antapt-scandreqgeo-modmetarkbaselinwinlug-mmnix-filesOpenInventorypytwidcppqbwww_nix-files

BlueGreycalmElegant

Català-Valencià - Catalan中文 - Chinese (Simplified)中文 - Chinese (Traditional)Česky - CzechDansk - DanishNederlands - DutchEnglish - EnglishSuomi - FinnishFrançais - FrenchDeutsch - Germanעברית - Hebrewहिंदी - HindiMagyar - HungarianBahasa Indonesia - IndonesianItaliano - Italian日本語 - Japanese한국어 - KoreanМакедонски - Macedonianमराठी - MarathiNorsk - NorwegianPolski - PolishPortuguês - PortuguesePortuguês - Portuguese (Brazil)Русский - RussianSlovenčina - SlovakSlovenščina - SlovenianEspañol - SpanishSvenska - SwedishTürkçe - TurkishУкраїнська - UkrainianOëzbekcha - Uzbek

Сравнить редакции

• Такое сравнение показывает изменения, нужные для для преобразования пути

  → /trunk/ @ 208

  → /trunk/ @ 209

  ↔ Обратное сравнение

• Сравнить путь:	Rev

  С путем:	Rev

Не учитывать пробелы Редакция 208 → Редакция 209

/trunk/feed.php
21,7 → 21,7
require_once dirname(__FILE__)."/lib/init.php";
$mode = abs(intval($_GET["atom"]));
$mode = $secure->wrapInt($_GET["atom"]);
// RSS 2.0 - $mode = 0
// Atom 1.0 - $mode = 1
45,10 → 45,10
if ($query->numRows()>0) {
while ($query->fetchInto($log, DB_FETCHMODE_ASSOC)) {
$result .= "<item>\n";
$result .= "<title>".stripslashes($log["log_title"])."</title>\n";
$result .= "<title>".$secure->stripStr($log["log_title"])."</title>\n";
$result .= "<link>http://".$_SERVER["HTTP_HOST"].dirname($_SERVER["PHP_SELF"])."/changelog.php?id=".$log["log_id"]."</link>\n";
$result .= "<pubDate>".date("r",strtotime($log["log_record"]))."</pubDate>\n";
$result .= "<description><![CDATA[".stripslashes($log["log_desc"])."]]></description>\n";
$result .= "<description><![CDATA[".$secure->stripStr($log["log_desc"])."]]></description>\n";
$result .= "<guid isPermaLink=\"false\">".md5("http://".$_SERVER["HTTP_HOST"].dirname($_SERVER["PHP_SELF"])."/changelog.php?id=".$log["log_id"])."</guid>\n";
$result .= "</item>\n";
}
74,9 → 74,9
if ($query->numRows()>0) {
while ($query->fetchInto($log, DB_FETCHMODE_ASSOC)) {
$result .= "<entry>\n";
$result .= "<title type=\"html\">".stripslashes($log["log_title"])."</title>\n";
$result .= "<title type=\"html\">".$secure->stripStr($log["log_title"])."</title>\n";
$result .= "<link href=\"http://".$_SERVER["HTTP_HOST"].dirname($_SERVER["PHP_SELF"])."/changelog.php?id=".$log["log_id"]."\" />\n";
$result .= "<summary type=\"html\"><![CDATA[".stripslashes($log["log_desc"])."]]></summary>\n";
$result .= "<summary type=\"html\"><![CDATA[".$secure->stripStr($log["log_desc"])."]]></summary>\n";
$result .= "<id>urn:uuid:".$core->getUUID("http://".$_SERVER["HTTP_HOST"].dirname($_SERVER["PHP_SELF"])."/changelog.php?id=".$log["log_id"])."</id>\n";
$updated = str_replace(" ","T",$log["log_record"]);
$updated .= "+06:00";

/trunk/index.php
33,7 → 33,7
if ($req->numRows()>0) {
$req->fetchInto($if, DB_FETCHMODE_ASSOC);
$file = dirname(__FILE__)."/".stripslashes($if["optvalue"]).".php";
$file = dirname(__FILE__)."/".$secure->stripStr($if["optvalue"]).".php";
}
} else {

/trunk/m-process.php
22,9 → 22,9
require_once dirname(__FILE__)."/lib/init.php";
$dist = abs(intval($_GET["d"]));
$vers = abs(intval($_GET["v"]));
$status = abs(intval($_GET["status"]));
$dist = $secure->wrapInt($_GET["d"]);
$vers = $secure->wrapInt($_GET["v"]);
$status = $secure->wrapInt($_GET["status"]);
header('Content-Type: text/html; charset=utf-8');
if($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
31,7 → 31,7
// hacks for Konqueror's error on jQuery
if (preg_match("/konqueror/i",$_SERVER["HTTP_USER_AGENT"])) {
$dist_konq = mysql_real_escape_string($_GET["d"]);
$dist_konq = $secure->wrapStr($_GET["d"]);
$query =& $db->query("SELECT * FROM distribution WHERE distname LIKE '$dist_konq'");
$query->fetchInto($distro, DB_FETCHMODE_ASSOC);
$dist = $distro["dist_id"];
45,11 → 45,11
$query =& $db->query("SELECT * FROM version v JOIN distribution d ON d.dist_id=v.dist_id WHERE v.dist_id='$dist'");
while ($query->fetchInto($version, DB_FETCHMODE_ASSOC)) {
if ($version["vname"]!="") {
$distname = stripslashes($version["vname"]);
$distname = $secure->stripStr($version["vname"]);
} else {
$distname = "";
}
$result .= ',{value:"'.$version["version_id"].'",text:"'.stripslashes($version["version"]).' '.$distname.'"}';
$result .= ',{value:"'.$version["version_id"].'",text:"'.$secure->stripStr($version["version"]).' '.$distname.'"}';
}
$result .= ']';
break;

/trunk/sign-check.php
23,8 → 23,8
require_once dirname(__FILE__)."/lib/init.php";
$auth = mysql_real_escape_string($_POST["signName"]);
$pass = mysql_real_escape_string($_POST["signPass"]);
$auth = $secure->wrapStr($_POST["signName"]);
$pass = $secure->wrapStr($_POST["signPass"]);
$securepass = md5($pass."ANT");

/trunk/process.php
23,8 → 23,8
require_once dirname(__FILE__)."/sign-valid.php";
$mode = abs(intval($_POST["mode"]));
$act = abs(intval($_POST["act"]));
$mode = $secure->wrapInt($_POST["mode"]);
$act = $secure->wrapInt($_POST["act"]);
$go = "./admin.php";
37,15 → 37,15
break;
case '1':
// Добавление нового дистрибутива
$distname = mysql_real_escape_string($_POST["distName"]);
$distua = mysql_real_escape_string($_POST["distUA"]);
$disttype = abs(intval($_POST["distType"]));
$distname = $secure->wrapStr($_POST["distName"]);
$distua = $secure->wrapStr($_POST["distUA"]);
$disttype = $secure->wrapInt($_POST["distType"]);
$distlogo = 0;
if ($_FILES["distLOGO"]["type"]!=0) {
$folder = dirname(__FILE__)."/img/logo/".stripslashes($distua)."-orig.png";
$folderN = dirname(__FILE__)."/img/logo/".stripslashes($distua).".png";
$folderEM = dirname(__FILE__)."/img/logo/".stripslashes($distua)."-em.png";
$folder = dirname(__FILE__)."/img/logo/".$secure->stripStr($distua)."-orig.png";
$folderN = dirname(__FILE__)."/img/logo/".$secure->stripStr($distua).".png";
$folderEM = dirname(__FILE__)."/img/logo/".$secure->stripStr($distua)."-em.png";
if (move_uploaded_file($_FILES["distLOGO"]["tmp_name"],$folder)) {
chmod($folder, 0644);
list($width, $height) = GetImageSize($folder);
79,7 → 79,7
$res =& $db->query("SELECT * FROM dtype WHERE type_id='$disttype'");
$res->fetchInto($log, DB_FETCHMODE_ASSOC);
$title = "Добавлен новый дистрибутив";
$dinfo = "В Ant добавлена поддержка основанного на ".stripslashes($log["type"])."-пакетах дистрибутива ".$distname.".";
$dinfo = "В Ant добавлена поддержка основанного на ".$secure->stripStr($log["type"])."-пакетах дистрибутива ".$distname.".";
$res =& $db->query("INSERT INTO changelog SET log_record=NOW(), log_title='$title', log_desc='$dinfo'");
$go .= "?mode=".$mode."&action=0";
87,10 → 87,10
break;
case '2':
// Правка существующего дистрибутива
$distname = mysql_real_escape_string($_POST["distName"]);
$distua = mysql_real_escape_string($_POST["distUA"]);
$disttype = abs(intval($_POST["distType"]));
$distID = abs(intval($_POST["distID"]));
$distname = $secure->wrapStr($_POST["distName"]);
$distua = $secure->wrapStr($_POST["distUA"]);
$disttype = $secure->wrapInt($_POST["distType"]);
$distID = $secure->wrapInt($_POST["distID"]);
if ($_FILES["distLOGO"]["type"]!='') {
$folder = dirname(__FILE__)."/img/logo/".$distua."-orig.png";
136,7 → 136,7
break;
case '3':
// Удаление существующего дистрибутива
$distID = abs(intval($_POST["distID"]));
$distID = $secure->wrapInt($_POST["distID"]);
$distUA = $_POST["distUA"];
$folder1 = dirname(__FILE__)."/img/logo/".$distUA."-em.png";
154,7 → 154,7
// ChangeLog recording
$title = "Удаление поддержки дистрибутива";
$dinfo = "Из Ant удалена поддержка основанного на ".stripslashes($log["type"])."-пакетах дистрибутива ".stripslashes($log["distname"]).".";
$dinfo = "Из Ant удалена поддержка основанного на ".$secure->stripStr($log["type"])."-пакетах дистрибутива ".$secure->stripStr($log["distname"]).".";
$res =& $db->query("INSERT INTO changelog SET log_record=NOW(), log_title='$title', log_desc='$dinfo'");
$go .= "?mode=".$mode."&action=0";
168,10 → 168,10
break;
case '1':
// Добавление новой версии дистрибутива
$versname = mysql_real_escape_string($_POST["versNam"]);
$versnumb = mysql_real_escape_string($_POST["versNum"]);
$verscode = mysql_real_escape_string($_POST["versCN"]);
$distname = abs(intval($_POST["distName"]));
$versname = $secure->wrapStr($_POST["versNam"]);
$versnumb = $secure->wrapStr($_POST["versNum"]);
$verscode = $secure->wrapStr($_POST["versCN"]);
$distname = $secure->wrapInt($_POST["distName"]);
$res =& $db->query("INSERT INTO version SET dist_id='$distname', vname='$versname', version='$versnumb', vcodename='$verscode'");
192,11 → 192,11
break;
case '2':
// Правка имеющейся версии дистрибутива
$versname = mysql_real_escape_string($_POST["versNam"]);
$versnumb = mysql_real_escape_string($_POST["versNum"]);
$verscode = mysql_real_escape_string($_POST["versCN"]);
$distname = abs(intval($_POST["distName"]));
$versID = abs(intval($_POST["versID"]));
$versname = $secure->wrapStr($_POST["versNam"]);
$versnumb = $secure->wrapStr($_POST["versNum"]);
$verscode = $secure->wrapStr($_POST["versCN"]);
$distname = $secure->wrapInt($_POST["distName"]);
$versID = $secure->wrapInt($_POST["versID"]);
$res =& $db->query("UPDATE version SET dist_id='$distname', vname='$versname', version='$versnumb', vcodename='$verscode' WHERE version_id='$versID'");
205,7 → 205,7
break;
case '3':
// Удаление существующей версии дистрибутива
$versID = abs(intval($_POST["versID"]));
$versID = $secure->wrapInt($_POST["versID"]);
$res =& $db->query("SELECT * FROM version v JOIN distribution d ON v.dist_id=d.dist_id WHERE v.version_id='$versID'");
$res->fetchInto($log, DB_FETCHMODE_ASSOC);
233,20 → 233,20
break;
case '1':
// Добавление нового источника
$origin = mysql_real_escape_string($_POST["origin"]);
$origin = $secure->wrapStr($_POST["origin"]);
$res =& $db->query("INSERT INTO origin SET origin='$origin'");
$go .= "?mode=".$mode."&action=0";
break;
case '2':
// Правка существующего источника
$origin = mysql_real_escape_string($_POST["origin"]);
$id = abs(intval($_POST["originID"]));
$origin = $secure->wrapStr($_POST["origin"]);
$id = $secure->wrapInt($_POST["originID"]);
$res =& $db->query("UPDATE origin SET origin='$origin' WHERE orig_id='$id'");
$go .= "?mode=$mode&action=0";
break;
case '3':
// Удаление существующего источника
$id = abs(intval($_POST["originID"]));
$id = $secure->wrapInt($_POST["originID"]);
$res =& $db->query("DELETE FROM rep2orig WHERE orig_id='$id'");
$res =& $db->query("DELETE FROM origin WHERE orig_id='$id'");
$go .= "?mode=".$mode."&action=0";
259,13 → 259,13
break;
case '1':
// Добавление нового репозитория
$versID = abs(intval($_POST["vers"]));
$repname = mysql_real_escape_string($_POST["repName"]);
$repinfo = mysql_real_escape_string($_POST["repInfo"]);
$repsche = abs(intval($_POST["scheme"]));
$origin = abs(intval($_POST["orign"]));
$reproot = abs(intval($_POST["rootFolder"]));
$default = abs(intval($_POST["default"]));
$versID = $secure->wrapInt($_POST["vers"]);
$repname = $secure->wrapStr($_POST["repName"]);
$repinfo = $secure->wrapStr($_POST["repInfo"]);
$repsche = $secure->wrapInt($_POST["scheme"]);
$origin = $secure->wrapInt($_POST["orign"]);
$reproot = $secure->wrapInt($_POST["rootFolder"]);
$default = $secure->wrapInt($_POST["default"]);
$res =& $db->query("INSERT INTO repository SET repname='$repname', repdescribe='$repinfo', scheme_id='$repsche', orig_id='$origin', root_id='$reproot', default='$default'");
$res =& $db->query("SELECT rep_id FROM repository ORDER BY rep_id DESC LIMIT 1");
283,12 → 283,12
break;
case '2':
// Правка репозитория
$repID = abs(intval($_POST["rep"]));
$repname = mysql_real_escape_string($_POST["repName"]);
$repinfo = mysql_real_escape_string($_POST["repInfo"]);
$repsche = abs(intval($_POST["scheme"]));
$origin = abs(intval($_POST["origin"]));
$reproot = abs(intval($_POST["rootFolder"]));
$repID = $secure->wrapInt($_POST["rep"]);
$repname = $secure->wrapStr($_POST["repName"]);
$repinfo = $secure->wrapStr($_POST["repInfo"]);
$repsche = $secure->wrapInt($_POST["scheme"]);
$origin = $secure->wrapInt($_POST["origin"]);
$reproot = $secure->wrapInt($_POST["rootFolder"]);
if($_POST["default"]=="on") {$default=1;} else {$default=0;};
$res =& $db->query("UPDATE repository SET repname='$repname', repdescribe='$repinfo', scheme_id='$repsche', orig_id='$origin', root_id='$reproot', default='$default' WHERE rep_id='$repID'");
302,7 → 302,7
break;
case '3':
// Удаление репозитория
$repID = abs(intval($_POST["rep"]));
$repID = $secure->wrapInt($_POST["rep"]);
$res =& $db->query("DELETE FROM repository WHERE rep_id='$repID'");
$res =& $db->query("DELETE FROM sect2rep WHERE rep_id='$repID'");
319,8 → 319,8
break;
case '1':
// Создание секции
$sectname = mysql_real_escape_string($_POST["sectName"]);
$sectinfo = mysql_real_escape_string($_POST["sectInfo"]);
$sectname = $secure->wrapStr($_POST["sectName"]);
$sectinfo = $secure->wrapStr($_POST["sectInfo"]);
$req =& $db->query("INSERT INTO section SET sectname='$sectname', sectinfo='$sectinfo'");
$req =& $db->query("SELECT sect_id FROM section ORDER BY sect_id DESC LIMIT 1");
335,9 → 335,9
break;
case '2':
// Правка секции
$sectID = abs(intval($_POST["sectID"]));
$sectname = mysql_real_escape_string($_POST["sectName"]);
$sectinfo = mysql_real_escape_string($_POST["sectInfo"]);
$sectID = $secure->wrapInt($_POST["sectID"]);
$sectname = $secure->wrapStr($_POST["sectName"]);
$sectinfo = $secure->wrapStr($_POST["sectInfo"]);
$req =& $db->query("UPDATE section SET sectname='$sectname', sectinfo='$sectinfo' WHERE sect_id='$sectID'");
$req =& $db->query("DELETE FROM sect2dist WHERE sect_id='$sectID'");
351,7 → 351,7
break;
case '3':
// Удаление секции
$sectID = abs(intval($_POST["sectID"]));
$sectID = $secure->wrapInt($_POST["sectID"]);
$req =& $db->query("DELETE FROM section WHERE sect_id='$sectID'");
$req =& $db->query("DELETE FROM sect2dist WHERE sect_id='$sectID'");
368,20 → 368,20
break;
case '1':
// Добавление новой схемы
$scheme = mysql_real_escape_string($_POST["scheme"]);
$scheme = $secure->wrapStr($_POST["scheme"]);
$req =& $db->query("INSERT INTO scheme SET scheme='$scheme'");
$go .= "?mode=".$mode."&act=0";
break;
case '2':
// Правка схемы
$schemeID = abs(intval($_POST["schemeID"]));
$scheme = mysql_real_escape_string($_POST["scheme"]);
$schemeID = $secure->wrapInt($_POST["schemeID"]);
$scheme = $secure->wrapStr($_POST["scheme"]);
$req =& $db->query("UPDATE scheme SET scheme='$scheme' WHERE scheme_id='$schemeID'");
$go .= "?mode=".$mode."&act=0";
break;
case '3':
// Удаление схемы
$schemeID = abs(intval($_POST["schemeID"]));
$schemeID = ($secure->wrapInt($_POST["schemeID"]));
$req =& $db->query("DELETE FROM scheme WHERE scheme_id='$schemeID'");
$go .= "?mode=".$mode."&act=0";
break;
393,20 → 393,20
break;
case '1':
// Добавление нового типа репозитория
$rtype = mysql_real_escape_string($_POST["rtype"]);
$rtype = $secure->wrapStr($_POST["rtype"]);
$req =& $db->query("INSERT INTO rtype SET rtype='$rtype'");
$go .= "?mode=".$mode."&act=0";
break;
case '2':
// Правка существующего типа репозитория
$rtypeID = abs(intval($_POST["rtypeID"]));
$rtype = mysql_real_escape_string($_POST["rtype"]);
$rtypeID = $secure->wrapInt($_POST["rtypeID"]);
$rtype = $secure->wrapStr($_POST["rtype"]);
$req =& $db->query("UPDATE rtype SET rtype='$rtype' WHERE rtype_id='$rtypeID'");
$go .= "?mode=".$mode."&act=0";
break;
case '3':
// Удаление типа репозитория
$rtypeID = abs(intval($_POST["rtypeID"]));
$rtypeID = $secure->wrapInt($_POST["rtypeID"]);
$req =& $db->query("DELETE FROM rtype WHERE rtype_id='$rtypeID'");
$go .= "?mode=".$mode."&act=0";
break;
418,20 → 418,20
break;
case '1':
// Создание корневой папки репозиториев
$root = mysql_real_escape_string($_POST["rootFolder"]);
$root = $secure->wrapStr($_POST["rootFolder"]);
$req =& $db->query("INSERT INTO root SET root_folder='$root'");
$go .= "?mode=".$mode."&act=0";
break;
case '2':
// Редактирование корневой папки репозиториев
$root_id = abs(intval($_POST["rootID"]));
$root_fd = mysql_real_escape_string($_POST["rootFolder"]);
$root_id = $secure->wrapInt($_POST["rootID"]);
$root_fd = $secure->wrapStr($_POST["rootFolder"]);
$req =& $db->query("UPDATE root SET root_folder='$root_fd' WHERE root_id='$root_id'");
$go .= "?mode=".$mode."&act=0";
break;
case '3':
// Удаление корневой папки репозиториев
$root_id = abs(intval($_POST["rootID"]));
$root_id = $secure->wrapInt($_POST["rootID"]);
$req =& $db->query("DELETE FROM root WHERE root_id='$root_id'");
$go .= "?mode=".$mode."&act=0";
break;
443,22 → 443,22
break;
case '1':
// Добавление новой настройки Ant
$option = mysql_real_escape_string($_POST["setoption"]);
$value = mysql_real_escape_string($_POST["setvalue"]);
$option = $secure->wrapStr($_POST["setoption"]);
$value = $secure->wrapStr($_POST["setvalue"]);
$req =& $db->query("INSERT INTO settings SET opt='$option', optvalue='$value'");
$go .= "?mode=".$mode."&act=0";
break;
case '2':
// Правка настройки Ant
$optID = abs(intval($_POST["optID"]));
$option = mysql_real_escape_string($_POST["setoption"]);
$value = mysql_real_escape_string($_POST["setvalue"]);
$optID = $secure->wrapInt($_POST["optID"]);
$option = $secure->wrapStr($_POST["setoption"]);
$value = $secure->wrapStr($_POST["setvalue"]);
$req =& $db->query("UPDATE settings SET opt='$option', optvalue='$value' WHERE opt_id='$optID'");
$go .= "?mode=".$mode."&act=0";
break;
case '3':
// Удаление настройки
$optID = abs(intval($_POST["optID"]));
$optID = $secure->wrapInt($_POST["optID"]);
$req =& $db->query("DELETE FROM settings WHERE opt_id='$optID'");
$go .= "?mode=".$mode."&act=0";
break;
470,8 → 470,8
break;
case '1':
// Добавление интерфейса
$ifname = mysql_real_escape_string($_POST["ifname"]);
$ifinfo = mysql_real_escape_string($_POST["ifinfo"]);
$ifname = $secure->wrapStr($_POST["ifname"]);
$ifinfo = $secure->wrapStr($_POST["ifinfo"]);
$ifname = str_replace(".php","",$ifname);
$req =& $db->query("INSERT INTO interfaces SET interface='$ifname', interfaceinfo='$ifinfo'");
$go .= "?mode=".$mode."&act=0";
478,9 → 478,9
break;
case '2':
// Правка интерфейса
$ifname = mysql_real_escape_string($_POST["ifname"]);
$ifinfo = mysql_real_escape_string($_POST["ifinfo"]);
$if = abs(intval($_POST["if"]));
$ifname = $secure->wrapStr($_POST["ifname"]);
$ifinfo = $secure->wrapStr($_POST["ifinfo"]);
$if = $secure->wrapInt($_POST["if"]);
$ifname = str_replace(".php","",$ifname);
$req =& $db->query("UPDATE interfaces SET interface='$ifname', interfaceinfo='$ifinfo' WHERE if_id='$if'");
$go .= "?mode=".$mode."&act=0";
487,7 → 487,7
break;
case '3':
// Удаление интерфейса
$if = abs(intval($_POST["if"]));
$if = $secure->wrapInt($_POST["if"]);
$req =& $db->query("DELETE FROM interfaces WHERE if_id='$if'");
$go .= "?mode=".$mode."&act=0";
break;
497,10 → 497,10
switch ($act) {
case '0':
// Смена пароля
// $OID = abs(intval($_POST["OID"]));
$oldpass = mysql_real_escape_string($_POST["oldPW"]);
$newpass1 = mysql_real_escape_string($_POST["newPW1"]);
$newpass2 = mysql_real_escape_string($_POST["newPW2"]);
// $OID = $secure->wrapInt($_POST["OID"]);
$oldpass = $secure->wrapStr($_POST["oldPW"]);
$newpass1 = $secure->wrapStr($_POST["newPW1"]);
$newpass2 = $secure->wrapStr($_POST["newPW2"]);
$errpwd = 0;
$spass = md5($newpass1."ANT");

/trunk/get.php
31,7 → 31,7
$query =& $db->query("SELECT * FROM settings");
$settings = array();
while ($query->fetchInto($setting, DB_FETCHMODE_ASSOC)) {
$settings[stripslashes($setting["opt"])] = stripslashes($setting["optvalue"]);
$settings[$secure->stripStr($setting["opt"])] = $secure->stripStr($setting["optvalue"]);
};
$query =& $db->query("SELECT * FROM version v JOIN distribution d ON d.dist_id=v.dist_id JOIN dtype p ON d.disttype=p.type_id WHERE v.dist_id='$dist' AND v.version_id='$vers'");
42,23 → 42,23
$result = "# Ant: sources.list generator :: http://track.altlug.ru/project/show/ant\n\n";
while ($query->fetchInto($resinfo, DB_FETCHMODE_ASSOC)) {
$repscheme = stripslashes($resinfo["scheme"]);
$repscheme = $secure->stripStr($resinfo["scheme"]);
$querysect =& $db->query("SELECT * FROM section s JOIN sect2rep r ON s.sect_id=r.sect_id WHERE
r.rep_id='$resinfo[rep_id]'");
$sections = "";
while ($querysect->fetchInto($section,DB_FETCHMODE_ASSOC)) {
$sections .= stripslashes($section["sectname"])." ";
$sections .= $secure->stripStr($section["sectname"])." ";
}
$repscheme = str_replace("{TYPE}",stripslashes($infodist["type"]),$repscheme);
$repscheme = str_replace("{TYPE}",$secure->stripStr($infodist["type"]),$repscheme);
$repscheme = str_replace("{PROTO}",$settings["proto"],$repscheme);
$repscheme = str_replace("{URL}",$settings["url"],$repscheme);
$repscheme = str_replace("{REP}",stripslashes($resinfo["repname"]),$repscheme);
$repscheme = str_replace("{DIST}",stripslashes($infodist["vcodename"]),$repscheme);
$repscheme = str_replace("{REP}",$secure->stripStr($resinfo["repname"]),$repscheme);
$repscheme = str_replace("{DIST}",$secure->stripStr($infodist["vcodename"]),$repscheme);
$repscheme = str_replace("{SECT}",$sections,$repscheme);
$result .= "# ".stripslashes($resinfo["repdescribe"])."\n".$repscheme."\n\n";
$result .= "# ".$secure->stripStr($resinfo["repdescribe"])."\n".$repscheme."\n\n";
}
$HTTPHeader1 = "Content-type: text/plain";

/trunk/lib/init.php
40,6 → 40,7
$query =& $db->query("SET NAMES utf8");
$core = new Core;
$secure = new Security;
$smarty = new Smarty;
$smarty->compile_check = true;

/trunk/lib/security.php
Новый файл
0,0 → 1,38
<?php
/**
* Project: Ant: sources.list generator
* File: security.php
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
*/
class Security {
// Wrapper for numbers
function wrapInt($data) {
return abs(intval($data));
}
// Wrapper for string
function wrapStr($data) {
return mysql_real_escape_string($data);
}
// Cleaner for string
function stripStr($data) {
return stripslashes($data);
}
}
?>

/trunk/oops.php
20,7 → 20,7
*
*/
$errata = abs(intval($_GET["error"]));
$errata = $secure->wrapInt($_GET["error"]));
include dirname(__FILE__)."/lib/init.php";
switch ($errata) {

/trunk/classic.php
22,13 → 22,13
require_once dirname(__FILE__)."/lib/init.php";
$status = abs(intval($_GET["step"]));
$dist = abs(intval($_GET["d"]));
$vers = abs(intval($_GET["v"]));
$status = $secure->wrapInt($_GET["step"]);
$dist = $secure->wrapInt($_GET["d"]);
$vers = $secure->wrapInt($_GET["v"]);
$query =& $db->query("SELECT * FROM distribution");
while ($query->fetchInto($data, DB_FETCHMODE_ASSOC)) {
$linux .= "<p><input type='radio' name='d' value='".$data["dist_id"]."'><span class='".stripslashes($data["distua"])."'>".stripslashes($data["distname"])."</span></p>\n";
$linux .= "<p><input type='radio' name='d' value='".$data["dist_id"]."'><span class='".$secure->stripStr($data["distua"])."'>".$secure->stripStr($data["distname"])."</span></p>\n";
}
if (!isset($status)) { $status = 0; };
38,11 → 38,11
$distvers = "<p><input type='hidden' name='d' value='".$dist."'></p>\n";
while ($query->fetchInto($version, DB_FETCHMODE_ASSOC)) {
if ($version["vname"]!="") {
$distname = "&#8220;".stripslashes($version["vname"])."&#8221;";
$distname = "&#8220;".$secure->stripStr($version["vname"])."&#8221;";
} else {
$distname = "";
}
$distvers .= "<p><input type='radio' name='v' value='".$version["version_id"]."' /><span class='".stripslashes($version["distua"])."'>".stripslashes($version["distname"])." ".stripslashes($version["version"])." ".$distname."</span></p>\n";
$distvers .= "<p><input type='radio' name='v' value='".$version["version_id"]."' /><span class='".$secure->stripStr($version["distua"])."'>".$secure->stripStr($version["distname"])." ".$secure->stripStr($version["version"])." ".$distname."</span></p>\n";
}
}
57,9 → 57,9
$distname = "";
if ($infodist["vname"]!="") {
$distname = "&#8220;".stripslashes($infodist["vname"])."&#8221;";
$distname = "&#8220;".$secure->stripStr($infodist["vname"])."&#8221;";
}
$info = "<h2>Доступные репозитории для <em class='".stripslashes($infodist["distua"])."-em'>".stripslashes($infodist["distname"])." ".stripslashes($infodist["version"])." ".$distname."</em></h2>";
$info = "<h2>Доступные репозитории для <em class='".$secure->stripStr($infodist["distua"])."-em'>".$secure->stripStr($infodist["distname"])." ".$secure->stripStr($infodist["version"])." ".$distname."</em></h2>";
$result = "<p>Скопируйте эти строки в файл <span id='sourceslist'>/etc/apt/sources.list</span>:</p><pre>";
$result .= $core->getRepList($dist,$vers,$db);
$result .= "</pre>";

/trunk/modern.php
91,7 → 91,7
$query =& $db->query("SELECT * FROM distribution");
while ($query->fetchInto($data, DB_FETCHMODE_ASSOC)) {
$linux .= "<option value='".$data["dist_id"]."'>".stripslashes($data["distname"])."</option>\n";
$linux .= "<option value='".$data["dist_id"]."'>".$secure->stripStr($data["distname"])."</option>\n";
}
$modern .= "<h2>Генератор sources.list</h2>";

/trunk/changelog.php
23,21 → 23,21
require_once dirname(__FILE__)."/lib/init.php";
$ID = abs(intval($_GET["id"]));
$skip = abs(intval($_GET["skip"]));
$ID = $secure->wrapInt($_GET["id"]);
$skip = $secure->wrapInt($_GET["skip"]);
if ($ID>0) {
$query =& $db->query("SELECT * FROM changelog WHERE log_id='$ID'");
$query->fetchInto($log, DB_FETCHMODE_ASSOC);
$result = "<h2>".stripslashes($log["log_title"])."</h2>";
$result .= "<p>".stripslashes($log["log_desc"])."</p>";
$result .= "<p class='time'>Запись сделана ".stripslashes($log["log_record"])." &bull; <a href='./changelog.php'>Весь список изменений</a></p>";
$result = "<h2>".$secure->stripStr($log["log_title"])."</h2>";
$result .= "<p>".$secure->stripStr($log["log_desc"])."</p>";
$result .= "<p class='time'>Запись сделана ".$secure->stripStr($log["log_record"])." &bull; <a href='./changelog.php'>Весь список изменений</a></p>";
} else {
$query =& $db->query("SELECT * FROM changelog ORDER BY log_id DESC");
if ($query->numRows()>0) {
$result = "<ul id='log'>";
while($query->fetchInto($log, DB_FETCHMODE_ASSOC)) {
$result .= "<li>".stripslashes($log["log_record"])." &bull; <a href='./changelog.php?id=".$log["log_id"]."'>".stripslashes($log["log_title"])."</a></li>";
$result .= "<li>".$secure->stripStr($log["log_record"])." &bull; <a href='./changelog.php?id=".$log["log_id"]."'>".$secure->stripStr($log["log_title"])."</a></li>";
}
$result .= "</ul>";
}

/trunk/admin.php
23,10 → 23,10
require_once dirname(__FILE__)."/sign-valid.php";
$mode = abs(intval($_GET["mode"]));
$act = abs(intval($_GET["action"]));
$uid = abs(intval($_GET["uid"]));
$err = abs(intval($_GET["error"]));
$mode = $secure->wrapInt($_GET["mode"]);
$act = $secure->wrapInt($_GET["action"]);
$uid = $secure->wrapInt($_GET["uid"]);
$err = $secure->wrapInt($_GET["error"]);
// Admin file/interface
$admin = "./admin.php";
94,10 → 94,10
$verlist = "";
$sreq =& $db->query("SELECT * FROM version WHERE dist_id='".$info["dist_id"]."'");
while ($sreq->fetchInto($sinfo, DB_FETCHMODE_ASSOC)) {
$verlist .= "<em>".stripslashes($sinfo["vname"])."</em>, ";
$verlist .= "<em>".$secure->stripStr($sinfo["vname"])."</em>, ";
}
$verlist = substr($verlist, 0, -2);
$display .= "<tr><td>".stripslashes($info['distname'])."</td>";
$display .= "<tr><td>".$secure->stripStr($info['distname'])."</td>";
$display .= "<td><a href=".$admin."?mode=".$mode."&action=2&uid=".$info["dist_id"]."><img title='Редактировать' src='img/edt.png' width='16' height='16'></a>";
$display .= "<a href=".$admin."?mode=".$mode."&action=3&uid=".$info["dist_id"]."><img title='Удалить' src='img/del.png' width='16' height='16'></a></td>";
$display .= "<td>".$verlist."</td></tr>";
110,7 → 110,7
$dtype =& $db->query("SELECT * FROM dtype");
$type = "<select name='distType'>";
while ($dtype->fetchInto($dtinfo, DB_FETCHMODE_ASSOC)) {
$type .= "<option value='".$dtinfo["type_id"]."'>".stripslashes($dtinfo["type"])."</option>";
$type .= "<option value='".$dtinfo["type_id"]."'>".$secure->stripStr($dtinfo["type"])."</option>";
}
$type .= "</select>\n";
$display = "<div class='modulename'><a href='admin.php?mode=1'>Дистрибутивы</a> :: Добавление нового apt-дистрибутива</div>";
131,19 → 131,19
$type = "<select name='distType'>";
while ($dtype->fetchInto($dtinfo, DB_FETCHMODE_ASSOC)) {
if ($info["disttype"]==$dtinfo["type_id"]) {
$type .= "<option value='".$dtinfo["type_id"]."' selected>".stripslashes($dtinfo["type"])."</option>";
$type .= "<option value='".$dtinfo["type_id"]."' selected>".$secure->stripStr($dtinfo["type"])."</option>";
} else {
$type .= "<option value='".$dtinfo["type_id"]."'>".stripslashes($dtinfo["type"])."</option>";
$type .= "<option value='".$dtinfo["type_id"]."'>".$secure->stripStr($dtinfo["type"])."</option>";
}
}
$type .= "</select>\n";
$display = "<div class='modulename'><a href='admin.php?mode=".$mode."'>Дистрибутивы</a> :: Правка apt-дистрибутива <em class='".stripslashes($info["distua"])."-em'>".stripslashes($info["distname"])."</em></div>";
$display = "<div class='modulename'><a href='admin.php?mode=".$mode."'>Дистрибутивы</a> :: Правка apt-дистрибутива <em class='".$secure->stripStr($info["distua"])."-em'>".$secure->stripStr($info["distname"])."</em></div>";
$display .= "<form action='./process.php' method='POST' enctype='multipart/form-data'>\n";
$display .= "<input type='hidden' name='mode' value='".$mode."'>\n";
$display .= "<input type='hidden' name='act' value='".$act."'>\n";
$display .= "<input type='hidden' name='distID' value='$uid'>\n";
$display .= "Название дистрибутива: <input type='text' name='distName' value='".stripslashes($info["distname"])."'><br>\n";
$display .= "Представление в строке User-Agent'a: <input type='text' name='distUA' value='".stripslashes($info["distua"])."'><br>\n";
$display .= "Название дистрибутива: <input type='text' name='distName' value='".$secure->stripStr($info["distname"])."'><br>\n";
$display .= "Представление в строке User-Agent'a: <input type='text' name='distUA' value='".$secure->stripStr($info["distua"])."'><br>\n";
$display .= "Тип дистрибутива: ".$type."<br>";
$display .= "Логотип дистрибутива (Прозрачный PNG): <input type='file' name='distLOGO'><br>";
$display .= "<input type='submit' value='Править'></form>\n";
152,12 → 152,12
// Удаление существующего дистрибутива
$dist =& $db->query("SELECT * FROM distribution WHERE dist_id='$uid'");
$dist->fetchInto($info, DB_FETCHMODE_ASSOC);
$display = "<div class='modulename'><a href='admin.php?mode=".$mode."'>Дистрибутивы</a> :: Удаление apt-дистрибутива <em class='".stripslashes($info["distua"])."-em'>".stripslashes($info["distname"])."</em></div>";
$display = "<div class='modulename'><a href='admin.php?mode=".$mode."'>Дистрибутивы</a> :: Удаление apt-дистрибутива <em class='".$secure->stripStr($info["distua"])."-em'>".$secure->stripStr($info["distname"])."</em></div>";
$display .= "<form action='./process.php' method='POST'>\n";
$display .= "<input type='hidden' name='mode' value='".$mode."'>\n";
$display .= "<input type='hidden' name='act' value='".$act."'>\n";
$display .= "<input type='hidden' name='distID' value='$uid'>\n";
$display .= "<input type='hidden' name='distUA' value='".stripslashes($info["distua"])."'>\n";
$display .= "<input type='hidden' name='distUA' value='".$secure->stripStr($info["distua"])."'>\n";
$display .= "<input type='submit' value='Удалить'></form>\n";
break;
}
171,7 → 171,7
$display = "<div class='modulename'>".$menu_item[$mode]["title"]." :: <a href='admin.php?mode=".$mode."'>".$menu_item[$mode]["item"]."</a></div>";
$display .= "<table><tr><th>Версия</th><th>Действие</th></tr>\n";
while ($dist->fetchInto($info, DB_FETCHMODE_ASSOC)) {
$display .= "<tr><td>".stripslashes($info["distname"])." ".stripslashes($info["version"])." &#8220;".stripslashes($info["vname"])."&#8221;</td>\n";
$display .= "<tr><td>".$secure->stripStr($info["distname"])." ".$secure->stripStr($info["version"])." &#8220;".$secure->stripStr($info["vname"])."&#8221;</td>\n";
$display .= "<td><a href='".$admin."?mode=".$mode."&action=2&uid=".$info["version_id"]."' class='edit'><img title='Редактировать' src='img/edt.png' width='16' height='16'></a>";
$display .= "<a href='".$admin."?mode=".$mode."&action=3&uid=".$info["version_id"]."' class='delete'><img title='Удалить' src='img/del.png' width='16' height='16'></a></td></tr>\n";
}
182,7 → 182,7
$dtype =& $db->query("SELECT * FROM distribution");
$type = "<select name='distName'>";
while ($dtype->fetchInto($dtinfo, DB_FETCHMODE_ASSOC)) {
$type .= "<option value='".$dtinfo["dist_id"]."'>".stripslashes($dtinfo["distname"])."</option>";
$type .= "<option value='".$dtinfo["dist_id"]."'>".$secure->stripStr($dtinfo["distname"])."</option>";
}
$type .= "</select>\n";
$display = "<div class='modulename'><a href='admin.php?mode=".$mode."'>Версии</a> :: Добавление новой версии apt-дистрибутива</div>";
199,14 → 199,14
// Правка имеющейся версии дистрибутива
$vers =& $db->query("SELECT * FROM version v JOIN distribution d ON d.dist_id=v.dist_id WHERE version_id='$uid'");
$vers->fetchInto($info, DB_FETCHMODE_ASSOC);
$display = "<div class='modulename'><a href='admin.php?mode=".$mode."'>Версии</a> :: Правка имеющейся версии <em>".stripslashes($info["distname"])."</em></div>";
$display = "<div class='modulename'><a href='admin.php?mode=".$mode."'>Версии</a> :: Правка имеющейся версии <em>".$secure->stripStr($info["distname"])."</em></div>";
$display .= "<form action='./process.php' method='POST'>\n";
$display .= "<input type='hidden' name='mode' value='".$mode."'>\n";
$display .= "<input type='hidden' name='act' value='".$act."'>\n";
$display .= "<input type='hidden' name='versID' value='$uid'>\n";
$display .= "Номер версии: <input type='text' name='versNum' value='".stripslashes($info["version"])."'><br>\n";
$display .= "Название версии: <input type='text' name='versNam' value='".stripslashes($info["vname"])."'><br>\n";
$display .= "Кодовое имя версии: <input type='text' name='versCN' value='".stripslashes($info["vcodename"])."'><br>\n";
$display .= "Номер версии: <input type='text' name='versNum' value='".$secure->stripStr($info["version"])."'><br>\n";
$display .= "Название версии: <input type='text' name='versNam' value='".$secure->stripStr($info["vname"])."'><br>\n";
$display .= "Кодовое имя версии: <input type='text' name='versCN' value='".$secure->stripStr($info["vcodename"])."'><br>\n";
$display .= "<input type='submit' value='Править'></form>\n";
break;
case '3':
213,7 → 213,7
// Удаление существующей версии дистрибутива
$dist =& $db->query("SELECT * FROM version v JOIN distribution d ON v.dist_id=d.dist_id WHERE v.version_id='$uid'");
$dist->fetchInto($info, DB_FETCHMODE_ASSOC);
$display = "<div class='modulename'><a href='admin.php?mode=".$mode."'>Версии</a> :: Удаление версии ".stripslashes($info["version"])." (&#8220;".stripslashes($info["vname"])."&#8221;) <em>".stripslashes($info["distname"])."</em></div>";
$display = "<div class='modulename'><a href='admin.php?mode=".$mode."'>Версии</a> :: Удаление версии ".$secure->stripStr($info["version"])." (&#8220;".$secure->stripStr($info["vname"])."&#8221;) <em>".$secure->stripStr($info["distname"])."</em></div>";
$display .= "<form action='./process.php' method='POST'>\n";
$display .= "<input type='hidden' name='mode' value='".$mode."'>\n";
$display .= "<input type='hidden' name='act' value='".$act."'>\n";
233,7 → 233,7
$display .= "<table><tr><th>Источник</th><th>Действие</th></tr>\n";
while ($orig->fetchInto($info, DB_FETCHMODE_ASSOC)) {
$distlist = substr($distlist, 0, -2);
$display .= "<tr><td>".stripslashes($info["origin"])."</td>\n";
$display .= "<tr><td>".$secure->stripStr($info["origin"])."</td>\n";
$display .= "<td><a href='".$admin."?mode=".$mode."&action=2&uid=".$info["orig_id"]."' class='nodec'><img src='img/edt.png' width='16' height='16' title='Редактировать'></a>";
$display .= "<a href='".$admin."?mode=".$mode."&action=3&uid=".$info["orig_id"]."'><img title='Удалить' src='img/del.png' width='16' height='16'></a></td>\n";
$display .= "</tr>";
255,12 → 255,12
$orig =& $db->query("SELECT * FROM origin WHERE orig_id='$uid'");
$orig->fetchInto($info, DB_FETCHMODE_ASSOC);
$type .= "</select>\n";
$display = "<div class='modulename'><a href='admin.php?mode=".$mode."'>Источники</a> :: Правка источника репозиториев <em>'".stripslashes($info["origin"])."'</em></div>";
$display = "<div class='modulename'><a href='admin.php?mode=".$mode."'>Источники</a> :: Правка источника репозиториев <em>'".$secure->stripStr($info["origin"])."'</em></div>";
$display .= "<form action='./process.php' method='POST' enctype='multipart/form-data'>\n";
$display .= "<input type='hidden' name='mode' value='".$mode."'>\n";
$display .= "<input type='hidden' name='act' value='".$act."'>\n";
$display .= "<input type='hidden' name='originID' value='$uid'>\n";
$display .= "Название источника: <input type='text' name='origin' value='".stripslashes($info["origin"])."'><br>\n";
$display .= "Название источника: <input type='text' name='origin' value='".$secure->stripStr($info["origin"])."'><br>\n";
$display .= "<input type='submit' value='Править'></form>\n";
break;
case '3':
267,7 → 267,7
// Удаление существующего источника
$orig =& $db->query("SELECT * FROM origin WHERE orig_id='$uid'");
$orig->fetchInto($info, DB_FETCHMODE_ASSOC);
$display = "<div class='modulename'><a href='admin.php?mode=".$mode."'>Источники</a> :: Удаление источника репозиториев <em>'".stripslashes($info["origin"])."'</em></div>";
$display = "<div class='modulename'><a href='admin.php?mode=".$mode."'>Источники</a> :: Удаление источника репозиториев <em>'".$secure->stripStr($info["origin"])."'</em></div>";
$display .= "<form action='./process.php' method='POST'>\n";
$display .= "<input type='hidden' name='mode' value='".$mode."'>\n";
$display .= "<input type='hidden' name='act' value='".$act."'>\n";
298,29 → 298,29
$rep =& $db->query("SELECT * FROM distribution d JOIN version v ON v.dist_id=d.dist_id WHERE v.version_id='$uid'");
$rep->fetchInto($dist, DB_FETCHMODE_ASSOC);
$dist_id = $dist["dist_id"];
$dist_vname = stripslashes($dist["distname"])." ".stripslashes($dist["version"])." &#8220;".stripslashes($dist["vname"])."&#8221;";
$dist_vname = $secure->stripStr($dist["distname"])." ".$secure->stripStr($dist["version"])." &#8220;".$secure->stripStr($dist["vname"])."&#8221;";
$dtype =& $db->query("SELECT * FROM scheme");
$rscheme = "<select name='scheme'>";
while ($dtype->fetchInto($dtinfo, DB_FETCHMODE_ASSOC)) {
$rscheme .= "<option value='".$dtinfo["scheme_id"]."'>".stripslashes($dtinfo["scheme"])."</option>";
$rscheme .= "<option value='".$dtinfo["scheme_id"]."'>".$secure->stripStr($dtinfo["scheme"])."</option>";
}
$rscheme .= "</select>";
$origin_q =& $db->query("SELECT * FROM origin");
$origin = "<select name='origin'>";
while ($origin_q->fetchInto($origin_info, DB_FETCHMODE_ASSOC)) {
$origin .= "<option value='".$origin_info["orig_id"]."'>".stripslashes($origin_info["origin"])."</option>";
$origin .= "<option value='".$origin_info["orig_id"]."'>".$secure->stripStr($origin_info["origin"])."</option>";
}
$origin .= "</select>\n";
$sect =& $db->query("SELECT * FROM section s JOIN sect2dist d ON d.sect_id=s.sect_id WHERE d.dist_id='$dist_id'");
$list = "";
while ($sect->fetchInto($slist, DB_FETCHMODE_ASSOC)) {
$list .= "<input type='checkbox' name='sect[]' value='".$slist["sect_id"]."'> <span title='".stripslashes($slist["sectinfo"])."'>".stripslashes($slist["sectname"])."</span> ";
$list .= "<input type='checkbox' name='sect[]' value='".$slist["sect_id"]."'> <span title='".$secure->stripStr($slist["sectinfo"])."'>".$secure->stripStr($slist["sectname"])."</span> ";
}
$type .= "</select>\n";
$rootfolder = "<select name='rootFolder'>\n";
$root =& $db->query("SELECT * FROM root");
while ($root->fetchInto($rfi, DB_FETCHMODE_ASSOC)) {
$rootfolder .= "<option value='".$rfi["root_id"]."'>".stripslashes($rfi["root_folder"])."</option>";
$rootfolder .= "<option value='".$rfi["root_id"]."'>".$secure->stripStr($rfi["root_folder"])."</option>";
}
$rootfolder .= "</select>";
$display = "<div class='modulename'>Управление :: <a href='admin.php?mode=".$mode."'>Репозитории</a> :: <a href='admin.php?mode=".$mode."&act=".$act."'>Добавление</a></div>";
341,14 → 341,14
// Редактирование репозитория
$rep =& $db->query("SELECT * FROM repository r JOIN ver2rep l ON l.rep_id=r.rep_id JOIN version v ON v.version_id=l.ver_id JOIN distribution d ON v.dist_id=d.dist_id JOIN root r2 ON r2.root_id=r.root_id WHERE r.rep_id='$uid'");
$rep->fetchInto($info, DB_FETCHMODE_ASSOC);
$dist_vname = stripslashes($info["distname"])." ".stripslashes($info["version"])." &#8220;".stripslashes($info["vname"])."&#8221;";
$dist_vname = $secure->stripStr($info["distname"])." ".$secure->stripStr($info["version"])." &#8220;".$secure->stripStr($info["vname"])."&#8221;";
$tlist = "<select name='scheme'>";
$sq =& $db->query("SELECT * FROM scheme");
while ($sq->fetchInto($type, DB_FETCHMODE_ASSOC)) {
if ($type["scheme_id"]==$info["scheme_id"]) {
$tlist .= "<option value='".$type["scheme_id"]."' selected>".stripslashes($type["scheme"])."</option>";
$tlist .= "<option value='".$type["scheme_id"]."' selected>".$secure->stripStr($type["scheme"])."</option>";
} else {
$tlist .= "<option value='".$type["scheme_id"]."'>".stripslashes($type["scheme"])."</option>";
$tlist .= "<option value='".$type["scheme_id"]."'>".$secure->stripStr($type["scheme"])."</option>";
}
}
$tlist .= "</select>";
356,9 → 356,9
$sq =& $db->query("SELECT * FROM origin");
while ($sq->fetchInto($type, DB_FETCHMODE_ASSOC)) {
if ($type["orig_id"]==$info["orig_id"]) {
$tlist2 .= "<option value='".$type["orig_id"]."' selected>".stripslashes($type["origin"])."</option>";
$tlist2 .= "<option value='".$type["orig_id"]."' selected>".$secure->stripStr($type["origin"])."</option>";
} else {
$tlist2 .= "<option value='".$type["orig_id"]."'>".stripslashes($type["origin"])."</option>";
$tlist2 .= "<option value='".$type["orig_id"]."'>".$secure->stripStr($type["origin"])."</option>";
}
}
$tlist2 .= "</select>";
366,13 → 366,13
$req =& $db->query("SELECT * FROM section s JOIN sect2rep r ON s.sect_id=r.sect_id WHERE r.rep_id='$uid'");
if ($req->numRows()>0) {
while ($req->fetchInto($sect, DB_FETCHMODE_ASSOC)) {
$list .= "<input type='checkbox' name='sect[]' value='".$sect["sect_id"]."' checked><span title='".stripslashes($sect["sectinfo"])."'>".stripslashes($sect["sectname"])."</span> ";
$list .= "<input type='checkbox' name='sect[]' value='".$sect["sect_id"]."' checked><span title='".$secure->stripStr($sect["sectinfo"])."'>".$secure->stripStr($sect["sectname"])."</span> ";
}
}
$req =& $db->query("SELECT s.* FROM section s WHERE s.sect_id NOT IN (SELECT sect_id FROM sect2rep WHERE rep_id='$uid')");
if ($req->numRows()>0) {
while ($req->fetchInto($sect, DB_FETCHMODE_ASSOC)) {
$list .= "<input type='checkbox' name='sect[]' value='".$sect["sect_id"]."'><span title='".stripslashes($sect["sectinfo"])."'>".stripslashes($sect["sectname"])."</span> ";
$list .= "<input type='checkbox' name='sect[]' value='".$sect["sect_id"]."'><span title='".$secure->stripStr($sect["sectinfo"])."'>".$secure->stripStr($sect["sectname"])."</span> ";
}
}
$rootfolder = "<select name='rootFolder'>\n";
380,9 → 380,9
if ($req->numRows()>0) {
while ($req->fetchInto($rfi, DB_FETCHMODE_ASSOC)) {
if ($rfi["root_id"]==$info["root_id"]) {
$rootfolder .= "<option value='".$rfi["root_id"]."' selected>".stripslashes($rfi["root_folder"])."</option>";
$rootfolder .= "<option value='".$rfi["root_id"]."' selected>".$secure->stripStr($rfi["root_folder"])."</option>";
} else {
$rootfolder .= "<option value='".$rfi["root_id"]."'>".stripslashes($rfi["root_folder"])."</option>";
$rootfolder .= "<option value='".$rfi["root_id"]."'>".$secure->stripStr($rfi["root_folder"])."</option>";
}
}
}
395,8 → 395,8
$display .= "<input type='hidden' name='mode' value=".$mode.">\n";
$display .= "<input type='hidden' name='act' value=".$act.">\n";
$display .= "<input type='hidden' name='rep' value='$uid'>\n";
$display .= "Название репозитория (codename): <input type='text' name='repName' value='".stripslashes($info["repname"])."'><br>\n";
$display .= "Описание репозитория:<br> <textarea name='repInfo'>".stripslashes($info["repdescribe"])."</textarea><br>\n";
$display .= "Название репозитория (codename): <input type='text' name='repName' value='".$secure->stripStr($info["repname"])."'><br>\n";
$display .= "Описание репозитория:<br> <textarea name='repInfo'>".$secure->stripStr($info["repdescribe"])."</textarea><br>\n";
$display .= "Схема репозитория: ".$tlist."<br>";
$display .= "Источник репозитория: ".$tlist2."<br>";
$display .= "Корневая папка репозитория: ".$rootfolder."<br>";
408,7 → 408,7
// Удаление репозитория
$rep =& $db->query("SELECT * FROM repository r JOIN ver2rep l ON l.rep_id=r.rep_id JOIN version v ON v.version_id=l.ver_id JOIN distribution d ON v.dist_id=d.dist_id WHERE r.rep_id='$uid'");
$rep->fetchInto($info, DB_FETCHMODE_ASSOC);
$dist_vname = stripslashes($info["distname"])." ".stripslashes($info["version"])." &#8220;".stripslashes($info["vname"])."&#8221;";
$dist_vname = $secure->stripStr($info["distname"])." ".$secure->stripStr($info["version"])." &#8220;".$secure->stripStr($info["vname"])."&#8221;";
$display = "<div class='modulename'>Управление :: <a href='admin.php?mode=".$mode."'>Репозитории</a> :: <a href='admin.php?mode=".$mode."&act=".$act."'>Удаление : ".$info["repname"]."</a></div>";
$display .= "<form action='./process.php' method='POST'>\n";
$display .= "<input type='hidden' name='mode' value='".$mode."'>\n";
430,10 → 430,10
$replist = "";
$sreq =& $db->query("SELECT * FROM distribution d JOIN sect2dist s ON s.dist_id=d.dist_id WHERE s.sect_id='".$sect["sect_id"]."'");
while ($sreq->fetchInto($rep, DB_FETCHMODE_ASSOC)) {
$replist .= "<em>".stripslashes($rep["distname"])."</em>, ";
$replist .= "<em>".$secure->stripStr($rep["distname"])."</em>, ";
}
$replist = substr($replist, 0, -2);
$display .= "<tr><td>".stripslashes($sect["sectname"])."</td>";
$display .= "<tr><td>".$secure->stripStr($sect["sectname"])."</td>";
$display .= "<td><a href='".$admin."?mode=".$mode."&action=2&uid=".$sect["sect_id"]."' class='edit'><img title='Редактировать' src='img/edt.png' width='16' height='16'></a>";
$display .= "<a href='".$admin."?mode=".$mode."&action=3&uid=".$sect["sect_id"]."' class='delete'><img title='Удалить' src='img/del.png' width='16' height='16'></a></td>";
$display .= "<td>".$replist."</td></tr>";
443,7 → 443,7
case '1':
$req =& $db->query("SELECT * FROM distribution");
while ($req->fetchInto($dist, DB_FETCHMODE_ASSOC)) {
$list .= "<br><input type='checkbox' name='dist' value='".$dist["dist_id"]."'>".stripslashes($dist["distname"])." ";
$list .= "<br><input type='checkbox' name='dist' value='".$dist["dist_id"]."'>".$secure->stripStr($dist["distname"])." ";
}
$display = "<div class='modulename'><a href='admin.php?mode=".$mode."'>Секции</a> :: Создание секции репозитория</div>";
$display .= "<form action='./process.php' method='POST'>\n";
458,13 → 458,13
$req =& $db->query("SELECT * FROM distribution d JOIN sect2dist s ON s.dist_id=d.dist_id WHERE s.sect_id='$uid'");
if ($req->numRows()>0) {
while ($req->fetchInto($dist, DB_FETCHMODE_ASSOC)) {
$list .= "<br><input type='checkbox' name='dist[]' value='".$dist["dist_id"]."' checked>".stripslashes($dist["distname"])." ";
$list .= "<br><input type='checkbox' name='dist[]' value='".$dist["dist_id"]."' checked>".$secure->stripStr($dist["distname"])." ";
}
}
$req =& $db->query("SELECT d.* FROM distribution d WHERE dist_id NOT IN (SELECT dist_id FROM sect2dist WHERE sect_id='$uid')");
if ($req->numRows()>0) {
while ($req->fetchInto($dist, DB_FETCHMODE_ASSOC)) {
$list .= "<br><input type='checkbox' name='dist[]' value='".$dist["dist_id"]."'>".stripslashes($dist["distname"])." ";
$list .= "<br><input type='checkbox' name='dist[]' value='".$dist["dist_id"]."'>".$secure->stripStr($dist["distname"])." ";
}
}
$req =& $db->query("SELECT * FROM section WHERE sect_id='$uid'");
474,8 → 474,8
$display .= "<input type='hidden' name='mode' value='".$mode."'>\n";
$display .= "<input type='hidden' name='act' value='".$act."'>\n";
$display .= "<input type='hidden' name='sectID' value='$uid'>\n";
$display .= "Название секции (codename): <input type='text' name='sectName' value='".stripslashes($sect["sectname"])."'><br>\n";
$display .= "Описание секции:<br> <textarea name='sectInfo'>".stripslashes($sect["sectinfo"])."</textarea><br>\n";
$display .= "Название секции (codename): <input type='text' name='sectName' value='".$secure->stripStr($sect["sectname"])."'><br>\n";
$display .= "Описание секции:<br> <textarea name='sectInfo'>".$secure->stripStr($sect["sectinfo"])."</textarea><br>\n";
$display .= "Используется в дистрибутивах: ".$list;
$display .= "<br><input type='submit' value='Править'></form>\n";
break;
482,7 → 482,7
case '3':
$req =& $db->query("SELECT * FROM section WHERE sect_id='$uid'");
$req->fetchInto($sect, DB_FETCHMODE_ASSOC);
$display = "<div class='modulename'><a href='admin.php?mode=".$mode."'>Секции</a> :: Удаление секции <em>".stripslashes($sect["sectname"])."</em></div>";
$display = "<div class='modulename'><a href='admin.php?mode=".$mode."'>Секции</a> :: Удаление секции <em>".$secure->stripStr($sect["sectname"])."</em></div>";
$display .= "<form action='./process.php' method='POST'>\n";
$display .= "<input type='hidden' name='mode' value='".$mode."'>\n";
$display .= "<input type='hidden' name='act' value='".$act."'>\n";
500,7 → 500,7
$display = "<div class='modulename'>".$menu_item[$mode]["title"]." :: <a href='admin.php?mode=".$mode."'>".$menu_item[$mode]["item"]."</a></div>";
$display .= "<table><th>Схема</th><th>Действие</th></tr>";
while ($req->fetchInto($sect, DB_FETCHMODE_ASSOC)) {
$display .= "<tr><td>".stripslashes($sect["scheme"])."</td>";
$display .= "<tr><td>".$secure->stripStr($sect["scheme"])."</td>";
$display .= "<td><a href='".$admin."?mode=".$mode."&action=2&uid=".$sect["scheme_id"]."' class='edit'><img title='Редактировать' src='img/edt.png' width='16' height='16'></a>";
$display .= "<a href='".$admin."?mode=".$mode."&action=3&uid=".$sect["scheme_id"]."' class='delete'><img title='Удалить' src='img/del.png' width='16' height='16'></a></td></tr>";
}
524,8 → 524,8
$display .= "<form action='./process.php' method='POST'>\n";
$display .= "<input type='hidden' name='mode' value='".$mode."'>\n";
$display .= "<input type='hidden' name='act' value='".$act."'>\n";
$display .= "<input type='hidden' name='schemeID' value='".stripslashes($scheme["scheme_id"])."'><br>\n";
$display .= "Схема репозитория: <input type='text' name='scheme' value='".stripslashes($scheme["scheme"])."'><br>\n";
$display .= "<input type='hidden' name='schemeID' value='".$secure->stripStr($scheme["scheme_id"])."'><br>\n";
$display .= "Схема репозитория: <input type='text' name='scheme' value='".$secure->stripStr($scheme["scheme"])."'><br>\n";
$display .= "<input type='submit' value='Править'></form>\n";
} else {
$display = "Такой схемы репозитория не существует";
537,7 → 537,7
if ($req->numRows()>0) {
$req->fetchInto($scheme, DB_FETCHMODE_ASSOC);
$display = "<div class='modulename'><a href='admin.php?mode=".$mode."'>Схемы</a> :: Удаление схемы репозитория</div>";
$display .= "Удаляемая схема: ".stripslashes($scheme["scheme"])."<br>";
$display .= "Удаляемая схема: ".$secure->stripStr($scheme["scheme"])."<br>";
$display .= "<form action='./process.php' method='POST'>\n";
$display .= "<input type='hidden' name='mode' value='".$mode."'>\n";
$display .= "<input type='hidden' name='act' value='".$act."'>\n";
559,7 → 559,7
$display .= "<table><tr><th>Тип</th><th>Действие</th></tr>";
if ($req->numRows()>0) {
while ($req->fetchInto($setting, DB_FETCHMODE_ASSOC)) {
$display .= "<tr><td>".stripslashes($setting["rtype"])."</td>";
$display .= "<tr><td>".$secure->stripStr($setting["rtype"])."</td>";
$display .= "<td><a href='".$admin."?mode=".$mode."&action=2&uid=".$setting["rtype_id"]."' class='edit'><img title='Редактировать' src='img/edt.png' width='16' height='16'></a>";
$display .= "<a href='".$admin."?mode=".$mode."&action=3&uid=".$setting["rtype_id"]."' class='delete'><img title='Удалить' src='img/del.png' width='16' height='16'></a></td></tr>";
}
584,8 → 584,8
$display .= "<form action='./process.php' method='POST'>\n";
$display .= "<input type='hidden' name='mode' value='".$mode."'>\n";
$display .= "<input type='hidden' name='act' value='".$act."'>\n";
$display .= "<input type='hidden' name='rtypeID' value='".stripslashes($setting["rtype_id"])."'><br>\n";
$display .= "Тип: <input type='text' name='rtype' value='".stripslashes($setting["rtype"])."'><br>\n";
$display .= "<input type='hidden' name='rtypeID' value='".$secure->stripStr($setting["rtype_id"])."'><br>\n";
$display .= "Тип: <input type='text' name='rtype' value='".$secure->stripStr($setting["rtype"])."'><br>\n";
$display .= "<input type='submit' value='Править'></form>\n";
} else {
$display = "Такого типа репозитория не существует";
597,7 → 597,7
if ($req->numRows()>0) {
$req->fetchInto($setting, DB_FETCHMODE_ASSOC);
$display = "<div class='modulename'><a href='admin.php?mode=".$mode."'>Типы репозиториев</a> :: Удаление существующего типа репозитория</div>";
$display .= "Удаляемый тип <em>".stripslashes($setting["rtype"])."</em><br>";
$display .= "Удаляемый тип <em>".$secure->stripStr($setting["rtype"])."</em><br>";
$display .= "<form action='./process.php' method='POST'>\n";
$display .= "<input type='hidden' name='mode' value='".$mode."'>\n";
$display .= "<input type='hidden' name='act' value='".$act."'>\n";
620,7 → 620,7
if ($req->numRows()>0) {
$display .= "<ul>\n";
while ($req->fetchInto($root, DB_FETCHMODE_ASSOC)) {
$display .= "<tr><td>".stripslashes($root["root_folder"])."</td>";
$display .= "<tr><td>".$secure->stripStr($root["root_folder"])."</td>";
$display .= "<td><a href='".$admin."?mode=".$mode."&action=2&uid=".$root["root_id"]."' class='edit'><img title='Редактировать' src='img/edt.png' width='16' height='16'></a>";
$display .= "<a href='".$admin."?mode=".$mode."&action=3&uid=".$root["root_id"]."' class='delete'><img title='Удалить' src='img/del.png' width='16' height='16'></a></td></tr>";
}
649,7 → 649,7
$display .= "<input type='hidden' name='mode' value='".$mode."'>\n";
$display .= "<input type='hidden' name='act' value='".$act."'>\n";
$display .= "<input type='hidden' name='rootID' value='$uid'>\n";
$display .= "Корневая папка репозитория: <input type='text' name='rootFolder' value='".stripslashes($root["root_folder"])."'><br>\n";
$display .= "Корневая папка репозитория: <input type='text' name='rootFolder' value='".$secure->stripStr($root["root_folder"])."'><br>\n";
$display .= "<input type='submit' value='Редактировать'>\n</form>\n";
} else {
$display .= "<p>Такой корневой папки репозиториев не существует</p>";
665,7 → 665,7
$display .= "<input type='hidden' name='mode' value='".$mode."'>\n";
$display .= "<input type='hidden' name='act' value='".$act."'>\n";
$display .= "<input type='hidden' name='rootID' value='$uid'>\n";
$display .= "Корневая папка репозитория: <input type='text' name='rootFolder' value='".stripslashes($root["root_folder"])."' readonly><br>\n";
$display .= "Корневая папка репозитория: <input type='text' name='rootFolder' value='".$secure->stripStr($root["root_folder"])."' readonly><br>\n";
$display .= "<input type='submit' value='Удалить'>\n</form>\n";
} else {
$display .= "<p>Такой корневой папки не существует</p>";
683,10 → 683,10
$display .= "<table><tr><th>Опция</th><th>Действие</th><th>Значение</th></tr>";
if ($req->numRows()>0) {
while ($req->fetchInto($setting, DB_FETCHMODE_ASSOC)) {
$display .= "<tr><td>".stripslashes($setting["opt"])."</td>";
$display .= "<tr><td>".$secure->stripStr($setting["opt"])."</td>";
$display .= "<td><a href='".$admin."?mode=".$mode."&action=2&uid=".$setting["opt_id"]."'><img title='Редактировать' src='img/edt.png' width='16' height='16'></a>";
$display .= "<a href='".$admin."?mode=".$mode."&action=3&uid=".$setting["opt_id"]."' class='delete'><img title='Удалить' src='img/del.png' width='16' height='16'></a></td>";
$display .= "<td>".stripslashes($setting["optvalue"])."</td></tr>";
$display .= "<td>".$secure->stripStr($setting["optvalue"])."</td></tr>";
}
}
$display .= "</table><p><a href='".$admin."?mode=".$mode."&action=1'><img src='img/add.png' width='16' height='16'>Добавить новую опцию</a></p>";
710,22 → 710,22
$display .= "<form action='./process.php' method='POST'>\n";
$display .= "<input type='hidden' name='mode' value='".$mode."'>\n";
$display .= "<input type='hidden' name='act' value='".$act."'>\n";
$display .= "<input type='hidden' name='optID' value='".stripslashes($setting["opt_id"])."'><br>\n";
$display .= "Настройка: <input type='text' name='setoption' value='".stripslashes($setting["opt"])."' readonly><br>\n";
$display .= "<input type='hidden' name='optID' value='".$secure->stripStr($setting["opt_id"])."'><br>\n";
$display .= "Настройка: <input type='text' name='setoption' value='".$secure->stripStr($setting["opt"])."' readonly><br>\n";
if ($setting["opt"]=="interface") {
$sq =& $db->query("SELECT * FROM interfaces");
$setvalue = "<select name='setvalue'>";
while ($sq->fetchInto($if, DB_FETCHMODE_ASSOC)) {
if ($if["interface"]==$setting["optvalue"]) {
$setvalue .= "<option value='".stripslashes($if["interface"])."' selected>".stripslashes($if["interfaceinfo"])."</option>\n";
$setvalue .= "<option value='".$secure->stripStr($if["interface"])."' selected>".$secure->stripStr($if["interfaceinfo"])."</option>\n";
} else {
$setvalue .= "<option value='".stripslashes($if["interface"])."'>".stripslashes($if["interfaceinfo"])."</option>\n";
$setvalue .= "<option value='".$secure->stripStr($if["interface"])."'>".$secure->stripStr($if["interfaceinfo"])."</option>\n";
}
}
$setvalue .= "</select>";
$display .= "Свойство: ".$setvalue."<br>\n";
} else {
$display .= "Свойство: <input type='text' name='setvalue' value='".stripslashes($setting["optvalue"])."'><br>\n";
$display .= "Свойство: <input type='text' name='setvalue' value='".$secure->stripStr($setting["optvalue"])."'><br>\n";
}
$display .= "<input type='submit' value='Править'></form>\n";
} else {
738,7 → 738,7
if ($req->numRows()>0) {
$req->fetchInto($setting, DB_FETCHMODE_ASSOC);
$display = "<div class='modulename'>Настройки :: <a href='admin.php?mode=".$mode."'>Опции</a> :: <a href='admin.php?mode=".$mode."&act=".$act."'>Удаление</a></div>";
$display .= "Удаляемая опция <em>".stripslashes($setting["opt"])."</em> с свойством <em>".stripslashes($setting["optvalue"])."</em><br>";
$display .= "Удаляемая опция <em>".$secure->stripStr($setting["opt"])."</em> с свойством <em>".$secure->stripStr($setting["optvalue"])."</em><br>";
$display .= "<form action='./process.php' method='POST'>\n";
$display .= "<input type='hidden' name='mode' value='".$mode."'>\n";
$display .= "<input type='hidden' name='act' value='".$act."'>\n";
760,7 → 760,7
$display .= "<table><tr><th>Интерфейс</th><th>Действие</th></tr>";
if ($req->numRows()>0) {
while ($req->fetchInto($if, DB_FETCHMODE_ASSOC)) {
$display .= "<tr><td>".stripslashes($if["interfaceinfo"])." (".stripslashes($if["interface"]).") </td>";
$display .= "<tr><td>".$secure->stripStr($if["interfaceinfo"])." (".$secure->stripStr($if["interface"]).") </td>";
$display .= "<td><a href='".$admin."?mode=".$mode."&action=2&uid=".$if["if_id"]."' class='edit'><img title='Редактировать' src='img/edt.png' width='16' height='16'></a>";
$display .= "<a href='".$admin."?mode=".$mode."&action=3&uid=".$if["if_id"]."' class='delete'><img title='Удалить' src='img/del.png' width='16' height='16'></a></td></tr>";
}
787,8 → 787,8
$display .= "<input type='hidden' name='mode' value='".$mode."'>\n";
$display .= "<input type='hidden' name='act' value='".$act."'>\n";
$display .= "<input type='hidden' name='if' value='$uid'>\n";
$display .= "Интерфейс (имя файла): <input type='text' name='ifname' value='".stripslashes($if["interface"])."'><br>\n";
$display .= "Интерфейс (название): <input type='text' name='ifinfo' value='".stripslashes($if["interfaceinfo"])."'><br>\n";
$display .= "Интерфейс (имя файла): <input type='text' name='ifname' value='".$secure->stripStr($if["interface"])."'><br>\n";
$display .= "Интерфейс (название): <input type='text' name='ifinfo' value='".$secure->stripStr($if["interfaceinfo"])."'><br>\n";
$display .= "<input type='submit' value='Отредактировать'></form>\n";
} else {
$display .= "<p>Такого интерфейса не существует</p>";
804,8 → 804,8
$display .= "<input type='hidden' name='mode' value='".$mode."'>\n";
$display .= "<input type='hidden' name='act' value='".$act."'>\n";
$display .= "<input type='hidden' name='if' value='$uid'>\n";
$display .= "Интерфейс (имя файла): <input type='text' name='ifname' value='".stripslashes($if["interface"])."' readonly><br>\n";
$display .= "Интерфейс (название): <input type='text' name='ifinfo' value='".stripslashes($if["interfaceinfo"])."' readonly><br>\n";
$display .= "Интерфейс (имя файла): <input type='text' name='ifname' value='".$secure->stripStr($if["interface"])."' readonly><br>\n";
$display .= "Интерфейс (название): <input type='text' name='ifinfo' value='".$secure->stripStr($if["interfaceinfo"])."' readonly><br>\n";
$display .= "<input type='submit' value='Удалить'></form>\n";
}
break;

/trunk/sign-valid.php
23,7 → 23,7
require_once dirname(__FILE__)."/lib/init.php";
$login = mysql_real_escape_string($_COOKIE[$CookieLogin]);
$login = $secure->wrapStr($_COOKIE[$CookieLogin]);
$securepass = $_COOKIE[$CookiePasswd];
$res =& $db->query("SELECT * FROM owner WHERE login='$login' AND passwd='$securepass'");