Notify::error(Config::speak('notify_error_empty_field', $speak->name)); } else { if ($path !== $name && File::exist(SHIELD . DS . $folder . DS . $name)) { Notify::error(Config::speak('notify_file_exist', '<code>' . $name . '</code>')); } if (($extension = File::E($name)) !== "") { if (strpos(',' . SCRIPT_EXT . ',', ',' . $extension . ',') === false) { Notify::error(Config::speak('notify_error_file_extension', $extension)); } } else { // Missing file extension Notify::error($speak->notify_error_file_extension_missing); } } $P = array('data' => $request); if (!Notify::errors()) { File::open($file)->write($request['content'])->save(); if ($path !== $name) { File::open($file)->moveTo(SHIELD . DS . $folder . DS . $name); } Notify::success(Config::speak('notify_file_updated', '<code>' . File::B($path) . '</code>')); Weapon::fire('on_shield_update', array($G, $P)); Weapon::fire('on_shield_repair', array($G, $P)); Guardian::kick($config->manager->slug . '/shield/' . $folder . '/repair/file:' . File::url($name)); } } Shield::lot(array('segment' => 'shield', 'the_shield' => $folder, 'the_name' => $path, 'the_content' => $content))->attach('manager', false); }); /** * Shield Killer * -------------
function do_comment_construct() { $config = Config::get(); $speak = Config::speak(); if ($config->page_type === 'article') { $comment_id = 'comment-%d'; // Your comment ID $comment_form_id = 'comment-form'; // Your comment form ID $article = isset($config->article->path) ? $config->article : false; $G = array('data' => array('article' => Mecha::A($article), 'comment_id' => $comment_id, 'comment_form_id' => $comment_form_id)); if ($article !== false && ($request = Request::post())) { if ($task = File::exist(SHIELD . DS . $config->shield . DS . 'workers' . DS . 'task.comment.php')) { require $task; // Custom comment constructor } else { // Check token Guardian::checkToken($request['token'], $article->url . '#' . $comment_form_id); $extension = $config->comments->moderation && !Guardian::happy() ? '.hold' : '.txt'; // Check name if (trim($request['name']) === "") { Notify::error(Config::speak('notify_error_empty_field', $speak->name)); } // Check email if (trim($request['email']) !== "") { if (!Guardian::check($request['email'], '->email')) { Notify::error($speak->notify_invalid_email); } else { // Disallow passenger(s) from entering your email address in the comment email field if (!Guardian::happy() && $request['email'] === $config->author->email) { Notify::warning(Config::speak('notify_warning_forbidden_input', array('<em>' . $request['email'] . '</em>', strtolower($speak->email)))); } } } else { Notify::error(Config::speak('notify_error_empty_field', $speak->email)); } // Check URL if (trim($request['url']) !== "" && !Guardian::check($request['url'], '->url')) { Notify::error($speak->notify_invalid_url); } // Check message if (trim($request['message']) === "") { Notify::error(Config::speak('notify_error_empty_field', $speak->message)); } // Check challenge if (!Guardian::checkMath($request['math'])) { Notify::error($speak->notify_invalid_math_answer); } // Check name length if (Guardian::check($request['name'], '->too_long', 100)) { Notify::error(Config::speak('notify_error_too_long', $speak->name)); } // Check email length if (Guardian::check($request['email'], '->too_long', 100)) { Notify::error(Config::speak('notify_error_too_long', $speak->email)); } // Check URL length if (Guardian::check($request['url'], '->too_long', 100)) { Notify::error(Config::speak('notify_error_too_long', $speak->url)); } // Check message length if (Guardian::check($request['message'], '->too_long', 1700)) { Notify::error(Config::speak('notify_error_too_long', $speak->message)); } // Check for spam keyword(s) in comment $fucking_words = explode(',', $config->keywords_spam); foreach ($fucking_words as $spam) { if ($f**k = trim($spam)) { if ($request['email'] === $f**k || strpos(strtolower($request['message']), strtolower($f**k)) !== false) { Notify::warning($speak->notify_warning_intruder_detected . ' <strong class="text-error pull-right">' . $f**k . '</strong>'); break; } } } if (!Notify::errors()) { $post = Date::slug($article->time); $id = (int) time(); $parent = Request::post('parent'); $P = array('data' => $request); $P['data']['id'] = $id; $name = strip_tags($request['name']); $email = Text::parse($request['email'], '->broken_entity'); $url = isset($request['url']) && trim($request['url']) !== "" ? $request['url'] : false; $parser = strip_tags(Request::post('content_type', $config->html_parser->active)); $message = Text::parse($request['message'], '->text', WISE_CELL . '<img>', false); $field = Request::post('fields', array()); include File::D(__DIR__, 2) . DS . 'task.fields.php'; // Temporarily disallow image(s) in comment to prevent XSS $message = preg_replace('#<img(\\s[^<>]*?)>#i', '<img$1>', $message); Page::header(array('Name' => $name, 'Email' => $email, 'URL' => $url, 'Status' => Guardian::happy() ? 1 : 2, 'Content Type' => $parser, 'Fields' => !empty($field) ? Text::parse($field, '->encoded_json') : false))->content($message)->saveTo(COMMENT . DS . $post . '_' . Date::slug($id) . '_' . ($parent ? Date::slug($parent) : '0000-00-00-00-00-00') . $extension); Notify::success(Config::speak('notify_success_submitted', $speak->comment)); if ($extension === '.hold') { Notify::info($speak->notify_info_comment_moderation); } Weapon::fire(array('on_comment_update', 'on_comment_construct'), array($G, $P)); Guardian::kick($config->url_current . $config->ur_query . (!Guardian::happy() && $config->comments->moderation ? '#' . $comment_form_id : '#' . sprintf($comment_id, Date::format($id, 'U')))); } else { Guardian::kick($config->url_current . $config->url_query . '#' . $comment_form_id); } } } } }
public static function upload($file, $destination = ROOT, $callback = null) { $config = Config::get(); $speak = Config::speak(); $destination = self::path($destination); $errors = Mecha::A($speak->notify_file); // Create a safe file name $file['name'] = Text::parse($file['name'], '->safe_file_name'); $extension = self::E($file['name']); // Something goes wrong if ($file['error'] > 0 && isset($errors[$file['error']])) { Notify::error($errors[$file['error']]); } else { // Destination not found if (!file_exists($destination)) { self::pocket($destination); } // Unknown file type if (!isset($file['type']) || empty($file['type'])) { Notify::error($speak->notify_error_file_type_unknown); } // Bad file extension $extension_allow = ',' . implode(',', self::$config['file_extension_allow']) . ','; if (strpos($extension_allow, ',' . $extension . ',') === false) { Notify::error(Config::speak('notify_error_file_extension', $extension)); } // Too small if ($file['size'] < self::$config['file_size_min_allow']) { Notify::error(Config::speak('notify_error_file_size_min', self::size(self::$config['file_size_min_allow'], 'KB'))); } // Too large if ($file['size'] > self::$config['file_size_max_allow']) { Notify::error(Config::speak('notify_error_file_size_max', self::size(self::$config['file_size_max_allow'], 'KB'))); } } if (!Notify::errors()) { // Move the uploaded file to the destination folder if (!file_exists($destination . DS . $file['name'])) { move_uploaded_file($file['tmp_name'], $destination . DS . $file['name']); } else { Notify::error(Config::speak('notify_file_exist', '<code>' . $file['name'] . '</code>')); } if (!Notify::errors()) { // Create public asset link to show on file uploaded $link = self::url($destination) . '/' . $file['name']; Notify::success(Config::speak('notify_file_uploaded', '<code>' . $file['name'] . '</code>')); self::$open = $destination . DS . $file['name']; if (is_callable($callback)) { call_user_func($callback, $file['name'], $file['type'], $file['size'], $link); } } return new static(); } return false; }
public static function clear($clear_errors = true) { Session::kill(self::$message); self::$errors = $clear_errors ? 0 : self::$errors; }