Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate
--- a/includes/clientside/static/paginate.js Sun Aug 19 16:22:04 2007 -0400
+++ b/includes/clientside/static/paginate.js Sat Aug 25 12:11:31 2007 -0400
@@ -193,8 +193,12 @@
}
+var __paginateLock = false;
+
function jspaginator_goto(pagin_id, jump_to)
{
+ if ( __paginateLock )
+ return false;
var theobj = pagin_objects[pagin_id];
var current_div = false;
var new_div = false;
@@ -239,6 +243,7 @@
}
else
{
+ __paginateLock = true;
var fade_time = 375;
var code = 'var old = \'' + current_div.id + '\';';
code += 'var newer = \'' + new_div.id + '\';';
@@ -246,6 +251,7 @@
code += 'changeOpac(0, newer);';
code += 'document.getElementById(newer).style.display = "block";';
code += 'opacity(newer, 0, 100, '+fade_time+');';
+ code += '__paginateLock = false;';
// if ( window.console )
// window.console.debug('metacode for fader: ', code);
opacity(current_div.id, 100, 0, fade_time);
--- a/includes/constants.php Sun Aug 19 16:22:04 2007 -0400
+++ b/includes/constants.php Sat Aug 25 12:11:31 2007 -0400
@@ -92,7 +92,9 @@
// Security
-define('AES_BITS', 192); // AES cipher strength - defaults to 192 and cannot be changed after installation
+// AES cipher strength - defaults to 192 and cannot be changed after installation.
+// This can be 128, 192, or 256.
+define('AES_BITS', 192);
// Define this to enable Mcrypt support which makes encryption work faster. This is only triggered if Mcrypt support is detected.
// THIS IS DISABLED BECAUSE MCRYPT DOES NOT SEEM TO SUPPORT THE AES BLOCK SIZES THAT ENANO USES.
--- a/includes/template.php Sun Aug 19 16:22:04 2007 -0400
+++ b/includes/template.php Sat Aug 25 12:11:31 2007 -0400
@@ -1682,7 +1682,14 @@
$dbg = 'Time: '.$f.'s | Queries: '.$nq;
$t = $this->process_template('footer.tpl');
$t = str_replace('[[Stats]]', $dbg, $t);
- $t = str_replace('[[NumQueries]]', (string)$db->num_queries, $t);
+ if ( is_object($db) )
+ {
+ $t = str_replace('[[NumQueries]]', (string)$db->num_queries, $t);
+ }
+ else
+ {
+ $t = str_replace('[[NumQueries]]', '0', $t);
+ }
$t = str_replace('[[GenTime]]', (string)$f, $t);
echo $t;
--- a/install.php Sun Aug 19 16:22:04 2007 -0400
+++ b/install.php Sat Aug 25 12:11:31 2007 -0400
@@ -216,8 +216,8 @@
is enabled, an attacker can run arbitrary code on your server! Enabling this will also allow administrators to
embed Javascript and arbitrary HTML and CSS.</p>
<p>If you don\'t have experience coding in PHP, you can safely disable this option. You may change this at any time
- using the ACL editor by selecting the Administrators group and This Entire Website under the scope selection, or by
- using the "embedded PHP kill switch" in the administration panel.</p>';
+ using the ACL editor by selecting the Administrators group and This Entire Website under the scope selection. <!-- , or by
+ using the "embedded PHP kill switch" in the administration panel. --></p>';
break;
default:
$title = 'Invalid topic';
@@ -759,7 +759,7 @@
{
var frm = document.forms.login;
ret = true;
- if(frm.admin_user.value.match(/^([A-z0-9 \-\.]+)$/g))
+ if ( frm.admin_user.value.match(/^([A-z0-9 \-\.]+)$/g) && !frm.admin_user.value.match(/^(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])$/) && frm.admin_user.value.toLowerCase() != 'anonymous' )
{
document.getElementById('s_user').src = 'images/good.gif';
}
@@ -806,7 +806,7 @@
?>
<p>Next, enter your desired username and password. The account you create here will be used to administer your site.</p>
<table border="0">
- <tr><td><b>Administration username</b><br />The administration username you will use to log into your site.</td><td><input onkeyup="verify();" name="admin_user" type="text" size="30" /></td><td><img id="s_user" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ <tr><td><b>Administration username</b><br /><small>The administration username you will use to log into your site.<br />This cannot be "anonymous" or in the form of an IP address.</small></td><td><input onkeyup="verify();" name="admin_user" type="text" size="30" /></td><td><img id="s_user" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
<tr><td>Administration password:</td><td><input onkeyup="verify();" name="admin_pass" type="password" size="30" /></td><td rowspan="2"><img id="s_password" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
<tr><td>Enter it again to confirm:</td><td><input onkeyup="verify();" name="admin_pass_confirm" type="password" size="30" /></td></tr>
<tr><td>Your e-mail address:</td><td><input onkeyup="verify();" name="admin_email" type="text" size="30" /></td><td><img id="s_email" alt="Good/bad icon" src="images/bad.gif" /></td></tr>