/**
* Function which returns a correct filename, means to add a slash at the beginning if there wasn't one.
*
* @param string filename the filename
*
* @return string the corrected filename
*
* @author Florian Lippert <*****@*****.**>
* @author Michael Russ <*****@*****.**>
* @author Martin Burchert <*****@*****.**>
*/
function makeCorrectFile($filename)
{
if (substr($filename, 0, 1) != '/') {
$filename = '/' . $filename;
}
$filename = makeSecurePath($filename);
return $filename;
}
/**
* Function which returns a correct dirname, means to add slashes at the beginning and at the end if there weren't some
*
* @param string The dirname
* @return string The corrected dirname
* @author Florian Lippert <*****@*****.**>
*/
function makeCorrectDir($dir)
{
if (substr($dir, -1, 1) != '/') {
$dir .= '/';
}
if (substr($dir, 0, 1) != '/') {
$dir = '/' . $dir;
}
$dir = makeSecurePath($dir);
return $dir;
}
/**
* Function which returns a correct dirname, means to add slashes at the beginning and at the end if there weren't some
*
* @param string The dirname
* @return string The corrected dirname
* @author Florian Lippert <*****@*****.**>
*/
function makeCorrectDir($dir)
{
assert('is_string($dir) && strlen($dir) > 0 /* $dir does not look like an actual folder name */');
$dir = trim($dir);
if (substr($dir, -1, 1) != '/') {
$dir .= '/';
}
if (substr($dir, 0, 1) != '/') {
$dir = '/' . $dir;
}
$dir = makeSecurePath($dir);
return $dir;
}
/**
* Function which returns a correct filename, means to add a slash at the beginning if there wasn't one
*
* @param string filename the filename
* @return string the corrected filename
* @author Florian Lippert <*****@*****.**>
* @author Michael Russ <*****@*****.**>
* @author Martin Burchert <*****@*****.**>
*/
function makeCorrectFile($filename)
{
if (!isset($filename) || trim($filename) == '') {
$error = 'Given filename for function ' . __FUNCTION__ . ' is empty.' . "\n";
$error .= 'This is very dangerous and should not happen.' . "\n";
$error .= 'Please inform the Froxlor team about this issue so they can fix it.';
die($error);
}
if (substr($filename, 0, 1) != '/') {
$filename = '/' . $filename;
}
$filename = makeSecurePath($filename);
return $filename;
}
* END REDUNDANT CODE (CRONSCRIPT "HEADER")
*/
/**
* Check if table exists, otherwise create it
*/
$tables = getTables($db);
if (!isset($tables[TABLE_PANEL_CRONSCRIPT]) || !is_array($tables[TABLE_PANEL_CRONSCRIPT])) {
$db->query('CREATE TABLE `' . TABLE_PANEL_CRONSCRIPT . '` ( `id` int(11) unsigned NOT NULL auto_increment, `file` varchar(255) NOT NULL default \'\', PRIMARY KEY (`id`) ) TYPE=MyISAM ; ');
}
/**
* Backend Wrapper
*/
$query = 'SELECT * FROM `' . TABLE_PANEL_CRONSCRIPT . '` ';
$cronFileIncludeResult = $db->query($query);
while ($cronFileIncludeRow = $db->fetch_array($cronFileIncludeResult)) {
$cronFileIncludeFullPath = makeSecurePath($pathtophpfiles . '/scripts/' . $cronFileIncludeRow['file']);
if (fileowner($cronFileIncludeFullPath) == fileowner($pathtophpfiles . '/scripts/' . $filename) && filegroup($cronFileIncludeFullPath) == filegroup($pathtophpfiles . '/scripts/' . $filename)) {
fwrite($debugHandler, 'Processing ...' . $cronFileIncludeFullPath . "\n");
include_once $cronFileIncludeFullPath;
fwrite($debugHandler, 'Processing done!' . "\n");
} else {
fwrite($debugHandler, 'WARNING! uid and/or gid of "' . $cronFileIncludeFullPath . '" and "' . $pathtophpfiles . '/scripts/' . $filename . '" don\'t match! Execution aborted!' . "\n");
$keepLockFile = true;
}
}
/**
* STARTING CRONSCRIPT FOOTER
*/
include $pathtophpfiles . '/lib/cron_shutdown.php';
/**
* END CRONSCRIPT FOOTER
}
} elseif ($action == 'add') {
if (Settings::Get('panel.sendalternativemail') == 1) {
$available_templates[] = 'pop_success_alternative';
}
if (isset($_POST['prepare']) && $_POST['prepare'] == 'prepare') {
//email templates
$language = htmlentities(validate($_POST['language'], 'language', '/^[^\\r\\n\\0"\']+$/', 'nolanguageselect'));
$template = validate($_POST['template'], 'template');
$lng_bak = $lng;
foreach ($langs['English'] as $key => $value) {
include_once makeSecurePath($value['file']);
}
if ($language != 'English') {
foreach ($langs[$language] as $key => $value) {
include makeSecurePath($value['file']);
}
}
$subject = $lng['mails'][$template]['subject'];
$body = str_replace('\\n', "\n", $lng['mails'][$template]['mailbody']);
$lng = $lng_bak;
$template_add_data = (include_once dirname(__FILE__) . '/lib/formfields/admin/templates/formfield.template_add.php');
$template_add_form = htmlform::genHTMLForm($template_add_data);
$title = $template_add_data['template_add']['title'];
$image = $template_add_data['template_add']['image'];
eval("echo \"" . getTemplate("templates/templates_add_2") . "\";");
} elseif (isset($_POST['send']) && $_POST['send'] == 'send') {
//email templates
$language = htmlentities(validate($_POST['language'], 'language', '/^[^\\r\\n\\0"\']+$/', 'nolanguageselect'));
$template = validate($_POST['template'], 'template');
$subject = validate($_POST['subject'], 'subject', '/^[^\\r\\n\\0]+$/', 'nosubjectcreate');
} else {
$language = $userinfo['def_language'];
}
}
// include every english language file we can get
foreach ($langs['English'] as $key => $value) {
include_once makeSecurePath($value['file']);
}
// now include the selected language if its not english
if ($language != 'English') {
foreach ($langs[$language] as $key => $value) {
include_once makeSecurePath($value['file']);
}
}
// last but not least include language references file
include_once makeSecurePath('lng/lng_references.php');
// Initialize our new link - class
$linker = new linker('index.php', $s);
/**
* global Theme-variable
*/
$theme = Settings::Get('panel.default_theme') !== null ? Settings::Get('panel.default_theme') : $_deftheme;
/**
* overwrite with customer/admin theme if defined
*/
if (isset($userinfo['theme']) && $userinfo['theme'] != $theme) {
$theme = $userinfo['theme'];
}
// Check if a different variant of the theme is used
$themevariant = "default";
if (preg_match("/([a-z0-9\\.\\-]+)_([a-z0-9\\.\\-]+)/i", $theme, $matches)) {
