mbirth/LuckyCoinkydink
1
0
Fork 0
Code Issues Pull Requests Activity

Merge branch 'master' of github.com:s9y/Serendipity

Browse Source
This commit is contained in:
Garvin Hicking 2017-01-26 08:16:22 +01:00
commit 5bf0cf9fea
6 changed files with 18 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
comment.php
View File

@ -9,7 +9,7 @@ include S9Y_INCLUDE_PATH . 'include/functions_entries_admin.inc.php';
header('Content-Type: text/html; charset=' . LANG_CHARSET);
if (isset($serendipity['GET']['delete'], $serendipity['GET']['entry'], $serendipity['GET']['type'])) {
if (isset($serendipity['GET']['delete'], $serendipity['GET']['entry'], $serendipity['GET']['type']) && serendipity_checkFormToken()) {
serendipity_deleteComment($serendipity['GET']['delete'], $serendipity['GET']['entry'], $serendipity['GET']['type']);
if (serendipity_isResponseClean($_SERVER['HTTP_REFERER']) && preg_match('@^https?://' . preg_quote($_SERVER['HTTP_HOST'], '@') . '@imsU')) {
header('Status: 302 Found');
@ -18,7 +18,7 @@ if (isset($serendipity['GET']['delete'], $serendipity['GET']['entry'], $serendip
}
}
if (isset($serendipity['GET']['switch'], $serendipity['GET']['entry'])) {
if (isset($serendipity['GET']['switch'], $serendipity['GET']['entry']) && serendipity_checkFormToken()) {
serendipity_allowCommentsToggle($serendipity['GET']['entry'], $serendipity['GET']['switch']);
}

3
docs/NEWS
View File

@ -22,6 +22,9 @@ Version 2.1-rc1 (January, 26th 2017)
* [Security] Redirection of comment.php now checks the referrer
and only allows the blog's host (thanks to Lee Sheldon Victor)
* [Security] Fix missing integer casting for inserting new categories
(thanks to cdxy)
* Disabled Selenium test files unless enabled

5
include/admin/plugins.inc.php
View File

@ -150,7 +150,7 @@ if (isset($_GET['serendipity']['plugin_to_conf'])) {
$data['license'] = $license;
$data['config'] = serendipity_plugin_config($plugin, $bag, $name, $desc, $config_names, true, true, true, true, 'plugin', $config_groups);
} elseif ( $serendipity['GET']['adminAction'] == 'addnew' ) {
} elseif ( $serendipity['GET']['adminAction'] == 'addnew' && serendipity_checkFormToken()) {
$serendipity['GET']['type'] = $serendipity['GET']['type'] ?: 'sidebar';
$data['adminAction'] = 'addnew';
$data['type'] = $serendipity['GET']['type'];
@ -358,7 +358,7 @@ if (isset($_GET['serendipity']['plugin_to_conf'])) {
}
}
if (isset($serendipity['GET']['install_plugin'])) {
if (isset($serendipity['GET']['install_plugin']) && serendipity_checkFormToken()) {
$authorid = $serendipity['authorid'];
if (serendipity_checkPermission('adminPluginsMaintainOthers')) {
$authorid = '0';
@ -472,6 +472,7 @@ if (isset($_GET['serendipity']['plugin_to_conf'])) {
$data['updateAllMsg'] = isset($serendipity['GET']['updateAllMsg']);
}
$data['urltoken'] = serendipity_setFormToken('url');
echo serendipity_smarty_show('admin/plugins.inc.tpl', $data);

3
include/functions_comments.inc.php
View File

@ -357,6 +357,7 @@ function serendipity_printComments($comments, $parentid = 0, $depth = 0, $trace
$_smartyComments = array();
}
$formToken = serendipity_setFormToken('url');
$i = 0;
foreach ($comments as $comment) {
if ($parentid === VIEWMODE_LINEAR || !isset($comment['parent_id']) || $comment['parent_id'] == $parentid) {
@ -364,7 +365,7 @@ function serendipity_printComments($comments, $parentid = 0, $depth = 0, $trace
$comment['comment'] = serendipity_specialchars(strip_tags($comment['body']));
$comment['url'] = strip_tags($comment['url']);
$comment['link_delete'] = $serendipity['baseURL'] . 'comment.php?serendipity[delete]=' . $comment['id'] . '&serendipity[entry]=' . $comment['entry_id'] . '&serendipity[type]=comments';
$comment['link_delete'] = $serendipity['baseURL'] . 'comment.php?serendipity[delete]=' . $comment['id'] . '&serendipity[entry]=' . $comment['entry_id'] . '&serendipity[type]=comments&' . $formToken;
/* Fix invalid cases in protocoll part */
if (!empty($comment['url'])) {

7
include/functions_entries.inc.php
View File

@ -1175,8 +1175,9 @@ function serendipity_printEntries($entries, $extended = 0, $preview = false, $sm
$entry['link_rdf'] = serendipity_rewriteURL(PATH_FEEDS . '/ei_'. $entry['id'] .'.rdf');
$entry['title_rdf'] = serendipity_specialchars($entry['title_rdf']);
$entry['link_allow_comments'] = $serendipity['baseURL'] . 'comment.php?serendipity[switch]=enable&serendipity[entry]=' . $entry['id'];
$entry['link_deny_comments'] = $serendipity['baseURL'] . 'comment.php?serendipity[switch]=disable&serendipity[entry]=' . $entry['id'];
$formToken = serendipity_setFormToken('url');
$entry['link_allow_comments'] = $serendipity['baseURL'] . 'comment.php?serendipity[switch]=enable&serendipity[entry]=' . $entry['id'] . '&' . $formToken;
$entry['link_deny_comments'] = $serendipity['baseURL'] . 'comment.php?serendipity[switch]=disable&serendipity[entry]=' . $entry['id'] . '&' . $formToken;
$entry['allow_comments'] = serendipity_db_bool($entry['allow_comments']);
$entry['moderate_comments'] = serendipity_db_bool($entry['moderate_comments']);
$entry['viewmode'] = ($serendipity['GET']['cview'] == VIEWMODE_LINEAR ? VIEWMODE_LINEAR : VIEWMODE_THREADED);
@ -1523,7 +1524,7 @@ function serendipity_updertEntry($entry) {
if (is_array($categories)) {
serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}entrycat WHERE entryid={$entry['id']}");
foreach ($categories as $cat) {
serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}entrycat (entryid, categoryid) VALUES ({$entry['id']}, {$cat})");
serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}entrycat (entryid, categoryid) VALUES ({$entry['id']}, " . (int)$cat . ")");
}
} elseif ($had_categories) {
// This case actually only happens if an existing entry is edited, and its category assignments are all removed.

8
templates/2k11/admin/plugins.inc.tpl
View File

@ -132,9 +132,9 @@
{if isset($requirements_failures.{$plug.class_name})}
<span class="unmet_requirements msg_error"><span class="icon-attention-circled" aria-hidden="true"></span> {$CONST.UNMET_REQUIREMENTS|sprintf:"{if $requirements_failures.{$plug.class_name}.s9y}s9y $plug.requirements..serendipity,{/if} {if $requirements_failures.{$plug.class_name}.php}PHP $plug.requirements.php,{/if} {if $requirements_failures.{$plug.class_name}.smarty}Smarty $plug.requirements.smarty{/if}"}</span>
{elseif $plug['upgradable'] == true}
<a class="button_link" href="?serendipity[adminModule]=plugins&amp;serendipity[pluginPath]={$plug.pluginPath}&amp;serendipity[install_plugin]={$plug.plugin_class}{if isset($plug['customURI'])}{$plug.customURI}{/if}" title="{$CONST.PLUGIN_EVENT_SPARTACUS_CHECK_HINT}">{$CONST.UPGRADE}</a>
<a class="button_link" href="?serendipity[adminModule]=plugins&amp;serendipity[pluginPath]={$plug.pluginPath}&amp;serendipity[install_plugin]={$plug.plugin_class}{if isset($plug['customURI'])}{$plug.customURI}{/if}&amp;{$urltoken}" title="{$CONST.PLUGIN_EVENT_SPARTACUS_CHECK_HINT}">{$CONST.UPGRADE}</a>
{elseif $plug.installable == true}
<a class="button_link" href="?serendipity[adminModule]=plugins&amp;serendipity[pluginPath]={$plug.pluginPath}&amp;serendipity[install_plugin]={$plug.plugin_class}{if isset($plug.customURI)}{$plug.customURI}{/if}">{$CONST.INSTALL}</a>
<a class="button_link" href="?serendipity[adminModule]=plugins&amp;serendipity[pluginPath]={$plug.pluginPath}&amp;serendipity[install_plugin]={$plug.plugin_class}{if isset($plug.customURI)}{$plug.customURI}{/if}&amp;{$urltoken}">{$CONST.INSTALL}</a>
{else}
<span class="block_level"><span class="icon-ok-circled" aria-hidden="true"></span> {$CONST.ALREADY_INSTALLED}</span>
{/if}
@ -168,7 +168,7 @@
<div class="tabs" id="pluginlist_tabs">
<section id="pluginlist_sidebar" class="panel">
<h3>{$CONST.SIDEBAR_PLUGINS}</h3>
<a class="button_link" href="?serendipity[adminModule]=plugins&amp;serendipity[adminAction]=addnew" title='{$CONST.CLICK_HERE_TO_INSTALL_PLUGIN|sprintf:"{$CONST.SIDEBAR_PLUGIN}"}'>{$CONST.INSTALL_NEW_SIDEBAR_PLUGIN}</a>
<a class="button_link" href="?serendipity[adminModule]=plugins&amp;serendipity[adminAction]=addnew&amp;{$urltoken}" title='{$CONST.CLICK_HERE_TO_INSTALL_PLUGIN|sprintf:"{$CONST.SIDEBAR_PLUGIN}"}'>{$CONST.INSTALL_NEW_SIDEBAR_PLUGIN}</a>
{$backend_plugins_sidebar_header}
{$sidebar_plugins}
@ -176,7 +176,7 @@
<section id="pluginlist_event" class="panel">
<h3>{$CONST.EVENT_PLUGINS}</h3>
<a class="button_link" href="?serendipity[adminModule]=plugins&amp;serendipity[adminAction]=addnew&amp;serendipity[type]=event" title='{$CONST.CLICK_HERE_TO_INSTALL_PLUGIN|sprintf:"{$CONST.EVENT_PLUGIN}"}'>{$CONST.INSTALL_NEW_EVENT_PLUGIN}</a>
<a class="button_link" href="?serendipity[adminModule]=plugins&amp;serendipity[adminAction]=addnew&amp;serendipity[type]=event&amp;{$urltoken}" title='{$CONST.CLICK_HERE_TO_INSTALL_PLUGIN|sprintf:"{$CONST.EVENT_PLUGIN}"}'>{$CONST.INSTALL_NEW_EVENT_PLUGIN}</a>
{$backend_plugins_event_header}
{$event_plugins}