function IsFileUnsafe($name)
{
static $arFiles = false;
if($arFiles === false)
{
$fileList = COption::GetOptionString("main", "~unsafe_files", ".htaccess,.htpasswd,web.config,global.asax");
$arFiles = explode(",", strtolower($fileList));
}
$name = GetFileName($name);
return in_array(strtolower(TrimUnsafe($name)), $arFiles);
}
$currentPath = rtrim($currentPath, "/");
if (strlen($currentPath) <= 0)
{
$accessFile = "/.access.php";
$name = "/";
}
else
{
//Find file or folder name
$position = strrpos($currentPath, "/");
if ($position === false)
break;
$name = substr($currentPath, $position+1);
$name = TrimUnsafe($name); //security fix: under Windows "my." == "my"
//Find parent folder
$currentPath = substr($currentPath, 0, $position + 1);
$accessFile = $currentPath.".access.php";
}
$PERM = Array();
if ($io->FileExists($documentRoot.$accessFile))
include($io->GetPhysicalName($documentRoot.$accessFile));
if ($assignFileName == "")
{
$assignFileName = $name;
$assignFolderName = ($name == "/" ? "/" : $currentPath);
}
function GetFileAccessPermissionByUser($intUserID, $path, $groups = false, $task_mode = false)
{
$intUserIDTmp = intval($intUserID);
if ($intUserIDTmp . '|' != $intUserID . '|') {
return !$task_mode ? 'D' : array(CTask::GetIdByLetter('D', 'main', 'file'));
}
$intUserID = $intUserIDTmp;
if ($groups === false) {
$groups = CUser::GetUserGroup($intUserID);
foreach ($groups as $key => $val) {
$groups[$key] = "G" . $val;
}
} elseif (is_array($groups) && !empty($groups)) {
$bNumbers = preg_match('/^[0-9]+$/', $groups[0]);
if ($bNumbers) {
foreach ($groups as $key => $val) {
$groups[$key] = "G" . $val;
}
}
}
CMain::InitPathVars($site, $path);
$DOC_ROOT = CSite::GetSiteDocRoot($site);
$bWin = strncasecmp(PHP_OS, "WIN", 3) == 0;
if ($bWin) {
$path = strtolower($path);
}
if (trim($path, "/") != "") {
$path = Rel2Abs("/", $path);
if ($path == "") {
return !$task_mode ? 'D' : array(CTask::GetIdByLetter('D', 'main', 'file'));
}
}
$bAdminM = in_array("G1", $groups);
if ($bAdminM) {
return !$task_mode ? 'X' : array(CTask::GetIdByLetter('X', 'main', 'file'));
}
if (substr($path, -12) == "/.access.php" && !$bAdminM) {
return !$task_mode ? 'D' : array(CTask::GetIdByLetter('D', 'main', 'file'));
}
if (substr($path, -10) == "/.htaccess" && !$bAdminM) {
return !$task_mode ? 'D' : array(CTask::GetIdByLetter('D', 'main', 'file'));
}
$max_perm = "D";
$arGroupTask = array();
$io = CBXVirtualIo::GetInstance();
$groups[] = "*";
while (true) {
$path = rtrim($path, "");
$path = rtrim($path, "/");
if ($path == '') {
$access_file_name = "/.access.php";
$Dir = "/";
} else {
$pos = strrpos($path, "/");
if ($pos === false) {
break;
}
$Dir = substr($path, $pos + 1);
$Dir = TrimUnsafe($Dir);
$path = substr($path, 0, $pos + 1);
$access_file_name = $path . ".access.php";
}
if (array_key_exists($site . "|" . $access_file_name, $this->FILE_PERMISSION_CACHE)) {
$PERM = $this->FILE_PERMISSION_CACHE[$site . "|" . $access_file_name];
} else {
$PERM = array();
if ($io->FileExists($DOC_ROOT . $access_file_name)) {
include $io->GetPhysicalName($DOC_ROOT . $access_file_name);
}
if ($bWin && !empty($PERM)) {
$PERM_TMP = array();
foreach ($PERM as $key => $val) {
$PERM_TMP[strtolower($key)] = $val;
}
$PERM = $PERM_TMP;
}
$this->FILE_PERMISSION_CACHE[$site . "|" . $access_file_name] = $PERM;
}
if ($PERM[$Dir] && is_array($PERM[$Dir])) {
$dir_perm = $PERM[$Dir];
foreach ($groups as $key => $group_id) {
if (isset($dir_perm[$group_id])) {
$perm = $dir_perm[$group_id];
} elseif (preg_match('/^G[0-9]+$/', $group_id)) {
//compatibility with group id
$perm = $dir_perm[substr($group_id, 1)];
} else {
continue;
}
if ($task_mode) {
if (substr($perm, 0, 2) == 'T_') {
$tid = intval(substr($perm, 2));
} elseif (($tid = CTask::GetIdByLetter($perm, 'main', 'file')) === false) {
continue;
}
$arGroupTask[$group_id] = $tid;
} else {
if (substr($perm, 0, 2) == 'T_') {
$tid = intval(substr($perm, 2));
$perm = CTask::GetLetter($tid);
if (strlen($perm) == 0) {
$perm = 'D';
}
}
if ($max_perm == "" || $perm > $max_perm) {
$max_perm = $perm;
if ($perm == "W") {
break 2;
}
}
}
if ($group_id == "*") {
break 2;
}
unset($groups[$key]);
if (count($groups) == 1 && in_array("*", $groups)) {
break 2;
}
}
if (count($groups) <= 1) {
break;
}
}
if ($path == '') {
break;
}
}
if ($task_mode) {
$arTasks = array_unique(array_values($arGroupTask));
if (empty($arTasks)) {
return array(CTask::GetIdByLetter('D', 'main', 'file'));
}
sort($arTasks);
return $arTasks;
} else {
return $max_perm;
}
}
$assignFolderName = "";
$currentPath = $path;
while (true) {
//Cut / from the end
$currentPath = rtrim($currentPath, "/");
if (strlen($currentPath) <= 0) {
$accessFile = "/.access.php";
$name = "/";
} else {
//Find file or folder name
$position = strrpos($currentPath, "/");
if ($position === false) {
break;
}
$name = substr($currentPath, $position + 1);
$name = TrimUnsafe($name);
//security fix: under Windows "my." == "my"
//Find parent folder
$currentPath = substr($currentPath, 0, $position + 1);
$accessFile = $currentPath . ".access.php";
}
$PERM = array();
if ($io->FileExists($documentRoot . $accessFile)) {
include $io->GetPhysicalName($documentRoot . $accessFile);
}
if ($assignFileName == "") {
$assignFileName = $name;
$assignFolderName = $name == "/" ? "/" : $currentPath;
}
if (isset($PERM[$name]) && is_array($PERM[$name])) {
$arUserGroupsID = array_merge($arUserGroupsID, array_keys($PERM[$name]));
