From 8a7952a1712ee79386291e3e92e5b5cc91227812 Mon Sep 17 00:00:00 2001 From: plegall Date: Tue, 12 Feb 2013 10:19:57 +0000 Subject: merge r20712 from branch 2.4 to trunk bug 2844: increase security on LocalFiles Editor, filter on files to edit. git-svn-id: http://piwigo.org/svn/trunk@20714 68402e56-0260-453c-a942-63ccdbb3a9ee --- plugins/LocalFilesEditor/admin.php | 2 - plugins/LocalFilesEditor/include/css.inc.php | 97 +++++++++++++++++---------- plugins/LocalFilesEditor/include/lang.inc.php | 58 ++++++++++------ plugins/LocalFilesEditor/include/tpl.inc.php | 51 +++++++++----- plugins/LocalFilesEditor/template/admin.tpl | 31 ++++++--- 5 files changed, 151 insertions(+), 88 deletions(-) (limited to 'plugins/LocalFilesEditor') diff --git a/plugins/LocalFilesEditor/admin.php b/plugins/LocalFilesEditor/admin.php index ecf002658..79a34ad04 100644 --- a/plugins/LocalFilesEditor/admin.php +++ b/plugins/LocalFilesEditor/admin.php @@ -55,7 +55,6 @@ include_once(LOCALEDIT_PATH.'include/'.$page['tab'].'.inc.php'); // +-----------------------------------------------------------------------+ if (isset($_POST['restore'])) { - $edited_file = $_POST['edited_file']; $content_file = file_get_contents(get_bak_file($edited_file)); array_push($page['infos'], l10n('locfiledit_bak_loaded1'), @@ -73,7 +72,6 @@ if (isset($_POST['submit'])) } else { - $edited_file = $_POST['edited_file']; $content_file = stripslashes($_POST['text']); if (get_extension($edited_file) == 'php') { diff --git a/plugins/LocalFilesEditor/include/css.inc.php b/plugins/LocalFilesEditor/include/css.inc.php index 15e434582..e1d70995a 100644 --- a/plugins/LocalFilesEditor/include/css.inc.php +++ b/plugins/LocalFilesEditor/include/css.inc.php @@ -1,24 +1,40 @@ fs_themes))) + { + $page['theme'] = get_default_theme(); + } + + $edited_file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$page['theme'].'-rules.css'; } +$template->assign('theme', $page['theme']); + if (file_exists($edited_file)) { $content_file = file_get_contents($edited_file); @@ -29,12 +45,11 @@ else } $selected = 0; -// $options[] = l10n('locfiledit_choose_file'); -// $options[] = '----------------------'; -$value = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . "css/rules.css"; +$value = '~common~'; +$file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/rules.css'; -$options[$value] = (file_exists($value) ? '✔' : '✘').' local / css / rules.css'; -if ($edited_file == $value) +$options[$value] = (file_exists($file) ? '✔' : '✘').' local / css / rules.css'; +if ($page['theme'] == $value) { $selected = $value; } @@ -42,8 +57,6 @@ if ($edited_file == $value) // themes are displayed in the same order as on screen // [Administration > Configuration > Themes] -include_once(PHPWG_ROOT_PATH.'admin/include/themes.class.php'); -$themes = new themes(); $themes->sort_fs_themes(); $default_theme = get_default_theme(); $db_themes = $themes->get_db_themes(); @@ -81,47 +94,57 @@ foreach ($themes->fs_themes as $theme_id => $fs_theme) } } -$options[] = ''; -$options[] = '----- '.l10n('Active Themes').' -----'; -$options[] = ''; +$active_theme_options = array(); foreach ($active_themes as $theme) { - $value = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$theme['id'].'-rules.css'; + $file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$theme['id'].'-rules.css'; - $options[$value] = (file_exists($value) ? '✔' : '✘').' '.$theme['name']; + $label = (file_exists($file) ? '✔' : '✘').' '.$theme['name']; if ($default_theme == $theme['id']) { - $options[$value].= ' ('.l10n('default').')'; + $label.= ' ('.l10n('default').')'; } + + $active_theme_options[$theme['id']] = $label; - if ($edited_file == $value) + if ($theme['id'] == $page['theme']) { - $selected = $value; + $selected = $theme['id']; } } -$options[] = ''; -$options[] = '----- '.l10n('Inactive Themes').' -----'; -$options[] = ''; +if (count($active_theme_options) > 0) +{ + $options[l10n('Active Themes')] = $active_theme_options; +} + +$inactive_theme_options = array(); foreach ($inactive_themes as $theme) { - $value = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$theme['id'].'-rules.css'; + $file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$theme['id'].'-rules.css'; - $options[$value] = (file_exists($value) ? '✔' : '✘').' '.$theme['name']; + $inactive_theme_options[$theme['id']] = (file_exists($file) ? '✔' : '✘').' '.$theme['name']; - if ($edited_file == $value) + if ($theme['id'] == $page['theme']) { - $selected = $value; + $selected = $theme['id']; } } -$template->assign('css_lang_tpl', array( - 'OPTIONS' => $options, - 'SELECTED' => $selected - ) +if (count($inactive_theme_options) > 0) +{ + $options[l10n('Inactive Themes')] = $inactive_theme_options; +} + +$template->assign( + 'css_lang_tpl', + array( + 'SELECT_NAME' => 'theme_select', + 'OPTIONS' => $options, + 'SELECTED' => $selected + ) ); $codemirror_mode = 'text/css'; - ?> \ No newline at end of file diff --git a/plugins/LocalFilesEditor/include/lang.inc.php b/plugins/LocalFilesEditor/include/lang.inc.php index fe5a4f85c..e32a26c49 100644 --- a/plugins/LocalFilesEditor/include/lang.inc.php +++ b/plugins/LocalFilesEditor/include/lang.inc.php @@ -1,32 +1,46 @@ "; - } + $_POST['language'] = $_POST['language_select']; +} + +if (isset($_POST['language'])) +{ + $page['language'] = $_POST['language']; +} + +if (!isset($page['language']) or !in_array($page['language'], array_keys($languages))) +{ + $page['language'] = get_default_language(); } -$selected = 0; -$options[] = l10n('locfiledit_choose_file'); -$options[] = '----------------------'; +$template->assign('language', $page['language']); + +$edited_file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'language/'.$page['language'].'.lang.php';; + +if (file_exists($edited_file)) +{ + $content_file = file_get_contents($edited_file); +} +else +{ + $content_file = ""; +} + +$selected = 0; foreach (get_languages() as $language_code => $language_name) { - $value = PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'language/'.$language_code.'.lang.php'; - if ($edited_file == $value) + $file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'language/'.$language_code.'.lang.php'; + + $options[$language_code] = (file_exists($file) ? '✔' : '✘').' '.$language_name; + + if ($page['language'] == $language_code) { - $selected = $value; + $selected = $language_code; $template->assign('show_default', array( array( 'URL' => LOCALEDIT_PATH.'show_default.php?file=language/'.$language_code.'/common.lang.php', @@ -39,10 +53,12 @@ foreach (get_languages() as $language_code => $language_name) ) ); } - $options[$value] = $language_name; } -$template->assign('css_lang_tpl', array( +$template->assign( + 'css_lang_tpl', + array( + 'SELECT_NAME' => 'language_select', 'OPTIONS' => $options, 'SELECTED' => $selected ) diff --git a/plugins/LocalFilesEditor/include/tpl.inc.php b/plugins/LocalFilesEditor/include/tpl.inc.php index 1063b2238..4e985ac92 100644 --- a/plugins/LocalFilesEditor/include/tpl.inc.php +++ b/plugins/LocalFilesEditor/include/tpl.inc.php @@ -1,21 +1,34 @@ assign('template', $_POST['template']); + + $edited_file = './template-extension/'.$_POST['template']; +} + +$content_file = ''; +if (file_exists($edited_file)) +{ + $content_file = file_get_contents($edited_file); } $newfile_page = isset($_GET['newfile']); @@ -50,6 +63,7 @@ if (isset($_POST['create_tpl'])) } else { + $template->assign('template', $filename); $edited_file = $_POST['tpl_parent'] . '/' . $filename; $content_file = ($_POST['tpl_model'] == '0') ? '' : file_get_contents($_POST['tpl_model']); } @@ -117,7 +131,7 @@ else $options[] = '----------------------'; foreach (get_extents() as $pwg_template) { - $value = './template-extension/' . $pwg_template; + $value = $pwg_template; $options[$value] = str_replace('/', ' / ', $pwg_template); if ($edited_file == $value) $selected = $value; } @@ -126,13 +140,16 @@ else $options[$edited_file] = str_replace(array('./template-extension/', '/'), array('', ' / '), $edited_file); $selected = $edited_file; } - $template->assign('css_lang_tpl', array( - 'OPTIONS' => $options, - 'SELECTED' => $selected, - 'NEW_FILE_URL' => $my_base_url.'-tpl&newfile', - 'NEW_FILE_CLASS' => empty($edited_file) ? '' : 'top_right' - ) - ); + $template->assign( + 'css_lang_tpl', + array( + 'SELECT_NAME' => 'file_to_edit', + 'OPTIONS' => $options, + 'SELECTED' => $selected, + 'NEW_FILE_URL' => $my_base_url.'-tpl&newfile', + 'NEW_FILE_CLASS' => empty($edited_file) ? '' : 'top_right' + ) + ); } $codemirror_mode = 'text/html'; diff --git a/plugins/LocalFilesEditor/template/admin.tpl b/plugins/LocalFilesEditor/template/admin.tpl index 00be8a017..23a5d1975 100644 --- a/plugins/LocalFilesEditor/template/admin.tpl +++ b/plugins/LocalFilesEditor/template/admin.tpl @@ -30,7 +30,18 @@ if (document.getElementById("text") != null)
- +{if isset($theme)} + +{/if} + +{if isset($language)} + +{/if} + +{if isset($template)} + +{/if} + {if isset ($create_tpl)} @@ -52,20 +63,18 @@ if (document.getElementById("text") != null) {/if} {if isset ($css_lang_tpl)} - +{html_options options=$css_lang_tpl.OPTIONS selected=$css_lang_tpl.SELECTED} -

- {if isset ($css_lang_tpl.NEW_FILE_URL)} - - {'locfiledit_new_tpl'|@translate} - - {/if} +{/if} + +{if isset ($css_lang_tpl.NEW_FILE_URL)} + +{'locfiledit_new_tpl'|@translate} + {/if} {if isset ($zone_edit)} -- cgit v1.2.3