geeklog-jp

[geeklog-jp commit] r478 - in trunk/plugins/autotags: admin templates/admin

codes****@googl***** codes****@googl*****
2008年 9月 10日 (水) 22:34:47 JST

• 前の記事 [geeklog-jp commit] r477 - wiki
• 次の記事 [geeklog-jp commit] r479 - in trunk/plugins/dbman: . admin admin/images language sql templates
• 記事の並び順: [ 日付 ] [ スレッド ] [ 件名 ] [ 著者 ]

Author: mystralkk
Date: Wed Sep 10 06:34:00 2008
New Revision: 478

Modified:
    trunk/plugins/autotags/admin/index.php
    trunk/plugins/autotags/templates/admin/autotags.thtml

Log:
autotagsプラグインの管理画面のレイアウト崩れ修正、CSRF対策追加。

Modified: trunk/plugins/autotags/admin/index.php
==============================================================================
--- trunk/plugins/autotags/admin/index.php	(original)
+++ trunk/plugins/autotags/admin/index.php	Wed Sep 10 06:34:00 2008
@@ -52,7 +52,7 @@
  }

  if (!defined('XHTML')) {
-	define('XHTML', '');
+    define('XHTML', '');
  }

  /**
@@ -69,7 +69,7 @@
      $retval = '';

      if ($error) {
-        $retval .= $error . '<br><br>';
+        $retval .= $error . '<br' . XHTML . '><br' . XHTML . '>';
      } else {
          $template_path = autotags_templatePath ('admin');
          $at_template = new Template ($template_path);
@@ -85,7 +85,7 @@
                          COM_getBlockTemplate ('_admin_block', 'header'));
          $at_template->set_var('lang_save', $LANG_AUTO['save']);
          $at_template->set_var('lang_cancel', $LANG_AUTO['cancel']);
-        $at_template->set_var('delete_option', '<input type="submit"  
value="' . $LANG_AUTO['delete'] . '" name="mode">');
+        $at_template->set_var('delete_option', '<input type="submit"  
value="' . $LANG_AUTO['delete'] . '" name="mode"' . XHTML . '>');

          $at_template->set_var('lang_tag', $LANG_AUTO['tag']);
          $at_template->set_var('tag', $A['tag']);
@@ -112,7 +112,7 @@
              {
                  $is_function_checkbox .= ' checked="checked"';
              }
-            $is_function_checkbox .= '>&nbsp;&nbsp;</td>';
+            $is_function_checkbox .= XHTML . '>&nbsp;&nbsp;</td>';

              $at_template->set_var('is_function_checkbox',  
$is_function_checkbox);
              $at_template->set_var ('php_msg',  
$LANG_AUTO['php_msg_enabled']);
@@ -125,6 +125,11 @@

          $at_template->set_var('end_block',
                  COM_endBlock (COM_getBlockTemplate  
('_admin_block', 'footer')));
+        // Added CSRF protection
+        if (version_compare(VERSION, '1.5.0') >= 0) {
+            $at_template->set_var('token_name', CSRF_TOKEN);
+            $at_template->set_var('token_value', SEC_createToken());
+        }
          $retval .= $at_template->parse('output','form');
      }

@@ -167,8 +172,16 @@
                         'query_fields' => array('tag'),
                         'default_filter' => "");

-    $retval = ADMIN_list ("autotags", "plugin_getListField_autotags",  
$header_arr, $text_arr,
-                            $query_arr, $menu_arr, $defsort_arr);
+    if (version_compare(VERSION, '1.5.0') >= 0) {
+        $text   = $LANG_AUTO['instructions'];
+        $icon   =  
$_CONF['site_admin_url'] . '/plugins/autotags/images/autotags.png';
+        $retval = ADMIN_createMenu($menu_arr, $text, $icon)
+                . ADMIN_list ("autotags", "plugin_getListField_autotags",  
$header_arr,
+                    $text_arr, $query_arr, $defsort_arr);
+    } else {
+        $retval = ADMIN_list ("autotags", "plugin_getListField_autotags",  
$header_arr,
+                    $text_arr, $query_arr, $menu_arr, $defsort_arr);
+    }
      return $retval;

  }
@@ -314,18 +327,28 @@
  }

  if (($mode == $LANG_AUTO['delete']) && !empty ($LANG_AUTO['delete'])) {
-    DB_delete ($_TABLES['autotags'], 'tag', $tag,
-            $_CONF['site_admin_url'] . '/plugins/autotags/index.php');
-    exit;
+    if ((version_compare(VERSION, '1.5.0') >= 0)
+     AND !SEC_checkToken()) {
+        $display = COM_refresh ($_CONF['site_admin_url'] . '/index.php');
+    } else {
+        DB_delete ($_TABLES['autotags'], 'tag', $tag,
+                $_CONF['site_admin_url'] . '/plugins/autotags/index.php');
+        exit;
+    }
  } else if ($mode == 'edit') {
      $display .= COM_siteHeader('menu', $LANG_AUTO['autotagseditor']);
      $display .= autotagseditor($tag, $mode);
      $display .= COM_siteFooter();
  } else if (($mode == $LANG_AUTO['save']) && !empty ($LANG_AUTO['save'])) {
      if (!empty ($tag)) {
-        $display = saveautotags($tag, $_POST['old_tag'],
-                     $_POST['description'], $_POST['is_enabled'],
-                     $_POST['is_function'], $_POST['replacement']);
+        if ((version_compare(VERSION, '1.5.0') >= 0)
+         AND !SEC_checkToken()) {
+            $display = COM_refresh  
($_CONF['site_admin_url'] . '/index.php');
+        } else {
+            $display = saveautotags($tag, $_POST['old_tag'],
+                         $_POST['description'], $_POST['is_enabled'],
+                         $_POST['is_function'], $_POST['replacement']);
+        }
      } else {
          $display = COM_refresh ($_CONF['site_admin_url'] . '/index.php');
      }

Modified: trunk/plugins/autotags/templates/admin/autotags.thtml
==============================================================================
--- trunk/plugins/autotags/templates/admin/autotags.thtml	(original)
+++ trunk/plugins/autotags/templates/admin/autotags.thtml	Wed Sep 10  
06:34:00 2008
@@ -31,6 +31,7 @@
                    <input type="submit" value="{lang_cancel}"  
name="mode"{xhtml}>
                    {delete_option}
                    <input type="hidden" name="old_tag"  
value="{old_tag}"{xhtml}>
+                  <input type="hidden" name="{token_name}"  
value="{token_value}"{xhtml}>
                </td>
            </tr>
        </table>

• 前の記事 [geeklog-jp commit] r477 - wiki
• 次の記事 [geeklog-jp commit] r479 - in trunk/plugins/dbman: . admin admin/images language sql templates
• 記事の並び順: [ 日付 ] [ スレッド ] [ 件名 ] [ 著者 ]