sina_nop Posted September 14, 2009 Share Posted September 14, 2009 Hi anyone can help me for check this page for security and fix bug Thanks <?php error_reporting('E_ALL ^ E_NOTICE'); $parser_version = phpversion(); if ($parser_version <= "4.1.0") { $GET_VARS = $HTTP_GET_VARS ; $POST_VARS = $HTTP_POST_VARS; $SERVER_VARS = $HTTP_SERVER_VARS; $COOKIES = $HTTP_COOKIE_VARS; $FILES = $HTTP_POST_FILES; } else{ $GET_VARS = $_GET; $POST_VARS = $_POST; $SERVER_VARS = $_SERVER; $COOKIES = $_COOKIE; $FILES = $_FILES; } #Language $lang_Category ="Category"; $script_filename = htmlspecialchars(htmlentities(addslashes($SERVER_VARS['SCRIPT_FILENAME']))) ; $real_path=str_replace("\\","/",$script_filename); $pathinfo = htmlentities(htmlspecialchars(pathinfo($real_path))); if($pathinfo[dirname]!=""){ $richedit_dir =$pathinfo[dirname]; } else{ $richedit_dir ="../richedit"; } $script_url = htmlspecialchars(htmlentities(addslashes($SERVER_VARS['PHP_SELF']))); $richedit_url = get_site_url(); //Or enter the URL to main forum folder - example: $richedit_url ="http://ecardmax.com/forum"; - NO / at the end $smiley_folder_url ="$richedit_url/smileys"; $clipart_folder_url ="$richedit_url/cliparts"; $wordart_folder_url ="$richedit_url/wordarts"; $q_string = $SERVER_VARS['QUERY_STRING']; $step = htmlspecialchars(htmlentities(addslashes($GET_VARS['step']))); $step_upload = htmlspecialchars(htmlentities(addslashes($POST_VARS['step_upload']))); $cat = htmlspecialchars(htmlentities(addslashes($GET_VARS['cat']))); $page = htmlspecialchars(htmlentities(addslashes($GET_VARS['page']))); $what = htmlspecialchars(htmlentities(addslashes($GET_VARS['what']))); $first= htmlspecialchars(htmlentities(addslashes($GET_VARS['first']))); if ($what =="smileys"){ $folder_url = $smiley_folder_url; } elseif ($what =="wordarts"){ $folder_url = $wordart_folder_url; } elseif ($what =="cliparts"){ $folder_url = $clipart_folder_url; } if (!file_exists("$richedit_dir/$what")){ print "Path to folder richedit not found. Please use Text editor to open file richedit/show_it.php and edit <b>\$richedit_dir</b>"; exit; } if ($fh = opendir("$richedit_dir/$what")) { while (($get_item = readdir($fh)) !== false) { if ($get_item != "." && $get_item != ".." && is_dir("$richedit_dir/$what/$get_item")) { $get_it .="$get_item\n"; } } closedir($fh); } $my_array_folder = explode("\n",$get_it); natsort($my_array_folder); $tt_pic = 0; foreach ($my_array_folder as $get_item){ if ($get_item != ""){ if ($fh = opendir("$richedit_dir/$what/$get_item")) { while (($get_subitem = readdir($fh)) !== false) { if ($get_subitem != "." && $get_subitem != ".." && strpos($get_subitem,".gif") || strpos($get_subitem,".png") || strpos($get_subitem,".jpg")) { $tt_pic++; } } closedir($fh); $get_item2 = str_replace ("_"," ",$get_item); $random_img_cat = random_img_cat($get_item,$what); $folder .="<tr>\n"; $folder .="<td class='Hoteditor_Select' STYLE=\"cursor:hand;cursor:pointer\" onClick=\"location.href='$script_url?what=$what&step=2&page=1&cat=$get_item';\" onMouseover=\"this.className='Hoteditor_Select_Over';\" onMouseout=\"this.className='Hoteditor_Select';\" align=\"center\" height=\"27\" >\n"; $folder .="<font size=1>$lang_Category: <b>$get_item2 ($tt_pic)</b></font><br><img align=absmiddle src=$folder_url/$get_item/$random_img_cat> </td>\n"; $folder .="</tr>\n"; $drop_down_data .="<option value='$get_item'>$get_item2 ($tt_pic)</option>\n"; $tt_pic = 0; } } } if ($show_cat_dropdown != "no"){ $drop_down ="<form name=form_cat method=get action=$script_url><input type=hidden name=step value=2><input type=hidden name=what value=$what><input type=hidden name=first value=no><input type=hidden name=page value=1><select name=cat onchange=\"document.form_cat.submit();\"><option value=''>$lang_Category</option>$drop_down_data</select></form>"; } # Upload image file # Read dir "smileys" - Display category folder if ($step ==1){ print<<<EOF <html> <head> <script> if(self.parent.styles_folder_path){ var get_styles_folder_path = self.parent.styles_folder_path; var richselected = 1; var my_document =self.parent; } else{ var get_styles_folder_path = window.opener.styles_folder_path; var richselected = 0; var my_document =window.opener; } get_styles_folder_path=get_styles_folder_path.replace("richedit/",""); document.writeln("<style type=text/css>@import url(" + get_styles_folder_path + "/style.css);</style>"); document.writeln("<style type=text/css>@import url(" + get_styles_folder_path + "/style_popup_layer.css);</style>"); </script> </head> <body leftmargin="0" rightmargin="0" marginwidth="0" marginheight="0" topmargin="0" bottommargin="0"> <table border="0" cellpadding="3" cellspacing="3" style="border-collapse: collapse" width="360" > <tr> <td width="68%" valign=top> <font size=1>Select categories below</font></td> <td width="32%" align="right">$drop_down</td> </tr> </table> <hr class=HR_Color> <div style="overflow:auto;height:280;width:100%" align="center"> <table cellpadding="8" cellspacing="8" border="0" width="90%"> $folder </table> </div><br><br> </body> </html> <script language=javascript> var my_what ="$what"; if(my_what=="smileys"){ self.parent.Set_smiles_path("$script_url?step=1&what=$what"); } if(my_what=="wordarts"){ self.parent.Set_wordarts_path("$script_url?step=1&what=$what"); } if(my_what=="cliparts"){ self.parent.Set_cliparts_path("$script_url?step=1&what=$what"); } </script> EOF; } else{ # step=2 if($first =="yes"){ $open_path ="$richedit_dir/$what"; } else{ $open_path ="$richedit_dir/$what/$cat"; } if ($fh = opendir($open_path)) { while (($get_item = readdir($fh)) !== false) { if ($get_item != "." && $get_item != ".." && strpos($get_item,".gif") || strpos($get_item,".png") || strpos($get_item,".jpg")) { $tmp_array .="$get_item\n"; $total_pic++; } } closedir($fh); } # Display thumbnail $array = explode("\n", $tmp_array); if ($page == ""){$page = 1;} if ($page == 1) { $prev = 0; $next = $pic_per_page - 1; } else { $prev = ($page - 1) * $pic_per_page; $next = ($page * $pic_per_page) - 1; } $next >= $total_pic and $next = $total_pic - 1; $x = 0; $y = 0; if($first =="yes"){ $src_path ="$folder_url"; } else{ $src_path ="$folder_url/$cat"; } for ($y=$prev; $y<=$next; $y++) { $x++; $get_filename = $array[$y] ; $image_file .=" <img class='Hoteditor_Select' STYLE=\"cursor:hand;cursor:pointer\" onClick=\"InsertImage('$src_path/$get_filename');\" onMouseover=\"this.className='Hoteditor_Select_Over';\" onMouseout=\"this.className='Hoteditor_Select';\" align=absmiddle src=$src_path/$get_filename> \n"; if($x==$pic_per_row) { $image_file .="<hr class=HR_Color>\n"; $x=0; } } if ($total_pic == 0){ $image_file ="<p align=center><font face=Verdana size=1><b>No image found in this category.</b></font></p>" ; } # Display Page Number ------------------------------------------------------------------------ $b = intval(($total_pic / $pic_per_page) + 1); $display_page_number .="<font face='verdana' size=1>Page: {A}"; $x = 0; $y = 0; for($a_num=1; $a_num<=$b; $a_num++) { $y++; if ($y == $page) { $display_page_number .=" <font color=red>$a_num</font> "; } else { $display_page_number .=" <span style=\"cursor:pointer;cursor:hand;text-decoration:underline;font-weight: bold;\" onmousedown=\"location.href='$script_url?what=$what&page=$a_num&cat=$cat'\">$a_num</span> "; } } $display_page_number .=" </font>"; if ($page > 1) { $page_pr = $page - 1 ; $dpn ="<span style=\"cursor:pointer;cursor:hand;text-decoration:underline;font-weight: bold;\" onmousedown=\"location.href='$script_url?what=$what&page=$page_pr&cat=$cat'\"><img border=0 src=$richedit_url/prv.gif align='absmiddle' alt='Previous page: $page_pr'></span>"; $display_page_number = str_replace("{A}", $dpn, $display_page_number); } else{ $display_page_number = str_replace("{A}", "", $display_page_number); } if ($page < $y) { $page_ne = $page + 1 ; $display_page_number .=" <span style=\"cursor:pointer;cursor:hand;text-decoration:underline;font-weight: bold;\" onmousedown=\"location.href='$script_url?what=$what&page=$page_ne&cat=$cat'\"><img border=0 src=$richedit_url/next.gif align='absmiddle' alt='Next page: $page_ne'></span>"; } $cat2 = str_replace("_"," ",$cat); if ($first =="yes"){ $display_home_more ="<span style=\"cursor:pointer;cursor:hand;text-decoration:underline;font-weight: bold;\" onmousedown=\"location.href='$script_url?what=$what&step=1'\">Click here for more images</span>"; } else{ $display_home_more ="<span style=\"cursor:pointer;cursor:hand;text-decoration:underline;font-weight: bold;\" onmousedown=\"location.href='$script_url?what=$what&step=1'\">Home</span>"; } print<<<EOF <html><head> <script> if(self.parent.styles_folder_path){ var get_styles_folder_path = self.parent.styles_folder_path; var richselected = 1; var my_document =self.parent; var getcurrentrte=self.parent.currenteditor; var my_editor_type=self.parent.editor_type; } else{ var get_styles_folder_path = window.opener.styles_folder_path; var richselected = 0; var my_document =window.opener; var getcurrentrte=window.opener.currenteditor; var my_editor_type=window.opener.editor_type; } get_styles_folder_path=get_styles_folder_path.replace("richedit/",""); document.writeln("<style type=text/css>@import url(" + get_styles_folder_path + "/style.css);</style>"); document.writeln("<style type=text/css>@import url(" + get_styles_folder_path + "/style_popup_layer.css);</style>"); </script> <script language="JavaScript" type="text/javascript"> var my_what ="$what"; if(my_what=="smileys"){ my_document.Set_smiles_path("$script_url?$q_string"); } if(my_what=="wordarts"){ my_document.Set_wordarts_path("$script_url?$q_string"); } if(my_what=="cliparts"){ my_document.Set_cliparts_path("$script_url?$q_string"); } function InsertImage(data) { if(my_document.isKonqueror){ my_document.InsertTextArea(data); window.close(); return false; } else if(my_editor_type==1){ if(my_document.isSafari){ window.opener.SafariInsertImage(data); } else{ if(my_what =="smileys"){ my_document.InsertSymbol("<img border=0 src='" + data + "'> "); } else{ my_document.InsertSymbol("<br><img border=0 src='" + data + "'><br> "); } my_document.close_insert_pop(); } } else{ my_document.InsertTextArea(data); } if(richselected != 1)window.close(); } </script> <style fprolloverstyle>A:hover {color: #008000} </style> </head> <body leftmargin="0" rightmargin="0" marginwidth="0" marginheight="0" topmargin="0" bottommargin="0"> <table border="0" cellpadding="3" cellspacing="3" style="border-collapse: collapse" width="360" > <tr> <td width="68%"><font face=verdana size=1>$display_home_more / $cat2 <font color=red>($total_pic)</font></font></td> <td width="32%" align="right">$drop_down</td> </tr> </table> <hr class=HR_Color> <div style="overflow:auto;height:280;width:100%" align="center"> $display_page_number <br><br> <table cellpadding="0" cellspacing="0" border="0" style="border-collapse: collapse" bordercolor="#111111" height="37" width="90%"> <tr> <td align="center" height="27" > $image_file </td> </tr> </table> </div><br><br> </body> </html> EOF; } function random_img_cat($folder,$what){ global $richedit_dir; $x=0; $rand_array=""; if ($fh = opendir("$richedit_dir/$what/$folder")) { while (($get_item = readdir($fh)) !== false) { if ($get_item != "." && $get_item != ".." && strpos($get_item,".gif") || strpos($get_item,".png") || strpos($get_item,".jpg")) { $rand_array .="$get_item\n"; $x++; } } closedir($fh); } $array = explode("\n", $rand_array); $num = rand(0,$x-1); $img_file = "$array[$num]"; $x=0; return $img_file; } //-------------------------------------------------------------------------------- //Get eCard URL function get_site_url(){ global $SERVER_VARS; $server_name = htmlspecialchars(htmlentities(addslashes($SERVER_VARS['SERVER_NAME']))); $scr_path = htmlspecialchars(htmlentities(addslashes($SERVER_VARS['PHP_SELF']))) ; $dir_name = htmlspecialchars(htmlentities(addslashes(pathinfo($scr_path)))); $dir_list = split("\/",$dir_name['dirname']); $c = count($dir_list); $tmp = ""; for ($i=0; $i<$c;$i++){ if ($dir_list[$i] !="") $tmp .= "/$dir_list[$i]"; } return "http://$server_name$tmp"; } ?> Link to comment https://forums.phpfreaks.com/topic/174223-check-for-security-coding/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.