예제 #1
0
 /**
  * Step up
  *
  * @param Doku_Event $event
  */
 public function handle_ajax(Doku_Event $event)
 {
     if ($event->data != 'plugin_move_progress') {
         return;
     }
     $event->preventDefault();
     $event->stopPropagation();
     global $INPUT;
     global $USERINFO;
     if (!auth_ismanager($_SERVER['REMOTE_USER'], $USERINFO['grps'])) {
         http_status(403);
         exit;
     }
     $return = array('error' => '', 'complete' => false, 'progress' => 0);
     /** @var helper_plugin_move_plan $plan */
     $plan = plugin_load('helper', 'move_plan');
     if (!$plan->isCommited()) {
         // There is no plan. Something went wrong
         $return['complete'] = true;
     } else {
         $todo = $plan->nextStep($INPUT->bool('skip'));
         $return['progress'] = $plan->getProgress();
         $return['error'] = $plan->getLastError();
         if ($todo === 0) {
             $return['complete'] = true;
         }
     }
     $json = new JSON();
     header('Content-Type: application/json');
     echo $json->encode($return);
 }
예제 #2
0
/**
 * Action d'affichage en ajax du navigateur de rubrique du bandeau
 *
 * @uses gen_liste_rubriques()
 * @uses menu_rubriques()
 *
 * @return string
 *     Code HTML présentant la liste des rubriques
 **/
function action_menu_rubriques_dist()
{
    // si pas acces a ecrire, pas acces au menu
    // on renvoi un 401 qui fait echouer la requete ajax silencieusement
    if (!autoriser('ecrire')) {
        $retour = "<ul class='cols_1'><li class='toutsite'><a href='" . generer_url_ecrire('accueil') . "'>" . _T('public:lien_connecter') . "</a></li></ul>";
        include_spip('inc/actions');
        ajax_retour($retour);
        exit;
    }
    if ($date = intval(_request('date'))) {
        header("Last-Modified: " . gmdate("D, d M Y H:i:s", $date) . " GMT");
    }
    $r = gen_liste_rubriques();
    if (!$r and isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) and !strstr($_SERVER['SERVER_SOFTWARE'], 'IIS/')) {
        include_spip('inc/headers');
        header('Content-Type: text/html; charset=' . $GLOBALS['meta']['charset']);
        http_status(304);
        exit;
    } else {
        include_spip('inc/actions');
        $ret = menu_rubriques();
        ajax_retour($ret);
    }
}
예제 #3
0
/**
 * Telecharger un dump quand on est webmestre
 * 
 * @param string $arg
 */
function action_telecharger_dump_dist($arg = null)
{
    if (!$arg) {
        $securiser_action = charger_fonction('securiser_action', 'inc');
        $arg = $securiser_action();
    }
    $file = dump_repertoire() . basename($arg, '.sqlite') . '.sqlite';
    if (file_exists($file) and autoriser('webmestre')) {
        $f = basename($file);
        // ce content-type est necessaire pour eviter des corruptions de zip dans ie6
        header('Content-Type: application/octet-stream');
        header("Content-Disposition: attachment; filename=\"{$f}\";");
        header("Content-Transfer-Encoding: binary");
        // fix for IE catching or PHP bug issue
        header("Pragma: public");
        header("Expires: 0");
        // set expiration time
        header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
        if ($cl = filesize($file)) {
            header("Content-Length: " . $cl);
        }
        readfile($file);
    } else {
        http_status(404);
        include_spip('inc/minipres');
        echo minipres(_T('erreur') . ' 404', _T('info_acces_interdit'));
    }
    // et on finit comme ca d'un coup
    exit;
}
예제 #4
0
 /**
  * Create the detail info for a single plugin
  *
  * @param Doku_Event $event
  * @param            $param
  */
 public function info(Doku_Event &$event, $param)
 {
     global $USERINFO;
     global $INPUT;
     if ($event->data != 'plugin_extension') {
         return;
     }
     $event->preventDefault();
     $event->stopPropagation();
     if (empty($_SERVER['REMOTE_USER']) || !auth_isadmin($_SERVER['REMOTE_USER'], $USERINFO['grps'])) {
         http_status(403);
         echo 'Forbidden';
         exit;
     }
     header('Content-Type: text/html; charset=utf-8');
     $ext = $INPUT->str('ext');
     if (!$ext) {
         echo 'no extension given';
         return;
     }
     /** @var helper_plugin_extension_extension $extension */
     $extension = plugin_load('helper', 'extension_extension');
     $extension->setExtension($ext);
     /** @var helper_plugin_extension_list $list */
     $list = plugin_load('helper', 'extension_list');
     echo $list->make_info($extension);
 }
예제 #5
0
파일: minipres.php 프로젝트: rhertzog/lcs
function minipres($titre='', $corps="", $onload='')
{
	if (!defined('_AJAX')) define('_AJAX', false);
	if (!$titre) {
		if (!_AJAX)
			http_status(403);
		if (!$titre = _request('action')
		AND !$titre = _request('exec')
		AND !$titre = _request('page'))
			$titre = '?';

		$titre = htmlspecialchars($titre);

		$titre = ($titre == 'install')
		  ?  _T('avis_espace_interdit')
		  : $titre . '&nbsp;: '. _T('info_acces_interdit');
		$corps = generer_form_ecrire('accueil', '','',_T('public:accueil_site'));
		spip_log($GLOBALS['visiteur_session']['nom'] . " $titre " . $_SERVER['REQUEST_URI']);
	}

	if (!_AJAX)
		return install_debut_html($titre, $onload)
		. $corps
		. install_fin_html();
	else {
		include_spip('inc/headers');
		include_spip('inc/actions');
		$url = self('&',true);
		foreach ($_POST as $v => $c)
			$url = parametre_url($url, $v, $c, '&');
		echo ajax_retour("<div>".$titre . redirige_formulaire($url)."</div>",false);
	}
}
예제 #6
0
파일: headers.php 프로젝트: rhertzog/lcs
function redirige_par_entete($url, $equiv='', $status = 302) {
	if (!in_array($status,array(301,302)))
		$status = 302;
	
	$url = trim(strtr($url, "\n\r", "  "));
	# en theorie on devrait faire ca tout le temps, mais quand la chaine
	# commence par ? c'est imperatif, sinon l'url finale n'est pas la bonne
	if ($url[0]=='?')
		$url = url_de_base().(_DIR_RESTREINT?'':_DIR_RESTREINT_ABS).$url;
	if ($url[0]=='#')
		$url = self('&').$url;

	if ($x = _request('transformer_xml'))
		$url = parametre_url($url, 'transformer_xml', $x, '&');

	if (defined('_AJAX') AND _AJAX)
		$url = parametre_url($url, 'var_ajax_redir', 1, '&');
		
	// ne pas laisser passer n'importe quoi dans l'url
	$url = str_replace(array('<','"'),array('&lt;','&quot;'),$url);
	// interdire les url inline avec des pseudo-protocoles :
	if (
		(preg_match(",data:,i",$url) AND preg_match("/base64\s*,/i",$url))
		OR preg_match(",(javascript|mailto):,i",$url)
		)
		$url ="./";

	// Il n'y a que sous Apache que setcookie puis redirection fonctionne

	if (!$equiv OR (strncmp("Apache", $_SERVER['SERVER_SOFTWARE'],6)==0) OR defined('_SERVER_APACHE')) {
		@header("Location: " . $url);
		$equiv="";
	} else {
		@header("Refresh: 0; url=" . $url);
		$equiv = "<meta http-equiv='Refresh' content='0; url=$url'>";
	}
	include_spip('inc/lang');
	if ($status!=302)
		http_status($status);
	echo '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">',"\n",
	  html_lang_attributes(),'
<head>',
	  $equiv,'
<title>HTTP '.$status.'</title>
</head>
<body>
<h1>HTTP '.$status.'</h1>
<a href="',
	  quote_amp($url),
	  '">',
	  _T('navigateur_pas_redirige'),
	  '</a></body></html>';

	spip_log("redirige $status: $url");

	exit;
}
예제 #7
0
/**
 * Gerer les webhooks Stripe
 *
 * @param array $config
 * @param null|array $response
 * @return array
 */
function presta_stripe_call_autoresponse_dist($config)
{
    include_spip('inc/bank');
    $mode = $config['presta'];
    if (isset($config['mode_test']) and $config['mode_test']) {
        $mode .= "_test";
    }
    // charger l'API Stripe avec la cle
    stripe_init_api($config);
    // Retrieve the request's body and parse it as JSON
    $input = @file_get_contents("php://input");
    $event_json = json_decode($input);
    $event_id = $event_json->id;
    $event = false;
    $erreur = $erreur_code = '';
    $res = false;
    try {
        // $event_id = 'evt_194CExB63f1NFl4k4qNLVNiS'; // debug
        // Verify the event by fetching it from Stripe
        $event = \Stripe\Event::retrieve($event_id);
    } catch (Exception $e) {
        if ($body = $e->getJsonBody()) {
            $err = $body['error'];
            list($erreur_code, $erreur) = stripe_error_code($err);
        } else {
            $erreur = $e->getMessage();
            $erreur_code = 'error';
        }
    }
    $inactif = "";
    if (!$config['actif']) {
        $inactif = "(inactif) ";
    }
    if ($erreur or $erreur_code) {
        spip_log('call_autoresponse ' . $inactif . ': ' . "{$erreur_code} - {$erreur}", $mode . 'auto' . _LOG_ERREUR);
    } else {
        if ($event) {
            $type = $event->type;
            $type = preg_replace(',\\W,', '_', $type);
            if (function_exists($f = "stripe_webhook_{$type}") or function_exists($f = $f . '_dist')) {
                spip_log("call_autoresponse : event {$type} => {$f}()", $mode . 'auto' . _LOG_DEBUG);
                $res = $f($config, $event);
            } else {
                spip_log("call_autoresponse : event {$type} - {$f} not existing", $mode . 'auto' . _LOG_DEBUG);
            }
        }
    }
    include_spip('inc/headers');
    http_status(200);
    // No Content
    header("Connection: close");
    if ($res) {
        return $res;
    }
    exit;
}
예제 #8
0
function exec_menu_rubriques_dist() {
	global $spip_ecran;
        
	header("Cache-Control: no-cache, must-revalidate");

	if ($date = intval(_request('date')))
		header("Last-Modified: ".gmdate("D, d M Y H:i:s", $date)." GMT");

	$r = gen_liste_rubriques(); 
	if (!$r
	AND isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])
	AND !strstr($_SERVER['SERVER_SOFTWARE'],'IIS/')) {
		include_spip('inc/headers');
		header('Content-Type: text/html; charset='. $GLOBALS['meta']['charset']);
		http_status(304);
		} else {

		$largeur_t = ($spip_ecran == "large") ? 900 : 650;

		$arr_low = extraire_article(0, $GLOBALS['db_art_cache']);

		$total_lignes = $i = sizeof($arr_low);
		$ret = '';

		if ($i > 0) {
			$nb_col = min(8,ceil($total_lignes / 30));
			if ($nb_col <= 1) $nb_col =  ceil($total_lignes / 10);
			$max_lignes = ceil($total_lignes / $nb_col);
			$largeur = min(200, ceil($largeur_t / $nb_col)); 
			$count_lignes = 0;
			$style = " style='z-index: 0; vertical-align: top;'";
			$image = " petit-secteur";
			foreach( $arr_low as $id_rubrique => $titre_rubrique) {
				if ($count_lignes == $max_lignes) {
					$count_lignes = 0;

					$ret .= "</div></td>\n<td$style><div class='bandeau_rubriques'>";
				}
				$count_lignes ++;
				if (autoriser('voir','rubrique',$id_rubrique)){
				  $ret .= bandeau_rubrique($id_rubrique, $titre_rubrique, $i, $largeur, $image);
				  $i--;
				}
			}

			$ret = "<table><tr>\n<td$style><div class='bandeau_rubriques'>"
			  . $ret
			  . "\n</div></td></tr></table>\n";
		}

		include_spip('inc/actions');
		ajax_retour("<div>&nbsp;</div>" . $ret);
	}
}
예제 #9
0
파일: headers.php 프로젝트: genma/spip_ynh
function redirige_par_entete($url, $equiv = '', $status = 302)
{
    if (!in_array($status, array(301, 302))) {
        $status = 302;
    }
    $url = trim(strtr($url, "\n\r", "  "));
    # en theorie on devrait faire ca tout le temps, mais quand la chaine
    # commence par ? c'est imperatif, sinon l'url finale n'est pas la bonne
    if ($url[0] == '?') {
        $url = url_de_base() . $url;
    }
    if ($url[0] == '#') {
        $url = self('&') . $url;
    }
    # si profondeur non nulle et url relative, il faut la passer en absolue
    if ($GLOBALS['profondeur_url'] > (_DIR_RESTREINT ? 1 : 2) and !preg_match(",^(\\w+:)?//,", $url)) {
        include_spip("inc/filtres_mini");
        $url = url_absolue($url);
    }
    if ($x = _request('transformer_xml')) {
        $url = parametre_url($url, 'transformer_xml', $x, '&');
    }
    if (defined('_AJAX') and _AJAX) {
        $url = parametre_url($url, 'var_ajax_redir', 1, '&');
    }
    // ne pas laisser passer n'importe quoi dans l'url
    $url = str_replace(array('<', '"'), array('&lt;', '&quot;'), $url);
    // interdire les url inline avec des pseudo-protocoles :
    if (preg_match(",data:,i", $url) and preg_match("/base64\\s*,/i", $url) or preg_match(",(javascript|mailto):,i", $url)) {
        $url = "./";
    }
    // Il n'y a que sous Apache que setcookie puis redirection fonctionne
    include_spip('inc/cookie');
    if (!$equiv and !spip_cookie_envoye() or (strncmp("Apache", $_SERVER['SERVER_SOFTWARE'], 6) == 0 or defined('_SERVER_APACHE'))) {
        @header("Location: " . $url);
        $equiv = "";
    } else {
        @header("Refresh: 0; url=" . $url);
        $equiv = "<meta http-equiv='Refresh' content='0; url={$url}'>";
    }
    include_spip('inc/lang');
    if ($status != 302) {
        http_status($status);
    }
    echo '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">', "\n", html_lang_attributes(), '
<head>', $equiv, '
<title>HTTP ' . $status . '</title>
</head>
<body>
<h1>HTTP ' . $status . '</h1>
<a href="', quote_amp($url), '">', _T('navigateur_pas_redirige'), '</a></body></html>';
    spip_log("redirige {$status}: {$url}");
    exit;
}
예제 #10
0
function ob_etag($s)
{
    global $_SERVER;
    $etag = md5($s);
    if (strstr($_SERVER['HTTP_IF_NONE_MATCH'], $etag)) {
        http_status(304, "Not Modified");
        return '';
    } else {
        header("ETag: \"{$etag}\"");
        return $s;
    }
}
예제 #11
0
function system_down()
{
    http_status(503, 'Service Unavailable');
    echo <<<EOT
<html>
<head><title>System Unavailable</title></head>
<body>
Apologies but this site is unavailable at the moment. Please try again later.
</body>
</html>
EOT;
}
예제 #12
0
/**
 * Envoyer le navigateur sur une nouvelle adresse
 *
 * Le tout en évitant les attaques par la redirection (souvent indique par un `$_GET`)
 *
 * @example
 *     ```
 *     $redirect = parametre_url(urldecode(_request('redirect')),'id_article=' . $id_article);
 *     include_spip('inc/headers');
 *     redirige_par_entete($redirect);
 *     ```
 *
 * @param string $url URL de redirection
 * @param string $equiv ?
 * @param int $status Code de redirection (301 ou 302)
 **/
function redirige_par_entete($url, $equiv = '', $status = 302)
{
    if (!in_array($status, array(301, 302))) {
        $status = 302;
    }
    $url = trim(strtr($url, "\n\r", "  "));
    # si l'url de redirection est relative, on la passe en absolue
    if (!preg_match(",^(\\w+:)?//,", $url)) {
        include_spip("inc/filtres_mini");
        $url = url_absolue($url);
    }
    if ($x = _request('transformer_xml')) {
        $url = parametre_url($url, 'transformer_xml', $x, '&');
    }
    if (defined('_AJAX') and _AJAX) {
        $url = parametre_url($url, 'var_ajax_redir', 1, '&');
    }
    // ne pas laisser passer n'importe quoi dans l'url
    $url = str_replace(array('<', '"'), array('&lt;', '&quot;'), $url);
    // interdire les url inline avec des pseudo-protocoles :
    if (preg_match(",data:,i", $url) and preg_match("/base64\\s*,/i", $url) or preg_match(",(javascript|mailto):,i", $url)) {
        $url = "./";
    }
    // Il n'y a que sous Apache que setcookie puis redirection fonctionne
    include_spip('inc/cookie');
    if (!$equiv and !spip_cookie_envoye() or (strncmp("Apache", $_SERVER['SERVER_SOFTWARE'], 6) == 0 or defined('_SERVER_APACHE'))) {
        @header("Location: " . $url);
        $equiv = "";
    } else {
        @header("Refresh: 0; url=" . $url);
        if (isset($GLOBALS['meta']['charset'])) {
            @header("Content-Type: text/html; charset=" . $GLOBALS['meta']['charset']);
        }
        $equiv = "<meta http-equiv='Refresh' content='0; url={$url}'>";
    }
    include_spip('inc/lang');
    if ($status != 302) {
        http_status($status);
    }
    echo '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">', "\n", html_lang_attributes(), '
<head>', $equiv, '
<title>HTTP ' . $status . '</title>
' . (isset($GLOBALS['meta']['charset']) ? '<meta http-equiv="Content-Type" content="text/html;charset=' . $GLOBALS['meta']['charset'] . '">' : '') . '
</head>
<body>
<h1>HTTP ' . $status . '</h1>
<a href="', quote_amp($url), '">', _T('navigateur_pas_redirige'), '</a></body></html>';
    spip_log("redirige {$status}: {$url}");
    exit;
}
예제 #13
0
 function call($methodname, $args)
 {
     try {
         $result = $this->remote->call($methodname, $args);
         return $result;
     } catch (RemoteAccessDeniedException $e) {
         if (!isset($_SERVER['REMOTE_USER'])) {
             http_status(401);
             return new IXR_Error(-32603, "server error. not authorized to call method {$methodname}");
         } else {
             http_status(403);
             return new IXR_Error(-32604, "server error. forbidden to call the method {$methodname}");
         }
     } catch (RemoteException $e) {
         return new IXR_Error($e->getCode(), $e->getMessage());
     }
 }
예제 #14
0
 /**
  * Create the detail info for a single plugin
  *
  * @param Doku_Event $event
  * @param            $param
  */
 public function info(Doku_Event &$event, $param)
 {
     global $USERINFO;
     global $INPUT;
     if ($event->data != 'plugin_extension') {
         return;
     }
     $event->preventDefault();
     $event->stopPropagation();
     if (empty($_SERVER['REMOTE_USER']) || !auth_isadmin($_SERVER['REMOTE_USER'], $USERINFO['grps'])) {
         http_status(403);
         echo 'Forbidden';
         exit;
     }
     $ext = $INPUT->str('ext');
     if (!$ext) {
         http_status(400);
         echo 'no extension given';
         return;
     }
     /** @var helper_plugin_extension_extension $extension */
     $extension = plugin_load('helper', 'extension_extension');
     $extension->setExtension($ext);
     $act = $INPUT->str('act');
     switch ($act) {
         case 'enable':
         case 'disable':
             $json = new JSON();
             $extension->{$act}();
             //enables/disables
             $reverse = $act == 'disable' ? 'enable' : 'disable';
             $return = array('state' => $act . 'd', 'reverse' => $reverse, 'label' => $extension->getLang('btn_' . $reverse));
             header('Content-Type: application/json');
             echo $json->encode($return);
             break;
         case 'info':
         default:
             /** @var helper_plugin_extension_list $list */
             $list = plugin_load('helper', 'extension_list');
             header('Content-Type: text/html; charset=utf-8');
             echo $list->make_info($extension);
     }
 }
예제 #15
0
 /**
  * Pass Ajax call to a type
  *
  * @param Doku_Event $event event object by reference
  * @param mixed $param [the parameters passed as fifth argument to register_hook() when this
  *                           handler was registered]
  */
 public function handle_ajax(Doku_Event $event, $param)
 {
     if ($event->data != 'plugin_struct') {
         return;
     }
     $event->preventDefault();
     $event->stopPropagation();
     global $conf;
     header('Content-Type: application/json');
     try {
         $result = $this->executeTypeAjax();
     } catch (StructException $e) {
         $result = array('error' => $e->getMessage() . ' ' . basename($e->getFile()) . ':' . $e->getLine());
         if ($conf['allowdebug']) {
             $result['stacktrace'] = $e->getTraceAsString();
         }
         http_status(500);
     }
     $json = new JSON();
     echo $json->encode($result);
 }
예제 #16
0
 /**
  * @param Doku_Event $event
  * @param $param
  */
 public function handle_ajax(Doku_Event $event, $param)
 {
     $len = strlen('plugin_struct_lookup_');
     if (substr($event->data, 0, $len) != 'plugin_struct_lookup_') {
         return;
     }
     $event->preventDefault();
     $event->stopPropagation();
     try {
         if (substr($event->data, $len) == 'new') {
             $this->lookup_new();
         }
         if (substr($event->data, $len) == 'save') {
             $this->lookup_save();
         }
         if (substr($event->data, $len) == 'delete') {
             $this->lookup_delete();
         }
     } catch (StructException $e) {
         http_status(500);
         header('Content-Type: text/plain');
         echo $e->getMessage();
     }
 }
예제 #17
0
 /**
  * Render a subtree
  *
  * @param Doku_Event $event
  * @param            $params
  */
 public function handle_ajax_call(Doku_Event $event, $params)
 {
     if ($event->data != 'plugin_move_tree') {
         return;
     }
     $event->preventDefault();
     $event->stopPropagation();
     global $INPUT;
     global $USERINFO;
     if (!auth_ismanager($_SERVER['REMOTE_USER'], $USERINFO['grps'])) {
         http_status(403);
         exit;
     }
     /** @var admin_plugin_move_tree $plugin */
     $plugin = plugin_load('admin', 'move_tree');
     $ns = cleanID($INPUT->str('ns'));
     if ($INPUT->bool('is_media')) {
         $type = admin_plugin_move_tree::TYPE_MEDIA;
     } else {
         $type = admin_plugin_move_tree::TYPE_PAGES;
     }
     $data = $plugin->tree($type, $ns, $ns);
     echo html_buildlist($data, 'tree_list', array($plugin, 'html_list'), array($plugin, 'html_li'));
 }
예제 #18
0
 /**
  * @param Doku_Event $event
  * @param $param
  */
 public function handle_ajax(Doku_Event $event, $param)
 {
     $len = strlen('plugin_struct_inline_');
     if (substr($event->data, 0, $len) != 'plugin_struct_inline_') {
         return;
     }
     $event->preventDefault();
     $event->stopPropagation();
     if (substr($event->data, $len) == 'editor') {
         $this->inline_editor();
     }
     if (substr($event->data, $len) == 'save') {
         try {
             $this->inline_save();
         } catch (StructException $e) {
             http_status(500);
             header('Content-Type: text/plain; charset=utf-8');
             echo $e->getMessage();
         }
     }
     if (substr($event->data, $len) == 'cancel') {
         $this->inline_cancel();
     }
 }
예제 #19
0
} elseif ($mode == 'reply') {
    $project_name = request_var('project', '');
    $report_id = request_var('report_id', 0);
    // Load language file
    $user->add_lang('posting');
    // Include files
    include "{$phpbb_root_path}includes/functions_posting.{$phpEx}";
    include "{$phpbb_root_path}includes/message_parser.{$phpEx}";
    // Query the report
    $sql = $db->sql_build_query('SELECT', array('SELECT' => 'r.*, pr.*, t.topic_approved, t.topic_poster, t.topic_time, t.topic_status, t.topic_type, t.topic_first_poster_name, t.topic_first_poster_colour, f.enable_indexing, p.post_id, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, p.post_text, p.bbcode_bitfield, p.bbcode_uid, c.component_title, s.status_title, v.version_title, a.user_id AS assigned_id, a.username AS assigned_name, a.user_colour AS assigned_colour', 'FROM' => array(BUGS_REPORTS_TABLE => 'r'), 'LEFT_JOIN' => array(array('FROM' => array(BUGS_PROJECTS_TABLE => 'pr'), 'ON' => 'r.project_id = pr.project_id'), array('FROM' => array(TOPICS_TABLE => 't'), 'ON' => 'r.topic_id = t.topic_id'), array('FROM' => array(FORUMS_TABLE => 'f'), 'ON' => 'pr.forum_id = f.forum_id'), array('FROM' => array(POSTS_TABLE => 'p'), 'ON' => 't.topic_first_post_id = p.post_id'), array('FROM' => array(BUGS_COMPONENTS_TABLE => 'c'), 'ON' => 'r.report_component = c.component_id'), array('FROM' => array(BUGS_STATUSES_TABLE => 's'), 'ON' => 'r.report_status = s.status_id'), array('FROM' => array(BUGS_VERSIONS_TABLE => 'v'), 'ON' => 'r.report_version = v.version_id'), array('FROM' => array(USERS_TABLE => 'a'), 'ON' => 'r.report_assigned = a.user_id')), 'WHERE' => "r.report_id = {$report_id} AND pr.project_name = '" . $db->sql_escape($project_name) . "'"));
    $result = $db->sql_query($sql);
    if (($report = $db->sql_fetchrow($result)) == false) {
        http_status(404);
        trigger_error('NO_REPORT', E_USER_NOTICE);
    } elseif (!$auth->acl_get('f_c_com_post', $report['forum_id']) || $report['topic_approved'] == 0 && !$auth->acl_get('m_approve', $report['forum_id']) && $report['topic_poster'] != $user->data['user_id']) {
        http_status(403);
        trigger_error('NOT_AUTHORISED', E_USER_NOTICE);
    } elseif ($report['topic_status'] == ITEM_LOCKED && !$auth->acl_get('m_', $report['forum_id'])) {
        trigger_error('TOPIC_LOCKED', E_USER_NOTICE);
    }
    $db->sql_freeresult($result);
    // Find out whether the user is watching the report
    if ($user->data['user_id'] != ANONYMOUS) {
        $sql = 'SELECT notify_status FROM ' . TOPICS_WATCH_TABLE . " WHERE topic_id = {$report['topic_id']} AND user_id = {$user->data['user_id']}";
        $result = $db->sql_query($sql);
        $is_subscribed = $db->sql_fetchrow($result) != false;
        $db->sql_freeresult($result);
    } else {
        $is_subscribed = false;
    }
    // Get submitted data
예제 #20
0
/**
 * Routage automatique de la 404 si le bloc de contenu est vide
 * Seul le bloc principal est pris en compte (le premier de la liste)
 * mais il est possible de personaliser le ou les blocs a prendre en compte pour detecter une 404 :
 * $GLOBALS['z_blocs_404'] = array('content','aside');
 * On ne declenchera alors une 404 que si content/xxx et aside/xxx sont vide tous les deux
 * (attention a ce que la page 404 ait bien un de ces blocs non vide pour eviter une boucle infinie)
 *
 * @param array $flux
 *
 * @return array
 */
function zcore_recuperer_fond($flux)
{
    static $empty_count = 0, $is_404 = false;
    static $z_blocs_404, $z_blocs_404_nlength, $z_blocs_404_ncount;
    if ($is_404) {
        if ($flux['args']['fond'] === "structure") {
            $is_404 = false;
            // pas de risque de reentrance
            $code = "404 Not Found";
            $contexte_inclus = array('erreur' => "", 'code' => $code, 'lang' => $GLOBALS['spip_lang']);
            $flux['data'] = evaluer_fond('404', $contexte_inclus);
            $flux['data']['status'] = intval($code);
            // pas remonte vers la page mais un jour peut etre...
            // du coup on envoie le status a la main
            include_spip("inc/headers");
            http_status(intval($code));
        }
    } elseif (!test_espace_prive()) {
        if (!isset($z_blocs_404)) {
            if (isset($GLOBALS['z_blocs_404'])) {
                $z_blocs_404 = $GLOBALS['z_blocs_404'];
                if (is_array($z_blocs_404) and count($z_blocs_404) == 1) {
                    $z_blocs_404 = reset($z_blocs_404);
                }
            } else {
                if (!function_exists("z_blocs")) {
                    $styliser_par_z = charger_fonction('styliser_par_z', 'public');
                }
                $z_blocs = z_blocs(test_espace_prive());
                $z_blocs_404 = reset($z_blocs);
                // contenu par defaut
            }
            if (is_array($z_blocs_404)) {
                $z_blocs_404_ncount = count($z_blocs_404);
                $z_blocs_404_nlength = array_map('strlen', $z_blocs_404);
            } else {
                $z_blocs_404_ncount = 1;
                $z_blocs_404_nlength = strlen($z_blocs_404);
            }
        }
        $fond = $flux['args']['fond'];
        // verifier rapidement que c'est un des fonds de reference pour la 404 :
        // le fond commende par nomdudossier/
        // le fond n'a pas de / suppelementaires (on est au bon niveau)
        $quick_match = false;
        if (strpos($fond, "/") !== false and $z_blocs_404_ncount) {
            if ($z_blocs_404_ncount == 1) {
                $quick_match = (strncmp($fond, "{$z_blocs_404}/", $z_blocs_404_nlength + 1) === 0 and strpos($fond, "/", $z_blocs_404_nlength + 1) === false);
            } else {
                foreach ($z_blocs_404 as $k => $zb) {
                    if (strncmp($fond, "{$zb}/", $z_blocs_404_nlength[$k] + 1) === 0 and strpos($fond, "/", $z_blocs_404_nlength[$k] + 1) === false) {
                        $quick_match = true;
                        break;
                    }
                }
            }
        }
        if ($quick_match and !strlen(trim($flux['data']['texte']))) {
            $empty_count++;
            if ($empty_count >= $z_blocs_404_ncount) {
                $is_404 = true;
            }
        }
    }
    return $flux;
}
예제 #21
0
파일: network.php 프로젝트: bashrc/hubzilla
/**
 * @brief Send HTTP status header and exit.
 *
 * @param int $val
 *    integer HTTP status result value
 * @param string $msg
 *    optional message
 * @returns (does not return, process is terminated)
 */
function http_status_exit($val, $msg = '')
{
    http_status($val, $msg);
    killme();
}
예제 #22
0
파일: public.php 프로젝트: nursit/SPIP
     if (traiter_appels_actions() or traiter_appels_inclusions_ajax() or traiter_formulaires_dynamiques()) {
         // lancer les taches sur affichage final, comme le cron
         // mais sans rien afficher
         $GLOBALS['html'] = false;
         // ne rien afficher
         pipeline('affichage_final' . _PIPELINE_SUFFIX, '');
         exit;
         // le hit est fini !
     }
 }
 // Il y a du texte a produire, charger le metteur en page
 include_spip('public/assembler');
 $page = assembler($fond, _request('connect'));
 if (isset($page['status'])) {
     include_spip('inc/headers');
     http_status($page['status']);
 }
 // Content-Type ?
 if (!isset($page['entetes']['Content-Type'])) {
     $page['entetes']['Content-Type'] = "text/html; charset=" . $GLOBALS['meta']['charset'];
     $html = true;
 } else {
     $html = preg_match(',^\\s*text/html,', $page['entetes']['Content-Type']);
 }
 if (defined('_VAR_PREVIEW') and _VAR_PREVIEW and $html) {
     include_spip('inc/filtres');
     // pour http_img_pack
     $x = "<div class='spip-previsu' " . http_style_background('preview-32.png') . ">" . _T('previsualisation') . "</div>";
     if (!($pos = strpos($page['texte'], '</body>'))) {
         $pos = strlen($page['texte']);
     }
예제 #23
0
function action_cron()
{
    include_spip('inc/headers');
    http_status(204);
    // No Content
    header("Connection: close");
    define('_DIRECT_CRON_FORCE', true);
    cron();
}
예제 #24
0
/**
 * Set headers and send the file to the client
 *
 * The $cache parameter influences how long files may be kept in caches, the $public parameter
 * influences if this caching may happen in public proxis or in the browser cache only FS#2734
 *
 * This function will abort the current script when a 304 is sent or file sending is handled
 * through x-sendfile
 *
 * @author Andreas Gohr <*****@*****.**>
 * @author Ben Coburn <*****@*****.**>
 * @author Gerry Weissbach <*****@*****.**>
 *
 * @param string $file   local file to send
 * @param string $mime   mime type of the file
 * @param bool   $dl     set to true to force a browser download
 * @param int    $cache  remaining cache time in seconds (-1 for $conf['cache'], 0 for no-cache)
 * @param bool   $public is this a public ressource or a private one?
 * @param string $orig   original file to send - the file name will be used for the Content-Disposition
 */
function sendFile($file, $mime, $dl, $cache, $public = false, $orig = null)
{
    global $conf;
    // send mime headers
    header("Content-Type: {$mime}");
    // calculate cache times
    if ($cache == -1) {
        $maxage = max($conf['cachetime'], 3600);
        // cachetime or one hour
        $expires = time() + $maxage;
    } else {
        if ($cache > 0) {
            $maxage = $cache;
            // given time
            $expires = time() + $maxage;
        } else {
            // $cache == 0
            $maxage = 0;
            $expires = 0;
            // 1970-01-01
        }
    }
    // smart http caching headers
    if ($maxage) {
        if ($public) {
            // cache publically
            header('Expires: ' . gmdate("D, d M Y H:i:s", $expires) . ' GMT');
            header('Cache-Control: public, proxy-revalidate, no-transform, max-age=' . $maxage);
            header('Pragma: public');
        } else {
            // cache in browser
            header('Expires: ' . gmdate("D, d M Y H:i:s", $expires) . ' GMT');
            header('Cache-Control: private, no-transform, max-age=' . $maxage);
            header('Pragma: no-cache');
        }
    } else {
        // no cache at all
        header('Expires: Thu, 01 Jan 1970 00:00:00 GMT');
        header('Cache-Control: no-cache, no-transform');
        header('Pragma: no-cache');
    }
    //send important headers first, script stops here if '304 Not Modified' response
    $fmtime = @filemtime($file);
    http_conditionalRequest($fmtime);
    // Use the current $file if is $orig is not set.
    if ($orig == null) {
        $orig = $file;
    }
    //download or display?
    if ($dl) {
        header('Content-Disposition: attachment;' . rfc2231_encode('filename', utf8_basename($orig)) . ';');
    } else {
        header('Content-Disposition: inline;' . rfc2231_encode('filename', utf8_basename($orig)) . ';');
    }
    //use x-sendfile header to pass the delivery to compatible webservers
    http_sendfile($file);
    // send file contents
    $fp = @fopen($file, "rb");
    if ($fp) {
        http_rangeRequest($fp, filesize($file), $mime);
    } else {
        http_status(500);
        print "Could not read {$file} - bad permissions?";
    }
}
예제 #25
0
function action_acceder_document_dist() {
	include_spip('inc/documents');

	// $file exige pour eviter le scan id_document par id_document
	$f = rawurldecode(_request('file'));
	$file = get_spip_doc($f);
	$arg = rawurldecode(_request('arg'));

	$status = $dcc = false;
	if (strpos($f,'../') !== false
	OR preg_match(',^\w+://,', $f)) {
		$status = 403;
	}
	else if (!file_exists($file) OR !is_readable($file)) {
		$status = 404;
	} else {
		$where = "documents.fichier=".sql_quote(set_spip_doc($file))
		. ($arg ? " AND documents.id_document=".intval($arg): '');

		$doc = sql_fetsel("documents.id_document, documents.titre, documents.fichier, types.mime_type, types.inclus, documents.extension", "spip_documents AS documents LEFT JOIN spip_types_documents AS types ON documents.extension=types.extension",$where);
		if (!$doc) {
			$status = 404;
		} else {

			// ETag pour gerer le status 304
			$ETag = md5($file . ': '. filemtime($file));
			if (isset($_SERVER['HTTP_IF_NONE_MATCH'])
			AND $_SERVER['HTTP_IF_NONE_MATCH'] == $ETag) {
				http_status(304); // Not modified
				exit;
			} else {
				header('ETag: '.$ETag);
			}

			//
			// Verifier les droits de lecture du document
			// en controlant la cle passee en argument
			//
			include_spip('inc/securiser_action');
			$cle = _request('cle');
			if (!verifier_cle_action($doc['id_document'].','.$f, $cle)) {
				spip_log("acces interdit $cle erronee");
				$status = 403;
			}
		}
	}

	switch($status) {

	case 403:
		include_spip('inc/minipres');
		echo minipres();
		break;

	case 404:
		http_status(404);
		include_spip('inc/minipres');
		echo minipres(_T('erreur').' 404',
			_T('info_document_indisponible'));
		break;

	default:
		header("Content-Type: ". $doc['mime_type']);

		// pour les images ne pas passer en attachment
		// sinon, lorsqu'on pointe directement sur leur adresse,
		// le navigateur les downloade au lieu de les afficher

		if ($doc['inclus']=='non') {

			$f = basename($file);
			// ce content-type est necessaire pour eviter des corruptions de zip dans ie6
			header('Content-Type: application/octet-stream');

			header("Content-Disposition: attachment; filename=\"$f\";");
			header("Content-Transfer-Encoding: binary");

			// fix for IE catching or PHP bug issue
			header("Pragma: public");
			header("Expires: 0"); // set expiration time
			header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

		}

		if ($cl = filesize($file))
			header("Content-Length: ". $cl);

		readfile($file);
		break;
	}

}
예제 #26
0
/**
 * Rediriger une page suivant une autorisation,
 * et ce, n'importe où dans un squelette, même dans les inclusions.
 * Exemple :
 * [(#AUTORISER{non}|sinon_interdire_acces)]
 * [(#AUTORISER{non}|sinon_interdire_acces{#URL_PAGE{login}, 401})]
 *
 * @param bool $ok Indique si l'on doit rediriger ou pas
 * @param string $url Adresse vers laquelle rediriger
 * @param int $statut Statut HTML avec lequel on redirigera
 * @return string
 */
function sinon_interdire_acces($ok = false, $url = '', $statut = 0)
{
    if ($ok) {
        return '';
    }
    // Vider tous les tampons
    $level = @ob_get_level();
    while ($level--) {
        @ob_end_clean();
    }
    include_spip('inc/headers');
    $statut = intval($statut);
    // Si aucun argument on essaye de deviner quoi faire par défaut
    if (!$url and !$statut) {
        // Si on est dans l'espace privé, on génère du 403 Forbidden
        if (test_espace_prive()) {
            http_status(403);
            $echec = charger_fonction('403', 'exec');
            $echec();
        } else {
            $statut = 404;
        }
    }
    // On suit les directives indiquées dans les deux arguments
    // S'il y a un statut
    if ($statut) {
        // Dans tous les cas on modifie l'entité avec ce qui est demandé
        http_status($statut);
        // Si le statut est une erreur et qu'il n'y a pas de redirection on va chercher le squelette du même nom
        if ($statut >= 400 and !$url) {
            echo recuperer_fond("{$statut}");
        }
    }
    // S'il y a une URL, on redirige (si pas de statut, la fonction mettra 302 par défaut)
    if ($url) {
        redirige_par_entete($url, '', $statut);
    }
    exit;
}
예제 #27
0
파일: aiguiller.php 프로젝트: rhertzog/lcs
function traiter_appels_inclusions_ajax(){
	// traiter les appels de bloc ajax (ex: pagination)
	if ($v = _request('var_ajax')
	AND $v !== 'form'
	AND $args = _request('var_ajax_env')) {
		include_spip('inc/filtres');
		include_spip('inc/actions');
		if ($args = decoder_contexte_ajax($args)
		AND $fond = $args['fond']) {
			include_spip('public/assembler');
			$contexte = calculer_contexte();
			$contexte = array_merge($args, $contexte);
			$page = recuperer_fond($fond,$contexte,array('trim'=>false));
			$texte = $page;
			if ($ancre = _request('var_ajax_ancre')){
				// pas n'importe quoi quand meme dans la variable !
				$ancre = str_replace(array('<','"',"'"),array('&lt;','&quot;',''),$ancre);
				$texte = "<a href='#$ancre' name='ajax_ancre' style='display:none;'>anchor</a>".$texte;
			}
		}
		else {
			include_spip('inc/headers');
			http_status(403);
			$texte = _L('signature ajax bloc incorrecte');
		}
		ajax_retour($texte);
		return true; // on a fini le hit
	}
	return false;	
}
예제 #28
0
    foreach (explode(' ', 'basedir userewrite baseurl useslash') as $x) {
        print '$' . "conf['{$x}'] = '" . $conf[$x] . "';\n";
    }
    foreach (explode(' ', 'DOCUMENT_ROOT HTTP_HOST SCRIPT_FILENAME PHP_SELF ' . 'REQUEST_URI SCRIPT_NAME PATH_INFO PATH_TRANSLATED') as $x) {
        print '$' . "_SERVER['{$x}'] = '" . $_SERVER[$x] . "';\n";
    }
    print "getID('media'): " . getID('media') . "\n";
    print "getID('media',false): " . getID('media', false) . "\n";
    print '</pre>';
}
$ERROR = false;
// check image permissions
$AUTH = auth_quickaclcheck($IMG);
if ($AUTH >= AUTH_READ) {
    // check if image exists
    $SRC = mediaFN($IMG);
    if (!@file_exists($SRC)) {
        //doesn't exist!
        http_status(404);
        $ERROR = 'File not found';
    }
} else {
    // no auth
    $ERROR = p_locale_xhtml('denied');
}
// this makes some general infos available as well as the info about the
// "parent" page
$INFO = pageinfo();
//start output and load template
header('Content-Type: text/html; charset=utf-8');
include template('detail.php');
예제 #29
0
 /**
  * GET method handler
  *
  * @param void
  * @returns void
  */
 function http_GET()
 {
     // TODO check for invalid stream
     $options = array();
     $options["path"] = $this->path;
     $this->_get_ranges($options);
     if (true === ($status = $this->get($options))) {
         if (!headers_sent()) {
             $status = "200 OK";
             if (!isset($options['mimetype'])) {
                 $options['mimetype'] = "application/octet-stream";
             }
             header("Content-type: {$options['mimetype']}");
             if (isset($options['mtime'])) {
                 header("Last-modified:" . gmdate("D, d M Y H:i:s ", $options['mtime']) . "GMT");
             }
             if (isset($options['stream'])) {
                 // GET handler returned a stream
                 if (!empty($options['ranges']) && 0 === fseek($options['stream'], 0, SEEK_SET)) {
                     // partial request and stream is seekable
                     if (count($options['ranges']) === 1) {
                         $range = $options['ranges'][0];
                         if (isset($range['start'])) {
                             fseek($options['stream'], $range['start'], SEEK_SET);
                             if (feof($options['stream'])) {
                                 http_status("416 Requested range not satisfiable");
                                 exit;
                             }
                             if (isset($range['end'])) {
                                 $size = $range['end'] - $range['start'] + 1;
                                 http_status("206 partial");
                                 header("Content-length: {$size}");
                                 header("Content-range: {$range['start']}-{$range['end']}/" . (isset($options['size']) ? $options['size'] : "*"));
                                 while ($size && !feof($options['stream'])) {
                                     $buffer = fread($options['stream'], 4096);
                                     $size -= strlen($buffer);
                                     echo $buffer;
                                 }
                             } else {
                                 http_status("206 partial");
                                 if (isset($options['size'])) {
                                     header("Content-length: " . ($options['size'] - $range['start']));
                                     header("Content-range: {$start}-{$end}/" . (isset($options['size']) ? $options['size'] : "*"));
                                 }
                                 fpassthru($options['stream']);
                             }
                         } else {
                             header("Content-length: " . $range['last']);
                             fseek($options['stream'], -$range['last'], SEEK_END);
                             fpassthru($options['stream']);
                         }
                     } else {
                         $this->_multipart_byterange_header();
                         // init multipart
                         foreach ($options['ranges'] as $range) {
                             // TODO what if size unknown? 500?
                             if (isset($range['start'])) {
                                 $from = $range['start'];
                                 $to = !empty($range['end']) ? $range['end'] : $options['size'] - 1;
                             } else {
                                 $from = $options['size'] - $range['last'] - 1;
                                 $to = $options['size'] - 1;
                             }
                             $total = isset($options['size']) ? $options['size'] : "*";
                             $size = $to - $from + 1;
                             $this->_multipart_byterange_header($options['mimetype'], $from, $to, $total);
                             fseek($options['stream'], $start, SEEK_SET);
                             while ($size && !feof($options['stream'])) {
                                 $buffer = fread($options['stream'], 4096);
                                 $size -= strlen($buffer);
                                 echo $buffer;
                             }
                         }
                         $this->_multipart_byterange_header();
                         // end multipart
                     }
                 } else {
                     // normal request or stream isn't seekable, return full content
                     if (isset($options['size'])) {
                         header("Content-length: " . $options['size']);
                     }
                     fpassthru($options['stream']);
                     return;
                     // no more headers
                 }
             } elseif (isset($options['data'])) {
                 if (is_array($options['data'])) {
                     // reply to partial request
                 } else {
                     header("Content-length: " . strlen($options['data']));
                     echo $options['data'];
                 }
             }
         }
     }
     if (false === $status) {
         $this->http_status("404 not found");
     }
     $this->http_status("{$status}");
 }
예제 #30
0
/**
 * Checks if a given authentication token was stored in the session
 *
 * Will setup authentication data using data from the session if the
 * token is correct. Will exit with a 401 Status if not.
 *
 * @author Andreas Gohr <*****@*****.**>
 * @param  string $token The authentication token
 * @return boolean true (or will exit on failure)
 */
function auth_validateToken($token)
{
    if (!$token || $token != $_SESSION[DOKU_COOKIE]['auth']['token']) {
        // bad token
        http_status(401);
        print 'Invalid auth token - maybe the session timed out';
        unset($_SESSION[DOKU_COOKIE]['auth']['token']);
        // no second chance
        exit;
    }
    // still here? trust the session data
    global $USERINFO;
    /* @var Input $INPUT */
    global $INPUT;
    $INPUT->server->set('REMOTE_USER', $_SESSION[DOKU_COOKIE]['auth']['user']);
    $USERINFO = $_SESSION[DOKU_COOKIE]['auth']['info'];
    return true;
}