This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".
The branch, master has been updated
via 532c61b23ca4a979aad9da542c4d310afae27541 (commit)
from d54b5a5ec9c1a96d1205cdabc8927307814c7d8a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=532c61b23ca4a979aad9da542c4d310afae27541
commit 532c61b23ca4a979aad9da542c4d310afae27541
Author: Franck Villaume <[email protected]>
Date: Sun Mar 5 12:50:47 2017 +0100
clean up
diff --git a/src/common/include/session.php b/src/common/include/session.php
index 5d06352..c84781b 100644
--- a/src/common/include/session.php
+++ b/src/common/include/session.php
@@ -188,7 +188,7 @@ function session_logout() {
*
*/
function session_login_valid($loginname, $passwd, $allowpending = 0) {
- global $feedback, $error_msg, $warning_msg;
+ global $feedback, $warning_msg;
if (!$loginname || !$passwd) {
$warning_msg = _('Missing Password Or User Name');
@@ -236,7 +236,7 @@ function session_login_valid_dbonly($loginname, $passwd,
$allowpending) {
$userstatus = $usr['status'] ;
if ($usr['unix_pw'] !== crypt($passwd, $usr['unix_pw'])) {
- // (crypt) unix_pw does not patch
+ // (crypt) unix_pw does not match
$error_msg = _('Invalid Password Or User Name');
return false;
}
diff --git a/src/plugins/authbuiltin/www/post-login.php
b/src/plugins/authbuiltin/www/post-login.php
index 2138135..2fe4f0a 100644
--- a/src/plugins/authbuiltin/www/post-login.php
+++ b/src/plugins/authbuiltin/www/post-login.php
@@ -33,7 +33,7 @@ header("Cache-Control: must-revalidate");
require_once '../../../www/env.inc.php';
require_once $gfcommon.'include/pre.php';
-require_once '../../../www/include/login-form.php';
+require_once $gfwww.'include/login-form.php';
/* because session_check_credentials_in_database is setting warning_msg */
global $warning_msg;
@@ -52,11 +52,6 @@ if (session_loggedin()) {
session_redirect('/my');
}
-//
-// Validate return_to
-//
-validate_return_to($return_to);
-
if (forge_get_config('use_ssl') && !session_issecure()) {
//force use of SSL for login
header('Location:
https://'.getStringFromServer('HTTP_HOST').getStringFromServer('REQUEST_URI'));
@@ -78,6 +73,7 @@ if ($login) {
$plugin->startSession($form_loginname);
}
if ($return_to) {
+ validate_return_to($return_to);
session_redirect($return_to);
} else {
session_redirect('/my');
@@ -102,18 +98,18 @@ if ($login) {
}
} elseif ($userstatus == "P") {
$warning_msg .= '<br />' . _('Your account is currently pending
your email confirmation.')
- . '<br/>' . _('Visiting the link sent
to you in this email will activate your account.')
- . '<br/>' . _('If you need this email resent, please
click below and a confirmation email will be sent to the email address you
provided in registration.')
- . '<br/>' . sprintf('<a href="%1$s">%2$s</a>',
-
util_make_url("/account/pending-resend.php?form_user=".htmlspecialchars($form_loginname)),
- _('Resend Confirmation Email'));
+ . '<br/>' . _('Visiting the
link sent to you in this email will activate your account.')
+ . '<br/>' . _('If you need this
email resent, please click below and a confirmation email will be sent to the
email address you provided in registration.')
+ . '<br/>' . sprintf('<a
href="%1$s">%2$s</a>',
+
util_make_url("/account/pending-resend.php?form_user=".htmlspecialchars($form_loginname)),
+ _('Resend
Confirmation Email'));
} elseif ($userstatus == "D") {
- $error_msg = '<br />' . sprintf(_('Your %1$s account
has been removed by %1$s staff.'), forge_get_config('forge_name'))
- . '<br/>' . _('This may occur for two reasons, either 1)
you requested that your account be removed; or 2) some action has been
performed using your account which has been seen as objectionable (i.e. you
have breached the terms of service for use of your account) and your account
has been revoked for administrative reasons.')
- . '<br/>' . sprintf(_('Should you have questions or
concerns regarding this matter, please log a <a href="%s">support
request</a>.'), util_make_url("/support/?group_id=1"))
- . '<br/>' . _('Thank you')
- . '<br/>'
- . '<br/>' . sprintf(_('-- the %s staff'),
forge_get_config('forge_name'));
+ $error_msg = '<br />' . sprintf(_('Your %1$s account has been
removed by %1$s staff.'), forge_get_config('forge_name'))
+ . '<br/>' . _('This may occur for two reasons,
either 1) you requested that your account be removed; or 2) some action has
been performed using your account which has been seen as objectionable (i.e.
you have breached the terms of service for use of your account) and your
account has been revoked for administrative reasons.')
+ . '<br/>' . sprintf(_('Should you have
questions or concerns regarding this matter, please log a <a href="%s">support
request</a>.'), util_make_url("/support/?group_id=1"))
+ . '<br/>' . _('Thank you')
+ . '<br/>'
+ . '<br/>' . sprintf(_('-- the %s staff'),
forge_get_config('forge_name'));
}
}
diff --git a/src/plugins/authcas/common/AuthCASPlugin.class.php
b/src/plugins/authcas/common/AuthCASPlugin.class.php
index 8d03e47..63d6ca8 100644
--- a/src/plugins/authcas/common/AuthCASPlugin.class.php
+++ b/src/plugins/authcas/common/AuthCASPlugin.class.php
@@ -1,5 +1,6 @@
<?php
-/** External authentication via CAS for FusionForge
+/**
+ * External authentication via CAS for FusionForge
* Copyright 2007, Benoit Lavenier <[email protected]>
* Copyright 2011, Roland Mas
*
@@ -28,7 +29,6 @@ require_once $gfcommon.'include/AuthPlugin.class.php';
*/
class AuthCASPlugin extends ForgeAuthPlugin {
function __construct() {
- global $gfconfig;
parent::__construct();
$this->name = "authcas";
$this->text = _("CAS authentication");
@@ -99,7 +99,7 @@ server.");
$params['transparent_redirect_urls'][$this->name] =
util_make_url('/plugins/'.$this->name.'/post-login.php?return_to='.htmlspecialchars(stripslashes($return_to)).'&login=1');
}
- /**
+ /**
* Is there a valid session?
* @param unknown_type $params
*/
@@ -126,7 +126,6 @@ server.");
if ($this->isSufficient()) {
$this->saved_user = $user;
$params['results'][$this->name] =
FORGE_AUTH_AUTHORITATIVE_ACCEPT;
-
} else {
$params['results'][$this->name] =
FORGE_AUTH_NOT_AUTHORITATIVE;
}
diff --git a/src/plugins/authhttpd/www/post-login.php
b/src/plugins/authhttpd/www/post-login.php
index 3ca4c55..bbc0c93 100644
--- a/src/plugins/authhttpd/www/post-login.php
+++ b/src/plugins/authhttpd/www/post-login.php
@@ -32,7 +32,7 @@ Header( "Cache-Control: must-revalidate");
require_once '../../../www/env.inc.php';
require_once $gfcommon.'include/pre.php';
-require_once '../../../www/include/login-form.php';
+require_once $gfwww.'include/login-form.php';
$plugin = plugin_get_object('authhttpd');
@@ -52,12 +52,9 @@ if ($plugin->isSufficient() &&
isset($GLOBALS['REMOTE_USER'])) {
}
if ($return_to) {
validate_return_to($return_to);
-
- header ("Location: " . util_make_url($return_to));
- exit;
+ session_redirect($return_to);
} else {
- header ("Location: " . util_make_url("/my"));
- exit;
+ session_redirect('/my');
}
// Local Variables:
diff --git a/src/plugins/authldap/www/post-login.php
b/src/plugins/authldap/www/post-login.php
index b6189ee..6d4b699 100644
--- a/src/plugins/authldap/www/post-login.php
+++ b/src/plugins/authldap/www/post-login.php
@@ -30,7 +30,7 @@ Header( "Cache-Control: must-revalidate");
require_once '../../../www/env.inc.php';
require_once $gfcommon.'include/pre.php';
-require_once '../../../www/include/login-form.php';
+require_once $gfwww.'include/login-form.php';
global $error_msg, $warning_msg;
@@ -42,24 +42,6 @@ $form_loginname = getStringFromRequest('form_loginname');
$form_pw = getStringFromRequest('form_pw');
$triggered = getIntFromRequest('triggered');
-//
-// Validate return_to
-//
-if ($return_to) {
- $tmpreturn=explode('?',$return_to);
- $rtpath = $tmpreturn[0] ;
-
- if (@is_file(forge_get_config('url_root').$rtpath)
- || @is_dir(forge_get_config('url_root').$rtpath)
- || (strpos($rtpath,'/projects') == 0)
- || (strpos($rtpath,'/plugins/mediawiki') == 0)) {
- $newrt = $return_to ;
- } else {
- $newrt = '/' ;
- }
- $return_to = $newrt ;
-}
-
if (forge_get_config('use_ssl') && !session_issecure()) {
//force use of SSL for login
header('Location:
https://'.getStringFromServer('HTTP_HOST').getStringFromServer('REQUEST_URI'));
@@ -82,6 +64,7 @@ if ($login) {
$plugin->startSession($form_loginname);
}
if ($return_to) {
+ validate_return_to($return_to);
session_redirect($return_to);
} else {
session_redirect('/my');
-----------------------------------------------------------------------
Summary of changes:
src/common/include/session.php | 4 +--
src/plugins/authbuiltin/www/post-login.php | 30 ++++++++++------------
src/plugins/authcas/common/AuthCASPlugin.class.php | 7 +++--
src/plugins/authhttpd/www/post-login.php | 9 +++----
src/plugins/authldap/www/post-login.php | 21 ++-------------
5 files changed, 23 insertions(+), 48 deletions(-)
hooks/post-receive
--
FusionForge
_______________________________________________
Fusionforge-commits mailing list
[email protected]
http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-commits
