[Linpha-cvs] linpha/plugins/ftp index.php,1.53,1.54

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/linpha/linpha/plugins/ftp
In directory sc8-pr-cvs6.sourceforge.net:/tmp/cvs-serv14026

Modified Files:
	index.php 
Log Message:
2008-01-17  Tadashi Jokagi <elf2000 AT users DOT sourceforge DOT net>
 * ftp/index.php: fixed css and xss.


Index: index.php
===================================================================
RCS file: /cvsroot/linpha/linpha/plugins/ftp/index.php,v
retrieving revision 1.53
retrieving revision 1.54
diff -C2 -d -r1.53 -r1.54
*** index.php	15 Jul 2006 17:00:24 -0000	1.53
--- index.php	16 Jan 2008 17:03:46 -0000	1.54
***************
*** 288,292 ****
  		<legend><?php printf($str_copy_to,$originame); ?></legend>
  		<font class="mono"><?php echo $default['STARTDIR_LEFT']; ?>/</font>
! 		<input type='text' name='copy_to' value='<?php echo str_replace($default['STARTDIR_LEFT'].'/','',$dirleft.'/'); ?>'>
  		<input type='hidden' name='todo' value='docopy'>
  		<input type='hidden' name='originame' value='<?php echo htmlspecialchars($originame,ENT_QUOTES); ?>'>
--- 288,292 ----
  		<legend><?php printf($str_copy_to,$originame); ?></legend>
  		<font class="mono"><?php echo $default['STARTDIR_LEFT']; ?>/</font>
! 		<input type='text' name='copy_to' value='<?php echo htmlspecialchars(str_replace($default['STARTDIR_LEFT'].'/','',$dirleft.'/'),ENT_QUOTES); ?>'>
  		<input type='hidden' name='todo' value='docopy'>
  		<input type='hidden' name='originame' value='<?php echo htmlspecialchars($originame,ENT_QUOTES); ?>'>
***************
*** 338,344 ****
  		<legend><?php printf($str_rename_to,$originame); ?></legend>
  		<font class="mono"><?php echo $default['STARTDIR_LEFT']; ?>/</font>
! 		<input type='text' name='rename_to' value='<?php echo str_replace($default['STARTDIR_LEFT'].'/','',$originame); ?>'>
  		<input type='hidden' name='todo' value='dorename'>
! 		<input type='hidden' name='originame' value='<?php echo htmlspecialchars($originame); ?>'>
  		<input type='submit' name='Submit' value='<?php echo STR_RENAME; ?>'>
  		<?php echo getparams(); ?>
--- 338,344 ----
  		<legend><?php printf($str_rename_to,$originame); ?></legend>
  		<font class="mono"><?php echo $default['STARTDIR_LEFT']; ?>/</font>
! 		<input type='text' name='rename_to' value='<?php echo htmlspcialchars(str_replace($default['STARTDIR_LEFT'].'/','',$originame),ENT_QUOTES); ?>'>
  		<input type='hidden' name='todo' value='dorename'>
! 		<input type='hidden' name='originame' value='<?php echo htmlspecialchars($originame,ENT_QUOTES); ?>'>
  		<input type='submit' name='Submit' value='<?php echo STR_RENAME; ?>'>
  		<?php echo getparams(); ?>
***************
*** 380,384 ****
  		<legend><?php echo STR_CREATEDIRLEGEND; ?></legend>
  		<font class="mono"><?php echo $default['STARTDIR_LEFT']; ?>/</font>
! 		<input type='text' name='dirname' value='<?php echo str_replace($default['STARTDIR_LEFT'].'/','',$dirleft.'/'); ?>'>
  		<input type='hidden' name='todo' value='createdir'>
  		<input type='submit' name='Submit' value='<?php echo STR_CREATEDIRBUTTON; ?>'>
--- 380,384 ----
  		<legend><?php echo STR_CREATEDIRLEGEND; ?></legend>
  		<font class="mono"><?php echo $default['STARTDIR_LEFT']; ?>/</font>
! 		<input type='text' name='dirname' value='<?php echo htmlspecialchars(str_replace($default['STARTDIR_LEFT'].'/','',$dirleft.'/'),ENT_QUOTES); ?>'>
  		<input type='hidden' name='todo' value='createdir'>
  		<input type='submit' name='Submit' value='<?php echo STR_CREATEDIRBUTTON; ?>'>
***************
*** 592,596 ****
        '<INPUT TYPE=HIDDEN NAME="todo" VALUE="upload">'.NL.
        '<INPUT TYPE=HIDDEN NAME="page" VALUE="ftp">'.NL.
! 	  '<INPUT TYPE=HIDDEN NAME="targetdir" VALUE="'.htmlspecialchars($targetdir, ENT_QUOTES).'">'.NL.
        getparams() .
        '<B>'.STR_FILE_UPLOAD_TARGET.': '.htmlspecialchars($targetdir).'</B><BR>'.NL.
--- 592,596 ----
        '<INPUT TYPE=HIDDEN NAME="todo" VALUE="upload">'.NL.
        '<INPUT TYPE=HIDDEN NAME="page" VALUE="ftp">'.NL.
! 	  '<INPUT TYPE=HIDDEN NAME="targetdir" VALUE="'.htmlspecialchars($targetdir,ENT_QUOTES).'">'.NL.
        getparams() .
        '<B>'.STR_FILE_UPLOAD_TARGET.': '.htmlspecialchars($targetdir).'</B><BR>'.NL.
***************
*** 1235,1239 ****
  
    $hiddenparameters =
!     "<INPUT TYPE='hidden' NAME='lt' VALUE= '".htmlspecialchars($dirleft, ENT_QUOTES)."'>".NL.
      "<INPUT TYPE='hidden' NAME='page' VALUE= 'ftp'>".NL.
  	"<INPUT TYPE='hidden' NAME='todo' VALUE= ''>".NL.
--- 1235,1239 ----
  
    $hiddenparameters =
!     "<INPUT TYPE='hidden' NAME='lt' VALUE= '".htmlspecialchars($dirleft,ENT_QUOTES)."'>".NL.
      "<INPUT TYPE='hidden' NAME='page' VALUE= 'ftp'>".NL.
  	"<INPUT TYPE='hidden' NAME='todo' VALUE= ''>".NL.
***************
*** 1353,1362 ****
  global $sortpass;
  
! $p = "<A class='naviline' HREF='".htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES)."?lt=".$d. AMP . "page=ftp'>%s</A>";
! 
  if (ereg('^([a-zA-Z]?:?\/?)$', $d, $r))
  {
  	$d = $r[1];
! 	return sprintf($p, $d);
  }else
  {
--- 1353,1361 ----
  global $sortpass;
  
!  $p = "<A class='naviline' HREF='".htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES)."?lt=%s". AMP . "page=ftp'>%s</A>";
  if (ereg('^([a-zA-Z]?:?\/?)$', $d, $r))
  {
  	$d = $r[1];
! 	return sprintf($p, urlencode($d), htmlspecialchars($d, ENT_QUOTES));
  }else
  {
***************
*** 1368,1372 ****
  	navigatorline($d, $sd) .
  	($d=='/' ? '' : '/') .
! 	sprintf($p, $b);
  }
  }
--- 1367,1371 ----
  	navigatorline($d, $sd) .
  	($d=='/' ? '' : '/') .
!         sprintf($p, urlencode($d), htmlspecialchars($b, ENT_QUOTES));
  }
  }