Xibo

Merge lp://staging/~dangarner/xibo/401192 into lp://staging/xibo/1.0

  1. 401192
  2. Merge into halley
Proposed by Dan Garner
Status: Merged
Merged at revision: not available
Proposed branch: lp://staging/~dangarner/xibo/401192
Merge into: lp://staging/xibo/1.0
Diff against target: None lines
To merge this branch: bzr merge lp://staging/~dangarner/xibo/401192
Reviewer Review Type Date Requested Status
Xibo Maintainters Pending
Review via email: mp+9000@code.staging.launchpad.net
To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'client/dotNET/Rss.cs'
2--- client/dotNET/Rss.cs 2009-06-20 10:39:40 +0000
3+++ client/dotNET/Rss.cs 2009-07-18 20:46:00 +0000
4@@ -343,7 +343,7 @@
5 textWrap = String.Format("width: {0}px;", this.width - 50);
6 }
7
8- textRender += string.Format("<div id='text' style='position:relative;overflow:hidden;width:{0}px; height:{1}px;'>", this.width, this.height);
9+ textRender += string.Format("<div id='text' style='position:relative;overflow:hidden;width:{0}px; height:{1}px;'>", this.width - 10, this.height);
10 textRender += string.Format("<div id='innerText' style='position:absolute; left: 0px; top: 0px; {0}'>{1}</div></div>", textWrap, documentText);
11
12 htmlDoc.Body.InnerHtml = textRender;
13
14=== modified file 'client/dotNET/Text.cs'
15--- client/dotNET/Text.cs 2009-06-20 10:39:40 +0000
16+++ client/dotNET/Text.cs 2009-07-18 20:46:00 +0000
17@@ -93,7 +93,7 @@
18 String textWrap = "";
19 if (direction == "left" || direction == "right") textWrap = "white-space: nowrap";
20
21- textRender += string.Format("<div id='text' style='position:relative;overflow:hidden;width:{0}; height:{1};'>", this.width, this.height);
22+ textRender += string.Format("<div id='text' style='position:relative;overflow:hidden;width:{0}; height:{1};'>", this.width - 10, this.height);
23 textRender += string.Format("<div id='innerText' style='position:absolute; left: 0px; top: 0px; {0}'>{1}</div></div>", textWrap, documentText);
24
25 htmlDoc.Body.InnerHtml = textRender;
26
27=== modified file 'client/dotNET/bin/Release/XiboClient.XmlSerializers.dll'
28Binary files client/dotNET/bin/Release/XiboClient.XmlSerializers.dll 2009-06-20 10:39:40 +0000 and client/dotNET/bin/Release/XiboClient.XmlSerializers.dll 2009-07-18 20:46:00 +0000 differ
29=== modified file 'client/dotNET/bin/Release/XiboClient.exe'
30Binary files client/dotNET/bin/Release/XiboClient.exe 2009-06-20 10:39:40 +0000 and client/dotNET/bin/Release/XiboClient.exe 2009-07-18 20:46:00 +0000 differ
31=== modified file 'client/dotNET/bin/Release/XiboClient.pdb'
32Binary files client/dotNET/bin/Release/XiboClient.pdb 2009-06-20 10:39:40 +0000 and client/dotNET/bin/Release/XiboClient.pdb 2009-07-18 20:46:00 +0000 differ
33=== modified file 'server/lib/app/session.class.php'
34--- server/lib/app/session.class.php 2008-12-19 22:10:39 +0000
35+++ server/lib/app/session.class.php 2009-07-07 20:01:49 +0000
36@@ -29,7 +29,8 @@
37
38 public $isExpired = 1;
39
40- function __construct(database $db) {
41+ function __construct(database $db)
42+ {
43 $this->db =& $db;
44
45 session_set_save_handler(array(&$this, 'open'),
46@@ -64,38 +65,27 @@
47 {
48 $db =& $this->db;
49
50- $userAgent = $_SERVER['HTTP_USER_AGENT'];
51- $remoteAddr = $_SERVER['REMOTE_ADDR'];
52+ $userAgent = Kit::GetParam('HTTP_USER_AGENT', $_SERVER, _STRING, 'No user agent');
53+ $remoteAddr = Kit::GetParam('REMOTE_ADDR', $_SERVER, _STRING);
54+ $securityToken = Kit::GetParam('SecurityToken', _POST, _STRING, null);
55
56 $this->key = $key;
57 $newExp = time() + $this->max_lifetime;
58
59 $this->gc($this->max_lifetime);
60
61- if(isset($_POST['SecurityToken']))
62- {
63- $securityToken = validate($_POST['SecurityToken']);
64-
65- if (!$securityToken)
66- {
67- log_entry($db, "error", "Invalid Security Token");
68- $securityToken = null;
69- }
70- }
71- else
72- {
73- $securityToken = null;
74- }
75-
76+ // Get this session
77 $SQL = " SELECT session_data, IsExpired, SecurityToken FROM session ";
78- $SQL .= " WHERE session_id = '$key' ";
79- $SQL .= " AND RemoteAddr = '$remoteAddr' ";
80-
81- if (!$result = $db->query($SQL));
82+ $SQL .= " WHERE session_id = '%s' ";
83+ $SQL .= " AND UserAgent = '%s' ";
84+
85+ $SQL = sprintf($SQL, $db->escape_string($key), $db->escape_string($userAgent));
86+
87+ $result = $db->query($SQL);
88
89 if ($db->num_rows($result) != 0)
90 {
91-
92+ // Get the row
93 $row = $db->get_row($result);
94
95 // We have the Key and the Remote Address.
96@@ -109,10 +99,10 @@
97 // We have a security token, so dont require a login
98 $this->isExpired = 0;
99
100- if (!$db->query("UPDATE session SET session_expiration = $newExp, isExpired = 0 WHERE session_id = '$key' "))
101+ if (!$db->query(sprintf("UPDATE session SET session_expiration = $newExp, isExpired = 0 WHERE session_id = '%s' ", $db->escape_string($key))))
102 {
103 log_entry($db, "error", $db->error());
104- }
105+ }
106 }
107 else
108 {
109@@ -123,49 +113,55 @@
110 }
111
112 // Either way - update this SESSION so that the security token is NULL
113- $db->query("UPDATE session SET SecurityToken = NULL WHERE session_id = '$key' ");
114+ $db->query(sprintf("UPDATE session SET SecurityToken = NULL WHERE session_id = '%s' ", $db->escape_string($key)));
115
116 return($row[0]);
117 }
118- else {
119+ else
120+ {
121 $empty = '';
122 return settype($empty, "string");
123 }
124 }
125
126- function write($key, $val) {
127-
128- $db =& $this->db;
129-
130- $val = addslashes($val);
131+ function write($key, $val)
132+ {
133+ $db =& $this->db;
134
135 $newExp = time() + $this->max_lifetime;
136 $lastaccessed = date("Y-m-d H:i:s");
137- $userAgent = $_SERVER['HTTP_USER_AGENT'];
138- $remoteAddr = $_SERVER['REMOTE_ADDR'];
139+ $userAgent = Kit::GetParam('HTTP_USER_AGENT', $_SERVER, _STRING, 'No user agent');
140+ $remoteAddr = Kit::GetParam('REMOTE_ADDR', $_SERVER, _STRING);
141
142- $result = $db->query("SELECT session_id FROM session WHERE session_id = '$key'");
143+ $result = $db->query(sprintf("SELECT session_id FROM session WHERE session_id = '%s'", $db->escape_string($key)));
144
145 if ($db->num_rows($result) == 0)
146 {
147 //INSERT
148 $SQL = "INSERT INTO session (session_id, session_data, session_expiration, LastAccessed, LastPage, userID, IsExpired, UserAgent, RemoteAddr)
149- VALUES ('$key','$val',$newExp,'$lastaccessed','login', NULL, 0, '$userAgent', '$remoteAddr')";
150+ VALUES ('%s', '%s', %d, '%s', 'login', NULL, 0, '%s', '%s')";
151+
152+ $SQL = sprintf($SQL, $db->escape_string($key), $db->escape_string($val), $newExp, $db->escape_string($lastaccessed), $db->escape_string($userAgent), $db->escape_string($remoteAddr));
153 }
154 else
155 {
156 //UPDATE
157 $SQL = "UPDATE session SET ";
158- $SQL .= " session_data = '$val', ";
159- $SQL .= " session_expiration = '$newExp', ";
160- $SQL .= " lastaccessed = '$lastaccessed' ";
161- $SQL .= " WHERE session_id = '$key' ";
162+ $SQL .= " session_data = '%s', ";
163+ $SQL .= " session_expiration = %d, ";
164+ $SQL .= " lastaccessed = '%s', ";
165+ $SQL .= " RemoteAddr = '%s' ";
166+ $SQL .= " WHERE session_id = '%s' ";
167+
168+ $SQL = sprintf($SQL, $db->escape_string($val), $newExp, $db->escape_string($lastaccessed), $db->escape_string($remoteAddr), $db->escape_string($key));
169 }
170
171- if(!$db->query($SQL)) {
172+ if(!$db->query($SQL))
173+ {
174 log_entry($db, "error", $db->error());
175 return(false);
176 }
177+
178 return true;
179 }
180
181@@ -173,7 +169,7 @@
182 {
183 $db =& $this->db;
184
185- $SQL = "UPDATE session SET IsExpired = 1 WHERE session_id = '$key'";
186+ $SQL = sprintf("UPDATE session SET IsExpired = 1 WHERE session_id = '%s'", $db->escape_string($key));
187
188 $result = $db->query("$SQL");
189
190@@ -193,26 +189,32 @@
191 {
192 $db =& $this->db;
193
194- $SQL = "UPDATE session SET userID = $userid WHERE session_id = '$key' ";
195+ $SQL = sprintf("UPDATE session SET userID = %d WHERE session_id = '%s' ",$userid, $db->escape_string($key));
196
197- if(!$db->query($SQL)) {
198+ if(!$db->query($SQL))
199+ {
200 trigger_error($db->error(), E_USER_NOTICE);
201 return(false);
202 }
203 return true;
204 }
205
206- // Update the session (after login)
207- static function RegenerateSessionID()
208+ /**
209+ * Updates the session ID with a new one
210+ * @return
211+ */
212+ public function RegenerateSessionID($oldSessionID)
213 {
214- $old_sess_id = session_id();
215+ $db =& $this->db;
216
217 session_regenerate_id(false);
218
219 $new_sess_id = session_id();
220+
221+ $this->key = $new_sess_id;
222
223- $query = "UPDATE `session` SET `session_id` = '$new_sess_id' WHERE session_id = '$old_sess_id'";
224- mysql_query($query);
225+ $query = sprintf("UPDATE session SET session_id = '%s' WHERE session_id = '%s'", $db->escape_string($new_sess_id), $db->escape_string($oldSessionID));
226+ $db->query($query);
227 }
228
229 function set_page($key, $lastpage)
230@@ -221,9 +223,10 @@
231
232 $_SESSION['pagename'] = $lastpage;
233
234- $SQL = "UPDATE session SET LastPage = '$lastpage' WHERE session_id = '$key' ";
235+ $SQL = sprintf("UPDATE session SET LastPage = '%s' WHERE session_id = '%s' ", $db->escape_string($lastpage), $db->escape_string($key));
236
237- if(!$db->query($SQL)) {
238+ if(!$db->query($SQL))
239+ {
240 trigger_error($db->error(), E_USER_NOTICE);
241 return(false);
242 }
243@@ -236,7 +239,7 @@
244
245 $this->isExpired = $isExpired;
246
247- $SQL = "UPDATE session SET IsExpired = $this->isExpired WHERE session_id = '$this->key'";
248+ $SQL = sprintf("UPDATE session SET IsExpired = $this->isExpired WHERE session_id = '%s'", $db->escape_string($this->key));
249
250 if (!$db->query($SQL))
251 {
252@@ -248,7 +251,7 @@
253 {
254 $db =& $this->db;
255
256- $SQL = "UPDATE session SET securityToken = '$token' WHERE session_id = '$this->key'";
257+ $SQL = sprintf("UPDATE session SET securityToken = '%s' WHERE session_id = '%s'", $db->escape_string($token), $db->escape_string($this->key));
258
259 if (!$db->query($SQL))
260 {
261
262=== modified file 'server/lib/pages/report.class.php'
263--- server/lib/pages/report.class.php 2009-03-13 10:10:07 +0000
264+++ server/lib/pages/report.class.php 2009-07-07 19:44:46 +0000
265@@ -210,9 +210,7 @@
266 <td>$ip</td>
267 <td>$browser</td>
268 <td>
269- <div class="buttons">
270- <a class="neutral" href="index.php?p=report&q=ConfirmLogout&userid=$userID" onclick="return init_button(this,'Logout User', exec_filter_callback, set_form_size(450,150))"><span>Logout</span></a>
271- </div>
272+ <button class="XiboFormButton" href="index.php?p=report&q=ConfirmLogout&userid=$userID"><span>Logout</span></a>
273 </td>
274 </tr>
275 END;
276@@ -234,14 +232,15 @@
277 $userID = Kit::GetParam('userid', _GET, _INT);
278
279 $form = <<<END
280- <form class="dialog_form" method="post" action="index.php?p=report&q=LogoutUser">
281+ <form class="XiboForm" method="post" action="index.php?p=report&q=LogoutUser">
282 <input type="hidden" name="userid" value="userid" />
283 <p>Are you sure you want to logout this user?</p>
284 <input type="submit" value="Yes">
285 <input type="submit" value="No" onclick="$('#div_dialog').dialog('close');return false; ">
286 </form>
287 END;
288- $arh->SetFormSubmitResponse($form);
289+
290+ $arh->SetFormRequestResponse($form, 'Logout User', '450px', '300px');
291 $arh->Respond();
292 }
293
294
295=== modified file 'server/modules/module_user_general.php'
296--- server/modules/module_user_general.php 2009-03-25 19:36:36 +0000
297+++ server/modules/module_user_general.php 2009-07-07 20:01:49 +0000
298@@ -89,8 +89,6 @@
299
300 $sql = sprintf("SELECT UserID, UserName, UserPassword, usertypeid, groupID FROM user WHERE UserName = '%s' AND UserPassword = '%s'", $db->escape_string($username), $db->escape_string($password));
301
302- Debug::LogEntry($db, 'audit', $sql);
303-
304 if(!$result = $db->query($sql)) trigger_error('A database error occurred while checking your login details.', E_USER_ERROR);
305
306 if ($db->num_rows($result)==0)
307@@ -122,6 +120,7 @@
308 $db->query($SQL) or trigger_error("Can not write last accessed info.", E_USER_ERROR);
309
310 $session->setIsExpired(0);
311+ $session->RegenerateSessionID(session_id());
312
313 return true;
314 }

Subscribers

People subscribed via source and target branches