From ff5b60a215769bcf046bb9109b61ffe6af0ca5eb Mon Sep 17 00:00:00 2001 From: plegall Date: Tue, 12 Feb 2013 10:01:46 +0000 Subject: bug 2844: increase security on LocalFiles Editor, filter on files to edit. git-svn-id: http://piwigo.org/svn/branches/2.4@20712 68402e56-0260-453c-a942-63ccdbb3a9ee --- plugins/LocalFilesEditor/include/css.inc.php | 97 +++++++++++++++++----------- 1 file changed, 60 insertions(+), 37 deletions(-) (limited to 'plugins/LocalFilesEditor/include/css.inc.php') diff --git a/plugins/LocalFilesEditor/include/css.inc.php b/plugins/LocalFilesEditor/include/css.inc.php index 15e434582..e1d70995a 100644 --- a/plugins/LocalFilesEditor/include/css.inc.php +++ b/plugins/LocalFilesEditor/include/css.inc.php @@ -1,24 +1,40 @@ fs_themes))) + { + $page['theme'] = get_default_theme(); + } + + $edited_file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$page['theme'].'-rules.css'; } +$template->assign('theme', $page['theme']); + if (file_exists($edited_file)) { $content_file = file_get_contents($edited_file); @@ -29,12 +45,11 @@ else } $selected = 0; -// $options[] = l10n('locfiledit_choose_file'); -// $options[] = '----------------------'; -$value = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . "css/rules.css"; +$value = '~common~'; +$file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/rules.css'; -$options[$value] = (file_exists($value) ? '✔' : '✘').' local / css / rules.css'; -if ($edited_file == $value) +$options[$value] = (file_exists($file) ? '✔' : '✘').' local / css / rules.css'; +if ($page['theme'] == $value) { $selected = $value; } @@ -42,8 +57,6 @@ if ($edited_file == $value) // themes are displayed in the same order as on screen // [Administration > Configuration > Themes] -include_once(PHPWG_ROOT_PATH.'admin/include/themes.class.php'); -$themes = new themes(); $themes->sort_fs_themes(); $default_theme = get_default_theme(); $db_themes = $themes->get_db_themes(); @@ -81,47 +94,57 @@ foreach ($themes->fs_themes as $theme_id => $fs_theme) } } -$options[] = ''; -$options[] = '----- '.l10n('Active Themes').' -----'; -$options[] = ''; +$active_theme_options = array(); foreach ($active_themes as $theme) { - $value = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$theme['id'].'-rules.css'; + $file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$theme['id'].'-rules.css'; - $options[$value] = (file_exists($value) ? '✔' : '✘').' '.$theme['name']; + $label = (file_exists($file) ? '✔' : '✘').' '.$theme['name']; if ($default_theme == $theme['id']) { - $options[$value].= ' ('.l10n('default').')'; + $label.= ' ('.l10n('default').')'; } + + $active_theme_options[$theme['id']] = $label; - if ($edited_file == $value) + if ($theme['id'] == $page['theme']) { - $selected = $value; + $selected = $theme['id']; } } -$options[] = ''; -$options[] = '----- '.l10n('Inactive Themes').' -----'; -$options[] = ''; +if (count($active_theme_options) > 0) +{ + $options[l10n('Active Themes')] = $active_theme_options; +} + +$inactive_theme_options = array(); foreach ($inactive_themes as $theme) { - $value = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$theme['id'].'-rules.css'; + $file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$theme['id'].'-rules.css'; - $options[$value] = (file_exists($value) ? '✔' : '✘').' '.$theme['name']; + $inactive_theme_options[$theme['id']] = (file_exists($file) ? '✔' : '✘').' '.$theme['name']; - if ($edited_file == $value) + if ($theme['id'] == $page['theme']) { - $selected = $value; + $selected = $theme['id']; } } -$template->assign('css_lang_tpl', array( - 'OPTIONS' => $options, - 'SELECTED' => $selected - ) +if (count($inactive_theme_options) > 0) +{ + $options[l10n('Inactive Themes')] = $inactive_theme_options; +} + +$template->assign( + 'css_lang_tpl', + array( + 'SELECT_NAME' => 'theme_select', + 'OPTIONS' => $options, + 'SELECTED' => $selected + ) ); $codemirror_mode = 'text/css'; - ?> \ No newline at end of file -- cgit v1.2.3