function save_config($config) { if (!($fp = fopen($config->root_path . 'OBMConfig.tpl', 'r'))) { exit("Failed to open config template"); } $config_data = fread($fp, filesize($config->root_path . 'OBMConfig.tpl')); if (strlen($config_data) == 0) { exit("Failed to read from config template"); } fclose($fp); $config_data = str_replace('%title%', smartstrip($config->title), $config_data); $config_data = str_replace('%slash%', $config->slash, $config_data); $config_data = str_replace('%host%', $config->host, $config_data); $config_data = str_replace('%full_url%', $config->full_url, $config_data); $config_data = str_replace('%root_path%', smartstrip($config->root_path), $config_data); $config_data = str_replace('%language%', $config->language, $config_data); $first_weekday = isset($config->first_weekday) && $config->first_weekday != '' ? $config->first_weekday : '0'; $config_data = str_replace('%first_weekday%', $first_weekday, $config_data); $config_data = str_replace('%tmpdir%', $config->tmpdir, $config_data); $config_data = str_replace('%theme%', $config->theme, $config_data); $allow_themes = $config->allow_themes === true ? 'true' : 'false'; $config_data = str_replace('%allow_themes%', $allow_themes, $config_data); $allow_password_change = $config->allow_password_change === true ? 'true' : 'false'; $config_data = str_replace('%allow_password_change%', $allow_password_change, $config_data); $config_data = str_replace('%mailer%', $config->mailer, $config_data); $config_data = str_replace('%smtp_server%', $config->smtp_server, $config_data); $config_data = str_replace('%smtp_port%', $config->smtp_port, $config_data); $config_data = str_replace('%max_attachment_size%', $config->max_attachment_size, $config_data); $config_data = str_replace('%file_storage_path%', $config->file_storage_path, $config_data); $config_data = str_replace('%email_connectstring_options%', $config->email_connectstring_options, $config_data); if (!is_string($config->create_mode)) { $config->create_mode = decoct((string) $config->create_mode); } if (strlen($config->create_mode) == 3) { $config->create_mode = '0' . $config->create_mode; } $config_data = str_replace('%create_mode%', $config->create_mode, $config_data); $config_data = str_replace('%max_file_size%', $config->max_file_size, $config_data); $config_data = str_replace('%webmaster_email%', $config->webmaster_email, $config_data); $config_data = str_replace('%db_type%', $config->db_type, $config_data); $config_data = str_replace('%db_host%', $config->db_host, $config_data); $config_data = str_replace('%db_name%', $config->db_name, $config_data); $config_data = str_replace('%db_user%', $config->db_user, $config_data); $config_data = str_replace('%db_pass%', $config->db_pass, $config_data); $login_image = str_replace($config->host, '', $config->login_image); $config_data = str_replace('%login_image%', $login_image, $config_data); $config_data = str_replace('%composer_width%', $config->composer_width, $config_data); $config_data = str_replace('%composer_height%', $config->composer_height, $config_data); $config_data = str_replace('%refresh_rate%', $config->refresh_rate, $config_data); $config_data = str_replace('%max_users%', $config->max_users, $config_data); $config_data = str_replace('%mime_types_file%', $config->mime_types_file, $config_data); $config_data = str_replace('%auth_sources%', $config->auth_sources, $config_data); if (!($fp = fopen($config->root_path . 'OBMConfig.php', 'w+'))) { exit("Failed to open config file"); } elseif (!fwrite($fp, $config_data)) { exit("Failed to write to config file"); } else { return fclose($fp); } }
} } } break; } if ($catagory_id > 0) { $catagory = $notes->get_catagory($catagory_id); $tabtable = new tabtable('catagory_tab', $catagory['name'], '400', '100', '120', '', true); } else { $tabtable = new tabtable('catagory_tab', $no_new_catagory, '400', '100', '120', '', true); $catagory = false; } if ($catagory && $task != 'save_catagory') { $name = $catagory['name']; } else { $name = isset($_REQUEST['name']) ? smartstrip($_REQUEST['name']) : ''; } $page_title = $lang_modules['notes']; require $GO_THEME->theme_path . "header.inc"; echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '" name="catagories_form">'; echo '<input type="hidden" name="close" value="false" />'; echo '<input type="hidden" name="catagory_id" value="' . $catagory_id . '" />'; echo '<input type="hidden" name="task" value="" />'; echo '<input type="hidden" name="return_to" value="' . $return_to . '" />'; $tabtable->print_head(); if (isset($feedback)) { echo $feedback; } ?> <table border="0" cellspacing="0" cellpadding="4"> <tr>
<td>URL:</td> <td><input type="text" class="textbox" size="50" name="URL" maxlength="200" value="<?php if (isset($_REQUEST['bURL'])) { echo $_REQUEST['bURL']; } ?> " /></td> </tr> <tr> <td><?php echo $strName; ?> :</td> <td><input type="text" class="textbox" size="50" name="name" maxlength="50" value="<?php if (isset($_REQUEST['bname'])) { echo smartstrip($_REQUEST['bname']); } ?> " /></td> </tr> <tr> <td colspan="2"> <?php $checkbox = new checkbox('new_window', 'true', $bm_new_window, $check); ?> </td> </tr> <tr> <td colspan="2" align="center" height="20" valign="bottom"> <?php
} } if ($_POST['close'] == 'true') { header('Location: ' . $return_to); exit; } } } if ($view_id > 0) { $view = $cal->get_view($view_id); $title = $view['name']; $has_write_permission = $GO_SECURITY->has_permission($GO_SECURITY->user_id, $view['acl_write']); } else { $view['start_hour'] = isset($_POST['view_start_hour']) ? $_POST['view_start_hour'] : '07'; $view['end_hour'] = isset($_POST['view_end_hour']) ? $_POST['view_end_hour'] : '20'; $view['name'] = isset($_POST['name']) ? smartstrip($_POST['name']) : ''; $title = $cal_new_view; $has_write_permission = true; } $tabtable = new tabtable('view', $title, '100%', '400', '120', '', true); if ($view_id > 0) { $tabtable->add_tab('view', $strProperties); $tabtable->add_tab('read_permissions', $strReadRights); $tabtable->add_tab('write_permissions', $strWriteRights); } if ($tabtable->get_active_tab_id() == 'holidays') { $datepicker = new date_picker(); $GO_HEADER['head'] = $datepicker->get_header(); } require $GO_THEME->theme_path . 'header.inc'; echo '<form name="event" method="post" action="' . $_SERVER['PHP_SELF'] . '" enctype="multipart/form-data">';
$sent = $account["sent"]; $sent = $account["draft"]; $auto_check = $account['auto_check'] == '1' ? true : false; $use_ssl = $account['use_ssl'] == '1' ? true : false; $novalidate_cert = $account['novalidate_cert'] == '1' ? true : false; } else { $page_title = $ml_new_account; $name = isset($_REQUEST['name']) ? smartstrip($_REQUEST['name']) : $_SESSION['GO_SESSION']['name']; $mail_address = isset($_REQUEST['mail_address']) ? smartstrip($_REQUEST['mail_address']) : $_SESSION['GO_SESSION']['email']; $host = isset($_REQUEST['host']) ? smartstrip($_REQUEST['host']) : $GO_CONFIG->smtp_server; $type = isset($_REQUEST['type']) ? smartstrip($_REQUEST['type']) : 'pop3'; $port = isset($_REQUEST['port']) ? smartstrip($_REQUEST['port']) : '110'; $user = isset($_REQUEST['user']) ? smartstrip($_REQUEST['user']) : substr($mail_address, 0, strpos($mail_address, '@')); $pass = isset($_REQUEST['pass']) ? smartstrip($_REQUEST['pass']) : ''; $signature = isset($_REQUEST['signature']) ? smartstrip($_REQUEST['signature']) : ''; $mbroot = isset($_REQUEST['mbroot']) ? smartstrip($_REQUEST['mbroot']) : ''; $spam = $mbroot . "Spam"; $trash = $mbroot . "Trash"; $sent = $mbroot . "Sent items"; $draft = $mbroot . $ml_draft_items; $auto_check = isset($_REQUEST['auto_check']) ? true : false; $use_ssl = isset($_REQUEST['use_ssl']) ? true : false; $novalidate_cert = isset($_REQUEST['novalidate_cert']) ? true : false; } require $GO_THEME->theme_path . "header.inc"; echo '<form method="POST" action="' . $_SERVER['PHP_SELF'] . '" name="email_client">'; echo '<input type="hidden" name="task" value="" />'; echo '<input type="hidden" name="close" value="false" />'; echo '<input type="hidden" name="return_to" value="' . $return_to . '" />'; echo '<input type="hidden" name="link_back" value="' . $link_back . '" />'; if (isset($_REQUEST['account_id'])) {
$mailbox = isset($_REQUEST['mailbox']) ? $_REQUEST['mailbox'] : "INBOX"; $uid = isset($_REQUEST['uid']) ? $_REQUEST['uid'] : 0; $max_rows = isset($_REQUEST['max_rows']) ? $_REQUEST['max_rows'] : $_SESSION['GO_SESSION']['max_rows_list']; $first_row = isset($_REQUEST['first_row']) ? $_REQUEST['first_row'] : 0; $table_tabindex = isset($_REQUEST['table_tabindex']) ? $_REQUEST['table_tabindex'] : null; $return_to = isset($_REQUEST['return_to']) && $_REQUEST['return_to'] != '' ? $_REQUEST['return_to'] : null; $link_back = isset($_REQUEST['link_back']) && $_REQUEST['link_back'] != '' ? $_REQUEST['link_back'] : $_SERVER['REQUEST_URI']; $task = isset($_REQUEST['task']) && $_REQUEST['task'] != '' ? $_REQUEST['task'] : ''; $print = isset($_REQUEST['print']) ? true : false; $part = isset($_REQUEST['part']) ? $_REQUEST['part'] : ''; $query = isset($_REQUEST['query']) ? $_REQUEST['query'] : ''; $account = $email->get_account($account_id); if ($account && $mail->open($account['host'], $account['type'], $account['port'], $account['username'], $GO_CRYPTO->decrypt($account['password']), $mailbox, 0, $account['use_ssl'], $account['novalidate_cert'])) { if ($task == 'move_mail') { $messages = array($uid); $move_to_mailbox = smartstrip($_REQUEST['move_to_mailbox']); if ($mail->move($move_to_mailbox, $messages) && $mail->reopen($move_to_mailbox)) { header('Location: ' . $GO_MODULES->url . 'index.php?account_id=' . $account_id . '&mailbox=' . $mailbox); exit; } } //sort messages for determination of previous and next message if ($query != '') { $mail->search($em_settings['sort_field'], $em_settings['sort_order'], base64_decode($query)); } else { $mail->sort($em_settings['sort_field'], $em_settings['sort_order']); } $content = $mail->get_message($uid, 'html', $part); $subject = !empty($content["subject"]) ? $content["subject"] : $ml_no_subject; } else { require $GO_THEME->theme_path . 'header.inc';
$cms_site = new cms_site($_REQUEST['site_id']); } $email_to = $GO_CONFIG->webmaster_email; if (isset($cms_site) && $cms_site) { echo $cms_site->generate_header(); if ($site_owner = $GO_USERS->get_user($cms_site['user_id'])) { $email_to = $site_owner['email']; } } else { require $GO_THEME->theme_path . "header.inc"; } if ($_SERVER['REQUEST_METHOD'] == 'POST') { $name_from = smartstrip(trim($_POST['name_from'])); $email_from = smartstrip(trim($_POST['email_from'])); $subject = smartstrip(trim($_POST['subject'])); $mail_body = smartstrip(trim($_POST['mail_body'])); if ($name_from == '' || $email_from == '' || $subject == '' || $mail_body == '') { $feedback = '<p class="Error">' . $error_missing_field . '</p>'; } elseif (!validate_email($email_from)) { $feedback = '<p class="Error">' . $error_email . '</p>'; } else { if (!sendmail($email_to, $email_from, $name_from, $subject, $mail_body)) { $feedback = '<p class="Error">' . $cms_sendmail_error . '</p>'; } else { echo $cms_sendmail_success; require $GO_THEME->theme_path . "footer.inc"; exit; } } } ?>
$dropbox->add_value('department', $strDepartment); $dropbox->add_value('function', $strFunction); $dropbox->add_value('address', $strAddress); $dropbox->add_value('city', $strCity); $dropbox->add_value('zip', $strZip); $dropbox->add_value('state', $strState); $dropbox->add_value('country', $strCountry); $dropbox->add_value('work_address', $strWorkAddress); $dropbox->add_value('work_cip', $strWorkZip); $dropbox->add_value('work_city', $strWorkCity); $dropbox->add_value('work_state', $strWorkState); $dropbox->add_value('work_country', $strWorkCountry); $dropbox->print_dropbox('search_field', $search_field); echo '</td><td><input type="text" name="query" size="31" maxlength="255" class="textbox" value="'; if (isset($_REQUEST['query'])) { echo smartstrip($_REQUEST['query']); } echo '"></td></tr>'; echo '<tr><td colspan="2">'; echo '<table><tr><td>'; $button = new button($cmdSearch, 'javascript:add_users()'); echo '</td><td>'; $button = new button($cmdShowAll, "javascript:document.group.query.value='';add_users()"); echo '</td><td>'; $button = new button($cmdCancel, 'javascript:return_to_group()'); echo '</td></tr></table>'; echo '</td></tr></table>'; if (isset($_REQUEST['query'])) { echo '<table border="0" cellpadding="3" cellspacing="0"><tr><td>'; if ($_REQUEST['query'] != '') { $GO_USERS->search('%' . smart_addslashes($_REQUEST['query']) . '%', smart_addslashes($search_field), $GO_SECURITY->user_id);
echo '<input type="hidden" name="new_sort_order" value="' . $em_settings['sort_order'] . '" />'; echo '<table border="0"><tr>'; echo '<td class="ModuleIcons">'; echo '<a href="javascript:confirm_delete()"><img src="' . $GO_THEME->images['delete_big'] . '" border="0" height="32" width="32" /><br />' . $ml_delete . '</a></td>'; echo '<td class="ModuleIcons">'; echo '<a href="index.php?account_id=' . $account_id . '&mailbox=' . $mailbox . '"><img src="' . $GO_THEME->images['close'] . '" border="0" height="32" width="32" /><br />' . $cmdClose . '</a></td>'; echo '</tr></table>'; $tabtable = new tabtable('search_tab', $ml_search . ' - ' . $account['email'], '100%', ''); $tabtable->print_head(); $subject = isset($_POST['subject']) ? smartstrip(trim($_POST['subject'])) : ''; $from = isset($_POST['from']) ? smartstrip(trim($_POST['from'])) : ''; $to = isset($_POST['to']) ? smartstrip(trim($_POST['to'])) : ''; $cc = isset($_POST['cc']) ? smartstrip(trim($_POST['cc'])) : ''; $body = isset($_POST['body']) ? smartstrip(trim($_POST['body'])) : ''; $before = isset($_POST['before']) ? smartstrip(trim($_POST['before'])) : ''; $since = isset($_POST['since']) ? smartstrip(trim($_POST['since'])) : ''; $before = isset($_POST['before']) ? $_POST['before'] : ''; $since = isset($_POST['since']) ? $_POST['since'] : ''; $flagged = isset($_POST['flagged']) ? $_POST['flagged'] : ''; $answered = isset($_POST['answered']) ? $_POST['answered'] : ''; if ($_SERVER['REQUEST_METHOD'] == 'POST') { //build query if ($subject != '') { $query = 'SUBJECT "' . $subject . '" '; } if ($from != '') { $query .= 'FROM "' . $from . '" '; } if ($to != '') { $query .= 'TO "' . $to . '" '; }
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. */ require "../../Group-Office.php"; //load file management class $GO_SECURITY->authenticate(); $GO_MODULES->authenticate('filesystem'); require $GO_CONFIG->class_path . 'filetypes.class.inc'; require_once $GO_CONFIG->class_path . 'filesystem.class.inc'; require_once 'group_folders.inc'; $fs = new filesystem(); $filetypes = new filetypes(); $path = smartstrip($_REQUEST['path']); $group_folders = get_group_folders($GO_SECURITY->user_id, 0); if (is_group_folder($group_folders, $path) || $fs->has_read_permission($GO_SECURITY->user_id, $path) || $fs->has_write_permission($GO_SECURITY->user_id, $path)) { $filename = basename($path); $extension = get_extension($filename); $type = $filetypes->get_type($extension); $browser = detect_browser(); header('Content-Type: ' . $type['mime']); header('Content-Length: ' . filesize($path)); header('Expires: ' . gmdate('D, d M Y H:i:s') . ' GMT'); if ($browser['name'] == 'MSIE') { header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . $filename . '"'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); } else {
$description = $project['description']; if (isset($active_tab)) { $tabtable->set_active_tab($active_tab); } } else { $name = isset($_GET['name']) ? smartstrip($_GET['name']) : ''; $contact_id = isset($_GET['contact_id']) ? $_GET['contact_id'] : '0'; $comments = isset($_GET['comments']) ? smartstrip($_GET['comments']) : ''; $start_date = isset($_GET['start_date']) ? $_GET['start_date'] : date($_SESSION['GO_SESSION']['date_format'], get_time()); $end_date = isset($_GET['end_date']) ? $_GET['end_date'] : date($_SESSION['GO_SESSION']['date_format'], get_time()); $status = isset($_GET['status']) ? $_GET['status'] : '-3'; $responsible_user_id = isset($_GET['responsible_user_id']) ? $_GET['responsible_user_id'] : $GO_SECURITY->user_id; $fee_id = isset($_GET['fee_id']) ? $_GET['fee_id'] : 0; $probability = isset($_GET['probability']) ? $_GET['probability'] : 0; $budget = isset($_GET['budget']) ? $_GET['budget'] : 0; $description = isset($_GET['description']) ? smartstrip($_GET['description']) : ''; } $datepicker = new date_picker(); $GO_HEADER['head'] = $datepicker->get_header(); $page_title = $lang_modules['projects']; require $GO_THEME->theme_path . "header.inc"; echo '<form method="get" action="' . $_SERVER['PHP_SELF'] . '" name="projects_form">'; echo '<input type="hidden" name="close" value="false" />'; echo '<input type="hidden" name="project_id" value="' . $project_id . '" />'; echo '<input type="hidden" name="task" value="" />'; echo '<input type="hidden" name="return_to" value="' . $return_to . '" />'; $tabtable->print_head(); switch ($tabtable->get_active_tab_id()) { case 'read_permissions': print_acl($project['acl_read'] . '&project_acl=1'); echo '<br />';
</td> </tr> <tr> <td> </td> </tr> <tr> <td> <?php echo $em_new_folder; ?> : </td> <td> <?php $name = isset($_POST['name']) ? htmlspecialchars(smartstrip($_POST['name'])) : ''; ?> <input type="text" class="textbox" name="name" value="<?php echo $name; ?> " maxlength="100" size="30" /> </td> <?php $delimiter = isset($delimiter) ? $delimiter : '/'; echo '<input type="hidden" name="delimiter" value="' . $delimiter . '" />'; echo '<td>' . $ml_inside . '</td>'; echo '<td>'; $parent_folder_name = isset($parent_folder_name) ? $parent_folder_name : ''; $dropbox = new dropbox(); $dropbox->add_value($account['mbroot'], $ml_root_mailbox); for ($i = 0; $i < $mcount; $i++) {
$company['name'] = isset($_REQUEST['name']) ? smartstrip($_REQUEST['name']) : ''; $company['shortname'] = isset($_REQUEST['shortname']) ? smartstrip($_REQUEST['shortname']) : ''; $company['engname'] = isset($_REQUEST['engname']) ? smartstrip($_REQUEST['engname']) : ''; $company['relation_date'] = isset($_REQUEST['relation_date']) ? smartstrip($_REQUEST['relation_date']) : '0'; $company['parent_id'] = isset($_REQUEST['parent_id']) ? smartstrip($_REQUEST['parent_id']) : '0'; $company['address'] = isset($_REQUEST['address']) ? smartstrip($_REQUEST['address']) : ''; $company['zip'] = isset($_REQUEST['zip']) ? smartstrip($_REQUEST['zip']) : ''; $company['city'] = isset($_REQUEST['city']) ? smartstrip($_REQUEST['city']) : ''; $company['state'] = isset($_REQUEST['state']) ? smartstrip($_REQUEST['state']) : ''; $company['email'] = isset($_REQUEST['email']) ? smartstrip($_REQUEST['email']) : ''; $company['country'] = isset($_REQUEST['country']) ? smartstrip($_REQUEST['country']) : ''; $company['phone'] = isset($_REQUEST['phone']) ? smartstrip($_REQUEST['phone']) : ''; $company['fax'] = isset($_REQUEST['fax']) ? smartstrip($_REQUEST['fax']) : ''; $company['homepage'] = isset($_REQUEST['homepage']) ? smartstrip($_REQUEST['homepage']) : 'http://'; $company['bank_no'] = isset($_REQUEST['bank_no']) ? smartstrip($_REQUEST['bank_no']) : ''; $company['vat_no'] = isset($_REQUEST['vat_no']) ? smartstrip($_REQUEST['vat_no']) : ''; $company['acl_write'] = 0; } $addressbook_id = isset($old_subscribed_addressbook_id) && $old_subscribed_addressbook_id > 0 ? $subscribed_addressbook_id : $company['addressbook_id']; $subscribed_addressbook_id = $addressbook_id; $cp = new addressbook(); $parent_dropbox = new dropbox(); $company['parent_id'] = 0; if ($company_id) { $cp->get_company($company_id); $company['parent_id'] = $cp->f('parent'); } $count = $cp->get_companies($addressbook_id); $parent_dropbox->add_value(0, $strNone); if ($count) { while ($cp->next_record()) {
// The field that is interesting is the id of the original message. $msgid = $msg->long_id; } else { // Ok, we are generating a new message, so there is no message id // of an old message and we set the id to 0. $msgid = 0; } // Next step is to find out who we are to generate the correct // from address... $sender = $_SESSION['GO_SESSION']["name"] . " <" . $_SESSION['GO_SESSION']["email"] . ">"; // Now we have all information we need to post the new message. So // we can do it. // TODO add some checks if subject and body is valid. // TODO $retval should include the message id of the new message so // we can display the correct thread if we just started a new one. $retval = $nntp->postMessage($_POST['newsgroup'], $sender, $msgid, smartstrip($_POST['news_subj']), smartstrip($_POST['news_body'])); // If the message was posted successfully we can inform the user // about this. // TODO also inform the user if sending failed if ($retval) { // TODO replace hardcoded message with variable in language-file echo "<h1>Nachricht erfolgreich gesendet.</h1>\n"; } } // We do not break here because we like to see the thread to which the // posted message belongs. For the user this is an additional check if // the message was posted correctly... // Display only one thread of a specific newsgroup. // We do not break here because we like to see the thread to which the // posted message belongs. For the user this is an additional check if // the message was posted correctly...
if (isset($_POST['folders'])) { for ($i = 0; $i < count($_POST['folders']); $i++) { $folder = smartstrip($_POST['folders'][$i]); if (!$fs->delete($folder)) { $popup_feedback .= access_denied_box(basename($folder)); } } } require 'listview.inc'; break; case 'access_denied': require $GO_CONFIG->root_path . 'error_docs/403.inc'; break; case 'new_folder': if ($_SERVER['REQUEST_METHOD'] == 'POST') { $name = smartstrip($_POST['name']); if ($name == '') { $feedback = '<p class="Error">' . $error_missing_field . '</p>'; require 'new_folder.inc'; } elseif ($name[0] == '.') { $feedback = '<p class="Error">' . $name_width_dot_at_begin . '</p>'; require 'new_folder.inc'; } elseif (!validate_input($name)) { $feedback = '<p class="Error">' . $invalid_chars . ': " & ? / \\</p>'; require 'new_folder.inc'; } elseif ($fs->chroot_file_exists($path . '/' . $name)) { $feedback = '<p class="Error">' . $fbFolderExists . '</p>'; require 'new_folder.inc'; } elseif (!@$fs->chroot_mkdir($path . '/' . $name, $GO_CONFIG->create_mode)) { $feedback = '<p class="Error">' . $strSaveError . '</p>'; require 'new_folder.inc';
$button = new button($cmdClose, "javascript:document.location='" . $return_to . "';"); break; default: if ($site_id > 0) { $name = $site['name']; $domain = $site['domain']; $description = $site['description']; $keywords = $site['keywords']; $template_id = $site['template_id']; $secure_check = $site['acl_read'] > 0 ? true : false; $display_type = $site['display_type']; } else { $name = isset($_POST['name']) ? smartstrip($_POST['name']) : ''; $domain = isset($_POST['domain']) ? smartstrip($_POST['domain']) : ''; $description = isset($_POST['description']) ? smartstrip($_POST['description']) : ''; $keywords = isset($_POST['keywords']) ? smartstrip($_POST['keywords']) : ''; $secure_check = isset($_POST['secure']) ? true : false; $template_id = isset($_POST['template_id']) ? $_POST['template_id'] : ''; $display_type = isset($_POST['display_type']) ? $_POST['display_type'] : NORMAL_DISPLAY; } if ($cms->get_authorized_templates($GO_SECURITY->user_id) == 0) { echo '<br />'; echo $cms_no_themes; echo '<br /><br />'; $button = new button($cmdOk, "javascript:document.location='" . $GO_MODULES->url . "index.php?tabindex=1';"); } else { ?> <input type="hidden" name="task" /> <br /> <table border="0" cellpadding="4" cellspacing="0"> <?php
$event['repeat_end_date'] = isset($_POST['repeat_end_date']) ? $_POST['repeat_end_date'] : $requested_date; $event['repeat_type'] = isset($_POST['repeat_type']) ? $_POST['repeat_type'] : REPEAT_NONE; $event['all_day_event'] = isset($_POST['all_day_event']) ? $_POST['all_day_event'] : '0'; $event['repeat_forever'] = isset($_POST['repeat_forever']) ? $_POST['repeat_forever'] : '0'; $event['repeat_every'] = isset($_POST['repeat_every']) ? $_POST['repeat_every'] : '0'; $event['month_time'] = isset($_POST['month_time']) ? $_POST['month_time'] : '0'; $event['sun'] = isset($_POST['repeat_days_0']) ? true : false; $event['mon'] = isset($_POST['repeat_days_1']) ? true : false; $event['tue'] = isset($_POST['repeat_days_2']) ? true : false; $event['wed'] = isset($_POST['repeat_days_3']) ? true : false; $event['thu'] = isset($_POST['repeat_days_4']) ? true : false; $event['fri'] = isset($_POST['repeat_days_5']) ? true : false; $event['sat'] = isset($_POST['repeat_days_6']) ? true : false; $event['reminder'] = isset($_POST['reminder']) ? $_POST['reminder'] : '0'; $event['background'] = isset($_POST['background']) ? $_POST['background'] : 'FFFFCC'; $event['location'] = isset($_POST['location']) ? smartstrip($_POST['location']) : ''; $event['permissions'] = isset($_POST['permissions']) ? $_POST['permissions'] : 'everybody_read'; } $datepicker = new date_picker(); $GO_HEADER['head'] = $datepicker->get_header(); require $GO_THEME->theme_path . 'header.inc'; if ($ab_module) { $ab->enable_contact_selector(); } echo '<form name="event_form" method="post" action="' . $_SERVER['PHP_SELF'] . '">'; echo '<input type="hidden" name="calendar_id" value="' . $calendar_id . '" />'; echo '<input type="hidden" name="event_id" value="' . $event_id . '" />'; echo '<input type="hidden" name="task" value="" />'; echo '<input type="hidden" name="close" value="false" />'; echo '<input type="hidden" name="emptyform" value="false" />'; echo '<input type="hidden" name="return_to" value="' . $return_to . '" />';
$_SESSION['copy_folders'] = isset($_POST['folders']) ? $_POST['folders'] : array(); $_SESSION['cut_folders'] = array(); $_SESSION['cut_files'] = array(); $task = ''; break; case 'paste': while ($file = smartstrip(array_shift($_SESSION['cut_files']))) { $cms->move_file($file, $folder_id); } while ($file = smartstrip(array_shift($_SESSION['copy_files']))) { $cms->copy_file($file, $folder_id); } while ($folder = smartstrip(array_shift($_SESSION['cut_folders']))) { $cms->move_folder($folder, $folder_id); } while ($folder = smartstrip(array_shift($_SESSION['copy_folders']))) { $cms->copy_folder($folder, $folder_id); } break; } //set the page title for the header file $page_title = $lang_modules['cms']; //require the header file. This will draw the logo's and the menu require $GO_THEME->theme_path . "header.inc"; echo '<form name="cms" method="post" action="' . $_SERVER['PHP_SELF'] . '" enctype="multipart/form-data">'; echo '<input type="hidden" name="site_id" value="' . $site_id . '" />'; switch ($task) { case 'upload': require 'upload.inc'; break; case 'add_folder':
echo '<table border="0" cellpadding="2" cellspacing="0">'; if (isset($feedback)) { echo '<tr><td colspan="2" class="Error">' . $feedback . '</td></tr>'; } echo '<tr><td>' . $strName . ': </td>' . '<td><input type="text" class="textbox" maxlength="50" name="name" style="width: 300px;" value="' . htmlspecialchars($todo['name']) . '" /></td></tr>' . '<tr><td>'; $ab_module = $GO_MODULES->get_module('addressbook'); if (!$ab_module || !($GO_SECURITY->has_permission($GO_SECURITY->user_id, $ab_module['acl_read']) || $GO_SECURITY->has_permission($GO_SECURITY->user_id, $ab_module['acl_write']))) { $ab_module = false; } else { require_once $ab_module['path'] . 'classes/addressbook.class.inc'; } if ($todo['res_user_id'] > 0 && ($user = $GO_USERS->get_user($todo['res_user_id']))) { $middle_name = $user['middle_name'] == '' ? '' : $user['middle_name'] . ' '; $user_name = htmlspecialchars($user['last_name'] . ' ' . $middle_name . $user['first_name']); } else { $user_name = isset($_REQUEST['user_name']) ? htmlspecialchars(smartstrip($_REQUEST['user_name'])) : ''; } $select = new select('user', 'todo_form', 'res_user_id', $todo['res_user_id']); echo '<tr><td>'; $select->print_link($cal_responsible); echo ':</td><td>'; $select->print_field(); echo '</td></tr>'; if ($ab_module) { $select = new select('contact', 'todo_form', 'contact_id', $todo['contact_id']); echo '<tr><td>'; $select->print_link($sc_client); echo ':</td><td>'; $select->print_field(); echo '</td></tr>'; } else {
if (!$fs->has_read_permission($GO_SECURITY->user_id, $path)) { header('Location: ' . $GO_CONFIG->host . 'error_docs/401.php'); exit; } $attachments_size = 0; if (isset($_SESSION['attach_array'])) { for ($i = 1; $i <= sizeof($_SESSION['attach_array']); $i++) { $attachments_size += $_SESSION['attach_array'][$i]->file_size; } } if (isset($_REQUEST['files'])) { for ($i = 0; $i < count($_REQUEST['files']); $i++) { $attachments_size += filesize(smartstrip($_REQUEST['files'][$i])); } if ($attachments_size < $GO_CONFIG->max_attachment_size) { while ($file = smartstrip(array_shift($_REQUEST['files']))) { $tmp_file = $GO_CONFIG->tmpdir . md5(uniqid(time())); if (copy($file, $tmp_file)) { $filename = basename($file); $extension = get_extension($filename); if (!($type = $filetypes->get_type($extension))) { $type = $filetypes->add_type($extension); } $email->register_attachment($tmp_file, $filename, filesize($file), $type['mime'], 'attachment'); } } } else { $task = 'too_big'; } } else { if (isset($path) && !is_dir($path)) {
$project_id = $note['project_id']; $user_id = $note['user_id']; $file_path = $note['file_path']; $content = $note['content']; $catagory_id = $note['catagory_id']; $due_date = $note['due_date'] > 0 ? date($_SESSION['GO_SESSION']['date_format'], $note['due_date']) : ''; $responsible_user_id = $note['res_user_id']; $ctime = date($_SESSION['GO_SESSION']['date_format'] . ' ' . $_SESSION['GO_SESSION']['time_format'], $note['ctime'] + $_SESSION['GO_SESSION']['timezone'] * 3600); $mtime = date($_SESSION['GO_SESSION']['date_format'] . ' ' . $_SESSION['GO_SESSION']['time_format'], $note['mtime'] + $_SESSION['GO_SESSION']['timezone'] * 3600); } else { $name = isset($_REQUEST['name']) ? smartstrip($_REQUEST['name']) : ''; $catagory_id = isset($_REQUEST['catagory_id']) ? $_REQUEST['catagory_id'] : '0'; $contact_id = isset($_REQUEST['contact_id']) ? $_REQUEST['contact_id'] : '0'; $project_id = isset($_REQUEST['project_id']) ? $_REQUEST['project_id'] : '0'; $file_path = isset($_REQUEST['file_path']) ? smartstrip($_REQUEST['file_path']) : ''; $content = isset($_REQUEST['content']) ? smartstrip($_REQUEST['content']) : ''; $user_id = isset($_REQUEST['user_id']) ? $_REQUEST['user_id'] : $GO_SECURITY->user_id; $responsible_user_id = isset($_REQUEST['responsible_user_id']) ? $_REQUEST['responsible_user_id'] : $GO_SECURITY->user_id; $due_date = isset($_REQUEST['due_date']) ? $_REQUEST['due_date'] : ''; $ctime = date($_SESSION['GO_SESSION']['date_format'], get_time()); $mtime = date($_SESSION['GO_SESSION']['date_format'], get_time()); } if ($note) { $write_permissions = $GO_SECURITY->has_permission($GO_SECURITY->user_id, $note['acl_write']); $read_permissions = $GO_SECURITY->has_permission($GO_SECURITY->user_id, $note['acl_read']); } else { $write_permissions = true; $read_permissions = true; } if (!$write_permissions && !$read_permissions) { header('Location: ' . $GO_CONFIG->host . 'error_docs/403.php');
exit; } if ($tp_plugin) { $template_count = $tp->get_subscribed_templates($GO_SECURITY->user_id, EMAIL_TEMPLATE); } if ($_SERVER['REQUEST_METHOD'] != "POST" && $tp_plugin && $template_id == 0 && $template_count > 0) { require $GO_THEME->theme_path . "header.inc"; echo '<form name="sendform" method="post" action="' . $_SERVER['PHP_SELF'] . '">'; if ($uid > 0) { echo '<input type="hidden" name="account_id" value="' . $_REQUEST['account_id'] . '" />'; echo '<input type="hidden" name="uid" value="' . $uid . '" />'; echo '<input type="hidden" name="mailbox" value="' . $_REQUEST['mailbox'] . '" />'; echo '<input type="hidden" name="action" value="' . $_REQUEST['action'] . '" />'; } echo '<input type="hidden" name="mail_subject" value="' . $mail_subject . '" />'; echo '<input type="hidden" name="mail_body" value="' . smartstrip($mail_body, true) . '" />'; echo '<input type="hidden" name="mail_to" value="' . $mail_to . '" />'; echo '<input type="hidden" name="mail_cc" value="' . $mail_cc . '" />'; echo '<input type="hidden" name="mail_bcc" value="' . $mail_bcc . '" />'; echo '<input type="hidden" name="mail_from" value="' . $mail_from . '" />'; echo '<input type="hidden" name="contact_id" value="' . $contact_id . '" />'; echo '<input type="hidden" name="template_id" />'; echo '<input type="hidden" name="mailing_group_id" value="' . $mailing_group_id . '" />'; echo '<input type="hidden" name="sendaction" value="load_template" />'; //get the addressbook language file echo '<table border="0" width="100%"><tr><td align="center">'; require $GO_LANGUAGE->get_language_file('addressbook'); $tabtable = new tabtable('templates_tab', $ab_templates, '600', '400'); $tabtable->print_head(); echo '<table border="0" cellpadding="10" cellspacing="0"><tr><td>'; echo $ab_select_template;
$vnconv->set_to("ascii"); $browser = detect_browser(); header("Content-type: text/x-csv"); header('Expires: ' . gmdate('D, d M Y H:i:s') . ' GMT'); if ($browser['name'] == 'MSIE') { header("Content-Disposition: inline; filename=\"" . $vnconv->vnconv($addressbook['name']) . "-" . $_POST['export_type'] . ".csv\""); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); } else { header('Pragma: no-cache'); header("Content-Disposition: attachment; filename=\"" . $vnconv->vnconv($addressbook['name']) . ".csv\""); } $vnconv->set_to($_POST['encoding'] == "none" || $_POST['encoding'] == "utf16" ? '' : $_POST['encoding']); $utf16 = $_POST['encoding'] == 'utf16'; $quote = smartstrip($_POST['quote']); $crlf = smartstrip($_POST['crlf']); $crlf = str_replace('\\r', "\r", $crlf); $crlf = str_replace('\\n', "\n", $crlf); $crlf = str_replace('\\t', "\t", $crlf); switch ($_POST['seperator']) { case 'comma': $seperator = ','; break; case 'semicolon': $seperator = ';'; break; case 'colon': $seperator = ':'; break; case 'tab': $seperator = "\t";
} } if ($filename == '') { $filename = basename($_SESSION['email_tmp_file']); } else { $filename = smartstrip($filename); } if (isset($task) && $task == 'GO_HANDLER') { require $GO_CONFIG->class_path . 'filesystem.class.inc'; $fs = new filesystem(); if (file_exists(smartstrip($_REQUEST['path']) . '/' . $filename)) { $feedback = '<p class="Error">' . $fbNameExists . '</p>'; } elseif (!$fs->has_write_permission($GO_SECURITY->user_id, smartstrip($_REQUEST['path']))) { $feedback = '<p class="Error">' . $strAccessDenied . ': ' . smartstrip($_REQUEST['path']) . '</p>'; } else { $new_path = smartstrip($_REQUEST['path']) . '/' . $filename; if ($fs->move($_SESSION['email_tmp_file'], $new_path)) { $old_umask = umask(00); chmod($new_path, $GO_CONFIG->create_mode); umask($old_umask); unset($_SESSION['tmp_account_id']); unset($_SESSION['email_tmp_file']); echo "<script type=\"text/javascript\" language=\"javascript\">\n"; echo "window.close()\n"; echo "</script>\n"; } else { $feedback = '<p class="Error">' . $strSaveError . '</p>'; } } } if (isset($_REQUEST['account_id'])) {
$val->validate_input(); $val->name = "newpass1"; $val->match1 = $_POST['newpass1']; $val->match2 = $_POST['newpass2']; $val->validate_input(); if ($val->validated == true) { if (!$GO_USERS->check_password(smartstrip($_POST['currentpassword']))) { $feedback = "<p class=\"Error\">" . $security_wrong_password . "</p>"; } else { if ($_POST['newpass1'] != "") { if ($GO_USERS->update_password($GO_SECURITY->user_id, smartstrip($_POST['newpass1']), smartstrip($_POST['currentpassword']))) { $email_module = $GO_MODULES->get_module('email'); if ($email_module) { require_once $email_module['class_path'] . 'email.class.inc'; $email = new email(); $email->re_encrypt_email($GO_SECURITY->user_id, smartstrip($_POST['currentpassword']), smartstrip($_POST['newpass1'])); } $feedback = "<p class=\"Success\">" . $security_password_update . "</p>"; if ($_POST['close'] == 'true') { header('Location: ' . $return_to); exit; } } else { $feedback = "<p class=\"Error\">" . $strSaveError . "</p>"; } } } } break; } $profile = $GO_USERS->get_user($GO_SECURITY->user_id);
$contact['sex'] = isset($_REQUEST['sex']) ? smartstrip($_REQUEST['sex']) : 'M'; $birthday = isset($_REQUEST['birthday']) ? smartstrip($_REQUEST['birthday']) : ''; $contact['email'] = isset($_REQUEST['email']) ? smartstrip($_REQUEST['email']) : ''; $contact['work_phone'] = isset($_REQUEST['work_phone']) ? smartstrip($_REQUEST['work_phone']) : ''; $contact['home_phone'] = isset($_REQUEST['home_phone']) ? smartstrip($_REQUEST['home_phone']) : ''; $contact['fax'] = isset($_REQUEST['fax']) ? smartstrip($_REQUEST['fax']) : ''; $contact['cellular'] = isset($_REQUEST['cellular']) ? smartstrip($_REQUEST['cellular']) : ''; $contact['country'] = isset($_REQUEST['country']) ? smartstrip($_REQUEST['country']) : ''; $contact['state'] = isset($_REQUEST['state']) ? smartstrip($_REQUEST['state']) : ''; $contact['city'] = isset($_REQUEST['city']) ? smartstrip($_REQUEST['city']) : ''; $contact['zip'] = isset($_REQUEST['zip']) ? smartstrip($_REQUEST['zip']) : ''; $contact['address'] = isset($_REQUEST['address']) ? smartstrip($_REQUEST['address']) : ''; $contact['department'] = isset($_REQUEST['department']) ? smartstrip($_REQUEST['department']) : ''; $contact['function'] = isset($_REQUEST['function']) ? smartstrip($_REQUEST['function']) : ''; $contact['comment'] = isset($_REQUEST['comment']) ? smartstrip($_REQUEST['comment']) : ''; $contact['color'] = isset($_REQUEST['color']) ? smartstrip($_REQUEST['color']) : '000000'; $contact['source_id'] = isset($_REQUEST['source_id']) ? $_REQUEST['source_id'] : ''; $contact['group_id'] = isset($_REQUEST['group_id']) ? $_REQUEST['group_id'] : ''; $contact['company_name'] = isset($_REQUEST['company_name']) ? $_REQUEST['company_name'] : ''; if ($company_id && ($company = $ab->get_company($company_id))) { $contact['company_name'] = $company['name']; $contact['company_id'] = $company_id; } else { $contact['company_id'] = isset($contact['company_id']) ? $contact['company_id'] : 0; } } if ($task == 'update') { $contact = $GO_USERS->get_user($contact['source_id']); $contact["source_id"] = $_POST['source_id']; $contact['comment'] = $_POST['comment']; $contact['group_id'] = $_POST['group_id'];
option) any later version. */ require "../../Group-Office.php"; $GO_SECURITY->authenticate(); $GO_MODULES->authenticate('email'); require $GO_CONFIG->class_path . "imap.class.inc"; require $GO_MODULES->class_path . "email.class.inc"; require $GO_CONFIG->class_path . 'filetypes.class.inc'; $filetypes = new filetypes(); $mail = new imap(); $email = new email(); $account = $email->get_account($_REQUEST['account_id']); if ($mail->open($account['host'], $account['type'], $account['port'], $account['username'], $GO_CRYPTO->decrypt($account['password']), $_REQUEST['mailbox'], 0, $account['use_ssl'], $account['novalidate_cert'])) { $file = $mail->view_part($_REQUEST['uid'], $_REQUEST['part'], $_REQUEST['transfer'], $_REQUEST['mime']); $mail->close(); $filename = smartstrip($_REQUEST['filename']); $extension = get_extension($filename); $type = $filetypes->get_type($extension); $browser = detect_browser(); //header('Content-Length: '.strlen($file)); header('Expires: ' . gmdate('D, d M Y H:i:s') . ' GMT'); if ($browser['name'] == 'MSIE') { header('Content-Type: application/download'); header('Content-Disposition: attachment; filename="' . $filename . '"'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); } else { header('Content-Type: ' . $type['mime']); header('Pragma: no-cache'); header('Content-Disposition: attachment; filename="' . $filename . '"'); }
require "../../Group-Office.php"; $GO_SECURITY->authenticate(); $GO_MODULES->authenticate('email'); require $GO_CONFIG->class_path . "imap.class.inc"; require $GO_MODULES->class_path . "email.class.inc"; require $GO_LANGUAGE->get_language_file('email'); $mail = new imap(); $email = new email(); $em_settings = $email->get_settings($GO_SECURITY->user_id); $account_id = isset($_REQUEST['account_id']) ? $_REQUEST['account_id'] : 0; $task = isset($_REQUEST['task']) ? $_REQUEST['task'] : ''; $uid = isset($_REQUEST['uid']) ? $_REQUEST['uid'] : 0; $max_rows = isset($_REQUEST['max_rows']) ? $_REQUEST['max_rows'] : $_SESSION['GO_SESSION']['max_rows_list']; $first_row = isset($_REQUEST['first_row']) ? $_REQUEST['first_row'] : 0; $table_tabindex = isset($_REQUEST['table_tabindex']) ? $_REQUEST['table_tabindex'] : null; $mailbox = isset($_REQUEST['mailbox']) ? smartstrip($_REQUEST['mailbox']) : 'INBOX'; $link_back = $GO_MODULES->url . 'index.php?account_id=' . $account_id . '&mailbox=' . $mailbox . '&first_row=' . $first_row; if (!($account = $email->get_account($account_id))) { $account = $email->get_account(0); } if ($account && $account["user_id"] != $GO_SECURITY->user_id) { header('Location: ' . $GO_CONFIG->host . 'error_docs/403.php'); exit; } $disable_accounts = $GO_CONFIG->get_setting('em_disable_accounts') == 'true' ? true : false; $page_title = $lang_modules['email']; $GO_HEADER['head'] = '<script type="text/javascript" src="' . $GO_MODULES->url . 'email.js"></script>'; require $GO_THEME->theme_path . "header.inc"; ?> <table border="0" cellspacing="0" cellpadding="0"> <tr>
$state = smart_addslashes($_POST["state"]); $city = smart_addslashes($_POST["city"]); $zip = smart_addslashes($_POST["zip"]); $address = smart_addslashes($_POST["address"]); $department = smart_addslashes($_POST["department"]); $function = smart_addslashes($_POST["function"]); $company = smart_addslashes($_POST["company"]); $work_country = smart_addslashes($_POST["work_country"]); $work_state = smart_addslashes($_POST["work_state"]); $work_city = smart_addslashes($_POST["work_city"]); $work_zip = smart_addslashes($_POST["work_zip"]); $work_address = smart_addslashes($_POST["work_address"]); $work_fax = smart_addslashes($_POST["work_fax"]); $homepage = smart_addslashes($_POST["homepage"]); $pass1 = smartstrip($_POST["pass1"]); $pass2 = smartstrip($_POST["pass2"]); $username = smart_addslashes($_POST['username']); $val->error_required = $error_required; $val->error_min_length = $error_min_length; $val->error_max_length = $error_max_length; $val->error_expression = $error_email; $val->name = "first_name"; $val->input = $first_name; $val->max_length = 50; $val->required = true; $val->validate_input(); $val->name = "last_name"; $val->input = $last_name; $val->max_length = 50; $val->required = true; $val->validate_input();
} } } } else { $feedback = "<p class=\"Error\">" . $error_missing_field . "</p>"; } break; } if ($calendar_id > 0) { $calendar = $cal->get_calendar($calendar_id); $title = $calendar['name']; $has_write_permission = $GO_SECURITY->has_permission($GO_SECURITY->user_id, $calendar['acl_write']); } else { $calendar['start_hour'] = isset($_POST['calendar_start_hour']) ? $_POST['calendar_start_hour'] : '07'; $calendar['end_hour'] = isset($_POST['calendar_end_hour']) ? $_POST['calendar_end_hour'] : '20'; $calendar['name'] = isset($_POST['name']) ? smartstrip($_POST['name']) : ''; $title = $sc_new_calendar; $has_write_permission = true; } $tabtable = new tabtable('calendar', $title, '100%', '400', '120', '', true); if ($calendar_id > 0) { $tabtable->add_tab('calendar', $strProperties); $tabtable->add_tab('holidays', $sc_holidays); if ($has_write_permission) { $tabtable->add_tab('import', $cal_import); } $tabtable->add_tab('read_permissions', $strReadRights); $tabtable->add_tab('write_permissions', $strWriteRights); } if ($tabtable->get_active_tab_id() == 'holidays') { $datepicker = new date_picker();