} debugLog("saving profile " . $userid); if (isset($_POST['name'])) { $name = var_in($_POST['name']); } if (isset($_POST['email'])) { $email = var_in($_POST['email'], 'email'); } if (isset($_POST['timezone'])) { $timezone = var_in($_POST['timezone']); } if (isset($_POST['lang'])) { $lang = var_in($_POST['lang']); } if (isset($_POST['show_htmleditor'])) { $htmleditor = var_in($_POST['show_htmleditor']); } else { $htmleditor = ''; } # check to see if passwords are changing if (isset($_POST['sitepwd'])) { $pwd1 = $_POST['sitepwd']; } if (isset($_POST['sitepwd_confirm'])) { $pwd2 = $_POST['sitepwd_confirm']; } // do password checking if ($pwd1 != $pwd2 || $adding === true && (empty($pwd1) || $pwd1 !== $pwd2)) { # passwords do not match if changing or adding users passwords $error = i18n_r('PASSWORD_NO_MATCH'); $password = '';
* @package GetSimple * @subpackage Theme */ # setup inclusions $load['plugin'] = true; include 'inc/common.php'; login_cookie_check(); # variable settings $path = GSDATAOTHERPATH; $file = GSWEBSITEFILE; $theme_options = ''; # was the form submitted? if (isset($_POST['submitted']) && isset($_POST['template'])) { check_for_csrf("activate"); # get passed value from form $newTemplate = var_in($_POST['template']); if (!path_is_safe(GSTHEMESPATH . $newTemplate, GSTHEMESPATH)) { die; } # backup old GSWEBSITEFILE (website.xml) file $bakpath = GSBACKUPSPATH . getRelPath(GSDATAOTHERPATH, GSDATAPATH); // backups/other/ createBak($file, $path, $bakpath); # udpate GSWEBSITEFILE (website.xml) file with new theme $xml = new SimpleXMLExtended('<item></item>'); $note = $xml->addChild('SITENAME'); $note->addCData($SITENAME); $note = $xml->addChild('SITEURL'); $note->addCData($SITEURL); $note = $xml->addChild('TEMPLATE'); $note->addCData($newTemplate);
} else { $draft = false; // @todo this is to force no draft on new pages until we allow drafts // prefill fields if provided $title = isset($_GET['title']) ? var_in($_GET['title']) : ''; $template = isset($_GET['template']) ? var_in($_GET['template']) : ''; $parent = isset($_GET['parent']) ? var_in($_GET['parent']) : ''; $menu = isset($_GET['menu']) ? var_in($_GET['menu']) : ''; $private = isset($_GET['private']) ? var_in($_GET['private']) : ''; $menuStatus = isset($_GET['menuStatus']) ? var_in($_GET['menuStatus']) : ''; $menuOrder = isset($_GET['menuOrder']) ? var_in($_GET['menuOrder']) : ''; $titlelong = isset($_GET['titlelong']) ? var_in($_GET['titlelong']) : ''; $summary = isset($_GET['summary']) ? var_in($_GET['summary']) : ''; $metarNoIndex = isset($_GET['metarNoIndex']) ? var_in($_GET['metarNoIndex']) : ''; $metarNoFollow = isset($_GET['metarNoFollow']) ? var_in($_GET['metarNoFollow']) : ''; $metarNoArchive = isset($_GET['metarNoArchive']) ? var_in($_GET['metarNoArchive']) : ''; $buttonname = i18n_r('BTN_SAVEPAGE'); } $newdraft = $draft && !$draftExists; // (bool) is this a new never saved draft? $path = find_url($url, $parent); // make select box of available theme templates if ($template == '') { $template = GSTEMPLATEFILE; } $themes_path = GSTHEMESPATH . $TEMPLATE; $themes_handle = opendir($themes_path) or die("Unable to open " . GSTHEMESPATH); while ($getfile = readdir($themes_handle)) { if (isFile($getfile, $themes_path, 'php')) { // exclude functions.php, and include files .inc.php if ($getfile != 'functions.php' && substr(strtolower($getfile), -8) != '.inc.php' && substr($getfile, 0, 1) !== '.') {
} if (isset($_GET['upd'])) { $update = var_in($_GET['upd']); } if (isset($_GET['success'])) { $success = var_in($_GET['success']); } if (isset($_GET['error'])) { $error = var_in($_GET['error']); } // if(isset($_GET['err'])) $err = var_in($_GET['err']); // deprecated not used if (isset($_GET['id'])) { $errid = var_in($_GET['id']); } if (isset($_GET['old'])) { $oldid = var_in($_GET['old']); } if (isset($_GET['updated']) && $_GET['updated'] == 1) { $success = i18n_r('SITE_UPDATED'); } // for update.php only switch ($update) { case 'bak-success': doNotify(sprintf(i18n_r('ER_BAKUP_DELETED'), $errid) . '</p>', 'success'); break; case 'bak-err': doNotify('<b>' . i18n_r('ERROR') . ':</b> ' . i18n_r('ER_REQ_PROC_FAIL'), 'error'); break; case 'edit-success': if ($ptype == 'edit' && !isset($oldid)) { doNotify(sprintf(i18n_r('ER_YOUR_CHANGES'), $id) . '. <a href="backup-edit.php?p=restore&id=' . $id . '&nonce=' . get_nonce("restore", "backup-edit.php") . '">' . i18n_r('UNDO') . '</a>', 'success');
* * Code to either create or edit a page. This is the action page * for the form on edit.php * * @package GetSimple * @subpackage Page-Edit */ // Setup inclusions $load['plugin'] = true; // Include common.php include 'inc/common.php'; login_cookie_check(); $draft = isset($_GET['nodraft']) || isset($_POST['post-nodraft']) || !getDef('GSUSEDRAFTS', true) ? false : true; // (bool) using draft pages if (isset($_GET['publish']) && isset($_GET['id'])) { $id = var_in(_id($_GET['id'])); safemodefail('publish', 'edit.php?id=' . $id); if (!filepath_is_safe(GSDATADRAFTSPATH . $id . '.xml', GSDATADRAFTSPATH)) { $status = false; } else { $status = publishDraft($id); } if ($status) { exec_action('draft-publish'); // @hook draft-publish a draft was published generate_sitemap(); // regenerates sitemap } redirect("pages.php?id=" . $id . "&upd=publish-" . ($status ? 'success' : 'error')); die; }
if (isset($_POST['template'])) { // $TEMPLATE = $_POST['template']; } if (isset($_POST['prettyurls'])) { $PRETTYURLS = $_POST['prettyurls']; } else { $PRETTYURLS = ''; } if (isset($_POST['email'])) { $SITEEMAIL = var_in($_POST['email'], 'email'); } if (isset($_POST['timezone'])) { $SITETIMEZONE = var_in($_POST['timezone']); } if (isset($_POST['lang'])) { $SITELANG = var_in($_POST['lang']); } // check valid lang files if (!in_array($LANG . '.php', $lang_array) and !in_array($LANG . '.PHP', $lang_array)) { die; } # create website xml file $bakpath = GSBACKUPSPATH . getRelPath(GSDATAOTHERPATH, GSDATAPATH); // backups/other/ createBak(GSWEBSITEFILE, GSDATAOTHERPATH, $bakpath); $xmls = new SimpleXMLExtended('<item></item>'); $note = $xmls->addChild('SITENAME'); $note->addCData($SITENAME); $note = $xmls->addChild('SITEURL'); $note->addCData($SITEURL); $note = $xmls->addChild('TEMPLATE');
* * Displays all pages * * @package GetSimple * @subpackage Page-Edit */ // Setup inclusions $load['plugin'] = true; // Include common.php include 'inc/common.php'; login_cookie_check(); exec_action('load-pages'); // Variable settings // inputs for error_checking $id = isset($_GET['id']) ? var_in($_GET['id']) : null; $ptype = isset($_GET['type']) ? var_in($_GET['type']) : null; $path = GSDATAPAGESPATH; $counter = '0'; $table = ''; // cloning a page if (isset($_GET['action']) && isset($_GET['id']) && $_GET['action'] == 'clone') { check_for_csrf("clone", "pages.php"); $status = clone_page($_GET['id']); if ($status !== false) { exec_action('page-clone'); // @hook page-clone page was cloned redirect('pages.php?upd=clone-success&id=' . $status); } else { $error = sprintf(i18n_r('CLONE_ERROR'), var_out($_GET['id'])); redirect('pages.php?error=' . $error); }
$template = $TEMPLATE; $theme_templates = ''; # were changes submitted? if (isset($_GET['t'])) { $_GET['t'] = strippath($_GET['t']); if ($_GET['t'] && is_dir(GSTHEMESPATH . $_GET['t'] . '/')) { $template = $_GET['t']; } } if (isset($_GET['f'])) { if (is_file(GSTHEMESPATH . $template . '/' . $_GET['f'])) { $template_file = $_GET['f']; } } if (isset($_POST['themesave'])) { $themesave = var_in($_POST['themesave']); if ($themesave == "default") { setcookie('gs_editor_theme', '', time() - 3600); } else { setcookie('gs_editor_theme', $themesave); } return; } $themepath = GSTHEMESPATH . tsl($template); // prevent traversal if ($template_file != '' and !filepath_is_safe($themepath . $template_file, $themepath)) { die(i18n_r('INVALID_OPER')); } # if no template is selected, use the default if ($template_file == '') { $template_file = GSTEMPLATEFILE;
if (isset($_POST['prettyurls'])) { $PRETTYURLS = $_POST['prettyurls']; } else { $PRETTYURLS = ''; } if (isset($_POST['email'])) { $SITEEMAIL = var_in($_POST['email'], 'email'); } if (isset($_POST['timezone'])) { $SITETIMEZONE = var_in($_POST['timezone']); } if (isset($_POST['lang'])) { $SITELANG = var_in($_POST['lang']); } if (isset($_POST['about'])) { $SITEABOUT = var_in($_POST['about']); } // check valid lang files if (!in_array($LANG . '.php', $lang_array) and !in_array($LANG . '.PHP', $lang_array)) { die; } # create website xml file backup_datafile(GSDATAOTHERPATH . GSWEBSITEFILE); // new xml $xmls = new SimpleXMLExtended('<item></item>'); $note = $xmls->addChild('SITENAME'); $note->addCData($SITENAME); $note = $xmls->addChild('SITEURL'); $note->addCData($SITEURLNEW); $note = $xmls->addChild('TEMPLATE'); $note->addCData($TEMPLATE);
} case 'bak-success': // backup delete success doNotify(sprintf(i18n_r('ER_BAKUP_DELETED'), $errid) . '</p>', 'success'); if (!$dbn) { break; } case 'bak-err': // backup general error doNotify('<b>' . i18n_r('ERROR') . ':</b> ' . i18n_r('ER_REQ_PROC_FAIL'), 'error'); if (!$dbn) { break; } case 'edit-success': if (!isset($ptype) && isset($_GET['ptype'])) { $ptype = var_in($_GET['ptype']); } // preset update tokens $draftqs = ''; if (isset($_GET['upd-draft']) || isset($upddraft) && $upddraft == true) { $draftqs = '&draft'; $dispid = $id . ' (' . titlecase(i18n_r('LABEL_DRAFT')) . ')'; } else { $dispid = $id; } if ($ptype == 'edit' && !isset($oldid)) { // page edit changes saved, undo, restore doNotify(sprintf(i18n_r('ER_YOUR_CHANGES'), $dispid) . '. <a href="backup-edit.php?p=restore&id=' . $id . $draftqs . '&nonce=' . get_nonce("restore", "backup-edit.php") . '">' . i18n_r('UNDO') . '</a>', 'success', true); } elseif ($ptype == 'edit' && isset($oldid)) { // page edit changes saved, undo, restore with slug change doNotify(sprintf(i18n_r('ER_YOUR_CHANGES'), $dispid) . '. <a href="backup-edit.php?p=restore&id=' . $oldid . '&new=' . $id . $draftqs . '&nonce=' . get_nonce("restore", "backup-edit.php") . '">' . i18n_r('UNDO') . '</a>', 'success', true);
$uploadsPathRel = getRelPath(GSDATAUPLOADPATH); $path = isset($_GET['path']) ? $uploadsPath . $_GET['path'] : $uploadsPath; $subPath = isset($_GET['path']) ? $_GET['path'] : ""; if (!path_is_safe($path, GSDATAUPLOADPATH)) { die; } $returnid = isset($_GET['returnid']) ? var_in($_GET['returnid']) : ""; $func = isset($_GET['func']) ? $_GET['func'] : ""; $path = tsl($path); // check if host uses Linux (used for displaying permissions $isUnixHost = strtoupper(substr(PHP_OS, 0, 3)) === 'WIN' ? false : true; $CKEditorFuncNum = isset($_GET['CKEditorFuncNum']) ? var_in($_GET['CKEditorFuncNum']) : ''; $sitepath = $SITEURL; $fullPath = $SITEURL . $uploadsPathRel; // url path to image $type = isset($_GET['type']) ? var_in($_GET['type']) : ''; global $LANG; $LANG_header = preg_replace('/(?:(?<=([a-z]{2}))).*/', '', $LANG); ?> <!DOCTYPE html> <html lang="<?php echo $LANG_header; ?> "> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title><?php echo i18n_r('FILE_BROWSER'); ?> </title>