$top_message['content'] = cw_get_langvar_by_name("msg_err_file_read_permission_denied"); $top_message['type'] = "E"; fo_local_log_add('Open file', false, "Filename: " . $file); cw_header_location($action_script . "&dir={$dir}" . $opener_str); } else { $op_status = true; if (@getimagesize($path)) { $smarty->assign('file_type', 'image'); } else { $smarty->assign('filebody', file($path)); } } $smarty->assign('filename', $file); $smarty->assign('main', "edit_file"); } else { $maindir = cw_allowed_path($root_dir, $root_dir . $dir); if ($maindir === false) { $maindir = $root_dir; } if ($dh = @opendir($maindir)) { while (($file = readdir($dh)) !== false) { if ($file == "." || preg_match("/^\\.[^.]/S", $file)) { continue; } $dir_entries[] = array("file" => $file, "href" => $file == ".." ? ereg_replace("\\/[^\\/]*\$", "", $dir) : "{$dir}/{$file}", "filetype" => @filetype($maindir . DIRECTORY_SEPARATOR . $file)); } function myfilesortfunc($a, $b) { return strcasecmp($a['filetype'], $b['filetype']) * 1000 + strcasecmp($a['file'], $b['file']); } usort($dir_entries, "myfilesortfunc");
function cw_allow_file($file, $is_root = false) { global $app_dir, $customer_id, $current_area, $var_dirs; if (empty($file) || !cw_is_allowed_file($file)) { return false; } if (!is_url($file)) { $dir = $app_dir; if (!$is_root) { if ($current_area == "A") { $dir = $var_dirs['files']; } elseif ($current_area == "P" || $current_area == 'A') { $dir = $var_dirs['files'] . DIRECTORY_SEPARATOR . $customer_id; } else { $dir = $var_dirs['files']; } } $file = cw_allowed_path($dir, $file); } return $file; }
/** * Check if the gift certificate template is wrong file */ function cw_gift_wrong_template($gc_template) { global $app_dir, $app_skin_dir; $gc_templates_dir = $app_dir . $app_skin_dir . '/addons/estore_gift/'; return empty($gc_template) || !cw_allowed_path($gc_templates_dir, $gc_templates_dir . $gc_template) || !in_array($gc_template, cw_gift_get_templates($app_dir . $app_skin_dir)); }
function cw_md_cleanup_skin($dir, $dir_, $int = '') { global $app_dir; $int = with_leading_slash($int); if (!cw_allowed_path($app_dir, $dir . $int)) { return false; } if (!cw_allowed_path($app_dir, $dir_ . $int)) { return false; } $status = array(); if (is_dir($dir . $int)) { if ($handle = opendir($dir . $int)) { while ($file = readdir($handle)) { if ($file == "." || $file == "..") { continue; } $full = $int . $file; $is_dir = is_dir($dir . $full); if ($is_dir) { $status = array_merge($status, cw_md_cleanup_skin($dir, $dir_, with_slash($full))); if (cw_is_empty_dir($dir_ . $full)) { cw_rm_dir($dir_ . $full); $status[] = '[ ] Dir ' . $dir_ . $full . ' removed'; } } elseif (in_array(pathinfo($full, PATHINFO_EXTENSION), array('tpl', 'css', 'js', 'gif', 'png', 'jpg', 'jpeg', 'bmp'), true)) { if (file_exists($dir_ . $full)) { $md5 = md5_file($dir . $full); $md5_ = md5_file($dir_ . $full); $same = $md5 == $md5_; if ($same) { if (!unlink($dir_ . $full)) { $status[] = '[!] Can\'t remove file: ' . $dir_ . $full; } else { $status[] = '[ ] File ' . $dir_ . $full . ' removed'; } } else { $status[] = '[*] File ' . $dir_ . $full . ' differs'; } } } } closedir($handle); } else { $status[] = '[!] Can\'t open ' . $dir . $int . " directory (need to check permissions)"; } } return $status; }