Context Navigation

source: branches/2.4/plugins/LocalFilesEditor/admin.php @ 20713

Last change on this file since 20713 was 20713, checked in by plg, 11 years ago
bug 2844: improve security on LocalFiles Editor, add pwg_token to avoid CSRF
Property svn:eol-style set to `LF`
File size: 5.5 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based photo gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2012 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
25	include_once(PHPWG_ROOT_PATH.'admin/include/tabsheet.class.php');
26	include_once(LOCALEDIT_PATH.'include/functions.inc.php');
27	load_language('plugin.lang', LOCALEDIT_PATH);
28	$my_base_url = get_root_url().'admin.php?page=plugin-'.basename(dirname(__FILE__));
29
30	// +-----------------------------------------------------------------------+
31	// \| Tabssheet
32	// +-----------------------------------------------------------------------+
33
34	if (empty($conf['LocalFilesEditor_tabs']))
35	{
36	$conf['LocalFilesEditor_tabs'] = array('localconf', 'css', 'tpl', 'lang', 'plug');
37	}
38
39	$page['tab'] = isset($_GET['tab']) ? $_GET['tab'] : $conf['LocalFilesEditor_tabs'][0];
40
41	if (!in_array($page['tab'], $conf['LocalFilesEditor_tabs'])) die('Hacking attempt!');
42
43	$tabsheet = new tabsheet();
44	foreach ($conf['LocalFilesEditor_tabs'] as $tab)
45	{
46	$tabsheet->add($tab, l10n('locfiledit_onglet_'.$tab), $my_base_url.'-'.$tab);
47	}
48	$tabsheet->select($page['tab']);
49	$tabsheet->assign();
50
51	include_once(LOCALEDIT_PATH.'include/'.$page['tab'].'.inc.php');
52
53	// +-----------------------------------------------------------------------+
54	// \| Load backup file
55	// +-----------------------------------------------------------------------+
56	if (isset($_POST['restore']))
57	{
58	$content_file = file_get_contents(get_bak_file($edited_file));
59	array_push($page['infos'],
60	l10n('locfiledit_bak_loaded1'),
61	l10n('locfiledit_bak_loaded2'));
62	}
63
64	// +-----------------------------------------------------------------------+
65	// \| Save file
66	// +-----------------------------------------------------------------------+
67	if (isset($_POST['submit']))
68	{
69	check_pwg_token();
70
71	if (!is_webmaster())
72	{
73	array_push($page['errors'], l10n('locfiledit_webmaster_only'));
74	}
75	else
76	{
77	$content_file = stripslashes($_POST['text']);
78	if (get_extension($edited_file) == 'php')
79	{
80	$content_file = eval_syntax($content_file);
81	}
82	if ($content_file === false)
83	{
84	array_push($page['errors'], l10n('locfiledit_syntax_error'));
85	}
86	else
87	{
88	if ($page['tab'] == 'plug' and !is_dir(PHPWG_PLUGINS_PATH . 'PersonalPlugin'))
89	{
90	@mkdir(PHPWG_PLUGINS_PATH . "PersonalPlugin");
91	}
92	if (file_exists($edited_file))
93	{
94	@copy($edited_file, get_bak_file($edited_file));
95	array_push($page['infos'], sprintf(l10n('locfiledit_saved_bak'), substr(get_bak_file($edited_file), 2)));
96	}
97
98	if ($file = @fopen($edited_file , "w"))
99	{
100	@fwrite($file , $content_file);
101	@fclose($file);
102	array_unshift($page['infos'], l10n('locfiledit_save_config'));
103	$template->delete_compiled_templates();
104	}
105	else
106	{
107	array_push($page['errors'], l10n('locfiledit_cant_save'));
108	}
109	}
110	}
111	}
112
113	// +-----------------------------------------------------------------------+
114	// \| template initialization
115	// +-----------------------------------------------------------------------+
116	$template->set_filenames(array(
117	'plugin_admin_content' => dirname(__FILE__) . '/template/admin.tpl'));
118
119	if (!empty($edited_file))
120	{
121	if (!empty($page['errors']))
122	{
123	$content_file = stripslashes($_POST['text']);
124	}
125	$template->assign('zone_edit',
126	array(
127	'EDITED_FILE' => $edited_file,
128	'CONTENT_FILE' => htmlspecialchars($content_file),
129	'FILE_NAME' => trim($edited_file, './\\')
130	)
131	);
132	if (file_exists(get_bak_file($edited_file)))
133	{
134	$template->assign('restore', true);
135	}
136	if (file_exists($edited_file))
137	{
138	$template->assign('restore_infos', true);
139	}
140	}
141
142	$template->assign(array(
143	'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=plugin-LocalFilesEditor-'.$page['tab'],
144	'LOCALEDIT_PATH' => LOCALEDIT_PATH,
145	'PWG_TOKEN' => get_pwg_token(),
146	'CODEMIRROR_MODE' => @$codemirror_mode
147	)
148	);
149
150	$template->assign_var_from_handle('ADMIN_CONTENT', 'plugin_admin_content');
151
152	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: