3 Oct 17:06
SF.net SVN: mantisbt:[5621] trunk/mantisbt
From: <nuclear_eclipse@...>
Subject: SF.net SVN: mantisbt:[5621] trunk/mantisbt
Newsgroups: gmane.comp.bug-tracking.mantis.cvs
Date: 2008-10-03 15:07:13 GMT
Subject: SF.net SVN: mantisbt:[5621] trunk/mantisbt
Newsgroups: gmane.comp.bug-tracking.mantis.cvs
Date: 2008-10-03 15:07:13 GMT
Revision: 5621
http://mantisbt.svn.sourceforge.net/mantisbt/?rev=5621&view=rev
Author: nuclear_eclipse
Date: 2008-10-03 15:07:12 +0000 (Fri, 03 Oct 2008)
Log Message:
-----------
First step to implementing new form security purge().
Modified Paths:
--------------
trunk/mantisbt/manage_config_email_set.php
trunk/mantisbt/manage_config_revert.php
trunk/mantisbt/manage_custom_field_create.php
trunk/mantisbt/manage_custom_field_delete.php
trunk/mantisbt/manage_custom_field_proj_add.php
trunk/mantisbt/manage_custom_field_update.php
trunk/mantisbt/manage_proj_cat_add.php
trunk/mantisbt/manage_proj_cat_copy.php
trunk/mantisbt/manage_proj_cat_delete.php
trunk/mantisbt/manage_proj_cat_update.php
trunk/mantisbt/manage_proj_create.php
trunk/mantisbt/manage_proj_custom_field_add_existing.php
trunk/mantisbt/manage_proj_custom_field_copy.php
trunk/mantisbt/manage_proj_custom_field_remove.php
trunk/mantisbt/manage_proj_custom_field_update.php
trunk/mantisbt/manage_proj_delete.php
trunk/mantisbt/manage_proj_subproj_add.php
trunk/mantisbt/manage_proj_subproj_delete.php
trunk/mantisbt/manage_proj_update.php
trunk/mantisbt/manage_proj_update_children.php
trunk/mantisbt/manage_proj_user_add.php
trunk/mantisbt/manage_proj_user_copy.php
trunk/mantisbt/manage_proj_user_remove.php
trunk/mantisbt/manage_proj_ver_add.php
trunk/mantisbt/manage_proj_ver_copy.php
trunk/mantisbt/manage_proj_ver_delete.php
trunk/mantisbt/manage_proj_ver_update.php
trunk/mantisbt/manage_user_create.php
trunk/mantisbt/manage_user_delete.php
trunk/mantisbt/manage_user_proj_add.php
trunk/mantisbt/manage_user_reset.php
trunk/mantisbt/manage_user_update.php
Modified: trunk/mantisbt/manage_config_email_set.php
===================================================================
--- trunk/mantisbt/manage_config_email_set.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_config_email_set.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -151,7 +151,7 @@
}
}
-
+ form_security_purge('manage_config_email_set');
?>
<br />
Modified: trunk/mantisbt/manage_config_revert.php
===================================================================
--- trunk/mantisbt/manage_config_revert.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_config_revert.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -56,6 +56,8 @@
foreach ( $t_revert_vars as $t_revert ) {
config_delete( $t_revert, null , $f_project_id );
}
+
+ form_security_purge('manage_config_revert');
}
$t_redirect_url = $f_return;
Modified: trunk/mantisbt/manage_custom_field_create.php
===================================================================
--- trunk/mantisbt/manage_custom_field_create.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_custom_field_create.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -46,6 +46,8 @@
$t_redirect_url = 'manage_custom_field_page.php';
}
+ form_security_purge('manage_custom_field_create');
+
html_page_top1();
html_meta_redirect( $t_redirect_url );
html_page_top2();
Modified: trunk/mantisbt/manage_custom_field_delete.php
===================================================================
--- trunk/mantisbt/manage_custom_field_delete.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_custom_field_delete.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -53,6 +53,8 @@
custom_field_destroy( $f_field_id );
+ form_security_purge('manage_custom_field_delete');
+
html_page_top1();
html_meta_redirect( $f_return );
html_page_top2();
Modified: trunk/mantisbt/manage_custom_field_proj_add.php
===================================================================
--- trunk/mantisbt/manage_custom_field_proj_add.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_custom_field_proj_add.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -46,5 +46,7 @@
}
}
+ form_security_purge('manage_custom_field_proj_add');
+
print_header_redirect( 'manage_custom_field_edit_page.php?field_id=' . $f_field_id );
?>
Modified: trunk/mantisbt/manage_custom_field_update.php
===================================================================
--- trunk/mantisbt/manage_custom_field_update.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_custom_field_update.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -60,6 +60,8 @@
custom_field_update( $f_field_id, $t_values );
+ form_security_purge('manage_custom_field_update');
+
html_page_top1();
html_meta_redirect( $f_return );
Modified: trunk/mantisbt/manage_proj_cat_add.php
===================================================================
--- trunk/mantisbt/manage_proj_cat_add.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_proj_cat_add.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -64,6 +64,8 @@
}
}
+ form_security_purge( 'manage_proj_cat_add' );
+
if ( $f_project_id == ALL_PROJECTS ) {
$t_redirect_url = 'manage_proj_page.php';
} else {
Modified: trunk/mantisbt/manage_proj_cat_copy.php
===================================================================
--- trunk/mantisbt/manage_proj_cat_copy.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_proj_cat_copy.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -61,6 +61,8 @@
}
}
+ form_security_purge( 'manage_proj_cat_copy' );
+
if ( $f_project_id == ALL_PROJECTS ) {
$t_redirect_url = 'manage_proj_page.php';
} else {
Modified: trunk/mantisbt/manage_proj_cat_delete.php
===================================================================
--- trunk/mantisbt/manage_proj_cat_delete.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_proj_cat_delete.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -53,6 +53,8 @@
form_security_validate( 'manage_proj_cat_delete' );
category_remove( $f_category_id );
+ form_security_purge( 'manage_proj_cat_delete' );
+
if ( $f_project_id == ALL_PROJECTS ) {
$t_redirect_url = 'manage_proj_page.php';
} else {
Modified: trunk/mantisbt/manage_proj_cat_update.php
===================================================================
--- trunk/mantisbt/manage_proj_cat_update.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_proj_cat_update.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -55,6 +55,8 @@
category_update( $f_category_id, $f_name, $f_assigned_to );
+ form_security_purge( 'manage_proj_cat_update' );
+
if ( $f_project_id == ALL_PROJECTS ) {
$t_redirect_url = 'manage_proj_page.php';
} else {
Modified: trunk/mantisbt/manage_proj_create.php
===================================================================
--- trunk/mantisbt/manage_proj_create.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_proj_create.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -61,6 +61,8 @@
project_hierarchy_add( $t_project_id, $f_parent_id, $f_inherit_parent );
}
+ form_security_purge( 'manage_proj_create' );
+
$t_redirect_url = 'manage_proj_page.php';
html_page_top1();
Modified: trunk/mantisbt/manage_proj_custom_field_add_existing.php
===================================================================
--- trunk/mantisbt/manage_proj_custom_field_add_existing.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_proj_custom_field_add_existing.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -44,6 +44,8 @@
custom_field_link( $f_field_id, $f_project_id );
+ form_security_purge( 'manage_proj_custom_field_add_existing' );
+
$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id;
html_page_top1();
Modified: trunk/mantisbt/manage_proj_custom_field_copy.php
===================================================================
--- trunk/mantisbt/manage_proj_custom_field_copy.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_proj_custom_field_copy.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -49,5 +49,7 @@
project_copy_custom_fields( $t_dst_project_id, $t_src_project_id );
+ form_security_purge( 'manage_proj_custom_field_copy' );
+
print_header_redirect( 'manage_proj_edit_page.php?project_id=' . $f_project_id );
?>
Modified: trunk/mantisbt/manage_proj_custom_field_remove.php
===================================================================
--- trunk/mantisbt/manage_proj_custom_field_remove.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_proj_custom_field_remove.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -58,6 +58,8 @@
form_security_validate( 'manage_proj_custom_field_remove' );
custom_field_unlink( $f_field_id, $f_project_id );
+ form_security_purge( 'manage_proj_custom_field_remove' );
+
html_page_top1();
html_meta_redirect( $t_redirect_url );
html_page_top2();
Modified: trunk/mantisbt/manage_proj_custom_field_update.php
===================================================================
--- trunk/mantisbt/manage_proj_custom_field_update.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_proj_custom_field_update.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -45,6 +45,8 @@
custom_field_set_sequence( $f_field_id, $f_project_id, $f_sequence );
+ form_security_purge( 'manage_proj_custom_field_update' );
+
$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id;
?>
<?php html_page_top1() ?>
Modified: trunk/mantisbt/manage_proj_delete.php
===================================================================
--- trunk/mantisbt/manage_proj_delete.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_proj_delete.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -40,6 +40,7 @@
form_security_validate( 'manage_proj_delete' );
project_delete( $f_project_id );
+ form_security_purge( 'manage_proj_delete' );
# Don't leave the current project set to a deleted project -
# set it to All Projects
Modified: trunk/mantisbt/manage_proj_subproj_add.php
===================================================================
--- trunk/mantisbt/manage_proj_subproj_add.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_proj_subproj_add.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -44,6 +44,8 @@
}
project_hierarchy_add( $f_subproject_id, $f_project_id );
+ form_security_purge( 'manage_proj_subproj_add' );
+
$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id;
html_page_top1();
Modified: trunk/mantisbt/manage_proj_subproj_delete.php
===================================================================
--- trunk/mantisbt/manage_proj_subproj_delete.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_proj_subproj_delete.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -37,6 +37,8 @@
access_ensure_project_level( config_get( 'manage_project_threshold' ), $f_project_id );
project_hierarchy_remove( $f_subproject_id, $f_project_id );
+
+ form_security_purge( 'manage_proj_subproj_delete' );
$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id;
Modified: trunk/mantisbt/manage_proj_update.php
===================================================================
--- trunk/mantisbt/manage_proj_update.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_proj_update.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -42,5 +42,7 @@
project_update( $f_project_id, $f_name, $f_description, $f_status, $f_view_state, $f_file_path,
$f_enabled, $f_inherit_global );
+ form_security_purge( 'manage_proj_update' );
+
print_header_redirect( 'manage_proj_page.php' );
?>
Modified: trunk/mantisbt/manage_proj_update_children.php
===================================================================
--- trunk/mantisbt/manage_proj_update_children.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_proj_update_children.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -44,4 +44,6 @@
project_hierarchy_update( $t_subproject_id, $f_project_id, $f_inherit_child );
}
+ form_security_purge( 'manage_proj_update_children' );
+
print_successful_redirect( 'manage_proj_edit_page.php?project_id=' . $f_project_id );
Modified: trunk/mantisbt/manage_proj_user_add.php
===================================================================
--- trunk/mantisbt/manage_proj_user_add.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_proj_user_add.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -44,5 +44,7 @@
project_add_user( $f_project_id, $t_user_id, $f_access_level );
}
+ form_security_purge( 'manage_proj_user_add' );
+
print_header_redirect( 'manage_proj_edit_page.php?project_id=' . $f_project_id );
?>
Modified: trunk/mantisbt/manage_proj_user_copy.php
===================================================================
--- trunk/mantisbt/manage_proj_user_copy.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_proj_user_copy.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -53,5 +53,7 @@
project_copy_users( $t_dst_project_id, $t_src_project_id );
+ form_security_purge( 'manage_proj_user_copy' );
+
print_header_redirect( 'manage_proj_edit_page.php?project_id=' . $f_project_id );
?>
Modified: trunk/mantisbt/manage_proj_user_remove.php
===================================================================
--- trunk/mantisbt/manage_proj_user_remove.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_proj_user_remove.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -27,6 +27,7 @@
require_once( 'core.php' );
auth_reauthenticate();
+ form_security_validate( 'manage_proj_user_remove' );
$f_project_id = gpc_get_int( 'project_id' );
$f_user_id = gpc_get_int( 'user_id', 0 );
@@ -41,8 +42,6 @@
# Confirm with the user
helper_ensure_confirmed( lang_get( 'remove_all_users_sure_msg' ), lang_get(
'remove_all_users_button' ) );
- form_security_validate( 'manage_proj_user_remove' );
-
project_remove_all_users( $f_project_id );
}
else {
@@ -52,11 +51,11 @@
'<br/>' . lang_get( 'username' ) . ': ' . $t_user['username'],
lang_get( 'remove_user_button' ) );
- form_security_validate( 'manage_proj_user_remove' );
-
project_remove_user( $f_project_id, $f_user_id );
}
+ form_security_purge( 'manage_proj_user_remove' );
+
$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $f_project_id;
html_page_top1();
Modified: trunk/mantisbt/manage_proj_ver_add.php
===================================================================
--- trunk/mantisbt/manage_proj_ver_add.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_proj_ver_add.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -69,6 +69,8 @@
}
}
+ form_security_purge( 'manage_proj_ver_add' );
+
if ( true == $f_add_and_edit ) {
$t_version_id = version_get_id( $t_version, $f_project_id );
$t_redirect_url = 'manage_proj_ver_edit_page.php?version_id='.$t_version_id;
Modified: trunk/mantisbt/manage_proj_ver_copy.php
===================================================================
--- trunk/mantisbt/manage_proj_ver_copy.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_proj_ver_copy.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -62,5 +62,7 @@
}
}
+ form_security_purge( 'manage_proj_ver_copy' );
+
print_header_redirect( 'manage_proj_edit_page.php?project_id=' . $f_project_id );
?>
Modified: trunk/mantisbt/manage_proj_ver_delete.php
===================================================================
--- trunk/mantisbt/manage_proj_ver_delete.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_proj_ver_delete.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -46,6 +46,7 @@
form_security_validate( 'manage_proj_ver_delete' );
version_remove( $f_version_id );
+ form_security_purge( 'manage_proj_ver_delete' );
html_page_top1();
html_meta_redirect( $t_redirect_url );
Modified: trunk/mantisbt/manage_proj_ver_update.php
===================================================================
--- trunk/mantisbt/manage_proj_ver_update.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_proj_ver_update.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -59,6 +59,8 @@
version_update( $t_version );
+ form_security_purge( 'manage_proj_ver_update' );
+
$t_redirect_url = 'manage_proj_edit_page.php?project_id=' . $t_version->project_id;
?>
<?php
Modified: trunk/mantisbt/manage_user_create.php
===================================================================
--- trunk/mantisbt/manage_user_create.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_user_create.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -83,6 +83,8 @@
$t_cookie = user_create( $f_username, $f_password, $f_email, $f_access_level, $f_protected,
$f_enabled, $t_realname );
+ form_security_purge( 'manage_user_create' );
+
if ( $t_cookie === false ) {
$t_redirect_url = 'manage_user_page.php';
} else {
Modified: trunk/mantisbt/manage_user_delete.php
===================================================================
--- trunk/mantisbt/manage_user_delete.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_user_delete.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -42,6 +42,8 @@
user_delete( $f_user_id );
+ form_security_purge('manage_user_delete');
+
$t_redirect_url = 'manage_user_page.php';
html_page_top1();
Modified: trunk/mantisbt/manage_user_proj_add.php
===================================================================
--- trunk/mantisbt/manage_user_proj_add.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_user_proj_add.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -41,5 +41,7 @@
}
}
+ form_security_purge('manage_user_proj_add');
+
print_header_redirect( 'manage_user_edit_page.php?user_id=' . $f_user_id );
?>
Modified: trunk/mantisbt/manage_user_reset.php
===================================================================
--- trunk/mantisbt/manage_user_reset.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_user_reset.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -39,6 +39,8 @@
$t_result = user_reset_password( $f_user_id );
$t_redirect_url = 'manage_user_page.php';
+ form_security_purge('manage_user_reset');
+
html_page_top1();
if ( $t_result ) {
html_meta_redirect( $t_redirect_url );
Modified: trunk/mantisbt/manage_user_update.php
===================================================================
--- trunk/mantisbt/manage_user_update.php 2008-10-03 15:06:09 UTC (rev 5620)
+++ trunk/mantisbt/manage_user_update.php 2008-10-03 15:07:12 UTC (rev 5621)
@@ -114,6 +114,9 @@
$result = db_query_bound( $query, $query_params );
$t_redirect_url = 'manage_user_edit_page.php?user_id=' . $c_user_id;
+
+ form_security_purge('manage_user_update');
+
?>
<?php html_page_top1() ?>
<?php
This was sent by the SourceForge.net collaborative development platform, the world's largest Open
Source development site.
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
RSS Feed