function CWebDavFile($arParams, $base_url) { $io = self::GetIo(); $arParams = is_array($arParams) ? $arParams : array(); $this->RegisterVirtualIOCompatibility(); $arParams["FOLDER"] = $io->CombinePath("/", trim($arParams["FOLDER"])); $this->real_path = $arParams["FOLDER"]; $this->real_path_full = $io->CombinePath($_SERVER['DOCUMENT_ROOT'], $arParams["FOLDER"]); $this->CWebDavBase($base_url); if (!$io->DirectoryExists($this->real_path_full)) { $this->arError[] = array("id" => "folder is not exists", "text" => GetMessage("WD_FILE_ERROR1")); } elseif (substr($this->real_path, 0, 7) == "/bitrix") { $this->arError[] = array("id" => "forbidden folder", "text" => GetMessage("WD_FILE_ERROR15")); } $this->permission = $GLOBALS['APPLICATION']->GetFileAccessPermission($arParams["FOLDER"]); foreach ($this->arFilePermissions as $right => $perms) { foreach ($this->arFilePermissions[$right] as $ext => $perms) { if ($this->permission < $perms) { $this->arFileForbiddenExtentions[$right][] = $ext; } } } if (!$GLOBALS["USER"]->IsAdmin()) { $res = GetScriptFileExt(); foreach ($res as $ext) { $this->arFileForbiddenExtentions["WRITE"][] = "." . $ext; } } $this->workflow = false; }
function IsCanEditPage($currentFilePath, $documentRoot, $filemanExists) { $io = CBXVirtualIo::GetInstance(); if (!$io->FileExists($documentRoot . $currentFilePath) || !$GLOBALS["USER"]->CanDoFileOperation("fm_edit_existent_file", array(SITE_ID, $currentFilePath))) { return false; } //need fm_lpa for every .php file, even with no php code inside if (in_array(GetFileExtension($currentFilePath), GetScriptFileExt()) && !$GLOBALS["USER"]->CanDoFileOperation('fm_lpa', array(SITE_ID, $currentFilePath)) && !$GLOBALS["USER"]->CanDoOperation('edit_php')) { return false; } if ($filemanExists) { return $GLOBALS["USER"]->CanDoOperation("fileman_admin_files") && $GLOBALS["USER"]->CanDoOperation("fileman_edit_existent_files"); } return true; }
function HasScriptExtension($check_name) { $arExt = GetScriptFileExt(); $check_name = GetFileName($check_name); $arParts = explode(".", $check_name); foreach($arParts as $i => $part) { if($i > 0 && in_array(strtolower(TrimUnsafe($part)), $arExt)) return true; } return false; }
if ($APPLICATION->GetShowIncludeAreas()) { require_once $_SERVER["DOCUMENT_ROOT"] . BX_ROOT . "/modules/main/interface/init_admin.php"; $aUserOpt = CUserOptions::GetOption("global", "settings", array()); if ($aUserOpt["page_edit_control_enable"] != "N") { $documentRoot = CSite::GetSiteDocRoot(SITE_ID); if (isset($_SERVER["REAL_FILE_PATH"]) && $_SERVER["REAL_FILE_PATH"] != "") { $currentFilePath = $_SERVER["REAL_FILE_PATH"]; } else { $currentFilePath = $APPLICATION->GetCurPage(true); } $bCanEdit = true; if (!is_file($documentRoot . $currentFilePath) || !$USER->CanDoFileOperation("fm_edit_existent_file", array(SITE_ID, $currentFilePath))) { $bCanEdit = false; } //need fm_lpa for every .php file, even with no php code inside if ($bCanEdit && !$USER->CanDoOperation('edit_php') && in_array(GetFileExtension($currentFilePath), GetScriptFileExt()) && !$USER->CanDoFileOperation('fm_lpa', array(SITE_ID, $currentFilePath))) { $bCanEdit = false; } if ($bCanEdit && IsModuleInstalled("fileman") && !($USER->CanDoOperation("fileman_admin_files") && $USER->CanDoOperation("fileman_edit_existent_files"))) { $bCanEdit = false; } if ($bCanEdit) { echo $APPLICATION->IncludeStringBefore(); $BX_GLOBAL_AREA_EDIT_ICON = true; } } } define("START_EXEC_PROLOG_AFTER_2", microtime()); $GLOBALS["BX_STATE"] = "WA"; $APPLICATION->RestartWorkarea(true); //magically replacing the current file with another one
} } } if (!empty($arMsg)) { $e = new CAdminException($arMsg); $GLOBALS["APPLICATION"]->ThrowException($e); return false; } return true; } /************************************************************************** GET | POST handlers ***************************************************************************/ $ID = intval($ID); $STATUS_ID = intval($STATUS_ID); $arExt = GetScriptFileExt(); $arTemplates = GetFileTemplates(); $arUploadedFiles = array(); $BODY_TYPE = $BODY_TYPE == "text" ? "text" : "html"; $FILENAME = str_replace("\\", "/", $FILENAME); $arContent = array(); $site = CWorkflow::__CheckSite($site); $DOC_ROOT = CSite::GetSiteDocRoot($site); $del_id = intval($del_id); // id of the record being deleted if ($del_id > 0 && $WORKFLOW_RIGHT > "R" && check_bitrix_sessid()) { if (CWorkflow::IsAllowEdit($del_id, $locked_by, $date_lock)) { CWorkflow::Delete($del_id); LocalRedirect("/bitrix/admin/workflow_list.php?lang=" . LANGUAGE_ID); } else { if (intval($locked_by) > 0) {
function GetScriptFileExt() { return GetScriptFileExt(); }
public static function GetScriptFileExt() { return GetScriptFileExt(); }
$slash_pos = strrpos($sRealFilePath, "/"); $sFilePath = substr($sRealFilePath, 0, $slash_pos + 1); } else { $sFilePath = $APPLICATION->GetCurDir(); } $arParams['PATH'] = Rel2Abs($sFilePath, $arParams['PATH']); } $slash_pos = strrpos($arParams['PATH'], "/"); $sFilePath = substr($arParams['PATH'], 0, $slash_pos + 1); $sFileName = substr($arParams['PATH'], $slash_pos + 1); $bFileFound = $io->FileExists($_SERVER['DOCUMENT_ROOT'] . $sFilePath . $sFileName); $sFilePathTMP = $sFilePath; } if ($APPLICATION->GetShowIncludeAreas()) { //need fm_lpa for every .php file, even with no php code inside $bPhpFile = !$GLOBALS["USER"]->CanDoOperation('edit_php') && in_array(GetFileExtension($sFileName), GetScriptFileExt()); $bCanEdit = $USER->CanDoFileOperation('fm_edit_existent_file', array(SITE_ID, $sFilePath . $sFileName)) && (!$bPhpFile || $GLOBALS["USER"]->CanDoFileOperation('fm_lpa', array(SITE_ID, $sFilePath . $sFileName))); $bCanAdd = $USER->CanDoFileOperation('fm_create_new_file', array(SITE_ID, $sFilePathTMP . $sFileName)) && (!$bPhpFile || $GLOBALS["USER"]->CanDoFileOperation('fm_lpa', array(SITE_ID, $sFilePathTMP . $sFileName))); if ($bCanEdit || $bCanAdd) { $editor = '&site=' . SITE_ID . '&back_url=' . urlencode($_SERVER['REQUEST_URI']) . '&templateID=' . urlencode(SITE_TEMPLATE_ID); if ($bFileFound) { if ($bCanEdit) { $arMenu = array(); if ($USER->CanDoOperation('edit_php')) { $arMenu[] = array("ACTION" => 'javascript:' . $APPLICATION->GetPopupLink(array('URL' => "/bitrix/admin/public_file_edit_src.php?lang=" . LANGUAGE_ID . "&template=" . urlencode($arParams["EDIT_TEMPLATE"]) . "&path=" . urlencode($sFilePath . $sFileName) . $editor, "PARAMS" => array('width' => 770, 'height' => 570, 'resize' => true, "dialog_type" => 'EDITOR'))), "ICON" => "panel-edit-php", "TEXT" => GetMessage("main_comp_include_edit_php"), "TITLE" => GetMessage("MAIN_INCLUDE_AREA_EDIT_" . $arParams["AREA_FILE_SHOW"] . "_NOEDITOR")); } $arIcons = array(array("URL" => 'javascript:' . $APPLICATION->GetPopupLink(array('URL' => "/bitrix/admin/public_file_edit.php?lang=" . LANGUAGE_ID . "&from=main.include&template=" . urlencode($arParams["EDIT_TEMPLATE"]) . "&path=" . urlencode($sFilePath . $sFileName) . $editor, "PARAMS" => array('width' => 770, 'height' => 570, 'resize' => true))), "DEFAULT" => $APPLICATION->GetPublicShowMode() != 'configure', "ICON" => "bx-context-toolbar-edit-icon", "TITLE" => GetMessage("main_comp_include_edit"), "ALT" => GetMessage("MAIN_INCLUDE_AREA_EDIT_" . $arParams["AREA_FILE_SHOW"]), "MENU" => $arMenu)); } if ($sFilePath != $sFilePathTMP && $bCanAdd) { $arMenu = array(); if ($USER->CanDoOperation('edit_php')) {
# http://www.bitrix.ru # # mailto:admin@bitrix.ru # ############################################## */ require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_admin_before.php"; require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/workflow/prolog.php"; $WORKFLOW_RIGHT = $APPLICATION->GetGroupRight("workflow"); if ($WORKFLOW_RIGHT == "D") { $APPLICATION->AuthForm(GetMessage("ACCESS_DENIED")); } require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/workflow/include.php"; IncludeModuleLangFile(__FILE__); $fname = $_REQUEST["fname"]; $path = ""; $filename = ""; if ($USER->IsAdmin() || !in_array(GetFileExtension($fname), GetScriptFileExt())) { $z = CWorkflow::GetFileByID($did, $fname); if ($zr = $z->Fetch()) { $path = CWorkflow::GetTempDir() . $zr["TEMP_FILENAME"]; if (file_exists($path)) { $filename = basename($zr["FILENAME"]); } } } else { $strError = GetMessage("FLOW_ACCESS_DENIED_PHP_DOWNLOAD"); } if (strlen($strError) <= 0) { $fsize = filesize($path); header("Content-Type: application/force-download; name=\"" . $filename . "\""); header("Content-Transfer-Encoding: binary"); header("Content-Length: " . $fsize);