source: trunk/admin/plugins_new.php @ 15659

Revision 13962, 5.3 KB checked in by plg, 8 years ago (diff)

merge r13961 from branch 2.3 to trunk

bug 2612 fixed: sanitize $_GETinstallstatus before display for
themes/languages/plugins installation

  • Property svn:eol-style set to LF
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2012 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if( !defined("PHPWG_ROOT_PATH") )
25{
26  die ("Hacking attempt!");
27}
28
29include_once(PHPWG_ROOT_PATH.'admin/include/plugins.class.php');
30
31$template->set_filenames(array('plugins' => 'plugins_new.tpl'));
32
33$base_url = get_root_url().'admin.php?page='.$page['page'].'&tab='.$page['tab'];
34
35$plugins = new plugins();
36
37//------------------------------------------------------automatic installation
38if (isset($_GET['revision']) and isset($_GET['extension']))
39{
40  if (!is_webmaster())
41  {
42    array_push($page['errors'], l10n('Webmaster status is required.'));
43  }
44  else
45  {
46    check_pwg_token();
47   
48    $install_status = $plugins->extract_plugin_files('install', $_GET['revision'], $_GET['extension']);
49
50    redirect($base_url.'&installstatus='.$install_status);
51  }
52}
53
54//--------------------------------------------------------------install result
55if (isset($_GET['installstatus']))
56{
57  switch ($_GET['installstatus'])
58  {
59    case 'ok':
60      array_push($page['infos'],
61        l10n('Plugin has been successfully copied'),
62        l10n('You might go to plugin list to install and activate it.'));
63      break;
64
65    case 'temp_path_error':
66      array_push($page['errors'], l10n('Can\'t create temporary file.'));
67      break;
68
69    case 'dl_archive_error':
70      array_push($page['errors'], l10n('Can\'t download archive.'));
71      break;
72
73    case 'archive_error':
74      array_push($page['errors'], l10n('Can\'t read or extract archive.'));
75      break;
76
77    default:
78      array_push($page['errors'],
79        sprintf(l10n('An error occured during extraction (%s).'), htmlspecialchars($_GET['installstatus'])),
80        l10n('Please check "plugins" folder and sub-folders permissions (CHMOD).'));
81  } 
82}
83
84//---------------------------------------------------------------Order options
85$template->assign('order_options',
86  array(
87    'date' => l10n('Post date'),
88    'revision' => l10n('Last revisions'),
89    'name' => l10n('Name'),
90    'author' => l10n('Author'),
91    'downloads' => l10n('Number of downloads')));
92
93// +-----------------------------------------------------------------------+
94// |                     start template output                             |
95// +-----------------------------------------------------------------------+
96if ($plugins->get_server_plugins(true))
97{
98  /* order plugins */
99  if (pwg_get_session_var('plugins_new_order') != null)
100  {
101    $order_selected = pwg_get_session_var('plugins_new_order');
102    $plugins->sort_server_plugins($order_selected);
103    $template->assign('order_selected', $order_selected);
104  }
105  else
106  {
107    $plugins->sort_server_plugins('date');
108    $template->assign('order_selected', 'date');
109  }
110
111  foreach($plugins->server_plugins as $plugin)
112  {
113    $ext_desc = trim($plugin['extension_description'], " \n\r");
114    list($small_desc) = explode("\n", wordwrap($ext_desc, 200));
115
116    $url_auto_install = htmlentities($base_url)
117      . '&amp;revision=' . $plugin['revision_id']
118      . '&amp;extension=' . $plugin['extension_id']
119      . '&amp;pwg_token='.get_pwg_token()
120    ;
121
122    $template->append('plugins', array(
123      'ID' => $plugin['extension_id'],
124      'EXT_NAME' => $plugin['extension_name'],
125      'EXT_URL' => PEM_URL.'/extension_view.php?eid='.$plugin['extension_id'],
126      'SMALL_DESC' => trim($small_desc, " \r\n"),
127      'BIG_DESC' => $ext_desc,
128      'VERSION' => $plugin['revision_name'],
129      'REVISION_DATE' => preg_replace('/[^0-9]/', '', $plugin['revision_date']),
130      'AUTHOR' => $plugin['author_name'],
131      'DOWNLOADS' => $plugin['extension_nb_downloads'],
132      'URL_INSTALL' => $url_auto_install,
133      'URL_DOWNLOAD' => $plugin['download_url'] . '&amp;origin=piwigo_download'));
134  }
135}
136else
137{
138  array_push($page['errors'], l10n('Can\'t connect to server.'));
139}
140
141$template->assign_var_from_handle('ADMIN_CONTENT', 'plugins');
142?>
Note: See TracBrowser for help on using the repository browser.