mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-01-18 05:09:05 +01:00
Code Issues Releases Wiki Activity

Merge pull request #3281 from SimSync/pref_update_218

Browse Source 
Fixed typo in prefs.php, Added check&update to update routine
This commit is contained in:
Cameron 2018-07-14 12:51:26 -07:00 committed by GitHub
commit 5a689397eb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
e107_admin/prefs.php
View File

@ -1210,9 +1210,7 @@ if ($savePrefs) $core_pref->setPref($pref)->save(false, true);
<tr> <tr>
<td><label for='post-script'>".PRFLAN_215.":</label></td> <td><label for='post-script'>".PRFLAN_215.":</label></td>
<td> <td>
".//r_userclass('post_script',$pref['post_script'],'off','nobody,member,admin,main,classes') ".$e_userclass->uc_dropdown('post_script',$pref['post_script'],'nobody,admin,main,classes,no-excludes')."
$e_userclass->uc_dropdown('post_script',$pref['post_script'],'off','nobody,admin,main,classes,no-excludes')
."
<div class='smalltext field-help'>".PRFLAN_216."</div> <div class='smalltext field-help'>".PRFLAN_216."</div>
</td> </td>
</tr> </tr>

15
e107_admin/update_routines.php
View File

@ -584,12 +584,25 @@ function update_core_database($type = '')
} }
//todo add check for post_html pref value. // Make sure, that the pref "post_script" contains one of the allowed userclasses
// Close possible security hole
if (!array_key_exists(e107::getPref('post_script'), e107::getUserClass()->uc_required_class_list('nobody,admin,main,classes,no-excludes', true)))
{
if ($just_check)
{
return update_needed("Pref 'Class which can post < script > and similar tags' contains an invalid value"); // NO LAN.
}
else
{
e107::getConfig()->setPref('post_script', 255)->save(false, true);
}
}
return $just_check; return $just_check;
} }