aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2013-02-12 10:01:46 +0000
committerplegall <plg@piwigo.org>2013-02-12 10:01:46 +0000
commitff5b60a215769bcf046bb9109b61ffe6af0ca5eb (patch)
treecaf6066f015c0bd09620fb720c689a22552f1c99
parentca9158ee817910c15449bc19cb595ed6886e3099 (diff)
bug 2844: increase security on LocalFiles Editor, filter on files to edit.
git-svn-id: http://piwigo.org/svn/branches/2.4@20712 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--plugins/LocalFilesEditor/admin.php2
-rw-r--r--plugins/LocalFilesEditor/include/css.inc.php97
-rw-r--r--plugins/LocalFilesEditor/include/lang.inc.php58
-rw-r--r--plugins/LocalFilesEditor/include/tpl.inc.php51
-rw-r--r--plugins/LocalFilesEditor/template/admin.tpl31
5 files changed, 151 insertions, 88 deletions
diff --git a/plugins/LocalFilesEditor/admin.php b/plugins/LocalFilesEditor/admin.php
index 4ca4cd2d0..136e601e7 100644
--- a/plugins/LocalFilesEditor/admin.php
+++ b/plugins/LocalFilesEditor/admin.php
@@ -55,7 +55,6 @@ include_once(LOCALEDIT_PATH.'include/'.$page['tab'].'.inc.php');
// +-----------------------------------------------------------------------+
if (isset($_POST['restore']))
{
- $edited_file = $_POST['edited_file'];
$content_file = file_get_contents(get_bak_file($edited_file));
array_push($page['infos'],
l10n('locfiledit_bak_loaded1'),
@@ -73,7 +72,6 @@ if (isset($_POST['submit']))
}
else
{
- $edited_file = $_POST['edited_file'];
$content_file = stripslashes($_POST['text']);
if (get_extension($edited_file) == 'php')
{
diff --git a/plugins/LocalFilesEditor/include/css.inc.php b/plugins/LocalFilesEditor/include/css.inc.php
index 15e434582..e1d70995a 100644
--- a/plugins/LocalFilesEditor/include/css.inc.php
+++ b/plugins/LocalFilesEditor/include/css.inc.php
@@ -1,24 +1,40 @@
<?php
-
if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
-if ((isset($_POST['edit'])) and !is_numeric($_POST['file_to_edit']))
-{
- $edited_file = $_POST['file_to_edit'];
-}
-elseif (isset($_POST['edited_file']))
+include_once(PHPWG_ROOT_PATH.'admin/include/themes.class.php');
+$themes = new themes();
+
+if (isset($_POST['edit']))
{
- $edited_file = $_POST['edited_file'];
+ $_POST['theme'] = $_POST['theme_select'];
}
-elseif (isset($_GET['theme']) and in_array($_GET['theme'], array_keys(get_pwg_themes(true))))
+
+if (isset($_POST['theme']) and '~common~' == $_POST['theme'])
{
- $edited_file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$_GET['theme'].'-rules.css';
+ $page['theme'] = $_POST['theme'];
+ $edited_file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'css/rules.css';
}
else
{
- $edited_file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.get_default_theme().'-rules.css';
+ if (isset($_GET['theme']))
+ {
+ $page['theme'] = $_GET['theme'];
+ }
+ elseif (isset($_POST['theme']))
+ {
+ $page['theme'] = $_POST['theme'];
+ }
+
+ if (!isset($page['theme']) or !in_array($page['theme'], array_keys($themes->fs_themes)))
+ {
+ $page['theme'] = get_default_theme();
+ }
+
+ $edited_file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$page['theme'].'-rules.css';
}
+$template->assign('theme', $page['theme']);
+
if (file_exists($edited_file))
{
$content_file = file_get_contents($edited_file);
@@ -29,12 +45,11 @@ else
}
$selected = 0;
-// $options[] = l10n('locfiledit_choose_file');
-// $options[] = '----------------------';
-$value = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . "css/rules.css";
+$value = '~common~';
+$file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/rules.css';
-$options[$value] = (file_exists($value) ? '&#x2714;' : '&#x2718;').' local / css / rules.css';
-if ($edited_file == $value)
+$options[$value] = (file_exists($file) ? '&#x2714;' : '&#x2718;').' local / css / rules.css';
+if ($page['theme'] == $value)
{
$selected = $value;
}
@@ -42,8 +57,6 @@ if ($edited_file == $value)
// themes are displayed in the same order as on screen
// [Administration > Configuration > Themes]
-include_once(PHPWG_ROOT_PATH.'admin/include/themes.class.php');
-$themes = new themes();
$themes->sort_fs_themes();
$default_theme = get_default_theme();
$db_themes = $themes->get_db_themes();
@@ -81,47 +94,57 @@ foreach ($themes->fs_themes as $theme_id => $fs_theme)
}
}
-$options[] = '';
-$options[] = '----- '.l10n('Active Themes').' -----';
-$options[] = '';
+$active_theme_options = array();
foreach ($active_themes as $theme)
{
- $value = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$theme['id'].'-rules.css';
+ $file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$theme['id'].'-rules.css';
- $options[$value] = (file_exists($value) ? '&#x2714;' : '&#x2718;').' '.$theme['name'];
+ $label = (file_exists($file) ? '&#x2714;' : '&#x2718;').' '.$theme['name'];
if ($default_theme == $theme['id'])
{
- $options[$value].= ' ('.l10n('default').')';
+ $label.= ' ('.l10n('default').')';
}
+
+ $active_theme_options[$theme['id']] = $label;
- if ($edited_file == $value)
+ if ($theme['id'] == $page['theme'])
{
- $selected = $value;
+ $selected = $theme['id'];
}
}
-$options[] = '';
-$options[] = '----- '.l10n('Inactive Themes').' -----';
-$options[] = '';
+if (count($active_theme_options) > 0)
+{
+ $options[l10n('Active Themes')] = $active_theme_options;
+}
+
+$inactive_theme_options = array();
foreach ($inactive_themes as $theme)
{
- $value = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$theme['id'].'-rules.css';
+ $file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$theme['id'].'-rules.css';
- $options[$value] = (file_exists($value) ? '&#x2714;' : '&#x2718;').' '.$theme['name'];
+ $inactive_theme_options[$theme['id']] = (file_exists($file) ? '&#x2714;' : '&#x2718;').' '.$theme['name'];
- if ($edited_file == $value)
+ if ($theme['id'] == $page['theme'])
{
- $selected = $value;
+ $selected = $theme['id'];
}
}
-$template->assign('css_lang_tpl', array(
- 'OPTIONS' => $options,
- 'SELECTED' => $selected
- )
+if (count($inactive_theme_options) > 0)
+{
+ $options[l10n('Inactive Themes')] = $inactive_theme_options;
+}
+
+$template->assign(
+ 'css_lang_tpl',
+ array(
+ 'SELECT_NAME' => 'theme_select',
+ 'OPTIONS' => $options,
+ 'SELECTED' => $selected
+ )
);
$codemirror_mode = 'text/css';
-
?> \ No newline at end of file
diff --git a/plugins/LocalFilesEditor/include/lang.inc.php b/plugins/LocalFilesEditor/include/lang.inc.php
index fe5a4f85c..e32a26c49 100644
--- a/plugins/LocalFilesEditor/include/lang.inc.php
+++ b/plugins/LocalFilesEditor/include/lang.inc.php
@@ -1,32 +1,46 @@
<?php
-
if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
-$edited_file = isset($_POST['edited_file']) ? $_POST['edited_file'] : '';
-$content_file = '';
+$languages = get_languages();
-if ((isset($_POST['edit'])) and !is_numeric($_POST['file_to_edit']))
+if (isset($_POST['edit']))
{
- $edited_file = $_POST['file_to_edit'];
- if (file_exists($edited_file))
- {
- $content_file = file_get_contents($edited_file);
- }
- else
- {
- $content_file = "<?php\n\n/* ".l10n('locfiledit_newfile')." */\n\n\n\n\n?>";
- }
+ $_POST['language'] = $_POST['language_select'];
+}
+
+if (isset($_POST['language']))
+{
+ $page['language'] = $_POST['language'];
+}
+
+if (!isset($page['language']) or !in_array($page['language'], array_keys($languages)))
+{
+ $page['language'] = get_default_language();
}
-$selected = 0;
-$options[] = l10n('locfiledit_choose_file');
-$options[] = '----------------------';
+$template->assign('language', $page['language']);
+
+$edited_file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'language/'.$page['language'].'.lang.php';;
+
+if (file_exists($edited_file))
+{
+ $content_file = file_get_contents($edited_file);
+}
+else
+{
+ $content_file = "<?php\n\n/* ".l10n('locfiledit_newfile')." */\n\n\n\n\n?>";
+}
+
+$selected = 0;
foreach (get_languages() as $language_code => $language_name)
{
- $value = PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'language/'.$language_code.'.lang.php';
- if ($edited_file == $value)
+ $file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'language/'.$language_code.'.lang.php';
+
+ $options[$language_code] = (file_exists($file) ? '&#x2714;' : '&#x2718;').' '.$language_name;
+
+ if ($page['language'] == $language_code)
{
- $selected = $value;
+ $selected = $language_code;
$template->assign('show_default', array(
array(
'URL' => LOCALEDIT_PATH.'show_default.php?file=language/'.$language_code.'/common.lang.php',
@@ -39,10 +53,12 @@ foreach (get_languages() as $language_code => $language_name)
)
);
}
- $options[$value] = $language_name;
}
-$template->assign('css_lang_tpl', array(
+$template->assign(
+ 'css_lang_tpl',
+ array(
+ 'SELECT_NAME' => 'language_select',
'OPTIONS' => $options,
'SELECTED' => $selected
)
diff --git a/plugins/LocalFilesEditor/include/tpl.inc.php b/plugins/LocalFilesEditor/include/tpl.inc.php
index 1063b2238..4e985ac92 100644
--- a/plugins/LocalFilesEditor/include/tpl.inc.php
+++ b/plugins/LocalFilesEditor/include/tpl.inc.php
@@ -1,21 +1,34 @@
<?php
-
if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
-$edited_file = isset($_POST['edited_file']) ? $_POST['edited_file'] : '';
-$content_file = '';
+$edited_file = '';
-if ((isset($_POST['edit'])) and !is_numeric($_POST['file_to_edit']))
+if (isset($_POST['edit']))
{
- $edited_file = $_POST['file_to_edit'];
- if (file_exists($edited_file))
+ $_POST['template'] = $_POST['file_to_edit'];
+}
+
+if (!empty($_POST['template']))
+{
+ if (preg_match('#\.\./#', $_POST['template']))
{
- $content_file = file_get_contents($edited_file);
+ die('Hacking attempt! template extension must be in template-extension directory');
}
- else
+
+ if (!preg_match('#\.tpl$#', $_POST['template']))
{
- $content_file = '';
+ die('Hacking attempt! template extension must be a *.tpl file');
}
+
+ $template->assign('template', $_POST['template']);
+
+ $edited_file = './template-extension/'.$_POST['template'];
+}
+
+$content_file = '';
+if (file_exists($edited_file))
+{
+ $content_file = file_get_contents($edited_file);
}
$newfile_page = isset($_GET['newfile']);
@@ -50,6 +63,7 @@ if (isset($_POST['create_tpl']))
}
else
{
+ $template->assign('template', $filename);
$edited_file = $_POST['tpl_parent'] . '/' . $filename;
$content_file = ($_POST['tpl_model'] == '0') ? '' : file_get_contents($_POST['tpl_model']);
}
@@ -117,7 +131,7 @@ else
$options[] = '----------------------';
foreach (get_extents() as $pwg_template)
{
- $value = './template-extension/' . $pwg_template;
+ $value = $pwg_template;
$options[$value] = str_replace('/', ' / ', $pwg_template);
if ($edited_file == $value) $selected = $value;
}
@@ -126,13 +140,16 @@ else
$options[$edited_file] = str_replace(array('./template-extension/', '/'), array('', ' / '), $edited_file);
$selected = $edited_file;
}
- $template->assign('css_lang_tpl', array(
- 'OPTIONS' => $options,
- 'SELECTED' => $selected,
- 'NEW_FILE_URL' => $my_base_url.'-tpl&amp;newfile',
- 'NEW_FILE_CLASS' => empty($edited_file) ? '' : 'top_right'
- )
- );
+ $template->assign(
+ 'css_lang_tpl',
+ array(
+ 'SELECT_NAME' => 'file_to_edit',
+ 'OPTIONS' => $options,
+ 'SELECTED' => $selected,
+ 'NEW_FILE_URL' => $my_base_url.'-tpl&amp;newfile',
+ 'NEW_FILE_CLASS' => empty($edited_file) ? '' : 'top_right'
+ )
+ );
}
$codemirror_mode = 'text/html';
diff --git a/plugins/LocalFilesEditor/template/admin.tpl b/plugins/LocalFilesEditor/template/admin.tpl
index 00be8a017..23a5d1975 100644
--- a/plugins/LocalFilesEditor/template/admin.tpl
+++ b/plugins/LocalFilesEditor/template/admin.tpl
@@ -30,7 +30,18 @@ if (document.getElementById("text") != null)
<div id="LocalFilesEditor">
-<input type="hidden" value="{$zone_edit.EDITED_FILE}" name="edited_file"/>
+{if isset($theme)}
+<input type="hidden" value="{$theme}" name="theme">
+{/if}
+
+{if isset($language)}
+<input type="hidden" value="{$language}" name="language">
+{/if}
+
+{if isset($template)}
+<input type="hidden" value="{$template}" name="template">
+{/if}
+
{if isset ($create_tpl)}
<table>
@@ -52,20 +63,18 @@ if (document.getElementById("text") != null)
{/if}
{if isset ($css_lang_tpl)}
-<select name="file_to_edit">
-{foreach from=$css_lang_tpl.OPTIONS item=theme key=value}
- <option value="{$value}" {if $value == $css_lang_tpl.SELECTED}selected="selected"{/if} {if is_numeric($value)}disabled="disabled"{/if}>{$theme}</option>
-{/foreach}
+<select name="{$css_lang_tpl.SELECT_NAME}">
+{html_options options=$css_lang_tpl.OPTIONS selected=$css_lang_tpl.SELECTED}
</select>
-
<input class="submit" type="submit" value="{'locfiledit_edit'|@translate}" name="edit" />
<br><br>
- {if isset ($css_lang_tpl.NEW_FILE_URL)}
- <span class="{$css_lang_tpl.NEW_FILE_CLASS}">
- <a href="{$css_lang_tpl.NEW_FILE_URL}">{'locfiledit_new_tpl'|@translate}</a>
- </span>
- {/if}
+{/if}
+
+{if isset ($css_lang_tpl.NEW_FILE_URL)}
+<span class="{$css_lang_tpl.NEW_FILE_CLASS}">
+<a href="{$css_lang_tpl.NEW_FILE_URL}">{'locfiledit_new_tpl'|@translate}</a>
+</span>
{/if}
{if isset ($zone_edit)}