Просмотр исходного кода

fix session API broken and SQL pretection

Unknwon лет назад: 9
Родитель
Сommit
0c5ba4573a
7 измененных файлов с 5 добавлено и 12 удалено
  1. 1 1
      cmd/web.go
  2. 0 4
      conf/app.ini
  3. 1 1
      gogs.go
  4. 1 1
      models/repo.go
  5. 1 1
      models/user.go
  6. 0 3
      modules/setting/setting.go
  7. 1 1
      templates/.VERSION

+ 1 - 1
cmd/web.go

@@ -72,7 +72,7 @@ func checkVersion() {
 		log.Fatal(4, "Package i18n version is too old, did you forget to update?(github.com/macaron-contrib/i18n)")
 	}
 	sessionVer := git.MustParseVersion(session.Version())
-	if sessionVer.LessThan(git.MustParseVersion("0.0.3")) {
+	if sessionVer.LessThan(git.MustParseVersion("0.0.5")) {
 		log.Fatal(4, "Package session version is too old, did you forget to update?(github.com/macaron-contrib/session)")
 	}
 }

+ 0 - 4
conf/app.ini

@@ -163,10 +163,6 @@ ENABLE_SET_COOKIE = true
 GC_INTERVAL_TIME = 86400
 ; Session life time, default is 86400
 SESSION_LIFE_TIME = 86400
-; session id hash func, Either "sha1", "sha256" or "md5" default is sha1
-SESSION_ID_HASHFUNC = sha1
-; Session hash key, default is use random string
-SESSION_ID_HASHKEY =
 
 [picture]
 ; The place to picture data, either "server" or "qiniu", default is "server"

+ 1 - 1
gogs.go

@@ -17,7 +17,7 @@ import (
 	"github.com/gogits/gogs/modules/setting"
 )
 
-const APP_VER = "0.5.6.1102 Beta"
+const APP_VER = "0.5.6.1104 Beta"
 
 func init() {
 	runtime.GOMAXPROCS(runtime.NumCPU())

+ 1 - 1
models/repo.go

@@ -1161,7 +1161,7 @@ func SearchRepositoryByName(opt SearchOption) (repos []*Repository, err error) {
 	if !opt.Private {
 		sess.And("is_private=false")
 	}
-	sess.And("lower_name like '%" + opt.Keyword + "%'").Find(&repos)
+	sess.And("lower_name like ?", "%"+opt.Keyword+"%").Find(&repos)
 	return repos, err
 }
 

+ 1 - 1
models/user.go

@@ -581,7 +581,7 @@ func SearchUserByName(opt SearchOption) (us []*User, err error) {
 	opt.Keyword = strings.ToLower(opt.Keyword)
 
 	us = make([]*User, 0, opt.Limit)
-	err = x.Limit(opt.Limit).Where("type=0").And("lower_name like '%" + opt.Keyword + "%'").Find(&us)
+	err = x.Limit(opt.Limit).Where("type=0").And("lower_name like ?", "%"+opt.Keyword+"%").Find(&us)
 	return us, err
 }
 

+ 0 - 3
modules/setting/setting.go

@@ -394,9 +394,6 @@ func newSessionService() {
 	SessionConfig.EnableSetCookie = Cfg.MustBool("session", "ENABLE_SET_COOKIE", true)
 	SessionConfig.Gclifetime = Cfg.MustInt64("session", "GC_INTERVAL_TIME", 86400)
 	SessionConfig.Maxlifetime = Cfg.MustInt64("session", "SESSION_LIFE_TIME", 86400)
-	SessionConfig.SessionIDHashFunc = Cfg.MustValueRange("session", "SESSION_ID_HASHFUNC",
-		"sha1", []string{"sha1", "sha256", "md5"})
-	SessionConfig.SessionIDHashKey = Cfg.MustValue("session", "SESSION_ID_HASHKEY", string(com.RandomCreateBytes(16)))
 
 	if SessionProvider == "file" {
 		os.MkdirAll(path.Dir(SessionConfig.ProviderConfig), os.ModePerm)

+ 1 - 1
templates/.VERSION

@@ -1 +1 @@
-0.5.6.1102 Beta
+0.5.6.1104 Beta