• R/O
  • HTTP
  • SSH
  • HTTPS

コミット

タグ
未設定

よく使われているワード(クリックで追加)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

コミットメタ情報

リビジョン1a3c9d91c1161ee97c41642266e8b66d931e4f9e (tree)
日時2017-01-12 23:06:24
作者Keishi Tanaka <kc@hoku...>
コミッターKeishi Tanaka

ログメッセージ

Merge remote-tracking branch 'origin/master' into hotfix/dlexec

変更サマリ

差分

--- a/lib/init.php
+++ b/lib/init.php
@@ -11,7 +11,7 @@
1111 // PukiWiki version / Copyright / Licence
1212
1313 define('S_VERSION', '1.4.7');
14-define('QHM_VERSION', '6.0.5'); //絶対に編集しないで下さい
14+define('QHM_VERSION', '6.0.8'); //絶対に編集しないで下さい
1515 define('QHM_OPTIONS', 'update=download; support=false; banner=true');
1616 define('S_COPYRIGHT',
1717 'powered by <strong><a href="http://www.open-qhm.net/">QHM</a> ' . QHM_VERSION . '</strong> haik<br />' .
--- a/plugin/colorbox/colorbox.css
+++ b/plugin/colorbox/colorbox.css
@@ -15,7 +15,7 @@
1515 .cboxIframe{width:100%; height:100%; display:block; border:0; padding:0; margin:0;}
1616 #colorbox, #cboxContent, #cboxLoadedContent{box-sizing:content-box; -moz-box-sizing:content-box; -webkit-box-sizing:content-box;}
1717
18-/*
18+/*
1919 User Style:
2020 Change the following styles to modify the appearance of Colorbox. They are
2121 ordered & tabbed in a way that represents the nesting of the generated HTML.
@@ -41,7 +41,7 @@
4141
4242 /* these elements are buttons, and may need to have additional styles reset to avoid unwanted base styles */
4343 #cboxPrevious, #cboxNext, #cboxSlideshow, #cboxClose {border:0; padding:0; margin:0; overflow:visible; width:auto; background:none; }
44-
44+
4545 /* avoid outlines on :active (mouseclick), but preserve outlines on :focus (tabbed navigating) */
4646 #cboxPrevious:active, #cboxNext:active, #cboxSlideshow:active, #cboxClose:active {outline:0;}
4747
@@ -67,4 +67,10 @@
6767 .cboxIE #cboxMiddleLeft,
6868 .cboxIE #cboxMiddleRight {
6969 filter: progid:DXImageTransform.Microsoft.gradient(startColorstr=#00FFFFFF,endColorstr=#00FFFFFF);
70-}
\ No newline at end of file
70+}
71+
72+@media (max-width: 480px) {
73+ #cboxCurrent{
74+ display: none !important;
75+ }
76+}
--- a/plugin/comment2.inc.php
+++ b/plugin/comment2.inc.php
@@ -78,11 +78,11 @@ function plugin_comment2_action()
7878 else{
7979 $vars['comment2_error'] = 'error!!!';
8080 }
81-
81+
8282 $retvars['msg'] = $title;
8383 $retvars['body'] = $body;
84-
85-
84+
85+
8686 $vars['page'] = $vars['refer'];
8787
8888 return $retvars;
@@ -95,21 +95,21 @@ function plugin_comment2_convert()
9595 static $comment2_cols = PLUGIN_COMMENT2_SIZE_MSG;
9696 $qm = get_qm();
9797 $plugin_comment2_auth = true;
98-
98+
9999 $s_msg = $s_name = "";
100-
100+
101101 if (PKWK_READONLY) return ''; // Show nothing
102-
102+
103103 if (! isset($numbers[$vars['page']])) $numbers[$vars['page']] = 0;
104104 $comment2_no = $numbers[$vars['page']]++;
105-
105+
106106 $options = func_num_args() ? func_get_args() : array();
107107
108108 $nodate = in_array('nodate', $options) ? '1' : '0';
109109 $noupdate = in_array('noupdate', $options) ? '1' : '0';
110110 $above = in_array('above', $options) ? '1' :
111- (in_array('below', $options) ? '0' : PLUGIN_COMMENT2_DIRECTION_DEFAULT);
112-
111+ (in_array('below', $options) ? '0' : PLUGIN_COMMENT2_DIRECTION_DEFAULT);
112+
113113 $authcode = '' . rand(0,9) . rand(0,9) . rand(0,9) . rand(0,9);
114114 $auth_label = '認証コード';
115115 $auth_error_alert = '';
@@ -118,11 +118,11 @@ function plugin_comment2_convert()
118118
119119 if (in_array('textarea', $options))
120120 {
121- $area = isset($options[1]) && is_numeric($options[1]) ? $options[1] : 6;
121+ $area = isset($options[1]) && is_numeric($options[1]) ? $options[1] : 6;
122122 }
123123 else
124124 {
125- $area = 0;
125+ $area = 0;
126126 }
127127
128128 $nametags = '';
@@ -231,7 +231,7 @@ function plugin_comment2_convert()
231231 else
232232 {
233233 $input_area = $commenttags . '<input type="text" name="msg" class="form-control input-sm" id="_p_comment2_comment2_'
234- .$comment2_no.'" size="'.$comment2_cols.'" value="'.$s_msg.'" />';
234+ .$comment2_no.'" size="'.$comment2_cols.'" value="'.$s_msg.'" />';
235235
236236 $comment_form = '
237237 <div class="form-horizontal">
@@ -254,7 +254,7 @@ function plugin_comment2_convert()
254254 <div class="form-group">
255255 <div class="col-md-10 col-md-offset-2">
256256 <div class="row">
257- <div class="col-md-6 col-xs-12 col-sm-7 pull-right">
257+ <div class="col-md-6 col-sm-7 col-sm-push-6">
258258 <div class="form-inline">
259259 <div class="col-sm-12">
260260
@@ -266,7 +266,7 @@ function plugin_comment2_convert()
266266 </div>
267267 </div>
268268 </div>
269- <div class="col-md-6 col-sm-5">
269+ <div class="col-md-6 col-sm-5 col-sm-pull-6">
270270 <div class="form-group">
271271 <div class="col-sm-12">
272272 <input type="submit" name="comment2" class="btn btn-default btn-sm" value="'.$qm->m['plg_comment']['btn_comment'].'" style="margin-bottom:0;white-space:normal;">
@@ -284,10 +284,10 @@ function plugin_comment2_convert()
284284 else
285285 {
286286 $authcode_msg = '
287- <span id="coment2_auth_msg_no_'.$comment2_no.'" style="font-size:11px;'.$auth_error_style.'">
288- '.$auth_label.'('.$authcode.')
289- <input type="text" name="authcode" value="" size="4" />
290- </span>
287+ <span id="coment2_auth_msg_no_'.$comment2_no.'" style="font-size:11px;'.$auth_error_style.'">
288+ '.$auth_label.'('.$authcode.')
289+ <input type="text" name="authcode" value="" size="4" />
290+ </span>
291291 ';
292292
293293 if (in_array('noname', $options))
@@ -314,7 +314,7 @@ function plugin_comment2_convert()
314314 $input_button = '<input type="submit" name="comment2" value="'.$qm->m['plg_comment']['btn_comment'].'" />';
315315 $comment_form = $nametags . $authcode_msg . $input_area .$input_button;
316316 }
317-
317+
318318 $script = get_script_uri();
319319 $s_page = htmlspecialchars($vars['page']);
320320 $string = <<<EOD
--- a/plugin/show.inc.php
+++ b/plugin/show.inc.php
@@ -556,8 +556,19 @@ $(document).ready(function(){
556556 <link href="./plugin/colorbox/colorbox.css" rel="stylesheet" type="text/css" />
557557 <script type="text/javascript">
558558 $(function(){
559- $("a.colorbox").colorbox({opacity:0.5, current: "{current}/{total}"});
560- $("a.colorbox_slideshow").colorbox({opacity:0.8, current: "{current}/{total}", slideshow: true});
559+ var options = {
560+ opacity:0.5,
561+ current: "{current}/{total}",
562+ maxWidth: "100%",
563+ maxHeight: "90%"
564+ };
565+ var slideshowOptions = $.extend({}, options, {
566+ opacity: 0.8,
567+ slideshow: true
568+ });
569+
570+ $("a.colorbox").colorbox(options);
571+ $("a.colorbox_slideshow").colorbox(slideshowOptions);
561572 });
562573 </script>
563574 ';
--- a/swfu/config.php
+++ b/swfu/config.php
@@ -547,6 +547,28 @@ if ( ! function_exists('get_qhm_option'))
547547 }
548548 }
549549
550+if ( ! function_exists('get_extension_blacklist')) {
551+ /*
552+ * PHP, CGI, Pearl スクリプトはアップロード許可しない
553+ */
554+ function get_extension_blacklist()
555+ {
556+ return array(
557+ 'php', 'cgi', 'pl'
558+ );
559+ }
560+}
561+
562+if ( ! function_exists('is_valid_file_for_upload')) {
563+ /*
564+ * アップロードしても良いファイルかどうか判別する
565+ */
566+ function is_valid_file_for_upload($filename)
567+ {
568+ return ! in_array(pathinfo($filename, PATHINFO_EXTENSION), get_extension_blacklist());
569+ }
570+}
571+
550572 //--------------------------------
551573 //main
552574 if ( isset($script) && $script != '') {
--- a/swfu/d/.htaccess
+++ b/swfu/d/.htaccess
@@ -0,0 +1,4 @@
1+# Prohibit direct access
2+<FilesMatch "\.(php[3457]?|pht|phtml|cgi|pl|exe|com)$">
3+ Deny from all
4+</FilesMatch>
--- a/swfu/upload.php
+++ b/swfu/upload.php
@@ -10,8 +10,21 @@ if (isset($_POST["PHPSESSID"])) {
1010 }
1111 session_start();
1212
13-if (!isset($_FILES["Filedata"])
14- || !is_uploaded_file($_FILES["Filedata"]["tmp_name"])
13+if ( ! isset($_SESSION['usr'])) {
14+ header('HTTP/1.1 403 Forbidden');
15+ exit(0);
16+}
17+
18+$upload_name = $_FILES['Filedata']['name'];
19+
20+// ファイルをチェックする。スクリプトを実行可能なファイルは許可しない
21+if ( ! is_valid_file_for_upload($upload_name)) {
22+ header('HTTP/1.1 400 Bad Request');
23+ exit(0);
24+}
25+
26+if (!isset($_FILES["Filedata"])
27+ || !is_uploaded_file($_FILES["Filedata"]["tmp_name"])
1528 || $_FILES["Filedata"]["error"] != 0
1629 )
1730 {
@@ -19,10 +32,8 @@ if (!isset($_FILES["Filedata"])
1932 }
2033 else
2134 { // ---------------------- upload success --------------------
22-
23- $upload_name = $_FILES['Filedata']['name'];
2435 if( preg_match('/^[-_.+a-zA-Z0-9]+$/', $upload_name ) ){
25-
36+
2637 while(!$overwrite && file_exists(SWFU_DATA_DIR.$upload_name)){
2738 $upload_name = 's_'.$upload_name;
2839 }
@@ -32,16 +43,16 @@ else
3243 else
3344 {
3445 $matches = array();
35-
46+
3647 if( !preg_match('/[^.]+\.(.*)$/', $upload_name, $matches) ){
3748 echo 'invalid file name';
38- exit(0);
49+ exit(0);
3950 }
40-
51+
4152 $ext = $matches[1];
4253 $tmp_name = tempnam(SWFU_DATA_DIR, 'auto_');
4354 $upname = $tmp_name.'.'.$ext;
44-
55+
4556 rename($tmp_name, $upname);
4657 $upload_file = SWFU_DATA_DIR. basename($upname);
4758 $fname = basename($upname);
@@ -49,10 +60,10 @@ else
4960
5061 move_uploaded_file($_FILES['Filedata']['tmp_name'], $upload_file);
5162 chmod($upload_file, 0666);
52-
63+
5364 //regist db
5465 $stat = stat($upload_file);
55-
66+
5667 global $insert_img_data;
5768 $insert_img_data = array(
5869 'name'=>$fname,
@@ -61,7 +72,7 @@ else
6172 'size'=>$stat['size'],
6273 'page_name'=>$page_name,
6374 );
64-
75+
6576 //何か出力する必要あり
6677 echo "Flash requires that we output something or it won't fire the uploadSuccess event";
6778 }
@@ -79,10 +90,10 @@ function action( &$c )
7990 {
8091 global $insert_img_data;
8192 $insert_img_data = $c->s->input_filter($insert_img_data);
82-
93+
8394 if(isset($insert_img_data)){
8495 $c->image->insert($insert_img_data);
8596 }
8697 }
8798
88-?>
\ No newline at end of file
99+?>
--- a/swfu/upload2.php
+++ b/swfu/upload2.php
@@ -47,6 +47,13 @@ function action( &$c )
4747 $mode = 'ajax';
4848 }
4949
50+ // ファイルをチェックする。スクリプトを実行可能なファイルは許可しない
51+ if ( ! is_valid_file_for_upload($upload_name)) {
52+ header('HTTP/1.1 400 Bad Request');
53+ echo 'Cannot upload script file';
54+ exit(0);
55+ }
56+
5057 //画像の説明
5158 $text = '画像の説明';
5259 $page = isset($_POST['page'])? $_POST['page']: '';
@@ -65,6 +72,7 @@ function action( &$c )
6572 echo 'invalid file name';
6673 exit(0);
6774 }
75+
6876 $text = $matches[1];
6977 $ext = $matches[2];
7078 $tmp_name = tempnam(SWFU_DATA_DIR, 'auto-');