- Timestamp:
- 04/11/06 22:44:51 (3 years ago)
- Location:
- branches/mvblog-1_6
- Files:
-
- 1 removed
- 4 modified
-
CHANGELOG (modified) (1 diff)
-
README (modified) (3 diffs)
-
admin/index.php (modified) (1 diff)
-
common/functions_blog.php (modified) (5 diffs)
-
plugins (deleted)
Legend:
- Unmodified
- Added
- Removed
-
branches/mvblog-1_6/CHANGELOG
r95 r120 1 mvblog 2.0:1 mvblog 1.6: 2 2 ----------- 3 3 *added styleswitcher function (ticket #17) 4 4 *fixed stylesheet errors and added some meta tags 5 *added plugin system (ticket #52)6 5 *logged in author's info is used in comments (ticket #42) 7 6 *added admin interface for comments (ticket #41) 8 7 *Added RSS for comments, both all and per article (ticket #4) 8 9 *****IMPORTANT***** 10 todsah identified those, and was kind enough to notify me as soon as he saw them. 11 *Fixed several XSS (crossite scripting attacks) issues 12 *Fixed several sql-injection issues 9 13 10 14 mvblog 1.5: -
branches/mvblog-1_6/README
r85 r120 1 MvBlog v 1. 51 MvBlog v 1.6 2 2 3 3 Copyright (c) 2005-2006, Michiel van Baak <mvanbaak (AT) users (DOT) sourceforge (DOT) net> … … 39 39 Managing categories 40 40 PHP5 support 41 Plugin system (#52, michiel)42 41 43 42 3. Requirements. … … 186 185 Nieke (http://leonieke.net) 187 186 Kermit (http://xulon.info) 187 todsah (http://www.electricmonk.nl) 188 188 189 189 Various suggestions and patches: 190 190 -------------------------------- 191 todsah (Identified multiple sql injections and XSS attacks) 191 192 192 193 Used software: -
branches/mvblog-1_6/admin/index.php
r118 r120 1130 1130 } 1131 1131 1132 //}}}-------------1133 //{{{ plugin stuff1134 //----------------1135 function load_admin_plugins() {1136 /* this should become a setting */1137 $plugins = array();1138 $plugin_dir = "../plugins/";1139 if (is_dir($plugin_dir)) {1140 $plug_fd = opendir($plugin_dir);1141 while (false !== ($fp = readdir($plug_fd))) {1142 if (!preg_match("/^\./", $fp)) {1143 require_once($plugin_dir.$fp);1144 }1145 }1146 }1147 }1148 1149 function register_admin_plugin($name, $type) {1150 echo "<!-- registering plugin: $name -->\n";1151 $GLOBALS["admin_plugins"][$type][] = $name;1152 }1153 1154 function getAdminPluginsByType($type) {1155 if (is_array($GLOBALS["admin_plugins"][$type])) {1156 foreach ($GLOBALS["admin_plugins"][$type] as $p) {1157 $plugs[] = $p;1158 }1159 } else {1160 $plugs[] = "";1161 }1162 return $plugs;1163 }1164 1165 1132 //}}}-------------------------------- 1166 1133 //{{{ show the user some html code ;) 1167 1134 //----------------------------------- 1168 1135 html_header_admin("Admin Interface", "."); 1169 load_admin_plugins();1170 1136 ?> 1171 1137 <div id="if_container"> -
branches/mvblog-1_6/common/functions_blog.php
r118 r120 43 43 ob_start(); 44 44 $db = db_init(); 45 $version = "SVN"; 46 $plugins = array(); 47 /* populate the $plugins array */ 48 load_plugins(); 45 $version = "1.6"; 49 46 //}}}-------------------------------------------------------- 50 47 //{{{ check_admin_logged_in: are we logged in as admin user ? … … 157 154 <div class="log_body"> 158 155 <div class="log_contents"> 159 <?= run_plugins(strip_invalid_xml(stripslashes(str_replace("##BREAKPOINT##", "", $row["body"]))), "text_output")?>156 <?=strip_invalid_xml(stripslashes(str_replace("##BREAKPOINT##", "", $row["body"])))?> 160 157 </div> 161 158 </div> … … 193 190 echo "[Comment deleted by admin on ".date("d-m-Y H:i", $row["deleted"])."]"; 194 191 } else { 195 echo nl2br(stripslashes(htmlspecialchars(strip_invalid_xml( run_plugins($row["comment"], "text_output")))));192 echo nl2br(stripslashes(htmlspecialchars(strip_invalid_xml($row["comment"])))); 196 193 } 197 194 ?> … … 614 611 <? } ?> 615 612 <? 616 if (limit_text( run_plugins(strip_invalid_xml(stripslashes($row["body"])), "text_output"), 4000)) {613 if (limit_text(strip_invalid_xml(stripslashes($row["body"])), 4000)) { 617 614 ?><br /><br /><a href="index.php?action=view&id=<?=$row["id"]?>" class="link_readmore">read more</a><? 618 615 } … … 719 716 return $data; 720 717 } 721 //}}}-------------------------------------722 //{{{ load_plugins(): load all the plugins723 //----------------------------------------724 function load_plugins() {725 /* this should become a setting */726 $plugins = array();727 $plugin_dir = "plugins/";728 if (is_dir($plugin_dir)) {729 $plug_fd = opendir($plugin_dir);730 while (false !== ($fp = readdir($plug_fd))) {731 if (!preg_match("/^\./", $fp)) {732 require_once($plugin_dir.$fp);733 }734 }735 }736 }737 738 function register_plugin($name, $type) {739 $GLOBALS["plugins"][$type][] = $name;740 }741 742 function getPluginsByType($type) {743 if (is_array($GLOBALS["plugins"][$type])) {744 foreach ($GLOBALS["plugins"][$type] as $p) {745 $plugs[] = $p;746 }747 } else {748 $plugs[] = "";749 }750 return $plugs;751 }752 //}}}--------------------------------------------------753 //{{{ run_plugins($data, $types): run specified plugins754 //-----------------------------------------------------755 function run_plugins($data, $types) {756 if (!is_array($types)) {757 $plugintypes[0] = $types;758 } else {759 $plugintypes = $types;760 }761 unset($types);762 foreach($plugintypes as $type) {763 $plugins = getPluginsByType($type);764 }765 foreach ($plugins as $plugin) {766 if (function_exists("plugin_$plugin")) {767 $data = eval("return plugin_$plugin(\$data);");768 }769 }770 return $data;771 }772 718 773 719 //}}}---------------------------------------
