function securefile($_params) { global $REX; $myself = 'xmediapool_password'; $m = OOMedia::getMediaByFilename($_params['filename']); $password = $m->getValue('med_' . $myself . '_password'); // htaccess-Datei auslesen $htaccess_path = rtrim($REX['MEDIAFOLDER'], '/\\') . '/.htaccess'; $htaccess = ''; if (file_exists($htaccess_path)) { $htaccess = file_get_contents($htaccess_path); } // RewriteBase ermitteln $base = trim(str_replace('\\', '/', substr(realpath($REX['MEDIAFOLDER']), strlen(realpath($_SERVER['DOCUMENT_ROOT'])))), '/'); $frontend = str_replace('//', '/', '/' . trim(str_replace('\\', '/', substr(realpath($REX['FRONTEND_PATH']), strlen(realpath($_SERVER['DOCUMENT_ROOT'])))), '/') . '/'); $lines = array(); $lines[] = "RewriteEngine On\nRewriteBase /" . $base; // vorhandene Passwort geschützte Dateien auslesen $already_secured = false; if (preg_match_all('~^RewriteRule \\^(.*)\\$\\s.*$~im', $htaccess, $matches, PREG_SET_ORDER)) { foreach ($matches as $match) { // Wenn bei einer Datei ein Passwort gelöscht wurde, dann diese Datei nicht mehr schützen if ($match[1] == preg_quote($_params['filename'], '~')) { if (!strlen($password)) { continue; } else { $already_secured = true; } } $lines[] = sprintf('RewriteRule ^%s$ http://%%{HTTP_HOST}%s%s [R=302,L]', $match[1], $frontend, ltrim(rex_geturl($REX['ADDON']['DOWNLOAD_FORM_ARTICLE_ID'][$myself], '', array($myself . '_filename' => stripslashes($match[1])), '&'), '/')); } } // neue passwortgeschützte Datei hinzufügen if (!$already_secured and strlen($password)) { $lines[] = sprintf('RewriteRule ^%s$ http://%%{HTTP_HOST}/%s%s [R=302,L]', preg_quote($_params['filename'], '~'), $frontend, ltrim(rex_geturl($REX['ADDON']['DOWNLOAD_FORM_ARTICLE_ID'][$myself], '', array($myself . '_filename' => $_params['filename']), '&'), '/')); } // Daten in die htaccess-Datei schreiben file_put_contents($htaccess_path, implode("\n", $lines)); }
/** * Indexes a certain article. * * @param int $_id * @param mixed $_clang * * @return int */ function indexArticle($_id, $_clang = false) { global $REX; if ($_clang === false) { $langs = $this->languages; } else { $langs = array(intval($_clang) => $this->languages[intval($_clang)]); } $return = array(); $keywords = array(); foreach ($langs as $langID => $v) { if (in_array($_id, $this->excludeIDs)) { $return[$v] = A587_ART_EXCLUDED; continue; } $REX['CUR_CLANG'] = $langID; $delete = new rex_sql(); $where = sprintf("ftable = '%s' AND fid = %d AND clang = %d", $delete->escape($this->tablePrefix . 'article'), $_id, $langID); // delete from cache $select = new rex_sql(); $select->setTable($this->tablePrefix . '587_searchindex'); $select->setWhere($where); $select->select('id'); $indexIds = array(); foreach ($select->getArray() as $result) { $indexIds[] = $result['id']; } $this->deleteCache($indexIds); // delete old $delete->setTable($this->tablePrefix . '587_searchindex'); $delete->setWhere($where); $delete->delete(); // index article $article = OOArticle::getArticleById(intval($_id), $langID); if (is_object($article) and ($article->isOnline() or $this->indexOffline)) { $this->beginFrontendMode(); if (ini_get('allow_url_fopen') and $this->indexViaHTTP) { $articleText = @file_get_contents('http://' . $_SERVER['HTTP_HOST'] . substr($_SERVER['PHP_SELF'], 0, strpos($_SERVER['PHP_SELF'], '/redaxo/') + 1) . rex_geturl($_id, $langID, '', '&')); } elseif ($_id != 0 and $this->dontIndexRedirects) { $rex_article = new rex_article(intval($_id), $langID); $article_content_file = $this->generatedPath . '/articles/' . $_id . '.' . $langID . '.content'; if (!file_exists($article_content_file)) { include_once $this->includePath . "/functions/function_rex_generate.inc.php"; $generated = rex_generateArticleContent($_id, $langID); if ($generated !== true) { $return[$v] = A587_ART_IDNOTFOUND; continue; } } if (file_exists($article_content_file) and preg_match($this->encodeRegex('~(header\\s*\\(\\s*["\']\\s*Location\\s*:)|(rex_redirect\\s*\\()~is'), rex_get_file_contents($article_content_file))) { $return[$v] = A587_ART_REDIRECT; continue; } if ($this->indexWithTemplate) { $articleText = $rex_article->getArticleTemplate(); } else { $articleText = $rex_article->getArticle(); } if ($this->ep_outputfilter) { $tmp = array('artid' => $REX['ARTICLE_ID'], 'clang' => $REX['CUR_CLANG']); $REX['ARTICLE_ID'] = $_id; $REX['CUR_CLANG'] = $langID; $articleText = rex_register_extension_point('OUTPUT_FILTER', $articleText, array('environment' => 'frontend', 'sendcharset' => false)); $REX['ARTICLE_ID'] = $tmp['artid']; $REX['CUR_CLANG'] = $tmp['clang']; } } $insert = new rex_sql(); $articleData = array(); $articleData['texttype'] = 'article'; $articleData['ftable'] = $this->tablePrefix . 'article'; $articleData['fcolumn'] = NULL; $articleData['clang'] = $article->getClang(); $articleData['fid'] = intval($_id); $articleData['catid'] = $article->getCategoryId(); $articleData['unchangedtext'] = $insert->escape($articleText); $articleData['plaintext'] = $insert->escape($plaintext = $this->getPlaintext($articleText)); if (array_key_exists($REX['TABLE_PREFIX'] . 'article', $this->includeColumns)) { $additionalValues = array(); $select->flush(); $select->setTable($REX['TABLE_PREFIX'] . 'article'); $select->setWhere('id = ' . $_id . ' AND clang = ' . $langID); $select->select('`' . implode('`,`', $this->includeColumns[$REX['TABLE_PREFIX'] . 'article']) . '`'); foreach ($this->includeColumns[$REX['TABLE_PREFIX'] . 'article'] as $col) { $additionalValues[$col] = $select->getValue($col); } $articleData['values'] = $insert->escape(serialize($additionalValues)); } foreach (preg_split($this->encodeRegex('~[[:punct:][:space:]]+~ism'), $plaintext) as $keyword) { if ($this->significantCharacterCount <= mb_strlen($keyword, 'UTF-8')) { $keywords[] = array('search' => $keyword, 'clang' => $langID); } } $articleData['teaser'] = $insert->escape($this->getTeaserText($plaintext)); $insert->setTable($this->tablePrefix . '587_searchindex'); $insert->setValues($articleData); $insert->insert(); $this->endFrontendMode(); $return[$langID] = A587_ART_GENERATED; } } $this->storeKeywords($keywords, false); return $return; }
$value = $values[$nummer]; $zaehler = $zaehler + 1; $outback .= '<div class="bereichswrapper"><h2>Bereich ' . $zaehler . '</h2>' . PHP_EOL; /**** * * Link * ****/ $link = ''; $linkanfang = ''; $linkende = ''; $outback_link = ''; if ($value['link_intern'] or $value['link_extern'] != '') { $outback_link .= '<h3>Link</h3>' . PHP_EOL; if ($value['link_intern'] != 0) { $linkanfang = '<a href="' . rex_geturl($value['link_intern'], rex_clang::getCurrentId()) . '">'; $article = rex_article::get($value['link_intern']); $name = $article->getName(); $outback_link .= ' <div class="form-group"> <label class="col-sm-3 control-label">Link intern</label> <div class="col-sm-9"> <a href="index.php?page=content&article_id=' . $value['link_intern'] . '&mode=edit">' . $name . ' (ID = ' . $value['link_intern'] . ')</a> </div> </div>' . PHP_EOL; } if ($value['link_extern'] != '') { $linkanfang = '<a class="extern" href="' . $value['link_extern'] . '">'; $outback_link .= ' <div class="form-group"> <label class="col-sm-3 control-label">Link extern</label>
/** * gbook_form_output * * @param Admin-EMail * @param Danke-Text * @param DebugLevel Verschiedene Stufen zur Debugausgabe (vorerst nur per EMail) * */ function gbook_form_output($notificationEmail, $danke_text, $debuglevel, $formular_an_aus) { global $REX; // vordefinieren einiger Variablen $error = ''; $name = ''; $email = ''; $url = 'http://'; $city = ''; $text = ''; if (!isset($danke_text)) { $danke_text = ''; } /** * Um Spameinträge zu erschweren wurden die Feldnamen 'email' und 'url' * im Formular untereinander getauscht. Diese müssen nun zurückgetauscht werden. * Der normale Benutzer sollte davon nichts bemerken. */ if (isset($_POST['email']) and $_POST['email'] != '') { $url_temp = $_POST['email']; } else { $url_temp = ''; } if (isset($_POST['url']) and $_POST['url'] != '') { $email_temp = $_POST['url']; } else { $email_temp = ''; } // gib den POST-Variablen die richtigen Werte $_POST['url'] = $url_temp; $_POST['email'] = $email_temp; // Wird true, wenn eine Eintrag erfolgreich geschrieben wurde $Eintrag_geschrieben = false; if (!isset($_POST['name'])) { $_POST['name'] = ''; } if (!isset($_POST['text'])) { $_POST['text'] = ''; } if (!isset($_POST['url'])) { $_POST['url'] = ''; } if (!isset($_POST['email'])) { $_POST['email'] = ''; } if (!isset($_POST['city'])) { $_POST['city'] = ''; } // gbook_formularPostCheck($postvars, $domainname = false) if (($errorfields = validFields()) === true and gbook_formularPostCheck(array($_POST['name'], $_POST['text'], $_POST['url'], $_POST['email'], $_POST['city']))) { $author_value = checkPostVarForMySQL($_POST['name']); $message_value = checkPostVarForMySQL($_POST['text']); // wurde keine URL angegeben, entferne die "HTTP://"-Vorgabe if ($_POST['url'] == 'http://') { $_POST['url'] = ''; } $url_value = checkPostVarForMySQL($_POST['url'], 'NULL'); $email_value = checkPostVarForMySQL($_POST['email'], 'NULL'); $city_value = checkPostVarForMySQL($_POST['city'], 'NULL'); // Thema Sicherheit: // $status ist endweder 1, 0 oder false // die Funktion gbook_readStatusFromFile() läßt keine andere Rückgabe zu $status = gbook_readStatusFromFile(); if ($status === false) { echo 'Fehler bei Statusermittlung des Eintrages aufgetreten. Setze Defaultwert 0. '; $status_db = 'status = "0",'; } else { $status_db = 'status = "' . $status . '",'; } //$qry = 'INSERT INTO '.TBL_GBOOK.' SET author = "'.$author.'", message = "'.$message.'", url ="'.$url.'", email="'.$email.'", city="'.$city.'", created = UNIX_TIMESTAMP()'; $qry = 'INSERT INTO ' . TBL_GBOOK . ' SET ' . $status_db . ' author = ' . $author_value . ', message = ' . $message_value . ', url = ' . $url_value . ', email = ' . $email_value . ', city = ' . $city_value . ', created = UNIX_TIMESTAMP()'; $sql = new rex_sql(); //$sql->debugsql = true; $sql->setQuery($qry); $Eintrag_geschrieben = true; // EMail an Admin if ($notificationEmail != '') { // DEBUG-Informationen zusammenstellen $debug_inhalt = ''; if ($debuglevel == 1) { $debug_inhalt = "\r\n\r\n ==== DEBUG-INFORMATIONEN ==== \r\n"; if (isset($_POST) and count($_POST) != 0) { $debug_inhalt .= "\n === POST ===\n"; foreach ($_POST as $key => $wert) { $debug_inhalt .= $key . ': ' . $wert . "\n"; } } if (isset($_GET) and count($_GET) != 0) { $debug_inhalt .= "\n === GET ===\n"; foreach ($_GET as $key => $wert) { $debug_inhalt .= $key . ': ' . $wert . "\n"; } } if (isset($_SERVER) and count($_SERVER) != 0) { $debug_inhalt .= "\n === SERVER ===\n"; foreach ($_SERVER as $key => $wert) { $debug_inhalt .= $key . ': ' . $wert . "\n"; } } } // if ($debuglevel == 1) $mail_host = !strstr($REX['SERVER'], 'http://') && !strstr($REX['SERVER'], 'https://') ? 'http://' . $REX['SERVER'] : $REX['SERVER']; if ($mail_host[strlen($mail_host) - 1] != '/') { $mail_host .= '/'; } $mail_server = $mail_host . '/redaxo'; /* $mail_author = htmlspecialchars(rex_post('name', 'string')); $mail_message = htmlspecialchars(rex_post('text', 'string')); $mail_url = htmlspecialchars(rex_post('url', 'string')); $mail_email = htmlspecialchars(rex_post('email', 'string')); $mail_city = htmlspecialchars(rex_post('city', 'string')); */ $mail_author = strip_tags(rex_post('name', 'string')); $mail_message = strip_tags(rex_post('text', 'string')); $mail_url = strip_tags(rex_post('url', 'string')); $mail_email = strip_tags(rex_post('email', 'string')); $mail_city = strip_tags(rex_post('city', 'string')); $mail_betreff = 'Neuer Gästebucheintrag für ' . $mail_host; $mail_nachricht = 'Im Gästebuch für die Webseite "' . $mail_host . '" wurde ein neuer Eintrag erstellt.' . "\r\n\r\n"; $mail_nachricht .= 'Name: ' . $mail_author . "\r\n"; $mail_nachricht .= 'Homepage: ' . $mail_url . "\r\n"; $mail_nachricht .= 'eMail: ' . $mail_email . "\r\n"; $mail_nachricht .= 'Wohnort: ' . $mail_city . "\r\n\r\n"; $mail_nachricht .= 'Nachricht: ' . $mail_message . "\r\n\r\n\r\n"; //$nachricht .= 'Hinweis: Dieser Eintrag wurde bei der Einstellung "Ver�ffentlichung nach Freigabe" deaktiviert gespeichert und erscheint erst dann in Ihren G�stebuch, wenn Sie den Eintrag aktiviert haben. Zum Log-In Bereich geht es unter '.$server."\r\n"; // DebugInfo anhängen, falls gewünscht $mail_nachricht .= $debug_inhalt; $header = 'MIME-Version: 1.0' . "\r\n"; //$header .= 'Content-type: text/plain; charset=iso-8859-1'."\r\n"; $header .= 'Content-type: text/plain; charset=utf-8' . "\r\n"; $header .= 'Content-Transfer-Encoding: 8bit' . "\r\n"; $header .= 'X-Mailer: PHP/' . phpversion() . "\r\n"; $header .= 'From: ' . $notificationEmail . "\r\n"; // $header .= 'Bcc: foo@david.koala'."\r\n"; if (class_exists('rex_mailer')) { $mail = new rex_mailer(); $mail->AddAddress($notificationEmail); $mail->Sender = $notificationEmail; $mail->From = $notificationEmail; //$mail->FromName = "REX_VALUE[8] |".$REX['SERVERNAME']; $mail->Subject = $mail_betreff; $mail->Body = $mail_nachricht; $mail->Send(); // Versenden } else { // Fallback mail($notificationEmail, $mail_betreff, $mail_nachricht, $header); } } } else { // if (($errorfields = validFields()) === true) // der Danke-Text erscheint nur nach dem erfolgreichen absenden des Formulares $danke_text = ''; // Wurde eine falsche Eingabe festgestellt, fülle die Eingabefelder wieder // mit den ursprünglichen Werten und gibt eine Fehlernachricht aus. if (!empty($_POST['gbook_save'])) { // var_dump($_POST); // Felder mit Werten füllen $name = $_POST['name']; $email = $_POST['email']; $url = $_POST['url']; $city = $_POST['city']; $text = $_POST['text']; $error = '<ul class="error">'; foreach ($errorfields as $fieldname) { $error .= '<li>Pflichtfeld "' . ucwords($fieldname) . '" bitte korrekt ausfüllen!</li>'; } $error .= '</ul>'; } // if (!empty ($_POST['gbook_save'])) } // else { // if (($errorfields = validFields()) === true) // AUSGABE der Seite // wenn Template-Klasse noch nicht eingebunden, dann hole sie jetzt rein if (!class_exists('Template')) { include_once $REX['INCLUDE_PATH'] . '/addons/guestbook/classes/template.inc.php'; } //$_ROOT['template'] = $REX['INCLUDE_PATH'].'/addons/guestbook/templates/'; /* create Template instance called $t */ $t = new Template(GBOOK_TEMPLATEPATH, "remove"); //$t->debug = 7; $danketext_templ = 'gb_frontend_danketext.html'; $formular_templ = 'gb_frontend_form.html'; $frontend_templ = 'gb_frontend.html'; /* lese Template-Datei */ $t->set_file(array('danketext' => $danketext_templ, 'formular' => $formular_templ, 'start' => $frontend_templ)); // Danketext $t->set_var(array("DANKE_TEXT_VALUE" => $danke_text)); // Formular //$adresse = rex_geturl($GLOBALS['article_id']); $adresse = rex_geturl(&$REX['ARTICLE_ID']); $t->set_var(array("FEHLERMELDUNG_VALUE" => $error, "ADRESSE_VALUE" => $adresse, "NAME_VALUE" => $name, "EMAIL_VALUE" => $email, "URL_VALUE" => $url, "WOHNORT_VALUE" => $city, "TEXT_VALUE" => $text)); // Teilseite zusammensetzen if (trim($danke_text) != '') { $danke_text_value = $t->parse("output", "danketext"); } else { $danke_text_value = ''; } // soll nur der Danke-Text ausgegeben werden, erstelle keine Formularseite if ($formular_an_aus == 0 and $Eintrag_geschrieben) { $formular_value = ''; } else { // Teilseite zusammensetzen $formular_value = $t->parse("output", 'formular'); } // Seite zusammensetzen $t->set_var(array("DANKE_TEXT" => $danke_text_value, 'FORMULAR' => $formular_value)); /* create Template instance called $t */ // $t = new Template(GBOOK_TEMPLATEPATH, "remove"); //$t->debug = 7; // $start_dir = 'gb_frontend_form.html'; /* lese Template-Datei */ /* $t->set_file(array("start" => $start_dir)); $t->set_var(array("DANKE_TEXT_VALUE" => $danke_text, "FEHLERMELDUNG_VALUE" => $error, "ARTICLE_ID_VALUE" => $GLOBALS['article_id'], "CLANG_VALUE" => $GLOBALS['clang'], "NAME_VALUE" => $name, "EMAIL_VALUE" => $email, "URL_VALUE" => $url, "WOHNORT_VALUE" => $city, "TEXT_VALUE" => $text )); */ // komplette Seite ausgeben $t->pparse("output", "start"); }