/** * this method may be called by modules to handle a droplet upload **/ function droplets_upload($input) { // Set temp vars $temp_dir = CAT_Helper_Directory::sanitizePath(CAT_PATH . '/temp/'); $temp_file = CAT_Helper_Directory::sanitizePath($temp_dir . $_FILES[$input]['name']); $temp_unzip = CAT_Helper_Directory::sanitizePath(CAT_PATH . '/temp/unzip/'); $errors = array(); // Try to upload the file to the temp dir if (!move_uploaded_file($_FILES[$input]['tmp_name'], $temp_file)) { return array('error', CAT_Helper_Directory::getInstance()->lang()->translate('Upload failed')); } $result = droplets_import($temp_file, $temp_unzip); // Delete the temp zip file if (file_exists($temp_file)) { unlink($temp_file); } CAT_Helper_Directory::removeDirectory($temp_unzip); // show errors if (isset($result['errors']) && is_array($result['errors']) && count($result['errors']) > 0) { return array('error', $result['errors'], NULL); } // return success return array('success', $result['count']); }
$val = CAT_Helper_Validate::getInstance(); header('Content-type: application/json'); $ajax['file'] = $val->sanitizePost('file'); $ajax['file_path'] = $val->sanitizePost('file_path'); if ($ajax['file'] == '' || $ajax['file_path'] == '' || $users->checkPermission('media', 'media_delete') !== true) { $ajax = array('message' => 'You don\'t have the permission to delete this file. Check your system settings.', 'success' => false); print json_encode($ajax); exit; } else { // ============================ // ! Try to delete file/folder // ============================ $link = CAT_PATH . $ajax['file_path'] . '/' . $ajax['file']; if (file_exists($link)) { $kind = is_dir($link) ? 'dir' : 'file'; if (is_dir($link) && CAT_Helper_Directory::removeDirectory($link)) { $ajax['message'] = $backend->lang()->translate('Folder deleted successfully'); $ajax['success'] = true; } elseif (is_file($link) && unlink($link)) { $ajax['message'] = $backend->lang()->translate('File deleted successfully'); $ajax['success'] = true; } else { $ajax['message'] = $kind == 'dir' ? $backend->lang()->translate('Cannot delete the selected directory') : $backend->lang()->translate('Cannot delete the selected file'); $ajax['success'] = false; } } else { $ajax['message'] = $backend->lang()->translate('Couldn\'t find the folder or file'); $ajax['success'] = false; } print json_encode($ajax); }
print json_encode($ajax); exit; } $visibility = $page['visibility']; $use_trash = false; // Check if we should delete it or just set the visibility to 'deleted' if (PAGE_TRASH !== false && $visibility != 'deleted') { $ajax_status = 1; // Page trash is enabled and page has not yet been deleted $result = CAT_Helper_Page::deletePage($page_id, true); $use_trash = true; } else { $ajax_status = 0; $result = CAT_Helper_Page::deletePage($page_id); } if (!$result) { $ajax = array('message' => $backend->lang()->translate('An error occured (using trash: {{trash}})', array('trash' => $use_trash ? $backend->lang()->translate('Yes') : $backend->lang()->translate('No'))) . ($backend->db()->isError() ? ' (DB error: ' . $backend->db()->getError() . ')' : ''), 'success' => false); print json_encode($ajax); exit; } else { // delete empty parent dir $directory = CAT_PATH . PAGES_DIRECTORY . CAT_Helper_Page::properties($page_id, 'link'); $directory = pathinfo($directory, PATHINFO_DIRNAME); if (is_dir($directory) && rtrim($directory, '/') != CAT_PATH . PAGES_DIRECTORY && CAT_Helper_Directory::is_empty($directory, true)) { CAT_Helper_Directory::removeDirectory($directory); } $ajax = array('message' => $backend->lang()->translate('Page(s) deleted successfully'), 'status' => $ajax_status, 'success' => true); print json_encode($ajax); exit; } exit;
/** * * @access public * @return **/ public static function uninstallModule($type, $addon_name) { // keep old modules happy global $wb, $admin, $database; switch ($type) { case 'languages': // is default or used by current user if ($addon_name == DEFAULT_LANGUAGE || $addon_name == LANGUAGE) { $temp = array('name' => $addon_name, 'type' => $addon_name == DEFAULT_LANGUAGE ? self::getInstance()->lang()->translate('standard language') : self::getInstance()->lang()->translate('current language')); return self::getInstance()->lang()->translate('Cannot uninstall this language <span class="highlight_text">{{name}}</span> because it is the {{type}}!', $temp); } // used by other users $query_users = self::getInstance()->db()->query("SELECT `user_id` FROM `:prefix:users` WHERE language=:lang LIMIT 1", array('lang' => $addon_name)); if ($query_users->rowCount() > 0) { return self::getInstance()->lang()->translate('Cannot uninstall this language <span class="highlight_text">{{name}}</span> because it is in use!', array('name' => $addon_name)); } break; case 'modules': // check if the module is still in use $info = self::getInstance()->db()->query("SELECT `section_id`, `page_id` FROM `:prefix:sections` WHERE module=:mod", array('mod' => $addon_name)); if ($info->rowCount() > 0) { $temp = explode(";", self::getInstance()->lang()->translate('this page;these pages')); $add = $info->rowCount() == 1 ? $temp[0] : $temp[1]; $values = array('type' => self::getInstance()->lang()->translate('Module'), 'type_name' => $type, 'pages_string' => $add, 'count' => $info->rowCount(), 'name' => $addon_name); $pages = array(); while (false != ($data = $info->fetchRow(MYSQL_ASSOC))) { // skip negative page id's if (substr($data['page_id'], 0, 1) == '-') { continue; } $pages[] = sprintf('<a href="%s">%s</a>', CAT_Helper_Page::getLink($data['page_id']), CAT_Helper_Page::properties($data['page_id'], 'menu_title')); } $values['pages'] = implode('<br />', $pages); return self::getInstance()->lang()->translate('Cannot uninstall module <span class="highlight_text">{{name}}</span> because it is in use on {{pages_string}}:<br /><br />{{pages}}', $values); } // some modules cannot be removed (used by system) if (!self::isRemovable($addon_name)) { return self::getInstance()->lang()->translate('Cannot uninstall module <span class="highlight_text">{{name}}</span> because it is marked as mandatory!', array('name' => $addon_name)); } if (defined('WYSIWYG_EDITOR') && $addon_name == WYSIWYG_EDITOR) { return self::getInstance()->lang()->translate('Cannot uninstall module <span class="highlight_text">{{name}}</span> because it is the standard WYSWIWYG editor!', array('name' => $addon_name)); } break; case 'templates': if ($addon_name == DEFAULT_THEME || $addon_name == DEFAULT_TEMPLATE) { $temp = array('name' => $addon_name, 'type' => $addon_name == DEFAULT_TEMPLATE ? self::getInstance()->lang()->translate('default template') : self::getInstance()->lang()->translate('default backend theme')); return self::getInstance()->lang()->translate('Cannot uninstall template <span class="highlight_text">{{name}}</span> because it is the {{type}}!', $temp); } $info = self::getInstance()->db()->query("SELECT `page_id`, `page_title` FROM `:prefix:pages` WHERE template=:name order by page_title", array('name' => $addon_name)); if ($info->rowCount() > 0) { $msg_template_str = 'Cannot uninstall template <span class="highlight_text">{{name}}</span> because it is still in use on {{pages}}:'; $temp = explode(';', self::getInstance()->lang()->translate('this page;these pages')); $add = $info->rowCount() == 1 ? $temp[0] : $temp[1]; $page_template_str = "<li><a href='../pages/settings.php?page_id={{id}}'>{{title}}</a></li>"; $values = array('pages' => $add, 'name' => $addon_name); $msg = self::getInstance()->lang()->translate($msg_template_str, $values); $page_names = '<ul>'; while ($data = $info->fetchRow()) { $page_info = array('id' => $data['page_id'], 'title' => $data['page_title']); $page_names .= self::getInstance()->lang()->translate($page_template_str, $page_info); } $page_names .= '</ul>'; return $msg . $page_names; } break; default: break; } // end switch // all checks succeeded, try to uninstall if (file_exists(CAT_PATH . '/' . $type . '/' . $addon_name . '/uninstall.php')) { require CAT_PATH . '/' . $type . '/' . $addon_name . '/uninstall.php'; } // Remove entry from DB if ($type != 'languages') { self::getInstance()->db()->query("DELETE FROM `:prefix:addons` WHERE directory=:dir AND type=:type", array('dir' => $addon_name, 'type' => substr($type, 0, -1))); if (self::getInstance()->db()->isError()) { return self::getInstance()->db()->getError(); } $stmt = self::getInstance()->db()->query('SELECT * FROM `:prefix:groups` WHERE group_id <> 1'); if ($stmt->rowCount() > 0) { while ($row = $stmt->fetchRow(MYSQL_ASSOC)) { $gid = $row['group_id']; $file = $addon_name; // get current value $permissions = explode(',', $row[substr($type, 0, -1) . '_permissions']); // remove uninstalled module if (in_array($file, $permissions)) { $i = array_search($file, $permissions); array_splice($permissions, $i, 1); $permissions = array_unique($permissions); asort($permissions); // Update the database $addon_permissions = implode(',', $permissions); self::getInstance()->db()->query(sprintf("UPDATE `:prefix:groups` SET %s_permissions=:perm WHERE group_id=:id", substr($type, 0, -1)), array('perm' => $addon_permissions, 'id' => $gid)); } } } // Try to delete the module dir if (!CAT_Helper_Directory::removeDirectory(CAT_PATH . '/' . $type . '/' . $addon_name)) { return self::getInstance()->lang()->translate('Cannot uninstall - unable to delete the directory!'); } } else { self::getInstance()->db()->query("DELETE FROM `:prefix:addons` WHERE directory=:dir AND type=:type", array('dir' => $addon_name, 'type' => substr($type, 0, -1))); if (self::getInstance()->db()->isError()) { return self::getInstance()->db()->getError(); } unlink(CAT_PATH . '/languages/' . $addon_name . '.php'); } return true; }
/** * **/ function export_droplets() { global $parser, $val, $backend; $groups = CAT_Users::get_groups_id(); if (!CAT_Helper_Droplet::is_allowed('export_droplets', $groups)) { $backend->print_error($backend->lang()->translate("You don't have the permission to do this")); } $info = array(); // get all marked droplets $marked = isset($_POST['markeddroplet']) ? $_POST['markeddroplet'] : array(); if (isset($marked) && !is_array($marked)) { $marked = array($marked); } if (!count($marked)) { return $backend->lang()->translate('Please mark some Droplets to export'); } $temp_dir = CAT_PATH . '/temp/droplets/'; // make the temporary working directory @mkdir($temp_dir); foreach ($marked as $id) { $droplet = CAT_Helper_Droplet::getDroplet($id); $name = $droplet["name"]; $usage = preg_replace('/[\\x00-\\x1F\\x7F]/', "\n//", $droplet['comments']); if (substr($usage, -2, 2) == '//') { $usage = substr($usage, 0, -3); } $info[] = 'Droplet: ' . $name . '.php<br />'; $sFile = $temp_dir . $name . '.php'; $fh = fopen($sFile, 'w'); fwrite($fh, '//:' . $droplet['description'] . "\n"); fwrite($fh, '//:' . $usage . "\n"); fwrite($fh, $droplet['code']); fclose($fh); $file = NULL; // look for a data file if (file_exists(dirname(__FILE__) . '/data/' . $droplet['name'] . '.txt')) { $file = CAT_Helper_Directory::sanitizePath(dirname(__FILE__) . '/data/' . $droplet['name'] . '.txt'); } elseif (file_exists(dirname(__FILE__) . '/data/' . strtolower($droplet['name']) . '.txt')) { $file = CAT_Helper_Directory::sanitizePath(dirname(__FILE__) . '/data/' . strtolower($droplet['name']) . '.txt'); } elseif (file_exists(dirname(__FILE__) . '/data/' . strtoupper($droplet['name']) . '.txt')) { $file = CAT_Helper_Directory::sanitizePath(dirname(__FILE__) . '/data/' . strtoupper($droplet['name']) . '.txt'); } if ($file) { if (!file_exists($temp_dir . '/data')) { @mkdir($temp_dir . '/data'); } copy($file, $temp_dir . '/data/' . basename($file)); } } $filename = 'droplets'; // if there's only a single droplet to export, name the zip-file after this droplet if (count($marked) === 1) { $filename = 'droplet_' . $name; } // add current date to filename $filename .= '_' . date('Y-m-d'); // while there's an existing file, add a number to the filename if (file_exists(CAT_PATH . '/modules/droplets/export/' . $filename . '.zip')) { $n = 1; while (file_exists(CAT_PATH . '/modules/droplets/export/' . $filename . '_' . $n . '.zip')) { $n++; } $filename .= '_' . $n; } $temp_file = CAT_Helper_Directory::sanitizePath(CAT_PATH . '/temp/' . $filename . '.zip'); // create zip $archive = CAT_Helper_Zip::getInstance($temp_file)->config('removePath', $temp_dir); $file_list = $archive->create($temp_dir); if ($file_list == 0 && !CAT_Helper_Validate::sanitizeGet('ajax')) { list_droplets($backend->lang()->translate("Packaging error") . ' - ' . $archive->errorInfo(true)); } else { $export_dir = CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/droplets/export'); // create the export folder if it doesn't exist if (!file_exists($export_dir)) { mkdir($export_dir, 0777); } if (!copy($temp_file, $export_dir . '/' . $filename . '.zip') && !CAT_Helper_Validate::sanitizeGet('ajax')) { echo '<div class="drfail">', $backend->lang()->translate('Unable to move the exported ZIP-File!'), '</div>'; $download = CAT_URL . '/temp/' . $filename . '.zip'; } else { unlink($temp_file); $download = CAT_Helper_Validate::sanitize_url(CAT_URL . '/modules/droplets/export/' . $filename . '.zip'); } } CAT_Helper_Directory::removeDirectory($temp_dir); if (CAT_Helper_Validate::sanitizeGet('ajax')) { return true; } return $backend->lang()->translate('Backup created') . '<br /><br />' . implode("\n", $info) . '<br /><br /><a href="' . $download . '">Download</a>'; }
} else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } global $parser; $backend = CAT_Backend::getInstance('start'); $user = CAT_Users::getInstance(); $lang = CAT_Helper_I18n::getInstance(); $widget = CAT_Helper_Widget::getInstance(); // this will redirect to the login page if the permission is not set $user->checkPermission('start', 'start', false); // ================================================ // ! Check if installation directory still exists // ================================================ if (file_exists(CAT_PATH . '/install/')) { CAT_Helper_Directory::removeDirectory(CAT_PATH . '/install/'); } // exec initial_page if ($val->sanitizeGet('initial') || !$user->checkPermission('start', 'start') === true) { $page = $user->get_initial_page(); if ($page) { header('Location: ' . $page); } } $tpl_data = array(); // ===================================================== // ! Insert permission values into the template object // ===================================================== foreach (array('media', 'addons', 'access', 'settings', 'admintools') as $item) { $tpl_data['sections'][$item]['permission'] = $user->checkPermission($item, $item, false); $tpl_data['sections'][$item]['name'] = $item;
// update trail $database->query(sprintf("UPDATE `%spages` SET page_trail='%s' WHERE page_id='%s' LIMIT 1", CAT_TABLE_PREFIX, CAT_Helper_Page::getPageTrail($sub['page_id']), $sub['page_id'])); // Re-write the access file for this page $old_subpage_file = CAT_PATH . PAGES_DIRECTORY . $new_sub_link . PAGE_EXTENSION; // remove old file if (file_exists($old_subpage_file)) { unlink($old_subpage_file); } // create new CAT_Helper_Page::createAccessFile($new_sub_link, $sub['page_id']); } } } // check if source directory is empty now $source_dir = pathinfo(CAT_PATH . PAGES_DIRECTORY . $old_link, PATHINFO_DIRNAME); if (CAT_Helper_Directory::is_empty($source_dir, true)) { CAT_Helper_Directory::removeDirectory($source_dir); } } // ============================== // ! Check if there is a db error // ============================== if (CAT_Helper_Page::getInstance()->db()->isError()) { $ajax = array('message' => CAT_Helper_Page::getInstance()->db()->getError(), 'success' => false); print json_encode($ajax); exit; } else { $ajax = array('message' => $backend->lang()->translate('Page settings saved successfully'), 'menu_title' => htmlspecialchars_decode($options['menu_title'], ENT_QUOTES), 'page_title' => htmlspecialchars_decode($options['page_title'], ENT_QUOTES), 'visibility' => $options['visibility'], 'parent' => $options['parent'], 'position' => $options['position'], 'success' => true); print json_encode($ajax); exit; }
/** * Install a Droplet from a ZIP file (the ZIP may contain more than one * Droplet) * * @access public * @param string $temp_file - name of the ZIP file * @return array see droplets_import() method * **/ public static function installDroplet($temp_file) { $self = self::getInstance(); $temp_unzip = CAT_PATH . '/temp/droplets_unzip/'; CAT_Helper_Directory::createDirectory($temp_unzip); $errors = array(); $imports = array(); $count = 0; // extract file $list = CAT_Helper_Zip::getInstance($temp_file)->config('Path', $temp_unzip)->extract(); // get .php files $files = CAT_Helper_Directory::getPHPFiles($temp_unzip, $temp_unzip . '/'); // now, open all *.php files and search for the header; // an exported droplet starts with "//:" foreach ($files as $file) { if (pathinfo($file, PATHINFO_FILENAME) !== 'index' && pathinfo($file, PATHINFO_EXTENSION) == 'php') { $description = NULL; $usage = NULL; $code = NULL; // Name of the Droplet = Filename $name = pathinfo($file, PATHINFO_FILENAME); // Slurp file contents $lines = file($temp_unzip . '/' . $file); // First line: Description if (preg_match('#^//\\:(.*)$#', $lines[0], $match)) { $description = addslashes($match[1]); array_shift($lines); } // Second line: Usage instructions if (preg_match('#^//\\:(.*)$#', $lines[0], $match)) { $usage = addslashes($match[1]); array_shift($lines); } // there may be more comment lines; they will be added to the usage instructions while (preg_match('#^//(.*)$#', $lines[0], $match)) { $usage .= addslashes(trim($match[1])); array_shift($lines); } if (!$description && !$usage) { // invalid file $errors[$file] = CAT_Helper_Directory::getInstance()->lang()->translate('No valid Droplet file (missing description and/or usage instructions)'); continue; } // Remaining: Droplet code $code = implode('', $lines); // replace 'evil' chars in code $tags = array('<?php', '?>', '<?'); //$code = addslashes(str_replace($tags, '', $code)); $code = str_replace($tags, '', $code); // Already in the DB? $stmt = 'INSERT'; $id = NULL; $found = $self->db()->query("SELECT * FROM `:prefix:mod_droplets` WHERE name=:name", array('name' => $name)); if ($found->rowCount()) { $stmt = 'REPLACE'; $id = $found->fetchColumn(); } // execute $q = "{$stmt} INTO `:prefix:mod_droplets` SET " . ($id ? 'id=' . $id . ', ' : '') . '`name`=:name, `code`=:code, `description`=:desc, ' . '`modified_when`=:when, `modified_by`=:userid, ' . '`active`=:active, `comments`=:usage'; $params = array('name' => $name, 'code' => $code, 'desc' => $description, 'when' => time(), 'userid' => CAT_Users::get_user_id(), 'active' => 1, 'usage' => $usage); $result = $self->db()->query($q, $params); if (!$self->db()->isError()) { $count++; $imports[$name] = 1; } else { $errors[$name] = $self->db()->getError(); } } // check for data directory if (file_exists($temp_unzip . '/data')) { // copy all files CAT_Helper_Directory::copyRecursive($temp_unzip . '/data', dirname(__FILE__) . '/data/'); } } // cleanup; ignore errors here CAT_Helper_Directory::removeDirectory($temp_unzip); return array('count' => $count, 'errors' => $errors, 'imported' => $imports); }
/** * * @access public * @return **/ public static function deleteAccessFile($page_id) { // Unlink the access file and directory $directory = CAT_PATH . PAGES_DIRECTORY . self::properties($page_id, 'link'); $filename = $directory . PAGE_EXTENSION; $directory .= '/'; if (file_exists($filename)) { if (!is_writable(CAT_PATH . PAGES_DIRECTORY . '/')) { $self = self::getInstance(true); $errors[] = $self->lang()->translate('Cannot delete access file!'); } else { unlink($filename); if (is_dir($directory) && rtrim($directory, '/') != CAT_PATH . PAGES_DIRECTORY) { CAT_Helper_Directory::removeDirectory($directory); } } } }