Skip to content

Instantly share code, notes, and snippets.

@co3k

co3k/3.0.8-to-3.0.8.1.patch

Created August 11, 2010 10:14
Show Gist options
  • Save co3k/518783 to your computer and use it in GitHub Desktop.
Save co3k/518783 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
3.0.8-to-3.0.8.1.patch
diff --git a/apps/mobile_frontend/modules/community/templates/_cautionAboutCommunityMemberPre.php b/apps/mobile_frontend/modules/community/templates/_cautionAboutCommunityMemberPre.php
index 8cd9c40..dc9d5e1 100644
--- a/apps/mobile_frontend/modules/community/templates/_cautionAboutCommunityMemberPre.php
+++ b/apps/mobile_frontend/modules/community/templates/_cautionAboutCommunityMemberPre.php
@@ -1,3 +1,4 @@
+<?php $form = new sfForm() ?>
<?php foreach ($communityMembers as $communityMember) : ?>
<font color="red">
<?php echo __('%1% send request for participation to %2%.', array(
@@ -6,6 +7,7 @@
)) ?>
&nbsp;
<?php $param = 'id='.$communityMember->getCommunityId().'&member_id='.$communityMember->getMemberId(); ?>
+<?php $param .= '&'.$form->getCSRFFieldName().'='.$form->getCSRFToken() ?>
<?php echo link_to(__('Accept'), 'community/joinAccept?'.$param) ?>
&nbsp;
<?php echo link_to(__('Reject'), 'community/joinReject?'.$param) ?>
diff --git a/apps/mobile_frontend/modules/community/templates/deleteSuccess.php b/apps/mobile_frontend/modules/community/templates/deleteSuccess.php
index 227d3d2..1d96653 100644
--- a/apps/mobile_frontend/modules/community/templates/deleteSuccess.php
+++ b/apps/mobile_frontend/modules/community/templates/deleteSuccess.php
@@ -1,8 +1,10 @@
<?php op_mobile_page_title(__('Delete this community'), $community->getName()) ?>
<?php
+$form = new sfForm();
op_include_parts('yesNo', 'deleteConfirmForm', array(
'body' => __('Do you delete this community?'),
- 'yes_form' => '<input type="hidden" name="is_delete">',
+ 'yes_form' => '<input type="hidden" name="is_delete">'
+ . '<input type="hidden" name="'.$form->getCSRFFieldName().'" value="'.$form->getCSRFToken().'">',
'button' => __('Delete'),
))
?>
diff --git a/apps/mobile_frontend/modules/friend/templates/_cautionAboutFriendPre.php b/apps/mobile_frontend/modules/friend/templates/_cautionAboutFriendPre.php
index 36b784f..8f51fda 100644
--- a/apps/mobile_frontend/modules/friend/templates/_cautionAboutFriendPre.php
+++ b/apps/mobile_frontend/modules/friend/templates/_cautionAboutFriendPre.php
@@ -1,10 +1,13 @@
+<?php $form = new sfForm() ?>
<?php foreach ($sf_user->getMember()->getFriendPreTo() as $key => $value) : ?>
<font color="red">
<?php $member = $value->getMemberRelatedByMemberIdFrom(); ?>
<?php echo __('Received from the friend link message from %1%!', array('%1%' => link_to(sprintf('%s', $member->getName()), 'member/profile?id='.$member->getId()))) ?>
&nbsp;
-<?php echo link_to(__('Accept'), 'friend/linkAccept?id='.$member->getId()) ?>
+<?php $param = 'id='.$member->getId() ?>
+<?php $param .= '&'.$form->getCSRFFieldName().'='.$form->getCSRFToken() ?>
+<?php echo link_to(__('Accept'), 'friend/linkAccept?'.$param) ?>
&nbsp;
-<?php echo link_to(__('Reject'), 'friend/linkReject?id='.$member->getId()) ?>
+<?php echo link_to(__('Reject'), 'friend/linkReject?'.$param) ?>
</font><br>
<?php endforeach; ?>
diff --git a/apps/mobile_frontend/modules/member/templates/configImageSuccess.php b/apps/mobile_frontend/modules/member/templates/configImageSuccess.php
index b526d80..f0c2bcd 100644
--- a/apps/mobile_frontend/modules/member/templates/configImageSuccess.php
+++ b/apps/mobile_frontend/modules/member/templates/configImageSuccess.php
@@ -1,5 +1,7 @@
<?php op_mobile_page_title(__('Settings'), __('Edit Photo')) ?>
<center>
+<?php $form = new sfForm() ?>
+<?php $csrfToken = '&'.$form->getCSRFFieldName().'='.$form->getCSRFToken() ?>
<?php $_member = $sf_user->getMember() ?>
<?php $images = $_member->getMemberImages() ?>
<?php for ($i = 0; $i < 3 && $i < count($images); $i++) : ?>
@@ -13,7 +15,7 @@ if ($image->getIsPrimary())
}
else
{
- $main = link_to(__('Main Photo'), 'member/changeMainImage?member_image_id='.$image->getId());
+ $main = link_to(__('Main Photo'), 'member/changeMainImage?member_image_id='.$image->getId().$csrfToken);
}
?>
<?php echo sprintf('[%s|%s]', link_to(__('Delete'), 'member/deleteImage?member_image_id='.$image->getId()), $main) ?>
diff --git a/apps/pc_backend/modules/community/actions/actions.class.php b/apps/pc_backend/modules/community/actions/actions.class.php
index 720d306..b28fd03 100644
--- a/apps/pc_backend/modules/community/actions/actions.class.php
+++ b/apps/pc_backend/modules/community/actions/actions.class.php
@@ -59,6 +59,7 @@ class communityActions extends sfActions
if ($request->isMethod(sfRequest::POST))
{
+ $request->checkCSRFProtection();
$this->community->delete();
$this->getUser()->setFlash('notice', 'Deleted.');
$this->redirect('community/list');
@@ -97,6 +98,8 @@ class communityActions extends sfActions
*/
public function executeRemoveDefaultCommunity(sfWebRequest $request)
{
+ $request->checkCSRFProtection();
+
$communityConfig = CommunityConfigPeer::retrieveByNameAndCommunityId('is_default', $request->getParameter('id'));
$this->forward404Unless($communityConfig);
diff --git a/apps/pc_backend/modules/community/templates/defaultCommunityListSuccess.php b/apps/pc_backend/modules/community/templates/defaultCommunityListSuccess.php
index 4a7ef3f..9cc4e2c 100644
--- a/apps/pc_backend/modules/community/templates/defaultCommunityListSuccess.php
+++ b/apps/pc_backend/modules/community/templates/defaultCommunityListSuccess.php
@@ -22,12 +22,16 @@
<th>管理者名</th>
<th>操作</th>
</tr>
+<?php
+$form = new sfForm();
+$csrfToken = '&'.$form->getCSRFFieldName().'='.$form->getCSRFToken();
+?>
<?php foreach ($communities as $community): ?>
<tr>
<td><?php echo $community->getId() ?></td>
<td><?php echo $community->getName() ?></td>
<td><?php echo $community->getAdminMember()->getName() ?></td>
-<td><?php echo link_to('削除', 'community/removeDefaultCommunity?id='.$community->getId()) ?></td>
+<td><?php echo link_to('削除', 'community/removeDefaultCommunity?id='.$community->getId().$csrfToken) ?></td>
</tr>
<?php endforeach; ?>
</table>
diff --git a/apps/pc_backend/modules/community/templates/deleteSuccess.php b/apps/pc_backend/modules/community/templates/deleteSuccess.php
index 4db0a16..1f15518 100644
--- a/apps/pc_backend/modules/community/templates/deleteSuccess.php
+++ b/apps/pc_backend/modules/community/templates/deleteSuccess.php
@@ -6,10 +6,15 @@
<p><?php echo __('本当にこのコミュニティを削除してもよろしいですか?') ?></p>
+<?php
+$form = new sfForm();
+$csrfToken = '<input type="hidden" name="'.$form->getCSRFFieldName().'" value="'.$form->getCSRFToken().'"/>';
+?>
+
<form action="<?php url_for('community/delete?id='.$community->getId()) ?>" method="post">
<?php include_partial('community/communityInfo', array(
'community' => $community,
- 'moreInfo' => array('<input type="submit" value="削除" />')
+ 'moreInfo' => array($csrfToken.'<input type="submit" value="削除" />')
)); ?>
</form>
diff --git a/apps/pc_backend/modules/default/actions/csrfErrorAction.class.php b/apps/pc_backend/modules/default/actions/csrfErrorAction.class.php
new file mode 100644
index 0000000..73dc29b
--- /dev/null
+++ b/apps/pc_backend/modules/default/actions/csrfErrorAction.class.php
@@ -0,0 +1,23 @@
+<?php
+
+ /**
+ * This file is part of the OpenPNE package.
+ * (c) OpenPNE Project (http://www.openpne.jp/)
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file and the NOTICE file that were distributed with this source code.
+ */
+
+ /**
+ * csrfError action.
+ *
+ * @package OpenPNE
+ * @subpackage default
+ * @author Kousuke Ebihara <[email protected]>
+ */
+class csrfErrorAction extends sfAction
+{
+ public function execute($request)
+ {
+ }
+}
diff --git a/apps/pc_backend/modules/default/templates/csrfErrorSuccess.php b/apps/pc_backend/modules/default/templates/csrfErrorSuccess.php
new file mode 100644
index 0000000..20bc4b7
--- /dev/null
+++ b/apps/pc_backend/modules/default/templates/csrfErrorSuccess.php
@@ -0,0 +1 @@
+<?php echo __('CSRF attack detected.'); ?>
diff --git a/apps/pc_backend/modules/design/actions/actions.class.php b/apps/pc_backend/modules/design/actions/actions.class.php
index e5a8e8a..a47f3bf 100644
--- a/apps/pc_backend/modules/design/actions/actions.class.php
+++ b/apps/pc_backend/modules/design/actions/actions.class.php
@@ -268,6 +268,8 @@ class designActions extends sfActions
$isMobile = (bool)('mobile' === $this->app);
$this->list = array();
+ $this->deleteForm = new sfForm();
+ $this->sortForm = new sfForm();
$types = NavigationPeer::retrieveTypes($isMobile);
@@ -317,6 +319,8 @@ class designActions extends sfActions
if ($request->isMethod('post'))
{
+ $request->checkCSRFProtection();
+
$model = NavigationPeer::retrieveByPk($request->getParameter('id'));
$this->forward404Unless($model);
$model->delete();
@@ -337,6 +341,8 @@ class designActions extends sfActions
$this->forward404();
}
+ $request->checkCSRFProtection();
+
$parameters = $request->getParameterHolder();
$keys = $parameters->getNames();
foreach ($keys as $key)
@@ -438,13 +444,6 @@ class designActions extends sfActions
$this->form->save();
$this->redirect('design/banner');
}
- if (!isset($params['file']))
- {
- $banner->setName($params['name']);
- $banner->setUrl($params['url']);
- $banner->save();
- $this->redirect('design/banner');
- }
}
}
@@ -463,6 +462,7 @@ class designActions extends sfActions
if ($request->isMethod(sfWebRequest::POST))
{
+ $request->checkCSRFProtection();
$banner->delete();
$this->redirect('design/banner');
}
diff --git a/apps/pc_backend/modules/design/templates/bannerdeleteSuccess.php b/apps/pc_backend/modules/design/templates/bannerdeleteSuccess.php
index af2759e..86acd23 100644
--- a/apps/pc_backend/modules/design/templates/bannerdeleteSuccess.php
+++ b/apps/pc_backend/modules/design/templates/bannerdeleteSuccess.php
@@ -2,8 +2,12 @@
<?php include_partial('submenu'); ?>
<?php end_slot() ?>
+<?php $form = new sfForm() ?>
<h2><?php echo __('Delete a banner image') ?></h2>
<p><?php echo __('Delete truly this banner image?') ?></p>
<form action="" method="post">
-<td colspan="2"><input type="submit" value="<?php echo __('Delete') ?>" /></td>
+<td colspan="2">
+<input type="hidden" name="<?php echo $form->getCSRFFieldName() ?>" value="<?php echo $form->getCSRFToken() ?>" />
+<input type="submit" value="<?php echo __('Delete') ?>" />
+</td>
</form>
diff --git a/apps/pc_backend/modules/design/templates/navigationSuccess.php b/apps/pc_backend/modules/design/templates/navigationSuccess.php
index 18c8685..4f4e0bf 100644
--- a/apps/pc_backend/modules/design/templates/navigationSuccess.php
+++ b/apps/pc_backend/modules/design/templates/navigationSuccess.php
@@ -27,7 +27,12 @@
<?php else : ?>
<td><?php echo $form['id']->render() ?>
<input type="submit" value="<?php echo __('編集') ?>" /></form></td>
-<td><form action="<?php echo url_for('design/navigationDelete?id=' . $form->getObject()->getId()) ?>" method="post" /><input type="submit" value="<?php echo __('削除') ?>" /></form></td>
+<td>
+<form action="<?php echo url_for('design/navigationDelete?id=' . $form->getObject()->getId()) ?>" method="post">
+<?php echo $deleteForm ?>
+<input type="submit" value="<?php echo __('削除') ?>" />
+</form>
+</td>
<?php endif; ?>
</tr>
</tbody>
@@ -37,7 +42,8 @@
<?php echo sortable_element('type_'.str_replace(' ', '_', $type), array(
'tag' => 'tbody',
'only' => 'sortable',
- 'url' => 'design/navigationSort'
+ 'url' => 'design/navigationSort',
+ 'with' => 'Sortable.serialize("type_'.str_replace(' ', '_', $type).'")+"&'.urlencode($sortForm->getCSRFFieldName()).'='.urlencode($sortForm->getCSRFToken()).'"',
)) ?>
<?php endforeach; ?>
diff --git a/apps/pc_backend/modules/member/actions/actions.class.php b/apps/pc_backend/modules/member/actions/actions.class.php
index 1962507..5ac5ba0 100644
--- a/apps/pc_backend/modules/member/actions/actions.class.php
+++ b/apps/pc_backend/modules/member/actions/actions.class.php
@@ -71,6 +71,7 @@ class memberActions extends sfActions
$this->form = new sfForm();
if ($request->isMethod('post'))
{
+ $request->checkCSRFProtection();
$this->member->delete();
$this->getUser()->setFlash('notice', '退会が完了しました');
$this->redirect('member/list');
diff --git a/apps/pc_backend/modules/profile/actions/actions.class.php b/apps/pc_backend/modules/profile/actions/actions.class.php
index edf2be2..0b05360 100644
--- a/apps/pc_backend/modules/profile/actions/actions.class.php
+++ b/apps/pc_backend/modules/profile/actions/actions.class.php
@@ -39,6 +39,8 @@ class profileActions extends sfActions
$newProfileOption->setProfileId($value->getId());
$this->option_form[$value->getId()][] = new ProfileOptionForm($newProfileOption);
}
+
+ $this->tokenForm = new sfForm();
}
/**
@@ -100,7 +102,9 @@ class profileActions extends sfActions
$this->profile = ProfilePeer::retrieveByPk($request->getParameter('id'));
$this->forward404Unless($this->profile);
- if ($request->isMethod('post')) {
+ if ($request->isMethod('post'))
+ {
+ $request->checkCSRFProtection();
$this->profile->delete();
$this->redirect('profile/list');
}
@@ -116,7 +120,9 @@ class profileActions extends sfActions
$this->profileOption = ProfileOptionPeer::retrieveByPk($request->getParameter('id'));
$this->forward404Unless($this->profileOption);
- if ($request->isMethod('post')) {
+ if ($request->isMethod('post'))
+ {
+ $request->checkCSRFProtection();
$this->profileOption->delete();
}
$this->redirect('profile/list');
@@ -131,6 +137,7 @@ class profileActions extends sfActions
{
if ($request->isXmlHttpRequest())
{
+ $request->checkCSRFProtection();
$order = $request->getParameter('profiles');
for ($i = 0; $i < count($order); $i++)
{
@@ -154,6 +161,7 @@ class profileActions extends sfActions
{
if ($request->isXmlHttpRequest())
{
+ $request->checkCSRFProtection();
$parameters = $request->getParameterHolder();
$keys = $parameters->getNames();
foreach ($keys as $key)
diff --git a/apps/pc_backend/modules/profile/templates/deleteSuccess.php b/apps/pc_backend/modules/profile/templates/deleteSuccess.php
index 94fd037..e10ec5e 100644
--- a/apps/pc_backend/modules/profile/templates/deleteSuccess.php
+++ b/apps/pc_backend/modules/profile/templates/deleteSuccess.php
@@ -1,6 +1,7 @@
<h2>プロフィール項目削除</h2>
<p>本当に削除してもよろしいですか?</p>
<p>※この項目に対するメンバーの入力値も失われます。</p>
-<form action="<?php echo url_for('profile/delete?id=' . $profile->getId()) ?>" method="post">
+<form action="<?php echo url_for('profile/delete?id='.$profile->getId()) ?>" method="post">
+<?php $formCSRF = new sfForm(); ?><input type="hidden" name="<?php echo $formCSRF->getCSRFFieldName() ?>" value="<?php echo $formCSRF->getCSRFToken() ?>" />
<input type="submit" value="削除する" />
</form>
diff --git a/apps/pc_backend/modules/profile/templates/listSuccess.php b/apps/pc_backend/modules/profile/templates/listSuccess.php
index d0960ff..99736ef 100644
--- a/apps/pc_backend/modules/profile/templates/listSuccess.php
+++ b/apps/pc_backend/modules/profile/templates/listSuccess.php
@@ -47,8 +47,9 @@
<?php endforeach; ?>
</table>
<?php echo sortable_element('profiles',array(
- 'tag' => 'tbody',
- 'url' => 'profile/sortProfile'
+ 'tag' => 'tbody',
+ 'url' => 'profile/sortProfile',
+ 'with' => 'Sortable.serialize("profiles")+"&'.urlencode($tokenForm->getCSRFFieldName()).'='.urlencode($tokenForm->getCSRFToken()).'"'
)) ?>
<h3>プロフィール選択肢一覧</h3>
@@ -68,8 +69,8 @@
<?php else: ?>
<tbody>
<?php endif; ?>
-<form action="<?php echo url_for('profile/editOption?id=' . $form->getObject()->getId()) ?>" method="post">
<tr>
+<form action="<?php echo url_for('profile/editOption?id='.$form->getObject()->getId()) ?>" method="post">
<td><?php echo ($form->getObject()->isNew() ? '-' : $form->getObject()->getId()) ?></td>
<td>
<?php echo $form['ja_JP']['value']->render() ?>
@@ -87,9 +88,10 @@
</td>
</form>
<td>
-<?php echo $form['id']->render() ?>
-<?php echo $form['profile_id']->render() ?>
-<form action="<?php echo url_for('profile/deleteOption?id=' . $form->getObject()->getId()) ?>" method="post">
+<form action="<?php echo url_for('profile/deleteOption?id='.$form->getObject()->getId()) ?>" method="post">
+<?php echo $form['id']->render(), "\n" ?>
+<?php echo $form['profile_id']->render(), "\n" ?>
+<?php $formCSRF = new sfForm(); ?><input type="hidden" name="<?php echo $formCSRF->getCSRFFieldName() ?>" value="<?php echo $formCSRF->getCSRFToken() ?>" />
<input type="submit" value="削除" />
</form>
</td>
@@ -101,7 +103,8 @@
<?php echo sortable_element('profile_options_'.$value->getId(),array(
'tag' => 'tbody',
'only' => 'sortable',
- 'url' => 'profile/sortProfileOption'
+ 'url' => 'profile/sortProfileOption',
+ 'with' => 'Sortable.serialize("profile_options_'.$value->getId().'")+"&'.urlencode($tokenForm->getCSRFFieldName()).'='.urlencode($tokenForm->getCSRFToken()).'"'
)) ?>
<?php endif; ?>
<?php endforeach; ?>
diff --git a/apps/pc_frontend/modules/community/templates/_cautionAboutCommunityMemberPre.php b/apps/pc_frontend/modules/community/templates/_cautionAboutCommunityMemberPre.php
index f9764a6..dd79766 100644
--- a/apps/pc_frontend/modules/community/templates/_cautionAboutCommunityMemberPre.php
+++ b/apps/pc_frontend/modules/community/templates/_cautionAboutCommunityMemberPre.php
@@ -1,3 +1,4 @@
+<?php $form = new sfForm() ?>
<?php foreach ($communityMembers as $communityMember) : ?>
<p class="caution">
<?php echo __('%1% send request for participation to %2%.', array(
@@ -6,6 +7,7 @@
)) ?>
&nbsp;
<?php $param = 'id='.$communityMember->getCommunityId().'&member_id='.$communityMember->getMemberId(); ?>
+<?php $param .= '&'.$form->getCSRFFieldName().'='.$form->getCSRFToken() ?>
<?php echo link_to(__('Permits'), 'community/joinAccept?'.$param) ?>
&nbsp;
<?php echo link_to(__('Refuses'), 'community/joinReject?'.$param) ?>
diff --git a/apps/pc_frontend/modules/community/templates/deleteSuccess.php b/apps/pc_frontend/modules/community/templates/deleteSuccess.php
index 151aff1..dbf0a7d 100644
--- a/apps/pc_frontend/modules/community/templates/deleteSuccess.php
+++ b/apps/pc_frontend/modules/community/templates/deleteSuccess.php
@@ -1,7 +1,9 @@
<?php
+$form = new sfForm();
op_include_parts('yesNo', 'deleteConfirmForm', array(
'title' => __('Do you delete this community?'),
- 'yes_form' => '<input type="hidden" name="is_delete">',
+ 'yes_form' => '<input type="hidden" name="is_delete"/>'
+ . '<input type="hidden" name="'.$form->getCSRFFieldName().'" value="'.$form->getCSRFToken().'"/>',
'button' => __('Delete'),
))
?>
diff --git a/apps/pc_frontend/modules/friend/templates/_cautionAboutFriendPre.php b/apps/pc_frontend/modules/friend/templates/_cautionAboutFriendPre.php
index cef9f3b..d2f20b9 100644
--- a/apps/pc_frontend/modules/friend/templates/_cautionAboutFriendPre.php
+++ b/apps/pc_frontend/modules/friend/templates/_cautionAboutFriendPre.php
@@ -1,11 +1,14 @@
+<?php $form = new sfForm() ?>
<?php foreach ($sf_user->getMember()->getFriendPreTo() as $key => $value) : ?>
<p class="caution">
<?php
$member = $value->getMemberRelatedByMemberIdFrom();
echo __('%1% sent my friends request to you!', array('%1%' => link_to($member->getName(), 'member/profile?id='.$member->getId()))) ?>
&nbsp;
-<?php echo link_to(__('Permits'), 'friend/linkAccept?id='.$member->getId()) ?>
+<?php $param = 'id='.$member->getId() ?>
+<?php $param .= '&'.$form->getCSRFFieldName().'='.$form->getCSRFToken() ?>
+<?php echo link_to(__('Permits'), 'friend/linkAccept?'.$param) ?>
&nbsp;
-<?php echo link_to(__('Refuses'), 'friend/linkReject?id='.$member->getId()) ?>
+<?php echo link_to(__('Refuses'), 'friend/linkReject?'.$param) ?>
</p>
<?php endforeach; ?>
diff --git a/apps/pc_frontend/templates/_partsMemberImagesBox.php b/apps/pc_frontend/templates/_partsMemberImagesBox.php
index e172966..f476bcd 100644
--- a/apps/pc_frontend/templates/_partsMemberImagesBox.php
+++ b/apps/pc_frontend/templates/_partsMemberImagesBox.php
@@ -1,5 +1,7 @@
<table>
<tr>
+<?php $form = new sfForm() ?>
+<?php $csrfToken = '&'.$form->getCSRFFieldName().'='.$form->getCSRFToken() ?>
<?php for ($i = 0; $i < 3; $i++) : ?>
<td>
<?php if (isset($options['images'][$i])) : ?>
@@ -7,11 +9,11 @@
<?php echo image_tag_sf_image($image->getFile(), array('size' => '180x180')) ?><br />
<?php if (isset($options['form'])) : ?>
[
-<?php echo link_to(__('Delete'), 'member/deleteImage?member_image_id='.$image->getId()) ?> |
+<?php echo link_to(__('Delete'), 'member/deleteImage?member_image_id='.$image->getId().$csrfToken) ?> |
<?php if ($image->getIsPrimary()) : ?>
<?php echo(__('Main Photo')) ?>
<?php else: ?>
-<?php echo link_to(__('Main Photo'), 'member/changeMainImage?member_image_id='.$image->getId()) ?>
+<?php echo link_to(__('Main Photo'), 'member/changeMainImage?member_image_id='.$image->getId().$csrfToken) ?>
<?php endif; ?>
]
<?php endif; ?>
diff --git a/data/version.php b/data/version.php
index abf024b..30b5ff5 100644
--- a/data/version.php
+++ b/data/version.php
@@ -10,5 +10,5 @@
if (!defined('OPENPNE_VERSION'))
{
- define('OPENPNE_VERSION', '3.0.8');
+ define('OPENPNE_VERSION', '3.0.8.1');
}
diff --git a/lib/action/sfOpenPNECommunityAction.class.php b/lib/action/sfOpenPNECommunityAction.class.php
index 23a2d9e..b4bc6e3 100644
--- a/lib/action/sfOpenPNECommunityAction.class.php
+++ b/lib/action/sfOpenPNECommunityAction.class.php
@@ -112,8 +112,9 @@ abstract class sfOpenPNECommunityAction extends sfActions
if ($request->isMethod('post'))
{
- if($request->hasParameter('is_delete'))
+ if ($request->hasParameter('is_delete'))
{
+ $request->checkCSRFProtection();
$community = CommunityPeer::retrieveByPk($this->id);
if ($community)
{
@@ -231,6 +232,7 @@ abstract class sfOpenPNECommunityAction extends sfActions
*/
public function executeJoinAccept($request)
{
+ $request->checkCSRFProtection();
$this->redirectUnless($this->isAdmin, '@error');
$communityMember = CommunityMemberPeer::retrieveByMemberIdAndCommunityId($request->getParameter('member_id'), $this->id);
@@ -252,8 +254,9 @@ abstract class sfOpenPNECommunityAction extends sfActions
*/
public function executeJoinReject($request)
{
+ $request->checkCSRFProtection();
$this->forward404Unless($this->isAdmin);
-
+
$communityMember = CommunityMemberPeer::retrieveByMemberIdAndCommunityId($request->getParameter('member_id'), $this->id);
$this->forward404Unless($communityMember);
diff --git a/lib/action/sfOpenPNEFriendAction.class.php b/lib/action/sfOpenPNEFriendAction.class.php
index d29dce4..9ef4278 100644
--- a/lib/action/sfOpenPNEFriendAction.class.php
+++ b/lib/action/sfOpenPNEFriendAction.class.php
@@ -103,6 +103,7 @@ abstract class sfOpenPNEFriendAction extends sfActions
*/
public function executeLinkAccept($request)
{
+ $request->checkCSRFProtection();
$this->forward404Unless($this->relation->isFriendPreTo());
$this->redirectToHomeIfIdIsNotValid();
@@ -119,6 +120,7 @@ abstract class sfOpenPNEFriendAction extends sfActions
*/
public function executeLinkReject($request)
{
+ $request->checkCSRFProtection();
$this->forward404Unless($this->relation->isFriendPreTo());
$this->redirectToHomeIfIdIsNotValid();
diff --git a/lib/action/sfOpenPNEMemberAction.class.php b/lib/action/sfOpenPNEMemberAction.class.php
index 571382e..187c729 100644
--- a/lib/action/sfOpenPNEMemberAction.class.php
+++ b/lib/action/sfOpenPNEMemberAction.class.php
@@ -356,6 +356,7 @@ abstract class sfOpenPNEMemberAction extends sfActions
public function executeDeleteImage($request)
{
+ $request->checkCSRFProtection();
$image = MemberImagePeer::retrieveByPk($request->getParameter('member_image_id'));
$this->forward404Unless($image);
$this->forward404Unless($image->getMemberId() == $this->getUser()->getMemberId());
@@ -367,6 +368,7 @@ abstract class sfOpenPNEMemberAction extends sfActions
public function executeChangeMainImage($request)
{
+ $request->checkCSRFProtection();
$image = MemberImagePeer::retrieveByPk($request->getParameter('member_image_id'));
$this->forward404Unless($image);
$this->forward404Unless($image->getMemberId() == $this->getUser()->getMemberId());
diff --git a/lib/form/BannerImageForm.class.php b/lib/form/BannerImageForm.class.php
index b091bbc..68a1c67 100644
--- a/lib/form/BannerImageForm.class.php
+++ b/lib/form/BannerImageForm.class.php
@@ -24,7 +24,7 @@ class BannerImageForm extends BaseBannerImageForm
$this->setWidget('url', new sfWidgetFormInput(array(), array('size' => 40)));
$this->setWidget('name', new sfWidgetFormInput());
$this->setValidators(array(
- 'file' => new opValidatorImageFile(),
+ 'file' => new opValidatorImageFile(array('required' => $this->isNew())),
'url' => new sfValidatorPass(),
'name' => new sfValidatorPass(),
));
@@ -38,10 +38,6 @@ class BannerImageForm extends BaseBannerImageForm
public function save()
{
- $file = new File();
- $file->setFromValidatedFile($this->getValue('file'));
- $file->setName('b_'.$file->getName());
-
if ($this->isNew())
{
$bannerImage = new BannerImage();
@@ -50,7 +46,15 @@ class BannerImageForm extends BaseBannerImageForm
{
$bannerImage = $this->getObject();
}
- $bannerImage->setFile($file);
+
+ if ($this->getValue('file'))
+ {
+ $file = new File();
+ $file->setFromValidatedFile($this->getValue('file'));
+ $file->setName('b_'.$file->getName());
+ $bannerImage->setFile($file);
+ }
+
$bannerImage->setUrl($this->getValue('url'));
$bannerImage->setName($this->getValue('name'));
Raw
3.2.7-to-3.2.7.1.patch
diff --git a/apps/mobile_frontend/modules/community/templates/deleteSuccess.php b/apps/mobile_frontend/modules/community/templates/deleteSuccess.php
index 016760a..acea753 100644
--- a/apps/mobile_frontend/modules/community/templates/deleteSuccess.php
+++ b/apps/mobile_frontend/modules/community/templates/deleteSuccess.php
@@ -1,8 +1,10 @@
<?php op_mobile_page_title(__('Delete this %community%'), $community->getName()) ?>
<?php
+$form = new sfForm();
op_include_parts('yesNo', 'deleteConfirmForm', array(
'body' => __('Do you delete this %community%?'),
- 'yes_form' => '<input type="hidden" name="is_delete">',
+ 'yes_form' => '<input type="hidden" name="is_delete">'
+ . '<input type="hidden" name="'.$form->getCSRFFieldName().'" value="'.$form->getCSRFToken().'">',
'button' => __('Delete'),
))
?>
diff --git a/apps/mobile_frontend/modules/member/templates/configImageSuccess.php b/apps/mobile_frontend/modules/member/templates/configImageSuccess.php
index bf4e27a..837010d 100644
--- a/apps/mobile_frontend/modules/member/templates/configImageSuccess.php
+++ b/apps/mobile_frontend/modules/member/templates/configImageSuccess.php
@@ -3,6 +3,8 @@
<?php $_member = $sf_user->getMember() ?>
<?php $images = $_member->getMemberImage() ?>
<?php if ($images->count()): ?>
+<?php $form = new sfForm() ?>
+<?php $csrfToken = '&'.$form->getCSRFFieldName().'='.$form->getCSRFToken() ?>
<?php foreach ($images as $image) : ?>
<?php echo image_tag_sf_image($image->getFile(), array('size' => '120x120', 'format' => 'jpg')) ?><br>
<?php echo sprintf('[%s]',link_to(__('Expansion'), sf_image_path($image->getFile(), array('size' => '320x320', 'format' => 'jpg')))) ?><br>
@@ -13,7 +15,7 @@ if ($image->getIsPrimary())
}
else
{
- $main = link_to(__('Main Photo'), 'member/changeMainImage?member_image_id='.$image->getId());
+ $main = link_to(__('Main Photo'), 'member/changeMainImage?member_image_id='.$image->getId().$csrfToken);
}
?>
<?php echo sprintf('[%s|%s]', link_to(__('Delete'), 'member/deleteImage?member_image_id='.$image->getId()), $main) ?>
diff --git a/apps/pc_backend/modules/community/actions/actions.class.php b/apps/pc_backend/modules/community/actions/actions.class.php
index d95a8bf..398436b 100644
--- a/apps/pc_backend/modules/community/actions/actions.class.php
+++ b/apps/pc_backend/modules/community/actions/actions.class.php
@@ -59,6 +59,7 @@ class communityActions extends sfActions
if ($request->isMethod(sfRequest::POST))
{
+ $request->checkCSRFProtection();
$this->community->delete();
$this->getUser()->setFlash('notice', 'Deleted.');
$this->redirect('community/list');
@@ -96,6 +97,8 @@ class communityActions extends sfActions
*/
public function executeRemoveDefaultCommunity(sfWebRequest $request)
{
+ $request->checkCSRFProtection();
+
$communityConfig = Doctrine::getTable('CommunityConfig')->retrieveByNameAndCommunityId('is_default', $request->getParameter('id'));
$this->forward404Unless($communityConfig);
diff --git a/apps/pc_backend/modules/community/templates/defaultCommunityListSuccess.php b/apps/pc_backend/modules/community/templates/defaultCommunityListSuccess.php
index 2a67979..32acdfe 100644
--- a/apps/pc_backend/modules/community/templates/defaultCommunityListSuccess.php
+++ b/apps/pc_backend/modules/community/templates/defaultCommunityListSuccess.php
@@ -22,12 +22,16 @@
<th>管理者名</th>
<th>操作</th>
</tr>
+<?php
+$form = new sfForm();
+$csrfToken = '&'.$form->getCSRFFieldName().'='.$form->getCSRFToken();
+?>
<?php foreach ($communities as $community): ?>
<tr>
<td><?php echo $community->getId() ?></td>
<td><?php echo $community->getName() ?></td>
<td><?php echo $community->getAdminMember()->getName() ?></td>
-<td><?php echo link_to('削除', 'community/removeDefaultCommunity?id='.$community->getId()) ?></td>
+<td><?php echo link_to('削除', 'community/removeDefaultCommunity?id='.$community->getId().$csrfToken) ?></td>
</tr>
<?php endforeach; ?>
</table>
diff --git a/apps/pc_backend/modules/community/templates/deleteSuccess.php b/apps/pc_backend/modules/community/templates/deleteSuccess.php
index 4db0a16..1f15518 100644
--- a/apps/pc_backend/modules/community/templates/deleteSuccess.php
+++ b/apps/pc_backend/modules/community/templates/deleteSuccess.php
@@ -6,10 +6,15 @@
<p><?php echo __('本当にこのコミュニティを削除してもよろしいですか?') ?></p>
+<?php
+$form = new sfForm();
+$csrfToken = '<input type="hidden" name="'.$form->getCSRFFieldName().'" value="'.$form->getCSRFToken().'"/>';
+?>
+
<form action="<?php url_for('community/delete?id='.$community->getId()) ?>" method="post">
<?php include_partial('community/communityInfo', array(
'community' => $community,
- 'moreInfo' => array('<input type="submit" value="削除" />')
+ 'moreInfo' => array($csrfToken.'<input type="submit" value="削除" />')
)); ?>
</form>
diff --git a/apps/pc_backend/modules/default/actions/csrfErrorAction.class.php b/apps/pc_backend/modules/default/actions/csrfErrorAction.class.php
new file mode 100644
index 0000000..73dc29b
--- /dev/null
+++ b/apps/pc_backend/modules/default/actions/csrfErrorAction.class.php
@@ -0,0 +1,23 @@
+<?php
+
+ /**
+ * This file is part of the OpenPNE package.
+ * (c) OpenPNE Project (http://www.openpne.jp/)
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file and the NOTICE file that were distributed with this source code.
+ */
+
+ /**
+ * csrfError action.
+ *
+ * @package OpenPNE
+ * @subpackage default
+ * @author Kousuke Ebihara <[email protected]>
+ */
+class csrfErrorAction extends sfAction
+{
+ public function execute($request)
+ {
+ }
+}
diff --git a/apps/pc_backend/modules/default/templates/csrfErrorSuccess.php b/apps/pc_backend/modules/default/templates/csrfErrorSuccess.php
new file mode 100644
index 0000000..20bc4b7
--- /dev/null
+++ b/apps/pc_backend/modules/default/templates/csrfErrorSuccess.php
@@ -0,0 +1 @@
+<?php echo __('CSRF attack detected.'); ?>
diff --git a/apps/pc_backend/modules/design/actions/actions.class.php b/apps/pc_backend/modules/design/actions/actions.class.php
index 733ed1a..2066e28 100644
--- a/apps/pc_backend/modules/design/actions/actions.class.php
+++ b/apps/pc_backend/modules/design/actions/actions.class.php
@@ -381,13 +381,6 @@ class designActions extends sfActions
$this->form->save();
$this->redirect('design/banner');
}
- if (!isset($params['file']))
- {
- $banner->setName($params['name']);
- $banner->setUrl($params['url']);
- $banner->save();
- $this->redirect('design/banner');
- }
}
}
@@ -406,6 +399,7 @@ class designActions extends sfActions
if ($request->isMethod(sfWebRequest::POST))
{
+ $request->checkCSRFProtection();
$banner->delete();
$this->redirect('design/banner');
}
diff --git a/apps/pc_backend/modules/design/templates/bannerdeleteSuccess.php b/apps/pc_backend/modules/design/templates/bannerdeleteSuccess.php
index af2759e..86acd23 100644
--- a/apps/pc_backend/modules/design/templates/bannerdeleteSuccess.php
+++ b/apps/pc_backend/modules/design/templates/bannerdeleteSuccess.php
@@ -2,8 +2,12 @@
<?php include_partial('submenu'); ?>
<?php end_slot() ?>
+<?php $form = new sfForm() ?>
<h2><?php echo __('Delete a banner image') ?></h2>
<p><?php echo __('Delete truly this banner image?') ?></p>
<form action="" method="post">
-<td colspan="2"><input type="submit" value="<?php echo __('Delete') ?>" /></td>
+<td colspan="2">
+<input type="hidden" name="<?php echo $form->getCSRFFieldName() ?>" value="<?php echo $form->getCSRFToken() ?>" />
+<input type="submit" value="<?php echo __('Delete') ?>" />
+</td>
</form>
diff --git a/apps/pc_backend/modules/member/actions/actions.class.php b/apps/pc_backend/modules/member/actions/actions.class.php
index fadf249..15e2e13 100644
--- a/apps/pc_backend/modules/member/actions/actions.class.php
+++ b/apps/pc_backend/modules/member/actions/actions.class.php
@@ -72,6 +72,7 @@ class memberActions extends sfActions
$this->form = new sfForm();
if ($request->isMethod('post'))
{
+ $request->checkCSRFProtection();
$this->member->delete();
$this->getUser()->setFlash('notice', '退会が完了しました');
$this->redirect('member/list');
diff --git a/apps/pc_backend/modules/navigation/actions/actions.class.php b/apps/pc_backend/modules/navigation/actions/actions.class.php
index 11a94ac..b8e2e6c 100644
--- a/apps/pc_backend/modules/navigation/actions/actions.class.php
+++ b/apps/pc_backend/modules/navigation/actions/actions.class.php
@@ -36,6 +36,8 @@ class navigationActions extends sfActions
public function executeList(sfWebRequest $request)
{
$this->list = array();
+ $this->deleteForm = new sfForm();
+ $this->sortForm = new sfForm();
$types = Doctrine::getTable('Navigation')->getTypesByAppName($request->getParameter('app', 'pc'));
@@ -117,6 +119,8 @@ class navigationActions extends sfActions
{
if ($request->isMethod(sfWebRequest::POST))
{
+ $request->checkCSRFProtection();
+
$model = Doctrine::getTable('Navigation')->find($request->getParameter('id'));
$this->forward404Unless($model);
$types = Doctrine::getTable('Navigation')->getTypesByAppName($request->getParameter('app', 'pc'));
@@ -140,6 +144,8 @@ class navigationActions extends sfActions
$this->forward404();
}
+ $request->checkCSRFProtection();
+
$parameters = $request->getParameterHolder();
$keys = $parameters->getNames();
foreach ($keys as $key)
diff --git a/apps/pc_backend/modules/navigation/templates/listSuccess.php b/apps/pc_backend/modules/navigation/templates/listSuccess.php
index aadb66e..0973784 100644
--- a/apps/pc_backend/modules/navigation/templates/listSuccess.php
+++ b/apps/pc_backend/modules/navigation/templates/listSuccess.php
@@ -39,7 +39,11 @@
<?php else : ?>
<td><input type="submit" value="<?php echo __('Edit') ?>" /></td>
</form>
-<td><form action="<?php echo url_for('navigation/delete?app='.$sf_request->getParameter('app', 'pc').'&id='.$form->getObject()->getId()) ?>" method="post" /><input type="submit" value="<?php echo __('Delete') ?>" /></form></td>
+<td>
+<form action="<?php echo url_for('navigation/delete?app='.$sf_request->getParameter('app', 'pc').'&id='.$form->getObject()->getId()) ?>" method="post">
+<?php echo $deleteForm ?>
+<input type="submit" value="<?php echo __('Delete') ?>" />
+</td>
<?php endif; ?>
</tr>
</tbody>
@@ -49,7 +53,8 @@
<?php echo sortable_element('type_'.str_replace(' ', '_', $type), array(
'tag' => 'tbody',
'only' => 'sortable',
- 'url' => 'navigation/sort'
+ 'url' => 'navigation/sort',
+ 'with' => 'Sortable.serialize("type_'.str_replace(' ', '_', $type).'")+"&'.urlencode($sortForm->getCSRFFieldName()).'='.urlencode($sortForm->getCSRFToken()).'"',
)) ?>
<?php endforeach; ?>
diff --git a/apps/pc_backend/modules/profile/actions/actions.class.php b/apps/pc_backend/modules/profile/actions/actions.class.php
index de2bd45..f545849 100644
--- a/apps/pc_backend/modules/profile/actions/actions.class.php
+++ b/apps/pc_backend/modules/profile/actions/actions.class.php
@@ -50,6 +50,8 @@ class profileActions extends sfActions
$this->option_form[$profileId][$profileOptionId]->bind($parameter);
}
}
+
+ $this->tokenForm = new sfForm();
}
/**
@@ -141,7 +143,9 @@ class profileActions extends sfActions
$this->profile = Doctrine::getTable('Profile')->find($request->getParameter('id'));
$this->forward404Unless($this->profile);
- if ($request->isMethod('post')) {
+ if ($request->isMethod('post'))
+ {
+ $request->checkCSRFProtection();
$this->profile->delete();
$this->redirect('profile/list');
}
@@ -157,7 +161,9 @@ class profileActions extends sfActions
$this->profileOption = Doctrine::getTable('ProfileOption')->find($request->getParameter('id'));
$this->forward404Unless($this->profileOption);
- if ($request->isMethod('post')) {
+ if ($request->isMethod('post'))
+ {
+ $request->checkCSRFProtection();
$this->profileOption->delete();
}
$this->redirect('profile/list');
@@ -172,6 +178,7 @@ class profileActions extends sfActions
{
if ($request->isXmlHttpRequest())
{
+ $request->checkCSRFProtection();
$order = $request->getParameter('profiles');
for ($i = 0; $i < count($order); $i++)
{
@@ -195,6 +202,7 @@ class profileActions extends sfActions
{
if ($request->isXmlHttpRequest())
{
+ $request->checkCSRFProtection();
$parameters = $request->getParameterHolder();
$keys = $parameters->getNames();
foreach ($keys as $key)
diff --git a/apps/pc_backend/modules/profile/templates/deleteSuccess.php b/apps/pc_backend/modules/profile/templates/deleteSuccess.php
index 9771339..e4ba40f 100644
--- a/apps/pc_backend/modules/profile/templates/deleteSuccess.php
+++ b/apps/pc_backend/modules/profile/templates/deleteSuccess.php
@@ -1,6 +1,7 @@
-<h2><?php echo __('Delete profile entry')?></h2>
-<p><?php echo __('Do you want to delete this anyway?')?></p>
-<p><?php echo __('※All the member\'s data in this entry will be lost.')?></p>
-<form action="<?php echo url_for('profile/delete?id=' . $profile->getId()) ?>" method="post">
-<input type="submit" value=<?php echo __('Delete')?> />
+<h2><?php echo __('Delete profile entry') ?></h2>
+<p><?php echo __('Do you want to delete this anyway?') ?></p>
+<p><?php echo __('※All the member\'s data in this entry will be lost.') ?></p>
+<form action="<?php echo url_for('profile/delete?id='.$profile->getId()) ?>" method="post">
+<?php $formCSRF = new sfForm(); ?><input type="hidden" name="<?php echo $formCSRF->getCSRFFieldName() ?>" value="<?php echo $formCSRF->getCSRFToken() ?>" />
+<input type="submit" value="<?php echo __('Delete')?>" />
</form>
diff --git a/apps/pc_backend/modules/profile/templates/listSuccess.php b/apps/pc_backend/modules/profile/templates/listSuccess.php
index 330203d..b637f7f 100644
--- a/apps/pc_backend/modules/profile/templates/listSuccess.php
+++ b/apps/pc_backend/modules/profile/templates/listSuccess.php
@@ -52,8 +52,9 @@
<?php endforeach; ?>
</table>
<?php echo sortable_element('profiles',array(
- 'tag' => 'tbody',
- 'url' => 'profile/sortProfile'
+ 'tag' => 'tbody',
+ 'url' => 'profile/sortProfile',
+ 'with' => 'Sortable.serialize("profiles")+"&'.urlencode($tokenForm->getCSRFFieldName()).'='.urlencode($tokenForm->getCSRFToken()).'"'
)) ?>
<h3><?php echo __('Option list')?></h3>
@@ -78,33 +79,34 @@
<tbody>
<?php endif; ?>
<tr>
-<form action="<?php echo url_for('profile/editOption?id=' . $form->getObject()->getId()) ?>" method="post">
+<form action="<?php echo url_for('profile/editOption?id='.$form->getObject()->getId()) ?>" method="post">
<td><?php echo ($form->getObject()->isNew() ? '-' : $form->getObject()->getId()) ?></td>
<?php foreach ($languages as $language): ?>
<td>
-<?php echo $form[$language]['value']->renderError() ?>
-<?php echo $form[$language]['value']->render() ?>
+<?php echo $form[$language]['value']->renderError(), "\n" ?>
+<?php echo $form[$language]['value']->render(), "\n" ?>
</td>
<?php endforeach; ?>
-<?php if ($form->getObject()->isNew()) : ?>
-<td colspan="2">
-<?php echo $form->renderHiddenFields() ?>
-<input type="submit" value="<?php echo __('Add new option')?>" />
-</td>
-</form>
-<?php else : ?>
+<?php if (!$form->getObject()->isNew()): ?>
<td>
-<?php echo $form->renderHiddenFields() ?>
+<?php echo $form->renderHiddenFields(), "\n" ?>
<input type="submit" value="<?php echo __('Save')?>" />
</td>
</form>
<td>
-<form action="<?php echo url_for('profile/deleteOption?id=' . $form->getObject()->getId()) ?>" method="post">
+<form action="<?php echo url_for('profile/deleteOption?id='.$form->getObject()->getId()) ?>" method="post">
<?php echo $form['id']->render(), "\n" ?>
<?php echo $form['profile_id']->render(), "\n" ?>
+<?php $formCSRF = new sfForm(); ?><input type="hidden" name="<?php echo $formCSRF->getCSRFFieldName() ?>" value="<?php echo $formCSRF->getCSRFToken() ?>" />
<input type="submit" value="<?php echo __('Delete') ?>" />
</form>
</td>
+<?php else: ?>
+<td colspan="2">
+<?php echo $form->renderHiddenFields() ?>
+<input type="submit" value="<?php echo __('Add new option')?>" />
+</td>
+</form>
<?php endif; ?>
</tr>
</tbody>
@@ -113,7 +115,8 @@
<?php echo sortable_element('profile_options_'.$value->getId(),array(
'tag' => 'tbody',
'only' => 'sortable',
- 'url' => 'profile/sortProfileOption'
+ 'url' => 'profile/sortProfileOption',
+ 'with' => 'Sortable.serialize("profile_options_'.$value->getId().'")+"&'.urlencode($tokenForm->getCSRFFieldName()).'='.urlencode($tokenForm->getCSRFToken()).'"'
)) ?>
<?php endif; ?>
<?php endforeach; ?>
diff --git a/apps/pc_backend/modules/sns/actions/actions.class.php b/apps/pc_backend/modules/sns/actions/actions.class.php
index 980c521..dcb523d 100644
--- a/apps/pc_backend/modules/sns/actions/actions.class.php
+++ b/apps/pc_backend/modules/sns/actions/actions.class.php
@@ -112,6 +112,7 @@ class snsActions extends sfActions
public function executeRichTextarea(sfWebRequest $request)
{
+ $this->sortForm = new sfForm();
$this->configForm = new opRichTextareaOpenPNEConfigForm();
$this->buttonConfigForm = new opRichTextareaOpenPNEButtonConfigForm();
$this->buttonConfig = opWidgetFormRichTextareaOpenPNE::getAllButtons();
@@ -131,6 +132,8 @@ class snsActions extends sfActions
{
if ($request->isXmlHttpRequest())
{
+ $request->checkCSRFProtection();
+
$buttons = $request->getParameter('button');
Doctrine::getTable('SnsConfig')->set('richtextarea_buttons_sort_order', serialize($buttons));
}
diff --git a/apps/pc_backend/modules/sns/templates/richTextareaSuccess.php b/apps/pc_backend/modules/sns/templates/richTextareaSuccess.php
index 1167358..fcd91d2 100644
--- a/apps/pc_backend/modules/sns/templates/richTextareaSuccess.php
+++ b/apps/pc_backend/modules/sns/templates/richTextareaSuccess.php
@@ -38,5 +38,6 @@
'tag' => 'tbody',
'only' => 'sortable',
'format' => '/^button_(.*)$/',
- 'url' => 'sns/changeRichTextareaButtonOrder'
+ 'url' => 'sns/changeRichTextareaButtonOrder',
+ 'with' => 'Sortable.serialize("button")+"&'.urlencode($sortForm->getCSRFFieldName()).'='.urlencode($sortForm->getCSRFToken()).'"',
)) ?>
diff --git a/apps/pc_frontend/modules/community/templates/deleteSuccess.php b/apps/pc_frontend/modules/community/templates/deleteSuccess.php
index 1e92533..6aa3e3d 100644
--- a/apps/pc_frontend/modules/community/templates/deleteSuccess.php
+++ b/apps/pc_frontend/modules/community/templates/deleteSuccess.php
@@ -1,7 +1,9 @@
<?php
+$form = new sfForm();
op_include_parts('yesNo', 'deleteConfirmForm', array(
'title' => __('Do you delete this %community%?'),
- 'yes_form' => '<input type="hidden" name="is_delete">',
+ 'yes_form' => '<input type="hidden" name="is_delete"/>'
+ . '<input type="hidden" name="'.$form->getCSRFFieldName().'" value="'.$form->getCSRFToken().'"/>',
'button' => __('Delete'),
))
?>
diff --git a/apps/pc_frontend/modules/googlemaps/actions/actions.class.php b/apps/pc_frontend/modules/googlemaps/actions/actions.class.php
index 911c6a2..86378c7 100644
--- a/apps/pc_frontend/modules/googlemaps/actions/actions.class.php
+++ b/apps/pc_frontend/modules/googlemaps/actions/actions.class.php
@@ -17,11 +17,6 @@ class googlemapsActions extends sfActions
*/
public function executeIndex(sfWebRequest $request)
{
- $this->x = $request->getParameter('x');
- $this->y = $request->getParameter('y');
- $this->z = $request->getParameter('z');
- $this->q = $request->getParameter('q');
-
$this->mapType = 'G_NORMAL_MAP';
switch ($request->getParameter('t'))
{
diff --git a/apps/pc_frontend/modules/googlemaps/templates/indexSuccess.php b/apps/pc_frontend/modules/googlemaps/templates/indexSuccess.php
index 3faf61b..558334b 100644
--- a/apps/pc_frontend/modules/googlemaps/templates/indexSuccess.php
+++ b/apps/pc_frontend/modules/googlemaps/templates/indexSuccess.php
@@ -11,16 +11,34 @@
<?php use_javascript('http://maps.google.co.jp/maps?file=api&v=2.x&key='.$op_config['google_maps_api_key']) ?>
<?php
$googlemaps_script = <<<EOM
+// parse request parameters
+var request = {
+ x: "", y: "", z: "", q: ""
+};
+var params = window.location.search.substr(1).split('&');
+for (var i = 0; i < params.length; i++) {
+ var parts = params[i].split('=');
+
+ var n = parts[0];
+ var v = decodeURIComponent(parts[1]);
+ if ("z" == n)
+ {
+ v = parseInt(v);
+ }
+ request[n] = v;
+}
+var MapType = %s; // It is not user-inputed values
+
var gls;
var gMap;
function OnLocalSearch() {
if (!gls.results) return;
var first = gls.results[0];
var point = new GLatLng(parseFloat(first.lat), parseFloat(first.lng));
- var zoom = (%s);
+ var zoom = request.z;
gMap.addControl(new GSmallMapControl());
gMap.addControl(new GMapTypeControl());
- gMap.setMapType((%s));
+ gMap.setMapType(MapType);
gMap.setCenter(point, zoom);
var marker = new GMarker(point);
gMap.addOverlay(marker);
@@ -28,7 +46,7 @@ function OnLocalSearch() {
}
function load() {
if (GBrowserIsCompatible()) {
- if (((%s) == 0) && ((%s) == 0)){
+ if ((request.x == 0) && (request.y == 0)){
gMap = new GMap2(document.getElementById('map'));
gMap.addControl(new GSmallMapControl());
gMap.addControl(new GMapTypeControl());
@@ -36,16 +54,16 @@ function load() {
gls = new GlocalSearch();
gls.setCenterPoint(gMap);
gls.setSearchCompleteCallback(null, OnLocalSearch);
- var q = '(%s)';
+ var q = request.q;
gls.execute(q);
} else {
- var point = new GLatLng((%s), (%s));
- var zoom = (%s);
+ var point = new GLatLng(request.x, request.y);
+ var zoom = request.z;
gMap = new GMap2(document.getElementById('map'));
gMap.addControl(new GSmallMapControl());
gMap.addControl(new GMapTypeControl());
gMap.setCenter(point, zoom);
- gMap.setMapType((%s));
+ gMap.setMapType(MapType);
var marker = new GMarker(point);
gMap.addOverlay(marker);
geocoder = new GClientGeocoder();
@@ -53,7 +71,7 @@ function load() {
}
}
EOM;
-echo javascript_tag(sprintf($googlemaps_script, $z, $mapType, $x, $y, $q, $x, $y, $z, $mapType)); ?>
+echo javascript_tag(sprintf($googlemaps_script, $mapType)); ?>
<?php endif; ?>
<?php include_stylesheets() ?>
<?php include_javascripts() ?>
diff --git a/apps/pc_frontend/templates/_partsMemberImagesBox.php b/apps/pc_frontend/templates/_partsMemberImagesBox.php
index e172966..f476bcd 100644
--- a/apps/pc_frontend/templates/_partsMemberImagesBox.php
+++ b/apps/pc_frontend/templates/_partsMemberImagesBox.php
@@ -1,5 +1,7 @@
<table>
<tr>
+<?php $form = new sfForm() ?>
+<?php $csrfToken = '&'.$form->getCSRFFieldName().'='.$form->getCSRFToken() ?>
<?php for ($i = 0; $i < 3; $i++) : ?>
<td>
<?php if (isset($options['images'][$i])) : ?>
@@ -7,11 +9,11 @@
<?php echo image_tag_sf_image($image->getFile(), array('size' => '180x180')) ?><br />
<?php if (isset($options['form'])) : ?>
[
-<?php echo link_to(__('Delete'), 'member/deleteImage?member_image_id='.$image->getId()) ?> |
+<?php echo link_to(__('Delete'), 'member/deleteImage?member_image_id='.$image->getId().$csrfToken) ?> |
<?php if ($image->getIsPrimary()) : ?>
<?php echo(__('Main Photo')) ?>
<?php else: ?>
-<?php echo link_to(__('Main Photo'), 'member/changeMainImage?member_image_id='.$image->getId()) ?>
+<?php echo link_to(__('Main Photo'), 'member/changeMainImage?member_image_id='.$image->getId().$csrfToken) ?>
<?php endif; ?>
]
<?php endif; ?>
diff --git a/data/version.php b/data/version.php
index 5466766..f50847e 100644
--- a/data/version.php
+++ b/data/version.php
@@ -10,5 +10,5 @@
if (!defined('OPENPNE_VERSION'))
{
- define('OPENPNE_VERSION', '3.2.7');
+ define('OPENPNE_VERSION', '3.2.7.1');
}
diff --git a/lib/action/sfOpenPNECommunityAction.class.php b/lib/action/sfOpenPNECommunityAction.class.php
index 0e07fce..f2efc0d 100644
--- a/lib/action/sfOpenPNECommunityAction.class.php
+++ b/lib/action/sfOpenPNECommunityAction.class.php
@@ -140,6 +140,7 @@ abstract class sfOpenPNECommunityAction extends sfActions
{
if($request->hasParameter('is_delete'))
{
+ $request->checkCSRFProtection();
$community = Doctrine::getTable('Community')->find($this->id);
if ($community)
{
diff --git a/lib/action/sfOpenPNEMemberAction.class.php b/lib/action/sfOpenPNEMemberAction.class.php
index 3c660d5..60e4b65 100644
--- a/lib/action/sfOpenPNEMemberAction.class.php
+++ b/lib/action/sfOpenPNEMemberAction.class.php
@@ -369,6 +369,7 @@ abstract class sfOpenPNEMemberAction extends sfActions
public function executeDeleteImage($request)
{
+ $request->checkCSRFProtection();
$image = Doctrine::getTable('MemberImage')->find($request->getParameter('member_image_id'));
$this->forward404Unless($image);
$this->forward404Unless($image->getMemberId() == $this->getUser()->getMemberId());
@@ -380,6 +381,7 @@ abstract class sfOpenPNEMemberAction extends sfActions
public function executeChangeMainImage($request)
{
+ $request->checkCSRFProtection();
$image = Doctrine::getTable('MemberImage')->find($request->getParameter('member_image_id'));
$this->forward404Unless($image);
$this->forward404Unless($image->getMemberId() == $this->getUser()->getMemberId());
diff --git a/lib/form/doctrine/BannerImageForm.class.php b/lib/form/doctrine/BannerImageForm.class.php
index 0853d32..ae64c77 100644
--- a/lib/form/doctrine/BannerImageForm.class.php
+++ b/lib/form/doctrine/BannerImageForm.class.php
@@ -24,7 +24,7 @@ class BannerImageForm extends BaseBannerImageForm
$this->setWidget('url', new sfWidgetFormInput(array(), array('size' => 40)));
$this->setWidget('name', new sfWidgetFormInput());
$this->setValidators(array(
- 'file' => new opValidatorImageFile(),
+ 'file' => new opValidatorImageFile(array('required' => $this->isNew())),
'url' => new sfValidatorPass(),
'name' => new sfValidatorPass(),
));
@@ -38,10 +38,6 @@ class BannerImageForm extends BaseBannerImageForm
public function save()
{
- $file = new File();
- $file->setFromValidatedFile($this->getValue('file'));
- $file->setName('b_'.$file->getName());
-
if ($this->isNew())
{
$bannerImage = new BannerImage();
@@ -50,7 +46,15 @@ class BannerImageForm extends BaseBannerImageForm
{
$bannerImage = $this->getObject();
}
- $bannerImage->setFile($file);
+
+ if ($this->getValue('file'))
+ {
+ $file = new File();
+ $file->setFromValidatedFile($this->getValue('file'));
+ $file->setName('b_'.$file->getName());
+ $bannerImage->setFile($file);
+ }
+
$bannerImage->setUrl($this->getValue('url'));
$bannerImage->setName($this->getValue('name'));
diff --git a/lib/widget/opWidgetFormRichTextareaOpenPNE.class.php b/lib/widget/opWidgetFormRichTextareaOpenPNE.class.php
index 5baaee7..edecc8f 100644
--- a/lib/widget/opWidgetFormRichTextareaOpenPNE.class.php
+++ b/lib/widget/opWidgetFormRichTextareaOpenPNE.class.php
@@ -406,14 +406,20 @@ class opWidgetFormRichTextareaOpenPNE extends opWidgetFormRichTextarea
static public function opColorToHtml($isEndtag, $tagname, $attributes, $isUseStylesheet)
{
$options = array();
+ $code = isset($attributes['code']) ? $attributes['code'] : '';
+ if (!($code && preg_match('/^#[0-9a-fA-F]{6}$/', $code)))
+ {
+ $code = '';
+ }
+
if ($isUseStylesheet)
{
if ($isEndtag) {
return '</span>';
}
$options['class'] = strtr($tagname, ':', '_');
- if (isset($attributes['code'])) {
- $options['style'] = 'color:'.$attributes['code'];
+ if ($code) {
+ $options['style'] = 'color:'.$code;
}
return tag('span', $options, true);
@@ -424,8 +430,8 @@ class opWidgetFormRichTextareaOpenPNE extends opWidgetFormRichTextarea
{
return '</font>';
}
- if (isset($attributes['code'])) {
- $options['color'] = $attributes['code'];
+ if ($code) {
+ $options['color'] = $code;
}
return tag('font', $options, true);
@@ -435,6 +441,13 @@ class opWidgetFormRichTextareaOpenPNE extends opWidgetFormRichTextarea
static public function opFontToHtml($isEndtag, $tagname, $attributes, $isUseStylesheet)
{
$options = array();
+
+ $color = isset($attributes['color']) ? $attributes['color'] : '';
+ if (!($color && preg_match('/^#[0-9a-fA-F]{6}$/', $color)))
+ {
+ $color = '';
+ }
+
if ($isUseStylesheet)
{
if ($isEndtag) {
@@ -442,8 +455,8 @@ class opWidgetFormRichTextareaOpenPNE extends opWidgetFormRichTextarea
}
$options['class'] = 'op_font';
$options['style'] = '';
- if (isset($attributes['color'])) {
- $options['style'] .= 'color:'.$attributes['color'].';';
+ if ($color) {
+ $options['style'] .= 'color:'.$color.';';
}
$size = isset($attributes['size']) ? (int)$attributes['size'] : 0;
$fontSizeMap = array(
@@ -456,7 +469,6 @@ class opWidgetFormRichTextareaOpenPNE extends opWidgetFormRichTextarea
7 => 'xx-large'
);
if (isset($fontSizeMap[$size])) {
-
$options['style'] .= 'font-size:'.$fontSizeMap[$size];
}
@@ -468,8 +480,8 @@ class opWidgetFormRichTextareaOpenPNE extends opWidgetFormRichTextarea
{
return '</font>';
}
- if (isset($attributes['color'])) {
- $options['color'] = $attributes['color'];
+ if ($color) {
+ $options['color'] = $color;
}
$size = isset($attributes['size']) ? (int)$attributes['size'] : 0;
if ($size >= 1 && $size <= 7)
diff --git a/web/js/tiny_mce/plugins/openpne/editor_plugin.js b/web/js/tiny_mce/plugins/openpne/editor_plugin.js
index de83742..8014cc8 100644
--- a/web/js/tiny_mce/plugins/openpne/editor_plugin.js
+++ b/web/js/tiny_mce/plugins/openpne/editor_plugin.js
@@ -51,9 +51,9 @@ return result;};rep(/</gi,"&lt;");rep(/>/gi,"&gt;");rep(/\n/gi,"<br />");rep(/&l
if(isEndTag){return"</"+tagname+">";}
if(org_tagname=="font"){if(attributes["size"]){if(fontSizeMap[attributes["size"]-1]){fontsize=fontSizeMap[attributes["size"]-1];}
style+='font-size:'+fontsize+';';}
-if(attributes["color"]){style+='color:'+attributes["color"]+';';}
+if(attributes["color"]&&attributes["color"].match(/^#[0-9a-fA-F]{6}$/)){style+='color:'+attributes["color"]+';';}
opt=' style="'+style+'"';}
-if(org_tagname=="color"&&attributes["code"]){opt=' style="color:'+attributes["code"]+';"';}
+if(org_tagname=="color"&&attributes["code"]&&attributes["code"].match(/^#[0-9a-fA-F]{6}$/)){opt=' style="color:'+attributes["code"]+';"';}
if(org_tagname=="large"){opt=' style="font-size:large"';}
if(org_tagname=="small"){opt=' style="font-size:xx-small"';}
return"<"+tagname+opt+">";});return s;}});tinymce.PluginManager.add('openpne',tinymce.plugins.OpenPNEPlugin);})();
\ No newline at end of file
diff --git a/web/js/tiny_mce/plugins/openpne/editor_plugin.js.src b/web/js/tiny_mce/plugins/openpne/editor_plugin.js.src
index 5a08ea4..ec3dfa0 100644
--- a/web/js/tiny_mce/plugins/openpne/editor_plugin.js.src
+++ b/web/js/tiny_mce/plugins/openpne/editor_plugin.js.src
@@ -590,14 +590,14 @@
style += 'font-size:' + fontsize + ';';
}
- if (attributes["color"]) {
+ if (attributes["color"] && attributes["color"].match(/^#[0-9a-fA-F]{6}$/)) {
style += 'color:' + attributes["color"] + ';';
}
opt = ' style="' + style + '"';
}
// old style
- if (org_tagname == "color" && attributes["code"]) {
+ if (org_tagname == "color" && attributes["code"] && attributes["code"].match(/^#[0-9a-fA-F]{6}$/)) {
opt = ' style="color:' + attributes["code"] + ';"';
}
Raw
3.4.6-to3.4.6.1.patch
diff --git a/apps/mobile_frontend/modules/community/templates/deleteSuccess.php b/apps/mobile_frontend/modules/community/templates/deleteSuccess.php
index 016760a..fe94160 100644
--- a/apps/mobile_frontend/modules/community/templates/deleteSuccess.php
+++ b/apps/mobile_frontend/modules/community/templates/deleteSuccess.php
@@ -1,8 +1,10 @@
<?php op_mobile_page_title(__('Delete this %community%'), $community->getName()) ?>
<?php
+$form = new BaseForm();
op_include_parts('yesNo', 'deleteConfirmForm', array(
'body' => __('Do you delete this %community%?'),
- 'yes_form' => '<input type="hidden" name="is_delete">',
+ 'yes_form' => '<input type="hidden" name="is_delete">'
+ . '<input type="hidden" name="'.$form->getCSRFFieldName().'" value="'.$form->getCSRFToken().'">',
'button' => __('Delete'),
))
?>
diff --git a/apps/mobile_frontend/modules/member/templates/configImageSuccess.php b/apps/mobile_frontend/modules/member/templates/configImageSuccess.php
index bf4e27a..837010d 100644
--- a/apps/mobile_frontend/modules/member/templates/configImageSuccess.php
+++ b/apps/mobile_frontend/modules/member/templates/configImageSuccess.php
@@ -3,6 +3,8 @@
<?php $_member = $sf_user->getMember() ?>
<?php $images = $_member->getMemberImage() ?>
<?php if ($images->count()): ?>
+<?php $form = new sfForm() ?>
+<?php $csrfToken = '&'.$form->getCSRFFieldName().'='.$form->getCSRFToken() ?>
<?php foreach ($images as $image) : ?>
<?php echo image_tag_sf_image($image->getFile(), array('size' => '120x120', 'format' => 'jpg')) ?><br>
<?php echo sprintf('[%s]',link_to(__('Expansion'), sf_image_path($image->getFile(), array('size' => '320x320', 'format' => 'jpg')))) ?><br>
@@ -13,7 +15,7 @@ if ($image->getIsPrimary())
}
else
{
- $main = link_to(__('Main Photo'), 'member/changeMainImage?member_image_id='.$image->getId());
+ $main = link_to(__('Main Photo'), 'member/changeMainImage?member_image_id='.$image->getId().$csrfToken);
}
?>
<?php echo sprintf('[%s|%s]', link_to(__('Delete'), 'member/deleteImage?member_image_id='.$image->getId()), $main) ?>
diff --git a/apps/pc_backend/modules/community/actions/actions.class.php b/apps/pc_backend/modules/community/actions/actions.class.php
index eca1a63..4d69acc 100644
--- a/apps/pc_backend/modules/community/actions/actions.class.php
+++ b/apps/pc_backend/modules/community/actions/actions.class.php
@@ -59,6 +59,7 @@ class communityActions extends sfActions
if ($request->isMethod(sfRequest::POST))
{
+ $request->checkCSRFProtection();
$this->community->delete();
$this->getUser()->setFlash('notice', 'Deleted.');
$this->redirect('community/list');
@@ -96,6 +97,8 @@ class communityActions extends sfActions
*/
public function executeRemoveDefaultCommunity(sfWebRequest $request)
{
+ $request->checkCSRFProtection();
+
$communityConfig = Doctrine::getTable('CommunityConfig')->retrieveByNameAndCommunityId('is_default', $request->getParameter('id'));
$this->forward404Unless($communityConfig);
diff --git a/apps/pc_backend/modules/community/templates/defaultCommunityListSuccess.php b/apps/pc_backend/modules/community/templates/defaultCommunityListSuccess.php
index 2a67979..b375ec9 100644
--- a/apps/pc_backend/modules/community/templates/defaultCommunityListSuccess.php
+++ b/apps/pc_backend/modules/community/templates/defaultCommunityListSuccess.php
@@ -22,12 +22,16 @@
<th>管理者名</th>
<th>操作</th>
</tr>
+<?php
+$form = new BaseForm();
+$csrfToken = '&'.$form->getCSRFFieldName().'='.$form->getCSRFToken();
+?>
<?php foreach ($communities as $community): ?>
<tr>
<td><?php echo $community->getId() ?></td>
<td><?php echo $community->getName() ?></td>
<td><?php echo $community->getAdminMember()->getName() ?></td>
-<td><?php echo link_to('削除', 'community/removeDefaultCommunity?id='.$community->getId()) ?></td>
+<td><?php echo link_to('削除', 'community/removeDefaultCommunity?id='.$community->getId().$csrfToken) ?></td>
</tr>
<?php endforeach; ?>
</table>
diff --git a/apps/pc_backend/modules/community/templates/deleteSuccess.php b/apps/pc_backend/modules/community/templates/deleteSuccess.php
index 4db0a16..aaad11d 100644
--- a/apps/pc_backend/modules/community/templates/deleteSuccess.php
+++ b/apps/pc_backend/modules/community/templates/deleteSuccess.php
@@ -6,10 +6,15 @@
<p><?php echo __('本当にこのコミュニティを削除してもよろしいですか?') ?></p>
+<?php
+$form = new BaseForm();
+$csrfToken = '<input type="hidden" name="'.$form->getCSRFFieldName().'" value="'.$form->getCSRFToken().'"/>';
+?>
+
<form action="<?php url_for('community/delete?id='.$community->getId()) ?>" method="post">
<?php include_partial('community/communityInfo', array(
'community' => $community,
- 'moreInfo' => array('<input type="submit" value="削除" />')
+ 'moreInfo' => array($csrfToken.'<input type="submit" value="削除" />')
)); ?>
</form>
diff --git a/apps/pc_backend/modules/default/actions/csrfErrorAction.class.php b/apps/pc_backend/modules/default/actions/csrfErrorAction.class.php
new file mode 100644
index 0000000..73dc29b
--- /dev/null
+++ b/apps/pc_backend/modules/default/actions/csrfErrorAction.class.php
@@ -0,0 +1,23 @@
+<?php
+
+ /**
+ * This file is part of the OpenPNE package.
+ * (c) OpenPNE Project (http://www.openpne.jp/)
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file and the NOTICE file that were distributed with this source code.
+ */
+
+ /**
+ * csrfError action.
+ *
+ * @package OpenPNE
+ * @subpackage default
+ * @author Kousuke Ebihara <[email protected]>
+ */
+class csrfErrorAction extends sfAction
+{
+ public function execute($request)
+ {
+ }
+}
diff --git a/apps/pc_backend/modules/default/templates/csrfErrorSuccess.php b/apps/pc_backend/modules/default/templates/csrfErrorSuccess.php
new file mode 100644
index 0000000..20bc4b7
--- /dev/null
+++ b/apps/pc_backend/modules/default/templates/csrfErrorSuccess.php
@@ -0,0 +1 @@
+<?php echo __('CSRF attack detected.'); ?>
diff --git a/apps/pc_backend/modules/design/actions/actions.class.php b/apps/pc_backend/modules/design/actions/actions.class.php
index be93882..1b63abb 100644
--- a/apps/pc_backend/modules/design/actions/actions.class.php
+++ b/apps/pc_backend/modules/design/actions/actions.class.php
@@ -381,13 +381,6 @@ class designActions extends sfActions
$this->form->save();
$this->redirect('design/banner');
}
- if (!isset($params['file']))
- {
- $banner->setName($params['name']);
- $banner->setUrl($params['url']);
- $banner->save();
- $this->redirect('design/banner');
- }
}
}
@@ -406,6 +399,7 @@ class designActions extends sfActions
if ($request->isMethod(sfWebRequest::POST))
{
+ $request->checkCSRFProtection();
$banner->delete();
$this->redirect('design/banner');
}
diff --git a/apps/pc_backend/modules/design/templates/bannerdeleteSuccess.php b/apps/pc_backend/modules/design/templates/bannerdeleteSuccess.php
index af2759e..324fb51 100644
--- a/apps/pc_backend/modules/design/templates/bannerdeleteSuccess.php
+++ b/apps/pc_backend/modules/design/templates/bannerdeleteSuccess.php
@@ -2,8 +2,12 @@
<?php include_partial('submenu'); ?>
<?php end_slot() ?>
+<?php $form = new BaseForm() ?>
<h2><?php echo __('Delete a banner image') ?></h2>
<p><?php echo __('Delete truly this banner image?') ?></p>
<form action="" method="post">
-<td colspan="2"><input type="submit" value="<?php echo __('Delete') ?>" /></td>
+<td colspan="2">
+<input type="hidden" name="<?php echo $form->getCSRFFieldName() ?>" value="<?php echo $form->getCSRFToken() ?>" />
+<input type="submit" value="<?php echo __('Delete') ?>" />
+</td>
</form>
diff --git a/apps/pc_backend/modules/member/actions/actions.class.php b/apps/pc_backend/modules/member/actions/actions.class.php
index fadf249..15e2e13 100644
--- a/apps/pc_backend/modules/member/actions/actions.class.php
+++ b/apps/pc_backend/modules/member/actions/actions.class.php
@@ -72,6 +72,7 @@ class memberActions extends sfActions
$this->form = new sfForm();
if ($request->isMethod('post'))
{
+ $request->checkCSRFProtection();
$this->member->delete();
$this->getUser()->setFlash('notice', '退会が完了しました');
$this->redirect('member/list');
diff --git a/apps/pc_backend/modules/navigation/actions/actions.class.php b/apps/pc_backend/modules/navigation/actions/actions.class.php
index 1204649..9e94220 100644
--- a/apps/pc_backend/modules/navigation/actions/actions.class.php
+++ b/apps/pc_backend/modules/navigation/actions/actions.class.php
@@ -36,6 +36,8 @@ class navigationActions extends sfActions
public function executeList(sfWebRequest $request)
{
$this->list = array();
+ $this->deleteForm = new BaseForm();
+ $this->sortForm = new BaseForm();
$types = Doctrine::getTable('Navigation')->getTypesByAppName($request->getParameter('app', 'pc'));
@@ -95,6 +97,8 @@ class navigationActions extends sfActions
if ($request->isMethod(sfWebRequest::POST))
{
+ $request->checkCSRFProtection();
+
$model = Doctrine::getTable('Navigation')->find($request->getParameter('id'));
$this->forward404Unless($model);
$types = Doctrine::getTable('Navigation')->getTypesByAppName($app);
@@ -123,6 +127,8 @@ class navigationActions extends sfActions
$this->forward404();
}
+ $request->checkCSRFProtection();
+
$parameters = $request->getParameterHolder();
$keys = $parameters->getNames();
foreach ($keys as $key)
diff --git a/apps/pc_backend/modules/navigation/templates/listSuccess.php b/apps/pc_backend/modules/navigation/templates/listSuccess.php
index d3114f7..201a1b4 100644
--- a/apps/pc_backend/modules/navigation/templates/listSuccess.php
+++ b/apps/pc_backend/modules/navigation/templates/listSuccess.php
@@ -29,7 +29,11 @@
<?php else : ?>
<td><input type="submit" value="<?php echo __('編集') ?>" /></td>
</form>
-<td><form action="<?php echo url_for('navigation/delete?app='.$sf_request->getParameter('app', 'pc').'&id='.$form->getObject()->getId()) ?>" method="post" /><input type="submit" value="<?php echo __('削除') ?>" /></form></td>
+<td>
+<form action="<?php echo url_for('navigation/delete?app='.$sf_request->getParameter('app', 'pc').'&id='.$form->getObject()->getId()) ?>" method="post">
+<?php echo $deleteForm ?>
+<input type="submit" value="<?php echo __('削除') ?>" />
+</td>
<?php endif; ?>
</tr>
</tbody>
@@ -39,7 +43,8 @@
<?php echo sortable_element('type_'.str_replace(' ', '_', $type), array(
'tag' => 'tbody',
'only' => 'sortable',
- 'url' => 'navigation/sort'
+ 'url' => 'navigation/sort',
+ 'with' => 'Sortable.serialize("type_'.str_replace(' ', '_', $type).'")+"&'.urlencode($sortForm->getCSRFFieldName()).'='.urlencode($sortForm->getCSRFToken()).'"',
)) ?>
<?php endforeach; ?>
diff --git a/apps/pc_backend/modules/profile/actions/actions.class.php b/apps/pc_backend/modules/profile/actions/actions.class.php
index de2bd45..f1f0003 100644
--- a/apps/pc_backend/modules/profile/actions/actions.class.php
+++ b/apps/pc_backend/modules/profile/actions/actions.class.php
@@ -50,6 +50,8 @@ class profileActions extends sfActions
$this->option_form[$profileId][$profileOptionId]->bind($parameter);
}
}
+
+ $this->tokenForm = new BaseForm();
}
/**
@@ -141,7 +143,9 @@ class profileActions extends sfActions
$this->profile = Doctrine::getTable('Profile')->find($request->getParameter('id'));
$this->forward404Unless($this->profile);
- if ($request->isMethod('post')) {
+ if ($request->isMethod('post'))
+ {
+ $request->checkCSRFProtection();
$this->profile->delete();
$this->redirect('profile/list');
}
@@ -157,7 +161,9 @@ class profileActions extends sfActions
$this->profileOption = Doctrine::getTable('ProfileOption')->find($request->getParameter('id'));
$this->forward404Unless($this->profileOption);
- if ($request->isMethod('post')) {
+ if ($request->isMethod('post'))
+ {
+ $request->checkCSRFProtection();
$this->profileOption->delete();
}
$this->redirect('profile/list');
@@ -172,6 +178,7 @@ class profileActions extends sfActions
{
if ($request->isXmlHttpRequest())
{
+ $request->checkCSRFProtection();
$order = $request->getParameter('profiles');
for ($i = 0; $i < count($order); $i++)
{
@@ -195,6 +202,7 @@ class profileActions extends sfActions
{
if ($request->isXmlHttpRequest())
{
+ $request->checkCSRFProtection();
$parameters = $request->getParameterHolder();
$keys = $parameters->getNames();
foreach ($keys as $key)
diff --git a/apps/pc_backend/modules/profile/templates/deleteSuccess.php b/apps/pc_backend/modules/profile/templates/deleteSuccess.php
index 94fd037..e10ec5e 100644
--- a/apps/pc_backend/modules/profile/templates/deleteSuccess.php
+++ b/apps/pc_backend/modules/profile/templates/deleteSuccess.php
@@ -1,6 +1,7 @@
<h2>プロフィール項目削除</h2>
<p>本当に削除してもよろしいですか?</p>
<p>※この項目に対するメンバーの入力値も失われます。</p>
-<form action="<?php echo url_for('profile/delete?id=' . $profile->getId()) ?>" method="post">
+<form action="<?php echo url_for('profile/delete?id='.$profile->getId()) ?>" method="post">
+<?php $formCSRF = new sfForm(); ?><input type="hidden" name="<?php echo $formCSRF->getCSRFFieldName() ?>" value="<?php echo $formCSRF->getCSRFToken() ?>" />
<input type="submit" value="削除する" />
</form>
diff --git a/apps/pc_backend/modules/profile/templates/listSuccess.php b/apps/pc_backend/modules/profile/templates/listSuccess.php
index 97fa7f1..bb53e3d 100644
--- a/apps/pc_backend/modules/profile/templates/listSuccess.php
+++ b/apps/pc_backend/modules/profile/templates/listSuccess.php
@@ -52,8 +52,9 @@
<?php endforeach; ?>
</table>
<?php echo sortable_element('profiles',array(
- 'tag' => 'tbody',
- 'url' => 'profile/sortProfile'
+ 'tag' => 'tbody',
+ 'url' => 'profile/sortProfile',
+ 'with' => 'Sortable.serialize("profiles")+"&'.urlencode($tokenForm->getCSRFFieldName()).'='.urlencode($tokenForm->getCSRFToken()).'"'
)) ?>
<h3>プロフィール選択肢一覧</h3>
@@ -74,32 +75,33 @@
<?php else: ?>
<tbody>
<?php endif; ?>
-<form action="<?php echo url_for('profile/editOption?id=' . $form->getObject()->getId()) ?>" method="post">
<tr>
+<form action="<?php echo url_for('profile/editOption?id='.$form->getObject()->getId()) ?>" method="post">
<td><?php echo ($form->getObject()->isNew() ? '-' : $form->getObject()->getId()) ?></td>
<td>
-<?php echo $form['ja_JP']['value']->renderError() ?>
-<?php echo $form['ja_JP']['value']->render() ?>
+<?php echo $form['ja_JP']['value']->renderError(), "\n" ?>
+<?php echo $form['ja_JP']['value']->render(), "\n" ?>
</td>
-<?php if ($form->getObject()->isNew()) : ?>
-<td colspan="2">
-<?php echo $form->renderHiddenFields() ?>
-<input type="submit" value="項目追加" />
-</td>
-</form>
-<?php else : ?>
+<?php if (!$form->getObject()->isNew()): ?>
<td>
-<?php echo $form->renderHiddenFields() ?>
+<?php echo $form->renderHiddenFields(), "\n" ?>
<input type="submit" value="変更" />
</td>
</form>
<td>
-<?php echo $form['id']->render() ?>
-<?php echo $form['profile_id']->render() ?>
-<form action="<?php echo url_for('profile/deleteOption?id=' . $form->getObject()->getId()) ?>" method="post">
+<form action="<?php echo url_for('profile/deleteOption?id='.$form->getObject()->getId()) ?>" method="post">
+<?php echo $form['id']->render(), "\n" ?>
+<?php echo $form['profile_id']->render(), "\n" ?>
+<?php $formCSRF = new sfForm(); ?><input type="hidden" name="<?php echo $formCSRF->getCSRFFieldName() ?>" value="<?php echo $formCSRF->getCSRFToken() ?>" />
<input type="submit" value="削除" />
</form>
</td>
+<?php else: ?>
+<td colspan="2">
+<?php echo $form->renderHiddenFields() ?>
+<input type="submit" value="項目追加" />
+</td>
+</form>
<?php endif; ?>
</tr>
</tbody>
@@ -108,7 +110,8 @@
<?php echo sortable_element('profile_options_'.$value->getId(),array(
'tag' => 'tbody',
'only' => 'sortable',
- 'url' => 'profile/sortProfileOption'
+ 'url' => 'profile/sortProfileOption',
+ 'with' => 'Sortable.serialize("profile_options_'.$value->getId().'")+"&'.urlencode($tokenForm->getCSRFFieldName()).'='.urlencode($tokenForm->getCSRFToken()).'"'
)) ?>
<?php endif; ?>
<?php endforeach; ?>
diff --git a/apps/pc_backend/modules/sns/actions/actions.class.php b/apps/pc_backend/modules/sns/actions/actions.class.php
index b269176..13562c7 100644
--- a/apps/pc_backend/modules/sns/actions/actions.class.php
+++ b/apps/pc_backend/modules/sns/actions/actions.class.php
@@ -115,6 +115,7 @@ class snsActions extends sfActions
public function executeRichTextarea(sfWebRequest $request)
{
+ $this->sortForm = new BaseForm();
$this->configForm = new opRichTextareaOpenPNEConfigForm();
$this->buttonConfigForm = new opRichTextareaOpenPNEButtonConfigForm();
$this->buttonConfig = opWidgetFormRichTextareaOpenPNE::getAllButtons();
@@ -134,6 +135,8 @@ class snsActions extends sfActions
{
if ($request->isXmlHttpRequest())
{
+ $request->checkCSRFProtection();
+
$buttons = $request->getParameter('button');
Doctrine::getTable('SnsConfig')->set('richtextarea_buttons_sort_order', serialize($buttons));
}
diff --git a/apps/pc_backend/modules/sns/templates/richTextareaSuccess.php b/apps/pc_backend/modules/sns/templates/richTextareaSuccess.php
index 1167358..fcd91d2 100644
--- a/apps/pc_backend/modules/sns/templates/richTextareaSuccess.php
+++ b/apps/pc_backend/modules/sns/templates/richTextareaSuccess.php
@@ -38,5 +38,6 @@
'tag' => 'tbody',
'only' => 'sortable',
'format' => '/^button_(.*)$/',
- 'url' => 'sns/changeRichTextareaButtonOrder'
+ 'url' => 'sns/changeRichTextareaButtonOrder',
+ 'with' => 'Sortable.serialize("button")+"&'.urlencode($sortForm->getCSRFFieldName()).'='.urlencode($sortForm->getCSRFToken()).'"',
)) ?>
diff --git a/apps/pc_frontend/modules/community/templates/deleteSuccess.php b/apps/pc_frontend/modules/community/templates/deleteSuccess.php
index 1e92533..3d9e0de 100644
--- a/apps/pc_frontend/modules/community/templates/deleteSuccess.php
+++ b/apps/pc_frontend/modules/community/templates/deleteSuccess.php
@@ -1,7 +1,9 @@
<?php
+$form = new BaseForm();
op_include_parts('yesNo', 'deleteConfirmForm', array(
'title' => __('Do you delete this %community%?'),
- 'yes_form' => '<input type="hidden" name="is_delete">',
+ 'yes_form' => '<input type="hidden" name="is_delete"/>'
+ . '<input type="hidden" name="'.$form->getCSRFFieldName().'" value="'.$form->getCSRFToken().'"/>',
'button' => __('Delete'),
))
?>
diff --git a/apps/pc_frontend/modules/googlemaps/actions/actions.class.php b/apps/pc_frontend/modules/googlemaps/actions/actions.class.php
index 911c6a2..86378c7 100644
--- a/apps/pc_frontend/modules/googlemaps/actions/actions.class.php
+++ b/apps/pc_frontend/modules/googlemaps/actions/actions.class.php
@@ -17,11 +17,6 @@ class googlemapsActions extends sfActions
*/
public function executeIndex(sfWebRequest $request)
{
- $this->x = $request->getParameter('x');
- $this->y = $request->getParameter('y');
- $this->z = $request->getParameter('z');
- $this->q = $request->getParameter('q');
-
$this->mapType = 'G_NORMAL_MAP';
switch ($request->getParameter('t'))
{
diff --git a/apps/pc_frontend/modules/googlemaps/templates/indexSuccess.php b/apps/pc_frontend/modules/googlemaps/templates/indexSuccess.php
index 3faf61b..558334b 100644
--- a/apps/pc_frontend/modules/googlemaps/templates/indexSuccess.php
+++ b/apps/pc_frontend/modules/googlemaps/templates/indexSuccess.php
@@ -11,16 +11,34 @@
<?php use_javascript('http://maps.google.co.jp/maps?file=api&v=2.x&key='.$op_config['google_maps_api_key']) ?>
<?php
$googlemaps_script = <<<EOM
+// parse request parameters
+var request = {
+ x: "", y: "", z: "", q: ""
+};
+var params = window.location.search.substr(1).split('&');
+for (var i = 0; i < params.length; i++) {
+ var parts = params[i].split('=');
+
+ var n = parts[0];
+ var v = decodeURIComponent(parts[1]);
+ if ("z" == n)
+ {
+ v = parseInt(v);
+ }
+ request[n] = v;
+}
+var MapType = %s; // It is not user-inputed values
+
var gls;
var gMap;
function OnLocalSearch() {
if (!gls.results) return;
var first = gls.results[0];
var point = new GLatLng(parseFloat(first.lat), parseFloat(first.lng));
- var zoom = (%s);
+ var zoom = request.z;
gMap.addControl(new GSmallMapControl());
gMap.addControl(new GMapTypeControl());
- gMap.setMapType((%s));
+ gMap.setMapType(MapType);
gMap.setCenter(point, zoom);
var marker = new GMarker(point);
gMap.addOverlay(marker);
@@ -28,7 +46,7 @@ function OnLocalSearch() {
}
function load() {
if (GBrowserIsCompatible()) {
- if (((%s) == 0) && ((%s) == 0)){
+ if ((request.x == 0) && (request.y == 0)){
gMap = new GMap2(document.getElementById('map'));
gMap.addControl(new GSmallMapControl());
gMap.addControl(new GMapTypeControl());
@@ -36,16 +54,16 @@ function load() {
gls = new GlocalSearch();
gls.setCenterPoint(gMap);
gls.setSearchCompleteCallback(null, OnLocalSearch);
- var q = '(%s)';
+ var q = request.q;
gls.execute(q);
} else {
- var point = new GLatLng((%s), (%s));
- var zoom = (%s);
+ var point = new GLatLng(request.x, request.y);
+ var zoom = request.z;
gMap = new GMap2(document.getElementById('map'));
gMap.addControl(new GSmallMapControl());
gMap.addControl(new GMapTypeControl());
gMap.setCenter(point, zoom);
- gMap.setMapType((%s));
+ gMap.setMapType(MapType);
var marker = new GMarker(point);
gMap.addOverlay(marker);
geocoder = new GClientGeocoder();
@@ -53,7 +71,7 @@ function load() {
}
}
EOM;
-echo javascript_tag(sprintf($googlemaps_script, $z, $mapType, $x, $y, $q, $x, $y, $z, $mapType)); ?>
+echo javascript_tag(sprintf($googlemaps_script, $mapType)); ?>
<?php endif; ?>
<?php include_stylesheets() ?>
<?php include_javascripts() ?>
diff --git a/apps/pc_frontend/templates/_partsMemberImagesBox.php b/apps/pc_frontend/templates/_partsMemberImagesBox.php
index e172966..f476bcd 100644
--- a/apps/pc_frontend/templates/_partsMemberImagesBox.php
+++ b/apps/pc_frontend/templates/_partsMemberImagesBox.php
@@ -1,5 +1,7 @@
<table>
<tr>
+<?php $form = new sfForm() ?>
+<?php $csrfToken = '&'.$form->getCSRFFieldName().'='.$form->getCSRFToken() ?>
<?php for ($i = 0; $i < 3; $i++) : ?>
<td>
<?php if (isset($options['images'][$i])) : ?>
@@ -7,11 +9,11 @@
<?php echo image_tag_sf_image($image->getFile(), array('size' => '180x180')) ?><br />
<?php if (isset($options['form'])) : ?>
[
-<?php echo link_to(__('Delete'), 'member/deleteImage?member_image_id='.$image->getId()) ?> |
+<?php echo link_to(__('Delete'), 'member/deleteImage?member_image_id='.$image->getId().$csrfToken) ?> |
<?php if ($image->getIsPrimary()) : ?>
<?php echo(__('Main Photo')) ?>
<?php else: ?>
-<?php echo link_to(__('Main Photo'), 'member/changeMainImage?member_image_id='.$image->getId()) ?>
+<?php echo link_to(__('Main Photo'), 'member/changeMainImage?member_image_id='.$image->getId().$csrfToken) ?>
<?php endif; ?>
]
<?php endif; ?>
diff --git a/data/version.php b/data/version.php
index 58464e8..f495ee6 100644
--- a/data/version.php
+++ b/data/version.php
@@ -10,5 +10,5 @@
if (!defined('OPENPNE_VERSION'))
{
- define('OPENPNE_VERSION', '3.4.6');
+ define('OPENPNE_VERSION', '3.4.6.1');
}
diff --git a/lib/action/sfOpenPNECommunityAction.class.php b/lib/action/sfOpenPNECommunityAction.class.php
index 6838cf9..38402db 100644
--- a/lib/action/sfOpenPNECommunityAction.class.php
+++ b/lib/action/sfOpenPNECommunityAction.class.php
@@ -137,6 +137,7 @@ abstract class sfOpenPNECommunityAction extends sfActions
{
if($request->hasParameter('is_delete'))
{
+ $request->checkCSRFProtection();
$community = Doctrine::getTable('Community')->find($this->id);
if ($community)
{
diff --git a/lib/action/sfOpenPNEMemberAction.class.php b/lib/action/sfOpenPNEMemberAction.class.php
index 5cbd715..a2d105a 100644
--- a/lib/action/sfOpenPNEMemberAction.class.php
+++ b/lib/action/sfOpenPNEMemberAction.class.php
@@ -415,6 +415,7 @@ abstract class sfOpenPNEMemberAction extends sfActions
public function executeDeleteImage($request)
{
+ $request->checkCSRFProtection();
$image = Doctrine::getTable('MemberImage')->find($request->getParameter('member_image_id'));
$this->forward404Unless($image);
$this->forward404Unless($image->getMemberId() == $this->getUser()->getMemberId());
@@ -426,6 +427,7 @@ abstract class sfOpenPNEMemberAction extends sfActions
public function executeChangeMainImage($request)
{
+ $request->checkCSRFProtection();
$image = Doctrine::getTable('MemberImage')->find($request->getParameter('member_image_id'));
$this->forward404Unless($image);
$this->forward404Unless($image->getMemberId() == $this->getUser()->getMemberId());
diff --git a/lib/form/doctrine/BannerImageForm.class.php b/lib/form/doctrine/BannerImageForm.class.php
index 1d17c4b..c69e6b4 100644
--- a/lib/form/doctrine/BannerImageForm.class.php
+++ b/lib/form/doctrine/BannerImageForm.class.php
@@ -24,7 +24,7 @@ class BannerImageForm extends BaseBannerImageForm
$this->setWidget('url', new sfWidgetFormInputText(array(), array('size' => 40)));
$this->setWidget('name', new sfWidgetFormInputText());
$this->setValidators(array(
- 'file' => new opValidatorImageFile(),
+ 'file' => new opValidatorImageFile(array('required' => $this->isNew())),
'url' => new sfValidatorPass(),
'name' => new sfValidatorPass(),
));
@@ -38,10 +38,6 @@ class BannerImageForm extends BaseBannerImageForm
public function save()
{
- $file = new File();
- $file->setFromValidatedFile($this->getValue('file'));
- $file->setName('b_'.$file->getName());
-
if ($this->isNew())
{
$bannerImage = new BannerImage();
@@ -50,7 +46,15 @@ class BannerImageForm extends BaseBannerImageForm
{
$bannerImage = $this->getObject();
}
- $bannerImage->setFile($file);
+
+ if ($this->getValue('file'))
+ {
+ $file = new File();
+ $file->setFromValidatedFile($this->getValue('file'));
+ $file->setName('b_'.$file->getName());
+ $bannerImage->setFile($file);
+ }
+
$bannerImage->setUrl($this->getValue('url'));
$bannerImage->setName($this->getValue('name'));
diff --git a/lib/widget/opWidgetFormRichTextareaOpenPNE.class.php b/lib/widget/opWidgetFormRichTextareaOpenPNE.class.php
index 3a87013..12c25fa 100644
--- a/lib/widget/opWidgetFormRichTextareaOpenPNE.class.php
+++ b/lib/widget/opWidgetFormRichTextareaOpenPNE.class.php
@@ -361,14 +361,20 @@ class opWidgetFormRichTextareaOpenPNE extends opWidgetFormRichTextarea
static public function opColorToHtml($isEndtag, $tagname, $attributes, $isUseStylesheet)
{
$options = array();
+ $code = isset($attributes['code']) ? $attributes['code'] : '';
+ if (!($code && preg_match('/^#[0-9a-fA-F]{6}$/', $code)))
+ {
+ $code = '';
+ }
+
if ($isUseStylesheet)
{
if ($isEndtag) {
return '</span>';
}
$options['class'] = strtr($tagname, ':', '_');
- if (isset($attributes['code'])) {
- $options['style'] = 'color:'.$attributes['code'];
+ if ($code) {
+ $options['style'] = 'color:'.$code;
}
return tag('span', $options, true);
@@ -379,8 +385,8 @@ class opWidgetFormRichTextareaOpenPNE extends opWidgetFormRichTextarea
{
return '</font>';
}
- if (isset($attributes['code'])) {
- $options['color'] = $attributes['code'];
+ if ($code) {
+ $options['color'] = $code;
}
return tag('font', $options, true);
@@ -390,6 +396,13 @@ class opWidgetFormRichTextareaOpenPNE extends opWidgetFormRichTextarea
static public function opFontToHtml($isEndtag, $tagname, $attributes, $isUseStylesheet)
{
$options = array();
+
+ $color = isset($attributes['color']) ? $attributes['color'] : '';
+ if (!($color && preg_match('/^#[0-9a-fA-F]{6}$/', $color)))
+ {
+ $color = '';
+ }
+
if ($isUseStylesheet)
{
if ($isEndtag) {
@@ -397,8 +410,8 @@ class opWidgetFormRichTextareaOpenPNE extends opWidgetFormRichTextarea
}
$options['class'] = 'op_font';
$options['style'] = '';
- if (isset($attributes['color'])) {
- $options['style'] .= 'color:'.$attributes['color'].';';
+ if ($color) {
+ $options['style'] .= 'color:'.$color.';';
}
$size = isset($attributes['size']) ? (int)$attributes['size'] : 0;
$fontSizeMap = array(
@@ -411,7 +424,6 @@ class opWidgetFormRichTextareaOpenPNE extends opWidgetFormRichTextarea
7 => 'xx-large'
);
if (isset($fontSizeMap[$size])) {
-
$options['style'] .= 'font-size:'.$fontSizeMap[$size];
}
@@ -423,8 +435,8 @@ class opWidgetFormRichTextareaOpenPNE extends opWidgetFormRichTextarea
{
return '</font>';
}
- if (isset($attributes['color'])) {
- $options['color'] = $attributes['color'];
+ if ($color) {
+ $options['color'] = $color;
}
$size = isset($attributes['size']) ? (int)$attributes['size'] : 0;
if ($size >= 1 && $size <= 7)
diff --git a/web/js/tiny_mce/plugins/openpne/editor_plugin.js b/web/js/tiny_mce/plugins/openpne/editor_plugin.js
index de83742..8014cc8 100644
--- a/web/js/tiny_mce/plugins/openpne/editor_plugin.js
+++ b/web/js/tiny_mce/plugins/openpne/editor_plugin.js
@@ -51,9 +51,9 @@ return result;};rep(/</gi,"&lt;");rep(/>/gi,"&gt;");rep(/\n/gi,"<br />");rep(/&l
if(isEndTag){return"</"+tagname+">";}
if(org_tagname=="font"){if(attributes["size"]){if(fontSizeMap[attributes["size"]-1]){fontsize=fontSizeMap[attributes["size"]-1];}
style+='font-size:'+fontsize+';';}
-if(attributes["color"]){style+='color:'+attributes["color"]+';';}
+if(attributes["color"]&&attributes["color"].match(/^#[0-9a-fA-F]{6}$/)){style+='color:'+attributes["color"]+';';}
opt=' style="'+style+'"';}
-if(org_tagname=="color"&&attributes["code"]){opt=' style="color:'+attributes["code"]+';"';}
+if(org_tagname=="color"&&attributes["code"]&&attributes["code"].match(/^#[0-9a-fA-F]{6}$/)){opt=' style="color:'+attributes["code"]+';"';}
if(org_tagname=="large"){opt=' style="font-size:large"';}
if(org_tagname=="small"){opt=' style="font-size:xx-small"';}
return"<"+tagname+opt+">";});return s;}});tinymce.PluginManager.add('openpne',tinymce.plugins.OpenPNEPlugin);})();
\ No newline at end of file
diff --git a/web/js/tiny_mce/plugins/openpne/editor_plugin.js.src b/web/js/tiny_mce/plugins/openpne/editor_plugin.js.src
index 5a08ea4..ec3dfa0 100644
--- a/web/js/tiny_mce/plugins/openpne/editor_plugin.js.src
+++ b/web/js/tiny_mce/plugins/openpne/editor_plugin.js.src
@@ -590,14 +590,14 @@
style += 'font-size:' + fontsize + ';';
}
- if (attributes["color"]) {
+ if (attributes["color"] && attributes["color"].match(/^#[0-9a-fA-F]{6}$/)) {
style += 'color:' + attributes["color"] + ';';
}
opt = ' style="' + style + '"';
}
// old style
- if (org_tagname == "color" && attributes["code"]) {
+ if (org_tagname == "color" && attributes["code"] && attributes["code"].match(/^#[0-9a-fA-F]{6}$/)) {
opt = ' style="color:' + attributes["code"] + ';"';
}
Raw
3.6beta1-to-3.6beta2.patch
diff --git a/apps/mobile_frontend/modules/community/templates/deleteSuccess.php b/apps/mobile_frontend/modules/community/templates/deleteSuccess.php
index 016760a..fe94160 100644
--- a/apps/mobile_frontend/modules/community/templates/deleteSuccess.php
+++ b/apps/mobile_frontend/modules/community/templates/deleteSuccess.php
@@ -1,8 +1,10 @@
<?php op_mobile_page_title(__('Delete this %community%'), $community->getName()) ?>
<?php
+$form = new BaseForm();
op_include_parts('yesNo', 'deleteConfirmForm', array(
'body' => __('Do you delete this %community%?'),
- 'yes_form' => '<input type="hidden" name="is_delete">',
+ 'yes_form' => '<input type="hidden" name="is_delete">'
+ . '<input type="hidden" name="'.$form->getCSRFFieldName().'" value="'.$form->getCSRFToken().'">',
'button' => __('Delete'),
))
?>
diff --git a/apps/mobile_frontend/modules/member/templates/configImageSuccess.php b/apps/mobile_frontend/modules/member/templates/configImageSuccess.php
index e19d635..a2c05ca 100644
--- a/apps/mobile_frontend/modules/member/templates/configImageSuccess.php
+++ b/apps/mobile_frontend/modules/member/templates/configImageSuccess.php
@@ -3,6 +3,8 @@
<?php $_member = $sf_user->getMember() ?>
<?php $images = $_member->getMemberImage() ?>
<?php if ($images->count()): ?>
+<?php $form = new sfForm() ?>
+<?php $csrfToken = '&'.$form->getCSRFFieldName().'='.$form->getCSRFToken() ?>
<?php foreach ($images as $image) : ?>
<?php echo op_image_tag_sf_image($image->getFile(), array('size' => '120x120', 'format' => 'jpg')) ?><br>
<?php echo sprintf('[%s]',link_to(__('Expansion'), sf_image_path($image->getFile(), array('size' => '320x320', 'format' => 'jpg')))) ?><br>
@@ -13,7 +15,7 @@ if ($image->getIsPrimary())
}
else
{
- $main = link_to(__('Main Photo'), 'member/changeMainImage?member_image_id='.$image->getId());
+ $main = link_to(__('Main Photo'), 'member/changeMainImage?member_image_id='.$image->getId().$csrfToken);
}
?>
<?php echo sprintf('[%s|%s]', link_to(__('Delete'), 'member/deleteImage?member_image_id='.$image->getId()), $main) ?>
diff --git a/apps/pc_backend/modules/community/actions/actions.class.php b/apps/pc_backend/modules/community/actions/actions.class.php
index 56794d1..5238b37 100644
--- a/apps/pc_backend/modules/community/actions/actions.class.php
+++ b/apps/pc_backend/modules/community/actions/actions.class.php
@@ -59,6 +59,7 @@ class communityActions extends sfActions
if ($request->isMethod(sfRequest::POST))
{
+ $request->checkCSRFProtection();
$this->community->delete();
$this->getUser()->setFlash('notice', 'Deleted.');
$this->redirect('community/list');
diff --git a/apps/pc_backend/modules/community/templates/deleteSuccess.php b/apps/pc_backend/modules/community/templates/deleteSuccess.php
index 4db0a16..aaad11d 100644
--- a/apps/pc_backend/modules/community/templates/deleteSuccess.php
+++ b/apps/pc_backend/modules/community/templates/deleteSuccess.php
@@ -6,10 +6,15 @@
<p><?php echo __('本当にこのコミュニティを削除してもよろしいですか?') ?></p>
+<?php
+$form = new BaseForm();
+$csrfToken = '<input type="hidden" name="'.$form->getCSRFFieldName().'" value="'.$form->getCSRFToken().'"/>';
+?>
+
<form action="<?php url_for('community/delete?id='.$community->getId()) ?>" method="post">
<?php include_partial('community/communityInfo', array(
'community' => $community,
- 'moreInfo' => array('<input type="submit" value="削除" />')
+ 'moreInfo' => array($csrfToken.'<input type="submit" value="削除" />')
)); ?>
</form>
diff --git a/apps/pc_backend/modules/default/actions/csrfErrorAction.class.php b/apps/pc_backend/modules/default/actions/csrfErrorAction.class.php
new file mode 100644
index 0000000..73dc29b
--- /dev/null
+++ b/apps/pc_backend/modules/default/actions/csrfErrorAction.class.php
@@ -0,0 +1,23 @@
+<?php
+
+ /**
+ * This file is part of the OpenPNE package.
+ * (c) OpenPNE Project (http://www.openpne.jp/)
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file and the NOTICE file that were distributed with this source code.
+ */
+
+ /**
+ * csrfError action.
+ *
+ * @package OpenPNE
+ * @subpackage default
+ * @author Kousuke Ebihara <[email protected]>
+ */
+class csrfErrorAction extends sfAction
+{
+ public function execute($request)
+ {
+ }
+}
diff --git a/apps/pc_backend/modules/default/templates/csrfErrorSuccess.php b/apps/pc_backend/modules/default/templates/csrfErrorSuccess.php
new file mode 100644
index 0000000..20bc4b7
--- /dev/null
+++ b/apps/pc_backend/modules/default/templates/csrfErrorSuccess.php
@@ -0,0 +1 @@
+<?php echo __('CSRF attack detected.'); ?>
diff --git a/apps/pc_backend/modules/design/actions/actions.class.php b/apps/pc_backend/modules/design/actions/actions.class.php
index c5c7141..58dcf3d 100644
--- a/apps/pc_backend/modules/design/actions/actions.class.php
+++ b/apps/pc_backend/modules/design/actions/actions.class.php
@@ -249,13 +249,6 @@ class designActions extends sfActions
$this->form->save();
$this->redirect('design/banner');
}
- if (!isset($params['file']))
- {
- $banner->setName($params['name']);
- $banner->setUrl($params['url']);
- $banner->save();
- $this->redirect('design/banner');
- }
}
}
@@ -274,6 +267,7 @@ class designActions extends sfActions
if ($request->isMethod(sfWebRequest::POST))
{
+ $request->checkCSRFProtection();
$banner->delete();
$this->redirect('design/banner');
}
diff --git a/apps/pc_backend/modules/design/templates/bannerdeleteSuccess.php b/apps/pc_backend/modules/design/templates/bannerdeleteSuccess.php
index af2759e..324fb51 100644
--- a/apps/pc_backend/modules/design/templates/bannerdeleteSuccess.php
+++ b/apps/pc_backend/modules/design/templates/bannerdeleteSuccess.php
@@ -2,8 +2,12 @@
<?php include_partial('submenu'); ?>
<?php end_slot() ?>
+<?php $form = new BaseForm() ?>
<h2><?php echo __('Delete a banner image') ?></h2>
<p><?php echo __('Delete truly this banner image?') ?></p>
<form action="" method="post">
-<td colspan="2"><input type="submit" value="<?php echo __('Delete') ?>" /></td>
+<td colspan="2">
+<input type="hidden" name="<?php echo $form->getCSRFFieldName() ?>" value="<?php echo $form->getCSRFToken() ?>" />
+<input type="submit" value="<?php echo __('Delete') ?>" />
+</td>
</form>
diff --git a/apps/pc_backend/modules/member/actions/actions.class.php b/apps/pc_backend/modules/member/actions/actions.class.php
index ac7eccd..aacd982 100644
--- a/apps/pc_backend/modules/member/actions/actions.class.php
+++ b/apps/pc_backend/modules/member/actions/actions.class.php
@@ -72,6 +72,7 @@ class memberActions extends sfActions
$this->form = new sfForm();
if ($request->isMethod('post'))
{
+ $request->checkCSRFProtection();
$this->member->delete();
$this->getUser()->setFlash('notice', sfContext::getInstance()->getI18N()->__('The member has been unsubscribed'));
$this->redirect('member/list');
diff --git a/apps/pc_backend/modules/navigation/actions/actions.class.php b/apps/pc_backend/modules/navigation/actions/actions.class.php
index 1204649..9e94220 100644
--- a/apps/pc_backend/modules/navigation/actions/actions.class.php
+++ b/apps/pc_backend/modules/navigation/actions/actions.class.php
@@ -36,6 +36,8 @@ class navigationActions extends sfActions
public function executeList(sfWebRequest $request)
{
$this->list = array();
+ $this->deleteForm = new BaseForm();
+ $this->sortForm = new BaseForm();
$types = Doctrine::getTable('Navigation')->getTypesByAppName($request->getParameter('app', 'pc'));
@@ -95,6 +97,8 @@ class navigationActions extends sfActions
if ($request->isMethod(sfWebRequest::POST))
{
+ $request->checkCSRFProtection();
+
$model = Doctrine::getTable('Navigation')->find($request->getParameter('id'));
$this->forward404Unless($model);
$types = Doctrine::getTable('Navigation')->getTypesByAppName($app);
@@ -123,6 +127,8 @@ class navigationActions extends sfActions
$this->forward404();
}
+ $request->checkCSRFProtection();
+
$parameters = $request->getParameterHolder();
$keys = $parameters->getNames();
foreach ($keys as $key)
diff --git a/apps/pc_backend/modules/navigation/templates/listSuccess.php b/apps/pc_backend/modules/navigation/templates/listSuccess.php
index ff35449..28d47f5 100644
--- a/apps/pc_backend/modules/navigation/templates/listSuccess.php
+++ b/apps/pc_backend/modules/navigation/templates/listSuccess.php
@@ -34,7 +34,12 @@
<?php else : ?>
<td><input type="submit" value="<?php echo __('Edit') ?>" /></td>
</form>
-<td><form action="<?php echo url_for('navigation/delete?app='.$sf_request->getParameter('app', 'pc').'&id='.$form->getObject()->getId()) ?>" method="post" /><input type="submit" value="<?php echo __('Delete') ?>" /></form></td>
+<td>
+<form action="<?php echo url_for('navigation/delete?app='.$sf_request->getParameter('app', 'pc').'&id='.$form->getObject()->getId()) ?>" method="post">
+<?php echo $deleteForm ?>
+<input type="submit" value="<?php echo __('Delete') ?>" />
+</form>
+</td>
<?php endif; ?>
</tr>
</tbody>
@@ -44,7 +49,8 @@
<?php echo sortable_element('type_'.str_replace(' ', '_', $type), array(
'tag' => 'tbody',
'only' => 'sortable',
- 'url' => 'navigation/sort'
+ 'url' => 'navigation/sort',
+ 'with' => 'Sortable.serialize("type_'.str_replace(' ', '_', $type).'")+"&'.urlencode($sortForm->getCSRFFieldName()).'='.urlencode($sortForm->getCSRFToken()).'"',
)) ?>
<?php endforeach; ?>
diff --git a/apps/pc_backend/modules/profile/actions/actions.class.php b/apps/pc_backend/modules/profile/actions/actions.class.php
index de2bd45..f1f0003 100644
--- a/apps/pc_backend/modules/profile/actions/actions.class.php
+++ b/apps/pc_backend/modules/profile/actions/actions.class.php
@@ -50,6 +50,8 @@ class profileActions extends sfActions
$this->option_form[$profileId][$profileOptionId]->bind($parameter);
}
}
+
+ $this->tokenForm = new BaseForm();
}
/**
@@ -141,7 +143,9 @@ class profileActions extends sfActions
$this->profile = Doctrine::getTable('Profile')->find($request->getParameter('id'));
$this->forward404Unless($this->profile);
- if ($request->isMethod('post')) {
+ if ($request->isMethod('post'))
+ {
+ $request->checkCSRFProtection();
$this->profile->delete();
$this->redirect('profile/list');
}
@@ -157,7 +161,9 @@ class profileActions extends sfActions
$this->profileOption = Doctrine::getTable('ProfileOption')->find($request->getParameter('id'));
$this->forward404Unless($this->profileOption);
- if ($request->isMethod('post')) {
+ if ($request->isMethod('post'))
+ {
+ $request->checkCSRFProtection();
$this->profileOption->delete();
}
$this->redirect('profile/list');
@@ -172,6 +178,7 @@ class profileActions extends sfActions
{
if ($request->isXmlHttpRequest())
{
+ $request->checkCSRFProtection();
$order = $request->getParameter('profiles');
for ($i = 0; $i < count($order); $i++)
{
@@ -195,6 +202,7 @@ class profileActions extends sfActions
{
if ($request->isXmlHttpRequest())
{
+ $request->checkCSRFProtection();
$parameters = $request->getParameterHolder();
$keys = $parameters->getNames();
foreach ($keys as $key)
diff --git a/apps/pc_backend/modules/profile/templates/deleteSuccess.php b/apps/pc_backend/modules/profile/templates/deleteSuccess.php
index 9771339..529a26d 100644
--- a/apps/pc_backend/modules/profile/templates/deleteSuccess.php
+++ b/apps/pc_backend/modules/profile/templates/deleteSuccess.php
@@ -1,6 +1,7 @@
-<h2><?php echo __('Delete profile entry')?></h2>
-<p><?php echo __('Do you want to delete this anyway?')?></p>
-<p><?php echo __('※All the member\'s data in this entry will be lost.')?></p>
-<form action="<?php echo url_for('profile/delete?id=' . $profile->getId()) ?>" method="post">
-<input type="submit" value=<?php echo __('Delete')?> />
+<h2><?php echo __('Delete profile entry') ?></h2>
+<p><?php echo __('Do you want to delete this anyway?') ?></p>
+<p><?php echo __('※All the member\'s data in this entry will be lost.') ?></p>
+<form action="<?php echo url_for('profile/delete?id='.$profile->getId()) ?>" method="post">
+<?php $formCSRF = new sfForm(); ?><input type="hidden" name="<?php echo $formCSRF->getCSRFFieldName() ?>" value="<?php echo $formCSRF->getCSRFToken() ?>" />
+<input type="submit" value="<?php echo __('Delete') ?>" />
</form>
diff --git a/apps/pc_backend/modules/profile/templates/listSuccess.php b/apps/pc_backend/modules/profile/templates/listSuccess.php
index 330203d..b637f7f 100644
--- a/apps/pc_backend/modules/profile/templates/listSuccess.php
+++ b/apps/pc_backend/modules/profile/templates/listSuccess.php
@@ -52,8 +52,9 @@
<?php endforeach; ?>
</table>
<?php echo sortable_element('profiles',array(
- 'tag' => 'tbody',
- 'url' => 'profile/sortProfile'
+ 'tag' => 'tbody',
+ 'url' => 'profile/sortProfile',
+ 'with' => 'Sortable.serialize("profiles")+"&'.urlencode($tokenForm->getCSRFFieldName()).'='.urlencode($tokenForm->getCSRFToken()).'"'
)) ?>
<h3><?php echo __('Option list')?></h3>
@@ -78,33 +79,34 @@
<tbody>
<?php endif; ?>
<tr>
-<form action="<?php echo url_for('profile/editOption?id=' . $form->getObject()->getId()) ?>" method="post">
+<form action="<?php echo url_for('profile/editOption?id='.$form->getObject()->getId()) ?>" method="post">
<td><?php echo ($form->getObject()->isNew() ? '-' : $form->getObject()->getId()) ?></td>
<?php foreach ($languages as $language): ?>
<td>
-<?php echo $form[$language]['value']->renderError() ?>
-<?php echo $form[$language]['value']->render() ?>
+<?php echo $form[$language]['value']->renderError(), "\n" ?>
+<?php echo $form[$language]['value']->render(), "\n" ?>
</td>
<?php endforeach; ?>
-<?php if ($form->getObject()->isNew()) : ?>
-<td colspan="2">
-<?php echo $form->renderHiddenFields() ?>
-<input type="submit" value="<?php echo __('Add new option')?>" />
-</td>
-</form>
-<?php else : ?>
+<?php if (!$form->getObject()->isNew()): ?>
<td>
-<?php echo $form->renderHiddenFields() ?>
+<?php echo $form->renderHiddenFields(), "\n" ?>
<input type="submit" value="<?php echo __('Save')?>" />
</td>
</form>
<td>
-<form action="<?php echo url_for('profile/deleteOption?id=' . $form->getObject()->getId()) ?>" method="post">
+<form action="<?php echo url_for('profile/deleteOption?id='.$form->getObject()->getId()) ?>" method="post">
<?php echo $form['id']->render(), "\n" ?>
<?php echo $form['profile_id']->render(), "\n" ?>
+<?php $formCSRF = new sfForm(); ?><input type="hidden" name="<?php echo $formCSRF->getCSRFFieldName() ?>" value="<?php echo $formCSRF->getCSRFToken() ?>" />
<input type="submit" value="<?php echo __('Delete') ?>" />
</form>
</td>
+<?php else: ?>
+<td colspan="2">
+<?php echo $form->renderHiddenFields() ?>
+<input type="submit" value="<?php echo __('Add new option')?>" />
+</td>
+</form>
<?php endif; ?>
</tr>
</tbody>
@@ -113,7 +115,8 @@
<?php echo sortable_element('profile_options_'.$value->getId(),array(
'tag' => 'tbody',
'only' => 'sortable',
- 'url' => 'profile/sortProfileOption'
+ 'url' => 'profile/sortProfileOption',
+ 'with' => 'Sortable.serialize("profile_options_'.$value->getId().'")+"&'.urlencode($tokenForm->getCSRFFieldName()).'='.urlencode($tokenForm->getCSRFToken()).'"'
)) ?>
<?php endif; ?>
<?php endforeach; ?>
diff --git a/apps/pc_backend/modules/sns/actions/actions.class.php b/apps/pc_backend/modules/sns/actions/actions.class.php
index b269176..13562c7 100644
--- a/apps/pc_backend/modules/sns/actions/actions.class.php
+++ b/apps/pc_backend/modules/sns/actions/actions.class.php
@@ -115,6 +115,7 @@ class snsActions extends sfActions
public function executeRichTextarea(sfWebRequest $request)
{
+ $this->sortForm = new BaseForm();
$this->configForm = new opRichTextareaOpenPNEConfigForm();
$this->buttonConfigForm = new opRichTextareaOpenPNEButtonConfigForm();
$this->buttonConfig = opWidgetFormRichTextareaOpenPNE::getAllButtons();
@@ -134,6 +135,8 @@ class snsActions extends sfActions
{
if ($request->isXmlHttpRequest())
{
+ $request->checkCSRFProtection();
+
$buttons = $request->getParameter('button');
Doctrine::getTable('SnsConfig')->set('richtextarea_buttons_sort_order', serialize($buttons));
}
diff --git a/apps/pc_backend/modules/sns/templates/richTextareaSuccess.php b/apps/pc_backend/modules/sns/templates/richTextareaSuccess.php
index 1167358..fcd91d2 100644
--- a/apps/pc_backend/modules/sns/templates/richTextareaSuccess.php
+++ b/apps/pc_backend/modules/sns/templates/richTextareaSuccess.php
@@ -38,5 +38,6 @@
'tag' => 'tbody',
'only' => 'sortable',
'format' => '/^button_(.*)$/',
- 'url' => 'sns/changeRichTextareaButtonOrder'
+ 'url' => 'sns/changeRichTextareaButtonOrder',
+ 'with' => 'Sortable.serialize("button")+"&'.urlencode($sortForm->getCSRFFieldName()).'='.urlencode($sortForm->getCSRFToken()).'"',
)) ?>
diff --git a/apps/pc_frontend/modules/community/templates/deleteSuccess.php b/apps/pc_frontend/modules/community/templates/deleteSuccess.php
index 1e92533..3d9e0de 100644
--- a/apps/pc_frontend/modules/community/templates/deleteSuccess.php
+++ b/apps/pc_frontend/modules/community/templates/deleteSuccess.php
@@ -1,7 +1,9 @@
<?php
+$form = new BaseForm();
op_include_parts('yesNo', 'deleteConfirmForm', array(
'title' => __('Do you delete this %community%?'),
- 'yes_form' => '<input type="hidden" name="is_delete">',
+ 'yes_form' => '<input type="hidden" name="is_delete"/>'
+ . '<input type="hidden" name="'.$form->getCSRFFieldName().'" value="'.$form->getCSRFToken().'"/>',
'button' => __('Delete'),
))
?>
diff --git a/apps/pc_frontend/modules/googlemaps/actions/actions.class.php b/apps/pc_frontend/modules/googlemaps/actions/actions.class.php
index 911c6a2..86378c7 100644
--- a/apps/pc_frontend/modules/googlemaps/actions/actions.class.php
+++ b/apps/pc_frontend/modules/googlemaps/actions/actions.class.php
@@ -17,11 +17,6 @@ class googlemapsActions extends sfActions
*/
public function executeIndex(sfWebRequest $request)
{
- $this->x = $request->getParameter('x');
- $this->y = $request->getParameter('y');
- $this->z = $request->getParameter('z');
- $this->q = $request->getParameter('q');
-
$this->mapType = 'G_NORMAL_MAP';
switch ($request->getParameter('t'))
{
diff --git a/apps/pc_frontend/modules/googlemaps/templates/indexSuccess.php b/apps/pc_frontend/modules/googlemaps/templates/indexSuccess.php
index 3faf61b..558334b 100644
--- a/apps/pc_frontend/modules/googlemaps/templates/indexSuccess.php
+++ b/apps/pc_frontend/modules/googlemaps/templates/indexSuccess.php
@@ -11,16 +11,34 @@
<?php use_javascript('http://maps.google.co.jp/maps?file=api&v=2.x&key='.$op_config['google_maps_api_key']) ?>
<?php
$googlemaps_script = <<<EOM
+// parse request parameters
+var request = {
+ x: "", y: "", z: "", q: ""
+};
+var params = window.location.search.substr(1).split('&');
+for (var i = 0; i < params.length; i++) {
+ var parts = params[i].split('=');
+
+ var n = parts[0];
+ var v = decodeURIComponent(parts[1]);
+ if ("z" == n)
+ {
+ v = parseInt(v);
+ }
+ request[n] = v;
+}
+var MapType = %s; // It is not user-inputed values
+
var gls;
var gMap;
function OnLocalSearch() {
if (!gls.results) return;
var first = gls.results[0];
var point = new GLatLng(parseFloat(first.lat), parseFloat(first.lng));
- var zoom = (%s);
+ var zoom = request.z;
gMap.addControl(new GSmallMapControl());
gMap.addControl(new GMapTypeControl());
- gMap.setMapType((%s));
+ gMap.setMapType(MapType);
gMap.setCenter(point, zoom);
var marker = new GMarker(point);
gMap.addOverlay(marker);
@@ -28,7 +46,7 @@ function OnLocalSearch() {
}
function load() {
if (GBrowserIsCompatible()) {
- if (((%s) == 0) && ((%s) == 0)){
+ if ((request.x == 0) && (request.y == 0)){
gMap = new GMap2(document.getElementById('map'));
gMap.addControl(new GSmallMapControl());
gMap.addControl(new GMapTypeControl());
@@ -36,16 +54,16 @@ function load() {
gls = new GlocalSearch();
gls.setCenterPoint(gMap);
gls.setSearchCompleteCallback(null, OnLocalSearch);
- var q = '(%s)';
+ var q = request.q;
gls.execute(q);
} else {
- var point = new GLatLng((%s), (%s));
- var zoom = (%s);
+ var point = new GLatLng(request.x, request.y);
+ var zoom = request.z;
gMap = new GMap2(document.getElementById('map'));
gMap.addControl(new GSmallMapControl());
gMap.addControl(new GMapTypeControl());
gMap.setCenter(point, zoom);
- gMap.setMapType((%s));
+ gMap.setMapType(MapType);
var marker = new GMarker(point);
gMap.addOverlay(marker);
geocoder = new GClientGeocoder();
@@ -53,7 +71,7 @@ function load() {
}
}
EOM;
-echo javascript_tag(sprintf($googlemaps_script, $z, $mapType, $x, $y, $q, $x, $y, $z, $mapType)); ?>
+echo javascript_tag(sprintf($googlemaps_script, $mapType)); ?>
<?php endif; ?>
<?php include_stylesheets() ?>
<?php include_javascripts() ?>
diff --git a/apps/pc_frontend/templates/_partsMemberImagesBox.php b/apps/pc_frontend/templates/_partsMemberImagesBox.php
index 6afb988..a789282 100644
--- a/apps/pc_frontend/templates/_partsMemberImagesBox.php
+++ b/apps/pc_frontend/templates/_partsMemberImagesBox.php
@@ -1,5 +1,7 @@
<table>
<tr>
+<?php $form = new sfForm() ?>
+<?php $csrfToken = '&'.$form->getCSRFFieldName().'='.$form->getCSRFToken() ?>
<?php for ($i = 0; $i < 3; $i++) : ?>
<td>
<?php if (isset($options['images'][$i])) : ?>
@@ -7,11 +9,11 @@
<?php echo op_image_tag_sf_image($image->getFile(), array('size' => '180x180')) ?><br />
<?php if (isset($options['form'])) : ?>
[
-<?php echo link_to(__('Delete'), 'member/deleteImage?member_image_id='.$image->getId()) ?> |
+<?php echo link_to(__('Delete'), 'member/deleteImage?member_image_id='.$image->getId().$csrfToken) ?> |
<?php if ($image->getIsPrimary()) : ?>
<?php echo(__('Main Photo')) ?>
<?php else: ?>
-<?php echo link_to(__('Main Photo'), 'member/changeMainImage?member_image_id='.$image->getId()) ?>
+<?php echo link_to(__('Main Photo'), 'member/changeMainImage?member_image_id='.$image->getId().$csrfToken) ?>
<?php endif; ?>
]
<?php endif; ?>
diff --git a/data/version.php b/data/version.php
index d91aa32..80345a0 100644
--- a/data/version.php
+++ b/data/version.php
@@ -10,5 +10,5 @@
if (!defined('OPENPNE_VERSION'))
{
- define('OPENPNE_VERSION', '3.6beta1');
+ define('OPENPNE_VERSION', '3.6beta2');
}
diff --git a/lib/action/opCommunityAction.class.php b/lib/action/opCommunityAction.class.php
index 51b8e88..3aa1143 100644
--- a/lib/action/opCommunityAction.class.php
+++ b/lib/action/opCommunityAction.class.php
@@ -137,6 +137,7 @@ abstract class opCommunityAction extends sfActions
{
if($request->hasParameter('is_delete'))
{
+ $request->checkCSRFProtection();
$community = Doctrine::getTable('Community')->find($this->id);
if ($community)
{
diff --git a/lib/action/opMemberAction.class.php b/lib/action/opMemberAction.class.php
index 6f79b64..6b80572 100644
--- a/lib/action/opMemberAction.class.php
+++ b/lib/action/opMemberAction.class.php
@@ -373,6 +373,7 @@ abstract class opMemberAction extends sfActions
public function executeDeleteImage($request)
{
+ $request->checkCSRFProtection();
$image = Doctrine::getTable('MemberImage')->find($request->getParameter('member_image_id'));
$this->forward404Unless($image);
$this->forward404Unless($image->getMemberId() == $this->getUser()->getMemberId());
@@ -384,6 +385,7 @@ abstract class opMemberAction extends sfActions
public function executeChangeMainImage($request)
{
+ $request->checkCSRFProtection();
$image = Doctrine::getTable('MemberImage')->find($request->getParameter('member_image_id'));
$this->forward404Unless($image);
$this->forward404Unless($image->getMemberId() == $this->getUser()->getMemberId());
diff --git a/lib/form/doctrine/BannerImageForm.class.php b/lib/form/doctrine/BannerImageForm.class.php
index 1d17c4b..c69e6b4 100644
--- a/lib/form/doctrine/BannerImageForm.class.php
+++ b/lib/form/doctrine/BannerImageForm.class.php
@@ -24,7 +24,7 @@ class BannerImageForm extends BaseBannerImageForm
$this->setWidget('url', new sfWidgetFormInputText(array(), array('size' => 40)));
$this->setWidget('name', new sfWidgetFormInputText());
$this->setValidators(array(
- 'file' => new opValidatorImageFile(),
+ 'file' => new opValidatorImageFile(array('required' => $this->isNew())),
'url' => new sfValidatorPass(),
'name' => new sfValidatorPass(),
));
@@ -38,10 +38,6 @@ class BannerImageForm extends BaseBannerImageForm
public function save()
{
- $file = new File();
- $file->setFromValidatedFile($this->getValue('file'));
- $file->setName('b_'.$file->getName());
-
if ($this->isNew())
{
$bannerImage = new BannerImage();
@@ -50,7 +46,15 @@ class BannerImageForm extends BaseBannerImageForm
{
$bannerImage = $this->getObject();
}
- $bannerImage->setFile($file);
+
+ if ($this->getValue('file'))
+ {
+ $file = new File();
+ $file->setFromValidatedFile($this->getValue('file'));
+ $file->setName('b_'.$file->getName());
+ $bannerImage->setFile($file);
+ }
+
$bannerImage->setUrl($this->getValue('url'));
$bannerImage->setName($this->getValue('name'));
diff --git a/lib/widget/opWidgetFormRichTextareaOpenPNE.class.php b/lib/widget/opWidgetFormRichTextareaOpenPNE.class.php
index 8188877..ccd3c09 100644
--- a/lib/widget/opWidgetFormRichTextareaOpenPNE.class.php
+++ b/lib/widget/opWidgetFormRichTextareaOpenPNE.class.php
@@ -406,14 +406,20 @@ class opWidgetFormRichTextareaOpenPNE extends opWidgetFormRichTextarea
static public function opColorToHtml($isEndtag, $tagname, $attributes, $isUseStylesheet)
{
$options = array();
+ $code = isset($attributes['code']) ? $attributes['code'] : '';
+ if (!($code && preg_match('/^#[0-9a-fA-F]{6}$/', $code)))
+ {
+ $code = '';
+ }
+
if ($isUseStylesheet)
{
if ($isEndtag) {
return '</span>';
}
$options['class'] = strtr($tagname, ':', '_');
- if (isset($attributes['code'])) {
- $options['style'] = 'color:'.$attributes['code'];
+ if ($code) {
+ $options['style'] = 'color:'.$code;
}
return tag('span', $options, true);
@@ -424,8 +430,8 @@ class opWidgetFormRichTextareaOpenPNE extends opWidgetFormRichTextarea
{
return '</font>';
}
- if (isset($attributes['code'])) {
- $options['color'] = $attributes['code'];
+ if ($code) {
+ $options['color'] = $code;
}
return tag('font', $options, true);
@@ -435,6 +441,13 @@ class opWidgetFormRichTextareaOpenPNE extends opWidgetFormRichTextarea
static public function opFontToHtml($isEndtag, $tagname, $attributes, $isUseStylesheet)
{
$options = array();
+
+ $color = isset($attributes['color']) ? $attributes['color'] : '';
+ if (!($color && preg_match('/^#[0-9a-fA-F]{6}$/', $color)))
+ {
+ $color = '';
+ }
+
if ($isUseStylesheet)
{
if ($isEndtag) {
@@ -442,8 +455,8 @@ class opWidgetFormRichTextareaOpenPNE extends opWidgetFormRichTextarea
}
$options['class'] = 'op_font';
$options['style'] = '';
- if (isset($attributes['color'])) {
- $options['style'] .= 'color:'.$attributes['color'].';';
+ if ($color) {
+ $options['style'] .= 'color:'.$color.';';
}
$size = isset($attributes['size']) ? (int)$attributes['size'] : 0;
$fontSizeMap = array(
@@ -456,7 +469,6 @@ class opWidgetFormRichTextareaOpenPNE extends opWidgetFormRichTextarea
7 => 'xx-large'
);
if (isset($fontSizeMap[$size])) {
-
$options['style'] .= 'font-size:'.$fontSizeMap[$size];
}
@@ -468,8 +480,8 @@ class opWidgetFormRichTextareaOpenPNE extends opWidgetFormRichTextarea
{
return '</font>';
}
- if (isset($attributes['color'])) {
- $options['color'] = $attributes['color'];
+ if ($color) {
+ $options['color'] = $color;
}
$size = isset($attributes['size']) ? (int)$attributes['size'] : 0;
if ($size >= 1 && $size <= 7)
diff --git a/web/js/tiny_mce/plugins/openpne/editor_plugin.js b/web/js/tiny_mce/plugins/openpne/editor_plugin.js
index de83742..8014cc8 100644
--- a/web/js/tiny_mce/plugins/openpne/editor_plugin.js
+++ b/web/js/tiny_mce/plugins/openpne/editor_plugin.js
@@ -51,9 +51,9 @@ return result;};rep(/</gi,"&lt;");rep(/>/gi,"&gt;");rep(/\n/gi,"<br />");rep(/&l
if(isEndTag){return"</"+tagname+">";}
if(org_tagname=="font"){if(attributes["size"]){if(fontSizeMap[attributes["size"]-1]){fontsize=fontSizeMap[attributes["size"]-1];}
style+='font-size:'+fontsize+';';}
-if(attributes["color"]){style+='color:'+attributes["color"]+';';}
+if(attributes["color"]&&attributes["color"].match(/^#[0-9a-fA-F]{6}$/)){style+='color:'+attributes["color"]+';';}
opt=' style="'+style+'"';}
-if(org_tagname=="color"&&attributes["code"]){opt=' style="color:'+attributes["code"]+';"';}
+if(org_tagname=="color"&&attributes["code"]&&attributes["code"].match(/^#[0-9a-fA-F]{6}$/)){opt=' style="color:'+attributes["code"]+';"';}
if(org_tagname=="large"){opt=' style="font-size:large"';}
if(org_tagname=="small"){opt=' style="font-size:xx-small"';}
return"<"+tagname+opt+">";});return s;}});tinymce.PluginManager.add('openpne',tinymce.plugins.OpenPNEPlugin);})();
\ No newline at end of file
diff --git a/web/js/tiny_mce/plugins/openpne/editor_plugin.js.src b/web/js/tiny_mce/plugins/openpne/editor_plugin.js.src
index 5a08ea4..ec3dfa0 100644
--- a/web/js/tiny_mce/plugins/openpne/editor_plugin.js.src
+++ b/web/js/tiny_mce/plugins/openpne/editor_plugin.js.src
@@ -590,14 +590,14 @@
style += 'font-size:' + fontsize + ';';
}
- if (attributes["color"]) {
+ if (attributes["color"] && attributes["color"].match(/^#[0-9a-fA-F]{6}$/)) {
style += 'color:' + attributes["color"] + ';';
}
opt = ' style="' + style + '"';
}
// old style
- if (org_tagname == "color" && attributes["code"]) {
+ if (org_tagname == "color" && attributes["code"] && attributes["code"].match(/^#[0-9a-fA-F]{6}$/)) {
opt = ' style="color:' + attributes["code"] + ';"';
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment