Merge pull request #490 from AngelFQC/BT9325

Fix save and get extra content in admin panels - refs BT#9325
10 years ago · 387b1d07ab
parent 2a6d7ae991 9d5d08157b
commit 387b1d07ab
2 changed files with 14 additions and 9 deletions
--- a/main/css/base.css
+++ b/main/css/base.css
@ -5315,6 +5315,7 @@ i.size-32.icon-new-work{

 #settings .span6:nth-child(2n+1) {
    clear:left
+}

 /***** Survey *****/
 #list-survey p{
--- a/main/inc/ajax/admin.ajax.php
+++ b/main/inc/ajax/admin.ajax.php
@ -61,18 +61,16 @@ switch ($action) {
        }

        if (!is_dir($newUrlDir)) {
-            @mkdir($newUrlDir, api_get_permissions_for_new_directories(), true);
+            mkdir($newUrlDir, api_get_permissions_for_new_directories(), true);
        }

-        $fullFilePath = "{$newUrlDir}{$blockName}_extra.html";
-
-        if (file_exists($fullFilePath)) {
-            @unlink($fullFilePath);
+        if (!is_writable($newUrlDir)) {
+            die;
        }

-        @touch($fullFilePath);
+        $fullFilePath = "{$newUrlDir}{$blockName}_extra.html";

-        @file_put_contents($fullFilePath, $content);
+        file_put_contents($fullFilePath, $content);

        break;

@ -99,9 +97,15 @@ switch ($action) {
            $newUrlDir = api_get_path(SYS_PATH) . "home/admin/";
        }

-        if (Security::check_abs_path("{$newUrlDir}{$blockName}_extra.html", $newUrlDir)) {
-            echo @file_get_contents("{$newUrlDir}{$blockName}_extra.html");
+        if (!Security::check_abs_path("{$newUrlDir}{$blockName}_extra.html", $newUrlDir)) {
+            die;
        }
+
+        if (!file_exists("{$newUrlDir}{$blockName}_extra.html")) {
+            die;
+        }
+
+        echo file_get_contents("{$newUrlDir}{$blockName}_extra.html");
        break;
 }