/** * Parses search keywords. * * @param string $keywordString */ protected function parseKeywords($keywordString) { // convert encoding if necessary if (!StringUtil::isUTF8($keywordString)) { $keywordString = StringUtil::convertEncoding('ISO-8859-1', 'UTF-8', $keywordString); } // remove bad wildcards $keywordString = preg_replace('/(?<!\\w)\\*/', '', $keywordString); // remove search operators $keywordString = preg_replace('/[\\+\\-><()~]+/', '', $keywordString); if (mb_substr($keywordString, 0, 1) == '"' && mb_substr($keywordString, -1) == '"') { // phrases search $keywordString = StringUtil::trim(mb_substr($keywordString, 1, -1)); if (!empty($keywordString)) { $this->keywords = array_merge($this->keywords, array(StringUtil::encodeHTML($keywordString))); } } else { // replace word delimiters by space $keywordString = str_replace(array('.', ','), ' ', $keywordString); $keywords = ArrayUtil::encodeHTML(ArrayUtil::trim(explode(' ', $keywordString))); if (!empty($keywords)) { $this->keywords = array_merge($this->keywords, $keywords); } } }
/** * @see \wcf\page\IPage::show() */ public function show() { // check if active user is logged in if ($this->loginRequired && !WCF::getUser()->userID) { throw new PermissionDeniedException(); } // check if current request URL matches the canonical URL if ($this->canonicalURL && empty($_POST)) { $canoncialURL = parse_url(preg_replace('~[?&]s=[a-f0-9]{40}~', '', $this->canonicalURL)); // use $_SERVER['REQUEST_URI'] because it represents the URL used to access the site and not the internally rewritten one // IIS Rewrite-Module has a bug causing the REQUEST_URI to be ISO-encoded $requestURI = !empty($_SERVER['UNENCODED_URL']) ? $_SERVER['UNENCODED_URL'] : $_SERVER['REQUEST_URI']; $requestURI = preg_replace('~[?&]s=[a-f0-9]{40}~', '', $requestURI); if (!StringUtil::isUTF8($requestURI)) { $requestURI = StringUtil::convertEncoding('ISO-8859-1', 'UTF-8', $requestURI); } // some webservers output lower-case encoding (e.g. %c3 instead of %C3) $requestURI = preg_replace_callback('~%(?P<encoded>[a-zA-Z0-9]{2})~', function ($matches) { return '%' . strtoupper($matches['encoded']); }, $requestURI); $requestURL = parse_url($requestURI); $redirect = false; if ($canoncialURL['path'] != $requestURL['path']) { $redirect = true; } else { if (isset($canoncialURL['query'])) { if (!isset($requestURL['query'])) { $redirect = true; } else { parse_str($canoncialURL['query'], $cQueryString); parse_str($requestURL['query'], $rQueryString); foreach ($cQueryString as $key => $value) { if (!isset($rQueryString[$key]) || $rQueryString[$key] != $value) { $redirect = true; break; } } } } } if ($redirect) { $redirectURL = $this->canonicalURL; if (!empty($requestURL['query'])) { $queryString = $requestURL['query']; parse_str($requestURL['query'], $rQueryString); if (!empty($canoncialURL['query'])) { parse_str($canoncialURL['query'], $cQueryString); // clean query string foreach ($cQueryString as $key => $value) { if (isset($rQueryString[$key])) { unset($rQueryString[$key]); } } } // drop route data from query if (!URL_LEGACY_MODE) { foreach ($rQueryString as $key => $value) { if ($value === '') { unset($rQueryString[$key]); } } } if (!empty($rQueryString)) { $redirectURL .= (mb_strpos($redirectURL, '?') === false ? '?' : '&') . http_build_query($rQueryString, '', '&'); } } // force a permanent redirect as recommended by Google // https://support.google.com/webmasters/answer/6033086?hl=en#a_note_about_redirects @header('HTTP/1.0 301 Moved Permanently'); HeaderUtil::redirect($redirectURL, false); exit; } } // sets the active menu item $this->setActiveMenuItem(); // check modules $this->checkModules(); // check permission $this->checkPermissions(); // read data $this->readData(); // assign variables $this->assignVariables(); // call show event EventHandler::getInstance()->fireAction($this, 'show'); // try to guess template name $classParts = explode('\\', get_class($this)); if (empty($this->templateName)) { $className = preg_replace('~(Form|Page)$~', '', array_pop($classParts)); // check if this an *Edit page and use the add-template instead if (substr($className, -4) == 'Edit') { $className = substr($className, 0, -4) . 'Add'; } $this->templateName = lcfirst($className); // assign guessed template name WCF::getTPL()->assign('templateName', $this->templateName); } if (empty($this->templateNameApplication)) { $this->templateNameApplication = array_shift($classParts); // assign guessed template application WCF::getTPL()->assign('templateNameApplication', $this->templateNameApplication); } if ($this->useTemplate) { // show template WCF::getTPL()->display($this->templateName, $this->templateNameApplication); } }
/** * Converts a array of strings to requested character encoding. * @see mb_convert_encoding() * * @param string $inCharset * @param string $outCharset * @param array $array * @return string */ public static function convertEncoding($inCharset, $outCharset, $array) { if (!is_array($array)) { return StringUtil::convertEncoding($inCharset, $outCharset, $array); } else { foreach ($array as $key => $val) { $array[$key] = self::convertEncoding($inCharset, $outCharset, $val); } return $array; } }
/** * Returns the URI of the current page. * * @return string */ public static function getRequestURI() { if (URL_LEGACY_MODE) { // resolve path and query components $scriptName = $_SERVER['SCRIPT_NAME']; $pathInfo = RouteHandler::getPathInfo(); if (empty($pathInfo)) { // bug fix if URL omits script name and path $scriptName = substr($scriptName, 0, strrpos($scriptName, '/')); } $path = str_replace('/index.php', '', str_replace($scriptName, '', $_SERVER['REQUEST_URI'])); if (!StringUtil::isUTF8($path)) { $path = StringUtil::convertEncoding('ISO-8859-1', 'UTF-8', $path); } $path = FileUtil::removeLeadingSlash($path); $baseHref = self::getTPL()->get('baseHref'); if (!empty($path) && mb_strpos($path, '?') !== 0) { $baseHref .= 'index.php/'; } return $baseHref . $path; } else { $url = preg_replace('~^(https?://[^/]+)(?:/.*)?$~', '$1', self::getTPL()->get('baseHref')); $url .= $_SERVER['REQUEST_URI']; return $url; } }
/** * Returns the request uri of the active request. * * @return string */ public static function getRequestURI() { $REQUEST_URI = ''; $appendQueryString = true; if (!empty($_SERVER['ORIG_PATH_INFO']) && strpos($_SERVER['ORIG_PATH_INFO'], '.php') !== false) { $REQUEST_URI = $_SERVER['ORIG_PATH_INFO']; } else if (!empty($_SERVER['ORIG_SCRIPT_NAME'])) { $REQUEST_URI = $_SERVER['ORIG_SCRIPT_NAME']; } else if (!empty($_SERVER['SCRIPT_NAME']) && (isset($_SERVER['PATH_INFO']) && !empty($_SERVER['PATH_INFO']))) { $REQUEST_URI = $_SERVER['SCRIPT_NAME'] . $_SERVER['PATH_INFO']; } else if (isset($_SERVER['REQUEST_URI']) && !empty($_SERVER['REQUEST_URI'])) { $REQUEST_URI = $_SERVER['REQUEST_URI']; $appendQueryString = false; } else if (!empty($_SERVER['PHP_SELF'])) { $REQUEST_URI = $_SERVER['PHP_SELF']; } else if (!empty($_SERVER['PATH_INFO'])) { $REQUEST_URI = $_SERVER['PATH_INFO']; } if ($appendQueryString && !empty($_SERVER['QUERY_STRING'])) { $REQUEST_URI .= '?'.$_SERVER['QUERY_STRING']; } // fix encoding if (!StringUtil::isASCII($REQUEST_URI) && !StringUtil::isUTF8($REQUEST_URI)) { $REQUEST_URI = StringUtil::convertEncoding('ISO-8859-1', 'UTF-8', $REQUEST_URI); } return StringUtil::substring(FileUtil::unifyDirSeperator($REQUEST_URI), 0, 255); }
/** * Creates a new PackageUpdateAuthForm object. * * @param PackageUpdateAuthorizationRequiredException $exception */ public function __construct(PackageUpdateAuthorizationRequiredException $exception = null) { $this->exception = $exception; if ($this->exception !== null) { $this->packageUpdateServerID = $this->exception->getPackageUpdateServerID(); $this->url = $this->exception->getURL(); $this->header = $this->exception->getResponseHeader(); // get message $this->message = $this->exception->getResponseContent(); // find out response charset if (preg_match('/charset=([a-z0-9\\-]+)/i', $this->header, $match)) { $charset = strtoupper($match[1]); if ($charset != 'UTF-8') { $this->message = @StringUtil::convertEncoding($charset, 'UTF-8', $this->message); } } // format message $this->message = nl2br(preg_replace("/\n{3,}/", "\n\n", StringUtil::unifyNewlines(StringUtil::trim(strip_tags($this->message))))); } parent::__construct(); }
/** * @see \wcf\action\IAction::execute() */ public function execute() { parent::execute(); // check response $processor = null; try { // post back to paypal to validate $content = ''; try { $url = 'https://www.paypal.com/cgi-bin/webscr'; if (!empty($_POST['test_ipn'])) { // IPN simulator notification $url = 'https://www.sandbox.paypal.com/cgi-bin/webscr'; } $request = new HTTPRequest($url, array(), array_merge(array('cmd' => '_notify-validate'), $_POST)); $request->execute(); $reply = $request->getReply(); $content = $reply['body']; } catch (SystemException $e) { throw new SystemException('connection to paypal.com failed: ' . $e->getMessage()); } if (strstr($content, "VERIFIED") === false) { throw new SystemException('request not validated'); } // fix encoding if (!empty($_POST['charset']) && strtoupper($_POST['charset']) != 'UTF-8') { foreach ($_POST as &$value) { $value = StringUtil::convertEncoding(strtoupper($_POST['charset']), 'UTF-8', $value); } } // Check that receiver_email is your Primary PayPal email if (strtolower($_POST['business']) != strtolower(PAYPAL_EMAIL_ADDRESS) && strtolower($_POST['receiver_email']) != strtolower(PAYPAL_EMAIL_ADDRESS)) { throw new SystemException('invalid business or receiver_email'); } // get token if (!isset($_POST['custom'])) { throw new SystemException('invalid custom item'); } $tokenParts = explode(':', $_POST['custom'], 2); if (count($tokenParts) != 2) { throw new SystemException('invalid custom item'); } // get payment type object type $objectType = ObjectTypeCache::getInstance()->getObjectType(intval($tokenParts[0])); if ($objectType === null || !$objectType->getProcessor() instanceof IPaymentType) { throw new SystemException('invalid payment type id'); } $processor = $objectType->getProcessor(); // get status $transactionType = !empty($_POST['txn_type']) ? $_POST['txn_type'] : ''; $paymentStatus = !empty($_POST['payment_status']) ? $_POST['payment_status'] : ''; $status = ''; if ($transactionType == 'web_accept' || $transactionType == 'subscr_payment') { if ($paymentStatus == 'Completed') { $status = 'completed'; } } if ($paymentStatus == 'Refunded' || $paymentStatus == 'Reversed') { $status = 'reversed'; } if ($paymentStatus == 'Canceled_Reversal') { $status = 'canceled_reversal'; } if ($status) { $processor->processTransaction(ObjectTypeCache::getInstance()->getObjectTypeIDByName('com.woltlab.wcf.payment.method', 'com.woltlab.wcf.payment.method.paypal'), $tokenParts[1], $_POST['mc_gross'], $_POST['mc_currency'], $_POST['txn_id'], $status, $_POST); } } catch (SystemException $e) { @header('HTTP/1.1 500 Internal Server Error'); echo $e->getMessage(); exit; } }
/** * Exports this style. * * @param boolean $templates * @param boolean $images * @param boolean $icons */ public function export($templates = false, $images = false, $icons = false) { // create style tar $styleTarName = FileUtil::getTemporaryFilename('style_', '.tgz'); $styleTar = new TarWriter($styleTarName, true); // append style preview image if ($this->image && @file_exists(WCF_DIR . $this->image)) { $styleTar->add(WCF_DIR . $this->image, '', FileUtil::addTrailingSlash(dirname(WCF_DIR . $this->image))); } // create style info file $string = "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<!DOCTYPE style SYSTEM \"http://www.woltlab.com/DTDs/SXF/style.dtd\">\n<style>\n"; // general block $string .= "\t<general>\n"; $string .= "\t\t<stylename><![CDATA[" . StringUtil::escapeCDATA(CHARSET != 'UTF-8' ? StringUtil::convertEncoding(CHARSET, 'UTF-8', $this->styleName) : $this->styleName) . "]]></stylename>\n"; // style name if ($this->styleDescription) { $string .= "\t\t<description><![CDATA[" . StringUtil::escapeCDATA(CHARSET != 'UTF-8' ? StringUtil::convertEncoding(CHARSET, 'UTF-8', $this->styleDescription) : $this->styleDescription) . "]]></description>\n"; } // style description if ($this->styleVersion) { $string .= "\t\t<version><![CDATA[" . StringUtil::escapeCDATA(CHARSET != 'UTF-8' ? StringUtil::convertEncoding(CHARSET, 'UTF-8', $this->styleVersion) : $this->styleVersion) . "]]></version>\n"; } // style version if ($this->styleDate) { $string .= "\t\t<date><![CDATA[" . StringUtil::escapeCDATA(CHARSET != 'UTF-8' ? StringUtil::convertEncoding(CHARSET, 'UTF-8', $this->styleDate) : $this->styleDate) . "]]></date>\n"; } // style date if ($this->image) { $string .= "\t\t<image><![CDATA[" . StringUtil::escapeCDATA(CHARSET != 'UTF-8' ? StringUtil::convertEncoding(CHARSET, 'UTF-8', basename($this->image)) : basename($this->image)) . "]]></image>\n"; } // style preview image if ($this->copyright) { $string .= "\t\t<copyright><![CDATA[" . StringUtil::escapeCDATA(CHARSET != 'UTF-8' ? StringUtil::convertEncoding(CHARSET, 'UTF-8', $this->copyright) : $this->copyright) . "]]></copyright>\n"; } // copyright if ($this->license) { $string .= "\t\t<license><![CDATA[" . StringUtil::escapeCDATA(CHARSET != 'UTF-8' ? StringUtil::convertEncoding(CHARSET, 'UTF-8', $this->license) : $this->license) . "]]></license>\n"; } // license $string .= "\t</general>\n"; // author block $string .= "\t<author>\n"; if ($this->authorName) { $string .= "\t\t<authorname><![CDATA[" . StringUtil::escapeCDATA(CHARSET != 'UTF-8' ? StringUtil::convertEncoding(CHARSET, 'UTF-8', $this->authorName) : $this->authorName) . "]]></authorname>\n"; } // author name if ($this->authorURL) { $string .= "\t\t<authorurl><![CDATA[" . StringUtil::escapeCDATA(CHARSET != 'UTF-8' ? StringUtil::convertEncoding(CHARSET, 'UTF-8', $this->authorURL) : $this->authorURL) . "]]></authorurl>\n"; } // author URL $string .= "\t</author>\n"; // files block $string .= "\t<files>\n"; $string .= "\t\t<variables>variables.xml</variables>\n"; // variables if ($templates && $this->templateGroupID) { $string .= "\t\t<templates>templates.tar</templates>\n"; } // templates if ($images) { $string .= "\t\t<images>images.tar</images>\n"; } // images if ($icons) { $string .= "\t\t<icons>icons.tar</icons>\n"; } // icons $string .= "\t</files>\n"; $string .= "</style>"; // append style info file to style tar $styleTar->addString(self::INFO_FILE, $string); unset($string); // create variable list $string = "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<!DOCTYPE variables SYSTEM \"http://www.woltlab.com/DTDs/SXF/variables.dtd\">\n<variables>\n"; // get variables $variables = $this->getVariables(); $exportImages = array(); foreach ($variables as $name => $value) { // search images if ($images && $value) { if (preg_match_all('~([^/\\s\\$]+\\.(?:gif|jpg|jpeg|png))~i', $value, $matches)) { $exportImages = array_merge($exportImages, $matches[1]); } } $string .= "\t<variable name=\"" . StringUtil::encodeHTML($name) . "\"><![CDATA[" . StringUtil::escapeCDATA(CHARSET != 'UTF-8' ? StringUtil::convertEncoding(CHARSET, 'UTF-8', $value) : $value) . "]]></variable>\n"; } $string .= "</variables>"; // append variable list to style tar $styleTar->addString('variables.xml', $string); unset($string); if ($templates && $this->templateGroupID) { $templateGroup = new TemplateGroup($this->templateGroupID); // create templates tar $templatesTarName = FileUtil::getTemporaryFilename('templates', '.tar'); $templatesTar = new TarWriter($templatesTarName); @chmod($templatesTarName, 0777); // append templates to tar // get templates $sql = "SELECT\t\ttemplate.*, package.package, package.packageDir,\n\t\t\t\t\t\tparent_package.package AS parentPackage, parent_package.packageDir AS parentPackageDir\n\t\t\t\tFROM\t\twcf" . WCF_N . "_template template\n\t\t\t\tLEFT JOIN\twcf" . WCF_N . "_package package\n\t\t\t\tON\t\t(package.packageID = template.packageID)\n\t\t\t\tLEFT JOIN\twcf" . WCF_N . "_package parent_package\n\t\t\t\tON\t\t(parent_package.packageID = package.parentPackageID)\n\t\t\t\tWHERE\t\ttemplate.templateGroupID = ?"; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute(array($this->templateGroupID)); while ($row = $statement->fetchArray()) { $packageDir = 'com.woltlab.wcf'; if (!empty($row['parentPackageDir'])) { $packageDir = $row['parentPackage']; } else { if (!empty($row['packageDir'])) { $packageDir = $row['package']; } } $filename = FileUtil::addTrailingSlash(FileUtil::getRealPath(WCF_DIR . $row['packageDir'] . 'templates/' . $templateGroup->templateGroupFolderName)) . $row['templateName'] . '.tpl'; $templatesTar->add($filename, $packageDir, dirname($filename)); } // append templates tar to style tar $templatesTar->create(); $styleTar->add($templatesTarName, 'templates.tar', $templatesTarName); @unlink($templatesTarName); } if ($images) { // create images tar $imagesTarName = FileUtil::getTemporaryFilename('images_', '.tar'); $imagesTar = new TarWriter($imagesTarName); @chmod($imagesTarName, 0777); // cache rtl versions foreach ($exportImages as $exportImage) { if (strpos($exportImage, '-ltr')) { $exportImages[] = str_replace('-ltr', '-rtl', $exportImage); } } // append images to tar $path = WCF_DIR . $variables['global.images.location']; if (file_exists($path) && is_dir($path)) { $handle = opendir($path); while (($file = readdir($handle)) !== false) { if (is_file($path . $file) && in_array($file, $exportImages)) { $imagesTar->add($path . $file, '', $path); } } } // append images tar to style tar $imagesTar->create(); $styleTar->add($imagesTarName, 'images.tar', $imagesTarName); @unlink($imagesTarName); } // export icons $iconsLocation = FileUtil::addTrailingSlash($variables['global.icons.location']); if ($icons && $iconsLocation != 'icon/') { // create icons tar $iconsTarName = FileUtil::getTemporaryFilename('icons_', '.tar'); $iconsTar = new TarWriter($iconsTarName); @chmod($iconsTar, 0777); // get package dirs $sql = "SELECT\tpackage, packageDir\n\t\t\t\tFROM\twcf" . WCF_N . "_package\n\t\t\t\tWHERE\tisApplication = 1\n\t\t\t\t\tAND (packageDir <> '' OR package = 'com.woltlab.wcf')"; $statement = WCF::getDB()->prepareStatement($sql); $statement->execute(); while ($row = $statement->fetchArray()) { $iconsDir = FileUtil::getRealPath(WCF_DIR . $row['packageDir']) . $iconsLocation; $packageIcons = array(); if (file_exists($iconsDir)) { $icons = glob($iconsDir . '*.png'); if (is_array($icons)) { foreach ($icons as $icon) { $packageIcons[] = $icon; } } } if (count($packageIcons)) { $iconsTar->add($packageIcons, $row['package'] . '/', $iconsDir); } } $iconsTar->create(); $styleTar->add($iconsTarName, 'icons.tar', $iconsTarName); @unlink($iconsTarName); } // output file content $styleTar->create(); readfile($styleTarName); @unlink($styleTarName); }
/** * Returns the URI of the current page. * * @return string */ public static function getRequestURI() { // resolve path and query components $scriptName = $_SERVER['SCRIPT_NAME']; if (empty($_SERVER['PATH_INFO'])) { // bug fix if URL omits script name and path $scriptName = substr($scriptName, 0, strrpos($scriptName, '/')); } $path = str_replace('/index.php', '', str_replace($scriptName, '', $_SERVER['REQUEST_URI'])); if (!StringUtil::isASCII($path) && !StringUtil::isUTF8($path)) { $path = StringUtil::convertEncoding('ISO-8859-1', 'UTF-8', $path); } $path = FileUtil::removeLeadingSlash($path); $baseHref = self::getTPL()->get('baseHref'); if (!empty($path) && StringUtil::indexOf($path, '?') !== 0) { $baseHref .= 'index.php/'; } return $baseHref . $path; }