diff --git a/lib/WebGUI/Asset/Wobject/Layout.pm b/lib/WebGUI/Asset/Wobject/Layout.pm index f1eadbe8a..bb87d6ee3 100644 --- a/lib/WebGUI/Asset/Wobject/Layout.pm +++ b/lib/WebGUI/Asset/Wobject/Layout.pm @@ -17,6 +17,7 @@ package WebGUI::Asset::Wobject::Layout; use strict; use WebGUI::Asset::Wobject; use WebGUI::Utility; +use WebGUI::Cache; our @ISA = qw(WebGUI::Asset::Wobject); @@ -264,6 +265,34 @@ sub www_setContentPositions { #------------------------------------------------------------------- sub www_view { my $self = shift; + # slashdot / burst protection + if ($self->session->var->get("userId") eq "1" && $self->session->form->param("func") eq "" && $self->session->form->param("op") eq "") { + unless ($self->canView) { + if ($self->get("state") eq "published") { # no privileges, make em log in + return $self->session->privilege->noAccess(); + } elsif ($self->session->var->get("adminOn") && $self->get("state") =~ /^trash/) { # show em trash + $self->session->http->setRedirect($self->getUrl("func=manageTrash")); + return undef; + } elsif ($self->session->var->get("adminOn") && $self->get("state") =~ /^clipboard/) { # show em clipboard + $self->session->http->setRedirect($self->getUrl("func=manageClipboard")); + return undef; + } else { # tell em it doesn't exist anymore + $self->session->http->setStatus("410"); + return WebGUI::Asset->getNotFound($self->session)->www_view; + } + } + $self->logView(); + # must find a way to do this next line better + $self->session->http->setCookie("wgSession",$self->session->var->{_var}{sessionId}) unless $self->session->var->{_var}{sessionId} eq $self->session->http->getCookies->{"wgSession"}; + my $cache = WebGUI::Cache->new($self->session, "view_".$self->getId); + my $out = $cache->get if defined $cache; + unless ($out) { + $self->prepareView; + $out = $self->processStyle($self->view); + $cache->set($out, 60); + } + return $out; + } $self->{_viewPrintOverride} = 1; # we do this to make it output each easset as it goes, rather than waiting until the end return $self->SUPER::www_view; } diff --git a/lib/WebGUI/Auth.pm b/lib/WebGUI/Auth.pm index e10244cca..3c5c89d35 100644 --- a/lib/WebGUI/Auth.pm +++ b/lib/WebGUI/Auth.pm @@ -572,7 +572,7 @@ sub login { #Create a new user $uid = $self->userId; $u = WebGUI::User->new($self->session,$uid); - $self->session->var->start($uid,$self->session->getId); + $self->session->user({user=>$u}); $u->karma($self->session->setting->get("karmaPerLogin"),"Login","Just for logging in.") if ($self->session->setting->get("useKarma")); $self->_logLogin($uid,"success"); if ($self->session->scratch->get("redirectAfterLogin")) { diff --git a/lib/WebGUI/Macro/L_loginBox.pm b/lib/WebGUI/Macro/L_loginBox.pm index 2fae8a8d8..99e2818c1 100644 --- a/lib/WebGUI/Macro/L_loginBox.pm +++ b/lib/WebGUI/Macro/L_loginBox.pm @@ -66,7 +66,7 @@ sub process { my $templateId = $param[2] || "PBtmpl0000000000000044"; my %var; my $i18n = WebGUI::International->new($session,'Macro_L_loginBox'); - $var{'user.isVisitor'} = ($session->user->userId eq "1"); + $var{'user.isVisitor'} = ($session->var->get("userId") eq "1"); $var{'customText'} = $param[1]; $var{'customText'} =~ s/%(.*?)%/_createURL($session,$1)/ge; $var{'hello.label'} = $i18n->get(48); diff --git a/lib/WebGUI/Session.pm b/lib/WebGUI/Session.pm index 667a028b5..dfa2dd344 100644 --- a/lib/WebGUI/Session.pm +++ b/lib/WebGUI/Session.pm @@ -561,13 +561,13 @@ sub user { my $option = shift; if (defined $option) { my $userId = $option->{userId} || $option->{user}->userId; + $self->var->start($userId,$self->getId); if ($self->setting->get("passiveProfilingEnabled")) { - $self->db->write("update passiveProfileLog set userId = ".$self->db->quote($userId)." where sessionId = ".$self->db->quote($self->getId)); + $self->db->write("update passiveProfileLog set userId = ? where sessionId = ?",[$userId,$self->getId]); } delete $self->{_stow}; $self->{_user} = $option->{user} || WebGUI::User->new($self, $userId); $self->request->user($self->{_user}->username) if ($self->request); - $self->var->start($self->{_user}->userId,$self->getId); } elsif (!exists $self->{_user}) { $self->{_user} = WebGUI::User->new($self, $self->var->get('userId')); } diff --git a/lib/WebGUI/Session/Var.pm b/lib/WebGUI/Session/Var.pm index fe90d6ad8..3d64618c3 100644 --- a/lib/WebGUI/Session/Var.pm +++ b/lib/WebGUI/Session/Var.pm @@ -225,8 +225,10 @@ Session id will be generated if not specified. In almost every case you should l sub start { my $self = shift; - my $userId = shift || 1; - my $sessionId = shift || $self->session->id->generate; + my $userId = shift; + $userId = 1 if ($userId eq ""); + my $sessionId = shift; + $sessionId = $self->session->id->generate if ($sessionId eq ""); $self->{_var} = { expires=>$self->session->datetime->time() + $self->session->setting->get("sessionTimeout"), lastPageView=>$self->session->datetime->time(),