github/torrentpier
1
0
Fork 0
mirror of https://github.com/torrentpier/torrentpier synced 2025-08-21 05:43:55 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Remove eval from admin_attachments and emailer

Browse source
This commit is contained in:
Vasily Komrakov 2017-01-26 23:51:20 +03:00
commit f6e8afb85f
No known key found for this signature in database
GPG key ID: 558236680C20A69A
2 changed files with 8 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

19
admin/admin_attachments.php
View file

@ -248,13 +248,6 @@ if ($submit && $mode == 'manage') {
}
if ($mode == 'manage') {
$yes_no_switches = array('disable_mod', 'allow_pm_attach', 'display_order');
for ($i = 0; $i < sizeof($yes_no_switches); $i++) {
eval("\$" . $yes_no_switches[$i] . "_yes = ( \$new_attach['" . $yes_no_switches[$i] . "'] != '0' ) ? 'checked=\"checked\"' : '';");
eval("\$" . $yes_no_switches[$i] . "_no = ( \$new_attach['" . $yes_no_switches[$i] . "'] == '0' ) ? 'checked=\"checked\"' : '';");
}
$template->assign_vars(array(
'TPL_ATTACH_MANAGE' => true,
'S_ATTACH_ACTION' => 'admin_attachments.php?mode=manage',
@ -272,12 +265,12 @@ if ($mode == 'manage') {
'MAX_FILESIZE_PM' => $new_attach['max_filesize_pm'],
'MAX_ATTACHMENTS' => $new_attach['max_attachments'],
'MAX_ATTACHMENTS_PM' => $new_attach['max_attachments_pm'],
'DISABLE_MOD_YES' => $disable_mod_yes,
'DISABLE_MOD_NO' => $disable_mod_no,
'PM_ATTACH_YES' => $allow_pm_attach_yes,
'PM_ATTACH_NO' => $allow_pm_attach_no,
'DISPLAY_ORDER_ASC' => $display_order_yes,
'DISPLAY_ORDER_DESC' => $display_order_no,
'DISABLE_MOD_YES' => $new_attach['disable_mod'] !== '0' ? 'checked="checked"' : '',
'DISABLE_MOD_NO' => $new_attach['disable_mod'] === '0' ? 'checked="checked"' : '',
'PM_ATTACH_YES' => $new_attach['allow_pm_attach'] !== '0' ? 'checked="checked"' : '',
'PM_ATTACH_NO' => $new_attach['allow_pm_attach'] === '0' ? 'checked="checked"' : '',
'DISPLAY_ORDER_ASC' => $new_attach['display_order'] !== '0' ? 'checked="checked"' : '',
'DISPLAY_ORDER_DESC' => $new_attach['display_order'] === '0' ? 'checked="checked"' : '',
));
}

12
library/includes/classes/emailer.php
View file

@ -164,16 +164,8 @@ class emailer
// Set vars
reset($this->vars);
while (list($key, $val) = each($this->vars)) {
$$key = $val;
}
eval("\$this->msg = '$this->msg';");
// Clear vars
reset($this->vars);
while (list($key, $val) = each($this->vars)) {
unset($$key);
foreach ($this->vars as $key => $val) {
$this->msg = preg_replace(sprintf('/\$\{?%s\}?/', $key), $val, $this->msg);
}
// We now try and pull a subject from the email body ... if it exists,