Ignore:
Timestamp:
Feb 12, 2013, 11:01:46 AM (11 years ago)
Author:
plg
Message:

bug 2844: increase security on LocalFiles Editor, filter on files to edit.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/2.4/plugins/LocalFilesEditor/include/lang.inc.php

    r10348 r20712  
    11<?php
    2 
    32if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
    43
    5 $edited_file = isset($_POST['edited_file']) ? $_POST['edited_file'] : '';
    6 $content_file = '';
     4$languages = get_languages();
    75
    8 if ((isset($_POST['edit'])) and !is_numeric($_POST['file_to_edit']))
     6if (isset($_POST['edit']))
    97{
    10   $edited_file = $_POST['file_to_edit'];
    11   if (file_exists($edited_file))
    12   {
    13     $content_file = file_get_contents($edited_file);
    14   }
    15   else
    16   {
    17     $content_file = "<?php\n\n/* ".l10n('locfiledit_newfile')." */\n\n\n\n\n?>";
    18   }
     8  $_POST['language'] = $_POST['language_select'];
    199}
    2010
    21 $selected = 0;
    22 $options[] = l10n('locfiledit_choose_file');
    23 $options[] = '----------------------';
     11if (isset($_POST['language']))
     12{
     13  $page['language'] = $_POST['language'];
     14}
     15 
     16if (!isset($page['language']) or !in_array($page['language'], array_keys($languages)))
     17{
     18  $page['language'] = get_default_language();
     19}
     20
     21$template->assign('language', $page['language']);
     22
     23$edited_file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'language/'.$page['language'].'.lang.php';;
     24
     25if (file_exists($edited_file))
     26{
     27  $content_file = file_get_contents($edited_file);
     28}
     29else
     30{
     31  $content_file = "<?php\n\n/* ".l10n('locfiledit_newfile')." */\n\n\n\n\n?>";
     32}
     33
     34$selected = 0;
    2435foreach (get_languages() as $language_code => $language_name)
    2536{
    26   $value = PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'language/'.$language_code.'.lang.php';
    27   if ($edited_file == $value)
     37  $file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'language/'.$language_code.'.lang.php';
     38
     39  $options[$language_code] = (file_exists($file) ? '&#x2714;' : '&#x2718;').' '.$language_name;
     40 
     41  if ($page['language'] == $language_code)
    2842  {
    29     $selected = $value;
     43    $selected = $language_code;
    3044    $template->assign('show_default', array(
    3145      array(
     
    4054    );
    4155  }
    42   $options[$value] = $language_name;
    4356}
    4457
    45 $template->assign('css_lang_tpl', array(
     58$template->assign(
     59  'css_lang_tpl',
     60  array(
     61    'SELECT_NAME' => 'language_select',
    4662    'OPTIONS' => $options,
    4763    'SELECTED' => $selected
Note: See TracChangeset for help on using the changeset viewer.