<?php
/**
*
* Delete current backup archives
*
*/
$btn_delete = getPOSTparam4IdOrNumber('btn_delete');
if ($do == 'delete' && !empty($btn_delete)) {
echo 'style="display: block;" ';
if (!empty($_POST['file'])) {
// Only if current user has the rights
if ($perm->is_level_okay('manageModBackup', $_SESSION['ccms_userLevel'])) {
echo 'class="notice center-text">';
foreach ($_POST['file'] as $value) {
$value = filterParam4Filename($value);
// strips any slashes as well, so attacks like '../../../../../../../../../etc/passwords' won't pass
if (!empty($value)) {
unlink('../../../../media/files/' . $value);
echo ucfirst($value) . ' ' . $ccms['lang']['backend']['statusremoved'] . '.<br/>';
} else {
echo $ccms['lang']['auth']['featnotallowed'];
}
}
} else {
echo 'class="error center-text">' . $ccms['lang']['auth']['featnotallowed'];
}
} else {
echo 'class="error center-text">' . $ccms['lang']['system']['error_selection'];
}
} else {
}
/**
*
* Save the menu order, individual templating & menu allocation preferences
*
*/
if ($target_form == 'menuorder' && $_SERVER['REQUEST_METHOD'] == 'POST' && checkAuth()) {
$error = null;
// are you allowed to run this action?
if ($perm->is_level_okay('manageMenu', $_SESSION['ccms_userLevel'])) {
if (!empty($_POST['page_id'])) {
foreach ($_POST['page_id'] as $page_id) {
$page_id = filterParam4Number($page_id);
$toplevel = filterParam4Number($_POST['toplevel'][$page_id]);
$sublevel = filterParam4Number($_POST['sublevel'][$page_id]);
$templatename = filterParam4Filename($_POST['template'][$page_id]);
$menu_id = filterParam4Number($_POST['menuid'][$page_id]);
if (!$page_id || !$toplevel || empty($templatename)) {
$error = $ccms['lang']['system']['error_forged'] . ' (' . __FILE__ . ', ' . __LINE__ . ')';
break;
}
$values = array();
// [i_a] make sure $values is an empty array to start with here
$values['toplevel'] = MySQL::SQLValue($toplevel, MySQL::SQLVALUE_NUMBER);
$values['sublevel'] = MySQL::SQLValue($sublevel, MySQL::SQLVALUE_NUMBER);
$values['variant'] = MySQL::SQLValue($templatename, MySQL::SQLVALUE_TEXT);
$values['menu_id'] = MySQL::SQLValue($menu_id, MySQL::SQLVALUE_NUMBER);
// Execute the update
if (!$db->UpdateRow($cfg['db_prefix'] . 'pages', $values, array('page_id' => MySQL::SQLValue($page_id, MySQL::SQLVALUE_NUMBER)))) {
$error = $db->Error();
}
if (!is_dir($dest)) {
$error = $ccms['lang']['system']['error_write'];
$error_code = $dest;
}
}
// Validation
$size = false;
// init to prevent PHP errors about unknown vars further down
$overwrite_existing = getGETparam4Boolean('overwrite_existing');
// get the local (temporary) filename:
$uploadedfile = isset($_FILES['Filedata']) && !empty($_FILES['Filedata']['tmp_name']) ? $_FILES['Filedata']['tmp_name'] : null;
// RAW is okay: it's generated locally (server-side) and contains a temp filename
// and what it's supposed to be named (as specced by the uploader):
$target_filename = isset($_FILES['Filedata']) && !empty($_FILES['Filedata']['name']) ? $_FILES['Filedata']['name'] : null;
// make filename safe but try to keep it unique at the same time!
$target_filename = filterParam4Filename($target_filename, null, true);
// Set file and get file extension
$extension = strtolower(pathinfo($target_filename, PATHINFO_EXTENSION));
if (empty($error) && (empty($extension) || empty($target_filename) || empty($uploadedfile) || !is_uploaded_file($uploadedfile))) {
$error = 'Invalid file or no file at all uploaded';
$error_code = $uploadedfile . ' : ' . $extension . ' : ' . $target_filename;
}
if (empty($error) && is_file($target_filename) && !$overwrite_existing) {
$error = 'File already exists on server';
$error_code = $uploadedfile . ' : ' . $extension . ' : ' . $target_filename;
}
if (empty($error) && !($size = @getimagesize($uploadedfile))) {
$error = 'Please upload only images, no other files are supported.';
$error_code = $uploadedfile . ' : ' . $extension . ' : ' . $target_filename;
}
if (empty($error) && !in_array($size[2], array(IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_PNG, IMAGETYPE_TIFF_II, IMAGETYPE_TIFF_MM))) {
/**
* As filterParam4Filename(), but also accepts '/' directory separators
*
* When $accept_parent_dotdot is TRUE, only then does this filter
* accept '../' directory parts anywhere in the path.
*
* WARNING: setting $accept_parent_dotdot = TRUE can be VERY DANGEROUS
* without further checking the result whether it's trying to
* go places we don't them to go!
*
* Be vewey vewey caweful!
*
* Just to give you an idea:
* ../../../../../../../../../../../../etc/passwords
* would be LEGAL *AND* VERY DANGEROUS if the accepted path is not
* validated further upon return from this function!
*/
function filterParam4FullFilePath($value, $def = null, $accept_parent_dotdot = false)
{
if (!isset($value)) {
return $def;
}
$fns = explode('/', strval($value));
if (!is_array($fns)) {
return $def;
}
for ($i = count($fns); $i-- > 0;) {
$fns[$i] = filterParam4Filename($fns[$i], '');
if ($i > 0 && $i < count($fns) - 1 && empty($fns[$i])) {
return $def;
// illegal path specified!
}
if ($fns[$i] == ".." && !$accept_parent_dotdot) {
return $def;
// illegal path specified!
}
}
return implode('/', $fns);
}
