tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2011-04-18 Javier Lanz <javier.lanz@artica.es> 

* include/functions_filemanager.php: Fixed a problem with html entities
	* include/get_file.php: Added base64_decode for getting a get parameter

	Fixes: #3286063


git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@4237 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
javilanz 2011-04-18 15:00:43 +00:00
parent 36db9ce4bd
commit 9ce09cd9b7
3 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pandora_console/ChangeLog
View File

@ -1,3 +1,10 @@
2011-04-18 Javier Lanz <javier.lanz@artica.es>
* include/functions_filemanager.php: Fixed a problem with html entities
* include/get_file.php: Added base64_decode for getting a get parameter
Fixes: #3286063
2011-04-18 Miguel de Dios <miguel.dedios@artica.es> 2011-04-18 Miguel de Dios <miguel.dedios@artica.es>
* include/functions_graph.php, include/graphs/functions_pchart.php, * include/functions_graph.php, include/graphs/functions_pchart.php,

11
pandora_console/include/functions_filemanager.php
View File

@ -193,12 +193,14 @@ if ($create_text_file) {
return; return;
} }
$filename = get_parameter('name_file'); $filename = safe_output(get_parameter('name_file'));
if ($filename != "") { if ($filename != "") {
$real_directory = (string) get_parameter('real_directory'); $real_directory = (string) get_parameter('real_directory');
$real_directory = safe_output($real_directory);
$directory = (string) get_parameter ('directory'); $directory = (string) get_parameter ('directory');
$directory = safe_output($directory);
$hash = get_parameter('hash', ''); $hash = get_parameter('hash', '');
$testHash = md5($real_directory . $directory . $config['dbpass']); $testHash = md5($real_directory . $directory . $config['dbpass']);
@ -227,7 +229,7 @@ if ($create_text_file) {
} }
} }
// Upload file // Upload zip
if ($upload_zip) { if ($upload_zip) {
// Load global vars // Load global vars
global $config; global $config;
@ -296,7 +298,7 @@ if ($create_dir) {
$config['filemanager']['message'] = null; $config['filemanager']['message'] = null;
$directory = (string) get_parameter ('directory', "/"); $directory = (string) get_parameter ('directory', "/");
$directory = safe_output($directory);
$hash = get_parameter('hash', ''); $hash = get_parameter('hash', '');
$testHash = md5($directory . $config['dbpass']); $testHash = md5($directory . $config['dbpass']);
@ -305,6 +307,7 @@ if ($create_dir) {
} }
else { else {
$dirname = (string) get_parameter ('dirname'); $dirname = (string) get_parameter ('dirname');
$dirname = safe_output($dirname);
if ($dirname != '') { if ($dirname != '') {
@mkdir ($directory.'/'.$dirname); @mkdir ($directory.'/'.$dirname);
$config['filemanager']['message'] = '<h4 class="suc">'.__('Created directory').'</h4>'; $config['filemanager']['message'] = '<h4 class="suc">'.__('Created directory').'</h4>';
@ -327,7 +330,7 @@ if ($delete_file) {
$config['filemanager']['message'] = null; $config['filemanager']['message'] = null;
$filename = (string) get_parameter ('filename'); $filename = (string) get_parameter ('filename');
$filename = safe_output($filename);
$hash = get_parameter('hash', ''); $hash = get_parameter('hash', '');
$testHash = md5($filename . $config['dbpass']); $testHash = md5($filename . $config['dbpass']);

1
pandora_console/include/get_file.php
View File

@ -28,6 +28,7 @@ check_login ();
$styleError = "background:url(\"../images/err.png\") no-repeat scroll 0 0 transparent; padding:4px 1px 6px 30px; color:#CC0000;"; $styleError = "background:url(\"../images/err.png\") no-repeat scroll 0 0 transparent; padding:4px 1px 6px 30px; color:#CC0000;";
$file = get_parameter('file', null); $file = get_parameter('file', null);
$file = base64_decode($file);
$chunks = explode('/', $file); $chunks = explode('/', $file);
$nameFile = end($chunks); $nameFile = end($chunks);