[pLog-svn] r6289 - in plog/trunk: . class/data/validator class/misc class/test/tests/misc config docs-devel gallery install locale locale/admin plugins release templates/LifeType/en_UK
mark at devel.lifetype.net
mark at devel.lifetype.net
Tue Apr 1 08:26:03 EDT 2008
Author: mark
Date: 2008-04-01 08:26:03 -0400 (Tue, 01 Apr 2008)
New Revision: 6289
Added:
plog/trunk/config/.htaccess
plog/trunk/docs-devel/.htaccess
plog/trunk/install/.htaccess
plog/trunk/locale/.htaccess
plog/trunk/release/.htaccess
Modified:
plog/trunk/.htaccess
plog/trunk/class/data/validator/uploadvalidator.class.php
plog/trunk/class/misc/glob.class.php
plog/trunk/class/misc/integritychecker.class.php
plog/trunk/class/test/tests/misc/glob_test.class.php
plog/trunk/gallery/.htaccess
plog/trunk/locale/admin/locale_de_DE.php
plog/trunk/locale/admin/locale_en_UK.php
plog/trunk/plugins/.htaccess
plog/trunk/templates/LifeType/en_UK/strings.txt
plog/trunk/version.php
Log:
Merge from LifeType 1.2 branch 6268:6288
Modified: plog/trunk/.htaccess
===================================================================
--- plog/trunk/.htaccess 2008-04-01 09:22:32 UTC (rev 6288)
+++ plog/trunk/.htaccess 2008-04-01 12:26:03 UTC (rev 6289)
@@ -16,7 +16,9 @@
RewriteEngine On
RewriteBase /
- # Point to the sitemap file that is local to the blog
+# Point to the sitemap file that is local to the blog. This is a Plugin
+# specific rewrite rule and can safely be commented out, if you are not using
+# the Sitemap plugin (http://wiki.lifetype.net/index.php/Plugin_sitemap).
RewriteRule ^sitemap([0-9]+)\.gz$ tmp/sitemap/$1/sitemap.gz [L,NC]
# Permalink to the blog entry (i.e. /1_userfoo/archive/3_title-foo-bar.html)
@@ -73,6 +75,13 @@
# Static Pages (i.e /3_userfoo/demosites)
RewriteRule ^([0-9]+)_[^/]+/(.+)$ index.php?op=Template&blogId=$1&show=$2 [NC]
+# If you would like to use custom urls but ForceType or SetType directives do
+# not work on your server (e.g. PHP is running as CGI/FastCGI) you may uncomment
+# the rewrite rule below to rewrite all requests to ./blog to ./blog.php.
+# Please note that this works only as long as you don't change the default
+# custom url patterns in your LifeType administration.
+## RewriteRule ^blog/(.+) blog.php/$1 [L,NC]
+
</IfModule>
# ForceType settings for hosts that default to php4
Modified: plog/trunk/class/data/validator/uploadvalidator.class.php
===================================================================
--- plog/trunk/class/data/validator/uploadvalidator.class.php 2008-04-01 09:22:32 UTC (rev 6288)
+++ plog/trunk/class/data/validator/uploadvalidator.class.php 2008-04-01 12:26:03 UTC (rev 6289)
@@ -81,7 +81,7 @@
// check if the filename extension is forbidden or not
$fileName = basename($upload->getFileName());
foreach( explode( " ", $forbiddenFilesStr ) as $file ) {
- if( Glob::myFnmatch( $file, $fileName )) {
+ if( Glob::fnmatch( $file, $fileName )) {
return UPLOAD_VALIDATOR_ERROR_FORBIDDEN_EXTENSION;
}
}
@@ -99,7 +99,7 @@
// check if the filename extension is one of the allowed ones or not
$fileName = basename($upload->getFileName());
foreach( explode( " ", $allowedFilesStr ) as $file ) {
- if( Glob::myFnmatch( $file, $fileName )) {
+ if( Glob::fnmatch( $file, $fileName )) {
// print("it's a valid file!");
return true;
}
Modified: plog/trunk/class/misc/glob.class.php
===================================================================
--- plog/trunk/class/misc/glob.class.php 2008-04-01 09:22:32 UTC (rev 6288)
+++ plog/trunk/class/misc/glob.class.php 2008-04-01 12:26:03 UTC (rev 6289)
@@ -65,18 +65,24 @@
*
* @param pattern The shell pattern.
* @param file The filename we would like to match.
+ * @param casesensitive Whether the search should be case-sensitive or not
* @return True if the file matches the pattern or false if not.
* @static
*/
- function fnmatch( $pattern, $file )
+ function fnmatch( $pattern, $file, $casesensitive = false )
{
+ if( !$casesensitive ){
+ $pattern = strtolower( $pattern );
+ $file = strtolower( $file );
+ }
+
if( function_exists("fnmatch")) {
// use the native fnmatch version
return fnmatch( $pattern, $file );
}
else {
// otherwise, use our own
- return Glob::myFnmatch( $pattern, $file );
+ return Glob::_myFnmatch( $pattern, $file );
}
}
@@ -136,14 +142,17 @@
* Based on a user-contributed code for the fnmatch php function here:
* http://www.php.net/manual/en/function.fnmatch.php
*
+ * Note, this function is case-sensitive (like the native fnmatch)
+ *
* @static
+ * @private (call this->fnmatch instead)
*/
- function myFnmatch( $pattern, $file )
+ function _myFnmatch( $pattern, $file )
{
for($i=0,$len = strlen($pattern); $i<$len; $i++) {
if($pattern[$i] == "*") {
for($c=$i; $c<max(strlen($pattern), strlen($file)); $c++) {
- if(Glob::myFnmatch(substr($pattern, $i+1), substr($file, $c))) {
+ if(Glob::_myFnmatch(substr($pattern, $i+1), substr($file, $c))) {
return true;
}
}
@@ -159,7 +168,7 @@
break;
}
foreach ($letter_set as $letter) {
- if(Glob::myFnmatch($letter.substr($pattern, $c+1), substr($file, $i))) {
+ if(Glob::_myFnmatch($letter.substr($pattern, $c+1), substr($file, $i))) {
return true;
}
}
Modified: plog/trunk/class/misc/integritychecker.class.php
===================================================================
--- plog/trunk/class/misc/integritychecker.class.php 2008-04-01 09:22:32 UTC (rev 6288)
+++ plog/trunk/class/misc/integritychecker.class.php 2008-04-01 12:26:03 UTC (rev 6289)
@@ -84,7 +84,7 @@
$result = false;
foreach( $ignore as $pattern ) {
- if( Glob::myFnMatch( $pattern, $file )) {
+ if( Glob::fnmatch( $pattern, $file )) {
$result = true;
break;
}
Modified: plog/trunk/class/test/tests/misc/glob_test.class.php
===================================================================
--- plog/trunk/class/test/tests/misc/glob_test.class.php 2008-04-01 09:22:32 UTC (rev 6288)
+++ plog/trunk/class/test/tests/misc/glob_test.class.php 2008-04-01 12:26:03 UTC (rev 6289)
@@ -13,10 +13,22 @@
function testmyFnMatch()
{
// incorrect match
- $this->assertFalse( Glob::myFnMatch( "*.index.template.*", "index.template.php" ));
-
+ $this->assertFalse( Glob::_myFnmatch( "*.index.template.*", "index.template.php" ) );
+
// valid match
- $this->assertTrue( Glob::myFnMatch( "*index.template.*", "index.template.php" ));
+ $this->assertTrue( Glob::_myFnmatch( "*index.template.*", "index.template.php" ) );
+ }
+
+ function testfnmatch()
+ {
+ // case sensitive check => false
+ $this->assertFalse( Glob::fnmatch( "*index.template.PHP", "index.template.php", true ) );
+
+ // case insensitive check => true
+ $this->assertTrue( Glob::fnmatch( "*index.template.PHP", "index.template.php", false ) );
+
+ // default is case-insensitive => true
+ $this->assertTrue( Glob::fnmatch( "*index.template.PHP", "index.template.php" ) );
}
}
?>
\ No newline at end of file
Copied: plog/trunk/config/.htaccess (from rev 6288, plog/branches/lifetype-1.2/config/.htaccess)
===================================================================
--- plog/trunk/config/.htaccess (rev 0)
+++ plog/trunk/config/.htaccess 2008-04-01 12:26:03 UTC (rev 6289)
@@ -0,0 +1,6 @@
+<Files "*">
+ Order allow,deny
+ Deny from all
+</Files>
+
+ErrorDocument 403 "Access is not allowed"
Copied: plog/trunk/docs-devel/.htaccess (from rev 6288, plog/branches/lifetype-1.2/docs-devel/.htaccess)
===================================================================
--- plog/trunk/docs-devel/.htaccess (rev 0)
+++ plog/trunk/docs-devel/.htaccess 2008-04-01 12:26:03 UTC (rev 6289)
@@ -0,0 +1,6 @@
+<Files "*">
+ Order allow,deny
+ Deny from all
+</Files>
+
+ErrorDocument 403 "Access is not allowed"
Modified: plog/trunk/gallery/.htaccess
===================================================================
--- plog/trunk/gallery/.htaccess 2008-04-01 09:22:32 UTC (rev 6288)
+++ plog/trunk/gallery/.htaccess 2008-04-01 12:26:03 UTC (rev 6289)
@@ -1,15 +1,20 @@
-<Files "*.php">
+# case insensitive file matching. See conversations on the svn list circa 2008-03-29
+# regarding this setting. It is basically impossible to get this string perfect,
+# and so there is an inherent security risk of allowing untrusted users to upload
+# files
+<Files ~ "/\.(php|php3|php4|php5|php6|pht|php3p|phtml|htm|html|pl|py|pyc|pyo|rb|cgi)$/i">
Order allow,deny
Deny from all
</Files>
-<Files "*.htm">
- Order allow,deny
- Deny from all
-</Files>
-<Files "*.html">
- Order allow,deny
- Deny from all
-</Files>
-
+# to be more secure, you can deny access to all files
+# and then only allow access to specific extensions
+#<Files "*">
+# Order allow,deny
+# Deny from all
+#</Files>
+#
+#<Files ~ "/\.(gif|jpg|mp3|mov|png|bmp|pdf)$/i">
+# Allow from all
+#</Files>
Copied: plog/trunk/install/.htaccess (from rev 6288, plog/branches/lifetype-1.2/install/.htaccess)
===================================================================
--- plog/trunk/install/.htaccess (rev 0)
+++ plog/trunk/install/.htaccess 2008-04-01 12:26:03 UTC (rev 6289)
@@ -0,0 +1,6 @@
+<Files "*">
+ Order allow,deny
+ Deny from all
+</Files>
+
+ErrorDocument 403 "Access is not allowed"
Copied: plog/trunk/locale/.htaccess (from rev 6288, plog/branches/lifetype-1.2/locale/.htaccess)
===================================================================
--- plog/trunk/locale/.htaccess (rev 0)
+++ plog/trunk/locale/.htaccess 2008-04-01 12:26:03 UTC (rev 6289)
@@ -0,0 +1,6 @@
+<Files "*">
+ Order allow,deny
+ Deny from all
+</Files>
+
+ErrorDocument 403 "Access is not allowed"
Modified: plog/trunk/locale/admin/locale_de_DE.php
===================================================================
--- plog/trunk/locale/admin/locale_de_DE.php 2008-04-01 09:22:32 UTC (rev 6288)
+++ plog/trunk/locale/admin/locale_de_DE.php 2008-04-01 12:26:03 UTC (rev 6289)
@@ -939,7 +939,7 @@
$messages['blogs'] = 'Blogs';
$messages['resources'] = 'Resourcen';
$messages['upload_in_progress'] = 'Daten werden gesendet, bitte warten...';
-$messages['error_incorrect_username'] = 'Der Benutzername ist nicht korrekt, er ist entweder schon vergeben, oder er ist zu lang (maximal 15 Zeichen!)';
+$messages['error_incorrect_username'] = 'Der Benutzername ist nicht korrekt, er ist entweder schon vergeben, enthält nicht erlaubte Zeichen oder ist zu lang (keine Sonderzeichen, keine Grossbuchstaben, maximal 15 Zeichen!)';
$messages['Miscellaneous'] = 'Verschiedenes';
$messages['Plugins'] = 'Plugins';
Modified: plog/trunk/locale/admin/locale_en_UK.php
===================================================================
--- plog/trunk/locale/admin/locale_en_UK.php 2008-04-01 09:22:32 UTC (rev 6288)
+++ plog/trunk/locale/admin/locale_en_UK.php 2008-04-01 12:26:03 UTC (rev 6289)
@@ -920,7 +920,7 @@
$messages['blogs'] = 'Blogs';
$messages['resources'] = 'Resources';
$messages['upload_in_progress'] = 'Uploading. Please wait...';
-$messages['error_incorrect_username'] = 'The username is not correct, it is already in use or it is too long (maximum 15 characters)';
+$messages['error_incorrect_username'] = 'The username is not correct, it is already in use, contains disallowed characters or it is too long (no special characters, no capitals, maximum 15 characters)';
$messages['Miscellaneous'] = 'Miscellaneous';
$messages['Plugins'] = 'Plugins';
Modified: plog/trunk/plugins/.htaccess
===================================================================
--- plog/trunk/plugins/.htaccess 2008-04-01 09:22:32 UTC (rev 6288)
+++ plog/trunk/plugins/.htaccess 2008-04-01 12:26:03 UTC (rev 6289)
@@ -1,5 +1,20 @@
-<Files "*.php">
+# case insensitive file matching. See conversations on the svn list circa 2008-03-29
+# regarding this setting. It is basically impossible to get this string perfect,
+# and so there is an inherent security risk of allowing untrusted users to upload
+# files
+<Files ~ "/\.(php|php3|php4|php5|php6|pht|php3p|phtml|htm|html|pl|py|pyc|pyo|rb|cgi)$/i">
Order allow,deny
Deny from all
</Files>
+
+# to be more secure, you can deny access to all files
+# and then only allow access to specific extensions
+#<Files "*">
+# Order allow,deny
+# Deny from all
+#</Files>
+#
+#<Files ~ "/\.(gif|jpg|mp3|mov|png|bmp|pdf)$/i">
+# Allow from all
+#</Files>
Copied: plog/trunk/release/.htaccess (from rev 6288, plog/branches/lifetype-1.2/release/.htaccess)
===================================================================
--- plog/trunk/release/.htaccess (rev 0)
+++ plog/trunk/release/.htaccess 2008-04-01 12:26:03 UTC (rev 6289)
@@ -0,0 +1,6 @@
+<Files "*">
+ Order allow,deny
+ Deny from all
+</Files>
+
+ErrorDocument 403 "Access is not allowed"
Modified: plog/trunk/templates/LifeType/en_UK/strings.txt
===================================================================
--- plog/trunk/templates/LifeType/en_UK/strings.txt 2008-04-01 09:22:32 UTC (rev 6288)
+++ plog/trunk/templates/LifeType/en_UK/strings.txt 2008-04-01 12:26:03 UTC (rev 6289)
@@ -1,8 +1,8 @@
ltTagline = """LifeType is an open-source blogging platform with support for multiple blogs and users
in a single installation."""
-frontPageLeft = """The latest stable version of LifeType is <b>1.2.6</b>. Click the link below to download.<br/>
-Take a look at the <a href="/post/2008/01/23/lifetype-1.2.6">Release Page</a>."""
+frontPageLeft = """The latest stable version of LifeType is <b>1.2.7</b>. Click the link below to download.<br/>
+Take a look at the <a href="/post/2008/03/30/lifetype-1.2.7">Release Page</a>."""
frontPageRight = """LifeType supports multiple blogs and users, media management,
generation of standard content, clean URLs and support for subdomains.
Modified: plog/trunk/version.php
===================================================================
--- plog/trunk/version.php 2008-04-01 09:22:32 UTC (rev 6288)
+++ plog/trunk/version.php 2008-04-01 12:26:03 UTC (rev 6289)
@@ -1,3 +1,3 @@
<?php
- $version = 'LifeType-2.0-Dev';
+$version = 'lifetype-1.2.7-dev';
?>
More information about the pLog-svn
mailing list