Context Navigation

Changes between Version 3 and Version 4 of TrueHttpLogoutPatch

Timestamp:: Aug 19, 2006, 11:53:39 AM (18 years ago)
Author:: Florent
Comment:: fix to prevent any hidden 500 errors on the server

Legend:

: Unmodified
: Added
: Removed
: Modified

TrueHttpLogoutPatch

-                      v3
+                      v4
 == Usage ==
+ * first remove buggy AuthFormPlugin  ;-)
+ * first remove buggy AuthFormPlugin. ;-)[[BR]]
+   (security flaw: any user can login to another account without password)
  * file `Share\trac\htdocs\js\trac.js`, append at the end of file:
     {{{
+    function clearAuthenticationCache() {
+      try{
+        var agt=navigator.userAgent.toLowerCase();
+        if (agt.indexOf("msie") != -1) {
+          // IE clear HTTP Authentication
+          document.execCommand("ClearAuthenticationCache");
+        }
+        else {
+          // Let's create an xmlhttp object
+          var xmlhttp = createXMLObject();
+          // Let's get the force page to logout for mozilla
+          xmlhttp.open("GET",".force_logout_offer_login_mozilla",true,"logout","logout");
+          // Let's send the request to the server
+          xmlhttp.send("");
+          // Let's abort the request
+          xmlhttp.abort();
+        }
+      } catch(e) {
+      // There was an error
+        return;
+      }
+function clearAuthenticationCache(page) {
+  // Default to a non-existing page (give error 500).
+  // An empty page is better, here.
+  if (!page) page = '.force_logout';
+  try{
+    var agt=navigator.userAgent.toLowerCase();
+    if (agt.indexOf("msie") != -1) {
+      // IE clear HTTP Authentication
+      document.execCommand("ClearAuthenticationCache");
+    }
+    else {
+      // Let's create an xmlhttp object
+      var xmlhttp = createXMLObject();
+      // Let's prepare invalid credentials
+      xmlhttp.open("GET", page, true, "logout", "logout");
+      // Let's send the request to the server
+      xmlhttp.send("");
+      // Let's abort the request
+      xmlhttp.abort();
+    }
+  } catch(e) {
+    // There was an error
+    return;
+  }
+}
+    function createXMLObject() {
+      try {
+        if (window.XMLHttpRequest) {
+          xmlhttp = new XMLHttpRequest();
+        }
+        // code for IE
+        else if (window.ActiveXObject) {
+          xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
+        }
+      } catch (e) {
+        xmlhttp=false
+      }
+      return xmlhttp;
+function createXMLObject() {
+  try {
+    if (window.XMLHttpRequest) {
+      xmlhttp = new XMLHttpRequest();
+    }
+    // code for IE
+    else if (window.ActiveXObject) {
+      xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
+    }
+  } catch (e) {
+    xmlhttp=false
+  }
+  return xmlhttp;
+}
     }}}
  * file `Lib\site-packages\trac\web\auth.py`, locate method `get_navigation_items`, and change:
     {{{
             yield ('metanav', 'logout',
                    Markup('<a href="%s">Logout</a>'
                           % escape(self.env.href.logout())))
+yield ('metanav', 'logout',
+       Markup('<a href="%s">Logout</a>'
+              % escape(self.env.href.logout())))
     }}}
    to:
     {{{
             yield ('metanav', 'logout',
                    Markup('<a href="%s" onclick="clearAuthenticationCache();return true;">Logout</a>'
                           % escape(self.env.href.logout())))
+yield ('metanav', 'logout',
+       Markup('<a href="%s" onclick="clearAuthenticationCache(\'%s\');">Logout</a>'
+              % ((escape(self.env.href.logout()),) *2) ))
     }}}