loviuz/openstamanager
loviuz
/
openstamanager
mirror of https://github.com/devcode-it/openstamanager.git
1
0
Fork 0
Code Issues Releases Activity

Fix di sicurezza

This commit is contained in:
Thomas Zilio 2019-05-28 20:19:15 -07:00
parent cc4689d2f6
commit 5c7f743680
6 changed files with 55 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
assets/src/css/style.css
View File

@ -47,6 +47,11 @@ a.disabled {
font-weight: bold;
}
input[type=file]{
height: initial;
margin-bottom: 5px;
}
#datetime {
font-size: 11px;
font-weight: normal;
@ -838,4 +843,4 @@ input.small-width {
-moz-hyphens: auto;
-webkit-hyphens: auto;
hyphens: auto;
}
}

4
modules/aggiornamenti/edit.php
View File

@ -147,10 +147,10 @@ function search(button) {
</h3>
</div>
<div class="box-body">
<form action="'.ROOTDIR.'/controller.php?id_module='.$id_module.'" method="post" enctype="multipart/form-data" class="form-inline" id="update">
<form action="'.ROOTDIR.'/controller.php?id_module='.$id_module.'" method="post" enctype="multipart/form-data" id="update">
<input type="hidden" name="op" value="upload">
<label><input type="file" name="blob" id="blob"></label>
{[ "type": "file", "name": "blob", "required": 1, "accept": ".zip" ]}
<button type="button" class="btn btn-primary pull-right" onclick="update()">
<i class="fa fa-upload"></i> '.tr('Carica').'

45
modules/backups/actions.php
View File

@ -6,24 +6,34 @@ $backup_dir = Backup::getDirectory();
switch (filter('op')) {
case 'getfile':
$file = filter('file');
$number = filter('number');
$number = intval($number);
download($backup_dir.'/'.$file, $file);
$backups = Backup::getList();
$backup = $backups[$number];
$filename = basename($backup);
download($backup, $filename);
break;
case 'del':
$file = filter('file');
$number = filter('number');
$number = intval($number);
delete($backup_dir.'/'.$file);
$backups = Backup::getList();
$backup = $backups[$number];
$filename = basename($backup);
if (!file_exists($backup_dir.'/'.$file)) {
delete($backup);
if (!file_exists($backup)) {
flash()->info(tr('Backup _FILE_ eliminato!', [
'_FILE_' => '"'.$file.'"',
'_FILE_' => '"'.$filename.'"',
]));
} else {
flash()->error(tr("Errore durante l'eliminazione del backup _FILE_!", [
'_FILE_' => '"'.$file.'"',
'_FILE_' => '"'.$filename.'"',
]));
}
@ -39,9 +49,14 @@ switch (filter('op')) {
break;
case 'size':
$file = filter('file');
$number = filter('number');
$number = intval($number);
echo Util\FileSystem::size($backup_dir.'/'.$file);
$backups = Backup::getList();
$backup = $backups[$number];
$filename = basename($backup);
echo Util\FileSystem::size($backup);
break;
}
@ -55,13 +70,17 @@ if (filter('op') == 'restore') {
return;
}
if (post('folder') == null) {
$path = $_FILES['blob']['tmp_name'] ?: $backup_dir.'/'.post('zip');
if (filter('number') == null) {
$path = $_FILES['blob']['tmp_name'];
} else {
$path = $backup_dir.'/'.post('folder');
$number = filter('number');
$number = intval($number);
$backups = Backup::getList();
$path = $backups[$number];
}
Backup::restore($path, post('folder') == null);
Backup::restore($path, is_file($path));
flash()->info(tr('Backup ripristinato correttamente!'));
}

26
modules/backups/edit.php
View File

@ -74,7 +74,7 @@ function backup(){
}
// Caricamento
function loadSize(name, id){
function loadSize(number, id){
$("#" + id).html("'.tr('Calcolo in corso').'...");
$.ajax({
@ -83,7 +83,7 @@ function loadSize(name, id){
data: {
id_module: globals.id_module,
op: "size",
file: name,
number: number,
},
success: function(data) {
$("#" + id).html(data);
@ -127,7 +127,7 @@ echo '
<form action="" method="post" enctype="multipart/form-data" id="restore">
<input type="hidden" name="op" value="restore">
<label><input type="file" name="blob" id="blob"></label>
{[ "type": "file", "name": "blob", "required": 1, "accept": ".zip" ]}
<button type="button" class="btn btn-primary pull-right" onclick="restore()">
<i class="fa fa-upload"></i> '.tr('Ripristina').'...
@ -143,11 +143,11 @@ if (file_exists($backup_dir)) {
$backups_zip = [];
$backups_file = [];
foreach ($backups as $backup) {
foreach ($backups as $key => $backup) {
if (ends_with($backup, '.zip')) {
$backups_zip[] = $backup;
$backups_zip[$key] = $backup;
} else {
$backups_file[] = $backup;
$backups_file[$key] = $backup;
}
}
@ -183,17 +183,17 @@ if (file_exists($backup_dir)) {
</small></p>
<script>
loadSize("'.$name.'", "c-'.$id.'");
loadSize("'.$id.'", "c-'.$id.'");
</script>
<a class="btn btn-primary" href="'.$rootdir.'/modules/backups/actions.php?op=getfile&file='.$name.'" target="_blank"><i class="fa fa-download"></i> '.tr('Scarica').'</a>
<a class="btn btn-primary" href="'.$rootdir.'/modules/backups/actions.php?op=getfile&number='.$id.'" target="_blank"><i class="fa fa-download"></i> '.tr('Scarica').'</a>
<div class="pull-right">
<a class="btn btn-warning ask" data-backto="record-edit" data-method="post" data-op="restore" data-zip="'.$name.'" data-msg="'.tr('Vuoi ripristinare questo backup?').'" data-button="Ripristina" data-class="btn btn-lg btn-warning">
<a class="btn btn-warning ask" data-backto="record-edit" data-method="post" data-op="restore" data-number="'.$id.'" data-msg="'.tr('Vuoi ripristinare questo backup?').'" data-button="Ripristina" data-class="btn btn-lg btn-warning">
<i class="fa fa-upload"></i>
</a>
<a class="btn btn-danger ask" title="'.tr('Elimina backup').'" data-backto="record-list" data-op="del" data-file="'.$name.'">
<a class="btn btn-danger ask" title="'.tr('Elimina backup').'" data-backto="record-list" data-op="del" data-number="'.$id.'">
<i class="fa fa-trash"></i>
</a>
</div>
@ -233,17 +233,17 @@ if (file_exists($backup_dir)) {
</small></p>
<script>
loadSize("'.$name.'", "n-'.$id.'");
loadSize("'.$id.'", "n-'.$id.'");
</script>
<a class="btn btn-sm btn-warning disabled" href="javascript:;"><i class="fa fa-times"></i> '.tr('Non scaricabile').'</a>
<div class="pull-right">
<a class="btn btn-warning ask" data-backto="record-edit" data-method="post" data-op="restore" data-folder="'.$name.'" data-msg="'.tr('Vuoi ripristinare questo backup?').'" data-button="Ripristina" data-class="btn btn-lg btn-warning">
<a class="btn btn-warning ask" data-backto="record-edit" data-method="post" data-op="restore" data-number="'.$id.'" data-msg="'.tr('Vuoi ripristinare questo backup?').'" data-button="Ripristina" data-class="btn btn-lg btn-warning">
<i class="fa fa-upload"></i>
</a>
<a class="btn btn-danger ask" title="'.tr('Elimina backup').'" data-backto="record-list" data-op="del" data-file="'.$name.'">
<a class="btn btn-danger ask" title="'.tr('Elimina backup').'" data-backto="record-list" data-op="del" data-number="'.$id.'">
<i class="fa fa-trash"></i>
</a>
</div>

2
modules/import/add.php
View File

@ -18,7 +18,7 @@ foreach ($imports as $key => $value) {
<div class="row">
<div class="col-md-6">
{[ "type": "file", "label": "<?php echo tr('File'); ?>", "name": "blob", "required": 1, "extra": "accept=\".csv\"" ]}
{[ "type": "file", "label": "<?php echo tr('File'); ?>", "name": "blob", "required": 1, "accept": ".csv" ]}
</div>
<div class="col-md-6">

2
plugins/importFE/edit.php
View File

@ -69,7 +69,7 @@ echo '
<div class="box-body" id="upload">
<div class="row">
<div class="col-md-9">
<label><input type="file" name="blob" id="blob"></label>
{[ "type": "file", "name": "blob", "required": 1 ]}
</div>
<div class="col-md-3">