EuskadiTech/Axia4
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
98f430188c81fd011118cfcc8ab0c191956bff98
Axia4/public_html/club/cal.php
naielv 98f430188c Enhance security and input sanitization across multiple files 
- Added a new tools.security.php file containing functions for sanitizing filenames, paths, and user inputs to prevent directory traversal and XSS attacks.
- Updated various files to utilize the new sanitization functions (Sf, Si) for user inputs and file operations, ensuring safer handling of data.
- Improved HTML output safety by applying htmlspecialchars to user-generated content in pre-body.php, cal.php, and other relevant files.
- Refactored user authentication and data retrieval processes in tools.auth.php and _login.php to enhance security and maintainability.
- Ensured consistent use of sanitization functions in API endpoints and admin functionalities to mitigate potential security vulnerabilities.
2026-02-18 23:22:58 +01:00

71 lines
3.7 KiB
PHP
Executable File
Raw Blame History

<?php
require_once "../_incl/tools.session.php";
require_once "../_incl/tools.security.php";
ini_set("display_errors", 0);
$file = Sf($_GET["f"]);
$date = implode("/", array_reverse(explode("-", $file)));
$val = json_decode(file_get_contents("/DATA/club/IMG/$file/data.json"), true);
$fotos = glob("/DATA/club/IMG/$file/*/");
$APP_CODE = "club";
$APP_NAME = "La web del Club<sup>3</sup>";
$APP_TITLE = "La web del Club";
$PAGE_TITLE = $val["title"] ? "$date - " . $val["title"] . " - Club" : "$date - Club";
require_once "../_incl/pre-body.php"; ?>
<div class="card pad">
<h1><?php echo $date; ?> - <?php echo $val["title"] ?: "Por definir"; ?></h1>
<span>
<a href="/club/" class="btn btn-secondary">Volver a Inicio</a>
<a href="/club/edit_data.php?f=<?php echo htmlspecialchars($file); ?>" class="btn btn-secondary">Cambiar datos</a>
<a href="/club/upload/index.php?f=<?php echo htmlspecialchars($file); ?>" class="btn btn-primary">Subir fotos</a>
<?php if (isset($val["mapa"]["url"]) and $val["mapa"]["url"] != ""): ?>
<a class="btn btn-secondary" href="<?php echo htmlspecialchars($val["mapa"]["url"]); ?>" target="_blank">Abrir ruta interactiva</a>
<?php endif; ?>
</span>
<?php if (isset($val["mapa"]) and $val["mapa"] != ""): ?>
<h2>Ruta y estadísticas</h2>
<?php if (isset($val["mapa"]["route"]) and $val["mapa"]["route"] != ""): ?>
<img height="300" loading="lazy" src="foto_dl.php?f=<?php echo $file . "/" . $val["mapa"]["route"]; ?>" alt="">
<?php endif; ?>
<?php if (isset($val["mapa"]["stats"]) and $val["mapa"]["stats"] != ""): ?>
<img height="300" loading="lazy" src="foto_dl.php?f=<?php echo $file . "/" . $val["mapa"]["stats"]; ?>" alt="">
<?php endif; ?>
<?php endif; ?>
<h2>Fotos</h2>
<div id="grid">
<?php foreach ($fotos as $persona): ?>
<?php $pname = str_replace("/", "", str_replace("/DATA/club/IMG/$file/", "", $persona)); ?>
<?php foreach (preg_grep('/^([^.])/', scandir($persona)) as $foto): ?>
<?php if (is_dir($foto)) {
continue;
} ?>
<?php if (strtolower(pathinfo($foto, PATHINFO_EXTENSION)) == "thumbnail") {
continue;
} ?>
<div style="width: 240px; display: inline-block; margin-bottom: 10px; border: 3px solid black; border-radius: 6.5px; box-sizing: content-box;"
class="grid-item">
<?php $dl_url = "foto_dl.php?f=" . urlencode("$file/$pname/" . str_replace($persona, "", $foto)); ?>
<img class="stack" width="240px" loading="lazy" src="<?php echo $dl_url; ?>&thumbnail=1"
alt="Foto de <?php echo htmlspecialchars($pname . " - " . str_replace($persona, "", $foto)); ?>">
<div style="padding: 5px; text-align: center;">
Subido por <?php echo htmlspecialchars($pname); ?><br>
<a href="<?php echo $dl_url; ?>" target="_blank" class="btn btn-secondary">Abrir</a>
<a href="<?php echo $dl_url; ?>"
download="<?php echo "CLUB-" . htmlspecialchars($file) . "-" . htmlspecialchars($pname) . "-" . htmlspecialchars(str_replace($persona, "", $foto)); ?>"
class="btn btn-secondary">Descargar</a>
</div>
</div>
<?php endforeach; ?>
<?php endforeach; ?>
</div>
</div>
<script>
var msnry = new Masonry('#grid', { "columnWidth": 240, "itemSelector": ".grid-item", "gutter": 10, "transitionDuration": 0 });
setInterval(() => {
msnry.layout()
}, 1000);
</script>
<?php require_once "../_incl/post-body.php"; ?>
Reference in New Issue View Git Blame Copy Permalink