relative+cleaned paths

diff --git a/admin/xmldb/actions/create_xml_file/create_xml_file.class.php b/admin/xmldb/actions/create_xml_file/create_xml_file.class.php
index 8ec80ffce2bc96e78f0dcfde7dce42a803b64927..6425119c30ea28a729e7f8b6e4bfee2ab3d51a2e 100644 (file)
--- a/admin/xmldb/actions/create_xml_file/create_xml_file.class.php
+++ b/admin/xmldb/actions/create_xml_file/create_xml_file.class.php
@@ -65,8 +65,8 @@ class create_xml_file extends XMLDBAction {
     /// Do the job, setting result as needed
 
     /// Get the dir containing the file
-        $dirpath = required_param('dir', PARAM_CLEAN);
-        $dirpath = stripslashes_safe($dirpath);
+        $dirpath = required_param('dir', PARAM_PATH);
+        $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
         $file = $dirpath . '/install.xml';
 
     /// Some variables

diff --git a/admin/xmldb/actions/delete_xml_file/delete_xml_file.class.php b/admin/xmldb/actions/delete_xml_file/delete_xml_file.class.php
index 27d42081c2a83b7f0b887b21da1e5eb150314b39..6ee54d8651f0265c80f26b5fb4f0370fcc36ec2e 100644 (file)
--- a/admin/xmldb/actions/delete_xml_file/delete_xml_file.class.php
+++ b/admin/xmldb/actions/delete_xml_file/delete_xml_file.class.php
@@ -64,7 +64,7 @@ class delete_xml_file extends XMLDBAction {
 
     /// Get the dir containing the file
         $dirpath = required_param('dir', PARAM_CLEAN);
-        $dirpath = stripslashes_safe($dirpath);
+        $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
 
         $confirmed = optional_param('confirmed', false, PARAM_BOOL);
 
@@ -72,10 +72,10 @@ class delete_xml_file extends XMLDBAction {
         if (!$confirmed) {
             $o = '<table align="center" width="60" class="generalbox" border="0" cellpadding="5" cellspacing="0" id="notice">';
             $o.= '  <tr><td class="generalboxcontent">';
-            $o.= '    <p align="center">' . $this->str['confirmdeletexmlfile'] . '<br /><br />' . $dirpath . '</p>';
+            $o.= '    <p align="center">' . $this->str['confirmdeletexmlfile'] . '<br /><br />' . $dirpath . '/install.php</p>';
             $o.= '    <table align="center" cellpadding="20"><tr><td>';
             $o.= '      <div class="singlebutton">';
-            $o.= '        <form action="index.php?action=delete_xml_file&amp;confirmed=yes&amp;dir=' . urlencode($dirpath) . '&amp;postaction=main_view#lastused" method="post">';
+            $o.= '        <form action="index.php?action=delete_xml_file&amp;confirmed=yes&amp;dir=' . urlencode(str_replace($CFG->dirroot, '', $dirpath)) . '&amp;postaction=main_view#lastused" method="post">';
             $o.= '          <input type="submit" value="'. $this->str['yes'] .'" /></form></div>';
             $o.= '      </td><td>';
             $o.= '      <div class="singlebutton">';

diff --git a/admin/xmldb/actions/load_xml_file/load_xml_file.class.php b/admin/xmldb/actions/load_xml_file/load_xml_file.class.php
index 6c782dc69f108093172f28ae5880ddd0839b714c..32c35464b9745457e4ff4c73d9726f8d38510b5c 100644 (file)
--- a/admin/xmldb/actions/load_xml_file/load_xml_file.class.php
+++ b/admin/xmldb/actions/load_xml_file/load_xml_file.class.php
@@ -65,8 +65,8 @@ class load_xml_file extends XMLDBAction {
     /// Do the job, setting $result as needed
 
     /// Get the dir containing the file
-        $dirpath = required_param('dir', PARAM_CLEAN);
-        $dirpath = stripslashes_safe($dirpath);
+        $dirpath = required_param('dir', PARAM_PATH);
+        $dirpath = $CFG->dirroot . stripslashes_safe($dirpath);
 
     /// Get the correct dir
         if (!empty($XMLDB->dbdirs)) {

diff --git a/admin/xmldb/actions/main_view/main_view.class.php b/admin/xmldb/actions/main_view/main_view.class.php
index 8811ab12e8606166282e8e22ae3db8cc12573f08..f46381e7cca132586db11ca2d44088aba80111bf 100644 (file)
--- a/admin/xmldb/actions/main_view/main_view.class.php
+++ b/admin/xmldb/actions/main_view/main_view.class.php
@@ -96,7 +96,7 @@ class main_view extends XMLDBAction {
             foreach ($XMLDB->dbdirs as $key => $dbdir) {
             /// Detect if this is the lastused dir
                 $hithis = false;
-                if ($key == $lastused) {
+                if (str_replace($CFG->dirroot, '', $key) == $lastused) {
                     $hithis = true;
                 }
                 $elementtext = str_replace($CFG->dirroot . '/', '', $key);
@@ -120,7 +120,7 @@ class main_view extends XMLDBAction {
                 if ($dbdir->path_exists &&
                     !file_exists($key . '/install.xml') &&
                     is_writeable($key)) {
-                    $b .= '<a href="index.php?action=create_xml_file&amp;dir=' . urlencode($key) . '&amp;time=' . time() . '&amp;postaction=main_view#lastused">[' . $this->str['create'] . ']</a>';
+                    $b .= '<a href="index.php?action=create_xml_file&amp;dir=' . urlencode(str_replace($CFG->dirroot, '', $key)) . '&amp;time=' . time() . '&amp;postaction=main_view#lastused">[' . $this->str['create'] . ']</a>';
                 } else {
                     $b .= '[' . $this->str['create'] . ']';
                 }
@@ -130,7 +130,7 @@ class main_view extends XMLDBAction {
                     file_exists($key . '/install.xml') &&
                     is_readable($key . '/install.xml') &&
                     empty($dbdir->xml_loaded)) {
-                    $b .= '<a href="index.php?action=load_xml_file&amp;dir=' . urlencode($key) . '&amp;time=' . time() . '&amp;postaction=main_view#lastused">[' . $this->str['load'] . ']</a>';
+                    $b .= '<a href="index.php?action=load_xml_file&amp;dir=' . urlencode(str_replace($CFG->dirroot, '', $key)) . '&amp;time=' . time() . '&amp;postaction=main_view#lastused">[' . $this->str['load'] . ']</a>';
                 } else {
                     $b .= '[' . $this->str['load'] . ']';
                 }
@@ -141,7 +141,7 @@ class main_view extends XMLDBAction {
                     is_readable($key . '/install.xml') &&
                     is_readable($key) &&
                     !empty($dbdir->xml_loaded)) {
-                    $b .= '<a href="index.php?action=edit_xml_file&amp;dir=' . urlencode($key) . '">[' . $this->str['edit'] . ']</a>';
+                    $b .= '<a href="index.php?action=edit_xml_file&amp;dir=' . urlencode(str_replace($CFG->dirroot, '', $key)) . '">[' . $this->str['edit'] . ']</a>';
                 } else {
                     $b .= '[' . $this->str['edit'] . ']';
                 }
@@ -153,7 +153,7 @@ class main_view extends XMLDBAction {
                     is_writeable($key) &&
                     !empty($dbdir->xml_loaded) &&
                     !empty($dbdir->xml_changed)) {
-                    $b .= '<a href="index.php?action=save_xml_file&amp;dir=' . urlencode($key) . '&amp;time=' . time() . '&amp;postaction=main_view#lastused">[' . $this->str['save'] . ']</a>';
+                    $b .= '<a href="index.php?action=save_xml_file&amp;dir=' . urlencode(str_replace($CFG->dirroot, '', $key)) . '&amp;time=' . time() . '&amp;postaction=main_view#lastused">[' . $this->str['save'] . ']</a>';
                 } else {
                     $b .= '[' . $this->str['save'] . ']';
                 }
@@ -165,7 +165,7 @@ class main_view extends XMLDBAction {
                     is_writeable($key) &&
                     !empty($dbdir->xml_loaded) &&
                     !empty($dbdir->xml_changed)) {
-                    $b .= '<a href="index.php?action=revert_changes&amp;dir=' . urlencode($key) . '">[' . $this->str['revert'] . ']</a>';
+                    $b .= '<a href="index.php?action=revert_changes&amp;dir=' . urlencode(str_replace($CFG->dirroot, '', $key)) . '">[' . $this->str['revert'] . ']</a>';
                 } else {
                     $b .= '[' . $this->str['revert'] . ']';
                 }
@@ -176,7 +176,7 @@ class main_view extends XMLDBAction {
                     is_readable($key . '/install.xml') &&
                     !empty($dbdir->xml_loaded) &&
                     empty($dbdir->xml_changed)) {
-                    $b .= '<a href="index.php?action=unload_xml_file&amp;dir=' . urlencode($key) . '&amp;time=' . time() . '&amp;postaction=main_view#lastused">[' . $this->str['unload'] . ']</a>';
+                    $b .= '<a href="index.php?action=unload_xml_file&amp;dir=' . urlencode(str_replace($CFG->dirroot, '', $key)) . '&amp;time=' . time() . '&amp;postaction=main_view#lastused">[' . $this->str['unload'] . ']</a>';
                 } else {
                     $b .= '[' . $this->str['unload'] . ']';
                 }
@@ -187,7 +187,7 @@ class main_view extends XMLDBAction {
                     is_readable($key . '/install.xml') &&
                     is_writeable($key) &&
                     empty($dbdir->xml_loaded)) {
-                    $b .= '<a href="index.php?action=delete_xml_file&amp;dir=' . urlencode($key) . '">[' . $this->str['delete'] . ']</a>';
+                    $b .= '<a href="index.php?action=delete_xml_file&amp;dir=' . urlencode(str_replace($CFG->dirroot, '', $key)) . '">[' . $this->str['delete'] . ']</a>';
                 } else {
                     $b .= '[' . $this->str['delete'] . ']';
                 }
@@ -196,7 +196,7 @@ class main_view extends XMLDBAction {
                 if ($dbdir->path_exists &&
                     file_exists($key . '/install.xml') &&
                     is_readable($key . '/install.xml')) {
-                    $elementtext = '<a href="index.php?action=view_xml&amp;file=' . urlencode($key . '/install.xml') . '" target="_blank">' . $elementtext . '</a></td>';
+                    $elementtext = '<a href="index.php?action=view_xml&amp;file=' . urlencode(str_replace($CFG->dirroot, '', $key) . '/install.xml') . '" target="_blank">' . $elementtext . '</a></td>';
                 } else {
                     $elementtext = $elementtext . '</td>';
                 }