Ticket処理を追加

git-svn-id: https://svn.sourceforge.jp/svnroot/nucleus-jp/plugin@457 1ca29b6e-896d-4ea0-84a5-967f57386b96

diff --git a/trunk/NP_Blacklist/NP_Blacklist.php b/trunk/NP_Blacklist/NP_Blacklist.php
index bd134f1..0e020d1 100644 (file)
--- a/trunk/NP_Blacklist/NP_Blacklist.php
+++ b/trunk/NP_Blacklist/NP_Blacklist.php
@@ -110,10 +110,7 @@ class NP_Blacklist extends NucleusPlugin {
 
        function getEventList() {
                $this->_initSettings();
-// cles::blog
-               //return array('QuickMenu','PreAddComment','PreSkinParse','ValidateForm', 'SpamCheck');
-               return array('QuickMenu', 'SpamCheck', 'PreSkinParse');
-// cles::blog
+               return array('QuickMenu','PreAddComment','PreSkinParse','ValidateForm', 'SpamCheck');
        }
 
        function hasAdminArea() {

diff --git a/trunk/NP_Blacklist/blacklist/blacklist_lib.php b/trunk/NP_Blacklist/blacklist/blacklist_lib.php
index 92c5b8b..59423c5 100644 (file)
--- a/trunk/NP_Blacklist/blacklist/blacklist_lib.php
+++ b/trunk/NP_Blacklist/blacklist/blacklist_lib.php
@@ -199,21 +199,22 @@ function is_domain($stheDomain) {
 
 
 function pbl_nucmenu() {
+       global $manager;
        echo "<h2>Blacklist menu</h2>\n";
        echo "<ul>\n";
-       echo "<li><a href=\"".serverVar('PHP_SELF')."?page=blacklist\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_edit.gif\" /> Blacklist Editor</a></li>\n";
-       echo "<li><a href=\"".serverVar('PHP_SELF')."?page=log\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_log.gif\" /> Blacklist Log</a></li>\n";
-       echo "<li><a href=\"".dirname(serverVar('PHP_SELF'))."/../../index.php?action=pluginoptions&amp;plugid=".getPlugid()."\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_prefs.gif\" /> Blacklist options</a></li>\n";
-       echo "<li><a href=\"".serverVar('PHP_SELF')."?page=testpage\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_edit.gif\" /> Test Blacklist</a></li>\n";
-       echo "<li><a href=\"".serverVar('PHP_SELF')."?page=showipblock\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_log.gif\" /> Show blocked ip addresses</a></li>\n";
-       echo "<li><a href=\"".serverVar('PHP_SELF')."?page=htaccess\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_edit.gif\" /> Generate .htaccess snippets</a></li>\n";
-       echo "<li><a href=\"".serverVar('PHP_SELF')."?page=spamsubmission\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_edit.gif\" /> Spam submission (Bulkfeeds)</a></li>\n";
+       echo "<li><a href=\"".htmlspecialchars($manager->addTicketToUrl(serverVar('PHP_SELF')."?action=blacklist"),ENT_QUOTES)."\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_edit.gif\" /> Blacklist Editor</a></li>\n";
+       echo "<li><a href=\"".htmlspecialchars($manager->addTicketToUrl(serverVar('PHP_SELF')."?action=log"),ENT_QUOTES)."\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_log.gif\" /> Blacklist Log</a></li>\n";
+       echo "<li><a href=\"".htmlspecialchars($manager->addTicketToUrl(dirname(serverVar('PHP_SELF'))."/../../index.php?action=pluginoptions&plugid=".getPlugid()),ENT_QUOTES)."\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_prefs.gif\" /> Blacklist options</a></li>\n";
+       echo "<li><a href=\"".htmlspecialchars($manager->addTicketToUrl(serverVar('PHP_SELF')."?action=testpage"),ENT_QUOTES)."\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_edit.gif\" /> Test Blacklist</a></li>\n";
+       echo "<li><a href=\"".htmlspecialchars($manager->addTicketToUrl(serverVar('PHP_SELF')."?action=showipblock"),ENT_QUOTES)."\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_log.gif\" /> Show blocked ip addresses</a></li>\n";
+       echo "<li><a href=\"".htmlspecialchars($manager->addTicketToUrl(serverVar('PHP_SELF')."?action=htaccess"),ENT_QUOTES)."\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_edit.gif\" /> Generate .htaccess snippets</a></li>\n";
+       echo "<li><a href=\"".htmlspecialchars($manager->addTicketToUrl(serverVar('PHP_SELF')."?action=spamsubmission"),ENT_QUOTES)."\"><img src=\"".dirname(serverVar('PHP_SELF'))."/icons/i_edit.gif\" /> Spam submission (Bulkfeeds)</a></li>\n";
        echo "</ul>\n";
 }
 
 function pbl_blacklisteditor()  {
 
-       global $pblmessage;
+       global $pblmessage, $manager;
 
        if(strlen($pblmessage) > 0)  {
                echo "<div class=\"pblmessage\">$pblmessage</div>\n";
@@ -255,7 +256,9 @@ function pbl_blacklisteditor()  {
        echo "</div>\n";
        echo "<div class=\"pbform\">\n";
        echo "<form action=\"".serverVar('PHP_SELF')."\" method=\"get\">\n";
-       echo "<input type=\"hidden\" name=\"page\" value=\"addpersonal\" />\n";
+       $manager->addTicketHidden();
+       
+       echo "<input type=\"hidden\" name=\"action\" value=\"addpersonal\" />\n";
        echo "<table class=\"pblform\">\n";
        echo "<tr>\n";
        echo "<td>expression</td>\n";
@@ -295,7 +298,7 @@ function pbl_blacklisteditor()  {
                                echo "<td>".htmlspecialchars($key,ENT_QUOTES)."</td>\n";
                                echo "<td>".htmlspecialchars($value,ENT_QUOTES)."</td>\n";
                                echo "<td>";
-                               echo "<a href=\"".serverVar('PHP_SELF')."?page=deleteexpression&amp;line=".$line."\">delete</a>";
+                               echo "<a href=\"".htmlspecialchars($manager->addTicketToUrl(serverVar('PHP_SELF')."?action=deleteexpression&line=".$line),ENT_QUOTES)."\">delete</a>";
                                echo "</td>";
                                echo "</tr>\n";
                        }
@@ -335,6 +338,7 @@ function pbl_addexpression($expression, $comment)  {
                }
                fwrite($handle, $expression."\n");
                fclose($handle);
+               
        }
 }
 
@@ -419,6 +423,7 @@ function pbl_log($text)  {
 
 
 function pbl_logtable()  {
+       global $manager;
        if (file_exists(__WEBLOG_ROOT.__EXT."/settings/blacklist.log"))  {
                $handle = fopen(__WEBLOG_ROOT.__EXT."/settings/blacklist.log", "r");
                $logrows = "";
@@ -452,8 +457,10 @@ function pbl_logtable()  {
        }
        echo "<div class=\"pbform\" style=\"margin-left:10px;\">\n";
        echo "<form action=\"".serverVar('PHP_SELF')."\" method=\"get\">\n";
-       echo "<input type=\"hidden\" name=\"page\" value=\"resetlog\" />\n";
+       echo "<input type=\"hidden\" name=\"action\" value=\"resetlog\" />\n";
        echo "<input type=\"submit\" value=\"Reset log\" />\n";
+       $manager->addTicketHidden();
+       
        echo "</form>\n";
        echo "</div>\n";
 }
@@ -628,13 +635,15 @@ function pbl_suspectIP($threshold, $remote_ip = '') {
 }
 
 function pbl_showipblock() {
-    global $pblmessage;
+    global $pblmessage, $manager;
        $filename  = __WEBLOG_ROOT.__EXT."/settings/blockip.pbl";
        $line = 0;
        $fp = fopen($filename,'r');
        echo "<div class=\"pbform\">\n";
        echo "<form action=\"".serverVar('PHP_SELF')."\" method=\"get\">\n";
-       echo "<input type=\"hidden\" name=\"page\" value=\"addip\" />\n";
+       echo "<input type=\"hidden\" name=\"action\" value=\"addip\" />\n";
+       $manager->addTicketHidden();
+       
        echo "Add IP to block: ";
        echo "<input class=\"pbltextinput\" type=\"text\" name=\"ipaddress\" />\n";
        echo "<input type=\"submit\" value=\"Add\" />\n";
@@ -652,7 +661,8 @@ function pbl_showipblock() {
                        echo "<tr><td>".$ip."</td><td>[".gethostbyaddr(rtrim($ip))."]</td><td>";
                else
                        echo "<tr><td>".$ip."</td><td>[<em>skipped</em>]</td><td>";
-               echo "<a href=\"".serverVar('PHP_SELF')."?page=deleteipblock&amp;line=".$line."\">delete</a>";
+               // TODO: aaa
+               echo "<a href=\"".htmlspecialchars($manager->addTicketToUrl(serverVar('PHP_SELF')."?action=deleteipblock&line=".$line),ENT_QUOTES)."\">delete</a>";
                echo "</td></tr>";
        }
        echo "</table>";
@@ -725,7 +735,7 @@ function pbl_htaccess($type) {
 }
 
 function pbl_htaccesspage() {
-       global $pblmessage;
+       global $pblmessage, $manager;
        if(strlen($pblmessage) > 0)  {
                echo "<div class=\"pblmessage\">$pblmessage</div>\n";
        }
@@ -739,11 +749,13 @@ function pbl_htaccesspage() {
     }
        echo "<div class=\"pbform\" style=\"margin-left:10px;\">\n";
        echo "<form action=\"".serverVar('PHP_SELF')."\" method=\"post\">\n";
+       $manager->addTicketHidden();
+       
     echo "<input type=\"submit\" label=\"ip\" value=\"Generate blocked IP's\" name=\"type\" />\n";
     echo "<input type=\"submit\" label=\"ip\" value=\"Generate rewrite rules\" name=\"type\" />\n";
     echo "<br />";
     echo "<br />";
-       echo "<input type=\"hidden\" name=\"page\" value=\"htaccess\" />\n";
+       echo "<input type=\"hidden\" name=\"action\" value=\"htaccess\" />\n";
     echo "<textarea class=\"pbltextinput\" cols=\"60\" rows=\"15\" name=\"snippet\" >". pbl_htaccess($type)."</textarea><br />";
     echo "<br />";
     echo "<input title=\"this will clean your block IP addresses file\" type=\"submit\" label=\"ip\" value=\"Reset blocked IP's\" name=\"type\" />\n";
@@ -795,6 +807,8 @@ function pbl_test () {
 }
 
 function pbl_testpage () {
+       global $manager;
+       
     // shows user testpage ...
        global $pblmessage;
        if(strlen($pblmessage) > 0)  {
@@ -802,7 +816,9 @@ function pbl_testpage () {
        }
        echo "<div class=\"pbform\" style=\"margin-left:10px;\">\n";
        echo "<form action=\"".serverVar('PHP_SELF')."\" method=\"get\">\n";
-       echo "<input type=\"hidden\" name=\"page\" value=\"test\" />\n";
+       echo "<input type=\"hidden\" name=\"action\" value=\"test\" />\n";
+       $manager->addTicketHidden();
+       
     echo "<textarea class=\"pbltextinput\" cols=\"60\" rows=\"6\" name=\"expression\" ></textarea><br />";
        echo "<input type=\"submit\" value=\"Test this\" />\n";
        echo "</form>\n";
@@ -810,8 +826,13 @@ function pbl_testpage () {
 }
 
 function pbl_spamsubmission_form()  {
+               global $manager;
+       
                // form 
-               echo "<form action=\"".serverVar('PHP_SELF')."?page=spamsubmission&action=send\" method=\"post\">\n";
+               echo "<form action=\"".serverVar('PHP_SELF')."\" method=\"post\">\n";
+               echo "<input type=\"hidden\" name=\"action\" value=\"spamsubmission\" />\n";
+               echo "<input type=\"hidden\" name=\"type\" value=\"send\" />\n";
+               $manager->addTicketHidden();
 
                // table
                echo "<table>\n";

diff --git a/trunk/NP_Blacklist/blacklist/cache_eaccelerator.php b/trunk/NP_Blacklist/blacklist/cache_eaccelerator.php
index b615abf..9fc26fd 100644 (file)
--- a/trunk/NP_Blacklist/blacklist/cache_eaccelerator.php
+++ b/trunk/NP_Blacklist/blacklist/cache_eaccelerator.php
@@ -1,10 +1,10 @@
 <?php
 
 /**
-* cache_eaccelerator.php ($Revision: 1.2 $)
+* cache_eaccelerator.php ($Revision: 1.3 $)
 * 
 * by hsur ( http://blog.cles.jp/np_cles )
-* $Id: cache_eaccelerator.php,v 1.2 2006-09-30 11:46:18 hsur Exp $
+* $Id: cache_eaccelerator.php,v 1.3 2006-10-17 15:37:58 hsur Exp $
 */
 
 function pbl_ipcache_write(){
@@ -43,4 +43,4 @@ function pbl_ipcache_gc(){
        
        return $lastGc;
 }
-?>
\ No newline at end of file
+?>

diff --git a/trunk/NP_Blacklist/blacklist/help.html b/trunk/NP_Blacklist/blacklist/help.html
index e8e808d..265b7fc 100644 (file)
--- a/trunk/NP_Blacklist/blacklist/help.html
+++ b/trunk/NP_Blacklist/blacklist/help.html
@@ -3,6 +3,7 @@
 <ul>
        <li>Version 0.98 jp9: (2006/*/*)</li>
        <li>　[Changed] 正規表現に/m修飾子を追加</li>
+       <li>　[Added] Ticket処理を追加(CSRF対策)</li>
 </ul>
 
 <ul>

diff --git a/trunk/NP_Blacklist/blacklist/index.php b/trunk/NP_Blacklist/blacklist/index.php
index a3dee06..9843ebc 100644 (file)
--- a/trunk/NP_Blacklist/blacklist/index.php
+++ b/trunk/NP_Blacklist/blacklist/index.php
@@ -21,10 +21,14 @@
                $oPluginAdmin->end();
                exit;
        }
-
-
-       if (isset($_GET['page'])) {$action = $_GET['page'];}
-       if (isset($_POST['page'])) {$action = $_POST['page'];}
+       
+       $action = requestVar('action');
+       $aActionsNotToCheck = array(
+               '',
+       );
+       if (!in_array($action, $aActionsNotToCheck)) {
+               if (!$manager->checkTicket()) doError(_ERROR_BADTICKET);
+       }
 
        // Okay; we are allowed. let's go
        // create the admin area page
@@ -100,13 +104,13 @@
         echo "<h2>Here you can generate .htaccess snippets</h2>";
         pbl_htaccesspage();
     } elseif ($action == 'spamsubmission') {
-               if( $_REQUEST['action'] == 'send' && !empty($_REQUEST['url']) ){
-                       $result = $oPluginAdmin->plugin->submitSpamToBulkfeeds($_REQUEST['url']);
+               $url = requestVar('url');
+               if( requestVar('type') == 'send' && ! empty($url) ){
+                       $result = $oPluginAdmin->plugin->submitSpamToBulkfeeds( $url );
 
                        echo "<h2>Spam submission</h2>";
                        echo "<h3>result</h3>";
-                       echo "<pre>" . htmlspecialchars($result) . "</pre>";
-                                               
+                       echo "<pre>" . htmlspecialchars($result, ENT_QUOTES) . "</pre>";
                } else {
                        echo "<h2>Spam submission</h2>";
                        pbl_spamsubmission_form();