/**
  * 미디어 파일을 업로드한다.
  */
 public function upload()
 {
     global $wpdb;
     $this->board_id = intval($this->board_id);
     $this->media_group = addslashes($this->media_group);
     if ($this->board_id && $this->media_group) {
         $upload_dir = wp_upload_dir();
         $attach_store_path = str_replace(KBOARD_WORDPRESS_ROOT, '', $upload_dir['basedir']) . "/kboard_attached/{$this->board_id}/" . current_time('Ym') . '/';
         $file = new KBFileHandler();
         $file->setPath($attach_store_path);
         $upload = $file->upload('kboard_media_file');
         $file_name = addslashes($upload['original_name']);
         $file_path = addslashes($upload['path'] . $upload['stored_name']);
         if ($file_name) {
             $date = current_time('YmdHis');
             $wpdb->query("INSERT INTO `{$wpdb->prefix}kboard_meida` (`media_group`, `date`, `file_path`, `file_name`) VALUE ('{$this->media_group}', '{$date}', '{$file_path}', '{$file_name}')");
         }
     }
 }
 /**
  * Captcha 이미지를 생성한다.
  */
 public function createImage()
 {
     if (!isset($_SESSION['kboard_captcha'])) {
         $_SESSION['kboard_captcha'] = array();
     }
     $captcha_folder = WP_CONTENT_DIR . '/uploads/kboard_captcha/';
     $captcha_name = uniqid('captcha_') . '.png';
     // 디렉토리 생성
     wp_mkdir_p($captcha_folder);
     // 1시간이 지난 이미지는 삭제한다.
     $file_handler = new KBFileHandler();
     $captcha_files = $file_handler->getDirlist($captcha_folder);
     foreach ($captcha_files as $file) {
         $filetime = @filemtime($captcha_folder . $file);
         $created = (time() - $filetime) / 60 / 60;
         if ($created > 1) {
             $file_handler->delete($captcha_folder . $file);
         }
     }
     $text = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z');
     shuffle($text);
     $text = substr(implode('', $text), 0, 5);
     $image = imagecreate(50, 20);
     $background_color = imagecolorallocate($image, 255, 255, 255);
     $font_color = imagecolorallocate($image, 194, 51, 21);
     imagestring($image, 5, 2, 2, $text, $font_color);
     imageline($image, 0, 0, 50, 20, $font_color);
     @imagepng($image, $captcha_folder . $captcha_name);
     imagedestroy($image);
     if (file_exists($captcha_folder . $captcha_name)) {
         $_SESSION['kboard_captcha'][] = $text;
         $src = content_url('/uploads/kboard_captcha/' . $captcha_name);
     } else {
         $_SESSION['kboard_captcha'][] = 'ERROR';
         $src = KBOARD_URL_PATH . '/images/captcha-error.png';
     }
     return $src;
 }
Example #3
0
/**
 * KBoard 워드프레스 게시판 보안 함수
 * @link www.cosmosfarm.com
 * @copyright Copyright 2013 Cosmosfarm. All rights reserved.
 * @license http://www.gnu.org/licenses/gpl.html
 */
// 시스템 설정을 가져온다.
$kboard_xssfilter_active = get_option('kboard_xssfilter') ? false : true;
if ($kboard_xssfilter_active) {
    // HTMLPurifier 클래스를 불러온다.
    if (!class_exists('HTMLPurifier')) {
        include_once KBOARD_DIR_PATH . '/htmlpurifier/HTMLPurifier.standalone.php';
    }
    // HTMLPurifier 설정 캐시 경로 디렉토리 생성
    $kboard_file_handler = new KBFileHandler();
    $kboard_file_handler->mkPath(WP_CONTENT_DIR . '/uploads/kboard_htmlpurifier');
    unset($kboard_file_handler);
}
/**
 * Cross-site scripting (XSS) 공격을 방어하기 위해서 위험 문자열을 제거한다.
 * @param string $data
 */
function kboard_xssfilter($data)
{
    global $kboard_xssfilter_active;
    if (is_array($data)) {
        return array_map('kboard_xssfilter', $data);
    }
    if ($kboard_xssfilter_active) {
        if (!$GLOBALS['KBOARD']['HTMLPurifier'] || !$GLOBALS['KBOARD']['HTMLPurifier_Config']) {
Example #4
0
 /**
  * 썸네일을 등록한다.
  * @param int $uid
  */
 public function setThumbnail($uid)
 {
     global $wpdb;
     if (!$this->thumbnail_store_path) {
         die(__('No upload path. Please enter board ID and initialize.', 'kboard'));
     }
     if ($_FILES['thumbnail']['tmp_name']) {
         $file = new KBFileHandler();
         $file->setPath($this->thumbnail_store_path);
         $upload = $file->upload('thumbnail');
         $original_name = addslashes($upload['original_name']);
         $file = addslashes($upload['path'] . $upload['stored_name']);
         if ($original_name) {
             $this->removeThumbnail($uid);
             $wpdb->query("UPDATE `{$wpdb->prefix}kboard_board_content` SET `thumbnail_file`='{$file}', `thumbnail_name`='{$original_name}' WHERE `uid`='{$uid}'");
         }
     }
 }
 /**
  * 패키지 파일의 압축을 풀고 설치한다.
  * @param string $package
  * @param string $content_type
  * @param string $delete_package
  * @return string
  */
 public function install($package, $content_type, $delete_package = true)
 {
     // See #15789 - PclZip uses string functions on binary data, If it's overloaded with Multibyte safe functions the results are incorrect.
     if (ini_get('mbstring.func_overload') && function_exists('mb_internal_encoding')) {
         $previous_encoding = mb_internal_encoding();
         mb_internal_encoding('ISO-8859-1');
     }
     require_once ABSPATH . 'wp-admin/includes/class-pclzip.php';
     $archive = new PclZip($package);
     $archive_files = $archive->extract(PCLZIP_OPT_EXTRACT_AS_STRING);
     if ($delete_package) {
         unlink($package);
     }
     if (!$archive_files) {
         die('<script>alert("' . __('Download file is decompression failed, please check directory and file permissions.', 'kboard') . '");history.go(-1);</script>');
     } else {
         $install_result = true;
         if (is_writable(WP_CONTENT_DIR . $content_type)) {
             $file_handler = new KBFileHandler();
             $target_dir = trailingslashit(WP_CONTENT_DIR . $content_type);
             foreach ($archive_files as $file) {
                 if ('__MACOSX/' === substr($file['filename'], 0, 9)) {
                     continue;
                 }
                 if ($file['folder']) {
                     $install_result = $file_handler->mkPath($target_dir . $file['filename']);
                 } else {
                     $install_result = $file_handler->putContents($target_dir . $file['filename'], $file['content']);
                 }
                 if (!$install_result) {
                     break;
                 }
             }
         } else {
             global $wp_filesystem;
             $target_dir = trailingslashit($wp_filesystem->find_folder(WP_CONTENT_DIR . $content_type));
             foreach ($archive_files as $file) {
                 if ('__MACOSX/' === substr($file['filename'], 0, 9)) {
                     continue;
                 }
                 if ($file['folder']) {
                     if ($wp_filesystem->is_dir($target_dir . $file['filename'])) {
                         continue;
                     } else {
                         $install_result = $wp_filesystem->mkdir($target_dir . $file['filename'], FS_CHMOD_DIR);
                     }
                 } else {
                     $install_result = $wp_filesystem->put_contents($target_dir . $file['filename'], $file['content'], FS_CHMOD_FILE);
                 }
                 if (!$install_result) {
                     break;
                 }
             }
         }
         if (!$install_result) {
             die('<script>alert("' . __('File copy failed, directory requires write permission.', 'kboard') . ' (/wp-content' . $content_type . ')");history.go(-1);</script>');
         }
     }
     return '';
 }
 /**
  * 첨부파일 다운로드
  */
 public function fileDownload()
 {
     global $wpdb;
     header('X-Robots-Tag: noindex', true);
     // 검색엔진 수집 금지
     header('Content-Type: text/html; charset=UTF-8');
     $referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
     $host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '';
     if ($referer) {
         $url = parse_url($referer);
         $referer_host = $url['host'] . (isset($url['port']) && $url['port'] ? ':' . $url['port'] : '');
     } else {
         wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard'));
     }
     if (!in_array($referer_host, array($host))) {
         wp_die('KBoard : ' . __('This page is restricted from external access.', 'kboard'));
     }
     $uid = isset($_GET['uid']) ? intval($_GET['uid']) : '';
     if (isset($_GET['file'])) {
         $file = trim($_GET['file']);
         $file = kboard_htmlclear($file);
         $file = kboard_xssfilter($file);
         $file = esc_sql($file);
     } else {
         $file = '';
     }
     if (!$uid || !$file) {
         die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
     }
     $content = new KBContent();
     $content->initWithUID($uid);
     if ($content->parent_uid) {
         $parent = new KBContent();
         $parent->initWithUID($content->getTopContentUID());
         $board = new KBoard($parent->board_id);
     } else {
         $board = new KBoard($content->board_id);
     }
     if (!$board->isReader($content->member_uid, $content->secret)) {
         if (!$user_ID && $board->permission_read == 'author') {
             die('<script>alert("' . __('Please Log in to continue.', 'kboard') . '");location.href="' . wp_login_url($referer) . '";</script>');
         } else {
             if ($content->secret && in_array($board->permission_write, array('all', 'author')) && in_array($board->permission_read, array('all', 'author'))) {
                 if (!$board->isConfirm($content->password, $content->uid)) {
                     if ($content->parent_uid) {
                         $parent = new KBContent();
                         $parent->initWithUID($content->getTopContentUID());
                         if (!$board->isReader($parent->member_uid, $content->secret)) {
                             if (!$board->isConfirm($parent->password, $parent->uid)) {
                                 die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
                             }
                         }
                     } else {
                         die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
                     }
                 }
             } else {
                 die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
             }
         }
     }
     $file_info = $wpdb->get_row("SELECT * FROM `{$wpdb->prefix}kboard_board_attached` WHERE `content_uid`='{$uid}' AND `file_key`='{$file}'");
     list($path) = explode(DIRECTORY_SEPARATOR . 'wp-content', dirname(__FILE__) . DIRECTORY_SEPARATOR);
     $path = $path . str_replace('/', DIRECTORY_SEPARATOR, $file_info->file_path);
     $filename = str_replace(' ', '-', $file_info->file_name);
     if (!$file_info->file_path || !file_exists($path)) {
         die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
     }
     if (get_option('kboard_attached_copy_download')) {
         $unique_dir = uniqid();
         $upload_dir = wp_upload_dir();
         $temp_path = $upload_dir['basedir'] . '/kboard_temp';
         $kboard_file_handler = new KBFileHandler();
         $kboard_file_handler->deleteWithOvertime($temp_path, 60);
         $kboard_file_handler->mkPath("{$temp_path}/{$unique_dir}");
         copy($path, "{$temp_path}/{$unique_dir}/{$filename}");
         header('Location:' . $upload_dir['baseurl'] . "/kboard_temp/{$unique_dir}/{$filename}");
     } else {
         $ie = isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], 'Trident') !== false || strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false);
         if ($ie) {
             $filename = iconv('UTF-8', 'EUC-KR//IGNORE', $filename);
         }
         header('Content-type: ' . kboard_mime_type($path));
         header('Content-Disposition: attachment; filename="' . $filename . '"');
         header('Content-Transfer-Encoding: binary');
         header('Content-length: ' . sprintf('%d', filesize($path)));
         header('Expires: 0');
         if ($ie) {
             header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
             header('Pragma: public');
         } else {
             header('Pragma: no-cache');
         }
         $fp = fopen($path, 'rb');
         fpassthru($fp);
         fclose($fp);
     }
     exit;
 }
            die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
        }
    }
}
$file_info = $wpdb->get_row("SELECT * FROM `{$wpdb->prefix}kboard_board_attached` WHERE `content_uid`='{$uid}' AND `file_key`='{$file}'");
list($path) = explode(DIRECTORY_SEPARATOR . 'wp-content', dirname(__FILE__) . DIRECTORY_SEPARATOR);
$path = $path . str_replace('/', DIRECTORY_SEPARATOR, $file_info->file_path);
$filename = str_replace(' ', '-', $file_info->file_name);
if (!$file_info->file_path || !file_exists($path)) {
    die('<script>alert("' . __('You do not have permission.', 'kboard') . '");history.go(-1);</script>');
}
if (get_option('kboard_attached_copy_download')) {
    $unique_dir = uniqid();
    $upload_dir = wp_upload_dir();
    $temp_path = $upload_dir['basedir'] . '/kboard_temp';
    $kboard_file_handler = new KBFileHandler();
    $kboard_file_handler->deleteWithOvertime($temp_path, 60);
    $kboard_file_handler->mkPath("{$temp_path}/{$unique_dir}");
    copy($path, "{$temp_path}/{$unique_dir}/{$filename}");
    header('Location:' . $upload_dir['baseurl'] . "/kboard_temp/{$unique_dir}/{$filename}");
} else {
    $ie = isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], 'Trident') !== false || strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false);
    if ($ie) {
        $filename = iconv('UTF-8', 'EUC-KR//IGNORE', $filename);
    }
    header('Content-type: ' . kboard_mime_type($path));
    header('Content-Disposition: attachment; filename="' . $filename . '"');
    header('Content-Transfer-Encoding: binary');
    header('Content-length: ' . sprintf('%d', filesize($path)));
    header('Expires: 0');
    if ($ie) {
 /**
  * 썸네일을 등록한다.
  */
 public function setThumbnail()
 {
     global $wpdb;
     if (!$this->thumbnail_store_path) {
         die(__('No upload path. Please enter board ID and initialize.', 'kboard'));
     }
     if ($this->uid && $_FILES['thumbnail']['tmp_name']) {
         $file = new KBFileHandler();
         $file->setPath($this->thumbnail_store_path);
         $upload = $file->upload('thumbnail');
         $original_name = esc_sql($upload['original_name']);
         $file = esc_sql($upload['path'] . $upload['stored_name']);
         if ($original_name) {
             // 업로드된 원본 이미지 크기를 줄인다.
             $upload_dir = wp_upload_dir();
             $file_path = explode('/wp-content/uploads', $upload['path'] . $upload['stored_name']);
             $file_path = strtolower($upload_dir['basedir'] . end($file_path));
             $image_editor = wp_get_image_editor($file_path);
             if (!is_wp_error($image_editor)) {
                 $thumbnail_size = apply_filters('kboard_thumbnail_size', array(1024, 1024));
                 $image_editor->resize($thumbnail_size[0], $thumbnail_size[0]);
                 $image_editor->save($file_path);
             }
             $this->removeThumbnail(false);
             $wpdb->query("UPDATE `{$wpdb->prefix}kboard_board_content` SET `thumbnail_file`='{$file}', `thumbnail_name`='{$original_name}' WHERE `uid`='{$this->uid}'");
         }
     }
 }