mirror of
https://git.code.sf.net/p/seeddms/code
synced 2024-11-26 15:32:13 +00:00
Merge branch 'seeddms-5.1.x' into seeddms-6.0.x
This commit is contained in:
commit
023e2c3edf
|
@ -294,6 +294,7 @@
|
|||
- minor improvements in restapi
|
||||
- update layout of tab for attachments
|
||||
- remove session when calling logout of restapi
|
||||
- fix some potential security issues
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
Changes in version 5.1.32
|
||||
|
|
|
@ -73,7 +73,13 @@ class SeedDMS_Controller_Common {
|
|||
if(!$this->callHook('preRun', get_class($this), $action ? $action : 'run')) {
|
||||
if($action) {
|
||||
if(method_exists($this, $action)) {
|
||||
$refl = new ReflectionMethod($this, $action);
|
||||
if($refl->isPublic())
|
||||
return $this->{$action}();
|
||||
else {
|
||||
echo "Action '".$action."' not public";
|
||||
return false;
|
||||
}
|
||||
} else {
|
||||
echo "Missing action '".$action."'";
|
||||
return false;
|
||||
|
|
|
@ -69,7 +69,13 @@ class SeedDMS_View_Common {
|
|||
if(!$this->callHook('preRun', get_class($this), $action ? $action : 'show')) {
|
||||
if($action) {
|
||||
if(method_exists($this, $action)) {
|
||||
$refl = new ReflectionMethod($this, $action);
|
||||
if($refl->isPublic())
|
||||
$this->{$action}();
|
||||
else {
|
||||
echo "Action '".$action."' not public";
|
||||
return false;
|
||||
}
|
||||
} else {
|
||||
echo "Missing action '".htmlspecialchars($action)."'";
|
||||
}
|
||||
|
|
|
@ -975,7 +975,7 @@ function seed_pass_hash($password) { /* {{{ */
|
|||
* @return string hashed password
|
||||
*/
|
||||
function seed_pass_verify($password, $hash) { /* {{{ */
|
||||
return $hash == md5($password);
|
||||
return $hash === md5($password);
|
||||
} /* }}} */
|
||||
|
||||
function resolveTask($task) { /* {{{ */
|
||||
|
|
|
@ -82,6 +82,7 @@ else if (isset($_GET["referuri"]) && strlen($_GET["referuri"])>0) {
|
|||
|
||||
add_log_line();
|
||||
|
||||
$controller->setParam('action', 'run'); // Force action run to be called, prevents overriding action with url parameter
|
||||
$controller->setParam('login', $login);
|
||||
$controller->setParam('pwd', $pwd);
|
||||
$controller->setParam('source', 'web');
|
||||
|
@ -98,6 +99,12 @@ if(!$controller()) {
|
|||
}
|
||||
|
||||
$user = $controller->getUser();
|
||||
if(!$user) {
|
||||
$session = null;
|
||||
add_log_line("login failed", PEAR_LOG_ERR);
|
||||
_printMessage(getMLText('login_error_text'), getMLText('login_error_text')."\n");
|
||||
exit;
|
||||
}
|
||||
|
||||
if (isset($referuri) && strlen($referuri)>0) {
|
||||
header("Location: " . getBaseUrl() . $referuri);
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
"grunt-contrib-clean": "^2.0.0",
|
||||
"grunt-contrib-copy": "^1.0.0",
|
||||
"jqtree": "^1.5.1",
|
||||
"jquery": "^1.12.4",
|
||||
"jquery": "^3.7.1",
|
||||
"jquery-typeahead": "^2.11.1",
|
||||
"jquery-validation": "^1.19.2",
|
||||
"moment": "^2.29.1",
|
||||
|
@ -35,7 +35,7 @@
|
|||
"perfect-scrollbar": "^1.5.0",
|
||||
"popper.js": "^1.16.1",
|
||||
"select2": "^4.0.13",
|
||||
"spectrum-colorpicker2": "^2.0.8",
|
||||
"spectrum-colorpicker2": "^2.0.10",
|
||||
"vis-timeline": "^7.4.7"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -173,6 +173,7 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
|
|||
|
||||
$controller = Controller::factory('Login', array('dms'=>$this->dms));
|
||||
$controller->setParam('authenticator', $this->authenticator);
|
||||
$controller->setParam('action', 'run');
|
||||
$controller->setParam('login', $user);
|
||||
$controller->setParam('pwd', $pass);
|
||||
$controller->setParam('lang', $this->settings->_language);
|
||||
|
@ -190,6 +191,13 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
|
|||
$this->logger->log('check_auth: type='.$type.', user='.$user.' authenticated', PEAR_LOG_INFO);
|
||||
|
||||
$this->user = $controller->getUser();
|
||||
if(!$this->user) {
|
||||
if($this->logger) {
|
||||
$this->logger->log($controller->getErrorMsg(), PEAR_LOG_NOTICE);
|
||||
$this->logger->log('check_auth: error authenicating user '.$user, PEAR_LOG_NOTICE);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
} /* }}} */
|
||||
|
|
Loading…
Reference in New Issue
Block a user