mirror of
https://github.com/moparisthebest/wallabag
synced 2024-11-23 17:42:15 -05:00
security fix
This commit is contained in:
parent
0f6273cdb8
commit
800868e27e
22
index.php
22
index.php
@ -63,9 +63,16 @@ if (! empty($notInstalledMessage)) {
|
||||
|
||||
# poche actions
|
||||
if (isset($_GET['login'])) {
|
||||
# hello you
|
||||
# hello to you
|
||||
$poche->login($referer);
|
||||
} elseif (isset($_GET['logout'])) {
|
||||
} elseif (isset($_GET['feed']) && isset($_GET['user_id'])) {
|
||||
$tag_id = (isset($_GET['tag_id']) ? intval($_GET['tag_id']) : 0);
|
||||
$poche->generateFeeds($_GET['token'], filter_var($_GET['user_id'],FILTER_SANITIZE_NUMBER_INT), $tag_id, $_GET['type']);
|
||||
}
|
||||
|
||||
if (Session::isLogged()) {
|
||||
|
||||
if (isset($_GET['logout'])) {
|
||||
# see you soon !
|
||||
$poche->logout();
|
||||
} elseif (isset($_GET['config'])) {
|
||||
@ -92,25 +99,18 @@ if (isset($_GET['login'])) {
|
||||
$poche->updateLanguage();
|
||||
} elseif (isset($_GET['uploadfile'])) {
|
||||
$poche->uploadFile();
|
||||
} elseif (isset($_GET['feed'])) {
|
||||
if (isset($_GET['action']) && $_GET['action'] == 'generate') {
|
||||
} elseif (isset($_GET['feed']) && isset($_GET['action']) && $_GET['action'] == 'generate') {
|
||||
$poche->generateToken();
|
||||
}
|
||||
else {
|
||||
$tag_id = (isset($_GET['tag_id']) ? intval($_GET['tag_id']) : 0);
|
||||
$poche->generateFeeds($_GET['token'], filter_var($_GET['user_id'],FILTER_SANITIZE_NUMBER_INT), $tag_id, $_GET['type']);
|
||||
}
|
||||
}
|
||||
|
||||
elseif (isset($_GET['plainurl']) && !empty($_GET['plainurl'])) {
|
||||
$plain_url = new Url(base64_encode($_GET['plainurl']));
|
||||
$poche->action('add', $plain_url);
|
||||
}
|
||||
|
||||
if (Session::isLogged()) {
|
||||
$poche->action($action, $url, $id);
|
||||
$tpl_file = Tools::getTplFile($view);
|
||||
$tpl_vars = array_merge($tpl_vars, $poche->displayView($view, $id));
|
||||
|
||||
} elseif(isset($_SERVER['PHP_AUTH_USER'])) {
|
||||
if($poche->store->userExists($_SERVER['PHP_AUTH_USER'])) {
|
||||
$poche->login($referer);
|
||||
|
Loading…
Reference in New Issue
Block a user