Module: check_mk
Branch: master
Commit: b00183ec0c54437d56000c716e4209aa9166ca38
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=b00183ec0c5443…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Thu Apr 24 15:39:05 2014 +0200
FIX Improved transaction handling in Web GUI
All transactions within the GUI are handled via transaction ids.
In some instances these transaction ids were not stored correctly.
This could lead to odd results, e.g. that entered data within formulars got discarded.
---
.werks/906 | 10 ++++++++++
ChangeLog | 1 +
web/htdocs/config.py | 12 ++++++++++--
web/htdocs/html_mod_python.py | 8 ++++----
web/htdocs/htmllib.py | 10 ++++------
5 files changed, 29 insertions(+), 12 deletions(-)
diff --git a/.werks/906 b/.werks/906
new file mode 100644
index 0000000..b075194
--- /dev/null
+++ b/.werks/906
@@ -0,0 +1,10 @@
+Title: Improved transaction handling in Web GUI
+Level: 1
+Component: multisite
+Version: 1.2.5i3
+Date: 1398346478
+Class: fix
+
+All transactions within the GUI are handled via transaction ids.
+In some instances these transaction ids were not stored correctly.
+This could lead to odd results, e.g. that entered data within formulars got discarded.
diff --git a/ChangeLog b/ChangeLog
index eeb39e7..406284d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -59,6 +59,7 @@
* 0779 Hostgroups (Summary): Empty hostgroups are no longer shown (can be re-enabled
by filter)
* 0887 Add new column painter "Host Notifications Enabled"...
* 0905 FIX: Multisite context buttons: links in context buttons are no longer called
twice...
+ * 0906 FIX: Improved transaction handling in Web GUI...
WATO:
* 0784 Improved security of WATO bulk inventory by using transaction ids
diff --git a/web/htdocs/config.py b/web/htdocs/config.py
index bb8ea35..dadcffe 100644
--- a/web/htdocs/config.py
+++ b/web/htdocs/config.py
@@ -373,18 +373,26 @@ def get_role_permissions():
return role_permissions
# Helper functions
-def load_user_file(name, deflt):
+def load_user_file(name, deflt, lock = False):
path = user_confdir + "/" + name + ".mk"
try:
+ if lock:
+ aquire_lock(path)
+
return eval(file(path).read())
except:
return deflt
-def save_user_file(name, content):
+def save_user_file(name, content, unlock = False):
path = user_confdir + "/" + name + ".mk"
try:
write_settings_file(path, content)
+
+ if unlock:
+ release_lock(path)
except Exception, e:
+ # Error while writing file -> release lock
+ release_lock(path)
raise MKConfigError(_("Cannot save %s options for user <b>%s</b>
into <b>%s</b>: %s") % \
(name, user_id, path, e))
diff --git a/web/htdocs/html_mod_python.py b/web/htdocs/html_mod_python.py
index b164ad4..9b659bb 100644
--- a/web/htdocs/html_mod_python.py
+++ b/web/htdocs/html_mod_python.py
@@ -147,12 +147,12 @@ class html_mod_python(htmllib.html):
return True
- def load_transids(self):
- return config.load_user_file("transids", [])
+ def load_transids(self, lock = False):
+ return config.load_user_file("transids", [], lock)
- def save_transids(self, used_ids):
+ def save_transids(self, used_ids, unlock = False):
if config.user_id:
- config.save_user_file("transids", used_ids)
+ config.save_user_file("transids", used_ids, unlock)
def save_tree_states(self):
config.save_user_file("treestates", self.treestates)
diff --git a/web/htdocs/htmllib.py b/web/htdocs/htmllib.py
index 8957a97..8e02348 100644
--- a/web/htdocs/htmllib.py
+++ b/web/htdocs/htmllib.py
@@ -969,25 +969,23 @@ class html:
# than one week.
def store_new_transids(self):
if self.new_transids:
- valid_ids = self.load_transids()
-
+ valid_ids = self.load_transids(lock = True)
cleared_ids = []
now = time.time()
for valid_id in valid_ids:
timestamp, rand = valid_id.split("/")
if now - int(timestamp) < 604800: # 7 * 24 hours
cleared_ids.append(valid_id)
-
- self.save_transids(cleared_ids + self.new_transids)
+ self.save_transids(cleared_ids + self.new_transids, unlock = True)
# Remove the used transid from the list of valid ones
def invalidate_transid(self, used_id):
- valid_ids = self.load_transids()
+ valid_ids = self.load_transids(lock = True)
try:
valid_ids.remove(used_id)
except ValueError:
return
- self.save_transids(valid_ids)
+ self.save_transids(valid_ids, unlock = True)
# Checks, if the current transaction is valid, i.e. in case of
# browser reload a browser reload, the form submit should not