Rooba
/
boinc
mirror of https://github.com/BOINC/boinc.git
1
0
Fork 0
Code Issues 1 Packages Projects Releases Wiki Activity

- web: show explanation if try to change team name to one in use 

- web: don't allow bad tags in team name HTML

svn path=/trunk/boinc/; revision=14339
This commit is contained in:
David Anderson 2007-12-01 22:43:11 +00:00
parent 966a64523e
commit fa601671b6
3 changed files with 37 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
checkin_notes
View File

@ -11993,3 +11993,10 @@ David 30 Nov 2007
html/user/ html/user/
forum_index.php forum_index.php
forum_forum.php forum_forum.php
David 1 Dec 2007
- web: show explanation if try to change team name to one in use
- web: don't allow bad tags in team name HTML
html/user/
team_edit_action.php

15
html/inc/bolt_ex.inc
View File

@ -19,7 +19,6 @@ function bolt_exclusive_choice($choices) {
global $bolt_ex_state; // output if SHOW, else input global $bolt_ex_state; // output if SHOW, else input
global $bolt_ex_score; // output if SCORE global $bolt_ex_score; // output if SCORE
echo "BLAH";
switch ($bolt_ex_mode) { switch ($bolt_ex_mode) {
case BOLT_MODE_SHOW: case BOLT_MODE_SHOW:
// Shuffle the answers; // Shuffle the answers;
@ -65,4 +64,18 @@ function bolt_exclusive_choice($choices) {
} }
$bolt_ex_index++; $bolt_ex_index++;
} }
function bolt_image_rect($img, $rect) {
global $bolt_ex_mode; // input
global $bolt_ex_index; // input
global $bolt_ex_state; // output if SHOW, else input
global $bolt_ex_score; // output if SCORE
switch ($bolt_ex_mode) {
case BOLT_MODE_SHOW:
echo "<img src=$img";
break;
}
}
?> ?>

23
html/user/team_edit_action.php
View File

@ -2,6 +2,7 @@
require_once("../inc/util.inc"); require_once("../inc/util.inc");
require_once("../inc/team.inc"); require_once("../inc/team.inc");
require_once("../inc/sanitize_html.inc");
require_once("../inc/boinc_db.inc"); require_once("../inc/boinc_db.inc");
$user = get_logged_in_user(); $user = get_logged_in_user();
@ -18,8 +19,13 @@ if ($x) {
} }
$team_name = process_user_text(strip_tags(post_str("name"))); $team_name = process_user_text(strip_tags(post_str("name")));
$team_name_lc = strtolower($team_name); $team_name_lc = strtolower($team_name);
$team_name_html = process_user_text(post_str("name_html", true)); $tnh = post_str("name_html", true);
//Do we really not want to scrub out bad HTML tags? $team_name_html = sanitize_html($tnh);
if ($team_name_html != $tnh) {
error_page("HTML name contains disallowed tags: ".htmlspecialchars($tnh));
}
$team_name_html = process_user_text($team_name_html);
$team_description = process_user_text(post_str("description", true)); $team_description = process_user_text(post_str("description", true));
$type = process_user_text(post_str("type", true)); $type = process_user_text(post_str("type", true));
@ -31,12 +37,14 @@ if (!is_valid_country($country)) {
error_page("bad country"); error_page("bad country");
} }
if (! is_numeric($teamid)) { $t = BoincTeam::lookup("name='$team_name'");
error_page("Team ID must be numeric."); if ($t && $t->id != $teamid) {
error_page("The name '$team_name' is being used by another team.");
} }
if (strlen($team_name) == 0) {
if (strlen($team_name) == 0) { // Should be caught up with the post_str("name"), error_page("Must specify team name");
error_page("Must specify team name"); // but you can never be too safe. // Should be caught up with the post_str("name"),
// but you can never be too safe.
} }
$clause = sprintf( $clause = sprintf(
@ -55,6 +63,7 @@ $clause = sprintf(
$type, $type,
$country $country
); );
$ret = $team->update($clause); $ret = $team->update($clause);
if ($ret) { if ($ret) {
Header("Location: team_display.php?teamid=$team->id"); Header("Location: team_display.php?teamid=$team->id");