[geeklog-cvs] Geeklog-1.x/plugins/spamx EditBlackList.Admin.class.php, 1.12, 1.13 EditHeader.Admin.class.php, 1.9, 1.10 EditIP.Admin.class.php, 1.11, 1.12 EditIPofURL.Admin.class.php, 1.10, 1.11 MassDelTrackback.Admin.class.php, 1.9, 1.10 MassDelete.Admin.class.php, 1.20, 1.21 SLVwhitelist.Admin.class.php, 1.6, 1.7
Dirk Haun
dhaun at qs1489.pair.com
Fri May 23 04:59:14 EDT 2008
Update of /cvsroot/geeklog/Geeklog-1.x/plugins/spamx
In directory qs1489.pair.com:/tmp/cvs-serv20074
Modified Files:
EditBlackList.Admin.class.php EditHeader.Admin.class.php
EditIP.Admin.class.php EditIPofURL.Admin.class.php
MassDelTrackback.Admin.class.php MassDelete.Admin.class.php
SLVwhitelist.Admin.class.php
Log Message:
CSRF protection
Index: EditIP.Admin.class.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/plugins/spamx/EditIP.Admin.class.php,v
retrieving revision 1.11
retrieving revision 1.12
diff -C2 -d -r1.11 -r1.12
*** EditIP.Admin.class.php 25 Nov 2007 06:56:05 -0000 1.11
--- EditIP.Admin.class.php 23 May 2008 08:59:12 -0000 1.12
***************
*** 5,9 ****
* This is the Edit IPBlacklist Module for the Geeklog Spam-X plugin
*
! * Copyright (C) 2004-2007 by the following authors:
* Author Tom Willett tomw AT pigstye DOT net
* Dirk Haun dirk AT haun-online DOT de
--- 5,9 ----
* This is the Edit IPBlacklist Module for the Geeklog Spam-X plugin
*
! * Copyright (C) 2004-2008 by the following authors:
* Author Tom Willett tomw AT pigstye DOT net
* Dirk Haun dirk AT haun-online DOT de
***************
*** 14,19 ****
*/
! if (strpos ($_SERVER['PHP_SELF'], 'EditIP.Admin.class.php') !== false) {
! die ('This file can not be used on its own!');
}
--- 14,19 ----
*/
! if (strpos($_SERVER['PHP_SELF'], 'EditIP.Admin.class.php') !== false) {
! die('This file can not be used on its own!');
}
***************
*** 35,76 ****
if (isset($_GET['action'])) {
$action = $_GET['action'];
! } else if (isset($_POST['paction'])) {
$action = $_POST['paction'];
}
$entry = '';
! if (isset ($_GET['entry'])) {
! $entry = COM_stripslashes ($_GET['entry']);
! } else if (isset ($_POST['pentry'])) {
! $entry = COM_stripslashes ($_POST['pentry']);
}
! if ($action == 'delete') {
! $entry = addslashes ($entry);
! $result = DB_query ("DELETE FROM {$_TABLES['spamx']} WHERE name = 'IP' AND value = '$entry'");
! } elseif ($action == $LANG_SX00['addentry']) {
! if (!empty ($entry)) {
! $entry = str_replace (' ', '', $entry);
! $entry = addslashes ($entry);
! $result = DB_query ("INSERT INTO {$_TABLES['spamx']} VALUES ('IP', '$entry')");
}
}
$display = '<hr' . XHTML . '>' . LB . '<p><b>';
$display .= $LANG_SX00['ipblack'];
$display .= '</b></p>' . LB . '<ul>' . LB;
! $result = DB_query ("SELECT value FROM {$_TABLES['spamx']} WHERE name = 'IP'");
! $nrows = DB_numRows ($result);
for ($i = 0; $i < $nrows; $i++) {
! list($e) = DB_fetchArray ($result);
! $display .= '<li>'. COM_createLink(htmlspecialchars ($e), $_CONF['site_admin_url']
! . '/plugins/spamx/index.php?command=EditIP&action=delete&entry='
! . urlencode ($e)) . '</li>' . LB;
}
$display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB;
$display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB;
! $display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditIP">' . LB;
! $display .= '<div><input type="text" size ="31" name="pentry"' . XHTML . '> ';
! $display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addentry'] . '"' . XHTML . '>' . LB;
$display .= '</div></form>' . LB;
--- 35,82 ----
if (isset($_GET['action'])) {
$action = $_GET['action'];
! } elseif (isset($_POST['paction'])) {
$action = $_POST['paction'];
}
$entry = '';
! if (isset($_GET['entry'])) {
! $entry = COM_stripslashes($_GET['entry']);
! } elseif (isset($_POST['pentry'])) {
! $entry = COM_stripslashes($_POST['pentry']);
}
! if (($action == 'delete') && SEC_checkToken()) {
! $entry = addslashes($entry);
! $result = DB_query("DELETE FROM {$_TABLES['spamx']} WHERE name = 'IP' AND value = '$entry'");
! } elseif (($action == $LANG_SX00['addentry']) && SEC_checkToken()) {
! if (!empty($entry)) {
! $entry = str_replace(' ', '', $entry);
! $entry = addslashes($entry);
! $result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('IP', '$entry')");
}
}
+ $token = SEC_createToken();
$display = '<hr' . XHTML . '>' . LB . '<p><b>';
$display .= $LANG_SX00['ipblack'];
$display .= '</b></p>' . LB . '<ul>' . LB;
! $result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name = 'IP'");
! $nrows = DB_numRows($result);
for ($i = 0; $i < $nrows; $i++) {
! list($e) = DB_fetchArray($result);
! $display .= '<li>'. COM_createLink(htmlspecialchars($e),
! $_CONF['site_admin_url']
! . '/plugins/spamx/index.php?command=EditIP&action=delete&entry=' . urlencode($e) . '&' . CSRF_TOKEN . '=' . $token) . '</li>' . LB;
}
$display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB;
$display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB;
! $display .= '<form method="post" action="' . $_CONF['site_admin_url']
! . '/plugins/spamx/index.php?command=EditIP">' . LB;
! $display .= '<div><input type="text" size="31" name="pentry"' . XHTML
! . '> ';
! $display .= '<input type="submit" name="paction" value="'
! . $LANG_SX00['addentry'] . '"' . XHTML . '>' . LB;
! $display .= '<input type="hidden" name="' . CSRF_TOKEN
! . "\" value=\"{$token}\"" . XHTML . '>' . LB;
$display .= '</div></form>' . LB;
Index: EditBlackList.Admin.class.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/plugins/spamx/EditBlackList.Admin.class.php,v
retrieving revision 1.12
retrieving revision 1.13
diff -C2 -d -r1.12 -r1.13
*** EditBlackList.Admin.class.php 25 Nov 2007 06:56:05 -0000 1.12
--- EditBlackList.Admin.class.php 23 May 2008 08:59:12 -0000 1.13
***************
*** 5,9 ****
* This is the Edit Personal Blacklist Module for the Geeklog Spam-X plugin
*
! * Copyright (C) 2004-2007 by the following authors:
* Author Tom Willett tomw AT pigstye DOT net
* Dirk Haun dirk AT haun-online DOT de
--- 5,9 ----
* This is the Edit Personal Blacklist Module for the Geeklog Spam-X plugin
*
! * Copyright (C) 2004-2008 by the following authors:
* Author Tom Willett tomw AT pigstye DOT net
* Dirk Haun dirk AT haun-online DOT de
***************
*** 14,19 ****
*/
! if (strpos ($_SERVER['PHP_SELF'], 'EditBlackList.Admin.class.php') !== false) {
! die ('This file can not be used on its own!');
}
--- 14,19 ----
*/
! if (strpos($_SERVER['PHP_SELF'], 'EditBlackList.Admin.class.php') !== false) {
! die('This file can not be used on its own!');
}
***************
*** 35,84 ****
if (isset($_GET['action'])) {
$action = $_GET['action'];
! } else if (isset($_POST['paction'])) {
$action = $_POST['paction'];
}
$entry = '';
! if (isset ($_GET['entry'])) {
! $entry = COM_stripslashes ($_GET['entry']);
! } else if (isset ($_POST['pentry'])) {
! $entry = COM_stripslashes ($_POST['pentry']);
}
! if ($action == 'delete') {
! $entry = addslashes ($entry);
! $result = DB_query ("DELETE FROM {$_TABLES['spamx']} WHERE name = 'Personal' AND value = '$entry'");
! } elseif ($action == $LANG_SX00['addentry']) {
! if (!empty ($entry)) {
! $entry = addslashes ($entry);
! $result = DB_query ("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '$entry')");
}
! } elseif ($action == $LANG_SX00['addcen']) {
foreach ($_CONF['censorlist'] as $entry) {
! $entry = addslashes ($entry);
! $result = DB_query ("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '$entry')");
}
}
$display = '<hr' . XHTML . '>' . LB . '<p><b>';
$display .= $LANG_SX00['pblack'];
$display .= '</b></p>' . LB . '<ul>' . LB;
! $result = DB_query ("SELECT value FROM {$_TABLES['spamx']} WHERE name = 'Personal'");
! $nrows = DB_numRows ($result);
for ($i = 0; $i < $nrows; $i++) {
! $A = DB_fetchArray ($result);
$e = $A['value'];
! $display .= '<li>' . COM_createLink(htmlspecialchars ($e),
$_CONF['site_admin_url']
! . '/plugins/spamx/index.php?command=EditBlackList&action=delete&entry='
! . urlencode ($e)) . '</li>' . LB;
}
$display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB;
$display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB;
! $display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditBlackList">' . LB;
! $display .= '<div><input type="text" size="30" name="pentry"' . XHTML . '> ';
! $display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addentry'] . '"' . XHTML . '>' . LB;
$display .= '<p>' . $LANG_SX00['e3'] . '</p> ';
! $display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addcen'] . '"' . XHTML . '>' . LB;
$display .= '</div></form>' . LB;
--- 35,90 ----
if (isset($_GET['action'])) {
$action = $_GET['action'];
! } elseif (isset($_POST['paction'])) {
$action = $_POST['paction'];
}
$entry = '';
! if (isset($_GET['entry'])) {
! $entry = COM_stripslashes($_GET['entry']);
! } elseif (isset($_POST['pentry'])) {
! $entry = COM_stripslashes($_POST['pentry']);
}
! if (($action == 'delete') && SEC_checkToken()) {
! $entry = addslashes($entry);
! $result = DB_query("DELETE FROM {$_TABLES['spamx']} WHERE name = 'Personal' AND value = '$entry'");
! } elseif (($action == $LANG_SX00['addentry']) && SEC_checkToken()) {
! if (!empty($entry)) {
! $entry = addslashes($entry);
! $result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '$entry')");
}
! } elseif (($action == $LANG_SX00['addcen']) && SEC_checkToken()) {
foreach ($_CONF['censorlist'] as $entry) {
! $entry = addslashes($entry);
! $result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '$entry')");
}
}
+ $token = SEC_createToken();
$display = '<hr' . XHTML . '>' . LB . '<p><b>';
$display .= $LANG_SX00['pblack'];
$display .= '</b></p>' . LB . '<ul>' . LB;
! $result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name = 'Personal'");
! $nrows = DB_numRows($result);
for ($i = 0; $i < $nrows; $i++) {
! $A = DB_fetchArray($result);
$e = $A['value'];
! $display .= '<li>' . COM_createLink(htmlspecialchars($e),
$_CONF['site_admin_url']
! . '/plugins/spamx/index.php?command=EditBlackList&action=delete&entry=' . urlencode($e) . '&' . CSRF_TOKEN . '=' . $token) . '</li>' . LB;
}
$display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB;
$display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB;
! $display .= '<form method="post" action="' . $_CONF['site_admin_url']
! . '/plugins/spamx/index.php?command=EditBlackList">' . LB;
! $display .= '<div><input type="text" size="30" name="pentry"' . XHTML
! . '> ';
! $display .= '<input type="submit" name="paction" value="'
! . $LANG_SX00['addentry'] . '"' . XHTML . '>' . LB;
$display .= '<p>' . $LANG_SX00['e3'] . '</p> ';
! $display .= '<input type="submit" name="paction" value="'
! . $LANG_SX00['addcen'] . '"' . XHTML . '>' . LB;
! $display .= '<input type="hidden" name="' . CSRF_TOKEN
! . "\" value=\"{$token}\"" . XHTML . '>' . LB;
$display .= '</div></form>' . LB;
Index: EditIPofURL.Admin.class.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/plugins/spamx/EditIPofURL.Admin.class.php,v
retrieving revision 1.10
retrieving revision 1.11
diff -C2 -d -r1.10 -r1.11
*** EditIPofURL.Admin.class.php 25 Nov 2007 06:56:05 -0000 1.10
--- EditIPofURL.Admin.class.php 23 May 2008 08:59:12 -0000 1.11
***************
*** 3,9 ****
/**
* File: EditIPofURL.Admin.class.php
! * This is the Edit IPBlacklist Module for the Geeklog Spam-X plugin
*
! * Copyright (C) 2004-2007 by the following authors:
* Author Tom Willett tomw AT pigstye DOT net
* Dirk Haun dirk AT haun-online DOT de
--- 3,9 ----
/**
* File: EditIPofURL.Admin.class.php
! * This is the Edit IPofURL Module for the Geeklog Spam-X plugin
*
! * Copyright (C) 2004-2008 by the following authors:
* Author Tom Willett tomw AT pigstye DOT net
* Dirk Haun dirk AT haun-online DOT de
***************
*** 14,19 ****
*/
! if (strpos ($_SERVER['PHP_SELF'], 'EditIPofURL.Admin.class.php') !== false) {
! die ('This file can not be used on its own!');
}
--- 14,19 ----
*/
! if (strpos($_SERVER['PHP_SELF'], 'EditIPofURL.Admin.class.php') !== false) {
! die('This file can not be used on its own!');
}
***************
*** 35,75 ****
if (isset($_GET['action'])) {
$action = $_GET['action'];
! } else if (isset($_POST['paction'])) {
$action = $_POST['paction'];
}
$entry = '';
! if (isset ($_GET['entry'])) {
! $entry = COM_stripslashes ($_GET['entry']);
! } else if (isset ($_POST['pentry'])) {
! $entry = COM_stripslashes ($_POST['pentry']);
}
! if ($action == 'delete') {
! $entry = addslashes ($entry);
! $result = DB_query ("DELETE FROM {$_TABLES['spamx']} WHERE name = 'IPofUrl' AND value = '$entry'");
! } elseif ($action == $LANG_SX00['addentry']) {
! if (!empty ($entry)) {
! $entry = addslashes ($entry);
! $result = DB_query ("INSERT INTO {$_TABLES['spamx']} VALUES ('IPofUrl', '$entry')");
}
}
$display = '<hr' . XHTML . '>' . LB . '<p><b>';
$display .= $LANG_SX00['ipofurlblack'];
$display .= '</b></p>' . LB . '<ul>' . LB;
! $result = DB_query ("SELECT value FROM {$_TABLES['spamx']} WHERE name = 'IPofUrl'");
! $nrows = DB_numRows ($result);
for ($i = 0; $i < $nrows; $i++) {
! list($e) = DB_fetchArray ($result);
! $display .= '<li>'. COM_createLink(htmlspecialchars ($e), $_CONF['site_admin_url']
! . '/plugins/spamx/index.php?command=EditIPofUrl&action=delete&entry='
! . urlencode ($e) ). '</li>' . LB;
}
$display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB;
$display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB;
! $display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditIPofUrl">';
! $display .= '<div><input type="text" size ="30" name="pentry"' . XHTML . '> ';
! $display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addentry'] . '"' . XHTML . '>' . LB;
$display .= '</div></form>' . LB;
--- 35,81 ----
if (isset($_GET['action'])) {
$action = $_GET['action'];
! } elseif (isset($_POST['paction'])) {
$action = $_POST['paction'];
}
$entry = '';
! if (isset($_GET['entry'])) {
! $entry = COM_stripslashes($_GET['entry']);
! } elseif (isset($_POST['pentry'])) {
! $entry = COM_stripslashes($_POST['pentry']);
}
! if (($action == 'delete') && SEC_checkToken()) {
! $entry = addslashes($entry);
! $result = DB_query("DELETE FROM {$_TABLES['spamx']} WHERE name = 'IPofUrl' AND value = '$entry'");
! } elseif (($action == $LANG_SX00['addentry']) && SEC_checkToken()) {
! if (!empty($entry)) {
! $entry = addslashes($entry);
! $result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('IPofUrl', '$entry')");
}
}
+ $token = SEC_createToken();
$display = '<hr' . XHTML . '>' . LB . '<p><b>';
$display .= $LANG_SX00['ipofurlblack'];
$display .= '</b></p>' . LB . '<ul>' . LB;
! $result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name = 'IPofUrl'");
! $nrows = DB_numRows($result);
for ($i = 0; $i < $nrows; $i++) {
! list($e) = DB_fetchArray($result);
! $display .= '<li>'. COM_createLink(htmlspecialchars($e),
! $_CONF['site_admin_url']
! . '/plugins/spamx/index.php?command=EditIPofUrl&action=delete&entry=' . urlencode($e) . '&' . CSRF_TOKEN . '=' . $token) . '</li>' . LB;
}
$display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB;
$display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB;
! $display .= '<form method="post" action="' . $_CONF['site_admin_url']
! . '/plugins/spamx/index.php?command=EditIPofUrl">';
! $display .= '<div><input type="text" size="30" name="pentry"' . XHTML
! . '> ';
! $display .= '<input type="submit" name="paction" value="'
! . $LANG_SX00['addentry'] . '"' . XHTML . '>' . LB;
! $display .= '<input type="hidden" name="' . CSRF_TOKEN
! . "\" value=\"{$token}\"" . XHTML . '>' . LB;
$display .= '</div></form>' . LB;
Index: MassDelete.Admin.class.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/plugins/spamx/MassDelete.Admin.class.php,v
retrieving revision 1.20
retrieving revision 1.21
diff -C2 -d -r1.20 -r1.21
*** MassDelete.Admin.class.php 25 Nov 2007 06:56:05 -0000 1.20
--- MassDelete.Admin.class.php 23 May 2008 08:59:12 -0000 1.21
***************
*** 2,11 ****
/**
! * file: MassDelete.Admin.class.php
* Mass delete comment spam
*
! * Copyright (C) 2004-2006 by the following authors:
*
! * @ Author Tom Willett tomw AT pigstye DOT net
*
* Licensed under GNU General Public License
--- 2,11 ----
/**
! * File: MassDelete.Admin.class.php
* Mass delete comment spam
*
! * Copyright (C) 2004-2008 by the following authors:
*
! * Author Tom Willett tomw AT pigstye DOT net
*
* Licensed under GNU General Public License
***************
*** 14,24 ****
*/
! if (strpos ($_SERVER['PHP_SELF'], 'MassDelete.Admin.class.php') !== false) {
! die ('This file can not be used on its own!');
}
! require_once($_CONF['path'] . 'plugins/spamx/BaseAdmin.class.php');
! require_once($_CONF['path_system'] . 'lib-comment.php');
!
class MassDelete extends BaseAdmin {
--- 14,23 ----
*/
! if (strpos($_SERVER['PHP_SELF'], 'MassDelete.Admin.class.php') !== false) {
! die('This file can not be used on its own!');
}
! require_once $_CONF['path'] . 'plugins/spamx/BaseAdmin.class.php';
! require_once $_CONF['path_system'] . 'lib-comment.php';
class MassDelete extends BaseAdmin {
***************
*** 34,51 ****
$act = '';
! if (isset ($_POST['action'])) {
! $act = COM_applyFilter ($_POST['action']);
}
$lmt = 0;
! if (isset ($_POST['limit'])) {
! $lmt = COM_applyFilter ($_POST['limit'], true);
}
! if (($act == $LANG_SX00['deletespam']) && ($lmt>0)) {
$numc = 0;
$spamx_path = $_CONF['path'] . 'plugins/spamx/';
if ($dir = @opendir($spamx_path)) {
! while(($file = readdir($dir)) !== false) {
if (is_file($spamx_path . $file)) {
if (substr($file, -18) == '.Examine.class.php') {
--- 33,51 ----
$act = '';
! if (isset($_POST['action'])) {
! $act = COM_applyFilter($_POST['action']);
}
$lmt = 0;
! if (isset($_POST['limit'])) {
! $lmt = COM_applyFilter($_POST['limit'], true);
}
! if (($act == $LANG_SX00['deletespam']) && ($lmt > 0) &&
! SEC_checkToken()) {
$numc = 0;
$spamx_path = $_CONF['path'] . 'plugins/spamx/';
if ($dir = @opendir($spamx_path)) {
! while (($file = readdir($dir)) !== false) {
if (is_file($spamx_path . $file)) {
if (substr($file, -18) == '.Examine.class.php') {
***************
*** 53,57 ****
$Spamx_Examine[] = $tmp;
! require_once ($spamx_path . $file);
}
}
--- 53,57 ----
$Spamx_Examine[] = $tmp;
! require_once $spamx_path . $file;
}
}
***************
*** 64,68 ****
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
! foreach($Spamx_Examine as $Examine) {
$EX = new $Examine;
if(method_exists($EX, 'reexecute'))
--- 64,68 ----
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
! foreach ($Spamx_Examine as $Examine) {
$EX = new $Examine;
if(method_exists($EX, 'reexecute'))
***************
*** 70,74 ****
$res = $EX->reexecute($A['comment'], $A['date'], $A['ipaddress'], $A['type']);
} else {
! $res = $EX->execute ($A['comment']);
}
if ($res == 1) {
--- 70,74 ----
$res = $EX->reexecute($A['comment'], $A['date'], $A['ipaddress'], $A['type']);
} else {
! $res = $EX->execute($A['comment']);
}
if ($res == 1) {
***************
*** 81,92 ****
}
}
! $display .= $numc . $LANG_SX00['comdel'];
} else {
! $display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=MassDelete"><div>';
! $display .= $LANG_SX00['numtocheck'] . " " . ' <select name="limit">';
! $display .= '<option value = "10">10</option><option value="50">50</option>';
! $display .= '<option value = "100" selected="selected">100</option><option value="200">200</option>';
! $display .= '<option value = "300">300</option><option value="400">400</option>';
! $display .= '</select>';
$display .= $LANG_SX00['note1'];
$display .= $LANG_SX00['note2'];
--- 81,100 ----
}
}
! $display .= '<p>' . $numc . $LANG_SX00['comdel'] . '</p>' . LB;
} else {
! $token = SEC_createToken();
! $display .= '<form method="post" action="'
! . $_CONF['site_admin_url']
! . '/plugins/spamx/index.php?command=MassDelete"><div>';
! $display .= $LANG_SX00['numtocheck'] . ' '
! . ' <select name="limit">' . LB;
! $display .= '<option value="10">10</option>' . LB
! . '<option value="50">50</option>' . LB
! . '<option value="100" selected="selected">100</option>'
! . LB
! . '<option value="200">200</option>' . LB
! . '<option value="300">300</option>' . LB
! . '<option value="400">400</option>' . LB;
! $display .= '</select>' . LB;
$display .= $LANG_SX00['note1'];
$display .= $LANG_SX00['note2'];
***************
*** 94,100 ****
$display .= $LANG_SX00['note4'];
$display .= $LANG_SX00['note5'];
! $display .= $LANG_SX00['note6'];
! $display .= '<input type="submit" name="action" value="' . $LANG_SX00['deletespam'] . '"' . XHTML . '>';
! $display .= '</div></form>';
}
--- 102,111 ----
$display .= $LANG_SX00['note4'];
$display .= $LANG_SX00['note5'];
! $display .= $LANG_SX00['note6'] . LB;
! $display .= '<input type="submit" name="action" value="'
! . $LANG_SX00['deletespam'] . '"' . XHTML . '>' . LB;
! $display .= '<input type="hidden" name="' . CSRF_TOKEN
! . "\" value=\"{$token}\"" . XHTML . '>' . LB;
! $display .= '</div></form>' . LB;
}
***************
*** 104,110 ****
function link()
{
! global $LANG_SX00;
!
! return "Mass Delete Spam Comments";
}
--- 115,119 ----
function link()
{
! return 'Mass Delete Spam Comments';
}
***************
*** 118,148 ****
*
*/
! function delcomment ($cid, $sid, $type)
{
global $_CONF, $_TABLES, $LANG_SX00;
! $type = COM_applyFilter ($type);
! $sid = COM_applyFilter ($sid);
! switch ( $type ) {
! case 'article':
! $has_editPermissions = SEC_hasRights ('story.edit');
! $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '$sid'");
! $A = DB_fetchArray ($result);
! if ($has_editPermissions && SEC_hasAccess ($A['owner_id'],
! $A['group_id'], $A['perm_owner'], $A['perm_group'],
! $A['perm_members'], $A['perm_anon']) == 3) {
! CMT_deleteComment(COM_applyFilter($cid, true), $sid, 'article');
! $comments = DB_count ($_TABLES['comments'],
! array ('sid', 'type'), array ($sid, 'article'));
! DB_change ($_TABLES['stories'], 'comments', $comments,
! 'sid', $sid);
! } else {
! COM_errorLog ("User {$_USER['username']} (IP: {$_SERVER['REMOTE_ADDR']}) tried to illegally delete comment $cid from $type $sid");
! }
! break;
! default: // assume plugin
! PLG_commentDelete($type, COM_applyFilter ($cid, true), $sid);
! break;
}
SPAMX_log($LANG_SX00['spamdeleted']);
--- 127,159 ----
*
*/
! function delcomment($cid, $sid, $type)
{
global $_CONF, $_TABLES, $LANG_SX00;
! $type = COM_applyFilter($type);
! $sid = COM_applyFilter($sid);
! switch ($type) {
! case 'article':
! $has_editPermissions = SEC_hasRights('story.edit');
! $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '$sid'");
! $A = DB_fetchArray($result);
!
! if ($has_editPermissions && SEC_hasAccess($A['owner_id'],
! $A['group_id'], $A['perm_owner'], $A['perm_group'],
! $A['perm_members'], $A['perm_anon']) == 3) {
! CMT_deleteComment(COM_applyFilter($cid, true), $sid, 'article');
! $comments = DB_count($_TABLES['comments'],
! array('sid', 'type'), array($sid, 'article'));
! DB_change($_TABLES['stories'], 'comments', $comments,
! 'sid', $sid);
! } else {
! COM_errorLog("User {$_USER['username']} (IP: {$_SERVER['REMOTE_ADDR']}) tried to illegally delete comment $cid from $type $sid");
! }
! break;
!
! default: // assume plugin
! PLG_commentDelete($type, COM_applyFilter($cid, true), $sid);
! break;
}
SPAMX_log($LANG_SX00['spamdeleted']);
Index: SLVwhitelist.Admin.class.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/plugins/spamx/SLVwhitelist.Admin.class.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** SLVwhitelist.Admin.class.php 25 Nov 2007 06:56:05 -0000 1.6
--- SLVwhitelist.Admin.class.php 23 May 2008 08:59:12 -0000 1.7
***************
*** 5,9 ****
* This is the SLV Whitelist Module for the Geeklog Spam-X plugin
*
! * Copyright (C) 2004-2007 by the following authors:
* Author Tom Willett tomw AT pigstye DOT net
* Dirk Haun dirk AT haun-online DOT de
--- 5,9 ----
* This is the SLV Whitelist Module for the Geeklog Spam-X plugin
*
! * Copyright (C) 2004-2008 by the following authors:
* Author Tom Willett tomw AT pigstye DOT net
* Dirk Haun dirk AT haun-online DOT de
***************
*** 14,19 ****
*/
! if (strpos ($_SERVER['PHP_SELF'], 'SLVwhitelist.Admin.class.php') !== false) {
! die ('This file can not be used on its own!');
}
--- 14,19 ----
*/
! if (strpos($_SERVER['PHP_SELF'], 'SLVwhitelist.Admin.class.php') !== false) {
! die('This file can not be used on its own!');
}
***************
*** 35,77 ****
if (isset($_GET['action'])) {
$action = $_GET['action'];
! } else if(isset ($_POST['paction'])) {
$action = $_POST['paction'];
}
$entry = '';
! if (isset ($_GET['entry'])) {
! $entry = COM_stripslashes ($_GET['entry']);
! } else if (isset ($_POST['pentry'])) {
! $entry = COM_stripslashes ($_POST['pentry']);
}
! if ($action == 'delete') {
! $entry = addslashes ($entry);
! $result = DB_query ("DELETE FROM {$_TABLES['spamx']} WHERE name = 'SLVwhitelist' AND value = '$entry'");
! } elseif ($action == $LANG_SX00['addentry']) {
! if (!empty ($entry)) {
! $entry = addslashes ($entry);
! $result = DB_query ("INSERT INTO {$_TABLES['spamx']} VALUES ('SLVwhitelist', '$entry')");
}
}
$display = '<hr' . XHTML . '>' . LB . '<p><b>';
$display .= $LANG_SX00['slvwhitelist'];
$display .= '</b></p>' . LB . '<ul>' . LB;
! $result = DB_query ("SELECT value FROM {$_TABLES['spamx']} WHERE name = 'SLVwhitelist'");
! $nrows = DB_numRows ($result);
for ($i = 0; $i < $nrows; $i++) {
! $A = DB_fetchArray ($result);
$e = $A['value'];
! $display .= '<li>' . COM_createLink(htmlspecialchars ($e),
$_CONF['site_admin_url']
! . '/plugins/spamx/index.php?command=SLVwhitelist&action=delete&entry='
! . urlencode ($e)) .'</li>' . LB;
}
$display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB;
$display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB;
! $display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=SLVwhitelist">' . LB;
! $display .= '<div><input type="text" size ="30" name="pentry"' . XHTML . '> ';
! $display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addentry'] . '"' . XHTML . '>' . LB;
$display .= '</div></form>' . LB;
--- 35,82 ----
if (isset($_GET['action'])) {
$action = $_GET['action'];
! } elseif(isset($_POST['paction'])) {
$action = $_POST['paction'];
}
$entry = '';
! if (isset($_GET['entry'])) {
! $entry = COM_stripslashes($_GET['entry']);
! } elseif (isset($_POST['pentry'])) {
! $entry = COM_stripslashes($_POST['pentry']);
}
! if (($action == 'delete') && SEC_checkToken()) {
! $entry = addslashes($entry);
! $result = DB_query("DELETE FROM {$_TABLES['spamx']} WHERE name = 'SLVwhitelist' AND value = '$entry'");
! } elseif (($action == $LANG_SX00['addentry']) && SEC_checkToken()) {
! if (!empty($entry)) {
! $entry = addslashes($entry);
! $result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('SLVwhitelist', '$entry')");
}
}
+ $token = SEC_createToken();
$display = '<hr' . XHTML . '>' . LB . '<p><b>';
$display .= $LANG_SX00['slvwhitelist'];
$display .= '</b></p>' . LB . '<ul>' . LB;
! $result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name = 'SLVwhitelist'");
! $nrows = DB_numRows($result);
for ($i = 0; $i < $nrows; $i++) {
! $A = DB_fetchArray($result);
$e = $A['value'];
! $display .= '<li>' . COM_createLink(htmlspecialchars($e),
$_CONF['site_admin_url']
! . '/plugins/spamx/index.php?command=SLVwhitelist&action=delete&entry=' . urlencode($e) . '&' . CSRF_TOKEN . '=' . $token) .'</li>' . LB;
}
$display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB;
$display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB;
! $display .= '<form method="post" action="' . $_CONF['site_admin_url']
! . '/plugins/spamx/index.php?command=SLVwhitelist">' . LB;
! $display .= '<div><input type="text" size="30" name="pentry"' . XHTML
! . '> ';
! $display .= '<input type="submit" name="paction" value="'
! . $LANG_SX00['addentry'] . '"' . XHTML . '>' . LB;
! $display .= '<input type="hidden" name="' . CSRF_TOKEN
! . "\" value=\"{$token}\"" . XHTML . '>' . LB;
$display .= '</div></form>' . LB;
Index: MassDelTrackback.Admin.class.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/plugins/spamx/MassDelTrackback.Admin.class.php,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -d -r1.9 -r1.10
*** MassDelTrackback.Admin.class.php 25 Nov 2007 06:56:05 -0000 1.9
--- MassDelTrackback.Admin.class.php 23 May 2008 08:59:12 -0000 1.10
***************
*** 2,10 ****
/**
! * file: MassDelTrackback.Admin.class.php
*
* Mass delete trackback spam
*
! * Copyright (C) 2004-2006 by the following authors:
*
* @author Tom Willett tomw AT pigstye DOT net
--- 2,10 ----
/**
! * File: MassDelTrackback.Admin.class.php
*
* Mass delete trackback spam
*
! * Copyright (C) 2004-2008 by the following authors:
*
* @author Tom Willett tomw AT pigstye DOT net
***************
*** 16,25 ****
*/
! if (strpos ($_SERVER['PHP_SELF'], 'MassDelTrackback.Admin.class.php') !== false) {
! die ('This file can not be used on its own!');
}
! require_once ($_CONF['path'] . 'plugins/spamx/BaseAdmin.class.php');
!
class MassDelTrackback extends BaseAdmin {
--- 16,24 ----
*/
! if (strpos($_SERVER['PHP_SELF'], 'MassDelTrackback.Admin.class.php') !== false) {
! die('This file can not be used on its own!');
}
! require_once $_CONF['path'] . 'plugins/spamx/BaseAdmin.class.php';
class MassDelTrackback extends BaseAdmin {
***************
*** 32,69 ****
$act = '';
! if (isset ($_POST['action'])) {
! $act = COM_applyFilter ($_POST['action']);
}
$lmt = 0;
! if (isset ($_POST['limit'])) {
! $lmt = COM_applyFilter ($_POST['limit'], true);
}
! if (($act == $LANG_SX00['deletespam']) && ($lmt > 0)) {
$numc = 0;
$spamx_path = $_CONF['path'] . 'plugins/spamx/';
! if ($dir = @opendir ($spamx_path)) {
! while (($file = readdir ($dir)) !== false) {
! if (is_file ($spamx_path . $file)) {
! if (substr ($file, -18) == '.Examine.class.php') {
! $tmp = str_replace ('.Examine.class.php', '', $file);
$Spamx_Examine[] = $tmp;
! require_once ($spamx_path . $file);
}
}
}
! closedir ($dir);
}
! require_once ($_CONF['path_system'] . 'lib-trackback.php');
! $result = DB_query ("SELECT cid,sid,type,url,title,blog,excerpt,ipaddress,UNIX_TIMESTAMP(date) as date FROM {$_TABLES['trackback']} ORDER BY date DESC LIMIT $lmt");
! $nrows = DB_numRows ($result);
for ($i = 0; $i < $nrows; $i++) {
! $A = DB_fetchArray ($result);
! $comment = TRB_formatComment ($A['url'], $A['title'],
! $A['blog'], $A['excerpt']);
foreach ($Spamx_Examine as $Examine) {
--- 31,69 ----
$act = '';
! if (isset($_POST['action'])) {
! $act = COM_applyFilter($_POST['action']);
}
$lmt = 0;
! if (isset($_POST['limit'])) {
! $lmt = COM_applyFilter($_POST['limit'], true);
}
! if (($act == $LANG_SX00['deletespam']) && ($lmt > 0) &&
! SEC_checkToken()) {
$numc = 0;
$spamx_path = $_CONF['path'] . 'plugins/spamx/';
! if ($dir = @opendir($spamx_path)) {
! while (($file = readdir($dir)) !== false) {
! if (is_file($spamx_path . $file)) {
! if (substr($file, -18) == '.Examine.class.php') {
! $tmp = str_replace('.Examine.class.php', '', $file);
$Spamx_Examine[] = $tmp;
! require_once $spamx_path . $file;
}
}
}
! closedir($dir);
}
! require_once $_CONF['path_system'] . 'lib-trackback.php';
! $result = DB_query("SELECT cid,sid,type,url,title,blog,excerpt,ipaddress,UNIX_TIMESTAMP(date) AS date FROM {$_TABLES['trackback']} ORDER BY date DESC LIMIT $lmt");
! $nrows = DB_numRows($result);
for ($i = 0; $i < $nrows; $i++) {
! $A = DB_fetchArray($result);
! $comment = TRB_formatComment($A['url'], $A['title'],
! $A['blog'], $A['excerpt']);
foreach ($Spamx_Examine as $Examine) {
***************
*** 73,77 ****
$res = $EX->reexecute($comment, $A['date'], $A['ipaddress'], $A['type']);
} else {
! $res = $EX->execute ($comment);
}
if ($res == 1) {
--- 73,77 ----
$res = $EX->reexecute($comment, $A['date'], $A['ipaddress'], $A['type']);
} else {
! $res = $EX->execute($comment);
}
if ($res == 1) {
***************
*** 80,91 ****
}
if ($res == 1) {
! $this->deltrackback ($A['cid'], $A['sid'], $A['type']);
$numc = $numc + 1;
}
}
! $display .= $numc . $LANG_SX00['comdel'];
} else {
! $display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=MassDelTrackback"><div>';
! $display .= $LANG_SX00['numtocheck'] . ' ' . ' <select name="limit">';
$display .= '<option value="10">10</option>'
. '<option value="50">50</option>'
--- 80,95 ----
}
if ($res == 1) {
! $this->deltrackback($A['cid'], $A['sid'], $A['type']);
$numc = $numc + 1;
}
}
! $display .= '<p>' . $numc . $LANG_SX00['comdel'] . '</p>' . LB;
} else {
! $token = SEC_createToken();
! $display .= '<form method="post" action="'
! . $_CONF['site_admin_url']
! . '/plugins/spamx/index.php?command=MassDelTrackback"><div>';
! $display .= $LANG_SX00['numtocheck'] . ' '
! . ' <select name="limit">' . LB;
$display .= '<option value="10">10</option>'
. '<option value="50">50</option>'
***************
*** 94,98 ****
. '<option value="300">300</option>'
. '<option value="400">400</option>';
! $display .= '</select>';
$display .= $LANG_SX00['note1'];
$display .= $LANG_SX00['note2'];
--- 98,102 ----
. '<option value="300">300</option>'
. '<option value="400">400</option>';
! $display .= '</select>' . LB;
$display .= $LANG_SX00['note1'];
$display .= $LANG_SX00['note2'];
***************
*** 100,106 ****
$display .= $LANG_SX00['note4'];
$display .= $LANG_SX00['note5'];
! $display .= $LANG_SX00['note6'];
! $display .= '<input type="submit" name="action" value="' . $LANG_SX00['deletespam'] . '"' . XHTML . '>';
! $display .= '</div></form>';
}
--- 104,113 ----
$display .= $LANG_SX00['note4'];
$display .= $LANG_SX00['note5'];
! $display .= $LANG_SX00['note6'] . LB;
! $display .= '<input type="submit" name="action" value="'
! . $LANG_SX00['deletespam'] . '"' . XHTML . '>' . LB;
! $display .= '<input type="hidden" name="' . CSRF_TOKEN
! . "\" value=\"{$token}\"" . XHTML . '>' . LB;
! $display .= '</div></form>' . LB;
}
***************
*** 124,142 ****
*
*/
! function deltrackback ($cid, $sid, $type)
{
global $_TABLES, $LANG_SX00;
! if (TRB_allowDelete ($sid, $type)) {
! TRB_deleteTrackbackComment ($cid);
if ($type == 'article') {
! $tbcount = DB_count ($_TABLES['trackback'],
! array ('type', 'sid'),
! array ('article', $sid));
! DB_query ("UPDATE {$_TABLES['stories']} SET trackbacks = $tbcount WHERE sid = '$sid'");
}
! SPAMX_log ($LANG_SX00['spamdeleted']);
}
}
--- 131,149 ----
*
*/
! function deltrackback($cid, $sid, $type)
{
global $_TABLES, $LANG_SX00;
! if (TRB_allowDelete($sid, $type)) {
! TRB_deleteTrackbackComment($cid);
if ($type == 'article') {
! $tbcount = DB_count($_TABLES['trackback'],
! array('type', 'sid'),
! array('article', $sid));
! DB_query("UPDATE {$_TABLES['stories']} SET trackbacks = $tbcount WHERE sid = '$sid'");
}
! SPAMX_log($LANG_SX00['spamdeleted']);
}
}
Index: EditHeader.Admin.class.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/plugins/spamx/EditHeader.Admin.class.php,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -d -r1.9 -r1.10
*** EditHeader.Admin.class.php 25 Nov 2007 06:56:05 -0000 1.9
--- EditHeader.Admin.class.php 23 May 2008 08:59:12 -0000 1.10
***************
*** 5,9 ****
* This is the Edit HTTP Header Module for the Geeklog Spam-X plugin
*
! * Copyright (C) 2005-2007 by the following authors:
* Author Dirk Haun <dirk AT haun-online DOT de>
*
--- 5,9 ----
* This is the Edit HTTP Header Module for the Geeklog Spam-X plugin
*
! * Copyright (C) 2005-2008 by the following authors:
* Author Dirk Haun <dirk AT haun-online DOT de>
*
***************
*** 15,20 ****
*/
! if (strpos ($_SERVER['PHP_SELF'], 'EditHeader.Admin.class.php') !== false) {
! die ('This file can not be used on its own!');
}
--- 15,20 ----
*/
! if (strpos($_SERVER['PHP_SELF'], 'EditHeader.Admin.class.php') !== false) {
! die('This file can not be used on its own!');
}
***************
*** 36,90 ****
if (isset($_GET['action'])) {
$action = $_GET['action'];
! } else if (isset($_POST['paction'])) {
$action = $_POST['paction'];
}
! if ($action == 'delete') {
$entry = $_GET['entry'];
! if (!empty ($entry)) {
! $dbentry = addslashes ($entry);
! $result = DB_query ("DELETE FROM {$_TABLES['spamx']} WHERE name='HTTPHeader' AND value='$dbentry'");
}
! } elseif ($action == $LANG_SX00['addentry']) {
$entry = '';
! $name = COM_applyFilter ($_REQUEST['header-name']);
! $n = explode (':', $name);
$name = $n[0];
$value = $_REQUEST['header-value'];
! if (!empty ($name) && !empty ($value)) {
$entry = $name . ': ' . $value;
}
! $dbentry = addslashes ($entry);
! if (!empty ($entry)) {
! $result = DB_query ("INSERT INTO {$_TABLES['spamx']} VALUES ('HTTPHeader','$dbentry')");
}
}
! $display = '<hr' . XHTML . '><p><b>';
$display .= $LANG_SX00['headerblack'];
! $display .= '</b></p><ul>';
! $result = DB_query ("SELECT value FROM {$_TABLES['spamx']} WHERE name='HTTPHeader' ORDER BY value");
! $nrows = DB_numRows ($result);
for ($i = 0; $i < $nrows; $i++) {
! list($e) = DB_fetchArray ($result);
! $display .= '<li>'. COM_createLink($e , $_CONF['site_admin_url']
! . '/plugins/spamx/index.php?command=EditHeader&action=delete&entry='
! . urlencode ($e)) . '</li>';
}
! $display .= '</ul><p>' . $LANG_SX00['e1'] . '</p>';
! $display .= '<p>' . $LANG_SX00['e2'] . '</p>';
! $display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditHeader">';
$display .= '<table border="0" width="100%">' . LB;
$display .= '<tr><td align="right"><b>Header:</b></td>' . LB;
! $display .= '<td><input type="text" size="40" name="header-name"' . XHTML . '> e.g. <tt>User-Agent</tt></td></tr>' . LB;
$display .= '<tr><td align="right"><b>Content:</b></td>' . LB;
! $display .= '<td><input type="text" size="40" name="header-value"' . XHTML . '> e.g. <tt>Mozilla</tt></td></tr>' . LB;
$display .= '</table>' . LB;
! $display .= '<p><input type="submit" name="paction" value="' . $LANG_SX00['addentry'] . '"' . XHTML . '></p>';
! $display .= '</form>';
return $display;
}
--- 36,98 ----
if (isset($_GET['action'])) {
$action = $_GET['action'];
! } elseif (isset($_POST['paction'])) {
$action = $_POST['paction'];
}
! if (($action == 'delete') && SEC_checkToken()) {
$entry = $_GET['entry'];
! if (!empty($entry)) {
! $dbentry = addslashes($entry);
! $result = DB_query("DELETE FROM {$_TABLES['spamx']} WHERE name='HTTPHeader' AND value='$dbentry'");
}
! } elseif (($action == $LANG_SX00['addentry']) && SEC_checkToken()) {
$entry = '';
! $name = COM_applyFilter($_REQUEST['header-name']);
! $n = explode(':', $name);
$name = $n[0];
$value = $_REQUEST['header-value'];
! if (!empty($name) && !empty($value)) {
$entry = $name . ': ' . $value;
}
! $dbentry = addslashes($entry);
! if (!empty($entry)) {
! $result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('HTTPHeader','$dbentry')");
}
}
! $token = SEC_createToken();
! $display = '<hr' . XHTML . '>' . LB . '<p><b>';
$display .= $LANG_SX00['headerblack'];
! $display .= '</b></p>' . LB . '<ul>' . LB;
! $result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name='HTTPHeader' ORDER BY value");
! $nrows = DB_numRows($result);
for ($i = 0; $i < $nrows; $i++) {
! list($e) = DB_fetchArray($result);
! $display .= '<li>'. COM_createLink(htmlspecialchars($e),
! $_CONF['site_admin_url']
! . '/plugins/spamx/index.php?command=EditHeader&action=delete&entry=' . urlencode($e) . '&' . CSRF_TOKEN . '=' . $token) . '</li>' . LB;
}
! $display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB;
! $display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB;
! $display .= '<form method="post" action="' . $_CONF['site_admin_url']
! . '/plugins/spamx/index.php?command=EditHeader">' . LB;
$display .= '<table border="0" width="100%">' . LB;
$display .= '<tr><td align="right"><b>Header:</b></td>' . LB;
! $display .= '<td><input type="text" size="40" name="header-name"'
! . XHTML . '> e.g. <tt>User-Agent</tt></td></tr>' . LB;
$display .= '<tr><td align="right"><b>Content:</b></td>' . LB;
! $display .= '<td><input type="text" size="40" name="header-value"'
! . XHTML . '> e.g. <tt>Mozilla</tt></td></tr>' . LB;
$display .= '</table>' . LB;
! $display .= '<p><input type="submit" name="paction" value="'
! . $LANG_SX00['addentry'] . '"' . XHTML . '></p>';
! $display .= '<input type="hidden" name="' . CSRF_TOKEN
! . "\" value=\"{$token}\"" . XHTML . '>' . LB;
! $display .= '</form>' . LB;
!
return $display;
}
More information about the geeklog-cvs
mailing list