Nemcio/Batflat
1
0
Fork 0
mirror of https://github.com/sruupl/batflat.git synced 2026-01-10 07:52:04 +01:00
Code Issues Packages Projects Releases Activity

modules/galleries: Fixed code injection vulnerability

Browse Source
This commit is contained in:
michu2k
2021-07-31 16:54:30 +02:00
parent 86011d4a26
commit e352185d6a
6 changed files with 63 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
inc/modules/galleries/Admin.php
View File

@@ -53,15 +53,16 @@ class Admin extends AdminModule
public function anyAdd()
{
$location = [ADMIN, 'galleries', 'manage'];
if (!empty($_POST['name'])) {
$name = trim($_POST['name']);
$name = htmlspecialchars(trim($_POST['name']), ENT_NOQUOTES, 'UTF-8');
if (!$this->db('galleries')->where('slug', createSlug($name))->count()) {
$query = $this->db('galleries')->save(['name' => $name, 'slug' => createSlug($name)]);
if ($query) {
$id = $this->db()->lastInsertId();
$dir = $this->_uploads.'/'.$id;
$id = $this->db()->lastInsertId();
$dir = $this->_uploads.'/'.$id;
if (mkdir($dir, 0755, true)) {
$this->notify('success', $this->lang('add_gallery_success'));
@@ -76,7 +77,7 @@ class Admin extends AdminModule
} else {
$this->notify('failure', $this->lang('empty_inputs', 'general'));
}
redirect(url($location));
}
@@ -142,7 +143,7 @@ class Admin extends AdminModule
$this->core->addCSS(url('inc/jscripts/lightbox/lightbox.min.css'));
$this->core->addJS(url('inc/jscripts/lightbox/lightbox.min.js'));
$this->core->addJS(url('inc/jscripts/are-you-sure.min.js'));
return $this->draw('edit.html', ['gallery' => $assign]);
}
@@ -151,13 +152,15 @@ class Admin extends AdminModule
*/
public function postSaveSettings($id)
{
if (checkEmptyFields(['name', 'sort'], $_POST)) {
$formData = htmlspecialchars_array($_POST);
if (checkEmptyFields(['name', 'sort'], $formData)) {
$this->notify('failure', $this->lang('empty_inputs', 'general'));
redirect(url([ADMIN, 'galleries', 'edit', $id]));
}
$_POST['slug'] = createSlug($_POST['name']);
if ($this->db('galleries')->where($id)->save($_POST)) {
$formData['slug'] = createSlug($formData['name']);
if ($this->db('galleries')->where($id)->save($formData)) {
$this->notify('success', $this->lang('save_settings_success'));
}
@@ -185,8 +188,8 @@ class Admin extends AdminModule
*/
public function postUpload($id)
{
$dir = $this->_uploads.'/'.$id;
$cntr = 0;
$dir = $this->_uploads.'/'.$id;
$cntr = 0;
if (!is_uploaded_file($_FILES['files']['tmp_name'][0])) {
$this->notify('failure', $this->lang('no_files'));
@@ -197,7 +200,7 @@ class Admin extends AdminModule
if ($img->load($image)) {
$imgName = time().$cntr++;
$imgPath = $dir.'/'.$imgName.'.'.$img->getInfos('type');
$src = [];
$src = [];
// oryginal size
$img->save($imgPath);
@@ -232,6 +235,7 @@ class Admin extends AdminModule
public function getDeleteImage($id)
{
$image = $this->db('galleries_items')->where($id)->oneArray();
if (!empty($image)) {
if ($this->db('galleries_items')->delete($id)) {
$images = unserialize($image['src']);

13
inc/modules/galleries/Info.php
View File

@@ -10,13 +10,12 @@
*/
return [
'name' => $core->lang['galleries']['module_name'],
'description' => $core->lang['galleries']['module_desc'],
'author' => 'Sruu.pl',
'version' => '1.0',
'compatibility' => '1.3.*',
'icon' => 'camera',
'name' => $core->lang['galleries']['module_name'],
'description' => $core->lang['galleries']['module_desc'],
'author' => 'Sruu.pl',
'version' => '1.1',
'compatibility' => '1.3.*',
'icon' => 'camera',
'install' => function () use ($core) {
$core->db()->pdo()->exec("CREATE TABLE IF NOT EXISTS `galleries` (
`id` integer NOT NULL PRIMARY KEY AUTOINCREMENT,

3
inc/modules/galleries/Site.php
View File

@@ -33,7 +33,7 @@ class Site extends SiteModule
} else {
$items = $this->db('galleries_items')->where('gallery', $gallery['id'])->desc('id')->toArray();
}
$tempAssign = $gallery;
if (count($items)) {
@@ -51,6 +51,7 @@ class Site extends SiteModule
}
}
}
$this->tpl->set('gallery', $assign);
$this->core->addCSS(url('inc/jscripts/lightbox/lightbox.min.css'));

2
inc/modules/galleries/view/admin/edit.html
View File

@@ -60,7 +60,7 @@
<h3 class="panel-title">{$lang.galleries.settings}</h3>
</div>
<div class="panel-body">
<form action="{?=url(ADMIN.'/galleries/saveSettings/'.$gallery.id)?}" method="POST">
<form action="{?=url(ADMIN.'/galleries/saveSettings/'.$gallery.id)?}" method="POST">
<div class="form-group">
<label>{$lang.general.name}</label>
<input type="text" name="name" required class="form-control" value="{$gallery.settings.name}" />

74
inc/modules/galleries/view/admin/manage.html
View File

@@ -2,37 +2,37 @@
<div class="col-md-8">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">{$lang.general.manage}</h3>
</div>
<h3 class="panel-title">{$lang.general.manage}</h3>
</div>
<div class="panel-body">
{if: !empty($galleries)}
<div class="table-responsive no-margin">
<table class="table table-striped no-margin">
<thead>
<tr>
<th>{$lang.general.name}</th>
<th>Tag</th>
<th class="text-right">{$lang.general.actions}</th>
</tr>
</thead>
<tbody>
{loop: $galleries}
<tr>
<td><a href="{$value.editURL}">{$value.name}</a></td>
<td><code>{$value.tag}</code></td>
<td class="text-right">
<a href="{$value.editURL}" class="btn btn-xs btn-success">
<i class="fa fa-pencil"></i> <span class="hidden-xs">{$lang.general.edit}</span>
</a>
<a href="{$value.delURL}" class="btn btn-xs btn-danger" data-confirm="{$lang.galleries.delete_confirm}">
<i class="fa fa-trash-o"></i> <span class="hidden-xs">{$lang.general.delete}</span>
</a>
</td>
</tr>
{/loop}
</tbody>
</table>
</div>
<div class="table-responsive no-margin">
<table class="table table-striped no-margin">
<thead>
<tr>
<th>{$lang.general.name}</th>
<th>Tag</th>
<th class="text-right">{$lang.general.actions}</th>
</tr>
</thead>
<tbody>
{loop: $galleries}
<tr>
<td><a href="{$value.editURL}">{$value.name}</a></td>
<td><code>{$value.tag}</code></td>
<td class="text-right">
<a href="{$value.editURL}" class="btn btn-xs btn-success">
<i class="fa fa-pencil"></i> <span class="hidden-xs">{$lang.general.edit}</span>
</a>
<a href="{$value.delURL}" class="btn btn-xs btn-danger" data-confirm="{$lang.galleries.delete_confirm}">
<i class="fa fa-trash-o"></i> <span class="hidden-xs">{$lang.general.delete}</span>
</a>
</td>
</tr>
{/loop}
</tbody>
</table>
</div>
{else}
<p class="no-margin">{$lang.general.empty_array}</p>
{/if}
@@ -43,15 +43,15 @@
<div class="col-md-4">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">{$lang.galleries.add_gallery}</h3>
</div>
<h3 class="panel-title">{$lang.galleries.add_gallery}</h3>
</div>
<div class="panel-body">
<form action="{?=url(ADMIN.'/galleries/add')?}" method="POST">
<div class="form-group">
<label>{$lang.general.name}</label>
<input type="text" name="name" class="form-control" required />
</div>
<input type="submit" class="btn btn-primary" value="{$lang.general.save}" />
<form action="{?=url(ADMIN.'/galleries/add')?}" method="POST">
<div class="form-group">
<label>{$lang.general.name}</label>
<input type="text" name="name" class="form-control" required />
</div>
<input type="submit" class="btn btn-primary" value="{$lang.general.save}" />
</form>
</div>
</div>

2
inc/modules/galleries/view/gallery.html
View File

@@ -21,6 +21,6 @@
<script>
$(document).ready(function(){
$('.gallery-{$gallery.slug}').lightbox();
$('.gallery-{$gallery.slug}').lightbox();
});
</script>