<?php 
/**
 *
 * Delete current backup archives
 *
 */
$btn_delete = getPOSTparam4IdOrNumber('btn_delete');
if ($do == 'delete' && !empty($btn_delete)) {
    echo 'style="display: block;" ';
    if (!empty($_POST['file'])) {
        // Only if current user has the rights
        if ($perm->is_level_okay('manageModBackup', $_SESSION['ccms_userLevel'])) {
            echo 'class="notice center-text">';
            foreach ($_POST['file'] as $value) {
                $value = filterParam4Filename($value);
                // strips any slashes as well, so attacks like '../../../../../../../../../etc/passwords' won't pass
                if (!empty($value)) {
                    unlink('../../../../media/files/' . $value);
                    echo ucfirst($value) . ' ' . $ccms['lang']['backend']['statusremoved'] . '.<br/>';
                } else {
                    echo $ccms['lang']['auth']['featnotallowed'];
                }
            }
        } else {
            echo 'class="error center-text">' . $ccms['lang']['auth']['featnotallowed'];
        }
    } else {
        echo 'class="error center-text">' . $ccms['lang']['system']['error_selection'];
    }
} else {
Exemplo n.º 2
0
}
/**
 *
 * Save the menu order, individual templating & menu allocation preferences
 *
 */
if ($target_form == 'menuorder' && $_SERVER['REQUEST_METHOD'] == 'POST' && checkAuth()) {
    $error = null;
    // are you allowed to run this action?
    if ($perm->is_level_okay('manageMenu', $_SESSION['ccms_userLevel'])) {
        if (!empty($_POST['page_id'])) {
            foreach ($_POST['page_id'] as $page_id) {
                $page_id = filterParam4Number($page_id);
                $toplevel = filterParam4Number($_POST['toplevel'][$page_id]);
                $sublevel = filterParam4Number($_POST['sublevel'][$page_id]);
                $templatename = filterParam4Filename($_POST['template'][$page_id]);
                $menu_id = filterParam4Number($_POST['menuid'][$page_id]);
                if (!$page_id || !$toplevel || empty($templatename)) {
                    $error = $ccms['lang']['system']['error_forged'] . ' (' . __FILE__ . ', ' . __LINE__ . ')';
                    break;
                }
                $values = array();
                // [i_a] make sure $values is an empty array to start with here
                $values['toplevel'] = MySQL::SQLValue($toplevel, MySQL::SQLVALUE_NUMBER);
                $values['sublevel'] = MySQL::SQLValue($sublevel, MySQL::SQLVALUE_NUMBER);
                $values['variant'] = MySQL::SQLValue($templatename, MySQL::SQLVALUE_TEXT);
                $values['menu_id'] = MySQL::SQLValue($menu_id, MySQL::SQLVALUE_NUMBER);
                // Execute the update
                if (!$db->UpdateRow($cfg['db_prefix'] . 'pages', $values, array('page_id' => MySQL::SQLValue($page_id, MySQL::SQLVALUE_NUMBER)))) {
                    $error = $db->Error();
                }
Exemplo n.º 3
0
     if (!is_dir($dest)) {
         $error = $ccms['lang']['system']['error_write'];
         $error_code = $dest;
     }
 }
 // Validation
 $size = false;
 // init to prevent PHP errors about unknown vars further down
 $overwrite_existing = getGETparam4Boolean('overwrite_existing');
 // get the local (temporary) filename:
 $uploadedfile = isset($_FILES['Filedata']) && !empty($_FILES['Filedata']['tmp_name']) ? $_FILES['Filedata']['tmp_name'] : null;
 // RAW is okay: it's generated locally (server-side) and contains a temp filename
 // and what it's supposed to be named (as specced by the uploader):
 $target_filename = isset($_FILES['Filedata']) && !empty($_FILES['Filedata']['name']) ? $_FILES['Filedata']['name'] : null;
 // make filename safe but try to keep it unique at the same time!
 $target_filename = filterParam4Filename($target_filename, null, true);
 // Set file and get file extension
 $extension = strtolower(pathinfo($target_filename, PATHINFO_EXTENSION));
 if (empty($error) && (empty($extension) || empty($target_filename) || empty($uploadedfile) || !is_uploaded_file($uploadedfile))) {
     $error = 'Invalid file or no file at all uploaded';
     $error_code = $uploadedfile . ' : ' . $extension . ' : ' . $target_filename;
 }
 if (empty($error) && is_file($target_filename) && !$overwrite_existing) {
     $error = 'File already exists on server';
     $error_code = $uploadedfile . ' : ' . $extension . ' : ' . $target_filename;
 }
 if (empty($error) && !($size = @getimagesize($uploadedfile))) {
     $error = 'Please upload only images, no other files are supported.';
     $error_code = $uploadedfile . ' : ' . $extension . ' : ' . $target_filename;
 }
 if (empty($error) && !in_array($size[2], array(IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_PNG, IMAGETYPE_TIFF_II, IMAGETYPE_TIFF_MM))) {
Exemplo n.º 4
0
/**
 * As filterParam4Filename(), but also accepts '/' directory separators
 *
 * When $accept_parent_dotdot is TRUE, only then does this filter
 * accept '../' directory parts anywhere in the path.
 *
 * WARNING: setting $accept_parent_dotdot = TRUE can be VERY DANGEROUS
 *          without further checking the result whether it's trying to
 *          go places we don't them to go!
 *
 *          Be vewey vewey caweful!
 *
 *          Just to give you an idea:
 *            ../../../../../../../../../../../../etc/passwords
 *          would be LEGAL *AND* VERY DANGEROUS if the accepted path is not
 *          validated further upon return from this function!
 */
function filterParam4FullFilePath($value, $def = null, $accept_parent_dotdot = false)
{
    if (!isset($value)) {
        return $def;
    }
    $fns = explode('/', strval($value));
    if (!is_array($fns)) {
        return $def;
    }
    for ($i = count($fns); $i-- > 0;) {
        $fns[$i] = filterParam4Filename($fns[$i], '');
        if ($i > 0 && $i < count($fns) - 1 && empty($fns[$i])) {
            return $def;
            // illegal path specified!
        }
        if ($fns[$i] == ".." && !$accept_parent_dotdot) {
            return $def;
            // illegal path specified!
        }
    }
    return implode('/', $fns);
}