fix session API broken and SQL pretection

2014-11-04 11:37:15 -05:00 · 2014-11-04 11:37:15 -05:00 · 0c5ba4573a
parent 69a98236bd
commit 0c5ba4573a
7 changed files with 5 additions and 12 deletions
--- a/cmd/web.go
+++ b/cmd/web.go
@ -72,7 +72,7 @@ func checkVersion() {
 		log.Fatal(4, "Package i18n version is too old, did you forget to update?(github.com/macaron-contrib/i18n)")
 	}
 	sessionVer := git.MustParseVersion(session.Version())
-	if sessionVer.LessThan(git.MustParseVersion("0.0.3")) {
+	if sessionVer.LessThan(git.MustParseVersion("0.0.5")) {
 		log.Fatal(4, "Package session version is too old, did you forget to update?(github.com/macaron-contrib/session)")
 	}
 }
--- a/conf/app.ini
+++ b/conf/app.ini
@ -163,10 +163,6 @@ ENABLE_SET_COOKIE = true
 GC_INTERVAL_TIME = 86400
 ; Session life time, default is 86400
 SESSION_LIFE_TIME = 86400
-; session id hash func, Either "sha1", "sha256" or "md5" default is sha1
-SESSION_ID_HASHFUNC = sha1
-; Session hash key, default is use random string
-SESSION_ID_HASHKEY =

 [picture]
 ; The place to picture data, either "server" or "qiniu", default is "server"
--- a/gogs.go
+++ b/gogs.go
@ -17,7 +17,7 @@ import (
 	"github.com/gogits/gogs/modules/setting"
 )

-const APP_VER = "0.5.6.1102 Beta"
+const APP_VER = "0.5.6.1104 Beta"

 func init() {
 	runtime.GOMAXPROCS(runtime.NumCPU())
--- a/models/repo.go
+++ b/models/repo.go
@ -1161,7 +1161,7 @@ func SearchRepositoryByName(opt SearchOption) (repos []*Repository, err error) {
 	if !opt.Private {
 		sess.And("is_private=false")
 	}
-	sess.And("lower_name like '%" + opt.Keyword + "%'").Find(&repos)
+	sess.And("lower_name like ?", "%"+opt.Keyword+"%").Find(&repos)
 	return repos, err
 }

--- a/models/user.go
+++ b/models/user.go
@ -581,7 +581,7 @@ func SearchUserByName(opt SearchOption) (us []*User, err error) {
 	opt.Keyword = strings.ToLower(opt.Keyword)

 	us = make([]*User, 0, opt.Limit)
-	err = x.Limit(opt.Limit).Where("type=0").And("lower_name like '%" + opt.Keyword + "%'").Find(&us)
+	err = x.Limit(opt.Limit).Where("type=0").And("lower_name like ?", "%"+opt.Keyword+"%").Find(&us)
 	return us, err
 }

--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@ -394,9 +394,6 @@ func newSessionService() {
 	SessionConfig.EnableSetCookie = Cfg.MustBool("session", "ENABLE_SET_COOKIE", true)
 	SessionConfig.Gclifetime = Cfg.MustInt64("session", "GC_INTERVAL_TIME", 86400)
 	SessionConfig.Maxlifetime = Cfg.MustInt64("session", "SESSION_LIFE_TIME", 86400)
-	SessionConfig.SessionIDHashFunc = Cfg.MustValueRange("session", "SESSION_ID_HASHFUNC",
-		"sha1", []string{"sha1", "sha256", "md5"})
-	SessionConfig.SessionIDHashKey = Cfg.MustValue("session", "SESSION_ID_HASHKEY", string(com.RandomCreateBytes(16)))

 	if SessionProvider == "file" {
 		os.MkdirAll(path.Dir(SessionConfig.ProviderConfig), os.ModePerm)
--- a/templates/.VERSION
+++ b/templates/.VERSION
@ -1 +1 @@
-0.5.6.1102 Beta
+0.5.6.1104 Beta