diff options
author | Maryana Rozhankivska <mariroz@mr.lviv.ua> | 2014-07-24 16:48:41 +0300 |
---|---|---|
committer | Maryana Rozhankivska <mariroz@mr.lviv.ua> | 2014-07-24 16:48:41 +0300 |
commit | 7dd8b5026d0ae52fc5be001ee224aac72f3e7b25 (patch) | |
tree | 333ac92d8182ff498361c45f38bfea6aa66b84ea /inc/poche/Routing.class.php | |
parent | 6da20812ce04e3e45c21c6da640d6ccde91e8c38 (diff) | |
download | wallabag-7dd8b5026d0ae52fc5be001ee224aac72f3e7b25.tar.gz wallabag-7dd8b5026d0ae52fc5be001ee224aac72f3e7b25.tar.zst wallabag-7dd8b5026d0ae52fc5be001ee224aac72f3e7b25.zip |
security issue
Diffstat (limited to 'inc/poche/Routing.class.php')
-rwxr-xr-x[-rw-r--r--] | inc/poche/Routing.class.php | 83 |
1 files changed, 43 insertions, 40 deletions
diff --git a/inc/poche/Routing.class.php b/inc/poche/Routing.class.php index eb4c4d90..653fa900 100644..100755 --- a/inc/poche/Routing.class.php +++ b/inc/poche/Routing.class.php | |||
@@ -97,50 +97,53 @@ class Routing | |||
97 | 97 | ||
98 | private function _launchAction() | 98 | private function _launchAction() |
99 | { | 99 | { |
100 | if (isset($_GET['login'])) { | 100 | if (isset($_GET['login'])) { |
101 | // hello you | 101 | // hello to you |
102 | $this->wallabag->login($this->referer); | 102 | $this->wallabag->login($this->referer); |
103 | } elseif (isset($_GET['logout'])) { | 103 | } elseif (isset($_GET['feed']) && isset($_GET['user_id'])) { |
104 | // see you soon ! | 104 | $tag_id = (isset($_GET['tag_id']) ? intval($_GET['tag_id']) : 0); |
105 | $this->wallabag->logout(); | 105 | $this->wallabag->generateFeeds($_GET['token'], filter_var($_GET['user_id'],FILTER_SANITIZE_NUMBER_INT), $tag_id, $_GET['type']); |
106 | } elseif (isset($_GET['config'])) { | 106 | } |
107 | // update password | 107 | |
108 | $this->wallabag->updatePassword($_POST['password'], $_POST['password_repeat']); | 108 | //allowed ONLY to logged in user |
109 | } elseif (isset($_GET['newuser'])) { | 109 | if ( \Session::isLogged() === true ) |
110 | $this->wallabag->createNewUser($_POST['newusername'], $_POST['password4newuser']); | 110 | { |
111 | } elseif (isset($_GET['deluser'])) { | 111 | if (isset($_GET['logout'])) { |
112 | $this->wallabag->deleteUser($_POST['password4deletinguser']); | 112 | // see you soon ! |
113 | } elseif (isset($_GET['epub'])) { | 113 | $this->wallabag->logout(); |
114 | $epub = new WallabagEpub($this->wallabag, $_GET['method'], $_GET['id'], $_GET['value']); | 114 | } elseif (isset($_GET['config'])) { |
115 | $epub->run(); | 115 | // update password |
116 | } elseif (isset($_GET['import'])) { | 116 | $this->wallabag->updatePassword($_POST['password'], $_POST['password_repeat']); |
117 | $import = $this->wallabag->import(); | 117 | } elseif (isset($_GET['newuser'])) { |
118 | $tplVars = array_merge($this->vars, $import); | 118 | $this->wallabag->createNewUser($_POST['newusername'], $_POST['password4newuser']); |
119 | } elseif (isset($_GET['download'])) { | 119 | } elseif (isset($_GET['deluser'])) { |
120 | Tools::downloadDb(); | 120 | $this->wallabag->deleteUser($_POST['password4deletinguser']); |
121 | } elseif (isset($_GET['empty-cache'])) { | 121 | } elseif (isset($_GET['epub'])) { |
122 | Tools::emptyCache(); | 122 | $epub = new WallabagEpub($this->wallabag, $_GET['method'], $_GET['id'], $_GET['value']); |
123 | } elseif (isset($_GET['export'])) { | 123 | $epub->run(); |
124 | $this->wallabag->export(); | 124 | } elseif (isset($_GET['import'])) { |
125 | } elseif (isset($_GET['updatetheme'])) { | 125 | $import = $this->wallabag->import(); |
126 | $this->wallabag->tpl->updateTheme($_POST['theme']); | 126 | $tplVars = array_merge($this->vars, $import); |
127 | } elseif (isset($_GET['updatelanguage'])) { | 127 | } elseif (isset($_GET['download'])) { |
128 | $this->wallabag->language->updateLanguage($_POST['language']); | 128 | Tools::downloadDb(); |
129 | } elseif (isset($_GET['uploadfile'])) { | 129 | } elseif (isset($_GET['empty-cache'])) { |
130 | $this->wallabag->uploadFile(); | 130 | Tools::emptyCache(); |
131 | } elseif (isset($_GET['feed'])) { | 131 | } elseif (isset($_GET['export'])) { |
132 | if (isset($_GET['action']) && $_GET['action'] == 'generate') { | 132 | $this->wallabag->export(); |
133 | } elseif (isset($_GET['updatetheme'])) { | ||
134 | $this->wallabag->tpl->updateTheme($_POST['theme']); | ||
135 | } elseif (isset($_GET['updatelanguage'])) { | ||
136 | $this->wallabag->language->updateLanguage($_POST['language']); | ||
137 | } elseif (isset($_GET['uploadfile'])) { | ||
138 | $this->wallabag->uploadFile(); | ||
139 | } elseif (isset($_GET['feed']) && isset($_GET['action']) && $_GET['action'] == 'generate') { | ||
133 | $this->wallabag->updateToken(); | 140 | $this->wallabag->updateToken(); |
134 | } | 141 | } |
135 | else { | 142 | elseif (isset($_GET['plainurl']) && !empty($_GET['plainurl'])) { |
136 | $tag_id = (isset($_GET['tag_id']) ? intval($_GET['tag_id']) : 0); | 143 | $plainUrl = new Url(base64_encode($_GET['plainurl'])); |
137 | $this->wallabag->generateFeeds($_GET['token'], filter_var($_GET['user_id'],FILTER_SANITIZE_NUMBER_INT), $tag_id, $_GET['type']); | 144 | $this->wallabag->action('add', $plainUrl); |
138 | } | 145 | } |
139 | } | 146 | } |
140 | elseif (isset($_GET['plainurl']) && !empty($_GET['plainurl'])) { | ||
141 | $plainUrl = new Url(base64_encode($_GET['plainurl'])); | ||
142 | $this->wallabag->action('add', $plainUrl); | ||
143 | } | ||
144 | } | 147 | } |
145 | 148 | ||
146 | public function _render($file, $vars) | 149 | public function _render($file, $vars) |