bug 2844: increase security on LocalFiles Editor, filter on files to edit.

git-svn-id: http://piwigo.org/svn/branches/2.4@20712 68402e56-0260-453c-a942-63ccdbb3a9ee

plugins/LocalFilesEditor/admin.php

@@ -55,7 +55,6 @@ include_once(LOCALEDIT_PATH.'include/'.$page['tab'].'.inc.php');
 // +-----------------------------------------------------------------------+
 if (isset($_POST['restore']))
 {
-  $edited_file = $_POST['edited_file'];
   $content_file = file_get_contents(get_bak_file($edited_file));
   array_push($page['infos'],
     l10n('locfiledit_bak_loaded1'),
@@ -73,7 +72,6 @@ if (isset($_POST['submit']))
   }
   else
   {
-    $edited_file = $_POST['edited_file'];
     $content_file = stripslashes($_POST['text']);
     if (get_extension($edited_file) == 'php')
     {

plugins/LocalFilesEditor/include/css.inc.php

@@ -1,24 +1,40 @@
 <?php
-
 if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
 
-if ((isset($_POST['edit'])) and !is_numeric($_POST['file_to_edit']))
+include_once(PHPWG_ROOT_PATH.'admin/include/themes.class.php');
+$themes = new themes();
+
+if (isset($_POST['edit']))
 {
-  $edited_file = $_POST['file_to_edit'];
+  $_POST['theme'] = $_POST['theme_select'];
 }
-elseif (isset($_POST['edited_file']))
+
+if (isset($_POST['theme']) and '~common~' == $_POST['theme'])
 {
-  $edited_file = $_POST['edited_file'];
-}
-elseif (isset($_GET['theme']) and in_array($_GET['theme'], array_keys(get_pwg_themes(true))))
-{
-  $edited_file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$_GET['theme'].'-rules.css';
+  $page['theme'] = $_POST['theme'];
+  $edited_file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'css/rules.css';
 }
 else
 {
-  $edited_file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.get_default_theme().'-rules.css';
+  if (isset($_GET['theme']))
+  {
+    $page['theme'] = $_GET['theme'];
+  }
+  elseif (isset($_POST['theme']))
+  {
+    $page['theme'] = $_POST['theme'];
+  }
+  
+  if (!isset($page['theme']) or !in_array($page['theme'], array_keys($themes->fs_themes)))
+  {
+    $page['theme'] = get_default_theme();
+  }
+  
+  $edited_file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$page['theme'].'-rules.css';
 }
 
+$template->assign('theme', $page['theme']);
+
 if (file_exists($edited_file))
 {
   $content_file = file_get_contents($edited_file);
@@ -29,12 +45,11 @@ else
 }
 
 $selected = 0; 
-// $options[] = l10n('locfiledit_choose_file');
-// $options[] = '----------------------';
-$value = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . "css/rules.css";
+$value = '~common~';
+$file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/rules.css';
 
-$options[$value] = (file_exists($value) ? '&#x2714;' : '&#x2718;').' local / css / rules.css';
-if ($edited_file == $value)
+$options[$value] = (file_exists($file) ? '&#x2714;' : '&#x2718;').' local / css / rules.css';
+if ($page['theme'] == $value)
 {
   $selected = $value;
 }
@@ -42,8 +57,6 @@ if ($edited_file == $value)
 // themes are displayed in the same order as on screen
 // [Administration > Configuration > Themes]
 
-include_once(PHPWG_ROOT_PATH.'admin/include/themes.class.php');
-$themes = new themes();
 $themes->sort_fs_themes();
 $default_theme = get_default_theme();
 $db_themes = $themes->get_db_themes();
@@ -81,47 +94,57 @@ foreach ($themes->fs_themes as $theme_id => $fs_theme)
   }
 }
 
-$options[] = '';
-$options[] = '----- '.l10n('Active Themes').' -----';
-$options[] = '';
+$active_theme_options = array();
 foreach ($active_themes as $theme)
 {
-  $value = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$theme['id'].'-rules.css';
+  $file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$theme['id'].'-rules.css';
 
-  $options[$value] = (file_exists($value) ? '&#x2714;' : '&#x2718;').' '.$theme['name'];
+  $label = (file_exists($file) ? '&#x2714;' : '&#x2718;').' '.$theme['name'];
 
   if ($default_theme == $theme['id'])
   {
-    $options[$value].= ' ('.l10n('default').')';
+    $label.= ' ('.l10n('default').')';
   }
+
+  $active_theme_options[$theme['id']] = $label;
   
-  if ($edited_file == $value)
+  if ($theme['id'] == $page['theme'])
   {
-    $selected = $value;
+    $selected = $theme['id'];
   }
 }
 
-$options[] = '';
-$options[] = '----- '.l10n('Inactive Themes').' -----';
-$options[] = '';
+if (count($active_theme_options) > 0)
+{
+  $options[l10n('Active Themes')] = $active_theme_options;
+}
+
+$inactive_theme_options = array();
 foreach ($inactive_themes as $theme)
 {
-  $value = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$theme['id'].'-rules.css';
+  $file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR . 'css/'.$theme['id'].'-rules.css';
 
-  $options[$value] = (file_exists($value) ? '&#x2714;' : '&#x2718;').' '.$theme['name'];
+  $inactive_theme_options[$theme['id']] = (file_exists($file) ? '&#x2714;' : '&#x2718;').' '.$theme['name'];
   
-  if ($edited_file == $value)
+  if ($theme['id'] == $page['theme'])
   {
-    $selected = $value;
+    $selected = $theme['id'];
   }
 }
 
-$template->assign('css_lang_tpl', array(
-  'OPTIONS' => $options,
-  'SELECTED' => $selected
-  )
+if (count($inactive_theme_options) > 0)
+{
+  $options[l10n('Inactive Themes')] = $inactive_theme_options;
+}
+
+$template->assign(
+  'css_lang_tpl',
+  array(
+    'SELECT_NAME' => 'theme_select',
+    'OPTIONS' => $options,
+    'SELECTED' => $selected
+    )
 );
 
 $codemirror_mode = 'text/css';
-
 ?>

plugins/LocalFilesEditor/include/lang.inc.php

@@ -1,32 +1,46 @@
 <?php
-
 if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
 
-$edited_file = isset($_POST['edited_file']) ? $_POST['edited_file'] : '';
-$content_file = '';
+$languages = get_languages();
 
-if ((isset($_POST['edit'])) and !is_numeric($_POST['file_to_edit']))
+if (isset($_POST['edit']))
 {
-  $edited_file = $_POST['file_to_edit'];
-  if (file_exists($edited_file))
-  {
-    $content_file = file_get_contents($edited_file);
-  }
-  else
-  {
-    $content_file = "<?php\n\n/* ".l10n('locfiledit_newfile')." */\n\n\n\n\n?>";
-  }
+  $_POST['language'] = $_POST['language_select'];
 }
 
-$selected = 0; 
-$options[] = l10n('locfiledit_choose_file');
-$options[] = '----------------------';
+if (isset($_POST['language']))
+{
+  $page['language'] = $_POST['language'];
+}
+  
+if (!isset($page['language']) or !in_array($page['language'], array_keys($languages)))
+{
+  $page['language'] = get_default_language();
+}
+
+$template->assign('language', $page['language']);
+
+$edited_file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'language/'.$page['language'].'.lang.php';;
+
+if (file_exists($edited_file))
+{
+  $content_file = file_get_contents($edited_file);
+}
+else
+{
+  $content_file = "<?php\n\n/* ".l10n('locfiledit_newfile')." */\n\n\n\n\n?>";
+}
+
+$selected = 0;
 foreach (get_languages() as $language_code => $language_name)
 {
-  $value = PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'language/'.$language_code.'.lang.php';
-  if ($edited_file == $value)
+  $file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'language/'.$language_code.'.lang.php';
+
+  $options[$language_code] = (file_exists($file) ? '&#x2714;' : '&#x2718;').' '.$language_name;
+  
+  if ($page['language'] == $language_code)
   {
-    $selected = $value;
+    $selected = $language_code;
     $template->assign('show_default', array(
       array(
         'URL' => LOCALEDIT_PATH.'show_default.php?file=language/'.$language_code.'/common.lang.php',
@@ -39,10 +53,12 @@ foreach (get_languages() as $language_code => $language_name)
       )
     );
   }
-  $options[$value] = $language_name;
 }
 
-$template->assign('css_lang_tpl', array(
+$template->assign(
+  'css_lang_tpl',
+  array(
+    'SELECT_NAME' => 'language_select',
     'OPTIONS' => $options,
     'SELECTED' => $selected
     )

plugins/LocalFilesEditor/include/tpl.inc.php

@@ -1,21 +1,34 @@
 <?php
-
 if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
 
-$edited_file = isset($_POST['edited_file']) ? $_POST['edited_file'] : '';
-$content_file = '';
+$edited_file = '';
 
-if ((isset($_POST['edit'])) and !is_numeric($_POST['file_to_edit']))
+if (isset($_POST['edit']))
 {
-  $edited_file = $_POST['file_to_edit'];
-  if (file_exists($edited_file))
+  $_POST['template'] = $_POST['file_to_edit'];
+}
+
+if (!empty($_POST['template']))
+{
+  if (preg_match('#\.\./#', $_POST['template']))
   {
-    $content_file = file_get_contents($edited_file);
+    die('Hacking attempt! template extension must be in template-extension directory');
   }
-  else
+
+  if (!preg_match('#\.tpl$#', $_POST['template']))
   {
-    $content_file = '';
+    die('Hacking attempt! template extension must be a *.tpl file');
   }
+
+  $template->assign('template', $_POST['template']);
+  
+  $edited_file = './template-extension/'.$_POST['template'];
+}
+
+$content_file = '';
+if (file_exists($edited_file))
+{
+  $content_file = file_get_contents($edited_file);
 }
 
 $newfile_page = isset($_GET['newfile']);
@@ -50,6 +63,7 @@ if (isset($_POST['create_tpl']))
   }
   else
   {
+    $template->assign('template', $filename);
     $edited_file = $_POST['tpl_parent'] . '/' . $filename;
     $content_file = ($_POST['tpl_model'] == '0') ? '' : file_get_contents($_POST['tpl_model']);
   }
@@ -117,7 +131,7 @@ else
   $options[] = '----------------------';
   foreach (get_extents() as $pwg_template)
   {
-    $value = './template-extension/' . $pwg_template;
+    $value = $pwg_template;
     $options[$value] =  str_replace('/', ' / ', $pwg_template);
     if ($edited_file == $value) $selected = $value;
   }
@@ -126,13 +140,16 @@ else
     $options[$edited_file] =  str_replace(array('./template-extension/', '/'), array('', ' / '), $edited_file);
     $selected = $edited_file;
   }
-  $template->assign('css_lang_tpl', array(
-    'OPTIONS' => $options,
-    'SELECTED' => $selected,
-    'NEW_FILE_URL' => $my_base_url.'-tpl&amp;newfile',
-    'NEW_FILE_CLASS' => empty($edited_file) ? '' : 'top_right'
-    )
-  );
+  $template->assign(
+    'css_lang_tpl',
+    array(
+      'SELECT_NAME' => 'file_to_edit',
+      'OPTIONS' => $options,
+      'SELECTED' => $selected,
+      'NEW_FILE_URL' => $my_base_url.'-tpl&amp;newfile',
+      'NEW_FILE_CLASS' => empty($edited_file) ? '' : 'top_right'
+      )
+    );
 }
 
 $codemirror_mode = 'text/html';

plugins/LocalFilesEditor/template/admin.tpl

@@ -30,7 +30,18 @@ if (document.getElementById("text") != null)
 
 <div id="LocalFilesEditor">
 
-<input type="hidden" value="{$zone_edit.EDITED_FILE}" name="edited_file"/>
+{if isset($theme)}
+<input type="hidden" value="{$theme}" name="theme">
+{/if}
+
+{if isset($language)}
+<input type="hidden" value="{$language}" name="language">
+{/if}
+
+{if isset($template)}
+<input type="hidden" value="{$template}" name="template">
+{/if}
+
 
 {if isset ($create_tpl)}
   <table>
@@ -52,20 +63,18 @@ if (document.getElementById("text") != null)
 {/if}
 
 {if isset ($css_lang_tpl)}
-<select name="file_to_edit">
-{foreach from=$css_lang_tpl.OPTIONS item=theme key=value}
-  <option value="{$value}" {if $value == $css_lang_tpl.SELECTED}selected="selected"{/if} {if is_numeric($value)}disabled="disabled"{/if}>{$theme}</option>
-{/foreach}
+<select name="{$css_lang_tpl.SELECT_NAME}">
+{html_options options=$css_lang_tpl.OPTIONS selected=$css_lang_tpl.SELECTED}
 </select>
 
-
 <input class="submit" type="submit" value="{'locfiledit_edit'|@translate}" name="edit" />
 <br><br>
-  {if isset ($css_lang_tpl.NEW_FILE_URL)}
-  <span class="{$css_lang_tpl.NEW_FILE_CLASS}">
-  <a href="{$css_lang_tpl.NEW_FILE_URL}">{'locfiledit_new_tpl'|@translate}</a>
-  </span>
-  {/if}
+{/if}
+
+{if isset ($css_lang_tpl.NEW_FILE_URL)}
+<span class="{$css_lang_tpl.NEW_FILE_CLASS}">
+<a href="{$css_lang_tpl.NEW_FILE_URL}">{'locfiledit_new_tpl'|@translate}</a>
+</span>
 {/if}
 
 {if isset ($zone_edit)}