index.php @ 3297:10ef6e5a76d1

Visit:

Revision 3297:10ef6e5a76d1, 10.0 KB checked in by franck <carnet.franck.paul@…>, 9 years ago (diff)
Fix somes vulnerabilities in blogroll plugin, thanks Onur Yılmaz - Netsparker ( https://www.netsparker.com)

Line
1	<?php
2	# -- BEGIN LICENSE BLOCK ---------------------------------------
3	#
4	# This file is part of Dotclear 2.
5	#
6	# Copyright (c) 2003-2013 Olivier Meunier & Association Dotclear
7	# Licensed under the GPL version 2.0 license.
8	# See LICENSE file or
9	# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
10	#
11	# -- END LICENSE BLOCK -----------------------------------------
12	if (!defined('DC_CONTEXT_ADMIN')) { return; }
13
14	$blogroll = new dcBlogroll($core->blog);
15
16	if (!empty($_REQUEST['edit']) && !empty($_REQUEST['id'])) {
17	include dirname(__FILE__).'/edit.php';
18	return;
19	}
20
21	$default_tab = '';
22	$link_title = $link_href = $link_desc = $link_lang = '';
23	$cat_title = '';
24
25	# Import links
26	if (!empty($_POST['import_links']) && !empty($_FILES['links_file']))
27	{
28	$default_tab = 'import-links';
29
30	try
31	{
32	files::uploadStatus($_FILES['links_file']);
33	$ifile = DC_TPL_CACHE.'/'.md5(uniqid());
34	if (!move_uploaded_file($_FILES['links_file']['tmp_name'],$ifile)) {
35	throw new Exception(__('Unable to move uploaded file.'));
36	}
37
38	require_once dirname(__FILE__).'/class.dc.importblogroll.php';
39	try {
40	$imported = dcImportBlogroll::loadFile($ifile);
41	@unlink($ifile);
42	} catch (Exception $e) {
43	@unlink($ifile);
44	throw $e;
45	}
46
47
48	if (empty($imported)) {
49	unset($imported);
50	throw new Exception(__('Nothing to import'));
51	}
52	}
53	catch (Exception $e)
54	{
55	$core->error->add($e->getMessage());
56	}
57	}
58
59	if (!empty($_POST['import_links_do'])) {
60	foreach ($_POST['entries'] as $idx) {
61	$link_title = html::escapeHTML($_POST['title'][$idx]);
62	$link_href = html::escapeHTML($_POST['url'][$idx]);
63	$link_desc = html::escapeHTML($_POST['desc'][$idx]);
64	try {
65	$blogroll->addLink($link_title,$link_href,$link_desc,'');
66	} catch (Exception $e) {
67	$core->error->add($e->getMessage());
68	$default_tab = 'import-links';
69	}
70	}
71
72	dcPage::addSuccessNotice(__('links have been successfully imported.'));
73	http::redirect($p_url);
74	}
75
76	if (!empty($_POST['cancel_import'])) {
77	$core->error->add(__('Import operation cancelled.'));
78	$default_tab = 'import-links';
79	}
80
81	# Add link
82	if (!empty($_POST['add_link']))
83	{
84	$link_title = html::escapeHTML($_POST['link_title']);
85	$link_href = html::escapeHTML($_POST['link_href']);
86	$link_desc = html::escapeHTML($_POST['link_desc']);
87	$link_lang = html::escapeHTML($_POST['link_lang']);
88
89	try {
90	$blogroll->addLink($link_title,$link_href,$link_desc,$link_lang);
91
92	dcPage::addSuccessNotice(__('Link has been successfully created.'));
93	http::redirect($p_url);
94	} catch (Exception $e) {
95	$core->error->add($e->getMessage());
96	$default_tab = 'add-link';
97	}
98	}
99
100	# Add category
101	if (!empty($_POST['add_cat']))
102	{
103	$cat_title = html::escapeHTML($_POST['cat_title']);
104
105	try {
106	$blogroll->addCategory($cat_title);
107	dcPage::addSuccessNotice(__('category has been successfully created.'));
108	http::redirect($p_url);
109	} catch (Exception $e) {
110	$core->error->add($e->getMessage());
111	$default_tab = 'add-cat';
112	}
113	}
114
115	# Delete link
116	if (!empty($_POST['removeaction']) && !empty($_POST['remove'])) {
117	foreach ($_POST['remove'] as $k => $v)
118	{
119	try {
120	$blogroll->delItem($v);
121	} catch (Exception $e) {
122	$core->error->add($e->getMessage());
123	break;
124	}
125	}
126
127	if (!$core->error->flag()) {
128	dcPage::addSuccessNotice(__('Items have been successfully removed.'));
129	http::redirect($p_url);
130	}
131	}
132
133	# Order links
134	$order = array();
135	if (empty($_POST['links_order']) && !empty($_POST['order'])) {
136	$order = $_POST['order'];
137	asort($order);
138	$order = array_keys($order);
139	} elseif (!empty($_POST['links_order'])) {
140	$order = explode(',',$_POST['links_order']);
141	}
142
143	if (!empty($_POST['saveorder']) && !empty($order))
144	{
145	foreach ($order as $pos => $l) {
146	$pos = ((integer) $pos)+1;
147
148	try {
149	$blogroll->updateOrder($l,$pos);
150	} catch (Exception $e) {
151	$core->error->add($e->getMessage());
152	}
153	}
154
155	if (!$core->error->flag()) {
156	dcPage::addSuccessNotice(__('Items order has been successfully updated'));
157	http::redirect($p_url);
158	}
159	}
160
161
162	# Get links
163	try {
164	$rs = $blogroll->getLinks();
165	} catch (Exception $e) {
166	$core->error->add($e->getMessage());
167	}
168
169	?>
170	<html>
171	<head>
172	<title><?php echo __('Blogroll'); ?></title>
173	<?php echo dcPage::jsConfirmClose('links-form','add-link-form','add-category-form'); ?>
174	<?php
175	$core->auth->user_prefs->addWorkspace('accessibility');
176	if (!$core->auth->user_prefs->accessibility->nodragdrop) {
177	echo
178	dcPage::jsLoad('js/jquery/jquery-ui.custom.js').
179	dcPage::jsLoad('js/jquery/jquery.ui.touch-punch.js').
180	dcPage::jsLoad(dcPage::getPF('blogroll/blogroll.js'));
181	}
182	?>
183	<?php echo dcPage::jsPageTabs($default_tab); ?>
184	</head>
185
186	<body>
187	<?php
188	echo dcPage::breadcrumb(
189	array(
190	html::escapeHTML($core->blog->name) => '',
191	__('Blogroll') => ''
192	)).
193	dcPage::notices();
194	?>
195
196	<div class="multi-part" id="main-list" title="<?php echo __('Blogroll'); ?>">
197
198	<?php if (!$rs->isEmpty()) { ?>
199
200	<form action="<?php echo $core->adminurl->get('admin.plugin'); ?>" method="post" id="links-form">
201	<div class="table-outer">
202	<table class="dragable">
203	<thead>
204	<tr>
205	<th colspan="3"><?php echo __('Title'); ?></th>
206	<th><?php echo __('Description'); ?></th>
207	<th><?php echo __('URL'); ?></th>
208	<th><?php echo __('Lang'); ?></th>
209	</tr>
210	</thead>
211	<tbody id="links-list">
212	<?php
213	while ($rs->fetch())
214	{
215	$position = (string) $rs->index()+1;
216
217	echo
218	'<tr class="line" id="l_'.$rs->link_id.'">'.
219	'<td class="handle minimal">'.form::field(array('order['.$rs->link_id.']'),2,5,$position,'position','',false,'title="'.__('position').'"').'</td>'.
220	'<td class="minimal">'.form::checkbox(array('remove[]'),$rs->link_id,'','','',false,'title="'.__('select this link').'"').'</td>';
221
222
223	if ($rs->is_cat)
224	{
225	echo
226	'<td colspan="5"><strong><a href="'.$p_url.'&edit=1&id='.$rs->link_id.'">'.
227	html::escapeHTML($rs->link_desc).'</a></strong></td>';
228	}
229	else
230	{
231	echo
232	'<td><a href="'.$p_url.'&edit=1&id='.$rs->link_id.'">'.
233	html::escapeHTML($rs->link_title).'</a></td>'.
234	'<td>'.html::escapeHTML($rs->link_desc).'</td>'.
235	'<td>'.html::escapeHTML($rs->link_href).'</td>'.
236	'<td>'.html::escapeHTML($rs->link_lang).'</td>';
237	}
238
239	echo '</tr>';
240	}
241	?>
242	</tbody>
243	</table></div>
244
245	<div class="two-cols">
246	<p class="col">
247	<?php
248	echo
249	form::hidden('links_order','').
250	form::hidden(array('p'),'blogroll').
251	$core->formNonce();
252	?>
253	<input type="submit" name="saveorder" value="<?php echo __('Save order'); ?>" /></p>
254	<p class="col right"><input id="remove-action" type="submit" class="delete" name="removeaction"
255	value="<?php echo __('Delete selected links'); ?>"
256	onclick="return window.confirm('
257	<?php echo html::escapeJS(__('Are you sure you want to delete selected links?')); ?>');" /></p>
258	</div>
259	</form>
260
261	<?php
262	} else {
263	echo '<div><p>'.__('The link list is empty.').'</p></div>';
264	}
265	?>
266
267	</div>
268
269	<?php
270	echo
271	'<div class="multi-part clear" id="add-link" title="'.__('Add a link').'">'.
272	'<form action="'.$core->adminurl->get('admin.plugin').'" method="post" id="add-link-form">'.
273	'<h3>'.__('Add a new link').'</h3>'.
274	'<p class="col"><label for="link_title" class="required"><abbr title="'.__('Required field').'">*</abbr> '.__('Title:').'</label> '.
275	form::field('link_title',30,255,$link_title).
276	'</p>'.
277
278	'<p class="col"><label for="link_href" class="required"><abbr title="'.__('Required field').'">*</abbr> '.__('URL:').'</label> '.
279	form::field('link_href',30,255,$link_href).
280	'</p>'.
281
282	'<p class="col"><label for="link_desc">'.__('Description:').'</label> '.
283	form::field('link_desc',30,255,$link_desc).
284	'</p>'.
285
286	'<p class="col"><label for="link_lang">'.__('Language:').'</label> '.
287	form::field('link_lang',5,5,$link_lang).
288	'</p>'.
289	'<p>'.form::hidden(array('p'),'blogroll').
290	$core->formNonce().
291	'<input type="submit" name="add_link" value="'.__('Save').'" /></p>'.
292	'</form>'.
293	'</div>';
294
295	echo
296	'<div class="multi-part" id="add-cat" title="'.__('Add a category').'">'.
297	'<form action="'.$core->adminurl->get('admin.plugin').'" method="post" id="add-category-form">'.
298	'<h3>'.__('Add a new category').'</h3>'.
299	'<p><label for="cat_title" class=" classic required"><abbr title="'.__('Required field').'">*</abbr> '.__('Title:').'</label> '.
300	form::field('cat_title',30,255,$cat_title).' '.
301	form::hidden(array('p'),'blogroll').
302	$core->formNonce().
303	'<input type="submit" name="add_cat" value="'.__('Save').'" /></p>'.
304	'</form>'.
305	'</div>';
306
307	echo
308	'<div class="multi-part" id="import-links" title="'.__('Import links').'">';
309	if (!isset($imported)) {
310	echo
311	'<form action="'.$core->adminurl->get('admin.plugin').'" method="post" id="import-links-form" enctype="multipart/form-data">'.
312	'<h3>'.__('Import links').'</h3>'.
313	'<p><label for="links_file" class=" classic required"><abbr title="'.__('Required field').'">*</abbr> '.__('OPML or XBEL File:').'</label> '.
314	'<input type="file" id="links_file" name="links_file" /></p>'.
315	'<p>'.form::hidden(array('p'),'blogroll').
316	$core->formNonce().
317	'<input type="submit" name="import_links" value="'.__('Import').'" /></p>'.
318	'</form>';
319	}
320	else {
321	echo
322	'<form action="'.$core->adminurl->get('admin.plugin').'" method="post" id="import-links-form">'.
323	'<h3>'.__('Import links').'</h3>';
324	if (empty($imported)) {
325	echo '<p>'.__('Nothing to import').'</p>';
326	}
327	else {
328	echo
329	'<table class="clear maximal"><tr>'.
330	'<th colspan="2">'.__('Title').'</th>'.
331	'<th>'.__('Description').'</th>'.
332	'</tr>';
333
334	$i = 0;
335	foreach ($imported as $entry) {
336	$url = html::escapeHTML($entry->link);
337	$title = html::escapeHTML($entry->title);
338	$desc = html::escapeHTML($entry->desc);
339
340	echo
341	'<tr><td>'.form::checkbox(array('entries[]'),$i,'','','').'</td>'.
342	'<td nowrap><a href="'.$url.'">'.$title.'</a>'.
343	'<input type="hidden" name="url['.$i.']" value="'.$url.'" />'.
344	'<input type="hidden" name="title['.$i.']" value="'.$title.'" />'.
345	'</td>'.
346	'<td>'.$desc.
347	'<input type="hidden" name="desc['.$i.']" value="'.$desc.'" />'.
348	'</td></tr>'."\n";
349	$i++;
350	}
351	echo
352	'</table>'.
353	'<div class="two-cols">'.
354	'<p class="col checkboxes-helpers"></p>'.
355
356	'<p class="col right">'.
357	form::hidden(array('p'),'blogroll').
358	$core->formNonce().
359	'<input type="submit" name="cancel_import" value="'.__('Cancel').'" /> '.
360	'<input type="submit" name="import_links_do" value="'.__('Import').'" /></p>'.
361	'</div>';
362	}
363	echo
364	'</form>';
365	}
366	echo '</div>';
367
368	dcPage::helpBlock('blogroll');
369	?>
370
371	</body>
372	</html>

Note: See TracBrowser for help on using the repository browser.

Dotclear

Context Navigation

source: plugins/blogroll/index.php @ 3297:10ef6e5a76d1

Download in other formats:

Sites map