/**
* Saves the settings.
*/
private final function _save()
{
$data = $_POST['setting'];
// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'setting')) {
Flash::set('error', __('Invalid CSRF token found!'));
Observer::notify('csrf_token_invalid', AuthUser::getUserName());
redirect(get_url('setting'));
}
} else {
Flash::set('error', __('No CSRF token found!'));
Observer::notify('csrf_token_not_found', AuthUser::getUserName());
redirect(get_url('setting'));
}
if (!isset($data['allow_html_title'])) {
$data['allow_html_title'] = 'off';
}
use_helper('Kses');
$allowed = array('img' => array('src' => array()), 'abbr' => array('title' => array()), 'acronym' => array('title' => array()), 'b' => array(), 'blockquote' => array('cite' => array()), 'br' => array(), 'code' => array(), 'em' => array(), 'i' => array(), 'p' => array(), 'strike' => array(), 'strong' => array());
$data['admin_title'] = kses(trim($data['admin_title']), $allowed);
Setting::saveFromData($data);
Flash::set('success', __('Settings have been saved!'));
redirect(get_url('setting'));
}
public function browse()
{
$this->_checkPermission();
$params = func_get_args();
$this->path = join('/', $params);
// make sure there's a / at the end
if (substr($this->path, -1, 1) != '/') {
$this->path .= '/';
}
//security
// we dont allow back link
if (strpos($this->path, '..') !== false) {
if (Plugin::isEnabled('statistics_api')) {
$user = null;
if (AuthUser::isLoggedIn()) {
$user = AuthUser::getUserName();
}
$ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
$event = array('event_type' => 'hack_attempt', 'description' => __('A possible hack attempt was detected.'), 'ipaddress' => $ip, 'username' => $user);
Observer::notify('stats_file_manager_hack_attempt', $event);
}
}
$this->fullpath = FILES_DIR . '/sidebarlink/images/';
// clean up nicely
$this->fullpath = preg_replace('/\\/\\//', '/', $this->fullpath);
$this->display('sidebarlink/index', array('dir' => $this->path, 'files' => $this->_getListFiles(), 'sidebarlinks' => Record::findAllFrom('SidebarLink', '1=1 ORDER BY id desc'), 'pages' => Record::findAllFrom('Page', 'parent_id=1 OR parent_id=0 order by parent_id,position')));
}
function ru_logout()
{
// Allow plugins to handle logout events
Observer::notify('logout_requested');
$username = AuthUser::getUserName();
AuthUser::logout();
Observer::notify('admin_after_logout', $username);
redirect(get_url());
}
public function browse()
{
$this->_checkPermission();
$params = func_get_args();
$this->path = join('/', $params);
// make sure there's a / at the end
if (substr($this->path, -1, 1) != '/') {
$this->path .= '/';
}
//security
// we dont allow back link
if (strpos($this->path, '..') !== false) {
if (Plugin::isEnabled('statistics_api')) {
$user = null;
if (AuthUser::isLoggedIn()) {
$user = AuthUser::getUserName();
}
$ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
$event = array('event_type' => 'hack_attempt', 'description' => __('A possible hack attempt was detected.'), 'ipaddress' => $ip, 'username' => $user);
Observer::notify('stats_file_manager_hack_attempt', $event);
}
}
$this->display('testimonial/index', array('testimonials' => Record::query('select * from ' . TABLE_PREFIX . 'testimonial ORDER BY ' . TABLE_PREFIX . 'testimonial.sequence, ' . TABLE_PREFIX . 'testimonial.id desc'), 'pages' => Record::findAllFrom('Page', 'parent_id=1 order by parent_id,position')));
}
public function browse()
{
$this->_checkPermission();
$params = func_get_args();
$this->path = join('/', $params);
// make sure there's a / at the end
if (substr($this->path, -1, 1) != '/') {
$this->path .= '/';
}
//security
// we dont allow back link
if (strpos($this->path, '..') !== false) {
if (Plugin::isEnabled('statistics_api')) {
$user = null;
if (AuthUser::isLoggedIn()) {
$user = AuthUser::getUserName();
}
$ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
$event = array('event_type' => 'hack_attempt', 'description' => __('A possible hack attempt was detected.'), 'ipaddress' => $ip, 'username' => $user);
Observer::notify('stats_file_manager_hack_attempt', $event);
}
}
$this->fullpath = FILES_DIR . '/themes/promo/images/';
// clean up nicely
$this->fullpath = preg_replace('/\\/\\//', '/', $this->fullpath);
$newss = Record::query('select * from ' . TABLE_PREFIX . 'news ORDER BY type, sequence asc, id desc');
$this->display('news/index', array('dir' => $this->path, 'files' => $this->_getListFiles(), 'newss' => $newss));
}
/**
* Saves the edited Snippet.
*
* @todo Merge _edit() and edit()
*
* @param string $id Snippet id.
*/
private function _edit($id)
{
$data = $_POST['snippet'];
$data['id'] = $id;
// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'snippet/edit')) {
Flash::set('post_data', (object) $data);
Flash::set('error', __('Invalid CSRF token found!'));
Observer::notify('csrf_token_invalid', AuthUser::getUserName());
redirect(get_url('snippet/edit/' . $id));
}
} else {
Flash::set('post_data', (object) $data);
Flash::set('error', __('No CSRF token found!'));
Observer::notify('csrf_token_not_found', AuthUser::getUserName());
redirect(get_url('snippet/edit/' . $id));
}
$snippet = new Snippet($data);
if (!$snippet->save()) {
Flash::set('post_data', (object) $data);
Flash::set('error', __('Snippet :name has not been saved. Name must be unique!', array(':name' => $snippet->name)));
redirect(get_url('snippet/edit/' . $id));
} else {
Flash::set('success', __('Snippet :name has been saved!', array(':name' => $snippet->name)));
Observer::notify('snippet_after_edit', $snippet);
}
// save and quit or save and continue editing?
if (isset($_POST['commit'])) {
redirect(get_url('snippet'));
} else {
redirect(get_url('snippet/edit/' . $id));
}
}
public function view()
{
$params = func_get_args();
$content = '';
$filename = urldecode(join('/', $params));
// Sanitize filename for securtiy
// We don't allow backlinks
if (strpos($filename, '..') !== false) {
if (Plugin::isEnabled('statistics_api')) {
$user = null;
if (AuthUser::isLoggedIn()) {
$user = AuthUser::getUserName();
}
$ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
$event = array('event_type' => 'hack_attempt', 'description' => __('A possible hack attempt was detected.'), 'ipaddress' => $ip, 'username' => $user);
Observer::notify('stats_file_manager_hack_attempt', $event);
}
}
$filename = str_replace('..', '', $filename);
// Clean up nicely
$filename = str_replace('//', '', $filename);
// We don't allow leading slashes
$filename = preg_replace('/^\\//', '', $filename);
$file = FILES_DIR . '/' . $filename;
if (!$this->_isImage($file) && file_exists($file)) {
$content = file_get_contents($file);
}
$this->display('file_manager/views/view', array('is_image' => $this->_isImage($file), 'filename' => $filename, 'content' => $content));
}
/**
* Allows a user to logout.
*/
function logout()
{
// CSRF checks
if (isset($_GET['csrf_token'])) {
$csrf_token = $_GET['csrf_token'];
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'login/logout')) {
Flash::set('error', __('Invalid CSRF token found!'));
redirect(get_url());
}
} else {
Flash::set('error', __('No CSRF token found!'));
redirect(get_url());
}
// Allow plugins to handle logout events
Observer::notify('logout_requested');
$username = AuthUser::getUserName();
AuthUser::logout();
// Also eat cookies that were set by JS for backend gui
setcookie("expanded_rows", "", time() - 3600);
setcookie("meta_tab", "", time() - 3600);
setcookie("page_tab", "", time() - 3600);
Observer::notify('admin_after_logout', $username);
redirect(get_url());
}
/**
* Allows a user to logout.
*/
function logout()
{
$username = AuthUser::getUserName();
AuthUser::logout();
Observer::notify('admin_after_logout', $username);
redirect(get_url());
}
/**
* Saves the settings.
*/
private final function _save()
{
$data = $_POST['setting'];
// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'setting')) {
Flash::set('error', __('Invalid CSRF token found!'));
Observer::notify('csrf_token_invalid', AuthUser::getUserName());
redirect(get_url('setting'));
}
} else {
Flash::set('error', __('No CSRF token found!'));
Observer::notify('csrf_token_not_found', AuthUser::getUserName());
redirect(get_url('setting'));
}
if (!isset($data['allow_html_title'])) {
$data['allow_html_title'] = 'off';
}
Setting::saveFromData($data);
Flash::set('success', __('Settings have been saved!'));
redirect(get_url('setting'));
}
public function browse_cat($cat_id)
{
$this->_checkPermission();
$params = func_get_args();
$this->path = join('/', $params);
// make sure there's a / at the end
if (substr($this->path, -1, 1) != '/') {
$this->path .= '/';
}
//security
// we dont allow back link
if (strpos($this->path, '..') !== false) {
if (Plugin::isEnabled('statistics_api')) {
$user = null;
if (AuthUser::isLoggedIn()) {
$user = AuthUser::getUserName();
}
$ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
$event = array('event_type' => 'hack_attempt', 'description' => __('A possible hack attempt was detected.'), 'ipaddress' => $ip, 'username' => $user);
Observer::notify('stats_file_manager_hack_attempt', $event);
}
}
$this->fullpath = FILES_DIR . '/themes/news/images/';
// clean up nicely
$this->fullpath = preg_replace('/\\/\\//', '/', $this->fullpath);
$news_arr = News::findByCatId($cat_id);
$category_name = News::getCategoryName($cat_id);
$this->display('news/view_news', array('dir' => $this->path, 'files' => $this->_getListFiles(), 'news_arr' => $news_arr, 'category_name' => $category_name, 'cat_id' => $cat_id));
}
/**
* Allows a user to logout.
*/
function logout()
{
// CSRF checks
if (isset($_GET['csrf_token'])) {
$csrf_token = $_GET['csrf_token'];
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'login/logout')) {
Flash::set('error', __('Invalid CSRF token found!'));
redirect(get_url());
}
} else {
Flash::set('error', __('No CSRF token found!'));
redirect(get_url());
}
// Allow plugins to handle logout events
Observer::notify('logout_requested');
$username = AuthUser::getUserName();
AuthUser::logout();
Observer::notify('admin_after_logout', $username);
redirect(get_url());
}
