From f5ff23e33c010ae5a735dbe9cef17d1f36b5d207 Mon Sep 17 00:00:00 2001 From: Knah Tsaeb Date: Thu, 8 Aug 2013 16:54:22 +0200 Subject: [PATCH] [fix] can't delete video [fiix] add verification for all sensible operation (add,edit,delete). Before this release anybody can add/modify/delete file or directory. --- inc/admin.php | 2 +- inc/content.php | 12 ++++++------ index.php | 34 ++++++++++++++++++++++++---------- 3 files changed, 31 insertions(+), 17 deletions(-) diff --git a/inc/admin.php b/inc/admin.php index ce6516a..ad3b534 100644 --- a/inc/admin.php +++ b/inc/admin.php @@ -1,5 +1,5 @@ '; } -if (!empty($ci['ac']) && $ci['ac'] === 'newDir') { +if (!empty($ci['ac']) && $ci['ac'] === 'newDir' && isLog()) { echo '
New directory @@ -30,7 +30,7 @@ if (!empty($ci['ac']) && $ci['ac'] === 'newDir') {
'; } -if (!empty($ci['ac']) && $ci['ac'] === 'renDir') { +if (!empty($ci['ac']) && $ci['ac'] === 'renDir' && isLog()) { if (empty($ci['op'])) { $currentDir = getCurrentDir($ci['bc']); echo '
@@ -47,7 +47,7 @@ if (!empty($ci['ac']) && $ci['ac'] === 'renDir') {
'; } } -if (!empty($ci['ac']) && $ci['ac'] === 'addVideo') { +if (!empty($ci['ac']) && $ci['ac'] === 'addVideo' && isLog()) { echo '
New video @@ -71,7 +71,7 @@ if (!empty($ci['ac']) && $ci['ac'] === 'addVideo') {
'; } -if (!empty($ci['ac']) && $ci['ac'] === 'addThumbnail') { +if (!empty($ci['ac']) && $ci['ac'] === 'addThumbnail' && isLog()) { echo '
Add thumbnail @@ -127,8 +127,8 @@ if (!empty($breadcrumb)) { } echo ''; -if ($_SESSION['log'] === true && empty($listCurrentDir) && empty($listCurrentFile)) { - if ($ci['ac'] === 'confDel') { +if (empty($listCurrentDir) && empty($listCurrentFile)) { + if ($ci['ac'] === 'confDel' && isLog()) { echo '
Yes No diff --git a/index.php b/index.php index 51a16a1..d8d419b 100644 --- a/index.php +++ b/index.php @@ -147,10 +147,23 @@ function genToken() { } function verifToken($token) { + if (empty($_SESSION['log']) || $_SESSION['log'] !== true) { + ban(); + die('Tinker say : Ooh! They never miss!'); + } if ($token !== $_SESSION['token'] || $_SESSION['tokenTime'] <= time() - 24000) { ban(); die('Tinker say : I have several theories I would like to put into practice.'); } + return true; +} + +function isLog() { + if (empty($_SESSION['log']) || $_SESSION['log'] !== true) { + ban(); + die('Tinker say : Ooh! They never miss!'); + } + return true; } function checkIfBan() { @@ -193,9 +206,9 @@ function n_print($data, $name = '') {
'; echo ' - ', basename($aBackTrace[0]['file']), ' ligne => ', $aBackTrace[0]['line'], ' + ', basename($aBackTrace[0]['file']), ' ligne => ', $aBackTrace[0]['line'], ' '; - echo '
',  htmlentities(print_r($data, 1)), '
'; + echo '
',    htmlentities(print_r($data, 1)), '
'; echo '

'; @@ -275,7 +288,8 @@ function addVideo($ci, $fullListFile) { function deleteVideo($bc, $file) { $path = $GLOBALS['config']['VIDEODIR'].'/'.chunk_split($bc, 8, '/'); $pathAndFile = $path.$file; - if (file_exists($pathAndFile) && !is_dir($pathAndFile) && $file === $_SESSION['video'].'.jpg') { + + if ((file_exists($pathAndFile.'.jpg') || file_exists($pathAndFile.'.webm')) && !is_dir($pathAndFile) && $file === $_SESSION['video']) { $listFile = (glob($path.$_SESSION['video']."*")); foreach ($listFile as $value) { unlink($value); @@ -526,8 +540,8 @@ function deleteCache($bc = '', $file = '', $sort = '', $parent = false) { if ($parent === true) { $parent = substr($bc, 0, -8); $cacheParent = md5($parent.$file.$sort); - if (file_exists($_SERVER['DOCUMENT_ROOT'].'/',$GLOBALS['config']['PAGECACHE'].'/'.$cacheParent.'.html')) { - unlink($_SERVER['DOCUMENT_ROOT'].'/',$GLOBALS['config']['PAGECACHE'].'/'.$cacheParent.'.html'); + if (file_exists($_SERVER['DOCUMENT_ROOT'].'/', $GLOBALS['config']['PAGECACHE'].'/'.$cacheParent.'.html')) { + unlink($_SERVER['DOCUMENT_ROOT'].'/', $GLOBALS['config']['PAGECACHE'].'/'.$cacheParent.'.html'); } } } @@ -567,7 +581,7 @@ if (isset($ci['ac']) && !empty($ci['ac'])) { } if ($ci['ac'] === 'view' && !empty($ci['op']) && (int)$ci['op'] === 4) { verifToken($ci['token']); - if ($_SESSION['log'] !== true) { + if (!isLog()) { die('Tinker say : You can keep your magic, I have laser beams! '); } $deleteVideo = deleteVideo($ci['bc'], $ci['file']); @@ -575,7 +589,7 @@ if (isset($ci['ac']) && !empty($ci['ac'])) { } if ($ci['ac'] === 'view' && !empty($ci['op']) && (int)$ci['op'] === 3) { verifToken($ci['token']); - if ($_SESSION['log'] !== true) { + if (!isLog()) { die('Tinker say : Blinded you, with Science! '); } $defineThumb = defineThumb($ci['bc'], $ci['file']); @@ -583,14 +597,14 @@ if (isset($ci['ac']) && !empty($ci['ac'])) { } if ($ci['ac'] === 'viewQueue') { verifToken($ci['token']); - if ($_SESSION['log'] !== true) { + if (!isLog()) { die('Tinker say : Seek the heat! '); } $page = 'admin'; } if ($ci['ac'] === 'del') { verifToken($ci['token']); - if ($_SESSION['log'] !== true) { + if (!isLog()) { die('Tinker say : wonder what.. This does? '); } deleteCache($ci['bc'], $ci['file'], $ci['sort'], true); @@ -612,7 +626,7 @@ if (isset($ci['dl']) && !empty($ci['dl'])) {