'<strong><a id="upload_link" href="f.php?h='. jirafeau_escape($node) .'" title="' .
t('DL_PAGE') . '">' . jirafeau_escape($l['file_name']) . '</a></strong>';
echo '</td>';
- echo '<td>' . $l['mime_type'] . '</td>';
+ echo '<td>' . jirafeau_escape($l['mime_type']) . '</td>';
echo '<td>' . jirafeau_human_size($l['file_size']) . '</td>';
echo '<td>' . ($l['time'] == -1 ? '∞' : jirafeau_get_datetimefield($l['time'])) . '</td>';
echo '<td>';
'<form method="post">' .
'<input type = "hidden" name = "action" value = "download"/>' .
'<input type = "hidden" name = "link" value = "' . $node . '"/>' .
+ jirafeau_admin_csrf_field() .
'<input type = "submit" value = "' . t('DL') . '" />' .
'</form>' .
'<form method="post">' .
'<input type = "hidden" name = "action" value = "delete_link"/>' .
'<input type = "hidden" name = "link" value = "' . $node . '"/>' .
+ jirafeau_admin_csrf_field() .
'<input type = "submit" value = "' . t('DEL_LINK') . '" />' .
'</form>' .
'<form method="post">' .
'<input type = "hidden" name = "action" value = "delete_file"/>' .
'<input type = "hidden" name = "md5" value = "' . $l['md5'] . '"/>' .
+ jirafeau_admin_csrf_field() .
'<input type = "submit" value = "' . t('DEL_FILE_LINKS') . '" />' .
'</form>' .
'</td>';
{
return htmlspecialchars($string, ENT_QUOTES);
}
+
+function jirafeau_admin_session_start()
+{
+ $_SESSION['admin_auth'] = true;
+ $_SESSION['admin_csrf'] = md5(uniqid(mt_rand(), true));
+}
+
+function jirafeau_admin_session_end()
+{
+ $_SESSION = array();
+ session_destroy();
+}
+
+function jirafeau_admin_session_logged()
+{
+ return isset($_SESSION['admin_auth']) &&
+ isset($_SESSION['admin_csrf']) &&
+ isset($_POST['admin_csrf']) &&
+ $_SESSION['admin_auth'] === true &&
+ $_SESSION['admin_csrf'] === $_POST['admin_csrf'];
+}
+
+function jirafeau_admin_csrf_field()
+{
+ return "<input type='hidden' name='admin_csrf' value='". $_SESSION['admin_csrf'] . "'/>";
+}
git.p6c8.net / jirafeau_project.git / blobdiff