/** * Verification request + calcul signature */ function is_valid($request) { $payload = $request->getContent(); if (empty($payload)) { returnResponse('empty payload', 400); return false; } //Bignou calcul signature Gihub if (!isGithubSignatureValid($request)) { returnResponse('invalid github signature', 400); return false; } //verif valid payload if (null === json_decode($payload)) { returnResponse('invalid json body', 400); return false; } return true; }
$renew = TRUE; } try { /* Load simpleSAMLphp, configuration and metadata */ $casconfig = SimpleSAML_Configuration::getConfig('module_casserver.php'); $path = $casconfig->resolvePath($casconfig->getValue('ticketcache', 'ticketcache')); $ticketcontent = retrieveTicket($ticket, $path); $usernamefield = $casconfig->getValue('attrname', 'eduPersonPrincipalName'); $dosendattributes = $casconfig->getValue('attributes', FALSE); if (array_key_exists($usernamefield, $ticketcontent)) { returnResponse('YES', $ticketcontent[$usernamefield][0], $dosendattributes ? $ticketcontent : array()); } else { returnResponse('NO'); } } catch (Exception $e) { returnResponse('NO', $e->getMessage()); } function returnResponse($value, $content = '', $attributes = array()) { if ($value === 'YES') { $attributesxml = ""; foreach ($attributes as $attributename => $attributelist) { $attr = htmlentities($attributename); foreach ($attributelist as $attributevalue) { $attributesxml .= "<cas:{$attr}>" . htmlentities($attributevalue) . "</cas:{$attr}>\n"; } } if (sizeof($attributes)) { $attributesxml = '<cas:attributes>' . $attributesxml . '</cas:attributes>'; } echo '<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
$pgt = str_replace('_', 'PGT-', SimpleSAML_Utilities::generateID()); $content = array('attributes' => $attributes, 'forceAuthn' => false, 'proxies' => array_merge(array($service), $ticketcontent['proxies']), 'validbefore' => time() + 60); SimpleSAML_Utilities::fetch($pgtUrl . '?pgtIou=' . $pgtiou . '&pgtId=' . $pgt); storeTicket($pgt, $path, $content); $pgtiouxml = "\n<cas:proxyGrantingTicket>{$pgtiou}</cas:proxyGrantingTicket>\n"; } $proxiesxml = join("\n", array_map(create_function('$a', 'return "<cas:proxy>$a</cas:proxy>";'), $ticketcontent['proxies'])); if ($proxiesxml) { $proxiesxml = "<cas:proxies>\n{$proxiesxml}\n</cas:proxies>\n"; } returnResponse('YES', $function, $attributes[$usernamefield][0], $dosendattributes ? $attributes : array(), $pgtiouxml . $proxiesxml); } else { returnResponse('NO', $function); } } catch (Exception $e) { returnResponse('NO', $function, $e->getMessage()); } function returnResponse($value, $function, $usrname = '', $attributes = array(), $xtraxml = "") { if ($value === 'YES') { if ($function != 'validate') { $attributesxml = ""; foreach ($attributes as $attributename => $attributelist) { $attr = htmlspecialchars($attributename); foreach ($attributelist as $attributevalue) { $attributesxml .= "<cas:{$attr}>" . htmlspecialchars($attributevalue) . "</cas:{$attr}>\n"; } } if (sizeof($attributes)) { $attributesxml = "<cas:attributes>\n" . $attributesxml . "</cas:attributes>\n"; }
function reportComment($commentID, $postID, $reporterID, $reason) { $comment = getCommentForID($commentID); if (!$comment) { return returnResponse(0, "Failed to report, comment not found.", $result); } $userID = $comment['user_id']; $reportedComment = $comment['comment']; $result = dbResultFromQuery("INSERT INTO reported_comments (comment_id, post_id, user_id, comment, reporter_id, reportReason) VALUES ('{$commentID}', '{$postID}', '{$userID}', '{$reportedComment}', '{$reporterID}', '{$reason}');"); if ($result) { return returnResponse(1, "Comment reported, thank you for keeping the community clean."); } else { return returnResponse(0, "Failed to report, please try again."); } }
/** * @package WordPress * @subpackage Constructor */ function constructor_admin_save() { global $current_user, $template_uri; // setup permissions for save $permission = 0777; $directory = get_template_directory(); // get theme options $constructor = get_option('constructor'); $admin = get_option('constructor_admin'); // get theme name $theme = isset($_REQUEST['theme']) ? $_REQUEST['theme'] : $admin['theme']; $theme_old = $constructor['theme']; $theme_new = strtolower($theme); $theme_new = preg_replace('/\\W/', '-', $theme_new); $theme_new = preg_replace('/[-]+/', '-', $theme_new); $theme_uri = isset($_REQUEST['theme-uri']) ? $_REQUEST['theme-uri'] : ''; $description = stripslashes(isset($_REQUEST['description']) ? $_REQUEST['description'] : ''); $version = isset($_REQUEST['version']) ? $_REQUEST['version'] : '0.0.1'; $author = isset($_REQUEST['author']) ? $_REQUEST['author'] : ''; $author_uri = isset($_REQUEST['author-uri']) ? $_REQUEST['author-uri'] : $current_user->user_nicename; if (is_dir($directory . '/themes/' . $theme_new) && !is_writable($directory . '/themes/' . $theme_new)) { returnResponse(RESPONSE_KO, sprintf(__('Directory "%s" is not writable.', 'constructor'), $directory . '/themes/' . $theme_new)); } else { if (!is_writable($directory . '/themes/')) { returnResponse(RESPONSE_KO, sprintf(__('Directory "%s" is not writable.', 'constructor'), $directory . '/themes/')); } else { @mkdir($directory . '/themes/' . $theme_new); @chmod($directory . '/themes/' . $theme_new, $permission); } } // copy all theme images to new? directory foreach ($constructor['images'] as $img => $data) { if (!empty($data['src'])) { $file = pathinfo($data['src']); $old_image = $directory . '/' . $data['src']; $new_image = $directory . '/themes/' . $theme_new . '/' . $file['basename']; if ($old_image != $new_image) { // we are already check directory permissions if (!@copy($old_image, $new_image)) { returnResponse(RESPONSE_KO, sprintf(__('Can\'t copy file "%s".', 'constructor'), $old_image)); } // read and write for owner and everybody else @chmod($new_image, $permission); $constructor['images'][$img]['src'] = 'themes/' . $theme_new . '/' . $file['basename']; } } } // copy default screenshot (if not exist) if (!file_exists($directory . '/themes/' . $theme_new . '/screenshot.png') && file_exists($directory . '/themes/' . $theme_old . '/screenshot.png')) { if (!@copy($directory . '/themes/' . $theme_old . '/screenshot.png', $directory . '/themes/' . $theme_new . '/screenshot.png')) { returnResponse(RESPONSE_KO, sprintf(__('Can\'t copy file "%s".', 'constructor'), '/themes/' . $theme_old . '/screenshot.png')); } } elseif (!file_exists($directory . '/themes/' . $theme_new . '/screenshot.png')) { if (!@copy($directory . '/admin/images/screenshot.png', $directory . '/themes/' . $theme_new . '/screenshot.png')) { returnResponse(RESPONSE_KO, sprintf(__('Can\'t copy file "%s".', 'constructor'), '/admin/images/screenshot.png')); } } // read and write for owner and everybody else @chmod($directory . '/themes/' . $theme_new . '/screenshot.png', $permission); // update style file if (file_exists($directory . '/themes/' . $theme_old . '/style.css')) { $style = file_get_contents($directory . '/themes/' . $theme_old . '/style.css'); // match first comment /* ... */ $style = preg_replace('|\\/\\*(.*)\\*\\/|Umis', '', $style, 1); } else { $style = ''; } $style = "/*\nTheme Name: {$theme}\nTheme URI: {$theme_uri}\nDescription: {$description}\nVersion: {$version}\nAuthor: {$author}\nAuthor URI: {$author_uri}\n*/" . $style; unset($constructor['theme']); $config = "<?php \n" . "/* Save on " . date('Y-m-d H:i') . " */ \n" . "return " . var_export($constructor, true) . "\n ?>"; // update files content if (!@file_put_contents($directory . '/themes/' . $theme_new . '/style.css', $style)) { returnResponse(RESPONSE_KO, sprintf(__('Can\'t save file "%s".', 'constructor'), '/themes/' . $theme_new . '/style.css')); } if (!@file_put_contents($directory . '/themes/' . $theme_new . '/config.php', $config)) { returnResponse(RESPONSE_KO, sprintf(__('Can\'t save file "%s".', 'constructor'), '/themes/' . $theme_new . '/config.php')); } returnResponse(RESPONSE_OK, __('Theme was saved, please reload page for view changes', 'constructor')); die; }
/** * doError * * Construct an error response, and send it to the user. */ function doError($data, $code = 400) { if (is_array($data)) { $errorText = json_encode($data); } else { $errorText = $data; } $error = array("error" => $errorText); returnResponse($error, $code); }
if ($_POST['action'] === "uninstallation") { // -- Uninstall Nimbusec (execute installation file) -- $res = (require_once "/usr/local/nimbusec/nimbusec/uninstall.php"); if ($res['status']) { array_push($res['content'], "The uninstallation of the nimbusec cPanel / WHM plugin has been finished successfully."); } else { array_push($res['content'], "The uninstallation of the nimbusec cPanel / WHM plugin has been aborted suddenly. It is advised to review the nimbusec logs files to find the possible cause."); } returnResponse($res); } else { if ($_POST['action'] === "retrieveUsers") { $packages = retrieveUsers(); if (gettype($packages) == "array") { returnResponse($packages, 1); } else { returnResponse($packages); } } else { returnResponse("Unknown module called"); } } } } } } } } catch (Exception $exp) { $res = "[UNEXPECTED SPECIFIC ERROR] in {$exp->getFile()}: {$exp->getMessage()} at line {$exp->getLine()}"; returnResponse($res); } }
returnResponse(40001, "system is busy 05"); } else { $Query = $_SGLOBAL['db']->query("SELECT uid,wallname,`check` FROM " . tname('wall') . " WHERE id = '{$WallId}' "); if ($Value = $_SGLOBAL['db']->fetch_array($Query)) { $apply = $Value['uid']; $check = $Value['check']; $WallTitle = $Value['wallname']; } $isfounder = ckfounder($uid); if ($check || $isfounder || $uid == 144 || $uid == $apply) { $pass = 1; } $setarr = array('uid' => $uid, 'pass' => 1, 'username' => $username, 'message' => $message, 'wallid' => $wallid, 'ip' => 'weixin', 'timeline' => $_SGLOBAL['timestamp'], 'fromdevice' => 'wechat'); //入库 $newwallid = inserttable('wallfield', $setarr, 1); if ($check > 0 && $pass > 0) { $message = "<a href=\"plugin.php?pluginid=wall&wallid=" . $WallId . "&ac=track\">#" . $WallTitle . "#</a> " . $message; $feedarr = array('appid' => UC_APPID, 'icon' => 'doing', 'uid' => $uid, 'username' => $_SGLOBAL['supe_username'], 'dateline' => $_SGLOBAL['timestamp'], 'title_template' => cplang('feed_doing_title'), 'title_data' => saddslashes(serialize(sstripslashes(array('message' => $message)))), 'body_template' => '', 'body_data' => '', 'id' => $newwallid, 'idtype' => 'wallid'); $feedarr['hash_template'] = md5($feedarr['title_template'] . "\t" . $feedarr['body_template']); $feedarr['hash_data'] = md5($feedarr['title_template'] . "\t" . $feedarr['title_data'] . "\t" . $feedarr['body_template'] . "\t" . $feedarr['body_data']); $FeedId = inserttable('feed', $feedarr, 1); if ($FeedId) { updatetable('wallfield', array('feedid' => $FeedId), array('id' => $id)); } } returnResponse(0, "ok"); } } catch (Exception $e) { returnResponse(40001, "system is busy 28"); } }
$gid = trim($_POST["gid"]); if (inject_check($uid) || inject_check($gid)) { returnResponse(40002, "格式不正确"); } else { // // 做一些加入群组的动作 // $q = $_SGLOBAL['db']->query("SELECT name FROM " . tname('space') . " WHERE uid='{$uid}'"); $name = $_SGLOBAL['db']->fetch_array($q); $name = $name['name']; $q = $_SGLOBAL['db']->query("SELECT tagid FROM " . tname('mtag') . " WHERE tagid='{$gid}'"); $tid = $_SGLOBAL['db']->fetch_array($q); $tid = $tid['tagid']; $q = $_SGLOBAL['db']->query("SELECT 1 AS result FROM " . tname('tagspace') . " WHERE tagid='{$gid}' AND uid='{$uid}'"); $is_in_group = $_SGLOBAL['db']->fetch_array($q); $is_in_group = $is_in_group['result']; if (!$name || !$tid) { returnResponse(40002, "格式不正确"); } else { if ($is_in_group) { returnResponse(40004, "已经在群组中"); } else { jointag($uid, $gid, $_SGLOBAL['db']); returnResponse(0, $gid); } } } } catch (Exception $e) { returnResponse(40002, "格式不正确"); } }
if (array_key_exists('renew', $_GET)) { $renew = TRUE; } try { /* Load simpleSAMLphp, configuration and metadata */ $casconfig = SimpleSAML_Configuration::getConfig('module_casserver.php'); $path = $casconfig->resolvePath($casconfig->getValue('ticketcache', 'ticketcache')); $ticketcontent = retrieveTicket($ticket, $path); $usernamefield = $casconfig->getValue('attrname', 'eduPersonPrincipalName'); if (array_key_exists($usernamefield, $ticketcontent)) { returnResponse('YES', $ticketcontent[$usernamefield][0]); } else { returnResponse('NO'); } } catch (Exception $e) { returnResponse('NO'); } function returnResponse($value, $username = '') { if ($value === 'YES') { echo 'YES' . "\n" . $username; } else { echo 'NO' . "\n"; } } function storeTicket($ticket, $path, &$value) { if (!is_dir($path)) { throw new Exception('Directory for CAS Server ticket storage [' . $path . '] does not exists. '); } if (!is_writable($path)) {