当前位置: 首页>>代码示例>>PHP>>正文


PHP check_for_csrf函数代码示例

本文整理汇总了PHP中check_for_csrf函数的典型用法代码示例。如果您正苦于以下问题:PHP check_for_csrf函数的具体用法?PHP check_for_csrf怎么用?PHP check_for_csrf使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了check_for_csrf函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: check_for_csrf

    }
    // if not allowedtoedit then userid is $USR now, so stop undo actions
    check_for_csrf("undo");
    // perform undo
    // undo add new user
    if (isset($_GET['new'])) {
        delete_file(GSUSERSPATH . $file);
        redirect('profile.php?success=' . urlencode(strip_tags(sprintf(i18n_r('ER_HASBEEN_DEL'), $userid))));
    }
    // undo edit user
    restore_datafile(GSUSERSPATH . $file);
    redirect('profile.php?upd=profile-restored&userid=' . $userid);
}
# was the form submitted?
if (isset($_POST['submitted']) && isset($_POST['user'])) {
    check_for_csrf("save_profile");
    do {
        // if editing and post userid not match get userid
        // @todo perhaps use nonce here instead
        if ($editing && $userid !== _id($_POST['user'])) {
            $error = i18n_r('ER_REQ_PROC_FAIL');
            break;
        }
        $userid = _id($_POST['user']);
        $file = $userid . '.xml';
        if ($adding && path_is_safe(GSUSERSPATH . $file, GSUSERSPATH)) {
            $error = i18n_r('INVALID_USER');
            // user already exists
            break;
        }
        if (!path_is_safe(dirname(GSUSERSPATH . $file), GSUSERSPATH, true)) {
开发者ID:CodeCharming,项目名称:GetSimpleCMS,代码行数:31,代码来源:profile.php

示例2: login_cookie_check

 * Theme
 *
 * @package GetSimple
 * @subpackage Theme
 */
# setup inclusions
$load['plugin'] = true;
include 'inc/common.php';
login_cookie_check();
# variable settings
$path = GSDATAOTHERPATH;
$file = GSWEBSITEFILE;
$theme_options = '';
# was the form submitted?
if (isset($_POST['submitted']) && isset($_POST['template'])) {
    check_for_csrf("activate");
    # get passed value from form
    $newTemplate = var_in($_POST['template']);
    if (!path_is_safe(GSTHEMESPATH . $newTemplate, GSTHEMESPATH)) {
        die;
    }
    # backup old GSWEBSITEFILE (website.xml) file
    $bakpath = GSBACKUPSPATH . getRelPath(GSDATAOTHERPATH, GSDATAPATH);
    // backups/other/
    createBak($file, $path, $bakpath);
    # udpate GSWEBSITEFILE (website.xml) file with new theme
    $xml = new SimpleXMLExtended('<item></item>');
    $note = $xml->addChild('SITENAME');
    $note->addCData($SITENAME);
    $note = $xml->addChild('SITEURL');
    $note->addCData($SITEURL);
开发者ID:promil23,项目名称:GetSimpleCMS,代码行数:31,代码来源:theme.php

示例3: redirect

    $p = $_GET['p'];
} else {
    redirect('backups.php?upd=bak-err');
}
if ($p == 'delete') {
    // deleting page backup
    check_for_csrf("delete", "backup-edit.php");
    if ($draft) {
        $status = delete_draft_backup($id) ? 'success' : 'err';
    } else {
        $status = delete_page_backup($id) ? 'success' : 'err';
    }
    redirect("backups.php?upd=bak-" . $status . "&id=" . $id);
} elseif ($p == 'restore') {
    // restoring page backup
    check_for_csrf("restore", "backup-edit.php");
    $redirect = "";
    if ($draft) {
        restore_draft($id);
        // restore old slug file
        // generate_sitemap(); // regenerates sitemap, we do not need to do this for drafts.
        $success = exec_action('draft-restore');
        // @hook draft-restore fired when a draft is restored
        redirect("edit.php?id=" . $id . "&upd-draft&upd=edit-success&type=restore");
    }
    if (isset($_GET['new'])) {
        $newid = $_GET['new'];
        // @todo traversal protect $newid
        // restore page by old slug id
        changeChildParents($newid, $id);
        // update parents and children
开发者ID:kix23,项目名称:GetSimpleCMS,代码行数:31,代码来源:backup-edit.php

示例4: header

        }
        if (sizeof($errors) != 0) {
            if (requestIsAjax()) {
                header("HTTP/1.0 403");
                i18n('ERROR_UPLOAD');
                die;
            }
            foreach ($errors as $msg) {
                $error = $msg . '<br />';
            }
        }
    }
}
// if creating new folder
if (isset($_GET['newfolder']) && $allowcreatefolder) {
    check_for_csrf("createfolder");
    $newfolder = $_GET['newfolder'];
    // check for invalid chars
    $cleanname = clean_url(to7bit(strippath($newfolder), "UTF-8"));
    $cleanname = basename($cleanname);
    if (file_exists($path . $cleanname) || $cleanname == '') {
        $error = i18n_r('ERROR_FOLDER_EXISTS');
    } else {
        if (getDef('GSCHMOD')) {
            $chmod_value = GSCHMOD;
        } else {
            $chmod_value = 0755;
        }
        if (create_dir($path . $cleanname, $chmod_value)) {
            //create folder for thumbnails
            $thumbFolder = GSTHUMBNAILPATH . $subFolder . $cleanname;
开发者ID:HelgeSverre,项目名称:GetSimpleCMS,代码行数:31,代码来源:upload.php

示例5: login_cookie_check

$load['plugin'] = true;
// Include common.php
include 'inc/common.php';
login_cookie_check();
// disable this entirely if not enabled
if (getdef('GSALLOWDOWNLOADS', true) === false) {
    die(i18n('NOT_ALLOWED'));
}
# check if all variables are set
if (isset($_GET['file'])) {
    $file = removerelativepath($_GET['file']);
    // check that this file is safe to access
    $archivesafe = filepath_is_safe($file, GSBACKUPSPATH . DIRECTORY_SEPARATOR . 'zip');
    // check for archives
    if ($archivesafe) {
        check_for_csrf("archive", "download.php");
    }
    // check archive nonce
    $filesafe = filepath_is_safe($file, GSDATAUPLOADPATH);
    // check for uploads
    if (!($filesafe || $archivesafe)) {
        die(i18n('NOT_ALLOWED'));
    }
    // file specified is non existant or LFI! WE DIE
    $extention = getFileExtension($file);
    header("Content-disposition: attachment; filename=" . $file);
    # set content headers
    if ($extention == 'zip') {
        header("Content-type: application/octet-stream");
    } elseif ($extention == 'gz') {
        header("Content-type: application/x-gzip");
开发者ID:HelgeSverre,项目名称:GetSimpleCMS,代码行数:31,代码来源:download.php

示例6: login_cookie_check

 * @subpackage Page-Edit
 */
// Setup inclusions
$load['plugin'] = true;
// Include common.php
include 'inc/common.php';
login_cookie_check();
// Variable settings
$id = isset($_GET['id']) ? $_GET['id'] : null;
$ptype = isset($_GET['type']) ? $_GET['type'] : null;
$path = GSDATAPAGESPATH;
$counter = '0';
$table = '';
# clone attempt happening
if (isset($_GET['action']) && isset($_GET['id']) && $_GET['action'] == 'clone') {
    check_for_csrf("clone", "pages.php");
    # check to not overwrite
    $count = 1;
    $newfile = GSDATAPAGESPATH . $_GET['id'] . "-" . $count . ".xml";
    if (file_exists($newfile)) {
        while (file_exists($newfile)) {
            $count++;
            $newfile = GSDATAPAGESPATH . $_GET['id'] . "-" . $count . ".xml";
        }
    }
    $newurl = $_GET['id'] . '-' . $count;
    # do the copy
    $status = copy($path . $_GET['id'] . '.xml', $path . $newurl . '.xml');
    if ($status) {
        $newxml = getXML($path . $newurl . '.xml');
        $newxml->url = $newurl;
开发者ID:promil23,项目名称:GetSimpleCMS,代码行数:31,代码来源:pages.php

示例7: login_cookie_check

 * @subpackage Backups
 * @link http://get-simple.info/docs/restore-page-backup
 */
// Setup inclusions
$load['plugin'] = true;
// Include common.php
include 'inc/common.php';
// Variable settings
login_cookie_check();
$path = GSBACKUPSPATH . getRelPath(GSDATAPAGESPATH, GSDATAPATH);
// backups/pages/
$counter = '0';
$table = '';
// delete all backup files if the ?deleteall session parameter is set
if (isset($_GET['deleteall'])) {
    check_for_csrf("deleteall");
    $filenames = getFiles($path);
    foreach ($filenames as $file) {
        if (file_exists($path . $file)) {
            if (isFile($file, $path, 'bak')) {
                unlink($path . $file);
            }
        }
    }
    $success = i18n_r('ER_FILE_DEL_SUC');
}
//display all page backups
$filenames = getFiles($path);
$count = "0";
$pagesArray_tmp = array();
$pagesSorted = array();
开发者ID:promil23,项目名称:GetSimpleCMS,代码行数:31,代码来源:backups.php

示例8: check_for_csrf

    $update = 'flushcache-success';
}
# if the undo command was invoked
if (isset($_GET['undo'])) {
    check_for_csrf("undo");
    # perform undo
    $bakpath = GSBACKUPSPATH . getRelPath(GSDATAOTHERPATH, GSDATAPATH);
    // backups/other/
    undo(GSWEBSITEFILE, GSDATAOTHERPATH, $bakpath);
    generate_sitemap();
    # redirect back to yourself to show the new restored data
    redirect('settings.php?upd=settings-restored');
}
# was the form submitted?
if (isset($_POST['submitted'])) {
    check_for_csrf("save_settings");
    # website-specific fields
    if (isset($_POST['sitename'])) {
        $SITENAME = htmlentities($_POST['sitename'], ENT_QUOTES, 'UTF-8');
    }
    if (isset($_POST['siteurl'])) {
        $SITEURL = tsl($_POST['siteurl']);
    }
    if (isset($_POST['permalink'])) {
        $PERMALINK = var_in(trim($_POST['permalink']));
    }
    if (isset($_POST['template'])) {
        // $TEMPLATE = $_POST['template'];
    }
    if (isset($_POST['prettyurls'])) {
        $PRETTYURLS = $_POST['prettyurls'];
开发者ID:promil23,项目名称:GetSimpleCMS,代码行数:31,代码来源:settings.php

示例9: setcookie

        setcookie('gs_editor_theme', $themesave);
    }
    return;
}
$themepath = GSTHEMESPATH . tsl($template);
// prevent traversal
if ($template_file != '' and !filepath_is_safe($themepath . $template_file, $themepath)) {
    die(i18n_r('INVALID_OPER'));
}
# if no template is selected, use the default
if ($template_file == '') {
    $template_file = GSTEMPLATEFILE;
}
# check for form submission
if (isset($_POST['submitsave'])) {
    check_for_csrf("save");
    # save edited template file
    $SavedFile = $_POST['edited_file'];
    $FileContents = get_magic_quotes_gpc() ? stripslashes($_POST['content']) : $_POST['content'];
    // prevent traversal
    if (!filepath_is_safe(GSTHEMESPATH . $SavedFile, GSTHEMESPATH)) {
        die(i18n_r('INVALID_OPER'));
    }
    $fh = fopen(GSTHEMESPATH . $SavedFile, 'w') or die("can't open file");
    fwrite($fh, $FileContents);
    fclose($fh);
    $success = sprintf(i18n_r('TEMPLATE_FILE'), $SavedFile);
    if (isset($_POST['ajaxsave'])) {
        echo "<div>";
        include 'template/error_checking.php';
        echo '<input id="nonce" name="nonce" type="hidden" value="' . get_nonce("save") . '" />';
开发者ID:promil23,项目名称:GetSimpleCMS,代码行数:31,代码来源:theme-edit.php

示例10: publishDraft

    if (!filepath_is_safe(GSDATADRAFTSPATH . $id . '.xml', GSDATADRAFTSPATH)) {
        $status = false;
    } else {
        $status = publishDraft($id);
    }
    if ($status) {
        exec_action('draft-publish');
        // @hook draft-publish a draft was published
        generate_sitemap();
        // regenerates sitemap
    }
    redirect("pages.php?id=" . $id . "&upd=publish-" . ($status ? 'success' : 'error'));
    die;
}
if (isset($_POST['submitted'])) {
    check_for_csrf("edit", "edit.php");
    // check for missing required fields
    safemodefail('changedata-save', 'edit.php?id=' . $_POST['post-id']);
    if (!isset($_POST['post-title']) || trim($_POST['post-title']) == '') {
        // no title, throw CANNOT_SAVE_EMPTY
        // @todo this loses $id, we only get here if js is disabled
        redirect("edit.php?upd=edit-error&type=" . urlencode(i18n_r('CANNOT_SAVE_EMPTY')));
    }
    // flag for new page, true, false existing
    $pageIsNew = !isset($_POST['existing-url']) || trim($_POST['existing-url']) == '';
    $postslug = $oldslug = null;
    $oldslug = isset($_POST['existing-url']) && trim($_POST['existing-url']) !== '' ? $_POST['existing-url'] : null;
    $postslug = isset($_POST['post-id']) && trim($_POST['post-id']) !== '' ? $_POST['post-id'] : null;
    $slugHasChanged = !$pageIsNew && $oldslug !== $postslug;
    # flag, this edit changed the slug
    $overwrite = !$pageIsNew && !$slugHasChanged;
开发者ID:kix23,项目名称:GetSimpleCMS,代码行数:31,代码来源:changedata.php

示例11: check_for_csrf

/**
 * Reset Password
 *
 * Resets the password for GetSimple control panel access
 *
 * @package GetSimple
 * @subpackage Login
 */
# setup inclusions
$load['plugin'] = true;
include 'inc/common.php';
if (getDef('GSALLOWRESETPASS', true) === false) {
    die;
}
if (isset($_POST['submitted'])) {
    check_for_csrf("reset_password");
    $randSleep = rand(250000, 2000000);
    // random sleep for .25 to 2 seconds
    if (isset($_POST['username']) and !empty($_POST['username'])) {
        # user filename
        $file = _id($_POST['username']) . '.xml';
        # get user information from existing XML file
        if (filepath_is_safe(GSUSERSPATH . $file, GSUSERSPATH) && file_exists(GSUSERSPATH . $file)) {
            $data = getXML(GSUSERSPATH . $file);
            $userid = strtolower($data->USR);
            $EMAIL = $data->EMAIL;
            if (strtolower($_POST['username']) === $userid) {
                # create new random password
                $random = createRandomPassword();
                // $random = '1234';
                # create backup
开发者ID:kix23,项目名称:GetSimpleCMS,代码行数:31,代码来源:resetpassword.php

示例12: login_cookie_check

 */
// Setup inclusions
$load['plugin'] = true;
include 'inc/common.php';
login_cookie_check();
// Variable Settings
$log_name = isset($_GET['log']) ? $_GET['log'] : '';
$log_path = GSDATAOTHERPATH . 'logs/';
$log_file = $log_path . $log_name;
$whois_url = 'http://whois.arin.net/rest/ip/';
// filepath_is_safe returns false if file does nt exist
if (!isset($log_name) || !filepath_is_safe($log_file, $log_path)) {
    $log_data = false;
}
if (isset($_GET['action']) && $_GET['action'] == 'delete' && strlen($log_name) > 0) {
    check_for_csrf("delete");
    unlink($log_file);
    exec_action('logfile_delete');
    redirect('log.php?success=' . urlencode('Log ' . $log_name . i18n_r('MSG_HAS_BEEN_CLR')));
}
if (!isset($log_data)) {
    $log_data = getXML($log_file);
}
$pagetitle = i18n_r('LOGS') . ' &middot; ' . i18n_r('SUPPORT');
get_template('header');
?>
	
<?php 
include 'template/include-nav.php';
?>
开发者ID:promil23,项目名称:GetSimpleCMS,代码行数:30,代码来源:log.php

示例13: login_cookie_check

<?php

/**
 * Delete File
 *
 * Deletes Files based on what is passed to it 	
 *
 * @package GetSimple
 * @subpackage Delete-Files
 */
// Setup inclusions
$load['plugin'] = true;
// Include common.php
include 'inc/common.php';
login_cookie_check();
check_for_csrf("delete", "deletefile.php");
// are we deleting pages?
if (isset($_GET['id'])) {
    $id = $_GET['id'];
    if ($id == 'index') {
        redirect('pages.php?upd=edit-error&type=' . urlencode(i18n_r('HOMEPAGE_DELETE_ERROR')));
    } else {
        updateSlugs($id);
        $status = delete_file($id);
        generate_sitemap();
        exec_action('page-delete');
        redirect("pages.php?upd=del-" . $status . "&id=" . $id . "&type=delete");
    }
}
// are we deleting archives?
if (isset($_GET['zip'])) {
开发者ID:promil23,项目名称:GetSimpleCMS,代码行数:31,代码来源:deletefile.php

示例14: exec_action

            $c_note = $components->addChild('title');
            $c_note->addCData($comp['title']);
            $components->addChild('slug', $comp['slug']);
            $c_note = $components->addChild('value');
            $c_note->addCData($comp['value']);
            $count++;
        }
    }
    exec_action('component-save');
    XMLsave($xml, $path . $file);
    $update = 'comp-success';
    // redirect('components.php?upd=comp-success');
}
# if undo was invoked
if (isset($_GET['undo'])) {
    check_for_csrf("undo");
    # perform the undo
    undo($file, $path, $bakpath);
    $update = 'comp-restored';
    // redirect('components.php?upd=comp-restored');
}
# create components form html
$data = getXML($path . $file);
$componentsec = $data->item;
$count = 0;
// $componentsec = subval_sort($data->item,'title'); // sorted on save probably not necessary at this time
if (count($componentsec) != 0) {
    foreach ($componentsec as $component) {
        $table .= '<div class="compdiv codewrap" id="section-' . $count . '"><table class="comptable" ><tr><td><b title="' . i18n_r('DOUBLE_CLICK_EDIT') . '" class="comptitle editable">' . stripslashes($component->title) . '</b></td>';
        $table .= '<td style="text-align:right;" ><code>&lt;?php get_component(<span class="compslugcode">\'' . $component->slug . '\'</span>); ?&gt;</code></td><td class="delete" >';
        $table .= '<a href="javascript:void(0)" title="' . i18n_r('DELETE_COMPONENT') . ': ' . cl($component->title) . '?" class="delcomponent" rel="' . $count . '" >&times;</a></td></tr></table>';
开发者ID:promil23,项目名称:GetSimpleCMS,代码行数:31,代码来源:components.php

示例15: login_cookie_check

 * Displays and starts the website archives 	
 *
 * @package GetSimple
 * @subpackage Backups
 */
// Setup inclusions
$load['plugin'] = true;
// Include common.php
include 'inc/common.php';
login_cookie_check();
exec_action('load-archive');
// Variable Settings
$table = '';
// if a backup needs to be created
if (isset($_GET['do'])) {
    check_for_csrf("create");
    exec_action('archive-backup');
    // @hook archive-backup create backup archive requested
    redirect('zip.php?s=' . $SESSIONHASH);
}
// if a backup has just been created
if (isset($_GET['done'])) {
    $success = i18n_r('SUCC_WEB_ARCHIVE');
}
if (isset($_GET['nozip'])) {
    $error = i18n_r('NO_ZIPARCHIVE') . ' - <a href="health-check.php">' . i18n_r('WEB_HEALTH_CHECK') . '</a>';
}
$pagetitle = i18n_r('WEBSITE_ARCHIVES') . ' &middot; ' . i18n_r('BAK_MANAGEMENT');
get_template('header');
?>
	
开发者ID:HelgeSverre,项目名称:GetSimpleCMS,代码行数:30,代码来源:archive.php


注:本文中的check_for_csrf函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。