function run($dbi, $argstr, &$request, $basepage) { $this->allowed_extensions = explode("\n", "7z\navi\nbmp\nbz2\nc\ncfg\ndiff\ndoc\ndocx\nflv\ngif\nh\nics\nini\njpeg\njpg\nkmz\nmp3\nodg\nodp\nods\nodt\nogg\npatch\npdf\npng\nppt\npptx\nrar\nsvg\ntar\ntar.gz\ntxt\nxls\nxlsx\nxml\nxsd\nzip"); $this->disallowed_extensions = explode("\n", "ad[ep]\nasd\nba[st]\nchm\ncmd\ncom\ncgi\ncpl\ncrt\ndll\neml\nexe\nhlp\nhta\nin[fs]\nisp\njse?\nlnk\nmd[betw]\nms[cipt]\nnws\nocx\nops\npcd\np[ir]f\nphp\\d?\nphtml\npl\npy\nreg\nsc[frt]\nsh[bsm]?\nswf\nurl\nvb[esx]?\nvxd\nws[cfh]"); //removed "\{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}" $args = $this->getArgs($argstr, $request); extract($args); $file_dir = getUploadFilePath(); $file_dir .= "/"; $form = HTML::form(array('action' => $request->getPostURL(), 'enctype' => 'multipart/form-data', 'method' => 'post')); $contents = HTML::div(array('class' => 'wikiaction')); $contents->pushContent(HTML::input(array('type' => 'hidden', 'name' => 'MAX_FILE_SIZE', 'value' => MAX_UPLOAD_SIZE))); $contents->pushContent(HTML::input(array('name' => 'userfile', 'type' => 'file', 'size' => $size))); if ($mode == 'edit') { $contents->pushContent(HTML::input(array('name' => 'action', 'type' => 'hidden', 'value' => 'edit'))); $contents->pushContent(HTML::raw(" ")); $contents->pushContent(HTML::input(array('value' => _("Upload"), 'name' => 'edit[upload]', 'type' => 'submit'))); } else { $contents->pushContent(HTML::raw(" ")); $contents->pushContent(HTML::input(array('value' => _("Upload"), 'type' => 'submit'))); } $form->pushContent($contents); $message = HTML(); if ($request->isPost() and $this->only_authenticated) { // Make sure that the user is logged in. $user = $request->getUser(); if (!$user->isAuthenticated()) { if (defined('FUSIONFORGE') and FUSIONFORGE) { $message->pushContent(HTML::div(array('class' => 'error'), HTML::p(_("You cannot upload files.")), HTML::ul(HTML::li(_("Check you are logged in.")), HTML::li(_("Check you are in the right project.")), HTML::li(_("Check you are a member of the current project."))))); } else { $message->pushContent(HTML::div(array('class' => 'error'), HTML::p(_("ACCESS DENIED: You must log in to upload files.")))); } $result = HTML(); $result->pushContent($form); $result->pushContent($message); return $result; } } $userfile = $request->getUploadedFile('userfile'); if ($userfile) { $userfile_name = $userfile->getName(); $userfile_name = trim(basename($userfile_name)); if (UPLOAD_USERDIR) { $file_dir .= $request->_user->_userid; if (!file_exists($file_dir)) { mkdir($file_dir, 0775); } $file_dir .= "/"; $u_userfile = $request->_user->_userid . "/" . $userfile_name; } else { $u_userfile = $userfile_name; } $u_userfile = preg_replace("/ /", "%20", $u_userfile); $userfile_tmpname = $userfile->getTmpName(); $err_header = HTML::div(array('class' => 'error'), HTML::p(fmt("ERROR uploading '%s'", $userfile_name))); if (preg_match("/(\\." . join("|\\.", $this->disallowed_extensions) . ")(\\.|\$)/i", $userfile_name)) { $message->pushContent($err_header); $message->pushContent(HTML::p(fmt("Files with extension %s are not allowed.", join(", ", $this->disallowed_extensions)))); } elseif (!DISABLE_UPLOAD_ONLY_ALLOWED_EXTENSIONS and !preg_match("/(\\." . join("|\\.", $this->allowed_extensions) . ")\$/i", $userfile_name)) { $message->pushContent($err_header); $message->pushContent(HTML::p(fmt("Only files with the extension %s are allowed.", join(", ", $this->allowed_extensions)))); } elseif (preg_match("/[^._a-zA-Z0-9- ]/", strip_accents($userfile_name))) { $message->pushContent($err_header); $message->pushContent(HTML::p(_("Invalid filename. File names may only contain alphanumeric characters and dot, underscore, space or dash."))); } elseif (file_exists($file_dir . $userfile_name)) { $message->pushContent($err_header); $message->pushContent(HTML::p(fmt("There is already a file with name %s uploaded.", $u_userfile))); } elseif ($userfile->getSize() > MAX_UPLOAD_SIZE) { $message->pushContent($err_header); $message->pushContent(HTML::p(_("Sorry but this file is too big."))); } elseif (move_uploaded_file($userfile_tmpname, $file_dir . $userfile_name) or IsWindows() and rename($userfile_tmpname, $file_dir . $userfile_name)) { $interwiki = new PageType_interwikimap(); $link = $interwiki->link("Upload:{$u_userfile}"); $message->pushContent(HTML::div(array('class' => 'feedback'), HTML::p(_("File successfully uploaded.")), HTML::p($link))); // the upload was a success and we need to mark this event in the "upload log" if ($logfile) { $upload_log = $file_dir . basename($logfile); $this->log($userfile, $upload_log, $message); } if ($autolink) { require_once "lib/loadsave.php"; $pagehandle = $dbi->getPage($page); if ($pagehandle->exists()) { // don't replace default contents $current = $pagehandle->getCurrentRevision(); $version = $current->getVersion(); $text = $current->getPackedContent(); $newtext = $text . "\n* Upload:{$u_userfile}"; // don't inline images $meta = $current->_data; $meta['summary'] = sprintf(_("uploaded %s"), $u_userfile); $pagehandle->save($newtext, $version + 1, $meta); } } } else { $message->pushContent($err_header); $message->pushContent(HTML::br(), _("Uploading failed."), HTML::br()); } } else { $message->pushContent(HTML::br(), _("No file selected. Please select one."), HTML::br()); } //$result = HTML::div( array( 'class' => 'wikiaction' ) ); $result = HTML(); $result->pushContent($form); $result->pushContent($message); return $result; }
function get_webserver_details(&$remote_path, &$remote_root, &$local_webserver, &$php_ini, &$extensions_dir, &$remote_url, &$server_name, &$sapi_name, &$php_version) { $php_ini = (string) get_cfg_var("cfg_file_path"); $php_version = (string) phpversion(); $server_name = server('SERVER_NAME'); $client_addr = get_client_address(); $local_webserver = $client_addr == server('SERVER_ADDR') || $server_name == 'localhost'; $port = server('SERVER_PORT'); $sapi_name = php_sapi_name(); $extensions_dir = ini_get('extension_dir'); $remote_path = normalize_path(dirname(__FILE__) . DIRECTORY_SEPARATOR); $url_path = ''; if (isset($_SERVER['DOCUMENT_ROOT'])) { $remote_root = normalize_path($_SERVER['DOCUMENT_ROOT']); if (!empty($remote_root)) { $ch = $remote_root[strlen($remote_root) - 1]; if ($ch !== '/' && $ch !== "\\") { $remote_root = $remote_root . DIRECTORY_SEPARATOR; } } $url_path = @strstr($remote_path, $remote_root); $outside_of_root = $url_path === false; if (!$outside_of_root) { $url_path = substr($remote_path, strlen($remote_root)); } else { $url_path = server('REQUEST_URI'); $r = strrpos($url_path, '/'); if ($r === false) { $r = strlen($url_path); } $url_path = substr($url_path, 1, $r - 1); } if (!empty($url_path)) { $ch = $url_path[strlen($url_path) - 1]; if ($ch !== '/' && $ch !== "\\") { $url_path = $url_path . '/'; } } } else { $remote_root = ''; $outside_of_root = true; } if (IsWindows()) { $extensions_dir = str_replace("/", "\\", $extensions_dir); $remote_root = str_replace("/", "\\", $remote_root); $remote_path = str_replace("/", "\\", $remote_path); } $url_path = str_replace("\\", "/", $url_path); $is_ssl = strtolower(server('HTTPS')) == 'on' || server('SERVER_PORT') == 443; if (!empty($server_name)) { $remote_url = ($is_ssl ? "https://" : "http://") . $server_name; if (!empty($port) && !(!$is_ssl && $port == "80") && !($is_ssl && $port == 443)) { $remote_url .= ':' . $port; } if (!$outside_of_root || !empty($url_path)) { $remote_url .= '/' . $url_path; } else { if (empty($url_path)) { $remote_url .= '/'; } } } else { $remote_url = ''; } }
function restartApache() { if (IsWindows() == true) { $last_line = exec("C:\\ZPanel\\bin\\apache\\bin\\httpd.exe -k restart -n \"Apache\"", $return); TriggerLog(1, $b = "Usage Limiter - Apache restart returned : " . print_r($return) . " : " . $last_line); } else { $last_line = system("/etc/zpanel/bin/zsudo service " . GetSystemOption('lsn_apache') . " graceful"); TriggerLog(1, $b = "Usage Limiter - Apache graceful returned : " . $last_line); } }
function run($dbi, $argstr, &$request, $basepage) { $disablemsg = HTML(); $disablemsg->pushContent(HTML::h2("Upload is temporarily disabled."), HTML::br()); return $disablemsg; $this->disallowed_extensions = explode("\n", "ad[ep]\nasd\nba[st]\nchm\ncmd\ncom\ncgi\ncpl\ncrt\ndll\neml\nexe\nhlp\nhta\nin[fs]\nisp\njse?\nlnk\nmd[betw]\nms[cipt]\nnws\nocx\nops\npcd\np[ir]f\nphp\npl\npy\nreg\nsc[frt]\nsh[bsm]?\nswf\nurl\nvb[esx]?\nvxd\nws[cfh]"); //removed "\{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}" $args = $this->getArgs($argstr, $request); extract($args); $file_dir = getUploadFilePath(); //$url_prefix = SERVER_NAME . DATA_PATH; $form = HTML::form(array('action' => $request->getPostURL(), 'enctype' => 'multipart/form-data', 'method' => 'post')); $contents = HTML::div(array('class' => 'wikiaction')); $contents->pushContent(HTML::input(array('type' => 'hidden', 'name' => 'MAX_FILE_SIZE', 'value' => MAX_UPLOAD_SIZE))); $contents->pushContent(HTML::input(array('name' => 'userfile', 'type' => 'file', 'size' => '50'))); $contents->pushContent(HTML::raw(" ")); $contents->pushContent(HTML::input(array('value' => _("Upload"), 'type' => 'submit'))); $form->pushContent($contents); $message = HTML(); if ($request->isPost() and $this->only_authenticated) { // Make sure that the user is logged in. $user = $request->getUser(); if (!$user->isAuthenticated()) { $message->pushContent(HTML::h2(_("ACCESS DENIED: You must log in to upload files.")), HTML::br(), HTML::br()); $result = HTML(); $result->pushContent($form); $result->pushContent($message); return $result; } } $userfile = $request->getUploadedFile('userfile'); if ($userfile) { $userfile_name = $userfile->getName(); $userfile_name = trim(basename($userfile_name)); $userfile_tmpname = $userfile->getTmpName(); $err_header = HTML::h2(fmt("ERROR uploading '%s': ", $userfile_name)); if (preg_match("/(\\." . join("|\\.", $this->disallowed_extensions) . ")\$/", $userfile_name)) { $message->pushContent($err_header); $message->pushContent(fmt("Files with extension %s are not allowed.", join(", ", $this->disallowed_extensions)), HTML::br(), HTML::br()); } elseif (preg_match("/[^._a-zA-Z0-9-]/", $userfile_name)) { $message->pushContent($err_header); $message->pushContent(_("File names may only contain alphanumeric characters and dot, underscore or dash."), HTML::br(), HTML::br()); } elseif (file_exists($file_dir . $userfile_name)) { $message->pushContent($err_header); $message->pushContent(fmt("There is already a file with name %s uploaded.", $userfile_name), HTML::br(), HTML::br()); } elseif ($userfile->getSize() > MAX_UPLOAD_SIZE) { $message->pushContent($err_header); $message->pushContent(_("Sorry but this file is too big."), HTML::br(), HTML::br()); } elseif (move_uploaded_file($userfile_tmpname, $file_dir . $userfile_name) or IsWindows() and rename($userfile_tmpname, $file_dir . $userfile_name)) { $interwiki = new PageType_interwikimap(); $link = $interwiki->link("Upload:{$userfile_name}"); $message->pushContent(HTML::h2(_("File successfully uploaded."))); $message->pushContent(HTML::ul(HTML::li($link))); // the upload was a success and we need to mark this event in the "upload log" if ($logfile) { $upload_log = $file_dir . basename($logfile); $this->log($userfile, $upload_log, $message); } if ($autolink) { require_once "lib/loadsave.php"; $pagehandle = $dbi->getPage($page); if ($pagehandle->exists()) { // don't replace default contents $current = $pagehandle->getCurrentRevision(); $version = $current->getVersion(); $text = $current->getPackedContent(); $newtext = $text . "\n* [Upload:{$userfile_name}]"; $meta = $current->_data; $meta['summary'] = sprintf(_("uploaded %s"), $userfile_name); $pagehandle->save($newtext, $version + 1, $meta); } } } else { $message->pushContent($err_header); $message->pushContent(HTML::br(), _("Uploading failed."), HTML::br()); } } else { $message->pushContent(HTML::br(), HTML::br()); } //$result = HTML::div( array( 'class' => 'wikiaction' ) ); $result = HTML(); $result->pushContent($form); $result->pushContent($message); return $result; }