public function __construct(CSRFSynchronizerToken $csrf, $project_id, array $repositories) { $are_mirrors_defined = true; parent::__construct($project_id, $are_mirrors_defined); $this->csrf_input = $csrf->fetchHTMLInput(); $this->manage_mass_update_select_repositories = true; $this->repositories = $repositories; }
public function __construct(CSRFSynchronizerToken $csrf, $project_id, array $repositories, GitPresenters_AdminMassUdpdateMirroringPresenter $mirroring_presenter) { $allow_mass_update = true; parent::__construct($project_id, $allow_mass_update); $this->csrf_input = $csrf->fetchHTMLInput(); $this->manage_mass_update = true; $this->repositories = $repositories; $this->mirroring_presenter = $mirroring_presenter; }
private function updateGerritServers(Codendi_Request $request) { $request_gerrit_servers = $request->get('gerrit_servers'); if (is_array($request_gerrit_servers)) { $this->csrf->check(); $this->fetchGerritServers(); $this->updateServers($request_gerrit_servers); $GLOBALS['Response']->redirect('/plugins/git/admin/?pane=gerrit_servers_admin'); } }
public function __construct(CSRFSynchronizerToken $token, $title, $action) { $this->submit_button = $GLOBALS['Language']->getText('global', 'btn_submit'); $this->close_button = $GLOBALS['Language']->getText('global', 'btn_cancel'); $this->subject_label = $GLOBALS['Language']->getText('my_index', 'subject_label'); $this->body_label = $GLOBALS['Language']->getText('my_index', 'body_label'); $this->title = $title; $this->action = $action; $this->csrf_token = $token->fetchHTMLInput(); }
function register_valid($user_id, CSRFSynchronizerToken $csrf, EventManager $event_manager) { $request = HTTPRequest::instance(); if (!$request->isPost() || !$request->exist('Update')) { return 0; } $csrf->check(); // check against old pw $user_manager = UserManager::instance(); $user = $user_manager->getUserById($user_id); if ($user === null) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'user_not_found')); return 0; } $password_expiration_checker = new User_PasswordExpirationChecker(); $password_handler = PasswordHandlerFactory::getPasswordHandler(); $login_manager = new User_LoginManager($event_manager, $user_manager, $password_expiration_checker, $password_handler); if (!$login_manager->verifyPassword($user, $request->get('form_oldpw'))) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'incorrect_old_password')); return 0; } try { $status_manager = new User_UserStatusManager(); $status_manager->checkStatus($user); } catch (User_StatusInvalidException $exception) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'account_inactive')); return 0; } if (!$request->exist('form_pw')) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'password_needed')); return 0; } if ($request->get('form_pw') != $request->get('form_pw2')) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'password_not_match')); return 0; } if ($request->get('form_pw') === $request->get('form_oldpw')) { $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('account_change_pw', 'identical_password')); return 0; } if (!account_pwvalid($request->get('form_pw'), $errors)) { foreach ($errors as $e) { $GLOBALS['Response']->addFeedback('error', $e); } return 0; } // if we got this far, it must be good $user->setPassword($request->get('form_pw')); if (!$user_manager->updateDb($user)) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'internal_error_update')); return 0; } return 1; }
public function update() { $this->csrf->check(); $updated = false; $updated |= $this->updateAccessValue(); $updated |= $this->updateProjectAdminValue(); if ($updated) { $this->response->addFeedback(Feedback::INFO, $GLOBALS['Language']->getText('admin_main', 'successfully_updated')); } $this->redirectToIndex(); }
public function updateProject(HTTPRequest $request) { $this->checkAccess($request); $token = new CSRFSynchronizerToken('/plugins/phpwiki/admin.php?action=update_project'); $token->check(); $project_to_add = $request->get('project-to-allow'); if ($request->get('allow-project') && !empty($project_to_add)) { $this->migrateProject($project_to_add); } $GLOBALS['Response']->redirect('/plugins/phpwiki/admin.php?action=index'); }
public function displayAdminOnTop(Tracker_IDisplayTrackerLayout $layout, CSRFSynchronizerToken $token, Cardwall_OnTop_Config $config) { $column_definition_view = $config->getDashboardColumns()->accept($this, $config); $checked = $config->isEnabled() ? 'checked="checked"' : ''; $freestyle_checked = $config->isFreestyleEnabled() ? 'checked="checked"' : ''; $token_html = $token->fetchHTMLInput(); $formview = new Cardwall_View_Admin_Form($column_definition_view); $config->getTracker()->displayAdminItemHeader($layout, 'plugin_cardwall'); $formview->displayAdminForm($token_html, $checked, $freestyle_checked, $config->getTracker()->getId()); $config->getTracker()->displayFooter($layout); }
public function site_update_allowed_project_list(HTTPRequest $request) { $this->assertSiteAdmin($request); $token = new CSRFSynchronizerToken('/plugins/mediawiki/forge_admin?action=site_update_allowed_project_list'); $token->check(); $project_to_add = $request->get('project-to-allow'); if ($request->get('allow-project') && !empty($project_to_add)) { $this->allowProject($project_to_add); } $GLOBALS['Response']->redirect('/plugins/mediawiki/forge_admin?action=site_index'); }
public function process(Codendi_Request $request, Response $response, PFUser $user) { $this->checkUserIsSiteadmin($user, $response); switch ($request->get('action')) { case 'update': $this->csrf->check(); $this->controller->update($request, $response); break; default: $this->controller->index($this->csrf, $response); } }
public function __construct($project_id, CSRFSynchronizerToken $token, $subject_label, $action, $subject_content, $body_content) { $this->project_id = $project_id; $this->action = $action; $this->csrf_token = $token->fetchHTMLInput(); $this->subject_content = $subject_content; $this->body_content = $body_content; $this->title = $subject_label; $this->submit_button = $GLOBALS['Language']->getText('global', 'btn_submit'); $this->close_button = $GLOBALS['Language']->getText('global', 'btn_cancel'); $this->subject_label = $GLOBALS['Language']->getText('my_index', 'subject_label'); $this->body_label = $GLOBALS['Language']->getText('my_index', 'body_label'); }
public function updateProject(HTTPRequest $request) { $token = new CSRFSynchronizerToken('/admin/svn/svn_tokens.php?action=update_project'); $token->check(); $project_to_add = $request->get('project-to-allow'); if ($request->get('allow-project') && !empty($project_to_add)) { $this->allowSVNTokensForProject($project_to_add); } $project_ids_to_remove = $request->get('project-ids-to-revoke'); if ($request->get('revoke-project') && !empty($project_ids_to_remove)) { $this->revokeProjectsAuthorization($project_ids_to_remove); } $GLOBALS['Response']->redirect('/admin/svn/svn_tokens.php?action=index'); }
public function __construct(CSRFSynchronizerToken $csrf, $project_id, array $repositories, GitPresenters_AdminMassUdpdateMirroringPresenter $mirroring_presenter) { $allow_mass_update = true; parent::__construct($project_id, $allow_mass_update); $this->csrf_input = $csrf->fetchHTMLInput(); $this->manage_mass_update = true; $this->mirroring_presenter = $mirroring_presenter; $nb_mirrors = count($mirroring_presenter->mirror_presenters); $max_input_vars = (int) ini_get('max_input_vars'); $this->is_exceeding_max_input_vars = count($repositories) * $nb_mirrors >= $max_input_vars; if ($this->is_exceeding_max_input_vars) { $nb_to_keep = ceil($max_input_vars / ($nb_mirrors + 1)); $this->repositories = array_slice($repositories, 0, $nb_to_keep); } else { $this->repositories = $repositories; } }
public function __construct(CSRFSynchronizerToken $csrf, $title, $use_standard_homepage, array $headlines) { $this->title = $title; $this->headlines = $headlines; $this->csrf_token = $csrf->fetchHTMLInput(); $this->use_standard_homepage = $use_standard_homepage; $this->path_logo = Admin_Homepage_LogoFinder::getCurrentUrl(); $this->use_custom_logo = Admin_Homepage_LogoFinder::isCustomLogoUsed(); $this->save = $GLOBALS['Language']->getText('admin_main', 'save_conf'); $this->logo = $GLOBALS['Language']->getText('admin_main', 'homepage_logo'); $this->upload = $GLOBALS['Language']->getText('admin_main', 'homepage_upload_logo'); $this->headline = $GLOBALS['Language']->getText('admin_main', 'headline'); $this->logo_help = $GLOBALS['Language']->getText('admin_main', 'homepage_logo_help'); $this->headline_help = $GLOBALS['Language']->getText('admin_main', 'headline_help'); $this->placeholder_headline = $GLOBALS['Language']->getText('admin_main', 'placeholder_headline'); $this->use_standard_homepage_help = $GLOBALS['Language']->getText('admin_main', 'use_standard_homepage_help'); $this->use_standard_homepage_label = $GLOBALS['Language']->getText('admin_main', 'use_standard_homepage_label'); }
public function __construct(CSRFSynchronizerToken $csrf, $title, $localinc_path, TrackerPluginConfig $config) { $this->title = $title; $this->csrf_token = $csrf->fetchHTMLInput(); $this->is_insecure_emailgateway_enabled = $config->isInsecureEmailgatewayEnabled(); $this->is_token_based_emailgateway_enabled = $config->isTokenBasedEmailgatewayEnabled(); $this->is_emailgateway_disabled = $config->isEmailgatewayDisabled(); $this->email_gateway = $GLOBALS['Language']->getText('plugin_tracker_config', 'email_gateway'); $this->email_gateway_desc = $GLOBALS['Language']->getText('plugin_tracker_config', 'email_gateway_desc'); $this->disable = $GLOBALS['Language']->getText('plugin_tracker_config', 'disable'); $this->disable_desc = $GLOBALS['Language']->getText('plugin_tracker_config', 'disable_desc'); $this->token = $GLOBALS['Language']->getText('plugin_tracker_config', 'token'); $this->token_desc = $GLOBALS['Language']->getText('plugin_tracker_config', 'token_desc'); $this->insecure = $GLOBALS['Language']->getText('plugin_tracker_config', 'insecure'); $this->insecure_desc = $GLOBALS['Language']->getText('plugin_tracker_config', 'insecure_desc'); $this->save_conf = $GLOBALS['Language']->getText('admin_main', 'save_conf'); $this->is_localinc_obsolete = $this->isLocalIncObsolete($localinc_path); $this->localinc_obsolete_message = $GLOBALS['Language']->getText('plugin_tracker_config', 'localinc_obsolete_message', $localinc_path); }
public function __construct(CSRFSynchronizerToken $csrf, $title, $localinc_path, $current_access_mode, $nb_restricted_users, $ugroup_authenticated_users, $ugroup_registered_users, $project_admin_can_choose, $reverse_proxy_regexp) { $this->title = $title; $this->csrf_token = $csrf->fetchHTMLInput(); $this->localinc_path = $localinc_path; $this->current_access_mode = $current_access_mode; $this->nb_restricted_users = $nb_restricted_users; $this->reverse_proxy_regexp = $reverse_proxy_regexp; $this->project_admin_can_choose = $project_admin_can_choose; $this->is_localinc_obsolete = $this->isLocalIncObsolete(); $this->access_anonymous = $current_access_mode === ForgeAccess::ANONYMOUS; $this->access_regular = $current_access_mode === ForgeAccess::REGULAR; $this->access_restricted = $current_access_mode === ForgeAccess::RESTRICTED; $this->access_anonymous_except_reverse_proxy = $current_access_mode === ForgeAccess::ANONYMOUS && !empty($reverse_proxy_regexp); $this->btn_submit = $GLOBALS['Language']->getText('admin_main', 'save_conf'); $this->localinc_obsolete_message = $GLOBALS['Language']->getText('admin_main', 'localinc_obsolete_message', $this->localinc_path); $this->access_anonymous_label = $GLOBALS['Language']->getText('admin_main', 'access_anonymous_label'); $this->access_anonymous_desc = $GLOBALS['Language']->getText('admin_main', 'access_anonymous_desc'); $this->access_regular_label = $GLOBALS['Language']->getText('admin_main', 'access_regular_label'); $this->access_regular_desc = $GLOBALS['Language']->getText('admin_main', 'access_regular_desc'); $this->access_restricted_label = $GLOBALS['Language']->getText('admin_main', 'access_restrited_label'); $this->access_restricted_desc = $GLOBALS['Language']->getText('admin_main', 'access_restrited_desc'); $this->current_restricted_users_message = $GLOBALS['Language']->getText('admin_main', 'current_restricted_users_message', $this->nb_restricted_users); $this->access_anonymous_except_proxy_label = $GLOBALS['Language']->getText('admin_main', 'access_anonymous_except_proxy_label'); $this->access_anonymous_except_proxy_desc = $GLOBALS['Language']->getText('admin_main', 'access_anonymous_except_proxy_desc'); $this->reverse_proxy_regexp_title = $GLOBALS['Language']->getText('admin_main', 'reverse_proxy_regexp_title'); if ($ugroup_authenticated_users != false) { $this->ugroup_authenticated_users = $ugroup_authenticated_users; } if ($ugroup_registered_users != false) { $this->ugroup_registered_users = $ugroup_registered_users; } $this->ugroup_authenticated_users_placeholder = $GLOBALS['Language']->getText('admin_main', 'ugroup_authenticated_users_placeholder', array(ForgeConfig::get('sys_org_name'))); $this->ugroup_registered_users_placeholder = $GLOBALS['Language']->getText('admin_main', 'ugroup_registered_users_placeholder', array(ForgeConfig::get('sys_org_name'))); $this->ugroup_authenticated_users_label = $GLOBALS['Language']->getText('admin_main', 'ugroup_authenticated_users_label'); $this->ugroup_registered_users_label = $GLOBALS['Language']->getText('admin_main', 'ugroup_registered_users_label'); $this->customize_ugroups_label_info = $GLOBALS['Language']->getText('admin_main', 'customize_ugroups_label_info'); $this->who_can_access = $GLOBALS['Language']->getText('admin_main', 'who_can_access'); $this->projects_visibility = $GLOBALS['Language']->getText('admin_main', 'projects_visibility'); $this->projects_visibility_label = $GLOBALS['Language']->getText('admin_main', 'projects_visibility_label'); $this->projects_visibility_help = $GLOBALS['Language']->getText('admin_main', 'projects_visibility_help'); }
public function update() { $this->csrf->check(); if ($this->request->get('use_standard_homepage')) { $this->dao->useStandardHomepage(); } else { $this->dao->doNotUseStandardHomepage(); } $headlines = $this->request->get('headlines'); if (is_array($headlines)) { $this->dao->save($headlines); } if ($this->request->get('remove_custom_logo')) { $this->removeCustomLogo(); } $this->moveUploadedLogo(); if (!$this->response->feedbackHasWarningsOrErrors()) { $this->response->addFeedback(Feedback::INFO, $GLOBALS['Language']->getText('admin_main', 'successfully_updated')); } $this->redirectToIndex(); }
private function deleteMirror(Codendi_Request $request) { try { $this->csrf->check(); $id = $request->get('mirror_id'); $delete = $this->git_mirror_mapper->delete($id); if (!$delete) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_git', 'admin_mirror_cannot_delete')); } } catch (Git_Mirror_MirrorNotFoundException $e) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('plugin_git', 'admin_mirror_cannot_delete')); } $GLOBALS['Response']->redirect('/plugins/git/admin/?pane=mirrors_admin'); }
/** * @return string */ public function getDeprecatedMessage() { if ($this->user->getPreference(PFUser::PREFERENCE_DISABLE_IE7_WARNING)) { return; } $warning_message = $GLOBALS['Language']->getText('include_browser', 'ie7_deprecated'); if ($this->user->isAnonymous()) { return $warning_message; } $url = '/account/disable_ie7_warning.php'; $csrf = new CSRFSynchronizerToken($url); $form = '<form action="' . $url . '" method="POST" style="margin: 0">'; $form .= $csrf->fetchHTMLInput(); $form .= $warning_message; $form .= '<button type="submit" class="btn btn-small btn-inverse" > ' . $GLOBALS['Language']->getText('include_browser', 'ie7_deprecated_button') . ' </button> </form>'; return $form; }
} else { $result = $dao->listAllUsersForGroup($group_id, $offset, $limit); } /* * Show list of users */ $HTML->header(array('title' => $Language->getText('admin_userlist', 'title'))); echo "<p>"; echo $Language->getText('admin_userlist', 'user_list') . ": "; if (!$group_id) { echo "<strong>" . $Language->getText('admin_userlist', 'all_groups') . "</strong>"; echo '</p>'; $session_dao = new SessionDao(); echo '<p>'; echo '<form action="/admin/sessions.php" method="post">'; $csrf = new CSRFSynchronizerToken('/admin/sessions.php'); echo $csrf->fetchHTMLInput(); echo $Language->getText('admin_userlist', 'active_sessions', $session_dao->count()); echo '</form>'; } else { $pm = ProjectManager::instance(); echo "<strong>" . $Language->getText('admin_userlist', 'group', array($pm->getProject($group_id)->getPublicName())) . "</strong>"; } /* * Add search field */ $hp = Codendi_HTMLPurifier::instance(); $user_name_search_purify = $hp->purify($user_name_search); $search_purify = $hp->purify($Language->getText('admin_main', 'search')); echo '<form name="usersrch" action="userlist.php" method="get" class="form-horizontal"> <table>
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with Tuleap. If not, see <http://www.gnu.org/licenses/>. */ require_once 'pre.php'; require_once 'account.php'; require_once 'common/include/CSRFSynchronizerToken.class.php'; require_once 'common/include/lib/Upload.class.php'; $user_manager = UserManager::instance(); $user = $user_manager->getCurrentUser(); if ($user->isAnonymous()) { session_redirect("/account/"); } $csrf = new CSRFSynchronizerToken('/account/change_avatar.php'); if (isset($_FILES['avatar'])) { $handle = new Upload($_FILES['avatar']); $handle->image_resize = true; $handle->image_ratio_crop = 'L'; $handle->image_y = 50; $handle->image_x = 50; $handle->image_background_color = '#FFFFFF'; $handle->image_convert = 'png'; $handle->file_new_name_body = 'avatar'; $handle->file_safe_name = false; $handle->file_force_extension = false; $handle->file_new_name_ext = ''; $handle->allowed = 'image/*'; $handle->file_overwrite = true; if ($handle->uploaded && Config::get('sys_enable_avatars', true)) {
$em = EventManager::instance(); $um = UserManager::instance(); $user = $um->getCurrentUser(); $third_paty_html = ''; $can_change_password = true; $can_change_realname = true; $can_change_email = true; $extra_user_info = array(); $ssh_keys_extra_html = ''; $em->processEvent(Event::MANAGE_THIRD_PARTY_APPS, array('user' => $user, 'html' => &$third_paty_html)); $em->processEvent('display_change_password', array('allow' => &$can_change_password)); $em->processEvent('display_change_realname', array('allow' => &$can_change_realname)); $em->processEvent('display_change_email', array('allow' => &$can_change_email)); $em->processEvent('account_pi_entry', array('user' => $user, 'user_info' => &$extra_user_info)); $em->processEvent(Event::LIST_SSH_KEYS, array('user' => $user, 'html' => &$ssh_keys_extra_html)); $csrf = new CSRFSynchronizerToken('/account/index.php'); $mail_manager = new MailManager(); $tracker_formats = array(); foreach ($mail_manager->getAllMailFormats() as $format) { $tracker_formats[] = array('format' => $format, 'is_selected' => $format === $mail_manager->getMailPreferencesByUser($user)); } $all_themes = array(); $themes = util_get_theme_list(); natcasesort($themes); foreach ($themes as $theme) { $is_default = $theme === $GLOBALS['sys_themedefault']; $is_selected = $is_default; if ($user->getTheme()) { $is_selected = $theme === $user->getTheme(); } $all_themes[] = array('theme_name' => $theme, 'is_selected' => $is_selected, 'is_default' => $is_default);
protected function forkRepositories() { $params = $this->getData(); $this->_getBreadCrumb(); echo '<h2>' . $this->getText('fork_repositories') . '</h2>'; echo $this->getText('fork_repositories_desc'); if (!empty($params['repository_list'])) { echo '<form action="" method="POST">'; echo '<input type="hidden" name="group_id" value="' . (int) $this->groupId . '" />'; echo '<input type="hidden" name="action" value="do_fork_repositories" />'; $token = new CSRFSynchronizerToken('/plugins/git/?group_id=' . (int) $this->groupId . '&action=fork_repositories'); echo $token->fetchHTMLInput(); echo '<table id="fork_repositories" cellspacing="0">'; echo '<thead>'; echo '<tr valign="top">'; echo '<td class="first">'; echo '<label style="font-weight: bold;">' . $this->getText('fork_repositories_select') . '</label>'; echo '</td>'; echo '<td>'; echo '<label style="font-weight: bold;">' . $this->getText('fork_destination_project') . '</label>'; echo '</td>'; echo '<td>'; echo '<label style="font-weight: bold;">' . $this->getText('fork_repositories_path') . '</label>'; echo '</td>'; echo '<td class="last"> </td>'; echo '</tr>'; echo '</thead>'; echo '<tbody><tr valign="top">'; echo '<td class="first">'; $strategy = new GitViewsRepositoriesTraversalStrategy_Selectbox($this); echo $strategy->fetch($params['repository_list'], $this->user); echo '</td>'; echo '<td>'; echo '<div> <input id="choose_personal" type="radio" name="choose_destination" value="personal" checked="true" /> <label for="choose_personal">' . $this->getText('fork_choose_destination_personal') . '</label> </div>'; echo $this->fetchCopyToAnotherProject(); echo '</td>'; echo '<td>'; $placeholder = $this->getText('fork_repositories_placeholder'); echo '<input type="text" title="' . $placeholder . '" placeholder="' . $placeholder . '" id="fork_repositories_path" name="path" />'; echo '<input type="hidden" id="fork_repositories_prefix" value="u/' . $this->user->getName() . '" />'; echo '</td>'; echo '<td class="last">'; echo '<input type="submit" value="' . $this->getText('fork_repositories') . '" />'; echo '</td>'; echo '</tr></tbody></table>'; echo '</form>'; } echo '<br />'; }
/** * Compute a html table to display the status of the last n events * * @param int $offset the offset of the pagination * @param int $limit the number of event to includ in the table * @param boolean $full display a full table or only a summary * @param array $filter_status the filter on status * @param array $filter_type the filter on type * @param CSRFSynchronizerToken $csrf The token to use to build actions on events * * @return string html */ public function fetchLastEventsStatus($offset = 0, $limit = 10, $full = false, $filter_status = false, $filter_type = false, CSRFSynchronizerToken $csrf = null, $queue = null) { $hp = Codendi_HTMLPurifier::instance(); $html = ''; $classname = 'table table-striped'; if ($full) { $classname .= ' table-hover table-bordered'; } else { $classname .= ' table-condensed'; } $html .= '<table class="' . $classname . '">'; if ($full) { $html .= '<thead><tr>'; $html .= '<th>' . 'id' . '</td>'; $html .= '<th>' . 'type' . '</td>'; $html .= '<th>' . 'owner' . '</td>'; $html .= '<th>' . 'status' . '</th>'; $html .= '<th>' . 'priority' . '</th>'; $html .= '<th>' . 'parameters' . '</th>'; $html .= '<th>' . 'create_date' . '</th>'; $html .= '<th>' . 'process_date' . '</th>'; $html .= '<th>' . 'end_date' . '</th>'; $html .= '<th>' . 'log' . '</th>'; $html .= '<th>' . 'actions' . '</th>'; $html .= '</tr></thead>'; } $html .= '<tbody>'; $replay_action_params = array(); if ($csrf) { $replay_action_params[$csrf->getTokenName()] = $csrf->getToken(); } if (!$filter_status) { $filter_status = array(SystemEvent::STATUS_NEW, SystemEvent::STATUS_RUNNING, SystemEvent::STATUS_DONE, SystemEvent::STATUS_WARNING, SystemEvent::STATUS_ERROR); } if ($queue) { $allowed_types = $this->getTypesForQueue($queue); } else { $allowed_types = $this->getTypesForQueue(SystemEvent::DEFAULT_QUEUE); } if ($filter_type) { $filter_type = array_intersect($filter_type, $allowed_types); } else { $filter_type = $allowed_types; } $events = $this->dao->searchLastEvents($offset, $limit, $filter_status, $filter_type); list(, $num_total_rows) = each($this->dao->retrieve("SELECT FOUND_ROWS() AS nb")->getRow()); foreach ($events as $row) { if ($sysevent = $this->getInstanceFromRow($row)) { $html .= '<tr>'; //id $html .= '<td>' . $sysevent->getId() . '</td>'; //name of the event $html .= '<td>' . $sysevent->getType() . '</td>'; $html .= '<td>' . $sysevent->getOwner() . '</td>'; //status $html .= '<td class="system_event_status_' . $row['status'] . '"'; if ($sysevent->getLog()) { $html .= ' title="' . $hp->purify($sysevent->getLog(), CODENDI_PURIFIER_CONVERT_HTML) . '" '; } $html .= '>'; $html .= $sysevent->getStatus(); $html .= '</td>'; if ($full) { $replay_link = ''; if ($sysevent->getStatus() == SystemEvent::STATUS_ERROR) { $replay_action_params['replay'] = $sysevent->getId(); $replay_link .= '<a href="/admin/system_events/?' . ($queue !== SystemEvent::DEFAULT_QUEUE ? 'queue=' . $queue . '&' : '') . http_build_query($replay_action_params) . '" title="Replay this event">'; $replay_link .= $GLOBALS['HTML']->getImage('ic/arrow-circle.png'); $replay_link .= '</a>'; } $html .= '<td style="text-align:center">' . $sysevent->getPriority() . '</td>'; $html .= '<td>' . $sysevent->verbalizeParameters(true) . '</td>'; $html .= '<td>' . $sysevent->getCreateDate() . '</td>'; $html .= '<td>' . $sysevent->getProcessDate() . '</td>'; $html .= '<td>' . $sysevent->getEndDate() . '</td>'; $html .= '<td>' . nl2br($sysevent->getLog()) . '</td>'; $html .= '<td>' . $replay_link . '</td>'; } $html .= '</tr>'; } } $html .= '</tbody></table>'; if ($full) { //Pagination $nb_of_pages = ceil($num_total_rows / $limit); $current_page = round($offset / $limit); $html .= '<div class="pagination"><ul>'; $width = 10; for ($i = 0; $i < $nb_of_pages; ++$i) { if ($i == 0 || $i == $nb_of_pages - 1 || $current_page - $width / 2 <= $i && $i <= $width / 2 + $current_page) { $class = ''; if ($i == $current_page) { $class = 'class="active"'; } $html .= '<li ' . $class . '>'; $html .= '<a href="?' . http_build_query(array('offset' => (int) ($i * $limit), 'filter_status' => $filter_status, 'filter_type' => $filter_type, 'queue' => $queue)) . '">'; $html .= $i + 1; $html .= '</a>'; $html .= '</li>'; } else { if ($current_page - $width / 2 - 1 == $i || $current_page + $width / 2 + 1 == $i) { $html .= '<li class="disabled">'; $html .= '<a href="#">...</a>'; $html .= '<li>'; } } } $html .= '</ul></div>'; } return $html; }
public function update_allowed_projects_action_csrf() { $csrf = new CSRFSynchronizerToken($this->update_allowed_projects_action()); return $csrf->fetchHTMLInput(); }
require_once 'common/user/GenericUserFactory.class.php'; require_once 'common/include/CSRFSynchronizerToken.class.php'; // Valid group id $valid_groupid = new Valid_GroupId(); $valid_groupid->required(); if (!$request->valid($valid_groupid)) { exit_error($Language->getText('project_admin_index', 'invalid_p'), $Language->getText('project_admin_index', 'p_not_found')); } $group_id = $request->get('group_id'); //must be a project admin session_require(array('group' => $group_id, 'admin_flags' => 'A')); $user_manager = UserManager::instance(); $generic_user_factory = new GenericUserFactory($user_manager, ProjectManager::instance(), new GenericUserDao()); $generic_user = $generic_user_factory->fetch($group_id); $redirect_url = '/project/admin/editgenericmember.php?group_id=' . (int) $group_id; $token = new CSRFSynchronizerToken($redirect_url); if ($request->get('update_generic_user')) { $token->check(); $password = $request->getValidated('password'); $email = $request->getValidated('email'); if ($password) { $generic_user->setPassword($password); } $generic_user->setEmail($email); if ($user_manager->updateDb($generic_user)) { $GLOBALS['Response']->addFeedback('info', $Language->getText('project_admin', 'generic_member_updated')); } else { $GLOBALS['Response']->addFeedback('warning', $Language->getText('project_admin', 'generic_member_not_changed')); } $GLOBALS['HTML']->redirect($redirect_url); }
* * You should have received a copy of the GNU General Public License * along with Tuleap. If not, see <http://www.gnu.org/licenses/>. */ require_once 'pre.php'; require_once 'utils.php'; require_once 'common/include/CookieManager.class.php'; require_once 'common/include/CSRFSynchronizerToken.class.php'; $cookie_manager = new CookieManager(); $user = UserManager::instance()->getCurrentUser(); // // Validate params // session_require(array('isloggedin' => 1)); $request = HTTPRequest::instance(); $csrf = new CSRFSynchronizerToken('/account/index.php'); $csrf->check(); $form_mail_site = 0; if ($request->existAndNonEmpty('form_mail_site')) { if ($request->valid(new Valid_WhiteList('form_mail_site', array(0, 1)))) { $form_mail_site = (int) $request->get('form_mail_site'); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_preferences', 'error_form_mail_site')); } } $form_mail_va = 0; if ($request->existAndNonEmpty('form_mail_va')) { if ($request->valid(new Valid_WhiteList('form_mail_va', array(0, 1)))) { $form_mail_va = (int) $request->get('form_mail_va'); } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_preferences', 'error_form_mail_va'));
$value = $cell['value']; } if (isset($cell['html_attrs'])) { $htmlattrs = ' ' . $cell['html_attrs']; } } else { $value = $cell; } echo ' <td>' . $value . "</td>\n"; } echo "</tr>\n"; } $em = EventManager::instance(); $request = HTTPRequest::instance(); $group_id = $request->getValidated('group_id', 'GroupId', 0); $csrf = new CSRFSynchronizerToken('/project/admin/ugroup.php'); session_require(array('group' => $group_id, 'admin_flags' => 'A')); if ($request->existAndNonEmpty('func')) { $ugroup_id = $request->getValidated('ugroup_id', 'UInt', 0); switch ($request->get('func')) { case 'delete': $csrf->check(); ugroup_delete($group_id, $ugroup_id); break; case 'do_update': $name = $request->getValidated('ugroup_name', 'String', ''); $desc = $request->getValidated('ugroup_description', 'String', ''); ugroup_update($group_id, $ugroup_id, $name, $desc); break; } $GLOBALS['Response']->redirect('/project/admin/ugroup.php?group_id=' . $group_id);
$vId = new Valid_UInt('bookmark_id'); $vId->setErrorMessage('bookmark_id is required'); $vId->required(); if (!$request->valid($vId)) { $GLOBALS['Response']->redirect('/my'); } else { $bookmark_id = (int) $request->get('bookmark_id'); } $vUrl = new Valid_String('bookmark_url'); $vUrl->setErrorMessage('Url is required'); $vUrl->required(); $vTitle = new Valid_String('bookmark_title'); $vTitle->setErrorMessage('Title is required'); $vTitle->required(); $bookmark_url_id = '/my/bookmark_edit.php?bookmark_id=' . $bookmark_id; $csrf_token = new CSRFSynchronizerToken($bookmark_url_id); if ($request->isPost() && $request->valid($vUrl) && $request->valid($vTitle)) { $csrf_token->check(); $bookmark_url = $request->get('bookmark_url'); $bookmark_title = $request->get('bookmark_title'); my_check_bookmark_URL($bookmark_url, $bookmark_url_id); bookmark_edit($bookmark_id, $bookmark_url, $bookmark_title); $GLOBALS['Response']->redirect('/my'); } $purifier = Codendi_HTMLPurifier::instance(); $HTML->header(array("title" => $Language->getText('bookmark_edit', 'title'))); print "<H3>" . $Language->getText('bookmark_edit', 'title') . "</H3>\n"; $result = db_query("SELECT * from user_bookmarks where " . "bookmark_id=" . db_ei($bookmark_id) . " and user_id=" . db_ei(user_getid())); if ($result) { $bookmark_url = db_result($result, 0, 'bookmark_url'); $bookmark_title = db_result($result, 0, 'bookmark_title');
print '<BR><A href="/projects/' . urlencode($row_cat['unix_group_name']) . '/">' . $hp->purify($row_cat['group_name']) . "</A>\n"; } print "</ul>"; } // end if groups $HTML->box1_bottom(); ?> </TD></TR> <TR> <TD> <?php if (user_isloggedin()) { $csrf_token = new CSRFSynchronizerToken('sendmessage.php'); $HTML->box1_top($Language->getText('include_user_home', 'send_message_to') . ' ' . $hp->purify($user->getRealName(), CODENDI_PURIFIER_CONVERT_HTML)); echo ' <FORM ACTION="/sendmessage.php" METHOD="POST"> <INPUT TYPE="HIDDEN" NAME="touser" VALUE="' . $user->getId() . '">'; echo $csrf_token->fetchHTMLInput(); $my_name = $hp->purify(user_getrealname(user_getid())); $cc = isset($_REQUEST['cc']) ? $hp->purify(trim($_REQUEST['cc'])) : ""; echo ' <div> <script type="text/javascript" src="/scripts/blocks.js"></script> <script type="text/javascript"> function addCCField() { hideBlock("cc_link"); showBlock("cc_field"); }