//set base folders
- $basepath['/'] = ' top ';
+ $basepath['/'] = 'top';
$bpath = '';
foreach (explode('/', $subf) as $key => $value) {
if ($value != '') {
<body>
<div class="wrappercontainer">
- <div class="banner"> <div class="control">{if $user_level > 99}<a href="?">home</a> | <a href="?tools=access">access</a> | <a href="?tools=users">users</a> | <a href="?tools=logs">logs</a> |{/if} <a href="index.php?tools=logout">logout({$user_name})</a> </div></div>
+ <div class="banner"> <div class="control">{if $user_level > 99}<a href="?">home</a> | <a href="?tools=access">access</a> | <a href="?tools=users">users</a> | <a href="?tools=logs">logs</a> |{/if} <a href="index.php?tools=logout">logout({$user_name|escape})</a> </div></div>
<div class="menucontainer">
<div class="menuhead">users</div>
- {foreach item=user key=user_id from=$users}<a {if $user_id eq $edited_user}class="selected"{/if} href="?tools=access&user={$user.id}">{$user.name}</a>{/foreach}
+ {foreach item=user key=user_id from=$users}<a {if $user_id eq $edited_user}class="selected"{/if} href="?tools=access&user={$user.id|escape:'url'}">{$user.name|escape}</a>{/foreach}
</div>
<form method='post'>
<input type='hidden' name='formtype' value='folderrights' />
- <input type='hidden' name='edited_user' value={$edited_user} />
+ <input type='hidden' name='edited_user' value='{$edited_user|escape}' />
{$layout}
<div style='float:left;'><input type='submit' value='Save'/></div>
<body>
<div class="wrappercontainer">
- <div class="banner"> <div class="control">{if $user_level > 99}<a href="?">home</a> | <a href="?tools=access">access</a> | <a href="?tools=users">users</a> | <a href="?tools=logs">logs</a> |{/if} <a href="index.php?tools=logout">logout({$user_name})</a> </div></div>
+ <div class="banner"> <div class="control">{if $user_level > 99}<a href="?">home</a> | <a href="?tools=access">access</a> | <a href="?tools=users">users</a> | <a href="?tools=logs">logs</a> |{/if} <a href="index.php?tools=logout">logout({$user_name|escape})</a> </div></div>
<div class="menucontainer">
<div class="menuhead">current folder</div>
- {foreach item=crumb key=cookie from=$base}<a href="?path={$cookie}">{$crumb}</a>{/foreach}
+ {foreach item=crumb key=cookie from=$base}<a href="?path={$cookie|escape:'url'}">{$crumb|escape}</a>{/foreach}
</div>
<div class="menuhead">subfolders</div>
- {foreach item=folder key=folderpath from=$subfolders}<a href="?path={$folderpath}">{$folder}</a>{/foreach}
+ {foreach item=folder key=folderpath from=$subfolders}<a href="?path={$folderpath|escape:'url'}">{$folder|escape}</a>{/foreach}
</div>
{if $item.hidden eq false OR $user_level > 99 }
<div class={if $item.finished==true}"status3"{elseif $item.finished!=true && $item.embedable==true}"status2"{elseif $item.finished!=true && $item.embedable!=true}"status1"{else}"item"{/if}>
- <div class="name">{$item.name} {if $user_level > 99}{if $item.hidden}<font color=red>|<a href='?tools=unhide&h={$id}'>publish</a>|</font>{else}<font color=green>|<a href='?tools=hide&h={$id}'>hide</a>|</font>{/if}{if $user_level > 100}<font color=red>|<a href='?tools=delete&h={$id}' onClick="javascript:return confirm('Are you sure you want to permanently delete {$item.name}?')">delete</a>|</font>{/if}{/if}</div>
+ <div class="name">{$item.name|escape} {if $user_level > 99}{if $item.hidden}<font color=red>|<a href='?tools=unhide&h={$id|escape:'url'}'>publish</a>|</font>{else}<font color=green>|<a href='?tools=hide&h={$id|escape:'url'}'>hide</a>|</font>{/if}{if $user_level > 100}<font color=red>|<a href='?tools=delete&h={$id|escape:'url'}' onClick="javascript:return confirm('Are you sure you want to permanently delete {$item.name|escape:'quotes'}?')">delete</a>|</font>{/if}{/if}</div>
- <div class="status">status: {$item.status}</div>
+ <div class="status">status: {$item.status|escape}</div>
<div class="clear"></div>
- <div class="added">added: {$item.date}</div>
+ <div class="added">added: {$item.date|escape}</div>
- <div class="size">size: {if $item.size>(1024*1024)}{math equation="((x / 1024) / 1024) * (y / z)" x=$item.size y=$item.chunks_finished z=$item.chunks format="%.2f"} / {math equation="(x / 1024) / 1024" x=$item.size format="%.2f"}mb{elseif $item.size>(1024)}{math equation="(x / 1024) * (y / z)" x=$item.size y=$item.chunks_finished z=$item.chunks format="%.2f"} / {math equation="(x / 1024)" x=$item.size format="%.2f"}kb{else}{math equation="x * (y / z)" x=$item.size y=$item.chunks_finished z=$item.chunks format="%.0f"} / {$item.size}b{/if}({math equation="(y / x) * 100" x=$item.chunks y=$item.chunks_finished format="%.0f"}%)</div>
+ <div class="size">size: {if $item.size>(1024*1024)}{math equation="((x / 1024) / 1024) * (y / z)" x=$item.size y=$item.chunks_finished z=$item.chunks format="%.2f"} / {math equation="(x / 1024) / 1024" x=$item.size format="%.2f"}mb{elseif $item.size>(1024)}{math equation="(x / 1024) * (y / z)" x=$item.size y=$item.chunks_finished z=$item.chunks format="%.2f"} / {math equation="(x / 1024)" x=$item.size format="%.2f"}kb{else}{math equation="x * (y / z)" x=$item.size y=$item.chunks_finished z=$item.chunks format="%.0f"} / {$item.size|escape}b{/if}({math equation="(y / x) * 100" x=$item.chunks y=$item.chunks_finished format="%.0f"}%)</div>
<div class="clear"></div>
- <div class="updated">last updated: {$item.lastchange}</div>
+ <div class="updated">last updated: {$item.lastchange|escape}</div>
{if $item.finished==true}
- <div class="download"><a href='?f={$id}'>download</a></div>
+ <div class="download"><a href='?f={$id|escape:'url'}'>download</a></div>
{/if}
{if $item.embedable eq true and $item.finished eq false}
{if $item.mime=='video/mpeg'}
- <div class="stream"><a href='?f={$id}'>download ({math equation="(y / x) * 100" x=$item.chunks y=$item.chunks_partial format="%.0f"}%)</a></div>
+ <div class="stream"><a href='?f={$id|escape:'url'}'>download ({math equation="(y / x) * 100" x=$item.chunks y=$item.chunks_partial format="%.0f"}%)</a></div>
{/if}
{/if}
{if $item.hidden eq false OR $user_level > 99 }
<div class={if $item.finished==true}"status3"{elseif $item.finished!=true && $item.embedable==true}"status2"{elseif $item.finished!=true && $item.embedable!=true}"status1"{else}"item"{/if}>
- <div class="name">{$item.name} {if $user_level > 99}{if $item.hidden}<font color=red>|<a href='?tools=unhide&h={$id}'>publish</a>|</font>{else}<font color=green>|<a href='?tools=hide&h={$id}'>hide</a>|</font>{/if}{if $user_level > 199}<font color=red>|<a href='?tools=delete&h={$id}' onClick="javascript:return confirm('Are you sure you want to permanently delete {$item.name}?')">delete</a>|</font>{/if}{/if}</div>
+ <div class="name">{$item.name|escape} {if $user_level > 99}{if $item.hidden}<font color=red>|<a href='?tools=unhide&h={$id|escape:'url'}'>publish</a>|</font>{else}<font color=green>|<a href='?tools=hide&h={$id|escape:'url'}'>hide</a>|</font>{/if}{if $user_level > 199}<font color=red>|<a href='?tools=delete&h={$id|escape:'url'}' onClick="javascript:return confirm('Are you sure you want to permanently delete {$item.name|escape:'quotes'}?')">delete</a>|</font>{/if}{/if}</div>
- <div class="status">status: {$item.status}</div>
+ <div class="status">status: {$item.status|escape}</div>
<div class="clear"></div>
- <div class="added">added: {$item.date}</div>
+ <div class="added">added: {$item.date|escape}</div>
- <div class="size">size: {if $item.size>(1024*1024)}{math equation="(x / 1024) / 1024" x=$item.size format="%.2f"}mb{elseif $item.size>(1024)}{math equation="(x / 1024)" x=$item.size format="%.2f"}kb{else}{$item.size}b{/if}</div>
+ <div class="size">size: {if $item.size>(1024*1024)}{math equation="(x / 1024) / 1024" x=$item.size format="%.2f"}mb{elseif $item.size>(1024)}{math equation="(x / 1024)" x=$item.size format="%.2f"}kb{else}{$item.size|escape}b{/if}</div>
<div class="clear"></div>
- <div class="updated">last updated: {$item.lastchange}</div>
+ <div class="updated">last updated: {$item.lastchange|escape}</div>
{if $item.finished==true}
- <div class="download"><a href='?f={$id}'>download</a></div>
+ <div class="download"><a href='?f={$id|escape:'url'}'>download</a></div>
{/if}
{if $item.embedable eq true and $item.finished eq false}
{if $item.mime=='video/mpeg'}
- <div class="stream"><a href='?f={$id}'>download (partial)</a></div>
+ <div class="stream"><a href='?f={$id|escape:'url'}'>download (partial)</a></div>
{/if}
{/if}
{if $user_level > 100 and $mass_delete_size > 1}
<div class="massdelete"><br>
<div class="deletebox" id="deletebox">
- <form name="deletetool" action="?tools=delete&h=multiple" method="post" onSubmit='return confirm("Are you sure you want to delete the selected files? \nThis page may take a while to reload while the files are removed.");'>
- <select multiple="" size="{$mass_delete_size}" id="h" name="h[]" width="300px">
+ <form name="deletetool" action="?tools=delete&h=multiple" method="post" onSubmit='return confirm("Are you sure you want to delete the selected files? \nThis page may take a while to reload while the files are removed.");'>
+ <select multiple="" size="{$mass_delete_size|escape}" id="h" name="h[]" width="300px">
{foreach item=item key=id from=$squashed}
- <option value="{$id}" title="{$item.name}">{$item.name|truncate:39}</option>
+ <option value="{$id|escape}" title="{$item.name|escape}">{$item.name|truncate:39|escape}</option>
{/foreach}
</select>
<input type="button" value="Select All" OnClick="selectAllList();" ><input type="reset" value="Clear"><input type="submit" value="Delete Selected Items">
<script type="text/javascript" src="js/md5.js"></script>
<script language="javascript">
function hasher(){ldelim}
- var salt = '{$salt}';
+ var salt = '{$salt|escape:'quotes'}';
document.loginform.pass.value=hex_md5(hex_md5(document.loginform.pass.value)+salt);
{rdelim}
</script>
<body>
<div class="wrappercontainer">
- <div class="banner"> <div class="control">{if $user_level > 99}<a href="?">home</a> | <a href="?tools=access">access</a> | <a href="?tools=users">users</a> | <a href="?tools=logs">logs</a> |{/if} <a href="index.php?tools=logout">logout({$user_name})</a> </div></div>
+ <div class="banner"> <div class="control">{if $user_level > 99}<a href="?">home</a> | <a href="?tools=access">access</a> | <a href="?tools=users">users</a> | <a href="?tools=logs">logs</a> |{/if} <a href="index.php?tools=logout">logout({$user_name|escape})</a> </div></div>
<div class="menucontainer">
<div class="menuhead">logs</div>
- <a {if $logtype eq "all" }class="selected"{/if} href="?tools=logs&logtype=all" >all</a>
- <a {if $logtype eq "delete" }class="selected"{/if} href="?tools=logs&logtype=delete" >delete</a>
- <a {if $logtype eq "download"}class="selected"{/if} href="?tools=logs&logtype=download">download</a>
- <a {if $logtype eq "login" }class="selected"{/if} href="?tools=logs&logtype=login" >login</a>
- <a {if $logtype eq "debug" }class="selected"{/if} href="?tools=logs&logtype=debug" >squasher</a>
+ <a {if $logtype eq "all" }class="selected"{/if} href="?tools=logs&logtype=all" >all</a>
+ <a {if $logtype eq "delete" }class="selected"{/if} href="?tools=logs&logtype=delete" >delete</a>
+ <a {if $logtype eq "download"}class="selected"{/if} href="?tools=logs&logtype=download">download</a>
+ <a {if $logtype eq "login" }class="selected"{/if} href="?tools=logs&logtype=login" >login</a>
+ <a {if $logtype eq "debug" }class="selected"{/if} href="?tools=logs&logtype=debug" >squasher</a>
</div>
</tr>
{foreach item=entry from=$logs.today key=id}
- <tr class="logentry_{$entry.action}" align="left">
- <td width='160px'> {$entry.date}</td>
- <td width='40px' > {$entry.user_name}</td>
- <td width='120px' title="{$entry.users_from_ip}"> {$entry.ip}</td>
- <td width='80px' > {$entry.action}</td>
- <td width='*' title="{$entry.file|substr:10}{if $entry.ip eq 'retry'}\n : This file did not pass validation. A request was mailed to the RO to restart the upload.{/if}{if $entry.ip eq 'cleanup'}\n : This file entry was missing all chunks. This entry was removed.{/if}"> {$entry.file|substr:10:64}</td>
+ <tr class="logentry_{$entry.action|escape}" align="left">
+ <td width='160px'> {$entry.date|escape}</td>
+ <td width='40px' > {$entry.user_name|escape}</td>
+ <td width='120px' title="{$entry.users_from_ip|escape}"> {$entry.ip|escape}</td>
+ <td width='80px' > {$entry.action|escape}</td>
+ <td width='*' title="{$entry.file|substr:10|escape}{if $entry.ip eq 'retry'}\n : This file did not pass validation. A request was mailed to the RO to restart the upload.{/if}{if $entry.ip eq 'cleanup'}\n : This file entry was missing all chunks. This entry was removed.{/if}"> {$entry.file|substr:10:64|escape}</td>
</tr>
{foreachelse}
<tr class="logentry_empty">
<td width='*' colspan="5">Yesterday</td>
</tr>
-{foreach item=entry from=$logs.yesterday key=id} <tr class="logentry_{$entry.action}" align="left">
- <td width='160px'> {$entry.date}</td>
- <td width='40px' > {$entry.user_name}</td>
- <td width='120px' title="{$entry.users_from_ip}"> {$entry.ip}</td>
- <td width='80px'> {$entry.action}</td>
- <td width='*' title="{$entry.file|substr:10}{if $entry.ip eq 'retry'}\n : This file did not pass validation. A request was mailed to the RO to restart the upload.{/if}{if $entry.ip eq 'cleanup'}\n : This file entry was missing all chunks. This entry was removed.{/if}"> {$entry.file|substr:10:64}</td>
+{foreach item=entry from=$logs.yesterday key=id} <tr class="logentry_{$entry.action|escape}" align="left">
+ <td width='160px'> {$entry.date|escape}</td>
+ <td width='40px' > {$entry.user_name|escape}</td>
+ <td width='120px' title="{$entry.users_from_ip|escape}"> {$entry.ip|escape}</td>
+ <td width='80px'> {$entry.action|escape}</td>
+ <td width='*' title="{$entry.file|substr:10|escape}{if $entry.ip eq 'retry'}\n : This file did not pass validation. A request was mailed to the RO to restart the upload.{/if}{if $entry.ip eq 'cleanup'}\n : This file entry was missing all chunks. This entry was removed.{/if}"> {$entry.file|substr:10:64|escape}</td>
</tr>
{foreachelse}
<tr class="logentry_empty">
</tr>
{foreach item=entry from=$logs.lastweek key=id}
- <tr class="logentry_{$entry.action}" align="left">
- <td width='160px'> {$entry.date}</td>
- <td width='40px' > {$entry.user_name}</td>
- <td width='120px' title="{$entry.users_from_ip}"> {$entry.ip}</td>
- <td width='80px'> {$entry.action}</td>
- <td width='*' title="{$entry.file|substr:10}{if $entry.ip eq 'retry'}\n : This file did not pass validation. A request was mailed to the RO to restart the upload.{/if}{if $entry.ip eq 'cleanup'}\n : This file entry was missing all chunks. This entry was removed.{/if}"> {$entry.file|substr:10:64}</td>
+ <tr class="logentry_{$entry.action|escape}" align="left">
+ <td width='160px'> {$entry.date|escape}</td>
+ <td width='40px' > {$entry.user_name|escape}</td>
+ <td width='120px' title="{$entry.users_from_ip|escape}"> {$entry.ip|escape}</td>
+ <td width='80px'> {$entry.action|escape}</td>
+ <td width='*' title="{$entry.file|substr:10|escape}{if $entry.ip eq 'retry'}\n : This file did not pass validation. A request was mailed to the RO to restart the upload.{/if}{if $entry.ip eq 'cleanup'}\n : This file entry was missing all chunks. This entry was removed.{/if}"> {$entry.file|substr:10:64|escape}</td>
</tr>
{foreachelse}
<tr class="logentry_empty">
</tr>
{foreach item=entry from=$logs.older key=id}
- <tr class="logentry_{$entry.action}" align="left">
- <td width='160px'> {$entry.date}</td>
- <td width='40px' > {$entry.user_name}</td>
- <td width='120px' title="{$entry.users_from_ip}"> {$entry.ip}</td>
- <td width='80px'> {$entry.action}</td>
- <td width='*' title="{$entry.file|substr:10}{if $entry.ip eq 'retry'}\n : This file did not pass validation. A request was mailed to the RO to restart the upload.{/if}{if $entry.ip eq 'cleanup'}\n : This file entry was missing all chunks. This entry was removed.{/if}"> {$entry.file|substr:10:64}</td>
+ <tr class="logentry_{$entry.action|escape}" align="left">
+ <td width='160px'> {$entry.date|escape}</td>
+ <td width='40px' > {$entry.user_name|escape}</td>
+ <td width='120px' title="{$entry.users_from_ip|escape}"> {$entry.ip|escape}</td>
+ <td width='80px'> {$entry.action|escape}</td>
+ <td width='*' title="{$entry.file|substr:10|escape}{if $entry.ip eq 'retry'}\n : This file did not pass validation. A request was mailed to the RO to restart the upload.{/if}{if $entry.ip eq 'cleanup'}\n : This file entry was missing all chunks. This entry was removed.{/if}"> {$entry.file|substr:10:64|escape}</td>
</tr>
{foreachelse}
<tr class="logentry_empty">
<body>
<div class="wrappercontainer">
- <div class="banner"> <div class="control">{if $user_level > 99}<a href="?">home</a> | <a href="?tools=access">access</a> | <a href="?tools=users">users</a> | <a href="?tools=logs">logs</a> |{/if} <a href="index.php?tools=logout">logout({$user_name})</a> </div></div>
+ <div class="banner"> <div class="control">{if $user_level > 99}<a href="?">home</a> | <a href="?tools=access">access</a> | <a href="?tools=users">users</a> | <a href="?tools=logs">logs</a> |{/if} <a href="index.php?tools=logout">logout({$user_name|escape})</a> </div></div>
<div class="content">
{foreach item=user key=user_id from=$users}
-<div class="white_border"><form method='post' name='user_{$user.id}' id='user_{$user.id}'><input type='hidden' name='u[user_id]' id='user_id' value='{$user.id}' /><input type='hidden' name='type' id='type' value='' /><input name='u[user_name]' id='user_name' value='{$user.name}' readonly /> | {html_options name='u[user_level]' id='user_level' options=$user_levels selected=$user.level} | {if $user.enabled}<a onClick="document.user_{$user.id}.type.value='disable';document.user_{$user.id}.submit();" style="cursor:pointer" >remove password</a>{else}<input name='u[user_pass]' id='user_pass' /> {/if} | <a onClick="document.user_{$user.id}.type.value='delete';confirm_delete('user_{$user.id}');" style="cursor:pointer" >delete</a> | <a onClick="document.user_{$user.id}.type.value='update';document.user_{$user.id}.submit();" style="cursor:pointer" >update</a></form></div>
+<div class="white_border"><form method='post' name='user_{$user.id|escape}' id='user_{$user.id|escape}'><input type='hidden' name='u[user_id]' id='user_id' value='{$user.id|escape}' /><input type='hidden' name='type' id='type' value='' /><input name='u[user_name]' id='user_name' value='{$user.name|escape}' readonly /> | {html_options name='u[user_level]' id='user_level' options=$user_levels selected=$user.level} | {if $user.enabled}<a onClick="document.user_{$user.id}.type.value='disable';document.user_{$user.id}.submit();" style="cursor:pointer" >remove password</a>{else}<input name='u[user_pass]' id='user_pass' /> {/if} | <a onClick="document.user_{$user.id}.type.value='delete';confirm_delete('user_{$user.id}');" style="cursor:pointer" >delete</a> | <a onClick="document.user_{$user.id}.type.value='update';document.user_{$user.id}.submit();" style="cursor:pointer" >update</a></form></div>
<div class="clear"></div>
{/foreach}
<div class="white_border"><form method='post' name='user_new' id='user_new'><input type='hidden' name='type' id='type' value='' /><input name='u[user_name]' value='' /> | {html_options name='u[user_level]' options=$user_levels } | <input name='u[user_pass]' /> | <a onClick="document.user_new.type.value='new';document.user_new.submit();" style="cursor:pointer" >add</a></form></div>