Changeset 143 for trunk

Timestamp:

02/27/2006 12:50:42 AM (6 years ago)

Author:

cirrus

Message:

Change: $root_path variable was changed to a constant due to possible security issues.

Location:

trunk

Files:

• config-sample/config.php (modified) (3 diffs)
• debug/mysql.php (modified) (2 diffs)
• globals/classes/message.php (modified) (1 diff)
• globals/common.php (modified) (2 diffs)
• globals/functions.php (modified) (3 diffs)
• includes/html.php (modified) (1 diff)
• includes/main.php (modified) (2 diffs)
• includes/main_center.php (modified) (1 diff)
• includes/main_footer.php (modified) (1 diff)
• includes/main_header.php (modified) (1 diff)
• includes/pages/admin/admin.php (modified) (1 diff)
• includes/pages/gearth/gearth.php (modified) (1 diff)
• includes/pages/gmap/gmap.php (modified) (1 diff)
• includes/pages/hostmaster/hostmaster.php (modified) (1 diff)
• includes/pages/mynodes/mynodes.php (modified) (4 diffs)
• includes/pages/nodes/nodes.php (modified) (1 diff)
• includes/pages/nodes/nodes_plot.php (modified) (1 diff)
• includes/pages/nodes/nodes_plot_link.php (modified) (1 diff)
• includes/pages/nodes/nodes_view.php (modified) (1 diff)
• includes/pages/pickup/pickup.php (modified) (1 diff)
• includes/pages/ranges/ranges.php (modified) (1 diff)
• includes/pages/startup/startup.php (modified) (1 diff)
• includes/pages/users/users.php (modified) (1 diff)
• index.php (modified) (1 diff)

trunk/config-sample/config.php

@@ -25 +25 @@
 
         'templates' => array(
-                'path' => $root_path.'templates/',
-                'compiled_path' => $root_path.'templates/_compiled/',
+                'path' => ROOT_PATH.'templates/',
+                'compiled_path' => ROOT_PATH.'templates/_compiled/',
                 'default' => 'basic'
                 ),
@@ -46 +46 @@
                 'ns_zone' => 'ns.yourdomain',
                 'reverse_zone' => 'in-addr.arpa',
-                'forward_zone_schema' => $root_path.'tools/dnszones-poller/yourdomain.schema',
-                'reverse_zone_schema' => $root_path.'tools/dnszones-poller/10.in-addr.arpa.schema'
+                'forward_zone_schema' => ROOT_PATH.'tools/dnszones-poller/yourdomain.schema',
+                'reverse_zone_schema' => ROOT_PATH.'tools/dnszones-poller/10.in-addr.arpa.schema'
                 ),
         
         'folders' => array(
-                'photos' => $root_path.'files/photos/'
+                'photos' => ROOT_PATH.'files/photos/'
                 ),
         
@@ -62 +62 @@
         
         'srtm' => array(
-                'path' => $root_path.'files/srtm/'
+                'path' => ROOT_PATH.'files/srtm/'
                 ),
                 

trunk/debug/mysql.php

@@ -22 +22 @@
 ob_start();
 
-$root_path = "../";
+define("ROOT_PATH","../");
 
-include_once($root_path."globals/common.php");
+include_once(ROOT_PATH."globals/common.php");
 if ($vars['debug']['enabled'] == FALSE) die("WiND: Debug mode is not enabled. Check the config file.") ;
 
@@ -63 +63 @@
 }
 
-include_once($root_path."includes/main.php");
+include_once(ROOT_PATH."includes/main.php");
 
 echo '<table border="1">';

trunk/globals/classes/message.php

@@ -52 +52 @@
         
         function output() {
-                global $vars, $design, $root_path, $smarty, $lang;
+                global $vars, $design, $smarty, $lang;
                 
                 if (isset($this->forward)) {

trunk/globals/common.php

@@ -20 +20 @@
  */
 
-if (!file_exists($root_path."config/config.php")) {
+if (!file_exists(ROOT_PATH."config/config.php")) {
         die("WiND error: Please make config/config.php file ...");
 }
-include_once($root_path."globals/vars.php");
-include_once($root_path."config/config.php");
+include_once(ROOT_PATH."globals/vars.php");
+include_once(ROOT_PATH."config/config.php");
 $vars = array_merge($vars, $config);
 include_once($vars['templates']['path'].$vars['templates']['default'].'/config.php');
 $vars = array_merge($vars, $template_config);
-include_once($root_path."globals/functions.php");
+include_once(ROOT_PATH."globals/functions.php");
 
 $php_start = getmicrotime();
 
-include_once($root_path."globals/classes/mysql.php");
-include_once($root_path."globals/classes/construct.php");
-include_once($root_path."globals/classes/form.php");
-include_once($root_path."globals/classes/table.php");
+include_once(ROOT_PATH."globals/classes/mysql.php");
+include_once(ROOT_PATH."globals/classes/construct.php");
+include_once(ROOT_PATH."globals/classes/form.php");
+include_once(ROOT_PATH."globals/classes/table.php");
 
 if (!file_exists($vars['smarty']['class'])) {
@@ -69 +69 @@
         $tl = $vars['language']['default'];
 }
-include_once($root_path."globals/language/".$tl.".php");
-if (file_exists($root_path."config/language/".$tl."_overwrite.php")) {
-        include_once($root_path."config/language/".$tl."_overwrite.php");
+include_once(ROOT_PATH."globals/language/".$tl.".php");
+if (file_exists(ROOT_PATH."config/language/".$tl."_overwrite.php")) {
+        include_once(ROOT_PATH."config/language/".$tl."_overwrite.php");
         $lang = array_multimerge($lang, $lang_overwrite);
 }

trunk/globals/functions.php

@@ -47 +47 @@
 
 function get($key) {
-        global $page_admin, $main, $root_path;
+        global $page_admin, $main;
         if ($_SERVER['REQUEST_METHOD'] == 'GET') {
                 $ret = $_GET[$key];
@@ -56 +56 @@
         switch ($key) {
                 case 'page':
-                        $valid_array = getdirlist($root_path."includes/pages/");
+                        $valid_array = getdirlist(ROOT_PATH."includes/pages/");
                         array_unshift($valid_array, 'startup');
                         break;
                 case 'subpage':
-                        $valid_array = getdirlist($root_path."includes/pages/".get('page').'/', FALSE, TRUE);
+                        $valid_array = getdirlist(ROOT_PATH."includes/pages/".get('page').'/', FALSE, TRUE);
                         for ($key=0;$key<count($valid_array);$key++) {
                                 $valid_array[$key] = basename($valid_array[$key], '.php');
@@ -73 +73 @@
                         break;
                 case 'lang':
-                        $valid_array = getdirlist($root_path."globals/language/", FALSE, TRUE);
+                        $valid_array = getdirlist(ROOT_PATH."globals/language/", FALSE, TRUE);
                         for ($key=0;$key<count($valid_array);$key++) {
                                 $valid_array[$key] = basename($valid_array[$key], '.php');

trunk/includes/html.php

@@ -20 +20 @@
  */
 
-include_once($root_path."includes/head.php");
-include_once($root_path."includes/body.php");
+include_once(ROOT_PATH."includes/head.php");
+include_once(ROOT_PATH."includes/body.php");
 
 class html {

trunk/includes/main.php

@@ -20 +20 @@
  */
 
-include_once($root_path."includes/html.php");
-include_once($root_path."globals/classes/userdata.php");
-include_once($root_path."globals/classes/message.php");
-include_once($root_path."includes/main_header.php");
-include_once($root_path."includes/main_center.php");
-include_once($root_path."includes/main_footer.php");
-include_once($root_path."includes/main_menu.php");
+include_once(ROOT_PATH."includes/html.php");
+include_once(ROOT_PATH."globals/classes/userdata.php");
+include_once(ROOT_PATH."globals/classes/message.php");
+include_once(ROOT_PATH."includes/main_header.php");
+include_once(ROOT_PATH."includes/main_center.php");
+include_once(ROOT_PATH."includes/main_footer.php");
+include_once(ROOT_PATH."includes/main_menu.php");
 
 class main {
@@ -49 +49 @@
         
         function output() {
-                global $root_path, $lang;
+                global $lang;
                 
                 $this->html->head->add_title($lang['site_title']);

trunk/includes/main_center.php

@@ -20 +20 @@
  */
 
-include_once($root_path."includes/pages/".get('page')."/".get('page').".php");
+include_once(ROOT_PATH."includes/pages/".get('page')."/".get('page').".php");
 
 class center {

trunk/includes/main_footer.php

@@ -34 +34 @@
                 $this->tpl['mysql_time'] = $db->total_time;
                 if ($main->userdata->privileges['admin'] === TRUE && $vars['debug']['enabled'] == TRUE) {
-                        $this->tpl['debug_mysql'] = $root_path."debug/mysql.php?".get_qs();
+                        $this->tpl['debug_mysql'] = ROOT_PATH."debug/mysql.php?".get_qs();
                 }
                 return template($this->tpl, __FILE__);

trunk/includes/main_header.php

@@ -29 +29 @@
         
         function output() {
-                global $root_path;
                 if ($this->hide) return;
-                if (file_exists($root_path.'config/mylogo.png')) {
+                if (file_exists(ROOT_PATH.'config/mylogo.png')) {
                         $this->tpl['mylogo'] = TRUE;
-                        $this->tpl['mylogo_dir'] = $root_path.'config/';
+                        $this->tpl['mylogo_dir'] = ROOT_PATH.'config/';
                 }
                 return template($this->tpl, __FILE__);

trunk/includes/pages/admin/admin.php

@@ -20 +20 @@
  */
 
-if (get('subpage') != '') include_once($root_path."includes/pages/admin/admin_".get('subpage').".php");
+if (get('subpage') != '') include_once(ROOT_PATH."includes/pages/admin/admin_".get('subpage').".php");
 
 class admin {

trunk/includes/pages/gearth/gearth.php

@@ -22 +22 @@
 
 if (get('subpage') != '') {
-        include_once($root_path."includes/pages/gearth/gearth_".get('subpage').".php");
+        include_once(ROOT_PATH."includes/pages/gearth/gearth_".get('subpage').".php");
 } else {
-        include_once($root_path."includes/pages/gearth/gearth_main.php");
+        include_once(ROOT_PATH."includes/pages/gearth/gearth_main.php");
 }
 

trunk/includes/pages/gmap/gmap.php

@@ -21 +21 @@
 
 if (get('subpage') != '') {
-        include_once($root_path."includes/pages/gmap/gmap_".get('subpage').".php");
+        include_once(ROOT_PATH."includes/pages/gmap/gmap_".get('subpage').".php");
 } else {
-        include_once($root_path."includes/pages/gmap/gmap_fullmap.php");
+        include_once(ROOT_PATH."includes/pages/gmap/gmap_fullmap.php");
 }
 

trunk/includes/pages/hostmaster/hostmaster.php

@@ -20 +20 @@
  */
 
-if (get('subpage') != '') include_once($root_path."includes/pages/hostmaster/hostmaster_".get('subpage').".php");
+if (get('subpage') != '') include_once(ROOT_PATH."includes/pages/hostmaster/hostmaster_".get('subpage').".php");
 
 class hostmaster {

trunk/includes/pages/mynodes/mynodes.php

@@ -20 +20 @@
  */
 
-if (get('subpage') != '') include_once($root_path."includes/pages/mynodes/mynodes_".get('subpage').".php");
+if (get('subpage') != '') include_once(ROOT_PATH."includes/pages/mynodes/mynodes_".get('subpage').".php");
 
 class mynodes {
@@ -493 +493 @@
         
         function output_onpost_table_photosview() {
-                global $root_path, $vars, $db, $main;
+                global $vars, $db, $main;
                 foreach( (array) $_POST['id'] as $key => $value) {
                         $db->del("photos", "id = '".$value."'");
                         $uploaddir = $vars['folders']['photos'];
                         $filename = 'photo-'.$value.".*";
-                        delfile($root_path.$uploaddir.$filename);
+                        delfile(ROOT_PATH.$uploaddir.$filename);
                         $filename = 'photo-'.$value."-*.*";
-                        delfile($root_path.$uploaddir.$filename);
+                        delfile(ROOT_PATH.$uploaddir.$filename);
                 }
                 foreach( (array) array('N','NE','E','SE','S','SW','W','NW', 'PANORAMIC') as $value) {
@@ -510 +510 @@
                                 $filename = 'photo-'.$ins_id.'.jpg';
                                 $filename_s = 'photo-'.$ins_id.'-s.jpg';
-                                if (@move_uploaded_file($_FILES[$value]['tmp_name'], $root_path.$uploaddir.$filename) === FALSE) {
+                                if (@move_uploaded_file($_FILES[$value]['tmp_name'], ROOT_PATH.$uploaddir.$filename) === FALSE) {
                                         $db->del("photos", "id = '".$ins_id."'");
                                         $main->message->set_fromlang("error", "upload_file_failed");
@@ -516 +516 @@
                                 }
                                 if ($value == 'PANORAMIC') {
-                                        $image_s = resizeJPG($root_path.$uploaddir.$filename, 600, 200);
+                                        $image_s = resizeJPG(ROOT_PATH.$uploaddir.$filename, 600, 200);
                                 } else {
-                                        $image_s = resizeJPG($root_path.$uploaddir.$filename, 200, 200);
+                                        $image_s = resizeJPG(ROOT_PATH.$uploaddir.$filename, 200, 200);
                                 }
-                                imagejpeg($image_s, $root_path.$uploaddir.$filename_s);
+                                imagejpeg($image_s, ROOT_PATH.$uploaddir.$filename_s);
                         } elseif ($_POST['info-'.$value] != '') {
                                 $db->set("photos", array('info' => $_POST['info-'.$value]), "node_id = ".intval(get('node'))." AND view_point = '".$value."'");

trunk/includes/pages/nodes/nodes.php

@@ -21 +21 @@
 
 if (get('subpage') != '') {
-        include_once($root_path."includes/pages/nodes/nodes_".get('subpage').".php");
+        include_once(ROOT_PATH."includes/pages/nodes/nodes_".get('subpage').".php");
 } else {
         if (get('node') != '') {
-                include_once($root_path."includes/pages/nodes/nodes_view.php");
+                include_once(ROOT_PATH."includes/pages/nodes/nodes_view.php");
         } else {
-                include_once($root_path."includes/pages/nodes/nodes_search.php");
+                include_once(ROOT_PATH."includes/pages/nodes/nodes_search.php");
         }
 }

trunk/includes/pages/nodes/nodes_plot.php

@@ -20 +20 @@
  */
 
-include_once($root_path.'globals/classes/geocalc.php');
+include_once(ROOT_PATH.'globals/classes/geocalc.php');
 $geocalc = new geocalc();
 
-include_once($root_path.'globals/classes/srtm.php');
+include_once(ROOT_PATH.'globals/classes/srtm.php');
 $srtm = new srtm($vars['srtm']['path']);
 
-include_once($root_path.'globals/classes/geoimage.php');
+include_once(ROOT_PATH.'globals/classes/geoimage.php');
 $geoimage = new geoimage();
 

trunk/includes/pages/nodes/nodes_plot_link.php

@@ -20 +20 @@
  */
  
-include_once($root_path.'globals/classes/geocalc.php');
+include_once(ROOT_PATH.'globals/classes/geocalc.php');
 $geocalc = new geocalc();
 
-include_once($root_path.'globals/classes/srtm.php');
+include_once(ROOT_PATH.'globals/classes/srtm.php');
 $srtm = new srtm($vars['srtm']['path']);
 

trunk/includes/pages/nodes/nodes_view.php

@@ -20 +20 @@
  */
 
-include_once($root_path.'globals/classes/geocalc.php');
+include_once(ROOT_PATH.'globals/classes/geocalc.php');
 $geocalc = new geocalc();
 
-include_once($root_path.'globals/classes/srtm.php');
+include_once(ROOT_PATH.'globals/classes/srtm.php');
 $srtm = new srtm($vars['srtm']['path']);
 

trunk/includes/pages/pickup/pickup.php

@@ -20 +20 @@
  */
 
-if (get('subpage') != '') include_once($root_path."includes/pages/pickup/pickup_".get('subpage').".php");
+if (get('subpage') != '') include_once(ROOT_PATH."includes/pages/pickup/pickup_".get('subpage').".php");
 
 class pickup {

trunk/includes/pages/ranges/ranges.php

@@ -20 +20 @@
  */
 
-if (get('subpage') != '') include_once($root_path."includes/pages/ranges/ranges_".get('subpage').".php");
+if (get('subpage') != '') include_once(ROOT_PATH."includes/pages/ranges/ranges_".get('subpage').".php");
 
 class ranges {

trunk/includes/pages/startup/startup.php

@@ -29 +29 @@
         
         function output() {
-                global $root_path;
-                if (file_exists($root_path."config/startup.html")) $this->tpl['startup_html'] = file_get_contents($root_path."config/startup.html");
+                if (file_exists(ROOT_PATH."config/startup.html")) $this->tpl['startup_html'] = file_get_contents(ROOT_PATH."config/startup.html");
                 return template($this->tpl, __FILE__);
         }

trunk/includes/pages/users/users.php

@@ -20 +20 @@
  */
 
-if (get('action') == 'restore') include_once($root_path."includes/pages/users/users_restore.php");
+if (get('action') == 'restore') include_once(ROOT_PATH."includes/pages/users/users_restore.php");
 
 class users {

trunk/index.php

@@ -22 +22 @@
 ob_start();
 
-$root_path = "./";
+define("ROOT_PATH","./");
 
-include_once($root_path."globals/common.php");
+include_once(ROOT_PATH."globals/common.php");
 
-include_once($root_path."includes/main.php");
+include_once(ROOT_PATH."includes/main.php");
 
 $main = new main;