mbirth/LuckyCoinkydink
Archived
1
0
Fork 0
Code Issues Pull Requests Activity

Ensure to not be able to call s9y files under circumstances where .htaccess does not deny request AND register_globals is turned on

Browse Source
This commit is contained in:
Garvin Hicking
2006-11-30 21:34:29 +00:00
parent e5014b2b78
commit f03841587a
23 changed files with 164 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
docs/NEWS
View File

@ -350,7 +350,14 @@ Version 1.1-alpha5()
* Removed config option "XHTML11 compliance" and enabled by default * Removed config option "XHTML11 compliance" and enabled by default
now (garvinhicking) now (garvinhicking)
Version 1.0.3 () Version 1.0.4 ()
------------------------------------------------------------------------
* Fix local file inclusion bug on systems with two conditions:
register_globals=on AND missing .htaccess for restricting access to
.inc.php files. (garvinhicking)
Version 1.0.3 (November 7th, 2006)
------------------------------------------------------------------------ ------------------------------------------------------------------------
* Fix PHP 5.2.0 compatibility issue. (garvinhicking) * Fix PHP 5.2.0 compatibility issue. (garvinhicking)

6
include/admin/configuration.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details # All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
umask(0000); umask(0000);
$umask = 0775; $umask = 0775;
@define('IN_installer', true); @define('IN_installer', true);
@ -47,7 +51,7 @@ switch ($_POST['installAction'] && serendipity_checkFormToken()) {
$permalinkNew[] = $serendipity[$permitem['var']]; $permalinkNew[] = $serendipity[$permitem['var']];
} }
} }
} }
if (serendipity_checkPermission('siteConfiguration') && serialize($permalinkOld) != serialize($permalinkNew)) { if (serendipity_checkPermission('siteConfiguration') && serialize($permalinkOld) != serialize($permalinkNew)) {
printf(ATTEMPT_WRITE_FILE, $serendipity['serendipityPath'] . '.htaccess'); printf(ATTEMPT_WRITE_FILE, $serendipity['serendipityPath'] . '.htaccess');

4
include/admin/installer.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details # All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
umask(0000); umask(0000);
$umask = 0775; $umask = 0775;
@define('IN_installer', true); @define('IN_installer', true);

14
include/compat.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details # All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_COMPAT')) { if (defined('S9Y_FRAMEWORK_COMPAT')) {
return; return;
} }
@ -38,11 +42,11 @@ function memSnap($tshow = '') {
static $avail = null; static $avail = null;
static $show = true; static $show = true;
static $memUsage = 0; static $memUsage = 0;
if (!$show) { if (!$show) {
return false; return false;
} }
if ($avail === false) { if ($avail === false) {
return true; return true;
} elseif ($avail === null) { } elseif ($avail === null) {
@ -53,11 +57,11 @@ function memSnap($tshow = '') {
return false; return false;
} }
} }
if ($memUsage === 0) { if ($memUsage === 0) {
$memUsage = $avail; $memUsage = $avail;
} }
$current = memory_get_usage(); $current = memory_get_usage();
echo '[' . date('d.m.Y H:i') . '] ' . number_format($current - $memUsage, 2, ',', '.') . ' label "' . $tshow . '", totalling ' . number_format($current, 2, ',', '.') . '<br />' . "\n"; echo '[' . date('d.m.Y H:i') . '] ' . number_format($current - $memUsage, 2, ',', '.') . ' label "' . $tshow . '", totalling ' . number_format($current, 2, ',', '.') . '<br />' . "\n";
$memUsage = $current; $memUsage = $current;
@ -222,7 +226,7 @@ function serendipity_getCharset() {
$charset = ''; $charset = '';
} }
} }
if (!empty($serendipity['POST']['charset'])) { if (!empty($serendipity['POST']['charset'])) {
if ($serendipity['POST']['charset'] == 'UTF-8/') { if ($serendipity['POST']['charset'] == 'UTF-8/') {
$charset = 'UTF-8/'; $charset = 'UTF-8/';

8
include/functions.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details # All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_FUNCTIONS')) { if (defined('S9Y_FRAMEWORK_FUNCTIONS')) {
return; return;
} }
@ -323,7 +327,7 @@ function serendipity_walkRecursive($ary, $child_name = 'id', $parent_name = 'par
if ($depth !== 0) { if ($depth !== 0) {
return true; return true;
} }
if (count($_remain) > 0) { if (count($_remain) > 0) {
// Remaining items need to be appended // Remaining items need to be appended
foreach($_remain AS $key => $data) { foreach($_remain AS $key => $data) {
@ -1146,7 +1150,7 @@ function &serendipity_pickKey(&$array, $key, $default) {
function serendipity_db_time() { function serendipity_db_time() {
static $ts = null; static $ts = null;
static $cache = 300; // Seconds to cache static $cache = 300; // Seconds to cache
if ($ts === null) { if ($ts === null) {
$now = time(); $now = time();
$ts = $now - ($now % $cache) + $cache; $ts = $now - ($now % $cache) + $cache;

88
include/functions_calendars.inc.php
View File

@ -2,11 +2,15 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details # All rights reserved. See LICENSE file for licensing details
if (defined('S9Y_FRAMEWORK_CALENDARS')) { if (IN_serendipity !== true) {
return; die ("Don't hack!");
} }
@define('S9Y_FRAMEWORK_CALENDARS', true);
if (defined('S9Y_FRAMEWORK_CALENDARS')) {
return;
}
@define('S9Y_FRAMEWORK_CALENDARS', true);
/** /**
* Gregorian to Persian Convertor * Gregorian to Persian Convertor
* *
@ -20,42 +24,42 @@
function g2p($g_y, $g_m, $g_d){ function g2p($g_y, $g_m, $g_d){
$g_days_in_month = array(31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31); $g_days_in_month = array(31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31);
$j_days_in_month = array(31, 31, 31, 31, 31, 31, 30, 30, 30, 30, 30, 29); $j_days_in_month = array(31, 31, 31, 31, 31, 31, 30, 30, 30, 30, 30, 29);
$gy = $g_y-1600; $gy = $g_y-1600;
$gm = $g_m-1; $gm = $g_m-1;
$gd = $g_d-1; $gd = $g_d-1;
$g_day_no = 365*$gy+floor(($gy+3)/4)-floor(($gy+99)/100)+floor(($gy+399)/400); $g_day_no = 365*$gy+floor(($gy+3)/4)-floor(($gy+99)/100)+floor(($gy+399)/400);
for ($i=0; $i < $gm; ++$i){ for ($i=0; $i < $gm; ++$i){
$g_day_no += $g_days_in_month[$i]; $g_day_no += $g_days_in_month[$i];
} }
if ($gm>1 && (($gy%4==0 && $gy%100!=0) || ($gy%400==0))){ if ($gm>1 && (($gy%4==0 && $gy%100!=0) || ($gy%400==0))){
/* leap and after Feb */ /* leap and after Feb */
++$g_day_no; ++$g_day_no;
} }
$g_day_no += $gd; $g_day_no += $gd;
$j_day_no = $g_day_no-79; $j_day_no = $g_day_no-79;
$j_np = floor($j_day_no/12053); $j_np = floor($j_day_no/12053);
$j_day_no %= 12053; $j_day_no %= 12053;
$jy = 979+33*$j_np+4*floor($j_day_no/1461); $jy = 979+33*$j_np+4*floor($j_day_no/1461);
$j_day_no %= 1461; $j_day_no %= 1461;
if ($j_day_no >= 366) { if ($j_day_no >= 366) {
$jy += floor(($j_day_no-1)/365); $jy += floor(($j_day_no-1)/365);
$j_day_no = ($j_day_no-1)%365; $j_day_no = ($j_day_no-1)%365;
} }
$j_all_days = $j_day_no+1; $j_all_days = $j_day_no+1;
for ($i = 0; $i < 11 && $j_day_no >= $j_days_in_month[$i]; ++$i) { for ($i = 0; $i < 11 && $j_day_no >= $j_days_in_month[$i]; ++$i) {
$j_day_no -= $j_days_in_month[$i]; $j_day_no -= $j_days_in_month[$i];
} }
$jm = $i+1; $jm = $i+1;
$jd = $j_day_no+1; $jd = $j_day_no+1;
return array($jy, $jm, $jd, $j_all_days); return array($jy, $jm, $jd, $j_all_days);
} }
@ -107,10 +111,10 @@ function p2g($j_y, $j_m, $j_d){
} }
$gm = $i+1; $gm = $i+1;
$gd = $g_day_no+1; $gd = $g_day_no+1;
return array($gy, $gm, $gd); return array($gy, $gm, $gd);
} }
/** /**
* Format a string according to Persian calendar (UTF) * Format a string according to Persian calendar (UTF)
* *
@ -121,11 +125,11 @@ function p2g($j_y, $j_m, $j_d){
* @return string Formatted local time/date according to locale settings * @return string Formatted local time/date according to locale settings
*/ */
function persian_strftime_utf($format, $timestamp='') { function persian_strftime_utf($format, $timestamp='') {
if($timestamp==''){ if($timestamp==''){
$timestamp = mktime(); $timestamp = mktime();
} }
$g_d=date('j', $timestamp); $g_d=date('j', $timestamp);
$g_m=date('n', $timestamp); $g_m=date('n', $timestamp);
$g_y=date('Y', $timestamp); $g_y=date('Y', $timestamp);
@ -155,12 +159,12 @@ function persian_strftime_utf($format, $timestamp='') {
'Wed' => '5', 'Wed' => '5',
'Thu' => '6', 'Thu' => '6',
'Fri' => '7'); 'Fri' => '7');
// calculate string // calculate string
$output_str=''; $output_str='';
for ($i=0; $i<strlen($format); $i++){ for ($i=0; $i<strlen($format); $i++){
if($format[$i]=='%'){ if($format[$i]=='%'){
$i++; $i++;
switch($format[$i]){ switch($format[$i]){
@ -256,7 +260,7 @@ function persian_strftime_utf($format, $timestamp='') {
$output_str.=$format[$i]; $output_str.=$format[$i];
} }
} }
return $output_str; return $output_str;
} }
@ -270,24 +274,24 @@ function persian_strftime_utf($format, $timestamp='') {
* @return string Formatted local time/date * @return string Formatted local time/date
*/ */
function persian_date_utf($format, $timestamp='') { function persian_date_utf($format, $timestamp='') {
if($timestamp==''){ if($timestamp==''){
$timestamp = mktime(); $timestamp = mktime();
} }
$g_d=date('j', $timestamp); $g_d=date('j', $timestamp);
$g_m=date('n', $timestamp); $g_m=date('n', $timestamp);
$g_y=date('Y', $timestamp); $g_y=date('Y', $timestamp);
list($jy, $jm, $jd, $j_all_days) = g2p($g_y, $g_m, $g_d); list($jy, $jm, $jd, $j_all_days) = g2p($g_y, $g_m, $g_d);
$j_days_in_month = array(0, 31, 31, 31, 31, 31, 31, 30, 30, 30, 30, 30, 29); $j_days_in_month = array(0, 31, 31, 31, 31, 31, 31, 30, 30, 30, 30, 30, 29);
$leap = 0; $leap = 0;
if ($g_m>1 && (($g_y%4==0 && $g_y%100!=0) || ($g_y%400==0))){ if ($g_m>1 && (($g_y%4==0 && $g_y%100!=0) || ($g_y%400==0))){
$j_days_in_month[12]++; $j_days_in_month[12]++;
$leap = 1; $leap = 1;
} }
$j_month_name = array('', 'فروردین', 'اردیبهشت', 'خرداد', 'تیر', $j_month_name = array('', 'فروردین', 'اردیبهشت', 'خرداد', 'تیر',
'مرداد', 'شهریور', 'مهر', 'آبان', 'آذر', 'دی', 'بهمن', 'اسفند'); 'مرداد', 'شهریور', 'مهر', 'آبان', 'آذر', 'دی', 'بهمن', 'اسفند');
$j_week_name = array('Saturday' => 'شنبه', $j_week_name = array('Saturday' => 'شنبه',
@ -311,12 +315,12 @@ function persian_date_utf($format, $timestamp='') {
'Wed' => '5', 'Wed' => '5',
'Thu' => '6', 'Thu' => '6',
'Fri' => '7'); 'Fri' => '7');
// calculate string // calculate string
$output_str=''; $output_str='';
for ($i=0; $i<strlen($format); $i++){ for ($i=0; $i<strlen($format); $i++){
if($format[$i]!='\\'){ if($format[$i]!='\\'){
switch($format[$i]){ switch($format[$i]){
case 'd': case 'd':
@ -355,7 +359,7 @@ function persian_date_utf($format, $timestamp='') {
case 't': case 't':
$output_str.=$j_days_in_month[$jm]; $output_str.=$j_days_in_month[$jm];
break; break;
case 'L': case 'L':
$output_str.=$leap; $output_str.=$leap;
break; break;
case 'o': case 'o':
@ -420,7 +424,7 @@ function persian_date_utf($format, $timestamp='') {
$output_str.=$format[$i]; $output_str.=$format[$i];
} }
} }
return $output_str; return $output_str;
} }
@ -441,24 +445,24 @@ function persian_date_utf($format, $timestamp='') {
*/ */
function persian_mktime($hour='', $min='', $sec='', $mon='', $day='', $year='', $is_dst=-1){ function persian_mktime($hour='', $min='', $sec='', $mon='', $day='', $year='', $is_dst=-1){
$j_days_in_month = array(31, 31, 31, 31, 31, 31, 30, 30, 30, 30, 30, 29); $j_days_in_month = array(31, 31, 31, 31, 31, 31, 30, 30, 30, 30, 30, 29);
if ( (string) $hour == '') { $hour = persian_date_utf('H'); } if ( (string) $hour == '') { $hour = persian_date_utf('H'); }
if ( (string) $min == '') { $min = persian_date_utf('i'); } if ( (string) $min == '') { $min = persian_date_utf('i'); }
if ( (string) $sec == '') { $sec = persian_date_utf('s'); } if ( (string) $sec == '') { $sec = persian_date_utf('s'); }
if ( (string) $day == '') { $day = persian_date_utf('j'); } if ( (string) $day == '') { $day = persian_date_utf('j'); }
if ( (string) $mon == '') { $mon = persian_date_utf('n'); } if ( (string) $mon == '') { $mon = persian_date_utf('n'); }
if ( (string) $year == '') { $year = persian_date_utf('Y'); } if ( (string) $year == '') { $year = persian_date_utf('Y'); }
/* /*
an ugly, beta code snippet to support days <= zero! an ugly, beta code snippet to support days <= zero!
it should work, but days in one or more months should calculate! it should work, but days in one or more months should calculate!
*/ */
/* /*
if($day <= 0){ if($day <= 0){
// change sign // change sign
$day = abs($day); $day = abs($day);
// calculate months and days that shall decrease // calculate months and days that shall decrease
// this do-while has a lot of errors!!! // this do-while has a lot of errors!!!
do{ do{
@ -466,7 +470,7 @@ function persian_mktime($hour='', $min='', $sec='', $mon='', $day='', $year='',
$months = floor($day/30); $months = floor($day/30);
$days = $day % 30; $days = $day % 30;
}while(); }while();
$mon -= $months; $mon -= $months;
$day -= $days; $day -= $days;
if ($day < 1) { if ($day < 1) {
@ -478,11 +482,11 @@ function persian_mktime($hour='', $min='', $sec='', $mon='', $day='', $year='',
if($mon <= 0){ if($mon <= 0){
// change sign // change sign
$mon = abs($mon); $mon = abs($mon);
// calculate years and months that shall decrease // calculate years and months that shall decrease
$years = floor($mon/12); $years = floor($mon/12);
$months = $mon % 12; $months = $mon % 12;
$year -= $years; $year -= $years;
$mon -= $months; $mon -= $months;
if ($mon < 1) { if ($mon < 1) {
@ -490,7 +494,7 @@ function persian_mktime($hour='', $min='', $sec='', $mon='', $day='', $year='',
$mon += 12; $mon += 12;
} }
} }
if ($day < 1) { if ($day < 1) {
$temp_month = $mon-1; $temp_month = $mon-1;
$temp_year = $year; $temp_year = $year;
@ -505,7 +509,7 @@ function persian_mktime($hour='', $min='', $sec='', $mon='', $day='', $year='',
} }
$day += $j_days_in_month[$temp_month]; $day += $j_days_in_month[$temp_month];
} }
list($year, $mon, $day)=p2g($year, $mon, $day); list($year, $mon, $day)=p2g($year, $mon, $day);
return mktime($hour, $min, $sec, $mon, $day, $year, $is_dst); return mktime($hour, $min, $sec, $mon, $day, $year, $is_dst);
} }

18
include/functions_comments.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details # All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_COMMENTS')) { if (defined('S9Y_FRAMEWORK_COMMENTS')) {
return; return;
} }
@ -126,7 +130,7 @@ function serendipity_fetchComments($id, $limit = null, $order = '', $showAll = f
} else { } else {
$limit = ''; $limit = '';
} }
if ($type == 'comments' || empty($type)) { if ($type == 'comments' || empty($type)) {
$type = 'NORMAL'; $type = 'NORMAL';
} elseif ($type == 'trackbacks') { } elseif ($type == 'trackbacks') {
@ -142,7 +146,7 @@ function serendipity_fetchComments($id, $limit = null, $order = '', $showAll = f
if (!$showAll) { if (!$showAll) {
$and .= ' AND co.status = \'approved\''; $and .= ' AND co.status = \'approved\'';
} }
$and .= $where; $and .= $where;
if ($serendipity['dbType'] == 'postgres') { if ($serendipity['dbType'] == 'postgres') {
@ -332,7 +336,7 @@ function serendipity_printCommentsByAuthor() {
} }
$sql_limit = $serendipity['fetchLimit'] * ($serendipity['GET']['page']-1) . ',' . $serendipity['fetchLimit']; $sql_limit = $serendipity['fetchLimit'] * ($serendipity['GET']['page']-1) . ',' . $serendipity['fetchLimit'];
$c = serendipity_fetchComments(null, $sql_limit, 'co.entry_id DESC, co.id ASC', false, $type, $sql_where); $c = serendipity_fetchComments(null, $sql_limit, 'co.entry_id DESC, co.id ASC', false, $type, $sql_where);
$entry_comments = array(); $entry_comments = array();
foreach($c as $i => $comment) { foreach($c as $i => $comment) {
if (!isset($entry_comments[$comment['entry_id']])) { if (!isset($entry_comments[$comment['entry_id']])) {
@ -341,7 +345,7 @@ function serendipity_printCommentsByAuthor() {
} }
$entry_comments[$comment['entry_id']]['comments'][] = $comment; $entry_comments[$comment['entry_id']]['comments'][] = $comment;
} }
foreach($entry_comments AS $entry_id => $_data) { foreach($entry_comments AS $entry_id => $_data) {
$entry_comments[$entry_id]['tpl_comments'] =& serendipity_printComments($_data['comments'], VIEWMODE_LINEAR, 0, null, 'COMMENTS', 'comments.tpl'); $entry_comments[$entry_id]['tpl_comments'] =& serendipity_printComments($_data['comments'], VIEWMODE_LINEAR, 0, null, 'COMMENTS', 'comments.tpl');
} }
@ -356,10 +360,10 @@ function serendipity_printCommentsByAuthor() {
$and .= ' AND co.status = \'approved\''; $and .= ' AND co.status = \'approved\'';
} }
$cc = serendipity_db_query("SELECT count(co.id) AS counter $cc = serendipity_db_query("SELECT count(co.id) AS counter
FROM {$serendipity['dbPrefix']}comments AS co FROM {$serendipity['dbPrefix']}comments AS co
WHERE co.entry_id > 0 WHERE co.entry_id > 0
AND co.type LIKE '" . $type . "' AND co.type LIKE '" . $type . "'
AND co.status = 'approved' " . $sql_where . " AND co.status = 'approved' " . $sql_where . "
GROUP BY co.author", true, 'assoc'); GROUP BY co.author", true, 'assoc');
if (!isset($cc['counter'])) { if (!isset($cc['counter'])) {

4
include/functions_config.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details # All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_CONFIG')) { if (defined('S9Y_FRAMEWORK_CONFIG')) {
return; return;
} }

4
include/functions_entries.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details # All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_ENTRIES')) { if (defined('S9Y_FRAMEWORK_ENTRIES')) {
return; return;
} }

4
include/functions_entries_admin.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details # All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_ENTRIES_ADMIN')) { if (defined('S9Y_FRAMEWORK_ENTRIES_ADMIN')) {
return; return;
} }

12
include/functions_images.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details # All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_IMAGES')) { if (defined('S9Y_FRAMEWORK_IMAGES')) {
return; return;
} }
@ -3315,15 +3319,15 @@ function serendipity_checkDirUpload($dir) {
return true; return true;
} }
*/ */
$allowed = serendipity_ACLGet(0, 'directory', 'write', $dir); $allowed = serendipity_ACLGet(0, 'directory', 'write', $dir);
$mygroups = serendipity_checkPermission(null, null, true); $mygroups = serendipity_checkPermission(null, null, true);
// Usergroup "0" always means that access is granted. If no array exists, no ACL restrictions have been set and all is fine. // Usergroup "0" always means that access is granted. If no array exists, no ACL restrictions have been set and all is fine.
if (!is_array($allowed) || isset($allowed[0])) { if (!is_array($allowed) || isset($allowed[0])) {
return true; return true;
} }
if (!is_array($mygroups)) { if (!is_array($mygroups)) {
return true; return true;
} }
@ -3334,6 +3338,6 @@ function serendipity_checkDirUpload($dir) {
break; break;
} }
} }
return false; return false;
} }

11
include/functions_images_crop.inc.php
View File

@ -258,7 +258,7 @@ class imgedit {
$this->slice_to_x = $this->slice_from_x + $this->slice_width; $this->slice_to_x = $this->slice_from_x + $this->slice_width;
$this->slice_to_y = $this->slice_from_y + $this->slice_height; $this->slice_to_y = $this->slice_from_y + $this->slice_height;
// TODO: // TODO:
// - Operate also on PNG, TIFF etc. // - Operate also on PNG, TIFF etc.
// - Support image magick // - Support image magick
// - Save file as new image! // - Save file as new image!
@ -283,7 +283,7 @@ class imgedit {
rename($new_img_name, $this->img_name); rename($new_img_name, $this->img_name);
$http_new_file = preg_replace('@^' . preg_quote($serendipity['serendipityPath'] . $serendipity['uploadPath']) . '@', '', $this->img_name); $http_new_file = preg_replace('@^' . preg_quote($serendipity['serendipityPath'] . $serendipity['uploadPath']) . '@', '', $this->img_name);
serendipity_makeThumbnail(basename($http_new_file), dirname($http_new_file) . '/'); serendipity_makeThumbnail(basename($http_new_file), dirname($http_new_file) . '/');
$this->img_name = $new_img_name; $this->img_name = $new_img_name;
$this->img_width = $new_img_width; $this->img_width = $new_img_width;
$this->img_height = $new_img_height; $this->img_height = $new_img_height;
@ -295,9 +295,9 @@ class imgedit {
function increment($fullfile) { function increment($fullfile) {
$d = dirname($fullfile) . '/'; $d = dirname($fullfile) . '/';
$f = basename($fullfile); $f = basename($fullfile);
$f = time() . '.' . $f; $f = time() . '.' . $f;
return $d . $f; return $d . $f;
} }
@ -391,7 +391,7 @@ class imgedit {
// Set the template variables // Set the template variables
function setVars() { function setVars() {
$this->imgedit_smarty['zoombox_width'] = $this->zoombox_width; $this->imgedit_smarty['zoombox_width'] = $this->zoombox_width;
$this->imgedit_smarty['zoombox_padding'] = $this->zoombox_width + 20; $this->imgedit_smarty['zoombox_padding'] = $this->zoombox_width + 20;
$this->imgedit_smarty['area_width'] = $this->area_width; $this->imgedit_smarty['area_width'] = $this->area_width;
@ -448,4 +448,3 @@ class imgedit {
return true; return true;
} }
} }
?>

3
include/functions_installer.inc.php
View File

@ -2,6 +2,9 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details # All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_INSTALLER')) { if (defined('S9Y_FRAMEWORK_INSTALLER')) {
return; return;

4
include/functions_permalinks.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details # All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_PERMALINKS')) { if (defined('S9Y_FRAMEWORK_PERMALINKS')) {
return; return;
} }

3
include/functions_plugins_admin.inc.php
View File

@ -2,6 +2,9 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details # All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_PLUGINS_ADMIN')) { if (defined('S9Y_FRAMEWORK_PLUGINS_ADMIN')) {
return; return;

4
include/functions_rss.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details # All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_RSS')) { if (defined('S9Y_FRAMEWORK_RSS')) {
return; return;
} }

6
include/functions_smarty.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details # All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_SMARTY')) { if (defined('S9Y_FRAMEWORK_SMARTY')) {
return; return;
} }
@ -354,7 +358,7 @@ function serendipity_smarty_showCommentForm($params, &$smarty) {
if (!isset($params['data'])) { if (!isset($params['data'])) {
$params['data'] = $serendipity['POST']; $params['data'] = $serendipity['POST'];
} }
if (!isset($params['showToolbar'])) { if (!isset($params['showToolbar'])) {
$params['showToolbar'] = true; $params['showToolbar'] = true;
} }

4
include/functions_trackbacks.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details # All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_TRACKBACKS')) { if (defined('S9Y_FRAMEWORK_TRACKBACKS')) {
return; return;
} }

16
include/functions_upgrader.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details # All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_UPGRADER')) { if (defined('S9Y_FRAMEWORK_UPGRADER')) {
return; return;
} }
@ -89,7 +93,7 @@ function serendipity_fixPlugins($case) {
'serendipity_event_searchhighlight', 'serendipity_event_searchhighlight',
'serendipity_event_textile' 'serendipity_event_textile'
); );
$elements = array( $elements = array(
'ENTRY_BODY', 'ENTRY_BODY',
'EXTENDED_BODY', 'EXTENDED_BODY',
@ -102,24 +106,24 @@ function serendipity_fixPlugins($case) {
$where[] = "name LIKE '$plugin:%'"; $where[] = "name LIKE '$plugin:%'";
} }
$rows = serendipity_db_query("SELECT name, value, authorid $rows = serendipity_db_query("SELECT name, value, authorid
FROM {$serendipity['dbPrefix']}config FROM {$serendipity['dbPrefix']}config
WHERE " . implode(' OR ', $where)); WHERE " . implode(' OR ', $where));
if (!is_array($rows)) { if (!is_array($rows)) {
return false; return false;
} }
foreach($rows AS $row) { foreach($rows AS $row) {
if (preg_match('@^(serendipity_event_.+):([a-z0-9]+)/(.+)@i', $row['name'], $plugin_data)) { if (preg_match('@^(serendipity_event_.+):([a-z0-9]+)/(.+)@i', $row['name'], $plugin_data)) {
foreach($elements AS $element) { foreach($elements AS $element) {
if ($plugin_data[3] != constant($element)) { if ($plugin_data[3] != constant($element)) {
continue; continue;
} }
$new = $plugin_data[1] . ':' . $plugin_data[2] . '/' . $element; $new = $plugin_data[1] . ':' . $plugin_data[2] . '/' . $element;
serendipity_db_query("UPDATE {$serendipity['dbPrefix']}config serendipity_db_query("UPDATE {$serendipity['dbPrefix']}config
SET name = '$new' SET name = '$new'
WHERE name = '{$row['name']}' WHERE name = '{$row['name']}'
AND value = '{$row['value']}' AND value = '{$row['value']}'
AND authorid = '{$row['authorid']}'"); AND authorid = '{$row['authorid']}'");
} }

6
include/genpage.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details # All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (!defined('S9Y_FRAMEWORK')) { if (!defined('S9Y_FRAMEWORK')) {
include('serendipity_config.inc.php'); include('serendipity_config.inc.php');
} }
@ -97,7 +101,7 @@ if ($serendipity['smarty_raw_mode']) {
case 'comments': case 'comments':
serendipity_printCommentsByAuthor(); serendipity_printCommentsByAuthor();
// use 'content_message' for pagination? // use 'content_message' for pagination?
break; break;
// Show the archive // Show the archive

4
include/lang.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details # All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (!defined('serendipity_LANG_LOADED') || serendipity_LANG_LOADED !== true) { if (!defined('serendipity_LANG_LOADED') || serendipity_LANG_LOADED !== true) {
$charset = serendipity_getCharset(); $charset = serendipity_getCharset();

4
include/plugin_internal.inc.php
View File

@ -2,6 +2,10 @@
# Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
# All rights reserved. See LICENSE file for licensing details # All rights reserved. See LICENSE file for licensing details
if (IN_serendipity !== true) {
die ("Don't hack!");
}
if (defined('S9Y_FRAMEWORK_PLUGIN_INTERNAL')) { if (defined('S9Y_FRAMEWORK_PLUGIN_INTERNAL')) {
return; return;
} }

4
templates/kubrick/config.inc.php
View File

@ -1,5 +1,9 @@
<?php # $Id$ <?php # $Id$
if (IN_serendipity !== true) {
die ("Don't hack!");
}
$probelang = dirname(__FILE__) . '/lang_' . $serendipity['lang'] . '.inc.php'; $probelang = dirname(__FILE__) . '/lang_' . $serendipity['lang'] . '.inc.php';
if (file_exists($probelang)) { if (file_exists($probelang)) {
include $probelang; include $probelang;