diff --git a/docs/changelog/5.x.x.txt b/docs/changelog/5.x.x.txt index a020717d4..129e5937e 100644 --- a/docs/changelog/5.x.x.txt +++ b/docs/changelog/5.x.x.txt @@ -1,6 +1,5 @@ 5.5.0 - Rewrote the discussion system and added many new features in the process. - - Fixed a bug in the collateralImport.pl script. - Added external database group privileges. (Thanks to Andy Grundman.) - Added support for encryptLogin user setting. (Thanks to Hal Roberts.) - Added anonymous response option to Survey. (Thanks to Andy Grundman.) @@ -14,6 +13,39 @@ +5.4.3 + - Fixed a bug where CM's could have deleted the entire collateral manager + contents if they deleted an item, then hit their back button and deleted it +again. + - Fixed a bug in the collateralImport.pl script. + - Fixed a bug where exports of themes would only work if an image was + included in the theme. + - Fixed a bug in the RandomSnippet and RandomImage macros where they would + crash the page if an invalid collateral folder were specified. + - Fixed a bug when wobject privileges were turned on and a user had the + privileges to edit a page, they could not add wobjects to the page. + - Fixed a bug where all of the articles on a page would get the same template + for one page view after a properties save. + - Fixed a bug where the email address would not appear when editing a user + profile after an admin created a new account. (Thanks to Arne Dokken.) + - Fixed a bug in editing secondary admins. (Thanks to Leendert Bottelberghs.) + - Fixed an ordering bug on the list of users in the Manage Users In Group + page. + - Fixed an LDAP auth bug where users could not authenticate if RDN = DN. + (Thanks to Chris Jackson.) + - Fixed a bug in the DataForm where multiple items in a check list were not + being emailed. + - Fixed a bug in the Syndicated Content wobject where feeds with only one + item would cause a problem. (Thanks to Len Kranendonk.) + - Made session page setup use the same mechanism to mangle urls as the rest + of WebGUI uses. + - Fixed a bug in DataForm where the name of the last form element added would + appear as the default value of another form field if it were called "name". + - Fixed a potential security problem in the collateral manager where content + managers could delete collateral they didn't own. + + + 5.4.2 - Fixed tab forms for better support with older browsers, less resource usage, and a cookie bug that would log users out after editing their stie for a while. - Updated German translation. (Thanks to Andreas Graf.) diff --git a/docs/credits.txt b/docs/credits.txt index 5c21329b8..a7266e92b 100644 --- a/docs/credits.txt +++ b/docs/credits.txt @@ -8,17 +8,20 @@ The following people/companies are responsible for WebGUI: WebGUI Core..........................JT Smith / Plain Black Contributing Developers..............Peter Beardsley / Appropriate Solutions + Leendert Bottelberghs Richard Caelius / 100 World Richard Clark Doug Collinge Flavio Curti Jeff Depons / WDI Frank Dillon / WDI + Arne Dokken Junying Du / WDI Ed Van Duinen / UNC Greg Fast / WDI Chris Gebhardt / OpenServe Andy Grundman + Chris Jackson Koen de Jonge / ProcoliX Martin Kamerbeek / ProcoliX John W. Krahn diff --git a/docs/upgrades/upgrade_5.4.2-5.4.3.sql b/docs/upgrades/upgrade_5.4.2-5.4.3.sql new file mode 100644 index 000000000..a29e9f800 --- /dev/null +++ b/docs/upgrades/upgrade_5.4.2-5.4.3.sql @@ -0,0 +1,2 @@ +insert into webguiVersion values ('5.4.3','upgrade',unix_timestamp()); + diff --git a/docs/upgrades/upgrade_5.4.2-5.5.0.sql b/docs/upgrades/upgrade_5.4.3-5.5.0.sql similarity index 100% rename from docs/upgrades/upgrade_5.4.2-5.5.0.sql rename to docs/upgrades/upgrade_5.4.3-5.5.0.sql diff --git a/lib/WebGUI/Attachment.pm b/lib/WebGUI/Attachment.pm index af4da7ed2..18f8b1f2e 100644 --- a/lib/WebGUI/Attachment.pm +++ b/lib/WebGUI/Attachment.pm @@ -669,6 +669,7 @@ A hash reference containing the data you wish to persist to the filesystem. sub saveFromHashref { my ($self, $hashref) = @_; + $self->getNode->create(); store $hashref, $self->getPath; return $self->getFilename; } diff --git a/lib/WebGUI/Authentication/LDAP.pm b/lib/WebGUI/Authentication/LDAP.pm index 572ee0d3a..180959d26 100644 --- a/lib/WebGUI/Authentication/LDAP.pm +++ b/lib/WebGUI/Authentication/LDAP.pm @@ -112,14 +112,17 @@ sub registrationFormSave { $ldap->bind; my $search = $ldap->search (base => $uri->dn, filter => $session{setting}{ldapId}."=".$session{form}{'authLDAP.ldapId'}); if (defined $search->entry(0)) { - $connectDN = $search->entry(0)->get_value($session{setting}{ldapUserRDN}); + if ($session{setting}{ldapUserRDN} eq 'dn') { + $connectDN = $search->entry(0)->dn; + } else { + $connectDN = $search->entry(0)->get_value($session{setting}{ldapUserRDN}); + } } $ldap->unbind; - WebGUI::Authentication::saveParams($uid,'LDAP', - { + WebGUI::Authentication::saveParams($uid,'LDAP', { connectDN => $connectDN, ldapUrl => $session{setting}{ldapURL} - }); + }); } #------------------------------------------------------------------- @@ -130,7 +133,11 @@ sub registrationFormValidate { if ($ldap->bind) { $search = $ldap->search (base=>$uri->dn,filter=>$session{setting}{ldapId}."=".$session{form}{'authLDAP.ldapId'}); if (defined $search->entry(0)) { - $connectDN = $search->entry(0)->get_value($session{setting}{ldapUserRDN}); + if ($session{setting}{ldapUserRDN} eq 'dn') { + $connectDN = $search->entry(0)->dn; + } else { + $connectDN = $search->entry(0)->get_value($session{setting}{ldapUserRDN}); + } $ldap->unbind; $ldap = Net::LDAP->new($uri->host, (port=>$uri->port)) or $error .= WebGUI::International::get(2,'Auth/LDAP'); $auth = $ldap->bind(dn=>$connectDN, password=>$session{form}{'authLDAP.ldapPassword'}); diff --git a/lib/WebGUI/Collateral.pm b/lib/WebGUI/Collateral.pm index 5bebf9707..22677ef0a 100644 --- a/lib/WebGUI/Collateral.pm +++ b/lib/WebGUI/Collateral.pm @@ -72,8 +72,10 @@ Delete's this collateral item. =cut sub delete { - $_[0]->deleteNode; - WebGUI::SQL->write("delete from collateral where collateralId=".$_[0]->get("collateralId")); + if ($_[0]->{_properties}->{collateralId} > 0) { # blocks deletion of all collateral in the event that no valid collateral id exists + $_[0]->deleteNode; + WebGUI::SQL->write("delete from collateral where collateralId=".$_[0]->get("collateralId")); + } } diff --git a/lib/WebGUI/Grouping.pm b/lib/WebGUI/Grouping.pm index 9826949d6..5463ab2eb 100755 --- a/lib/WebGUI/Grouping.pm +++ b/lib/WebGUI/Grouping.pm @@ -325,7 +325,7 @@ If specified the admin flag will be set to this value. =cut sub userGroupAdmin { - if ($_[2]) { + if ($_[2] ne "") { WebGUI::SQL->write("update groupings set groupAdmin=$_[2] where groupId=$_[1] and userId=$_[0]"); return $_[2]; } else { diff --git a/lib/WebGUI/Macro/RandomImage.pm b/lib/WebGUI/Macro/RandomImage.pm index 997287f84..e26ef608a 100644 --- a/lib/WebGUI/Macro/RandomImage.pm +++ b/lib/WebGUI/Macro/RandomImage.pm @@ -20,12 +20,11 @@ use WebGUI::SQL; #------------------------------------------------------------------- sub process { my @param = WebGUI::Macro::getParams($_[0]); - my $collateralFolderId; + my $collateralFolderId = 0; if ($param[0] ne "") { ($collateralFolderId) = WebGUI::SQL->quickArray("select collateralFolderId from collateralFolder where name=".quote($param[0])); - } else { - $collateralFolderId = 0; #Root + $collateralFolderId = 0 unless ($collateralFolderId); } my @images = WebGUI::SQL->buildArray("select collateralId from collateral where collateralType='image' and collateralFolderId=".$collateralFolderId); diff --git a/lib/WebGUI/Macro/RandomSnippet.pm b/lib/WebGUI/Macro/RandomSnippet.pm index 65346e70c..a864fc5b2 100644 --- a/lib/WebGUI/Macro/RandomSnippet.pm +++ b/lib/WebGUI/Macro/RandomSnippet.pm @@ -20,12 +20,11 @@ use WebGUI::SQL; #------------------------------------------------------------------- sub process { my @param = WebGUI::Macro::getParams($_[0]); - my $collateralFolderId; + my $collateralFolderId = 0; if ($param[0] ne "") { ($collateralFolderId) = WebGUI::SQL->quickArray("select collateralFolderId from collateralFolder where name=".quote($param[0])); - } else { - $collateralFolderId = 0; #Root + $collateralFolderId = 0 unless ($collateralFolderId); } my @snippets = WebGUI::SQL->buildArray("select collateralId from collateral where collateralType='snippet' and collateralFolderId=".$collateralFolderId); diff --git a/lib/WebGUI/Operation/Collateral.pm b/lib/WebGUI/Operation/Collateral.pm index 8c930a6ab..0fc911e30 100644 --- a/lib/WebGUI/Operation/Collateral.pm +++ b/lib/WebGUI/Operation/Collateral.pm @@ -55,15 +55,18 @@ sub _submenu { $menu{WebGUI::URL::page('op=deleteCollateral&cid='.$session{form}{cid})} = WebGUI::International::get(765); } $menu{WebGUI::URL::page('op=editCollateralFolder')} = WebGUI::International::get(759); - $menu{WebGUI::URL::page('op=emptyCollateralFolder')} = WebGUI::International::get(980); - $menu{WebGUI::URL::page('op=deleteCollateralFolder')} = WebGUI::International::get(760); + if (WebGUI::Privilege::isInGroup(3)) { + $menu{WebGUI::URL::page('op=emptyCollateralFolder')} = WebGUI::International::get(980); + $menu{WebGUI::URL::page('op=deleteCollateralFolder')} = WebGUI::International::get(760); + } $menu{WebGUI::URL::page('op=listCollateral')} = WebGUI::International::get(766); return menuWrapper($_[0],\%menu); } #------------------------------------------------------------------- sub www_deleteCollateral { - return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(4)); + my $collateral = WebGUI::Collateral->new($session{form}{cid}); + return WebGUI::Privilege::insufficient unless ($collateral->get("userId") == $session{user}{userId} || WebGUI::Privilege::isInGroup(3)); my $output = '

'.WebGUI::International::get(42).'

'; $output .= WebGUI::International::get(774).'

'; $output .= '' @@ -76,16 +79,25 @@ sub www_deleteCollateral { #------------------------------------------------------------------- sub www_deleteCollateralConfirm { - return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(4)); my $collateral = WebGUI::Collateral->new($session{form}{cid}); + return WebGUI::Privilege::insufficient unless ($collateral->get("userId") == $session{user}{userId} || WebGUI::Privilege::isInGroup(3)); $collateral->delete; WebGUI::Session::deleteScratch("collateralPageNumber"); return www_listCollateral(); } +#------------------------------------------------------------------- +sub www_deleteCollateralFile { + my $collateral = WebGUI::Collateral->new($session{form}{cid}); + return WebGUI::Privilege::insufficient unless ($collateral->get("userId") == $session{user}{userId} || WebGUI::Privilege::isInGroup(3)); + my $collateral = WebGUI::Collateral->new($session{form}{cid}); + $collateral->deleteFile; + return www_editCollateral($collateral); +} + #------------------------------------------------------------------- sub www_deleteCollateralFolder { - return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(4)); + return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(3)); return WebGUI::Privilege::vitalComponent() unless ($session{scratch}{collateralFolderId} > 999); my $output = '

'.WebGUI::International::get(42).'

'; $output .= WebGUI::International::get(775).'

'; @@ -99,7 +111,7 @@ sub www_deleteCollateralFolder { #------------------------------------------------------------------- sub www_deleteCollateralFolderConfirm { - return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(4)); + return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(3)); return WebGUI::Privilege::vitalComponent() unless ($session{scratch}{collateralFolderId} > 999); my $folders = WebGUI::CollateralFolder->getTree({-minimumFields => 1}); if (my $deadFolder = $folders->{$session{scratch}{collateralFolderId}}) { @@ -112,7 +124,7 @@ sub www_deleteCollateralFolderConfirm { #------------------------------------------------------------------- sub www_emptyCollateralFolder { - return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(4)); + return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(3)); return WebGUI::Privilege::vitalComponent() unless ($session{scratch}{collateralFolderId} > 999); my $output = '

'.WebGUI::International::get(42).'

'; $output .= WebGUI::International::get(979).'

'; @@ -126,21 +138,13 @@ sub www_emptyCollateralFolder { #------------------------------------------------------------------- sub www_emptyCollateralFolderConfirm { - return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(4)); + return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(3)); return WebGUI::Privilege::vitalComponent() unless ($session{scratch}{collateralFolderId} > 999); my @collateralIds = WebGUI::SQL->buildArray("select collateralId from collateral where collateralFolderId=".$session{scratch}{collateralFolderId}); WebGUI::Collateral->multiDelete(@collateralIds); return www_listCollateral(); } -#------------------------------------------------------------------- -sub www_deleteCollateralFile { - return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(4)); - my $collateral = WebGUI::Collateral->new($session{form}{cid}); - $collateral->deleteFile; - return www_editCollateral($collateral); -} - #------------------------------------------------------------------- sub www_editCollateral { return WebGUI::Privilege::insufficient unless (WebGUI::Privilege::isInGroup(4)); diff --git a/lib/WebGUI/Operation/User.pm b/lib/WebGUI/Operation/User.pm index 6f136dde3..da181c696 100644 --- a/lib/WebGUI/Operation/User.pm +++ b/lib/WebGUI/Operation/User.pm @@ -260,7 +260,7 @@ sub www_editGrouping { sub www_editGroupingSave { return WebGUI::Privilege::adminOnly() unless (WebGUI::Privilege::isInGroup(3)); WebGUI::Grouping::userGroupExpireDate($session{form}{uid},$session{form}{gid},setToEpoch($session{form}{expireDate})); - WebGUI::Grouping::userGroupAdmin($session{form}{uid},$session{form}{gid},setToEpoch($session{form}{groupAdmin})); + WebGUI::Grouping::userGroupAdmin($session{form}{uid},$session{form}{gid},$session{form}{groupAdmin}); return www_editUserGroup(); } @@ -429,7 +429,7 @@ sub www_editUserProfile { } elsif ($method) { if ($session{form}{$data{fieldName}}) { $default = $session{form}{$data{fieldName}}; - } elsif (exists $session{user}{$data{fieldName}}) { + } elsif (exists $user{$data{fieldName}}) { $default = $user{$data{fieldName}}; } else { $default = eval $data{dataDefault}; diff --git a/lib/WebGUI/Privilege.pm b/lib/WebGUI/Privilege.pm index c35aac93a..4c72f0826 100644 --- a/lib/WebGUI/Privilege.pm +++ b/lib/WebGUI/Privilege.pm @@ -129,7 +129,7 @@ The unique identifier for the wobject that you wish to check the privileges on. sub canEditWobject { my (%wobject); tie %wobject, 'Tie::CPHash'; - return canEditPage() unless ($session{setting}{wobjectPrivileges} == 1); + return canEditPage() if ($session{setting}{wobjectPrivileges} != 1 || $_[0] eq "new"); %wobject = WebGUI::SQL->quickHash("select ownerId,groupIdEdit from wobject where wobjectId=".quote($_[0])); if ($session{user}{userId} == $wobject{ownerId}) { return 1; diff --git a/lib/WebGUI/Session.pm b/lib/WebGUI/Session.pm index 43e2ae227..ebaeeb35a 100644 --- a/lib/WebGUI/Session.pm +++ b/lib/WebGUI/Session.pm @@ -24,6 +24,7 @@ use strict; use Tie::CPHash; use WebGUI::ErrorHandler; use WebGUI::SQL; +use WebGUI::URL; use WebGUI::Utility; our @ISA = qw(Exporter); diff --git a/lib/WebGUI/URL.pm b/lib/WebGUI/URL.pm index 1cb3a1464..fa4935290 100644 --- a/lib/WebGUI/URL.pm +++ b/lib/WebGUI/URL.pm @@ -50,9 +50,9 @@ These subroutines are available from this package: #------------------------------------------------------------------- sub _getSiteURL { - my $site = $session{env}{HTTP_HOST} || $session{config}{sitename}; + my $site = $WebGUI::Session::session{env}{HTTP_HOST} || $WebGUI::Session::session{config}{sitename}; my $proto = "http://"; - if ($session{env}{SERVER_PORT} == 443) { + if ($WebGUI::Session::session{env}{SERVER_PORT} == 443) { $proto = "https://"; } return $proto.$site; @@ -137,11 +137,11 @@ Name value pairs to add to the URL in the form of: =cut sub gateway { - my $url = _getSiteURL().$session{config}{scripturl}.'/'.$_[0]; + my $url = _getSiteURL().$WebGUI::Session::session{config}{scripturl}.'/'.$_[0]; if ($_[1]) { $url = append($url,$_[1]); } - if ($session{setting}{preventProxyCache} == 1) { + if ($WebGUI::Session::session{setting}{preventProxyCache} == 1) { $url = append($url,"noCache=".randint(0,1000).';'.time()); } return $url; @@ -195,11 +195,11 @@ Name value pairs to add to the URL in the form of: =cut sub page { - my $url = _getSiteURL().$session{page}{url}; + my $url = _getSiteURL().$WebGUI::Session::session{page}{url}; if ($_[0]) { $url = append($url,$_[0]); } - if ($session{setting}{preventProxyCache} == 1) { + if ($WebGUI::Session::session{setting}{preventProxyCache} == 1) { $url = append($url,"noCache=".randint(0,1000).';'.time()); } return $url; diff --git a/lib/WebGUI/Wobject/Article.pm b/lib/WebGUI/Wobject/Article.pm index 586d68333..d0e7c828a 100644 --- a/lib/WebGUI/Wobject/Article.pm +++ b/lib/WebGUI/Wobject/Article.pm @@ -191,10 +191,14 @@ sub www_view { $var{"post.URL"} = WebGUI::URL::page('func=post&mid=new&wid='.$_[0]->get("wobjectId")); $var{"post.label"} = WebGUI::International::get(24,$_[0]->get("namespace")); } + my $templateId = $_[0]->getValue("templateId"); + if ($session{form}{func} eq "editSave") { + $templateId = $_[0]->get("templateId"); + } if ($session{form}{forumOp}) { return WebGUI::Forum::Web::forumOp(WebGUI::URL::page("func=view&wid=".$_[0]->get("wobjectId"))); } else { - return $_[0]->processTemplate($_[0]->getValue("templateId"),\%var).WebGUI::Forum::Web::viewForum(WebGUI::URL::page("func=view&wid=".$_[0]->get("wobjectId")),1); + return $_[0]->processTemplate($templateId,\%var).WebGUI::Forum::Web::viewForum(WebGUI::URL::page("func=view&wid=".$_[0]->get("wobjectId")),1); } } diff --git a/lib/WebGUI/Wobject/DataForm.pm b/lib/WebGUI/Wobject/DataForm.pm index 45a819116..2790c27c1 100644 --- a/lib/WebGUI/Wobject/DataForm.pm +++ b/lib/WebGUI/Wobject/DataForm.pm @@ -197,11 +197,12 @@ sub getRecordTemplateVars { my $sth = WebGUI::SQL->read("$select from DataForm_field as a $join $where order by a.sequenceNumber"); while (%data = $sth->hash) { my $formValue = $session{form}{$data{name}}; - if (defined $formValue) { - $data{value} = $formValue; - } elsif (not exists $data{value}) { - $data{value} = WebGUI::Macro::process($data{defaultValue}); - } + if ((not exists $data{value}) && $session{form}{func} ne "editSave" && $session{form}{func} ne "editFieldSave" && defined $formValue) { + $data{value} = $formValue; + } + if (not exists $data{value}) { + $data{value} = WebGUI::Macro::process($data{defaultValue}); + } my $hidden = (($data{status} eq "hidden" || ($data{isMailField} && !$self->get("mailData"))) && !$session{var}{adminOn}); push(@fields,{ "field.form" => _createField(\%data), @@ -389,7 +390,7 @@ sub www_editSave { label=>WebGUI::International::get(10,$_[0]->get("namespace")), status=>"editable", isMailField=>1, - width=>45, + width=>0, type=>"email" }); $_[0]->setCollateral("DataForm_field","DataForm_fieldId",{ @@ -398,7 +399,7 @@ sub www_editSave { label=>WebGUI::International::get(11,$_[0]->get("namespace")), status=>"hidden", isMailField=>1, - width=>45, + width=>0, type=>"email", defaultValue=>$session{setting}{companyEmail} }); @@ -408,7 +409,7 @@ sub www_editSave { label=>WebGUI::International::get(12,$_[0]->get("namespace")), status=>"hidden", isMailField=>1, - width=>45, + width=>0, type=>"email" }); $_[0]->setCollateral("DataForm_field","DataForm_fieldId",{ @@ -417,7 +418,7 @@ sub www_editSave { label=>WebGUI::International::get(13,$_[0]->get("namespace")), status=>"hidden", isMailField=>1, - width=>45, + width=>0, type=>"email" }); $_[0]->setCollateral("DataForm_field","DataForm_fieldId",{ @@ -426,7 +427,7 @@ sub www_editSave { label=>WebGUI::International::get(14,$_[0]->get("namespace")), status=>"editable", isMailField=>1, - width=>45, + width=>0, type=>"text", defaultValue=>WebGUI::International::get(2,$_[0]->get("namespace")) });