/**
* Step up
*
* @param Doku_Event $event
*/
public function handle_ajax(Doku_Event $event)
{
if ($event->data != 'plugin_move_progress') {
return;
}
$event->preventDefault();
$event->stopPropagation();
global $INPUT;
global $USERINFO;
if (!auth_ismanager($_SERVER['REMOTE_USER'], $USERINFO['grps'])) {
http_status(403);
exit;
}
$return = array('error' => '', 'complete' => false, 'progress' => 0);
/** @var helper_plugin_move_plan $plan */
$plan = plugin_load('helper', 'move_plan');
if (!$plan->isCommited()) {
// There is no plan. Something went wrong
$return['complete'] = true;
} else {
$todo = $plan->nextStep($INPUT->bool('skip'));
$return['progress'] = $plan->getProgress();
$return['error'] = $plan->getLastError();
if ($todo === 0) {
$return['complete'] = true;
}
}
$json = new JSON();
header('Content-Type: application/json');
echo $json->encode($return);
}
/**
* Action d'affichage en ajax du navigateur de rubrique du bandeau
*
* @uses gen_liste_rubriques()
* @uses menu_rubriques()
*
* @return string
* Code HTML présentant la liste des rubriques
**/
function action_menu_rubriques_dist()
{
// si pas acces a ecrire, pas acces au menu
// on renvoi un 401 qui fait echouer la requete ajax silencieusement
if (!autoriser('ecrire')) {
$retour = "<ul class='cols_1'><li class='toutsite'><a href='" . generer_url_ecrire('accueil') . "'>" . _T('public:lien_connecter') . "</a></li></ul>";
include_spip('inc/actions');
ajax_retour($retour);
exit;
}
if ($date = intval(_request('date'))) {
header("Last-Modified: " . gmdate("D, d M Y H:i:s", $date) . " GMT");
}
$r = gen_liste_rubriques();
if (!$r and isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) and !strstr($_SERVER['SERVER_SOFTWARE'], 'IIS/')) {
include_spip('inc/headers');
header('Content-Type: text/html; charset=' . $GLOBALS['meta']['charset']);
http_status(304);
exit;
} else {
include_spip('inc/actions');
$ret = menu_rubriques();
ajax_retour($ret);
}
}
/**
* Telecharger un dump quand on est webmestre
*
* @param string $arg
*/
function action_telecharger_dump_dist($arg = null)
{
if (!$arg) {
$securiser_action = charger_fonction('securiser_action', 'inc');
$arg = $securiser_action();
}
$file = dump_repertoire() . basename($arg, '.sqlite') . '.sqlite';
if (file_exists($file) and autoriser('webmestre')) {
$f = basename($file);
// ce content-type est necessaire pour eviter des corruptions de zip dans ie6
header('Content-Type: application/octet-stream');
header("Content-Disposition: attachment; filename=\"{$f}\";");
header("Content-Transfer-Encoding: binary");
// fix for IE catching or PHP bug issue
header("Pragma: public");
header("Expires: 0");
// set expiration time
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
if ($cl = filesize($file)) {
header("Content-Length: " . $cl);
}
readfile($file);
} else {
http_status(404);
include_spip('inc/minipres');
echo minipres(_T('erreur') . ' 404', _T('info_acces_interdit'));
}
// et on finit comme ca d'un coup
exit;
}
/**
* Create the detail info for a single plugin
*
* @param Doku_Event $event
* @param $param
*/
public function info(Doku_Event &$event, $param)
{
global $USERINFO;
global $INPUT;
if ($event->data != 'plugin_extension') {
return;
}
$event->preventDefault();
$event->stopPropagation();
if (empty($_SERVER['REMOTE_USER']) || !auth_isadmin($_SERVER['REMOTE_USER'], $USERINFO['grps'])) {
http_status(403);
echo 'Forbidden';
exit;
}
header('Content-Type: text/html; charset=utf-8');
$ext = $INPUT->str('ext');
if (!$ext) {
echo 'no extension given';
return;
}
/** @var helper_plugin_extension_extension $extension */
$extension = plugin_load('helper', 'extension_extension');
$extension->setExtension($ext);
/** @var helper_plugin_extension_list $list */
$list = plugin_load('helper', 'extension_list');
echo $list->make_info($extension);
}
function minipres($titre='', $corps="", $onload='')
{
if (!defined('_AJAX')) define('_AJAX', false);
if (!$titre) {
if (!_AJAX)
http_status(403);
if (!$titre = _request('action')
AND !$titre = _request('exec')
AND !$titre = _request('page'))
$titre = '?';
$titre = htmlspecialchars($titre);
$titre = ($titre == 'install')
? _T('avis_espace_interdit')
: $titre . ' : '. _T('info_acces_interdit');
$corps = generer_form_ecrire('accueil', '','',_T('public:accueil_site'));
spip_log($GLOBALS['visiteur_session']['nom'] . " $titre " . $_SERVER['REQUEST_URI']);
}
if (!_AJAX)
return install_debut_html($titre, $onload)
. $corps
. install_fin_html();
else {
include_spip('inc/headers');
include_spip('inc/actions');
$url = self('&',true);
foreach ($_POST as $v => $c)
$url = parametre_url($url, $v, $c, '&');
echo ajax_retour("<div>".$titre . redirige_formulaire($url)."</div>",false);
}
}
function redirige_par_entete($url, $equiv='', $status = 302) {
if (!in_array($status,array(301,302)))
$status = 302;
$url = trim(strtr($url, "\n\r", " "));
# en theorie on devrait faire ca tout le temps, mais quand la chaine
# commence par ? c'est imperatif, sinon l'url finale n'est pas la bonne
if ($url[0]=='?')
$url = url_de_base().(_DIR_RESTREINT?'':_DIR_RESTREINT_ABS).$url;
if ($url[0]=='#')
$url = self('&').$url;
if ($x = _request('transformer_xml'))
$url = parametre_url($url, 'transformer_xml', $x, '&');
if (defined('_AJAX') AND _AJAX)
$url = parametre_url($url, 'var_ajax_redir', 1, '&');
// ne pas laisser passer n'importe quoi dans l'url
$url = str_replace(array('<','"'),array('<','"'),$url);
// interdire les url inline avec des pseudo-protocoles :
if (
(preg_match(",data:,i",$url) AND preg_match("/base64\s*,/i",$url))
OR preg_match(",(javascript|mailto):,i",$url)
)
$url ="./";
// Il n'y a que sous Apache que setcookie puis redirection fonctionne
if (!$equiv OR (strncmp("Apache", $_SERVER['SERVER_SOFTWARE'],6)==0) OR defined('_SERVER_APACHE')) {
@header("Location: " . $url);
$equiv="";
} else {
@header("Refresh: 0; url=" . $url);
$equiv = "<meta http-equiv='Refresh' content='0; url=$url'>";
}
include_spip('inc/lang');
if ($status!=302)
http_status($status);
echo '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">',"\n",
html_lang_attributes(),'
<head>',
$equiv,'
<title>HTTP '.$status.'</title>
</head>
<body>
<h1>HTTP '.$status.'</h1>
<a href="',
quote_amp($url),
'">',
_T('navigateur_pas_redirige'),
'</a></body></html>';
spip_log("redirige $status: $url");
exit;
}
/**
* Gerer les webhooks Stripe
*
* @param array $config
* @param null|array $response
* @return array
*/
function presta_stripe_call_autoresponse_dist($config)
{
include_spip('inc/bank');
$mode = $config['presta'];
if (isset($config['mode_test']) and $config['mode_test']) {
$mode .= "_test";
}
// charger l'API Stripe avec la cle
stripe_init_api($config);
// Retrieve the request's body and parse it as JSON
$input = @file_get_contents("php://input");
$event_json = json_decode($input);
$event_id = $event_json->id;
$event = false;
$erreur = $erreur_code = '';
$res = false;
try {
// $event_id = 'evt_194CExB63f1NFl4k4qNLVNiS'; // debug
// Verify the event by fetching it from Stripe
$event = \Stripe\Event::retrieve($event_id);
} catch (Exception $e) {
if ($body = $e->getJsonBody()) {
$err = $body['error'];
list($erreur_code, $erreur) = stripe_error_code($err);
} else {
$erreur = $e->getMessage();
$erreur_code = 'error';
}
}
$inactif = "";
if (!$config['actif']) {
$inactif = "(inactif) ";
}
if ($erreur or $erreur_code) {
spip_log('call_autoresponse ' . $inactif . ': ' . "{$erreur_code} - {$erreur}", $mode . 'auto' . _LOG_ERREUR);
} else {
if ($event) {
$type = $event->type;
$type = preg_replace(',\\W,', '_', $type);
if (function_exists($f = "stripe_webhook_{$type}") or function_exists($f = $f . '_dist')) {
spip_log("call_autoresponse : event {$type} => {$f}()", $mode . 'auto' . _LOG_DEBUG);
$res = $f($config, $event);
} else {
spip_log("call_autoresponse : event {$type} - {$f} not existing", $mode . 'auto' . _LOG_DEBUG);
}
}
}
include_spip('inc/headers');
http_status(200);
// No Content
header("Connection: close");
if ($res) {
return $res;
}
exit;
}
function exec_menu_rubriques_dist() {
global $spip_ecran;
header("Cache-Control: no-cache, must-revalidate");
if ($date = intval(_request('date')))
header("Last-Modified: ".gmdate("D, d M Y H:i:s", $date)." GMT");
$r = gen_liste_rubriques();
if (!$r
AND isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])
AND !strstr($_SERVER['SERVER_SOFTWARE'],'IIS/')) {
include_spip('inc/headers');
header('Content-Type: text/html; charset='. $GLOBALS['meta']['charset']);
http_status(304);
} else {
$largeur_t = ($spip_ecran == "large") ? 900 : 650;
$arr_low = extraire_article(0, $GLOBALS['db_art_cache']);
$total_lignes = $i = sizeof($arr_low);
$ret = '';
if ($i > 0) {
$nb_col = min(8,ceil($total_lignes / 30));
if ($nb_col <= 1) $nb_col = ceil($total_lignes / 10);
$max_lignes = ceil($total_lignes / $nb_col);
$largeur = min(200, ceil($largeur_t / $nb_col));
$count_lignes = 0;
$style = " style='z-index: 0; vertical-align: top;'";
$image = " petit-secteur";
foreach( $arr_low as $id_rubrique => $titre_rubrique) {
if ($count_lignes == $max_lignes) {
$count_lignes = 0;
$ret .= "</div></td>\n<td$style><div class='bandeau_rubriques'>";
}
$count_lignes ++;
if (autoriser('voir','rubrique',$id_rubrique)){
$ret .= bandeau_rubrique($id_rubrique, $titre_rubrique, $i, $largeur, $image);
$i--;
}
}
$ret = "<table><tr>\n<td$style><div class='bandeau_rubriques'>"
. $ret
. "\n</div></td></tr></table>\n";
}
include_spip('inc/actions');
ajax_retour("<div> </div>" . $ret);
}
}
function redirige_par_entete($url, $equiv = '', $status = 302)
{
if (!in_array($status, array(301, 302))) {
$status = 302;
}
$url = trim(strtr($url, "\n\r", " "));
# en theorie on devrait faire ca tout le temps, mais quand la chaine
# commence par ? c'est imperatif, sinon l'url finale n'est pas la bonne
if ($url[0] == '?') {
$url = url_de_base() . $url;
}
if ($url[0] == '#') {
$url = self('&') . $url;
}
# si profondeur non nulle et url relative, il faut la passer en absolue
if ($GLOBALS['profondeur_url'] > (_DIR_RESTREINT ? 1 : 2) and !preg_match(",^(\\w+:)?//,", $url)) {
include_spip("inc/filtres_mini");
$url = url_absolue($url);
}
if ($x = _request('transformer_xml')) {
$url = parametre_url($url, 'transformer_xml', $x, '&');
}
if (defined('_AJAX') and _AJAX) {
$url = parametre_url($url, 'var_ajax_redir', 1, '&');
}
// ne pas laisser passer n'importe quoi dans l'url
$url = str_replace(array('<', '"'), array('<', '"'), $url);
// interdire les url inline avec des pseudo-protocoles :
if (preg_match(",data:,i", $url) and preg_match("/base64\\s*,/i", $url) or preg_match(",(javascript|mailto):,i", $url)) {
$url = "./";
}
// Il n'y a que sous Apache que setcookie puis redirection fonctionne
include_spip('inc/cookie');
if (!$equiv and !spip_cookie_envoye() or (strncmp("Apache", $_SERVER['SERVER_SOFTWARE'], 6) == 0 or defined('_SERVER_APACHE'))) {
@header("Location: " . $url);
$equiv = "";
} else {
@header("Refresh: 0; url=" . $url);
$equiv = "<meta http-equiv='Refresh' content='0; url={$url}'>";
}
include_spip('inc/lang');
if ($status != 302) {
http_status($status);
}
echo '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">', "\n", html_lang_attributes(), '
<head>', $equiv, '
<title>HTTP ' . $status . '</title>
</head>
<body>
<h1>HTTP ' . $status . '</h1>
<a href="', quote_amp($url), '">', _T('navigateur_pas_redirige'), '</a></body></html>';
spip_log("redirige {$status}: {$url}");
exit;
}
function ob_etag($s)
{
global $_SERVER;
$etag = md5($s);
if (strstr($_SERVER['HTTP_IF_NONE_MATCH'], $etag)) {
http_status(304, "Not Modified");
return '';
} else {
header("ETag: \"{$etag}\"");
return $s;
}
}
function system_down()
{
http_status(503, 'Service Unavailable');
echo <<<EOT
<html>
<head><title>System Unavailable</title></head>
<body>
Apologies but this site is unavailable at the moment. Please try again later.
</body>
</html>
EOT;
}
/**
* Envoyer le navigateur sur une nouvelle adresse
*
* Le tout en évitant les attaques par la redirection (souvent indique par un `$_GET`)
*
* @example
* ```
* $redirect = parametre_url(urldecode(_request('redirect')),'id_article=' . $id_article);
* include_spip('inc/headers');
* redirige_par_entete($redirect);
* ```
*
* @param string $url URL de redirection
* @param string $equiv ?
* @param int $status Code de redirection (301 ou 302)
**/
function redirige_par_entete($url, $equiv = '', $status = 302)
{
if (!in_array($status, array(301, 302))) {
$status = 302;
}
$url = trim(strtr($url, "\n\r", " "));
# si l'url de redirection est relative, on la passe en absolue
if (!preg_match(",^(\\w+:)?//,", $url)) {
include_spip("inc/filtres_mini");
$url = url_absolue($url);
}
if ($x = _request('transformer_xml')) {
$url = parametre_url($url, 'transformer_xml', $x, '&');
}
if (defined('_AJAX') and _AJAX) {
$url = parametre_url($url, 'var_ajax_redir', 1, '&');
}
// ne pas laisser passer n'importe quoi dans l'url
$url = str_replace(array('<', '"'), array('<', '"'), $url);
// interdire les url inline avec des pseudo-protocoles :
if (preg_match(",data:,i", $url) and preg_match("/base64\\s*,/i", $url) or preg_match(",(javascript|mailto):,i", $url)) {
$url = "./";
}
// Il n'y a que sous Apache que setcookie puis redirection fonctionne
include_spip('inc/cookie');
if (!$equiv and !spip_cookie_envoye() or (strncmp("Apache", $_SERVER['SERVER_SOFTWARE'], 6) == 0 or defined('_SERVER_APACHE'))) {
@header("Location: " . $url);
$equiv = "";
} else {
@header("Refresh: 0; url=" . $url);
if (isset($GLOBALS['meta']['charset'])) {
@header("Content-Type: text/html; charset=" . $GLOBALS['meta']['charset']);
}
$equiv = "<meta http-equiv='Refresh' content='0; url={$url}'>";
}
include_spip('inc/lang');
if ($status != 302) {
http_status($status);
}
echo '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">', "\n", html_lang_attributes(), '
<head>', $equiv, '
<title>HTTP ' . $status . '</title>
' . (isset($GLOBALS['meta']['charset']) ? '<meta http-equiv="Content-Type" content="text/html;charset=' . $GLOBALS['meta']['charset'] . '">' : '') . '
</head>
<body>
<h1>HTTP ' . $status . '</h1>
<a href="', quote_amp($url), '">', _T('navigateur_pas_redirige'), '</a></body></html>';
spip_log("redirige {$status}: {$url}");
exit;
}
function call($methodname, $args)
{
try {
$result = $this->remote->call($methodname, $args);
return $result;
} catch (RemoteAccessDeniedException $e) {
if (!isset($_SERVER['REMOTE_USER'])) {
http_status(401);
return new IXR_Error(-32603, "server error. not authorized to call method {$methodname}");
} else {
http_status(403);
return new IXR_Error(-32604, "server error. forbidden to call the method {$methodname}");
}
} catch (RemoteException $e) {
return new IXR_Error($e->getCode(), $e->getMessage());
}
}
/**
* Create the detail info for a single plugin
*
* @param Doku_Event $event
* @param $param
*/
public function info(Doku_Event &$event, $param)
{
global $USERINFO;
global $INPUT;
if ($event->data != 'plugin_extension') {
return;
}
$event->preventDefault();
$event->stopPropagation();
if (empty($_SERVER['REMOTE_USER']) || !auth_isadmin($_SERVER['REMOTE_USER'], $USERINFO['grps'])) {
http_status(403);
echo 'Forbidden';
exit;
}
$ext = $INPUT->str('ext');
if (!$ext) {
http_status(400);
echo 'no extension given';
return;
}
/** @var helper_plugin_extension_extension $extension */
$extension = plugin_load('helper', 'extension_extension');
$extension->setExtension($ext);
$act = $INPUT->str('act');
switch ($act) {
case 'enable':
case 'disable':
$json = new JSON();
$extension->{$act}();
//enables/disables
$reverse = $act == 'disable' ? 'enable' : 'disable';
$return = array('state' => $act . 'd', 'reverse' => $reverse, 'label' => $extension->getLang('btn_' . $reverse));
header('Content-Type: application/json');
echo $json->encode($return);
break;
case 'info':
default:
/** @var helper_plugin_extension_list $list */
$list = plugin_load('helper', 'extension_list');
header('Content-Type: text/html; charset=utf-8');
echo $list->make_info($extension);
}
}
/**
* Pass Ajax call to a type
*
* @param Doku_Event $event event object by reference
* @param mixed $param [the parameters passed as fifth argument to register_hook() when this
* handler was registered]
*/
public function handle_ajax(Doku_Event $event, $param)
{
if ($event->data != 'plugin_struct') {
return;
}
$event->preventDefault();
$event->stopPropagation();
global $conf;
header('Content-Type: application/json');
try {
$result = $this->executeTypeAjax();
} catch (StructException $e) {
$result = array('error' => $e->getMessage() . ' ' . basename($e->getFile()) . ':' . $e->getLine());
if ($conf['allowdebug']) {
$result['stacktrace'] = $e->getTraceAsString();
}
http_status(500);
}
$json = new JSON();
echo $json->encode($result);
}
/**
* @param Doku_Event $event
* @param $param
*/
public function handle_ajax(Doku_Event $event, $param)
{
$len = strlen('plugin_struct_lookup_');
if (substr($event->data, 0, $len) != 'plugin_struct_lookup_') {
return;
}
$event->preventDefault();
$event->stopPropagation();
try {
if (substr($event->data, $len) == 'new') {
$this->lookup_new();
}
if (substr($event->data, $len) == 'save') {
$this->lookup_save();
}
if (substr($event->data, $len) == 'delete') {
$this->lookup_delete();
}
} catch (StructException $e) {
http_status(500);
header('Content-Type: text/plain');
echo $e->getMessage();
}
}
/**
* Render a subtree
*
* @param Doku_Event $event
* @param $params
*/
public function handle_ajax_call(Doku_Event $event, $params)
{
if ($event->data != 'plugin_move_tree') {
return;
}
$event->preventDefault();
$event->stopPropagation();
global $INPUT;
global $USERINFO;
if (!auth_ismanager($_SERVER['REMOTE_USER'], $USERINFO['grps'])) {
http_status(403);
exit;
}
/** @var admin_plugin_move_tree $plugin */
$plugin = plugin_load('admin', 'move_tree');
$ns = cleanID($INPUT->str('ns'));
if ($INPUT->bool('is_media')) {
$type = admin_plugin_move_tree::TYPE_MEDIA;
} else {
$type = admin_plugin_move_tree::TYPE_PAGES;
}
$data = $plugin->tree($type, $ns, $ns);
echo html_buildlist($data, 'tree_list', array($plugin, 'html_list'), array($plugin, 'html_li'));
}
/**
* @param Doku_Event $event
* @param $param
*/
public function handle_ajax(Doku_Event $event, $param)
{
$len = strlen('plugin_struct_inline_');
if (substr($event->data, 0, $len) != 'plugin_struct_inline_') {
return;
}
$event->preventDefault();
$event->stopPropagation();
if (substr($event->data, $len) == 'editor') {
$this->inline_editor();
}
if (substr($event->data, $len) == 'save') {
try {
$this->inline_save();
} catch (StructException $e) {
http_status(500);
header('Content-Type: text/plain; charset=utf-8');
echo $e->getMessage();
}
}
if (substr($event->data, $len) == 'cancel') {
$this->inline_cancel();
}
}
} elseif ($mode == 'reply') {
$project_name = request_var('project', '');
$report_id = request_var('report_id', 0);
// Load language file
$user->add_lang('posting');
// Include files
include "{$phpbb_root_path}includes/functions_posting.{$phpEx}";
include "{$phpbb_root_path}includes/message_parser.{$phpEx}";
// Query the report
$sql = $db->sql_build_query('SELECT', array('SELECT' => 'r.*, pr.*, t.topic_approved, t.topic_poster, t.topic_time, t.topic_status, t.topic_type, t.topic_first_poster_name, t.topic_first_poster_colour, f.enable_indexing, p.post_id, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, p.post_text, p.bbcode_bitfield, p.bbcode_uid, c.component_title, s.status_title, v.version_title, a.user_id AS assigned_id, a.username AS assigned_name, a.user_colour AS assigned_colour', 'FROM' => array(BUGS_REPORTS_TABLE => 'r'), 'LEFT_JOIN' => array(array('FROM' => array(BUGS_PROJECTS_TABLE => 'pr'), 'ON' => 'r.project_id = pr.project_id'), array('FROM' => array(TOPICS_TABLE => 't'), 'ON' => 'r.topic_id = t.topic_id'), array('FROM' => array(FORUMS_TABLE => 'f'), 'ON' => 'pr.forum_id = f.forum_id'), array('FROM' => array(POSTS_TABLE => 'p'), 'ON' => 't.topic_first_post_id = p.post_id'), array('FROM' => array(BUGS_COMPONENTS_TABLE => 'c'), 'ON' => 'r.report_component = c.component_id'), array('FROM' => array(BUGS_STATUSES_TABLE => 's'), 'ON' => 'r.report_status = s.status_id'), array('FROM' => array(BUGS_VERSIONS_TABLE => 'v'), 'ON' => 'r.report_version = v.version_id'), array('FROM' => array(USERS_TABLE => 'a'), 'ON' => 'r.report_assigned = a.user_id')), 'WHERE' => "r.report_id = {$report_id} AND pr.project_name = '" . $db->sql_escape($project_name) . "'"));
$result = $db->sql_query($sql);
if (($report = $db->sql_fetchrow($result)) == false) {
http_status(404);
trigger_error('NO_REPORT', E_USER_NOTICE);
} elseif (!$auth->acl_get('f_c_com_post', $report['forum_id']) || $report['topic_approved'] == 0 && !$auth->acl_get('m_approve', $report['forum_id']) && $report['topic_poster'] != $user->data['user_id']) {
http_status(403);
trigger_error('NOT_AUTHORISED', E_USER_NOTICE);
} elseif ($report['topic_status'] == ITEM_LOCKED && !$auth->acl_get('m_', $report['forum_id'])) {
trigger_error('TOPIC_LOCKED', E_USER_NOTICE);
}
$db->sql_freeresult($result);
// Find out whether the user is watching the report
if ($user->data['user_id'] != ANONYMOUS) {
$sql = 'SELECT notify_status FROM ' . TOPICS_WATCH_TABLE . " WHERE topic_id = {$report['topic_id']} AND user_id = {$user->data['user_id']}";
$result = $db->sql_query($sql);
$is_subscribed = $db->sql_fetchrow($result) != false;
$db->sql_freeresult($result);
} else {
$is_subscribed = false;
}
// Get submitted data
/**
* Routage automatique de la 404 si le bloc de contenu est vide
* Seul le bloc principal est pris en compte (le premier de la liste)
* mais il est possible de personaliser le ou les blocs a prendre en compte pour detecter une 404 :
* $GLOBALS['z_blocs_404'] = array('content','aside');
* On ne declenchera alors une 404 que si content/xxx et aside/xxx sont vide tous les deux
* (attention a ce que la page 404 ait bien un de ces blocs non vide pour eviter une boucle infinie)
*
* @param array $flux
*
* @return array
*/
function zcore_recuperer_fond($flux)
{
static $empty_count = 0, $is_404 = false;
static $z_blocs_404, $z_blocs_404_nlength, $z_blocs_404_ncount;
if ($is_404) {
if ($flux['args']['fond'] === "structure") {
$is_404 = false;
// pas de risque de reentrance
$code = "404 Not Found";
$contexte_inclus = array('erreur' => "", 'code' => $code, 'lang' => $GLOBALS['spip_lang']);
$flux['data'] = evaluer_fond('404', $contexte_inclus);
$flux['data']['status'] = intval($code);
// pas remonte vers la page mais un jour peut etre...
// du coup on envoie le status a la main
include_spip("inc/headers");
http_status(intval($code));
}
} elseif (!test_espace_prive()) {
if (!isset($z_blocs_404)) {
if (isset($GLOBALS['z_blocs_404'])) {
$z_blocs_404 = $GLOBALS['z_blocs_404'];
if (is_array($z_blocs_404) and count($z_blocs_404) == 1) {
$z_blocs_404 = reset($z_blocs_404);
}
} else {
if (!function_exists("z_blocs")) {
$styliser_par_z = charger_fonction('styliser_par_z', 'public');
}
$z_blocs = z_blocs(test_espace_prive());
$z_blocs_404 = reset($z_blocs);
// contenu par defaut
}
if (is_array($z_blocs_404)) {
$z_blocs_404_ncount = count($z_blocs_404);
$z_blocs_404_nlength = array_map('strlen', $z_blocs_404);
} else {
$z_blocs_404_ncount = 1;
$z_blocs_404_nlength = strlen($z_blocs_404);
}
}
$fond = $flux['args']['fond'];
// verifier rapidement que c'est un des fonds de reference pour la 404 :
// le fond commende par nomdudossier/
// le fond n'a pas de / suppelementaires (on est au bon niveau)
$quick_match = false;
if (strpos($fond, "/") !== false and $z_blocs_404_ncount) {
if ($z_blocs_404_ncount == 1) {
$quick_match = (strncmp($fond, "{$z_blocs_404}/", $z_blocs_404_nlength + 1) === 0 and strpos($fond, "/", $z_blocs_404_nlength + 1) === false);
} else {
foreach ($z_blocs_404 as $k => $zb) {
if (strncmp($fond, "{$zb}/", $z_blocs_404_nlength[$k] + 1) === 0 and strpos($fond, "/", $z_blocs_404_nlength[$k] + 1) === false) {
$quick_match = true;
break;
}
}
}
}
if ($quick_match and !strlen(trim($flux['data']['texte']))) {
$empty_count++;
if ($empty_count >= $z_blocs_404_ncount) {
$is_404 = true;
}
}
}
return $flux;
}
/**
* @brief Send HTTP status header and exit.
*
* @param int $val
* integer HTTP status result value
* @param string $msg
* optional message
* @returns (does not return, process is terminated)
*/
function http_status_exit($val, $msg = '')
{
http_status($val, $msg);
killme();
}
if (traiter_appels_actions() or traiter_appels_inclusions_ajax() or traiter_formulaires_dynamiques()) {
// lancer les taches sur affichage final, comme le cron
// mais sans rien afficher
$GLOBALS['html'] = false;
// ne rien afficher
pipeline('affichage_final' . _PIPELINE_SUFFIX, '');
exit;
// le hit est fini !
}
}
// Il y a du texte a produire, charger le metteur en page
include_spip('public/assembler');
$page = assembler($fond, _request('connect'));
if (isset($page['status'])) {
include_spip('inc/headers');
http_status($page['status']);
}
// Content-Type ?
if (!isset($page['entetes']['Content-Type'])) {
$page['entetes']['Content-Type'] = "text/html; charset=" . $GLOBALS['meta']['charset'];
$html = true;
} else {
$html = preg_match(',^\\s*text/html,', $page['entetes']['Content-Type']);
}
if (defined('_VAR_PREVIEW') and _VAR_PREVIEW and $html) {
include_spip('inc/filtres');
// pour http_img_pack
$x = "<div class='spip-previsu' " . http_style_background('preview-32.png') . ">" . _T('previsualisation') . "</div>";
if (!($pos = strpos($page['texte'], '</body>'))) {
$pos = strlen($page['texte']);
}
function action_cron()
{
include_spip('inc/headers');
http_status(204);
// No Content
header("Connection: close");
define('_DIRECT_CRON_FORCE', true);
cron();
}
/**
* Set headers and send the file to the client
*
* The $cache parameter influences how long files may be kept in caches, the $public parameter
* influences if this caching may happen in public proxis or in the browser cache only FS#2734
*
* This function will abort the current script when a 304 is sent or file sending is handled
* through x-sendfile
*
* @author Andreas Gohr <*****@*****.**>
* @author Ben Coburn <*****@*****.**>
* @author Gerry Weissbach <*****@*****.**>
*
* @param string $file local file to send
* @param string $mime mime type of the file
* @param bool $dl set to true to force a browser download
* @param int $cache remaining cache time in seconds (-1 for $conf['cache'], 0 for no-cache)
* @param bool $public is this a public ressource or a private one?
* @param string $orig original file to send - the file name will be used for the Content-Disposition
*/
function sendFile($file, $mime, $dl, $cache, $public = false, $orig = null)
{
global $conf;
// send mime headers
header("Content-Type: {$mime}");
// calculate cache times
if ($cache == -1) {
$maxage = max($conf['cachetime'], 3600);
// cachetime or one hour
$expires = time() + $maxage;
} else {
if ($cache > 0) {
$maxage = $cache;
// given time
$expires = time() + $maxage;
} else {
// $cache == 0
$maxage = 0;
$expires = 0;
// 1970-01-01
}
}
// smart http caching headers
if ($maxage) {
if ($public) {
// cache publically
header('Expires: ' . gmdate("D, d M Y H:i:s", $expires) . ' GMT');
header('Cache-Control: public, proxy-revalidate, no-transform, max-age=' . $maxage);
header('Pragma: public');
} else {
// cache in browser
header('Expires: ' . gmdate("D, d M Y H:i:s", $expires) . ' GMT');
header('Cache-Control: private, no-transform, max-age=' . $maxage);
header('Pragma: no-cache');
}
} else {
// no cache at all
header('Expires: Thu, 01 Jan 1970 00:00:00 GMT');
header('Cache-Control: no-cache, no-transform');
header('Pragma: no-cache');
}
//send important headers first, script stops here if '304 Not Modified' response
$fmtime = @filemtime($file);
http_conditionalRequest($fmtime);
// Use the current $file if is $orig is not set.
if ($orig == null) {
$orig = $file;
}
//download or display?
if ($dl) {
header('Content-Disposition: attachment;' . rfc2231_encode('filename', utf8_basename($orig)) . ';');
} else {
header('Content-Disposition: inline;' . rfc2231_encode('filename', utf8_basename($orig)) . ';');
}
//use x-sendfile header to pass the delivery to compatible webservers
http_sendfile($file);
// send file contents
$fp = @fopen($file, "rb");
if ($fp) {
http_rangeRequest($fp, filesize($file), $mime);
} else {
http_status(500);
print "Could not read {$file} - bad permissions?";
}
}
function action_acceder_document_dist() {
include_spip('inc/documents');
// $file exige pour eviter le scan id_document par id_document
$f = rawurldecode(_request('file'));
$file = get_spip_doc($f);
$arg = rawurldecode(_request('arg'));
$status = $dcc = false;
if (strpos($f,'../') !== false
OR preg_match(',^\w+://,', $f)) {
$status = 403;
}
else if (!file_exists($file) OR !is_readable($file)) {
$status = 404;
} else {
$where = "documents.fichier=".sql_quote(set_spip_doc($file))
. ($arg ? " AND documents.id_document=".intval($arg): '');
$doc = sql_fetsel("documents.id_document, documents.titre, documents.fichier, types.mime_type, types.inclus, documents.extension", "spip_documents AS documents LEFT JOIN spip_types_documents AS types ON documents.extension=types.extension",$where);
if (!$doc) {
$status = 404;
} else {
// ETag pour gerer le status 304
$ETag = md5($file . ': '. filemtime($file));
if (isset($_SERVER['HTTP_IF_NONE_MATCH'])
AND $_SERVER['HTTP_IF_NONE_MATCH'] == $ETag) {
http_status(304); // Not modified
exit;
} else {
header('ETag: '.$ETag);
}
//
// Verifier les droits de lecture du document
// en controlant la cle passee en argument
//
include_spip('inc/securiser_action');
$cle = _request('cle');
if (!verifier_cle_action($doc['id_document'].','.$f, $cle)) {
spip_log("acces interdit $cle erronee");
$status = 403;
}
}
}
switch($status) {
case 403:
include_spip('inc/minipres');
echo minipres();
break;
case 404:
http_status(404);
include_spip('inc/minipres');
echo minipres(_T('erreur').' 404',
_T('info_document_indisponible'));
break;
default:
header("Content-Type: ". $doc['mime_type']);
// pour les images ne pas passer en attachment
// sinon, lorsqu'on pointe directement sur leur adresse,
// le navigateur les downloade au lieu de les afficher
if ($doc['inclus']=='non') {
$f = basename($file);
// ce content-type est necessaire pour eviter des corruptions de zip dans ie6
header('Content-Type: application/octet-stream');
header("Content-Disposition: attachment; filename=\"$f\";");
header("Content-Transfer-Encoding: binary");
// fix for IE catching or PHP bug issue
header("Pragma: public");
header("Expires: 0"); // set expiration time
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
}
if ($cl = filesize($file))
header("Content-Length: ". $cl);
readfile($file);
break;
}
}
/**
* Rediriger une page suivant une autorisation,
* et ce, n'importe où dans un squelette, même dans les inclusions.
* Exemple :
* [(#AUTORISER{non}|sinon_interdire_acces)]
* [(#AUTORISER{non}|sinon_interdire_acces{#URL_PAGE{login}, 401})]
*
* @param bool $ok Indique si l'on doit rediriger ou pas
* @param string $url Adresse vers laquelle rediriger
* @param int $statut Statut HTML avec lequel on redirigera
* @return string
*/
function sinon_interdire_acces($ok = false, $url = '', $statut = 0)
{
if ($ok) {
return '';
}
// Vider tous les tampons
$level = @ob_get_level();
while ($level--) {
@ob_end_clean();
}
include_spip('inc/headers');
$statut = intval($statut);
// Si aucun argument on essaye de deviner quoi faire par défaut
if (!$url and !$statut) {
// Si on est dans l'espace privé, on génère du 403 Forbidden
if (test_espace_prive()) {
http_status(403);
$echec = charger_fonction('403', 'exec');
$echec();
} else {
$statut = 404;
}
}
// On suit les directives indiquées dans les deux arguments
// S'il y a un statut
if ($statut) {
// Dans tous les cas on modifie l'entité avec ce qui est demandé
http_status($statut);
// Si le statut est une erreur et qu'il n'y a pas de redirection on va chercher le squelette du même nom
if ($statut >= 400 and !$url) {
echo recuperer_fond("{$statut}");
}
}
// S'il y a une URL, on redirige (si pas de statut, la fonction mettra 302 par défaut)
if ($url) {
redirige_par_entete($url, '', $statut);
}
exit;
}
function traiter_appels_inclusions_ajax(){
// traiter les appels de bloc ajax (ex: pagination)
if ($v = _request('var_ajax')
AND $v !== 'form'
AND $args = _request('var_ajax_env')) {
include_spip('inc/filtres');
include_spip('inc/actions');
if ($args = decoder_contexte_ajax($args)
AND $fond = $args['fond']) {
include_spip('public/assembler');
$contexte = calculer_contexte();
$contexte = array_merge($args, $contexte);
$page = recuperer_fond($fond,$contexte,array('trim'=>false));
$texte = $page;
if ($ancre = _request('var_ajax_ancre')){
// pas n'importe quoi quand meme dans la variable !
$ancre = str_replace(array('<','"',"'"),array('<','"',''),$ancre);
$texte = "<a href='#$ancre' name='ajax_ancre' style='display:none;'>anchor</a>".$texte;
}
}
else {
include_spip('inc/headers');
http_status(403);
$texte = _L('signature ajax bloc incorrecte');
}
ajax_retour($texte);
return true; // on a fini le hit
}
return false;
}
foreach (explode(' ', 'basedir userewrite baseurl useslash') as $x) {
print '$' . "conf['{$x}'] = '" . $conf[$x] . "';\n";
}
foreach (explode(' ', 'DOCUMENT_ROOT HTTP_HOST SCRIPT_FILENAME PHP_SELF ' . 'REQUEST_URI SCRIPT_NAME PATH_INFO PATH_TRANSLATED') as $x) {
print '$' . "_SERVER['{$x}'] = '" . $_SERVER[$x] . "';\n";
}
print "getID('media'): " . getID('media') . "\n";
print "getID('media',false): " . getID('media', false) . "\n";
print '</pre>';
}
$ERROR = false;
// check image permissions
$AUTH = auth_quickaclcheck($IMG);
if ($AUTH >= AUTH_READ) {
// check if image exists
$SRC = mediaFN($IMG);
if (!@file_exists($SRC)) {
//doesn't exist!
http_status(404);
$ERROR = 'File not found';
}
} else {
// no auth
$ERROR = p_locale_xhtml('denied');
}
// this makes some general infos available as well as the info about the
// "parent" page
$INFO = pageinfo();
//start output and load template
header('Content-Type: text/html; charset=utf-8');
include template('detail.php');
/**
* GET method handler
*
* @param void
* @returns void
*/
function http_GET()
{
// TODO check for invalid stream
$options = array();
$options["path"] = $this->path;
$this->_get_ranges($options);
if (true === ($status = $this->get($options))) {
if (!headers_sent()) {
$status = "200 OK";
if (!isset($options['mimetype'])) {
$options['mimetype'] = "application/octet-stream";
}
header("Content-type: {$options['mimetype']}");
if (isset($options['mtime'])) {
header("Last-modified:" . gmdate("D, d M Y H:i:s ", $options['mtime']) . "GMT");
}
if (isset($options['stream'])) {
// GET handler returned a stream
if (!empty($options['ranges']) && 0 === fseek($options['stream'], 0, SEEK_SET)) {
// partial request and stream is seekable
if (count($options['ranges']) === 1) {
$range = $options['ranges'][0];
if (isset($range['start'])) {
fseek($options['stream'], $range['start'], SEEK_SET);
if (feof($options['stream'])) {
http_status("416 Requested range not satisfiable");
exit;
}
if (isset($range['end'])) {
$size = $range['end'] - $range['start'] + 1;
http_status("206 partial");
header("Content-length: {$size}");
header("Content-range: {$range['start']}-{$range['end']}/" . (isset($options['size']) ? $options['size'] : "*"));
while ($size && !feof($options['stream'])) {
$buffer = fread($options['stream'], 4096);
$size -= strlen($buffer);
echo $buffer;
}
} else {
http_status("206 partial");
if (isset($options['size'])) {
header("Content-length: " . ($options['size'] - $range['start']));
header("Content-range: {$start}-{$end}/" . (isset($options['size']) ? $options['size'] : "*"));
}
fpassthru($options['stream']);
}
} else {
header("Content-length: " . $range['last']);
fseek($options['stream'], -$range['last'], SEEK_END);
fpassthru($options['stream']);
}
} else {
$this->_multipart_byterange_header();
// init multipart
foreach ($options['ranges'] as $range) {
// TODO what if size unknown? 500?
if (isset($range['start'])) {
$from = $range['start'];
$to = !empty($range['end']) ? $range['end'] : $options['size'] - 1;
} else {
$from = $options['size'] - $range['last'] - 1;
$to = $options['size'] - 1;
}
$total = isset($options['size']) ? $options['size'] : "*";
$size = $to - $from + 1;
$this->_multipart_byterange_header($options['mimetype'], $from, $to, $total);
fseek($options['stream'], $start, SEEK_SET);
while ($size && !feof($options['stream'])) {
$buffer = fread($options['stream'], 4096);
$size -= strlen($buffer);
echo $buffer;
}
}
$this->_multipart_byterange_header();
// end multipart
}
} else {
// normal request or stream isn't seekable, return full content
if (isset($options['size'])) {
header("Content-length: " . $options['size']);
}
fpassthru($options['stream']);
return;
// no more headers
}
} elseif (isset($options['data'])) {
if (is_array($options['data'])) {
// reply to partial request
} else {
header("Content-length: " . strlen($options['data']));
echo $options['data'];
}
}
}
}
if (false === $status) {
$this->http_status("404 not found");
}
$this->http_status("{$status}");
}
/**
* Checks if a given authentication token was stored in the session
*
* Will setup authentication data using data from the session if the
* token is correct. Will exit with a 401 Status if not.
*
* @author Andreas Gohr <*****@*****.**>
* @param string $token The authentication token
* @return boolean true (or will exit on failure)
*/
function auth_validateToken($token)
{
if (!$token || $token != $_SESSION[DOKU_COOKIE]['auth']['token']) {
// bad token
http_status(401);
print 'Invalid auth token - maybe the session timed out';
unset($_SESSION[DOKU_COOKIE]['auth']['token']);
// no second chance
exit;
}
// still here? trust the session data
global $USERINFO;
/* @var Input $INPUT */
global $INPUT;
$INPUT->server->set('REMOTE_USER', $_SESSION[DOKU_COOKIE]['auth']['user']);
$USERINFO = $_SESSION[DOKU_COOKIE]['auth']['info'];
return true;
}
