if (!file_exists($file) || !is_readable($file)) {
// todo display error
return;
}
// check for permission, if FEU module exists, and the uploads grouplist is
// not null, and the returnid is not empty (we're on the frontend)
$result = $this->_CheckDownloadSecurity($category_details);
if (!$result) {
// todo, display error somehow
return;
}
// turn off zlib compression
if (@ini_get('zlib.output_compression')) {
@ini_set('zlib.output_compression', 'Off');
}
if (!@ini_get_boolean('safe_mode')) {
@set_time_limit(0);
}
$chunksize = intval($this->GetPreference('download_chunksize', 8)) * 1024;
$handlers = ob_list_handlers();
for ($cnt = 0; $cnt < sizeof($handlers); $cnt++) {
ob_end_clean();
}
header('Content-Type: image/*');
header('Content-Length: ' . filesize($file));
$handle = fopen($file, 'rb');
$contents = '';
do {
$data = fread($handle, $chunksize);
if (strlen($data) == 0) {
break;
foreach ($data as $item) {
$old = $item->html;
$regex = '/' . CMS_SECURE_PARAM_NAME . '\\=[0-9a-z]{8}/';
$to = CMS_SECURE_PARAM_NAME . '=' . $_SESSION[CMS_USER_KEY];
$new = preg_replace($regex, $to, $old);
$themeObject->AddNotification($item->priority, $item->name, $item->html);
}
}
}
// if the install directory still existsx
// add a priority 1 dashboard item
if (file_exists(dirname(dirname(__FILE__)) . '/install')) {
$themeObject->AddNotification(1, 'Core', lang('installdirwarning'));
}
// Display a warning if safe mode is enabled
if (ini_get_boolean('safe_mode') && get_site_preference('disablesafemodewarning', 0) == 0) {
$themeObject->AddNotification(1, 'Core', lang('warning_safe_mode'));
}
// Display a warning sitedownwarning
$sitedown_message = lang('sitedownwarning', TMP_CACHE_LOCATION . '/SITEDOWN');
$sitedown_file = TMP_CACHE_LOCATION . '/SITEDOWN';
if (file_exists($sitedown_file)) {
$themeObject->AddNotification(1, 'Core', $sitedown_message);
}
$timelastchecked = get_site_preference('lastcmsversioncheck', 0);
if (get_site_preference('checkversion', 1) && time() - $timelastchecked > 24 * 60 * 60 || isset($_GET['forceversioncheck'])) {
$req = new cms_http_request();
$req->setTimeout(10);
$req->execute(CMS_DEFAULT_VERSIONCHECK_URL);
if ($req->getStatus() == 200) {
$remote_ver = trim($req->getResult());
/**
* A function to test if permissions, and php configuration is setup correctly
* to allow an administrator to upload files to CMSMS
*
* @internal
* @return boolean
*/
function can_admin_upload()
{
# first, check to see if safe mode is enabled
# if it is, then check to see the owner of the index.php, moduleinterface.php
# and the uploads and modules directory. if they all match, then we
# can upload files.
# if safe mode is off, then we just have to check the permissions.
$file_index = cmsms()->config['root_path'] . DIRECTORY_SEPARATOR . 'index.php';
$file_moduleinterface = cmsms()->config['root_path'] . DIRECTORY_SEPARATOR . cmsms()->config['admin_dir'] . DIRECTORY_SEPARATOR . 'moduleinterface.php';
$dir_uploads = cmsms()->config['uploads_path'];
$dir_modules = cmsms()->config['root_path'] . DIRECTORY_SEPARATOR . 'modules';
$stat_index = @stat($file_index);
$stat_moduleinterface = @stat($file_moduleinterface);
$stat_uploads = @stat($dir_uploads);
$stat_modules = @stat($dir_modules);
$my_uid = @getmyuid();
if ($my_uid === FALSE || $stat_index == FALSE || $stat_moduleinterface == FALSE || $stat_uploads == FALSE || $stat_modules == FALSE) {
// couldn't get some necessary information.
return FALSE;
}
$safe_mode = ini_get_boolean('safe_mode');
if ($safe_mode) {
// we're in safe mode.
if ($stat_moduleinterface[4] != $stat_modules[4] || $stat_moduleinterface[4] != $stat_uploads[4] || $my_uid != $stat_moduleinterface[4]) {
// owners don't match
return FALSE;
}
}
// now check to see if we can write to the directories
if (!is_writable($dir_modules)) {
return FALSE;
}
if (!is_writable($dir_uploads)) {
return FALSE;
}
// It all worked.
return TRUE;
}