diff --git a/checkin_notes b/checkin_notes index 9fc4c7db6b..854b14dc64 100755 --- a/checkin_notes +++ b/checkin_notes @@ -2133,6 +2133,18 @@ David 19 Feb 2006 user/ white.css +Bruce 20 Feb 2006 + - user web: allow sorting of columns of host data for a given user. I + have done this in a general way, which should permit any page to + be easily modified to permit sorting by any column. + + html/ + inc/ + util.inc + host.inc + user/ + hosts_user.php + Charlie 21 Feb 2006 - Mac: Add safety timer to kill application if screensaver hangs. - Improve screensaver display when no graphics: don't display 0.00% @@ -2179,3 +2191,15 @@ Rom 21 Feb 2006 lib/ gui_rpc_client.h gui_rpc_client_ops.C + +Bruce 22 Feb 2006 + - User web pages. Make RSS feed type application/xml rather than text/xml. + Make RSS feed link permanent guid rather than temporary. + - Better caching mechanism for hosts_user.php to prevent malicious user + from passing _GET[] strings that would lead to unbounded cache usage. + + html/ + user/ + hosts_user.php + sample_rss_main.php + diff --git a/html/user/hosts_user.php b/html/user/hosts_user.php index d411dd0f3c..2d3df5bc75 100644 --- a/html/user/hosts_user.php +++ b/html/user/hosts_user.php @@ -40,9 +40,14 @@ function user_host_table_start($private) { db_init(); + +// get the _GET variables which determine how to display the page +// $userid = get_int("userid", true); $show_all = get_int("show_all", true); -if (!$show_all) $show_all = 0; +if (!$show_all) $show_all=0; +$sort = get_str("sort", true); +if (!$sort) $sort = "rpc_time"; $user = get_logged_in_user(false); if ($user && $user->id == $userid) { @@ -54,13 +59,7 @@ if ($userid) { error_page("No such user"); } $caching=true; - $list=make_GET_list("", ""); - if (!strncmp($list, "?", 1)) { - $cache_args=substr($list, 1); - } else { - // should never happen - $cache_args="userid=$userid&show_all=$show_all"; - } + $cache_args="userid=$userid&show_all=$show_all&sort=$sort"; start_cache(USER_PAGE_TTL, $cache_args); if ($user->show_hosts) { page_head("Computers belonging to $user->name"); @@ -85,7 +84,6 @@ if ($userid) { } $sort_clause = "rpc_time desc"; -$sort = get_str("sort", true); if ($sort == "total_credit") $sort_clause = "total_credit desc"; if ($sort == "total_credit_reversed") $sort_clause = "total_credit"; if ($sort == "expavg_credit") $sort_clause = "expavg_credit desc"; diff --git a/html/user/sample_rss_main.php b/html/user/sample_rss_main.php index 2ca8d17632..a406ea05e8 100644 --- a/html/user/sample_rss_main.php +++ b/html/user/sample_rss_main.php @@ -11,7 +11,7 @@ // header ("Expires: " . gmdate('D, d M Y H:i:s', time()) . " GMT"); header ("Last-Modified: " . gmdate('D, d M Y H:i:s') . " GMT"); -header ("Content-Type: text/xml"); +header ("Content-Type: application/xml"); // Get or set display options // - from 1 to 9 News could be set by option news, default is up to 9 @@ -59,10 +59,11 @@ for( $item=0; $item < $news; $item++ ) { if( count($project_news[$item]) == 2) { $d = strtotime($project_news[$item][0]); $news_date=gmdate('D, d M Y H:i:s',$d) . ' GMT'; + $unique_url=URL_BASE."all_news.php#$j"; echo " Project News ".strip_tags($project_news[$item][0])." - ".URL_BASE."all_news.php#$j - ".PROJECT."_$item + $unique_url + $unique_url ".strip_tags($project_news[$item][1])." $news_date