X-Git-Url: https://git.p6c8.net/jirafeau.git/blobdiff_plain/ef7711fcbea94ca12e41a4897f5cc4ab284b4b11..02ffb9fe02fbdb2abfa3c449ca60e37e76126f14:/lib/functions.php diff --git a/lib/functions.php b/lib/functions.php index 77acae1..0f42e21 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -614,7 +614,7 @@ jirafeau_admin_list ($name, $file_hash, $link_hash) continue; /* Filter. */ - if (!empty ($name) && !preg_match ("/$name/i", $l['file_name'])) + if (!empty ($name) && !preg_match ("/$name/i", htmlspecialchars($l['file_name']))) continue; if (!empty ($file_hash) && $file_hash != $l['md5']) continue; @@ -626,7 +626,7 @@ jirafeau_admin_list ($name, $file_hash, $link_hash) '<form action = "admin.php" method = "post">' . '<input type = "hidden" name = "action" value = "download"/>' . '<input type = "hidden" name = "link" value = "' . $node . '"/>' . - '<input type = "submit" value = "' . $l['file_name'] . '" />' . + '<input type = "submit" value = "' . htmlspecialchars($l['file_name']) . '" />' . '</form>'; echo '</td>'; echo '<td>' . $l['mime_type'] . '</td>'; @@ -1134,3 +1134,14 @@ function get_ip_address($cfg) { } return $_SERVER['REMOTE_ADDR']; } + +/** + * Convert hexadecimal string to base64 + */ +function hex_to_base64($hex) +{ + $b = ''; + foreach (str_split ($hex, 2) as $pair) + $b .= chr (hexdec ($pair)); + return base64_encode ($b); +}