extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-29 19:33:54 +01:00
Code Issues Packages Projects Releases Wiki Activity

security fix

Browse Source
This commit is contained in:
Ralf Becker 2003-11-08 21:19:03 +00:00
parent a4c96988bc
commit 6feb3ec174
2 changed files with 14 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
calendar/csv_import.php
View File

@ -23,8 +23,20 @@
{ {
$GLOBALS['phpgw']->redirect_link('/home.php'); $GLOBALS['phpgw']->redirect_link('/home.php');
} }
if (isset($_FILES['csvfile']['tmp_name']))
{
$csvfile = $GLOBALS['phpgw_info']['server']['temp_dir'].'/calendar_import_'.basename($csvfile);
$GLOBALS['phpgw']->session->appsession('csvfile','',$csvfile);
$_POST['action'] = move_uploaded_file($_FILES['csvfile']['tmp_name'],$csvfile) ?
'download' : '';
}
else
{
$csvfile = $GLOBALS['phpgw']->session->appsession('csvfile');
}
if ($_POST['cancel']) if ($_POST['cancel'])
{ {
@unlink($csvfile);
$GLOBALS['phpgw']->redirect_link('/admin/index.php'); $GLOBALS['phpgw']->redirect_link('/admin/index.php');
} }
$GLOBALS['phpgw_info']['flags']['app_header'] = $GLOBALS['phpgw_info']['apps']['calendar']['title'].' - '.lang('Import CSV-File'); $GLOBALS['phpgw_info']['flags']['app_header'] = $GLOBALS['phpgw_info']['apps']['calendar']['title'].' - '.lang('Import CSV-File');
@ -38,12 +50,6 @@
$GLOBALS['phpgw']->template->set_block('import_t','imported','importedhandle'); $GLOBALS['phpgw']->template->set_block('import_t','imported','importedhandle');
$GLOBALS['phpgw']->template->set_block('import_t','import','importhandle'); $GLOBALS['phpgw']->template->set_block('import_t','import','importhandle');
// $GLOBALS['phpgw']->template->set_var("navbar_bg",$GLOBALS['phpgw_info']["theme"]["navbar_bg"]);
// $GLOBALS['phpgw']->template->set_var("navbar_text",$GLOBALS['phpgw_info']["theme"]["navbar_text"]);
$csvfile = isset($_POST['csvfile']) ? $_POST['csvfile'] : $_FILES['csvfile']['tmp_name'];
if(($_POST['action'] == 'download' || $_POST['action'] == 'continue') && (!$_POST['fieldsep'] || !$csvfile || !($fp=fopen($csvfile,'rb')))) if(($_POST['action'] == 'download' || $_POST['action'] == 'continue') && (!$_POST['fieldsep'] || !$csvfile || !($fp=fopen($csvfile,'rb'))))
{ {
$_POST['action'] = ''; $_POST['action'] = '';
@ -133,9 +139,7 @@ function cat_id($cats)
array('utf-8' => 'utf-8 (Unicode)'),True)); array('utf-8' => 'utf-8 (Unicode)'),True));
$GLOBALS['phpgw']->template->set_var('fieldsep',$_POST['fieldsep'] ? $_POST['fieldsep'] : ','); $GLOBALS['phpgw']->template->set_var('fieldsep',$_POST['fieldsep'] ? $_POST['fieldsep'] : ',');
$GLOBALS['phpgw']->template->set_var('submit',lang('Import')); $GLOBALS['phpgw']->template->set_var('submit',lang('Import'));
$GLOBALS['phpgw']->template->set_var('csvfile',$csvfile);
$GLOBALS['phpgw']->template->set_var('enctype','ENCTYPE="multipart/form-data"'); $GLOBALS['phpgw']->template->set_var('enctype','ENCTYPE="multipart/form-data"');
$hiddenvars .= '<input type="hidden" name="action" value="download">'."\n";
$GLOBALS['phpgw']->template->parse('rows','filename'); $GLOBALS['phpgw']->template->parse('rows','filename');
break; break;
@ -212,15 +216,10 @@ function cat_id($cats)
$GLOBALS['phpgw']->template->set_var('debug',get_var('debug',array('POST'),True)?' checked':''); $GLOBALS['phpgw']->template->set_var('debug',get_var('debug',array('POST'),True)?' checked':'');
$GLOBALS['phpgw']->template->parse('rows','ffooter',True); $GLOBALS['phpgw']->template->parse('rows','ffooter',True);
fclose($fp); fclose($fp);
if ($_POST['action'] == 'download')
{
$old = $csvfile; $csvfile = $GLOBALS['phpgw_info']['server']['temp_dir'].'/info_log_import_'.basename($csvfile);
rename($old,$csvfile);
}
$hiddenvars = $GLOBALS['phpgw']->html->input_hidden(array( $hiddenvars = $GLOBALS['phpgw']->html->input_hidden(array(
'action' => 'import', 'action' => 'import',
'fieldsep'=> $_POST['fieldsep'], 'fieldsep'=> $_POST['fieldsep'],
'csvfile' => $csvfile,
'charset' => $_POST['charset'] 'charset' => $_POST['charset']
)); ));
$help_on_trans = "<a name=\"help\"></a><b>How to use Translation's</b><p>". $help_on_trans = "<a name=\"help\"></a><b>How to use Translation's</b><p>".
@ -266,7 +265,6 @@ function cat_id($cats)
$hiddenvars = $GLOBALS['phpgw']->html->input_hidden(array( $hiddenvars = $GLOBALS['phpgw']->html->input_hidden(array(
'action' => 'continue', 'action' => 'continue',
'fieldsep'=> $_POST['fieldsep'], 'fieldsep'=> $_POST['fieldsep'],
'csvfile' => $csvfile,
'charset' => $_POST['charset'], 'charset' => $_POST['charset'],
'start' => $_POST['start']+(!$_POST['debug'] ? $_POST['max'] : 0), 'start' => $_POST['start']+(!$_POST['debug'] ? $_POST['max'] : 0),
'max' => $_POST['max'], 'max' => $_POST['max'],
@ -275,7 +273,7 @@ function cat_id($cats)
'trans' => $_POST['trans'] 'trans' => $_POST['trans']
)); ));
@set_time_limit(0); @set_time_limit(0);
$fp=fopen($_POST['csvfile'],'r'); $fp=fopen($csvfile,'r');
$csv_fields = fgetcsv($fp,8000,$_POST['fieldsep']); $csv_fields = fgetcsv($fp,8000,$_POST['fieldsep']);
$csv_fields = $GLOBALS['phpgw']->translation->convert($csv_fields,$_POST['charset']); $csv_fields = $GLOBALS['phpgw']->translation->convert($csv_fields,$_POST['charset']);
$csv_fields[] = 'no CSV 1'; // eg. for static assignments $csv_fields[] = 'no CSV 1'; // eg. for static assignments

1
infolog/csv_import.php
View File

@ -145,7 +145,6 @@ function cat_id($cats)
$GLOBALS['phpgw']->template->set_var('fieldsep',$_POST['fieldsep'] ? $_POST['fieldsep'] : ','); $GLOBALS['phpgw']->template->set_var('fieldsep',$_POST['fieldsep'] ? $_POST['fieldsep'] : ',');
$GLOBALS['phpgw']->template->set_var('submit',lang('Import')); $GLOBALS['phpgw']->template->set_var('submit',lang('Import'));
$GLOBALS['phpgw']->template->set_var('enctype','ENCTYPE="multipart/form-data"'); $GLOBALS['phpgw']->template->set_var('enctype','ENCTYPE="multipart/form-data"');
$hiddenvars .= '<input type="hidden" name="action" value="download">'."\n";
$GLOBALS['phpgw']->template->parse('rows','filename'); $GLOBALS['phpgw']->template->parse('rows','filename');
break; break;