Ignore:
Timestamp:
08/08/07 09:49:33 (12 years ago)
Author:
pjkersha
Message:

ows_server/ows_server/lib/base.py: temp fix to passing of credentials over
http redirect - see TODOs esp. use of eval()

ows_server/ows_server/templates/ndgPage.kid: revised for cleaner display of
roles

Location:
TI05-delivery/ows_framework/trunk/ows_server/ows_server
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • TI05-delivery/ows_framework/trunk/ows_server/ows_server/lib/base.py

    r2772 r2776  
    3131        c.requestURL=construct_url(environ) 
    3232        if 'smURI' in request.params: 
     33            # TODO: get rid of eval - dangerous as attacker could sub in 
     34            # an arbitrary command 
     35            # 
     36            # P J Kershaw 08/08/07 
    3337            session['ndgSec']={'h':request.params['smURI'], 
    3438                           'u':request.params['username'], 
    35                            'r':request.params['roles'], 
     39                           'r':eval(request.params['roles']), 
    3640                           'sessID':request.params['sessID']} 
    3741            # TODO strip out this lot and repaint with a clean URL 
     42             
     43            # TODO: Check what panelView is for  
     44            # 
     45            # P J Kershaw 08/08/07 
     46            if 'panelView' not in session: 
     47                session['panelView']='History' 
     48 
     49            session.save() 
     50             
    3851        return WSGIController.__call__(self, environ, start_response) 
    3952     
  • TI05-delivery/ows_framework/trunk/ows_server/ows_server/templates/ndgPage.kid

    r2775 r2776  
    114114                        <!--! now we choose one of the next two (logged in or not) --> 
    115115                        <div py:if="'ndgSec' in session"><table><tbody><tr><td> User [${session['ndgSec']['u']}] logged in 
    116                         at [${session['ndgSec']['h']}] with roles ${session['ndgSec']['r']}</td><td> 
     116                        at [${session['ndgSec']['h']}] with roles [${len(session['ndgSec']['r'])==1 and session['ndgSec']['r'][0] or ', '.join(session['ndgSec']['r'])}]</td><td> 
    117117                        &nbsp;<span py:replace="logOut()"/></td></tr></tbody></table></div> 
    118118                        <div py:if="'ndgSec' not in session">Further services maybe available if you can 
Note: See TracChangeset for help on using the changeset viewer.