mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-07-31 03:40:37 +02:00
Code Issues Releases Wiki Activity

Code cleanup

Browse Source
This commit is contained in:
Cameron
2016-12-02 12:04:08 -08:00
parent c3df2134e2
commit e22eb860f1
12 changed files with 69 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
class2.php
View File

@@ -599,7 +599,7 @@ if(!empty($pref['redirectsiteurl']) && !empty($pref['siteurl'])) {
$aeSELF[1] = ''; // Defensive code: ensure http:// not http:/<garbage>/ $aeSELF[1] = ''; // Defensive code: ensure http:// not http:/<garbage>/
$aeSELF[2] = $aPrefURL[2]; // Swap in correct domain and possibly port $aeSELF[2] = $aPrefURL[2]; // Swap in correct domain and possibly port
$location = implode('/',$aeSELF).($_SERVER['QUERY_STRING'] ? '?'.$_SERVER['QUERY_STRING'] : ''); $location = implode('/',$aeSELF).($_SERVER['QUERY_STRING'] ? '?'.$_SERVER['QUERY_STRING'] : '');
$location = filter_var($location, FILTER_SANITIZE_URL);
// //
// header("Location: {$location}", true, 301); // send 301 header, not 302 // header("Location: {$location}", true, 301); // send 301 header, not 302
if(defined('e_DEBUG') && e_DEBUG === true) if(defined('e_DEBUG') && e_DEBUG === true)
@@ -835,9 +835,10 @@ if (!function_exists('checkvalidtheme'))
require_once(e_HANDLER.'theme_handler.php'); require_once(e_HANDLER.'theme_handler.php');
$themeobj = new themeHandler; $themeobj = new themeHandler;
$themeArray = $themeobj->getThemes('id'); $themeArray = $themeobj->getThemes('id');
$id = intval($id);
$themeDef = $themeobj->findDefault($themeArray[$id]); $themeDef = $themeobj->findDefault($themeArray[$id]);
$id = intval($id);
define('THEME_LAYOUT',$themeDef); define('THEME_LAYOUT',$themeDef);

15
e107_admin/emoticon.php
View File

@@ -274,7 +274,8 @@ class emotec
$tp = e107::getParser(); $tp = e107::getParser();
$fl = e107::getFile(); $fl = e107::getFile();
$ns = e107::getRender(); $ns = e107::getRender();
$packID = $tp->filter($packID);
$corea = "emote_".$packID; $corea = "emote_".$packID;
$emotecode = $sysprefs -> getArray($corea); $emotecode = $sysprefs -> getArray($corea);
@@ -362,6 +363,8 @@ class emotec
$fl = e107::getFile(); $fl = e107::getFile();
$tp = e107::getParser(); $tp = e107::getParser();
$packID = $tp->filter($packID);
$fname = e_IMAGE."emotes/".$packID."/emoticons.xml"; $fname = e_IMAGE."emotes/".$packID."/emoticons.xml";
$backname = e_IMAGE."emotes/".$packID."/emoticons.bak"; $backname = e_IMAGE."emotes/".$packID."/emoticons.bak";
@@ -445,9 +448,9 @@ class emotec
// Pick up a list of emote packs from the database // Pick up a list of emote packs from the database
$pack_local = array(); $pack_local = array();
if ($sql->db_Select("core","*","`e107_name` LIKE 'emote_%'")) if ($sql->select("core","*","`e107_name` LIKE 'emote_%'"))
{ {
while ($row = $sql->db_Fetch()) while ($row = $sql->fetch())
{ {
$pack_local[substr($row['e107_name'],6)] = TRUE; $pack_local[substr($row['e107_name'],6)] = TRUE;
} }
@@ -518,7 +521,7 @@ class emotec
$confArray[$confIC] = trim($tmp[2]); $confArray[$confIC] = trim($tmp[2]);
} }
// $tmp = addslashes(serialize($confArray)); // $tmp = addslashes(serialize($confArray));
$tmp = e107::getArrayStorage()->WriteArray($confArray); $tmp = e107::serialize($confArray);
$File_type = EMOLAN_22.":"; $File_type = EMOLAN_22.":";
} }
/* end */ /* end */
@@ -643,11 +646,11 @@ class emotec
{ {
if ($do_one) if ($do_one)
{ // Assume existing pack { // Assume existing pack
$sql->db_Update("core", "`e107_value`='{$tmp}' WHERE `e107_name`='emote_".$value."'"); $sql->update("core", "`e107_value`='{$tmp}' WHERE `e107_name`='emote_".$value."'");
} }
else else
{ // Assume new pack { // Assume new pack
$sql->db_Insert("core", "'emote_".$value."', '{$tmp}' "); $sql->insert("core", "'emote_".$value."', '{$tmp}' ");
} }
$mes->addInfo("<strong>{$File_type}</strong> '{$value}'"); $mes->addInfo("<strong>{$File_type}</strong> '{$value}'");
} }

34
e107_admin/plugin.php
View File

@@ -1746,9 +1746,11 @@ class pluginLanguage
function __construct() function __construct()
{ {
if(vartrue($_GET['newplugin']) && $_GET['step']==2) if(!empty($_GET['newplugin']) && $_GET['step']==2)
{ {
return $this->step2($_GET['newplugin']); $plugin = e107::getParser()->filter($_GET['newplugin'],'w');
$this->step2($plugin);
return false;
} }
@@ -1793,7 +1795,7 @@ class pluginLanguage
$this->renderResults(); $this->renderResults();
return true;
} }
@@ -2200,12 +2202,12 @@ class pluginBuilder
$this->special['checkboxes'] = array('title'=> '','type' => null, 'data' => null, 'width'=>'5%', 'thclass' =>'center', 'forced'=> TRUE, 'class'=>'center', 'toggle' => 'e-multiselect', 'fieldpref'=>true); $this->special['checkboxes'] = array('title'=> '','type' => null, 'data' => null, 'width'=>'5%', 'thclass' =>'center', 'forced'=> TRUE, 'class'=>'center', 'toggle' => 'e-multiselect', 'fieldpref'=>true);
$this->special['options'] = array( 'title'=> 'LAN_OPTIONS', 'type' => null, 'data' => null, 'width' => '10%', 'thclass' => 'center last', 'class' => 'center last', 'forced'=>TRUE, 'fieldpref'=>true); $this->special['options'] = array( 'title'=> 'LAN_OPTIONS', 'type' => null, 'data' => null, 'width' => '10%', 'thclass' => 'center last', 'class' => 'center last', 'forced'=>TRUE, 'fieldpref'=>true);
if(vartrue($_GET['newplugin'])) if(!empty($_GET['newplugin']))
{ {
$this->pluginName = $_GET['newplugin']; $this->pluginName = e107::getParser()->filter($_GET['newplugin'],'w');
} }
if(vartrue($_GET['createFiles'])) if(!empty($_GET['createFiles']))
{ {
$this->createFiles = true; $this->createFiles = true;
} }
@@ -2226,7 +2228,7 @@ class pluginBuilder
if(vartrue($_GET['newplugin']) && $_GET['step']==2) if(!empty($_GET['newplugin']) && $_GET['step']==2)
{ {
return $this->step2(); return $this->step2();
} }
@@ -2364,7 +2366,7 @@ class pluginBuilder
$tp = e107::getParser(); $tp = e107::getParser();
$newplug = $tp->filter($_GET['newplugin']); $newplug = $tp->filter($_GET['newplugin'],'w');
$this->pluginName = $newplug; $this->pluginName = $newplug;
$sqlFile = e_PLUGIN.$newplug."/".$newplug."_sql.php"; $sqlFile = e_PLUGIN.$newplug."/".$newplug."_sql.php";
@@ -3561,7 +3563,7 @@ TEMPLATE;
function step4() function step4()
{ {
$tp = e107::getParser();
$pluginTitle = $_POST['xml']['main-name'] ; $pluginTitle = $_POST['xml']['main-name'] ;
if($_POST['xml']) if($_POST['xml'])
@@ -3577,7 +3579,7 @@ TEMPLATE;
unset($_POST['step'],$_POST['xml'], $_POST['addons']); unset($_POST['step'],$_POST['xml'], $_POST['addons']);
$thePlugin = $_POST['newplugin']; $thePlugin = $tp->filter($_POST['newplugin']);
$text = "\n $text = "\n
// Generated e107 Plugin Admin Area // Generated e107 Plugin Admin Area
@@ -3606,6 +3608,9 @@ class ".$thePlugin."_adminArea extends e_admin_dispatcher
{ {
if(vartrue($vars['mode']) && $vars['mode'] != 'exclude') if(vartrue($vars['mode']) && $vars['mode'] != 'exclude')
{ {
$vars['mode'] = $tp->filter($vars['mode']);
$text .= " $text .= "
'".$vars['mode']."' => array( '".$vars['mode']."' => array(
'controller' => '".$table."', 'controller' => '".$table."',
@@ -3637,6 +3642,8 @@ $text .= "
{ {
if(vartrue($vars['mode']) && $vars['mode'] != 'exclude' && !empty($vars['table'])) if(vartrue($vars['mode']) && $vars['mode'] != 'exclude' && !empty($vars['table']))
{ {
$vars['mode'] = $tp->filter($vars['mode']);
$text .= " $text .= "
'".$vars['mode']."/list' => array('caption'=> LAN_MANAGE, 'perm' => 'P'), '".$vars['mode']."/list' => array('caption'=> LAN_MANAGE, 'perm' => 'P'),
'".$vars['mode']."/create' => array('caption'=> LAN_CREATE, 'perm' => 'P'), '".$vars['mode']."/create' => array('caption'=> LAN_CREATE, 'perm' => 'P'),
@@ -3659,7 +3666,7 @@ $text .= "
'main/edit' => 'main/list' 'main/edit' => 'main/list'
); );
protected \$menuTitle = '".vartrue($vars['pluginName'], $pluginTitle)."'; protected \$menuTitle = '".vartrue($tp->filter($vars['pluginName']), $pluginTitle)."';
} }
@@ -3703,7 +3710,10 @@ $text .= "
foreach($_POST as $table => $vars) // LOOP Through Tables. foreach($_POST as $table => $vars) // LOOP Through Tables.
{ {
$vars['mode'] = $tp->filter($vars['mode']);
$vars['pluginName'] = $tp->filter($vars['pluginName']);
$vars['table'] = $tp->filter($vars['table']);
$vars['pid'] = $tp->filter($vars['pid']);
if($table == 'pluginPrefs' || $vars['mode'] == 'exclude') if($table == 'pluginPrefs' || $vars['mode'] == 'exclude')
{ {

4
e107_handlers/e107_class.php
View File

@@ -3930,7 +3930,7 @@ class e107
} }
else else
{ {
define('SITEURLBASE', $this->HTTP_SCHEME.'://'.$_SERVER['HTTP_HOST']); define('SITEURLBASE', $this->HTTP_SCHEME.'://'. filter_var($_SERVER['HTTP_HOST'], FILTER_SANITIZE_URL));
define('SITEURL', SITEURLBASE.e_HTTP); define('SITEURL', SITEURLBASE.e_HTTP);
} }
@@ -3986,7 +3986,7 @@ class e107
// e_QUERY SHOULD NOT BE DEFINED IF IN SNIGLE ENTRY MODE OR ALL URLS WILL BE BROKEN - it's defined later within the the router // e_QUERY SHOULD NOT BE DEFINED IF IN SNIGLE ENTRY MODE OR ALL URLS WILL BE BROKEN - it's defined later within the the router
if(!deftrue("e_SINGLE_ENTRY")) if(!deftrue("e_SINGLE_ENTRY"))
{ {
define('e_QUERY', $e_QUERY); define('e_QUERY', filter_var($e_QUERY, FILTER_SANITIZE_URL));
$_SERVER['QUERY_STRING'] = e_QUERY; $_SERVER['QUERY_STRING'] = e_QUERY;
} }
else else

4
e107_handlers/theme_handler.php
View File

@@ -1909,9 +1909,9 @@ class themeHandler
*/ */
function findDefault($theme) function findDefault($theme)
{ {
if(varset($_POST['layout_default'])) if(!empty($_POST['layout_default']))
{ {
return $_POST['layout_default']; return e107::getParser()->filter($_POST['layout_default'], 'w');
} }
$l = $this->themeArray[$theme]; $l = $this->themeArray[$theme];

6
e107_plugins/forum/forum_viewforum.php
View File

@@ -223,8 +223,8 @@ if(varset($pref['track_online']))
{ {
// $member_users = $sql->count('online', '(*)', "WHERE online_location REGEXP('viewforum.php.id=$forumId\$') AND online_user_id != 0"); // $member_users = $sql->count('online', '(*)', "WHERE online_location REGEXP('viewforum.php.id=$forumId\$') AND online_user_id != 0");
// $guest_users = $sql->count('online', '(*)', "WHERE online_location REGEXP('viewforum.php.id=$forumId\$') AND online_user_id = 0"); // $guest_users = $sql->count('online', '(*)', "WHERE online_location REGEXP('viewforum.php.id=$forumId\$') AND online_user_id = 0");
$member_users = $sql->count('online', '(*)', "WHERE online_location LIKE('".$tp->filter(e_REQUEST_URI)."%') AND online_user_id != 0"); $member_users = $sql->count('online', '(*)', "WHERE online_location LIKE('".$tp->filter(e_REQUEST_URI)."%', 'url') AND online_user_id != 0");
$guest_users = $sql->count('online', '(*)', "WHERE online_location LIKE('".$tp->filter(e_REQUEST_URI)."%') AND online_user_id = 0"); $guest_users = $sql->count('online', '(*)', "WHERE online_location LIKE('".$tp->filter(e_REQUEST_URI)."%', 'url') AND online_user_id = 0");
$users = $member_users+$guest_users; $users = $member_users+$guest_users;
@@ -467,7 +467,7 @@ $threadFilter = null;
if(!empty($_GET['srch'])) if(!empty($_GET['srch']))
{ {
$threadFilter = "t.thread_name LIKE '%".$tp->filter($_GET['srch'])."%'"; $threadFilter = "t.thread_name LIKE '%".$tp->filter($_GET['srch'], 'w')."%'";
} }
$threadList = $forum->forumGetThreads($forumId, $threadFrom, $view, $threadFilter); $threadList = $forum->forumGetThreads($forumId, $threadFrom, $view, $threadFilter);

3
e107_plugins/import/admin_import.php
View File

@@ -622,6 +622,7 @@ class import_main_ui extends e_admin_ui
{ {
$mes = e107::getMessage(); $mes = e107::getMessage();
$tp = e107::getParser();
$mes->addDebug("dbImport(): Loading: ".$this->importClass); $mes->addDebug("dbImport(): Loading: ".$this->importClass);
@@ -654,7 +655,7 @@ class import_main_ui extends e_admin_ui
return false; return false;
} }
$result = $converter->db_Connect($_POST['dbParamHost'], $_POST['dbParamUsername'], $_POST['dbParamPassword'], $_POST['dbParamDatabase'], $_POST['dbParamPrefix']); $result = $converter->db_Connect($tp->filter($_POST['dbParamHost']), $tp->filter($_POST['dbParamUsername']), $tp->filter($_POST['dbParamPassword']), $tp->filter($_POST['dbParamDatabase']), $tp->filter($_POST['dbParamPrefix']));
if ($result !== TRUE) if ($result !== TRUE)
{ {
$mes->addError(LAN_CONVERT_43.": ".$result); // db connect failed $mes->addError(LAN_CONVERT_43.": ".$result); // db connect failed

4
e107_plugins/log/log.php
View File

@@ -66,12 +66,12 @@ $pageUnique = array('page' => 1, 'content' => array('content'));
$logVals = base64_decode($_GET['lv']); $logVals = base64_decode($_GET['lv']);
$logVals = filter_var($logVals, FILTER_SANITIZE_URL);
$logVals .= "&ip=".USERIP; $logVals .= "&ip=".USERIP;
$logVals .= "&iphost=". @gethostbyaddr(USERIP); $logVals .= "&iphost=". @gethostbyaddr(USERIP);
$logVals .= "&lan=".e_LAN; $logVals .= "&lan=".e_LAN;
$logVals .= "&agent=".$_SERVER['HTTP_USER_AGENT']; $logVals .= "&agent=".filter_var($_SERVER['HTTP_USER_AGENT'],FILTER_SANITIZE_STRING);
parse_str($logVals, $vals); parse_str($logVals, $vals);

23
fpw.php
View File

@@ -264,7 +264,7 @@ if(e_QUERY)
// Request to reset password // Request to reset password
if (isset($_POST['pwsubmit'])) if (!empty($_POST['pwsubmit']))
{ {
require_once(e_HANDLER.'mail.php'); require_once(e_HANDLER.'mail.php');
@@ -290,13 +290,15 @@ if (isset($_POST['pwsubmit']))
$row = $sql->fetch(); $row = $sql->fetch();
// Main admin expected to be competent enough to never forget password! (And its a security check - so warn them) // Main admin expected to be competent enough to never forget password! (And its a security check - so warn them)
// Sending email to admin alerting them of attempted admin password reset, and redirect user to homepage. // Sending email to admin alerting them of attempted admin password reset, and redirect user to homepage.
if (($row['user_admin'] == 1) && (($row['user_perms'] == '0') OR ($row['user_perms'] == '0.'))) if(!getperms('0')) // disabled when testing as main-admin.
{ {
sendemail($pref['siteadminemail'], LAN_06, LAN_07.' ['.e107::getIPHandler()->getIP(FALSE).'] '.e107::getIPHandler()->getIP(TRUE).' '.LAN_08); if (($row['user_admin'] == 1) && (($row['user_perms'] == '0') OR ($row['user_perms'] == '0.')))
e107::getRedirect()->redirect(SITEURL); {
sendemail($pref['siteadminemail'], LAN_06, LAN_07.' ['.e107::getIPHandler()->getIP(FALSE).'] '.e107::getIPHandler()->getIP(TRUE).' '.LAN_08);
e107::getRedirect()->redirect(SITEURL);
}
} }
// Banned user, or not validated // Banned user, or not validated
switch($row['user_ban']) switch($row['user_ban'])
{ {
@@ -318,11 +320,8 @@ if (isset($_POST['pwsubmit']))
} }
// Set unique reset code // Set unique reset code
mt_srand ((double)microtime() * 1000000); $datekey = microtime(true);
$maxran = 1000000; $rcode = crypt(($_SERVER['HTTP_USER_AGENT'] . serialize($pref). $clean_email . $datekey), e_TOKEN);
$rand_num = mt_rand(0, $maxran);
$datekey = date('r');
$rcode = md5($_SERVER['HTTP_USER_AGENT'] . serialize($pref). $rand_num . $datekey);
// Prepare email // Prepare email
$link = SITEURL.'fpw.php?'.$rcode; $link = SITEURL.'fpw.php?'.$rcode;

1
install.php
View File

@@ -137,6 +137,7 @@ $override = array();
if(isset($_POST['previous_steps'])) if(isset($_POST['previous_steps']))
{ {
$tmp = unserialize(base64_decode($_POST['previous_steps'])); $tmp = unserialize(base64_decode($_POST['previous_steps']));
$tmp = $tp->filter($tmp);
$override = (isset($tmp['paths']['hash'])) ? array('site_path'=>$tmp['paths']['hash']) : array(); $override = (isset($tmp['paths']['hash'])) ? array('site_path'=>$tmp['paths']['hash']) : array();
unset($tmp); unset($tmp);
} }

4
submitnews.php
View File

@@ -91,8 +91,8 @@ class submitNews
$submitnews_user = (USER ? USERNAME : trim($tp->toDB($_POST['submitnews_name']))); $submitnews_user = (USER ? USERNAME : trim($tp->toDB($_POST['submitnews_name'])));
$submitnews_email = (USER ? USEREMAIL : trim(check_email($tp->toDB($_POST['submitnews_email'])))); $submitnews_email = (USER ? USEREMAIL : trim(check_email($tp->toDB($_POST['submitnews_email']))));
$submitnews_title = $tp->toDB($_POST['submitnews_title']); $submitnews_title = $tp->filter($_POST['submitnews_title']);
$submitnews_item = $tp->toDB($_POST['submitnews_item']); $submitnews_item = $tp->filter($_POST['submitnews_item']);
// $submitnews_item = str_replace("src=&quot;e107_images", "src=&quot;".SITEURL."e107_images", $submitnews_item); // $submitnews_item = str_replace("src=&quot;e107_images", "src=&quot;".SITEURL."e107_images", $submitnews_item);
$submitnews_file = ""; $submitnews_file = "";
$submitnews_error = false; $submitnews_error = false;

11
usersettings.php
View File

@@ -214,8 +214,11 @@ class usersettings_front // Begin Usersettings rewrite.
} }
if (isset($_POST['updatesettings'])) if (!empty($_POST['updatesettings']))
{ {
$_POST = e107::getParser()->filter($_POST);
if (!vartrue($pref['auth_method'])) if (!vartrue($pref['auth_method']))
{ {
$pref['auth_method'] = 'e107'; $pref['auth_method'] = 'e107';
@@ -433,12 +436,14 @@ class usersettings_front // Begin Usersettings rewrite.
$changedUserData = e107::unserialize($new_data); $changedUserData = e107::unserialize($new_data);
$changedUserData = e107::getParser()->filter($changedUserData, 'str');
$savePassword = $_POST['currentpassword']; $savePassword = $_POST['currentpassword'];
if(!empty($new_extended)) if(!empty($new_extended))
{ {
$changedEUFData = e107::unserialize($new_extended); $changedEUFData = e107::unserialize($new_extended);
$changedEUFData = e107::getParser()->filter($changedEUFData, 'str');
} }
unset($new_data); unset($new_data);
@@ -888,7 +893,9 @@ class usersettings_front // Begin Usersettings rewrite.
} }
} }
$text = '<form method="post" action="'.vartrue($usersettings_form_action,e_REQUEST_URI).'" id="dataform" class="usersettings-form form-horizontal" enctype="multipart/form-data" autocomplete="off">'; $target = e107::getUrl()->create('user/myprofile/edit',array('id'=>USERID));
$text = '<form method="post" action="'.$target.'" id="dataform" class="usersettings-form form-horizontal" enctype="multipart/form-data" autocomplete="off">';
//$text = (is_numeric($_uid) ? $rs->form_open("post", e_SELF."?".e_QUERY, "dataform", "", " class='form-horizontal' role='form' enctype='multipart/form-data'") : $rs->form_open("post", e_SELF, "dataform", "", " class='form-horizontal' role='form' enctype='multipart/form-data'")); //$text = (is_numeric($_uid) ? $rs->form_open("post", e_SELF."?".e_QUERY, "dataform", "", " class='form-horizontal' role='form' enctype='multipart/form-data'") : $rs->form_open("post", e_SELF, "dataform", "", " class='form-horizontal' role='form' enctype='multipart/form-data'"));