Skip to content

Commit

Permalink
security improvement
Browse files Browse the repository at this point in the history
  • Loading branch information
outdoorbits committed Oct 3, 2023
1 parent ecf83ff commit f39f91c
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 26 deletions.
3 changes: 2 additions & 1 deletion scripts/config.php
View file
Expand Up @@ -115,13 +115,14 @@ function check_new_password($title, $pwd_1, $pwd_2) {

function write_config() {
# write config.cfg
extract ($_POST);

global $WORKING_DIR;
global $WIFI_COUNTRY;
global $constants;
global $vpn_types;

extract ($_POST,EXTR_SKIP);

list($conf_BACKUP_DEFAULT_SOURCE,$conf_BACKUP_DEFAULT_TARGET)=explode(" ",$BACKUP_MODE,2);
list($conf_BACKUP_DEFAULT_SOURCE2,$conf_BACKUP_DEFAULT_TARGET2)=explode(" ",$BACKUP_MODE_2,2);

Expand Down
50 changes: 25 additions & 25 deletions scripts/view.php
View file
Expand Up @@ -10,6 +10,10 @@
$theme = $config["conf_THEME"];
$background = $config["conf_BACKGROUND_IMAGE"] == ""?"":"background='" . $constants["const_MEDIA_DIR"] . '/' . $constants["const_BACKGROUND_IMAGES_DIR"] . "/" . $config["conf_BACKGROUND_IMAGE"] . "'";

# read parameters
extract ($_POST,EXTR_SKIP);
extract ($_GET,EXTR_SKIP);

include("sub-popup.php");

include("get-cloudservices.php");
Expand Down Expand Up @@ -181,37 +185,33 @@ function add_to_where($new_where,$target_array) {
$IMAGES_PER_PAGE_OPTIONS = array ($constants['const_VIEW_GRID_COLUMNS']*5,$constants['const_VIEW_GRID_COLUMNS']*10,$constants['const_VIEW_GRID_COLUMNS']*20,$constants['const_VIEW_GRID_COLUMNS']*50);

# standard values
$filter_medium = "-";
$view_mode = "grid";
$filter_images_per_page = $IMAGES_PER_PAGE_OPTIONS[1];
$filter_directory = "";
$filter_date = "all";
$filter_rating = "all";
$filter_file_type = "all";
$filter_file_type_extension = "all";
$filter_camera_model_name = "all";
$filter_variable_field = "";
$filter_variable_value = "";
$ID = 0;
$IMAGE_ID = 0;
$IMAGE_ID_PRE = 0;
$IMAGE_ID_POST = 0;
$IMAGE_ID_FIRST = 0;
$IMAGE_ID_LAST = 0;
$imagecount = 0;
$order_by = "Create_Date";
$order_dir = "DESC";
$select_offset = 0;
$filter_medium = isset($filter_medium) ? $filter_medium : "-";
$view_mode = isset($view_mode) ? $view_mode : "grid";
$filter_images_per_page = isset($filter_images_per_page) ? $filter_images_per_page : $IMAGES_PER_PAGE_OPTIONS[1];
$filter_directory = isset($filter_directory) ? $filter_directory : "";
$filter_date = isset($filter_date) ? $filter_date : "all";
$filter_rating = isset($filter_rating) ? $filter_rating : "all";
$filter_file_type = isset($filter_file_type) ? $filter_file_type : "all";
$filter_file_type_extension = isset($filter_file_type_extension) ? $filter_file_type_extension : "all";
$filter_camera_model_name = isset($filter_camera_model_name) ? $filter_camera_model_name : "all";
$filter_variable_field = isset($filter_variable_field) ? $filter_variable_field : "";
$filter_variable_value = isset($filter_variable_value) ? $filter_variable_value : "";
$ID = isset($ID) ? $ID : 0;
$IMAGE_ID = isset($IMAGE_ID) ? $IMAGE_ID : 0;
$IMAGE_ID_PRE = isset($IMAGE_ID_PRE) ? $IMAGE_ID_PRE : 0;
$IMAGE_ID_POST = isset($IMAGE_ID_POST) ? $IMAGE_ID_POST : 0;
$IMAGE_ID_FIRST = isset($IMAGE_ID_FIRST) ? $IMAGE_ID_FIRST : 0;
$IMAGE_ID_LAST = isset($IMAGE_ID_LAST) ? $IMAGE_ID_LAST : 0;
$imagecount = isset($imagecount) ? $imagecount : 0;
$order_by = isset($order_by) ? $order_by : "Create_Date";
$order_dir = isset($order_dir) ? $order_dir : "DESC";
$select_offset = isset($select_offset) ? $select_offset : 0;

$FIELDS_BLOCKED_ARRAY = array(
"ID",
"ExifTool_Version_Number"
);

# read parameters
extract ($_POST);
extract ($_GET);

## security-checks
if (! in_array($filter_images_per_page,$IMAGES_PER_PAGE_OPTIONS)) {
$filter_images_per_page = $IMAGES_PER_PAGE_OPTIONS[0];
Expand Down

0 comments on commit f39f91c

Please sign in to comment.