Exemplo n.º 1
0
 /**
  * Prevent XSS attacks for logged in users by making sure the request contains a valid nonce
  *
  */
 function CheckPosts($session_id)
 {
     if (count($_POST) == 0) {
         return;
     }
     if (!isset($_POST['verified'])) {
         gpsession::StripPost('XSS Verification Parameter Not Set');
         return;
     }
     if (empty($_POST['verified'])) {
         gpsession::StripPost('XSS Verification Parameter Empty');
         return;
     }
     if (!common::verify_nonce('post', $_POST['verified'], true) && $_POST['verified'] !== $session_id) {
         gpsession::StripPost('XSS Verification Parameter Mismatch');
         return;
     }
 }
Exemplo n.º 2
0
 /**
  * Assign a layout to the $title. Child pages without a layout assigned will inherit this setting
  * @param string $title
  */
 function SetLayout()
 {
     global $gp_index, $gp_titles, $langmessage, $gpLayouts;
     $index = $_POST['index'];
     $title = common::IndexToTitle($index);
     if (!$title) {
         message($langmessage['OOPS']);
         return;
     }
     $this->title = $title;
     $layout = $_POST['layout'];
     if (!isset($gpLayouts[$layout])) {
         message($langmessage['OOPS']);
         return;
     }
     if (!common::verify_nonce('use_' . $layout)) {
         message($langmessage['OOPS']);
         return;
     }
     //unset, then reset if needed
     unset($gp_titles[$index]['gpLayout']);
     $currentLayout = display::OrConfig($index, 'gpLayout');
     if ($currentLayout != $layout) {
         $gp_titles[$index]['gpLayout'] = $layout;
     }
     if (!admin_tools::SavePagesPHP()) {
         message($langmessage['OOPS'] . '(3)');
         return false;
     }
     message($langmessage['SAVED']);
 }
Exemplo n.º 3
0
 /**
  * Prevent XSS attacks for logged in users by making sure the request contains a valid nonce
  *
  */
 static function CheckPosts()
 {
     if (count($_POST) == 0) {
         return;
     }
     if (empty($_POST['verified'])) {
         self::StripPost('XSS Verification Parameter Error');
         return;
     }
     if (!common::verify_nonce('post', $_POST['verified'], true)) {
         self::StripPost('XSS Verification Parameter Mismatch');
         return;
     }
 }
Exemplo n.º 4
0
 /**
  * Save a user submitted comment
  *
  */
 function CommentAdd()
 {
     global $langmessage;
     // check the nonce
     // includes the comment count so resubmissions won't work
     if (!common::verify_nonce('easy_comments:' . count($this->comment_data), $_POST['nonce'], true)) {
         $message = gpOutput::GetAddonText('Sorry, your comment was not saved.');
         message($message);
         return false;
     }
     //check captcha
     if ($this->config['comment_captcha'] && gp_recaptcha::isActive()) {
         if (!gp_recaptcha::Check()) {
             //recaptcha::check adds message on failure
             return false;
         }
     }
     if (empty($_POST['name'])) {
         $field = gpOutput::SelectText('Name');
         message($langmessage['OOPS_REQUIRED'], $field);
         return false;
     }
     if (empty($_POST['comment'])) {
         $field = gpOutput::SelectText('Comment');
         message($langmessage['OOPS_REQUIRED'], $field);
         return false;
     }
     $temp = array();
     $temp['name'] = htmlspecialchars($_POST['name']);
     $temp['comment'] = nl2br(strip_tags($_POST['comment']));
     $temp['time'] = time();
     if (!empty($_POST['website']) && $_POST['website'] !== 'http://') {
         $website = $_POST['website'];
         if (strpos($website, '://') === false) {
             $website = false;
         }
         if ($website) {
             $temp['website'] = $website;
         }
     }
     $index = $this->NewIndex();
     $this->comment_data[$index] = $temp;
     //save to index file first
     if (!$this->UpdateIndex()) {
         $message = gpOutput::GetAddonText('Sorry, your comment was not saved.');
         message($message);
         return false;
     }
     //then save actual comment
     if ($this->SaveCommentData()) {
         $message = gpOutput::GetAddonText('Your comment has been saved.');
         message($message);
         return true;
     } else {
         $message = gpOutput::GetAddonText('Sorry, your comment was not saved.');
         message($message);
         return false;
     }
 }
Exemplo n.º 5
0
 function MoveUp()
 {
     global $langmessage;
     $move_key =& $_REQUEST['section'];
     if (!isset($this->file_sections[$move_key])) {
         message($langmessage['OOPS']);
         return false;
     }
     if (!common::verify_nonce('move_up' . $move_key)) {
         message($langmessage['OOPS']);
         return false;
     }
     $move_content = $this->file_sections[$move_key];
     $file_keys = array_keys($this->file_sections);
     $file_values = array_values($this->file_sections);
     $insert_key = array_search($move_key, $file_keys);
     if ($insert_key === null || $insert_key === false || $insert_key === 0) {
         message($langmessage['OOPS']);
         return false;
     }
     $prev_key = $insert_key - 1;
     if (!isset($file_keys[$prev_key])) {
         message($langmessage['OOPS']);
         return false;
     }
     $old_sections = $this->file_sections;
     //rebuild
     $new_sections = array();
     foreach ($file_values as $temp_key => $file_value) {
         if ($temp_key === $prev_key) {
             $new_sections[] = $move_content;
         } elseif ($temp_key === $insert_key) {
             //moved section
             continue;
         }
         $new_sections[] = $file_value;
     }
     $this->file_sections = $new_sections;
     if (!$this->SaveThis()) {
         $this->file_sections = $old_sections;
         message($langmessage['OOPS'] . '(4)');
         return;
     }
 }
Exemplo n.º 6
0
 function SendMessage()
 {
     global $langmessage, $config, $gp_mailer;
     includeFile('tool/email_mailer.php');
     $headers = array();
     $_POST += array('subject' => '', 'contact_nonce' => '', 'message' => '');
     if (empty($_POST['message'])) {
         msg($langmessage['OOPS'] . '(Invalid Message)');
         return;
     }
     //check nonce
     if (!common::verify_nonce('contact_post', $_POST['contact_nonce'], true)) {
         msg($langmessage['OOPS'] . '(Invalid Nonce)');
         return;
     }
     if (!empty($_POST['contact_void'])) {
         msg($langmessage['OOPS'] . '(Robot Detected)');
         return;
     }
     //captcha
     if (!gp_recaptcha::Check()) {
         return;
     }
     if (!gpPlugin::Filter('contact_form_check', array(true))) {
         return;
     }
     //subject
     $_POST['subject'] = strip_tags($_POST['subject']);
     //message
     $tags = '<p><div><span><font><b><i><tt><em><i><a><strong><blockquote>';
     $message = nl2br(strip_tags($_POST['message'], $tags));
     //reply name
     if (!empty($_POST['email'])) {
         //check format
         if (!$this->ValidEmail($_POST['email'])) {
             msg($langmessage['invalid_email']);
             return false;
         }
         $replyName = str_replace(array("\r", "\n"), array(' '), $_POST['name']);
         $replyName = strip_tags($replyName);
         $replyName = htmlspecialchars($replyName);
         $gp_mailer->AddReplyTo($_POST['email'], $replyName);
         if (common::ConfigValue('from_use_user', false)) {
             $gp_mailer->SetFrom($_POST['email'], $replyName);
         }
     }
     //check for required values
     $require_email =& $config['require_email'];
     if (strpos($require_email, 'email') !== false) {
         if (empty($_POST['email'])) {
             $field = gpOutput::SelectText('your_email');
             msg($langmessage['OOPS_REQUIRED'], $field);
             return false;
         }
     }
     if (strpos($require_email, 'none') === false) {
         if (empty($_POST['subject'])) {
             $field = gpOutput::SelectText('subject');
             msg($langmessage['OOPS_REQUIRED'], $field);
             return false;
         }
         if (empty($message)) {
             $field = gpOutput::SelectText('message');
             msg($langmessage['OOPS_REQUIRED'], $field);
             return false;
         }
     }
     if ($gp_mailer->SendEmail($config['toemail'], $_POST['subject'], $message)) {
         msg($langmessage['message_sent']);
         return true;
     }
     msg($langmessage['OOPS'] . ' (Send Failed)');
     return false;
 }
Exemplo n.º 7
0
 /**
  * Delete a single file or folder
  *
  */
 function DeleteConfirmed()
 {
     global $langmessage, $page;
     if ($this->isThumbDir) {
         return false;
     }
     if (!common::verify_nonce('delete')) {
         message($langmessage['OOPS'] . ' (Invalid Nonce)');
         return;
     }
     $file = $this->CheckFile();
     if (!$file) {
         return;
     }
     $full_path = $this->currentDir . '/' . $file;
     $rel_path = common::GetDir('/data/_uploaded' . $this->subdir . '/' . $file);
     if (!gpFiles::RmAll($full_path)) {
         message($langmessage['OOPS']);
         return;
     }
     $page->ajaxReplace[] = array('img_deleted', '', $rel_path);
     return;
 }