Don't glob skins dir and css dirs unless our skin or css is invalid.

This commit is contained in:
Isaac Connor 2019-09-17 12:07:10 -04:00
parent f0cfd674c1
commit ff8e9fa072
1 changed files with 24 additions and 13 deletions

View File

@ -87,27 +87,38 @@ if ( isset($_GET['skin']) ) {
$skin = 'classic'; $skin = 'classic';
} }
$skins = array_map('basename', glob('skins/*', GLOB_ONLYDIR)); if ( ! is_dir("skins/$skin") ) {
$skins = array_map('basename', glob('skins/*', GLOB_ONLYDIR));
if ( ! in_array($skin, $skins) ) { if ( !in_array($skin, $skins) ) {
ZM\Error("Invalid skin '$skin' setting to " . $skins[0]); ZM\Error("Invalid skin '$skin' setting to ".$skins[0]);
$skin = $skins[0]; $skin = $skins[0];
}
} }
if ( isset($_GET['css']) ) { if ( isset($_GET['css']) ) {
$css = $_GET['css']; $css = $_GET['css'];
} elseif ( isset($_COOKIE['zmCSS']) ) { } else if ( isset($_COOKIE['zmCSS']) ) {
$css = $_COOKIE['zmCSS']; $css = $_COOKIE['zmCSS'];
} elseif ( defined('ZM_CSS_DEFAULT') ) { } else if ( defined('ZM_CSS_DEFAULT') ) {
$css = ZM_CSS_DEFAULT; $css = ZM_CSS_DEFAULT;
} else { } else {
$css = 'classic'; $css = 'classic';
} }
$css_skins = array_map('basename', glob('skins/'.$skin.'/css/*',GLOB_ONLYDIR)); if ( !is_dir("skins/$skin/css/$css") ) {
if ( !in_array($css, $css_skins) ) { $css_skins = array_map('basename', glob('skins/'.$skin.'/css/*', GLOB_ONLYDIR));
ZM\Error("Invalid skin css '$css' setting to " . $css_skins[0]); if ( count($css_skins) ) {
$css = $css_skins[0]; if ( !in_array($css, $css_skins) ) {
ZM\Error("Invalid skin css '$css' setting to " . $css_skins[0]);
$css = $css_skins[0];
} else {
$css = '';
}
} else {
ZM\Error("No css options found at skins/$skin/css");
$css = '';
}
} }
define('ZM_BASE_PATH', dirname($_SERVER['REQUEST_URI'])); define('ZM_BASE_PATH', dirname($_SERVER['REQUEST_URI']));
@ -116,7 +127,7 @@ define('ZM_SKIN_NAME', $skin);
$skinBase = array(); // To allow for inheritance of skins $skinBase = array(); // To allow for inheritance of skins
if ( !file_exists(ZM_SKIN_PATH) ) if ( !file_exists(ZM_SKIN_PATH) )
Fatal("Invalid skin '$skin'"); ZM\Fatal("Invalid skin '$skin'");
$skinBase[] = $skin; $skinBase[] = $skin;
zm_session_start(); zm_session_start();
@ -125,7 +136,7 @@ if (
!isset($_SESSION['skin']) || !isset($_SESSION['skin']) ||
isset($_REQUEST['skin']) || isset($_REQUEST['skin']) ||
!isset($_COOKIE['zmSkin']) || !isset($_COOKIE['zmSkin']) ||
$_COOKIE['zmSkin'] != $skin ($_COOKIE['zmSkin'] != $skin)
) { ) {
$_SESSION['skin'] = $skin; $_SESSION['skin'] = $skin;
setcookie('zmSkin', $skin, time()+3600*24*30*12*10); setcookie('zmSkin', $skin, time()+3600*24*30*12*10);
@ -135,7 +146,7 @@ if (
!isset($_SESSION['css']) || !isset($_SESSION['css']) ||
isset($_REQUEST['css']) || isset($_REQUEST['css']) ||
!isset($_COOKIE['zmCSS']) || !isset($_COOKIE['zmCSS']) ||
$_COOKIE['zmCSS'] != $css ($_COOKIE['zmCSS'] != $css)
) { ) {
$_SESSION['css'] = $css; $_SESSION['css'] = $css;
setcookie('zmCSS', $css, time()+3600*24*30*12*10); setcookie('zmCSS', $css, time()+3600*24*30*12*10);