Whoops! Fixed an SQL injection vulnerability in the CLI installer. (Not like it's a huge deal because the vulnerability was only introduced last commit and if you make it to that stage you already know the database password)
<?php
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
* Version 1.1.6 (Caoineag beta 1)
* Copyright (C) 2006-2008 Dan Fuhry
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
*/
class Namespace_File extends Namespace_Default
{
function send()
{
global $output;
$output->add_before_footer($this->show_info());
$output->add_before_footer($this->display_categories());
if ( $this->exists )
{
$this->send_from_db();
}
else
{
$output->header();
$this->error_404();
$output->footer();
}
}
function show_info()
{
global $db, $session, $paths, $template, $plugins; // Common objects
global $lang;
$local_page_id = $this->page_id;
$local_namespace = $this->namespace;
$html = '';
// Prevent unnecessary work
if ( $local_namespace != 'File' )
return null;
$selfn = $local_page_id;
if ( substr($paths->cpage['name'], 0, strlen($paths->nslist['File'])) == $paths->nslist['File'])
{
$selfn = substr($local_page_id, strlen($paths->nslist['File']), strlen($local_page_id));
}
$selfn = $db->escape($selfn);
$q = $db->sql_query('SELECT f.mimetype,f.time_id,f.size,l.log_id FROM ' . table_prefix . "files AS f\n"
. " LEFT JOIN " . table_prefix . "logs AS l\n"
. " ON ( l.time_id = f.time_id AND ( l.action = 'reupload' OR l.action IS NULL ) )\n"
. " WHERE f.page_id = '$selfn'\n"
. " ORDER BY f.time_id DESC;");
if ( !$q )
{
$db->_die('The file type could not be fetched.');
}
if ( $db->numrows() < 1 )
{
$html .= '<div class="mdg-comment" style="margin-left: 0;">
<h3>' . $lang->get('onpage_filebox_heading') . '</h3>
<p>' . $lang->get('onpage_filebox_msg_not_found', array('upload_link' => makeUrlNS('Special', 'UploadFile/'.$local_page_id))) . '</p>
</div>
<br />';
return $html;
}
$r = $db->fetchrow();
$mimetype = $r['mimetype'];
$datestring = enano_date('F d, Y h:i a', (int)$r['time_id']);
$html .= '<div class="mdg-comment" style="margin-left: 0;">
<h3>' . $lang->get('onpage_filebox_heading') . '</h3>
<p>' . $lang->get('onpage_filebox_lbl_type') . ' '.$r['mimetype'].'<br />';
$size = $r['size'] . ' ' . $lang->get('etc_unit_bytes');
if ( $r['size'] >= 1048576 )
{
$size .= ' (' . ( round($r['size'] / 1048576, 1) ) . ' ' . $lang->get('etc_unit_megabytes_short') . ')';
}
else if ( $r['size'] >= 1024 )
{
$size .= ' (' . ( round($r['size'] / 1024, 1) ) . ' ' . $lang->get('etc_unit_kilobytes_short') . ')';
}
$html .= $lang->get('onpage_filebox_lbl_size', array('size' => $size));
$html .= '<br />' . $lang->get('onpage_filebox_lbl_uploaded') . ' ' . $datestring . '</p>';
if ( substr($mimetype, 0, 6) != 'image/' && ( substr($mimetype, 0, 5) != 'text/' || $mimetype == 'text/html' || $mimetype == 'text/javascript' ) )
{
$html .= '<div class="warning-box">
' . $lang->get('onpage_filebox_msg_virus_warning') . '
</div>';
}
if ( substr($mimetype, 0, 6) == 'image/' )
{
$html .= '<p>
<a href="'.makeUrlNS('Special', 'DownloadFile'.'/'.$selfn).'">
<img style="border: 0;" alt="'.$paths->page.'" src="'.makeUrlNS('Special', 'DownloadFile'.'/'.$selfn.htmlspecialchars(urlSeparator).'preview').'" />
</a>
</p>';
}
$html .= '<p>
<a href="'.makeUrlNS('Special', 'DownloadFile'.'/'.$selfn.'/'.$r['time_id'].htmlspecialchars(urlSeparator).'download').'">
' . $lang->get('onpage_filebox_btn_download') . '
</a>';
if(!$paths->page_protected && ( $paths->wiki_mode || $session->get_permissions('upload_new_version') ))
{
$html .= ' | <a href="'.makeUrlNS('Special', 'UploadFile'.'/'.$selfn).'">
' . $lang->get('onpage_filebox_btn_upload_new') . '
</a>';
}
$html .= '</p>';
if ( $db->numrows() > 1 )
{
// requery, sql_result_seek() doesn't work on postgres
$db->free_result();
$q = $db->sql_query('SELECT f.mimetype,f.time_id,f.size,l.log_id FROM ' . table_prefix . "files AS f\n"
. " LEFT JOIN " . table_prefix . "logs AS l\n"
. " ON ( l.time_id = f.time_id AND ( l.action = 'reupload' OR l.action IS NULL ) )\n"
. " WHERE f.page_id = '$selfn'\n"
. " ORDER BY f.time_id DESC;");
if ( !$q )
$db->_die();
$html .= '<h3>' . $lang->get('onpage_filebox_heading_history') . '</h3><p>';
$last_rollback_id = false;
while ( $r = $db->fetchrow() )
{
$html .= '(<a href="'.makeUrlNS('Special', 'DownloadFile'.'/'.$selfn.'/'.$r['time_id'].htmlspecialchars(urlSeparator).'download').'">' . $lang->get('onpage_filebox_btn_this_version') . '</a>) ';
if ( $session->get_permissions('history_rollback') && $last_rollback_id )
$html .= ' (<a href="#rollback:' . $last_rollback_id . '" onclick="ajaxRollback(\''.$last_rollback_id.'\'); return false;">' . $lang->get('onpage_filebox_btn_revert') . '</a>) ';
else if ( $session->get_permissions('history_rollback') && !$last_rollback_id )
$html .= ' (' . $lang->get('onpage_filebox_btn_current') . ') ';
$last_rollback_id = $r['log_id'];
$mimetype = $r['mimetype'];
$datestring = enano_date('F d, Y h:i a', (int)$r['time_id']);
$html .= $datestring.': '.$r['mimetype'].', ';
$fs = $r['size'];
$fs = (int)$fs;
if($fs >= 1048576)
{
$fs = round($fs / 1048576, 1);
$size = $fs . ' ' . $lang->get('etc_unit_megabytes_short');
}
else
if ( $fs >= 1024 )
{
$fs = round($fs / 1024, 1);
$size = $fs . ' ' . $lang->get('etc_unit_kilobytes_short');
}
else
{
$size = $fs . ' ' . $lang->get('etc_unit_bytes');
}
$html .= $size;
$html .= '<br />';
}
$html .= '</p>';
}
$db->free_result();
$html .= '</div><br />';
return $html;
}
}