Skip to content
Permalink
Browse files
Added tokens to some links.
  • Loading branch information
CaMer0n committed Jan 1, 2022
1 parent cfa36cc commit 7de11ed496e35fe21f5396bfa4121dd3b56d574e
Showing with 60 additions and 15 deletions.
  1. +8 −1 e107_admin/language.php
  2. +42 −10 e107_admin/plugin.php
  3. +8 −2 e107_admin/theme.php
  4. +2 −2 e107_handlers/e_marketplace.php
@@ -212,6 +212,13 @@ function ToolsPage()

function DownloadPage()
{
if(empty($_GET['e-token']))
{
e107::getMessage()->addError("Invalid Token"); // Debug - no need for translation.
return LAN_ERROR;
}


$this->loadPackInfo();

$lan = $this->getId();
@@ -425,7 +432,7 @@ private function renderOnlineLanguagePacks()
<td><a href='".$value['authorURL']."'>".$value['author']."</a></td>";*/


$url = 'language.php?mode=main&action=download&id='.$value['name']; // $value['url']
$url = 'language.php?mode=main&action=download&e-token='.e_TOKEN.'id='.$value['name']; // $value['url']

$text .= "
<td class='text-left'>".$value['date']."</td>
@@ -362,7 +362,7 @@ function renderHelp()
{
$plg->load($path);
$name = $plg->getName();
$url = e_ADMIN."plugin.php?mode=installed&action=upgrade&path=".$path;
$url = e_ADMIN."plugin.php?mode=installed&action=upgrade&path=".$path."&e-token=".e_TOKEN;
$text .= "<li class='media'>
<div class='media-left'>
<a href='".$url."'>".$plg->getIcon(32)."</a>
@@ -384,6 +384,12 @@ function renderHelp()

function installPage()
{
if(empty($this->getQuery('e-token')))
{
e107::getMessage()->addError("Invalid Token"); // Debug - no need for translation.
$this->redirectAction('list');
}

$id = $this->getQuery('path');

$text = e107::getPlugin()->install($id);
@@ -438,6 +444,11 @@ function lanPage()

function uninstallPage()
{
if(empty($this->getQuery('e-token')))
{
e107::getMessage()->addError("Invalid Token"); // Debug - no need for translation.
$this->redirectAction('list');
}


$id = $this->getQuery('path');
@@ -483,6 +494,14 @@ function uninstallPage()

function repairPage()
{

if(empty($this->getQuery('e-token')))
{
e107::getMessage()->addError("Invalid Token"); // Debug - no need for translation.
$this->redirectAction('list');
return null;
}

$id = $this->getQuery('path');

$this->repair($id);
@@ -499,7 +518,7 @@ private function repair($id)
}

e107::getSingleton('e107plugin')->refresh($id);
e107::getLog()->add('PLUGMAN_04', $id, E_LOG_INFORMATIVE, '');
e107::getLog()->add('PLUGMAN_04', $id);

e107::getMessage()->addSuccess("Repair Complete (".$id.")"); // Repair Complete ([x])

@@ -526,6 +545,12 @@ function pullPage()

function upgradePage()
{
if(empty($this->getQuery('e-token')))
{
e107::getMessage()->addError("Invalid Token"); // Debug - no need for translation.
$this->redirectAction('list');
}

$this->pluginUpgrade();

}
@@ -1009,13 +1034,13 @@ function options($val, $curVal)
if($var['plugin_install_required'] == true)
{

if($var['plugin_installflag'])
if(!empty($var['plugin_installflag']))
{
$text .= ($var['plugin_installflag'] ? "<a class='btn btn-default' href=\"" . e_SELF . "?mode=".$mode."&action=uninstall&path={$var['plugin_path']}\" title='" . EPL_ADLAN_1 . "' >" . ADMIN_UNINSTALLPLUGIN_ICON . "</a>" : "<a class='btn' href=\"" . e_SELF . "?install.{$var['plugin_id']}\" title='" . EPL_ADLAN_0 . "' >" . ADMIN_INSTALLPLUGIN_ICON . "</a>");
$text .= "<a class='btn btn-default' href=\"" . e_SELF . "?mode=".$mode."&action=uninstall&path=".$var['plugin_path']."&e-token=".e_TOKEN."\" title='" . EPL_ADLAN_1 . "' >" . ADMIN_UNINSTALLPLUGIN_ICON . "</a>";
}
else
{
$text .= "<a class='btn btn-default' href=\"" . e_SELF . "?mode=installed&action=install&path={$var['plugin_path']}\" title='" . EPL_ADLAN_0 . "' >" . ADMIN_INSTALLPLUGIN_ICON . "</a>";
$text .= "<a class='btn btn-default' href=\"" . e_SELF . "?mode=installed&action=install&path=".$var['plugin_path']."&e-token=".e_TOKEN."\" title='" . EPL_ADLAN_0 . "' >" . ADMIN_INSTALLPLUGIN_ICON . "</a>";
}

}
@@ -1037,17 +1062,17 @@ function options($val, $curVal)

if($var['plugin_version'] != $var['plugin_version_file'] && $var['plugin_installflag'])
{
$text .= "<a class='btn btn-default' href='" . e_SELF . "?mode=".$mode."&action=upgrade&path={$var['plugin_path']}' title=\"" . EPL_UPGRADE . " v" . $var['plugin_version_file'] . "\" >" . ADMIN_UPGRADEPLUGIN_ICON . "</a>";
$text .= "<a class='btn btn-default' href='" . e_SELF . "?mode=".$mode."&action=upgrade&path=".$var['plugin_path']."&e-token=".e_TOKEN."' title=\"" . EPL_UPGRADE . " v" . $var['plugin_version_file'] . "\" >" . ADMIN_UPGRADEPLUGIN_ICON . "</a>";
}

if($var['plugin_installflag'])
{
$text .= "<a class='btn btn-default' href='" . e_SELF . "?mode=".$mode."&action=repair&path={$var['plugin_path']}' title='" . LAN_REPAIR_PLUGIN_SETTINGS . "'> " . ADMIN_REPAIRPLUGIN_ICON . "</a>";
$text .= "<a class='btn btn-default' href='" . e_SELF . "?mode=".$mode."&action=repair&path=".$var['plugin_path']."&e-token=".e_TOKEN."' title='" . LAN_REPAIR_PLUGIN_SETTINGS . "'> " . ADMIN_REPAIRPLUGIN_ICON . "</a>";
}

if($var['plugin_installflag'] && is_dir($_path . ".git"))
{
$text .= "<a class='plugin-manager btn btn-default' href='" . e_SELF . "?mode=".$mode."&action=pull&path={$var['plugin_path']}' title='" . LAN_SYNC_WITH_GIT_REPO . "'> " . ADMIN_GITSYNC_ICON . "</a>";
$text .= "<a class='plugin-manager btn btn-default' href='" . e_SELF . "?mode=".$mode."&action=pull&path=".$var['plugin_path']."&e-token=".e_TOKEN."' title='" . LAN_SYNC_WITH_GIT_REPO . "'> " . ADMIN_GITSYNC_ICON . "</a>";
}


@@ -1140,12 +1165,16 @@ function pluginCheck($force=false)
// Modal Download.
public function downloadPage()
{
if(empty($_GET['e-token']))
{
echo e107::getMessage()->addError("Invalid Token")->render('default', 'error');
return null;
}

$frm = e107::getForm();
$mes = e107::getMessage();
$tp = e107::getParser();

// print_a($_GET);

$string = base64_decode($_GET['src']);
parse_str($string, $data);
@@ -1192,7 +1221,7 @@ public function downloadPage()
$upgradable = e107::getPlug()->getUpgradableList();
if(!empty($upgradable[$pluginFolder]))
{
$mes->addSuccess("<a target='_top' href='".e_ADMIN."plugin.php?mode=installed&action=upgrade&id=".$pluginFolder."' class='btn btn-primary'>".LAN_UPDATE."</a>");
$mes->addSuccess("<a target='_top' href='".e_ADMIN."plugin.php?mode=installed&action=upgrade&id=".$pluginFolder."&e-token=".e_TOKEN."' class='btn btn-primary'>".LAN_UPDATE."</a>");
}

echo $mes->render('default', 'success');
@@ -2539,6 +2568,9 @@ function step1()
$ns = e107::getRender();
$mes = e107::getMessage();
$tp = e107::getParser();

$newDir = [];
$lanDir = [];

$plugFolders = $fl->get_dirs(e_PLUGIN);
foreach($plugFolders as $dir)
@@ -660,6 +660,12 @@ public function InfoPage()

public function DownloadPage()
{
if(empty($_GET['e-token']))
{
return e107::getMessage()->addError('Invalid Token')->render('default', 'error');
}


$frm = e107::getForm();
$mes = e107::getMessage();
$string = base64_decode($_GET['src']);
@@ -1175,15 +1181,15 @@ private function onlineOptions($theme)
if(!empty($theme['price'])) // Premium Theme
{
$LAN_DOWNLOAD = LAN_PURCHASE."/".LAN_DOWNLOAD;
$downloadUrl = e_SELF.'?mode=main&action=download&src='.base64_encode($d); // no iframe.
$downloadUrl = e_SELF.'?mode=main&action=download&e-token='.e_TOKEN.'&src='.base64_encode($d); // no iframe.
$mainTarget = '_blank';
$mainClass = '';
$modalCaption = ' '.LAN_PURCHASE.' '.$theme['name']." ".$theme['version'];
}
else // Free Theme
{
$LAN_DOWNLOAD = LAN_DOWNLOAD;
$downloadUrl = e_SELF.'?mode=main&iframe=1&action=download&src='.base64_encode($d);//$url.'&amp;action=download';
$downloadUrl = e_SELF.'?mode=main&iframe=1&action=download&e-token='.e_TOKEN.'&src='.base64_encode($d);//$url.'&amp;action=download';
$mainTarget = '_self';
$mainClass = 'e-modal';
$modalCaption = ' '.LAN_DOWNLOADING.' '.$theme['name']." ".$theme['version'];
@@ -262,7 +262,7 @@ public function getDownloadModal($type='plugin',$data=array())

// if(deftrue('e_DEBUG_PLUGMANAGER'))
{
$url = e_ADMIN.'plugin.php?mode=online&action=download&src='.base64_encode($d);
$url = e_ADMIN.'plugin.php?mode=online&action=download&e-token='.e_TOKEN.'&src='.base64_encode($d);
}
// else
{
@@ -282,7 +282,7 @@ public function getDownloadModal($type='plugin',$data=array())
);

$d = http_build_query($srcData,false,'&');
$url = e_ADMIN.'theme.php?mode=main&action=download&src='.base64_encode($d);//$url.'&amp;action=download';
$url = e_ADMIN.'theme.php?mode=main&action=download&e-token='.e_TOKEN.'&src='.base64_encode($d);//$url.'&amp;action=download';

}

0 comments on commit 7de11ed

Please sign in to comment.