projects
/
platal.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
In survey results, clusters all empty comments for free text
[platal.git]
/
include
/
security.inc.php
diff --git
a/include/security.inc.php
b/include/security.inc.php
index
e0b1d14
..
3def558
100644
(file)
--- a/
include/security.inc.php
+++ b/
include/security.inc.php
@@
-1,6
+1,6
@@
<?php
/***************************************************************************
<?php
/***************************************************************************
- * Copyright (C) 2003-20
08
Polytechnique.org *
+ * Copyright (C) 2003-20
10
Polytechnique.org *
* http://opensource.polytechnique.org/ *
* *
* This program is free software; you can redistribute it and/or modify *
* http://opensource.polytechnique.org/ *
* *
* This program is free software; you can redistribute it and/or modify *
@@
-34,8
+34,13
@@
function check_ip($level)
$ips = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
}
$ips[] = $_SERVER['REMOTE_ADDR'];
$ips = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
}
$ips[] = $_SERVER['REMOTE_ADDR'];
- foreach ($ips as &$ip) {
- $ip = '(ip & mask) = (' . ip_to_uint($ip) . '& mask)';
+ foreach ($ips as $key=>$ip) {
+ $v = ip_to_uint($ip);
+ if (is_null($v)) {
+ unset($ips[$key]);
+ } else {
+ $ips[$key] = '(ip & mask) = (' . $v . '& mask)';
+ }
}
$res = XDB::query('SELECT state, description
FROM ip_watch
}
$res = XDB::query('SELECT state, description
FROM ip_watch
@@
-62,7
+67,7
@@
function check_ip($level)
function check_email($email, $message)
{
$res = XDB::query("SELECT state, description
function check_email($email, $message)
{
$res = XDB::query("SELECT state, description
- FROM email
s
_watch
+ FROM email_watch
WHERE state != 'safe' AND email = {?}", $email);
if ($res->numRows()) {
send_warning_mail($message);
WHERE state != 'safe' AND email = {?}", $email);
if ($res->numRows()) {
send_warning_mail($message);
@@
-80,7
+85,8
@@
function check_redirect($red = null)
{
require_once 'emails.inc.php';
if (is_null($red)) {
{
require_once 'emails.inc.php';
if (is_null($red)) {
- $red = new Redirect(S::v('uid'));
+ $user = S::user();
+ $red = new Redirect($user);
}
if ($red->get_uid() == S::v('uid')) {
$_SESSION['no_redirect'] = !$red->other_active('');
}
if ($red->get_uid() == S::v('uid')) {
$_SESSION['no_redirect'] = !$red->other_active('');
@@
-102,7
+108,7
@@
function send_warning_mail($title)
function kill_sessions()
{
function kill_sessions()
{
- assert(S::
has_perms
());
+ assert(S::
admin
());
shell_exec('sudo -u root ' . dirname(dirname(__FILE__)) . '/bin/kill_sessions.sh');
}
shell_exec('sudo -u root ' . dirname(dirname(__FILE__)) . '/bin/kill_sessions.sh');
}