source: branches/branch-1_7/admin/comments.php @ 2183

Last change on this file since 2183 was 2031, checked in by rub, 17 years ago

Resolved issue 0000702: Code Injection with picture comment

Merge BSF 2029:2030 into branch-1_7

  • Property svn:eol-style set to LF
  • Property svn:keywords set to Author Date Id Revision
File size: 5.8 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | PhpWebGallery - a PHP based picture gallery                           |
4// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
5// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
6// +-----------------------------------------------------------------------+
7// | file          : $Id: comments.php 2031 2007-06-07 18:52:40Z rub $
8// | last update   : $Date: 2007-06-07 18:52:40 +0000 (Thu, 07 Jun 2007) $
9// | last modifier : $Author: rub $
10// | revision      : $Revision: 2031 $
11// +-----------------------------------------------------------------------+
12// | This program is free software; you can redistribute it and/or modify  |
13// | it under the terms of the GNU General Public License as published by  |
14// | the Free Software Foundation                                          |
15// |                                                                       |
16// | This program is distributed in the hope that it will be useful, but   |
17// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
18// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
19// | General Public License for more details.                              |
20// |                                                                       |
21// | You should have received a copy of the GNU General Public License     |
22// | along with this program; if not, write to the Free Software           |
23// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
24// | USA.                                                                  |
25// +-----------------------------------------------------------------------+
26
27if (!defined('PHPWG_ROOT_PATH'))
28{
29  die ("Hacking attempt!");
30}
31
32include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
33include_once(PHPWG_ROOT_PATH.'admin/include/functions_waiting.inc.php');
34
35// +-----------------------------------------------------------------------+
36// | Check Access and exit when user status is not ok                      |
37// +-----------------------------------------------------------------------+
38check_status(ACCESS_ADMINISTRATOR);
39
40// +-----------------------------------------------------------------------+
41// |                                actions                                |
42// +-----------------------------------------------------------------------+
43
44if (isset($_POST))
45{
46  $to_validate = array();
47  $to_reject = array();
48
49  if (isset($_POST['submit']) and !is_adviser())
50  {
51    foreach (explode(',', $_POST['list']) as $comment_id)
52    {
53      if (isset($_POST['action-'.$comment_id]))
54      {
55        switch ($_POST['action-'.$comment_id])
56        {
57          case 'reject' :
58          {
59            array_push($to_reject, $comment_id);
60            break;
61          }
62          case 'validate' :
63          {
64            array_push($to_validate, $comment_id);
65            break;
66          }
67        }
68      }
69    }
70  }
71  else if (isset($_POST['validate-all']) and !empty($_POST['list']) and !is_adviser())
72  {
73    $to_validate = explode(',', $_POST['list']);
74  }
75  else if (isset($_POST['reject-all']) and !empty($_POST['list']) and !is_adviser())
76  {
77    $to_reject = explode(',', $_POST['list']);
78  }
79
80  if (count($to_validate) > 0)
81  {
82    $query = '
83UPDATE '.COMMENTS_TABLE.'
84  SET validated = \'true\'
85    , validation_date = NOW()
86  WHERE id IN ('.implode(',', $to_validate).')
87;';
88    pwg_query($query);
89
90    array_push(
91      $page['infos'],
92      l10n_dec(
93        '%d user comment validated', '%d user comments validated',
94        count($to_validate)
95        )
96      );
97  }
98
99  if (count($to_reject) > 0)
100  {
101    $query = '
102DELETE
103  FROM '.COMMENTS_TABLE.'
104  WHERE id IN ('.implode(',', $to_reject).')
105;';
106    pwg_query($query);
107
108    array_push(
109      $page['infos'],
110      l10n_dec(
111        '%d user comment rejected', '%d user comments rejected',
112        count($to_reject)
113        )
114      );
115  }
116}
117
118// +-----------------------------------------------------------------------+
119// |                             template init                             |
120// +-----------------------------------------------------------------------+
121
122$template->set_filenames(array('comments'=>'admin/comments.tpl'));
123
124// TabSheet initialization
125waiting_tabsheet();
126
127$template->assign_vars(
128  array(
129    'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=comments'
130    )
131  );
132
133// +-----------------------------------------------------------------------+
134// |                           comments display                            |
135// +-----------------------------------------------------------------------+
136
137$list = array();
138
139$query = '
140SELECT c.id, c.image_id, c.date, c.author, c.content, i.path, i.tn_ext
141  FROM '.COMMENTS_TABLE.' AS c
142    INNER JOIN '.IMAGES_TABLE.' AS i
143      ON i.id = c.image_id
144  WHERE validated = \'false\'
145  ORDER BY c.date DESC 
146;';
147$result = pwg_query($query);
148while ($row = mysql_fetch_assoc($result))
149{
150  $thumb = get_thumbnail_url(
151      array(
152        'id'=>$row['image_id'],
153        'path'=>$row['path'],
154        'tn_ext'=>@$row['tn_ext']
155        )
156     );
157  $template->assign_block_vars(
158    'comment',
159    array(
160      'U_PICTURE' =>
161          PHPWG_ROOT_PATH.'admin.php?page=picture_modify'.
162          '&amp;image_id='.$row['image_id'],
163      'ID' => $row['id'],
164      'TN_SRC' => $thumb,
165      'AUTHOR' => trigger_event('render_comment_author', $row['author']),
166      'DATE' => format_date($row['date'],'mysql_datetime',true),
167      'CONTENT' => trigger_event('render_comment_content',$row['content'])
168      )
169    );
170
171  array_push($list, $row['id']);
172}
173
174$template->assign_vars(
175  array(
176    'LIST' => implode(',', $list)
177    )
178  );
179
180// +-----------------------------------------------------------------------+
181// |                           sending html code                           |
182// +-----------------------------------------------------------------------+
183
184$template->assign_var_from_handle('ADMIN_CONTENT', 'comments');
185
186?>
Note: See TracBrowser for help on using the repository browser.