From a7feb9e515e0b32f3cb103fb5c227e1a0979d125 Mon Sep 17 00:00:00 2001 From: michu2k Date: Sat, 31 Jul 2021 16:06:25 +0200 Subject: [PATCH 1/6] modules/users: Fixed code injection vulnerability --- inc/modules/users/Admin.php | 86 ++++++++++++++++++------------------- 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/inc/modules/users/Admin.php b/inc/modules/users/Admin.php index 98b735f..7ad60f4 100644 --- a/inc/modules/users/Admin.php +++ b/inc/modules/users/Admin.php @@ -20,8 +20,8 @@ class Admin extends AdminModule public function navigation() { return [ - $this->lang('manage', 'general') => 'manage', - $this->lang('add_new') => 'add' + $this->lang('manage', 'general') => 'manage', + $this->lang('add_new') => 'add' ]; } @@ -31,10 +31,12 @@ class Admin extends AdminModule public function getManage() { $rows = $this->db('users')->toArray(); + foreach ($rows as &$row) { if (empty($row['fullname'])) { $row['fullname'] = '----'; } + $row['editURL'] = url([ADMIN, 'users', 'edit', $row['id']]); $row['delURL'] = url([ADMIN, 'users', 'delete', $row['id']]); } @@ -50,10 +52,14 @@ class Admin extends AdminModule if (!empty($redirectData = getRedirectData())) { $this->assign['form'] = filter_var_array($redirectData, FILTER_SANITIZE_STRING); } else { - $this->assign['form'] = ['username' => '', 'email' => '', 'fullname' => '', 'description' => '']; + $this->assign['form'] = [ + 'username' => '', + 'email' => '', + 'fullname' => '', + 'description' => '' + ]; } - $this->assign['title'] = $this->lang('new_user'); $this->assign['modules'] = $this->_getModules('all'); $this->assign['avatarURL'] = url(MODULES.'/users/img/default.png'); @@ -87,22 +93,20 @@ class Admin extends AdminModule { $errors = 0; + $formData = htmlspecialchars_array($_POST); + // location to redirect - if (!$id) { - $location = url([ADMIN, 'users', 'add']); - } else { - $location = url([ADMIN, 'users', 'edit', $id]); - } + $location = $id ? url([ADMIN, 'users', 'edit', $id]) : url([ADMIN, 'users', 'add']); // admin if ($id == 1) { - $_POST['access'] = ['all']; + $formData['access'] = ['all']; } // check if required fields are empty - if (checkEmptyFields(['username', 'email', 'access'], $_POST)) { + if (checkEmptyFields(['username', 'email', 'access'], $formData)) { $this->notify('failure', $this->lang('empty_inputs', 'general')); - redirect($location, $_POST); + redirect($location, $formData); } // check if user already exists @@ -110,33 +114,37 @@ class Admin extends AdminModule $errors++; $this->notify('failure', $this->lang('user_already_exists')); } - // chech if e-mail adress is correct - $_POST['email'] = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL); - if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { + + // check if e-mail adress is correct + $formData['email'] = filter_var($formData['email'], FILTER_SANITIZE_EMAIL); + if (!filter_var($formData['email'], FILTER_VALIDATE_EMAIL)) { $errors++; $this->notify('failure', $this->lang('wrong_email')); } + // check if password is longer than 5 characters - if (isset($_POST['password']) && strlen($_POST['password']) < 5) { + if (isset($formData['password']) && strlen($formData['password']) < 5) { $errors++; $this->notify('failure', $this->lang('too_short_pswd')); } + // access to modules - if ((count($_POST['access']) == count($this->_getModules())) || ($id == 1)) { - $_POST['access'] = 'all'; + if ((count($formData['access']) == count($this->_getModules())) || ($id == 1)) { + $formData['access'] = 'all'; } else { - $_POST['access'][] = 'dashboard'; - $_POST['access'] = implode(',', $_POST['access']); + $formData['access'][] = 'dashboard'; + $formData['access'] = implode(',', $formData['access']); } // CREATE / EDIT if (!$errors) { - unset($_POST['save']); + unset($formData['save']); - if (!empty($_POST['password'])) { - $_POST['password'] = password_hash($_POST['password'], PASSWORD_BCRYPT); + if (!empty($formData['password'])) { + $formData['password'] = password_hash($formData['password'], PASSWORD_BCRYPT); } + // user avatar if (($photo = isset_or($_FILES['photo']['tmp_name'], false)) || !$id) { $img = new \Inc\Core\Lib\Image; @@ -158,14 +166,14 @@ class Admin extends AdminModule $user = $this->db('users')->oneArray($id); } - $_POST['avatar'] = uniqid('avatar').".".$img->getInfos('type'); + $formData['avatar'] = uniqid('avatar').".".$img->getInfos('type'); } } - if (!$id) { // new - $query = $this->db('users')->save($_POST); - } else { // edit - $query = $this->db('users')->where('id', $id)->save($_POST); + if (!$id) { // new + $query = $this->db('users')->save($formData); + } else { // edit + $query = $this->db('users')->where('id', $id)->save($formData); } if ($query) { @@ -174,18 +182,18 @@ class Admin extends AdminModule unlink(UPLOADS."/users/".$user['avatar']); } - $img->save(UPLOADS."/users/".$_POST['avatar']); + $img->save(UPLOADS."/users/".$formData['avatar']); } $this->notify('success', $this->lang('save_success')); } else { $this->notify('failure', $this->lang('save_failure')); } - + redirect($location); } - redirect($location, $_POST); + redirect($location, $formData); } /** @@ -198,7 +206,7 @@ class Admin extends AdminModule if (!empty($user['avatar'])) { unlink(UPLOADS."/users/".$user['avatar']); } - + $this->notify('success', $this->lang('delete_success')); } else { $this->notify('failure', $this->lang('delete_failure')); @@ -215,12 +223,7 @@ class Admin extends AdminModule { $result = []; $rows = $this->db('modules')->toArray(); - - if (!$access) { - $accessArray = []; - } else { - $accessArray = explode(',', $access); - } + $accessArray = $access ? explode(',', $access) : []; foreach ($rows as $row) { if ($row['dir'] != 'dashboard') { @@ -252,10 +255,7 @@ class Admin extends AdminModule } else { // edit $count = $this->db('users')->where('username', $_POST['username'])->where('id', '<>', $id)->count(); } - if ($count > 0) { - return true; - } else { - return false; - } + + return $count > 0; } } From 4905db80ce62baf05af67dabc8edb8e469dacdf3 Mon Sep 17 00:00:00 2001 From: michu2k Date: Sat, 31 Jul 2021 16:17:33 +0200 Subject: [PATCH 2/6] modules/users: Changed the order of the form fields --- inc/modules/users/view/admin/form.html | 108 +++++++++++------------ inc/modules/users/view/admin/manage.html | 58 ++++++------ 2 files changed, 83 insertions(+), 83 deletions(-) diff --git a/inc/modules/users/view/admin/form.html b/inc/modules/users/view/admin/form.html index 84d30e4..e9abf8a 100644 --- a/inc/modules/users/view/admin/form.html +++ b/inc/modules/users/view/admin/form.html @@ -5,46 +5,46 @@

{$users.title}

-
-
-
- - -
-
- - -
-
- -
- - -
-
-
- - -
-
- - -
-
- - -
-
- - -
-
- -
+ +
+
+ +
+ + +
+
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+ +
@@ -53,19 +53,19 @@ \ No newline at end of file diff --git a/inc/modules/users/view/admin/manage.html b/inc/modules/users/view/admin/manage.html index 55ebf1b..e19fbcb 100644 --- a/inc/modules/users/view/admin/manage.html +++ b/inc/modules/users/view/admin/manage.html @@ -5,35 +5,35 @@

{$lang.general.manage}

-
- - - - - - - - - - - {loop: $users} - - - - - - - {/loop} - -
{$lang.general.username}{$lang.users.display_name}{$lang.users.email}{$lang.general.actions}
{$value.username}{$value.fullname}{$value.email} - - - - - - -
-
+
+ + + + + + + + + + + {loop: $users} + + + + + + + {/loop} + +
{$lang.general.username}{$lang.users.display_name}{$lang.users.email}{$lang.general.actions}
{$value.username}{$value.fullname}{$value.email} + + + + + + +
+
From 86011d4a26ebe69da7e0f70cf7b1ee6d689b4cf7 Mon Sep 17 00:00:00 2001 From: michu2k Date: Sat, 31 Jul 2021 16:40:03 +0200 Subject: [PATCH 3/6] modules/navigation: Fixed code injection vulnerability --- inc/modules/navigation/Admin.php | 81 ++++++++----------- inc/modules/navigation/Info.php | 13 ++- inc/modules/navigation/Site.php | 2 + .../navigation/view/admin/form.link.html | 56 ++++++------- .../navigation/view/admin/form.nav.html | 12 +-- inc/modules/navigation/view/admin/manage.html | 4 +- inc/modules/users/Admin.php | 1 - inc/modules/users/Info.php | 25 +++--- inc/modules/users/Site.php | 1 + 9 files changed, 91 insertions(+), 104 deletions(-) diff --git a/inc/modules/navigation/Admin.php b/inc/modules/navigation/Admin.php index 3bf39a3..213c397 100644 --- a/inc/modules/navigation/Admin.php +++ b/inc/modules/navigation/Admin.php @@ -19,9 +19,9 @@ class Admin extends AdminModule public function navigation() { return [ - $this->lang('manage', 'general') => 'manage', - $this->lang('add_link') => 'newLink', - $this->lang('add_nav') => 'newNav' + $this->lang('manage', 'general') => 'manage', + $this->lang('add_link') => 'newLink', + $this->lang('add_nav') => 'newNav' ]; } @@ -64,13 +64,9 @@ class Admin extends AdminModule public function getNewLink() { // lang - if (isset($_GET['lang'])) { - $lang = $_GET['lang']; - } else { - $lang = $this->settings('settings', 'lang_site'); - } - $this->assign['langs'] = $this->_getLanguages($lang, 'selected'); + $lang = isset($_GET['lang']) ? $_GET['lang'] : $this->settings('settings', 'lang_site'); + $this->assign['langs'] = $this->_getLanguages($lang, 'selected'); $this->assign['link'] = ['name' => '', 'lang' => '', 'page' => '', 'url' => '', 'parent' => '', 'class' => '']; // list of pages @@ -95,13 +91,9 @@ class Admin extends AdminModule if (!empty($row)) { // lang - if (isset($_GET['lang'])) { - $lang = $_GET['lang']; - } else { - $lang = $row['lang']; - } - $this->assign['langs'] = $this->_getLanguages($lang, 'selected'); + $lang = isset($_GET['lang']) ? $_GET['lang'] : $row['lang']; + $this->assign['langs'] = $this->_getLanguages($lang, 'selected'); $this->assign['link'] = filter_var_array($row, FILTER_SANITIZE_SPECIAL_CHARS); // list of pages @@ -126,47 +118,39 @@ class Admin extends AdminModule public function postSaveLink($id = null) { unset($_POST['save']); + $formData = htmlspecialchars_array($_POST); // check if it's an external link - if ($_POST['page']) { - $fields = ['name', 'page', 'lang', 'parent']; - } else { - $fields = ['name', 'url', 'lang', 'parent']; - } + $fields = $formData['page'] ? ['name', 'page', 'lang', 'parent'] : ['name', 'url', 'lang', 'parent']; + $location = $id ? url([ADMIN, 'navigation', 'editLink', $id]) : url([ADMIN, 'navigation', 'newLink']); - if (!$id) { - $location = url([ADMIN, 'navigation', 'newLink']); - } else { - $location = url([ADMIN, 'navigation', 'editLink', $id]); - } - - if (checkEmptyFields($fields, $_POST)) { + if (checkEmptyFields($fields, $formData)) { $this->notify('failure', $this->lang('empty_inputs', 'general')); - $this->assign['form'] = filter_var_array($_POST, FILTER_SANITIZE_SPECIAL_CHARS); + $this->assign['form'] = filter_var_array($formData, FILTER_SANITIZE_SPECIAL_CHARS); redirect($location); } - if ($_POST['page']) { - $_POST['url'] = null; + if ($formData['page']) { + $formData['url'] = null; } // get parent - $parent = explode('_', $_POST['parent']); - $_POST['nav'] = $parent[0]; - $_POST['parent'] = (isset($parent[1]) ? $parent[1] : 0); + $parent = explode('_', $formData['parent']); + $formData['nav'] = $parent[0]; + $formData['parent'] = (isset($parent[1]) ? $parent[1] : 0); - if (!is_numeric($_POST['page'])) { - $_POST['url'] = $_POST['page']; - $_POST['page'] = 0; + if (!is_numeric($formData['page'])) { + $formData['url'] = $formData['page']; + $formData['page'] = 0; } if (!$id) { - $_POST['"order"'] = $this->_getHighestOrder($_POST['nav'], $_POST['parent'], $_POST['lang']) + 1; - $query = $this->db('navs_items')->save($_POST); + $formData['"order"'] = $this->_getHighestOrder($formData['nav'], $formData['parent'], $formData['lang']) + 1; + $query = $this->db('navs_items')->save($formData); } else { - $query = $this->db('navs_items')->where($id)->save($_POST); + $query = $this->db('navs_items')->where($id)->save($formData); if ($query) { - $query = $this->db('navs_items')->where('parent', $id)->update(['nav' => $_POST['nav']]); + $query = $this->db('navs_items')->where('parent', $id)->update(['nav' => $formData['nav']]); } } @@ -227,7 +211,9 @@ class Admin extends AdminModule */ public function postSaveNav($id = null) { - if (empty($_POST['name'])) { + $formData = htmlspecialchars_array($_POST); + + if (empty($formData['name'])) { if (!$id) { redirect(url([ADMIN, 'navigation', 'newNav'])); } else { @@ -237,7 +223,7 @@ class Admin extends AdminModule $this->notify('failure', $this->lang('empty_inputs', 'general')); } - $name = createSlug($_POST['name']); + $name = createSlug($formData['name']); // check if nav already exists if (!$this->db('navs')->where('name', $name)->count()) { @@ -283,6 +269,7 @@ class Admin extends AdminModule private function _getPages($lang, $selected = null) { $rows = $this->db('pages')->where('lang', $lang)->toArray(); + if (count($rows)) { foreach ($rows as $row) { if ($selected == $row['id']) { @@ -293,6 +280,7 @@ class Admin extends AdminModule $result[] = ['id' => $row['id'], 'title' => $row['title'], 'slug' => $row['slug'], 'attr' => $attr]; } } + return $result; } @@ -305,6 +293,7 @@ class Admin extends AdminModule private function _getParents($lang, $nav = null, $page = null, $except = null) { $rows = $this->db('navs')->toArray(); + if (count($rows)) { foreach ($rows as &$row) { $row['name'] = $this->tpl->noParse('{$navigation.'.$row['name'].'}'); @@ -331,6 +320,7 @@ class Admin extends AdminModule } } } + return $rows; } @@ -358,6 +348,7 @@ class Admin extends AdminModule $item['fullURL'] = (parse_url($item['url'], PHP_URL_SCHEME) || strpos($item['url'], '#') === 0 ? '' : '/').trim($item['url'], '/'); } } + return $this->buildTree($items); } } @@ -438,10 +429,6 @@ class Admin extends AdminModule ->desc('"order"') ->oneArray(); - if (!empty($item)) { - return $item['order']; - } else { - return 0; - } + return !empty($item) ? $item['order'] : 0; } } diff --git a/inc/modules/navigation/Info.php b/inc/modules/navigation/Info.php index d05a777..d9e9384 100644 --- a/inc/modules/navigation/Info.php +++ b/inc/modules/navigation/Info.php @@ -10,13 +10,12 @@ */ return [ - 'name' => $core->lang['navigation']['module_name'], - 'description' => $core->lang['navigation']['module_desc'], - 'author' => 'Sruu.pl', - 'version' => '1.1', - 'compatibility' => '1.3.*', - 'icon' => 'list-ul', - + 'name' => $core->lang['navigation']['module_name'], + 'description' => $core->lang['navigation']['module_desc'], + 'author' => 'Sruu.pl', + 'version' => '1.2', + 'compatibility' => '1.3.*', + 'icon' => 'list-ul', 'install' => function () use ($core) { $core->db()->pdo()->exec("CREATE TABLE IF NOT EXISTS `navs` ( `id` integer NOT NULL PRIMARY KEY AUTOINCREMENT, diff --git a/inc/modules/navigation/Site.php b/inc/modules/navigation/Site.php index e94c2e9..adab70f 100644 --- a/inc/modules/navigation/Site.php +++ b/inc/modules/navigation/Site.php @@ -29,6 +29,7 @@ class Site extends SiteModule $homepage = $this->settings('settings', 'homepage'); $lang_prefix = $this->core->lang['name']; + if ($lang_prefix != $this->settings('settings', 'lang_site')) { $lang_prefix = explode('_', $lang_prefix)[0]; } else { @@ -98,6 +99,7 @@ class Site extends SiteModule } } } + return false; } } diff --git a/inc/modules/navigation/view/admin/form.link.html b/inc/modules/navigation/view/admin/form.link.html index f8b96d5..b549419 100644 --- a/inc/modules/navigation/view/admin/form.link.html +++ b/inc/modules/navigation/view/admin/form.link.html @@ -6,38 +6,38 @@
-
- - {loop: $navigation.langs} {/loop} - -
-
- - -
-
- - +
+
+ + +
+
+ + -
-
- - -
+ +
+
+ + +
- - -
-
- - +
+
+ + -
- - + + + + diff --git a/inc/modules/navigation/view/admin/form.nav.html b/inc/modules/navigation/view/admin/form.nav.html index ddf5477..1eb4c2c 100644 --- a/inc/modules/navigation/view/admin/form.nav.html +++ b/inc/modules/navigation/view/admin/form.nav.html @@ -6,12 +6,12 @@
-
- - -
- -
+
+ + +
+ +
diff --git a/inc/modules/navigation/view/admin/manage.html b/inc/modules/navigation/view/admin/manage.html index f48cf4a..7ed5384 100644 --- a/inc/modules/navigation/view/admin/manage.html +++ b/inc/modules/navigation/view/admin/manage.html @@ -10,7 +10,7 @@
- {if: isset($navigation.navs)} + {if: isset($navigation.navs)} {loop: $navigation.navs}
@@ -61,7 +61,7 @@
{/loop} - {/if} + {/if}
diff --git a/inc/modules/users/Admin.php b/inc/modules/users/Admin.php index 7ad60f4..bc3e40f 100644 --- a/inc/modules/users/Admin.php +++ b/inc/modules/users/Admin.php @@ -92,7 +92,6 @@ class Admin extends AdminModule public function postSave($id = null) { $errors = 0; - $formData = htmlspecialchars_array($_POST); // location to redirect diff --git a/inc/modules/users/Info.php b/inc/modules/users/Info.php index 6afec23..f8dd499 100644 --- a/inc/modules/users/Info.php +++ b/inc/modules/users/Info.php @@ -10,14 +10,13 @@ */ return [ - 'name' => $core->lang['users']['module_name'], - 'description' => $core->lang['users']['module_desc'], - 'author' => 'Sruu.pl', - 'version' => '1.1', - 'compatibility' => '1.3.*', - 'icon' => 'user', - - 'install' => function () use ($core) { + 'name' => $core->lang['users']['module_name'], + 'description' => $core->lang['users']['module_desc'], + 'author' => 'Sruu.pl', + 'version' => '1.2', + 'compatibility' => '1.3.*', + 'icon' => 'user', + 'install' => function () use ($core) { $core->db()->pdo()->exec("CREATE TABLE IF NOT EXISTS `users` ( `id` integer NOT NULL PRIMARY KEY AUTOINCREMENT, `username` text NOT NULL, @@ -31,9 +30,9 @@ return [ )"); $core->db()->pdo()->exec("CREATE TABLE `login_attempts` ( - `ip` TEXT NOT NULL, - `attempts` INTEGER NOT NULL, - `expires` INTEGER NOT NULL DEFAULT 0 + `ip` TEXT NOT NULL, + `attempts` INTEGER NOT NULL, + `expires` INTEGER NOT NULL DEFAULT 0 )"); $core->db()->pdo()->exec("CREATE TABLE IF NOT EXISTS `remember_me` ( @@ -42,7 +41,7 @@ return [ `user_id` integer NOT NULL REFERENCES users(id) ON DELETE CASCADE, `expiry` integer NOT NULL )"); - + $avatar = uniqid('avatar').'.png'; $core->db()->pdo()->exec('INSERT INTO `users` (`username`, `fullname`, `description`, `password`, `avatar`, `email`, `role`, `access`) VALUES ("admin", "Selina Kyle", "My name is Selina Kyle but I speak for Catwoman… A mon who can offer you a path. Someone like you is only here by choice. You have been exploring the criminal fraternity but whatever your original intentions you have to become truly lost.", "$2y$10$pgRnDiukCbiYVqsamMM3ROWViSRqbyCCL33N8.ykBKZx0dlplXe9i", "'.$avatar.'", "admin@localhost", "admin", "all")'); @@ -53,7 +52,7 @@ return [ copy(MODULES.'/users/img/default.png', UPLOADS.'/users/'.$avatar); }, - 'uninstall' => function () use ($core) { + 'uninstall' => function () use ($core) { $core->db()->pdo()->exec("DROP TABLE `users`"); $core->db()->pdo()->exec("DROP TABLE `login_attempts`"); $core->db()->pdo()->exec("DROP TABLE `remember_me`"); diff --git a/inc/modules/users/Site.php b/inc/modules/users/Site.php index 542d924..6e9b688 100644 --- a/inc/modules/users/Site.php +++ b/inc/modules/users/Site.php @@ -25,6 +25,7 @@ class Site extends SiteModule $result[$value['id']] = $users[$key]; $result[$value['id']]['avatar'] = url('uploads/users/' . $value['avatar']); } + return $result; }); } From e352185d6afbd22e710a4c94e1decd183d29d448 Mon Sep 17 00:00:00 2001 From: michu2k Date: Sat, 31 Jul 2021 16:54:30 +0200 Subject: [PATCH 4/6] modules/galleries: Fixed code injection vulnerability --- inc/modules/galleries/Admin.php | 28 ++++---- inc/modules/galleries/Info.php | 13 ++-- inc/modules/galleries/Site.php | 3 +- inc/modules/galleries/view/admin/edit.html | 2 +- inc/modules/galleries/view/admin/manage.html | 74 ++++++++++---------- inc/modules/galleries/view/gallery.html | 2 +- 6 files changed, 63 insertions(+), 59 deletions(-) diff --git a/inc/modules/galleries/Admin.php b/inc/modules/galleries/Admin.php index 615e5f0..9e003e7 100644 --- a/inc/modules/galleries/Admin.php +++ b/inc/modules/galleries/Admin.php @@ -53,15 +53,16 @@ class Admin extends AdminModule public function anyAdd() { $location = [ADMIN, 'galleries', 'manage']; - + if (!empty($_POST['name'])) { - $name = trim($_POST['name']); + $name = htmlspecialchars(trim($_POST['name']), ENT_NOQUOTES, 'UTF-8'); + if (!$this->db('galleries')->where('slug', createSlug($name))->count()) { $query = $this->db('galleries')->save(['name' => $name, 'slug' => createSlug($name)]); if ($query) { - $id = $this->db()->lastInsertId(); - $dir = $this->_uploads.'/'.$id; + $id = $this->db()->lastInsertId(); + $dir = $this->_uploads.'/'.$id; if (mkdir($dir, 0755, true)) { $this->notify('success', $this->lang('add_gallery_success')); @@ -76,7 +77,7 @@ class Admin extends AdminModule } else { $this->notify('failure', $this->lang('empty_inputs', 'general')); } - + redirect(url($location)); } @@ -142,7 +143,7 @@ class Admin extends AdminModule $this->core->addCSS(url('inc/jscripts/lightbox/lightbox.min.css')); $this->core->addJS(url('inc/jscripts/lightbox/lightbox.min.js')); $this->core->addJS(url('inc/jscripts/are-you-sure.min.js')); - + return $this->draw('edit.html', ['gallery' => $assign]); } @@ -151,13 +152,15 @@ class Admin extends AdminModule */ public function postSaveSettings($id) { - if (checkEmptyFields(['name', 'sort'], $_POST)) { + $formData = htmlspecialchars_array($_POST); + + if (checkEmptyFields(['name', 'sort'], $formData)) { $this->notify('failure', $this->lang('empty_inputs', 'general')); redirect(url([ADMIN, 'galleries', 'edit', $id])); } - $_POST['slug'] = createSlug($_POST['name']); - if ($this->db('galleries')->where($id)->save($_POST)) { + $formData['slug'] = createSlug($formData['name']); + if ($this->db('galleries')->where($id)->save($formData)) { $this->notify('success', $this->lang('save_settings_success')); } @@ -185,8 +188,8 @@ class Admin extends AdminModule */ public function postUpload($id) { - $dir = $this->_uploads.'/'.$id; - $cntr = 0; + $dir = $this->_uploads.'/'.$id; + $cntr = 0; if (!is_uploaded_file($_FILES['files']['tmp_name'][0])) { $this->notify('failure', $this->lang('no_files')); @@ -197,7 +200,7 @@ class Admin extends AdminModule if ($img->load($image)) { $imgName = time().$cntr++; $imgPath = $dir.'/'.$imgName.'.'.$img->getInfos('type'); - $src = []; + $src = []; // oryginal size $img->save($imgPath); @@ -232,6 +235,7 @@ class Admin extends AdminModule public function getDeleteImage($id) { $image = $this->db('galleries_items')->where($id)->oneArray(); + if (!empty($image)) { if ($this->db('galleries_items')->delete($id)) { $images = unserialize($image['src']); diff --git a/inc/modules/galleries/Info.php b/inc/modules/galleries/Info.php index 8b68c4f..96e294e 100644 --- a/inc/modules/galleries/Info.php +++ b/inc/modules/galleries/Info.php @@ -10,13 +10,12 @@ */ return [ - 'name' => $core->lang['galleries']['module_name'], - 'description' => $core->lang['galleries']['module_desc'], - 'author' => 'Sruu.pl', - 'version' => '1.0', - 'compatibility' => '1.3.*', - 'icon' => 'camera', - + 'name' => $core->lang['galleries']['module_name'], + 'description' => $core->lang['galleries']['module_desc'], + 'author' => 'Sruu.pl', + 'version' => '1.1', + 'compatibility' => '1.3.*', + 'icon' => 'camera', 'install' => function () use ($core) { $core->db()->pdo()->exec("CREATE TABLE IF NOT EXISTS `galleries` ( `id` integer NOT NULL PRIMARY KEY AUTOINCREMENT, diff --git a/inc/modules/galleries/Site.php b/inc/modules/galleries/Site.php index 8fab6eb..7d39cd4 100644 --- a/inc/modules/galleries/Site.php +++ b/inc/modules/galleries/Site.php @@ -33,7 +33,7 @@ class Site extends SiteModule } else { $items = $this->db('galleries_items')->where('gallery', $gallery['id'])->desc('id')->toArray(); } - + $tempAssign = $gallery; if (count($items)) { @@ -51,6 +51,7 @@ class Site extends SiteModule } } } + $this->tpl->set('gallery', $assign); $this->core->addCSS(url('inc/jscripts/lightbox/lightbox.min.css')); diff --git a/inc/modules/galleries/view/admin/edit.html b/inc/modules/galleries/view/admin/edit.html index 124c55f..d9df1f6 100644 --- a/inc/modules/galleries/view/admin/edit.html +++ b/inc/modules/galleries/view/admin/edit.html @@ -60,7 +60,7 @@

{$lang.galleries.settings}

-
+
diff --git a/inc/modules/galleries/view/admin/manage.html b/inc/modules/galleries/view/admin/manage.html index 4663ef3..b51737d 100644 --- a/inc/modules/galleries/view/admin/manage.html +++ b/inc/modules/galleries/view/admin/manage.html @@ -2,37 +2,37 @@
-

{$lang.general.manage}

-
+

{$lang.general.manage}

+
{if: !empty($galleries)} -
- - - - - - - - - - {loop: $galleries} - - - - - - {/loop} - -
{$lang.general.name}Tag{$lang.general.actions}
{$value.name}{$value.tag} - - - - - - -
-
+
+ + + + + + + + + + {loop: $galleries} + + + + + + {/loop} + +
{$lang.general.name}Tag{$lang.general.actions}
{$value.name}{$value.tag} + + + + + + +
+
{else}

{$lang.general.empty_array}

{/if} @@ -43,15 +43,15 @@
-

{$lang.galleries.add_gallery}

-
+

{$lang.galleries.add_gallery}

+
- -
- - -
- + +
+ + +
+
diff --git a/inc/modules/galleries/view/gallery.html b/inc/modules/galleries/view/gallery.html index 7f0a524..651fdf3 100644 --- a/inc/modules/galleries/view/gallery.html +++ b/inc/modules/galleries/view/gallery.html @@ -21,6 +21,6 @@ \ No newline at end of file From 7a77da05430c04d5a63b2562cde42d8ede6f0d55 Mon Sep 17 00:00:00 2001 From: michu2k Date: Sat, 31 Jul 2021 16:56:04 +0200 Subject: [PATCH 5/6] Added missing .lock file to the portuguese language --- inc/lang/pt_portuguese/.lock | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 inc/lang/pt_portuguese/.lock diff --git a/inc/lang/pt_portuguese/.lock b/inc/lang/pt_portuguese/.lock new file mode 100644 index 0000000..e69de29 From b48a50862c7732bf0567daf5fd3fafae234133c0 Mon Sep 17 00:00:00 2001 From: michu2k Date: Sat, 31 Jul 2021 17:01:24 +0200 Subject: [PATCH 6/6] modules/snippets: Fixed code injection vulnerability --- inc/modules/navigation/Info.php | 6 +++--- inc/modules/snippets/Admin.php | 29 +++++++++++++++-------------- inc/modules/snippets/Info.php | 17 ++++++++--------- 3 files changed, 26 insertions(+), 26 deletions(-) diff --git a/inc/modules/navigation/Info.php b/inc/modules/navigation/Info.php index d9e9384..80fe1f7 100644 --- a/inc/modules/navigation/Info.php +++ b/inc/modules/navigation/Info.php @@ -13,10 +13,10 @@ return [ 'name' => $core->lang['navigation']['module_name'], 'description' => $core->lang['navigation']['module_desc'], 'author' => 'Sruu.pl', - 'version' => '1.2', + 'version' => '1.3', 'compatibility' => '1.3.*', 'icon' => 'list-ul', - 'install' => function () use ($core) { + 'install' => function () use ($core) { $core->db()->pdo()->exec("CREATE TABLE IF NOT EXISTS `navs` ( `id` integer NOT NULL PRIMARY KEY AUTOINCREMENT, `name` text NOT NULL @@ -46,7 +46,7 @@ return [ $core->db()->pdo()->exec("INSERT INTO `navs_items` (`name`, `page`, `lang`, `nav`, `order`) VALUES ('Kontakt', 4, 'pl_polski', 1, 3)"); }, - 'uninstall' => function () use ($core) { + 'uninstall' => function () use ($core) { $core->db()->pdo()->exec("DROP TABLE `navs`"); $core->db()->pdo()->exec("DROP TABLE `navs_items`"); } diff --git a/inc/modules/snippets/Admin.php b/inc/modules/snippets/Admin.php index db3666f..68cbcdf 100644 --- a/inc/modules/snippets/Admin.php +++ b/inc/modules/snippets/Admin.php @@ -18,8 +18,8 @@ class Admin extends AdminModule public function navigation() { return [ - $this->lang('manage', 'general') => 'manage', - $this->lang('add') => 'add', + $this->lang('manage', 'general') => 'manage', + $this->lang('add') => 'add', ]; } @@ -61,7 +61,6 @@ class Admin extends AdminModule if ($id === null) { $row = ['name' => isset_or($assign['name'], null), 'content' => isset_or($assign['content'], null)]; - $assign['title'] = $this->lang('add'); } elseif (!empty($row = $this->db('snippets')->oneArray($id))) { $assign['title'] = $this->lang('edit'); @@ -74,6 +73,7 @@ class Admin extends AdminModule $assign['content'] = []; preg_match_all("/{lang: ([a-z]{2}_[a-z]+)}(.*?){\/lang}/ms", $row['content'], $matches); + foreach ($matches[1] as $key => $value) { $assign['content'][trim($value)] = $this->tpl->noParse(trim($matches[2][$key])); } @@ -103,8 +103,9 @@ class Admin extends AdminModule public function postSave($id = null) { unset($_POST['save']); + $formData = htmlspecialchars_array($_POST); - if (checkEmptyFields(['name'], $_POST)) { + if (checkEmptyFields(['name'], $formData)) { $this->notify('failure', $this->lang('empty_inputs', 'general')); if (!$id) { @@ -114,20 +115,20 @@ class Admin extends AdminModule } } - $_POST['name'] = trim($_POST['name']); - $_POST['slug'] = createSlug($_POST['name']); + $formData['name'] = trim($formData['name']); + $formData['slug'] = createSlug($formData['name']); $tmp = null; - foreach ($_POST['content'] as $lang => $content) { + foreach ($formData['content'] as $lang => $content) { $tmp .= "{lang: $lang}".$content."{/lang}"; } - $_POST['content'] = $tmp; + $formData['content'] = $tmp; if ($id === null) { // new $location = url([ADMIN, 'snippets', 'add']); - if (!$this->db('snippets')->where('slug', $_POST['slug'])->count()) { - if ($this->db('snippets')->save($_POST)) { + if (!$this->db('snippets')->where('slug', $formData['slug'])->count()) { + if ($this->db('snippets')->save($formData)) { $location = url([ADMIN, 'snippets', 'edit', $this->db()->lastInsertId()]); $this->notify('success', $this->lang('save_success')); } else { @@ -137,8 +138,8 @@ class Admin extends AdminModule $this->notify('failure', $this->lang('already_exists')); } } else { // edit - if (!$this->db('snippets')->where('slug', $_POST['slug'])->where('id', '<>', $id)->count()) { - if ($this->db('snippets')->where($id)->save($_POST)) { + if (!$this->db('snippets')->where('slug', $formData['slug'])->where('id', '<>', $id)->count()) { + if ($this->db('snippets')->where($id)->save($formData)) { $this->notify('success', $this->lang('save_success')); } else { $this->notify('failure', $this->lang('save_failure')); @@ -146,11 +147,11 @@ class Admin extends AdminModule } else { $this->notify('failure', $this->lang('already_exists')); } - + $location = url([ADMIN, 'snippets', 'edit', $id]); } - redirect($location, $_POST); + redirect($location, $formData); } /** diff --git a/inc/modules/snippets/Info.php b/inc/modules/snippets/Info.php index 430a4c0..5bc7f85 100644 --- a/inc/modules/snippets/Info.php +++ b/inc/modules/snippets/Info.php @@ -10,14 +10,13 @@ */ return [ - 'name' => $core->lang['snippets']['module_name'], - 'description' => $core->lang['snippets']['module_desc'], - 'author' => 'Sruu.pl', - 'version' => '1.1', - 'compatibility' => '1.3.*', - 'icon' => 'puzzle-piece', - - 'install' => function () use ($core) { + 'name' => $core->lang['snippets']['module_name'], + 'description' => $core->lang['snippets']['module_desc'], + 'author' => 'Sruu.pl', + 'version' => '1.2', + 'compatibility' => '1.3.*', + 'icon' => 'puzzle-piece', + 'install' => function () use ($core) { $core->db()->pdo()->exec("CREATE TABLE IF NOT EXISTS `snippets` ( `id` integer NOT NULL PRIMARY KEY AUTOINCREMENT, `name` text NOT NULL, @@ -25,7 +24,7 @@ return [ `content` text NOT NULL )"); }, - 'uninstall' => function () use ($core) { + 'uninstall' => function () use ($core) { $core->db()->pdo()->exec("DROP TABLE `snippets`"); } ];