Re: XoopsTube et problème de sécurité | Titre du sujet : Re: XoopsTube et problème de sécurité par Nikita sur 03/01/2013 13:37:25
Dis-moi si les vidéos non autorisées sont affichées dans la liste là ?
C'est à améliorer, voire il faudra modifier complètement le code du listing vidéo (notamment pour le nombre de vidéos listées "Il y a x Categorie et x Vidéos listées" et pour les pages de navigation)
dans modules/xoopstube/index.php Remplacer
if ($lastvideos['lastvideosyn'] == 1 && $lastvideos['lastvideostotal'] > 0) {
$result = $xoopsDB->query(
'SELECT COUNT(*) FROM ' . $xoopsDB->prefix('xoopstube_videos') . ' WHERE published > 0
AND published <= ' . $time . '
AND (expired = 0 OR expired > ' . $time . ')
AND offline = 0
ORDER BY published DESC', 0, 0
);
list($count) = $xoopsDB->fetchRow($result);
$count = (($count > $lastvideos['lastvideostotal'])
&& ($lastvideos['lastvideostotal'] != 0)) ? $lastvideos['lastvideostotal'] : $count;
$limit = (($start + $xoopsModuleConfig['perpage']) > $count) ? ($count - $start) : $xoopsModuleConfig['perpage'];
$result = $xoopsDB->query(
'SELECT * FROM ' . $xoopsDB->prefix('xoopstube_videos') . ' WHERE published > 0
AND published <= ' . time() . '
AND (expired = 0 OR expired > ' . time() . ')
AND offline = 0
ORDER BY published DESC', $limit, $start
);
while ($video_arr = $xoopsDB->fetchArray($result)) {
$res_type = 0;
$moderate = 0;
$cid = $video_arr['cid'];
require XOOPS_ROOT_PATH . '/modules/' . $xoopsModule->getVar('dirname') . '/include/videoloadinfo.php';
$xoopsTpl->append('video', $video);
}
Par
$module_id = $xoopsModule->getVar('mid');
if (is_object($xoopsUser)) {
$groups = $xoopsUser->getGroups();
} else {
$groups = XOOPS_GROUP_ANONYMOUS;
}
$gperm_handler =& xoops_gethandler('groupperm');
if ($lastvideos['lastvideosyn'] == 1 && $lastvideos['lastvideostotal'] > 0) {
$result = $xoopsDB->query(
'SELECT COUNT(*) FROM ' . $xoopsDB->prefix('xoopstube_videos') . ' WHERE published > 0
AND published <= ' . $time . '
AND (expired = 0 OR expired > ' . $time . ')
AND offline = 0
ORDER BY published DESC', 0, 0
);
list($count) = $xoopsDB->fetchRow($result);
$count = (($count > $lastvideos['lastvideostotal'])
&& ($lastvideos['lastvideostotal'] != 0)) ? $lastvideos['lastvideostotal'] : $count;
$limit = (($start + $xoopsModuleConfig['perpage']) > $count) ? ($count - $start) : $xoopsModuleConfig['perpage'];
$result = $xoopsDB->query(
'SELECT * FROM ' . $xoopsDB->prefix('xoopstube_videos') . ' WHERE published > 0
AND published <= ' . time() . '
AND (expired = 0 OR expired > ' . time() . ')
AND offline = 0
ORDER BY published DESC', $limit, $start
);
while ($video_arr = $xoopsDB->fetchArray($result)) {
if ($gperm_handler->checkRight("XTubeCatPerm", $video_arr['cid'], $groups, $module_id)) {
$res_type = 0;
$moderate = 0;
$cid = $video_arr['cid'];
require XOOPS_ROOT_PATH . '/modules/' . $xoopsModule->getVar('dirname') . '/include/videoloadinfo.php';
$xoopsTpl->append('video', $video);
}
}
|
|