Ignore:
Timestamp:
02/12/13 11:01:46 (6 years ago)
Author:
plg
Message:

bug 2844: increase security on LocalFiles Editor, filter on files to edit.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.4/plugins/LocalFilesEditor/include/lang.inc.php

    r10348 r20712  
    11<?php 
    2  
    32if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!'); 
    43 
    5 $edited_file = isset($_POST['edited_file']) ? $_POST['edited_file'] : ''; 
    6 $content_file = ''; 
     4$languages = get_languages(); 
    75 
    8 if ((isset($_POST['edit'])) and !is_numeric($_POST['file_to_edit'])) 
     6if (isset($_POST['edit'])) 
    97{ 
    10   $edited_file = $_POST['file_to_edit']; 
    11   if (file_exists($edited_file)) 
    12   { 
    13     $content_file = file_get_contents($edited_file); 
    14   } 
    15   else 
    16   { 
    17     $content_file = "<?php\n\n/* ".l10n('locfiledit_newfile')." */\n\n\n\n\n?>"; 
    18   } 
     8  $_POST['language'] = $_POST['language_select']; 
    199} 
    2010 
    21 $selected = 0;  
    22 $options[] = l10n('locfiledit_choose_file'); 
    23 $options[] = '----------------------'; 
     11if (isset($_POST['language'])) 
     12{ 
     13  $page['language'] = $_POST['language']; 
     14} 
     15   
     16if (!isset($page['language']) or !in_array($page['language'], array_keys($languages))) 
     17{ 
     18  $page['language'] = get_default_language(); 
     19} 
     20 
     21$template->assign('language', $page['language']); 
     22 
     23$edited_file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'language/'.$page['language'].'.lang.php';; 
     24 
     25if (file_exists($edited_file)) 
     26{ 
     27  $content_file = file_get_contents($edited_file); 
     28} 
     29else 
     30{ 
     31  $content_file = "<?php\n\n/* ".l10n('locfiledit_newfile')." */\n\n\n\n\n?>"; 
     32} 
     33 
     34$selected = 0; 
    2435foreach (get_languages() as $language_code => $language_name) 
    2536{ 
    26   $value = PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'language/'.$language_code.'.lang.php'; 
    27   if ($edited_file == $value) 
     37  $file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'language/'.$language_code.'.lang.php'; 
     38 
     39  $options[$language_code] = (file_exists($file) ? '&#x2714;' : '&#x2718;').' '.$language_name; 
     40   
     41  if ($page['language'] == $language_code) 
    2842  { 
    29     $selected = $value; 
     43    $selected = $language_code; 
    3044    $template->assign('show_default', array( 
    3145      array( 
     
    4054    ); 
    4155  } 
    42   $options[$value] = $language_name; 
    4356} 
    4457 
    45 $template->assign('css_lang_tpl', array( 
     58$template->assign( 
     59  'css_lang_tpl', 
     60  array( 
     61    'SELECT_NAME' => 'language_select', 
    4662    'OPTIONS' => $options, 
    4763    'SELECTED' => $selected 
Note: See TracChangeset for help on using the changeset viewer.