Beispiel #1
0
 /**
  * csrf_field, fonction permetant de récupérer un input généré
  *
  * @return string
  */
 function csrf_field()
 {
     return create_csrf_token()->field;
 }
Beispiel #2
0
        $table->addRow(array("Level", "Added by", "Added at", "Remove"), null, 'th');
        foreach ($user_karma as $item) {
            $remove = sprintf("karma.php?action=remove&handle=%s&level=%s", htmlspecialchars($handle), htmlspecialchars($item['level']));
            $table->addRow(array(htmlspecialchars($item['level']), htmlspecialchars($item['granted_by']), htmlspecialchars($item['granted_at']), make_link($remove, make_image("delete.gif"), false, 'onclick="javascript:return confirm(\'Do you really want to remove the karma level ' . htmlspecialchars($item['level']) . '?\');"')));
        }
        echo $table->toHTML();
    }
    echo "<br /><br />";
    $table = new HTML_Table('style="width: 100%"');
    $table->setCaption("Grant karma to " . htmlspecialchars($handle), 'style="background-color: #CCCCCC;"');
    $form = new HTML_QuickForm2('karma_grant', 'post', array('action' => 'karma.php?action=grant'));
    $form->removeAttribute('name');
    $form->addElement('text', 'level')->setLabel('Level:&nbsp;');
    $form->addElement('hidden', 'handle')->setValue(htmlspecialchars($handle));
    $form->addElement('submit', 'submit')->setLabel('Submit Changes');
    $csrf_token_value = create_csrf_token($csrf_token_name);
    $form->addElement('hidden', $csrf_token_name)->setValue($csrf_token_value);
    $table->addRow(array((string) $form));
    echo $table->toHTML();
}
echo "<p>&nbsp;</p><hr />";
$table = new HTML_Table('style="width: 90%"');
$table->setCaption("Karma Statistics", 'style="background-color: #CCCCCC;"');
if (!empty($_GET['a']) && $_GET['a'] == "details" && !empty($_GET['level'])) {
    $table->addRow(array('Handle', 'Granted'), null, 'th');
    foreach ($karma->getUsers($_GET['level']) as $user) {
        $detail = sprintf("Granted by <a href=\"/user/%s\">%s</a> on %s", htmlspecialchars($user['granted_by']), htmlspecialchars($user['granted_by']), htmlspecialchars($user['granted_at']));
        $table->addRow(array(make_link("/user/" . htmlspecialchars($user['user']), htmlspecialchars($user['user'])), $detail));
    }
} else {
    $table->addRow(array('Level', '# of users'));
Beispiel #3
0
    print_package_navigation($id, $pkg['name'], '/package-delete.php?id=' . $id);
    echo '<form action="' . 'package-delete.php?id=' . htmlspecialchars($id) . '" method="post">';
    echo '<table class="form-holder" style="margin-bottom: 2em;" cellspacing="1">';
    echo '<caption class="form-caption">Confirm</caption>';
    echo '<tr><td class="form-input">';
    echo 'Are you sure that you want to delete the package?' . "</td></tr>\n";
    echo '<tr><td class="form-input">';
    report_error('Deleting the package will remove all package information' . ' and all releases!', 'warnings', 'WARNING:');
    echo "</td></tr>\n";
    echo '<td class="form-input">';
    echo '<input type="submit" value="yes" name="confirm" />';
    echo '&nbsp;';
    echo '<input type="submit" value="no" name="confirm" />';
    echo "</td></tr>\n";
    echo "</table>";
    echo '<input type="hidden" value="' . create_csrf_token($csrf_token_name) . '" name="' . $csrf_token_name . '" />';
    echo "</form>";
} elseif ($_POST['confirm'] == 'yes' && validate_csrf_token($csrf_token_name)) {
    // XXX: Implement backup functionality
    // make_backup($id);
    $tables = array('releases' => 'package', 'maintains' => 'package', 'deps' => 'package', 'files' => 'package', 'packages' => 'id');
    echo "<pre>\n";
    $file_rm = 0;
    $query = 'SELECT p.name, r.version FROM packages p, releases r
                WHERE p.id = r.package AND r.package = ?';
    $row = $dbh->getAll($query, array($id));
    foreach ($row as $value) {
        $file = sprintf("%s/%s-%s.tgz", PEAR_TARBALL_DIR, $value[0], $value[1]);
        if (@unlink($file)) {
            echo "Deleting release archive \"" . $file . "\"\n";
            $file_rm++;
Beispiel #4
0
            $mailtext = wordwrap($mailtext, 72);
            $query = 'SELECT u.email FROM users u, maintains m WHERE m.package = ? AND u.handle = m.handle';
            $rows = $dbh->getAll($query, array($id), DB_FETCHMODE_ASSOC);
            foreach ($rows as $u_row) {
                mail($u_row['email'], SITE_BIG . ' Package ' . $action, $mailtext, 'From: "' . SITE_BIG . ' Package Approval System" <' . PEAR_GROUP_EMAIL . '>', '-f ' . PEAR_BOUNCE_EMAIL);
            }
        }
        echo "Successfully <b>" . $action . " package</b>.<br /><br />";
    } else {
        echo "There have been problems: Either an error occured while " . "updating the database or the package has already been " . $action . " by someone else.<br /><br />";
    }
}
$query = 'SELECT id, name FROM packages WHERE approved = 0 AND package_type = ?';
$rows = $dbh->getAll($query, array(SITE), DB_FETCHMODE_ASSOC);
$self = htmlspecialchars($_SERVER['PHP_SELF']);
if (count($rows) == 0) {
    echo "<b>Currently there are no unapproved packages.</b>\n";
} else {
    require_once 'HTML/Table.php';
    $table = new HTML_Table('style="width: 90%"');
    $table->setCaption('Unapproved packages', 'style="background-color: #CCCCCC;"');
    $csrf_link = '&amp;' . urlencode($csrf_token_name) . '=' . urlencode(create_csrf_token($csrf_token_name));
    foreach ($rows as $row) {
        $tmp = array($row['name'], make_link("{$self}?approve=" . $row['id'] . $csrf_link, "Approve") . ' / ' . make_link("{$self}?reject=" . $row['id'] . $csrf_link, "Reject"));
        $table->addRow($tmp);
    }
    echo $table->toHTML();
}
echo "<br /><br />";
echo make_link('/admin/', 'Back');
response_footer();
function csrf_token_tag($id = "")
{
    $token = create_csrf_token($id);
    return "<input type=\"hidden\" name=\"csrf_token{$id}\" value=\"" . $token . "\">";
}