aboutsummaryrefslogtreecommitdiff
path: root/Neutron-trunk/api/admin
diff options
context:
space:
mode:
authorGitea <gitea@fake.local>2021-11-10 17:53:13 +0100
committerGitea <gitea@fake.local>2021-11-10 17:53:13 +0100
commit7b4af63a90a726b98a59b83e53f040a7a566a11d (patch)
treeb85747947816fe4375e85ab6b822ffabec548c7b /Neutron-trunk/api/admin
parent80f78c2925530e945503ab603e79d1acc53075f4 (diff)
downloadelectrode-7b4af63a90a726b98a59b83e53f040a7a566a11d.tar.gz
electrode-7b4af63a90a726b98a59b83e53f040a7a566a11d.tar.bz2
electrode-7b4af63a90a726b98a59b83e53f040a7a566a11d.zip
Update
Diffstat (limited to 'Neutron-trunk/api/admin')
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/appearance.php3
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/cache_content_reset.php0
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/cache_pages_update.php0
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/calendar_create.php2
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/calendar_delete.php2
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/calendar_nextevents.php2
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/create_page.php2
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/customization_colors.php2
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/customization_theme.php2
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/delete_page.php2
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/edit_page.php2
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/flag_disable.php2
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/flag_enable.php2
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/footer.php2
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/galery_create_category.php2
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/galery_delete_category.php2
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/galery_delete_image.php2
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/galery_label_picture.php2
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/galery_publish_photo.php2
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/galery_toggle_state.php2
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/instant_language_change.php2
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/login.php0
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/password.php2
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/rename_page.php2
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/reset.php4
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/save_advanced.php2
-rw-r--r--[-rwxr-xr-x]Neutron-trunk/api/admin/widgets.php2
27 files changed, 26 insertions, 25 deletions
diff --git a/Neutron-trunk/api/admin/appearance.php b/Neutron-trunk/api/admin/appearance.php
index 28ebe74..ec0eece 100755..100644
--- a/Neutron-trunk/api/admin/appearance.php
+++ b/Neutron-trunk/api/admin/appearance.php
@@ -2,8 +2,9 @@
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . "/api/lang/processor.php";
+$num_samples = 2;
-if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
if (isset($_POST['sitename'])) {
if (trim($_POST['sitename']) == "") {
diff --git a/Neutron-trunk/api/admin/cache_content_reset.php b/Neutron-trunk/api/admin/cache_content_reset.php
index 6e9e02b..6e9e02b 100755..100644
--- a/Neutron-trunk/api/admin/cache_content_reset.php
+++ b/Neutron-trunk/api/admin/cache_content_reset.php
diff --git a/Neutron-trunk/api/admin/cache_pages_update.php b/Neutron-trunk/api/admin/cache_pages_update.php
index 3122731..3122731 100755..100644
--- a/Neutron-trunk/api/admin/cache_pages_update.php
+++ b/Neutron-trunk/api/admin/cache_pages_update.php
diff --git a/Neutron-trunk/api/admin/calendar_create.php b/Neutron-trunk/api/admin/calendar_create.php
index eff4682..6384528 100755..100644
--- a/Neutron-trunk/api/admin/calendar_create.php
+++ b/Neutron-trunk/api/admin/calendar_create.php
@@ -3,7 +3,7 @@
require_once $_SERVER['DOCUMENT_ROOT'] . "/api/lang/processor.php";
-if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
} else {
diff --git a/Neutron-trunk/api/admin/calendar_delete.php b/Neutron-trunk/api/admin/calendar_delete.php
index edeb86d..720a2f5 100755..100644
--- a/Neutron-trunk/api/admin/calendar_delete.php
+++ b/Neutron-trunk/api/admin/calendar_delete.php
@@ -3,7 +3,7 @@
require_once $_SERVER['DOCUMENT_ROOT'] . "/api/lang/processor.php";
-if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
} else {
diff --git a/Neutron-trunk/api/admin/calendar_nextevents.php b/Neutron-trunk/api/admin/calendar_nextevents.php
index 6dc0cae..c6fbec7 100755..100644
--- a/Neutron-trunk/api/admin/calendar_nextevents.php
+++ b/Neutron-trunk/api/admin/calendar_nextevents.php
@@ -3,7 +3,7 @@
require_once $_SERVER['DOCUMENT_ROOT'] . "/api/lang/processor.php";
-if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
} else {
diff --git a/Neutron-trunk/api/admin/create_page.php b/Neutron-trunk/api/admin/create_page.php
index f7d67e7..cdffbff 100755..100644
--- a/Neutron-trunk/api/admin/create_page.php
+++ b/Neutron-trunk/api/admin/create_page.php
@@ -3,7 +3,7 @@
require_once $_SERVER['DOCUMENT_ROOT'] . "/api/lang/processor.php";
-if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
} else {
diff --git a/Neutron-trunk/api/admin/customization_colors.php b/Neutron-trunk/api/admin/customization_colors.php
index 9e650e8..d784134 100755..100644
--- a/Neutron-trunk/api/admin/customization_colors.php
+++ b/Neutron-trunk/api/admin/customization_colors.php
@@ -3,7 +3,7 @@
require_once $_SERVER['DOCUMENT_ROOT'] . "/api/lang/processor.php";
-if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
} else {
diff --git a/Neutron-trunk/api/admin/customization_theme.php b/Neutron-trunk/api/admin/customization_theme.php
index cc4d081..f161f43 100755..100644
--- a/Neutron-trunk/api/admin/customization_theme.php
+++ b/Neutron-trunk/api/admin/customization_theme.php
@@ -3,7 +3,7 @@
require_once $_SERVER['DOCUMENT_ROOT'] . "/api/lang/processor.php";
-if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
} else {
diff --git a/Neutron-trunk/api/admin/delete_page.php b/Neutron-trunk/api/admin/delete_page.php
index beaf8f0..be33058 100755..100644
--- a/Neutron-trunk/api/admin/delete_page.php
+++ b/Neutron-trunk/api/admin/delete_page.php
@@ -3,7 +3,7 @@
require_once $_SERVER['DOCUMENT_ROOT'] . "/api/lang/processor.php";
-if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
} else {
diff --git a/Neutron-trunk/api/admin/edit_page.php b/Neutron-trunk/api/admin/edit_page.php
index 17d84bb..cf88aaa 100755..100644
--- a/Neutron-trunk/api/admin/edit_page.php
+++ b/Neutron-trunk/api/admin/edit_page.php
@@ -8,7 +8,7 @@ if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log")) {
} else {
file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log", date("d/m/Y H:i:s") . " - API/" . $_SERVER['REQUEST_METHOD'] . " - " . $_SERVER['REQUEST_URI'] . " - " . $_SERVER['HTTP_USER_AGENT'] . "\n\n");
}
-if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
if (isset($_POST['content'])) {
if (isset($_POST['title'])) {
diff --git a/Neutron-trunk/api/admin/flag_disable.php b/Neutron-trunk/api/admin/flag_disable.php
index d15b667..92d940d 100755..100644
--- a/Neutron-trunk/api/admin/flag_disable.php
+++ b/Neutron-trunk/api/admin/flag_disable.php
@@ -3,7 +3,7 @@
require_once $_SERVER['DOCUMENT_ROOT'] . "/api/lang/processor.php";
-if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
} else {
diff --git a/Neutron-trunk/api/admin/flag_enable.php b/Neutron-trunk/api/admin/flag_enable.php
index 0f2a9f4..0f95e26 100755..100644
--- a/Neutron-trunk/api/admin/flag_enable.php
+++ b/Neutron-trunk/api/admin/flag_enable.php
@@ -3,7 +3,7 @@
require_once $_SERVER['DOCUMENT_ROOT'] . "/api/lang/processor.php";
-if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
} else {
diff --git a/Neutron-trunk/api/admin/footer.php b/Neutron-trunk/api/admin/footer.php
index 5422d0c..961f8ea 100755..100644
--- a/Neutron-trunk/api/admin/footer.php
+++ b/Neutron-trunk/api/admin/footer.php
@@ -8,7 +8,7 @@ if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log")) {
} else {
file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log", date("d/m/Y H:i:s") . " - API/" . $_SERVER['REQUEST_METHOD'] . " - " . $_SERVER['REQUEST_URI'] . " - " . $_SERVER['HTTP_USER_AGENT'] . "\n\n");
}
-if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
if (isset($_POST['footer'])) {
file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/footer", $_POST['footer']);
diff --git a/Neutron-trunk/api/admin/galery_create_category.php b/Neutron-trunk/api/admin/galery_create_category.php
index a849d05..26c63d4 100755..100644
--- a/Neutron-trunk/api/admin/galery_create_category.php
+++ b/Neutron-trunk/api/admin/galery_create_category.php
@@ -3,7 +3,7 @@
require_once $_SERVER['DOCUMENT_ROOT'] . "/api/lang/processor.php";
-if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
} else {
diff --git a/Neutron-trunk/api/admin/galery_delete_category.php b/Neutron-trunk/api/admin/galery_delete_category.php
index 603a5d0..0fb74e7 100755..100644
--- a/Neutron-trunk/api/admin/galery_delete_category.php
+++ b/Neutron-trunk/api/admin/galery_delete_category.php
@@ -3,7 +3,7 @@
require_once $_SERVER['DOCUMENT_ROOT'] . "/api/lang/processor.php";
-if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
} else {
diff --git a/Neutron-trunk/api/admin/galery_delete_image.php b/Neutron-trunk/api/admin/galery_delete_image.php
index 88ca220..a2dc112 100755..100644
--- a/Neutron-trunk/api/admin/galery_delete_image.php
+++ b/Neutron-trunk/api/admin/galery_delete_image.php
@@ -3,7 +3,7 @@
require_once $_SERVER['DOCUMENT_ROOT'] . "/api/lang/processor.php";
-if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
} else {
diff --git a/Neutron-trunk/api/admin/galery_label_picture.php b/Neutron-trunk/api/admin/galery_label_picture.php
index 07b3b59..4ce1ded 100755..100644
--- a/Neutron-trunk/api/admin/galery_label_picture.php
+++ b/Neutron-trunk/api/admin/galery_label_picture.php
@@ -3,7 +3,7 @@
require_once $_SERVER['DOCUMENT_ROOT'] . "/api/lang/processor.php";
-if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
} else {
diff --git a/Neutron-trunk/api/admin/galery_publish_photo.php b/Neutron-trunk/api/admin/galery_publish_photo.php
index a4c9628..8df004e 100755..100644
--- a/Neutron-trunk/api/admin/galery_publish_photo.php
+++ b/Neutron-trunk/api/admin/galery_publish_photo.php
@@ -3,7 +3,7 @@
require_once $_SERVER['DOCUMENT_ROOT'] . "/api/lang/processor.php";
-if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
} else {
diff --git a/Neutron-trunk/api/admin/galery_toggle_state.php b/Neutron-trunk/api/admin/galery_toggle_state.php
index 582faa9..224ec45 100755..100644
--- a/Neutron-trunk/api/admin/galery_toggle_state.php
+++ b/Neutron-trunk/api/admin/galery_toggle_state.php
@@ -3,7 +3,7 @@
require_once $_SERVER['DOCUMENT_ROOT'] . "/api/lang/processor.php";
-if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
} else {
diff --git a/Neutron-trunk/api/admin/instant_language_change.php b/Neutron-trunk/api/admin/instant_language_change.php
index c4fd575..1e5535f 100755..100644
--- a/Neutron-trunk/api/admin/instant_language_change.php
+++ b/Neutron-trunk/api/admin/instant_language_change.php
@@ -8,7 +8,7 @@ if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log")) {
} else {
file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log", date("d/m/Y H:i:s") . " - API/" . $_SERVER['REQUEST_METHOD'] . " - " . $_SERVER['REQUEST_URI'] . " - " . $_SERVER['HTTP_USER_AGENT'] . "\n\n");
}
-if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
if (isset($_POST['lang'])) {
file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/lang", $_POST['lang']);
diff --git a/Neutron-trunk/api/admin/login.php b/Neutron-trunk/api/admin/login.php
index 4a88f30..4a88f30 100755..100644
--- a/Neutron-trunk/api/admin/login.php
+++ b/Neutron-trunk/api/admin/login.php
diff --git a/Neutron-trunk/api/admin/password.php b/Neutron-trunk/api/admin/password.php
index a823721..ff57028 100755..100644
--- a/Neutron-trunk/api/admin/password.php
+++ b/Neutron-trunk/api/admin/password.php
@@ -46,7 +46,7 @@ if ($_POST['newpass'] == $_POST['newpassr']) {} else {
require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["passnewnomatch"]);
}
-if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
$tokens = scandir($_SERVER['DOCUMENT_ROOT'] . "/data/tokens");
foreach ($tokens as $token) {
diff --git a/Neutron-trunk/api/admin/rename_page.php b/Neutron-trunk/api/admin/rename_page.php
index 4091940..b7f023c 100755..100644
--- a/Neutron-trunk/api/admin/rename_page.php
+++ b/Neutron-trunk/api/admin/rename_page.php
@@ -3,7 +3,7 @@
require_once $_SERVER['DOCUMENT_ROOT'] . "/api/lang/processor.php";
-if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
} else {
diff --git a/Neutron-trunk/api/admin/reset.php b/Neutron-trunk/api/admin/reset.php
index 7c67207..f732ad9 100755..100644
--- a/Neutron-trunk/api/admin/reset.php
+++ b/Neutron-trunk/api/admin/reset.php
@@ -18,7 +18,7 @@ function rrmdir($dir) {
}
}
- if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+ if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
} else {
@@ -60,7 +60,7 @@ if ($keep) {
rrmdir($_SERVER['DOCUMENT_ROOT'] . "/resources/upload");
mkdir($_SERVER['DOCUMENT_ROOT'] . "/resources/upload");
copy($_SERVER['DOCUMENT_ROOT'] . "/resources/image/siteicon.png", $_SERVER['DOCUMENT_ROOT'] . "/resources/upload/siteicon.png");
- file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/widgets.json", '{"list":[],"settings":{}');
+ file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/widgets.json", '{"list":[]}');
rrmdir($_SERVER['DOCUMENT_ROOT'] . "/data/tokens");
rrmdir($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/cache");
mkdir($_SERVER['DOCUMENT_ROOT'] . "/data/tokens");
diff --git a/Neutron-trunk/api/admin/save_advanced.php b/Neutron-trunk/api/admin/save_advanced.php
index 179f22d..4d7c958 100755..100644
--- a/Neutron-trunk/api/admin/save_advanced.php
+++ b/Neutron-trunk/api/admin/save_advanced.php
@@ -13,7 +13,7 @@ if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log")) {
} else {
file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log", date("d/m/Y H:i:s") . " - API/" . $_SERVER['REQUEST_METHOD'] . " - " . $_SERVER['REQUEST_URI'] . " - " . $_SERVER['HTTP_USER_AGENT'] . "\n\n");
}
-if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
if (isset($_POST['content'])) {
if (true) {
diff --git a/Neutron-trunk/api/admin/widgets.php b/Neutron-trunk/api/admin/widgets.php
index 231543f..f87a01b 100755..100644
--- a/Neutron-trunk/api/admin/widgets.php
+++ b/Neutron-trunk/api/admin/widgets.php
@@ -3,7 +3,7 @@
require_once $_SERVER['DOCUMENT_ROOT'] . "/api/lang/processor.php";
-if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
} else {
© Floofi Systems, Some rights reserved. Powered by cgit.