/** * Parses input setup in constructor, and creates a parse tree. */ function parse_input() { /*We need to break the $this->parsed_input[SECTION_COMMAND] up into several distinct parts: - Command - Options - Parameters - Extras (e.g. I/O redirection / pipes) i.e. chmod -R 777 ./foobar >> output.txt COMMAND OPTION PARAMETER PARAMETER EXTRA */ /*Output redirection: 2&1> output.txt 2&1 > output.txt STREAM_IDENTIFIER ASSIGNMENT REDIRECT_IDENTIFIER */ $this->parse_runtime['command_length'] = strlen($this->current_input); $this->parse_runtime['parse_position'] = 0; $this->parse_runtime['current_mode'] = MODE_NORMAL; $this->parse_runtime['escape_used'] = false; $this->parse_runtime['occle_command'] = COMMAND_NATIVE; $this->parsed_input[SECTION_COMMAND] = NULL; $this->parsed_input[SECTION_OPTIONS] = array(); $this->parsed_input[SECTION_PARAMETERS] = array(); $this->parsed_input[SECTION_EXTRAS] = array(); $this->fs = object_factory('virtual_fs'); //Start parsing with the command $this->_extract_command(); if (trim($this->parsed_input[SECTION_COMMAND]) == '') { $this->output[STREAM_STDCOMMAND] = ''; $this->output[STREAM_STDHTML] = ''; $this->output[STREAM_STDOUT] = ''; $this->output[STREAM_STDERR] = do_lang('NON_COMMAND'); return; } if ($this->parse_runtime['occle_command'] == COMMAND_NATIVE) { //Options (it's an OcCLE command; not a PHP command) $this->_extract_options(); $this->_extract_parameters(); } //Extras $this->_extract_extras(); //Pre-processing: follow any extras provided $i = 0; foreach ($this->parsed_input[SECTION_EXTRAS] as $extra) { if ($extra[ASSIGNMENT] == REDIRECT_PIPE || $extra[ASSIGNMENT] == REDIRECT_INPUT) { $replacements = 0; if ($extra[ASSIGNMENT] == REDIRECT_PIPE) { if (!isset($extra[STREAM_IDENTIFIER][0])) { $extra[STREAM_IDENTIFIER] = array(STREAM_STDOUT); } $virtual_bash = new virtual_bash($extra[REDIRECT_IDENTIFIER]); $virtual_output = $virtual_bash->return_output(); $pertinant_output = $virtual_output[$extra[STREAM_IDENTIFIER][count($extra[STREAM_IDENTIFIER]) - 1]]; if ($virtual_output[STREAM_STDERR] != '') { $this->output[STREAM_STDERR] = $virtual_output[STREAM_STDERR]; } } else { $pertinant_output = $this->fs->read_file($this->fs->_pwd_to_array($extra[REDIRECT_IDENTIFIER])); if ($pertinant_output === false) { $pertinant_output = ''; } } foreach ($this->parsed_input[SECTION_PARAMETERS] as $param_no => $parameter) { //Do we have any "{".$i."}" parameters? if ($parameter == '{' . strval($i) . '}') { //NOTE: Might want to change this somehow so that other streams can be put through $this->parsed_input[SECTION_PARAMETERS][$param_no] = $pertinant_output; $replacements++; } } if ($replacements == 0) { //Just tag the input onto the end of the parameters array //NOTE: See above $this->parsed_input[SECTION_PARAMETERS][] = $pertinant_output; } $i++; } } //Handle the command: load up the relevant hook if ($this->parse_runtime['occle_command'] == COMMAND_NATIVE) { //See if it's a lone command first $hooks = find_all_hooks('modules', 'admin_occle_commands'); $hook_return = NULL; foreach (array_keys($hooks) as $hook) { if ($hook == $this->parsed_input[SECTION_COMMAND]) { require_code('hooks/modules/admin_occle_commands/' . filter_naughty_harsh($hook)); $object = object_factory('Hook_' . filter_naughty_harsh($hook)); $hook_return = $object->run($this->parsed_input[SECTION_OPTIONS], $this->parsed_input[SECTION_PARAMETERS], $this->fs); $this->parse_runtime['occle_command'] = COMMAND_LONE; break; } } if (!is_null($hook_return)) { $this->output[STREAM_STDCOMMAND] = $hook_return[0]; if (is_object($hook_return[1])) { $this->output[STREAM_STDHTML] = $hook_return[1]->evaluate(); } else { $this->output[STREAM_STDHTML] = $hook_return[1]; } $this->output[STREAM_STDOUT] = array_key_exists(2, $hook_return) ? $hook_return[2] : ''; $this->output[STREAM_STDERR] = array_key_exists(2, $hook_return) ? $hook_return[3] : ''; } else { //It's not a lone command; see if it's a script - check first in the main script dir if (file_exists(get_custom_file_base() . '/data/modules/admin_occle/' . filter_naughty_harsh($this->parsed_input[SECTION_COMMAND], true))) { $script_file = get_custom_file_base() . '/data/modules/admin_occle/' . filter_naughty_harsh($this->parsed_input[SECTION_COMMAND]); } else { $script_file = $this->_find_script_file($this->parsed_input[SECTION_COMMAND]); } //Exhaustive search if ($script_file !== false && is_readable($script_file)) { //It *is* a script, so let's run it :) $this->parse_runtime['occle_command'] = COMMAND_SCRIPT; $script_contents = unixify_line_format(file_get_contents($script_file, FILE_TEXT)); $script_lines = explode("\n", $script_contents); foreach ($script_lines as $script_line) { if (strlen($script_line) > 0) { $virtual_bash = new virtual_bash($script_line, $this->parsed_input[SECTION_PARAMETERS]); $script_output = $virtual_bash->return_output(); $this->output = $this->_combine_streams($this->output, $script_output); } } } else { //Give up: it's not a command $this->output[STREAM_STDCOMMAND] = ''; $this->output[STREAM_STDHTML] = ''; $this->output[STREAM_STDOUT] = ''; $this->output[STREAM_STDERR] = do_lang('NON_COMMAND'); return; } } } elseif ($this->parse_runtime['occle_command'] == COMMAND_PHP) { //NOTE: This is done in a separate function to limit variable interaction (due to the PHP memory implemented) $this->_handle_php_command(); } elseif ($this->parse_runtime['occle_command'] == COMMAND_SQL) { //SQL command $GLOBALS['NO_DB_SCOPE_CHECK'] = true; $occle_output = $GLOBALS['SITE_DB']->query($this->parsed_input[SECTION_COMMAND], NULL, NULL, true); $GLOBALS['NO_DB_SCOPE_CHECK'] = false; if (count($occle_output) > 100) { $occle_output = $GLOBALS['SITE_DB']->query($this->parsed_input[SECTION_COMMAND], 100, NULL, true); $occle_output[] = array('...' => '...'); } $this->output[STREAM_STDCOMMAND] = ''; $this->output[STREAM_STDHTML] = ''; $this->output[STREAM_STDOUT] = ''; $this->output[STREAM_STDERR] = ''; if (is_null($occle_output)) { $this->output[STREAM_STDERR] = do_lang('NO_RESULTS'); } else { $this->output[STREAM_STDHTML] = $this->_array_to_html($occle_output); } } //Post-processing: follow any extras provided $old_output = $this->output; foreach ($this->parsed_input[SECTION_EXTRAS] as $extra) { if (!isset($extra[STREAM_IDENTIFIER][0])) { $extra[STREAM_IDENTIFIER] = array(STREAM_STDOUT); } if (!isset($this->output[$extra[REDIRECT_IDENTIFIER]])) { // It's a file... so read in if it exists, else blank $this->output[$extra[REDIRECT_IDENTIFIER]] = $this->fs->read_file($this->fs->_pwd_to_array($extra[REDIRECT_IDENTIFIER])); if ($this->output[$extra[REDIRECT_IDENTIFIER]] === false) { $this->output[$extra[REDIRECT_IDENTIFIER]] = ''; } } $extra[ASSIGNMENT] = intval($extra[ASSIGNMENT]); foreach ($extra[STREAM_IDENTIFIER] as $stream_identifier) { if ($extra[ASSIGNMENT] == REDIRECT_OVERWRITE) { $this->output[$stream_identifier] = ''; // Because it's been taken away from here $this->output[$extra[REDIRECT_IDENTIFIER]] = $old_output[$stream_identifier]; } elseif ($extra[ASSIGNMENT] == REDIRECT_APPEND) { $this->output[$stream_identifier] = ''; // Because it's been taken away from here if (is_object($this->output[$extra[REDIRECT_IDENTIFIER]]) && is_object($old_output[$stream_identifier])) { $this->output[$extra[REDIRECT_IDENTIFIER]]->append($old_output[$stream_identifier]); } elseif (!is_object($this->output[$extra[REDIRECT_IDENTIFIER]]) && is_object($old_output[$stream_identifier])) { $this->output[$extra[REDIRECT_IDENTIFIER]] = make_string_tempcode($this->output[$extra[REDIRECT_IDENTIFIER]]); $this->output[$extra[REDIRECT_IDENTIFIER]]->append($old_output[$stream_identifier]); $this->output[$extra[REDIRECT_IDENTIFIER]] = $this->output[$extra[REDIRECT_IDENTIFIER]]->evaluate(); } elseif (is_object($this->output[$extra[REDIRECT_IDENTIFIER]]) && !is_object($old_output[$stream_identifier])) { $old_output[$stream_identifier] = make_string_tempcode($old_output[$stream_identifier]); $this->output[$extra[REDIRECT_IDENTIFIER]]->append($old_output[$stream_identifier]); } else { $this->output[$extra[REDIRECT_IDENTIFIER]] .= $old_output[$stream_identifier]; } } } if ($extra[ASSIGNMENT] == REDIRECT_OVERWRITE || $extra[ASSIGNMENT] == REDIRECT_APPEND) { if (is_object($this->output[$extra[REDIRECT_IDENTIFIER]])) { $this->output[$extra[REDIRECT_IDENTIFIER]] = $this->output[$extra[REDIRECT_IDENTIFIER]]->evaluate(); } $this->fs->write_file($this->fs->_pwd_to_array($extra[REDIRECT_IDENTIFIER]), $this->output[$extra[REDIRECT_IDENTIFIER]]); } } }
/** * The main OcCLE GUI. * * @return tempcode The UI */ function main_gui() { if (get_file_base() != get_custom_file_base()) { warn_exit(do_lang_tempcode('SHARED_INSTALL_PROHIBIT')); } $title = get_page_title('OCCLE'); $command = post_param('occle_command', ''); if ($command != '') { //We've had a normal form submission $temp = new virtual_bash($command); $commands = $temp->output_html(); } else { $commands = new ocp_tempcode(); } $content = do_template('OCCLE_MAIN', array('SUBMIT_URL' => build_url(array('page' => '_SELF'), '_SELF'), 'PROMPT' => do_lang_tempcode('COMMAND_PROMPT', escape_html($GLOBALS['FORUM_DRIVER']->get_username(get_member()))), 'COMMANDS' => $commands)); return do_template('OCCLE_MAIN_SCREEN', array('_GUID' => 'd71ef9fa2cdaf419fee64cf3d7555225', 'TITLE' => $title, 'CONTENT' => $content)); }
/** * Standard modular run function for CRON hooks. Searches for tasks to perform. */ function run() { if (!addon_installed('calendar')) { return; } require_code('calendar'); require_lang('calendar'); require_code('notifications'); $start = 0; do { $jobs = $GLOBALS['SITE_DB']->query('SELECT *,j.id AS id FROM ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'calendar_jobs j LEFT JOIN ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'calendar_events e ON e.id=j.j_event_id LEFT JOIN ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'calendar_reminders n ON n.id=j.j_reminder_id WHERE (validated=1 OR e_is_public=0) AND j_time<' . strval(time()), 300, $start); $or_list = ''; foreach ($jobs as $job) { // Build up OR list of the jobs if ($or_list != '') { $or_list .= ' OR '; } $or_list .= 'id=' . strval($job['id']); $recurrences = find_periods_recurrence($job['e_timezone'], 1, $job['e_start_year'], $job['e_start_month'], $job['e_start_day'], is_null($job['e_start_hour']) ? find_timezone_start_hour_in_utc($job['e_timezone'], $job['e_start_year'], $job['e_start_month'], $job['e_start_day']) : $job['e_start_hour'], is_null($job['e_start_minute']) ? find_timezone_start_minute_in_utc($job['e_timezone'], $job['e_start_year'], $job['e_start_month'], $job['e_start_day']) : $job['e_start_minute'], $job['e_end_year'], $job['e_end_month'], $job['e_end_day'], is_null($job['e_end_hour']) ? find_timezone_end_hour_in_utc($job['e_timezone'], $job['e_end_year'], $job['e_end_month'], $job['e_end_day']) : $job['e_end_hour'], is_null($job['e_end_minute']) ? find_timezone_end_minute_in_utc($job['e_timezone'], $job['e_end_year'], $job['e_end_month'], $job['e_end_day']) : $job['e_end_minute'], $job['e_recurrence'], min(1, $job['e_recurrences'])); // Dispatch if (is_null($job['j_reminder_id'])) { // if (!has_actual_page_access($job['e_submitter'],'admin_occle')) continue; // Someone was admin but isn't anymore Actually, really ex-admins could have placed lots of other kinds of traps. It's the responsibility of the staff to check this on a wider basis. There's no use creating tangental management complexity for just one case. if ($job['e_type'] != db_get_first_id()) { continue; } // Very strange $job_text = get_translated_text($job['e_content']); if (substr($job_text, 0, 7) == 'http://') { require_code('character_sets'); echo convert_to_internal_encoding(http_download_file($job_text)); } elseif (addon_installed('occle')) { if (is_null($GLOBALS['CURRENT_SHARE_USER'])) { // Backwards-compatibility for pure PHP code (if its creation date was before the time of writing this comment [Wednesday 22nd Match, 14:58]) if ($job['e_add_date'] < 1143046670 && !defined('HIPHOP_PHP')) { @ini_set('ocproducts.xss_detect', '0'); $to_echo = eval($job_text); if ($to_echo === false) { fatal_exit(@strval($php_errormsg)); } } else { $GLOBALS['event_timestamp'] = array_key_exists(0, $recurrences) ? usertime_to_utctime($recurrences[0][0]) : mktime($job['e_start_hour'], $job['e_start_minute'], 0, $job['e_start_month'], $job['e_start_day'], $job['e_start_year']); // OcCLE code require_code('occle'); $temp = new virtual_bash($job_text); $output = $temp->output_html(true); if (is_object($output)) { echo $output->evaluate(); } } } } $job['n_seconds_before'] = 0; } else { // Send notification if (!has_category_access($job['n_member_id'], 'calendar', strval($job['e_type']))) { continue; } $title = get_translated_text($job['e_title']); $timestamp = array_key_exists(0, $recurrences) ? usertime_to_utctime($recurrences[0][0]) : mktime($job['e_start_hour'], $job['e_start_minute'], 0, $job['e_start_month'], $job['e_start_day'], $job['e_start_year']); $date = get_timezoned_date($timestamp, true, false, false, false, $job['n_member_id']); $_url = build_url(array('page' => 'calendar', 'type' => 'view', 'id' => $job['j_event_id']), get_module_zone('calendar'), NULL, false, false, true); $url = $_url->evaluate(); $subject_tag = do_lang('EVENT_REMINDER_SUBJECT', $title, NULL, NULL, get_lang($job['n_member_id'])); $message_raw = do_lang('EVENT_REMINDER_CONTENT', comcode_escape($date), comcode_escape($url), get_translated_text($job['e_content']), get_lang($job['n_member_id'])); dispatch_notification('calendar_reminder', strval($job['e_type']), $subject_tag, $message_raw, array($job['n_member_id']), A_FROM_SYSTEM_UNPRIVILEGED); //echo $subject_tag."\n\n".$message_raw; } // Recreate job for when next reminder due (if appropriate) if (array_key_exists(1, $recurrences)) { $GLOBALS['SITE_DB']->query_insert('calendar_jobs', array('j_time' => usertime_to_utctime($recurrences[1][0]) - $job['n_seconds_before'], 'j_reminder_id' => $job['j_reminder_id'], 'j_member_id' => $job['j_member_id'], 'j_event_id' => $job['j_event_id'])); } } // Delete jobs just run if ($or_list != '') { $GLOBALS['SITE_DB']->query('DELETE FROM ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'calendar_jobs WHERE ' . $or_list); } $start += 300; } while (array_key_exists(0, $jobs)); }