Compare revisions

Puguh Wijayanto · Puguh Wijayanto · Puguh Wijayanto · 2bda755f · 2bda755f · 2bda755f
--- a/gxadmin/login.php
+++ b/gxadmin/login.php
@@ -36,7 +36,8 @@ try {
 }
  
 if (!isset($_GET['backto']) && isset($_SERVER['HTTP_REFERER'])) {
-    header('Location: '.Site::$url.'login.php?backto='.$_SERVER['HTTP_REFERER']);
+    $url = str_replace(Site::$url.'login.php?backto=', '', $_SERVER['HTTP_REFERER']);
+    header('Location: '.Site::$url.'login.php?backto='.$url);   
 } elseif (!isset($_GET['backto']) && !isset($_SERVER['HTTP_REFERER'])) {
    header('Location: '.Site::$url.'login.php?backto='.Site::$url);
 }

--- a/gxadmin/logout.php
+++ b/gxadmin/logout.php
@@ -33,4 +33,4 @@ try {
  
 Hooks::run('user_logout_action');
 Session::destroy();
-header('Location: index.php');
+header('Location: '.Site::$url);
--- a/inc/lib/Comments.class.php
+++ b/inc/lib/Comments.class.php
@@ -471,10 +471,10 @@ class Comments
        } else {
            $html = "<ol class='list-unstyled'>";
            foreach ($comments as $key => $value) {
-                $comment = substr($value->comment, 0, 30);
+                $comment = substr(Typo::strip($value->comment), 0, 30);
                $author = !empty($value->userid) ? $value->userid: $value->name;
                $date = Date::format($value->date);
-                 $html .= "<li><a href='".Url::$type($value->post_id)."'>{$comment}</a><small>by {$author} on {$date}</small></li>";
+                 $html .= "<li><a href='".Url::$type($value->post_id)."'>{$comment}</a> <br/><small>by {$author} on {$date}</small></li>";
            }
            $html .= "</ol>";
        }

--- a/inc/lib/Control/Backend/menus.control.php
+++ b/inc/lib/Control/Backend/menus.control.php
@@ -69,11 +69,11 @@ if (User::access(0)) {
                        // }
                        // echo "<pre>"; print_r($menu); echo "</pre>";
                        //$menu = $menus;
-                        $parent = Typo::int(Typo::filterXSS($_POST['parent']));
-                        $menuid = Typo::cleanX(Typo::filterXSS($_POST['id']));
-                        $name = Typo::cleanX(Typo::filterXSS($_POST['name']));
-                        $type = Typo::cleanX(Typo::filterXSS($_POST['type']));
-                        $class = Typo::cleanX(Typo::filterXSS($_POST['class']));
+                        $parent = Typo::int(Typo::filterXss($_POST['parent']));
+                        $menuid = Typo::cleanX(Typo::filterXss($_POST['id']));
+                        $name = Typo::cleanX(Typo::filterXss($_POST['name']));
+                        $type = Typo::cleanX(Typo::filterXss($_POST['type']));
+                        $class = Typo::cleanX(Typo::filterXss($_POST['class']));
                        $menu[$menuid]['menu'] = $menus[$menuid]['menu'];
                        $menu[$menuid]['menu'][] = array(
                                                    'parent' => $parent,
@@ -119,7 +119,7 @@ if (User::access(0)) {
            }
                //$data['abc'] = "abc";
            if (isset($_GET['id'])) {
-                $menuid = Typo::cleanX(Typo::filterXSS($_POST['id']));
+                $menuid = Typo::cleanX(Typo::filterXss($_POST['id']));
            } else {
                $menuid = '';
            }
@@ -148,11 +148,11 @@ if (User::access(0)) {
                    if (isset($alertDanger)) {
                        $data['alertDanger'] = $alertDanger;
                    } else {
-                        $parent = Typo::int(Typo::filterXSS($_POST['parent']));
-                        $menuid = Typo::cleanX(Typo::filterXSS($_POST['id']));
-                        $name = Typo::cleanX(Typo::filterXSS($_POST['name']));
-                        $type = Typo::cleanX(Typo::filterXSS($_POST['type']));
-                        $class = Typo::cleanX(Typo::filterXSS($_POST['class']));
+                        $parent = Typo::int(Typo::filterXss($_POST['parent']));
+                        $menuid = Typo::cleanX(Typo::filterXss($_POST['id']));
+                        $name = Typo::cleanX(Typo::filterXss($_POST['name']));
+                        $type = Typo::cleanX(Typo::filterXss($_POST['type']));
+                        $class = Typo::cleanX(Typo::filterXss($_POST['class']));
                        $vars = array(
                            'parent' => $parent,
                            'menuid' => $menuid,
@@ -177,7 +177,7 @@ if (User::access(0)) {
            }
  
            if (isset($_GET['id'])) {
-                $menuid = Typo::cleanX(Typo::filterXSS($_GET['id']));
+                $menuid = Typo::cleanX(Typo::filterXss($_GET['id']));
            } else {
                $menuid = '';
            }
@@ -297,9 +297,9 @@ if (User::access(0)) {
                        $data['alertDanger'] = $alertDanger;
                    } else {
  
-                        $menuid = Typo::cleanX(Typo::strip(Typo::filterXSS($_POST['id'])));
-                        $name = Typo::cleanX(Typo::strip(Typo::filterXSS($_POST['name'])));
-                        $class = Typo::cleanX(Typo::filterXSS($_POST['class']));
+                        $menuid = Typo::cleanX(Typo::strip(Typo::filterXss($_POST['id'])));
+                        $name = Typo::cleanX(Typo::strip(Typo::filterXss($_POST['name'])));
+                        $class = Typo::cleanX(Typo::filterXss($_POST['class']));
                        $menu = array(
                                $menuid => array(
                                            'name' => $name,

--- a/inc/lib/Control/Backend/modules.control.php
+++ b/inc/lib/Control/Backend/modules.control.php
@@ -43,8 +43,36 @@ if (User::access(0)) {
        //print_r($mod);
            $zip = new ZipArchive();
            if ($zip->open($mod['filepath']) === true) {
-                $zip->extractTo(GX_MOD);
-                $zip->close();
+                $dir = explode('/', $zip->statIndex(0)['name']);
+                // print_r($dir);
+                if (count($dir) == 1) {
+                    $zip->close();
+                    @unlink($mod['filepath']);
+                    $data['alertDanger'][] = 'Failed to Install your module';
+                } else {
+                    $zip->extractTo(GX_MOD);
+                    $entry = [];
+                    for($i = 0; $i < $zip->numFiles; $i++) {
+                        $entry[] = $zip->getNameIndex($i);
+                    }
+                    $zip->close();
+                    foreach ($entry as $key => $value) {
+                        // echo $value;
+                        $handle = fopen(GX_MOD.$value, 'r');
+                        $file = fread($handle, filesize(GX_MOD.$value));
+                        fclose($handle);
+                        preg_match('/(.*)(phpinfo|system|php_uname|chmod|fopen|flclose|readfile|base64_decode|passthru)(.*)/Us', $file, $matches);
+                        if (count($matches) > 0) {
+                            @unlink(GX_MOD.$value);
+                            Files::delTree(GX_MOD.$dir[0]);
+                            @unlink($mod['filepath']);
+                            $data['alertDanger'][] = 'Failed to Install your module';
+                        } else {
+                            $data['alertSuccess'][] = MSG_MOD_INSTALLED;
+                        }
+                    }
+                }
+
                Hooks::run('module_install_action', $mod);
                $data['alertSuccess'][] = MSG_MOD_INSTALLED;
            } else {

--- a/inc/lib/Control/Backend/themes.control.php
+++ b/inc/lib/Control/Backend/themes.control.php
@@ -43,10 +43,38 @@ if (User::access(0)) {
                //print_r($theme);
                $zip = new ZipArchive();
                if ($zip->open($theme['filepath']) === true) {
-                    $zip->extractTo(GX_THEME);
-                    $zip->close();
+                    $dir = explode('/', $zip->statIndex(0)['name']);
+                    // print_r($dir);
+                    if (count($dir) == 1) {
+                        $zip->close();
+                        @unlink($mod['filepath']);
+                        $data['alertDanger'][] = 'Failed to Install your theme';
+                    } else {
+                        $zip->extractTo(GX_THEME);
+                        $entry = [];
+                        for($i = 0; $i < $zip->numFiles; $i++) {
+                            $entry[] = $zip->getNameIndex($i);
+                        }
+                        $zip->close();
+                        foreach ($entry as $key => $value) {
+                            // echo $value;
+                            $handle = fopen(GX_THEME.$value, 'r');
+                            $file = fread($handle, filesize(GX_THEME.$value));
+                            fclose($handle);
+                            preg_match('/(.*)(phpinfo|system|php_uname|chmod|fopen|flclose|readfile|base64_decode|passthru)(.*)/Us', $file, $matches);
+                            if (count($matches) > 0) {
+                                @unlink(GX_THEME.$value);
+                                Files::delTree(GX_THEME.$dir[0]);
+                                @unlink($mod['filepath']);
+                                $data['alertDanger'][] = 'Failed to Install your theme';
+                            } else {
+                                $data['alertSuccess'][] = MSG_THEME_INSTALLED;
+                            }
+                        }
+                    }
+
                    Hooks::run('theme_install_action', $theme);
-                    $data['alertSuccess'][] = MSG_THEME_INSTALLED;
+                    
                } else {
                    $data['alertDanger'][] = MSG_THEME_CANT_EXTRACT;
                }

--- a/inc/lib/Posts.class.php
+++ b/inc/lib/Posts.class.php
@@ -470,7 +470,7 @@ class Posts
        $tags_x = explode(',', $tags);
        $tag = [];
        foreach ($tags_x as $t) {
-            $tag[] = '<a href="'.Url::tag($t)."\">{$t} (".Tags::count($t).")</a>";
+            $tag[] = '<a href="'.Url::tag($t)."\">{$t}</a>";
        }
        $tag = implode(', ', $tag);
  

--- a/inc/lib/Theme.class.php
+++ b/inc/lib/Theme.class.php
@@ -156,7 +156,7 @@ class Theme
        while (false !== ($entry = $handle->read())) {
            if ($entry != '.' && $entry != '..') {
                $dir = GX_THEME.$entry;
-                if (is_dir($dir) == true) {
+                if (is_dir($dir) == true && file_exists($dir.'/themeinfo.php')) {
                    $thm[] = basename($dir);
                }
            }

--- a/inc/mod/contact-form/options.php
+++ b/inc/mod/contact-form/options.php
@@ -11,7 +11,7 @@
                </h3>

                <div class="box-tools pull-right">
-                    <?=$data['paging'];?>
+                    
                </div>
            </div>
            <div class="box-body">

--- a/inc/themes/gneex/author.php
+++ b/inc/themes/gneex/author.php
 <?php
 $gneex = Gneex::$opt;
 ?>
-    <section id="innerslide">
-        
-        <div class="bg-slide">
-            
-        </div>
-
-    </section>
  
    <section id="blog">
        <div class="container">

--- a/inc/themes/gneex/cat.php
+++ b/inc/themes/gneex/cat.php
 <?php
 $gneex = Gneex::$opt;
 ?>
-    <section id="innerslide">
-        
-        <div class="bg-slide">
-            
-        </div>
-
-    </section>
  
    <section id="blog">
        <div class="container">

--- a/inc/themes/gneex/header.php
+++ b/inc/themes/gneex/header.php
@@ -64,3 +64,51 @@ $gneex = Gneex::$opt;
        </div>
    </header>
  
+<?php
+if (isset($data['p_type']) && $data['p_type'] == "index") {
+    # code...
+?>
+    <section id="frontslide">
+        
+        <div class="bg-slide">
+            
+        </div>
+        <?php
+        if (($gneex['intro_title'] || $gneex['intro_text']) != '') {
+            # code...
+
+        ?>
+        <div class="container" id="front-text">
+
+
+                <div class="col-md-7 ">
+                <div class="front-textbox">
+                    <h2><span><?=nl2br($gneex['intro_title']); ?></span></h2>
+                    <hr />
+                    <p><span><?=nl2br($gneex['intro_text']); ?></span>
+                    </p>
+                </div>
+                    
+                </div>
+                <div class="col-md-5 front-image">
+                    <?=Gneex::introIg($gneex['intro_image']); ?>
+                </div>
+
+        </div>
+        <?php
+        }
+        ?>
+
+    </section>
+<?php
+} else {
+    echo "
+    <section id=\"innerslide\">
+        
+        <div class=\"bg-slide\">
+            
+        </div>
+
+    </section>";
+}
+?>
\ No newline at end of file
--- a/inc/themes/gneex/index.php
+++ b/inc/themes/gneex/index.php
-    <?php $gneex = Gneex::$opt;?>
-    <section id="frontslide">
-        
-        <div class="bg-slide">
-            
-        </div>
-        <?php
-        if (($gneex['intro_title'] || $gneex['intro_text']) != '') {
-            # code...
-
-        ?>
-        <div class="container" id="front-text">
+<?php $gneex = Gneex::$opt;
  
  
-                <div class="col-md-7 ">
-                <div class="front-textbox">
-                    <h2><span><?=nl2br($gneex['intro_title']); ?></span></h2>
-                    <hr />
-                    <p><span><?=nl2br($gneex['intro_text']); ?></span>
-                    </p>
-                </div>
-                    
-                </div>
-                <div class="col-md-5 front-image">
-                    <?=Gneex::introIg($gneex['intro_image']); ?>
-                </div>
-
-        </div>
-        <?php
-        }
-        ?>
-
-    </section>
-<?php
 if (Gneex::featuredExist()) {
    ?>
    <section id="featured">

--- a/inc/themes/gneex/mod.php
+++ b/inc/themes/gneex/mod.php
-    <section id="innerslide">
-        
-        <div class="bg-slide">
-            
-        </div>
-
-    </section>
    <section id="blog">
        <div class="container">
            

--- a/inc/themes/gneex/page.php
+++ b/inc/themes/gneex/page.php
-        <section id="innerslide">
-        
-        <div class="bg-slide">
-            
-        </div>
-
-    </section>
    <section id="blog">
        <div class="container">
            

--- a/inc/themes/gneex/single.php
+++ b/inc/themes/gneex/single.php
-    <section id="innerslide">
-        
-        <div class="bg-slide">
-            
-        </div>
  
-    </section>
    <section id="blog">
        <div class="container">
            <?php

--- a/inc/themes/gneex/tag.php
+++ b/inc/themes/gneex/tag.php
 <?php
 $gneex = Gneex::$opt;
 ?>
-    <section id="innerslide">
-        
-        <div class="bg-slide">
-            
-        </div>
  
-    </section>
  
    <section id="blog">
        <div class="container">

--- a/login.php
+++ b/login.php
@@ -32,7 +32,8 @@ try {
 }
  
 if (!isset($_GET['backto']) && isset($_SERVER['HTTP_REFERER'])) {
-    header('Location: '.Site::$url.'login.php?backto='.$_SERVER['HTTP_REFERER']);
+    $url = str_replace(Site::$url.'login.php?backto=', '', $_SERVER['HTTP_REFERER']);
+    header('Location: '.Site::$url.'login.php?backto='.$url);   
 } elseif (!isset($_GET['backto']) && !isset($_SERVER['HTTP_REFERER'])) {
    header('Location: '.Site::$url.'login.php?backto='.Site::$url);
 }

--- a/logout.php
+++ b/logout.php
@@ -31,4 +31,4 @@ try {
  
 Hooks::run('user_logout_action');
 Session::destroy();
-header('Location: index.php');
+header('Location: '.Site::$url);
No results found