X-Git-Url: https://git.p6c8.net/jirafeau_mojo42.git/blobdiff_plain/db2c9c7773cd5d14b732689b2e844e62d2773be5..a7d0b9810f960d97ac03488cae9814b31e6ff3f7:/lib/functions.php?ds=sidebyside diff --git a/lib/functions.php b/lib/functions.php index 3a50eac..e237274 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -553,13 +553,13 @@ function jirafeau_admin_list($name, $file_hash, $link_hash) { echo '
'; if (!empty($name)) { - echo t('FILENAME') . ": $name "; + echo t('FILENAME') . ": " . jirafeau_escape($name); } if (!empty($file_hash)) { - echo t('FILE') . ": $file_hash "; + echo t('FILE') . ": " . jirafeau_escape($file_hash); } if (!empty($link_hash)) { - echo t('LINK') . ": $link_hash "; + echo t('LINK') . ": " . jirafeau_escape($link_hash); } if (empty($name) && empty($file_hash) && empty($link_hash)) { echo t('LS_FILES'); @@ -628,16 +628,19 @@ function jirafeau_admin_list($name, $file_hash, $link_hash) '
' . '' . '' . + jirafeau_admin_csrf_field() . '' . '
' . '
' . '' . '' . + jirafeau_admin_csrf_field() . '' . '
' . '
' . '' . '' . + jirafeau_admin_csrf_field() . '' . '
' . ''; @@ -1248,3 +1251,29 @@ function jirafeau_escape($string) { return htmlspecialchars($string, ENT_QUOTES); } + +function jirafeau_admin_session_start() +{ + $_SESSION['admin_auth'] = true; + $_SESSION['admin_csrf'] = md5(uniqid(mt_rand(), true)); +} + +function jirafeau_admin_session_end() +{ + $_SESSION = array(); + session_destroy(); +} + +function jirafeau_admin_session_logged() +{ + return isset($_SESSION['admin_auth']) && + isset($_SESSION['admin_csrf']) && + isset($_POST['admin_csrf']) && + $_SESSION['admin_auth'] === true && + $_SESSION['admin_csrf'] === $_POST['admin_csrf']; +} + +function jirafeau_admin_csrf_field() +{ + return ""; +}