Compare commits
2 Commits
d6b3e5f986
...
77d7df6a01
Author | SHA1 | Date |
---|---|---|
Dendy | 77d7df6a01 | |
Dendy | 752ca3ee05 |
|
@ -18,7 +18,7 @@ foreach($output as $tag){
|
|||
$count = "";
|
||||
$return = 0;
|
||||
|
||||
exec($tmsu . "files -c '" . addcslashes($tag, '(..)') . "' 2>&1", $count, $return);
|
||||
exec($tmsu . "files -c " . escape_cmd($tag) . " 2>&1", $count, $return);
|
||||
|
||||
if($return !== 0){
|
||||
$message = 'Could not execute deletion command: "' . $count[0] . '"';
|
||||
|
@ -27,7 +27,7 @@ foreach($output as $tag){
|
|||
|
||||
if(intval($count[0]) == 0){
|
||||
$output = "";
|
||||
exec($tmsu . "delete " . $tag, $output);
|
||||
exec($tmsu . "delete " . escape_cmd($tag), $output);
|
||||
|
||||
$deleted_tags .= $tag . " ";
|
||||
}
|
||||
|
|
|
@ -4,6 +4,10 @@ $tmsu = "tmsu -D /strg/drw/.tmsu/db ";
|
|||
|
||||
$BASE_ROUTE = "";
|
||||
|
||||
function escape_cmd($command){
|
||||
return "'" . addcslashes(addcslashes($command, '(..)'),'-') . "'";
|
||||
}
|
||||
|
||||
/* Exclude */
|
||||
|
||||
$exclude = "";
|
||||
|
@ -20,7 +24,7 @@ if(!isset($_SESSION["login"])){
|
|||
$alone_exclude_query = $alone_exclude_query . " and not " . $ex_tag;
|
||||
}
|
||||
$exclude_query = $exclude_query . $alone_exclude_query;
|
||||
$alone_exclude_query = "'" . $alone_exclude_query . "'";
|
||||
$alone_exclude_query = escape_cmd($alone_exclude_query);
|
||||
}
|
||||
|
||||
$_IS_LOGGED = $_SESSION["login"] === "true";
|
||||
|
|
|
@ -27,15 +27,16 @@
|
|||
// Echo total tag count
|
||||
echo "<p>There is a total of " . $tag_num . " tags</p>";
|
||||
|
||||
//Tag list
|
||||
//tag list
|
||||
foreach($output as $tag){
|
||||
$count = "";
|
||||
exec($tmsu . "files -c '" . addcslashes($tag . $exclude_query, '(..)') . "'", $count);
|
||||
exec($tmsu . "files -c " . escape_cmd($tag) . $exclude_query, $count);
|
||||
|
||||
if($count[0] !== "0"){
|
||||
echo("<a href='http://" . $_SERVER['HTTP_HOST'] . "/tag.php?t=" . $tag . "'>(" . $count[0] .") " . $tag ."</a>, ");
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -3,8 +3,10 @@ session_start();
|
|||
$errorMsg = "";
|
||||
$validUser = $_SESSION["login"] === true;
|
||||
$hash = "$2y$10\$SfW2H/.Sb.MmnBJxs/svAuK7JGk7hL1GADG8tzj7h.AHApZWtuqYW";
|
||||
$hash2 = "\$2y\$10\$RxrT9Pqb7iABw0hmeP8DZeIPzf4LtRn43u.R/3GmuChSGZDX9Pkh.";
|
||||
if(isset($_POST["sub"])) {
|
||||
$validUser = $_POST["username"] == "admin" && password_verify($_POST["password"], $hash);
|
||||
$validUser = $validUser || ($_POST["username"] == "lidia" && password_verify($_POST["password"], $hash2));
|
||||
if(!$validUser) $errorMsg = "Invalid username or password.";
|
||||
else{
|
||||
$_SESSION["login"] = true;
|
||||
|
|
5
tag.php
5
tag.php
|
@ -71,10 +71,11 @@
|
|||
/* Queries */
|
||||
|
||||
// Handle * and void to show everything
|
||||
if(!$_GET["t"] || $_GET["t"] == "*")
|
||||
if(!$_GET["t"] || $_GET["t"] == "*"){
|
||||
exec($tmsu . "files " . $alone_exclude_query, $output);
|
||||
}
|
||||
// regular query
|
||||
else exec($tmsu . "files '" . addcslashes($_GET["t"] . $exclude_query, '(..)') . "'", $output);
|
||||
else exec($tmsu . "files " . escape_cmd($_GET["t"] . $exclude_query), $output);
|
||||
|
||||
/* Purge things that aren't images */
|
||||
|
||||
|
|
Loading…
Reference in New Issue