Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-06 01:28:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

Protect md file

Browse Source
This commit is contained in:
Laurent Destailleur
2020-09-17 16:57:39 +02:00
parent d04d1d1499
commit eae5410ced
3 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
htdocs/core/boxes/modules_boxes.php
View File

@@ -422,6 +422,7 @@ class ModeleBoxes // Can't be abtract as it is instantiated to build "empty" box
{ {
while (($file = readdir($handle)) !== false) while (($file = readdir($handle)) !== false)
{ {
$reg = array();
if (is_readable($newdir.'/'.$file) && preg_match('/^(.+)\.php/', $file, $reg)) if (is_readable($newdir.'/'.$file) && preg_match('/^(.+)\.php/', $file, $reg))
{ {
if (preg_match('/\.back$/', $file)) continue; if (preg_match('/\.back$/', $file)) continue;

1
htdocs/core/lib/functions.lib.php
View File

@@ -7970,6 +7970,7 @@ function dol_mimetype($file, $default = 'application/octet-stream', $mode = 0)
if (preg_match('/\.ini$/i', $tmpfile)) { $mime = 'text/plain'; $imgmime = 'text.png'; $srclang = 'ini'; $famime = 'file-text-o'; } if (preg_match('/\.ini$/i', $tmpfile)) { $mime = 'text/plain'; $imgmime = 'text.png'; $srclang = 'ini'; $famime = 'file-text-o'; }
if (preg_match('/\.md$/i', $tmpfile)) { $mime = 'text/plain'; $imgmime = 'text.png'; $srclang = 'md'; $famime = 'file-text-o'; } if (preg_match('/\.md$/i', $tmpfile)) { $mime = 'text/plain'; $imgmime = 'text.png'; $srclang = 'md'; $famime = 'file-text-o'; }
if (preg_match('/\.css$/i', $tmpfile)) { $mime = 'text/css'; $imgmime = 'css.png'; $srclang = 'css'; $famime = 'file-text-o'; } if (preg_match('/\.css$/i', $tmpfile)) { $mime = 'text/css'; $imgmime = 'css.png'; $srclang = 'css'; $famime = 'file-text-o'; }
if (preg_match('/\.lang$/i', $tmpfile)) { $mime = 'text/plain'; $imgmime = 'text.png'; $srclang = 'lang'; $famime = 'file-text-o'; }
// Certificate files // Certificate files
if (preg_match('/\.(crt|cer|key|pub)$/i', $tmpfile)) { $mime = 'text/plain'; $imgmime = 'text.png'; $famime = 'file-text-o'; } if (preg_match('/\.(crt|cer|key|pub)$/i', $tmpfile)) { $mime = 'text/plain'; $imgmime = 'text.png'; $famime = 'file-text-o'; }
// XML based (HTML/XML/XAML) // XML based (HTML/XML/XAML)

8
htdocs/modulebuilder/index.php
View File

@@ -1463,7 +1463,13 @@ if ($action == 'savefile' && empty($cancel))
dol_copy($pathoffile, $pathoffilebackup, 0, 1); dol_copy($pathoffile, $pathoffilebackup, 0, 1);
} }
$content = GETPOST('editfilecontent', 'none'); $check = 'restricthtml';
$srclang = dol_mimetype($pathoffile, '', 3);
if ($srclang == 'md') $check = 'restricthtml';
if ($srclang == 'lang') $check = 'restricthtml';
if ($srclang == 'php') $check = 'none';
$content = GETPOST('editfilecontent', $check);
// Save file on disk // Save file on disk
if ($content) if ($content)