Commit Graph

15 Commits

Author SHA1 Message Date
David Anderson d27af6214d - user web: finish dealing with get args spam
svn path=/trunk/boinc/; revision=23010
2011-02-09 22:11:34 +00:00
David Anderson 9baf78fe5f - web: added copyright and license info to PHP files
svn path=/trunk/boinc/; revision=15758
2008-08-05 22:43:14 +00:00
David Anderson d403a14e42 - web: cleaned up logic of string processing.
There are two aspects:
    1) undoing magic quotes (if it's being used).
        This must be done for all GET and POST string inputs.
        It is now done automatically by get_str() and post_str().
        The places that refer to $_GET and $_POST directly
        must do it themselves using undo_magic_quotes().
    2) Escaping user-supplied strings before using them in DB queries.
        This is done by process_user_text()
        (which should be renamed db_escape_string()).
        The new principle:
        call process_user_text() in the function that does the DB query
        (not at any higher level).


svn path=/trunk/boinc/; revision=15389
2008-06-11 19:36:10 +00:00
David Anderson d764eb5873 - web: clean up stuff related to stripslashes():
1) it's not correct to apply stripslashes() to all form input.
        That should be done only if magic quotes is on.
        I fixed this by adding a function undo_magic_quotes()
        that does the right thing.
    2) There's no reason to strip backslashes from user-supplied text
        (forum titles and bodies, private messages, passwords etc.)
        I'm not sure why this was being done.
        It prevented messages from containing backslashes.

svn path=/trunk/boinc/; revision=15364
2008-06-05 20:32:21 +00:00
David Anderson 0616e75a02 - user web: update other code to use new-style DB interfaces
svn path=/trunk/boinc/; revision=14164
2007-11-12 22:28:17 +00:00
David Anderson 3e6f1f062c account creation cleanup
svn path=/trunk/boinc/; revision=8666
2005-10-12 22:51:55 +00:00
David Anderson d6b863c84d *** empty log message ***
svn path=/trunk/boinc/; revision=8562
2005-10-08 19:12:43 +00:00
David Anderson bcd86f38ab *** empty log message ***
svn path=/trunk/boinc/; revision=8558
2005-10-07 23:19:20 +00:00
David Anderson 2306ba39ab add elements fo config file
svn path=/trunk/boinc/; revision=8550
2005-10-07 19:19:07 +00:00
Bruce Allen d8ae84126a Emergency fix: prevent users from creating password<6 chars long
using web-page interface.  David, Janus, the min password length
needs to be parsed from a single place, eg config.xml, and used
consistently in both PHP and client-side ops.

svn path=/trunk/boinc/; revision=8541
2005-10-07 14:28:08 +00:00
David Anderson 1e581bcc24 *** empty log message ***
svn path=/trunk/boinc/; revision=8154
2005-09-23 05:38:38 +00:00
David Anderson 81df3c4dce *** empty log message ***
svn path=/trunk/boinc/; revision=7929
2005-09-08 20:33:04 +00:00
David Anderson 852dd3a01d allow mixed case passwords
svn path=/trunk/boinc/; revision=7612
2005-08-30 15:50:19 +00:00
David Anderson 8a72aef655 remove email munge code
svn path=/trunk/boinc/; revision=7518
2005-08-26 22:26:26 +00:00
David Anderson b36fef1e87 *** empty log message ***
svn path=/trunk/boinc/; revision=7216
2005-08-09 18:46:53 +00:00