Changes between Version 3 and Version 4 of TrueHttpLogoutPatch
- Timestamp:
- Aug 19, 2006, 11:53:39 AM (18 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TrueHttpLogoutPatch
v3 v4 17 17 == Usage == 18 18 19 * first remove buggy AuthFormPlugin ;-) 19 * first remove buggy AuthFormPlugin. ;-)[[BR]] 20 (security flaw: any user can login to another account without password) 20 21 21 22 * file `Share\trac\htdocs\js\trac.js`, append at the end of file: 22 23 {{{ 23 function clearAuthenticationCache() { 24 try{ 25 var agt=navigator.userAgent.toLowerCase(); 26 if (agt.indexOf("msie") != -1) { 27 // IE clear HTTP Authentication 28 document.execCommand("ClearAuthenticationCache"); 29 } 30 else { 31 // Let's create an xmlhttp object 32 var xmlhttp = createXMLObject(); 33 // Let's get the force page to logout for mozilla 34 xmlhttp.open("GET",".force_logout_offer_login_mozilla",true,"logout","logout"); 35 // Let's send the request to the server 36 xmlhttp.send(""); 37 // Let's abort the request 38 xmlhttp.abort(); 39 } 40 } catch(e) { 41 // There was an error 42 return; 43 } 24 function clearAuthenticationCache(page) { 25 // Default to a non-existing page (give error 500). 26 // An empty page is better, here. 27 if (!page) page = '.force_logout'; 28 try{ 29 var agt=navigator.userAgent.toLowerCase(); 30 if (agt.indexOf("msie") != -1) { 31 // IE clear HTTP Authentication 32 document.execCommand("ClearAuthenticationCache"); 44 33 } 34 else { 35 // Let's create an xmlhttp object 36 var xmlhttp = createXMLObject(); 37 // Let's prepare invalid credentials 38 xmlhttp.open("GET", page, true, "logout", "logout"); 39 // Let's send the request to the server 40 xmlhttp.send(""); 41 // Let's abort the request 42 xmlhttp.abort(); 43 } 44 } catch(e) { 45 // There was an error 46 return; 47 } 48 } 45 49 46 function createXMLObject() { 47 try { 48 if (window.XMLHttpRequest) { 49 xmlhttp = new XMLHttpRequest(); 50 } 51 // code for IE 52 else if (window.ActiveXObject) { 53 xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); 54 } 55 } catch (e) { 56 xmlhttp=false 57 } 58 return xmlhttp; 50 function createXMLObject() { 51 try { 52 if (window.XMLHttpRequest) { 53 xmlhttp = new XMLHttpRequest(); 59 54 } 55 // code for IE 56 else if (window.ActiveXObject) { 57 xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); 58 } 59 } catch (e) { 60 xmlhttp=false 61 } 62 return xmlhttp; 63 } 60 64 }}} 61 65 62 66 * file `Lib\site-packages\trac\web\auth.py`, locate method `get_navigation_items`, and change: 63 67 {{{ 64 65 66 68 yield ('metanav', 'logout', 69 Markup('<a href="%s">Logout</a>' 70 % escape(self.env.href.logout()))) 67 71 }}} 68 72 to: 69 73 {{{ 70 71 Markup('<a href="%s" onclick="clearAuthenticationCache();return true;">Logout</a>'72 % escape(self.env.href.logout())))74 yield ('metanav', 'logout', 75 Markup('<a href="%s" onclick="clearAuthenticationCache(\'%s\');">Logout</a>' 76 % ((escape(self.env.href.logout()),) *2) )) 73 77 }}} 74 78