There are two aspects:
1) undoing magic quotes (if it's being used).
This must be done for all GET and POST string inputs.
It is now done automatically by get_str() and post_str().
The places that refer to $_GET and $_POST directly
must do it themselves using undo_magic_quotes().
2) Escaping user-supplied strings before using them in DB queries.
This is done by process_user_text()
(which should be renamed db_escape_string()).
The new principle:
call process_user_text() in the function that does the DB query
(not at any higher level).
svn path=/trunk/boinc/; revision=15389
1) it's not correct to apply stripslashes() to all form input.
That should be done only if magic quotes is on.
I fixed this by adding a function undo_magic_quotes()
that does the right thing.
2) There's no reason to strip backslashes from user-supplied text
(forum titles and bodies, private messages, passwords etc.)
I'm not sure why this was being done.
It prevented messages from containing backslashes.
svn path=/trunk/boinc/; revision=15364
Lets you assign a WU to a particular host,
to one or all hosts belonging to a user or team, or to all hosts.
See http://boinc.berkeley.edu/trac/wiki/AssignedWork
Disabled unless you include <enable_assignment> in config.xml
Uses a new DB table.
Tested but only a little.
- Server: code cleanup; moved result-handling to a new file,
and removed the PLATFORM_LIST arg to everything
(put it in SCHEDULER_REQUEST instead)
svn path=/trunk/boinc/; revision=14767
than 24 hours away, to prevent thrashing. But this delayed
reissuing of new results. For example if two results were
issued a hours 17 and 18, and both timed out (no reply). At
time 17+deadline the first would time out and a new result
would be issued. But then instead of setting the transition
time to 18+deadline it would be set to 18+deadline+1 day.
To prevent thrashing I have fixed this so that if a transition
time is in the past, I advance it by TWICE the amount it is late,
but never less than 1 minute or more than 1 day.
- Ops pages: show unsent/in-progress results in purple. For
unsent results show create time rather than deadline.
svn path=/trunk/boinc/; revision=6637
choice selection menus
- Ops pages fixes from Christian Beers and David Hammer:
* some rearrangement of index page
* fix pass percentage by platform pages to show only non-deprecated apps
* all platforms now appear in summary pages of failures
svn path=/trunk/boinc/; revision=5351
My next request is to do a corresponding cleanup of the 'detailed' RESULT
page. In particular, it should show ALL the fields at the bottom of this
page: ops/db_form.php?table=result&detail=low which are:
Some specific things that would be helpful:
(1) again, decode meaning, AND numeric value:
Server state: Over [X]
Outcome: Client error [X]
File Delete state: Initial [0]
where possible.
(2) It would be extremely useful to decode the exit status
values into text, according to: lib/error_numbers.h:
so if the error is one of these values, a human-readable string
is also displayed. If not one of these values, just the number.
(3) This might be too hard -- could you search in stderr out
for things like <error_code>-108</error_code> and if found
add a separate row with the human-readable decoding of this?
(4) If easy, link App version back to the app version table.
If hard, don't bother.
(5) Fix bug on User Id line (currently has host_name_by_id(...))
svn path=/trunk/boinc/; revision=4974
results in some range of MOD time rather than some range of received
time, and display all fields associated with Workunits.
svn path=/trunk/boinc/; revision=4969
sort options to results page, better internal bug checking on state lists,
move result summary to top of WU detail page, show WU report deadline in
human-readable form, show cross_project_ID in user table.
svn path=/trunk/boinc/; revision=4679
David Anderson