mirror
/
Cloudlog
kopia lustrzana https://github.com/magicbug/Cloudlog
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

eSQL: Security fix, use HTTPS to send password over the internet 

Signed-off-by: Petr Kracík <petrkr@petrkr.net>
pull/2442/head
Petr Kracík 2023-08-27 14:53:57 +02:00
rodzic 6b7902b023
commit 059a0860af
Nie znaleziono w bazie danych klucza dla tego podpisu
ID klucza GPG: 616BA0418005810D
6 zmienionych plików z 23 dodań i 7 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

2
application/config/migration.php
Wyświetl plik

@ -22,7 +22,7 @@ $config['migration_enabled'] = TRUE;
|
*/
$config['migration_version'] = 138;
$config['migration_version'] = 139;
/*
|--------------------------------------------------------------------------

4
application/controllers/Eqsl.php
Wyświetl plik

@ -277,13 +277,13 @@ class eqsl extends CI_Controller {
return $table;
}
// Build out the ADIF info string according to specs http://eqsl.cc/qslcard/ADIFContentSpecs.cfm
// Build out the ADIF info string according to specs https://eqsl.cc/qslcard/ADIFContentSpecs.cfm
function generateAdif($qsl, $data) {
$COL_QSO_DATE = date('Ymd',strtotime($qsl['COL_TIME_ON']));
$COL_TIME_ON = date('Hi',strtotime($qsl['COL_TIME_ON']));
# Set up the single record file
$adif = "http://www.eqsl.cc/qslcard/importADIF.cfm?";
$adif = "https://www.eqsl.cc/qslcard/importADIF.cfm?";
$adif .= "ADIFData=CloudlogUpload%20";
/* Handy reference of escaping chars

2
application/libraries/EqslImporter.php
Wyświetl plik

@ -111,7 +111,7 @@ class EqslImporter
foreach ($matches[2] as $match) {
// Look for the link that has the .adi file, and download it to $file
if (substr($match, -4, 4) == ".adi") {
file_put_contents($this->adif_file, file_get_contents("http://eqsl.cc/qslcard/" . $match));
file_put_contents($this->adif_file, file_get_contents("https://eqsl.cc/qslcard/" . $match));
return $this->import();
}
}

16
application/migrations/139_modify_eQSL_url.php 100644
Wyświetl plik

@ -0,0 +1,16 @@
<?php defined('BASEPATH') OR exit('No direct script access allowed');
class Migration_modify_eQSL_url extends CI_Migration {
public function up()
{
$sql = "UPDATE config SET eqsl_download_url = 'https://www.eqsl.cc/qslcard/DownloadInBox.cfm' WHERE id=1";
$this->db->query($sql);
}
public function down()
{
// Will not go back to insecure connections
}
}
?>

4
application/models/Eqslmethods_model.php
Wyświetl plik

@ -154,8 +154,8 @@ class Eqslmethods_model extends CI_Model {
}
// Update a QSO with eQSL QSL info
// We could also probably use this use this: http://eqsl.cc/qslcard/VerifyQSO.txt
// http://www.eqsl.cc/qslcard/ImportADIF.txt
// We could also probably use this use this: https://eqsl.cc/qslcard/VerifyQSO.txt
// https://www.eqsl.cc/qslcard/ImportADIF.txt
function eqsl_update($datetime, $callsign, $band, $mode, $qsl_status,$station_callsign) {
$data = array(
'COL_EQSL_QSLRDATE' => date('Y-m-d H:i:s'), // eQSL doesn't give us a date, so let's use current

2
application/views/eqsl/import.php
Wyświetl plik

@ -30,7 +30,7 @@
Import from file...
</label>
<br><br>
<p>Upload the Exported ADIF file from eQSL from the <a href="http://eqsl.cc/qslcard/DownloadInBox.cfm" target="_blank">Download Inbox</a> page, to mark QSOs as confirmed on eQSL.</p>
<p>Upload the Exported ADIF file from eQSL from the <a href="https://eqsl.cc/qslcard/DownloadInBox.cfm" target="_blank">Download Inbox</a> page, to mark QSOs as confirmed on eQSL.</p>
<p><span class="label important">Important</span> Log files must have the file type .adi</p>
<input type="file" name="userfile" size="20" />
<br/><br/>