[gentoo-commits] proj/bouncer:master commit in: php/ - gentoo-commits

From:	"Robin H. Johnson" <robbat2@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/bouncer:master commit in: php/
Date:	Mon, 10 Dec 2018 06:58:03
Message-Id:	`1544425014.bc71b364401e993934cbd167714eec8337ca156a.robbat2@gentoo`

1

commit:     bc71b364401e993934cbd167714eec8337ca156a

2

Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>

3

AuthorDate: Mon Dec 10 06:56:54 2018 +0000

4

Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>

5

CommitDate: Mon Dec 10 06:56:54 2018 +0000

6

URL:        https://gitweb.gentoo.org/proj/bouncer.git/commit/?id=bc71b364

7

8

index: do not downgrade to HTTP

9

10

Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>

11

12

 php/index.php | 25 +++++++++++++++++++++++--

13

 1 file changed, 23 insertions(+), 2 deletions(-)

14

15

diff --git a/php/index.php b/php/index.php

16

index abb9671..357e25d 100644

17

--- a/php/index.php

18

+++ b/php/index.php

19

@@ -25,13 +25,34 @@ if (!empty($_GET['os'])&&!empty($_GET['product'])) {

20

     $os_id = DB::name_to_id('mirror_os','os_id','os_name',$os_name);

21

     $product_id = DB::name_to_id('mirror_products','product_id','product_name',$product_name);

22

23

+    // From pure HTTP request, you might get upgraded

24

+    // From HTTPS request, you should NOT be downgraded.

25

+    $baseurl_prefix = $_SERVER['HTTPS'] === 'on' ? 'https%' : 'http%';

26

+

27

     // do we have a valid os and product?

28

     if (!empty($os_id)&&!empty($product_id)) {

29

-        $location = DB::get_one("SELECT location_id,location_path FROM mirror_locations WHERE product_id=? AND os_id=?", PDO::FETCH_ASSOC, [$product_id, $os_id]);

30

+        $location = DB::get_one("SELECT location_id, location_path FROM mirror_locations WHERE product_id=:product_id AND os_id=:os_id",

31

+                                PDO::FETCH_ASSOC,

32

+                                array(':product_id' => $product_id, ':os_id' => $os_id));

33

34

         // did we get a valid location?

35

         if (!empty($location)) {

36

-            $mirror = DB::get_one("SELECT mirror_mirrors.mirror_id,mirror_baseurl FROM mirror_mirrors JOIN mirror_location_mirror_map ON mirror_mirrors.mirror_id = mirror_location_mirror_map.mirror_id WHERE mirror_location_mirror_map.location_id = ? AND mirror_active='1' AND location_active ='1' ORDER BY rand()*(1/mirror_rating)", PDO::FETCH_ASSOC, [$location['location_id']]);

37

+			$mirror = DB::get_one("SELECT

38

+				mirror_mirrors.mirror_id, mirror_baseurl

39

+                FROM mirror_mirrors

40

+                JOIN mirror_location_mirror_map ON mirror_mirrors.mirror_id = mirror_location_mirror_map.mirror_id

41

+                WHERE

42

+                    mirror_location_mirror_map.location_id = :location_id

43

+                    AND mirror_active='1'

44

+                    AND location_active ='1'

45

+                    AND mirror_baseurl LIKE :baseurl_prefix

46

+                ORDER BY

47

+                    rand()*(1.0/mirror_rating)",

48

+                PDO::FETCH_ASSOC,

49

+                array(

50

+                    ':location_id' => $location['location_id'],

51

+                    ':baseurl_prefix' => $baseurl_prefix,

52

+                ));

53

54

             // did we get a valid mirror?

55

             if (!empty($mirror)) {

1	commit: bc71b364401e993934cbd167714eec8337ca156a
2	Author: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
3	AuthorDate: Mon Dec 10 06:56:54 2018 +0000
4	Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
5	CommitDate: Mon Dec 10 06:56:54 2018 +0000
6	URL: https://gitweb.gentoo.org/proj/bouncer.git/commit/?id=bc71b364
7
8	index: do not downgrade to HTTP
9
10	Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>
11
12	php/index.php \| 25 +++++++++++++++++++++++--
13	1 file changed, 23 insertions(+), 2 deletions(-)
14
15	diff --git a/php/index.php b/php/index.php
16	index abb9671..357e25d 100644
17	--- a/php/index.php
18	+++ b/php/index.php
19	@@ -25,13 +25,34 @@ if (!empty($_GET['os'])&&!empty($_GET['product'])) {
20	$os_id = DB::name_to_id('mirror_os','os_id','os_name',$os_name);
21	$product_id = DB::name_to_id('mirror_products','product_id','product_name',$product_name);
22
23	+ // From pure HTTP request, you might get upgraded
24	+ // From HTTPS request, you should NOT be downgraded.
25	+ $baseurl_prefix = $_SERVER['HTTPS'] === 'on' ? 'https%' : 'http%';
26	+
27	// do we have a valid os and product?
28	if (!empty($os_id)&&!empty($product_id)) {
29	- $location = DB::get_one("SELECT location_id,location_path FROM mirror_locations WHERE product_id=? AND os_id=?", PDO::FETCH_ASSOC, [$product_id, $os_id]);
30	+ $location = DB::get_one("SELECT location_id, location_path FROM mirror_locations WHERE product_id=:product_id AND os_id=:os_id",
31	+ PDO::FETCH_ASSOC,
32	+ array(':product_id' => $product_id, ':os_id' => $os_id));
33
34	// did we get a valid location?
35	if (!empty($location)) {
36	- $mirror = DB::get_one("SELECT mirror_mirrors.mirror_id,mirror_baseurl FROM mirror_mirrors JOIN mirror_location_mirror_map ON mirror_mirrors.mirror_id = mirror_location_mirror_map.mirror_id WHERE mirror_location_mirror_map.location_id = ? AND mirror_active='1' AND location_active ='1' ORDER BY rand()*(1/mirror_rating)", PDO::FETCH_ASSOC, [$location['location_id']]);
37	+ $mirror = DB::get_one("SELECT
38	+ mirror_mirrors.mirror_id, mirror_baseurl
39	+ FROM mirror_mirrors
40	+ JOIN mirror_location_mirror_map ON mirror_mirrors.mirror_id = mirror_location_mirror_map.mirror_id
41	+ WHERE
42	+ mirror_location_mirror_map.location_id = :location_id
43	+ AND mirror_active='1'
44	+ AND location_active ='1'
45	+ AND mirror_baseurl LIKE :baseurl_prefix
46	+ ORDER BY
47	+ rand()*(1.0/mirror_rating)",
48	+ PDO::FETCH_ASSOC,
49	+ array(
50	+ ':location_id' => $location['location_id'],
51	+ ':baseurl_prefix' => $baseurl_prefix,
52	+ ));
53
54	// did we get a valid mirror?
55	if (!empty($mirror)) {

Gentoo Archives: gentoo-commits