[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] [21271] Fixing a fix for bug #5313, which is not work
From: |
Caeies |
Subject: |
[Phpgroupware-cvs] [21271] Fixing a fix for bug #5313, which is not working in case your install didn' t have any anonymous account |
Date: |
Wed, 02 Jun 2010 13:13:54 +0000 |
Revision: 21271
http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=21271
Author: Caeies
Date: 2010-06-02 13:13:53 +0000 (Wed, 02 Jun 2010)
Log Message:
-----------
Fixing a fix for bug #5313, which is not working in case your install didn't
have any anonymous account
Ticket Links:
:-----------
http://savannah.gnu.org/bugs/?5313
Modified Paths:
--------------
modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG
modules/phpgwapi/branches/branch_0_9_16/inc/class.sessions.inc.php
Modified: modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG
===================================================================
--- modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG 2010-06-02
12:06:42 UTC (rev 21270)
+++ modules/phpgwapi/branches/branch_0_9_16/doc/CHANGELOG 2010-06-02
13:13:53 UTC (rev 21271)
@@ -4,8 +4,9 @@
phpgwapi :
- fix the crypto class to avoid a problem with empty strings
generated by tabs in addressbook.
This is a follow up of the previous security fix.
+ - fix a problem occuring on site offering demos with non
anonymous accounts ... this is the case of opencms.
+ Not sure if this is a good practice or not. Need to be
discussed.
-
[0.9.16.016]
Security Fixes, Most Credits go to VUPEN Security for pointing them out
:
- CVE-2010-0403 Local file inclusion.
Modified: modules/phpgwapi/branches/branch_0_9_16/inc/class.sessions.inc.php
===================================================================
--- modules/phpgwapi/branches/branch_0_9_16/inc/class.sessions.inc.php
2010-06-02 12:06:42 UTC (rev 21270)
+++ modules/phpgwapi/branches/branch_0_9_16/inc/class.sessions.inc.php
2010-06-02 13:13:53 UTC (rev 21271)
@@ -646,9 +646,9 @@
if ( !$blocked && ($false_id = $this->db->f(0)) >=
$GLOBALS['phpgw_info']['server']['num_unsuccessful_id'])
{
$acct_id =
$GLOBALS['phpgw']->accounts->name2id($login);
- $anon_users =
array_flip($GLOBALS['phpgw']->acl->get_ids_for_location('anonymous',1,'phpgwapi'));
+ $anon_users =
$GLOBALS['phpgw']->acl->get_ids_for_location('anonymous',1,'phpgwapi');
//echo "acct_id == $acct_id<br
/>anon_users<pre>" . print_r($anon_users, true) . '</pre>in_array == ' .
intval( !is_array($anon_users) || !isset($anon_users[$acct_id]) );
- if ( !is_array($anon_users) ||
!isset($anon_users[$acct_id]) )
+ if ( !is_array($anon_users) || (($anon_users =
array_flip($anon_users)) && !isset($anon_users[$acct_id])) )
{
//echo "<p>login_blocked:
login='$login' ".$this->db->f(0)." tries
(".$GLOBALS['phpgw_info']['server']['num_unsuccessful_id']." max.) since
".date('Y/m/d H:i',$block_time)."</p>\n";
$blocked = True;
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] [21271] Fixing a fix for bug #5313, which is not working in case your install didn' t have any anonymous account,
Caeies <=