function _saveUpload_promoteTempFile($uploadInfo, $uploadDir, $skipUploadSecurityCheck)
{
    // move and rename upload (from system /tmp/ folder to our /uploads/ folder)
    list($saveAsFilename, $saveAsFilepath) = _saveUpload_getSaveAsFilenameAndPath($uploadInfo['name'], $uploadDir);
    // get save-as filename
    if ($skipUploadSecurityCheck) {
        rename_winsafe($uploadInfo['tmp_name'], $saveAsFilepath) || die("Error moving uploaded file! {$php_errormsg}");
    } else {
        move_uploaded_file($uploadInfo['tmp_name'], $saveAsFilepath) || die("Error moving uploaded file! {$php_errormsg}");
    }
    // Set permissions (make upload readable and writable)
    // Note: Sometimes when upload are create in /tmp/ by PHP they don't the correct read and write permissions
    $permissions = fileperms($saveAsFilepath);
    $isReadable = ($permissions | 0444) == $permissions;
    // has read bits for User, Group, and World
    $isWritable = ($permissions | 0222) == $permissions;
    // has write bits for User, Group, and World
    if (!$isReadable) {
        chmod($saveAsFilepath, 0666) || die("Error changing permissions on '" . htmlspecialchars($saveAsFilepath) . "'! {$php_errormsg}");
    }
    return array($saveAsFilename, $saveAsFilepath);
}
예제 #2
0
function renameOrRemoveDefaultFiles()
{
    $dirs = array();
    $dirs[] = DATA_DIR;
    $dirs[] = DATA_DIR . '/schema';
    $dirs[] = DATA_DIR . '/schemaPresets';
    foreach ($dirs as $dir) {
        foreach (scandir($dir) as $filename) {
            $filepath = "{$dir}/{$filename}";
            if (!is_file($filepath)) {
                continue;
            }
            if (!preg_match('/\\.default$/', $filename)) {
                continue;
            }
            // rename default file if no target file exists
            $defaultFile = $filepath;
            $targetFile = preg_replace('/\\.default$/', '', $defaultFile);
            if (!is_file($targetFile)) {
                @rename_winsafe($defaultFile, $targetFile) || die("Error renaming '{$defaultFile}'!<br/>Make sure this file and it's parent directory are writable!");
            } else {
                @unlink($defaultFile) || die("Error deleting '{$defaultFile}'!<br/> Make sure this file and it's parent directory are writable! PHP Error: {$php_errormsg}");
            }
        }
    }
}
function saveTableDetails()
{
    global $TABLE_PREFIX, $schema, $APP, $tableName, $tableNameWithPrefix;
    $oldSchemaFilepath = DATA_DIR . '/schema/' . getTableNameWithoutPrefix($_REQUEST['tableName']) . ".ini.php";
    $newSchemaFilepath = DATA_DIR . '/schema/' . getTableNameWithoutPrefix($_REQUEST['newTableName']) . ".ini.php";
    //
    security_dieUnlessPostForm();
    security_dieUnlessInternalReferer();
    security_dieOnInvalidCsrfToken();
    //
    disableInDemoMode('', 'database/listTables.php');
    // error checking
    $errors = '';
    if ($_REQUEST['newTableName'] == '') {
        $errors .= "You must specify a tablename!<br/>\n";
    }
    if (preg_match("/dragSortOrder/", @$_REQUEST['listPageFields']) || preg_match("/dragSortOrder/", $_REQUEST['listPageOrder'])) {
        if (!preg_match("/^dragSortOrder/", @$_REQUEST['listPageFields'])) {
            $errors .= "If used, dragSortOrder must be the first field in 'ListPage Fields'!<br/>\n";
        }
        if (!preg_match("/^dragSortOrder/", $_REQUEST['listPageOrder'])) {
            $errors .= "If used, dragSortOrder must be the first field in 'Order By'!<br/>\n";
        }
    }
    if (@$_REQUEST['tableName'] && !$schema) {
        $errors .= "Error updating schema file.  Please wait a few seconds and try again.<br/>\n";
    }
    if (!is_writable(DATA_DIR . '/schema/')) {
        $errors .= "Schema dir '/data/schema/' isn't writable.  Please update permissions.<br/>\n";
    } elseif (!is_writable($oldSchemaFilepath)) {
        $errors .= "Schema file '/data/schema/" . basename($oldSchemaFilepath) . "' isn't writable.  Please update permissions.<br/>\n";
    }
    // v2.53 - require urls to start with scheme:// or / (to ensure links are valid when moving between sites)
    $fieldNamesToLabels = array();
    $fieldNamesToLabels['_listPage'] = 'List Page Url';
    $fieldNamesToLabels['_detailPage'] = 'Detail Page Url';
    $fieldNamesToLabels['_previewPage'] = 'Preview Page Url';
    foreach ($fieldNamesToLabels as $name => $label) {
        $startsWithHttpOrSlash = preg_match("|^(\\w+:/)?/|", @$_REQUEST[$name]);
        if (@$_REQUEST[$name] && !$startsWithHttpOrSlash) {
            $errors .= t("{$label} must start with /") . "<br/>\n";
        }
    }
    //
    if ($errors) {
        alert($errors);
        return;
    }
    // force add table prefix (if not specified)
    $_REQUEST['newTableName'] = getTableNameWithPrefix($_REQUEST['newTableName']);
    ### rename table
    if ($_REQUEST['tableName'] != $_REQUEST['newTableName']) {
        $error = getTablenameErrors($_REQUEST['newTableName']);
        if ($error) {
            alert($error);
            return;
        }
        // rename mysql table
        $result = mysql_query("RENAME TABLE `" . mysql_escape($_REQUEST['tableName']) . "`\n                                        TO `" . mysql_escape($_REQUEST['newTableName']) . "`") or die("Error renaming MySQL table:\n\n" . htmlencode(mysql_error()) . "\n");
        // rename schema file
        rename_winsafe($oldSchemaFilepath, $newSchemaFilepath) or die("Error renaming schema file!");
        // update uploads table with new table name
        $where = array('tableName' => getTableNameWithoutPrefix($_REQUEST['tableName']));
        // old tableName
        $colsToValues = array('tableName' => getTableNameWithoutPrefix($_REQUEST['newTableName']));
        // new tableName
        $result = mysql_update('uploads', null, $where, $colsToValues);
        // update tableName form field
        $_REQUEST['tableName'] = $_REQUEST['newTableName'];
        // update globals with new tablename
        $tableName = $_REQUEST['tableName'];
        // sic
        $tableNameWithPrefix = $_REQUEST['tableName'];
    }
    ### update schema fields
    $schema['menuName'] = $_REQUEST['menuName'];
    $schema['_indent'] = @$_REQUEST['_indent'];
    $schema['menuType'] = $_REQUEST['menuType'];
    $schema['menuOrder'] = $_REQUEST['menuOrder'];
    if ($_REQUEST['menuType'] != 'link') {
        $schema['menuHidden'] = $_REQUEST['menuHidden'];
        $schema['listPageFields'] = @$_REQUEST['listPageFields'];
        $schema['listPageOrder'] = $_REQUEST['listPageOrder'];
        $schema['listPageSearchFields'] = $_REQUEST['listPageSearchFields'];
        $schema['_perPageDefault'] = @$_REQUEST['_perPageDefault'];
        $schema['_maxRecords'] = $_REQUEST['_maxRecords'];
        $schema['_maxRecordsPerUser'] = $_REQUEST['_maxRecordsPerUser'];
        $schema['_disableAdd'] = $_REQUEST['_disableAdd'];
        $schema['_disableView'] = $_REQUEST['_disableView'];
        $schema['_disableModify'] = $_REQUEST['_disableModify'];
        $schema['_disableErase'] = $_REQUEST['_disableErase'];
        $schema['_disablePreview'] = $_REQUEST['_disablePreview'];
        $schema['_filenameFields'] = @$_REQUEST['_filenameFields'];
        $schema['_listPage'] = @$_REQUEST['_listPage'];
        $schema['_detailPage'] = $_REQUEST['_detailPage'];
        $schema['_previewPage'] = $_REQUEST['_previewPage'];
        $schema['_hideRecordsFromDisabledAccounts'] = $_REQUEST['_hideRecordsFromDisabledAccounts'];
        $schema['_requiredPlugins'] = @$_REQUEST['_requiredPlugins'];
    }
    if ($_REQUEST['menuType'] == 'link') {
        $schema['_url'] = $_REQUEST['_url'];
        $schema['_linkTarget'] = @$_REQUEST['_linkTarget'];
        $schema['_linkMessage'] = @$_REQUEST['_linkMessage'];
        $schema['_iframeHeight'] = @$_REQUEST['_iframeHeight'];
        unset($schema['_targetBlank']);
        // unset old schema value (if it exists)
    }
    if ($_REQUEST['menuType'] == 'category') {
        $schema['_maxDepth'] = $_REQUEST['_maxDepth'];
    }
    saveSchema($_REQUEST['tableName'], $schema);
    //
    notice("Table details for '" . htmlencode($schema['menuName']) . "' have been saved.");
}