dendy
/
denbooru-php
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

function to escape characters

This commit is contained in:
Dendy 2020-12-25 00:48:04 +01:00
parent d6b3e5f986
commit 752ca3ee05
Signed by: dendy
GPG Key ID: 0168B35FFD7F608F
5 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
actions/delete-unused.php
View File

@ -18,7 +18,7 @@ foreach($output as $tag){
$count = ""; $count = "";
$return = 0; $return = 0;
exec($tmsu . "files -c '" . addcslashes($tag, '(..)') . "' 2>&1", $count, $return); exec($tmsu . "files -c " . escape_cmd($tag) . " 2>&1", $count, $return);
if($return !== 0){ if($return !== 0){
$message = 'Could not execute deletion command: "' . $count[0] . '"'; $message = 'Could not execute deletion command: "' . $count[0] . '"';
@ -27,7 +27,7 @@ foreach($output as $tag){
if(intval($count[0]) == 0){ if(intval($count[0]) == 0){
$output = ""; $output = "";
exec($tmsu . "delete " . $tag, $output); exec($tmsu . "delete " . escape_cmd($tag), $output);
$deleted_tags .= $tag . " "; $deleted_tags .= $tag . " ";
} }

4
config.php
View File

@ -30,4 +30,8 @@ if(!is_array($_SESSION["msg"])){
$_SESSION["msg"] = array(); $_SESSION["msg"] = array();
} }
function escape_cmd($command){
return "'" . addcslashes(addcslashes($command, '(..)'),'-') . "'";
}
?> ?>

3
index.php
View File

@ -30,12 +30,13 @@
//Tag list //Tag list
foreach($output as $tag){ foreach($output as $tag){
$count = ""; $count = "";
exec($tmsu . "files -c '" . addcslashes($tag . $exclude_query, '(..)') . "'", $count); exec($tmsu . "files -c " . escape_cmd($tag), $count);
if($count[0] !== "0"){ if($count[0] !== "0"){
echo("<a href='http://" . $_SERVER['HTTP_HOST'] . "/tag.php?t=" . $tag . "'>(" . $count[0] .") " . $tag ."</a>, "); echo("<a href='http://" . $_SERVER['HTTP_HOST'] . "/tag.php?t=" . $tag . "'>(" . $count[0] .") " . $tag ."</a>, ");
} }
} }
?> ?>
</body> </body>
</html> </html>

2
login.php
View File

@ -3,8 +3,10 @@ session_start();
$errorMsg = ""; $errorMsg = "";
$validUser = $_SESSION["login"] === true; $validUser = $_SESSION["login"] === true;
$hash = "$2y$10\$SfW2H/.Sb.MmnBJxs/svAuK7JGk7hL1GADG8tzj7h.AHApZWtuqYW"; $hash = "$2y$10\$SfW2H/.Sb.MmnBJxs/svAuK7JGk7hL1GADG8tzj7h.AHApZWtuqYW";
$hash2 = "\$2y\$10\$RxrT9Pqb7iABw0hmeP8DZeIPzf4LtRn43u.R/3GmuChSGZDX9Pkh.";
if(isset($_POST["sub"])) { if(isset($_POST["sub"])) {
$validUser = $_POST["username"] == "admin" && password_verify($_POST["password"], $hash); $validUser = $_POST["username"] == "admin" && password_verify($_POST["password"], $hash);
$validUser = $validUser || ($_POST["username"] == "lidia" && password_verify($_POST["password"], $hash2));
if(!$validUser) $errorMsg = "Invalid username or password."; if(!$validUser) $errorMsg = "Invalid username or password.";
else{ else{
$_SESSION["login"] = true; $_SESSION["login"] = true;

4
tag.php
View File

@ -72,9 +72,9 @@
// Handle * and void to show everything // Handle * and void to show everything
if(!$_GET["t"] || $_GET["t"] == "*") if(!$_GET["t"] || $_GET["t"] == "*")
exec($tmsu . "files " . $alone_exclude_query, $output); exec($tmsu . "files " . escape_cmd($alone_exclude_query), $output);
// regular query // regular query
else exec($tmsu . "files '" . addcslashes($_GET["t"] . $exclude_query, '(..)') . "'", $output); else exec($tmsu . "files " . escape_cmd($_GET["t"] . $exclude_query), $output);
/* Purge things that aren't images */ /* Purge things that aren't images */