gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-05-14 05:31:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'seeddms-5.1.x' into seeddms-6.0.x

Browse Source
This commit is contained in:
Uwe Steinmann 2022-03-28 08:31:40 +02:00
commit 988dc9deff
5 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG
View File

@ -228,6 +228,7 @@
- output splash message when removing, editing, adding a category or keyword - output splash message when removing, editing, adding a category or keyword
- extensions cannot be disabled/enabled if configuration file is not writeable - extensions cannot be disabled/enabled if configuration file is not writeable
- prevent cross site scripting in views/bootstrap/class.DefaultKeywords.php - prevent cross site scripting in views/bootstrap/class.DefaultKeywords.php
- fix possible DoS in op/op.RemoveLog.php
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
Changes in version 5.1.24 Changes in version 5.1.24

2
op/op.Download.php
View File

@ -129,7 +129,7 @@ elseif (isset($_GET["arkname"])) { /* {{{ */
$controller->archive(); $controller->archive();
} /* }}} */ } /* }}} */
elseif (isset($_GET["logname"])) { /* {{{ */ elseif (isset($_GET["logname"])) { /* {{{ */
$filename = basename($_GET["logname"]); $filename = basename($_GET["logname"], '.log').'.log';
// log download // log download

1
op/op.RemoveLog.php
View File

@ -41,6 +41,7 @@ if (!isset($_POST["lognames"]) || !is_array($_POST["lognames"])) {
$lognames = $_POST["lognames"]; $lognames = $_POST["lognames"];
foreach($lognames as $file) { foreach($lognames as $file) {
$file = basename($file, '.log').'.log';
if(!file_exists($settings->_contentDir.'log/'.$file)) { if(!file_exists($settings->_contentDir.'log/'.$file)) {
UI::exitError(getMLText("admin_tools"),getMLText("unknown_id")); UI::exitError(getMLText("admin_tools"),getMLText("unknown_id"));
} }

2
out/out.LogManagement.php
View File

@ -35,7 +35,7 @@ if (!$accessop->check_view_access($view, $_GET)) {
UI::exitError(getMLText("admin_tools"),getMLText("access_denied")); UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
} }
if (isset($_GET["logname"])) $logname=basename($_GET["logname"]); if (isset($_GET["logname"])) $logname=basename($_GET["logname"], '.log').'.log';
else $logname=NULL; else $logname=NULL;
if (isset($_GET["mode"])) $mode=$_GET["mode"]; if (isset($_GET["mode"])) $mode=$_GET["mode"];

1
out/out.RemoveLog.php
View File

@ -49,6 +49,7 @@ if(!is_array($_GET["logname"]))
else else
$lognames = $_GET["logname"]; $lognames = $_GET["logname"];
foreach($lognames as $file) { foreach($lognames as $file) {
$file = basename($file, '.log').'.log';
if(!file_exists($settings->_contentDir.'log/'.$file)) { if(!file_exists($settings->_contentDir.'log/'.$file)) {
UI::exitError(getMLText("admin_tools"),getMLText("unknown_id")); UI::exitError(getMLText("admin_tools"),getMLText("unknown_id"));
} }