From 45b492f458541dade3ee6d7a819eddcea7004616 Mon Sep 17 00:00:00 2001 From: brettp Date: Sat, 29 May 2010 02:20:59 +0000 Subject: Merged [6248] - [6252] into trunk. git-svn-id: http://code.elgg.org/elgg/trunk@6284 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/handlers/pagehandler.php | 2 ++ engine/lib/pagehandler.php | 39 +++++++++++++++------------- mod/tinymce/views/default/input/longtext.php | 2 ++ views/default/input/pulldown.php | 2 +- 4 files changed, 26 insertions(+), 19 deletions(-) diff --git a/engine/handlers/pagehandler.php b/engine/handlers/pagehandler.php index 24bef4d03..2e98c071a 100644 --- a/engine/handlers/pagehandler.php +++ b/engine/handlers/pagehandler.php @@ -2,6 +2,8 @@ /** * Elgg page handler * + * If page_handler() fails, send to front page. + * * @package Elgg * @subpackage Core * @author Curverider Ltd diff --git a/engine/lib/pagehandler.php b/engine/lib/pagehandler.php index 490b81159..a6143a4e6 100644 --- a/engine/lib/pagehandler.php +++ b/engine/lib/pagehandler.php @@ -9,7 +9,9 @@ */ /** - * Turns the current page over to the page handler, allowing registered handlers to take over + * Turns the current page over to the page handler, allowing registered handlers to take over. + * + * If a page handler returns FALSE, the request is handed over to the default_page_handler. * * @param string $handler The name of the handler type (eg 'blog') * @param array $page The parameters to the page, as an array (exploded by '/' slashes) @@ -84,7 +86,8 @@ function register_page_handler($handler, $function) { } /** - * A default page handler that attempts to load the actual file at a given page handler location + * A default page handler + * Tries to locate a suitable file to include. Only works for core pages, not plugins. * * @param array $page The page URL elements * @param string $handler The base handler @@ -92,25 +95,25 @@ function register_page_handler($handler, $function) { */ function default_page_handler($page, $handler) { global $CONFIG; - $script = ""; - $page = implode('/',$page); - if (($questionmark = strripos($page, '?'))) { - $page = substr($page, 0, $questionmark); - } - $script = str_replace("..","",$script); + $page = implode('/', $page); + + // protect against including arbitary files + $page = str_replace("..", "", $page); + $callpath = $CONFIG->path . $handler . "/" . $page; - if (!file_exists($callpath) || is_dir($callpath) || substr_count($callpath,'.php') == 0) { - if (substr($callpath,strlen($callpath) - 1, 1) != "/") { - $callpath .= "/"; - } - $callpath .= "index.php"; - if (!include($callpath)) { - return false; + if (is_dir($callpath)) { + $callpath = sanitise_filepath($callpath); + $callpath .= "index.php"; + if (file_exists($callpath)) { + if (include($callpath)) { + return TRUE; } - } else { + } + } else if (file_exists($callpath)) { include($callpath); + return TRUE; } - return true; -} \ No newline at end of file + return FALSE; +} diff --git a/mod/tinymce/views/default/input/longtext.php b/mod/tinymce/views/default/input/longtext.php index f02662ca5..523931abe 100644 --- a/mod/tinymce/views/default/input/longtext.php +++ b/mod/tinymce/views/default/input/longtext.php @@ -40,6 +40,8 @@ tinyMCE.init({ theme : "advanced", plugins : "safari,spellchecker,autosave,fullscreen,preview,paste", relative_urls : false, + remove_script_host : false, + document_base_url : "", theme_advanced_buttons1 : "bold,italic,underline,separator,strikethrough,bullist,numlist,undo,redo,link,unlink,image,blockquote,code,pastetext,pasteword,more,fullscreen,", theme_advanced_buttons2 : "", theme_advanced_buttons3 : "", diff --git a/views/default/input/pulldown.php b/views/default/input/pulldown.php index a9663ef82..415ab3ad8 100644 --- a/views/default/input/pulldown.php +++ b/views/default/input/pulldown.php @@ -47,7 +47,7 @@ if ($vars['options_values']) { foreach($vars['options'] as $option) { $encoded_option = htmlentities($option, ENT_QUOTES, 'UTF-8'); - if ((string)$value == (string)$vars['value']) { + if ((string)$option == (string)$vars['value']) { echo ""; } else { echo ""; -- cgit v1.2.3