/** * 미디어 파일을 업로드한다. */ public function upload() { global $wpdb; $this->board_id = intval($this->board_id); $this->media_group = addslashes($this->media_group); if ($this->board_id && $this->media_group) { $upload_dir = wp_upload_dir(); $attach_store_path = str_replace(KBOARD_WORDPRESS_ROOT, '', $upload_dir['basedir']) . "/kboard_attached/{$this->board_id}/" . current_time('Ym') . '/'; $file = new KBFileHandler(); $file->setPath($attach_store_path); $upload = $file->upload('kboard_media_file'); $file_name = addslashes($upload['original_name']); $file_path = addslashes($upload['path'] . $upload['stored_name']); if ($file_name) { $date = current_time('YmdHis'); $wpdb->query("INSERT INTO `{$wpdb->prefix}kboard_meida` (`media_group`, `date`, `file_path`, `file_name`) VALUE ('{$this->media_group}', '{$date}', '{$file_path}', '{$file_name}')"); } } }
/** * Captcha 이미지를 생성한다. */ public function createImage() { if (!isset($_SESSION['kboard_captcha'])) { $_SESSION['kboard_captcha'] = array(); } $captcha_folder = WP_CONTENT_DIR . '/uploads/kboard_captcha/'; $captcha_name = uniqid('captcha_') . '.png'; // 디렉토리 생성 wp_mkdir_p($captcha_folder); // 1시간이 지난 이미지는 삭제한다. $file_handler = new KBFileHandler(); $captcha_files = $file_handler->getDirlist($captcha_folder); foreach ($captcha_files as $file) { $filetime = @filemtime($captcha_folder . $file); $created = (time() - $filetime) / 60 / 60; if ($created > 1) { $file_handler->delete($captcha_folder . $file); } } $text = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z'); shuffle($text); $text = substr(implode('', $text), 0, 5); $image = imagecreate(50, 20); $background_color = imagecolorallocate($image, 255, 255, 255); $font_color = imagecolorallocate($image, 194, 51, 21); imagestring($image, 5, 2, 2, $text, $font_color); imageline($image, 0, 0, 50, 20, $font_color); @imagepng($image, $captcha_folder . $captcha_name); imagedestroy($image); if (file_exists($captcha_folder . $captcha_name)) { $_SESSION['kboard_captcha'][] = $text; $src = content_url('/uploads/kboard_captcha/' . $captcha_name); } else { $_SESSION['kboard_captcha'][] = 'ERROR'; $src = KBOARD_URL_PATH . '/images/captcha-error.png'; } return $src; }
/** * KBoard 워드프레스 게시판 보안 함수 * @link www.cosmosfarm.com * @copyright Copyright 2013 Cosmosfarm. All rights reserved. * @license http://www.gnu.org/licenses/gpl.html */ // 시스템 설정을 가져온다. $kboard_xssfilter_active = get_option('kboard_xssfilter') ? false : true; if ($kboard_xssfilter_active) { // HTMLPurifier 클래스를 불러온다. if (!class_exists('HTMLPurifier')) { include_once KBOARD_DIR_PATH . '/htmlpurifier/HTMLPurifier.standalone.php'; } // HTMLPurifier 설정 캐시 경로 디렉토리 생성 $kboard_file_handler = new KBFileHandler(); $kboard_file_handler->mkPath(WP_CONTENT_DIR . '/uploads/kboard_htmlpurifier'); unset($kboard_file_handler); } /** * Cross-site scripting (XSS) 공격을 방어하기 위해서 위험 문자열을 제거한다. * @param string $data */ function kboard_xssfilter($data) { global $kboard_xssfilter_active; if (is_array($data)) { return array_map('kboard_xssfilter', $data); } if ($kboard_xssfilter_active) { if (!$GLOBALS['KBOARD']['HTMLPurifier'] || !$GLOBALS['KBOARD']['HTMLPurifier_Config']) {
/** * 썸네일을 등록한다. * @param int $uid */ public function setThumbnail($uid) { global $wpdb; if (!$this->thumbnail_store_path) { die(__('No upload path. Please enter board ID and initialize.', 'kboard')); } if ($_FILES['thumbnail']['tmp_name']) { $file = new KBFileHandler(); $file->setPath($this->thumbnail_store_path); $upload = $file->upload('thumbnail'); $original_name = addslashes($upload['original_name']); $file = addslashes($upload['path'] . $upload['stored_name']); if ($original_name) { $this->removeThumbnail($uid); $wpdb->query("UPDATE `{$wpdb->prefix}kboard_board_content` SET `thumbnail_file`='{$file}', `thumbnail_name`='{$original_name}' WHERE `uid`='{$uid}'"); } } }
/** * 패키지 파일의 압축을 풀고 설치한다. * @param string $package * @param string $content_type * @param string $delete_package * @return string */ public function install($package, $content_type, $delete_package = true) { // See #15789 - PclZip uses string functions on binary data, If it's overloaded with Multibyte safe functions the results are incorrect. if (ini_get('mbstring.func_overload') && function_exists('mb_internal_encoding')) { $previous_encoding = mb_internal_encoding(); mb_internal_encoding('ISO-8859-1'); } require_once ABSPATH . 'wp-admin/includes/class-pclzip.php'; $archive = new PclZip($package); $archive_files = $archive->extract(PCLZIP_OPT_EXTRACT_AS_STRING); if ($delete_package) { unlink($package); } if (!$archive_files) { die('<script>alert("' . __('Download file is decompression failed, please check directory and file permissions.', 'kboard') . '");history.go(-1);</script>'); } else { $install_result = true; if (is_writable(WP_CONTENT_DIR . $content_type)) { $file_handler = new KBFileHandler(); $target_dir = trailingslashit(WP_CONTENT_DIR . $content_type); foreach ($archive_files as $file) { if ('__MACOSX/' === substr($file['filename'], 0, 9)) { continue; } if ($file['folder']) { $install_result = $file_handler->mkPath($target_dir . $file['filename']); } else { $install_result = $file_handler->putContents($target_dir . $file['filename'], $file['content']); } if (!$install_result) { break; } } } else { global $wp_filesystem; $target_dir = trailingslashit($wp_filesystem->find_folder(WP_CONTENT_DIR . $content_type)); foreach ($archive_files as $file) { if ('__MACOSX/' === substr($file['filename'], 0, 9)) { continue; } if ($file['folder']) { if ($wp_filesystem->is_dir($target_dir . $file['filename'])) { continue; } else { $install_result = $wp_filesystem->mkdir($target_dir . $file['filename'], FS_CHMOD_DIR); } } else { $install_result = $wp_filesystem->put_contents($target_dir . $file['filename'], $file['content'], FS_CHMOD_FILE); } if (!$install_result) { break; } } } if (!$install_result) { die('<script>alert("' . __('File copy failed, directory requires write permission.', 'kboard') . ' (/wp-content' . $content_type . ')");history.go(-1);</script>'); } } return ''; }
/** * 첨부파일 다운로드 */ public function fileDownload() { global $wpdb; header('X-Robots-Tag: noindex', true); // 검색엔진 수집 금지 header('Content-Type: text/html; charset=UTF-8'); $referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; $host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : ''; if ($referer) { $url = parse_url($referer); $referer_host = $url['host'] . (isset($url['port']) && $url['port'] ? ':' . $url['port'] : ''); } else { wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard')); } if (!in_array($referer_host, array($host))) { wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard')); } $uid = isset($_GET['uid']) ? intval($_GET['uid']) : ''; if (isset($_GET['file'])) { $file = trim($_GET['file']); $file = kboard_htmlclear($file); $file = kboard_xssfilter($file); $file = esc_sql($file); } else { $file = ''; } if (!$uid || !$file) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } $content = new KBContent(); $content->initWithUID($uid); if ($content->parent_uid) { $parent = new KBContent(); $parent->initWithUID($content->getTopContentUID()); $board = new KBoard($parent->board_id); } else { $board = new KBoard($content->board_id); } if (!$board->isReader($content->member_uid, $content->secret)) { if (!$user_ID && $board->permission_read == 'author') { die('<script>alert("' . __('Please Log in to continue.', 'kboard') . '");location.href="' . wp_login_url($referer) . '";</script>'); } else { if ($content->secret && in_array($board->permission_write, array('all', 'author')) && in_array($board->permission_read, array('all', 'author'))) { if (!$board->isConfirm($content->password, $content->uid)) { if ($content->parent_uid) { $parent = new KBContent(); $parent->initWithUID($content->getTopContentUID()); if (!$board->isReader($parent->member_uid, $content->secret)) { if (!$board->isConfirm($parent->password, $parent->uid)) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } } } else { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } } } else { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } } } $file_info = $wpdb->get_row("SELECT * FROM `{$wpdb->prefix}kboard_board_attached` WHERE `content_uid`='{$uid}' AND `file_key`='{$file}'"); list($path) = explode(DIRECTORY_SEPARATOR . 'wp-content', dirname(__FILE__) . DIRECTORY_SEPARATOR); $path = $path . str_replace('/', DIRECTORY_SEPARATOR, $file_info->file_path); $filename = str_replace(' ', '-', $file_info->file_name); if (!$file_info->file_path || !file_exists($path)) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } if (get_option('kboard_attached_copy_download')) { $unique_dir = uniqid(); $upload_dir = wp_upload_dir(); $temp_path = $upload_dir['basedir'] . '/kboard_temp'; $kboard_file_handler = new KBFileHandler(); $kboard_file_handler->deleteWithOvertime($temp_path, 60); $kboard_file_handler->mkPath("{$temp_path}/{$unique_dir}"); copy($path, "{$temp_path}/{$unique_dir}/{$filename}"); header('Location:' . $upload_dir['baseurl'] . "/kboard_temp/{$unique_dir}/{$filename}"); } else { $ie = isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], 'Trident') !== false || strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false); if ($ie) { $filename = iconv('UTF-8', 'EUC-KR//IGNORE', $filename); } header('Content-type: ' . kboard_mime_type($path)); header('Content-Disposition: attachment; filename="' . $filename . '"'); header('Content-Transfer-Encoding: binary'); header('Content-length: ' . sprintf('%d', filesize($path))); header('Expires: 0'); if ($ie) { header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); } else { header('Pragma: no-cache'); } $fp = fopen($path, 'rb'); fpassthru($fp); fclose($fp); } exit; }
die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } } } $file_info = $wpdb->get_row("SELECT * FROM `{$wpdb->prefix}kboard_board_attached` WHERE `content_uid`='{$uid}' AND `file_key`='{$file}'"); list($path) = explode(DIRECTORY_SEPARATOR . 'wp-content', dirname(__FILE__) . DIRECTORY_SEPARATOR); $path = $path . str_replace('/', DIRECTORY_SEPARATOR, $file_info->file_path); $filename = str_replace(' ', '-', $file_info->file_name); if (!$file_info->file_path || !file_exists($path)) { die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>'); } if (get_option('kboard_attached_copy_download')) { $unique_dir = uniqid(); $upload_dir = wp_upload_dir(); $temp_path = $upload_dir['basedir'] . '/kboard_temp'; $kboard_file_handler = new KBFileHandler(); $kboard_file_handler->deleteWithOvertime($temp_path, 60); $kboard_file_handler->mkPath("{$temp_path}/{$unique_dir}"); copy($path, "{$temp_path}/{$unique_dir}/{$filename}"); header('Location:' . $upload_dir['baseurl'] . "/kboard_temp/{$unique_dir}/{$filename}"); } else { $ie = isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], 'Trident') !== false || strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false); if ($ie) { $filename = iconv('UTF-8', 'EUC-KR//IGNORE', $filename); } header('Content-type: ' . kboard_mime_type($path)); header('Content-Disposition: attachment; filename="' . $filename . '"'); header('Content-Transfer-Encoding: binary'); header('Content-length: ' . sprintf('%d', filesize($path))); header('Expires: 0'); if ($ie) {
/** * 썸네일을 등록한다. */ public function setThumbnail() { global $wpdb; if (!$this->thumbnail_store_path) { die(__('No upload path. Please enter board ID and initialize.', 'kboard')); } if ($this->uid && $_FILES['thumbnail']['tmp_name']) { $file = new KBFileHandler(); $file->setPath($this->thumbnail_store_path); $upload = $file->upload('thumbnail'); $original_name = esc_sql($upload['original_name']); $file = esc_sql($upload['path'] . $upload['stored_name']); if ($original_name) { // 업로드된 원본 이미지 크기를 줄인다. $upload_dir = wp_upload_dir(); $file_path = explode('/wp-content/uploads', $upload['path'] . $upload['stored_name']); $file_path = strtolower($upload_dir['basedir'] . end($file_path)); $image_editor = wp_get_image_editor($file_path); if (!is_wp_error($image_editor)) { $thumbnail_size = apply_filters('kboard_thumbnail_size', array(1024, 1024)); $image_editor->resize($thumbnail_size[0], $thumbnail_size[0]); $image_editor->save($file_path); } $this->removeThumbnail(false); $wpdb->query("UPDATE `{$wpdb->prefix}kboard_board_content` SET `thumbnail_file`='{$file}', `thumbnail_name`='{$original_name}' WHERE `uid`='{$this->uid}'"); } } }