Skip to content
Permalink
Browse files

Security FIX, Bug FIX

  • Loading branch information...
semplon committed Mar 10, 2015
1 parent f33ef36 commit 698245488343396185b1b49e7482ee5b25541815
Showing with 1,165 additions and 528 deletions.
  1. +36 −6 gxadmin/inc/categories.php
  2. +33 −2 gxadmin/inc/menus.php
  3. +30 −0 gxadmin/inc/menus_form.php
  4. +31 −7 gxadmin/inc/menus_form_edit.php
  5. +94 −82 gxadmin/inc/pages.php
  6. +33 −13 gxadmin/inc/pages_form.php
  7. +11 −2 gxadmin/inc/posts.php
  8. +52 −48 gxadmin/inc/posts_form.php
  9. +39 −7 gxadmin/inc/settings.php
  10. +5 −4 gxadmin/inc/user.php
  11. +26 −25 gxadmin/inc/user_form.php
  12. +4 −1 inc/lib/Categories.class.php
  13. +2 −2 inc/lib/Control.class.php
  14. +44 −11 inc/lib/Control/Backend/categories.control.php
  15. +145 −100 inc/lib/Control/Backend/menus.control.php
  16. +88 −40 inc/lib/Control/Backend/pages.control.php
  17. +96 −41 inc/lib/Control/Backend/posts.control.php
  18. +43 −35 inc/lib/Control/Backend/settings.control.php
  19. +23 −3 inc/lib/Control/Backend/users.control.php
  20. +8 −0 inc/lib/Control/Error/db.control.php
  21. +10 −0 inc/lib/Control/Error/unknown.control.php
  22. +4 −1 inc/lib/Control/Frontend/cat.control.php
  23. +2 −1 inc/lib/Control/Frontend/default.control.php
  24. +7 −4 inc/lib/Control/Frontend/page.control.php
  25. +7 −2 inc/lib/Control/Frontend/post.control.php
  26. +1 −0 inc/lib/Control/Install/default.control.php
  27. +16 −5 inc/lib/Db.class.php
  28. +2 −0 inc/lib/GxMain.class.php
  29. +13 −3 inc/lib/Install.class.php
  30. +1 −1 inc/lib/Mail.class.php
  31. +65 −33 inc/lib/Menus.class.php
  32. +8 −13 inc/lib/Options.class.php
  33. +2 −2 inc/lib/Posts.class.php
  34. +3 −3 inc/lib/Rss.class.php
  35. +27 −17 inc/lib/Site.class.php
  36. +24 −3 inc/lib/System.class.php
  37. +119 −0 inc/lib/Token.class.php
  38. +1 −1 inc/lib/Upload.class.php
  39. +10 −10 inc/lib/Url.class.php
@@ -12,7 +12,35 @@
* @copyright 2014-2015 Puguh Wijayanto
* @license http://www.opensource.org/licenses/mit-license.php MIT
*
*/?>
*/
if (isset($data['alertgreen'])) {
# code...
echo "<div class=\"alert alert-success\" >
<button type=\"button\" class=\"close\" data-dismiss=\"alert\">
<span aria-hidden=\"true\">&times;</span>
<span class=\"sr-only\">Close</span>
</button>";
foreach ($data['alertgreen'] as $alert) {
# code...
echo "$alert\n";
}
echo "</div>";
}
if (isset($data['alertred'])) {
# code...
echo "<div class=\"alert alert-danger\" >
<button type=\"button\" class=\"close\" data-dismiss=\"alert\">
<span aria-hidden=\"true\">&times;</span>
<span class=\"sr-only\">Close</span>
</button>";
foreach ($data['alertred'] as $alert) {
# code...
echo "$alert\n";
}
echo "</div>";
}
?>
<div class="row">
<div class="col-md-12">
<h1><i class="fa fa-cubes"></i> Categories
@@ -34,12 +62,12 @@
// echo "<td>".$c->parent."</td>";
// echo "<td></td>";
if($c->parent == ""){
if($c->parent == "" || $c->parent == 0){
echo "<div class=\"col-md-4 item\" >
<div class=\"panel panel-default\">
<div class=\"panel-heading\">
<h3 class=\"panel-title\">{$c->name}
<a href=\"?page=categories&act=del&id={$c->id}\" class=\"pull-right\"
<a href=\"?page=categories&act=del&id={$c->id}&token=".TOKEN."\" class=\"pull-right\"
onclick=\"return confirm('Are you sure you want to delete this item?');\">
<span class=\"glyphicon glyphicon-remove\"></span></a></h3>
</div>
@@ -48,13 +76,14 @@
foreach ($data['cat'] as $c2) {
if($c2->parent == $c->id){
echo "<li class=\"list-group-item\">
<form action=\"\" method=\"POST\" name=\"updatecat\">
<form action=\"index.php?page=categories\" method=\"POST\" name=\"updatecat\">
<div class=\"input-group\">
<a href=\"?page=categories&act=del&id={$c2->id}\" class=\"input-group-addon\"
<a href=\"?page=categories&act=del&id={$c2->id}&token=".TOKEN."\" class=\"input-group-addon\"
onclick=\"return confirm('Are you sure you want to delete this item?');\"
><span class=\"glyphicon glyphicon-remove\"></span></a>
<input type=\"text\" name=\"cat\" class=\"form-control\" value=\"{$c2->name}\">
<input type=\"hidden\" name=\"id\" value=\"{$c2->id}\">
<input type=\"hidden\" name=\"token\" value=\"".TOKEN."\">
<span class=\"input-group-btn\">
<button class=\"btn btn-default\" type=\"submit\" name=\"updatecat\">Go!</button>
</span>
@@ -92,7 +121,7 @@
<label>Parent</label>
<?php
$vars = array(
'parent' => '',
'parent' => '0',
'name' => 'parent',
'sort' => 'ASC',
'order_by' => 'name'
@@ -107,6 +136,7 @@

</div>
<div class="modal-footer">
<input type="hidden" name="token" value="<?=TOKEN;?>">
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
<button type="submit" class="btn btn-success" name="addcat">Save changes</button>
</div>
@@ -12,7 +12,37 @@
* @copyright 2014-2015 Puguh Wijayanto
* @license http://www.opensource.org/licenses/mit-license.php MIT
*
*/?>
*/
if (isset($data['alertgreen'])) {
# code...
echo "<div class=\"alert alert-success\" >
<button type=\"button\" class=\"close\" data-dismiss=\"alert\">
<span aria-hidden=\"true\">&times;</span>
<span class=\"sr-only\">Close</span>
</button>
<ul>";
foreach ($data['alertgreen'] as $alert) {
# code...
echo "<li>$alert</li>\n";
}
echo "</ul></div>";
}elseif (isset($data['alertred'])) {
# code...
//print_r($data['alertred']);
echo "<div class=\"alert alert-danger\" >
<button type=\"button\" class=\"close\" data-dismiss=\"alert\">
<span aria-hidden=\"true\">&times;</span>
<span class=\"sr-only\">Close</span>
</button>
<ul>";
foreach ($data['alertred'] as $alert) {
# code...
echo "<li>$alert</li>\n";
}
echo "</ul></div>";
}
?>
<div class="row">
<div class="col-md-12">

@@ -84,7 +114,7 @@
</div>
<div class=\"tab-pane\" id=\"{$k}additem\">
";
$data['parent'] = Menus::getParent('', $k);
$data['parent'] = Menus::isHadParent('', $k);
//print_r($data['parent']);
$data['menuid'] = $k;
System::inc('menus_form', $data);
@@ -146,6 +176,7 @@

</div>
<div class="modal-footer">
<input type="hidden" name="token" value="<?=TOKEN;?>">
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
<button type="submit" class="btn btn-success" name="submit">Save changes</button>
</div>
@@ -19,6 +19,35 @@
}else{
$menuid = $data['menuid'];
}
if (isset($data['alertgreen'])) {
# code...
echo "<div class=\"alert alert-success\" >
<button type=\"button\" class=\"close\" data-dismiss=\"alert\">
<span aria-hidden=\"true\">&times;</span>
<span class=\"sr-only\">Close</span>
</button>
<ul>";
foreach ($data['alertgreen'] as $alert) {
# code...
echo "<li>$alert</li>\n";
}
echo "</ul></div>";
}elseif (isset($data['alertred'])) {
# code...
//print_r($data['alertred']);
echo "<div class=\"alert alert-danger\" >
<button type=\"button\" class=\"close\" data-dismiss=\"alert\">
<span aria-hidden=\"true\">&times;</span>
<span class=\"sr-only\">Close</span>
</button>
<ul>";
foreach ($data['alertred'] as $alert) {
# code...
echo "<li>$alert</li>\n";
}
echo "</ul></div>";
}
?>
<form action="" method="POST">
<h1><i class="fa fa-sitemap"></i> Add Menu
@@ -142,4 +171,5 @@
</div>
</div>
</div>
<input type="hidden" name="token" value="<?=TOKEN;?>">
</form>
@@ -21,12 +21,34 @@
}
//print_r($data['menus']);
if(isset($data['alertgreen']) ) {
echo "<div class=\"alert alert-success\">";
foreach ($data['alertgreen'] as $alert) {
echo "$alert";
}
echo "</div>"; }
if (isset($data['alertgreen'])) {
# code...
echo "<div class=\"alert alert-success\" >
<button type=\"button\" class=\"close\" data-dismiss=\"alert\">
<span aria-hidden=\"true\">&times;</span>
<span class=\"sr-only\">Close</span>
</button>
<ul>";
foreach ($data['alertgreen'] as $alert) {
# code...
echo "<li>$alert</li>\n";
}
echo "</ul></div>";
}elseif (isset($data['alertred'])) {
# code...
//print_r($data['alertred']);
echo "<div class=\"alert alert-danger\" >
<button type=\"button\" class=\"close\" data-dismiss=\"alert\">
<span aria-hidden=\"true\">&times;</span>
<span class=\"sr-only\">Close</span>
</button>
<ul>";
foreach ($data['alertred'] as $alert) {
# code...
echo "<li>$alert</li>\n";
}
echo "</ul></div>";
}
?>
<form action="" method="POST">
<div class="row">
@@ -48,11 +70,12 @@
<div class="col-sm-4">
<div class="form-group">
<label>Parent Menu</label>

<select class="form-control" name="parent">
<option></option>
<?php
//echo($data['abc']);
//print_r($data['parent']);
//print_r($data['menus']);
foreach ($data['parent'] as $p) {
# code...
if($data['menus'][0]->parent == $p->id){
@@ -183,5 +206,6 @@
</div>
</div>
</div>
<input type="hidden" name="token" value="<?=$_GET['token'];?>">
</form>
</div>

0 comments on commit 6982454

Please sign in to comment.
You can’t perform that action at this time.