There are two aspects:
1) undoing magic quotes (if it's being used).
This must be done for all GET and POST string inputs.
It is now done automatically by get_str() and post_str().
The places that refer to $_GET and $_POST directly
must do it themselves using undo_magic_quotes().
2) Escaping user-supplied strings before using them in DB queries.
This is done by process_user_text()
(which should be renamed db_escape_string()).
The new principle:
call process_user_text() in the function that does the DB query
(not at any higher level).
svn path=/trunk/boinc/; revision=15389
If present, don't show anything related to computing.
Use this for Bossa/Bolt projects, and the BOINC message boards.
svn path=/trunk/boinc/; revision=15228
It didn't work on a host's first scheduler RPC
(when it passes an auth but no host ID).
How do we look up user in this case?
The weak auth is not stored explicitly in the DB.
Solution: include the user ID in the weak auth.
(this invalidates existing weak auths)
svn path=/trunk/boinc/; revision=14546
This is for debugging apps (currently works only in Unix).
What it does: when running an app,
the client does everything except actually fork/exec the app,
i.e. it sets up the slot dir, creates shared mem segment etc.
It then continues as if the app were actually running,
and you can then manually run your app under a debugger
in the slot directory.
Note: the client won't notice the termination of your app.
- API, Unix: in situations where the timer thread wants to exit
(e.g. it notices a missing heartbeat).
don't directly call boinc_exit(),
since this touches data structures that the worker thread
may be using concurrently.
Instead, set a flag telling the worker thread to call boinc_exit()
(which it will do from its signal handler)
This is an attempt to fix problems reported by Bernd;
I haven't tested it.
- scheduler: add config flag for uploading usage data
- web: show account key and weak account key on user page
- added some code for multithread support (not finished)
api/
boinc_api.C
svn path=/trunk/boinc/; revision=14542
now have community info in a 2nd column on the right.
This accomplishes two things:
1) it puts community info in more places;
2) it provides a reasonable way to format long lists of friends;
they just continue down the right column.
svn path=/trunk/boinc/; revision=14452
Users can choose whether to get 1 email per notification,
a daily "digest" email, or no email.
(All notifications are shown on the Account page).
Currently used for:
- Friend requests and confirmations
- Posts to subscribed threads
- Private messages
NOTE: To implement the "daily digest" feature, projects must add
a periodic task for html/ops/notify.php to config.xml
- web: have project_footer() generate links for
Account Page and Message Boards as well as Home
NOTE: projects that want this change
will have to modify their own project.inc.
svn path=/trunk/boinc/; revision=14447
rename General Prefs to Computing Prefs;
rename Forum Prefs to Community Prefs
add Prefs link if user doesn't have email PM notification
- remove forum low/high rating theshold stuff.
Message rating was a failed experiment.
svn path=/trunk/boinc/; revision=14300
URL_BASE is assumed to end with a /.
If you put another /, you end up with // in URLs.
This leads to a situation where you can have
one cookie for // and another for / - bad.
If this causes problems for any projects,
they should edit their project.inc accordingly
svn path=/trunk/boinc/; revision=14254
Team founder and admins have moderator power.
Anyone can view a team message board,
but only team members can write to it.
Users cannot be banished from team message boards
(due to database limitations).
svn path=/trunk/boinc/; revision=14218
- DB: added parent_type to forum
- user web: BoincUser uses caching by default
- client: fixed small memory leak in statistics parsing
svn path=/trunk/boinc/; revision=14130
- If a request is pending, notify the current founder
in red on their Account page.
(previously there was no notification on the web;
if the founder didn't get the notification email,
they'd never find out; and if they read but lost the email,
they'd lose the URL they needed to visit to decline).
- Also notify current founder on the Admin Functions page
- On the team page
requesting user: show that request is pending, and the deadline.
founder: show that request is pending, link to respond
other users: show Deferred if can't make a request yet
- Say 90 days instead of 60 days where appropriate;
other text cleanup
- user web: team_change_founder_action.php was generating
a different name for each element of a radio button group.
That makes it not a radio button.
svn path=/trunk/boinc/; revision=14117
appointed by the founder, who have most of the same
rights as the founder (edit team info, view/remove users).
They can't, however, change the founder, or select/remove Admins.
- user web: added the ability for founder to delete an empty team
- user web: count/show all team members, not just those with credit
- user web: Team Search returns top team if form fields left blank
- Added db_update.php entry for Eric's banishment_vote stuff
svn path=/trunk/boinc/; revision=14108
This lets you lookup up users sorted by
- descending join time
- descending total credit, or
- descending RAC
and lets you filter them by
- country
- presence/absence of team
- presence/absence of profile
It's implemented in such a way that no more than N
DB rows are examined
(i.e. it doesn't necessarily show you all the results)
- PHP database: add enum_fields() member to DbConn and BoincUser.
This is to select a limited number of fields
e.g. to make large queries more efficient.
Also added BoincTeam::lookup_id_cache(); this is an example
of how to look up items likely to be repeated
(like teams when you're showing a list of users)
svn path=/trunk/boinc/; revision=14082
Here's how things should eventually be:
- inc/db_conn.inc defines DbConn, a PHP class representing
a connection to a database with
various generic operations (update, insert etc.).
DbConn prepends the DB name to table names,
so you don't have to select a DB;
this means you can access multiple databases
(e.g. BOINC and Bossa) and use persistent connections.
ALL MYSQL-SPECIFIC CODE WILL EVENTUALLY BE HERE.
- inc/boinc_db.inc defines classes BoincUser, BoincTeam etc.,
representing the various BOINC DB tables.
All access to the DB should use these classes.
When you use this framework, no initialization calls are needed.
db.inc is deprecated and should eventually be removed.
I changed get_logged_in_user()
and all team-related code to use this framework.
- user web: show team founder link to "management functions"
even if they're not currently a member;
allow team founder to perform all operations even if not a member.
- turned on E_ALL error checking,
and fixed a bunch of warnings
and a couple of bugs ($team, not team)
- database: update schema/constraints for team fulltext search
- user web: forgot to change Serbia and Montenegro to Serbia
svn path=/trunk/boinc/; revision=13968
"task" instead of "result";
"computer" instead of "host";
"scheduler request" instead of "scheduler RPC"
"access to Internet" instead of "access to reference web site"
svn path=/trunk/boinc/; revision=13774
search (keywords, country, type).
Have the new-user scenario route the user through this page.
Also, link to it rather than team.php for existing users.
- user web: use cookies rather than URLs to identify new users,
and show "Welcome to X" when they reach their user page.
- user web: don't show user intermediate page for join/quit team.
Just take them to their user page.
svn path=/trunk/boinc/; revision=13731
- Change "CVS" into "SVN" in the CVS version tracker (automatically generated comment in the pages showing page revision number)
svn path=/trunk/boinc/; revision=12666
David Anderson