function user_check_url_rewrite() { global $allgAr; if (!loggedin() and $allgAr['show_session_id'] == 0) { // loescht die sessionid von allen urls // auch urls wie formulare usw. damit // suchmaschienen bots nicht iritiert sind ;) // output_reset_rewrite_vars ist eine php funktion // nicht unnoetig dannach suchen ;) ... output_reset_rewrite_vars(); } }
function SessionStart() { $r = base64_encode(dirname($_SERVER['REQUEST_URI'])); //Lock down the session per install session_name($r); //See line above session_start(); output_reset_rewrite_vars(); if (!session_id()) { ini_set("session.use_trans_sid", "Off"); } }
// This program is free software. You may use, modify, and/or redistribute // // it under the terms of the MIT License. // // // //***************************************************************************// // Reverse magic quotes if they are enabled. if (get_magic_quotes_gpc()) { $_REQUEST = dmq($_REQUEST); } // Set errors accordingly. error_reporting(E_ALL ^ E_NOTICE); // Start the session. ini_set('arg_separator.output', '&'); session_name('s'); session_start(); // Don't screw with our URLs, you crazy PHP you. output_reset_rewrite_vars(); // Add the session ID to all local URLs (if it hasn't been saved to a cookie). if (SID) { output_add_rewrite_var('s', stripslashes(session_id())); } // Are they specifying a step? if ($_REQUEST['step'] == 1) { // Yes, so set the step. $_SESSION['step'] = 1; } // Are they specifying an install type? if (isset($_REQUEST['setup'])) { // Yes, so set the install type. $_SESSION['setup'] = $_REQUEST['setup']; } // Are they wanting to install or upgrade?
function processApiRequest() { global $wp_version, $wp_db_version; global $wpdb, $bvVersion; if (array_key_exists('obend', $_REQUEST) && function_exists('ob_end_clean')) { @ob_end_clean(); } if (array_key_exists('op_reset', $_REQUEST) && function_exists('output_reset_rewrite_vars')) { output_reset_rewrite_vars(); } if (array_key_exists('binhead', $_REQUEST)) { header("Content-type: application/binary"); header('Content-Transfer-Encoding: binary'); } $method = urldecode($_REQUEST['bvMethod']); $this->addStatus("signature", "Blogvault API"); $this->addStatus("callback", $method); $this->addStatus("public", substr($this->getOption('bvPublic'), 0, 6)); if (!$this->authenticateControlRequest()) { $this->addStatus("statusmsg", 'failed authentication'); $this->terminate(); } $this->addStatus("bvVersion", $bvVersion); $this->addStatus("abspath", urldecode(ABSPATH)); $this->addStatus("serverip", urlencode($_SERVER['SERVER_ADDR'])); $this->addStatus("siteurl", urlencode($this->wpurl())); if (!array_key_exists('stripquotes', $_REQUEST) && (get_magic_quotes_gpc() || function_exists('wp_magic_quotes'))) { $_REQUEST = array_map('stripslashes_deep', $_REQUEST); } if (array_key_exists('b64', $_REQUEST)) { foreach ($_REQUEST['b64'] as $key) { if (is_array($_REQUEST[$key])) { $_REQUEST[$key] = array_map('base64_decode', $_REQUEST[$key]); } else { $_REQUEST[$key] = base64_decode($_REQUEST[$key]); } } } if (array_key_exists('memset', $_REQUEST)) { $val = intval(urldecode($_REQUEST['memset'])); @ini_set('memory_limit', $val . 'M'); } switch ($method) { case "sendmanyfiles": $files = $_REQUEST['files']; $offset = intval(urldecode($_REQUEST['offset'])); $limit = intval(urldecode($_REQUEST['limit'])); $bsize = intval(urldecode($_REQUEST['bsize'])); $this->addStatus("status", $this->uploadFiles($files, $offset, $limit, $bsize)); break; case "sendfilesmd5": $files = $_REQUEST['files']; $offset = intval(urldecode($_REQUEST['offset'])); $limit = intval(urldecode($_REQUEST['limit'])); $bsize = intval(urldecode($_REQUEST['bsize'])); $this->addStatus("status", $this->uploadFilesMd5($files, $offset, $limit, $bsize)); break; case "getfilesstats": $files = $_REQUEST['files']; $offset = intval(urldecode($_REQUEST['offset'])); $limit = intval(urldecode($_REQUEST['limit'])); $bsize = intval(urldecode($_REQUEST['bsize'])); $this->addStatus("status", $this->getFilesStats($files, $offset, $limit, $bsize)); break; case "listtables": $this->addStatus("status", $this->listTables()); break; case "tableinfo": $table = urldecode($_REQUEST['table']); $offset = intval(urldecode($_REQUEST['offset'])); $limit = intval(urldecode($_REQUEST['limit'])); $bsize = intval(urldecode($_REQUEST['bsize'])); $filter = urldecode($_REQUEST['filter']); $rcount = intval(urldecode($_REQUEST['rcount'])); $tname = urldecode($_REQUEST['tname']); $this->addStatus("status", $this->tableInfo($table, $tname, $rcount, $offset, $limit, $bsize, $filter)); break; case "uploadrows": $table = urldecode($_REQUEST['table']); $offset = intval(urldecode($_REQUEST['offset'])); $limit = intval(urldecode($_REQUEST['limit'])); $bsize = intval(urldecode($_REQUEST['bsize'])); $filter = urldecode($_REQUEST['filter']); $rcount = intval(urldecode($_REQUEST['rcount'])); $tname = urldecode($_REQUEST['tname']); $this->addStatus("status", $this->uploadRows($table, $tname, $rcount, $offset, $limit, $bsize, $filter)); break; case "sendactivate": $this->addStatus("status", $this->activate()); break; case "scanfilesdefault": $this->addStatus("status", $this->scanFiles()); break; case "scanfiles": $initdir = urldecode($_REQUEST['initdir']); $offset = intval(urldecode($_REQUEST['offset'])); $limit = intval(urldecode($_REQUEST['limit'])); $bsize = intval(urldecode($_REQUEST['bsize'])); $this->addStatus("status", $this->scanFiles($initdir, $offset, $limit, $bsize)); break; case "setdynsync": $this->updateOption('bvDynSyncActive', $_REQUEST['dynsync']); break; case "setwoodyn": $this->updateOption('bvWooDynSync', $_REQUEST['woodyn']); break; case "setserverid": $this->updateOption('bvServerId', $_REQUEST['serverid']); break; case "updatekeys": $this->addStatus("status", $this->updateKeys($_REQUEST['public'], $_REQUEST['secret'])); break; case "setignorednames": switch ($_REQUEST['table']) { case "options": $this->updateOption('bvIgnoredOptions', $_REQUEST['names']); break; case "postmeta": $this->updateOption('bvIgnoredPostmeta', $_REQUEST['names']); break; } break; case "getignorednames": switch ($_REQUEST['table']) { case "options": $names = $this->getOption('bvIgnoredOptions'); break; case "postmeta": $names = $this->getOption('bvIgnoredPostmeta'); break; } $this->addStatus("names", $names); break; case "phpinfo": phpinfo(); die; break; case "getposts": $post_type = urldecode($_REQUEST['post_type']); $args = array('numberposts' => 5, 'post_type' => $post_type); $posts = get_posts($args); $keys = array('post_title', 'guid', 'ID', 'post_date'); foreach ($posts as $post) { $pdata = array(); $post_array = get_object_vars($post); foreach ($keys as $key) { $pdata[$key] = $post_array[$key]; } $this->addArrayToStatus("posts", $pdata); $this->addArrayToStatus("post_type", $post_type); } break; case "getstats": $this->addStatus("posts", get_object_vars(wp_count_posts())); $this->addStatus("pages", get_object_vars(wp_count_posts("page"))); $this->addStatus("comments", get_object_vars(wp_count_comments())); break; case "getinfo": if (array_key_exists('wp', $_REQUEST)) { $wp_info = array('current_theme' => (string) (function_exists('wp_get_theme') ? wp_get_theme() : get_current_theme()), 'dbprefix' => $wpdb->base_prefix ? $wpdb->base_prefix : $wpdb->prefix, 'wpmu' => $this->isMultisite(), 'mainsite' => $this->isMainSite(), 'name' => get_bloginfo('name'), 'site_url' => get_bloginfo('wpurl'), 'home_url' => get_bloginfo('url'), 'charset' => get_bloginfo('charset'), 'wpversion' => $wp_version, 'dbversion' => $wp_db_version, 'abspath' => ABSPATH, 'uploadpath' => $this->uploadPath(), 'uploaddir' => wp_upload_dir(), 'contentdir' => defined('WP_CONTENT_DIR') ? WP_CONTENT_DIR : null, 'contenturl' => defined('WP_CONTENT_URL') ? WP_CONTENT_URL : null, 'plugindir' => defined('WP_PLUGIN_DIR') ? WP_PLUGIN_DIR : null, 'dbcharset' => defined('DB_CHARSET') ? DB_CHARSET : null, 'disallow_file_edit' => defined('DISALLOW_FILE_EDIT'), 'disallow_file_mods' => defined('DISALLOW_FILE_MODS'), 'bvversion' => $bvVersion); $this->addStatus("wp", $wp_info); } if (array_key_exists('plugins', $_REQUEST)) { if (!function_exists('get_plugins')) { require_once ABSPATH . "wp-admin/includes/plugin.php"; } $plugins = get_plugins(); foreach ($plugins as $plugin_file => $plugin_data) { $pdata = array('file' => $plugin_file, 'title' => $plugin_data['Title'], 'version' => $plugin_data['Version'], 'active' => is_plugin_active($plugin_file)); $this->addArrayToStatus("plugins", $pdata); } } if (array_key_exists('themes', $_REQUEST)) { $themes = function_exists('wp_get_themes') ? wp_get_themes() : get_themes(); foreach ($themes as $theme) { if (is_object($theme)) { $pdata = array('name' => $theme->Name, 'title' => $theme->Title, 'stylesheet' => $theme->get_stylesheet(), 'template' => $theme->Template, 'version' => $theme->Version); } else { $pdata = array('name' => $theme["Name"], 'title' => $theme["Title"], 'stylesheet' => $theme["Stylesheet"], 'template' => $theme["Template"], 'version' => $theme["Version"]); } $this->addArrayToStatus("themes", $pdata); } } if (array_key_exists('users', $_REQUEST)) { $users = array(); if (function_exists('get_users')) { $users = get_users('search=admin'); } else { if (function_exists('get_users_of_blog')) { $users = get_users_of_blog(); } } foreach ($users as $user) { if (stristr($user->user_login, 'admin')) { $pdata = array('login' => $user->user_login, 'ID' => $user->ID); $this->addArrayToStatus("users", $pdata); } } } if (array_key_exists('system', $_REQUEST)) { $sys_info = array('serverip' => $_SERVER['SERVER_ADDR'], 'host' => $_SERVER['HTTP_HOST'], 'phpversion' => phpversion(), 'uid' => getmyuid(), 'gid' => getmygid(), 'user' => get_current_user()); if (function_exists('posix_getuid')) { $sys_info['webuid'] = posix_getuid(); $sys_info['webgid'] = posix_getgid(); } $this->addStatus("sys", $sys_info); } break; case "setsecurityconf": $new_conf = $_REQUEST['secconf']; if (!is_array($new_conf)) { $new_conf = array(); } $this->updateOption('bvsecurityconfig', $new_conf); break; case "getsecurityconf": $new_conf = $this->getOption('bvsecurityconfig'); $this->addStatus("secconf", $new_conf); break; case "describetable": $table = urldecode($_REQUEST['table']); $this->describeTable($table); break; case "checktable": $table = urldecode($_REQUEST['table']); $type = urldecode($_REQUEST['type']); $this->checkTable($table, $type); break; case "repairtable": $table = urldecode($_REQUEST['table']); $this->repairTable($table); break; case "tablekeys": $table = urldecode($_REQUEST['table']); $this->tableKeys($table); break; case "gettablecreate": $table = urldecode($_REQUEST['table']); $this->addStatus("create", $this->tableCreate($table)); break; case "getrowscount": $table = urldecode($_REQUEST['table']); $this->addStatus("count", $this->rowsCount($table)); break; case "updatedailyping": $value = $_REQUEST['value']; $this->addStatus("bvDailyPing", $this->updateDailyPing($value)); break; default: $this->addStatus("statusmsg", "Bad Command"); $this->addStatus("status", false); break; } $this->terminate(); }
/** * Reset the URL rewriter and remove all rewrite variables previously set by the output_add_rewrite_var() function or the session mechanism. */ public static function resetUrlRewriteVars() { output_reset_rewrite_vars(); self::$rewriteVars = array(); }