moparisthebest/wallabag
1
0
Fork 0
mirror of https://github.com/moparisthebest/wallabag synced 2024-11-27 11:22:17 -05:00
Code Issues Releases Wiki Activity

security fix

Browse Source
This commit is contained in:
Maryana Rozhankivska 2014-07-24 17:47:23 +03:00
parent 0f6273cdb8
commit 800868e27e
1 changed files with 41 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
index.php
View File

@ -63,54 +63,54 @@ if (! empty($notInstalledMessage)) {
# poche actions # poche actions
if (isset($_GET['login'])) { if (isset($_GET['login'])) {
# hello you # hello to you
$poche->login($referer); $poche->login($referer);
} elseif (isset($_GET['logout'])) { } elseif (isset($_GET['feed']) && isset($_GET['user_id'])) {
# see you soon ! $tag_id = (isset($_GET['tag_id']) ? intval($_GET['tag_id']) : 0);
$poche->logout(); $poche->generateFeeds($_GET['token'], filter_var($_GET['user_id'],FILTER_SANITIZE_NUMBER_INT), $tag_id, $_GET['type']);
} elseif (isset($_GET['config'])) {
# Update password
$poche->updatePassword();
} elseif (isset($_GET['newuser'])) {
$poche->createNewUser();
} elseif (isset($_GET['deluser'])) {
$poche->deleteUser();
} elseif (isset($_GET['epub'])) {
$poche->createEpub();
} elseif (isset($_GET['import'])) {
$import = $poche->import();
$tpl_vars = array_merge($tpl_vars, $import);
} elseif (isset($_GET['download'])) {
Tools::download_db();
} elseif (isset($_GET['empty-cache'])) {
$poche->emptyCache();
} elseif (isset($_GET['export'])) {
$poche->export();
} elseif (isset($_GET['updatetheme'])) {
$poche->updateTheme();
} elseif (isset($_GET['updatelanguage'])) {
$poche->updateLanguage();
} elseif (isset($_GET['uploadfile'])) {
$poche->uploadFile();
} elseif (isset($_GET['feed'])) {
if (isset($_GET['action']) && $_GET['action'] == 'generate') {
$poche->generateToken();
}
else {
$tag_id = (isset($_GET['tag_id']) ? intval($_GET['tag_id']) : 0);
$poche->generateFeeds($_GET['token'], filter_var($_GET['user_id'],FILTER_SANITIZE_NUMBER_INT), $tag_id, $_GET['type']);
}
}
elseif (isset($_GET['plainurl']) && !empty($_GET['plainurl'])) {
$plain_url = new Url(base64_encode($_GET['plainurl']));
$poche->action('add', $plain_url);
} }
if (Session::isLogged()) { if (Session::isLogged()) {
if (isset($_GET['logout'])) {
# see you soon !
$poche->logout();
} elseif (isset($_GET['config'])) {
# Update password
$poche->updatePassword();
} elseif (isset($_GET['newuser'])) {
$poche->createNewUser();
} elseif (isset($_GET['deluser'])) {
$poche->deleteUser();
} elseif (isset($_GET['epub'])) {
$poche->createEpub();
} elseif (isset($_GET['import'])) {
$import = $poche->import();
$tpl_vars = array_merge($tpl_vars, $import);
} elseif (isset($_GET['download'])) {
Tools::download_db();
} elseif (isset($_GET['empty-cache'])) {
$poche->emptyCache();
} elseif (isset($_GET['export'])) {
$poche->export();
} elseif (isset($_GET['updatetheme'])) {
$poche->updateTheme();
} elseif (isset($_GET['updatelanguage'])) {
$poche->updateLanguage();
} elseif (isset($_GET['uploadfile'])) {
$poche->uploadFile();
} elseif (isset($_GET['feed']) && isset($_GET['action']) && $_GET['action'] == 'generate') {
$poche->generateToken();
}
elseif (isset($_GET['plainurl']) && !empty($_GET['plainurl'])) {
$plain_url = new Url(base64_encode($_GET['plainurl']));
$poche->action('add', $plain_url);
}
$poche->action($action, $url, $id); $poche->action($action, $url, $id);
$tpl_file = Tools::getTplFile($view); $tpl_file = Tools::getTplFile($view);
$tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id)); $tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id));
} elseif(isset($_SERVER['PHP_AUTH_USER'])) { } elseif(isset($_SERVER['PHP_AUTH_USER'])) {
if($poche->store->userExists($_SERVER['PHP_AUTH_USER'])) { if($poche->store->userExists($_SERVER['PHP_AUTH_USER'])) {
$poche->login($referer); $poche->login($referer);