From 8c69f5ad0932a02566b912b7b7587ce793e0bfa4 Mon Sep 17 00:00:00 2001 From: Dmitriy Simushev Date: Fri, 27 Jan 2012 18:09:47 +0000 Subject: [PATCH 01/21] Fixed js bug with submit buttons in restore and reset password forms --- src/messenger/webim/view/resetpwd.php | 6 +++--- src/messenger/webim/view/restore.php | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/messenger/webim/view/resetpwd.php b/src/messenger/webim/view/resetpwd.php index cba0c0c3..16c92069 100644 --- a/src/messenger/webim/view/resetpwd.php +++ b/src/messenger/webim/view/resetpwd.php @@ -86,11 +86,11 @@ require_once('inc_errors.php');
- - -
+ + +
diff --git a/src/messenger/webim/view/restore.php b/src/messenger/webim/view/restore.php index b293bd0c..f13736f2 100644 --- a/src/messenger/webim/view/restore.php +++ b/src/messenger/webim/view/restore.php @@ -74,11 +74,11 @@ require_once('inc_errors.php');
- - -
+ + +
From d0bd084d1c5a40e994351507044fae1edd77e5c3 Mon Sep 17 00:00:00 2001 From: Dmitriy Simushev Date: Fri, 2 Mar 2012 19:59:55 +0000 Subject: [PATCH 02/21] Fixed the Blue Screen in Google Chrome 17+ --- src/messenger/webim/js/164/common.js | 2 +- src/messenger/webim/js/source/common.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/messenger/webim/js/164/common.js b/src/messenger/webim/js/164/common.js index a1cb644b..28b2a6f2 100644 --- a/src/messenger/webim/js/164/common.js +++ b/src/messenger/webim/js/164/common.js @@ -22,4 +22,4 @@ document.getElementsBySelector=function(a){if(!document.getElementsByTagName)ret if(g!=null)for(var o=0;o
\ No newline at end of file From 323a7f2fcd03bbf6b089b493202f2fdbbf0beaae Mon Sep 17 00:00:00 2001 From: Dmitriy Simushev Date: Fri, 25 Nov 2011 21:00:22 +0000 Subject: [PATCH 04/21] Added closing threads by timeout --- src/messenger/webim/libs/chat.php | 24 ++++++++++++++++++-- src/messenger/webim/libs/common.php | 1 + src/messenger/webim/locales/en/properties | 3 +++ src/messenger/webim/locales/ru/properties | 3 +++ src/messenger/webim/operator/performance.php | 8 ++++++- src/messenger/webim/operator/update.php | 1 + src/messenger/webim/view/performance.php | 9 ++++++++ 7 files changed, 46 insertions(+), 3 deletions(-) diff --git a/src/messenger/webim/libs/chat.php b/src/messenger/webim/libs/chat.php index 7deb64f7..0fa2444d 100644 --- a/src/messenger/webim/libs/chat.php +++ b/src/messenger/webim/libs/chat.php @@ -552,6 +552,21 @@ function close_thread($thread, $isuser) mysql_close($link); } +function close_old_threads($link) +{ + global $state_closed, $state_left, $state_chatting, $mysqlprefix, $settings; + if ($settings['thread_lifetime'] == 0) { + return; + } + $next_revision = next_revision($link); + $query = "update ${mysqlprefix}chatthread set lrevision = $next_revision, dtmmodified = CURRENT_TIMESTAMP, istate = $state_closed " . + "where istate <> $state_closed and istate <> $state_left and " . + "(ABS(UNIX_TIMESTAMP(CURRENT_TIMESTAMP) - UNIX_TIMESTAMP(lastpinguser)) > " . $settings['thread_lifetime'] . " and " . + "ABS(UNIX_TIMESTAMP(CURRENT_TIMESTAMP) - UNIX_TIMESTAMP(lastpingagent)) > " . $settings['thread_lifetime'] . ")"; + + perform_query($query, $link); +} + function thread_by_id_($id, $link) { global $mysqlprefix; @@ -611,13 +626,18 @@ function do_take_thread($threadid, $operatorId, $operatorName) function reopen_thread($threadid) { - global $state_queue, $state_loading, $state_waiting, $state_chatting, $state_closed, $state_left, $kind_events; + global $state_queue, $state_loading, $state_waiting, $state_chatting, $state_closed, $state_left, $kind_events, $settings; $link = connect(); + $thread = thread_by_id_($threadid, $link); if (!$thread) return FALSE; + if ($settings['thread_lifetime'] != 0 && abs($thread['lpuser'] - time()) > $settings['thread_lifetime'] && abs($thread['lpagent'] - time()) > $settings['thread_lifetime']) { + return FALSE; + } + if ($thread['istate'] == $state_closed || $thread['istate'] == $state_left) return FALSE; @@ -737,4 +757,4 @@ function get_remote_host() return isset($_SERVER['REMOTE_HOST']) ? $_SERVER['REMOTE_HOST'] : $extAddr; } -?> \ No newline at end of file +?> diff --git a/src/messenger/webim/libs/common.php b/src/messenger/webim/libs/common.php index 75a52e69..33070f91 100644 --- a/src/messenger/webim/libs/common.php +++ b/src/messenger/webim/libs/common.php @@ -615,6 +615,7 @@ $settings = array( 'geolinkparams' => 'width=440,height=100,toolbar=0,scrollbars=0,location=0,status=1,menubar=0,resizable=1', 'max_uploaded_file_size' => 100000, 'max_connections_from_one_host' => 10, + 'thread_lifetime' => 600, 'email' => '', /* inbox for left messages */ 'left_messages_locale' => $home_locale, diff --git a/src/messenger/webim/locales/en/properties b/src/messenger/webim/locales/en/properties index cf876ca2..168ce502 100644 --- a/src/messenger/webim/locales/en/properties +++ b/src/messenger/webim/locales/en/properties @@ -468,12 +468,15 @@ settings.survey.askmail=Ask for visitor's email settings.survey.askmessage.description=Show/hide initial question field in the survey settings.survey.askmessage=Show initial question field settings.title=Messenger settings +settings.threadlifetime.description=Specify the lifetime of the thread after closing the dialog box in seconds. Default is 600 seconds. Set 0 for unlimited thread lifetime. +settings.threadlifetime=Thread lifetime settings.usercanchangename.description=Turn off to hide edit box from chat window settings.usercanchangename=Allows users to change their names settings.usernamepattern.description=How to build visitor's identifying string from {name}, {id} or {addr}. Default: {name} settings.usernamepattern=Visitor's identifier settings.wrong.email=Enter a valid email address settings.wrong.onehostconnections="Max number of threads" field should be a number +settings.wrong.threadlifetime="Thread lifetime" field should be a number site.title=mibew.org site.url=http://mibew.org statistics.dates=Select dates diff --git a/src/messenger/webim/locales/ru/properties b/src/messenger/webim/locales/ru/properties index 677c4d6e..e4578748 100644 --- a/src/messenger/webim/locales/ru/properties +++ b/src/messenger/webim/locales/ru/properties @@ -458,12 +458,15 @@ settings.survey.askmail= settings.survey.askmessage.description=Показать/спрятать поле ввода первого вопроса settings.survey.askmessage=Предлагать сразу же задать вопрос settings.title=Настройки мессенджера +settings.threadlifetime.description=Укажите время жизни диалога после закрытия диалогового окна в секундах. По умолчанию, 600 секунд. Укажите 0 для снятия ограничения. +settings.threadlifetime=Время жизни диалога settings.usercanchangename.description=Возможность убрать поле смены имени из чат окна settings.usercanchangename=Разрешать посетителям менять имена settings.usernamepattern.description=Укажите как отобразить имя посетителя операторам. Можно использовать {name}, {id} и {addr}. По умолчанию: {name} settings.usernamepattern=Отображаемое имя посетителя settings.wrong.email=Введите правильный адрес электронной почты settings.wrong.onehostconnections=Поле "Максимальное количество диалогов" должно быть числом +settings.wrong.threadlifetime=Поле "Время жизни диалога" должно быть числом site.title=mibew.org site.url=http://mibew.org statistics.dates=Выберите даты diff --git a/src/messenger/webim/operator/performance.php b/src/messenger/webim/operator/performance.php index 31d52bba..ad8908d2 100644 --- a/src/messenger/webim/operator/performance.php +++ b/src/messenger/webim/operator/performance.php @@ -30,7 +30,7 @@ $errors = array(); $options = array( 'online_timeout', 'updatefrequency_operator', 'updatefrequency_chat', - 'updatefrequency_oldchat', 'max_connections_from_one_host'); + 'updatefrequency_oldchat', 'max_connections_from_one_host', 'thread_lifetime'); loadsettings(); $params = array(); @@ -64,6 +64,11 @@ if (isset($_POST['onlinetimeout'])) { $errors[] = getlocal("settings.wrong.onehostconnections"); } + $params['thread_lifetime'] = getparam('threadlifetime'); + if (!is_numeric($params['thread_lifetime'])) { + $errors[] = getlocal("settings.wrong.threadlifetime"); + } + if (count($errors) == 0) { foreach ($options as $opt) { $settings[$opt] = $params[$opt]; @@ -78,6 +83,7 @@ $page['formonlinetimeout'] = $params['online_timeout']; $page['formfrequencyoperator'] = $params['updatefrequency_operator']; $page['formfrequencychat'] = $params['updatefrequency_chat']; $page['formfrequencyoldchat'] = $params['updatefrequency_oldchat']; +$page['formthreadlifetime'] = $params['thread_lifetime']; $page['formonehostconnections'] = $params['max_connections_from_one_host']; $page['stored'] = isset($_GET['stored']); diff --git a/src/messenger/webim/operator/update.php b/src/messenger/webim/operator/update.php index e6a9a3bc..eef45ed5 100644 --- a/src/messenger/webim/operator/update.php +++ b/src/messenger/webim/operator/update.php @@ -177,6 +177,7 @@ loadsettings_($link); if (!isset($_SESSION["${mysqlprefix}operatorgroups"])) { $_SESSION["${mysqlprefix}operatorgroups"] = get_operator_groupslist($operator['operatorid'], $link); } +close_old_threads($link); mysql_close($link); $groupids = $_SESSION["${mysqlprefix}operatorgroups"]; diff --git a/src/messenger/webim/view/performance.php b/src/messenger/webim/view/performance.php index 51f2a32e..fa9513bc 100644 --- a/src/messenger/webim/view/performance.php +++ b/src/messenger/webim/view/performance.php @@ -90,6 +90,15 @@ require_once('inc_errors.php');
+
+
+
+ +
+
+
+
+
From 4bb79cb7cbaa851bbcb132a928827861849a251a Mon Sep 17 00:00:00 2001 From: "Fedor A. Fetisov" Date: Tue, 24 Jan 2012 16:40:11 +0400 Subject: [PATCH 05/21] Fix bug in old threads cleansing --- src/messenger/webim/libs/chat.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/messenger/webim/libs/chat.php b/src/messenger/webim/libs/chat.php index 0fa2444d..a74440b2 100644 --- a/src/messenger/webim/libs/chat.php +++ b/src/messenger/webim/libs/chat.php @@ -560,7 +560,7 @@ function close_old_threads($link) } $next_revision = next_revision($link); $query = "update ${mysqlprefix}chatthread set lrevision = $next_revision, dtmmodified = CURRENT_TIMESTAMP, istate = $state_closed " . - "where istate <> $state_closed and istate <> $state_left and " . + "where istate <> $state_closed and istate <> $state_left and lastpingagent <> 0 and lastpinguser <> 0 and " . "(ABS(UNIX_TIMESTAMP(CURRENT_TIMESTAMP) - UNIX_TIMESTAMP(lastpinguser)) > " . $settings['thread_lifetime'] . " and " . "ABS(UNIX_TIMESTAMP(CURRENT_TIMESTAMP) - UNIX_TIMESTAMP(lastpingagent)) > " . $settings['thread_lifetime'] . ")"; From 7b35045f063e6c4fc96a04786646c7f748c3b3ad Mon Sep 17 00:00:00 2001 From: Dmitriy Simushev Date: Wed, 18 Jan 2012 10:11:49 +0000 Subject: [PATCH 06/21] Fixed the bug related with the need to enter passwords when you change the profile of any operator. --- src/messenger/webim/operator/operator.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/messenger/webim/operator/operator.php b/src/messenger/webim/operator/operator.php index 00413716..1304fcd3 100644 --- a/src/messenger/webim/operator/operator.php +++ b/src/messenger/webim/operator/operator.php @@ -78,7 +78,7 @@ if (isset($_POST['login']) && isset($_POST['password'])) { } else { update_operator($opId, $login, $email, $password, $localname, $commonname); // update the session password - if (isset($password) && $opId == $operator['operatorid']) { + if (!empty($password) && $opId == $operator['operatorid']) { $toDashboard = $operator['vcpassword'] == md5('') && $password != ''; $_SESSION["${mysqlprefix}operator"]['vcpassword'] = md5($password); if($toDashboard) { From 1ab3efb86f597af4a202c2634a3ed122d617c6fb Mon Sep 17 00:00:00 2001 From: Evgeny Gryaznov Date: Wed, 14 Mar 2012 22:18:54 +0100 Subject: [PATCH 07/21] login & reset password pages: default value for login where possible; update ru --- src/messenger/webim/default.css | 4 ++-- src/messenger/webim/install/index.php | 2 +- src/messenger/webim/locales/ru/properties | 12 +++++++++++- src/messenger/webim/operator/login.php | 4 ++++ src/messenger/webim/operator/resetpwd.php | 1 + src/messenger/webim/view/resetpwd.php | 2 +- 6 files changed, 20 insertions(+), 5 deletions(-) diff --git a/src/messenger/webim/default.css b/src/messenger/webim/default.css index da66fc0a..16f1a044 100644 --- a/src/messenger/webim/default.css +++ b/src/messenger/webim/default.css @@ -315,7 +315,7 @@ div.errinfo { .fleftlabel { float: left; - width: 100px; + width: 11em; } .flabel span.required { @@ -863,7 +863,7 @@ table.awaiting td.visitor { .lrtl .fleftlabel { float: right; - width: 100px; + width: 11em; } .lrtl .fdescr { diff --git a/src/messenger/webim/install/index.php b/src/messenger/webim/install/index.php index 13e84e40..d31107b1 100644 --- a/src/messenger/webim/install/index.php +++ b/src/messenger/webim/install/index.php @@ -297,7 +297,7 @@ function check_status() if (!check_admin($link)) { $page['nextstep'] = getlocal("installed.login_link"); $page['nextnotice'] = getlocal2("installed.notice", array("${webimroot}/install/")); - $page['nextstepurl'] = "$webimroot/"; + $page['nextstepurl'] = "$webimroot/operator/login.php?login=admin"; } $page['show_small_login'] = true; diff --git a/src/messenger/webim/locales/ru/properties b/src/messenger/webim/locales/ru/properties index e4578748..62ef1325 100644 --- a/src/messenger/webim/locales/ru/properties +++ b/src/messenger/webim/locales/ru/properties @@ -111,6 +111,8 @@ content.logoff= data.saved=Изменения сохранены demo.chat.question=Посоветуйте мне, пожалуйста, хороший браузер? demo.chat.welcome=Здравствуйте! Чем я могу Вам помочь? +error.no_password.visit_profile=Посетите свой Профиль. +error.no_password=Вы вошли в первый раз с пустым паролем. Из соображений безопасности выберите новый пароль. errors.captcha=Введенные символы не соответствуют изображению. errors.failed.uploading.file=Ошибка выгрузки файла "{0}": {1}. errors.file.move.error=Ошибка копирования файла @@ -393,9 +395,17 @@ report.byoperator.4= report.byoperator.title=Статистика по операторам report.no_items=Мало данных report.total=Итого: +resetpwd.changed.title=Ваш пароль был изменен. +resetpwd.changed=Войдите в систему, используя ваш новый пароль. +resetpwd.intro=Пожалуйста, выберите пароль для использования в вашей учетной записи. +resetpwd.login=Войти в систему +resetpwd.submit=Изменить +resetpwd.title=Изменение вашего пароля restore.back_to_login=Вернуться на главную restore.emailorlogin=Логин или E-Mail: restore.intro=Из соображений безопасности мы не высылаем текущий пароль, но вы можете заменить его на новый, воспользовавшись ссылкой из письма. +restore.mailsubj=Сброс вашего пароля от Mibew +restore.mailtext=Здравствуйте, {0}\n\nПожалуйста перейдите по ссылке, расположенной ниже, или скопируйте URL в адресную строку вашего браузера:\n{1}\n\nЭто позволит вам выбрать другой пароль.\n\nС уважением,\nMibew restore.pwd.message=Забыли пароль? restore.sent.title=Запрос на смену пароля restore.sent=Мы отправили инструкции по смене пароля на ваш почтовый адрес. Проверьте ваш почтовый ящик! @@ -457,9 +467,9 @@ settings.survey.askmail.description= settings.survey.askmail=Спрашивать e-mail адрес settings.survey.askmessage.description=Показать/спрятать поле ввода первого вопроса settings.survey.askmessage=Предлагать сразу же задать вопрос -settings.title=Настройки мессенджера settings.threadlifetime.description=Укажите время жизни диалога после закрытия диалогового окна в секундах. По умолчанию, 600 секунд. Укажите 0 для снятия ограничения. settings.threadlifetime=Время жизни диалога +settings.title=Настройки мессенджера settings.usercanchangename.description=Возможность убрать поле смены имени из чат окна settings.usercanchangename=Разрешать посетителям менять имена settings.usernamepattern.description=Укажите как отобразить имя посетителя операторам. Можно использовать {name}, {id} и {addr}. По умолчанию: {name} diff --git a/src/messenger/webim/operator/login.php b/src/messenger/webim/operator/login.php index df202de5..01e42ed9 100644 --- a/src/messenger/webim/operator/login.php +++ b/src/messenger/webim/operator/login.php @@ -46,6 +46,10 @@ if (isset($_POST['login']) && isset($_POST['password'])) { $errors[] = getlocal("page_login.error"); $page['formlogin'] = $login; } +} else if(isset($_GET['login'])) { + $login = getgetparam('login'); + if (preg_match("/^(\w{1,15})$/", $login)) + $page['formlogin'] = $login; } $page['localeLinks'] = get_locale_links("$webimroot/operator/login.php"); diff --git a/src/messenger/webim/operator/resetpwd.php b/src/messenger/webim/operator/resetpwd.php index 285f909e..69853a36 100644 --- a/src/messenger/webim/operator/resetpwd.php +++ b/src/messenger/webim/operator/resetpwd.php @@ -57,6 +57,7 @@ if (count($errors) == 0 && isset($_POST['password'])) { perform_query($query, $link); mysql_close($link); + $page['loginname'] = $operator['vclogin']; start_html_output(); require('../view/resetpwd.php'); exit; diff --git a/src/messenger/webim/view/resetpwd.php b/src/messenger/webim/view/resetpwd.php index 16c92069..c7fc9996 100644 --- a/src/messenger/webim/view/resetpwd.php +++ b/src/messenger/webim/view/resetpwd.php @@ -41,7 +41,7 @@ function tpl_content() {

- + From b84b439358a781cc11025e0c88ea1db8327360a2 Mon Sep 17 00:00:00 2001 From: YuFei Zhu Date: Mon, 30 Apr 2012 16:41:55 +0100 Subject: [PATCH 08/21] having token checks on POST forms --- src/messenger/webim/libs/common.php | 22 ++++++++++++++++++- .../webim/libs/operator_settings.php | 2 +- src/messenger/webim/operator/cannededit.php | 4 +++- src/messenger/webim/operator/operator.php | 2 ++ src/messenger/webim/operator/settings.php | 4 +++- src/messenger/webim/view/agent.php | 6 ++++- src/messenger/webim/view/cannededit.php | 6 ++++- src/messenger/webim/view/settings.php | 5 ++++- 8 files changed, 44 insertions(+), 7 deletions(-) diff --git a/src/messenger/webim/libs/common.php b/src/messenger/webim/libs/common.php index 33070f91..4c934032 100644 --- a/src/messenger/webim/libs/common.php +++ b/src/messenger/webim/libs/common.php @@ -688,4 +688,24 @@ function jspath() return "js/$jsver"; } -?> \ No newline at end of file +/* authorization token check for CSRF attack */ +function csrfchecktoken(){ + if(!isset($_SESSION['csrf_token'])){ + $_SESSION['csrf_token']=sha1(rand(10000000,99999999)); + } + // check the turing code + if ($_SERVER['REQUEST_METHOD'] == 'POST'){ + //if token match + if(!isset($_POST['csrf_token']) || ($_POST['csrf_token'] != $_SESSION['csrf_token'])){ + + die("CSRF failure"); + } + } +} + +/* print csrf token as a hidden field*/ +function print_csrf_token_input(){ + echo ""; +} + +?> diff --git a/src/messenger/webim/libs/operator_settings.php b/src/messenger/webim/libs/operator_settings.php index edf112d7..252f508c 100644 --- a/src/messenger/webim/libs/operator_settings.php +++ b/src/messenger/webim/libs/operator_settings.php @@ -44,4 +44,4 @@ function setup_operator_settings_tabs($opId, $active) } } -?> \ No newline at end of file +?> diff --git a/src/messenger/webim/operator/cannededit.php b/src/messenger/webim/operator/cannededit.php index 6d208aff..e375ac3b 100644 --- a/src/messenger/webim/operator/cannededit.php +++ b/src/messenger/webim/operator/cannededit.php @@ -23,6 +23,8 @@ require_once('../libs/common.php'); require_once('../libs/operator.php'); require_once('../libs/pagination.php'); +csrfchecktoken(); + function load_message($key) { global $mysqlprefix; @@ -101,4 +103,4 @@ prepare_menu($operator, false); start_html_output(); require('../view/cannededit.php'); exit; -?> \ No newline at end of file +?> diff --git a/src/messenger/webim/operator/operator.php b/src/messenger/webim/operator/operator.php index 1304fcd3..693b61df 100644 --- a/src/messenger/webim/operator/operator.php +++ b/src/messenger/webim/operator/operator.php @@ -23,6 +23,8 @@ require_once('../libs/common.php'); require_once('../libs/operator.php'); require_once('../libs/operator_settings.php'); +csrfchecktoken(); + $operator = check_login(); $page = array('opid' => ''); diff --git a/src/messenger/webim/operator/settings.php b/src/messenger/webim/operator/settings.php index 77025774..e8816825 100644 --- a/src/messenger/webim/operator/settings.php +++ b/src/messenger/webim/operator/settings.php @@ -23,6 +23,8 @@ require_once('../libs/common.php'); require_once('../libs/operator.php'); require_once('../libs/settings.php'); +csrfchecktoken(); + $operator = check_login(); $page = array('agentId' => ''); @@ -104,4 +106,4 @@ prepare_menu($operator); setup_settings_tabs(0); start_html_output(); require('../view/settings.php'); -?> \ No newline at end of file +?> diff --git a/src/messenger/webim/view/agent.php b/src/messenger/webim/view/agent.php index 23912f81..f0bb10c7 100644 --- a/src/messenger/webim/view/agent.php +++ b/src/messenger/webim/view/agent.php @@ -50,6 +50,10 @@ require_once('inc_errors.php');
+ + + +
@@ -130,4 +134,4 @@ require_once('inc_errors.php'); } /* content */ require_once('inc_main.php'); -?> \ No newline at end of file +?> diff --git a/src/messenger/webim/view/cannededit.php b/src/messenger/webim/view/cannededit.php index f77b79dc..11b3c091 100644 --- a/src/messenger/webim/view/cannededit.php +++ b/src/messenger/webim/view/cannededit.php @@ -44,6 +44,10 @@ require_once('inc_errors.php'); ?> + + + + @@ -73,4 +77,4 @@ require_once('inc_errors.php'); } /* content */ require_once('inc_main.php'); -?> \ No newline at end of file +?> diff --git a/src/messenger/webim/view/settings.php b/src/messenger/webim/view/settings.php index 06611de0..d6f150bf 100644 --- a/src/messenger/webim/view/settings.php +++ b/src/messenger/webim/view/settings.php @@ -40,6 +40,9 @@ require_once('inc_errors.php'); + + +
@@ -155,4 +158,4 @@ require_once('inc_errors.php'); } /* content */ require_once('inc_main.php'); -?> \ No newline at end of file +?> From 8abf075e2f8dbf044b9f5bb98bc27f0e1c61dca4 Mon Sep 17 00:00:00 2001 From: YuFei Zhu Date: Mon, 30 Apr 2012 17:09:11 +0100 Subject: [PATCH 09/21] enable act=del url check for auth tokens for csrf attacks --- src/messenger/webim/libs/common.php | 24 +++++++++++++++------- src/messenger/webim/operator/operators.php | 2 ++ src/messenger/webim/view/agents.php | 4 ++-- 3 files changed, 21 insertions(+), 9 deletions(-) diff --git a/src/messenger/webim/libs/common.php b/src/messenger/webim/libs/common.php index 4c934032..f91fde5e 100644 --- a/src/messenger/webim/libs/common.php +++ b/src/messenger/webim/libs/common.php @@ -690,17 +690,22 @@ function jspath() /* authorization token check for CSRF attack */ function csrfchecktoken(){ + /* if auth token not set, set it now */ if(!isset($_SESSION['csrf_token'])){ $_SESSION['csrf_token']=sha1(rand(10000000,99999999)); - } - // check the turing code - if ($_SERVER['REQUEST_METHOD'] == 'POST'){ - //if token match - if(!isset($_POST['csrf_token']) || ($_POST['csrf_token'] != $_SESSION['csrf_token'])){ + } - die("CSRF failure"); - } + // check the turing code for post requests and del requests + if ($_SERVER['REQUEST_METHOD'] == 'POST'){ + //if token match + if(!isset($_POST['csrf_token']) || ($_POST['csrf_token'] != $_SESSION['csrf_token'])){ + + die("CSRF failure"); } + } else if($_GET['act'] == 'del' && $_GET['csrf_token'] != $_SESSION['csrf_token']){ + + die("CSRF failure"); + } } /* print csrf token as a hidden field*/ @@ -708,4 +713,9 @@ function print_csrf_token_input(){ echo ""; } +/* print csrf token in url format */ +function print_csrf_token_in_url(){ + echo "&csrf_token=".$_SESSION['csrf_token']; +} + ?> diff --git a/src/messenger/webim/operator/operators.php b/src/messenger/webim/operator/operators.php index b73d976f..d725b220 100644 --- a/src/messenger/webim/operator/operators.php +++ b/src/messenger/webim/operator/operators.php @@ -22,6 +22,8 @@ require_once('../libs/common.php'); require_once('../libs/operator.php'); +csrfchecktoken(); + $operator = check_login(); if (isset($_GET['act']) && $_GET['act'] == 'del') { diff --git a/src/messenger/webim/view/agents.php b/src/messenger/webim/view/agents.php index b544f11b..add00d1a 100644 --- a/src/messenger/webim/view/agents.php +++ b/src/messenger/webim/view/agents.php @@ -86,7 +86,7 @@ require_once('inc_errors.php'); - + remove @@ -106,4 +106,4 @@ $('a.removelink').click(function(){ } /* content */ require_once('inc_main.php'); -?> \ No newline at end of file +?> From 092ebd16ba4ee135f89995cfaf1f60a6c0cabbc0 Mon Sep 17 00:00:00 2001 From: YuFei Zhu Date: Mon, 30 Apr 2012 17:14:44 +0100 Subject: [PATCH 10/21] added auth token for delete offline messages check for csrf --- src/messenger/webim/libs/common.php | 2 +- src/messenger/webim/operator/canned.php | 2 ++ src/messenger/webim/view/canned.php | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/messenger/webim/libs/common.php b/src/messenger/webim/libs/common.php index f91fde5e..f6cc16e5 100644 --- a/src/messenger/webim/libs/common.php +++ b/src/messenger/webim/libs/common.php @@ -702,7 +702,7 @@ function csrfchecktoken(){ die("CSRF failure"); } - } else if($_GET['act'] == 'del' && $_GET['csrf_token'] != $_SESSION['csrf_token']){ + } else if(($_GET['act'] == 'del' || $_GET['act'] == 'delete') && $_GET['csrf_token'] != $_SESSION['csrf_token']){ die("CSRF failure"); } diff --git a/src/messenger/webim/operator/canned.php b/src/messenger/webim/operator/canned.php index 9d9f7886..d326f032 100644 --- a/src/messenger/webim/operator/canned.php +++ b/src/messenger/webim/operator/canned.php @@ -25,6 +25,8 @@ require_once('../libs/settings.php'); require_once('../libs/groups.php'); require_once('../libs/pagination.php'); +csrfchecktoken(); + $operator = check_login(); loadsettings(); diff --git a/src/messenger/webim/view/canned.php b/src/messenger/webim/view/canned.php index 3863aac8..6caee93b 100644 --- a/src/messenger/webim/view/canned.php +++ b/src/messenger/webim/view/canned.php @@ -91,7 +91,7 @@ if( $page['pagination.items'] ) { , - &group="> + &group="> \ No newline at end of file +?> From e4be5385ca850b852e701d65eeeb6c87e17ea2f2 Mon Sep 17 00:00:00 2001 From: YuFei Zhu Date: Tue, 1 May 2012 12:58:05 +0100 Subject: [PATCH 11/21] add csrf token check to avatar upload --- src/messenger/webim/libs/common.php | 6 ++++-- src/messenger/webim/operator/avatar.php | 4 +++- src/messenger/webim/view/avatar.php | 3 ++- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/messenger/webim/libs/common.php b/src/messenger/webim/libs/common.php index f6cc16e5..a1138da7 100644 --- a/src/messenger/webim/libs/common.php +++ b/src/messenger/webim/libs/common.php @@ -702,9 +702,11 @@ function csrfchecktoken(){ die("CSRF failure"); } - } else if(($_GET['act'] == 'del' || $_GET['act'] == 'delete') && $_GET['csrf_token'] != $_SESSION['csrf_token']){ + } else if(isset($_GET['act'])){ + if(($_GET['act'] == 'del' || $_GET['act'] == 'delete') && $_GET['csrf_token'] != $_SESSION['csrf_token']){ - die("CSRF failure"); + die("CSRF failure"); + } } } diff --git a/src/messenger/webim/operator/avatar.php b/src/messenger/webim/operator/avatar.php index 9bb0545f..2479adac 100644 --- a/src/messenger/webim/operator/avatar.php +++ b/src/messenger/webim/operator/avatar.php @@ -23,6 +23,8 @@ require_once('../libs/common.php'); require_once('../libs/operator.php'); require_once('../libs/operator_settings.php'); +csrfchecktoken(); + $operator = check_login(); $opId = verifyparam("op", "/^\d{1,9}$/"); @@ -102,4 +104,4 @@ prepare_menu($operator); setup_operator_settings_tabs($opId, 1); start_html_output(); require('../view/avatar.php'); -?> \ No newline at end of file +?> diff --git a/src/messenger/webim/view/avatar.php b/src/messenger/webim/view/avatar.php index cf584b92..3219f8ce 100644 --- a/src/messenger/webim/view/avatar.php +++ b/src/messenger/webim/view/avatar.php @@ -36,6 +36,7 @@ require_once('inc_errors.php'); ?> +
@@ -97,4 +98,4 @@ require_once('inc_errors.php'); } /* content */ require_once('inc_main.php'); -?> \ No newline at end of file +?> From e3b8848f78419ad94203abd4f230a608ed5a4964 Mon Sep 17 00:00:00 2001 From: YuFei Zhu Date: Tue, 1 May 2012 13:02:34 +0100 Subject: [PATCH 12/21] update comment for avatar csrf, and add csrf token check to permission page --- src/messenger/webim/operator/permissions.php | 3 ++- src/messenger/webim/view/avatar.php | 3 +++ src/messenger/webim/view/permissions.php | 6 +++++- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/messenger/webim/operator/permissions.php b/src/messenger/webim/operator/permissions.php index 308f3957..bd2659e8 100644 --- a/src/messenger/webim/operator/permissions.php +++ b/src/messenger/webim/operator/permissions.php @@ -23,6 +23,7 @@ require_once('../libs/common.php'); require_once('../libs/operator.php'); require_once('../libs/operator_settings.php'); +csrfchecktoken(); $operator = check_login(); function update_operator_permissions($operatorid, $newvalue) @@ -89,4 +90,4 @@ prepare_menu($operator); setup_operator_settings_tabs($opId, 3); start_html_output(); require('../view/permissions.php'); -?> \ No newline at end of file +?> diff --git a/src/messenger/webim/view/avatar.php b/src/messenger/webim/view/avatar.php index 3219f8ce..b949f2f6 100644 --- a/src/messenger/webim/view/avatar.php +++ b/src/messenger/webim/view/avatar.php @@ -36,7 +36,10 @@ require_once('inc_errors.php'); ?> + + +
diff --git a/src/messenger/webim/view/permissions.php b/src/messenger/webim/view/permissions.php index 7c47ecc7..7bf433e8 100644 --- a/src/messenger/webim/view/permissions.php +++ b/src/messenger/webim/view/permissions.php @@ -39,6 +39,10 @@ require_once('inc_errors.php'); + + + +
@@ -67,4 +71,4 @@ require_once('inc_errors.php'); } /* content */ require_once('inc_main.php'); -?> \ No newline at end of file +?> From 7f8b2fca894440ed100305b1b229a770fa667f10 Mon Sep 17 00:00:00 2001 From: YuFei Zhu Date: Tue, 1 May 2012 13:18:42 +0100 Subject: [PATCH 13/21] update token methods to ensure csrf token is always get setted --- src/messenger/webim/libs/common.php | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/src/messenger/webim/libs/common.php b/src/messenger/webim/libs/common.php index a1138da7..ad5e1586 100644 --- a/src/messenger/webim/libs/common.php +++ b/src/messenger/webim/libs/common.php @@ -690,10 +690,7 @@ function jspath() /* authorization token check for CSRF attack */ function csrfchecktoken(){ - /* if auth token not set, set it now */ - if(!isset($_SESSION['csrf_token'])){ - $_SESSION['csrf_token']=sha1(rand(10000000,99999999)); - } + setcsrftoken(); // check the turing code for post requests and del requests if ($_SERVER['REQUEST_METHOD'] == 'POST'){ @@ -712,12 +709,23 @@ function csrfchecktoken(){ /* print csrf token as a hidden field*/ function print_csrf_token_input(){ + setcsrftoken(); + echo ""; } /* print csrf token in url format */ function print_csrf_token_in_url(){ + setcsrftoken(); + echo "&csrf_token=".$_SESSION['csrf_token']; } +/* set csrf token */ +function setcsrftoken(){ + if(!isset($_SESSION['csrf_token'])){ + $_SESSION['csrf_token']=sha1(rand(10000000,99999999)); + } +} + ?> From 22916ce8a076b9d8b91b71627dcf22c5bc52dd4d Mon Sep 17 00:00:00 2001 From: YuFei Zhu Date: Tue, 1 May 2012 13:20:03 +0100 Subject: [PATCH 14/21] add csrf token to performance and features views --- src/messenger/webim/operator/features.php | 2 ++ src/messenger/webim/operator/performance.php | 4 +++- src/messenger/webim/view/features.php | 6 +++++- src/messenger/webim/view/performance.php | 5 ++++- 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/src/messenger/webim/operator/features.php b/src/messenger/webim/operator/features.php index ad193830..9c7fc9ac 100644 --- a/src/messenger/webim/operator/features.php +++ b/src/messenger/webim/operator/features.php @@ -23,6 +23,8 @@ require_once('../libs/common.php'); require_once('../libs/operator.php'); require_once('../libs/settings.php'); +csrfchecktoken(); + $operator = check_login(); $page = array('agentId' => ''); diff --git a/src/messenger/webim/operator/performance.php b/src/messenger/webim/operator/performance.php index ad8908d2..f2f48e8f 100644 --- a/src/messenger/webim/operator/performance.php +++ b/src/messenger/webim/operator/performance.php @@ -23,6 +23,8 @@ require_once('../libs/common.php'); require_once('../libs/operator.php'); require_once('../libs/settings.php'); +csrfchecktoken(); + $operator = check_login(); $page = array('agentId' => ''); @@ -91,4 +93,4 @@ prepare_menu($operator); setup_settings_tabs(2); start_html_output(); require('../view/performance.php'); -?> \ No newline at end of file +?> diff --git a/src/messenger/webim/view/features.php b/src/messenger/webim/view/features.php index 9b8361a4..48f1a1cd 100644 --- a/src/messenger/webim/view/features.php +++ b/src/messenger/webim/view/features.php @@ -73,6 +73,10 @@ require_once('inc_errors.php'); + + + +
@@ -211,4 +215,4 @@ require_once('inc_errors.php'); } /* content */ require_once('inc_main.php'); -?> \ No newline at end of file +?> diff --git a/src/messenger/webim/view/performance.php b/src/messenger/webim/view/performance.php index fa9513bc..5690c90c 100644 --- a/src/messenger/webim/view/performance.php +++ b/src/messenger/webim/view/performance.php @@ -40,6 +40,9 @@ require_once('inc_errors.php'); + + +
@@ -118,4 +121,4 @@ require_once('inc_errors.php'); } /* content */ require_once('inc_main.php'); -?> \ No newline at end of file +?> From 2d04bbe4eeceb55fbb2a823d0ae08723bed78b3f Mon Sep 17 00:00:00 2001 From: YuFei Zhu Date: Tue, 1 May 2012 13:21:49 +0100 Subject: [PATCH 15/21] add csrf token to translate view --- src/messenger/webim/operator/translate.php | 4 +++- src/messenger/webim/view/translate.php | 6 +++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/messenger/webim/operator/translate.php b/src/messenger/webim/operator/translate.php index 5e271ce6..368eb8fc 100644 --- a/src/messenger/webim/operator/translate.php +++ b/src/messenger/webim/operator/translate.php @@ -23,6 +23,8 @@ require_once('../libs/common.php'); require_once('../libs/operator.php'); require_once('../libs/pagination.php'); +csrfchecktoken(); + function compare_localization_by_l1($a, $b) { if ($a == $b) { @@ -230,4 +232,4 @@ $page['formshow'] = $show; prepare_menu($operator); start_html_output(); require('../view/translatelist.php'); -?> \ No newline at end of file +?> diff --git a/src/messenger/webim/view/translate.php b/src/messenger/webim/view/translate.php index e809459d..0b72c222 100644 --- a/src/messenger/webim/view/translate.php +++ b/src/messenger/webim/view/translate.php @@ -44,6 +44,10 @@ require_once('inc_errors.php'); ?> + + + +
@@ -77,4 +81,4 @@ require_once('inc_errors.php'); } /* content */ require_once('inc_main.php'); -?> \ No newline at end of file +?> From dd6632ffdf5beeb782dc301ac26f9e11a2b257c3 Mon Sep 17 00:00:00 2001 From: Evgeny Gryaznov Date: Wed, 27 Jun 2012 09:51:16 +0200 Subject: [PATCH 16/21] format the code; remove comments in the client code; move csrfchecktoken() right after check_login() --- src/messenger/webim/libs/common.php | 60 +++++++++++--------- src/messenger/webim/operator/avatar.php | 3 +- src/messenger/webim/operator/canned.php | 3 +- src/messenger/webim/operator/cannededit.php | 3 +- src/messenger/webim/operator/features.php | 3 +- src/messenger/webim/operator/operator.php | 3 +- src/messenger/webim/operator/operators.php | 3 +- src/messenger/webim/operator/performance.php | 3 +- src/messenger/webim/operator/permissions.php | 2 +- src/messenger/webim/operator/settings.php | 3 +- src/messenger/webim/operator/translate.php | 3 +- src/messenger/webim/view/agent.php | 3 - src/messenger/webim/view/avatar.php | 3 - src/messenger/webim/view/cannededit.php | 3 - src/messenger/webim/view/features.php | 3 - src/messenger/webim/view/performance.php | 3 - src/messenger/webim/view/permissions.php | 3 - src/messenger/webim/view/settings.php | 3 - src/messenger/webim/view/translate.php | 3 - 19 files changed, 42 insertions(+), 71 deletions(-) diff --git a/src/messenger/webim/libs/common.php b/src/messenger/webim/libs/common.php index ad5e1586..4e8fa8b8 100644 --- a/src/messenger/webim/libs/common.php +++ b/src/messenger/webim/libs/common.php @@ -349,7 +349,7 @@ function connect() die('Mysql extension is not loaded'); } $link = @mysql_connect($mysqlhost, $mysqllogin, $mysqlpass) - or die('Could not connect: ' . mysql_error()); + or die('Could not connect: ' . mysql_error()); mysql_select_db($mysqldb, $link) or die('Could not select database'); if ($force_charset_in_connection) { mysql_query("SET NAMES '$dbencoding'", $link); @@ -392,7 +392,7 @@ function db_build_select($fields, $table, $conditions, $orderandgroup) function db_rows_count($table, $conditions, $countfields, $link) { $result = mysql_query(db_build_select("count(" . ($countfields ? $countfields : "*") . ")", $table, $conditions, ""), $link) - or die(' Count query failed: ' . mysql_error($link)); + or die(' Count query failed: ' . mysql_error($link)); $line = mysql_fetch_array($result, MYSQL_NUM); mysql_free_result($result); return $line[0]; @@ -454,7 +454,7 @@ function no_field($key) function failed_uploading_file($filename, $key) { return getlocal2("errors.failed.uploading.file", - array($filename, getlocal($key))); + array($filename, getlocal($key))); } function wrong_field($key) @@ -689,43 +689,47 @@ function jspath() } /* authorization token check for CSRF attack */ -function csrfchecktoken(){ - setcsrftoken(); +function csrfchecktoken() +{ + setcsrftoken(); - // check the turing code for post requests and del requests - if ($_SERVER['REQUEST_METHOD'] == 'POST'){ - //if token match - if(!isset($_POST['csrf_token']) || ($_POST['csrf_token'] != $_SESSION['csrf_token'])){ + // check the turing code for post requests and del requests + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + //if token match + if (!isset($_POST['csrf_token']) || ($_POST['csrf_token'] != $_SESSION['csrf_token'])) { - die("CSRF failure"); - } - } else if(isset($_GET['act'])){ - if(($_GET['act'] == 'del' || $_GET['act'] == 'delete') && $_GET['csrf_token'] != $_SESSION['csrf_token']){ - - die("CSRF failure"); - } - } + die("CSRF failure"); + } + } else if (isset($_GET['act'])) { + if (($_GET['act'] == 'del' || $_GET['act'] == 'delete') && $_GET['csrf_token'] != $_SESSION['csrf_token']) { + + die("CSRF failure"); + } + } } /* print csrf token as a hidden field*/ -function print_csrf_token_input(){ - setcsrftoken(); +function print_csrf_token_input() +{ + setcsrftoken(); - echo ""; + echo ""; } /* print csrf token in url format */ -function print_csrf_token_in_url(){ - setcsrftoken(); - - echo "&csrf_token=".$_SESSION['csrf_token']; +function print_csrf_token_in_url() +{ + setcsrftoken(); + + echo "&csrf_token=" . $_SESSION['csrf_token']; } /* set csrf token */ -function setcsrftoken(){ - if(!isset($_SESSION['csrf_token'])){ - $_SESSION['csrf_token']=sha1(rand(10000000,99999999)); - } +function setcsrftoken() +{ + if (!isset($_SESSION['csrf_token'])) { + $_SESSION['csrf_token'] = sha1(rand(10000000, 99999999)); + } } ?> diff --git a/src/messenger/webim/operator/avatar.php b/src/messenger/webim/operator/avatar.php index 2479adac..26f062b5 100644 --- a/src/messenger/webim/operator/avatar.php +++ b/src/messenger/webim/operator/avatar.php @@ -23,9 +23,8 @@ require_once('../libs/common.php'); require_once('../libs/operator.php'); require_once('../libs/operator_settings.php'); -csrfchecktoken(); - $operator = check_login(); +csrfchecktoken(); $opId = verifyparam("op", "/^\d{1,9}$/"); $page = array('opid' => $opId, 'avatar' => ''); diff --git a/src/messenger/webim/operator/canned.php b/src/messenger/webim/operator/canned.php index d326f032..48fd0367 100644 --- a/src/messenger/webim/operator/canned.php +++ b/src/messenger/webim/operator/canned.php @@ -25,9 +25,8 @@ require_once('../libs/settings.php'); require_once('../libs/groups.php'); require_once('../libs/pagination.php'); -csrfchecktoken(); - $operator = check_login(); +csrfchecktoken(); loadsettings(); $errors = array(); diff --git a/src/messenger/webim/operator/cannededit.php b/src/messenger/webim/operator/cannededit.php index e375ac3b..911e8624 100644 --- a/src/messenger/webim/operator/cannededit.php +++ b/src/messenger/webim/operator/cannededit.php @@ -23,8 +23,6 @@ require_once('../libs/common.php'); require_once('../libs/operator.php'); require_once('../libs/pagination.php'); -csrfchecktoken(); - function load_message($key) { global $mysqlprefix; @@ -54,6 +52,7 @@ function add_message($locale, $groupid, $message) } $operator = check_login(); +csrfchecktoken(); loadsettings(); $stringid = verifyparam("key", "/^\d{0,9}$/", ""); diff --git a/src/messenger/webim/operator/features.php b/src/messenger/webim/operator/features.php index 9c7fc9ac..2f33a337 100644 --- a/src/messenger/webim/operator/features.php +++ b/src/messenger/webim/operator/features.php @@ -23,9 +23,8 @@ require_once('../libs/common.php'); require_once('../libs/operator.php'); require_once('../libs/settings.php'); -csrfchecktoken(); - $operator = check_login(); +csrfchecktoken(); $page = array('agentId' => ''); $errors = array(); diff --git a/src/messenger/webim/operator/operator.php b/src/messenger/webim/operator/operator.php index 693b61df..dcf8b824 100644 --- a/src/messenger/webim/operator/operator.php +++ b/src/messenger/webim/operator/operator.php @@ -23,9 +23,8 @@ require_once('../libs/common.php'); require_once('../libs/operator.php'); require_once('../libs/operator_settings.php'); -csrfchecktoken(); - $operator = check_login(); +csrfchecktoken(); $page = array('opid' => ''); $errors = array(); diff --git a/src/messenger/webim/operator/operators.php b/src/messenger/webim/operator/operators.php index d725b220..b0c35ccd 100644 --- a/src/messenger/webim/operator/operators.php +++ b/src/messenger/webim/operator/operators.php @@ -22,9 +22,8 @@ require_once('../libs/common.php'); require_once('../libs/operator.php'); -csrfchecktoken(); - $operator = check_login(); +csrfchecktoken(); if (isset($_GET['act']) && $_GET['act'] == 'del') { $operatorid = isset($_GET['id']) ? $_GET['id'] : ""; diff --git a/src/messenger/webim/operator/performance.php b/src/messenger/webim/operator/performance.php index f2f48e8f..f1bb5d1b 100644 --- a/src/messenger/webim/operator/performance.php +++ b/src/messenger/webim/operator/performance.php @@ -23,9 +23,8 @@ require_once('../libs/common.php'); require_once('../libs/operator.php'); require_once('../libs/settings.php'); -csrfchecktoken(); - $operator = check_login(); +csrfchecktoken(); $page = array('agentId' => ''); $errors = array(); diff --git a/src/messenger/webim/operator/permissions.php b/src/messenger/webim/operator/permissions.php index bd2659e8..00a3ba44 100644 --- a/src/messenger/webim/operator/permissions.php +++ b/src/messenger/webim/operator/permissions.php @@ -23,8 +23,8 @@ require_once('../libs/common.php'); require_once('../libs/operator.php'); require_once('../libs/operator_settings.php'); -csrfchecktoken(); $operator = check_login(); +csrfchecktoken(); function update_operator_permissions($operatorid, $newvalue) { diff --git a/src/messenger/webim/operator/settings.php b/src/messenger/webim/operator/settings.php index e8816825..38ca462e 100644 --- a/src/messenger/webim/operator/settings.php +++ b/src/messenger/webim/operator/settings.php @@ -23,9 +23,8 @@ require_once('../libs/common.php'); require_once('../libs/operator.php'); require_once('../libs/settings.php'); -csrfchecktoken(); - $operator = check_login(); +csrfchecktoken(); $page = array('agentId' => ''); $errors = array(); diff --git a/src/messenger/webim/operator/translate.php b/src/messenger/webim/operator/translate.php index 368eb8fc..391ff528 100644 --- a/src/messenger/webim/operator/translate.php +++ b/src/messenger/webim/operator/translate.php @@ -23,8 +23,6 @@ require_once('../libs/common.php'); require_once('../libs/operator.php'); require_once('../libs/pagination.php'); -csrfchecktoken(); - function compare_localization_by_l1($a, $b) { if ($a == $b) { @@ -121,6 +119,7 @@ function get_auxiliary($s) } $operator = check_login(); +csrfchecktoken(); $source = verifyparam("source", "/^[\w-]{2,5}$/", $default_locale); $target = verifyparam("target", "/^[\w-]{2,5}$/", $current_locale); diff --git a/src/messenger/webim/view/agent.php b/src/messenger/webim/view/agent.php index f0bb10c7..002cd5ec 100644 --- a/src/messenger/webim/view/agent.php +++ b/src/messenger/webim/view/agent.php @@ -50,10 +50,7 @@ require_once('inc_errors.php'); - - -
diff --git a/src/messenger/webim/view/avatar.php b/src/messenger/webim/view/avatar.php index b949f2f6..3219f8ce 100644 --- a/src/messenger/webim/view/avatar.php +++ b/src/messenger/webim/view/avatar.php @@ -36,10 +36,7 @@ require_once('inc_errors.php'); ?> - - -
diff --git a/src/messenger/webim/view/cannededit.php b/src/messenger/webim/view/cannededit.php index 11b3c091..7bc487d5 100644 --- a/src/messenger/webim/view/cannededit.php +++ b/src/messenger/webim/view/cannededit.php @@ -44,10 +44,7 @@ require_once('inc_errors.php'); ?> - - - diff --git a/src/messenger/webim/view/features.php b/src/messenger/webim/view/features.php index 48f1a1cd..372149be 100644 --- a/src/messenger/webim/view/features.php +++ b/src/messenger/webim/view/features.php @@ -73,10 +73,7 @@ require_once('inc_errors.php'); - - -
diff --git a/src/messenger/webim/view/performance.php b/src/messenger/webim/view/performance.php index 5690c90c..0773945c 100644 --- a/src/messenger/webim/view/performance.php +++ b/src/messenger/webim/view/performance.php @@ -39,10 +39,7 @@ require_once('inc_errors.php'); - - -
diff --git a/src/messenger/webim/view/permissions.php b/src/messenger/webim/view/permissions.php index 7bf433e8..4920e3a2 100644 --- a/src/messenger/webim/view/permissions.php +++ b/src/messenger/webim/view/permissions.php @@ -39,10 +39,7 @@ require_once('inc_errors.php'); - - -
diff --git a/src/messenger/webim/view/settings.php b/src/messenger/webim/view/settings.php index d6f150bf..7f2e27b4 100644 --- a/src/messenger/webim/view/settings.php +++ b/src/messenger/webim/view/settings.php @@ -39,10 +39,7 @@ require_once('inc_errors.php'); - - -
diff --git a/src/messenger/webim/view/translate.php b/src/messenger/webim/view/translate.php index 0b72c222..9d62f4e0 100644 --- a/src/messenger/webim/view/translate.php +++ b/src/messenger/webim/view/translate.php @@ -44,10 +44,7 @@ require_once('inc_errors.php'); ?> - - -
From c50d60730c956b69c3a7136864a1f505bfe8ea83 Mon Sep 17 00:00:00 2001 From: Evgeny Gryaznov Date: Mon, 4 Mar 2013 23:57:42 +0100 Subject: [PATCH 17/21] fix move_uploaded_file errors --- src/messenger/.idea/codeStyleSettings.xml | 27 +++++++++++------------ src/messenger/webim/libs/common.php | 12 +++++----- src/messenger/webim/operator/avatar.php | 4 ++-- 3 files changed, 21 insertions(+), 22 deletions(-) diff --git a/src/messenger/.idea/codeStyleSettings.xml b/src/messenger/.idea/codeStyleSettings.xml index bb3694e4..08116dc6 100644 --- a/src/messenger/.idea/codeStyleSettings.xml +++ b/src/messenger/.idea/codeStyleSettings.xml @@ -3,27 +3,26 @@ - + diff --git a/src/messenger/webim/libs/common.php b/src/messenger/webim/libs/common.php index 4e8fa8b8..43f2c976 100644 --- a/src/messenger/webim/libs/common.php +++ b/src/messenger/webim/libs/common.php @@ -349,7 +349,7 @@ function connect() die('Mysql extension is not loaded'); } $link = @mysql_connect($mysqlhost, $mysqllogin, $mysqlpass) - or die('Could not connect: ' . mysql_error()); + or die('Could not connect: ' . mysql_error()); mysql_select_db($mysqldb, $link) or die('Could not select database'); if ($force_charset_in_connection) { mysql_query("SET NAMES '$dbencoding'", $link); @@ -392,7 +392,7 @@ function db_build_select($fields, $table, $conditions, $orderandgroup) function db_rows_count($table, $conditions, $countfields, $link) { $result = mysql_query(db_build_select("count(" . ($countfields ? $countfields : "*") . ")", $table, $conditions, ""), $link) - or die(' Count query failed: ' . mysql_error($link)); + or die(' Count query failed: ' . mysql_error($link)); $line = mysql_fetch_array($result, MYSQL_NUM); mysql_free_result($result); return $line[0]; @@ -542,9 +542,9 @@ function get_app_location($showhost, $issecure) function is_secure_request() { return - isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == '443' - || isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on" - || isset($_SERVER["HTTP_HTTPS"]) && $_SERVER["HTTP_HTTPS"] == "on"; + isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == '443' + || isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on" + || isset($_SERVER["HTTP_HTTPS"]) && $_SERVER["HTTP_HTTPS"] == "on"; } function get_month_selection($fromtime, $totime) @@ -713,7 +713,7 @@ function print_csrf_token_input() { setcsrftoken(); - echo ""; + echo "\n"; } /* print csrf token in url format */ diff --git a/src/messenger/webim/operator/avatar.php b/src/messenger/webim/operator/avatar.php index 26f062b5..5dec6dc1 100644 --- a/src/messenger/webim/operator/avatar.php +++ b/src/messenger/webim/operator/avatar.php @@ -45,7 +45,7 @@ if (!$op) { $errors[] = getlocal('page_agent.cannot_modify'); } else if (isset($_FILES['avatarFile']) && $_FILES['avatarFile']['name']) { - $valid_types = array("gif", "jpg", "png", "tif"); + $valid_types = array("gif", "jpg", "png", "tif", "jpeg"); $orig_filename = $_FILES['avatarFile']['name']; $tmp_file_name = $_FILES['avatarFile']['tmp_name']; @@ -65,7 +65,7 @@ if (!$op) { if (file_exists($full_file_path)) { unlink($full_file_path); } - if (!move_uploaded_file($_FILES['avatarFile']['tmp_name'], $full_file_path)) { + if (!@move_uploaded_file($_FILES['avatarFile']['tmp_name'], $full_file_path)) { $errors[] = failed_uploading_file($orig_filename, "errors.file.move.error"); } else { $avatar = "$webimroot/images/avatar/$new_file_name"; From 3741e57eabfd5266e3f1766e5917567494e6c8cf Mon Sep 17 00:00:00 2001 From: Evgeny Gryaznov Date: Tue, 5 Mar 2013 00:24:26 +0100 Subject: [PATCH 18/21] apache 2 license (started); upgrade version to 1.6.5 --- src/messenger/webim/COPYING | 19 -- src/messenger/webim/LICENSE | 202 ++++++++++++++ src/messenger/webim/VERSION | 2 +- src/messenger/webim/b.php | 30 +- src/messenger/webim/button.php | 27 +- src/messenger/webim/captcha.php | 30 +- src/messenger/webim/client.php | 30 +- src/messenger/webim/default.css | 29 +- src/messenger/webim/epl-v10.html | 328 ---------------------- src/messenger/webim/gpl-2.0.txt | 339 ----------------------- src/messenger/webim/index.php | 30 +- src/messenger/webim/install/whatsnew.txt | 5 + src/messenger/webim/leavemessage.php | 30 +- src/messenger/webim/license.php | 30 +- src/messenger/webim/mail.php | 30 +- src/messenger/webim/thread.php | 30 +- 16 files changed, 339 insertions(+), 852 deletions(-) delete mode 100644 src/messenger/webim/COPYING create mode 100644 src/messenger/webim/LICENSE delete mode 100644 src/messenger/webim/epl-v10.html delete mode 100644 src/messenger/webim/gpl-2.0.txt diff --git a/src/messenger/webim/COPYING b/src/messenger/webim/COPYING deleted file mode 100644 index bfdf54c2..00000000 --- a/src/messenger/webim/COPYING +++ /dev/null @@ -1,19 +0,0 @@ -Mibew Messenger -Copyright (c) 2005-2011 Mibew Messenger Community - -LICENSE - -Mibew Messenger is distributed under the terms of the Eclipse Public License (or -the General Public License, this means that you can choose one of two, and use it -accordingly) with the following special exception. - -License exception: -No one may remove, alter or hide any copyright notices or links to the community -site ("http://mibew.org") contained within the Program. Any derivative work -must include this license exception. - -Eclipse Public License: -http://www.eclipse.org/legal/epl-v10.html - -General Public License: -http://www.gnu.org/copyleft/gpl.html diff --git a/src/messenger/webim/LICENSE b/src/messenger/webim/LICENSE new file mode 100644 index 00000000..d6456956 --- /dev/null +++ b/src/messenger/webim/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/src/messenger/webim/VERSION b/src/messenger/webim/VERSION index cff47a7b..10a9279e 100644 --- a/src/messenger/webim/VERSION +++ b/src/messenger/webim/VERSION @@ -1 +1 @@ -Mibew/1.6.4 \ No newline at end of file +Mibew/1.6.5 \ No newline at end of file diff --git a/src/messenger/webim/b.php b/src/messenger/webim/b.php index 4780c50f..7b83117d 100644 --- a/src/messenger/webim/b.php +++ b/src/messenger/webim/b.php @@ -1,22 +1,18 @@ - - - - - - - -Eclipse Public License - Version 1.0 - - - - - - -
- -

Eclipse Public License - v 1.0 -

- -

THE ACCOMPANYING PROGRAM IS PROVIDED UNDER -THE TERMS OF THIS ECLIPSE PUBLIC LICENSE ("AGREEMENT"). ANY USE, -REPRODUCTION OR DISTRIBUTION OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE -OF THIS AGREEMENT.

- -

1. DEFINITIONS

- -

"Contribution" means:

- -

a) -in the case of the initial Contributor, the initial code and documentation -distributed under this Agreement, and
-b) in the case of each subsequent Contributor:

- -

i) -changes to the Program, and

- -

ii) -additions to the Program;

- -

where -such changes and/or additions to the Program originate from and are distributed -by that particular Contributor. A Contribution 'originates' from a Contributor -if it was added to the Program by such Contributor itself or anyone acting on -such Contributor's behalf. Contributions do not include additions to the -Program which: (i) are separate modules of software distributed in conjunction -with the Program under their own license agreement, and (ii) are not derivative -works of the Program.

- -

"Contributor" means any person or -entity that distributes the Program.

- -

"Licensed Patents " mean patent -claims licensable by a Contributor which are necessarily infringed by the use -or sale of its Contribution alone or when combined with the Program.

- -

"Program" means the Contributions -distributed in accordance with this Agreement.

- -

"Recipient" means anyone who -receives the Program under this Agreement, including all Contributors.

- -

2. GRANT OF RIGHTS

- -

a) -Subject to the terms of this Agreement, each Contributor hereby grants Recipient -a non-exclusive, worldwide, royalty-free copyright license to reproduce, prepare derivative works of, publicly -display, publicly perform, distribute and sublicense the Contribution of such -Contributor, if any, and such derivative works, in source code and object code -form.

- -

b) -Subject to the terms of this Agreement, each Contributor hereby grants -Recipient a non-exclusive, worldwide, royalty-free -patent license under Licensed Patents to make, use, sell, offer to sell, import -and otherwise transfer the Contribution of such Contributor, if any, in source -code and object code form. This patent license shall apply to the combination -of the Contribution and the Program if, at the time the Contribution is added -by the Contributor, such addition of the Contribution causes such combination -to be covered by the Licensed Patents. The patent license shall not apply to -any other combinations which include the Contribution. No hardware per se is -licensed hereunder.

- -

c) -Recipient understands that although each Contributor grants the licenses to its -Contributions set forth herein, no assurances are provided by any Contributor -that the Program does not infringe the patent or other intellectual property -rights of any other entity. Each Contributor disclaims any liability to Recipient -for claims brought by any other entity based on infringement of intellectual -property rights or otherwise. As a condition to exercising the rights and -licenses granted hereunder, each Recipient hereby assumes sole responsibility -to secure any other intellectual property rights needed, if any. For example, -if a third party patent license is required to allow Recipient to distribute -the Program, it is Recipient's responsibility to acquire that license before -distributing the Program.

- -

d) -Each Contributor represents that to its knowledge it has sufficient copyright -rights in its Contribution, if any, to grant the copyright license set forth in -this Agreement.

- -

3. REQUIREMENTS

- -

A Contributor may choose to distribute the -Program in object code form under its own license agreement, provided that: -

- -

a) -it complies with the terms and conditions of this Agreement; and

- -

b) -its license agreement:

- -

i) -effectively disclaims on behalf of all Contributors all warranties and -conditions, express and implied, including warranties or conditions of title -and non-infringement, and implied warranties or conditions of merchantability -and fitness for a particular purpose;

- -

ii) -effectively excludes on behalf of all Contributors all liability for damages, -including direct, indirect, special, incidental and consequential damages, such -as lost profits;

- -

iii) -states that any provisions which differ from this Agreement are offered by that -Contributor alone and not by any other party; and

- -

iv) -states that source code for the Program is available from such Contributor, and -informs licensees how to obtain it in a reasonable manner on or through a -medium customarily used for software exchange.

- -

When the Program is made available in source -code form:

- -

a) -it must be made available under this Agreement; and

- -

b) a -copy of this Agreement must be included with each copy of the Program.

- -

Contributors may not remove or alter any -copyright notices contained within the Program.

- -

Each Contributor must identify itself as the -originator of its Contribution, if any, in a manner that reasonably allows -subsequent Recipients to identify the originator of the Contribution.

- -

4. COMMERCIAL DISTRIBUTION

- -

Commercial distributors of software may -accept certain responsibilities with respect to end users, business partners -and the like. While this license is intended to facilitate the commercial use -of the Program, the Contributor who includes the Program in a commercial -product offering should do so in a manner which does not create potential -liability for other Contributors. Therefore, if a Contributor includes the -Program in a commercial product offering, such Contributor ("Commercial -Contributor") hereby agrees to defend and indemnify every other -Contributor ("Indemnified Contributor") against any losses, damages and -costs (collectively "Losses") arising from claims, lawsuits and other -legal actions brought by a third party against the Indemnified Contributor to -the extent caused by the acts or omissions of such Commercial Contributor in -connection with its distribution of the Program in a commercial product -offering. The obligations in this section do not apply to any claims or Losses -relating to any actual or alleged intellectual property infringement. In order -to qualify, an Indemnified Contributor must: a) promptly notify the Commercial -Contributor in writing of such claim, and b) allow the Commercial Contributor -to control, and cooperate with the Commercial Contributor in, the defense and -any related settlement negotiations. The Indemnified Contributor may participate -in any such claim at its own expense.

- -

For example, a Contributor might include the -Program in a commercial product offering, Product X. That Contributor is then a -Commercial Contributor. If that Commercial Contributor then makes performance -claims, or offers warranties related to Product X, those performance claims and -warranties are such Commercial Contributor's responsibility alone. Under this -section, the Commercial Contributor would have to defend claims against the -other Contributors related to those performance claims and warranties, and if a -court requires any other Contributor to pay any damages as a result, the -Commercial Contributor must pay those damages.

- -

5. NO WARRANTY

- -

EXCEPT AS EXPRESSLY SET FORTH IN THIS -AGREEMENT, THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT -WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, -WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT, -MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely -responsible for determining the appropriateness of using and distributing the -Program and assumes all risks associated with its exercise of rights under this -Agreement , including but not limited to the risks and costs of program errors, -compliance with applicable laws, damage to or loss of data, programs or -equipment, and unavailability or interruption of operations.

- -

6. DISCLAIMER OF LIABILITY

- -

EXCEPT AS EXPRESSLY SET FORTH IN THIS -AGREEMENT, NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY -OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF -THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF -THE POSSIBILITY OF SUCH DAMAGES.

- -

7. GENERAL

- -

If any provision of this Agreement is invalid -or unenforceable under applicable law, it shall not affect the validity or -enforceability of the remainder of the terms of this Agreement, and without -further action by the parties hereto, such provision shall be reformed to the -minimum extent necessary to make such provision valid and enforceable.

- -

If Recipient institutes patent litigation -against any entity (including a cross-claim or counterclaim in a lawsuit) -alleging that the Program itself (excluding combinations of the Program with -other software or hardware) infringes such Recipient's patent(s), then such -Recipient's rights granted under Section 2(b) shall terminate as of the date -such litigation is filed.

- -

All Recipient's rights under this Agreement -shall terminate if it fails to comply with any of the material terms or -conditions of this Agreement and does not cure such failure in a reasonable -period of time after becoming aware of such noncompliance. If all Recipient's -rights under this Agreement terminate, Recipient agrees to cease use and -distribution of the Program as soon as reasonably practicable. However, -Recipient's obligations under this Agreement and any licenses granted by -Recipient relating to the Program shall continue and survive.

- -

Everyone is permitted to copy and distribute -copies of this Agreement, but in order to avoid inconsistency the Agreement is -copyrighted and may only be modified in the following manner. The Agreement -Steward reserves the right to publish new versions (including revisions) of -this Agreement from time to time. No one other than the Agreement Steward has -the right to modify this Agreement. The Eclipse Foundation is the initial -Agreement Steward. The Eclipse Foundation may assign the responsibility to -serve as the Agreement Steward to a suitable separate entity. Each new version -of the Agreement will be given a distinguishing version number. The Program -(including Contributions) may always be distributed subject to the version of -the Agreement under which it was received. In addition, after a new version of -the Agreement is published, Contributor may elect to distribute the Program -(including its Contributions) under the new version. Except as expressly stated -in Sections 2(a) and 2(b) above, Recipient receives no rights or licenses to -the intellectual property of any Contributor under this Agreement, whether -expressly, by implication, estoppel or otherwise. All rights in the Program not -expressly granted under this Agreement are reserved.

- -

This Agreement is governed by the laws of the -State of New York and the intellectual property laws of the United States of -America. No party to this Agreement will bring a legal action under this -Agreement more than one year after the cause of action arose. Each party waives -its rights to a jury trial in any resulting litigation.

- -

 

- -
- - - - \ No newline at end of file diff --git a/src/messenger/webim/gpl-2.0.txt b/src/messenger/webim/gpl-2.0.txt deleted file mode 100644 index d511905c..00000000 --- a/src/messenger/webim/gpl-2.0.txt +++ /dev/null @@ -1,339 +0,0 @@ - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Lesser General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - -Also add information on how to contact you by electronic and paper mail. - -If the program is interactive, make it output a short notice like this -when it starts in an interactive mode: - - Gnomovision version 69, Copyright (C) year name of author - Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, the commands you use may -be called something other than `show w' and `show c'; they could even be -mouse-clicks or menu items--whatever suits your program. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the program, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the program - `Gnomovision' (which makes passes at compilers) written by James Hacker. - - , 1 April 1989 - Ty Coon, President of Vice - -This General Public License does not permit incorporating your program into -proprietary programs. If your program is a subroutine library, you may -consider it more useful to permit linking proprietary applications with the -library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. diff --git a/src/messenger/webim/index.php b/src/messenger/webim/index.php index 20fa4719..326459b1 100644 --- a/src/messenger/webim/index.php +++ b/src/messenger/webim/index.php @@ -1,22 +1,18 @@ Date: Wed, 6 Mar 2013 22:22:53 +0100 Subject: [PATCH 19/21] apache 2 license in php headers --- src/messenger/.idea/codeStyleSettings.xml | 3 ++ src/messenger/webim/b.php | 2 +- src/messenger/webim/button.php | 2 +- src/messenger/webim/captcha.php | 2 +- src/messenger/webim/client.php | 2 +- src/messenger/webim/index.php | 2 +- src/messenger/webim/install/dbinfo.php | 30 ++++++++---------- src/messenger/webim/install/dbperform.php | 30 ++++++++---------- src/messenger/webim/install/index.php | 30 ++++++++---------- src/messenger/webim/leavemessage.php | 2 +- src/messenger/webim/libs/captcha.php | 30 +++++++++--------- src/messenger/webim/libs/chat.php | 31 ++++++++----------- src/messenger/webim/libs/common.php | 30 ++++++++---------- src/messenger/webim/libs/config.php | 30 ++++++++---------- src/messenger/webim/libs/converter.php | 30 ++++++++---------- src/messenger/webim/libs/demothread.php | 30 ++++++++---------- src/messenger/webim/libs/expand.php | 30 ++++++++---------- src/messenger/webim/libs/getcode.php | 24 ++++++-------- src/messenger/webim/libs/groups.php | 30 ++++++++---------- src/messenger/webim/libs/notify.php | 30 ++++++++---------- src/messenger/webim/libs/operator.php | 30 ++++++++---------- .../webim/libs/operator_settings.php | 30 ++++++++---------- src/messenger/webim/libs/pagination.php | 30 ++++++++---------- src/messenger/webim/libs/settings.php | 30 ++++++++---------- src/messenger/webim/libs/userinfo.php | 30 ++++++++---------- src/messenger/webim/license.php | 2 +- src/messenger/webim/mail.php | 2 +- src/messenger/webim/operator/agent.php | 30 ++++++++---------- src/messenger/webim/operator/autologin.php | 30 ++++++++---------- src/messenger/webim/operator/avatar.php | 30 ++++++++---------- src/messenger/webim/operator/ban.php | 30 ++++++++---------- src/messenger/webim/operator/blocked.php | 30 ++++++++---------- src/messenger/webim/operator/canned.php | 30 ++++++++---------- src/messenger/webim/operator/cannededit.php | 30 ++++++++---------- src/messenger/webim/operator/features.php | 30 ++++++++---------- src/messenger/webim/operator/getcode.php | 30 ++++++++---------- src/messenger/webim/operator/group.php | 30 ++++++++---------- src/messenger/webim/operator/groupmembers.php | 30 ++++++++---------- src/messenger/webim/operator/groups.php | 30 ++++++++---------- src/messenger/webim/operator/history.php | 30 ++++++++---------- src/messenger/webim/operator/index.php | 30 ++++++++---------- src/messenger/webim/operator/login.php | 30 ++++++++---------- src/messenger/webim/operator/logout.php | 30 ++++++++---------- src/messenger/webim/operator/operator.php | 30 ++++++++---------- src/messenger/webim/operator/operators.php | 30 ++++++++---------- src/messenger/webim/operator/opgroups.php | 30 ++++++++---------- src/messenger/webim/operator/performance.php | 30 ++++++++---------- src/messenger/webim/operator/permissions.php | 30 ++++++++---------- src/messenger/webim/operator/redirect.php | 30 ++++++++---------- src/messenger/webim/operator/resetpwd.php | 30 ++++++++---------- src/messenger/webim/operator/restore.php | 30 ++++++++---------- src/messenger/webim/operator/settings.php | 30 ++++++++---------- src/messenger/webim/operator/statistics.php | 30 ++++++++---------- src/messenger/webim/operator/themes.php | 30 ++++++++---------- .../webim/operator/threadprocessor.php | 30 ++++++++---------- src/messenger/webim/operator/translate.php | 30 ++++++++---------- src/messenger/webim/operator/update.php | 30 ++++++++---------- src/messenger/webim/operator/updates.php | 30 ++++++++---------- src/messenger/webim/operator/userhistory.php | 30 ++++++++---------- src/messenger/webim/operator/users.php | 30 ++++++++---------- src/messenger/webim/thread.php | 2 +- src/messenger/webim/view/agent.php | 30 ++++++++---------- src/messenger/webim/view/agents.php | 30 ++++++++---------- src/messenger/webim/view/avatar.php | 30 ++++++++---------- src/messenger/webim/view/ban.php | 30 ++++++++---------- src/messenger/webim/view/blocked_visitors.php | 30 ++++++++---------- src/messenger/webim/view/canned.php | 30 ++++++++---------- src/messenger/webim/view/cannededit.php | 30 ++++++++---------- src/messenger/webim/view/confirm.php | 30 ++++++++---------- src/messenger/webim/view/features.php | 30 ++++++++---------- src/messenger/webim/view/gen_button.php | 30 ++++++++---------- src/messenger/webim/view/group.php | 30 ++++++++---------- src/messenger/webim/view/groupmembers.php | 30 ++++++++---------- src/messenger/webim/view/groups.php | 30 ++++++++---------- src/messenger/webim/view/inc_errors.php | 30 ++++++++---------- src/messenger/webim/view/inc_locales.php | 30 ++++++++---------- src/messenger/webim/view/inc_main.php | 30 ++++++++---------- src/messenger/webim/view/inc_menu.php | 30 ++++++++---------- src/messenger/webim/view/inc_tabbar.php | 24 ++++++-------- src/messenger/webim/view/install_err.php | 30 ++++++++---------- src/messenger/webim/view/install_index.php | 30 ++++++++---------- src/messenger/webim/view/license.php | 30 ++++++++---------- src/messenger/webim/view/login.php | 30 ++++++++---------- src/messenger/webim/view/menu.php | 30 ++++++++---------- src/messenger/webim/view/operator_groups.php | 30 ++++++++---------- src/messenger/webim/view/pending_users.php | 30 ++++++++---------- src/messenger/webim/view/performance.php | 30 ++++++++---------- src/messenger/webim/view/permissions.php | 30 ++++++++---------- src/messenger/webim/view/resetpwd.php | 30 ++++++++---------- src/messenger/webim/view/restore.php | 30 ++++++++---------- src/messenger/webim/view/settings.php | 30 ++++++++---------- src/messenger/webim/view/statistics.php | 30 ++++++++---------- src/messenger/webim/view/themes.php | 30 ++++++++---------- src/messenger/webim/view/thread_log.php | 30 ++++++++---------- src/messenger/webim/view/thread_search.php | 30 ++++++++---------- src/messenger/webim/view/translate.php | 30 ++++++++---------- src/messenger/webim/view/translatelist.php | 30 ++++++++---------- src/messenger/webim/view/updates.php | 30 ++++++++---------- src/messenger/webim/view/userhistory.php | 30 ++++++++---------- 99 files changed, 1165 insertions(+), 1515 deletions(-) diff --git a/src/messenger/.idea/codeStyleSettings.xml b/src/messenger/.idea/codeStyleSettings.xml index 08116dc6..de6382eb 100644 --- a/src/messenger/.idea/codeStyleSettings.xml +++ b/src/messenger/.idea/codeStyleSettings.xml @@ -15,6 +15,9 @@ + +