onokazu
onoka****@users*****
2005年 6月 30日 (木) 01:40:24 JST
Index: xoops2jp/html/lostpass.php
diff -u xoops2jp/html/lostpass.php:1.2 xoops2jp/html/lostpass.php:1.2.10.1
--- xoops2jp/html/lostpass.php:1.2 Fri Mar 18 21:51:55 2005
+++ xoops2jp/html/lostpass.php Thu Jun 30 01:40:24 2005
@@ -1,5 +1,5 @@
<?php
-// $Id: lostpass.php,v 1.2 2005/03/18 12:51:55 onokazu Exp $
+// $Id: lostpass.php,v 1.2.10.1 2005/06/29 16:40:24 onokazu Exp $
// ------------------------------------------------------------------------ //
// XOOPS - PHP Content Management System //
// Copyright (c) 2000 XOOPS.org //
@@ -27,73 +27,72 @@
$xoopsOption['pagetype'] = "user";
include "mainfile.php";
-$email = isset($_GET['email']) ? trim($_GET['email']) : '';
-$email = isset($_POST['email']) ? trim($_POST['email']) : $email;
+$myts =& MyTextSanitizer::getInstance();
+$email = isset($_GET['email']) ? $myts->stripSlashesGPC(trim($_GET['email'])) : '';
+$email = isset($_POST['email']) ? $myts->stripSlashesGPC(trim($_POST['email'])) : $email;
if ($email == '') {
- redirect_header("user.php",2,_US_SORRYNOTFOUND);
- exit();
+ redirect_header("user.php",2,_US_SORRYNOTFOUND);
+ exit();
}
-
-$myts =& MyTextSanitizer::getInstance();
$member_handler =& xoops_gethandler('member');
-$getuser =& $member_handler->getUsers(new Criteria('email', $myts->addSlashes($email)));
+$getuser =& $member_handler->getUsers(new Criteria('email', $email));
if (empty($getuser)) {
- redirect_header("user.php",2,_US_SORRYNOTFOUND);
- exit();
+ redirect_header("user.php",2,_US_SORRYNOTFOUND);
+ exit();
} else {
- $code = isset($_GET['code']) ? trim($_GET['code']) : '';
- $areyou = substr($getuser[0]->getVar("pass"), 0, 5);
- if ($code != '' && $areyou == $code) {
- $newpass = xoops_makepass();
- $xoopsMailer =& getMailer();
- $xoopsMailer->useMail();
- $xoopsMailer->setTemplate("lostpass2.tpl");
- $xoopsMailer->assign("SITENAME", $xoopsConfig['sitename']);
- $xoopsMailer->assign("ADMINMAIL", $xoopsConfig['adminmail']);
- $xoopsMailer->assign("SITEURL", XOOPS_URL."/");
- $xoopsMailer->assign("IP", $_SERVER['REMOTE_ADDR']);
- $xoopsMailer->assign("NEWPWD", $newpass);
- $xoopsMailer->setToUsers($getuser[0]);
- $xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
- $xoopsMailer->setFromName($xoopsConfig['sitename']);
- $xoopsMailer->setSubject(sprintf(_US_NEWPWDREQ,XOOPS_URL));
- if ( !$xoopsMailer->send() ) {
- echo $xoopsMailer->getErrors();
- }
+ $code = isset($_GET['code']) ? trim($_GET['code']) : '';
+ $areyou = substr($getuser[0]->getVar("pass"), 0, 5);
+ if ($code != '' && $areyou == $code) {
+ $newpass = xoops_makepass();
+ $xoopsMailer =& getMailer();
+ $xoopsMailer->useMail();
+ $xoopsMailer->setTemplate("lostpass2.tpl");
+ $xoopsMailer->assign("SITENAME", $xoopsConfig['sitename']);
+ $xoopsMailer->assign("ADMINMAIL", $xoopsConfig['adminmail']);
+ $xoopsMailer->assign("SITEURL", XOOPS_URL."/");
+ $xoopsMailer->assign("IP", $_SERVER['REMOTE_ADDR']);
+ $xoopsMailer->assign("NEWPWD", $newpass);
+ $xoopsMailer->setToUsers($getuser[0]);
+ $xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
+ $xoopsMailer->setFromName($xoopsConfig['sitename']);
+ $xoopsMailer->setSubject(sprintf(_US_NEWPWDREQ,XOOPS_URL));
+ if ( !$xoopsMailer->send() ) {
+ echo $xoopsMailer->getErrors();
+ }
- // Next step: add the new password to the database
- $sql = sprintf("UPDATE %s SET pass = '%s' WHERE uid = %u", $xoopsDB->prefix("users"), md5($newpass), $getuser[0]->getVar('uid'));
- if ( !$xoopsDB->queryF($sql) ) {
- include "header.php";
- echo _US_MAILPWDNG;
- include "footer.php";
- exit();
- }
- redirect_header("user.php", 3, sprintf(_US_PWDMAILED,$getuser[0]->getVar("uname")), false);
- exit();
- // If no Code, send it
- } else {
- $xoopsMailer =& getMailer();
- $xoopsMailer->useMail();
- $xoopsMailer->setTemplate("lostpass1.tpl");
- $xoopsMailer->assign("SITENAME", $xoopsConfig['sitename']);
- $xoopsMailer->assign("ADMINMAIL", $xoopsConfig['adminmail']);
- $xoopsMailer->assign("SITEURL", XOOPS_URL."/");
- $xoopsMailer->assign("IP", $_SERVER['REMOTE_ADDR']);
- $xoopsMailer->assign("NEWPWD_LINK", XOOPS_URL."/lostpass.php?email=".$email."&code=".$areyou);
- $xoopsMailer->setToUsers($getuser[0]);
- $xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
- $xoopsMailer->setFromName($xoopsConfig['sitename']);
- $xoopsMailer->setSubject(sprintf(_US_NEWPWDREQ,$xoopsConfig['sitename']));
- include "header.php";
- if ( !$xoopsMailer->send() ) {
- echo $xoopsMailer->getErrors();
- }
- echo "<h4>";
- printf(_US_CONFMAIL,$getuser[0]->getVar("uname"));
- echo "</h4>";
- include "footer.php";
- }
+ // Next step: add the new password to the database
+ $sql = sprintf("UPDATE %s SET pass = '%s' WHERE uid = %u", $xoopsDB->prefix("users"), md5($newpass), $getuser[0]->getVar('uid'));
+ if ( !$xoopsDB->queryF($sql) ) {
+ include "header.php";
+ echo _US_MAILPWDNG;
+ include "footer.php";
+ exit();
+ }
+ redirect_header("user.php", 3, sprintf(_US_PWDMAILED,$getuser[0]->getVar("uname")), false);
+ exit();
+ // If no Code, send it
+ } else {
+ $xoopsMailer =& getMailer();
+ $xoopsMailer->useMail();
+ $xoopsMailer->setTemplate("lostpass1.tpl");
+ $xoopsMailer->assign("SITENAME", $xoopsConfig['sitename']);
+ $xoopsMailer->assign("ADMINMAIL", $xoopsConfig['adminmail']);
+ $xoopsMailer->assign("SITEURL", XOOPS_URL."/");
+ $xoopsMailer->assign("IP", $_SERVER['REMOTE_ADDR']);
+ $xoopsMailer->assign("NEWPWD_LINK", XOOPS_URL."/lostpass.php?email=".$email."&code=".$areyou);
+ $xoopsMailer->setToUsers($getuser[0]);
+ $xoopsMailer->setFromEmail($xoopsConfig['adminmail']);
+ $xoopsMailer->setFromName($xoopsConfig['sitename']);
+ $xoopsMailer->setSubject(sprintf(_US_NEWPWDREQ,$xoopsConfig['sitename']));
+ include "header.php";
+ if ( !$xoopsMailer->send() ) {
+ echo $xoopsMailer->getErrors();
+ }
+ echo "<h4>";
+ printf(_US_CONFMAIL,$getuser[0]->getVar("uname"));
+ echo "</h4>";
+ include "footer.php";
+ }
}
?>
\ No newline at end of file
Index: xoops2jp/html/xmlrpc.php
diff -u xoops2jp/html/xmlrpc.php:1.2 xoops2jp/html/xmlrpc.php:1.2.10.1
--- xoops2jp/html/xmlrpc.php:1.2 Fri Mar 18 21:51:55 2005
+++ xoops2jp/html/xmlrpc.php Thu Jun 30 01:40:24 2005
@@ -30,42 +30,42 @@
include_once XOOPS_ROOT_PATH.'/class/xml/rpc/xmlrpctag.php';
include_once XOOPS_ROOT_PATH.'/class/xml/rpc/xmlrpcparser.php';
$response = new XoopsXmlRpcResponse();
-$parser = new XoopsXmlRpcParser($GLOBALS['HTTP_RAW_POST_DATA']);
+$parser = new XoopsXmlRpcParser(rawurldecode($GLOBALS['HTTP_RAW_POST_DATA']));
if (!$parser->parse()) {
- $response->add(new XoopsXmlRpcFault(102));
+ $response->add(new XoopsXmlRpcFault(102));
} else {
- $module_handler =& xoops_gethandler('module');
- $module =& $module_handler->getByDirname('news');
- if (!is_object($module)) {
- $response->add(new XoopsXmlRpcFault(110));
- } else {
- $methods = explode('.', $parser->getMethodName());
- switch ($methods[0]) {
- case 'blogger':
- include_once XOOPS_ROOT_PATH.'/class/xml/rpc/bloggerapi.php';
- $rpc_api = new BloggerApi($parser->getParam(), $response, $module);
- break;
- case 'metaWeblog':
- include_once XOOPS_ROOT_PATH.'/class/xml/rpc/metaweblogapi.php';
- $rpc_api = new MetaWeblogApi($parser->getParam(), $response, $module);
- break;
- case 'mt':
- include_once XOOPS_ROOT_PATH.'/class/xml/rpc/movabletypeapi.php';
- $rpc_api = new MovableTypeApi($parser->getParam(), $response, $module);
- break;
- case 'xoops':
- default:
- include_once XOOPS_ROOT_PATH.'/class/xml/rpc/xoopsapi.php';
- $rpc_api = new XoopsApi($parser->getParam(), $response, $module);
- break;
- }
- $method = $methods[1];
- if (!method_exists($rpc_api, $method)) {
- $response->add(new XoopsXmlRpcFault(107));
- } else {
- $rpc_api->$method();
- }
- }
+ $module_handler =& xoops_gethandler('module');
+ $module =& $module_handler->getByDirname('news');
+ if (!is_object($module)) {
+ $response->add(new XoopsXmlRpcFault(110));
+ } else {
+ $methods = explode('.', $parser->getMethodName());
+ switch ($methods[0]) {
+ case 'blogger':
+ include_once XOOPS_ROOT_PATH.'/class/xml/rpc/bloggerapi.php';
+ $rpc_api = new BloggerApi($parser->getParam(), $response, $module);
+ break;
+ case 'metaWeblog':
+ include_once XOOPS_ROOT_PATH.'/class/xml/rpc/metaweblogapi.php';
+ $rpc_api = new MetaWeblogApi($parser->getParam(), $response, $module);
+ break;
+ case 'mt':
+ include_once XOOPS_ROOT_PATH.'/class/xml/rpc/movabletypeapi.php';
+ $rpc_api = new MovableTypeApi($parser->getParam(), $response, $module);
+ break;
+ case 'xoops':
+ default:
+ include_once XOOPS_ROOT_PATH.'/class/xml/rpc/xoopsapi.php';
+ $rpc_api = new XoopsApi($parser->getParam(), $response, $module);
+ break;
+ }
+ $method = $methods[1];
+ if (!method_exists($rpc_api, $method)) {
+ $response->add(new XoopsXmlRpcFault(107));
+ } else {
+ $rpc_api->$method();
+ }
+ }
}
$payload =& $response->render();
//$fp = fopen(XOOPS_CACHE_PATH.'/xmllog.txt', 'w');