Example #1
0
/**
 * Filters data from instant file uploader
 * @param array $filter_by_ext allow file extensions
 * @return mixed filtered file data on success, false otherwise
 */
function fn_filter_instant_upload($filter_by_ext = array())
{
    if (!empty($_FILES['upload'])) {
        $_FILES['upload']['path'] = $_FILES['upload']['tmp_name'];
        $uploaded_data = fn_get_local_data(Bootstrap::stripSlashes($_FILES['upload']));
        if (fn_check_uploaded_data($uploaded_data, $filter_by_ext)) {
            return $uploaded_data;
        }
    }
    return false;
}
Example #2
0
/**
 * Dispathes the execution control to correct controller
 *
 * @return nothing
 */
function fn_dispatch($controller = '', $mode = '', $action = '', $dispatch_extra = '', $area = AREA)
{
    Debugger::checkpoint('After init');
    $auth = $_SESSION['auth'];
    $controller = empty($controller) ? Registry::get('runtime.controller') : $controller;
    $mode = empty($mode) ? Registry::get('runtime.mode') : $mode;
    $action = empty($action) ? Registry::get('runtime.action') : $action;
    $dispatch_extra = empty($dispatch_extra) ? Registry::get('runtime.dispatch_extra') : $dispatch_extra;
    fn_set_hook('before_dispatch', $controller, $mode, $action, $dispatch_extra, $area);
    $view = Registry::get('view');
    $run_controllers = true;
    $external = false;
    $status = CONTROLLER_STATUS_NO_PAGE;
    // CSRF protection
    if (fn_is_csrf_protection_enabled($auth) && !fn_csrf_validate_request(array('server' => $_SERVER, 'request' => $_REQUEST, 'session' => $_SESSION, 'controller' => $controller, 'mode' => $mode, 'action' => $action, 'dispatch_extra' => $dispatch_extra, 'area' => $area, 'auth' => $auth))) {
        fn_set_notification('E', __('error'), __('text_csrf_attack'));
        fn_redirect(fn_url());
    }
    // If $config['http_host'] was different from the domain name, there was redirection to $config['http_host'] value.
    if (strtolower(Registry::get('config.current_host')) != strtolower(REAL_HOST) && $_SERVER['REQUEST_METHOD'] == 'GET' && !defined('CONSOLE')) {
        if (!empty($_SERVER['REDIRECT_URL'])) {
            $qstring = $_SERVER['REDIRECT_URL'];
        } else {
            if (!empty($_SERVER['REQUEST_URI'])) {
                $qstring = $_SERVER['REQUEST_URI'];
            } else {
                $qstring = Registry::get('config.current_url');
            }
        }
        $curent_path = Registry::get('config.current_path');
        if (!empty($curent_path) && strpos($qstring, $curent_path) === 0) {
            $qstring = substr_replace($qstring, '', 0, fn_strlen($curent_path));
        }
        fn_redirect(Registry::get('config.current_location') . $qstring, false, true);
    }
    $upload_max_filesize = Bootstrap::getIniParam('upload_max_filesize');
    $post_max_size = Bootstrap::getIniParam('post_max_size');
    if (!defined('AJAX_REQUEST') && isset($_SERVER['CONTENT_LENGTH']) && ($_SERVER['CONTENT_LENGTH'] > fn_return_bytes($upload_max_filesize) || $_SERVER['CONTENT_LENGTH'] > fn_return_bytes($post_max_size))) {
        $max_size = fn_return_bytes($upload_max_filesize) < fn_return_bytes($post_max_size) ? $upload_max_filesize : $post_max_size;
        fn_set_notification('E', __('error'), __('text_forbidden_uploaded_file_size', array('[size]' => $max_size)));
        fn_redirect($_SERVER['HTTP_REFERER']);
    }
    // If URL contains session ID, remove it
    if (!defined('AJAX_REQUEST') && !empty($_REQUEST[Session::getName()]) && $_SERVER['REQUEST_METHOD'] == 'GET') {
        fn_redirect(fn_query_remove(Registry::get('config.current_url'), Session::getName()));
    }
    // If demo mode is enabled, check permissions FIX ME - why did we need one more user login check?
    if ($area == 'A') {
        if (Registry::get('config.demo_mode') == true) {
            $run_controllers = fn_check_permissions($controller, $mode, 'demo');
            if ($run_controllers == false) {
                fn_set_notification('W', __('demo_mode'), __('demo_mode_content_text'), 'K', 'demo_mode');
                if (defined('AJAX_REQUEST')) {
                    exit;
                }
                fn_delete_notification('changes_saved');
                $status = CONTROLLER_STATUS_REDIRECT;
                $_REQUEST['redirect_url'] = !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : fn_url('');
            }
        } else {
            $run_controllers = fn_check_permissions($controller, $mode, 'admin', '', $_REQUEST);
            if ($run_controllers == false) {
                if (defined('AJAX_REQUEST')) {
                    $_info = Debugger::isActive() || fn_is_development() ? ' ' . $controller . '.' . $mode : '';
                    fn_set_notification('W', __('warning'), __('access_denied') . $_info);
                    exit;
                }
                $status = CONTROLLER_STATUS_DENIED;
            }
        }
    }
    if ($_SERVER['REQUEST_METHOD'] != 'POST' && !defined('AJAX_REQUEST')) {
        if ($area == 'A' && empty($_REQUEST['keep_location']) && !defined('CONSOLE')) {
            if (!defined('HTTPS') && Registry::get('settings.Security.secure_admin') == 'Y') {
                fn_redirect(Registry::get('config.https_location') . '/' . Registry::get('config.current_url'));
            } elseif (defined('HTTPS') && Registry::get('settings.Security.secure_admin') != 'Y') {
                fn_redirect(Registry::get('config.http_location') . '/' . Registry::get('config.current_url'));
            }
        } elseif ($area == 'C') {
            $secure_controllers = fn_get_secure_controllers();
            // if we are not on https but controller is secure, redirect to https
            if (!defined('HTTPS') && (Registry::get('settings.Security.secure_storefront') == 'full' || isset($secure_controllers[$controller]) && $secure_controllers[$controller] == 'active')) {
                fn_redirect(Registry::get('config.https_location') . '/' . Registry::get('config.current_url'), false, true);
            }
            // if we are on https and the controller is insecure, redirect to http
            if (defined('HTTPS') && Registry::get('settings.Security.secure_storefront') != 'full' && !isset($secure_controllers[$controller]) && Registry::get('settings.Security.keep_https') != 'Y') {
                fn_redirect(Registry::get('config.http_location') . '/' . Registry::get('config.current_url'), false, true);
            }
        }
    }
    LastView::instance()->prepare($_REQUEST);
    $controllers_cascade = array();
    $controllers_list = array('init');
    if ($run_controllers == true) {
        $controllers_list[] = $controller;
        $controllers_list = array_unique($controllers_list);
    }
    foreach ($controllers_list as $ctrl) {
        $core_controllers = fn_init_core_controllers($ctrl);
        list($addon_controllers) = fn_init_addon_controllers($ctrl);
        if (empty($core_controllers) && empty($addon_controllers)) {
            //$controllers_cascade = array(); // FIXME: controllers_cascade contains INIT. We should not clear initiation code.
            $status = CONTROLLER_STATUS_NO_PAGE;
            $run_controllers = false;
            break;
        }
        if (count($core_controllers) + count($addon_controllers) > 1) {
            throw new DeveloperException('Duplicate controller ' . $controller . var_export(array_merge($core_controllers, $addon_controllers), true));
        }
        $core_pre_controllers = fn_init_core_controllers($ctrl, GET_PRE_CONTROLLERS);
        $core_post_controllers = fn_init_core_controllers($ctrl, GET_POST_CONTROLLERS);
        list($addon_pre_controllers) = fn_init_addon_controllers($ctrl, GET_PRE_CONTROLLERS);
        list($addon_post_controllers, $addons) = fn_init_addon_controllers($ctrl, GET_POST_CONTROLLERS);
        // we put addon post-controller to the top of post-controller cascade if current addon serves this request
        if (count($addon_controllers)) {
            $addon_post_controllers = fn_reorder_post_controllers($addon_post_controllers, $addon_controllers[0]);
        }
        $controllers_cascade = array_merge($controllers_cascade, $addon_pre_controllers, $core_pre_controllers, $core_controllers, $addon_controllers, $core_post_controllers, $addon_post_controllers);
        if (empty($controllers_cascade)) {
            throw new DeveloperException("No controllers for: {$ctrl}");
        }
    }
    if ($mode == 'add') {
        $tpl = 'update.tpl';
    } elseif (strpos($mode, 'add_') === 0) {
        $tpl = str_replace('add_', 'update_', $mode) . '.tpl';
    } else {
        $tpl = $mode . '.tpl';
    }
    $view = Registry::get('view');
    if ($view->templateExists('views/' . $controller . '/' . $tpl)) {
        // try to find template in base views
        $view->assign('content_tpl', 'views/' . $controller . '/' . $tpl);
    } elseif (defined('LOADED_ADDON_PATH') && $view->templateExists('addons/' . LOADED_ADDON_PATH . '/views/' . $controller . '/' . $tpl)) {
        // try to find template in addon views
        $view->assign('content_tpl', 'addons/' . LOADED_ADDON_PATH . '/views/' . $controller . '/' . $tpl);
    } elseif (!empty($addons)) {
        // try to find template in addon views that extend base views
        foreach ($addons as $addon => $_v) {
            if ($view->templateExists('addons/' . $addon . '/views/' . $controller . '/' . $tpl)) {
                $view->assign('content_tpl', 'addons/' . $addon . '/views/' . $controller . '/' . $tpl);
                break;
            }
        }
    }
    /**
     * Performs actions after template assignment and before controller run
     *
     * @param string $controller          controller name
     * @param string $mode                controller mode name
     * @param string $area                current working area
     * @param array  $controllers_cascade list of controllers to run
     */
    fn_set_hook('dispatch_assign_template', $controller, $mode, $area, $controllers_cascade);
    foreach ($controllers_cascade as $item) {
        $_res = fn_run_controller($item, $controller, $mode, $action, $dispatch_extra);
        // 0 - status, 1 - url
        $url = !empty($_res[1]) ? $_res[1] : '';
        $external = !empty($_res[2]) ? $_res[2] : false;
        $permanent = !empty($_res[3]) ? $_res[3] : false;
        // Status could be changed only if we allow to run controllers despite of init controller
        if ($run_controllers == true) {
            $status = !empty($_res[0]) ? $_res[0] : CONTROLLER_STATUS_OK;
        }
        if ($status == CONTROLLER_STATUS_OK && !empty($url)) {
            $redirect_url = $url;
        } elseif ($status == CONTROLLER_STATUS_REDIRECT && !empty($url)) {
            $redirect_url = $url;
            break;
        } elseif ($status == CONTROLLER_STATUS_DENIED || $status == CONTROLLER_STATUS_NO_PAGE) {
            break;
        }
    }
    LastView::instance()->init($_REQUEST);
    // In console mode, just stop here
    if (defined('CONSOLE')) {
        $notifications = fn_get_notifications();
        $exit_code = 0;
        foreach ($notifications as $n) {
            fn_echo('[' . $n['title'] . '] ' . $n['message'] . "\n");
            if ($n['type'] == 'E') {
                $exit_code = 1;
            }
        }
        exit($exit_code);
    }
    if (!empty($auth['this_login']) && Registry::ifGet($auth['this_login'], 'N') === 'Y') {
        fn_set_notification('E', __('error'), __(ACCOUNT_TYPE . LOGIN_STATUS_USER_DISABLED));
        $status = CONTROLLER_STATUS_DENIED;
    }
    // [Block manager]
    // block manager is disabled for vendors.
    if (!(fn_allowed_for('MULTIVENDOR') && Registry::get('runtime.company_id') || fn_allowed_for('ULTIMATE') && !Registry::get('runtime.company_id'))) {
        if (fn_check_permissions('block_manager', 'manage', 'admin')) {
            $dynamic_object = SchemesManager::getDynamicObject($_REQUEST['dispatch'], $area, $_REQUEST);
            if (!empty($dynamic_object)) {
                if ($area == 'A' && Registry::get('runtime.mode') != 'add' && !empty($_REQUEST[$dynamic_object['key']])) {
                    $object_id = $_REQUEST[$dynamic_object['key']];
                    $location = Location::instance()->get($dynamic_object['customer_dispatch'], $dynamic_object, CART_LANGUAGE);
                    if (!empty($location) && $location['is_default'] != 1) {
                        $params = array('dynamic_object' => array('object_type' => $dynamic_object['object_type'], 'object_id' => $object_id), $dynamic_object['key'] => $object_id, 'manage_url' => Registry::get('config.current_url'));
                        Registry::set('navigation.tabs.blocks', array('title' => __('layouts'), 'href' => 'block_manager.manage_in_tab?' . http_build_query($params), 'ajax' => true));
                    }
                }
            }
        }
    }
    // [/Block manager]
    // Redirect if controller returned successful/redirect status only
    if (in_array($status, array(CONTROLLER_STATUS_OK, CONTROLLER_STATUS_REDIRECT)) && !empty($_REQUEST['redirect_url']) && !$external) {
        $redirect_url = $_REQUEST['redirect_url'];
    }
    // If controller returns "Redirect" status, check if redirect url exists
    if ($status == CONTROLLER_STATUS_REDIRECT && empty($redirect_url)) {
        $status = CONTROLLER_STATUS_NO_PAGE;
    }
    // In backend show "changes saved" notification
    if ($area == 'A' && $_SERVER['REQUEST_METHOD'] == 'POST' && in_array($status, array(CONTROLLER_STATUS_OK, CONTROLLER_STATUS_REDIRECT))) {
        if (strpos($mode, 'update') !== false && $mode != 'update_status' && $mode != 'update_mode' && !fn_notification_exists('extra', 'demo_mode') && !fn_notification_exists('type', 'E')) {
            fn_set_notification('N', __('notice'), __('text_changes_saved'), 'I', 'changes_saved');
        }
    }
    // Attach params and redirect if needed
    if (in_array($status, array(CONTROLLER_STATUS_OK, CONTROLLER_STATUS_REDIRECT)) && !empty($redirect_url)) {
        if (!isset($_REQUEST['return_to_list'])) {
            $params = array('page', 'selected_section', 'active_tab');
            $url_params = array();
            foreach ($params as $param) {
                if (!empty($_REQUEST[$param])) {
                    $url_params[$param] = $_REQUEST[$param];
                }
            }
            if (!empty($url_params)) {
                $redirect_url = fn_link_attach($redirect_url, http_build_query($url_params));
            }
        }
        if (!isset($external)) {
            $external = false;
        }
        if (!isset($permanent)) {
            $permanent = false;
        }
        fn_redirect($redirect_url, $external, $permanent);
    }
    if (!$view->getTemplateVars('content_tpl') && $status == CONTROLLER_STATUS_OK) {
        // FIXME
        $status = CONTROLLER_STATUS_NO_PAGE;
    }
    if ($status != CONTROLLER_STATUS_OK) {
        if ($status == CONTROLLER_STATUS_NO_PAGE) {
            if ($area == 'A' && empty($auth['user_id'])) {
                // If admin is not logged in redirect to login page from not found page
                fn_set_notification('W', __('page_not_found'), __('page_not_found_text'));
                fn_redirect("auth.login_form");
            }
            header(' ', true, 404);
        }
        $view->assign('exception_status', $status);
        if ($area == 'A') {
            $view->assign('content_tpl', 'exception.tpl');
            // for backend only
        }
        if ($status == CONTROLLER_STATUS_DENIED) {
            $view->assign('page_title', __('access_denied'));
        } elseif ($status == CONTROLLER_STATUS_NO_PAGE) {
            $view->assign('page_title', __('page_not_found'));
        }
    }
    fn_set_hook('dispatch_before_display');
    Debugger::checkpoint('Before TPL');
    // Pass current URL to ajax response only if we render whole page
    if (defined('AJAX_REQUEST') && Registry::get('runtime.root_template') == 'index.tpl') {
        Registry::get('ajax')->assign('current_url', fn_url(Registry::get('config.current_url'), $area, 'current'));
    }
    Registry::get('view')->display(Registry::get('runtime.root_template'));
    Debugger::checkpoint('After TPL');
    Debugger::display();
    fn_set_hook('complete');
    if (defined('AJAX_REQUEST')) {
        // HHVM workaround. Destroy Ajax object manually if it has been created.
        $ajax = Registry::get('ajax');
        $ajax = null;
    }
    exit;
    // stop execution
}
Example #3
0
}
if (Registry::get('config.demo_mode')) {
    // ElFinder should not work in demo mode
    $message = json_encode(array('error' => __('error_demo_mode')));
    exit($message);
}
if (AREA == 'C') {
    if (!Registry::get('runtime.customization_mode.live_editor')) {
        die('Access denied');
    }
}
$private_files_path = fn_get_files_dir_path();
$public_files_path = fn_get_public_files_path();
fn_mkdir($private_files_path);
fn_mkdir($public_files_path);
$start_path = '';
if (!empty($_REQUEST['init']) && !empty($_REQUEST['start_path'])) {
    unset($_GET['target']);
    $start_path = fn_normalize_path($private_files_path . $_REQUEST['start_path']);
    if (strpos($start_path, $private_files_path) !== 0) {
        $start_path = '';
    }
}
$extra_path = str_replace(Storage::instance('images')->getAbsolutePath(''), '', $public_files_path);
$opts = array('roots' => array(array('driver' => 'Tygh\\ElFinder\\Volume', 'uploadDeny' => Registry::get('config.forbidden_mime_types'), 'fileMode' => DEFAULT_FILE_PERMISSIONS, 'dirMode' => DEFAULT_DIR_PERMISSIONS, 'uploadMaxSize' => Bootstrap::getIniParam('upload_max_filesize', true), 'alias' => __('private_files'), 'tmbPath' => '', 'path' => $private_files_path, 'startPath' => $start_path, 'mimeDetect' => 'internal', 'archiveMimes' => array('application/zip'), 'icon' => Registry::get('config.current_location') . '/js/lib/elfinder/img/volume_icon_local.png'), array('driver' => 'Tygh\\ElFinder\\Volume', 'uploadDeny' => Registry::get('config.forbidden_mime_types'), 'fileMode' => DEFAULT_FILE_PERMISSIONS, 'dirMode' => DEFAULT_DIR_PERMISSIONS, 'uploadMaxSize' => Bootstrap::getIniParam('upload_max_filesize', true), 'alias' => __('public_files'), 'tmbPath' => '', 'path' => $public_files_path, 'URL' => Storage::instance('images')->getUrl($extra_path), 'mimeDetect' => 'internal', 'archiveMimes' => array('application/zip'), 'icon' => Registry::get('config.current_location') . '/js/lib/elfinder/img/volume_icon_local.png')));
if ($mode == 'images') {
    unset($opts['roots'][0]);
}
$connector = new \elFinderConnector(new Core($opts));
$connector->run();
exit;
Example #4
0
* and use this program.                                                    *
*                                                                          *
****************************************************************************
* PLEASE READ THE FULL TEXT  OF THE SOFTWARE  LICENSE   AGREEMENT  IN  THE *
* "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE.            *
****************************************************************************/
use Tygh\Bootstrap;
use Tygh\Debugger;
use Tygh\Registry;
// Register autoloader
$this_dir = dirname(__FILE__);
$classLoader = (require $this_dir . '/app/lib/vendor/autoload.php');
$classLoader->add('Tygh', $this_dir . '/app');
class_alias('\\Tygh\\Tygh', 'Tygh');
// Prepare environment and process request vars
list($_REQUEST, $_SERVER, $_GET, $_POST) = Bootstrap::initEnv($_GET, $_POST, $_SERVER, $this_dir);
// Get config data
$config = (require DIR_ROOT . '/config.php');
if (isset($_REQUEST['version'])) {
    die(PRODUCT_NAME . ' <b>' . PRODUCT_VERSION . ' ' . (PRODUCT_STATUS != '' ? ' (' . PRODUCT_STATUS . ')' : '') . (PRODUCT_BUILD != '' ? ' ' . PRODUCT_BUILD : '') . '</b>');
}
Debugger::init(false, $config);
// Start debugger log
Debugger::checkpoint('Before init');
// Callback: verifies if https works
if (isset($_REQUEST['check_https'])) {
    die(defined('HTTPS') ? 'OK' : '');
}
// Check if software is installed
if ($config['db_host'] == '%DB_HOST%') {
    die(PRODUCT_NAME . ' is <b>not installed</b>. Please click here to start the installation process: <a href="install/">[install]</a>');
Example #5
0
 /**
  * Init's applicaion // FIXME: Bad method...
  *
  * @param  array $params Params for initiate installer
  * @return bool  Always true
  */
 public function init($params = array())
 {
     if (defined('INSTALLER_INITED')) {
         return true;
     }
     $config = array();
     define('AREA', 'A');
     define('ACCOUNT_TYPE', 'admin');
     date_default_timezone_set('Europe/Moscow');
     $base_path = isset($params['base_path']) ? $params['base_path'] : realpath(dirname(__FILE__) . '/../../../');
     // Register autoloader
     $classLoader = (require $base_path . '/app/lib/vendor/autoload.php');
     $classLoader->add('Tygh', realpath($base_path . '/app'));
     // Prepare environment and process request vars
     list($_REQUEST, $_SERVER) = Bootstrap::initEnv($_GET, $_POST, $_SERVER, $base_path);
     if (defined('CONSOLE')) {
         chdir(getcwd() . '/install');
     }
     // Get config data
     $config = (require DIR_ROOT . '/config.php');
     if (isset($_REQUEST['version'])) {
         die(PRODUCT_NAME . ': version <b>' . PRODUCT_VERSION . ' ' . PRODUCT_EDITION . (PRODUCT_STATUS != '' ? ' (' . PRODUCT_STATUS . ')' : '') . (PRODUCT_BUILD != '' ? ' ' . PRODUCT_BUILD : '') . '</b>');
     }
     // Callback: verifies if https works
     if (isset($_REQUEST['check_https'])) {
         die(defined('HTTPS') ? 'OK' : '');
     }
     // Load core functions
     $fn_list = array('fn.addons.php', 'fn.companies.php', 'fn.database.php', 'fn.fs.php', 'fn.cms.php', 'fn.cart.php', 'fn.common.php', 'fn.control.php', 'fn.init.php', 'fn.users.php', 'fn.images.php', 'fn.log.php');
     if (PRODUCT_EDITION == 'MULTIVENDOR' || PRODUCT_EDITION == 'ULTIMATE') {
         $fn_list[] = 'fn.' . strtolower(PRODUCT_EDITION) . '.php';
     }
     foreach ($fn_list as $file) {
         require $config['dir']['functions'] . $file;
     }
     $config['dir']['install_themes'] = is_dir($config['dir']['root'] . '/var/themes_repository') ? $config['dir']['root'] . '/var/themes_repository' : $config['dir']['root'] . '/themes';
     $config['dir']['install'] = $config['dir']['root'] . '/install/';
     $classLoader->add('', $config['dir']['install'] . 'app/');
     Registry::set('class_loader', $classLoader);
     Registry::set('config', $config);
     $session_id = session_id();
     if (empty($session_id)) {
         session_start();
     }
     fn_init_ajax();
     // Init storage
     Registry::set('runtime.storage', array('storage' => 'file'));
     if (!empty($params['sl'])) {
         $this->setCurrentLangCode($params['sl']);
     } elseif ($this->getFromStorage('sl')) {
         $this->setCurrentLangCode($this->getFromStorage('sl'));
     } else {
         $this->setCurrentLangCode(self::DEFAULT_LANGUAGE);
     }
     $this->_loadLanguageVariables();
     //define DEFAULT_LANGUAGE for correct addon installing
     if (!defined('DEFAULT_LANGUAGE')) {
         define('DEFAULT_LANGUAGE', self::DEFAULT_LANGUAGE);
     }
     define('INSTALLER_INITED', true);
     unset($config);
 }
Example #6
0
/**
 * Finds file and return real path to it
 *
 * @param string $prefix path to search in
 * @param string $file Filename, can be URL, absolute or relative path
 * @return mixed String path to the file or false if file is not found.
 */
function fn_find_file($prefix, $file)
{
    $file = Bootstrap::stripSlashes($file);
    // Url
    if (strpos($file, '://') !== false) {
        return $file;
    }
    $prefix = fn_normalize_path(rtrim($prefix, '/'));
    $file = fn_normalize_path($file);
    $files_path = fn_get_files_dir_path();
    // Absolute path
    if (is_file($file) && strpos($file, $files_path) === 0) {
        return $file;
    }
    // Path is relative to files directory
    if (is_file($files_path . $file)) {
        return $files_path . $file;
    }
    // Path is relative to prefix inside files directory
    if (is_file($files_path . $prefix . '/' . $file)) {
        return $files_path . $prefix . '/' . $file;
    }
    // Prefix is absolute path
    if (strpos($prefix, $files_path) === 0 && is_file($prefix . '/' . $file)) {
        return $prefix . '/' . $file;
    }
    return false;
}
Example #7
0
function fn_trusted_vars()
{
    $args = func_get_args();
    if (sizeof($args) > 0) {
        foreach ($args as $k => $v) {
            if (isset($_POST[$v])) {
                $_REQUEST[$v] = !defined('QUOTES_ENABLED') ? $_POST[$v] : Bootstrap::stripSlashes($_POST[$v]);
            } elseif (isset($_GET[$v])) {
                $_REQUEST[$v] = !defined('QUOTES_ENABLED') ? $_GET[$v] : Bootstrap::stripSlashes($_GET[$v]);
            }
        }
    }
    return true;
}
Example #8
0
 public function _addDellinCities($url_cities, $post)
 {
     $file_dir = fn_get_files_dir_path() . "dellin/";
     fn_mkdir($file_dir);
     @chmod($file_dir, 0777);
     $file_path = $file_dir . date("Y-m-d", TIME) . '_cities.csv';
     if (!file_exists($file_path)) {
         $response = Http::post($url_cities, json_encode($post), $this->url_params);
         $result = (array) json_decode($response);
         file_put_contents($file_path, file_get_contents($result['url']));
         if (!empty($result['url'])) {
             $max_line_size = 65536;
             // 64 Кб
             $data_city = array();
             $delimiter = ',';
             $encoding = fn_detect_encoding($result['url'], 'F', CART_LANGUAGE);
             if (!empty($encoding)) {
                 $result['url'] = fn_convert_encoding($encoding, 'UTF-8', $result['url'], 'F');
             } else {
                 fn_set_notification('W', __('warning'), __('text_exim_utf8_file_format'));
             }
             $f = false;
             if ($result['url'] !== false) {
                 $f = fopen($result['url'], 'rb');
             }
             if ($f) {
                 $import_schema = fgetcsv($f, $max_line_size, $delimiter);
                 $schema_size = sizeof($import_schema);
                 $skipped_lines = array();
                 $line_it = 1;
                 while (($data = fn_fgetcsv($f, $max_line_size, $delimiter)) !== false) {
                     $line_it++;
                     if (fn_is_empty($data)) {
                         continue;
                     }
                     if (sizeof($data) != $schema_size) {
                         $skipped_lines[] = $line_it;
                         continue;
                     }
                     $data = str_replace(array('\\r', '\\n', '\\t', '"'), '', $data);
                     $data_city = array_combine($import_schema, Bootstrap::stripSlashes($data));
                     if (!empty($data_city)) {
                         $dellin_city = array('number_city' => $data_city['id'], 'code_kladr' => str_replace(' ', '', $data_city['codeKLADR']), 'is_terminal' => $data_city['isTerminal']);
                         $first_pos = strpos($data_city['name'], '(');
                         $end_pos = strpos($data_city['name'], ')') - $first_pos;
                         if (!empty($first_pos)) {
                             $dellin_city['state'] = str_replace(array("(", ")"), "", substr($data_city['name'], $first_pos, $end_pos));
                             $dellin_city['city'] = str_replace(array('(' . $dellin_city['state'] . ')', '"'), "", $data_city['name']);
                         } else {
                             $dellin_city['state'] = str_replace(array('г.', 'г', 'г. ', 'г '), '', $data_city['name']);
                             $dellin_city['city'] = $data_city['name'];
                         }
                         $dellin_city['city_id'] = db_get_field("SELECT city_id FROM ?:rus_dellin_cities WHERE code_kladr = ?s", $dellin_city['code_kladr']);
                         db_query("REPLACE INTO ?:rus_dellin_cities ?e", $dellin_city);
                     }
                 }
             }
         }
     }
 }
 /**
  * Check if session.autostart is disabled
  *
  * @return bool true if disabled
  */
 public function isSessionAutostartDisabled()
 {
     $checking_result = Bootstrap::getIniParam('session.auto_start') == true ? false : true;
     return $checking_result;
 }
Example #10
0
/**
 * Filter data from file uploader
 *
 * @param string $name
 * @return array $filtered
 */
function fn_filter_uploaded_data($name, $filter_by_ext = array())
{
    $udata_local = fn_rebuild_files('file_' . $name);
    $udata_other = !empty($_REQUEST['file_' . $name]) ? $_REQUEST['file_' . $name] : array();
    $utype = !empty($_REQUEST['type_' . $name]) ? $_REQUEST['type_' . $name] : array();
    //var_dump($name);echo"<br/>";
    //    if($name=='p_feature_var_extra_image_detailed'){
    //        var_dump($utype);die();
    //    }
    if (empty($utype)) {
        return array();
    }
    $filtered = array();
    foreach ($utype as $id => $type) {
        if ($type == 'local' && !fn_is_empty(@$udata_local[$id])) {
            $filtered[$id] = fn_get_local_data(Bootstrap::stripSlashes($udata_local[$id]));
        } elseif ($type == 'server' && !fn_is_empty(@$udata_other[$id]) && AREA == 'A') {
            fn_get_last_key($udata_other[$id], 'fn_get_server_data', true);
            $filtered[$id] = $udata_other[$id];
        } elseif ($type == 'url' && !fn_is_empty(@$udata_other[$id])) {
            fn_get_last_key($udata_other[$id], 'fn_get_url_data', true);
            $filtered[$id] = $udata_other[$id];
        }
        if (isset($filtered[$id]) && $filtered[$id] === false) {
            unset($filtered[$id]);
            fn_set_notification('E', __('error'), __('cant_upload_file'));
        }
        if (!empty($filtered[$id]) && is_array($filtered[$id]) && !empty($filtered[$id]['name'])) {
            $filtered[$id]['name'] = str_replace(' ', '_', urldecode($filtered[$id]['name']));
            // replace spaces with underscores
            $ext = fn_get_file_ext($filtered[$id]['name']);
            if (!empty($filter_by_ext) && !in_array(fn_strtolower($ext), $filter_by_ext)) {
                unset($filtered[$id]);
                fn_set_notification('E', __('error'), __('text_not_allowed_to_upload_file_extension', array('[ext]' => $ext)));
            } elseif (in_array(fn_strtolower($ext), Registry::get('config.forbidden_file_extensions'))) {
                unset($filtered[$id]);
                fn_set_notification('E', __('error'), __('text_forbidden_file_extension', array('[ext]' => $ext)));
            }
        }
        if (!empty($filtered[$id]['path']) && in_array(fn_get_mime_content_type($filtered[$id]['path'], true, 'text/plain'), Registry::get('config.forbidden_mime_types'))) {
            fn_set_notification('E', __('error'), __('text_forbidden_file_mime', array('[mime]' => fn_get_mime_content_type($filtered[$id]['path'], true, 'text/plain'))));
            unset($filtered[$id]);
        }
    }
    static $shutdown_inited;
    if (!$shutdown_inited) {
        $shutdown_inited = true;
        register_shutdown_function('fn_remove_temp_data');
    }
    return $filtered;
}
Example #11
0
 /**
  * Starts session
  * @param array $request Request data
  */
 public static function start($request = array())
 {
     $sess_id = self::getId();
     if (empty($_COOKIE[self::$_name]) && empty($sess_id)) {
         self::setId(self::_generateId());
     }
     // Force transfer session id to cookies if it passed via url
     if (!empty($request[self::$_name])) {
         self::setId($request[self::$_name], false);
     }
     session_name(self::$_name);
     session_start();
     // Session checker (for external services, returns "OK" if session exists, empty - otherwise)
     if (!empty($request['check_session'])) {
         die(!empty($_SESSION) ? 'OK' : '');
     }
     // Validate session
     if (!defined('SKIP_SESSION_VALIDATION')) {
         $validator_data = self::getValidatorData();
         if (!isset($_SESSION['_validator_data'])) {
             $_SESSION['_validator_data'] = $validator_data;
         } else {
             if ($_SESSION['_validator_data'] != $validator_data) {
                 session_regenerate_id();
                 $_SESSION = array();
             }
         }
     }
     // _SESSION superglobal variable populates here, so remove it from global scope if needed
     if (Bootstrap::getIniParam('register_globals')) {
         Bootstrap::unregisterGlobals('_SESSION');
     }
 }