Example #1
0
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the             |
// | GNU General Public License for more details.                              |
// |                                                                           |
// | You should have received a copy of the GNU General Public License         |
// | along with this program; if not, write to the Free Software Foundation,   |
// | Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.           |
// |                                                                           |
// +---------------------------------------------------------------------------+
require_once '../../../lib-common.php';
/**
* Security check
*/
if (!SEC_hasRights('themedit.admin')) {
    // Someone is trying to illegally access this page
    COM_errorLog("Someone has tried to illegally access the themedit uploader.  User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$_SERVER['REMOTE_ADDR']}", 1);
    $display = COM_siteHeader() . COM_startBlock(THM_str('access_denied')) . THM_str('access_denied_msg') . COM_endBlock() . COM_siteFooter();
    echo $display;
    exit;
}
$path = $_GET['path'];
$info = pathinfo($path);
// Creates an image
switch (strtolower($info['extension'])) {
    case 'jpg':
    case 'jpeg':
        $type = 'jpeg';
        $im = @imagecreatefromjpeg($path);
        break;
    case 'png':
        $type = 'png';
        $im = @imagecreatefrompng($path);
Example #2
0
$allowed_dirs = array('images/', 'images/admin/', 'images/buttons/', 'images/icons/', 'images/custom/');
$temp_dirs = '';
foreach ($allowed_dirs as $allowed_dir) {
    if ($allowed_dir == $selected_dir) {
        $temp_dirs .= '<option selected="selected">';
    } else {
        $temp_dirs .= '<option>';
    }
    $temp_dirs .= $allowed_dir . '</option>' . LB;
}
$T->set_var('temp_dirs', $temp_dirs);
$T->set_var('temp_lang_file', THM_str('file'));
$T->set_var('temp_lang_submit', THM_str('upload'));
$T->set_var('temp_lang_change', THM_str('change'));
$T->set_var('temp_lang_delete', THM_str('delete'));
$T->set_var('max_upload_size', THM_str('upload_max_size'));
// Processes uploaded files if any
if (isset($_POST['submit']) and $_POST['submit'] == $LANG_THM['upload'] and isset($_FILES['thmfile']) and $_FILES['thmfile']['size'] > 0) {
    $u_name = $_FILES['thmfile']['name'];
    $u_size = $_FILES['thmfile']['size'];
    $u_tmp = $_FILES['thmfile']['tmp_name'];
    $path_parts = pathinfo($u_name);
    if ($u_size > $_THM_CONF['upload_max_size']) {
        $T->set_var('temp_sys_message', "<span style='color: red; font-weight: bold;'>{$LANG_THM['file_too_large']}</a>");
    } else {
        if (!in_array(strtolower($path_parts['extension']), array('jpg', 'jpeg', 'gif', 'png'))) {
            $T->set_var('temp_sys_message', "<span style='color: red; font-weight: bold;'>{$LANG_THM['file_type_unsupported']}</p>");
        } else {
            if (is_uploaded_file($u_tmp)) {
                $dest = $_CONF['path_themes'] . $theme . '/' . $selected_dir . basename($u_name);
                if (@move_uploaded_file($u_tmp, $dest)) {
Example #3
0
    $vars = THM_getTemplateVars($theme, $file);
}
if ($op === 'load') {
    $contents = THM_getContents($theme, $file);
}
$contents4html = THM_esc($contents);
// In case of a template file, show a list of template vars available
$vars4html = '';
if (count($vars) > 0) {
    $vars4html .= '<table style="border: solid 1px #7F9DB9; padding: 5px; width: 100%">' . '<caption style="text-align: center; color: white; background-color: #7F9DB9;">' . THM_str('vars_available') . '</caption>' . '<tr>' . LB;
    for ($i = 0, $j = 0; $i < count($vars); $i++) {
        $vars4html .= '<td width="150"><button type="button" title="' . THM_str("help_{$vars[$i]}") . '" onClick="insert_var(\'' . $vars[$i] . '\')"' . ' style="color: white; background-color: #333366;">' . $vars[$i] . '</button></td>';
        $j++;
        if ($j % 4 === 0) {
            $vars4html .= '</tr>' . LB . '<tr>';
        }
    }
    $vars4html .= '</tr>' . LB . '</table>' . LB;
}
$T->set_var('temp_vars', $vars4html);
$T->set_var('temp_contents', $contents4html);
$T->set_var('temp_lang_preview', THM_str('preview'));
$T->set_var('temp_lang_save', THM_str('save'));
$T->set_var('temp_lang_image', THM_str('image'));
$T->set_var('temp_lang_init', THM_str('init'));
$T->set_var('temp_token_name', CSRF_TOKEN);
$ttl = DB_getItem($_TABLES['users'], 'cookietimeout', "(uid='" . addslashes($_USER['uid']) . "')");
$T->set_var('temp_token_value', SEC_createToken($ttl));
$T->parse('output', 'admin');
$display = COM_siteHeader() . $T->finish($T->get_var('output')) . COM_siteFooter();
echo $display;