// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software Foundation, | // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +---------------------------------------------------------------------------+ require_once '../../../lib-common.php'; /** * Security check */ if (!SEC_hasRights('themedit.admin')) { // Someone is trying to illegally access this page COM_errorLog("Someone has tried to illegally access the themedit uploader. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$_SERVER['REMOTE_ADDR']}", 1); $display = COM_siteHeader() . COM_startBlock(THM_str('access_denied')) . THM_str('access_denied_msg') . COM_endBlock() . COM_siteFooter(); echo $display; exit; } $path = $_GET['path']; $info = pathinfo($path); // Creates an image switch (strtolower($info['extension'])) { case 'jpg': case 'jpeg': $type = 'jpeg'; $im = @imagecreatefromjpeg($path); break; case 'png': $type = 'png'; $im = @imagecreatefrompng($path);
$allowed_dirs = array('images/', 'images/admin/', 'images/buttons/', 'images/icons/', 'images/custom/'); $temp_dirs = ''; foreach ($allowed_dirs as $allowed_dir) { if ($allowed_dir == $selected_dir) { $temp_dirs .= '<option selected="selected">'; } else { $temp_dirs .= '<option>'; } $temp_dirs .= $allowed_dir . '</option>' . LB; } $T->set_var('temp_dirs', $temp_dirs); $T->set_var('temp_lang_file', THM_str('file')); $T->set_var('temp_lang_submit', THM_str('upload')); $T->set_var('temp_lang_change', THM_str('change')); $T->set_var('temp_lang_delete', THM_str('delete')); $T->set_var('max_upload_size', THM_str('upload_max_size')); // Processes uploaded files if any if (isset($_POST['submit']) and $_POST['submit'] == $LANG_THM['upload'] and isset($_FILES['thmfile']) and $_FILES['thmfile']['size'] > 0) { $u_name = $_FILES['thmfile']['name']; $u_size = $_FILES['thmfile']['size']; $u_tmp = $_FILES['thmfile']['tmp_name']; $path_parts = pathinfo($u_name); if ($u_size > $_THM_CONF['upload_max_size']) { $T->set_var('temp_sys_message', "<span style='color: red; font-weight: bold;'>{$LANG_THM['file_too_large']}</a>"); } else { if (!in_array(strtolower($path_parts['extension']), array('jpg', 'jpeg', 'gif', 'png'))) { $T->set_var('temp_sys_message', "<span style='color: red; font-weight: bold;'>{$LANG_THM['file_type_unsupported']}</p>"); } else { if (is_uploaded_file($u_tmp)) { $dest = $_CONF['path_themes'] . $theme . '/' . $selected_dir . basename($u_name); if (@move_uploaded_file($u_tmp, $dest)) {
$vars = THM_getTemplateVars($theme, $file); } if ($op === 'load') { $contents = THM_getContents($theme, $file); } $contents4html = THM_esc($contents); // In case of a template file, show a list of template vars available $vars4html = ''; if (count($vars) > 0) { $vars4html .= '<table style="border: solid 1px #7F9DB9; padding: 5px; width: 100%">' . '<caption style="text-align: center; color: white; background-color: #7F9DB9;">' . THM_str('vars_available') . '</caption>' . '<tr>' . LB; for ($i = 0, $j = 0; $i < count($vars); $i++) { $vars4html .= '<td width="150"><button type="button" title="' . THM_str("help_{$vars[$i]}") . '" onClick="insert_var(\'' . $vars[$i] . '\')"' . ' style="color: white; background-color: #333366;">' . $vars[$i] . '</button></td>'; $j++; if ($j % 4 === 0) { $vars4html .= '</tr>' . LB . '<tr>'; } } $vars4html .= '</tr>' . LB . '</table>' . LB; } $T->set_var('temp_vars', $vars4html); $T->set_var('temp_contents', $contents4html); $T->set_var('temp_lang_preview', THM_str('preview')); $T->set_var('temp_lang_save', THM_str('save')); $T->set_var('temp_lang_image', THM_str('image')); $T->set_var('temp_lang_init', THM_str('init')); $T->set_var('temp_token_name', CSRF_TOKEN); $ttl = DB_getItem($_TABLES['users'], 'cookietimeout', "(uid='" . addslashes($_USER['uid']) . "')"); $T->set_var('temp_token_value', SEC_createToken($ttl)); $T->parse('output', 'admin'); $display = COM_siteHeader() . $T->finish($T->get_var('output')) . COM_siteFooter(); echo $display;