You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@vcl.apache.org by jf...@apache.org on 2015/12/18 19:58:13 UTC

svn commit: r1720840 - /vcl/trunk/web/.ht-inc/utils.php

Author: jfthomps
Date: Fri Dec 18 18:58:12 2015
New Revision: 1720840

URL: http://svn.apache.org/viewvc?rev=1720840&view=rev
Log:
VCL-908 - Image owner string is not validated when creating a new image

utils.php: modified validateUserid: added block to handle corner case where no affiliation is passed in as part of $loginid, shibboleth only authentication is being used for the default affiliation, ALLOWADDSHIBUSERS is set to 1, and there is an @ in $loginid

Modified:
    vcl/trunk/web/.ht-inc/utils.php

Modified: vcl/trunk/web/.ht-inc/utils.php
URL: http://svn.apache.org/viewvc/vcl/trunk/web/.ht-inc/utils.php?rev=1720840&r1=1720839&r2=1720840&view=diff
==============================================================================
--- vcl/trunk/web/.ht-inc/utils.php (original)
+++ vcl/trunk/web/.ht-inc/utils.php Fri Dec 18 18:58:12 2015
@@ -981,6 +981,18 @@ function validateUserid($loginid) {
 	if(mysql_num_rows($qh))
 		return 1;
 
+	if($rc == 0 &&
+	   ALLOWADDSHIBUSERS == 1 && 
+	   strpos($loginid, '@')) {
+		$query = "SELECT shibonly "
+		       . "FROM affiliation "
+		       . "WHERE id = " . DEFAULT_AFFILID;
+		$qh = doQuery($query); 
+		$row = mysql_fetch_assoc($qh);
+		if($row['shibonly'] == 1)
+			return 0;           
+	}
+
 	$valfunc = $affilValFunc[$affilid];
 	if(array_key_exists($affilid, $affilValFuncArgs))
 		return $valfunc($affilValFuncArgs[$affilid], $loginid);