private function onAdd() { $form = $this->formAdd(); if (false !== ($error = $form->validate($this->module))) { return $error . $this->templateAdd(); } $file = $form->getVar('file'); $tmp = $file['tmp_name']; $postid = $this->post->getID(); $userid = GWF_Session::getUserID(); $options = 0; $options |= isset($_POST['guest_view']) ? GWF_ForumAttachment::GUEST_VISIBLE : 0; $options |= isset($_POST['guest_down']) ? GWF_ForumAttachment::GUEST_DOWNLOAD : 0; # Put in db $attach = new GWF_ForumAttachment(array('fatt_aid' => 0, 'fatt_uid' => $userid, 'fatt_pid' => $postid, 'fatt_mime' => GWF_Upload::getMimeType($tmp), 'fatt_size' => filesize($tmp), 'fatt_downloads' => 0, 'fatt_filename' => $file['name'], 'fatt_options' => $options, 'fatt_date' => GWF_Time::getDate(GWF_Date::LEN_SECOND))); if (false === $attach->insert()) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } $aid = $attach->getID(); # Copy file $path = $attach->dbimgPath(); if (false === GWF_Upload::moveTo($file, $path)) { @unlink($tmp); return GWF_HTML::err('ERR_WRITE_FILE', $path); } @unlink($tmp); $this->post->increase('post_attachments', 1); return $this->module->message('msg_attach_added', array($this->post->getShowHREF())); }
public function execute() { if ('' === ($filename = Common::getGetString('filename'))) { return GWF_Error::err('ERR_NO_PERMISSION'); } $path = $this->module->getContentPath(); $filename = $path . '/' . $filename; if (!Common::isFile($filename)) { return GWF_Error::err404($filename); } GWF_Upload::outputFile($filename); }
private function templateAttach(GWF_ForumAttachment $attach, GWF_ForumPost $post, $user) { $path = $attach->dbimgPath(); $mime = $attach->getVar('fatt_mime'); $as_attach = !$attach->isImage(); $filename = $as_attach ? $attach->getVar('fatt_filename') : true; if ($as_attach) { $attach->increase('fatt_downloads', 1); } GWF_Upload::outputFile($path, $as_attach, $mime, $filename); die; }
private function onPurge() { $form = $this->formPurge(); if (false !== ($error = $form->validate($this->module))) { return $error . $this->templatePurge(); } $table = GDO::table('GWF_VersionFiles'); if (false === $table->truncate()) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } GWF_VersionFiles::populateAll(); return $this->module->message('msg_purged', array($table->countRows(), GWF_Upload::humanFilesize(GWF_VersionFiles::getSizeUnpacked()))); }
public static function onUpload(Module_PageBuilder $module) { if (false !== ($error = GWF_Form::validateCSRF_WeakS())) { return $error; } if (false === ($file = GWF_Upload::getFile('file'))) { return GWF_HTML::err('ERR_MISSING_UPLOAD'); } $back = ''; # TODO: There are more unsafe languages! # But we want to keep the file extension. # Not really a big deal, unless you have malicious admin users. $name = $file['name']; // $name = str_replace(array('/', '\\'), '', $name); // $forbidden = array('.php',/* '.pl', '.py', '.asp'*/); // foreach ($forbidden as $ext) // { // if (Common::endsWith($name, $ext)) // if (Common::endsWith($name, '.php')) // { // $name .= '.html'; // $back .= $module->error('err_file_ext'); // return $back; // } // } # This is evil, sometimes even with foo.php.html if (stripos($name, '.php') !== false) { return $module->error('err_file_ext'); } # We do a sanity check here if (!preg_match('#^[a-z0-9_][a-z0-9_\\.]{0,62}$#iD', $name)) { $back .= $module->error('err_file_name'); return $back; } # Copy the file $path = 'dbimg/content/' . $name; $epath = htmlspecialchars($path); if (Common::isFile($path)) { return $back . $module->error('err_upload_exists'); } if (false === GWF_Upload::moveTo($file, $path)) { return $back . GWF_HTML::err('ERR_WRITE_FILE', array($epath)); } # Is bbcode mode? $bbcode = (Common::getPostInt('type', 0) & (GWF_Page::HTML | GWF_Page::SMARTY)) === 0; # Append to page content as image or anchor. $_POST['content'] .= self::fileToContent($name, $path, $bbcode); return $module->message('msg_file_upped', array($epath)); }
private function templateUpgrade() { $haveError = false; $modules = GWF_Module::loadModulesFS(); GWF_Module::sortModules($modules, 'module_name', 'asc'); # No ZIP extension? if (!class_exists('ZipArchive', false)) { return $this->module->error('err_no_zip'); } // require_once 'core/inc/util/GWF_ZipArchive.php'; # Populate the DB again GWF_VersionFiles::populateAll(); # Open temp manifest file. $manifestName = sprintf('extra/temp/upgrade_manifest_%s_%s.gwf_manifest', $this->client->getVar('vsc_uid'), $this->datestamp); if (false === ($fhManifest = fopen($manifestName, 'w'))) { return GWF_HTML::err('ERR_WRITE_FILE', array($manifestName)); } # Create ZIP $archive = new GWF_ZipArchive(); $archivename = sprintf('extra/temp/upgrade_%s_%s.zip', $this->client->getVar('vsc_uid'), $this->datestamp); if (false === $archive->open($archivename, ZipArchive::CREATE | ZipArchive::CM_REDUCE_4)) { fclose($fhManifest); return $this->module->error('err_zip', __FILE__, __LINE__); } $files = GDO::table('GWF_VersionFiles'); if (false === ($result = $files->queryReadAll('', 'vsf_path ASC'))) { // if (false === ($result = $files->queryReadAll("vsf_date>='$this->datestamp'", "vsf_path ASC"))) { // if (false === ($result = $files->queryAll())) { fclose($fhManifest); $archive->close(); @unlink($archivename); return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } fprintf($fhManifest, 'GWF2:DATESTAMP:%s' . PHP_EOL, date('YmdHis')); while (false !== ($file = $files->fetchObject($result))) { // echo GWF_HTML::message('VS_Upgrade', 'Adding File: '.$file->getVar('vsf_path')); $file instanceof GWF_VersionFiles; if (!$this->client->ownsModule($file->getVar('vsf_module'))) { continue; } if (!$this->client->ownsDesign($file->getVar('vsf_design'))) { continue; } $path = $file->getVar('vsf_path'); if (!file_exists($path)) { $file->delete(); continue; } if (!is_readable($path)) { echo GWF_HTML::err('ERR_FILE_NOT_FOUND', array($path)); $haveError = true; break; } // is file new? $isNew = $file->getVar('vsf_date') >= $this->datestamp; if ($isNew) { // add it to archive if (false === $archive->addFile($path)) { echo GWF_HTML::err('ERR_WRITE_FILE', array($file->getVar('vsf_path'))); $haveError = true; break; } } // echo GWF_HTML::message('VS_Upgrade', 'Added File: '.$file->getVar('vsf_path')); // write manifest info fwrite($fhManifest, $file->asManifest($isNew)); } fclose($fhManifest); if (false === $archive->addFile($manifestName)) { echo GWF_HTML::err('ERR_WRITE_FILE', array($manifestName)); $haveError = true; } if (false === $archive->close()) { echo GWF_HTML::err('ERR_WRITE_FILE', array($archivename)); $haveError = true; } if (!$haveError) { GWF_Upload::outputFile($archivename); } // Delete stuff?? @unlink($manifestName); @unlink($archivename); return ''; }
private static function debugFooter($precision = 4) { $db = gdo_db(); $queries = $db->getQueryCount(); $writes = $db->getQueryWriteCount(); $t_total = microtime(true) - GWF_DEBUG_TIME_START; $t_mysql = $db->getQueryTime(); $t_php = $t_total - $t_mysql; $f = sprintf('%%0.%dfs', (int) $precision); $bd = ''; #self::debugBrowser(); $mem = GWF_Upload::humanFilesize(memory_get_peak_usage(true)); $mods = GWF_Module::getModulesLoaded(); return sprintf("<div>%d Queries (%d writes) in {$f} - PHP Time: {$f} - Total Time: {$f}. Memory: %s<br/>Modules loaded: %s</div>", $queries, $writes, $t_mysql, $t_php, $t_total, $mem, $mods) . $bd; }
private function inspectArchive(Module_VersionClient $module) { $archivename = $this->getArchiveName(); if (false === ($fh = fopen($archivename, 'r'))) { return GWF_HTML::err('ERR_FILE_NOT_FOUND', array($archivename)); } if (false === ($magic = fread($fh, 2))) { fclose($fh); return GWF_HTML::err('ERR_FILE_NOT_FOUND', array($archivename)); } fclose($fh); if ($magic === 'PK') { echo $module->message('msg_update_archive_ok', array(GWF_Upload::humanFilesize(filesize($archivename)))); return false; } return GWF_HTML::errorAjax(file_get_contents($archivename)); }
private function onReup(GWF_Download $dl) { $form = $this->getFormReup($dl); if (false !== ($err = $form->validate($this->module))) { return $err . $this->templateEdit($dl); } if (false === ($file = $form->getVar('file'))) { return $this->module->error('err_file') . $this->templateEdit($dl); } if ($this->module->isModerated($this->module)) { return GWF_HTML::err('ERR_NO_PERMISSION') . $this->templateEdit($dl); } $tempname = 'dbimg/dl/' . $dl->getVar('dl_id'); if (false === ($file = GWF_Upload::moveTo($file, $tempname))) { return GWF_HTML::err('ERR_WRITE_FILE', array($tempname)) . $this->templateEdit($dl); } if (false === $dl->saveVars(array('dl_uid' => GWF_Session::getUserID(), 'dl_mime' => GWF_Upload::getMimeType($file['tmp_name']), 'dl_date' => GWF_Time::getDate(GWF_Date::LEN_SECOND)))) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } return $this->module->message('msg_uploaded') . $this->templateEdit($dl); }
$a instanceof GWF_ForumAttachment; if (!$a->canSee(GWF_Session::getUser())) { $attach .= '<p>' . $tLang->lang('info_hidden_attach_guest'); continue; } $edit = GWF_Button::edit($a->hrefEdit(), $tLang->lang('btn_edit_attach')); $att_name = $a->display('fatt_filename'); if ($a->isImage()) { $attach .= sprintf('<div><img src="%s" title="%s" alt="%s" /></div>', $a->hrefDownload(), $att_name, $att_name); if ($can_edit) { $attach .= sprintf('<div>%s</div>', $edit); } } else { $attach .= '<div class="gwf_attachment">' . PHP_EOL; $attach .= sprintf('<div>%s: <a href="%s">%s</a></div>', $tLang->lang('th_file_name'), $a->hrefDownload(), $att_name); $attach .= sprintf('<div>%s: %s</div>', $tLang->lang('th_file_size'), GWF_Upload::humanFilesize($a->getVar('fatt_size'))); $attach .= sprintf('<div>%s: %s</div>', $tLang->lang('th_downloads'), $a->getVar('fatt_downloads')); if ($can_edit) { $attach .= sprintf('<div>%s</div>', $edit); } $attach .= '</div>' . PHP_EOL; } } $attach .= '</div>' . PHP_EOL; } ?> <div class="gwf_post_msg"> <?php echo '<div id="gwf_forum_post_' . $post->getVar('post_pid') . '">' . $post->displayMessage($tVars['term']) . '</div>'; echo $attach;
private function uploadedFile(GWF_Form $form) { if (false === ($file = $form->getVar('file'))) { // echo $this->module->error('err_file'); return; } $tempname = 'dbimg/dl/' . basename($file['tmp_name']); if (false === ($file = GWF_Upload::moveTo($file, $tempname))) { echo GWF_HTML::err('ERR_WRITE_FILE', array($tempname)); } GWF_Session::set(self::SESS_FILE, $file); }
<p><?php echo $tLang->lang('pi_add', array(GWF_Upload::humanFilesize($tVars['max_size']))); ?> </p> <?php echo $tVars['form'];
public function onZipC() { # Create ZIP $archive = new GWF_ZipArchive(); chdir(GWF_PATH); $archivename = $this->getArchiveName(); if (false === $archive->open($archivename, ZipArchive::CREATE | ZipArchive::CM_REDUCE_4)) { return $this->module->error('err_zip', array(__FILE__, __LINE__)); } # ZIP STUFF # Core if (false === $this->zipDir($archive, 'core/inc')) { return $this->module->error('err_zip', array(__FILE__, __LINE__)); } # ZIP Module(Groups) foreach ($_POST as $group => $checked) { if (!Common::startsWith($group, 'mod_')) { continue; } # zip dir recursive, do not ignore style if (false === $this->zipDir($archive, 'core/module/' . substr($group, 4), true, false)) { return $this->module->error('err_zip', array(__FILE__, __LINE__)); } } # 3rd Party Core // if (false === ($this->zipDir($archive, 'inc3p'))) { // return $this->module->error('err_zip', array(__FILE__, __LINE__)); // } # Smarty // if (false === ($this->zipDir($archive, 'smarty_lib'))) { // return $this->module->error('err_zip', array(__FILE__, __LINE__)); // } # JS if (false === $this->zipDir($archive, 'www/js')) { return $this->module->error('err_zip', array(__FILE__, __LINE__)); } # Installer if (false === $this->zipDir($archive, 'www/install')) { return $this->module->error('err_zip', array(__FILE__, __LINE__)); } # Base Lang if (false === $this->zipDir($archive, 'core/lang')) { return $this->module->error('err_zip', array(__FILE__, __LINE__)); } # Images if (false === $this->zipDir($archive, 'www/img', false)) { return $this->module->error('err_zip', array(__FILE__, __LINE__)); } // if (false === ($this->zipDir($archive, 'img/default/country', false))) { // return $this->module->error('err_zip', array(__FILE__, __LINE__)); // } // if (false === ($this->zipDir($archive, 'img/default/smile', false))) { // return $this->module->error('err_zip', array(__FILE__, __LINE__)); // } # Temp if (false === $this->addEmptyDirs($archive, self::$tempdirs)) { return $this->module->error('err_zip', array(__FILE__, __LINE__)); } # Fonts if (false === $this->zipDir($archive, 'extra/font')) { return $this->module->error('err_zip', array(__FILE__, __LINE__)); } # Templates if (false === $this->zipDir($archive, 'www/tpl', true, false)) { return $this->module->error('err_zip', array(__FILE__, __LINE__)); } # Root Files if (false === $this->addFiles($archive, self::$rootfiles)) { return $this->module->error('err_zip', array(__FILE__, __LINE__)); } # Protected Dirs // if (false === $this->zipDirs($archive, self::$protected_dirs)) { // return $this->module->error('err_zip', array(__FILE__, __LINE__)); // } # Protected Files if (false === $this->addFiles($archive, self::$protected_files)) { return $this->module->error('err_zip', array(__FILE__, __LINE__)); } # Module Extra Files and Dirs if (false === $this->zipDirs($archive, $this->getModuleExtraDirs())) { return $this->module->error('err_zip', array(__FILE__, __LINE__)); } if (false === $this->addFiles($archive, $this->getModuleExtraFiles())) { return $this->module->error('err_zip', array(__FILE__, __LINE__)); } // chdir(GWF_WWW_PATH); $total_files = $archive->getTotalFilesCounter(); if (false === $archive->close()) { return $this->module->error('err_zip', array(__FILE__, __LINE__)); } $this->has_error = false; return $this->module->message('msg_zipped', array($archivename, GWF_Upload::humanFilesize(filesize($archivename)), $total_files)); }
private function onZip() { $client = GWF_Client::getClient(GWF_Session::getUserID()); $rand = Common::randomDateStamp(); $archivename = 'dbimg/gwf_purchase_' . $rand . '.zip'; $zipper = $this->module->getMethod('Zipper'); $zipper instanceof VersionServer_Zipper; $zipper->setArchiveName($archivename); $error = $zipper->onZip($client->getModuleNames(), 'default'); if ($zipper->hasError()) { return $error; } GWF_Upload::outputFile($archivename, 'arc/zip'); return $error; }
private function unReUpload(array $file, GWF_ForumAttachment $attach) { $temp = $file['tmp_name']; $target = $attach->dbimgPath(); $success = GWF_Upload::moveTo($file, $target); @unlink($temp); if (!$success) { return GWF_HTML::err('ERR_WRITE_FILE', $target); } if (false === $attach->saveVars(array('fatt_mime' => GWF_Upload::getMimeType($target), 'fatt_size' => filesize($target), 'fatt_downloads' => 0, 'fatt_filename' => $file['name'], 'fatt_date' => GWF_Time::getDate(GWF_Date::LEN_SECOND)))) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } return false; }
private static function validateMissingVars($context, GWF_Form $form, $validator) { $errors = array(); $check_sent = $form->getMethod() === GWF_Form::METHOD_POST ? $_POST : $_GET; $check_need = array(); // var_dump($_POST); foreach ($form->getFormData() as $key => $data) { if (in_array($data[0], self::$SKIPPERS, true)) { unset($check_sent[$key]); continue; } switch ($data[0]) { case GWF_Form::VALIDATOR: break; case GWF_Form::SELECT_A: unset($check_sent[$key]); break; case GWF_Form::TIME: $check_need[] = $key . 'h'; $check_need[] = $key . 'i'; break; case GWF_Form::DATE: case GWF_Form::DATE_FUTURE: switch ($data[4]) { case 14: $check_need[] = $key . 's'; case 12: $check_need[] = $key . 'i'; case 10: $check_need[] = $key . 'h'; case 8: $check_need[] = $key . 'd'; case 6: $check_need[] = $key . 'm'; case 4: $check_need[] = $key . 'y'; break; default: die('Date field is invalid in form!'); } break; case GWF_Form::SUBMITS: case GWF_Form::SUBMIT_IMGS: foreach (array_keys($data[1]) as $key) { // if (false !== ($i = array_search($key, $check_sent, true))) { // unset ($check_sent[$i]); // } unset($check_sent[$key]); } break; case GWF_Form::FILE: if (false === GWF_Upload::getFile($key)) { $check_need[] = $key; } break; case GWF_Form::INT: case GWF_Form::STRING: if (Common::endsWith($key, ']')) { $key = Common::substrUntil($key, '['); if (!in_array($key, $check_need)) { $check_need[] = $key; } break; } default: $check_need[] = $key; break; } } // var_dump($check_need); foreach ($check_need as $key) { if (!isset($check_sent[$key])) { $errors[] = GWF_HTML::lang('ERR_MISSING_VAR', array(htmlspecialchars($key))); } else { unset($check_sent[$key]); } } foreach ($check_sent as $key => $value) { $errors[] = GWF_HTML::lang('ERR_POST_VAR', array(htmlspecialchars($key))); } return count($errors) === 0 ? false : $errors; }
public function onUpload(WC_Challenge $chall) { $module = Module_WeChall::instance(); $form = $this->getForm($chall); if (false === ($file = $form->getVar('image'))) { return GWF_HTML::error('Smile', array($chall->lang('err_no_image'))); } if (!GWF_Upload::isImageFile($file)) { return GWF_HTML::error('Smile', array($chall->lang('err_no_image'))); } if (false === GWF_Upload::resizeImage($file, 64, 64, 16, 16)) { return GWF_HTML::error('Smile', array($chall->lang('err_no_image'))); } $whitelist = array('.jpg', '.jpeg', '.gif', '.png'); $filename = $file['name']; $allowed = false; foreach ($whitelist as $allow) { if (Common::endsWith($filename, $allow)) { $allowed = true; break; } } if (strpos($filename, '.php') !== false) { $allowed = false; } if (!preg_match('/^[\\x00-\\x7f]+$/D', $filename)) { return GWF_HTML::error('Smile Path', array($chall->lang('err_ascii'))); } if (!$allowed) { return GWF_HTML::error('Smile', array($chall->lang('err_no_image'))); } $fullpath = "challenge/livinskull/smile/smiles/{$filename}"; $efp = htmlspecialchars($fullpath); if (false === ($file = GWF_Upload::moveTo($file, $fullpath))) { return GWF_HTML::err('ERR_WRITE_FILE', array($efp)); } $efp = htmlspecialchars($fullpath); $rule = htmlspecialchars("<img src=\"/{$efp}\" />"); return GWF_HTML::message('Smile', $chall->lang('msg_uploaded', array($rule))); }
private function saveAvatar(array $file) { if (!GWF_Upload::isImageFile($file)) { return $this->module->error('err_no_image'); } if (false === GWF_Upload::resizeImage($file, $this->module->cfgAvatarMaxWidth(), $this->module->cfgAvatarMaxHeight(), $this->module->cfgAvatarMinWidth(), $this->module->cfgAvatarMinHeight())) { return $this->module->error('err_no_image'); } $user = GWF_Session::getUser(); $uid = $user->getID(); if (false === ($file = GWF_Upload::moveTo($file, 'dbimg/avatar/' . $uid))) { return $this->module->error('err_write_avatar'); } $user->saveOption(GWF_User::HAS_AVATAR, true); $user->increase('user_avatar_v', 1); return $this->module->message('msg_avatar_saved'); }
public function isImage() { return GWF_Upload::isImageMime($this->getVar('fatt_mime')); }
<?php $lang = array('en' => array('help' => 'Usage: %CMD%. Print memory usage statistics.', 'usage' => 'Currently there are %s in use. Max memory peak was %s.'), 'de' => array('help' => 'Nutze: %CMD%. Gibt Statistiken über die Speichernutzung aus.', 'usage' => 'Zur Zeit werden %s Speicher verwendet. Die maximale Auslastung betrug %s.')); Dog::getPlugin()->rply('usage', array(GWF_Upload::humanFilesize(memory_get_usage(true), '1000'), GWF_Upload::humanFilesize(memory_get_peak_usage(true), '1000')));
public function onSetLogo(WC_Site $site, $is_admin) { $form = $this->getFormLogo($site, $is_admin); if (false !== ($errors = $form->validate($this->module))) { return $errors; } # Upload Icon if (false === ($file = $form->getVar('new_logo'))) { return $this->module->error('err_no_logo'); } // if (!(GWF_Upload::isImageFile($file))) { // return $this->module->error('err_no_logo'); // } if (false === GWF_Upload::resizeImage($file, 32, 32, 32, 32)) { return $this->module->error('err_no_logo'); } $sid = $site->getID(); $filename = 'dbimg/logo/' . $sid; if (false === ($file = GWF_Upload::moveTo($file, $filename))) { return $this->module->error('err_write_logo', array($filename)); } # Convert to GIF if (false === ($img = imagecreatefromstring(file_get_contents($filename)))) { return $this->module->error('err_no_logo'); } $filenamegif = 'dbimg/logo_gif/' . $sid . '.gif'; if (false === imagegif($img, $filenamegif)) { return $this->module->error('err_write_logo', array($filenamegif)); } imagedestroy($img); $site->increase('site_logo_v', 1); $site->saveOption(WC_Site::HAS_LOGO); }