// Enabled $syslog_message = T_('SMTP enabled.'); } elseif ($old_smtp_enabled && !$Settings->get('smtp_enabled')) { // Disabled $syslog_message = T_('SMTP disabled.') . (!empty($smtp_error) && is_string($smtp_error) ? ' ' . sprintf(T_('Reason: %s'), $smtp_error) : ''); } break; default: // Invalid tab3 break 2; } if (!$Messages->has_errors()) { if ($Settings->dbupdate()) { if (!empty($syslog_message)) { // Log system info into DB syslog_insert($syslog_message, 'info', NULL); } $Messages->add(T_('Settings updated.'), 'success'); if ($Settings->get('smtp_enabled')) { // Check if connection is available global $smtp_connection_result; // Test SMTP connection $smtp_messages = smtp_connection_test(); // Init this var to display a result on the page $smtp_test_output = is_array($smtp_messages) ? implode("<br />\n", $smtp_messages) : ''; if ($smtp_connection_result) { // Success $Messages->add(T_('The connection with this SMTP server has been tested successfully.'), 'success'); } else { // Error $Messages->add(T_('The connection with this SMTP server has failed.'), 'error');
/** * Create links between users and image files from the users profile_pictures folder */ function create_profile_picture_links() { global $DB; load_class('files/model/_filelist.class.php', 'Filelist'); load_class('files/model/_fileroot.class.php', 'FileRoot'); $path = 'profile_pictures'; $FileRootCache =& get_FileRootCache(); $UserCache =& get_UserCache(); // SQL query to get all users and limit by page below $users_SQL = new SQL(); $users_SQL->SELECT('*'); $users_SQL->FROM('T_users'); $users_SQL->ORDER_BY('user_ID'); $page = 0; $page_size = 100; while (count($UserCache->cache) > 0 || $page == 0) { // Load users by 100 at one time to avoid errors about memory exhausting $users_SQL->LIMIT($page * $page_size . ', ' . $page_size); $UserCache->clear(); $UserCache->load_by_sql($users_SQL); while (($iterator_User =& $UserCache->get_next()) != NULL) { // Iterate through UserCache) $FileRootCache->clear(); $user_FileRoot =& $FileRootCache->get_by_type_and_ID('user', $iterator_User->ID); if (!$user_FileRoot) { // User FileRoot doesn't exist continue; } $ads_list_path = get_canonical_path($user_FileRoot->ads_path . $path); // Previously uploaded avatars if (!is_dir($ads_list_path)) { // profile_picture folder doesn't exists in the user root dir continue; } $user_avatar_Filelist = new Filelist($user_FileRoot, $ads_list_path); $user_avatar_Filelist->load(); if ($user_avatar_Filelist->count() > 0) { // profile_pictures folder is not empty $info_content = ''; $LinkOwner = new LinkUser($iterator_User); while ($lFile =& $user_avatar_Filelist->get_next()) { // Loop through all Files: $fileName = $lFile->get_name(); if (process_filename($fileName)) { // The file has invalid file name, don't create in the database syslog_insert(sprintf('Invalid file name %s has been found in a user folder', '<b>' . $fileName . '</b>'), 'info', 'user', $iterator_User->ID); // TODO: asimo> we should collect each invalid file name here, and send an email to the admin continue; } $lFile->load_meta(true); if ($lFile->is_image()) { $lFile->link_to_Object($LinkOwner); } } } } // Increase page number to get next portion of users $page++; } // Clear cache data $UserCache->clear(); $FileRootCache->clear(); }
/** * metaWeblog.newMediaObject image upload * wp.uploadFile * * Supplied image is encoded into the struct as bits * * @see http://www.xmlrpc.com/metaWeblogApi#metaweblognewmediaobject * @see http://codex.wordpress.org/XML-RPC_wp#wp.uploadFile * * @param xmlrpcmsg XML-RPC Message * 0 blogid (string): Unique identifier of the blog the post will be added to. * Currently ignored in b2evo, in favor of the category. * 1 username (string): Login for a Blogger user who has permission to edit the given * post (either the user who originally created it or an admin of the blog). * 2 password (string): Password for said username. * 3 struct (struct) * - name : filename * - type : mimetype * - bits : base64 encoded file * @return xmlrpcresp XML-RPC Response */ function _wp_mw_newmediaobject($m) { global $Settings, $Plugins, $force_upload_forbiddenext; // CHECK LOGIN: /** * @var User */ if (!($current_User =& xmlrpcs_login($m, 1, 2))) { // Login failed, return (last) error: return xmlrpcs_resperror(); } // GET BLOG: /** * @var Blog */ if (!($Blog =& xmlrpcs_get_Blog($m, 0))) { // Login failed, return (last) error: return xmlrpcs_resperror(); } // CHECK PERMISSION: if (!$current_User->check_perm('files', 'add', false, $Blog->ID)) { // Permission denied return xmlrpcs_resperror(3); // User error 3 } logIO('Permission granted.'); if (!$Settings->get('upload_enabled')) { return xmlrpcs_resperror(2, 'Object upload not allowed'); } $xcontent = $m->getParam(3); // Get the main data - and decode it properly for the image - sorry, binary object logIO('Decoding content...'); $contentstruct = xmlrpc_decode_recurse($xcontent); $data = $contentstruct['bits']; $file_mimetype = isset($contentstruct['type']) ? $contentstruct['type'] : '(none)'; logIO('Received MIME type: ' . $file_mimetype); $overwrite = false; if (isset($contentstruct['overwrite'])) { $overwrite = (bool) $contentstruct['overwrite']; } logIO('Overwrite if exists: ' . ($overwrite ? 'yes' : 'no')); load_funcs('files/model/_file.funcs.php'); $filesize = evo_bytes($data); if (($maxfilesize = $Settings->get('upload_maxkb') * 1024) && $filesize > $maxfilesize) { return xmlrpcs_resperror(4, sprintf(T_('The file is too large: %s but the maximum allowed is %s.'), bytesreadable($filesize, false), bytesreadable($maxfilesize, false))); } logIO('File size is OK: ' . bytesreadable($filesize, false)); $FileRootCache =& get_FileRootCache(); $fm_FileRoot =& $FileRootCache->get_by_type_and_ID('collection', $Blog->ID, true); if (!$fm_FileRoot) { // fileRoot not found: return xmlrpcs_resperror(14, 'File root not found'); } $rf_filepath = $contentstruct['name']; logIO('Received filepath: ' . $rf_filepath); // Split into path + name: $filepath_parts = explode('/', $rf_filepath); $filename = array_pop($filepath_parts); logIO('Original file name: ' . $filename); // Validate and sanitize filename if ($error_filename = process_filename($filename, true)) { return xmlrpcs_resperror(5, $error_filename); } logIO('Sanitized file name: ' . $filename); // Check valid path parts: $rds_subpath = ''; foreach ($filepath_parts as $filepath_part) { if (empty($filepath_part) || $filepath_part == '.') { // self ref not useful continue; } if ($error = validate_dirname($filepath_part)) { // invalid relative path: logIO($error); syslog_insert(sprintf('Invalid name is detected for folder %s', '<b>' . $filepath_part . '</b>'), 'warning', 'file'); return xmlrpcs_resperror(6, $error); } $rds_subpath .= $filepath_part . '/'; } logIO('Subpath: ' . $rds_subpath); // Create temporary file and insert contents into it. $tmpfile_name = tempnam(sys_get_temp_dir(), 'fmupload'); if ($tmpfile_name) { if (save_to_file($data, $tmpfile_name, 'wb')) { $image_info = @getimagesize($tmpfile_name); } else { return xmlrpcs_resperror(13, 'Error while writing to temp file.'); } } if (!empty($image_info)) { // This is an image file, let's check mimetype and correct extension if ($image_info['mime'] != $file_mimetype) { // Invalid file type $FiletypeCache =& get_FiletypeCache(); // Get correct file type based on mime type $correct_Filetype = $FiletypeCache->get_by_mimetype($image_info['mime'], false, false); $file_mimetype = $image_info['mime']; // Check if file type is known by us, and if it is allowed for upload. // If we don't know this file type or if it isn't allowed we don't change the extension! The current extension is allowed for sure. if ($correct_Filetype && $correct_Filetype->is_allowed()) { // A FileType with the given mime type exists in database and it is an allowed file type for current User // The "correct" extension is a plausible one, proceed... $correct_extension = array_shift($correct_Filetype->get_extensions()); $path_info = pathinfo($filename); $current_extension = $path_info['extension']; // change file extension to the correct extension, but only if the correct extension is not restricted, this is an extra security check! if (strtolower($current_extension) != strtolower($correct_extension) && !in_array($correct_extension, $force_upload_forbiddenext)) { // change the file extension to the correct extension $old_filename = $filename; $filename = $path_info['filename'] . '.' . $correct_extension; } } } } // Get File object for requested target location: $FileCache =& get_FileCache(); $newFile =& $FileCache->get_by_root_and_path($fm_FileRoot->type, $fm_FileRoot->in_type_ID, trailing_slash($rds_subpath) . $filename, true); if ($newFile->exists()) { if ($overwrite && $newFile->unlink()) { // OK, file deleted // Delete thumb caches from old location: logIO('Old file deleted'); $newFile->rm_cache(); } else { return xmlrpcs_resperror(8, sprintf(T_('The file «%s» already exists.'), $filename)); } } // Trigger plugin event if ($Plugins->trigger_event_first_false('AfterFileUpload', array('File' => &$newFile, 'name' => &$filename, 'type' => &$file_mimetype, 'tmp_name' => &$tmpfile_name, 'size' => &$filesize))) { // Plugin returned 'false'. // Abort upload for this file: @unlink($tmpfile_name); return xmlrpcs_resperror(16, 'File upload aborted by a plugin.'); } if (!mkdir_r($newFile->get_dir())) { // Dir didn't already exist and could not be created return xmlrpcs_resperror(9, 'Error creating sub directories: ' . $newFile->get_rdfs_rel_path()); } if (!@rename($tmpfile_name, $newFile->get_full_path())) { return xmlrpcs_resperror(13, 'Error while writing to file.'); } // chmod the file $newFile->chmod(); // Initializes file properties (type, size, perms...) $newFile->load_properties(); // Load meta data AND MAKE SURE IT IS CREATED IN DB: $newFile->meta == 'unknown'; $newFile->load_meta(true); // Resize and rotate logIO('Running file post-processing (resize and rotate)...'); prepare_uploaded_files(array($newFile)); logIO('Done'); $url = $newFile->get_url(); logIO('URL of new file: ' . $url); $struct = new xmlrpcval(array('file' => new xmlrpcval($filename, 'string'), 'url' => new xmlrpcval($url, 'string'), 'type' => new xmlrpcval($file_mimetype, 'string')), 'struct'); logIO('OK.'); return new xmlrpcresp($struct); }
/** * Sends HTTP header to redirect to the previous location (which * can be given as function parameter, GET parameter (redirect_to), * is taken from {@link Hit::$referer} or {@link $baseurl}). * * {@link $Debuglog} and {@link $Messages} get stored in {@link $Session}, so they * are available after the redirect. * * NOTE: This function {@link exit() exits} the php script execution. * * @todo fp> do NOT allow $redirect_to = NULL. This leads to spaghetti code and unpredictable behavior. * * @param string Destination URL to redirect to * @param boolean|integer is this a permanent redirect? if true, send a 301; otherwise a 303 OR response code 301,302,303 * @param boolean is this a redirected post display? This param may be true only if we should redirect to a post url where the post status is 'redirected'! */ function header_redirect($redirect_to = NULL, $status = false, $redirected_post = false) { /** * put your comment there... * * @var Hit */ global $Hit; global $baseurl, $Blog, $htsrv_url_sensitive, $ReqHost, $ReqURL, $dispatcher; global $Session, $Debuglog, $Messages; global $http_response_code, $allow_redirects_to_different_domain; // TODO: fp> get this out to the caller, make a helper func like get_returnto_url() if (empty($redirect_to)) { // see if there's a redirect_to request param given: $redirect_to = param('redirect_to', 'url', ''); if (empty($redirect_to)) { if (!empty($Hit->referer)) { $redirect_to = $Hit->referer; } elseif (isset($Blog) && is_object($Blog)) { $redirect_to = $Blog->get('url'); } else { $redirect_to = $baseurl; } } elseif ($redirect_to[0] == '/') { // relative URL, prepend current host: $redirect_to = $ReqHost . $redirect_to; } } // <fp $Debuglog->add('Preparing to redirect to: ' . $redirect_to, 'request'); // Determine if this is an external or internal redirect: $external_redirect = true; // Start with worst case, then whitelist: if ($redirect_to[0] == '/' || $redirect_to[0] == '?') { // We stay on the same domain or same page: $external_redirect = false; } elseif (strpos($redirect_to, $dispatcher) === 0) { // $dispatcher is DEPRECATED and pages should use $admin_url URL instead, but at least we're staying on the same site: $external_redirect = false; } elseif (strpos($redirect_to, $baseurl) === 0) { $Debuglog->add('Redirecting within $baseurl, all is fine.', 'request'); $external_redirect = false; } elseif (strpos($redirect_to, $htsrv_url_sensitive) === 0) { $Debuglog->add('Redirecting within $htsrv_url_sensitive, all is fine.', 'request'); $external_redirect = false; } elseif (!empty($Blog) && strpos($redirect_to, $Blog->gen_baseurl()) === 0) { $Debuglog->add('Redirecting within current collection URL, all is fine.', 'request'); $external_redirect = false; } // Remove login and pwd parameters from URL, so that they do not trigger the login screen again (and also as global security measure): $redirect_to = preg_replace('~(?<=\\?|&) (login|pwd) = [^&]+ ~x', '', $redirect_to); if ($external_redirect == false) { // (blueyed>) Remove "confirm(ed)?" from redirect_to so it doesn't do the same thing twice // TODO: fp> confirm should be normalized to confirmed $redirect_to = preg_replace('~(?<=\\?|&) (confirm(ed)?) = [^&]+ ~x', '', $redirect_to); } $allow_collection_redirect = false; if ($external_redirect && $allow_redirects_to_different_domain == 'all_collections_and_redirected_posts' && !$redirected_post) { // If a redirect is external and we allow to redirect to all collection domains: $BlogCache =& get_BlogCache(); $BlogCache->load_all(); $redirect_to_domain = preg_replace('~https?://([^/]+)/?.*~i', '$1', $redirect_to); foreach ($BlogCache->cache as $url_Blog) { $blog_domain = preg_replace('~https?://([^/]+)/?.*~i', '$1', $url_Blog->gen_baseurl()); if ($blog_domain == $redirect_to_domain) { // We found current redirect goes to a collection domain, so it is not external $allow_collection_redirect = true; break; } } } // Check if we're trying to redirect to an external URL: if ($external_redirect && $allow_redirects_to_different_domain != 'always' && !$allow_collection_redirect && !(in_array($allow_redirects_to_different_domain, array('all_collections_and_redirected_posts', 'only_redirected_posts')) && $redirected_post)) { // Force header redirects into the same domain. Do not allow external URLs. $Messages->add(T_('A redirection to an external URL was blocked for security reasons.'), 'error'); syslog_insert('A redirection to an external URL ' . $redirect_to . ' was blocked for security reasons.', 'error', NULL); $redirect_to = $baseurl; } if (is_integer($status)) { $http_response_code = $status; } else { $http_response_code = $status ? 301 : 303; } $Debuglog->add('***** REDIRECT TO ' . $redirect_to . ' (status ' . $http_response_code . ') *****', 'request'); if (!empty($Session)) { // Session is required here // Transfer of Debuglog to next page: if ($Debuglog->count('all')) { // Save Debuglog into Session, so that it's available after redirect (gets loaded by Session constructor): $sess_Debuglogs = $Session->get('Debuglogs'); if (empty($sess_Debuglogs)) { $sess_Debuglogs = array(); } $sess_Debuglogs[] = $Debuglog; $Session->set('Debuglogs', $sess_Debuglogs, 60); // echo 'Passing Debuglog(s) to next page'; // pre_dump( $sess_Debuglogs ); } // Transfer of Messages to next page: if ($Messages->count()) { // Set Messages into user's session, so they get restored on the next page (after redirect): $Session->set('Messages', $Messages); // echo 'Passing Messages to next page'; } $Session->dbsave(); // If we don't save now, we run the risk that the redirect goes faster than the PHP script shutdown. } // see http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html switch ($http_response_code) { case 301: // This should be a permanent move redirect! header_http_response('301 Moved Permanently'); break; case 303: // This should be a "follow up" redirect // Note: Also see http://de3.php.net/manual/en/function.header.php#50588 and the other comments around header_http_response('303 See Other'); break; case 302: default: header_http_response('302 Found'); } // debug_die($redirect_to); if (headers_sent($filename, $line)) { debug_die(sprintf('Headers have already been sent in %s on line %d.', basename($filename), $line) . '<br />Cannot <a href="' . htmlspecialchars($redirect_to) . '">redirect</a>.'); } header('Location: ' . $redirect_to, true, $http_response_code); // explictly setting the status is required for (fast)cgi exit(0); }
if (!empty($blog)) { $blog_param = '&inskin=true&blog=' . $blog; } $subject = sprintf(T_('Password change request for %s'), $login); $email_template_params = array('user_count' => $user_count, 'request_id' => $request_id, 'blog_param' => $blog_param); if (!send_mail_to_User($forgetful_User->ID, $subject, 'account_password_reset', $email_template_params, true)) { $Messages->add(T_('Sorry, the email with the link to reset your password could not be sent.') . '<br />' . T_('Possible reason: the PHP mail() function may have been disabled on the server.'), 'error'); } else { $Session->set('core.changepwd.request_id', $request_id, 86400 * 2); // expires in two days (or when clicked) $Session->set('core.changepwd.request_ts_login', $servertimenow . '_' . $login, 360); // request timestamp and login/email - expires in six minutes $Session->dbsave(); // save immediately $Messages->add(T_('If you correctly entered your login or email address, a link to change your password has been sent to your registered email address.'), 'success'); syslog_insert('User requested password reset', 'info', 'user', $forgetful_User->ID); } } locale_restore_previous(); $action = 'req_login'; break; case 'changepwd': // Clicked "Change password request" link from a mail param('reqID', 'string', ''); param('sessID', 'integer', ''); $UserCache =& get_UserCache(); $forgetful_User =& $UserCache->get_by_login($login); locale_temp_switch($forgetful_User->locale); if (!$forgetful_User || empty($reqID)) { // This was not requested $Messages->add(T_('Invalid password change request! Please try again...'), 'error');
/** * Change file permissions on disk. * * @access public * @param string chmod (octal three-digit-format, eg '777'), uses {@link $Settings} for NULL * (fm_default_chmod_dir, fm_default_chmod_file) * @return mixed new permissions on success (octal format), false on failure */ function chmod($chmod = NULL) { if ($chmod === NULL) { global $Settings; $chmod = $this->is_dir() ? $Settings->get('fm_default_chmod_dir') : $Settings->get('fm_default_chmod_file'); } if (@chmod($this->_adfp_full_path, octdec($chmod))) { clearstatcache(); // update current entry $this->_perms = fileperms($this->_adfp_full_path); syslog_insert(sprintf('The permissions of file %s were changed to %s', '<b>' . $this->get_name() . '</b>', $chmod), 'info', 'file', $this->ID); return $this->_perms; } else { syslog_insert(sprintf('The permissions of file %s could not be changed to %s', '<b>' . $this->get_name() . '</b>', $chmod), 'info', 'file', $this->ID); return false; } }
/** * Check if the value is a file name * * @param string param name * @param string error message * @return boolean true if OK */ function param_check_filename($var, $err_msg) { if ($error_filename = validate_filename($GLOBALS[$var])) { param_error($var, $error_filename); syslog_insert(sprintf('File %s is invalid or has an unrecognized extension', '<b>' . $GLOBALS[$var] . '</b>'), 'warning', 'file'); return false; } return true; }
switch ($action) { case 'edit_links': // Display link owner attachments // Check permission: $LinkOwner->check_perm('edit', true); // Add JavaScript to handle links modifications. require_js('links.js'); break; case 'unlink': // Delete a link: // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb("link"); // Check permission: $LinkOwner->check_perm('edit', true); if ($link_File =& $edited_Link->get_File()) { syslog_insert(sprintf('File %s was unlinked from %s with ID=%s', '<b>' . $link_File->get_name() . '</b>', $LinkOwner->type, $LinkOwner->link_Object->ID), 'info', 'file', $link_File->ID); } // Unlink File from Item/Comment: $deleted_link_ID = $edited_Link->ID; $edited_Link->dbdelete(); unset($edited_Link); $LinkOwner->after_unlink_action($deleted_link_ID); $Messages->add($LinkOwner->translate('Link has been deleted from $xxx$.'), 'success'); header_redirect($redirect_to); break; case 'link_move_up': case 'link_move_down': // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb("link"); // Check permission: $LinkOwner->check_perm('edit', true);
/** * Test connection to SMTP server by Swift Mailer * * @return array Result messages */ function smtp_connection_test() { global $smtp_connection_result; $smtp_messages = array(); $smtp_connection_result = true; // Check if Swift Mailer is enabled $check_smtp_result = check_smtp_mailer(); $message = T_('Check SMTP settings... '); if ($check_smtp_result === true) { // Success $smtp_messages[] = $message . '<span class="green">OK</span>'; syslog_insert($message . 'OK', 'info', NULL); } else { // Error $smtp_messages[] = $message . '<span class="red">' . $check_smtp_result . '</span>'; syslog_insert($message . $check_smtp_result, 'warning', NULL); $smtp_connection_result = false; return $smtp_messages; // EXIT } // Test a connection $Swift_SmtpTransport =& get_Swift_SmtpTransport(); $connection_result = test_smtp_transport($Swift_SmtpTransport); $message = T_('Test SMTP connection... '); if ($connection_result === true) { // Success $smtp_messages[] = $message . '<span class="green">OK</span>'; syslog_insert($message . 'OK', 'info', NULL); } else { // Error $smtp_messages[] = $message . '<span class="red">' . $connection_result . '</span>'; syslog_insert($message . $connection_result, 'warning', NULL); $smtp_connection_result = false; } return $smtp_messages; }
/** * Exit when request is blocked * * @param string Block type: 'IP', 'Domain', 'Country' * @param string Debug message * @param string Syslog origin type: 'core', 'plugin' * @param integer Syslog origin ID */ function exit_blocked_request($block_type, $debug_message, $syslog_origin_type = 'core', $syslog_origin_ID = NULL) { global $debug; // Write system log for the request: syslog_insert($debug_message, 'warning', NULL, NULL, $syslog_origin_type, $syslog_origin_ID); // Print out this text to inform an user: echo 'Blocked.'; if ($debug) { // Display additional info on debug mode: echo ' (' . $block_type . ')'; } // EXIT: exit(0); }
/** * Check for duplicate comments. */ function BeforeCommentFormInsert(&$params) { $comment_Item =& $params['Comment']->get_Item(); if ($this->is_duplicate_comment($params['Comment'])) { $this->msg(T_('The comment seems to be a duplicate.'), 'error'); if ($comment_Item) { syslog_insert('The comment seems to be a duplicate', 'info', 'item', $comment_Item->ID, 'plugin', $this->ID); } } if ($this->Settings->get('block_common_spam') && preg_match_all('~\\[(link|url)=~', $params['Comment']->content, $m)) { // Block common bbcode spam comments with both [url= and [link= tags if (!empty($m[1]) && count($m[1]) > 1) { $this->msg(T_('Your comment was rejected because it appeared to be spam.'), 'error'); if ($comment_Item) { syslog_insert('The comment was rejected because it appeared to be spam', 'warning', 'item', $comment_Item->ID, 'plugin', $this->ID); } } } }
continue; } if (!isset($new_names[$loop_src_File->get_md5_ID()])) { // We have not yet provided a name to rename to... $confirm = 0; $new_names[$loop_src_File->get_md5_ID()] = $loop_src_File->get('name'); continue; } // Check if provided name is okay: $new_names[$loop_src_File->get_md5_ID()] = trim(strip_tags($new_names[$loop_src_File->get_md5_ID()])); if (!$loop_src_File->is_dir()) { if ($error_filename = validate_filename($new_names[$loop_src_File->get_md5_ID()])) { // Not a file name or not an allowed extension $confirm = 0; $Messages->add($error_filename, 'error'); syslog_insert(sprintf('The copied file %s has an unrecognized extension', '<b>' . $new_names[$loop_src_File->get_md5_ID()] . '</b>'), 'warning', 'file', $loop_src_File->ID); continue; } } elseif ($error_dirname = validate_dirname($new_names[$loop_src_File->get_md5_ID()])) { // Not a directory name $confirm = 0; $Messages->add($error_dirname, 'error'); continue; } // If the source is a directory, then we must check if the target path length is allowed or not $FileCache =& get_FileCache(); $dest_File =& $FileCache->get_by_root_and_path($fm_Filelist->get_root_type(), $fm_Filelist->get_root_ID(), $fm_Filelist->get_rds_list_path() . $new_names[$loop_src_File->get_md5_ID()]); if ($loop_src_File->is_dir() && strlen($dest_File->get_full_path()) > $dirpath_max_length) { // The path would be too long we can not allowe to move this folder param_error('new_names[' . $loop_src_File->get_md5_ID() . ']', T_('The target path is too long for this folder.')); $confirm = 0;
/** * Load data from Request form fields. * * @param array groups of params to load * @return boolean true if loaded data seems valid. */ function load_from_Request($groups = array()) { global $Messages, $default_locale, $DB; /** * @var User */ global $current_User; // Load collection settings and clear update cascade array $this->load_CollectionSettings(); if (param('blog_name', 'string', NULL) !== NULL) { // General params: $this->set_from_Request('name'); $this->set('shortname', param('blog_shortname', 'string', true)); // Language / locale: if (param('blog_locale', 'string', NULL) !== NULL) { // These settings can be hidden when only one locale is enaled in the system $this->set_from_Request('locale'); $this->set_setting('locale_source', param('blog_locale_source', 'string', 'blog')); $this->set_setting('post_locale_source', param('blog_post_locale_source', 'string', 'post')); } // Collection permissions: $this->set('advanced_perms', param('advanced_perms', 'integer', 0)); $this->set_setting('allow_access', param('blog_allow_access', 'string', '')); if ($this->get_setting('allow_access') == 'users' || $this->get_setting('allow_access') == 'members') { // Disable site maps, feeds and ping plugins when access is restricted on this blog $this->set_setting('enable_sitemaps', 0); $this->set_setting('feed_content', 'none'); $this->set_setting('ping_plugins', ''); } // Lists of collections: $this->set('order', param('blog_order', 'integer')); $this->set('in_bloglist', param('blog_in_bloglist', 'string', 'public')); $this->set('favorite', param('favorite', 'integer', 0)); } if (param('archive_links', 'string', NULL) !== NULL) { // Archive link type: $this->set_setting('archive_links', get_param('archive_links')); $this->set_setting('archive_posts_per_page', param('archive_posts_per_page', 'integer', NULL), true); } if (param('chapter_links', 'string', NULL) !== NULL) { // Chapter link type: $this->set_setting('chapter_links', get_param('chapter_links')); } if (param('category_prefix', 'string', NULL) !== NULL) { $category_prefix = get_param('category_prefix'); if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $category_prefix)) { param_error('category_prefix', T_('Invalid category prefix.')); } $this->set_setting('category_prefix', $category_prefix); } if (param('atom_redirect', 'string', NULL) !== NULL) { param_check_url('atom_redirect', 'commenting'); $this->set_setting('atom_redirect', get_param('atom_redirect')); param('rss2_redirect', 'string', NULL); param_check_url('rss2_redirect', 'commenting'); $this->set_setting('rss2_redirect', get_param('rss2_redirect')); } if (param('image_size', 'string', NULL) !== NULL) { $this->set_setting('image_size', get_param('image_size')); } if (param('tag_links', 'string', NULL) !== NULL) { // Tag page link type: $this->set_setting('tag_links', get_param('tag_links')); } if (param('tag_prefix', 'string', NULL) !== NULL) { $tag_prefix = get_param('tag_prefix'); if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $tag_prefix)) { param_error('tag_prefix', T_('Invalid tag prefix.')); } $this->set_setting('tag_prefix', $tag_prefix); } // Default to "tag", if "prefix-only" is used, but no tag_prefix was provided. if (get_param('tag_links') == 'prefix-only' && !strlen(param('tag_prefix', 'string', NULL))) { $this->set_setting('tag_prefix', 'tag'); } // Use rel="tag" attribute? (checkbox) $this->set_setting('tag_rel_attib', param('tag_rel_attib', 'integer', 0)); if (param('chapter_content', 'string', NULL) !== NULL) { // What kind of content on chapter pages? $this->set_setting('chapter_content', get_param('chapter_content')); } if (param('tag_content', 'string', NULL) !== NULL) { // What kind of content on tags pages? $this->set_setting('tag_content', get_param('tag_content')); } if (param('archive_content', 'string', NULL) !== NULL) { // What kind of content on archive pages? $this->set_setting('archive_content', get_param('archive_content')); } if (param('filtered_content', 'string', NULL) !== NULL) { // What kind of content on filtered pages? $this->set_setting('filtered_content', get_param('filtered_content')); } if (param('main_content', 'string', NULL) !== NULL) { // What kind of content on main pages? $this->set_setting('main_content', get_param('main_content')); } // Chapter posts per page: $this->set_setting('chapter_posts_per_page', param('chapter_posts_per_page', 'integer', NULL), true); // Tag posts per page: $this->set_setting('tag_posts_per_page', param('tag_posts_per_page', 'integer', NULL), true); if (param('single_links', 'string', NULL) !== NULL) { // Single post link type: $this->set_setting('single_links', get_param('single_links')); } if (param('slug_limit', 'integer', NULL) !== NULL) { // Limit slug length: $this->set_setting('slug_limit', get_param('slug_limit')); } if (param('normal_skin_ID', 'integer', NULL) !== NULL) { // Normal skin ID: $this->set_setting('normal_skin_ID', get_param('normal_skin_ID')); } if (param('mobile_skin_ID', 'integer', NULL) !== NULL) { // Mobile skin ID: if (get_param('mobile_skin_ID') == 0) { // Don't store this empty setting in DB $this->delete_setting('mobile_skin_ID'); } else { // Set mobile skin $this->set_setting('mobile_skin_ID', get_param('mobile_skin_ID')); } } if (param('tablet_skin_ID', 'integer', NULL) !== NULL) { // Tablet skin ID: if (get_param('tablet_skin_ID') == 0) { // Don't store this empty setting in DB $this->delete_setting('tablet_skin_ID'); } else { // Set tablet skin $this->set_setting('tablet_skin_ID', get_param('tablet_skin_ID')); } } if (param('archives_sort_order', 'string', NULL) !== NULL) { // Archive sorting $this->set_setting('archives_sort_order', param('archives_sort_order', 'string', false)); } if (param('download_delay', 'integer', NULL) !== NULL) { // Download delay param_check_range('download_delay', 0, 10, T_('Download delay must be numeric (0-10).')); $this->set_setting('download_delay', get_param('download_delay')); } if (param('feed_content', 'string', NULL) !== NULL) { // How much content in feeds? $this->set_setting('feed_content', get_param('feed_content')); param_integer_range('posts_per_feed', 1, 9999, T_('Items per feed must be between %d and %d.')); $this->set_setting('posts_per_feed', get_param('posts_per_feed')); } if (param('comment_feed_content', 'string', NULL) !== NULL) { // How much content in comment feeds? $this->set_setting('comment_feed_content', get_param('comment_feed_content')); param_integer_range('comments_per_feed', 1, 9999, T_('Comments per feed must be between %d and %d.')); $this->set_setting('comments_per_feed', get_param('comments_per_feed')); } if (param('blog_shortdesc', 'string', NULL) !== NULL) { // Description: $this->set_from_Request('shortdesc'); } if (param('blog_keywords', 'string', NULL) !== NULL) { // Keywords: $this->set_from_Request('keywords'); } if (param('blog_tagline', 'html', NULL) !== NULL) { // HTML tagline: param_check_html('blog_tagline', T_('Invalid tagline')); $this->set('tagline', get_param('blog_tagline')); } if (param('blog_longdesc', 'html', NULL) !== NULL) { // HTML long description: param_check_html('blog_longdesc', T_('Invalid long description')); $this->set('longdesc', get_param('blog_longdesc')); } if (param('blog_footer_text', 'html', NULL) !== NULL) { // Blog footer: param_check_html('blog_footer_text', T_('Invalid blog footer')); $this->set_setting('blog_footer_text', get_param('blog_footer_text')); } if (param('single_item_footer_text', 'html', NULL) !== NULL) { // Blog footer: param_check_html('single_item_footer_text', T_('Invalid single post footer')); $this->set_setting('single_item_footer_text', get_param('single_item_footer_text')); } if (param('xml_item_footer_text', 'html', NULL) !== NULL) { // Blog footer: param_check_html('xml_item_footer_text', T_('Invalid RSS footer')); $this->set_setting('xml_item_footer_text', get_param('xml_item_footer_text')); } if (param('blog_notes', 'html', NULL) !== NULL) { // HTML notes: param_check_html('blog_notes', T_('Invalid Blog Notes')); $this->set('notes', get_param('blog_notes')); param_integer_range('max_footer_credits', 0, 3, T_('Max credits must be between %d and %d.')); $this->set_setting('max_footer_credits', get_param('max_footer_credits')); } if (in_array('pings', $groups)) { // we want to load the ping checkboxes: $blog_ping_plugins = param('blog_ping_plugins', 'array:string', array()); $blog_ping_plugins = array_unique($blog_ping_plugins); $this->set_setting('ping_plugins', implode(',', $blog_ping_plugins)); } if (in_array('authors', $groups)) { // we want to load the workflow & permissions params $this->set_setting('use_workflow', param('blog_use_workflow', 'integer', 0)); } if (in_array('home', $groups)) { // we want to load the front page params: $front_disp = param('front_disp', 'string', ''); $this->set_setting('front_disp', $front_disp); $front_post_ID = param('front_post_ID', 'integer', 0); if ($front_disp == 'page') { // Post ID must be required param_check_not_empty('front_post_ID', T_('Please enter a specific post ID')); } $this->set_setting('front_post_ID', $front_post_ID); } if (in_array('features', $groups)) { // we want to load the workflow checkboxes: $this->set_setting('enable_goto_blog', param('enable_goto_blog', 'string', NULL)); $this->set_setting('editing_goto_blog', param('editing_goto_blog', 'string', NULL)); $this->set_setting('default_post_status', param('default_post_status', 'string', NULL)); $this->set_setting('post_categories', param('post_categories', 'string', NULL)); $this->set_setting('post_navigation', param('post_navigation', 'string', NULL)); // Show x days or x posts?: $this->set_setting('what_to_show', param('what_to_show', 'string', '')); param_integer_range('posts_per_page', 1, 9999, T_('Items/days per page must be between %d and %d.')); $this->set_setting('posts_per_page', get_param('posts_per_page')); $this->set_setting('orderby', param('orderby', 'string', true)); $this->set_setting('orderdir', param('orderdir', 'string', true)); // Front office statuses $this->load_inskin_statuses('post'); // Time frame $this->set_setting('timestamp_min', param('timestamp_min', 'string', '')); $this->set_setting('timestamp_min_duration', param_duration('timestamp_min_duration')); $this->set_setting('timestamp_max', param('timestamp_max', 'string', '')); $this->set_setting('timestamp_max_duration', param_duration('timestamp_max_duration')); // call modules update_collection_features on this blog modules_call_method('update_collection_features', array('edited_Blog' => &$this)); // load post moderation statuses $moderation_statuses = get_visibility_statuses('moderation'); $post_moderation_statuses = array(); foreach ($moderation_statuses as $status) { if (param('post_notif_' . $status, 'integer', 0)) { $post_moderation_statuses[] = $status; } } $this->set_setting('post_moderation_statuses', implode(',', $post_moderation_statuses)); } if (in_array('comments', $groups)) { // we want to load the comments settings: // load moderation statuses $moderation_statuses = get_visibility_statuses('moderation'); $blog_moderation_statuses = array(); foreach ($moderation_statuses as $status) { if (param('notif_' . $status, 'integer', 0)) { $blog_moderation_statuses[] = $status; } } $this->set_setting('moderation_statuses', implode(',', $blog_moderation_statuses)); $this->set_setting('comment_quick_moderation', param('comment_quick_moderation', 'string', 'expire')); $this->set_setting('allow_item_subscriptions', param('allow_item_subscriptions', 'integer', 0)); $this->set_setting('comments_detect_email', param('comments_detect_email', 'integer', 0)); $this->set_setting('comments_register', param('comments_register', 'integer', 0)); } if (in_array('other', $groups)) { // we want to load the other settings: // Search results: param_integer_range('search_per_page', 1, 9999, T_('Number of search results per page must be between %d and %d.')); $this->set_setting('search_per_page', get_param('search_per_page')); // Latest comments : param_integer_range('latest_comments_num', 1, 9999, T_('Number of shown comments must be between %d and %d.')); $this->set_setting('latest_comments_num', get_param('latest_comments_num')); // User directory: $this->set_setting('image_size_user_list', param('image_size_user_list', 'string')); // Messaging pages: $this->set_setting('image_size_messaging', param('image_size_messaging', 'string')); // Archive pages: $this->set_setting('archive_mode', param('archive_mode', 'string', true)); } if (in_array('more', $groups)) { // we want to load more settings: // Tracking: $this->set_setting('track_unread_content', param('track_unread_content', 'integer', 0)); // Subscriptions: $this->set_setting('allow_subscriptions', param('allow_subscriptions', 'integer', 0)); $this->set_setting('allow_item_subscriptions', param('allow_item_subscriptions', 'integer', 0)); // Sitemaps: $this->set_setting('enable_sitemaps', param('enable_sitemaps', 'integer', 0)); } if (param('allow_comments', 'string', NULL) !== NULL) { // Feedback options: $this->set_setting('allow_comments', param('allow_comments', 'string', 'any')); $this->set_setting('allow_view_comments', param('allow_view_comments', 'string', 'any')); $new_feedback_status = param('new_feedback_status', 'string', 'draft'); if ($new_feedback_status != $this->get_setting('new_feedback_status') && ($new_feedback_status != 'published' || $current_User->check_perm('blog_admin', 'edit', false, $this->ID))) { // Only admin can set this setting to 'Public' $this->set_setting('new_feedback_status', $new_feedback_status); } $this->set_setting('allow_anon_url', param('allow_anon_url', 'string', '0')); $this->set_setting('allow_html_comment', param('allow_html_comment', 'string', '0')); $this->set_setting('allow_attachments', param('allow_attachments', 'string', 'registered')); $this->set_setting('max_attachments', param('max_attachments', 'integer', '')); $this->set_setting('autocomplete_usernames', param('autocomplete_usernames', 'integer', '')); $this->set_setting('display_rating_summary', param('display_rating_summary', 'string', '0')); $this->set_setting('allow_rating_items', param('allow_rating_items', 'string', 'never')); $this->set_setting('rating_question', param('rating_question', 'text')); $this->set_setting('allow_rating_comment_helpfulness', param('allow_rating_comment_helpfulness', 'string', '0')); $blog_allowtrackbacks = param('blog_allowtrackbacks', 'integer', 0); if ($blog_allowtrackbacks != $this->get('allowtrackbacks') && ($blog_allowtrackbacks == 0 || $current_User->check_perm('blog_admin', 'edit', false, $this->ID))) { // Only admin can turn ON this setting $this->set('allowtrackbacks', $blog_allowtrackbacks); } $this->set_setting('comments_orderdir', param('comments_orderdir', '/^(?:ASC|DESC)$/', 'ASC')); // call modules update_collection_comments on this blog modules_call_method('update_collection_comments', array('edited_Blog' => &$this)); $threaded_comments = param('threaded_comments', 'integer', 0); $this->set_setting('threaded_comments', $threaded_comments); $this->set_setting('paged_comments', $threaded_comments ? 0 : param('paged_comments', 'integer', 0)); param_integer_range('comments_per_page', 1, 9999, T_('Comments per page must be between %d and %d.')); $this->set_setting('comments_per_page', get_param('comments_per_page')); $this->set_setting('comments_avatars', param('comments_avatars', 'integer', 0)); $this->set_setting('comments_latest', param('comments_latest', 'integer', 0)); // load blog front office comment statuses $this->load_inskin_statuses('comment'); } if (in_array('seo', $groups)) { // we want to load the workflow checkboxes: $this->set_setting('canonical_homepage', param('canonical_homepage', 'integer', 0)); $this->set_setting('relcanonical_homepage', param('relcanonical_homepage', 'integer', 0)); $this->set_setting('canonical_item_urls', param('canonical_item_urls', 'integer', 0)); $this->set_setting('relcanonical_item_urls', param('relcanonical_item_urls', 'integer', 0)); $this->set_setting('canonical_archive_urls', param('canonical_archive_urls', 'integer', 0)); $this->set_setting('relcanonical_archive_urls', param('relcanonical_archive_urls', 'integer', 0)); $this->set_setting('canonical_cat_urls', param('canonical_cat_urls', 'integer', 0)); $this->set_setting('relcanonical_cat_urls', param('relcanonical_cat_urls', 'integer', 0)); $this->set_setting('canonical_tag_urls', param('canonical_tag_urls', 'integer', 0)); $this->set_setting('relcanonical_tag_urls', param('relcanonical_tag_urls', 'integer', 0)); $this->set_setting('default_noindex', param('default_noindex', 'integer', 0)); $this->set_setting('paged_noindex', param('paged_noindex', 'integer', 0)); $this->set_setting('paged_nofollowto', param('paged_nofollowto', 'integer', 0)); $this->set_setting('archive_noindex', param('archive_noindex', 'integer', 0)); $this->set_setting('archive_nofollowto', param('archive_nofollowto', 'integer', 0)); $this->set_setting('chapter_noindex', param('chapter_noindex', 'integer', 0)); $this->set_setting('tag_noindex', param('tag_noindex', 'integer', 0)); $this->set_setting('filtered_noindex', param('filtered_noindex', 'integer', 0)); $this->set_setting('arcdir_noindex', param('arcdir_noindex', 'integer', 0)); $this->set_setting('catdir_noindex', param('catdir_noindex', 'integer', 0)); $this->set_setting('feedback-popup_noindex', param('feedback-popup_noindex', 'integer', 0)); $this->set_setting('msgform_noindex', param('msgform_noindex', 'integer', 0)); $this->set_setting('special_noindex', param('special_noindex', 'integer', 0)); $this->set_setting('title_link_type', param('title_link_type', 'string', '')); $this->set_setting('permalinks', param('permalinks', 'string', '')); $this->set_setting('404_response', param('404_response', 'string', '')); $this->set_setting('help_link', param('help_link', 'string', '')); $this->set_setting('excerpts_meta_description', param('excerpts_meta_description', 'integer', 0)); $this->set_setting('categories_meta_description', param('categories_meta_description', 'integer', 0)); $this->set_setting('tags_meta_keywords', param('tags_meta_keywords', 'integer', 0)); $this->set_setting('tags_open_graph', param('tags_open_graph', 'integer', 0)); $this->set_setting('download_noindex', param('download_noindex', 'integer', 0)); $this->set_setting('download_nofollowto', param('download_nofollowto', 'integer', 0)); } /* * ADVANCED ADMIN SETTINGS */ if ($current_User->check_perm('blog_admin', 'edit', false, $this->ID)) { // We have permission to edit advanced admin settings: if (in_array('cache', $groups)) { // we want to load the cache params: $this->set_setting('ajax_form_enabled', param('ajax_form_enabled', 'integer', 0)); $this->set_setting('ajax_form_loggedin_enabled', param('ajax_form_loggedin_enabled', 'integer', 0)); $this->set_setting('cache_enabled_widgets', param('cache_enabled_widgets', 'integer', 0)); } if (in_array('styles', $groups)) { // we want to load the styles params: $this->set('allowblogcss', param('blog_allowblogcss', 'integer', 0)); $this->set('allowusercss', param('blog_allowusercss', 'integer', 0)); } if (in_array('login', $groups)) { // we want to load the login params: if (!get_setting_Blog('login_blog_ID')) { // Update this only when no blog is defined for login/registration $this->set_setting('in_skin_login', param('in_skin_login', 'integer', 0)); } $this->set_setting('in_skin_editing', param('in_skin_editing', 'integer', 0)); } if (param('blog_head_includes', 'html', NULL) !== NULL) { // HTML header includes: param_check_html('blog_head_includes', T_('Invalid Custom meta tag/css section.'), '#', 'head_extension'); $this->set_setting('head_includes', get_param('blog_head_includes')); } if (param('blog_footer_includes', 'html', NULL) !== NULL) { // HTML header includes: param_check_html('blog_footer_includes', T_('Invalid Custom javascript section')); $this->set_setting('footer_includes', get_param('blog_footer_includes')); } if (param('owner_login', 'string', NULL) !== NULL) { // Permissions: $UserCache =& get_UserCache(); $owner_User =& $UserCache->get_by_login(get_param('owner_login')); if (empty($owner_User)) { param_error('owner_login', sprintf(T_('User «%s» does not exist!'), get_param('owner_login'))); } else { $this->set('owner_user_ID', $owner_User->ID); $this->owner_User =& $owner_User; } } if (($blog_urlname = param('blog_urlname', 'string', NULL)) !== NULL) { // check urlname if (param_check_not_empty('blog_urlname', T_('You must provide an URL collection name!'))) { if (!preg_match('|^[A-Za-z0-9\\-]+$|', $blog_urlname)) { param_error('blog_urlname', sprintf(T_('The url name %s is invalid.'), "«{$blog_urlname}»")); $blog_urlname = NULL; } if (isset($blog_urlname) && $DB->get_var('SELECT COUNT(*) FROM T_blogs WHERE blog_urlname = ' . $DB->quote($blog_urlname) . ' AND blog_ID <> ' . $this->ID)) { // urlname is already in use param_error('blog_urlname', sprintf(T_('The URL name %s is already in use by another collection. Please choose another name.'), "«{$blog_urlname}»")); $blog_urlname = NULL; } if (isset($blog_urlname)) { // Set new urlname and save old media dir in order to rename folder to new $old_media_dir = $this->get_media_dir(false); $this->set_from_Request('urlname'); } } } if (($access_type = param('blog_access_type', 'string', NULL)) !== NULL) { // Blog URL parameters: // Note: We must avoid to set an invalid url, because the new blog url will be displayed in the evobar even if it was not saved $allow_new_access_type = true; if ($access_type == 'absolute') { $blog_siteurl = param('blog_siteurl_absolute', 'string', true); if (preg_match('#^https?://[^/]+/.*#', $blog_siteurl, $matches)) { // It looks like valid absolute URL, so we may update the blog siteurl $this->set('siteurl', $blog_siteurl); } else { // It is not valid absolute URL, don't update the blog 'siteurl' to avoid errors $allow_new_access_type = false; // If site url is not updated do not allow access_type update either $Messages->add(T_('Collection Folder URL') . ': ' . sprintf(T_('%s is an invalid absolute URL'), '«' . htmlspecialchars($blog_siteurl) . '»') . '. ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>) and it must contain at least one \'/\' sign after the domain name!'), 'error'); } } elseif ($access_type == 'relative') { // relative siteurl $blog_siteurl = param('blog_siteurl_relative', 'string', true); if (preg_match('#^https?://#', $blog_siteurl)) { $Messages->add(T_('Blog Folder URL') . ': ' . T_('You must provide a relative URL (without <code>http://</code> or <code>https://</code>)!'), 'error'); } $this->set('siteurl', $blog_siteurl); } else { $this->set('siteurl', ''); } if ($allow_new_access_type) { // The received siteurl value was correct, may update the access_type value $this->set('access_type', $access_type); } } if (param('aggregate_coll_IDs', 'string', NULL) !== NULL) { // Aggregate list: (can be '*') $aggregate_coll_IDs = get_param('aggregate_coll_IDs'); if ($aggregate_coll_IDs != '*') { // Sanitize the string $aggregate_coll_IDs = sanitize_id_list($aggregate_coll_IDs); } // fp> TODO: check perms on each aggregated blog (if changed) // fp> TODO: better interface if ($aggregate_coll_IDs != '*' && !preg_match('#^([0-9]+(,[0-9]+)*)?$#', $aggregate_coll_IDs)) { param_error('aggregate_coll_IDs', T_('Invalid aggregate collection ID list!')); } $this->set_setting('aggregate_coll_IDs', $aggregate_coll_IDs); } $media_location = param('blog_media_location', 'string', NULL); if ($media_location !== NULL) { // Media files location: $old_media_dir = $this->get_media_dir(false); $old_media_location = $this->get('media_location'); $this->set_from_Request('media_location'); $this->set_media_subdir(param('blog_media_subdir', 'string', '')); $this->set_media_fullpath(param('blog_media_fullpath', 'string', '')); $this->set_media_url(param('blog_media_url', 'string', '')); // check params switch ($this->get('media_location')) { case 'custom': // custom path and URL global $demo_mode, $media_path; if ($this->get('media_fullpath') == '') { param_error('blog_media_fullpath', T_('Media dir location') . ': ' . T_('You must provide the full path of the media directory.')); } if (!preg_match('#^https?://#', $this->get('media_url'))) { param_error('blog_media_url', T_('Media dir location') . ': ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>)!')); } if ($demo_mode) { $canonical_fullpath = get_canonical_path($this->get('media_fullpath')); if (!$canonical_fullpath || strpos($canonical_fullpath, $media_path) !== 0) { param_error('blog_media_fullpath', T_('Media dir location') . ': in demo mode the path must be inside of $media_path.'); } } break; case 'subdir': global $media_path; if ($this->get('media_subdir') == '') { param_error('blog_media_subdir', T_('Media dir location') . ': ' . T_('You must provide the media subdirectory.')); } else { // Test if it's below $media_path (subdir!) $canonical_path = get_canonical_path($media_path . $this->get('media_subdir')); if (!$canonical_path || strpos($canonical_path, $media_path) !== 0) { param_error('blog_media_subdir', T_('Media dir location') . ': ' . sprintf(T_('Invalid subdirectory «%s».'), format_to_output($this->get('media_subdir')))); } else { // Validate if it's a valid directory name: $subdir = no_trailing_slash(substr($canonical_path, strlen($media_path))); if ($error = validate_dirname($subdir)) { param_error('blog_media_subdir', T_('Media dir location') . ': ' . $error); syslog_insert(sprintf('Invalid name is detected for folder %s', '<b>' . $subdir . '</b>'), 'warning', 'file'); } } } break; } } if (!param_errors_detected() && !empty($old_media_dir)) { // No error were detected before and possibly the media directory path was updated, check if it can be managed $this->check_media_dir_change($old_media_dir, isset($old_media_location) ? $old_media_location : NULL); } } return !param_errors_detected(); }
} else { // Don't use the hidden field for this file because it is from another folder $filename_hidden_field = ''; } echo '<td class="fm_filename">' . $filename_hidden_field; /************* Invalid filename warning: *************/ if (!$lFile->is_dir()) { if ($error_filename = validate_filename($lFile->get_name())) { // TODO: Warning icon with hint echo get_icon('warning', 'imgtag', array('class' => 'filenameIcon', 'title' => $error_filename)); syslog_insert(sprintf('The unrecognized extension is detected for file %s', '<b>' . $lFile->get_name() . '</b>'), 'warning', 'file', $lFile->ID); } } elseif ($error_dirname = validate_dirname($lFile->get_name())) { // TODO: Warning icon with hint echo get_icon('warning', 'imgtag', array('class' => 'filenameIcon', 'title' => $error_dirname)); syslog_insert(sprintf('Invalid name is detected for folder %s', '<b>' . $lFile->get_name() . '</b>'), 'warning', 'file', $lFile->ID); } /**** Open in a new window (only directories) ****/ if ($lFile->is_dir()) { // Directory $browse_dir_url = $lFile->get_view_url(); $popup_url = url_add_param($browse_dir_url, 'mode=popup'); $target = 'evo_fm_' . $lFile->get_md5_ID(); echo '<a href="' . $browse_dir_url . '" target="' . $target . ' " class="pull-right" title="' . T_('Open in a new window') . '" onclick="' . "return pop_up_window( '{$popup_url}', '{$target}' )" . '">' . get_icon('window_new') . '</a>'; } // Only provide link/"chain" icons for files. // TODO: dh> provide support for direcories (display included files). // fp> here might not be the best place to put the perm check if (isset($LinkOwner) && $LinkOwner->check_perm('edit')) { // Offer option to link the file to an Item (or anything else):
if (empty($fm_FileRoot)) { // Stop when this object is NULL, it can happens when media path has no rights to write $message['text'] = sprintf(T_('We cannot open the folder %s. PHP needs execute permissions on this folder.'), '<b>' . $media_path . '</b>'); $message['status'] = 'error'; out_echo($message, $specialchars); exit; } $newName = $file->getName(); $oldName = $newName; // validate file name if ($error_filename = process_filename($newName, true, true, $fm_FileRoot, $path)) { // Not a file name or not an allowed extension $message['text'] = $error_filename; $message['status'] = 'error'; out_echo($message, $specialchars); syslog_insert(sprintf('The uploaded file %s has an unrecognized extension', '<b>' . $newName . '</b>'), 'warning', 'file'); exit; } // Process a name of old name process_filename($oldName, true); list($newFile, $oldFile_thumb) = check_file_exists($fm_FileRoot, $path, $newName); $newName = $newFile->get('name'); // If everything is ok, save the file somewhere $file_content = $file->get_content(); if (is_array($file_content)) { // Error on upload $message = array_merge($message, $file_content); out_echo($message, $specialchars); exit; } if (!file_exists($newFile->get_dir())) {
$SQL->SELECT('ivc_source, ivc_grp_ID'); $SQL->FROM('T_users__invitation_code'); $SQL->WHERE('ivc_code = ' . $DB->quote($invitation)); $SQL->WHERE_and('ivc_expire_ts > ' . $DB->quote(date('Y-m-d H:i:s', $localtimenow))); if ($invitation_code = $DB->get_row($SQL->get())) { // Set source and group from invitation code $new_User->set('source', $invitation_code->ivc_source); $GroupCache =& get_GroupCache(); if ($new_user_Group =& $GroupCache->get_by_ID($invitation_code->ivc_grp_ID, false, false)) { $new_User->set_Group($new_user_Group); } } } if ($new_User->dbinsert()) { // Insert system log about user's registration syslog_insert('User registration', 'info', 'user', $new_User->ID); } $new_user_ID = $new_User->ID; // we need this to "rollback" user creation if there's no DB transaction support // TODO: Optionally auto create a blog (handle this together with the LDAP plugin) // TODO: Optionally auto assign rights // Actions to be appended to the user registration transaction: if ($Plugins->trigger_event_first_false('AppendUserRegistrTransact', array('User' => &$new_User))) { // TODO: notify the plugins that have been called before about canceling of the event?! $DB->rollback(); // Delete, in case there's no transaction support: $new_User->dbdelete($Debuglog); $Messages->add(T_('No user account has been created!'), 'error'); break; // break out to _reg_form.php }
/** * process attachments by saving into media directory and optionally creating image tag in post * * @param string message content that is optionally manipulated by adding image tags (by reference) * @param array $mailAttachments array containing path to attachment files * @param string $mediadir path to media directory of blog as seen by file system * @param string $media_url url to media directory as seen by user * @param bool $add_img_tags should img tags be added to the post (instead of linking through the file manager) * @param string $type defines attachment type: 'attach' or 'related' * @param boolean TRUE if script is executed by cron */ function pbm_process_attachments(&$content, $mailAttachments, $mediadir, $media_url, $add_img_tags = true, $type = 'attach', $cron = false) { global $Settings, $pbm_item_files, $filename_max_length; pbm_msg('<h4>' . T_('Processing attachments') . '</h4>', $cron); foreach ($mailAttachments as $attachment) { if (isset($attachment['FileName'])) { $filename = trim(utf8_strtolower($attachment['FileName'])); } else { // Related attachments may not have file name, we'll generate one below $filename = ''; } if ($filename == '') { $filename = 'upload_' . uniqid() . '.' . $attachment['SubType']; pbm_msg(sprintf(T_('Attachment without name. Using "%s".'), htmlspecialchars($filename)), $cron); } // Check valid filename/extension: (includes check for locked filenames) if ($error_filename = process_filename($filename, true)) { pbm_msg(T_('Invalid filename') . ': ' . $error_filename, $cron); syslog_insert(sprintf('The posted by mail file %s has an unrecognized extension', '<b>' . $filename . '</b>'), 'warning', 'file'); continue; } // If file exists count up a number $cnt = 0; $prename = substr($filename, 0, strrpos($filename, '.')) . '-'; $sufname = strrchr($filename, '.'); $error_in_filename = false; while (file_exists($mediadir . $filename)) { $filename = $prename . $cnt . $sufname; if (strlen($filename) > $filename_max_length) { // This is a special case, when the filename is longer then the maximum allowed // Cut as many characters as required before the counter on the file name $filename = fix_filename_length($filename, strlen($prename) - 1); if ($error_in_filename = process_filename($filename, true)) { // The file name is not valid, this is an unexpected situation, because the file name was already validated before pbm_msg(T_('Invalid filename') . ': ' . $error_filename, $cron); syslog_insert(sprintf('The posted by mail file %s has an unrecognized extension', '<b>' . $filename . '</b>'), 'warning', 'file'); break; } } ++$cnt; } if ($error_in_filename) { // Don't create file with invalid file name continue; } pbm_msg(sprintf(T_('New file name is %s'), '<b>' . $filename . '</b>'), $cron); $imginfo = NULL; if (!$Settings->get('eblog_test_mode')) { pbm_msg(sprintf(T_('Saving file to: %s'), htmlspecialchars($mediadir . $filename)), $cron); if (!copy($attachment['DataFile'], $mediadir . $filename)) { pbm_msg(sprintf(T_('Unable to copy uploaded file to %s'), htmlspecialchars($mediadir . $filename)), $cron); continue; } // chmod uploaded file: $chmod = $Settings->get('fm_default_chmod_file'); @chmod($mediadir . $filename, octdec($chmod)); $imginfo = @getimagesize($mediadir . $filename); pbm_msg(sprintf(T_('Is this an image?: %s'), is_array($imginfo) ? 'yes' : 'no'), $cron); } if ($type == 'attach') { $content .= "\n"; if (is_array($imginfo) && $add_img_tags) { $content .= '<img src="' . $media_url . $filename . '" ' . $imginfo[3] . ' />'; } else { pbm_msg(sprintf(T_('The file %s will be attached to the post later, after we save the post in the database.'), '<b>' . $filename . '</b>'), $cron); $pbm_item_files[] = $filename; } $content .= "\n"; } elseif (!empty($attachment['ContentID'])) { // Replace relative "cid:xxxxx" URIs with absolute URLs to media files $content = str_replace('cid:' . $attachment['ContentID'], $media_url . $filename, $content); } } }
/** * Add new link to owner User * * @param integer file ID * @param integer link position ( 'teaser', 'aftermore' ) * @param int order of the link * @return integer|boolean Link ID on success, false otherwise */ function add_link($file_ID, $position = NULL, $order = 1) { global $current_User; if (is_null($position)) { // Use default link position $position = $this->get_default_position($file_ID); } $edited_Link = new Link(); $edited_Link->set('usr_ID', $this->User->ID); $edited_Link->set('file_ID', $file_ID); $edited_Link->set('position', $position); $edited_Link->set('order', $order); if (empty($current_User)) { // Current User not is set because probably we are creating links from upgrade script. Set the owner as creator and last editor. $edited_Link->set('creator_user_ID', $this->User->ID); $edited_Link->set('lastedit_user_ID', $this->User->ID); } if ($edited_Link->dbinsert()) { if (!is_null($this->Links)) { // If user Links were already loaded update its content $this->Links[$edited_Link->ID] =& $edited_Link; } $FileCache =& get_FileCache(); $File = $FileCache->get_by_ID($file_ID, false, false); $file_name = empty($File) ? '' : $File->get_name(); syslog_insert(sprintf('File %s was linked to %s with ID=%s', '<b>' . $file_name . '</b>', $this->type, $this->link_Object->ID), 'info', 'file', $file_ID); return $edited_Link->ID; } return false; }
/** * Validate the given answer against our stored one. * * This event is provided for other plugins and gets used internally * for other events we're hooking into. * * @param array Associative array of parameters. * @param string Form type ( comment|register|message ) * @return boolean|NULL */ function CaptchaValidated(&$params, $form_type) { global $DB, $localtimenow, $Session; if (!$this->does_apply($params, $form_type)) { return; } $posted_answer = utf8_strtolower(param('captcha_qstn_' . $this->ID . '_answer', 'string', '')); if (empty($posted_answer)) { $this->debug_log('captcha_qstn_' . $this->ID . '_answer'); $params['validate_error'] = $this->T_('Please enter the captcha answer.'); if ($form_type == 'comment' && ($comment_Item =& $params['Comment']->get_Item())) { syslog_insert('Comment captcha answer is not entered', 'warning', 'item', $comment_Item->ID, 'plugin', $this->ID); } return false; } $question = $this->CaptchaQuestion(); $posted_answer_is_correct = false; $answers = explode('|', utf8_strtolower($question->cptq_answers)); foreach ($answers as $answer) { if ($posted_answer == $answer) { // Correct answer is found in DB $posted_answer_is_correct = true; break; } } if (!$posted_answer_is_correct) { $this->debug_log('Posted (' . $posted_answer . ') and saved (' . $question->cptq_answers . ') answer do not match!'); $params['validate_error'] = $this->T_('The entered answer is incorrect.'); if ($form_type == 'comment' && ($comment_Item =& $params['Comment']->get_Item())) { syslog_insert('Comment captcha answer is incorrect', 'warning', 'item', $comment_Item->ID, 'plugin', $this->ID); } return false; } // If answer is correct: // We should clean the question ID that was assigned for current session and IP address // It gives to assign new question on the next captcha event $this->CaptchaQuestionCleanup(); return true; }
/** * Add new link to owner Comment * * @param integer file ID * @param integer link position ( 'teaser', 'aftermore' ) * @param int order of the link * @param boolean true to update owner last touched timestamp after link was created, false otherwise * @return integer|boolean Link ID on success, false otherwise */ function add_link($file_ID, $position = NULL, $order = 1, $update_owner = true) { if (is_null($position)) { // Use default link position $position = $this->get_default_position($file_ID); } $edited_Link = new Link(); $edited_Link->set('cmt_ID', $this->Comment->ID); $edited_Link->set('file_ID', $file_ID); $edited_Link->set('position', $position); $edited_Link->set('order', $order); if ($edited_Link->dbinsert()) { $FileCache =& get_FileCache(); $File = $FileCache->get_by_ID($file_ID, false, false); $file_name = empty($File) ? '' : $File->get_name(); syslog_insert(sprintf('File %s was linked to %s with ID=%s', '<b>' . $file_name . '</b>', $this->type, $this->link_Object->ID), 'info', 'file', $file_ID); if ($update_owner) { // Update last touched date of the Comment & Item $this->update_last_touched_date(); } return $edited_Link->ID; } return false; }
/** * Add new link to owner Item * * @param integer file ID * @param integer link position ( 'teaser', 'teaserperm', 'teaserlink', 'aftermore', 'inline', 'fallback' ) * @param int order of the link * @param boolean true to update owner last touched timestamp after link was created, false otherwise * @return integer|boolean Link ID on success, false otherwise */ function add_link($file_ID, $position = NULL, $order = 1, $update_owner = true) { if (is_null($position)) { // Use default link position $position = $this->get_default_position($file_ID); } $edited_Link = new Link(); $edited_Link->set('itm_ID', $this->Item->ID); $edited_Link->set('file_ID', $file_ID); $edited_Link->set('position', $position); $edited_Link->set('order', $order); if ($edited_Link->dbinsert()) { // New link was added to the item, invalidate blog's media BlockCache BlockCache::invalidate_key('media_coll_ID', $this->Item->get_blog_ID()); $FileCache =& get_FileCache(); $File = $FileCache->get_by_ID($file_ID, false, false); $file_name = empty($File) ? '' : $File->get_name(); syslog_insert(sprintf('File %s was linked to %s with ID=%s', '<b>' . $file_name . '</b>', $this->type, $this->link_Object->ID), 'info', 'file', $file_ID); if ($update_owner) { // Update last touched date of the Item $this->update_last_touched_date(); } // Reset the Links $this->Links = NULL; $this->load_Links(); return $edited_Link->ID; } return false; }