$tmpl->setvar('dir', $dir); $tmpl->setvar('_REN_FILE', $cfg['_REN_FILE']); $tmpl->setvar('_REN_STRING', $cfg['_REN_STRING']); } else { $file = tfb_getRequestVar('fileFrom'); $fileTo = tfb_getRequestVar('fileTo'); $dir = tfb_getRequestVar('dir'); $sourceDir = $cfg["path"] . $dir; $targetDir = $cfg["path"] . $dir . $fileTo; // Add slashes if magic_quotes off: if (get_magic_quotes_gpc() !== 1) { $targetDir = addslashes($targetDir); $sourceDir = addslashes($sourceDir); } // only valid dirs + entries with permission if (!(tfb_isValidPath($sourceDir) && tfb_isValidPath($sourceDir . $file) && tfb_isValidPath($targetDir) && isValidEntry($file) && isValidEntry($fileTo) && hasPermission($dir, $cfg["user"], 'w'))) { AuditAction($cfg["constants"]["error"], "ILLEGAL RENAME: " . $cfg["user"] . " tried to rename " . $file . " in " . $dir . " to " . $fileTo); @error("Illegal rename. Action has been logged.", "", ""); } // Use single quote to escape mv args: $cmd = "mv '" . $sourceDir . $file . "' '" . $targetDir . "'"; $cmd .= ' 2>&1'; $handle = popen($cmd, 'r'); $gotError = -1; $buff = fgets($handle); $gotError = $gotError + 1; pclose($handle); // template $tmpl->setvar('is_start', 0); $tmpl->setvar('messages', nl2br($buff)); if ($gotError <= 0) {
@error("Required binary could not be found", "", "", $cfg['isAdmin'] ? array('cksfv is required for sfv-checking', 'Specified cksfv-binary does not exist: ' . $cfg['bin_cksfv'], 'Check Settings on Admin-Server-Settings Page') : array('Please contact an Admin')); } // target $dir = tfb_getRequestVar('dir'); $file = tfb_getRequestVar('file'); // validate dir + file if (!empty($dir)) { $dirS = str_replace($cfg["path"], '', $dir); if (!(tfb_isValidPath($dir) && hasPermission($dirS, $cfg["user"], 'r'))) { AuditAction($cfg["constants"]["error"], "ILLEGAL SFV-ACCESS: " . $cfg["user"] . " tried to check " . $dirS); @error("Illegal access. Action has been logged.", "", ""); } } if (!empty($file)) { $fileS = str_replace($cfg["path"], '', $file); if (!(tfb_isValidPath($file) && isValidEntry(basename($file)) && hasPermission($fileS, $cfg["user"], 'r'))) { AuditAction($cfg["constants"]["error"], "ILLEGAL SFV-ACCESS: " . $cfg["user"] . " tried to check " . $fileS); @error("Illegal access. Action has been logged.", "", ""); } } // init template-instance tmplInitializeInstance($cfg["theme"], "page.checkSFV.tmpl"); // process $cmd = $cfg['bin_cksfv'] . ' -C ' . tfb_shellencode($dir) . ' -f ' . tfb_shellencode($file); $handle = popen($cmd . ' 2>&1', 'r'); $buff = isset($cfg["debuglevel"]) && $cfg["debuglevel"] == 2 ? "<strong>Debug:</strong> Evaluating command:<br/><br/><pre>" . tfb_htmlencode($cmd) . "</pre><br/>Output follows below:<br/>" : ""; $buff .= "<pre>"; while (!feof($handle)) { $buff .= tfb_htmlencode(@fgets($handle, 30)); } $tmpl->setvar('buff', $buff);
} } else { $file = $_POST['file']; $targetDir = ""; if (isset($_POST['dest'])) { $tempDir = trim(rawurldecode($_POST['dest'])); if (strlen($tempDir) > 0) { $targetDir = $tempDir; } else { if (isset($_POST['selector'])) { $targetDir = trim(urldecode($_POST['selector'])); } } } // only valid dirs + entries with permission if (!(tfb_isValidPath($cfg["path"] . $file) && tfb_isValidPath($targetDir) && isValidEntry(basename($cfg["path"] . $file)) && hasPermission($file, $cfg["user"], 'w'))) { AuditAction($cfg["constants"]["error"], "ILLEGAL MOVE: " . $cfg["user"] . " tried to move " . $file . " to " . $targetDir); @error("Illegal move. Action has been logged.", "", ""); } // we need absolute paths or stuff will end up in docroot // inform user .. don't move it into a fallback-dir which may be a hassle $dirValid = true; if (strlen($targetDir) <= 0) { $dirValid = false; } else { if ($targetDir[0] != '/') { $tmpl->setvar('not_absolute', 1); $dirValid = false; } else { $tmpl->setvar('not_absolute', 0); }
<?php $out = array(); require 'header.php'; if (isGET('draft') && isAdmin() && isValidEntry('drafts', GET('draft'))) { $draft = GET('draft'); if (check('title') && check('content') && check('id')) { $post = newEntry(cleanMagic($_POST['id'])); $postEntry['title'] = clean(cleanMagic($_POST['title'])); $postEntry['content'] = cleanMagic($_POST['content']); $postEntry['locked'] = $_POST['locked'] === 'yes'; $addedTags = $_POST['tags'] ? $_POST['tags'] : array(); $postEntry['tags'] = $addedTags; saveEntry('posts', $post, $postEntry); foreach ($addedTags as $tag) { $tagEntry = readEntry('tags', $tag); $tagEntry['posts'][$post] = $post; saveEntry('tags', $tag, $tagEntry); } deleteEntry('drafts', $draft); redirect('view.php?post=' . $post); } else { $draftEntry = readEntry('drafts', $draft); $tagOptions = array(); foreach (listEntry('tags') as $tag) { $tagEntry = readEntry('tags', $tag); $tagOptions[$tag] = $tagEntry['name']; } $out['title'] = $lang['publishPost'] . ': ' . $draftEntry['title']; $out['content'] .= '<form action="./publish.php?draft=' . $draft . '" method="post"> <p>' . text('title', $draftEntry['title']) . '</p>
/** * recursive chmod * * @param $path * @param $mode * @return boolean */ function chmodRecursive($path, $mode = 0777) { if (!@is_dir($path) && isValidEntry(basename($path))) { return @chmod($path, $mode); } $dirHandle = opendir($path); while ($file = readdir($dirHandle)) { if (isValidEntry(basename($file))) { $fullpath = $path . '/' . $file; if (!@is_dir($fullpath)) { if (!@chmod($fullpath, $mode)) { return false; } } else { if (!chmodRecursive($fullpath, $mode)) { return false; } } } } closedir($dirHandle); return isValidEntry(basename($path)) && @chmod($path, $mode); }
} /******************************************************************************/ // common functions require_once 'inc/functions/functions.common.php'; // dir functions require_once 'inc/functions/functions.dir.php'; // is enabled ? if ($cfg["enable_view_nfo"] != 1) { AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to use nfo-viewer"); @error("nfo-viewer is disabled. Action has been logged.", "", ""); } // target $file = UrlHTMLSlashesDecode(tfb_getRequestVar("path")); $path = $cfg["path"] . $file; // only valid dirs + entries with permission if (!((tfb_isValidPath($path, ".nfo") || tfb_isValidPath($path, ".txt") || tfb_isValidPath($path, ".log")) && isValidEntry($file) && hasPermission($file, $cfg["user"], 'r'))) { AuditAction($cfg["constants"]["error"], "ILLEGAL NFO-ACCESS: " . $cfg["user"] . " tried to view " . $file); @error("Illegal access. Action has been logged.", "", ""); } // init template-instance tmplInitializeInstance($cfg["theme"], "page.viewnfo.tmpl"); // set vars $tmpl->setvar('file', $file); $folder = htmlspecialchars(substr($file, 0, strrpos($file, "/"))); $tmpl->setvar('folder', $folder); if ($fileHandle = @fopen($path, 'r')) { $output = ""; while (!@feof($fileHandle)) { $output .= @fgets($fileHandle, 4096); } @fclose($fileHandle);
} // read in entries $entrys = array(); $entrysDirs = array(); $entrysFiles = array(); $handle = opendir($dirName); while (false !== ($entry = readdir($handle))) { if (empty($dir)) { // parent dir if (isValidEntry($entry) && hasPermission($entry, $cfg["user"], 'r')) { array_push($entrys, $entry); } } else { // sub-dir if (hasPermission($dir, $cfg["user"], 'r')) { if (isValidEntry($entry)) { if (is_dir($dirName . $entry)) { array_push($entrysDirs, $entry); } else { array_push($entrysFiles, $entry); } } } } } closedir($handle); natcasesort($entrysDirs); natcasesort($entrysFiles); $entrys = array_merge($entrysFiles, $entrysDirs, $entrys); // process entries and fill dir- + file-array $list = array();
$buff = ""; while (!feof($handle)) { $buff .= fgets($handle, 30); } $tmpl->setvar('buff', nl2br($buff)); pclose($handle); } // set vars if (isset($_REQUEST['file']) && $_REQUEST['file'] != "") { $file = tfb_getRequestVar('file'); $dir = tfb_getRequestVar('dir'); $file = str_replace($cfg["path"], '', $file); $dir = str_replace($cfg["path"], '', $dir); $targetFile = $cfg["path"] . $file; // only valid dirs + entries with permission if (!(tfb_isValidPath($targetFile) && isValidEntry(basename($targetFile)) && hasPermission($file, $cfg["user"], 'r') && hasPermission($dir, $cfg["user"], 'w'))) { AuditAction($cfg["constants"]["error"], "ILLEGAL UNCOMPRESS-ACCESS: " . $cfg["user"] . " tried to uncompress " . $file); @error("Illegal access. Action has been logged.", "", ""); } // $tmpl->setvar('is_file', 1); $tmpl->setvar('url_file', str_replace('%2F', '/', urlencode($cfg["path"] . $file))); $tmpl->setvar('url_dir', str_replace('%2F', '/', urlencode($cfg["path"] . $dir))); $tmpl->setvar('type', tfb_getRequestVar('type')); } else { $tmpl->setvar('is_file', 0); } // tmplSetTitleBar('Uncompress File', false); tmplSetIidVars(); // parse template
$linkEntry = readEntry('links', $link); if (check('name') && check('url')) { $linkEntry['name'] = clean(cleanMagic($_POST['name'])); $linkEntry['url'] = clean(cleanMagic($_POST['url'])); saveEntry('links', $link, $linkEntry); home(); } else { $out['title'] = $lang['editLink'] . ': ' . $linkEntry['name']; $out['content'] .= '<form action="./edit.php?link=' . $link . '" method="post"> <p>' . text('name', $linkEntry['name']) . '</p> <p>' . text('url', $linkEntry['url']) . '</p> <p>' . submitAdmin($lang['confirm']) . '</p> </form>'; } } else { if (isGET('tag') && isAdmin() && isValidEntry('tags', GET('tag'))) { $tagEntry = readEntry('tags', GET('tag')); if (check('name')) { $tagEntry['name'] = clean(cleanMagic($_POST['name'])); saveEntry('tags', GET('tag'), $tagEntry); home(); } else { $out['title'] = $lang['editTag'] . ': ' . $tagEntry['name']; $out['content'] .= '<form action="./edit.php?tag=' . GET('tag') . '" method="post"> <p>' . text('name', $tagEntry['name']) . '</p> <p>' . submitAdmin($lang['confirm']) . '</p> </form>'; } } else { home(); }
$postEntry['content'] = cleanMagic($_POST['content']); $post = newEntry(cleanMagic($_POST['id'])); saveEntry('drafts', $post, $postEntry); redirect('view.php?draft=' . $post); } else { $out['title'] = $lang['newPost']; $out['content'] .= '<form action="./add.php?draft" method="post"> <p>' . text('title') . '</p> <p>' . text('id') . '</p> <p>' . textarea('content') . '</p> <p>' . submitAdmin($lang['confirm']) . '</p> </form>'; $out['content'] .= isPOST('content') ? box(cleanMagic($_POST['content'])) : ''; } } else { if (isGET('comment') && isValidEntry('posts', GET('comment'))) { $postEntry = readEntry('posts', GET('comment')); if ($postEntry['locked']) { home(); } else { if (checkBot() && check('name', $config['maxNameLength']) && check('content', $config['maxCommentLength'])) { $commentEntry['content'] = clean(cleanMagic($_POST['content'])); $commentEntry['post'] = GET('comment'); $comment = newEntry(); $commentEntry['commenter'] = clean(cleanMagic($_POST['name'])); saveEntry('comments', $comment, $commentEntry); $postEntry['comments'][$comment] = $comment; saveEntry('posts', GET('comment'), $postEntry); $_SESSION[$comment] = $comment; redirect('view.php?post=' . GET('comment') . '/pages/' . pageOf($comment, $postEntry['comment']) . '#' . $comment); } else {