if ($action != 'switchtab' && $uploadfile_url) {
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('file');
foreach ($uploadfile_url as $k => $url) {
if (!isset($uploadfile_source[$k]) || $uploadfile_source[$k] != 'upload') {
// upload by URL has not been selected
continue;
}
if (strlen($url)) {
// Validate URL and parse it for the file name
if (!is_absolute_url($url) || !($parsed_url = parse_url($url)) || empty($parsed_url['scheme']) || empty($parsed_url['host']) || empty($parsed_url['path']) || $parsed_url['path'] == '/') {
// Includes forbidding getting the root of a server
$failedFiles[$k] = T_('The URL must start with <code>http://</code> or <code>https://</code> and point to a valid file!');
continue;
}
$file_contents = fetch_remote_page($url, $info, NULL, $Settings->get('upload_maxkb'));
if ($file_contents !== false) {
// Create temporary file and insert contents into it.
$tmpfile_name = tempnam(sys_get_temp_dir(), 'fmupload');
if (!$tmpfile_name) {
$failedFiles[$k] = 'Failed to find temporary directory.';
// no trans: very unlikely
continue;
}
if (!save_to_file($file_contents, $tmpfile_name, 'w')) {
unlink($tmpfile_name);
$failedFiles[$k] = sprintf('Could not write to temporary file (%s).', $tmpfile_name);
continue;
}
// Fake/inject info into PHP's array of uploaded files.
// fp> TODO! This is a nasty dirty hack. That kind of stuff always breaks somewhere down the line. Needs cleanup.
break;
}
$block_item_Widget = new Widget('block_item');
$block_item_Widget->title = T_('Downloading, unzipping & installing package...');
$block_item_Widget->disp_template_replaced('block_start');
$download_url = param('upd_url', 'string');
$upgrade_name = param('upd_name', 'string', '', true);
$upgrade_file = $upgrade_path . $upgrade_name . '.zip';
if ($success = prepare_maintenance_dir($upgrade_path, true)) {
// Set maximum execution time
set_max_execution_time(1800);
// 30 minutes
echo '<p>' . sprintf(T_('Downloading package to «<strong>%s</strong>»...'), $upgrade_file);
evo_flush();
// Downloading
$file_contents = fetch_remote_page($download_url, $info, 1800);
if (empty($file_contents)) {
$success = false;
echo '</p><p style="color:red">' . sprintf(T_('Unable to download package from «%s»'), $download_url) . '</p>';
} elseif (!save_to_file($file_contents, $upgrade_file, 'w')) {
// Impossible to save file...
$success = false;
echo '</p><p style="color:red">' . sprintf(T_('Unable to create file: «%s»'), $upgrade_file) . '</p>';
if (file_exists($upgrade_file)) {
// Remove file from disk
if (!@unlink($upgrade_file)) {
echo '<p style="color:red">' . sprintf(T_('Unable to remove file: «%s»'), $upgrade_file) . '</p>';
}
}
} else {
// The package is downloaded successfully
/**
* Wrapper to either use {@link fetch_remote_page()} from b2evo or our own copy.
*
* @todo fp> why do we need all this code? Just for backward compatibility with versions of b2evo below 1.10.x ???
* dh> Yes. Can get dropped (and GetDependencies adjusted, to e.g. 2.0 - if _url.funcs is included there always)
*
* @return string|false
*/
function my_fetch_remote_page($url, &$info)
{
global $inc_path;
if (file_exists($inc_path . '_core/_url.funcs.php')) {
// b2evo 2.0
require_once $inc_path . '_core/_url.funcs.php';
} elseif (file_exists($inc_path . '_misc/_url.funcs.php')) {
// b2evo 1.10.x(?)
require_once $inc_path . '_misc/_url.funcs.php';
}
if (function_exists('fetch_remote_page')) {
return fetch_remote_page($url, $info);
}
// Copied from b2evo HEAD (blogs/inc/_misc/_url.funcs.php): {{{
$info = array('error' => '', 'status' => NULL);
// CURL:
if (extension_loaded('curl')) {
$info['used_method'] = 'curl';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
if (!empty($params['method']) && $params['method'] == 'HEAD') {
curl_setopt($ch, CURLOPT_NOBODY, true);
}
$r = curl_exec($ch);
$info['status'] = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$info['error'] = curl_error($ch);
if (curl_errno($ch)) {
$info['error'] .= '(#' . curl_errno($ch) . ')';
}
curl_close($ch);
return $r;
}
// URL FOPEN (fallback to fsockopen, if fopen() fails):
if (ini_get('allow_url_fopen') && function_exists('stream_get_meta_data')) {
$info['used_method'] = 'fopen';
$fp = @fopen($url, 'r');
if ($fp) {
// this will be false e.g. for "404", but it's not trivial to get the status error for this, so we retry with fsockopen further down
// headers:
$meta = stream_get_meta_data($fp);
if (!$meta || !preg_match('~^HTTP/\\d+\\.\\d+ (\\d+)~', $meta['wrapper_data'][0], $match)) {
$info['error'] = 'Invalid response.';
$r = false;
} else {
$info['status'] = $match[1];
$r = '';
while ($buf = fread($fp, 4096)) {
//read the complete file (binary safe)
$r .= $buf;
}
}
fclose($fp);
return $r;
}
}
// As a last resort, try fsockopen:
if (!function_exists('fsockopen')) {
// may have been disabled
$info['used_method'] = null;
$info['error'] = 'No method available to access URL!';
return false;
}
$info['used_method'] = 'fsockopen';
$url_parsed = parse_url($url);
if (empty($url_parsed['scheme'])) {
$url_parsed = parse_url('http://' . $url);
}
$host = $url_parsed['host'];
$port = empty($url_parsed['port']) ? 80 : $url_parsed['port'];
$path = empty($url_parsed['path']) ? '/' : $url_parsed['path'];
if (!empty($url_parsed['query'])) {
$path .= '?' . $url_parsed['query'];
}
$out = "GET {$path} HTTP/1.0\r\n";
$out .= "Host: {$host}:{$port}\r\n";
$out .= "Connection: Close\r\n\r\n";
$fp = @fsockopen($host, $port, $errno, $errstr, 30);
if (!$fp) {
$info['error'] = $errstr . ' (#' . $errno . ')';
return false;
}
// Set timeout for data:
if (function_exists('stream_set_timeout')) {
stream_set_timeout($fp, 20);
} else {
socket_set_timeout($fp, 20);
}
// PHP 4
// Send request:
fwrite($fp, $out);
// Read response:
$r = '';
// First line:
$s = fgets($fp, 4096);
if (!preg_match('~^HTTP/\\d+\\.\\d+ (\\d+)~', $s, $match)) {
$info['error'] = 'Invalid response.';
$r = false;
} else {
$info['status'] = $match[1];
$foundBody = false;
while (!feof($fp)) {
$s = fgets($fp, 4096);
if ($s == "\r\n") {
$foundBody = true;
continue;
}
if ($foundBody) {
$r .= $s;
}
}
}
fclose($fp);
return $r;
// }}}
}
/**
* This does the actual file manipulations for installing .htaccess
* This will verify that the provided sample.htaccess does not crash apache in a test folder before installing it for real.
*
* @param boolean are we upgrading (vs installing)?
* @return mixed
*/
function do_install_htaccess($upgrade = false)
{
global $baseurl;
global $basepath;
if (@file_exists($basepath . '.htaccess')) {
if ($upgrade) {
echo '<span class="text-warning"><evo:warning>' . T_('Already installed.') . '</evo:warning></span>';
return '';
// all is well :)
}
if (@file_exists($basepath . 'sample.htaccess')) {
$content_htaccess = trim(file_get_contents($basepath . '.htaccess'));
$content_sample_htaccess = trim(file_get_contents($basepath . 'sample.htaccess'));
if ($content_htaccess != $content_sample_htaccess) {
// The .htaccess file has content that different from a sample file
echo '<p class="text-danger"><evo:error>' . T_('There is already a file called .htaccess at the blog root. If you don\'t specifically need this file, it is recommended that you delete it or rename it to old.htaccess before you continue. This will allow b2evolution to create a new .htaccess file that is optimized for best results.') . '</evo:error></p>';
echo T_('Here are the contents of the current .htaccess file:');
echo '<div style="overflow:auto"><pre>' . htmlspecialchars($content_htaccess) . '</pre></div><br />';
return sprintf(T_('Again, we recommend you remove this file before continuing. If you chose to keep it, b2evolution will probably still work, but for optimization you should follow <a %s>these instructions</a>.'), 'href="' . get_manual_url('htaccess-file') . '" target="_blank"');
} else {
echo '<span class="text-warning"><evo:warning>' . T_('Already installed.') . '</evo:warning></span>';
return '';
}
}
}
// Make sure we have a sample file to start with:
if (!@file_exists($basepath . 'sample.htaccess')) {
return T_('Cannot find file [ sample.htaccess ] in your base url folder.');
}
// Try to copy that file to the test folder:
if (!@copy($basepath . 'sample.htaccess', $basepath . 'install/test/.htaccess')) {
return T_('Failed to copy files!');
}
// Make sure .htaccess does not crash in the test folder:
load_funcs('_core/_url.funcs.php');
$info = array();
if (!($remote_page = fetch_remote_page($baseurl . 'install/test/', $info))) {
return $info['error'];
}
if (substr($remote_page, 0, 16) != 'Test successful.') {
return sprintf(T_('%s was not found as expected.'), $baseurl . 'install/test/index.html');
}
// Now we consider it's safe, copy .htaccess to its real location:
if (!@copy($basepath . 'sample.htaccess', $basepath . '.htaccess')) {
return T_('Test was successful, but failed to copy .htaccess into baseurl directory!');
}
echo '<span class="text-success"><evo:success>' . T_('Installation successful!') . '</evo:success></span>';
return '';
}
/**
* Event handler: Called when displaying the block in the "Tools" menu.
*
* @see Plugin::AdminToolPayload()
*/
function AdminToolPayload($params)
{
$action = param_action();
echo '<a name="geoip" style="position:relative;top:-60px"></a>';
switch ($action) {
case 'geoip_download':
// Display a process of downloading of GeoIP.dat
global $admin_url;
$this->print_tool_log(sprintf(T_('Downloading GeoIP.dat file from the url: %s ...'), '<a href="' . $this->geoip_download_url . '" target="_blank">' . $this->geoip_download_url . '</a>'));
// DOWNLOAD:
$gzip_contents = fetch_remote_page($this->geoip_download_url, $info, 1800);
if ($gzip_contents === false || $info['status'] != 200) {
// Downloading is Failed
if (empty($info['error'])) {
// Some unknown error
$this->print_tool_log(T_('The URL is not available. It may correspond to an old version of the GeoIP.dat file.'), 'error');
} else {
// Display an error of request
$this->print_tool_log(T_($info['error']), 'error');
}
break;
}
$this->print_tool_log(' OK.<br />');
$plugin_dir = dirname(__FILE__);
if (!is_writable($plugin_dir)) {
// Check the write rights
$this->print_tool_log(sprintf(T_('Plugin folder %s must be writable to receive GeoIP.dat. Please fix the write permissions and try again.'), '<b>' . $plugin_dir . '</b>'), 'error');
break;
}
$gzip_file_name = explode('/', $this->geoip_download_url);
$gzip_file_name = $gzip_file_name[count($gzip_file_name) - 1];
$gzip_file_path = $plugin_dir . '/' . $gzip_file_name;
if (!save_to_file($gzip_contents, $gzip_file_path, 'w')) {
// Impossible to save file...
$this->print_tool_log(sprintf(T_('Unable to create file: %s'), '<b>' . $gzip_file_path . '</b>'), 'error');
if (file_exists($gzip_file_path)) {
// Remove file from disk
if (!@unlink($gzip_file_path)) {
// File exists without the write rights
$this->print_tool_log(sprintf(T_('Unable to remove file: %s'), '<b>' . $gzip_file_path . '</b>'), 'error');
}
}
break;
}
// UNPACK:
$this->print_tool_log(sprintf(T_('Extracting of the file %s...'), '<b>' . $gzip_file_path . '</b>'));
if (!function_exists('gzopen')) {
// No extension
$this->print_tool_log(T_('There is no \'zip\' or \'zlib\' extension installed!'), 'error');
break;
}
if (!($gzip_handle = @gzopen($gzip_file_path, 'rb'))) {
// Try to open gzip file
$this->print_tool_log(T_('Could not open the source file!'), 'error');
break;
}
if (!($out_handle = @fopen($plugin_dir . '/' . str_replace('.gz', '', $gzip_file_name), 'w'))) {
$this->print_tool_log(sprintf(T_('The file %s cannot be written to disk. Please check the filesystem permissions.'), '<b>' . $plugin_dir . '/' . str_replace('.gz', '', $gzip_file_name) . '</b>'), 'error');
break;
}
$i = 0;
while (!gzeof($gzip_handle)) {
// Extract file by 4Kb
fwrite($out_handle, gzread($gzip_handle, 4096));
if ($i == 100) {
// Display the process dots after each 400Kb
$this->print_tool_log(' .');
$i = 0;
}
$i++;
}
$this->print_tool_log(' OK.<br />');
fclose($out_handle);
gzclose($gzip_handle);
$this->print_tool_log(sprintf(T_('Remove gzip file %s...'), '<b>' . $gzip_file_path . '</b>'));
if (@unlink($gzip_file_path)) {
$this->print_tool_log(' OK.<br />');
} else {
// Failed on removing
$this->print_tool_log(sprintf(T_('Impossible to remove the file %s. You can do it manually.'), $gzip_file_path), 'warning');
}
// Success message
$this->print_tool_log('<br /><span class="text-success">' . sprintf(T_('%s file was downloaded successfully.'), 'GeoIP.dat') . '</span>');
// Try to enable plugin automatically:
global $Plugins;
$enable_return = $this->BeforeEnable();
if ($enable_return === true) {
// Success enabling
$this->print_tool_log('<br /><span class="text-success">' . T_('The plugin has been enabled.') . '</span>');
if ($this->status != 'enabled') {
// Enable this plugin automatically:
$Plugins->set_Plugin_status($this, 'enabled');
}
} else {
// Some restriction for enabling
$this->print_tool_log('<br /><span class="text-warning">' . T_('The plugin could not be automatically enabled.') . '</span>');
if ($this->status != 'needs_config') {
// Make this plugin incomplete because it cannot be enabled:
$Plugins->set_Plugin_status($this, 'needs_config');
}
}
break;
default:
// Display a form to find countries for users
if ($this->status != 'enabled') {
// Don't allow use this tool when GeoIP plugin is not enabled
echo '<p class="error">' . T_('You must enable the GeoIP plugin before to use this tool.') . '</p>';
break;
}
$Form = new Form();
$Form->begin_form('fform');
$Form->add_crumb('tools');
$Form->hidden_ctrl();
// needed to pass the "ctrl=tools" param
$Form->hiddens_by_key(get_memorized());
// needed to pass all other memorized params, especially "tab"
$Form->hidden('action', 'geoip_find_country');
echo '<p>' . T_('This tool finds all users that do not have a registration country yet and then assigns them a registration country based on their registration IP.') . get_manual_link('geoip-plugin') . '</p>';
$Form->button(array('value' => T_('Find Registration Country for all Users NOW!')));
if (!empty($this->text_from_AdminTabAction)) {
// Display a report of executed action
echo '<p><b>' . T_('Report') . ':</b></p>';
echo $this->text_from_AdminTabAction;
}
$Form->end_form();
break;
}
}
