#85 full fix

774d46c3 · Puguh Wijayanto · e1e5478d · 774d46c3 · 774d46c3 · 774d46c3
Commit 774d46c3 authored 7 years ago by Puguh Wijayanto
--- a/inc/lib/Comments.class.php
+++ b/inc/lib/Comments.class.php
@@ -471,10 +471,10 @@ class Comments
        } else {
            $html = "<ol class='list-unstyled'>";
            foreach ($comments as $key => $value) {
-                $comment = substr($value->comment, 0, 30);
+                $comment = substr(Typo::strip($value->comment), 0, 30);
                $author = !empty($value->userid) ? $value->userid: $value->name;
                $date = Date::format($value->date);
-                 $html .= "<li><a href='".Url::$type($value->post_id)."'>{$comment}</a><small>by {$author} on {$date}</small></li>";
+                 $html .= "<li><a href='".Url::$type($value->post_id)."'>{$comment}</a> <br/><small>by {$author} on {$date}</small></li>";
            }
            $html .= "</ol>";
        }

--- a/inc/lib/Control/Backend/menus.control.php
+++ b/inc/lib/Control/Backend/menus.control.php
@@ -69,11 +69,11 @@ if (User::access(0)) {
                        // }
                        // echo "<pre>"; print_r($menu); echo "</pre>";
                        //$menu = $menus;
-                        $parent = Typo::int(Typo::filterXSS($_POST['parent']));
-                        $menuid = Typo::cleanX(Typo::filterXSS($_POST['id']));
-                        $name = Typo::cleanX(Typo::filterXSS($_POST['name']));
-                        $type = Typo::cleanX(Typo::filterXSS($_POST['type']));
-                        $class = Typo::cleanX(Typo::filterXSS($_POST['class']));
+                        $parent = Typo::int(Typo::filterXss($_POST['parent']));
+                        $menuid = Typo::cleanX(Typo::filterXss($_POST['id']));
+                        $name = Typo::cleanX(Typo::filterXss($_POST['name']));
+                        $type = Typo::cleanX(Typo::filterXss($_POST['type']));
+                        $class = Typo::cleanX(Typo::filterXss($_POST['class']));
                        $menu[$menuid]['menu'] = $menus[$menuid]['menu'];
                        $menu[$menuid]['menu'][] = array(
                                                    'parent' => $parent,
@@ -119,7 +119,7 @@ if (User::access(0)) {
            }
                //$data['abc'] = "abc";
            if (isset($_GET['id'])) {
-                $menuid = Typo::cleanX(Typo::filterXSS($_POST['id']));
+                $menuid = Typo::cleanX(Typo::filterXss($_POST['id']));
            } else {
                $menuid = '';
            }
@@ -148,11 +148,11 @@ if (User::access(0)) {
                    if (isset($alertDanger)) {
                        $data['alertDanger'] = $alertDanger;
                    } else {
-                        $parent = Typo::int(Typo::filterXSS($_POST['parent']));
-                        $menuid = Typo::cleanX(Typo::filterXSS($_POST['id']));
-                        $name = Typo::cleanX(Typo::filterXSS($_POST['name']));
-                        $type = Typo::cleanX(Typo::filterXSS($_POST['type']));
-                        $class = Typo::cleanX(Typo::filterXSS($_POST['class']));
+                        $parent = Typo::int(Typo::filterXss($_POST['parent']));
+                        $menuid = Typo::cleanX(Typo::filterXss($_POST['id']));
+                        $name = Typo::cleanX(Typo::filterXss($_POST['name']));
+                        $type = Typo::cleanX(Typo::filterXss($_POST['type']));
+                        $class = Typo::cleanX(Typo::filterXss($_POST['class']));
                        $vars = array(
                            'parent' => $parent,
                            'menuid' => $menuid,
@@ -177,7 +177,7 @@ if (User::access(0)) {
            }
  
            if (isset($_GET['id'])) {
-                $menuid = Typo::cleanX(Typo::filterXSS($_GET['id']));
+                $menuid = Typo::cleanX(Typo::filterXss($_GET['id']));
            } else {
                $menuid = '';
            }
@@ -297,9 +297,9 @@ if (User::access(0)) {
                        $data['alertDanger'] = $alertDanger;
                    } else {
  
-                        $menuid = Typo::cleanX(Typo::strip(Typo::filterXSS($_POST['id'])));
-                        $name = Typo::cleanX(Typo::strip(Typo::filterXSS($_POST['name'])));
-                        $class = Typo::cleanX(Typo::filterXSS($_POST['class']));
+                        $menuid = Typo::cleanX(Typo::strip(Typo::filterXss($_POST['id'])));
+                        $name = Typo::cleanX(Typo::strip(Typo::filterXss($_POST['name'])));
+                        $class = Typo::cleanX(Typo::filterXss($_POST['class']));
                        $menu = array(
                                $menuid => array(
                                            'name' => $name,

--- a/inc/lib/Control/Backend/modules.control.php
+++ b/inc/lib/Control/Backend/modules.control.php
@@ -43,8 +43,36 @@ if (User::access(0)) {
        //print_r($mod);
            $zip = new ZipArchive();
            if ($zip->open($mod['filepath']) === true) {
-                $zip->extractTo(GX_MOD);
-                $zip->close();
+                $dir = explode('/', $zip->statIndex(0)['name']);
+                // print_r($dir);
+                if (count($dir) == 1) {
+                    $zip->close();
+                    @unlink($mod['filepath']);
+                    $data['alertDanger'][] = 'Failed to Install your module';
+                } else {
+                    $zip->extractTo(GX_MOD);
+                    $entry = [];
+                    for($i = 0; $i < $zip->numFiles; $i++) {
+                        $entry[] = $zip->getNameIndex($i);
+                    }
+                    $zip->close();
+                    foreach ($entry as $key => $value) {
+                        // echo $value;
+                        $handle = fopen(GX_MOD.$value, 'r');
+                        $file = fread($handle, filesize(GX_MOD.$value));
+                        fclose($handle);
+                        preg_match('/(.*)(phpinfo|system|php_uname|chmod|fopen|flclose|readfile|base64_decode|passthru)(.*)/Us', $file, $matches);
+                        if (count($matches) > 0) {
+                            @unlink(GX_MOD.$value);
+                            Files::delTree(GX_MOD.$dir[0]);
+                            @unlink($mod['filepath']);
+                            $data['alertDanger'][] = 'Failed to Install your module';
+                        } else {
+                            $data['alertSuccess'][] = MSG_MOD_INSTALLED;
+                        }
+                    }
+                }
+
                Hooks::run('module_install_action', $mod);
                $data['alertSuccess'][] = MSG_MOD_INSTALLED;
            } else {

--- a/inc/lib/Control/Backend/themes.control.php
+++ b/inc/lib/Control/Backend/themes.control.php
@@ -43,10 +43,38 @@ if (User::access(0)) {
                //print_r($theme);
                $zip = new ZipArchive();
                if ($zip->open($theme['filepath']) === true) {
-                    $zip->extractTo(GX_THEME);
-                    $zip->close();
+                    $dir = explode('/', $zip->statIndex(0)['name']);
+                    // print_r($dir);
+                    if (count($dir) == 1) {
+                        $zip->close();
+                        @unlink($mod['filepath']);
+                        $data['alertDanger'][] = 'Failed to Install your theme';
+                    } else {
+                        $zip->extractTo(GX_THEME);
+                        $entry = [];
+                        for($i = 0; $i < $zip->numFiles; $i++) {
+                            $entry[] = $zip->getNameIndex($i);
+                        }
+                        $zip->close();
+                        foreach ($entry as $key => $value) {
+                            // echo $value;
+                            $handle = fopen(GX_THEME.$value, 'r');
+                            $file = fread($handle, filesize(GX_THEME.$value));
+                            fclose($handle);
+                            preg_match('/(.*)(phpinfo|system|php_uname|chmod|fopen|flclose|readfile|base64_decode|passthru)(.*)/Us', $file, $matches);
+                            if (count($matches) > 0) {
+                                @unlink(GX_THEME.$value);
+                                Files::delTree(GX_THEME.$dir[0]);
+                                @unlink($mod['filepath']);
+                                $data['alertDanger'][] = 'Failed to Install your theme';
+                            } else {
+                                $data['alertSuccess'][] = MSG_THEME_INSTALLED;
+                            }
+                        }
+                    }
+
                    Hooks::run('theme_install_action', $theme);
-                    $data['alertSuccess'][] = MSG_THEME_INSTALLED;
+                    
                } else {
                    $data['alertDanger'][] = MSG_THEME_CANT_EXTRACT;
                }

--- a/inc/lib/Theme.class.php
+++ b/inc/lib/Theme.class.php
@@ -156,7 +156,7 @@ class Theme
        while (false !== ($entry = $handle->read())) {
            if ($entry != '.' && $entry != '..') {
                $dir = GX_THEME.$entry;
-                if (is_dir($dir) == true) {
+                if (is_dir($dir) == true && file_exists($dir.'/themeinfo.php')) {
                    $thm[] = basename($dir);
                }
            }