public function testHelperDeny() { $app = $this->app; $app['acl']::setPermission('sample.view', 'value', 'deny'); $status = deny('sample.view'); $this->assertTrue($status); }
<?php require "../settings.php"; if (!isset($_REQUEST["key"])) { $_REQUEST["key"] = "list"; } switch ($_REQUEST["key"]) { case "approve": $OUTPUT = approve(); break; case "deny": $OUTPUT = deny(); break; case "list": default: $OUTPUT = listorders(); } $OUTPUT .= "<br />" . mkQuickLinks(ql("../purchase-new.php", "New Order"), ql("../sorder-view.php", "View Customer Sales Orders"), ql("configuration.php", "Transheks Configuration")); parse(); function listorders($err = "") { /* filters */ $filter = wgrp(m("approved", "n")); $order = "pdate"; /* output */ $OUT = "\n\t<h3>Approve Customer Orders</h3>\n\t{$err}\n\t<table " . TMPL_tblDflts . ">\n\t<tr>\n\t\t<th>Customer</th>\n\t\t<th>Received</th>\n\t\t<th>Total</th>\n\t\t<th colspan='3'>Options</th>\n\t</tr>"; $qry = new dbSelect("recvpurch", "trh", grp(m("where", wgrp($filter)), m("order", $order))); $qry->run(); while ($row = $qry->fetch_array()) { $ci = qryCustomer($row["custid"]); if (!empty($ci["cusname"])) {
} } $quest = array(); $quest = questInfo($qId, $mysqli); foreach ($quest as $single) { $name = $single["questName"]; $description = $single["questDescription"]; $detailedDescription = $single["questDetailedDescription"]; $materials = $single["recommendedMaterials"]; $xp = $single["givenXp"]; } if (isset($_GET["action"]) && $_GET["action"] == "accept") { accept($completed, $uId, $xp, $mysqli); } if (isset($_GET["action"]) && $_GET["action"] == "reject") { deny($completed, $mysqli); } if (isset($_GET["action"]) && $_GET["action"] == "delete") { delete($completed, $mysqli); } //$uId = getPlayerId($_COOKIE["MTU"],$mysqli); ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags --> <meta name="description" content="">
<?php require_once 'config_tinybrowser.php'; require_once 'fns_tinybrowser.php'; // Set language set_language(); // Set default encoding type if (!headers_sent()) { header("Content-Type: text/html; charset={$_SESSION['tinybrowser']['encoding']}"); } // Check and generate request tokens secure_tokens(); // Check session exists check_session_exists(); if (!$_SESSION['tinybrowser']['allowupload']) { deny(TB_UPDENIED); } // Assign get variables $typenow = isset($_GET['type']) && in_array($_GET['type'], $_SESSION['tinybrowser']['valid']['type']) ? $_GET['type'] : 'image'; $foldernow = str_replace(array('../', '..\\', '..', './', '.\\'), '', $_SESSION['tinybrowser']['allowfolders'] && isset($_REQUEST['folder']) ? urldecode($_REQUEST['folder']) : ''); $passfolder = '&folder=' . urlencode($foldernow); $passfeid = !empty($_GET['feid']) && preg_match("/^[a-zA-Z0-9_\\-]+\$/", $_GET['feid']) == true ? '&feid=' . $_GET['feid'] : ''; $passupfeid = !empty($_GET['feid']) && preg_match("/^[a-zA-Z0-9_\\-]+\$/", $_GET['feid']) == true ? $_GET['feid'] : ''; $tokenget = !empty($_SESSION['get_tokens']) ? '&tokenget=' . end($_SESSION['get_tokens']) : ''; // Assign upload path if (strpos($foldernow, $_SESSION['tinybrowser']['path'][$typenow]) == 1) { $uploadpath = urlencode($_SESSION['tinybrowser']['path'][$typenow] . $foldernow); } else { $uploadpath = urlencode($_SESSION['tinybrowser']['path'][$typenow]); } verify_dir($_SESSION['tinybrowser']['docroot'] . $_SESSION['tinybrowser']['path'][$typenow] . $foldernow, $typenow);
<?php error_reporting(0); if (!isset($_COOKIE['___YaE_FTSN_TNF'])) deny(); $cookieData=$_COOKIE['___YaE_FTSN_TNF']; $cookieData=str_replace('#', '+', $cookieData); $compressed=base64_decode($cookieData); $data=@unserialize($compressed); if ($data===false) deny(); //$url=$data['url']; $url=$data; $headers=$data['headers']; $result=array( 'headers'=>array(), 'content'=>'', 'result'=>'' ); if (function_exists('curl_init')) $result=fetchContentCurl($url, $headers); else die('curl not installed');
function verify_file($file, $type = 'root', $check_exists = false) { if (is_array($file)) { foreach ($file as $f) { if (!file_in_dir($f, $_SESSION['tinybrowser']['path'][$type])) { deny(TB_NOT_IN_ALLOWED_DIR); } if ($check_exists) { if (!file_exists($f)) { deny(TB_NOT_EXISTS); } } } } else { if (!file_in_dir($file, $_SESSION['tinybrowser']['path'][$type])) { deny(TB_NOT_IN_ALLOWED_DIR); } if ($check_exists) { if (!file_exists($file)) { deny(TB_NOT_EXISTS); } } } }
// Initalise alert array $notify = array('type' => array(), 'message' => array()); $createqty = 0; $deleteqty = 0; $renameqty = 0; $errorqty = 0; // Create any child folders with entered name if (isset($_POST['createfolder'])) { foreach ($_POST['createfolder'] as $parent => $newfolder) { if ($newfolder != '') { $safefolder = str_replace(array('../', '..\\', './', '.\\', '..'), '', urldecode($_POST['actionfolder'][$parent])); $newfolder = substr($newfolder, 0, 32); // 32 in length $newfolder = clean_dirname($newfolder); if (has_bad_utf8($newfolder) || strlen($newfolder) == 0) { deny(TB_INVALID_FOLDERNAME); } $createthisfolder = $_SESSION['tinybrowser']['docroot'] . $dirpath . $safefolder . clean_filename($newfolder); verify_dir($createthisfolder, $typenow); if (!file_exists($createthisfolder) && createfolder($createthisfolder, $_SESSION['tinybrowser']['unixpermissions'])) { $createqty++; } else { $errorqty++; } if ($typenow == 'image') { createfolder($createthisfolder . '/_thumbs/', $_SESSION['tinybrowser']['unixpermissions']); } } } } // Delete any checked folders
<?php require_once 'config_tinybrowser.php'; require_once 'fns_tinybrowser.php'; // Set language set_language(); // Set default encoding type if (!headers_sent()) { header("Content-Type: text/html; charset=" . $_SESSION['tinybrowser']['encoding']); } // Check and generate request tokens secure_tokens(); // Check session exists check_session_exists(); if (!$_SESSION['tinybrowser']['allowedit'] && !$_SESSION['tinybrowser']['allowdelete']) { deny(TB_EDDENIED); } // Assign file operation variables $typenow = isset($_GET['type']) && in_array($_GET['type'], $_SESSION['tinybrowser']['valid']['type']) ? $_GET['type'] : 'image'; $foldernow = str_replace(array('../', '..\\', '..', './', '.\\'), '', $_SESSION['tinybrowser']['allowfolders'] && isset($_REQUEST['folder']) ? urldecode($_REQUEST['folder']) : ''); $destfolder = isset($_POST['destination']) ? $_SESSION['tinybrowser']['path'][$typenow] . urldecode($_POST['destination']) : ''; $destfoldernow = isset($_POST['destination']) ? urldecode($_POST['destination']) : $foldernow; // security check verify_dir($_SESSION['tinybrowser']['docroot'] . $_SESSION['tinybrowser']['path'][$typenow] . $foldernow, $typenow); verify_dir($_SESSION['tinybrowser']['docroot'] . $_SESSION['tinybrowser']['path'][$typenow] . $destfoldernow, $typenow); // Assign edit and thumbnail path $editpath = $_SESSION['tinybrowser']['path'][$typenow] . $foldernow; $thumbpath = $_SESSION['tinybrowser'][$_SESSION['tinybrowser']['thumbsrc']][$typenow] . $foldernow; // Assign browsing options $sortbynow = isset($_REQUEST['sortby']) && in_array($_REQUEST['sortby'], $_SESSION['tinybrowser']['valid']['sort']) ? $_REQUEST['sortby'] : $_SESSION['tinybrowser']['order']['by']; $sorttypenow = isset($_REQUEST['sorttype']) && in_array($_REQUEST['sorttype'], array('asc', 'desc')) ? $_REQUEST['sorttype'] : $_SESSION['tinybrowser']['order']['type'];
function queue_details() { global $mybb, $db, $cache, $templates, $approval_page, $theme, $lang, $header, $headerinclude, $footer, $parser; if ($mybb->settings['rpgsuite_approval']) { $currentuser = new GroupMember($mybb, $db, $cache, $mybb->user); if ($currentuser->is_admin() && $mybb->input['action'] == 'activationqueue') { if ($mybb->request_method == "post") { $userid = (int) $mybb->input['userid']; $username = $db->escape_string($mybb->input['username']); $type = $mybb->input['type']; if (isset($mybb->input['approve'])) { approve($userid, $username, $type); } else { if (isset($mybb->input['deny'])) { deny($userid, $username); } } } add_breadcrumb('Approve New Members'); $rpgsuite = new RPGSuite($mybb, $db, $cache); $accounts = $rpgsuite->get_awaiting_approval(); foreach ($accounts as $user) { eval("\$userlist .= \"" . $templates->get("rpgapprove_user") . "\";"); } eval("\$approval_page = \"" . $templates->get("rpgapprove_page") . "\";"); output_page($approval_page); exit; } } }