* @subpackage Theme */ # setup inclusions $load['plugin'] = true; include 'inc/common.php'; login_cookie_check(); # variable settings $path = GSDATAOTHERPATH; $file = GSWEBSITEFILE; $theme_options = ''; # was the form submitted? if (isset($_POST['submitted']) && isset($_POST['template'])) { check_for_csrf("activate"); # get passed value from form $newTemplate = var_in($_POST['template']); if (!path_is_safe(GSTHEMESPATH . $newTemplate, GSTHEMESPATH)) { die; } # backup old GSWEBSITEFILE (website.xml) file $bakpath = GSBACKUPSPATH . getRelPath(GSDATAOTHERPATH, GSDATAPATH); // backups/other/ createBak($file, $path, $bakpath); # udpate GSWEBSITEFILE (website.xml) file with new theme $xml = new SimpleXMLExtended('<item></item>'); $note = $xml->addChild('SITENAME'); $note->addCData($SITENAME); $note = $xml->addChild('SITEURL'); $note->addCData($SITEURL); $note = $xml->addChild('TEMPLATE'); $note->addCData($newTemplate); $xml->addChild('PRETTYURLS', $PRETTYURLS);
login_cookie_check(); $allowcreatefolder = getDef('GSALLOWUPLOADCREATE', true); $allowdelete = getDef('GSALLOWUPLOADDELETE', true); $allowupload = true; if (isset($_GET['browse']) || isset($browse) && $browse == true) { $allowcreatefolder = false; $allowdelete = false; $allowupload = getDef('GSALLOWBROWSEUPLOAD', true); } exec_action('load-upload'); $dirsSorted = $filesSorted = $foldercount = null; if (isset($_GET['path']) && !empty($_GET['path'])) { $path = str_replace('../', '', $_GET['path']); $path = tsl(GSDATAUPLOADPATH . $path); // die if path is outside of uploads if (!path_is_safe($path, GSDATAUPLOADPATH)) { die; } $subPath = str_replace('../', '', $_GET['path']); $subFolder = tsl($subPath); } else { $path = GSDATAUPLOADPATH; $subPath = ''; $subFolder = ''; } // if a file was uploaded if (isset($_FILES['file'])) { $uploadsCount = count($_FILES['file']['name']); if ($uploadsCount > 0) { $errors = array(); $messages = array();
check_for_csrf("save_profile"); do { // if editing and post userid not match get userid // @todo perhaps use nonce here instead if ($editing && $userid !== _id($_POST['user'])) { $error = i18n_r('ER_REQ_PROC_FAIL'); break; } $userid = _id($_POST['user']); $file = $userid . '.xml'; if ($adding && path_is_safe(GSUSERSPATH . $file, GSUSERSPATH)) { $error = i18n_r('INVALID_USER'); // user already exists break; } if (!path_is_safe(dirname(GSUSERSPATH . $file), GSUSERSPATH, true)) { $error = i18n_r('INVALID_USER'); break; } debugLog("saving profile " . $userid); if (isset($_POST['name'])) { $name = var_in($_POST['name']); } if (isset($_POST['email'])) { $email = var_in($_POST['email'], 'email'); } if (isset($_POST['timezone'])) { $timezone = var_in($_POST['timezone']); } if (isset($_POST['lang'])) { $lang = var_in($_POST['lang']);
} if (isset($_REQUEST['t'])) { $image_type = intval($_REQUEST['t']); } if (isset($_REQUEST['x'])) { $max_x = intval($_REQUEST['x']); } if (isset($_REQUEST['y'])) { $max_y = intval($_REQUEST['y']); } $path_parts = pathinfo($from_name); // travesal protection if (!filepath_is_safe(GSDATAUPLOADPATH . $from_name, GSDATAUPLOADPATH, true)) { die('invalid src image'); } if (!path_is_safe(GSTHUMBNAILPATH . dirname($to_name), GSTHUMBNAILPATH, true)) { die('invalid dest image'); } if (!file_exists($images_folder)) { die('Images folder does not exist (update $images_folder in the script)'); } if ($save_to_file && !file_exists($thumbs_folder)) { die('Thumbnails folder does not exist (update $thumbs_folder in the script)'); } $dirs = explode('/', $path_parts['dirname']); $folder = $thumbs_folder; foreach ($dirs as $dir) { $folder .= DIRECTORY_SEPARATOR . $dir; if (!is_dir($folder)) { mkdir($folder); }
$status = delete_file($id); generate_sitemap(); exec_action('page-delete'); redirect("pages.php?upd=edit-" . $status . "&id=" . $id . "&type=delete"); } } // are we deleting archives? if (isset($_GET['zip'])) { $zip = $_GET['zip']; $status = delete_zip($zip); redirect("archive.php?upd=del-" . $status . "&id=" . $zip); } // are we deleting uploads? if (isset($_GET['file'])) { $path = isset($_GET['path']) ? $_GET['path'] : ""; $file = $_GET['file']; $status = delete_upload($file, $path); redirect("upload.php?upd=del-" . $status . "&id=" . $file . "&path=" . $path); } // are we deleting a folder? if (isset($_GET['folder'])) { $path = isset($_GET['path']) ? $_GET['path'] : ""; $folder = $_GET['folder']; $target = GSDATAUPLOADPATH . $path . $folder; if (path_is_safe($target, GSDATAUPLOADPATH) && file_exists($target)) { rmdir($target); // delete thumbs folder rmdir(GSTHUMBNAILPATH . $path . $folder); redirect("upload.php?upd=del-success&id=" . $folder . "&path=" . $path); } }
login_cookie_check(); $path = GSDATAOTHERPATH; $file = "website.xml"; $theme_options = ''; # was the form submitted? if (isset($_POST['submitted']) && isset($_POST['template'])) { # check for csrf if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) { $nonce = $_POST['nonce']; if (!check_nonce($nonce, "activate")) { die("CSRF detected!"); } } # get passed value from form $TEMPLATE = var_out($_POST['template']); if (!path_is_safe(GSTHEMESPATH . $TEMPLATE, GSTHEMESPATH)) { die; } # backup old website.xml file $bakpath = GSBACKUPSPATH . 'other/'; createBak($file, $path, $bakpath); // # udpate website.xml file with new theme $xml = getXML($path . $file); $xml->TEMPLATE = null; $xml->TEMPLATE->addCData($TEMPLATE); $status = XMLsave($xml, $path . $file); $success = i18n_r('THEME_CHANGED'); } # get available themes (only look for folders) $themes_handle = opendir(GSTHEMESPATH) or die("Unable to open " . GSTHEMESPATH); while ($file = readdir($themes_handle)) {
/** * Delete Upload Directory * * @since 1.0 * @uses GSTHUMBNAILPATH * @uses GSDATAUPLOADPATH * * @param string $path relative path to uploaded file folder * @return bool success */ function delete_upload_dir($path) { $target = GSDATAUPLOADPATH . $path; if (path_is_safe($target, GSDATAUPLOADPATH) && file_exists($target)) { $status = delete_folder($target); // delete thumbs folder if (file_exists(GSTHUMBNAILPATH . $path)) { delete_dir(GSTHUMBNAILPATH . $path); } return $status; } }
/** * Delete Uploaded File * * @since 1.0 * @uses GSTHUMBNAILPATH * @uses GSDATAUPLOADPATH * * @param string $id Uploaded filename to delete * @param string $path Path to uploaded file folder * @return string */ function delete_upload($id, $path = "") { $filepath = GSDATAUPLOADPATH . $path; $file = $filepath . $id; if (path_is_safe($filepath, GSDATAUPLOADPATH) && filepath_is_safe($file, $filepath)) { $status = unlink(GSDATAUPLOADPATH . $path . $id); if (file_exists(GSTHUMBNAILPATH . $path . "thumbnail." . $id)) { unlink(GSTHUMBNAILPATH . $path . "thumbnail." . $id); } if (file_exists(GSTHUMBNAILPATH . $path . "thumbsm." . $id)) { unlink(GSTHUMBNAILPATH . $path . "thumbsm." . $id); } if ($status) { return 'success'; } } return 'error'; }
function subpath_is_safe($path, $dir) { return path_is_safe($path . $dir, $path); }
if (isset($_POST['themesave'])) { $themesave = var_in($_POST['themesave']); if ($themesave == "default") { setcookie('gs_editor_theme', '', time() - 3600); } else { setcookie('gs_editor_theme', $themesave); } return; } $themepath = GSTHEMESPATH . tsl($template); // @todo add a way to exclude symblinks via config to add files here, or add them via alternative pathing // allow plugins all directories to this and allow other paths by adding a registration method and a secfilter here // allow themeroot, specially handle travesal protection, this breaks symblinks probably if ($template == '.' && getDef('GSTHEMEEDITROOT', true)) { if (empty($template_file)) { if (!path_is_safe($themepath . $template_file, GSTHEMESPATH, true)) { die; } } else { if (!filepath_is_safe($themepath . $template_file, GSTHEMESPATH, true)) { die; } } } else { # if no template is selected, use the default if ($template_file == '') { $template_file = 'template.php'; } if (!filepath_is_safe($themepath . $template_file, GSTHEMESPATH, true)) { die; }