[geeklog-cvs] geeklog: Added a notice about the expiry time for the security t...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sat Oct 31 12:05:32 EDT 2009
changeset 7413:5db714583481
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/5db714583481
user: Dirk Haun <dirk at haun-online.de>
date: Sat Oct 31 16:46:46 2009 +0100
description:
Added a notice about the expiry time for the security token (and the potential loss of changes) to most editors.
diffstat:
language/english.php | 3 +-
language/english_utf-8.php | 5 +-
plugins/calendar/autoinstall.php | 6 ++-
plugins/links/autoinstall.php | 6 ++-
plugins/polls/autoinstall.php | 4 ++
plugins/staticpages/autoinstall.php | 4 ++
public_html/admin/block.php | 34 +++++++++++++---
public_html/admin/group.php | 6 ++-
public_html/admin/plugins/calendar/index.php | 14 ++++++-
public_html/admin/plugins/links/category.php | 5 ++-
public_html/admin/plugins/links/index.php | 10 +++-
public_html/admin/plugins/polls/index.php | 46 ++++++++++++----------
public_html/admin/plugins/staticpages/index.php | 12 ++++--
public_html/admin/story.php | 26 +++++-------
public_html/admin/syndication.php | 31 ++++++++++++---
public_html/admin/topic.php | 21 ++++++++++-
public_html/admin/trackback.php | 12 +++++-
public_html/admin/user.php | 10 +++--
public_html/docs/english/theme.html | 4 ++
public_html/docs/history | 9 +++-
system/lib-security.php | 30 +++++++++++++++
21 files changed, 223 insertions(+), 75 deletions(-)
diffs (truncated from 748 to 300 lines):
diff -r 9941e73be2ae -r 5db714583481 language/english.php
--- a/language/english.php Sat Oct 31 13:28:45 2009 +0100
+++ b/language/english.php Sat Oct 31 16:46:46 2009 +0100
@@ -828,7 +828,7 @@
88 => 'Wiki-style format',
89 => 'Meta Description',
90 => 'Meta Keywords',
- 91 => 'You have until %s to make changes. After that time, the security token embedded into this page will expire and you will lose your changes. You can always hit "Preview" to extend the expiry time.'
+ 91 => 'You can always hit "Preview" to extend the expiry time.'
);
@@ -1581,6 +1581,7 @@
'meta_description' => 'Meta Description',
'meta_keywords' => 'Meta Keywords',
'na' => 'N/A'
+ 'token_expiry' => 'You have until %s to make changes. After that time, the security token embedded into this page will expire and you will lose your changes.'
);
# Localisation of the texts for the various drop-down menus that are actually
diff -r 9941e73be2ae -r 5db714583481 language/english_utf-8.php
--- a/language/english_utf-8.php Sat Oct 31 13:28:45 2009 +0100
+++ b/language/english_utf-8.php Sat Oct 31 16:46:46 2009 +0100
@@ -828,7 +828,7 @@
88 => 'Wiki-style format',
89 => 'Meta Description',
90 => 'Meta Keywords',
- 91 => 'You have until %s to make changes. After that time, the security token embedded into this page will expire and you will lose your changes. You can always hit "Preview" to extend the expiry time.'
+ 91 => 'You can always hit "Preview" to extend the expiry time.'
);
@@ -1580,7 +1580,8 @@
'list_all' => 'List all',
'meta_description' => 'Meta Description',
'meta_keywords' => 'Meta Keywords',
- 'na' => 'N/A'
+ 'na' => 'N/A',
+ 'token_expiry' => 'You have until %s to make changes. After that time, the security token embedded into this page will expire and you will lose your changes.'
);
# Localisation of the texts for the various drop-down menus that are actually
diff -r 9941e73be2ae -r 5db714583481 plugins/calendar/autoinstall.php
--- a/plugins/calendar/autoinstall.php Sat Oct 31 13:28:45 2009 +0100
+++ b/plugins/calendar/autoinstall.php Sat Oct 31 16:46:46 2009 +0100
@@ -45,7 +45,7 @@
'pi_name' => $pi_name,
'pi_display_name' => $pi_display_name,
'pi_version' => '1.1.1',
- 'pi_gl_version' => '1.6.0',
+ 'pi_gl_version' => '1.6.1',
'pi_homepage' => 'http://www.geeklog.net/'
);
@@ -133,6 +133,10 @@
return false;
}
+ if (!function_exists('SEC_getTokenExpiryNotice')) {
+ return false;
+ }
+
return true;
}
diff -r 9941e73be2ae -r 5db714583481 plugins/links/autoinstall.php
--- a/plugins/links/autoinstall.php Sat Oct 31 13:28:45 2009 +0100
+++ b/plugins/links/autoinstall.php Sat Oct 31 16:46:46 2009 +0100
@@ -52,7 +52,7 @@
'pi_name' => $pi_name,
'pi_display_name' => $pi_display_name,
'pi_version' => '2.1.0',
- 'pi_gl_version' => '1.6.0',
+ 'pi_gl_version' => '1.6.1',
'pi_homepage' => 'http://www.geeklog.net/'
);
@@ -184,6 +184,10 @@
return false;
}
+ if (!function_exists('SEC_getTokenExpiryNotice')) {
+ return false;
+ }
+
return true;
}
diff -r 9941e73be2ae -r 5db714583481 plugins/polls/autoinstall.php
--- a/plugins/polls/autoinstall.php Sat Oct 31 13:28:45 2009 +0100
+++ b/plugins/polls/autoinstall.php Sat Oct 31 16:46:46 2009 +0100
@@ -146,6 +146,10 @@
return false;
}
+ if (! function_exists('SEC_getTokenExpiryNotice')) {
+ return false;
+ }
+
return true;
}
diff -r 9941e73be2ae -r 5db714583481 plugins/staticpages/autoinstall.php
--- a/plugins/staticpages/autoinstall.php Sat Oct 31 13:28:45 2009 +0100
+++ b/plugins/staticpages/autoinstall.php Sat Oct 31 16:46:46 2009 +0100
@@ -146,6 +146,10 @@
return false;
}
+ if (! function_exists('SEC_getTokenExpiryNotice')) {
+ return false;
+ }
+
return true;
}
diff -r 9941e73be2ae -r 5db714583481 public_html/admin/block.php
--- a/public_html/admin/block.php Sat Oct 31 13:28:45 2009 +0100
+++ b/public_html/admin/block.php Sat Oct 31 16:46:46 2009 +0100
@@ -33,7 +33,20 @@
// | |
// +---------------------------------------------------------------------------+
+/**
+* Block administration page: Create, edit, delete, move, enable/disable blocks
+* for the left and right sidebars of your Geeklog site.
+*
+*/
+
+/**
+* Geeklog common function library
+*/
require_once '../lib-common.php';
+
+/**
+* Security check to ensure user even belongs on this page
+*/
require_once 'auth.inc.php';
// Uncomment the line below if you need to debug the HTTP variables being passed
@@ -94,6 +107,8 @@
$retval .= COM_startBlock ($LANG21[3], '',
COM_getBlockTemplate ('_admin_block', 'header'));
+ $token = SEC_createToken();
+ $retval .= SEC_getTokenExpiryNotice($token);
$block_templates = new Template($_CONF['path_layout'] . 'admin/block');
$block_templates->set_file('editor','defaultblockeditor.thtml');
@@ -164,10 +179,11 @@
$block_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$block_templates->set_var('max_url_length', 255);
$block_templates->set_var('gltoken_name', CSRF_TOKEN);
- $block_templates->set_var('gltoken', SEC_createToken());
+ $block_templates->set_var('gltoken', $token);
$block_templates->parse('output','editor');
+
$retval .= $block_templates->finish($block_templates->get_var('output'));
- $retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer'));
+ $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
@@ -238,14 +254,18 @@
$access = 3;
}
+ $token = SEC_createToken();
+
$block_templates = new Template($_CONF['path_layout'] . 'admin/block');
$block_templates->set_file('editor','blockeditor.thtml');
$block_templates->set_var('site_url', $_CONF['site_url']);
$block_templates->set_var('xhtml', XHTML);
$block_templates->set_var('site_admin_url', $_CONF['site_admin_url']);
$block_templates->set_var('layout_url', $_CONF['layout_url']);
- $block_templates->set_var('start_block_editor', COM_startBlock ($LANG21[3],
- '', COM_getBlockTemplate ('_admin_block', 'header')));
+ $block_start = COM_startBlock($LANG21[3], '',
+ COM_getBlockTemplate('_admin_block', 'header'));
+ $block_start .= LB . SEC_getTokenExpiryNotice($token);
+ $block_templates->set_var('start_block_editor', $block_start);
if (!empty($bid) && SEC_hasrights('block.delete')) {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete']
@@ -354,9 +374,9 @@
$block_templates->set_var ('allow_autotags', '');
}
$block_templates->set_var('gltoken_name', CSRF_TOKEN);
- $block_templates->set_var('gltoken', SEC_createToken());
- $block_templates->set_var ('end_block',
- COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer')));
+ $block_templates->set_var('gltoken', $token);
+ $block_templates->set_var('end_block',
+ COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
$block_templates->parse('output', 'editor');
$retval .= $block_templates->finish($block_templates->get_var('output'));
diff -r 9941e73be2ae -r 5db714583481 public_html/admin/group.php
--- a/public_html/admin/group.php Sat Oct 31 13:28:45 2009 +0100
+++ b/public_html/admin/group.php Sat Oct 31 16:46:46 2009 +0100
@@ -45,7 +45,7 @@
require_once '../lib-common.php';
/**
-* Verifies that current user even has access to the page to this point
+* Security check to ensure user even belongs on this page
*/
require_once 'auth.inc.php';
@@ -128,8 +128,10 @@
$A['grp_gl_core'] = 0;
}
+ $token = SEC_createToken();
$retval .= COM_startBlock($LANG_ACCESS['groupeditor'], '',
COM_getBlockTemplate('_admin_block', 'header'));
+ $retval .= SEC_getTokenExpiryNotice($token);
if (! empty($grp_id)) {
// Groups tied to Geeklog's functionality shouldn't be deleted
@@ -267,7 +269,7 @@
$group_templates->set_var('rights_options',
printrights($grp_id, $A['grp_gl_core']));
$group_templates->set_var('gltoken_name', CSRF_TOKEN);
- $group_templates->set_var('gltoken', SEC_createToken());
+ $group_templates->set_var('gltoken', $token);
$group_templates->parse('output','editor');
$retval .= $group_templates->finish($group_templates->get_var('output'));
$retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer'));
diff -r 9941e73be2ae -r 5db714583481 public_html/admin/plugins/calendar/index.php
--- a/public_html/admin/plugins/calendar/index.php Sat Oct 31 13:28:45 2009 +0100
+++ b/public_html/admin/plugins/calendar/index.php Sat Oct 31 16:46:46 2009 +0100
@@ -32,7 +32,14 @@
// | |
// +---------------------------------------------------------------------------+
+/**
+* Geeklog common function library
+*/
require_once '../../../lib-common.php';
+
+/**
+* Security check to ensure user even belongs on this page
+*/
require_once '../../auth.inc.php';
// Uncomment the line below if you need to debug the HTTP variables being passed
@@ -125,8 +132,11 @@
$event_templates->set_var('post_options', COM_optionList($_TABLES['postmodes'],'code,name',$A['postmode']));
}
+ $token = SEC_createToken();
+
$retval .= COM_startBlock($LANG_CAL_ADMIN[1], '',
- COM_getBlockTemplate ('_admin_block', 'header'));
+ COM_getBlockTemplate('_admin_block', 'header'));
+ $retval .= SEC_getTokenExpiryNotice($token);
if (!empty($A['eid'])) {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete']
@@ -330,7 +340,7 @@
$event_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']));
$event_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$event_templates->set_var('gltoken_name', CSRF_TOKEN);
- $event_templates->set_var('gltoken', SEC_createToken());
+ $event_templates->set_var('gltoken', $token);
$event_templates->parse('output', 'editor');
$retval .= $event_templates->finish($event_templates->get_var('output'));
$retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer'));
diff -r 9941e73be2ae -r 5db714583481 public_html/admin/plugins/links/category.php
--- a/public_html/admin/plugins/links/category.php Sat Oct 31 13:28:45 2009 +0100
+++ b/public_html/admin/plugins/links/category.php Sat Oct 31 16:46:46 2009 +0100
@@ -210,8 +210,11 @@
return COM_showMessage(6, 'links');
}
+ $token = SEC_createToken();
+
$retval .= COM_startBlock($LANG_LINKS_ADMIN[56], '',
COM_getBlockTemplate('_admin_block', 'header'));
+ $retval .= SEC_getTokenExpiryNotice($token);
$T = new Template($_CONF['path'] . 'plugins/links/templates/admin');
$T->set_file(array('page' => 'categoryeditor.thtml'));
@@ -299,7 +302,7 @@
$T->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$T->set_var('lang_lockmsg', $LANG_ACCESS['permmsg']);
$T->set_var('gltoken_name', CSRF_TOKEN);
- $T->set_var('gltoken', SEC_createToken());
+ $T->set_var('gltoken', $token);
$T->parse('output', 'page');
$retval .= $T->finish($T->get_var('output'));
diff -r 9941e73be2ae -r 5db714583481 public_html/admin/plugins/links/index.php
--- a/public_html/admin/plugins/links/index.php Sat Oct 31 13:28:45 2009 +0100
+++ b/public_html/admin/plugins/links/index.php Sat Oct 31 16:46:46 2009 +0100
@@ -150,8 +150,12 @@
SEC_setDefaultPermissions ($A, $_LI_CONF['default_permissions']);
$access = 3;
}
More information about the geeklog-cvs
mailing list