Ignore:
Timestamp:
02/12/13 11:01:46 (6 years ago)
Author:
plg
Message:

bug 2844: increase security on LocalFiles Editor, filter on files to edit.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.4/plugins/LocalFilesEditor/include/css.inc.php

    r13242 r20712  
    11<?php 
    2  
    32if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!'); 
    43 
    5 if ((isset($_POST['edit'])) and !is_numeric($_POST['file_to_edit'])) 
     4include_once(PHPWG_ROOT_PATH.'admin/include/themes.class.php'); 
     5$themes = new themes(); 
     6 
     7if (isset($_POST['edit'])) 
    68{ 
    7   $edited_file = $_POST['file_to_edit']; 
     9  $_POST['theme'] = $_POST['theme_select']; 
    810} 
    9 elseif (isset($_POST['edited_file'])) 
     11 
     12if (isset($_POST['theme']) and '~common~' == $_POST['theme']) 
    1013{ 
    11   $edited_file = $_POST['edited_file']; 
    12 } 
    13 elseif (isset($_GET['theme']) and in_array($_GET['theme'], array_keys(get_pwg_themes(true)))) 
    14 { 
    15   $edited_file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$_GET['theme'].'-rules.css'; 
     14  $page['theme'] = $_POST['theme']; 
     15  $edited_file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'css/rules.css'; 
    1616} 
    1717else 
    1818{ 
    19   $edited_file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.get_default_theme().'-rules.css'; 
     19  if (isset($_GET['theme'])) 
     20  { 
     21    $page['theme'] = $_GET['theme']; 
     22  } 
     23  elseif (isset($_POST['theme'])) 
     24  { 
     25    $page['theme'] = $_POST['theme']; 
     26  } 
     27   
     28  if (!isset($page['theme']) or !in_array($page['theme'], array_keys($themes->fs_themes))) 
     29  { 
     30    $page['theme'] = get_default_theme(); 
     31  } 
     32   
     33  $edited_file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$page['theme'].'-rules.css'; 
    2034} 
     35 
     36$template->assign('theme', $page['theme']); 
    2137 
    2238if (file_exists($edited_file)) 
     
    3046 
    3147$selected = 0;  
    32 // $options[] = l10n('locfiledit_choose_file'); 
    33 // $options[] = '----------------------'; 
    34 $value = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . "css/rules.css"; 
     48$value = '~common~'; 
     49$file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/rules.css'; 
    3550 
    36 $options[$value] = (file_exists($value) ? '&#x2714;' : '&#x2718;').' local / css / rules.css'; 
    37 if ($edited_file == $value) 
     51$options[$value] = (file_exists($file) ? '&#x2714;' : '&#x2718;').' local / css / rules.css'; 
     52if ($page['theme'] == $value) 
    3853{ 
    3954  $selected = $value; 
     
    4358// [Administration > Configuration > Themes] 
    4459 
    45 include_once(PHPWG_ROOT_PATH.'admin/include/themes.class.php'); 
    46 $themes = new themes(); 
    4760$themes->sort_fs_themes(); 
    4861$default_theme = get_default_theme(); 
     
    8295} 
    8396 
    84 $options[] = ''; 
    85 $options[] = '----- '.l10n('Active Themes').' -----'; 
    86 $options[] = ''; 
     97$active_theme_options = array(); 
    8798foreach ($active_themes as $theme) 
    8899{ 
    89   $value = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$theme['id'].'-rules.css'; 
     100  $file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$theme['id'].'-rules.css'; 
    90101 
    91   $options[$value] = (file_exists($value) ? '&#x2714;' : '&#x2718;').' '.$theme['name']; 
     102  $label = (file_exists($file) ? '&#x2714;' : '&#x2718;').' '.$theme['name']; 
    92103 
    93104  if ($default_theme == $theme['id']) 
    94105  { 
    95     $options[$value].= ' ('.l10n('default').')'; 
     106    $label.= ' ('.l10n('default').')'; 
    96107  } 
     108 
     109  $active_theme_options[$theme['id']] = $label; 
    97110   
    98   if ($edited_file == $value) 
     111  if ($theme['id'] == $page['theme']) 
    99112  { 
    100     $selected = $value; 
     113    $selected = $theme['id']; 
    101114  } 
    102115} 
    103116 
    104 $options[] = ''; 
    105 $options[] = '----- '.l10n('Inactive Themes').' -----'; 
    106 $options[] = ''; 
     117if (count($active_theme_options) > 0) 
     118{ 
     119  $options[l10n('Active Themes')] = $active_theme_options; 
     120} 
     121 
     122$inactive_theme_options = array(); 
    107123foreach ($inactive_themes as $theme) 
    108124{ 
    109   $value = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$theme['id'].'-rules.css'; 
     125  $file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$theme['id'].'-rules.css'; 
    110126 
    111   $options[$value] = (file_exists($value) ? '&#x2714;' : '&#x2718;').' '.$theme['name']; 
     127  $inactive_theme_options[$theme['id']] = (file_exists($file) ? '&#x2714;' : '&#x2718;').' '.$theme['name']; 
    112128   
    113   if ($edited_file == $value) 
     129  if ($theme['id'] == $page['theme']) 
    114130  { 
    115     $selected = $value; 
     131    $selected = $theme['id']; 
    116132  } 
    117133} 
    118134 
    119 $template->assign('css_lang_tpl', array( 
    120   'OPTIONS' => $options, 
    121   'SELECTED' => $selected 
    122   ) 
     135if (count($inactive_theme_options) > 0) 
     136{ 
     137  $options[l10n('Inactive Themes')] = $inactive_theme_options; 
     138} 
     139 
     140$template->assign( 
     141  'css_lang_tpl', 
     142  array( 
     143    'SELECT_NAME' => 'theme_select', 
     144    'OPTIONS' => $options, 
     145    'SELECTED' => $selected 
     146    ) 
    123147); 
    124148 
    125149$codemirror_mode = 'text/css'; 
    126  
    127150?> 
Note: See TracChangeset for help on using the changeset viewer.