Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
authorDan
Sat, 25 Aug 2007 12:11:31 -0400
changeset 98 6457a9b983c6
parent 97 293148ad7a70
child 99 2332ebd75f61
Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
includes/clientside/static/paginate.js
includes/constants.php
includes/template.php
install.php
--- a/includes/clientside/static/paginate.js	Sun Aug 19 16:22:04 2007 -0400
+++ b/includes/clientside/static/paginate.js	Sat Aug 25 12:11:31 2007 -0400
@@ -193,8 +193,12 @@
   
 }
 
+var __paginateLock = false;
+
 function jspaginator_goto(pagin_id, jump_to)
 {
+  if ( __paginateLock )
+    return false;
   var theobj = pagin_objects[pagin_id];
   var current_div = false;
   var new_div = false;
@@ -239,6 +243,7 @@
   }
   else
   {
+    __paginateLock = true;
     var fade_time = 375;
     var code = 'var old = \'' + current_div.id + '\';';
     code    += 'var newer = \'' + new_div.id + '\';';
@@ -246,6 +251,7 @@
     code    += 'changeOpac(0, newer);';
     code    += 'document.getElementById(newer).style.display = "block";';
     code    += 'opacity(newer, 0, 100, '+fade_time+');';
+    code    += '__paginateLock = false;';
     // if ( window.console )
       // window.console.debug('metacode for fader: ', code);
     opacity(current_div.id, 100, 0, fade_time);
--- a/includes/constants.php	Sun Aug 19 16:22:04 2007 -0400
+++ b/includes/constants.php	Sat Aug 25 12:11:31 2007 -0400
@@ -92,7 +92,9 @@
 
 // Security
 
-define('AES_BITS', 192); // AES cipher strength - defaults to 192 and cannot be changed after installation
+// AES cipher strength - defaults to 192 and cannot be changed after installation.
+// This can be 128, 192, or 256.
+define('AES_BITS', 192);
 
 // Define this to enable Mcrypt support which makes encryption work faster. This is only triggered if Mcrypt support is detected.
 // THIS IS DISABLED BECAUSE MCRYPT DOES NOT SEEM TO SUPPORT THE AES BLOCK SIZES THAT ENANO USES.
--- a/includes/template.php	Sun Aug 19 16:22:04 2007 -0400
+++ b/includes/template.php	Sat Aug 25 12:11:31 2007 -0400
@@ -1682,7 +1682,14 @@
       $dbg = 'Time: '.$f.'s  |  Queries: '.$nq;
       $t = $this->process_template('footer.tpl');
       $t = str_replace('[[Stats]]', $dbg, $t);
-      $t = str_replace('[[NumQueries]]', (string)$db->num_queries, $t);
+      if ( is_object($db) )
+      {
+        $t = str_replace('[[NumQueries]]', (string)$db->num_queries, $t);
+      }
+      else
+      {
+        $t = str_replace('[[NumQueries]]', '0', $t);
+      }
       $t = str_replace('[[GenTime]]', (string)$f, $t);
       
       echo $t;
--- a/install.php	Sun Aug 19 16:22:04 2007 -0400
+++ b/install.php	Sat Aug 25 12:11:31 2007 -0400
@@ -216,8 +216,8 @@
                        is enabled, an attacker can run arbitrary code on your server! Enabling this will also allow administrators to
                        embed Javascript and arbitrary HTML and CSS.</p>
                     <p>If you don\'t have experience coding in PHP, you can safely disable this option. You may change this at any time
-                       using the ACL editor by selecting the Administrators group and This Entire Website under the scope selection, or by
-                       using the "embedded PHP kill switch" in the administration panel.</p>';
+                       using the ACL editor by selecting the Administrators group and This Entire Website under the scope selection. <!-- , or by
+                       using the "embedded PHP kill switch" in the administration panel. --></p>';
         break;
       default:
         $title = 'Invalid topic';
@@ -759,7 +759,7 @@
       {
         var frm = document.forms.login;
         ret = true;
-        if(frm.admin_user.value.match(/^([A-z0-9 \-\.]+)$/g))
+        if ( frm.admin_user.value.match(/^([A-z0-9 \-\.]+)$/g) && !frm.admin_user.value.match(/^(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])$/) && frm.admin_user.value.toLowerCase() != 'anonymous' )
         {
           document.getElementById('s_user').src = 'images/good.gif';
         }
@@ -806,7 +806,7 @@
       ?>
       <p>Next, enter your desired username and password. The account you create here will be used to administer your site.</p>
       <table border="0">
-        <tr><td><b>Administration username</b><br />The administration username you will use to log into your site.</td><td><input onkeyup="verify();" name="admin_user" type="text" size="30" /></td><td><img id="s_user" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+        <tr><td><b>Administration username</b><br /><small>The administration username you will use to log into your site.<br />This cannot be "anonymous" or in the form of an IP address.</small></td><td><input onkeyup="verify();" name="admin_user" type="text" size="30" /></td><td><img id="s_user" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
         <tr><td>Administration password:</td><td><input onkeyup="verify();" name="admin_pass" type="password" size="30" /></td><td rowspan="2"><img id="s_password" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
         <tr><td>Enter it again to confirm:</td><td><input onkeyup="verify();" name="admin_pass_confirm" type="password" size="30" /></td></tr>
         <tr><td>Your e-mail address:</td><td><input onkeyup="verify();" name="admin_email" type="text" size="30" /></td><td><img id="s_email" alt="Good/bad icon" src="images/bad.gif" /></td></tr>