[geeklog-cvs] geeklog: We'd better filter the Spam-X command, just in case
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sun Apr 19 03:31:56 EDT 2009
details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/729132c4527b
changeset: 6965:729132c4527b
user: Dirk Haun <dirk at haun-online.de>
date: Sun Apr 19 00:23:45 2009 +0200
description:
We'd better filter the Spam-X command, just in case
diffstat:
1 file changed, 32 insertions(+), 28 deletions(-)
public_html/admin/plugins/spamx/index.php | 60 +++++++++++++++--------------
diffs (94 lines):
diff -r 0fa486c53e02 -r 729132c4527b public_html/admin/plugins/spamx/index.php
--- a/public_html/admin/plugins/spamx/index.php Sun Apr 19 00:05:27 2009 +0200
+++ b/public_html/admin/plugins/spamx/index.php Sun Apr 19 00:23:45 2009 +0200
@@ -3,9 +3,9 @@
// +---------------------------------------------------------------------------+
// | Spam-X plugin 1.2 |
// +---------------------------------------------------------------------------+
-// | admin/index.php |
+// | index.php |
// | |
-// | Administration page. |
+// | Spam-X administration page. |
// +---------------------------------------------------------------------------+
// | Copyright (C) 2002-2009 by the following authors: |
// | |
@@ -65,48 +65,52 @@
* Main
*/
-$display = COM_siteHeader ('menu', $LANG_SX00['plugin_name']);
-$T = new Template ($_CONF['path'] . 'plugins/spamx/templates');
-$T->set_file ('admin', 'admin.thtml');
-$T->set_var ( 'xhtml', XHTML );
-$T->set_var ('site_url', $_CONF['site_url']);
-$T->set_var ('site_admin_url', $_CONF['site_admin_url']);
-$T->set_var ('header', $LANG_SX00['admin']);
-$T->set_var ('plugin_name', $LANG_SX00['plugin_name']);
-$T->set_var ('plugin', 'spamx');
-$T->parse ('output', 'admin');
-$display .= $T->finish ($T->get_var ('output'));
+$display = COM_siteHeader('menu', $LANG_SX00['plugin_name']);
+$T = new Template($_CONF['path'] . 'plugins/spamx/templates');
+$T->set_file('admin', 'admin.thtml');
+$T->set_var('xhtml', XHTML);
+$T->set_var('site_url', $_CONF['site_url']);
+$T->set_var('site_admin_url', $_CONF['site_admin_url']);
+$T->set_var('layout_url', $_CONF['layout_url']);
+$T->set_var('header', $LANG_SX00['admin']);
+$T->set_var('plugin_name', $LANG_SX00['plugin_name']);
+$T->set_var('plugin', 'spamx');
+$T->parse('output', 'admin');
+$display .= $T->finish($T->get_var('output'));
-$files = array ();
-if ($dir = @opendir ($_CONF['path'] . 'plugins/spamx/')) {
- while (($file = readdir ($dir)) !== false) {
- if (is_file ($_CONF['path'] . 'plugins/spamx/' . $file))
- {
- if (substr ($file, -16) == '.Admin.class.php') {
- $tmp = str_replace ('.Admin.class.php', '', $file);
- array_push ($files, $tmp);
+$files = array();
+if ($dir = @opendir($_CONF['path'] . 'plugins/spamx/')) {
+ while (($file = readdir($dir)) !== false) {
+ if (is_file($_CONF['path'] . 'plugins/spamx/' . $file)) {
+ if (substr($file, -16) == '.Admin.class.php') {
+ $tmp = str_replace('.Admin.class.php', '', $file);
+ array_push($files, $tmp);
}
}
}
- closedir ($dir);
+ closedir($dir);
}
$display .= '<p><b>' . $LANG_SX00['adminc'] . '</b></p><ul>';
foreach ($files as $file) {
- require_once ($_CONF['path'] . 'plugins/spamx/' . $file . '.Admin.class.php');
+ require_once $_CONF['path'] . 'plugins/spamx/' . $file . '.Admin.class.php';
+
$CM = new $file;
- $display .= '<li>' . COM_createLink($CM->link (), $_CONF['site_admin_url']
+ $display .= '<li>' . COM_createLink($CM->link(), $_CONF['site_admin_url']
. '/plugins/spamx/index.php?command=' . $file) . '</li>';
}
$display .= '<li>' . COM_createLink($LANG_SX00['documentation'],
plugin_getdocumentationurl_spamx('index')) . '</li>';
$display .= '</ul>';
-if (isset ($_REQUEST['command'])) {
- $CM = new $_REQUEST['command'];
- $display .= $CM->display ();
+if (isset($_REQUEST['command'])) {
+ $cmd = COM_applyFilter($_REQUEST['command']);
+ if (!empty($cmd) && in_array($cmd, $files)) {
+ $CM = new $cmd;
+ $display .= $CM->display();
+ }
}
-$display .= COM_siteFooter (true);
+$display .= COM_siteFooter(true);
echo $display;
More information about the geeklog-cvs
mailing list