From 695eb80680b64afd8ec2e3bcdcd014c04a3f109d Mon Sep 17 00:00:00 2001 From: David Anderson Date: Wed, 22 Sep 2010 22:48:15 +0000 Subject: [PATCH] - web: authenticate notices request svn path=/trunk/boinc/; revision=22397 --- checkin_notes | 6 ++++++ doc/rss_main.php | 2 +- html/user/notices.php | 9 ++++++++- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/checkin_notes b/checkin_notes index 858b94b227..9cfdd9e12d 100644 --- a/checkin_notes +++ b/checkin_notes @@ -6736,3 +6736,9 @@ David 21 Sept 2010 notices.php client/ cs_notice.cpp,h + +David 22 Sept 2010 + - web: authenticate notices request + + html/user/ + notices.php diff --git a/doc/rss_main.php b/doc/rss_main.php index 10b179cdf8..1d9bcf013b 100644 --- a/doc/rss_main.php +++ b/doc/rss_main.php @@ -25,5 +25,5 @@ if (!$forum) { exit; } -forum_rss($forum->id, 0, 0, 1, 9999); +forum_rss($forum->id, 0, 0, 1, 14); ?> diff --git a/html/user/notices.php b/html/user/notices.php index bb0ac9d469..60313eb656 100644 --- a/html/user/notices.php +++ b/html/user/notices.php @@ -58,7 +58,14 @@ if (!$since_time) { $user = BoincUser::lookup_id($userid); if (!$user) xml_error(); -if (notify_rss_auth($user) != $auth) xml_error(); + +// the auth in the URL includes "userid_" +// + +$x = $user->id."_".notify_rss_auth($user); +if ($x != $auth) { + xml_error(-155, 'Invalid authenticator'); +} $since_clause = "and create_time > $since_time";