mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-02 20:57:26 +02:00
Code Issues Releases Wiki Activity

File Inspector fixes/upgrades.

Browse Source
This commit is contained in:
Cameron
2016-03-18 09:35:52 -07:00
parent 46a63ca70e
commit c748f0fdb3
2 changed files with 22 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
e107_admin/fileinspector.php
View File

@@ -145,6 +145,7 @@ class file_inspector {
private $excludeFiles = array( '.', '..','/','.svn', 'CVS' ,'Thumbs.db', '.git'); private $excludeFiles = array( '.', '..','/','.svn', 'CVS' ,'Thumbs.db', '.git');
private $knownSecurityIssues = array('htmlarea', 'e107_docs/docs.php');
// private $icon = array(); // private $icon = array();
private $iconTag = array(); private $iconTag = array();
@@ -764,7 +765,8 @@ class file_inspector {
if (!isset($this -> files[$dir_id][$aid]['file']) && !$known[$dir_id][$aid]) if (!isset($this -> files[$dir_id][$aid]['file']) && !$known[$dir_id][$aid])
{ {
if (strpos($dir.'/'.$readdir, 'htmlarea') === false) { if ($this->checkKnownSecurity($dir.'/'.$readdir) === false)
{
if (isset($deprecated[$readdir])) if (isset($deprecated[$readdir]))
{ {
if ($_POST['oldcore']) if ($_POST['oldcore'])
@@ -866,6 +868,22 @@ class file_inspector {
return $text; return $text;
} }
private function checkKnownSecurity($path)
{
foreach($this->knownSecurityIssues as $v)
{
if(strpos($path, $v) !== false)
{
return true;
}
}
return false;
}
function scan_results() function scan_results()
{ {
global $ns, $rs, $core_image, $deprecated_image; global $ns, $rs, $core_image, $deprecated_image;
@@ -942,9 +960,9 @@ class file_inspector {
$text .= "<tr><td style='padding-left: 4px' colspan='2'> $text .= "<tr><td style='padding-left: 4px' colspan='2'>
".$this->iconTag['warning']."&nbsp;<b>".FR_LAN_26."</b></td></tr>"; ".$this->iconTag['warning']."&nbsp;<b>".FR_LAN_26."</b></td></tr>";
$text .= "<tr><td class='f'>".$this->iconTag['file_warning']."&nbsp;".FR_LAN_28.":&nbsp;".($this -> count['warning']['num'] ? $this -> count['warning']['num'] : FR_LAN_21)."&nbsp;</td><td class='s'>".$this -> parsesize($this -> count['warning']['size'], 2)."</td></tr>"; $text .= "<tr><td class='f'>".$this->iconTag['file_warning']." ".FR_LAN_28.": ".($this -> count['warning']['num'] ? $this -> count['warning']['num'] : FR_LAN_21)."&nbsp;</td><td class='s'>".$this -> parsesize($this -> count['warning']['size'], 2)."</td></tr>";
$text .= "<tr><td class='w' colspan='2'>".$this->iconTag['info']."&nbsp;".FR_LAN_27."</td></tr>"; $text .= "<tr><td class='w' colspan='2'><div class='alert alert-warning'>".FR_LAN_27."</div></td></tr>";
} }
if ($_POST['integrity'] && $_POST['core'] != 'none') if ($_POST['integrity'] && $_POST['core'] != 'none')