(mostly from Simek)
fixes#716
- validator: tweak the way host error rate is computed,
e.g. on error bump rate by .1 instead of .05
svn path=/trunk/boinc/; revision=15771
There are two aspects:
1) undoing magic quotes (if it's being used).
This must be done for all GET and POST string inputs.
It is now done automatically by get_str() and post_str().
The places that refer to $_GET and $_POST directly
must do it themselves using undo_magic_quotes().
2) Escaping user-supplied strings before using them in DB queries.
This is done by process_user_text()
(which should be renamed db_escape_string()).
The new principle:
call process_user_text() in the function that does the DB query
(not at any higher level).
svn path=/trunk/boinc/; revision=15389
1) it's not correct to apply stripslashes() to all form input.
That should be done only if magic quotes is on.
I fixed this by adding a function undo_magic_quotes()
that does the right thing.
2) There's no reason to strip backslashes from user-supplied text
(forum titles and bodies, private messages, passwords etc.)
I'm not sure why this was being done.
It prevented messages from containing backslashes.
svn path=/trunk/boinc/; revision=15364
- user web: improve "team search" function,
and get rid of the superceded "search by name" function
- user web: don't show team founder link to initiate transfer
- user web: show team types
- user web: fix "top teams by type" function
- client: tread NOT_FOUND error on file upload as transient;
it means the project is missing its file_upload_handler
svn path=/trunk/boinc/; revision=14272
appointed by the founder, who have most of the same
rights as the founder (edit team info, view/remove users).
They can't, however, change the founder, or select/remove Admins.
- user web: added the ability for founder to delete an empty team
- user web: count/show all team members, not just those with credit
- user web: Team Search returns top team if form fields left blank
- Added db_update.php entry for Eric's banishment_vote stuff
svn path=/trunk/boinc/; revision=14108
Here's how things should eventually be:
- inc/db_conn.inc defines DbConn, a PHP class representing
a connection to a database with
various generic operations (update, insert etc.).
DbConn prepends the DB name to table names,
so you don't have to select a DB;
this means you can access multiple databases
(e.g. BOINC and Bossa) and use persistent connections.
ALL MYSQL-SPECIFIC CODE WILL EVENTUALLY BE HERE.
- inc/boinc_db.inc defines classes BoincUser, BoincTeam etc.,
representing the various BOINC DB tables.
All access to the DB should use these classes.
When you use this framework, no initialization calls are needed.
db.inc is deprecated and should eventually be removed.
I changed get_logged_in_user()
and all team-related code to use this framework.
- user web: show team founder link to "management functions"
even if they're not currently a member;
allow team founder to perform all operations even if not a member.
- turned on E_ALL error checking,
and fixed a bunch of warnings
and a couple of bugs ($team, not team)
- database: update schema/constraints for team fulltext search
- user web: forgot to change Serbia and Montenegro to Serbia
svn path=/trunk/boinc/; revision=13968
search (keywords, country, type).
Have the new-user scenario route the user through this page.
Also, link to it rather than team.php for existing users.
- user web: use cookies rather than URLs to identify new users,
and show "Welcome to X" when they reach their user page.
- user web: don't show user intermediate page for join/quit team.
Just take them to their user page.
svn path=/trunk/boinc/; revision=13731
David Anderson