"- disabling accept_holiday.php by default, as it's only used on www.egroupware.org

- only allow 2-char locale's"
2025-02-16 18:31:26 +01:00 · 2009-09-21 07:56:45 +00:00 · 2009-09-21 07:56:45 +00:00 · b0a29726f1
commit b0a29726f1
parent ff0f2dcbbe
1 changed files with 55 additions and 59 deletions
--- a/calendar/egroupware.org/accept_holiday.php
+++ b/calendar/egroupware.org/accept_holiday.php
@ -1,35 +1,35 @@
 <?php
-  /**************************************************************************\
-  * eGroupWare                                                               *
-  * http://www.egroupware.org                                                *
-  * Written by Mark Peters <skeeter@phpgroupware.org>                        *
-  * --------------------------------------------                             *
-  *  This program is free software; you can redistribute it and/or modify it *
-  *  under the terms of the GNU General Public License as published by the   *
-  *  Free Software Foundation; either version 2 of the License, or (at your  *
-  *  option) any later version.                                              *
-  \**************************************************************************/
-	/* $Id$ */
+/**
+ * Calendar - Accepting holiday files on egroupware.org
+ *
+ * @link http://www.egroupware.org
+ * @author Mark Peters <skeeter@phpgroupware.org>
+ * @package calendar
+ * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
+ * @version $Id$
+ */

-	$send_back_to = str_replace('submit','admin',$_SERVER['HTTP_REFERER']);
-	if(!$_POST['locale'])
-	{
-		Header('Location: '.$send_back_to);
-	}
+die('This file is only used on http://www.egroupware.org/ and therefore disabled on local installations!');

-	function _holiday_cmp($a,$b)
-	{
+if(empty($_POST['locale']) || !preg_match('/^[A-Z]{2}$/',$_POST['locale']))
+{
+	die('Missing or wrong value for required _POST[local]!');
+}
+$send_back_to = str_replace('submit','admin',$_SERVER['HTTP_REFERER']);
+
+function _holiday_cmp($a,$b)
+{
 	if (($year_diff = ($a['occurence'] <= 0 ? 0 : $a['occurence']) - ($b['occurence'] <= 0 ? 0 : $b['occurence'])))
 	{
 		return $year_diff;
 	}
 	return $a['month'] - $b['month'] ? $a['month'] - $b['month'] : $a['day'] - $b['day'];
-	}
+}

-	$send_back_to = str_replace('&locale='.$_POST['locale'],'',$send_back_to);
-	$file = './holidays.'.$_POST['locale'].'.csv';
-	if(!file_exists($file) || filesize($file) < 300)	// treat very small files as not existent
-	{
+$send_back_to = str_replace('&locale='.$_POST['locale'],'',$send_back_to);
+$file = './holidays.'.$_POST['locale'].'.csv';
+if(!file_exists($file) || filesize($file) < 300)	// treat very small files as not existent
+{
 	if (count($_POST['name']))
 	{
 		$fp = fopen($file,'w');
@ -65,9 +65,8 @@
 		fclose($fp);
 	}
 	Header('Location: '.$send_back_to);
-	}
-	else
-	{
+	exit;
+}
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html>
@ -84,6 +83,3 @@
 	<p>To get back to your own eGroupWare-install <a href="<?php echo $send_back_to; ?>">click here</a>.</p>
 </body>
 </html>
-<?php
-	}
-?>