loviuz/openstamanager
loviuz
/
openstamanager
mirror of https://github.com/devcode-it/openstamanager.git
1
0
Fork 0
Code Issues Releases Activity

Fix di sicurezza

This commit is contained in:
Thomas Zilio 2019-05-28 20:19:15 -07:00
parent cc4689d2f6
commit 5c7f743680
6 changed files with 55 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
assets/src/css/style.css
View File

@ -47,6 +47,11 @@ a.disabled {
font-weight: bold; font-weight: bold;
} }
input[type=file]{
height: initial;
margin-bottom: 5px;
}
#datetime { #datetime {
font-size: 11px; font-size: 11px;
font-weight: normal; font-weight: normal;

4
modules/aggiornamenti/edit.php
View File

@ -147,10 +147,10 @@ function search(button) {
</h3> </h3>
</div> </div>
<div class="box-body"> <div class="box-body">
<form action="'.ROOTDIR.'/controller.php?id_module='.$id_module.'" method="post" enctype="multipart/form-data" class="form-inline" id="update"> <form action="'.ROOTDIR.'/controller.php?id_module='.$id_module.'" method="post" enctype="multipart/form-data" id="update">
<input type="hidden" name="op" value="upload"> <input type="hidden" name="op" value="upload">
<label><input type="file" name="blob" id="blob"></label> {[ "type": "file", "name": "blob", "required": 1, "accept": ".zip" ]}
<button type="button" class="btn btn-primary pull-right" onclick="update()"> <button type="button" class="btn btn-primary pull-right" onclick="update()">
<i class="fa fa-upload"></i> '.tr('Carica').' <i class="fa fa-upload"></i> '.tr('Carica').'

45
modules/backups/actions.php
View File

@ -6,24 +6,34 @@ $backup_dir = Backup::getDirectory();
switch (filter('op')) { switch (filter('op')) {
case 'getfile': case 'getfile':
$file = filter('file'); $number = filter('number');
$number = intval($number);
download($backup_dir.'/'.$file, $file); $backups = Backup::getList();
$backup = $backups[$number];
$filename = basename($backup);
download($backup, $filename);
break; break;
case 'del': case 'del':
$file = filter('file'); $number = filter('number');
$number = intval($number);
delete($backup_dir.'/'.$file); $backups = Backup::getList();
$backup = $backups[$number];
$filename = basename($backup);
if (!file_exists($backup_dir.'/'.$file)) { delete($backup);
if (!file_exists($backup)) {
flash()->info(tr('Backup _FILE_ eliminato!', [ flash()->info(tr('Backup _FILE_ eliminato!', [
'_FILE_' => '"'.$file.'"', '_FILE_' => '"'.$filename.'"',
])); ]));
} else { } else {
flash()->error(tr("Errore durante l'eliminazione del backup _FILE_!", [ flash()->error(tr("Errore durante l'eliminazione del backup _FILE_!", [
'_FILE_' => '"'.$file.'"', '_FILE_' => '"'.$filename.'"',
])); ]));
} }
@ -39,9 +49,14 @@ switch (filter('op')) {
break; break;
case 'size': case 'size':
$file = filter('file'); $number = filter('number');
$number = intval($number);
echo Util\FileSystem::size($backup_dir.'/'.$file); $backups = Backup::getList();
$backup = $backups[$number];
$filename = basename($backup);
echo Util\FileSystem::size($backup);
break; break;
} }
@ -55,13 +70,17 @@ if (filter('op') == 'restore') {
return; return;
} }
if (post('folder') == null) { if (filter('number') == null) {
$path = $_FILES['blob']['tmp_name'] ?: $backup_dir.'/'.post('zip'); $path = $_FILES['blob']['tmp_name'];
} else { } else {
$path = $backup_dir.'/'.post('folder'); $number = filter('number');
$number = intval($number);
$backups = Backup::getList();
$path = $backups[$number];
} }
Backup::restore($path, post('folder') == null); Backup::restore($path, is_file($path));
flash()->info(tr('Backup ripristinato correttamente!')); flash()->info(tr('Backup ripristinato correttamente!'));
} }

26
modules/backups/edit.php
View File

@ -74,7 +74,7 @@ function backup(){
} }
// Caricamento // Caricamento
function loadSize(name, id){ function loadSize(number, id){
$("#" + id).html("'.tr('Calcolo in corso').'..."); $("#" + id).html("'.tr('Calcolo in corso').'...");
$.ajax({ $.ajax({
@ -83,7 +83,7 @@ function loadSize(name, id){
data: { data: {
id_module: globals.id_module, id_module: globals.id_module,
op: "size", op: "size",
file: name, number: number,
}, },
success: function(data) { success: function(data) {
$("#" + id).html(data); $("#" + id).html(data);
@ -127,7 +127,7 @@ echo '
<form action="" method="post" enctype="multipart/form-data" id="restore"> <form action="" method="post" enctype="multipart/form-data" id="restore">
<input type="hidden" name="op" value="restore"> <input type="hidden" name="op" value="restore">
<label><input type="file" name="blob" id="blob"></label> {[ "type": "file", "name": "blob", "required": 1, "accept": ".zip" ]}
<button type="button" class="btn btn-primary pull-right" onclick="restore()"> <button type="button" class="btn btn-primary pull-right" onclick="restore()">
<i class="fa fa-upload"></i> '.tr('Ripristina').'... <i class="fa fa-upload"></i> '.tr('Ripristina').'...
@ -143,11 +143,11 @@ if (file_exists($backup_dir)) {
$backups_zip = []; $backups_zip = [];
$backups_file = []; $backups_file = [];
foreach ($backups as $backup) { foreach ($backups as $key => $backup) {
if (ends_with($backup, '.zip')) { if (ends_with($backup, '.zip')) {
$backups_zip[] = $backup; $backups_zip[$key] = $backup;
} else { } else {
$backups_file[] = $backup; $backups_file[$key] = $backup;
} }
} }
@ -183,17 +183,17 @@ if (file_exists($backup_dir)) {
</small></p> </small></p>
<script> <script>
loadSize("'.$name.'", "c-'.$id.'"); loadSize("'.$id.'", "c-'.$id.'");
</script> </script>
<a class="btn btn-primary" href="'.$rootdir.'/modules/backups/actions.php?op=getfile&file='.$name.'" target="_blank"><i class="fa fa-download"></i> '.tr('Scarica').'</a> <a class="btn btn-primary" href="'.$rootdir.'/modules/backups/actions.php?op=getfile&number='.$id.'" target="_blank"><i class="fa fa-download"></i> '.tr('Scarica').'</a>
<div class="pull-right"> <div class="pull-right">
<a class="btn btn-warning ask" data-backto="record-edit" data-method="post" data-op="restore" data-zip="'.$name.'" data-msg="'.tr('Vuoi ripristinare questo backup?').'" data-button="Ripristina" data-class="btn btn-lg btn-warning"> <a class="btn btn-warning ask" data-backto="record-edit" data-method="post" data-op="restore" data-number="'.$id.'" data-msg="'.tr('Vuoi ripristinare questo backup?').'" data-button="Ripristina" data-class="btn btn-lg btn-warning">
<i class="fa fa-upload"></i> <i class="fa fa-upload"></i>
</a> </a>
<a class="btn btn-danger ask" title="'.tr('Elimina backup').'" data-backto="record-list" data-op="del" data-file="'.$name.'"> <a class="btn btn-danger ask" title="'.tr('Elimina backup').'" data-backto="record-list" data-op="del" data-number="'.$id.'">
<i class="fa fa-trash"></i> <i class="fa fa-trash"></i>
</a> </a>
</div> </div>
@ -233,17 +233,17 @@ if (file_exists($backup_dir)) {
</small></p> </small></p>
<script> <script>
loadSize("'.$name.'", "n-'.$id.'"); loadSize("'.$id.'", "n-'.$id.'");
</script> </script>
<a class="btn btn-sm btn-warning disabled" href="javascript:;"><i class="fa fa-times"></i> '.tr('Non scaricabile').'</a> <a class="btn btn-sm btn-warning disabled" href="javascript:;"><i class="fa fa-times"></i> '.tr('Non scaricabile').'</a>
<div class="pull-right"> <div class="pull-right">
<a class="btn btn-warning ask" data-backto="record-edit" data-method="post" data-op="restore" data-folder="'.$name.'" data-msg="'.tr('Vuoi ripristinare questo backup?').'" data-button="Ripristina" data-class="btn btn-lg btn-warning"> <a class="btn btn-warning ask" data-backto="record-edit" data-method="post" data-op="restore" data-number="'.$id.'" data-msg="'.tr('Vuoi ripristinare questo backup?').'" data-button="Ripristina" data-class="btn btn-lg btn-warning">
<i class="fa fa-upload"></i> <i class="fa fa-upload"></i>
</a> </a>
<a class="btn btn-danger ask" title="'.tr('Elimina backup').'" data-backto="record-list" data-op="del" data-file="'.$name.'"> <a class="btn btn-danger ask" title="'.tr('Elimina backup').'" data-backto="record-list" data-op="del" data-number="'.$id.'">
<i class="fa fa-trash"></i> <i class="fa fa-trash"></i>
</a> </a>
</div> </div>

2
modules/import/add.php
View File

@ -18,7 +18,7 @@ foreach ($imports as $key => $value) {
<div class="row"> <div class="row">
<div class="col-md-6"> <div class="col-md-6">
{[ "type": "file", "label": "<?php echo tr('File'); ?>", "name": "blob", "required": 1, "extra": "accept=\".csv\"" ]} {[ "type": "file", "label": "<?php echo tr('File'); ?>", "name": "blob", "required": 1, "accept": ".csv" ]}
</div> </div>
<div class="col-md-6"> <div class="col-md-6">

2
plugins/importFE/edit.php
View File

@ -69,7 +69,7 @@ echo '
<div class="box-body" id="upload"> <div class="box-body" id="upload">
<div class="row"> <div class="row">
<div class="col-md-9"> <div class="col-md-9">
<label><input type="file" name="blob" id="blob"></label> {[ "type": "file", "name": "blob", "required": 1 ]}
</div> </div>
<div class="col-md-3"> <div class="col-md-3">