Fix things that broke on previous commission

When escaping characters it no longer breaks excluded tags and searching for nothing giving everything
function to escape characters
2020-12-25 00:59:54 +01:00 · 2020-12-25 00:48:04 +01:00
5 changed files with 15 additions and 7 deletions
--- a/actions/delete-unused.php
+++ b/actions/delete-unused.php
@ -18,7 +18,7 @@ foreach($output as $tag){
    $count = "";
    $return = 0;

-    exec($tmsu . "files -c '" . addcslashes($tag, '(..)') . "' 2>&1", $count, $return);
+    exec($tmsu . "files -c " . escape_cmd($tag) . " 2>&1", $count, $return);

    if($return !== 0){
        $message = 'Could not execute deletion command: "' . $count[0] . '"';
@ -27,7 +27,7 @@ foreach($output as $tag){

    if(intval($count[0]) == 0){
        $output = "";
-        exec($tmsu . "delete " . $tag, $output);
+        exec($tmsu . "delete " . escape_cmd($tag), $output);

        $deleted_tags .= $tag . " ";
    }
--- a/config.php
+++ b/config.php
@ -4,6 +4,10 @@ $tmsu = "tmsu -D /strg/drw/.tmsu/db ";

 $BASE_ROUTE = "";

+function escape_cmd($command){
+	return "'" . addcslashes(addcslashes($command, '(..)'),'-') . "'";
+}
+
 /* Exclude */

 $exclude = "";
@ -20,7 +24,7 @@ if(!isset($_SESSION["login"])){
 		$alone_exclude_query = $alone_exclude_query . " and not " . $ex_tag;
 	}
 	$exclude_query = $exclude_query . $alone_exclude_query;
-	$alone_exclude_query = "'" . $alone_exclude_query . "'";
+	$alone_exclude_query = escape_cmd($alone_exclude_query);
 }

 $_IS_LOGGED = $_SESSION["login"] === "true";
--- a/index.php
+++ b/index.php
@ -27,15 +27,16 @@
 	// Echo total tag count
 	echo "<p>There is a total of " . $tag_num . " tags</p>";

-	//Tag list
+	//tag list
 	foreach($output as $tag){
 		$count = "";
-		exec($tmsu . "files -c '" . addcslashes($tag . $exclude_query, '(..)') . "'", $count);
+		exec($tmsu . "files -c " . escape_cmd($tag) . $exclude_query, $count);

 		if($count[0] !== "0"){
 			echo("<a href='http://" . $_SERVER['HTTP_HOST'] . "/tag.php?t=" . $tag . "'>(" . $count[0]  .") " . $tag ."</a>, ");
 		}
 	}
 ?>
+
 </body>
 </html>
--- a/login.php
+++ b/login.php
@ -3,8 +3,10 @@ session_start();
 $errorMsg = "";
 $validUser = $_SESSION["login"] === true;
 $hash = "$2y$10\$SfW2H/.Sb.MmnBJxs/svAuK7JGk7hL1GADG8tzj7h.AHApZWtuqYW";
+$hash2 = "\$2y\$10\$RxrT9Pqb7iABw0hmeP8DZeIPzf4LtRn43u.R/3GmuChSGZDX9Pkh.";
 if(isset($_POST["sub"])) {
  $validUser = $_POST["username"] == "admin" && password_verify($_POST["password"], $hash);
+  $validUser = $validUser || ($_POST["username"] == "lidia" && password_verify($_POST["password"], $hash2));
  if(!$validUser) $errorMsg = "Invalid username or password.";
  else{
 	  $_SESSION["login"] = true;
--- a/tag.php
+++ b/tag.php
@ -71,10 +71,11 @@
 	/* Queries */

 	// Handle * and void to show everything
-	if(!$_GET["t"] || $_GET["t"] == "*")
+	if(!$_GET["t"] || $_GET["t"] == "*"){
 		exec($tmsu . "files " . $alone_exclude_query, $output);
+	}
 	// regular query
-	else exec($tmsu . "files '" . addcslashes($_GET["t"] . $exclude_query, '(..)') . "'", $output);
+	else exec($tmsu . "files " . escape_cmd($_GET["t"] . $exclude_query), $output);

 	/* Purge things that aren't images */
Author	SHA1	Message	Date
Dendy	77d7df6a01	Fix things that broke on previous commission When escaping characters it no longer breaks excluded tags and searching for nothing giving everything	2020-12-25 00:59:54 +01:00
Dendy	752ca3ee05	function to escape characters	2020-12-25 00:48:04 +01:00