Commit 04613005 authored by Leigh B Stoller's avatar Leigh B Stoller

Fixes to super secret URL handling. This was messier then it

needed to be, because of how the javascript code uses the selector
array. I kludged it for now, but needs more work.
parent a50f58dd
......@@ -28,6 +28,7 @@ include_once("geni_defs.php");
chdir("apt");
include("quickvm_sup.php");
include("instance_defs.php");
include("profile_defs.php");
$page_title = "Instantiate a Profile";
$dblink = GetDBLink("sa");
......@@ -53,55 +54,67 @@ $optargs = OptionalPageArguments("create", PAGEARG_STRING,
#
# Deal with ajax requests.
#
# XXX Need permission checks here.
#
if (isset($ajax_request)) {
if ($ajax_method == "getprofile") {
$profile_idx = addslashes($ajax_argument);
$query_result =
DBQueryWarn("select * from apt_profiles ".
"where idx='$profile_idx'");
if (!$query_result || !mysql_num_rows($query_result)) {
SPITAJAX_ERROR(1, "No such profile $profile_idx!");
$obj = Profile::Lookup($ajax_argument);
if (!$obj) {
SPITAJAX_ERROR(1, "No such profile $ajax_argument");
exit();
}
$row = mysql_fetch_array($query_result);
SPITAJAX_RESPONSE(array('rspec' => $row['rspec'],
'name' => $row['name'],
'idx' => $row['idx'],
'description' => $row['description']));
#
# Need permission checks here.
#
SPITAJAX_RESPONSE(array('rspec' => $obj->rspec(),
'name' => $obj->name(),
'description' => $obj->description()));
}
exit();
}
$profile_default = "OneVM";
$profile_array = array();
#
# if using the super secret URL, make sure the profile exists, and
# add to the array now since it might not be public or belong to the user.
#
if (isset($profile)) {
$profilename = $profile;
if (preg_match("/^\w+\-\w+\-\w+\-\w+\-\w+$/", $profile)) {
$obj = Profile::Lookup($profile);
if (! $obj) {
SPITHEADER(1);
SPITUSERERROR("No such profile: $profile");
echo "<script src='js/lib/require.js' data-main='js/null'>
</script>\n";
SPITFOOTER();
}
$profile_array[$profile] = $obj->name();
$profilename = $obj->name();
}
else {
$profilename = $profile;
}
}
#
# Still do this cause of non-secret URLs. This needs more work.
#
$query_result =
DBQueryFatal("select * from apt_profiles ".
"where public=1 " .
($this_user ? "or creator_idx=" . $this_user->uid_idx() : ""));
while ($row = mysql_fetch_array($query_result)) {
$profile_array[$row["idx"]] = $row["name"];
$profile_array[$row["uuid"]] = $row["name"];
if ($row["pid"] == $TBOPSPID && $row["name"] == $profile_default) {
$profile_default = $row["idx"];
$profile_default = $row["uuid"];
}
if (isset($profile)) {
# Look for the profile by project/name and switch to index.
# Look for the profile by project/name and switch to uuid.
if (isset($project) &&
$row["pid"] == $project->pid() &&
$row["name"] == $profile) {
$profile = $row["idx"];
}
# Look for the profile by uuid and switch to index.
elseif ($profile == $row["uuid"]) {
$profile = $row["idx"];
$profile = $row["uuid"];
}
}
}
......@@ -168,7 +181,7 @@ function SPITFORM($formfields, $newuser, $errors)
# If linked to a specific profile, description goes here
#
if ($profile) {
# Note: Following line is also duplicatd below
# Note: Following line is also duplicated below
echo " <span class='' style='display: inline-block; margin-bottom: 10px'
id='selected_profile_description'></span>\n";
}
......@@ -234,13 +247,18 @@ function SPITFORM($formfields, $newuser, $errors)
" </label>\n";
}
echo " </div>\n";
# Note: Following line is also duplicatd above
# Note: Following line is also duplicated above
echo " <span class=''
id='selected_profile_description'></span>\n";
}
else {
echo "<input id='selected_profile' type='hidden' value='$profile'
name='formfields[profile]'/>\n";
echo "<input id='selected_profile' type='hidden'
name='formfields[profile]'
value='" . $formfields["profile"] . "'>\n";
# Send the original argument for the initial array stuff above.
# Needs more work.
echo "<input type='hidden' name='profile' value='$profile'>\n";
}
echo "</fieldset>
<button class='btn btn-success pull-right'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment