[evolvis-commits] r9572: * improved security even if it was not so needed↵ * now take =?UTF-8?Q?s=20care=20of=20project=20par?==?UTF-8?Q?ameters=20?=( enable anonymous, project member) ↵
mirabilos at evolvis.org
mirabilos at evolvis.org
Thu Feb 24 17:27:46 CET 2011
Author: mirabilos
Date: 2011-02-24 17:27:46 +0100 (Thu, 24 Feb 2011)
New Revision: 9572
Modified:
trunk/gforge_base/evolvisforge-5.1/gforge/www/scm/cvsweb.php
Log:
* improved security even if it was not so needed
* now takes care of project parameters (enable anonymous, project member)
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/www/scm/cvsweb.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/www/scm/cvsweb.php 2011-02-24 16:27:45 UTC (rev 9571)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/www/scm/cvsweb.php 2011-02-24 16:27:46 UTC (rev 9572)
@@ -1,12 +1,10 @@
<?php
-exit;
-
/**
*
* Gforge cvsweb php wrapper
*
- * Copyright 2003 (c) Gforge
+ * Copyright 2003-2004 (c) Gforge
* http://gforge.org
*
* @version $Id$
@@ -15,27 +13,40 @@
require_once('pre.php'); // Initial db and session library, opens session
-if ("${contenttype}" != "text/plain") {
- $HTML->header(array('title'=>$Language->getText('index','welcome'),'pagename'=>'home'));
-} else {
- header("Content-type: $contenttype" );
+if (!$sys_use_cvs) {
+ exit_disabled();
}
-/*
-echo "<H3>QUERY_STRING =====> $QUERY_STRING <=====</H3>";
-echo "<H3>PATH_INFO =====> $PATH_INFO <=====</H3>";
-echo "<H3>HTTP_USER_AGENT =====> $HTTP_USER_AGENT <=====</H3>";
-echo "<H3>SCRIPT_NAME =====> $SCRIPT_NAME <=====</H3>";
-echo "<H3>contenttype =====> ${contenttype} <=====</H3>";
-*/
+$projectName = getStringFromGet('cvsroot');
-passthru("PHPWRAPPER=$SCRIPT_NAME $sys_path_to_cvsweb/cvsweb \"$PATH_INFO\" \"$QUERY_STRING\" ");
-//putenv("PHPWRAPPER=/scm/cvsweb.php");
-//passthru("/usr/lib/gforge/cgi-bin/cvsweb.cgi \"$PATH_INFO\" \"$QUERY_STRING\" ");
-//passthru("PHPWRAPPER=/scm/cvsweb.php /usr/lib/gforge/cgi-bin/cvsweb.cgi \"$PATH_INFO\" \"$QUERY_STRING\" ");
+if ($projectName) {
+ $Group =& group_get_object_by_name($projectName);
+ if (!$Group || !is_object($Group) || $Group->isError()) {
+ exit_no_group();
+ }
+ if (!$Group->isProject()) {
+ exit_error('Error',$Language->getText('scm_index','error_only_projects_can_use_cvs'));
+ }
+ if (!$Group->usesCVS()) {
+ exit_error('Error',$Language->getText('scm_index','error_this_project_has_turned_off'));
+ }
+ $perm = & $Group->getPermission(session_get_user());
+ if ((!$Group->enableAnonCVS() && !($perm && is_object($perm) && $perm->isMember())) || !isset($GLOBALS['sys_path_to_cvsweb']) || !is_file($GLOBALS['sys_path_to_cvsweb'].'/cvsweb')) {
+ exit_permission_denied();
+ }
+ if ($contenttype != 'text/plain') {
+ site_project_header(array('title'=>$Language->getText('scm_index','cvs_repository'),'group'=>$Group->getID(),'toptab'=>'scm_index','pagename'=>'scm_index','sectionvals'=>array($Group->getPublicName())));
+ } else {
+ header("Content-type: $contenttype" );
+ }
-if ("$contenttype" != "text/plain") {
-$HTML->footer(array());
+ passthru('PHPWRAPPER='.getStringFromServer('SCRIPT_NAME').' '.$GLOBALS['sys_path_to_cvsweb'].'/cvsweb "'.getStringFromServer('PATH_INFO').'" "'.getStringFromServer('QUERY_STRING').'" ');
+
+ if ($contenttype != 'text/plain') {
+ site_project_footer(array());
+ }
+} else {
+ exit_no_group();
}
?>
More information about the evolvis-commits
mailing list