{
echo '<fieldset><legend>';
if (!empty($name)) {
- echo t('FILENAME') . ": $name ";
+ echo t('FILENAME') . ": " . jirafeau_escape($name);
}
if (!empty($file_hash)) {
- echo t('FILE') . ": $file_hash ";
+ echo t('FILE') . ": " . jirafeau_escape($file_hash);
}
if (!empty($link_hash)) {
- echo t('LINK') . ": $link_hash ";
+ echo t('LINK') . ": " . jirafeau_escape($link_hash);
}
if (empty($name) && empty($file_hash) && empty($link_hash)) {
echo t('LS_FILES');
'<form method="post">' .
'<input type = "hidden" name = "action" value = "download"/>' .
'<input type = "hidden" name = "link" value = "' . $node . '"/>' .
+ jirafeau_admin_csrf_field() .
'<input type = "submit" value = "' . t('DL') . '" />' .
'</form>' .
'<form method="post">' .
'<input type = "hidden" name = "action" value = "delete_link"/>' .
'<input type = "hidden" name = "link" value = "' . $node . '"/>' .
+ jirafeau_admin_csrf_field() .
'<input type = "submit" value = "' . t('DEL_LINK') . '" />' .
'</form>' .
'<form method="post">' .
'<input type = "hidden" name = "action" value = "delete_file"/>' .
'<input type = "hidden" name = "md5" value = "' . $l['md5'] . '"/>' .
+ jirafeau_admin_csrf_field() .
'<input type = "submit" value = "' . t('DEL_FILE_LINKS') . '" />' .
'</form>' .
'</td>';
{
return htmlspecialchars($string, ENT_QUOTES);
}
+
+function jirafeau_admin_session_start()
+{
+ $_SESSION['admin_auth'] = true;
+ $_SESSION['admin_csrf'] = md5(uniqid(mt_rand(), true));
+}
+
+function jirafeau_admin_session_end()
+{
+ $_SESSION = array();
+ session_destroy();
+}
+
+function jirafeau_admin_session_logged()
+{
+ return isset($_SESSION['admin_auth']) &&
+ isset($_SESSION['admin_csrf']) &&
+ isset($_POST['admin_csrf']) &&
+ $_SESSION['admin_auth'] === true &&
+ $_SESSION['admin_csrf'] === $_POST['admin_csrf'];
+}
+
+function jirafeau_admin_csrf_field()
+{
+ return "<input type='hidden' name='admin_csrf' value='". $_SESSION['admin_csrf'] . "'/>";
+}
git.p6c8.net / jirafeau_mojo42.git / blobdiff