public function load() { // In case of the page: if (isset($_GET['download'])) { header('Content-Disposition: attachment; filename=' . $_GET['download']); } // In case of a file: if (isset($_GET['file'])) { // include_once('event.force_download.config.php'); $driver = ExtensionManager::getInstance('force_download'); /* @var $driver extension_force_download */ $allowedDirs = $driver->getLocations(); $pathInfo = pathinfo($_GET['file']); // Check to see if the directory is allowed to direct-download from: $wildCardMatch = false; $info = pathinfo($_GET['file']); foreach ($allowedDirs as $allowedDir) { if (strstr($allowedDir, '/*') !== false) { $match = str_replace('/*', '', $allowedDir); if (strstr($match, $info['dirname']) !== false) { $wildCardMatch = true; } } } if (in_array($pathInfo['dirname'], $allowedDirs) || $wildCardMatch) { // Force the download: if (file_exists($_GET['file'])) { // Determine the mimetype: if (function_exists('mime_content_type')) { $mimeType = mime_content_type($_GET['file']); } elseif (function_exists('finfo_open')) { $finfo = finfo_open(FILEINFO_MIME_TYPE); $mimeType = finfo_file($finfo, $_GET['file']); } else { $mimeType = "application/force-download"; } header('Content-Description: File Transfer'); header('Content-Type: ' . $mimeType); header('Content-Disposition: attachment; filename=' . $pathInfo['basename']); header('Content-Transfer-Encoding: binary'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); header('Content-Length: ' . filesize($_GET['file'])); ob_clean(); flush(); readfile($_GET['file']); exit; } else { die('File does not exist!'); } } else { die('Permission denied!'); } } }
/** * Triggers XSS filter functionality * * @param $context */ private function triggerXSS($context) { // make sure extension is enabled $xss_ext_status = ExtensionManager::fetchStatus(array('handle' => 'xssfilter')); if ($xss_ext_status[0] !== EXTENSION_ENABLED) { return; } // check for filter presence if (!in_array('xss-fail', $context['filters']) && !in_array('xss-remove', $context['filters'])) { return; } /** @var $xss_filter Extension_XssFilter */ $xss_filter = ExtensionManager::getInstance('xssfilter'); $contains_xss = false; // Loop over the fields to check for XSS, this loop will // break as soon as XSS is detected foreach ($context['original_fields'] as $value) { if (is_array($value)) { if ($xss_filter::detectXSSInArray($value)) { $contains_xss = true; break; } } else { if ($xss_filter::detectXSS($value)) { $contains_xss = true; break; } } } // "fail" filter if (in_array('xss-fail', $context['filters']) && $contains_xss === true) { $context['filter_results'][] = array('xss', false, __("Possible XSS attack detected in submitted data")); } }
$sectionID = $invoice->get('section_id'); $fieldID = FieldManager::fetchFieldIDFromElementName('status', $sectionID); $invoice->setData($fieldID, array('value' => $state, 'handle' => General::createHandle($state))); $invoice->commit(); $itemFieldID = FieldManager::fetchFieldIDFromElementName('item', $sectionID); if (in_array("JCI Malta Membership", $invoice->getData($itemFieldID)['description'])) { //user paid for a membership kindly convert user to a member $memberFieldID = FieldManager::fetchFieldIDFromElementName('member', $sectionID); $memberID = $invoice->getData($memberFieldID)['relation_id']; $member = current(EntryManager::fetch($memberID)); $roleFieldID = FieldManager::fetchFieldIDFromElementName('role', $member->get('section_id')); $member->setData($roleFieldID, array('role_id' => 2)); $member->commit(); $emailID = FieldManager::fetchFieldIDFromElementName('email', $member->get('section_id')); $email = $member->getData($emailID)['value']; $member = ExtensionManager::getInstance('members')->getMemberDriver()->login(array('email' => $email)); } header('Location: ' . URL . '/register/?thankyou=1', true, 302); exit; var_dump($invoice->getData($itemFieldID)['description']); // if item contains membership change the role of the user to a member. echo $state; } catch (Exception $ex) { //getting payment var_dump($ex); die; } } catch (Exception $ex) { //executing payment var_dump($ex); die;
/** * Get member driver powering ACL. * * @return SymphonyMember */ protected final function memberGetDriver() { return ExtensionManager::getInstance('members')->getMemberDriver(); }