[marginalia] r542 committed - License with GPL3...
1 view
Skip to first unread message
margi...@googlecode.com
Jun 21, 2012, 1:55:23 AM6/21/12
to marginali...@googlegroups.com
Revision: 542
Author: geof.glass
Date: Wed Jun 20 22:55:01 2012
Log: License with GPL3
CSRF fixes
Fix annotation delete
http://code.google.com/p/marginalia/source/detail?r=542
Modified:
/marginalia-php/trunk/marginalia-php/Annotation.php
/marginalia-php/trunk/marginalia-php/AnnotationService.php
/marginalia-php/trunk/marginalia-php/AnnotationUserSummary.php
/marginalia-php/trunk/marginalia-php/BlockPointIterator.php
/marginalia-php/trunk/marginalia-php/Keyword.php
/marginalia-php/trunk/marginalia-php/KeywordService.php
/marginalia-php/trunk/marginalia-php/MarginaliaHelper.php
/marginalia-php/trunk/marginalia-php/RangeInfo.php
/marginalia-php/trunk/marginalia-php/SequenceRange.php
/marginalia-php/trunk/marginalia-php/XPathRange.php
/marginalia-php/trunk/marginalia-php/embed.php
=======================================
--- /marginalia-php/trunk/marginalia-php/Annotation.php Wed May 30 14:55:33
2012
+++ /marginalia-php/trunk/marginalia-php/Annotation.php Wed Jun 20 22:55:01
2012
@@ -13,7 +13,7 @@
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
+ * as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
=======================================
--- /marginalia-php/trunk/marginalia-php/AnnotationService.php Wed May 30
14:55:33 2012
+++ /marginalia-php/trunk/marginalia-php/AnnotationService.php Wed Jun 20
22:55:01 2012
@@ -9,12 +9,12 @@
* Canada, the UNDESA Africa i-Parliaments Action Plan, and
* units and individuals within those organizations. Many
* thanks to all of them. See CREDITS.html for details.
- * Copyright (C) 2005-2011 Geoffrey Glass; the United Nations
+ * Copyright (C) 2005-2007 Geoffrey Glass; the United Nations
* http://www.geof.net/code/annotation
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
+ * as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
@@ -71,7 +71,7 @@
// default for optional arguments
$this->baseUrl = null;
$this->niceUrls = False;
- $this->csrfParam = null;
+ $this->csrfCookie = null;
$this->csrfCookieValue = null;
$this->noPutDelete = False;
@@ -111,11 +111,11 @@
$this->noPutDelete = $value;
break;
- // The name of the parameter containing the session cookie and its
expected value
+ // The name of the session cookie and its value
// Used to prevent cross-site request forgeries
- // Client must configure csrfCookie (but definitely *not*
csrfCookieValue)
- case 'csrfParam':
- $this->csrfParam = $value;
+ // Client must also configure csrfCookie (but definitely *not*
csrfCookieValue)
+ case 'csrfCookie':
+ $this->csrfCookie = $value;
break;
case 'csrfCookieValue':
$this->csrfCookieValue = $value;
@@ -151,16 +151,12 @@
// Verify that the request was sent from within a valid session
// Used to prevent cross-site request forgery
+ // Parameter name is always "csrf"
function verifySession( $params )
{
- $success = ! $this->csrfParam ||
- ( array_key_exists( $this->csrfParam, $params )
- && $this->csrfCookieValue == $params[ $this->csrfParam ] );
-/* if ( ! $success )
- echo 'submit csrf: '.$params[$this->csrfParam]
- .', cookie name: '.$this->csrfParam
- .", correct csrf: ".$this->csrfCookieValue;
-*/ return $success;
+ return ! $this->csrfCookie ||
+ ( array_key_exists( 'csrf', $params )
+ && $this->csrfCookieValue == $params[ 'csrf' ] );
}
function parseAnnotationId( )
@@ -274,10 +270,7 @@
$this->httpError( 403, 'Forbidden', 'Must be logged in' );
elseif ( $this->beginRequest( ) )
{
- if ( $this->doDeleteAnnotation( $id ) )
- header( "HTTP/1.1 204 Deleted" );
- else
- $this->httpError( 500, 'Internal Error', 'Delete failed' );
+ $this->deleteAnnotation( $id );
$this->endRequest( );
}
else
@@ -370,7 +363,7 @@
// Check for cross-site request forgery
if ( ! $this->verifySession( $params ) )
{
- $this->httpError( 403, 'Forbidden', 'Illegal request' );
+ $this->httpError( 403, 'Forbidden', 'Illegal request.' );
return;
}
@@ -481,18 +474,19 @@
function deleteAnnotation( $id )
{
// Check for cross-site request forgery
- if ( ! $this->verifySession( $params ) )
+ // unfortunately the csrf param is in the GET params
+ if ( ! $this->verifySession( $_GET ) )
{
$this->httpError( 403, 'Forbidden', 'Illegal request' );
return;
}
- $annotation = $this->doGetAnnotation( $id );
+ $annotation = $this->doGetAnnotation( $id, null );
if ( null === $annotation )
$this->httpError( 404, 'Not Found', 'No such annotation' );
elseif ( $this->currentUserId != $annotation->getUserId( ) )
$this->httpError( 403, 'Forbidden', 'Not your annotation' );
- elseif ( $this->doDeleteAnnotation( $id ) )
+ elseif ( $this->doDeleteAnnotation( $annotation ) )
header( "HTTP/1.1 204 Deleted" );
else
$this->httpError( 500, 'Internal Service Error', 'Deleted failed' );
=======================================
--- /marginalia-php/trunk/marginalia-php/AnnotationUserSummary.php Sat Nov
29 22:51:03 2008
+++ /marginalia-php/trunk/marginalia-php/AnnotationUserSummary.php Wed Jun
20 22:55:01 2012
@@ -15,7 +15,7 @@
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
+ * as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
=======================================
--- /marginalia-php/trunk/marginalia-php/BlockPointIterator.php Wed Jul 25
19:45:21 2007
+++ /marginalia-php/trunk/marginalia-php/BlockPointIterator.php Wed Jun 20
22:55:01 2012
@@ -14,7 +14,7 @@
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
+ * as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
=======================================
--- /marginalia-php/trunk/marginalia-php/Keyword.php Fri May 30 11:43:50
2008
+++ /marginalia-php/trunk/marginalia-php/Keyword.php Wed Jun 20 22:55:01
2012
@@ -13,7 +13,7 @@
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
+ * as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
=======================================
--- /marginalia-php/trunk/marginalia-php/KeywordService.php Fri May 30
11:43:50 2008
+++ /marginalia-php/trunk/marginalia-php/KeywordService.php Wed Jun 20
22:55:01 2012
@@ -14,7 +14,7 @@
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
+ * as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
@@ -49,7 +49,7 @@
var $servicePath; // URL to the annotation service
var $errorSent; // Only send one HTTP error - if this is set, don't send
another
var $niceUrls; // True or False
- var $currentUserId; // ID (username) of the current user, or null if none
+ var $currentUserId; // ID of the current user, or null if none
function KeywordService( $host, $servicePath, $currentUserId,
$baseUrl='', $niceUrls=False )
{
=======================================
--- /marginalia-php/trunk/marginalia-php/MarginaliaHelper.php Wed May 30
14:55:33 2012
+++ /marginalia-php/trunk/marginalia-php/MarginaliaHelper.php Wed Jun 20
22:55:01 2012
@@ -14,7 +14,7 @@
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
+ * as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
=======================================
--- /marginalia-php/trunk/marginalia-php/RangeInfo.php Sat Nov 29 22:51:03
2008
+++ /marginalia-php/trunk/marginalia-php/RangeInfo.php Wed Jun 20 22:55:01
2012
@@ -15,7 +15,7 @@
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
+ * as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
=======================================
--- /marginalia-php/trunk/marginalia-php/SequenceRange.php Sun Dec 14
18:41:03 2008
+++ /marginalia-php/trunk/marginalia-php/SequenceRange.php Wed Jun 20
22:55:01 2012
@@ -13,7 +13,7 @@
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
+ * as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
=======================================
--- /marginalia-php/trunk/marginalia-php/XPathRange.php Wed May 30 14:55:33
2012
+++ /marginalia-php/trunk/marginalia-php/XPathRange.php Wed Jun 20 22:55:01
2012
@@ -13,7 +13,7 @@
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
+ * as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
=======================================
--- /marginalia-php/trunk/marginalia-php/embed.php Wed May 30 14:55:33 2012
+++ /marginalia-php/trunk/marginalia-php/embed.php Wed Jun 20 22:55:01 2012
@@ -14,7 +14,7 @@
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
+ * as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
@@ -34,8 +34,8 @@
return array (
'3rd-party/jquery.js'
,'3rd-party/jquery.url.js'
- ,'3rd-party/date.js'
,'3rd-party/jquery.dates.js'
+ ,'3rd-party/date.js'
,"3rd-party/shortcut.js"
,"3rd-party.js"
Author: geof.glass
Date: Wed Jun 20 22:55:01 2012
Log: License with GPL3
CSRF fixes
Fix annotation delete
http://code.google.com/p/marginalia/source/detail?r=542
Modified:
/marginalia-php/trunk/marginalia-php/Annotation.php
/marginalia-php/trunk/marginalia-php/AnnotationService.php
/marginalia-php/trunk/marginalia-php/AnnotationUserSummary.php
/marginalia-php/trunk/marginalia-php/BlockPointIterator.php
/marginalia-php/trunk/marginalia-php/Keyword.php
/marginalia-php/trunk/marginalia-php/KeywordService.php
/marginalia-php/trunk/marginalia-php/MarginaliaHelper.php
/marginalia-php/trunk/marginalia-php/RangeInfo.php
/marginalia-php/trunk/marginalia-php/SequenceRange.php
/marginalia-php/trunk/marginalia-php/XPathRange.php
/marginalia-php/trunk/marginalia-php/embed.php
=======================================
--- /marginalia-php/trunk/marginalia-php/Annotation.php Wed May 30 14:55:33
2012
+++ /marginalia-php/trunk/marginalia-php/Annotation.php Wed Jun 20 22:55:01
2012
@@ -13,7 +13,7 @@
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
+ * as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
=======================================
--- /marginalia-php/trunk/marginalia-php/AnnotationService.php Wed May 30
14:55:33 2012
+++ /marginalia-php/trunk/marginalia-php/AnnotationService.php Wed Jun 20
22:55:01 2012
@@ -9,12 +9,12 @@
* Canada, the UNDESA Africa i-Parliaments Action Plan, and
* units and individuals within those organizations. Many
* thanks to all of them. See CREDITS.html for details.
- * Copyright (C) 2005-2011 Geoffrey Glass; the United Nations
+ * Copyright (C) 2005-2007 Geoffrey Glass; the United Nations
* http://www.geof.net/code/annotation
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
+ * as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
@@ -71,7 +71,7 @@
// default for optional arguments
$this->baseUrl = null;
$this->niceUrls = False;
- $this->csrfParam = null;
+ $this->csrfCookie = null;
$this->csrfCookieValue = null;
$this->noPutDelete = False;
@@ -111,11 +111,11 @@
$this->noPutDelete = $value;
break;
- // The name of the parameter containing the session cookie and its
expected value
+ // The name of the session cookie and its value
// Used to prevent cross-site request forgeries
- // Client must configure csrfCookie (but definitely *not*
csrfCookieValue)
- case 'csrfParam':
- $this->csrfParam = $value;
+ // Client must also configure csrfCookie (but definitely *not*
csrfCookieValue)
+ case 'csrfCookie':
+ $this->csrfCookie = $value;
break;
case 'csrfCookieValue':
$this->csrfCookieValue = $value;
@@ -151,16 +151,12 @@
// Verify that the request was sent from within a valid session
// Used to prevent cross-site request forgery
+ // Parameter name is always "csrf"
function verifySession( $params )
{
- $success = ! $this->csrfParam ||
- ( array_key_exists( $this->csrfParam, $params )
- && $this->csrfCookieValue == $params[ $this->csrfParam ] );
-/* if ( ! $success )
- echo 'submit csrf: '.$params[$this->csrfParam]
- .', cookie name: '.$this->csrfParam
- .", correct csrf: ".$this->csrfCookieValue;
-*/ return $success;
+ return ! $this->csrfCookie ||
+ ( array_key_exists( 'csrf', $params )
+ && $this->csrfCookieValue == $params[ 'csrf' ] );
}
function parseAnnotationId( )
@@ -274,10 +270,7 @@
$this->httpError( 403, 'Forbidden', 'Must be logged in' );
elseif ( $this->beginRequest( ) )
{
- if ( $this->doDeleteAnnotation( $id ) )
- header( "HTTP/1.1 204 Deleted" );
- else
- $this->httpError( 500, 'Internal Error', 'Delete failed' );
+ $this->deleteAnnotation( $id );
$this->endRequest( );
}
else
@@ -370,7 +363,7 @@
// Check for cross-site request forgery
if ( ! $this->verifySession( $params ) )
{
- $this->httpError( 403, 'Forbidden', 'Illegal request' );
+ $this->httpError( 403, 'Forbidden', 'Illegal request.' );
return;
}
@@ -481,18 +474,19 @@
function deleteAnnotation( $id )
{
// Check for cross-site request forgery
- if ( ! $this->verifySession( $params ) )
+ // unfortunately the csrf param is in the GET params
+ if ( ! $this->verifySession( $_GET ) )
{
$this->httpError( 403, 'Forbidden', 'Illegal request' );
return;
}
- $annotation = $this->doGetAnnotation( $id );
+ $annotation = $this->doGetAnnotation( $id, null );
if ( null === $annotation )
$this->httpError( 404, 'Not Found', 'No such annotation' );
elseif ( $this->currentUserId != $annotation->getUserId( ) )
$this->httpError( 403, 'Forbidden', 'Not your annotation' );
- elseif ( $this->doDeleteAnnotation( $id ) )
+ elseif ( $this->doDeleteAnnotation( $annotation ) )
header( "HTTP/1.1 204 Deleted" );
else
$this->httpError( 500, 'Internal Service Error', 'Deleted failed' );
=======================================
--- /marginalia-php/trunk/marginalia-php/AnnotationUserSummary.php Sat Nov
29 22:51:03 2008
+++ /marginalia-php/trunk/marginalia-php/AnnotationUserSummary.php Wed Jun
20 22:55:01 2012
@@ -15,7 +15,7 @@
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
+ * as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
=======================================
--- /marginalia-php/trunk/marginalia-php/BlockPointIterator.php Wed Jul 25
19:45:21 2007
+++ /marginalia-php/trunk/marginalia-php/BlockPointIterator.php Wed Jun 20
22:55:01 2012
@@ -14,7 +14,7 @@
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
+ * as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
=======================================
--- /marginalia-php/trunk/marginalia-php/Keyword.php Fri May 30 11:43:50
2008
+++ /marginalia-php/trunk/marginalia-php/Keyword.php Wed Jun 20 22:55:01
2012
@@ -13,7 +13,7 @@
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
+ * as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
=======================================
--- /marginalia-php/trunk/marginalia-php/KeywordService.php Fri May 30
11:43:50 2008
+++ /marginalia-php/trunk/marginalia-php/KeywordService.php Wed Jun 20
22:55:01 2012
@@ -14,7 +14,7 @@
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
+ * as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
@@ -49,7 +49,7 @@
var $servicePath; // URL to the annotation service
var $errorSent; // Only send one HTTP error - if this is set, don't send
another
var $niceUrls; // True or False
- var $currentUserId; // ID (username) of the current user, or null if none
+ var $currentUserId; // ID of the current user, or null if none
function KeywordService( $host, $servicePath, $currentUserId,
$baseUrl='', $niceUrls=False )
{
=======================================
--- /marginalia-php/trunk/marginalia-php/MarginaliaHelper.php Wed May 30
14:55:33 2012
+++ /marginalia-php/trunk/marginalia-php/MarginaliaHelper.php Wed Jun 20
22:55:01 2012
@@ -14,7 +14,7 @@
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
+ * as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
=======================================
--- /marginalia-php/trunk/marginalia-php/RangeInfo.php Sat Nov 29 22:51:03
2008
+++ /marginalia-php/trunk/marginalia-php/RangeInfo.php Wed Jun 20 22:55:01
2012
@@ -15,7 +15,7 @@
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
+ * as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
=======================================
--- /marginalia-php/trunk/marginalia-php/SequenceRange.php Sun Dec 14
18:41:03 2008
+++ /marginalia-php/trunk/marginalia-php/SequenceRange.php Wed Jun 20
22:55:01 2012
@@ -13,7 +13,7 @@
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
+ * as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
=======================================
--- /marginalia-php/trunk/marginalia-php/XPathRange.php Wed May 30 14:55:33
2012
+++ /marginalia-php/trunk/marginalia-php/XPathRange.php Wed Jun 20 22:55:01
2012
@@ -13,7 +13,7 @@
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
+ * as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
=======================================
--- /marginalia-php/trunk/marginalia-php/embed.php Wed May 30 14:55:33 2012
+++ /marginalia-php/trunk/marginalia-php/embed.php Wed Jun 20 22:55:01 2012
@@ -14,7 +14,7 @@
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
+ * as published by the Free Software Foundation; either version 3
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
@@ -34,8 +34,8 @@
return array (
'3rd-party/jquery.js'
,'3rd-party/jquery.url.js'
- ,'3rd-party/date.js'
,'3rd-party/jquery.dates.js'
+ ,'3rd-party/date.js'
,"3rd-party/shortcut.js"
,"3rd-party.js"
Reply all
Reply to author
Forward
0 new messages