From ad5cc681077c019fb6cac1459badbd93836bdd80 Mon Sep 17 00:00:00 2001 From: kervala Date: Fri, 5 Sep 2014 15:42:53 +0200 Subject: [PATCH 1/6] Changed: Code formatting --- code/nel/include/nel/3d/scene.h | 2 +- code/nel/include/nel/misc/app_context.h | 2 +- .../nel/samples/3d/nel_qt/qtcolorpicker_cpp.h | 67 +++++++++++-------- .../3d/driver/direct3d/driver_direct3d.cpp | 5 +- code/nel/src/misc/app_context.cpp | 2 +- 5 files changed, 45 insertions(+), 33 deletions(-) diff --git a/code/nel/include/nel/3d/scene.h b/code/nel/include/nel/3d/scene.h index e0648ebd3..50dfe6b8a 100644 --- a/code/nel/include/nel/3d/scene.h +++ b/code/nel/include/nel/3d/scene.h @@ -826,7 +826,7 @@ private: void flushSSSModelRequests(); // common vb for water display CVertexBuffer _WaterVB; - + bool _RequestParticlesAnimate; }; diff --git a/code/nel/include/nel/misc/app_context.h b/code/nel/include/nel/misc/app_context.h index 8bbf9499d..46d2a15c7 100644 --- a/code/nel/include/nel/misc/app_context.h +++ b/code/nel/include/nel/misc/app_context.h @@ -147,7 +147,6 @@ namespace NLMISC bool DebugNeedAssert; bool NoAssert; bool AlreadyCreateSharedAmongThreads; - }; /** This class implements the context interface for the a library module. @@ -184,6 +183,7 @@ namespace NLMISC virtual void setNoAssert(bool noAssert); virtual bool getAlreadyCreateSharedAmongThreads(); virtual void setAlreadyCreateSharedAmongThreads(bool b); + private: /// Pointer to the application context. INelContext *_ApplicationContext; diff --git a/code/nel/samples/3d/nel_qt/qtcolorpicker_cpp.h b/code/nel/samples/3d/nel_qt/qtcolorpicker_cpp.h index b143f9f3c..0701a803f 100644 --- a/code/nel/samples/3d/nel_qt/qtcolorpicker_cpp.h +++ b/code/nel/samples/3d/nel_qt/qtcolorpicker_cpp.h @@ -543,14 +543,17 @@ ColorPickerPopup::ColorPickerPopup(int width, bool withColorDialog, setMouseTracking(true); cols = width; - if (withColorDialog) { - moreButton = new ColorPickerButton(this); - moreButton->setFixedWidth(24); - moreButton->setFixedHeight(21); - moreButton->setFrameRect(QRect(2, 2, 20, 17)); - connect(moreButton, SIGNAL(clicked()), SLOT(getColorFromDialog())); - } else { - moreButton = 0; + if (withColorDialog) + { + moreButton = new ColorPickerButton(this); + moreButton->setFixedWidth(24); + moreButton->setFixedHeight(21); + moreButton->setFrameRect(QRect(2, 2, 20, 17)); + connect(moreButton, SIGNAL(clicked()), SLOT(getColorFromDialog())); + } + else + { + moreButton = 0; } eventLoop = 0; @@ -1059,15 +1062,20 @@ void ColorPickerButton::mouseReleaseEvent(QMouseEvent *) void ColorPickerButton::keyPressEvent(QKeyEvent *e) { if (e->key() == Qt::Key_Up - || e->key() == Qt::Key_Down - || e->key() == Qt::Key_Left - || e->key() == Qt::Key_Right) { - qApp->sendEvent(parent(), e); - } else if (e->key() == Qt::Key_Enter || e->key() == Qt::Key_Space || e->key() == Qt::Key_Return) { - setFrameShadow(Sunken); - update(); - } else { - QFrame::keyPressEvent(e); + || e->key() == Qt::Key_Down + || e->key() == Qt::Key_Left + || e->key() == Qt::Key_Right) + { + qApp->sendEvent(parent(), e); + } + else if (e->key() == Qt::Key_Enter || e->key() == Qt::Key_Space || e->key() == Qt::Key_Return) + { + setFrameShadow(Sunken); + update(); + } + else + { + QFrame::keyPressEvent(e); } } @@ -1077,16 +1085,21 @@ void ColorPickerButton::keyPressEvent(QKeyEvent *e) void ColorPickerButton::keyReleaseEvent(QKeyEvent *e) { if (e->key() == Qt::Key_Up - || e->key() == Qt::Key_Down - || e->key() == Qt::Key_Left - || e->key() == Qt::Key_Right) { - qApp->sendEvent(parent(), e); - } else if (e->key() == Qt::Key_Enter || e->key() == Qt::Key_Space || e->key() == Qt::Key_Return) { - setFrameShadow(Raised); - repaint(); - emit clicked(); - } else { - QFrame::keyReleaseEvent(e); + || e->key() == Qt::Key_Down + || e->key() == Qt::Key_Left + || e->key() == Qt::Key_Right) + { + qApp->sendEvent(parent(), e); + } + else if (e->key() == Qt::Key_Enter || e->key() == Qt::Key_Space || e->key() == Qt::Key_Return) + { + setFrameShadow(Raised); + repaint(); + emit clicked(); + } + else + { + QFrame::keyReleaseEvent(e); } } diff --git a/code/nel/src/3d/driver/direct3d/driver_direct3d.cpp b/code/nel/src/3d/driver/direct3d/driver_direct3d.cpp index 2316119a2..c7fd65a99 100644 --- a/code/nel/src/3d/driver/direct3d/driver_direct3d.cpp +++ b/code/nel/src/3d/driver/direct3d/driver_direct3d.cpp @@ -1511,8 +1511,6 @@ bool CDriverD3D::setDisplay(nlWindow wnd, const GfxMode& mode, bool show, bool r } } - - // _D3D->CreateDevice (adapter, _Rasterizer, _HWnd, D3DCREATE_SOFTWARE_VERTEXPROCESSING, ¶meters, &_DeviceInterface); // Check some caps @@ -2661,7 +2659,8 @@ bool CDriverD3D::reset (const GfxMode& mode) #ifndef NL_NO_ASM CFpuRestorer fpuRestorer; // fpu control word is changed by "Reset" #endif - if (_Rasterizer!=D3DDEVTYPE_REF) { + if (_Rasterizer!=D3DDEVTYPE_REF) + { HRESULT hr = _DeviceInterface->Reset (¶meters); if (hr != D3D_OK) { diff --git a/code/nel/src/misc/app_context.cpp b/code/nel/src/misc/app_context.cpp index a0b35b35a..32b981bb3 100644 --- a/code/nel/src/misc/app_context.cpp +++ b/code/nel/src/misc/app_context.cpp @@ -75,7 +75,7 @@ INelContext::~INelContext() -void INelContext::contextReady() +void INelContext::contextReady() { // Register the NeL Context // This assert doesn't work for Linux due to ELF symbol relocation From f46cb42bededb64c7f2b95665f565f4b29379f9c Mon Sep 17 00:00:00 2001 From: kaetemi Date: Sat, 6 Sep 2014 00:35:28 +0200 Subject: [PATCH 2/6] Create shard admin user in setup --- .../private_php/setup/sql/nel_tool_00001.sql | 9 +---- .../{todo_cfg => public_php}/admin/config.php | 32 ++++++++-------- code/web/public_php/setup/header.php | 2 + code/web/public_php/setup/install.php | 37 ++++++++++++++++++- 4 files changed, 55 insertions(+), 25 deletions(-) rename code/web/{todo_cfg => public_php}/admin/config.php (71%) diff --git a/code/web/private_php/setup/sql/nel_tool_00001.sql b/code/web/private_php/setup/sql/nel_tool_00001.sql index 12ae695ad..a01a1c4a5 100644 --- a/code/web/private_php/setup/sql/nel_tool_00001.sql +++ b/code/web/private_php/setup/sql/nel_tool_00001.sql @@ -595,14 +595,7 @@ CREATE TABLE IF NOT EXISTS `neltool_users` ( UNIQUE KEY `user_login` (`user_name`), KEY `user_group_id` (`user_group_id`), KEY `user_active` (`user_active`) -) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ; - --- --- Dumping data for table `neltool_users` --- - -INSERT INTO `neltool_users` (`user_id`, `user_name`, `user_password`, `user_group_id`, `user_created`, `user_active`, `user_logged_last`, `user_logged_count`, `user_menu_style`) VALUES -(1, 'guest', '084e0343a0486ff05530df6c705c8bb4', 1, 1405357395, 1, 0, 0, 0); +) ENGINE=MyISAM DEFAULT CHARSET=utf8; -- -------------------------------------------------------- diff --git a/code/web/todo_cfg/admin/config.php b/code/web/public_php/admin/config.php similarity index 71% rename from code/web/todo_cfg/admin/config.php rename to code/web/public_php/admin/config.php index 530adcb43..0a43d798a 100644 --- a/code/web/todo_cfg/admin/config.php +++ b/code/web/public_php/admin/config.php @@ -1,30 +1,32 @@ 0, 'level_name' => 'Normal'), @@ -70,6 +72,6 @@ 'level_name' => 'Administrator'), ); - $restart_notification_emails = array('vl@ryzom.com'); + $restart_notification_emails = array('support@ryzomcore.org'); ?> diff --git a/code/web/public_php/setup/header.php b/code/web/public_php/setup/header.php index 1c7b4cda0..317637ef8 100644 --- a/code/web/public_php/setup/header.php +++ b/code/web/public_php/setup/header.php @@ -112,6 +112,8 @@ function update_database_structure($continue_r, $con, $file) { admin/common.php"); + $continue = false; + } + } + if ($continue) { + try { + require_once('functions_tool_administration.php'); + } catch (Exception $e) { + printalert("danger", "Failed to include NeL admin/functions_tool_administration.php"); + $continue = false; + } + } + if ($continue) { + $adminGroup = 1; + $result = tool_admin_users_add($_POST["toolsAdminUsername"], $_POST["toolsAdminPassword"], (string)$adminGroup, (string)1); + if ($result == "") { + printalert("success", "Added shard admin to NeL tools database"); + } else { + printalert("danger", "Failed to add shard admin to NeL tools database
" . htmlentities($result)); + $continue = false; + } + } + if (!chdir("../")) { + printalert("danger", "Cannot change to public PHP root directory"); + $continue = false; + } } if ($roleSupport) { From 4a186cc23352e106ba084db11df2ad089b0d67b3 Mon Sep 17 00:00:00 2001 From: kaetemi Date: Sat, 6 Sep 2014 00:38:20 +0200 Subject: [PATCH 3/6] Fix version number --- code/web/public_php/ams/templates/layout.tpl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/code/web/public_php/ams/templates/layout.tpl b/code/web/public_php/ams/templates/layout.tpl index 6550929b0..d4735a200 100644 --- a/code/web/public_php/ams/templates/layout.tpl +++ b/code/web/public_php/ams/templates/layout.tpl @@ -29,7 +29,7 @@ - + @@ -158,7 +158,7 @@
- {if $permission > 1}

AMS 0.9.0 Powered by: Charisma

{/if} + {if $permission > 1}

AMS 0.9.1 Powered by: Charisma

{/if}
{/if} @@ -303,6 +303,6 @@ - + From 0e76ed638633fe9e83e67d8aebe1a269c4203d28 Mon Sep 17 00:00:00 2001 From: kaetemi Date: Sat, 6 Sep 2014 01:40:37 +0200 Subject: [PATCH 4/6] Protect shard admin auth SQL queries --- code/web/public_php/admin/functions_auth.php | 10 +++++----- code/web/public_php/admin/functions_mysqli.php | 4 ++++ 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/code/web/public_php/admin/functions_auth.php b/code/web/public_php/admin/functions_auth.php index fcc53ed6a..b56a12064 100644 --- a/code/web/public_php/admin/functions_auth.php +++ b/code/web/public_php/admin/functions_auth.php @@ -8,7 +8,7 @@ { global $db; - $sql = "UPDATE ". NELDB_USER_TABLE ." SET user_logged_count=user_logged_count+1,user_logged_last=". time() ." WHERE user_id=". $user_id; + $sql = "UPDATE ". NELDB_USER_TABLE ." SET user_logged_count=user_logged_count+1,user_logged_last=". time() ." WHERE user_id=". (int)$user_id; $db->sql_query($sql); } @@ -18,7 +18,7 @@ $data = null; - $sql = "SELECT * FROM ". NELDB_USER_TABLE ." LEFT JOIN ". NELDB_GROUP_TABLE ." ON (user_group_id=group_id) WHERE user_id=". $nelid; + $sql = "SELECT * FROM ". NELDB_USER_TABLE ." LEFT JOIN ". NELDB_GROUP_TABLE ." ON (user_group_id=group_id) WHERE user_id=". (int)$nelid; if ($result = $db->sql_query($sql)) { if ($db->sql_numrows($result)) @@ -34,7 +34,7 @@ { global $db; - $sql = "SELECT user_name FROM ". NELDB_USER_TABLE ." WHERE user_id=". $group_id; + $sql = "SELECT user_name FROM ". NELDB_USER_TABLE ." WHERE user_id=". (int)$group_id; if ($result = $db->sql_query($sql)) { if ($db->sql_numrows($result)) @@ -53,7 +53,7 @@ $data = null; - $user = trim($user); + $user = $db->sql_escape_string(trim($user)); $passwd = md5(trim($passwd)); $sql = "SELECT * FROM ". NELDB_USER_TABLE ." LEFT JOIN ". NELDB_GROUP_TABLE ." ON (user_group_id=group_id) WHERE user_name='". $user ."' AND user_password='". $passwd ."' AND user_active=1 AND group_active=1"; @@ -120,4 +120,4 @@ unset($NELTOOL['SESSION_VARS'][$name]); } -?> \ No newline at end of file +?> diff --git a/code/web/public_php/admin/functions_mysqli.php b/code/web/public_php/admin/functions_mysqli.php index da455eb79..8cc2737c3 100644 --- a/code/web/public_php/admin/functions_mysqli.php +++ b/code/web/public_php/admin/functions_mysqli.php @@ -251,6 +251,10 @@ class sql_db return false; } } + function sql_escape_string($str) + { + return mysqli_real_escape_string($this->db_connect_id, $str); + } function sql_error($query_id = 0) { $result["message"] = mysqli_error($this->db_connect_id); From b638219dbdf6f01e824b911ee78ff166a52343b9 Mon Sep 17 00:00:00 2001 From: kaetemi Date: Sat, 6 Sep 2014 03:43:31 +0200 Subject: [PATCH 5/6] Make files folder safe to use --- code/web/public_php/ams/files/.htaccess | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 code/web/public_php/ams/files/.htaccess diff --git a/code/web/public_php/ams/files/.htaccess b/code/web/public_php/ams/files/.htaccess new file mode 100644 index 000000000..8c34c8164 --- /dev/null +++ b/code/web/public_php/ams/files/.htaccess @@ -0,0 +1,5 @@ +Options -Indexes + + ForceType application/octet-stream + Header set Content-Disposition attachment + From c782592d9d94886ffa569d25d97f932b7b705439 Mon Sep 17 00:00:00 2001 From: kaetemi Date: Sat, 6 Sep 2014 03:44:58 +0200 Subject: [PATCH 6/6] Make files folder safe to use --- code/web/public_php/ams/files/.htaccess | 1 + 1 file changed, 1 insertion(+) diff --git a/code/web/public_php/ams/files/.htaccess b/code/web/public_php/ams/files/.htaccess index 8c34c8164..f3b08d726 100644 --- a/code/web/public_php/ams/files/.htaccess +++ b/code/web/public_php/ams/files/.htaccess @@ -1,4 +1,5 @@ Options -Indexes +Options -ExecCGI ForceType application/octet-stream Header set Content-Disposition attachment