[pLog-svn] r6983 - in plog/trunk: . bin-devel class/action class/action/admin class/controller class/dao class/data/forms class/data/validator class/gallery/dao class/net class/net/http class/template class/template/smarty class/template/smarty/plugins class/view js/tinymce/plugins/insertvideo js/tinymce/plugins/insertvideo/css js/tinymce/plugins/insertvideo/images plugins/badbehavior plugins/badbehavior/bad-behavior templates/admin
jondaley at devel.lifetype.net
jondaley at devel.lifetype.net
Wed Feb 17 15:47:47 EST 2010
Author: jondaley
Date: 2010-02-17 15:47:47 -0500 (Wed, 17 Feb 2010)
New Revision: 6983
Added:
plog/trunk/class/template/smarty/plugins/compiler.break.php
plog/trunk/class/template/smarty/plugins/compiler.continue.php
plog/trunk/js/tinymce/plugins/insertvideo/images/vimeo.png
Removed:
plog/trunk/plugins/badbehavior/bad-behavior/README.txt
plog/trunk/plugins/badbehavior/bad-behavior/index.html
Modified:
plog/trunk/
plog/trunk/bin-devel/build-core-all-svn.sh
plog/trunk/bin-devel/build-core-diff.sh
plog/trunk/bin-devel/build-plugin-local.sh
plog/trunk/bin-devel/build-plugins-all-svn.sh
plog/trunk/bin-devel/genpluginfeeds.php
plog/trunk/blog.php
plog/trunk/class/action/action.class.php
plog/trunk/class/action/admin/adminaddlinkaction.class.php
plog/trunk/class/action/admin/adminaddresourceaction.class.php
plog/trunk/class/action/admin/admindeletegalleryitemsaction.class.php
plog/trunk/class/action/admin/admindeleteresourceaction.class.php
plog/trunk/class/action/admin/admindeleteresourcealbumaction.class.php
plog/trunk/class/action/admin/adminupdateglobalsettingsaction.class.php
plog/trunk/class/action/defaultaction.class.php
plog/trunk/class/controller/controller.class.php
plog/trunk/class/controller/sequentialcontroller.class.php
plog/trunk/class/dao/blogs.class.php
plog/trunk/class/data/forms/formvalidator.class.php
plog/trunk/class/data/validator/uploadvalidator.class.php
plog/trunk/class/gallery/dao/galleryresources.class.php
plog/trunk/class/net/customrequestgenerator.class.php
plog/trunk/class/net/customurlhandler.class.php
plog/trunk/class/net/http/subdomains.class.php
plog/trunk/class/net/linkformatmatcher.class.php
plog/trunk/class/net/linkparser.class.php
plog/trunk/class/template/smarty/Config_File.class.php
plog/trunk/class/template/smarty/Smarty.class.php
plog/trunk/class/template/smarty/Smarty_Compiler.class.php
plog/trunk/class/template/smarty/plugins/function.math.php
plog/trunk/class/template/templatesandbox.class.php
plog/trunk/class/view/defaultview.class.php
plog/trunk/class/view/view.class.php
plog/trunk/class/view/viewarticleview.class.php
plog/trunk/js/tinymce/plugins/insertvideo/css/content.css
plog/trunk/js/tinymce/plugins/insertvideo/editor_plugin.js
plog/trunk/js/tinymce/plugins/insertvideo/functions.js
plog/trunk/js/tinymce/plugins/insertvideo/videoinput.html
plog/trunk/plugins/badbehavior/bad-behavior/banned.inc.php
plog/trunk/plugins/badbehavior/bad-behavior/blackhole.inc.php
plog/trunk/plugins/badbehavior/bad-behavior/blacklist.inc.php
plog/trunk/plugins/badbehavior/bad-behavior/common_tests.inc.php
plog/trunk/plugins/badbehavior/bad-behavior/core.inc.php
plog/trunk/plugins/badbehavior/bad-behavior/post.inc.php
plog/trunk/plugins/badbehavior/bad-behavior/responses.inc.php
plog/trunk/plugins/badbehavior/bad-behavior/trackback.inc.php
plog/trunk/plugins/badbehavior/bad-behavior/version.inc.php
plog/trunk/plugins/badbehavior/bad-behavior/whitelist.inc.php
plog/trunk/plugins/badbehavior/pluginbadbehavior.class.php
plog/trunk/templates/admin/newlink.template
plog/trunk/version.php
Log:
merging the rest of 6933:6981
Property changes on: plog/trunk
___________________________________________________________________
Modified: svn:mergeinfo
- /plog/branches/lifetype-1.2:6449-6933
+ /plog/branches/lifetype-1.2:6449-6981
Property changes on: plog/trunk/bin-devel/build-core-all-svn.sh
___________________________________________________________________
Modified: svn:mergeinfo
-
+ /plog/branches/lifetype-1.2/bin-devel/build-core-all-svn.sh:6934-6981
Property changes on: plog/trunk/bin-devel/build-core-diff.sh
___________________________________________________________________
Modified: svn:mergeinfo
-
+ /plog/branches/lifetype-1.2/bin-devel/build-core-diff.sh:6934-6981
Property changes on: plog/trunk/bin-devel/build-plugin-local.sh
___________________________________________________________________
Modified: svn:mergeinfo
-
+ /plog/branches/lifetype-1.2/bin-devel/build-plugin-local.sh:6934-6981
Property changes on: plog/trunk/bin-devel/build-plugins-all-svn.sh
___________________________________________________________________
Modified: svn:mergeinfo
-
+ /plog/branches/lifetype-1.2/bin-devel/build-plugins-all-svn.sh:6934-6981
Property changes on: plog/trunk/bin-devel/genpluginfeeds.php
___________________________________________________________________
Modified: svn:mergeinfo
-
+ /plog/branches/lifetype-1.2/bin-devel/genpluginfeeds.php:6934-6981
Modified: plog/trunk/blog.php
===================================================================
--- plog/trunk/blog.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/blog.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -8,7 +8,7 @@
// get the configuration data
$config =& Config::getConfig();
- // in order to maintain compatilibity with previous version, and the alternative
+ // in order to maintain compatibility with previous version, and the alternative
// format of search-engine friendly urls
if( $config->getValue( "request_format_mode" ) == SEARCH_ENGINE_FRIENDLY_MODE ) {
lt_include( PLOG_CLASS_PATH."error.php" );
@@ -17,7 +17,9 @@
$server = HttpVars::getServer();
$requestParser = new CustomUrlHandler();
- $requestParser->process( $server["REQUEST_URI"] );
+ // TODO: should check the return value of process() and
+ // then display an error page instead of the home page
+ $requestParser->process($server["REQUEST_URI"]);
$vars = $requestParser->getVars();
$params = $requestParser->getParams();
$includeFile = $requestParser->getIncludeFile();
Modified: plog/trunk/class/action/action.class.php
===================================================================
--- plog/trunk/class/action/action.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/action/action.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -308,7 +308,7 @@
// in case we'd like to copy the values from the form
$fieldValues = $this->_form->getFieldValues();
foreach( $fieldValues as $fieldName => $fieldValue ) {
- $this->_view->setValue( "$fieldName", $fieldValue );
+ $this->_view->setValue( $fieldName, $fieldValue );
}
}
return true;
Modified: plog/trunk/class/action/admin/adminaddlinkaction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminaddlinkaction.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/action/admin/adminaddlinkaction.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -8,12 +8,6 @@
*/
class AdminAddLinkAction extends AdminAction
{
-
- var $_linkName;
- var $_linkUrl;
- var $_linkDescription;
- var $_linkCategoryId;
- var $_properties;
var $_message;
/**
@@ -31,6 +25,7 @@
$this->registerFieldValidator( "linkRssFeed", new HttpUrlValidator(), true, $this->_locale->tr( "error_invalid_url" ));
$this->registerFieldValidator( "linkCategoryId", new IntegerValidator());
$this->registerFieldValidator( "linkDescription", new StringValidator(), true );
+
$view = new AdminNewLinkView( $this->_blogInfo );
$view->setErrorMessage( $this->_locale->tr("error_adding_link" ));
$this->setValidationErrorView( $view );
@@ -48,19 +43,19 @@
function addLink()
{
- // fetch the data
- $this->_linkName = $this->_request->getValue( "linkName" );
- $this->_linkUrl = $this->_request->getValue( "linkUrl" );
- $this->_linkCategoryId = $this->_request->getValue( "linkCategoryId" );
- $this->_linkDescription = $this->_request->getValue( "linkDescription" );
- $this->_linkRss = $this->_request->getValue( "linkRssFeed" );
- $this->_properties = Array();
+ // fetch the data
+ $linkName = $this->_request->getValue( "linkName" );
+ $linkUrl = $this->_request->getValue( "linkUrl" );
+ $linkCategoryId = $this->_request->getValue( "linkCategoryId" );
+ $linkDescription = $this->_request->getValue( "linkDescription" );
+ $linkRss = $this->_request->getValue( "linkRssFeed" );
+ $properties = Array();
// adds the new link to the database
$myLinks = new MyLinks();
- $myLink = new MyLink( $this->_linkName, $this->_linkDescription, $this->_linkUrl,
- $this->_blogInfo->getId(), $this->_linkCategoryId,
- 0, $this->_linkRss, $this->_properties );
+ $myLink = new MyLink( $linkName, $linkDescription, $linkUrl,
+ $this->_blogInfo->getId(), $linkCategoryId,
+ 0, $linkRss, $properties );
$this->notifyEvent( EVENT_PRE_LINK_ADD, Array( "link" => &$link ));
if( !$myLinks->addMyLink( $myLink, $this->_blogInfo->getId())) {
$this->_message = $this->_locale->tr( "error_adding_link" );
Modified: plog/trunk/class/action/admin/adminaddresourceaction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminaddresourceaction.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/action/admin/adminaddresourceaction.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -99,7 +99,6 @@
$errorMessage = "";
foreach( $this->_files as $file ) {
-
// create a new FileUpload object based on the file
$upload = new FileUpload( $file );
@@ -121,7 +120,9 @@
$this->notifyEvent( EVENT_POST_RESOURCE_ADD, Array( "resource" => &$resource ));
}
else {
- if( $res == GalleryConstants::GALLERY_ERROR_RESOURCE_FORBIDDEN_EXTENSION )
+ // TODO: some of these error messages don't accept the filename, so should either be
+ // called with tr() or else fix the locale message.
+ if( $res == GALLERY_ERROR_RESOURCE_FORBIDDEN_EXTENSION )
$errorMessage .= $this->_locale->pr("error_resource_forbidden_extension", $file["name"])."<br/>";
elseif( $res == GalleryConstants::GALLERY_ERROR_RESOURCE_NOT_WHITELISTED_EXTENSION )
$errorMessage .= $this->_locale->pr("error_resource_not_whitelisted_extension", $file["name"])."<br/>";
@@ -139,7 +140,10 @@
// clear the cache no matter what happened... we should only clear it if there was at least one
// file uploaded but this way is not that bad after all...
CacheControl::resetBlogCache( $this->_blogInfo->getId(), false );
-
+
+ if(!$successMessage && !$errorMessage)
+ $errorMessage .= $this->_locale->tr("error_no_resource_uploaded")."<br/>";
+
if( $successMessage != "" ) {
if( $this->_request->getOutput() == "flash" )
$this->_view->setSuccessMessage( "OK" );
Modified: plog/trunk/class/action/admin/admindeletegalleryitemsaction.class.php
===================================================================
--- plog/trunk/class/action/admin/admindeletegalleryitemsaction.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/action/admin/admindeletegalleryitemsaction.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -78,7 +78,7 @@
$this->_successMessage = $this->_locale->pr("items_deleted_ok", $this->_totalOk );
else
$this->_successMessage .= $this->_locale->pr("item_deleted_ok", $resource->getFileName());
- $this->notifyEvent( EVENT_PRE_RESOURCE_DELETE, Array( "resource" => &$resource ));
+ $this->notifyEvent( EVENT_POST_RESOURCE_DELETE, Array( "resource" => &$resource ));
}
else
$this->_errorMessage .= $this->_locale->pr("error_deleting_resource", $resource->getFileName())."<br/>";
Modified: plog/trunk/class/action/admin/admindeleteresourceaction.class.php
===================================================================
--- plog/trunk/class/action/admin/admindeleteresourceaction.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/action/admin/admindeleteresourceaction.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -60,7 +60,7 @@
$res = $resources->deleteResource( $resourceId, $this->_blogInfo->getId());
if( $res ) {
$this->_view->setSuccessMessage( $this->_locale->pr("resource_deleted_ok", $resource->getFileName()));
- $this->notifyEvent( EVENT_PRE_RESOURCE_DELETE, Array( "resource" => &$resource ));
+ $this->notifyEvent( EVENT_POST_RESOURCE_DELETE, Array( "resource" => &$resource ));
// clear the cache if everything went fine
CacheControl::resetBlogCache( $this->_blogInfo->getId(), false );
Modified: plog/trunk/class/action/admin/admindeleteresourcealbumaction.class.php
===================================================================
--- plog/trunk/class/action/admin/admindeleteresourcealbumaction.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/action/admin/admindeleteresourcealbumaction.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -68,7 +68,7 @@
// otherwise, we can go ahead and remove it
if( $albums->deleteAlbum( $albumId, $this->_blogInfo->getId())) {
$this->_view->setSuccessMessage( $this->_locale->pr("album_deleted_ok", $album->getName()));
- $this->notifyEvent( EVENT_PRE_ALBUM_DELETE, Array( "album" => &$album ));
+ $this->notifyEvent( EVENT_POST_ALBUM_DELETE, Array( "album" => &$album ));
// clear the cache
CacheControl::resetBlogCache( $this->_blogInfo->getId(), false );
}
Modified: plog/trunk/class/action/admin/adminupdateglobalsettingsaction.class.php
===================================================================
--- plog/trunk/class/action/admin/adminupdateglobalsettingsaction.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/action/admin/adminupdateglobalsettingsaction.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -20,9 +20,11 @@
$this->registerFieldValidator( "blogId", new IntegerValidator(), true);
$this->registerFieldValidator( "show", new StringValidator(), true);
// TODO: how do we validate the data inside the array?
+ // except for the allowed_comment_html tags, we could do a regular StringValidator
+ // if we changed that field to be non-html, we'd be all set. TODO in 2.0
$this->registerFieldValidator( "config", new ArrayValidator() );
- $view = new AdminGlobalSettingsListView( $this->_blogInfo, "");
+ $view = new AdminGlobalSettingsListView( $this->_blogInfo);
$view->setErrorMessage( $this->_locale->tr("error_saving_site_config"));
$this->setValidationErrorView( $view );
}
@@ -32,10 +34,8 @@
$valid = parent::validate();
if($this->_form->isFieldValid("show")){
- // 'show' has now been validated,
- // so we can set our error view to a better page
- $view = new AdminGlobalSettingsListView( $this->_blogInfo,
- $this->_request->getValue("show"));
+ $view = new AdminGlobalSettingsListView($this->_blogInfo,
+ $this->_request->getValue( "show"));
$view->setErrorMessage( $this->_locale->tr("error_saving_site_config"));
$this->setValidationErrorView( $view );
}
@@ -46,10 +46,6 @@
return false;
}
- $view = new AdminGlobalSettingsListView( $this->_blogInfo, "" );
- $view->setErrorMessage( $this->_locale->tr("error_saving_site_config"));
- $this->setValidationErrorView( $view );
-
// all the settings come from a very nice array from the html form
$this->_newConfigOpts = Array();
$this->_newConfigOpts = $this->_request->getValue( "config" );
@@ -79,11 +75,24 @@
"resource_link_format",
"page_suffix_format");
+ if(!$this->_newConfigOpts["blog_link_format"] || $this->_newConfigOpts["blog_link_format"] == "/")
+ $this->_newConfigOpts["blog_link_format"] = "/$";
+
foreach($customUrlFormats as $format){
if(isset($this->_newConfigOpts[$format])){
$val = $this->_newConfigOpts[$format];
$val = str_replace("\\", "/", $val);
$this->_newConfigOpts[$format] = $val;
+ if(!$val){
+ $this->_form->setFieldValidationStatus( "config[$format]", false );
+ $valid = false;
+ }
+ else{
+ // whenever we have an array validator, we need to manually set
+ // the fieldValidationStatus, otherwise, they'll all be marked
+ // as invalid, whenever any one of them is invalid
+ $this->_form->setFieldValidationStatus( "config[$format]", true );
+ }
}
}
@@ -92,6 +101,11 @@
if($blogId)
$this->_newConfigOpts["default_blog_id"] = $blogId;
+ if(!$valid){
+ $this->validationErrorProcessing();
+ return false;
+ }
+
return true;
}
Modified: plog/trunk/class/action/defaultaction.class.php
===================================================================
--- plog/trunk/class/action/defaultaction.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/action/defaultaction.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -80,7 +80,8 @@
"userName" => $this->_userName,
"userId" => $this->_userId,
"searchTerms" => $this->_searchTerms,
- "page" => $this->_page ));
+ "page" => $this->_page,
+ "url" => md5($_SERVER["REQUEST_URI"])));
// check if everything's cached because if it is, then we don't have to
// do any work... it's already been done before and we should "safely" assume
Modified: plog/trunk/class/controller/controller.class.php
===================================================================
--- plog/trunk/class/controller/controller.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/controller/controller.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -47,13 +47,13 @@
*
* (according to http://java.sun.com/blueprints/guidelines/designing_enterprise_applications_2e/web-tier/web-tier5.html)
*
- * # The controller receives a POST from the client.
- * # The controller creates an Action corresponding to the requested operation (as described in the previous section).
- * # The controller calls the Action's perform method.
- * perform calls a model business method.
- * # The controller calls the screen flow manager to select the next view to display.
- * # The screen flow manager determines the next view and returns its name to the controller.
- * # The controller forwards the request to the templating service, which assembles and delivers the selected view to the client.
+ * The controller receives a POST from the client.
+ * The controller creates an Action corresponding to the requested operation (as described in the previous section).
+ * The controller calls the Action's perform method.
+ * perform calls a model business method.
+ * The controller calls the screen flow manager to select the next view to display.
+ * The screen flow manager determines the next view and returns its name to the controller.
+ * The controller forwards the request to the templating service, which assembles and delivers the selected view to the client.
*
* The Controller uses an action map file that maps action parameters to action classes. This is file is
* nothing more than an associative PHP array where the key of the array is the value of the action
@@ -228,7 +228,7 @@
global $_plogController_actionMap;
$actionMap = $_plogController_actionMap;
- if (($actionName == '') || (!empty($actionMap) && !array_key_exists($actionName, $actionMap))) {
+ if(!$actionName || !is_string($actionName) || !array_key_exists($actionName, $actionMap)) {
$actionName = DEFAULT_ACTION_NAME;
}
@@ -313,18 +313,12 @@
$performed = false;
while( !$performed ) {
- // get the value of this varilable, every loop
+ // get the value of this variable, every loop
global $_plogController_forwardAction;
global $_plogController_previousAction;
- // jondaley: 08/29/2005, what are these here for??
- // perhaps the global statements should be moved
- // inside the elseif loop below?
- $_plogController_forwardAction;
- $_plogController_previousAction;
-
if ($i == 0) {
- // if this is the first iteration, then we have to take this path...
+ // if this is the first iteration, then we have to take this path...
// since we will use the http request to determine which action to
// use next
$actionName = $request->getValue($this->_actionParam );
Modified: plog/trunk/class/controller/sequentialcontroller.class.php
===================================================================
--- plog/trunk/class/controller/sequentialcontroller.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/controller/sequentialcontroller.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -74,11 +74,7 @@
function getCurrentStep()
{
$curStep = SessionManager::getSessionValue( SEQUENTIAL_CONTROLLER_SESSION_PARAMETER );
- $request = HttpVars::getRequest();
- if( empty($request["start"]) )
- $start = 0;
- else
- $start = $request["start"];
+ $start = HttpVars::getRequestValue("start");
if( !$curStep || $start == "1" ) {
$curStep = 0;
@@ -99,14 +95,7 @@
function process( $httpRequest )
{
global $_plogController_previousAction;
-
-
- // get the name of the action
- $request = new Request( $httpRequest );
-
-
-
$currentStep = $this->getCurrentStep();
$actionClass = $this->_steps[ $currentStep ];
Modified: plog/trunk/class/dao/blogs.class.php
===================================================================
--- plog/trunk/class/dao/blogs.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/dao/blogs.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -48,9 +48,15 @@
function getBlogInfoByDomain($blogDomain, $extendedInfo = false){
- return( $this->get( "custom_domain", $blogDomain,
+ $stuff = $this->get( "custom_domain", $blogDomain,
DaoCacheConstants::CACHE_BLOGIDBYDOMAIN,
- Array( DaoCacheConstants::CACHE_BLOGINFOS => "getId" )));
+ Array( DaoCacheConstants::CACHE_BLOGINFOS => "getId" ));
+ if($stuff)
+ return $stuff;
+
+ return $this->get("custom_domain", preg_replace("/^www./", "", $blogDomain),
+ DaoCacheConstants::CACHE_BLOGIDBYDOMAIN,
+ Array( DaoCacheConstants::CACHE_BLOGINFOS => "getId" ));
}
/**
Modified: plog/trunk/class/data/forms/formvalidator.class.php
===================================================================
--- plog/trunk/class/data/forms/formvalidator.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/data/forms/formvalidator.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -1,5 +1,4 @@
<?php
-
/**
* \defgroup Forms
*
@@ -109,19 +108,22 @@
$validationResult = $fieldValidatorClass->validate( $fieldValue );
}
- $this->_validationResults["$fieldName"] = $validationResult;
- if($validationResult)
- $this->_fieldValues["$fieldName"] = $fieldValue;
+ $this->_validationResults[$fieldName] = $validationResult;
+ if($validationResult){
+ $this->_fieldValues[$fieldName] = $fieldValue;
+ }
else {
- // Note: Display unvalidated data back to user, filtering out HTML
- lt_include( PLOG_CLASS_PATH."class/data/textfilter.class.php" );
- $this->_fieldValues["$fieldName"] = Textfilter::filterAllHTML( $fieldValue );
+ // don't ever display unvalidated data - that causes XSS issues.
+ lt_include( PLOG_CLASS_PATH."class/data/textfilter.class.php" );
+ $this->_fieldValues["$fieldName"] = Textfilter::filterAllHTML( $fieldValue );
+
+// $this->_fieldValues[$fieldName] = "";
}
// if one of the validations is false, then cancel the whole thing
$finalValidationResult = $finalValidationResult && $validationResult;
}
-
+
// the form has already run
$this->_formHasRun = true;
Modified: plog/trunk/class/data/validator/uploadvalidator.class.php
===================================================================
--- plog/trunk/class/data/validator/uploadvalidator.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/data/validator/uploadvalidator.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -81,7 +81,7 @@
// check if the filename extension is forbidden or not
$fileName = basename($upload->getFileName());
foreach( explode( " ", $forbiddenFilesStr ) as $file ) {
- if( Glob::fnmatch( $file, $fileName )) {
+ if( Glob::fnmatch( $file."*", $fileName )) {
return UPLOAD_VALIDATOR_ERROR_FORBIDDEN_EXTENSION;
}
}
@@ -100,7 +100,6 @@
$fileName = basename($upload->getFileName());
foreach( explode( " ", $allowedFilesStr ) as $file ) {
if( Glob::fnmatch( $file, $fileName )) {
-// print("it's a valid file!");
return true;
}
}
Modified: plog/trunk/class/gallery/dao/galleryresources.class.php
===================================================================
--- plog/trunk/class/gallery/dao/galleryresources.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/gallery/dao/galleryresources.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -535,12 +535,14 @@
$config =& Config::getConfig();
$imgWidth = $info["video"]["resolution_x"];
- $imgHeight = $info["video"]["resolution_y"];
-
+ $imgHeight = $info["video"]["resolution_y"];
+
$previewHeight = $config->getValue( "thumbnail_height", GalleryConstants::GALLERY_DEFAULT_THUMBNAIL_HEIGHT );
$previewWidth = $config->getValue( "thumbnail_width", GalleryConstants::GALLERY_DEFAULT_THUMBNAIL_WIDTH );
- $thumbHeight = ( $imgHeight > $previewHeight ? $previewHeight : $imgHeight );
- $thumbWidth = ( $imgWidth > $previewWidth ? $previewWidth : $imgWidth );
+ $thumbHeight = ((!$imgHeight || ($imgHeight > $previewHeight)) ?
+ $previewHeight : $imgHeight);
+ $thumbWidth = ((!$imgWidth || ($imgWidth > $previewWidth)) ?
+ $previewWidth : $imgWidth);
GalleryThumbnailGenerator::generateResourceThumbnail( $resFile, $resourceId, $ownerId, $thumbHeight, $thumbWidth );
$medPreviewHeight = $config->getValue( "medium_size_thumbnail_height", GalleryConstants::GALLERY_DEFAULT_MEDIUM_SIZE_THUMBNAIL_HEIGHT );
Modified: plog/trunk/class/net/customrequestgenerator.class.php
===================================================================
--- plog/trunk/class/net/customrequestgenerator.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/net/customrequestgenerator.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -469,8 +469,6 @@
}
elseif( $date > -1 ) {
$url = $this->getArchiveLink( $date );
- if( $url[strlen($url)-1] == "/" )
- $url = substr( $url, 0, -1);
}
else {
// if none of the above, we should at least get a link to the blog!
@@ -478,7 +476,10 @@
}
$pageFormat = $this->getPageSuffix();
-
+ // remove double slashes that can occur in certain combinations
+ // of base_url/blog_url/pager/etc.
+ if($pageFormat[0] == "/" && $url[strlen($url)-1] == "/")
+ return substr($url, 0, -1).$pageFormat;
return( $url.$pageFormat );
}
Modified: plog/trunk/class/net/customurlhandler.class.php
===================================================================
--- plog/trunk/class/net/customurlhandler.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/net/customurlhandler.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -133,13 +133,13 @@
$this->_format = $m->identify();
$this->_params = $m->getParameters();
-
// if it didn't work out the first time, let's try with an additional url format
if( !$this->_fillRequestParameters()) {
$m = new LinkFormatMatcher( $requestUri, $this->_fallback );
$this->_format = $m->identify();
$this->_params = $m->getParameters();
- $this->_fillRequestParameters();
+ if(!$this->_fillRequestParameters())
+ return false;
}
// put the parameter back as a parameter
Modified: plog/trunk/class/net/http/subdomains.class.php
===================================================================
--- plog/trunk/class/net/http/subdomains.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/net/http/subdomains.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -27,7 +27,6 @@
$server = HttpVars::getServer();
$httpHost = $server["HTTP_HOST"];
$result = $lp->parseLink( $httpHost );
-
return( $result );
}
@@ -53,12 +52,18 @@
// and now get the base_url
$config =& Config::getConfig();
$baseUrlObject = new Url( $config->getValue( "base_url" ));
-
+
+ // ignore "www." prefixes - that doesn't necessarily make it a subdomain
+ $base = preg_replace("/^www./", "", $baseUrlObject->getHost());
+ $current = preg_replace("/^www./", "", $urlObject->getHost());
+
// and finally check if whether they match or not
- if( $urlObject->getHost() == $baseUrlObject->getHost())
+ if($base == $current){
$isSubdomain = false;
- else
+ }
+ else{
$isSubdomain = true;
+ }
// return it...
return( $isSubdomain );
Modified: plog/trunk/class/net/linkformatmatcher.class.php
===================================================================
--- plog/trunk/class/net/linkformatmatcher.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/net/linkformatmatcher.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -45,7 +45,7 @@
foreach( $this->_formats as $key => $format ) {
$lp = new LinkParser( $format );
$params = $lp->parseLink( $this->_request );
- if( $params ) {
+ if( $params !== false ) {
// return the key assigned to the format that matched
$this->_params = $params;
return $key;
Modified: plog/trunk/class/net/linkparser.class.php
===================================================================
--- plog/trunk/class/net/linkparser.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/net/linkparser.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -54,7 +54,6 @@
{
$uri = $url;
- //global $urlRewriteTags;
$rewritecode = array_keys( $this->urlRewriteTags );
$rewritereplace = array_values( $this->urlRewriteTags );
Modified: plog/trunk/class/template/smarty/Config_File.class.php
===================================================================
--- plog/trunk/class/template/smarty/Config_File.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/template/smarty/Config_File.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -17,15 +17,19 @@
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
- * @link http://smarty.php.net/
- * @version 2.6.19
+ * For questions, help, comments, discussion, etc., please join the
+ * Smarty mailing list. Send a blank e-mail to
+ * smarty-discussion-subscribe at googlegroups.com
+ *
+ * @link http://www.smarty.net/
+ * @version 2.6.26
* @copyright Copyright: 2001-2005 New Digital Group, Inc.
* @author Andrei Zmievski <andrei at php.net>
* @access public
* @package Smarty
*/
-/* $Id: Config_File.class.php 2702 2007-03-08 19:11:22Z mohrt $ */
+/* $Id: Config_File.class.php 3149 2009-05-23 20:59:25Z monte.ohrt $ */
/**
* Config file reading class
Modified: plog/trunk/class/template/smarty/Smarty.class.php
===================================================================
--- plog/trunk/class/template/smarty/Smarty.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/template/smarty/Smarty.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -20,17 +20,17 @@
*
* For questions, help, comments, discussion, etc., please join the
* Smarty mailing list. Send a blank e-mail to
- * smarty-general-subscribe at lists.php.net
+ * smarty-discussion-subscribe at googlegroups.com
*
- * @link http://smarty.php.net/
+ * @link http://www.smarty.net/
* @copyright 2001-2005 New Digital Group, Inc.
* @author Monte Ohrt <monte at ohrt dot com>
* @author Andrei Zmievski <andrei at php.net>
* @package Smarty
- * @version 2.6.19
+ * @version 2.6.26
*/
-/* $Id: Smarty.class.php 2722 2007-06-18 14:29:00Z danilo $ */
+/* $Id: Smarty.class.php 3163 2009-06-17 14:39:24Z monte.ohrt $ */
/**
* DIR_SEP isn't used anymore, but third party apps might
@@ -107,7 +107,7 @@
/**
* When set, smarty does uses this value as error_reporting-level.
*
- * @var boolean
+ * @var integer
*/
var $error_reporting = null;
@@ -236,7 +236,8 @@
'INCLUDE_ANY' => false,
'PHP_TAGS' => false,
'MODIFIER_FUNCS' => array('count'),
- 'ALLOW_CONSTANTS' => false
+ 'ALLOW_CONSTANTS' => false,
+ 'ALLOW_SUPER_GLOBALS' => true
);
/**
@@ -464,7 +465,7 @@
*
* @var string
*/
- var $_version = '2.6.19';
+ var $_version = '2.6.26';
/**
* current template inclusion depth
@@ -1548,7 +1549,7 @@
$params['source_content'] = $this->_read_file($_resource_name);
}
$params['resource_timestamp'] = filemtime($_resource_name);
- $_return = is_file($_resource_name);
+ $_return = is_file($_resource_name) && is_readable($_resource_name);
break;
default:
@@ -1711,7 +1712,7 @@
*/
function _read_file($filename)
{
- if ( file_exists($filename) && ($fd = @fopen($filename, 'rb')) ) {
+ if ( file_exists($filename) && is_readable($filename) && ($fd = @fopen($filename, 'rb')) ) {
$contents = '';
while (!feof($fd)) {
$contents .= fread($fd, 8192);
@@ -1950,7 +1951,7 @@
return $function;
}
}
-
+
/**#@-*/
}
Modified: plog/trunk/class/template/smarty/Smarty_Compiler.class.php
===================================================================
--- plog/trunk/class/template/smarty/Smarty_Compiler.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/template/smarty/Smarty_Compiler.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -21,12 +21,12 @@
* @link http://smarty.php.net/
* @author Monte Ohrt <monte at ohrt dot com>
* @author Andrei Zmievski <andrei at php.net>
- * @version 2.6.19
+ * @version 2.6.26
* @copyright 2001-2005 New Digital Group, Inc.
* @package Smarty
*/
-/* $Id: Smarty_Compiler.class.php 2736 2007-09-16 14:47:53Z mohrt $ */
+/* $Id: Smarty_Compiler.class.php 3163 2009-06-17 14:39:24Z monte.ohrt $ */
/**
* Template compiling class
@@ -1363,9 +1363,14 @@
/* If last token was a ')', we operate on the parenthesized
expression. The start of the expression is on the stack.
Otherwise, we operate on the last encountered token. */
- if ($tokens[$i-1] == ')')
+ if ($tokens[$i-1] == ')') {
$is_arg_start = array_pop($is_arg_stack);
- else
+ if ($is_arg_start != 0) {
+ if (preg_match('~^' . $this->_func_regexp . '$~', $tokens[$is_arg_start-1])) {
+ $is_arg_start--;
+ }
+ }
+ } else
$is_arg_start = $i-1;
/* Construct the argument for 'is' expression, so it knows
what to operate on. */
@@ -2042,27 +2047,57 @@
break;
case 'get':
- $compiled_ref = ($this->request_use_auto_globals) ? '$_GET' : "\$GLOBALS['HTTP_GET_VARS']";
+ if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) {
+ $this->_syntax_error("(secure mode) super global access not permitted",
+ E_USER_WARNING, __FILE__, __LINE__);
+ return;
+ }
+ $compiled_ref = "\$_GET";
break;
case 'post':
- $compiled_ref = ($this->request_use_auto_globals) ? '$_POST' : "\$GLOBALS['HTTP_POST_VARS']";
+ if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) {
+ $this->_syntax_error("(secure mode) super global access not permitted",
+ E_USER_WARNING, __FILE__, __LINE__);
+ return;
+ }
+ $compiled_ref = "\$_POST";
break;
case 'cookies':
- $compiled_ref = ($this->request_use_auto_globals) ? '$_COOKIE' : "\$GLOBALS['HTTP_COOKIE_VARS']";
+ if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) {
+ $this->_syntax_error("(secure mode) super global access not permitted",
+ E_USER_WARNING, __FILE__, __LINE__);
+ return;
+ }
+ $compiled_ref = "\$_COOKIE";
break;
case 'env':
- $compiled_ref = ($this->request_use_auto_globals) ? '$_ENV' : "\$GLOBALS['HTTP_ENV_VARS']";
+ if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) {
+ $this->_syntax_error("(secure mode) super global access not permitted",
+ E_USER_WARNING, __FILE__, __LINE__);
+ return;
+ }
+ $compiled_ref = "\$_ENV";
break;
case 'server':
- $compiled_ref = ($this->request_use_auto_globals) ? '$_SERVER' : "\$GLOBALS['HTTP_SERVER_VARS']";
+ if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) {
+ $this->_syntax_error("(secure mode) super global access not permitted",
+ E_USER_WARNING, __FILE__, __LINE__);
+ return;
+ }
+ $compiled_ref = "\$_SERVER";
break;
case 'session':
- $compiled_ref = ($this->request_use_auto_globals) ? '$_SESSION' : "\$GLOBALS['HTTP_SESSION_VARS']";
+ if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) {
+ $this->_syntax_error("(secure mode) super global access not permitted",
+ E_USER_WARNING, __FILE__, __LINE__);
+ return;
+ }
+ $compiled_ref = "\$_SESSION";
break;
/*
@@ -2070,8 +2105,13 @@
* compiler.
*/
case 'request':
+ if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) {
+ $this->_syntax_error("(secure mode) super global access not permitted",
+ E_USER_WARNING, __FILE__, __LINE__);
+ return;
+ }
if ($this->request_use_auto_globals) {
- $compiled_ref = '$_REQUEST';
+ $compiled_ref = "\$_REQUEST";
break;
} else {
$this->_init_smarty_vars = true;
Copied: plog/trunk/class/template/smarty/plugins/compiler.break.php (from rev 6981, plog/branches/lifetype-1.2/class/template/smarty/plugins/compiler.break.php)
===================================================================
--- plog/trunk/class/template/smarty/plugins/compiler.break.php (rev 0)
+++ plog/trunk/class/template/smarty/plugins/compiler.break.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -0,0 +1,16 @@
+<?php
+
+/**
+ * Smarty {break} compiler function plugin
+ *
+ * Type: compiler function<br>
+ * Name: break<br>
+ * Purpose: break out of a foreach loop
+ * @author Ferdinand Beyer: http://osdir.com/ml/php.smarty.general/2002-08/msg00058.html
+ * @param string containing var-attribute and value-attribute
+ * @param Smarty_Compiler
+ */
+function smarty_compiler_break($contents, &$smarty)
+{
+ return 'break;';
+}
Copied: plog/trunk/class/template/smarty/plugins/compiler.continue.php (from rev 6981, plog/branches/lifetype-1.2/class/template/smarty/plugins/compiler.continue.php)
===================================================================
--- plog/trunk/class/template/smarty/plugins/compiler.continue.php (rev 0)
+++ plog/trunk/class/template/smarty/plugins/compiler.continue.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -0,0 +1,16 @@
+<?php
+
+/**
+ * Smarty {continue} compiler function plugin
+ *
+ * Type: compiler function<br>
+ * Name: continue<br>
+ * Purpose: continue next item in a foreach loop
+ * @author Ferdinand Beyer: http://osdir.com/ml/php.smarty.general/2002-08/msg00058.html
+ * @param string containing var-attribute and value-attribute
+ * @param Smarty_Compiler
+ */
+function smarty_compiler_continue($contents, &$smarty)
+{
+ return 'continue;';
+}
Modified: plog/trunk/class/template/smarty/plugins/function.math.php
===================================================================
--- plog/trunk/class/template/smarty/plugins/function.math.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/template/smarty/plugins/function.math.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -27,7 +27,8 @@
return;
}
- $equation = $params['equation'];
+ // strip out backticks, not necessary for math
+ $equation = str_replace('`','',$params['equation']);
// make sure parenthesis are balanced
if (substr_count($equation,"(") != substr_count($equation,")")) {
Modified: plog/trunk/class/template/templatesandbox.class.php
===================================================================
--- plog/trunk/class/template/templatesandbox.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/template/templatesandbox.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -42,13 +42,13 @@
$forbiddenFilesStr = $config->getValue( 'upload_forbidden_files' );
// return true if there's nothing to do
- if( empty($forbiddenFilesStr) || !$forbiddenFilesStr )
+ if( empty($forbiddenFilesStr) )
return true;
// otherwise, turn the thing into an array and go through all of them
foreach( explode( " ", $forbiddenFilesStr ) as $file ) {
- $files = Glob::myGlob( $folder, $file );
+ $files = Glob::myGlob( $folder, $file."*" );
if( count($files) > 0 )
return false;
}
Modified: plog/trunk/class/view/defaultview.class.php
===================================================================
--- plog/trunk/class/view/defaultview.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/view/defaultview.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -67,6 +67,10 @@
elseif(( $category = $this->getValue( "category" ))) {
$title .= " | ".$category->getName();
}
+
+ $page = $this->getCurrentPageFromRequest();
+ if($page != 1)
+ $title .= " | $page";
return( $title );
}
Modified: plog/trunk/class/view/view.class.php
===================================================================
--- plog/trunk/class/view/view.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/view/view.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -93,7 +93,7 @@
function setValue( $name, $value )
{
//$this->_params[$name] = $value;
- $this->_params->setValue( $name, $value );
+ $this->_params->setValue( $name, $value );
}
/**
@@ -297,7 +297,6 @@
*/
function getCurrentPageFromRequest()
{
- // get the value from the request
$page = HttpVars::getRequestValue( VIEW_DEFAULT_PAGE_PARAMETER );
// but first of all, validate it
@@ -319,9 +318,9 @@
*/
function render()
{
- // send the headers we've been assigned if any, alognside the conten-type header
+ // send the headers we've been assigned if any, alongside the content-type header
foreach( $this->_headers as $header )
- header( $header );
+ header( $header );
$this->sendContentType();
}
Modified: plog/trunk/class/view/viewarticleview.class.php
===================================================================
--- plog/trunk/class/view/viewarticleview.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/class/view/viewarticleview.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -44,7 +44,11 @@
function getPageTitle()
{
$article = $this->getValue( "post" );
- return( $this->_blogInfo->getBlog()." | ".$article->getTopic());
+ $title = $article->getTopic()." | ".$this->_blogInfo->getBlog();
+ $page = $this->getCurrentPageFromRequest();
+ if($page != 1)
+ $title .= " | $page";
+ return $title;
}
/**
Modified: plog/trunk/js/tinymce/plugins/insertvideo/css/content.css
===================================================================
--- plog/trunk/js/tinymce/plugins/insertvideo/css/content.css 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/js/tinymce/plugins/insertvideo/css/content.css 2010-02-17 20:47:47 UTC (rev 6983)
@@ -5,6 +5,13 @@
background-repeat: no-repeat;
background-color: #ffffcc;
}
+.ltVideoVimeo {
+ border: 1px dotted #cc0000;
+ background-image: url('../images/vimeo.png');
+ background-position: center;
+ background-repeat: no-repeat;
+ background-color: #ffffcc;
+}
.ltVideoGoogleVideo {
border: 1px dotted #cc0000;
background-image: url('../images/gvideo.png');
@@ -46,4 +53,4 @@
background-position: center;
background-repeat: no-repeat;
background-color: #ffffcc;
- }
\ No newline at end of file
+ }
Modified: plog/trunk/js/tinymce/plugins/insertvideo/editor_plugin.js
===================================================================
--- plog/trunk/js/tinymce/plugins/insertvideo/editor_plugin.js 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/js/tinymce/plugins/insertvideo/editor_plugin.js 2010-02-17 20:47:47 UTC (rev 6983)
@@ -49,7 +49,7 @@
insertvideo['file'] = '../../plugins/insertvideo/videoinput.html'; // Relative to theme
insertvideo['width'] = 500;
- insertvideo['height'] = 260;
+ insertvideo['height'] = 290;
tinyMCE.openWindow(insertvideo, {editor_id : editor_id, resizable : "no", scrollbars : "no", inline : "yes"});
}
@@ -67,7 +67,6 @@
if (tinyMCE.getParam('convert_urls')) {
var imgs = content.getElementsByTagName("img");
for (var i=0; i<imgs.length; i++) {
- //if (tinyMCE.getAttrib(imgs[i], "class")== "ltVideoYouTube") {
if (tinyMCE.getAttrib(imgs[i], "class").substr(0,6) == "ltVideo") {
var src = tinyMCE.getAttrib(imgs[i], "alt");
@@ -143,6 +142,9 @@
else if( videoType == 7 ) {
cssClass = "ltVideoDailymot";
}
+ else if( videoType == 8 ) {
+ cssClass = "ltVideoVimeo";
+ }
else {
// ignore it, it's not a youtube or googlevideo video
startPos++;
@@ -174,7 +176,7 @@
var attribs = TinyMCE_insertvideoPlugin._parseAttributes(content.substring(startPos + 4, endPos));
// Is not flash, skip it
- if (attribs['class'] != "ltVideoYouTube" && attribs['class'] != "ltVideoGoogleVideo" && attribs['class'] != "ltVideoMetacafe" && attribs['class'] != "ltVideoIfilm" && attribs['class'] != "ltVideoGoear" && attribs['class'] != "ltVideoGrouper" && attribs['class'] != "ltVideoDailymot")
+ if (attribs['class'] != "ltVideoYouTube" && attribs['class'] != "ltVideoGoogleVideo" && attribs['class'] != "ltVideoMetacafe" && attribs['class'] != "ltVideoIfilm" && attribs['class'] != "ltVideoGoear" && attribs['class'] != "ltVideoGrouper" && attribs['class'] != "ltVideoDailymot" && attribs['class'] != "ltVideoVimeo")
continue;
type = attribs['class'];
@@ -298,7 +300,8 @@
4: /^http:\/\/www\.ifilm\.com\//,
5: /^http:\/\/www\.goear.com\//,
6: /^http:\/\/www\.grouper\.com\//,
- 7: /^http:\/\/www\.dailymotion\.com\//
+ 7: /^http:\/\/www\.dailymotion\.com\//,
+ 8: /^http:\/\/vimeo\.com\//
};
var found = false;
Modified: plog/trunk/js/tinymce/plugins/insertvideo/functions.js
===================================================================
--- plog/trunk/js/tinymce/plugins/insertvideo/functions.js 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/js/tinymce/plugins/insertvideo/functions.js 2010-02-17 20:47:47 UTC (rev 6983)
@@ -8,6 +8,18 @@
return regexp.test(url);
}
+function getVimeoLink( url )
+{
+ var regexp = /http:\/\/vimeo.com\/([0-9]+)/i;
+ result = regexp.exec( url );
+ if(!result){
+ return url;
+ }
+ videoId = result[1];
+ url = "http://vimeo.com/moogaloop.swf?clip_id="+videoId+"&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=0a7ac2&fullscreen=1";
+ return url;
+}
+
function getYouTubeLink( url )
{
// check if this is a URL pointing to a youtube link or to a youtube video
@@ -171,6 +183,7 @@
}
// check if a destination system was selected
+ vimeo = document.getElementById("vimeo");
youtube = document.getElementById("youtube");
gvideo = document.getElementById("gvideo");
// dalealplay = document.getElementById("dalealplay");
@@ -181,11 +194,17 @@
dailymot = document.getElementById("dailymot");
// bolt = document.getElementById("bolt");
- if( youtube.checked==false && gvideo.checked==false && metacafe.checked==false && ifilm.checked==false && goear.checked==false && grouper.checked==false && dailymot.checked==false ) {
+ if( vimeo.checked==false && youtube.checked==false && gvideo.checked==false && metacafe.checked==false && ifilm.checked==false && goear.checked==false && grouper.checked==false && dailymot.checked==false ) {
window.alert( tinyMCE.getLang('lang_insertvideo_selectiontype', 0) );
return( false );
}
+ if( vimeo.checked == true ) {
+ link = getVimeoLink( url );
+ css="ltVideoVimeo";
+ width=425;
+ height=355;
+ }
if( youtube.checked == true ) {
link = getYouTubeLink( url );
css="ltVideoYouTube";
Copied: plog/trunk/js/tinymce/plugins/insertvideo/images/vimeo.png (from rev 6981, plog/branches/lifetype-1.2/js/tinymce/plugins/insertvideo/images/vimeo.png)
===================================================================
(Binary files differ)
Modified: plog/trunk/js/tinymce/plugins/insertvideo/videoinput.html
===================================================================
--- plog/trunk/js/tinymce/plugins/insertvideo/videoinput.html 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/js/tinymce/plugins/insertvideo/videoinput.html 2010-02-17 20:47:47 UTC (rev 6983)
@@ -14,7 +14,7 @@
</div>
<div class="panel_wrapper">
<div id="general_panel" class="panel_current">
- <legend>{$lang_insertvideo_linklegend}</legend>
+ <legend>{$lang_insertvideo_linklegend}</legend>
<table border="0" cellpadding="4" cellspacing="0">
<tr>
<td nowrap="nowrap">{$lang_insertvideo_link}</td>
@@ -30,6 +30,7 @@
<input type="radio" id="goear" style="border:0px"name="type" value="5"><img src="images/goear.png" alt="Goear" /> Goear<br />
<input type="radio" id="grouper" style="border:0px"name="type" value="6"><img src="images/grouper.png" alt="Grouper" /> Grouper<br />
<input type="radio" id="dailymot" style="border:0px"name="type" value="7"><img src="images/dailymotion.png" alt="dailymotion" /> dailymotion <span style="color: grey; font-style: oblique;">({$lang_insertvideo_dailymotembeddableplayer})</span><br />
+ <input type="radio" id="vimeo" style="border:0px" name="type" value="8"><img src="images/vimeo.png" alt="Vimeo" /> Vimeo<br />
</td>
</tr>
</table>
Deleted: plog/trunk/plugins/badbehavior/bad-behavior/README.txt
===================================================================
--- plog/trunk/plugins/badbehavior/bad-behavior/README.txt 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/plugins/badbehavior/bad-behavior/README.txt 2010-02-17 20:47:47 UTC (rev 6983)
@@ -1,92 +0,0 @@
-=== Bad Behavior ===
-Tags: comment,trackback,referrer,spam,robot,antispam
-Contributors: error, MarkJaquith, Firas, skeltoac
-Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=error%40ioerror%2eus&item_name=Bad%20Behavior%20%28From%20WordPress%20Page%29&no_shipping=1&cn=Comments%20about%20Bad%20Behavior&tax=0¤cy_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8
-Requires at least: 1.5
-Tested up to: 2.6
-Stable tag: 2.0.20
-
-Welcome to a whole new way of keeping your blog, forum, guestbook, wiki or
-content management system free of link spam. Bad Behavior is a PHP-based
-solution for blocking link spam and the robots which deliver it.
-
-Bad Behavior complements other link spam solutions by acting as a gatekeeper,
-preventing spammers from ever delivering their junk, and in many cases, from
-ever reading your site in the first place. This keeps your site's load down,
-makes your site logs cleaner, and can help prevent denial of service
-conditions caused by spammers.
-
-Bad Behavior also transcends other link spam solutions by working in a
-completely different, unique way. Instead of merely looking at the content of
-potential spam, Bad Behavior analyzes the delivery method as well as the
-software the spammer is using. In this way, Bad Behavior can stop spam attacks
-even when nobody has ever seen the particular spam before.
-
-Bad Behavior is designed to work alongside existing spam prevention services
-to increase their effectiveness and efficiency. Whenever possible, you should
-run it in combination with a more traditional spam prevention service.
-
-Bad Behavior works on, or can be adapted to, virtually any PHP-based Web
-software package. Bad Behavior is available natively for WordPress, MediaWiki,
-Drupal, ExpressionEngine, and LifeType, and people have successfully made it
-work with Movable Type, phpBB, and many other packages.
-
-Installing and configuring Bad Behavior on most platforms is simple and takes
-only a few minutes. In most cases, no configuration at all is needed. Simply
-turn it on and stop worrying about spam!
-
-The core of Bad Behavior is free software released under the GNU General
-Public License. (On some non-free platforms, special license terms exist for
-Bad Behavior's platform connector.)
-
-== Installation ==
-
-*Warning*: If you are upgrading from a 1.x.x version of Bad Behavior,
-you must remove it from your system entirely, and delete all of its
-database tables, before installing Bad Behavior 2.0.x. You do not need
-to remove a 2.0.x version of Bad Behavior before upgrading to this
-release.
-
-Bad Behavior has been designed to install on each host software in the
-manner most appropriate to each platform. It's usually sufficient to
-follow the generic instructions for installing any plugin or extension
-for your host software.
-
-On MediaWiki, it is necessary to add a second line to LocalSettings.php
-when installing the extension. Your LocalSettings.php should include
-the following:
-
-` include_once( 'includes/DatabaseFunctions.php' );
- include( './extensions/Bad-Behavior/bad-behavior-mediawiki.php' );
-
-For complete documentation and installation instructions, please visit
-http://www.bad-behavior.ioerror.us/
-
-== Release Notes ==
-
-= Bad Behavior 2.0 Known Issues =
-
-* Bad Behavior may be unable to protect cached pages on MediaWiki.
-
-* On WordPress when using WordPress Advanced Cache (WP-Cache) or WP-Super
-Cache, Bad Behavior requires a patch to WP-Cache 2 in order to protect
-cached pages.
-
- Edit the wp-content/plugins/wp-cache/wp-cache-phase1.php or
-wp-content/plugins/wp-super-cache/wp-cache-phase1.php file and find the
-following two lines at around line 34 (line 56 in WP-Super Cache):
-
-` if (! ($meta = unserialize(@file_get_contents($meta_pathname))) )
- return;`
-
- Immediately after this, insert the following line:
-
-` require_once( ABSPATH . 'wp-content/plugins/Bad-Behavior/bad-behavior-generic.php');`
-
- Then visit your site. Everything should work normally, but spammers will
-not be able to access your cached pages either.
-
-* When using Bad Behavior in conjunction with Spam Karma 2, you may see PHP
-warnings when Spam Karma 2 displays its internally generated CAPTCHA. This
-is a design problem in Spam Karma 2. Contact the author of Spam Karma 2 for
-a fix.
Modified: plog/trunk/plugins/badbehavior/bad-behavior/banned.inc.php
===================================================================
--- plog/trunk/plugins/badbehavior/bad-behavior/banned.inc.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/plugins/badbehavior/bad-behavior/banned.inc.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -7,6 +7,7 @@
function bb2_display_denial($settings, $key, $previous_key = false)
{
+ define('DONOTCACHEPAGE', true); // WP Super Cache
if (!$previous_key) $previous_key = $key;
if ($key == "e87553e1") {
// FIXME: lookup the real key
@@ -25,7 +26,7 @@
header("Status: " . $response['response'] . " Bad Behavior");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!--< html xmlns="http://www.w3.org/1999/xhtml">-->
<head>
<title>HTTP Error <?php echo $response['response']; ?></title>
</head>
Modified: plog/trunk/plugins/badbehavior/bad-behavior/blackhole.inc.php
===================================================================
--- plog/trunk/plugins/badbehavior/bad-behavior/blackhole.inc.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/plugins/badbehavior/bad-behavior/blackhole.inc.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -6,11 +6,15 @@
}
// Look up address on various blackhole lists.
-// These cannot be used for GET requests under any circumstances!
+// These should not be used for GET requests under any circumstances!
+// FIXME: Note that this code is no longer in use
function bb2_blackhole($package) {
// Can't use IPv6 addresses yet
- if (is_ipv6($package['REMOTE_ADDR'])) return;
+ if (@is_ipv6($package['ip'])) return false;
+ // Workaround for "MySQL server has gone away"
+ bb2_db_query("SET @@session.wait_timeout = 90");
+
// Only conservative lists
$bb2_blackhole_lists = array(
"sbl-xbl.spamhaus.org", // All around nasties
@@ -45,10 +49,13 @@
function bb2_httpbl($settings, $package) {
// Can't use IPv6 addresses yet
- if (is_ipv6($package['REMOTE_ADDR'])) return;
+ if (@is_ipv6($package['ip'])) return false;
- if (!$settings['httpbl_key']) return false;
+ if (@!$settings['httpbl_key']) return false;
+ // Workaround for "MySQL server has gone away"
+ bb2_db_query("SET @@session.wait_timeout = 90");
+
$find = implode('.', array_reverse(explode('.', $package['ip'])));
$result = gethostbynamel($settings['httpbl_key'].".${find}.dnsbl.httpbl.org.");
if (!empty($result)) {
Modified: plog/trunk/plugins/badbehavior/bad-behavior/blacklist.inc.php
===================================================================
--- plog/trunk/plugins/badbehavior/bad-behavior/blacklist.inc.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/plugins/badbehavior/bad-behavior/blacklist.inc.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -32,6 +32,7 @@
"MJ12bot/v1.0.8", // malicious botnet
"Movable Type", // customised spambots
"Mozilla ", // malicious software
+ "Mozilla/2", // malicious software
"Mozilla/4.0(", // from honeypot
"Mozilla/4.0+(", // suspicious harvester
"MSIE", // malicious software
@@ -48,6 +49,7 @@
"user", // suspicious harvester
"User Agent: ", // spam harvester
"User-Agent: ", // spam harvester
+ "WebSite-X Suite", // misc comment spam
"Winnie Poh", // Automated Coppermine hacks
"Wordpress", // malicious software
"\"", // malicious software
@@ -87,7 +89,8 @@
// These are regular expression matches.
$bb2_spambots_regex = array(
"/^[A-Z]{10}$/", // misc email spam
- "/^Mozilla...[05]$/i", // fake user agent/email spam
+// msnbot is using this fake user agent string now
+// "/^Mozilla...[05]$/i", // fake user agent/email spam
"/[bcdfghjklmnpqrstvwxz ]{8,}/",
// "/(;\){1,2}$/", // misc spammers/harvesters
// "/MSIE.*Windows XP/", // misc comment spam
Modified: plog/trunk/plugins/badbehavior/bad-behavior/common_tests.inc.php
===================================================================
--- plog/trunk/plugins/badbehavior/bad-behavior/common_tests.inc.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/plugins/badbehavior/bad-behavior/common_tests.inc.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -25,7 +25,7 @@
// Enforce RFC 2965 sec 3.3.5 and 9.1
// Bots wanting new-style cookies should send Cookie2
// FIXME: Amazon Kindle is broken; Amazon has been notified 9/24/08
- if (strpos($package['headers_mixed']['Cookie'], '$Version=0') !== FALSE && !array_key_exists('Cookie2', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "Kindle/") === FALSE) {
+ if (@strpos($package['headers_mixed']['Cookie'], '$Version=0') !== FALSE && !array_key_exists('Cookie2', $package['headers_mixed']) && strpos($package['headers_mixed']['User-Agent'], "Kindle/") === FALSE) {
return '6c502ff1';
}
return false;
@@ -45,13 +45,17 @@
if (strpos($package['request_uri'], "#") !== FALSE) {
return "dfd9b1ad";
}
+ // A pretty nasty SQL injection attack on IIS servers
+ if (strpos($package['request_uri'], ";DECLARE%20@") !== FALSE) {
+ return "dfd9b1ad";
+ }
// Range: field exists and begins with 0
// Real user-agents do not start ranges at 0
// NOTE: this blocks the whois.sc bot. No big loss.
// Exceptions: MT (not fixable); LJ (refuses to fix; may be
// blocked again in the future)
- if (array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) {
+ if ($settings['strict'] && array_key_exists('Range', $package['headers_mixed']) && strpos($package['headers_mixed']['Range'], "=0-") !== FALSE) {
if (strncmp($ua, "MovableType", 11) && strncmp($ua, "URI::Fetch", 10) && strncmp($ua, "php-openid/", 11)) {
return "7ad04a8a";
}
@@ -65,8 +69,10 @@
// Lowercase via is used by open proxies/referrer spammers
// Exceptions: Clearswift uses lowercase via (refuses to fix;
// may be blocked again in the future)
+ // Coral CDN uses lowercase via
if (array_key_exists('via', $package['headers']) &&
- strpos($package['headers']['via'],'Clearswift') === FALSE) {
+ strpos($package['headers']['via'],'Clearswift') === FALSE &&
+ strpos($ua,'CoralWebPrx') === FALSE) {
return "9c9e4979";
}
@@ -114,7 +120,7 @@
if (array_key_exists('Referer', $package['headers_mixed'])) {
// Referer, if it exists, must not be blank
- if (empty($package['headers_mixed'])) {
+ if (empty($package['headers_mixed']['Referer'])) {
return "69920ee5";
}
Modified: plog/trunk/plugins/badbehavior/bad-behavior/core.inc.php
===================================================================
--- plog/trunk/plugins/badbehavior/bad-behavior/core.inc.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/plugins/badbehavior/bad-behavior/core.inc.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -110,6 +110,8 @@
$headers_mixed[uc_all($h)] = $v;
}
+ // IPv6 - IPv4 compatibility mode hack
+ $_SERVER['REMOTE_ADDR'] = preg_replace("/^::ffff:/", "", $_SERVER['REMOTE_ADDR']);
// We use these frequently. Keep a copy close at hand.
$ip = $_SERVER['REMOTE_ADDR'];
$request_method = $_SERVER['REQUEST_METHOD'];
@@ -181,7 +183,7 @@
} elseif (stripos($ua, "msnbot") !== FALSE || stripos($ua, "MS Search") !== FALSE) {
require_once(BB2_CORE . "/msnbot.inc.php");
bb2_test($settings, $package, bb2_msnbot($package));
- } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE) {
+ } elseif (stripos($ua, "Googlebot") !== FALSE || stripos($ua, "Mediapartners-Google") !== FALSE || stripos($ua, "Google Wireless") !== FALSE) {
require_once(BB2_CORE . "/google.inc.php");
bb2_test($settings, $package, bb2_google($package));
} elseif (stripos($ua, "Mozilla") !== FALSE && stripos($ua, "Mozilla") == 0) {
Modified: plog/trunk/plugins/badbehavior/bad-behavior/post.inc.php
===================================================================
--- plog/trunk/plugins/badbehavior/bad-behavior/post.inc.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/plugins/badbehavior/bad-behavior/post.inc.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -32,7 +32,7 @@
}
// If Referer exists, it should refer to a page on our site
- if (array_key_exists('Referer', $package['headers_mixed']) && stripos($package['headers_mixed']['Referer'], $package['headers_mixed']['Host']) === FALSE) {
+ if ($settings['offsite_forms'] && array_key_exists('Referer', $package['headers_mixed']) && stripos($package['headers_mixed']['Referer'], $package['headers_mixed']['Host']) === FALSE) {
return "cd361abb";
}
Modified: plog/trunk/plugins/badbehavior/bad-behavior/responses.inc.php
===================================================================
--- plog/trunk/plugins/badbehavior/bad-behavior/responses.inc.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/plugins/badbehavior/bad-behavior/responses.inc.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -14,10 +14,10 @@
'35ea7ffa' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Check your browser\'s language and locale settings.', 'log' => 'Invalid language specified'),
'408d7e72' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'POST comes too quickly after GET'),
'41feed15' => array('response' => 400, 'explanation' => 'An invalid request was received. This may be caused by a malfunctioning proxy server. Bypass the proxy server and connect directly, or contact your proxy server administrator.', 'log' => 'Header \'Pragma\' without \'Cache-Control\' prohibited for HTTP/1.1 requests'),
- '45b35e30' => array('response' => 403, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' is corrupt'),
+ '45b35e30' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' is corrupt'),
'57796684' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'Prohibited header \'X-Aaaaaaaaaa\' or \'X-Aaaaaaaaaaaa\' present'),
'582ec5e4' => array('response' => 400, 'explanation' => 'An invalid request was received. If you are using a proxy server, bypass the proxy server or contact your proxy server administrator. This may also be caused by a bug in the Opera web browser.', 'log' => '"Header \'TE\' present but TE not specified in \'Connection\' header'),
- '69920ee5' => array('response' => 403, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'),
+ '69920ee5' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Header \'Referer\' present but blank'),
'6c502ff1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Bot not fully compliant with RFC 2965'),
'799165c2' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Rotating user-agents detected'),
'7a06532b' => array('response' => 400, 'explanation' => 'An invalid request was received from your browser. This may be caused by a malfunctioning proxy server or browser privacy software.', 'log' => 'Required header \'Accept-Encoding\' missing'),
@@ -34,6 +34,7 @@
'c1fa729b' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer.', 'log' => 'Use of rotating proxy servers detected'),
'cd361abb' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Data may not be posted from offsite forms.', 'log' => 'Referer did not point to a form on this site'),
'd60b87c7' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, please remove any viruses or spyware from your computer.', 'log' => 'Trackback received via proxy server'),
+ 'e3990b47' => array('response' => 403, 'explanation' => 'You do not have permission to access this server. Before trying again, please remove any viruses or spyware from your computer.', 'log' => 'Obviously fake trackback received'),
'dfd9b1ad' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'Request contained a malicious JavaScript or SQL injection attack'),
'e4de0453' => array('response' => 403, 'explanation' => 'An invalid request was received. You claimed to be a major search engine, but you do not appear to actually be a major search engine.', 'log' => 'User-Agent claimed to be msnbot, claim appears to be false'),
'e87553e1' => array('response' => 403, 'explanation' => 'You do not have permission to access this server.', 'log' => 'I know you and I don\'t like you, dirty spammer.'),
Modified: plog/trunk/plugins/badbehavior/bad-behavior/trackback.inc.php
===================================================================
--- plog/trunk/plugins/badbehavior/bad-behavior/trackback.inc.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/plugins/badbehavior/bad-behavior/trackback.inc.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -12,6 +12,16 @@
if (array_key_exists('Via', $package['headers_mixed']) || array_key_exists('Max-Forwards', $package['headers_mixed']) || array_key_exists('X-Forwarded-For', $package['headers_mixed']) || array_key_exists('Client-Ip', $package['headers_mixed'])) {
return 'd60b87c7';
}
+
+ // Fake WordPress trackbacks
+ // Real ones do not contain Accept:, and have a charset defined
+ // Real WP trackbacks may contain Accept: depending on the HTTP
+ // transport being used by the sending host
+ if (strpos($package['headers_mixed']['User-Agent'], "WordPress/") !== FALSE) {
+ if (strpos($package['headers_mixed']['Content-Type'], "charset=") === FALSE) {
+ return 'e3990b47';
+ }
+ }
return false;
}
Modified: plog/trunk/plugins/badbehavior/bad-behavior/version.inc.php
===================================================================
--- plog/trunk/plugins/badbehavior/bad-behavior/version.inc.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/plugins/badbehavior/bad-behavior/version.inc.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -1,3 +1,3 @@
<?php if (!defined('BB2_CWD')) die("I said no cheating!");
-define('BB2_VERSION', "2.0.26");
+define('BB2_VERSION', "2.0.36");
?>
Modified: plog/trunk/plugins/badbehavior/bad-behavior/whitelist.inc.php
===================================================================
--- plog/trunk/plugins/badbehavior/bad-behavior/whitelist.inc.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/plugins/badbehavior/bad-behavior/whitelist.inc.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -40,6 +40,21 @@
// DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
+ // Inappropriate whitelisting WILL expose you to spam, or cause Bad
+ // Behavior to stop functioning entirely! DO NOT WHITELIST unless you
+ // are 100% CERTAIN that you should.
+
+ // URLs are matched from the first / after the server name up to,
+ // but not including, the ? (if any).
+
+ // Includes two examples of whitelisting by URL.
+ $bb2_whitelist_urls = array(
+ // "/example.php",
+ // "/openid/server",
+ );
+
+ // DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER! DANGER!
+
// Do not edit below this line
if (!empty($bb2_whitelist_ip_ranges)) {
@@ -52,6 +67,16 @@
if (!strcmp($package['headers_mixed']['User-Agent'], $user_agent)) return true;
}
}
+ if (!empty($bb2_whitelist_urls)) {
+ if (strpos($package['request_uri'], "?") === FALSE) {
+ $request_uri = $package['request_uri'];
+ } else {
+ $request_uri = substr($package['request_uri'], 0, strpos($settings['request_uri'], "?"));
+ }
+ foreach ($bb2_whitelist_urls as $url) {
+ if (!strcmp($request_uri, $url)) return true;
+ }
+ }
return false;
}
Modified: plog/trunk/plugins/badbehavior/pluginbadbehavior.class.php
===================================================================
--- plog/trunk/plugins/badbehavior/pluginbadbehavior.class.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/plugins/badbehavior/pluginbadbehavior.class.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -20,7 +20,7 @@
$this->desc = "Bad Behavior for LifeType";
$this->author = "The Lifetype Project";
$this->db =& Db::getDb();
- $this->version = "20081202";
+ $this->version = "20100130";
$config =& Config::getConfig();
$prefix = Db::getPrefix();
Modified: plog/trunk/templates/admin/newlink.template
===================================================================
--- plog/trunk/templates/admin/newlink.template 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/templates/admin/newlink.template 2010-02-17 20:47:47 UTC (rev 6983)
@@ -4,4 +4,4 @@
{include file="$admintemplatepath/newlink_form.template"}
{include file="$admintemplatepath/footernavigation.template"}
-{include file="$admintemplatepath/footer.template"}
\ No newline at end of file
+{include file="$admintemplatepath/footer.template"}
Modified: plog/trunk/version.php
===================================================================
--- plog/trunk/version.php 2010-02-17 20:41:17 UTC (rev 6982)
+++ plog/trunk/version.php 2010-02-17 20:47:47 UTC (rev 6983)
@@ -1,3 +1,2 @@
<?php
$version = 'lifetype-2.0-dev';
-?>
More information about the pLog-svn
mailing list