[Fusionforge-commits] FusionForge branch master updated. a3e0402d7b5f93765658cea2baaf7bcd9ea74ace

Roland Mas lolando at fusionforge.org
Fri Apr 19 17:00:49 CEST 2013


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".

The branch, master has been updated
       via  a3e0402d7b5f93765658cea2baaf7bcd9ea74ace (commit)
       via  16624c5917bc3ba475a436b608101cf872f3e567 (commit)
       via  7482f59773e9d549fb61a46646fcf37626904ae6 (commit)
       via  174fdc2daae367cd7eddbe1ba699bcb0d2428d66 (commit)
       via  27f438cd7a0e1bb75b70d41bfe1965ea3eeef0fd (commit)
       via  59de9277c97057d4a8c2d2bacbf2106a723e4abb (commit)
       via  680b10d70c414c81f315aa7a8f39a0a1b6bd08b7 (commit)
       via  06d7c19cc612d171c5a4e912819cedc5cc6f71e4 (commit)
       via  d51f791179ba306bbd89402afcf8d10a7d5d0076 (commit)
       via  301307588a2f993469259da390522c07bfb2b1da (commit)
       via  c690a34ea1132d5494f5d32d5501728c8b76f2dd (commit)
       via  5f0ff834ea4e339f3c519bc564165cfcf07f0621 (commit)
       via  97871aec7fc69b4f756ebeac947a7c0d4280d660 (commit)
       via  b68668f9378e2cce56c754e744e67bf425213de0 (commit)
       via  27d80f978cf4a69d477c795690c1a959259f9a60 (commit)
       via  a983f2c0273781b775bc67ff7bdcd4fbfe3ce2e9 (commit)
       via  ec3dd118e48d69b34ab78bc01ee8215a3dbe3db1 (commit)
       via  533b679467e38584ee2cf29201df6b5b878c0514 (commit)
      from  3885ffbd82fab949bbac67b004813d90c9602109 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a3e0402d7b5f93765658cea2baaf7bcd9ea74ace
Merge: 3885ffb 16624c5
Author: Roland Mas <lolando at debian.org>
Date:   Fri Apr 19 16:59:45 2013 +0200

    Merged from 5.1 (via 5.2)

diff --cc src/common/include/session.php
index 792ea80,a090d2e..860ee06
--- a/src/common/include/session.php
+++ b/src/common/include/session.php
@@@ -49,16 -51,24 +51,25 @@@ function session_build_session_token($u
  	if (!$user_id) {
  		return '';
  	}
+ 	return session_build_session_cookie($user_id);
+ }
 +
- 	$session_serial = $user_id.'-*-'.time().'-*-'.getStringFromServer('REMOTE_ADDR').'-*-'.getStringFromServer('HTTP_USER_AGENT');
- 	$session_serial_hash = md5($session_serial.forge_get_config('session_key'));
- 	$session_serial_token = base64_encode($session_serial).'-*-'.$session_serial_hash;
- 	/*
- 	 * TODO: would be better to use HMAC-SHA256 via
- 	 * http://www.php.net/manual/en/function.hash-hmac.php
- 	 * or do this using Keccak (SHA-3) which is its own MAC
- 	 */
- 	return $session_serial_token;
+ function session_build_session_cookie($user_id) {
+ 	$session_cookie_data = array(
+ 		$user_id,
+ 		getStringFromServer('REMOTE_ADDR'),
+ 		getStringFromServer('HTTP_USER_AGENT'),
+ 	    );
+ 	$session_cookie = "" . time();
+ 	foreach ($session_cookie_data as $s) {
+ 		/* for escaping; this is not really HTML */
+ 		$session_cookie .= '<' . util_html_encode($s);
+ 	}
+ 	$session_cookie_hmac = hash_hmac("sha256", $session_cookie,
+ 	    forge_get_config('session_key'), true);
+ 	$session_serial_cookie = base64_encode($session_cookie) . '!' .
+ 	    base64_encode($session_cookie_hmac);
+ 	return $session_serial_cookie;
  }
  
  /**
@@@ -334,39 -369,51 +370,65 @@@ function session_issecure() 
   *	@param		string	Value of cookie
   *	@param		string	Domain scope (default '')
   *	@param		string	Expiration time in UNIX seconds (default 0)
-  *	@return true/false
   */
- function session_set_cookie($name ,$value, $domain = '', $expiration = 0) {
- 	if (php_sapi_name() != 'cli') {
- 		if ( $expiration != 0){
- 			setcookie($name, $value, time() + $expiration, '/', $domain, 0);
- 		} else {
- 			setcookie($name, $value, $expiration, '/', $domain, 0);
- 		}
+ function session_set_cookie($name, $value, $domain='', $expiration=0) {
+ 	return session_cookie($name, $value, $domain, $expiration);
+ }
+ function session_cookie($name, $value, $domain='', $expiration=0) {
+ 	if (php_sapi_name() == 'cli') {
+ 		return;
+ 	}
+ 	if ($expiration) {
+ 		$expiration = time() + $expiration;
+ 	}
+ 	/* evolvis: force secure (SSL-only) session cookies */
+ 	//$force_secure = true;
+ 	/* not (yet?) in FusionForge */
+ 	$force_secure = false;
+ 	if ($force_secure && !session_issecure()) {
+ 		return;
  	}
+ 	setcookie($name, $value, $expiration, '/', $domain, $force_secure, true);
+ }
+ 
+ /**
+  *	session_redirect_uri() - Redirect browser
+  *
+  *	@param		string	Absolute URI
+  *	@return never returns
+  */
+ function session_redirect_external($url) {
+ 	session_redirect_uri($url);
+ }
+ function session_redirect_uri($loc) {
++	util_save_messages();
+ 	sysdebug_off("Status: 301 Moved Permanently", true, 301);
+ 	header("Location: ${loc}", true);
+ 	echo "\nPlease go to ${loc} instead!\n";
+ 	exit;
  }
  
  /**
 - *	session_redirect() - Redirect browser within the site
 + * session_redirect() - Redirect browser within the site and exit.
   *
 - *	@param		string	Absolute path within the site
 - *	@return never returns
 + * @param  string $loc    Absolute path within the site
   */
  function session_redirect($loc) {
- 	util_save_messages();
- 	session_redirect_external(util_make_url ($loc));
+ 	session_redirect_uri(util_make_url($loc));
 +	exit;
 +}
 +
 +/**
 + *	session_redirect_external() - Redirect browser to a (potentially external) URL
 + *
 + *	@param		string	Absolute URL, not necessarily within the site
 + *	@return never returns
 + */
 +function session_redirect_external($url) {
++	util_save_messages();
 +	header('Location: '.$url);
 +	print("\n\n");
 +	exit;
  }
  
  /**

-----------------------------------------------------------------------

Summary of changes:
 src/COPYING.php                               |    2 +-
 src/{www => common}/DTD/xhtml10t-rdfa10.dtd   |    0
 src/common/include/session.php                |  337 +++++++++++++++----------
 src/cronjobs/homedirs.php                     |  169 +++++++------
 src/deb-specific/group_dump_update.pl         |   51 ++--
 src/deb-specific/ssh_dump_update.pl           |    2 +-
 src/deb-specific/user_dump_update.pl          |    2 +-
 src/plugins/scmgit/common/GitPlugin.class.php |    4 +-
 src/utils/include.pl                          |   89 ++++---
 src/www/DTD                                   |    1 +
 10 files changed, 384 insertions(+), 273 deletions(-)
 rename src/{www => common}/DTD/xhtml10t-rdfa10.dtd (100%)
 create mode 120000 src/www/DTD


hooks/post-receive
-- 
FusionForge



More information about the Fusionforge-commits mailing list