Fix a vicious bug hidden by another bug when a banned user

try to authenticate by cookie.

 classes/platal.php           |    4 ++--
 classes/plmailer.php         |    3 +--
 include/xorg.inc.php         |    3 ++-
 include/xorg.misc.inc.php    |    2 +-
 include/xorg/session.inc.php |   10 ++++++++++
 5 files changed, 16 insertions(+), 6 deletions(-)

git-svn-id: svn+ssh://murphy/home/svn/platal/trunk@1929 839d8a87-29fc-0310-9880-83ba4fa771e5

diff --git a/classes/platal.php b/classes/platal.php
index 620f217..f97f5e9 100644 (file)
--- a/classes/platal.php
+++ b/classes/platal.php
@@ -199,8 +199,8 @@ class Platal
             http_redirect('https://' . $globals->core->secure_domain . $_SERVER['REQUEST_URI']);
         }
 
-        $args    = $this->argv;
-        $args[0] = &$page;
+        $args    =  $this->argv;
+        $args[0] =& $page;
 
         if ($hook['auth'] > S::v('auth', AUTH_PUBLIC)) {
             if ($hook['type'] & DO_AUTH) {

diff --git a/classes/plmailer.php b/classes/plmailer.php
index 15b9705..0377d80 100644 (file)
--- a/classes/plmailer.php
+++ b/classes/plmailer.php
@@ -260,10 +260,9 @@ class PlMailer extends Mail_Mime {
     {
         $this->wiki = $wiki;
     }
-    
+
     private function processPage($with_html = true)
     {
-        $level = error_reporting(0);
         if (!is_null($this->page)) {
             $level = error_reporting(0);
             $this->page->run('head'); // process page headers

diff --git a/include/xorg.inc.php b/include/xorg.inc.php
index f37d2a7..e0ca4bb 100644 (file)
--- a/include/xorg.inc.php
+++ b/include/xorg.inc.php
@@ -23,7 +23,6 @@ require_once('platal.inc.php');
 require_once('globals.inc.php');
 require_once('xorg/session.inc.php');
 $globals = new PlatalGlobals('XorgSession');
-XorgSession::init();
 
 // {{{ class XorgPage
 
@@ -59,5 +58,7 @@ function new_skinned_page($tpl_name)
     }
 }
 
+XorgSession::init();
+
 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
 ?>

diff --git a/include/xorg.misc.inc.php b/include/xorg.misc.inc.php
index 235d5bc..1a22f22 100644 (file)
--- a/include/xorg.misc.inc.php
+++ b/include/xorg.misc.inc.php
@@ -298,7 +298,7 @@ function send_warning_mail($title)
     $mailer->setSubject("[Plat/al Security Alert] $title");
     $mailer->setTxtBody("Identifiants de session :\n" . var_export($_SESSION, true) . "\n\n"
         ."Identifiants de connexion :\n" . var_export($_SERVER, true));
-    $mailer->send(); 
+    $mailer->send();
 }
 
 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:

diff --git a/include/xorg/session.inc.php b/include/xorg/session.inc.php
index 3a251f9..265d2c0 100644 (file)
--- a/include/xorg/session.inc.php
+++ b/include/xorg/session.inc.php
@@ -280,10 +280,20 @@ function start_connexion ($uid, $identified)
         if (check_ip('ban')) {
             send_warning_mail($mail_subject);
             $_SESSION = array();
+            $_SESSION['perms'] = new FlagSet();
             global $page;
+            $newpage = false;
+            if (!$page) {
+                require_once 'xorg.inc.php';
+                new_skinned_page('platal/index.tpl');
+                $newpage = true;
+            }
             $page->trig("Une erreur est survenue lors de la procédure d'authentification. "
                        ."Merci de contacter au plus vite "
                        ."<a href='mailto:support@polytechnique.org'>support@polytechnique.org</a>");
+            if ($newpage) {
+                $page->run();
+            }
             return false;
         }
     }