/** * Step up * * @param Doku_Event $event */ public function handle_ajax(Doku_Event $event) { if ($event->data != 'plugin_move_progress') { return; } $event->preventDefault(); $event->stopPropagation(); global $INPUT; global $USERINFO; if (!auth_ismanager($_SERVER['REMOTE_USER'], $USERINFO['grps'])) { http_status(403); exit; } $return = array('error' => '', 'complete' => false, 'progress' => 0); /** @var helper_plugin_move_plan $plan */ $plan = plugin_load('helper', 'move_plan'); if (!$plan->isCommited()) { // There is no plan. Something went wrong $return['complete'] = true; } else { $todo = $plan->nextStep($INPUT->bool('skip')); $return['progress'] = $plan->getProgress(); $return['error'] = $plan->getLastError(); if ($todo === 0) { $return['complete'] = true; } } $json = new JSON(); header('Content-Type: application/json'); echo $json->encode($return); }
/** * Action d'affichage en ajax du navigateur de rubrique du bandeau * * @uses gen_liste_rubriques() * @uses menu_rubriques() * * @return string * Code HTML présentant la liste des rubriques **/ function action_menu_rubriques_dist() { // si pas acces a ecrire, pas acces au menu // on renvoi un 401 qui fait echouer la requete ajax silencieusement if (!autoriser('ecrire')) { $retour = "<ul class='cols_1'><li class='toutsite'><a href='" . generer_url_ecrire('accueil') . "'>" . _T('public:lien_connecter') . "</a></li></ul>"; include_spip('inc/actions'); ajax_retour($retour); exit; } if ($date = intval(_request('date'))) { header("Last-Modified: " . gmdate("D, d M Y H:i:s", $date) . " GMT"); } $r = gen_liste_rubriques(); if (!$r and isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) and !strstr($_SERVER['SERVER_SOFTWARE'], 'IIS/')) { include_spip('inc/headers'); header('Content-Type: text/html; charset=' . $GLOBALS['meta']['charset']); http_status(304); exit; } else { include_spip('inc/actions'); $ret = menu_rubriques(); ajax_retour($ret); } }
/** * Telecharger un dump quand on est webmestre * * @param string $arg */ function action_telecharger_dump_dist($arg = null) { if (!$arg) { $securiser_action = charger_fonction('securiser_action', 'inc'); $arg = $securiser_action(); } $file = dump_repertoire() . basename($arg, '.sqlite') . '.sqlite'; if (file_exists($file) and autoriser('webmestre')) { $f = basename($file); // ce content-type est necessaire pour eviter des corruptions de zip dans ie6 header('Content-Type: application/octet-stream'); header("Content-Disposition: attachment; filename=\"{$f}\";"); header("Content-Transfer-Encoding: binary"); // fix for IE catching or PHP bug issue header("Pragma: public"); header("Expires: 0"); // set expiration time header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); if ($cl = filesize($file)) { header("Content-Length: " . $cl); } readfile($file); } else { http_status(404); include_spip('inc/minipres'); echo minipres(_T('erreur') . ' 404', _T('info_acces_interdit')); } // et on finit comme ca d'un coup exit; }
/** * Create the detail info for a single plugin * * @param Doku_Event $event * @param $param */ public function info(Doku_Event &$event, $param) { global $USERINFO; global $INPUT; if ($event->data != 'plugin_extension') { return; } $event->preventDefault(); $event->stopPropagation(); if (empty($_SERVER['REMOTE_USER']) || !auth_isadmin($_SERVER['REMOTE_USER'], $USERINFO['grps'])) { http_status(403); echo 'Forbidden'; exit; } header('Content-Type: text/html; charset=utf-8'); $ext = $INPUT->str('ext'); if (!$ext) { echo 'no extension given'; return; } /** @var helper_plugin_extension_extension $extension */ $extension = plugin_load('helper', 'extension_extension'); $extension->setExtension($ext); /** @var helper_plugin_extension_list $list */ $list = plugin_load('helper', 'extension_list'); echo $list->make_info($extension); }
function minipres($titre='', $corps="", $onload='') { if (!defined('_AJAX')) define('_AJAX', false); if (!$titre) { if (!_AJAX) http_status(403); if (!$titre = _request('action') AND !$titre = _request('exec') AND !$titre = _request('page')) $titre = '?'; $titre = htmlspecialchars($titre); $titre = ($titre == 'install') ? _T('avis_espace_interdit') : $titre . ' : '. _T('info_acces_interdit'); $corps = generer_form_ecrire('accueil', '','',_T('public:accueil_site')); spip_log($GLOBALS['visiteur_session']['nom'] . " $titre " . $_SERVER['REQUEST_URI']); } if (!_AJAX) return install_debut_html($titre, $onload) . $corps . install_fin_html(); else { include_spip('inc/headers'); include_spip('inc/actions'); $url = self('&',true); foreach ($_POST as $v => $c) $url = parametre_url($url, $v, $c, '&'); echo ajax_retour("<div>".$titre . redirige_formulaire($url)."</div>",false); } }
function redirige_par_entete($url, $equiv='', $status = 302) { if (!in_array($status,array(301,302))) $status = 302; $url = trim(strtr($url, "\n\r", " ")); # en theorie on devrait faire ca tout le temps, mais quand la chaine # commence par ? c'est imperatif, sinon l'url finale n'est pas la bonne if ($url[0]=='?') $url = url_de_base().(_DIR_RESTREINT?'':_DIR_RESTREINT_ABS).$url; if ($url[0]=='#') $url = self('&').$url; if ($x = _request('transformer_xml')) $url = parametre_url($url, 'transformer_xml', $x, '&'); if (defined('_AJAX') AND _AJAX) $url = parametre_url($url, 'var_ajax_redir', 1, '&'); // ne pas laisser passer n'importe quoi dans l'url $url = str_replace(array('<','"'),array('<','"'),$url); // interdire les url inline avec des pseudo-protocoles : if ( (preg_match(",data:,i",$url) AND preg_match("/base64\s*,/i",$url)) OR preg_match(",(javascript|mailto):,i",$url) ) $url ="./"; // Il n'y a que sous Apache que setcookie puis redirection fonctionne if (!$equiv OR (strncmp("Apache", $_SERVER['SERVER_SOFTWARE'],6)==0) OR defined('_SERVER_APACHE')) { @header("Location: " . $url); $equiv=""; } else { @header("Refresh: 0; url=" . $url); $equiv = "<meta http-equiv='Refresh' content='0; url=$url'>"; } include_spip('inc/lang'); if ($status!=302) http_status($status); echo '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">',"\n", html_lang_attributes(),' <head>', $equiv,' <title>HTTP '.$status.'</title> </head> <body> <h1>HTTP '.$status.'</h1> <a href="', quote_amp($url), '">', _T('navigateur_pas_redirige'), '</a></body></html>'; spip_log("redirige $status: $url"); exit; }
/** * Gerer les webhooks Stripe * * @param array $config * @param null|array $response * @return array */ function presta_stripe_call_autoresponse_dist($config) { include_spip('inc/bank'); $mode = $config['presta']; if (isset($config['mode_test']) and $config['mode_test']) { $mode .= "_test"; } // charger l'API Stripe avec la cle stripe_init_api($config); // Retrieve the request's body and parse it as JSON $input = @file_get_contents("php://input"); $event_json = json_decode($input); $event_id = $event_json->id; $event = false; $erreur = $erreur_code = ''; $res = false; try { // $event_id = 'evt_194CExB63f1NFl4k4qNLVNiS'; // debug // Verify the event by fetching it from Stripe $event = \Stripe\Event::retrieve($event_id); } catch (Exception $e) { if ($body = $e->getJsonBody()) { $err = $body['error']; list($erreur_code, $erreur) = stripe_error_code($err); } else { $erreur = $e->getMessage(); $erreur_code = 'error'; } } $inactif = ""; if (!$config['actif']) { $inactif = "(inactif) "; } if ($erreur or $erreur_code) { spip_log('call_autoresponse ' . $inactif . ': ' . "{$erreur_code} - {$erreur}", $mode . 'auto' . _LOG_ERREUR); } else { if ($event) { $type = $event->type; $type = preg_replace(',\\W,', '_', $type); if (function_exists($f = "stripe_webhook_{$type}") or function_exists($f = $f . '_dist')) { spip_log("call_autoresponse : event {$type} => {$f}()", $mode . 'auto' . _LOG_DEBUG); $res = $f($config, $event); } else { spip_log("call_autoresponse : event {$type} - {$f} not existing", $mode . 'auto' . _LOG_DEBUG); } } } include_spip('inc/headers'); http_status(200); // No Content header("Connection: close"); if ($res) { return $res; } exit; }
function exec_menu_rubriques_dist() { global $spip_ecran; header("Cache-Control: no-cache, must-revalidate"); if ($date = intval(_request('date'))) header("Last-Modified: ".gmdate("D, d M Y H:i:s", $date)." GMT"); $r = gen_liste_rubriques(); if (!$r AND isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) AND !strstr($_SERVER['SERVER_SOFTWARE'],'IIS/')) { include_spip('inc/headers'); header('Content-Type: text/html; charset='. $GLOBALS['meta']['charset']); http_status(304); } else { $largeur_t = ($spip_ecran == "large") ? 900 : 650; $arr_low = extraire_article(0, $GLOBALS['db_art_cache']); $total_lignes = $i = sizeof($arr_low); $ret = ''; if ($i > 0) { $nb_col = min(8,ceil($total_lignes / 30)); if ($nb_col <= 1) $nb_col = ceil($total_lignes / 10); $max_lignes = ceil($total_lignes / $nb_col); $largeur = min(200, ceil($largeur_t / $nb_col)); $count_lignes = 0; $style = " style='z-index: 0; vertical-align: top;'"; $image = " petit-secteur"; foreach( $arr_low as $id_rubrique => $titre_rubrique) { if ($count_lignes == $max_lignes) { $count_lignes = 0; $ret .= "</div></td>\n<td$style><div class='bandeau_rubriques'>"; } $count_lignes ++; if (autoriser('voir','rubrique',$id_rubrique)){ $ret .= bandeau_rubrique($id_rubrique, $titre_rubrique, $i, $largeur, $image); $i--; } } $ret = "<table><tr>\n<td$style><div class='bandeau_rubriques'>" . $ret . "\n</div></td></tr></table>\n"; } include_spip('inc/actions'); ajax_retour("<div> </div>" . $ret); } }
function redirige_par_entete($url, $equiv = '', $status = 302) { if (!in_array($status, array(301, 302))) { $status = 302; } $url = trim(strtr($url, "\n\r", " ")); # en theorie on devrait faire ca tout le temps, mais quand la chaine # commence par ? c'est imperatif, sinon l'url finale n'est pas la bonne if ($url[0] == '?') { $url = url_de_base() . $url; } if ($url[0] == '#') { $url = self('&') . $url; } # si profondeur non nulle et url relative, il faut la passer en absolue if ($GLOBALS['profondeur_url'] > (_DIR_RESTREINT ? 1 : 2) and !preg_match(",^(\\w+:)?//,", $url)) { include_spip("inc/filtres_mini"); $url = url_absolue($url); } if ($x = _request('transformer_xml')) { $url = parametre_url($url, 'transformer_xml', $x, '&'); } if (defined('_AJAX') and _AJAX) { $url = parametre_url($url, 'var_ajax_redir', 1, '&'); } // ne pas laisser passer n'importe quoi dans l'url $url = str_replace(array('<', '"'), array('<', '"'), $url); // interdire les url inline avec des pseudo-protocoles : if (preg_match(",data:,i", $url) and preg_match("/base64\\s*,/i", $url) or preg_match(",(javascript|mailto):,i", $url)) { $url = "./"; } // Il n'y a que sous Apache que setcookie puis redirection fonctionne include_spip('inc/cookie'); if (!$equiv and !spip_cookie_envoye() or (strncmp("Apache", $_SERVER['SERVER_SOFTWARE'], 6) == 0 or defined('_SERVER_APACHE'))) { @header("Location: " . $url); $equiv = ""; } else { @header("Refresh: 0; url=" . $url); $equiv = "<meta http-equiv='Refresh' content='0; url={$url}'>"; } include_spip('inc/lang'); if ($status != 302) { http_status($status); } echo '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">', "\n", html_lang_attributes(), ' <head>', $equiv, ' <title>HTTP ' . $status . '</title> </head> <body> <h1>HTTP ' . $status . '</h1> <a href="', quote_amp($url), '">', _T('navigateur_pas_redirige'), '</a></body></html>'; spip_log("redirige {$status}: {$url}"); exit; }
function ob_etag($s) { global $_SERVER; $etag = md5($s); if (strstr($_SERVER['HTTP_IF_NONE_MATCH'], $etag)) { http_status(304, "Not Modified"); return ''; } else { header("ETag: \"{$etag}\""); return $s; } }
function system_down() { http_status(503, 'Service Unavailable'); echo <<<EOT <html> <head><title>System Unavailable</title></head> <body> Apologies but this site is unavailable at the moment. Please try again later. </body> </html> EOT; }
/** * Envoyer le navigateur sur une nouvelle adresse * * Le tout en évitant les attaques par la redirection (souvent indique par un `$_GET`) * * @example * ``` * $redirect = parametre_url(urldecode(_request('redirect')),'id_article=' . $id_article); * include_spip('inc/headers'); * redirige_par_entete($redirect); * ``` * * @param string $url URL de redirection * @param string $equiv ? * @param int $status Code de redirection (301 ou 302) **/ function redirige_par_entete($url, $equiv = '', $status = 302) { if (!in_array($status, array(301, 302))) { $status = 302; } $url = trim(strtr($url, "\n\r", " ")); # si l'url de redirection est relative, on la passe en absolue if (!preg_match(",^(\\w+:)?//,", $url)) { include_spip("inc/filtres_mini"); $url = url_absolue($url); } if ($x = _request('transformer_xml')) { $url = parametre_url($url, 'transformer_xml', $x, '&'); } if (defined('_AJAX') and _AJAX) { $url = parametre_url($url, 'var_ajax_redir', 1, '&'); } // ne pas laisser passer n'importe quoi dans l'url $url = str_replace(array('<', '"'), array('<', '"'), $url); // interdire les url inline avec des pseudo-protocoles : if (preg_match(",data:,i", $url) and preg_match("/base64\\s*,/i", $url) or preg_match(",(javascript|mailto):,i", $url)) { $url = "./"; } // Il n'y a que sous Apache que setcookie puis redirection fonctionne include_spip('inc/cookie'); if (!$equiv and !spip_cookie_envoye() or (strncmp("Apache", $_SERVER['SERVER_SOFTWARE'], 6) == 0 or defined('_SERVER_APACHE'))) { @header("Location: " . $url); $equiv = ""; } else { @header("Refresh: 0; url=" . $url); if (isset($GLOBALS['meta']['charset'])) { @header("Content-Type: text/html; charset=" . $GLOBALS['meta']['charset']); } $equiv = "<meta http-equiv='Refresh' content='0; url={$url}'>"; } include_spip('inc/lang'); if ($status != 302) { http_status($status); } echo '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">', "\n", html_lang_attributes(), ' <head>', $equiv, ' <title>HTTP ' . $status . '</title> ' . (isset($GLOBALS['meta']['charset']) ? '<meta http-equiv="Content-Type" content="text/html;charset=' . $GLOBALS['meta']['charset'] . '">' : '') . ' </head> <body> <h1>HTTP ' . $status . '</h1> <a href="', quote_amp($url), '">', _T('navigateur_pas_redirige'), '</a></body></html>'; spip_log("redirige {$status}: {$url}"); exit; }
function call($methodname, $args) { try { $result = $this->remote->call($methodname, $args); return $result; } catch (RemoteAccessDeniedException $e) { if (!isset($_SERVER['REMOTE_USER'])) { http_status(401); return new IXR_Error(-32603, "server error. not authorized to call method {$methodname}"); } else { http_status(403); return new IXR_Error(-32604, "server error. forbidden to call the method {$methodname}"); } } catch (RemoteException $e) { return new IXR_Error($e->getCode(), $e->getMessage()); } }
/** * Create the detail info for a single plugin * * @param Doku_Event $event * @param $param */ public function info(Doku_Event &$event, $param) { global $USERINFO; global $INPUT; if ($event->data != 'plugin_extension') { return; } $event->preventDefault(); $event->stopPropagation(); if (empty($_SERVER['REMOTE_USER']) || !auth_isadmin($_SERVER['REMOTE_USER'], $USERINFO['grps'])) { http_status(403); echo 'Forbidden'; exit; } $ext = $INPUT->str('ext'); if (!$ext) { http_status(400); echo 'no extension given'; return; } /** @var helper_plugin_extension_extension $extension */ $extension = plugin_load('helper', 'extension_extension'); $extension->setExtension($ext); $act = $INPUT->str('act'); switch ($act) { case 'enable': case 'disable': $json = new JSON(); $extension->{$act}(); //enables/disables $reverse = $act == 'disable' ? 'enable' : 'disable'; $return = array('state' => $act . 'd', 'reverse' => $reverse, 'label' => $extension->getLang('btn_' . $reverse)); header('Content-Type: application/json'); echo $json->encode($return); break; case 'info': default: /** @var helper_plugin_extension_list $list */ $list = plugin_load('helper', 'extension_list'); header('Content-Type: text/html; charset=utf-8'); echo $list->make_info($extension); } }
/** * Pass Ajax call to a type * * @param Doku_Event $event event object by reference * @param mixed $param [the parameters passed as fifth argument to register_hook() when this * handler was registered] */ public function handle_ajax(Doku_Event $event, $param) { if ($event->data != 'plugin_struct') { return; } $event->preventDefault(); $event->stopPropagation(); global $conf; header('Content-Type: application/json'); try { $result = $this->executeTypeAjax(); } catch (StructException $e) { $result = array('error' => $e->getMessage() . ' ' . basename($e->getFile()) . ':' . $e->getLine()); if ($conf['allowdebug']) { $result['stacktrace'] = $e->getTraceAsString(); } http_status(500); } $json = new JSON(); echo $json->encode($result); }
/** * @param Doku_Event $event * @param $param */ public function handle_ajax(Doku_Event $event, $param) { $len = strlen('plugin_struct_lookup_'); if (substr($event->data, 0, $len) != 'plugin_struct_lookup_') { return; } $event->preventDefault(); $event->stopPropagation(); try { if (substr($event->data, $len) == 'new') { $this->lookup_new(); } if (substr($event->data, $len) == 'save') { $this->lookup_save(); } if (substr($event->data, $len) == 'delete') { $this->lookup_delete(); } } catch (StructException $e) { http_status(500); header('Content-Type: text/plain'); echo $e->getMessage(); } }
/** * Render a subtree * * @param Doku_Event $event * @param $params */ public function handle_ajax_call(Doku_Event $event, $params) { if ($event->data != 'plugin_move_tree') { return; } $event->preventDefault(); $event->stopPropagation(); global $INPUT; global $USERINFO; if (!auth_ismanager($_SERVER['REMOTE_USER'], $USERINFO['grps'])) { http_status(403); exit; } /** @var admin_plugin_move_tree $plugin */ $plugin = plugin_load('admin', 'move_tree'); $ns = cleanID($INPUT->str('ns')); if ($INPUT->bool('is_media')) { $type = admin_plugin_move_tree::TYPE_MEDIA; } else { $type = admin_plugin_move_tree::TYPE_PAGES; } $data = $plugin->tree($type, $ns, $ns); echo html_buildlist($data, 'tree_list', array($plugin, 'html_list'), array($plugin, 'html_li')); }
/** * @param Doku_Event $event * @param $param */ public function handle_ajax(Doku_Event $event, $param) { $len = strlen('plugin_struct_inline_'); if (substr($event->data, 0, $len) != 'plugin_struct_inline_') { return; } $event->preventDefault(); $event->stopPropagation(); if (substr($event->data, $len) == 'editor') { $this->inline_editor(); } if (substr($event->data, $len) == 'save') { try { $this->inline_save(); } catch (StructException $e) { http_status(500); header('Content-Type: text/plain; charset=utf-8'); echo $e->getMessage(); } } if (substr($event->data, $len) == 'cancel') { $this->inline_cancel(); } }
} elseif ($mode == 'reply') { $project_name = request_var('project', ''); $report_id = request_var('report_id', 0); // Load language file $user->add_lang('posting'); // Include files include "{$phpbb_root_path}includes/functions_posting.{$phpEx}"; include "{$phpbb_root_path}includes/message_parser.{$phpEx}"; // Query the report $sql = $db->sql_build_query('SELECT', array('SELECT' => 'r.*, pr.*, t.topic_approved, t.topic_poster, t.topic_time, t.topic_status, t.topic_type, t.topic_first_poster_name, t.topic_first_poster_colour, f.enable_indexing, p.post_id, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, p.post_text, p.bbcode_bitfield, p.bbcode_uid, c.component_title, s.status_title, v.version_title, a.user_id AS assigned_id, a.username AS assigned_name, a.user_colour AS assigned_colour', 'FROM' => array(BUGS_REPORTS_TABLE => 'r'), 'LEFT_JOIN' => array(array('FROM' => array(BUGS_PROJECTS_TABLE => 'pr'), 'ON' => 'r.project_id = pr.project_id'), array('FROM' => array(TOPICS_TABLE => 't'), 'ON' => 'r.topic_id = t.topic_id'), array('FROM' => array(FORUMS_TABLE => 'f'), 'ON' => 'pr.forum_id = f.forum_id'), array('FROM' => array(POSTS_TABLE => 'p'), 'ON' => 't.topic_first_post_id = p.post_id'), array('FROM' => array(BUGS_COMPONENTS_TABLE => 'c'), 'ON' => 'r.report_component = c.component_id'), array('FROM' => array(BUGS_STATUSES_TABLE => 's'), 'ON' => 'r.report_status = s.status_id'), array('FROM' => array(BUGS_VERSIONS_TABLE => 'v'), 'ON' => 'r.report_version = v.version_id'), array('FROM' => array(USERS_TABLE => 'a'), 'ON' => 'r.report_assigned = a.user_id')), 'WHERE' => "r.report_id = {$report_id} AND pr.project_name = '" . $db->sql_escape($project_name) . "'")); $result = $db->sql_query($sql); if (($report = $db->sql_fetchrow($result)) == false) { http_status(404); trigger_error('NO_REPORT', E_USER_NOTICE); } elseif (!$auth->acl_get('f_c_com_post', $report['forum_id']) || $report['topic_approved'] == 0 && !$auth->acl_get('m_approve', $report['forum_id']) && $report['topic_poster'] != $user->data['user_id']) { http_status(403); trigger_error('NOT_AUTHORISED', E_USER_NOTICE); } elseif ($report['topic_status'] == ITEM_LOCKED && !$auth->acl_get('m_', $report['forum_id'])) { trigger_error('TOPIC_LOCKED', E_USER_NOTICE); } $db->sql_freeresult($result); // Find out whether the user is watching the report if ($user->data['user_id'] != ANONYMOUS) { $sql = 'SELECT notify_status FROM ' . TOPICS_WATCH_TABLE . " WHERE topic_id = {$report['topic_id']} AND user_id = {$user->data['user_id']}"; $result = $db->sql_query($sql); $is_subscribed = $db->sql_fetchrow($result) != false; $db->sql_freeresult($result); } else { $is_subscribed = false; } // Get submitted data
/** * Routage automatique de la 404 si le bloc de contenu est vide * Seul le bloc principal est pris en compte (le premier de la liste) * mais il est possible de personaliser le ou les blocs a prendre en compte pour detecter une 404 : * $GLOBALS['z_blocs_404'] = array('content','aside'); * On ne declenchera alors une 404 que si content/xxx et aside/xxx sont vide tous les deux * (attention a ce que la page 404 ait bien un de ces blocs non vide pour eviter une boucle infinie) * * @param array $flux * * @return array */ function zcore_recuperer_fond($flux) { static $empty_count = 0, $is_404 = false; static $z_blocs_404, $z_blocs_404_nlength, $z_blocs_404_ncount; if ($is_404) { if ($flux['args']['fond'] === "structure") { $is_404 = false; // pas de risque de reentrance $code = "404 Not Found"; $contexte_inclus = array('erreur' => "", 'code' => $code, 'lang' => $GLOBALS['spip_lang']); $flux['data'] = evaluer_fond('404', $contexte_inclus); $flux['data']['status'] = intval($code); // pas remonte vers la page mais un jour peut etre... // du coup on envoie le status a la main include_spip("inc/headers"); http_status(intval($code)); } } elseif (!test_espace_prive()) { if (!isset($z_blocs_404)) { if (isset($GLOBALS['z_blocs_404'])) { $z_blocs_404 = $GLOBALS['z_blocs_404']; if (is_array($z_blocs_404) and count($z_blocs_404) == 1) { $z_blocs_404 = reset($z_blocs_404); } } else { if (!function_exists("z_blocs")) { $styliser_par_z = charger_fonction('styliser_par_z', 'public'); } $z_blocs = z_blocs(test_espace_prive()); $z_blocs_404 = reset($z_blocs); // contenu par defaut } if (is_array($z_blocs_404)) { $z_blocs_404_ncount = count($z_blocs_404); $z_blocs_404_nlength = array_map('strlen', $z_blocs_404); } else { $z_blocs_404_ncount = 1; $z_blocs_404_nlength = strlen($z_blocs_404); } } $fond = $flux['args']['fond']; // verifier rapidement que c'est un des fonds de reference pour la 404 : // le fond commende par nomdudossier/ // le fond n'a pas de / suppelementaires (on est au bon niveau) $quick_match = false; if (strpos($fond, "/") !== false and $z_blocs_404_ncount) { if ($z_blocs_404_ncount == 1) { $quick_match = (strncmp($fond, "{$z_blocs_404}/", $z_blocs_404_nlength + 1) === 0 and strpos($fond, "/", $z_blocs_404_nlength + 1) === false); } else { foreach ($z_blocs_404 as $k => $zb) { if (strncmp($fond, "{$zb}/", $z_blocs_404_nlength[$k] + 1) === 0 and strpos($fond, "/", $z_blocs_404_nlength[$k] + 1) === false) { $quick_match = true; break; } } } } if ($quick_match and !strlen(trim($flux['data']['texte']))) { $empty_count++; if ($empty_count >= $z_blocs_404_ncount) { $is_404 = true; } } } return $flux; }
/** * @brief Send HTTP status header and exit. * * @param int $val * integer HTTP status result value * @param string $msg * optional message * @returns (does not return, process is terminated) */ function http_status_exit($val, $msg = '') { http_status($val, $msg); killme(); }
if (traiter_appels_actions() or traiter_appels_inclusions_ajax() or traiter_formulaires_dynamiques()) { // lancer les taches sur affichage final, comme le cron // mais sans rien afficher $GLOBALS['html'] = false; // ne rien afficher pipeline('affichage_final' . _PIPELINE_SUFFIX, ''); exit; // le hit est fini ! } } // Il y a du texte a produire, charger le metteur en page include_spip('public/assembler'); $page = assembler($fond, _request('connect')); if (isset($page['status'])) { include_spip('inc/headers'); http_status($page['status']); } // Content-Type ? if (!isset($page['entetes']['Content-Type'])) { $page['entetes']['Content-Type'] = "text/html; charset=" . $GLOBALS['meta']['charset']; $html = true; } else { $html = preg_match(',^\\s*text/html,', $page['entetes']['Content-Type']); } if (defined('_VAR_PREVIEW') and _VAR_PREVIEW and $html) { include_spip('inc/filtres'); // pour http_img_pack $x = "<div class='spip-previsu' " . http_style_background('preview-32.png') . ">" . _T('previsualisation') . "</div>"; if (!($pos = strpos($page['texte'], '</body>'))) { $pos = strlen($page['texte']); }
function action_cron() { include_spip('inc/headers'); http_status(204); // No Content header("Connection: close"); define('_DIRECT_CRON_FORCE', true); cron(); }
/** * Set headers and send the file to the client * * The $cache parameter influences how long files may be kept in caches, the $public parameter * influences if this caching may happen in public proxis or in the browser cache only FS#2734 * * This function will abort the current script when a 304 is sent or file sending is handled * through x-sendfile * * @author Andreas Gohr <*****@*****.**> * @author Ben Coburn <*****@*****.**> * @author Gerry Weissbach <*****@*****.**> * * @param string $file local file to send * @param string $mime mime type of the file * @param bool $dl set to true to force a browser download * @param int $cache remaining cache time in seconds (-1 for $conf['cache'], 0 for no-cache) * @param bool $public is this a public ressource or a private one? * @param string $orig original file to send - the file name will be used for the Content-Disposition */ function sendFile($file, $mime, $dl, $cache, $public = false, $orig = null) { global $conf; // send mime headers header("Content-Type: {$mime}"); // calculate cache times if ($cache == -1) { $maxage = max($conf['cachetime'], 3600); // cachetime or one hour $expires = time() + $maxage; } else { if ($cache > 0) { $maxage = $cache; // given time $expires = time() + $maxage; } else { // $cache == 0 $maxage = 0; $expires = 0; // 1970-01-01 } } // smart http caching headers if ($maxage) { if ($public) { // cache publically header('Expires: ' . gmdate("D, d M Y H:i:s", $expires) . ' GMT'); header('Cache-Control: public, proxy-revalidate, no-transform, max-age=' . $maxage); header('Pragma: public'); } else { // cache in browser header('Expires: ' . gmdate("D, d M Y H:i:s", $expires) . ' GMT'); header('Cache-Control: private, no-transform, max-age=' . $maxage); header('Pragma: no-cache'); } } else { // no cache at all header('Expires: Thu, 01 Jan 1970 00:00:00 GMT'); header('Cache-Control: no-cache, no-transform'); header('Pragma: no-cache'); } //send important headers first, script stops here if '304 Not Modified' response $fmtime = @filemtime($file); http_conditionalRequest($fmtime); // Use the current $file if is $orig is not set. if ($orig == null) { $orig = $file; } //download or display? if ($dl) { header('Content-Disposition: attachment;' . rfc2231_encode('filename', utf8_basename($orig)) . ';'); } else { header('Content-Disposition: inline;' . rfc2231_encode('filename', utf8_basename($orig)) . ';'); } //use x-sendfile header to pass the delivery to compatible webservers http_sendfile($file); // send file contents $fp = @fopen($file, "rb"); if ($fp) { http_rangeRequest($fp, filesize($file), $mime); } else { http_status(500); print "Could not read {$file} - bad permissions?"; } }
function action_acceder_document_dist() { include_spip('inc/documents'); // $file exige pour eviter le scan id_document par id_document $f = rawurldecode(_request('file')); $file = get_spip_doc($f); $arg = rawurldecode(_request('arg')); $status = $dcc = false; if (strpos($f,'../') !== false OR preg_match(',^\w+://,', $f)) { $status = 403; } else if (!file_exists($file) OR !is_readable($file)) { $status = 404; } else { $where = "documents.fichier=".sql_quote(set_spip_doc($file)) . ($arg ? " AND documents.id_document=".intval($arg): ''); $doc = sql_fetsel("documents.id_document, documents.titre, documents.fichier, types.mime_type, types.inclus, documents.extension", "spip_documents AS documents LEFT JOIN spip_types_documents AS types ON documents.extension=types.extension",$where); if (!$doc) { $status = 404; } else { // ETag pour gerer le status 304 $ETag = md5($file . ': '. filemtime($file)); if (isset($_SERVER['HTTP_IF_NONE_MATCH']) AND $_SERVER['HTTP_IF_NONE_MATCH'] == $ETag) { http_status(304); // Not modified exit; } else { header('ETag: '.$ETag); } // // Verifier les droits de lecture du document // en controlant la cle passee en argument // include_spip('inc/securiser_action'); $cle = _request('cle'); if (!verifier_cle_action($doc['id_document'].','.$f, $cle)) { spip_log("acces interdit $cle erronee"); $status = 403; } } } switch($status) { case 403: include_spip('inc/minipres'); echo minipres(); break; case 404: http_status(404); include_spip('inc/minipres'); echo minipres(_T('erreur').' 404', _T('info_document_indisponible')); break; default: header("Content-Type: ". $doc['mime_type']); // pour les images ne pas passer en attachment // sinon, lorsqu'on pointe directement sur leur adresse, // le navigateur les downloade au lieu de les afficher if ($doc['inclus']=='non') { $f = basename($file); // ce content-type est necessaire pour eviter des corruptions de zip dans ie6 header('Content-Type: application/octet-stream'); header("Content-Disposition: attachment; filename=\"$f\";"); header("Content-Transfer-Encoding: binary"); // fix for IE catching or PHP bug issue header("Pragma: public"); header("Expires: 0"); // set expiration time header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); } if ($cl = filesize($file)) header("Content-Length: ". $cl); readfile($file); break; } }
/** * Rediriger une page suivant une autorisation, * et ce, n'importe où dans un squelette, même dans les inclusions. * Exemple : * [(#AUTORISER{non}|sinon_interdire_acces)] * [(#AUTORISER{non}|sinon_interdire_acces{#URL_PAGE{login}, 401})] * * @param bool $ok Indique si l'on doit rediriger ou pas * @param string $url Adresse vers laquelle rediriger * @param int $statut Statut HTML avec lequel on redirigera * @return string */ function sinon_interdire_acces($ok = false, $url = '', $statut = 0) { if ($ok) { return ''; } // Vider tous les tampons $level = @ob_get_level(); while ($level--) { @ob_end_clean(); } include_spip('inc/headers'); $statut = intval($statut); // Si aucun argument on essaye de deviner quoi faire par défaut if (!$url and !$statut) { // Si on est dans l'espace privé, on génère du 403 Forbidden if (test_espace_prive()) { http_status(403); $echec = charger_fonction('403', 'exec'); $echec(); } else { $statut = 404; } } // On suit les directives indiquées dans les deux arguments // S'il y a un statut if ($statut) { // Dans tous les cas on modifie l'entité avec ce qui est demandé http_status($statut); // Si le statut est une erreur et qu'il n'y a pas de redirection on va chercher le squelette du même nom if ($statut >= 400 and !$url) { echo recuperer_fond("{$statut}"); } } // S'il y a une URL, on redirige (si pas de statut, la fonction mettra 302 par défaut) if ($url) { redirige_par_entete($url, '', $statut); } exit; }
function traiter_appels_inclusions_ajax(){ // traiter les appels de bloc ajax (ex: pagination) if ($v = _request('var_ajax') AND $v !== 'form' AND $args = _request('var_ajax_env')) { include_spip('inc/filtres'); include_spip('inc/actions'); if ($args = decoder_contexte_ajax($args) AND $fond = $args['fond']) { include_spip('public/assembler'); $contexte = calculer_contexte(); $contexte = array_merge($args, $contexte); $page = recuperer_fond($fond,$contexte,array('trim'=>false)); $texte = $page; if ($ancre = _request('var_ajax_ancre')){ // pas n'importe quoi quand meme dans la variable ! $ancre = str_replace(array('<','"',"'"),array('<','"',''),$ancre); $texte = "<a href='#$ancre' name='ajax_ancre' style='display:none;'>anchor</a>".$texte; } } else { include_spip('inc/headers'); http_status(403); $texte = _L('signature ajax bloc incorrecte'); } ajax_retour($texte); return true; // on a fini le hit } return false; }
foreach (explode(' ', 'basedir userewrite baseurl useslash') as $x) { print '$' . "conf['{$x}'] = '" . $conf[$x] . "';\n"; } foreach (explode(' ', 'DOCUMENT_ROOT HTTP_HOST SCRIPT_FILENAME PHP_SELF ' . 'REQUEST_URI SCRIPT_NAME PATH_INFO PATH_TRANSLATED') as $x) { print '$' . "_SERVER['{$x}'] = '" . $_SERVER[$x] . "';\n"; } print "getID('media'): " . getID('media') . "\n"; print "getID('media',false): " . getID('media', false) . "\n"; print '</pre>'; } $ERROR = false; // check image permissions $AUTH = auth_quickaclcheck($IMG); if ($AUTH >= AUTH_READ) { // check if image exists $SRC = mediaFN($IMG); if (!@file_exists($SRC)) { //doesn't exist! http_status(404); $ERROR = 'File not found'; } } else { // no auth $ERROR = p_locale_xhtml('denied'); } // this makes some general infos available as well as the info about the // "parent" page $INFO = pageinfo(); //start output and load template header('Content-Type: text/html; charset=utf-8'); include template('detail.php');
/** * GET method handler * * @param void * @returns void */ function http_GET() { // TODO check for invalid stream $options = array(); $options["path"] = $this->path; $this->_get_ranges($options); if (true === ($status = $this->get($options))) { if (!headers_sent()) { $status = "200 OK"; if (!isset($options['mimetype'])) { $options['mimetype'] = "application/octet-stream"; } header("Content-type: {$options['mimetype']}"); if (isset($options['mtime'])) { header("Last-modified:" . gmdate("D, d M Y H:i:s ", $options['mtime']) . "GMT"); } if (isset($options['stream'])) { // GET handler returned a stream if (!empty($options['ranges']) && 0 === fseek($options['stream'], 0, SEEK_SET)) { // partial request and stream is seekable if (count($options['ranges']) === 1) { $range = $options['ranges'][0]; if (isset($range['start'])) { fseek($options['stream'], $range['start'], SEEK_SET); if (feof($options['stream'])) { http_status("416 Requested range not satisfiable"); exit; } if (isset($range['end'])) { $size = $range['end'] - $range['start'] + 1; http_status("206 partial"); header("Content-length: {$size}"); header("Content-range: {$range['start']}-{$range['end']}/" . (isset($options['size']) ? $options['size'] : "*")); while ($size && !feof($options['stream'])) { $buffer = fread($options['stream'], 4096); $size -= strlen($buffer); echo $buffer; } } else { http_status("206 partial"); if (isset($options['size'])) { header("Content-length: " . ($options['size'] - $range['start'])); header("Content-range: {$start}-{$end}/" . (isset($options['size']) ? $options['size'] : "*")); } fpassthru($options['stream']); } } else { header("Content-length: " . $range['last']); fseek($options['stream'], -$range['last'], SEEK_END); fpassthru($options['stream']); } } else { $this->_multipart_byterange_header(); // init multipart foreach ($options['ranges'] as $range) { // TODO what if size unknown? 500? if (isset($range['start'])) { $from = $range['start']; $to = !empty($range['end']) ? $range['end'] : $options['size'] - 1; } else { $from = $options['size'] - $range['last'] - 1; $to = $options['size'] - 1; } $total = isset($options['size']) ? $options['size'] : "*"; $size = $to - $from + 1; $this->_multipart_byterange_header($options['mimetype'], $from, $to, $total); fseek($options['stream'], $start, SEEK_SET); while ($size && !feof($options['stream'])) { $buffer = fread($options['stream'], 4096); $size -= strlen($buffer); echo $buffer; } } $this->_multipart_byterange_header(); // end multipart } } else { // normal request or stream isn't seekable, return full content if (isset($options['size'])) { header("Content-length: " . $options['size']); } fpassthru($options['stream']); return; // no more headers } } elseif (isset($options['data'])) { if (is_array($options['data'])) { // reply to partial request } else { header("Content-length: " . strlen($options['data'])); echo $options['data']; } } } } if (false === $status) { $this->http_status("404 not found"); } $this->http_status("{$status}"); }
/** * Checks if a given authentication token was stored in the session * * Will setup authentication data using data from the session if the * token is correct. Will exit with a 401 Status if not. * * @author Andreas Gohr <*****@*****.**> * @param string $token The authentication token * @return boolean true (or will exit on failure) */ function auth_validateToken($token) { if (!$token || $token != $_SESSION[DOKU_COOKIE]['auth']['token']) { // bad token http_status(401); print 'Invalid auth token - maybe the session timed out'; unset($_SESSION[DOKU_COOKIE]['auth']['token']); // no second chance exit; } // still here? trust the session data global $USERINFO; /* @var Input $INPUT */ global $INPUT; $INPUT->server->set('REMOTE_USER', $_SESSION[DOKU_COOKIE]['auth']['user']); $USERINFO = $_SESSION[DOKU_COOKIE]['auth']['info']; return true; }