Security fix

author shizuki <shizuki@1ca29b6e-896d-4ea0-84a5-967f57386b96>

Mon, 2 Oct 2006 07:30:33 +0000 (07:30 +0000)

committer shizuki <shizuki@1ca29b6e-896d-4ea0-84a5-967f57386b96>

Mon, 2 Oct 2006 07:30:33 +0000 (07:30 +0000)
author shizuki <shizuki@1ca29b6e-896d-4ea0-84a5-967f57386b96>
Mon, 2 Oct 2006 07:30:33 +0000 (07:30 +0000)
committer shizuki <shizuki@1ca29b6e-896d-4ea0-84a5-967f57386b96>
Mon, 2 Oct 2006 07:30:33 +0000 (07:30 +0000)
diff --git a/trunk/NP_Dtree/NP_Dtree.php b/trunk/NP_Dtree/NP_Dtree.php

index 7769abe..7baea41 100644 (file)
--- a/trunk/NP_Dtree/NP_Dtree.php
+++ b/trunk/NP_Dtree/NP_Dtree.php
@@ -1,29 +1,41 @@
  <?
-// plugin needs to work on Nucleus versions <=2.0 as well
-if (!function_exists('sql_table')){
-       function sql_table($name) {
-               return 'nucleus_' . $name;
-       }
-}
+/**
+ * 
+ * 0.93 sec fix
+ *             subcategory link bug fix
+ * 
+ */
  
+class NP_Dtree extends NucleusPlugin
+{
  
-class NP_Dtree extends NucleusPlugin {
-       function getName() {
+       function getName()
+       {
                 return 'Navigation Tree'; 
         }
-       function getAuthor() { 
-               return 'nakahara21'; 
+
+       function getAuthor()
+       { 
+               return 'nakahara21 + shizuki'; 
         }
-       function getURL() {
+
+       function getURL()
+       {
                 return 'http://nakahara21.com/'; 
         }
-       function getVersion() {
-               return '0.92'; 
+
+       function getVersion()
+       {
+               return '0.93'; 
         }
-       function getDescription() { 
+
+       function getDescription()
+       { 
                 return 'Show Navigation Tree. Usage: &lt;%Dtree()%&gt;';
         }
-       function supportsFeature($what) {
+
+       function supportsFeature($what)
+       {
                 switch($what){
                         case 'SqlTablePrefix':
                                 return 1;
@@ -32,33 +44,52 @@ class NP_Dtree extends NucleusPlugin {
                 }
         }
  
-       function doSkinVar($skinType, $itemid=0) { 
+       function doSkinVar($skinType, $itemid=0)
+       { 
                 global $blogid, $catid, $subcatid;
+               if (is_numeric($blogid)) {
+                       $blogid = intval($blogid);
+               } else {
+                       $id = getBlogIDFromName($blogid);
+                       $blogid = intval($id);
+               }
+               $itemid = intval($itemid);
+               $catid = intval($catid);
+               $subcatid = intval($subcatid);
                 
-               $randomID = 'tree'.uniqid(rand());
+               $randomID = 'tree' . uniqid(rand());
  
-               echo '<script type="text/javascript" src="'.$this->getAdminURL().'dtree.php"></script>';
+               echo '<script type="text/javascript" src="' .
+                                       htmlspecialchars($this->getAdminURL()) . 'dtree.php"></script>';
  
-               if($skinType == 'template'){
-                       echo '<script type="text/javascript" src="' . $this->getAdminURL() . 'dtreedata.php?o='.$randomID.'a&amp;bid=' . $blogid . '&amp;id='.$itemid.'"></script>';
-                       echo '<a href="javascript: '.$randomID.'a.openAll();">open all</a> | <a href="javascript: '.$randomID.'a.closeAll();">close all</a>';
+               if ($skinType == 'template') {
+                       echo '<script type="text/javascript" src="' .
+                                       htmlspecialchars($this->getAdminURL()) . 'dtreedata.php?o=' .
+                                       $randomID.'a&amp;bid=' . $blogid . '&amp;id=' . $itemid . '"></script>';
+                       echo '<a href="javascript: ' . $randomID . 'a.openAll();">open all</a>' .
+                                       ' | <a href="javascript: ' . $randomID . 'a.closeAll();">close all</a>';
                         return;
                 }
  
                 $eq = '';
-               if($catid)
-                       $eq .= '&amp;cid='.$catid;
-               if($subcatid)
-                       $eq .= '&amp;sid='.$subcatid;
+               if (!empty($catid)) {
+               }       $eq .= '&amp;cid=' . $catid;
+               if (!empty($subcatid)) {
+                       $eq .= '&amp;sid=' . $subcatid;
+               }
  
-               echo '<script type="text/javascript" src="' . $this->getAdminURL() . 'dtreedata.php?o='.$randomID.'d&amp;bid=' . $blogid . $eq . '"></script>';
-               echo '<a href="javascript: '.$randomID.'d.openAll();">open all</a> | <a href="javascript: '.$randomID.'d.closeAll();">close all</a>';
+               echo '<script type="text/javascript" src="' .
+                               htmlspecialchars($this->getAdminURL()) . 'dtreedata.php?o=' . $randomID . 'd&amp;bid=' .
+                               $blogid . $eq . '"></script>';
+               echo '<a href="javascript: '.$randomID.'d.openAll();">open all</a>' .
+                               ' | <a href="javascript: ' . $randomID . 'd.closeAll();">close all</a>';
  
         }
  
-               function doTemplateVar(&$item) {
-                       $this->doSkinVar('template', $item->itemid);
-               }
+       function doTemplateVar(&$item)
+       {
+               $this->doSkinVar('template', $item->itemid);
+       }
  
  }
  ?>
 \ No newline at end of file
diff --git a/trunk/NP_Dtree/dtree/dtree.php b/trunk/NP_Dtree/dtree/dtree.php

index d4b65e1..6266a5a 100644 (file)
--- a/trunk/NP_Dtree/dtree/dtree.php
+++ b/trunk/NP_Dtree/dtree/dtree.php
@@ -25,7 +25,7 @@ function Node(id, pid, name, url, title, target, icon, iconOpen, open) {
  \r
  // Tree object\r
  function dTree(objName) {\r
-       this.config = {\r                target                                  : null,\r                folderLinks                     : true,\r                useSelection            : false,\r               useCookies                      : false,\r               useLines                                : true,\r                useIcons                                : true,\r                useStatusText           : false,\r               closeSameLevel  : false,\r               inOrder                                 : false\r        }\r
+       this.config = {\r                target                  : null,\r                folderLinks             : true,\r                useSelection    : false,\r               useCookies              : false,\r               useLines                : true,\r                useIcons                : true,\r                useStatusText   : false,\r               closeSameLevel  : false,\r               inOrder                 : false\r        }\r
         this.icon = {\r
                 root                    : imgpath + 'img/base.gif',\r            folder                  : imgpath + 'img/folder.gif',\r          folderOpen              : imgpath + 'img/folderopen.gif',\r//            node                    : imgpath + 'img/page.gif',\r            node                    : imgpath + 'img/folder.gif',\r          empty                   : imgpath + 'img/empty.gif',\r           line                    : imgpath + 'img/line.gif',\r            join                    : imgpath + 'img/join.gif',\r            joinBottom              : imgpath + 'img/joinbottom.gif',\r              plus                    : imgpath + 'img/plus.gif',\r            plusBottom              : imgpath + 'img/plusbottom.gif',\r              minus                   : imgpath + 'img/minus.gif',\r           minusBottom             : imgpath + 'img/minusbottom.gif',\r             nlPlus                  : imgpath + 'img/nolines_plus.gif',\r            nlMinus                 : imgpath + 'img/nolines_minus.gif'\r
         };\r
diff --git a/trunk/NP_Dtree/dtree/dtreedata.php b/trunk/NP_Dtree/dtree/dtreedata.php

index 0b02155..31ae8a7 100644 (file)
--- a/trunk/NP_Dtree/dtree/dtreedata.php
+++ b/trunk/NP_Dtree/dtree/dtreedata.php
@@ -1,16 +1,34 @@
  <?php
-       $strRel = '../../../';
-       include($strRel . 'config.php');
+//     $strRel = '../../../';
+//     include($strRel . 'config.php');
  
         $usePathInfo = ($CONF['URLMode'] == 'pathinfo');
  
-       if ($usePathInfo)
-               include($strRel . 'fancyurls.config.php');
+       if ($usePathInfo) {
+               if (empty($CONF['ItemKey'])) {
+                       $CONF['ItemKey'] = 'item';
+               }
+               if (empty($CONF['ArchiveKey'])) {
+                       $CONF['ArchiveKey'] = 'archive';
+               }
+               if (empty($CONF['ArchivesKey'])) {
+                       $CONF['ArchivesKey'] = 'archives';
+               }
+               if (empty($CONF['MemberKey'])) {
+                       $CONF['MemberKey'] = 'member';
+               }
+               if (empty($CONF['BlogKey'])) {
+                       $CONF['BlogKey'] = 'blog';
+               }
+               if (empty($CONF['CategoryKey'])) {
+                       $CONF['CategoryKey'] = 'category';
+               }
+       }
  
-       $CategoryKey = ($usePathInfo)? $CONF['CategoryKey']: 'catid';
+       $CategoryKey = ($usePathInfo) ? $CONF['CategoryKey'] : 'catid';
  
         $objectId = requestVar('o');
-       $blogid = requestVar('bid');
+       $blogid = intval(requestVar('bid'));
         $blogname = getBlogNameFromID($blogid);
  
                 $b =& $manager->getBlog($blogid);
@@ -31,8 +49,10 @@
                                 }
                         }
                 }
-               if ($usePathInfo){
-                       if(substr($blogurl, -1) == '/')  $blogurl = substr($blogurl,0,-1);
+               if ($usePathInfo) {
+                       if (substr($blogurl, -1) == '/') { 
+                               $blogurl = substr($blogurl, 0, -1);
+                       }
                 }
  
                 $CONF['BlogURL'] = $blogurl;
@@ -42,105 +62,110 @@
                 $CONF['ArchiveListURL'] = $blogurl;
                 $CONF['SearchURL'] = $blogurl;
  
-       echo $objectId." = new dTree('".$objectId."');\n";
+       echo $objectId . " = new dTree('" . htmlspecialchars($objectId) . "');\n";
         
-       echo $objectId.".add(0,-1,'".$blogname."');\n";
+       echo $objectId . ".add(0,-1,'" . htmlspecialchars($blogname) . "');\n";
         
-       $res = sql_query("SELECT * FROM ".sql_table('category')." WHERE cblog= ".$blogid);
+       $res = sql_query("SELECT * FROM " . sql_table('category') . " WHERE cblog = " . $blogid);
         $n = 1;
-       while($o = mysql_fetch_object($res)){
-               $catid = $o->catid;
+       while ($o = mysql_fetch_object($res)) {
+               $catid = intval($o->catid);
                 $nodeArray[cat][$catid] = $n;
  //             $url = createBlogidLink($blogid, array('catid'=>$catid));
                 $url = createCategoryLink($catid);
  //             $url = createBlogidLink($blogid, array("$CategoryKey"=>$catid));
-               echo $objectId.".add(".$n.",0,'".$o->cname."','".$url."');\n";
+               echo $objectId . ".add(" . $n . ",0,'" . htmlspecialchars($o->cname) . "','" . htmlspecialchars($url) . "');\n";
                 $catFilter[] = $catid;
                 $n++;
         }
         
         global $manager; 
-       if (!$manager->pluginInstalled('NP_MultipleCategories')){
-               echo 'document.write('.$objectId.');';
-               if($itemid = requestVar('id')){
-                       $catid = quickQuery('SELECT icat as result FROM '.sql_table('item').' WHERE inumber='.intval($itemid));
-                       $nodeId = 's'.$objectId.$nodeArray[cat][$catid];
-                       echo "document.getElementById('".$nodeId."').className = 'selectedNode';";
+       if (!$manager->pluginInstalled('NP_MultipleCategories')) {
+               $mPlugin =& $manager->getPlugin('NP_MultipleCategories');
+               $subrequest = $mPlugin->getRequestName();
+               echo 'document.write(' . $objectId . ');';
+               if ($itemid = intval(requestVar('id'))) {
+                       $catid = quickQuery('SELECT icat as result FROM ' . sql_table('item') . ' WHERE inumber = ' . $itemid);
+                       $nodeId = 's' . $objectId . $nodeArray[cat][$catid];
+                       echo "document.getElementById('" . htmlspecialchars($nodeId) . "').className = 'selectedNode';";
                 }
                 return;
         }
  
-       if($catFilter[1]){
-               $catFilter = @join(',',$catFilter);
-               $catFilter = ' IN ('.$catFilter.')';
-       }else{
-               $catFilter = '='.$catFilter;
+       if ($catFilter[1]) {
+               $catFilter = @join(',', $catFilter);
+               $catFilter = ' IN (' . $catFilter . ')';
+       } else {
+               $catFilter = '=' . $catFilter;
         }
         
-       $query = "SELECT * FROM ".sql_table('plug_multiple_categories_sub')." WHERE catid".$catFilter;
+       $query = "SELECT * FROM " . sql_table('plug_multiple_categories_sub') . " WHERE catid" . $catFilter;
         $res = sql_query($query);
-       while($o = mysql_fetch_object($res)){
-               $scatid = $o->scatid;
+       while ($o = mysql_fetch_object($res)) {
+               $scatid = intval($o->scatid);
                 $nodeArray[subcat][$scatid] = $n;
                 $n++;
         }
-       $query = "SELECT * FROM ".sql_table('plug_multiple_categories_sub')." WHERE catid".$catFilter;
+       $query = "SELECT * FROM " . sql_table('plug_multiple_categories_sub') . " WHERE catid" . $catFilter;
         $res = sql_query($query);
-       while($u = mysql_fetch_object($res)){
-               $scatid = $u->scatid;
+       while ($u = mysql_fetch_object($res)) {
+               $scatid = intval($u->scatid);
  //             $url = createBlogidLink($blogid, array('catid'=>$u->catid, 'subcatid'=>$scatid));
-               $url = createCategoryLink($u->catid, array('subcatid'=>$scatid));
+               $url = createCategoryLink($u->catid, array($subrequest => $scatid));
  //             $url = createBlogidLink($blogid, array("$CategoryKey"=>$u->catid, 'subcatid'=>$scatid));
-               $pnode = ($u->parentid)? $nodeArray[subcat][$u->parentid]: $nodeArray[cat][$u->catid];
-               echo $objectId.".add(".$nodeArray[subcat][$u->scatid].",".$pnode.",'".$u->sname."','".$url."');\n";
+               $pnode = ($u->parentid) ? $nodeArray[subcat][$u->parentid] : $nodeArray[cat][$u->catid];
+               echo $objectId . ".add(" . $nodeArray[subcat][$u->scatid] . "," . $pnode . ",'" . htmlspecialchars($u->sname) . "','" . $url . "');\n";
         }
  
         echo "document.write(".$objectId.");\n";
  
  
-       if(requestVar('sid')){
-               $cid = requestVar('sid');
-               $nodeId = 's'.$objectId.$nodeArray[subcat][$sid];
-               echo "document.getElementById('".$nodeId."').className = 'urlselected';\n";
-               echo $objectId.".openTo(".$nodeArray[subcat][$sid].", true);\n";
-       }elseif(requestVar('cid')){
-               $cid = requestVar('cid');
-               $nodeId = 's'.$objectId.$nodeArray[cat][$cid];
-               echo "document.getElementById('".$nodeId."').className = 'urlselected';\n";
-               echo $objectId.".openTo(".$nodeArray[cat][$cid].", true);\n";
+       if (requestVar('sid')) {
+               $sid = intval(requestVar('sid'));
+               $nodeId = 's' . $objectId . $nodeArray[subcat][$sid];
+               echo "document.getElementById('" . $nodeId . "').className = 'urlselected';\n";
+               echo $objectId . ".openTo(" . $nodeArray[subcat][$sid] . ", true);\n";
+       } elseif(requestVar('cid')) {
+               $cid = intval(requestVar('cid'));
+               $nodeId = 's' . $objectId . $nodeArray[cat][$cid];
+               echo "document.getElementById('" . $nodeId . "').className = 'urlselected';\n";
+               echo $objectId . ".openTo(" . $nodeArray[cat][$cid] . ", true);\n";
         }
  
  
  
-       if($itemid = requestVar('id')){
-               $catid = quickQuery('SELECT icat as result FROM '.sql_table('item').' WHERE inumber='.intval($itemid));
-               $nodeId = 's'.$objectId.$nodeArray[cat][$catid];
-               echo "document.getElementById('".$nodeId."').className = 'selectedNode';\n";
+       if ($itemid = requestVar('id')) {
+               $catid = quickQuery('SELECT icat as result FROM ' . sql_table('item') . ' WHERE inumber = ' . intval($itemid));
+               $nodeId = 's' . $objectId.$nodeArray[cat][$catid];
+               echo "document.getElementById('" . $nodeId . "').className = 'selectedNode';\n";
                 
                 //multi catid
-               if($catids = quickQuery('SELECT categories as result FROM '.sql_table('plug_multiple_categories').' WHERE item_id='.intval($itemid))){
-                       $catids = explode(',',$catids);
-                       for($i=0;$i<count($catids);$i++){
-                               $catidTemp = $catids[$i];
-                               if($catidTemp != $catid){
-                                       $nodeId = 's'.$objectId.$nodeArray[cat][$catidTemp];
-                                       echo "document.getElementById('".$nodeId."').className = 'selectedCatNode';\n";
+               $que = 'SELECT categories as result FROM %s WHERE item_id = %d';
+               $catids = quickQuery(sprintf($que, sql_table('plug_multiple_categories'), intval($itemid)));
+               if ($catids) {
+                       $catids = explode(',', $catids);
+                       for ($i=0;$i<count($catids);$i++) {
+                               $catidTemp = intval($catids[$i]);
+                               if ($catidTemp != $catid) {
+                                       $nodeId = 's' . $objectId . $nodeArray[cat][$catidTemp];
+                                       echo "document.getElementById('" . $nodeId . "').className = 'selectedCatNode';\n";
                                 }
                         }
                 }
                 
                 //(multi) subcatid
-               if($scatids = quickQuery('SELECT subcategories as result FROM '.sql_table('plug_multiple_categories').' WHERE item_id='.intval($itemid))){
-                       $scatids = explode(',',$scatids);
-                       for($i=0;$i<count($scatids);$i++){
-                               $scatid = $scatids[$i];
-                               $nodeId = 's'.$objectId.$nodeArray[subcat][$scatid];
-                               echo "document.getElementById('".$nodeId."').className = 'selectedScatNode';\n";
-                               echo $objectId.".openTo(".$nodeArray[subcat][$scatid].", true);\n";
+               $que = 'SELECT subcategories as result FROM %s WHERE item_id = %d';
+               $scatids = quickQuery(sprintf($que, sql_table('plug_multiple_categories'), intval($itemid)));
+               if ($scatids) {
+                       $scatids = explode(',', $scatids);
+                       for ($i=0;$i<count($scatids);$i++) {
+                               $scatid = intval($scatids[$i]);
+                               $nodeId = 's' . $objectId . $nodeArray[subcat][$scatid];
+                               echo "document.getElementById('" . $nodeId . "').className = 'selectedScatNode';\n";
+                               echo $objectId . ".openTo(" . $nodeArray[subcat][$scatid] . ", true);\n";
                         }
                 }
         }
  
  
-?>
-
+?>
+\ No newline at end of file
author	shizuki <shizuki@1ca29b6e-896d-4ea0-84a5-967f57386b96>
	Mon, 2 Oct 2006 07:30:33 +0000 (07:30 +0000)
committer	shizuki <shizuki@1ca29b6e-896d-4ea0-84a5-967f57386b96>
	Mon, 2 Oct 2006 07:30:33 +0000 (07:30 +0000)
trunk/NP_Dtree/NP_Dtree.php		patch \| blob \| history
trunk/NP_Dtree/dtree/dtree.php		patch \| blob \| history
trunk/NP_Dtree/dtree/dtreedata.php		patch \| blob \| history