Discussion:
phpgw stabilization and alpha relase
Maât
2008-06-03 14:14:08 UTC
Permalink
Hi, all
I have a stable-stable - posted on
http://download.savannah.gnu.org/releases/fmsystem/
The latest one I am using for full scale production is the 0.9.17.003
I think it would be nice to avoid locking everything when there are only
some specific points on wich we cannot reach a common position.

I looked at the tree Sigurd provided and i think there are many things
we can include right now in phpgw without bloody fight.

I have started to identify differences from trunk and i will send
patches from this comparison here... so that we move on to have this
alpha published as clean as possible i propose apply these patches on
trunk if i'm not blasted before i try to commit ( /me puts on he's iron
helmet just in case...)

If there are patches that could bring technical issues i did not foresee
please just answer to the patch proposal so that i delay the considered
patch inclusion.

Here is the first patch on phpgroupware/redirect.php (rather simple
thing to begin with)

plz let me know what you think

regards,
Maât
Maât
2008-06-03 15:03:56 UTC
Permalink
Next patch... a tiny one for greater security.

regards,
Maât
Chris Weiss
2008-06-03 15:16:58 UTC
Permalink
um, this does exactly nothing. if you added ";" I might see it, but
this is effectively pointless.
Post by Maât
Next patch... a tiny one for greater security.
regards,
Maât
Index: phpgwapi/inc/accounts/class.accounts_.inc.php
===================================================================
--- phpgwapi/inc/accounts/class.accounts_.inc.php (revision 18589)
+++ phpgwapi/inc/accounts/class.accounts_.inc.php (working copy)
@@ -434,7 +434,7 @@
function get_members()
{
$members = array();
- $sql = "SELECT acl_account FROM phpgw_acl WHERE
acl_appname = 'phpgw_group' and acl_location =" . (int) $this->account_id;
+ $sql = "SELECT acl_account FROM phpgw_acl WHERE
acl_appname = 'phpgw_group' and acl_location ='" . (int) $this->account_id .
"'";
$this->db->query($sql,__LINE__,__FILE__);
while ($this->db->next_record())
{
_______________________________________________
phpGroupWare-developers mailing list
http://lists.gnu.org/mailman/listinfo/phpgroupware-developers
Maât
2008-06-03 15:30:05 UTC
Permalink
Post by Chris Weiss
um, this does exactly nothing. if you added ";" I might see it, but
this is effectively pointless.
||CW : 1 - 0 Maât

:)

as there is an (int) before $this->account_id the single quotes is not
needed for security reasons.

though, if i'm not mistaken, acl_location is a string from the db point
of view... perhaps required by some db (pg ?)


regards,
Maât
Chris Weiss
2008-06-03 17:11:05 UTC
Permalink
Post by Maât
Post by Chris Weiss
um, this does exactly nothing. if you added ";" I might see it, but
this is effectively pointless.
||CW : 1 - 0 Maât
:)
as there is an (int) before $this->account_id the single quotes is not
needed for security reasons.
though, if i'm not mistaken, acl_location is a string from the db point of
view... perhaps required by some db (pg ?)
if it is a char it should have quotes, but if it is always a number
then it should not be a char. if it is not always a number then it
should not have the (int) cast.

if it is not a char then it should not have the quotes, the quotes
will cause an unessicary cast on the db side and some db's will also
complain.
Christian Böttger
2008-06-07 11:13:14 UTC
Permalink
Hi @all,

sorry for being late in answering - I've got a new contract away from
home, and there is no IRC access from work there (nor any messenger, no
imap, pop3, smtp, ... just HTTP ...), and internet access via Swisscom
hotspot (hotel) is rather expensive...
Post by Maât
I think it would be nice to avoid locking everything when there are only
some specific points on wich we cannot reach a common position.
ACK.
Post by Maât
I looked at the tree Sigurd provided and i think there are many things
we can include right now in phpgw without bloody fight.
I have started to identify differences from trunk and i will send
patches from this comparison here... so that we move on to have this
alpha published as clean as possible i propose apply these patches on
trunk if i'm not blasted before i try to commit ( /me puts on he's iron
helmet just in case...)
This is a very good proposal. And it includes some QA as well :-)

From my side: just go ahead!


Regards

Christian (aka bofh42)
--
Dr. Christian Böttger (Dipl.Phys.) DF5OP Open Source Broker
E-Mail: ***@GMail.com ***@boettger.eu.com
WWW: http://christian.böttger.info/ http://www.mydarc.de/df5op
OpenBC/Xing: http://www.xing.com/go/invuid/Christian_Boettger2
LinkedIn: https://www.linkedin.com/in/christianboettger
Loading...