mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-01-16 20:28:28 +01:00
Code Issues Releases Wiki Activity

Code cleanup

Browse Source
This commit is contained in:
Cameron 2016-12-02 12:04:08 -08:00
parent c3df2134e2
commit e22eb860f1
12 changed files with 69 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
class2.php
View File

@ -599,7 +599,7 @@ if(!empty($pref['redirectsiteurl']) && !empty($pref['siteurl'])) {
$aeSELF[1] = ''; // Defensive code: ensure http:// not http:/<garbage>/
$aeSELF[2] = $aPrefURL[2]; // Swap in correct domain and possibly port
$location = implode('/',$aeSELF).($_SERVER['QUERY_STRING'] ? '?'.$_SERVER['QUERY_STRING'] : '');
$location = filter_var($location, FILTER_SANITIZE_URL);
//
// header("Location: {$location}", true, 301); // send 301 header, not 302
if(defined('e_DEBUG') && e_DEBUG === true)
@ -835,9 +835,10 @@ if (!function_exists('checkvalidtheme'))
require_once(e_HANDLER.'theme_handler.php');
$themeobj = new themeHandler;
$themeArray = $themeobj->getThemes('id');
$id = intval($id);
$themeDef = $themeobj->findDefault($themeArray[$id]);
$id = intval($id);
define('THEME_LAYOUT',$themeDef);

15
e107_admin/emoticon.php
View File

@ -274,7 +274,8 @@ class emotec
$tp = e107::getParser();
$fl = e107::getFile();
$ns = e107::getRender();
$packID = $tp->filter($packID);
$corea = "emote_".$packID;
$emotecode = $sysprefs -> getArray($corea);
@ -362,6 +363,8 @@ class emotec
$fl = e107::getFile();
$tp = e107::getParser();
$packID = $tp->filter($packID);
$fname = e_IMAGE."emotes/".$packID."/emoticons.xml";
$backname = e_IMAGE."emotes/".$packID."/emoticons.bak";
@ -445,9 +448,9 @@ class emotec
// Pick up a list of emote packs from the database
$pack_local = array();
if ($sql->db_Select("core","*","`e107_name` LIKE 'emote_%'"))
if ($sql->select("core","*","`e107_name` LIKE 'emote_%'"))
{
while ($row = $sql->db_Fetch())
while ($row = $sql->fetch())
{
$pack_local[substr($row['e107_name'],6)] = TRUE;
}
@ -518,7 +521,7 @@ class emotec
$confArray[$confIC] = trim($tmp[2]);
}
// $tmp = addslashes(serialize($confArray));
$tmp = e107::getArrayStorage()->WriteArray($confArray);
$tmp = e107::serialize($confArray);
$File_type = EMOLAN_22.":";
}
/* end */
@ -643,11 +646,11 @@ class emotec
{
if ($do_one)
{ // Assume existing pack
$sql->db_Update("core", "`e107_value`='{$tmp}' WHERE `e107_name`='emote_".$value."'");
$sql->update("core", "`e107_value`='{$tmp}' WHERE `e107_name`='emote_".$value."'");
}
else
{ // Assume new pack
$sql->db_Insert("core", "'emote_".$value."', '{$tmp}' ");
$sql->insert("core", "'emote_".$value."', '{$tmp}' ");
}
$mes->addInfo("<strong>{$File_type}</strong> '{$value}'");
}

34
e107_admin/plugin.php
View File

@ -1746,9 +1746,11 @@ class pluginLanguage
function __construct()
{
if(vartrue($_GET['newplugin']) && $_GET['step']==2)
if(!empty($_GET['newplugin']) && $_GET['step']==2)
{
return $this->step2($_GET['newplugin']);
$plugin = e107::getParser()->filter($_GET['newplugin'],'w');
$this->step2($plugin);
return false;
}
@ -1793,7 +1795,7 @@ class pluginLanguage
$this->renderResults();
return true;
}
@ -2200,12 +2202,12 @@ class pluginBuilder
$this->special['checkboxes'] = array('title'=> '','type' => null, 'data' => null, 'width'=>'5%', 'thclass' =>'center', 'forced'=> TRUE, 'class'=>'center', 'toggle' => 'e-multiselect', 'fieldpref'=>true);
$this->special['options'] = array( 'title'=> 'LAN_OPTIONS', 'type' => null, 'data' => null, 'width' => '10%', 'thclass' => 'center last', 'class' => 'center last', 'forced'=>TRUE, 'fieldpref'=>true);
if(vartrue($_GET['newplugin']))
if(!empty($_GET['newplugin']))
{
$this->pluginName = $_GET['newplugin'];
$this->pluginName = e107::getParser()->filter($_GET['newplugin'],'w');
}
if(vartrue($_GET['createFiles']))
if(!empty($_GET['createFiles']))
{
$this->createFiles = true;
}
@ -2226,7 +2228,7 @@ class pluginBuilder
if(vartrue($_GET['newplugin']) && $_GET['step']==2)
if(!empty($_GET['newplugin']) && $_GET['step']==2)
{
return $this->step2();
}
@ -2364,7 +2366,7 @@ class pluginBuilder
$tp = e107::getParser();
$newplug = $tp->filter($_GET['newplugin']);
$newplug = $tp->filter($_GET['newplugin'],'w');
$this->pluginName = $newplug;
$sqlFile = e_PLUGIN.$newplug."/".$newplug."_sql.php";
@ -3561,7 +3563,7 @@ TEMPLATE;
function step4()
{
$tp = e107::getParser();
$pluginTitle = $_POST['xml']['main-name'] ;
if($_POST['xml'])
@ -3577,7 +3579,7 @@ TEMPLATE;
unset($_POST['step'],$_POST['xml'], $_POST['addons']);
$thePlugin = $_POST['newplugin'];
$thePlugin = $tp->filter($_POST['newplugin']);
$text = "\n
// Generated e107 Plugin Admin Area
@ -3606,6 +3608,9 @@ class ".$thePlugin."_adminArea extends e_admin_dispatcher
{
if(vartrue($vars['mode']) && $vars['mode'] != 'exclude')
{
$vars['mode'] = $tp->filter($vars['mode']);
$text .= "
'".$vars['mode']."' => array(
'controller' => '".$table."',
@ -3637,6 +3642,8 @@ $text .= "
{
if(vartrue($vars['mode']) && $vars['mode'] != 'exclude' && !empty($vars['table']))
{
$vars['mode'] = $tp->filter($vars['mode']);
$text .= "
'".$vars['mode']."/list' => array('caption'=> LAN_MANAGE, 'perm' => 'P'),
'".$vars['mode']."/create' => array('caption'=> LAN_CREATE, 'perm' => 'P'),
@ -3659,7 +3666,7 @@ $text .= "
'main/edit' => 'main/list'
);
protected \$menuTitle = '".vartrue($vars['pluginName'], $pluginTitle)."';
protected \$menuTitle = '".vartrue($tp->filter($vars['pluginName']), $pluginTitle)."';
}
@ -3703,7 +3710,10 @@ $text .= "
foreach($_POST as $table => $vars) // LOOP Through Tables.
{
$vars['mode'] = $tp->filter($vars['mode']);
$vars['pluginName'] = $tp->filter($vars['pluginName']);
$vars['table'] = $tp->filter($vars['table']);
$vars['pid'] = $tp->filter($vars['pid']);
if($table == 'pluginPrefs' || $vars['mode'] == 'exclude')
{

4
e107_handlers/e107_class.php
View File

@ -3930,7 +3930,7 @@ class e107
}
else
{
define('SITEURLBASE', $this->HTTP_SCHEME.'://'.$_SERVER['HTTP_HOST']);
define('SITEURLBASE', $this->HTTP_SCHEME.'://'. filter_var($_SERVER['HTTP_HOST'], FILTER_SANITIZE_URL));
define('SITEURL', SITEURLBASE.e_HTTP);
}
@ -3986,7 +3986,7 @@ class e107
// e_QUERY SHOULD NOT BE DEFINED IF IN SNIGLE ENTRY MODE OR ALL URLS WILL BE BROKEN - it's defined later within the the router
if(!deftrue("e_SINGLE_ENTRY"))
{
define('e_QUERY', $e_QUERY);
define('e_QUERY', filter_var($e_QUERY, FILTER_SANITIZE_URL));
$_SERVER['QUERY_STRING'] = e_QUERY;
}
else

4
e107_handlers/theme_handler.php
View File

@ -1909,9 +1909,9 @@ class themeHandler
*/
function findDefault($theme)
{
if(varset($_POST['layout_default']))
if(!empty($_POST['layout_default']))
{
return $_POST['layout_default'];
return e107::getParser()->filter($_POST['layout_default'], 'w');
}
$l = $this->themeArray[$theme];

6
e107_plugins/forum/forum_viewforum.php
View File

@ -223,8 +223,8 @@ if(varset($pref['track_online']))
{
// $member_users = $sql->count('online', '(*)', "WHERE online_location REGEXP('viewforum.php.id=$forumId\$') AND online_user_id != 0");
// $guest_users = $sql->count('online', '(*)', "WHERE online_location REGEXP('viewforum.php.id=$forumId\$') AND online_user_id = 0");
$member_users = $sql->count('online', '(*)', "WHERE online_location LIKE('".$tp->filter(e_REQUEST_URI)."%') AND online_user_id != 0");
$guest_users = $sql->count('online', '(*)', "WHERE online_location LIKE('".$tp->filter(e_REQUEST_URI)."%') AND online_user_id = 0");
$member_users = $sql->count('online', '(*)', "WHERE online_location LIKE('".$tp->filter(e_REQUEST_URI)."%', 'url') AND online_user_id != 0");
$guest_users = $sql->count('online', '(*)', "WHERE online_location LIKE('".$tp->filter(e_REQUEST_URI)."%', 'url') AND online_user_id = 0");
$users = $member_users+$guest_users;
@ -467,7 +467,7 @@ $threadFilter = null;
if(!empty($_GET['srch']))
{
$threadFilter = "t.thread_name LIKE '%".$tp->filter($_GET['srch'])."%'";
$threadFilter = "t.thread_name LIKE '%".$tp->filter($_GET['srch'], 'w')."%'";
}
$threadList = $forum->forumGetThreads($forumId, $threadFrom, $view, $threadFilter);

3
e107_plugins/import/admin_import.php
View File

@ -622,6 +622,7 @@ class import_main_ui extends e_admin_ui
{
$mes = e107::getMessage();
$tp = e107::getParser();
$mes->addDebug("dbImport(): Loading: ".$this->importClass);
@ -654,7 +655,7 @@ class import_main_ui extends e_admin_ui
return false;
}
$result = $converter->db_Connect($_POST['dbParamHost'], $_POST['dbParamUsername'], $_POST['dbParamPassword'], $_POST['dbParamDatabase'], $_POST['dbParamPrefix']);
$result = $converter->db_Connect($tp->filter($_POST['dbParamHost']), $tp->filter($_POST['dbParamUsername']), $tp->filter($_POST['dbParamPassword']), $tp->filter($_POST['dbParamDatabase']), $tp->filter($_POST['dbParamPrefix']));
if ($result !== TRUE)
{
$mes->addError(LAN_CONVERT_43.": ".$result); // db connect failed

4
e107_plugins/log/log.php
View File

@ -66,12 +66,12 @@ $pageUnique = array('page' => 1, 'content' => array('content'));
$logVals = base64_decode($_GET['lv']);
$logVals = filter_var($logVals, FILTER_SANITIZE_URL);
$logVals .= "&ip=".USERIP;
$logVals .= "&iphost=". @gethostbyaddr(USERIP);
$logVals .= "&lan=".e_LAN;
$logVals .= "&agent=".$_SERVER['HTTP_USER_AGENT'];
$logVals .= "&agent=".filter_var($_SERVER['HTTP_USER_AGENT'],FILTER_SANITIZE_STRING);
parse_str($logVals, $vals);

23
fpw.php
View File

@ -264,7 +264,7 @@ if(e_QUERY)
// Request to reset password
if (isset($_POST['pwsubmit']))
if (!empty($_POST['pwsubmit']))
{
require_once(e_HANDLER.'mail.php');
@ -290,13 +290,15 @@ if (isset($_POST['pwsubmit']))
$row = $sql->fetch();
// Main admin expected to be competent enough to never forget password! (And its a security check - so warn them)
// Sending email to admin alerting them of attempted admin password reset, and redirect user to homepage.
if (($row['user_admin'] == 1) && (($row['user_perms'] == '0') OR ($row['user_perms'] == '0.')))
{
sendemail($pref['siteadminemail'], LAN_06, LAN_07.' ['.e107::getIPHandler()->getIP(FALSE).'] '.e107::getIPHandler()->getIP(TRUE).' '.LAN_08);
e107::getRedirect()->redirect(SITEURL);
// Sending email to admin alerting them of attempted admin password reset, and redirect user to homepage.
if(!getperms('0')) // disabled when testing as main-admin.
{
if (($row['user_admin'] == 1) && (($row['user_perms'] == '0') OR ($row['user_perms'] == '0.')))
{
sendemail($pref['siteadminemail'], LAN_06, LAN_07.' ['.e107::getIPHandler()->getIP(FALSE).'] '.e107::getIPHandler()->getIP(TRUE).' '.LAN_08);
e107::getRedirect()->redirect(SITEURL);
}
}
// Banned user, or not validated
switch($row['user_ban'])
{
@ -318,11 +320,8 @@ if (isset($_POST['pwsubmit']))
}
// Set unique reset code
mt_srand ((double)microtime() * 1000000);
$maxran = 1000000;
$rand_num = mt_rand(0, $maxran);
$datekey = date('r');
$rcode = md5($_SERVER['HTTP_USER_AGENT'] . serialize($pref). $rand_num . $datekey);
$datekey = microtime(true);
$rcode = crypt(($_SERVER['HTTP_USER_AGENT'] . serialize($pref). $clean_email . $datekey), e_TOKEN);
// Prepare email
$link = SITEURL.'fpw.php?'.$rcode;

1
install.php
View File

@ -137,6 +137,7 @@ $override = array();
if(isset($_POST['previous_steps']))
{
$tmp = unserialize(base64_decode($_POST['previous_steps']));
$tmp = $tp->filter($tmp);
$override = (isset($tmp['paths']['hash'])) ? array('site_path'=>$tmp['paths']['hash']) : array();
unset($tmp);
}

4
submitnews.php
View File

@ -91,8 +91,8 @@ class submitNews
$submitnews_user = (USER ? USERNAME : trim($tp->toDB($_POST['submitnews_name'])));
$submitnews_email = (USER ? USEREMAIL : trim(check_email($tp->toDB($_POST['submitnews_email']))));
$submitnews_title = $tp->toDB($_POST['submitnews_title']);
$submitnews_item = $tp->toDB($_POST['submitnews_item']);
$submitnews_title = $tp->filter($_POST['submitnews_title']);
$submitnews_item = $tp->filter($_POST['submitnews_item']);
// $submitnews_item = str_replace("src=&quot;e107_images", "src=&quot;".SITEURL."e107_images", $submitnews_item);
$submitnews_file = "";
$submitnews_error = false;

11
usersettings.php
View File

@ -214,8 +214,11 @@ class usersettings_front // Begin Usersettings rewrite.
}
if (isset($_POST['updatesettings']))
if (!empty($_POST['updatesettings']))
{
$_POST = e107::getParser()->filter($_POST);
if (!vartrue($pref['auth_method']))
{
$pref['auth_method'] = 'e107';
@ -433,12 +436,14 @@ class usersettings_front // Begin Usersettings rewrite.
$changedUserData = e107::unserialize($new_data);
$changedUserData = e107::getParser()->filter($changedUserData, 'str');
$savePassword = $_POST['currentpassword'];
if(!empty($new_extended))
{
$changedEUFData = e107::unserialize($new_extended);
$changedEUFData = e107::getParser()->filter($changedEUFData, 'str');
}
unset($new_data);
@ -888,7 +893,9 @@ class usersettings_front // Begin Usersettings rewrite.
}
}
$text = '<form method="post" action="'.vartrue($usersettings_form_action,e_REQUEST_URI).'" id="dataform" class="usersettings-form form-horizontal" enctype="multipart/form-data" autocomplete="off">';
$target = e107::getUrl()->create('user/myprofile/edit',array('id'=>USERID));
$text = '<form method="post" action="'.$target.'" id="dataform" class="usersettings-form form-horizontal" enctype="multipart/form-data" autocomplete="off">';
//$text = (is_numeric($_uid) ? $rs->form_open("post", e_SELF."?".e_QUERY, "dataform", "", " class='form-horizontal' role='form' enctype='multipart/form-data'") : $rs->form_open("post", e_SELF, "dataform", "", " class='form-horizontal' role='form' enctype='multipart/form-data'"));