Exemplo n.º 1
0
 /**
  *	Callback attached in `admin_menu`: admin settings
  *	@callback
  */
 public function admin_view()
 {
     $data = array();
     if ($_SERVER['REQUEST_METHOD'] == 'POST') {
         $action = $_POST['_action'];
         $data['action'] = $action;
         // Obligatory CSRF check
         if (check_nonce($_POST['_nonce'], $action, $this->_info['id'])) {
             // Take action!
             switch ($action) {
                 case 'save':
                     if ($this->_save($_POST)) {
                         $data['updated'] = 'Settings saved';
                     } else {
                         $data['error'] = 'There was a problem saving data';
                     }
                     break;
             }
         } elseif ($action) {
             // Failed CSRF test
             $data['error'] = 'Request timed out';
         }
     }
     $this->_load_view('admin', $data);
 }
Exemplo n.º 2
0
function instapaper_submit()
{
    $id = $_GET['id'];
    $item = Items::get_instance()->get_item($id);
    if (false === $item) {
        throw new Exception(_r('Invalid item ID specified', 'instapaper'));
    }
    $user = get_option('instapaper_user');
    if (empty($user)) {
        throw new Exception(sprintf(_r('Please set your username and password in the <a href="%s">settings</a>.', 'instapaper'), get_option('baseurl') . 'admin/settings.php'));
    }
    if (!check_nonce($_GET['_nonce'])) {
        throw new Exception(_r('Nonces did not match. Try again.', 'instapaper'));
    }
    $data = array('username' => get_option('instapaper_user', ''), 'password' => get_option('instapaper_pass', ''), 'url' => $item->permalink, 'title' => apply_filters('the_title', $item->title));
    $request = new HTTPRequest('', 2);
    $response = $request->post("https://www.instapaper.com/api/add", array(), $data);
    switch ($response->status_code) {
        case 400:
            throw new Exception(_r('Internal error. Please report this.', 'instapaper'));
        case 403:
            throw new Exception(sprintf(_r('Invalid username/password. Please check your details in the <a href="%s">settings</a>.', 'instapaper'), get_option('baseurl') . 'admin/settings.php'));
        case 500:
            throw new Exception(_r('An error occurred when contacting Instapaper. Please try again later.', 'instapaper'));
    }
    instapaper_page_head();
    ?>
	<div id="message">
		<h1><?php 
    _e('Success!');
    ?>
</h1>
		<p class="sidenote"><?php 
    _e('Closing window in...', 'instapaper');
    ?>
</p>
		<p class="sidenote" id="counter">3</p>
	</div>
	<script>
		$(document).ready(function () {
			setInterval(countdown, 1000);
		});

		function countdown() {
			if(timer > 0) {
				$('#counter').text(timer);
				timer--;
			}
			else {
				self.close();
			}
		}

		var timer = 2;
	</script>
<?php 
    instapaper_page_foot();
    die;
}
Exemplo n.º 3
0
/**
 * check for csrfs
 * @param  string $action action to pass to check_nonce
 * @param  string $file   file to pass to check_nonce
 * @param  bool   $die    if false return instead of die
 * @return 
 */
function check_for_csrf($action, $file = "", $die = true)
{
    // check for csrf
    if (!getDef('GSNOCSRF', true) || GSNOCSRF == FALSE) {
        $nonce = $_REQUEST['nonce'];
        if (!check_nonce($nonce, $action, $file)) {
            if ($die) {
                die("CSRF detected!");
            }
            return true;
        }
    }
}
Exemplo n.º 4
0
/**
 * check for csrfs
 * @param  string $action action to pass to check_nonce
 * @param  string $file   file to pass to check_nonce
 * @param  bool   $die    if false return instead of die
 * @return bool   returns true if csrf check fails
 */
function check_for_csrf($action, $file = "", $die = true)
{
    // check for csrf
    if (!getDef('GSNOCSRF', true)) {
        $nonce = $_REQUEST['nonce'];
        if (!check_nonce($nonce, $action, $file)) {
            exec_action('csrf');
            // @hook csrf a csrf was detected
            if (requestIsAjax()) {
                $error = i18n_r("CSRF", "CRSF Detected!");
                echo "<div>";
                // jquery bug will not parse 1 html element so we wrap it
                include 'template/error_checking.php';
                echo "</div>";
                die;
            }
            if ($die) {
                die(i18n_r("CSRF", "CRSF Detected!"));
            }
            return true;
        }
    }
}
Exemplo n.º 5
0
<?php

$resp = \shgysk8zer0\Core\JSON_Response::load();
check_nonce();
switch (trim($_POST['form'])) {
    case 'login':
        $invalid = check_inputs(['user' => is_email($_POST['user']), 'password' => pattern('password')]);
        if (is_null($invalid)) {
            $login->loginWith(['user' => $_POST['user'], 'password' => $_POST['password']]);
            if ($login->logged_in) {
                $session->setUser($login->user)->setPassword($login->password)->setRole($login->role)->setLogged_In(true);
                $resp->close('#loginDialog')->disable('#main_menu [label=Login]')->enable('#main_menu menuitem[label=Logout]')->attributes('body > main', 'contextmenu', 'admin_menu')->notify('Welcome back,', $login->user);
            } else {
                $resp->notify('Login not accepted', 'Check your email & password', 'images/icons/people.png');
            }
        } else {
            $resp->notify('Login not accepted', 'Check your email & password', 'images/icons/people.png');
        }
        break;
    case 'compose_email':
        require_login('admin');
        $email = new \shgysk8zer0\Core\email(array_map('trim', explode(',', $_POST['compose_email']['to'])), trim($_POST['compose_email']['subject']), $_POST['compose_email']['message']);
        if ($email->send(true)) {
            $resp->notify('Success!', 'Email Sent', 'images/icons/envelope.png')->remove('#email_dialog');
        } else {
            $resp->notify('Failed!', 'Unable to send email, check your Internet connection', 'images/icons/envelope.png');
        }
        break;
    case 'email_admin':
        if (is_email($_POST['email_admin']['from'])) {
            $email = new \shgysk8zer0\Core\email($_SERVER['SERVER_ADMIN'], $_POST['email_admin']['subject'], strip_tags($_POST['email_admin']['message']));
Exemplo n.º 6
0
if (isset($_GET['t'])) {
    $_GET['t'] = strippath($_GET['t']);
    if ($_GET['t'] && is_dir($relative . 'theme/' . $_GET['t'] . '/')) {
        $TEMPLATE = $_GET['t'];
    }
}
if (isset($_GET['f'])) {
    $_GET['f'] = strippath($_GET['f']);
    if ($_GET['f'] && is_file($relative . 'theme/' . $TEMPLATE . '/' . $_GET['f'])) {
        $TEMPLATE_FILE = $_GET['f'];
    }
}
// Save?
if (isset($_POST['submitsave'])) {
    $nonce = $_POST['nonce'];
    if (!check_nonce($nonce, "save")) {
        die("CSRF detected!");
    }
    $SavedFile = $_POST['edited_file'];
    $FileContents = stripslashes(htmlspecialchars_decode($_POST['content'], ENT_QUOTES));
    $fh = fopen($relative . 'theme/' . $SavedFile, 'w') or die("can't open file");
    fwrite($fh, $FileContents);
    fclose($fh);
    $success = sprintf($i18n['TEMPLATE_FILE'], $SavedFile);
}
// No template file?
if (!$TEMPLATE_FILE) {
    $TEMPLATE_FILE = 'template.php';
}
// Setup
$themes_path = $relative . 'theme';
Exemplo n.º 7
0
    $xml = getXML($file);
    $private = $xml->xpath('/item/private');
    $oldprivate = (string) $private[0];
    if ($oldprivate == null) {
        $private[0][0] = "Y";
        echo "P1";
    } else {
        $private[0][0] = '';
        echo "P0";
    }
    $bakfile = GSBACKUPSPATH . "pages/" . $id . ".bak.xml";
    copy($file, $bakfile);
    XMLsave($xml, $file);
    create_pagesxml(true);
}
if (check_nonce($nonce, "menu", "toggle.php")) {
    $file = GSDATAPAGESPATH . $id . ".xml";
    $xml = getXML($file);
    $status = $xml->xpath('/item/menuStatus');
    $oldstatus = (string) $status[0];
    if ($oldstatus == null) {
        $status[0][0] = "Y";
        echo "M1";
    } else {
        $status[0][0] = '';
        echo "M0";
    }
    $bakfile = GSBACKUPSPATH . "pages/" . $id . ".bak.xml";
    copy($file, $bakfile);
    XMLsave($xml, $file);
    create_pagesxml(true);
Exemplo n.º 8
0
    }
    if (!validate_plugin($plugin_file)) {
        return false;
    }
    unset($current_plugins[md5($plugin_file)]);
    $data = new DataHandler();
    $data->save('plugins.data', serialize($current_plugins));
    return true;
}
if (isset($_REQUEST['activate_plugin'])) {
    activate_plugin($_REQUEST['activate_plugin']);
} elseif (isset($_REQUEST['deactivate_plugin'])) {
    deactivate_plugin($_REQUEST['deactivate_plugin']);
}
if (!empty($_POST['action']) && $_POST['action'] == 'settings' && !empty($_POST['_nonce'])) {
    if (!check_nonce($_POST['_nonce'])) {
        lilina_nice_die('Nonces do not match.');
    }
    clear_html_cache();
    /** Needs better validation */
    if (!empty($_POST['sitename'])) {
        update_option('sitename', $_REQUEST['sitename']);
    }
    if (!empty($_POST['template'])) {
        update_option('template', $_REQUEST['template']);
    }
    if (!empty($_POST['locale'])) {
        update_option('locale', $_REQUEST['locale']);
    }
    if (!empty($_POST['timezone'])) {
        update_option('timezone', $_REQUEST['timezone']);
// Include common.php
include 'inc/common.php';
// check form referrer - needs siteurl and edit.php in it.
if (isset($_SERVER['HTTP_REFERER'])) {
    if (!(strpos(str_replace('http://www.', '', $SITEURL), $_SERVER['HTTP_REFERER']) === false) || !(strpos("edit.php", $_SERVER['HTTP_REFERER']) === false)) {
        echo "<b>Invalid Referer</b><br />-------<br />";
        echo 'Invalid Referer: ' . htmlentities($_SERVER['HTTP_REFERER'], ENT_QUOTES);
        die('Invalid Referer');
    }
}
login_cookie_check();
if (isset($_POST['submitted'])) {
    // check for csrf
    if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) {
        $nonce = $_POST['nonce'];
        if (!check_nonce($nonce, "edit", "edit.php")) {
            die("CSRF detected!");
        }
    }
    if (trim($_POST['post-title']) == '') {
        redirect("edit.php?upd=edit-err&type=" . urlencode(i18n_r('CANNOT_SAVE_EMPTY')));
    } else {
        $url = "";
        $title = "";
        $metad = "";
        $metak = "";
        $cont = "";
        // is a slug provided?
        if ($_POST['post-id']) {
            $url = $_POST['post-id'];
            if (isset($i18n['TRANSLITERATION']) && is_array($translit = $i18n['TRANSLITERATION']) && count($translit > 0)) {
Exemplo n.º 10
0
}
if ($p == 'delete') {
    // check for csrf
    if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) {
        $nonce = $_GET['nonce'];
        if (!check_nonce($nonce, "delete", "backup-edit.php")) {
            die("CSRF detected!");
        }
    }
    delete_bak($id);
    redirect("backups.php?upd=bak-success&id=" . $id);
} elseif ($p == 'restore') {
    // check for csrf
    if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) {
        $nonce = $_GET['nonce'];
        if (!check_nonce($nonce, "restore", "backup-edit.php")) {
            die("CSRF detected!");
        }
    }
    if (isset($_GET['new'])) {
        updateSlugs($_GET['new'], $id);
        restore_bak($id);
        $existing = GSDATAPAGESPATH . $_GET['new'] . ".xml";
        $bakfile = GSBACKUPSPATH . "pages/" . $_GET['new'] . ".bak.xml";
        copy($existing, $bakfile);
        unlink($existing);
        redirect("edit.php?id=" . $id . "&old=" . $_GET['new'] . "&upd=edit-success&type=restore");
    } else {
        restore_bak($id);
        redirect("edit.php?id=" . $id . "&upd=edit-success&type=restore");
    }
Exemplo n.º 11
0
                $success = $msg . '<br />';
            }
        }
        if (sizeof($errors) != 0) {
            foreach ($errors as $msg) {
                $error = $msg . '<br />';
            }
        }
    }
}
// if creating new folder
if (isset($_GET['newfolder'])) {
    // check for csrf
    if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) {
        $nonce = $_GET['nonce'];
        if (!check_nonce($nonce, "createfolder")) {
            die("CSRF detected!");
        }
    }
    $newfolder = $_GET['newfolder'];
    // check for invalid chars
    $cleanname = clean_url(to7bit(strippath($newfolder), "UTF-8"));
    if (file_exists($path . $cleanname) || $cleanname == '') {
        $error = i18n_r('ERROR_FOLDER_EXISTS');
    } else {
        if (defined('GSCHMOD')) {
            $chmod_value = GSCHMOD;
        } else {
            $chmod_value = 0755;
        }
        if (mkdir($path . $cleanname, $chmod_value)) {
Exemplo n.º 12
0
/**
 * Reset Password
 *
 * Resets the password for GetSimple control panel access
 *
 * @package GetSimple
 * @subpackage Login
 */
# setup inclusions
$load['plugin'] = true;
include 'inc/common.php';
if (isset($_POST['submitted'])) {
    // check for csrf
    if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) {
        $nonce = $_POST['nonce'];
        if (!check_nonce($nonce, "reset_password")) {
            die("CSRF detected!");
        }
    }
    $randSleep = rand(250000, 2000000);
    // random sleep for .25 to 2 seconds
    if (isset($_POST['username']) and !empty($_POST['username'])) {
        # user filename
        $file = _id($_POST['username']) . '.xml';
        # get user information from existing XML file
        if (filepath_is_safe(GSUSERSPATH . $file, GSUSERSPATH)) {
            $data = simplexml_load_file(GSUSERSPATH . $file);
            $USR = strtolower($data->USR);
            $EMAIL = $data->EMAIL;
            if (strtolower($_POST['username']) == $USR) {
                # create new random password
Exemplo n.º 13
0
require_once 'admin.php';
require_once LILINA_PATH . '/admin/includes/settings.php';
do_action('register_options');
if (isset($_REQUEST['activate_plugin'])) {
    activate_plugin($_REQUEST['activate_plugin']);
    header('HTTP/1.1 302 Found', true, 302);
    header('Location: ' . get_option('baseurl') . 'admin/settings.php?activated=1');
    die;
} elseif (isset($_REQUEST['deactivate_plugin'])) {
    deactivate_plugin($_REQUEST['deactivate_plugin']);
    header('HTTP/1.1 302 Found', true, 302);
    header('Location: ' . get_option('baseurl') . 'admin/settings.php?deactivated=1');
    die;
}
if (!empty($_POST['action']) && $_POST['action'] == 'settings' && !empty($_POST['_nonce'])) {
    if (!check_nonce('settings', $_POST['_nonce'])) {
        lilina_nice_die('Nonces do not match.');
    }
    $updatable_options = AdminOptions::instance()->whitelisted;
    foreach ($updatable_options as $option) {
        if (!empty($_POST[$option])) {
            $value = apply_filters('options-sanitize-' . $option, $_POST[$option]);
            update_option($option, $value);
        }
    }
    do_action('settings_after_update');
    header('HTTP/1.1 302 Found', true, 302);
    header('Location: ' . get_option('baseurl') . 'admin/settings.php?updated=1');
    die;
}
require_once LILINA_INCPATH . '/core/file-functions.php';
Exemplo n.º 14
0
 /**
  *	Callback attached in `admin_menu`: admin settings
  *	@callback
  */
 public function admin_view()
 {
     $data = array('archivers' => $this->_scan_archivers(), 'providers' => $this->_scan_providers(), 'frequencies' => $this->scheduler->frequencies());
     $view = 'admin';
     if ($this->_view !== NULL) {
         // FIXME: this could be prettier.
         return $this->_load_view($this->_view[0], $this->_view[1]);
     }
     // force authorization before plugin may be used.
     if (!$this->is_authorized()) {
         // show "authorize me" page
         return $this->_load_view('authorize', $data);
     }
     if ($_SERVER['REQUEST_METHOD'] == 'POST') {
         $action = $_POST['_action'];
         $data['action'] = $action;
         // Obligatory CSRF check
         if (check_nonce($_POST['_nonce'], $action, $this->_info['id'])) {
             // Take action!
             switch ($action) {
                 //
                 //	Create a backup
                 //
                 case 'backup':
                     if ($error = $this->backup()) {
                         $data['error'] = $error;
                     } else {
                         $data['updated'] = 'Site backed up';
                     }
                     break;
                     //
                     //	Update/save settings
                     //
                 //
                 //	Update/save settings
                 //
                 case 'settings':
                     $this->_save($_POST);
                     break;
             }
         } elseif ($action) {
             // Failed CSRF test
             $data['error'] = 'Request timed out';
         }
     }
     // show "admin" page
     $this->_load_view($view, $data);
 }
Exemplo n.º 15
0
    generate_sitemap();
    # redirect back to yourself to show the new restored data
    redirect('settings.php?restored=true');
}
# was this page restored?
if (isset($_GET['restored'])) {
    $restored = 'true';
} else {
    $restored = 'false';
}
# was the form submitted?
if (isset($_POST['submitted'])) {
    # first check for csrf
    if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) {
        $nonce = $_POST['nonce'];
        if (!check_nonce($nonce, "save_settings")) {
            die("CSRF detected!");
        }
    }
    # website-specific fields
    if (isset($_POST['sitename'])) {
        $SITENAME = htmlentities($_POST['sitename'], ENT_QUOTES, 'UTF-8');
    }
    if (isset($_POST['siteurl'])) {
        $SITEURL = tsl($_POST['siteurl']);
    }
    if (isset($_POST['permalink'])) {
        $PERMALINK = trim($_POST['permalink']);
    }
    if (isset($_POST['template'])) {
        $TEMPLATE = $_POST['template'];
Exemplo n.º 16
0
 * @subpackage Theme
 */
# setup inclusions
$load['plugin'] = true;
include 'inc/common.php';
# variable settings
login_cookie_check();
$path = GSDATAOTHERPATH;
$file = "website.xml";
$theme_options = '';
# was the form submitted?
if (isset($_POST['submitted']) && isset($_POST['template'])) {
    # check for csrf
    if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) {
        $nonce = $_POST['nonce'];
        if (!check_nonce($nonce, "activate")) {
            die("CSRF detected!");
        }
    }
    # get passed value from form
    $TEMPLATE = $_POST['template'];
    # backup old website.xml file
    $bakpath = GSBACKUPSPATH . 'other/';
    createBak($file, $path, $bakpath);
    # udpate website.xml file with new theme
    $xml = new SimpleXMLExtended('<item></item>');
    $note = $xml->addChild('SITENAME');
    $note->addCData($SITENAME);
    $note = $xml->addChild('SITEURL');
    $note->addCData($SITEURL);
    $note = $xml->addChild('TEMPLATE');
Exemplo n.º 17
0
* @Action:	Displays and changes website settings 	
*
*****************************************************/
// Setup inclusions
$load['plugin'] = true;
// Relative
$relative = '../';
$path = $relative . 'data/other/';
$bakpath = $relative . 'backups/other/';
// Include common.php
include 'inc/common.php';
login_cookie_check();
// if the undo command was invoked
if (isset($_GET['undo'])) {
    $nonce = $_GET['nonce'];
    if (!check_nonce($nonce, "undo", "support.php")) {
        die("CSRF detected!");
    }
    $ufile = 'cp_settings.xml';
    undo($ufile, $path, $bakpath);
    header('Location: support.php?rest=true');
}
if (isset($_GET['restored'])) {
    $restored = 'true';
} else {
    $restored = 'false';
}
// were changes submitted?
if (isset($_POST['submitted'])) {
    $success = $i18n['SETTINGS_UPDATED'] . '. <a href="support.php?undo&nonce=' . get_nonce("restore", "support.php") . '">' . $i18n['UNDO'] . '</a>';
}
Exemplo n.º 18
0
 * Delete File
 *
 * Deletes Files based on what is passed to it 	
 *
 * @package GetSimple
 * @subpackage Delete-Files
 */
// Setup inclusions
$load['plugin'] = true;
// Include common.php
include 'inc/common.php';
login_cookie_check();
// check for csrf
if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) {
    $nonce = $_GET['nonce'];
    if (!check_nonce($nonce, "delete", "deletefile.php")) {
        die("CSRF detected!");
    }
}
// are we deleting pages?
if (isset($_GET['id'])) {
    $id = $_GET['id'];
    if ($id == 'index') {
        redirect('pages.php?upd=edit-error&type=' . urlencode(i18n_r('HOMEPAGE_DELETE_ERROR')));
    } else {
        updateSlugs($id);
        $status = delete_file($id);
        generate_sitemap();
        exec_action('page-delete');
        redirect("pages.php?upd=edit-" . $status . "&id=" . $id . "&type=delete");
    }
Exemplo n.º 19
0
 */
// Setup inclusions
$load['plugin'] = true;
// Include common.php
include 'inc/common.php';
// Variable settings
login_cookie_check();
$path = GSBACKUPSPATH . 'pages/';
$counter = '0';
$table = '';
// delete all backup files if the ?deleteall session parameter is set
if (isset($_GET['deleteall'])) {
    // check for csrf
    if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) {
        $nonce = $_GET['nonce'];
        if (!check_nonce($nonce, "deleteall")) {
            die("CSRF detected!");
        }
    }
    $filenames = getFiles($path);
    foreach ($filenames as $file) {
        if (file_exists($path . $file)) {
            if (isFile($file, $path, 'bak')) {
                unlink($path . $file);
            }
        }
    }
    $success = i18n_r('ER_FILE_DEL_SUC');
}
//display all page backups
$filenames = getFiles($path);
Exemplo n.º 20
0
login_cookie_check();
$log_name = isset($_GET['log']) ? $_GET['log'] : '';
$log_path = GSDATAOTHERPATH . 'logs/';
$log_file = $log_path . $log_name;
$whois_url = 'http://whois.arin.net/rest/ip/';
if (!is_file($log_file)) {
    $log_data = false;
}
if (empty($log_data) && !empty($log_name) && !filepath_is_safe($log_file, $log_path)) {
    die;
}
if (isset($_GET['action']) && $_GET['action'] == 'delete' && strlen($log_name) > 0) {
    // check for csrf
    if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) {
        $nonce = $_GET['nonce'];
        if (!check_nonce($nonce, "delete")) {
            die("CSRF detected!");
        }
    }
    unlink($log_file);
    exec_action('logfile_delete');
    redirect('support.php?success=' . urlencode('Log ' . $log_name . i18n_r('MSG_HAS_BEEN_CLR')));
}
if (!isset($log_data)) {
    $log_data = getXML($log_file);
}
get_template('header', cl($SITENAME) . ' &raquo; ' . i18n_r('SUPPORT') . ' &raquo; ' . i18n_r('LOGS'));
?>
	
<?php 
include 'template/include-nav.php';
Exemplo n.º 21
0
/**
 * All Plugins
 *
 * Displays all installed plugins 
 *
 * @package GetSimple
 * @subpackage Plugins
 */
// Setup inclusions
$load['plugin'] = true;
// Include common.php
include 'inc/common.php';
$pluginid = isset($_GET['set']) ? $_GET['set'] : null;
$nonce = isset($_GET['nonce']) ? $_GET['nonce'] : null;
if ($pluginid) {
    if (check_nonce($nonce, "set", "plugins.php")) {
        $plugin = antixss($pluginid);
        change_plugin($pluginid);
        redirect('plugins.php');
    }
}
// Variable settings
login_cookie_check();
$counter = 0;
$table = null;
$pluginfiles = getFiles(GSPLUGINPATH);
sort($pluginfiles);
$needsupdate = false;
foreach ($pluginfiles as $fi) {
    $pathExt = pathinfo($fi, PATHINFO_EXTENSION);
    $pathName = pathinfo_filename($fi);
Exemplo n.º 22
0
            $c_note = $components->addChild('title');
            $c_note->addCData(@$comp['title']);
            $components->addChild('slug', @$comp['slug']);
            $c_note = $components->addChild('value');
            $c_note->addCData(@$comp['value']);
            $count++;
        }
    }
    exec_action('component-save');
    XMLsave($xml, $path . $file);
    header('Location: components.php?upd=comp-success');
}
// if undo was invoked
if (isset($_GET['undo'])) {
    $nonce = $_GET['nonce'];
    if (!check_nonce($nonce, "undo")) {
        die("CSRF detected!");
    }
    undo($file, $path, $bakpath);
    header('Location: components.php?upd=comp-restored');
}
//create list of components for html
$data = getXML($path . $file);
$componentsec = $data->item;
$count = 0;
if (count($componentsec) != 0) {
    foreach ($componentsec as $component) {
        $table .= '<div class="compdiv" id="section-' . @$count . '"><table class="comptable" ><tr><td><b title="Double Click to Edit" class="editable">' . stripslashes(@$component->title) . '</b></td>';
        $table .= '<td style="text-align:right;" ><code>&lt;?php get_component(<span class="compslugcode">\'' . @$component->slug . '\'</span>); ?&gt;</code></td><td class="delete" >';
        $table .= '<a href="#" title="' . $i18n['DELETE_COMPONENT'] . ': ' . cl(@$component->title) . '?" id="del-' . $count . '" onClick="DeleteComp(\'' . $count . '\'); return false;" >X</a></td></tr></table>';
        $table .= '<textarea name="val[]">' . stripslashes(@$component->value) . '</textarea>';
Exemplo n.º 23
0
 * Displays and starts the website archives 	
 * @subpackage Backups
 */
// Setup inclusions
$load['plugin'] = true;
// Include common.php
include 'inc/common.php';
// Variable Settings
login_cookie_check();
$table = '';
// if a backup needs to be created
if (isset($_GET['do'])) {
    // check for csrf
    if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) {
        $nonce = $_GET['nonce'];
        if (!check_nonce($nonce, "create")) {
            die("CSRF detected!");
        }
    }
    exec_action('archive-backup');
    redirect('zip.php?s=' . $SESSIONHASH);
}
// if a backup has just been created
if (isset($_GET['done'])) {
    $success = i18n_r('SUCC_WEB_ARCHIVE');
}
if (isset($_GET['nozip'])) {
    $error = i18n_r('NO_ZIPARCHIVE') . ' - <a href="health-check.php">' . i18n_r('WEB_HEALTH_CHECK') . '</a>';
}
get_template('header', cl($SITENAME) . ' &raquo; ' . i18n_r('BAK_MANAGEMENT') . ' &raquo; ' . i18n_r('WEBSITE_ARCHIVES'));
?>
Exemplo n.º 24
0
$load['plugin'] = true;
// Include common.php
include 'inc/common.php';
// Variable settings
login_cookie_check();
$id = isset($_GET['id']) ? $_GET['id'] : null;
$ptype = isset($_GET['type']) ? $_GET['type'] : null;
$path = GSDATAPAGESPATH;
$counter = '0';
$table = '';
# clone attempt happening
if (isset($_GET['action']) && isset($_GET['id']) && $_GET['action'] == 'clone') {
    // check for csrf
    if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) {
        $nonce = $_GET['nonce'];
        if (!check_nonce($nonce, "clone", "pages.php")) {
            die("CSRF detected!");
        }
    }
    # check to not overwrite
    $count = 1;
    $newfile = GSDATAPAGESPATH . $_GET['id'] . "-" . $count . ".xml";
    if (file_exists($newfile)) {
        while (file_exists($newfile)) {
            $count++;
            $newfile = GSDATAPAGESPATH . $_GET['id'] . "-" . $count . ".xml";
        }
    }
    $newurl = $_GET['id'] . '-' . $count;
    # do the copy
    $status = copy($path . $_GET['id'] . '.xml', $path . $newurl . '.xml');
Exemplo n.º 25
0
 * All Plugins
 *
 * Displays all installed plugins 
 *
 * @package GetSimple
 * @subpackage Plugins
 */
// Setup inclusions
$load['plugin'] = true;
// Include common.php
include 'inc/common.php';
login_cookie_check();
$pluginid = isset($_GET['set']) ? $_GET['set'] : null;
$nonce = isset($_GET['nonce']) ? $_GET['nonce'] : null;
if ($pluginid) {
    if (check_nonce($nonce, "set_" . pathinfo_filename($pluginid), "plugins.php")) {
        $plugin = antixss($pluginid);
        change_plugin($plugin);
        redirect('plugins.php?success=' . i18n_r('PLUGIN_UPDATED'));
    } else {
        redirect('plugins.php?error=' . i18n_r('ERROR_OCCURED'));
    }
}
// Variable settings
$counter = 0;
$table = '';
$needsupdate = false;
$plugin_info_sorted = subval_sort($plugin_info, 'name');
foreach ($plugin_info_sorted as $pluginid => $plugininfo) {
    $setNonce = '&amp;nonce=' . get_nonce("set_" . $pluginid, "plugins.php");
    // @todo disabled plugins have a version of (str) 'disabled', should be 0 or null