leo/kabano
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Merge pull request #6 from LeOSW42/copilot/optimise-models-controllers

Browse Source 
Renforce la sécurité des contrôleurs et modèles
This commit is contained in:
Léo Serre
2026-01-24 14:39:53 +01:00
committed by GitHub
parent 3886412382 c84ee486f3
commit fd8958db9f
5 changed files with 92 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
controllers/d.admin.php
View File

@@ -22,9 +22,12 @@ if(isset($controller->splitted_url[1]) && $user->rankIsHigher("moderator")) {
break; break;
case 'logs': case 'logs':
if ($user->rankIsHigher("moderator")) { if ($user->rankIsHigher("moderator")) {
$head['title'] = "Logs"; $head['title'] = "Logs";
$files_list = scandir($config['logs_folder']); $output = array();
$files_list = scandir($config['logs_folder']);
$logs_folder = realpath($config['logs_folder']);
$logs_folder_root = $logs_folder !== false ? rtrim($logs_folder, DIRECTORY_SEPARATOR) : null;
if (isset($controller->splitted_url[2]) && is_numeric($controller->splitted_url[2]) && intval($controller->splitted_url[2]) < count($files_list)-2) { if (isset($controller->splitted_url[2]) && is_numeric($controller->splitted_url[2]) && intval($controller->splitted_url[2]) < count($files_list)-2) {
$filenb = $controller->splitted_url[2]; $filenb = $controller->splitted_url[2];
@@ -33,8 +36,15 @@ if(isset($controller->splitted_url[1]) && $user->rankIsHigher("moderator")) {
$filenb = 0; $filenb = 0;
} }
chdir($config['logs_folder']); $log_file = $files_list[$filenb+2] ?? null;
exec("tail -n 200 ".$files_list[$filenb+2]." | tac", $output); if ($logs_folder_root && $log_file) {
$log_file = basename($log_file);
$log_path = $logs_folder_root . DIRECTORY_SEPARATOR . $log_file;
$real_log_path = realpath($log_path);
if ($real_log_path && str_starts_with($real_log_path, $logs_folder_root . DIRECTORY_SEPARATOR)) {
exec("tail -n 200 ".escapeshellarg($real_log_path)." | tac", $output);
}
}
include ($config['views_folder']."d.admin.logs.html"); include ($config['views_folder']."d.admin.logs.html");
} }
@@ -47,33 +57,40 @@ if(isset($controller->splitted_url[1]) && $user->rankIsHigher("moderator")) {
$head['css'] = "d.index.css;d.admin.css"; $head['css'] = "d.index.css;d.admin.css";
$head['title'] = "Fichiers attachés au wiki"; $head['title'] = "Fichiers attachés au wiki";
$rows_per_pages = 50; $rows_per_pages = 50;
$files_folder = $config['medias_folder']."wiki/"; $files_folder = $config['medias_folder']."wiki/";
$files_folder_real = realpath($files_folder);
$files_folder_root = $files_folder_real !== false ? rtrim($files_folder_real, DIRECTORY_SEPARATOR) : rtrim($files_folder, DIRECTORY_SEPARATOR);
// Delete a file // Delete a file
if ($user->rankIsHigher("administrator")) { if ($user->rankIsHigher("administrator")) {
if(isset($controller->splitted_url[2]) && $controller->splitted_url[2]=='delete' && isset($controller->splitted_url[3])) { if(isset($controller->splitted_url[2]) && $controller->splitted_url[2]=='delete' && isset($controller->splitted_url[3])) {
$filename=$files_folder.$controller->splitted_url[3]; $safe_name = basename($controller->splitted_url[3]);
if (file_exists($filename)) { $filename = $files_folder_root . DIRECTORY_SEPARATOR . $safe_name;
unlink($filename); $real_filename = realpath($filename);
error_log(date('r')." \t".$user->name." (".$user->id.") \tDELETE \tDelete wiki file '".$controller->splitted_url[3]."'\r\n",3,$config['logs_folder'].'wiki-files.log'); if ($real_filename && str_starts_with($real_filename, $files_folder_root . DIRECTORY_SEPARATOR)) {
if (file_exists($real_filename)) {
unlink($real_filename);
} }
error_log(date('r')." \t".$user->name." (".$user->id.") \tDELETE \tDelete wiki file '".$safe_name."'\r\n",3,$config['logs_folder'].'wiki-files.log');
} }
}
} }
// Add a file // Add a file
if(isset($controller->splitted_url[2]) && $controller->splitted_url[2]=='upload' && isset($_FILES['file'])) { if(isset($controller->splitted_url[2]) && $controller->splitted_url[2]=='upload' && isset($_FILES['file'])) {
$filename=$config['medias_folder']."wiki/".$_FILES['file']['name']; $safe_name = basename($_FILES['file']['name']);
if(move_uploaded_file($_FILES['file']['tmp_name'], $filename)) { $filename = $files_folder_root . DIRECTORY_SEPARATOR . $safe_name;
error_log(date('r')." \t".$user->name." (".$user->id.") \tUPLOAD Upload wiki file '".$_FILES['file']['name']."'\r\n",3,$config['logs_folder'].'wiki-files.log'); if($safe_name !== '' && move_uploaded_file($_FILES['file']['tmp_name'], $filename)) {
error_log(date('r')." \t".$user->name." (".$user->id.") \tUPLOAD Upload wiki file '".$safe_name."'\r\n",3,$config['logs_folder'].'wiki-files.log');
} }
} }
// Get the file list // Get the file list
$files_list = scandir($files_folder); $files_list = scandir($files_folder_root);
// Populate table // Populate table
foreach ($files_list as $file) { foreach ($files_list as $file) {
$file_path = $files_folder.$file; $file_path = $files_folder_root . DIRECTORY_SEPARATOR . $file;
if (is_file($file_path)) { if (is_file($file_path)) {
$file_info = [ $file_info = [
@@ -157,11 +174,22 @@ if(isset($controller->splitted_url[1]) && $user->rankIsHigher("moderator")) {
if ($user->rankIsHigher("administrator")) { if ($user->rankIsHigher("administrator")) {
$head['title'] = "Export SQL"; $head['title'] = "Export SQL";
if(isset($controller->splitted_url[2]) && $controller->splitted_url[2]=='delete' && isset($controller->splitted_url[3])) { if(isset($controller->splitted_url[2]) && $controller->splitted_url[2]=='delete' && isset($controller->splitted_url[3])) {
unlink($config['abs_root_folder'].'tmp/'.$controller->splitted_url[3]); $tmp_folder = realpath($config['abs_root_folder'].'tmp');
$output = Array(); if ($tmp_folder !== false) {
$backup_file = Array(); $safe_name = basename($controller->splitted_url[3]);
$tmp_folder_root = rtrim($tmp_folder, DIRECTORY_SEPARATOR);
$delete_path = $tmp_folder_root . DIRECTORY_SEPARATOR . $safe_name;
$real_delete_path = realpath($delete_path);
if ($real_delete_path && str_starts_with($real_delete_path, $tmp_folder_root . DIRECTORY_SEPARATOR)) {
if (file_exists($real_delete_path)) {
unlink($real_delete_path);
}
}
} }
$output = Array();
$backup_file = Array();
}
else { else {
// Nom du fichier de sauvegarde // Nom du fichier de sauvegarde
$timestamp = date('Ymd_His'); $timestamp = date('Ymd_His');
@@ -190,9 +218,20 @@ if(isset($controller->splitted_url[1]) && $user->rankIsHigher("moderator")) {
$output = Array(); $output = Array();
$backup_file = Array(); $backup_file = Array();
if(isset($controller->splitted_url[2]) && $controller->splitted_url[2]=='delete' && isset($controller->splitted_url[3])) { if(isset($controller->splitted_url[2]) && $controller->splitted_url[2]=='delete' && isset($controller->splitted_url[3])) {
unlink($config['abs_root_folder'].'tmp/'.$controller->splitted_url[3]); $tmp_folder = realpath($config['abs_root_folder'].'tmp');
if ($tmp_folder !== false) {
$safe_name = basename($controller->splitted_url[3]);
$tmp_folder_root = rtrim($tmp_folder, DIRECTORY_SEPARATOR);
$delete_path = $tmp_folder_root . DIRECTORY_SEPARATOR . $safe_name;
$real_delete_path = realpath($delete_path);
if ($real_delete_path && str_starts_with($real_delete_path, $tmp_folder_root . DIRECTORY_SEPARATOR)) {
if (file_exists($real_delete_path)) {
unlink($real_delete_path);
}
}
} }
}
else { else {
// Nom du fichier de sauvegarde // Nom du fichier de sauvegarde
$timestamp = date('Ymd_His'); $timestamp = date('Ymd_His');

5
controllers/d.contact.php
View File

@@ -11,8 +11,9 @@ if(isset($_POST['submit'])) {
$message .= "<hr>\r\n"; $message .= "<hr>\r\n";
$message .= "<pre style='padding: 10px; background: #ccc;'>".strip_tags(post('message'))."</pre><br>\r\n"; $message .= "<pre style='padding: 10px; background: #ccc;'>".strip_tags(post('message'))."</pre><br>\r\n";
$headers = 'From: '. post('email') . "\r\n" . $sender = str_replace(["\r", "\n"], '', post('email'));
'Reply-To: '. post('email') . "\r\n" . $headers = 'From: '. $sender . "\r\n" .
'Reply-To: '. $sender . "\r\n" .
'X-Mailer: PHP/' . phpversion() . "\r\n" . 'X-Mailer: PHP/' . phpversion() . "\r\n" .
'MIME-Version: 1.0' . "\r\n" . 'MIME-Version: 1.0' . "\r\n" .
'Content-type: text/html; charset=UTF-8' . "\r\n"; 'Content-type: text/html; charset=UTF-8' . "\r\n";

7
controllers/d.poi.php
View File

@@ -93,8 +93,13 @@ switch ($controller->splitted_url[1]) {
case "elevation_proxy": case "elevation_proxy":
if (isset($_GET['location'])) { if (isset($_GET['location'])) {
if (!preg_match('/^[0-9,\.\|\-]+$/', $_GET['location'])) {
$notfound = 1;
break;
}
$location = urlencode($_GET['location']);
header("Content-Type: application/json;charset=utf-8"); header("Content-Type: application/json;charset=utf-8");
echo(file_get_contents("https://api.opentopodata.org/v1/mapzen?locations=".$_GET['location'])); echo(file_get_contents("https://api.opentopodata.org/v1/mapzen?locations=".$location));
break; break;
} else { } else {
$notfound = 1; $notfound = 1;

24
controllers/d.users.php
View File

@@ -16,7 +16,17 @@ if(isset($controller->splitted_url[1])) {
if($user->login($_POST['login'], $_POST['password'])) { if($user->login($_POST['login'], $_POST['password'])) {
// SUCESSFULL LOGIN // SUCESSFULL LOGIN
$_SESSION['userid'] = $user->id; $_SESSION['userid'] = $user->id;
header('Location: '.$_SERVER['HTTP_REFERER']); $redirect = $config['rel_root_folder'];
if (!empty($_SERVER['HTTP_REFERER'])) {
$referer = $_SERVER['HTTP_REFERER'];
$parts = parse_url($referer);
$host = $_SERVER['HTTP_HOST'] ?? '';
if ($parts !== false && ((empty($parts['host']) && empty($parts['scheme'])) || (!empty($host) && isset($parts['host']) && $parts['host'] === $host))) {
$redirect = $referer;
}
}
header('Location: '.$redirect);
exit;
} }
else { else {
header('Location: '.$config['rel_root_folder'].'user/login?error=1'); header('Location: '.$config['rel_root_folder'].'user/login?error=1');
@@ -29,7 +39,17 @@ if(isset($controller->splitted_url[1])) {
break; break;
case 'logout': case 'logout':
session_destroy(); session_destroy();
header('Location: '.$_SERVER['HTTP_REFERER']); $redirect = $config['rel_root_folder'];
if (!empty($_SERVER['HTTP_REFERER'])) {
$referer = $_SERVER['HTTP_REFERER'];
$parts = parse_url($referer);
$host = $_SERVER['HTTP_HOST'] ?? '';
if ($parts !== false && ((empty($parts['host']) && empty($parts['scheme'])) || (!empty($host) && isset($parts['host']) && $parts['host'] === $host))) {
$redirect = $referer;
}
}
header('Location: '.$redirect);
exit;
break; break;
case 'signin': case 'signin':
$head['js'] = "d.captcha.js"; $head['js'] = "d.captcha.js";

2
models/d.users.php
View File

@@ -401,7 +401,7 @@ function randomPassword() {
$pass = array(); //remember to declare $pass as an array $pass = array(); //remember to declare $pass as an array
$alphaLength = strlen($alphabet) - 1; //put the length -1 in cache $alphaLength = strlen($alphabet) - 1; //put the length -1 in cache
for ($i = 0; $i < 8; $i++) { for ($i = 0; $i < 8; $i++) {
$n = rand(0, $alphaLength); $n = random_int(0, $alphaLength);
$pass[] = $alphabet[$n]; $pass[] = $alphabet[$n];
} }
return implode($pass); //turn the array into a string return implode($pass); //turn the array into a string