From 8dfa99d8c68f61118276553c02fab9a4ada01e9b Mon Sep 17 00:00:00 2001 From: real_nowhereman Date: Wed, 29 Sep 2010 19:41:16 +0000 Subject: [PATCH] prevent cat-0 from being tampered with --- admin/panels/entry/admin.entry.cats.php | 16 +++++++++++++--- fp-includes/core/core.entry.php | 15 +++++++++++---- fp-interface/lang/en-us/lang.admin.entry.php | 1 + 3 files changed, 25 insertions(+), 7 deletions(-) diff --git a/admin/panels/entry/admin.entry.cats.php b/admin/panels/entry/admin.entry.cats.php index a2e7568..3b18f76 100755 --- a/admin/panels/entry/admin.entry.cats.php +++ b/admin/panels/entry/admin.entry.cats.php @@ -48,9 +48,19 @@ $str = stripslashes( trim( @$_POST['content'] ) ) ; if ($str) { - $success = io_write_file(CONTENT_DIR . 'categories.txt', $str); - entry_categories_encode(); - $this->smarty->assign('success', ( $success )? 1 : -1 ); + //$success = io_write_file(CONTENT_DIR . 'categories.txt', $str); + $success = entry_categories_encode($str); + + $ret = 1 ; + if ($success <= 0) { + if ($success == -1) $ret = -3; + elseif ($success == 0) $ret = -1; + } else { + $success = io_write_file(CONTENT_DIR . 'categories.txt', $str) ? -1 : 1; + } + + $this->smarty->assign('success', $ret); + } else { $this->smarty->assign('success', -1 ); } diff --git a/fp-includes/core/core.entry.php b/fp-includes/core/core.entry.php index 7c19f31..179a678 100755 --- a/fp-includes/core/core.entry.php +++ b/fp-includes/core/core.entry.php @@ -498,10 +498,11 @@ } - function entry_categories_encode() { + function entry_categories_encode($cat_file) { - if ($string = io_load_file(CONTENT_DIR . 'categories.txt')) { - $lines = explode("\n", trim($string)); + + //if ($string = io_load_file(CONTENT_DIR . 'categories.txt')) { + $lines = explode("\n", trim($cat_file)); $idstack = $result = $indentstack=array(); while (!empty($lines)) { @@ -519,6 +520,12 @@ $id = trim($val[1]); $label = trim($val[0]); + + // IDs must be strictly positive + + if ($label && $id <= 0) return -1; + + if (empty($indentstack)) { array_push($indentstack,$indent); @@ -554,7 +561,7 @@ return io_write_file(CONTENT_DIR . 'categories_encoded.dat', serialize($result)); - } + //} return false; diff --git a/fp-interface/lang/en-us/lang.admin.entry.php b/fp-interface/lang/en-us/lang.admin.entry.php index 41d1fc8..237dd51 100755 --- a/fp-interface/lang/en-us/lang.admin.entry.php +++ b/fp-interface/lang/en-us/lang.admin.entry.php @@ -175,6 +175,7 @@ Technology :6 -1 => 'An error occurred while trying to save categories', 2 => 'Categories cleared', -2 => 'An error occurred while trying to clear categories', + -3 => 'Category IDs must be strictly positive (0 is not allowed)' );