Merge branch 'master' into 12400

This commit is contained in:
Fred Tempez 2023-05-09 14:56:01 +02:00
commit 4b34c1664d
3 changed files with 221 additions and 226 deletions

View File

@ -7,8 +7,9 @@
- Stockage des données JSON, forçage au format objet. - Stockage des données JSON, forçage au format objet.
## Version 12.3.10 ## Version 12.3.10
- Edition d'un utilisateur, affiche correctement la langue de l'interface dans l'édition d'un utilisateur.
- Mise à jour du fichier dialog.php de Responsive File Manager - Mise à jour du fichier dialog.php de Responsive File Manager
- Vulnérabilité dans ajax_call.php CVE-2020-10567 - Vulnérabilité dans ajax_call.php CVE-2020-10567, désactivation de TUI Editor et de la fonction save_image.
## Version 12.3.09 ## Version 12.3.09
### Corrections ### Corrections

View File

@ -73,13 +73,16 @@ if (isset($_GET['action'])) {
$_SESSION['RF']["sort_by"] = $_GET['sort_by']; $_SESSION['RF']["sort_by"] = $_GET['sort_by'];
} }
if (isset($_GET['descending'])) { if (isset($_GET['descending']))
{
$_SESSION['RF']["descending"] = $_GET['descending']; $_SESSION['RF']["descending"] = $_GET['descending'];
} }
break; break;
case 'save_img': case 'save_img':
break;
$info = pathinfo($_POST['name']); $info = pathinfo($_POST['name']);
$image_data = $_POST['url']; $image_data = $_POST['url'];
if (preg_match('/^data:image\/(\w+);base64,/', $image_data, $type)) { if (preg_match('/^data:image\/(\w+);base64,/', $image_data, $type)) {
$image_data = substr($image_data, strpos($image_data, ',') + 1); $image_data = substr($image_data, strpos($image_data, ',') + 1);
$type = strtolower($type[1]); // jpg, png, gif $type = strtolower($type[1]); // jpg, png, gif
@ -104,19 +107,18 @@ if (isset($_GET['action'])) {
response(sprintf(trans('max_size_reached'), $config['MaxSizeTotal']).AddErrorLocation())->send(); response(sprintf(trans('max_size_reached'), $config['MaxSizeTotal']).AddErrorLocation())->send();
exit; exit;
} }
if ($ftp) { if ($ftp) {
$temp_file = tmpfile(); $temp = tempnam('/tmp', 'RF');
$temp_meta = stream_get_meta_data($temp_file); unlink($temp);
$temp_path = $temp_meta['uri']; $temp .=".".substr(strrchr($_POST['url'], '.'), 1);
fwrite($temp_file, $image_data); file_put_contents($temp, $image_data);
$ftp->put($config['ftp_base_folder'] . $config['upload_dir'] . $_POST['path'] . $_POST['name'], $temp_path, FTP_BINARY); $ftp->put($config['ftp_base_folder'].$config['upload_dir'] . $_POST['path'] . $_POST['name'], $temp, FTP_BINARY);
create_img($temp_path, $temp_path, 122, 91); create_img($temp, $temp, 122, 91);
$ftp->put($config['ftp_base_folder'] . $config['ftp_thumbs_dir'] . $_POST['path'] . $_POST['name'], $temp_path, FTP_BINARY); $ftp->put($config['ftp_base_folder'].$config['ftp_thumbs_dir']. $_POST['path'] . $_POST['name'], $temp, FTP_BINARY);
fclose($temp_file); unlink($temp);
} else { } else {
file_put_contents($config['current_path'] . $_POST['path'] . $_POST['name'], $image_data); file_put_contents($config['current_path'] . $_POST['path'] . $_POST['name'], $image_data);
create_img($config['current_path'] . $_POST['path'] . $_POST['name'], $config['thumbs_base_path'].$_POST['path'].$_POST['name'], 122, 91); create_img($config['current_path'] . $_POST['path'] . $_POST['name'], $config['thumbs_base_path'].$_POST['path'].$_POST['name'], 122, 91);
@ -265,20 +267,16 @@ if (isset($_GET['action'])) {
<li><a href="javascript:;" class="jp-stop" tabindex="1">stop</a></li> <li><a href="javascript:;" class="jp-stop" tabindex="1">stop</a></li>
<li><a href="javascript:;" class="jp-mute" tabindex="1" title="mute">mute</a></li> <li><a href="javascript:;" class="jp-mute" tabindex="1" title="mute">mute</a></li>
<li><a href="javascript:;" class="jp-unmute" tabindex="1" title="unmute">unmute</a></li> <li><a href="javascript:;" class="jp-unmute" tabindex="1" title="unmute">unmute</a></li>
<li><a href="javascript:;" class="jp-volume-max" tabindex="1" title="max volume">max volume</a> <li><a href="javascript:;" class="jp-volume-max" tabindex="1" title="max volume">max volume</a></li>
</li>
</ul> </ul>
<div class="jp-volume-bar"> <div class="jp-volume-bar">
<div class="jp-volume-bar-value"></div> <div class="jp-volume-bar-value"></div>
</div> </div>
<ul class="jp-toggles"> <ul class="jp-toggles">
<li><a href="javascript:;" class="jp-full-screen" tabindex="1" title="full screen">full <li><a href="javascript:;" class="jp-full-screen" tabindex="1" title="full screen">full screen</a></li>
screen</a></li> <li><a href="javascript:;" class="jp-restore-screen" tabindex="1" title="restore screen">restore screen</a></li>
<li><a href="javascript:;" class="jp-restore-screen" tabindex="1" title="restore screen">restore
screen</a></li>
<li><a href="javascript:;" class="jp-repeat" tabindex="1" title="repeat">repeat</a></li> <li><a href="javascript:;" class="jp-repeat" tabindex="1" title="repeat">repeat</a></li>
<li><a href="javascript:;" class="jp-repeat-off" tabindex="1" title="repeat off">repeat off</a> <li><a href="javascript:;" class="jp-repeat-off" tabindex="1" title="repeat off">repeat off</a></li>
</li>
</ul> </ul>
</div> </div>
<div class="jp-title" style="display:none;"> <div class="jp-title" style="display:none;">
@ -290,8 +288,7 @@ if (isset($_GET['action'])) {
</div> </div>
<div class="jp-no-solution"> <div class="jp-no-solution">
<span>Update Required</span> <span>Update Required</span>
To play the media you will need to either update your browser to a recent version or update your <a To play the media you will need to either update your browser to a recent version or update your <a href="https://get.adobe.com/flashplayer/" target="_blank">Flash plugin</a>.
href="https://get.adobe.com/flashplayer/" target="_blank">Flash plugin</a>.
</div> </div>
</div> </div>
</div> </div>
@ -414,8 +411,7 @@ if (isset($_GET['action'])) {
if ( if (
($_POST['folder']==1 && $config['chmod_dirs'] === false) ($_POST['folder']==1 && $config['chmod_dirs'] === false)
|| ($_POST['folder']==0 && $config['chmod_files'] === false) || ($_POST['folder']==0 && $config['chmod_files'] === false)
|| (is_function_callable("chmod") === false) || (is_function_callable("chmod") === false)) {
) {
response(sprintf(trans('File_Permission_Not_Allowed'), (is_dir($path) ? trans('Folders') : trans('Files')), 403).AddErrorLocation())->send(); response(sprintf(trans('File_Permission_Not_Allowed'), (is_dir($path) ? trans('Folders') : trans('Files')), 403).AddErrorLocation())->send();
exit; exit;
} }
@ -425,8 +421,7 @@ if (isset($_GET['action'])) {
if ( if (
(is_dir($path) && $config['chmod_dirs'] === false) (is_dir($path) && $config['chmod_dirs'] === false)
|| (is_file($path) && $config['chmod_files'] === false) || (is_file($path) && $config['chmod_files'] === false)
|| (is_function_callable("chmod") === false) || (is_function_callable("chmod") === false)) {
) {
response(sprintf(trans('File_Permission_Not_Allowed'), (is_dir($path) ? trans('Folders') : trans('Files')), 403).AddErrorLocation())->send(); response(sprintf(trans('File_Permission_Not_Allowed'), (is_dir($path) ? trans('Folders') : trans('Files')), 403).AddErrorLocation())->send();
exit; exit;
} }
@ -608,8 +603,7 @@ if (isset($_GET['action'])) {
if (!isset($info['extension'])) { if (!isset($info['extension'])) {
$info['extension']=''; $info['extension']='';
} }
if ( if (! in_array($info['extension'], $allowed_file_exts)
!in_array($info['extension'], $allowed_file_exts)
|| ! isset($is_allowed) || ! isset($is_allowed)
|| $is_allowed === false || $is_allowed === false
|| (!$ftp && ! is_readable($selected_file)) || (!$ftp && ! is_readable($selected_file))

View File

@ -447,7 +447,7 @@ $config = array(
* TUI Image Editor config * TUI Image Editor config
*******************/ *******************/
// Add or modify the options below as needed - they will be json encoded when added to the configuration so arrays can be utilized as needed // Add or modify the options below as needed - they will be json encoded when added to the configuration so arrays can be utilized as needed
'tui_active' => true, 'tui_active' => false,
'tui_position' => 'bottom', 'tui_position' => 'bottom',
// 'common.bi.image' => "../assets/images/logo.png", // 'common.bi.image' => "../assets/images/logo.png",
// 'common.bisize.width' => '70px', // 'common.bisize.width' => '70px',