/** * get settings from search table **/ function getSearchSettings() { $backend = CAT_Backend::getInstance('Settings', 'settings_advanced'); $data = array(); $res_search = $backend->db()->query('SELECT * FROM `:prefix:search` WHERE `extra`="" OR `extra` IS NULL'); if (!$backend->db()->isError() && is_object($res_search)) { foreach ($res_search->fetchAll() as $row) { $data[$row['name']] = htmlspecialchars($row['value']); } } $r = $backend->db()->query('SELECT `value` FROM `:prefix:settings` WHERE `name`=:name', array('name' => 'search')); if ($r->rowCount()) { $row = $r->fetch(); $data['search'] = $row['value']; } return $data; }
if (defined('CAT_PATH')) { include CAT_PATH . '/framework/class.secure.php'; } else { $root = "../"; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } $backend = CAT_Backend::getInstance('preferences', 'start'); $user = CAT_Users::getInstance(); $val = CAT_Helper_Validate::getInstance(); $user_id = $val->fromSession('USER_ID', 'numeric'); $group_id = $val->fromSession('GROUP_ID', 'numeric'); global $parser; $tpl_data = array(); include_once CAT_PATH . '/framework/functions-utf8.php'; $page = $user->get_initial_page($user_id, true); // initial page $options = $user->get_init_pages(); $tpl_data['INIT_PAGE_SELECT'] = $options; // ============================================================= // ! read user-info from table users and assign it to template // ============================================================= $sql = 'SELECT `display_name`, `username`, `email`, `statusflags` FROM `%susers` WHERE `user_id` = %d';
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } $val = CAT_Helper_Validate::getInstance(); $perm = 'users_modify'; if ($val->sanitizePost('addUser')) { $perm = 'users_add'; } $backend = CAT_Backend::getInstance('access', $perm, false); $users = CAT_Users::getInstance(); header('Content-type: application/json'); if (!$users->checkPermission('access', $perm)) { $ajax = array('message' => $backend->lang()->translate('You do not have the permission to {{action}} a user.', array('action' => str_replace('users', '', $perm))), 'success' => false); print json_encode($ajax); exit; } $addUser = trim($val->sanitizePost('addUser', NULL, true)); $saveUser = trim($val->sanitizePost('saveUser', NULL, true)); include_once CAT_PATH . '/framework/functions.php'; // Gather details entered $username_fieldname = str_replace(array("[[", "]]"), '', htmlspecialchars($val->sanitizePost('username_fieldname'), ENT_QUOTES)); $username = trim($val->sanitizePost($username_fieldname, NULL, true)); $display_name = trim(str_replace(array('[[', ']]'), '', htmlspecialchars($val->sanitizePost('display_name'), ENT_QUOTES))); $user_id = $val->sanitizePost('user_id', NULL, true);
$level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } // ================================= // ! Include the WB functions file // ================================= include_once CAT_PATH . '/framework/functions.php'; $backend = CAT_Backend::getInstance('Media', 'media', false); $users = CAT_Users::getInstance(); $val = CAT_Helper_Validate::getInstance(); header('Content-type: application/json'); $ajax['file'] = $val->sanitizePost('file'); $ajax['file_path'] = $val->sanitizePost('file_path'); if ($ajax['file'] == '' || $ajax['file_path'] == '' || $users->checkPermission('media', 'media_delete') !== true) { $ajax = array('message' => 'You don\'t have the permission to delete this file. Check your system settings.', 'success' => false); print json_encode($ajax); exit; } else { // ============================ // ! Try to delete file/folder // ============================ $link = CAT_PATH . $ajax['file_path'] . '/' . $ajax['file']; if (file_exists($link)) {
} else { $root = "../"; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } $users = CAT_Users::getInstance(); $val = CAT_Helper_Validate::getInstance(); $backend = CAT_Backend::getInstance('Pages', 'pages_settings'); if (!$users->checkPermission('pages', 'pages_settings')) { $backend->print_error('You do not have permissions to modify this page'); } // =============== // ! Get page id // =============== $page_id = $val->sanitizePost('page_id', 'numeric'); if (!$page_id) { $backend->print_error('Missing page ID!'); } // Include the WB functions file require_once CAT_PATH . '/framework/functions.php'; // get form data $language = $val->sanitizePost('map_language', NULL, true); $link_page_id = $val->sanitizePost('link_page_id', 'numeric', true);
/** * let the user manage the available backups **/ function manage_droplet_backups() { global $parser, $settings, $val, $backend; $groups = CAT_Users::get_groups_id(); if (!CAT_Helper_Droplet::is_allowed('manage_backups', $groups)) { $backend->print_error(CAT_Backend::getInstance()->lang()->translate("You don't have the permission to do this")); } $rows = array(); $info = NULL; $dirh = CAT_Helper_Directory::getInstance(); // recover $recover = $val->get('_REQUEST', 'recover'); if ($recover && file_exists($dirh->sanitizePath(dirname(__FILE__) . '/export/' . $recover))) { if (!function_exists('droplets_upload')) { @(include_once dirname(__FILE__) . '/include.php'); } $temp_unzip = $dirh->sanitizePath(CAT_PATH . '/temp/unzip/'); $result = droplets_import($dirh->sanitizePath(dirname(__FILE__) . '/export/' . $recover), $temp_unzip); $info = $backend->lang()->translate('Successfully imported [{{count}}] Droplet(s)', array('count' => $result['count'])); } // delete single backup $delbackup = $val->get('_REQUEST', 'delbackup'); if ($delbackup && file_exists($dirh->sanitizePath(dirname(__FILE__) . '/export/' . $delbackup))) { @unlink($dirh->sanitizePath(dirname(__FILE__) . '/export/' . $delbackup)); $info = $backend->lang()->translate('Backup file deleted: {{file}}', array('file' => $delbackup)); } // delete a list of backups // get all marked droplets $marked = isset($_POST['markeddroplet']) ? $_POST['markeddroplet'] : array(); if (count($marked)) { $deleted = array(); foreach ($marked as $file) { $file = $dirh->sanitizePath(dirname(__FILE__) . '/export/' . $file); if (file_exists($file)) { @unlink($file); $deleted[] = $backend->lang()->translate('Backup file deleted: {{file}}', array('file' => basename($file))); } } if (count($deleted)) { $info = implode('<br />', $deleted); } } $backups = $dirh->scanDirectory($dirh->sanitizePath(dirname(__FILE__) . '/export'), true, true, NULL, array('zip')); if (count($backups) > 0) { // sort by name sort($backups); foreach ($backups as $file) { // stat $stat = stat($file); // get zip contents $count = CAT_Helper_Zip::getInstance($file)->listContent(); $rows[] = array('name' => basename($file), 'size' => $stat['size'], 'date' => strftime('%c', $stat['ctime']), 'files' => count($count), 'listfiles' => implode(", ", array_map(create_function('$cnt', 'return $cnt["filename"];'), $count)), 'download' => CAT_Helper_Validate::sanitize_url(CAT_URL . '/modules/droplets/export/' . basename($file))); } } $parser->output('backups', array('rows' => $rows, 'info' => $info, 'backups' => count($backups) ? 1 : NULL)); }
if (empty($sub)) { continue; } $dir .= '/' . $sub; if (file_exists($dir . '/framework/class.secure.php')) { include $dir . '/framework/class.secure.php'; $inc = true; break; } } if (!$inc) { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } // protect $backend = CAT_Backend::getInstance('Start', 'start', false, false); if (!CAT_Users::is_authenticated()) { exit; } // just to be _really_ sure... require CAT_PATH . '/framework/CAT/ExceptionHandler.php'; // register exception/error handlers set_exception_handler(array("CAT_ExceptionHandler", "exceptionHandler")); set_error_handler(array("CAT_ExceptionHandler", "errorHandler")); register_shutdown_function(array("CAT_ExceptionHandler", "shutdownHandler")); include dirname(__FILE__) . '/../data/config.inc.php'; $widget_name = 'Version check'; $error = $version = $newer = $last = $last_version = NULL; $debug = false; $doit = true; if (!CAT_Helper_Validate::sanitizeGet('blackcat_refresh')) {
if (defined('CAT_PATH')) { include CAT_PATH . '/framework/class.secure.php'; } else { $root = "../"; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } $backend = CAT_Backend::getInstance('Access', 'users', false, false); $users = CAT_Users::getInstance(); $val = CAT_Helper_Validate::getInstance(); header('Content-type: application/json'); if (!$users->checkPermission('access', 'users')) { $ajax = array('message' => $backend->lang()->translate('You do not have the permission to view users'), 'success' => false); print json_encode($ajax); exit; } $user_id = $val->sanitizePost('id', 'numeric'); if (!$user_id || $user_id == 1) { $ajax = array('message' => $backend->lang()->translate('You sent an invalid value'), 'success' => false); print json_encode($ajax); exit; } $user = $users->get_user_details($user_id);
if (defined('CAT_PATH')) { include CAT_PATH . '/framework/class.secure.php'; } else { $root = "../"; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } $backend = CAT_Backend::getInstance('admintools', 'blackcatFilter'); $val = CAT_Helper_Validate::getInstance(); $showit = false; $errors = array(); $upload_error = NULL; // new filter? if ($val->sanitizePost('filter_add')) { $data = array(); foreach (array('module_name', 'name', 'description', 'code', 'active') as $key) { if (!$val->sanitizePost('filter_' . $key)) { if ($key == 'code' && isset($_FILES['filter_file'])) { $data[$key] = ''; continue; } $errors[$key] = $backend->lang()->translate('Please fill out the field: {{ name }}', array('name' => $backend->lang()->translate($key))); } else {
include CAT_PATH . '/framework/class.secure.php'; } else { $root = "../"; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } global $parser; $backend = CAT_Backend::getInstance('start'); $user = CAT_Users::getInstance(); $lang = CAT_Helper_I18n::getInstance(); $widget = CAT_Helper_Widget::getInstance(); // this will redirect to the login page if the permission is not set $user->checkPermission('start', 'start', false); // ================================================ // ! Check if installation directory still exists // ================================================ if (file_exists(CAT_PATH . '/install/')) { CAT_Helper_Directory::removeDirectory(CAT_PATH . '/install/'); } // exec initial_page if ($val->sanitizeGet('initial') || !$user->checkPermission('start', 'start') === true) { $page = $user->get_initial_page(); if ($page) {
if (defined('CAT_PATH')) { include CAT_PATH . '/framework/class.secure.php'; } else { $root = "../"; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } $backend = CAT_Backend::getInstance('Pages', 'pages_intro'); $val = CAT_Helper_Validate::getInstance(); // Get page content $filename = CAT_PATH . PAGES_DIRECTORY . '/intro' . PAGE_EXTENSION; if (file_exists($filename)) { $handle = fopen($filename, "r"); $content = fread($handle, filesize($filename)); fclose($handle); } else { $content = ''; } if ($val->sanitizeGet('wysiwyg') != 'no') { if (!defined('WYSIWYG_EDITOR') || WYSIWYG_EDITOR == 'none' || !file_exists(CAT_PATH . '/modules/' . WYSIWYG_EDITOR . '/include.php')) { function show_wysiwyg_editor($name, $id, $content, $width, $height) { echo '<textarea name="' . $name . '" id="' . $id . '" style="width: ' . $width . '; height: ' . $height . ';">' . $content . '</textarea>';
if (defined('CAT_PATH')) { include CAT_PATH . '/framework/class.secure.php'; } else { $root = "../"; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } $backend = CAT_Backend::getInstance('Addons', 'modules_uninstall'); $val = CAT_Helper_Validate::getInstance(); $addons = CAT_Helper_Addons::getInstance(); // Get name and type of add on $type = $val->sanitizePost('type', NULL, true); $addon_name = $val->sanitizePost('file'); $file = $type == 'language' ? $addon_name . '.php' : $addon_name; // Check if user selected a module if (trim($file) == '' || trim($type) == '') { header("Location: index.php"); exit(0); } $js_back = CAT_ADMIN_URL . '/addons/index.php'; // Check if the module exists if (!$addons->isModuleInstalled($addon_name, NULL, preg_replace('~s$~', '', $type))) { $backend->print_error('Not installed', $js_back, false);
/** * * **/ public static function createAccessFile($filename, $page_id) { $filename = CAT_Helper_Directory::sanitizePath($filename); // check if $filename is a full path (may be 'link' db value) if (!preg_match('~^' . CAT_Helper_Directory::sanitizePath(CAT_PATH . PAGES_DIRECTORY) . '~i', $filename)) { $filename = CAT_Helper_Directory::sanitizePath(CAT_PATH . PAGES_DIRECTORY . '/' . dirname($filename) . '/' . self::getFilename(basename($filename)) . PAGE_EXTENSION); } $pages_path = CAT_Helper_Directory::sanitizePath(CAT_PATH . PAGES_DIRECTORY); $rel_pages_dir = str_replace($pages_path, '', CAT_Helper_Directory::sanitizePath(dirname($filename))); $rel_filename = str_replace($pages_path, '', CAT_Helper_Directory::sanitizePath($filename)); // prevent system directories and files from being overwritten (level 0) $denied = false; if (PAGES_DIRECTORY == '') { $forbidden_dirs = self::$instance->_config['forbidden_l0']; $forbidden_files = self::$instance->_config['forbidden_filenames_l0']; $search = explode('/', $rel_filename); $denied = in_array($search[1], $forbidden_dirs); $denied = in_array($search[1], $forbidden_files); } if (true === is_writable($pages_path) && false == $denied) { // First make sure parent folder exists $parent_folders = explode('/', $rel_pages_dir); $parents = ''; foreach ($parent_folders as $parent_folder) { if ($parent_folder != '/' && $parent_folder != '') { $parents .= '/' . $parent_folder; if (!file_exists($pages_path . $parents)) { // create dir; also creates index.php (last param = true) CAT_Helper_Directory::createDirectory($pages_path . $parents, OCTAL_DIR_MODE, true); CAT_Helper_Directory::setPerms($pages_path . $parents); } } } $step_back = str_repeat('../', substr_count($rel_pages_dir, '/') + (PAGES_DIRECTORY == "" ? 0 : 1)); $content = '<?php' . "\n"; $content .= "/**\n *\tThis file is autogenerated by BlackCat CMS Version " . CAT_VERSION . "\n"; $content .= " *\tDo not modify this file!\n */\n"; $content .= "\t" . '$page_id = ' . $page_id . ';' . "\n"; $content .= "\t" . 'require_once \'' . $step_back . 'index.php\';' . "\n"; $content .= '?>'; /** * write the file */ $fp = fopen($filename, 'w'); if ($fp) { fwrite($fp, $content, strlen($content)); fclose($fp); /** * Chmod the file */ CAT_Helper_Directory::getInstance()->setPerms($filename); } else { CAT_Backend::getInstance()->print_error('Error creating access file in the pages directory, cannot open file'); return false; } return true; } else { CAT_Backend::getInstance()->print_error('Error creating access file in the pages directory, path not writable or forbidden file / directory name'); return false; } }
if (defined('CAT_PATH')) { include CAT_PATH . '/framework/class.secure.php'; } else { $root = "../"; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } $backend = CAT_Backend::getInstance('Access', 'groups', false); $users = CAT_Users::getInstance(); $val = CAT_Helper_Validate::getInstance(); header('Content-type: application/json'); $addGroup = trim($val->sanitizePost('addGroup', NULL, true)); $saveGroup = trim($val->sanitizePost('saveGroup', NULL, true)); if ($addGroup && !$users->checkPermission('Access', 'groups_add') || $saveGroup && !$users->checkPermission('Access', 'groups_modify')) { $action = $addGroup != '' ? 'add' : 'modify'; $ajax = array('message' => $backend->lang()->translate('You do not have the permission to {{action}} a group.', array('action' => $action)), 'success' => false); print json_encode($ajax); exit; } // Gather details entered $group_name = trim($val->sanitizePost('name', NULL, true)); $group_id = $val->sanitizePost('group_id', 'numeric', true); if ($saveGroup && (!$group_id || $group_id == 1 || $group_id == '') || $addGroup == '' && $saveGroup == '' || $addGroup != '' && $saveGroup != '') {
include CAT_PATH . '/framework/class.secure.php'; } else { $root = "../"; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } $header = CAT_Helper_Validate::sanitizeGet('ajax') ? false : true; $backend = CAT_Backend::getInstance('admintools', 'admintools', $header); $admin =& $backend; $val = CAT_Helper_Validate::getInstance(); $get_tool = $val->sanitizeGet('tool', NULL, true); if ($get_tool == '') { $get_tool = $val->sanitizePost('tool', NULL, true); } if ($get_tool == '') { header("Location: index.php"); exit(0); } // check tool permission if (!CAT_Users::get_permission($get_tool, 'module')) { header("Location: index.php"); exit(0); }
/** * Check if a output filter is already registered * * @param string $filter_name * @param string $module_directory * @return boolean */ function is_filter_registered($filter_name, $module_directory) { $backend = CAT_Backend::getInstance('addons', 'modules_install'); $SQL = sprintf("SELECT `filter_name` FROM `:prefix:mod_filter` WHERE " . "`filter_name`='%s' AND `module_name`='%s'", $filter_name, $module_directory); if (false === ($name = $backend->db()->get_one($SQL, MYSQL_ASSOC))) { return false; } return $name == $filter_name; }
$root = "../"; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } $local = array('pages' => 'backend_pages_modify.js', 'access' => 'backend_users_index.js', 'addons' => 'backend_addons.js', 'media' => 'backend_media.js', 'preferences' => 'backend_preferences.js', 'settings' => array('backend_pages_modify.js', 'backend_settings_index.js'), 'login_index' => 'login.js'); $mod_headers = array('backend' => array('meta' => array(array('name' => 'viewport', 'content' => 'width=device-width, initial-scale=1')), 'css' => array(array('media' => 'screen', 'file' => 'templates/freshcat/css/default/index.css'), array('media' => 'screen', 'file' => 'modules/lib_jquery/plugins/qtip2/qtip2.min.css')), 'jquery' => array(array('core' => true, 'ui' => true, 'all' => array('jquery.highlight', 'jquery.cookies', 'tag-it', 'qtip2', 'jquery.form', 'jquery.livesearch', 'jquery.smarttruncation', 'cattranslate'))), 'js' => array(array('debug.js', 'jquery.fc_set_tab_list.js', 'jquery.fc_toggle_element.js', 'jquery.fc_resize_elements.js', 'jquery.fc_show_popup.js', 'general.js', 'pages_tree.js', 'session.js')))); // get current backend section to add local JS $page = strtolower(CAT_Backend::getInstance()->section_name); if (isset($local[$page])) { if (!is_array($local[$page])) { $local[$page] = array($local[$page]); } $mod_headers['backend']['js'][0] = array_merge($mod_headers['backend']['js'][0], $local[$page]); } if ($page == 'addons') { array_push($mod_headers['backend']['css'], array('file' => 'templates/freshcat/css/default/tabs.css')); if (CAT_Helper_Addons::isModuleInstalled('lib_dropzone')) { $mod_headers['backend']['js'][0][] = '/modules/lib_dropzone/vendor/dropzone.min.js'; array_push($mod_headers['backend']['css'], array('file' => 'modules/lib_dropzone/vendor/dropzone.min.css')); } array_push($mod_headers['backend']['css'], array('file' => 'templates/freshcat/css/default/addons.css')); } // check for custom JS for current backend page
if (defined('CAT_PATH')) { include CAT_PATH . '/framework/class.secure.php'; } else { $root = "../"; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } $backend = CAT_Backend::getInstance('Addons', 'modules_install', false); $users = CAT_Users::getInstance(); $val = CAT_Helper_Validate::getInstance(); $success = false; $message = ''; header('Content-type: application/json'); if (!$users->checkPermission('Addons', 'modules_install')) { $message = $backend->lang()->translate("Sorry, but you don't have the permissions for this action"); printResult(); } $type = $val->sanitizePost('new_moduletype'); $name = $val->sanitizePost('new_modulename'); $dir = $val->sanitizePost('new_moduledir'); $desc = $val->sanitizePost('new_moduledesc'); $author = $val->sanitizePost('new_moduleauthor'); $func = 'page';
$level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } ob_start(); header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); header("Content-Type: text/html; charset:utf-8;"); $backend = CAT_Backend::getInstance('Settings', 'settings_basic'); $curr_user_is_admin = in_array(1, CAT_Users::getInstance()->get_groups_id()); if (!$curr_user_is_admin) { echo "<div style='border: 2px solid #CC0000; padding: 5px; text-align: center; background-color: #ffbaba;'>You're not allowed to use this function!</div>"; exit; } $settings = array(); $sql = 'SELECT * FROM `' . CAT_TABLE_PREFIX . 'settings` WHERE name="guid"'; if ($res = $backend->db()->query($sql)) { $row = $res->fetchRow(MYSQL_ASSOC); } if (!isset($row['value']) || $row['value'] == '') { @(require_once CAT_PATH . '/framework/CAT/Object.php'); $guid = CAT_Object::createGUID(); $row['setting_id'] = isset($row['setting_id']) ? $row['setting_id'] : NULL; $backend->db()->query('REPLACE INTO `' . CAT_TABLE_PREFIX . 'settings` VALUES("' . $row['setting_id'] . '", "guid", "' . $guid . '")');
if (defined('CAT_PATH')) { include CAT_PATH . '/framework/class.secure.php'; } else { $root = "../"; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } $backend = CAT_Backend::getInstance('Pages', 'pages_add', false); $users = CAT_Users::getInstance(); header('Content-type: application/json'); if (!$users->checkPermission('Pages', 'pages_add')) { $ajax = array('message' => $backend->lang()->translate('You do not have the permission to add a page.'), 'success' => false); print json_encode($ajax); exit; } // note: all pages are listed in the dropdown, even hidden / private AND deleted! $dropdown_list = CAT_Helper_ListBuilder::sort(CAT_Helper_Page::getPages(1), 0); // template / variant $template = CAT_Helper_Page::properties($val->sanitizePost('parent_id', 'numeric'), 'template'); $variant = CAT_Helper_Page::getPageSettings($val->sanitizePost('parent_id', 'numeric'), 'internal', 'template_variant'); $variants = array(); $info = CAT_Helper_Addons::checkInfo(CAT_PATH . '/templates/' . CAT_Helper_Page::getPageTemplate($val->sanitizePost('parent_id', 'numeric'))); if (isset($info['module_variants']) && is_array($info['module_variants']) && count($info['module_variants'])) {
function print_footer() { return CAT_Backend::getInstance('')->print_footer(); }
include CAT_PATH . '/framework/class.secure.php'; } else { $root = "../"; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } // backend only $backend = CAT_Backend::getInstance('admintools'); $user = CAT_Users::getInstance(); $val = CAT_Helper_Validate::getInstance(); // this will redirect to the login page if the permission is not set $user->checkPermission('admintools', 'admintools'); // check if any editor is set if (!defined('WYSIWYG_EDITOR') || WYSIWYG_EDITOR == '') { $admin->print_error('No WYSIWYG editor set, please set one first (Settings -> Backend settings -> WYSIWYG Editor)', NULL, false); } // check for config driver $cfg_file = CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . WYSIWYG_EDITOR . '/c_editor.php'); if (file_exists($cfg_file)) { require $cfg_file; } elseif (file_exists(CAT_Helper_Directory::sanitizePath(dirname(__FILE__) . "/driver/" . WYSIWYG_EDITOR . "/c_editor.php"))) { require_once dirname(__FILE__) . "/driver/" . WYSIWYG_EDITOR . "/c_editor.php"; } else {
include CAT_PATH . '/framework/class.secure.php'; } else { $root = "../"; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } $tpl_data = array(); $backend = CAT_Backend::getInstance('Addons', 'addons'); $users = CAT_Users::getInstance(); $addons = CAT_Helper_Addons::get_addons(); $counter = 0; $seen_dirs = array(); $tpl_data['addons'] = array(); $tpl_data['not_installed_addons'] = array('modules' => array(), 'templates' => array(), 'languages' => array()); $tpl_data['groups'] = $users->get_groups('', '', false); $tpl_data['username'] = $users->get_display_name(); // for new addons global $parser; foreach ($addons as $addon) { // check if the user is allowed to see this item if (!$users->get_permission($addon['directory'], $addon['type'])) { $seen_dirs[] = $addon['directory']; continue;
if (defined('CAT_PATH')) { include CAT_PATH . '/framework/class.secure.php'; } else { $root = "../"; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } $backend = CAT_Backend::getInstance('Pages', 'pages_delete', false); $users = CAT_Users::getInstance(); $val = CAT_Helper_Validate::getInstance(); header('Content-type: application/json'); // Get perms if (!$users->checkPermission('pages', 'pages_delete', false)) { $ajax = array('message' => $backend->lang()->translate('You do not have the permission to delete a page.'), 'success' => false); print json_encode($ajax); exit; } $page_id = $val->sanitizePost('page_id', 'numeric'); // Get page id if (!$page_id) { $ajax = array('message' => $backend->lang()->translate('You sent an invalid value'), 'success' => false); print json_encode($ajax); exit;
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see <http://www.gnu.org/licenses/>. * * @author Black Cat Development * @copyright 2013, Black Cat Development * @link http://blackcat-cms.org * @license http://www.gnu.org/licenses/gpl.html * @category CAT_Core * @package CAT_Core * */ if (defined('CAT_PATH')) { include CAT_PATH . '/framework/class.secure.php'; } else { $root = "../"; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } CAT_Backend::getInstance('Pages', 'pages_modify')->db()->query(sprintf("DELETE FROM `%smod_wysiwyg` WHERE section_id = '%d'", CAT_TABLE_PREFIX, $section_id));
include CAT_PATH . '/framework/class.secure.php'; } else { $root = "../"; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } header('Content-type: application/json'); $backend = CAT_Backend::getInstance('user', 'preferences', false, false); $user = CAT_Users::getInstance(); $val = CAT_Helper_Validate::getInstance(); $extended = $user->getExtendedOptions(); $err_msg = array(); // ================================================= // ! remove any dangerouse chars from display_name // ================================================= $display_name = $val->add_slashes(strip_tags(trim($val->sanitizePost('display_name')))); $display_name = $display_name == '' ? $user->get_display_name() : $display_name; // ================================================================================== // ! check that display_name is unique in whole system (prevents from User-faking) // ================================================================================== $sql = 'SELECT COUNT(*) FROM `:prefix:users` WHERE `user_id` <> :id AND `display_name` LIKE :name'; if ($backend->db()->query($sql, array('id' => (int) $user->get_user_id(), 'name' => $display_name))->fetchColumn() > 0) { $err_msg[] = $backend->lang->translate('The username you entered is already taken');
if (defined('CAT_PATH')) { include CAT_PATH . '/framework/class.secure.php'; } else { $root = "../"; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } $backend = CAT_Backend::getInstance('Settings', 'settings', false); $users = CAT_Users::getInstance(); $val = CAT_Helper_Validate::getInstance(); header('Content-type: application/json'); if (!$users->checkPermission('Settings', 'settings')) { $ajax = array('message' => $backend->lang()->translate("Sorry, but you don't have the permissions for this action"), 'success' => false); print json_encode($ajax); exit; } global $err_msg; $err_msg = array(); require_once dirname(__FILE__) . '/functions.php'; $region = $val->sanitizePost('current_page'); switch ($region) { case 'sysinfo': // nothing to save here
$root = "../"; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } $update_when_modified = true; $val = CAT_Helper_Validate::getInstance(); $user = CAT_Users::getInstance(); $backend = CAT_Backend::getInstance('Pages', 'pages_modify'); // =============== // ! Get page id // =============== $page_id = $val->get('_REQUEST', 'page_id', 'numeric'); $section_id = $val->get('_REQUEST', 'section_id', 'numeric'); if (!$page_id) { header("Location: index.php"); exit(0); } // ============= // ! Get perms // ============= if (CAT_Helper_Page::getPagePermission($page_id, 'admin') !== true) { $backend->print_error('You do not have permissions to modify this page!'); }
include CAT_PATH . '/framework/class.secure.php'; } else { $root = "../"; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } $user = CAT_Users::getInstance(); $backend = CAT_Backend::getInstance('Settings', 'settings_advanced'); global $parser; $tpl_data = array(); // include local functions file require_once dirname(__FILE__) . '/functions.php'; // template for default tab (SEO settings) $tpl = 'backend_settings_index_seo'; // add default form $tpl_data['INDEX'] = $parser->get($tpl, array('values' => getSettingsTable())); $tpl_data['MAINTENANCE_MODE'] = CAT_Registry::get('MAINTENANCE_MODE'); // ==================== // ! Parse the site // ==================== $parser->output('backend_settings_index', $tpl_data); // ====================== // ! Print admin footer