oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

merging 6.8 bugfixes

Browse source
This commit is contained in:
Roy Johnson 2006-02-12 23:23:54 +00:00
parent 3a174e4eb5
commit 4e7fbea4a7
3 changed files with 18 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

3
docs/changelog/6.x.x.txt
View file

@ -50,6 +50,9 @@
- fixed a bug where uploaded files would give an Auth Required regardless of - fixed a bug where uploaded files would give an Auth Required regardless of
the user being in the view group or not (Martin Kamerbeek / Procolix) the user being in the view group or not (Martin Kamerbeek / Procolix)
- fix [ 1411210 ] HttpProxy Error (Thanks to Eric Kennedy for the patch) - fix [ 1411210 ] HttpProxy Error (Thanks to Eric Kennedy for the patch)
- fixed a serious security bug that would allow user account creation
using a well crafted url when anonymous registration is set to off.
(Thanks to Luke Bartholemy for the patch)
6.8.5 6.8.5
- fix [ 1396957 ] Insufficient privileges check on the DataForm - fix [ 1396957 ] Insufficient privileges check on the DataForm

14
lib/WebGUI/Auth/WebGUI.pm
View file

@ -194,15 +194,21 @@ sub createAccount {
#------------------------------------------------------------------- #-------------------------------------------------------------------
sub createAccountSave { sub createAccountSave {
my $self = shift; my $self = shift;
my $i18n = WebGUI::International->new($self->session);
return $self->displayAccount if ($self->session->user->userId ne "1");
return $self->displayAccount if ($self->session->user->userId ne "1");
#Make sure anonymous registration is enabled
unless ($self->session->setting->get("anonymousRegistration")) {
$self->session->errorHandler->security($i18n->get("no registration hack", "AuthWebGUI"));
return $self->displayLogin;
}
my $username = $self->session->form->process('authWebGUI.username'); my $username = $self->session->form->process('authWebGUI.username');
my $password = $self->session->form->process('authWebGUI.identifier'); my $password = $self->session->form->process('authWebGUI.identifier');
my $passConfirm = $self->session->form->process('authWebGUI.identifierConfirm'); my $passConfirm = $self->session->form->process('authWebGUI.identifierConfirm');
my $error; my $error;
my $i18n = WebGUI::International->new($self->session);
$error = $self->error unless($self->validUsername($username)); $error = $self->error unless($self->validUsername($username));
if ($self->session->setting->get("webguiUseCaptcha")) { if ($self->session->setting->get("webguiUseCaptcha")) {
unless ($self->session->form->process('authWebGUI.captcha.validation') eq Digest::MD5::md5_base64(lc($self->session->form->process('authWebGUI.captcha')))) { unless ($self->session->form->process('authWebGUI.captcha.validation') eq Digest::MD5::md5_base64(lc($self->session->form->process('authWebGUI.captcha')))) {

5
lib/WebGUI/i18n/English/AuthWebGUI.pm
View file

@ -1,6 +1,11 @@
package WebGUI::i18n::English::AuthWebGUI; package WebGUI::i18n::English::AuthWebGUI;
our $I18N = { our $I18N = {
'no registration hack' => {
message => q|complete anonymous registration by calling createAccountSave directly from the URL.|,
lastUpdated => 1078852836
},
'account template' => { 'account template' => {
message => q|Account Template|, message => q|Account Template|,
lastUpdated => 1078852836 lastUpdated => 1078852836