MercurialGeeklog / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | raw | help
plugins/spamx/EditHeader.Admin.class.php
author Dirk Haun <dirk@haun-online.de>
Thu, 29 Oct 2009 13:00:11 +0100
branchHEAD
changeset 7397 c27e9026f22a
parent 6838 cb1ba8d99085
child 8260 6e50280b41ef
permissions -rw-r--r--
Fixed inclusion protection 
     1 <?php

     2 

     3 /**

     4 * File: EditHeader.Admin.class.php

     5 * This is the Edit HTTP Header Module for the Geeklog Spam-X plugin

     6 *

     7 * Copyright (C) 2005-2009 by the following authors:

     8 * Author    Dirk Haun <dirk AT haun-online DOT de>

     9 *

    10 * based on the works of Tom Willett <tomw AT pigstye DOT net>

    11 *

    12 * Licensed under GNU General Public License

    13 *

    14 * @package Spam-X

    15 * @subpackage Modules

    16 */

    17 

    18 if (strpos(strtolower($_SERVER['PHP_SELF']), 'editheader.admin.class.php') !== false) {

    19     die('This file can not be used on its own!');

    20 }

    21 

    22 /**

    23 * Include Abstract Base Class

    24 */

    25 require_once $_CONF['path'] . 'plugins/spamx/BaseAdmin.class.php';

    26 

    27 /**

    28 * HTTP Header Editor

    29 *

    30 * @package Spam-X

    31 *

    32 */

    33 class EditHeader extends BaseAdmin {

    34     /**

    35      * Constructor

    36      */

    37     function display()

    38     {

    39         global $_CONF, $_TABLES, $LANG_SX00;

    40 

    41         $action = '';

    42         if (isset($_GET['action'])) {

    43             $action = $_GET['action'];

    44         } elseif (isset($_POST['paction'])) {

    45             $action = $_POST['paction'];

    46         }

    47 

    48         if (($action == 'delete') && SEC_checkToken()) {

    49             $entry = $_GET['entry'];

    50             if (!empty($entry)) {

    51                 $dbentry = addslashes($entry);

    52                 DB_delete($_TABLES['spamx'], array('name', 'value'),

    53                                              array('HTTPHeader', $dbentry));

    54             }

    55         } elseif (($action == $LANG_SX00['addentry']) && SEC_checkToken()) {

    56             $entry = '';

    57             $name = COM_applyFilter($_REQUEST['header-name']);

    58             $n = explode(':', $name);

    59             $name = $n[0];

    60             $value = $_REQUEST['header-value'];

    61 

    62             if (!empty($name) && !empty($value)) {

    63                 $entry = $name . ': ' . $value;

    64             }

    65 

    66             $dbentry = addslashes($entry);

    67             if (!empty($entry)) {

    68                 $result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('HTTPHeader','$dbentry')");

    69             }

    70         }

    71 

    72         $token = SEC_createToken();

    73         $display = '<hr' . XHTML . '>' . LB . '<p><b>';

    74         $display .= $LANG_SX00['headerblack'];

    75         $display .= '</b></p>' . LB . '<ul>' . LB;

    76         $result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name='HTTPHeader' ORDER BY value");

    77         $nrows = DB_numRows($result);

    78         for ($i = 0; $i < $nrows; $i++) {

    79             list($e) = DB_fetchArray($result);

    80 

    81             $display .= '<li>'. COM_createLink(htmlspecialchars($e),

    82                 $_CONF['site_admin_url']

    83                 . '/plugins/spamx/index.php?command=EditHeader&amp;action=delete&amp;entry=' . urlencode($e) . '&amp;' . CSRF_TOKEN . '=' . $token) . '</li>' . LB;

    84         }

    85         $display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB;

    86         $display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB;

    87 

    88         $display .= '<form method="post" action="' . $_CONF['site_admin_url']

    89                  . '/plugins/spamx/index.php?command=EditHeader">' . LB;

    90         $display .= '<table border="0" width="100%">' . LB;

    91         $display .= '<tr><td align="right"><b>Header:</b></td>' . LB;

    92         $display .= '<td><input type="text" size="40" name="header-name"'

    93                  . XHTML . '> e.g. <tt>User-Agent</tt></td></tr>' . LB;

    94         $display .= '<tr><td align="right"><b>Content:</b></td>' . LB;

    95         $display .= '<td><input type="text" size="40" name="header-value"'

    96                  . XHTML . '> e.g. <tt>Mozilla</tt></td></tr>' . LB;

    97         $display .= '</table>' . LB;

    98         $display .= '<p><input type="submit" name="paction" value="'

    99                  . $LANG_SX00['addentry'] . '"' . XHTML . '></p>';

   100         $display .= '<input type="hidden" name="' . CSRF_TOKEN

   101                  . "\" value=\"{$token}\"" . XHTML . '>' . LB;

   102         $display .= '</form>' . LB;

   103 

   104         return $display;

   105     }

   106 

   107     function link()

   108     {

   109         return "Edit HTTP Header Blacklist";

   110     }

   111 }

   112 

   113 ?>
Geeklog