diff options
| author | fisharebest <fisharebest@gmail.com> | 2010-06-27 13:16:29 +0000 |
|---|---|---|
| committer | fisharebest <fisharebest@gmail.com> | 2010-06-27 13:16:29 +0000 |
| commit | d5bb4440bd30ceb6ac185611b8c69303e1f05537 (patch) | |
| tree | 621d8252a5dba43f52f7e249ba145629d073365d | |
| parent | 79b30a8cb8866f6eac389211bd0a04228b8f18cf (diff) | |
| download | webtrees-d5bb4440bd30ceb6ac185611b8c69303e1f05537.tar.gz webtrees-d5bb4440bd30ceb6ac185611b8c69303e1f05537.tar.bz2 webtrees-d5bb4440bd30ceb6ac185611b8c69303e1f05537.zip | |
#591232 Media - undefined variable, xref, SVN8658
| -rw-r--r-- | addmedia.php | 3 | ||||
| -rw-r--r-- | imageview.php | 4 | ||||
| -rw-r--r-- | includes/controllers/individual_ctrl.php | 2 | ||||
| -rw-r--r-- | includes/controllers/media_ctrl.php | 2 | ||||
| -rw-r--r-- | includes/functions/functions.php | 54 | ||||
| -rw-r--r-- | js/jw_player/flvVideo.php | 1 | ||||
| -rw-r--r-- | js/jw_player/wmvVideo.php | 1 | ||||
| -rw-r--r-- | media.php | 14 | ||||
| -rw-r--r-- | mediaviewer.php | 2 | ||||
| -rw-r--r-- | pedigree.php | 6 |
10 files changed, 13 insertions, 76 deletions
diff --git a/addmedia.php b/addmedia.php index 060646c2e2..55b31ff0e3 100644 --- a/addmedia.php +++ b/addmedia.php @@ -55,9 +55,6 @@ $glevels =safe_REQUEST($_REQUEST, 'glevels', WT_REGEX_UNSAFE); $update_CHAN=!safe_POST_bool('preserve_last_changed'); -$filename = decrypt($filename); -$oldFilename = decrypt($oldFilename); - print_simple_header(i18n::translate('Add a new media item')); $disp = true; if (empty($pid) && !empty($mid)) $pid = $mid; diff --git a/imageview.php b/imageview.php index 6285f14505..da1918576d 100644 --- a/imageview.php +++ b/imageview.php @@ -30,7 +30,7 @@ define('WT_SCRIPT_NAME', 'imageview.php'); require './includes/session.php'; -$filename=decrypt(safe_GET('filename')); +$filename=safe_GET('filename'); print_simple_header(i18n::translate('Image viewer')); @@ -180,7 +180,7 @@ if (!$isExternal && !media_exists($filename) ) { print "<center><font size=\"6\"><a href=\"javascript:;\" onclick=\"zoomin(); return false;\">+</a> <a href=\"javascript:;\" onclick=\"zoomout();\">–</a> </font>"; print "<input type=\"text\" size=\"2\" name=\"zoomval\" id=\"zoomval\" value=\"100\" />%\n"; print "<input type=\"button\" value=\"".i18n::translate('Reset')."\" onclick=\"resetimage(); return false;\" />\n"; - print "<br /><a href=\"javascript:;\" onclick=\"window.opener.location='mediaviewer.php?filename=".encrypt(str_replace($MEDIA_DIRECTORY, "", $filename))."'; window.close();\">".i18n::translate('View image details')."</a>\n"; + print "<br /><a href=\"javascript:;\" onclick=\"window.opener.location='mediaviewer.php?filename=".urlencode(str_replace($MEDIA_DIRECTORY, "", $filename))."'; window.close();\">".i18n::translate('View image details')."</a>\n"; print "</center>\n"; $imgsize = findImageSize($filename); $imgwidth = $imgsize[0]+2; diff --git a/includes/controllers/individual_ctrl.php b/includes/controllers/individual_ctrl.php index b4eef69239..3f95d17c9d 100644 --- a/includes/controllers/individual_ctrl.php +++ b/includes/controllers/individual_ctrl.php @@ -386,7 +386,7 @@ class IndividualControllerRoot extends BaseController { if (WT_USE_LIGHTBOX) { print "<a href=\"" . $firstmediarec["file"] . "\" rel=\"clearbox[general_1]\" rev=\"" . $mid . "::" . $GEDCOM . "::" . PrintReady(htmlspecialchars($name, ENT_QUOTES, 'UTF-8')) . "\">" . "\n"; } else if (!$USE_MEDIA_VIEWER && $imgsize) { - $result .= "<a href=\"javascript:;\" onclick=\"return openImage('".encode_url(encrypt($firstmediarec["file"]))."', $imgwidth, $imgheight);\">"; + $result .= "<a href=\"javascript:;\" onclick=\"return openImage('".urlencode($firstmediarec["file"])."', $imgwidth, $imgheight);\">"; } else { $result .= "<a href=\"mediaviewer.php?mid={$mid}\">"; } diff --git a/includes/controllers/media_ctrl.php b/includes/controllers/media_ctrl.php index 204f4e9b07..39375acbe2 100644 --- a/includes/controllers/media_ctrl.php +++ b/includes/controllers/media_ctrl.php @@ -52,7 +52,7 @@ class MediaControllerRoot extends IndividualController{ function init() { global $MEDIA_DIRECTORY, $USE_MEDIA_FIREWALL, $GEDCOM; - $filename = decrypt(safe_GET('filename')); + $filename = safe_GET('filename'); $this->mid = safe_GET_xref('mid'); if ($USE_MEDIA_FIREWALL && empty($filename) && empty($this->mid)) { diff --git a/includes/functions/functions.php b/includes/functions/functions.php index cd270dc45e..870fa22f4c 100644 --- a/includes/functions/functions.php +++ b/includes/functions/functions.php @@ -3226,58 +3226,6 @@ function isFileExternal($file) { } /* - * Encrypt the input string - * - * This function is used when a file name needs to be passed to another script by means of the - * GET method. This method passes parameters to the script through the URL that launches the - * script. - * - * File names could themselves be legitimate URLs. These legitimate URLs would normally be - * killed by the hacker detection code in "includes/session_spider.php". This method avoids - * that problem. - * - */ -function encrypt($string, $key='') { - if (empty($key)) $key = session_id(); - $result = ''; - - for($i=0; $i<strlen($string); $i++) { - $char = substr($string, $i, 1); - $keychar = substr($key, ($i % strlen($key))-1, 1); - $newOrd = ord($char) + ord($keychar); - if ($newOrd > 255) $newOrd -= 256; // Make sure we stay within the 8-bit code table - $result .= chr($newOrd); - } - $result = '*'.strtr(base64_encode($result), '+/=', '-_#'); // Avoid characters that mess up URLs - - return $result; -} - -/* - * Decrypt the input string - * - * See above. - * - */ -function decrypt($string, $key='') { - if (empty($key)) $key = session_id(); - - if (substr($string, 0, 1)!='*') return $string; // Input is not a valid encrypted string - $string = base64_decode(strtr(substr($string, 1), '-_#', '+/=')); - - $result = ''; - for($i=0; $i<strlen($string); $i++) { - $char = substr($string, $i, 1); - $keychar = substr($key, ($i % strlen($key))-1, 1); - $newOrd = ord($char) - ord($keychar); - if ($newOrd < 0) $newOrd += 256; // Make sure we stay within the 8-bit code table - $result .= chr($newOrd); - } - - return $result; -} - -/* * Get useful information on how to handle this media file */ function mediaFileInfo($fileName, $thumbName, $mid, $name='', $notes='', $obeyViewerOption=true) { @@ -3389,7 +3337,7 @@ function mediaFileInfo($fileName, $thumbName, $mid, $name='', $notes='', $obeyVi $imgsize = findImageSize($fileName); $imgwidth = $imgsize[0]+40; $imgheight = $imgsize[1]+150; - $url = "javascript:;\" onclick=\"return openImage('".encode_url(encrypt($fileName))."', $imgwidth, $imgheight);"; + $url = "javascript:;\" onclick=\"return openImage('".urlencode($fileName)."', $imgwidth, $imgheight);"; } break; } diff --git a/js/jw_player/flvVideo.php b/js/jw_player/flvVideo.php index 5ce109e8f3..db6c6c4e39 100644 --- a/js/jw_player/flvVideo.php +++ b/js/jw_player/flvVideo.php @@ -43,7 +43,6 @@ <?php
global $pid, $GEDCOM ;
global $flvVideo;
-// $flvVideo="../../".decrypt(safe_GET('flvVideo'));
$flvVideo=$_GET['flvVideo'];
$preview="";
// echo "<font color=white>".$flvVideo."</font>";
diff --git a/js/jw_player/wmvVideo.php b/js/jw_player/wmvVideo.php index 0a815522bb..2ba3400609 100644 --- a/js/jw_player/wmvVideo.php +++ b/js/jw_player/wmvVideo.php @@ -44,7 +44,6 @@ <?php
global $pid, $GEDCOM ;
global $wmvVideo;
-// $wmvVideo=decrypt(safe_GET('wmvVideo'));
$wmvVideo=$_GET['wmvVideo'];
?>
@@ -205,7 +205,7 @@ function set_perms($path) { $starttime = time(); // TODO Determine source and validation requirements for these variables -$filename=decrypt(safe_REQUEST($_REQUEST, 'filename')); +$filename=safe_REQUEST($_REQUEST, 'filename'); $directory=safe_REQUEST($_REQUEST, 'directory', WT_REGEX_NOSCRIPT, $MEDIA_DIRECTORY); $movetodir=safe_REQUEST($_REQUEST, 'movetodir'); $movefile=safe_REQUEST($_REQUEST, 'movefile'); @@ -1074,7 +1074,7 @@ if (check_media_structure()) { $tempURL .= $linkToID; } } else { - $tempURL .= 'showmediaform&filename='.encrypt($media['FILE']).'&linktoid=new'; + $tempURL .= 'showmediaform&filename='.urlencode($media['FILE']).'&linktoid=new'; } echo "<a href=\"javascript:", i18n::translate('Edit'), "\" onclick=\"window.open('", encode_url($tempURL, false), "', '_blank', 'top=50, left=50, width=600, height=500, resizable=1, scrollbars=1'); return false;\">", i18n::translate('Edit'), "</a><br />"; @@ -1096,7 +1096,7 @@ if (check_media_structure()) { if (!$isExternal && $objectCount<2) { $tempURL = "media.php?"; if (!empty($filter)) $tempURL.= "filter={$filter}&"; - $tempURL .= "action=deletefile&showthumb={$showthumb}&sortby={$sortby}&filter={$filter}&subclick={$subclick}&filename=".encrypt($media['FILE'])."&directory={$directory}&level={$level}&xref={$media['XREF']}&gedfile={$media['GEDFILE']}"; + $tempURL .= "action=deletefile&showthumb={$showthumb}&sortby={$sortby}&filter={$filter}&subclick={$subclick}&filename=".urlencode($media['FILE'])."&directory={$directory}&level={$level}&xref={$media['XREF']}&gedfile={$media['GEDFILE']}"; print "<a href=\"".encode_url($tempURL)."\" onclick=\"return confirm('".i18n::translate('Are you sure you want to delete this file?')."');\">".i18n::translate('Delete file')."</a><br />"; } @@ -1104,7 +1104,7 @@ if (check_media_structure()) { if (!empty($media["XREF"])) { $tempURL = "media.php?"; if (!empty($filter)) $tempURL .= "filter={$filter}&"; - $tempURL .= "action=removeobject&showthumb={$showthumb}&sortby={$sortby}&filter={$filter}&subclick={$subclick}&filename=".encrypt($media['FILE'])."&directory={$directory}&level={$level}&xref={$media['XREF']}&gedfile={$media['GEDFILE']}"; + $tempURL .= "action=removeobject&showthumb={$showthumb}&sortby={$sortby}&filter={$filter}&subclick={$subclick}&filename=".urlencode($media['FILE'])."&directory={$directory}&level={$level}&xref={$media['XREF']}&gedfile={$media['GEDFILE']}"; print "<a href=\"".encode_url($tempURL)."\" onclick=\"return confirm('".i18n::translate('Are you sure you want to remove this object from the database?')."');\">".i18n::translate('Remove object')."</a><br />"; } @@ -1112,7 +1112,7 @@ if (check_media_structure()) { if ($media["LINKED"]) { $tempURL = "media.php?"; if (!empty($filter)) $tempURL .= "filter={$filter}&"; - $tempURL .= "action=removelinks&showthumb={$showthumb}&sortby={$sortby}&filter={$filter}&subclick={$subclick}&filename=".encrypt($media['FILE'])."&directory={$directory}&level={$level}&xref={$media['XREF']}&gedfile={$media['GEDFILE']}"; + $tempURL .= "action=removelinks&showthumb={$showthumb}&sortby={$sortby}&filter={$filter}&subclick={$subclick}&filename=".urlencode($media['FILE'])."&directory={$directory}&level={$level}&xref={$media['XREF']}&gedfile={$media['GEDFILE']}"; // print "<a href=\"".encode_url($tempURL)."\" onclick=\"return confirm('".i18n::translate('Are you sure you want to remove all links to this object?')."');\">".i18n::translate('Remove links')."</a><br />"; } @@ -1134,7 +1134,7 @@ if (check_media_structure()) { $tempURL .= "action=movestandard"; $message=i18n::translate('Move to standard directory'); } - $tempURL .= "&showthumb={$showthumb}&sortby={$sortby}&filename=".encrypt($media['FILE'])."&directory={$directory}&level={$level}&xref={$media['XREF']}&gedfile=".$media["GEDFILE"]; + $tempURL .= "&showthumb={$showthumb}&sortby={$sortby}&filename=".urlencode($media['FILE'])."&directory={$directory}&level={$level}&xref={$media['XREF']}&gedfile=".$media["GEDFILE"]; print "<a href=\"".encode_url($tempURL)."\">".$message."</a><br />"; } @@ -1145,7 +1145,7 @@ if (check_media_structure()) { if ($ext=="jpg" || $ext=="jpeg" || $ext=="gif" || $ext=="png") { $tempURL = "media.php?"; if (!empty($filter)) $tempURL .= "filter={$filter}&"; - $tempURL .= "action=thumbnail&all=no&sortby={$sortby}&level={$level}&directory={$directory}&filename=".encrypt($media["FILE"]).$thumbget; + $tempURL .= "action=thumbnail&all=no&sortby={$sortby}&level={$level}&directory={$directory}&filename=".urlencode($media["FILE"]).$thumbget; print "<a href=\"".encode_url($tempURL)."\">".i18n::translate('Create thumbnail')."</a>"; } } diff --git a/mediaviewer.php b/mediaviewer.php index c75f71d28f..917adb71b0 100644 --- a/mediaviewer.php +++ b/mediaviewer.php @@ -182,7 +182,7 @@ function lightboxView(){ // javascript function to open the original imageviewer.php page function openImageView(){ - window.open("imageview.php?filename=<?php print encode_url(encrypt($filename)) ?>", "Image View"); + window.open("imageview.php?filename=<?php print urlencode($filename) ?>", "Image View"); return false; } // javascript function to open a window with the raw gedcom in it diff --git a/pedigree.php b/pedigree.php index e78a006e49..b94bf91215 100644 --- a/pedigree.php +++ b/pedigree.php @@ -412,12 +412,6 @@ $maxyoffset+=30; if (content_div) { content_div.style.height = <?php echo $maxyoffset; ?> + "px"; } - <?php if ($view=="preview") { ?> - pedigree_div = document.getElementById("pedigree_chart"); - if (pedigree_div) { - pedigree_div.style.height = <?php echo $maxyoffset; ?> + "px"; - } - <?php } ?> </script> <?php print_footer(); |
