From 117b7bcafa93606a1e6f2378e2681cd0ab823996 Mon Sep 17 00:00:00 2001 From: Leigh B Stoller Date: Wed, 4 Feb 2015 13:47:52 -0700 Subject: [PATCH] Tweaks and bug fixes to new ssh editing page. Banish the old pages. --- www/aptui/js/ssh-keys.js | 19 +- www/aptui/ssh-keys.ajax | 65 +++-- www/aptui/ssh-keys.php | 20 +- www/aptui/template/ssh-keys.html | 7 +- www/deletepubkey.php3 | 170 ------------ www/moduserinfo.php3 | 4 +- www/profile.php | 4 +- www/showpubkeys.php3 | 427 ------------------------------- www/showuser.php3 | 2 +- www/ssh-keys.php | 11 +- www/url_defs.php | 10 +- 11 files changed, 110 insertions(+), 629 deletions(-) delete mode 100644 www/deletepubkey.php3 delete mode 100644 www/showpubkeys.php3 diff --git a/www/aptui/js/ssh-keys.js b/www/aptui/js/ssh-keys.js index 44f7c97e2..3ac08cb7e 100644 --- a/www/aptui/js/ssh-keys.js +++ b/www/aptui/js/ssh-keys.js @@ -9,12 +9,14 @@ function (_, sup, sshkeysString, oopsString, waitwaitString) { 'use strict'; var embedded = 0; + var target_uid = ""; var sshkeysTemplate = _.template(sshkeysString); function initialize() { window.APT_OPTIONS.initialize(sup); embedded = window.EMBEDDED; + target_uid = window.TARGET_UID; var pubkeys = JSON.parse(_.unescape($('#sshkey-list')[0].textContent)); var html = sshkeysTemplate({ @@ -53,6 +55,12 @@ function (_, sup, sshkeysString, oopsString, waitwaitString) HandleDeleteKey(index); }); + // Form reset button. + $('#ssh_clear_button').click(function (event) { + console.log("foo"); + event.preventDefault(); + $('#sshkey_data').val(""); + }); // Add key button. $('#ssh_addkey_button').click(function (event) { event.preventDefault(); @@ -79,16 +87,18 @@ function (_, sup, sshkeysString, oopsString, waitwaitString) return; } if (embedded) { - window.parent.location.replace("../ssh-keys.php"); + window.parent.location.replace("../ssh-keys.php?user=" + + target_uid); } else { - window.location.replace("ssh-keys.php"); + window.location.replace("ssh-keys.php?user=" + target_uid); } } sup.ShowModal("#waitwait-modal"); var xmlthing = sup.CallServerMethod(null, "ssh-keys", "addkey", - {"keydata" : keydata}); + {"keydata" : keydata, + "target_uid" : target_uid}); xmlthing.done(callback); } @@ -107,7 +117,8 @@ function (_, sup, sshkeysString, oopsString, waitwaitString) sup.ShowModal("#waitwait-modal"); var xmlthing = sup.CallServerMethod(null, "ssh-keys", "deletekey", - {"index" : index}); + {"index" : index, + "target_uid" : target_uid}); xmlthing.done(callback); } diff --git a/www/aptui/ssh-keys.ajax b/www/aptui/ssh-keys.ajax index 96b5a5d66..ee4871620 100644 --- a/www/aptui/ssh-keys.ajax +++ b/www/aptui/ssh-keys.ajax @@ -27,8 +27,9 @@ chdir("apt"); # # When there's a PubKeys class, this will be a Class function to edit them... # -function AddKeyAux($uid, $keydata, &$error) +function AddKeyAux($target_uid, $keydata, &$error) { + global $this_user; global $suexec_output, $suexec_output_array; # @@ -50,8 +51,10 @@ function AddKeyAux($uid, $keydata, &$error) chmod($filename, 0666); # Invoke the back-end script as the user if an admin for permissions. - $retval = SUEXEC($uid, "nobody", "webaddpubkey -f -u $uid $filename", - SUEXEC_ACTION_IGNORE); + $suexec_uid = (ISADMIN() ? $this_user->uid() : "nobody"); + $retval = SUEXEC($suexec_uid, "nobody", + "webaddpubkey -f -u $target_uid $filename", + SUEXEC_ACTION_IGNORE); unlink($filename); if ($retval) { @@ -76,15 +79,26 @@ function Do_AddKey() global $ajax_args; $error = ""; - $this_idx = $this_user->uid_idx(); - $this_uid = $this_user->uid(); - $embedded = isset($ajax_args["embedded"]) && $ajax_args["embedded"]; + $target_user = $this_user; + $embedded = isset($ajax_args["embedded"]) && $ajax_args["embedded"]; if (!isset($ajax_args["keydata"])) { SPITAJAX_ERROR(1, "Missing key data"); return; } - if (!AddKeyAux($this_uid, $ajax_args["keydata"], $error)) { + if (isset($ajax_args["target_uid"])) { + $target_uid = $ajax_args["target_uid"]; + $target_user = User::Lookup($target_uid); + if (!$target_user) { + SPITAJAX_ERROR(1, "No such user: $target_uid"); + return; + } + if (! ($target_user->SameUser($this_user) || ISADMIN())) { + SPITAJAX_ERROR(1, "No permission to add key for $target_uid"); + return; + } + } + if (!AddKeyAux($target_user->uid(), $ajax_args["keydata"], $error)) { SPITAJAX_ERROR(1, $error); return; } @@ -97,9 +111,8 @@ function Do_DeleteKey() global $this_user; global $ajax_args; - $this_idx = $this_user->uid_idx(); - $this_uid = $this_user->uid(); - $embedded = isset($ajax_args["embedded"]) && $ajax_args["embedded"]; + $target_user = $this_user; + $embedded = isset($ajax_args["embedded"]) && $ajax_args["embedded"]; if (!isset($ajax_args["index"])) { SPITAJAX_ERROR(1, "Missing key index"); @@ -110,13 +123,35 @@ function Do_DeleteKey() SPITAJAX_ERROR(1, "Invalid key index"); return; } + if (isset($ajax_args["target_uid"])) { + $target_uid = $ajax_args["target_uid"]; + $target_user = User::Lookup($target_uid); + if (!$target_user) { + SPITAJAX_ERROR(1, "No such user: $target_uid"); + return; + } + if (! ($target_user->SameUser($this_user) || ISADMIN())) { + SPITAJAX_ERROR(1, "No permission to delete key for $target_uid"); + return; + } + } + $target_idx = $target_user->uid_idx(); + $target_uid = $target_user->uid(); + DBQueryFatal("delete from user_pubkeys ". - "where uid_idx='$this_idx' and idx='$index' and internal=0"); + "where uid_idx='$target_idx' and idx='$index' and internal=0"); - if (SUEXEC($this_uid, "nobody", - "webaddpubkey -w $this_uid", SUEXEC_ACTION_CONTINUE)) { - SPITAJAX_ERROR(-1, "Internal error regenerating keys file"); - return; + # + # update authkeys files and nodes, but only if user has a real account. + # The -w option can only be used on real users, and deleting a key does + # not require anything by the outside script if not a real user; it + # will complain and die. + # + if (HASREALACCOUNT($target_uid) && + SUEXEC("nobody", "nobody", + "webaddpubkey -w $target_uid", SUEXEC_ACTION_CONTINUE)) { + SPITAJAX_ERROR(-1, "Internal error regenerating auth keys file"); + return; } SPITAJAX_RESPONSE(0); return; diff --git a/www/aptui/ssh-keys.php b/www/aptui/ssh-keys.php index 73a25585e..0b8bf9224 100644 --- a/www/aptui/ssh-keys.php +++ b/www/aptui/ssh-keys.php @@ -33,11 +33,26 @@ $page_title = "My SSH Keys"; RedirectSecure(); $this_user = CheckLoginOrRedirect(); $this_idx = $this_user->idx(); + +$optargs = OptionalPageArguments("target_user", PAGEARG_USER); + SPITHEADER(1); +# Default to current user. +if (!isset($target_user)) { + $target_user = $this_user; +} +$target_uid = $target_user->uid(); +$target_idx = $target_user->idx(); + +if (! ($target_user->SameUser($this_user) || + $target_user->AccessCheck($this_user, $TB_USERINFO_READINFO))) { + USERERROR("You do not have permission to view ${target_uid}' keys!", 1); +} + $query_result = DBQueryFatal("select idx,comment,pubkey from user_pubkeys ". - "where uid_idx='$this_idx' and internal=0"); + "where uid_idx='$target_idx' and internal=0"); $pubkeys = array(); while ($row = mysql_fetch_array($query_result)) { @@ -53,7 +68,8 @@ echo "\n"; echo "
\n"; echo "\n"; echo "\n"; echo "\n"; diff --git a/www/aptui/template/ssh-keys.html b/www/aptui/template/ssh-keys.html index ccc072ac2..a7a5b8155 100644 --- a/www/aptui/template/ssh-keys.html +++ b/www/aptui/template/ssh-keys.html @@ -26,8 +26,8 @@ -

<%- key_title %>

+ style='padding-right: 10px;'> +

<%- key_title %>

@@ -80,6 +80,9 @@ data-classButton='btn btn-primary btn-sm' data-input='false' data-buttonText='Load from file'> +
diff --git a/www/deletepubkey.php3 b/www/deletepubkey.php3 deleted file mode 100644 index 0a4d502ec..000000000 --- a/www/deletepubkey.php3 +++ /dev/null @@ -1,170 +0,0 @@ -. -# -# }}} -# -include("defs.php3"); - -# -# No PAGEHEADER since we spit out a redirect later. -# - -# -# Only known and logged in users can do this. -# -$this_user = CheckLoginOrDie(CHECKLOGIN_USERSTATUS|CHECKLOGIN_WEBONLY); -$uid = $this_user->uid(); -$isadmin = ISADMIN(); - -# -# Verify page arguments. -# -$reqargs = RequiredPageArguments("target_user", PAGEARG_USER, - "key", PAGEARG_INTEGER); -$optargs = OptionalPageArguments("canceled", PAGEARG_BOOLEAN, - "confirmed", PAGEARG_BOOLEAN); - -# Need these below. -$target_dbid = $target_user->dbid(); -$target_uid = $target_user->uid(); - -# -# Verify that this uid is a member of one of the projects that the -# user is in. Must have proper permission in that group too. -# -if (!$isadmin && - !$target_user->AccessCheck($this_user, $TB_USERINFO_MODIFYINFO)) { - USERERROR("You do not have permission!", 1); -} - -# -# Get the actual key. -# -$query_result =& $target_user->TableLookUp("user_pubkeys", "*", "idx='$key'"); - -if (! mysql_num_rows($query_result)) { - USERERROR("Public Key for user '$target_uid' does not exist!", 1); -} - -$row = mysql_fetch_array($query_result); -$pubkey = $row['pubkey']; -$chunky = chunk_split($pubkey, 70, "
\n"); -$internal = $row['internal']; -$nodelete = $row['nodelete']; - -# -# Internal keys cannot be deleted without admin. -# -if (($internal || $nodelete) && !$isadmin) { - USERERROR("You are not allowed to delete your system keys!", 1); -} - -# -# We run this twice. The first time we are checking for a confirmation -# by putting up a form. The next time through the confirmation will be -# set. Or, the user can hit the cancel button, in which case we should -# probably redirect the browser back up a level. -# -if (isset($canceled) && $canceled) { - PAGEHEADER("SSH Public Key Maintenance"); - - echo "


- SSH Public Key deletion canceled! -

\n"; - - $url = CreateURL("showpubkeys", $target_user); - - echo "
- Back to ssh public keys for user '$uid'.\n"; - - PAGEFOOTER(); - return; -} - -if (!isset($confirmed)) { - PAGEHEADER("SSH Public Key Maintenance"); - - echo "


- Are you REALLY - sure you want to delete this SSH Public Key for user '$target_uid'? -

\n"; - - $url = CreateURL("deletepubkey", $target_user, "key", $key); - - echo "
"; - echo "\n"; - echo "\n"; - echo "
\n"; - echo "
\n"; - - echo " - - - -
$chunky
\n"; - - if ($internal || $nodelete) { - echo "
"; - echo "This is an internal key!
"; - } - - PAGEFOOTER(); - return; -} - -# -# Audit -# -$uid_name = $this_user->name(); -$uid_email = $this_user->email(); - -$targuid_name = $target_user->name(); -$targuid_email = $target_user->email(); - -TBMAIL("$targuid_name <$targuid_email>", - "SSH Public Key for '$target_uid' Deleted", - "\n". - "SSH Public Key for '$target_uid' deleted by '$uid'.\n". - "\n". - "$chunky\n". - "\n". - "Thanks,\n". - "Testbed Operations\n", - "From: $uid_name <$uid_email>\n". - "Bcc: $TBMAIL_AUDIT\n". - "Errors-To: $TBMAIL_WWW"); - -DBQueryFatal("delete from user_pubkeys ". - "where uid_idx='$target_dbid' and idx='$key'"); - -# -# update authkeys files and nodes, but only if user has a real account. -# The -w option can only be used on real users, and deleting a key does -# not require anything by the outside script if not a real user; it -# will complain and die! -# -if (HASREALACCOUNT($target_uid)) { - ADDPUBKEY("-w $target_uid"); -} - -header("Location: " . CreateURL("showpubkeys", $target_user)); - -?> diff --git a/www/moduserinfo.php3 b/www/moduserinfo.php3 index f120ac8bc..dd2fce98e 100644 --- a/www/moduserinfo.php3 +++ b/www/moduserinfo.php3 @@ -1,6 +1,6 @@ for information regarding passwords and email addresses.\n"; if (!$wikionly) { - $pubkey_url = CreateURL("showpubkeys", $target_user); + $pubkey_url = CreateURL("ssh-keys", $target_user); echo "
  • You can also edit your ssh public keys. diff --git a/www/profile.php b/www/profile.php index c6d89cc86..c51c5ffbd 100644 --- a/www/profile.php +++ b/www/profile.php @@ -1,6 +1,6 @@ SameUser($this_user))) { WRITESUBMENUBUTTON("Edit SSH Keys", - CreateURL("showpubkeys", $target_user)); + CreateURL("ssh-keys", $target_user)); WRITESUBMENUBUTTON("Generate SSL Cert", CreateURL("gensslcert", $target_user)); diff --git a/www/showpubkeys.php3 b/www/showpubkeys.php3 deleted file mode 100644 index e844362f4..000000000 --- a/www/showpubkeys.php3 +++ /dev/null @@ -1,427 +0,0 @@ -. -# -# }}} -# -include("defs.php3"); - -# -# Only known and logged in users can do this. -# -$this_user = CheckLoginOrDie(CHECKLOGIN_USERSTATUS|CHECKLOGIN_WEBONLY); -$uid = $this_user->uid(); -$isadmin = ISADMIN(); - -# -# Verify page/form arguments. -# -$optargs = OptionalPageArguments("target_user", PAGEARG_USER, - "submit", PAGEARG_STRING, - "formfields", PAGEARG_ARRAY); - -# Default to current user. -if (!isset($target_user)) { - $target_user = $this_user; -} -$target_uid = $target_user->uid(); - -# -# Verify that this uid is a member of one of the projects that the -# target_uid is in. Must have proper permission in that group too. -# -if (!$isadmin && - !$target_user->AccessCheck($this_user, $TB_USERINFO_READINFO)) { - USERERROR("You do not have permission to view ${target_uid}'s keys!", 1); -} - -# -# Spit the form out using the array of data. -# -function SPITFORM($formfields, $errors) -{ - global $isadmin, $target_user, $BOSSNODE; - global $WIKIDOCURL; - - $target_uid = $target_user->uid(); - $uid_idx = $target_user->uid_idx(); - $webid = $target_user->webid(); - - # - # Standard Testbed Header, now that we know what we want to say. - # - PAGEHEADER("SSH Public Keys for user: $target_uid"); - - # - # Get the list and show it. - # - $query_result =& - $target_user->TableLookUp("user_pubkeys", "*"); - - if (mysql_num_rows($query_result)) { - echo "\n"; - - echo "
    - Current ssh public keys for user $target_uid. -

    \n"; - - echo " - - - \n"; - - while ($row = mysql_fetch_array($query_result)) { - $comment = $row['comment']; - $pubkey = $row['pubkey']; - $date = $row['stamp']; - $idx = $row['idx']; - $internal= $row['internal']; - $nodelete= $row['nodelete']; - $fnote = ""; - - if ($internal || $nodelete) { - $fnote = "[1]"; - } - $chunky = chunk_split("$pubkey $fnote", 75, "
    \n"); - - $delurl = CreateURL("deletepubkey", $target_user, "key", $idx); - - echo "\n"; - if (($internal || $nodelete) && !$isadmin) { - echo ""; - } - else { - echo ""; - } - echo " - \n"; - } - echo "
    Delete?Key
      - - Delete Key - $chunky
    \n"; - } - else { - echo "
    - There are no public keys on file for user $target_uid! -
    \n"; - } - echo "
    -
      -
    1. Your Emulab generated public keys may not be deleted. -
    -
    \n"; - - echo "
    \n"; - echo "
    - Enter ssh public keys for user - ${target_uid} [1,2] -
    - (We strongly - encourage the use of Protocol 2 keys only! [6]) -

    \n"; - - if ($errors) { - echo " - - \n"; - - while (list ($name, $message) = each ($errors)) { - # XSS prevention. - $message = CleanString($message); - echo " - - - \n"; - } - echo "
    - -  Oops, please fix the following errors!  - - -
    - $name:  - $message

    \n"; - } - # XSS prevention. - while (list ($key, $val) = each ($formfields)) { - $formfields[$key] = CleanString($val); - } - $url = CreateURL("showpubkeys", $target_user); - - echo " - \n"; - - # - # SSH public key - # - echo " - - - - \n"; - - # - # Verify with password. - # - if (!$isadmin) { - echo " - - - \n"; - } - - echo " - - \n"; - - echo " -
    Upload Public Key[3,4]:
    - (4K max) -     		- - -
    Password[5]: -
    - -
    \n"; - - echo "
    -
      -
    1. Please consult our - - security policies for information - regarding ssh public keys. -
    2. You should not hand edit your your authorized_keys file on - Emulab (.ssh/authorized_keys) since modifications via this - page will overwrite the file. -
    3. Note to Opera 5 users: - The file upload mechanism is broken in Opera, so you cannot - specify a local file for upload. Instead, please paste your - key in. -
    4. Typically, the file you want to upload is your - identity.pub, contained in your .ssh directory. -
    5. As a security precaution, you must supply your password - when adding new ssh public keys. -
    6. Protocol 2 keys are more secure then Protocol 1 keys, and - Emulab will soon require Protocol 2 keys. -
    -
    \n"; - - echo "NOTE: We use the - OpenSSH key format, which has a slightly - different protocol 2 public key format than some of the commercial - vendors such as SSH Communications. If you - use one of these commercial vendors, then please upload the public - key file and we will convert it for you.\n"; -} - -# -# On first load, display a form of current values. -# -if (!isset($submit)) { - $defaults = array(); - $defaults["password"] = ""; - SPITFORM($defaults, 0); - PAGEFOOTER(); - return; -} - -# Form submitted. Make sure we have a formfields array. -if (!isset($formfields)) { - # The only thing in formfields in this page is "password", which - # is skipped for admins. But we have to re-spit the page below. - $formfields = array(); -} - -# -# Otherwise, must validate and redisplay if errors -# -$errors = array(); - -# -# If usr provided a file for the key ... -# -if (isset($_FILES['usr_keyfile']) && - $_FILES['usr_keyfile']['name'] != "" && - $_FILES['usr_keyfile']['name'] != "none") { - - $localfile = $_FILES['usr_keyfile']['tmp_name']; - - if (! stat($localfile)) { - $errors["PubKey File"] = "No such file"; - } - # Taint check shell arguments always! - elseif (! preg_match("/^[-\w\.\/]*$/", $localfile)) { - $errors["PubKey File"] = "Invalid characters"; - } - else { - $keyfile = $localfile; - chmod($localfile, 0644); - } -} - -# -# Must verify passwd to add keys. -# -if (isset($keyfile)) { - if (! $isadmin) { - if (!isset($formfields["password"]) || - strcmp($formfields["password"], "") == 0) { - $errors["Password"] = "Must supply a verification password"; - } - elseif (VERIFYPASSWD($target_uid, $formfields["password"]) != 0) { - $errors["Password"] = "Incorrect password"; - } - } -} -else { - $errors["Missing Args"] = "Please supply keyfile"; -} - -# Spit the errors -if (count($errors)) { - SPITFORM($formfields, $errors); - PAGEFOOTER(); - return; -} - -# -# Build up argument array to pass along. -# -$args = array(); - -$args["user"] = $target_uid; - -if (isset($keyfile) && $keyfile != "") { - $args["keyfile"] = $keyfile; -} - -# -# Okay, first run the script in verify mode to see if the key is -# parsable. If it is, then do it for real. -# -$args["verify"] = 1; -if (! ($result = NewPubKey($uid, $args, $errors))) { - $errors["Pubkey Format"] = "Could not be parsed. Is it a public key?"; - - # Always respit the form so that the form fields are not lost. - # I just hate it when that happens so lets not be guilty of it ourselves. - SPITFORM($formfields, $errors); - PAGEFOOTER(); - return; -} - -# -# Insert key, update authkeys files and nodes if appropriate. -# -$args["verify"] = 0; -if (! ($result = NewPubKey($uid, $args, $errors))) { - # Always respit the form so that the form fields are not lost. - # I just hate it when that happens so lets not be guilty of it ourselves. - SPITFORM($formfields, $errors); - PAGEFOOTER(); - return; -} - -# -# Redirect back, avoiding a POST in the history. -# -header("Location: ". CreateURL("showpubkeys", $target_user)); - -# -# When there's a PubKeys class, this will be a Class function to edit them... -# -function NewPubKey($uid, $args, &$errors) { - global $suexec_output, $suexec_output_array, $TBADMINGROUP; - - # - # Generate a temporary file and write in the XML goo. - # - $xmlname = tempnam("/tmp", "addpubkey"); - if (! $xmlname) { - TBERROR("Could not create temporary filename", 0); - $errors[] = "Transient error(1); please try again later."; - return null; - } - if (! ($fp = fopen($xmlname, "w"))) { - TBERROR("Could not open temp file $xmlname", 0); - $errors[] = "Transient error(2); please try again later."; - return null; - } - - fwrite($fp, "\n"); - foreach ($args as $name => $value) { - fwrite($fp, ""); - fwrite($fp, " " . htmlspecialchars($value) . ""); - fwrite($fp, "\n"); - } - fwrite($fp, "\n"); - fclose($fp); - chmod($xmlname, 0666); - - # Invoke the back-end script as the user if an admin for permissions. - $suexec_uid = ISADMIN() ? $uid : "nobody"; - $retval = SUEXEC($suexec_uid, "nobody", "webaddpubkey -X $xmlname", - SUEXEC_ACTION_IGNORE); - - if ($retval) { - if ($retval < 0) { - $errors[] = "Transient error(3, $retval); please try again later."; - SUEXECERROR(SUEXEC_ACTION_CONTINUE); - } - else { - # unlink($xmlname); - if (count($suexec_output_array)) { - for ($i = 0; $i < count($suexec_output_array); $i++) { - $line = $suexec_output_array[$i]; - if (preg_match("/^([-\w]+):\s*(.*)$/", - $line, $matches)) { - $errors[$matches[1]] = $matches[2]; - } - else - $errors[] = $line; - } - } - else - $errors[] = "Transient error(4, $retval); please try again later."; - } - return null; - } - - # There are no return value(s) to parse at the end of the output. - - # Unlink this here, so that the file is left behind in case of error. - # We can then edit the pubkeys by hand from the xmlfile, if desired. - unlink($xmlname); - - return true; -} - -?> diff --git a/www/showuser.php3 b/www/showuser.php3 index f48244adc..bb8aff5ac 100644 --- a/www/showuser.php3 +++ b/www/showuser.php3 @@ -127,7 +127,7 @@ if (!$archived) { if (!$archived && !$target_user->wikionly() && ($isadmin || $target_user->SameUser($this_user))) { WRITESUBMENUBUTTON("Edit SSH Keys", - CreateURL("showpubkeys", $target_user)); + CreateURL("ssh-keys", $target_user)); WRITESUBMENUBUTTON("Generate SSL Cert", CreateURL("gensslcert", $target_user)); diff --git a/www/ssh-keys.php b/www/ssh-keys.php index 418f104ec..f6e4692d4 100644 --- a/www/ssh-keys.php +++ b/www/ssh-keys.php @@ -29,15 +29,22 @@ include("defs.php3"); $this_user = CheckLoginOrDie(); $uid = $this_user->uid(); $uid_idx = $this_user->uid_idx(); -$isadmin = ISADMIN(); # # Standard Testbed Header # PAGEHEADER("SSH Keys"); +$optargs = OptionalPageArguments("target_user", PAGEARG_USER); + +# Default to current user. +$target_opt = ""; +if (isset($target_user)) { + $target_opt = "&user=" . $target_user->uid(); +} + echo "
    \n"; -echo ""; $bodyclosestring = diff --git a/www/url_defs.php b/www/url_defs.php index f1d71190b..df07f2aa9 100644 --- a/www/url_defs.php +++ b/www/url_defs.php @@ -1,6 +1,6 @@