[Fusionforge-commits] FusionForge branch Branch_5_3 updated. 78a6eed0ccc24d58ead1fcb2d0aa1279388bbc39

Thorsten Glaser mirabilos at fusionforge.org
Tue Jun 17 10:38:30 CEST 2014


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".

The branch, Branch_5_3 has been updated
       via  78a6eed0ccc24d58ead1fcb2d0aa1279388bbc39 (commit)
       via  1c98ff1c2941f4abef0e8c7ed9c7d45c90d0c5da (commit)
       via  6be8b27afec159ac80da91db604ef5f910554574 (commit)
       via  3004b6903bb4f5ccbdd054be466b0ca50e833250 (commit)
       via  4c39665a5e8281bb4932931eb9a1d2b1372087cf (commit)
       via  dad37574492789add570afbc0b6166e0be0bdf86 (commit)
       via  46457e98aba26896b26e30d734ba720984074091 (commit)
      from  b5e43cd88eb211f1d34da9942459ae119ae3141c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 78a6eed0ccc24d58ead1fcb2d0aa1279388bbc39
Merge: b5e43cd 1c98ff1
Author: Thorsten Glaser <t.glaser at tarent.de>
Date:   Tue Jun 17 10:37:31 2014 +0200

    Merge branch 'Branch_5_2' into Branch_5_3

diff --cc src/common/include/session.php
index bbe2e49,7febc7e..3d193be
--- a/src/common/include/session.php
+++ b/src/common/include/session.php
@@@ -405,35 -404,34 +405,43 @@@ function session_cookie($name, $value, 
   *	@param		string	Absolute URI
   *	@return never returns
   */
- function session_redirect_uri($loc) {
 -function session_redirect_external($url) {
 -	session_redirect_uri($url, false);
 -}
+ function session_redirect_uri($loc, $permanent=true) {
 +	util_save_messages();
- 	sysdebug_off("Status: 301 Moved Permanently", true, 301);
+ 	if ($permanent)
+ 		sysdebug_off("Status: 301 Moved Permanently", true, 301);
+ 	else
+ 		sysdebug_off("Status: 303 See Other", true, 303);
  	header("Location: ${loc}", true);
- 	echo "\nPlease go to ${loc} instead!\n";
+ 	header("Content-type: text/html");
+ 	echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"' .
+ 	    ' "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">' . "\n" .
+ 	    '<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head>' .
+ 	    "\n <title>Redirection</title>\n</head><body>\n" .
+ 	    "<p>Please go to " . html_e('a', array(
+ 		'href' => $loc,
+ 	    ), util_html_encode($loc)) . " instead!</p>\n</body></html>\n";
  	exit;
  }
  
  /**
 - *	session_redirect() - Redirect browser within the site
 + * session_redirect() - Redirect browser within the site and exit.
   *
 - *	@param		string	Absolute path within the site
 - *	@return never returns
 + * @param  string $loc    Absolute path within the site
   */
- function session_redirect($loc) {
- 	session_redirect_uri(util_make_url($loc));
+ function session_redirect($loc, $permanent=true) {
+ 	session_redirect_uri(util_make_url($loc), $permanent);
 +	exit;
 +}
 +
 +/**
 + *	session_redirect_external() - Redirect browser to a (potentially external) URL
 + *
 + *	@param		string	Absolute URL, not necessarily within the site
 + *	@return never returns
 + */
 +function session_redirect_external($url) {
 +	util_save_messages();
- 	header('Location: '.$url);
- 	print("\n\n");
- 	exit;
++	session_redirect_uri($url, false);
  }
  
  /**
diff --cc src/www/tracker/download.php
index 4d0bb40,f20fc73..5df0a2c
--- a/src/www/tracker/download.php
+++ b/src/www/tracker/download.php
@@@ -58,9 -59,11 +58,11 @@@ if (!$ah || !is_object($ah)) 
  		exit_error($afh->getErrorMessage(),'tracker');
  	} else {
  		Header('Content-disposition: filename="'.str_replace('"', '', $afh->getName()).'"');
- 		Header("Content-type: ".$afh->getType());
+ 		/* SECURITY: do not serve as $afh->getType() but application/octet-stream */
+ 		header('X-Content-Type-Options: nosniff');
+ 		header('Content-Type: application/octet-stream');
 -		echo $afh->getData();
 +		header("Content-length: ".$afh->getSize());
 +
 +		readfile_chunked($afh->getFile());
  	}
  }
 -
 -?>

-----------------------------------------------------------------------

Summary of changes:
 src/common/include/exit.php    |    3 ++-
 src/common/include/session.php |   24 ++++++++++++++++--------
 src/www/tracker/download.php   |    4 +++-
 3 files changed, 21 insertions(+), 10 deletions(-)


hooks/post-receive
-- 
FusionForge



More information about the Fusionforge-commits mailing list