function plugins_front() { $this->plugins_array = $this->log_array = $this->keys_array = $this->objects_array = array(); $this->site_index = tep_create_safe_string(tep_get_site_path(), '_', "/[^0-9a-z\\-_]+/i"); $this->ajax_prefix = PLUGINS_AJAX_PREFIX; $this->enumerate(); }
function plugins_admin() { require_once DIR_FS_CLASSES . 'plugins_base.php'; $this->site_index = tep_create_safe_string(tep_get_site_path(), '_', "/[^0-9a-z\\-_]+/i"); $this->prefix = PLUGINS_ADMIN_PREFIX; $this->ajax_prefix = PLUGINS_AJAX_PREFIX; $this->plugins_array = $this->keys_array = $this->objects_array = array(); $this->enumerate(); }
function create_safe_string($string, $separator = SEO_DEFAULT_WORDS_SEPARATOR, $flat = false) { if ($flat) { $string = tep_create_safe_string(strtolower($string), $separator, "/[^0-9a-z]+/i"); } else { $string = tep_create_safe_string(strtolower($string), $separator, "/[^0-9a-z\\/]+/i"); } return $string; }
function plugins_base() { extract(tep_load('languages')); $this->scripts_array = $this->strings_array = array(); $this->site_index = tep_create_safe_string(tep_get_site_path(), '_', "/[^0-9a-z\\-_]+/i"); $this->key = get_class($this); $key_path = tep_trail_path($this->key); $this->web_path = DIR_WS_PLUGINS . $key_path; $this->fs_path = DIR_FS_PLUGINS . $key_path; $this->web_template_path = DIR_WS_TEMPLATE . $key_path; $this->fs_template_path = DIR_FS_TEMPLATE . $key_path; $this->fs_language_path = DIR_FS_STRINGS . tep_trail_path($lng->path) . $key_path; $this->active = $this->scripts_check(); }
function create_safe_string($string, $separator = SEO_DEFAULT_WORDS_SEPARATOR) { $string = tep_create_safe_string(strtolower($string), $separator, "/[^0-9a-z\\-_]+/i"); if (SEO_DEFAULT_WORD_LENGTH > 1) { $words_array = explode($separator, $string); if (is_array($words_array)) { for ($i = 0, $j = count($words_array); $i < $j; $i++) { if (strlen($words_array[$i]) < SEO_DEFAULT_WORD_LENGTH) { unset($words_array[$i]); } } if (count($words_array)) { $string = implode($separator, $words_array); } } } return $string; }
function set_posted_template($load = true) { if (!isset($this->options_array['template'])) { $this->options_array['template'] = 'stock'; } $template = $this->options_array['template']; if (isset($_POST['template'])) { $template = tep_create_safe_string($_POST['template'], '_', "/[^0-9a-z\\-_\\/]+/i"); $this->options_array['template'] = $template; } if (!$load) { return $template; } $this->load_template_files($template); $options = $this->load_options(); $options['template'] = $template; $this->save_options($options); return $template; }
tep_redirect(tep_href_link($g_script, tep_get_all_get_params('action') . 'action=new_template')); } $action = 'new_template'; break; case 'template_download': if (empty($tID)) { $messageStack->add_session(ERROR_TEMPLATE_INVALID); tep_redirect(tep_href_link($g_script, tep_get_all_get_params('action', 'tID'))); } $template_query = $g_db->query("select template_title, template_content from " . TABLE_TEMPLATES . " where template_id = '" . (int) $tID . "'"); if (!$g_db->num_rows($template_query)) { $messageStack->add_session(ERROR_TEMPLATE_INVALID); tep_redirect(tep_href_link($g_script, tep_get_all_get_params('action', 'tID'))); } $template_array = $g_db->fetch_array($template_query); $filename = tep_create_safe_string(strtolower($template_array['template_title']), '-') . '.html'; header('Content-type: application/x-octet-stream'); header('Content-disposition: attachment; filename=' . $filename); echo $template_array['template_content']; $g_session->close(); break; default: break; } require DIR_FS_OBJECTS . 'html_start_sub1.php'; require DIR_FS_OBJECTS . 'html_start_sub2.php'; if ($action == 'new_template') { $parameters = array('template_id' => '', 'group_id' => TEMPLATE_SYSTEM_GROUP, 'template_title' => '', 'template_subject' => '', 'template_content' => $template_content); $tInfo = new objectInfo($parameters); $groups_query = "select group_id as id, group_title as text from " . TABLE_TEMPLATES_GROUPS . " order by group_title"; $groups_array = $g_db->query_to_array($groups_query);
</div> <div class="comboHeading"> <div><?php echo TEXT_INFO_UPDATE; ?> </div> </div> <div class="formArea"><?php echo tep_draw_form('seo_types', $g_script, 'action=update', 'post'); ?> <table width="100%" cellspacing="0" cellpadding="0"> <?php $count = 0; foreach ($sites_array as $filename) { $name = substr(basename($filename), strlen($multi_prefix), -4); $name = strtolower(tep_create_safe_string($name, '_', $multi_filter)); require $filename; $count++; $site_string = tep_draw_checkbox_field('mark[' . $name . ']', 1, false, 'id="label_site_' . $count . '" title="' . sprintf(TEXT_INFO_MARK, $name) . '"'); $site_string .= '<label style="font-size: 14px;" class="lpad" for="label_site_' . $count . '">' . $count . '. ' . TEXT_SITE . ' ' . $name . '</label>'; $buttons = array('<a href="' . tep_href_link($g_script, 'site=' . $name . '&action=restart') . '">' . tep_image(DIR_WS_ICONS . 'icon_restart.png', TEXT_RESTART_USING . ' ' . basename($filename)) . '</a>', '<a href="' . tep_href_link($g_script, 'site=' . $name . '&action=delete') . '">' . tep_image(DIR_WS_ICONS . 'icon_delete.png', TEXT_DELETE_CONFIG . ' ' . basename($filename)) . '</a>'); ?> <tr class="dataTableRow"> <td><fieldset><legend><?php echo $site_string; ?> </legend><table class="tabledata"> <tr class="dataTableHeadingRow"> <th><?php echo TABLE_HEADING_MULTI_NAME; ?>
function create_safe_string($string) { $string = tep_create_safe_string(strtolower($string), '-', "/[^0-9a-z\\/\\-.]+/i"); return $string; }
function process_options() { extract(tep_load('defs', 'database', 'message_stack')); $cStrings =& $this->strings; $remove_flag = $error = false; // Load existing options $options_array = $this->load_options(); $front_popup_remove = isset($_GET['front_popup_remove']) ? $db->prepare_input($_GET['front_popup_remove']) : ''; $back_popup_remove = isset($_GET['back_popup_remove']) ? $db->prepare_input($_GET['back_popup_remove']) : ''; if (isset($options_array['front_scripts']) && !empty($front_popup_remove)) { unset($options_array['front_scripts'][$front_popup_remove]); $remove_flag = true; } if (isset($options_array['back_scripts']) && !empty($back_popup_remove)) { unset($options_array['back_scripts'][$back_popup_remove]); $remove_flag = true; } if ($remove_flag) { // Store user options $this->save_options($options_array); $msg->add_session(sprintf($cStrings->SUCCESS_PLUGIN_RECONFIGURED, $this->title), 'success'); tep_redirect(tep_href_link($cDefs->script, tep_get_all_get_params('action', 'front_popup_remove', 'back_popup_remove') . 'action=set_options')); } $front_common_selector = isset($_POST['front_common_selector']) && !empty($_POST['front_common_selector']) ? $db->prepare_input($_POST['front_common_selector']) : $this->front_common_selector; $back_common_selector = isset($_POST['back_common_selector']) && !empty($_POST['back_common_selector']) ? $db->prepare_input($_POST['back_common_selector']) : $this->back_common_selector; // Prepare the options array for storage $options_array = array('front_all' => isset($_POST['front_all']) ? true : false, 'back_all' => isset($_POST['back_all']) ? true : false, 'front_scripts' => isset($options_array['front_scripts']) ? $options_array['front_scripts'] : array(), 'back_scripts' => isset($options_array['back_scripts']) ? $options_array['back_scripts'] : array(), 'front_common_selector' => $front_common_selector, 'back_common_selector' => $back_common_selector); $filter = "/[^0-9a-z\\#\\-_\\.\\s]+/i"; if (isset($_POST['script_entry']) && !empty($_POST['script_entry'])) { $key = $db->prepare_input($_POST['script_entry']); $selector = tep_create_safe_string($_POST['script_selector'], '', $filter); if (empty($selector)) { $selector = $this->front_common_selector; $msg->add_session(sprintf($cStrings->WARNING_PLUGIN_SELECTOR_EMPTY, $key), 'warning'); } $options_array['front_scripts'][$key] = $selector; } if (isset($_POST['admin_entry']) && !empty($_POST['admin_entry'])) { $key = $db->prepare_input($_POST['admin_entry']); $selector = tep_create_safe_string($_POST['admin_selector'], '', $filter); if (empty($selector)) { $selector = $this->front_common_selector; $msg->add_session(sprintf($cStrings->WARNING_PLUGIN_SELECTOR_EMPTY, $key), 'warning'); } $options_array['back_scripts'][$key] = $selector; } // Store user options $this->save_options($options_array); if (!$error) { $msg->add_session(sprintf($cStrings->SUCCESS_PLUGIN_RECONFIGURED, $this->title), 'success'); } tep_redirect(tep_href_link($cDefs->script, tep_get_all_get_params('action', 'front_popup_remove', 'back_popup_remove') . 'action=set_options')); }
return $string; } //-MS- safe string added EOM $check = rawurldecode($_SERVER['REQUEST_URI']); if (strpos($check, '<') !== false || strpos($check, '>') !== false) { require 'die.php'; exit; } if (strpos($check, '(') !== false || strpos($check, ')') !== false) { require 'die.php'; exit; } // include server parameters if (!file_exists('includes/configure.php')) { require 'die.php'; exit; } require 'includes/configure.php'; $check = basename($check); $location = HTTP_SERVER . DIR_WS_HTTP_CATALOG; $length = strlen($terminator); if (strlen($check) > strlen($terminator) && substr($check, -$length) != $terminator) { $check = tep_create_safe_string($check); if (!empty($check)) { $check .= $terminator; } $location .= $check; } header("HTTP/1.1 301"); header("Location: " . $location); exit;
$result = tep_write_contents($current_path_file, $g_db->prepare_input($_POST['file_contents'])); if (!$result) { $messageStack->add_session(WARNING_FILE_LENGTH, 'warning'); } tep_redirect(tep_href_link($g_script, tep_get_all_get_params('action'))); break; case 'processuploads': for ($i = 1; $i < 6; $i++) { if (isset($GLOBALS['file_' . $i]) && tep_not_null($GLOBALS['file_' . $i])) { new upload('file_' . $i, $current_path); } } tep_redirect(tep_href_link($g_script)); break; case 'download': $filename = tep_create_safe_string(basename($_GET['filename']), '', "/[^0-9a-z_\\-\\.]+/i"); if (!empty($filename) && is_file($current_path . '/' . $filename)) { header('Content-type: application/x-octet-stream'); header('Content-disposition: attachment; filename=' . $filename); readfile($current_path . '/' . $filename); } $g_session->close(); break; case 'upload': case 'new_folder': case 'new_file': break; case 'edit': break; case 'delete': break;
/** * Given a body string and an encoding type, * this function will decode and return it. * * @param string Input body to decode * @param string Encoding type to use. * @return string Decoded body * @access private */ function _decodeBody($input, $encoding = '7bit', $params = array()) { $result = $input; switch ($encoding) { case '7bit': break; case '8bit': $result = imap_8bit($result); $result = $this->_quotedPrintableDecode($result); break; case 'quoted-printable': $result = $this->_quotedPrintableDecode($input); break; case 'base64': $result = base64_decode($input); break; } if (isset($params['charset']) && strtoupper($params['charset']) != CHARSET) { $charset = strtoupper($params['charset']); $charset = tep_create_safe_string($charset, '', "/[^0-9a-z\\-_\\/]+/i"); $pos = strpos($charset, 'ISO-'); if ($pos) { $charset = substr($charset, $pos); } $pos = strpos($charset, 'UTF-'); if ($pos) { $charset = substr($charset, $pos); } $result = iconv($charset, CHARSET . '//IGNORE//TRANSLIT', $result); } // $result = utf8_encode($result); return $result; }
extract(tep_load('email')); $text = strip_tags($body); //$images_path = tep_front_physical_path(DIR_WS_CATALOG_IMAGES); //$cEmail->add_html($body, $text, $images_path); $cEmail->add_html($body, $text); if (isset($_FILES['attach_file']) && is_array($_FILES['attach_file']) && isset($_FILES['attach_file']['name']) && is_array($_FILES['attach_file']['name'])) { foreach ($_FILES['attach_file']['name'] as $key => $file) { if (empty($file)) { continue; } $check = $_FILES['attach_file']['error'][$key]; if ($check != UPLOAD_ERR_OK) { $messageStack->add_session(sprintf(ERROR_FILE_UPLOAD, $file)); continue; } $name = tep_create_safe_string(strtolower(basename($file)), '-', "/[^0-9a-z\\/\\-.]+/i"); $tmp_file = $_FILES['attach_file']['tmp_name'][$key]; $fp = fopen($tmp_file, "r"); if ($fp) { $attachment = fread($fp, filesize($tmp_file)); $attach_array = array('attachment' => $attachment, 'name' => $name, 'type' => 'application/octet-stream'); fclose($fp); move_uploaded_file($tmp_file, DIR_FS_ADMIN . HELPDESK_ATTACHMENTS_FOLDER . $name); $sql_data_array = array('helpdesk_entries_id' => (int) $he_id, 'attachment' => $name); $g_db->perform(TABLE_HELPDESK_ATTACHMENTS, $sql_data_array); //@unlink($file); $cEmail->add_attachment($attach_array['attachment'], $attach_array['name'], $attach_array['type']); $messageStack->add_session(sprintf(SUCCESS_FILE_ATTACH, $name), 'success'); } } }
<?php /* //---------------------------------------------------------------------------- // Copyright (c) 2006-2010 Asymmetric Software. Innovation & Excellence. // Author: Mark Samios // http://www.asymmetrics.com //---------------------------------------------------------------------------- // Admin: Ajax callback modules handler/switch do not call it directly //---------------------------------------------------------------------------- // I-Metrics CMS //---------------------------------------------------------------------------- // Script is intended to be used with: // osCommerce, Open Source E-Commerce Solutions // http://www.oscommerce.com // Copyright (c) 2003 osCommerce ------------------------------------------------------------------------------ // Released under the GNU General Public License //---------------------------------------------------------------------------- // */ require 'includes/application_top.php'; $module = isset($_POST['module']) ? $g_db->prepare_input($_POST['module'], true) : ''; $module = tep_create_safe_string($module, '', "[^0-9a-z\\-_]"); $file_module = 'js_' . $module . '.php'; if (!empty($module) && is_file(DIR_FS_MODULES . $file_module)) { require DIR_FS_MODULES . $file_module; } else { echo 'invalid module request ' . $module; } require DIR_FS_INCLUDES . 'application_bottom.php';
function get_help() { extract(tep_load('sessions')); $help = isset($_GET['ajax']) && !empty($_GET['ajax']) ? $_GET['ajax'] : ''; if (empty($help)) { $file = $this->admin_path . 'back/help_default.html'; } else { $help = tep_create_safe_string($help, '', "[^0-9a-z\\-_]"); $file = $this->admin_path . 'back/help_' . $help . '.html'; } if (!is_file($file)) { return false; } $contents = ''; $result = tep_read_contents($file, $contents); if (!$result) { return false; } echo '<div>' . $contents . '</div>'; $cSessions->close(); return true; }
function help_desk_parsepart($p, $i, $link, $msgid, &$partsarray, &$attachments_array) { //global $link, $msgid,$partsarray; //where to write file attachments to: $filestore = DIR_FS_ADMIN . HELPDESK_ATTACHMENTS_FOLDER; //fetch part $part = imap_fetchbody($link, $msgid, $i); //if type is not text if ($p->type != 0 || $p->type == 0 && isset($p->disposition)) { //if ($p->type != 0 ) { //DECODE PART switch ($p->encoding) { case 3: //decode if base64 $part = base64_decode($part); break; case 4: //decode if quoted printable $part = quoted_printable_decode($part); break; default: //no need to decode binary or 8bit! break; } //get filename of attachment if present $filename = ''; // if there are any dparameters present in this part if (isset($p->dparameters) && is_array($p->dparameters) && count($p->dparameters) > 0) { foreach ($p->dparameters as $dparam) { if (strtoupper($dparam->attribute) == 'NAME' || strtoupper($dparam->attribute) == 'FILENAME') { $filename = $dparam->value; } } } //if no filename found if ($filename == '') { // if there are any parameters present in this part if (isset($p->parameters) && is_array($p->parameters) && count($p->parameters) > 0) { foreach ($p->parameters as $param) { if (strtoupper($param->attribute) == 'NAME' || strtoupper($param->attribute) == 'FILENAME') { $filename = $param->value; } } } } //write to disk and set partsarray variable if ($filename != '') { $filename = helpdesk_decode_string($filename); $filename = basename(strtolower($filename)); $filename = tep_create_safe_string($filename, '-', '/[^0-9a-z_\\-\\.]+/'); if (strlen($filename) < 5) { $filename = tep_create_random_value(32, 'mixed_lower'); } $partsarray[$i]['attachment'] = array('filename' => $filename, 'binary' => $part); $index = 0; $org_filename = $filename; while (is_file($filestore . $filename)) { $index++; $filename = 'copy' . $index . '-' . $org_filename; } $fp = fopen($filestore . $filename, "w+"); if (!$fp) { echo '<div class="messageStackError">' . sprintf(ERROR_WRITE_ATTACHMENT, $filestore) . '</div>'; } else { echo '<div class="linepad heavy">' . sprintf(TEXT_INFO_ATTACHMENT_WRITE, $filestore . $filename) . '</div>'; fwrite($fp, $part); fclose($fp); if (!in_array($filename, $attachments_array)) { $attachments_array[] = $filename; } } } //end if type!=0 //elseif part is text } elseif ($p->type == 0) { //decode text //if QUOTED-PRINTABLE if ($p->encoding == 4) { $part = quoted_printable_decode($part); } //if base 64 if ($p->encoding == 3) { $part = base64_decode($part); } //OPTIONAL PROCESSING e.g. nl2br for plain text //if plain text if (strtoupper($p->subtype) == 'PLAIN') { 1; //if HTML } elseif (strtoupper($p->subtype) == 'HTML') { 1; } $partsarray[$i]['text'] = array('type' => $p->subtype, 'string' => $part); } //if subparts... recurse into function and parse them too! if (isset($p->parts) && count($p->parts) > 0) { foreach ($p->parts as $pno => $parr) { help_desk_parsepart($parr, $i . '.' . ($pno + 1), $link, $msgid, $partsarray, $attachments_array); } } return; }
function tep_validate_url(&$url) { $result = false; $url = tep_create_safe_string($url, '', "/[^0-9a-z_\\-\\.\\/\\:]+/i"); if (empty($url)) { return $result; } $url_array = parse_url($url); if (is_array($url_array) && isset($url_array['host']) && strpos($url_array['host'], '.')) { $url = (isset($url_array['scheme']) ? $url_array['scheme'] . '://' : '') . (isset($url_array['host']) ? $url_array['host'] : '') . (isset($url_array['path']) ? $url_array['path'] : '') . (isset($url_array['query']) ? '?' . $url_array['query'] : ''); } else { $url = ''; } return !empty($url); }