[fix] can't delete video
[fiix] add verification for all sensible operation (add,edit,delete). Before this release anybody can add/modify/delete file or directory.
This commit is contained in:
parent
69b9b640ae
commit
f5ff23e33c
|
@ -1,5 +1,5 @@
|
|||
<?php
|
||||
if ($_SESSION['log'] !== true) {
|
||||
if (!isLog()) {
|
||||
die ;
|
||||
}
|
||||
require 'inc/topMenu.php';
|
||||
|
|
|
@ -16,7 +16,7 @@ if (!empty($ci['ac']) && $ci['ac'] === 'login') {
|
|||
</fieldset>
|
||||
</form>';
|
||||
}
|
||||
if (!empty($ci['ac']) && $ci['ac'] === 'newDir') {
|
||||
if (!empty($ci['ac']) && $ci['ac'] === 'newDir' && isLog()) {
|
||||
echo '<form action="?" method="post">
|
||||
<fieldset>
|
||||
<legend>New directory</legend>
|
||||
|
@ -30,7 +30,7 @@ if (!empty($ci['ac']) && $ci['ac'] === 'newDir') {
|
|||
</fieldset>
|
||||
</form>';
|
||||
}
|
||||
if (!empty($ci['ac']) && $ci['ac'] === 'renDir') {
|
||||
if (!empty($ci['ac']) && $ci['ac'] === 'renDir' && isLog()) {
|
||||
if (empty($ci['op'])) {
|
||||
$currentDir = getCurrentDir($ci['bc']);
|
||||
echo '<form action="?" method="post">
|
||||
|
@ -47,7 +47,7 @@ if (!empty($ci['ac']) && $ci['ac'] === 'renDir') {
|
|||
</form>';
|
||||
}
|
||||
}
|
||||
if (!empty($ci['ac']) && $ci['ac'] === 'addVideo') {
|
||||
if (!empty($ci['ac']) && $ci['ac'] === 'addVideo' && isLog()) {
|
||||
echo '<form action="?" method="post">
|
||||
<fieldset>
|
||||
<legend>New video</legend>
|
||||
|
@ -71,7 +71,7 @@ if (!empty($ci['ac']) && $ci['ac'] === 'addVideo') {
|
|||
</fieldset>
|
||||
</form>';
|
||||
}
|
||||
if (!empty($ci['ac']) && $ci['ac'] === 'addThumbnail') {
|
||||
if (!empty($ci['ac']) && $ci['ac'] === 'addThumbnail' && isLog()) {
|
||||
echo '<form action="?" method="post" enctype="multipart/form-data">
|
||||
<fieldset>
|
||||
<legend>Add thumbnail</legend>
|
||||
|
@ -127,8 +127,8 @@ if (!empty($breadcrumb)) {
|
|||
}
|
||||
echo '</div>';
|
||||
|
||||
if ($_SESSION['log'] === true && empty($listCurrentDir) && empty($listCurrentFile)) {
|
||||
if ($ci['ac'] === 'confDel') {
|
||||
if (empty($listCurrentDir) && empty($listCurrentFile)) {
|
||||
if ($ci['ac'] === 'confDel' && isLog()) {
|
||||
echo '<div class="confirm">
|
||||
<a href="?bc=', $ci['bc'], '&token=', $token, '&ac=del" class="valid">Yes</a>
|
||||
<a href="?bc=', $ci['bc'], '&token=', $token, '" class="cancel">No</a>
|
||||
|
|
34
index.php
34
index.php
|
@ -147,10 +147,23 @@ function genToken() {
|
|||
}
|
||||
|
||||
function verifToken($token) {
|
||||
if (empty($_SESSION['log']) || $_SESSION['log'] !== true) {
|
||||
ban();
|
||||
die('Tinker say : Ooh! They never miss!');
|
||||
}
|
||||
if ($token !== $_SESSION['token'] || $_SESSION['tokenTime'] <= time() - 24000) {
|
||||
ban();
|
||||
die('Tinker say : I have several theories I would like to put into practice.');
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
function isLog() {
|
||||
if (empty($_SESSION['log']) || $_SESSION['log'] !== true) {
|
||||
ban();
|
||||
die('Tinker say : Ooh! They never miss!');
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
function checkIfBan() {
|
||||
|
@ -193,9 +206,9 @@ function n_print($data, $name = '') {
|
|||
<fieldset style="border: 1px solid orange; padding: 5px;color:#1E1915; background-color: #fff;">';
|
||||
echo '
|
||||
<legend style="border:1px solid orange;padding: 1px;background-color:#eee;color:orange;">
|
||||
', basename($aBackTrace[0]['file']), ' ligne => ', $aBackTrace[0]['line'], '
|
||||
', basename($aBackTrace[0]['file']), ' ligne => ', $aBackTrace[0]['line'], '
|
||||
</legend>';
|
||||
echo '<pre style="color:#1E1915;">', htmlentities(print_r($data, 1)), '</pre>';
|
||||
echo '<pre style="color:#1E1915;">', htmlentities(print_r($data, 1)), '</pre>';
|
||||
echo '
|
||||
</fieldset>
|
||||
<br />';
|
||||
|
@ -275,7 +288,8 @@ function addVideo($ci, $fullListFile) {
|
|||
function deleteVideo($bc, $file) {
|
||||
$path = $GLOBALS['config']['VIDEODIR'].'/'.chunk_split($bc, 8, '/');
|
||||
$pathAndFile = $path.$file;
|
||||
if (file_exists($pathAndFile) && !is_dir($pathAndFile) && $file === $_SESSION['video'].'.jpg') {
|
||||
|
||||
if ((file_exists($pathAndFile.'.jpg') || file_exists($pathAndFile.'.webm')) && !is_dir($pathAndFile) && $file === $_SESSION['video']) {
|
||||
$listFile = (glob($path.$_SESSION['video']."*"));
|
||||
foreach ($listFile as $value) {
|
||||
unlink($value);
|
||||
|
@ -526,8 +540,8 @@ function deleteCache($bc = '', $file = '', $sort = '', $parent = false) {
|
|||
if ($parent === true) {
|
||||
$parent = substr($bc, 0, -8);
|
||||
$cacheParent = md5($parent.$file.$sort);
|
||||
if (file_exists($_SERVER['DOCUMENT_ROOT'].'/',$GLOBALS['config']['PAGECACHE'].'/'.$cacheParent.'.html')) {
|
||||
unlink($_SERVER['DOCUMENT_ROOT'].'/',$GLOBALS['config']['PAGECACHE'].'/'.$cacheParent.'.html');
|
||||
if (file_exists($_SERVER['DOCUMENT_ROOT'].'/', $GLOBALS['config']['PAGECACHE'].'/'.$cacheParent.'.html')) {
|
||||
unlink($_SERVER['DOCUMENT_ROOT'].'/', $GLOBALS['config']['PAGECACHE'].'/'.$cacheParent.'.html');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -567,7 +581,7 @@ if (isset($ci['ac']) && !empty($ci['ac'])) {
|
|||
}
|
||||
if ($ci['ac'] === 'view' && !empty($ci['op']) && (int)$ci['op'] === 4) {
|
||||
verifToken($ci['token']);
|
||||
if ($_SESSION['log'] !== true) {
|
||||
if (!isLog()) {
|
||||
die('Tinker say : You can keep your magic, I have laser beams! ');
|
||||
}
|
||||
$deleteVideo = deleteVideo($ci['bc'], $ci['file']);
|
||||
|
@ -575,7 +589,7 @@ if (isset($ci['ac']) && !empty($ci['ac'])) {
|
|||
}
|
||||
if ($ci['ac'] === 'view' && !empty($ci['op']) && (int)$ci['op'] === 3) {
|
||||
verifToken($ci['token']);
|
||||
if ($_SESSION['log'] !== true) {
|
||||
if (!isLog()) {
|
||||
die('Tinker say : Blinded you, with Science! ');
|
||||
}
|
||||
$defineThumb = defineThumb($ci['bc'], $ci['file']);
|
||||
|
@ -583,14 +597,14 @@ if (isset($ci['ac']) && !empty($ci['ac'])) {
|
|||
}
|
||||
if ($ci['ac'] === 'viewQueue') {
|
||||
verifToken($ci['token']);
|
||||
if ($_SESSION['log'] !== true) {
|
||||
if (!isLog()) {
|
||||
die('Tinker say : Seek the heat! ');
|
||||
}
|
||||
$page = 'admin';
|
||||
}
|
||||
if ($ci['ac'] === 'del') {
|
||||
verifToken($ci['token']);
|
||||
if ($_SESSION['log'] !== true) {
|
||||
if (!isLog()) {
|
||||
die('Tinker say : wonder what.. This does? ');
|
||||
}
|
||||
deleteCache($ci['bc'], $ci['file'], $ci['sort'], true);
|
||||
|
@ -612,7 +626,7 @@ if (isset($ci['dl']) && !empty($ci['dl'])) {
|
|||
<?php
|
||||
$token = genToken();
|
||||
if ((empty($_SESSION['log']) || $_SESSION['log'] === false) && $ci['ac'] !== 'login') {
|
||||
$cache = cache($ci['bc'], $ci['file'], $ci['sort']);
|
||||
//$cache = cache($ci['bc'], $ci['file'], $ci['sort']);
|
||||
}
|
||||
if (!empty($cache)) {
|
||||
$page = file_get_contents($GLOBALS['config']['PAGECACHE'].'/'.$cache.'.html');
|
||||
|
|
Loading…
Reference in New Issue