aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
diff options
context:
space:
mode:
authorMaryana Rozhankivska <mariroz@mr.lviv.ua>2014-07-24 17:47:23 +0300
committerMaryana Rozhankivska <mariroz@mr.lviv.ua>2014-07-24 17:47:23 +0300
commit800868e27ea9cb73b889537be6ff35c88fb9e443 (patch)
tree577b84f17c1e617ac139cbca48778c36058d534d /index.php
parent0f6273cdb8c77436593782d42f271fddc7a7875d (diff)
downloadwallabag-800868e27ea9cb73b889537be6ff35c88fb9e443.tar.gz
wallabag-800868e27ea9cb73b889537be6ff35c88fb9e443.tar.zst
wallabag-800868e27ea9cb73b889537be6ff35c88fb9e443.zip
security fix
Diffstat (limited to 'index.php')
-rwxr-xr-xindex.php82
1 files changed, 41 insertions, 41 deletions
diff --git a/index.php b/index.php
index 481841ec..2c532c0e 100755
--- a/index.php
+++ b/index.php
@@ -63,54 +63,54 @@ if (! empty($notInstalledMessage)) {
63 63
64# poche actions 64# poche actions
65if (isset($_GET['login'])) { 65if (isset($_GET['login'])) {
66 # hello you 66 # hello to you
67 $poche->login($referer); 67 $poche->login($referer);
68} elseif (isset($_GET['logout'])) { 68} elseif (isset($_GET['feed']) && isset($_GET['user_id'])) {
69 # see you soon ! 69 $tag_id = (isset($_GET['tag_id']) ? intval($_GET['tag_id']) : 0);
70 $poche->logout(); 70 $poche->generateFeeds($_GET['token'], filter_var($_GET['user_id'],FILTER_SANITIZE_NUMBER_INT), $tag_id, $_GET['type']);
71} elseif (isset($_GET['config'])) {
72 # Update password
73 $poche->updatePassword();
74} elseif (isset($_GET['newuser'])) {
75 $poche->createNewUser();
76} elseif (isset($_GET['deluser'])) {
77 $poche->deleteUser();
78} elseif (isset($_GET['epub'])) {
79 $poche->createEpub();
80} elseif (isset($_GET['import'])) {
81 $import = $poche->import();
82 $tpl_vars = array_merge($tpl_vars, $import);
83} elseif (isset($_GET['download'])) {
84 Tools::download_db();
85} elseif (isset($_GET['empty-cache'])) {
86 $poche->emptyCache();
87} elseif (isset($_GET['export'])) {
88 $poche->export();
89} elseif (isset($_GET['updatetheme'])) {
90 $poche->updateTheme();
91} elseif (isset($_GET['updatelanguage'])) {
92 $poche->updateLanguage();
93} elseif (isset($_GET['uploadfile'])) {
94 $poche->uploadFile();
95} elseif (isset($_GET['feed'])) {
96 if (isset($_GET['action']) && $_GET['action'] == 'generate') {
97 $poche->generateToken();
98 }
99 else {
100 $tag_id = (isset($_GET['tag_id']) ? intval($_GET['tag_id']) : 0);
101 $poche->generateFeeds($_GET['token'], filter_var($_GET['user_id'],FILTER_SANITIZE_NUMBER_INT), $tag_id, $_GET['type']);
102 }
103}
104
105elseif (isset($_GET['plainurl']) && !empty($_GET['plainurl'])) {
106 $plain_url = new Url(base64_encode($_GET['plainurl']));
107 $poche->action('add', $plain_url);
108} 71}
109 72
110if (Session::isLogged()) { 73if (Session::isLogged()) {
74
75 if (isset($_GET['logout'])) {
76 # see you soon !
77 $poche->logout();
78 } elseif (isset($_GET['config'])) {
79 # Update password
80 $poche->updatePassword();
81 } elseif (isset($_GET['newuser'])) {
82 $poche->createNewUser();
83 } elseif (isset($_GET['deluser'])) {
84 $poche->deleteUser();
85 } elseif (isset($_GET['epub'])) {
86 $poche->createEpub();
87 } elseif (isset($_GET['import'])) {
88 $import = $poche->import();
89 $tpl_vars = array_merge($tpl_vars, $import);
90 } elseif (isset($_GET['download'])) {
91 Tools::download_db();
92 } elseif (isset($_GET['empty-cache'])) {
93 $poche->emptyCache();
94 } elseif (isset($_GET['export'])) {
95 $poche->export();
96 } elseif (isset($_GET['updatetheme'])) {
97 $poche->updateTheme();
98 } elseif (isset($_GET['updatelanguage'])) {
99 $poche->updateLanguage();
100 } elseif (isset($_GET['uploadfile'])) {
101 $poche->uploadFile();
102 } elseif (isset($_GET['feed']) && isset($_GET['action']) && $_GET['action'] == 'generate') {
103 $poche->generateToken();
104 }
105 elseif (isset($_GET['plainurl']) && !empty($_GET['plainurl'])) {
106 $plain_url = new Url(base64_encode($_GET['plainurl']));
107 $poche->action('add', $plain_url);
108 }
109
111 $poche->action($action, $url, $id); 110 $poche->action($action, $url, $id);
112 $tpl_file = Tools::getTplFile($view); 111 $tpl_file = Tools::getTplFile($view);
113 $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id)); 112 $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id));
113
114} elseif(isset($_SERVER['PHP_AUTH_USER'])) { 114} elseif(isset($_SERVER['PHP_AUTH_USER'])) {
115 if($poche->store->userExists($_SERVER['PHP_AUTH_USER'])) { 115 if($poche->store->userExists($_SERVER['PHP_AUTH_USER'])) {
116 $poche->login($referer); 116 $poche->login($referer);