/**
Get Tar/Gzip archive's file list
@param string
@return array
*/
function getTarGzipList($archFile)
{
/* include TAR library */
require_once 'pcltar.func.php';
/* return list */
return PclTarList($archFile);
}
/**
* Charger un tgz à partir d'un tableau d'options descriptives
*
* @uses http_deballe_recherche_racine()
* @link http://www.phpconcept.net/pcltar Utilise la librairie PclTar
*
* @param array $quoi
* Tableau d'options
* @return array|bool|int|string
* En cas de réussite, Tableau décrivant le zip, avec les index suivant :
* - files : la liste des fichiers présents dans le zip,
* - size : la taille décompressée
* - compressed_size : la taille compressée
* - dirname : répertoire où les fichiers devront être décompréssés
* - tmpname : répertoire temporaire où les fichiers sont décompressés
* - target : cible sur laquelle décompresser les fichiers...
*/
function teleporter_http_charger_tgz($quoi = array())
{
if (!$quoi) {
return false;
}
foreach (array('remove' => '', 'rename' => array(), 'edit' => array(), 'root_extract' => false, 'tmp' => sous_repertoire(_DIR_CACHE, 'chargeur')) as $opt => $def) {
isset($quoi[$opt]) || ($quoi[$opt] = $def);
}
if (!@file_exists($fichier = $quoi['fichier'])) {
return 0;
}
include_spip('inc/pcltar');
$racine = '';
if ($list = PclTarList($fichier)) {
$racine = http_deballe_recherche_racine($list);
$quoi['remove'] = $racine;
} else {
spip_log('charger_decompresser erreur lecture liste tar ' . PclErrorString() . ' pour paquet: ' . $quoi['archive'], "teleport" . _LOG_ERREUR);
return PclErrorString();
}
// si pas de racine commune, reprendre le nom du fichier zip
// en lui enlevant la racine h+md5 qui le prefixe eventuellement
// cf action/charger_plugin L74
if (!strlen($nom = basename($racine))) {
$nom = preg_replace(",^h[0-9a-f]{8}-,i", "", basename($fichier, '.zip'));
}
$dir_export = $quoi['root_extract'] ? $quoi['dest'] : $quoi['dest'] . $nom;
$dir_export = rtrim($dir_export, '/') . '/';
$tmpname = $quoi['tmp'] . $nom . '/';
// choisir la cible selon si on veut vraiment extraire ou pas
$target = $quoi['extract'] ? $dir_export : $tmpname;
// ici, il faut vider le rep cible si il existe deja, non ?
if (is_dir($target)) {
supprimer_repertoire($target);
}
$ok = PclTarExtract($fichier, $target, $quoi['remove']);
if ($ok == 0) {
spip_log('charger_decompresser erreur tar ' . PclErrorString() . ' pour paquet: ' . $quoi['archive'], "teleport" . _LOG_ERREUR);
return PclErrorString();
}
spip_log('charger_decompresser OK pour paquet: ' . $quoi['archive'], "teleport");
$size = $compressed_size = 0;
$removex = ',^' . preg_quote($quoi['remove'], ',') . ',';
foreach ($list as $a => $f) {
$size += $f['size'];
$compressed_size += $f['compressed_size'];
$list[$a] = preg_replace($removex, '', $f['filename']);
}
// Indiquer par un fichier install.log
// a la racine que c'est chargeur qui a installe ce plugin
ecrire_fichier($target . 'install.log', "installation: charger_plugin\n" . "date: " . gmdate('Y-m-d\\TH:i:s\\Z', time()) . "\n" . "source: " . $quoi['archive'] . "\n");
return array('files' => $list, 'size' => $size, 'compressed_size' => $compressed_size, 'dirname' => $dir_export, 'tmpname' => $tmpname, 'target' => $target);
}
function ftp_unziptransferfiles($archivesArray)
{
// --------------
// Extract the directories and files from the archive to a temporary directory on the web server, and
// then create the directories and put the files on the FTP server
// --------------
// -------------------------------------------------------------------------
// Global variables
// -------------------------------------------------------------------------
global $net2ftp_globals, $net2ftp_result, $net2ftp_output;
// -------------------------------------------------------------------------
// Open connection
// -------------------------------------------------------------------------
$conn_id = ftp_openconnection();
if ($net2ftp_result["success"] == false) {
for ($archive_nr = 1; $archive_nr <= sizeof($archivesArray); $archive_nr++) {
@unlink($archivesArray[$archive_nr]["tmp_name"]);
}
return false;
}
// -------------------------------------------------------------------------
// For each archive...
// -------------------------------------------------------------------------
for ($archive_nr = 1; $archive_nr <= sizeof($archivesArray); $archive_nr++) {
// Set status
setStatus($archive_nr, sizeof($archivesArray), __("Decompressing archives and transferring files"));
// -------------------------------------------------------------------------
// Determine the type of archive depending on the filename extension
// -------------------------------------------------------------------------
$archive_name = $archivesArray[$archive_nr]["name"];
$archive_file = $archivesArray[$archive_nr]["tmp_name"];
$archivename_without_dottext = substr($archivesArray[$archive_nr]["tmp_name"], 0, strlen($archive) - 4);
$archive_type = get_filename_extension($archivename_without_dottext);
$net2ftp_output["ftp_unziptransferfiles"][] = __("Processing archive nr %1\$s: <b>%2\$s</b>", $archive_nr, $archive_name);
$net2ftp_output["ftp_unziptransferfiles"][] = "<ul>";
if ($archive_type != "zip" && $archive_type != "tar" && $archive_type != "tgz" && $archive_type != "gz") {
$net2ftp_output["ftp_unziptransferfiles"][] = __("Archive <b>%1\$s</b> was not processed because its filename extension was not recognized. Only zip, tar, tgz and gz archives are supported at the moment.", $archive_name);
continue;
}
// -------------------------------------------------------------------------
// Extract directories and files
// -------------------------------------------------------------------------
// ------------------------------
// Check list of files to see if there are any malicious filenames
// ------------------------------
if ($archive_type == "zip") {
$zip = new PclZip($archive_file);
$list_to_check = $zip->listContent();
} elseif ($archive_type == "tar" || $archive_type == "tgz" || $archive_type == "gz") {
$list_to_check = PclTarList($archive_file);
}
if ($list_to_check <= 0) {
$net2ftp_output["ftp_unziptransferfiles"][] = __("Unable to extract the files and directories from the archive");
continue;
}
for ($i = 0; $i < sizeof($list_to_check); $i++) {
$source = trim($list_to_check[$i]["filename"]);
if (strpos($source, "../") !== false || strpos($source, "..\\") !== false) {
$errormessage = __("Archive contains filenames with ../ or ..\\ - aborting the extraction");
setErrorVars(false, $errormessage, debug_backtrace(), __FILE__, __LINE__);
return false;
}
}
// ------------------------------
// Generate random directory
// ------------------------------
$tempdir = tempdir2($net2ftp_globals["application_tempdir"], "unzip__", "");
if ($net2ftp_result["success"] == false) {
return false;
}
registerTempfile("register", "{$tempdir}");
// ------------------------------
// Extract
// ------------------------------
if ($archive_type == "zip") {
$zip = new PclZip($archive_file);
$list = $zip->extract($p_path = $tempdir);
} elseif ($archive_type == "tar" || $archive_type == "tgz" || $archive_type == "gz") {
$list = PclTarExtract($archive_file, $tempdir);
}
// This code is not needed any more - see above: if ($list_to_check <= 0)
if ($list <= 0) {
// $net2ftp_output["ftp_unziptransferfiles"][] = __("Unable to extract the files and directories from the archive");
continue;
}
// ------------------------------
// Create the directories and put the files on the FTP server
// ------------------------------
for ($i = 0; $i < sizeof($list); $i++) {
$source = trim($list[$i]["filename"]);
$unzip_status = trim($list[$i]["status"]);
$target_relative = substr($source, strlen($tempdir));
$target = $net2ftp_globals["directory"] . $target_relative;
$ftpmode = ftpAsciiBinary($source);
if ($unzip_status != "ok") {
$net2ftp_output["ftp_unziptransferfiles"][] = __("Could not unzip entry %1\$s (error code %2\$s)", $target_relative, $unzip_status);
setErrorVars(true, "", "", "", "");
continue;
}
// Directory entry in the archive: create the directory
if (is_dir($source) == true) {
ftp_newdirectory($conn_id, $target);
if ($net2ftp_result["success"] == true) {
$net2ftp_output["ftp_unziptransferfiles"][] = __("Created directory %1\$s", $target);
} else {
$net2ftp_output["ftp_unziptransferfiles"][] = __("Could not create directory %1\$s", $target);
setErrorVars(true, "", "", "", "");
}
} elseif (is_file($source) == true) {
ftp_putfile($conn_id, dirname($source), basename($source), dirname($target), basename($target), $ftpmode, "move");
if ($net2ftp_result["success"] == true) {
$net2ftp_output["ftp_unziptransferfiles"][] = __("Copied file %1\$s", $target);
} else {
setErrorVars(true, "", "", "", "");
$target_relative_parts = explode("/", str_replace("\\", "/", dirname($target_relative)));
$directory_to_create = $net2ftp_globals["directory"];
for ($j = 0; $j < sizeof($target_relative_parts); $j = $j + 1) {
$directory_to_create = $directory_to_create . "/" . $target_relative_parts[$j];
$ftp_chdir_result = @ftp_chdir($conn_id, $directory_to_create);
if ($ftp_chdir_result == false) {
ftp_newdirectory($conn_id, $directory_to_create);
if ($net2ftp_result["success"] == true) {
$net2ftp_output["ftp_unziptransferfiles"][] = __("Created directory %1\$s", $directory_to_create);
} else {
setErrorVars(true, "", "", "", "");
}
}
// end if
}
// end for
ftp_putfile($conn_id, dirname($source), basename($source), dirname($target), basename($target), $ftpmode, "copy");
if ($net2ftp_result["success"] == true) {
$net2ftp_output["ftp_unziptransferfiles"][] = __("Copied file %1\$s", $target);
} else {
setErrorVars(true, "", "", "", "");
$net2ftp_output["ftp_unziptransferfiles"][] = __("Could not copy file %1\$s", $target);
}
}
}
// end elseif file
}
// end for
// -------------------------------------------------------------------------
// Delete the uploaded archive and the temporary files
// -------------------------------------------------------------------------
// Delete the temporary directory and its contents
$delete_dirorfile_result = delete_dirorfile($tempdir);
if ($delete_dirorfile_result == false) {
$net2ftp_output["ftp_unziptransferfiles"][] = __("Unable to delete the temporary directory");
} else {
registerTempfile("unregister", "{$tempdir}");
}
// Delete the archive
$unlink_result = @unlink($archive_file);
if ($unlink_result == false) {
$net2ftp_output["ftp_unziptransferfiles"][] = __("Unable to delete the temporary file %1\$s", $archive_file);
} else {
registerTempfile("unregister", "{$archive_file}");
}
$net2ftp_output["ftp_unziptransferfiles"][] = "</ul>";
}
// End for
// -------------------------------------------------------------------------
// Close connection
// -------------------------------------------------------------------------
ftp_closeconnection($conn_id);
}
private function upload_theme()
{
$folder_phpboost_themes = PATH_TO_ROOT . '/templates/';
if (!is_writable($folder_phpboost_themes)) {
$is_writable = @chmod($folder_phpboost_themes, 0777);
} else {
$is_writable = true;
}
if ($is_writable) {
$uploaded_file = $this->form->get_value('file');
if ($uploaded_file !== null) {
$upload = new Upload($folder_phpboost_themes);
if ($upload->file('upload_theme_file', '`([A-Za-z0-9-_]+)\\.(gz|zip)+$`i')) {
$archive = $folder_phpboost_themes . $upload->get_filename();
if ($upload->get_extension() == 'gz') {
include_once PATH_TO_ROOT . '/kernel/lib/php/pcl/pcltar.lib.php';
$archive_content = PclTarList($upload->get_filename());
} else {
include_once PATH_TO_ROOT . '/kernel/lib/php/pcl/pclzip.lib.php';
$zip = new PclZip($archive);
$archive_content = $zip->listContent();
}
$archive_root_content = array();
$required_files = array('/config.ini', '/body.tpl', '/frame.tpl', '/theme/content.css', '/theme/design.css', '/theme/global.css');
foreach ($archive_content as $element) {
if (substr($element['filename'], -1) == '/') {
$element['filename'] = substr($element['filename'], 0, -1);
}
if (substr_count($element['filename'], '/') == 0) {
$archive_root_content[] = array('filename' => $element['filename'], 'folder' => isset($element['folder']) && $element['folder'] == 1 || isset($element['typeflag']) && $element['typeflag'] == 5);
}
if (isset($archive_root_content[0])) {
$name_in_archive = str_replace($archive_root_content[0]['filename'] . '/', '/', $element['filename']);
if (in_array($name_in_archive, $required_files)) {
unset($required_files[array_search($name_in_archive, $required_files)]);
}
}
}
if (count($archive_root_content) == 1 && $archive_root_content[0]['folder'] && empty($required_files)) {
$theme_id = $archive_root_content[0]['filename'];
if (!ThemesManager::get_theme_existed($theme_id)) {
if ($upload->get_extension() == 'gz') {
PclTarExtract($upload->get_filename(), $folder_phpboost_themes);
} else {
$zip->extract(PCLZIP_OPT_PATH, $folder_phpboost_themes, PCLZIP_OPT_SET_CHMOD, 0755);
}
$this->install_theme($theme_id, array('r-1' => 1, 'r0' => 1, 'r1' => 1));
} else {
$this->view->put('MSG', MessageHelper::display(LangLoader::get_message('element.already_exists', 'status-messages-common'), MessageHelper::NOTICE));
}
} else {
$this->view->put('MSG', MessageHelper::display(LangLoader::get_message('error.invalid_archive_content', 'status-messages-common'), MessageHelper::NOTICE));
}
$uploaded_file = new File($archive);
$uploaded_file->delete();
} else {
$this->view->put('MSG', MessageHelper::display($this->lang['themes.upload_invalid_format'], MessageHelper::NOTICE));
}
} else {
$this->view->put('MSG', MessageHelper::display(LangLoader::get_message('process.error', 'status-messages-common'), MessageHelper::NOTICE));
}
}
}
private function upload_module()
{
$modules_folder = PATH_TO_ROOT . '/';
if (!is_writable($modules_folder)) {
$is_writable = @chmod($dir, 0755);
} else {
$is_writable = true;
}
if ($is_writable) {
$uploaded_file = $this->form->get_value('file');
if ($uploaded_file !== null) {
$upload = new Upload($modules_folder);
if ($upload->file('upload_module_file', '`([a-z0-9()_-])+\\.(gz|zip)+$`i')) {
$archive = $modules_folder . $upload->get_filename();
if ($upload->get_extension() == 'gz') {
include_once PATH_TO_ROOT . '/kernel/lib/php/pcl/pcltar.lib.php';
$archive_content = PclTarList($upload->get_filename());
} else {
include_once PATH_TO_ROOT . '/kernel/lib/php/pcl/pclzip.lib.php';
$zip = new PclZip($archive);
$archive_content = $zip->listContent();
}
$archive_root_content = array();
$required_files = array('/config.ini', '/index.php');
foreach ($archive_content as $element) {
if (substr($element['filename'], -1) == '/') {
$element['filename'] = substr($element['filename'], 0, -1);
}
if (substr_count($element['filename'], '/') == 0) {
$archive_root_content[] = array('filename' => $element['filename'], 'folder' => isset($element['folder']) && $element['folder'] == 1 || isset($element['typeflag']) && $element['typeflag'] == 5);
}
if (isset($archive_root_content[0])) {
$name_in_archive = str_replace($archive_root_content[0]['filename'] . '/', '/', $element['filename']);
if (in_array($name_in_archive, $required_files)) {
unset($required_files[array_search($name_in_archive, $required_files)]);
}
}
}
if (count($archive_root_content) == 1 && $archive_root_content[0]['folder'] && empty($required_files)) {
$module_id = $archive_root_content[0]['filename'];
if (!ModulesManager::is_module_installed($module_id)) {
if ($upload->get_extension() == 'gz') {
PclTarExtract($upload->get_filename(), $modules_folder);
} else {
$zip->extract(PCLZIP_OPT_PATH, $modules_folder, PCLZIP_OPT_SET_CHMOD, 0755);
}
$this->install_module($module_id, true);
} else {
$this->view->put('MSG', MessageHelper::display(LangLoader::get_message('element.already_exists', 'status-messages-common'), MessageHelper::NOTICE));
}
} else {
$this->view->put('MSG', MessageHelper::display(LangLoader::get_message('error.invalid_archive_content', 'status-messages-common'), MessageHelper::NOTICE));
}
$uploaded_file = new File($archive);
$uploaded_file->delete();
} else {
$this->view->put('MSG', MessageHelper::display($this->lang['modules.upload_invalid_format'], MessageHelper::NOTICE));
}
} else {
$this->view->put('MSG', MessageHelper::display($this->lang['modules.upload_error'], MessageHelper::NOTICE));
}
}
}
rcRmdir($plugins_dir.$delete_name);
}
}
}
*/
elseif ($enable_plugin_upload && isset($_REQUEST['submit'])){ # Upload a plugin .rsp file.
if (($_FILES['pfile']['error'] == 0) && (pathinfo($_FILES['pfile']['name'], PATHINFO_EXTENSION)=='rsp')){
require "../../lib/pcltar/pcltar.lib.php";
# Create tmp folder if not existing
# Since get_temp_dir() method does this, omit: if (!file_exists(dirname(__FILE__).'/../../filestore/tmp')) {mkdir(dirname(__FILE__).'/../../filestore/tmp',0777);}
$tmp_file = get_temp_dir() . '/'.basename($_FILES['pfile']['name'].'.tgz');
if(move_uploaded_file($_FILES['pfile']['tmp_name'], $tmp_file)==true){
$rejected = false;
$filelist = PclTarList($tmp_file);
if(is_array($filelist)){
foreach($filelist as $key=>$value)
{ # Loop through the file list to create an array we can use php's functions with.
$filearray[] = $value['filename'];
}
# Some security checks.
foreach ($filearray as $filename){
if ($filename[0]=='/' || $filename[0] =='\\'){ # Paths are absolute. Reject the plugin.
$rejected = true;
$rej_reason = $lang['plugins-rejrootpath'];
break;
}
}
if (array_search('..', $filearray)!==false) {# Archive may contain ../ directories (Security risk)
$rejected = true;
