This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".
The branch, master has been updated
via 960bc2658bf28df5741c24b8de8f0492ffe51266 (commit)
via d4e50ec9e358207eafad2b68238cc9eca462a05f (commit)
via 1a807903b43322c06ceb50f833d379f66002f7e7 (commit)
from df33aae024b71d15ae35363aa941db872f228fb2 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=960bc2658bf28df5741c24b8de8f0492ffe51266
commit 960bc2658bf28df5741c24b8de8f0492ffe51266
Author: Franck Villaume <[email protected]>
Date: Sun Oct 2 18:36:40 2016 +0200
html_e is already encoding the values. no need to encode them before
diff --git a/src/plugins/authbuiltin/common/AuthBuiltinPlugin.class.php
b/src/plugins/authbuiltin/common/AuthBuiltinPlugin.class.php
index 9c14e3f..2fc7bd2 100644
--- a/src/plugins/authbuiltin/common/AuthBuiltinPlugin.class.php
+++ b/src/plugins/authbuiltin/common/AuthBuiltinPlugin.class.php
@@ -70,7 +70,7 @@ class AuthBuiltinPlugin extends ForgeAuthPlugin {
$result .= html_e('p', array(), _('Cookies must be enabled past
this point.'), false);
$result .= $HTML->openForm(array('action' =>
'/plugins/'.$this->name.'/post-login.php', 'method' => 'post'));
$result .= html_e('input', array('type' => 'hidden', 'name' =>
'form_key', 'value' => form_generate_key()));
- $result .= html_e('input', array('type' => 'hidden', 'name' =>
'return_to', 'value' => htmlspecialchars(stripslashes($return_to))));
+ $result .= html_e('input', array('type' => 'hidden', 'name' =>
'return_to', 'value' => $return_to));
$result .= html_ao('p');
if (forge_get_config('require_unique_email')) {
$result .= _('Login name or email address')._(':');
diff --git a/src/plugins/authldap/common/AuthLDAPPlugin.class.php
b/src/plugins/authldap/common/AuthLDAPPlugin.class.php
index 4f252ff..e432954 100644
--- a/src/plugins/authldap/common/AuthLDAPPlugin.class.php
+++ b/src/plugins/authldap/common/AuthLDAPPlugin.class.php
@@ -210,7 +210,7 @@ into the FusionForge database.");
$result .= html_e('p', array(), _('Cookies must be enabled past
this point.'));
$result .= $HTML->openForm(array('action' =>
'/plugins/'.$this->name.'/post-login.php', 'method' => 'post'));
$result .= html_e('input', array('type' => 'hidden', 'name' =>
'form_key', 'value' => form_generate_key()));
- $result .= html_e('input', array('type' => 'hidden', 'name' =>
'return_to', 'value' => htmlspecialchars(stripslashes($return_to))));
+ $result .= html_e('input', array('type' => 'hidden', 'name' =>
'return_to', 'value' => $return_to));
$result .= html_e('p', array(), _('Login Name')._(':').
html_e('br').html_e('input',
array('type' => 'text', 'name' => 'form_loginname', 'value' =>
htmlspecialchars(stripslashes($loginname)), 'required' => 'required')));
$result .= html_e('p', array(), _('Password')._(':').
https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=d4e50ec9e358207eafad2b68238cc9eca462a05f
commit d4e50ec9e358207eafad2b68238cc9eca462a05f
Author: Franck Villaume <[email protected]>
Date: Sun Oct 2 18:35:51 2016 +0200
use validate_return_to function
diff --git a/src/plugins/authbuiltin/www/post-login.php
b/src/plugins/authbuiltin/www/post-login.php
index fde37c5..2138135 100644
--- a/src/plugins/authbuiltin/www/post-login.php
+++ b/src/plugins/authbuiltin/www/post-login.php
@@ -55,20 +55,7 @@ if (session_loggedin()) {
//
// Validate return_to
//
-if ($return_to) {
- $tmpreturn = explode('?',$return_to);
- $rtpath = $tmpreturn[0];
-
- if (@is_file(forge_get_config('url_root').$rtpath)
- || @is_dir(forge_get_config('url_root').$rtpath)
- || (strpos($rtpath,'/projects') == 0)
- || (strpos($rtpath,'/plugins/mediawiki') == 0)) {
- $newrt = $return_to;
- } else {
- $newrt = '/';
- }
- $return_to = $newrt;
-}
+validate_return_to($return_to);
if (forge_get_config('use_ssl') && !session_issecure()) {
//force use of SSL for login
https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=1a807903b43322c06ceb50f833d379f66002f7e7
commit 1a807903b43322c06ceb50f833d379f66002f7e7
Author: Franck Villaume <[email protected]>
Date: Sun Oct 2 18:34:25 2016 +0200
remove useless code
diff --git a/src/common/include/session.php b/src/common/include/session.php
index 9bd3e38..e79bf20 100644
--- a/src/common/include/session.php
+++ b/src/common/include/session.php
@@ -391,9 +391,7 @@ function session_redirect_uri($loc, $permanent=true) {
* @param string $loc Absolute path within the site
*/
function session_redirect($loc, $permanent=true) {
- util_save_messages();
session_redirect_uri(util_make_url($loc), $permanent);
- exit;
}
/**
@@ -403,7 +401,6 @@ function session_redirect($loc, $permanent=true) {
* @return never returns
*/
function session_redirect_external($url) {
- util_save_messages();
session_redirect_uri($url, false);
}
-----------------------------------------------------------------------
Summary of changes:
src/common/include/session.php | 3 ---
.../authbuiltin/common/AuthBuiltinPlugin.class.php | 2 +-
src/plugins/authbuiltin/www/post-login.php | 15 +--------------
src/plugins/authldap/common/AuthLDAPPlugin.class.php | 2 +-
4 files changed, 3 insertions(+), 19 deletions(-)
hooks/post-receive
--
FusionForge
_______________________________________________
Fusionforge-commits mailing list
[email protected]
http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-commits
