PHP XSRFdefender函数代码示例

function pluginNews_button($buttons)
{
    if (isset($_REQUEST['pluginNews'])) {
        XSRFdefender('pluginNews');
        processPlugins();
    }
    $buttons[] = array('enable' => true, 'button_text' => gettext('Plugin Articles'), 'formname' => 'pluginNews_button', 'action' => '?pluginNews=gen', 'icon' => 'images/add.png', 'title' => gettext('Generate plugin articles'), 'alt' => '', 'hidden' => '<input type="hidden" name="pluginNews" value="gen" />', 'rights' => ADMIN_RIGHTS, 'XSRFTag' => 'pluginNews');
    return $buttons;
}

function Troubleshooting_button($buttons)
{
    if (isset($_REQUEST['Troubleshooting'])) {
        XSRFdefender('Troubleshooting');
        processTroubleshooting();
    }
    $buttons[] = array('enable' => true, 'button_text' => gettext('Troubleshooting Articles'), 'formname' => 'Troubleshooting_button', 'action' => '?Troubleshooting=gen', 'icon' => 'images/add.png', 'title' => gettext('Generate Troubleshooting articles'), 'alt' => '', 'hidden' => '<input type="hidden" name="Troubleshooting" value="gen" />', 'rights' => ADMIN_RIGHTS, 'XSRFTag' => 'Troubleshooting');
    return $buttons;
}

function filterDoc_button($buttons)
{
    if (isset($_REQUEST['filterDoc'])) {
        XSRFdefender('filterDoc');
        processFilters();
    }
    $buttons[] = array('enable' => true, 'button_text' => gettext('Filter Doc Gen'), 'formname' => 'filterDoc_button', 'action' => '?filterDoc=gen', 'icon' => 'images/add.png', 'title' => gettext('Generate filter document'), 'alt' => '', 'hidden' => '<input type="hidden" name="filterDoc" value="gen" />', 'rights' => ADMIN_RIGHTS, 'XSRFTag' => 'filterDoc');
    return $buttons;
}

if (isset($_GET['publish'])) {
    XSRFdefender('update');
    $obj = new ZenpageCategory(sanitize($_GET['titlelink']));
    $obj->setShow(sanitize_numeric($_GET['publish']));
    $obj->save();
}
if (isset($_GET['save'])) {
    XSRFdefender('save_categories');
    addCategory($reports);
}
if (isset($_GET['id'])) {
    $x = $_zp_zenpage->getCategory(sanitize_numeric($_GET['id']));
    $result = new ZenpageCategory($x['titlelink']);
} else {
    if (isset($_GET['update'])) {
        XSRFdefender('update_categories');
        $result = updateCategory($reports);
    } else {
        $result = new ZenpageCategory('');
    }
}
printAdminHeader('news', 'categories');
zp_apply_filter('texteditor_config', '', 'zenpage');
printSortableHead();
zenpageJSCSS();
?>
<script type="text/javascript">
	//<!-- <![CDATA[
	var deleteCategory = "<?php 
echo gettext("Are you sure you want to delete this category? THIS CANNOT BE UNDONE!");
?>

    $plugin_author = "Malte Müller (acrylian)";
    zp_register_filter('admin_utilities_buttons', 'wordpress_import_button');
    function wordpress_import_button($buttons)
    {
        $buttons[] = array('category' => gettext('Admin'), 'enable' => true, 'button_text' => gettext('Wordpress Importer'), 'formname' => 'wordpress_import.php', 'action' => FULLWEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/wordpress_import.php', 'icon' => WEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/wordpress_import/wpmini-blue.png', 'title' => gettext('An importer for Wordpress posts and pages to Zenpage.'), 'alt' => '', 'hidden' => '', 'rights' => ADMIN_RIGHTS);
        return $buttons;
    }
} else {
    define('OFFSET_PATH', 3);
    require_once dirname(dirname(__FILE__)) . '/admin-globals.php';
    if (extensionEnabled('zenpage')) {
        require_once dirname(dirname(__FILE__)) . '/' . PLUGIN_FOLDER . '/zenpage/admin-functions.php';
    }
    admin_securityChecks(NULL, currentRelativeURL());
    if (isset($_REQUEST['dbname']) || isset($_REQUEST['dbuser']) || isset($_REQUEST['dbpass']) || isset($_REQUEST['dbhost'])) {
        XSRFdefender('wordpress');
    }
    // some extra functions
    function wp_query_full_array($sql, $wpconnection)
    {
        $result = mysqli_query($wpconnection, $sql) or die(gettext("Query failed : ") . mysqli_error($wpconnection));
        if ($result) {
            $allrows = array();
            while ($row = mysqli_fetch_assoc($result)) {
                $allrows[] = $row;
            }
            return $allrows;
        } else {
            return false;
        }
    }

        query($sql);
        $sql = 'DELETE FROM ' . prefix('menu') . ' WHERE `menuset`="' . $menuset . '" AND `sort_order` LIKE "' . $result['sort_order'] . '/%"';
        query($sql);
        $reports[] = "<p class='messagebox fade-message'>" . gettext('Menu item deleted') . "</p>";
    }
}
if (isset($_GET['deletemenuset'])) {
    XSRFdefender('delete_menu');
    $sql = 'DELETE FROM ' . prefix('menu') . ' WHERE `menuset`=' . db_quote(sanitize($_GET['deletemenuset']));
    query($sql);
    $_menu_manager_items = array();
    $delmsg = "<p class='messagebox fade-message'>" . sprintf(gettext("Menu set '%s' deleted"), html_encode($_GET['deletemenuset'])) . "</p>";
}
// publish or un-publish page by click
if (isset($_GET['publish'])) {
    XSRFdefender('update_menu');
    publishItem($_GET['id'], $_GET['show'], $menuset);
}
printAdminHeader('menu');
printSortableHead();
?>
</head>
<body>
<?php 
printLogoAndLinks();
?>
<div id="main">
<?php 
printTabs();
?>
<div id="content">

     $sql = '';
     unset($_POST['publish_albums']);
     foreach ($_POST as $key => $albumid) {
         $key = sanitize_numeric(str_replace('sched_', '', $key));
         if (is_numeric($key)) {
             $sql .= '`id`="' . sanitize_numeric($key) . '" OR ';
         }
     }
     if (!empty($sql)) {
         $sql = substr($sql, 0, -4);
         $sql = 'UPDATE ' . prefix('albums') . ' SET `show`="1" WHERE ' . $sql;
         query($sql);
     }
 } else {
     if (isset($_POST['publish_images'])) {
         XSRFdefender('schedule_content');
         unset($_POST['publish_images']);
         $sql = '';
         foreach ($_POST as $action) {
             $i = strrpos($action, '_');
             $imageid = sanitize_numeric(substr($action, $i + 1));
             switch (substr($action, 0, $i)) {
                 case 'pub':
                     if (is_numeric($imageid)) {
                         $sql .= '`id`="' . $imageid . '" OR ';
                     }
                     break;
                 case 'del':
                     $rowi = query_single_row('SELECT * FROM ' . prefix('images') . ' WHERE `id`=' . $imageid);
                     $rowa = query_single_row('SELECT * FROM ' . prefix('albums') . ' WHERE `id`=' . $rowi['albumid']);
                     $album = new Album($gallery, $rowa['folder']);

//	 we don't want plugins loaded but we are not setup
require_once dirname(__FILE__) . '/admin-globals.php';
// need the class plugins to handle video, etc.
foreach (getEnabledPlugins() as $extension => $plugin) {
    if ($plugin['priority'] & CLASS_PLUGIN) {
        require_once $plugin['path'];
    }
}
require_once dirname(__FILE__) . '/template-functions.php';
if (isset($_REQUEST['album'])) {
    $localrights = ALBUM_RIGHTS;
} else {
    $localrights = NULL;
}
admin_securityChecks($localrights, $return = currentRelativeURL());
XSRFdefender('refresh');
$imageid = '';
if (isset($_GET['refresh'])) {
    if (isset($_GET['id'])) {
        $imageid = sanitize_numeric($_GET['id']);
    }
    $imageid = $_zp_gallery->garbageCollect(true, true, $imageid);
}
if (isset($_GET['prune'])) {
    $type = 'prune&';
    $title = gettext('Refresh Database');
    $finished = gettext('Finished refreshing the database');
    $incomplete = gettext('Database refresh is incomplete');
    $allset = gettext("We are all set to refresh the database");
    $continue = gettext('Continue refreshing the database.');
} else {

 * purge options tab
 *
 * @author Stephen Billard (sbillard)
 *
 * Copyright 2014 by Stephen L Billard for use in {@link https://github.com/ZenPhoto20/ZenPhoto20 ZenPhoto20}
 *
 * @package plugins
 * @subpackage admin
 */
// force UTF-8 Ø
define('OFFSET_PATH', 1);
require_once dirname(dirname(dirname(__FILE__))) . '/admin-globals.php';
admin_securityChecks(OPTIONS_RIGHTS, $return = currentRelativeURL());
$xlate = array('plugins' => gettext('User plugins'), 'zp-core/zp-extensions' => gettext('Extensions'), 'themes' => gettext('Themes'));
if (isset($_POST['purge'])) {
    XSRFdefender('purgeOptions');
    if (isset($_POST['del'])) {
        foreach ($_POST['del'] as $owner) {
            $sql = 'DELETE FROM ' . prefix('options') . ' WHERE `creator` LIKE ' . db_quote('%' . basename($owner));
            $result = query($sql);
            if (preg_match('~^' . THEMEFOLDER . '/~', $owner)) {
                if ($owner == THEMEFOLDER . '/') {
                    $where = ' WHERE `creator` = "' . THEMEFOLDER . '/"';
                } else {
                    $where = ' WHERE `creator` LIKE ' . db_quote('%' . basename($owner) . '/themeoptions.php');
                }
                $sql = 'DELETE FROM ' . prefix('options') . $where;
                $result = query($sql);
            } else {
                purgeOption('zp_plugin_' . stripSuffix(basename($owner)));
            }

     } else {
         $notify = '&migration_error';
     }
     header("Location: " . FULLWEBPATH . "/" . ZENFOLDER . "/admin-users.php?page=users&subpage=" . $subpage . $notify);
     exitZP();
     break;
 case 'deleteadmin':
     XSRFdefender('deleteadmin');
     $adminobj = Zenphoto_Authority::newAdministrator(sanitize($_GET['adminuser']), 1);
     zp_apply_filter('save_user', '', $adminobj, 'delete');
     $adminobj->remove();
     header("Location: " . FULLWEBPATH . "/" . ZENFOLDER . "/admin-users.php?page=users&deleted&subpage=" . $subpage);
     exitZP();
     break;
 case 'saveoptions':
     XSRFdefender('saveadmin');
     $notify = $returntab = $msg = '';
     if (isset($_POST['saveadminoptions'])) {
         if (isset($_POST['checkForPostTruncation'])) {
             if (isset($_POST['alter_enabled']) || sanitize_numeric($_POST['totaladmins']) > 1 || trim(sanitize($_POST['adminuser0'])) != $_zp_current_admin_obj->getUser() || isset($_POST['0-newuser'])) {
                 if (!$_zp_current_admin_obj->reset) {
                     admin_securityChecks(ADMIN_RIGHTS, currentRelativeURL());
                 }
             }
             $alter = isset($_POST['alter_enabled']);
             $nouser = true;
             $returntab = $newuser = false;
             for ($i = 0; $i < sanitize_numeric($_POST['totaladmins']); $i++) {
                 $updated = false;
                 $error = false;
                 $userobj = NULL;

<?php

/**
 *
 * Zenphoto site cloner
 *
 * @package admin
 */
define('OFFSET_PATH', 4);
require_once dirname(dirname(dirname(__FILE__))) . '/admin-globals.php';
require_once SERVERPATH . '/' . ZENFOLDER . '/reconfigure.php';
admin_securityChecks(NULL, currentRelativeURL());
XSRFdefender('cloneZenphoto');
$msg = array();
$folder = sanitize($_GET['clonePath']);
$path = str_replace(WEBPATH, '/', SERVERPATH);
$newinstall = trim(str_replace($path, '', $folder), '/') . '/';
if (trim($folder, '/') == SERVERPATH) {
    $msg[] = gettext('You attempted to clone to the master install.');
    $success = false;
} else {
    $success = true;
    $targets = array(ZENFOLDER => 'dir', USER_PLUGIN_FOLDER => 'dir', 'index.php' => 'file');
    $zplist = $_zp_gallery->getThemes();
    foreach ($zplist as $theme => $data) {
        $targets[THEMEFOLDER . '/' . $theme] = 'dir';
    }
    foreach (array(internalToFilesystem('charset_tést'), internalToFilesystem('charset.tést')) as $charset) {
        if (file_exists(SERVERPATH . '/' . DATA_FOLDER . '/' . $charset)) {
            $targets[DATA_FOLDER . '/' . $charset] = 'file';
        }

     /** clear the RSScache ***********************************************************/
     /******************************************************************************/
 /** clear the RSScache ***********************************************************/
 /******************************************************************************/
 case "clear_rss_cache":
     XSRFdefender('clear_cache');
     clearRSScache();
     $class = 'messagebox';
     $msg = gettext('RSS cache cleared.');
     break;
     /** Reset hitcounters ***********************************************************/
     /********************************************************************************/
 /** Reset hitcounters ***********************************************************/
 /********************************************************************************/
 case "reset_hitcounters":
     XSRFdefender('hitcounter');
     query('UPDATE ' . prefix('albums') . ' SET `hitcounter`= 0');
     query('UPDATE ' . prefix('images') . ' SET `hitcounter`= 0');
     query('UPDATE ' . prefix('news') . ' SET `hitcounter`= 0');
     query('UPDATE ' . prefix('pages') . ' SET `hitcounter`= 0');
     query('UPDATE ' . prefix('news_categories') . ' SET `hitcounter`= 0');
     query('UPDATE ' . prefix('options') . ' SET `value`= 0 WHERE `name` LIKE "Page-Hitcounter-%"');
     query("DELETE FROM " . prefix('plugin_storage') . " WHERE `type` = 'rsshitcounter'");
     $class = 'messagebox';
     $msg = gettext('All hitcounters have been set to zero');
     break;
     /** check for update ***********************************************************/
     /********************************************************************************/
 /** check for update ***********************************************************/
 /********************************************************************************/
 case 'check_for_update':

        break;
    case 'height':
        $size = $height;
        $sr = 1;
        $sizedwidth = Round($width / $height * $size);
        $sizedheight = $size;
        break;
}
$args = array($size, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 1, NULL);
$imageurl = getImageProcessorURI($args, $albumname, $imagepart);
$iW = round($sizedwidth * 0.9);
$iH = round($sizedheight * 0.9);
$iX = round($sizedwidth * 0.05);
$iY = round($sizedheight * 0.05);
if (isset($_REQUEST['crop'])) {
    XSRFdefender('crop');
    $cw = $_REQUEST['w'];
    $ch = $_REQUEST['h'];
    $cx = $_REQUEST['x'];
    $cy = $_REQUEST['y'];
    $rw = $width / $sizedwidth;
    $rh = $height / $sizedheight;
    $cw = round($cw * $rw);
    $ch = round($ch * $rh);
    $cx = round($cx * $rw);
    $cy = round($cy * $rh);
    //create a new image with the set cropping
    $quality = getOption('full_image_quality');
    $rotate = false;
    if (zp_imageCanRotate()) {
        $rotate = getImageRotation($imgpath);

         header('Location: ' . FULLWEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/comment_form/admin-comments.php?saved');
     }
     exitZP();
 case 'deletecomment':
     XSRFdefender('deletecomment');
     $id = sanitize_numeric($_GET['id']);
     $comment = new Comment($id);
     $comment->remove();
     header('Location: ' . FULLWEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/comment_form/admin-comments.php?ndeleted=1');
     exitZP();
 case 'savecomment':
     if (!isset($_POST['id'])) {
         header('Location: ' . FULLWEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/comment_form/admin-comments.php');
         exitZP();
     }
     XSRFdefender('savecomment');
     $id = sanitize_numeric($_POST['id']);
     $comment = new Comment($id);
     if (isset($_POST['name'])) {
         $comment->setName(sanitize($_POST['name'], 3));
     }
     if (isset($_POST['email'])) {
         $comment->setEmail(sanitize($_POST['email'], 3));
     }
     if (isset($_POST['website'])) {
         $comment->setWebsite(sanitize($_POST['website'], 3));
     }
     $comment->setDateTime(sanitize($_POST['date'], 3));
     $comment->setComment(sanitize($_POST['comment'], 1));
     $comment->setCustomData($_comment_form_save_post = serialize(getCommentAddress(0)));
     $comment->save();

            $reports[] = $msg;
        }
    }
}
if (is_AdminEditPage('newscategory')) {
    $tab = 'news';
    $_GET['tab'] = 'categories';
    if (isset($_GET['save'])) {
        XSRFdefender('save');
        updateCategory($reports, true);
    }
    if (isset($_GET['titlelink'])) {
        $result = new ZenpageCategory(urldecode(sanitize($_GET['titlelink'])));
    } else {
        if (isset($_GET['update'])) {
            XSRFdefender('update');
            $result = updateCategory($reports);
        } else {
            $result = new ZenpageCategory('');
            $result->setShow(1);
        }
    }
}
printAdminHeader($tab, $result->transient ? gettext('add') : gettext('edit'));
zp_apply_filter('texteditor_config', 'zenpage');
zenpageJSCSS();
datepickerJS();
codeblocktabsJS();
?>
<script type="text/javascript">
	//<!-- <![CDATA[