/** * Create a data-mash from the file at a URL. This is data useful for the search engine. * * @param URLPATH The URL to make a data-mash of, or a filename if $data isn't blank * @param ?string Data (NULL: use URL) * @param ?ID_TEXT File extension (NULL: get from URL) * @param boolean Whether a direct file path was given instead of a URL * @return LONG_TEXT The data-mash */ function create_data_mash($url, $data = NULL, $extension = NULL, $direct_path = false) { if (function_exists('set_time_limit')) { @set_time_limit(300); } if (get_value('no_dload_search_index') === '1') { return ''; } if (running_script('stress_test_loader')) { return ''; } if (function_exists('memory_get_usage') && ini_get('memory_usage') == '8M') { return ''; } // Some cowardice... don't want to tempt fate if (is_null($extension)) { $extension = get_file_extension($url); } $tmp_file = NULL; if (is_null($data)) { if ($direct_path || url_is_local($url)) { $actual_path = $direct_path ? $url : get_custom_file_base() . '/' . rawurldecode($url); if (file_exists($actual_path)) { switch ($extension) { case 'zip': case 'odt': case 'odp': case 'docx': case 'tar': case 'gz': if (filesize($actual_path) > 1024 * 1024 * 3) { return ''; } break; } $tmp_file = $actual_path; if (filesize($actual_path) > 1024 * 1024 * 3) { $myfile = fopen($actual_path, 'rb'); $data = ''; for ($i = 0; $i < 384; $i++) { $data .= fread($myfile, 8192); } fclose($myfile); } else { $data = file_get_contents($actual_path); } } else { $data = ''; } } else { switch ($extension) { case 'txt': case '1st': case 'rtf': case 'pdf': case 'htm': case 'html': case 'xml': case 'doc': case 'xls': break; // Continue through to download good stuff // Continue through to download good stuff default: return ''; // Don't download, it's not worth it break; } $data = http_download_file($url, 3 * 1024 * 1024, false); // 3MB is enough if (is_null($data)) { return ''; } } } $mash = ''; switch ($extension) { case 'zip': case 'odt': case 'odp': case 'docx': require_code('m_zip'); $tmp_file = ocp_tempnam('dcdm_'); $myfile2 = fopen($tmp_file, 'wb'); fwrite($myfile2, $data); fclose($myfile2); $myfile_zip = @zip_open($tmp_file); if (!is_integer($myfile_zip)) { while (($entry = @zip_read($myfile_zip)) !== false) { $entry_name = @zip_entry_name($entry); $mash .= ' ' . $entry_name; if (substr($entry_name, -1) != '/') { $_entry = @zip_entry_open($myfile_zip, $entry); if ($_entry !== false) { $file_data = ''; while (true) { $it = @zip_entry_read($entry, 1024); if ($it === false || $it == '') { break; } $file_data .= $it; if (strlen($file_data) >= 3 * 1024 * 1024) { break; } // 3MB is enough } @zip_entry_close($entry); $mash .= ' ' . create_data_mash($entry_name, $file_data); if (strlen($mash) >= 3 * 1024 * 1024) { break; } // 3MB is enough } } } @zip_close($myfile_zip); } @unlink($tmp_file); break; case 'tar': require_code('tar'); $tmp_file = ocp_tempnam('dcdm_'); $myfile = fopen($tmp_file, 'wb'); fwrite($myfile, $data); fclose($myfile); $myfile_tar = tar_open($tmp_file, 'rb'); if ($myfile_tar !== false) { $directory = tar_get_directory($myfile_tar); foreach ($directory as $entry) { $entry_name = $entry['path']; $mash .= ' ' . $entry_name; if ($entry['size'] >= 3 * 1024 * 1024) { continue; } // 3MB is enough $_entrya = tar_get_file($myfile_tar, $entry['path']); if (!is_null($_entrya)) { $mash .= ' ' . create_data_mash($entry_name, $_entrya['data']); if (strlen($mash) >= 3 * 1024 * 1024) { break; } // 3MB is enough } } tar_close($myfile_tar); } @unlink($tmp_file); break; case 'gz': if (function_exists('gzopen')) { if (function_exists('gzeof')) { if (function_exists('gzread')) { $tmp_file = ocp_tempnam('dcdm_'); $myfile = fopen($tmp_file, 'wb'); fwrite($myfile, $data); fclose($myfile); $myfile = gzopen($tmp_file, 'rb'); if ($myfile !== false) { $file_data = ''; while (!gzeof($myfile)) { $it = gzread($myfile, 1024); $file_data .= $it; if (strlen($file_data) >= 3 * 1024 * 1024) { break; } // 3MB is enough } $mash = ' ' . create_data_mash(preg_replace('#\\.gz#i', '', $url), $file_data); } @unlink($tmp_file); } } } break; case 'txt': case '1st': $mash .= $data; break; case 'rtf': $len = strlen($data); $skipping_section_depth = 0; $escape = false; for ($i = 0; $i < $len; $i++) { $byte = $data[$i]; if (!$escape && $byte == "\\") { $escape = true; } elseif (!$escape && $byte == '{') { if ($skipping_section_depth != 0) { $skipping_section_depth++; } } elseif (!$escape && $byte == '}') { if ($skipping_section_depth != 0) { $skipping_section_depth--; } } elseif ($escape && $byte != '{' && $byte != "\\" && $byte != '}') { $end_pos_1 = strpos($data, "\\", $i + 1); if ($end_pos_1 === false) { $end_pos_1 = $len; } $end_pos_2 = strpos($data, chr(10), $i + 1); if ($end_pos_2 === false) { $end_pos_2 = $len; } $end_pos_3 = strpos($data, ' ', $i + 1); if ($end_pos_3 === false) { $end_pos_3 = $len; } $end_pos_4 = strpos($data, "\t", $i + 1); if ($end_pos_4 === false) { $end_pos_4 = $len; } $end_pos_5 = strpos($data, '{', $i + 1); if ($end_pos_5 === false) { $end_pos_5 = $len; } $end_pos_6 = strpos($data, '}', $i + 1); if ($end_pos_6 === false) { $end_pos_6 = $len; } $end_pos = min($end_pos_1, $end_pos_2, $end_pos_3, $end_pos_4, $end_pos_5, $end_pos_6); $tag = substr($data, $i, $end_pos - $i); $tag = preg_replace('#[\\-0-9]*#', '', $tag); if ($skipping_section_depth == 0 && ($tag == 'pgdsc' || $tag == 'comment' || $tag == 'object' || $tag == 'pict' || $tag == 'stylesheet' || $tag == 'fonttbl')) { $skipping_section_depth = 1; } if ($tag == 'par') { $mash .= chr(10); } $i = $end_pos - 1; $escape = false; } elseif ($skipping_section_depth == 0) { if ($byte != chr(13) && $byte != chr(10)) { $mash .= $byte; } $escape = false; } else { $escape = false; } } break; case 'pdf': if (str_replace(array('on', 'true', 'yes'), array('1', '1', '1'), strtolower(ini_get('safe_mode'))) != '1' && strpos(@ini_get('disable_functions'), 'shell_exec') === false && !is_null($tmp_file)) { $enc = get_charset() == 'utf-8' ? ' -enc UTF-8' : ''; $path = 'pdftohtml -i -noframes -stdout -hidden' . $enc . ' -q -xml ' . @escapeshellarg($tmp_file); if (strpos(strtolower(PHP_OS), 'win') !== false) { if (file_exists(get_file_base() . '/data_custom/pdftohtml.exe')) { $path = '"' . get_file_base() . DIRECTORY_SEPARATOR . 'data_custom' . DIRECTORY_SEPARATOR . '"' . $path; } } $tmp_file_2 = ocp_tempnam('pdfxml_'); @shell_exec($path . ' > ' . $tmp_file_2); $mash = create_data_mash($tmp_file_2, NULL, 'xml', true); @unlink($tmp_file_2); } break; case 'htm': case 'html': $head_patterns = array('#<\\s*script.*<\\s*/\\s*script\\s*>#misU', '#<\\s*link[^<>]*>#misU', '#<\\s*style.*<\\s*/\\s*style\\s*>#misU'); foreach ($head_patterns as $pattern) { $data = preg_replace($pattern, '', $data); } case 'xml': $mash = str_replace(''', '\'', str_replace(' false ', ' ', str_replace(' true ', ' ', @html_entity_decode(preg_replace('#\\<[^\\<\\>]*\\>#', ' ', $data), ENT_QUOTES, get_charset())))); $mash = preg_replace('#Error : Bad \\w+#', '', $mash); break; case 'xls': case 'doc': case 'ppt': case 'hlp': // default: // Binary formats are complex to parse, but whatsmore, as textual tagging isn't used, extraction can be done automatically as all identified text is good. $data = str_replace("", '', $data); // Strip out interleaved nulls because they are used in wide-chars, obscuring the data $mash = ''; $needs_delimiter_next = false; $in_portion = false; $min_length = 10; if ($extension == 'xls') { $min_length = 4; } for ($i = 0; $i < strlen($data); $i++) { $ch = $data[$i]; $chx = 1; $next_ok = _is_valid_data_mash_char($ch); if ($next_ok && !$in_portion) { $x = $ch; for ($j = $i + 1; $j < strlen($data); $j++) { $_ch = $data[$j]; $_next_ok = _is_valid_data_mash_char($_ch); if ($_next_ok) { $x .= $_ch; $chx++; } else { break; } } if (strlen($x) < $min_length || $x == strtoupper($x) || $x == 'Microsoft Word Document' || $x == 'WordDocument' || $x == 'SummaryInformation' || $x == 'DocumentSummaryInformation') { $i = $j; continue; } } if ($next_ok && $in_portion) { $mash .= $ch; } elseif ($next_ok && $chx >= $min_length) { if ($needs_delimiter_next) { $mash .= ' '; $needs_delimiter_next = false; } $mash .= $ch; $in_portion = true; } else { if ($in_portion) { $needs_delimiter_next = true; $in_portion = false; } } } break; } if (strlen($mash) > 1024 * 1024 * 3) { $mash = substr($mash, 0, 1024 * 1024 * 3); } $mash = preg_replace('# +#', ' ', preg_replace('#[^\\w\\d-\\-\']#', ' ', $mash)); if (strlen($mash) > intval(1024 * 1024 * 1 * 0.4)) { $mash = substr($mash, 0, intval(1024 * 1024 * 0.4)); } return $mash; }
/** * The actualiser to import in bulk from an archive file. * * @return tempcode The UI */ function _import() { post_param('test'); // To pick up on max file size exceeded errors require_code('uploads'); require_code('images'); is_swf_upload(true); breadcrumb_set_parents(array(array('_SELF:_SELF:misc', do_lang_tempcode('EMOTICONS')), array('_SELF:_SELF:import', do_lang_tempcode('CHOOSE')), array('_SELF:_SELF:import', do_lang_tempcode('IMPORT_EMOTICONS')))); foreach ($_FILES as $attach_name => $__file) { $tmp_name = $__file['tmp_name']; $file = $__file['name']; switch (get_file_extension($file)) { case 'zip': if (!function_exists('zip_open') && get_option('unzip_cmd') == '') { warn_exit(do_lang_tempcode('ZIP_NOT_ENABLED')); } if (!function_exists('zip_open')) { require_code('m_zip'); $mzip = true; } else { $mzip = false; } $myfile = zip_open($tmp_name); if (!is_integer($myfile)) { while (false !== ($entry = zip_read($myfile))) { // Load in file zip_entry_open($myfile, $entry); $_file = zip_entry_name($entry); if (is_image($_file)) { if (file_exists(get_file_base() . '/themes/default/images/emoticons/index.html')) { $path = get_custom_file_base() . '/themes/default/images_custom/emoticons__' . basename($_file); } else { $path = get_custom_file_base() . '/themes/default/images_custom/ocf_emoticons__' . basename($_file); } $outfile = @fopen($path, 'wb') or intelligent_write_error($path); $more = mixed(); do { $more = zip_entry_read($entry); if (fwrite($outfile, $more) < strlen($more)) { warn_exit(do_lang_tempcode('COULD_NOT_SAVE_FILE')); } } while ($more !== false && $more != ''); fclose($outfile); fix_permissions($path); sync_file($path); $this->_import_emoticon($path); } zip_entry_close($entry); } zip_close($myfile); } else { require_code('failure'); warn_exit(zip_error($myfile, $mzip)); } break; case 'tar': require_code('tar'); $myfile = tar_open($tmp_name, 'rb'); if ($myfile !== false) { $directory = tar_get_directory($myfile); foreach ($directory as $entry) { // Load in file $_file = $entry['path']; if (is_image($_file)) { if (file_exists(get_file_base() . '/themes/default/images/emoticons/index.html')) { $path = get_custom_file_base() . '/themes/default/images_custom/emoticons__' . basename($_file); } else { $path = get_custom_file_base() . '/themes/default/images_custom/ocf_emoticons__' . basename($_file); } $_in = tar_get_file($myfile, $entry['path'], false, $path); $this->_import_emoticon($path); } } tar_close($myfile); } break; default: if (is_image($file)) { $urls = get_url('', $attach_name, 'themes/default/images_custom'); $path = $urls[0]; $this->_import_emoticon($path); } else { attach_message(do_lang_tempcode('BAD_ARCHIVE_FORMAT'), 'warn'); } } } $title = get_page_title('IMPORT_EMOTICONS'); log_it('IMPORT_EMOTICONS'); return $this->do_next_manager($title, do_lang_tempcode('SUCCESS'), NULL); }
$b = 0; } $RELATIVE_PATH = substr($FILE_BASE, ($a > $b ? $a : $b) + 1); $FILE_BASE = substr($FILE_BASE, 0, $a > $b ? $a : $b); } else { $RELATIVE_PATH = ''; } @chdir($FILE_BASE); global $NON_PAGE_SCRIPT; $NON_PAGE_SCRIPT = 1; global $FORCE_INVISIBLE_GUEST; $FORCE_INVISIBLE_GUEST = 0; if (!is_file($FILE_BASE . '/sources/global.php')) { exit('<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">' . chr(10) . '<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN"><head><title>Critical startup error</title></head><body><h1>ocPortal startup error</h1><p>The second most basic ocPortal startup file, sources/global.php, could not be located. This is almost always due to an incomplete upload of the ocPortal system, so please check all files are uploaded correctly.</p><p>Once all ocPortal files are in place, ocPortal must actually be installed by running the installer. You must be seeing this message either because your system has become corrupt since installation, or because you have uploaded some but not all files from our manual installer package: the quick installer is easier, so you might consider using that instead.</p><p>ocProducts maintains full documentation for all procedures and tools, especially those for installation. These may be found on the <a href="http://ocportal.com">ocPortal website</a>. If you are unable to easily solve this problem, we may be contacted from our website and can help resolve it for you.</p><hr /><p style="font-size: 0.8em">ocPortal is a website engine created by ocProducts.</p></body></html>'); } require $FILE_BASE . '/sources/global.php'; require_code('tar'); header('Content-type: text/plain'); $dh = opendir(get_custom_file_base() . '/imports/mods'); while (($f = readdir($dh)) !== false) { if (substr($f, -4) == '.tar' && !addon_installed(basename($f, '.tar'))) { $resource = tar_open(get_custom_file_base() . '/imports/mods/' . $f, 'rb'); $dir = tar_get_directory($resource, true); foreach ($dir as $d) { if (is_file(get_file_base() . '/' . $d['path'])) { echo $d['path'] . "\n"; } } tar_close($resource); } }
/** * Get an array containing new comcode, and tempcode. The function wraps the normal comcode_to_tempcode function. The function will do attachment management, including deleting of attachments that have become unused due to editing of some comcode and removing of the reference. * * @param LONG_TEXT The unparsed comcode that references the attachments * @param ID_TEXT The type the attachment will be used for (e.g. download) * @param ID_TEXT The ID the attachment will be used for * @param boolean Whether we are only previewing the attachments (i.e. don't store them!) * @param ?object The database connection to use (NULL: standard site connection) * @param ?boolean Whether to insert it as an admin (any comcode parsing will be carried out with admin privileges) (NULL: autodetect) * @param ?MEMBER The member to use for ownership permissions (NULL: current member) * @return array A map containing 'comcode' (after substitution for tying down the new attachments) and 'tempcode' */ function do_comcode_attachments($original_comcode, $type, $id, $previewing_only = false, $connection = NULL, $insert_as_admin = NULL, $for_member = NULL) { require_lang('comcode'); global $COMCODE_ATTACHMENTS; unset($COMCODE_ATTACHMENTS[$id]); // In case we have some kind of conflict if (is_null($connection)) { $connection = $GLOBALS['SITE_DB']; } if ($for_member !== NULL) { $member = $for_member; if (is_null($insert_as_admin)) { $insert_as_admin = false; } } else { if (function_exists('get_member')) { $member = get_member(); if (is_null($insert_as_admin)) { $insert_as_admin = false; } } else { $member = 0; if (is_null($insert_as_admin)) { $insert_as_admin = true; } } } $comcode_text = substr($original_comcode, 0, 8) != '<comcode'; // Handle data URLs for attachment embedding if (function_exists('imagecreatefromstring')) { $matches = array(); $matches2 = array(); $num_matches = preg_match_all('#<img[^<>]*src="data:image/\\w+;base64,([^"]*)"[^<>]*>#', $original_comcode, $matches); $num_matches2 = preg_match_all('#\\[img[^\\[\\]]*\\]data:image/\\w+;base64,([^"]*)\\[/img\\]#', $original_comcode, $matches2); for ($i = 0; $i < $num_matches2; $i++) { $matches[0][$num_matches] = $matches2[0][$i]; $matches[1][$num_matches] = $matches2[1][$i]; $num_matches++; } for ($i = 0; $i < $num_matches; $i++) { if (strpos($original_comcode, $matches[0][$i]) !== false) { $data = @base64_decode($matches[1][$i]); if ($data !== false && function_exists('imagepng')) { $image = @imagecreatefromstring($data); if ($image !== false) { do { $new_filename = uniqid('', true) . '.png'; $new_path = get_custom_file_base() . '/uploads/attachments/' . $new_filename; } while (file_exists($new_path)); imagepng($image, $new_path); $attachment_id = $GLOBALS['SITE_DB']->query_insert('attachments', array('a_member_id' => get_member(), 'a_file_size' => strlen($data), 'a_url' => 'uploads/attachments/' . $new_filename, 'a_thumb_url' => '', 'a_original_filename' => basename($new_filename), 'a_num_downloads' => 0, 'a_last_downloaded_time' => time(), 'a_description' => '', 'a_add_time' => time()), true); $GLOBALS['SITE_DB']->query_insert('attachment_refs', array('r_referer_type' => $type, 'r_referer_id' => $id, 'a_id' => $attachment_id)); $original_comcode = str_replace($matches[0][$i], '[attachment type="inline" thumb="0"]' . strval($attachment_id) . '[/attachment]', $original_comcode); } } } } } global $ATTACHMENTS_ALREADY_REFERENCED; $old_already = $ATTACHMENTS_ALREADY_REFERENCED; $ATTACHMENTS_ALREADY_REFERENCED = array(); $before = $connection->query_select('attachment_refs', array('a_id', 'id'), array('r_referer_type' => $type, 'r_referer_id' => $id)); foreach ($before as $ref) { $ATTACHMENTS_ALREADY_REFERENCED[$ref['a_id']] = 1; } $has_one = false; $may_have_one = false; foreach ($_POST as $key => $value) { if (preg_match('#^hidFileID\\_#i', $key) != 0) { require_code('uploads'); $may_have_one = is_swf_upload(); } } if ($may_have_one) { require_code('uploads'); is_swf_upload(true); require_code('comcode_from_html'); $original_comcode = preg_replace_callback('#<input [^>]*class="ocp_keep_ui_controlled" [^>]*title="([^"]*)" [^>]*type="text" [^>]*value="[^"]*"[^>]*/?' . '>#siU', 'debuttonise', $original_comcode); } $myfile = mixed(); foreach ($_FILES as $key => $file) { $matches = array(); if (($may_have_one && is_swf_upload() || is_uploaded_file($file['tmp_name'])) && preg_match('#file(\\d+)#', $key, $matches) != 0) { $has_one = true; $atype = post_param('attachmenttype' . $matches[1], ''); $is_extract = preg_match('#\\[attachment [^\\]]*type="\\w+_extract"[^\\]]*\\]new_' . $matches[1] . '\\[/#', $original_comcode) != 0 || preg_match('#<attachment [^>]*type="\\w+_extract"[^>]*>new_' . $matches[1] . '</#', $original_comcode) != 0; if (substr($atype, -8) == '_extract' || $is_extract) { require_code('uploads'); require_code('files'); require_code('files2'); $thumb = preg_match('#\\[(attachment|attachment_safe) [^\\]]*thumb="1"[^\\]]*\\]new_' . $matches[1] . '\\[/#', $original_comcode) != 0 || preg_match('#<(attachment|attachment_safe) [^>]*thumb="1"[^>]*>new_' . $matches[1] . '</#', $original_comcode) != 0; $arcext = get_file_extension($_FILES[$key]['name']); if ($arcext == 'tar' || $arcext == 'zip') { if ($arcext == 'tar') { require_code('tar'); $myfile = tar_open($file['tmp_name'], 'rb'); $dir = tar_get_directory($myfile, true); } elseif ($arcext == 'zip') { if (!function_exists('zip_open') && get_option('unzip_cmd') == '') { warn_exit(do_lang_tempcode('ZIP_NOT_ENABLED')); } if (!function_exists('zip_open')) { require_code('m_zip'); $mzip = true; } else { $mzip = false; } $myfile = zip_open($file['tmp_name']); if (is_integer($myfile)) { require_code('failure'); warn_exit(zip_error($myfile, $mzip)); } $dir = array(); while (($zip_entry = zip_read($myfile)) !== false) { $dir[] = array('zip_entry' => $zip_entry, 'path' => zip_entry_name($zip_entry), 'size' => zip_entry_filesize($zip_entry)); } } if (count($dir) > 100) { require_code('site'); attach_message(do_lang_tempcode('TOO_MANY_FILES_TO_EXTRACT'), 'warn'); } else { foreach ($dir as $entry) { if (substr($entry['path'], -1) == '/') { continue; } // Ignore folders $_file = preg_replace('#\\..*\\.#', '.', basename($entry['path'])); if (!check_extension($_file, false, NULL, true)) { continue; } if (should_ignore_file($entry['path'], IGNORE_ACCESS_CONTROLLERS | IGNORE_HIDDEN_FILES)) { continue; } $place = get_custom_file_base() . '/uploads/attachments/' . $_file; $i = 2; // Hunt with sensible names until we don't get a conflict while (file_exists($place)) { $_file = strval($i) . basename($entry['path']); $place = get_custom_file_base() . '/uploads/attachments/' . $_file; $i++; } $i = 2; $_file_thumb = basename($entry['path']); $place_thumb = get_custom_file_base() . '/uploads/attachments_thumbs/' . $_file_thumb; // Hunt with sensible names until we don't get a conflict while (file_exists($place_thumb)) { $_file_thumb = strval($i) . basename($entry['path']); $place_thumb = get_custom_file_base() . '/uploads/attachments_thumbs/' . $_file_thumb; $i++; } if ($arcext == 'tar') { $file_details = tar_get_file($myfile, $entry['path'], false, $place); } elseif ($arcext == 'zip') { zip_entry_open($myfile, $entry['zip_entry']); $file_details = array('size' => $entry['size']); $out_file = @fopen($place, 'wb') or intelligent_write_error($place); $more = mixed(); do { $more = zip_entry_read($entry['zip_entry']); if ($more !== false) { if (fwrite($out_file, $more) < strlen($more)) { warn_exit(do_lang_tempcode('COULD_NOT_SAVE_FILE')); } } } while ($more !== false && $more != ''); fclose($out_file); zip_entry_close($entry['zip_entry']); } $description = do_lang('EXTRACTED_FILE'); if (strpos($entry['path'], '/') !== false) { $description = do_lang('EXTRACTED_FILE_PATH', dirname($entry['path'])); } // Thumbnail $thumb_url = ''; require_code('images'); if (is_image($_file)) { $gd = get_option('is_on_gd') == '1' && function_exists('imagetypes'); if ($gd) { require_code('images'); if (!is_saveable_image($_file)) { $ext = '.png'; } else { $ext = '.' . get_file_extension($_file); } $thumb_url = 'uploads/attachments_thumbs/' . $_file_thumb; convert_image(get_custom_base_url() . '/uploads/attachments/' . $_file, $place_thumb, -1, -1, intval(get_option('thumb_width')), true, NULL, false, true); if ($connection->connection_write != $GLOBALS['SITE_DB']->connection_write) { $thumb_url = get_custom_base_url() . '/' . $thumb_url; } } else { $thumb_url = 'uploads/attachments/' . $_file; } } $url = 'uploads/attachments/' . $_file; if (addon_installed('galleries')) { require_code('images'); if (is_video($url) && $connection->connection_read == $GLOBALS['SITE_DB']->connection_read) { require_code('transcoding'); $url = transcode_video($url, 'attachments', 'a_url', 'a_original_filename', NULL, NULL); } } $attachment_id = $connection->query_insert('attachments', array('a_member_id' => get_member(), 'a_file_size' => $file_details['size'], 'a_url' => $url, 'a_thumb_url' => $thumb_url, 'a_original_filename' => basename($entry['path']), 'a_num_downloads' => 0, 'a_last_downloaded_time' => time(), 'a_description' => $description, 'a_add_time' => time()), true); $connection->query_insert('attachment_refs', array('r_referer_type' => $type, 'r_referer_id' => $id, 'a_id' => $attachment_id)); if ($comcode_text) { $original_comcode .= chr(10) . chr(10) . '[attachment type="' . comcode_escape(str_replace('_extract', '', $atype)) . '" description="' . comcode_escape($description) . '" thumb="' . ($thumb ? '1' : '0') . '"]' . strval($attachment_id) . '[/attachment]'; } else { require_code('comcode_xml'); //$original_comcode.=chr(10).chr(10).'<attachment type="'.comcode_escape(str_replace('_extract','',$atype)).'" thumb="'.($thumb?'1':'0').'"><attachmentDescription>'.comcode_text__to__comcode_xml($description).'</attachmentDescription>'.strval($attachment_id).'</attachment>'; Would go in bad spot } } } if ($arcext == 'tar') { tar_close($myfile); } elseif ($arcext == 'zip') { zip_close($myfile); } } } else { if (strpos($original_comcode, ']new_' . $matches[1] . '[/attachment]') === false && strpos($original_comcode, '>new_' . $matches[1] . '</attachment>') === false && strpos($original_comcode, ']new_' . $matches[1] . '[/attachment_safe]') === false && strpos($original_comcode, '>new_' . $matches[1] . '</attachment_safe>') === false) { if (preg_match('#\\]\\d+\\[/attachment\\]#', $original_comcode) == 0 && preg_match('#>\\d+</attachment>#', $original_comcode) == 0) { if ($comcode_text) { $original_comcode .= chr(10) . chr(10) . '[attachment]new_' . $matches[1] . '[/attachment]'; } else { //$original_comcode.=chr(10).chr(10).'<attachment>new_'.$matches[1].'</attachment>'; Would go in bad spot } } } } } } global $LAX_COMCODE; $temp = $LAX_COMCODE; if ($has_one) { $LAX_COMCODE = true; } // We don't want a simple syntax error to cause us to lose our attachments $tempcode = comcode_to_tempcode($original_comcode, $member, $insert_as_admin, 60, $id, $connection, false, false, false, false, false, NULL, $for_member); $LAX_COMCODE = $temp; $ATTACHMENTS_ALREADY_REFERENCED = $old_already; /*if ((array_key_exists($id,$COMCODE_ATTACHMENTS)) && (array_key_exists(0,$COMCODE_ATTACHMENTS[$id]))) { $original_comcode=$COMCODE_ATTACHMENTS[$id][0]['comcode']; }*/ $new_comcode = $original_comcode; if (array_key_exists($id, $COMCODE_ATTACHMENTS)) { $ids_present = array(); for ($i = 0; $i < count($COMCODE_ATTACHMENTS[$id]); $i++) { $attachment = $COMCODE_ATTACHMENTS[$id][$i]; // If it's a new one, we need to change the comcode to reference the ID we made for it if ($attachment['type'] == 'new') { $marker = $attachment['marker']; // echo $marker.'!'.$new_comcode; $a_id = $attachment['id']; $old_length = strlen($new_comcode); // Search backwards from $marker $tag_end_start = $marker - strlen('[/' . $attachment['tag_type'] . ']'); // </attachment> would be correct if it is Comcode-XML, but they have the same length, so it's irrelevant $tag_start_end = $tag_end_start; while ($tag_start_end > 1 && (!isset($new_comcode[$tag_start_end - 1]) || $new_comcode[$tag_start_end - 1] != ']' && $new_comcode[$tag_start_end - 1] != '>')) { $tag_start_end--; } $param_keep = substr($new_comcode, 0, $tag_start_end - 1); $end_keep = substr($new_comcode, $tag_end_start); if ($comcode_text) { $new_comcode = $param_keep; if (strpos(substr($param_keep, strrpos($param_keep, '[')), ' type=') === false) { $new_comcode .= ' type="' . comcode_escape($attachment['attachmenttype']) . '"'; } if (strpos(substr($param_keep, strrpos($param_keep, '[')), ' description=') === false) { $new_comcode .= ' description="' . comcode_escape($attachment['description']) . '"'; } $new_comcode .= ']' . strval($a_id) . $end_keep; } else { require_code('comcode_xml'); $new_comcode = $param_keep; if (strpos(substr($param_keep, strrpos($param_keep, '<')), ' type=') === false) { $new_comcode .= ' type="' . comcode_escape($attachment['attachmenttype']); } $new_comcode .= '">'; if (strpos(substr($param_keep, strrpos($param_keep, '<')), ' description=') === false) { require_code('comcode_xml'); $new_comcode .= '<attachmentDescription>' . comcode_text__to__comcode_xml($attachment['description'], true) . '</attachmentDescription>'; } $new_comcode .= strval($a_id) . $end_keep; } // echo $new_comcode.'<br />!<br />'; // Update other attachment markers $dif = strlen($new_comcode) - $old_length; for ($j = $i + 1; $j < count($COMCODE_ATTACHMENTS[$id]); $j++) { // echo $COMCODE_ATTACHMENTS[$id][$i]['marker'].'!'; $COMCODE_ATTACHMENTS[$id][$j]['marker'] += $dif; } if (!is_null($type)) { $connection->query_insert('attachment_refs', array('r_referer_type' => $type, 'r_referer_id' => $id, 'a_id' => $a_id)); } } else { // (Re-)Reference it $connection->query_delete('attachment_refs', array('r_referer_type' => $type, 'r_referer_id' => $id, 'a_id' => $attachment['id']), '', 1); $connection->query_insert('attachment_refs', array('r_referer_type' => $type, 'r_referer_id' => $id, 'a_id' => $attachment['id'])); } $ids_present[] = $attachment['id']; } if (!$previewing_only && get_value('disable_attachment_cleanup') !== '1') { // Clear any de-referenced attachments foreach ($before as $ref) { if (!in_array($ref['a_id'], $ids_present) && strpos($new_comcode, 'attachment.php?id=') === false && !multi_lang()) { // Delete reference (as it's not actually in the new comcode!) $connection->query_delete('attachment_refs', array('id' => $ref['id']), '', 1); // Was that the last reference to this attachment? (if so -- delete attachment) $test = $connection->query_value_null_ok('attachment_refs', 'id', array('a_id' => $ref['a_id'])); if (is_null($test)) { require_code('attachments3'); _delete_attachment($ref['a_id'], $connection); } } } } } return array('comcode' => $new_comcode, 'tempcode' => $tempcode); }
/** * The upgrader.php script handler. */ function upgrade_script() { @ini_set('ocproducts.xss_detect', '0'); require_lang('upgrade'); require_code('database_action'); require_code('config2'); if (function_exists('set_time_limit')) { @set_time_limit(180); } if (array_key_exists('given_password', $_POST)) { $given_password = post_param('given_password'); if (check_master_password($given_password)) { $type = get_param('type', 'misc'); require_code('abstract_file_manager'); up_do_header(); if (post_param('ftp_username', '') != '') { $_POST['uses_ftp'] = '1'; _ftp_info(true); // To give early error if there's a problem } // Handle shared site upgrading with no per-site UI global $SITE_INFO; if (isset($SITE_INFO['custom_file_base_stub'])) { require_code('shared_installs'); $u = current_share_user(); if (!is_null($u)) { upgrade_sharedinstall_sites(); echo '<p>Now regenerate <kbd>template.sql</kbd>, using something like <kbd>mysqldump -uroot -p myocp_site_shareddemo > ~/public_html/template.sql</kbd></p>'; up_do_footer(); return; } } $show_more_link = true; switch ($type) { case 'misc': clear_caches_1(); $l_choices = do_lang('FU_CHOICES'); $oc = get_option('site_closed') == '0' ? do_lang('SITE_OPEN') : do_lang('SITE_CLOSED'); $a = float_to_raw_string(ocp_version_number()); $b = get_value('version'); if (is_null($b)) { $b = '2.5'; } $l_up_info = do_lang('FU_UP_INFO' . ($a == $b ? '_1' : '_2'), $a, $b); $l_fu_closedness = do_lang('FU_CLOSENESS', $oc); $l_maintenance = do_lang('FU_MAINTENANCE'); $l_upgrading = do_lang('FU_UPGRADING'); $l_take_backup = do_lang('FU_TAKE_BACKUP'); $l_clear_caches = fu_link('upgrader.php?type=decache', do_lang('FU_CLEAR_CACHES')); $l_check_permissions = fu_link('upgrader.php?type=check_perms', do_lang('FU_CHECK_PERMISSIONS')); $l_fix_permissions = fu_link('upgrader.php?type=fix_perms', do_lang('FU_FIX_PERMISSIONS')); $l_close_site = fu_link('upgrader.php?type=close_site', do_lang('FU_CLOSE_SITE'), get_option('site_closed') == '1'); $l_integrity_scan = fu_link('upgrader.php?type=integrity_scan&allow_merging=1', do_lang('FU_INTEGRITY_SCAN'), false, do_lang('FU_WILL_MERGE')); $l_integrity_scan_no_merging = fu_link('upgrader.php?type=integrity_scan', do_lang('FU_INTEGRITY_SCAN_NO_CSS_MERGE')); $l_database_upgrade = fu_link('upgrader.php?type=db_upgrade', do_lang('FU_DATABASE_UPGRADE')); $l_theme_upgrade = fu_link('upgrader.php?type=theme_upgrade', do_lang('FU_THEME_UPGRADE')); $l_open_site = fu_link('upgrader.php?type=open_site', do_lang('FU_OPEN_SITE'), get_option('site_closed') == '0'); $l_error_correction = do_lang('FU_ERROR_CORRECTION'); $l_not_for_patch = do_lang('FU_NOT_FOR_PATCH'); $l_tutorial = fu_link('http://ocportal.com/docs/tut_upgrade.htm', do_lang('FU_TUTORIAL')); $l_release_notes = do_lang('FU_RELEASE_NOTES'); $l_refer_release_notes = do_lang('FU_REFER_RELEASE_NOTES'); $news_id = post_param_integer('news_id', NULL); $tar_url = ''; if (!is_null($news_id)) { require_code('files'); $fetch_url = 'http://ocportal.com/uploads/website_specific/ocportal.com/scripts/fetch_release_details.php?news_id=' . strval($news_id) . '&from_version=' . urlencode(strval(ocp_version()) . '.' . ocp_version_minor()); $news = http_download_file($fetch_url, NULL, true, false, 'ocPortal', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 30.0); $details = unserialize($news); if ($details[0] != '') { $l_refer_release_notes = $details[0] . '<div style="overflow: auto; height: 150px">' . $details[2] . '</div>'; } $tar_url = $details[1]; } $l_download = fu_link('upgrader.php?type=file_upgrade&tar_url=' . urlencode(base64_encode($tar_url)), do_lang('FU_DOWNLOAD')); $l_important = do_lang('IMPORTANT'); $l_bugs = do_lang('FU_BUGS'); $l_upgrade_steps = do_lang('FU_UPGRADE_STEPS'); $l_action = do_lang('ACTION'); $l_step = do_lang('FU_STEP'); $l_estimated_time = do_lang('FU_ESTIMATED_TIME'); $l_safe_mode = fu_link('index.php?keep_safe_mode=1', do_lang('FU_SAFE_MODE')); $num_addons = $GLOBALS['SITE_DB']->query_value('addons', 'COUNT(*)'); $l_addon_management = fu_link('adminzone/index.php?page=admin_addons&keep_safe_mode=1', do_lang('FU_ADDON_MANAGEMENT', integer_format($num_addons)), $num_addons == 0); $l_customisations = do_lang('FU_CUSTOMISATIONS'); $closed = comcode_to_tempcode(get_option('closed'), NULL, true); $closed_url = build_url(array('page' => 'admin_config', 'type' => 'category', 'id' => 'SITE'), get_module_zone('admin_config'), NULL, false, false, false, 'group_CLOSED_SITE'); echo "\n<p>{$l_choices}</p>\n\n<div style=\"margin: 0 50px\">\n\t<h2>{$l_maintenance}…</h2><ul>\n\t\t<li>{$l_clear_caches}</li>\n\t\t<li>{$l_check_permissions}</li>\n\t\t<li>{$l_fix_permissions}</li>\n\t</ul>\n\n\t<h2 style=\"margin-top: 40px\">{$l_upgrading}…</h2>\n\n\t<h3>{$l_important}</h3>\n\n\t<p>{$l_bugs}</p>\n\n\t<h3>{$l_release_notes}</h3>\n\n\t<p>{$l_refer_release_notes}</p>\n\n\t<h3>{$l_upgrade_steps}</h3>\n\n\t<div class=\"wide_table_wrap\"><table style=\"margin-top: 5px\" class=\"solidborder wide_table spaced_table\">\n\t\t<tr>\n\t\t\t<th>{$l_step}</th>\n\t\t\t<th>{$l_action}</th>\n\t\t\t<th>{$l_estimated_time}</th>\n\t\t</tr>\n\t\t<tr><th>X</th><td>{$l_not_for_patch} {$l_tutorial}</td><td>" . escape_html(display_time_period(60 * 120)) . "</td></tr>\n\t\t<tr><th>1</th><td>{$l_take_backup}</td><td>" . escape_html(display_time_period(60 * 120)) . "</td></tr>\n\t\t<tr><th>2</th><td>{$l_close_site} {$l_fu_closedness}<br /><q style=\"font-style: italic\">" . $closed->evaluate() . "</q> <span class=\"associated_link_to_small\">[<a href=\"" . escape_html($closed_url->evaluate()) . "\" title=\"(this link will open in a new window)\" target=\"_blank\">" . do_lang('CHANGE') . "</a>]</span></td><td>" . escape_html(display_time_period(60)) . "</td></tr>\n\t\t<tr><th>3</th><td>{$l_download}</td><td>" . escape_html(display_time_period(60 * 5)) . "</td></tr>\n\t\t<tr><th>4</th><td>{$l_not_for_patch} {$l_integrity_scan_no_merging}<!-- " . do_lang('OR') . " {$l_integrity_scan}--></td><td>" . str_replace(' ', ' ', escape_html(display_time_period(60 * 10))) . " †</td></tr>\n\t\t<tr><th>5</th><td>{$l_not_for_patch} {$l_database_upgrade}<br />{$l_up_info}</td><td>" . escape_html(display_time_period(60 * 5)) . "</td></tr>\n\t\t<tr><th>6</th><td>{$l_not_for_patch} {$l_theme_upgrade}</td><td>" . escape_html(display_time_period(60 * 5)) . "</td></tr>\n\t\t<tr><th>7</th><td>{$l_clear_caches}</td><td>1 minute</td></tr>\n\t\t<tr><th>8</th><td>{$l_open_site} {$l_fu_closedness}</td><td>1 minute</td></tr>\n\t</table></div>\n\n\t<p>† {$l_customisations}</p>\n\n\t<h2 style=\"margin-top: 40px\">{$l_error_correction}…</h2><ul style=\"margin-top: 5px\">\n\t\t<li>{$l_safe_mode}</li>\n\t\t<li>{$l_addon_management}</li>\n\t</ul>\n</div>\n"; $show_more_link = false; break; case 'decache': clear_caches_2(); echo '<p>' . do_lang('SUCCESS') . '</p>'; break; case 'check_perms': echo check_perms(); break; case 'fix_perms': echo fix_perms(); break; case 'open_site': set_option('site_closed', '0'); echo '<p>' . do_lang('SUCCESS') . '</p>'; break; case 'close_site': set_option('closed', do_lang('FU_CLOSED_FOR_UPGRADES', get_site_name())); set_option('site_closed', '1'); echo '<p>' . do_lang('SUCCESS') . '</p>'; break; case 'file_upgrade': if (get_param('tar_url', '') == '') { echo do_lang('FU_FILE_UPGRADE_INFO'); } echo do_lang('FU_FILE_UPGRADE_INFO_MANUAL'); echo '<form title="' . do_lang('PROCEED') . '" enctype="multipart/form-data" action="upgrader.php?type=_file_upgrade" method="post">' . post_fields_relay(); echo '<label for="url">' . do_lang('URL') . '</label> <input type="text" id="url" name="url" value="' . escape_html(base64_decode(get_param('tar_url', ''))) . '" /> '; if (ocp_srv('HTTP_HOST') == 'ocportal.com' || $GLOBALS['DEBUG_MODE']) { echo '<br /><label for="upload">' . do_lang('UPLOAD') . '</label> <input type="file" id="upload" name="upload" />'; } echo '<input type="submit" value="' . do_lang('PROCEED') . '" />'; echo '</form>'; $show_more_link = false; break; case '_file_upgrade': require_code('tar'); if (function_exists('set_time_limit')) { @set_time_limit(0); } if (post_param('url', '') == '' && (ocp_srv('HTTP_HOST') == 'ocportal.com' || $GLOBALS['DEBUG_MODE'])) { $temp_path = $_FILES['upload']['tmp_name']; } else { if (post_param('url', '') == '') { warn_exit(do_lang_tempcode('IMPROPERLY_FILLED_IN')); } $temp_path = ocp_tempnam('ocpfu'); $myfile = fopen($temp_path, 'wb'); http_download_file(post_param('url'), NULL, true, false, 'ocPortal', NULL, NULL, NULL, NULL, NULL, $myfile); fclose($myfile); } $upgrade_resource = tar_open($temp_path, 'rb'); //tar_extract_to_folder($upgrade_resource,'',true); disable_php_memory_limit(); $directory = tar_get_directory($upgrade_resource); // Uses up to around 5MB $data = array('todo' => array()); $popup_simple_extract = _ftp_info() === false; if (!$popup_simple_extract) { echo '<p>' . do_lang('EXTRACTING_MESSAGE') . '</p>'; } $addon_contents = array(); // Find addons foreach ($directory as $upgrade_file2) { // See if we can find an addon registry file in our upgrade TAR if (strpos($upgrade_file2['path'], '/addon_registry/') !== false && substr($upgrade_file2['path'], -4) == '.php') { $file_data = tar_get_file($upgrade_resource, $upgrade_file2['path']); $addon_contents[basename($upgrade_file2['path'], '.php')] = $file_data['data']; } } // Process files foreach ($directory as $offset => $upgrade_file) { // skip over these, from manually installer package (which may be used for an upgrade) if ($upgrade_file['path'] == 'info.php') { continue; } if ($upgrade_file['path'] == 'install.php') { continue; } if ($upgrade_file['path'] == 'install.sql') { continue; } if ($upgrade_file['path'] == 'info.php.template') { continue; } if (!$popup_simple_extract) { // See if we can skip the file, if the on-disk version is identical? if (file_exists(get_file_base() . '/' . $upgrade_file['path']) && filesize(get_file_base() . '/' . $upgrade_file['path']) == $upgrade_file['size']) { $tar_data = tar_get_file($upgrade_resource, $upgrade_file['path']); if (file_get_contents(get_file_base() . '/' . $upgrade_file['path']) == $tar_data['data']) { echo do_lang('U_SKIPPING_MESSAGE', escape_html($upgrade_file['path'])) . '<br />'; continue; } } } // Addon registry file, for installed addon if (strpos($upgrade_file['path'], '/addon_registry/') !== false && file_exists(get_file_base() . '/' . $upgrade_file['path'])) { if (substr($upgrade_file['path'], -1) != '/') { if ($popup_simple_extract) { $data['todo'][] = array($upgrade_file['path'], $upgrade_file['mtime'], $offset + 512, $upgrade_file['size'], ($upgrade_file['mode'] & 02) != 0); } else { $file_data = tar_get_file($upgrade_resource, $upgrade_file['path']); afm_make_file($upgrade_file['path'], $file_data['data'], ($file_data['mode'] & 02) != 0); echo do_lang('U_EXTRACTING_MESSAGE', escape_html($upgrade_file['path'])) . '<br />'; } } } else { // Some other file $found = NULL; if (substr($upgrade_file['path'], -1) != '/') { foreach ($addon_contents as $addon_name => $addon_data) { // See if this is the addon for the file $shortened_path = $upgrade_file['path']; $shortened_path = preg_replace('#^themes/default/(templates|css)/#', '', $shortened_path); if (strpos($addon_data, '\'' . addslashes($shortened_path) . '\'') !== false) { $found = $addon_name; break; } } } // Install if either of the following is true: // - it's some file not in an addon (shouldn't actually happen) // - it's a new addon (addon that is not installed or uninstalled i.e. does not have an exported mod file) // - it's a file in an addon we have installed // - we're upgrading from an ocPortal version that doesn't support addons yet if (is_null($found) || !file_exists(get_file_base() . '/imports/mods/' . $found . '.tar') || file_exists(get_file_base() . '/sources/hooks/systems/addon_registry/' . $found . '.php') || !file_exists(get_file_base() . '/sources/hooks/systems/addon_registry')) { if (substr($upgrade_file['path'], -1) == '/') { afm_make_directory($upgrade_file['path'], false, true); } else { if ($popup_simple_extract) { $data['todo'][] = array($upgrade_file['path'], $upgrade_file['mtime'], $offset + 512, $upgrade_file['size'], ($upgrade_file['mode'] & 02) != 0); } else { $file_data = tar_get_file($upgrade_resource, $upgrade_file['path']); if (!file_exists(get_file_base() . '/' . dirname($upgrade_file['path']))) { afm_make_directory(dirname($upgrade_file['path']), false, true); } afm_make_file($upgrade_file['path'], $file_data['data'], ($file_data['mode'] & 02) != 0); echo do_lang('U_EXTRACTING_MESSAGE', escape_html($upgrade_file['path'])) . '<br />'; } } } if (substr($upgrade_file['path'], -1) != '/') { // If true: We need to copy it into our archived addon so that addon is kept up-to-date if (!is_null($found) && file_exists(get_file_base() . '/imports/mods/' . $found . '.tar')) { $old_mod_file = tar_open(get_file_base() . '/imports/mods/' . $found . '.tar', 'rb'); $new_mod_file = tar_open(get_file_base() . '/imports/mods/' . $found . '.new.tar', 'wb'); $directory2 = tar_get_directory($old_mod_file, true); if (!is_null($directory2)) { foreach ($directory2 as $d) { if ($d['path'] == $upgrade_file['path']) { continue; } $file_data = tar_get_file($old_mod_file, $d['path']); if ($d['path'] == 'mod.inf') { $file_data['data'] = preg_replace('#^version=.*#m', 'version=(version-synched)', $file_data['data']); } tar_add_file($new_mod_file, $d['path'], $file_data['data'], $d['mode'], $d['mtime']); } $file_data = tar_get_file($upgrade_resource, $upgrade_file['path']); tar_add_file($new_mod_file, $upgrade_file['path'], $file_data['data'], $upgrade_file['mode'], $upgrade_file['mtime']); tar_close($new_mod_file); tar_close($old_mod_file); unlink(get_file_base() . '/imports/mods/' . $found . '.tar'); rename(get_file_base() . '/imports/mods/' . $found . '.new.tar', get_file_base() . '/imports/mods/' . $found . '.tar'); echo do_lang('U_PACKING_MESSAGE', escape_html($upgrade_file['path'])) . '<br />'; } } } } } tar_close($upgrade_resource); if ($popup_simple_extract) { copy($temp_path, get_custom_file_base() . '/data_custom/upgrader.tar.tmp'); @unlink($temp_path); $temp_path = get_custom_file_base() . '/data_custom/upgrader.tar.tmp'; $tmp_data_path = get_custom_file_base() . '/data_custom/upgrader.tmp'; $tmp_data_file = fopen($tmp_data_path, 'wb'); fwrite($tmp_data_file, serialize($data)); fclose($tmp_data_file); global $SITE_INFO; $extract_url = get_base_url() . '/data/upgrader2.php?hashed_password='******'admin_password']) . '&tmp_path=' . urlencode($temp_path) . '&file_offset=0&tmp_data_path=' . urlencode($tmp_data_path) . '&done=' . urlencode(do_lang('DONE')); echo '<p>' . do_lang('FU_EXTRACTING_WINDOW', integer_format(count($data['todo']))) . '</p>'; echo '<iframe frameBorder="0" title="" style="width: 100%; height: 400px" src="' . escape_html($extract_url) . '"></iframe>'; } else { echo '<p>' . do_lang('SUCCESS') . '</p>'; @unlink($temp_path); } unset($_POST['news_id']); break; case 'integrity_scan': $allow_merging = either_param_integer('allow_merging', 0); echo run_integrity_check(false, $allow_merging == 1); break; case '_integrity_scan': _integrity_scan(); echo '<p>' . do_lang('SUCCESS') . '</p>'; break; case 'db_upgrade': $something_done = false; clear_caches_2(); if (version_specific()) { echo do_lang('FU_UPGRADED_CORE_TABLES'); $something_done = true; } $done = upgrade_modules(); if ($done != '') { echo do_lang('FU_UPGRADE_MODULES', $done); $something_done = true; } if (!$something_done) { echo do_lang('NO_UPGRADE_DONE'); } $version_files = ocp_version_number(); $_version_database = get_value('ocf_version'); $version_database = floatval($_version_database); if (is_null($_version_database)) { $version_database = 2.1; } // Either 2.0 or 2.1, and they are equivalent in terms of what we need to do if ($version_database < $version_files) { echo do_lang('FU_MUST_UPGRADE_OCF', fu_link('upgrader.php?type=ocf', do_lang('FU_UPGRADE_OCF'))); } break; case 'theme_upgrade': echo upgrade_themes(); break; case 'ocf': // Only to be launched as a consequent of db_upgrade if (ocf_upgrade()) { echo '<p>' . do_lang('SUCCESS') . '</p>'; } else { echo do_lang('FU_NO_OCF_UPGRADE'); } break; } if ($show_more_link) { echo '<hr /><div>' . fu_link('upgrader.php?type=misc', do_lang('MORE_OPTIONS')) . '</div>'; } } else { up_do_header(); up_do_login(do_lang('USER_BAD_PASSWORD')); } } else { up_do_header(); up_do_login(); } up_do_footer(); }
/** * Add a file to the specified TAR file. * * @param array The TAR file handle * @param PATH The relative path to where we wish to add the file to the archive (including filename) * @param string The data of the file to add * @param integer The file mode (permissions) * @param TIME The modification time we wish for our file * @param boolean Whether the $data variable is actually a full file path */ function tar_add_file(&$resource, $target_path, $data, $_mode, $_mtime, $data_is_path = false) { if (!array_key_exists('directory', $resource)) { tar_get_directory($resource); } if (substr($target_path, 0, 1) == '/') { $target_path = substr($target_path, 1); } $directory = $resource['directory']; foreach ($directory as $entry) { if ($entry['path'] == $target_path) { warn_exit(do_lang_tempcode('FILE_IN_ARCHIVE_TWICE', escape_html($target_path))); } } $myfile = $resource['myfile']; fseek($myfile, $resource['end'], SEEK_SET); $resource['already_at_end'] = true; $resource['directory'][$resource['end']] = array('path' => $target_path, 'mode' => $_mode, 'size' => $data_is_path ? filesize($data) : strlen($data)); if (strlen($target_path) > 100) { $prefix_length = strlen($target_path) - 100; $prefix = pack('a155', substr($target_path, 0, $prefix_length)); $name = pack('a100', substr($target_path, $prefix_length)); } else { $name = pack('a100', $target_path); $prefix = pack('a155', ''); } $mode = sprintf('%7s ', decoct($_mode)); $uid = sprintf('%7s ', decoct(fileowner(get_file_base() . '/index.php'))); if (strlen($uid) > 8) { $uid = ' '; } $gid = sprintf('%7s ', decoct(filegroup(get_file_base() . '/index.php'))); if (strlen($gid) > 8) { $gid = ' '; } $size = sprintf('%11s ', decoct($data_is_path ? filesize($data) : strlen($data))); $mtime = sprintf('%11s ', decoct($_mtime)); $chksum = ' '; $typeflag = pack('a1', ''); $linkname = pack('a100', ''); $magic = pack('a6', 'ustar'); $version = pack('a2', ''); $uname = pack('a8', ''); $gname = pack('a8', ''); $devmajor = pack('a8', ''); $devminor = pack('a8', ''); $whole = pack('a512', $name . $mode . $uid . $gid . $size . $mtime . $chksum . $typeflag . $linkname . $magic . $version . $uname . $gname . $devmajor . $devminor . $prefix); $checksum = tar_crc($whole); $chksum = pack('a8', decoct($checksum) . ' '); $whole = pack('a512', $name . $mode . $uid . $gid . $size . $mtime . $chksum . $typeflag . $linkname . $magic . $version . $uname . $gname . $devmajor . $devminor . $prefix); $chunk = pack('a512', $whole); if (fwrite($myfile, $chunk) < strlen($chunk)) { warn_exit(do_lang_tempcode('COULD_NOT_SAVE_FILE')); } $block_size = file_size_to_tar_block_size($data_is_path ? filesize($data) : strlen($data)); if ($data_is_path) { $infile = fopen($data, 'rb'); while (!feof($infile)) { $in = fread($infile, 8000); if (fwrite($myfile, $in) < strlen($in)) { warn_exit(do_lang_tempcode('COULD_NOT_SAVE_FILE')); } } fclose($infile); $extra_to_write = $block_size - filesize($data); if ($extra_to_write != 0) { if (fwrite($myfile, pack('a' . strval($extra_to_write), '')) == 0) { warn_exit(do_lang_tempcode('COULD_NOT_SAVE_FILE')); } } } else { $chunk = pack('a' . strval($block_size), $data); if (fwrite($myfile, $chunk) < strlen($chunk)) { warn_exit(do_lang_tempcode('COULD_NOT_SAVE_FILE')); } } $chunk = pack('a512', ''); if (fwrite($myfile, $chunk) < strlen($chunk)) { warn_exit(do_lang_tempcode('COULD_NOT_SAVE_FILE')); } $resource['end'] += 512 + $block_size; }
/** * The actualiser to import a zip/tar into a gallery. * * @return tempcode The UI */ function __gimp() { $cat = get_param('cat'); require_code('images'); check_specific_permission('mass_import'); post_param('test'); // To pick up on max file size exceeded errors make_member_gallery_if_needed($cat); require_code('uploads'); if (!is_swf_upload(true) && (!array_key_exists('file_1', $_FILES) || !is_uploaded_file($_FILES['file_1']['tmp_name']))) { warn_exit(do_lang_tempcode('NO_PARAMETER_SENT', 'file')); } if (get_value('use_gallery_subdirs') == '1') { if (!file_exists(get_custom_file_base() . '/uploads/galleries/' . $cat)) { mkdir(get_custom_file_base() . '/uploads/galleries/' . $cat, 0777); fix_permissions(get_custom_file_base() . '/uploads/galleries/' . $cat, 0777); sync_file('uploads/galleries/' . $cat); } if (!file_exists(get_custom_file_base() . '/uploads/galleries_thumbs/' . $cat)) { @mkdir(get_custom_file_base() . '/uploads/galleries_thumbs/' . $cat, 0777) or warn_exit(do_lang_tempcode('WRITE_ERROR_DIRECTORY', get_custom_file_base() . '/uploads/galleries_thumbs')); fix_permissions(get_custom_file_base() . '/uploads/galleries_thumbs/' . $cat, 0777); sync_file('uploads/galleries_thumbs/' . $cat); } } foreach ($_FILES as $attach_name => $__file) { $tmp_name = $__file['tmp_name']; $file = $__file['name']; if ($file == '') { continue; } // Not filled in this one switch (get_file_extension($file)) { case 'zip': if (!function_exists('zip_open') && get_option('unzip_cmd') == '') { warn_exit(do_lang_tempcode('ZIP_NOT_ENABLED')); } if (!function_exists('zip_open')) { require_code('m_zip'); $mzip = true; } else { $mzip = false; } $myfile = zip_open($tmp_name); if (!is_integer($myfile)) { while (false !== ($entry = zip_read($myfile))) { // Load in file zip_entry_open($myfile, $entry); $tmp_name_2 = ocp_tempnam('bi'); $myfile2 = fopen($tmp_name_2, 'wb') or intelligent_write_error($tmp_name_2); $more = mixed(); do { $more = zip_entry_read($entry); if ($more !== false) { if (fwrite($myfile2, $more) < strlen($more)) { warn_exit(do_lang_tempcode('COULD_NOT_SAVE_FILE')); } } } while ($more !== false && $more != ''); fclose($myfile2); // Strip off our slash to gimp right $_file = zip_entry_name($entry); $slash = strrpos($_file, '/'); if ($slash === false) { $slash = strrpos($_file, "\\"); } if ($slash !== false) { $_file = substr($_file, $slash + 1); } if (is_image($_file) || is_video($_file)) { $this->store_from_archive($_file, $tmp_name_2, $cat); } zip_entry_close($entry); } zip_close($myfile); } else { require_code('failure'); warn_exit(zip_error($myfile, $mzip)); } break; case 'tar': require_code('tar'); $myfile = tar_open($tmp_name, 'rb'); if ($myfile !== false) { $directory = tar_get_directory($myfile); // See if there is a numbering system to sort by $all_are = NULL; foreach ($directory as $entry) { $this_are = strtolower(preg_replace('#\\d#', '', $entry['path'])); if (is_null($all_are)) { $all_are = $this_are; } if ($all_are != $this_are) { $all_are = NULL; break; } } if (!is_null($all_are)) { global $M_SORT_KEY; $M_SORT_KEY = 'path'; usort($directory, 'multi_sort'); } foreach ($directory as $entry) { $tmp_name_2 = ocp_tempnam('bi'); // Load in file $_in = tar_get_file($myfile, $entry['path'], false, $tmp_name_2); // Strip off our slash to gimp right $_file = $entry['path']; $slash = strrpos($_file, '/'); if ($slash === false) { $slash = strrpos($_file, "\\"); } if ($slash !== false) { $_file = substr($_file, $slash + 1); } if (is_image($_file) || is_video($_file)) { $this->store_from_archive($_file, $tmp_name_2, $cat); } unset($_in); } tar_close($myfile); } break; default: if (is_image($file) || is_video($file)) { $tmp_name_2 = ocp_tempnam('bi'); if ($__file['type'] != 'swfupload') { $test = @move_uploaded_file($tmp_name, $tmp_name_2); } else { $test = @copy($tmp_name, $tmp_name_2); // We could rename, but it would hurt integrity of refreshes } $this->store_from_archive($file, $tmp_name_2, $cat); } else { attach_message(do_lang_tempcode('BAD_ARCHIVE_FORMAT'), 'warn'); } } } $title = get_page_title('GALLERY_IMPORT'); breadcrumb_set_parents(array(array('_SELF:_SELF:misc', do_lang_tempcode('MANAGE_GALLERIES')), array('_SELF:_SELF:gimp', do_lang_tempcode('CHOOSE')), array('_SELF:_SELF:_gimp:name=' . $cat, do_lang_tempcode('GALLERY_IMPORT')))); if (!is_null(get_param('redirect', NULL))) { $url = make_string_tempcode(get_param('redirect')); return redirect_screen($title, $url, do_lang_tempcode('SUCCESS')); } return $this->cat_aed_module->_do_next_manager($title, do_lang_tempcode('SUCCESS'), $cat); }
/** * Get information for the user relating to an addon that they are intending to install. * * @param string Filename of the addon TAR file * @param ?array List of addons that we're currently uninstalling (so dependencies from these are irrelevant). (NULL: none) * @param ?array List of addons that we're currently installing (so dependencies to these are irrelevant). (NULL: none) * @return array Triple: warnings, files, addon info array */ function inform_about_addon_install($file, $also_uninstalling = NULL, $also_installing = NULL) { if (is_null($also_uninstalling)) { $also_uninstalling = array(); } if (is_null($also_installing)) { $also_installing = array(); } $full = get_custom_file_base() . '/imports/mods/' . $file; // Look in the tar require_code('tar'); if (!file_exists($full)) { warn_exit(do_lang_tempcode('MISSING_RESOURCE')); } $tar = tar_open($full, 'rb'); $directory = tar_get_directory($tar); $info_file = tar_get_file($tar, 'mod.inf'); if (is_null($info_file)) { warn_exit(do_lang_tempcode('NOT_ADDON')); } $info = better_parse_ini_file(NULL, $info_file['data']); $addon = $info['name']; $php = false; $overwrite = new ocp_tempcode(); $dirs = array(); $files = new ocp_tempcode(); $files_warnings = new ocp_tempcode(); global $M_SORT_KEY; $M_SORT_KEY = 'path'; usort($directory, 'multi_sort'); foreach ($directory as $i => $entry) { if ($entry['path'] == 'mod.inf') { continue; } if ($entry['path'] == 'mod.php') { continue; } if (substr($entry['path'], -1) == '/') { continue; } $data = strtolower(substr($entry['path'], -4, 4)) == '.tpl' ? tar_get_file($tar, $entry['path'], true) : NULL; // .php? if (strtolower(substr($entry['path'], -4, 4)) == '.php' || !is_null($data) && (strpos($data['data'], '{+START,PHP') !== false || strpos($data['data'], '<' . '?php') !== false)) { $php = true; $this_php = true; } else { $this_php = false; } // chmod? $pos = strrpos($entry['path'], '/'); if ($pos !== false) { $dirs[substr($entry['path'], 0, $pos)] = 1; } else { $dirs[''] = 1; } // overwrite? if (file_exists(get_file_base() . '/' . $entry['path'])) { if (!$overwrite->is_empty()) { $overwrite->attach(do_lang_tempcode('LIST_SEP')); } $overwrite->attach(escape_html($entry['path'][0] == '/' ? substr($entry['path'], 1) : $entry['path'])); $this_overwrite = true; } else { $this_overwrite = false; } // Comcode? if (strtolower(substr($entry['path'], -4, 4)) == '.txt' && strpos($entry['path'], 'pages/comcode') !== false) { $this_comcode_page = true; } else { $this_comcode_page = false; } // Template if ($this_comcode_page) { $files_warnings->attach(do_template('ADDON_INSTALL_FILES_WARNING', array('_GUID' => 'd0cf99f96262296df4afe2387f4cd3e8', 'I' => strval($i), 'PATH' => $entry['path'], 'ABOUT' => do_lang_tempcode('ADDON_FILE_IS_COMCODE_PAGE')))); } elseif ($this_overwrite) { $backup = substr($entry['path'], -4) == '.txt'; $files_warnings->attach(do_template('ADDON_INSTALL_FILES_WARNING', array('_GUID' => 'c62168dee316d8f73d20a0d70d41b1a4', 'I' => strval($i), 'PATH' => $entry['path'], 'ABOUT' => do_lang_tempcode($backup ? 'ADDON_FILE_WILL_OVERWRITE_BACKUP' : 'ADDON_FILE_WILL_OVERWRITE')))); } elseif ($this_php) { $files_warnings->attach(do_template('ADDON_INSTALL_FILES_WARNING', array('_GUID' => 'c0cf99f96262296df4afe2387f4cd3e8', 'I' => strval($i), 'PATH' => $entry['path'], 'ABOUT' => do_lang_tempcode('ADDON_FILE_IS_PHP')))); } else { $files->attach(do_template('ADDON_INSTALL_FILES', array('_GUID' => '74edcf396387c842cab5cfd0ab74b8f6', 'I' => strval($i), 'PATH' => $entry['path'], 'ABOUT' => do_lang_tempcode('ADDON_FILE_NORMAL')))); } } tar_close($tar); $chmod = new ocp_tempcode(); $root_chmod = false; foreach (array_keys($dirs) as $dir) { if (is_writable_wrap(get_file_base() . '/' . $dir) && file_exists(get_file_base() . '/' . $dir)) { if ($dir == '') { $root_chmod = true; continue; } if (!$chmod->is_empty()) { $chmod->attach(do_lang_tempcode('LIST_SEP')); } $chmod->attach(escape_html(do_lang('ROOT') . ($dir[0] != '/' ? '/' : '') . $dir)); } elseif (substr_count($dir, '/') == 1 && !file_exists(get_file_base() . '/' . $dir)) { $root_chmod = true; } } if ($root_chmod) { if (!$chmod->is_empty()) { $chmod->attach(', '); } $chmod->attach(do_lang('ROOT')); } // Check incompatibilities, and show general warning // NB: It's theoretically possible that there may be incompatibilities between two addons installing together, and we can't detect this (only incompatibilities for what is already installed). However it's very unlikely as multi-install is only really going to happen with official addons which have no such problems. $warnings = new ocp_tempcode(); if ($info['author'] != 'Core Team') { $warnings->attach(do_template('ADDON_INSTALL_WARNING', array('_GUID' => 'dd66b2c540908de60753a1ced73b8ac0', 'WARNING' => do_lang_tempcode('ADDON_WARNING_GENERAL')))); } $incompatibilities = collapse_1d_complexity('addon_name', $GLOBALS['SITE_DB']->query_select('addons_dependencies', array('addon_name'), array('addon_name_dependant_upon' => $addon, 'addon_name_incompatibility' => 1))); $_incompatibilities = new ocp_tempcode(); foreach ($incompatibilities as $in) { if (!$_incompatibilities->is_empty()) { $_incompatibilities->attach(do_lang_tempcode('LIST_SEP')); } $_incompatibilities->attach(escape_html($in)); } if (count($incompatibilities) != 0) { $warnings->attach(do_template('ADDON_INSTALL_WARNING', array('WARNING' => do_lang_tempcode('ADDON_WARNING_INCOMPATIBILITIES', $_incompatibilities)))); } // Check dependencies $_dependencies = explode(',', array_key_exists('dependencies', $info) ? $info['dependencies'] : ''); $dependencies = array(); foreach ($_dependencies as $dependency) { if ($dependency == '') { continue; } if (in_array($dependency . '.tar', $also_installing)) { continue; } if (in_array($dependency . '.tar', $also_uninstalling)) { $dependencies[] = $dependency; continue; } if (!has_feature($dependency)) { $dependencies[] = $dependency; } } $_dependencies_str = new ocp_tempcode(); foreach ($dependencies as $in) { if (!$_dependencies_str->is_empty()) { $_dependencies_str->attach(do_lang_tempcode('LIST_SEP')); } if (file_exists(get_custom_file_base() . '/imports/addons/' . $in . '.tar')) { $in_tpl = hyperlink(build_url(array('page' => 'admin_addons', 'type' => 'addon_install', 'file' => $in . '.tar'), get_module_zone('admin_addons')), $in, true, true); } else { $in_tpl = make_string_tempcode(escape_html($in)); } $_dependencies_str->attach($in_tpl); } if (count($dependencies) != 0) { if ($info['author'] == 'Core Team') { $post_fields = build_keep_post_fields(); foreach ($dependencies as $in) { $post_fields->attach(form_input_hidden('install_' . $in . '.tar', $in . '.tar')); } if (get_param('type', 'misc') == 'addon_install') { $post_fields->attach(form_input_hidden('install_' . $file, $file)); $url = static_evaluate_tempcode(build_url(array('page' => '_SELF', 'type' => 'multi_action'), '_SELF')); } else { $url = get_self_url(true); } warn_exit(do_lang_tempcode('_ADDON_WARNING_MISSING_DEPENDENCIES', $_dependencies_str->evaluate(), escape_html($addon), array(escape_html($url), $post_fields))); } else { $warnings->attach(do_template('ADDON_INSTALL_WARNING', array('WARNING' => do_lang_tempcode('ADDON_WARNING_MISSING_DEPENDENCIES', $_dependencies_str)))); } } // if (!$overwrite->is_empty()) $warnings->attach(do_template('ADDON_INSTALL_WARNING',array('_GUID'=>'fe40ed8192a452a835be4c0fde64406b','WARNING'=>do_lang_tempcode('ADDON_WARNING_OVERWRITE',escape_html($overwrite))))); if ($info['author'] != 'Core Team') { if ($php) { $warnings->attach(do_template('ADDON_INSTALL_WARNING', array('_GUID' => '8cf249a119d10b2e97fc94cb9981dcea', 'WARNING' => do_lang_tempcode('ADDON_WARNING_PHP')))); } } // if ($chmod!='') $warnings->attach(do_template('ADDON_INSTALL_WARNING',array('_GUID'=>'78121e40b9a26c2f33d09f7eee7b74be','WARNING'=>do_lan g_tempcode('ADDON_WARNING_CHMOD',escape_html($chmod))))); // Now uses AFM $files_combined = new ocp_tempcode(); $files_combined->attach($files_warnings); $files_combined->attach($files); return array($warnings, $files_combined, $info); }