/** * Remove the module from database * * @return void * @access public */ function destroy() { if ($this->_id) { //delete module params if any $filename = PATH_MODULES_FS . "/" . $this->_codename . "_rc.xml"; if (file_exists($filename)) { $file = new CMS_file($filename); $file->delete(); } //delete module messages $sql = "\n\t\t\t\tdelete\n\t\t\t\tfrom\n\t\t\t\t\tmessages\n\t\t\t\twhere\n\t\t\t\t\tmodule_mes='" . $this->_codename . "'\n\t\t\t"; $q = new CMS_query($sql); //delete module record from database $sql = "\n\t\t\t\tdelete\n\t\t\t\tfrom\n\t\t\t\t\tmodules\n\t\t\t\twhere\n\t\t\t\t\tid_mod='" . $this->_id . "'\n\t\t\t"; $q = new CMS_query($sql); return true; } return false; }
/** * Export module datas * * @param string $format, the export format in : php (default), xml, patch * @return mixed : the exported datas */ function export($format = 'php') { $aExport = array(); if ($this->_hasExport) { //force default language loading to overwrite user language global $cms_language; $oModule = CMS_modulesCatalog::getByCodename($this->_module); if (!$oModule->hasError()) { $aModule = $oModule->asArray($this->_parameters, $files); //append files to exported module datas $aModule['files'] = array(); if ($files) { $aModule['files'] = $files; } //create export datas $aExport = array('version' => AUTOMNE_VERSION, 'language' => $cms_language->getCode(), 'description' => isset($this->_parameters['description']) ? $this->_parameters['description'] : '', 'modules' => array($aModule)); } $return = ''; switch ($format) { case 'php': $return = $aExport; break; case 'xml': $array2Xml = new CMS_array2Xml($aExport, "export"); $return = $array2Xml->getXMLString(); break; case 'patch': //create patch datas $archiveFile = PATH_TMP_FS . '/' . $this->_module . '-' . date('Ymd-His') . '.tgz'; $archive = new CMS_gzip_file(substr($archiveFile, strlen(PATH_REALROOT_FS) + 1)); $archive->set_options(array('basedir' => PATH_REALROOT_FS . '/')); if (isset($aExport['modules'])) { foreach ($aExport['modules'] as $moduleDatas) { if (isset($moduleDatas['files'])) { foreach ($moduleDatas['files'] as $file) { if (file_exists(PATH_REALROOT_FS . $file)) { $archive->add_files(array(substr($file, 1))); } } } } } $array2Xml = new CMS_array2Xml($aExport, "export"); $sOutput = $array2Xml->getXMLString(); $datas = new CMS_file(PATH_REALROOT_FS . '/export.xml'); $datas->setContent($sOutput); $datas->writeToPersistence(); $archive->add_files(array('export.xml')); //create archive if ($archive->create_archive()) { $return = $archiveFile; } else { $this->raiseError('Error during archive creation ...'); } //delete tmp file $datas->delete(); break; default: $this->raiseError('Unknown format : ' . $format); return false; break; } } return $return; }
/** * Upload a file with as much as security we can * * @param string $fileVarName, var name in which we can found the file in $_FILES * @param string $destinationDirFS, the destination dir in which we want the file to be moved * @return array of uploaded file meta datas */ function uploadFile($fileVarName = 'Filedata', $destinationDirFS = PATH_UPLOAD_FS) { //for security, clean all files older than 4h in both uploads directories $yesterday = time() - 14400; //4h try { foreach (new DirectoryIterator(PATH_UPLOAD_FS) as $file) { if ($file->isFile() && $file->getFilename() != ".htaccess" && $file->getMTime() < $yesterday) { @unlink($file->getPathname()); } } } catch (Exception $e) { } try { foreach (new DirectoryIterator(PATH_UPLOAD_VAULT_FS) as $file) { if ($file->isFile() && $file->getFilename() != ".htaccess" && $file->getMTime() < $yesterday) { @unlink($file->getPathname()); } } } catch (Exception $e) { } //init returned file datas $fileDatas = array('error' => 0, 'filename' => '', 'filepath' => '', 'filesize' => '', 'fileicon' => '', 'success' => false); // Check if the upload exists if (!isset($_FILES[$fileVarName]) || !is_uploaded_file($_FILES[$fileVarName]["tmp_name"]) || $_FILES[$fileVarName]["error"] != 0) { CMS_grandFather::raiseError('Uploaded file has an error : ' . print_r($_FILES, true)); $fileDatas['error'] = CMS_file::UPLOAD_UPLOAD_FAILED; $view->setContent($fileDatas); $view->show(); } //move uploaded file to upload vault (and rename it with a clean name if needed) $originalFilename = io::sanitizeAsciiString($_FILES[$fileVarName]["name"]); if (io::strlen($originalFilename) > 250) { $originalFilename = sensitiveIO::ellipsis($originalFilename, 250, '-'); } //remove multiple extensions to avoid double extension threat (cf. http://www.acunetix.com/websitesecurity/upload-forms-threat.htm) if (substr_count('.', $originalFilename) > 1) { $parts = pathinfo($originalFilename); $originalFilename = str_replace('.', '-', $parts['filename']) . '.' . $parts['extension']; } $count = 2; $filename = $originalFilename; while (file_exists(PATH_UPLOAD_VAULT_FS . '/' . $filename) || file_exists($destinationDirFS . '/' . $filename)) { $pathinfo = pathinfo($originalFilename); $filename = $pathinfo['filename'] . '-' . $count++ . '.' . $pathinfo['extension']; } if (!@move_uploaded_file($_FILES[$fileVarName]["tmp_name"], PATH_UPLOAD_VAULT_FS . '/' . $filename)) { CMS_grandFather::raiseError('Can\'t move uploaded file to : ' . PATH_UPLOAD_VAULT_FS . '/' . $filename); $fileDatas['error'] = CMS_file::UPLOAD_FILE_VALIDATION_FAILED; return $fileDatas; } $file = new CMS_file(PATH_UPLOAD_VAULT_FS . '/' . $filename); $file->chmod(FILES_CHMOD); //check uploaded file if (!$file->checkUploadedFile()) { $file->delete(); $fileDatas['error'] = CMS_file::UPLOAD_SECURITY_ERROR; return $fileDatas; } //move file to final directory if (!CMS_file::moveTo(PATH_UPLOAD_VAULT_FS . '/' . $filename, $destinationDirFS . '/' . $filename)) { $fileDatas['error'] = CMS_file::UPLOAD_FILE_VALIDATION_FAILED; return $fileDatas; } $file = new CMS_file($destinationDirFS . '/' . $filename); $file->chmod(FILES_CHMOD); //return file datas $fileDatas = array('error' => 0, 'filename' => $file->getName(false), 'filepath' => $file->getFilePath(CMS_file::WEBROOT), 'filesize' => $file->getFileSize(), 'fileicon' => $file->getFileIcon(CMS_file::WEBROOT), 'extension' => $file->getExtension(), 'success' => true); return $fileDatas; }