Don't glob skins dir and css dirs unless our skin or css is invalid.

This commit is contained in:
Isaac Connor 2019-09-17 12:07:10 -04:00
parent f0cfd674c1
commit ff8e9fa072
1 changed files with 24 additions and 13 deletions

View File

@ -87,27 +87,38 @@ if ( isset($_GET['skin']) ) {
$skin = 'classic';
}
$skins = array_map('basename', glob('skins/*', GLOB_ONLYDIR));
if ( ! is_dir("skins/$skin") ) {
$skins = array_map('basename', glob('skins/*', GLOB_ONLYDIR));
if ( ! in_array($skin, $skins) ) {
ZM\Error("Invalid skin '$skin' setting to " . $skins[0]);
$skin = $skins[0];
if ( !in_array($skin, $skins) ) {
ZM\Error("Invalid skin '$skin' setting to ".$skins[0]);
$skin = $skins[0];
}
}
if ( isset($_GET['css']) ) {
$css = $_GET['css'];
} elseif ( isset($_COOKIE['zmCSS']) ) {
} else if ( isset($_COOKIE['zmCSS']) ) {
$css = $_COOKIE['zmCSS'];
} elseif ( defined('ZM_CSS_DEFAULT') ) {
} else if ( defined('ZM_CSS_DEFAULT') ) {
$css = ZM_CSS_DEFAULT;
} else {
$css = 'classic';
}
$css_skins = array_map('basename', glob('skins/'.$skin.'/css/*',GLOB_ONLYDIR));
if ( !in_array($css, $css_skins) ) {
ZM\Error("Invalid skin css '$css' setting to " . $css_skins[0]);
$css = $css_skins[0];
if ( !is_dir("skins/$skin/css/$css") ) {
$css_skins = array_map('basename', glob('skins/'.$skin.'/css/*', GLOB_ONLYDIR));
if ( count($css_skins) ) {
if ( !in_array($css, $css_skins) ) {
ZM\Error("Invalid skin css '$css' setting to " . $css_skins[0]);
$css = $css_skins[0];
} else {
$css = '';
}
} else {
ZM\Error("No css options found at skins/$skin/css");
$css = '';
}
}
define('ZM_BASE_PATH', dirname($_SERVER['REQUEST_URI']));
@ -116,7 +127,7 @@ define('ZM_SKIN_NAME', $skin);
$skinBase = array(); // To allow for inheritance of skins
if ( !file_exists(ZM_SKIN_PATH) )
Fatal("Invalid skin '$skin'");
ZM\Fatal("Invalid skin '$skin'");
$skinBase[] = $skin;
zm_session_start();
@ -125,7 +136,7 @@ if (
!isset($_SESSION['skin']) ||
isset($_REQUEST['skin']) ||
!isset($_COOKIE['zmSkin']) ||
$_COOKIE['zmSkin'] != $skin
($_COOKIE['zmSkin'] != $skin)
) {
$_SESSION['skin'] = $skin;
setcookie('zmSkin', $skin, time()+3600*24*30*12*10);
@ -135,7 +146,7 @@ if (
!isset($_SESSION['css']) ||
isset($_REQUEST['css']) ||
!isset($_COOKIE['zmCSS']) ||
$_COOKIE['zmCSS'] != $css
($_COOKIE['zmCSS'] != $css)
) {
$_SESSION['css'] = $css;
setcookie('zmCSS', $css, time()+3600*24*30*12*10);