header("HTTP/1.0 403"); i18n('ERROR_UPLOAD'); die; } foreach ($errors as $msg) { $error = $msg . '<br />'; } } } } // if creating new folder if (isset($_GET['newfolder']) && $allowcreatefolder) { check_for_csrf("createfolder"); $newfolder = $_GET['newfolder']; // check for invalid chars $cleanname = clean_url(to7bit(strippath($newfolder), "UTF-8")); $cleanname = basename($cleanname); if (file_exists($path . $cleanname) || $cleanname == '') { $error = i18n_r('ERROR_FOLDER_EXISTS'); } else { if (getDef('GSCHMOD')) { $chmod_value = GSCHMOD; } else { $chmod_value = 0755; } if (create_dir($path . $cleanname, $chmod_value)) { //create folder for thumbnails $thumbFolder = GSTHUMBNAILPATH . $subFolder . $cleanname; if (!file_exists($thumbFolder)) { create_dir($thumbFolder, $chmod_value); }
/** * clean ids for use as indexes * * Removes characters that don't work in URLs or IDs * Mostly used for filenames for slugs and user names * * @param string $text * @return string */ function _id($text) { $text = to7bit($text, "UTF-8"); $text = clean_url($text); $text = preg_replace('/[[:cntrl:]]/', '', $text); //remove control characters that cause interface to choke return lowercase($text); }
// is a slug provided? if ($_POST['post-id']) { $url = $_POST['post-id']; if (isset($i18n['TRANSLITERATION']) && is_array($translit = $i18n['TRANSLITERATION']) && count($translit > 0)) { $url = str_replace(array_keys($translit), array_values($translit), $url); } $url = to7bit($url, "UTF-8"); $url = clean_url($url); //old way } else { if ($_POST['post-title']) { $url = $_POST['post-title']; if (isset($i18n['TRANSLITERATION']) && is_array($translit = $i18n['TRANSLITERATION']) && count($translit > 0)) { $url = str_replace(array_keys($translit), array_values($translit), $url); } $url = to7bit($url, "UTF-8"); $url = clean_url($url); //old way } else { $url = "temp"; } } //check again to see if the URL is empty if (trim($url) == '') { redirect("edit.php?upd=edit-err&type=" . urlencode(i18n_r('CANNOT_SAVE_EMPTY'))); } // was the slug changed on an existing page? if (isset($_POST['existing-url'])) { if ($_POST['post-id'] != $_POST['existing-url']) { // dont change the index page's slug if ($_POST['existing-url'] == 'index') {
$ids = $_POST['id']; $nonce = $_POST['nonce']; if (!check_nonce($nonce, "modify_components")) { die("CSRF detected!"); } // create backup file for undo createBak($file, $path, $bakpath); //top of xml file $xml = @new SimpleXMLExtended('<?xml version="1.0" encoding="UTF-8"?><channel></channel>'); if (count($ids) != 0) { $ct = 0; $coArray = array(); foreach ($ids as $id) { if ($title[$ct] != null && $value[$ct] != null) { if ($slug[$ct] == null) { $slug_tmp = to7bit($title[$ct], 'UTF-8'); $slug[$ct] = clean_url($slug_tmp); $slug_tmp = ''; } $coArray[$ct]['id'] = $ids[$ct]; $coArray[$ct]['title'] = htmlentities($title[$ct], ENT_QUOTES, 'UTF-8'); $coArray[$ct]['slug'] = $slug[$ct]; $coArray[$ct]['value'] = htmlentities($value[$ct], ENT_QUOTES, 'UTF-8'); } $ct++; } $ids = subval_sort($coArray, 'title'); $count = 0; foreach ($ids as $comp) { //body of xml file $components = $xml->addChild('item');
* @subpackage Files */ // Setup inclusions $load['plugin'] = true; // Include common.php include 'inc/common.php'; if (!defined('GSIMAGEWIDTH')) { $width = 200; //New width of image } else { $width = GSIMAGEWIDTH; } if ($_POST['sessionHash'] === $SESSIONHASH) { if (!empty($_FILES)) { $tempFile = $_FILES['Filedata']['tmp_name']; $name = clean_img_name(to7bit($_FILES['Filedata']['name'])); $targetPath = isset($_POST['path']) ? GSDATAUPLOADPATH . $_POST['path'] . "/" : GSDATAUPLOADPATH; $targetFile = str_replace('//', '/', $targetPath) . $name; //validate file if (validate_safe_file($tempFile, $_FILES["Filedata"]["name"], $_FILES["Filedata"]["type"])) { move_uploaded_file($tempFile, $targetFile); if (defined('GSCHMOD')) { chmod($targetFile, GSCHMOD); } else { chmod($targetFile, 0644); } exec_action('file-uploaded'); } else { i18n('ERROR_UPLOAD'); exit; }
/** * Creates slug for blog posts * * @return string the generated slug */ public function blog_create_slug($str) { global $i18n; if (isset($i18n['TRANSLITERATION']) && is_array($translit = $i18n['TRANSLITERATION']) && count($translit > 0)) { $str = str_replace(array_keys($translit), array_values($translit), $str); } $str = to7bit($str, 'UTF-8'); $str = clean_url($str); return $str; }
function addComponentItem($xml, $title, $value, $active, $slug = null) { if ($title != null && !empty($title)) { if ($slug == null || _id($slug) == '') { $slug = to7bit($title, 'UTF-8'); $slug = clean_url($slug); } $title = safe_slash_html($title); $value = safe_slash_html($value); $disabled = $active; if (!is_object($xml)) { $xml = new SimpleXMLExtended('<?xml version="1.0" encoding="UTF-8"?><item></item>'); } # create the body of components.xml file $component = $xml->addChild('item'); $c_note = $component->addChild('title'); $c_note->addCData($title); $component->addChild('slug', $slug); $c_note = $component->addChild('value'); $c_note->addCData($value); $c_note = $component->addChild('disabled'); $c_note->addCData($disabled); } // debugLog(var_dump($component->asXML())); return $xml; }
/** * Clean for JS * * clean string to be suitable for use in javascript * * @param string $text * @return string */ function clean_js($text) { if (function_exists('mb_strtolower')) { $text = strip_tags(mb_strtolower($text)); } else { $text = strip_tags(strtolower($text)); } $code_entities_match = array(' ?', ' ', '-', '--', '"', '!', 'é', '@', '#', '$', '%', '^', '&', '*', '(', ')', '+', '{', '}', '|', ':', '"', '<', '>', '?', '[', ']', '\\', ';', "'", ',', '.', '/', '*', '+', '~', '`', '='); $text = str_replace($code_entities_match, '', $text); $text = urlencode(to7bit($text)); return str_replace('%', '', $text); }
} } } } // if creating new folder if (isset($_GET['newfolder'])) { // check for csrf if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) { $nonce = $_GET['nonce']; if (!check_nonce($nonce, "createfolder")) { die("CSRF detected!"); } } $newfolder = $_GET['newfolder']; // check for invalid chars $cleanname = clean_url(to7bit($newfolder, "UTF-8")); if (file_exists($path . $cleanname) || $cleanname == '') { $error = i18n_r('ERROR_FOLDER_EXISTS'); } else { if (defined('GSCHMOD')) { $chmod_value = GSCHMOD; } else { $chmod_value = 0755; } if (mkdir($path . $cleanname, $chmod_value)) { //create folder for thumbnails $thumbFolder = GSTHUMBNAILPATH . $subFolder . $cleanname; if (!file_exists($thumbFolder)) { mkdir($thumbFolder, $chmod_value); } $success = sprintf(i18n_r('FOLDER_CREATED'), $cleanname);
/** * Creates slug for blog posts * * @return string the generated slug */ public function blog_create_slug($str) { $str = to7bit($str, 'UTF-8'); $str = clean_url($str); return $str; }
if (!I18nGallery::checkPrerequisites()) { $msg = i18n_r('i18n_gallery/MISSING_DIR'); } else { if (isset($_GET['undo']) && !isset($_POST['save'])) { $newname = @$_GET['new'] ? $_GET['new'] : $name; if (i18n_gallery_save_undo($name, $newname)) { $msg = i18n_r('i18n_gallery/UNDO_SUCCESS'); $success = true; } else { $msg = i18n_r('i18n_gallery/UNDO_FAILURE'); } $gallery = return_i18n_gallery(@$_GET['name']); } else { if (isset($_POST['save'])) { if (!@$_POST['post-name']) { $_POST['post-name'] = clean_url(to7bit(@$_POST['post-title'], 'UTF-8')); } if (!preg_match('/^[A-Za-z0-9-]+$/', @$_POST['post-name'])) { $msg = i18n_r('i18n_gallery/ERR_INVALID_NAME'); } else { if (!@$_POST['post-title']) { $msg = i18n_r('i18n_gallery/ERR_EMPTY_TITLE'); } else { if (!@$_POST['post-item_0_filename']) { $msg = i18n_r('i18n_gallery/ERR_NO_IMAGES'); } else { if (@$_POST['post-name'] != @$_GET['name'] && file_exists(GSDATAPATH . I18N_GALLERY_DIR . @$_POST['post-name'] . '.xml')) { $msg = i18n_r('i18n_gallery/ERR_DUPLICATE_NAME'); } } }
/** * Get Component * * This will return the component requested. * Components are parsed for PHP within them. * * @since 1.0 * @uses GSDATAOTHERPATH * @uses getXML * @modified mvlcek 6/12/2011 * * @param string $id This is the ID of the component you want to display * True will return value in XML format. False will return an array * @return string */ function get_component($id) { global $components; // normalize id $id = to7bit($id, 'UTF-8'); $id = clean_url($id); if (!$components) { if (file_exists(GSDATAOTHERPATH . 'components.xml')) { $data = getXML(GSDATAOTHERPATH . 'components.xml'); $components = $data->item; } else { $components = array(); } } if (count($components) > 0) { foreach ($components as $component) { if ($id == $component->slug) { eval("?>" . strip_decode($component->value) . "<?php "); } } } }
/** * get xml for an individual component * returns an array since duplicates are possible on component slugs * * @since 3.4.0 * * @param str $id component id * @return array of simpleXmlObj matching slug */ function get_component_xml($id) { // normalize id $id = to7bit($id, 'UTF-8'); $id = clean_url($id); if (!$id) { return; } return get_components_xml()->xpath("//slug[.='" . $id . "']/.."); }
$load['plugin'] = true; // Include common.php include 'inc/common.php'; if (!defined('GSIMAGEWIDTH')) { $width = 200; //New width of image } else { $width = GSIMAGEWIDTH; } if ($_POST['sessionHash'] === $SESSIONHASH) { if (!empty($_FILES)) { $tempFile = $_FILES['Filedata']['tmp_name']; $file = $_FILES['Filedata']['name']; $extension = pathinfo($file, PATHINFO_EXTENSION); $name = pathinfo($file, PATHINFO_FILENAME); $name = clean_img_name(to7bit($name)); $targetPath = isset($_POST['path']) ? GSDATAUPLOADPATH . $_POST['path'] . "/" : GSDATAUPLOADPATH; $targetFile = str_replace('//', '/', $targetPath) . $name . '.' . $extension; //validate file if (validate_safe_file($tempFile, $_FILES["Filedata"]["name"])) { move_uploaded_file($tempFile, $targetFile); if (defined('GSCHMOD')) { chmod($targetFile, GSCHMOD); } else { chmod($targetFile, 0644); } exec_action('file-uploaded'); } else { die(i18n_r('ERROR_UPLOAD') . ' - ' . i18n_r('BAD_FILE')); // invalid file }
/** * Clean ID * * Removes characters that don't work in URLs or IDs * * @param string $text * @return string */ function _id($text) { $text = to7bit($text, "UTF-8"); $text = clean_url($text); return lowercase($text); }