| Project: | ProjectPier |
| Version: | 0.8.5.0-Beta1 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | phpfreak |
| Status: | patch - code needs work |
Jump to:
Description
The code does not respond very well to modifying the url. This happens when I remove 'active_project=1'
Catchable fatal error: Argument 1 passed to User::isProjectUser() must be an instance of Project, null given, called in /customers/phalanx.nl/phalanx.nl/httpd.www/projectpier-0.8.5.0-beta/application/controllers/ApplicationController.class.php on line 43 and defined in /customers/phalanx.nl/phalanx.nl/httpd.www/projectpier-0.8.5.0-beta/application/models/users/User.class.php on line 145Changing the project id to a non existent project:
Error
We are sorry, but a fatal error prevented ProjectPier from executing your request. An Error Report has been sent to the administrator.
I made changes to demotivate end users to play with a PP url.
All urls are now of the form:
http://.../Yz10YXNrJmFtcDthPWVkaXRfdGFzayZhbXA7aWQ9MSZhbXA7YWN0aXZlX3Byb2plY3Q9MQ==
All parameters are base64 encoded. There is no ? and no index.php.
If you want this, do the following:
In /init.php add 2 lines at the top below <?php:
$_SERVER['QUERY_STRING'] = base64_decode($_SERVER['QUERY_STRING']);parse_str($_SERVER['QUERY_STRING'],$_GET);
In /application/functions.php search for index.php and replace line
return with_slash(ROOT_URL) . 'index.php?' . base64_encode(implode('&', $url_params) . $anchor);with
return with_slash(ROOT_URL) . base64_encode(implode('&', $url_params) . $anchor);Notice the base64_encode and changing
&to&.In .htaccess add the following lines:
RewriteEngine OnRewriteBase /projectpier-0.8.5.0-beta
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?$1 [L]
Make sure RewriteBase matches your deployment directory.
Essentially what happens is that the .htacces commands send all urls that do not match a file (!-f) or a directory (!-d) to index.php.
Seems to be working okay for me. So far, I have not encountered any problems navigating and creating tasks.
The error message is acceptable behavior. Maybe a better idea would be to redirect to the Dashboard with an appropriate error message. Along those lines, I changed my ProjectPier code in the following way:
in ProjectController.class.php:
function overview() {if (active_project() == null || !logged_user()->isProjectUser(active_project())) {
flash_error(lang('no access permissions'));
$this->redirectTo('dashboard');
} // if
and in ApplicationController.class.php:
function canGoOn(){
if(active_project() == null || !logged_user()->isProjectUser(active_project()))
{
flash_error(lang('no access permissions'));
$this->redirectTo('dashboard');
} // if
}// end canGoOn
Essentially, I check for a "null" return from active_project() and treat it like an access denied problem (thereby not exposing which project IDs are valid and which are invalid).