}
// if not allowedtoedit then userid is $USR now, so stop undo actions
check_for_csrf("undo");
// perform undo
// undo add new user
if (isset($_GET['new'])) {
delete_file(GSUSERSPATH . $file);
redirect('profile.php?success=' . urlencode(strip_tags(sprintf(i18n_r('ER_HASBEEN_DEL'), $userid))));
}
// undo edit user
restore_datafile(GSUSERSPATH . $file);
redirect('profile.php?upd=profile-restored&userid=' . $userid);
}
# was the form submitted?
if (isset($_POST['submitted']) && isset($_POST['user'])) {
check_for_csrf("save_profile");
do {
// if editing and post userid not match get userid
// @todo perhaps use nonce here instead
if ($editing && $userid !== _id($_POST['user'])) {
$error = i18n_r('ER_REQ_PROC_FAIL');
break;
}
$userid = _id($_POST['user']);
$file = $userid . '.xml';
if ($adding && path_is_safe(GSUSERSPATH . $file, GSUSERSPATH)) {
$error = i18n_r('INVALID_USER');
// user already exists
break;
}
if (!path_is_safe(dirname(GSUSERSPATH . $file), GSUSERSPATH, true)) {
* Theme
*
* @package GetSimple
* @subpackage Theme
*/
# setup inclusions
$load['plugin'] = true;
include 'inc/common.php';
login_cookie_check();
# variable settings
$path = GSDATAOTHERPATH;
$file = GSWEBSITEFILE;
$theme_options = '';
# was the form submitted?
if (isset($_POST['submitted']) && isset($_POST['template'])) {
check_for_csrf("activate");
# get passed value from form
$newTemplate = var_in($_POST['template']);
if (!path_is_safe(GSTHEMESPATH . $newTemplate, GSTHEMESPATH)) {
die;
}
# backup old GSWEBSITEFILE (website.xml) file
$bakpath = GSBACKUPSPATH . getRelPath(GSDATAOTHERPATH, GSDATAPATH);
// backups/other/
createBak($file, $path, $bakpath);
# udpate GSWEBSITEFILE (website.xml) file with new theme
$xml = new SimpleXMLExtended('<item></item>');
$note = $xml->addChild('SITENAME');
$note->addCData($SITENAME);
$note = $xml->addChild('SITEURL');
$note->addCData($SITEURL);
$p = $_GET['p'];
} else {
redirect('backups.php?upd=bak-err');
}
if ($p == 'delete') {
// deleting page backup
check_for_csrf("delete", "backup-edit.php");
if ($draft) {
$status = delete_draft_backup($id) ? 'success' : 'err';
} else {
$status = delete_page_backup($id) ? 'success' : 'err';
}
redirect("backups.php?upd=bak-" . $status . "&id=" . $id);
} elseif ($p == 'restore') {
// restoring page backup
check_for_csrf("restore", "backup-edit.php");
$redirect = "";
if ($draft) {
restore_draft($id);
// restore old slug file
// generate_sitemap(); // regenerates sitemap, we do not need to do this for drafts.
$success = exec_action('draft-restore');
// @hook draft-restore fired when a draft is restored
redirect("edit.php?id=" . $id . "&upd-draft&upd=edit-success&type=restore");
}
if (isset($_GET['new'])) {
$newid = $_GET['new'];
// @todo traversal protect $newid
// restore page by old slug id
changeChildParents($newid, $id);
// update parents and children
}
if (sizeof($errors) != 0) {
if (requestIsAjax()) {
header("HTTP/1.0 403");
i18n('ERROR_UPLOAD');
die;
}
foreach ($errors as $msg) {
$error = $msg . '<br />';
}
}
}
}
// if creating new folder
if (isset($_GET['newfolder']) && $allowcreatefolder) {
check_for_csrf("createfolder");
$newfolder = $_GET['newfolder'];
// check for invalid chars
$cleanname = clean_url(to7bit(strippath($newfolder), "UTF-8"));
$cleanname = basename($cleanname);
if (file_exists($path . $cleanname) || $cleanname == '') {
$error = i18n_r('ERROR_FOLDER_EXISTS');
} else {
if (getDef('GSCHMOD')) {
$chmod_value = GSCHMOD;
} else {
$chmod_value = 0755;
}
if (create_dir($path . $cleanname, $chmod_value)) {
//create folder for thumbnails
$thumbFolder = GSTHUMBNAILPATH . $subFolder . $cleanname;
$load['plugin'] = true;
// Include common.php
include 'inc/common.php';
login_cookie_check();
// disable this entirely if not enabled
if (getdef('GSALLOWDOWNLOADS', true) === false) {
die(i18n('NOT_ALLOWED'));
}
# check if all variables are set
if (isset($_GET['file'])) {
$file = removerelativepath($_GET['file']);
// check that this file is safe to access
$archivesafe = filepath_is_safe($file, GSBACKUPSPATH . DIRECTORY_SEPARATOR . 'zip');
// check for archives
if ($archivesafe) {
check_for_csrf("archive", "download.php");
}
// check archive nonce
$filesafe = filepath_is_safe($file, GSDATAUPLOADPATH);
// check for uploads
if (!($filesafe || $archivesafe)) {
die(i18n('NOT_ALLOWED'));
}
// file specified is non existant or LFI! WE DIE
$extention = getFileExtension($file);
header("Content-disposition: attachment; filename=" . $file);
# set content headers
if ($extention == 'zip') {
header("Content-type: application/octet-stream");
} elseif ($extention == 'gz') {
header("Content-type: application/x-gzip");
* @subpackage Page-Edit
*/
// Setup inclusions
$load['plugin'] = true;
// Include common.php
include 'inc/common.php';
login_cookie_check();
// Variable settings
$id = isset($_GET['id']) ? $_GET['id'] : null;
$ptype = isset($_GET['type']) ? $_GET['type'] : null;
$path = GSDATAPAGESPATH;
$counter = '0';
$table = '';
# clone attempt happening
if (isset($_GET['action']) && isset($_GET['id']) && $_GET['action'] == 'clone') {
check_for_csrf("clone", "pages.php");
# check to not overwrite
$count = 1;
$newfile = GSDATAPAGESPATH . $_GET['id'] . "-" . $count . ".xml";
if (file_exists($newfile)) {
while (file_exists($newfile)) {
$count++;
$newfile = GSDATAPAGESPATH . $_GET['id'] . "-" . $count . ".xml";
}
}
$newurl = $_GET['id'] . '-' . $count;
# do the copy
$status = copy($path . $_GET['id'] . '.xml', $path . $newurl . '.xml');
if ($status) {
$newxml = getXML($path . $newurl . '.xml');
$newxml->url = $newurl;
* @subpackage Backups
* @link http://get-simple.info/docs/restore-page-backup
*/
// Setup inclusions
$load['plugin'] = true;
// Include common.php
include 'inc/common.php';
// Variable settings
login_cookie_check();
$path = GSBACKUPSPATH . getRelPath(GSDATAPAGESPATH, GSDATAPATH);
// backups/pages/
$counter = '0';
$table = '';
// delete all backup files if the ?deleteall session parameter is set
if (isset($_GET['deleteall'])) {
check_for_csrf("deleteall");
$filenames = getFiles($path);
foreach ($filenames as $file) {
if (file_exists($path . $file)) {
if (isFile($file, $path, 'bak')) {
unlink($path . $file);
}
}
}
$success = i18n_r('ER_FILE_DEL_SUC');
}
//display all page backups
$filenames = getFiles($path);
$count = "0";
$pagesArray_tmp = array();
$pagesSorted = array();
$update = 'flushcache-success';
}
# if the undo command was invoked
if (isset($_GET['undo'])) {
check_for_csrf("undo");
# perform undo
$bakpath = GSBACKUPSPATH . getRelPath(GSDATAOTHERPATH, GSDATAPATH);
// backups/other/
undo(GSWEBSITEFILE, GSDATAOTHERPATH, $bakpath);
generate_sitemap();
# redirect back to yourself to show the new restored data
redirect('settings.php?upd=settings-restored');
}
# was the form submitted?
if (isset($_POST['submitted'])) {
check_for_csrf("save_settings");
# website-specific fields
if (isset($_POST['sitename'])) {
$SITENAME = htmlentities($_POST['sitename'], ENT_QUOTES, 'UTF-8');
}
if (isset($_POST['siteurl'])) {
$SITEURL = tsl($_POST['siteurl']);
}
if (isset($_POST['permalink'])) {
$PERMALINK = var_in(trim($_POST['permalink']));
}
if (isset($_POST['template'])) {
// $TEMPLATE = $_POST['template'];
}
if (isset($_POST['prettyurls'])) {
$PRETTYURLS = $_POST['prettyurls'];
setcookie('gs_editor_theme', $themesave);
}
return;
}
$themepath = GSTHEMESPATH . tsl($template);
// prevent traversal
if ($template_file != '' and !filepath_is_safe($themepath . $template_file, $themepath)) {
die(i18n_r('INVALID_OPER'));
}
# if no template is selected, use the default
if ($template_file == '') {
$template_file = GSTEMPLATEFILE;
}
# check for form submission
if (isset($_POST['submitsave'])) {
check_for_csrf("save");
# save edited template file
$SavedFile = $_POST['edited_file'];
$FileContents = get_magic_quotes_gpc() ? stripslashes($_POST['content']) : $_POST['content'];
// prevent traversal
if (!filepath_is_safe(GSTHEMESPATH . $SavedFile, GSTHEMESPATH)) {
die(i18n_r('INVALID_OPER'));
}
$fh = fopen(GSTHEMESPATH . $SavedFile, 'w') or die("can't open file");
fwrite($fh, $FileContents);
fclose($fh);
$success = sprintf(i18n_r('TEMPLATE_FILE'), $SavedFile);
if (isset($_POST['ajaxsave'])) {
echo "<div>";
include 'template/error_checking.php';
echo '<input id="nonce" name="nonce" type="hidden" value="' . get_nonce("save") . '" />';
if (!filepath_is_safe(GSDATADRAFTSPATH . $id . '.xml', GSDATADRAFTSPATH)) {
$status = false;
} else {
$status = publishDraft($id);
}
if ($status) {
exec_action('draft-publish');
// @hook draft-publish a draft was published
generate_sitemap();
// regenerates sitemap
}
redirect("pages.php?id=" . $id . "&upd=publish-" . ($status ? 'success' : 'error'));
die;
}
if (isset($_POST['submitted'])) {
check_for_csrf("edit", "edit.php");
// check for missing required fields
safemodefail('changedata-save', 'edit.php?id=' . $_POST['post-id']);
if (!isset($_POST['post-title']) || trim($_POST['post-title']) == '') {
// no title, throw CANNOT_SAVE_EMPTY
// @todo this loses $id, we only get here if js is disabled
redirect("edit.php?upd=edit-error&type=" . urlencode(i18n_r('CANNOT_SAVE_EMPTY')));
}
// flag for new page, true, false existing
$pageIsNew = !isset($_POST['existing-url']) || trim($_POST['existing-url']) == '';
$postslug = $oldslug = null;
$oldslug = isset($_POST['existing-url']) && trim($_POST['existing-url']) !== '' ? $_POST['existing-url'] : null;
$postslug = isset($_POST['post-id']) && trim($_POST['post-id']) !== '' ? $_POST['post-id'] : null;
$slugHasChanged = !$pageIsNew && $oldslug !== $postslug;
# flag, this edit changed the slug
$overwrite = !$pageIsNew && !$slugHasChanged;
/**
* Reset Password
*
* Resets the password for GetSimple control panel access
*
* @package GetSimple
* @subpackage Login
*/
# setup inclusions
$load['plugin'] = true;
include 'inc/common.php';
if (getDef('GSALLOWRESETPASS', true) === false) {
die;
}
if (isset($_POST['submitted'])) {
check_for_csrf("reset_password");
$randSleep = rand(250000, 2000000);
// random sleep for .25 to 2 seconds
if (isset($_POST['username']) and !empty($_POST['username'])) {
# user filename
$file = _id($_POST['username']) . '.xml';
# get user information from existing XML file
if (filepath_is_safe(GSUSERSPATH . $file, GSUSERSPATH) && file_exists(GSUSERSPATH . $file)) {
$data = getXML(GSUSERSPATH . $file);
$userid = strtolower($data->USR);
$EMAIL = $data->EMAIL;
if (strtolower($_POST['username']) === $userid) {
# create new random password
$random = createRandomPassword();
// $random = '1234';
# create backup
*/
// Setup inclusions
$load['plugin'] = true;
include 'inc/common.php';
login_cookie_check();
// Variable Settings
$log_name = isset($_GET['log']) ? $_GET['log'] : '';
$log_path = GSDATAOTHERPATH . 'logs/';
$log_file = $log_path . $log_name;
$whois_url = 'http://whois.arin.net/rest/ip/';
// filepath_is_safe returns false if file does nt exist
if (!isset($log_name) || !filepath_is_safe($log_file, $log_path)) {
$log_data = false;
}
if (isset($_GET['action']) && $_GET['action'] == 'delete' && strlen($log_name) > 0) {
check_for_csrf("delete");
unlink($log_file);
exec_action('logfile_delete');
redirect('log.php?success=' . urlencode('Log ' . $log_name . i18n_r('MSG_HAS_BEEN_CLR')));
}
if (!isset($log_data)) {
$log_data = getXML($log_file);
}
$pagetitle = i18n_r('LOGS') . ' · ' . i18n_r('SUPPORT');
get_template('header');
?>
<?php
include 'template/include-nav.php';
?>
<?php
/**
* Delete File
*
* Deletes Files based on what is passed to it
*
* @package GetSimple
* @subpackage Delete-Files
*/
// Setup inclusions
$load['plugin'] = true;
// Include common.php
include 'inc/common.php';
login_cookie_check();
check_for_csrf("delete", "deletefile.php");
// are we deleting pages?
if (isset($_GET['id'])) {
$id = $_GET['id'];
if ($id == 'index') {
redirect('pages.php?upd=edit-error&type=' . urlencode(i18n_r('HOMEPAGE_DELETE_ERROR')));
} else {
updateSlugs($id);
$status = delete_file($id);
generate_sitemap();
exec_action('page-delete');
redirect("pages.php?upd=del-" . $status . "&id=" . $id . "&type=delete");
}
}
// are we deleting archives?
if (isset($_GET['zip'])) {
$c_note = $components->addChild('title');
$c_note->addCData($comp['title']);
$components->addChild('slug', $comp['slug']);
$c_note = $components->addChild('value');
$c_note->addCData($comp['value']);
$count++;
}
}
exec_action('component-save');
XMLsave($xml, $path . $file);
$update = 'comp-success';
// redirect('components.php?upd=comp-success');
}
# if undo was invoked
if (isset($_GET['undo'])) {
check_for_csrf("undo");
# perform the undo
undo($file, $path, $bakpath);
$update = 'comp-restored';
// redirect('components.php?upd=comp-restored');
}
# create components form html
$data = getXML($path . $file);
$componentsec = $data->item;
$count = 0;
// $componentsec = subval_sort($data->item,'title'); // sorted on save probably not necessary at this time
if (count($componentsec) != 0) {
foreach ($componentsec as $component) {
$table .= '<div class="compdiv codewrap" id="section-' . $count . '"><table class="comptable" ><tr><td><b title="' . i18n_r('DOUBLE_CLICK_EDIT') . '" class="comptitle editable">' . stripslashes($component->title) . '</b></td>';
$table .= '<td style="text-align:right;" ><code><?php get_component(<span class="compslugcode">\'' . $component->slug . '\'</span>); ?></code></td><td class="delete" >';
$table .= '<a href="javascript:void(0)" title="' . i18n_r('DELETE_COMPONENT') . ': ' . cl($component->title) . '?" class="delcomponent" rel="' . $count . '" >×</a></td></tr></table>';
* Displays and starts the website archives
*
* @package GetSimple
* @subpackage Backups
*/
// Setup inclusions
$load['plugin'] = true;
// Include common.php
include 'inc/common.php';
login_cookie_check();
exec_action('load-archive');
// Variable Settings
$table = '';
// if a backup needs to be created
if (isset($_GET['do'])) {
check_for_csrf("create");
exec_action('archive-backup');
// @hook archive-backup create backup archive requested
redirect('zip.php?s=' . $SESSIONHASH);
}
// if a backup has just been created
if (isset($_GET['done'])) {
$success = i18n_r('SUCC_WEB_ARCHIVE');
}
if (isset($_GET['nozip'])) {
$error = i18n_r('NO_ZIPARCHIVE') . ' - <a href="health-check.php">' . i18n_r('WEB_HEALTH_CHECK') . '</a>';
}
$pagetitle = i18n_r('WEBSITE_ARCHIVES') . ' · ' . i18n_r('BAK_MANAGEMENT');
get_template('header');
?>
