summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorfisharebest <fisharebest@gmail.com>2010-06-27 13:16:29 +0000
committerfisharebest <fisharebest@gmail.com>2010-06-27 13:16:29 +0000
commitd5bb4440bd30ceb6ac185611b8c69303e1f05537 (patch)
tree621d8252a5dba43f52f7e249ba145629d073365d
parent79b30a8cb8866f6eac389211bd0a04228b8f18cf (diff)
downloadwebtrees-d5bb4440bd30ceb6ac185611b8c69303e1f05537.tar.gz
webtrees-d5bb4440bd30ceb6ac185611b8c69303e1f05537.tar.bz2
webtrees-d5bb4440bd30ceb6ac185611b8c69303e1f05537.zip
#591232 Media - undefined variable, xref, SVN8658
-rw-r--r--addmedia.php3
-rw-r--r--imageview.php4
-rw-r--r--includes/controllers/individual_ctrl.php2
-rw-r--r--includes/controllers/media_ctrl.php2
-rw-r--r--includes/functions/functions.php54
-rw-r--r--js/jw_player/flvVideo.php1
-rw-r--r--js/jw_player/wmvVideo.php1
-rw-r--r--media.php14
-rw-r--r--mediaviewer.php2
-rw-r--r--pedigree.php6
10 files changed, 13 insertions, 76 deletions
diff --git a/addmedia.php b/addmedia.php
index 060646c2e2..55b31ff0e3 100644
--- a/addmedia.php
+++ b/addmedia.php
@@ -55,9 +55,6 @@ $glevels =safe_REQUEST($_REQUEST, 'glevels', WT_REGEX_UNSAFE);
$update_CHAN=!safe_POST_bool('preserve_last_changed');
-$filename = decrypt($filename);
-$oldFilename = decrypt($oldFilename);
-
print_simple_header(i18n::translate('Add a new media item'));
$disp = true;
if (empty($pid) && !empty($mid)) $pid = $mid;
diff --git a/imageview.php b/imageview.php
index 6285f14505..da1918576d 100644
--- a/imageview.php
+++ b/imageview.php
@@ -30,7 +30,7 @@
define('WT_SCRIPT_NAME', 'imageview.php');
require './includes/session.php';
-$filename=decrypt(safe_GET('filename'));
+$filename=safe_GET('filename');
print_simple_header(i18n::translate('Image viewer'));
@@ -180,7 +180,7 @@ if (!$isExternal && !media_exists($filename) ) {
print "<center><font size=\"6\"><a href=\"javascript:;\" onclick=\"zoomin(); return false;\">+</a> <a href=\"javascript:;\" onclick=\"zoomout();\">&ndash;</a> </font>";
print "<input type=\"text\" size=\"2\" name=\"zoomval\" id=\"zoomval\" value=\"100\" />%\n";
print "<input type=\"button\" value=\"".i18n::translate('Reset')."\" onclick=\"resetimage(); return false;\" />\n";
- print "<br /><a href=\"javascript:;\" onclick=\"window.opener.location='mediaviewer.php?filename=".encrypt(str_replace($MEDIA_DIRECTORY, "", $filename))."'; window.close();\">".i18n::translate('View image details')."</a>\n";
+ print "<br /><a href=\"javascript:;\" onclick=\"window.opener.location='mediaviewer.php?filename=".urlencode(str_replace($MEDIA_DIRECTORY, "", $filename))."'; window.close();\">".i18n::translate('View image details')."</a>\n";
print "</center>\n";
$imgsize = findImageSize($filename);
$imgwidth = $imgsize[0]+2;
diff --git a/includes/controllers/individual_ctrl.php b/includes/controllers/individual_ctrl.php
index b4eef69239..3f95d17c9d 100644
--- a/includes/controllers/individual_ctrl.php
+++ b/includes/controllers/individual_ctrl.php
@@ -386,7 +386,7 @@ class IndividualControllerRoot extends BaseController {
if (WT_USE_LIGHTBOX) {
print "<a href=\"" . $firstmediarec["file"] . "\" rel=\"clearbox[general_1]\" rev=\"" . $mid . "::" . $GEDCOM . "::" . PrintReady(htmlspecialchars($name, ENT_QUOTES, 'UTF-8')) . "\">" . "\n";
} else if (!$USE_MEDIA_VIEWER && $imgsize) {
- $result .= "<a href=\"javascript:;\" onclick=\"return openImage('".encode_url(encrypt($firstmediarec["file"]))."', $imgwidth, $imgheight);\">";
+ $result .= "<a href=\"javascript:;\" onclick=\"return openImage('".urlencode($firstmediarec["file"])."', $imgwidth, $imgheight);\">";
} else {
$result .= "<a href=\"mediaviewer.php?mid={$mid}\">";
}
diff --git a/includes/controllers/media_ctrl.php b/includes/controllers/media_ctrl.php
index 204f4e9b07..39375acbe2 100644
--- a/includes/controllers/media_ctrl.php
+++ b/includes/controllers/media_ctrl.php
@@ -52,7 +52,7 @@ class MediaControllerRoot extends IndividualController{
function init() {
global $MEDIA_DIRECTORY, $USE_MEDIA_FIREWALL, $GEDCOM;
- $filename = decrypt(safe_GET('filename'));
+ $filename = safe_GET('filename');
$this->mid = safe_GET_xref('mid');
if ($USE_MEDIA_FIREWALL && empty($filename) && empty($this->mid)) {
diff --git a/includes/functions/functions.php b/includes/functions/functions.php
index cd270dc45e..870fa22f4c 100644
--- a/includes/functions/functions.php
+++ b/includes/functions/functions.php
@@ -3226,58 +3226,6 @@ function isFileExternal($file) {
}
/*
- * Encrypt the input string
- *
- * This function is used when a file name needs to be passed to another script by means of the
- * GET method. This method passes parameters to the script through the URL that launches the
- * script.
- *
- * File names could themselves be legitimate URLs. These legitimate URLs would normally be
- * killed by the hacker detection code in "includes/session_spider.php". This method avoids
- * that problem.
- *
- */
-function encrypt($string, $key='') {
- if (empty($key)) $key = session_id();
- $result = '';
-
- for($i=0; $i<strlen($string); $i++) {
- $char = substr($string, $i, 1);
- $keychar = substr($key, ($i % strlen($key))-1, 1);
- $newOrd = ord($char) + ord($keychar);
- if ($newOrd > 255) $newOrd -= 256; // Make sure we stay within the 8-bit code table
- $result .= chr($newOrd);
- }
- $result = '*'.strtr(base64_encode($result), '+/=', '-_#'); // Avoid characters that mess up URLs
-
- return $result;
-}
-
-/*
- * Decrypt the input string
- *
- * See above.
- *
- */
-function decrypt($string, $key='') {
- if (empty($key)) $key = session_id();
-
- if (substr($string, 0, 1)!='*') return $string; // Input is not a valid encrypted string
- $string = base64_decode(strtr(substr($string, 1), '-_#', '+/='));
-
- $result = '';
- for($i=0; $i<strlen($string); $i++) {
- $char = substr($string, $i, 1);
- $keychar = substr($key, ($i % strlen($key))-1, 1);
- $newOrd = ord($char) - ord($keychar);
- if ($newOrd < 0) $newOrd += 256; // Make sure we stay within the 8-bit code table
- $result .= chr($newOrd);
- }
-
- return $result;
-}
-
-/*
* Get useful information on how to handle this media file
*/
function mediaFileInfo($fileName, $thumbName, $mid, $name='', $notes='', $obeyViewerOption=true) {
@@ -3389,7 +3337,7 @@ function mediaFileInfo($fileName, $thumbName, $mid, $name='', $notes='', $obeyVi
$imgsize = findImageSize($fileName);
$imgwidth = $imgsize[0]+40;
$imgheight = $imgsize[1]+150;
- $url = "javascript:;\" onclick=\"return openImage('".encode_url(encrypt($fileName))."', $imgwidth, $imgheight);";
+ $url = "javascript:;\" onclick=\"return openImage('".urlencode($fileName)."', $imgwidth, $imgheight);";
}
break;
}
diff --git a/js/jw_player/flvVideo.php b/js/jw_player/flvVideo.php
index 5ce109e8f3..db6c6c4e39 100644
--- a/js/jw_player/flvVideo.php
+++ b/js/jw_player/flvVideo.php
@@ -43,7 +43,6 @@
<?php
global $pid, $GEDCOM ;
global $flvVideo;
-// $flvVideo="../../".decrypt(safe_GET('flvVideo'));
$flvVideo=$_GET['flvVideo'];
$preview="";
// echo "<font color=white>".$flvVideo."</font>";
diff --git a/js/jw_player/wmvVideo.php b/js/jw_player/wmvVideo.php
index 0a815522bb..2ba3400609 100644
--- a/js/jw_player/wmvVideo.php
+++ b/js/jw_player/wmvVideo.php
@@ -44,7 +44,6 @@
<?php
global $pid, $GEDCOM ;
global $wmvVideo;
-// $wmvVideo=decrypt(safe_GET('wmvVideo'));
$wmvVideo=$_GET['wmvVideo'];
?>
diff --git a/media.php b/media.php
index 301ebaf30f..d5b019295e 100644
--- a/media.php
+++ b/media.php
@@ -205,7 +205,7 @@ function set_perms($path) {
$starttime = time();
// TODO Determine source and validation requirements for these variables
-$filename=decrypt(safe_REQUEST($_REQUEST, 'filename'));
+$filename=safe_REQUEST($_REQUEST, 'filename');
$directory=safe_REQUEST($_REQUEST, 'directory', WT_REGEX_NOSCRIPT, $MEDIA_DIRECTORY);
$movetodir=safe_REQUEST($_REQUEST, 'movetodir');
$movefile=safe_REQUEST($_REQUEST, 'movefile');
@@ -1074,7 +1074,7 @@ if (check_media_structure()) {
$tempURL .= $linkToID;
}
} else {
- $tempURL .= 'showmediaform&filename='.encrypt($media['FILE']).'&linktoid=new';
+ $tempURL .= 'showmediaform&filename='.urlencode($media['FILE']).'&linktoid=new';
}
echo "<a href=\"javascript:", i18n::translate('Edit'), "\" onclick=\"window.open('", encode_url($tempURL, false), "', '_blank', 'top=50, left=50, width=600, height=500, resizable=1, scrollbars=1'); return false;\">", i18n::translate('Edit'), "</a><br />";
@@ -1096,7 +1096,7 @@ if (check_media_structure()) {
if (!$isExternal && $objectCount<2) {
$tempURL = "media.php?";
if (!empty($filter)) $tempURL.= "filter={$filter}&";
- $tempURL .= "action=deletefile&showthumb={$showthumb}&sortby={$sortby}&filter={$filter}&subclick={$subclick}&filename=".encrypt($media['FILE'])."&directory={$directory}&level={$level}&xref={$media['XREF']}&gedfile={$media['GEDFILE']}";
+ $tempURL .= "action=deletefile&showthumb={$showthumb}&sortby={$sortby}&filter={$filter}&subclick={$subclick}&filename=".urlencode($media['FILE'])."&directory={$directory}&level={$level}&xref={$media['XREF']}&gedfile={$media['GEDFILE']}";
print "<a href=\"".encode_url($tempURL)."\" onclick=\"return confirm('".i18n::translate('Are you sure you want to delete this file?')."');\">".i18n::translate('Delete file')."</a><br />";
}
@@ -1104,7 +1104,7 @@ if (check_media_structure()) {
if (!empty($media["XREF"])) {
$tempURL = "media.php?";
if (!empty($filter)) $tempURL .= "filter={$filter}&";
- $tempURL .= "action=removeobject&showthumb={$showthumb}&sortby={$sortby}&filter={$filter}&subclick={$subclick}&filename=".encrypt($media['FILE'])."&directory={$directory}&level={$level}&xref={$media['XREF']}&gedfile={$media['GEDFILE']}";
+ $tempURL .= "action=removeobject&showthumb={$showthumb}&sortby={$sortby}&filter={$filter}&subclick={$subclick}&filename=".urlencode($media['FILE'])."&directory={$directory}&level={$level}&xref={$media['XREF']}&gedfile={$media['GEDFILE']}";
print "<a href=\"".encode_url($tempURL)."\" onclick=\"return confirm('".i18n::translate('Are you sure you want to remove this object from the database?')."');\">".i18n::translate('Remove object')."</a><br />";
}
@@ -1112,7 +1112,7 @@ if (check_media_structure()) {
if ($media["LINKED"]) {
$tempURL = "media.php?";
if (!empty($filter)) $tempURL .= "filter={$filter}&";
- $tempURL .= "action=removelinks&showthumb={$showthumb}&sortby={$sortby}&filter={$filter}&subclick={$subclick}&filename=".encrypt($media['FILE'])."&directory={$directory}&level={$level}&xref={$media['XREF']}&gedfile={$media['GEDFILE']}";
+ $tempURL .= "action=removelinks&showthumb={$showthumb}&sortby={$sortby}&filter={$filter}&subclick={$subclick}&filename=".urlencode($media['FILE'])."&directory={$directory}&level={$level}&xref={$media['XREF']}&gedfile={$media['GEDFILE']}";
// print "<a href=\"".encode_url($tempURL)."\" onclick=\"return confirm('".i18n::translate('Are you sure you want to remove all links to this object?')."');\">".i18n::translate('Remove links')."</a><br />";
}
@@ -1134,7 +1134,7 @@ if (check_media_structure()) {
$tempURL .= "action=movestandard";
$message=i18n::translate('Move to standard directory');
}
- $tempURL .= "&showthumb={$showthumb}&sortby={$sortby}&filename=".encrypt($media['FILE'])."&directory={$directory}&level={$level}&xref={$media['XREF']}&gedfile=".$media["GEDFILE"];
+ $tempURL .= "&showthumb={$showthumb}&sortby={$sortby}&filename=".urlencode($media['FILE'])."&directory={$directory}&level={$level}&xref={$media['XREF']}&gedfile=".$media["GEDFILE"];
print "<a href=\"".encode_url($tempURL)."\">".$message."</a><br />";
}
@@ -1145,7 +1145,7 @@ if (check_media_structure()) {
if ($ext=="jpg" || $ext=="jpeg" || $ext=="gif" || $ext=="png") {
$tempURL = "media.php?";
if (!empty($filter)) $tempURL .= "filter={$filter}&";
- $tempURL .= "action=thumbnail&all=no&sortby={$sortby}&level={$level}&directory={$directory}&filename=".encrypt($media["FILE"]).$thumbget;
+ $tempURL .= "action=thumbnail&all=no&sortby={$sortby}&level={$level}&directory={$directory}&filename=".urlencode($media["FILE"]).$thumbget;
print "<a href=\"".encode_url($tempURL)."\">".i18n::translate('Create thumbnail')."</a>";
}
}
diff --git a/mediaviewer.php b/mediaviewer.php
index c75f71d28f..917adb71b0 100644
--- a/mediaviewer.php
+++ b/mediaviewer.php
@@ -182,7 +182,7 @@ function lightboxView(){
// javascript function to open the original imageviewer.php page
function openImageView(){
- window.open("imageview.php?filename=<?php print encode_url(encrypt($filename)) ?>", "Image View");
+ window.open("imageview.php?filename=<?php print urlencode($filename) ?>", "Image View");
return false;
}
// javascript function to open a window with the raw gedcom in it
diff --git a/pedigree.php b/pedigree.php
index e78a006e49..b94bf91215 100644
--- a/pedigree.php
+++ b/pedigree.php
@@ -412,12 +412,6 @@ $maxyoffset+=30;
if (content_div) {
content_div.style.height = <?php echo $maxyoffset; ?> + "px";
}
- <?php if ($view=="preview") { ?>
- pedigree_div = document.getElementById("pedigree_chart");
- if (pedigree_div) {
- pedigree_div.style.height = <?php echo $maxyoffset; ?> + "px";
- }
- <?php } ?>
</script>
<?php
print_footer();