compute capability 3.x.
Not sure if the parameters are right
(128 cores/proc, 2 flops/clock)
but they're better than nothing.
- web: don't allow user names that have leading or trailing white space,
or HTML tags, or are empty
svn path=/trunk/boinc/; revision=25485
and team names are represented.
In particular, edit_user_info_action.php was using
htmlentities() on names; this led to double-encoding.
The new rules:
1) no HTML tags allowed in either one.
This is enforced silently, using strip_tags()
2) names are stored in the DB exactly as entered.
They may contain chars like & and >.
They may contain non-ASCII characters
(use UTF-8 if you want them displayed correctly).
None of these are not escaped.
3) When the names are put in XML
(e.g. in scheduler reply or db_dump output)
they are XML-escaped.
This escapes <, &, and non-ASCII chars
4) The client leaves them in this form,
and writes them that way in GUI RPCs
and init_data.xml files.
5) The parsing of GUI RPC replies and init_data.xml files
XML-unescapes them.
svn path=/trunk/boinc/; revision=20647
There are two aspects:
1) undoing magic quotes (if it's being used).
This must be done for all GET and POST string inputs.
It is now done automatically by get_str() and post_str().
The places that refer to $_GET and $_POST directly
must do it themselves using undo_magic_quotes().
2) Escaping user-supplied strings before using them in DB queries.
This is done by process_user_text()
(which should be renamed db_escape_string()).
The new principle:
call process_user_text() in the function that does the DB query
(not at any higher level).
svn path=/trunk/boinc/; revision=15389
NOTE: teams that have name display issues will have to edit their description once the projects update the code.
svn path=/trunk/boinc/; revision=12691
David Anderson