Subject | Hash | Author | Date (UTC) |
---|---|---|---|
Test CSRF token for the rights for a repo. | e2d32e100f724e80ee623f191784ce429156ac39 | Catalin(ux) M. BOIE | 2012-03-22 03:54:37 |
Fixed anon push without create branch rights | 3d474b7a569b16d87a426d4c3b971a50b3299894 | Catalin(ux) M. BOIE | 2012-03-22 03:43:06 |
Use rg_repos for repositories | e5bda9469fddee7f201c22dfd89292830f4c342b | Catalin(ux) M. BOIE | 2012-03-22 03:42:06 |
Corrected <label> tags | 7e8621e79480b8964e04de8c54f10f1a702ea1fd | Catalin(ux) M. BOIE | 2012-03-20 04:25:38 |
Fixed unit testing | 31bfe5672e7d3b620d0e7b3c07ff72d84c149001 | Catalin(ux) M. BOIE | 2012-03-17 17:21:21 |
Fixed hook_update.sh unit testing | 86c4079e81efc5a4a7878e91d8f4318e443961f7 | Catalin(ux) M. BOIE | 2012-03-16 22:32:35 |
Bulk updates | f696473a7faee50782d3cc01e96cc85e7900b3de | Catalin(ux) M. BOIE | 2012-03-14 04:38:23 |
Style changes. | 87e30b1df29b7c6efa438be1cf369192a8068655 | Catalin(ux) M. BOIE | 2012-02-19 22:50:22 |
Bulk | 0923407bff68a58a0b7b034f8a6b4489ece5b237 | Catalin(ux) M. BOIE | 2012-02-12 22:21:44 |
Bulk update | 30310488bca37cefeba96b52b71c9c3e72c32907 | Catalin(ux) M. BOIE | 2011-12-15 23:34:03 |
Profiling tests. | afd1df2940fe440cde9b8ede988ff24c051a10d6 | Catalin(ux) M. BOIE | 2011-11-03 22:10:13 |
More bulk updates. | a2a2e2545eaad61d0c675ea2afb801f207534515 | Catalin(ux) M. BOIE | 2011-11-03 22:09:34 |
Another round of bulk updates. | 45bb00a88c420d439b4dd19971808722e4a70895 | Catalin(ux) M. BOIE | 2011-10-24 22:31:14 |
Bulk update. Mostly css. | 04734cd7cfc4fd4ec55dad70a3490f3065027639 | Catalin(ux) M. BOIE | 2011-10-03 23:18:26 |
Added rg_exec function and converted all calls from exec to rg_exec. | 097157e5886dace2b9f67ca238a1063a3baff4a0 | Catalin(ux) M. BOIE | 2011-09-28 03:28:49 |
Another round of bulk updates | cb9dbb75518ab3c214167646197ca7eb0de8e4e6 | Catalin(ux) M. BOIE | 2011-09-26 19:22:12 |
Bulk updates | cad0c710542dc3fb072268eba40b0abe11217fa9 | Catalin(ux) M. BOIE | 2011-09-21 20:25:23 |
Bulk changes. | d5274ef5f261086a2af6bd19ac04061bb3d55584 | Catalin(ux) M. BOIE | 2011-09-15 20:16:46 |
Store the fist instalation date in 'state' table. | e4ba8a9239e72e8de5eed0b3bb1f2a5f2d429105 | Catalin(ux) M. BOIE | 2011-08-31 16:14:44 |
Bulk changes. | 645d3deb19e399c05a8b14dd88c5151520482b6a | Catalin(ux) M. BOIE | 2011-08-25 20:39:25 |
File | Lines added | Lines deleted |
---|---|---|
TODO | 1 | 3 |
inc/admin/users/edit.php | 0 | 1 |
inc/user/repo/edit/edit.php | 0 | 1 |
inc/user/repo/rights/rights.php | 5 | 0 |
File TODO changed (mode: 100644) (index 02bb8c1..1812b68) | |||
1 | 1 | == BEFORE FIRST RELEASE! == | == BEFORE FIRST RELEASE! == |
2 | 2 | [ ] $rg_pass_key should be done in init.php | [ ] $rg_pass_key should be done in init.php |
3 | 3 | [ ] Test and fix update.php script. | [ ] Test and fix update.php script. |
4 | [ ] Check if rewinds are working as expected. | ||
5 | 4 | [ ] Fix the "edit repo" page! | [ ] Fix the "edit repo" page! |
6 | [ ] 'cop' variable is not good - I do not remember what it means! | ||
7 | [ ] CSRF token is not used in admin page for an ordinary user! | ||
8 | 5 | [ ] Update db structure at any function call (after an upgrade). (Deny any operation till schema update is done.) | [ ] Update db structure at any function call (after an upgrade). (Deny any operation till schema update is done.) |
9 | 6 | [ ] Check if repo_path is valid from security pov. | [ ] Check if repo_path is valid from security pov. |
10 | 7 | [ ] Make available the push requests. | [ ] Make available the push requests. |
12 | 9 | ||
13 | 10 | == Normal priority == | == Normal priority == |
14 | 11 | [ ] | [ ] |
12 | [ ] 'cop' variable is not good - I do not remember what it means! | ||
15 | 13 | [ ] $blocks = explode("@@left@@-=ROCKETGIT=-@@left@@", $a) - seems that \0 is replaced! | [ ] $blocks = explode("@@left@@-=ROCKETGIT=-@@left@@", $a) - seems that \0 is replaced! |
16 | 14 | [ ] Changing repo name probably is not working right. | [ ] Changing repo name probably is not working right. |
17 | 15 | [ ] Check XSRF attacks and other types. | [ ] Check XSRF attacks and other types. |
File inc/admin/users/edit.php changed (mode: 100644) (index 5bb01e3..8e48fa6) | |||
... | ... | $show_form = 1; | |
9 | 9 | $errmsg = array(); | $errmsg = array(); |
10 | 10 | ||
11 | 11 | if ($doit == 1) { | if ($doit == 1) { |
12 | // TODO: Check if user has the right to edit this info! | ||
13 | 12 | if (!rg_token_valid($db, $sid, $token)) { | if (!rg_token_valid($db, $sid, $token)) { |
14 | 13 | $_user_edit .= "Invalid token. Try again."; | $_user_edit .= "Invalid token. Try again."; |
15 | 14 | return; | return; |
File inc/user/repo/edit/edit.php changed (mode: 100644) (index 583d962..78170ee) | |||
... | ... | if ($doit == 1) { | |
10 | 10 | if (!rg_token_valid($db, $sid, $token)) { | if (!rg_token_valid($db, $sid, $token)) { |
11 | 11 | $_edit .= "Invalid token. Try again."; | $_edit .= "Invalid token. Try again."; |
12 | 12 | return; | return; |
13 | // TODO: call rg_security_violation everywhere! | ||
14 | 13 | } | } |
15 | 14 | ||
16 | 15 | $repo_id = rg_var_uint("repo_id"); | $repo_id = rg_var_uint("repo_id"); |
File inc/user/repo/rights/rights.php changed (mode: 100644) (index fcedf44..4c3987b) | |||
... | ... | while ($edit_uid > 0) { | |
46 | 46 | } | } |
47 | 47 | ||
48 | 48 | while ($doit == 1) { | while ($doit == 1) { |
49 | if (!rg_token_valid($db, $sid, $token)) { | ||
50 | $errmsg[] = "Invalid token. Try again."; | ||
51 | return; | ||
52 | } | ||
53 | |||
49 | 54 | // lookup user | // lookup user |
50 | 55 | $_ui = rg_user_info($db, 0, $target_user, ""); | $_ui = rg_user_info($db, 0, $target_user, ""); |
51 | 56 | if ($_ui['exists'] != 1) { | if ($_ui['exists'] != 1) { |