kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

[wip] fixing errors brought by the big security changes... update browser preferences fix + some post/get/request messup + zip not working properly

This commit is contained in:
Benjamin Sonntag 2016-05-23 16:08:23 +02:00
parent b4cd0d2a95
commit aef4f58e8a
6 changed files with 17 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bureau/admin/adm_login.php
View File

@ -36,7 +36,7 @@ require_once("../class/config.php");
*/ */
$fields = array ( $fields = array (
"id" => array ("post", "integer", ""), "id" => array ("get", "integer", ""),
); );
getFields($fields); getFields($fields);

8
bureau/admin/bro_editor.php
View File

@ -30,12 +30,12 @@
require_once("../class/config.php"); require_once("../class/config.php");
$fields = array ( $fields = array (
"editfile" => array ("post", "string", ""), "editfile" => array ("request", "string", ""),
"texte" => array ("post", "string", ""), "texte" => array ("post", "string", ""),
"save" => array ("post", "string", ""), "save" => array ("post", "string", ""),
"saveret" => array ("post", "string", ""), "saveret" => array ("post", "string", ""),
"cancel" => array ("post", "string", ""), "cancel" => array ("post", "string", ""),
"R" => array ("post", "string", ""), "R" => array ("request", "string", ""),
); );
getFields($fields); getFields($fields);
@ -72,7 +72,7 @@ include_once("head.php");
?> ?>
<p> <p>
<?php if (isset($error) && $error) echo "<p class=\"alert alert-danger\">$error</p>"; ?> <?php if (isset($error) && $error) echo "<p class=\"alert alert-danger\">$error</p>"; ?>
<h3><?php echo _("File editing")." <code>$R/<b>$editfile</b></code><br />"; ?></h3> <h3><?php echo _("File editing")." <code>".ehe($R,false)."/<b>".ehe($editfile,false)."</b></code><br />"; ?></h3>
</p> </p>
<?php <?php
@ -106,7 +106,7 @@ echo "<pre class='prettyprint' id='file_content_view' >$content</pre>";
<br/> <br/>
<?php if (!empty($error)) echo "<p class=\"alert alert-danger\">".$error."</p>"; ?> <?php if (!empty($error)) echo "<p class=\"alert alert-danger\">".$error."</p>"; ?>
<input type="hidden" name="editfile" value="<?php ehe($editfile); ?>" /> <input type="hidden" name="editfile" value="<?php ehe($editfile); ?>" />
<input type="hidden" name="R" value="<?php echo ehe($R); ?>" /> <input type="hidden" name="R" value="<?php ehe($R); ?>" />
<input type="submit" class="inb" value="<?php __("Save"); ?>" name="save" /> <input type="submit" class="inb" value="<?php __("Save"); ?>" name="save" />
<input type="submit" class="inb" value="<?php __("Save &amp; Quit"); ?>" name="saveret" /> <input type="submit" class="inb" value="<?php __("Save &amp; Quit"); ?>" name="saveret" />

6
bureau/admin/browseforfolder2.php
View File

@ -141,9 +141,9 @@ if ($errbrowsefold) {
<form method="post" id="main" name="main" action="browseforfolder2.php"> <form method="post" id="main" name="main" action="browseforfolder2.php">
<?php csrf_get(); ?> <?php csrf_get(); ?>
<p> <p>
<input type="hidden" name="caller" value="<?php echo ehe($caller); ?>" /> <input type="hidden" name="caller" value="<?php ehe($caller); ?>" />
<input type="hidden" name="lastcurdir" value="<?php echo ehe($curdir); ?>" /> <input type="hidden" name="lastcurdir" value="<?php ehe($curdir); ?>" />
<input type="hidden" name="bid" value="<?php echo ehe($bid); ?>" /> <input type="hidden" name="bid" value="<?php ehe($bid); ?>" />
<input type="text" class="int" id="file" name="file" size="20" value="<?php ehe($file); ?>" /><br /> <input type="text" class="int" id="file" name="file" size="20" value="<?php ehe($file); ?>" /><br />

4
bureau/admin/ftp_doedit.php
View File

@ -67,8 +67,12 @@ if (!$r) {
$rr[0]["dir"]=$dir; $rr[0]["dir"]=$dir;
include_once("ftp_edit.php"); include_once("ftp_edit.php");
exit(); exit();
} else {
if ($create) {
$error=_("The ftp account has been successfully created");
} else { } else {
$error=_("The ftp account has been successfully saved"); $error=_("The ftp account has been successfully saved");
}
include("ftp_list.php"); include("ftp_list.php");
exit(); exit();
} }

2
bureau/admin/hta_add.php
View File

@ -31,7 +31,7 @@ require_once("../class/config.php");
include_once("head.php"); include_once("head.php");
$fields = array ( $fields = array (
"dir" => array ("post", "string", ""), "dir" => array ("request", "string", ""),
); );
getFields($fields); getFields($fields);

7
bureau/class/m_bro.php
View File

@ -275,7 +275,7 @@ class m_bro {
if ($db->num_rows() == 0) { if ($db->num_rows() == 0) {
$db->query("INSERT INTO browser (editsizex, editsizey, listmode, showicons, downfmt, createfile, showtype, uid, editor_font, editor_size, golastdir) VALUES (70, 21, 0, 0, 0, 0, 0, ?,'Arial, Helvetica, Sans-serif','12px',1);", array(intval($cuid))); $db->query("INSERT INTO browser (editsizex, editsizey, listmode, showicons, downfmt, createfile, showtype, uid, editor_font, editor_size, golastdir) VALUES (70, 21, 0, 0, 0, 0, 0, ?,'Arial, Helvetica, Sans-serif','12px',1);", array(intval($cuid)));
} }
$db->query("UPDATE browser SET editsizex= ?, editsizey= ?, listmode= ?, showicons= ?, downfmt= ?, createfile= ?, showtype= ?, editor_font= ?, editor_size= e, golastdir= ? WHERE uid= ?;", array($editsizex, $editsizey, $downfmt, $createfile, $showtype, $editor_font, $editor_size, $golastdir, intval($cuid))); $db->query("UPDATE browser SET editsizex= ?, editsizey= ?, listmode= ?, showicons= ?, downfmt= ?, createfile= ?, showtype= ?, editor_font= ?, editor_size= ?, golastdir= ? WHERE uid= ?;", array($editsizex, $editsizey, $listmode, $showicons, $downfmt, $createfile, $showtype, $editor_font, $editor_size, $golastdir, intval($cuid)));
return true; return true;
} }
@ -1070,9 +1070,10 @@ class m_bro {
header("Content-Disposition: attachment; filename=" . $mem->user["login"] . ".zip"); header("Content-Disposition: attachment; filename=" . $mem->user["login"] . ".zip");
header("Content-Type: application/x-zip"); header("Content-Type: application/x-zip");
header("Content-Transfer-Encoding: binary"); header("Content-Transfer-Encoding: binary");
$d = escapeshellarg($this->convertabsolute($dir, false)); $d = $this->convertabsolute($dir, false);
set_time_limit(0); set_time_limit(0);
passthru("/usr/bin/zip -r - $d"); chdir(dirname($d));
passthru("/usr/bin/zip -r - ".escapeshellarg(basename($d)));
} }
/** /**