/** Get Tar/Gzip archive's file list @param string @return array */ function getTarGzipList($archFile) { /* include TAR library */ require_once 'pcltar.func.php'; /* return list */ return PclTarList($archFile); }
/** * Charger un tgz à partir d'un tableau d'options descriptives * * @uses http_deballe_recherche_racine() * @link http://www.phpconcept.net/pcltar Utilise la librairie PclTar * * @param array $quoi * Tableau d'options * @return array|bool|int|string * En cas de réussite, Tableau décrivant le zip, avec les index suivant : * - files : la liste des fichiers présents dans le zip, * - size : la taille décompressée * - compressed_size : la taille compressée * - dirname : répertoire où les fichiers devront être décompréssés * - tmpname : répertoire temporaire où les fichiers sont décompressés * - target : cible sur laquelle décompresser les fichiers... */ function teleporter_http_charger_tgz($quoi = array()) { if (!$quoi) { return false; } foreach (array('remove' => '', 'rename' => array(), 'edit' => array(), 'root_extract' => false, 'tmp' => sous_repertoire(_DIR_CACHE, 'chargeur')) as $opt => $def) { isset($quoi[$opt]) || ($quoi[$opt] = $def); } if (!@file_exists($fichier = $quoi['fichier'])) { return 0; } include_spip('inc/pcltar'); $racine = ''; if ($list = PclTarList($fichier)) { $racine = http_deballe_recherche_racine($list); $quoi['remove'] = $racine; } else { spip_log('charger_decompresser erreur lecture liste tar ' . PclErrorString() . ' pour paquet: ' . $quoi['archive'], "teleport" . _LOG_ERREUR); return PclErrorString(); } // si pas de racine commune, reprendre le nom du fichier zip // en lui enlevant la racine h+md5 qui le prefixe eventuellement // cf action/charger_plugin L74 if (!strlen($nom = basename($racine))) { $nom = preg_replace(",^h[0-9a-f]{8}-,i", "", basename($fichier, '.zip')); } $dir_export = $quoi['root_extract'] ? $quoi['dest'] : $quoi['dest'] . $nom; $dir_export = rtrim($dir_export, '/') . '/'; $tmpname = $quoi['tmp'] . $nom . '/'; // choisir la cible selon si on veut vraiment extraire ou pas $target = $quoi['extract'] ? $dir_export : $tmpname; // ici, il faut vider le rep cible si il existe deja, non ? if (is_dir($target)) { supprimer_repertoire($target); } $ok = PclTarExtract($fichier, $target, $quoi['remove']); if ($ok == 0) { spip_log('charger_decompresser erreur tar ' . PclErrorString() . ' pour paquet: ' . $quoi['archive'], "teleport" . _LOG_ERREUR); return PclErrorString(); } spip_log('charger_decompresser OK pour paquet: ' . $quoi['archive'], "teleport"); $size = $compressed_size = 0; $removex = ',^' . preg_quote($quoi['remove'], ',') . ','; foreach ($list as $a => $f) { $size += $f['size']; $compressed_size += $f['compressed_size']; $list[$a] = preg_replace($removex, '', $f['filename']); } // Indiquer par un fichier install.log // a la racine que c'est chargeur qui a installe ce plugin ecrire_fichier($target . 'install.log', "installation: charger_plugin\n" . "date: " . gmdate('Y-m-d\\TH:i:s\\Z', time()) . "\n" . "source: " . $quoi['archive'] . "\n"); return array('files' => $list, 'size' => $size, 'compressed_size' => $compressed_size, 'dirname' => $dir_export, 'tmpname' => $tmpname, 'target' => $target); }
function ftp_unziptransferfiles($archivesArray) { // -------------- // Extract the directories and files from the archive to a temporary directory on the web server, and // then create the directories and put the files on the FTP server // -------------- // ------------------------------------------------------------------------- // Global variables // ------------------------------------------------------------------------- global $net2ftp_globals, $net2ftp_result, $net2ftp_output; // ------------------------------------------------------------------------- // Open connection // ------------------------------------------------------------------------- $conn_id = ftp_openconnection(); if ($net2ftp_result["success"] == false) { for ($archive_nr = 1; $archive_nr <= sizeof($archivesArray); $archive_nr++) { @unlink($archivesArray[$archive_nr]["tmp_name"]); } return false; } // ------------------------------------------------------------------------- // For each archive... // ------------------------------------------------------------------------- for ($archive_nr = 1; $archive_nr <= sizeof($archivesArray); $archive_nr++) { // Set status setStatus($archive_nr, sizeof($archivesArray), __("Decompressing archives and transferring files")); // ------------------------------------------------------------------------- // Determine the type of archive depending on the filename extension // ------------------------------------------------------------------------- $archive_name = $archivesArray[$archive_nr]["name"]; $archive_file = $archivesArray[$archive_nr]["tmp_name"]; $archivename_without_dottext = substr($archivesArray[$archive_nr]["tmp_name"], 0, strlen($archive) - 4); $archive_type = get_filename_extension($archivename_without_dottext); $net2ftp_output["ftp_unziptransferfiles"][] = __("Processing archive nr %1\$s: <b>%2\$s</b>", $archive_nr, $archive_name); $net2ftp_output["ftp_unziptransferfiles"][] = "<ul>"; if ($archive_type != "zip" && $archive_type != "tar" && $archive_type != "tgz" && $archive_type != "gz") { $net2ftp_output["ftp_unziptransferfiles"][] = __("Archive <b>%1\$s</b> was not processed because its filename extension was not recognized. Only zip, tar, tgz and gz archives are supported at the moment.", $archive_name); continue; } // ------------------------------------------------------------------------- // Extract directories and files // ------------------------------------------------------------------------- // ------------------------------ // Check list of files to see if there are any malicious filenames // ------------------------------ if ($archive_type == "zip") { $zip = new PclZip($archive_file); $list_to_check = $zip->listContent(); } elseif ($archive_type == "tar" || $archive_type == "tgz" || $archive_type == "gz") { $list_to_check = PclTarList($archive_file); } if ($list_to_check <= 0) { $net2ftp_output["ftp_unziptransferfiles"][] = __("Unable to extract the files and directories from the archive"); continue; } for ($i = 0; $i < sizeof($list_to_check); $i++) { $source = trim($list_to_check[$i]["filename"]); if (strpos($source, "../") !== false || strpos($source, "..\\") !== false) { $errormessage = __("Archive contains filenames with ../ or ..\\ - aborting the extraction"); setErrorVars(false, $errormessage, debug_backtrace(), __FILE__, __LINE__); return false; } } // ------------------------------ // Generate random directory // ------------------------------ $tempdir = tempdir2($net2ftp_globals["application_tempdir"], "unzip__", ""); if ($net2ftp_result["success"] == false) { return false; } registerTempfile("register", "{$tempdir}"); // ------------------------------ // Extract // ------------------------------ if ($archive_type == "zip") { $zip = new PclZip($archive_file); $list = $zip->extract($p_path = $tempdir); } elseif ($archive_type == "tar" || $archive_type == "tgz" || $archive_type == "gz") { $list = PclTarExtract($archive_file, $tempdir); } // This code is not needed any more - see above: if ($list_to_check <= 0) if ($list <= 0) { // $net2ftp_output["ftp_unziptransferfiles"][] = __("Unable to extract the files and directories from the archive"); continue; } // ------------------------------ // Create the directories and put the files on the FTP server // ------------------------------ for ($i = 0; $i < sizeof($list); $i++) { $source = trim($list[$i]["filename"]); $unzip_status = trim($list[$i]["status"]); $target_relative = substr($source, strlen($tempdir)); $target = $net2ftp_globals["directory"] . $target_relative; $ftpmode = ftpAsciiBinary($source); if ($unzip_status != "ok") { $net2ftp_output["ftp_unziptransferfiles"][] = __("Could not unzip entry %1\$s (error code %2\$s)", $target_relative, $unzip_status); setErrorVars(true, "", "", "", ""); continue; } // Directory entry in the archive: create the directory if (is_dir($source) == true) { ftp_newdirectory($conn_id, $target); if ($net2ftp_result["success"] == true) { $net2ftp_output["ftp_unziptransferfiles"][] = __("Created directory %1\$s", $target); } else { $net2ftp_output["ftp_unziptransferfiles"][] = __("Could not create directory %1\$s", $target); setErrorVars(true, "", "", "", ""); } } elseif (is_file($source) == true) { ftp_putfile($conn_id, dirname($source), basename($source), dirname($target), basename($target), $ftpmode, "move"); if ($net2ftp_result["success"] == true) { $net2ftp_output["ftp_unziptransferfiles"][] = __("Copied file %1\$s", $target); } else { setErrorVars(true, "", "", "", ""); $target_relative_parts = explode("/", str_replace("\\", "/", dirname($target_relative))); $directory_to_create = $net2ftp_globals["directory"]; for ($j = 0; $j < sizeof($target_relative_parts); $j = $j + 1) { $directory_to_create = $directory_to_create . "/" . $target_relative_parts[$j]; $ftp_chdir_result = @ftp_chdir($conn_id, $directory_to_create); if ($ftp_chdir_result == false) { ftp_newdirectory($conn_id, $directory_to_create); if ($net2ftp_result["success"] == true) { $net2ftp_output["ftp_unziptransferfiles"][] = __("Created directory %1\$s", $directory_to_create); } else { setErrorVars(true, "", "", "", ""); } } // end if } // end for ftp_putfile($conn_id, dirname($source), basename($source), dirname($target), basename($target), $ftpmode, "copy"); if ($net2ftp_result["success"] == true) { $net2ftp_output["ftp_unziptransferfiles"][] = __("Copied file %1\$s", $target); } else { setErrorVars(true, "", "", "", ""); $net2ftp_output["ftp_unziptransferfiles"][] = __("Could not copy file %1\$s", $target); } } } // end elseif file } // end for // ------------------------------------------------------------------------- // Delete the uploaded archive and the temporary files // ------------------------------------------------------------------------- // Delete the temporary directory and its contents $delete_dirorfile_result = delete_dirorfile($tempdir); if ($delete_dirorfile_result == false) { $net2ftp_output["ftp_unziptransferfiles"][] = __("Unable to delete the temporary directory"); } else { registerTempfile("unregister", "{$tempdir}"); } // Delete the archive $unlink_result = @unlink($archive_file); if ($unlink_result == false) { $net2ftp_output["ftp_unziptransferfiles"][] = __("Unable to delete the temporary file %1\$s", $archive_file); } else { registerTempfile("unregister", "{$archive_file}"); } $net2ftp_output["ftp_unziptransferfiles"][] = "</ul>"; } // End for // ------------------------------------------------------------------------- // Close connection // ------------------------------------------------------------------------- ftp_closeconnection($conn_id); }
private function upload_theme() { $folder_phpboost_themes = PATH_TO_ROOT . '/templates/'; if (!is_writable($folder_phpboost_themes)) { $is_writable = @chmod($folder_phpboost_themes, 0777); } else { $is_writable = true; } if ($is_writable) { $uploaded_file = $this->form->get_value('file'); if ($uploaded_file !== null) { $upload = new Upload($folder_phpboost_themes); if ($upload->file('upload_theme_file', '`([A-Za-z0-9-_]+)\\.(gz|zip)+$`i')) { $archive = $folder_phpboost_themes . $upload->get_filename(); if ($upload->get_extension() == 'gz') { include_once PATH_TO_ROOT . '/kernel/lib/php/pcl/pcltar.lib.php'; $archive_content = PclTarList($upload->get_filename()); } else { include_once PATH_TO_ROOT . '/kernel/lib/php/pcl/pclzip.lib.php'; $zip = new PclZip($archive); $archive_content = $zip->listContent(); } $archive_root_content = array(); $required_files = array('/config.ini', '/body.tpl', '/frame.tpl', '/theme/content.css', '/theme/design.css', '/theme/global.css'); foreach ($archive_content as $element) { if (substr($element['filename'], -1) == '/') { $element['filename'] = substr($element['filename'], 0, -1); } if (substr_count($element['filename'], '/') == 0) { $archive_root_content[] = array('filename' => $element['filename'], 'folder' => isset($element['folder']) && $element['folder'] == 1 || isset($element['typeflag']) && $element['typeflag'] == 5); } if (isset($archive_root_content[0])) { $name_in_archive = str_replace($archive_root_content[0]['filename'] . '/', '/', $element['filename']); if (in_array($name_in_archive, $required_files)) { unset($required_files[array_search($name_in_archive, $required_files)]); } } } if (count($archive_root_content) == 1 && $archive_root_content[0]['folder'] && empty($required_files)) { $theme_id = $archive_root_content[0]['filename']; if (!ThemesManager::get_theme_existed($theme_id)) { if ($upload->get_extension() == 'gz') { PclTarExtract($upload->get_filename(), $folder_phpboost_themes); } else { $zip->extract(PCLZIP_OPT_PATH, $folder_phpboost_themes, PCLZIP_OPT_SET_CHMOD, 0755); } $this->install_theme($theme_id, array('r-1' => 1, 'r0' => 1, 'r1' => 1)); } else { $this->view->put('MSG', MessageHelper::display(LangLoader::get_message('element.already_exists', 'status-messages-common'), MessageHelper::NOTICE)); } } else { $this->view->put('MSG', MessageHelper::display(LangLoader::get_message('error.invalid_archive_content', 'status-messages-common'), MessageHelper::NOTICE)); } $uploaded_file = new File($archive); $uploaded_file->delete(); } else { $this->view->put('MSG', MessageHelper::display($this->lang['themes.upload_invalid_format'], MessageHelper::NOTICE)); } } else { $this->view->put('MSG', MessageHelper::display(LangLoader::get_message('process.error', 'status-messages-common'), MessageHelper::NOTICE)); } } }
private function upload_module() { $modules_folder = PATH_TO_ROOT . '/'; if (!is_writable($modules_folder)) { $is_writable = @chmod($dir, 0755); } else { $is_writable = true; } if ($is_writable) { $uploaded_file = $this->form->get_value('file'); if ($uploaded_file !== null) { $upload = new Upload($modules_folder); if ($upload->file('upload_module_file', '`([a-z0-9()_-])+\\.(gz|zip)+$`i')) { $archive = $modules_folder . $upload->get_filename(); if ($upload->get_extension() == 'gz') { include_once PATH_TO_ROOT . '/kernel/lib/php/pcl/pcltar.lib.php'; $archive_content = PclTarList($upload->get_filename()); } else { include_once PATH_TO_ROOT . '/kernel/lib/php/pcl/pclzip.lib.php'; $zip = new PclZip($archive); $archive_content = $zip->listContent(); } $archive_root_content = array(); $required_files = array('/config.ini', '/index.php'); foreach ($archive_content as $element) { if (substr($element['filename'], -1) == '/') { $element['filename'] = substr($element['filename'], 0, -1); } if (substr_count($element['filename'], '/') == 0) { $archive_root_content[] = array('filename' => $element['filename'], 'folder' => isset($element['folder']) && $element['folder'] == 1 || isset($element['typeflag']) && $element['typeflag'] == 5); } if (isset($archive_root_content[0])) { $name_in_archive = str_replace($archive_root_content[0]['filename'] . '/', '/', $element['filename']); if (in_array($name_in_archive, $required_files)) { unset($required_files[array_search($name_in_archive, $required_files)]); } } } if (count($archive_root_content) == 1 && $archive_root_content[0]['folder'] && empty($required_files)) { $module_id = $archive_root_content[0]['filename']; if (!ModulesManager::is_module_installed($module_id)) { if ($upload->get_extension() == 'gz') { PclTarExtract($upload->get_filename(), $modules_folder); } else { $zip->extract(PCLZIP_OPT_PATH, $modules_folder, PCLZIP_OPT_SET_CHMOD, 0755); } $this->install_module($module_id, true); } else { $this->view->put('MSG', MessageHelper::display(LangLoader::get_message('element.already_exists', 'status-messages-common'), MessageHelper::NOTICE)); } } else { $this->view->put('MSG', MessageHelper::display(LangLoader::get_message('error.invalid_archive_content', 'status-messages-common'), MessageHelper::NOTICE)); } $uploaded_file = new File($archive); $uploaded_file->delete(); } else { $this->view->put('MSG', MessageHelper::display($this->lang['modules.upload_invalid_format'], MessageHelper::NOTICE)); } } else { $this->view->put('MSG', MessageHelper::display($this->lang['modules.upload_error'], MessageHelper::NOTICE)); } } }
rcRmdir($plugins_dir.$delete_name); } } } */ elseif ($enable_plugin_upload && isset($_REQUEST['submit'])){ # Upload a plugin .rsp file. if (($_FILES['pfile']['error'] == 0) && (pathinfo($_FILES['pfile']['name'], PATHINFO_EXTENSION)=='rsp')){ require "../../lib/pcltar/pcltar.lib.php"; # Create tmp folder if not existing # Since get_temp_dir() method does this, omit: if (!file_exists(dirname(__FILE__).'/../../filestore/tmp')) {mkdir(dirname(__FILE__).'/../../filestore/tmp',0777);} $tmp_file = get_temp_dir() . '/'.basename($_FILES['pfile']['name'].'.tgz'); if(move_uploaded_file($_FILES['pfile']['tmp_name'], $tmp_file)==true){ $rejected = false; $filelist = PclTarList($tmp_file); if(is_array($filelist)){ foreach($filelist as $key=>$value) { # Loop through the file list to create an array we can use php's functions with. $filearray[] = $value['filename']; } # Some security checks. foreach ($filearray as $filename){ if ($filename[0]=='/' || $filename[0] =='\\'){ # Paths are absolute. Reject the plugin. $rejected = true; $rej_reason = $lang['plugins-rejrootpath']; break; } } if (array_search('..', $filearray)!==false) {# Archive may contain ../ directories (Security risk) $rejected = true;