Changeset 940

Timestamp:

11/05/08 18:16:54 (4 years ago)

Author:

bogdan2412

Message:

Merged changes from review request ​http://reviewboard.infoarena.ro/r/13/.

Diff 2 (which was already merged) to diff 5.

Location:

trunk

Files:

• common/string.php (modified) (1 diff)
• www/config.php (modified) (1 diff)
• www/index.php (modified) (3 diffs)
• www/wiki/MyTextile.php (modified) (3 diffs)

trunk/common/string.php

@@ -1 +1 @@
 <?php
 
-  // Various string processing functions.
+// Various string processing functions.
 
 function starts_with($s, $substr) {
+    log_assert(is_string($s) && is_string($substr));
     return substr($s, 0, strlen($substr)) == $substr;
 }
 
 function ends_with($s, $substr) {
+    log_assert(is_string($s) && is_string($substr));
     return substr($s, -strlen($substr)) == $substr;
 }

trunk/www/config.php

@@ -69 +69 @@
 define("IA_LATEX_ENABLE", false);
 
-// List of infoarena controllers
-// Direct controllers
-$IA_DIRECT_CONTROLLERS = array('register', 'news_feed', 'changes',
-                               'login', 'logout', 'json', 'job_detail',
-                               'monitor', 'projector', 'submit',
-                               'plot', 'search',
-                               'unsubscribe', 'resetpass', 'reeval');
-
-// List of controllers which do not point to a textblock 
-$IA_NONTEXTBLOCK_CONTROLLERS = array_merge(array('account', 'admin', 'forum', 'confirm',
-                                           'inregistrare-runda', 'lista-inregistrare'),
-                                           $IA_DIRECT_CONTROLLERS);
-
-// List of all controllers
-$IA_CONTROLLERS = array_merge(array('blog'),
-                              $IA_NONTEXTBLOCK_CONTROLLERS);
-
 // List of safe MIME types
 // FIXME: add more?

trunk/www/index.php

@@ -37 +37 @@
 // Filter empty path elements. Strips extra '/'s
 $page = normalize_page_name($page);
-$page_path = explode('/', $page);
-
-$url_root = getattr($page_path, 0, '');
-$page_id = implode('/', array_slice($page_path, 1));
+$pagepath = explode('/', $page);
+
+$urlstart = getattr($pagepath, 0, '');
+$page_id = implode('/', array_slice($pagepath, 1));
 $action = request('action', 'view');
 
-// Check if page gets passed to a controller or is a simple textblock
-if (in_array($url_root, $IA_CONTROLLERS)) {
-    // Trivial direct mappings
-    if (in_array($url_root, $IA_DIRECT_CONTROLLERS)) {
-        require_once(IA_ROOT_DIR."www/controllers/{$url_root}.php");
-        $fname = "controller_{$url_root}";
-        $fname($page_id);
-    }
-
-    // Account edit page
-    if ($url_root == 'account') {
-        require_once(IA_ROOT_DIR.'www/controllers/account.php');
-        controller_account(getattr($page_path, 1));
-    }
-
-    // Admin controller
-    if ($url_root == 'admin') {
-        $subcontroller = getattr($page_path, 1);
-
-        // Blog admin
-        if ($subcontroller == 'blog') {
-            $obj_id = implode("/", array_slice($page_path, 1));
-            require_once(IA_ROOT_DIR.'www/controllers/blog.php');
-            controller_blog_admin($obj_id);
-        }
-
-        // Task creator
-        if ($subcontroller == 'problema-noua') {
-            require_once(IA_ROOT_DIR.'www/controllers/task.php');
-            controller_task_create();
-        }
-
-        // Task detail editor
-        if ($subcontroller == 'problema') {
-            $obj_id = implode("/", array_slice($page_path, 2));
-            require_once(IA_ROOT_DIR.'www/controllers/task.php');
-            controller_task_details($obj_id);
-        }
-
-        // Round creator
-        if ($subcontroller == 'runda-noua') {
-            require_once(IA_ROOT_DIR.'www/controllers/round.php');
-            controller_round_create();
-        }
-
-        // Round detail editor
-        if ($subcontroller == 'runda') {
-            $obj_id = implode("/", array_slice($page_path, 2));
-            require_once(IA_ROOT_DIR.'www/controllers/round.php');
-            controller_round_details($obj_id);
-        }
-
-        // Invalid subcontroller
-        flash_error('URL invalid');
-        redirect(url_home());
-    }
-
-    if ($url_root == 'inregistrare-runda') {
-        $obj_id = implode("/", array_slice($page_path, 1));
-        require_once(IA_ROOT_DIR.'www/controllers/round_register.php');
-        controller_round_register($obj_id);
-    }
-
-    // Round registered users
-    if ($url_root == 'lista-inregistrare') {
-        $obj_id = implode("/", array_slice($page_path, 1));
-        require_once(IA_ROOT_DIR.'www/controllers/round_register.php');
-        controller_round_register_view($obj_id);
-    }
-
-    // Password reset confirmation
-    if ($url_root == 'confirm') {
-        require_once(IA_ROOT_DIR.'www/controllers/resetpass.php');
-        controller_resetpass_confirm($page_id);
-    }
-
-    // Special textblock controllers
-    // Blog controller
-    if ($url_root == 'blog')
-    {
-        // Blog index
-        if ($page == 'blog') {
-            // Blog RSS feed
-            if ($action == 'rss') {
-                require_once(IA_ROOT_DIR.'www/controllers/blog.php');
-                controller_blog_feed();
-            } else {
-                require_once(IA_ROOT_DIR.'www/controllers/blog.php');
-                controller_blog_index();
-            }
-        }
-
-        // Blog edit
-        if ($action == 'edit') {
-            require_once(IA_ROOT_DIR.'www/controllers/textblock_edit.php');
-            controller_textblock_edit($page, 'private');
-        }
-
-        // Blog view
-        if ($action == 'view') {
-            require_once(IA_ROOT_DIR.'www/controllers/blog.php');
-            controller_blog_view($page, request('revision'));
-        }
-    }
+// Direct mapping list
+// Note: array_flip() flips keys with values in a dictionary.
+// FIXME: change this to Romanian!
+$directmaps = array_flip(array('register', 'news_feed', 'changes',
+                               'login', 'logout', 'json', 'job_detail',
+                               'monitor', 'projector', 'submit', 'userinfo',
+                               'plot', 'search',
+                               'unsubscribe', 'resetpass', 'reeval'
+));
+//
+// Here comes the big url mapper.
+// We include in the if statement to avoid an extra parsing load.
+//
+
+// Trivial direct mappings
+if (isset($directmaps[$urlstart])) {
+    require_once(IA_ROOT_DIR."www/controllers/{$urlstart}.php");
+    $fname = "controller_{$urlstart}";
+    $fname($page_id);
+}
+
+// Account edit page
+else if ($urlstart == 'account') {
+    require_once(IA_ROOT_DIR.'www/controllers/account.php');
+    controller_account(getattr($pagepath, 1));
+}
+
+// Blog admin
+else if ($urlstart == 'admin' && getattr($pagepath, 1) == 'blog') {
+    $obj_id = implode("/", array_slice($pagepath, 1));
+    require_once(IA_ROOT_DIR.'www/controllers/blog.php');
+    controller_blog_admin($obj_id);
+}
+
+// Task creator
+else if ($page == 'admin/problema-noua') {
+    require_once(IA_ROOT_DIR.'www/controllers/task.php');
+    controller_task_create();
+}
+
+// Task detail editor
+else if ($urlstart == 'admin' && getattr($pagepath, 1) == 'problema') {
+    $obj_id = implode("/", array_slice($pagepath, 2));
+    require_once(IA_ROOT_DIR.'www/controllers/task.php');
+    controller_task_details($obj_id);
+}
+
+// Round creator
+else if ($page == 'admin/runda-noua') {
+    require_once(IA_ROOT_DIR.'www/controllers/round.php');
+    controller_round_create();
+}
+
+// Round detail editor
+else if ($urlstart == 'admin' && getattr($pagepath, 1) == 'runda') {
+    $obj_id = implode("/", array_slice($pagepath, 2));
+    require_once(IA_ROOT_DIR.'www/controllers/round.php');
+    controller_round_details($obj_id);
+}
+
+// Round registration 
+else if ($urlstart == 'inregistrare-runda') {
+    $obj_id = implode("/", array_slice($pagepath, 1));
+    require_once(IA_ROOT_DIR.'www/controllers/round_register.php');
+    controller_round_register($obj_id);
+}
+
+// Round registered users
+else if ($urlstart == 'lista-inregistrare') {
+    $obj_id = implode("/", array_slice($pagepath, 1));
+    require_once(IA_ROOT_DIR.'www/controllers/round_register.php');
+    controller_round_register_view($obj_id);
+}
+
+// Blog RSS feed
+else if ($page == 'blog' && $action == 'rss') {
+    require_once(IA_ROOT_DIR.'www/controllers/blog.php');
+    controller_blog_feed();
+}
+
+// Blog index
+else if ($page == 'blog') {
+    require_once(IA_ROOT_DIR.'www/controllers/blog.php');
+    controller_blog_index();
+}
+
+// Blog edit
+else if ($urlstart == 'blog' && $action == 'edit') {
+    require_once(IA_ROOT_DIR.'www/controllers/textblock_edit.php');
+    controller_textblock_edit($page, 'private');
+}
+
+// Blog view
+else if ($urlstart == 'blog' && $action == 'view') {
+    require_once(IA_ROOT_DIR.'www/controllers/blog.php');
+    controller_blog_view($page, request('revision'));
 }
 
@@ -152 +144 @@
 // FIXME: quick array of sorts?
 //  - edit textblock
-if ($action == 'edit') {
+else if ($action == 'edit') {
     require_once(IA_ROOT_DIR.'www/controllers/textblock_edit.php');
     controller_textblock_edit($page);
@@ -216 +208 @@
 }
 
+// reset password
+else if ('confirm' == $urlstart) {
+    // confirm reset password
+    require_once(IA_ROOT_DIR.'www/controllers/resetpass.php');
+    controller_resetpass_confirm($page_id);
+}
+
 // user profile, view personal page / statistics / rating evolution
-else if (IA_USER_TEXTBLOCK_PREFIX == $url_root.'/' &&
+else if (IA_USER_TEXTBLOCK_PREFIX == $urlstart.'/' &&
          ('view' == $action || 'rating' == $action || 'stats' == $action )) {
     require_once(IA_ROOT_DIR.'www/controllers/user.php');

trunk/www/wiki/MyTextile.php

@@ -131 +131 @@
         $args['extra'] = $alt;
 
-        // Catch internal images
         // To avoid CSRF exploits we restrict all images to textblock attachments
         $allowed = false;
         // $allowed_urls are exceptions to this rule
-        $allowed_urls = array("static/images/", "plot/rating", "plot/distribution");
+        $allowed_urls = array("static/images/", "plot/");
 
         foreach ($allowed_urls as $url) {
@@ -144 +143 @@
             }
         }
-     
-        if (!$allowed && !preg_match('/^'.IA_RE_EXTERNAL_URL.'$/xi', $srcpath)) {
+
+        // Catch internal images
+        if (!preg_match('/^'.IA_RE_EXTERNAL_URL.'$/xi', $srcpath)) {
             if (preg_match('/^ ('.IA_RE_PAGE_NAME.') \? '.
                            '('.IA_RE_ATTACHMENT_NAME.')'.
@@ -158 +158 @@
                 $args['src'] = html_escape(url_absolute(url_image_resize($matches[1], $matches[2], $extra)));
                 $allowed = true;
-
-                // Test if $srcpath references an internal url that is NOT a textblock
-                // in case someone tries to trick the regexp with something like !logout?something!
-
-                $tmp = explode("?", $srcpath);
-                $srcpath_root = $tmp[0];                  // Strips everything after "?"
-                $tmp = explode("/", $srcpath_root);
-                $srcpath_controller = $tmp[0];            // Strips everything after first "/"
-                global $IA_NONTEXTBLOCK_CONTROLLERS;
-                if (in_array(strtolower($srcpath_controller), $IA_NONTEXTBLOCK_CONTROLLERS)) {
-                    $allowed = false;
-                }
             }
         }
 
         if (!$allowed) {
-            return macro_error("Imaginile trebuie neaparat sa fie atasamente ale unei pagini");
+            return macro_error("Imaginile trebuie neaparat sa fie atasamente ale unei pagini.");
         }
         //log_print("passing to parent::format image");