Strict Standards: Non-static method Flyspray::absoluteURI() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/constants.inc.php on line 29 Strict Standards: Non-static method Flyspray::get_tmp_dir() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/constants.inc.php on line 78 Warning: session_start(): open(/data/web/tmp/sessions/sess_4fl6qjoh0rij9s7o9ocbfl8n96, O_RDWR) failed: Disk quota exceeded (122) in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.flyspray.php on line 732 Warning: session_start(): open(/data/web/tmp/sessions/sess_rm5nvs1igupm0lukula1e6sm00, O_RDWR) failed: Disk quota exceeded (122) in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.flyspray.php on line 732 Warning: session_start(): open(/data/web/tmp/sessions/sess_4l074a07dgatg4gmd32h191td6, O_RDWR) failed: Disk quota exceeded (122) in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.flyspray.php on line 732 Warning: session_start(): open(/data/web/tmp/sessions/sess_mkbq9k3889un2ntaaleavcv405, O_RDWR) failed: Disk quota exceeded (122) in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.flyspray.php on line 732 Warning: session_start(): open(/data/web/tmp/sessions/sess_a84ni5bmom4pp9t5lnc468kg84, O_RDWR) failed: Disk quota exceeded (122) in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.flyspray.php on line 732 Warning: session_start(): open(/data/web/tmp/sessions/sess_cm00q7sj2v3f5s2j8mqor5uat2, O_RDWR) failed: Disk quota exceeded (122) in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.flyspray.php on line 732 Warning: session_start(): open(/data/web/tmp/sessions/sess_rcnlt1u80ck4upvdv9u3rd9j21, O_RDWR) failed: Disk quota exceeded (122) in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.flyspray.php on line 732 Warning: session_start(): open(/data/web/tmp/sessions/sess_isvmkn3ol563sisi10tert5141, O_RDWR) failed: Disk quota exceeded (122) in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.flyspray.php on line 732 Warning: session_start(): open(/data/web/tmp/sessions/sess_0a6qp6hae293srnp4uk82bdkv5, O_RDWR) failed: Disk quota exceeded (122) in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.flyspray.php on line 732 Warning: session_start(): open(/data/web/tmp/sessions/sess_5tjlsqs49snvoob4hu7ou0dj56, O_RDWR) failed: Disk quota exceeded (122) in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.flyspray.php on line 750 Strict Standards: Non-static method Flyspray::base_version() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/header.php on line 29 Strict Standards: Non-static method Flyspray::base_version() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/header.php on line 29 Strict Standards: Non-static method Req::val() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/header.php on line 39 Strict Standards: Non-static method Req::has() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.gpc.php on line 26 Strict Standards: Non-static method Req::num() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/header.php on line 40 Strict Standards: Non-static method Req::val() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.gpc.php on line 32 Strict Standards: Non-static method Req::has() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.gpc.php on line 26 Strict Standards: Non-static method Filters::num() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.gpc.php on line 32 Strict Standards: Non-static method Req::num() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/header.php on line 42 Strict Standards: Non-static method Req::val() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.gpc.php on line 32 Strict Standards: Non-static method Req::has() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.gpc.php on line 26 Strict Standards: Non-static method Filters::num() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.gpc.php on line 32 Warning: Cannot modify header information - headers already sent by (output started at /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.gpc.php:26) in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.flyspray.php on line 677 Strict Standards: Non-static method Req::enum() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/index.php on line 20 Strict Standards: Non-static method Req::val() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.gpc.php on line 37 Strict Standards: Non-static method Req::has() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.gpc.php on line 26 Strict Standards: Non-static method Filters::enum() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.gpc.php on line 37 Strict Standards: Non-static method Req::has() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/index.php on line 26 Strict Standards: Non-static method Req::has() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/index.php on line 26 Strict Standards: Non-static method Cookie::has() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/index.php on line 33 Strict Standards: Non-static method Get::val() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/index.php on line 41 Strict Standards: Non-static method Get::has() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.gpc.php on line 100 Warning: Cannot modify header information - headers already sent by (output started at /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.gpc.php:26) in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/index.php on line 82 Warning: Cannot modify header information - headers already sent by (output started at /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.gpc.php:26) in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/index.php on line 83 Warning: Cannot modify header information - headers already sent by (output started at /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.gpc.php:26) in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/index.php on line 84 Warning: Cannot modify header information - headers already sent by (output started at /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.gpc.php:26) in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/index.php on line 87 Warning: Cannot modify header information - headers already sent by (output started at /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.gpc.php:26) in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/index.php on line 88 Strict Standards: Non-static method Get::val() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/index.php on line 100 Strict Standards: Non-static method Get::has() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.gpc.php on line 100 Strict Standards: Non-static method Flyspray::requestDuplicated() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/index.php on line 109 Strict Standards: Non-static method Req::has() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/index.php on line 148 Strict Standards: Non-static method Req::num() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/scripts/details.php on line 15 Strict Standards: Non-static method Req::val() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.gpc.php on line 32 Strict Standards: Non-static method Req::has() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.gpc.php on line 26 Strict Standards: Non-static method Filters::num() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.gpc.php on line 32 Strict Standards: Non-static method Flyspray::GetTaskDetails() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/scripts/details.php on line 17 Strict Standards: Non-static method Flyspray::GetAssignees() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.flyspray.php on line 358 Strict Standards: Non-static method Get::val() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/scripts/details.php on line 34 Strict Standards: Non-static method Get::has() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.gpc.php on line 100 Strict Standards: Non-static method Post::has() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/scripts/details.php on line 34 Strict Standards: Non-static method TextFormatter::render() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/scripts/details.php on line 128 FS#28 : Persistant session for RSS

Anwiki CMS

Anwiki CMS : the first wiki/CMS dedicated to multilingual contents
Tasklist

FS#28 - Persistant session for RSS

Attached to Project: Anwiki CMS
Opened by Strict Standards: array_map() expects parameter 1 to be a valid callback, non-static method Filters::noXSS() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.tpl.php on line 281 anw (anw) - Strict Standards: Non-static method Filters::noXSS() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.tpl.php on line 613 Saturday, 04 April 2009, 16:58 GMT
Task Type Improvement
Category Drivers → Sessions drivers
Status New
Assigned To No-one
Operating System All
Severity Low
Priority Normal
Reported Version Anwiki 0.1.0 alpha 1
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 1
  • Strict Standards: array_map() expects parameter 1 to be a valid callback, non-static method Filters::noXSS() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.tpl.php on line 281 elruelmelo (elruelmelo) ( Strict Standards: Non-static method Filters::noXSS() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.tpl.php on line 613 2013-01-25)
Private No

Details

RSS are currently based on users session. When session expires, RSS feeds are lost.
RSS feeds are related to users session because they are based on user's permissions.

We could maybe create a "degraded session key" only used for limited read-only access such as RSS.
This key would be given in RSS feed URL, so that RSS feed would still be valid even when user's session expires.
This task depends upon

Comment by Strict Standards: array_map() expects parameter 1 to be a valid callback, non-static method Filters::noXSS() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.tpl.php on line 281 Wladimir Palant (trev) - Strict Standards: Non-static method Filters::noXSS() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.tpl.php on line 613 Thursday, 14 October 2010, 09:30 GMT
I was about to file a duplicate of this bug. Unfortunately, the RSS feeds currently aren't really usable - most of the times the RSS feed reader is an independent application and doesn't even have user's session in the first place. A session key in the feed URL would be the only way to reliably grant access to RSS feeds.

Note that this doesn't really require new sessions in the database. There is no reason why this "session key" should ever expire or be invalidated. So it could be a combination of the user's account ID and a checksum. The checksum would be built from a server-specific auto-generated secret key (stored in _override/global/global/global.cfg.php) and the account ID, e.g. md5(secret . '|' . userID). Including action name is also possible - then the key would grant access only to a specific RSS feed, not all of them. An attacker won't be able to generate the checksum because he doesn't know the secret key. The server will however be able to verify the checksum simply by re-calculating it - if the two checksums match the session key is valid, no database accesses necessary.
Comment by anw (anw) - Strict Standards: Non-static method Filters::noXSS() should not be called statically in /data/web/a5/4e/8e/bugs.anwiki.com/htdocs/includes/class.tpl.php on line 613 Thursday, 14 October 2010, 23:40 GMT
This sounds good, it may be implemented on sessions level for providing a generic session-access mechanism, restricted to a specific action and/or specific contents.

Loading...

Warning: Unknown: open(/data/web/tmp/sessions/sess_5tjlsqs49snvoob4hu7ou0dj56, O_RDWR) failed: Disk quota exceeded (122) in Unknown on line 0 Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (0;660;/data/web/tmp/sessions) in Unknown on line 0