Ignore:
Timestamp:
02/28/08 15:19:38 (4 years ago)
Author:
hverton
Message:

Added security to the SVN module\ncompleted the Trac-to-CMS user mapping

File:
1 edited

Legend:

Unmodified
Added
Removed

  • modules/ExiteCMS/tracsvn/php-files/modules/tracsvn/tracsvn_include.php

    r1320 r1324  
    3939function tracsvn_wiki2html($text) { 
    4040 
    41     // get rid of double line breaks 
    42     $text = str_replace("[[BR]]\r\n", "", $text); 
     41    // get rid of trailing whitespace 
     42    $text = rtrim($text); 
    4343    // bullit implies line break 
    44     $text = str_replace("\r\*", "\*", $text); 
     44    $text = str_replace("\r\n*", "*", $text); 
     45    $text = str_replace("[[BR]]*", "*", $text); 
    4546    // bullet lists 
     47    $text = str_replace("\r\n *", "<br />*", $text); 
    4648    $text = preg_replace("/\*\s(.*?)(\w)/i", "&bull; \\1\\2", $text); 
    47     // line breaks 
    48     $text = str_replace("\r\n", "<br />", $text); 
     49    // convert linebreaks 
     50    if (FUSION_SELF == "trac.php") { 
     51        $text = str_replace("\r\n", "<br />", $text); 
     52        $text = str_replace("\n", "<br />", $text); 
     53    } else { 
     54        $text = str_replace("\r\n", "<br /><img src='".THEME."images/bullet.gif' alt=\"\" /> ", $text); 
     55        $text = str_replace("\n", "<br /><img src='".THEME."images/bullet.gif' alt=\"\" /> ", $text); 
     56    } 
     57    // forced line breaks 
     58    $text = str_replace("[[BR]]", "<br />", $text); 
    4959    // strike-through 
    5060    $text = preg_replace("/~~(.*?)~~/si", "<span style='text-decoration:line-through;'>\\1</span>", $text); 
     
    7181        $text = preg_replace("/#([0-9]+)/si", "#<a href='trac.php?step=ticket&amp;id=\\1' title=''>\\1</a>", $text); 
    7282    } 
     83    $text = preg_replace("/rev. ([0-9]+)/i", "rev. <a href='svn.php?rev=\\1' title=''>\\1</a>", $text); 
    7384     
    7485    // return the converted text     
     
    8293     
    8394    // validate the parameter 
    84     if (!empty($tracname) && !is_string($tracname)) { 
     95    if (!empty($tracname) && is_string($tracname)) { 
    8596        // translate Trac/SVN users to ExiteCMS users if needed 
    86         $result = dbquery("SELECT u.user_name FROM ".$db_prefix."users u, ".$db_prefix."tracsvn_alias t WHERE t.tracsvn_userid = u.user_id AND t.tracsvn_username = '$tracname' LIMIT 1");  
     97        $result = dbquery("SELECT u.user_id, u.user_name FROM ".$db_prefix."users u, ".$db_prefix."tracsvn_alias t WHERE t.tracsvn_userid = u.user_id AND t.tracsvn_username = '$tracname' LIMIT 1");  
    8798        if (dbrows($result)) { 
    88             $data = dbarray($result); 
    89             $tracname = $data['user_name']; 
    90         } 
    91     } 
    92  
    93     // test code!!! 
    94     if ($tracname == "hverton") $tracname = "WanWizard"; 
    95     if ($tracname == "root") $tracname = "Webmaster"; 
    96      
     99            $tracname = dbarray($result); 
     100        } 
     101    } 
     102    // not found? maybe there's a direct link with a member 
     103    if (!is_array($tracname)) { 
     104        // check the users table 
     105        $result = dbquery("SELECT user_id, user_name FROM ".$db_prefix."users WHERE user_name = '$tracname' LIMIT 1");  
     106        if (dbrows($result)) { 
     107            $tracname = dbarray($result); 
     108        } 
     109    } 
     110 
     111    // still not found? Use the tracname 
     112    if (!is_array($tracname)) { 
     113        $tracname = array('user_id' => '0', 'user_name' => $tracname); 
     114    } 
     115         
    97116    return $tracname; 
    98117} 
Note: See TracChangeset for help on using the changeset viewer.