From 4bd96c97fb168bc77b722f229f0bb4d24f44915e Mon Sep 17 00:00:00 2001 From: reine Date: Fri, 5 Oct 2012 23:46:26 +0900 Subject: [PATCH] =?utf8?q?FIX:=20=E3=83=87=E3=83=90=E3=83=83=E3=82=B0?= =?utf8?q?=E5=8B=95=E4=BD=9C=E6=99=82=E3=81=AB=E7=99=BA=E7=94=9F=E3=81=99?= =?utf8?q?=E3=82=8B=E8=AD=A6=E5=91=8A=E3=81=AB=E5=AF=BE=E5=87=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit ACTIONS.php 変数名の大文字小文字の不一致 ADMIN.php 存在しないkey値の参照、変数の未定義 BLOG.php 変数の未定義 ITEMACTIONS.php データ作成方法の不一致(StdClass/Array)による不正参照 MANAGER.php 参照渡しすべき引数の値渡し PAGEFACTORY.php 存在しないkey値の参照、変数名の大文字小文字の不一致 PLUGIN.php 存在しないkey値の参照 PLUGINADMIN.php global変数の定義漏れ showlist.php 存在しないkey値の参照 media.php 変数の未定義 plugins/NP_SecurityEnforcer.php 存在しないkey値の参照 plugins/NP_SkinFiles.php 条件判定時の前提条件確認漏れ plugins/securityenforcer/index.php 変数の未定義 plugins/NP_MediaFiles.php において、ディレクトリ作成処理時に警告が表示されるが 意図する動作が不明なため未対処。 --- nucleus/libs/ACTIONS.php | 2 +- nucleus/libs/ADMIN.php | 4 +++- nucleus/libs/BLOG.php | 1 + nucleus/libs/ITEMACTIONS.php | 6 +++++- nucleus/libs/MANAGER.php | 2 +- nucleus/libs/PAGEFACTORY.php | 4 ++-- nucleus/libs/PLUGIN.php | 17 ++++++++++++----- nucleus/libs/PLUGINADMIN.php | 2 +- nucleus/libs/showlist.php | 10 ++++++---- nucleus/media.php | 5 ++++- nucleus/plugins/NP_SecurityEnforcer.php | 4 ++-- nucleus/plugins/NP_SkinFiles.php | 2 +- nucleus/plugins/securityenforcer/index.php | 1 + 13 files changed, 40 insertions(+), 20 deletions(-) diff --git a/nucleus/libs/ACTIONS.php b/nucleus/libs/ACTIONS.php index a56c433..354b5be 100644 --- a/nucleus/libs/ACTIONS.php +++ b/nucleus/libs/ACTIONS.php @@ -636,7 +636,7 @@ class ACTIONS extends BaseActions { global $blog, $manager; // when no blog found - if (($blogName == '') && (!is_object($blog))) + if (($blogname == '') && (!is_object($blog))) return 0; if ($blogname == '') { diff --git a/nucleus/libs/ADMIN.php b/nucleus/libs/ADMIN.php index 907617d..3e585d5 100755 --- a/nucleus/libs/ADMIN.php +++ b/nucleus/libs/ADMIN.php @@ -821,7 +821,7 @@ class ADMIN { if ($iForcedBlogInclude != -1) $aBlogIds[] = intval($iForcedBlogInclude); - if (($member->isAdmin()) && ($CONF['ShowAllBlogs'])) + if (($member->isAdmin()) && (array_key_exists('ShowAllBlogs', $CONF) && $CONF['ShowAllBlogs'])) $queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname'; else $queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID(); @@ -842,6 +842,8 @@ class ADMIN { if ($mode == 'category') { if (sql_num_rows($blogs) > 1) $multipleBlogs = 1; + else + $multipleBlogs = 0; while ($oBlog = sql_fetch_object($blogs)) { if ($multipleBlogs) diff --git a/nucleus/libs/BLOG.php b/nucleus/libs/BLOG.php index ae6a09d..6c76695 100755 --- a/nucleus/libs/BLOG.php +++ b/nucleus/libs/BLOG.php @@ -279,6 +279,7 @@ class BLOG { $body = $body; $more = $more; $catid = intval($catid); + $isFuture = 0; // convert newlines to
if ($this->convertBreaks()) { diff --git a/nucleus/libs/ITEMACTIONS.php b/nucleus/libs/ITEMACTIONS.php index 9717549..e9afa99 100644 --- a/nucleus/libs/ITEMACTIONS.php +++ b/nucleus/libs/ITEMACTIONS.php @@ -123,7 +123,11 @@ class ITEMACTIONS extends BaseActions { function setCurrentItem(&$item) { $this->currentItem =& $item; global $currentitemid; - $currentitemid = $this->currentItem->itemid; + if (is_array($this->currentItem)) { + $currentitemid = $this->currentItem['itemid']; + } else { + $currentitemid = $this->currentItem->itemid; + } } function setBlog(&$blog) { diff --git a/nucleus/libs/MANAGER.php b/nucleus/libs/MANAGER.php index e0acd5f..fa6686b 100755 --- a/nucleus/libs/MANAGER.php +++ b/nucleus/libs/MANAGER.php @@ -407,7 +407,7 @@ class MANAGER { * Can contain any type of data, depending on the event type. Usually this is * an itemid, blogid, ... but it can also be an array containing multiple values */ - function notify($eventName, $data) { + function notify($eventName, &$data) { // load subscription list if needed if (!is_array($this->subscriptions)) $this->_loadSubscriptions(); diff --git a/nucleus/libs/PAGEFACTORY.php b/nucleus/libs/PAGEFACTORY.php index 6f2b2b2..b303bc9 100755 --- a/nucleus/libs/PAGEFACTORY.php +++ b/nucleus/libs/PAGEFACTORY.php @@ -169,7 +169,7 @@ class PAGEFACTORY extends BaseActions { // create category dropdown box function parse_categories($startidx = 0) { - if ($this->variables['catid']) + if (array_key_exists('catid', $this->variables) && $this->variables['catid']) $catid = $this->variables['catid']; // on edit item else $catid = $this->blog->getDefaultCategory(); // on add item @@ -395,7 +395,7 @@ class PAGEFACTORY extends BaseActions { $manager->notify('AddItemFormExtras', $param); break; case 'edit': - $PARAM = array( + $param = array( 'variables' => $this->variables, 'blog' => &$this->blog, 'itemid' => $this->variables['itemid'] diff --git a/nucleus/libs/PLUGIN.php b/nucleus/libs/PLUGIN.php index c27877a..db63145 100755 --- a/nucleus/libs/PLUGIN.php +++ b/nucleus/libs/PLUGIN.php @@ -510,8 +510,10 @@ */ function _getOID($context, $name) { $key = $context . '_' . $name; - $info = $this->_aOptionToInfo[$key]; - if (is_array($info)) return $info['oid']; + if (array_key_exists($key, $this->_aOptionToInfo)) { + $info = $this->_aOptionToInfo[$key]; + if (is_array($info)) return $info['oid']; + } // load all OIDs for this plugin from the database $this->_aOptionToInfo = array(); @@ -523,8 +525,13 @@ } sql_free_result($res); - return $this->_aOptionToInfo[$key]['oid']; + if (array_key_exists($key, $this->_aOptionToInfo)) { + return $this->_aOptionToInfo[$key]['oid']; + } else { + return null; + } } + function _getDefVal($context, $name) { $key = $context . '_' . $name; $info = $this->_aOptionToInfo[$key]; @@ -637,7 +644,7 @@ $meta = NucleusPlugin::getOptionMeta($o->oextra); // if the option is readonly or hidden it may not be saved - if (($meta['access'] != 'readonly') && ($meta['access'] != 'hidden')) { + if (!array_key_exists('access', $meta) || (($meta['access'] != 'readonly') && ($meta['access'] != 'hidden'))) { $value = undoMagic($value); // value comes from request @@ -650,7 +657,7 @@ } // check the validity of numerical options - if (($meta['datatype'] == 'numerical') && (!is_numeric($value))) { + if (array_key_exists('datatype', $meta) && ($meta['datatype'] == 'numerical') && (!is_numeric($value))) { //the option must be numeric, but the it isn't //use the default for this option $value = $o->odef; diff --git a/nucleus/libs/PLUGINADMIN.php b/nucleus/libs/PLUGINADMIN.php index 715b201..d2700a7 100755 --- a/nucleus/libs/PLUGINADMIN.php +++ b/nucleus/libs/PLUGINADMIN.php @@ -28,7 +28,7 @@ class PluginAdmin { function PluginAdmin($pluginName) { - global $manager; + global $manager, $DIR_LIBS; include_once($DIR_LIBS . 'ADMIN.php'); $this->strFullName = 'NP_' . $pluginName; diff --git a/nucleus/libs/showlist.php b/nucleus/libs/showlist.php index c3d5e46..17fa128 100644 --- a/nucleus/libs/showlist.php +++ b/nucleus/libs/showlist.php @@ -272,7 +272,7 @@ function listplug_plugOptionRow($current) { $meta = NucleusPlugin::getOptionMeta($current['typeinfo']); // only if it is not a hidden option write the controls to the page - if ($meta['access'] != 'hidden') { + if (!array_key_exists('access', $meta) || $meta['access'] != 'hidden') { echo '',htmlspecialchars($current['description']?$current['description']:$current['name']),''; echo ''; switch($current['type']) { @@ -307,15 +307,17 @@ function listplug_plugOptionRow($current) { //$meta = NucleusPlugin::getOptionMeta($current['typeinfo']); echo ''; } - echo $current['extra']; + if (array_key_exists('extra', $current)) { + echo $current['extra']; + } echo ''; } } diff --git a/nucleus/media.php b/nucleus/media.php index ddeebaf..3ee21a2 100755 --- a/nucleus/media.php +++ b/nucleus/media.php @@ -164,7 +164,10 @@ function media_select() { 0) { if (($offset + $CONF['MediaPerPage']) >= sizeof($arr)) diff --git a/nucleus/plugins/NP_SecurityEnforcer.php b/nucleus/plugins/NP_SecurityEnforcer.php index 373615b..c6a4361 100644 --- a/nucleus/plugins/NP_SecurityEnforcer.php +++ b/nucleus/plugins/NP_SecurityEnforcer.php @@ -37,7 +37,7 @@ class NP_SecurityEnforcer extends NucleusPlugin { $query = "CREATE TABLE IF NOT EXISTS ". sql_table('plug_securityenforcer'). " ( `login` varchar(255), - `fails` int(11) NOT NULL default '0', + `fails` int(11) NOT NULL default '0', `lastfail` bigint NOT NULL default '0', KEY `login` (`login`)) ENGINE=MyISAM"; sql_query($query); @@ -174,7 +174,7 @@ class NP_SecurityEnforcer extends NucleusPlugin { } public function event_PrePluginOptionsEdit($data) { - if ($data['plugid'] === $this->getID()) { + if (array_key_exists('plugid', $data) && $data['plugid'] === $this->getID()) { foreach($data['options'] as $key => $value){ if (defined($value['description'])) { $data['options'][$key]['description'] = constant($value['description']); diff --git a/nucleus/plugins/NP_SkinFiles.php b/nucleus/plugins/NP_SkinFiles.php index bdf3ba3..b673b4f 100644 --- a/nucleus/plugins/NP_SkinFiles.php +++ b/nucleus/plugins/NP_SkinFiles.php @@ -121,7 +121,7 @@ class NP_SkinFiles extends NucleusPlugin { } public function event_PrePluginOptionsEdit($data) { - if ($data['plugid'] !== $this->getID()) { + if ($data['context'] !== 'global' || $data['plugid'] !== $this->getID()) { return; } foreach($data['options'] as $key => $value){ diff --git a/nucleus/plugins/securityenforcer/index.php b/nucleus/plugins/securityenforcer/index.php index 05bd28a..5c2d86c 100644 --- a/nucleus/plugins/securityenforcer/index.php +++ b/nucleus/plugins/securityenforcer/index.php @@ -34,6 +34,7 @@ Admin area for NP_SecurityEnforcer $oPluginAdmin->start(''); // if form to unlock is posted + $message = ''; if(postVar('action') == 'unlock') { if (!$manager->checkTicket()) doError('Invalid Ticket'); -- 2.11.0