Menu
▾
▴
phpbt-dev — Developer's mailing list and cvs commits
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(34) |
Aug
(215) |
Sep
(180) |
Oct
(135) |
Nov
(105) |
Dec
(81) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(76) |
Feb
(22) |
Mar
(154) |
Apr
(149) |
May
(128) |
Jun
(94) |
Jul
(14) |
Aug
(24) |
Sep
(77) |
Oct
(52) |
Nov
(22) |
Dec
(6) |
| 2003 |
Jan
(4) |
Feb
(10) |
Mar
(6) |
Apr
(29) |
May
(10) |
Jun
(37) |
Jul
(39) |
Aug
(13) |
Sep
(23) |
Oct
(3) |
Nov
(7) |
Dec
(2) |
| 2004 |
Jan
|
Feb
(10) |
Mar
(4) |
Apr
|
May
(35) |
Jun
(4) |
Jul
(17) |
Aug
(6) |
Sep
(14) |
Oct
(18) |
Nov
(2) |
Dec
(14) |
| 2005 |
Jan
(9) |
Feb
(30) |
Mar
(6) |
Apr
|
May
(38) |
Jun
(23) |
Jul
(21) |
Aug
(76) |
Sep
(50) |
Oct
(51) |
Nov
(13) |
Dec
|
|
From: Benjamin C. <bc...@us...> - 2002-05-06 12:47:34
|
Update of /cvsroot/phpbt/phpbt/templates/default
In directory usw-pr-cvs1:/tmp/cvs-serv25919/templates/default
Modified Files:
footer.html
Log Message:
Fixes bug #551012 - Unable to login from the account creation page
Index: footer.html
===================================================================
RCS file: /cvsroot/phpbt/phpbt/templates/default/footer.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- footer.html 3 Apr 2002 19:01:04 -0000 1.2
+++ footer.html 6 May 2002 12:47:31 -0000 1.3
@@ -5,7 +5,11 @@
 
</td>
<td height="30" class="bottomnav">
- <form method="post" action="{$smarty.server.REQUEST_URI}">
+ {if NO_AUTH}
+ <form method="post" action="index.php">
+ {else}
+ <form method="post" action="{$smarty.server.REQUEST_URI}">
+ {/if}
{if not $smarty.session.uid}
{if EMAIL_IS_LOGIN}
|
|
From: Benjamin C. <bc...@us...> - 2002-05-05 16:33:15
|
Update of /cvsroot/phpbt/phpbt
In directory usw-pr-cvs1:/tmp/cvs-serv16628
Modified Files:
index.php
Log Message:
Fixes bug #542242 - Fail nicely with no bugs in db and jpgraph enabled
Index: index.php
===================================================================
RCS file: /cvsroot/phpbt/phpbt/index.php,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -r1.30 -r1.31
--- index.php 8 Apr 2002 12:54:25 -0000 1.30
+++ index.php 5 May 2002 16:33:12 -0000 1.31
@@ -43,6 +43,8 @@
}
function build_image($restricted_projects) {
+ global $STRING;
+
error_reporting(0); // Force this, just in case
include_once JPGRAPH_PATH.'jpgraph.php';
include_once JPGRAPH_PATH.'jpgraph_pie.php';
@@ -57,6 +59,10 @@
$alts[] = $stat['name'];
$totalbugs += $stat['count'];
}
+ }
+
+ if (!$totalbugs) {
+ return $STRING['nobugs'];
}
// Create the Pie Graph.
|
|
From: Benjamin C. <bc...@us...> - 2002-05-05 16:24:49
|
Update of /cvsroot/phpbt/phpbt
In directory usw-pr-cvs1:/tmp/cvs-serv14277
Modified Files:
bug.php
Log Message:
Fixes bug #550178 - Problems with CC addresses
Index: bug.php
===================================================================
RCS file: /cvsroot/phpbt/phpbt/bug.php,v
retrieving revision 1.99
retrieving revision 1.100
diff -u -r1.99 -r1.100
--- bug.php 26 Apr 2002 12:02:13 -0000 1.99
+++ bug.php 5 May 2002 16:24:46 -0000 1.100
@@ -239,7 +239,7 @@
// Collect the CCs
if ($ccs = $db->getCol(sprintf($QUERY['bug-cc-list'], $buginfo['bug_id']))) {
- array_push($maillist, $ccs);
+ array_merge($maillist, $ccs);
}
// Later add a watcher (such as QA person) check here
|
|
From: Benjamin C. <bc...@us...> - 2002-05-05 16:24:49
|
Update of /cvsroot/phpbt/phpbt/templates/default
In directory usw-pr-cvs1:/tmp/cvs-serv14277/templates/default
Modified Files:
bugdisplay.html
Log Message:
Fixes bug #550178 - Problems with CC addresses
Index: bugdisplay.html
===================================================================
RCS file: /cvsroot/phpbt/phpbt/templates/default/bugdisplay.html,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- bugdisplay.html 11 Apr 2002 16:08:05 -0000 1.26
+++ bugdisplay.html 5 May 2002 16:24:47 -0000 1.27
@@ -135,7 +135,7 @@
<td colspan="2" valign="top">
Remove selected CCs:
<br>
- <select name="remove_cc[]" size="5" style="width: 15em" multiple>{build_select box=cclist selected=$bug_id}</select>
+ <select name="remove_cc[]" size="5" style="width: 15em" multiple>{build_select box=bug_cc selected=$bug_id}</select>
</td>
</tr>
</table>
|
|
From: Benjamin C. <bc...@us...> - 2002-05-02 13:34:44
|
Update of /cvsroot/phpbt/phpbt/inc
In directory usw-pr-cvs1:/tmp/cvs-serv2462/inc
Modified Files:
functions.php
Log Message:
Bug fix for my latest bug fix
Index: functions.php
===================================================================
RCS file: /cvsroot/phpbt/phpbt/inc/functions.php,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- functions.php 1 May 2002 12:12:17 -0000 1.21
+++ functions.php 2 May 2002 13:17:57 -0000 1.22
@@ -70,9 +70,13 @@
'status' => $querystart.' where sort_order > 0 order by sort_order',
'resolution' => $querystart.' where sort_order > 0 order by sort_order',
'project' => $perm->have_perm('Admin')
- ? $querystart." where (active > 0 or project_id in ($selected)) order by {$box}_name"
+ ? $querystart." where ".
+ ($selected ? "(active > 0 or project_id in ($selected))" : 'active > 0').
+ " order by {$box}_name"
: $querystart." where project_id not in ($restricted_projects)".
- " and (active > 0 or project_id in ($selected)) order by {$box}_name",
+ " and ".
+ ($selected ? " (active > 0 or project_id in ($selected))" : 'active > 0').
+ " order by {$box}_name",
'component' => $querystart." where project_id = $project and active = 1 order by {$box}_name",
'version' => $querystart." where project_id = $project and active = 1 order by {$box}_id desc"
);
|
|
From: Jirka P. <fi...@us...> - 2002-05-02 08:35:41
|
Update of /cvsroot/phpbt/phpbt/templates/default/admin
In directory usw-pr-cvs1:/tmp/cvs-serv22133/phpbt/templates/default/admin
Modified Files:
userlist.html
Log Message:
Scrollbars=auto not working (bug 551262). It's browser specific.
Index: userlist.html
===================================================================
RCS file: /cvsroot/phpbt/phpbt/templates/default/admin/userlist.html,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- userlist.html 11 Apr 2002 16:08:05 -0000 1.8
+++ userlist.html 2 May 2002 08:35:38 -0000 1.9
@@ -6,7 +6,7 @@
{literal}
function popupUser(id) {
- window.open(me + '?op=edit&use_js=1&user_id='+id, 'ewin', 'dependent=yes, width=350, height=300, scrollbars=auto');
+ window.open(me + '?op=edit&use_js=1&user_id='+id, 'ewin', 'dependent=yes,width=350,height=300,scrollbars=1');
}
{/literal}
// -->
|
|
From: Jirka P. <fi...@us...> - 2002-05-02 08:06:45
|
> Perhaps you could post a sample of that changes that you are planning to > make, or just make changes to one file, so we can take a look at what > you are planning on a large scale. I'm not quite clear from your > description below on everything that has change, and I'd like to have a > better understanding on that regard. One thing I don't understand is > the role the magic quotes play in this. Well, I'll try to describe it somehow better (I hope, but my english is not= perfect). We have 3 boolean configuration directives: magic_quotes_gpc, ma= gic_quotes_runtime and magic_quotes_sybase. So there are function correspon= ding to these three directives except for magic_quotes_sybase. Magic_Quotes_GPC directive sets the magic_quotes state for Get, Post and Co= okie operations. When magic_quotes are on, all ' (single-quote), " (double = quote), \ (backslash) and NUL's are escaped with a backslash automatically.= If magic_quotes_sybase is also on, a single-quote is escaped with a single= -quote instead of a backslash if magic_quotes_gpc or magic_quotes_runtime i= s enabled. If magic_quotes_runtime is enabled, most functions that return data from an= y sort of external source including databases and text files will have quot= es escaped with a backslash. If magic_quotes_sybase is also on, a single-qu= ote is escaped with a single-quote instead of a backslash. So, for me it seems to be good, if we set magic_quotes on for GPC operation= s. Then there will be no need to check the strings returned from user input= or translate those strings with htmlspecialchars, htmlentities or addslash= es. Then we can put the strings from user input directly into the database,= without any conversion. Opposite is getting them from the database. When we leave magic_quotes_runt= ime set to off, we will get strings without slashes from the database. Then= we can handle all three cases (described in my previous e-mail) of printin= g these strings by using only htmlspecialchars function. I hope this will help for user input handling and printing out to be transp= arent and it will never touch various national special chars. As you see, it's not possible to do only some small changes, because it is = complex change and maybe a change of string handling concept used in PHPBT = until today, but probably every line of code, which is handling strings, ha= s to be changed. Is it OK to do it or do you think there is a better way, n= ot seen by me? I don't say my way is the only possible way. Jirka |
|
From: alextxm <al...@ti...> - 2002-05-01 14:22:24
|
Trying to login from the "New Account" page gives a "Fatal error: Call to a member function on a non-object in include.php on line 163" error. Step to reproduce: 1) goto index page of your phpBT installation (without being logged in) 2) choice "Create New Account" from the left menu bar 3) instead of filling the form for the new account, use the login form at the bottom of the page opening a bug report for this Bye, Alessandro -- Alessandro "TXM" Pisani - alextxm at tin dot it - ICQ: #2209087 "I will carry you through, kicking and screaming, and in the end you will thank me" - Tyler Durden [from "Fight Club"] |
|
From: alextxm <al...@ti...> - 2002-05-01 14:09:13
|
On Wed, 2002-05-01 at 13:39, Ben Curtis wrote: > That would be most appreciated. I simply cannot reproduce the logging > off problems you encountered. Anyone else have a problem with it? Due to tests done side-by-side with Benjamin (which solved the problem I was having on SF with phpbt), i can now say: indeed the auth.php patch work!! Go on and roll 0.8.2 out ;) Alessandro -- Alessandro "TXM" Pisani - alextxm at tin dot it - ICQ: #2209087 "I will carry you through, kicking and screaming, and in the end you will thank me" - Tyler Durden [from "Fight Club"] |
|
From: Ben C. <php...@be...> - 2002-05-01 12:47:40
|
That would be most appreciated. I simply cannot reproduce the logging off problems you encountered. Anyone else have a problem with it? On Wed, May 01, 2002 at 02:33:35PM +0200, alextxm wrote: > On Wed, 2002-05-01 at 13:29, Ben Curtis wrote: > > I'm planning on releasing a bugfix version in the next couple of days from > > the HEAD that includes this heinous session problem resolution. Please > > let me know if there is anything that you feel needs to be resolved > > before this release is made. Thanks! > Ben: the session-handling problems need more investigation IMHO... i'm > going to do another complete set of tests today. > > Bye, > Alessandro > > -- > Alessandro "TXM" Pisani - alextxm at tin dot it - ICQ: #2209087 > > "I will carry you through, kicking and screaming, > and in the end you will thank me" > - Tyler Durden [from "Fight Club"] > |
|
From: alextxm <al...@ti...> - 2002-05-01 12:41:19
|
On Wed, 2002-05-01 at 13:29, Ben Curtis wrote: > I'm planning on releasing a bugfix version in the next couple of days from > the HEAD that includes this heinous session problem resolution. Please > let me know if there is anything that you feel needs to be resolved > before this release is made. Thanks! Ben: the session-handling problems need more investigation IMHO... i'm going to do another complete set of tests today. Bye, Alessandro -- Alessandro "TXM" Pisani - alextxm at tin dot it - ICQ: #2209087 "I will carry you through, kicking and screaming, and in the end you will thank me" - Tyler Durden [from "Fight Club"] |
|
From: Ben C. <php...@be...> - 2002-05-01 12:37:58
|
I'm planning on releasing a bugfix version in the next couple of days from the HEAD that includes this heinous session problem resolution. Please let me know if there is anything that you feel needs to be resolved before this release is made. Thanks! |
|
From: Benjamin C. <bc...@us...> - 2002-05-01 12:20:58
|
Update of /cvsroot/phpbt/phpbt/schemas
In directory usw-pr-cvs1:/tmp/cvs-serv20391/schemas
Modified Files:
mysql.in oci8.in pgsql.in
Log Message:
Add a little help text to the JPGRAPH_PATH variable
Index: mysql.in
===================================================================
RCS file: /cvsroot/phpbt/phpbt/schemas/mysql.in,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- mysql.in 10 Apr 2002 14:16:05 -0000 1.24
+++ mysql.in 1 May 2002 12:20:55 -0000 1.25
@@ -284,7 +284,7 @@
INSERT INTO TBL_USER_PREF (user_id) SELECT USER_ID FROM TBL_AUTH_USER;
INSERT INTO TBL_CONFIGURATION VALUES ('INSTALL_URL','OPTION_INSTALL_URL','The base URL of the phpBugTracker installation','string');
-INSERT INTO TBL_CONFIGURATION VALUES ('JPGRAPH_PATH','','If not in the include path','string');
+INSERT INTO TBL_CONFIGURATION VALUES ('JPGRAPH_PATH','','If not in the include path. This is the file path on the web server, not a URL.','string');
INSERT INTO TBL_CONFIGURATION VALUES ('CVS_WEB','http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/phpbt/phpbt/','Location of your cvs web interface (see format_comments() in bug.php)','string');
INSERT INTO TBL_CONFIGURATION VALUES ('ADMIN_EMAIL','OPTION_PHPBT_EMAIL','The email address used in correspondence from the bug tracker','string');
INSERT INTO TBL_CONFIGURATION VALUES ('ENCRYPT_PASS','OPTION_ENCRYPT_PASS','Whether to store passwords encrypted. <b>Warning:</b> Changing this after users have been created will result in their being unable to login.','bool');
Index: oci8.in
===================================================================
RCS file: /cvsroot/phpbt/phpbt/schemas/oci8.in,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- oci8.in 4 Apr 2002 00:33:42 -0000 1.10
+++ oci8.in 1 May 2002 12:20:55 -0000 1.11
@@ -283,7 +283,7 @@
INSERT INTO TBL_USER_PREF (user_id) values (1);
INSERT INTO TBL_CONFIGURATION VALUES ('INSTALL_URL','OPTION_INSTALL_URL','The base URL of the phpBugTracker installation','string');
-INSERT INTO TBL_CONFIGURATION VALUES ('JPGRAPH_PATH','','If not in the include path','string');
+INSERT INTO TBL_CONFIGURATION VALUES ('JPGRAPH_PATH','','If not in the include path. This is the file path on the web server, not a URL.','string');
INSERT INTO TBL_CONFIGURATION VALUES ('CVS_WEB','http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/phpbt/phpbt/','Location of your cvs web interface (see format_comments() in bug.php)','string');
INSERT INTO TBL_CONFIGURATION VALUES ('ADMIN_EMAIL','OPTION_PHPBT_EMAIL','The email address used in correspondence from the bug tracker','string');
INSERT INTO TBL_CONFIGURATION VALUES ('ENCRYPT_PASS','OPTION_ENCRYPT_PASS','Whether to store passwords encrypted. <b>Warning:</b> Changing this after users have been created will result in their being unable to login.','bool');
Index: pgsql.in
===================================================================
RCS file: /cvsroot/phpbt/phpbt/schemas/pgsql.in,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- pgsql.in 11 Apr 2002 22:17:14 -0000 1.27
+++ pgsql.in 1 May 2002 12:20:55 -0000 1.28
@@ -280,7 +280,7 @@
INSERT INTO TBL_USER_PREF (user_id) values (1);
INSERT INTO TBL_CONFIGURATION VALUES ('INSTALL_URL','OPTION_INSTALL_URL','The base URL of the phpBugTracker installation','string');
-INSERT INTO TBL_CONFIGURATION VALUES ('JPGRAPH_PATH','','If not in the include path','string');
+INSERT INTO TBL_CONFIGURATION VALUES ('JPGRAPH_PATH','','If not in the include path. This is the file path on the web server, not a URL.','string');
INSERT INTO TBL_CONFIGURATION VALUES ('CVS_WEB','http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/phpbt/phpbt/','Location of your cvs web interface (see format_comments() in bug.php)','string');
INSERT INTO TBL_CONFIGURATION VALUES ('ADMIN_EMAIL','OPTION_PHPBT_EMAIL','The email address used in correspondence from the bug tracker','string');
INSERT INTO TBL_CONFIGURATION VALUES ('ENCRYPT_PASS','OPTION_ENCRYPT_PASS','Whether to store passwords encrypted. <b>Warning:</b> Changing this after users have been created will result in their being unable to login.','bool');
|
|
From: Benjamin C. <bc...@us...> - 2002-05-01 12:12:20
|
Update of /cvsroot/phpbt/phpbt/inc
In directory usw-pr-cvs1:/tmp/cvs-serv18890/inc
Modified Files:
functions.php
Log Message:
Fixes bug 550784 - Project getting reset when editing a bug from an inactive project
Index: functions.php
===================================================================
RCS file: /cvsroot/phpbt/phpbt/inc/functions.php,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- functions.php 10 Apr 2002 15:21:07 -0000 1.20
+++ functions.php 1 May 2002 12:12:17 -0000 1.21
@@ -70,9 +70,9 @@
'status' => $querystart.' where sort_order > 0 order by sort_order',
'resolution' => $querystart.' where sort_order > 0 order by sort_order',
'project' => $perm->have_perm('Admin')
- ? $querystart." where active > 0 order by {$box}_name"
+ ? $querystart." where (active > 0 or project_id in ($selected)) order by {$box}_name"
: $querystart." where project_id not in ($restricted_projects)".
- " and active > 0 order by {$box}_name",
+ " and (active > 0 or project_id in ($selected)) order by {$box}_name",
'component' => $querystart." where project_id = $project and active = 1 order by {$box}_name",
'version' => $querystart." where project_id = $project and active = 1 order by {$box}_id desc"
);
|
|
From: Ben C. <php...@be...> - 2002-04-30 15:34:05
|
Perhaps you could post a sample of that changes that you are planning to make, or just make changes to one file, so we can take a look at what you are planning on a large scale. I'm not quite clear from your description below on everything that has change, and I'd like to have a better understanding on that regard. One thing I don't understand is the role the magic quotes play in this. On Mon, Apr 29, 2002 at 01:51:42PM -0000, Jirka Pech wrote: > I tested it heavily and I see a need to change it completely. > > It's not clean, how the strings submitted by a form are handled. Somewhere they are inserted into the database as is. Somewhere they are converted with htmlspecialchars or something similar. > > Here the magic quotes are entering the game. We have to set them to 'on'. And don't convert any string before inserting it into database, because there are 3 cases, in which we are printing out the string. > > One is pure html (text in paragraph etc.) and second is form input. In paragraph, we have _can_ put it unformatted, while in form input we _must_ print it out with double quotes translated into """. Last is textarea, which has no need to slash or translate the quotes. > > There is also problem with using of mail function and conversion of special characters. I think the best way to send e-mail is convert it into quoted-printable, encoded with $STRING['lang_charset']. > > Ugh, it's all. If there are is no reason for not repairing it, please tell me, before I will start with it. > > Jirka > > _______________________________________________ > phpbt-dev mailing list > php...@li... > https://lists.sourceforge.net/lists/listinfo/phpbt-dev |
|
From: Jirka P. <fi...@us...> - 2002-04-29 13:51:52
|
I tested it heavily and I see a need to change it completely. It's not clean, how the strings submitted by a form are handled. Somewhere = they are inserted into the database as is. Somewhere they are converted wit= h htmlspecialchars or something similar. Here the magic quotes are entering the game. We have to set them to 'on'. A= nd don't convert any string before inserting it into database, because ther= e are 3 cases, in which we are printing out the string. One is pure html (text in paragraph etc.) and second is form input. In para= graph, we have _can_ put it unformatted, while in form input we _must_ prin= t it out with double quotes translated into """. Last is textarea, whi= ch has no need to slash or translate the quotes. There is also problem with using of mail function and conversion of special= characters. I think the best way to send e-mail is convert it into quoted-= printable, encoded with $STRING['lang_charset']. Ugh, it's all. If there are is no reason for not repairing it, please tell = me, before I will start with it. Jirka |
|
From: Benjamin C. <bc...@us...> - 2002-04-29 06:36:50
|
Update of /cvsroot/phpbt/phpbt/inc
In directory usw-pr-cvs1:/tmp/cvs-serv10480/inc
Modified Files:
auth.php
Log Message:
Fix session problems with php 4.0.6
Index: auth.php
===================================================================
RCS file: /cvsroot/phpbt/phpbt/inc/auth.php,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- auth.php 3 Apr 2002 01:01:04 -0000 1.14
+++ auth.php 29 Apr 2002 06:36:46 -0000 1.15
@@ -28,9 +28,21 @@
var $classname = 'uauth';
function uauth() {
- global $HTTP_SESSION_VARS;
+ global $HTTP_SESSION_VARS, $group_ids, $uname, $db_fields, $group, $perms,
+ $uid, $exp;
if (!isset($HTTP_SESSION_VARS['group_ids'])) {
+ if (phpversion() <= '4.0.6') {
+ $group_ids = array(0);
+ $uname = '';
+ $db_fields = array();
+ $group = array();
+ $perms = array();
+ $uid = 0;
+ $exp = 0;
+ session_register(array('group_ids', 'uname', 'db_fields', 'group',
+ 'perms', 'uid', 'exp'));
+ }
$HTTP_SESSION_VARS['group_ids'] = array(0);
}
@@ -53,7 +65,8 @@
}
function auth_validatelogin() {
- global $_pv, $db, $select, $emailpass, $emailsuccess, $STRING, $HTTP_SESSION_VARS;
+ global $_pv, $db, $select, $emailpass, $emailsuccess, $STRING,
+ $HTTP_SESSION_VARS, $uid;
extract($_pv);
if (!$username) return 0;
@@ -81,7 +94,7 @@
foreach ($perms as $perm) {
$HTTP_SESSION_VARS['perms'][$perm] = true;
}
- $HTTP_SESSION_VARS['uid'] = $u['user_id'];
+ $HTTP_SESSION_VARS['uid'] = $u['user_id'];
return $u['user_id'];
}
|
|
From: John W. <jp...@us...> - 2002-04-26 19:21:04
|
Ben Curtis wrote: > Please patch inc/auth.php with the attached diff and test the crud out > of it. Thanks. :) Ben, I've done some very limited tests and the patch seems to solve the problem - at least running on PHP 4.0.6 & linux. I stress that my tests really have been limited (been a busy week), but without the patch I had 100% failure with register_globals=on, and that behaviour definately seems to have gone. Well done & thanks. |
|
From: Benjamin C. <bc...@us...> - 2002-04-26 12:02:16
|
Update of /cvsroot/phpbt/phpbt
In directory usw-pr-cvs1:/tmp/cvs-serv20401
Modified Files:
bug.php
Log Message:
Fixes bug #548694
Index: bug.php
===================================================================
RCS file: /cvsroot/phpbt/phpbt/bug.php,v
retrieving revision 1.98
retrieving revision 1.99
diff -u -r1.98 -r1.99
--- bug.php 12 Apr 2002 00:32:48 -0000 1.98
+++ bug.php 26 Apr 2002 12:02:13 -0000 1.99
@@ -216,7 +216,7 @@
));
} else {
$rs->fetchInto($row);
- $t->set_var(array(
+ $t->assign(array(
'oldpostedby' => $row['login'],
'oldpostedon' => date(TIME_FORMAT,$row['created_date']).' on '.
date(DATE_FORMAT,$row['created_date']),
|
|
From: Ben C. <php...@be...> - 2002-04-24 13:00:05
|
Please patch inc/auth.php with the attached diff and test the crud out
of it. Thanks. :)
On Tue, Apr 23, 2002 at 08:12:49PM -0700, Ben Curtis wrote:
> Ok, I may have found a solution... With a quick test it looks like as
> long as the initialization of the session variable happens with
> session_register on a global variable, then all reads and writes to the
> $HTTP_SESSION_VARS array work fine. For example, in inc/auth.php if I
> change the $HTTP_SESSION_VARS['group_ids'] = array(0); line to
> $group_ids = array(0); session_register('group_ids'); then I can read
> and change $HTTP_SESSION_VARS['group_ids'] just fine ($group_ids is
> global). I'm going to test this a bit more and see if it works for all
> the session variables.
>
> On Tue, Apr 23, 2002 at 08:01:38PM -0700, Ben Curtis wrote:
> > This is probably the best long term solution. Now if I had more than
> > five minutes in a week to work on it. :)
> >
> > On Wed, Apr 24, 2002 at 12:13:15AM +0100, John Wilkins wrote:
> > > This one seems to be causing a lot of problems with people!
> > >
> > > The problem (on my server anyway) really seems to be that
> > > assignments to $HTTP_SESSION_VARS['name'] dont work with
> > > regiter_globals 'on', but do with it 'off'.
> > >
> > > ie $HTTP_SESSION_VARS['one'] = "test";
> > >
> > > For information, this is on php 4.0.6 which is the default
> > > with redhat 7.2.
> > >
> > > On more recent versions of php, the $_SESSION looks to be
> > > the way to go. On older versions such as 4.0.6, the old
> > > session_register method works.... The problem seems to
> > > be in trying to find a method that works on both 'old'
> > > and 'new' releases.
> > >
> > > Could a solution - or at least a long-term fix - be to
> > > abstract the session variable assignment into a function
> > > and to code the function to detect the version of php and
> > > use the appropriate method for writing data?? This could
> > > be done in such a way that ONLY the session writing code
> > > is affected - session variable reading seems to work fine
> > > in all cases.
> > >
> > > john
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > phpbt-dev mailing list
> > > php...@li...
> > > https://lists.sourceforge.net/lists/listinfo/phpbt-dev
> >
> > _______________________________________________
> > phpbt-dev mailing list
> > php...@li...
> > https://lists.sourceforge.net/lists/listinfo/phpbt-dev
>
> _______________________________________________
> phpbt-dev mailing list
> php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpbt-dev
|
|
From: Jirka P. <fi...@us...> - 2002-04-24 07:06:28
|
Update of /cvsroot/phpbt/phpbt
In directory usw-pr-cvs1:/tmp/cvs-serv6578/phpbt
Modified Files:
user.php
Log Message:
Variable $error was unitialized. Fixed.
Index: user.php
===================================================================
RCS file: /cvsroot/phpbt/phpbt/user.php,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- user.php 3 Apr 2002 01:00:52 -0000 1.24
+++ user.php 24 Apr 2002 07:06:23 -0000 1.25
@@ -43,8 +43,13 @@
function change_password($pass1, $pass2) {
global $t, $db, $u, $STRING;
- if (!$pass1 = trim($pass1)) $error = $STRING['givepassword'];
- elseif ($pass1 != $pass2) $error = $STRING['passwordmatch'];
+ if (!$pass1 = trim($pass1)) {
+ $error = $STRING['givepassword'];
+ } elseif ($pass1 != $pass2) {
+ $error = $STRING['passwordmatch'];
+ } else {
+ $error = false;
+ }
if ($error) {
show_preferences_form($error);
|
|
From: Ben C. <php...@be...> - 2002-04-24 04:20:46
|
Ok, I may have found a solution... With a quick test it looks like as
long as the initialization of the session variable happens with
session_register on a global variable, then all reads and writes to the
$HTTP_SESSION_VARS array work fine. For example, in inc/auth.php if I
change the $HTTP_SESSION_VARS['group_ids'] = array(0); line to
$group_ids = array(0); session_register('group_ids'); then I can read
and change $HTTP_SESSION_VARS['group_ids'] just fine ($group_ids is
global). I'm going to test this a bit more and see if it works for all
the session variables.
On Tue, Apr 23, 2002 at 08:01:38PM -0700, Ben Curtis wrote:
> This is probably the best long term solution. Now if I had more than
> five minutes in a week to work on it. :)
>
> On Wed, Apr 24, 2002 at 12:13:15AM +0100, John Wilkins wrote:
> > This one seems to be causing a lot of problems with people!
> >
> > The problem (on my server anyway) really seems to be that
> > assignments to $HTTP_SESSION_VARS['name'] dont work with
> > regiter_globals 'on', but do with it 'off'.
> >
> > ie $HTTP_SESSION_VARS['one'] = "test";
> >
> > For information, this is on php 4.0.6 which is the default
> > with redhat 7.2.
> >
> > On more recent versions of php, the $_SESSION looks to be
> > the way to go. On older versions such as 4.0.6, the old
> > session_register method works.... The problem seems to
> > be in trying to find a method that works on both 'old'
> > and 'new' releases.
> >
> > Could a solution - or at least a long-term fix - be to
> > abstract the session variable assignment into a function
> > and to code the function to detect the version of php and
> > use the appropriate method for writing data?? This could
> > be done in such a way that ONLY the session writing code
> > is affected - session variable reading seems to work fine
> > in all cases.
> >
> > john
> >
> >
> >
> >
> > _______________________________________________
> > phpbt-dev mailing list
> > php...@li...
> > https://lists.sourceforge.net/lists/listinfo/phpbt-dev
>
> _______________________________________________
> phpbt-dev mailing list
> php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpbt-dev
|
|
From: Ben C. <php...@be...> - 2002-04-24 04:09:35
|
This is probably the best long term solution. Now if I had more than five minutes in a week to work on it. :) On Wed, Apr 24, 2002 at 12:13:15AM +0100, John Wilkins wrote: > This one seems to be causing a lot of problems with people! > > The problem (on my server anyway) really seems to be that > assignments to $HTTP_SESSION_VARS['name'] dont work with > regiter_globals 'on', but do with it 'off'. > > ie $HTTP_SESSION_VARS['one'] = "test"; > > For information, this is on php 4.0.6 which is the default > with redhat 7.2. > > On more recent versions of php, the $_SESSION looks to be > the way to go. On older versions such as 4.0.6, the old > session_register method works.... The problem seems to > be in trying to find a method that works on both 'old' > and 'new' releases. > > Could a solution - or at least a long-term fix - be to > abstract the session variable assignment into a function > and to code the function to detect the version of php and > use the appropriate method for writing data?? This could > be done in such a way that ONLY the session writing code > is affected - session variable reading seems to work fine > in all cases. > > john > > > > > _______________________________________________ > phpbt-dev mailing list > php...@li... > https://lists.sourceforge.net/lists/listinfo/phpbt-dev |
|
From: John W. <jp...@us...> - 2002-04-23 23:14:20
|
This one seems to be causing a lot of problems with people! The problem (on my server anyway) really seems to be that assignments to $HTTP_SESSION_VARS['name'] dont work with regiter_globals 'on', but do with it 'off'. ie $HTTP_SESSION_VARS['one'] = "test"; For information, this is on php 4.0.6 which is the default with redhat 7.2. On more recent versions of php, the $_SESSION looks to be the way to go. On older versions such as 4.0.6, the old session_register method works.... The problem seems to be in trying to find a method that works on both 'old' and 'new' releases. Could a solution - or at least a long-term fix - be to abstract the session variable assignment into a function and to code the function to detect the version of php and use the appropriate method for writing data?? This could be done in such a way that ONLY the session writing code is affected - session variable reading seems to work fine in all cases. john |
|
From: John W. <jp...@us...> - 2002-04-17 23:08:07
|
I've found a problem with creating a project containing the ampersand (&) character in the title. The & gets converted to an & which in turn gets stored in the database and also displayed back to the user. The same is true of the project description (and probably some other fields I've not found yet). For instance.... Create a new project with the title "A&B Stores" and description "A&B". Hit submit. The returned page will now show "A&B Stores" as the title and A&B as the description..... The database will match what is displayed on the screen. I believe this is caused by htmlspecialchars in the validation code of admin/project.php save_project() (around line 150 onwards). Removing the htmlspecialchars calls (but leaving trim()) seems to fix the problem without having any side affects. The HTML being output when the data is displayed back appears to be correctly converted (ie "A&B" in the database gets sent to the browser as A&B - and gets displayed correctly as A&B). Have I missed anything??? I realise that some chars need to be converted to &something before being sent to the browser, but in this instance the string is going to the database not the brower. I'll submit this change into CVS in a couple of days if no one has a problem with this. john |
2 messages has been excluded from this view by a project administrator.
