From 957d7acfd763f985899da731e7bcec822fb46381 Mon Sep 17 00:00:00 2001 From: fredtempez Date: Thu, 3 Jan 2019 14:15:36 +0100 Subject: [PATCH 01/32] faille CSRF --- core/module/page/page.php | 65 ++++++++++++++++++++++----------------- 1 file changed, 36 insertions(+), 29 deletions(-) diff --git a/core/module/page/page.php b/core/module/page/page.php index cccf8a38..19e4db75 100755 --- a/core/module/page/page.php +++ b/core/module/page/page.php @@ -77,40 +77,47 @@ class page extends common { * Suppression */ public function delete() { - // La page n'existe pas - if($this->getData(['page', $this->getUrl(2)]) === null) { + if($this->isPost()) { + // La page n'existe pas + if($this->getData(['page', $this->getUrl(2)]) === null) { + // Valeurs en sortie + $this->addOutput([ + 'access' => false + ]); + } + // Impossible de supprimer la page d'accueil + elseif($this->getUrl(2) === $this->getData(['config', 'homePageId'])) { + // Valeurs en sortie + $this->addOutput([ + 'redirect' => helper::baseUrl() . 'page/edit/' . $this->getUrl(2), + 'notification' => 'Impossible de supprimer la page d\'accueil' + ]); + } + // Impossible de supprimer une page contenant des enfants + elseif($this->getHierarchy($this->getUrl(2))) { + // Valeurs en sortie + $this->addOutput([ + 'redirect' => helper::baseUrl() . 'page/edit/' . $this->getUrl(2), + 'notification' => 'Impossible de supprimer une page contenant des enfants' + ]); + } + // Suppression + else { + $this->deleteData(['page', $this->getUrl(2)]); + $this->deleteData(['module', $this->getUrl(2)]); + // Valeurs en sortie + $this->addOutput([ + 'redirect' => helper::baseUrl(false), + 'notification' => 'Page supprimée', + 'state' => true + ]); + } + } else { // Valeurs en sortie $this->addOutput([ 'access' => false ]); } - // Impossible de supprimer la page d'accueil - elseif($this->getUrl(2) === $this->getData(['config', 'homePageId'])) { - // Valeurs en sortie - $this->addOutput([ - 'redirect' => helper::baseUrl() . 'page/edit/' . $this->getUrl(2), - 'notification' => 'Impossible de supprimer la page d\'accueil' - ]); - } - // Impossible de supprimer une page contenant des enfants - elseif($this->getHierarchy($this->getUrl(2))) { - // Valeurs en sortie - $this->addOutput([ - 'redirect' => helper::baseUrl() . 'page/edit/' . $this->getUrl(2), - 'notification' => 'Impossible de supprimer une page contenant des enfants' - ]); - } - // Suppression - else { - $this->deleteData(['page', $this->getUrl(2)]); - $this->deleteData(['module', $this->getUrl(2)]); - // Valeurs en sortie - $this->addOutput([ - 'redirect' => helper::baseUrl(false), - 'notification' => 'Page supprimée', - 'state' => true - ]); - } } /** From fd7b2cd524ba719a216460817d969de7e496ae5a Mon Sep 17 00:00:00 2001 From: fredtempez Date: Thu, 3 Jan 2019 14:16:56 +0100 Subject: [PATCH 02/32] Faille CSRF --- CHANGES.MD | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGES.MD b/CHANGES.MD index fe19afc9..5cadf953 100644 --- a/CHANGES.MD +++ b/CHANGES.MD @@ -1,5 +1,8 @@ # ChangeLog +## Version 8.5.4 +* Correction : + - Faille CSRF lors de l'effacement d'une page ## Version 8.5.3 * Modification : From 5d300c93d637ef00627b371d9245ce4cf284ac2b Mon Sep 17 00:00:00 2001 From: fredtempez Date: Fri, 4 Jan 2019 22:30:50 +0100 Subject: [PATCH 03/32] annulation correctif csrf --- core/module/page/page.php | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/core/module/page/page.php b/core/module/page/page.php index 19e4db75..07d619a7 100755 --- a/core/module/page/page.php +++ b/core/module/page/page.php @@ -76,8 +76,7 @@ class page extends common { /** * Suppression */ - public function delete() { - if($this->isPost()) { + public function delete() { // La page n'existe pas if($this->getData(['page', $this->getUrl(2)]) === null) { // Valeurs en sortie @@ -112,12 +111,6 @@ class page extends common { 'state' => true ]); } - } else { - // Valeurs en sortie - $this->addOutput([ - 'access' => false - ]); - } } /** From 995278c7532c5a78819459ea5e7ec9e625f95875 Mon Sep 17 00:00:00 2001 From: fredtempez Date: Fri, 4 Jan 2019 23:24:00 +0100 Subject: [PATCH 04/32] Correction CSRF en effacement de la page --- core/module/page/page.php | 86 ++++++++++++++++------------- core/module/page/view/edit/edit.php | 2 +- 2 files changed, 49 insertions(+), 39 deletions(-) diff --git a/core/module/page/page.php b/core/module/page/page.php index 07d619a7..d224065e 100755 --- a/core/module/page/page.php +++ b/core/module/page/page.php @@ -33,9 +33,9 @@ class page extends common { // menu image // Position du module public static $modulePosition = [ - 'bottom' => 'En bas', - 'top' => 'En haut', - 'free' => 'Libre' + 'bottom' => 'En bas', + 'top' => 'En haut', + 'free' => 'Libre' ]; /** * Création @@ -76,41 +76,51 @@ class page extends common { /** * Suppression */ - public function delete() { - // La page n'existe pas - if($this->getData(['page', $this->getUrl(2)]) === null) { - // Valeurs en sortie - $this->addOutput([ - 'access' => false - ]); - } - // Impossible de supprimer la page d'accueil - elseif($this->getUrl(2) === $this->getData(['config', 'homePageId'])) { - // Valeurs en sortie - $this->addOutput([ - 'redirect' => helper::baseUrl() . 'page/edit/' . $this->getUrl(2), - 'notification' => 'Impossible de supprimer la page d\'accueil' - ]); - } - // Impossible de supprimer une page contenant des enfants - elseif($this->getHierarchy($this->getUrl(2))) { - // Valeurs en sortie - $this->addOutput([ - 'redirect' => helper::baseUrl() . 'page/edit/' . $this->getUrl(2), - 'notification' => 'Impossible de supprimer une page contenant des enfants' - ]); - } - // Suppression - else { - $this->deleteData(['page', $this->getUrl(2)]); - $this->deleteData(['module', $this->getUrl(2)]); - // Valeurs en sortie - $this->addOutput([ - 'redirect' => helper::baseUrl(false), - 'notification' => 'Page supprimée', - 'state' => true - ]); - } + public function delete() { + // $url prend l'adresse sans le token + $url = explode('&',$this->getUrl(2)); + // La page n'existe pas + if($this->getData(['page', $url[0]]) === null) { + // Valeurs en sortie + $this->addOutput([ + 'access' => false + ]); + } + // Impossible de supprimer la page d'accueil + elseif($url[0] === $this->getData(['config', 'homePageId'])) { + // Valeurs en sortie + $this->addOutput([ + 'redirect' => helper::baseUrl() . 'page/edit/' . $url[0], + 'notification' => 'Impossible de supprimer la page d\'accueil' + ]); + } + // Jeton incorrect + elseif($_GET['csrf'] !== $_SESSION['csrf']) { + // Valeurs en sortie + $this->addOutput([ + 'redirect' => helper::baseUrl() . 'page/edit/' . $url[0], + 'notification' => 'Suppression non autorisée' + ]); + } + // Impossible de supprimer une page contenant des enfants + elseif($this->getHierarchy($url[0])) { + // Valeurs en sortie + $this->addOutput([ + 'redirect' => helper::baseUrl() . 'page/edit/' . $url[0], + 'notification' => 'Impossible de supprimer une page contenant des enfants' + ]); + } + // Suppression + else { + $this->deleteData(['page', $url[0]]); + $this->deleteData(['module', $url[0]]); + // Valeurs en sortie + $this->addOutput([ + 'redirect' => helper::baseUrl(false), + 'notification' => 'Page supprimée', + 'state' => true + ]); + } } /** diff --git a/core/module/page/view/edit/edit.php b/core/module/page/view/edit/edit.php index 2092d534..251174ba 100755 --- a/core/module/page/view/edit/edit.php +++ b/core/module/page/view/edit/edit.php @@ -13,7 +13,7 @@
'buttonRed', - 'href' => helper::baseUrl() . 'page/delete/' . $this->getUrl(2), + 'href' => helper::baseUrl() . 'page/delete/' . $this->getUrl(2) . '&csrf=' . $_SESSION['csrf'], 'value' => 'Supprimer', 'ico' => 'cancel' ]); ?> From b56696d6511311f3e5fd1c7dea63e963605e356e Mon Sep 17 00:00:00 2001 From: fredtempez Date: Sat, 5 Jan 2019 22:36:16 +0100 Subject: [PATCH 05/32] correctif faille CSRF --- core/module/page/page.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/core/module/page/page.php b/core/module/page/page.php index d224065e..17edaa8a 100755 --- a/core/module/page/page.php +++ b/core/module/page/page.php @@ -95,7 +95,8 @@ class page extends common { ]); } // Jeton incorrect - elseif($_GET['csrf'] !== $_SESSION['csrf']) { + elseif(!isset ($_GET['csrf']) AND + $_GET['csrf'] !== $_SESSION['csrf']) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . 'page/edit/' . $url[0], From 30e06ef2e2d80d99979a7d24ab3bb48724a8ed70 Mon Sep 17 00:00:00 2001 From: fredtempez Date: Sat, 5 Jan 2019 23:02:28 +0100 Subject: [PATCH 06/32] Correction faille CSRF --- core/module/page/page.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/core/module/page/page.php b/core/module/page/page.php index 17edaa8a..f33cad4c 100755 --- a/core/module/page/page.php +++ b/core/module/page/page.php @@ -95,8 +95,14 @@ class page extends common { ]); } // Jeton incorrect - elseif(!isset ($_GET['csrf']) AND - $_GET['csrf'] !== $_SESSION['csrf']) { + elseif(!isset($_GET['csrf'])) { + // Valeurs en sortie + $this->addOutput([ + 'redirect' => helper::baseUrl() . 'page/edit/' . $url[0], + 'notification' => 'Jeton invalide' + ]); + } + elseif ($_GET['csrf'] !== $_SESSION['csrf']) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . 'page/edit/' . $url[0], From 8d18c238e38a1e8ab329499b65e471dfc45df21f Mon Sep 17 00:00:00 2001 From: fredtempez Date: Sat, 5 Jan 2019 23:45:27 +0100 Subject: [PATCH 07/32] =?UTF-8?q?Faille=20CSRF=20modification=20num=C3=A9r?= =?UTF-8?q?o=20de=20version?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- core/core.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/core.php b/core/core.php index d2455a42..0acd6c5f 100644 --- a/core/core.php +++ b/core/core.php @@ -24,7 +24,7 @@ class common { const GROUP_MEMBER = 1; const GROUP_MODERATOR = 2; const GROUP_ADMIN = 3; - const ZWII_VERSION = '8.5.3'; + const ZWII_VERSION = '8.5.4'; public static $actions = []; public static $coreModuleIds = [ From 7e2a9168e30e70563b0285871a70205edb610d0d Mon Sep 17 00:00:00 2001 From: fredtempez Date: Mon, 7 Jan 2019 19:47:17 +0100 Subject: [PATCH 08/32] update changes.md --- CHANGES.MD | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/CHANGES.MD b/CHANGES.MD index 5cadf953..78cc6dbb 100644 --- a/CHANGES.MD +++ b/CHANGES.MD @@ -10,12 +10,12 @@ * Correction : - Appel de la génération de la capture d'écran OpenGraph quand le fichier est absent - CSS pour le footer des blocs et non des éléments - - #footersite, #footerbody : bloc footer dans et hors site - - #footersite, #footerbody a : liens du bloc footer dans et hors site + - \#footersite, \#footerbody : bloc footer dans et hors site + - \#footersite, \#footerbody a : liens du bloc footer dans et hors site - Bloc des colonnes dans et hors site : - - #footersiteLeft, #footerbodyLef - - #footersiteCenter, #footerbodyCenter - - #footersiteRight, #footerbodyRight + - \#footersiteLeft, \#footerbodyLef + - \#footersiteCenter, \#footerbodyCenter + - \#footersiteRight, \#footerbodyRight ## Version 8.5.2 * Correction : From 4b77990cf7fead5cd9c33d1d8d968ff3aed0fdf6 Mon Sep 17 00:00:00 2001 From: fredtempez Date: Mon, 7 Jan 2019 22:36:32 +0100 Subject: [PATCH 09/32] Faille CSRF --- CHANGES.MD | 7 +++++++ core/module/user/user.php | 24 ++++++++++++++++++++---- module/blog/blog.php | 23 ++++++++++++++++++++--- module/gallery/gallery.php | 23 ++++++++++++++++++++--- module/news/news.php | 23 ++++++++++++++++++++--- 5 files changed, 87 insertions(+), 13 deletions(-) diff --git a/CHANGES.MD b/CHANGES.MD index 78cc6dbb..1fda0edf 100644 --- a/CHANGES.MD +++ b/CHANGES.MD @@ -1,5 +1,12 @@ # ChangeLog +## Version 8.5.5 +* Correction : + - Faille CSRF lors de l'effacement d'un membre + - Faille CSRF lors de l'effacement d'une galerie + - Faille CSRF lors de l'effacement d'un article de blog + - Faille CSRF lors de l'effacement d'un article de news + ## Version 8.5.4 * Correction : - Faille CSRF lors de l'effacement d'une page diff --git a/core/module/user/user.php b/core/module/user/user.php index a8559cfd..9ee42d7d 100755 --- a/core/module/user/user.php +++ b/core/module/user/user.php @@ -88,10 +88,11 @@ class user extends common { * Suppression */ public function delete() { + $url = explode('&',$this->getUrl(2)); // Accès refusé if( // L'utilisateur n'existe pas - $this->getData(['user', $this->getUrl(2)]) === null + $this->getData(['user', $url[0]]) === null // Groupe insuffisant AND ($this->getUrl('group') < self::GROUP_MODERATOR) ) { @@ -100,8 +101,23 @@ class user extends common { 'access' => false ]); } + // Jeton incorrect + elseif(!isset($_GET['csrf'])) { + // Valeurs en sortie + $this->addOutput([ + 'redirect' => helper::baseUrl() . 'user', + 'notification' => 'Jeton invalide' + ]); + } + elseif ($_GET['csrf'] !== $_SESSION['csrf']) { + // Valeurs en sortie + $this->addOutput([ + 'redirect' => helper::baseUrl() . 'user', + 'notification' => 'Suppression non autorisée' + ]); + } // Bloque la suppression de son propre compte - elseif($this->getUser('id') === $this->getUrl(2)) { + elseif($this->getUser('id') === $url[0]) { // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . 'user', @@ -110,7 +126,7 @@ class user extends common { } // Suppression else { - $this->deleteData(['user', $this->getUrl(2)]); + $this->deleteData(['user', $url[0]]); // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . 'user', @@ -280,7 +296,7 @@ class user extends common { ]), template::button('userDelete' . $userId, [ 'class' => 'userDelete buttonRed', - 'href' => helper::baseUrl() . 'user/delete/' . $userId, + 'href' => helper::baseUrl() . 'user/delete/' . $userId. '&csrf=' . $_SESSION['csrf'], 'value' => template::ico('cancel') ]) ]; diff --git a/module/blog/blog.php b/module/blog/blog.php index 8c4bf930..2cd5edd8 100755 --- a/module/blog/blog.php +++ b/module/blog/blog.php @@ -174,7 +174,7 @@ class blog extends common { ]), template::button('blogConfigDelete' . $articleIds[$i], [ 'class' => 'blogConfigDelete buttonRed', - 'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $articleIds[$i], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $articleIds[$i]. '&csrf=' . $_SESSION['csrf'], 'value' => template::ico('cancel') ]) ]; @@ -190,16 +190,33 @@ class blog extends common { * Suppression */ public function delete() { + // $url prend l'adresse sans le token + $url = explode('&',$this->getUrl(2)); // L'article n'existe pas - if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) { + if($this->getData(['module', $this->getUrl(0), $url[0]]) === null) { // Valeurs en sortie $this->addOutput([ 'access' => false ]); } + // Jeton incorrect + elseif(!isset($_GET['csrf'])) { + // Valeurs en sortie + $this->addOutput([ + 'redirect' => helper::baseUrl(). $this->getUrl(0) . '/config', + 'notification' => 'Jeton invalide' + ]); + } + elseif ($_GET['csrf'] !== $_SESSION['csrf']) { + // Valeurs en sortie + $this->addOutput([ + 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', + 'notification' => 'Suppression non autorisée' + ]); + } // Suppression else { - $this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]); + $this->deleteData(['module', $this->getUrl(0), $url[0]]); // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', diff --git a/module/gallery/gallery.php b/module/gallery/gallery.php index 9ce842a9..07a5b3a1 100755 --- a/module/gallery/gallery.php +++ b/module/gallery/gallery.php @@ -59,7 +59,7 @@ class gallery extends common { ]), template::button('galleryConfigDelete' . $galleryId, [ 'class' => 'galleryConfigDelete buttonRed', - 'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $galleryId, + 'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $galleryId. '&csrf=' . $_SESSION['csrf'], 'value' => template::ico('cancel') ]) ]; @@ -93,16 +93,33 @@ class gallery extends common { * Suppression */ public function delete() { + // $url prend l'adresse sans le token + $url = explode('&',$this->getUrl(2)); // La galerie n'existe pas - if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) { + if($this->getData(['module', $this->getUrl(0), $url[0]]) === null) { // Valeurs en sortie $this->addOutput([ 'access' => false ]); } + // Jeton incorrect + elseif(!isset($_GET['csrf'])) { + // Valeurs en sortie + $this->addOutput([ + 'redirect' => helper::baseUrl() . 'config', + 'notification' => 'Jeton invalide' + ]); + } + elseif ($_GET['csrf'] !== $_SESSION['csrf']) { + // Valeurs en sortie + $this->addOutput([ + 'redirect' => helper::baseUrl() . 'config', + 'notification' => 'Suppression non autorisée' + ]); + } // Suppression else { - $this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]); + $this->deleteData(['module', $this->getUrl(0), $url[0]]); // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', diff --git a/module/news/news.php b/module/news/news.php index a57ccec8..6a01670e 100755 --- a/module/news/news.php +++ b/module/news/news.php @@ -100,7 +100,7 @@ class news extends common { ]), template::button('newsConfigDelete' . $newsIds[$i], [ 'class' => 'newsConfigDelete buttonRed', - 'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $newsIds[$i], + 'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $newsIds[$i]. '&csrf=' . $_SESSION['csrf'], 'value' => template::ico('cancel') ]) ]; @@ -116,16 +116,33 @@ class news extends common { * Suppression */ public function delete() { + // $url prend l'adresse sans le token + $url = explode('&',$this->getUrl(2)); // La news n'existe pas - if($this->getData(['module', $this->getUrl(0), $this->getUrl(2)]) === null) { + if($this->getData(['module', $this->getUrl(0), $url[0]]) === null) { // Valeurs en sortie $this->addOutput([ 'access' => false ]); } + // Jeton incorrect + elseif(!isset($_GET['csrf'])) { + // Valeurs en sortie + $this->addOutput([ + 'redirect' => helper::baseUrl(). $this->getUrl(0) . '/config', + 'notification' => 'Jeton invalide' + ]); + } + elseif ($_GET['csrf'] !== $_SESSION['csrf']) { + // Valeurs en sortie + $this->addOutput([ + 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', + 'notification' => 'Suppression non autorisée' + ]); + } // Suppression else { - $this->deleteData(['module', $this->getUrl(0), $this->getUrl(2)]); + $this->deleteData(['module', $this->getUrl(0), $url[0]]); // Valeurs en sortie $this->addOutput([ 'redirect' => helper::baseUrl() . $this->getUrl(0) . '/config', From f4dad2ba66e0bb2c5e4237e75f9fb801dc8e7c78 Mon Sep 17 00:00:00 2001 From: Fred <23246457+fredtempez@users.noreply.github.com> Date: Mon, 7 Jan 2019 22:39:55 +0100 Subject: [PATCH 10/32] Rename CHANGES.MD to CHANGES.md --- CHANGES.MD => CHANGES.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename CHANGES.MD => CHANGES.md (100%) diff --git a/CHANGES.MD b/CHANGES.md similarity index 100% rename from CHANGES.MD rename to CHANGES.md From ad4d1342edd2687d98fc062e4b215d5960a1119e Mon Sep 17 00:00:00 2001 From: fredtempez Date: Tue, 8 Jan 2019 14:56:44 +0100 Subject: [PATCH 11/32] =?UTF-8?q?Taille=20par=20d=C3=A9faut=20des=20police?= =?UTF-8?q?s=20dans=20le=20footer?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- core/layout/common.css | 7 +++++++ core/module/theme/resource/custom.css | 13 ++++++++----- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/core/layout/common.css b/core/layout/common.css index 1f7d7d19..4c991107 100755 --- a/core/layout/common.css +++ b/core/layout/common.css @@ -415,6 +415,13 @@ footer { padding: 10px 20px; vertical-align:middle; } +footer #footerSocials { + font-size: 1.0em; +} + +footer #footerCopyright, #footerText { + font-size: 0.8em; +} footer .col4 { vertical-align: middle; diff --git a/core/module/theme/resource/custom.css b/core/module/theme/resource/custom.css index 872f75c9..386aeb5a 100755 --- a/core/module/theme/resource/custom.css +++ b/core/module/theme/resource/custom.css @@ -40,23 +40,26 @@ nav a.active { } /* Bas de page */ -#footersite, #footerbody { +footer { +} + +footer #footersite, #footerbody { } /* Liens du bas de page */ -#footersite, #footerbody a { +footer #footersite, #footerbody a { } /* footer bloc gauche */ -#footersiteLeft, #footerbodyLeft { +footer #footersiteLeft, #footerbodyLeft { } /* footer bloc central */ -#footersiteCenter, #footerbodyCenter { +footer #footersiteCenter, #footerbodyCenter { } /* footer bloc droite */ -#footersiteRight, #footerbodyRight { +footer #footersiteRight, #footerbodyRight { } /** From 2de76aaaff72109369ed644c74c9e901eb3fcba0 Mon Sep 17 00:00:00 2001 From: fredtempez Date: Tue, 8 Jan 2019 18:10:00 +0100 Subject: [PATCH 12/32] =?UTF-8?q?taille=20des=20polices=20de=20caract?= =?UTF-8?q?=C3=A8res=20dans=20le=20footer?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- site/data/custom.css | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/site/data/custom.css b/site/data/custom.css index a93e7f05..3901cc08 100644 --- a/site/data/custom.css +++ b/site/data/custom.css @@ -48,15 +48,15 @@ footer a { } /* footer bloc gauche */ -#footersiteLeft, #footerbodyLeft { +footer #footersiteLeft, #footerbodyLeft { } /* footer bloc central */ -#footersiteCenter, #footerbodyCenter { +footer #footersiteCenter, #footerbodyCenter { } /* footer bloc droite */ -#footersiteRight, #footerbodyRight { +footer #footersiteRight, #footerbodyRight { } /** From f2cfb4068a10e13b51e29b50d7e1a994a498538e Mon Sep 17 00:00:00 2001 From: fredtempez Date: Thu, 10 Jan 2019 18:02:27 +0100 Subject: [PATCH 13/32] =?UTF-8?q?Modfi=20num=C3=A9ro=20de=20version?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitignore | 7 ++++--- core/core.php | 4 ++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index a72a9d4b..41d3adf8 100644 --- a/.gitignore +++ b/.gitignore @@ -13,11 +13,9 @@ site/file/source/* site/file/thumb/* -# Fichiers de données -site/* - # Dossiers vides dans GitHub !.gitkeep +.gitignore # PHPStorm .idea/ @@ -26,3 +24,6 @@ site/* #Visual Code .vscode +#FreeFile +sync.ffs_db + diff --git a/core/core.php b/core/core.php index 0acd6c5f..c041eed5 100644 --- a/core/core.php +++ b/core/core.php @@ -24,7 +24,7 @@ class common { const GROUP_MEMBER = 1; const GROUP_MODERATOR = 2; const GROUP_ADMIN = 3; - const ZWII_VERSION = '8.5.4'; + const ZWII_VERSION = '8.5.5'; public static $actions = []; public static $coreModuleIds = [ @@ -360,7 +360,7 @@ class common { 'backgroundColor' => 'rgba(255, 255, 255, 1)', 'radius' => '0', 'shadow' => '0', - 'width' => '1170px' + 'width' => '750px' ], 'text' => [ 'font' => 'Open+Sans', From ee2d05ced7d9b9a16123975a07d9d3773a447944 Mon Sep 17 00:00:00 2001 From: Fred <23246457+fredtempez@users.noreply.github.com> Date: Thu, 10 Jan 2019 18:08:13 +0100 Subject: [PATCH 14/32] Create test --- site/tmp/test | 1 + 1 file changed, 1 insertion(+) create mode 100644 site/tmp/test diff --git a/site/tmp/test b/site/tmp/test new file mode 100644 index 00000000..8b137891 --- /dev/null +++ b/site/tmp/test @@ -0,0 +1 @@ + From 8f1401ec3d322964a9ed4027ff9b60a730cd4204 Mon Sep 17 00:00:00 2001 From: Fred <23246457+fredtempez@users.noreply.github.com> Date: Thu, 10 Jan 2019 18:08:23 +0100 Subject: [PATCH 15/32] Delete test --- site/tmp/test | 1 - 1 file changed, 1 deletion(-) delete mode 100644 site/tmp/test diff --git a/site/tmp/test b/site/tmp/test deleted file mode 100644 index 8b137891..00000000 --- a/site/tmp/test +++ /dev/null @@ -1 +0,0 @@ - From b2189459bdfa663626643a56f11e683479995f75 Mon Sep 17 00:00:00 2001 From: Fred <23246457+fredtempez@users.noreply.github.com> Date: Thu, 10 Jan 2019 18:09:04 +0100 Subject: [PATCH 16/32] Create empty.file --- site/tmp/empty.file | 1 + 1 file changed, 1 insertion(+) create mode 100644 site/tmp/empty.file diff --git a/site/tmp/empty.file b/site/tmp/empty.file new file mode 100644 index 00000000..8b137891 --- /dev/null +++ b/site/tmp/empty.file @@ -0,0 +1 @@ + From 4f80ce94638572fc99a9214c20121e0fb3a2ef9c Mon Sep 17 00:00:00 2001 From: fredtempez Date: Thu, 10 Jan 2019 18:58:11 +0100 Subject: [PATCH 17/32] changes.md --- site/tmp/empty.file | 1 - 1 file changed, 1 deletion(-) delete mode 100644 site/tmp/empty.file diff --git a/site/tmp/empty.file b/site/tmp/empty.file deleted file mode 100644 index 8b137891..00000000 --- a/site/tmp/empty.file +++ /dev/null @@ -1 +0,0 @@ - From 773bcdfcc99db543bcc4e3af6b3bc4f168191532 Mon Sep 17 00:00:00 2001 From: fredtempez Date: Thu, 10 Jan 2019 18:59:17 +0100 Subject: [PATCH 18/32] changes.md --- CHANGES.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGES.md b/CHANGES.md index 1fda0edf..0dedcbc8 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -6,6 +6,7 @@ - Faille CSRF lors de l'effacement d'une galerie - Faille CSRF lors de l'effacement d'un article de blog - Faille CSRF lors de l'effacement d'un article de news + - Taille de la police dans le footer impossible à modifier ## Version 8.5.4 * Correction : From ef39e22dddb4404dd98aa8628d393111f7038837 Mon Sep 17 00:00:00 2001 From: fredtempez Date: Fri, 11 Jan 2019 09:17:48 +0100 Subject: [PATCH 19/32] =?UTF-8?q?Taille=20par=20d=C3=A9faut=20960?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- core/core.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/core.php b/core/core.php index c041eed5..974f5c5a 100644 --- a/core/core.php +++ b/core/core.php @@ -24,7 +24,7 @@ class common { const GROUP_MEMBER = 1; const GROUP_MODERATOR = 2; const GROUP_ADMIN = 3; - const ZWII_VERSION = '8.5.5'; + const ZWII_VERSION = '8.5.6'; public static $actions = []; public static $coreModuleIds = [ @@ -360,7 +360,7 @@ class common { 'backgroundColor' => 'rgba(255, 255, 255, 1)', 'radius' => '0', 'shadow' => '0', - 'width' => '750px' + 'width' => '960px' ], 'text' => [ 'font' => 'Open+Sans', From fa395d1845c26c3b08056d502a51a0ee72e6594c Mon Sep 17 00:00:00 2001 From: fredtempez Date: Fri, 11 Jan 2019 09:48:27 +0100 Subject: [PATCH 20/32] =?UTF-8?q?defaut=20site=20size=20et=20espace=20ins?= =?UTF-8?q?=C3=A9cable=20footer?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- core/core.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/core.php b/core/core.php index 974f5c5a..e0312256 100644 --- a/core/core.php +++ b/core/core.php @@ -1847,8 +1847,8 @@ class layout extends common { */ public function showCopyright() { $items = '
'; - $items .= 'Motorisé par Zwii'; - $items .= ' | Plan du site'; + $items .= 'Motorisé par Zwii'; + $items .= ' | Plan du site'; if( ( $this->getData(['theme', 'footer', 'loginLink']) From 1a57893154f59cb9a26915ac30446208622f436e Mon Sep 17 00:00:00 2001 From: fredtempez Date: Fri, 11 Jan 2019 09:54:40 +0100 Subject: [PATCH 21/32] Update Filemanager 9.14 --- core/vendor/filemanager/UploadHandler.php | 11 +- core/vendor/filemanager/ajax_calls.php | 208 +- core/vendor/filemanager/config/config.php | 42 +- core/vendor/filemanager/css/rtl-style.css | Bin 6224 -> 6087 bytes core/vendor/filemanager/dialog.php | 330 +- core/vendor/filemanager/execute.php | 101 +- core/vendor/filemanager/force_download.php | 143 +- .../filemanager/include/mime_type_lib.php | 1 + core/vendor/filemanager/include/utils.php | 186 +- core/vendor/filemanager/js/include.js | 4 +- .../filemanager/js/jquery.fileupload-image.js | 4 +- .../filemanager/js/jquery.fileupload.js | 12 +- .../vendor/filemanager/js/modernizr.custom.js | 5 +- core/vendor/filemanager/js/plugins.js | 9158 ++++++++++++++++- core/vendor/filemanager/lang/cs.php | 48 +- core/vendor/filemanager/lang/de.php | 278 +- core/vendor/filemanager/lang/hu_HU.php | 48 +- core/vendor/filemanager/lang/languages.php | 1 + core/vendor/filemanager/lang/nl.php | 46 +- core/vendor/filemanager/lang/th_TH.php | 12 +- core/vendor/filemanager/plugin.min.js | 100 +- core/vendor/filemanager/upload.php | 331 +- 22 files changed, 10249 insertions(+), 820 deletions(-) diff --git a/core/vendor/filemanager/UploadHandler.php b/core/vendor/filemanager/UploadHandler.php index ed212191..780c54d3 100755 --- a/core/vendor/filemanager/UploadHandler.php +++ b/core/vendor/filemanager/UploadHandler.php @@ -380,6 +380,10 @@ class UploadHandler $file->error = $this->get_error_message('accept_file_types'); return false; } + if (preg_match($this->options['image_file_types'], $file->name) && function_exists('exif_imagetype') && !@exif_imagetype($uploaded_file)) { + $file->error = $this->get_error_message('accept_file_types'); + return false; + } if ($uploaded_file && is_uploaded_file($uploaded_file)) { $file_size = $this->get_file_size($uploaded_file); } else { @@ -519,7 +523,7 @@ class UploadHandler // Remove path information and dots around the filename, to prevent uploading // into different directories or replacing hidden system files. // Also remove control characters and spaces (\x00..\x20) around the filename: - $name = trim($this->basename(stripslashes($name)), ".\x00..\x20"); + $name = trim($this->basename(stripslashes($name)), "\x00..\x20"); // Use a timestamp for empty filenames: if (!$name) { $name = str_replace('.', '-', microtime(true)); @@ -1330,6 +1334,11 @@ class UploadHandler '', $content_disposition_header )) : null; + // TODO check + // if (isset($content_disposition_header) && !empty($content_disposition_header) ) { + // $file_name = str_replace('attachment; filename="', '', $content_disposition_header); + // $file_name = str_replace('"', '', $file_name); + // } // Parse the Content-Range header, which has the following form: // Content-Range: bytes 0-524287/2000000 $content_range_header = $this->get_server_var('HTTP_CONTENT_RANGE'); diff --git a/core/vendor/filemanager/ajax_calls.php b/core/vendor/filemanager/ajax_calls.php index 025d5cfe..0fe40f3f 100755 --- a/core/vendor/filemanager/ajax_calls.php +++ b/core/vendor/filemanager/ajax_calls.php @@ -1,8 +1,6 @@ send(); exit; } + + +//check $_GET['file'] +if(isset($_GET['file']) && !checkRelativePath($_GET['file'])) { + response(trans('wrong path').AddErrorLocation())->send(); + exit; +} + +//check $_POST['file'] +if(isset($_POST['path']) && !checkRelativePath($_POST['path'])) { + response(trans('wrong path').AddErrorLocation())->send(); + exit; +} + + $ftp = ftp_con($config); if(isset($_GET['action'])) @@ -52,7 +65,7 @@ if(isset($_GET['action'])) case 'filter': if (isset($_GET['type'])) { - if (isset($remember_text_filter) && $remember_text_filter) + if (isset($config['remember_text_filter']) && $config['remember_text_filter']) { $_SESSION['RF']["filter"] = $_GET['type']; } @@ -73,24 +86,10 @@ if(isset($_GET['action'])) $_SESSION['RF']["descending"] = $_GET['descending']; } break; - case 'image_size': // not used - $pos = strpos($_POST['path'], $upload_dir); - if ($pos !== false) - { - $info = getimagesize(substr_replace($_POST['path'], $current_path, $pos, strlen($upload_dir))); - response($info)->send(); - exit; - } - break; case 'save_img': $info = pathinfo($_POST['name']); - if ( - strpos($_POST['path'], '/') === 0 - || strpos($_POST['path'], '../') !== false - || strpos($_POST['path'], '..\\') !== false - || strpos($_POST['path'], './') === 0 - || (strpos($_POST['url'], 'http://s3.amazonaws.com/feather') !== 0 && strpos($_POST['url'], 'https://s3.amazonaws.com/feather') !== 0) + if ((strpos($_POST['url'], 'http://s3.amazonaws.com/feather') !== 0 && strpos($_POST['url'], 'https://s3.amazonaws.com/feather') !== 0) || $_POST['name'] != fix_filename($_POST['name'], $config) || ! in_array(strtolower($info['extension']), array( 'jpg', 'jpeg', 'png' )) ) @@ -106,7 +105,7 @@ if(isset($_GET['action'])) } if (!checkresultingsize(strlen($image_data))) { - response(sprintf(trans('max_size_reached'),$MaxSizeTotal).AddErrorLocation())->send(); + response(sprintf(trans('max_size_reached'),$config['MaxSizeTotal']).AddErrorLocation())->send(); exit; } if($ftp){ @@ -116,42 +115,36 @@ if(isset($_GET['action'])) $temp .=".".substr(strrchr($_POST['url'],'.'),1); file_put_contents($temp,$image_data); - $ftp->put($ftp_base_folder.$upload_dir . $_POST['path'] . $_POST['name'], $temp, FTP_BINARY); + $ftp->put($config['ftp_base_folder'].$config['upload_dir'] . $_POST['path'] . $_POST['name'], $temp, FTP_BINARY); create_img($temp,$temp,122,91); - $ftp->put($ftp_base_folder.$ftp_thumbs_dir. $_POST['path'] . $_POST['name'], $temp, FTP_BINARY); + $ftp->put($config['ftp_base_folder'].$config['ftp_thumbs_dir']. $_POST['path'] . $_POST['name'], $temp, FTP_BINARY); unlink($temp); }else{ - file_put_contents($current_path . $_POST['path'] . $_POST['name'],$image_data); - create_img($current_path . $_POST['path'] . $_POST['name'], $thumbs_base_path.$_POST['path'].$_POST['name'], 122, 91); + file_put_contents($config['current_path'] . $_POST['path'] . $_POST['name'],$image_data); + create_img($config['current_path'] . $_POST['path'] . $_POST['name'], $config['thumbs_base_path'].$_POST['path'].$_POST['name'], 122, 91); // TODO something with this function cause its blowing my mind new_thumbnails_creation( - $current_path.$_POST['path'], - $current_path.$_POST['path'].$_POST['name'], + $config['current_path'].$_POST['path'], + $config['current_path'].$_POST['path'].$_POST['name'], $_POST['name'], - $current_path, + $config['current_path'], $config ); } break; case 'extract': - if ( strpos($_POST['path'], '/') === 0 - || strpos($_POST['path'], '../') !== false - || strpos($_POST['path'], '..\\') !== false - || strpos($_POST['path'], './') === 0) - { - response(trans('wrong path'.AddErrorLocation()))->send(); - exit; + if(!$config['extract_files']){ + response(trans('wrong action').AddErrorLocation())->send(); } - if($ftp){ - $path = $ftp_base_url.$upload_dir . $_POST['path']; - $base_folder = $ftp_base_url.$upload_dir . fix_dirname($_POST['path']) . "/"; + $path = $config['ftp_base_url'].$config['upload_dir'] . $_POST['path']; + $base_folder = $config['ftp_base_url'].$config['upload_dir'] . fix_dirname($_POST['path']) . "/"; }else{ - $path = $current_path . $_POST['path']; - $base_folder = $current_path . fix_dirname($_POST['path']) . "/"; + $path = $config['current_path'] . $_POST['path']; + $base_folder = $config['current_path'] . fix_dirname($_POST['path']) . "/"; } $info = pathinfo($path); @@ -184,32 +177,28 @@ if(isset($_GET['action'])) $sizeTotalFinal += $aStat['size']; } if (!checkresultingsize($sizeTotalFinal)) { - response(sprintf(trans('max_size_reached'),$MaxSizeTotal).AddErrorLocation())->send(); + response(sprintf(trans('max_size_reached'),$config['MaxSizeTotal']).AddErrorLocation())->send(); exit; } - //make all the folders + //make all the folders and unzip into the folders for ($i = 0; $i < $zip->numFiles; $i++) { - $OnlyFileName = $zip->getNameIndex($i); - $FullFileName = $zip->statIndex($i); - if (substr($FullFileName['name'], -1, 1) == "/") - { - create_folder($base_folder . $FullFileName['name']); - } - } - //unzip into the folders - for ($i = 0; $i < $zip->numFiles; $i++) - { - $OnlyFileName = $zip->getNameIndex($i); $FullFileName = $zip->statIndex($i); - if ( ! (substr($FullFileName['name'], -1, 1) == "/")) - { - $fileinfo = pathinfo($OnlyFileName); - if (in_array(strtolower($fileinfo['extension']), $ext)) + if(checkRelativePath($FullFileName['name'])){ + if (substr($FullFileName['name'], -1, 1) == "/") { - copy('zip://' . $path . '#' . $OnlyFileName, $base_folder . $FullFileName['name']); + create_folder($base_folder . $FullFileName['name']); + } + + if ( ! (substr($FullFileName['name'], -1, 1) == "/")) + { + $fileinfo = pathinfo($FullFileName['name']); + if (in_array(strtolower($fileinfo['extension']), $config['ext'])) + { + copy('zip://' . $path . '#' . $FullFileName['name'], $base_folder . $FullFileName['name']); + } } } } @@ -234,7 +223,7 @@ if(isset($_GET['action'])) $phar = new PharData($path); $phar->decompressFiles(); $files = array(); - check_files_extensions_on_phar($phar, $files, '', $ext); + check_files_extensions_on_phar($phar, $files, '', $config); $phar->extractTo($base_folder, $files, true); break; @@ -246,22 +235,28 @@ if(isset($_GET['action'])) if($ftp){ unlink($path); - $ftp->putAll($base_folder, "/".$ftp_base_folder . $upload_dir . fix_dirname($_POST['path']), FTP_BINARY); + $ftp->putAll($base_folder, "/".$config['ftp_base_folder'] . $config['upload_dir'] . fix_dirname($_POST['path']), FTP_BINARY); deleteDir($base_folder); } break; case 'media_preview': + if(isset($_GET['file'])){ + $_GET['file'] = sanitize($_GET['file']); + } + if(isset($_GET['title'])){ + $_GET['title'] = sanitize($_GET['title']); + } if($ftp){ - $preview_file = $ftp_base_url.$upload_dir . $_GET['file']; + $preview_file = $config['ftp_base_url'].$config['upload_dir'] . $_GET['file']; }else{ - $preview_file = $current_path . $_GET["file"]; + $preview_file = $config['current_path'] . $_GET["file"]; } $info = pathinfo($preview_file); ob_start(); ?> - - +

@@ -634,9 +633,9 @@ $class_ext = ''; $src = ''; if($ftp){ try{ - $files = $ftp->scanDir($ftp_base_folder.$upload_dir.$rfm_subfolder.$subdir); - if (!$ftp->isDir($ftp_base_folder.$ftp_thumbs_dir.$rfm_subfolder.$subdir)){ - create_folder(false,$ftp_base_folder.$ftp_thumbs_dir.$rfm_subfolder.$subdir,$ftp,$config); + $files = $ftp->scanDir($config['ftp_base_folder'].$config['upload_dir'].$rfm_subfolder.$subdir); + if (!$ftp->isDir($config['ftp_base_folder'].$config['ftp_thumbs_dir'].$rfm_subfolder.$subdir)){ + create_folder(false,$config['ftp_base_folder'].$config['ftp_thumbs_dir'].$rfm_subfolder.$subdir,$ftp,$config); } }catch(FtpClient\FtpException $e){ echo "Error: "; @@ -645,7 +644,7 @@ if($ftp){ die(); } }else{ - $files = scandir($current_path.$rfm_subfolder.$subdir); + $files = scandir($config['current_path'].$rfm_subfolder.$subdir); } $n_files= count($files); @@ -664,11 +663,14 @@ foreach($files as $k=>$file){ if($file['type']=='file'){ $current_files_number++; $file_ext = substr(strrchr($file['name'],'.'),1); + $is_dir = false; }else{ $current_folders_number++; $file_ext=trans('Type_dir'); + $is_dir = true; } $sorted[$k]=array( + 'is_dir'=>$is_dir, 'file'=>$file['name'], 'file_lcase'=>strtolower($file['name']), 'date'=>$date, @@ -680,16 +682,17 @@ foreach($files as $k=>$file){ if($file!="." && $file!=".."){ - if(is_dir($current_path.$rfm_subfolder.$subdir.$file)){ - $date=filemtime($current_path.$rfm_subfolder.$subdir. $file); + if(is_dir($config['current_path'].$rfm_subfolder.$subdir.$file)){ + $date=filemtime($config['current_path'].$rfm_subfolder.$subdir. $file); $current_folders_number++; - if($show_folder_size){ - list($size,$nfiles,$nfolders) = folder_info($current_path.$rfm_subfolder.$subdir.$file,false); + if($config['show_folder_size']){ + list($size,$nfiles,$nfolders) = folder_info($config['current_path'].$rfm_subfolder.$subdir.$file,false); } else { $size=0; } $file_ext=trans('Type_dir'); $sorted[$k]=array( + 'is_dir'=>true, 'file'=>$file, 'file_lcase'=>strtolower($file), 'date'=>$date, @@ -697,17 +700,18 @@ foreach($files as $k=>$file){ 'permissions' =>'', 'extension'=>fix_strtolower($file_ext) ); - if($show_folder_size){ + if($config['show_folder_size']){ $sorted[$k]['nfiles'] = $nfiles; $sorted[$k]['nfolders'] = $nfolders; } }else{ $current_files_number++; - $file_path=$current_path.$rfm_subfolder.$subdir.$file; + $file_path=$config['current_path'].$rfm_subfolder.$subdir.$file; $date=filemtime($file_path); $size=filesize($file_path); $file_ext = substr(strrchr($file,'.'),1); $sorted[$k]=array( + 'is_dir'=>false, 'file'=>$file, 'file_lcase'=>strtolower($file), 'date'=>$date, @@ -720,18 +724,52 @@ foreach($files as $k=>$file){ } } - function filenameSort($x, $y) { - return $x['file_lcase'] < $y['file_lcase']; + global $descending; + + if($x['is_dir'] !== $y['is_dir']){ + return $y['is_dir']; + } else { + return ($descending) + ? $x['file_lcase'] < $y['file_lcase'] + : $x['file_lcase'] >= $y['file_lcase']; + } } + function dateSort($x, $y) { - return $x['date'] < $y['date']; + global $descending; + + if($x['is_dir'] !== $y['is_dir']){ + return $y['is_dir']; + } else { + return ($descending) + ? $x['date'] < $y['date'] + : $x['date'] >= $y['date']; + } } + function sizeSort($x, $y) { - return $x['size'] < $y['size']; + global $descending; + + if($x['is_dir'] !== $y['is_dir']){ + return $y['is_dir']; + } else { + return ($descending) + ? $x['size'] < $y['size'] + : $x['size'] >= $y['size']; + } } + function extensionSort($x, $y) { - return $x['extension'] < $y['extension']; + global $descending; + + if($x['is_dir'] !== $y['is_dir']){ + return $y['is_dir']; + } else { + return ($descending) + ? $x['extension'] < $y['extension'] + : $x['extension'] >= $y['extension']; + } } switch($sort_by){ @@ -749,15 +787,12 @@ switch($sort_by){ break; } -if(!$descending){ - $sorted=array_reverse($sorted); -} - if($subdir!=""){ $sorted = array_merge(array(array('file'=>'..')),$sorted); } $files=$sorted; + ?>
@@ -773,13 +808,13 @@ $files=$sorted;
- + - + - + @@ -807,28 +842,28 @@ $files=$sorted;
: - 0 or false){ ?> + 0 or false){ ?> - 0 or false){ ?> + 0 or false){ ?> - 0 or false){ ?> + 0 or false){ ?> - 0 or false){ ?> + 0 or false){ ?> - 0 or false){ ?> + 0 or false){ ?> - $file_number_limit_js){ ?> + $config['file_number_limit_js']){ ?> @@ -867,7 +902,7 @@ $files=$sorted; ?>
    • - +
  • ">
    • @@ -888,8 +923,8 @@ $files=$sorted;
  • ( ".trans('Files')." - ".$current_folders_number." ".trans('Folders');?>)
    • - -
  • + +
    • @@ -897,15 +932,15 @@ $files=$sorted;
    - isDir($ftp_base_folder.$upload_dir.$rfm_subfolder.$subdir)) || (!$ftp && @opendir($current_path.$rfm_subfolder.$subdir)===FALSE)){ ?> + isDir($config['ftp_base_folder'].$config['upload_dir'].$rfm_subfolder.$subdir)) || (!$ftp && @opendir($config['current_path'].$rfm_subfolder.$subdir)===FALSE)){ ?>
    There is an error! The upload folder there isn't. Check your config.php file.

    - -
    + +
    - +
    ">
    " href="javascript:void('')" data-sort="name">
    @@ -921,18 +956,17 @@ $files=$sorted;
      " id="main-item-container"> $file_number_limit_js && $file!=".." && stripos($file,$filter)===false)){ + if($file == '.' || ( substr($file, 0, 1) == '.' && isset( $file_array[ 'extension' ] ) && $file_array[ 'extension' ] == fix_strtolower(trans( 'Type_dir' ) )) || (isset($file_array['extension']) && $file_array['extension']!=fix_strtolower(trans('Type_dir'))) || ($file == '..' && $subdir == '') || in_array($file, $config['hidden_folders']) || ($filter!='' && $n_files>$config['file_number_limit_js'] && $file!=".." && stripos($file,$filter)===false)){ continue; } $new_name=fix_filename($file,$config); if($ftp && $file!='..' && $file!=$new_name){ //rename - rename_folder($current_path.$subdir.$file,$new_name,$ftp,$config); + rename_folder($config['current_path'].$subdir.$file,$new_name,$ftp,$config); $file=$new_name; } //add in thumbs folder if not exist @@ -961,7 +995,7 @@ $files=$sorted; $file_prevent_rename = isset($filePermissions[$file]['prevent_rename']) && $filePermissions[$file]['prevent_rename']; $file_prevent_delete = isset($filePermissions[$file]['prevent_delete']) && $filePermissions[$file]['prevent_delete']; } - ?>
      directory" data-type=""> + ?>
      directory" data-type=""> "/> @@ -969,13 +1003,13 @@ $files=$sorted; ">
      - .png" /> + .png" />
      - .png" /> + .png" />
      @@ -987,24 +1021,24 @@ $files=$sorted;
      -

      ">">

      +

      ">">

      - +
      - " title="" data-folder="1" data-permissions="" data-path=""> - - " title="" data-confirm="" data-path="" > - + " title="" data-folder="1" data-permissions=""> + + " title="" data-confirm="" > +
      @@ -1018,40 +1052,45 @@ $files=$sorted; foreach ($files as $nu=>$file_array) { $file=$file_array['file']; - if($file == '.' || $file == '..' || $file_array['extension']==fix_strtolower(trans('Type_dir')) || (!$config['ext_blacklist'] && !in_array(fix_strtolower($file_array['extension']), $ext)) || ($config['ext_blacklist'] && in_array(fix_strtolower($file_array['extension']), $config['ext_blacklist'])) || ($filter!='' && $n_files>$file_number_limit_js && stripos($file,$filter)===false)) + if($file == '.' || $file == '..' || $file_array['extension']==fix_strtolower(trans('Type_dir')) || !check_extension($file_array['extension'],$config) || ($filter!='' && $n_files>$config['file_number_limit_js'] && stripos($file,$filter)===false)) continue; - foreach ( $hidden_files as $hidden_file ) { + foreach ( $config['hidden_files'] as $hidden_file ) { if ( fnmatch($hidden_file, $file, FNM_PATHNAME) ) { continue 2; } } - $filename=substr($file, 0, '-' . (strlen($file_array['extension']) + 1)); + if(strlen($file_array['extension'])===0){ + $filename = $file; + } if(!$ftp){ - $file_path=$current_path.$rfm_subfolder.$subdir.$file; + $file_path=$config['current_path'].$rfm_subfolder.$subdir.$file; //check if file have illegal caracter if($file!=fix_filename($file,$config)){ $file1=fix_filename($file,$config); - $file_path1=($current_path.$rfm_subfolder.$subdir.$file1); + $file_path1=($config['current_path'].$rfm_subfolder.$subdir.$file1); if(file_exists($file_path1)){ $i = 1; $info=pathinfo($file1); - while(file_exists($current_path.$rfm_subfolder.$subdir.$info['filename'].".[".$i."].".$info['extension'])) { + while(file_exists($config['current_path'].$rfm_subfolder.$subdir.$info['filename'].".[".$i."].".$info['extension'])) { $i++; } $file1=$info['filename'].".[".$i."].".$info['extension']; - $file_path1=($current_path.$rfm_subfolder.$subdir.$file1); + $file_path1=($config['current_path'].$rfm_subfolder.$subdir.$file1); } $filename=substr($file1, 0, '-' . (strlen($file_array['extension']) + 1)); + if(strlen($file_array['extension'])===0){ + $filename = $file1; + } rename_file($file_path,fix_filename($filename,$config),$ftp,$config); $file=$file1; $file_array['extension']=fix_filename($file_array['extension'],$config); $file_path=$file_path1; } }else{ - $file_path = $config['ftp_base_url'].$upload_dir.$rfm_subfolder.$subdir.$file; + $file_path = $config['ftp_base_url'].$config['upload_dir'].$rfm_subfolder.$subdir.$file; } $is_img=false; @@ -1061,14 +1100,14 @@ $files=$sorted; $show_original_mini=false; $mini_src=""; $src_thumb=""; - if(in_array($file_array['extension'], $ext_img)){ + if(in_array($file_array['extension'], $config['ext_img'])){ $src = $file_path; $is_img=true; $img_width = $img_height = ""; if($ftp){ - $mini_src = $src_thumb = $config['ftp_base_url'].$ftp_thumbs_dir.$subdir. $file; - $creation_thumb_path = "/".$config['ftp_base_folder'].$ftp_thumbs_dir.$subdir. $file; + $mini_src = $src_thumb = $config['ftp_base_url'].$config['ftp_thumbs_dir'].$subdir. $file; + $creation_thumb_path = "/".$config['ftp_base_folder'].$config['ftp_thumbs_dir'].$subdir. $file; }else{ $creation_thumb_path = $mini_src = $src_thumb = $thumbs_path.$subdir. $file; @@ -1086,7 +1125,7 @@ $files=$sorted; } if($img_width<45 && $img_height<38){ - $mini_src=$current_path.$rfm_subfolder.$subdir.$file; + $mini_src=$config['current_path'].$rfm_subfolder.$subdir.$file; $show_original_mini=true; } } @@ -1096,10 +1135,10 @@ $files=$sorted; $no_thumb=false; if($src_thumb==""){ $no_thumb=true; - if(file_exists('img/'.$icon_theme.'/'.$file_array['extension'].".jpg")){ - $src_thumb ='img/'.$icon_theme.'/'.$file_array['extension'].".jpg"; + if(file_exists('img/'.$config['icon_theme'].'/'.$file_array['extension'].".jpg")){ + $src_thumb ='img/'.$config['icon_theme'].'/'.$file_array['extension'].".jpg"; }else{ - $src_thumb = "img/".$icon_theme."/default.jpg"; + $src_thumb = "img/".$config['icon_theme']."/default.jpg"; } $is_icon_thumb=true; } @@ -1108,15 +1147,15 @@ $files=$sorted; } $class_ext=0; - if (in_array($file_array['extension'], $ext_video)) { + if (in_array($file_array['extension'], $config['ext_video'])) { $class_ext = 4; $is_video=true; - }elseif (in_array($file_array['extension'], $ext_img)) { + }elseif (in_array($file_array['extension'], $config['ext_img'])) { $class_ext = 2; - }elseif (in_array($file_array['extension'], $ext_music)) { + }elseif (in_array($file_array['extension'], $config['ext_music'])) { $class_ext = 5; $is_audio=true; - }elseif (in_array($file_array['extension'], $ext_misc)) { + }elseif (in_array($file_array['extension'], $config['ext_misc'])) { $class_ext = 3; }else{ $class_ext = 1; @@ -1133,7 +1172,8 @@ $files=$sorted; $file_prevent_rename = isset($filePermissions[$file]['prevent_rename']) && $filePermissions[$file]['prevent_rename']; $file_prevent_delete = isset($filePermissions[$file]['prevent_delete']) && $filePermissions[$file]['prevent_delete']; } - ?>
      "> + ?> +
      ">
      @@ -1156,7 +1196,7 @@ $files=$sorted;
      -
      ">
      +
      ">
      " data-src=""> @@ -1167,7 +1207,7 @@ $files=$sorted;
      -

      "> +

      ">

      @@ -1183,30 +1223,31 @@ $files=$sorted; - + > + - + " title="" data-url="ajax_calls.php?action=media_preview&title=&file=" href="javascript:void('');" > - + - + - + - " title="" data-folder="0" data-permissions="" data-path=""> - + " title="" data-folder="0" data-permissions=""> + - " title="" data-confirm="" data-path=""> - + " title="" data-confirm=""> + @@ -1222,6 +1263,7 @@ $files=$sorted;
    +