gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2024-11-26 15:32:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'seeddms-5.1.x' into seeddms-6.0.x

Browse Source
This commit is contained in:
Uwe Steinmann 2024-01-11 10:10:12 +01:00
commit 023e2c3edf
7 changed files with 33 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG
View File

@ -294,6 +294,7 @@
- minor improvements in restapi - minor improvements in restapi
- update layout of tab for attachments - update layout of tab for attachments
- remove session when calling logout of restapi - remove session when calling logout of restapi
- fix some potential security issues
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
Changes in version 5.1.32 Changes in version 5.1.32

8
inc/inc.ClassControllerCommon.php
View File

@ -73,7 +73,13 @@ class SeedDMS_Controller_Common {
if(!$this->callHook('preRun', get_class($this), $action ? $action : 'run')) { if(!$this->callHook('preRun', get_class($this), $action ? $action : 'run')) {
if($action) { if($action) {
if(method_exists($this, $action)) { if(method_exists($this, $action)) {
return $this->{$action}(); $refl = new ReflectionMethod($this, $action);
if($refl->isPublic())
return $this->{$action}();
else {
echo "Action '".$action."' not public";
return false;
}
} else { } else {
echo "Missing action '".$action."'"; echo "Missing action '".$action."'";
return false; return false;

8
inc/inc.ClassViewCommon.php
View File

@ -69,7 +69,13 @@ class SeedDMS_View_Common {
if(!$this->callHook('preRun', get_class($this), $action ? $action : 'show')) { if(!$this->callHook('preRun', get_class($this), $action ? $action : 'show')) {
if($action) { if($action) {
if(method_exists($this, $action)) { if(method_exists($this, $action)) {
$this->{$action}(); $refl = new ReflectionMethod($this, $action);
if($refl->isPublic())
$this->{$action}();
else {
echo "Action '".$action."' not public";
return false;
}
} else { } else {
echo "Missing action '".htmlspecialchars($action)."'"; echo "Missing action '".htmlspecialchars($action)."'";
} }

2
inc/inc.Utils.php
View File

@ -975,7 +975,7 @@ function seed_pass_hash($password) { /* {{{ */
* @return string hashed password * @return string hashed password
*/ */
function seed_pass_verify($password, $hash) { /* {{{ */ function seed_pass_verify($password, $hash) { /* {{{ */
return $hash == md5($password); return $hash === md5($password);
} /* }}} */ } /* }}} */
function resolveTask($task) { /* {{{ */ function resolveTask($task) { /* {{{ */

7
op/op.Login.php
View File

@ -82,6 +82,7 @@ else if (isset($_GET["referuri"]) && strlen($_GET["referuri"])>0) {
add_log_line(); add_log_line();
$controller->setParam('action', 'run'); // Force action run to be called, prevents overriding action with url parameter
$controller->setParam('login', $login); $controller->setParam('login', $login);
$controller->setParam('pwd', $pwd); $controller->setParam('pwd', $pwd);
$controller->setParam('source', 'web'); $controller->setParam('source', 'web');
@ -98,6 +99,12 @@ if(!$controller()) {
} }
$user = $controller->getUser(); $user = $controller->getUser();
if(!$user) {
$session = null;
add_log_line("login failed", PEAR_LOG_ERR);
_printMessage(getMLText('login_error_text'), getMLText('login_error_text')."\n");
exit;
}
if (isset($referuri) && strlen($referuri)>0) { if (isset($referuri) && strlen($referuri)>0) {
header("Location: " . getBaseUrl() . $referuri); header("Location: " . getBaseUrl() . $referuri);

4
package.json
View File

@ -26,7 +26,7 @@
"grunt-contrib-clean": "^2.0.0", "grunt-contrib-clean": "^2.0.0",
"grunt-contrib-copy": "^1.0.0", "grunt-contrib-copy": "^1.0.0",
"jqtree": "^1.5.1", "jqtree": "^1.5.1",
"jquery": "^1.12.4", "jquery": "^3.7.1",
"jquery-typeahead": "^2.11.1", "jquery-typeahead": "^2.11.1",
"jquery-validation": "^1.19.2", "jquery-validation": "^1.19.2",
"moment": "^2.29.1", "moment": "^2.29.1",
@ -35,7 +35,7 @@
"perfect-scrollbar": "^1.5.0", "perfect-scrollbar": "^1.5.0",
"popper.js": "^1.16.1", "popper.js": "^1.16.1",
"select2": "^4.0.13", "select2": "^4.0.13",
"spectrum-colorpicker2": "^2.0.8", "spectrum-colorpicker2": "^2.0.10",
"vis-timeline": "^7.4.7" "vis-timeline": "^7.4.7"
} }
} }

8
webdav/webdav.php
View File

@ -173,6 +173,7 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
$controller = Controller::factory('Login', array('dms'=>$this->dms)); $controller = Controller::factory('Login', array('dms'=>$this->dms));
$controller->setParam('authenticator', $this->authenticator); $controller->setParam('authenticator', $this->authenticator);
$controller->setParam('action', 'run');
$controller->setParam('login', $user); $controller->setParam('login', $user);
$controller->setParam('pwd', $pass); $controller->setParam('pwd', $pass);
$controller->setParam('lang', $this->settings->_language); $controller->setParam('lang', $this->settings->_language);
@ -190,6 +191,13 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
$this->logger->log('check_auth: type='.$type.', user='.$user.' authenticated', PEAR_LOG_INFO); $this->logger->log('check_auth: type='.$type.', user='.$user.' authenticated', PEAR_LOG_INFO);
$this->user = $controller->getUser(); $this->user = $controller->getUser();
if(!$this->user) {
if($this->logger) {
$this->logger->log($controller->getErrorMsg(), PEAR_LOG_NOTICE);
$this->logger->log('check_auth: error authenicating user '.$user, PEAR_LOG_NOTICE);
}
return false;
}
return true; return true;
} /* }}} */ } /* }}} */