aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/LocalFilesEditor/include/lang.inc.php
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2013-02-12 10:01:46 +0000
committerplegall <plg@piwigo.org>2013-02-12 10:01:46 +0000
commitff5b60a215769bcf046bb9109b61ffe6af0ca5eb (patch)
treecaf6066f015c0bd09620fb720c689a22552f1c99 /plugins/LocalFilesEditor/include/lang.inc.php
parentca9158ee817910c15449bc19cb595ed6886e3099 (diff)
bug 2844: increase security on LocalFiles Editor, filter on files to edit.
git-svn-id: http://piwigo.org/svn/branches/2.4@20712 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'plugins/LocalFilesEditor/include/lang.inc.php')
-rw-r--r--plugins/LocalFilesEditor/include/lang.inc.php58
1 files changed, 37 insertions, 21 deletions
diff --git a/plugins/LocalFilesEditor/include/lang.inc.php b/plugins/LocalFilesEditor/include/lang.inc.php
index fe5a4f85c..e32a26c49 100644
--- a/plugins/LocalFilesEditor/include/lang.inc.php
+++ b/plugins/LocalFilesEditor/include/lang.inc.php
@@ -1,32 +1,46 @@
<?php
-
if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
-$edited_file = isset($_POST['edited_file']) ? $_POST['edited_file'] : '';
-$content_file = '';
+$languages = get_languages();
-if ((isset($_POST['edit'])) and !is_numeric($_POST['file_to_edit']))
+if (isset($_POST['edit']))
{
- $edited_file = $_POST['file_to_edit'];
- if (file_exists($edited_file))
- {
- $content_file = file_get_contents($edited_file);
- }
- else
- {
- $content_file = "<?php\n\n/* ".l10n('locfiledit_newfile')." */\n\n\n\n\n?>";
- }
+ $_POST['language'] = $_POST['language_select'];
+}
+
+if (isset($_POST['language']))
+{
+ $page['language'] = $_POST['language'];
+}
+
+if (!isset($page['language']) or !in_array($page['language'], array_keys($languages)))
+{
+ $page['language'] = get_default_language();
}
-$selected = 0;
-$options[] = l10n('locfiledit_choose_file');
-$options[] = '----------------------';
+$template->assign('language', $page['language']);
+
+$edited_file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'language/'.$page['language'].'.lang.php';;
+
+if (file_exists($edited_file))
+{
+ $content_file = file_get_contents($edited_file);
+}
+else
+{
+ $content_file = "<?php\n\n/* ".l10n('locfiledit_newfile')." */\n\n\n\n\n?>";
+}
+
+$selected = 0;
foreach (get_languages() as $language_code => $language_name)
{
- $value = PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'language/'.$language_code.'.lang.php';
- if ($edited_file == $value)
+ $file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'language/'.$language_code.'.lang.php';
+
+ $options[$language_code] = (file_exists($file) ? '&#x2714;' : '&#x2718;').' '.$language_name;
+
+ if ($page['language'] == $language_code)
{
- $selected = $value;
+ $selected = $language_code;
$template->assign('show_default', array(
array(
'URL' => LOCALEDIT_PATH.'show_default.php?file=language/'.$language_code.'/common.lang.php',
@@ -39,10 +53,12 @@ foreach (get_languages() as $language_code => $language_name)
)
);
}
- $options[$value] = $language_name;
}
-$template->assign('css_lang_tpl', array(
+$template->assign(
+ 'css_lang_tpl',
+ array(
+ 'SELECT_NAME' => 'language_select',
'OPTIONS' => $options,
'SELECTED' => $selected
)