From b06bcef9f243fc28e35899b16e471f7a6e2438c0 Mon Sep 17 00:00:00 2001 From: edmarmoretti Date: Thu, 11 Aug 2016 14:36:48 -0300 Subject: [PATCH] Atualização do sistema de adm --- admin/abrefontemapfile.php | 73 ------------------------------------------------------------------------- admin/admin.db | Bin 340992 -> 0 bytes admin/php/admin.php | 6 ++++-- admin/php/arvore.php | 13 ++++++++++--- admin/php/atlas.php | 76 ++++++++++++++++++++++++++++++++++++++++++---------------------------------- admin/php/login.php | 20 +++++++++++--------- admin/php/xml.php | 28 +++++++++++++++++++++++----- admin/rsscomentariostemas.php | 10 ++++++---- admin/rssgrupos.php | 2 +- admin/rssmapas.php | 2 +- admin/rsssubgrupos.php | 5 +++-- admin/rsstemas.php | 5 +++-- admin/rsstemasdownload.php | 3 ++- admin/rsstemaskml.php | 3 ++- admin/rsstemasogc.php | 3 ++- admin/rsstemasraiz.php | 5 +++-- admin/safe.php | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ admin/xmlatlas.php | 4 ++-- admin/xmlgeorss.php | 2 +- admin/xmlidentifica.php | 4 ++-- admin/xmlkmlrss.php | 2 +- admin/xmllinksdownload.php | 2 +- admin/xmlmapas.php | 4 ++-- admin/xmlmenutemas.php | 2 +- admin/xmlmetaestatogc.php | 2 +- admin/xmlservicoswms.php | 2 +- admin/xmlservicosws.php | 2 +- admin/xmlsistemas.php | 4 ++-- 28 files changed, 197 insertions(+), 156 deletions(-) delete mode 100755 admin/abrefontemapfile.php create mode 100755 admin/safe.php diff --git a/admin/abrefontemapfile.php b/admin/abrefontemapfile.php deleted file mode 100755 index 9259b6a..0000000 --- a/admin/abrefontemapfile.php +++ /dev/null @@ -1,73 +0,0 @@ - - - - - - Parametro: - - tema {string} - codigo do tema (nome do mapfile existente em i3geo/temas) - - Licenca: - - GPL2 - - i3Geo Interface Integrada de Ferramentas de Geoprocessamento para Internet - - Direitos Autorais Reservados (c) 2006 Ministério do Meio Ambiente Brasil - Desenvolvedor: Edmar Moretti edmar.moretti@gmail.com - - Este programa é software livre; você pode redistribuí-lo - e/ou modificá-lo sob os termos da Licença Pública Geral - GNU conforme publicada pela Free Software Foundation; - - Este programa é distribuído na expectativa de que seja útil, - porém, SEM NENHUMA GARANTIA; nem mesmo a garantia implícita - de COMERCIABILIDADE OU ADEQUAÇÃO A UMA FINALIDADE ESPECÍFICA. - Consulte a Licença Pública Geral do GNU para mais detalhes. - Você deve ter recebido uma cópia da Licença Pública Geral do - GNU junto com este programa; se não, escreva para a - Free Software Foundation, Inc., no endereço - 59 Temple Street, Suite 330, Boston, MA 02111-1307 USA. - - Arquivo: - - i3geo/admin/abrefontemapfile.php - */ - error_reporting(0); - if(!isset($locaplic)) - { - $locaplic = ""; - include(dirname(__FILE__)."/../ms_configura.php"); - } - include_once($locaplic."/classesphp/pega_variaveis.php"); - include_once($locaplic."/admin/php/admin.php"); - if(!isset($tema)) - { - echo "Nenhum tema definido.";exit; - } - $editor = verificaEditores($editores); - $dbh = ""; - include($locaplic."/admin/php/conexao.php"); - $r = pegaDados("select * from ".$esquemaadmin."i3geoadmin_temas where codigo_tema = '$tema'"); - error_reporting(0); - $link = $r[0]["link_tema"]; - if($link == "") - { - echo "O link para a fonte não está cadastrado. Entre em contato com o administrador do sistema."; - } - else - {echo "";} -?> \ No newline at end of file diff --git a/admin/admin.db b/admin/admin.db index 07cbb15..7df03db 100755 Binary files a/admin/admin.db and b/admin/admin.db differ diff --git a/admin/php/admin.php b/admin/php/admin.php index ac8bf36..c70a6e2 100755 --- a/admin/php/admin.php +++ b/admin/php/admin.php @@ -41,7 +41,8 @@ if(!file_exists($dir_tmp)){ @mkdir ($dir_tmp,0744); chmod($dir_tmp,0744); } -include_once($locaplic."/classesphp/pega_variaveis.php"); +//TODO retirar daqui +//include_once($locaplic."/classesphp/pega_variaveis.php"); error_reporting(0); // @@ -66,7 +67,8 @@ if(!empty($esquemaadmin)){ function testaNumerico($valores){ foreach ($valores as $valor) { if(!empty($valor) && !is_numeric($valor)) { - echo "valor nao numerico"; + ob_clean(); + header ( "HTTP/1.1 403 valor nao numerico" ); exit; } } diff --git a/admin/php/arvore.php b/admin/php/arvore.php index 08e2bee..9cb446c 100755 --- a/admin/php/arvore.php +++ b/admin/php/arvore.php @@ -42,6 +42,9 @@ Cada operação possuí seus próprios parâmetros, que de */ include_once(dirname(__FILE__)."/login.php"); +$id = $_GET["id"]; +testaNumerico([$id]); + $funcoesEdicao = array( "ADICIONARTEMARAIZ", "ADICIONARTEMARAIZGRUPO", @@ -69,6 +72,7 @@ if($idioma == "") { $idioma = "pt"; } + error_reporting(0); //faz a busca da função que deve ser executada switch (strtoupper($funcao)) @@ -539,7 +543,8 @@ switch (strtoupper($funcao)) Altera o registro de um nível 3 (temas) */ function alteraN3(){ - global $publicado,$n3_perfil,$id,$id_n2,$id_tema,$ordem,$esquemaadmin; + global $publicado,$id,$id_n2,$id_tema,$ordem,$esquemaadmin; + $n3_perfil = $_GET["n3_perfil"]; try { require_once("conexao.php"); if($id != ""){ @@ -576,7 +581,8 @@ function alteraN3(){ Altera o registro de um nível 2 */ function alteraN2(){ - global $publicado,$n2_perfil,$id,$id_subgrupo,$id_n1,$esquemaadmin; + global $publicado,$id,$id_subgrupo,$id_n1,$esquemaadmin; + $n2_perfil = $_GET["n2_perfil"]; try { require("conexao.php"); if($id != ""){ @@ -612,7 +618,8 @@ function alteraN2(){ Altera o registro de um nível 1 (grupos) */ function alteraN1(){ - global $publicado,$n1_perfil,$id_grupo,$id,$id_menu,$esquemaadmin; + global $publicado,$id_grupo,$id,$id_menu,$esquemaadmin; + $n1_perfil = $_GET["n1_perfil"]; try{ require("conexao.php"); if($id != ""){ diff --git a/admin/php/atlas.php b/admin/php/atlas.php index d7bc1e1..3ea218b 100755 --- a/admin/php/atlas.php +++ b/admin/php/atlas.php @@ -40,6 +40,13 @@ Cada operação possuí seus proprios parâmetros, que de */ include_once(dirname(__FILE__)."/login.php"); + +$id = $_GET["id"]; +$id_atlas = $_GET["id_atlas"]; +$id_prancha = $_GET["id_prancha"]; + +testaSafeNumerico([$id,$id_atlas,$id_prancha]); + $funcoesEdicao = array( "ALTERARATLAS", "ALTERARPRANCHA", @@ -437,27 +444,27 @@ function dadosAtlas() } function alterarAtlas() { - global $esquemaadmin,$publicado_atlas,$id_atlas,$basemapfile_atlas,$desc_atlas,$h_atlas,$w_atlas,$icone_atlas,$link_atlas,$pranchadefault_atlas,$template_atlas,$tipoguias_atlas,$titulo_atlas,$ordem_atlas; + global $esquemaadmin,$id_atlas; try{ include("conexao.php"); if($id_atlas != ""){ if($convUTF){ - $desc_atlas = utf8_encode($desc_atlas); - $titulo_atlas = utf8_encode($titulo_atlas); + $_GET["desc_atlas"] = utf8_encode($_GET["desc_atlas"]); + $_GET["titulo_atlas"] = utf8_encode($_GET["titulo_atlas"]); } $dataCol = array( - "publicado_atlas"=>$publicado_atlas, - "ordem_atlas"=>$ordem_atlas == "" ? 0 : $ordem_atlas, - "basemapfile_atlas"=>$basemapfile_atlas, - "desc_atlas"=>$desc_atlas, - "h_atlas"=>$h_atlas == "" ? 0 : $h_atlas, - "w_atlas"=>$w_atlas == "" ? 0 : $w_atlas, - "icone_atlas"=>$icone_atlas, - "link_atlas"=>$link_atlas, - "pranchadefault_atlas"=>$pranchadefault_atlas, - "template_atlas"=>$template_atlas, - "tipoguias_atlas"=>$tipoguias_atlas, - "titulo_atlas"=>$titulo_atlas + "publicado_atlas"=>$_GET["publicado_atlas"], + "ordem_atlas"=>$_GET["ordem_atlas"] == "" ? 0 : $_GET["ordem_atlas"], + "basemapfile_atlas"=>$_GET["basemapfile_atlas"], + "desc_atlas"=>$_GET["desc_atlas"], + "h_atlas"=>$_GET["h_atlas"] == "" ? 0 : $_GET["h_atlas"], + "w_atlas"=>$_GET["w_atlas"] == "" ? 0 : $_GET["w_atlas"], + "icone_atlas"=>$_GET["icone_atlas"], + "link_atlas"=>$_GET["link_atlas"], + "pranchadefault_atlas"=>$_GET["pranchadefault_atlas"], + "template_atlas"=>$_GET["template_atlas"], + "tipoguias_atlas"=>$_GET["tipoguias_atlas"], + "titulo_atlas"=>$_GET["titulo_atlas"] ); i3GeoAdminUpdate($dbhw,"i3geoadmin_atlas",$dataCol,"WHERE id_atlas = $id_atlas"); $retorna = $id_atlas; @@ -492,23 +499,24 @@ function alterarAtlas() } function alterarPrancha() { - global $esquemaadmin,$mapext_prancha,$id_atlas,$id_prancha,$desc_prancha,$h_prancha,$w_prancha,$icone_prancha,$link_prancha,$titulo_prancha,$ordem_prancha; + global $esquemaadmin,$id_atlas,$id_prancha; + try{ include("conexao.php"); if($id_prancha != ""){ if($convUTF){ - $desc_prancha = utf8_encode($desc_prancha); - $titulo_prancha = utf8_encode($titulo_prancha); + $_GET["desc_prancha"] = utf8_encode($_GET["desc_prancha"]); + $_GET["titulo_prancha"] = utf8_encode($_GET["titulo_prancha"]); } $dataCol = array( - "ordem_prancha"=>$ordem_prancha, - "mapext_prancha"=>$mapext_prancha, - "desc_prancha"=>$desc_prancha, - "h_prancha"=>$h_prancha == "" ? 0 : $h_prancha, - "w_prancha"=>$w_prancha == "" ? 0 : $w_prancha, - "icone_prancha"=>$icone_prancha, - "link_prancha"=>$link_prancha, - "titulo_prancha"=>$titulo_prancha + "ordem_prancha"=>$_GET["ordem_prancha"], + "mapext_prancha"=>$_GET["mapext_prancha"], + "desc_prancha"=>$_GET["desc_prancha"], + "h_prancha"=>$_GET["h_prancha"] == "" ? 0 : $_GET["h_prancha"], + "w_prancha"=>$_GET["w_prancha"] == "" ? 0 : $_GET["w_prancha"], + "icone_prancha"=>$_GET["icone_prancha"], + "link_prancha"=>$_GET["link_prancha"], + "titulo_prancha"=>$_GET["titulo_prancha"] ); i3GeoAdminUpdate($dbhw,"i3geoadmin_atlasp",$dataCol,"WHERE id_prancha = $id_prancha"); $retorna = $id_prancha; @@ -522,8 +530,8 @@ function alterarPrancha() "ordem_prancha"=>$o, "mapext_prancha"=>'', "desc_prancha"=>'', - "h_prancha"=>$h_prancha == "" ? 0 : $h_prancha, - "w_prancha"=>$w_prancha == "" ? 0 : $w_prancha, + "h_prancha"=>$_GET["h_prancha"] == "" ? 0 : $_GET["h_prancha"], + "w_prancha"=>$_GET["w_prancha"] == "" ? 0 : $_GET["w_prancha"], "icone_prancha"=>'', "link_prancha"=>'', "titulo_prancha"=>'', @@ -540,14 +548,14 @@ function alterarPrancha() } } function alterarTema(){ - global $esquemaadmin,$id_tema,$id_prancha,$codigo_tema,$ligado_tema,$ordem_tema; + global $esquemaadmin,$id_tema,$id_prancha; try{ include("conexao.php"); if($id_tema != ""){ $dataCol = array( - "ordem_tema"=>$ordem_tema, - "codigo_tema"=>$codigo_tema, - "ligado_tema"=>$ligado_tema + "ordem_tema"=>$_GET["ordem_tema"], + "codigo_tema"=>$_GET["codigo_tema"], + "ligado_tema"=>$_GET["ligado_tema"] ); i3GeoAdminUpdate($dbhw,"i3geoadmin_atlast",$dataCol,"WHERE id_tema = $id_tema"); $retorna = $id_tema; @@ -558,8 +566,8 @@ function alterarTema(){ $o = $o[0]['o'] + 1; $dataCol = array( "ordem_tema"=>$o, - "codigo_tema"=>$codigo_tema, - "ligado_tema"=>$ligado_tema, + "codigo_tema"=>$_GET["codigo_tema"], + "ligado_tema"=>$_GET["ligado_tema"], "id_prancha"=>$id_prancha ); $retorna = i3GeoAdminInsertUnico($dbhw,"i3geoadmin_atlast",$dataCol,"codigo_tema","id_tema"); diff --git a/admin/php/login.php b/admin/php/login.php index fbde3db..d39d18e 100755 --- a/admin/php/login.php +++ b/admin/php/login.php @@ -62,13 +62,13 @@ error_reporting(0); // //pega as variaveis passadas com get ou post // -include_once(dirname(__FILE__)."/../../classesphp/pega_variaveis.php"); +include_once(dirname(__FILE__)."/../safe.php"); include_once(dirname(__FILE__)."/admin.php"); error_reporting(0); session_write_close(); session_name("i3GeoLogin"); //se o usuario estiver tentando fazer login -if(!empty($usuario) && !empty($senha)){ +if(!empty($_POST["usuario"]) && !empty($_POST["senha"])){ logoutUsuario(); session_regenerate_id(); $_SESSION = array(); @@ -97,6 +97,9 @@ switch (strtoupper($funcao)) */ case "LOGIN": + $usuario = $_POST["usuario"]; + $senha = $_POST["senha"]; + $teste = autenticaUsuario($usuario,$senha); if($teste != false){ $_SESSION["usuario"] = $usuario; @@ -137,12 +140,11 @@ switch (strtoupper($funcao)) */ case "VALIDAOPERACAOSESSAO": $retorno = "nao"; - if($operacao == ""){ + if($_GET["operacao"] == ""){ $retorno = "sim"; } else{ - //echo "oi";exit; - if(verificaOperacaoSessao($operacao) == true){ + if(verificaOperacaoSessao($_GET["operacao"]) == true){ $retorno = "sim"; } else{ @@ -163,8 +165,8 @@ switch (strtoupper($funcao)) */ case "RECUPERARSENHA": $retorno = false; - if(!empty($usuario)){ - $retorno = recuperarSenha($usuario); + if(!empty($_POST["usuario"])){ + $retorno = recuperarSenha($_POST["usuario"]); } cpjson($retorno); break; @@ -181,8 +183,8 @@ switch (strtoupper($funcao)) */ case "ALTERARSENHA": $retorno = false; - if(!empty($usuario)){ - $retorno = alterarSenha($usuario,$novaSenha); + if(!empty($_POST["usuario"])){ + $retorno = alterarSenha($_POST["usuario"],$_POST["novaSenha"]); } cpjson($retorno); break; diff --git a/admin/php/xml.php b/admin/php/xml.php index 5696bd6..2d0bcf8 100755 --- a/admin/php/xml.php +++ b/admin/php/xml.php @@ -119,12 +119,13 @@ Retorno: RSS */ -function geraRSScomentariosTemas($locaplic,$id_tema="") -{ +function geraRSScomentariosTemas($locaplic,$id_tema=""){ global $esquemaadmin; + xml_testaNum([$id_tema]); $sql = "select '' as tipo_ws, b.nome_tema||' '||a.data as nome_ws,a.openidnome||' '||a.openidurl||' <br>'||a.comentario as desc_ws, a.openidnome as autor_ws, b.link_tema as link_ws from ".$esquemaadmin."i3geoadmin_comentarios as a,".$esquemaadmin."i3geoadmin_temas as b where a.id_tema = b.id_tema "; - if($id_tema != "") - {$sql .= " and a.id_tema = $id_tema ";} + if($id_tema != ""){ + $sql .= " and a.id_tema = $id_tema "; + } return geraXmlRSS($locaplic,$sql,"Lista de comentarios"); } /* @@ -145,6 +146,7 @@ RSS function geraRSStemas($locaplic,$id_n2,$output="xml") { global $esquemaadmin; + xml_testaNum([$id_n2]); $sql = " select '' as tipo_ws, i3geoadmin_temas.codigo_tema as id_ws,i3geoadmin_temas.nome_tema as nome_ws,'' as desc_ws,'php/parsemapfile.php?id='||i3geoadmin_temas.codigo_tema as link_ws,i3geoadmin_temas.link_tema as autor_ws from ".$esquemaadmin."i3geoadmin_n3 as n3 @@ -173,6 +175,7 @@ RSS function geraRSStemasRaiz($locaplic,$id,$nivel) { global $esquemaadmin; + xml_testaNum([$id,$nivel]); $sql = " select '' as tipo_ws, i3geoadmin_temas.codigo_tema as id_ws,i3geoadmin_temas.nome_tema as nome_ws,'' as desc_ws,'php/parsemapfile.php?id='||i3geoadmin_temas.codigo_tema as link_ws,i3geoadmin_temas.link_tema as autor_ws from ".$esquemaadmin."i3geoadmin_raiz as r @@ -199,6 +202,7 @@ RSS function geraRSSsubgrupos($locaplic,$id_n1,$output="json") { global $esquemaadmin; + xml_testaNum([$id_n1]); $sql = "select '' as tipo_ws, n2.id_n2 as id_ws,g.nome_subgrupo as nome_ws,'' as desc_ws,'rsstemas.php?id='||n2.id_n2 as link_ws,'' as autor_ws from ".$esquemaadmin."i3geoadmin_n2 as n2,".$esquemaadmin."i3geoadmin_subgrupos as g "; $sql .= " where g.id_subgrupo = n2.id_subgrupo and n2.id_n1 = '$id_n1' and n2.n2_perfil = '' and n2.publicado != 'NAO' order by nome_ws"; return geraXmlRSS($locaplic,$sql,"Lista de sub-grupos",$output); @@ -737,6 +741,7 @@ function geraRSSmapas($locaplic,$output) function geraXmlMenutemas($perfil,$id_menu,$tipo,$locaplic) { global $esquemaadmin; + xml_testaNum([$id_menu]); $dbh = ""; include($locaplic."/admin/php/conexao.php"); if (!isset($perfil)){$perfil = "";} @@ -794,6 +799,7 @@ function geraXmlMenutemas($perfil,$id_menu,$tipo,$locaplic) function geraXmlMenutemas_pegasubgrupos($id_n1,$xml,$dbh,$tipo,$perfil) { global $esquemaadmin; + xml_testaNum([$id_n1]); $q = "select subgrupos.id_subgrupo,nome_subgrupo,id_n2,n2.n2_perfil as perfil from ".$esquemaadmin."i3geoadmin_n2 as n2,".$esquemaadmin."i3geoadmin_subgrupos as subgrupos where n2.id_n1 = $id_n1 and n2.id_subgrupo = subgrupos.id_subgrupo "; //echo $q;exit; $qsgrupos = $dbh->query($q); @@ -821,6 +827,7 @@ function geraXmlMenutemas_pegasubgrupos($id_n1,$xml,$dbh,$tipo,$perfil) function geraXmlMenutemas_pegatemas($id_n2,$xml,$dbh,$perfil) { global $esquemaadmin; + xml_testaNum([$id_n2]); $q = "select nome_tema,codigo_tema,desc_tema,link_tema,tipoa_tema,tags_tema,kml_tema,ogc_tema,download_tema,n3.n3_perfil as perfil from ".$esquemaadmin."i3geoadmin_n3 as n3,".$esquemaadmin."i3geoadmin_temas as temas where n3.id_n2 = $id_n2 and n3.id_tema = temas.id_tema "; $qtemas = $dbh->query($q); $xml = geraXmlMenutemas_notema($qtemas,$xml,$perfil); @@ -863,6 +870,7 @@ function geraXmlMenutemas_notema($qtemas,$xml,$perfil) function geraXmlAtlas_pegapranchas($xml,$id_atlas,$dbh) { global $esquemaadmin; + xml_testaNum([$id_atlas]); $q = "select * from ".$esquemaadmin."i3geoadmin_atlasp as p where p.id_atlas = $id_atlas order by ordem_prancha"; $qpranchas = $dbh->query($q); foreach($qpranchas as $row) @@ -886,6 +894,7 @@ function geraXmlAtlas_pegapranchas($xml,$id_atlas,$dbh) function geraXmlAtlas_pegatemas($xml,$id_prancha,$dbh) { global $esquemaadmin; + xml_testaNum([$id_prancha]); $q = "select t.codigo_tema,t.ligado_tema from ".$esquemaadmin."i3geoadmin_atlast as t where t.id_prancha = '$id_prancha' order by ordem_tema"; //echo $q; $qtemas = $dbh->query($q); @@ -901,6 +910,7 @@ function geraXmlAtlas_pegatemas($xml,$id_prancha,$dbh) function geraXmlSistemas_pegafuncoes($perfil,$xml,$id_sistema,$dbh) { global $esquemaadmin; + xml_testaNum([$id_sistema]); $q = "select * from ".$esquemaadmin."i3geoadmin_sistemasf where id_sistema = '$id_sistema'"; $qtemas = $dbh->query($q); foreach($qtemas as $row) @@ -943,5 +953,13 @@ function entity_decode($texto) { return html_entity_decode($texto); } - +function xml_testaNum($valores){ + foreach ($valores as $valor) { + if(!empty($valor) && !is_numeric($valor)) { + ob_clean(); + header ( "HTTP/1.1 403 valor nao numerico" ); + exit; + } + } +} ?> diff --git a/admin/rsscomentariostemas.php b/admin/rsscomentariostemas.php index c8fae87..3aa64d9 100755 --- a/admin/rsscomentariostemas.php +++ b/admin/rsscomentariostemas.php @@ -41,11 +41,13 @@ error_reporting(0); if(!isset($locaplic)){ include(dirname(__FILE__)."/../ms_configura.php"); } -include_once($locaplic."/classesphp/pega_variaveis.php"); -include_once($locaplic."/admin/php/xml.php"); +include_once(dirname(__FILE__)."/../classesphp/sani_request.php"); $parametros = array_merge($_POST,$_GET); -if(empty($parametros["id_tema"])) -{$parametros["id_tema"] = "";} +include_once($locaplic."/admin/php/xml.php"); + +if(empty($parametros["id_tema"])){ + $parametros["id_tema"] = ""; +} echo header("Content-type: application/xml"); echo geraRSScomentariosTemas($locaplic,$parametros["id_tema"]); ?> diff --git a/admin/rssgrupos.php b/admin/rssgrupos.php index 67cd198..40c525e 100755 --- a/admin/rssgrupos.php +++ b/admin/rssgrupos.php @@ -36,7 +36,7 @@ error_reporting(0); if(!isset($locaplic)){ include(dirname(__FILE__)."/../ms_configura.php"); } -include_once($locaplic."/classesphp/pega_variaveis.php"); +include_once(dirname(__FILE__)."/../classesphp/sani_request.php"); include_once($locaplic."/admin/php/xml.php"); $output = "xml"; if(strtolower($_GET["output"]) == "json" || strtolower($_POST["output"]) == "json"){ diff --git a/admin/rssmapas.php b/admin/rssmapas.php index 77f3d3f..0ab4888 100755 --- a/admin/rssmapas.php +++ b/admin/rssmapas.php @@ -36,7 +36,7 @@ error_reporting(0); if(!isset($locaplic)){ include(dirname(__FILE__)."/../ms_configura.php"); } -include_once($locaplic."/classesphp/pega_variaveis.php"); +include_once(dirname(__FILE__)."/../classesphp/sani_request.php"); include_once($locaplic."/admin/php/xml.php"); $output = "xml"; if(strtolower($_GET["output"]) == "json" || strtolower($_POST["output"]) == "json"){ diff --git a/admin/rsssubgrupos.php b/admin/rsssubgrupos.php index f9eb309..ced3856 100755 --- a/admin/rsssubgrupos.php +++ b/admin/rsssubgrupos.php @@ -42,12 +42,13 @@ error_reporting(0); if(!isset($locaplic)){ include(dirname(__FILE__)."/../ms_configura.php"); } -include_once($locaplic."/classesphp/pega_variaveis.php"); +include_once(dirname(__FILE__)."/../classesphp/sani_request.php"); +$_GET = array_merge($_GET,$_POST); include_once($locaplic."/admin/php/xml.php"); $output = "xml"; if(strtolower($_GET["output"]) == "json" || strtolower($_POST["output"]) == "json"){ $output = "json"; } echo header("Content-type: application/".$output); -echo geraRSSsubgrupos($locaplic,$id,$output); +echo geraRSSsubgrupos($locaplic,$_GET["id"],$output); ?> diff --git a/admin/rsstemas.php b/admin/rsstemas.php index 012a5d0..2369d71 100755 --- a/admin/rsstemas.php +++ b/admin/rsstemas.php @@ -42,12 +42,13 @@ error_reporting(0); if(!isset($locaplic)){ include(dirname(__FILE__)."/../ms_configura.php"); } -include_once($locaplic."/classesphp/pega_variaveis.php"); +include_once(dirname(__FILE__)."/../classesphp/sani_request.php"); +$_GET = array_merge($_GET,$_POST); include_once($locaplic."/admin/php/xml.php"); $output = "xml"; if(strtolower($_GET["output"]) == "json" || strtolower($_POST["output"]) == "json"){ $output = "json"; } echo header("Content-type: application/".$output); -echo geraRSStemas($locaplic,$id,$output); +echo geraRSStemas($locaplic,$_GET["id"],$output); ?> diff --git a/admin/rsstemasdownload.php b/admin/rsstemasdownload.php index cb3be76..5a412d5 100755 --- a/admin/rsstemasdownload.php +++ b/admin/rsstemasdownload.php @@ -39,7 +39,8 @@ error_reporting(0); if(!isset($locaplic)){ include(dirname(__FILE__)."/../ms_configura.php"); } -include_once($locaplic."/classesphp/pega_variaveis.php"); +include_once(dirname(__FILE__)."/../classesphp/sani_request.php"); +$_GET = array_merge($_GET,$_POST); include_once($locaplic."/admin/php/xml.php"); echo header("Content-type: application/xml"); echo geraRSStemasDownload($locaplic); diff --git a/admin/rsstemaskml.php b/admin/rsstemaskml.php index 30f8cac..930273f 100755 --- a/admin/rsstemaskml.php +++ b/admin/rsstemaskml.php @@ -39,7 +39,8 @@ error_reporting(0); if(!isset($locaplic)){ include(dirname(__FILE__)."/../ms_configura.php"); } -include_once($locaplic."/classesphp/pega_variaveis.php"); +include_once(dirname(__FILE__)."/../classesphp/sani_request.php"); +$_GET = array_merge($_GET,$_POST); include_once($locaplic."/admin/php/xml.php"); echo header("Content-type: application/xml"); echo geraRSStemasKml($locaplic); diff --git a/admin/rsstemasogc.php b/admin/rsstemasogc.php index 320d1b3..cf540a6 100755 --- a/admin/rsstemasogc.php +++ b/admin/rsstemasogc.php @@ -38,7 +38,8 @@ error_reporting(0); if(!isset($locaplic)){ include(dirname(__FILE__)."/../ms_configura.php"); } -include_once($locaplic."/classesphp/pega_variaveis.php"); +include_once(dirname(__FILE__)."/../classesphp/sani_request.php"); +$_GET = array_merge($_GET,$_POST); include_once($locaplic."/admin/php/xml.php"); echo header("Content-type: application/xml"); echo geraRSStemasOgc($locaplic); diff --git a/admin/rsstemasraiz.php b/admin/rsstemasraiz.php index 55e090e..eb4771a 100755 --- a/admin/rsstemasraiz.php +++ b/admin/rsstemasraiz.php @@ -44,8 +44,9 @@ error_reporting(0); if(!isset($locaplic)){ include(dirname(__FILE__)."/../ms_configura.php"); } -include_once($locaplic."/classesphp/pega_variaveis.php"); +include_once(dirname(__FILE__)."/../classesphp/sani_request.php"); +$_GET = array_merge($_GET,$_POST); include_once($locaplic."/admin/php/xml.php"); echo header("Content-type: application/xml"); -echo geraRSStemasRaiz($locaplic,$id,$nivel); +echo geraRSStemasRaiz($locaplic,$_GET["id"],$_GET["nivel"]); ?> diff --git a/admin/safe.php b/admin/safe.php new file mode 100755 index 0000000..e4eacb8 --- /dev/null +++ b/admin/safe.php @@ -0,0 +1,69 @@ + \ No newline at end of file diff --git a/admin/xmlatlas.php b/admin/xmlatlas.php index f43e904..61b68f6 100755 --- a/admin/xmlatlas.php +++ b/admin/xmlatlas.php @@ -4,8 +4,8 @@ error_reporting(0); if(!isset($locaplic)){ include(dirname(__FILE__)."/../ms_configura.php"); } -include_once($locaplic."/classesphp/pega_variaveis.php"); +include_once($locaplic."/admin/safe.php"); include_once($locaplic."/admin/php/xml.php"); echo header("Content-type: application/xml"); -echo geraXmlAtlas($locaplic,$editores); +echo geraXmlAtlas($locaplic); ?> diff --git a/admin/xmlgeorss.php b/admin/xmlgeorss.php index b29fcc2..f99f6dc 100755 --- a/admin/xmlgeorss.php +++ b/admin/xmlgeorss.php @@ -39,7 +39,7 @@ error_reporting(0); if(!isset($locaplic)){ include(dirname(__FILE__)."/../ms_configura.php"); } -include_once($locaplic."/classesphp/pega_variaveis.php"); +include_once($locaplic."/admin/safe.php"); include_once($locaplic."/admin/php/xml.php"); $output = "xml"; if(strtolower($_GET["output"]) == "json" || strtolower($_POST["output"]) == "json"){ diff --git a/admin/xmlidentifica.php b/admin/xmlidentifica.php index bb0f4fd..4bc0f73 100755 --- a/admin/xmlidentifica.php +++ b/admin/xmlidentifica.php @@ -43,9 +43,9 @@ error_reporting(0); if(!isset($locaplic)){ include(dirname(__FILE__)."/../ms_configura.php"); } -include_once($locaplic."/classesphp/pega_variaveis.php"); +include_once($locaplic."/admin/safe.php"); include_once($locaplic."/admin/php/xml.php"); if(!isset($perfil)){$perfil = "";} echo header("Content-type: application/xml"); -echo geraXmlIdentifica($perfil,$locaplic,$editores); +echo geraXmlIdentifica($perfil,$locaplic); ?> diff --git a/admin/xmlkmlrss.php b/admin/xmlkmlrss.php index 62a73a7..fe44e21 100755 --- a/admin/xmlkmlrss.php +++ b/admin/xmlkmlrss.php @@ -38,7 +38,7 @@ error_reporting(0); if(!isset($locaplic)){ include(dirname(__FILE__)."/../ms_configura.php"); } -include_once($locaplic."/classesphp/pega_variaveis.php"); +include_once($locaplic."/admin/safe.php"); include_once($locaplic."/admin/php/xml.php"); echo header("Content-type: application/xml"); echo geraXmlKmlrss($locaplic); diff --git a/admin/xmllinksdownload.php b/admin/xmllinksdownload.php index 7cd4e5f..bdfcc55 100755 --- a/admin/xmllinksdownload.php +++ b/admin/xmllinksdownload.php @@ -39,7 +39,7 @@ error_reporting(0); if(!isset($locaplic)){ include(dirname(__FILE__)."/../ms_configura.php"); } -include_once($locaplic."/classesphp/pega_variaveis.php"); +include_once($locaplic."/admin/safe.php"); include_once($locaplic."/admin/php/xml.php"); echo header("Content-type: application/xml"); echo geraXmlDownload($locaplic); diff --git a/admin/xmlmapas.php b/admin/xmlmapas.php index c48d696..aa10e03 100755 --- a/admin/xmlmapas.php +++ b/admin/xmlmapas.php @@ -39,9 +39,9 @@ error_reporting(0); if(!isset($locaplic)){ include(dirname(__FILE__)."/../ms_configura.php"); } -include_once($locaplic."/classesphp/pega_variaveis.php"); +include_once($locaplic."/admin/safe.php"); include_once($locaplic."/admin/php/xml.php"); if(!isset($perfil)){$perfil = "";} echo header("Content-type: application/xml"); -echo geraXmlMapas($perfil,$locaplic,$editores); +echo geraXmlMapas($perfil,$locaplic); ?> diff --git a/admin/xmlmenutemas.php b/admin/xmlmenutemas.php index 818198d..63c89f4 100755 --- a/admin/xmlmenutemas.php +++ b/admin/xmlmenutemas.php @@ -3,7 +3,7 @@ error_reporting(0); if(!isset($locaplic)){ include(dirname(__FILE__)."/../ms_configura.php"); } -include_once($locaplic."/classesphp/pega_variaveis.php"); +include_once($locaplic."/admin/safe.php"); include_once($locaplic."/admin/php/xml.php"); if(!isset($perfil)){$perfil = "";} if(!isset($id_menu)){$id_menu = "";} diff --git a/admin/xmlmetaestatogc.php b/admin/xmlmetaestatogc.php index 68e0fec..80d0cfd 100755 --- a/admin/xmlmetaestatogc.php +++ b/admin/xmlmetaestatogc.php @@ -38,7 +38,7 @@ error_reporting(0); if(!isset($locaplic)){ include(dirname(__FILE__)."/../ms_configura.php"); } -include_once($locaplic."/classesphp/pega_variaveis.php"); +include_once($locaplic."/admin/safe.php"); include_once($locaplic."/admin/php/xml.php"); echo header("Content-type: application/xml"); echo geraXmlWMSmetaestat($locaplic); diff --git a/admin/xmlservicoswms.php b/admin/xmlservicoswms.php index 8675ea8..e5d4ed8 100755 --- a/admin/xmlservicoswms.php +++ b/admin/xmlservicoswms.php @@ -39,7 +39,7 @@ error_reporting(0); if(!isset($locaplic)){ include(dirname(__FILE__)."/../ms_configura.php"); } -include_once($locaplic."/classesphp/pega_variaveis.php"); +include_once($locaplic."/admin/safe.php"); include_once($locaplic."/admin/php/xml.php"); $output = "xml"; if(strtolower($_GET["output"]) == "json" || strtolower($_POST["output"]) == "json"){ diff --git a/admin/xmlservicosws.php b/admin/xmlservicosws.php index 0514625..cf68f8d 100755 --- a/admin/xmlservicosws.php +++ b/admin/xmlservicosws.php @@ -39,7 +39,7 @@ error_reporting(0); if(!isset($locaplic)){ include(dirname(__FILE__)."/../ms_configura.php"); } -include_once($locaplic."/classesphp/pega_variaveis.php"); +include_once($locaplic."/admin/safe.php"); include_once($locaplic."/admin/php/xml.php"); $output = "xml"; diff --git a/admin/xmlsistemas.php b/admin/xmlsistemas.php index a2ff54b..d7e87fb 100755 --- a/admin/xmlsistemas.php +++ b/admin/xmlsistemas.php @@ -39,9 +39,9 @@ error_reporting(0); if(!isset($locaplic)){ include(dirname(__FILE__)."/../ms_configura.php"); } -include_once($locaplic."/classesphp/pega_variaveis.php"); +include_once($locaplic."/admin/safe.php"); include_once($locaplic."/admin/php/xml.php"); if(!isset($perfil)){$perfil = "";} echo header("Content-type: application/xml"); -echo geraXmlSistemas($perfil,$locaplic,$editores); +echo geraXmlSistemas($perfil,$locaplic); ?> -- libgit2 0.21.2