# HG changeset patch # User Dan # Date 1188058291 14400 # Node ID 6457a9b983c68fe0bc60cbfd2f133f5ac6979b32 # Parent 293148ad7a70d20691a65243cfd3588077d65e17 Fixed non-object reference in databaseless template, added locking for Javascript paginator, made comments on AES key size more clear in constants, and disallowed "anonymous" and IP addresses for admin username in install.php; Loch Ness release candidate diff -r 293148ad7a70 -r 6457a9b983c6 includes/clientside/static/paginate.js --- a/includes/clientside/static/paginate.js Sun Aug 19 16:22:04 2007 -0400 +++ b/includes/clientside/static/paginate.js Sat Aug 25 12:11:31 2007 -0400 @@ -193,8 +193,12 @@ } +var __paginateLock = false; + function jspaginator_goto(pagin_id, jump_to) { + if ( __paginateLock ) + return false; var theobj = pagin_objects[pagin_id]; var current_div = false; var new_div = false; @@ -239,6 +243,7 @@ } else { + __paginateLock = true; var fade_time = 375; var code = 'var old = \'' + current_div.id + '\';'; code += 'var newer = \'' + new_div.id + '\';'; @@ -246,6 +251,7 @@ code += 'changeOpac(0, newer);'; code += 'document.getElementById(newer).style.display = "block";'; code += 'opacity(newer, 0, 100, '+fade_time+');'; + code += '__paginateLock = false;'; // if ( window.console ) // window.console.debug('metacode for fader: ', code); opacity(current_div.id, 100, 0, fade_time); diff -r 293148ad7a70 -r 6457a9b983c6 includes/constants.php --- a/includes/constants.php Sun Aug 19 16:22:04 2007 -0400 +++ b/includes/constants.php Sat Aug 25 12:11:31 2007 -0400 @@ -92,7 +92,9 @@ // Security -define('AES_BITS', 192); // AES cipher strength - defaults to 192 and cannot be changed after installation +// AES cipher strength - defaults to 192 and cannot be changed after installation. +// This can be 128, 192, or 256. +define('AES_BITS', 192); // Define this to enable Mcrypt support which makes encryption work faster. This is only triggered if Mcrypt support is detected. // THIS IS DISABLED BECAUSE MCRYPT DOES NOT SEEM TO SUPPORT THE AES BLOCK SIZES THAT ENANO USES. diff -r 293148ad7a70 -r 6457a9b983c6 includes/template.php --- a/includes/template.php Sun Aug 19 16:22:04 2007 -0400 +++ b/includes/template.php Sat Aug 25 12:11:31 2007 -0400 @@ -1682,7 +1682,14 @@ $dbg = 'Time: '.$f.'s | Queries: '.$nq; $t = $this->process_template('footer.tpl'); $t = str_replace('[[Stats]]', $dbg, $t); - $t = str_replace('[[NumQueries]]', (string)$db->num_queries, $t); + if ( is_object($db) ) + { + $t = str_replace('[[NumQueries]]', (string)$db->num_queries, $t); + } + else + { + $t = str_replace('[[NumQueries]]', '0', $t); + } $t = str_replace('[[GenTime]]', (string)$f, $t); echo $t; diff -r 293148ad7a70 -r 6457a9b983c6 install.php --- a/install.php Sun Aug 19 16:22:04 2007 -0400 +++ b/install.php Sat Aug 25 12:11:31 2007 -0400 @@ -216,8 +216,8 @@ is enabled, an attacker can run arbitrary code on your server! Enabling this will also allow administrators to embed Javascript and arbitrary HTML and CSS.
If you don\'t have experience coding in PHP, you can safely disable this option. You may change this at any time - using the ACL editor by selecting the Administrators group and This Entire Website under the scope selection, or by - using the "embedded PHP kill switch" in the administration panel.
'; + using the ACL editor by selecting the Administrators group and This Entire Website under the scope selection. '; break; default: $title = 'Invalid topic'; @@ -759,7 +759,7 @@ { var frm = document.forms.login; ret = true; - if(frm.admin_user.value.match(/^([A-z0-9 \-\.]+)$/g)) + if ( frm.admin_user.value.match(/^([A-z0-9 \-\.]+)$/g) && !frm.admin_user.value.match(/^(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])$/) && frm.admin_user.value.toLowerCase() != 'anonymous' ) { document.getElementById('s_user').src = 'images/good.gif'; } @@ -806,7 +806,7 @@ ?>Next, enter your desired username and password. The account you create here will be used to administer your site.
Administration username The administration username you will use to log into your site. | ||
Administration username The administration username you will use to log into your site. This cannot be "anonymous" or in the form of an IP address. | ||
Administration password: | ||
Enter it again to confirm: | ||
Your e-mail address: |