[AppDB] Re: appdb/include filter.php

Jonathan Ernst jonathan at ernstfamily.ch
Fri Jul 7 02:01:34 CDT 2006 

Le jeudi 06 juillet 2006 à 23:49 -0500, WineHQ a écrit :
> ChangeSet ID:	26258
> CVSROOT:	/opt/cvs-commit
> Module name:	appdb
> Changes by:	wineowner at winehq.org	2006/07/06 23:49:32
> 
> Modified files:
> 	include        : filter.php 
> 
> Log message:
> 	Tony Lambregts <tony.lambregts at gmail.com>
> 	filter_gpc() should ignore any bugzilla parameters to avoid errors when these cookies are set
> 
> Patch: http://cvs.winehq.org/patch.py?id=26258
> 
> Old revision  New revision  Changes     Path
>  1.3           1.4           +12 -1      appdb/include/filter.php
> 
> Index: appdb/include/filter.php
> diff -u -p appdb/include/filter.php:1.3 appdb/include/filter.php:1.4
> --- appdb/include/filter.php:1.3	7 Jul 2006  4:49:32 -0000
> +++ appdb/include/filter.php	7 Jul 2006  4:49:32 -0000
> @@ -42,8 +42,19 @@ function filter_gpc()
>                      util_show_error_page_and_exit("Fatal error: ".$aKeys[$i]." should be an array.");
>              break;
>              default:
> -                if($aKeys[$i]!="whq_appdb" && $aKeys[$i]!="MAX_FILE_SIZE") // whq_appdb is the name of the session cookie
> +                if($aKeys[$i]!="whq_appdb" && // don't filter the appdb session cookie
> +
> +                   // or any bugzilla cookies
> +                   $aKeys[$i]!="BUGLIST" &&
> +                   $aKeys[$i]!="DEFAULTFORMAT" &&
> +                   $aKeys[$i]!="Bugzilla_login" &&
> +                   $aKeys[$i]!="LASTORDER" &&
> +                   $aKeys[$i]!="Bugzilla_logincookie" &&
> +                   $aKeys[$i]!="DEFAULTFORMAT" &&
> +                   $aKeys[$i]!="MAX_FILE_SIZE")

These cookies cannot be accessible in the real AppDB as bugzilla and
AppDB are in separate hosts... I don't think this patch makes any sense
in AppDB.

A better fix would be to don't clear $_COOKIES in filter.php and have a
unit test that checks that $_COOKIES is not used anywhere in the code
(only in filter.php).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message
	=?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
Url : http://www.winehq.org/pipermail/wine-devel/attachments/20060707/9babc0d9/attachment.pgp

More information about the wine-devel mailing list