Changeset 1004 for trunk/admin

Timestamp:

Jan 15, 2006, 2:45:42 PM (18 years ago)

Author:

nikrou

Message:

Improve security of sessions:

• use only cookies to store session id on client side
• use default php session system with database handler to store sessions on server side

Location:

trunk/admin

Files:

• cat_list.php (modified) (6 diffs)
• cat_modify.php (modified) (4 diffs)
• cat_move.php (modified) (1 diff)
• cat_options.php (modified) (1 diff)
• cat_perm.php (modified) (1 diff)
• comments.php (modified) (2 diffs)
• configuration.php (modified) (1 diff)
• element_set_unit.php (modified) (1 diff)
• group_list.php (modified) (1 diff)
• group_perm.php (modified) (1 diff)
• intro.php (modified) (3 diffs)
• maintenance.php (modified) (1 diff)
• picture_modify.php (modified) (2 diffs)
• remote_site.php (modified) (3 diffs)
• stats.php (modified) (5 diffs)
• thumbnail.php (modified) (1 diff)
• user_list.php (modified) (2 diffs)
• user_perm.php (modified) (1 diff)
• waiting.php (modified) (1 diff)

trunk/admin/cat_list.php

@@ -66 +66 @@
 
 $base_url = PHPWG_ROOT_PATH.'admin.php?page=cat_list';
-$navigation = '<a class="" href="'.add_session_id($base_url).'">';
+$navigation = '<a class="" href="'.$base_url.'">';
 $navigation.= $lang['home'];
 $navigation.= '</a>';
@@ -239 +239 @@
   'CATEGORIES_NAV'=>$navigation,
   'NEXT_RANK'=>$next_rank,
-  'F_ACTION'=>add_session_id($form_action),
+  'F_ACTION'=>$form_action,
   
   'L_ADD_VIRTUAL'=>$lang['cat_add'],
@@ -319 +319 @@
       'RANK'=>$category['rank']*10,
 
-      'U_JUMPTO'=>
-      add_session_id(PHPWG_ROOT_PATH.'category.php?cat='.$category['id']),
-      
-      'U_CHILDREN'=>
-      add_session_id($cat_list_url.'&amp;parent_id='.$category['id']),
-      
-      'U_EDIT'=>
-      add_session_id($base_url.'cat_modify&amp;cat_id='.$category['id'])
+      'U_JUMPTO'=>PHPWG_ROOT_PATH.'category.php?cat='.$category['id'],
+      'U_CHILDREN'=>$cat_list_url.'&amp;parent_id='.$category['id'],      
+      'U_EDIT'=>$base_url.'cat_modify&amp;cat_id='.$category['id']
       )
     );
@@ -335 +330 @@
       'category.delete',
       array(
-        'URL'=>add_session_id($self_url.'&amp;delete='.$category['id'])
+        'URL'=>$self_url.'&amp;delete='.$category['id']
         )
       );
@@ -345 +340 @@
       'category.elements',
       array(
-        'URL'=>add_session_id($base_url.'element_set&amp;cat='.$category['id'])
+        'URL'=>$base_url.'element_set&amp;cat='.$category['id']
         )
       );
@@ -355 +350 @@
       'category.permissions',
       array(
-        'URL'=>add_session_id($base_url.'cat_perm&amp;cat='.$category['id'])
+        'URL'=>$base_url.'cat_perm&amp;cat='.$category['id']
         )
       );

trunk/admin/cat_modify.php

@@ -172 +172 @@
   'L_SET_RANDOM_REPRESENTANT'=>$lang['cat_representant'],
 
-  'U_JUMPTO'=>
-    add_session_id(PHPWG_ROOT_PATH.'category.php?cat='.$category['id']),
-  'U_CHILDREN'=>
-    add_session_id($cat_list_url.'&parent_id='.$category['id']),
+  'U_JUMPTO'=>PHPWG_ROOT_PATH.'category.php?cat='.$category['id'],
+  'U_CHILDREN'=>$cat_list_url.'&parent_id='.$category['id'],
   'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=cat_modify',
    
-  'F_ACTION'=>add_session_id($form_action)
+  'F_ACTION'=>$form_action
   ));
 
@@ -187 +185 @@
     'permissions',
     array(
-      'URL'=>add_session_id($base_url.'cat_perm&cat='.$category['id'])
+      'URL'=>$base_url.'cat_perm&cat='.$category['id']
         )
     );
@@ -198 +196 @@
     'elements',
     array(
-      'URL'=>add_session_id($base_url.'element_set&cat='.$category['id'])
+      'URL'=>$base_url.'element_set&cat='.$category['id']
       )
     );
@@ -268 +266 @@
     'delete',
     array(
-      'URL'=>add_session_id($self_url.'&delete='.$category['id'])
+      'URL'=>$self_url.'&delete='.$category['id']
       )
     );

trunk/admin/cat_move.php

@@ -69 +69 @@
 $template->assign_vars(
   array(
-    'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=cat_move'),
+    'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=cat_move',
     )
   );

trunk/admin/cat_options.php

@@ -154 +154 @@
     'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=cat_options',
     
-    'F_ACTION'=>add_session_id($base_url.$page['section'])
+    'F_ACTION'=>$base_url.$page['section']
    )
  );

trunk/admin/cat_perm.php

@@ -208 +208 @@
         ),
     'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=cat_perm',
-    'F_ACTION' =>
-      add_session_id(
-        PHPWG_ROOT_PATH.'admin.php?page=cat_perm&cat='.$page['cat']
-        )
+    'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=cat_perm&cat='.$page['cat']
     )
   );

trunk/admin/comments.php

@@ -118 +118 @@
 $template->assign_vars(
   array(
-    'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=comments')
+    'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=comments'
     )
   );
@@ -142 +142 @@
     array(
       'U_PICTURE' =>
-        add_session_id(
           PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
-          '&image_id='.$row['image_id']
-          ),
+          '&image_id='.$row['image_id'],
       'ID' => $row['id'],
       'TN_SRC' => get_thumbnail_src($row['path'], @$row['tn_ext']),

trunk/admin/configuration.php

@@ -150 +150 @@
     'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=configuration',
     
-    'F_ACTION'=>add_session_id($action)
+    'F_ACTION'=>$action
     ));
 

trunk/admin/element_set_unit.php

@@ -223 +223 @@
             $row['name'] : get_name_from_file($row['file']),
         'U_EDIT' =>
-          add_session_id(
             PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
-            '&image_id='.$row['id']
-            ),
+            '&image_id='.$row['id'],
         'ID' => $row['id'],
         'FILENAME' => $row['path'],

trunk/admin/group_list.php

@@ -125 +125 @@
 $template->assign_vars(
   array(
-    'F_ADD_ACTION' =>
-      add_session_id(PHPWG_ROOT_PATH.'admin.php?page=group_list')
+    'F_ADD_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=group_list'
     )
   );

trunk/admin/group_perm.php

@@ -141 +141 @@
     
     'F_ACTION' =>
-      add_session_id(
         PHPWG_ROOT_PATH.
         'admin.php?page=group_perm&group_id='.
         $page['group']
-        )
     )
   );

trunk/admin/intro.php

@@ -176 +176 @@
     'DB_GROUPS' => sprintf(l10n('%d groups'), $nb_groups),
     'DB_COMMENTS' => sprintf(l10n('%d comments'), $nb_comments),
-    'U_CHECK_UPGRADE' =>
-      add_session_id(PHPWG_ROOT_PATH.'admin.php?action=check_upgrade'),
-    'U_PHPINFO' =>
-      add_session_id(PHPWG_ROOT_PATH.'admin.php?action=phpinfo')
+    'U_CHECK_UPGRADE' => PHPWG_ROOT_PATH.'admin.php?action=check_upgrade',
+    'U_PHPINFO' => PHPWG_ROOT_PATH.'admin.php?action=phpinfo'
     )
   );
@@ -216 +214 @@
     'waiting',
     array(
-      'URL' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=waiting'),
+      'URL' => PHPWG_ROOT_PATH.'admin.php?page=waiting',
       'INFO' => sprintf(l10n('%d waiting for validation'), $nb_waiting)
       )
@@ -235 +233 @@
     'unvalidated',
     array(
-      'URL' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=comments'),
+      'URL' => PHPWG_ROOT_PATH.'admin.php?page=comments',
       'INFO' => sprintf(l10n('%d waiting for validation'), $nb_comments)
       )

trunk/admin/maintenance.php

@@ -99 +99 @@
 $template->assign_vars(
   array(
-    'U_MAINT_CATEGORIES' => add_session_id($start_url.'categories'),
-    'U_MAINT_IMAGES' => add_session_id($start_url.'images'),
-    'U_MAINT_HISTORY' => add_session_id($start_url.'history'),
-    'U_MAINT_SESSIONS' => add_session_id($start_url.'sessions'),
-    'U_MAINT_FEEDS' => add_session_id($start_url.'feeds'),
+    'U_MAINT_CATEGORIES' => $start_url.'categories',
+    'U_MAINT_IMAGES' => $start_url.'images',
+    'U_MAINT_HISTORY' => $start_url.'history',
+    'U_MAINT_SESSIONS' => $start_url.'sessions',
+    'U_MAINT_FEEDS' => $start_url.'feeds',
     'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=maintenance',
     )

trunk/admin/picture_modify.php

@@ -196 +196 @@
   array(
     'U_SYNC' =>
-      add_session_id(
         PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
         '&image_id='.$_GET['image_id'].
         (isset($_GET['cat_id']) ? '&cat_id='.$_GET['cat_id'] : '').
-        '&sync_metadata=1'
-        ),
+        '&sync_metadata=1',
     
     'PATH'=>$row['path'],
@@ -231 +229 @@
   
     'F_ACTION' =>
-      add_session_id(
         PHPWG_ROOT_PATH.'admin.php'
         .get_query_string_diff(array('sync_metadata'))
-        )
     )
   );

trunk/admin/remote_site.php

@@ -516 +516 @@
     'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=remote_site',
     
-    'F_ACTION'=>add_session_id(PHPWG_ROOT_PATH.'admin.php?page=remote_site')
+    'F_ACTION'=>PHPWG_ROOT_PATH.'admin.php?page=remote_site'
    )
  );
@@ -687 +687 @@
       array(
         'URL' => $url,
-        'U_UPDATE' => add_session_id($base_url.'local_update')
+        'U_UPDATE' => $base_url.'local_update'
         )
       );
@@ -732 +732 @@
     array(
       'NAME' => $row['galleries_url'],
-      'U_GENERATE' => add_session_id($base_url.'generate'),
-      'U_UPDATE' => add_session_id($base_url.'update'),
-      'U_CLEAN' => add_session_id($base_url.'clean'),
-      'U_DELETE' => add_session_id($base_url.'delete')
+      'U_GENERATE' => $base_url.'generate',
+      'U_UPDATE' => $base_url.'update',
+      'U_CLEAN' => $base_url.'clean',
+      'U_DELETE' => $base_url.'delete'
      )
    );

trunk/admin/stats.php

@@ -63 +63 @@
   $title_page=$lang['stats_day_title'].' du '.$date_of_day;
   $url_back = PHPWG_ROOT_PATH."admin.php?page=stats";
-  $url_back = add_session_id($url_back);
+  $url_back = $url_back;
   $title_details='<a href='.$url_back.'>'.$lang['stats_day_title'].'</a>';
   $title_day = $date_of_day;
@@ -72 +72 @@
   $title_page=$lang['stats_month_title'].' : '.$date_of_day;
   $url_back = PHPWG_ROOT_PATH."admin.php?page=stats";
-  $url_back = add_session_id($url_back);
+  $url_back = $url_back;
   $title_details='<a href='.$url_back.'>'.$lang['stats_day_title'].'</a>';
   $title_day=$lang['today'];
@@ -106 +106 @@
   'L_STAT_PICTURE'=>$lang['stats_picture'],
   
-  'IMG_REPORT'=>add_session_id($url_img)
+  'IMG_REPORT'=>$url_img
   ));
 
@@ -142 +142 @@
       ;
 
-    $value = '<a href="'.add_session_id($url).'">';
+    $value = '<a href="'.$url.'">';
     $value.= $row['d'].' ('.$week_day.')';
     $value.= "</a>";
@@ -161 +161 @@
       ;
     
-    $value = '<a href="'.add_session_id($url).'">';
+    $value = '<a href="'.$url.'">';
     $value.= $lang['month'][$row['m']].' '.$row['y'];
     $value.= "</a>";

trunk/admin/thumbnail.php

@@ -359 +359 @@
     'params',
     array(
-      'F_ACTION'=>add_session_id($form_url),
+      'F_ACTION'=>$form_url,
       $gdlabel=>'checked="checked"',
       $nlabel=>'checked="checked"',

trunk/admin/user_list.php

@@ -425 +425 @@
 $template->set_filenames(array('user_list'=>'admin/user_list.tpl'));
 
-$base_url = add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_list');
+$base_url = PHPWG_ROOT_PATH.'admin.php?page=user_list';
 
 if (isset($_GET['start']) and is_numeric($_GET['start']))
@@ -791 +791 @@
       'ID' => $local_user['id'],
       'CHECKED' => $checked,
-      'U_MOD' => add_session_id($profile_url.$local_user['id']),
-      'U_PERM' => add_session_id($perm_url.$local_user['id']),
+      'U_MOD' => $profile_url.$local_user['id'],
+      'U_PERM' => $perm_url.$local_user['id'],
       'USERNAME' => $local_user['username'],
       'STATUS' => $lang['user_status_'.$local_user['status']],

trunk/admin/user_perm.php

@@ -134 +134 @@
     
     'F_ACTION' =>
-      add_session_id(
         PHPWG_ROOT_PATH.
         'admin.php?page=user_perm'.
         '&user_id='.$page['user']
-        )
     )
   );

trunk/admin/waiting.php

@@ -149 +149 @@
   'L_DELETE'=>$lang['delete'],
   
-  'F_ACTION'=>add_session_id(str_replace( '&', '&', $_SERVER['REQUEST_URI'] ))
+  'F_ACTION'=>str_replace( '&', '&', $_SERVER['REQUEST_URI'])
   ));