function debugLogArray($name, $source, $indent = 0, $trail = '') { if (is_array($source)) { $msg = str_repeat(' ', $indent) . "{$name} => ( "; if (count($source) > 0) { foreach ($source as $key => $val) { if (strlen($msg) > 72) { debugLog($msg); $msg = str_repeat(' ', $indent); } if (is_array($val)) { if (!empty($msg)) { debugLog($msg); } debugLogArray($key, $val, $indent + 5, ','); $msg = ''; } else { $msg .= $key . " => " . $val . ', '; } } $msg = substr($msg, 0, strrpos($msg, ',')) . " )" . $trail; } else { $msg .= ")"; } debugLog($msg); } else { debugLog($name . ' parameter is not an array.'); } }
define('OFFSET_PATH', 3); require_once dirname(dirname(__FILE__)) . '/admin-functions.php'; $_zp_loggedin = NULL; if (isset($_POST['auth'])) { $hash = sanitize($_POST['auth']); $id = sanitize($_POST['id']); $_zp_loggedin = $_zp_authority->checkAuthorization($hash, $id); } admin_securityChecks(UPLOAD_RIGHTS, $return = currentRelativeURL(__FILE__)); if (!empty($_FILES)) { $gallery = new Gallery(); $name = trim(basename(sanitize($_FILES['file']['name'], 3))); if (isset($_FILES['Filedata']['error']) && $_FILES['file']['error']) { $error = $_FILES['Filedata']['error']; debugLogArray('Uploadify error:', $_FILES); trigger_error(sprintf(gettext('Uploadify error on %1$s. Review your debug log.'), $name)); } else { $tempFile = sanitize($_FILES['file']['tmp_name'], 3); $folder = trim(sanitize($_POST['http_folder'], 3)); if (substr($folder, 0, 1) == '/') { $folder = substr($folder, 1); } if (substr($folder, 0, 1) == '/') { $folder = substr($folder, 1); } if (substr($folder, -1) == '/') { $folder = substr($folder, 0, -1); } $folder = zp_apply_filter('admin_upload_process', $folder); $targetPath = ALBUM_FOLDER_SERVERPATH . internalToFilesystem($folder);
/** * This function will parse a given HTTP Accepted language instruction * (or retrieve it from $_SERVER if not provided) and will return a sorted * array. For example, it will parse fr;en-us;q=0.8 * * Thanks to Fredbird.org for this code. * * @param string $str optional language string * @return array */ function parseHttpAcceptLanguage($str = NULL) { if (!isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { return array(); } // getting http instruction if not provided if (!$str) { $str = $_SERVER['HTTP_ACCEPT_LANGUAGE']; } $langs = explode(',', $str); // creating output list $accepted = array(); foreach ($langs as $lang) { // parsing language preference instructions // 2_digit_code[-longer_code][;q=coefficient] preg_match('/([A-Za-z]{1,2})(-([A-Za-z0-9]+))?(;q=([0-9\\.]+))?/', $lang, $found); // 2 digit lang code $code = $found[1]; // lang code complement $morecode = array_key_exists(3, $found) ? $found[3] : false; // full lang code $fullcode = $morecode ? $code . '_' . $morecode : $code; // coefficient $coef = sprintf('%3.1f', array_key_exists(5, $found) ? $found[5] : '1'); // for sorting by coefficient $key = $coef . '-' . $code; // adding $accepted[$key] = array('code' => $code, 'coef' => $coef, 'morecode' => $morecode, 'fullcode' => $fullcode); } // sorting the list by coefficient desc krsort($accepted); if (DEBUG_LOCALE) { debugLog("parseHttpAcceptLanguage({$str})"); debugLogArray('$accepted', $accepted); } return $accepted; }
/** * Retuns the administration rights of a saved authorization code * Will promote an admin to ADMIN_RIGHTS if he is the most privileged admin * * @param string $authCode the hash code to check * @param int $id whom we think this is * * @return bit */ function checkAuthorization($authCode, $id) { global $_zp_current_admin_obj, $_zp_reset_admin, $_zp_null_account; $_zp_current_admin_obj = NULL; if (DEBUG_LOGIN) { debugLogBacktrace("checkAuthorization({$authCode}, {$id})"); } $admins = $this->getAdministrators(); if (DEBUG_LOGIN) { debugLogArray("checkAuthorization: admins", $admins); } if (count($admins) == 0) { if (DEBUG_LOGIN) { debugLog("checkAuthorization: no admins"); } $_zp_null_account = true; return ADMIN_RIGHTS; //no admins or reset request } if ($_zp_reset_admin) { if (DEBUG_LOGIN) { debugLog("checkAuthorization: reset request"); } if (is_object($_zp_reset_admin)) { return $_zp_reset_admin->getRights(); } } if (empty($authCode)) { return 0; } // so we don't "match" with an empty password $rights = 0; $criteria = array('`pass`=' => $authCode, '`valid`=' => 1); if (!is_null($id)) { $criteria['`id`='] = $id; } $user = $this->getAnAdmin($criteria); if (is_object($user)) { $_zp_current_admin_obj = $user; $rights = $user->getRights(); if (DEBUG_LOGIN) { debugLog(sprintf('checkAuthorization: from $authcode %X', $rights)); } return $rights; } $_zp_current_admin_obj = NULL; if (DEBUG_LOGIN) { debugLog("checkAuthorization: no match"); } return 0; // no rights }
$commentcount++; } else { $postinfo .= '<li class="import-error">' . gettext('Comment could not be assigned!') . '</li>'; } } } if ($commentexists_count != 0) { $postinfo .= '<li class="import-exists">' . sprintf(ngettext('%1$u comment already exists.', '%1$u comments already exist.', $commentexists_count), $commentexists_count) . '</li>'; } if ($commentcount != 0) { $postinfo .= '<li class="import-success">' . sprintf(ngettext('%1$u comment imported.', '%1$u comments imported.', $commentcount), $commentcount) . '</li>'; } } else { $postinfo .= '<ul><li class="import-nothing">' . gettext('No comments to import') . '</li>'; } debugLogArray('Wordpress import - Comments for "' . $post['title'] . '" (' . $post['type'] . ')', $comments); $postinfo .= '</ul></li>'; $postcount++; } // posts foreach $metaURL = 'wordpress_import.php?refresh=' . $postcount . '&dbname=' . $wp_dbname . '&dbuser='******'&dbpass='******'&dbhost=' . $wp_dbhost . '&tableprefix=' . $wp_prefix . '&convertlinefeeds=' . getcheckboxState('convertlinefeeds') . '&XSRFToken=' . getXSRFToken('wordpress'); } else { // if posts are available at all $metaURL = ''; // to be sure... $postinfo .= "<li class='import-nothing'>" . gettext("No posts or pages to import.") . "</li>"; } } // if db data set printAdminHeader(gettext('utilities'), gettext('Wordpress')); if (!empty($metaURL) && $postcount < $posttotalcount) {
/** * Retuns the administration rights of a saved authorization code * * @param string $authCode the md5 code to check * * @return bit */ function checkAuthorization($authCode) { if (DEBUG_LOGIN) { debugLogBacktrace("checkAuthorization({$authCode})"); } global $_zp_current_admin; $admins = getAdministrators(); if (DEBUG_LOGIN) { debugLogArray("admins", $admins); } $reset_date = getOption('admin_reset_date'); if (count($admins) == 0 || empty($reset_date)) { $_zp_current_admin = null; if (DEBUG_LOGIN) { debugLog("no admin or reset request"); } return ADMIN_RIGHTS; //no admins or reset request } if (empty($authCode)) { return 0; } // so we don't "match" with an empty password $i = 0; foreach ($admins as $key => $user) { if (DEBUG_LOGIN) { debugLog("checking: {$key}"); } if ($user['pass'] == $authCode) { $_zp_current_admin = $user; $result = $user['rights']; if ($i == 0) { // the first admin is the master. $result = $result | ADMIN_RIGHTS; } if (DEBUG_LOGIN) { debugLog("match"); } return $result; } $i++; } $_zp_current_admin = null; return 0; // no rights }
/** * produce debugging information on 404 errors * @param string $album * @param string $image * @param string $theme */ function debug404($album, $image, $theme) { if (DEBUG_404) { $ignore = array('/favicon.ico', '/zp-data/tést.jpg'); $target = $_SERVER['REQUEST_URI']; foreach ($ignore as $uri) { if ($target == $uri) { return; } } trigger_error(sprintf(gettext('Zenphoto processed a 404 error on %s. See the debug log for details.'), $target), E_USER_NOTICE); debugLog("404 error: album={$album}; image={$image}; theme={$theme}"); debugLogArray('$_SERVER', $_SERVER, 0, ''); debugLogArray('$_REQUEST', $_REQUEST, 0, ''); debugLog(''); } }