M_Viper/ts-website
M_Viper
/
ts-website
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

v 1.4.5 - Security update! 

- Fixed XSS vulnerabilities - closes #57
- Added dev mode to cache class, allowing you to disable caching for development and debugging
- Translated few hardcoded strings

All ts-website users are advised to update their installation
This commit is contained in:
Wruczek 2017-09-24 22:38:32 +02:00
parent a325fc57c7
commit 2839e64e23
5 changed files with 19 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
bans.php
View File

@ -44,7 +44,7 @@ $banlist = $cacheutils->getValue();
</div>
<div class="panel-footer">
<?php tl($lang["banlist"]["lastupdate"], [$banlist[1]]); ?><!-- <span style="float: right">Podgląd odświeża się co 60 sekund</span> -->
<?php tl($lang["banlist"]["lastupdate"], [$banlist[1]]); ?><!-- <span style="float: right">Data is refreshed every X seconds</span> -->
</div>
</div>
@ -68,14 +68,14 @@ function getBanlist() {
$user = censorIP((string)$ban['ip']);
if (!empty($ban['lastnickname']))
$user = (string)$ban['lastnickname'];
$user = htmlentities((string)$ban['lastnickname']);
if (empty($user))
$user = "<i>Unknown</i>";
$reason = $ban['reason'];
$invokername = (string)$ban['invokername'];
$reason = htmlentities((string)$ban['reason']);
$invokername = htmlentities((string)$ban['invokername']);
$duration = $ban['duration'];
$createdepoch = $ban['created'];
$expiresepoch = $ban['created'] + $duration;

8
include/adminlist.php
View File

@ -38,10 +38,10 @@ function getAdminList() {
$groupicon = getGroupIcon($tsAdmin, $group);
if ($groupicon) {
$icon = '<img src="data:' . TeamSpeak3_Helper_Convert::imageMimeType($groupicon) . ';base64,' . base64_encode($groupicon) . '" alt="Ikona grupy" /> ';
$icon = '<img src="data:' . TeamSpeak3_Helper_Convert::imageMimeType($groupicon) . ';base64,' . base64_encode($groupicon) . '" alt="Group icon" /> ';
}
} elseif (in_array($group["iconid"], $localIcons)) {
$icon = '<img src="lib/ts3phpframework/images/viewer/group_icon_' . $group["iconid"] . '.png" alt="Ikona grupy" /> ';
$icon = '<img src="lib/ts3phpframework/images/viewer/group_icon_' . $group["iconid"] . '.png" alt="Group icon" /> ';
}
}
@ -63,11 +63,11 @@ function getAdminList() {
if($user["client_type"]) continue;
if (!$user) {
$offlineClients[] = '<p><span class="label label-primary iconspacer">' . $userInfo['client_nickname'] . '</span><span class="label label-danger pull-right">' . translate($lang["adminlist"]["status"]["offline"]) . '</span></p>';
$offlineClients[] = '<p><span class="label label-primary iconspacer">' . htmlentities($userInfo['client_nickname']) . '</span><span class="label label-danger pull-right">' . translate($lang["adminlist"]["status"]["offline"]) . '</span></p>';
continue;
}
$onlineClients[] = '<p><img src="lib/ts3phpframework/images/viewer/' . $user->getIcon() . '.png" alt="User status">' . '<span class="label label-primary">' . $user . '</span>' . ($user['client_away'] ? '<span class="label label-warning pull-right">' . translate($lang["adminlist"]["status"]["away"]) . '</span>' : '<span class="label label-success pull-right">' . translate($lang["adminlist"]["status"]["online"]) . '</span>') . '</p>';
$onlineClients[] = '<p><img src="lib/ts3phpframework/images/viewer/' . $user->getIcon() . '.png" alt="User status">' . '<span class="label label-primary">' . htmlentities($user) . '</span>' . ($user['client_away'] ? '<span class="label label-warning pull-right">' . translate($lang["adminlist"]["status"]["away"]) . '</span>' : '<span class="label label-success pull-right">' . translate($lang["adminlist"]["status"]["online"]) . '</span>') . '</p>';
}
foreach (array_merge($onlineClients, $offlineClients) as $str)

11
include/cacheutils.class.php
View File

@ -7,11 +7,15 @@ use phpFastCache\Util\Languages;
class CacheUtils {
private $devMode;
private $cacheInstance;
private $cacheItem;
private $key;
function __construct($key) {
public function __construct($key) {
// If devMode is set, the cache will be invalidated immediately
$this->devMode = defined("DEV_MODE") || getenv("DEV_MODE") || file_exists(__DIR__ . "/dev_mode");
if(!is_string($key))
throw new InvalidArgumentException("Key must be a string");
@ -39,12 +43,15 @@ class CacheUtils {
}
public function setValue($value, $expireTime) {
if($this->devMode)
$expireTime = 1;
$this->cacheItem = $this->cacheItem->set($value)->expiresAfter($expireTime);
$this->cacheInstance->save($this->cacheItem);
}
public function isExpired() {
return !$this->cacheItem->isHit();
return $this->devMode || !$this->cacheItem->isHit();
}
public function remove() {

2
include/footer.php
View File

@ -12,7 +12,7 @@
<ul class="list-inline">
<li> <!-- Please respect the amount of work we've put for free into this project and leave the authors in the footer. Thank you. -->
<p>
<a href="https://github.com/Wruczek/ts-website">ts-website</a> v 1.4.4.3 &mdash; &copy; <a href="https://wruczek.tech">Wruczek</a> 2016 - 2017
<a href="https://github.com/Wruczek/ts-website">ts-website</a> v 1.4.5 &mdash; &copy; <a href="https://wruczek.tech">Wruczek</a> 2016 - 2017
</p>
<p>

2
include/modulecheck.php
View File

@ -89,7 +89,7 @@ function showError($title, $text) { ?>
<?php echo $text; ?>
</div>
<div class="panel-footer">
&copy; <a href="https://wruczek.tech">Wruczek</a> 2016 - 2017 | <a href="https://github.com/Wruczek/ts-website">ts-website</a> v 1.4.4.3 | MIT License
&copy; <a href="https://wruczek.tech">Wruczek</a> 2016 - 2017 | <a href="https://github.com/Wruczek/ts-website">ts-website</a> v 1.4.5 | MIT License
</div>
</div>