High severity7.2NVD Advisory· Published Jan 12, 2017· Updated May 6, 2026
CVE-2017-5346
CVE-2017-5346
Description
SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
genix/cmsPackagist | < 1.0.0 | 1.0.0 |
Affected products
1Patches
1abfbb6103bfaSecurity Fix #61 #62 #63 #65 #66 #67
58 files changed · +710 −498
gxadmin/inc/menus_form_edit.php+2 −2 modified@@ -16,15 +16,15 @@ * @license http://www.opensource.org/licenses/mit-license.php MIT */ if (isset($_GET['id'])) { - $menuid = $_GET['id']; + $menuid = Typo::int($_GET['id']); } else { $menuid = $data['menuid']; } // print_r($data['menus']); if (isset($_GET['token']) - && Token::isExist($_GET['token'])) { + && Token::isExist(Typo::cleanX($_GET['token']))) { $token = TOKEN; } else { $token = '';
gxadmin/inc/menus_form.php+1 −1 modified@@ -19,7 +19,7 @@ if (isset($_GET['id'])) { - $menuid = $_GET['id']; + $menuid = Typo::cleanX($_GET['id']); } else { $menuid = $data['menuid']; }
gxadmin/inc/pages_form.php+5 −4 modified@@ -22,7 +22,7 @@ $token = ''; } ($_GET['act'] == 'edit') ? $pagetitle = 'Edit' : $pagetitle = 'New'; -($_GET['act'] == 'edit') ? $act = "edit&id={$_GET['id']}&token=".$token : $act = 'add'; +($_GET['act'] == 'edit') ? $act = "edit&id=".Typo::int($_GET['id'])."&token=".$token : $act = 'add'; if (isset($data['post'])) { if (!isset($data['post']['error'])) { @@ -42,6 +42,7 @@ $pub = ''; $unpub = 'SELECTED'; } + $id = Typo::int($_GET['id']); } else { $title = ''; $content = ''; @@ -65,7 +66,7 @@ } ?> -<form action="index.php?page=pages&act=<?=$act?>&token=<?=$_GET['token'];?>" method="post" role="form" class=""> +<form action="index.php?page=pages&act=<?=$act?>" method="post" role="form" class=""> <div class="row"> <div class="col-md-12"> <?=Hooks::run('admin_page_notif_action', $data);?> @@ -130,8 +131,8 @@ unset($listlang[Options::v('multilang_default')]); foreach ($listlang as $key => $value) { if (isset($_GET['act']) && $_GET['act'] == 'edit') { - $lang = Language::getLangParam($key, $_GET['id']); - if ($lang == '') { + $lang = Language::getLangParam($key, $id); + if ($lang == '' || !Posts::existParam('multilang', $id)) { $lang['title'] = $title; $lang['content'] = $content; } else {
gxadmin/inc/posts_form.php+12 −12 modified@@ -16,13 +16,13 @@ * @license http://www.opensource.org/licenses/mit-license.php MIT */ if (isset($_GET['token']) - && Token::isExist($_GET['token'])) { + && Token::isExist(Typo::cleanX($_GET['token']))) { $token = TOKEN; } else { $token = ''; } ($_GET['act'] == 'edit') ? $pagetitle = 'Edit' : $pagetitle = 'New'; -($_GET['act'] == 'edit') ? $act = "edit&id={$_GET['id']}&token=".$token : $act = 'add'; +($_GET['act'] == 'edit') ? $act = "edit&id=".Typo::int($_GET['id'])."&token=".$token : $act = 'add'; if (isset($data['post'])) { foreach ($data['post'] as $p) { @@ -32,15 +32,18 @@ $date = $p->date; $status = $p->status; $cat = $p->cat; + $tags = $p->tags; + } - $tags = Posts::getParam('tags', $p->id); +// $tags = Posts::getParam('tags', $p->id); if ($status == 1) { $pub = 'SELECTED'; $unpub = ''; } elseif ($status == 0) { $pub = ''; $unpub = 'SELECTED'; } + $id = Typo::int($_GET['id']); } else { $title = ''; $content = ''; @@ -52,7 +55,7 @@ $tags = ''; } ?> -<form action="index.php?page=posts&act=<?=$act?>&token=<?=$_GET['token'];?>" method="post" role="form" class=""> +<form action="index.php?page=posts&act=<?=$act?>" method="post" role="form" class=""> <div class="row"> <div class="col-md-12"> <?=Hooks::run('admin_page_notif_action', $data);?> @@ -117,9 +120,9 @@ foreach ($listlang as $key => $value) { // print_r($key); if (isset($_GET['act']) && $_GET['act'] == 'edit') { - $lang = Language::getLangParam($key, $_GET['id']); + $lang = Language::getLangParam($key, $id); // print_r($lang); - if ($lang == '' || !Posts::existParam('multilang', $_GET['id'])) { + if ($lang == '' || !Posts::existParam('multilang', $id)) { $lang['title'] = $title; $lang['content'] = $content; } else { @@ -227,13 +230,10 @@ <div class="form-group"> <label><?=STATUS;?></label> <select name="status" class="form-control"> - <option value="1" <?=$pub; -?>><?=PUBLISH;?></option> - <option value="0" <?=$unpub; -?>><?=UNPUBLISH;?></option> + <option value="1" <?=$pub;?>><?=PUBLISH;?></option> + <option value="0" <?=$unpub;?>><?=UNPUBLISH;?></option> </select> - <small><?=PUBLISHED_LOWER; -?> or <?=UNPUBLISHED_LOWER;?></small> + <small><?=PUBLISHED_LOWER;?> or <?=UNPUBLISHED_LOWER;?></small> </div> <div class="form-group">
gxadmin/inc/user_form.php+1 −1 modified@@ -90,5 +90,5 @@ </div> </div> </div> -<input type="hidden" name="token" value="<?=$_GET['token'];?>"> +<input type="hidden" name="token" value="<?=TOKEN?>"> </form>
inc/lib/Categories.class.php+48 −41 modified@@ -62,65 +62,69 @@ public static function dropdown($vars) { if (is_array($vars)) { //print_r($vars); - $name = $vars['name']; - $where = 'WHERE '; + $name = Typo::cleanX($vars['name']); + $where = 'WHERE 1 '; if (isset($vars['parent'])) { - $where .= " `parent` = '".$vars['parent']."' "; + $where .= " AND `parent` = '".Typo::int($vars['parent'])."' "; } else { $where .= ''; } if (isset($vars['type'])) { - if ($vars['type'] == 'tag') { - $where .= " `type` = '{$vars['type']}' AND "; + $type = Typo::cleanX($vars['type']); + if ($type == 'tag') { + $where .= " AND `type` = '".$type."' "; } else { - $where .= " `type` = '{$vars['type']}' AND `type` != 'tag' AND "; + $where .= " AND `type` = '".$type."' AND `type` != 'tag' "; } } else { - $where .= " `type` != 'tag' AND "; + $where .= " AND `type` != 'tag' "; } - $where .= '1 '; + $where .= ' '; $order_by = 'ORDER BY '; if (isset($vars['order_by'])) { - $order_by .= ' '.$vars['order_by'].' '; + $order_by .= ' '.Typo::cleanX($vars['order_by']).' '; } else { $order_by .= ' `name` '; } if (isset($vars['sort'])) { - $sort = " {$vars['sort']}"; + $sort = " ".Typo::cleanX($vars['sort'])." "; } else { $sort = ' ASC'; } - } - // $cat = Db::result("SELECT * FROM `cat` {$where} {$order_by} {$sort}"); - $cat = Db::result('SELECT * FROM `cat` '.$where.' '.$order_by.' '.$sort); - // print_r($cat); - $drop = "<select name=\"{$name}\" class=\"form-control\"><option></option>"; - if (Db::$num_rows > 0) { - foreach ($cat as $c) { - if ($c->parent == null || $c->parent == '0') { - if (isset($vars['selected']) && $c->id == $vars['selected']) { - $sel = 'SELECTED'; - } else { - $sel = ''; - } - $drop .= "<option value=\"{$c->id}\" $sel style=\"padding-left: 10px;\">{$c->name}</option>"; - foreach ($cat as $c2) { - if ($c2->parent == $c->id) { - if (isset($vars['selected']) && $c2->id == $vars['selected']) { - $sel = 'SELECTED'; - } else { - $sel = ''; - } - $drop .= "<option value=\"{$c2->id}\" $sel style=\"padding-left: 10px;\"> + // $cat = Db::result("SELECT * FROM `cat` {$where} {$order_by} {$sort}"); + $cat = Db::result('SELECT * FROM `cat` '.$where.' '.$order_by.' '.$sort); + // print_r($cat); + $drop = "<select name=\"{$name}\" class=\"form-control\"><option></option>"; + if (Db::$num_rows > 0) { + foreach ($cat as $c) { + if ($c->parent == null || $c->parent == '0') { + if (isset($vars['selected']) && $c->id == $vars['selected']) { + $sel = 'SELECTED'; + } else { + $sel = ''; + } + $drop .= "<option value=\"{$c->id}\" $sel style=\"padding-left: 10px;\">{$c->name}</option>"; + foreach ($cat as $c2) { + if ($c2->parent == $c->id) { + if (isset($vars['selected']) && $c2->id == $vars['selected']) { + $sel = 'SELECTED'; + } else { + $sel = ''; + } + $drop .= "<option value=\"{$c2->id}\" $sel style=\"padding-left: 10px;\"> {$c2->name}</option>"; + } } } } } + $drop .= '</select>'; + } else { + $drop = 'Category config not in Array'; } - $drop .= '</select>'; + return $drop; } @@ -130,22 +134,25 @@ public static function lists($vars) if (is_array($vars)) { //print_r($vars); - $where = 'WHERE '; + $where = 'WHERE 1'; if (isset($vars['parent'])) { - $where .= " `parent` = '{$vars['parent']}' AND "; + $where .= " AND `parent` = '".Typo::int($vars['parent'])."' "; + } else { + $where .= ''; } if (isset($vars['type'])) { - if ($vars['type'] == 'tag') { - $where .= " `type` = '{$vars['type']}' AND "; + $type = Typo::cleanX($vars['type']); + if ($type == 'tag') { + $where .= " AND `type` = '".$type."' "; } else { - $where .= " `type` = '{$vars['type']}' AND `type` != 'tag' AND "; + $where .= " AND `type` = '".$type."' AND `type` != 'tag' "; } } else { - $where .= " `type` != 'tag' AND "; + $where .= " AND `type` != 'tag' "; } - $where .= '1 '; - $order_by = 'ORDER BY '; + + $order_by = ' ORDER BY '; if (isset($vars['order_by'])) { $order_by .= " {$vars['order_by']} "; } else {
inc/lib/Comments.class.php+16 −9 modified@@ -27,14 +27,14 @@ public function __construct() public static function form() { if (self::isEnable()) { - Hooks::attach('footer_load_lib', array(__CLASS__, 'validateJsComment')); + Hooks::attach('footer_load_lib', array('Comments', 'validateJsComment')); Theme::validator(); Theme::editor('mini', '200'); $html = '<a id="commentform"></a><div class="col-md-12 comments-wrapper clearfix">'; if (isset($_POST['addComment'])) { $data = self::addComment($_POST); - $html .= System::alert(); + $html .= System::alert($data); } $html .= ' @@ -95,7 +95,8 @@ public static function addComment($vars) global $data; unset($vars['addComment']); - if (!isset($vars['token']) || !Token::isExist($vars['token'])) { + $token = Typo::cleanX($vars['token']); + if (!isset($vars['token']) || !Token::isExist($token)) { $alertDanger[] = TOKEN_NOT_EXIST; } if (!isset($vars['comments-msg']) || null == $vars['comments-msg'] || $vars['comments-msg'] == '<p><br></p>') { @@ -170,9 +171,9 @@ public static function addComment($vars) public static function listC($vars) { global $data; - $offset = $vars['offset']; - $max = $vars['max']; - $parent = $vars['parent']; + $offset = Typo::int($vars['offset']); + $max = Typo::int($vars['max']); + $parent = Typo::int($vars['parent']); $post_id = $data['posts'][0]->id; $where = "AND `post_id` = '{$post_id}' AND `status` = '1' AND `parent` = '{$parent}' "; $order = ($parent > 0) ? 'ASC' : 'DESC'; @@ -225,7 +226,7 @@ public static function showList($vars) if (self::isEnable()) { global $data; $html = ''; - $max = $vars['max']; + $max = Typo::int($vars['max']); if (isset($_GET['paging']) && isset($_GET['comments'])) { $paging = Typo::int($_GET['paging']); $offset = ($paging - 1) * $max; @@ -245,7 +246,7 @@ public static function showList($vars) 'url' => (SMART_URL) ? Url::post($post_id).'?comments=yes' : Url::post($post_id).'&comments=yes', 'type' => 'number', ); - $html .= Paging::create($page); + $html .= "<div class='col-sm-12'>".Paging::create($page)."</div>"; } else { $html = ''; } @@ -321,11 +322,12 @@ function removeCancel() { </script> "; - return $script; + echo Site::minifyJS($script); } public static function publish($id) { + $id = Typo::int($id); $var = array( 'table' => 'comments', 'id' => $id, @@ -338,6 +340,7 @@ public static function publish($id) public static function unpublish($id) { + $id = Typo::int($id); $var = array( 'table' => 'comments', 'id' => $id, @@ -350,6 +353,7 @@ public static function unpublish($id) public static function pending($id) { + $id = Typo::int($id); $var = array( 'table' => 'comments', 'id' => $id, @@ -362,6 +366,7 @@ public static function pending($id) public static function delete($id) { + $id = Typo::int($id); $var = array( 'table' => 'comments', 'where' => array( @@ -373,6 +378,7 @@ public static function delete($id) public static function deleteWithPost($post_id) { + $post_id = Typo::int($post_id); $var = array( 'table' => 'comments', 'where' => array( @@ -384,6 +390,7 @@ public static function deleteWithPost($post_id) public static function postExist($id) { + $id = Typo::int($id); $var = sprintf("SELECT * FROM `comments` WHERE `post_id` = '%d'", $id); Db::result($var); if (Db::$num_rows > 0) {
inc/lib/Control/Ajax/elfinder-ajax.control.php+28 −5 modified@@ -46,25 +46,48 @@ function uploadPost($cmd, $result, $args, $elfinder) foreach ($value as $file) { $filepath = (isset($file['realpath']) ? $file['realpath'] : $elfinder->realpath($file['hash'])); // array_push($data, $filepath); + if (Image::isPng($filepath)) { - Image::compressPng($filepath); + if (Files::isClean($filepath)){ + $safe = true; + } else { + $safe = false; + } + if ($safe){ + Image::compressPng($filepath); + } else { + unlink($filepath); + } } elseif (Image::isJpg($filepath)) { - Image::compressJpg($filepath); + if (!Files::isClean($filepath)){ + unlink($filepath); + } else { + Image::compressJpg($filepath); + } } } } else { // other value (ex. header) + if (Image::isPng($value)) { - Image::compressPng($value); + if (!Files::isClean($value)){ + unlink($value); + } else { + Image::compressPng($value); + } } elseif (Image::isJpg($value)) { - Image::compressJpg($value); + if (!Files::isClean($value)){ + unlink($value); + } else { + Image::compressJpg($value); + } } // array_push($data, $value); } } // $log .= sprintf(' %s(%s)', $key, implode(', ', $data)); } - return true; + } // set path for specific access
inc/lib/Control/Backend/categories.control.php+10 −8 modified@@ -23,10 +23,10 @@ switch (isset($_POST['addcat'])) { case true: // cleanup first - $slug = Typo::slugify(Typo::cleanX($_POST['cat'])); + $slug = Typo::slugify($_POST['cat']); $cat = Typo::cleanX($_POST['cat']); - - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -48,7 +48,7 @@ $data['alertSuccess'][] = MSG_CATEGORY_ADDED.' '.$_POST['cat']; } if (isset($_POST['token'])) { - Token::remove($_POST['token']); + Token::remove($token); } break; @@ -60,7 +60,8 @@ case true: // cleanup first $cat = Typo::cleanX($_POST['cat']); - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -78,7 +79,7 @@ $data['alertSuccess'][] = MSG_CATEGORY_UPDATED.' '.$_POST['cat']; } if (isset($_POST['token'])) { - Token::remove($_POST['token']); + Token::remove($token); } break; @@ -87,7 +88,8 @@ } if (isset($_GET['act']) == 'del') { - if (!isset($_GET['token']) || !Token::isExist($_GET['token'])) { + $token = Typo::cleanX($_GET['token']); + if (!isset($_GET['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -98,7 +100,7 @@ $data['alertSuccess'][] = MSG_CATEGORY_REMOVED; } if (isset($_GET['token'])) { - Token::remove($_GET['token']); + Token::remove($token); } } $data['cat'] = Db::result("SELECT * FROM `cat` WHERE `type` = 'post' ORDER BY `id` DESC");
inc/lib/Control/Backend/comments.control.php+28 −16 modified@@ -21,16 +21,11 @@ if (User::access(2)) { $data['sitetitle'] = COMMENTS; - if (isset($_GET['act'])) { - $act = $_GET['act']; - } else { - $act = ''; - } - - if (isset($_GET['act']) && $_GET['act'] == 'del') { + if (isset($_GET['act']) && $_GET['act'] == 'del' && !isset($_POST)) { if (isset($_GET['id'])) { $id = Typo::int($_GET['id']); - if (!isset($_GET['token']) || !Token::isExist($_GET['token'])) { + $token = Typo::cleanX($_GET['token']); + if (!isset($_GET['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -47,12 +42,15 @@ } } if (isset($_GET['token'])) { - Token::remove($_GET['token']); + Token::remove($token); } + } else { $data['alertDanger'][] = MSG_USER_NO_ID_SELECTED; } } + + if (isset($_POST['action'])) { $action = Typo::cleanX($_POST['action']); } else { @@ -65,7 +63,8 @@ } switch ($action) { case 'publish': - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -74,16 +73,18 @@ } else { if ($post_id != '') { foreach ($post_id as $id) { + $id = Typo::int($id); Comments::publish($id); } } } if (isset($_POST['token'])) { - Token::remove($_POST['token']); + Token::remove($token); } break; case 'unpublish': - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -92,16 +93,18 @@ } else { if ($post_id != '') { foreach ($post_id as $id) { + $id = Typo::int($id); Comments::unpublish($id); } } } if (isset($_POST['token'])) { - Token::remove($_POST['token']); + Token::remove($token); } break; case 'delete': - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -110,27 +113,36 @@ } else { if ($post_id != '') { foreach ($post_id as $id) { + $id = Typo::int($id); Comments::delete($id); Hooks::run('post_delete_action', $id); } } } if (isset($_POST['token'])) { - Token::remove($_POST['token']); + Token::remove($token); } break; default: break; } + if (isset($_GET['act'])) { + $act = $_GET['act']; + } else { + $act = ''; + } + + + // search query $where = ''; $qpage = ''; if (isset($_GET['q']) && $_GET['q'] != '') { $q = Typo::cleanX($_GET['q']); $where .= "AND (`comment` LIKE '%{$q}%' OR `email` LIKE '%{$q}%') "; - $qpage .= "&q={$q}"; + $qpage .= "&q={$_GET['q']}"; } if (isset($_GET['from']) && $_GET['from'] != '') { $from = Typo::cleanX($_GET['from']);
inc/lib/Control/Backend/comments-settings.control.php+2 −1 modified@@ -22,7 +22,8 @@ $data['sitetitle'] = 'Comments Settings'; if (isset($_POST['change'])) { - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { $alertDanger[] = TOKEN_NOT_EXIST; }
inc/lib/Control/Backend/menus.control.php+30 −20 modified@@ -34,7 +34,8 @@ } switch ($submit) { case true: - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { $alertDanger[] = TOKEN_NOT_EXIST; } if (!isset($_POST['id']) || $_POST['id'] == '') { @@ -130,9 +131,11 @@ } else { $submit = false; } + $itemid = Typo::int($_GET['itemid']); switch ($submit) { case true: - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -144,16 +147,16 @@ 'menuid' => Typo::strip($_POST['id']), 'name' => Typo::cleanX($_POST['name']), 'class' => Typo::cleanX($_POST['class']), - 'type' => $_POST['type'], + 'type' => Typo::cleanX(['type']), 'value' => $_POST[$_POST['type']], ); $vars = array( - 'id' => $_GET['itemid'], + 'id' => $itemid, 'key' => $vars, ); Menus::update($vars); $data['alertSuccess'][] = 'Menu Updated'; - Token::remove($_POST['token']); + Token::remove($token); } break; @@ -163,19 +166,20 @@ } if (isset($_GET['id'])) { - $menuid = $_GET['id']; + $menuid = Typo::int($_GET['id']); } else { $menuid = ''; } - $data['menus'] = Menus::getId($_GET['itemid']); + $data['menus'] = Menus::getId($itemid); $data['parent'] = Menus::isHadParent('', $menuid); Theme::admin('header', $data); System::inc('menus_form_edit', $data); Theme::admin('footer'); break; case 'del': if (isset($_POST['additem'])) { - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -198,22 +202,24 @@ ); Menus::insert($vars); $data['alertSuccess'][] = 'Menu Item Added'; - Token::remove($_POST['token']); + Token::remove($token); } } else { if (isset($_GET['itemid']) && !isset($_POST['additem'])) { - if (!isset($_GET['token']) || !Token::isExist($_GET['token'])) { + $token = Typo::cleanX($_GET['token']); + $itemid = Typo::int($_GET['itemid']); + if (!isset($_GET['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } if (isset($alertDanger)) { $data['alertDanger'] = $alertDanger; } else { - Menus::delete($_GET['itemid']); + Menus::delete($itemid); $data['alertSuccess'][] = 'Menu Deleted'; } if (isset($_GET['token'])) { - Token::remove($_GET['token']); + Token::remove($token); } } else { $data['alertDanger'][] = 'No ID Selected.'; @@ -227,7 +233,8 @@ case 'remove': if (isset($_GET['menuid'])) { - if (!isset($_GET['token']) || !Token::isExist($_GET['token'])) { + $token = Typo::cleanX($_GET['token']); + if (!isset($_GET['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -245,7 +252,7 @@ $data['alertSuccess'][] = 'Menu Deleted'; } if (isset($_GET['token'])) { - Token::remove($_GET['token']); + Token::remove($token); } } else { $data['alertDanger'][] = 'No ID Selected.'; @@ -264,7 +271,8 @@ } switch ($submit) { case true: - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -295,7 +303,7 @@ $data['alertSuccess'][] = 'Menu Added'; } if (isset($_POST['token'])) { - Token::remove($_POST['token']); + Token::remove($token); } break; @@ -311,7 +319,8 @@ } switch ($submit) { case true: - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -334,7 +343,7 @@ ); Menus::insert($vars); $data['alertSuccess'][] = 'Menu Item Added'; - Token::remove($_POST['token']); + Token::remove($token); } break; @@ -356,7 +365,8 @@ // echo "<pre>"; // print_r($_POST['order']); // echo "</pre>"; - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -369,7 +379,7 @@ $data['alertSuccess'][] = 'Menu Order Changed'; } if (isset($_POST['token'])) { - Token::remove($_POST['token']); + Token::remove($token); } break;
inc/lib/Control/Backend/modules.control.php+1 −1 modified@@ -55,7 +55,7 @@ $data['alertDanger'] = $alertDanger; } if (isset($_POST['token'])) { - Token::remove($_POST['token']); + Token::remove(Typo::cleanX($_POST['token'])); } }
inc/lib/Control/Backend/multilang.control.php+7 −4 modified@@ -22,7 +22,8 @@ $data['sitetitle'] = 'Multilanguage'; if (isset($_POST['addcountry'])) { - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { $alertDanger[] = TOKEN_NOT_EXIST; } if (!isset($_POST['multilang_country_name']) || $_POST['multilang_country_name'] == '') { @@ -45,14 +46,15 @@ $langs = json_encode($langs); Options::update('multilang_country', $langs); new Options(); - Token::remove($_POST['token']); + Token::remove($token); } else { $data['alertDanger'] = $alertDanger; } } if (isset($_GET['del']) && $_GET['del'] != '') { - if (!isset($_GET['token']) || !Token::isExist($_GET['token'])) { + $token = Typo::cleanX($_GET['token']); + if (!isset($_GET['token']) || !Token::isExist($token)) { $alertDanger[] = TOKEN_NOT_EXIST; } if (!isset($alertDanger)) { @@ -74,7 +76,8 @@ } if (isset($_POST['change'])) { - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { $alertDanger[] = TOKEN_NOT_EXIST; }
inc/lib/Control/Backend/pages.control.php+54 −43 modified@@ -29,10 +29,10 @@ switch ($act) { case 'add': $data[''] = ''; - switch (isset($_POST['submit'])) { case true: - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -62,7 +62,7 @@ if (!isset($_POST['date']) || $_POST['date'] == '') { $date = date('Y-m-d H:i:s'); } else { - $date = $_POST['date']; + $date = Typo::cleanX($_POST['date']); } $vars = array( 'title' => $title, @@ -81,7 +81,7 @@ foreach ($_POST['title'] as $key => $value) { $multilang[] = array( $key => array( - 'title' => $_POST['title'][$key], + 'title' => Typo::cleanX($_POST['title'][$key]), 'content' => Typo::cleanX($_POST['content'][$key]), ), ); @@ -92,7 +92,7 @@ } $data['alertSuccess'][] = PAGE." {$title} ".MSG_PAGE_ADDED; Hooks::run('post_submit_add_action', $_POST); - Token::remove($_POST['token']); + isset($_POST['token']) ? Token::remove($token): ''; } break; @@ -107,9 +107,11 @@ case 'edit': //echo "edit"; + $id = isset($_GET['id']) ? Typo::int($_GET['id']): ''; switch (isset($_POST['submit'])) { case true: - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -138,7 +140,7 @@ if (!isset($_POST['date']) || $_POST['date'] == '') { $date = date('Y-m-d H:i:s'); } else { - $date = $_POST['date']; + $date = Typo::cleanX($_POST['date']); } $moddate = date('Y-m-d H:i:s'); $vars = array( @@ -156,22 +158,22 @@ foreach ($_POST['title'] as $key => $value) { $multilang[] = array( $key => array( - 'title' => $_POST['title'][$key], + 'title' => Typo::cleanX($_POST['title'][$key]), 'content' => Typo::cleanX($_POST['content'][$key]), ), ); } $multilang = json_encode($multilang); - if (Posts::existParam('multilang', $_GET['id'])) { - Posts::editParam('multilang', $multilang, $_GET['id']); + if (Posts::existParam('multilang', $id)) { + Posts::editParam('multilang', $multilang, $id); } else { - Posts::addParam('multilang', $multilang, $_GET['id']); + Posts::addParam('multilang', $multilang, $id); } // print_r($multilang); } $data['alertSuccess'][] = PAGE." {$title} ".MSG_PAGE_UPDATED; - Token::remove($_POST['token']); + Token::remove($token); } break; @@ -180,7 +182,7 @@ //System::inc('posts_form', $data); break; } - $id = Typo::int($_GET['id']); + $data['post'] = Db::result("SELECT * FROM `posts` AS A LEFT JOIN `posts_param` AS B ON A.`id` = B.`post_id` @@ -192,17 +194,20 @@ break; default: - if (isset($_GET['act']) && $_GET['act'] == 'del') { + if (isset($_GET['act']) && $_GET['act'] == 'del' && !isset($_POST)) { + if (isset($_GET['id'])) { - $title = Posts::title(Typo::int($_GET['id'])); - if (!isset($_GET['token']) || !Token::isExist($_GET['token'])) { + $id = Typo::int($_GET['id']); + $title = Posts::title($id); + $token = Typo::cleanX($_GET['token']); + if (!isset($_GET['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } if (isset($alertDanger)) { $data['alertDanger'] = $alertDanger; } else { - $del = Posts::delete($_GET['id']); + $del = Posts::delete($id); } //echo $title['error']; if (isset($del['error'])) { @@ -211,7 +216,7 @@ $data['alertSuccess'][] = PAGE." {$title} ".MSG_PAGE_REMOVED; } if (isset($_GET['token'])) { - Token::remove($_GET['token']); + Token::remove($token); } } else { $data['alertDanger'][] = 'No ID Selected'; @@ -229,7 +234,8 @@ } switch ($action) { case 'publish': - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -238,16 +244,18 @@ } else { if ($post_id != '') { foreach ($post_id as $id) { + $id = Typo::int($id); Posts::publish($id); } } } if (isset($_POST['token'])) { - Token::remove($_POST['token']); + Token::remove($token); } break; case 'unpublish': - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -256,16 +264,18 @@ } else { if ($post_id != '') { foreach ($post_id as $id) { + $id = Typo::int($id); Posts::unpublish($id); } } } if (isset($_POST['token'])) { - Token::remove($_POST['token']); + Token::remove($token); } break; case 'delete': - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -274,13 +284,14 @@ } else { if ($post_id != '') { foreach ($post_id as $id) { + $id = Typo::int($id); Posts::delete($id); Hooks::run('post_delete_action', $id); } } } if (isset($_POST['token'])) { - Token::remove($_POST['token']); + Token::remove($token); } break; @@ -326,27 +337,27 @@ $offset = 0; } - $data['posts'] = Db::result( - sprintf("SELECT * FROM `posts` - WHERE `type` = 'page' %s - ORDER BY `date` DESC - LIMIT %d,%d", $where, $offset, $max) - ); - $data['num'] = Db::$num_rows; + $data['posts'] = Db::result( + sprintf("SELECT * FROM `posts` + WHERE `type` = 'page' %s + ORDER BY `date` DESC + LIMIT %d,%d", $where, $offset, $max) + ); + $data['num'] = Db::$num_rows; - $page = array( - 'paging' => $paging, - 'table' => 'posts', - 'where' => "`type` = 'page'".$where, - 'max' => $max, - 'url' => 'index.php?page=pages'.$qpage, - 'type' => 'pager', - ); - $data['paging'] = Paging::create($page); + $page = array( + 'paging' => $paging, + 'table' => 'posts', + 'where' => "`type` = 'page' ".$where, + 'max' => $max, + 'url' => 'index.php?page=pages'.$qpage, + 'type' => 'pager', + ); + $data['paging'] = Paging::create($page); - Theme::admin('header', $data); - System::inc('pages', $data); - Theme::admin('footer'); + Theme::admin('header', $data); + System::inc('pages', $data); + Theme::admin('footer'); break; }
inc/lib/Control/Backend/permalink.control.php+2 −1 modified@@ -22,7 +22,8 @@ $data['sitetitle'] = 'Permalink'; if (isset($_POST['change'])) { - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { $alertDanger[] = TOKEN_NOT_EXIST; }
inc/lib/Control/Backend/posts.control.php+41 −25 modified@@ -32,8 +32,9 @@ switch (isset($_POST['submit'])) { case true: // print_r($_POST); + $token = Typo::cleanX($_POST['token']); // check token first - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -63,7 +64,7 @@ if (!isset($_POST['date']) || $_POST['date'] == '') { $date = date('Y-m-d H:i:s'); } else { - $date = $_POST['date']; + $date = Typo::cleanX($_POST['date']); } $vars = array( 'title' => $title, @@ -125,10 +126,13 @@ break; case 'edit': + $id = Typo::int($_GET['id']); + switch (isset($_POST['submit'])) { case true: // check token first - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { $alertDanger[] = TOKEN_NOT_EXIST; } @@ -196,36 +200,36 @@ ); } $multilang = json_encode($multilang, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE); - if (!Posts::existParam('multilang', $_GET['id'])) { - Posts::addParam('multilang', $multilang, $_GET['id']); + if (!Posts::existParam('multilang', $id)) { + Posts::addParam('multilang', $multilang, $id); } else { - Posts::editParam('multilang', $multilang, $_GET['id']); + Posts::editParam('multilang', $multilang, $id); } // print_r($multilang); } $tags = Typo::cleanX($_POST['tags']); - if (!Posts::existParam('tags', $_GET['id'])) { - Posts::addParam('tags', $tags, $_GET['id']); + if (!Posts::existParam('tags', $id)) { + Posts::addParam('tags', $tags, $id); } else { - Posts::editParam('tags', $tags, $_GET['id']); + Posts::editParam('tags', $tags, $id); } Tags::add($tags); if (isset($_POST['param'])){ foreach ($_POST['param'] as $k => $v) { - if (!Posts::existParam($k, $_GET['id'])) { - Posts::addParam($k, $v, $_GET['id']); + if (!Posts::existParam($k, $id)) { + Posts::addParam($k, $v, $id); } else { - Posts::editParam($k, $v, $_GET['id']); + Posts::editParam($k, $v, $id); } } } $data['alertSuccess'][] = POST." {$title} ".MSG_POST_UPDATED; Hooks::run('post_submit_edit_action', $_POST); - Token::remove($_POST['token']); + Token::remove($token); } break; @@ -234,25 +238,31 @@ break; } - $data['post'] = Db::result("SELECT * FROM `posts` WHERE `id` = '{$_GET['id']}' "); + $vars = array( + 'id' => $id + ); + $data['post'] = Posts::fetch($vars); //Db::result("SELECT * FROM `posts` WHERE `id` = '{$_GET['id']}' "); + Theme::admin('header', $data); System::inc('posts_form', $data); Theme::admin('footer'); break; default: - if (isset($_GET['act']) && $_GET['act'] == 'del') { + if (isset($_GET['act']) && $_GET['act'] == 'del' && !isset($_POST)) { if (isset($_GET['id'])) { - if (!isset($_GET['token']) || !Token::isExist($_GET['token'])) { + $id = Typo::int($_GET['id']); + $token = Typo::cleanX($_GET['token']); + if (!isset($_GET['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } if (isset($alertDanger)) { $data['alertDanger'] = $alertDanger; } else { - $title = Posts::title($_GET['id']); - $del = Posts::delete($_GET['id']); + $title = Posts::title($id); + $del = Posts::delete($id); //echo $title['error']; if (isset($del['error'])) { $data['alertDanger'][] = $del['error']; @@ -262,7 +272,7 @@ } } if (isset($_GET['token'])) { - Token::remove($_GET['token']); + Token::remove($token); } } else { $data['alertDanger'][] = MSG_USER_NO_ID_SELECTED; @@ -280,7 +290,8 @@ } switch ($action) { case 'publish': - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -289,6 +300,7 @@ } else { if ($post_id != '') { foreach ($post_id as $id) { + $id = Typo::int($id); Posts::publish($id); } } @@ -298,7 +310,8 @@ } break; case 'unpublish': - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -307,16 +320,18 @@ } else { if ($post_id != '') { foreach ($post_id as $id) { + $id = Typo::int($id); Posts::unpublish($id); } } } if (isset($_POST['token'])) { - Token::remove($_POST['token']); + Token::remove($token); } break; case 'delete': - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -325,13 +340,14 @@ } else { if ($post_id != '') { foreach ($post_id as $id) { + $id = Typo::int($id); Posts::delete($id); Hooks::run('post_delete_action', $id); } } } if (isset($_POST['token'])) { - Token::remove($_POST['token']); + Token::remove($token); } break; @@ -345,7 +361,7 @@ if (isset($_GET['q']) && $_GET['q'] != '') { $q = Typo::cleanX($_GET['q']); $where .= "AND (`title` LIKE '%{$q}%' OR `content` LIKE '%{$q}%') "; - $qpage .= "&q={$q}"; + $qpage .= "&q={$_GET['q']}"; } if (isset($_GET['cat']) && $_GET['cat'] != '') { $cat = Typo::int($_GET['cat']);
inc/lib/Control/Backend/settings.control.php+3 −2 modified@@ -22,7 +22,8 @@ $data['sitetitle'] = SETTINGS; switch (isset($_POST['change'])) { case '1': - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -76,7 +77,7 @@ $data['alertSuccess'][] = MSG_SETTINGS_SAVED; } if (isset($_POST['token'])) { - Token::remove($_POST['token']); + Token::remove($token); } break;
inc/lib/Control/Backend/tags.control.php+10 −8 modified@@ -25,8 +25,8 @@ // cleanup first $slug = Typo::slugify(Typo::cleanX($_POST['cat'])); $cat = Typo::cleanX($_POST['cat']); - - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -48,7 +48,7 @@ $data['alertSuccess'][] = MSG_TAG_ADDED.' '.$_POST['cat']; } if (isset($_POST['token'])) { - Token::remove($_POST['token']); + Token::remove($token); } break; @@ -60,7 +60,8 @@ case true: // cleanup first $cat = Typo::cleanX($_POST['cat']); - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -86,19 +87,20 @@ break; } - if (isset($_GET['act']) == 'del') { - if (!isset($_GET['token']) || !Token::isExist($_GET['token'])) { + if (isset($_GET['act']) && $_GET['act'] == 'del' && !isset($_POST)) { + $token = Typo::cleanX($_GET['token']); + if (!isset($_GET['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } if (isset($alertDanger)) { $data['alertDanger'] = $alertDanger; } else { - Categories::delete($_GET['id']); + Categories::delete(Typo::int($_GET['id'])); $data['alertSuccess'][] = MSG_TAG_REMOVED; } if (isset($_GET['token'])) { - Token::remove($_GET['token']); + Token::remove($token); } } $data['cat'] = Db::result("SELECT * FROM `cat` WHERE `type` = 'tag' ORDER BY `id` DESC");
inc/lib/Control/Backend/themes.control.php+8 −5 modified@@ -27,7 +27,8 @@ Theme::admin('footer'); } else { if (isset($_POST['upload'])) { - if (!Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!Token::isExist($token)) { $alertDanger[] = TOKEN_NOT_EXIST; } if (!isset($_FILES['theme']['name']) || $_FILES['theme']['name'] == '') { @@ -54,27 +55,29 @@ $data['alertDanger'] = $alertDanger; } if (isset($_POST['token'])) { - Token::remove($_POST['token']); + Token::remove($token); } } if (isset($_GET['act'])) { if ($_GET['act'] == 'activate') { - if (!Token::isExist($_GET['token'])) { + $token = Typo::cleanX($_GET['token']); + if (!Token::isExist($token)) { $alertDanger[] = TOKEN_NOT_EXIST; } if (!isset($alertDanger)) { - Theme::activate($_GET['themes']); + Theme::activate(Typo::cleanX($_GET['themes'])); $data['alertSuccess'][] = THEME_ACTIVATED; } else { $data['alertDanger'] = $alertDanger; } } elseif ($_GET['act'] == 'remove') { + $token = Typo::cleanX($_GET['token']); if (!Token::isExist($_GET['token'])) { $alertDanger[] = TOKEN_NOT_EXIST; } - if (Theme::isActive($_GET['themes'])) { + if (Theme::isActive(Typo::cleanX($_GET['themes']))) { $alertDanger[] = MSG_THEME_IS_ACTIVE; } if (!isset($alertDanger)) {
inc/lib/Control/Backend/users.control.php+43 −30 modified@@ -70,7 +70,8 @@ switch (isset($_POST['edituser'])) { case true: //check token first - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -85,10 +86,11 @@ } if (!isset($alertDanger)) { + $id = Typo::int($_GET['id']); $group = (User::access(1)) ? Typo::int($_POST['group']) : Session::val('group'); - $userid = (User::access(0)) ? Typo::cleanX($_POST['userid']) : User::id($_GET['id']); + $userid = (User::access(0)) ? Typo::cleanX($_POST['userid']) : User::id($id); $vars = array( - 'id' => sprintf('%d', $_GET['id']), + 'id' => $id, 'user' => array( 'userid' => $userid, 'email' => Typo::cleanX($_POST['email']), @@ -104,7 +106,7 @@ //print_r($vars); } User::update($vars); - $alertSuccess[] = 'User : '.User::userid($_GET['id']).' Updated'; + $alertSuccess[] = 'User : '.User::userid($id).' Updated'; if (isset($alertSuccess)) { $data['alertSuccess'] = $alertSuccess; @@ -115,7 +117,7 @@ } if (isset($_POST['token'])) { - Token::remove($_POST['token']); + Token::remove($token); } break; default: @@ -128,17 +130,19 @@ case 'del': if (User::access(1)) { if (isset($_GET['id'])) { - $user = User::userid($_GET['id']); - if (!isset($_GET['token']) || !Token::isExist($_GET['token'])) { + $id = Typo::int($_GET['id']); + $user = User::userid($id); + $token = Typo::cleanX($_GET['token']); + if (!isset($_GET['token']) || !Token::isExist($token)) { // VALIDATE ALL $data['alertDanger'][] = TOKEN_NOT_EXIST; } else { - User::delete($_GET['id']); + User::delete($id); Hooks::run('user_delete_action', $_GET); $data['alertSuccess'][] = USER.' '.$user.' '.MSG_USER_REMOVED; } if (isset($_GET['token'])) { - Token::remove($_GET['token']); + Token::remove($token); } } else { $data['alertDanger'][] = MSG_USER_NO_ID_SELECTED; @@ -161,18 +165,20 @@ break; case 'active': if (User::access(1)) { + $id = Typo::int($_GET['id']); + $token = Typo::cleanX($_GET['token']); if (!isset($_GET['token']) || !Token::isExist($_GET['token'])) { // VALIDATE ALL $data['alertDanger'][] = TOKEN_NOT_EXIST; } else { - if (User::activate($_GET['id'])) { - $data['alertSuccess'][] = USER.' '.User::userid($_GET['id']).' '.MSG_USER_ACTIVATED; + if (User::activate($id)) { + $data['alertSuccess'][] = USER.' '.User::userid($id).' '.MSG_USER_ACTIVATED; } else { - $data['alertDanger'][] = USER.' '.User::userid($_GET['id']).' '.MSG_USER_ACTIVATION_FAIL; + $data['alertDanger'][] = USER.' '.User::userid($id).' '.MSG_USER_ACTIVATION_FAIL; } } if (isset($_GET['token'])) { - Token::remove($_GET['token']); + Token::remove($token); } $data['usr'] = Db::result("SELECT * FROM `user` WHERE {$where} ORDER BY `userid` ASC LIMIT {$offset}, {$max}"); $data['num'] = Db::$num_rows; @@ -193,18 +199,20 @@ case 'inactive': if (User::access(1)) { - if (!isset($_GET['token']) || !Token::isExist($_GET['token'])) { + $token = Typo::cleanX($_GET['token']); + $id = Typo::int($_GET['id']); + if (!isset($_GET['token']) || !Token::isExist($token)) { // VALIDATE ALL $data['alertDanger'][] = TOKEN_NOT_EXIST; } else { - if (User::deactivate($_GET['id'])) { - $data['alertSuccess'][] = USER.' '.User::userid($_GET['id']).' '.MSG_USER_DEACTIVATED; + if (User::deactivate($id)) { + $data['alertSuccess'][] = USER.' '.User::userid($id).' '.MSG_USER_DEACTIVATED; } else { - $data['alertDanger'][] = USER.' '.User::userid($_GET['id']).' '.MSG_USER_DEACTIVATION_FAIL; + $data['alertDanger'][] = USER.' '.User::userid($id).' '.MSG_USER_DEACTIVATION_FAIL; } } if (isset($_GET['token'])) { - Token::remove($_GET['token']); + Token::remove($token); } $data['usr'] = Db::result("SELECT * FROM `user` WHERE {$where} ORDER BY `userid` ASC LIMIT {$offset}, {$max}"); $data['num'] = Db::$num_rows; @@ -230,15 +238,17 @@ case true: // CHECK TOKEN FIRST //echo Token::isExist($_POST['token']); - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } $userid = Typo::cleanX($_POST['userid']); $email = Typo::cleanX($_POST['email']); $group = Typo::int($_POST['group']); - + $pass1 = Typo::strip($_POST['pass1']); + $pass2 = Typo::strip($_POST['pass2']); if (!isset($userid) || $userid == '') { // VALIDATE ALL $alertDanger[] = USERID_CANNOT_EMPTY; @@ -252,7 +262,7 @@ $alertDanger[] = PASS2_CANNOT_EMPTY; } - if (User::isExist($_POST['userid'])) { + if (User::isExist($userid)) { $alertDanger[] = MSG_USER_EXIST; } if (!User::isSame($_POST['pass1'], $_POST['pass2'])) { @@ -277,12 +287,12 @@ User::create($vars); Hooks::run('user_submit_add_action', $_POST); Token::remove($_POST['token']); - $data['alertSuccess'][] = USER." {$_POST['userid']}, ".MSG_USER_ADDED; + $data['alertSuccess'][] = USER." {$userid}, ".MSG_USER_ADDED; } else { $data['alertDanger'] = $alertDanger; } if (isset($_POST['token'])) { - Token::remove($_POST['token']); + Token::remove($token); } break; @@ -296,13 +306,14 @@ $action = ''; } if (isset($_POST['user_id'])) { - $user_id = Typo::cleanX($_POST['user_id']); + $user_id = $_POST['user_id']; } else { $user_id = ''; } switch ($action) { case 'activate': - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -314,11 +325,12 @@ } } if (isset($_POST['token'])) { - Token::remove($_POST['token']); + Token::remove($token); } break; case 'deactivate': - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -330,11 +342,12 @@ } } if (isset($_POST['token'])) { - Token::remove($_POST['token']); + Token::remove($token); } break; case 'delete': - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -346,7 +359,7 @@ } } if (isset($_POST['token'])) { - Token::remove($_POST['token']); + Token::remove($token); } break;
inc/lib/Control/Frontend/author.control.php+1 −1 modified@@ -36,7 +36,7 @@ if (isset($_GET['paging'])) { $paging = Typo::int($_GET['paging']); } - $type = isset($_GET['type']) ? $_GET['type']: ''; + $type = isset($_GET['type']) ? Typo::cleanX(Typo::strip($_GET['type'])): ''; } if ($type != '') {
inc/lib/Control/Frontend/post.control.php+8 −17 modified@@ -35,25 +35,16 @@ $data['p_type'] = Posts::type($post_id); -$data['posts'] = Db::result( - sprintf( - "SELECT * FROM `posts` - WHERE (`id` = '%d' - OR `slug` = '%s') - AND `type` = '%s' - AND `status` = '%d' - LIMIT 1", - $post, - $post, - $data['p_type'], - '1' - ) +$vars = array( + 'id' => $post_id, + 'type' => $data['p_type'], + 'status' => '1' ); -$num_rows = Db::$num_rows; +$posts = Posts::fetch($vars); -$data['posts'] = Posts::prepare($data['posts']); -// print_r($data['posts']); -if ($num_rows > 0) { +$data['posts'] = Posts::prepare($posts); + +if (!isset($posts['error'])) { $theme = Theme::exist($data['p_type']) ? $data['p_type']: 'single'; Theme::theme('header', $data); Theme::theme($theme, $data);
inc/lib/Date.class.php+2 −1 modified@@ -54,7 +54,8 @@ public static function local($date, $format = '') public static function timeZone() { - $timezones = DateTimeZone::listAbbreviations(DateTimeZone::ALL); + $timezones = DateTimeZone::listAbbreviations(); +// $timezones = DateTimeZone::listAbbreviations(DateTimeZone::ALL); $cities = array(); foreach ($timezones as $key => $zones) {
inc/lib/Files.class.php+5 −1 modified@@ -97,6 +97,7 @@ function elfinderDialog() { * A simple function to check file from bad codes. * * @param (string) $file - file path. + * @return (boolean) * * @author Yousef Ismaeil - Cliprz[at]gmail[dot]com. */ @@ -111,7 +112,8 @@ public static function isClean($file) } else { if (file_exists($file)) { // $contents = file_get_contents($file); - $contents = fread($handle, filesize($file)); +// $contents = fread($handle, filesize($file)); + $contents = fread($handle, 9064); } } @@ -133,6 +135,8 @@ public static function isClean($file) return false; } elseif (preg_match('#</*(applet|link|style|script|iframe|frame|frameset|html|body|title|div|p|form)*>#i', $contents)) { return false; + } elseif (preg_match('#<\?(.*)\?>#i', $contents)) { + return false; } else { return true; }
inc/lib/Hooks.class.php+6 −4 modified@@ -175,14 +175,16 @@ public static function getKey($var) public static function exist($val, $hooks) { - // print_r(self::getKey($hooks)); +// print_r(self::getKey($hooks)); $hooked = self::getKey($hooks); + $n = 0; for ($i = 0; $i < count($hooked); ++$i) { if (in_array($val, $hooked[$i])) { - return true; - } else { - return false; + $n = $n + 1; } } + + if ($n > 0) return true; + else false; } }
inc/lib/Install.class.php+4 −4 modified@@ -202,9 +202,9 @@ public static function createTable() $post_param = 'CREATE TABLE IF NOT EXISTS `posts_param` ( `id` bigint(32) NOT NULL, - `post_id` bigint(32) NOT NULL, - `param` text NOT NULL, - `value` text NOT NULL + `post_id` BIGINT(32) NOT NULL, + `param` TEXT NOT NULL, + `value` LONGTEXT NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8'; $db->query($post_param); @@ -262,7 +262,7 @@ public static function createTable() `name` text NOT NULL, `email` text NOT NULL, `url` text NOT NULL, - `comment` text NOT NULL, + `comment` longtext NOT NULL, `post_id` int(11) NOT NULL, `parent` int(11) NOT NULL, `status` enum('0','1','2') NOT NULL,
inc/lib/Language.class.php+8 −5 modified@@ -71,9 +71,11 @@ public static function getDefaultLang() public static function getLangParam($lang, $post_id) { + $post_id = Typo::int($post_id); if (Posts::existParam('multilang', $post_id)) { - $multilang = json_decode(Posts::getParam('multilang', $post_id), true); - // print_r($multilang); + $langparam = Typo::Xclean(Posts::getParam('multilang', $post_id)); + $multilang = json_decode($langparam, true); + foreach ($multilang as $key => $value) { // print_r($value); $keys = array_keys($value); @@ -93,8 +95,9 @@ public static function setActive($lang = '') $lg = json_decode($lg, true); if (isset($_GET['lang']) && $_GET['lang'] != '' && $lang == '') { - if (key_exists($_GET['lang'], $lg)) { - Session::set(array('lang' => $_GET['lang'])); + $getLang = Typo::cleanX($_GET['lang']); + if (key_exists($getLang, $lg)) { + Session::set(array('lang' => $getLang)); } else { Session::remove('lang'); } @@ -130,7 +133,7 @@ public static function isActive() if ($langs != '') { $lang = Session::val('lang'); } else { - $lang = isset($_GET['lang']) ? $_GET['lang'] : ''; + $lang = isset($_GET['lang']) ? Typo::cleanX($_GET['lang']) : ''; } } else { $lang = '';
inc/lib/Mail.class.php+3 −3 modified@@ -18,6 +18,7 @@ * @license http://www.opensource.org/licenses/mit-license.php MIT */ +use PHPMailer\PHPMailer; /** * */ @@ -69,9 +70,8 @@ public static function send($vars) $type = Options::v('mailtype'); if ($type == 0) { // use php mail command - //Create a new PHPMailer instance - $mail = new PHPMailer(true); + $mail = new PHPMailer\PHPMailer(true); try { $mail->isMail(); @@ -106,7 +106,7 @@ public static function send($vars) // } } elseif ($type == 1) { //Create a new PHPMailer instance - $mail = new PHPMailer(true); + $mail = new PHPMailer\PHPMailer(true); try { //Tell PHPMailer to use SMTP $mail->isSMTP();
inc/lib/Menus.class.php+5 −0 modified@@ -55,6 +55,8 @@ public function __construct() */ public static function isHadParent($parent = '', $menuid = '') { + $parent = Typo::cleanX($parent); + $menuid = Typo::cleanX($menuid); if (isset($menuid)) { $where = " AND `menuid` = '{$menuid}'"; } else { @@ -329,6 +331,7 @@ public static function getMenuAdmin($menuid, $class = '') public static function getMenuRaw($menuid) { + $menuid = Typo::cleanX($menuid); $sql = sprintf("SELECT * FROM `menus` WHERE `menuid` = '%s' ORDER BY `order` ASC", $menuid); $menus = Db::result($sql); $n = Db::$num_rows; @@ -339,6 +342,7 @@ public static function getMenuRaw($menuid) public static function getId($id = '') { if (isset($id)) { + Typo::int($id); $sql = sprintf("SELECT * FROM `menus` WHERE `id` = '%d'", $id); $menus = Db::result($sql); $n = Db::$num_rows; @@ -398,6 +402,7 @@ public static function update($vars) public static function delete($id) { + $id = Typo::int($id); $sql = array( 'table' => 'menus', 'where' => array(
inc/lib/Mod.class.php+4 −1 modified@@ -31,11 +31,14 @@ public static function mod($var) self::load($var); } + /** + * @param $var + */ public static function options($var) { $file = GX_MOD.$var.'/options.php'; if (file_exists($file)) { - include $file; + include($file); } }
inc/lib/Options.class.php+8 −2 modified@@ -41,8 +41,8 @@ public static function insert($vars) $ins = array( 'table' => 'options', 'key' => array( - 'name' => $name, - 'value' => $value, + 'name' => Typo::cleanX($name), + 'value' => Typo::cleanX($value), ), ); $opt = Db::insert($ins); @@ -58,9 +58,13 @@ public static function update($key, $val = '') { if (is_array($key)) { foreach ($key as $k => $v) { + $k = Typo::cleanX($k); + $v = Typo::cleanX($v); $post = Db::query("UPDATE `options` SET `value`='{$v}' WHERE `name` = '{$k}' LIMIT 1"); } } else { + $key = Typo::cleanX($key); + $val = Typo::cleanX($val); $post = Db::query("UPDATE `options` SET `value`='{$val}' WHERE `name` = '{$key}' LIMIT 1"); } @@ -69,6 +73,7 @@ public static function update($key, $val = '') public static function get($vars) { + $vars = Typo::cleanX($vars); $op = Db::result("SELECT `value` FROM `options` WHERE `name` = '{$vars}' LIMIT 1"); if (Db::$num_rows > 0) { return $op[0]->value; @@ -102,6 +107,7 @@ public static function v($vars) public static function isExist($vars) { + $vars = Typo::cleanX($vars); $opt = self::get($vars); if (false !== $opt) {
inc/lib/Paging.class.php+21 −17 modified@@ -47,37 +47,39 @@ public static function create($vars, $smart = false) $where = ''; } if (isset($vars['table'])) { - Db::result("SELECT * FROM `{$vars['table']}` {$where}"); + $table = Typo::cleanX($vars['table']); + Db::result("SELECT * FROM `{$table}` {$where}"); $dbtotal = Db::$num_rows; } if (isset($vars['total'])) { - $total = $vars['total']; + $total = Typo::int($vars['total']); } else { $total = $dbtotal; } if (isset($vars['type']) && $vars['type'] == 'number') { // NUMBER $r = '<ul class="pagination">'; $maxpage = 7; - $curr = $vars['paging']; + $curr = Typo::int($vars['paging']); + $max = Typo::int($vars['max']); if ($curr < $maxpage / 2) { $p = 1; - if ($maxpage > ceil($total / $vars['max'])) { - $limit = ceil($total / $vars['max']); + if ($maxpage > ceil($total / $max)) { + $limit = ceil($total / $max); } else { $limit = $maxpage; } - } elseif ($curr + floor($maxpage / 2) >= ceil($total / $vars['max'])) { - $p = $vars['paging'] - (ceil($maxpage / 2) - 1); - $limit = ceil($total / $vars['max']); + } elseif ($curr + floor($maxpage / 2) >= ceil($total / $max)) { + $p = $curr - (ceil($maxpage / 2) - 1); + $limit = ceil($total / $max); // echo "more total"; } elseif ($curr + floor($maxpage / 2) > $maxpage) { - $p = $vars['paging'] - (ceil($maxpage / 2) - 1); + $p = $curr - (ceil($maxpage / 2) - 1); $limit = $curr + ceil($maxpage / 2) - 1; // echo "more maxpage"; } else { - $p = $vars['paging'] - (ceil($maxpage / 2) - 1); + $p = $curr - (ceil($maxpage / 2) - 1); $limit = $curr + floor($maxpage / 2); } @@ -87,7 +89,7 @@ public static function create($vars, $smart = false) } else { $url = $vars['url'].'&paging='.$i; } - if ($vars['paging'] == $i) { + if ($curr == $i) { $sel = 'class="active"'; } else { $sel = ''; @@ -98,11 +100,13 @@ public static function create($vars, $smart = false) } elseif (isset($vars['type']) && $vars['type'] == 'pager') { // PAGER $r = '<ul class="pager">'; $limit = ceil($total / $vars['max']); + $curr = Typo::int($vars['paging']); + $max = Typo::int($vars['max']); - if ($vars['paging'] == 1) { - $prev = $vars['paging'] + 1; - } elseif ($vars['paging'] < $limit || $vars['paging'] = $limit) { - $prev = ($vars['paging']) - 1; + if ($curr == 1) { + $prev = $curr + 1; + } elseif ($curr < $limit || $curr = $limit) { + $prev = ($curr) - 1; if ($smart == true) { $url = $vars['url'].'paging/'.$prev.'/'; } else { @@ -111,8 +115,8 @@ public static function create($vars, $smart = false) $r .= "<li class=\"pull-left\"><a href=\"{$url}\">Previous</a></li>"; } - if ($vars['paging'] < $limit) { - $next = ($vars['paging']) + 1; + if ($curr < $limit) { + $next = ($curr) + 1; if ($smart == true) { $url = $vars['url'].'paging/'.$next.'/';
inc/lib/Posts.class.php+88 −13 modified@@ -195,13 +195,14 @@ public static function format($post, $id) public static function recent($vars) { - $catW = isset($vars['cat']) ? " AND `cat` = '".$vars['cat']."'" : ''; - $type = isset($vars['type']) ? $vars['type'] : 'post'; - $num = isset($vars['num']) ? $vars['num'] : '10'; + $catW = isset($vars['cat']) ? " AND `cat` = '".Typo::int($vars['cat'])."'" : ''; + $type = isset($vars['type']) ? Typo::cleanX($vars['type']) : 'post'; + $num = isset($vars['num']) ? Typo::int($vars['num']) : '10'; $sql = "SELECT * FROM `posts` WHERE `type` = '{$type}' {$catW} AND `status` = '1' ORDER BY `date` DESC LIMIT {$num}"; $posts = Db::result($sql); + if (isset($posts['error'])) { $posts['error'] = 'No Posts found.'; } else { @@ -248,19 +249,21 @@ public static function dropdown($vars) $name = $vars['name']; $where = "WHERE `status` = '1' AND "; if (isset($vars['type'])) { - $where .= " `type` = '{$vars['type']}' AND "; + $type = Typo::cleanX($vars['type']); + $where .= " `type` = '{$type}' AND "; } else { $where .= ' '; } $where .= " `status` = '1' "; $order_by = 'ORDER BY '; if (isset($vars['order_by'])) { - $order_by .= " {$vars['order_by']} "; + $orderBy = Typo::cleanX($vars['order_by']); + $order_by .= " {$order_by} "; } else { $order_by .= ' `name` '; } if (isset($vars['sort'])) { - $sort = " {$vars['sort']}"; + $sort = " ".Typo::cleanX($vars['sort']). " "; } else { $sort = 'ASC'; } @@ -297,9 +300,9 @@ public static function addParam($param, $value, $post_id) $sql = array( 'table' => 'posts_param', 'key' => array( - 'post_id' => $post_id, - 'param' => $param, - 'value' => $value, + 'post_id' => Typo::int($post_id), + 'param' => Typo::cleanX($param), + 'value' => Typo::cleanX($value), ), ); $q = Db::insert($sql); @@ -312,6 +315,9 @@ public static function addParam($param, $value, $post_id) public static function editParam($param, $value, $post_id) { + $post_id = Typo::int($post_id); + $param = Typo::cleanX($param); + $value = Typo::cleanX($value); $sql = "UPDATE `posts_param` SET `value` = '{$value}' WHERE `post_id` = '{$post_id}' AND `param` = '{$param}' "; $q = Db::query($sql); if ($q) { @@ -323,17 +329,21 @@ public static function editParam($param, $value, $post_id) public static function getParam($param, $post_id) { + $post_id = Typo::int($post_id); + $param = Typo::cleanX($param); $sql = "SELECT * FROM `posts_param` WHERE `post_id` = '{$post_id}' AND `param` = '{$param}' LIMIT 1"; $q = Db::result($sql); if (Db::$num_rows > 0) { - return $q[0]->value; + return Typo::Xclean($q[0]->value); } else { return ''; } } public static function delParam($param, $post_id) { + $post_id = Typo::int($post_id); + $param = Typo::cleanX($param); $sql = "DELETE FROM `posts_param` WHERE `post_id` = '{$post_id}' AND `param` = '{$param}' LIMIT 1"; $q = Db::query($sql); if ($q) { @@ -345,6 +355,8 @@ public static function delParam($param, $post_id) public static function existParam($param, $post_id) { + $post_id = Typo::int($post_id); + $param = Typo::cleanX($param); $sql = "SELECT * FROM `posts_param` WHERE `post_id` = '{$post_id}' AND `param` = '{$param}' LIMIT 1"; $q = Db::result($sql); if (Db::$num_rows > 0) { @@ -501,7 +513,7 @@ public static function related($id, $num, $cat, $mode = 'list') ) ); if (isset($post['error'])) { - $related = 'No Related Post(s)'; + $related = '<div class="col-sm-12">No Related Post(s)</div>'; } else { $related = ''; if ($mode == 'list') { @@ -518,15 +530,15 @@ public static function related($id, $num, $cat, $mode = 'list') $related .= '<ul class="list-group related clearfix">'; foreach ($post as $p) { if ($p->id != $id) { - $title = (strlen($p->title) > 34) ? substr($p->title, 0, 34).'...' : $p->title; + $title = (strlen($p->title) > 20) ? substr($p->title, 0, 15).'...' : $p->title; $img = self::getImage(Typo::Xclean($p->content)); if ($img != '') { $img = Url::thumb($img, 'square', 200); } else { $img = Url::thumb('assets/images/noimage.png', '', 200); } $related .= '<li class="list-unstyled col-sm-3 col-md-3 clearfix"><a href="'.Url::post($p->id).'"> - <img src="'.$img.'" class="img-responsive center-block">'.$title.'</a></li>'; + <img src="'.$img.'" class="img-responsive center-block" alt="'.$p->title.'" title="'.$p->title.'">'.$title.'</a></li>'; } else { $related .= ''; } @@ -585,6 +597,69 @@ public static function getImage($post) } } } + + + /** + * $vars = [ + * 'id' => '', + * 'type' => '', + * 'status' => '', + * 'slug' => '', + * 'where' => '' + * ] + * @param $vars + * @return mixed + */ + public static function fetch($vars) + { + + $where = '1 '; + if (isset($vars['id'])) { + $where .= " AND `id` = '{$vars['id']}' "; + } +// if (isset($vars['slug']) && $vars['slug'] != '') { +// $where .= "OR `slug` = '{$vars['slug']}' ) "; +// } else { +// $where .= ") "; +// } + if (isset($vars['type'])) { + $where .= " AND `type` = '{$vars['type']}' "; + } + if (isset($vars['status'])) { + $where .= " AND `status` = '{$vars['status']}' "; + } + if (isset($vars['where']) && $vars['where'] != '') { + $where .= $vars['where']; + } + + $sql = "SELECT * FROM `posts` WHERE {$where}"; + $q = Db::result($sql); + if (!isset($q['error'])){ + $arrA = array(); + foreach ($q[0] as $a => $b) { + $arrA []= [ $a => $b ]; + } + // get params + $sql = "SELECT * FROM `posts_param` WHERE `post_id` = '{$vars['id']}'"; + $r = Db::result($sql); + $arr = array(); + foreach ($r as $k => $v) { + $arr[] = [ $v->param => $v->value ]; + } + + $arrM = array_merge($arrA, $arr); + $p = array(); + foreach ($arrM as $i => $l) { + $p = array_merge($l, $p); + } + $res[0] = (object)$p; + } else { + $res['error'] = "data not found"; + } + + + return $res; + } } /* End of file Posts.class.php */
inc/lib/Site.class.php+7 −7 modified@@ -86,13 +86,13 @@ public static function meta($location = '', $cont_desc = '', $pre = '') echo " <meta name=\"Author\" content=\"{$data['posts'][0]->author}\">"; } - echo ' - <meta name="Generator" content="GeniXCMS '.System::v().'"> - <meta name="robots" content="'.Options::v('robots').'"> - <link rel="canonical" href="'.$canonical.'" /> - <link rel="shortcut icon" href="'.Options::v('siteicon').'" /> - <link rel="alternate" type="application/rss+xml" title="RSS Feed for '.self::$name.'" href="'.self::$url.'rss/" /> - '; + echo " + <meta name=\"Generator\" content=\"GeniXCMS ".System::v()."\"> + <meta name=\"robots\" content=\"".Options::v('robots')."\"> + <link rel=\"canonical\" href=\"".$canonical."\" /> + <link rel=\"shortcut icon\" href=\"".Options::v('siteicon')."\" /> + <link rel=\"alternate\" type=\"application/rss+xml\" title=\"RSS Feed for ".self::$name."\" href=\"".self::$url."rss/\" /> + "; ($location == 'backend') ? Hooks::run('header_load_admin_meta', $data) : Hooks::run('header_load_meta', $data); echo '
inc/lib/Sitemap.class.php+2 −2 modified@@ -26,8 +26,8 @@ public function __construct() public static function create($count = 20, $url = 'post', $type = 'post', $class = 'Url') { $var = array( - 'num' => $count, - 'type' => $type, + 'num' => Typo::int($count), + 'type' => Typo::cleanX($type), ); $posts = Posts::recent($var); header('Content-Type: text/xml');
inc/lib/Stats.class.php+9 −4 modified@@ -25,31 +25,35 @@ public function __construct() public static function totalPost($vars) { - $posts = Db::result("SELECT `id` FROM `posts` WHERE `type` = '{$vars}'"); + $type = Typo::cleanX($vars); + $posts = Db::result("SELECT `id` FROM `posts` WHERE `type` = '{$type}'"); $npost = Db::$num_rows; return $npost; } public static function activePost($vars) { - $posts = Db::result("SELECT `id` FROM `posts` WHERE `type` = '{$vars}' AND `status` = '1' "); + $type = Typo::cleanX($vars); + $posts = Db::result("SELECT `id` FROM `posts` WHERE `type` = '{$type}' AND `status` = '1' "); $npost = Db::$num_rows; return $npost; } public static function inactivePost($vars) { - $posts = Db::result("SELECT `id` FROM `posts` WHERE `type` = '{$vars}' AND `status` = '0' "); + $type = Typo::cleanX($vars); + $posts = Db::result("SELECT `id` FROM `posts` WHERE `type` = '{$type}' AND `status` = '0' "); $npost = Db::$num_rows; return $npost; } public static function totalCat($vars) { - $posts = Db::result("SELECT `id` FROM `cat` WHERE `type` = '{$vars}'"); + $type = Typo::cleanX($vars); + $posts = Db::result("SELECT `id` FROM `cat` WHERE `type` = '{$type}'"); $npost = Db::$num_rows; return $npost; @@ -97,6 +101,7 @@ public static function pendingUser() public static function mostViewed($count) { + $count = Typo::int($count); return Db::result(sprintf("SELECT * FROM `posts` WHERE `type` = 'post' ORDER BY `views` DESC LIMIT 0,%d", $count)); }
inc/lib/System.class.php+9 −10 modified@@ -97,8 +97,6 @@ public function __construct() Hooks::attach('admin_footer_action', array('System', 'loadAdminAsset')); - - self::$toolbar = self::toolbar(self::$toolbar_mode); } @@ -269,11 +267,12 @@ public static function versionReport() return $html; } - public static function alert() + public static function alert($data) { - global $data; +// global $data; $html = ''; - // print_r($data); +// print_r($data); + $data = is_array($data[0]) ? $data[0]: $data; if (isset($data['alertSuccess'])) { $html .= '<div class="alert alert-success" > <button type="button" class="close" data-dismiss="alert"> @@ -282,7 +281,7 @@ public static function alert() </button> <ul class="list-unstyled">'; foreach ($data['alertSuccess'] as $alert) { - $html .= "<li>$alert</li>\n"; + $html .= "<li>".Typo::cleanX($alert)."</li>"; } $html .= '</ul></div>'; } @@ -294,7 +293,7 @@ public static function alert() </button> <ul class="list-unstyled">'; foreach ($data['alertDanger'] as $alert) { - $html .= "<li>$alert</li>"; + $html .= "<li>".Typo::cleanX($alert)."</li>"; } $html .= '</ul></div>'; } @@ -306,7 +305,7 @@ public static function alert() </button> <ul class="list-unstyled">'; foreach ($data['alertInfo'] as $alert) { - $html .= "$alert\n"; + $html .= "<li>".Typo::cleanX($alert)."</li>"; } $html .= '</ul></div>'; } @@ -318,7 +317,7 @@ public static function alert() </button> <ul class="list-unstyled">'; foreach ($data['alertWarning'] as $alert) { - $html .= "$alert\n"; + $html .= "<li>".Typo::cleanX($alert)."</li>"; } $html .= '</ul></div>'; } @@ -330,7 +329,7 @@ public static function alert() </button> <ul class="list-unstyled">'; foreach ($data['alertDefault'] as $alert) { - $html .= "$alert\n"; + $html .= "<li>".Typo::cleanX($alert)."</li>"; } $html .= '</ul></div>'; }
inc/lib/Tags.class.php+1 −1 modified@@ -144,7 +144,7 @@ public static function add($tags) if (!$exist) { if ($tag_i != '') { $slug = Typo::slugify($tag_i); - $cat = $tag_i; + $cat = Typo::cleanX($tag_i); Db::insert( sprintf( "INSERT INTO `cat` VALUES (null, '%s', '%s', '%d', '', 'tag' )",
inc/lib/Theme.class.php+1 −1 modified@@ -169,7 +169,7 @@ public static function thmList() public static function activate($thm) { - if (Options::update('themes', $thm)) { + if (Options::update('themes', Typo::cleanX($thm))) { new Options(); return true;
inc/lib/Typo.class.php+2 −0 modified@@ -42,6 +42,7 @@ public static function cleanX($c) ENT_QUOTES | ENT_HTML5, 'utf-8' ); + $val = str_replace('\\', "\\\\", $val); // $val = htmlentities( // $c, // ENT_QUOTES | ENT_IGNORE, "UTF-8"); @@ -52,6 +53,7 @@ public static function Xclean($vars) { $var = htmlspecialchars_decode($vars, ENT_QUOTES | ENT_HTML5); // $var = html_entity_decode($vars); + $var = str_replace('\\\\', '\\', $var); return $var; }
inc/lib/User.class.php+4 −3 modified@@ -95,7 +95,7 @@ public static function create($vars) { if (is_array($vars)) { //print_r($vars['user']); - $u = $vars['user']; + $u = Typo::cleanX(Typo::strip($vars['user'])); $sql = array( 'table' => 'user', 'key' => $u, @@ -150,7 +150,7 @@ public static function update($vars) { if (is_array($vars)) { //print_r($vars); - $u = $vars['user']; + $u = Typo::cleanX(Typo::strip($vars['user'])); $sql = array( 'table' => 'user', 'id' => $vars['id'], @@ -172,6 +172,7 @@ public static function update($vars) public static function delete($id) { + $id = Typo::int($id); $vars = array( 'table' => 'user', 'where' => array( @@ -220,7 +221,7 @@ public static function generatePass() public static function isExist($user, $except='') { if ($except != '') { - $id = Typo::int($except); + $id = Typo::cleanX(Typo::strip($except)); $where = "AND `userid` != '{$id}' "; } else { $where = '';
inc/mod/mod/layout/frontpage.php+0 −3 modified@@ -1,5 +1,3 @@ -<div class="blog-main col-md-12"> -<h2>Mod Page</h2> This is the sample page of the Mod module. You can create your own module page and create the menu link from your module class. Below is the data passed to the layout file : @@ -8,4 +6,3 @@ print_r($data); ?> </pre> -</div> \ No newline at end of file
inc/mod/newsletter/options.php+9 −27 modified@@ -2,7 +2,8 @@ Theme::editor(); if (isset($_POST['sendmail'])) { // check token first - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { $alertDanger[] = TOKEN_NOT_EXIST; } if (isset($alertDanger)) { @@ -33,7 +34,7 @@ 'to_name' => $u->userid, 'message' => $msgs, 'subject' => $subject, - 'msgtype' => $_POST['type'], + 'msgtype' => Typo::cleanX($_POST['type']), ); $mailsend = Mail::send($vars); if ($mailsend !== null) { @@ -42,15 +43,16 @@ sleep(3); } } elseif ($_POST['recipient'] != '') { - $usr = Db::result("SELECT * FROM `user` WHERE `group` = '{$_POST['recipient']}'"); + $recipient = Typo::cleanX($_POST['recipient']); + $usr = Db::result("SELECT * FROM `user` WHERE `group` = '{$recipient}'"); foreach ($usr as $u) { $msgs = str_replace('{{userid}}', $u->userid, $msg); $vars = array( 'to' => $u->email, 'to_name' => $u->userid, 'message' => $msgs, 'subject' => $subject, - 'msgtype' => $_POST['type'], + 'msgtype' => Typo::cleanX($_POST['type']), ); $mailsend = Mail::send($vars); if ($mailsend !== null) { @@ -67,32 +69,12 @@ } } -if (isset($data['alertSuccess'])) { - echo '<div class="alert alert-success" > - <button type="button" class="close" data-dismiss="alert"> - <span aria-hidden="true">×</span> - <span class="sr-only">Close</span> - </button>'; - foreach ($data['alertSuccess'] as $alert) { - echo "$alert\n"; - } - echo '</div>'; -} -if (isset($data['alertDanger'])) { - echo '<div class="alert alert-danger" > - <button type="button" class="close" data-dismiss="alert"> - <span aria-hidden="true">×</span> - <span class="sr-only">Close</span> - </button>'; - foreach ($data['alertDanger'] as $alert) { - echo "$alert\n"; - } - echo '</div>'; -} - ?> <div class="row"> + <div class="col-md-12"> + <?=Hooks::run('admin_page_notif_action', $data);?> + </div> <div class="col-md-12"> <h1><i class="fa fa-envelope-o"></i> NewsLetter <small class="pull-right">Send NewsLetter to All members</small>
inc/themes/cleanblog/mod.php+1 −1 modified@@ -3,7 +3,7 @@ <div class="row"> <div class="col-lg-8 col-lg-offset-2 col-md-10 col-md-offset-1"> <div class="page-heading"> - <h1><?=$data['mod'];?></h1> + <h1><?=Mod::getTitle($data['mod']);?></h1> <hr class="small"> <!-- <span class="subheading"></span> --> </div>
inc/themes/default/mod.php+2 −3 modified@@ -4,9 +4,8 @@ echo '<div class="row"><div class="col-md-12">'.mdoTheme::opt('mdo_adsense').'</div></div><hr />'; } ?> - <div class="row blog-post"> - - + <div class="blog-post"> + <h2 class="blog-post-title"><?=Mod::getTitle($data['mod']);?></h2> <?php Hooks::run('mod_control', $data); ?>
inc/themes/default/single.php+2 −0 modified@@ -25,7 +25,9 @@ ); echo ' <h3>Related :</h3> + <div class="row"> '.Posts::related($p->id, 5, $p->cat, 'box').' + </div> </div> <hr /> <div class="col-sm-12">
inc/themes/gneex/css/style.css+17 −0 modified@@ -537,6 +537,23 @@ pre { font-size: 4em; } +.scrollup { + width: 40px; + height: 40px; + position: fixed; + bottom: 20px; + right: 20px; + display: none; + /*text-indent: -9999px;*/ + background-color: #0C0C0C; + border-radius: 4px; + color: #efefef; + text-align: center; + vertical-align: middle; + padding: 4px; + cursor: pointer; +} + /* MEDIA QUERIES */ /* Smartphones (portrait and landscape) ----------- */
inc/themes/gneex/footer.php+17 −2 modified@@ -20,7 +20,7 @@ </div> </footer> - + <span href="#" class="scrollup"><i class="fa fa-arrow-up fa-2x"></i></span> <!-- LIBRARY --> @@ -36,7 +36,22 @@ itemWidth: 260, itemMargin: 30 }); - }) + }); + + $(window).scroll(function () { + if ($(this).scrollTop() > 100) { + $('.scrollup').fadeIn(); + } else { + $('.scrollup').fadeOut(); + } + }); + + $('.scrollup').click(function () { + $("html, body").animate({ + scrollTop: 0 + }, 600); + return false; + }); </script> </body> </html> \ No newline at end of file
inc/themes/gneex/function.php+33 −26 modified@@ -66,7 +66,7 @@ public static function getPost($id) $sql = "SELECT `content` FROM `posts` WHERE `id` = '{$id}'"; $q = Db::result($sql); - return $q[0]->content; + return !isset($q['error']) ? $q[0]->content: ''; } public static function optionPost($type, $post='') @@ -118,12 +118,16 @@ public static function opt($var) public static function introIg($url) { - $dom = explode('/', $url); - if (strpos($dom[2], 'youtube') || strpos($dom[2], 'youtu.be')) { - $hash = (strpos($dom[2], 'youtu.be')) ? $dom[3] : str_replace('watch?v=', '', $dom[3]); - $html = '<iframe width="560" height="315" src="https://www.youtube.com/embed/'.$hash.'?rel=0&controls=0&showinfo=0" class="center-block" frameborder="0" allowfullscreen></iframe>'; + if ($url != '') { + $dom = explode('/', $url); + if (strpos($dom[2], 'youtube') || strpos($dom[2], 'youtu.be')) { + $hash = (strpos($dom[2], 'youtu.be')) ? $dom[3] : str_replace('watch?v=', '', $dom[3]); + $html = '<iframe width="560" height="315" src="https://www.youtube.com/embed/' . $hash . '?rel=0&controls=0&showinfo=0" class="center-block" frameborder="0" allowfullscreen></iframe>'; + } else { + $html = '<img src="' . $url . '" class="img-responsive center-block">'; + } } else { - $html = '<img src="'.$url.'" class="img-responsive center-block">'; + $html = ''; } return $html; @@ -147,32 +151,35 @@ public static function loadCSS() } '; $css .= ' - .bg-slide { - background-color: '.$opt['background_color_header'].'; - background-image: url('.$opt['background_header'].'); + .bg-slide {'; + $css .= !empty($opt['background_color_header']) ? 'background-color: '.$opt['background_color_header'].';':''; + $css .= !empty($opt['background_header']) ? 'background-image: url('.$opt['background_header'].'); background-size: cover; background-repeat: no-repeat; - background-position: center center; - }'; + background-position: center center;':''; + $css .= '}'; $css .= ' - #header, #front-text, #front-text h2 span { - color: '.$opt['font_color_header'].'; - }'; + #header, #front-text, #front-text h2 span {'; + $css .= !empty($opt['font_color_header']) ? 'color: '.$opt['font_color_header'].';': ''; + $css .= '}'; $css .= ' - footer { - background-color: '.$opt['background_color_footer'].'; - background-image: url('.$opt['background_footer'].'); - color: '.$opt['font_color_footer'].'; - }'; + footer {'; + $css .= !empty($opt['background_color_footer']) ? 'background-color: '.$opt['background_color_footer'].';': ''; + $css .= !empty($opt['background_footer']) ? 'background-image: url('.$opt['background_footer'].'); + background-size: cover; + background-repeat: no-repeat; + background-position: center bottom;':''; + $css .= !empty($opt['font_color_footer']) ? 'color: '.$opt['font_color_footer'].';':''; + $css .= '}'; $css .= ' - footer a { - color: '.$opt['link_color_footer'].'; - }'; + footer a {'; + $css .= !empty($opt['link_color_footer']) ? 'color: '.$opt['link_color_footer'].';':''; + $css .= '}'; $css .= ' - #featured { - background-color: '.$opt['background_color_featured'].'; - background-image: url(\''.$opt['background_featured'].'\'); - }'; + #featured {'; + $css .= !empty($opt['background_color_featured']) ? 'background-color: '.$opt['background_color_featured'].';':''; + $css .= !empty($opt['background_featured']) ? 'background-image: url(\''.$opt['background_featured'].'\');':''; + $css .= '}'; $css .= ' .panel.panel-one .panel-heading, .panel.panel-one .panel-body { background-color: '.$opt['panel_1_color'].';
inc/themes/gneex/index.php+12 −9 modified@@ -41,23 +41,26 @@ <?php $feat = explode(',', $gneex['featured_posts']); foreach ($feat as $id) { + $post = Posts::content(Gneex::getPost($id)); + $title = Posts::title($id); $img = Gneex::getImage($post); if ($img != '') { $im = '<img src="'.Url::thumb($img, 'large', 300).'" class="featuredimg">'; } else { $im = '<img src="'.Url::thumb('assets/images/noimage.png', 'large').'" class="featuredimg">'; } - - echo '<li class="col-sm-3"> - <a href="'.Url::post($id)."\"> - {$im} - <div class=\"featured-text\"> - <h4 >{$title}</h4> - </div> - </a> - </li>"; + if ($post != '') { + echo '<li class="col-sm-3"> + <a href="' . Url::post($id) . "\"> + {$im} + <div class=\"featured-text\"> + <h4 >{$title}</h4> + </div> + </a> + </li>"; + } } ?> </ul>
inc/themes/gneex/mod.php+3 −0 modified@@ -17,7 +17,10 @@ } ?> <?php + echo "<div class=\"blog-main col-md-12\"> + <h2>".Mod::getTitle($data['mod'])."</h2><hr/>"; Hooks::run('mod_control', $data); + echo "</div>"; ?> <?php if (Gneex::opt('adsense') != '') {
inc/themes/gneex/options.php+30 −32 modified@@ -55,7 +55,7 @@ <form action="" method="post"> <div class="row"> <div class="col-md-12"> - <h2>GneeX Theme <small >v1.0.0</small> + <h2>GneeX Theme <small >v1.1.0</small> <button class="pull-right btn btn-success" type="submit" name="gneex_options_update"> Change </button> @@ -134,7 +134,30 @@ <div role="tabpanel" class="tab-pane" id="frontpage"> - <div class="col-md-6"> + <div class="col-md-12"> + <h4>Featured Posts</h4> + <hr /> + <div class="form-group"> + <label>Featured Posts</label> + <input type="text" name="featured_posts" class="form-control" value="<?=$o['featured_posts']; ?>"> + <small>Type the ID of the posts to be featured. comma <kbd>,</kbd> separated.</small> + </div> + <div class="form-group"> + <label>Featured Background Image</label> + <input type="text" name="background_featured" class="form-control" value="<?=$o['background_featured']; ?>"> + <small>url of the image for your featured background</small> + </div> + <div class="form-group"> + <label>Featured Background Color</label> + <div class="input-group colorpicker-component" id="background_color_featured"> + <input type="text" name="background_color_featured" class="form-control" value="<?=$o['background_color_featured']; ?>"> + <span class="input-group-addon"><i> </i></span> + </div> + <small>color of the featured background</small> + </div> + <hr /> + </div> + <div class="col-md-12"> <h4>Frontpage</h4> <hr /> @@ -270,37 +293,12 @@ </div> </div> </div> - <div class="col-md-6"> - <h4>Featured Posts</h4> - <hr /> - <div class="form-group"> - <label>Featured Posts</label> - <input type="text" name="featured_posts" class="form-control" value="<?=$o['featured_posts']; ?>"> - <small>Type the ID of the posts to be featured. comma <kbd>,</kbd> separated.</small> - </div> - <div class="form-group"> - <label>Featured Background Image</label> - <input type="text" name="background_featured" class="form-control" value="<?=$o['background_featured']; ?>"> - <small>url of the image for your featured background</small> - </div> - <div class="form-group"> - <label>Featured Background Color</label> - <div class="input-group colorpicker-component" id="background_color_featured"> - <input type="text" name="background_color_featured" class="form-control" value="<?=$o['background_color_featured']; ?>"> - <span class="input-group-addon"><i> </i></span> - </div> - <small>color of the featured background</small> - </div> - <hr /> - </div> - </div> - + </div> - <div role="tabpanel" class="tab-pane" id="headerfooter"> - <div class="col-md-6"> + <div class="col-md-12"> <h4>Header</h4> <hr /> <div class="form-group"> @@ -332,7 +330,7 @@ </div> <hr /> </div> - <div class="col-md-6"> + <div class="col-md-12"> <h4>Footer</h4> <hr /> <div class="form-group"> @@ -419,7 +417,7 @@ <hr /> <div class="form-group"> <label>Adsense Code</label> - <textarea name="adsense" class="form-control"><?=$o['adsense']; ?></textarea> + <textarea name="adsense" class="form-control" rows="10"><?=$o['adsense']; ?></textarea> <small>Your lovely adsense code.</small> </div> <hr /> @@ -429,7 +427,7 @@ <hr /> <div class="form-group"> <label>Analytics Code</label> - <textarea name="analytics" class="form-control"><?=$o['analytics']; ?></textarea> + <textarea name="analytics" class="form-control" rows="10"><?=$o['analytics']; ?></textarea> <small>Your analytics tracking code.</small> </div>
inc/themes/gneex/single.php+2 −2 modified@@ -8,7 +8,7 @@ <section id="blog"> <div class="container"> <?php - $bar = Posts::getParam('sidebar', $data['posts'][0]->id); + $bar = $data['posts'][0]->sidebar; $cols = ($bar == 'yes'|| $bar == '') ? '8': '12'; ?> <div class="col-md-<?=$cols;?>"> @@ -17,7 +17,7 @@ if (Gneex::opt('adsense') != '') { echo '<div class="row"><div class="col-md-12">'.Gneex::opt('adsense').'</div></div><hr />'; } - if (isset($data['posts'][0]->title)) { + if (!isset($data['posts']['error'])) { foreach ($data['posts'] as $p) { $comment = array( 'offset' => 0,
inc/themes/gneex/themeinfo.php+1 −1 modified@@ -2,7 +2,7 @@ /* * Name: GneeX Theme * Desc: Default GeniXCMS Themes - * Version: 1.0.0 + * Version: 1.1.0 * Build: 1.0.0 * Developer: GeniXCMS * URI: http://genixcms.org
inc/themes/gneex/VERSION+1 −0 added@@ -0,0 +1 @@ +1.1.0
login.php+17 −27 modified@@ -32,9 +32,10 @@ } System::gZip(); - +$data = ''; if (isset($_POST['login'])) { - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -87,44 +88,33 @@ $_SESSION['group'] = $group; */ //print_r($_SESSION); - $alertSuccess = MSG_USER_LOGGED_IN; + $data['alertSuccess'][] = MSG_USER_LOGGED_IN; echo Hooks::run('user_login_action'); } elseif ($p != $pass) { - $alertDanger[] = PASS_NOT_MATCH; + $data['alertDanger'][] = PASS_NOT_MATCH; } } } else { if ($usr[0]->activation != '') { - $alertDanger[] = ACOUNT_NOT_ACTIVE; + $data['alertDanger'][] = ACOUNT_NOT_ACTIVE; } else { - $alertDanger[] = ACOUNT_NOT_ACTIVE_BLOCK; + $data['alertDanger'][] = ACOUNT_NOT_ACTIVE_BLOCK; } } } elseif ($c == '0') { - $alertDanger[] = NO_USER; + $data['alertDanger'][] = NO_USER; } + } else { + $data['alertDanger'] = $alertDanger; +// print_r($data['alertDanger']); } +// print_r($data); } -Theme::theme('header'); -echo '<div class="container">'; -if (isset($alertDanger)) { - echo ' - <div class="alert alert-danger"> - <ul> - '; - foreach ($alertDanger as $alert) { - echo '<li>'.$alert.'</li>'; - } - echo'</ul> - </div>'; -} -if (isset($alertSuccess)) { - echo " - <div class=\"alert alert-success\"> - {$alertSuccess} - </div>"; -} +Theme::theme('header', $data); +echo '<div class="container">'; +//print_r($data); +echo System::alert($data); if (!User::isLoggedin()) { ?> @@ -159,6 +149,6 @@ echo'<div class="alert alert-info">'.MSG_USER_ALREADY_LOGGED.'<br /><a href="logout.php">'.LOGOUT.'</a></div>'; } echo '</div>'; -Theme::theme('footer'); +Theme::theme('footer', $data); System::Zipped(); ?>
register.php+13 −29 modified@@ -34,7 +34,8 @@ System::gZip(); if (isset($_POST['register'])) { - if (!isset($_POST['token']) || !Token::isExist($_POST['token'])) { + $token = Typo::cleanX($_POST['token']); + if (!isset($_POST['token']) || !Token::isExist($token)) { // VALIDATE ALL $alertDanger[] = TOKEN_NOT_EXIST; } @@ -55,12 +56,17 @@ if (!User::isEmail($_POST['email'])) { $alertDanger[] = MSG_USER_EMAIL_EXIST; } + if (!Typo::validateEmail($_POST['email'])) { + $alertDanger[] = 'Your email is not Valid !!'; + } if (!isset($alertDanger)) { $activation = Typo::getToken(60); + $userid = Typo::cleanX(Typo::strip($_POST['userid'])); + $email = Typo::strip($_POST['email']); $vars = array( 'user' => array( - 'userid' => Typo::cleanX(Typo::strip($_POST['userid'])), + 'userid' => $userid, 'pass' => User::randpass($_POST['pass1']), 'email' => $_POST['email'], 'group' => '6', @@ -80,11 +86,11 @@ } $vars = array( - 'to' => $_POST['email'], - 'to_name' => $_POST['userid'], + 'to' => $email, + 'to_name' => $userid, 'subject' => 'Account Activation Needed at '.Site::$name, 'message' => ' - Hi '.$_POST['userid'].', + Hi '.$userid.', Thank You for Registering with Us. Please activate your account by clicking this link : '.Site::$url.'/register.php?activation='.$activation.' @@ -155,30 +161,8 @@ ?> <div class="col-md-4 col-md-offset-4"> <?php -if (isset($data['alertSuccess'])) { - echo '<div class="alert alert-success" > - <button type="button" class="close" data-dismiss="alert"> - <span aria-hidden="true">×</span> - <span class="sr-only">'.CLOSE.'</span> - </button> - '; - foreach ($data['alertSuccess'] as $alert) { - echo "$alert\n"; - } - echo '</div>'; -} elseif (isset($data['alertDanger'])) { - //print_r($data['alertDanger']); - echo '<div class="alert alert-danger" > - <button type="button" class="close" data-dismiss="alert"> - <span aria-hidden="true">×</span> - <span class="sr-only">'.CLOSE.'</span> - </button> - <ul>'; - foreach ($data['alertDanger'] as $alert) { - echo "<li>$alert</li>\n"; - } - echo '</ul></div>'; -} ?> +echo System::alert($data); +?> <h2 class="text-center"><?=REG_FORM; ?></h2> <form action="" method="post" name="register" class="registerform"> <div class="form-group">
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- code610.blogspot.com/2017/01/genixcms-sql-injection-quick-autopsy.htmlnvdExploitThird Party AdvisoryWEB
- github.com/semplon/GeniXCMS/issues/61nvdExploitIssue TrackingPatchWEB
- www.securityfocus.com/bid/95655nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-2ppw-6xvg-rwgwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-5346ghsaADVISORY
- github.com/semplon/GeniXCMS/commit/abfbb6103bfa860275f89d1215ed9c3cba94791eghsaWEB
News mentions
0No linked articles in our index yet.