header("HTTP/1.0 403");
i18n('ERROR_UPLOAD');
die;
}
foreach ($errors as $msg) {
$error = $msg . '<br />';
}
}
}
}
// if creating new folder
if (isset($_GET['newfolder']) && $allowcreatefolder) {
check_for_csrf("createfolder");
$newfolder = $_GET['newfolder'];
// check for invalid chars
$cleanname = clean_url(to7bit(strippath($newfolder), "UTF-8"));
$cleanname = basename($cleanname);
if (file_exists($path . $cleanname) || $cleanname == '') {
$error = i18n_r('ERROR_FOLDER_EXISTS');
} else {
if (getDef('GSCHMOD')) {
$chmod_value = GSCHMOD;
} else {
$chmod_value = 0755;
}
if (create_dir($path . $cleanname, $chmod_value)) {
//create folder for thumbnails
$thumbFolder = GSTHUMBNAILPATH . $subFolder . $cleanname;
if (!file_exists($thumbFolder)) {
create_dir($thumbFolder, $chmod_value);
}
/**
* clean ids for use as indexes
*
* Removes characters that don't work in URLs or IDs
* Mostly used for filenames for slugs and user names
*
* @param string $text
* @return string
*/
function _id($text)
{
$text = to7bit($text, "UTF-8");
$text = clean_url($text);
$text = preg_replace('/[[:cntrl:]]/', '', $text);
//remove control characters that cause interface to choke
return lowercase($text);
}
// is a slug provided?
if ($_POST['post-id']) {
$url = $_POST['post-id'];
if (isset($i18n['TRANSLITERATION']) && is_array($translit = $i18n['TRANSLITERATION']) && count($translit > 0)) {
$url = str_replace(array_keys($translit), array_values($translit), $url);
}
$url = to7bit($url, "UTF-8");
$url = clean_url($url);
//old way
} else {
if ($_POST['post-title']) {
$url = $_POST['post-title'];
if (isset($i18n['TRANSLITERATION']) && is_array($translit = $i18n['TRANSLITERATION']) && count($translit > 0)) {
$url = str_replace(array_keys($translit), array_values($translit), $url);
}
$url = to7bit($url, "UTF-8");
$url = clean_url($url);
//old way
} else {
$url = "temp";
}
}
//check again to see if the URL is empty
if (trim($url) == '') {
redirect("edit.php?upd=edit-err&type=" . urlencode(i18n_r('CANNOT_SAVE_EMPTY')));
}
// was the slug changed on an existing page?
if (isset($_POST['existing-url'])) {
if ($_POST['post-id'] != $_POST['existing-url']) {
// dont change the index page's slug
if ($_POST['existing-url'] == 'index') {
$ids = $_POST['id'];
$nonce = $_POST['nonce'];
if (!check_nonce($nonce, "modify_components")) {
die("CSRF detected!");
}
// create backup file for undo
createBak($file, $path, $bakpath);
//top of xml file
$xml = @new SimpleXMLExtended('<?xml version="1.0" encoding="UTF-8"?><channel></channel>');
if (count($ids) != 0) {
$ct = 0;
$coArray = array();
foreach ($ids as $id) {
if ($title[$ct] != null && $value[$ct] != null) {
if ($slug[$ct] == null) {
$slug_tmp = to7bit($title[$ct], 'UTF-8');
$slug[$ct] = clean_url($slug_tmp);
$slug_tmp = '';
}
$coArray[$ct]['id'] = $ids[$ct];
$coArray[$ct]['title'] = htmlentities($title[$ct], ENT_QUOTES, 'UTF-8');
$coArray[$ct]['slug'] = $slug[$ct];
$coArray[$ct]['value'] = htmlentities($value[$ct], ENT_QUOTES, 'UTF-8');
}
$ct++;
}
$ids = subval_sort($coArray, 'title');
$count = 0;
foreach ($ids as $comp) {
//body of xml file
$components = $xml->addChild('item');
* @subpackage Files
*/
// Setup inclusions
$load['plugin'] = true;
// Include common.php
include 'inc/common.php';
if (!defined('GSIMAGEWIDTH')) {
$width = 200;
//New width of image
} else {
$width = GSIMAGEWIDTH;
}
if ($_POST['sessionHash'] === $SESSIONHASH) {
if (!empty($_FILES)) {
$tempFile = $_FILES['Filedata']['tmp_name'];
$name = clean_img_name(to7bit($_FILES['Filedata']['name']));
$targetPath = isset($_POST['path']) ? GSDATAUPLOADPATH . $_POST['path'] . "/" : GSDATAUPLOADPATH;
$targetFile = str_replace('//', '/', $targetPath) . $name;
//validate file
if (validate_safe_file($tempFile, $_FILES["Filedata"]["name"], $_FILES["Filedata"]["type"])) {
move_uploaded_file($tempFile, $targetFile);
if (defined('GSCHMOD')) {
chmod($targetFile, GSCHMOD);
} else {
chmod($targetFile, 0644);
}
exec_action('file-uploaded');
} else {
i18n('ERROR_UPLOAD');
exit;
}
/**
* Creates slug for blog posts
*
* @return string the generated slug
*/
public function blog_create_slug($str)
{
global $i18n;
if (isset($i18n['TRANSLITERATION']) && is_array($translit = $i18n['TRANSLITERATION']) && count($translit > 0)) {
$str = str_replace(array_keys($translit), array_values($translit), $str);
}
$str = to7bit($str, 'UTF-8');
$str = clean_url($str);
return $str;
}
function addComponentItem($xml, $title, $value, $active, $slug = null)
{
if ($title != null && !empty($title)) {
if ($slug == null || _id($slug) == '') {
$slug = to7bit($title, 'UTF-8');
$slug = clean_url($slug);
}
$title = safe_slash_html($title);
$value = safe_slash_html($value);
$disabled = $active;
if (!is_object($xml)) {
$xml = new SimpleXMLExtended('<?xml version="1.0" encoding="UTF-8"?><item></item>');
}
# create the body of components.xml file
$component = $xml->addChild('item');
$c_note = $component->addChild('title');
$c_note->addCData($title);
$component->addChild('slug', $slug);
$c_note = $component->addChild('value');
$c_note->addCData($value);
$c_note = $component->addChild('disabled');
$c_note->addCData($disabled);
}
// debugLog(var_dump($component->asXML()));
return $xml;
}
/**
* Clean for JS
*
* clean string to be suitable for use in javascript
*
* @param string $text
* @return string
*/
function clean_js($text)
{
if (function_exists('mb_strtolower')) {
$text = strip_tags(mb_strtolower($text));
} else {
$text = strip_tags(strtolower($text));
}
$code_entities_match = array(' ?', ' ', '-', '--', '"', '!', 'é', '@', '#', '$', '%', '^', '&', '*', '(', ')', '+', '{', '}', '|', ':', '"', '<', '>', '?', '[', ']', '\\', ';', "'", ',', '.', '/', '*', '+', '~', '`', '=');
$text = str_replace($code_entities_match, '', $text);
$text = urlencode(to7bit($text));
return str_replace('%', '', $text);
}
}
}
}
}
// if creating new folder
if (isset($_GET['newfolder'])) {
// check for csrf
if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) {
$nonce = $_GET['nonce'];
if (!check_nonce($nonce, "createfolder")) {
die("CSRF detected!");
}
}
$newfolder = $_GET['newfolder'];
// check for invalid chars
$cleanname = clean_url(to7bit($newfolder, "UTF-8"));
if (file_exists($path . $cleanname) || $cleanname == '') {
$error = i18n_r('ERROR_FOLDER_EXISTS');
} else {
if (defined('GSCHMOD')) {
$chmod_value = GSCHMOD;
} else {
$chmod_value = 0755;
}
if (mkdir($path . $cleanname, $chmod_value)) {
//create folder for thumbnails
$thumbFolder = GSTHUMBNAILPATH . $subFolder . $cleanname;
if (!file_exists($thumbFolder)) {
mkdir($thumbFolder, $chmod_value);
}
$success = sprintf(i18n_r('FOLDER_CREATED'), $cleanname);
/**
* Creates slug for blog posts
*
* @return string the generated slug
*/
public function blog_create_slug($str)
{
$str = to7bit($str, 'UTF-8');
$str = clean_url($str);
return $str;
}
if (!I18nGallery::checkPrerequisites()) {
$msg = i18n_r('i18n_gallery/MISSING_DIR');
} else {
if (isset($_GET['undo']) && !isset($_POST['save'])) {
$newname = @$_GET['new'] ? $_GET['new'] : $name;
if (i18n_gallery_save_undo($name, $newname)) {
$msg = i18n_r('i18n_gallery/UNDO_SUCCESS');
$success = true;
} else {
$msg = i18n_r('i18n_gallery/UNDO_FAILURE');
}
$gallery = return_i18n_gallery(@$_GET['name']);
} else {
if (isset($_POST['save'])) {
if (!@$_POST['post-name']) {
$_POST['post-name'] = clean_url(to7bit(@$_POST['post-title'], 'UTF-8'));
}
if (!preg_match('/^[A-Za-z0-9-]+$/', @$_POST['post-name'])) {
$msg = i18n_r('i18n_gallery/ERR_INVALID_NAME');
} else {
if (!@$_POST['post-title']) {
$msg = i18n_r('i18n_gallery/ERR_EMPTY_TITLE');
} else {
if (!@$_POST['post-item_0_filename']) {
$msg = i18n_r('i18n_gallery/ERR_NO_IMAGES');
} else {
if (@$_POST['post-name'] != @$_GET['name'] && file_exists(GSDATAPATH . I18N_GALLERY_DIR . @$_POST['post-name'] . '.xml')) {
$msg = i18n_r('i18n_gallery/ERR_DUPLICATE_NAME');
}
}
}
/**
* Get Component
*
* This will return the component requested.
* Components are parsed for PHP within them.
*
* @since 1.0
* @uses GSDATAOTHERPATH
* @uses getXML
* @modified mvlcek 6/12/2011
*
* @param string $id This is the ID of the component you want to display
* True will return value in XML format. False will return an array
* @return string
*/
function get_component($id)
{
global $components;
// normalize id
$id = to7bit($id, 'UTF-8');
$id = clean_url($id);
if (!$components) {
if (file_exists(GSDATAOTHERPATH . 'components.xml')) {
$data = getXML(GSDATAOTHERPATH . 'components.xml');
$components = $data->item;
} else {
$components = array();
}
}
if (count($components) > 0) {
foreach ($components as $component) {
if ($id == $component->slug) {
eval("?>" . strip_decode($component->value) . "<?php ");
}
}
}
}
/**
* get xml for an individual component
* returns an array since duplicates are possible on component slugs
*
* @since 3.4.0
*
* @param str $id component id
* @return array of simpleXmlObj matching slug
*/
function get_component_xml($id)
{
// normalize id
$id = to7bit($id, 'UTF-8');
$id = clean_url($id);
if (!$id) {
return;
}
return get_components_xml()->xpath("//slug[.='" . $id . "']/..");
}
$load['plugin'] = true;
// Include common.php
include 'inc/common.php';
if (!defined('GSIMAGEWIDTH')) {
$width = 200;
//New width of image
} else {
$width = GSIMAGEWIDTH;
}
if ($_POST['sessionHash'] === $SESSIONHASH) {
if (!empty($_FILES)) {
$tempFile = $_FILES['Filedata']['tmp_name'];
$file = $_FILES['Filedata']['name'];
$extension = pathinfo($file, PATHINFO_EXTENSION);
$name = pathinfo($file, PATHINFO_FILENAME);
$name = clean_img_name(to7bit($name));
$targetPath = isset($_POST['path']) ? GSDATAUPLOADPATH . $_POST['path'] . "/" : GSDATAUPLOADPATH;
$targetFile = str_replace('//', '/', $targetPath) . $name . '.' . $extension;
//validate file
if (validate_safe_file($tempFile, $_FILES["Filedata"]["name"])) {
move_uploaded_file($tempFile, $targetFile);
if (defined('GSCHMOD')) {
chmod($targetFile, GSCHMOD);
} else {
chmod($targetFile, 0644);
}
exec_action('file-uploaded');
} else {
die(i18n_r('ERROR_UPLOAD') . ' - ' . i18n_r('BAD_FILE'));
// invalid file
}
/**
* Clean ID
*
* Removes characters that don't work in URLs or IDs
*
* @param string $text
* @return string
*/
function _id($text)
{
$text = to7bit($text, "UTF-8");
$text = clean_url($text);
return lowercase($text);
}
