Changeset 5195


Ignore:
Timestamp:
Mar 19, 2010, 11:25:39 PM (11 years ago)
Author:
plg
Message:

bug 1328: backport the pwg_token on trunk

bug 1329: backport the check_input_parameter on trunk

feature 1026: add pwg_token feature for edit/delete comment. Heavy refactoring
on this feature to make the code simpler and easier to maintain (I hope).

Location:
trunk
Files:
26 edited

Legend:

Unmodified
Added
Removed
  • trunk/admin/cat_list.php

    r5193 r5195  
    3434check_status(ACCESS_ADMINISTRATOR);
    3535
     36if (!empty($_POST) or isset($_GET['delete']))
     37{
     38  check_pwg_token();
     39}
     40
    3641// +-----------------------------------------------------------------------+
    3742// |                               functions                               |
     
    6570// +-----------------------------------------------------------------------+
    6671
     72check_input_parameter('parent_id', $_GET, false, PATTERN_ID);
     73
    6774$categories = array();
    6875
     
    186193  'CATEGORIES_NAV'=>$navigation,
    187194  'F_ACTION'=>$form_action,
     195  'PWG_TOKEN' => get_pwg_token(),
    188196 ));
    189197
     
    261269  {
    262270    $tpl_cat['U_DELETE'] = $self_url.'&delete='.$category['id'];
     271    $tpl_cat['U_DELETE'].= '&pwg_token='.get_pwg_token();
    263272  }
    264273
  • trunk/admin/element_set.php

    r5021 r5195  
    4040check_status(ACCESS_ADMINISTRATOR);
    4141
     42check_input_parameter('selection', $_POST, true, PATTERN_ID);
     43
    4244// +-----------------------------------------------------------------------+
    4345// |                          caddie management                            |
  • trunk/admin/element_set_global.php

    r5188 r5195  
    4343// |                         deletion form submission                      |
    4444// +-----------------------------------------------------------------------+
     45
     46// the $_POST['selection'] was already checked in element_set.php
     47check_input_parameter('del_tags', $_POST, true, PATTERN_ID);
     48check_input_parameter('associate', $_POST, false, PATTERN_ID);
     49check_input_parameter('dissociate', $_POST, false, PATTERN_ID);
    4550
    4651if (isset($_POST['delete']))
  • trunk/admin/group_list.php

    r5036 r5195  
    3333// +-----------------------------------------------------------------------+
    3434check_status(ACCESS_ADMINISTRATOR);
     35
     36if (!empty($_POST) or isset($_GET['delete']) or isset($_GET['toggle_is_default']))
     37{
     38  check_pwg_token();
     39}
    3540
    3641// +-----------------------------------------------------------------------+
     
    156161    'F_ADD_ACTION' => get_root_url().'admin.php?page=group_list',
    157162    'U_HELP' => get_root_url().'popuphelp.php?page=group_list',
     163    'PWG_TOKEN' => get_pwg_token(),
    158164    )
    159165  );
     
    192198      'MEMBERS' => l10n_dec('%d member', '%d members', $counter),
    193199      'U_MEMBERS' => $members_url.$row['id'],
    194       'U_DELETE' => $del_url.$row['id'],
     200      'U_DELETE' => $del_url.$row['id'].'&pwg_token='.get_pwg_token(),
    195201      'U_PERM' => $perm_url.$row['id'],
    196       'U_ISDEFAULT' => $toggle_is_default_url.$row['id']
     202      'U_ISDEFAULT' => $toggle_is_default_url.$row['id'].'&pwg_token='.get_pwg_token(),
    197203      )
    198204    );
  • trunk/admin/include/functions.php

    r5188 r5195  
    2323
    2424include(PHPWG_ROOT_PATH.'admin/include/functions_metadata.php');
    25 
    26 /**
    27  * check token comming from form posted or get params to prevent csrf attacks
    28  * if pwg_token is empty action doesn't require token
    29  * else pwg_token is compare to server token
    30  *
    31  * @return void access denied if token given is not equal to server token
    32  */
    33 function check_token()
    34 {
    35   global $conf;
    36 
    37   $valid_token = hash_hmac('md5', session_id(), $conf['secret_key']);
    38   $given_token = null;
    39 
    40   if (!empty($_POST['pwg_token']))
    41   {
    42     $given_token = $_POST['pwg_token'];
    43   }
    44   elseif (!empty($_GET['pwg_token']))
    45   {
    46     $given_token = $_GET['pwg_token'];
    47   }
    48   if ($given_token != $valid_token)
    49   {
    50     access_denied();   
    51   }
    52 }
    5325
    5426// The function delete_site deletes a site and call the function
  • trunk/admin/include/uploadify/uploadify.php

    r5089 r5195  
    99include_once(PHPWG_ROOT_PATH.'admin/include/functions_upload.inc.php');
    1010
    11 // check_pwg_token();
     11check_pwg_token();
    1212
    1313ob_start();
  • trunk/admin/photos_add_direct.php

    r5089 r5195  
    3131if (isset($_GET['batch']))
    3232{
    33   check_input_parameter('batch', $_GET['batch'], false, '/^\d+(,\d+)*$/');
     33  check_input_parameter('batch', $_GET, false, '/^\d+(,\d+)*$/');
    3434
    3535  $query = '
     
    348348      'upload_id' => md5(rand()),
    349349      'session_id' => session_id(),
    350       'pwg_token' => '1234abcd5678efgh',// get_pwg_token(),
     350      'pwg_token' => get_pwg_token(),
    351351    )
    352352  );
  • trunk/admin/picture_modify.php

    r5188 r5195  
    3434check_status(ACCESS_ADMINISTRATOR);
    3535
     36check_input_parameter('image_id', $_GET, false, PATTERN_ID);
     37check_input_parameter('cat_id', $_GET, false, PATTERN_ID);
     38
    3639// +-----------------------------------------------------------------------+
    3740// |                          synchronize metadata                         |
  • trunk/admin/plugins_list.php

    r3950 r5195  
    3333$order = isset($_GET['order']) ? $_GET['order'] : 'name';
    3434$base_url = get_root_url().'admin.php?page='.$page['page'].'&order='.$order;
     35$action_url = $base_url.'&plugin='.'%s'.'&pwg_token='.get_pwg_token();
    3536
    3637$plugins = new plugins();
     
    3940if (isset($_GET['action']) and isset($_GET['plugin']) and !is_adviser())
    4041{
     42  check_pwg_token();
     43 
    4144  $page['errors'] = $plugins->perform_action($_GET['action'], $_GET['plugin']);
    4245
     
    97100          'VERSION' => $fs_plugin['version'],
    98101          'DESCRIPTION' => $desc,
    99           'U_ACTION' => $base_url.'&plugin='.$plugin_id);
     102          'U_ACTION' => sprintf($action_url, $plugin_id));
    100103
    101104  if (isset($plugins->db_plugins_by_id[$plugin_id]))
     
    116119foreach($missing_plugin_ids as $plugin_id)
    117120{
    118   $action_url = $base_url.'&plugin='.$plugin_id;
    119 
    120121  $template->append( 'plugins',
    121122      array(
     
    123124        'VERSION' => $plugins->db_plugins_by_id[$plugin_id]['version'],
    124125        'DESCRIPTION' => "ERROR: THIS PLUGIN IS MISSING BUT IT IS INSTALLED! UNINSTALL IT NOW !",
    125         'U_ACTION' => $base_url.'&plugin='.$plugin_id,
     126        'U_ACTION' => sprintf($action_url, $plugin_id),
    126127        'STATE' => 'missing'
    127128      )
  • trunk/admin/plugins_new.php

    r5021 r5195  
    3939if (isset($_GET['revision']) and isset($_GET['extension']) and !is_adviser())
    4040{
     41  check_pwg_token();
     42 
    4143  $install_status = $plugins->extract_plugin_files('install', $_GET['revision'], $_GET['extension']);
    4244
     
    111113    $url_auto_install = htmlentities($base_url)
    112114      . '&revision=' . $plugin['revision_id']
    113       . '&extension=' . $plugin['extension_id'];
     115      . '&extension=' . $plugin['extension_id']
     116      . '&pwg_token='.get_pwg_token()
     117    ;
    114118
    115119    $template->append('plugins', array(
  • trunk/admin/plugins_update.php

    r5039 r5195  
    3838if (isset($_GET['plugin']) and isset($_GET['revision']) and !is_adviser())
    3939{
     40  check_pwg_token();
     41 
    4042  $plugin_id = $_GET['plugin'];
    4143  $revision = $_GET['revision'];
     
    4951      . '&revision=' . $revision
    5052      . '&plugin=' . $plugin_id
     53      . '&pwg_token='.get_pwg_token()
    5154      . '&reactivate=true');
    5255  }
     
    134137        $url_auto_update = $base_url
    135138          . '&revision=' . $plugin_info['revision_id']
    136           . '&plugin=' . $plugin_id;
     139          . '&plugin=' . $plugin_id
     140          . '&pwg_token='.get_pwg_token()
     141          ;
    137142
    138143        $template->append('plugins_not_uptodate', array(
  • trunk/admin/site_manager.php

    r5036 r5195  
    3333// +-----------------------------------------------------------------------+
    3434check_status(ACCESS_ADMINISTRATOR);
     35
     36if (!empty($_POST) or isset($_GET['action']))
     37{
     38  check_pwg_token();
     39}
    3540
    3641/**
     
    199204}
    200205
    201 $template->assign( array(
    202   'U_HELP'    => get_root_url().'popuphelp.php?page=site_manager',
    203   'F_ACTION'  => get_root_url().'admin.php'
    204                 .get_query_string_diff( array('action','site') )
    205   ) );
     206$template->assign(
     207  array(
     208    'U_HELP'    => get_root_url().'popuphelp.php?page=site_manager',
     209    'F_ACTION'  => get_root_url().'admin.php'.get_query_string_diff(array('action','site','pwg_token')),
     210    'PWG_TOKEN' => get_pwg_token(),
     211    )
     212  );
    206213
    207214// +-----------------------------------------------------------------------+
     
    243250  $base_url.= '?page=site_manager';
    244251  $base_url.= '&site='.$row['id'];
     252  $base_url.= '&pwg_token='.get_pwg_token();
    245253  $base_url.= '&action=';
    246254
  • trunk/admin/tags.php

    r5036 r5195  
    2929include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
    3030check_status(ACCESS_ADMINISTRATOR);
     31
     32if (!empty($_POST))
     33{
     34  check_pwg_token();
     35}
    3136
    3237// +-----------------------------------------------------------------------+
     
    190195$template->assign(
    191196  array(
    192     'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=tags'
     197    'F_ACTION' => PHPWG_ROOT_PATH.'admin.php?page=tags',
     198    'PWG_TOKEN' => get_pwg_token(),
    193199    )
    194200  );
  • trunk/admin/themes/default/template/cat_list.tpl

    r5193 r5195  
    2727
    2828<form id="addVirtual" action="{$F_ACTION}" method="post">
     29  <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
    2930  <p>
    3031    {'Add a virtual category'|@translate} : <input type="text" name="virtual_name">
     
    3940{if count($categories) }
    4041<form id="categoryOrdering" action="{$F_ACTION}" method="post">
     42  <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
    4143  <p>
    4244    <input class="submit" name="submitOrder" type="submit" value="{'Save order'|@translate}" {$TAG_INPUT_ENABLED}>
  • trunk/admin/themes/default/template/group_list.tpl

    r5123 r5195  
    44
    55<form method="post" name="add_user" action="{$F_ADD_ACTION}" class="properties">
     6  <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
    67  <fieldset>
    78    <legend>{'Add group'|@translate}</legend>
  • trunk/admin/themes/default/template/site_manager.tpl

    r5178 r5195  
    1717{if isset($local_listing.CREATE)}
    1818<form action="{$F_ACTION}" method="post">
     19  <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
    1920  <p>
    2021    {'Create this site'|@translate}:
     
    6465
    6566<form action="{$F_ACTION}" method="post">
     67  <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
    6668  <p>
    6769    <label for="galleries_url" >{'Create a new site : (give its URL to create_listing_file.php)'|@translate}</label>
  • trunk/admin/themes/default/template/tags.tpl

    r5123 r5195  
    44
    55<form action="{$F_ACTION}" method="post">
     6  <input type="hidden" name="pwg_token" value="{$PWG_TOKEN}" />
    67
    78  {if isset($EDIT_TAGS_LIST)}
  • trunk/comments.php

    r5014 r5195  
    117117}
    118118
     119// search a specific comment (if you're coming directly from an admin
     120// notification email)
     121if (!empty($_GET['comment_id']))
     122{
     123  check_input_parameter('comment_id', $_GET, false, PATTERN_ID);
     124
     125  // currently, the $_GET['comment_id'] is only used by admins from email
     126  // for management purpose (validate/delete)
     127  if (!is_admin())
     128  {
     129    $login_url =
     130      get_root_url().'identification.php?redirect='
     131      .urlencode(urlencode($_SERVER['REQUEST_URI']))
     132      ;
     133    redirect($login_url);
     134  }
     135
     136  $page['where_clauses'][] = 'com.id = '.$_GET['comment_id'];
     137}
     138
    119139// search a substring among comments content
    120140if (!empty($_GET['keyword']))
     
    156176// |                         comments management                           |
    157177// +-----------------------------------------------------------------------+
    158 if (isset($_GET['delete']) and is_numeric($_GET['delete'])
    159     and (is_admin() || $conf['user_can_delete_comment']))
    160 {// comments deletion
    161   delete_user_comment($_GET['delete']);
    162 }
    163 
    164 if (isset($_GET['validate']) and is_numeric($_GET['validate'])
    165       and !is_adviser() )
    166 {  // comments validation
    167   check_status(ACCESS_ADMINISTRATOR);
    168   $query = '
    169 UPDATE '.COMMENTS_TABLE.'
    170   SET validated = \'true\'
    171   , validation_date = NOW()
    172   WHERE id='.$_GET['validate'].'
    173 ;';
    174   pwg_query($query);
    175 }
    176 
    177 if (isset($_GET['edit']) and is_numeric($_GET['edit'])
    178     and (is_admin() || $conf['user_can_edit_comment']))
    179 {
    180   if (!empty($_POST['content']))
     178
     179$comment_id = null;
     180$action = null;
     181
     182$actions = array('delete', 'validate', 'edit');
     183foreach ($actions as $loop_action)
     184{
     185  if (isset($_GET[$loop_action]))
    181186  {
    182     update_user_comment(array('comment_id' => $_GET['edit'],
    183                               'image_id' => $_POST['image_id'],
    184                               'content' => $_POST['content']),
    185                         $_POST['key']
    186                         );
    187 
    188     $edit_comment = null;
     187    $action = $loop_action;   
     188    check_input_parameter($action, $_GET, false, PATTERN_ID);
     189    $comment_id = $_GET[$action];
     190    break;
    189191  }
    190   else
     192}
     193
     194if (isset($action))
     195{
     196  check_pwg_token();
     197
     198  $comment_author_id = get_comment_author_id($comment_id);
     199   
     200  if (can_manage_comment($action, $comment_author_id))
    191201  {
    192     $edit_comment = $_GET['edit'];
     202    $perform_redirect = false;
     203 
     204    if ('delete' == $action)
     205    {
     206      delete_user_comment($comment_id);
     207      $perform_redirect = true;
     208    }
     209
     210    if ('validate' == $action)
     211    {
     212      validate_user_comment($comment_id);
     213      $perform_redirect = true;
     214    }
     215   
     216    if ('edit' == $action)
     217    {
     218      if (!empty($_POST['content']))
     219      {
     220        update_user_comment(
     221          array(
     222            'comment_id' => $_GET['edit'],
     223            'image_id' => $_POST['image_id'],
     224            'content' => $_POST['content']
     225            ),
     226          $_POST['key']
     227          );
     228       
     229        $edit_comment = null;
     230      }
     231      else
     232      {
     233        $edit_comment = $_GET['edit'];
     234      }
     235    }
     236   
     237    if ($perform_redirect)
     238    {
     239      $redirect_url =
     240        PHPWG_ROOT_PATH
     241        .'comments.php'
     242        .get_query_string_diff(array('delete','validate','pwg_token'));
     243     
     244      redirect($redirect_url);
     245    }
    193246  }
    194247}
     
    288341$url = PHPWG_ROOT_PATH
    289342    .'comments.php'
    290     .get_query_string_diff(array('start','delete','validate'));
     343  .get_query_string_diff(array('start','delete','validate','pwg_token'));
    291344
    292345$navbar = create_navigation_bar($url,
     
    379432    // link to the full size picture
    380433    $url = make_picture_url(
    381             array(
    382               'category' => $categories[ $comment['category_id'] ],
    383               'image_id' => $comment['image_id'],
    384               'image_file' => $elements[$comment['image_id']]['file'],
    385             )
    386           );
    387 
    388     $tpl_comment =
    389434      array(
    390         'U_PICTURE' => $url,
    391         'TN_SRC' => $thumbnail_src,
    392         'ALT' => $name,
    393         'AUTHOR' => trigger_event('render_comment_author', $comment['author']),
    394         'DATE'=>format_date($comment['date'], true),
    395         'CONTENT'=>trigger_event('render_comment_content',$comment['content']),
     435        'category' => $categories[ $comment['category_id'] ],
     436        'image_id' => $comment['image_id'],
     437        'image_file' => $elements[$comment['image_id']]['file'],
     438        )
     439      );
     440   
     441    $tpl_comment = array(
     442      'U_PICTURE' => $url,
     443      'TN_SRC' => $thumbnail_src,
     444      'ALT' => $name,
     445      'AUTHOR' => trigger_event('render_comment_author', $comment['author']),
     446      'DATE'=>format_date($comment['date'], true),
     447      'CONTENT'=>trigger_event('render_comment_content',$comment['content']),
     448      );
     449
     450    if (can_manage_comment('delete', $comment['author_id']))
     451    {
     452      $url =
     453        get_root_url()
     454        .'comments.php'
     455        .get_query_string_diff(array('delete','validate','edit', 'pwg_token'));
     456     
     457      $tpl_comment['U_DELETE'] = add_url_params(
     458        $url,
     459        array(
     460          'delete' => $comment['comment_id'],
     461          'pwg_token' => get_pwg_token(),
     462          )
    396463        );
    397 
    398     if (can_manage_comment('delete', $comment['author_id']))
    399     {
    400       $url = get_root_url().'comments.php'
    401         .get_query_string_diff(array('delete','validate','edit'));
    402       $tpl_comment['U_DELETE'] =
    403         add_url_params($url,
    404                        array('delete'=>$comment['comment_id'])
    405                        );
    406     }
     464    }
     465   
    407466    if (can_manage_comment('edit', $comment['author_id']))
    408467    {
    409       $url = get_root_url().'comments.php'
    410         .get_query_string_diff(array('edit', 'delete','validate'));
    411       $tpl_comment['U_EDIT'] =
    412         add_url_params($url,
    413                        array('edit'=>$comment['comment_id'])
    414                        );
     468      $url =
     469        get_root_url()
     470        .'comments.php'
     471        .get_query_string_diff(array('edit', 'delete','validate', 'pwg_token'));
     472     
     473      $tpl_comment['U_EDIT'] = add_url_params(
     474        $url,
     475        array(
     476          'edit' => $comment['comment_id'],
     477          'pwg_token' => get_pwg_token(),
     478          )
     479        );
     480     
    415481      if (isset($edit_comment) and ($comment['comment_id'] == $edit_comment))
    416482      {
     
    423489    }
    424490
    425     if ( is_admin() && $comment['validated'] != 'true')
    426     {
    427       $tpl_comment['U_VALIDATE'] =
    428         add_url_params($url,
    429                        array('validate'=>$comment['comment_id'])
    430                        );
     491    if (can_manage_comment('validate', $comment['author_id']))
     492    {
     493      if ('true' != $comment['validated'])
     494      {
     495        $tpl_comment['U_VALIDATE'] = add_url_params(
     496          $url,
     497          array(
     498            'validate'=> $comment['comment_id'],
     499            'pwg_token' => get_pwg_token(),
     500            )
     501          );
     502      }
    431503    }
    432504    $template->append('comments', $tpl_comment);
  • trunk/feed.php

    r5014 r5195  
    6464// +-----------------------------------------------------------------------+
    6565
    66 check_input_parameter('feed', @$_GET['feed'], false, '/^[0-9a-z]{50}$/i');
     66check_input_parameter('feed', $_GET, false, '/^[0-9a-z]{50}$/i');
    6767
    6868$feed_id= isset($_GET['feed']) ? $_GET['feed'] : '';
  • trunk/include/constants.php

    r5153 r5195  
    4040define('ACCESS_WEBMASTER', 4);
    4141define('ACCESS_CLOSED', 5);
     42
     43// Sanity checks
     44define('PATTERN_ID', '/^\d+$/');
    4245
    4346// Table names
  • trunk/include/functions.inc.php

    r5156 r5195  
    14831483  return $cache['get_icon'][$date] ? $icon : array();
    14841484}
     1485
     1486/**
     1487 * check token comming from form posted or get params to prevent csrf attacks
     1488 * if pwg_token is empty action doesn't require token
     1489 * else pwg_token is compare to server token
     1490 *
     1491 * @return void access denied if token given is not equal to server token
     1492 */
     1493function check_pwg_token()
     1494{
     1495  $valid_token = get_pwg_token();
     1496  $given_token = null;
     1497
     1498  if (!empty($_POST['pwg_token']))
     1499  {
     1500    $given_token = $_POST['pwg_token'];
     1501  }
     1502  elseif (!empty($_GET['pwg_token']))
     1503  {
     1504    $given_token = $_GET['pwg_token'];
     1505  }
     1506  if ($given_token != $valid_token)
     1507  {
     1508    access_denied();
     1509  }
     1510}
     1511
     1512function get_pwg_token()
     1513{
     1514  global $conf;
     1515
     1516  return hash_hmac('md5', session_id(), $conf['secret_key']);
     1517}
     1518
     1519/*
     1520 * breaks the script execution if the given value doesn't match the given
     1521 * pattern. This should happen only during hacking attempts.
     1522 *
     1523 * @param string param_name
     1524 * @param array param_array
     1525 * @param boolean is_array
     1526 * @param string pattern
     1527 *
     1528 * @return void
     1529 */
     1530function check_input_parameter($param_name, $param_array, $is_array, $pattern)
     1531{
     1532  $param_value = null;
     1533  if (isset($param_array[$param_name]))
     1534  {
     1535    $param_value = $param_array[$param_name];
     1536  }
     1537
     1538  // it's ok if the input parameter is null
     1539  if (empty($param_value))
     1540  {
     1541    return true;
     1542  }
     1543
     1544  if ($is_array)
     1545  {
     1546    if (!is_array($param_value))
     1547    {
     1548      fatal_error('[Hacking attempt] the input parameter "'.$param_name.'" should be an array');
     1549    }
     1550
     1551    foreach ($param_value as $item_to_check)
     1552    {
     1553      if (!preg_match($pattern, $item_to_check))
     1554      {
     1555        fatal_error('[Hacking attempt] an item is not valid in input parameter "'.$param_name.'"');
     1556      }
     1557    }
     1558  }
     1559  else
     1560  {
     1561    if (!preg_match($pattern, $param_value))
     1562    {
     1563      fatal_error('[Hacking attempt] the input parameter "'.$param_name.'" is not valid');
     1564    }
     1565  }
     1566}
    14851567?>
  • trunk/include/functions_comment.inc.php

    r5021 r5195  
    171171    $comm['id'] = pwg_db_insert_id(COMMENTS_TABLE);
    172172
    173     if (($comment_action=='validate' and $conf['email_admin_on_comment']) or
    174         ($comment_action!='validate' and $conf['email_admin_on_comment_validation']))
     173    if ($conf['email_admin_on_comment']
     174        or ($conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action))
    175175    {
    176176      include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
    177177
    178       $del_url = get_absolute_root_url().'comments.php?delete='.$comm['id'];
     178      $comment_url = get_absolute_root_url().'comments.php?comment_id='.$comm['id'];
    179179
    180180      $keyargs_content = array
     
    183183        get_l10n_args('Comment: %s', stripslashes($comm['content']) ),
    184184        get_l10n_args('', ''),
    185         get_l10n_args('Delete: %s', $del_url)
     185        get_l10n_args('Manage this user comment: %s', $comment_url)
    186186      );
    187187
    188       if ($comment_action!='validate')
     188      if ('moderate' == $comment_action)
    189189      {
    190         $keyargs_content[] =
    191           get_l10n_args('', '');
    192         $keyargs_content[] =
    193           get_l10n_args('Validate: %s',
    194             get_absolute_root_url().'comments.php?validate='.$comm['id']);
     190        $keyargs_content[] = get_l10n_args('', '');
     191        $keyargs_content[] = get_l10n_args('(!) This comment requires validation', '');
    195192      }
    196193
     
    213210 * @param comment_id
    214211 */
    215 
    216212function delete_user_comment($comment_id) {
    217213  $user_where_clause = '';
     
    338334                               );
    339335}
     336
     337function get_comment_author_id($comment_id, $die_on_error=true)
     338{
     339  $query = '
     340SELECT
     341    author_id
     342  FROM '.COMMENTS_TABLE.'
     343  WHERE id = '.$comment_id.'
     344;';
     345  $result = pwg_query($query);
     346  if (pwg_db_num_rows($result) == 0)
     347  {
     348    if ($die_on_error)
     349    {
     350      fatal_error('Unknown comment identifier');
     351    }
     352    else
     353    {
     354      return false;
     355    }
     356  }
     357 
     358  list($author_id) = pwg_db_fetch_row($result);
     359
     360  return $author_id;
     361}
     362
     363function validate_user_comment($comment_id)
     364{
     365  $query = '
     366UPDATE '.COMMENTS_TABLE.'
     367  SET validated = "true"
     368    , validation_date = NOW()
     369  WHERE id = '.$comment_id.'
     370;';
     371  pwg_query($query);
     372}
    340373?>
  • trunk/include/functions_user.inc.php

    r5123 r5195  
    12471247
    12481248/*
    1249  * Return if current user can edit/delete a comment
    1250  * @param action edit/delete
     1249 * Return if current user can edit/delete/validate a comment
     1250 * @param action edit/delete/validate
    12511251 * @return bool
    12521252 */
    12531253function can_manage_comment($action, $comment_author_id)
    12541254{
    1255   if (!in_array($action, array('delete','edit'))) {
     1255  global $user, $conf;
     1256 
     1257  if (is_a_guest())
     1258  {
    12561259    return false;
    12571260  }
    1258   return (is_admin() ||
    1259           (($GLOBALS['user']['id'] == $comment_author_id)
    1260            && !is_a_guest()
    1261            && $GLOBALS['conf'][sprintf('user_can_%s_comment', $action)]));
     1261 
     1262  if (!in_array($action, array('delete','edit', 'validate')))
     1263  {
     1264    return false;
     1265  }
     1266
     1267  if (is_admin())
     1268  {
     1269    return true;
     1270  }
     1271
     1272  if ('edit' == $action and $conf['user_can_edit_comment'])
     1273  {
     1274    if ($comment_author_id == $user['id']) {
     1275      return true;
     1276    }
     1277  }
     1278
     1279  if ('delete' == $action and $conf['user_can_delete_comment'])
     1280  {
     1281    if ($comment_author_id == $user['id']) {
     1282      return true;
     1283    }
     1284  }
     1285
     1286  return false;
    12621287}
    12631288
  • trunk/include/picture_comment.inc.php

    r5021 r5195  
    167167      if (can_manage_comment('delete', $row['author_id']))
    168168      {
    169         $tpl_comment['U_DELETE'] =
    170           add_url_params($url_self,
    171                          array(
    172                            'action'=>'delete_comment',
    173                            'comment_to_delete'=>$row['id']
    174                                )
    175                          );
     169        $tpl_comment['U_DELETE'] = add_url_params(
     170          $url_self,
     171          array(
     172            'action'=>'delete_comment',
     173            'comment_to_delete'=>$row['id'],
     174            'pwg_token' => get_pwg_token(),
     175            )
     176          );
    176177      }
    177178      if (can_manage_comment('edit', $row['author_id']))
    178179      {
    179         $tpl_comment['U_EDIT'] =
    180           add_url_params($url_self,
    181                          array(
    182                            'action'=>'edit_comment',
    183                            'comment_to_edit'=>$row['id']
    184                                )
    185                          );
     180        $tpl_comment['U_EDIT'] = add_url_params(
     181          $url_self,
     182          array(
     183            'action'=>'edit_comment',
     184            'comment_to_edit'=>$row['id'],
     185            'pwg_token' => get_pwg_token(),
     186            )
     187          );
    186188        if (isset($edit_comment) and ($row['id'] == $edit_comment))
    187189        {
     
    196198        if ($row['validated'] != 'true')
    197199        {
    198           $tpl_comment['U_VALIDATE'] =
    199             add_url_params($url_self,
    200                            array('action' => 'validate_comment',
    201                                  'comment_to_validate' => $row['id']
    202                                  )
    203                            );
     200          $tpl_comment['U_VALIDATE'] = add_url_params(
     201            $url_self,
     202            array(
     203              'action' => 'validate_comment',
     204              'comment_to_validate' => $row['id'],
     205              'pwg_token' => get_pwg_token(),
     206              )
     207            );
    204208        }
    205209      }
  • trunk/picture.php

    r5127 r5195  
    312312    case 'edit_comment' :
    313313    {
     314      check_pwg_token();
     315 
    314316      include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
    315       if (isset($_GET['comment_to_edit'])
    316           and is_numeric($_GET['comment_to_edit'])
    317           and (is_admin() || $conf['user_can_edit_comment']))
     317
     318      check_input_parameter('comment_to_edit', $_GET, false, PATTERN_ID);
     319
     320      $author_id = get_comment_author_id($_GET['comment_to_edit']);
     321     
     322      if (can_manage_comment('edit', $author_id))
    318323      {
    319324        if (!empty($_POST['content']))
    320325        {
    321           update_user_comment(array('comment_id' => $_GET['comment_to_edit'],
    322                   'image_id' => $page['image_id'],
    323                   'content' => $_POST['content']),
    324                   $_POST['key']
    325                   );
     326          update_user_comment(
     327            array(
     328              'comment_id' => $_GET['comment_to_edit'],
     329              'image_id' => $page['image_id'],
     330              'content' => $_POST['content']
     331              ),
     332            $_POST['key']
     333            );
     334         
    326335          redirect($url_self);
    327         } else {
     336        }
     337        else
     338        {
    328339          $edit_comment = $_GET['comment_to_edit'];
    329340          break;
     
    333344    case 'delete_comment' :
    334345    {
     346      check_pwg_token();
     347 
    335348      include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
    336       if (isset($_GET['comment_to_delete'])
    337           and is_numeric($_GET['comment_to_delete'])
    338           and (is_admin() || $conf['user_can_delete_comment']))
     349     
     350      check_input_parameter('comment_to_delete', $_GET, false, PATTERN_ID);
     351
     352      $author_id = get_comment_author_id($_GET['comment_to_delete']);
     353     
     354      if (can_manage_comment('delete', $author_id))
    339355      {
    340356        delete_user_comment($_GET['comment_to_delete']);
    341357      }
     358     
    342359      redirect($url_self);
    343360    }
    344361    case 'validate_comment' :
    345362    {
     363      check_pwg_token();
     364 
    346365      include_once(PHPWG_ROOT_PATH.'include/functions_comment.inc.php');
    347       if (isset($_GET['comment_to_validate'])
    348           and is_numeric($_GET['comment_to_validate'])
    349           and is_admin() and !is_adviser() )
     366
     367      check_input_parameter('comment_to_validate', $_GET, false, PATTERN_ID);
     368     
     369      $author_id = get_comment_author_id($_GET['comment_to_delete']);
     370     
     371      if (can_manage_comment('validate', $author_id))
    350372      {
    351         $query = '
    352 UPDATE '.COMMENTS_TABLE.'
    353   SET validated = \'true\'
    354   , validation_date = NOW()
    355   WHERE id='.$_GET['comment_to_validate'].'
    356 ;';
    357         pwg_query( $query );
     373        validate_user_comment($_GET['comment_to_validate']);
    358374      }
     375     
    359376      redirect($url_self);
    360377    }
  • trunk/search.php

    r5021 r5195  
    7272  if (isset($_POST['tags']))
    7373  {
    74     check_input_parameter('tags', $_POST['tags'], true, PATTERN_ID);
     74    check_input_parameter('tags', $_POST, true, PATTERN_ID);
    7575   
    7676    $search['fields']['tags'] = array(
     
    9393  if (isset($_POST['cat']))
    9494  {
    95     check_input_parameter('cat', $_POST['cat'], true, PATTERN_ID);
     95    check_input_parameter('cat', $_POST, true, PATTERN_ID);
    9696   
    9797    $search['fields']['cat'] = array(
Note: See TracChangeset for help on using the changeset viewer.