function pbl_nucmenu() {
+ global $manager;
echo "<h2>Blacklist menu</h2>\n";
echo "<ul>\n";
- echo "<li><a href=\"".serverVar('PHP_SELF')."?page=blacklist\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_edit.gif\" /> Blacklist Editor</a></li>\n";
- echo "<li><a href=\"".serverVar('PHP_SELF')."?page=log\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_log.gif\" /> Blacklist Log</a></li>\n";
- echo "<li><a href=\"".dirname(serverVar('PHP_SELF'))."/../../index.php?action=pluginoptions&plugid=".getPlugid()."\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_prefs.gif\" /> Blacklist options</a></li>\n";
- echo "<li><a href=\"".serverVar('PHP_SELF')."?page=testpage\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_edit.gif\" /> Test Blacklist</a></li>\n";
- echo "<li><a href=\"".serverVar('PHP_SELF')."?page=showipblock\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_log.gif\" /> Show blocked ip addresses</a></li>\n";
- echo "<li><a href=\"".serverVar('PHP_SELF')."?page=htaccess\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_edit.gif\" /> Generate .htaccess snippets</a></li>\n";
- echo "<li><a href=\"".serverVar('PHP_SELF')."?page=spamsubmission\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_edit.gif\" /> Spam submission (Bulkfeeds)</a></li>\n";
+ echo "<li><a href=\"".htmlspecialchars($manager->addTicketToUrl(serverVar('PHP_SELF')."?action=blacklist"),ENT_QUOTES)."\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_edit.gif\" /> Blacklist Editor</a></li>\n";
+ echo "<li><a href=\"".htmlspecialchars($manager->addTicketToUrl(serverVar('PHP_SELF')."?action=log"),ENT_QUOTES)."\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_log.gif\" /> Blacklist Log</a></li>\n";
+ echo "<li><a href=\"".htmlspecialchars($manager->addTicketToUrl(dirname(serverVar('PHP_SELF'))."/../../index.php?action=pluginoptions&plugid=".getPlugid()),ENT_QUOTES)."\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_prefs.gif\" /> Blacklist options</a></li>\n";
+ echo "<li><a href=\"".htmlspecialchars($manager->addTicketToUrl(serverVar('PHP_SELF')."?action=testpage"),ENT_QUOTES)."\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_edit.gif\" /> Test Blacklist</a></li>\n";
+ echo "<li><a href=\"".htmlspecialchars($manager->addTicketToUrl(serverVar('PHP_SELF')."?action=showipblock"),ENT_QUOTES)."\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_log.gif\" /> Show blocked ip addresses</a></li>\n";
+ echo "<li><a href=\"".htmlspecialchars($manager->addTicketToUrl(serverVar('PHP_SELF')."?action=htaccess"),ENT_QUOTES)."\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_edit.gif\" /> Generate .htaccess snippets</a></li>\n";
+ echo "<li><a href=\"".htmlspecialchars($manager->addTicketToUrl(serverVar('PHP_SELF')."?action=spamsubmission"),ENT_QUOTES)."\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_edit.gif\" /> Spam submission (Bulkfeeds)</a></li>\n";
echo "</ul>\n";
}
function pbl_blacklisteditor() {
- global $pblmessage;
+ global $pblmessage, $manager;
if(strlen($pblmessage) > 0) {
echo "<div class=\"pblmessage\">$pblmessage</div>\n";
echo "</div>\n";
echo "<div class=\"pbform\">\n";
echo "<form action=\"".serverVar('PHP_SELF')."\" method=\"get\">\n";
- echo "<input type=\"hidden\" name=\"page\" value=\"addpersonal\" />\n";
+ $manager->addTicketHidden();
+
+ echo "<input type=\"hidden\" name=\"action\" value=\"addpersonal\" />\n";
echo "<table class=\"pblform\">\n";
echo "<tr>\n";
echo "<td>expression</td>\n";
echo "<td>".htmlspecialchars($key,ENT_QUOTES)."</td>\n";
echo "<td>".htmlspecialchars($value,ENT_QUOTES)."</td>\n";
echo "<td>";
- echo "<a href=\"".serverVar('PHP_SELF')."?page=deleteexpression&line=".$line."\">delete</a>";
+ echo "<a href=\"".htmlspecialchars($manager->addTicketToUrl(serverVar('PHP_SELF')."?action=deleteexpression&line=".$line),ENT_QUOTES)."\">delete</a>";
echo "</td>";
echo "</tr>\n";
}
}
fwrite($handle, $expression."\n");
fclose($handle);
+
}
}
function pbl_logtable() {
+ global $manager;
if (file_exists(__WEBLOG_ROOT.__EXT."/settings/blacklist.log")) {
$handle = fopen(__WEBLOG_ROOT.__EXT."/settings/blacklist.log", "r");
$logrows = "";
}
echo "<div class=\"pbform\" style=\"margin-left:10px;\">\n";
echo "<form action=\"".serverVar('PHP_SELF')."\" method=\"get\">\n";
- echo "<input type=\"hidden\" name=\"page\" value=\"resetlog\" />\n";
+ echo "<input type=\"hidden\" name=\"action\" value=\"resetlog\" />\n";
echo "<input type=\"submit\" value=\"Reset log\" />\n";
+ $manager->addTicketHidden();
+
echo "</form>\n";
echo "</div>\n";
}
}
function pbl_showipblock() {
- global $pblmessage;
+ global $pblmessage, $manager;
$filename = __WEBLOG_ROOT.__EXT."/settings/blockip.pbl";
$line = 0;
$fp = fopen($filename,'r');
echo "<div class=\"pbform\">\n";
echo "<form action=\"".serverVar('PHP_SELF')."\" method=\"get\">\n";
- echo "<input type=\"hidden\" name=\"page\" value=\"addip\" />\n";
+ echo "<input type=\"hidden\" name=\"action\" value=\"addip\" />\n";
+ $manager->addTicketHidden();
+
echo "Add IP to block: ";
echo "<input class=\"pbltextinput\" type=\"text\" name=\"ipaddress\" />\n";
echo "<input type=\"submit\" value=\"Add\" />\n";
echo "<tr><td>".$ip."</td><td>[".gethostbyaddr(rtrim($ip))."]</td><td>";
else
echo "<tr><td>".$ip."</td><td>[<em>skipped</em>]</td><td>";
- echo "<a href=\"".serverVar('PHP_SELF')."?page=deleteipblock&line=".$line."\">delete</a>";
+ // TODO: aaa
+ echo "<a href=\"".htmlspecialchars($manager->addTicketToUrl(serverVar('PHP_SELF')."?action=deleteipblock&line=".$line),ENT_QUOTES)."\">delete</a>";
echo "</td></tr>";
}
echo "</table>";
}
function pbl_htaccesspage() {
- global $pblmessage;
+ global $pblmessage, $manager;
if(strlen($pblmessage) > 0) {
echo "<div class=\"pblmessage\">$pblmessage</div>\n";
}
}
echo "<div class=\"pbform\" style=\"margin-left:10px;\">\n";
echo "<form action=\"".serverVar('PHP_SELF')."\" method=\"post\">\n";
+ $manager->addTicketHidden();
+
echo "<input type=\"submit\" label=\"ip\" value=\"Generate blocked IP's\" name=\"type\" />\n";
echo "<input type=\"submit\" label=\"ip\" value=\"Generate rewrite rules\" name=\"type\" />\n";
echo "<br />";
echo "<br />";
- echo "<input type=\"hidden\" name=\"page\" value=\"htaccess\" />\n";
+ echo "<input type=\"hidden\" name=\"action\" value=\"htaccess\" />\n";
echo "<textarea class=\"pbltextinput\" cols=\"60\" rows=\"15\" name=\"snippet\" >". pbl_htaccess($type)."</textarea><br />";
echo "<br />";
echo "<input title=\"this will clean your block IP addresses file\" type=\"submit\" label=\"ip\" value=\"Reset blocked IP's\" name=\"type\" />\n";
}
function pbl_testpage () {
+ global $manager;
+
// shows user testpage ...
global $pblmessage;
if(strlen($pblmessage) > 0) {
}
echo "<div class=\"pbform\" style=\"margin-left:10px;\">\n";
echo "<form action=\"".serverVar('PHP_SELF')."\" method=\"get\">\n";
- echo "<input type=\"hidden\" name=\"page\" value=\"test\" />\n";
+ echo "<input type=\"hidden\" name=\"action\" value=\"test\" />\n";
+ $manager->addTicketHidden();
+
echo "<textarea class=\"pbltextinput\" cols=\"60\" rows=\"6\" name=\"expression\" ></textarea><br />";
echo "<input type=\"submit\" value=\"Test this\" />\n";
echo "</form>\n";
}
function pbl_spamsubmission_form() {
+ global $manager;
+
// form
- echo "<form action=\"".serverVar('PHP_SELF')."?page=spamsubmission&action=send\" method=\"post\">\n";
+ echo "<form action=\"".serverVar('PHP_SELF')."\" method=\"post\">\n";
+ echo "<input type=\"hidden\" name=\"action\" value=\"spamsubmission\" />\n";
+ echo "<input type=\"hidden\" name=\"type\" value=\"send\" />\n";
+ $manager->addTicketHidden();
// table
echo "<table>\n";
$oPluginAdmin->end();
exit;
}
-
-
- if (isset($_GET['page'])) {$action = $_GET['page'];}
- if (isset($_POST['page'])) {$action = $_POST['page'];}
+
+ $action = requestVar('action');
+ $aActionsNotToCheck = array(
+ '',
+ );
+ if (!in_array($action, $aActionsNotToCheck)) {
+ if (!$manager->checkTicket()) doError(_ERROR_BADTICKET);
+ }
// Okay; we are allowed. let's go
// create the admin area page
echo "<h2>Here you can generate .htaccess snippets</h2>";
pbl_htaccesspage();
} elseif ($action == 'spamsubmission') {
- if( $_REQUEST['action'] == 'send' && !empty($_REQUEST['url']) ){
- $result = $oPluginAdmin->plugin->submitSpamToBulkfeeds($_REQUEST['url']);
+ $url = requestVar('url');
+ if( requestVar('type') == 'send' && ! empty($url) ){
+ $result = $oPluginAdmin->plugin->submitSpamToBulkfeeds( $url );
echo "<h2>Spam submission</h2>";
echo "<h3>result</h3>";
- echo "<pre>" . htmlspecialchars($result) . "</pre>";
-
+ echo "<pre>" . htmlspecialchars($result, ENT_QUOTES) . "</pre>";
} else {
echo "<h2>Spam submission</h2>";
pbl_spamsubmission_form();