public function createAction() { $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) { $this->identity = $auth->getIdentity(); } if (!$this->identity->id) { $this->_redirect('/user/login'); } $formBlog = new Form_Source(); if ($this->getRequest()->isPost()) { if ($formBlog->isValid($_POST)) { $blogData = $formBlog->getValues(); $blogData['uid'] = $this->identity->id; $blogData['type'] = 'blog'; $blogData['createtime'] = time(); $tags = str_replace(",", ",", $blogData['tags']); unset($blogData['tags']); unset($blogData['提交']); $modelBlog = new Page(); $newBlog = $modelBlog->createPage($blogData); if ($newBlog) { $this->_redirect('source/view/id/' . $newBlog); } } } $this->view->formBlog = $formBlog; // $this->_helper->cache(array('index', 'view'), array('gook')); }
public function createAction() { $auth = Zend_Auth::getInstance(); if ($auth->hasIdentity()) { $this->identity = $auth->getIdentity(); } if (!$this->identity->id) { $this->_redirect('/user/login'); } $formBlog = new Form_Now(); if ($this->getRequest()->isPost()) { if ($formBlog->isValid($_POST)) { $blogData = $formBlog->getValues(); $blogData['uid'] = $this->identity->id; $blogData['type'] = 'now'; $blogData['createtime'] = time(); $tags = str_replace(",", ",", $blogData['tags']); unset($blogData['tags']); unset($blogData['提交']); $modelBlog = new Page(); $newBlog = $modelBlog->createPage($blogData); if ($newBlog) { if ($tags != null) { $modelTags = new Tags(); $modelTags->createTags($newBlog, $tags); $modelTagsTotal = new TagsTotal(); $arrTags = explode(",", $tags); if (count($arrTags) > 0) { foreach ($arrTags as $value) { $modelTagsTotal->createTag($value); } } else { $modelTagsTotal->createTag($tags); } } $this->_redirect('blog/view/id/' . $newBlog); } } } $this->view->formBlog = $formBlog; // $this->_helper->cache(array('index', 'view'), array('gook')); }
source: http://www.securityfocus.com/bid/38126/info Huski CMS is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the computer; other attacks are also possible. <?php header('Content-Type: text/html; charset=utf-8'); // Data Includes include_once "PHPLib/db_mysql.inc"; include_once "Data/dbConnection.class.php"; include_once "Data/dbConfig.class.php"; include_once "Data/dataAdapter.class.php"; include_once "Quicksite/Core/domxml.class.php"; // Quicksite Core Includes include_once "Quicksite/Core/all.inc.php"; // Configuration include_once "Quicksite/db.config.php"; include_once "inc/vars.config.php"; // Initialise the Site $site = new Site($_VARS['site']); print_r($_SESSION['login']); // Initialise the Page $page = new Page($site, $_GET['id'], array_merge($_POST, $_GET)); // Load plugin sources $page->loadPluginSources(); // Create the Page $page->createPage(); echo $page->Result;
} if ($_GET['n'] == "new") { $t = false; } else { $t = true; if (!$user->str_check($_GET['n'])) { redirect("Location: error.php"); } $post = $page->getPage($_GET['n']); if (!$post) { redirect("Location: error.php"); } } if (isset($_POST['submit'])) { if ($_GET['n'] == "new") { $id = $page->createPage($_POST['name'], $_POST['title'], $user->getUser(), $_POST['post']); } else { $id = $page->updatePage($_POST['name'], $_POST['title'], $user->getUser(), $_POST['post']); } if ($id == false) { header("Location: error.php"); } else { header("Location: pedit.php?n=" . $id); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>页面管理 > <?php
try { $article = Article::createArticle($_POST['title'], getUser()); $article->setContent($_POST['content']); } catch (Exception $e) { header("Location: " . orongoURL("orongo-admin/create.php?msg=0&obj=article")); } header("Location: " . orongoURL("orongo-admin/create.php?msg=1&obj=article")); exit; break; case "page": if (!isset($_POST['title']) || !isset($_POST['content'])) { header("Location: " . orongoURL("orongo-admin/create.php?page")); exit; } try { $page = Page::createPage($_POST['title']); $page->setContent($_POST['content']); } catch (Exception $e) { header("Location: " . orongoURL("orongo-admin/create.php?msg=0&obj=page")); } header("Location: " . orongoURL("orongo-admin/create.php?msg=1&obj=page")); exit; break; case "user": if (getUser()->getRank() < RANK_ADMIN) { header("Location: " . orongoURL("orongo-admin/index.php?msg=0")); exit; } if (!isset($_POST['name']) || !isset($_POST['password']) || !isset($_POST['email']) || !isset($_POST['rank'])) { header("Location: " . orongoURL("orongo-admin/create.php?user")); exit;