Skip to content

Commit 6982454

Browse files
committed
Security FIX, Bug FIX
1 parent f33ef36 commit 6982454

39 files changed

+1165
-528
lines changed

Diff for: gxadmin/inc/categories.php

+36-6
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,35 @@
1212
* @copyright 2014-2015 Puguh Wijayanto
1313
* @license http://www.opensource.org/licenses/mit-license.php MIT
1414
*
15-
*/?>
15+
*/
16+
17+
if (isset($data['alertgreen'])) {
18+
# code...
19+
echo "<div class=\"alert alert-success\" >
20+
<button type=\"button\" class=\"close\" data-dismiss=\"alert\">
21+
<span aria-hidden=\"true\">&times;</span>
22+
<span class=\"sr-only\">Close</span>
23+
</button>";
24+
foreach ($data['alertgreen'] as $alert) {
25+
# code...
26+
echo "$alert\n";
27+
}
28+
echo "</div>";
29+
}
30+
if (isset($data['alertred'])) {
31+
# code...
32+
echo "<div class=\"alert alert-danger\" >
33+
<button type=\"button\" class=\"close\" data-dismiss=\"alert\">
34+
<span aria-hidden=\"true\">&times;</span>
35+
<span class=\"sr-only\">Close</span>
36+
</button>";
37+
foreach ($data['alertred'] as $alert) {
38+
# code...
39+
echo "$alert\n";
40+
}
41+
echo "</div>";
42+
}
43+
?>
1644
<div class="row">
1745
<div class="col-md-12">
1846
<h1><i class="fa fa-cubes"></i> Categories
@@ -34,12 +62,12 @@
3462
// echo "<td>".$c->parent."</td>";
3563
// echo "<td></td>";
3664

37-
if($c->parent == ""){
65+
if($c->parent == "" || $c->parent == 0){
3866
echo "<div class=\"col-md-4 item\" >
3967
<div class=\"panel panel-default\">
4068
<div class=\"panel-heading\">
4169
<h3 class=\"panel-title\">{$c->name}
42-
<a href=\"?page=categories&act=del&id={$c->id}\" class=\"pull-right\"
70+
<a href=\"?page=categories&act=del&id={$c->id}&token=".TOKEN."\" class=\"pull-right\"
4371
onclick=\"return confirm('Are you sure you want to delete this item?');\">
4472
<span class=\"glyphicon glyphicon-remove\"></span></a></h3>
4573
</div>
@@ -48,13 +76,14 @@
4876
foreach ($data['cat'] as $c2) {
4977
if($c2->parent == $c->id){
5078
echo "<li class=\"list-group-item\">
51-
<form action=\"\" method=\"POST\" name=\"updatecat\">
79+
<form action=\"index.php?page=categories\" method=\"POST\" name=\"updatecat\">
5280
<div class=\"input-group\">
53-
<a href=\"?page=categories&act=del&id={$c2->id}\" class=\"input-group-addon\"
81+
<a href=\"?page=categories&act=del&id={$c2->id}&token=".TOKEN."\" class=\"input-group-addon\"
5482
onclick=\"return confirm('Are you sure you want to delete this item?');\"
5583
><span class=\"glyphicon glyphicon-remove\"></span></a>
5684
<input type=\"text\" name=\"cat\" class=\"form-control\" value=\"{$c2->name}\">
5785
<input type=\"hidden\" name=\"id\" value=\"{$c2->id}\">
86+
<input type=\"hidden\" name=\"token\" value=\"".TOKEN."\">
5887
<span class=\"input-group-btn\">
5988
<button class=\"btn btn-default\" type=\"submit\" name=\"updatecat\">Go!</button>
6089
</span>
@@ -92,7 +121,7 @@
92121
<label>Parent</label>
93122
<?php
94123
$vars = array(
95-
'parent' => '',
124+
'parent' => '0',
96125
'name' => 'parent',
97126
'sort' => 'ASC',
98127
'order_by' => 'name'
@@ -107,6 +136,7 @@
107136

108137
</div>
109138
<div class="modal-footer">
139+
<input type="hidden" name="token" value="<?=TOKEN;?>">
110140
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
111141
<button type="submit" class="btn btn-success" name="addcat">Save changes</button>
112142
</div>

Diff for: gxadmin/inc/menus.php

+33-2
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,37 @@
1212
* @copyright 2014-2015 Puguh Wijayanto
1313
* @license http://www.opensource.org/licenses/mit-license.php MIT
1414
*
15-
*/?>
15+
*/
16+
17+
if (isset($data['alertgreen'])) {
18+
# code...
19+
echo "<div class=\"alert alert-success\" >
20+
<button type=\"button\" class=\"close\" data-dismiss=\"alert\">
21+
<span aria-hidden=\"true\">&times;</span>
22+
<span class=\"sr-only\">Close</span>
23+
</button>
24+
<ul>";
25+
foreach ($data['alertgreen'] as $alert) {
26+
# code...
27+
echo "<li>$alert</li>\n";
28+
}
29+
echo "</ul></div>";
30+
}elseif (isset($data['alertred'])) {
31+
# code...
32+
//print_r($data['alertred']);
33+
echo "<div class=\"alert alert-danger\" >
34+
<button type=\"button\" class=\"close\" data-dismiss=\"alert\">
35+
<span aria-hidden=\"true\">&times;</span>
36+
<span class=\"sr-only\">Close</span>
37+
</button>
38+
<ul>";
39+
foreach ($data['alertred'] as $alert) {
40+
# code...
41+
echo "<li>$alert</li>\n";
42+
}
43+
echo "</ul></div>";
44+
}
45+
?>
1646
<div class="row">
1747
<div class="col-md-12">
1848

@@ -84,7 +114,7 @@
84114
</div>
85115
<div class=\"tab-pane\" id=\"{$k}additem\">
86116
";
87-
$data['parent'] = Menus::getParent('', $k);
117+
$data['parent'] = Menus::isHadParent('', $k);
88118
//print_r($data['parent']);
89119
$data['menuid'] = $k;
90120
System::inc('menus_form', $data);
@@ -146,6 +176,7 @@
146176

147177
</div>
148178
<div class="modal-footer">
179+
<input type="hidden" name="token" value="<?=TOKEN;?>">
149180
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
150181
<button type="submit" class="btn btn-success" name="submit">Save changes</button>
151182
</div>

Diff for: gxadmin/inc/menus_form.php

+30
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,35 @@
1919
}else{
2020
$menuid = $data['menuid'];
2121
}
22+
if (isset($data['alertgreen'])) {
23+
# code...
24+
echo "<div class=\"alert alert-success\" >
25+
<button type=\"button\" class=\"close\" data-dismiss=\"alert\">
26+
<span aria-hidden=\"true\">&times;</span>
27+
<span class=\"sr-only\">Close</span>
28+
</button>
29+
<ul>";
30+
foreach ($data['alertgreen'] as $alert) {
31+
# code...
32+
echo "<li>$alert</li>\n";
33+
}
34+
echo "</ul></div>";
35+
}elseif (isset($data['alertred'])) {
36+
# code...
37+
//print_r($data['alertred']);
38+
echo "<div class=\"alert alert-danger\" >
39+
<button type=\"button\" class=\"close\" data-dismiss=\"alert\">
40+
<span aria-hidden=\"true\">&times;</span>
41+
<span class=\"sr-only\">Close</span>
42+
</button>
43+
<ul>";
44+
foreach ($data['alertred'] as $alert) {
45+
# code...
46+
echo "<li>$alert</li>\n";
47+
}
48+
echo "</ul></div>";
49+
}
50+
2251
?>
2352
<form action="" method="POST">
2453
<h1><i class="fa fa-sitemap"></i> Add Menu
@@ -142,4 +171,5 @@
142171
</div>
143172
</div>
144173
</div>
174+
<input type="hidden" name="token" value="<?=TOKEN;?>">
145175
</form>

Diff for: gxadmin/inc/menus_form_edit.php

+31-7
Original file line numberDiff line numberDiff line change
@@ -21,12 +21,34 @@
2121
}
2222

2323
//print_r($data['menus']);
24-
if(isset($data['alertgreen']) ) {
25-
echo "<div class=\"alert alert-success\">";
26-
foreach ($data['alertgreen'] as $alert) {
27-
echo "$alert";
28-
}
29-
echo "</div>"; }
24+
if (isset($data['alertgreen'])) {
25+
# code...
26+
echo "<div class=\"alert alert-success\" >
27+
<button type=\"button\" class=\"close\" data-dismiss=\"alert\">
28+
<span aria-hidden=\"true\">&times;</span>
29+
<span class=\"sr-only\">Close</span>
30+
</button>
31+
<ul>";
32+
foreach ($data['alertgreen'] as $alert) {
33+
# code...
34+
echo "<li>$alert</li>\n";
35+
}
36+
echo "</ul></div>";
37+
}elseif (isset($data['alertred'])) {
38+
# code...
39+
//print_r($data['alertred']);
40+
echo "<div class=\"alert alert-danger\" >
41+
<button type=\"button\" class=\"close\" data-dismiss=\"alert\">
42+
<span aria-hidden=\"true\">&times;</span>
43+
<span class=\"sr-only\">Close</span>
44+
</button>
45+
<ul>";
46+
foreach ($data['alertred'] as $alert) {
47+
# code...
48+
echo "<li>$alert</li>\n";
49+
}
50+
echo "</ul></div>";
51+
}
3052
?>
3153
<form action="" method="POST">
3254
<div class="row">
@@ -48,11 +70,12 @@
4870
<div class="col-sm-4">
4971
<div class="form-group">
5072
<label>Parent Menu</label>
73+
5174
<select class="form-control" name="parent">
5275
<option></option>
5376
<?php
5477
//echo($data['abc']);
55-
//print_r($data['parent']);
78+
//print_r($data['menus']);
5679
foreach ($data['parent'] as $p) {
5780
# code...
5881
if($data['menus'][0]->parent == $p->id){
@@ -183,5 +206,6 @@
183206
</div>
184207
</div>
185208
</div>
209+
<input type="hidden" name="token" value="<?=$_GET['token'];?>">
186210
</form>
187211
</div>

0 commit comments

Comments
 (0)