This is for my own use in BOINC-wide teams.
It must work even if account/team creation are disabled
(as they are in the BOINC-wide teams site).
To do this, I moved the <disable_team_creation> check out of make_team()
and moved it to the existing places that call make_team().
The logic now matches that of make_user().
- add a PHP interface for lookup_account()
- PHP interfaces return error number as well as message
(messages change; numbers don't)
- using symbolic error codes instead of hardwired numbers in PHP code
There are two aspects:
1) undoing magic quotes (if it's being used).
This must be done for all GET and POST string inputs.
It is now done automatically by get_str() and post_str().
The places that refer to $_GET and $_POST directly
must do it themselves using undo_magic_quotes().
2) Escaping user-supplied strings before using them in DB queries.
This is done by process_user_text()
(which should be renamed db_escape_string()).
The new principle:
call process_user_text() in the function that does the DB query
(not at any higher level).
svn path=/trunk/boinc/; revision=15389
Make a single function that creates teams
and cleanses arguments.
- API: don't include config.h in parse.h.
This file is included from apps
(indirectly, via graphics_api.h)
so it shouldn't assume that config.h exists
svn path=/trunk/boinc/; revision=13212
David Anderson