diff options
author | Maryana Rozhankivska <mariroz@mr.lviv.ua> | 2014-07-24 17:47:23 +0300 |
---|---|---|
committer | Maryana Rozhankivska <mariroz@mr.lviv.ua> | 2014-07-24 17:47:23 +0300 |
commit | 800868e27ea9cb73b889537be6ff35c88fb9e443 (patch) | |
tree | 577b84f17c1e617ac139cbca48778c36058d534d /index.php | |
parent | 0f6273cdb8c77436593782d42f271fddc7a7875d (diff) | |
download | wallabag-800868e27ea9cb73b889537be6ff35c88fb9e443.tar.gz wallabag-800868e27ea9cb73b889537be6ff35c88fb9e443.tar.zst wallabag-800868e27ea9cb73b889537be6ff35c88fb9e443.zip |
security fix
Diffstat (limited to 'index.php')
-rwxr-xr-x | index.php | 82 |
1 files changed, 41 insertions, 41 deletions
@@ -63,54 +63,54 @@ if (! empty($notInstalledMessage)) { | |||
63 | 63 | ||
64 | # poche actions | 64 | # poche actions |
65 | if (isset($_GET['login'])) { | 65 | if (isset($_GET['login'])) { |
66 | # hello you | 66 | # hello to you |
67 | $poche->login($referer); | 67 | $poche->login($referer); |
68 | } elseif (isset($_GET['logout'])) { | 68 | } elseif (isset($_GET['feed']) && isset($_GET['user_id'])) { |
69 | # see you soon ! | 69 | $tag_id = (isset($_GET['tag_id']) ? intval($_GET['tag_id']) : 0); |
70 | $poche->logout(); | 70 | $poche->generateFeeds($_GET['token'], filter_var($_GET['user_id'],FILTER_SANITIZE_NUMBER_INT), $tag_id, $_GET['type']); |
71 | } elseif (isset($_GET['config'])) { | ||
72 | # Update password | ||
73 | $poche->updatePassword(); | ||
74 | } elseif (isset($_GET['newuser'])) { | ||
75 | $poche->createNewUser(); | ||
76 | } elseif (isset($_GET['deluser'])) { | ||
77 | $poche->deleteUser(); | ||
78 | } elseif (isset($_GET['epub'])) { | ||
79 | $poche->createEpub(); | ||
80 | } elseif (isset($_GET['import'])) { | ||
81 | $import = $poche->import(); | ||
82 | $tpl_vars = array_merge($tpl_vars, $import); | ||
83 | } elseif (isset($_GET['download'])) { | ||
84 | Tools::download_db(); | ||
85 | } elseif (isset($_GET['empty-cache'])) { | ||
86 | $poche->emptyCache(); | ||
87 | } elseif (isset($_GET['export'])) { | ||
88 | $poche->export(); | ||
89 | } elseif (isset($_GET['updatetheme'])) { | ||
90 | $poche->updateTheme(); | ||
91 | } elseif (isset($_GET['updatelanguage'])) { | ||
92 | $poche->updateLanguage(); | ||
93 | } elseif (isset($_GET['uploadfile'])) { | ||
94 | $poche->uploadFile(); | ||
95 | } elseif (isset($_GET['feed'])) { | ||
96 | if (isset($_GET['action']) && $_GET['action'] == 'generate') { | ||
97 | $poche->generateToken(); | ||
98 | } | ||
99 | else { | ||
100 | $tag_id = (isset($_GET['tag_id']) ? intval($_GET['tag_id']) : 0); | ||
101 | $poche->generateFeeds($_GET['token'], filter_var($_GET['user_id'],FILTER_SANITIZE_NUMBER_INT), $tag_id, $_GET['type']); | ||
102 | } | ||
103 | } | ||
104 | |||
105 | elseif (isset($_GET['plainurl']) && !empty($_GET['plainurl'])) { | ||
106 | $plain_url = new Url(base64_encode($_GET['plainurl'])); | ||
107 | $poche->action('add', $plain_url); | ||
108 | } | 71 | } |
109 | 72 | ||
110 | if (Session::isLogged()) { | 73 | if (Session::isLogged()) { |
74 | |||
75 | if (isset($_GET['logout'])) { | ||
76 | # see you soon ! | ||
77 | $poche->logout(); | ||
78 | } elseif (isset($_GET['config'])) { | ||
79 | # Update password | ||
80 | $poche->updatePassword(); | ||
81 | } elseif (isset($_GET['newuser'])) { | ||
82 | $poche->createNewUser(); | ||
83 | } elseif (isset($_GET['deluser'])) { | ||
84 | $poche->deleteUser(); | ||
85 | } elseif (isset($_GET['epub'])) { | ||
86 | $poche->createEpub(); | ||
87 | } elseif (isset($_GET['import'])) { | ||
88 | $import = $poche->import(); | ||
89 | $tpl_vars = array_merge($tpl_vars, $import); | ||
90 | } elseif (isset($_GET['download'])) { | ||
91 | Tools::download_db(); | ||
92 | } elseif (isset($_GET['empty-cache'])) { | ||
93 | $poche->emptyCache(); | ||
94 | } elseif (isset($_GET['export'])) { | ||
95 | $poche->export(); | ||
96 | } elseif (isset($_GET['updatetheme'])) { | ||
97 | $poche->updateTheme(); | ||
98 | } elseif (isset($_GET['updatelanguage'])) { | ||
99 | $poche->updateLanguage(); | ||
100 | } elseif (isset($_GET['uploadfile'])) { | ||
101 | $poche->uploadFile(); | ||
102 | } elseif (isset($_GET['feed']) && isset($_GET['action']) && $_GET['action'] == 'generate') { | ||
103 | $poche->generateToken(); | ||
104 | } | ||
105 | elseif (isset($_GET['plainurl']) && !empty($_GET['plainurl'])) { | ||
106 | $plain_url = new Url(base64_encode($_GET['plainurl'])); | ||
107 | $poche->action('add', $plain_url); | ||
108 | } | ||
109 | |||
111 | $poche->action($action, $url, $id); | 110 | $poche->action($action, $url, $id); |
112 | $tpl_file = Tools::getTplFile($view); | 111 | $tpl_file = Tools::getTplFile($view); |
113 | $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id)); | 112 | $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id)); |
113 | |||
114 | } elseif(isset($_SERVER['PHP_AUTH_USER'])) { | 114 | } elseif(isset($_SERVER['PHP_AUTH_USER'])) { |
115 | if($poche->store->userExists($_SERVER['PHP_AUTH_USER'])) { | 115 | if($poche->store->userExists($_SERVER['PHP_AUTH_USER'])) { |
116 | $poche->login($referer); | 116 | $poche->login($referer); |