There are two aspects:
1) undoing magic quotes (if it's being used).
This must be done for all GET and POST string inputs.
It is now done automatically by get_str() and post_str().
The places that refer to $_GET and $_POST directly
must do it themselves using undo_magic_quotes().
2) Escaping user-supplied strings before using them in DB queries.
This is done by process_user_text()
(which should be renamed db_escape_string()).
The new principle:
call process_user_text() in the function that does the DB query
(not at any higher level).
svn path=/trunk/boinc/; revision=15389
1) it's not correct to apply stripslashes() to all form input.
That should be done only if magic quotes is on.
I fixed this by adding a function undo_magic_quotes()
that does the right thing.
2) There's no reason to strip backslashes from user-supplied text
(forum titles and bodies, private messages, passwords etc.)
I'm not sure why this was being done.
It prevented messages from containing backslashes.
svn path=/trunk/boinc/; revision=15364
Users can choose whether to get 1 email per notification,
a daily "digest" email, or no email.
(All notifications are shown on the Account page).
Currently used for:
- Friend requests and confirmations
- Posts to subscribed threads
- Private messages
NOTE: To implement the "daily digest" feature, projects must add
a periodic task for html/ops/notify.php to config.xml
- web: have project_footer() generate links for
Account Page and Message Boards as well as Home
NOTE: projects that want this change
will have to modify their own project.inc.
svn path=/trunk/boinc/; revision=14447
rename General Prefs to Computing Prefs;
rename Forum Prefs to Community Prefs
add Prefs link if user doesn't have email PM notification
- remove forum low/high rating theshold stuff.
Message rating was a failed experiment.
svn path=/trunk/boinc/; revision=14300
URL_BASE is assumed to end with a /.
If you put another /, you end up with // in URLs.
This leads to a situation where you can have
one cookie for // and another for / - bad.
If this causes problems for any projects,
they should edit their project.inc accordingly
svn path=/trunk/boinc/; revision=14254
David Anderson