Merge branch 'master' into 12400
This commit is contained in:
commit
4b34c1664d
@ -7,8 +7,9 @@
|
||||
- Stockage des données JSON, forçage au format objet.
|
||||
|
||||
## Version 12.3.10
|
||||
- Edition d'un utilisateur, affiche correctement la langue de l'interface dans l'édition d'un utilisateur.
|
||||
- Mise à jour du fichier dialog.php de Responsive File Manager
|
||||
- Vulnérabilité dans ajax_call.php CVE-2020-10567
|
||||
- Vulnérabilité dans ajax_call.php CVE-2020-10567, désactivation de TUI Editor et de la fonction save_image.
|
||||
|
||||
## Version 12.3.09
|
||||
### Corrections
|
||||
|
46
core/vendor/filemanager/ajax_calls.php
vendored
46
core/vendor/filemanager/ajax_calls.php
vendored
@ -73,13 +73,16 @@ if (isset($_GET['action'])) {
|
||||
$_SESSION['RF']["sort_by"] = $_GET['sort_by'];
|
||||
}
|
||||
|
||||
if (isset($_GET['descending'])) {
|
||||
if (isset($_GET['descending']))
|
||||
{
|
||||
$_SESSION['RF']["descending"] = $_GET['descending'];
|
||||
}
|
||||
break;
|
||||
case 'save_img':
|
||||
break;
|
||||
$info = pathinfo($_POST['name']);
|
||||
$image_data = $_POST['url'];
|
||||
|
||||
if (preg_match('/^data:image\/(\w+);base64,/', $image_data, $type)) {
|
||||
$image_data = substr($image_data, strpos($image_data, ',') + 1);
|
||||
$type = strtolower($type[1]); // jpg, png, gif
|
||||
@ -104,19 +107,18 @@ if (isset($_GET['action'])) {
|
||||
response(sprintf(trans('max_size_reached'), $config['MaxSizeTotal']).AddErrorLocation())->send();
|
||||
exit;
|
||||
}
|
||||
|
||||
if ($ftp) {
|
||||
$temp_file = tmpfile();
|
||||
$temp_meta = stream_get_meta_data($temp_file);
|
||||
$temp_path = $temp_meta['uri'];
|
||||
fwrite($temp_file, $image_data);
|
||||
$temp = tempnam('/tmp', 'RF');
|
||||
unlink($temp);
|
||||
$temp .=".".substr(strrchr($_POST['url'], '.'), 1);
|
||||
file_put_contents($temp, $image_data);
|
||||
|
||||
$ftp->put($config['ftp_base_folder'] . $config['upload_dir'] . $_POST['path'] . $_POST['name'], $temp_path, FTP_BINARY);
|
||||
$ftp->put($config['ftp_base_folder'].$config['upload_dir'] . $_POST['path'] . $_POST['name'], $temp, FTP_BINARY);
|
||||
|
||||
create_img($temp_path, $temp_path, 122, 91);
|
||||
$ftp->put($config['ftp_base_folder'] . $config['ftp_thumbs_dir'] . $_POST['path'] . $_POST['name'], $temp_path, FTP_BINARY);
|
||||
create_img($temp, $temp, 122, 91);
|
||||
$ftp->put($config['ftp_base_folder'].$config['ftp_thumbs_dir']. $_POST['path'] . $_POST['name'], $temp, FTP_BINARY);
|
||||
|
||||
fclose($temp_file);
|
||||
unlink($temp);
|
||||
} else {
|
||||
file_put_contents($config['current_path'] . $_POST['path'] . $_POST['name'], $image_data);
|
||||
create_img($config['current_path'] . $_POST['path'] . $_POST['name'], $config['thumbs_base_path'].$_POST['path'].$_POST['name'], 122, 91);
|
||||
@ -265,20 +267,16 @@ if (isset($_GET['action'])) {
|
||||
<li><a href="javascript:;" class="jp-stop" tabindex="1">stop</a></li>
|
||||
<li><a href="javascript:;" class="jp-mute" tabindex="1" title="mute">mute</a></li>
|
||||
<li><a href="javascript:;" class="jp-unmute" tabindex="1" title="unmute">unmute</a></li>
|
||||
<li><a href="javascript:;" class="jp-volume-max" tabindex="1" title="max volume">max volume</a>
|
||||
</li>
|
||||
<li><a href="javascript:;" class="jp-volume-max" tabindex="1" title="max volume">max volume</a></li>
|
||||
</ul>
|
||||
<div class="jp-volume-bar">
|
||||
<div class="jp-volume-bar-value"></div>
|
||||
</div>
|
||||
<ul class="jp-toggles">
|
||||
<li><a href="javascript:;" class="jp-full-screen" tabindex="1" title="full screen">full
|
||||
screen</a></li>
|
||||
<li><a href="javascript:;" class="jp-restore-screen" tabindex="1" title="restore screen">restore
|
||||
screen</a></li>
|
||||
<li><a href="javascript:;" class="jp-full-screen" tabindex="1" title="full screen">full screen</a></li>
|
||||
<li><a href="javascript:;" class="jp-restore-screen" tabindex="1" title="restore screen">restore screen</a></li>
|
||||
<li><a href="javascript:;" class="jp-repeat" tabindex="1" title="repeat">repeat</a></li>
|
||||
<li><a href="javascript:;" class="jp-repeat-off" tabindex="1" title="repeat off">repeat off</a>
|
||||
</li>
|
||||
<li><a href="javascript:;" class="jp-repeat-off" tabindex="1" title="repeat off">repeat off</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
<div class="jp-title" style="display:none;">
|
||||
@ -290,8 +288,7 @@ if (isset($_GET['action'])) {
|
||||
</div>
|
||||
<div class="jp-no-solution">
|
||||
<span>Update Required</span>
|
||||
To play the media you will need to either update your browser to a recent version or update your <a
|
||||
href="https://get.adobe.com/flashplayer/" target="_blank">Flash plugin</a>.
|
||||
To play the media you will need to either update your browser to a recent version or update your <a href="https://get.adobe.com/flashplayer/" target="_blank">Flash plugin</a>.
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
@ -414,8 +411,7 @@ if (isset($_GET['action'])) {
|
||||
if (
|
||||
($_POST['folder']==1 && $config['chmod_dirs'] === false)
|
||||
|| ($_POST['folder']==0 && $config['chmod_files'] === false)
|
||||
|| (is_function_callable("chmod") === false)
|
||||
) {
|
||||
|| (is_function_callable("chmod") === false)) {
|
||||
response(sprintf(trans('File_Permission_Not_Allowed'), (is_dir($path) ? trans('Folders') : trans('Files')), 403).AddErrorLocation())->send();
|
||||
exit;
|
||||
}
|
||||
@ -425,8 +421,7 @@ if (isset($_GET['action'])) {
|
||||
if (
|
||||
(is_dir($path) && $config['chmod_dirs'] === false)
|
||||
|| (is_file($path) && $config['chmod_files'] === false)
|
||||
|| (is_function_callable("chmod") === false)
|
||||
) {
|
||||
|| (is_function_callable("chmod") === false)) {
|
||||
response(sprintf(trans('File_Permission_Not_Allowed'), (is_dir($path) ? trans('Folders') : trans('Files')), 403).AddErrorLocation())->send();
|
||||
exit;
|
||||
}
|
||||
@ -608,8 +603,7 @@ if (isset($_GET['action'])) {
|
||||
if (!isset($info['extension'])) {
|
||||
$info['extension']='';
|
||||
}
|
||||
if (
|
||||
!in_array($info['extension'], $allowed_file_exts)
|
||||
if (! in_array($info['extension'], $allowed_file_exts)
|
||||
|| ! isset($is_allowed)
|
||||
|| $is_allowed === false
|
||||
|| (!$ftp && ! is_readable($selected_file))
|
||||
|
2
core/vendor/filemanager/config/config.php
vendored
2
core/vendor/filemanager/config/config.php
vendored
@ -447,7 +447,7 @@ $config = array(
|
||||
* TUI Image Editor config
|
||||
*******************/
|
||||
// Add or modify the options below as needed - they will be json encoded when added to the configuration so arrays can be utilized as needed
|
||||
'tui_active' => true,
|
||||
'tui_active' => false,
|
||||
'tui_position' => 'bottom',
|
||||
// 'common.bi.image' => "../assets/images/logo.png",
|
||||
// 'common.bisize.width' => '70px',
|
||||
|
Loading…
Reference in New Issue
Block a user