Knah-Tsaeb
/
Sovigall
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[fix] can't delete video 

[fiix] add verification for all sensible operation (add,edit,delete). Before this release anybody can add/modify/delete file or directory.
This commit is contained in:
Knah Tsaeb 2013-08-08 16:54:22 +02:00
parent 69b9b640ae
commit f5ff23e33c
3 changed files with 31 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
inc/admin.php
View File

@ -1,5 +1,5 @@
<?php
if ($_SESSION['log'] !== true) {
if (!isLog()) {
die ;
}
require 'inc/topMenu.php';

12
inc/content.php
View File

@ -16,7 +16,7 @@ if (!empty($ci['ac']) && $ci['ac'] === 'login') {
</fieldset>
</form>';
}
if (!empty($ci['ac']) && $ci['ac'] === 'newDir') {
if (!empty($ci['ac']) && $ci['ac'] === 'newDir' && isLog()) {
echo '<form action="?" method="post">
<fieldset>
<legend>New directory</legend>
@ -30,7 +30,7 @@ if (!empty($ci['ac']) && $ci['ac'] === 'newDir') {
</fieldset>
</form>';
}
if (!empty($ci['ac']) && $ci['ac'] === 'renDir') {
if (!empty($ci['ac']) && $ci['ac'] === 'renDir' && isLog()) {
if (empty($ci['op'])) {
$currentDir = getCurrentDir($ci['bc']);
echo '<form action="?" method="post">
@ -47,7 +47,7 @@ if (!empty($ci['ac']) && $ci['ac'] === 'renDir') {
</form>';
}
}
if (!empty($ci['ac']) && $ci['ac'] === 'addVideo') {
if (!empty($ci['ac']) && $ci['ac'] === 'addVideo' && isLog()) {
echo '<form action="?" method="post">
<fieldset>
<legend>New video</legend>
@ -71,7 +71,7 @@ if (!empty($ci['ac']) && $ci['ac'] === 'addVideo') {
</fieldset>
</form>';
}
if (!empty($ci['ac']) && $ci['ac'] === 'addThumbnail') {
if (!empty($ci['ac']) && $ci['ac'] === 'addThumbnail' && isLog()) {
echo '<form action="?" method="post" enctype="multipart/form-data">
<fieldset>
<legend>Add thumbnail</legend>
@ -127,8 +127,8 @@ if (!empty($breadcrumb)) {
}
echo '</div>';
if ($_SESSION['log'] === true && empty($listCurrentDir) && empty($listCurrentFile)) {
if ($ci['ac'] === 'confDel') {
if (empty($listCurrentDir) && empty($listCurrentFile)) {
if ($ci['ac'] === 'confDel' && isLog()) {
echo '<div class="confirm">
<a href="?bc=', $ci['bc'], '&amp;token=', $token, '&amp;ac=del" class="valid">Yes</a>
<a href="?bc=', $ci['bc'], '&amp;token=', $token, '" class="cancel">No</a>

34
index.php
View File

@ -147,10 +147,23 @@ function genToken() {
}
function verifToken($token) {
if (empty($_SESSION['log']) || $_SESSION['log'] !== true) {
ban();
die('Tinker say : Ooh! They never miss!');
}
if ($token !== $_SESSION['token'] || $_SESSION['tokenTime'] <= time() - 24000) {
ban();
die('Tinker say : I have several theories I would like to put into practice.');
}
return true;
}
function isLog() {
if (empty($_SESSION['log']) || $_SESSION['log'] !== true) {
ban();
die('Tinker say : Ooh! They never miss!');
}
return true;
}
function checkIfBan() {
@ -193,9 +206,9 @@ function n_print($data, $name = '') {
<fieldset style="border: 1px solid orange; padding: 5px;color:#1E1915; background-color: #fff;">';
echo '
<legend style="border:1px solid orange;padding: 1px;background-color:#eee;color:orange;">
', basename($aBackTrace[0]['file']), ' ligne => ', $aBackTrace[0]['line'], '
', basename($aBackTrace[0]['file']), ' ligne => ', $aBackTrace[0]['line'], '
</legend>';
echo '<pre style="color:#1E1915;">', htmlentities(print_r($data, 1)), '</pre>';
echo '<pre style="color:#1E1915;">', htmlentities(print_r($data, 1)), '</pre>';
echo '
</fieldset>
<br />';
@ -275,7 +288,8 @@ function addVideo($ci, $fullListFile) {
function deleteVideo($bc, $file) {
$path = $GLOBALS['config']['VIDEODIR'].'/'.chunk_split($bc, 8, '/');
$pathAndFile = $path.$file;
if (file_exists($pathAndFile) && !is_dir($pathAndFile) && $file === $_SESSION['video'].'.jpg') {
if ((file_exists($pathAndFile.'.jpg') || file_exists($pathAndFile.'.webm')) && !is_dir($pathAndFile) && $file === $_SESSION['video']) {
$listFile = (glob($path.$_SESSION['video']."*"));
foreach ($listFile as $value) {
unlink($value);
@ -526,8 +540,8 @@ function deleteCache($bc = '', $file = '', $sort = '', $parent = false) {
if ($parent === true) {
$parent = substr($bc, 0, -8);
$cacheParent = md5($parent.$file.$sort);
if (file_exists($_SERVER['DOCUMENT_ROOT'].'/',$GLOBALS['config']['PAGECACHE'].'/'.$cacheParent.'.html')) {
unlink($_SERVER['DOCUMENT_ROOT'].'/',$GLOBALS['config']['PAGECACHE'].'/'.$cacheParent.'.html');
if (file_exists($_SERVER['DOCUMENT_ROOT'].'/', $GLOBALS['config']['PAGECACHE'].'/'.$cacheParent.'.html')) {
unlink($_SERVER['DOCUMENT_ROOT'].'/', $GLOBALS['config']['PAGECACHE'].'/'.$cacheParent.'.html');
}
}
}
@ -567,7 +581,7 @@ if (isset($ci['ac']) && !empty($ci['ac'])) {
}
if ($ci['ac'] === 'view' && !empty($ci['op']) && (int)$ci['op'] === 4) {
verifToken($ci['token']);
if ($_SESSION['log'] !== true) {
if (!isLog()) {
die('Tinker say : You can keep your magic, I have laser beams! ');
}
$deleteVideo = deleteVideo($ci['bc'], $ci['file']);
@ -575,7 +589,7 @@ if (isset($ci['ac']) && !empty($ci['ac'])) {
}
if ($ci['ac'] === 'view' && !empty($ci['op']) && (int)$ci['op'] === 3) {
verifToken($ci['token']);
if ($_SESSION['log'] !== true) {
if (!isLog()) {
die('Tinker say : Blinded you, with Science! ');
}
$defineThumb = defineThumb($ci['bc'], $ci['file']);
@ -583,14 +597,14 @@ if (isset($ci['ac']) && !empty($ci['ac'])) {
}
if ($ci['ac'] === 'viewQueue') {
verifToken($ci['token']);
if ($_SESSION['log'] !== true) {
if (!isLog()) {
die('Tinker say : Seek the heat! ');
}
$page = 'admin';
}
if ($ci['ac'] === 'del') {
verifToken($ci['token']);
if ($_SESSION['log'] !== true) {
if (!isLog()) {
die('Tinker say : wonder what.. This does? ');
}
deleteCache($ci['bc'], $ci['file'], $ci['sort'], true);
@ -612,7 +626,7 @@ if (isset($ci['dl']) && !empty($ci['dl'])) {
<?php
$token = genToken();
if ((empty($_SESSION['log']) || $_SESSION['log'] === false) && $ci['ac'] !== 'login') {
$cache = cache($ci['bc'], $ci['file'], $ci['sort']);
//$cache = cache($ci['bc'], $ci['file'], $ci['sort']);
}
if (!empty($cache)) {
$page = file_get_contents($GLOBALS['config']['PAGECACHE'].'/'.$cache.'.html');