/** * This function will check for privileges */ public static function checkPrivilege($requires = null) { if (!($user = APIUser::get())) { throw new Exception("You have no OS.js Session, please log in!"); } if (is_bool($requires)) { return; } if ($requires === null) { $requires = array(); } else { if (!is_array($requires)) { $requires = array($requires); } } $groups = $user->getGroups(); if (!in_array(APIUser::GROUP_ADMIN, $groups)) { foreach ($requires as $req) { if (!in_array($req, $groups)) { throw new Exception("You are not allowed to use this API function!"); } } } }
function getRealPath(&$scandir) { $scandir = preg_replace("/\\/\$/", "", $scandir); $scandir = preg_replace("/\\/\\.\\.\\/?/", "/", $scandir); $scandir = preg_replace("/\\/\$/", "", $scandir); $protocol = ""; $dirname = $scandir; $realpath = ""; $settings = Settings::get(); if (preg_match("/^([A-z0-9\\-_]+)?\\:\\/\\/?(.*)/", $scandir, $matches) !== false) { if (sizeof($matches) === 3) { $protocol = "{$matches[1]}://"; $dirname = $matches[2]; } } if ($protocol === "osjs://") { $root = sprintf("%s/%s", DISTDIR, preg_replace("/^\\//", "", $dirname)); if (strstr($root, DISTDIR) === false) { throw new Exception("Access denied in directory '{$root}'"); } } else { if ($protocol === "home://") { $username = null; if ($user = APIUser::get()) { $username = $user->getUsername(); } if (!$username) { throw new Exception("No username was found, cannot access home directory"); } $vfsdir = sprintf("%s/%s", $settings['vfs']['homes'], $username); $root = sprintf("%s/%s", $vfsdir, preg_replace("/^\\//", "", $dirname)); if (strstr($root, $vfsdir) === false) { throw new Exception("Access denied in directory '{$root}'"); } } else { if ($protocol) { $tmp = explode(":", $protocol); $proto = reset($tmp); if (isset($settings['vfs']['mounts'][$proto])) { $value = $settings['vfs']['mounts'][$proto]; $root = sprintf("%s/%s", $value, preg_replace("/^\\//", "", $dirname)); if (strstr($root, $value) === false) { throw new Exception("Access denied in directory '{$root}'"); } } else { throw new Exception("No such mountpoint"); } } else { throw new Exception('Invalid mountpoint'); } } } $realpath = str_replace(array("../", "./"), "", $root); return array($dirname, $root, $protocol, $realpath); }