Security update

- Security update - relative paths for images, css and js removed. - Deleted jquery-ui development bundle
roxlukas · May 13, 2016 · cbe661e · cbe661e
1 parent 0cf4c67
commit cbe661e
Show file tree

Hide file tree

Showing 653 changed files with 149 additions and 82,488 deletions.
diff --git a/include/00.php b/include/00.php
@@ -132,9 +132,9 @@ function pointshrefedit($nr) {
     <h2>Timesheet</h2>
     <?php                                
         if(!$aggregate) {
-            echo('<a href="?id=0&date='.sprintf("%04d", $year).sprintf("%02d", $month).'&aggregate=yes"><img src="img/minus.gif" alt="[-]"> Aggregate by user</a>');
+            echo('<a href="?id=0&date='.sprintf("%04d", $year).sprintf("%02d", $month).'&aggregate=yes"><img src="'.getUrl().'img/minus.gif" alt="[-]"> Aggregate by user</a>');
         } else {
-            echo('<a href="?id=0&date='.sprintf("%04d", $year).sprintf("%02d", $month).'&aggregate=no"><img src="img/plus.gif" alt="[+]"> Break down by character</a>');
+            echo('<a href="?id=0&date='.sprintf("%04d", $year).sprintf("%02d", $month).'&aggregate=no"><img src="'.getUrl().'img/plus.gif" alt="[+]"> Break down by character</a>');
         }
     //Timesheet				
         showTimesheet(getTimesheet($corp['corporationID'],$year,$month, $aggregate),$aggregate);

diff --git a/include/10.php b/include/10.php
@@ -115,7 +115,7 @@
 		</form></td>
 		<?php } ?>
 		</tr></table>
-	    <em><img src="ccp_icons/38_16_208.png" alt="(i)"/> Tasks are only contributed to by the characters they have been assigned to. If you'd like to use an alt for production, ask administrator to assign that task to your alt.<br/></em>
+	    <em><img src="<?=getUrl()?>ccp_icons/38_16_208.png" alt="(i)"/> Tasks are only contributed to by the characters they have been assigned to. If you'd like to use an alt for production, ask administrator to assign that task to your alt.<br/></em>
             <br/>
 	<?php
 

diff --git a/include/20-content.php b/include/20-content.php
@@ -18,7 +18,7 @@ function cachedContent() {
         //echo("DEBUG: <pre>"); print_r($inventory); echo('</pre>');
         ?>
         <h3>Current Stock</h3>
-        <em><img src="ccp_icons/38_16_208.png" alt="(i)"/> Due to EVE API limitations, Assets can only be updated every 6 hours.</em><br/>
+        <em><img src="<?=getUrl()?>ccp_icons/38_16_208.png" alt="(i)"/> Due to EVE API limitations, Assets can only be updated every 6 hours.</em><br/>
         <em>Stock can be configured by checking "Track" and setting the amount in "Stock" field for a specific item in "Database" module.<br/></em>
         <?php
 

diff --git a/include/20.php b/include/20.php
@@ -18,9 +18,9 @@
 <div class="tytul">
     <?=$PANELNAME?><br/>
 </div>
-                    <div id="pageContents"><em><img src="img/loader.png" /> Loading...</em></div>
+                    <div id="pageContents"><em><img src="<?=getUrl()?>img/loader.png" /> Loading...</em></div>
                     <script type="text/javascript">
-                        ajax_get('ajax.php?act=CACHE&page=20','pageContents');
+                        ajax_get('<?=getUrl()?>ajax.php?act=CACHE&page=20','pageContents');
                     </script>
 
 

diff --git a/include/26.php b/include/26.php
@@ -19,7 +19,7 @@
 			Player-owned Customs Offices<br/>
 		</div>
 
-                <div id="pageContents"><em><img src="img/loader.png" /> Loading...</em></div>
+                <div id="pageContents"><em><img src="<?=getUrl()?>img/loader.png" /> Loading...</em></div>
                 <script type="text/javascript">
                         ajax_get('ajax.php?act=CACHE&page=26','pageContents');
                 </script>

diff --git a/include/30.php b/include/30.php
@@ -22,15 +22,15 @@
 <?php
 if (checkrights("Administrator,ViewBuyOrders")) { 
 	echo('<h3>Buyback Orders</h3>');
-	echo('<em><img src="ccp_icons/38_16_208.png" alt="(i)"/> Buyback orders are buyback contracts from corp members to the corporation.</em><br />');
+	echo('<em><img src="'.getUrl().'ccp_icons/38_16_208.png" alt="(i)"/> Buyback orders are buyback contracts from corp members to the corporation.</em><br />');
 
 	$buybacklist=getBuybackOrders("WHERE TRUE ORDER BY timestmp DESC LIMIT 10");
 	showBuyback($buybacklist);
 }
 
 if (checkrights("Administrator,ViewMarket")) { 
 	echo('<h3>Market Orders</h3>');
-	echo('<em><img src="ccp_icons/38_16_208.png" alt="(i)"/> Market Orders show current in game market order status.</em><br />');
+	echo('<em><img src="'.getUrl().'ccp_icons/38_16_208.png" alt="(i)"/> Market Orders show current in game market order status.</em><br />');
         $corps=db_asocquery("SELECT * FROM apicorps;");
 	foreach ($corps as $corp) { //begin corps loop
             echo("<h3><img src=\"https://imageserver.eveonline.com/Corporation/${corp['corporationID']}_32.png\" style=\"vertical-align: middle;\" /> ${corp['corporationName']}</h3>");

diff --git a/include/32.php b/include/32.php
@@ -74,4 +74,4 @@
 	<input type="hidden" name="id" value="<?php echo($MENUITEM); ?>">
 	<input type="submit" value="OK">
 	</form>
-<center><img src="img/contract.png" alt="How to setup a contract" /></center>
+<center><img src="<?=getUrl()?>img/contract.png" alt="How to setup a contract" /></center>
diff --git a/include/40.php b/include/40.php
@@ -48,9 +48,9 @@ function hrefedit($nr) {
 		    hrefedit($row['id']);
 		    if ($row['msgread']==0) {
 		    	$wyl=formatowanie(0,1,0,-1);
-		    	echo('<img src="img/msgnew.gif" alt="MSGnew"> ');
+		    	echo('<img src="'.getUrl().'img/msgnew.gif" alt="MSGnew"> ');
 		    } else {
-			echo('<img src="img/msg.gif" alt="MSG"> ');
+			echo('<img src="'.getUrl().'img/msg.gif" alt="MSG"> ');
 		    }
 		    echo(stripslashes($row['msgtopic']));
 		    odformatowanie($wyl);

diff --git a/include/46.php b/include/46.php
@@ -45,7 +45,7 @@ function hrefedit($nr) {
 		  $wyl=0;
 		    echo('<tr><td class="tab">');
 		    hrefedit($row['id']);
-			echo('<img src="img/msg.gif" alt="MSG"> ');
+			echo('<img src="'.getUrl().'img/msg.gif" alt="MSG"> ');
 		    echo(stripslashes($row['msgtopic']));
 		    echo('</a></td><td class="tab">');
 		    hrefedit($row['id']);

diff --git a/include/52.php b/include/52.php
@@ -18,7 +18,7 @@
 <div class="tleft">
 <h2>Change password</h2><br>
 <?php
-    if (secureGETnum('legacy')==1) echo('<h3>Your password must be changed.</h3><em><img src="ccp_icons/38_16_208.png" alt="(i)"/> Your old password was hashed using less secure md5 algorithm. New password will be hashed 10.000 times using a more secure algorithm, sha256.</em>');
+    if (secureGETnum('legacy')==1) echo('<h3>Your password must be changed.</h3><em><img src="'.getUrl().'ccp_icons/38_16_208.png" alt="(i)"/> Your old password was hashed using less secure md5 algorithm. New password will be hashed 10.000 times using a more secure algorithm, sha256.</em>');
 ?>
 <form method="post" action="?id=5&id2=3">
 <?php

diff --git a/include/5e.php b/include/5e.php
@@ -24,7 +24,7 @@ function nbapihrefedit($nr) {
     <input type="submit" value="Create key" /><br/>
 </form>
 <div><br/>
-<img src="ccp_icons/38_16_208.png" alt="(!) "/> LMeve can provide information to other third party apps that support it, such as <a href="http://evernus.com/" target="_blank">Evernus</a> or <a href="http://caldariprimeponyclub.com/" target="_blank">Jeremy</a>.<br/>
+<img src="<?=getUrl()?>ccp_icons/38_16_208.png" alt="(!) "/> LMeve can provide information to other third party apps that support it, such as <a href="http://evernus.com/" target="_blank">Evernus</a> or <a href="http://caldariprimeponyclub.com/" target="_blank">Jeremy</a>.<br/>
 <br/></div>
 <table class="lmframework">
     <tr><th>
@@ -64,7 +64,7 @@ function nbapihrefedit($nr) {
             echo($key['lastIP']);
             echo('</td><td>');
             nbapihrefedit($key['apiKeyID']);
-            echo('<img src="img/del.gif" alt="Delete key" />');
+            echo('<img src="'.getUrl().'img/del.gif" alt="Delete key" />');
             echo("</a>");
             echo('</td></tr>');
         }

diff --git a/include/5h.php b/include/5h.php
@@ -19,7 +19,7 @@ function apikeyhrefedit($nr) {
 <div class="tytul">
 <?php echo($PANELNAME); ?>
 </div>
-<img src="ccp_icons/7_64_5.png"  alt="Corporation" style="float: left;"/>
+<img src="<?=getUrl()?>ccp_icons/7_64_5.png"  alt="Corporation" style="float: left;"/>
 <table><tr><td>
     <form method="post" action="?id=5&id2=18">
         <?php token_generate(); ?>
@@ -32,7 +32,7 @@ function apikeyhrefedit($nr) {
     </form>            
 </td></tr></table>
 <div><br/>
-<img src="ccp_icons/38_16_208.png" alt="(!) "/> LMeve <u>only</u> works with Corporation level API Keys.<br/>
+<img src="<?=getUrl()?>ccp_icons/38_16_208.png" alt="(!) "/> LMeve <u>only</u> works with Corporation level API Keys.<br/>
 <br/></div>
 <table class="lmframework">
     <tr><th>
@@ -69,7 +69,7 @@ function apikeyhrefedit($nr) {
             echo($key['date']);
             echo('</td><td>');
             apikeyhrefedit($key['apiKeyID']);
-            echo('<img src="img/del.gif" alt="Delete key" />');
+            echo('<img src="'.getUrl().'img/del.gif" alt="Delete key" />');
             echo("</a>");
             echo('</td></tr>');
         }

diff --git a/include/5i.php b/include/5i.php
@@ -15,7 +15,7 @@
 <div class="tytul">
 <?php echo($PANELNAME);?>
 </div>
-<img src="ccp_icons/7_64_5.png"  alt="Corporation" style="float: left;"/>
+<img src="<?=getUrl()?>ccp_icons/7_64_5.png"  alt="Corporation" style="float: left;"/>
 	<form action="?id=5&id2=19" method="post">
         <?php token_generate(); ?>
             <table class="lmframework">

diff --git a/include/60.php b/include/60.php
@@ -134,7 +134,7 @@ function hrefedit($nr) {
 
 			<a href="#down">Scroll down</a>
 		    </div>
-                        <em><img src="ccp_icons/38_16_208.png" alt="(i)"/> LMeve attempts to predict current month running cost, so to avoid counting previous month's wages and internal money transfers, <strong>refTypeID 37 (Corporation Account Withdrawal) is filtered out</strong>.<br/>
+                        <em><img src="<?=getUrl()?>ccp_icons/38_16_208.png" alt="(i)"/> LMeve attempts to predict current month running cost, so to avoid counting previous month's wages and internal money transfers, <strong>refTypeID 37 (Corporation Account Withdrawal) is filtered out</strong>.<br/>
                         Instead, current month wages estimate is subtracted from the wallet totals. <strong>This behavior will be configurable in a future release of LMeve.</strong></em><br />
 		    <?php
 
@@ -390,15 +390,15 @@ function hrefedit($nr) {
 		    echo(number_format($wallet_summaries[$row['accountKey']]['balance'], 2, $DECIMAL_SEP, $THOUSAND_SEP));
 		    $totals['balance']+=$wallet_summaries[$row['accountKey']]['balance'];
 		    echo('</td><td style="text-align: right; line-height: 16px;">');
-		    echo('<img src="ccp_icons/6_64_3.png" title="Market" style="float: left; width: 16px; height: 16px;"> ');
+		    echo('<img src="'.getUrl().'ccp_icons/6_64_3.png" title="Market" style="float: left; width: 16px; height: 16px;"> ');
 		    echo(number_format($wallet_summaries[$row['accountKey']]['buy'], 2, $DECIMAL_SEP, $THOUSAND_SEP).'<br/>');
-		    echo('<img src="ccp_icons/64_64_10.png" title="Contracts" style="float: left; width: 16px; height: 16px;"> ');
+		    echo('<img src="'.getUrl().'ccp_icons/64_64_10.png" title="Contracts" style="float: left; width: 16px; height: 16px;"> ');
 		    echo(number_format($wallet_summaries[$row['accountKey']]['cntrct_buy'], 2, $DECIMAL_SEP, $THOUSAND_SEP));
 		    $totals['buy']+=$wallet_summaries[$row['accountKey']]['buy']+$wallet_summaries[$row['accountKey']]['cntrct_buy'];
 		    echo('</td><td style="text-align: right; line-height: 16px;">');
-		    echo('<img src="ccp_icons/6_64_3.png" title="Market" style="float: left; width: 16px; height: 16px;"> ');
+		    echo('<img src="'.getUrl().'ccp_icons/6_64_3.png" title="Market" style="float: left; width: 16px; height: 16px;"> ');
 		    echo(number_format($wallet_summaries[$row['accountKey']]['sell'], 2, $DECIMAL_SEP, $THOUSAND_SEP).'<br/>');
-		    echo('<img src="ccp_icons/64_64_10.png" title="Contracts" style="float: left; width: 16px; height: 16px;"> ');
+		    echo('<img src="'.getUrl().'ccp_icons/64_64_10.png" title="Contracts" style="float: left; width: 16px; height: 16px;"> ');
 		    echo(number_format($wallet_summaries[$row['accountKey']]['cntrct_sell'], 2, $DECIMAL_SEP, $THOUSAND_SEP));
 		    $totals['sell']+=$wallet_summaries[$row['accountKey']]['sell']+$wallet_summaries[$row['accountKey']]['cntrct_sell'];
 		    echo('</td><td style="text-align: right;">');

diff --git a/include/70.php b/include/70.php
@@ -60,15 +60,15 @@ function gethost($ip)
 
         <table class="lmframework" width="422">
 	    <tr><th width="100%">
-	    <img src="ccp_icons/38_16_170.png" alt="[+]" style="vertical-align: middle;" /> Active users
+	    <img src="<?=getUrl()?>ccp_icons/38_16_170.png" alt="[+]" style="vertical-align: middle;" /> Active users
 	    </th></tr>
         </table>
         <?php
         showUsers($admini);
         ?>
         <table class="lmframework" width="422">
 	    <tr><th width="100%">
-	    <img src="ccp_icons/38_16_169.png" alt="[x]" style="vertical-align: middle;" /> Disabled users
+	    <img src="<?=getUrl()?>ccp_icons/38_16_169.png" alt="[x]" style="vertical-align: middle;" /> Disabled users
 	    </th></tr>
         </table>
         <?php 
@@ -82,16 +82,16 @@ function gethost($ip)
 	    */ ?>
 	    <table cellspacing="2" cellpadding="0" border="0">
 	    <tr><td class="tab-header">
-	    <img src="img/info.gif" alt="i"><b>Legend:</b><br>
+	    <img src="<?=getUrl()?>img/info.gif" alt="i"><b>Legend:</b><br>
 	    </td></tr><tr><td>
 		<table cellspacing="0" cellpadding="0" border="0">
 		<tr><td width="50" class="tab-act"><br></td><td>- online user<br></td>
 		<td width="50" class="tab"><br></td><td>- offline user<br></td>
 		</tr>
 		</table>
-	    </td></tr><tr><td class="tab"><img src="img/msg.gif" alt="MSG"> - Send message<br></td>
+	    </td></tr><tr><td class="tab"><img src="<?=getUrl()?>img/msg.gif" alt="MSG"> - Send message<br></td>
 	    </tr></table>
-	<script type="text/javascript" src="skrypty.js"></script>
+	<script type="text/javascript" src="<?=getUrl()?>skrypty.js"></script>
 	<script type="text/javascript">
 		reloader("?id=7",20);
 	</script>
diff --git a/include/80.php b/include/80.php
@@ -174,7 +174,7 @@ function althrefedit($nr) {
 				echo('</td><td>');
 				echo(stripslashes($row['activityName']));
 				echo('</td><td style="text-align: right;">');
-				echo('<img src="ccp_icons/2_64_9.png" title="Total produced items amount" style="float: left; width: 16px; height: 16px;"> ');
+				echo('<img src="'.getUrl().'ccp_icons/2_64_9.png" title="Total produced items amount" style="float: left; width: 16px; height: 16px;"> ');
 				echo(stripslashes($row['amount']));
 				echo('</td><td>');
 				echo('<table class="lmframework" width="100%">');
@@ -186,10 +186,10 @@ function althrefedit($nr) {
 							echo(stripslashes($contrib['name']));
 						if ($rights_viewallchars) echo('</a>');
 					echo('</td><td width="40" style="text-align: left;">');
-					echo('<img src="ccp_icons/9_64_16.png" title="Industry jobs count" style="float: left; width: 16px; height: 16px;"> ');
+					echo('<img src="'.getUrl().'ccp_icons/9_64_16.png" title="Industry jobs count" style="float: left; width: 16px; height: 16px;"> ');
 					echo(stripslashes($contrib['jobsCount'])); 
 					echo('</td><td width="60" style="text-align: left;">');
-					echo('<img src="ccp_icons/2_64_9.png" title="Produced items amount" style="float: left; width: 16px; height: 16px;"> ');
+					echo('<img src="'.getUrl().'ccp_icons/2_64_9.png" title="Produced items amount" style="float: left; width: 16px; height: 16px;"> ');
 					echo(stripslashes($contrib['runCount']));
 					if ($rights_edittasks) {
 						echo('</td><td width="50">');

diff --git a/include/84.php b/include/84.php
@@ -162,7 +162,7 @@
 
                         </script>
     </div>
-<em><img src="ccp_icons/38_16_208.png" alt="(i)"/> In some circumstances, the following API endpoints can fail, and it is not an error: WalletJournal_10000, WalletTransactions_10000, FacWarStats.<br/>
+<em><img src="<?=getUrl()?>ccp_icons/38_16_208.png" alt="(i)"/> In some circumstances, the following API endpoints can fail, and it is not an error: WalletJournal_10000, WalletTransactions_10000, FacWarStats.<br/>
 Failing ednpoints are locked out permanently after 10 unsuccessful attempts.</em>
 	<table class="lmframework">
 	<tr><th width="64">

diff --git a/include/90.php b/include/90.php
@@ -108,7 +108,7 @@ function delhrefedit($nr) {
 			<?php
 				foreach($rearrange as $row) {
 					echo('<tr><td class="tab"  style="text-align: center;">');
-                                        if ($row['active']==0) echo('<img src="ccp_icons/38_16_169.png" alt="[x]" style="vertical-align: middle;" />');
+                                        if ($row['active']==0) echo('<img src="'.getUrl().'ccp_icons/38_16_169.png" alt="[x]" style="vertical-align: middle;" />');
 					echo("<strong>${row['login']}</strong>");
 					echo('</td><td class="tab">');
 

diff --git a/include/94.php b/include/94.php
@@ -14,15 +14,15 @@
 ?>	    <div class="tytul">
 		<?php echo($PANELNAME); ?><br>
 	    </div>
-	    <img src="ccp_icons/2_64_16.png"  alt="Characters" style="float: left;"/><h2>Input your personal API Key to link your in-game characters to your LMeve account</h2>
+	    <img src="<?=getUrl()?>ccp_icons/2_64_16.png"  alt="Characters" style="float: left;"/><h2>Input your personal API Key to link your in-game characters to your LMeve account</h2>
 <?php
 //Users sometimes attempt to use LMeve with personal API keys in this form, without first setting up a corp API Key
 //so if there are no corp API KEYs set first, this form should not be available to avoid confusion.
 $keys=db_asocquery("SELECT COUNT(*) AS `count` FROM `cfgapikeys`;");
 $count=$keys[0]['count'];
 if ($count > 0) {
 ?>
-            <img src="ccp_icons/38_16_208.png" alt="(!) " style="float: left;"/><a href="https://community.eveonline.com/support/api-key/CreatePredefined?accessMask=16777216" target="_blank">Click this link to go to EVE Online Support site</a> and generate a predefined personal API key with an access mask of 16777216<br/><br/>
+            <img src="<?=getUrl()?>ccp_icons/38_16_208.png" alt="(!) " style="float: left;"/><a href="https://community.eveonline.com/support/api-key/CreatePredefined?accessMask=16777216" target="_blank">Click this link to go to EVE Online Support site</a> and generate a predefined personal API key with an access mask of 16777216<br/><br/>
             <strong style="color: red;">Your personal API Key will only be accessed once, and will not be stored in LMeve.</strong><br/><br/>
 	<?php
 

diff --git a/include/95.php b/include/95.php
@@ -116,7 +116,7 @@ function connectCharacters($chars) {
 
         <table class="lmframework">
             <tr><th>Characters available in Your personal API</th><td></td><th>Characters eligible to link</th><td></td><th>Characters available in Corporation API</th></tr>
-            <tr><td style="text-align: center;"><?php displayCharacters($chars); ?></td><td><img src="ccp_icons/9_64_6.png" alt="-&gt;" /></td><td style="text-align: center;"><?php displayCharacters($valid_chars); ?></td><td><img src="ccp_icons/9_64_6.png" alt="-&gt;" /></td><td style="text-align: center;"><?php displayCharacters($final_chars); ?></td></tr>
+            <tr><td style="text-align: center;"><?php displayCharacters($chars); ?></td><td><img src="<?=getUrl()?>ccp_icons/9_64_6.png" alt="-&gt;" /></td><td style="text-align: center;"><?php displayCharacters($valid_chars); ?></td><td><img src="<?=getUrl()?>ccp_icons/9_64_6.png" alt="-&gt;" /></td><td style="text-align: center;"><?php displayCharacters($final_chars); ?></td></tr>
         </table>
 <?php
     if ($connected>0) {