There are two aspects:
1) undoing magic quotes (if it's being used).
This must be done for all GET and POST string inputs.
It is now done automatically by get_str() and post_str().
The places that refer to $_GET and $_POST directly
must do it themselves using undo_magic_quotes().
2) Escaping user-supplied strings before using them in DB queries.
This is done by process_user_text()
(which should be renamed db_escape_string()).
The new principle:
call process_user_text() in the function that does the DB query
(not at any higher level).
svn path=/trunk/boinc/; revision=15389
1) it's not correct to apply stripslashes() to all form input.
That should be done only if magic quotes is on.
I fixed this by adding a function undo_magic_quotes()
that does the right thing.
2) There's no reason to strip backslashes from user-supplied text
(forum titles and bodies, private messages, passwords etc.)
I'm not sure why this was being done.
It prevented messages from containing backslashes.
svn path=/trunk/boinc/; revision=15364
which added only confusion.
Implement login directly, using cookies.
- All cookie setting/clearing now goes through two functions,
send_cookie() and clear_cookie().
These deal with path and expiry
(e.g. if you want to have different language or forum settings
on two projects on the same server, that now works).
svn path=/trunk/boinc/; revision=14735
appointed by the founder, who have most of the same
rights as the founder (edit team info, view/remove users).
They can't, however, change the founder, or select/remove Admins.
- user web: added the ability for founder to delete an empty team
- user web: count/show all team members, not just those with credit
- user web: Team Search returns top team if form fields left blank
- Added db_update.php entry for Eric's banishment_vote stuff
svn path=/trunk/boinc/; revision=14108
search (keywords, country, type).
Have the new-user scenario route the user through this page.
Also, link to it rather than team.php for existing users.
- user web: use cookies rather than URLs to identify new users,
and show "Welcome to X" when they reach their user page.
- user web: don't show user intermediate page for join/quit team.
Just take them to their user page.
svn path=/trunk/boinc/; revision=13731
David Anderson