Keep enough to work on disk to last between
@@ -339,11 +342,21 @@ function venue_update($user) {
//
function prefs_global_parse_form(&$prefs) {
parse_str(getenv("QUERY_STRING"));
+
$prefs->run_on_batteries = ($run_on_batteries == "yes");
$prefs->run_if_user_active = ($run_if_user_active == "yes");
- $prefs->confirm_before_connecting = isset($confirm_before_connecting)?1:0;
+ $prefs->confirm_before_connecting = ($confirm_before_connecting == "yes");
+
+ if ($low_water_days<0) $low_water_days = 0;
+ if ($high_water_days<0) $high_water_days = 0;
+ if ($low_water_days > $high_water_days) $low_water_days = $high_water_days;
$prefs->low_water_days = $low_water_days;
$prefs->high_water_days = $high_water_days;
+
+ if ($disk_max_used_gb<0) $disk_max_used_gb = 0;
+ if ($disk_max_used_pct<0) $disk_max_used_pct = 0;
+ if ($disk_max_used_pct>100) $disk_max_used_pct = 100;
+ if ($disk_min_free_gb<0) $disk_min_free_gb = 0;
$prefs->disk_max_used_gb = $disk_max_used_gb;
$prefs->disk_max_used_pct = $disk_max_used_pct;
$prefs->disk_min_free_gb = $disk_min_free_gb;
@@ -401,9 +414,14 @@ function project_prefs_make_xml($prefs) {
if ($prefs->send_email == 1) {
$xml = $xml."\n";
}
- $xml = $xml
- ."$prefs->resource_share\n"
- ."\n$prefs->project_specific\n";
+ if ($prefs->resource_share) {
+ $xml = $xml
+ ."$prefs->resource_share\n";
+ }
+ if ($prefs->project_specific) {
+ $xml = $xml
+ ."\n$prefs->project_specific\n";
+ }
$xml = $xml."\n";
return $xml;
}
diff --git a/html/user/project.inc b/html/user/project.inc
index 47d8945cea..0494a8e36a 100755
--- a/html/user/project.inc
+++ b/html/user/project.inc
@@ -1,5 +1,7 @@
$name\n";
}
+function project_specific_prefs_default() {
+ return "Tahiti Sunset\n";
+}
+
// given struct, show form for editing
//
function project_specific_prefs_edit($prefs) {
diff --git a/html/user/sanitize_html.inc b/html/user/sanitize_html.inc
new file mode 100644
index 0000000000..8d4cbd469c
--- /dev/null
+++ b/html/user/sanitize_html.inc
@@ -0,0 +1,105 @@
+
+ Array(
+ '/target/i',
+ '/^on.*/i',
+ '/^dynsrc/i',
+ '/^datasrc/i',
+ '/^data.*/i'
+ )
+ );
+
+/**
+ * Yeah-yeah, so this looks horrible. Check out htmlfilter.inc for
+ * some idea of what's going on here. :)
+ */
+
+$bad_attvals = Array(
+ '/.*/' =>
+ Array(
+ '/.*/' =>
+ Array(
+ Array(
+ '/^([\'\"])\s*\S+\s*script\s*:*(.*)([\'\"])/i',
+ '/^([\'\"])\s*https*\s*:(.*)([\'\"])/i',
+ '/^([\'\"])\s*mocha\s*:*(.*)([\'\"])/i',
+ '/^([\'\"])\s*about\s*:(.*)([\'\"])/i'
+ ),
+ Array(
+ '\\1oddjob:\\2\\3',
+ '\\1uucp:\\2\\3',
+ '\\1amaretto:\\2\\3',
+ '\\1round:\\2\\3'
+ )
+ ),
+
+ '/^style/i' =>
+ Array(
+ Array(
+ '/expression/i',
+ '/behaviou*r/i',
+ '/binding/i',
+ '/url\(([\'\"]*)\s*https*:.*([\'\"]*)\)/i',
+ '/url\(([\'\"]*)\s*\S+script:.*([\'\"]*)\)/i'
+ ),
+ Array(
+ 'idiocy',
+ 'idiocy',
+ 'idiocy',
+ 'url(\\1http://securityfocus.com/\\2)',
+ 'url(\\1http://securityfocus.com/\\2)'
+ )
+ )
+ )
+ );
+
+$add_attr_to_tag = Array(
+ '/^a$/i' => Array('target' => '"_new"')
+ );
+
+function sanitize_html($body) {
+ global $tag_list;
+ global $rm_tags_with_content;
+ global $self_closing_tags;
+ global $force_tag_closing;
+ global $rm_attnames;
+ global $bad_attvals;
+ global $add_attr_to_tag;
+ return sanitize(
+ $body,
+ $tag_list,
+ $rm_tags_with_content,
+ $self_closing_tags,
+ $force_tag_closing,
+ $rm_attnames,
+ $bad_attvals,
+ $add_attr_to_tag
+ );
+}
+
+?>
diff --git a/html/user/team.inc b/html/user/team.inc
index e4e7ae300c..ad3187b9b9 100644
--- a/html/user/team.inc
+++ b/html/user/team.inc
@@ -2,6 +2,7 @@
require_once("util.inc");
require_once("db.inc");
+require_once("sanitize_html.inc");
function show_team($team) {
start_table();
@@ -11,7 +12,7 @@ function show_team($team) {
row("url", $team->url);
row("type", $team->type);
row("name_html", $team->name_html);
- row("description", $team->description);
+ row("description", sanitize_html($team->description));
}
function display_team_page($team) {
@@ -36,7 +37,7 @@ function display_team_page($team) {
echo "Team Info: |
";
echo "