Esempi di codice in PHP per tfb_cleanFileName

Esempio n. 1

0

Mostra file

File: functions.dispatcher.php Progetto: sulaweyo/torrentflux-b4rt-php7

/**
 * _dispatcher_processUpload
 *
 * @param $name
 * @param $tmp_name
 * @param $size
 * @param $actionId
 * @param &$uploadMessages
 * @param &$tStack
 * @return bool
 */
function _dispatcher_processUpload($name, $tmp_name, $size, $actionId, &$uploadMessages, &$tStack)
{
    global $cfg;
    $filename = tfb_cleanFileName(stripslashes($name));
    if ($filename === false) {
        // invalid file
        array_push($uploadMessages, "The type of file " . stripslashes($name) . " is not allowed.");
        array_push($uploadMessages, "\nvalid file-extensions: ");
        array_push($uploadMessages, $cfg["file_types_label"]);
        return false;
    } else {
        // file is valid
        if (substr($filename, -5) == ".wget") {
            // is enabled ?
            if ($cfg["enable_wget"] == 0) {
                AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to upload wget-file " . $filename);
                array_push($uploadMessages, "wget is disabled  : " . $filename);
                return false;
            } else {
                if ($cfg["enable_wget"] == 1) {
                    if (!$cfg['isAdmin']) {
                        AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to upload wget-file " . $filename);
                        array_push($uploadMessages, "wget is disabled for users : " . $filename);
                        return false;
                    }
                }
            }
        } else {
            if (substr($filename, -4) == ".nzb") {
                // is enabled ?
                if ($cfg["enable_nzbperl"] == 0) {
                    AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to upload nzb-file " . $filename);
                    array_push($uploadMessages, "nzbperl is disabled  : " . $filename);
                    return false;
                } else {
                    if ($cfg["enable_nzbperl"] == 1) {
                        if (!$cfg['isAdmin']) {
                            AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to upload nzb-file " . $filename);
                            array_push($uploadMessages, "nzbperl is disabled for users : " . $filename);
                            return false;
                        }
                    }
                }
            }
        }
        if ($size <= $cfg["upload_limit"] && $size > 0) {
            //FILE IS BEING UPLOADED
            if (@is_file($cfg["transfer_file_path"] . $filename)) {
                // Error
                array_push($uploadMessages, "the file " . $filename . " already exists on the server.");
                return false;
            } else {
                if (@move_uploaded_file($tmp_name, $cfg["transfer_file_path"] . $filename)) {
                    @chmod($cfg["transfer_file_path"] . $filename, 0644);
                    AuditAction($cfg["constants"]["file_upload"], $filename);
                    // inject
                    injectTransfer($filename);
                    // instant action ?
                    if ($actionId > 1) {
                        array_push($tStack, $filename);
                    }
                    // return
                    return true;
                } else {
                    array_push($uploadMessages, "File not uploaded, file could not be found or could not be moved: " . $cfg["transfer_file_path"] . $filename);
                    return false;
                }
            }
        } else {
            array_push($uploadMessages, "File not uploaded, file size limit is " . $cfg["upload_limit"] . ". file has " . $size);
            return false;
        }
    }
}

Esempio n. 2

0

Mostra file

File: FluxCLI.php Progetto: sulaweyo/torrentflux-b4rt-php7

 /**
  * Inject Transfer
  *
  * @param $transferFile
  * @param $username
  * @param $options
  * @param array $extra
  * @return mixed
  */
 function _inject($transferFile, $username, $options = '', $extra = array())
 {
     global $cfg;
     // check file
     if (!@is_file($transferFile)) {
         $this->_outputError("transfer-file " . $transferFile . " is no file.\n");
         return false;
     }
     // check username
     if (!IsUser($username)) {
         $this->_outputError("username " . $username . " is no valid user.\n");
         return false;
     }
     // parse options
     $optionsSet = $this->_parseOptions(array('d' => 0, 's' => 0, 'p' => 1), $options, $extra);
     if ($optionsSet === false) {
         return false;
     }
     $profile = isset($optionsSet['p']) ? $optionsSet['p'][0] : null;
     $this->_outputMessage("Inject " . $transferFile . " for user " . $username . (!empty($profile) ? " using profile " . $profile : '') . " ...\n");
     // set user
     $cfg["user"] = $username;
     // set filename
     $transfer = basename($transferFile);
     $transfer = tfb_cleanFileName($transfer);
     // only inject valid transfers
     $msgs = array();
     if ($transfer !== false) {
         $targetFile = $cfg["transfer_file_path"] . $transfer;
         if (@is_file($targetFile)) {
             array_push($msgs, "transfer " . $transfer . ", already exists.");
         } else {
             $this->_outputMessage("copy " . $transferFile . " to " . $targetFile . " ...\n");
             if (@copy($transferFile, $targetFile)) {
                 // chmod
                 @chmod($cfg["transfer_file_path"] . $transfer, 0644);
                 // make owner entry
                 AuditAction($cfg["constants"]["file_upload"], $transfer);
                 // inject
                 $this->_outputMessage("injecting " . $transfer . " ...\n");
                 injectTransfer($transfer);
                 // delete source-file
                 if (isset($optionsSet['d'])) {
                     $this->_outputMessage("deleting source-file " . $transferFile . " ...\n");
                     @unlink($transferFile);
                 }
                 // start
                 if (isset($optionsSet['s'])) {
                     // build args for _transferStart
                     $newOptions = $this->_buildOptions('p', $optionsSet);
                     // Pass-thru option 'p'.
                     return $this->_transferStart($transfer, $newOptions[0], $newOptions[1]);
                 } else {
                     return true;
                 }
             } else {
                 array_push($msgs, "File could not be copied: " . $transferFile);
             }
         }
     } else {
         array_push($msgs, "The type of file you are injecting is not allowed.");
         array_push($msgs, "valid file-extensions: ");
         array_push($msgs, $cfg["file_types_label"]);
     }
     if (count($msgs) == 0) {
         $this->_outputMessage("done.\n");
         return true;
     } else {
         $this->_outputError("failed: " . implode("\n", $msgs) . "\n");
         return false;
     }
 }

Esempio n. 3

0

Mostra file

File: Rssd.php Progetto: sulaweyo/torrentflux-b4rt-php7

 /**
  * download and save a torrent-file
  *
  * @return boolean
  */
 function _saveTorrent($url, $title)
 {
     global $cfg;
     $content = SimpleHTTP::getTorrent($url);
     if (SimpleHTTP::getState() == SIMPLEHTTP_STATE_OK) {
         // filename
         $filename = SimpleHTTP::getFilename();
         if ($filename != "") {
             $filename = strpos($filename, ".torrent") !== false ? tfb_cleanFileName($filename) : tfb_cleanFileName($filename . ".torrent");
         }
         if ($filename == "" || $filename === false || transferExists($filename)) {
             $filename = tfb_cleanFileName($title . ".torrent");
             if ($filename === false || transferExists($filename)) {
                 $filename = tfb_cleanFileName($url . ".torrent");
                 if ($filename === false || transferExists($filename)) {
                     $filename = tfb_cleanFileName(md5($url . strval(@microtime())) . ".torrent");
                     if ($filename === false || transferExists($filename)) {
                         // Error
                         $msg = "failed to get a valid transfer-filename for " . $url;
                         array_push($this->messages, $msg);
                         AuditAction($cfg["constants"]["error"], "Rssd downloadMetafile-Error : " . $msg);
                         $this->_outputError($msg . "\n");
                         return false;
                     }
                 }
             }
         }
         // file
         $file = $this->_dirSave . $filename;
         // check if file already exists
         if (@is_file($file)) {
             // Error
             $msg = "the file " . $file . " already exists in " . $this->_dirSave;
             array_push($this->messages, $msg);
             AuditAction($cfg["constants"]["error"], "Rssd downloadMetafile-Error : " . $msg);
             $this->_outputError($msg . "\n");
             return false;
         }
         // write file
         $handle = false;
         $handle = @fopen($file, "w");
         if (!$handle) {
             $msg = "cannot open " . $file . " for writing.";
             array_push($this->messages, $msg);
             AuditAction($cfg["constants"]["error"], "Rssd downloadMetafile-Error : " . $msg);
             $this->_outputError($msg . "\n");
             return false;
         }
         $result = @fwrite($handle, $content);
         @fclose($handle);
         if ($result === false) {
             $msg = "cannot write content to " . $file . ".";
             array_push($this->messages, $msg);
             AuditAction($cfg["constants"]["error"], "Rssd downloadMetafile-Error : " . $msg);
             $this->_outputError($msg . "\n");
             return false;
         }
         // add to file-array
         array_push($this->_filesSaved, array('url' => $url, 'title' => $title, 'filename' => $filename, 'file' => $file));
         // output
         $this->_outputMessage("torrent saved : \n url: " . $url . "\n file: " . $file . "\n");
         // return
         return true;
     } else {
         // last op was not ok
         $msgs = SimpleHTTP::getMessages();
         $this->_outputError("could not download torrent with title " . $title . " from url " . $url . " : \n" . implode("\n", $msgs));
         return false;
     }
 }

Esempio n. 4

0

Mostra file

File: functions.compat.tf.php Progetto: ThYpHo0n/torrentflux

/**
 * Function with which metafiles are uploaded and injected
 *
 * @deprecated
 */
function compat_tf_processUpload()
{
    global $cfg;
    $filename = "";
    $uploadMessages = array();
    if (isset($_FILES['upload_file']) && !empty($_FILES['upload_file']['name'])) {
        $filename = stripslashes($_FILES['upload_file']['name']);
        $filename = tfb_cleanFileName($filename);
        if ($filename === false) {
            // invalid file
            array_push($uploadMessages, "The type of file you are uploading is not allowed.");
            array_push($uploadMessages, "\nvalid file-extensions: ");
            array_push($uploadMessages, $cfg["file_types_label"]);
        } else {
            // file is valid
            if (substr($filename, -5) == ".wget") {
                // is enabled ?
                if ($cfg["enable_wget"] == 0) {
                    AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to upload wget-file " . $filename);
                    @error("wget is disabled", "", "");
                } else {
                    if ($cfg["enable_wget"] == 1) {
                        if (!$cfg['isAdmin']) {
                            AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to upload wget-file " . $filename);
                            @error("wget is disabled for users", "", "");
                        }
                    }
                }
            } else {
                if (substr($filename, -4) == ".nzb") {
                    // is enabled ?
                    if ($cfg["enable_nzbperl"] == 0) {
                        AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to upload nzb-file " . $filename);
                        @error("nzbperl is disabled", "", "");
                    } else {
                        if ($cfg["enable_nzbperl"] == 1) {
                            if (!$cfg['isAdmin']) {
                                AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to upload nzb-file " . $filename);
                                @error("nzbperl is disabled for users", "", "");
                            }
                        }
                    }
                }
            }
            if ($_FILES['upload_file']['size'] <= $cfg["upload_limit"] && $_FILES['upload_file']['size'] > 0) {
                //FILE IS BEING UPLOADED
                if (@is_file($cfg["transfer_file_path"] . $filename)) {
                    // Error
                    array_push($uploadMessages, "the file " . $filename . " already exists on the server.");
                } else {
                    if (@move_uploaded_file($_FILES['upload_file']['tmp_name'], $cfg["transfer_file_path"] . $filename)) {
                        @chmod($cfg["transfer_file_path"] . $filename, 0644);
                        AuditAction($cfg["constants"]["file_upload"], $filename);
                        // inject
                        injectTransfer($filename);
                        // instant action ?
                        $actionId = tfb_getRequestVar('aid');
                        if ($actionId > 1) {
                            $ch = ClientHandler::getInstance(getTransferClient($filename));
                            switch ($actionId) {
                                case 3:
                                    $ch->start($filename, false, true);
                                    break;
                                case 2:
                                    $ch->start($filename, false, false);
                                    break;
                            }
                            if (count($ch->messages) > 0) {
                                $uploadMessages = array_merge($uploadMessages, $ch->messages);
                            }
                        }
                    } else {
                        array_push($uploadMessages, "File not uploaded, file could not be found or could not be moved: " . $cfg["transfer_file_path"] . $filename);
                    }
                }
            } else {
                array_push($uploadMessages, "File not uploaded, file size limit is " . $cfg["upload_limit"] . ". file has " . $_FILES['upload_file']['size']);
            }
        }
    }
    if (count($uploadMessages) > 0) {
        AuditAction($cfg["constants"]["error"], $cfg["constants"]["file_upload"] . " :: " . $filename);
        @error("There were Problems", "", "", $uploadMessages);
    }
}

Esempio n. 5

0

Mostra file

File: maketorrent.php Progetto: sulaweyo/torrentflux-b4rt-php7

    AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to use maketorrent");
    @error("maketorrent is disabled", "index.php?iid=index", "");
}
// check the needed bins
// python
if (@file_exists($cfg['pythonCmd']) !== true) {
    @error("Required binary could not be found", "", "", $cfg['isAdmin'] ? array('python is required for maketorrent', 'Specified python-binary does not exist: ' . $cfg['pythonCmd'], 'Check Settings on Admin-Server-Settings Page') : array('Please contact an Admin'));
}
/*******************************************************************************
 * create + page
 ******************************************************************************/
// file + torrent vars
$path = tfb_getRequestVarRaw('path');
$torrent = "";
if (!empty($path)) {
    $torrent = tfb_cleanFileName(StripFolders($path) . ".torrent");
    if ($torrent === false) {
        @error("Invalid torrent-name", "", "", array($path));
    }
}
// only valid dirs + entries with permission
if (!(tfb_isValidPath($cfg["path"] . $path) && hasPermission($path, $cfg["user"], 'w'))) {
    AuditAction($cfg["constants"]["error"], "ILLEGAL MAKETORRENT: " . $cfg["user"] . " tried to maketorrent with " . $path);
    @error("Illegal maketorrent. Action has been logged.", "", "");
}
// check if there is a var sent for client, if not use default
$client = isset($_REQUEST["client"]) ? tfb_getRequestVar('client') : $cfg["dir_maketorrent_default"];
// client-generic vars
$tfile = tfb_getRequestVar('torrent');
$comment = tfb_getRequestVar('comments');
$alert = isset($_POST["alert"]) ? 1 : 0;

Esempio n. 6

0

Mostra file

File: ClientHandler.wget.php Progetto: ThYpHo0n/torrentflux

 /**
  * setVarsFromUrl
  *
  * @param $transferUrl
  */
 function setVarsFromUrl($transferUrl)
 {
     global $cfg;
     $this->url = $transferUrl;
     $transfer = strrchr($transferUrl, '/');
     if ($transfer[0] == '/') {
         $transfer = substr($transfer, 1);
     }
     $transfer = tfb_cleanFileName($transfer . ".wget");
     $this->_setVarsForTransfer($transfer);
     if (empty($this->owner) || strtolower($this->owner) == "n/a") {
         $this->owner = $cfg['user'];
     }
 }

Esempi in PHP per tfb_cleanFileName