private function onAdd()
{
$form = $this->formAdd();
if (false !== ($error = $form->validate($this->module))) {
return $error . $this->templateAdd();
}
$file = $form->getVar('file');
$tmp = $file['tmp_name'];
$postid = $this->post->getID();
$userid = GWF_Session::getUserID();
$options = 0;
$options |= isset($_POST['guest_view']) ? GWF_ForumAttachment::GUEST_VISIBLE : 0;
$options |= isset($_POST['guest_down']) ? GWF_ForumAttachment::GUEST_DOWNLOAD : 0;
# Put in db
$attach = new GWF_ForumAttachment(array('fatt_aid' => 0, 'fatt_uid' => $userid, 'fatt_pid' => $postid, 'fatt_mime' => GWF_Upload::getMimeType($tmp), 'fatt_size' => filesize($tmp), 'fatt_downloads' => 0, 'fatt_filename' => $file['name'], 'fatt_options' => $options, 'fatt_date' => GWF_Time::getDate(GWF_Date::LEN_SECOND)));
if (false === $attach->insert()) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
$aid = $attach->getID();
# Copy file
$path = $attach->dbimgPath();
if (false === GWF_Upload::moveTo($file, $path)) {
@unlink($tmp);
return GWF_HTML::err('ERR_WRITE_FILE', $path);
}
@unlink($tmp);
$this->post->increase('post_attachments', 1);
return $this->module->message('msg_attach_added', array($this->post->getShowHREF()));
}
public function execute()
{
if ('' === ($filename = Common::getGetString('filename'))) {
return GWF_Error::err('ERR_NO_PERMISSION');
}
$path = $this->module->getContentPath();
$filename = $path . '/' . $filename;
if (!Common::isFile($filename)) {
return GWF_Error::err404($filename);
}
GWF_Upload::outputFile($filename);
}
private function templateAttach(GWF_ForumAttachment $attach, GWF_ForumPost $post, $user)
{
$path = $attach->dbimgPath();
$mime = $attach->getVar('fatt_mime');
$as_attach = !$attach->isImage();
$filename = $as_attach ? $attach->getVar('fatt_filename') : true;
if ($as_attach) {
$attach->increase('fatt_downloads', 1);
}
GWF_Upload::outputFile($path, $as_attach, $mime, $filename);
die;
}
private function onPurge()
{
$form = $this->formPurge();
if (false !== ($error = $form->validate($this->module))) {
return $error . $this->templatePurge();
}
$table = GDO::table('GWF_VersionFiles');
if (false === $table->truncate()) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
GWF_VersionFiles::populateAll();
return $this->module->message('msg_purged', array($table->countRows(), GWF_Upload::humanFilesize(GWF_VersionFiles::getSizeUnpacked())));
}
public static function onUpload(Module_PageBuilder $module)
{
if (false !== ($error = GWF_Form::validateCSRF_WeakS())) {
return $error;
}
if (false === ($file = GWF_Upload::getFile('file'))) {
return GWF_HTML::err('ERR_MISSING_UPLOAD');
}
$back = '';
# TODO: There are more unsafe languages!
# But we want to keep the file extension.
# Not really a big deal, unless you have malicious admin users.
$name = $file['name'];
// $name = str_replace(array('/', '\\'), '', $name);
// $forbidden = array('.php',/* '.pl', '.py', '.asp'*/);
// foreach ($forbidden as $ext)
// {
// if (Common::endsWith($name, $ext))
// if (Common::endsWith($name, '.php'))
// {
// $name .= '.html';
// $back .= $module->error('err_file_ext');
// return $back;
// }
// }
# This is evil, sometimes even with foo.php.html
if (stripos($name, '.php') !== false) {
return $module->error('err_file_ext');
}
# We do a sanity check here
if (!preg_match('#^[a-z0-9_][a-z0-9_\\.]{0,62}$#iD', $name)) {
$back .= $module->error('err_file_name');
return $back;
}
# Copy the file
$path = 'dbimg/content/' . $name;
$epath = htmlspecialchars($path);
if (Common::isFile($path)) {
return $back . $module->error('err_upload_exists');
}
if (false === GWF_Upload::moveTo($file, $path)) {
return $back . GWF_HTML::err('ERR_WRITE_FILE', array($epath));
}
# Is bbcode mode?
$bbcode = (Common::getPostInt('type', 0) & (GWF_Page::HTML | GWF_Page::SMARTY)) === 0;
# Append to page content as image or anchor.
$_POST['content'] .= self::fileToContent($name, $path, $bbcode);
return $module->message('msg_file_upped', array($epath));
}
private function templateUpgrade()
{
$haveError = false;
$modules = GWF_Module::loadModulesFS();
GWF_Module::sortModules($modules, 'module_name', 'asc');
# No ZIP extension?
if (!class_exists('ZipArchive', false)) {
return $this->module->error('err_no_zip');
}
// require_once 'core/inc/util/GWF_ZipArchive.php';
# Populate the DB again
GWF_VersionFiles::populateAll();
# Open temp manifest file.
$manifestName = sprintf('extra/temp/upgrade_manifest_%s_%s.gwf_manifest', $this->client->getVar('vsc_uid'), $this->datestamp);
if (false === ($fhManifest = fopen($manifestName, 'w'))) {
return GWF_HTML::err('ERR_WRITE_FILE', array($manifestName));
}
# Create ZIP
$archive = new GWF_ZipArchive();
$archivename = sprintf('extra/temp/upgrade_%s_%s.zip', $this->client->getVar('vsc_uid'), $this->datestamp);
if (false === $archive->open($archivename, ZipArchive::CREATE | ZipArchive::CM_REDUCE_4)) {
fclose($fhManifest);
return $this->module->error('err_zip', __FILE__, __LINE__);
}
$files = GDO::table('GWF_VersionFiles');
if (false === ($result = $files->queryReadAll('', 'vsf_path ASC'))) {
// if (false === ($result = $files->queryReadAll("vsf_date>='$this->datestamp'", "vsf_path ASC"))) {
// if (false === ($result = $files->queryAll())) {
fclose($fhManifest);
$archive->close();
@unlink($archivename);
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
fprintf($fhManifest, 'GWF2:DATESTAMP:%s' . PHP_EOL, date('YmdHis'));
while (false !== ($file = $files->fetchObject($result))) {
// echo GWF_HTML::message('VS_Upgrade', 'Adding File: '.$file->getVar('vsf_path'));
$file instanceof GWF_VersionFiles;
if (!$this->client->ownsModule($file->getVar('vsf_module'))) {
continue;
}
if (!$this->client->ownsDesign($file->getVar('vsf_design'))) {
continue;
}
$path = $file->getVar('vsf_path');
if (!file_exists($path)) {
$file->delete();
continue;
}
if (!is_readable($path)) {
echo GWF_HTML::err('ERR_FILE_NOT_FOUND', array($path));
$haveError = true;
break;
}
// is file new?
$isNew = $file->getVar('vsf_date') >= $this->datestamp;
if ($isNew) {
// add it to archive
if (false === $archive->addFile($path)) {
echo GWF_HTML::err('ERR_WRITE_FILE', array($file->getVar('vsf_path')));
$haveError = true;
break;
}
}
// echo GWF_HTML::message('VS_Upgrade', 'Added File: '.$file->getVar('vsf_path'));
// write manifest info
fwrite($fhManifest, $file->asManifest($isNew));
}
fclose($fhManifest);
if (false === $archive->addFile($manifestName)) {
echo GWF_HTML::err('ERR_WRITE_FILE', array($manifestName));
$haveError = true;
}
if (false === $archive->close()) {
echo GWF_HTML::err('ERR_WRITE_FILE', array($archivename));
$haveError = true;
}
if (!$haveError) {
GWF_Upload::outputFile($archivename);
}
// Delete stuff??
@unlink($manifestName);
@unlink($archivename);
return '';
}
private static function debugFooter($precision = 4)
{
$db = gdo_db();
$queries = $db->getQueryCount();
$writes = $db->getQueryWriteCount();
$t_total = microtime(true) - GWF_DEBUG_TIME_START;
$t_mysql = $db->getQueryTime();
$t_php = $t_total - $t_mysql;
$f = sprintf('%%0.%dfs', (int) $precision);
$bd = '';
#self::debugBrowser();
$mem = GWF_Upload::humanFilesize(memory_get_peak_usage(true));
$mods = GWF_Module::getModulesLoaded();
return sprintf("<div>%d Queries (%d writes) in {$f} - PHP Time: {$f} - Total Time: {$f}. Memory: %s<br/>Modules loaded: %s</div>", $queries, $writes, $t_mysql, $t_php, $t_total, $mem, $mods) . $bd;
}
private function inspectArchive(Module_VersionClient $module)
{
$archivename = $this->getArchiveName();
if (false === ($fh = fopen($archivename, 'r'))) {
return GWF_HTML::err('ERR_FILE_NOT_FOUND', array($archivename));
}
if (false === ($magic = fread($fh, 2))) {
fclose($fh);
return GWF_HTML::err('ERR_FILE_NOT_FOUND', array($archivename));
}
fclose($fh);
if ($magic === 'PK') {
echo $module->message('msg_update_archive_ok', array(GWF_Upload::humanFilesize(filesize($archivename))));
return false;
}
return GWF_HTML::errorAjax(file_get_contents($archivename));
}
private function onReup(GWF_Download $dl)
{
$form = $this->getFormReup($dl);
if (false !== ($err = $form->validate($this->module))) {
return $err . $this->templateEdit($dl);
}
if (false === ($file = $form->getVar('file'))) {
return $this->module->error('err_file') . $this->templateEdit($dl);
}
if ($this->module->isModerated($this->module)) {
return GWF_HTML::err('ERR_NO_PERMISSION') . $this->templateEdit($dl);
}
$tempname = 'dbimg/dl/' . $dl->getVar('dl_id');
if (false === ($file = GWF_Upload::moveTo($file, $tempname))) {
return GWF_HTML::err('ERR_WRITE_FILE', array($tempname)) . $this->templateEdit($dl);
}
if (false === $dl->saveVars(array('dl_uid' => GWF_Session::getUserID(), 'dl_mime' => GWF_Upload::getMimeType($file['tmp_name']), 'dl_date' => GWF_Time::getDate(GWF_Date::LEN_SECOND)))) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
return $this->module->message('msg_uploaded') . $this->templateEdit($dl);
}
$a instanceof GWF_ForumAttachment;
if (!$a->canSee(GWF_Session::getUser())) {
$attach .= '<p>' . $tLang->lang('info_hidden_attach_guest');
continue;
}
$edit = GWF_Button::edit($a->hrefEdit(), $tLang->lang('btn_edit_attach'));
$att_name = $a->display('fatt_filename');
if ($a->isImage()) {
$attach .= sprintf('<div><img src="%s" title="%s" alt="%s" /></div>', $a->hrefDownload(), $att_name, $att_name);
if ($can_edit) {
$attach .= sprintf('<div>%s</div>', $edit);
}
} else {
$attach .= '<div class="gwf_attachment">' . PHP_EOL;
$attach .= sprintf('<div>%s: <a href="%s">%s</a></div>', $tLang->lang('th_file_name'), $a->hrefDownload(), $att_name);
$attach .= sprintf('<div>%s: %s</div>', $tLang->lang('th_file_size'), GWF_Upload::humanFilesize($a->getVar('fatt_size')));
$attach .= sprintf('<div>%s: %s</div>', $tLang->lang('th_downloads'), $a->getVar('fatt_downloads'));
if ($can_edit) {
$attach .= sprintf('<div>%s</div>', $edit);
}
$attach .= '</div>' . PHP_EOL;
}
}
$attach .= '</div>' . PHP_EOL;
}
?>
<div class="gwf_post_msg">
<?php
echo '<div id="gwf_forum_post_' . $post->getVar('post_pid') . '">' . $post->displayMessage($tVars['term']) . '</div>';
echo $attach;
private function uploadedFile(GWF_Form $form)
{
if (false === ($file = $form->getVar('file'))) {
// echo $this->module->error('err_file');
return;
}
$tempname = 'dbimg/dl/' . basename($file['tmp_name']);
if (false === ($file = GWF_Upload::moveTo($file, $tempname))) {
echo GWF_HTML::err('ERR_WRITE_FILE', array($tempname));
}
GWF_Session::set(self::SESS_FILE, $file);
}
<p><?php
echo $tLang->lang('pi_add', array(GWF_Upload::humanFilesize($tVars['max_size'])));
?>
</p>
<?php
echo $tVars['form'];
public function onZipC()
{
# Create ZIP
$archive = new GWF_ZipArchive();
chdir(GWF_PATH);
$archivename = $this->getArchiveName();
if (false === $archive->open($archivename, ZipArchive::CREATE | ZipArchive::CM_REDUCE_4)) {
return $this->module->error('err_zip', array(__FILE__, __LINE__));
}
# ZIP STUFF
# Core
if (false === $this->zipDir($archive, 'core/inc')) {
return $this->module->error('err_zip', array(__FILE__, __LINE__));
}
# ZIP Module(Groups)
foreach ($_POST as $group => $checked) {
if (!Common::startsWith($group, 'mod_')) {
continue;
}
# zip dir recursive, do not ignore style
if (false === $this->zipDir($archive, 'core/module/' . substr($group, 4), true, false)) {
return $this->module->error('err_zip', array(__FILE__, __LINE__));
}
}
# 3rd Party Core
// if (false === ($this->zipDir($archive, 'inc3p'))) {
// return $this->module->error('err_zip', array(__FILE__, __LINE__));
// }
# Smarty
// if (false === ($this->zipDir($archive, 'smarty_lib'))) {
// return $this->module->error('err_zip', array(__FILE__, __LINE__));
// }
# JS
if (false === $this->zipDir($archive, 'www/js')) {
return $this->module->error('err_zip', array(__FILE__, __LINE__));
}
# Installer
if (false === $this->zipDir($archive, 'www/install')) {
return $this->module->error('err_zip', array(__FILE__, __LINE__));
}
# Base Lang
if (false === $this->zipDir($archive, 'core/lang')) {
return $this->module->error('err_zip', array(__FILE__, __LINE__));
}
# Images
if (false === $this->zipDir($archive, 'www/img', false)) {
return $this->module->error('err_zip', array(__FILE__, __LINE__));
}
// if (false === ($this->zipDir($archive, 'img/default/country', false))) {
// return $this->module->error('err_zip', array(__FILE__, __LINE__));
// }
// if (false === ($this->zipDir($archive, 'img/default/smile', false))) {
// return $this->module->error('err_zip', array(__FILE__, __LINE__));
// }
# Temp
if (false === $this->addEmptyDirs($archive, self::$tempdirs)) {
return $this->module->error('err_zip', array(__FILE__, __LINE__));
}
# Fonts
if (false === $this->zipDir($archive, 'extra/font')) {
return $this->module->error('err_zip', array(__FILE__, __LINE__));
}
# Templates
if (false === $this->zipDir($archive, 'www/tpl', true, false)) {
return $this->module->error('err_zip', array(__FILE__, __LINE__));
}
# Root Files
if (false === $this->addFiles($archive, self::$rootfiles)) {
return $this->module->error('err_zip', array(__FILE__, __LINE__));
}
# Protected Dirs
// if (false === $this->zipDirs($archive, self::$protected_dirs)) {
// return $this->module->error('err_zip', array(__FILE__, __LINE__));
// }
# Protected Files
if (false === $this->addFiles($archive, self::$protected_files)) {
return $this->module->error('err_zip', array(__FILE__, __LINE__));
}
# Module Extra Files and Dirs
if (false === $this->zipDirs($archive, $this->getModuleExtraDirs())) {
return $this->module->error('err_zip', array(__FILE__, __LINE__));
}
if (false === $this->addFiles($archive, $this->getModuleExtraFiles())) {
return $this->module->error('err_zip', array(__FILE__, __LINE__));
}
// chdir(GWF_WWW_PATH);
$total_files = $archive->getTotalFilesCounter();
if (false === $archive->close()) {
return $this->module->error('err_zip', array(__FILE__, __LINE__));
}
$this->has_error = false;
return $this->module->message('msg_zipped', array($archivename, GWF_Upload::humanFilesize(filesize($archivename)), $total_files));
}
private function onZip()
{
$client = GWF_Client::getClient(GWF_Session::getUserID());
$rand = Common::randomDateStamp();
$archivename = 'dbimg/gwf_purchase_' . $rand . '.zip';
$zipper = $this->module->getMethod('Zipper');
$zipper instanceof VersionServer_Zipper;
$zipper->setArchiveName($archivename);
$error = $zipper->onZip($client->getModuleNames(), 'default');
if ($zipper->hasError()) {
return $error;
}
GWF_Upload::outputFile($archivename, 'arc/zip');
return $error;
}
private function unReUpload(array $file, GWF_ForumAttachment $attach)
{
$temp = $file['tmp_name'];
$target = $attach->dbimgPath();
$success = GWF_Upload::moveTo($file, $target);
@unlink($temp);
if (!$success) {
return GWF_HTML::err('ERR_WRITE_FILE', $target);
}
if (false === $attach->saveVars(array('fatt_mime' => GWF_Upload::getMimeType($target), 'fatt_size' => filesize($target), 'fatt_downloads' => 0, 'fatt_filename' => $file['name'], 'fatt_date' => GWF_Time::getDate(GWF_Date::LEN_SECOND)))) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
return false;
}
private static function validateMissingVars($context, GWF_Form $form, $validator)
{
$errors = array();
$check_sent = $form->getMethod() === GWF_Form::METHOD_POST ? $_POST : $_GET;
$check_need = array();
// var_dump($_POST);
foreach ($form->getFormData() as $key => $data) {
if (in_array($data[0], self::$SKIPPERS, true)) {
unset($check_sent[$key]);
continue;
}
switch ($data[0]) {
case GWF_Form::VALIDATOR:
break;
case GWF_Form::SELECT_A:
unset($check_sent[$key]);
break;
case GWF_Form::TIME:
$check_need[] = $key . 'h';
$check_need[] = $key . 'i';
break;
case GWF_Form::DATE:
case GWF_Form::DATE_FUTURE:
switch ($data[4]) {
case 14:
$check_need[] = $key . 's';
case 12:
$check_need[] = $key . 'i';
case 10:
$check_need[] = $key . 'h';
case 8:
$check_need[] = $key . 'd';
case 6:
$check_need[] = $key . 'm';
case 4:
$check_need[] = $key . 'y';
break;
default:
die('Date field is invalid in form!');
}
break;
case GWF_Form::SUBMITS:
case GWF_Form::SUBMIT_IMGS:
foreach (array_keys($data[1]) as $key) {
// if (false !== ($i = array_search($key, $check_sent, true))) {
// unset ($check_sent[$i]);
// }
unset($check_sent[$key]);
}
break;
case GWF_Form::FILE:
if (false === GWF_Upload::getFile($key)) {
$check_need[] = $key;
}
break;
case GWF_Form::INT:
case GWF_Form::STRING:
if (Common::endsWith($key, ']')) {
$key = Common::substrUntil($key, '[');
if (!in_array($key, $check_need)) {
$check_need[] = $key;
}
break;
}
default:
$check_need[] = $key;
break;
}
}
// var_dump($check_need);
foreach ($check_need as $key) {
if (!isset($check_sent[$key])) {
$errors[] = GWF_HTML::lang('ERR_MISSING_VAR', array(htmlspecialchars($key)));
} else {
unset($check_sent[$key]);
}
}
foreach ($check_sent as $key => $value) {
$errors[] = GWF_HTML::lang('ERR_POST_VAR', array(htmlspecialchars($key)));
}
return count($errors) === 0 ? false : $errors;
}
public function onUpload(WC_Challenge $chall)
{
$module = Module_WeChall::instance();
$form = $this->getForm($chall);
if (false === ($file = $form->getVar('image'))) {
return GWF_HTML::error('Smile', array($chall->lang('err_no_image')));
}
if (!GWF_Upload::isImageFile($file)) {
return GWF_HTML::error('Smile', array($chall->lang('err_no_image')));
}
if (false === GWF_Upload::resizeImage($file, 64, 64, 16, 16)) {
return GWF_HTML::error('Smile', array($chall->lang('err_no_image')));
}
$whitelist = array('.jpg', '.jpeg', '.gif', '.png');
$filename = $file['name'];
$allowed = false;
foreach ($whitelist as $allow) {
if (Common::endsWith($filename, $allow)) {
$allowed = true;
break;
}
}
if (strpos($filename, '.php') !== false) {
$allowed = false;
}
if (!preg_match('/^[\\x00-\\x7f]+$/D', $filename)) {
return GWF_HTML::error('Smile Path', array($chall->lang('err_ascii')));
}
if (!$allowed) {
return GWF_HTML::error('Smile', array($chall->lang('err_no_image')));
}
$fullpath = "challenge/livinskull/smile/smiles/{$filename}";
$efp = htmlspecialchars($fullpath);
if (false === ($file = GWF_Upload::moveTo($file, $fullpath))) {
return GWF_HTML::err('ERR_WRITE_FILE', array($efp));
}
$efp = htmlspecialchars($fullpath);
$rule = htmlspecialchars("<img src=\"/{$efp}\" />");
return GWF_HTML::message('Smile', $chall->lang('msg_uploaded', array($rule)));
}
private function saveAvatar(array $file)
{
if (!GWF_Upload::isImageFile($file)) {
return $this->module->error('err_no_image');
}
if (false === GWF_Upload::resizeImage($file, $this->module->cfgAvatarMaxWidth(), $this->module->cfgAvatarMaxHeight(), $this->module->cfgAvatarMinWidth(), $this->module->cfgAvatarMinHeight())) {
return $this->module->error('err_no_image');
}
$user = GWF_Session::getUser();
$uid = $user->getID();
if (false === ($file = GWF_Upload::moveTo($file, 'dbimg/avatar/' . $uid))) {
return $this->module->error('err_write_avatar');
}
$user->saveOption(GWF_User::HAS_AVATAR, true);
$user->increase('user_avatar_v', 1);
return $this->module->message('msg_avatar_saved');
}
public function isImage()
{
return GWF_Upload::isImageMime($this->getVar('fatt_mime'));
}
<?php
$lang = array('en' => array('help' => 'Usage: %CMD%. Print memory usage statistics.', 'usage' => 'Currently there are %s in use. Max memory peak was %s.'), 'de' => array('help' => 'Nutze: %CMD%. Gibt Statistiken über die Speichernutzung aus.', 'usage' => 'Zur Zeit werden %s Speicher verwendet. Die maximale Auslastung betrug %s.'));
Dog::getPlugin()->rply('usage', array(GWF_Upload::humanFilesize(memory_get_usage(true), '1000'), GWF_Upload::humanFilesize(memory_get_peak_usage(true), '1000')));
public function onSetLogo(WC_Site $site, $is_admin)
{
$form = $this->getFormLogo($site, $is_admin);
if (false !== ($errors = $form->validate($this->module))) {
return $errors;
}
# Upload Icon
if (false === ($file = $form->getVar('new_logo'))) {
return $this->module->error('err_no_logo');
}
// if (!(GWF_Upload::isImageFile($file))) {
// return $this->module->error('err_no_logo');
// }
if (false === GWF_Upload::resizeImage($file, 32, 32, 32, 32)) {
return $this->module->error('err_no_logo');
}
$sid = $site->getID();
$filename = 'dbimg/logo/' . $sid;
if (false === ($file = GWF_Upload::moveTo($file, $filename))) {
return $this->module->error('err_write_logo', array($filename));
}
# Convert to GIF
if (false === ($img = imagecreatefromstring(file_get_contents($filename)))) {
return $this->module->error('err_no_logo');
}
$filenamegif = 'dbimg/logo_gif/' . $sid . '.gif';
if (false === imagegif($img, $filenamegif)) {
return $this->module->error('err_write_logo', array($filenamegif));
}
imagedestroy($img);
$site->increase('site_logo_v', 1);
$site->saveOption(WC_Site::HAS_LOGO);
}
