/**
* Confirms that a folder dir and a URL purportedly linking to that folder do, in fact, match.
*
* If the URL does point to the folder it returns true; otherwise returns false. The function works
* by creating a temporary file in $folder, then try and scrape it via file(). If it exists, the
* folder is a match for URL and it returns true.
*
* Assumption: the "allow_url_fopen" setting in php.ini is set to "1" (Checks for this). If it's
* not set it always returns false.
*
* @param string $folder a folder on this server.
* @param string $url The URL that claims to point to <b>$folder</b>
* @return array Returns array with indexes:<br/>
* [0]: true/false (success / failure)<br/>
* [1]: message string<br/>
*/
function ft_check_folder_url_match($folder, $url)
{
global $g_debug, $g_default_error_reporting, $LANG;
$folder = rtrim(trim($folder), "/\\");
$url = rtrim(trim($url), "/\\");
list($success, $message) = ft_check_upload_folder($folder);
if (!$success) {
return array(false, $LANG["validation_folder_invalid_permissions"]);
}
if (ini_get("allow_url_fopen") != "1") {
return array(false, $LANG["notify_allow_url_fopen_not_set"]);
}
// create the temp file
$test_file = "ft_" . date("U") . ".tmp";
if (($fh = fopen("{$folder}/{$test_file}", "w")) === FALSE) {
return array(true, "Problem creating test file.");
}
fwrite($fh, "Folder-URL match test");
fclose($fh);
// now try and read the file. We activate error reporting for the duration of this test so we
// can examine any error messages that occur to provide some pointers for the user
error_reporting(2047);
ob_start();
$result = @file("{$url}/{$test_file}");
$errors = ob_get_clean();
error_reporting($g_default_error_reporting);
// delete temp file
@unlink("{$folder}/{$test_file}");
// if $errors is empty, that means there was a match
if (is_array($result) && $result[0] == "Folder-URL match test") {
return array(true, $LANG["notify_folder_url_match"]);
} else {
$debug = $g_debug ? "<br />{$errors}" : "";
// let's take a look at the warning. [Assumption: error messages in English]
// "404 Not Found" - Not a match
if (preg_match("/404 Not Found/", $errors)) {
return array(false, $LANG["notify_folder_url_no_match"] . " {$debug}");
} else {
if (preg_match("/Authorization Required/", $errors)) {
return array(false, $LANG["notify_folder_url_no_access"] . " {$debug}");
}
}
return array(false, $LANG["notify_folder_url_unknown_error"]);
}
}
$return_str = "";
if (isset($request["return_vars"])) {
$vals = array();
while (list($key, $value) = each($request["return_vars"])) {
$vals[] = "\"{$key}\": \"{$value}\"";
}
$return_str = ", " . implode(", ", $vals);
}
if (!$permission_check["has_permission"]) {
$message = $permission_check["message"];
echo "{ \"success\": \"0\", \"ft_logout\": \"1\", \"message\": \"{$message}\"{$return_val_str} }";
exit;
}
switch ($action) {
case "test_folder_permissions":
list($success, $message) = ft_check_upload_folder($request["file_upload_dir"]);
$success = $success ? 1 : 0;
echo "{ \"success\": \"{$success}\", \"message\": \"{$message}\"{$return_val_str} }";
break;
case "test_folder_url_match":
list($success, $message) = ft_check_folder_url_match($request["file_upload_dir"], $request["file_upload_url"]);
$success = $success ? 1 : 0;
echo "{ \"success\": \"{$success}\", \"message\": \"{$message}\"{$return_val_str} }";
break;
// expects the tabset name and inner_tab to contain an alphanumeric string only
// expects the tabset name and inner_tab to contain an alphanumeric string only
case "remember_inner_tab":
$tabset = strip_tags($request["tabset"]);
$tab = strip_tags($request["tab"]);
if (!array_key_exists("inner_tabs", $_SESSION["ft"])) {
$_SESSION["ft"]["inner_tabs"] = array();
/**
* Called by administrators; updates the default user account settings.
*
* @param array $infohash this parameter should be a hash (e.g. $_POST or $_GET) containing the
* various fields from the main settings admin page.
* @return array Returns array with indexes:<br/>
* [0]: true/false (success / failure)<br/>
* [1]: message string<br/>
*/
function ft_update_file_settings($infohash)
{
global $g_table_prefix, $g_root_url, $LANG;
$success = true;
$message = $LANG["notify_setup_options_updated"];
$original_file_upload_dir = $infohash["original_file_upload_dir"];
$file_upload_dir = rtrim(trim($infohash["file_upload_dir"]), "/\\");
$file_upload_url = rtrim(trim($infohash["file_upload_url"]), "/\\");
$file_upload_max_size = $infohash["file_upload_max_size"];
$file_upload_filetypes = is_array($infohash["file_upload_filetypes"]) ? join(",", $infohash["file_upload_filetypes"]) : "";
if (!empty($infohash["file_upload_filetypes_other"])) {
if (empty($file_upload_filetypes)) {
$file_upload_filetypes = $infohash["file_upload_filetypes_other"];
} else {
$file_upload_filetypes .= ",{$infohash["file_upload_filetypes_other"]}";
}
}
$file_upload_filetypes = mb_strtolower($file_upload_filetypes);
$settings = array("file_upload_dir" => $file_upload_dir, "file_upload_url" => $file_upload_url, "file_upload_max_size" => $file_upload_max_size, "file_upload_filetypes" => $file_upload_filetypes);
ft_set_settings($settings);
// check the folder was valid
list($is_valid_folder, $folder_message) = ft_check_upload_folder($file_upload_dir);
if (!$is_valid_folder) {
return array($is_valid_folder, $folder_message);
}
extract(ft_process_hook_calls("end", compact("infohash"), array("success", "message")), EXTR_OVERWRITE);
return array($success, $message);
}
