mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-11-22 04:23:01 +00:00
page-delete: fix XSS
This commit is contained in:
parent
54166c9b79
commit
3f286b4cda
1 changed files with 10 additions and 10 deletions
|
@ -5,7 +5,7 @@
|
||||||
|
|
||||||
register_module([
|
register_module([
|
||||||
"name" => "Page deleter",
|
"name" => "Page deleter",
|
||||||
"version" => "0.10.2",
|
"version" => "0.10.3",
|
||||||
"author" => "Starbeamrainbowlabs",
|
"author" => "Starbeamrainbowlabs",
|
||||||
"description" => "Adds an action to allow administrators to delete pages.",
|
"description" => "Adds an action to allow administrators to delete pages.",
|
||||||
"id" => "page-delete",
|
"id" => "page-delete",
|
||||||
|
@ -36,26 +36,26 @@ register_module([
|
||||||
global $pageindex, $settings, $env, $paths, $modules;
|
global $pageindex, $settings, $env, $paths, $modules;
|
||||||
if(!$settings->editing)
|
if(!$settings->editing)
|
||||||
{
|
{
|
||||||
exit(page_renderer::render_main("Error: Editing disabled - Deleting $env->page", "<p>You tried to delete $env->page, but editing is disabled on this wiki.</p>
|
exit(page_renderer::render_main("Error: Editing disabled - Deleting $env->page", "<p>You tried to delete $env->page_safe, but editing is disabled on this wiki.</p>
|
||||||
<p>If you wish to delete this page, please re-enable editing on this wiki first.</p>
|
<p>If you wish to delete this page, please re-enable editing on this wiki first.</p>
|
||||||
<p><a href='index.php?page=$env->page'>Go back to $env->page</a>.</p>
|
<p><a href='index.php?page=".rawurlencode($env->page)."'>Go back to $env->page_safe</a>.</p>
|
||||||
<p>Nothing has been changed.</p>"));
|
<p>Nothing has been changed.</p>"));
|
||||||
}
|
}
|
||||||
if(!$env->is_admin)
|
if(!$env->is_admin)
|
||||||
{
|
{
|
||||||
exit(page_renderer::render_main("Error: Insufficient permissions - Deleting $env->page", "<p>You tried to delete $env->page, but you as aren't a moderator you don't have permission to do that.</p>
|
exit(page_renderer::render_main("Error: Insufficient permissions - Deleting $env->page", "<p>You tried to delete $env->page_safe, but you as aren't a moderator you don't have permission to do that.</p>
|
||||||
<p>You could try <a href='index.php?action=login'>logging in</a> as an admin, or asking one of $settings->sitename's friendly moderators (find their names at the bottom of every page!) to delete it for you.</p>"));
|
<p>You could try <a href='index.php?action=login&returnto=".rawurlencode("?action=delete&page=".rawurlencode($env->page))."'>logging in</a> as an admin, or asking one of $settings->sitename's friendly moderators (find their names at the bottom of every page!) to delete it for you.</p>"));
|
||||||
}
|
}
|
||||||
if(!isset($pageindex->{$env->page}))
|
if(!isset($pageindex->{$env->page}))
|
||||||
{
|
{
|
||||||
exit(page_renderer::render_main("Error: Non-existent page - Deleting $env->page", "<p>You tried to delete $env->page, but that page doesn't appear to exist in the first place. <a href='?'>Go back</a> to the $settings->defaultpage.</p>"));
|
exit(page_renderer::render_main("Error: Non-existent page - Deleting $env->page", "<p>You tried to delete $env->page_safe, but that page doesn't appear to exist in the first place. <a href='?'>Go back</a> to the $settings->defaultpage.</p>"));
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!isset($_GET["delete"]) or $_GET["delete"] !== "yes")
|
if(!isset($_GET["delete"]) or $_GET["delete"] !== "yes")
|
||||||
{
|
{
|
||||||
exit(page_renderer::render_main("Deleting $env->page", "<p>You are about to <strong>delete</strong> <em>$env->page</em>" . (module_exists("feature-history")?" and all its revisions":"") . (module_exists("feature-comments")?" and all its comments":"") . ". You can't undo this!</p>
|
exit(page_renderer::render_main("Deleting $env->page", "<p>You are about to <strong>delete</strong> <em>$env->page_safe</em>" . (module_exists("feature-history")?" and all its revisions":"") . (module_exists("feature-comments")?" and all its comments":"") . ". You can't undo this!</p>
|
||||||
<p><a href='index.php?action=delete&page=$env->page&delete=yes'>Click here to delete $env->page.</a></p>
|
<p><a href='index.php?action=delete&page=".rawurlencode($env->page)."&delete=yes'>Click here to delete $env->page_safe.</a></p>
|
||||||
<p><a href='index.php?action=view&page=$env->page'>Click here to go back.</a>"));
|
<p><a href='index.php?action=view&page=".rawurlencode($env->page)."'>Click here to go back and view the page.</a>"));
|
||||||
}
|
}
|
||||||
$page = $env->page;
|
$page = $env->page;
|
||||||
// Delete the associated file if it exists
|
// Delete the associated file if it exists
|
||||||
|
@ -111,7 +111,7 @@ register_module([
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
exit(page_renderer::render_main("Deleting $env->page - $settings->sitename", "<p>$env->page has been deleted. <a href='index.php'>Go back to the main page</a>.</p>"));
|
exit(page_renderer::render_main("Deleting $env->page - $settings->sitename", "<p>$env->page_safe has been deleted. <a href='index.php'>Go back to the main page</a>.</p>"));
|
||||||
});
|
});
|
||||||
|
|
||||||
// Register a help section
|
// Register a help section
|
||||||
|
|
Loading…
Reference in a new issue