merging 6.8 bugfixes
This commit is contained in:
Roy Johnson
parent
3a174e4eb5
commit
4e7fbea4a7
3 changed files with 18 additions and 4 deletions
|
|
@ -50,6 +50,9 @@
|
|||
- fixed a bug where uploaded files would give an Auth Required regardless of
|
||||
the user being in the view group or not (Martin Kamerbeek / Procolix)
|
||||
- fix [ 1411210 ] HttpProxy Error (Thanks to Eric Kennedy for the patch)
|
||||
- fixed a serious security bug that would allow user account creation
|
||||
using a well crafted url when anonymous registration is set to off.
|
||||
(Thanks to Luke Bartholemy for the patch)
|
||||
|
||||
6.8.5
|
||||
- fix [ 1396957 ] Insufficient privileges check on the DataForm
|
||||
|
|
|
|||
|
|
@ -194,15 +194,21 @@ sub createAccount {
|
|||
#-------------------------------------------------------------------
|
||||
sub createAccountSave {
|
||||
my $self = shift;
|
||||
|
||||
return $self->displayAccount if ($self->session->user->userId ne "1");
|
||||
|
||||
my $i18n = WebGUI::International->new($self->session);
|
||||
|
||||
return $self->displayAccount if ($self->session->user->userId ne "1");
|
||||
|
||||
#Make sure anonymous registration is enabled
|
||||
unless ($self->session->setting->get("anonymousRegistration")) {
|
||||
$self->session->errorHandler->security($i18n->get("no registration hack", "AuthWebGUI"));
|
||||
return $self->displayLogin;
|
||||
}
|
||||
my $username = $self->session->form->process('authWebGUI.username');
|
||||
my $password = $self->session->form->process('authWebGUI.identifier');
|
||||
my $passConfirm = $self->session->form->process('authWebGUI.identifierConfirm');
|
||||
|
||||
my $error;
|
||||
my $i18n = WebGUI::International->new($self->session);
|
||||
|
||||
$error = $self->error unless($self->validUsername($username));
|
||||
if ($self->session->setting->get("webguiUseCaptcha")) {
|
||||
unless ($self->session->form->process('authWebGUI.captcha.validation') eq Digest::MD5::md5_base64(lc($self->session->form->process('authWebGUI.captcha')))) {
|
||||
|
|
|
|||
|
|
@ -1,6 +1,11 @@
|
|||
package WebGUI::i18n::English::AuthWebGUI;
|
||||
|
||||
our $I18N = {
|
||||
'no registration hack' => {
|
||||
message => q|complete anonymous registration by calling createAccountSave directly from the URL.|,
|
||||
lastUpdated => 1078852836
|
||||
|
||||
},
|
||||
'account template' => {
|
||||
message => q|Account Template|,
|
||||
lastUpdated => 1078852836
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue