X-Git-Url: https://git.p6c8.net/jirafeau_mojo42.git/blobdiff_plain/db2c9c7773cd5d14b732689b2e844e62d2773be5..7578ca7e1deb95bef18bb64c3b49d83d78fc3891:/lib/functions.php?ds=sidebyside diff --git a/lib/functions.php b/lib/functions.php index 3a50eac..cf6b913 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -204,7 +204,7 @@ function jirafeau_ini_to_bytes($value) function jirafeau_get_max_upload_size_bytes() { return min(jirafeau_ini_to_bytes(ini_get('post_max_size')), - jirafeau_ini_to_bytes(ini_get('upload_max_filesize'))); + jirafeau_ini_to_bytes(ini_get('upload_max_filesize'))); } /** @@ -213,9 +213,7 @@ function jirafeau_get_max_upload_size_bytes() */ function jirafeau_get_max_upload_size() { - return jirafeau_human_size( - min(jirafeau_ini_to_bytes(ini_get('post_max_size')), - jirafeau_ini_to_bytes(ini_get('upload_max_filesize')))); + return jirafeau_human_size(jirafeau_get_max_upload_size_bytes()); } /** @@ -500,16 +498,13 @@ function check_errors($cfg) exit; } - /* check if the destination dirs are writable */ - $writable = is_writable(VAR_FILES) && is_writable(VAR_LINKS); - /* Checking for errors. */ if (!is_writable(VAR_FILES)) { - add_error(t('The file directory is not writable!'), VAR_FILES); + add_error(t('FILE_DIR_W'), VAR_FILES); } if (!is_writable(VAR_LINKS)) { - add_error(t('The link directory is not writable!'), VAR_LINKS); + add_error(t('LINK_DIR_W'), VAR_LINKS); } if (!is_writable(VAR_ASYNC)) { @@ -553,13 +548,13 @@ function jirafeau_admin_list($name, $file_hash, $link_hash) { echo '
'; if (!empty($name)) { - echo t('FILENAME') . ": $name "; + echo t('FILENAME') . ": " . jirafeau_escape($name); } if (!empty($file_hash)) { - echo t('FILE') . ": $file_hash "; + echo t('FILE') . ": " . jirafeau_escape($file_hash); } if (!empty($link_hash)) { - echo t('LINK') . ": $link_hash "; + echo t('LINK') . ": " . jirafeau_escape($link_hash); } if (empty($name) && empty($file_hash) && empty($link_hash)) { echo t('LS_FILES'); @@ -597,7 +592,7 @@ function jirafeau_admin_list($name, $file_hash, $link_hash) } /* Filter. */ - if (!empty($name) && !preg_match("/$name/i", jirafeau_escape($l['file_name']))) { + if (!empty($name) && !@preg_match("/$name/i", jirafeau_escape($l['file_name']))) { continue; } if (!empty($file_hash) && $file_hash != $l['md5']) { @@ -628,16 +623,19 @@ function jirafeau_admin_list($name, $file_hash, $link_hash) '
' . '' . '' . + jirafeau_admin_csrf_field() . '' . '
' . '
' . '' . '' . + jirafeau_admin_csrf_field() . '' . '
' . '
' . '' . '' . + jirafeau_admin_csrf_field() . '' . '
' . ''; @@ -1248,3 +1246,29 @@ function jirafeau_escape($string) { return htmlspecialchars($string, ENT_QUOTES); } + +function jirafeau_admin_session_start() +{ + $_SESSION['admin_auth'] = true; + $_SESSION['admin_csrf'] = md5(uniqid(mt_rand(), true)); +} + +function jirafeau_admin_session_end() +{ + $_SESSION = array(); + session_destroy(); +} + +function jirafeau_admin_session_logged() +{ + return isset($_SESSION['admin_auth']) && + isset($_SESSION['admin_csrf']) && + isset($_POST['admin_csrf']) && + $_SESSION['admin_auth'] === true && + $_SESSION['admin_csrf'] === $_POST['admin_csrf']; +} + +function jirafeau_admin_csrf_field() +{ + return ""; +}