| [vhffs-dev] [957] Realname was forgotten while moderating the object, fixed. |
[ Thread Index |
Date Index
| More vhffs.org/vhffs-dev Archives
]
Revision: 957
Author: gradator
Date: 2007-10-04 13:21:43 +0000 (Thu, 04 Oct 2007)
Log Message:
-----------
Realname was forgotten while moderating the object, fixed. There were an XSS vulnerabilty in public/lastsgroups.pl, fixed. Verify that the first letter of groupname and realname are the same to prevent strange behavior in public part of the panel, done.
Modified Paths:
--------------
trunk/vhffs-api/src/Vhffs/Group.pm
trunk/vhffs-panel/group/create.pl
trunk/vhffs-panel/group/prefs.pl
trunk/vhffs-public/lastgroups.pl
Modified: trunk/vhffs-api/src/Vhffs/Group.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Group.pm 2007-10-02 22:26:38 UTC (rev 956)
+++ trunk/vhffs-api/src/Vhffs/Group.pm 2007-10-04 13:21:43 UTC (rev 957)
@@ -684,7 +684,7 @@
sub fill_object {
my ($class, $obj) = @_;
- my $sql = q{SELECT gid, groupname, passwd, quota, quota_used FROM
+ my $sql = q{SELECT gid, groupname, realname, passwd, quota, quota_used FROM
vhffs_groups WHERE object_id = ?};
return $class->SUPER::_fill_object($obj, $sql);
}
Modified: trunk/vhffs-panel/group/create.pl
===================================================================
--- trunk/vhffs-panel/group/create.pl 2007-10-02 22:26:38 UTC (rev 956)
+++ trunk/vhffs-panel/group/create.pl 2007-10-04 13:21:43 UTC (rev 957)
@@ -65,6 +65,10 @@
$panel->add_error( gettext('Groupname must contain between 3 and 12 characters, only letters or numbers in lower case') );
} elsif( $description =~ /^\s*$/ ) {
$panel->add_error( gettext('You must enter a description') );
+ } elsif( $realname =~ /^\s*$/ ) {
+ $panel->add_error( gettext('You must enter a full name') );
+ } elsif( substr($groupname,0,1) ne lc substr($realname,0,1) ) {
+ $panel->add_error( gettext('The first letter of groupname and full name must be the same') );
} elsif( ! defined(my $group = Vhffs::Panel::Group::create_group( $groupname , $realname, $user , $vhffs, $description ) ) ) {
$panel->add_error( gettext('Error creating group (maybe a group with the same name already exists)') );
} else {
Modified: trunk/vhffs-panel/group/prefs.pl
===================================================================
--- trunk/vhffs-panel/group/prefs.pl 2007-10-02 22:26:38 UTC (rev 956)
+++ trunk/vhffs-panel/group/prefs.pl 2007-10-04 13:21:43 UTC (rev 957)
@@ -90,8 +90,10 @@
$panel->add_error( gettext('CGI error') );
} elsif( $description =~ /^\s*$/ ) {
$panel->add_error( gettext('You must enter a description') );
- } elsif( $realname eq '' ) {
- $panel->add_error( gettext('You must enter a real name') );
+ } elsif( $realname =~ /^\s*$/ ) {
+ $panel->add_error( gettext('You must enter a full name') );
+ } elsif( substr($group->get_groupname,0,1) ne lc substr($realname,0,1) ) {
+ $panel->add_error( gettext('The first letter of groupname and full name must be the same') );
} else {
$group->set_description($description);
$group->set_realname($realname);
Modified: trunk/vhffs-public/lastgroups.pl
===================================================================
--- trunk/vhffs-public/lastgroups.pl 2007-10-02 22:26:38 UTC (rev 956)
+++ trunk/vhffs-public/lastgroups.pl 2007-10-04 13:21:43 UTC (rev 957)
@@ -68,7 +68,7 @@
{
$template = new HTML::Template( filename => $templatedir."/public/misc/lastgroups-part.tmpl" );
- $template->param( VALUE_REALNAME => $group->get_realname );
+ $template->param( VALUE_REALNAME => CGI::escapeHTML( $group->get_realname ) );
$template->param( TEXT_GROUPNAME => gettext("Groupname") );
$template->param( VALUE_GROUPNAME => $group->get_groupname );