Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Malf Furious <m@lfurio.us>
|
|
This behavior was causing issues in the UI. We normally "try" to set a
new asset by default, in case one was provided by the user, and just
soft-fail if one wasn't. This "soft-failing" is now resulting in the
images being removed if the user just goes in to change his alias (for
example).
Signed-off-by: Malf Furious <m@lfurio.us>
|
|
When setting the bg image for an object, create a copy of it
(square-cropped) in dynmic/thumbs/ for display in the settings modal.
This patch provides an additional function for retriving the thumbnail's
URL as well.
This thumbnail is desirable for the sake of the UI. If we cannot make a
guarantee as to the aspect ratio of the preview images shown on the user
tab of the settings modal, these widgets may appear wrong or go off the
screen a bit on smaller devices.
Signed-off-by: Malf Furious <m@lfurio.us>
|
|
If the $_SCROTT['AUTO_MODAL'] global is defined, it will refer to a
modal's DOM ID to be shown once the page loads. Currently, an error
state will supersede this and display the notice modal instead.
Signed-off-by: Malf Furious <m@lfurio.us>
|
|
Previously, you could log into an account named "MyAccount" by entering
either "myaccount" or "MYACCOUNT" (or any other case conbination). This
patch requires logins to succeed with case-sensitive usernames.
I have also decided, that I wish to disallow duplicate usernames if the
only difference between them is case. There can only be _ONE_
"myaccount" (of any case combination), even if he's known canonically as
"MyAccount". This particular functionality is not changed by this
patch. I'm just noting it as a deliberate decision not to change, by
policy.
Note that _passwords_ always have been, and still are, case-sensitive.
They are salted and hashed before they even hit the database.
Signed-off-by: Malf Furious <m@lfurio.us>
|
|
Signed-off-by: Malf Furious <m@lfurio.us>
|
|
Signed-off-by: Malf Furious <m@lfurio.us>
|
|
This function helps further abstract agents. We want to get all users
belonging to a pad that is owned by a group, or more specifically - an
agent. If this agent is a user, that user is our only user to collect.
If this agent is a group, we want to capture _it's_ owner along with all
of it's members.
Signed-off-by: Malf Furious <m@lfurio.us>
|
|
This returns an array of all issues which directly parent the pad
object. These are the pad's closed issues. Most recently closed issues
are first in the array.
Signed-off-by: Malf Furious <m@lfurio.us>
|
|
Adds 'image/x-ms-bmp' as an allowed mimetype for images, and is
equivalent to 'image/bmp'. The image module is also updated to expect
this new type.
I found an image of mine that, when uploaded, PHP thought was
'image/bmp', so it was allowed. However, when cropping, PHP though it
was 'image/x-ms-bmp' and failed to lookup a loading/writing function.
Signed-off-by: Malf Furious <m@lfurio.us>
|
|
Adds 'image/bmp' as an allowed mimetype for images. The image module is
also updated to expect this new type.
Signed-off-by: Malf Furious <m@lfurio.us>
|
|
Adds 'image/gif' as an allowed mimetype for images. The image module is
also updated to expect this new type. For background images, animated
gifs will work properly. For head images, the cropping process
truncates the image to only one frame; this is probably for the best.
Signed-off-by: Malf Furious <m@lfurio.us>
|
|
Signed-off-by: Malf Furious <m@lfurio.us>
|
|
The SQL query here, as written, was omitting 'log' type messages from
the results.
Signed-off-by: Malf Furious <m@lfurio.us>
|
|
This reverts commit 62872702dc413b7abab94d8a5a7bd21770b5d241.
|
|
|
|
Revised implementation of redesigned data model.
|
|
This function is patched to co-operate with structural changes to the
issue class.
|
|
|
|
|
|
|
|
|
|
This is probabally more of an oops than a bug, although was causing
unexpected behavior.
When falling back to checking whether the agent has access to the
object's owner, it was wrongly accessing through $this->owner, rather
than $obj->owner (which is the function argument). This was probabally
left over from how this function _used_ to be implemented (you would
call on the object and pass in the user).
|
|
There was a problem with processing enum type fields. The way all other
field types are asserted to be 'defined' is via:
isset($field) && $field != ""
Which works perfectly fine, and is exactly what we want. However, with
enums the second part of that && can bite us if "" is in the list of
acceptable values.
This commit removed that half of the check (only for enum values) so
that the empty string may be an acceptable enum value. If "" is not in
the values array, then the check is implicitly reinstated.
|
|
Because of how this function was implemented, any failure during
database instance construction is treated the same way. IE. we cannot
tell the difference between 'no db config' (as is the initial default
state) and a 'bad db config' (either bogus data, or the server happens
to be down).
Because of this, if, after the database access is initially set up,
access to the db becomes unavailable or someone makes a bad edit to the
dbconfig.php file, Scrott behaves as if it is being configured for the
first time. This is *dangerous* behavior! (unexpected, at the least)
The implication of this is that if Scrott's database access is ever
incidentially interrupted, the very next visitor to the site is offered
the chance to (silently) reconfigure the server to point to any database
of his choosing.
This patch updates the checkConfig() function to only 'soft fail'
(return false) in the case where the configuration is _actually_
missing. IE. $_SCROTT['conf'] is not defined. This function will
otherwise passthrough any and all exceptions which result from
instanciating the database instance and will only return true if both of
these steps succeed.
|
|
This is not meant to be a user (admin) configurable key. Rather, this
is a mechanism for success/failure results from interactions with
PHPMailer to make their way back to the UI. Down the road, email
sending functions should publish their true/false return value to this
configuration key. The initial default value of "NULL" means no mail
send attempts have taken place.
|
|
In cases where the pad had no stages beneath it, `new
stage($this->stage)` would construct an invalid object. As it turns
out, calling ->getArray() on an uninitialized stage object yeilds bad
results.
Instead of patching the stage::getArray() function, I add a check to
harden pad::getStages(). My reasoning for this is as follows: The bug
in getArray() manifests from a domain error, ie. it's only because we
are calling it on an uninitialized object. The object is already in a
bad state prior to caling getArray(). Rather, I opt to patch
getStages() so that we never create a bad object in the first place.
Now, for no-stage pads, getStages() will return early an empty array.
|
|
This particular flaw was dampening (and could popentially be hiding) the
effects of other bugs.
For instance, in this case, a GUID of "" was invalidly being used to
construct an object. This should obviously be considered an error, but
since "" evaluates to false, the construction was treated as default (no
GUID) construction and succedded. It wasn't until later when missing
properties were accessed that random PHP error messages clued me into what
was happening.
Now, when any sort of explicit value is used to construct an object (not
NULL), an object load will be attempted, giving bad input more chances
to fail outright and trigger an exception. In addition, the 'no such
guid' exception message is updated to place quotes ('') around the GUID
string to make it more obvious when "" is used in the future.
|
|
These two functions, 'getCurrentTimestamp()' and 'isGUID()' are updated
to be public. There is actually no good reason for them to be private;
I originally just never antisipated their use outside this class.
I need isGUID() in index.php to help with page routing. Neither of
these two functions have side effects of any kind nor any unexpected
behavior, so there is no harm in going public.
|
|
Removing these unnecessary checks. They are not protecting us from
anything, only inconveniencing me in index.php.
|
|
Update all usage of saveFile() to use added saveIfFile() function,
forwarding on the convenience to model code. Model code can pass in
file field names, rather than $_FILES arrays directly.
|
|
This is an alternative function to globals' saveFile(), which allows
model code to just pass in the name of the expected uploaded file,
rather than requiring them to look up the file themselves. This is in
line with my preference to encapsulate PHP superglobals access away from
most of the codebase.
Note that even if the user opts not to upload optional files, the
associated file <input> field will still be present in $_FILES, with a
special error code set (meaning 'no file uploaded') which setFile()
ignores. It is only in the case of a malformed form submission that
$_FILES will be missing the requested file field, prompting Scrott to
throw an exception.
|
|
We can check for the existence of an object's background image by
calling getBgImg(), since it returns NULL when there is no such image.
But getHeadImg() behaves differently, returning a path to
'static/img/null.jpg' (via df.php) when there is no image, making it
more difficult to tell. This function addresses this concern.
|
|
The initial intended use case for this is applying the "active" and "in
active" classes to the first tab to appear in the settings modal.
|
|
This is basically a constructor for agent. The actual type returned is
a contrete agent.
|
|
|
|
If a table query yeilds zero rows, we would still attempt to load the
first (index zero) into $this, causing an error to be thrown by PHP. We
are now checking the size of the results array first.
|
|
Added a $limit argument to specify a maximum number of results to
return.
|
|
The intention is for index.php to set this variable. This is the text
(HTML) displayed on the button for the pad select dropdown in the nav
bar. Basically the canonical name of the page we're on.
|
|
Passing no argument (or NULL) now causes this function to redirect to
the 'app-path' (current request page). This is a way to reload the
current page.
|
|
The check that this commit adds to each of these functions enables users
with all permissions on themselves.
|
|
If the argument doesn't have an owner, then an access error is thrown
when we try to do ->guid. Since there is no owner, just return false.
Otherwise, do the comparision as usual.
|
|
|
|
This addresses a problem with most views. They need an object context
to display in. IE what pad, group, etc. are we viewing? This variable
is intended to be set by index.php and referenced by page models.
|
|
Previously, these functions would always call session_start() before
doing most of their work. However, I've found that calling that
function two or more times within the lifetime of a program results in
NOTICE messages output from the PHP interpreter. Therefore, I am now
only calling session_start() if the session is not already active.
|
|
If the session is set to an invalid (eg: deleted) user GUID, an
exception is (correctly) thrown. This commit catches that and enables
getCurrent() to close the bad session and return NULL.
|
|
|
|
|
|
Since 'object' is now a reserved word (as of PHP 7.2), I have to rename
this class. I really preferred the name object, but obj will have to
do.
|
|
|