Skip to content

Commit

Permalink
Merge pull request #4 from geekwright/mh20170512
Browse files Browse the repository at this point in the history 
Multiple issues found in testing
  • Loading branch information
@mambax7
mambax7 authored May 14, 2017
2 parents d41024e + 8ce280b commit 37f96f6
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 12 deletions.
19 changes: 10 additions & 9 deletions admin/mimetypes.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
* @author The SmartFactory <www.smartfactory.ca>
*/

use \Xmf\Request;
use Xmf\Request;

require_once __DIR__ . '/admin_header.php';
xoops_load('XoopsPagenav');
Expand Down Expand Up @@ -606,15 +606,15 @@ public static function search()
// exit();
}

$order = Request::getString('order', 'ASC', 'POST');
$sort = Request::getString('sort', 'mime_name', 'POST');
$order = Request::getString('order', 'ASC');
$sort = Request::getString('sort', 'mime_name');

PublisherUtility::cpHeader();
//publisher_adminMenu(4, _AM_PUBLISHER_MIMETYPES . " > " . _AM_PUBLISHER_BUTTON_SEARCH);

PublisherUtility::openCollapsableBar('mimemsearchtable', 'mimesearchicon', _AM_PUBLISHER_MIME_SEARCH);

if (!Request::getString('mime_search', '', 'POST')) {
if (!Request::getString('mime_search', '')) {
echo "<form action='mimetypes.php?op=search' method='post'>";
echo "<table width='100%' cellspacing='1' class='outer'>";
echo "<tr><th colspan='2'>" . _AM_PUBLISHER_TEXT_SEARCH_MIME . '</th></tr>';
Expand All @@ -640,8 +640,8 @@ public static function search()
</tr>";
echo '</table></form>';
} else {
$searchField = Request::getString('search_by', '', 'POST');
$searchText = Request::getString('search_text', '', 'POST');
$searchField = Request::getString('search_by', '');
$searchText = Request::getString('search_text', '');

$crit = new Criteria($searchField, "%$searchText%", 'LIKE');
$crit->setSort($sort);
Expand All @@ -651,7 +651,8 @@ public static function search()
$mimeCount = $publisher->getHandler('mimetype')->getCount($crit);
$mimetypes = $publisher->getHandler('mimetype')->getObjects($crit);
$nav = new XoopsPageNav($mimeCount, $limit, $start, 'start',
"op=search&amp;limit=$limit&amp;order=$order&amp;sort=$sort&amp;mime_search=1&amp;search_by=$searchField&amp;search_text=$searchText");
"op=search&amp;limit=$limit&amp;order=$order&amp;sort=$sort&amp;mime_search=1&amp;search_by=$searchField&amp;search_text="
. htmlentities($searchText, ENT_QUOTES));
// Display results
echo '<script type="text/javascript" src="' . PUBLISHER_URL . '/include/functions.js"></script>';

Expand All @@ -669,7 +670,7 @@ public static function search()
unset($value, $text);
echo '</select></td>';
echo "<td align='right'>" . _AM_PUBLISHER_TEXT_SEARCH_TEXT . '</td>';
echo "<td align='left'><input type='text' name='search_text' id='search_text' value='$searchText' /></td>";
echo "<td align='left'><input type='text' name='search_text' id='search_text' value='" .htmlentities($searchText, ENT_QUOTES). "' /></td>";
echo "<td><input type='submit' name='mime_search' id='mime_search' value='" . _AM_PUBLISHER_BUTTON_SEARCH . "' /></td>";
echo '</tr></table></form></td></tr>';

Expand Down Expand Up @@ -705,7 +706,7 @@ public static function search()
<input type='submit' name='mime_sort' id='mime_sort' value='" . _AM_PUBLISHER_BUTTON_SUBMIT . "' />
<input type='hidden' name='mime_search' id='mime_search' value='1' />
<input type='hidden' name='search_by' id='search_by' value='$searchField' />
<input type='hidden' name='search_text' id='search_text' value='$searchText' />
<input type='hidden' name='search_text' id='search_text' value='" .htmlentities($searchText, ENT_QUOTES) . "' />
</td>
</tr>";
echo '</table>';
Expand Down
20 changes: 18 additions & 2 deletions admin/pw_delete_file.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,29 @@
* @author The SmartFactory <www.smartfactory.ca>
*/

use \Xmf\Request;
use Xmf\Assert;
use Xmf\Request;

require_once __DIR__ . '/admin_header.php';

if ('delfileok' === Request::getString('op', '', 'POST')) {
$dir = PublisherUtility::getUploadDir(true, 'content');
if (!$GLOBALS['xoopsSecurity']->check()) {
redirect_header(XOOPS_URL . '/modules/publisher/admin/item.php', 3, _AM_PUBLISHER_FILE_DELETE_ERROR);
exit;
}

$dir = PublisherUtility::getUploadDir(true, 'content');
$check_path = realpath($dir);

$filename = Request::getString('address', '', 'POST');
$path_file = realpath($dir . '/' . $filename);
try {
Assert::startsWith($path_file, $check_path, _AM_PUBLISHER_FILE_DELETE_ERROR);
} catch(\InvalidArgumentException $e) {
// handle the exception
redirect_header(XOOPS_URL . '/modules/publisher/admin/item.php', 2, $e->getMessage());
exit;
}
if (file_exists($dir . '/' . $filename)) {
unlink($dir . '/' . $filename);
}
Expand Down
2 changes: 1 addition & 1 deletion xoops_version.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@
'onUpdate' => 'include/onupdate.php',
// ------------------- Min Requirements -------------------
'min_php' => '5.5',
'min_xoops' => '2.5.8',
'min_xoops' => '2.5.9',
'min_admin' => '1.1',
'min_db' => array('mysql' => '5.5'),
// ------------------- Admin Menu -------------------
Expand Down

0 comments on commit 37f96f6

Please sign in to comment.