Changeset 5195
- Timestamp:
- Mar 19, 2010, 11:25:39 PM (14 years ago)
- Location:
- trunk
- Files:
-
- 26 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/admin/cat_list.php
r5193 r5195 34 34 check_status(ACCESS_ADMINISTRATOR); 35 35 36 if (!empty($_POST) or isset($_GET['delete'])) 37 { 38 check_pwg_token(); 39 } 40 36 41 // +-----------------------------------------------------------------------+ 37 42 // | functions | … … 65 70 // +-----------------------------------------------------------------------+ 66 71 72 check_input_parameter('parent_id', $_GET, false, PATTERN_ID); 73 67 74 $categories = array(); 68 75 … … 186 193 'CATEGORIES_NAV'=>$navigation, 187 194 'F_ACTION'=>$form_action, 195 'PWG_TOKEN' => get_pwg_token(), 188 196 )); 189 197 … … 261 269 { 262 270 $tpl_cat['U_DELETE'] = $self_url.'&delete='.$category['id']; 271 $tpl_cat['U_DELETE'].= '&pwg_token='.get_pwg_token(); 263 272 } 264 273 -
trunk/admin/element_set.php
r5021 r5195 40 40 check_status(ACCESS_ADMINISTRATOR); 41 41 42 check_input_parameter('selection', $_POST, true, PATTERN_ID); 43 42 44 // +-----------------------------------------------------------------------+ 43 45 // | caddie management | -
trunk/admin/element_set_global.php
r5188 r5195 43 43 // | deletion form submission | 44 44 // +-----------------------------------------------------------------------+ 45 46 // the $_POST['selection'] was already checked in element_set.php 47 check_input_parameter('del_tags', $_POST, true, PATTERN_ID); 48 check_input_parameter('associate', $_POST, false, PATTERN_ID); 49 check_input_parameter('dissociate', $_POST, false, PATTERN_ID); 45 50 46 51 if (isset($_POST['delete'])) -
trunk/admin/group_list.php
r5036 r5195 33 33 // +-----------------------------------------------------------------------+ 34 34 check_status(ACCESS_ADMINISTRATOR); 35 36 if (!empty($_POST) or isset($_GET['delete']) or isset($_GET['toggle_is_default'])) 37 { 38 check_pwg_token(); 39 } 35 40 36 41 // +-----------------------------------------------------------------------+ … … 156 161 'F_ADD_ACTION' => get_root_url().'admin.php?page=group_list', 157 162 'U_HELP' => get_root_url().'popuphelp.php?page=group_list', 163 'PWG_TOKEN' => get_pwg_token(), 158 164 ) 159 165 ); … … 192 198 'MEMBERS' => l10n_dec('%d member', '%d members', $counter), 193 199 'U_MEMBERS' => $members_url.$row['id'], 194 'U_DELETE' => $del_url.$row['id'] ,200 'U_DELETE' => $del_url.$row['id'].'&pwg_token='.get_pwg_token(), 195 201 'U_PERM' => $perm_url.$row['id'], 196 'U_ISDEFAULT' => $toggle_is_default_url.$row['id'] 202 'U_ISDEFAULT' => $toggle_is_default_url.$row['id'].'&pwg_token='.get_pwg_token(), 197 203 ) 198 204 ); -
trunk/admin/include/functions.php
r5188 r5195 23 23 24 24 include(PHPWG_ROOT_PATH.'admin/include/functions_metadata.php'); 25 26 /**27 * check token comming from form posted or get params to prevent csrf attacks28 * if pwg_token is empty action doesn't require token29 * else pwg_token is compare to server token30 *31 * @return void access denied if token given is not equal to server token32 */33 function check_token()34 {35 global $conf;36 37 $valid_token = hash_hmac('md5', session_id(), $conf['secret_key']);38 $given_token = null;39 40 if (!empty($_POST['pwg_token']))41 {42 $given_token = $_POST['pwg_token'];43 }44 elseif (!empty($_GET['pwg_token']))45 {46 $given_token = $_GET['pwg_token'];47 }48 if ($given_token != $valid_token)49 {50 access_denied();51 }52 }53 25 54 26 // The function delete_site deletes a site and call the function -
trunk/admin/include/uploadify/uploadify.php
r5089 r5195 9 9 include_once(PHPWG_ROOT_PATH.'admin/include/functions_upload.inc.php'); 10 10 11 //check_pwg_token();11 check_pwg_token(); 12 12 13 13 ob_start(); -
trunk/admin/photos_add_direct.php
r5089 r5195 31 31 if (isset($_GET['batch'])) 32 32 { 33 check_input_parameter('batch', $_GET ['batch'], false, '/^\d+(,\d+)*$/');33 check_input_parameter('batch', $_GET, false, '/^\d+(,\d+)*$/'); 34 34 35 35 $query = ' … … 348 348 'upload_id' => md5(rand()), 349 349 'session_id' => session_id(), 350 'pwg_token' => '1234abcd5678efgh',//get_pwg_token(),350 'pwg_token' => get_pwg_token(), 351 351 ) 352 352 ); -
trunk/admin/picture_modify.php
r5188 r5195 34 34 check_status(ACCESS_ADMINISTRATOR); 35 35 36 check_input_parameter('image_id', $_GET, false, PATTERN_ID); 37 check_input_parameter('cat_id', $_GET, false, PATTERN_ID); 38 36 39 // +-----------------------------------------------------------------------+ 37 40 // | synchronize metadata | -
trunk/admin/plugins_list.php
r3950 r5195 33 33 $order = isset($_GET['order']) ? $_GET['order'] : 'name'; 34 34 $base_url = get_root_url().'admin.php?page='.$page['page'].'&order='.$order; 35 $action_url = $base_url.'&plugin='.'%s'.'&pwg_token='.get_pwg_token(); 35 36 36 37 $plugins = new plugins(); … … 39 40 if (isset($_GET['action']) and isset($_GET['plugin']) and !is_adviser()) 40 41 { 42 check_pwg_token(); 43 41 44 $page['errors'] = $plugins->perform_action($_GET['action'], $_GET['plugin']); 42 45 … … 97 100 'VERSION' => $fs_plugin['version'], 98 101 'DESCRIPTION' => $desc, 99 'U_ACTION' => $base_url.'&plugin='.$plugin_id);102 'U_ACTION' => sprintf($action_url, $plugin_id)); 100 103 101 104 if (isset($plugins->db_plugins_by_id[$plugin_id])) … … 116 119 foreach($missing_plugin_ids as $plugin_id) 117 120 { 118 $action_url = $base_url.'&plugin='.$plugin_id;119 120 121 $template->append( 'plugins', 121 122 array( … … 123 124 'VERSION' => $plugins->db_plugins_by_id[$plugin_id]['version'], 124 125 'DESCRIPTION' => "ERROR: THIS PLUGIN IS MISSING BUT IT IS INSTALLED! UNINSTALL IT NOW !", 125 'U_ACTION' => $base_url.'&plugin='.$plugin_id,126 'U_ACTION' => sprintf($action_url, $plugin_id), 126 127 'STATE' => 'missing' 127 128 ) -
trunk/admin/plugins_new.php
r5021 r5195 39 39 if (isset($_GET['revision']) and isset($_GET['extension']) and !is_adviser()) 40 40 { 41 check_pwg_token(); 42 41 43 $install_status = $plugins->extract_plugin_files('install', $_GET['revision'], $_GET['extension']); 42 44 … … 111 113 $url_auto_install = htmlentities($base_url) 112 114 . '&revision=' . $plugin['revision_id'] 113 . '&extension=' . $plugin['extension_id']; 115 . '&extension=' . $plugin['extension_id'] 116 . '&pwg_token='.get_pwg_token() 117 ; 114 118 115 119 $template->append('plugins', array( -
trunk/admin/plugins_update.php
r5039 r5195 38 38 if (isset($_GET['plugin']) and isset($_GET['revision']) and !is_adviser()) 39 39 { 40 check_pwg_token(); 41 40 42 $plugin_id = $_GET['plugin']; 41 43 $revision = $_GET['revision']; … … 49 51 . '&revision=' . $revision 50 52 . '&plugin=' . $plugin_id 53 . '&pwg_token='.get_pwg_token() 51 54 . '&reactivate=true'); 52 55 } … … 134 137 $url_auto_update = $base_url 135 138 . '&revision=' . $plugin_info['revision_id'] 136 . '&plugin=' . $plugin_id; 139 . '&plugin=' . $plugin_id 140 . '&pwg_token='.get_pwg_token() 141 ; 137 142 138 143 $template->append('plugins_not_uptodate', array( -
trunk/admin/site_manager.php
r5036 r5195 33 33 // +-----------------------------------------------------------------------+ 34 34 check_status(ACCESS_ADMINISTRATOR); 35 36 if (!empty($_POST) or isset($_GET['action'])) 37 { 38 check_pwg_token(); 39 } 35 40 36 41 /** … … 199 204 } 200 205 201 $template->assign( array( 202 'U_HELP' => get_root_url().'popuphelp.php?page=site_manager', 203 'F_ACTION' => get_root_url().'admin.php' 204 .get_query_string_diff( array('action','site') ) 205 ) ); 206 $template->assign( 207 array( 208 'U_HELP' => get_root_url().'popuphelp.php?page=site_manager', 209 'F_ACTION' => get_root_url().'admin.php'.get_query_string_diff(array('action','site','pwg_token')), 210 'PWG_TOKEN' => get_pwg_token(), 211 ) 212 ); 206 213 207 214 // +-----------------------------------------------------------------------+ … … 243 250 $base_url.= '?page=site_manager'; 244 251 $base_url.= '&site='.$row['id']; 252 $base_url.= '&pwg_token='.get_pwg_token(); 245 253 $base_url.= '&action='; 246 254 -
trunk/admin/tags.php
r5036 r5195 29 29 include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); 30 30 check_status(ACCESS_ADMINISTRATOR); 31 32 if (!empty($_POST)) 33 { 34 check_pwg_token(); 35 } 31 36 32 37 // +-----------------------------------------------------------------------+ … … 190 195 $template->assign( 191 196 array( 192 'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=tags' 197 'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=tags', 198 'PWG_TOKEN' => get_pwg_token(), 193 199 ) 194 200 ); -
trunk/admin/themes/default/template/cat_list.tpl
r5193 r5195 27 27 28 28 <form id="addVirtual" action="{$F_ACTION}" method="post"> 29 <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" /> 29 30 <p> 30 31 {'Add a virtual category'|@translate} : <input type="text" name="virtual_name"> … … 39 40 {if count($categories) } 40 41 <form id="categoryOrdering" action="{$F_ACTION}" method="post"> 42 <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" /> 41 43 <p> 42 44 <input class="submit" name="submitOrder" type="submit" value="{'Save order'|@translate}" {$TAG_INPUT_ENABLED}> -
trunk/admin/themes/default/template/group_list.tpl
r5123 r5195 4 4 5 5 <form method="post" name="add_user" action="{$F_ADD_ACTION}" class="properties"> 6 <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" /> 6 7 <fieldset> 7 8 <legend>{'Add group'|@translate}</legend> -
trunk/admin/themes/default/template/site_manager.tpl
r5178 r5195 17 17 {if isset($local_listing.CREATE)} 18 18 <form action="{$F_ACTION}" method="post"> 19 <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" /> 19 20 <p> 20 21 {'Create this site'|@translate}: … … 64 65 65 66 <form action="{$F_ACTION}" method="post"> 67 <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" /> 66 68 <p> 67 69 <label for="galleries_url" >{'Create a new site : (give its URL to create_listing_file.php)'|@translate}</label> -
trunk/admin/themes/default/template/tags.tpl
r5123 r5195 4 4 5 5 <form action="{$F_ACTION}" method="post"> 6 <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" /> 6 7 7 8 {if isset($EDIT_TAGS_LIST)} -
trunk/comments.php
r5014 r5195 117 117 } 118 118 119 // search a specific comment (if you're coming directly from an admin 120 // notification email) 121 if (!empty($_GET['comment_id'])) 122 { 123 check_input_parameter('comment_id', $_GET, false, PATTERN_ID); 124 125 // currently, the $_GET['comment_id'] is only used by admins from email 126 // for management purpose (validate/delete) 127 if (!is_admin()) 128 { 129 $login_url = 130 get_root_url().'identification.php?redirect=' 131 .urlencode(urlencode($_SERVER['REQUEST_URI'])) 132 ; 133 redirect($login_url); 134 } 135 136 $page['where_clauses'][] = 'com.id = '.$_GET['comment_id']; 137 } 138 119 139 // search a substring among comments content 120 140 if (!empty($_GET['keyword'])) … … 156 176 // | comments management | 157 177 // +-----------------------------------------------------------------------+ 158 if (isset($_GET['delete']) and is_numeric($_GET['delete']) 159 and (is_admin() || $conf['user_can_delete_comment'])) 160 {// comments deletion 161 delete_user_comment($_GET['delete']); 162 } 163 164 if (isset($_GET['validate']) and is_numeric($_GET['validate']) 165 and !is_adviser() ) 166 { // comments validation 167 check_status(ACCESS_ADMINISTRATOR); 168 $query = ' 169 UPDATE '.COMMENTS_TABLE.' 170 SET validated = \'true\' 171 , validation_date = NOW() 172 WHERE id='.$_GET['validate'].' 173 ;'; 174 pwg_query($query); 175 } 176 177 if (isset($_GET['edit']) and is_numeric($_GET['edit']) 178 and (is_admin() || $conf['user_can_edit_comment'])) 179 { 180 if (!empty($_POST['content'])) 178 179 $comment_id = null; 180 $action = null; 181 182 $actions = array('delete', 'validate', 'edit'); 183 foreach ($actions as $loop_action) 184 { 185 if (isset($_GET[$loop_action])) 181 186 { 182 update_user_comment(array('comment_id' => $_GET['edit'], 183 'image_id' => $_POST['image_id'], 184 'content' => $_POST['content']), 185 $_POST['key'] 186 ); 187 188 $edit_comment = null; 187 $action = $loop_action; 188 check_input_parameter($action, $_GET, false, PATTERN_ID); 189 $comment_id = $_GET[$action]; 190 break; 189 191 } 190 else 192 } 193 194 if (isset($action)) 195 { 196 check_pwg_token(); 197 198 $comment_author_id = get_comment_author_id($comment_id); 199 200 if (can_manage_comment($action, $comment_author_id)) 191 201 { 192 $edit_comment = $_GET['edit']; 202 $perform_redirect = false; 203 204 if ('delete' == $action) 205 { 206 delete_user_comment($comment_id); 207 $perform_redirect = true; 208 } 209 210 if ('validate' == $action) 211 { 212 validate_user_comment($comment_id); 213 $perform_redirect = true; 214 } 215 216 if ('edit' == $action) 217 { 218 if (!empty($_POST['content'])) 219 { 220 update_user_comment( 221 array( 222 'comment_id' => $_GET['edit'], 223 'image_id' => $_POST['image_id'], 224 'content' => $_POST['content'] 225 ), 226 $_POST['key'] 227 ); 228 229 $edit_comment = null; 230 } 231 else 232 { 233 $edit_comment = $_GET['edit']; 234 } 235 } 236 237 if ($perform_redirect) 238 { 239 $redirect_url = 240 PHPWG_ROOT_PATH 241 .'comments.php' 242 .get_query_string_diff(array('delete','validate','pwg_token')); 243 244 redirect($redirect_url); 245 } 193 246 } 194 247 } … … 288 341 $url = PHPWG_ROOT_PATH 289 342 .'comments.php' 290 .get_query_string_diff(array('start','delete','validate'));343 .get_query_string_diff(array('start','delete','validate','pwg_token')); 291 344 292 345 $navbar = create_navigation_bar($url, … … 379 432 // link to the full size picture 380 433 $url = make_picture_url( 381 array(382 'category' => $categories[ $comment['category_id'] ],383 'image_id' => $comment['image_id'],384 'image_file' => $elements[$comment['image_id']]['file'],385 )386 );387 388 $tpl_comment =389 434 array( 390 'U_PICTURE' => $url, 391 'TN_SRC' => $thumbnail_src, 392 'ALT' => $name, 393 'AUTHOR' => trigger_event('render_comment_author', $comment['author']), 394 'DATE'=>format_date($comment['date'], true), 395 'CONTENT'=>trigger_event('render_comment_content',$comment['content']), 435 'category' => $categories[ $comment['category_id'] ], 436 'image_id' => $comment['image_id'], 437 'image_file' => $elements[$comment['image_id']]['file'], 438 ) 439 ); 440 441 $tpl_comment = array( 442 'U_PICTURE' => $url, 443 'TN_SRC' => $thumbnail_src, 444 'ALT' => $name, 445 'AUTHOR' => trigger_event('render_comment_author', $comment['author']), 446 'DATE'=>format_date($comment['date'], true), 447 'CONTENT'=>trigger_event('render_comment_content',$comment['content']), 448 ); 449 450 if (can_manage_comment('delete', $comment['author_id'])) 451 { 452 $url = 453 get_root_url() 454 .'comments.php' 455 .get_query_string_diff(array('delete','validate','edit', 'pwg_token')); 456 457 $tpl_comment['U_DELETE'] = add_url_params( 458 $url, 459 array( 460 'delete' => $comment['comment_id'], 461 'pwg_token' => get_pwg_token(), 462 ) 396 463 ); 397 398 if (can_manage_comment('delete', $comment['author_id'])) 399 { 400 $url = get_root_url().'comments.php' 401 .get_query_string_diff(array('delete','validate','edit')); 402 $tpl_comment['U_DELETE'] = 403 add_url_params($url, 404 array('delete'=>$comment['comment_id']) 405 ); 406 } 464 } 465 407 466 if (can_manage_comment('edit', $comment['author_id'])) 408 467 { 409 $url = get_root_url().'comments.php' 410 .get_query_string_diff(array('edit', 'delete','validate')); 411 $tpl_comment['U_EDIT'] = 412 add_url_params($url, 413 array('edit'=>$comment['comment_id']) 414 ); 468 $url = 469 get_root_url() 470 .'comments.php' 471 .get_query_string_diff(array('edit', 'delete','validate', 'pwg_token')); 472 473 $tpl_comment['U_EDIT'] = add_url_params( 474 $url, 475 array( 476 'edit' => $comment['comment_id'], 477 'pwg_token' => get_pwg_token(), 478 ) 479 ); 480 415 481 if (isset($edit_comment) and ($comment['comment_id'] == $edit_comment)) 416 482 { … … 423 489 } 424 490 425 if ( is_admin() && $comment['validated'] != 'true') 426 { 427 $tpl_comment['U_VALIDATE'] = 428 add_url_params($url, 429 array('validate'=>$comment['comment_id']) 430 ); 491 if (can_manage_comment('validate', $comment['author_id'])) 492 { 493 if ('true' != $comment['validated']) 494 { 495 $tpl_comment['U_VALIDATE'] = add_url_params( 496 $url, 497 array( 498 'validate'=> $comment['comment_id'], 499 'pwg_token' => get_pwg_token(), 500 ) 501 ); 502 } 431 503 } 432 504 $template->append('comments', $tpl_comment); -
trunk/feed.php
r5014 r5195 64 64 // +-----------------------------------------------------------------------+ 65 65 66 check_input_parameter('feed', @$_GET['feed'], false, '/^[0-9a-z]{50}$/i');66 check_input_parameter('feed', $_GET, false, '/^[0-9a-z]{50}$/i'); 67 67 68 68 $feed_id= isset($_GET['feed']) ? $_GET['feed'] : ''; -
trunk/include/constants.php
r5153 r5195 40 40 define('ACCESS_WEBMASTER', 4); 41 41 define('ACCESS_CLOSED', 5); 42 43 // Sanity checks 44 define('PATTERN_ID', '/^\d+$/'); 42 45 43 46 // Table names -
trunk/include/functions.inc.php
r5156 r5195 1483 1483 return $cache['get_icon'][$date] ? $icon : array(); 1484 1484 } 1485 1486 /** 1487 * check token comming from form posted or get params to prevent csrf attacks 1488 * if pwg_token is empty action doesn't require token 1489 * else pwg_token is compare to server token 1490 * 1491 * @return void access denied if token given is not equal to server token 1492 */ 1493 function check_pwg_token() 1494 { 1495 $valid_token = get_pwg_token(); 1496 $given_token = null; 1497 1498 if (!empty($_POST['pwg_token'])) 1499 { 1500 $given_token = $_POST['pwg_token']; 1501 } 1502 elseif (!empty($_GET['pwg_token'])) 1503 { 1504 $given_token = $_GET['pwg_token']; 1505 } 1506 if ($given_token != $valid_token) 1507 { 1508 access_denied(); 1509 } 1510 } 1511 1512 function get_pwg_token() 1513 { 1514 global $conf; 1515 1516 return hash_hmac('md5', session_id(), $conf['secret_key']); 1517 } 1518 1519 /* 1520 * breaks the script execution if the given value doesn't match the given 1521 * pattern. This should happen only during hacking attempts. 1522 * 1523 * @param string param_name 1524 * @param array param_array 1525 * @param boolean is_array 1526 * @param string pattern 1527 * 1528 * @return void 1529 */ 1530 function check_input_parameter($param_name, $param_array, $is_array, $pattern) 1531 { 1532 $param_value = null; 1533 if (isset($param_array[$param_name])) 1534 { 1535 $param_value = $param_array[$param_name]; 1536 } 1537 1538 // it's ok if the input parameter is null 1539 if (empty($param_value)) 1540 { 1541 return true; 1542 } 1543 1544 if ($is_array) 1545 { 1546 if (!is_array($param_value)) 1547 { 1548 fatal_error('[Hacking attempt] the input parameter "'.$param_name.'" should be an array'); 1549 } 1550 1551 foreach ($param_value as $item_to_check) 1552 { 1553 if (!preg_match($pattern, $item_to_check)) 1554 { 1555 fatal_error('[Hacking attempt] an item is not valid in input parameter "'.$param_name.'"'); 1556 } 1557 } 1558 } 1559 else 1560 { 1561 if (!preg_match($pattern, $param_value)) 1562 { 1563 fatal_error('[Hacking attempt] the input parameter "'.$param_name.'" is not valid'); 1564 } 1565 } 1566 } 1485 1567 ?> -
trunk/include/functions_comment.inc.php
r5021 r5195 171 171 $comm['id'] = pwg_db_insert_id(COMMENTS_TABLE); 172 172 173 if ( ($comment_action=='validate' and $conf['email_admin_on_comment']) or174 ($comment_action!='validate' and $conf['email_admin_on_comment_validation']))173 if ($conf['email_admin_on_comment'] 174 or ($conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action)) 175 175 { 176 176 include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php'); 177 177 178 $ del_url = get_absolute_root_url().'comments.php?delete='.$comm['id'];178 $comment_url = get_absolute_root_url().'comments.php?comment_id='.$comm['id']; 179 179 180 180 $keyargs_content = array … … 183 183 get_l10n_args('Comment: %s', stripslashes($comm['content']) ), 184 184 get_l10n_args('', ''), 185 get_l10n_args(' Delete: %s', $del_url)185 get_l10n_args('Manage this user comment: %s', $comment_url) 186 186 ); 187 187 188 if ( $comment_action!='validate')188 if ('moderate' == $comment_action) 189 189 { 190 $keyargs_content[] = 191 get_l10n_args('', ''); 192 $keyargs_content[] = 193 get_l10n_args('Validate: %s', 194 get_absolute_root_url().'comments.php?validate='.$comm['id']); 190 $keyargs_content[] = get_l10n_args('', ''); 191 $keyargs_content[] = get_l10n_args('(!) This comment requires validation', ''); 195 192 } 196 193 … … 213 210 * @param comment_id 214 211 */ 215 216 212 function delete_user_comment($comment_id) { 217 213 $user_where_clause = ''; … … 338 334 ); 339 335 } 336 337 function get_comment_author_id($comment_id, $die_on_error=true) 338 { 339 $query = ' 340 SELECT 341 author_id 342 FROM '.COMMENTS_TABLE.' 343 WHERE id = '.$comment_id.' 344 ;'; 345 $result = pwg_query($query); 346 if (pwg_db_num_rows($result) == 0) 347 { 348 if ($die_on_error) 349 { 350 fatal_error('Unknown comment identifier'); 351 } 352 else 353 { 354 return false; 355 } 356 } 357 358 list($author_id) = pwg_db_fetch_row($result); 359 360 return $author_id; 361 } 362 363 function validate_user_comment($comment_id) 364 { 365 $query = ' 366 UPDATE '.COMMENTS_TABLE.' 367 SET validated = "true" 368 , validation_date = NOW() 369 WHERE id = '.$comment_id.' 370 ;'; 371 pwg_query($query); 372 } 340 373 ?> -
trunk/include/functions_user.inc.php
r5123 r5195 1247 1247 1248 1248 /* 1249 * Return if current user can edit/delete a comment1250 * @param action edit/delete 1249 * Return if current user can edit/delete/validate a comment 1250 * @param action edit/delete/validate 1251 1251 * @return bool 1252 1252 */ 1253 1253 function can_manage_comment($action, $comment_author_id) 1254 1254 { 1255 if (!in_array($action, array('delete','edit'))) { 1255 global $user, $conf; 1256 1257 if (is_a_guest()) 1258 { 1256 1259 return false; 1257 1260 } 1258 return (is_admin() || 1259 (($GLOBALS['user']['id'] == $comment_author_id) 1260 && !is_a_guest() 1261 && $GLOBALS['conf'][sprintf('user_can_%s_comment', $action)])); 1261 1262 if (!in_array($action, array('delete','edit', 'validate'))) 1263 { 1264 return false; 1265 } 1266 1267 if (is_admin()) 1268 { 1269 return true; 1270 } 1271 1272 if ('edit' == $action and $conf['user_can_edit_comment']) 1273 { 1274 if ($comment_author_id == $user['id']) { 1275 return true; 1276 } 1277 } 1278 1279 if ('delete' == $action and $conf['user_can_delete_comment']) 1280 { 1281 if ($comment_author_id == $user['id']) { 1282 return true; 1283 } 1284 } 1285 1286 return false; 1262 1287 } 1263 1288 -
trunk/include/picture_comment.inc.php
r5021 r5195 167 167 if (can_manage_comment('delete', $row['author_id'])) 168 168 { 169 $tpl_comment['U_DELETE'] = 170 add_url_params($url_self, 171 array( 172 'action'=>'delete_comment', 173 'comment_to_delete'=>$row['id'] 174 ) 175 ); 169 $tpl_comment['U_DELETE'] = add_url_params( 170 $url_self, 171 array( 172 'action'=>'delete_comment', 173 'comment_to_delete'=>$row['id'], 174 'pwg_token' => get_pwg_token(), 175 ) 176 ); 176 177 } 177 178 if (can_manage_comment('edit', $row['author_id'])) 178 179 { 179 $tpl_comment['U_EDIT'] = 180 add_url_params($url_self, 181 array( 182 'action'=>'edit_comment', 183 'comment_to_edit'=>$row['id'] 184 ) 185 ); 180 $tpl_comment['U_EDIT'] = add_url_params( 181 $url_self, 182 array( 183 'action'=>'edit_comment', 184 'comment_to_edit'=>$row['id'], 185 'pwg_token' => get_pwg_token(), 186 ) 187 ); 186 188 if (isset($edit_comment) and ($row['id'] == $edit_comment)) 187 189 { … … 196 198 if ($row['validated'] != 'true') 197 199 { 198 $tpl_comment['U_VALIDATE'] = 199 add_url_params($url_self, 200 array('action' => 'validate_comment', 201 'comment_to_validate' => $row['id'] 202 ) 203 ); 200 $tpl_comment['U_VALIDATE'] = add_url_params( 201 $url_self, 202 array( 203 'action' => 'validate_comment', 204 'comment_to_validate' => $row['id'], 205 'pwg_token' => get_pwg_token(), 206 ) 207 ); 204 208 } 205 209 } -
trunk/picture.php
r5127 r5195 312 312 case 'edit_comment' : 313 313 { 314 check_pwg_token(); 315 314 316 include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php'); 315 if (isset($_GET['comment_to_edit']) 316 and is_numeric($_GET['comment_to_edit']) 317 and (is_admin() || $conf['user_can_edit_comment'])) 317 318 check_input_parameter('comment_to_edit', $_GET, false, PATTERN_ID); 319 320 $author_id = get_comment_author_id($_GET['comment_to_edit']); 321 322 if (can_manage_comment('edit', $author_id)) 318 323 { 319 324 if (!empty($_POST['content'])) 320 325 { 321 update_user_comment(array('comment_id' => $_GET['comment_to_edit'], 322 'image_id' => $page['image_id'], 323 'content' => $_POST['content']), 324 $_POST['key'] 325 ); 326 update_user_comment( 327 array( 328 'comment_id' => $_GET['comment_to_edit'], 329 'image_id' => $page['image_id'], 330 'content' => $_POST['content'] 331 ), 332 $_POST['key'] 333 ); 334 326 335 redirect($url_self); 327 } else { 336 } 337 else 338 { 328 339 $edit_comment = $_GET['comment_to_edit']; 329 340 break; … … 333 344 case 'delete_comment' : 334 345 { 346 check_pwg_token(); 347 335 348 include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php'); 336 if (isset($_GET['comment_to_delete']) 337 and is_numeric($_GET['comment_to_delete']) 338 and (is_admin() || $conf['user_can_delete_comment'])) 349 350 check_input_parameter('comment_to_delete', $_GET, false, PATTERN_ID); 351 352 $author_id = get_comment_author_id($_GET['comment_to_delete']); 353 354 if (can_manage_comment('delete', $author_id)) 339 355 { 340 356 delete_user_comment($_GET['comment_to_delete']); 341 357 } 358 342 359 redirect($url_self); 343 360 } 344 361 case 'validate_comment' : 345 362 { 363 check_pwg_token(); 364 346 365 include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php'); 347 if (isset($_GET['comment_to_validate']) 348 and is_numeric($_GET['comment_to_validate']) 349 and is_admin() and !is_adviser() ) 366 367 check_input_parameter('comment_to_validate', $_GET, false, PATTERN_ID); 368 369 $author_id = get_comment_author_id($_GET['comment_to_delete']); 370 371 if (can_manage_comment('validate', $author_id)) 350 372 { 351 $query = ' 352 UPDATE '.COMMENTS_TABLE.' 353 SET validated = \'true\' 354 , validation_date = NOW() 355 WHERE id='.$_GET['comment_to_validate'].' 356 ;'; 357 pwg_query( $query ); 373 validate_user_comment($_GET['comment_to_validate']); 358 374 } 375 359 376 redirect($url_self); 360 377 } -
trunk/search.php
r5021 r5195 72 72 if (isset($_POST['tags'])) 73 73 { 74 check_input_parameter('tags', $_POST ['tags'], true, PATTERN_ID);74 check_input_parameter('tags', $_POST, true, PATTERN_ID); 75 75 76 76 $search['fields']['tags'] = array( … … 93 93 if (isset($_POST['cat'])) 94 94 { 95 check_input_parameter('cat', $_POST ['cat'], true, PATTERN_ID);95 check_input_parameter('cat', $_POST, true, PATTERN_ID); 96 96 97 97 $search['fields']['cat'] = array(
Note: See TracChangeset
for help on using the changeset viewer.