public function archive_cache($cache_id, $comment, $months = 0)
{
global $opt, $login, $translate;
$log = cachelog::createNew($cache_id, $login->userid);
if ($log === false) {
echo $this->name . ": cannot create log for cache {$cache_id}\n";
} else {
$cache = new cache($cache_id);
if (!$cache->setStatus(3) || !$cache->save()) {
echo $this->name . ": cannot change status of cache {$cache_id}\n";
} else {
// create log
$log->setType(cachelog::LOGTYPE_ARCHIVED, true);
$log->setOcTeamComment(true);
$log->setDate(date('Y-m-d'));
// Log without time, so that owner reactions will always appear AFTER
// the system log, no matter if logged with or without date.
// create log text in appropriate language
$translated_comment = $translate->t($comment, '', '', 0, '', 1, $cache->getDefaultDescLanguage());
$translated_comment = str_replace('%1', $months, $translated_comment);
$log->setText('<p>' . $translated_comment . '</p>');
$log->setTextHtml(1);
if (!$log->save()) {
echo $this->name . ": could not save archive log for cache {$cache_id}\n";
}
}
}
}
public static function cron()
{
$now = date('Y-m-d H:i:s', strtotime('-1 second', strtotime(date('Y-m-d H:i:s'))));
$lastDatetime = cache::byKey('sarah::lastRetrievalInternalEvent', $now);
foreach (internalEvent::getNewInternalEvent('sarah') as $internalEvent) {
if (in_array($internalEvent->getEvent(), array('update::interactQuery'))) {
foreach (sarah::byType('sarah') as $sarah) {
if ($sarah->ping()) {
log::add('sarah', 'info', 'Mise à jour de la grammaire de Sarah');
$sarah->updateSrvSarah();
} else {
cache::save('sarah::lastRetrievalInternalEvent', $lastDatetime, 0);
}
}
}
}
}
$(lid).innerHTML="<b>"+tag+"</b> ";
}
return false;
}
//]]>
</script>
<br /><br />
<script type="text/javascript">
//<![CDATA[
var posts = {}; posts[' . $id . '] = {}; posts[' . $id . '].comments = {}; posts[' . $id . '].ignored = {}; var cthreshold = parseInt(readCookie(\'comment_threshold\')) || 0; var users = readCookie(\'user_blacklist\').split(/[, ]|%20+/g);
//]]>
</script>';
$data = '';
$data = ob_get_contents();
ob_end_clean();
$cache->save("cache/" . $id . "/post.cache", $data);
echo str_replace("f6ca1c7d5d00a2a3fb4ea2f7edfa0f96a6d09c11717f39facabad2d724f16fbb", $domain, $data);
flush();
}
$user = new user();
$got_permission = $user->gotpermission('delete_comments');
if (isset($_GET['pid']) && is_numeric($_GET['pid']) && $_GET['pid'] > "0") {
$pid = ceil($_GET['pid']);
$page = $pid;
} else {
$page = 0;
$pid = 0;
}
$data = '';
if (file_exists("cache/{$id}/comments.{$pid}.cache")) {
$data = $cache->load("cache/{$id}/comments.{$pid}.cache");
$misc = new misc();
print $misc->pagination($_GET['page'], $_GET['s'], $id, $limit, $page_limit, $numrows, $_GET['pid'], $_GET['tags']);
}
//Cache doesn't exist for search, make one.
if ($no_cache === true) {
$data = ob_get_contents();
ob_end_clean();
if (isset($_GET['pid']) && is_numeric($_GET['pid']) && $_GET['pid'] > 0) {
$page = $_GET['pid'] / $limit + 1;
} else {
$page = 0;
}
if ($new_tag_cache != "") {
if (!is_dir("{$main_cache_dir}" . "" . "search_cache/" . $new_tag_cache)) {
@mkdir("{$main_cache_dir}" . "" . "search_cache/" . $new_tag_cache);
}
$cache->save("search_cache/" . $new_tag_cache . "/" . $page . ".html", $data);
}
echo $data;
}
}
?>
<div id="footer">
<a href="index.php?page=post&s=add">Add</a> | <a href="help/">Help</a>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
}
exit;
}
$prev_next = $post->prev_next($id);
if (!is_dir("{$main_cache_dir}" . "" . "\\api_cache/{$id}")) {
$cache->create_page_cache("cache/{$id}");
}
$data = $cache->load("api_cache/" . $id . "/post." . $api_type . ".cache");
if ($data !== false) {
echo str_replace("f6ca1c7d5d00a2a3fb4ea2f7edfa0f96a6d09c11717f39facabad2d724f16fbb", $domain, $data);
flush();
} else {
ob_start();
if ($api_type == 'json') {
header('Content-type: application/json');
$posts = array(createPostObject($post_data));
$postsArr = array('offset' => 0, 'count' => 1, 'posts' => $posts);
echo json_encode($postsArr);
} else {
header('Content-type: text/xml');
$posts = '<?xml version="1.0" encoding="UTF-8"?><posts offset="0" count="1">' . "\r\n";
$posts .= createPostXML($post_data);
$posts .= '</posts>';
echo $posts;
}
$data = '';
$data = ob_get_contents();
ob_end_clean();
$cache->save("cache/" . $id . "/post." . $api_type . ".cache", $data);
echo str_replace("f6ca1c7d5d00a2a3fb4ea2f7edfa0f96a6d09c11717f39facabad2d724f16fbb", $domain, $data);
}
//
//get hooks data from hooks table ...
//
if (!defined('STOP_HOOKS')) {
if (!($all_plg_h_p = $cache->get('data_plugins'))) {
//get all hooks
$query = array('SELECT' => 'h.hook_id,h.hook_name, h.hook_content, h.plg_id, p.plg_name', 'FROM' => "{$dbprefix}hooks AS h", 'JOINS' => array(array('INNER JOIN' => "{$dbprefix}plugins AS p", 'ON' => 'p.plg_id=h.plg_id')), 'WHERE' => 'p.plg_disabled=0', 'ORDER BY' => 'h.hook_id');
($hook = kleeja_run_hook('qr_select_hooks_cache')) ? eval($hook) : null;
//run hook
$result = $SQL->build($query);
while ($row = $SQL->fetch_array($result)) {
$all_plg_hooks[$row['hook_name']][$row['plg_name']] = $row['hook_content'];
$all_plg_plugins[$row['plg_name']] = null;
}
$SQL->freeresult($result);
$cache->save('data_plugins', array($all_plg_plugins, $all_plg_hooks));
}
list($all_plg_plugins, $all_plg_hooks) = $all_plg_h_p;
}
#plugins is on
//
//get config data from config table ...
//
if (!($config = $cache->get('data_config'))) {
$query = array('SELECT' => 'c.*', 'FROM' => "{$dbprefix}config c");
($hook = kleeja_run_hook('qr_select_config_cache')) ? eval($hook) : null;
//run hook
$result = $SQL->build($query);
while ($row = $SQL->fetch_array($result)) {
$config[$row['name']] = $row['value'];
}
function disable()
{
global $login, $translate;
if ($this->canDisable() == false) {
return false;
}
// write old record to log
$backup = array();
$backup['username'] = $this->getUsername();
$backup['email'] = $this->getEMail();
$backup['last_name'] = $this->getLastName();
$backup['first_name'] = $this->getFirstName();
sql("INSERT INTO `logentries` (`module`, `eventid`, `userid`, `objectid1`, `objectid2`, `logtext`, `details`)\n\t\t VALUES ('user', 6, '&1', '&2', '&3', '&4', '&5')", $login->userid, $this->nUserId, 0, 'User ' . sql_escape($this->getUsername()) . ' disabled', serialize($backup));
// delete private data
sql("UPDATE `user` SET `password`=NULL, `email`=NULL, \n\t\t `is_active_flag`=0, \n\t\t `latitude`=0, `longitude`=0, \n\t\t `last_name`='', `first_name`='', `country`=NULL, `accept_mailing`=0, `pmr_flag`=0,\n\t\t `new_pw_code`=NULL, `new_pw_date`=NULL,\n\t\t `new_email`=NULL, `new_email_code`=NULL, `new_email_date`=NULL,\n\t\t `email_problems`=0, `first_email_problem`=NULL, `last_email_problem`=NULL,\n\t\t `permanent_login_flag`=0, `activation_code`='',\n\t\t `notify_radius`=0\n\t\t WHERE `user_id`='&1'", $this->nUserId);
// Statpic and profile description texts are published under the data license
// terms and therefore need not to be deleted.
sql("DELETE FROM `user_options` WHERE `user_id`='&1'", $this->nUserId);
$this->reload();
sql("DELETE FROM `cache_lists` WHERE `user_id`='&1'", $this->nUserId);
// Triggers will do all the dependent clean-up.
sql("DELETE FROM `cache_adoption` WHERE `user_id`='&1'", $this->nUserId);
sql("DELETE FROM `cache_ignore` WHERE `user_id`='&1'", $this->nUserId);
sql("DELETE FROM `cache_watches` WHERE `user_id`='&1'", $this->nUserId);
sql("DELETE FROM `watches_waiting` WHERE `user_id`='&1'", $this->nUserId);
sql("DELETE FROM `notify_waiting` WHERE `user_id`='&1'", $this->nUserId);
// lock the user's caches
$error = false;
$rs = sql("SELECT `cache_id` FROM `caches` WHERE `user_id`='&1' AND `status` IN (1,2,3)", $this->nUserId);
while (($rCache = sql_fetch_assoc($rs)) && !$error) {
$error = true;
$cache = new cache($rCache['cache_id']);
if ($cache->setStatus(6) && $cache->save()) {
$log = cachelog::createNew($rCache['cache_id'], $login->userid, true);
if ($log !== false) {
$log->setType(cachelog::LOGTYPE_LOCKED, true);
$log->setOcTeamComment(true);
$log->setDate(date('Y-m-d'));
$log->setText($translate->t('The user account has been disabled.', '', '', 0, '', 1, $cache->getDefaultDescLanguage()));
$log->setTextHtml(false);
if ($log->save()) {
$error = false;
}
}
}
echo "\n";
}
sql_free_result($rs);
return !$error;
}
public function disable()
{
global $login, $translate;
if ($this->canDisable() == false) {
return false;
}
// write old record to log
$backup = array();
$backup['username'] = $this->getUsername();
$backup['email'] = $this->getEMail();
$backup['last_name'] = $this->getLastName();
$backup['first_name'] = $this->getFirstName();
$backup['country'] = $this->getCountryCode();
$backup['latitude'] = $this->getLatitude();
$backup['longitude'] = $this->getLongitude();
sql("INSERT INTO `logentries` (`module`, `eventid`, `userid`, `objectid1`, `objectid2`, `logtext`, `details`)\n VALUES ('user', 6, '&1', '&2', '&3', '&4', '&5')", $login->userid, $this->nUserId, 0, 'User ' . sql_escape($this->getUsername()) . ' disabled', serialize($backup));
// delete private and system data
sql("UPDATE `user` SET `password`=NULL, `email`=NULL, `last_name`='', `first_name`='',\n `country`=NULL, `latitude`=0, `longitude`=0, `is_active_flag`=0, `activation_code`='',\n `new_pw_code`=NULL, `new_pw_date`=NULL, `new_email`=NULL, `new_email_code`=NULL,\n `new_email_date`=NULL, `email_problems`=0, `first_email_problem`=NULL,\n `last_email_problem`=NULL\n WHERE `user_id`='&1'", $this->nUserId);
// non-private data which need not to be deleted:
//
// - Statpic and profile description texts - published under the data license
// - profile settings: accept_mailing, pmr_flag, permanent_login_flag, notify_radius,
// user_options entries
// - watch and ignore lists
// - adoptions: may still be executed if offered to another user
// Handling of cache lists is unclear. They may be deleted by the Opencaching team
// if not considered useful.
// lock the user's caches
$error = false;
$rs = sql("SELECT `cache_id` FROM `caches` WHERE `user_id`='&1' AND `status` IN (1,2,3)", $this->nUserId);
while (($rCache = sql_fetch_assoc($rs)) && !$error) {
$error = true;
$cache = new cache($rCache['cache_id']);
if ($cache->setStatus(6) && $cache->save()) {
$log = cachelog::createNew($rCache['cache_id'], $login->userid, true);
if ($log !== false) {
$log->setType(cachelog::LOGTYPE_LOCKED, true);
$log->setOcTeamComment(true);
$log->setDate(date('Y-m-d'));
$log->setText($translate->t('The user account has been disabled.', '', '', 0, '', 1, $cache->getDefaultDescLanguage()));
$log->setTextHtml(false);
if ($log->save()) {
$error = false;
}
}
}
echo "\n";
}
sql_free_result($rs);
return !$error;
}
function ldProcessRequest($AR_PATH_INFO = null)
{
global $AR;
global $ARCurrent;
global $store_config;
global $auth_config;
global $cache_config;
global $store;
global $context;
global $DB;
global $path;
global $function;
global $nls;
$writecache = false;
// go check for a sessionid
$root = $AR->root;
$session_id = 0;
$re = "^/-(.{4})-/";
$originalPathInfo = $AR_PATH_INFO;
// Store this to pass to the refresh cache on shutdown function;
if (preg_match('|' . $re . '|', $AR_PATH_INFO, $matches)) {
$session_id = $matches[1];
$AR_PATH_INFO = substr($AR_PATH_INFO, strlen($matches[0]) - 1);
$AR->hideSessionIDfromURL = false;
} elseif ($AR->hideSessionIDfromURL) {
$cookies = (array) ldGetCredentials();
$current = ldGetCookieSession();
if (array_key_exists($current, $cookies)) {
$session_id = $current;
}
}
// set the default user (public)
$AR->login = "******";
// look for the template
$split = strrpos($AR_PATH_INFO, "/");
$path = substr($AR_PATH_INFO, 0, $split + 1);
$function = substr($AR_PATH_INFO, $split + 1);
if (!$function) {
if (!isset($arDefaultFunction) || $arDefaultFunction == '') {
$arDefaultFunction = "view.html";
}
$function = $arDefaultFunction;
if (isset($arFunctionPrefix) && $arFunctionPrefix != '') {
$function = $arFunctionPrefix . $function;
}
$AR_PATH_INFO .= $function;
}
// yes, the extra '=' is needed, don't remove it. trust me.
$ldCacheFilename = strtolower($AR_PATH_INFO) . "=";
// for the new multiple domains per site option (per language), we need this
// since the nls isn't literaly in the url anymore.
$ldCacheFilename .= str_replace(':', '=', str_replace('/', '', $AR->host)) . '=';
$qs = ldGetServerVar("QUERY_STRING");
if ($qs != '') {
$ldCacheFilename .= sha1($qs);
}
if ($session_id) {
$cachedimage = $store_config["files"] . "cache/session" . $ldCacheFilename;
$cachedheader = $store_config["files"] . "cacheheaders/session" . $ldCacheFilename;
} else {
$cachedimage = $store_config["files"] . "cache/normal" . $ldCacheFilename;
$cachedheader = $store_config["files"] . "cacheheaders/normal" . $ldCacheFilename;
}
if ($AR->ESI) {
ob_start();
}
$timecheck = time();
if (file_exists($cachedimage)) {
$staleTotalTime = filemtime($cachedimage) - filectime($cachedimage);
$staleCurrent = $timecheck - filectime($cachedimage);
if ($staleTotalTime != 0) {
$stalePercentage = sprintf("%.2f", 100 * $staleCurrent / $staleTotalTime);
} else {
$stalePercentage = 100;
}
if ($stalePercentage < 0) {
$stalePercentage = 0;
} else {
if ($stalePercentage > 100) {
$stalePercentage = 100;
}
}
if (!headers_sent()) {
header("X-Ariadne-Cache-Stale: {$stalePercentage}%");
}
}
// add min-fresh if the client asked for it
if (isset($ARCurrent->RequestCacheControl["min-fresh"])) {
$timecheck += $ARCurrent->RequestCacheControl["min-fresh"];
}
if (file_exists($cachedimage) && (($mtime = @filemtime($cachedimage)) > $timecheck || $mtime == 0) && $_SERVER["REQUEST_METHOD"] != "POST" && $ARCurrent->RequestCacheControl["no-cache"] != true && $ARCurrent->refreshCacheOnShutdown !== true) {
$ctime = filemtime($cachedimage);
// FIXME: Waarom moet dit mtime zijn? Zonder mtime werkt de if-modified-since niet;
if (rand(20, 80) < $stalePercentage) {
header("X-Ariadne-Cache-Refresh: refreshing on shutdown");
register_shutdown_function("ldCacheRequest", $originalPathInfo);
// Rerun the request with the original path info;
} else {
header("X-Ariadne-Cache-Refresh: skipped, still fresh enough");
}
if (!$AR->ESI && $_SERVER['HTTP_IF_MODIFIED_SINCE'] && strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) >= $ctime) {
// the mtime is used as expiration time, the ctime is the correct last modification time.
// as an object clears the cache upon a save.
// Send the original headers - they will already contain the correct max-age and expires values;
if (file_exists($cachedheader)) {
$filedata = file($cachedheader);
if (is_array($filedata)) {
while (list($key, $header) = each($filedata)) {
ldHeader($header);
}
}
}
header("X-Ariadne-Cache: Hit");
ldHeader("HTTP/1.1 304 Not Modified");
} else {
if (file_exists($cachedheader)) {
// Cache header file also contains information about Cache-control;
$filedata = file($cachedheader);
if (is_array($filedata)) {
while (list($key, $header) = each($filedata)) {
ldHeader($header);
}
}
}
header("X-Ariadne-Cache: Hit");
// Send this after the cached headers to overwrite the cached cache-miss header;
if ($AR->ESI) {
if (false && $_SERVER['HTTP_IF_MODIFIED_SINCE'] && strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) >= $ctime) {
ldHeader("HTTP/1.1 304 Not modified");
} else {
$data = file_get_contents($cachedimage);
include_once $store_config['code'] . "modules/mod_esi.php";
// Replace the session IDs before the ESI process call to pass the correct session ID information...
if ($session_id && !$AR->hideSessionIDfromURL) {
$tag = '{arSessionID}';
$data = str_replace($tag, "-{$session_id}-", $data);
}
$data = ESI::esiProcess($data);
// ... and then replace the session IDs that were generated in de ESI case;
$tag = '{arSessionID}';
if ($session_id && !$AR->hideSessionIDfromURL) {
$data = str_replace($tag, "-{$session_id}-", $data);
} else {
if ($session_id && $AR->hideSessionIDfromURL) {
$data = str_replace($tag, '', $data);
}
}
$data_len = strlen($data);
header("Content-Length: " . $data_len);
echo $data;
}
} else {
if ($session_id) {
$tag = '{arSessionID}';
$data = file_get_contents($cachedimage);
$tag = '{arSessionID}';
if (!$AR->hideSessionIDfromURL) {
$data = str_replace($tag, "-{$session_id}-", $data);
} else {
$data = str_replace($tag, '', $data);
}
$data_len = strlen($data);
header("Content-Length: " . $data_len);
echo $data;
} else {
$data_len = filesize($cachedimage);
header("Content-Length: " . $data_len);
readfile($cachedimage);
}
}
}
$writecache = false;
// Prevent recaching cached image;
} else {
if (!headers_sent()) {
header("X-Ariadne-Cache: Miss");
}
/*
start output buffering
*/
ob_start();
global $ldOutputBufferActive;
$ldOutputBufferActive = true;
ob_implicit_flush(0);
// look for the language
$split = strpos(substr($AR_PATH_INFO, 1), "/");
$ARCurrent->nls = substr($path, 1, $split);
if (!isset($AR->nls->list[$ARCurrent->nls])) {
// not a valid language
$ARCurrent->nls = "";
$nls = $AR->nls->default;
// but we can find out if the user has any preferences
preg_match_all("%([a-zA-Z]{2}|\\*)[a-zA-Z-]*(?:;q=([0-9.]+))?%", $_SERVER["HTTP_ACCEPT_LANGUAGE"], $regs, PREG_SET_ORDER);
$ARCurrent->acceptlang = array();
$otherlangs = array();
$otherq = false;
foreach ($regs as $reg) {
if (!isset($reg[2])) {
$reg[2] = 1;
}
if ($reg[1] == "*") {
$otherq = $reg[2];
} else {
if ($AR->nls->list[$reg[1]]) {
$otherlangs[] = $reg[1];
$ARCurrent->acceptlang[$reg[1]] = $reg[2];
}
}
}
if ($otherq !== false) {
$otherlangs = array_diff(array_keys($AR->nls->list), $otherlangs);
foreach ($otherlangs as $lang) {
$ARCurrent->acceptlang[$lang] = $otherq;
}
}
arsort($ARCurrent->acceptlang);
} else {
// valid language
$path = substr($path, $split + 1);
// ldSetNls($ARCurrent->nls);
$nls = $ARCurrent->nls;
}
$args = array_merge($_GET, $_POST);
// instantiate the store
$inst_store = $store_config["dbms"] . "store";
$store = new $inst_store($root, $store_config);
//$store->rootoptions = $rootoptions;
if ($session_id) {
ldStartSession($session_id);
}
// instantiate the ARnls
if ($ARCurrent->nls != "") {
ldSetNls($nls);
}
if (substr($function, -6) == ".phtml") {
// system template: no language check
$ARCurrent->nolangcheck = 1;
}
$ext = pathinfo($function, PATHINFO_EXTENSION);
switch ($ext) {
case 'css':
ldSetContent('text/css; charset=utf-8');
break;
case 'js':
ldSetContent('application/javascript; charset=utf-8');
break;
case 'json':
ldSetContent('application/json; charset=utf-8');
break;
case 'xml':
ldSetContent('text/xml; charset=utf-8');
break;
case 'jpg':
ldSetContent('image/jpeg');
break;
case 'gif':
ldSetContent('image/gif');
break;
case 'png':
ldSetContent('image/png');
break;
case 'svg':
ldSetContent('image/svg+xml');
break;
default:
ldSetContent('text/html; charset=utf-8');
break;
}
$ARCurrent->arContentTypeSent = true;
register_shutdown_function("ldOnFinish");
$auth_class = "mod_auth_" . $auth_config["method"];
$mod_auth = new $auth_class($auth_config);
$username = isset($args["ARLogin"]) ? $args["ARLogin"] : null;
$password = isset($args["ARPassword"]) ? $args["ARPassword"] : null;
$result = $mod_auth->checkLogin($username, $password, $path);
if ($result !== true) {
if ($result == LD_ERR_ACCESS) {
ldAccessDenied($path, $ARnls["accessdenied"], $args, $function);
$function = false;
} else {
if ($result == LD_ERR_SESSION && !$AR->hideSessionIDfromURL) {
ldAccessTimeout($path, $ARnls["sessiontimeout"], $args, $function);
$function = false;
} else {
if ($result == LD_ERR_EXPIRED) {
ldAccessPasswordExpired($path, $ARnls["sessionpasswordexpired"], $args, $function);
$function = false;
}
}
}
}
// valid new login, without a session, morph to login.redirect.php to redirect to a session containing url
if (!$session_id && $args["ARLogin"] && $args["ARPassword"] && $function !== false && !$AR->hideSessionIDfromURL) {
if (!$ARCurrent->session->get("oldArCallArgs", 1)) {
$ARCurrent->session->put("oldGET", $_GET, 1);
$ARCurrent->session->put("oldPOST", $_POST, 1);
$ARCurrent->session->put("oldArCallArgs", $args, 1);
$ARCurrent->session->save(0, true);
}
if ($arDefaultFunction !== $function) {
$args["arRequestedTemplate"] = $function;
} else {
$args["arRequestedTemplate"] = "";
}
$function = "login.redirect.php";
} else {
if ($session_id) {
if ($ARCurrent->session->get("ARSessionTimedout", 1)) {
if (!$ARCurrent->session->get("oldArCallArgs", 1)) {
$ARCurrent->session->put("oldGET", $_GET, 1);
$ARCurrent->session->put("oldPOST", $_POST, 1);
$ARCurrent->session->put("oldArCallArgs", $args, 1);
$ARCurrent->session->save(0, true);
}
} else {
if ($ARCurrent->session->get("oldArCallArgs", 1)) {
$_GET = array_merge($_GET, (array) $ARCurrent->session->get("oldGET", 1));
$_POST = array_merge($_POST, (array) $ARCurrent->session->get("oldPOST", 1));
$args = $ARCurrent->session->get("oldArCallArgs", 1);
$args = array_merge($_GET, $_POST, $args);
// $args, $_GET, $_POST );
$ARCurrent->session->put("oldArCallArgs", "", 1);
$ARCurrent->session->put("oldGET", "", 1);
$ARCurrent->session->put("oldPOST", "", 1);
}
}
}
}
$xss_vars = array();
ldGatherXSSInput($xss_vars, $_GET);
ldGatherXSSInput($xss_vars, $_POST);
$filenames = array_map(function ($e) {
return $e['name'];
}, $_FILES);
ldGatherXSSInput($xss_vars, $filenames);
ldGatherXSSInput($xss_vars, $function);
ldGatherXSSInput($xss_vars, $path);
global $ldXSSProtectionActive;
if (count($xss_vars)) {
$ldXSSProtectionActive = true;
}
if ($function !== false) {
// finally call the requested object
unset($store->total);
if (ldCheckAllowedTemplate($function)) {
$store->call($function, $args, $store->get($path));
$writecache = true;
}
if (!$store->total) {
ldObjectNotFound($path, $function, $args);
}
}
if (count($xss_vars)) {
$image = ob_get_contents();
ob_clean();
$header = $ARCurrent->ldHeaders["content-type"];
$xssDetected = false;
preg_match('/^content-type:\\s+([^ ;]+)/i', $header, $matches);
$mimetype = strtolower($matches[1]);
if (substr($mimetype, 0, 5) == 'text/') {
krsort($xss_vars, SORT_NUMERIC);
foreach ($xss_vars as $values) {
if (is_array($values)) {
foreach ($values as $value) {
$occurances = substr_count($image, $value);
if ($occurances > 0) {
$xssDetected = true;
break 2;
}
}
}
}
}
if ($xssDetected) {
$newargs = array();
$newargs["arRequestedArgs"] = $args;
$newargs["arRequestedTemplate"] = $function;
$newargs["arSuspectedArgs"] = $xss_vars;
$newargs["arResultOutput"] = $image;
$store->call('user.xss.html', $newargs, $store->get($path));
} else {
echo $image;
}
}
}
// now check for outputbuffering (caching)
if ($image = ob_get_contents()) {
// Calculate browser side cache settings based on settings collected in the call chain;
//
// Rules: do not cache wins. short cache time wins over longer cache time. Unset values don't get to play.
//
// Overlord rule: if the request method was not a get, or debugging was used, do not cache. Ever.
//
// If pinp says arDontCache, then do not cache;
//
// If ESI was used and hit a cached image, use the cache settings from the cache image;
if ($_SERVER['REQUEST_METHOD'] != 'GET' || $DB["wasUsed"] > 0) {
// Do not cache on client.
ldSetBrowserCache(false);
} else {
if (is_array($ARCurrent->cache) && ($file = array_pop($ARCurrent->cache))) {
// This will generate an error, do not cache on client;
ldSetBrowserCache(false);
} else {
if ($ARCurrent->arDontCache) {
// PINP told us not to cache;
ldSetBrowserCache(false);
} else {
if (!$writecache) {
// Image came from the cache, it already has browser cache headers;
} else {
// Defaults for browser caching;
// Calls without session: public, max-age 1800;
// Calls with session without call chain (disk templates): private, no-cache no-store must-revalidate max-age=0
// Calls with session with call chain (pinp templates): private, max-age=1800;
// FIXME: Make the calls with session less trigger happy on not caching;
/* if ($session_id && sizeof($ARCurrent->cacheCallChainSettings)) {
// With session and pinp templates;
$browserCachePrivate = true;
$browserCacheMaxAge = 1800;
$browserCacheNoStore = false;
$browserCacheNoCache = false;
$browserCacheMustRevalidate = false;
} else */
if ($session_id) {
// With session, disk templates only
$browserCachePrivate = true;
$browserCacheMaxAge = 0;
$browserCacheNoStore = true;
$browserCacheNoCache = true;
$browserCacheMustRevalidate = true;
} else {
// Without session and all other corner cases;
$browserCachePrivate = false;
$defaultMaxAge = 1800;
$browserCacheNoStore = false;
$browserCacheNoCache = false;
$browserCacheMustRevalidate = false;
}
$browserCachecacheSetting = 0;
// Default = inherit;
// FIXME: The defaults for with session ID are now to not cache;
if (is_array($ARCurrent->cacheCallChainSettings)) {
foreach ($ARCurrent->cacheCallChainSettings as $objectId => $pathCacheSetting) {
$browserCachePrivate = $browserCachePrivate || $pathCacheSetting['browserCachePrivate'];
// If anyone says 'private', make it so.
$browserCacheNoStore = $browserCacheNoStore || $pathCacheSetting['browserCacheNoStore'];
// If anyone says 'no-store', make it so.
$browserCacheNoCache = $browserCacheNoCache || $pathCacheSetting['browserCacheNoCache'];
// If anyone says 'no-cache', make it so.
$browserCacheMustRevalidate = $browserCacheMustRevalidate || $pathCacheSetting['browserCacheMustRevalidate'];
// If anyone says 'must-revalidate', make it so.
$browserCacheNoTransform = $browserCacheNoTransform || $pathCacheSetting['browserCacheNoTransform'];
// If anyone says 'no-transform', make it so.
$browserCacheProxyRevalidate = $browserCacheProxyRevalidate || $pathCacheSetting['browserCacheProxyRevalidate'];
// If anyone says 'proxy-revalidate', make it so.
if (isset($pathCacheSetting['browserCacheMaxAge']) && is_numeric($pathCacheSetting['browserCacheMaxAge'])) {
if (isset($browserCacheMaxAge)) {
$browserCacheMaxAge = min($browserCacheMaxAge, $pathCacheSetting['browserCacheMaxAge']);
} else {
$browserCacheMaxAge = $pathCacheSetting['browserCacheMaxAge'];
}
}
if (isset($pathCacheSetting['browserCacheSMaxAge']) && is_numeric($pathCacheSetting['browserCacheMaxAge'])) {
if (isset($browserCacheSMaxAge)) {
$browserCacheSMaxAge = min($browserCacheSMaxAge, $pathCacheSetting['browserCacheSMaxAge']);
} else {
$browserCacheSMaxAge = $pathCacheSetting['browserCacheSMaxAge'];
}
}
}
if (!isset($browserCacheMaxAge) && isset($defaultMaxAge)) {
$browserCacheMaxAge = $defaultMaxAge;
}
}
ldSetBrowserCache(array("browserCachePrivate" => $browserCachePrivate, "browserCacheNoStore" => $browserCacheNoStore, "browserCacheNoCache" => $browserCacheNoCache, "browserCacheMustRevalidate" => $browserCacheMustRevalidate, "browserCacheNoTransform" => $browserCacheNoTransform, "browserCacheProxyRevalidate" => $browserCacheProxyRevalidate, "browserCacheMaxAge" => $browserCacheMaxAge, "browserCacheSMaxAge" => $browserCacheSMaxAge));
}
}
}
}
$image_len = strlen($image);
if ($ARCurrent->session && $ARCurrent->session->id) {
$ldCacheFilename = "/session" . $ldCacheFilename;
$image = str_replace('-' . $ARCurrent->session->id . '-', '{arSessionID}', $image);
} else {
$ldCacheFilename = "/normal" . $ldCacheFilename;
}
// because we have the full content, we can now also calculate the content length
ldHeader("Content-Length: " . $image_len);
// flush the buffer, this will send the contents to the browser
ob_end_flush();
debug("loader: ob_end_flush()", "all");
// Calculate server side cache settings based on settings collected in the call chain;
//
// Rules: do not cache wins. short cache time wins over longer cache time. Unset values don't get to play.
//
// Overlord rule: if the request method was not a get, or debugging was used, do not cache. Ever.
//
// If pinp says arDontCache, then do not cache;
//
// If ESI was used and hit a cached image, do not write the image;
if ($_SERVER['REQUEST_METHOD'] != 'GET' || $DB["wasUsed"] > 0) {
// Do not cache on server.
// header("X-Ariadne-Cache-Skipped: DB Used");
} else {
if (is_array($ARCurrent->cache) && ($file = array_pop($ARCurrent->cache))) {
error("cached() opened but not closed with savecache()");
// header("X-Ariadne-Cache-Skipped: cached problem.");
} else {
if ($ARCurrent->arDontCache) {
// PINP told us not to cache;
// header("X-Ariadne-Cache-Skipped: arDontCache");
} else {
if (!$writecache) {
// ESI was used and hit a cached image, do not write the image;
// header("X-Ariadne-Cache-Skipped: cached image used");
} else {
// header("X-Ariadne-Cache-Skipped: Writing cache now");
// Cache setting values:
// -2 = Refresh on change; Set the cache time on server to 999 hours (unlimited);
// -1 = Do not cache
// 0 = Inherit
// > 0: Refresh on request. The number is the amount of hours that the cache is 'fresh'. This can be a fraction/float value;
$cacheSetting = 0;
// Default = inherit;
$serverCachePrivate = 0;
// do not allow caching of sessions
if (is_array($ARCurrent->cacheCallChainSettings)) {
foreach ($ARCurrent->cacheCallChainSettings as $objectId => $pathCacheSetting) {
// FIXME: also 'resolve' $serverCachePrivate
$serverCache = $pathCacheSetting['serverCache'];
if ($serverCache == 0 || !isset($serverCache)) {
// This path does not want to play;
$serverCache = $pathCacheSetting['serverCacheDefault'];
}
if ($serverCache == -2) {
// Sorry, we meant that the cache image should be valid forever;
$serverCache = 999;
}
if ($cacheSetting == 0) {
$cacheSetting = $serverCache;
} else {
$cacheSetting = min($serverCache, $cacheSetting);
}
if ($cacheSetting == -1) {
// If someone told us to not cache, skip checking because nothing anyone else tells us will change this fact.
break;
}
}
}
// header("X-Ariadne-Cache-Setting: $cacheSetting");
if ($ARCurrent->session->id && $cacheSetting > 0) {
// we have a session id, can we cache ?
// FIXME: add support for $serverCachePrivate in the config and cache dialog
if (!($serverCachePrivate === 1 || $ARCurrent->arDoCachePrivate != false)) {
$cacheSetting = -1;
}
}
if ($cacheSetting > 0) {
// If we are allowed to cache, write the image now.
if ($store) {
// Sanity check to only write cache images if a store was initialized;
// FIXME: cacheCallChainSettings contains the objects that were called for this cache image;
// FIXME: cacheTemplateChain containers the templates that were called for this cache image;
ldSetCache($ldCacheFilename, $cacheSetting, $image, @implode("\n", $ARCurrent->ldHeaders));
$cachestore = new cache($cache_config);
$cachestore->save($ldCacheFilename, $ARCurrent->cacheCallChainSettings, $ARCurrent->cacheTemplateChain);
}
}
}
}
}
}
}
if ($AR->ESI > 0) {
// Prevent ESI from looping when the ESI result has ESI tags in them.
// Reducing the AR->ESI number by 1 gives the flexibility to allow 2 or 3 ESI loops if desired.
// Setting it to false would mean you only get 1 ESI loop, which might not be the desired effect.
$AR->ESI = (int) $AR->ESI;
$AR->ESI--;
$image = ob_get_contents();
ob_end_clean();
include_once $store_config['code'] . "modules/mod_esi.php";
$image = ESI::esiProcess($image);
$image_len = strlen($image);
if ($ARCurrent->arDontCache) {
// FIXME: ook de cachetime 'niet cachen' uit het cachedialoog werkend maken... || $ARCurrent->cachetime == 0) {
ldSetBrowserCache(false);
}
ldHeader("Content-Length: " . $image_len);
echo $image;
}
}
$cache->setStatus(2);
} else {
if (isset($_REQUEST['statusArchived'])) {
$cache->setStatus(3);
} else {
if (isset($_REQUEST['statusLockedVisible'])) {
$cache->setStatus(6);
} else {
if (isset($_REQUEST['statusLockedInvisible'])) {
$cache->setStatus(7);
}
}
}
}
}
$cache->save();
$tpl->redirect('adminreports.php?id=' . urlencode($rid));
} elseif (isset($_REQUEST['done']) && $adminid == $login->userid) {
sql("UPDATE `cache_reports` SET `status`=3 WHERE `id`=&1", $rid);
$tpl->redirect('adminreports.php?id=' . $rid);
} elseif (isset($_REQUEST['assign']) && ($adminid == 0 || $adminid != $login->userid)) {
$error = 1;
if ($rid > 0) {
$id = $rid;
} else {
$id = 0;
}
} elseif (isset($_REQUEST['assign']) && $adminid == $login->userid) {
$error = 2;
$id = $rid;
} elseif (isset($_REQUEST['statusActive']) || isset($_REQUEST['statusTNA']) || isset($_REQUEST['statusArchived']) || isset($_REQUEST['done']) || isset($_REQUEST['statusLockedVisible']) || isset($_REQUEST['statusLockedInvisible'])) {
function start()
{
/*
Test cache
*/
if (GLOBAL_CACHE == true) {
cache::get();
}
/*
Auth observer
*/
self::observerLogout('weblogoff');
db::connect();
/*
Get site info
*/
self::getSite();
/*
Get lang
*/
$lang = lang::gets(LANG_INDEX, SITE_ID);
define('GUI_STYLE', 'http://' . SERVER . SYS_DIR . 'gui/' . SYS_STYLE);
s::set('FACE_PATH', GUI_STYLE);
s::set('SYS_DIR', SYS_DIR);
s::set('SITE', SITE);
s::set('NOW_YEAR', date('Y'));
/*
Links with links for this page and parents pages
*/
self::$page_tree = self::getThisPageTree();
/*
Pages with pages parents
*/
self::loadPageData();
/*
Page handler events
*/
if (self::get('page_handler') == '1') {
self::getHandlerEvents(self::$page['page_folder'], URI_SELF);
define('PAGE_HANDLER', true);
} else {
define('PAGE_HANDLER', false);
self::$page['this'] = arrays::lastValue(explode('/', urldecode(string::clearBoth(URI_SELF))));
}
/*
Page cache
*/
define('PAGE_CACHE_ALL', false);
define('PAGE_CACHE', false);
define('PAGE_CACHE_TIME', 2);
if (PAGE_CACHE == true && GLOBAL_CACHE == false) {
if (PAGE_CACHE_ALL == true) {
self::set('page_cache', '1');
}
if (self::get('page_cache') == '1') {
cache::get();
}
}
/*
Main page analyse
*/
if (empty(router::$sections[0])) {
define('MAIN_PAGE', true);
} else {
define('MAIN_PAGE', false);
}
/*
Error 404
*/
if (self::getError404() || isset($_SESSION['E404'])) {
unset($_SESSION['E404']);
load::handler('pages', 'main', 'view404');
}
/*
Set page variables
*/
self::$page = self::pageSettings(self::$page);
s::set(self::$page);
define('PAGE_ID', self::get('page_id'));
s::set('PAGE_ID', PAGE_ID);
/*
Set tmpl
*/
self::$site_tmpl = self::get('tmpl_file');
/*
Authentification adminUser
*/
self::$jip = false;
if (isset($_SESSION['ADMIN_AUTH'])) {
//adminUser::update('site_id', SITE_ID, $_SESSION['ADMIN_USER_ID']);
adminUser::load($_SESSION['ADMIN_USER_ID']);
if (settings::get('pages', 'jip') == '1') {
self::$jip = true;
}
}
/*
Authentification webUser
*/
self::observer();
/*
Site Handlers
*/
conf::parse('sites', SITE_ID);
if (conf::get('sites', 'methods')) {
foreach (conf::get('sites', 'methods') as $v) {
$arr = explode('::', trim($v));
if (count($arr) == 3) {
load::handler($arr[0], $arr[1], $arr[2]);
}
}
}
/*
Load pages setup
*/
load::handlerSetup('pages');
/*
Load blocks
*/
load::handler('blocks');
/*
Load page conf
*/
conf::parse('pages', PAGE_ID);
/*
Events observe
*/
if (conf::get('pages', 'events')) {
foreach (conf::get('pages', 'events') as $v) {
$arr = explode('::', trim($v));
$event_detect = events::targetDetect($arr[0], $arr[1], $arr[2]);
if ($arr[3] == 'hide') {
if ($event_detect) {
load::handler('pages', 'main', 'view404');
}
} else {
if ($arr[3] == 'handler') {
if ($event_detect) {
load::handler($arr[4], $arr[5], $arr[6]);
}
} else {
if ($arr[3] == 'replace') {
if ($event_detect) {
params::set('page_id', $arr[4]);
load::handler('pages', 'main', 'replace');
}
}
}
}
}
}
/*
Handlers class' methods
*/
if (conf::get('pages', 'methods')) {
foreach (conf::get('pages', 'methods') as $v) {
$arr = explode('::', trim($v));
if (count($arr) == 3) {
load::handler($arr[0], $arr[1], $arr[2]);
}
}
}
/*
Load tmpl conf
*/
$tmpl_id = self::get('tmpl_id');
conf::parse('tmpls', $tmpl_id);
/*
Tmpl events
*/
if (conf::get('tmpls', 'events')) {
foreach (conf::get('tmpls', 'events') as $v) {
$arr = explode('::', trim($v));
if ($arr[0]) {
if (events::targetDetect($arr[0], $arr[1], $arr[2])) {
/*
:TODO: добавить передачу в params события, его названия и его значения
*/
if ($arr[3] == 'replace') {
$tmpl_replace_id = $arr[4];
db::table('templates');
db::where('tmpl_id', $tmpl_replace_id);
self::$site_tmpl = db::get('tmpl_file');
} else {
if ($arr[3] == 'handler') {
load::handler($arr[4], $arr[5], $arr[6]);
}
}
}
}
}
}
/*
Tmpl handlers
*/
if (conf::get('tmpls', 'methods')) {
foreach (conf::get('tmpls', 'methods') as $v) {
$arr = explode('::', trim($v));
if (count($arr) == 3) {
load::handler($arr[0], $arr[1], $arr[2]);
}
}
}
/*
Set site template
*/
s::setTmpl(SYS_ROOT . 'tmpls/' . SITE . '/' . self::$site_tmpl, $lang);
/*
Get handlers
*/
s::resolver();
/*
JIP
*/
if (self::$jip) {
s::set('legenda_jip_page_path', 'http://' . SITE . SYS_DIR . 'pages/main/edit/' . PAGE_ID . '/');
self::$jip_html = '
<script src="http://' . SERVER . SYS_DIR . 'gui/js/lib/prototype.js" type="text/javascript"></script>
<script src="http://' . SERVER . SYS_DIR . 'gui/original/js/jip.js" type="text/javascript"></script>
<link rel="stylesheet" href="http://' . SERVER . SYS_DIR . 'gui/original/css/jip.css" type="text/css" />
<div id="legenda_jip_show" style="display: none;">
<a href="javascript:void(null);" onclick="legendaJIPShow();" id="legenda_jip_show_link">Показать</a>
</div>
<div id="legenda_jip" style="display: none;">
<div id="legenda_jip_inner">
<a href="javascript:void(null);" onclick="legendaJIPHide();" id="legenda_jip_hide_link">Скрыть</a>
<a href="{legenda_jip_page_path}">Редактировать страницу</a>
<select onchange="legendaJIPGoToEdit(this.value);">
<option value="0">Редактировать блок</option>
<option value="0">-----------------------------</option>
{start legenda_jip_blocks}
<option value="{path}">{name}</option>
{end legenda_jip_blocks}
</select>
<a href="http://' . SERVER . SYS_DIR . '?adminlogoff" id="legenda_jip_logout">Выход</a>
</div>
</div>
</body>';
}
/*
Site display
*/
$code = s::get();
if (isset($_SESSION['E404'])) {
headers::self();
}
echo $code;
if (PAGE_CACHE == true && GLOBAL_CACHE == false) {
if (self::$page['page_cache'] == '1') {
cache::save();
}
}
if (GLOBAL_CACHE == true) {
cache::save();
}
}
header('Content-type: application/json');
$posts = array();
$i = 0;
while ($row = $result->fetch_assoc()) {
$posts[$i++] = createPostObject($row);
}
$postsArr = array('offset' => $page, 'count' => $numrows, 'posts' => $posts);
$result->free_result();
echo json_encode($postsArr);
} else {
header('Content-type: text/xml');
$posts = '<?xml version="1.0" encoding="UTF-8"?><posts offset="' . $page . '" count="' . $numrows . '">' . "\r\n";
while ($row = $result->fetch_assoc()) {
$posts .= createPostXML($row);
}
$posts .= '</posts>';
echo $posts;
}
}
//Cache doesn't exist for search, make one.
if ($no_cache === true) {
$data = ob_get_contents();
ob_end_flush();
if ($new_tag_cache != "") {
if (!is_dir("{$main_cache_dir}" . "" . "api_cache/" . $new_tag_cache)) {
@mkdir("{$main_cache_dir}" . "" . "api_cache/" . $new_tag_cache);
}
$cache->save("api_cache/" . $new_tag_cache . "/" . $page . "." . $api_type, $data);
}
}
}
}
static function save()
{
//echo '<pre>'; var_dump(self::$data); echo '</pre>';
if (self::$changed) {
file_put_contents(appPATH . 'qg/qgCacheData.txt', serialize(self::$data));
}
if (self::$counters !== null) {
file_put_contents(appPATH . 'qg/qgCacheCounters.txt', serialize(self::$counters));
}
}
}
function cache()
{
return new cache(func_get_args());
}
register_shutdown_function(function () {
cache::save();
});
cache::init();
/* *
$Cache = cache('test',2);
if (!$Cache->get($data)) {
echo 'has not!<br>';
$data = 'test data from db'; // sets the cache on shutdown
} else {
echo 'has<br>';
}
var_dump($data);
//$Cache->remove();
/* */
