- *
- * @version $Id$
- *
- */
+ * GForge Exports: Export project summary page as HTML
+ *
+ * Copyright 2004 (c) GForge LLC
+ *
+ * @version $Id$
+ * @author Tim Perdue address@hidden
+ * @date 2004-03-16
+ *
+ * This file is part of GForge.
+ *
+ * GForge is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GForge; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
require_once('pre.php');
require_once('project_summary.php');
$group_name=$_GET['group_name'];
$group_id=$_GET['group_id'];
+
+//
+// Get group object
+//
if ( $group_name ) {
$group =& group_get_object_by_name($group_name);
- if ( ! $group_id && $group ) $group_id=$group->getID();
+} else {
+ $group =& group_get_object($group_id);
}
-if ($group_id) echo project_summary($group_id,$mode,$no_table);
-else echo "No such group";
+if (!$group || !is_object($group)) {
+ exit_error('Error','Could Not Get Group');
+} elseif ($group->isError()) {
+ exit_error('Error','Group: '.$group->getErrorMessage());
+}
+
+//
+// Get the group_id from the object
+//
+if ( !$group_id ) {
+ $group_id=$group->getID();
+}
+
+//
+// Add checks to see if they have perms to view this
+//
+if (!$group->isPublic()) {
+ if (!session_loggedin()) {
+ exit_permission_denied();
+ } elseif (!user_ismember($group_id)) {
+ exit_permission_denied();
+ }
+}
+
+echo project_summary($group_id,$mode,$no_table);
?>
Index: projnews.php
===================================================================
RCS file: /cvsroot/gforge/gforge/www/export/projnews.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- projnews.php 29 Apr 2004 19:27:15 -0000 1.3
+++ projnews.php 5 May 2004 18:43:36 -0000 1.4
@@ -1,43 +1,82 @@
<?php
/**
- *
- * SourceForge Exports: Export project news as HTML
- *
- * Parameters:
- * group_id - group_id
- * limit - number of items to export
- * show_summaries - 0 to show only headlines, 1 to also show
- * summaries
- * flat - 1 to use minimal HTML formatting
- *
- *
- *
- * SourceForge: Breaking Down the Barriers to Open Source Development
- * Copyright 1999-2001 (c) VA Linux Systems
- * http://sourceforge.net
- *
- * @version $Id$
- *
- */
-
+ * SourceForge Exports: Export project news as HTML
+ *
+ * Parameters:
+ * group_id - group_id
+ * limit - number of items to export
+ * show_summaries - 0 to show only headlines, 1 to also show
+ * summaries
+ * flat - 1 to use minimal HTML formatting
+ *
+ * Copyright 2004 (c) GForge LLC
+ *
+ * @version $Id$
+ * @author Tim Perdue address@hidden
+ * @date 2004-03-16
+ *
+ * This file is part of GForge.
+ *
+ * GForge is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GForge; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
require_once('pre.php');
require_once('www/news/news_utils.php');
$group_name=$_GET['group_name'];
$group_id=$_GET['group_id'];
+
+//
+// Get group object
+//
if ( $group_name ) {
$group =& group_get_object_by_name($group_name);
- if ( ! $group_id && $group ) $group_id=$group->getID();
+} else {
+ $group =& group_get_object($group_id);
}
-if ($group_id) {
+if (!$group || !is_object($group)) {
+ exit_error('Error','Could Not Get Group');
+} elseif ($group->isError()) {
+ exit_error('Error','Group: '.$group->getErrorMessage());
+}
- if ($limit>20) $limit=20;
- echo $HTML->boxTop($Language->getText('group','long_news'));
- echo
news_show_latest($sys_news_group,$limit,$show_summaries,false,$flat);
- echo $HTML->boxBottom();
+//
+// Get the group_id from the object
+//
+if ( !$group_id ) {
+ $group_id=$group->getID();
+}
+//
+// Add checks to see if they have perms to view this
+//
+if (!$group->isPublic()) {
+ if (!session_loggedin()) {
+ exit_permission_denied();
+ } elseif (!user_ismember($group_id)) {
+ exit_permission_denied();
+ }
}
-else echo "No such group";
+
+if ($limit>20 || $limit < 1) {
+ $limit=20;
+}
+
+echo $HTML->boxTop($Language->getText('group','long_news'));
+echo news_show_latest($group_id,$limit,$show_summaries,false,$flat);
+echo $HTML->boxBottom();
+
?>
Index: projtitl.php
===================================================================
RCS file: /cvsroot/gforge/gforge/www/export/projtitl.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- projtitl.php 29 Apr 2004 19:27:15 -0000 1.1
+++ projtitl.php 5 May 2004 18:43:36 -0000 1.2
@@ -1,40 +1,79 @@
<?php
/**
- *
- * SourceForge Exports: Export project news as HTML
- *
- * Parameters:
- * group_id - group_id
- * limit - number of items to export
- * show_summaries - 0 to show only headlines, 1 to also show
- * summaries
- * flat - 1 to use minimal HTML formatting
- *
- *
- *
- * SourceForge: Breaking Down the Barriers to Open Source Development
- * Copyright 1999-2001 (c) VA Linux Systems
- * http://sourceforge.net
- *
- * @version $Id$
- *
- */
-
+ * GForge Exports: Export project news as HTML
+ *
+ * Parameters:
+ * group_id - group_id
+ * limit - number of items to export
+ * show_summaries - 0 to show only headlines, 1 to also show
+ * summaries
+ * flat - 1 to use minimal HTML formatting
+ *
+ * Copyright 2004 (c) GForge LLC
+ *
+ * @version $Id$
+ * @author Tim Perdue address@hidden
+ * @date 2004-03-16
+ *
+ * This file is part of GForge.
+ *
+ * GForge is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GForge; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
require_once('pre.php');
require_once('www/news/news_utils.php');
$group_name=$_GET['group_name'];
$group_id=$_GET['group_id'];
+
+//
+// Get group object
+//
if ( $group_name ) {
- $group =& group_get_object_by_name($group_name);
- if ( ! $group_id && $group ) $group_id=$group->getID();
+ $group =& group_get_object_by_name($group_name);
+} else {
+ $group =& group_get_object($group_id);
}
-if ($group) {
- echo '<h2>Welcome to '.$group->getPublicName().' project!</h2>
-<p>';
- echo $group->getDescription();
+if (!$group || !is_object($group)) {
+ exit_error('Error','Could Not Get Group');
+} elseif ($group->isError()) {
+ exit_error('Error','Group: '.$group->getErrorMessage());
}
-else echo "No such group";
+
+//
+// Get the group_id from the object
+//
+if ( !$group_id ) {
+ $group_id=$group->getID();
+}
+
+//
+// Add checks to see if they have perms to view this
+//
+if (!$group->isPublic()) {
+ if (!session_loggedin()) {
+ exit_permission_denied();
+ } elseif (!user_ismember($group_id)) {
+ exit_permission_denied();
+ }
+}
+
+echo '<h2>Welcome to '.$group->getPublicName().' project!</h2>
+<p>';
+
+echo $group->getDescription();
+
?>
Index: rss_sfnewreleases.php
===================================================================
RCS file: /cvsroot/gforge/gforge/www/export/rss_sfnewreleases.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- rss_sfnewreleases.php 9 Jan 2003 20:57:12 -0000 1.4
+++ rss_sfnewreleases.php 5 May 2004 18:43:36 -0000 1.5
@@ -21,8 +21,12 @@
<rss version="0.91">
';
// ## default limit
-if (!$limit) $limit = 10;
-if ($limit > 100) $limit = 100;
+if (!$limit < 1) {
+ $limit = 10;
+}
+if ($limit > 100) {
+ $limit = 100;
+}
$res=db_query("SELECT
groups.group_id,
@@ -38,6 +42,8 @@
groups
WHERE
news_bytes.group_id=groups.group_id
+ AND groups.status='A'
+ AND groups.is_public='A'
ORDER BY
date
DESC",($limit * 3));
Index: rss_sfnews.php
===================================================================
RCS file: /cvsroot/gforge/gforge/www/export/rss_sfnews.php,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- rss_sfnews.php 5 Mar 2004 21:35:35 -0000 1.7
+++ rss_sfnews.php 5 May 2004 18:43:36 -0000 1.8
@@ -21,17 +21,23 @@
<rss version="0.91">
';
// ## default limit
-if (!$limit or intval($limit) == 0) {
+if ($limit < 1) {
$limit = 10;
-} else {
- $limit = min(100, intval($limit));
+} elseif ($limit > 100) {
+ $limit = 100;
}
-$where_clause = " WHERE is_approved=1 ";
if ($group_id) {
- $where_clause = " where group_id=".intval($group_id);
+ $where_clause = " AND group_id='$group_id'";
}
-$sql = "SELECT forum_id,summary,post_date,details,group_id FROM news_bytes
".$where_clause." order by post_date desc";
+$sql = "SELECT forum_id,summary,post_date,details,group_id
+ FROM news_bytes, groups g
+ WHERE is_approved=1
+ AND news_bytes.group_id=g.group_id
+ AND g.is_public='1'
+ AND g.status='A'
+ $where_clause
+ order by post_date desc";
$res = db_query($sql, $limit);
// ## one time output
Index: tracker.php
===================================================================
RCS file: /cvsroot/gforge/gforge/www/export/tracker.php,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- tracker.php 29 Apr 2004 18:46:27 -0000 1.1
+++ tracker.php 5 May 2004 18:43:36 -0000 1.2
@@ -14,8 +14,6 @@
*
*/
-set_time_limit(0);
-
require_once('pre.php');
require_once('common/tracker/Artifact.class');
require_once('common/tracker/Artifacts.class');
@@ -39,20 +37,32 @@
// get the Group object
//
$group =& group_get_object($group_id);
- if (!$group || !is_object($group) || $group->isError()) {
- echo(" <error>Could not get the Group object</error>\n");
+ if (!$group || !is_object($group)) {
+ echo "<error>Could not get the Group object</error>\n";
+ } elseif ($group->isError()) {
+ echo(" <error>".$group->getErrorMessage()."</error>\n";
$errors = true;
}
//
+ // Add checks to see if they have perms to view this
+ //
+ if (!$group->isPublic()) {
+ if (!session_loggedin()) {
+ exit_permission_denied();
+ } elseif (!user_ismember($group_id)) {
+ exit_permission_denied();
+ }
+ }
+
+ //
// Create the ArtifactType object
//
$ath = new ArtifactType($group,$atid);
if (!$ath || !is_object($ath)) {
echo(" <error>ArtifactType could not be created</error>\n");
$errors = true;
- }
- if ($ath->isError()) {
+ } elseif ($ath->isError()) {
echo(' <error>' . $ath->getErrorMessage() . "</error>\n");
$errors = true;
}
@@ -168,7 +178,7 @@
<?php
}
} else {
- print(" <error>Group ID Not Set</error>\n");
+ print(" <error>Group ID Not Set</error>\n");
}
?>
</tracker>
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Gforge-commits] gforge/www/export forum.php, 1.1, 1.2 projhtml.php, 1.2, 1.3 projnews.php, 1.3, 1.4 projtitl.php, 1.1, 1.2 rss_sfnewreleases.php, 1.4, 1.5 rss_sfnews.php, 1.7, 1.8 tracker.php, 1.1, 1.2,
tperdue <=