mbirth/LuckyCoinkydink
1
0
Fork 0
Code Issues Pull Requests Activity

Merge branch 'master' of github.com:s9y/Serendipity

Browse Source
This commit is contained in:
Garvin Hicking 2017-01-26 08:16:22 +01:00
commit 5bf0cf9fea
6 changed files with 18 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
comment.php
View File

@ -9,7 +9,7 @@ include S9Y_INCLUDE_PATH . 'include/functions_entries_admin.inc.php';
header('Content-Type: text/html; charset=' . LANG_CHARSET); header('Content-Type: text/html; charset=' . LANG_CHARSET);
if (isset($serendipity['GET']['delete'], $serendipity['GET']['entry'], $serendipity['GET']['type'])) { if (isset($serendipity['GET']['delete'], $serendipity['GET']['entry'], $serendipity['GET']['type']) && serendipity_checkFormToken()) {
serendipity_deleteComment($serendipity['GET']['delete'], $serendipity['GET']['entry'], $serendipity['GET']['type']); serendipity_deleteComment($serendipity['GET']['delete'], $serendipity['GET']['entry'], $serendipity['GET']['type']);
if (serendipity_isResponseClean($_SERVER['HTTP_REFERER']) && preg_match('@^https?://' . preg_quote($_SERVER['HTTP_HOST'], '@') . '@imsU')) { if (serendipity_isResponseClean($_SERVER['HTTP_REFERER']) && preg_match('@^https?://' . preg_quote($_SERVER['HTTP_HOST'], '@') . '@imsU')) {
header('Status: 302 Found'); header('Status: 302 Found');
@ -18,7 +18,7 @@ if (isset($serendipity['GET']['delete'], $serendipity['GET']['entry'], $serendip
} }
} }
if (isset($serendipity['GET']['switch'], $serendipity['GET']['entry'])) { if (isset($serendipity['GET']['switch'], $serendipity['GET']['entry']) && serendipity_checkFormToken()) {
serendipity_allowCommentsToggle($serendipity['GET']['entry'], $serendipity['GET']['switch']); serendipity_allowCommentsToggle($serendipity['GET']['entry'], $serendipity['GET']['switch']);
} }

3
docs/NEWS
View File

@ -23,6 +23,9 @@ Version 2.1-rc1 (January, 26th 2017)
* [Security] Redirection of comment.php now checks the referrer * [Security] Redirection of comment.php now checks the referrer
and only allows the blog's host (thanks to Lee Sheldon Victor) and only allows the blog's host (thanks to Lee Sheldon Victor)
* [Security] Fix missing integer casting for inserting new categories
(thanks to cdxy)
* Disabled Selenium test files unless enabled * Disabled Selenium test files unless enabled
Version 2.1-beta2 (September 26th, 2016) Version 2.1-beta2 (September 26th, 2016)

5
include/admin/plugins.inc.php
View File

@ -150,7 +150,7 @@ if (isset($_GET['serendipity']['plugin_to_conf'])) {
$data['license'] = $license; $data['license'] = $license;
$data['config'] = serendipity_plugin_config($plugin, $bag, $name, $desc, $config_names, true, true, true, true, 'plugin', $config_groups); $data['config'] = serendipity_plugin_config($plugin, $bag, $name, $desc, $config_names, true, true, true, true, 'plugin', $config_groups);
} elseif ( $serendipity['GET']['adminAction'] == 'addnew' ) { } elseif ( $serendipity['GET']['adminAction'] == 'addnew' && serendipity_checkFormToken()) {
$serendipity['GET']['type'] = $serendipity['GET']['type'] ?: 'sidebar'; $serendipity['GET']['type'] = $serendipity['GET']['type'] ?: 'sidebar';
$data['adminAction'] = 'addnew'; $data['adminAction'] = 'addnew';
$data['type'] = $serendipity['GET']['type']; $data['type'] = $serendipity['GET']['type'];
@ -358,7 +358,7 @@ if (isset($_GET['serendipity']['plugin_to_conf'])) {
} }
} }
if (isset($serendipity['GET']['install_plugin'])) { if (isset($serendipity['GET']['install_plugin']) && serendipity_checkFormToken()) {
$authorid = $serendipity['authorid']; $authorid = $serendipity['authorid'];
if (serendipity_checkPermission('adminPluginsMaintainOthers')) { if (serendipity_checkPermission('adminPluginsMaintainOthers')) {
$authorid = '0'; $authorid = '0';
@ -472,6 +472,7 @@ if (isset($_GET['serendipity']['plugin_to_conf'])) {
$data['updateAllMsg'] = isset($serendipity['GET']['updateAllMsg']); $data['updateAllMsg'] = isset($serendipity['GET']['updateAllMsg']);
} }
$data['urltoken'] = serendipity_setFormToken('url');
echo serendipity_smarty_show('admin/plugins.inc.tpl', $data); echo serendipity_smarty_show('admin/plugins.inc.tpl', $data);

3
include/functions_comments.inc.php
View File

@ -357,6 +357,7 @@ function serendipity_printComments($comments, $parentid = 0, $depth = 0, $trace
$_smartyComments = array(); $_smartyComments = array();
} }
$formToken = serendipity_setFormToken('url');
$i = 0; $i = 0;
foreach ($comments as $comment) { foreach ($comments as $comment) {
if ($parentid === VIEWMODE_LINEAR || !isset($comment['parent_id']) || $comment['parent_id'] == $parentid) { if ($parentid === VIEWMODE_LINEAR || !isset($comment['parent_id']) || $comment['parent_id'] == $parentid) {
@ -364,7 +365,7 @@ function serendipity_printComments($comments, $parentid = 0, $depth = 0, $trace
$comment['comment'] = serendipity_specialchars(strip_tags($comment['body'])); $comment['comment'] = serendipity_specialchars(strip_tags($comment['body']));
$comment['url'] = strip_tags($comment['url']); $comment['url'] = strip_tags($comment['url']);
$comment['link_delete'] = $serendipity['baseURL'] . 'comment.php?serendipity[delete]=' . $comment['id'] . '&serendipity[entry]=' . $comment['entry_id'] . '&serendipity[type]=comments'; $comment['link_delete'] = $serendipity['baseURL'] . 'comment.php?serendipity[delete]=' . $comment['id'] . '&serendipity[entry]=' . $comment['entry_id'] . '&serendipity[type]=comments&' . $formToken;
/* Fix invalid cases in protocoll part */ /* Fix invalid cases in protocoll part */
if (!empty($comment['url'])) { if (!empty($comment['url'])) {

7
include/functions_entries.inc.php
View File

@ -1175,8 +1175,9 @@ function serendipity_printEntries($entries, $extended = 0, $preview = false, $sm
$entry['link_rdf'] = serendipity_rewriteURL(PATH_FEEDS . '/ei_'. $entry['id'] .'.rdf'); $entry['link_rdf'] = serendipity_rewriteURL(PATH_FEEDS . '/ei_'. $entry['id'] .'.rdf');
$entry['title_rdf'] = serendipity_specialchars($entry['title_rdf']); $entry['title_rdf'] = serendipity_specialchars($entry['title_rdf']);
$entry['link_allow_comments'] = $serendipity['baseURL'] . 'comment.php?serendipity[switch]=enable&serendipity[entry]=' . $entry['id']; $formToken = serendipity_setFormToken('url');
$entry['link_deny_comments'] = $serendipity['baseURL'] . 'comment.php?serendipity[switch]=disable&serendipity[entry]=' . $entry['id']; $entry['link_allow_comments'] = $serendipity['baseURL'] . 'comment.php?serendipity[switch]=enable&serendipity[entry]=' . $entry['id'] . '&' . $formToken;
$entry['link_deny_comments'] = $serendipity['baseURL'] . 'comment.php?serendipity[switch]=disable&serendipity[entry]=' . $entry['id'] . '&' . $formToken;
$entry['allow_comments'] = serendipity_db_bool($entry['allow_comments']); $entry['allow_comments'] = serendipity_db_bool($entry['allow_comments']);
$entry['moderate_comments'] = serendipity_db_bool($entry['moderate_comments']); $entry['moderate_comments'] = serendipity_db_bool($entry['moderate_comments']);
$entry['viewmode'] = ($serendipity['GET']['cview'] == VIEWMODE_LINEAR ? VIEWMODE_LINEAR : VIEWMODE_THREADED); $entry['viewmode'] = ($serendipity['GET']['cview'] == VIEWMODE_LINEAR ? VIEWMODE_LINEAR : VIEWMODE_THREADED);
@ -1523,7 +1524,7 @@ function serendipity_updertEntry($entry) {
if (is_array($categories)) { if (is_array($categories)) {
serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}entrycat WHERE entryid={$entry['id']}"); serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}entrycat WHERE entryid={$entry['id']}");
foreach ($categories as $cat) { foreach ($categories as $cat) {
serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}entrycat (entryid, categoryid) VALUES ({$entry['id']}, {$cat})"); serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}entrycat (entryid, categoryid) VALUES ({$entry['id']}, " . (int)$cat . ")");
} }
} elseif ($had_categories) { } elseif ($had_categories) {
// This case actually only happens if an existing entry is edited, and its category assignments are all removed. // This case actually only happens if an existing entry is edited, and its category assignments are all removed.

8
templates/2k11/admin/plugins.inc.tpl
View File

@ -132,9 +132,9 @@
{if isset($requirements_failures.{$plug.class_name})} {if isset($requirements_failures.{$plug.class_name})}
<span class="unmet_requirements msg_error"><span class="icon-attention-circled" aria-hidden="true"></span> {$CONST.UNMET_REQUIREMENTS|sprintf:"{if $requirements_failures.{$plug.class_name}.s9y}s9y $plug.requirements..serendipity,{/if} {if $requirements_failures.{$plug.class_name}.php}PHP $plug.requirements.php,{/if} {if $requirements_failures.{$plug.class_name}.smarty}Smarty $plug.requirements.smarty{/if}"}</span> <span class="unmet_requirements msg_error"><span class="icon-attention-circled" aria-hidden="true"></span> {$CONST.UNMET_REQUIREMENTS|sprintf:"{if $requirements_failures.{$plug.class_name}.s9y}s9y $plug.requirements..serendipity,{/if} {if $requirements_failures.{$plug.class_name}.php}PHP $plug.requirements.php,{/if} {if $requirements_failures.{$plug.class_name}.smarty}Smarty $plug.requirements.smarty{/if}"}</span>
{elseif $plug['upgradable'] == true} {elseif $plug['upgradable'] == true}
<a class="button_link" href="?serendipity[adminModule]=plugins&amp;serendipity[pluginPath]={$plug.pluginPath}&amp;serendipity[install_plugin]={$plug.plugin_class}{if isset($plug['customURI'])}{$plug.customURI}{/if}" title="{$CONST.PLUGIN_EVENT_SPARTACUS_CHECK_HINT}">{$CONST.UPGRADE}</a> <a class="button_link" href="?serendipity[adminModule]=plugins&amp;serendipity[pluginPath]={$plug.pluginPath}&amp;serendipity[install_plugin]={$plug.plugin_class}{if isset($plug['customURI'])}{$plug.customURI}{/if}&amp;{$urltoken}" title="{$CONST.PLUGIN_EVENT_SPARTACUS_CHECK_HINT}">{$CONST.UPGRADE}</a>
{elseif $plug.installable == true} {elseif $plug.installable == true}
<a class="button_link" href="?serendipity[adminModule]=plugins&amp;serendipity[pluginPath]={$plug.pluginPath}&amp;serendipity[install_plugin]={$plug.plugin_class}{if isset($plug.customURI)}{$plug.customURI}{/if}">{$CONST.INSTALL}</a> <a class="button_link" href="?serendipity[adminModule]=plugins&amp;serendipity[pluginPath]={$plug.pluginPath}&amp;serendipity[install_plugin]={$plug.plugin_class}{if isset($plug.customURI)}{$plug.customURI}{/if}&amp;{$urltoken}">{$CONST.INSTALL}</a>
{else} {else}
<span class="block_level"><span class="icon-ok-circled" aria-hidden="true"></span> {$CONST.ALREADY_INSTALLED}</span> <span class="block_level"><span class="icon-ok-circled" aria-hidden="true"></span> {$CONST.ALREADY_INSTALLED}</span>
{/if} {/if}
@ -168,7 +168,7 @@
<div class="tabs" id="pluginlist_tabs"> <div class="tabs" id="pluginlist_tabs">
<section id="pluginlist_sidebar" class="panel"> <section id="pluginlist_sidebar" class="panel">
<h3>{$CONST.SIDEBAR_PLUGINS}</h3> <h3>{$CONST.SIDEBAR_PLUGINS}</h3>
<a class="button_link" href="?serendipity[adminModule]=plugins&amp;serendipity[adminAction]=addnew" title='{$CONST.CLICK_HERE_TO_INSTALL_PLUGIN|sprintf:"{$CONST.SIDEBAR_PLUGIN}"}'>{$CONST.INSTALL_NEW_SIDEBAR_PLUGIN}</a> <a class="button_link" href="?serendipity[adminModule]=plugins&amp;serendipity[adminAction]=addnew&amp;{$urltoken}" title='{$CONST.CLICK_HERE_TO_INSTALL_PLUGIN|sprintf:"{$CONST.SIDEBAR_PLUGIN}"}'>{$CONST.INSTALL_NEW_SIDEBAR_PLUGIN}</a>
{$backend_plugins_sidebar_header} {$backend_plugins_sidebar_header}
{$sidebar_plugins} {$sidebar_plugins}
@ -176,7 +176,7 @@
<section id="pluginlist_event" class="panel"> <section id="pluginlist_event" class="panel">
<h3>{$CONST.EVENT_PLUGINS}</h3> <h3>{$CONST.EVENT_PLUGINS}</h3>
<a class="button_link" href="?serendipity[adminModule]=plugins&amp;serendipity[adminAction]=addnew&amp;serendipity[type]=event" title='{$CONST.CLICK_HERE_TO_INSTALL_PLUGIN|sprintf:"{$CONST.EVENT_PLUGIN}"}'>{$CONST.INSTALL_NEW_EVENT_PLUGIN}</a> <a class="button_link" href="?serendipity[adminModule]=plugins&amp;serendipity[adminAction]=addnew&amp;serendipity[type]=event&amp;{$urltoken}" title='{$CONST.CLICK_HERE_TO_INSTALL_PLUGIN|sprintf:"{$CONST.EVENT_PLUGIN}"}'>{$CONST.INSTALL_NEW_EVENT_PLUGIN}</a>
{$backend_plugins_event_header} {$backend_plugins_event_header}
{$event_plugins} {$event_plugins}