mirror of
https://github.com/icecoder/ICEcoder.git
synced 2026-03-03 07:13:59 +01:00
Remove use of strClean
This commit is contained in:
mattpass
@@ -3,7 +3,7 @@ include("headers.php");
|
||||
include("settings.php");
|
||||
|
||||
// Establish the real absolute path to the file
|
||||
$file = realpath($docRoot.$iceRoot.str_replace("|","/",strClean($_GET['file'])));
|
||||
$file = realpath($docRoot.$iceRoot.str_replace("|","/",$_GET['file']));
|
||||
// If it doesn't exist, or doesn't start with the $docRoot, stop here
|
||||
if (!file_exists($file) || strpos(str_replace("\\","/",$file),$docRoot) !== 0) {
|
||||
die("<script>top.ICEcoder.message('Sorry, that file doesn\'t appear to exist');</script>");
|
||||
|
||||
@@ -5,7 +5,7 @@ $t = $text['multiple-results'];
|
||||
?>
|
||||
<?php
|
||||
if(isset($_GET['selectedFiles'])) {
|
||||
$selectedFiles=explode(":",strClean($_GET['selectedFiles']));
|
||||
$selectedFiles=explode(":",$_GET['selectedFiles']);
|
||||
}
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
@@ -79,7 +79,7 @@ if (startTab!=top.ICEcoder.selectedTab) {
|
||||
for (var i=0;i<spansArray.length;i++) {
|
||||
foundInSelected = false;
|
||||
targetURL = spansArray[i].id.replace(/\|/g,"/").toLowerCase();
|
||||
if ( targetURL.lastIndexOf(findText.toLowerCase()) > targetURL.lastIndexOf("/")
|
||||
if ( targetURL.lastIndexOf(findText.toLowerCase()) > targetURL.lastIndexOf("/")
|
||||
&& targetURL.indexOf(findText.toLowerCase())>-1 && targetURL.indexOf('_perms')>-1) {
|
||||
if (userTarget.indexOf("selected")>-1) {
|
||||
for (var j=0;j<top.ICEcoder.selectedFiles.length;j++) {
|
||||
@@ -100,7 +100,7 @@ if (startTab!=top.ICEcoder.selectedTab) {
|
||||
<?php if (!isset($_GET['replace'])) { ?>
|
||||
resultsDisplay += '<div id="foundCount'+i+'">'+spansArray[i].innerHTML+'</div>';
|
||||
<?php ;} else { ?>
|
||||
resultsDisplay += '<div id="foundCount'+i+'">'+spansArray[i].innerHTML+', <?php echo $t['rename to'];?> '+targetURL.replace(/\|/g,"/").replace(/_perms/g,"").replace(/<?php echo str_replace("/","\/",strtolower($findText)); ?>/g,"<b><?php if(isset($_GET['replace'])) {echo strtolower(strClean($_GET['replace']));};?></b>")+'</div>';
|
||||
resultsDisplay += '<div id="foundCount'+i+'">'+spansArray[i].innerHTML+', <?php echo $t['rename to'];?> '+targetURL.replace(/\|/g,"/").replace(/_perms/g,"").replace(/<?php echo str_replace("/","\/",strtolower($findText)); ?>/g,"<b><?php if(isset($_GET['replace'])) {echo strtolower($_GET['replace']);};?></b>")+'</div>';
|
||||
<?php
|
||||
;};
|
||||
if (isset($_GET['replace'])) { ?>
|
||||
@@ -200,7 +200,7 @@ var replaceAll = function() {
|
||||
}
|
||||
|
||||
var replaceInFileSingle = function(fileRef) {
|
||||
top.ICEcoder.replaceInFile(fileRef,findText,'<?php if(isset($_GET['replace'])) {echo strClean($_GET['replace']);}; ?>');
|
||||
top.ICEcoder.replaceInFile(fileRef,findText,'<?php if(isset($_GET['replace'])) {echo $_GET['replace'];}; ?>');
|
||||
}
|
||||
|
||||
var replaceInFilesAll = function() {
|
||||
@@ -212,7 +212,7 @@ var replaceInFilesAll = function() {
|
||||
|
||||
var renameSingle = function(arrayRef) {
|
||||
fileRef = spansArray[arrayRef].id.replace(/\|/g,"/").replace(/_perms/g,"");
|
||||
newName = spansArray[arrayRef].id.replace(/\|/g,"/").replace(/_perms/g,"").replace(find,"<?php if(isset($_GET['replace'])) {echo strClean($_GET['replace']);}; ?>");
|
||||
newName = spansArray[arrayRef].id.replace(/\|/g,"/").replace(/_perms/g,"").replace(find,"<?php if(isset($_GET['replace'])) {echo $_GET['replace'];}; ?>");
|
||||
top.ICEcoder.renameFile(fileRef,newName);
|
||||
}
|
||||
|
||||
|
||||
@@ -25,7 +25,7 @@ if (!$demoMode && isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] && isset
|
||||
|
||||
// Store the plugin zip to the tmp dir
|
||||
$target = '../plugins/';
|
||||
$zipURL = $pluginsData[strClean($_GET['plugin'])]['zipURL'];
|
||||
$zipURL = $pluginsData[$_GET['plugin']]['zipURL'];
|
||||
$zipFile = "../tmp/".basename($zipURL);
|
||||
$fileData = getData($zipURL,'curl');
|
||||
file_put_contents($zipFile, $fileData);
|
||||
@@ -95,7 +95,7 @@ if (!$demoMode && isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] && isset
|
||||
|
||||
// Finally, delete the plugin itself
|
||||
$target = '../plugins/';
|
||||
$dirName = basename($pluginsData[strClean($_GET['plugin'])]['zipURL'],".zip");
|
||||
$dirName = basename($pluginsData[$_GET['plugin']]['zipURL'],".zip");
|
||||
deletePlugin($target.$dirName."/");
|
||||
}
|
||||
|
||||
|
||||
@@ -4,7 +4,7 @@ include("settings.php");
|
||||
$t = $text['properties'];
|
||||
|
||||
// Establish the real absolute path to the file/folder
|
||||
$fileName=realpath($docRoot.$iceRoot.str_replace("|","/",strClean($_GET['fileName'])));
|
||||
$fileName=realpath($docRoot.$iceRoot.str_replace("|","/",$_GET['fileName']));
|
||||
// If it doesn't exist, or doesn't start with the $docRoot, stop here
|
||||
if (!file_exists($fileName) || strpos(str_replace("\\","/",$fileName),$docRoot) !== 0) {
|
||||
die("<script>alert('Sorry - problem with file/folder requested');window.history.back();</script>");
|
||||
@@ -47,7 +47,7 @@ echo number_format($outputSize, 2, '.', '').$outputUnit." (".number_format($byte
|
||||
<span class="column"><?php echo $t['Last access'];?>: <?php echo date( "D jS M Y g:i:sa", fileatime($fileName)); ?></span>
|
||||
<br><br>
|
||||
<span class="column" style="width: 180px"><?php echo $t['Type'];?>: <?php echo is_dir($fileName) ? "Folder" : "File"; ?></span>
|
||||
<span class="column" style="margin: 0 10px"><?php echo $t['Readable Writeable'];?>:
|
||||
<span class="column" style="margin: 0 10px"><?php echo $t['Readable Writeable'];?>:
|
||||
<?php echo is_readable($fileName) ? "Yes" : "No"; ?> / <?php echo is_writeable($fileName) ? "Yes" : "No";?>
|
||||
</span>
|
||||
<span class="column"><?php echo $t['Relative path'];?>: <?php echo str_replace($docRoot,"",$fileName);?></span>
|
||||
|
||||
@@ -168,11 +168,6 @@ function verifyHash($pw, $orig) {
|
||||
return $origSalt.sha1($origSalt.$pw);
|
||||
}
|
||||
|
||||
// returns converted entities which have HTML entity equivalents
|
||||
function strClean($var) {
|
||||
return preg_replace("/javascript\:/i","javascript:",htmlentities($var, ENT_QUOTES, "UTF-8"));
|
||||
}
|
||||
|
||||
// returns a number, whole or decimal or null
|
||||
function numClean($var) {
|
||||
return is_numeric($var) ? floatval($var) : false;
|
||||
|
||||
@@ -12,7 +12,7 @@ if ($_SESSION['loggedIn'] && isset($_GET["saveFiles"]) && $_GET['saveFiles']) {
|
||||
$repPosEnd = strpos($settingsContents,'",',$repPosStart)-$repPosStart;
|
||||
if (!$demoMode) {
|
||||
if ($_GET['saveFiles']!="CLEAR") {
|
||||
$saveFiles=strClean($_GET['saveFiles']);
|
||||
$saveFiles=$_GET['saveFiles'];
|
||||
$saveFilesArray = explode(",",$saveFiles);
|
||||
$saveFiles="";
|
||||
for ($i=0;$i<count($saveFilesArray);$i++) {
|
||||
|
||||
@@ -14,41 +14,47 @@ if (!$demoMode && isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] && isset
|
||||
$languageUserChanged = $ICEcoder['languageUser'] != $_POST['languageUser'];
|
||||
|
||||
// Prepare all our vars
|
||||
$ICEcoder["root"] = xssClean($_POST['root'],"html");
|
||||
$ICEcoder["checkUpdates"] = isset($_POST['checkUpdates']) && $_POST['checkUpdates'] ? "true" : "false";
|
||||
$ICEcoder["openLastFiles"] = isset($_POST['openLastFiles']) && $_POST['openLastFiles'] ? "true" : "false";
|
||||
$ICEcoder["updateDiffOnSave"] = isset($_POST['updateDiffOnSave']) && $_POST['updateDiffOnSave'] ? "true" : "false";
|
||||
$ICEcoder["languageUser"] = strClean($_POST['languageUser']);
|
||||
$ICEcoder["backupsKept"] = isset($_POST['backupsKept']) && $_POST['backupsKept'] ? "true" : "false";
|
||||
$ICEcoder["backupsDays"] = intval($_POST['backupsDays']);
|
||||
$ICEcoder["deleteToTmp"] = isset($_POST['deleteToTmp']) && $_POST['deleteToTmp'] ? "true" : "false";
|
||||
$ICEcoder["findFilesExclude"] = 'array("'.str_replace(',','","',str_replace(" ","",strClean($_POST['findFilesExclude']))).'")';
|
||||
$ICEcoder["codeAssist"] = isset($_POST['codeAssist']) && $_POST['codeAssist'] ? "true" : "false";
|
||||
$ICEcoder["visibleTabs"] = isset($_POST['visibleTabs']) && $_POST['visibleTabs'] ? "true" : "false";
|
||||
$ICEcoder["lockedNav"] = isset($_POST['lockedNav']) && $_POST['lockedNav'] ? "true" : "false";
|
||||
$ICEcoder["tagWrapperCommand"] = strClean($_POST['tagWrapperCommand']);
|
||||
$ICEcoder["autoComplete"] = strClean($_POST['autoComplete']);
|
||||
if ($_POST['password']!="") {$ICEcoder["password"] = generateHash(strClean($_POST['password']));};
|
||||
$ICEcoder["bannedFiles"] = 'array("'.str_replace(',','","',str_replace(" ","",strClean($_POST['bannedFiles']))).'")';
|
||||
$ICEcoder["bannedPaths"] = 'array("'.str_replace(',','","',str_replace(" ","",strClean($_POST['bannedPaths']))).'")';
|
||||
$ICEcoder["allowedIPs"] = 'array("'.str_replace(',','","',str_replace(" ","",strClean($_POST['allowedIPs']))).'")';
|
||||
$ICEcoder["autoLogoutMins"] = intval($_POST['autoLogoutMins']);
|
||||
$ICEcoder["theme"] = strClean($_POST['theme']);
|
||||
$ICEcoder["fontSize"] = strClean($_POST['fontSize']);
|
||||
$ICEcoder["lineWrapping"] = strClean($_POST['lineWrapping']);
|
||||
$ICEcoder["lineNumbers"] = strClean($_POST['lineNumbers']);
|
||||
$ICEcoder["showTrailingSpace"] = strClean($_POST['showTrailingSpace']);
|
||||
$ICEcoder["matchBrackets"] = strClean($_POST['matchBrackets']);
|
||||
$ICEcoder["autoCloseTags"] = strClean($_POST['autoCloseTags']);
|
||||
$ICEcoder["autoCloseBrackets"] = strClean($_POST['autoCloseBrackets']);
|
||||
$ICEcoder["indentWithTabs"] = strClean($_POST['indentWithTabs']);
|
||||
$ICEcoder["indentAuto"] = strClean($_POST['indentAuto']);
|
||||
$ICEcoder["indentSize"] = intval($_POST['indentSize']);
|
||||
$ICEcoder["pluginPanelAligned"] = strClean($_POST['pluginPanelAligned']);
|
||||
$ICEcoder["bugFilePaths"] = 'array("'.str_replace(',','","',str_replace(" ","",strClean($_POST['bugFilePaths']))).'")';
|
||||
$ICEcoder["bugFileCheckTimer"] = intval($_POST['bugFileCheckTimer']) >= 0 ? intval($_POST['bugFileCheckTimer']) : 0;
|
||||
$ICEcoder["bugFileMaxLines"] = intval($_POST['bugFileMaxLines']);
|
||||
$ICEcoder["githubAuthToken"] = strClean($_POST['githubAuthToken']);
|
||||
$ICEcoder = array_merge(
|
||||
$ICEcoder,
|
||||
[
|
||||
"root" => xssClean($_POST['root'],"html"),
|
||||
"checkUpdates" => isset($_POST['checkUpdates']) && $_POST['checkUpdates'] ? "true" : "false",
|
||||
"openLastFiles" => isset($_POST['openLastFiles']) && $_POST['openLastFiles'] ? "true" : "false",
|
||||
"updateDiffOnSave" => isset($_POST['updateDiffOnSave']) && $_POST['updateDiffOnSave'] ? "true" : "false",
|
||||
"languageUser" => $_POST['languageUser'],
|
||||
"backupsKept" => isset($_POST['backupsKept']) && $_POST['backupsKept'] ? "true" : "false",
|
||||
"backupsDays" => intval($_POST['backupsDays']),
|
||||
"deleteToTmp" => isset($_POST['deleteToTmp']) && $_POST['deleteToTmp'] ? "true" : "false",
|
||||
"findFilesExclude" => 'array("'.str_replace(',','","',str_replace(" ","",$_POST['findFilesExclude'])).'")',
|
||||
"codeAssist" => isset($_POST['codeAssist']) && $_POST['codeAssist'] ? "true" : "false",
|
||||
"visibleTabs" => isset($_POST['visibleTabs']) && $_POST['visibleTabs'] ? "true" : "false",
|
||||
"lockedNav" => isset($_POST['lockedNav']) && $_POST['lockedNav'] ? "true" : "false",
|
||||
"tagWrapperCommand" => $_POST['tagWrapperCommand'],
|
||||
"autoComplete" => $_POST['autoComplete'],
|
||||
"bannedFiles" => 'array("'.str_replace(',','","',str_replace(" ","",$_POST['bannedFiles'])).'")',
|
||||
"bannedPaths" => 'array("'.str_replace(',','","',str_replace(" ","",$_POST['bannedPaths'])).'")',
|
||||
"allowedIPs" => 'array("'.str_replace(',','","',str_replace(" ","",$_POST['allowedIPs'])).'")',
|
||||
"autoLogoutMins" => intval($_POST['autoLogoutMins']),
|
||||
"theme" => $_POST['theme'],
|
||||
"fontSize" => $_POST['fontSize'],
|
||||
"lineWrapping" => $_POST['lineWrapping'],
|
||||
"lineNumbers" => $_POST['lineNumbers'],
|
||||
"showTrailingSpace" => $_POST['showTrailingSpace'],
|
||||
"matchBrackets" => $_POST['matchBrackets'],
|
||||
"autoCloseTags" => $_POST['autoCloseTags'],
|
||||
"autoCloseBrackets" => $_POST['autoCloseBrackets'],
|
||||
"indentWithTabs" => $_POST['indentWithTabs'],
|
||||
"indentAuto" => $_POST['indentAuto'],
|
||||
"indentSize" => intval($_POST['indentSize']),
|
||||
"pluginPanelAligned" => $_POST['pluginPanelAligned'],
|
||||
"bugFilePaths" => 'array("'.str_replace(',','","',str_replace(" ","",$_POST['bugFilePaths'])).'")',
|
||||
"bugFileCheckTimer" => intval($_POST['bugFileCheckTimer']) >= 0 ? intval($_POST['bugFileCheckTimer']) : 0,
|
||||
"bugFileMaxLines" => intval($_POST['bugFileMaxLines']),
|
||||
"githubAuthToken" => $_POST['githubAuthToken']
|
||||
]
|
||||
);
|
||||
|
||||
if ($_POST['password']!="") {$ICEcoder["password"] = generateHash($_POST['password']);};
|
||||
|
||||
$settingsArray = array("root","checkUpdates","openLastFiles","updateDiffOnSave","languageUser","backupsKept","backupsDays","deleteToTmp","findFilesExclude","codeAssist","visibleTabs","lockedNav","tagWrapperCommand","autoComplete","password","bannedFiles","bannedPaths","allowedIPs","autoLogoutMins","theme","fontSize","lineWrapping","lineNumbers","showTrailingSpace","matchBrackets","autoCloseTags","autoCloseBrackets","indentWithTabs","indentAuto","indentSize","pluginPanelAligned","bugFilePaths","bugFileCheckTimer","bugFileMaxLines","githubAuthToken");
|
||||
$settingsNew = "";
|
||||
@@ -56,7 +62,7 @@ if (!$demoMode && isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] && isset
|
||||
$settingsNew .= '"'.$settingsArray[$i].'" => ';
|
||||
// Wrap certain values in double quotes
|
||||
$settingWrap = $settingsArray[$i]=="root"||$settingsArray[$i]=="password"||$settingsArray[$i]=="languageUser"||$settingsArray[$i]=="theme"||$settingsArray[$i]=="fontSize"||$settingsArray[$i]=="tagWrapperCommand"||$settingsArray[$i]=="autoComplete"||$settingsArray[$i]=="pluginPanelAligned"||$settingsArray[$i]=="githubAuthToken" ? '"' : '';
|
||||
|
||||
|
||||
if ($settingsArray[$i]=="password") {
|
||||
$settingsNew .= str_replace("\$", "\\$", $settingWrap.$ICEcoder[$settingsArray[$i]].$settingWrap.','.PHP_EOL);
|
||||
} else {
|
||||
@@ -79,7 +85,7 @@ if (!$demoMode && isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] && isset
|
||||
// OK, now the config file has been updated, update our current session with new arrays
|
||||
$settingsArray = array("findFilesExclude","bannedFiles","allowedIPs");
|
||||
for ($i=0;$i<count($settingsArray);$i++) {
|
||||
$_SESSION[$settingsArray[$i]] = $ICEcoder[$settingsArray[$i]] = explode(",",str_replace(" ","",strClean($_POST[$settingsArray[$i]])));
|
||||
$_SESSION[$settingsArray[$i]] = $ICEcoder[$settingsArray[$i]] = explode(",",str_replace(" ","",$_POST[$settingsArray[$i]]));
|
||||
}
|
||||
|
||||
// Work out the theme to use now
|
||||
@@ -116,6 +122,6 @@ if (!$demoMode && isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] && isset
|
||||
}
|
||||
|
||||
// With all that worked out, we can now hide the settings screen and apply the new settings
|
||||
$jsBugFilePaths = "['".str_replace(",","','",str_replace(" ","",strClean($_POST['bugFilePaths'])))."']";
|
||||
$jsBugFilePaths = "['".str_replace(",","','",str_replace(" ","",$_POST['bugFilePaths']))."']";
|
||||
echo "<script>top.ICEcoder.settingsScreen('hide');top.ICEcoder.useNewSettings('".$themeURL."',".$ICEcoder["codeAssist"].",".$ICEcoder["lockedNav"].",'".$ICEcoder["tagWrapperCommand"]."','".$ICEcoder["autoComplete"]."',".$ICEcoder["visibleTabs"].",'".$ICEcoder["fontSize"]."',".$ICEcoder["lineWrapping"].",".$ICEcoder["lineNumbers"].",".$ICEcoder["showTrailingSpace"].",".$ICEcoder["matchBrackets"].",".$ICEcoder["autoCloseTags"].",".$ICEcoder["autoCloseBrackets"].",".$ICEcoder["indentWithTabs"].",".$ICEcoder["indentAuto"].",".$ICEcoder["indentSize"].",'".$ICEcoder["pluginPanelAligned"]."',".$jsBugFilePaths.",".$ICEcoder["bugFileCheckTimer"].",".$ICEcoder["bugFileMaxLines"].",'".$githubAuthTokenSet."',".$ICEcoder["updateDiffOnSave"].",".$ICEcoder["autoLogoutMins"].",".$refreshFM.");top.iceRoot = '".$ICEcoder["root"]."';</script>";
|
||||
}
|
||||
|
||||
@@ -26,8 +26,8 @@ include_once(dirname(__FILE__)."/settings-common.php");
|
||||
|
||||
// Establish user settings file
|
||||
$username = "";
|
||||
if (isset($_POST['username']) && $_POST['username'] != "") {$username = strClean($_POST['username']."-");};
|
||||
if (isset($_SESSION['username']) && $_SESSION['username'] != "") {$username = strClean($_SESSION['username']."-");};
|
||||
if (isset($_POST['username']) && $_POST['username'] != "") {$username = $_POST['username']."-";};
|
||||
if (isset($_SESSION['username']) && $_SESSION['username'] != "") {$username = $_SESSION['username']."-";};
|
||||
$settingsFile = 'config-'.$username.str_replace(".","_",str_replace("www.","",$_SERVER['SERVER_NAME'])).'.php';
|
||||
|
||||
// Login is default
|
||||
@@ -115,7 +115,7 @@ if (!isset($_SESSION['username'])) {$_SESSION['username'] = false;};
|
||||
// Attempt a login with password
|
||||
if(isset($_POST['submit']) && $setPWorLogin=="login") {
|
||||
// On success, set username if multiUser, loggedIn to true and redirect
|
||||
if (verifyHash(strClean($_POST['password']),$ICEcoder["password"])==$ICEcoder["password"]) {
|
||||
if (verifyHash($_POST['password'],$ICEcoder["password"])==$ICEcoder["password"]) {
|
||||
session_regenerate_id();
|
||||
if ($ICEcoder["multiUser"]) {
|
||||
$_SESSION['username'] = $_POST['username'];
|
||||
@@ -195,7 +195,7 @@ if ((!$_SESSION['loggedIn'] || $ICEcoder["password"] == "") && !strpos($_SERVER[
|
||||
} elseif (!$_SESSION['loggedIn']) {
|
||||
// If the password hasn't been set and we're setting it
|
||||
if ($ICEcoder["password"] == "" && isset($_POST['submit']) && (strpos($_POST['submit'],"set password")>-1)) {
|
||||
$password = str_replace("\$", "\\$", generateHash(strClean($_POST['password'])));
|
||||
$password = str_replace("\$", "\\$", generateHash($_POST['password']));
|
||||
$settingsContents = getData("../data/".$settingsFile);
|
||||
// Replace our empty password with the one submitted by user
|
||||
$settingsContents = str_replace('"password" => "",','"password" => "'.$password.'",',$settingsContents);
|
||||
|
||||
Reference in New Issue
Block a user