Author: jfthomps
Date: Fri Dec 18 18:58:12 2015
New Revision: 1720840
URL: http://svn.apache.org/viewvc?rev=1720840&view=rev
Log:
VCL-908 - Image owner string is not validated when creating a new image
utils.php: modified validateUserid: added block to handle corner case where no
affiliation is passed in as part of $loginid, shibboleth only authentication is
being used for the default affiliation, ALLOWADDSHIBUSERS is set to 1, and
there is an @ in $loginid
Modified:
vcl/trunk/web/.ht-inc/utils.php
Modified: vcl/trunk/web/.ht-inc/utils.php
URL:
http://svn.apache.org/viewvc/vcl/trunk/web/.ht-inc/utils.php?rev=1720840&r1=1720839&r2=1720840&view=diff
==============================================================================
--- vcl/trunk/web/.ht-inc/utils.php (original)
+++ vcl/trunk/web/.ht-inc/utils.php Fri Dec 18 18:58:12 2015
@@ -981,6 +981,18 @@ function validateUserid($loginid) {
if(mysql_num_rows($qh))
return 1;
+ if($rc == 0 &&
+ ALLOWADDSHIBUSERS == 1 &&
+ strpos($loginid, '@')) {
+ $query = "SELECT shibonly "
+ . "FROM affiliation "
+ . "WHERE id = " . DEFAULT_AFFILID;
+ $qh = doQuery($query);
+ $row = mysql_fetch_assoc($qh);
+ if($row['shibonly'] == 1)
+ return 0;
+ }
+
$valfunc = $affilValFunc[$affilid];
if(array_key_exists($affilid, $affilValFuncArgs))
return $valfunc($affilValFuncArgs[$affilid], $loginid);
