aboutsummaryrefslogtreecommitdiffstats
path: root/admin/include
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--admin/include/languages.class.php11
-rw-r--r--admin/include/plugins.class.php13
-rw-r--r--admin/include/themes.class.php14
3 files changed, 20 insertions, 18 deletions
diff --git a/admin/include/languages.class.php b/admin/include/languages.class.php
index c4caa2dc9..351e36d53 100644
--- a/admin/include/languages.class.php
+++ b/admin/include/languages.class.php
@@ -158,24 +158,24 @@ UPDATE '.USER_INFOS_TABLE.'
);
$plg_data = implode( '', file($path.'/common.lang.php') );
- if ( preg_match("|Language Name: (.*)|", $plg_data, $val) )
+ if (preg_match("|Language Name:\\s*(.+)|", $plg_data, $val))
{
$language['name'] = trim( $val[1] );
$language['name'] = convert_charset($language['name'], 'utf-8', $target_charset);
}
- if (preg_match("|Version: (.*)|", $plg_data, $val))
+ if (preg_match("|Version:\\s*([\\w.-]+)|", $plg_data, $val))
{
$language['version'] = trim($val[1]);
}
- if ( preg_match("|Language URI: (.*)|", $plg_data, $val) )
+ if (preg_match("|Language URI:\\s*(https?:\\/\\/.+)|", $plg_data, $val))
{
$language['uri'] = trim($val[1]);
}
- if ( preg_match("|Author: (.*)|", $plg_data, $val) )
+ if (preg_match("|Author:\\s*(.+)|", $plg_data, $val))
{
$language['author'] = trim($val[1]);
}
- if ( preg_match("|Author URI: (.*)|", $plg_data, $val) )
+ if (preg_match("|Author URI:\\s*(https?:\\/\\/.+)|", $plg_data, $val))
{
$language['author uri'] = trim($val[1]);
}
@@ -184,6 +184,7 @@ UPDATE '.USER_INFOS_TABLE.'
list( , $extension) = explode('extension_view.php?eid=', $language['uri']);
if (is_numeric($extension)) $language['extension'] = $extension;
}
+
// IMPORTANT SECURITY !
$language = array_map('htmlspecialchars', $language);
$this->fs_languages[$file] = $language;
diff --git a/admin/include/plugins.class.php b/admin/include/plugins.class.php
index 4aabcd9b7..25030b6a2 100644
--- a/admin/include/plugins.class.php
+++ b/admin/include/plugins.class.php
@@ -257,15 +257,15 @@ DELETE FROM '. PLUGINS_TABLE .'
);
$plg_data = file_get_contents($path.'/main.inc.php', null, null, 0, 2048);
- if ( preg_match("|Plugin Name: (.*)|", $plg_data, $val) )
+ if (preg_match("|Plugin Name:\\s*(.+)|", $plg_data, $val))
{
$plugin['name'] = trim( $val[1] );
}
- if (preg_match("|Version: (.*)|", $plg_data, $val))
+ if (preg_match("|Version:\\s*([\\w.-]+)|", $plg_data, $val))
{
$plugin['version'] = trim($val[1]);
}
- if ( preg_match("|Plugin URI: (.*)|", $plg_data, $val) )
+ if (preg_match("|Plugin URI:\\s*(https?:\\/\\/.+)|", $plg_data, $val))
{
$plugin['uri'] = trim($val[1]);
}
@@ -273,15 +273,15 @@ DELETE FROM '. PLUGINS_TABLE .'
{
$plugin['description'] = trim($desc);
}
- elseif ( preg_match("|Description: (.*)|", $plg_data, $val) )
+ elseif (preg_match("|Description:\\s*(.+)|", $plg_data, $val))
{
$plugin['description'] = trim($val[1]);
}
- if ( preg_match("|Author: (.*)|", $plg_data, $val) )
+ if (preg_match("|Author:\\s*(.+)|", $plg_data, $val))
{
$plugin['author'] = trim($val[1]);
}
- if ( preg_match("|Author URI: (.*)|", $plg_data, $val) )
+ if (preg_match("|Author URI:\\s*(https?:\\/\\/.+)|", $plg_data, $val))
{
$plugin['author uri'] = trim($val[1]);
}
@@ -290,6 +290,7 @@ DELETE FROM '. PLUGINS_TABLE .'
list( , $extension) = explode('extension_view.php?eid=', $plugin['uri']);
if (is_numeric($extension)) $plugin['extension'] = $extension;
}
+
// IMPORTANT SECURITY !
$plugin = array_map('htmlspecialchars', $plugin);
$this->fs_plugins[$file] = $plugin;
diff --git a/admin/include/themes.class.php b/admin/include/themes.class.php
index 5389eef58..df0e29e66 100644
--- a/admin/include/themes.class.php
+++ b/admin/include/themes.class.php
@@ -375,17 +375,17 @@ SELECT
'author' => '',
'mobile' => false,
);
- $theme_data = implode( '', file($path.'/themeconf.inc.php') );
+ $theme_data = implode('', file($path.'/themeconf.inc.php'));
- if ( preg_match("|Theme Name: (.*)|", $theme_data, $val) )
+ if (preg_match("|Theme Name:\\s*(.+)|", $theme_data, $val))
{
$theme['name'] = trim( $val[1] );
}
- if (preg_match("|Version: (.*)|", $theme_data, $val))
+ if (preg_match("|Version:\\s*([\\w.-]+)|", $theme_data, $val))
{
$theme['version'] = trim($val[1]);
}
- if ( preg_match("|Theme URI: (.*)|", $theme_data, $val) )
+ if (preg_match("|Theme URI:\\s*(https?:\\/\\/.+)|", $theme_data, $val))
{
$theme['uri'] = trim($val[1]);
}
@@ -393,15 +393,15 @@ SELECT
{
$theme['description'] = trim($desc);
}
- elseif ( preg_match("|Description: (.*)|", $theme_data, $val) )
+ elseif (preg_match("|Description:\\s*(.+)|", $theme_data, $val))
{
$theme['description'] = trim($val[1]);
}
- if ( preg_match("|Author: (.*)|", $theme_data, $val) )
+ if (preg_match("|Author:\\s*(.+)|", $theme_data, $val))
{
$theme['author'] = trim($val[1]);
}
- if ( preg_match("|Author URI: (.*)|", $theme_data, $val) )
+ if (preg_match("|Author URI:\\s*(https?:\\/\\/.+)|", $theme_data, $val))
{
$theme['author uri'] = trim($val[1]);
}