From 9cf6bac1a502d1418834f4f7619d40eb65378c60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= Date: Tue, 22 Jul 2014 18:01:27 +0200 Subject: fix to display the login successful message with the translation --- inc/poche/Poche.class.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'inc/poche/Poche.class.php') diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index 09a9f5ff..2b0c3bf8 100755 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php @@ -877,6 +877,14 @@ class Poche $longlastingsession = isset($_POST['longlastingsession']); $passwordTest = ($isauthenticated) ? $user['password'] : Tools::encodeString($password . $login); Session::login($user['username'], $user['password'], $login, $passwordTest, $longlastingsession, array('poche_user' => new User($user))); + + # reload l10n + $language = $user['config']['language']; + @putenv('LC_ALL=' . $language); + setlocale(LC_ALL, $language); + bindtextdomain($language, LOCALE); + textdomain($language); + $this->messages->add('s', _('welcome to your wallabag')); Tools::logm('login successful'); Tools::redirect($referer); -- cgit v1.2.3 From 7dd8b5026d0ae52fc5be001ee224aac72f3e7b25 Mon Sep 17 00:00:00 2001 From: Maryana Rozhankivska Date: Thu, 24 Jul 2014 16:48:41 +0300 Subject: security issue --- inc/poche/Poche.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'inc/poche/Poche.class.php') diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index a49413f2..098dd7c1 100755 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php @@ -750,8 +750,8 @@ class Poche die(sprintf(_('User with this id (%d) does not exist.'), $user_id)); } - if (!in_array($type, $allowed_types) || $token != $config['token']) { - die(_('Uh, there is a problem while generating feeds.')); + if (!in_array($type, $allowed_types) || !isset($config['token']) || $token != $config['token']) { + die(_('Uh, there is a problem while generating feed. Wrong token used?')); } $feed = new FeedWriter(RSS2); -- cgit v1.2.3 From dc764892213e8d1cb458621910aa8d0ce0a3eb7e Mon Sep 17 00:00:00 2001 From: Maryana Rozhankivska Date: Fri, 15 Aug 2014 19:22:55 +0300 Subject: minimum of control on server side added --- inc/poche/Poche.class.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'inc/poche/Poche.class.php') diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index 09a9f5ff..bcf2ddeb 100755 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php @@ -906,7 +906,7 @@ class Poche */ public function import() { - if ( isset($_FILES['file']) ) { + if ( isset($_FILES['file']) && $_FILES['file']['tmp_name'] ) { Tools::logm('Import stated: parsing file'); // assume, that file is in json format @@ -976,6 +976,9 @@ class Poche } Tools::logm('Import of articles finished: '.$i.' articles added (w/o content if not provided).'); } + else { + $this->messages->add('s', _('Did you forget to select a file?')); + } //file parsing finished here //now download article contents if any -- cgit v1.2.3