if ($_CONF['allow_user_themes'] == 1) { if (isset($_COOKIE[$_CONF['cookie_theme']])) { $theme = COM_sanitizeFilename($_COOKIE[$_CONF['cookie_theme']], true); if (is_dir($_CONF['path_themes'] . $theme)) { $_USER['theme'] = $theme; $_CONF['path_layout'] = $_CONF['path_themes'] . $theme . '/'; $_CONF['layout_url'] = $_CONF['site_url'] . '/layout/' . $theme; } } } } COM_resetSpeedlimit('login'); // we are now fully logged in, let's see if there is someplace we need to go.... if (SESS_isSet('login_referer')) { $_SERVER['HTTP_REFERER'] = SESS_getVar('login_referer'); SESS_unSet('login_referer'); } if (!empty($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], '/users.php') === false && substr($_SERVER['HTTP_REFERER'], 0, strlen($_CONF['site_url'])) == $_CONF['site_url']) { $indexMsg = $_CONF['site_url'] . '/index.php?msg='; if (substr($_SERVER['HTTP_REFERER'], 0, strlen($indexMsg)) == $indexMsg) { echo COM_refresh($_CONF['site_url'] . '/index.php'); } else { // If user is trying to login - force redirect to index.php if (strstr($_SERVER['HTTP_REFERER'], 'mode=login') === false) { // if article - we need to ensure we have the story if (substr($_SERVER['HTTP_REFERER'], 0, strlen($_CONF['site_url'])) == $_CONF['site_url']) { echo COM_refresh(COM_sanitizeUrl($_SERVER['HTTP_REFERER'])); } else { echo COM_refresh($_CONF['site_url'] . '/index.php'); } } else {
/** * Plugin function that is called after comment form is submitted. * Needs to at least save the comment and check return value. * Add any additional logic your plugin may need to perform on comments. * * $title comment title * $comment comment text * $id Item id to which $cid belongs * $pid comment parent * $postmode 'html' or 'text' * */ function _mg_savecomment($title, $comment, $id, $pid, $postmode) { global $_CONF, $_MG_CONF, $_TABLES, $LANG03; $retval = ''; $title = strip_tags($title); $pid = COM_applyFilter($pid, true); $postmode = COM_applyFilter($postmode); $ret = CMT_saveComment($title, $comment, $id, $pid, 'mediagallery', $postmode); if ($ret > 0) { $retval = ''; if (SESS_isSet('glfusion.commentpresave.error')) { $retval = COM_showMessageText(SESS_getVar('glfusion.commentpresave.error'), '', true); SESS_unSet('glfusion.commentpresave.error'); } $retval .= CMT_commentform($title, $comment, $id, $pid, 'mediagallery', $LANG03[14], $postmode); return $retval; } else { $comments = DB_count($_TABLES['comments'], array('sid', 'type'), array(DB_escapeString($id), 'mediagallery')); DB_change($_TABLES['mg_media'], 'media_comments', $comments, 'media_id', DB_escapeString($id)); return COM_refresh($_MG_CONF['site_url'] . "/media.php?s={$id}#comments"); } }
if (SEC_checkToken()) { $grp_gl_core = COM_applyFilter($_POST['grp_gl_core'], true); $grp_default = isset($_POST['chk_grpdefault']) ? 1 : 0; $grp_applydefault = isset($_POST['chk_applydefault']) ? 1 : 0; $chk_grpadmin = isset($_POST['chk_grpadmin']) ? COM_applyFilter($_POST['chk_grpadmin']) : ''; $features = array(); $features = isset($_POST['features']) ? $_POST['features'] : array(); $groups = array(); $groups = isset($_POST['groups']) ? $_POST['groups'] : array(); $display .= GROUP_save($grp_id, COM_applyFilter($_POST['grp_name']), $_POST['grp_descr'], $chk_grpadmin, $grp_gl_core, $grp_default, $grp_applydefault, $features, $groups); } else { COM_accessLog("User {$_USER['username']} tried to illegally edit group {$grp_id} and failed CSRF checks."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); exit; } SESS_unSet('glfusion.user_groups.' . $_USER['uid']); break; case 'delete': if (!isset($grp_id) || empty($grp_id) || $grp_id == 0) { COM_errorLog('Attempted to delete group, grp_id empty or null, value =' . $grp_id); $display .= COM_refresh($_CONF['site_admin_url'] . '/group.php'); } elseif (SEC_checkToken()) { $display .= GROUP_delete($grp_id); } else { COM_accessLog("User {$_USER['username']} tried to illegally delete group {$grp_id} and failed CSRF checks."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); } break; case 'savegroup': if (SEC_checkToken()) { $grp_members = $_POST['groupmembers'];
/** * article: saves a comment * * @param string $title comment title * @param string $comment comment text * @param string $id Item id to which $cid belongs * @param int $pid comment parent * @param string $postmode 'html' or 'text' * @return mixed false for failure, HTML string (redirect?) for success */ function plugin_savecomment_article($title, $comment, $id, $pid, $postmode) { global $_CONF, $_TABLES, $LANG03, $_USER; $retval = ''; $commentcode = DB_getItem($_TABLES['stories'], 'commentcode', "(sid = '" . DB_escapeString($id) . "') AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND')); if (!isset($commentcode) || $commentcode != 0) { return COM_refresh($_CONF['site_url'] . '/index.php'); } $ret = CMT_saveComment($title, $comment, $id, $pid, 'article', $postmode); if ($ret > 0) { // failure $msg = ''; if (SESS_isSet('glfusion.commentpresave.error')) { $msg = COM_showMessageText(SESS_getVar('glfusion.commentpresave.error'), '', 1, 'error'); SESS_unSet('glfusion.commentpresave.error'); } else { if (empty($title) || empty($comment)) { $msg = COM_showMessageText($LANG03[12], '', 1, 'error'); } } $retval .= $msg . CMT_commentForm($title, $comment, $id, $pid, 'article', $LANG03[14], $postmode); } else { // success $comments = DB_count($_TABLES['comments'], array('type', 'sid'), array('article', $id)); DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $id); COM_olderStuff(); // update comment count in Older Stories block $retval = COM_refresh(COM_buildUrl($_CONF['site_url'] . "/article.php?story={$id}#comments")); } return $retval; }
/** * Returns message number if set * * @return int $msg message number to display or 0 */ function COM_getMessage() { $msg = 0; if (isset($_POST['msg'])) { $msg = COM_applyFilter($_POST['msg'], true); } elseif (isset($_GET['msg'])) { $msg = COM_applyFilter($_GET['msg'], true); } elseif (SESS_isSet('glfusion.infomessage')) { $msg = COM_applyFilter(SESS_getVar('glfusion.infomessage'), true); SESS_unSet('glfusion.infomessage'); } return $msg; }
function FF_saveTopic($forumData, $postData, $action) { global $_CONF, $_TABLES, $_FF_CONF, $_USER, $LANG03, $LANG_GF01, $LANG_GF02; $retval = ''; $uploadErrors = ''; $msg = ''; $errorMessages = ''; $email = ''; $forumfiles = array(); $okToSave = true; $dt = new Date('now', $_USER['tzid']); $date = $dt->toUnix(); $REMOTE_ADDR = $_SERVER['REMOTE_ADDR']; if (COM_isAnonUser()) { $uid = 1; } else { $uid = $_USER['uid']; } // verify postmode is allowed if (strtolower($postData['postmode']) == 'html') { if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) { $postData['postmode'] = 'html'; } else { $postData['postmode'] = 'text'; } } // is forum readonly? if ($forumData['is_readonly'] == 1) { // Check if this user has moderation rights now to allow a post to a locked topic if (!forum_modPermission($forumData['forum'], $uid, 'mod_edit')) { _ff_accessError(); } } if ($action == 'saveedit') { // does the forum match the forum id of the posted data? if ($forumData['forum'] != 0 && $forumData['forum'] != $postData['forum']) { _ff_accessError(); } $editid = COM_applyFilter($postData['editid'], true); $forum = COM_applyFilter($postData['forum'], true); $editAllowed = false; if (forum_modPermission($forumData['forum'], $_USER['uid'], 'mod_edit')) { $editAllowed = true; } else { if ($_FF_CONF['allowed_editwindow'] > 0) { $t1 = DB_getItem($_TABLES['ff_topic'], 'date', "id=" . (int) $postData['id']); $t2 = $_FF_CONF['allowed_editwindow']; $time = time(); if (time() - $t2 < $t1) { $editAllowed = true; } } else { $editAllowed = true; } } if ($postData['editpid'] < 1 && trim($postData['subject']) == '') { $retval .= FF_BlockMessage('', $LANG_GF02['msg18'], false); $okToSave = false; } elseif (!$editAllowed) { $link = $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . (int) $postData['$id']; $retval .= _ff_alertMessage('', $LANG_GF02['msg189'], sprintf($LANG_GF02['msg187'], $link)); $okToSave = false; } } else { if (!COM_isAnonUser() && $_FF_CONF['use_sfs']) { $email = isset($_USER['email']) ? $_USER['email'] : ''; } } if (isset($postData['name']) && $postData['name'] != '') { $name = _ff_preparefordb(@htmlspecialchars(strip_tags(trim(COM_checkWords(USER_sanitizeName($postData['name'])))), ENT_QUOTES, COM_getEncodingt()), 'text'); $name = urldecode($name); } else { $okToSave = false; $errorMessages .= $LANG_GF02['invalid_name'] . '<br />'; } // speed limit check if (!SEC_hasRights('forum.edit')) { COM_clearSpeedlimit($_FF_CONF['post_speedlimit'], 'forum'); $last = COM_checkSpeedlimit('forum'); if ($last > 0) { $errorMessages .= sprintf($LANG_GF01['SPEEDLIMIT'], $last, $_FF_CONF['post_speedlimit']) . '<br/>'; $okToSave = false; } } // standard edit checks if (strlen(trim($postData['name'])) < $_FF_CONF['min_username_length'] || strlen(trim($postData['subject'])) < $_FF_CONF['min_subject_length'] || strlen(trim($postData['comment'])) < $_FF_CONF['min_comment_length']) { $errorMessages .= $LANG_GF02['msg18'] . '<br/>'; $okToSave = false; } // CAPTCHA check if (function_exists('plugin_itemPreSave_captcha') && $okToSave == true) { if (!isset($postData['captcha'])) { $postData['captcha'] = ''; } $msg = plugin_itemPreSave_captcha('forum', $postData['captcha']); if ($msg != '') { $errorMessages .= $msg . '<br/>'; $okToSave = false; } } $status = 0; if (isset($postData['disable_bbcode']) && $postData['disable_bbcode'] == 1) { $status += DISABLE_BBCODE; } if (isset($postData['disable_smilies']) && $postData['disable_smilies'] == 1) { $status += DISABLE_SMILIES; } if (isset($postData['disable_urlparse']) && $postData['disable_urlparse'] == 1) { $status += DISABLE_URLPARSE; } // spamx check if ($_FF_CONF['use_spamx_filter'] == 1 && $okToSave == true) { SESS_unSet('spamx_msg'); // clear out the message. // Check for SPAM $spamcheck = '<h1>' . $postData['subject'] . '</h1><p>' . FF_formatTextBlock($postData['comment'], $postData['postmode'], 'preview', $status) . '</p>'; $result = PLG_checkforSpam($spamcheck, $_CONF['spamx']); // Now check the result and redirect to index.php if spam action was taken if ($result > 0) { // then tell them to get lost ... $errorMessages .= $LANG_GF02['spam_detected']; if (SESS_isSet('spamx_msg')) { $errorMessages .= '<br>' . SESS_getVar('spamx_msg') . '<br>'; SESS_unSet('spamx_msg'); } $okToSave = false; } } if ($_FF_CONF['use_sfs'] == 1 && COM_isAnonUser() && function_exists('plugin_itemPreSave_spamx')) { $spamCheckData = array('username' => $postData['name'], 'email' => $email, 'ip' => $REMOTE_ADDR); $msg = plugin_itemPreSave_spamx('forum', $spamCheckData); if ($msg) { $errorMessages .= $msg; $okToSave = false; } } if ($okToSave == false) { $retval .= _ff_alertMessage($errorMessages, $LANG_GF01['ERROR'], ' '); return array(false, $retval); } if ($okToSave == true) { if (!isset($postData['postmode_switch'])) { $postData['postmode_switch'] = 0; } $postmode = _ff_chkpostmode($postData['postmode'], $postData['postmode_switch']); // validate postmode if ($postmode == 'html' || $postmode == 'HTML') { if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) { $postmode = 'html'; } else { $postmode = 'text'; } } $subject = _ff_preparefordb(strip_tags($postData['subject']), 'text'); $comment = _ff_preparefordb($postData['comment'], $postmode); $mood = isset($postData['mood']) ? COM_applyFilter($postData['mood']) : ''; $id = COM_applyFilter($postData['id'], true); $forum = COM_applyFilter($postData['forum'], true); $notify = isset($postData['notify']) ? COM_applyFilter($postData['notify']) : ''; // If user has moderator edit rights only $locked = 0; $sticky = 0; if (isset($postData['modedit']) && $postData['modedit'] == 1) { if (isset($postData['locked_switch']) && $postData['locked_switch'] == 1) { $locked = 1; } if (isset($postData['sticky_switch']) && $postData['sticky_switch'] == 1) { $sticky = 1; } } if ($action == 'savetopic') { $fields = "forum,name,email,date,lastupdated,subject,comment,postmode,ip,mood,uid,pid,sticky,locked,status"; $sql = "INSERT INTO {$_TABLES['ff_topic']} ({$fields}) "; $sql .= "VALUES (" . (int) $forum . "," . "'" . DB_escapeString($name) . "'," . "'" . DB_escapeString($email) . "'," . "'" . DB_escapeString($date) . "'," . "'" . DB_escapeString($date) . "'," . "'" . $subject . "'," . "'" . $comment . "'," . "'" . DB_escapeString($postmode) . "'," . "'" . DB_escapeString($REMOTE_ADDR) . "'," . "'" . DB_escapeString($mood) . "'," . (int) $uid . "," . "0," . (int) $sticky . "," . (int) $locked . "," . (int) $status . ")"; DB_query($sql); // Find the id of the last inserted topic list($lastid) = DB_fetchArray(DB_query("SELECT max(id) FROM {$_TABLES['ff_topic']} ")); $savedPostID = $lastid; $topicPID = $lastid; /* Check for any uploaded files - during add of new topic */ $uploadErrors = _ff_check4files($lastid); // Check and see if there are no [file] bbcode tags in content and reset the show_inline value // This is needed in case user had used the file bbcode tag and then removed it $imagerecs = ''; $imagerecs = implode(',', $forumfiles); $sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $lastid . " "; if ($imagerecs != '') { $sql .= "AND id NOT IN ({$imagerecs})"; } DB_query($sql); // Update forums record DB_query("UPDATE {$_TABLES['ff_forums']} SET post_count=post_count+1, topic_count=topic_count+1, last_post_rec=" . (int) $lastid . " WHERE forum_id=" . (int) $forum); if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $lastid)) { DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $lastid); } DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0"); } else { if ($action == 'savereply') { $fields = "name,email,date,subject,comment,postmode,ip,mood,uid,pid,forum,status"; $sql = "INSERT INTO {$_TABLES['ff_topic']} ({$fields}) "; $sql .= "VALUES (" . "'" . DB_escapeString($name) . "'," . "'" . DB_escapeString($email) . "'," . "'" . DB_escapeString($date) . "'," . "'{$subject}'," . "'{$comment}'," . "'" . DB_escapeString($postmode) . "'," . "'" . DB_escapeString($REMOTE_ADDR) . "'," . "'" . DB_escapeString($mood) . "'," . (int) $uid . "," . (int) $id . "," . (int) $forum . "," . (int) $status . ")"; DB_query($sql); // Find the id of the last inserted topic list($lastid) = DB_fetchArray(DB_query("SELECT max(id) FROM {$_TABLES['ff_topic']} ")); $savedPostID = $lastid; $topicPID = $id; /* Check for any uploaded files - during adding reply post */ $uploadErrors = _ff_check4files($lastid); // Check and see if there are no [file] bbcode tags in content and reset the show_inline value // This is needed in case user had used the file bbcode tag and then removed it $imagerecs = ''; $imagerecs = implode(',', $forumfiles); $sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $lastid; if ($imagerecs != '') { $sql .= " AND id NOT IN ({$imagerecs})"; } DB_query($sql); DB_query("UPDATE {$_TABLES['ff_topic']} SET replies=replies+1, lastupdated='" . DB_escapeString($date) . "',last_reply_rec=" . (int) $lastid . " WHERE id=" . (int) $id); DB_query("UPDATE {$_TABLES['ff_forums']} SET post_count=post_count+1, last_post_rec=" . (int) $lastid . " WHERE forum_id=" . (int) $forum); if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $lastid)) { DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $id); } DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0"); } elseif ($action == 'saveedit') { $sql = "UPDATE {$_TABLES['ff_topic']} SET " . "subject='{$subject}'," . "comment='{$comment}'," . "postmode='" . DB_escapeString($postmode) . "'," . "mood='" . DB_escapeString($mood) . "'," . "sticky=" . (int) $sticky . "," . "locked=" . (int) $locked . "," . "status=" . (int) $status . " " . "WHERE (id=" . (int) $editid . ")"; DB_query($sql); /* Check for any uploaded files - during save of edit */ $uploadErrors = _ff_check4files($editid); // Check and see if there are no [file] bbcode tags in content and reset the show_inline value // This is needed in case user had used the file bbcode tag and then removed it $imagerecs = ''; $imagerecs = implode(',', $forumfiles); $sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $editid . " "; if ($imagerecs != '') { $sql .= "AND id NOT IN ({$imagerecs})"; } DB_query($sql); $topicPID = DB_getITEM($_TABLES['ff_topic'], "pid", "id=" . (int) $editid); if ($topicPID == 0) { $topicPID = $editid; } $savedPostID = $editid; if ($postData['silentedit'] != 1) { DB_query("UPDATE {$_TABLES['ff_topic']} SET lastupdated='" . DB_escapeString($date) . "' WHERE id=" . (int) $topicPID); //Remove any lastviewed records in the log so that the new updated topic indicator will appear DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0"); } if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $editid)) { DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $topicPID); } $topicparent = $topicPID; } } COM_updateSpeedLimit('forum'); PLG_itemSaved($savedPostID, 'forum'); CACHE_remove_instance('forumcb'); if (!COM_isAnonUser()) { //NOTIFY - Checkbox variable in form set to "on" when checked and they don't already have subscribed to forum or topic $nid = -$topicPID; $currentForumNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id=0 AND uid=" . (int) $uid); $currentTopicNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id='" . DB_escapeString($topicPID) . "' AND uid=" . (int) $uid); $currentTopicUnNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id='" . DB_escapeString($nid) . "' AND uid=" . (int) $uid); $forum_name = DB_getItem($_TABLES['ff_forums'], 'forum_name', 'forum_id=' . (int) $forum); $topic_name = $subject; if ($notify == 'on' and ($currentForumNotifyRecID < 1 and $currentTopicNotifyRecID < 1)) { $sql = "INSERT INTO {$_TABLES['subscriptions']} (type,category,category_desc,id,id_desc,uid,date_added) "; $sql .= "VALUES ('forum','" . DB_escapeString($forum) . "','" . DB_escapeString($forum_name) . "','" . DB_escapeString($topicPID) . "','" . $subject . "'," . (int) $uid . ",now() )"; DB_query($sql); } elseif ($notify == 'on' and $currentTopicUnNotifyRecID > 1) { // Had un-subcribed to topic and now wants to subscribe DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE sub_id=" . (int) $currentTopicUnNotifyRecID); } elseif ($notify == '' and $currentTopicNotifyRecID > 1) { // Subscribed to topic - but does not want to be notified anymore DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($topicPID) . "'"); } elseif ($notify == '' and $currentForumNotifyRecID > 1) { // Subscribed to forum - but does not want to be notified about this topic DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($topicPID) . "'"); DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($nid) . "'"); DB_query("INSERT INTO {$_TABLES['subscriptions']} (type,category,category_desc,id,id_desc,uid,date_added) VALUES ('forum','" . DB_escapeString($forum) . "','" . DB_escapeString($forum_name) . "','" . DB_escapeString($nid) . "','" . $subject . "'," . (int) $uid . ",now() )"); } } if ($action != 'saveedit') { _ff_chknotifications($forum, $savedPostID, $uid); } $link = $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . $topicPID . '&topic=' . $savedPostID . '#' . $savedPostID; if ($uploadErrors != '') { $autorefresh = false; } else { $autorefresh = true; } $retval .= FF_statusMessage($uploadErrors . $LANG_GF02['msg19'], $link, $LANG_GF02['msg19'], false, '', $autorefresh); } else { $retval .= _ff_alertMessage($LANG_GF02['msg18']); } return array(true, $retval); }
function _rebuild_data() { global $_CONF; $method = ''; if (SESS_isSet('glfusion.auth.method')) { $method = SESS_getVar('glfusion.auth.method'); SESS_unSet('glfusion.auth.method'); } $postdata = ''; if (SESS_isSet('glfusion.auth.post')) { $postdata = SESS_getVar('glfusion.auth.post'); SESS_unSet('glfusion.auth.post'); } $getdata = ''; if (SESS_isSet('glfusion.auth.get')) { $getdata = SESS_getVar('glfusion.auth.get'); SESS_unSet('glfusion.auth.get'); } $filedata = ''; if (SESS_isSet('glfusion.auth.file')) { $filedata = SESS_getVar('glfusion.auth.file'); SESS_unSet('glfusion.auth.file'); $file_array = unserialize($filedata); } $filedata = ''; if (empty($_FILES) && isset($file_array) && is_array($file_array)) { foreach ($file_array as $fkey => $file) { if (isset($file['name']) && is_array($file['name'])) { foreach ($file as $key => $data) { foreach ($data as $offset => $value) { if ($key == 'tmp_name') { $filename = COM_sanitizeFilename(basename($value), true); $value = $_CONF['path_data'] . 'temp/' . $filename; if ($filename == '') { $value = ''; } $_FILES[$fkey]['_data_dir'][$offset] = true; } $_FILES[$fkey][$key][$offset] = $value; if (!isset($_FILES[$fkey]['tmp_name']) || !isset($_FILES[$fkey]['tmp_name'][$offset]) || !file_exists($_FILES[$fkey]['tmp_name'][$offset])) { $_FILES[$fkey]['tmp_name'][$offset] = ''; $_FILES[$fkey]['error'][$offset] = 4; } } } } else { foreach ($file as $key => $value) { if ($key == 'tmp_name') { $filename = COM_sanitizeFilename(basename($value), true); $value = $_CONF['path_data'] . 'temp/' . $filename; if ($filename == '') { $value = ''; } // set _data_dir attribute to key upload class to not use move_uploaded_file() $_FILES[$fkey]['_data_dir'] = true; } $_FILES[$fkey][$key] = $value; } if (!file_exists($_FILES[$fkey]['tmp_name'])) { $_FILES[$fkey]['tmp_name'] = ''; $_FILES[$fkey]['error'] = 4; } } } } $_POST = array(); $_GET = array(); $_SERVER['REQUEST_METHOD'] = $method; $_POST = unserialize($postdata); $_GET = unserialize($getdata); // refresh the token (easier to create new one than try to fake referer) if (@array_key_exists(CSRF_TOKEN, $_POST) || @array_key_exists(CSRF_TOKEN, $_GET)) { $newToken = SEC_createToken(); $_POST[CSRF_TOKEN] = $newToken; $_GET[CSRF_TOKEN] = $newToken; } if (!isset($_GET) || !is_array($_GET)) { $_GET = array(); } if (!isset($_POST) || !is_array($_POST)) { $_POST = array(); } $_REQUEST = array_merge($_GET, $_POST); return; }