/** * Allows modules to register a file which should be allowed to load the * config.php directly. * * This is only allowed in installation context! * * @access public * @param string $module - module name * @param string $filepath - relative file path **/ public static function sec_register_file($module, $filepath) { global $admin; if (!CAT_Backend::isBackend() && !is_object($admin) && !defined('CAT_INSTALL')) { self::getInstance()->log()->logCrit("sec_register_file() called outside admin context!"); self::$error = "sec_register_file() called outside admin context!"; return false; } // check permissions if (!CAT_Users::checkPermission('Addons', 'modules_install') && !defined('CAT_INSTALL')) { self::getInstance()->log()->logCrit("sec_register_file() called without modules_install perms!"); self::$error = "sec_register_file() called without modules_install perms!"; return false; } // this will remove ../.. from $filepath $filepath = CAT_Helper_Directory::sanitizePath($filepath); if (!is_dir(CAT_PATH . '/modules/' . $module)) { self::getInstance()->log()->logCrit("sec_register_file() called for non existing module [{$module}] (path: [{$filepath}])"); self::$error = "sec_register_file() called for non existing module [{$module}] (path: [{$filepath}])"; return false; } if (!file_exists(CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/' . $filepath))) { self::getInstance()->log()->logCrit("sec_register_file() called for non existing file [{$filepath}] (module: [{$module}])"); self::$error = "sec_register_file() called for non existing file [{$filepath}] (module: [{$module}])"; return false; } $self = self::getInstance(); $q = $self->db()->query('SELECT * FROM `:prefix:addons` WHERE directory=:dir', array('dir' => $module)); if (!$q->rowCount()) { self::getInstance()->log()->logCrit("sec_register_file() called for non existing module [{$module}] (path: [{$filepath}]) - not found in addons table!"); self::$error = "sec_register_file() called for non existing module [{$module}] (path: [{$filepath}]) - not found in addons table!"; return false; } $row = $q->fetchRow(); // remove trailing / from $filepath $filepath = preg_replace('~^/~', '', $filepath); $q = $self->db()->query('SELECT * FROM `:prefix:class_secure` WHERE module=:mod AND filepath=:path', array('mod' => $row['addon_id'], 'path' => '/modules/' . $module . '/' . $filepath)); if (!$q->rowCount()) { $self->db()->query('REPLACE INTO `:prefix:class_secure` VALUES ( :id, :path )', array('id' => $row['addon_id'], 'path' => '/modules/' . $module . '/' . $filepath)); return $self->db()->isError() ? false : true; } return true; }
/** * Print the admin footer * * @access public **/ public static function print_footer() { global $parser; $tpl_data = array(); // init template search paths self::initPaths(); $data['CAT_VERSION'] = CAT_Registry::get('CAT_VERSION'); $data['CAT_BUILD'] = CAT_Registry::get('CAT_BUILD'); $data['CAT_CORE'] = CAT_Registry::get('CAT_CORE'); $data['permissions']['pages'] = CAT_Users::checkPermission('pages', 'pages') ? true : false; $self = isset($this) && is_object($this) ? $this : self::getInstance(); // ======================================================================== // ! Try to get the actual version of the backend-theme from the database // ======================================================================== $backend_theme_version = '-'; if (defined('DEFAULT_THEME')) { $backend_theme_version = $self->db()->query("SELECT `version` from `:prefix:addons` where `directory`=:theme", array('theme' => DEFAULT_THEME))->fetchColumn(); } $data['THEME_VERSION'] = $backend_theme_version; $data['THEME_NAME'] = DEFAULT_THEME; global $_be_mem, $_be_time; $data['system_information'] = array(array('name' => $self->lang()->translate('PHP version'), 'status' => phpversion()), array('name' => $self->lang()->translate('Memory usage'), 'status' => '~ ' . sprintf('%0.2f', (memory_get_usage() - $_be_mem) / (1024 * 1024)) . ' MB'), array('name' => $self->lang()->translate('Script run time'), 'status' => '~ ' . sprintf('%0.2f', microtime(TRUE) - $_be_time) . ' sec')); // ==================== // ! Parse the footer // ==================== $parser->output('footer', $data); // ====================================== // ! make sure to flush the output buffer // ====================================== if (ob_get_level() > 1) { while (ob_get_level() > 0) { ob_end_flush(); } } }