ouyang/typecho
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修正验证参数不严导致的可能泄漏路径

Browse Source
This commit is contained in:
祁宁
2014-03-11 21:18:16 +08:00
parent 4610ee8b70
commit a58e564bb7
9 changed files with 160 additions and 172 deletions
Download Patch File Download Diff File Expand all files Collapse all files
var/Widget/Contents/Attachment/Edit.php
+18 -24
View File
@@ -214,41 +214,34 @@ class Widget_Contents_Attachment_Edit extends Widget_Contents_Post_Edit implemen
*/
public function deleteAttachment()
{
$cid = $this->request->filter('int')->cid;
$posts = $this->request->filter('int')->getArray('cid');
$deleteCount = 0;
$status = 'publish';
if ($cid) {
/** 格式化文章主键 */
$posts = is_array($cid) ? $cid : array($cid);
foreach ($posts as $post) {
// 删除插件接口
$this->pluginHandle()->delete($post, $this);
foreach ($posts as $post) {
// 删除插件接口
$this->pluginHandle()->delete($post, $this);
$condition = $this->db->sql()->where('cid = ?', $post);
$row = $this->db->fetchRow($this->select()
$condition = $this->db->sql()->where('cid = ?', $post);
$row = $this->db->fetchRow($this->select()
->where('table.contents.type = ?', 'attachment')
->where('table.contents.cid = ?', $post)
->limit(1), array($this, 'push'));
if ($this->isWriteable($condition) && $this->delete($condition)) {
/** 删除文件 */
Widget_Upload::deleteHandle($row);
if ($this->isWriteable($condition) && $this->delete($condition)) {
/** 删除文件 */
Widget_Upload::deleteHandle($row);
/** 删除评论 */
$this->db->query($this->db->delete('table.comments')
/** 删除评论 */
$this->db->query($this->db->delete('table.comments')
->where('cid = ?', $post));
$status = $this->status;
// 完成删除插件接口
$this->pluginHandle()->finishDelete($post, $this);
// 完成删除插件接口
$this->pluginHandle()->finishDelete($post, $this);
$deleteCount ++;
}
unset($condition);
$deleteCount ++;
}
unset($condition);
}
if ($this->request->isAjax()) {
@@ -273,7 +266,8 @@ class Widget_Contents_Attachment_Edit extends Widget_Contents_Post_Edit implemen
public function clearAttachment()
{
$page = 1;
$deleteCount = 0;
do {
$posts = Typecho_Common::arrayFlatten($this->db->fetchAll($this->select('cid')
->from('table.contents')
var/Widget/Contents/Page/Edit.php
+37 -46
View File
@@ -133,51 +133,47 @@ class Widget_Contents_Page_Edit extends Widget_Contents_Post_Edit implements Wid
*/
public function deletePage()
{
$cid = $this->request->filter('int')->cid;
$pages = $this->request->filter('int')->getArray('cid');
$deleteCount = 0;
if ($cid) {
/** 格式化页面主键 */
$pages = is_array($cid) ? $cid : array($cid);
foreach ($pages as $page) {
// 删除插件接口
$this->pluginHandle()->delete($page, $this);
foreach ($pages as $page) {
// 删除插件接口
$this->pluginHandle()->delete($page, $this);
if ($this->delete($this->db->sql()->where('cid = ?', $page))) {
/** 删除评论 */
$this->db->query($this->db->delete('table.comments')
if ($this->delete($this->db->sql()->where('cid = ?', $page))) {
/** 删除评论 */
$this->db->query($this->db->delete('table.comments')
->where('cid = ?', $page));
/** 解除附件关联 */
$this->unAttach($page);
/** 解除附件关联 */
$this->unAttach($page);
/** 解除首页关联 */
if ($this->options->frontPage == 'page:' . $page) {
$this->db->query($this->db->update('table.options')
/** 解除首页关联 */
if ($this->options->frontPage == 'page:' . $page) {
$this->db->query($this->db->update('table.options')
->rows(array('value' => 'recent'))
->where('name = ?', 'frontPage'));
}
}
/** 删除草稿 */
$draft = $this->db->fetchRow($this->db->select('cid')
/** 删除草稿 */
$draft = $this->db->fetchRow($this->db->select('cid')
->from('table.contents')
->where('table.contents.parent = ? AND table.contents.type = ?',
$page, 'page_draft')
->limit(1));
/** 删除自定义字段 */
$this->deleteFields($page);
/** 删除自定义字段 */
$this->deleteFields($page);
if ($draft) {
$this->deleteDraft($draft['cid']);
$this->deleteFields($draft['cid']);
}
// 完成删除插件接口
$this->pluginHandle()->finishDelete($page, $this);
$deleteCount ++;
if ($draft) {
$this->deleteDraft($draft['cid']);
$this->deleteFields($draft['cid']);
}
// 完成删除插件接口
$this->pluginHandle()->finishDelete($page, $this);
$deleteCount ++;
}
}
@@ -197,29 +193,24 @@ class Widget_Contents_Page_Edit extends Widget_Contents_Post_Edit implements Wid
*/
public function deletePageDraft()
{
$cid = $this->request->filter('int')->cid;
$pages = $this->request->filter('int')->getArray('cid');
$deleteCount = 0;
if ($cid) {
/** 格式化文章主键 */
$pages = is_array($cid) ? $cid : array($cid);
foreach ($pages as $page) {
/** 删除草稿 */
$draft = $this->db->fetchRow($this->db->select('cid')
foreach ($pages as $page) {
/** 删除草稿 */
$draft = $this->db->fetchRow($this->db->select('cid')
->from('table.contents')
->where('table.contents.parent = ? AND table.contents.type = ?',
$page, 'page_draft')
->limit(1));
if ($draft) {
$this->deleteDraft($draft['cid']);
$this->deleteFields($draft['cid']);
$deleteCount ++;
}
if ($draft) {
$this->deleteDraft($draft['cid']);
$this->deleteFields($draft['cid']);
$deleteCount ++;
}
}
/** 设置提示信息 */
$this->widget('Widget_Notice')->set($deleteCount > 0 ? _t('草稿已经被删除') : _t('没有草稿被删除'),
$deleteCount > 0 ? 'success' : 'notice');
@@ -236,9 +227,9 @@ class Widget_Contents_Page_Edit extends Widget_Contents_Post_Edit implements Wid
*/
public function sortPage()
{
$pages = $this->request->filter('int')->cid;
$pages = $this->request->filter('int')->getArray('cid');
if ($pages && is_array($pages)) {
if ($pages) {
foreach ($pages as $sort => $cid) {
$this->db->query($this->db->update('table.contents')->rows(array('order' => $sort + 1))
->where('cid = ?', $cid));
var/Widget/Contents/Post/Edit.php
+45 -54
View File
@@ -770,67 +770,63 @@ class Widget_Contents_Post_Edit extends Widget_Abstract_Contents implements Widg
*/
public function deletePost()
{
$cid = $this->request->filter('int')->cid;
$posts = $this->request->filter('int')->getArray('cid');
$deleteCount = 0;
if ($cid) {
/** 格式化文章主键 */
$posts = is_array($cid) ? $cid : array($cid);
foreach ($posts as $post) {
// 删除插件接口
$this->pluginHandle()->delete($post, $this);
foreach ($posts as $post) {
// 删除插件接口
$this->pluginHandle()->delete($post, $this);
$condition = $this->db->sql()->where('cid = ?', $post);
$postObject = $this->db->fetchObject($this->db->select('status', 'type')
->from('table.contents')->where('cid = ? AND type = ?', $post, 'post'));
$condition = $this->db->sql()->where('cid = ?', $post);
$postObject = $this->db->fetchObject($this->db->select('status', 'type')
->from('table.contents')->where('cid = ? AND type = ?', $post, 'post'));
if ($this->isWriteable($condition) &&
if ($this->isWriteable($condition) &&
$postObject &&
$this->delete($condition)) {
/** 删除分类 */
$this->setCategories($post, array(), 'publish' == $postObject->status
&& 'post' == $postObject->type);
/** 删除分类 */
$this->setCategories($post, array(), 'publish' == $postObject->status
&& 'post' == $postObject->type);
/** 删除标签 */
$this->setTags($post, NULL, 'publish' == $postObject->status
&& 'post' == $postObject->type);
/** 删除标签 */
$this->setTags($post, NULL, 'publish' == $postObject->status
&& 'post' == $postObject->type);
/** 删除评论 */
$this->db->query($this->db->delete('table.comments')
/** 删除评论 */
$this->db->query($this->db->delete('table.comments')
->where('cid = ?', $post));
/** 解除附件关联 */
$this->unAttach($post);
/** 解除附件关联 */
$this->unAttach($post);
/** 删除草稿 */
$draft = $this->db->fetchRow($this->db->select('cid')
/** 删除草稿 */
$draft = $this->db->fetchRow($this->db->select('cid')
->from('table.contents')
->where('table.contents.parent = ? AND table.contents.type = ?',
$post, 'post_draft')
->limit(1));
/** 删除自定义字段 */
$this->deleteFields($post);
/** 删除自定义字段 */
$this->deleteFields($post);
if ($draft) {
$this->deleteDraft($draft['cid']);
$this->deleteFields($draft['cid']);
}
// 完成删除插件接口
$this->pluginHandle()->finishDelete($post, $this);
$deleteCount ++;
if ($draft) {
$this->deleteDraft($draft['cid']);
$this->deleteFields($draft['cid']);
}
unset($condition);
// 完成删除插件接口
$this->pluginHandle()->finishDelete($post, $this);
$deleteCount ++;
}
// 清理标签
if ($deleteCount > 0) {
$this->widget('Widget_Abstract_Metas')->clearTags();
}
unset($condition);
}
// 清理标签
if ($deleteCount > 0) {
$this->widget('Widget_Abstract_Metas')->clearTags();
}
/** 设置提示信息 */
@@ -849,29 +845,24 @@ class Widget_Contents_Post_Edit extends Widget_Abstract_Contents implements Widg
*/
public function deletePostDraft()
{
$cid = $this->request->filter('int')->cid;
$posts = $this->request->filter('int')->getArray('cid');
$deleteCount = 0;
if ($cid) {
/** 格式化文章主键 */
$posts = is_array($cid) ? $cid : array($cid);
foreach ($posts as $post) {
/** 删除草稿 */
$draft = $this->db->fetchRow($this->db->select('cid')
foreach ($posts as $post) {
/** 删除草稿 */
$draft = $this->db->fetchRow($this->db->select('cid')
->from('table.contents')
->where('table.contents.parent = ? AND table.contents.type = ?',
$post, 'post_draft')
->limit(1));
if ($draft) {
$this->deleteDraft($draft['cid']);
$this->deleteFields($draft['cid']);
$deleteCount ++;
}
if ($draft) {
$this->deleteDraft($draft['cid']);
$this->deleteFields($draft['cid']);
$deleteCount ++;
}
}
/** 设置提示信息 */
$this->widget('Widget_Notice')->set($deleteCount > 0 ? _t('草稿已经被删除') : _t('没有草稿被删除'),
$deleteCount > 0 ? 'success' : 'notice');