[geeklog-cvs] Geeklog-1.x/public_html/admin mail.php, 1.35, 1.36 plugins.php, 1.81, 1.82 topic.php, 1.79, 1.80 trackback.php, 1.51, 1.52
Dirk Haun
dhaun at qs1489.pair.com
Sun May 18 12:58:53 EDT 2008
Update of /cvsroot/geeklog/Geeklog-1.x/public_html/admin
In directory qs1489.pair.com:/tmp/cvs-serv27308/public_html/admin
Modified Files:
mail.php plugins.php topic.php trackback.php
Log Message:
More CSRF protection
Index: plugins.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/admin/plugins.php,v
retrieving revision 1.81
retrieving revision 1.82
diff -C2 -d -r1.81 -r1.82
*** plugins.php 19 Apr 2008 15:35:31 -0000 1.81
--- plugins.php 18 May 2008 16:58:51 -0000 1.82
***************
*** 3,7 ****
/* Reminder: always indent with 4 spaces (no tabs). */
// +---------------------------------------------------------------------------+
! // | Geeklog 1.4 |
// +---------------------------------------------------------------------------+
// | plugins.php |
--- 3,7 ----
/* Reminder: always indent with 4 spaces (no tabs). */
// +---------------------------------------------------------------------------+
! // | Geeklog 1.5 |
// +---------------------------------------------------------------------------+
// | plugins.php |
***************
*** 9,13 ****
// | Geeklog plugin administration page. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2006 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
--- 9,13 ----
// | Geeklog plugin administration page. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2008 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
***************
*** 35,40 ****
// $Id$
! require_once ('../lib-common.php');
! require_once ('auth.inc.php');
// Uncomment the line below if you need to debug the HTTP variables being passed
--- 35,40 ----
// $Id$
! require_once '../lib-common.php';
! require_once 'auth.inc.php';
// Uncomment the line below if you need to debug the HTTP variables being passed
Index: topic.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/admin/topic.php,v
retrieving revision 1.79
retrieving revision 1.80
diff -C2 -d -r1.79 -r1.80
*** topic.php 17 May 2008 20:07:40 -0000 1.79
--- topic.php 18 May 2008 16:58:51 -0000 1.80
***************
*** 35,41 ****
// $Id$
! require_once ('../lib-common.php');
! require_once ('auth.inc.php');
! require_once ($_CONF['path_system'] . 'lib-story.php');
if (!SEC_hasRights('topic.edit')) {
--- 35,41 ----
// $Id$
! require_once '../lib-common.php';
! require_once 'auth.inc.php';
! require_once $_CONF['path_system'] . 'lib-story.php';
if (!SEC_hasRights('topic.edit')) {
***************
*** 118,125 ****
. '" name="mode"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
! $topic_templates->set_var ('delete_option',
! sprintf ($delbutton, $jsconfirm));
! $topic_templates->set_var ('delete_option_no_confirmation',
! sprintf ($delbutton, ''));
}
$topic_templates->set_var('lang_topicid', $LANG27[2]);
--- 118,126 ----
. '" name="mode"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
! $topic_templates->set_var('delete_option',
! sprintf($delbutton, $jsconfirm));
! $topic_templates->set_var('delete_option_no_confirmation',
! sprintf($delbutton, ''));
! $topic_templates->set_var('warning_msg', $LANG27[6]);
}
$topic_templates->set_var('lang_topicid', $LANG27[2]);
***************
*** 173,177 ****
$topic_templates->set_var('max_url_length', 255);
$topic_templates->set_var('image_url', $A['imageurl']);
- $topic_templates->set_var('warning_msg', $LANG27[6]);
$topic_templates->set_var ('lang_defaulttopic', $LANG27[22]);
--- 174,177 ----
***************
*** 195,198 ****
--- 195,200 ----
}
}
+ $topic_templates->set_var('gltoken_name', CSRF_TOKEN);
+ $topic_templates->set_var('gltoken', SEC_createToken());
$topic_templates->parse('output', 'editor');
$retval .= $topic_templates->finish($topic_templates->get_var('output'));
***************
*** 554,561 ****
COM_errorLog ('Attempted to delete topic tid=' . $tid);
$display .= COM_refresh ($_CONF['site_admin_url'] . '/topic.php');
} else {
! $display .= deleteTopic ($tid);
}
! } else if (($mode == $LANG_ADMIN['save']) && !empty ($LANG_ADMIN['save'])) {
if (empty ($_FILES['newicon']['name'])){
$imageurl = COM_applyFilter ($_POST['imageurl']);
--- 556,566 ----
COM_errorLog ('Attempted to delete topic tid=' . $tid);
$display .= COM_refresh ($_CONF['site_admin_url'] . '/topic.php');
+ } elseif (SEC_checkToken()) {
+ $display .= deleteTopic($tid);
} else {
! COM_accessLog("User {$_USER['username']} tried to illegally delete topic $tid and failed CSRF checks.");
! echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
! } elseif (($mode == $LANG_ADMIN['save']) && !empty($LANG_ADMIN['save']) && SEC_checkToken()) {
if (empty ($_FILES['newicon']['name'])){
$imageurl = COM_applyFilter ($_POST['imageurl']);
Index: mail.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/admin/mail.php,v
retrieving revision 1.35
retrieving revision 1.36
diff -C2 -d -r1.35 -r1.36
*** mail.php 5 May 2008 00:30:37 -0000 1.35
--- mail.php 18 May 2008 16:58:51 -0000 1.36
***************
*** 3,7 ****
/* Reminder: always indent with 4 spaces (no tabs). */
// +---------------------------------------------------------------------------+
! // | Geeklog 1.4 |
// +---------------------------------------------------------------------------+
// | mail.php |
--- 3,7 ----
/* Reminder: always indent with 4 spaces (no tabs). */
// +---------------------------------------------------------------------------+
! // | Geeklog 1.5 |
// +---------------------------------------------------------------------------+
// | mail.php |
***************
*** 9,13 ****
// | Geeklog mail administration page. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2001-2006 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
--- 9,13 ----
// | Geeklog mail administration page. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2001-2008 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
***************
*** 105,109 ****
$mail_templates->set_var ('lang_send', $LANG31[12]);
$mail_templates->set_var ('end_block', COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer')));
! $mail_templates->set_var ( 'xhtml', XHTML );
$mail_templates->parse ('output', 'form');
--- 105,111 ----
$mail_templates->set_var ('lang_send', $LANG31[12]);
$mail_templates->set_var ('end_block', COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer')));
! $mail_templates->set_var ('xhtml', XHTML);
! $mail_templates->set_var('gltoken_name', CSRF_TOKEN);
! $mail_templates->set_var('gltoken', SEC_createToken());
$mail_templates->parse ('output', 'form');
***************
*** 226,230 ****
$display .= COM_siteHeader ('menu', $LANG31[1]);
! if (isset ($_POST['mail']) && ($_POST['mail'] == 'mail')) {
$display .= send_messages ($_POST);
} else {
--- 228,232 ----
$display .= COM_siteHeader ('menu', $LANG31[1]);
! if (isset($_POST['mail']) && ($_POST['mail'] == 'mail') && SEC_checkToken()) {
$display .= send_messages ($_POST);
} else {
Index: trackback.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/admin/trackback.php,v
retrieving revision 1.51
retrieving revision 1.52
diff -C2 -d -r1.51 -r1.52
*** trackback.php 16 Feb 2008 22:58:28 -0000 1.51
--- trackback.php 18 May 2008 16:58:51 -0000 1.52
***************
*** 59,65 ****
}
! require_once ($_CONF['path_system'] . 'lib-trackback.php');
! require_once ($_CONF['path_system'] . 'lib-pingback.php');
! require_once ($_CONF['path_system'] . 'lib-story.php');
/**
--- 59,65 ----
}
! require_once $_CONF['path_system'] . 'lib-trackback.php';
! require_once $_CONF['path_system'] . 'lib-pingback.php';
! require_once $_CONF['path_system'] . 'lib-story.php';
/**
***************
*** 97,102 ****
$preview->set_file (array ('comment' => 'trackbackcomment.thtml'));
$comment = TRB_formatComment ($url, $p_title, $p_blog, $p_excerpt);
! $preview->set_var ( 'xhtml', XHTML );
! $preview->set_var ('formatted_comment', $comment);
$preview->parse ('output', 'comment');
$retval .= $preview->finish ($preview->get_var ('output'));
--- 97,102 ----
$preview->set_file (array ('comment' => 'trackbackcomment.thtml'));
$comment = TRB_formatComment ($url, $p_title, $p_blog, $p_excerpt);
! $preview->set_var('xhtml', XHTML);
! $preview->set_var('formatted_comment', $comment);
$preview->parse ('output', 'comment');
$retval .= $preview->finish ($preview->get_var ('output'));
***************
*** 118,150 ****
$template->set_file (array ('editor' => 'trackbackeditor.thtml'));
! $template->set_var ( 'xhtml', XHTML );
! $template->set_var ('site_url', $_CONF['site_url']);
! $template->set_var ('site_admin_url', $_CONF['site_admin_url']);
! $template->set_var ('layout_url', $_CONF['layout_url']);
! $template->set_var ('php_self', $_CONF['site_admin_url']
. '/trackback.php');
if (empty ($url) || empty ($title)) {
! $template->set_var ('lang_explain', $LANG_TRB['editor_intro_none']);
} else {
! $template->set_var ('lang_explain',
sprintf ($LANG_TRB['editor_intro'], $url, $title));
}
! $template->set_var ('lang_trackback_url', $LANG_TRB['trackback_url']);
! $template->set_var ('lang_entry_url', $LANG_TRB['entry_url']);
! $template->set_var ('lang_title', $LANG_TRB['entry_title']);
! $template->set_var ('lang_blog_name', $LANG_TRB['blog_name']);
! $template->set_var ('lang_excerpt', $LANG_TRB['excerpt']);
! $template->set_var ('lang_excerpt_truncated',
! $LANG_TRB['truncate_warning']);
! $template->set_var ('lang_send', $LANG_TRB['button_send']);
! $template->set_var ('lang_preview', $LANG_TRB['button_preview']);
! $template->set_var ('max_url_length', 255);
! $template->set_var ('target_url', $target);
! $template->set_var ('url', $url);
! $template->set_var ('title', $title);
! $template->set_var ('blog_name', $blog);
! $template->set_var ('excerpt', $excerpt);
$template->parse ('output', 'editor');
--- 118,151 ----
$template->set_file (array ('editor' => 'trackbackeditor.thtml'));
! $template->set_var('xhtml', XHTML);
! $template->set_var('site_url', $_CONF['site_url']);
! $template->set_var('site_admin_url', $_CONF['site_admin_url']);
! $template->set_var('layout_url', $_CONF['layout_url']);
! $template->set_var('php_self', $_CONF['site_admin_url']
. '/trackback.php');
if (empty ($url) || empty ($title)) {
! $template->set_var('lang_explain', $LANG_TRB['editor_intro_none']);
} else {
! $template->set_var('lang_explain',
sprintf ($LANG_TRB['editor_intro'], $url, $title));
}
! $template->set_var('lang_trackback_url', $LANG_TRB['trackback_url']);
! $template->set_var('lang_entry_url', $LANG_TRB['entry_url']);
! $template->set_var('lang_title', $LANG_TRB['entry_title']);
! $template->set_var('lang_blog_name', $LANG_TRB['blog_name']);
! $template->set_var('lang_excerpt', $LANG_TRB['excerpt']);
! $template->set_var('lang_excerpt_truncated', $LANG_TRB['truncate_warning']);
! $template->set_var('lang_send', $LANG_TRB['button_send']);
! $template->set_var('lang_preview', $LANG_TRB['button_preview']);
! $template->set_var('max_url_length', 255);
! $template->set_var('target_url', $target);
! $template->set_var('url', $url);
! $template->set_var('title', $title);
! $template->set_var('blog_name', $blog);
! $template->set_var('excerpt', $excerpt);
! $template->set_var('gltoken_name', CSRF_TOKEN);
! $template->set_var('gltoken', SEC_createToken());
$template->parse ('output', 'editor');
***************
*** 242,251 ****
$template->set_file (array ('list' => 'pingbacklist.thtml',
'item' => 'pingbackitem.thtml'));
! $template->set_var ( 'xhtml', XHTML );
! $template->set_var ('site_url', $_CONF['site_url']);
! $template->set_var ('site_admin_url', $_CONF['site_admin_url']);
! $template->set_var ('layout_url', $_CONF['layout_url']);
! $template->set_var ('lang_resend', $LANG_TRB['resend']);
! $template->set_var ('lang_results', $LANG_TRB['pingback_results']);
$counter = 1;
--- 243,252 ----
$template->set_file (array ('list' => 'pingbacklist.thtml',
'item' => 'pingbackitem.thtml'));
! $template->set_var('xhtml', XHTML);
! $template->set_var('site_url', $_CONF['site_url']);
! $template->set_var('site_admin_url', $_CONF['site_admin_url']);
! $template->set_var('layout_url', $_CONF['layout_url']);
! $template->set_var('lang_resend', $LANG_TRB['resend']);
! $template->set_var('lang_results', $LANG_TRB['pingback_results']);
$counter = 1;
***************
*** 261,272 ****
$parts = parse_url ($URLtoPing);
! $template->set_var ('url_to_ping', $URLtoPing);
! $template->set_var ('link_text', $linktext);
! $template->set_var ('host_name', $parts['host']);
! $template->set_var ('pingback_result', $result);
! $template->set_var ('resend', $resend);
! $template->set_var ('alternate_row',
($counter % 2) == 0 ? 'row-even' : 'row-odd');
! $template->set_var ('cssid', ($i % 2) + 1);
$template->parse ('pingback_results', 'item', true);
$counter++;
--- 262,273 ----
$parts = parse_url ($URLtoPing);
! $template->set_var('url_to_ping', $URLtoPing);
! $template->set_var('link_text', $linktext);
! $template->set_var('host_name', $parts['host']);
! $template->set_var('pingback_result', $result);
! $template->set_var('resend', $resend);
! $template->set_var('alternate_row',
($counter % 2) == 0 ? 'row-even' : 'row-odd');
! $template->set_var('cssid', ($i % 2) + 1);
$template->parse ('pingback_results', 'item', true);
$counter++;
***************
*** 293,308 ****
$template = new Template ($_CONF['path_layout'] . 'admin/trackback');
$template->set_file (array ('list' => 'pingbackform.thtml'));
! $template->set_var ('xhtml', XHTML);
! $template->set_var ('site_url', $_CONF['site_url']);
! $template->set_var ('site_admin_url', $_CONF['site_admin_url']);
! $template->set_var ('layout_url', $_CONF['layout_url']);
! $template->set_var ('lang_explain', $LANG_TRB['pingback_explain']);
! $template->set_var ('lang_pingback_url', $LANG_TRB['pingback_url']);
! $template->set_var ('lang_site_url', $LANG_TRB['site_url']);
! $template->set_var ('lang_send', $LANG_TRB['button_send']);
! $template->set_var ('max_url_length', 255);
! $template->set_var ('target_url', $targetUrl);
$template->parse ('output', 'list');
--- 294,311 ----
$template = new Template ($_CONF['path_layout'] . 'admin/trackback');
$template->set_file (array ('list' => 'pingbackform.thtml'));
! $template->set_var('xhtml', XHTML);
! $template->set_var('site_url', $_CONF['site_url']);
! $template->set_var('site_admin_url', $_CONF['site_admin_url']);
! $template->set_var('layout_url', $_CONF['layout_url']);
! $template->set_var('lang_explain', $LANG_TRB['pingback_explain']);
! $template->set_var('lang_pingback_url', $LANG_TRB['pingback_url']);
! $template->set_var('lang_site_url', $LANG_TRB['site_url']);
! $template->set_var('lang_send', $LANG_TRB['button_send']);
! $template->set_var('max_url_length', 255);
! $template->set_var('target_url', $targetUrl);
! $template->set_var('gltoken_name', CSRF_TOKEN);
! $template->set_var('gltoken', SEC_createToken());
$template->parse ('output', 'list');
***************
*** 333,342 ****
$template->set_file (array ('list' => 'pinglist.thtml',
'item' => 'pingitem.thtml'));
! $template->set_var ( 'xhtml', XHTML );
! $template->set_var ('site_url', $_CONF['site_url']);
! $template->set_var ('site_admin_url', $_CONF['site_admin_url']);
! $template->set_var ('layout_url', $_CONF['layout_url']);
! $template->set_var ('lang_resend', $LANG_TRB['resend']);
! $template->set_var ('lang_results', $LANG_TRB['ping_results']);
$result = DB_query ("SELECT ping_url,method,name,site_url FROM {$_TABLES['pingservice']} WHERE is_enabled = 1");
--- 336,345 ----
$template->set_file (array ('list' => 'pinglist.thtml',
'item' => 'pingitem.thtml'));
! $template->set_var('xhtml', XHTML);
! $template->set_var('site_url', $_CONF['site_url']);
! $template->set_var('site_admin_url', $_CONF['site_admin_url']);
! $template->set_var('layout_url', $_CONF['layout_url']);
! $template->set_var('lang_resend', $LANG_TRB['resend']);
! $template->set_var('lang_results', $LANG_TRB['ping_results']);
$result = DB_query ("SELECT ping_url,method,name,site_url FROM {$_TABLES['pingservice']} WHERE is_enabled = 1");
***************
*** 362,380 ****
}
! $template->set_var ('service_name', $A['name']);
! $template->set_var ('service_url', $A['site_url']);
! $template->set_var ('service_ping_url', $A['ping_url']);
! $template->set_var ('ping_result', $pinged);
! $template->set_var ('resend', $resend);
! $template->set_var ('alternate_row',
(($i + 1) % 2) == 0 ? 'row-even' : 'row-odd');
! $template->set_var ('cssid', ($i % 2) + 1);
$template->parse ('ping_results', 'item', true);
}
} else {
! $template->set_var ('ping_results', '<tr><td colspan="2">' .
$LANG_TRB['no_services'] . '</td></tr>');
}
! $template->parse ('output', 'list');
$retval .= $template->finish ($template->get_var ('output'));
--- 365,385 ----
}
! $template->set_var('service_name', $A['name']);
! $template->set_var('service_url', $A['site_url']);
! $template->set_var('service_ping_url', $A['ping_url']);
! $template->set_var('ping_result', $pinged);
! $template->set_var('resend', $resend);
! $template->set_var('alternate_row',
(($i + 1) % 2) == 0 ? 'row-even' : 'row-odd');
! $template->set_var('cssid', ($i % 2) + 1);
$template->parse ('ping_results', 'item', true);
}
} else {
! $template->set_var('ping_results', '<tr><td colspan="2">' .
$LANG_TRB['no_services'] . '</td></tr>');
}
! $template->set_var('gltoken_name', CSRF_TOKEN);
! $template->set_var('gltoken', SEC_createToken());
! $template->parse('output', 'list');
$retval .= $template->finish ($template->get_var ('output'));
***************
*** 419,426 ****
$template->set_file (array ('list' => 'autodetectlist.thtml',
'item' => 'autodetectitem.thtml'));
! $template->set_var ( 'xhtml', XHTML );
! $template->set_var ('site_url', $_CONF['site_url']);
! $template->set_var ('site_admin_url', $_CONF['site_admin_url']);
! $template->set_var ('layout_url', $_CONF['layout_url']);
$url = $_CONF['site_admin_url'] . '/trackback.php?mode=new&id=' . $id;
--- 424,431 ----
$template->set_file (array ('list' => 'autodetectlist.thtml',
'item' => 'autodetectitem.thtml'));
! $template->set_var('xhtml', XHTML);
! $template->set_var('site_url', $_CONF['site_url']);
! $template->set_var('site_admin_url', $_CONF['site_admin_url']);
! $template->set_var('layout_url', $_CONF['layout_url']);
$url = $_CONF['site_admin_url'] . '/trackback.php?mode=new&id=' . $id;
***************
*** 428,432 ****
$url .= '&type=' . $type;
}
! $template->set_var ('lang_trackback_explain',
sprintf ($LANG_TRB['trackback_explain'], $url));
--- 433,437 ----
$url .= '&type=' . $type;
}
! $template->set_var('lang_trackback_explain',
sprintf ($LANG_TRB['trackback_explain'], $url));
***************
*** 435,444 ****
$link = $baseurl .= '&url=' . $url;
! $template->set_var ('autodetect_link', $link);
! $template->set_var ('link_text', $matches[2][$i]);
! $template->set_var ('link_url', $matches[1][$i]);
! $template->set_var ('alternate_row',
(($i + 1) % 2) == 0 ? 'row-even' : 'row-odd');
! $template->set_var ('cssid', ($i % 2) + 1);
$template->parse ('autodetect_items', 'item', true);
}
--- 440,449 ----
$link = $baseurl .= '&url=' . $url;
! $template->set_var('autodetect_link', $link);
! $template->set_var('link_text', $matches[2][$i]);
! $template->set_var('link_url', $matches[1][$i]);
! $template->set_var('alternate_row',
(($i + 1) % 2) == 0 ? 'row-even' : 'row-odd');
! $template->set_var('cssid', ($i % 2) + 1);
$template->parse ('autodetect_items', 'item', true);
}
***************
*** 479,483 ****
{
global $LANG_ADMIN, $LANG_TRB, $_CONF, $_IMAGE_TYPE, $_TABLES;
! require_once( $_CONF['path_system'] . 'lib-admin.php' );
$retval = '';
--- 484,490 ----
{
global $LANG_ADMIN, $LANG_TRB, $_CONF, $_IMAGE_TYPE, $_TABLES;
!
! require_once $_CONF['path_system'] . 'lib-admin.php';
!
$retval = '';
***************
*** 524,528 ****
$retval .= ADMIN_list('pingservice', 'ADMIN_getListField_trackback',
$header_arr, $text_arr, $query_arr, $defsort_arr,
! '', '', '', $form_arr);
if ($_CONF['trackback_enabled']) {
--- 531,535 ----
$retval .= ADMIN_list('pingservice', 'ADMIN_getListField_trackback',
$header_arr, $text_arr, $query_arr, $defsort_arr,
! '', SEC_createToken(), '', $form_arr);
if ($_CONF['trackback_enabled']) {
***************
*** 590,610 ****
$template = new Template ($_CONF['path_layout'] . 'admin/trackback');
$template->set_file (array ('editor' => 'serviceeditor.thtml'));
! $template->set_var ( 'xhtml', XHTML );
! $template->set_var ('site_url', $_CONF['site_url']);
! $template->set_var ('site_admin_url', $_CONF['site_admin_url']);
! $template->set_var ('layout_url', $_CONF['layout_url']);
! $template->set_var ('max_url_length', 255);
! $template->set_var ('method_ping', 'weblogUpdates.ping');
! $template->set_var ('method_ping_extended', 'weblogUpdates.extendedPing');
! $template->set_var ('lang_name', $LANG_TRB['service']);
! $template->set_var ('lang_site_url', $LANG_TRB['service_website']);
! $template->set_var ('lang_ping_url', $LANG_TRB['service_ping_url']);
! $template->set_var ('lang_enabled', $LANG_ADMIN['enabled']);
! $template->set_var ('lang_method', $LANG_TRB['ping_method']);
! $template->set_var ('lang_method_standard', $LANG_TRB['ping_standard']);
! $template->set_var ('lang_method_extended', $LANG_TRB['ping_extended']);
! $template->set_var ('lang_save', $LANG_ADMIN['save']);
! $template->set_var ('lang_cancel', $LANG_ADMIN['cancel']);
if ($pid > 0) {
--- 597,617 ----
$template = new Template ($_CONF['path_layout'] . 'admin/trackback');
$template->set_file (array ('editor' => 'serviceeditor.thtml'));
! $template->set_var('xhtml', XHTML);
! $template->set_var('site_url', $_CONF['site_url']);
! $template->set_var('site_admin_url', $_CONF['site_admin_url']);
! $template->set_var('layout_url', $_CONF['layout_url']);
! $template->set_var('max_url_length', 255);
! $template->set_var('method_ping', 'weblogUpdates.ping');
! $template->set_var('method_ping_extended', 'weblogUpdates.extendedPing');
! $template->set_var('lang_name', $LANG_TRB['service']);
! $template->set_var('lang_site_url', $LANG_TRB['service_website']);
! $template->set_var('lang_ping_url', $LANG_TRB['service_ping_url']);
! $template->set_var('lang_enabled', $LANG_ADMIN['enabled']);
! $template->set_var('lang_method', $LANG_TRB['ping_method']);
! $template->set_var('lang_method_standard', $LANG_TRB['ping_standard']);
! $template->set_var('lang_method_extended', $LANG_TRB['ping_extended']);
! $template->set_var('lang_save', $LANG_ADMIN['save']);
! $template->set_var('lang_cancel', $LANG_ADMIN['cancel']);
if ($pid > 0) {
***************
*** 612,655 ****
. '" name="servicemode[2]"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
! $template->set_var ('delete_option',
sprintf ($delbutton, $jsconfirm));
! $template->set_var ('delete_option_no_confirmation',
sprintf ($delbutton, ''));
} else {
! $template->set_var ('delete_option', '');
}
if (isset ($A['pid'])) {
! $template->set_var ('service_id', $A['pid']);
} else {
! $template->set_var ('service_id', '');
}
if (isset ($A['name'])) {
! $template->set_var ('service_name', $A['name']);
} else {
! $template->set_var ('service_name', '');
}
if (isset ($A['site_url'])) {
! $template->set_var ('service_site_url', $A['site_url']);
} else {
! $template->set_var ('service_site_url', '');
}
if (isset ($A['ping_url'])) {
! $template->set_var ('service_ping_url', $A['ping_url']);
} else {
! $template->set_var ('service_ping_url', '');
}
if ($A['is_enabled'] == 1) {
! $template->set_var ('is_enabled', 'checked="checked"');
} else {
! $template->set_var ('is_enabled', '');
}
if ($A['method'] == 'weblogUpdates.ping') {
! $template->set_var ('standard_is_checked', 'checked="checked"');
! $template->set_var ('extended_is_checked', '');
} else {
! $template->set_var ('standard_is_checked', '');
! $template->set_var ('extended_is_checked', 'checked="checked"');
}
$template->parse ('output', 'editor');
--- 619,664 ----
. '" name="servicemode[2]"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
! $template->set_var('delete_option',
sprintf ($delbutton, $jsconfirm));
! $template->set_var('delete_option_no_confirmation',
sprintf ($delbutton, ''));
} else {
! $template->set_var('delete_option', '');
}
if (isset ($A['pid'])) {
! $template->set_var('service_id', $A['pid']);
} else {
! $template->set_var('service_id', '');
}
if (isset ($A['name'])) {
! $template->set_var('service_name', $A['name']);
} else {
! $template->set_var('service_name', '');
}
if (isset ($A['site_url'])) {
! $template->set_var('service_site_url', $A['site_url']);
} else {
! $template->set_var('service_site_url', '');
}
if (isset ($A['ping_url'])) {
! $template->set_var('service_ping_url', $A['ping_url']);
} else {
! $template->set_var('service_ping_url', '');
}
if ($A['is_enabled'] == 1) {
! $template->set_var('is_enabled', 'checked="checked"');
} else {
! $template->set_var('is_enabled', '');
}
if ($A['method'] == 'weblogUpdates.ping') {
! $template->set_var('standard_is_checked', 'checked="checked"');
! $template->set_var('extended_is_checked', '');
} else {
! $template->set_var('standard_is_checked', '');
! $template->set_var('extended_is_checked', 'checked="checked"');
}
+ $template->set_var('gltoken_name', CSRF_TOKEN);
+ $template->set_var('gltoken', SEC_createToken());
$template->parse ('output', 'editor');
***************
*** 738,741 ****
--- 747,751 ----
{
global $_TABLES;
+
// first, disable all
DB_query ("UPDATE {$_TABLES['pingservice']} SET is_enabled = '0'");
***************
*** 796,801 ****
$display = '';
$mode = '';
! if ($_CONF['ping_enabled'] && isset ($_POST['serviceChanger'])) {
! changeServiceStatus ($_POST['changedservices']);
}
--- 806,815 ----
$display = '';
$mode = '';
! if ($_CONF['ping_enabled'] && isset($_POST['serviceChanger']) && SEC_checkToken()) {
! $changedservices = array();
! if (isset($_POST['changedservices'])) {
! $changedservices = $_POST['changedservices'];
! }
! changeServiceStatus($changedservices);
}
***************
*** 863,871 ****
if ($mode == 'delete') {
! $cid = COM_applyFilter ($_REQUEST['cid'], true);
if ($cid > 0) {
! $display = deleteTrackbackComment ($cid);
} else {
! $display = COM_refresh ($_CONF['site_admin_url'] . '/index.php');
}
} else if ($mode == 'send') {
--- 877,885 ----
if ($mode == 'delete') {
! $cid = COM_applyFilter($_REQUEST['cid'], true);
if ($cid > 0) {
! $display = deleteTrackbackComment($cid);
} else {
! $display = COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
} else if ($mode == 'send') {
***************
*** 886,890 ****
$LANG_TRB['url_required']);
$display .= trackback_editor ($target, $url, $title, $excerpt, $blog);
! } else {
// prepare for send
$send_title = TRB_filterTitle ($title);
--- 900,904 ----
$LANG_TRB['url_required']);
$display .= trackback_editor ($target, $url, $title, $excerpt, $blog);
! } elseif (SEC_checkToken()) {
// prepare for send
$send_title = TRB_filterTitle ($title);
***************
*** 900,907 ****
$display .= trackback_editor ();
} else {
! $message = '<p>' . $LANG_TRB['send_error_details'] . '<br' . XHTML . '>'
! . '<span class="warningsmall">'
. htmlspecialchars ($result) . '</span></p>';
! $display .= showTrackbackMessage ($LANG_TRB['send_error'], $message);
// display editor with the same contents again
--- 914,921 ----
$display .= trackback_editor ();
} else {
! $message = '<p>' . $LANG_TRB['send_error_details']
! . '<br' . XHTML . '><span class="warningsmall">'
. htmlspecialchars ($result) . '</span></p>';
! $display .= showTrackbackMessage($LANG_TRB['send_error'], $message);
// display editor with the same contents again
***************
*** 988,1038 ****
$template = new Template ($_CONF['path_layout'] . 'admin/trackback');
$template->set_file (array ('form' => 'pingform.thtml'));
! $template->set_var ( 'xhtml', XHTML );
! $template->set_var ('site_url', $_CONF['site_url']);
! $template->set_var ('site_admin_url', $_CONF['site_admin_url']);
! $template->set_var ('layout_url', $_CONF['layout_url']);
! $template->set_var ('php_self', $_CONF['site_admin_url']
. '/trackback.php');
! $template->set_var ('lang_may_take_a_while', $LANG_TRB['may_take_a_while']);
! $template->set_var ('lang_ping_explain', $LANG_TRB['ping_all_explain']);
! $template->set_var ('ping_results', $pingresult);
if ($_CONF['pingback_enabled']) {
if (!$pingback_sent) {
! $template->set_var ('lang_pingback_button',
$LANG_TRB['pingback_button']);
! $template->set_var ('lang_pingback_short',
$LANG_TRB['pingback_short']);
$button = '<input type="submit" name="what[0]" value="'
. $LANG_TRB['pingback_button'] . '"' . XHTML . '>';
! $template->set_var ('pingback_button', $button);
}
} else {
! $template->set_var ('pingback_button', $LANG_TRB['pingback_disabled']);
}
if ($_CONF['ping_enabled']) {
if (!$ping_sent) {
! $template->set_var ('lang_ping_button', $LANG_TRB['ping_button']);
! $template->set_var ('lang_ping_short', $LANG_TRB['ping_short']);
$button = '<input type="submit" name="what[1]" value="'
. $LANG_TRB['ping_button'] . '"' . XHTML . '>';
! $template->set_var ('ping_button', $button);
}
} else {
! $template->set_var ('ping_button', $LANG_TRB['ping_disabled']);
}
if ($_CONF['trackback_enabled']) {
if (!$trackback_sent) {
! $template->set_var ('lang_trackback_button',
$LANG_TRB['trackback_button']);
! $template->set_var ('lang_trackback_short',
$LANG_TRB['trackback_short']);
$button = '<input type="submit" name="what[2]" value="'
. $LANG_TRB['trackback_button'] . '"' . XHTML . '>';
! $template->set_var ('trackback_button', $button);
}
} else {
! $template->set_var ('trackback_button', $LANG_TRB['trackback_disabled']);
}
--- 1002,1052 ----
$template = new Template ($_CONF['path_layout'] . 'admin/trackback');
$template->set_file (array ('form' => 'pingform.thtml'));
! $template->set_var('xhtml', XHTML);
! $template->set_var('site_url', $_CONF['site_url']);
! $template->set_var('site_admin_url', $_CONF['site_admin_url']);
! $template->set_var('layout_url', $_CONF['layout_url']);
! $template->set_var('php_self', $_CONF['site_admin_url']
. '/trackback.php');
! $template->set_var('lang_may_take_a_while', $LANG_TRB['may_take_a_while']);
! $template->set_var('lang_ping_explain', $LANG_TRB['ping_all_explain']);
! $template->set_var('ping_results', $pingresult);
if ($_CONF['pingback_enabled']) {
if (!$pingback_sent) {
! $template->set_var('lang_pingback_button',
$LANG_TRB['pingback_button']);
! $template->set_var('lang_pingback_short',
$LANG_TRB['pingback_short']);
$button = '<input type="submit" name="what[0]" value="'
. $LANG_TRB['pingback_button'] . '"' . XHTML . '>';
! $template->set_var('pingback_button', $button);
}
} else {
! $template->set_var('pingback_button', $LANG_TRB['pingback_disabled']);
}
if ($_CONF['ping_enabled']) {
if (!$ping_sent) {
! $template->set_var('lang_ping_button', $LANG_TRB['ping_button']);
! $template->set_var('lang_ping_short', $LANG_TRB['ping_short']);
$button = '<input type="submit" name="what[1]" value="'
. $LANG_TRB['ping_button'] . '"' . XHTML . '>';
! $template->set_var('ping_button', $button);
}
} else {
! $template->set_var('ping_button', $LANG_TRB['ping_disabled']);
}
if ($_CONF['trackback_enabled']) {
if (!$trackback_sent) {
! $template->set_var('lang_trackback_button',
$LANG_TRB['trackback_button']);
! $template->set_var('lang_trackback_short',
$LANG_TRB['trackback_short']);
$button = '<input type="submit" name="what[2]" value="'
. $LANG_TRB['trackback_button'] . '"' . XHTML . '>';
! $template->set_var('trackback_button', $button);
}
} else {
! $template->set_var('trackback_button', $LANG_TRB['trackback_disabled']);
}
***************
*** 1050,1054 ****
$hidden .= '<input type="hidden" name="type" value="' . $type . '"' . XHTML . '>';
$hidden .= '<input type="hidden" name="mode" value="sendall"' . XHTML . '>';
! $template->set_var ('hidden_input_fields', $hidden);
$template->parse ('output', 'form');
--- 1064,1068 ----
$hidden .= '<input type="hidden" name="type" value="' . $type . '"' . XHTML . '>';
$hidden .= '<input type="hidden" name="mode" value="sendall"' . XHTML . '>';
! $template->set_var('hidden_input_fields', $hidden);
$template->parse ('output', 'form');
***************
*** 1171,1175 ****
$display .= COM_siteFooter ();
! } else if ($mode == 'deleteservice') {
$pid = COM_applyFilter ($_POST['service_id'], true);
if ($pid > 0) {
--- 1185,1189 ----
$display .= COM_siteFooter ();
! } elseif (($mode == 'deleteservice') && SEC_checkToken()) {
$pid = COM_applyFilter ($_POST['service_id'], true);
if ($pid > 0) {
***************
*** 1180,1184 ****
$display = COM_refresh ($_CONF['site_admin_url'] . '/index.php');
}
! } else if ($mode == 'saveservice') {
$is_enabled = '';
if (isset($_POST['is_enabled'])) {
--- 1194,1198 ----
$display = COM_refresh ($_CONF['site_admin_url'] . '/index.php');
}
! } elseif (($mode == 'saveservice') && SEC_checkToken()) {
$is_enabled = '';
if (isset($_POST['is_enabled'])) {
***************
*** 1214,1218 ****
$display .= showTrackbackMessage ($LANG_TRB['pbtarget_missing'],
$LANG_TRB['pbtarget_required']);
! } else {
$result = PNB_sendPingback ($_CONF['site_url'], $target);
if (empty ($result)) {
--- 1228,1232 ----
$display .= showTrackbackMessage ($LANG_TRB['pbtarget_missing'],
$LANG_TRB['pbtarget_required']);
! } elseif (SEC_checkToken()) {
$result = PNB_sendPingback ($_CONF['site_url'], $target);
if (empty ($result)) {
More information about the geeklog-cvs
mailing list