yetangitu/Oinktube
1
0
Fork 0
mirror of https://github.com/DanielnetoDotCom/YouPHPTube synced 2025-10-03 01:39:24 +02:00
Code Issues Releases Wiki Activity

TALOS Security Advisory for WWBN (TALOS-2022-1551, TALOS-2022-1550, TALOS-2022-1549, TALOS-2022-1548, TALOS-2022-1547, TALOS-2022-1546, TALOS-2022-1545, TALOS-2022-1542, TALOS-2022-1540 - TALOS-2022-1534)

Browse source 
Should all be good now
This commit is contained in:
DanieL 2022-07-07 17:24:20 -03:00
parent 68328cdd42
commit 21fed6e0b7
36 changed files with 3221 additions and 3091 deletions
Download patch file Download diff file Expand all files Collapse all files

266
plugin/TopMenu/Objects/Menu.php
View file

@ -1,133 +1,133 @@
<?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php';
require_once dirname(__FILE__) . '/../../../objects/bootGrid.php';
require_once dirname(__FILE__) . '/../../../objects/user.php';
class Menu extends ObjectYPT {
static $typeLeftMenu = 1;
static $typeTopMenu = 2;
static $typeActionMenu = 3;
static $typeActionMenuCustomURL = 4;
static $typeActionMenuCustomURLForLoggedUsers = 5;
static $typeActionMenuCustomURLForUsersThatCanWatchVideo = 6;
static $typeActionMenuCustomURLForUsersThatCanNotWatchVideo = 7;
static $typeMobileTabMenu = 8;
static $typeMobileLeftMenu = 9;
static $typeMobileTabMenuInABrowser = 10;
static $typeMobileLeftMenuInABrowser = 11;
static $typeName = array(
1=>'Left',
2=>'Top',
3=>'Action',
4=>'Action Per Video',
5=>'Action Per Video For Logged Users Only',
6=>'Action Per Video For Users That can Watch Video',
7=>'Action Per Video For Users That can NOT Watch Video',
8=>'Mobile Tab Menu',
9=>'Mobile Left Menu',
10=>'Mobile Tab Menu in a Browser',
11=>'Mobile Left Menu in a Browser');
protected $id, $menuName, $categories_id, $users_groups_id, $menu_order, $status, $position, $type, $icon, $menuSeoUrl;
static function getSearchFieldsNames() {
return array();
}
static function getTableName() {
return 'topMenu';
}
function setMenuName($menuName) {
$this->menuName = $menuName;
}
function setCategories_id($categories_id) {
$this->categories_id = $categories_id;
}
function setUsers_groups_id($users_groups_id) {
$this->users_groups_id = $users_groups_id;
}
function setMenu_order($menu_order) {
$this->menu_order = $menu_order;
}
function setStatus($status) {
$this->status = $status;
}
function setPosition($position) {
$this->position = $position;
}
function setType($type) {
$this->type = $type;
}
function setIcon($icon) {
$this->icon = $icon;
}
function setmenuSeoUrl($menuSeoUrl){
$this->menuSeoUrl=$menuSeoUrl;
}
static function getAllActive($type=false) {
global $global;
$sql = "SELECT * FROM ".static::getTableName()." WHERE status = 'active' ";
if(!empty($type)){
$sql .= " AND type = $type ";
}
$sql .= " ORDER BY menu_order ";
_mysql_connect();
$res = $global['mysqli']->query($sql);
$rows = array();
if ($res) {
while ($row = $res->fetch_assoc()) {
$rows[] = $row;
}
}
return $rows;
}
function save() {
global $global;
if(empty($this->menuName)){
$this->menuName = 'Unknow Menu Name';
}
if(empty($this->categories_id)){
$this->categories_id = 'null';
}
if(empty($this->users_groups_id)){
$this->users_groups_id = 'null';
}
if(empty($this->menu_order)){
$this->menu_order = 0;
}
if(empty($this->status)){
$this->status = "active";
}
if(empty($this->position)){
$this->position = "right";
}
if(empty($this->type)){
$this->type = 1;
}
if(empty($this->menuSeoUrl)){
$this->menuSeoUrl=$this->menuName;
}
$this->menuSeoUrl=$global['mysqli']->real_escape_string(preg_replace('/[^a-z0-9]+/', '_', strtolower($this->menuSeoUrl)));
return parent::save();
}
}
<?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php';
require_once dirname(__FILE__) . '/../../../objects/bootGrid.php';
require_once dirname(__FILE__) . '/../../../objects/user.php';
class Menu extends ObjectYPT {
static $typeLeftMenu = 1;
static $typeTopMenu = 2;
static $typeActionMenu = 3;
static $typeActionMenuCustomURL = 4;
static $typeActionMenuCustomURLForLoggedUsers = 5;
static $typeActionMenuCustomURLForUsersThatCanWatchVideo = 6;
static $typeActionMenuCustomURLForUsersThatCanNotWatchVideo = 7;
static $typeMobileTabMenu = 8;
static $typeMobileLeftMenu = 9;
static $typeMobileTabMenuInABrowser = 10;
static $typeMobileLeftMenuInABrowser = 11;
static $typeName = array(
1=>'Left',
2=>'Top',
3=>'Action',
4=>'Action Per Video',
5=>'Action Per Video For Logged Users Only',
6=>'Action Per Video For Users That can Watch Video',
7=>'Action Per Video For Users That can NOT Watch Video',
8=>'Mobile Tab Menu',
9=>'Mobile Left Menu',
10=>'Mobile Tab Menu in a Browser',
11=>'Mobile Left Menu in a Browser');
protected $id, $menuName, $categories_id, $users_groups_id, $menu_order, $status, $position, $type, $icon, $menuSeoUrl;
static function getSearchFieldsNames() {
return array();
}
static function getTableName() {
return 'topMenu';
}
function setMenuName($menuName) {
$this->menuName = $menuName;
}
function setCategories_id($categories_id) {
$this->categories_id = $categories_id;
}
function setUsers_groups_id($users_groups_id) {
$this->users_groups_id = $users_groups_id;
}
function setMenu_order($menu_order) {
$this->menu_order = $menu_order;
}
function setStatus($status) {
$this->status = $status;
}
function setPosition($position) {
$this->position = $position;
}
function setType($type) {
$this->type = $type;
}
function setIcon($icon) {
$this->icon = $icon;
}
function setmenuSeoUrl($menuSeoUrl){
$this->menuSeoUrl=$menuSeoUrl;
}
static function getAllActive($type=false) {
global $global;
$sql = "SELECT * FROM ".static::getTableName()." WHERE status = 'active' ";
if(!empty($type)){
$sql .= " AND type = $type ";
}
$sql .= " ORDER BY menu_order ";
_mysql_connect();
$res = $global['mysqli']->query($sql);
$rows = array();
if ($res) {
while ($row = $res->fetch_assoc()) {
$rows[] = $row;
}
}
return $rows;
}
function save() {
global $global;
if(empty($this->menuName)){
$this->menuName = 'Unknow Menu Name';
}
if(empty($this->categories_id)){
$this->categories_id = 'null';
}
if(empty($this->users_groups_id)){
$this->users_groups_id = 'null';
}
if(empty($this->menu_order)){
$this->menu_order = 0;
}
if(empty($this->status)){
$this->status = "active";
}
if(empty($this->position)){
$this->position = "right";
}
if(empty($this->type)){
$this->type = 1;
}
if(empty($this->menuSeoUrl)){
$this->menuSeoUrl=$this->menuName;
}
$this->menuSeoUrl=(preg_replace('/[^a-z0-9]+/', '_', strtolower($this->menuSeoUrl)));
return parent::save();
}
}

284
plugin/TopMenu/Objects/MenuItem.php
View file

@ -1,142 +1,142 @@
<?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php';
require_once dirname(__FILE__) . '/../../../objects/bootGrid.php';
require_once dirname(__FILE__) . '/../../../objects/user.php';
class MenuItem extends ObjectYPT {
protected $id, $title, $image, $url, $class, $style, $item_order, $topMenu_id, $status, $text, $icon, $clean_url, $menuSeoUrlItem;
static function getSearchFieldsNames() {
return array();
}
static function getTableName() {
return 'topMenu_items';
}
static function getAllFromMenu($menu_id, $activeOnly = false, $sort = true) {
global $global;
$menu_id = intval($menu_id);
if (empty($menu_id)) {
return false;
}
$sql = "SELECT * FROM " . static::getTableName() . " WHERE topMenu_id = {$menu_id}";
if ($activeOnly) {
$sql .= " AND status = 'active' ";
}
if ($sort) {
$sql .= " ORDER BY item_order ";
}
$res = $global['mysqli']->query($sql);
$rows = array();
if ($res) {
$webSiteRootURLParse = parse_url($global['webSiteRootURL']);
$webSiteRootURLParse['host'] = strtolower($webSiteRootURLParse['host']);
while ($row = $res->fetch_assoc()) {
$row['finalURL'] = $row['url'];
$row['target'] = "";
if (!empty($row['url']) && strpos($row['url'], 'iframe:') === false) {// it is not an iframe
$parse = parse_url($row['url']);
if (!empty($parse['host']) && strtolower($parse['host']) !== $webSiteRootURLParse['host']) {// it is to another domain
$row['target'] = " target='_blank' rel='noopener noreferrer' ";
}
} else {
if (!empty($row['menuSeoUrlItem'])) {
$row['finalURL'] = $global['webSiteRootURL'] . "menu/{$row['menuSeoUrlItem']}";
} else {
$row['finalURL'] = $global['webSiteRootURL'] . "plugin/TopMenu/?id={$row['id']}";
}
}
$rows[] = $row;
}
} else {
die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
return $rows;
}
function setTitle($title) {
$this->title = $title;
}
function setImage($image) {
$this->image = $image;
}
function setUrl($url) {
$this->url = $url;
}
function setClass($class) {
$this->class = $class;
}
function setStyle($style) {
$this->style = $style;
}
function setItem_order($item_order) {
$this->item_order = intval($item_order);
}
function setTopMenu_id($topMenu_id) {
$this->topMenu_id = intval($topMenu_id);
}
function setStatus($status) {
$this->status = $status;
}
function setText($text) {
$this->text = $text;
}
function setIcon($icon) {
$this->icon = $icon;
}
function setClean_url($clean_url) {
$this->clean_url = $clean_url;
}
function setmenuSeoUrlItem($menuSeoUrlItem) {
$this->menuSeoUrlItem = $menuSeoUrlItem;
}
function save() {
global $global;
if (empty($this->title)) {
$this->title = "Unknow Item Menu Title";
}
if (empty($this->status)) {
$this->status = "active";
}
if (empty($this->menuSeoUrlItem)) {
$this->menuSeoUrlItem = $this->title;
}
$this->menuSeoUrlItem = $global['mysqli']->real_escape_string(preg_replace('/[^a-z0-9]+/', '_', strtolower($this->title)));
$this->title = $global['mysqli']->real_escape_string($this->title);
$this->text = $global['mysqli']->real_escape_string($this->text);
return parent::save();
}
function getTitle() {
return $this->title;
}
function getText() {
return $this->text;
}
function getUrl() {
return $this->url;
}
}
<?php
require_once dirname(__FILE__) . '/../../../videos/configuration.php';
require_once dirname(__FILE__) . '/../../../objects/bootGrid.php';
require_once dirname(__FILE__) . '/../../../objects/user.php';
class MenuItem extends ObjectYPT {
protected $id, $title, $image, $url, $class, $style, $item_order, $topMenu_id, $status, $text, $icon, $clean_url, $menuSeoUrlItem;
static function getSearchFieldsNames() {
return array();
}
static function getTableName() {
return 'topMenu_items';
}
static function getAllFromMenu($menu_id, $activeOnly = false, $sort = true) {
global $global;
$menu_id = intval($menu_id);
if (empty($menu_id)) {
return false;
}
$sql = "SELECT * FROM " . static::getTableName() . " WHERE topMenu_id = {$menu_id}";
if ($activeOnly) {
$sql .= " AND status = 'active' ";
}
if ($sort) {
$sql .= " ORDER BY item_order ";
}
$res = $global['mysqli']->query($sql);
$rows = array();
if ($res) {
$webSiteRootURLParse = parse_url($global['webSiteRootURL']);
$webSiteRootURLParse['host'] = strtolower($webSiteRootURLParse['host']);
while ($row = $res->fetch_assoc()) {
$row['finalURL'] = $row['url'];
$row['target'] = "";
if (!empty($row['url']) && strpos($row['url'], 'iframe:') === false) {// it is not an iframe
$parse = parse_url($row['url']);
if (!empty($parse['host']) && strtolower($parse['host']) !== $webSiteRootURLParse['host']) {// it is to another domain
$row['target'] = " target='_blank' rel='noopener noreferrer' ";
}
} else {
if (!empty($row['menuSeoUrlItem'])) {
$row['finalURL'] = $global['webSiteRootURL'] . "menu/{$row['menuSeoUrlItem']}";
} else {
$row['finalURL'] = $global['webSiteRootURL'] . "plugin/TopMenu/?id={$row['id']}";
}
}
$rows[] = $row;
}
} else {
die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
}
return $rows;
}
function setTitle($title) {
$this->title = $title;
}
function setImage($image) {
$this->image = $image;
}
function setUrl($url) {
$this->url = $url;
}
function setClass($class) {
$this->class = $class;
}
function setStyle($style) {
$this->style = $style;
}
function setItem_order($item_order) {
$this->item_order = intval($item_order);
}
function setTopMenu_id($topMenu_id) {
$this->topMenu_id = intval($topMenu_id);
}
function setStatus($status) {
$this->status = $status;
}
function setText($text) {
$this->text = $text;
}
function setIcon($icon) {
$this->icon = $icon;
}
function setClean_url($clean_url) {
$this->clean_url = $clean_url;
}
function setmenuSeoUrlItem($menuSeoUrlItem) {
$this->menuSeoUrlItem = $menuSeoUrlItem;
}
function save() {
global $global;
if (empty($this->title)) {
$this->title = "Unknow Item Menu Title";
}
if (empty($this->status)) {
$this->status = "active";
}
if (empty($this->menuSeoUrlItem)) {
$this->menuSeoUrlItem = $this->title;
}
$this->menuSeoUrlItem = (preg_replace('/[^a-z0-9]+/', '_', strtolower($this->title)));
$this->title = ($this->title);
$this->text = ($this->text);
return parent::save();
}
function getTitle() {
return $this->title;
}
function getText() {
return $this->text;
}
function getUrl() {
return $this->url;
}
}