Merge branch 'master' into 12400
This commit is contained in:
commit
4b34c1664d
@ -7,8 +7,9 @@
|
|||||||
- Stockage des données JSON, forçage au format objet.
|
- Stockage des données JSON, forçage au format objet.
|
||||||
|
|
||||||
## Version 12.3.10
|
## Version 12.3.10
|
||||||
|
- Edition d'un utilisateur, affiche correctement la langue de l'interface dans l'édition d'un utilisateur.
|
||||||
- Mise à jour du fichier dialog.php de Responsive File Manager
|
- Mise à jour du fichier dialog.php de Responsive File Manager
|
||||||
- Vulnérabilité dans ajax_call.php CVE-2020-10567
|
- Vulnérabilité dans ajax_call.php CVE-2020-10567, désactivation de TUI Editor et de la fonction save_image.
|
||||||
|
|
||||||
## Version 12.3.09
|
## Version 12.3.09
|
||||||
### Corrections
|
### Corrections
|
||||||
|
46
core/vendor/filemanager/ajax_calls.php
vendored
46
core/vendor/filemanager/ajax_calls.php
vendored
@ -73,13 +73,16 @@ if (isset($_GET['action'])) {
|
|||||||
$_SESSION['RF']["sort_by"] = $_GET['sort_by'];
|
$_SESSION['RF']["sort_by"] = $_GET['sort_by'];
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset($_GET['descending'])) {
|
if (isset($_GET['descending']))
|
||||||
|
{
|
||||||
$_SESSION['RF']["descending"] = $_GET['descending'];
|
$_SESSION['RF']["descending"] = $_GET['descending'];
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'save_img':
|
case 'save_img':
|
||||||
|
break;
|
||||||
$info = pathinfo($_POST['name']);
|
$info = pathinfo($_POST['name']);
|
||||||
$image_data = $_POST['url'];
|
$image_data = $_POST['url'];
|
||||||
|
|
||||||
if (preg_match('/^data:image\/(\w+);base64,/', $image_data, $type)) {
|
if (preg_match('/^data:image\/(\w+);base64,/', $image_data, $type)) {
|
||||||
$image_data = substr($image_data, strpos($image_data, ',') + 1);
|
$image_data = substr($image_data, strpos($image_data, ',') + 1);
|
||||||
$type = strtolower($type[1]); // jpg, png, gif
|
$type = strtolower($type[1]); // jpg, png, gif
|
||||||
@ -104,19 +107,18 @@ if (isset($_GET['action'])) {
|
|||||||
response(sprintf(trans('max_size_reached'), $config['MaxSizeTotal']).AddErrorLocation())->send();
|
response(sprintf(trans('max_size_reached'), $config['MaxSizeTotal']).AddErrorLocation())->send();
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($ftp) {
|
if ($ftp) {
|
||||||
$temp_file = tmpfile();
|
$temp = tempnam('/tmp', 'RF');
|
||||||
$temp_meta = stream_get_meta_data($temp_file);
|
unlink($temp);
|
||||||
$temp_path = $temp_meta['uri'];
|
$temp .=".".substr(strrchr($_POST['url'], '.'), 1);
|
||||||
fwrite($temp_file, $image_data);
|
file_put_contents($temp, $image_data);
|
||||||
|
|
||||||
$ftp->put($config['ftp_base_folder'] . $config['upload_dir'] . $_POST['path'] . $_POST['name'], $temp_path, FTP_BINARY);
|
$ftp->put($config['ftp_base_folder'].$config['upload_dir'] . $_POST['path'] . $_POST['name'], $temp, FTP_BINARY);
|
||||||
|
|
||||||
create_img($temp_path, $temp_path, 122, 91);
|
create_img($temp, $temp, 122, 91);
|
||||||
$ftp->put($config['ftp_base_folder'] . $config['ftp_thumbs_dir'] . $_POST['path'] . $_POST['name'], $temp_path, FTP_BINARY);
|
$ftp->put($config['ftp_base_folder'].$config['ftp_thumbs_dir']. $_POST['path'] . $_POST['name'], $temp, FTP_BINARY);
|
||||||
|
|
||||||
fclose($temp_file);
|
unlink($temp);
|
||||||
} else {
|
} else {
|
||||||
file_put_contents($config['current_path'] . $_POST['path'] . $_POST['name'], $image_data);
|
file_put_contents($config['current_path'] . $_POST['path'] . $_POST['name'], $image_data);
|
||||||
create_img($config['current_path'] . $_POST['path'] . $_POST['name'], $config['thumbs_base_path'].$_POST['path'].$_POST['name'], 122, 91);
|
create_img($config['current_path'] . $_POST['path'] . $_POST['name'], $config['thumbs_base_path'].$_POST['path'].$_POST['name'], 122, 91);
|
||||||
@ -265,20 +267,16 @@ if (isset($_GET['action'])) {
|
|||||||
<li><a href="javascript:;" class="jp-stop" tabindex="1">stop</a></li>
|
<li><a href="javascript:;" class="jp-stop" tabindex="1">stop</a></li>
|
||||||
<li><a href="javascript:;" class="jp-mute" tabindex="1" title="mute">mute</a></li>
|
<li><a href="javascript:;" class="jp-mute" tabindex="1" title="mute">mute</a></li>
|
||||||
<li><a href="javascript:;" class="jp-unmute" tabindex="1" title="unmute">unmute</a></li>
|
<li><a href="javascript:;" class="jp-unmute" tabindex="1" title="unmute">unmute</a></li>
|
||||||
<li><a href="javascript:;" class="jp-volume-max" tabindex="1" title="max volume">max volume</a>
|
<li><a href="javascript:;" class="jp-volume-max" tabindex="1" title="max volume">max volume</a></li>
|
||||||
</li>
|
|
||||||
</ul>
|
</ul>
|
||||||
<div class="jp-volume-bar">
|
<div class="jp-volume-bar">
|
||||||
<div class="jp-volume-bar-value"></div>
|
<div class="jp-volume-bar-value"></div>
|
||||||
</div>
|
</div>
|
||||||
<ul class="jp-toggles">
|
<ul class="jp-toggles">
|
||||||
<li><a href="javascript:;" class="jp-full-screen" tabindex="1" title="full screen">full
|
<li><a href="javascript:;" class="jp-full-screen" tabindex="1" title="full screen">full screen</a></li>
|
||||||
screen</a></li>
|
<li><a href="javascript:;" class="jp-restore-screen" tabindex="1" title="restore screen">restore screen</a></li>
|
||||||
<li><a href="javascript:;" class="jp-restore-screen" tabindex="1" title="restore screen">restore
|
|
||||||
screen</a></li>
|
|
||||||
<li><a href="javascript:;" class="jp-repeat" tabindex="1" title="repeat">repeat</a></li>
|
<li><a href="javascript:;" class="jp-repeat" tabindex="1" title="repeat">repeat</a></li>
|
||||||
<li><a href="javascript:;" class="jp-repeat-off" tabindex="1" title="repeat off">repeat off</a>
|
<li><a href="javascript:;" class="jp-repeat-off" tabindex="1" title="repeat off">repeat off</a></li>
|
||||||
</li>
|
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
<div class="jp-title" style="display:none;">
|
<div class="jp-title" style="display:none;">
|
||||||
@ -290,8 +288,7 @@ if (isset($_GET['action'])) {
|
|||||||
</div>
|
</div>
|
||||||
<div class="jp-no-solution">
|
<div class="jp-no-solution">
|
||||||
<span>Update Required</span>
|
<span>Update Required</span>
|
||||||
To play the media you will need to either update your browser to a recent version or update your <a
|
To play the media you will need to either update your browser to a recent version or update your <a href="https://get.adobe.com/flashplayer/" target="_blank">Flash plugin</a>.
|
||||||
href="https://get.adobe.com/flashplayer/" target="_blank">Flash plugin</a>.
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@ -414,8 +411,7 @@ if (isset($_GET['action'])) {
|
|||||||
if (
|
if (
|
||||||
($_POST['folder']==1 && $config['chmod_dirs'] === false)
|
($_POST['folder']==1 && $config['chmod_dirs'] === false)
|
||||||
|| ($_POST['folder']==0 && $config['chmod_files'] === false)
|
|| ($_POST['folder']==0 && $config['chmod_files'] === false)
|
||||||
|| (is_function_callable("chmod") === false)
|
|| (is_function_callable("chmod") === false)) {
|
||||||
) {
|
|
||||||
response(sprintf(trans('File_Permission_Not_Allowed'), (is_dir($path) ? trans('Folders') : trans('Files')), 403).AddErrorLocation())->send();
|
response(sprintf(trans('File_Permission_Not_Allowed'), (is_dir($path) ? trans('Folders') : trans('Files')), 403).AddErrorLocation())->send();
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
@ -425,8 +421,7 @@ if (isset($_GET['action'])) {
|
|||||||
if (
|
if (
|
||||||
(is_dir($path) && $config['chmod_dirs'] === false)
|
(is_dir($path) && $config['chmod_dirs'] === false)
|
||||||
|| (is_file($path) && $config['chmod_files'] === false)
|
|| (is_file($path) && $config['chmod_files'] === false)
|
||||||
|| (is_function_callable("chmod") === false)
|
|| (is_function_callable("chmod") === false)) {
|
||||||
) {
|
|
||||||
response(sprintf(trans('File_Permission_Not_Allowed'), (is_dir($path) ? trans('Folders') : trans('Files')), 403).AddErrorLocation())->send();
|
response(sprintf(trans('File_Permission_Not_Allowed'), (is_dir($path) ? trans('Folders') : trans('Files')), 403).AddErrorLocation())->send();
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
@ -608,8 +603,7 @@ if (isset($_GET['action'])) {
|
|||||||
if (!isset($info['extension'])) {
|
if (!isset($info['extension'])) {
|
||||||
$info['extension']='';
|
$info['extension']='';
|
||||||
}
|
}
|
||||||
if (
|
if (! in_array($info['extension'], $allowed_file_exts)
|
||||||
!in_array($info['extension'], $allowed_file_exts)
|
|
||||||
|| ! isset($is_allowed)
|
|| ! isset($is_allowed)
|
||||||
|| $is_allowed === false
|
|| $is_allowed === false
|
||||||
|| (!$ftp && ! is_readable($selected_file))
|
|| (!$ftp && ! is_readable($selected_file))
|
||||||
|
2
core/vendor/filemanager/config/config.php
vendored
2
core/vendor/filemanager/config/config.php
vendored
@ -447,7 +447,7 @@ $config = array(
|
|||||||
* TUI Image Editor config
|
* TUI Image Editor config
|
||||||
*******************/
|
*******************/
|
||||||
// Add or modify the options below as needed - they will be json encoded when added to the configuration so arrays can be utilized as needed
|
// Add or modify the options below as needed - they will be json encoded when added to the configuration so arrays can be utilized as needed
|
||||||
'tui_active' => true,
|
'tui_active' => false,
|
||||||
'tui_position' => 'bottom',
|
'tui_position' => 'bottom',
|
||||||
// 'common.bi.image' => "../assets/images/logo.png",
|
// 'common.bi.image' => "../assets/images/logo.png",
|
||||||
// 'common.bisize.width' => '70px',
|
// 'common.bisize.width' => '70px',
|
||||||
|
Loading…
Reference in New Issue
Block a user