}
$APPL = array(
't' => $JSON['t'] ,
'api' => $JSON['api'] ? $JSON['api'] : null ,
'url' => $JSON['url'] ? $JSON['url'] : null ,
'hdc' => $JSON['hdc'] ? intval($JSON['hdc']) : 0,
'app' => $JSON['app'] ? $JSON['app'] : null ,
'act' => $JSON['act'] ? $JSON['act'] : 'main',
'apiFile'=> false )
;
if ($APPL['url']) {
$APPL['url']=rtrim($APPL['url'],'/');
$APPL['file'] = WGParseURI($APPL['url']);
if ($APPL['file']!==false and !WGisAllowed($APPL['file']['path'])) FatalError("Access denied");
} else $APPL['file'] = null;
if ($APPL['file']===false) FatalError("Invalid file name");
if ($APPL['file']) WGProcMIME();
if ($JSON['t']==AJ_SYSTEM) {
$APPL['isRAW'] = true;
$APPL['isAPI'] = 'bin/system';
}
if ($APPL['isAPI']) {
if (!$APPL['api'] or $APPL['api']=='') FatalError("API name requested");
if (!preg_match('/^[a-zA-Z0-9\_\-]{1,40}$/',$APPL['api'])) FatalError("Invalid API name");
$f = $APPL['isAPI'].'/'. $APPL['api']. '.php';
$f = WGParseFile($f);
function WGFormCheck(&$obj,&$data) {
global $MODULES;
foreach($obj['obj'] as $li) {
if (!isset($li['n'])) continue;
$K = $li['n'];
$V = @$data[$K];
$T = $li['t'];
if ($MODULES['form'][$T]) {
$f="EWGMOD_FORM_{$T}_OnCheck";
if ($f($li,$data[$K])) return $K;
continue;
}
if (!$li['f'] and (!isset($data[$li['n']]) or $data[$li['n']]=='')) return $K;
if ($li['f'] and $V=='') continue;
if ($li['par']['lmin']) {
if (strlen($V)<$li['par']['lmin']) return $K;
}
if ($li['par']['lmax']) {
if (strlen($V)>$li['par']['lmax']) return $K;
}
if ($li['reg']) {
if (preg_match('/'.$li['reg'].'/',$V)==0) return $K;
}
if ($T=='int') {
if (!is_numeric($V) or preg_match('/^[0-9]{1,16}$/',$V)==0) return $K;
if (isset($li['par']['min']) and $V<$li['par']['min']) return $K;
if (isset($li['par']['max']) and $V>$li['par']['max']) return $K;
$data[$K]=intval($V);
}
if ($T=='float') {
if (!is_numeric($V)) return $K;
if (isset($li['par']['min']) and $V<$li['par']['min']) return $K;
if (isset($li['par']['max']) and $V>$li['par']['max']) return $K;
$data[$K]=floatval($V);
}
if ($T=='image') {
$V = WGParseFile($V,true);
if ($V===false or !WGisAllowed($V['w'])) return $K;
if (!$V['F'] or $V['D']) return $K;
if (isset($li['par']['path'])) {
$t0=explode(',',$li['par']['path']);
$t2=array();
foreach($t0 as $t1) {
$t1=trim($t1,'/ ');
if ($t1=='') continue;
$t2[]="/$t1/";
}
$t2="\n".implode("\n",$t2)."\n";
if (strpos($t2,"\n{$V['dirname']}/\n")===false) return $K;
}
if (isset($li['par']['type'])) {
$t0=explode(',',$li['par']['type']);
$t2=array();
foreach($t0 as $t1) {
$t1=trim($t1,'. ');
if ($t1=='') continue;
$t2[]=$t1;
}
$t2=".".implode(".",$t2).".";
if (strpos($t2,".{$V['extension']}.")===false) return $K;
}
$data[$K] = $V['w'];
}
if ($T=='enum') {
$v=array();
foreach($li['par'] as $k => $v) {
if (strpos($k,'.')===false) continue;
list($a,$b)=explode('.',$k,2);
$v[$b]=true;
}
if (!$v[$V]) return $K;
}
if ($T=='time') {
list($a,$b)=explode(':',$V.':',2);
$a=intval($a);
$b=intval($b);
if ($a<0 or $a>23 or $b<0 or $b>59) return $K;
$data[$K] = ($a*60)+$b;
}
if ($T=='date') {
$z=explode('/',$V.'//');
$d=@$z[$li['par']['ord'][0]];
$m=@$z[$li['par']['ord'][1]];
$y=@$z[$li['par']['ord'][2]];
if (!checkdate($m,$d,$y)) return $K;
$data[$K] = gmmktime(0,0,0,$m,$d,$y);
}
if ($T=='mail') {
$x=filter_var($V, FILTER_SANITIZE_EMAIL);
if ($x===false) return $K;
$data[$K]=$x;
}
if ($T=='url') {
$x = filter_var($V, FILTER_VALIDATE_URL );
if ($x===false) return $K;
}
if ($T=='color') {
if (preg_match('/^\#[0-9a-fA-F]{6}$/',$V)==0) return $K;
}
if ($T=='captcha') {
$capid= $li['cap'];
if (!isset($_SESSION['EWGCaptcha'][$capid]) or $_SESSION['EWGCaptcha'][$capid]=='') FatalError($li['par']['onused'] ? $li['par']['onused'] : "The captcha code/session is arleady used.");
$code = $_SESSION['EWGCaptcha'][$capid];
if ($code=='' or $code!=strtolower($V)) return $K;
if (isset($obj['captchas'])) $obj['captchas']=array();
$obj['captchas'][] = $capid;
}
if ($T=='font') {
if (!is_array($V)) return $K;
if (!isset($V['fontFamily']) or preg_match('/^[^\,\-\_\.\s]{1}[a-zA-Z0-9\s\_\-\.\,]{1,40}[^\,\-\_\.\s]{1}$/',$V['fontFamily'])==0) return $K;
if (!isset($V['fontSize']) or preg_match('/^[1-9]{1}[0-9]{0,3}(px|pt)$/',$V['fontSize'])==0) return $K;
if (!isset($V['fontWeight']) or preg_match('/^[a-zA-Z0-9]{1,16}$/',$V['fontWeight'])==0) return $K;
}
}
return false;
}
<?
$po = WGParseFile($APPL['file']['path']);
if (!$po['D'] and !$po['F']) return;
if (!WGisAllowed($po['w'])) FatalError("Access denied");
$js=@file_get_contents($po['f']);
if ($js===false) FatalError("Invalid Link");
$js=trim($js,"\t\r\n ");
if ($js=='') FatalError("Invalid Link");
$CMD[] = array(
'api' => 'shell',
'data' => $js)
;
?>
