/** * Cleans up/fixes a relative paths. * * As an example '/site/pivotx/../index.php' becomes '/site/index.php'. * In addition (non-leading) double slashes are removed. * * @param string $path * @param bool $nodoubleleadingslashes * @return string */ function fixPath($path, $nodoubleleadingslashes = true) { $path = str_replace("\\", "/", stripTrailingSlash($path)); // Handle double leading slash (that shouldn't be removed). if (!$nodoubleleadingslashes && strpos($path, '//') === 0) { $lead = '//'; $path = substr($path, 2); } else { $lead = ''; } $patharray = explode('/', preg_replace('#/+#', '/', $path)); $new_path = array(); foreach ($patharray as $item) { if ($item == '..') { // remove the previous element @array_pop($new_path); } elseif ($item == 'http:') { // Don't break for URLs with http:// scheme $new_path[] = 'http:/'; } elseif ($item == 'https:') { // Don't break for URLs with https:// scheme $new_path[] = 'https:/'; } elseif ($item != '.') { $new_path[] = $item; } } return $lead . implode('/', $new_path); }
/** * List browse on the server, so we can insert them in the file input. * * @param $path * @param Silex\Application $app * @param Request $request * @return mixed */ public function browse($path, Silex\Application $app, Request $request) { $files = array(); $folders = array(); // $key is linked to the fieldname of the original field, so we can // Set the selected value in the proper field $key = $app['request']->get('key'); $basefolder = $app['resources']->getPath('files'); $path = stripTrailingSlash(str_replace("..", "", $path)); if ($path == 'files') { $path = ''; } $currentfolder = realpath($basefolder . $path); $ignored = array(".", "..", ".DS_Store", ".gitignore", ".htaccess"); // Get the pathsegments, so we can show the path.. $pathsegments = array(); $cumulative = ""; if (!empty($path)) { foreach (explode("/", $path) as $segment) { $cumulative .= $segment . "/"; $pathsegments[$cumulative] = $segment; } } if (file_exists($currentfolder)) { $d = dir($currentfolder); while (false !== ($entry = $d->read())) { if (in_array($entry, $ignored)) { continue; } $fullfilename = $currentfolder . "/" . $entry; if (is_file($fullfilename)) { $relativepath = str_replace("files/", "", $path . "/" . $entry); $files[$entry] = array('path' => $path, 'filename' => $entry, 'newpath' => $path . "/" . $entry, 'relativepath' => $relativepath, 'writable' => is_writable($fullfilename), 'readable' => is_readable($fullfilename), 'type' => strtolower(getExtension($entry)), 'filesize' => formatFilesize(filesize($fullfilename)), 'modified' => date("Y/m/d H:i:s", filemtime($fullfilename)), 'permissions' => \util::full_permissions($fullfilename)); if (in_array(strtolower(getExtension($entry)), array('gif', 'jpg', 'png', 'jpeg'))) { $size = getimagesize($fullfilename); $files[$entry]['imagesize'] = sprintf("%s × %s", $size[0], $size[1]); } } if (is_dir($fullfilename)) { $folders[$entry] = array('path' => $path, 'foldername' => $entry, 'newpath' => $path . "/" . $entry, 'writable' => is_writable($fullfilename), 'modified' => date("Y/m/d H:i:s", filemtime($fullfilename))); } } $d->close(); } else { $app['session']->getFlashBag()->set('error', __("Folder '%s' could not be found, or is not readable.", array('%s' => $path))); } $app['twig']->addGlobal('title', __("Files in %s", array('%s' => $path))); // Make sure the files and folders are sorted properly. ksort($files); ksort($folders); return $app['render']->render('files_async.twig', array('path' => $path, 'files' => $files, 'folders' => $folders, 'pathsegments' => $pathsegments, 'key' => $key)); }
public function files($path, Silex\Application $app, Request $request) { $files = array(); $folders = array(); $basefolder = BOLT_WEB_DIR . "/"; $path = stripTrailingSlash(str_replace("..", "", $path)); $currentfolder = realpath($basefolder . $path); if (!$app['filepermissions']->authorized($currentfolder)) { $error = __("Display the file or directory '%s' is forbidden.", array('%s' => $path)); $app->abort(403, $error); } if (is_writable($currentfolder)) { // Define the "Upload here" form. $form = $app['form.factory']->createBuilder('form')->add('FileUpload', 'file', array('label' => __("Upload a file to this folder:")))->getForm(); // Handle the upload. if ($request->isMethod('POST')) { $form->bind($request); if ($form->isValid()) { $files = $request->files->get($form->getName()); // Check if we even have an uploaded file. if (isset($files['FileUpload'])) { // clean up and validate filename $originalFilename = $files['FileUpload']->getClientOriginalName(); $filename = preg_replace('/[^a-zA-Z0-9_\\.]/', '_', basename($originalFilename)); if ($app['filepermissions']->allowedUpload($filename)) { $files['FileUpload']->move($currentfolder, $filename); $app['session']->getFlashBag()->set('info', __("File '%file%' was uploaded successfully.", array('%file%' => $filename))); // Add the file to our stack.. $app['stack']->add($path . "/" . $filename); } else { $extensionList = array(); foreach ($app['filepermissions']->getAllowedUploadExtensions() as $extension) { $extensionList[] = '<code>.' . htmlspecialchars($extension, ENT_QUOTES) . '</code>'; } $extensionList = implode(' ', $extensionList); $app['session']->getFlashBag()->set('error', __("File '%file%' could not be uploaded (wrong/disallowed file type). Make sure the file extension is one of the following: ", array('%file%' => $filename)) . $extensionList); } } } else { $app['session']->getFlashBag()->set('error', __("File '%file%' could not be uploaded.", array('%file%' => $filename))); } return redirect('files', array('path' => $path)); } $formview = $form->createView(); } else { // Folder not writable, don't show an upload. $formview = false; } $ignored = array(".", "..", ".DS_Store", ".gitignore", ".htaccess"); // Get the pathsegments, so we can show the path.. $pathsegments = array(); $cumulative = ""; if (!empty($path)) { foreach (explode("/", $path) as $segment) { $cumulative .= $segment . "/"; $pathsegments[$cumulative] = $segment; } } if (file_exists($currentfolder)) { $d = dir($currentfolder); while (false !== ($entry = $d->read())) { if (in_array($entry, $ignored)) { continue; } $fullfilename = $currentfolder . "/" . $entry; if (!$app['filepermissions']->authorized(realpath($fullfilename))) { continue; } if (is_file($fullfilename)) { $files[$entry] = array('path' => $path, 'filename' => $entry, 'newpath' => $path . "/" . $entry, 'writable' => is_writable($fullfilename), 'readable' => is_readable($fullfilename), 'type' => getExtension($entry), 'filesize' => formatFilesize(filesize($fullfilename)), 'modified' => date("Y/m/d H:i:s", filemtime($fullfilename)), 'permissions' => \util::full_permissions($fullfilename)); if (in_array(getExtension($entry), array('gif', 'jpg', 'png', 'jpeg'))) { $size = getimagesize($fullfilename); $files[$entry]['imagesize'] = sprintf("%s × %s", $size[0], $size[1]); } } if (is_dir($fullfilename)) { $folders[$entry] = array('path' => $path, 'foldername' => $entry, 'newpath' => $path . "/" . $entry, 'writable' => is_writable($fullfilename), 'modified' => date("Y/m/d H:i:s", filemtime($fullfilename))); } } $d->close(); } else { $app['session']->getFlashBag()->set('error', __("Folder '%s' could not be found, or is not readable.", array('%s' => $path))); } $app['twig']->addGlobal('title', __("Files in %s", array('%s' => $path))); // Make sure the files and folders are sorted properly. ksort($files); ksort($folders); // Select the correct template to render this. If we've got 'CKEditor' in the title, it's a dialog // from CKeditor to insert a file.. if (!$request->query->has('CKEditor')) { $twig = 'files.twig'; } else { $twig = 'files_ck.twig'; } return $app['render']->render($twig, array('path' => $path, 'files' => $files, 'folders' => $folders, 'pathsegments' => $pathsegments, 'form' => $formview)); }
public function files($namespace, $path, Silex\Application $app, Request $request) { // No trailing slashes in the path. $path = stripTrailingSlash($path); $filesystem = $app['filesystem']->getManager($namespace); $fullPath = $filesystem->getAdapter()->applyPathPrefix($path); if (!$app['filepermissions']->authorized($fullPath)) { $error = __("You don't have the correct permissions to display the file or directory '%s'.", array('%s' => $path)); $app->abort(403, $error); } try { $list = $filesystem->listContents($path); $validFolder = true; } catch (\Exception $e) { $list = array(); $app['session']->getFlashBag()->set('error', __("The folder '%s' could not be found, or is not readable.", array('%s' => $path))); $formview = false; $validFolder = false; } if ($validFolder) { // Define the "Upload here" form. $form = $app['form.factory']->createBuilder('form')->add('FileUpload', 'file', array('label' => __("Upload a file to this folder:")))->getForm(); // Handle the upload. if ($request->isMethod('POST')) { $form->bind($request); if ($form->isValid()) { $files = $request->files->get($form->getName()); foreach ($files as $fileToProcess) { $fileToProcess = array('name' => $fileToProcess->getClientOriginalName(), 'tmp_name' => $fileToProcess->getPathName()); $originalFilename = $fileToProcess['name']; $filename = preg_replace('/[^a-zA-Z0-9_\\.]/', '_', basename($originalFilename)); if ($app['filepermissions']->allowedUpload($filename)) { $handler = $app['upload']; $handler->setPrefix($path . "/"); $result = $app['upload']->process($fileToProcess); if ($result->isValid()) { $app['session']->getFlashBag()->set('info', __("File '%file%' was uploaded successfully.", array('%file%' => $filename))); // Add the file to our stack.. $app['stack']->add($path . "/" . $filename); $result->confirm(); } } else { $extensionList = array(); foreach ($app['filepermissions']->getAllowedUploadExtensions() as $extension) { $extensionList[] = '<code>.' . htmlspecialchars($extension, ENT_QUOTES) . '</code>'; } $extensionList = implode(' ', $extensionList); $app['session']->getFlashBag()->set('error', __("File '%file%' could not be uploaded (wrong/disallowed file type). Make sure the file extension is one of the following: ", array('%file%' => $filename)) . $extensionList); } } } else { $app['session']->getFlashBag()->set('error', __("File '%file%' could not be uploaded.", array('%file%' => $filename))); } return redirect('files', array('path' => $path)); } $formview = $form->createView(); } list($files, $folders) = $filesystem->browse($path, $app); // Get the pathsegments, so we can show the path as breadcrumb navigation.. $pathsegments = array(); $cumulative = ""; if (!empty($path)) { foreach (explode("/", $path) as $segment) { $cumulative .= $segment . "/"; $pathsegments[$cumulative] = $segment; } } // Select the correct template to render this. If we've got 'CKEditor' in the title, it's a dialog // from CKeditor to insert a file.. if (!$request->query->has('CKEditor')) { $twig = 'files/files.twig'; } else { $app['debugbar'] = false; $twig = 'files_ck/files_ck.twig'; } $context = array('path' => $path, 'files' => $files, 'folders' => $folders, 'pathsegments' => $pathsegments, 'form' => $formview, 'namespace' => $namespace); return $app['render']->render($twig, array('context' => $context)); }
/** * Check for common misconfigurations, filerights, and whatnot. * */ function checkWarnings() { global $minrequiredphp, $dbversion, $PIVOTX; $this->filelist = array(); // Check if there are any hooks to execute.. $PIVOTX['extensions']->executeHook('before_checkwarnings', $dummy); // We should only check these warnings when logged in.. Whilst displaying // them isn't a direct security problem, we should be careful about // giving Teh scr1ptk1ddi3zz any pointers. if (!$PIVOTX['session']->isLoggedIn()) { return; } if ($PIVOTX['config']->get('dont_check_filerights') != 1) { // Check files in pivotx/db/ $this->_checkFilerights($PIVOTX['paths']['db_path'], "db/", false); if (!empty($this->filelist)) { $this->_makeFileWarning("db/"); } // Check files in pivotx/templates/ $this->_checkFilerights($PIVOTX['paths']['templates_path'], "templates/", true); if (!empty($this->filelist)) { $this->_makeFileWarning("templates/"); } // Check files in pivotx/images/ $this->_checkFilerights($PIVOTX['paths']['upload_base_path'], basename($PIVOTX['paths']['upload_base_path']) . "/", true); if (!empty($this->filelist)) { $this->_makeFileWarning(basename($PIVOTX['paths']['upload_base_path']) . "/"); } } // Check minimum PHP version. if (!checkVersion(phpversion(), $minrequiredphp)) { $thiswarning = sprintf(__("The current version of PHP on the server is %s, which is an older version than PivotX requires (%s). PivotX will most likely not work correctly, until the server is updated to a newer version."), phpversion(), $minrequiredphp); $this->warnings[] = "<p>" . $thiswarning . "</p>"; } // Check Safe Mode if (ini_get('safe_mode') && !$PIVOTX['config']->get('ignore_safe_mode')) { $thiswarning = __("This webserver has safe_mode enabled. This doesn't actually make things any 'safer', just more annoying. Please ask your hosting provider to turn it off. See the documentation for more info: <a href='http://docs.pivotx.net/doku.php?id=dealing_with_safe_mode'>Dealing with safe_mode</a>."); $this->warnings[] = "<p>" . $thiswarning . "</p>"; } // Check PivotX Setup if ((file_exists($PIVOTX['paths']['pivotx_path'] . '../pivotx-setup-safemode.php') || file_exists($PIVOTX['paths']['pivotx_path'] . '../pivotx-setup.php')) && !$PIVOTX['config']->get('ignore_setupscript')) { $thiswarning = __('The PivotX installer script "pivotx-setup.php" is still present in the parent folder. You should be aware that this is a potential security risk. We advise you to remove it, or to set an empty password inside it, so that it can\'t be executed by people with bad intentions.'); $this->warnings[] = "<p>" . $thiswarning . "</p>"; } // Check (old) Pivot Setup - message can't be ignored if (file_exists($PIVOTX['paths']['pivotx_path'] . '../pivot-setup-safemode.php') || file_exists($PIVOTX['paths']['pivotx_path'] . '../pivot-setup.php')) { $thiswarning = __('The old Pivot installer script "pivot-setup.php" is still present in the parent folder. Please remove it immediately since it\'s not used for PivotX and it is a potential security risk.'); $this->warnings[] = "<p>" . $thiswarning . "</p>"; } // Check for erroneous 'canonical_host', but only if we actually use it. // The check can definitely be improved ... if ($PIVOTX['config']->get('dont_add_canonical') == 0) { $canonical_host = $PIVOTX['config']->get('canonical_host'); if ($canonical_host != $PIVOTX['paths']['host']) { $thiswarning = __("You are currently logged in at a different host than your canonical host. " . "If <strong>%s</strong> isn't the canonical host you want, change it on the %s screen."); $link = '<a href="' . makeAdminPageLink('advconfiguration') . '">' . __('Advanced Configuration') . '</a>'; $thiswarning = sprintf($thiswarning, $canonical_host, $link); $this->warnings[] = "<p>" . $thiswarning . "</p>"; } } // Check for 'preferred_admin_location'. if ($PIVOTX['config']->get('preferred_admin_location')) { $request_url = (empty($_SERVER['HTTPS']) ? "http://" : "https://") . $_SERVER['HTTP_HOST'] . str_replace("/index.php", "/", $_SERVER['REQUEST_URI']); $request = parse_url(stripTrailingSlash($request_url)); $preferred_url = str_replace("/index.php", "/", $PIVOTX['config']->get('preferred_admin_location')); $preferred = parse_url(stripTrailingSlash($preferred_url)); if (empty($preferred['scheme'])) { $preferred['scheme'] = "http"; } if ($request['scheme'] != $preferred['scheme'] || $request['host'] != $preferred['host'] || $request['path'] != $preferred['path']) { $thiswarning = __("You are currently logged in at a different location than the preferred one. This might cause problems with wrongly calculated links. Please click here to go to the correct location:"); $thiswarning .= sprintf(" <a href='%s://%s%s/'>%s%s/</a>", $preferred['scheme'], $preferred['host'], $preferred['path'], $preferred['host'], $preferred['path']); $this->warnings[] = "<p>" . $thiswarning . "</p>"; } } /* -- Commented this out for now. Takes up to two seconds for some servers, -- Which is very bad, considering it's called every time on the dashboard page. -- Perhaps move this check to scheduler.php? // Check if we have 'mod rewrite' enabled, but no .htaccess if( ($PIVOTX['config']->get('mod_rewrite')>0) && (!$PIVOTX['config']->get('ignore_modrewrite_check')) && function_exists('get_headers') ) { // Get the headers for a web page that we know always exists $url = $PIVOTX['paths']['host'].$PIVOTX['paths']['site_url']."search/modrewritecheck"; $headers = get_headers($url); // $headers[0] should look like 'HTTP/1.1 200 OK', else give warning if (strpos($headers[0], "200 OK")===false) { $thiswarning = __('\'Mod rewrite\' is enabled, but it seems like the webserver is not set up correctly to serve pages with non-crufty URLs. You should copy the <tt>example.htaccess</tt> from the PivotX distribution to <tt>.htaccess</tt>. Until you\'ve done this, most pages on your site will give a 404-not-found error.'); $this->warnings[] = "<p>". $thiswarning ."</p>"; } } */ // Check if magic_quotes_runtime is enabled - Warning is commented out for now // because we _should_ be able to handle both cases transparently for the user. //if( get_magic_quotes_runtime() && (!$PIVOTX['config']->get('ignore_magic_quotes')) { // $thiswarning = __('Your server has a PHP option set that\'s called "Magic quotes" enabled. This might cause PivotX to run sub-optimally. Look on <a href="http://docs.pivotx.net/doku.php?id=servers_with_magic_quotes">this page</a> to remedy the situation.'); // $this->warnings[] = "<p>". $thiswarning ."</p>"; //} /** * Commented this out. since PivotX doesn't need to write files in a higher * dir than pivotx/, there is no problem with open_basedir.. */ // Check Open Basedir // if( ini_get('open_basedir') ) { // $thiswarning = __("This webserver has open_basedir enabled. You'll have a hard time running PivotX in the current configuration. Please ask your hosting provider to turn it off. See the documentation for more info: <a href='http://docs.pivotx.net/doku.php?id=dealing_with_safe_mode'>Dealing with safe_mode</a>."); // $this->warnings[] = "<p>". $thiswarning ."</p>"; // } // Check Register Globals if (ini_get('register_globals') && !$PIVOTX['config']->get('ignore_register_globals')) { $thiswarning = __("This webserver has register_globals enabled. This is a serious potential security issue. Please ask your hosting provider to turn it off. See the PHP documentation for more info: <a href='http://php.net/register_globals'>Register Globals</a>."); $this->warnings[] = "<p>" . $thiswarning . "</p>"; } $user = $PIVOTX['users']->getUser($PIVOTX['session']->currentUsername()); // Check if the password is properly salted. if ($user['salt'] == "") { $thiswarning = __("Your password is not fully encrypted yet. Please go to %myinfo%, and set your password again."); $link = sprintf("<a href=\"index.php?page=myinfo\">%s</a>", __("My Info")); $thiswarning = str_replace('%myinfo%', $link, $thiswarning); $this->warnings[] = "<p>" . $thiswarning . "</p>"; } // Check if there are any hooks to execute.. $PIVOTX['extensions']->executeHook('after_checkwarnings', $dummy); }
public function files($path, Silex\Application $app, Request $request) { $files = array(); $folders = array(); $basefolder = __DIR__ . "/../../../../"; $path = stripTrailingSlash(str_replace("..", "", $path)); $currentfolder = realpath($basefolder . $path); if (is_writable($currentfolder)) { // Define the "Upload here" form. $form = $app['form.factory']->createBuilder('form')->add('FileUpload', 'file', array('label' => __("Upload a file to this folder:")))->getForm(); // Handle the upload. if ($request->isMethod('POST')) { $form->bind($request); if ($form->isValid()) { $files = $request->files->get($form->getName()); /* Make sure that Upload Directory is properly configured and writable */ $filename = $files['FileUpload']->getClientOriginalName(); $files['FileUpload']->move($currentfolder, $filename); echo "path: {$path}"; $app['session']->getFlashBag()->set('info', __("File '%file%' was uploaded successfully.", array('%file%' => $filename))); // Add the file to our stack.. $app['stack']->add($path . "/" . $filename); } else { $app['session']->getFlashBag()->set('error', __("File '%file%' could not be uploaded.", array('%file%' => $filename))); } return redirect('files', array('path' => $path)); } $formview = $form->createView(); } else { // Folder not writable, don't show an upload. $formview = false; } $ignored = array(".", "..", ".DS_Store", ".gitignore", ".htaccess"); // Get the pathsegments, so we can show the path.. $pathsegments = array(); $cumulative = ""; if (!empty($path)) { foreach (explode("/", $path) as $segment) { $cumulative .= $segment . "/"; $pathsegments[$cumulative] = $segment; } } if (file_exists($currentfolder)) { $d = dir($currentfolder); while (false !== ($entry = $d->read())) { if (in_array($entry, $ignored)) { continue; } $fullfilename = $currentfolder . "/" . $entry; if (is_file($fullfilename)) { $files[$entry] = array('path' => $path, 'filename' => $entry, 'newpath' => $path . "/" . $entry, 'writable' => is_writable($fullfilename), 'readable' => is_readable($fullfilename), 'type' => getExtension($entry), 'filesize' => formatFilesize(filesize($fullfilename)), 'modified' => date("Y/m/d H:i:s", filemtime($fullfilename)), 'permissions' => \util::full_permissions($fullfilename)); if (in_array(getExtension($entry), array('gif', 'jpg', 'png', 'jpeg'))) { $size = getimagesize($fullfilename); $files[$entry]['imagesize'] = sprintf("%s × %s", $size[0], $size[1]); } } if (is_dir($fullfilename)) { $folders[$entry] = array('path' => $path, 'foldername' => $entry, 'newpath' => $path . "/" . $entry, 'writable' => is_writable($fullfilename), 'modified' => date("Y/m/d H:i:s", filemtime($fullfilename))); } } $d->close(); } else { $app['session']->getFlashBag()->set('error', __("Folder '%s' could not be found, or is not readable.", array('%s' => $path))); } $app['twig']->addGlobal('title', __("Files in %s", array('%s' => $path))); // Make sure the files and folders are sorted properly. ksort($files); ksort($folders); // Select the correct template to render this. If we've got 'CKEditor' in the title, it's a dialog // from CKeditor to insert a file.. if (!$request->query->has('CKEditor')) { $twig = 'files.twig'; } else { $twig = 'files_ck.twig'; } return $app['render']->render($twig, array('path' => $path, 'files' => $files, 'folders' => $folders, 'pathsegments' => $pathsegments, 'form' => $formview)); }
/** * List browse on the server, so we can insert them in the file input. * * @param $namespace * @param $path * @param Silex\Application $app * @param Request $request * @return mixed */ public function browse($namespace, $path, Silex\Application $app, Request $request) { // No trailing slashes in the path. $path = stripTrailingSlash($path); $filesystem = $app['filesystem']->getManager($namespace); // $key is linked to the fieldname of the original field, so we can // Set the selected value in the proper field $key = $app['request']->get('key'); // Get the pathsegments, so we can show the path.. $pathsegments = array(); $cumulative = ""; if (!empty($path)) { foreach (explode("/", $path) as $segment) { $cumulative .= $segment . "/"; $pathsegments[$cumulative] = $segment; } } try { $list = $filesystem->listContents($path); $validFolder = true; } catch (\Exception $e) { $app['session']->getFlashBag()->set('error', __("Folder '%s' could not be found, or is not readable.", array('%s' => $path))); $validFolder = false; } $app['twig']->addGlobal('title', __("Files in %s", array('%s' => $path))); list($files, $folders) = $filesystem->browse($path, $app); $context = array('namespace' => $namespace, 'files' => $files, 'folders' => $folders, 'pathsegments' => $pathsegments, 'key' => $key); return $app['render']->render('files_async/files_async.twig', array('context' => $context)); }
function files($path, Silex\Application $app, Request $request) { $files = array(); $folders = array(); $basefolder = __DIR__ . "/../../../../"; $path = stripTrailingSlash(str_replace("..", "", $path)); $currentfolder = realpath($basefolder . $path); $ignored = array(".", "..", ".DS_Store", ".gitignore", ".htaccess"); // Get the pathsegments, so we can show the path.. $pathsegments = array(); $cumulative = ""; if (!empty($path)) { foreach (explode("/", $path) as $segment) { $cumulative .= $segment . "/"; $pathsegments[$cumulative] = $segment; } } if (file_exists($currentfolder)) { $d = dir($currentfolder); while (false !== ($entry = $d->read())) { if (in_array($entry, $ignored)) { continue; } $fullfilename = $currentfolder . "/" . $entry; if (is_file($fullfilename)) { $files[$entry] = array('path' => $path, 'filename' => $entry, 'newpath' => $path . "/" . $entry, 'writable' => is_writable($fullfilename), 'readable' => is_readable($fullfilename), 'type' => getExtension($entry), 'filesize' => formatFilesize(filesize($fullfilename)), 'modified' => date("Y/m/d H:i:s", filemtime($fullfilename)), 'permissions' => \util::full_permissions($fullfilename)); if (in_array(getExtension($entry), array('gif', 'jpg', 'png', 'jpeg'))) { $size = getimagesize($fullfilename); $files[$entry]['imagesize'] = sprintf("%s × %s", $size[0], $size[1]); } } if (is_dir($fullfilename)) { $folders[$entry] = array('path' => $path, 'foldername' => $entry, 'newpath' => $path . "/" . $entry, 'writable' => is_writable($fullfilename), 'modified' => date("Y/m/d H:i:s", filemtime($fullfilename))); } } $d->close(); } else { $app['session']->setFlash('error', "File '" . $file . "' could not be saved: not valid YAML."); } $app['twig']->addGlobal('title', "Files in " . $path); return $app['twig']->render('files.twig', array('path' => $path, 'files' => $files, 'folders' => $folders, 'pathsegments' => $pathsegments)); }
case 'images': case 'file': case 'files': $targetDir = makeUploadFolder(); $cleanupTargetDir = false; break; } if (isset($_GET['path']) && $_GET['path'] != '') { /* Using same user level as in fileOperations (in lib.php) */ $PIVOTX['session']->minLevel(PIVOTX_UL_ADVANCED); $path = cleanPath($_GET['path']); // Don't ever allow uploading outside the images, templates and db folders. if (!uploadAllowed($path)) { die('{"jsonrpc" : "2.0", "error" : {"code": 104, "message": "Uploading to illegal directory."}, "id" : "id"}'); } $targetDir = stripTrailingSlash($path); $cleanupTargetDir = false; } // 5 minutes execution time @set_time_limit(5 * 60); // usleep(5000); // Get parameters $chunk = isset($_REQUEST["chunk"]) ? $_REQUEST["chunk"] : 0; $chunks = isset($_REQUEST["chunks"]) ? $_REQUEST["chunks"] : 0; $fileName = isset($_REQUEST["name"]) ? $_REQUEST["name"] : ''; if ($fileName == '' && isset($_FILES['file']['name'])) { $fileName = $_FILES['file']['name']; } // Clean the fileName for security reasons // This *has* to be the same as the javascript one! //$fileName = preg_replace('/[^a-zA-Z0-9_. -]+/', ' ', $fileName);
} } } initializePivotX(); // If not installed, redirect to the setup page. if (!isInstalled()) { if (strpos($_SERVER['PHP_SELF'], "pivotx/render.php") > 0) { $location = "index.php"; } else { $location = "pivotx/index.php"; } header("Location: " . $location); die; } // No trailing slashes on the URI, plz. $_GET['uri'] = stripTrailingSlash($_GET['uri']); // Check if we need to get the parameters from a 'non crufty' URL.. if (!empty($_GET['rewrite'])) { parseRewrittenURL($_GET['rewrite'], $_GET['uri']); } // Cleaning user input - safeString-ing all values in the super globals // ($_GET, $_POST, $_REQUEST and $_COOKIE) that are used in render.php cleanUserInput(); /** * Check if we need to handle a posted comment or trackback */ $trackback = getDefault($PIVOTX['config']->get('localised_trackback_name'), "trackback"); if (!empty($_POST['piv_code'])) { require_once dirname(__FILE__) . "/modules/module_comments.php"; handlePostComment(); } elseif (isset($_GET[$trackback])) {
function gd_crop($thumb) { global $img, $PIVOTX; $sx = $thumb->x; $sy = $thumb->y; $sw = $thumb->w; $sh = $thumb->h; $scalew = $sw / $PIVOTX['image']['mw']; $scaleh = $sh / $PIVOTX['image']['mh']; if ($thumb->type == "bounded") { $factor = $_GET['factor']; } else { if ($thumb->type == "free") { $factor = 1; } else { $factor = max($scalew, $scaleh); } } $dx = 0; $dy = 0; $dw = $thumb->w / $factor; $dh = $thumb->h / $factor; $ext = strtolower($img->ext); printf("<div id='editor'><h1 style=\"padding: 6px; margin: 0 0 10px; border-bottom: 1px solid #AAA;\">%s: <b>'%s'</b></h1>\n", __("PivotX thumbnail creator"), basename($img->name)); if ($ext == 'gif') { echo "<small style='color:red;'>(" . __("When using GIF files, there is a significant chance that you can't use PivotX to make thumbnails. If you have problems with making thumbnails, we suggest using PNG or JPG files.") . ")</small><br /><br />\n"; } if (!in_array($ext, array('gif', 'jpg', 'png', 'jpeg'))) { echo "<strong>" . __("You can only make thumbnails of .gif, .jpg and .png images with PivotX.") . "</strong>\n"; die; } $filename = $img->name; $sitepath = stripTrailingSlash($PIVOTX['paths']['site_path']); // Check if the base path is already in $_GET['crop'].. if (strpos($_GET['crop'], $sitepath) === 0) { $thumbfilename = $_GET['crop']; $siteurl = stripTrailingSlash($PIVOTX['paths']['site_url']); $thumblink = str_replace($sitepath, $siteurl, $_GET['crop']); } else { $thumbfilename = $PIVOTX['paths']['upload_base_path'] . $_GET['crop']; $thumblink = $PIVOTX['paths']['upload_base_url'] . $_GET['crop']; } if ($PIVOTX['image']['local']) { if ($ext == "jpeg") { $ext = "jpg"; } if ($ext == "jpg") { $src = imagecreatefromjpeg($filename); } if ($ext == "png") { $src = imagecreatefrompng($filename); } if ($ext == "gif") { $src = imagecreatefromgif($filename); } if (function_exists('imagecreatetruecolor')) { $dst = imagecreatetruecolor($dw, $dh); $tmp_img = imagecreatetruecolor($sw, $sh); } else { $dst = imagecreate($dw, $dh); } if (function_exists('imagecopyresampled')) { // GD 2.0 has a bug that ignores the 'source_x' and 'source_y'.. // to compensate, we use a temp image.. imagecopy($tmp_img, $src, 0, 0, $sx, $sy, $sw, $sh); imagecopyresampled($dst, $tmp_img, 0, 0, 0, 0, $dw, $dh, $sw, $sh); } else { imagecopyresized($dst, $src, 0, 0, $sx, $sy, $dw, $dh, $sw, $sh); } if ($ext == "jpg") { imagejpeg($dst, $thumbfilename, $PIVOTX['image']['qual']); } if ($ext == "png") { imagepng($dst, $thumbfilename, ceil($PIVOTX['image']['qual'] / 10)); } // Ensure the created thumb has the correct file permission. chmodFile($thumbfilename); ImageDestroy($dst); } else { $remotefile = str_replace($PIVOTX['paths']['upload_base_path'], $PIVOTX['paths']['upload_base_url'], $filename); $remotefile = sprintf("%s%s", $PIVOTX['paths']['host'], urlencode($remotefile)); $remoteurl = getDefault($PIVOTX['config']->get('remote_crop_script'), 'http://www.mijnkopthee.nl/remote/crop.php'); $remote = sprintf('%s?img=%s&dx=%s&dy=%s&sx=%s&sy=%s&dw=%s&dh=%s&sw=%s&sh=%s&ext=%s', $remoteurl, $remotefile, $dx, $dy, $sx, $sy, $dw, $dh, $sw, $sh, $img->ext); if (@($fp = fopen($remote, "rb"))) { $handle = fopen($thumb->name, "wb"); while (!feof($fp)) { fwrite($handle, fread($fp, 8192)); } fclose($handle); fclose($fp); } else { echo "<p><strong>" . __("Couldn't make thumbnail remotely using") . " {$remoteurl}</strong></p>"; } } srand((double) microtime() * 1000000); $rand = rand(10000, 99999); echo '<div id="testWrap" style="float:left;">'; printf("<img src='%s?%s' alt='%s'><br />\n", $thumblink, $rand, $thumblink); echo "</div>"; print_module_footer(); }
function get_image_attributes(&$img) { global $PIVOTX; if (file_exists($img)) { $nfo = getImageSize($img); } else { if (file_exists("../" . $img)) { $nfo = getImageSize("../" . $img); } else { if (file_exists(stripslashes(urldecode("../" . $img)))) { $nfo = getImageSize(stripslashes(urldecode("../" . $img))); } else { if (file_exists($PIVOTX['paths']['upload_base_path'] . $img)) { $link = $PIVOTX['paths']['upload_base_url'] . $img; $img = $PIVOTX['paths']['upload_base_path'] . $img; $nfo = getImageSize($img); } else { echo "<br />'" . htmlspecialchars($img) . "' " . __("can not be opened") . ". <br />"; echo __("Current path") . ": " . str_replace($PIVOTX['paths']['site_path'], '[site_root]/', getcwd()) . "<br />"; die; } } } } if (empty($link)) { $sitepath = stripTrailingSlash($PIVOTX['paths']['site_path']); $siteurl = stripTrailingSlash($PIVOTX['paths']['site_url']); $link = str_replace($sitepath, $siteurl, $img); } $result = array('name' => $img, 'w' => $nfo[0], 'h' => $nfo[1], 'x' => 0, 'y' => 0, 'extra' => $nfo, 'link' => $link); return $result; }