This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".
The branch, master has been updated
via c61fed8c46a975671cfd86d93b2b4668020603fb (commit)
via fcf3a94a80db1f268b0753457982c02402338bdd (commit)
via a274e3c758397427e372629dd0d97506a1da5271 (commit)
via 16f0ea99b306d4b1115484ef40e899c53cb6d482 (commit)
via 51672ca99898201894e8bfb3df93e21d486971af (commit)
via 1e39eebe3e030804ffd7042793742bc6bc4f7805 (commit)
via bdadb7cb3dfe6ffcdd3c27e16fead717cb3babfe (commit)
via 59afb86a3c91317014e16d2995c8a891426a48dc (commit)
via 1c0d761dde66524a8b1044839816ff29a643fa61 (commit)
via d21b4743e78227e7c12bec755d11e58eb7db6fe4 (commit)
via 506c56e728363b952c890d815f5bc7a57a67170d (commit)
via 13cca82afd4ae53cb4a493d022f811588b801300 (commit)
from 8e16422c439294fa3edd6f97f88f9b40ea8722e5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=c61fed8c46a975671cfd86d93b2b4668020603fb
commit c61fed8c46a975671cfd86d93b2b4668020603fb
Merge: 8e16422 fcf3a94
Author: Roland Mas <[email protected]>
Date: Fri Dec 9 18:39:27 2016 +0100
Merge branch '6.0'
diff --cc src/CHANGES
index 63dd92b,07d7902..3476ef0
--- a/src/CHANGES
+++ b/src/CHANGES
@@@ -1,50 -1,5 +1,51 @@@
+FusionForge 6.X:
+* Accounts: minimum password length is now 8 (Sylvain Beucler)
+* Accounts: add minimal constraints to password (upper-case, lower-case,
non-alphanumeric check) [#826] (Inria)
+* Docman: limit number of returned documents on search query. Use paging
system [#794] (TrivialDev)
+* Docman: limit search using from & to dates [#798] (TrivialDev)
+* Docman: use standard search engine: unify results between 'search in
project' & search in the docs tab (TrivialDev)
+* Docman: searchengine: DocsAll & Docs unified. (TrivialDev)
+* Docman: searchengine: add edit file action on result. (TrivialDev)
+* Docman: notify users on document. (TrivialDev)
+* Docman: support private directory. (TrivialDev)
+* Docman: support document versioning. (TrivialDev)
+* Docman: support cross ref. forum, documents, task or artifact. (TrivialDev)
+* Core System: support object association n-n, bidirectional (Artifact,
Document, FRSRelease) (TrivialDev)
+* FRS: link package release to tracker roadmap. (TrivialDev)
+* Layout: new dynamic quickNav menu: based on user activity to select 5 more
visited projects (TrivialDev)
+* Plugin AuthBuiltin: add captcha after 3 attempts with the same login [#795]
(TrivialDev)
+* Plugin AuthLDAP: support X_FORWARD_USER to delegate authentication and then
retrieve user from LDAP (TrivialDev)
+* Plugin GlobalActivity: forge-wide aggregation for project activities
(Roland Mas)
+* Projects Page: add paging system in full_list and tag_cloud subpages
(TrivialDev)
+* SearchEngine: support only FTI queries (TrivialDev)
+* Search: index project tags and use them for search (Roland Mas)
+* Search: provide language-specific settings for better indexation/search
(Roland Mas)
+* Site Admin: add paging system in userlist page [#799] (TrivialDev)
+* Site Admin: support widgets for forge home page (TrivialDev)
+* Soap: getArtifacts tracker function: support changed_from parameter
(TrivialDev)
+* Soap: getFlattedArtifacts function: to return as CSV export. All data in 1
call (TrivialDev)
+* Spellcheck (Anders Jonsson)
+* Taskboard: support multiple taskboards per project [#785] (TrivialDev)
+* Taskboard: support filtering tasks [#786] (TrivialDev)
+* Tracker: keep values in artifact new submit form on error. (TrivialDev)
+* Tracker: add new extrafield: text regex (TrivialDev)
+* Tracker: add new extrafield: User (TrivialDev)
+* Tracker: add new extrafield: DateTime (TrivialDev)
+* Tracker: add support for mandatory fields on workflow of artifact
(TrivialDev)
+* Tracker: add support for description on extrafield to be used in tooltip
(TrivialDev)
+* Tracker: fix extrafield cloning when not using default template fusionforge
project [#829] (TrivialDev)
+* Tracker: add support for autoassign [#151] & [#149] (TrivialDev)
+* Tracker: add default value support for extrafields (TrivialDev)
+* Tracker: CSV export, support lastModifiedDate filtering (TrivialDev)
+* Utils: cross ref document/release. Use [DNNN]/[RNNN] where NNN is the ID of
the document/frs release. (TrivialDev)
+* Web UI: upgrade splitter jquery plugin to 0.20.0 (TrivialDev)
+* Web UI: upgrade jquery ui to 1.12.1 (TrivialDev)
+* Web UI: upgrade jquery to 1.12.4 (Nokia)
+* Widget MySystasks: new widget for user to display systasks perform on user
projects (TrivialDev)
+* Widget ProjectScmStats: new widget for project to display SCM stats
(TrivialDev)
+
FusionForge 6.0.5:
+ * Docman: fix XSS attack (Roland Mas)
* Forum: fix redirection cache [#835] & [#836] (TrivialDev)
* FRS: fix error message on file upload with accent in filename [#838]
(TrivialDev)
* Plugin SCM SVN: fix activity when SVN repository is private [#813]
(TrivialDev)
diff --cc src/common/docman/views/search.php
index fa1ce0e,fcfd997..b1d3464
--- a/src/common/docman/views/search.php
+++ b/src/common/docman/views/search.php
@@@ -63,35 -53,12 +63,35 @@@ if ($search_type == 'one')
}
echo html_ao('div', array('id' => 'docman_search', 'class' =>
'docmanDivIncluded'));
-echo $HTML->openForm(array('method' => 'post', 'action' =>
util_make_uri('/docman/?group_id='.$group_id.'&view=search')));
-echo html_ao('div', array('id' => 'docman_search_query_words'));
-echo html_e('span', array('id' => 'docman_search_query_label'),
_('Query').utils_requiredField()._(': '));
-echo html_e('input', array('type' => 'text', 'name' => 'textsearch', 'id' =>
'textsearch', 'size' => 48, 'value' =>
stripslashes(htmlspecialchars($searchString)), 'required' => 'required',
'placeholder' => _('Searched words')));
-echo html_e('input', array('type' => 'submit', 'value' => _('Search')));
+echo html_ao('script', array('type' => 'text/javascript'));
+?>
+//<![CDATA[
+var controllerSearch;
+
+jQuery(document).ready(function() {
+ controllerSearch = new DocManSearchController({
+ buttonStartDate: jQuery('#limitByStartDate'),
+ buttonEndDate: jQuery('#limitByEndDate'),
+ datePickerStartDate: jQuery('#datepicker_start'),
+ datePickerEndDate: jQuery('#datepicker_end'),
+ });
+
+ jQuery('#datepicker_start').datepicker({
+ dateFormat: "<?php echo $date_format_js ?>"
+ });
+ jQuery('#datepicker_end').datepicker({
+ dateFormat: "<?php echo $date_format_js ?>"
+ });
+});
+
+//]]>
+<?php
echo html_ac(html_ap() - 1);
+echo $HTML->openForm(array('method' => 'post', 'action' =>
'/docman/?group_id='.$group_id.'&view=search'));
+echo html_e('div', array('id' => 'docman_search_query_words'),
+ html_e('span', array('id' => 'docman_search_query_label'),
_('Query').utils_requiredField()._(': ')).
- html_e('input', array('type' => 'text', 'name' => 'textsearch',
'id' => 'textsearch', 'size' => 48, 'value' => $searchString, 'required' =>
'required', 'placeholder' => _('Searched words'))).
++html_e('input', array('type' => 'text', 'name' => 'textsearch', 'id' =>
'textsearch', 'size' => 48, 'value' =>
stripslashes(htmlspecialchars($searchString)), 'required' => 'required',
'placeholder' => _('Searched words'))).
+ html_e('input', array('type' => 'submit', 'value' =>
_('Search'))));
echo html_ao('div', array('id' => 'docman_search_query_ckeckbox'));
echo html_e('input', $attrsInputSearchAll)._('With all the words');
echo html_e('input', $attrsInputSearchOne)._('With at least one of words');
diff --cc src/common/include/User.class.php
index 4424bb8,607fffe..c1c397e
--- a/src/common/include/User.class.php
+++ b/src/common/include/User.class.php
@@@ -192,7 -192,18 +192,17 @@@ function &user_get_all_users()
return user_get_objects (util_result_column_to_array($res,0)) ;
}
-
+ function filter_users_by_read_access($users) {
+ $filteredusers = array();
+ foreach ($users as $u) {
+ if ($u->getID() == user_getid() ||
forge_check_global_perm('forge_admin')) {
+ $filteredusers[] = $u;
+ }
+ }
+ return $filteredusers;
+ }
+
-class GFUser extends FFError {
+class FFUser extends FFError {
/**
* Associative array of data from db.
*
diff --cc src/etc/config.ini.d/defaults.ini
index 9de0344,e1fb9b6..76f121e
--- a/src/etc/config.ini.d/defaults.ini
+++ b/src/etc/config.ini.d/defaults.ini
@@@ -88,14 -89,7 +88,15 @@@ allow_project_without_template = ye
use_webdav = no
user_default_shell = "/bin/bash"
user_display_contact_info = yes
+forge_homepage_widget = no
+use_quicknav_default = yes
+use_home = yes
+use_my = yes
+check_password_strength = no
+use_object_associations = no
+use_tracker_widget_display = no
+use_docman_review = no
+ session_expire = 3600
scm_single_host = yes
system_user=fusionforge
diff --cc src/etc/httpd.conf.d/vhost-main.inc
index ec6c601,8061c24..455e8ab
--- a/src/etc/httpd.conf.d/vhost-main.inc
+++ b/src/etc/httpd.conf.d/vhost-main.inc
@@@ -19,10 -18,11 +19,11 @@@ SetEnv FF__core__config_path "${FF__cor
<Directory ${FF__core__source_path}/www>
Options Indexes FollowSymlinks
AllowOverride All
+ Options -Indexes
-
+
# define access restrictions for the main site
Include ${FF__core__config_path}/httpd.conf.d/auth-main.inc
-
+
#
# PHP settings
#
@@@ -64,15 -64,16 +65,16 @@@
<Directory ${FF__core__source_path}/vendor>
Options Indexes FollowSymlinks
AllowOverride All
-
+
Include ${FF__core__config_path}/httpd.conf.d/auth-main.inc
+ Options -Indexes
-
+
</Directory>
-<Location /projects>
+<Location ${FF__core__url_prefix}projects>
ForceType application/x-httpd-php
</Location>
-<Location /users>
+<Location ${FF__core__url_prefix}users>
ForceType application/x-httpd-php
</Location>
diff --cc src/www/soap/common/group.php
index e1b9282,d5d24d5..5a82218
--- a/src/www/soap/common/group.php
+++ b/src/www/soap/common/group.php
@@@ -336,19 -336,19 +336,19 @@@ function getGroups($session_ser, $group
$inputArgs = $inputArgs.':'.$group_ids[$i];
}
- $grps = group_get_objects($group_ids);
+ $grps = filter_groups_by_read_access(group_get_objects($group_ids));
if (!$grps) {
- return new soap_fault ('2001','group','Could Not Get Projects
by Id'.$inputArgs,$feedback);
+ return new soap_fault('2001', 'group', 'Could Not Get Projects
by Id'.$inputArgs, $feedback);
}
return groups_to_soap($grps);
}
-function &getGroupsByName($session_ser,$group_names) {
+function getGroupsByName($session_ser, $group_names) {
session_continue($session_ser);
- $grps = group_get_objects_by_name($group_names);
+ $grps =
filter_groups_by_read_access(group_get_objects_by_name($group_names));
if (!$grps) {
- return new soap_fault ('2002','group','Could Not Get Projects
by Name','Could Not Get Projects by Name');
+ return new soap_fault('2002', 'group', 'Could Not Get Projects
by Name', 'Could Not Get Projects by Name');
}
return groups_to_soap($grps);
@@@ -371,10 -371,10 +371,10 @@@ function getGroupByStatus($session_ser
continue_session($session_ser);
$res = db_query_params('SELECT group_id FROM groups WHERE status=$1',
array($status));
- $grps = group_get_objects(util_result_column_to_array($res,0));
+ $grps =
filter_groups_by_read_access(group_get_objects(util_result_column_to_array($res,0)));
if ($grps < 0) {
- return new soap_fault ('2004','group','Could Not Get Projects
by Status','Could Not Get Projects by Status');
+ return new soap_fault('2004', 'group', 'Could Not Get Projects
by Status', 'Could Not Get Projects by Status');
}
return groups_to_soap($grps);
diff --cc src/www/soap/common/user.php
index 98b40cd,fab6f8c..c455bdd
--- a/src/www/soap/common/user.php
+++ b/src/www/soap/common/user.php
@@@ -185,11 -185,11 +185,11 @@@ $server->register
);
//get user objects for array of user_ids
-function &getUsers($session_ser,$user_ids) {
+function getUsers($session_ser, $user_ids) {
continue_session($session_ser);
- $users = user_get_objects($user_ids);
+ $users = filter_users_by_read_access(user_get_objects($user_ids));
if (!$users) {
- return new soap_fault ('3001','user','Could Not Get Users By
Id','Could Not Get Users By Id');
+ return new soap_fault('3001', 'user', 'Could Not Get Users By
Id', 'Could Not Get Users By Id');
}
return users_to_soap($users);
@@@ -198,9 -198,9 +198,9 @@@
//get active user objects
function getActiveUsers($session_ser) {
continue_session($session_ser);
- $users = user_get_active_users();
+ $users = filter_users_by_read_access(user_get_active_users());
if (!$users) {
- return new soap_fault ('3001','getActiveUsers','Could Not Get
Forge Users','Could Not Get Forge Users');
+ return new soap_fault('3001', 'getActiveUsers', 'Could Not Get
Forge Users', 'Could Not Get Forge Users');
}
return users_to_soap($users);
@@@ -212,12 -212,15 +212,15 @@@ function getGroupUsers($session_ser, $g
$group = group_get_object($group_id);
- if (!$group || !is_object($group)) {
+ if (!forge_check_perm ('project_read', $group_id)) {
+ $errMsg = 'Permission denied';
+ return new soap_fault ('3002','getGroupUsers',$errMsg,$errMsg);
+ } elseif (!$group || !is_object($group)) {
$errMsg = 'Could not get group: '.$group->getErrorMessage();
- return new soap_fault ('3002','getGroupUsers',$errMsg,$errMsg);
+ return new soap_fault('3002', 'getGroupUsers', $errMsg,
$errMsg);
} elseif ($group->isError()) {
$errMsg = 'Could not get group: '.$group->getErrorMessage();
- return new soap_fault ('3002','getGroupUsers',$errMsg,$errMsg);
+ return new soap_fault('3002', 'getGroupUsers', $errMsg,
$errMsg);
}
$members = $group->getUsers();
if (!$members) {
@@@ -229,11 -232,11 +232,11 @@@
}
//get user objects for array of unix_names
-function getUsersByName($session_ser,$user_names) {
+function getUsersByName($session_ser, $user_names) {
continue_session($session_ser);
- $usrs = user_get_objects_by_name($user_names);
+ $usrs =
filter_users_by_read_access(user_get_objects_by_name($user_names));
if (!$usrs) {
- return new soap_fault ('3002','user','Could Not Get Users By
Name','Could Not Get Users By Name');
+ return new soap_fault('3002', 'user', 'Could Not Get Users By
Name', 'Could Not Get Users By Name');
}
return users_to_soap($usrs);
@@@ -254,77 -257,77 +257,77 @@@ function addUser($unix_name, $firstname
}
//update user object
-function updateUser
($session_ser,$user_id,$firstname,$lastname,$language_id,$timezone,$mail_site,$mail_va,$use_ratings,$jabber_address,$jabber_only,$theme_id,$address,$address2,$phone,$fax,$title,$ccode){
+function updateUser ($session_ser, $user_id, $firstname, $lastname,
$language_id, $timezone, $mail_site, $mail_va, $use_ratings, $jabber_address,
$jabber_only, $theme_id, $address, $address2, $phone, $fax, $title, $ccode) {
continue_session($session_ser);
$user = user_get_object($user_id);
- if (!$user || !is_object($user)) {
+ if (!$user || !is_object($user) || !($u->getID() == user_getid() ||
forge_check_global_perm('forge_admin'))) {
- return new soap_fault ('updateUser','Could Not Get User','Could
Not Get User');
+ return new soap_fault('updateUser', 'Could Not Get User',
'Could Not Get User');
}
- if
(!$user->update($firstname,$lastname,$language_id,$timezone,$mail_site,$mail_va,$use_ratings,$jabber_address,$jabber_only,$theme_id,$address,$address2,$phone,$fax,$title,$ccode)){
- return new soap_fault
('updateUser',$user->getErrorMessage(),$user->getErrorMessage());
- }else{
+ if (!$user->update($firstname, $lastname, $language_id, $timezone,
$mail_site, $mail_va, $use_ratings, $jabber_address, $jabber_only, $theme_id,
$address, $address2, $phone, $fax, $title, $ccode)) {
+ return new soap_fault('updateUser', $user->getErrorMessage(),
$user->getErrorMessage());
+ } else {
return $user->getID();
}
}
//delete user object
-function deleteUser ($session_ser,$user_id){
+function deleteUser ($session_ser, $user_id) {
continue_session($session_ser);
$user = user_get_object($user_id);
- if (!$user || !is_object($user)) {
+ if (!$user || !is_object($user) ||
!forge_check_global_perm('forge_admin')) {
- return new soap_fault ('deleteUser','Could Not Get User','Could
Not Get User');
- }elseif ($user->isError()){
- return new soap_fault
('deleteUser',$user->getErrorMessage(),$user->getErrorMessage());
+ return new soap_fault('deleteUser', 'Could Not Get User',
'Could Not Get User');
+ } elseif ($user->isError()) {
+ return new soap_fault('deleteUser', $user->getErrorMessage(),
$user->getErrorMessage());
}
- if (!$user->delete(true)){
- return new soap_fault
('deleteUser',$user->getErrorMessage(),$user->getErrorMessage());
- }else{
+ if (!$user->delete(true)) {
+ return new soap_fault('deleteUser', $user->getErrorMessage(),
$user->getErrorMessage());
+ } else {
return true;
}
}
//change status user object
-function changeStatus ($session_ser,$user_id,$status){
+function changeStatus ($session_ser, $user_id, $status) {
continue_session($session_ser);
$user = user_get_object($user_id);
- if (!$user || !is_object($user)) {
+ if (!$user || !is_object($user) ||
!forge_check_global_perm('forge_admin')) {
- return new soap_fault ('changeStatus','Could Not Get
User','Could Not Get User');
- }elseif ($user->isError()){
- return new soap_fault
('changeStatus',$user->getErrorMessage(),$user->getErrorMessage());
+ return new soap_fault('changeStatus', 'Could Not Get User',
'Could Not Get User');
+ } elseif ($user->isError()) {
+ return new soap_fault('changeStatus', $user->getErrorMessage(),
$user->getErrorMessage());
}
- if (!$user->setStatus($status)){
- return new soap_fault
('changeStatus',$user->getErrorMessage(),$user->getErrorMessage());
- }else{
+ if (!$user->setStatus($status)) {
+ return new soap_fault('changeStatus', $user->getErrorMessage(),
$user->getErrorMessage());
+ } else {
return true;
}
}
//change password user object
-function changePassword ($session_ser,$user_id,$password){
+function changePassword ($session_ser, $user_id, $password) {
continue_session($session_ser);
$user = user_get_object($user_id);
- if (!$user || !is_object($user)) {
+ if (!$user || !is_object($user) || !($u->getID() == user_getid() ||
forge_check_global_perm('forge_admin'))) {
- return new soap_fault ('changePassword','Could Not Get
User','Could Not Get User');
- }elseif ($user->isError()){
- return new soap_fault
('changePassword',$user->getErrorMessage(),$user->getErrorMessage());
+ return new soap_fault('changePassword', 'Could Not Get User',
'Could Not Get User');
+ } elseif ($user->isError()) {
+ return new soap_fault('changePassword',
$user->getErrorMessage(), $user->getErrorMessage());
}
- if (!$user->setPasswd($password)){
- return new soap_fault
('changePassword',$user->getErrorMessage(),$user->getErrorMessage());
- }else{
+ if (!$user->setPasswd($password)) {
+ return new soap_fault('changePassword',
$user->getErrorMessage(), $user->getErrorMessage());
+ } else {
return true;
}
}
//get groups for user_id
-function &userGetGroups($session_ser,$user_id) {
+function userGetGroups($session_ser, $user_id) {
continue_session($session_ser);
$user = user_get_object($user_id);
- if (!$user) {
+ if (!$user || !is_object($user) || !($u->getID() == user_getid() ||
forge_check_global_perm('forge_admin'))) {
- return new soap_fault ('3003','user','Could Not Get Users
Projects','Could Not Get Users Projects');
+ return new soap_fault('3003', 'user', 'Could Not Get Users
Projects', 'Could Not Get Users Projects');
}
return groups_to_soap($user->getGroups());
}
-----------------------------------------------------------------------
Summary of changes:
src/CHANGES | 2 +
src/common/docman/views/search.php | 2 +-
src/common/include/AuthPlugin.class.php | 7 +++
src/common/include/Group.class.php | 10 ++++
src/common/include/User.class.php | 10 ++++
src/common/include/forms.php | 10 ++--
src/common/include/pre.php | 2 +
src/common/include/session.php | 11 ++--
src/etc/config.ini.d/defaults.ini | 1 +
src/etc/httpd.conf.d/vhost-main.inc | 2 +
.../authbuiltin/common/AuthBuiltinPlugin.class.php | 1 +
.../authldap/common/AuthLDAPPlugin.class.php | 1 +
.../common/ContribTrackerPlugin.class.php | 8 +--
src/www/activity/index.php | 4 +-
.../AdvancedSearchHtmlSearchRenderer.class.php | 4 +-
src/www/search/index.php | 2 +-
src/www/soap/common/group.php | 10 +++-
src/www/soap/common/user.php | 21 ++++---
tests/func/10_Site/loginTest.php | 69 +++++++++++++++-------
tests/func/50_PluginsScmGit/gitSmartHTTPTest.php | 41 +++++++------
tests/func_tests.sh | 5 +-
21 files changed, 152 insertions(+), 71 deletions(-)
hooks/post-receive
--
FusionForge
_______________________________________________
Fusionforge-commits mailing list
[email protected]
http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-commits
