Пример #1
0
/**
 * OcCLE entry script.
 */
function occle_script()
{
    $cli = php_sapi_name() == 'cli' && empty($_SERVER['REMOTE_ADDR']);
    // Closed site
    if (!$cli) {
        $site_closed = get_option('site_closed');
        if ($site_closed == '1' && !has_specific_permission(get_member(), 'access_closed_site') && !$GLOBALS['IS_ACTUALLY_ADMIN']) {
            header('Content-Type: text/plain');
            @exit(get_option('closed'));
        }
        if (get_file_base() != get_custom_file_base()) {
            warn_exit(do_lang_tempcode('SHARED_INSTALL_PROHIBIT'));
        }
        if (!has_actual_page_access(get_member(), 'admin_occle')) {
            fatal_exit(do_lang_tempcode('ACCESS_DENIED__PAGE_ACCESS', escape_html($GLOBALS['FORUM_DRIVER']->get_username(get_member()))));
        }
    }
    // Check the action
    convert_data_encodings(true);
    $action = get_param('action', 'occle');
    if ($action == 'message') {
        // We're receiving an OcCLEchat message
        $url = get_param('base_url') . '/data/occle.php?action=confirm&message=' . urlencode(get_param('message'));
        $return = http_download_file($url, NULL, false);
        if ($return == '1') {
            if (ocp_srv('HTTP_USER_AGENT') == 'ocPortal') {
                $GLOBALS['SITE_DB']->query_insert('occlechat', array('c_message' => get_param('message'), 'c_url' => get_param('base_url'), 'c_incoming' => 1, 'c_timestamp' => time()));
                echo '1';
            } else {
                echo '0';
            }
        } else {
            echo '0';
        }
    } elseif ($action == 'confirm') {
        // We're confirming a received message
        if (ocp_srv('HTTP_USER_AGENT') == 'ocPortal') {
            $results = $GLOBALS['SITE_DB']->query_value_null_ok('occlechat', 'COUNT(*)', array('c_message' => get_param('message'), 'c_incoming' => false));
            if (!is_null($results)) {
                echo '1';
            } else {
                echo '0';
            }
        } else {
            echo '0';
        }
    } else {
        // Executing a command from the command-line
        $command = post_param('command', $cli ? NULL : false);
        if (is_null($command)) {
            require_code('comcode_from_html');
            require_code('mail');
            $stdin = @fopen('php://stdin', 'rt');
            $stderr = @fopen('php://stderr', 'wt');
            $stdout = @fopen('php://stdout', 'wt');
            while (true) {
                fwrite($stdout, "\n> ");
                $command = fgets($stdin, 102400);
                if (trim($command) == 'exit') {
                    break;
                }
                $temp = new virtual_bash(trim($command));
                if (trim($temp->output[STREAM_STDHTML]) != '') {
                    fwrite($stdout, trim(comcode_to_clean_text(semihtml_to_comcode(preg_replace('#<(\\w+) [^<>]*>#', '<${1}>', $temp->output[STREAM_STDHTML])))));
                }
                if (trim($temp->output[STREAM_STDOUT]) != '') {
                    fwrite($stdout, trim($temp->output[STREAM_STDOUT]));
                }
                if (trim($temp->output[STREAM_STDERR]) != '') {
                    fwrite($stderr, trim($temp->output[STREAM_STDERR]));
                }
            }
            fclose($stdin);
            fclose($stderr);
            fclose($stdout);
        } else {
            $temp = new virtual_bash(trim($command));
            $temp->output_xml();
        }
        if (get_option('occle_chat_announce') == '1') {
            http_download_file('http://ocportal.com/data_custom/occle.php?title=' . urlencode(get_site_name()) . '&url=' . urlencode(get_custom_base_url()), NULL, false, true);
        }
    }
}
Пример #2
0
/**
 * Standard code module initialisation function.
 */
function init__global2()
{
    global $BOOTSTRAPPING, $CHECKING_SAFEMODE, $BAD_WORD_CHARS, $FIXED_WORD_CHARS, $FIXED_WORD_CHARS_HTML, $BROWSER_DECACHEING, $CHARSET, $TEMP_CHARSET, $RELATIVE_PATH, $CURRENTLY_HTTPS, $RUNNING_SCRIPT_CACHE, $SERVER_TIMEZONE, $HAS_SET_ERROR_HANDLER, $DYING_BADLY, $XSS_DETECT, $SITE_INFO, $JAVASCRIPTS, $JAVASCRIPT, $CSSS, $IN_MINIKERNEL_VERSION, $EXITING, $FILE_BASE, $MOBILE, $CACHE_TEMPLATES, $BASE_URL_HTTP, $BASE_URL_HTTPS, $WORDS_TO_FILTER, $FIELD_RESTRICTIONS, $VALID_ENCODING, $CONVERTED_ENCODING, $MICRO_BOOTUP, $MICRO_AJAX_BOOTUP, $QUERY_LOG, $_CREATED_FILES, $CURRENT_SHARE_USER, $CACHE_FIND_SCRIPT;
    if (str_replace(array('on', 'true', 'yes'), array('1', '1', '1'), strtolower(ini_get('output_buffering'))) == '1') {
        @ob_end_clean();
    }
    if (array_key_exists('HTTP_X_REWRITE_URL', $_SERVER)) {
        foreach ($_GET as $key => $val) {
            if ($key[0] == '?') {
                unset($_GET[$key]);
                $_GET[substr($key, 1)] = $val;
            }
        }
        $_SERVER['REQUEST_URI'] = $_SERVER['HTTP_X_REWRITE_URL'];
    } elseif (!array_key_exists('REQUEST_URI', $_SERVER) && !array_key_exists('REQUEST_URI', $_ENV)) {
        $_SERVER['REQUEST_URI'] = $_SERVER['PHP_SELF'];
        $first = true;
        foreach ($_GET as $key => $val) {
            $_SERVER['REQUEST_URI'] .= $first ? '?' : '&';
            $_SERVER['REQUEST_URI'] .= urlencode($key) . '=' . urlencode($val);
            $first = false;
        }
    }
    if (array_key_exists('SCRIPT_FILENAME', $_SERVER) && !array_key_exists('PHP_SELF', $_SERVER)) {
        $_SERVER['PHP_SELF'] = $_SERVER['SCRIPT_FILENAME'];
    } elseif (array_key_exists('SCRIPT_NAME', $_SERVER) && defined('HIPHOP_PHP')) {
        $_SERVER['PHP_SELF'] = $_SERVER['SCRIPT_NAME'];
    }
    @header('Expires: Mon, 20 Dec 1998 01:00:00 GMT');
    @header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
    @header('Cache-Control: no-cache, max-age=0');
    @header('Pragma: no-cache');
    // for proxies, and also IE
    if (is_file('closed.html') && get_param_integer('keep_force_open', 0) == 0) {
        if (strpos($_SERVER['PHP_SELF'], 'upgrader.php') === false && strpos($_SERVER['PHP_SELF'], 'execute_temp.php') === false && (!isset($SITE_INFO['no_extra_closed_file']) || $SITE_INFO['no_extra_closed_file'] == '0')) {
            if (@strpos($_SERVER['SERVER_SOFTWARE'], 'IIS') === false) {
                header('HTTP/1.0 503 Service Temporarily Unavailable');
            }
            header('Location: ' . (is_file($RELATIVE_PATH . 'closed.html') ? 'closed.html' : '../closed.html'));
            exit;
        }
    }
    // Cover up holes in old PHP versions functionality
    if (!function_exists('str_word_count')) {
        /**
         * Isolate the words in the input string.
         *
         * @param  string			String to count words in
         * @param  integer		The format
         * @set    0 1 2
         * @return mixed			Typically a list - the words of the input string
         */
        function str_word_count($input, $format = 0)
        {
            //count words
            $pattern = "/[^(\\w|\\d|\\'|\"|\\.|\\!|\\?|;|,|\\|\\/|\\-\\-|:|\\&|@)]+/";
            $all_words = trim(preg_replace($pattern, ' ', $input));
            $a = array();
            $pos = 0;
            while (true) {
                $old_pos = $pos;
                $pos = strpos($all_words, ' ', $pos);
                if ($pos === false) {
                    $a[$old_pos] = substr($all_words, $old_pos);
                    break;
                }
                $a[$old_pos] = substr($all_words, $old_pos, $pos - $old_pos);
            }
            if ($format == 0) {
                return count($a);
            }
            return $a;
        }
    }
    if (!function_exists('html_entity_decode')) {
        /**
         * Decode the HTML entitity encoded input string.
         *
         * @param  string			The text to decode
         * @param  integer		The quote style code
         * @param  ?string		Character set to decode to (NULL: default)
         * @return string			The decoded text
         */
        function html_entity_decode($input, $quote_style, $charset = NULL)
        {
            unset($quote_style);
            unset($charset);
            /*			// NB: &nbsp does not go to <space>. It's not something you use with html escaping, it's for hard-space-formatting. URL's don't contain spaces, but that's due to URL escaping (%20)
            			$replace_array=array(
            				'&amp;'=>'&',
            				'&gt;'=>'>',
            				'&lt;'=>'<',
            				'&#039;'=>'\'',
            				'&quot;'=>'"',
            			);
            
            			foreach ($replace_array as $from=>$to)
            			{
            				$input=str_replace($from,$to,$input);
            			}
            
            			return $input;*/
            $trans_tbl = get_html_translation_table(HTML_ENTITIES);
            $trans_tbl = array_flip($trans_tbl);
            return strtr($input, $trans_tbl);
        }
    }
    if (version_compare(phpversion(), '4.3.0') >= 0) {
        if (!function_exists('unichrm_hex')) {
            /**
             * Convert a unicode character number to a unicode string. Callback for preg_replace.
             *
             * @param  array					Regular expression match array.
             * @return ~string				Converted data (false: could not convert).
             */
            function unichrm_hex($matches)
            {
                return unichr(hexdec($matches[1]));
            }
        }
        if (!function_exists('unichrm')) {
            /**
             * Convert a unicode character number to a unicode string. Callback for preg_replace.
             *
             * @param  array					Regular expression match array.
             * @return ~string				Converted data (false: could not convert).
             */
            function unichrm($matches)
            {
                return unichr(intval($matches[1]));
            }
        }
        if (!function_exists('unichr')) {
            /**
             * Convert a unicode character number to a HTML-entity enabled string, using lower ASCII characters where possible.
             *
             * @param  integer				Character number.
             * @return ~string				Converted data (false: could not convert).
             */
            function unichr($c)
            {
                if ($c <= 0x7f) {
                    return chr($c);
                } else {
                    return '#&' . strval($c) . ';';
                }
            }
        }
    }
    $BOOTSTRAPPING = 1;
    $CHECKING_SAFEMODE = false;
    $BAD_WORD_CHARS = array(chr(128), chr(130), chr(131), chr(132), chr(133), chr(134), chr(135), chr(136), chr(137), chr(138), chr(139), chr(140), chr(142), chr(145), chr(146), chr(147), chr(148), chr(149), chr(150), chr(151), chr(152), chr(153), chr(154), chr(155), chr(156), chr(158), chr(159));
    $FIXED_WORD_CHARS = array('(EUR-)', ',', '{f.}', '"', '...', '-|-', '=|=', '^', '{%o}', '{~S}', '<', 'CE', '{~Z}', "'", "'", '"', '"', '-', '-', '--', '~', '(TM)', '{~s}', '>', 'ce', '{~z}', '{.Y.}');
    // some of these are Comcode shortcuts. We can't use entities as we can't assume we're converting into Comcode.
    $FIXED_WORD_CHARS_HTML = array('&#8364;', '&#8218;', '&#402;', '&#8222;', '&hellip;', '&#8224;', '&#8225;', '&#710;', '&#8240;', '&#352;', '&#8249;', '&#338;', '&#381;', "&lsquo;", "&rsquo;", '&ldquo;', '&rdquo;', '&bull;', '&ndash;', '&mdash;', '&#732;', '&trade;', '&#353;', '&#8250;', '&#339;', '&#382;', '&#376;');
    $RUNNING_SCRIPT_CACHE = array();
    $BROWSER_DECACHEING = NULL;
    $CHARSET = NULL;
    $TEMP_CHARSET = NULL;
    $CURRENTLY_HTTPS = NULL;
    $CACHE_FIND_SCRIPT = array();
    error_reporting(E_ALL);
    @ini_set('html_errors', '1');
    @ini_set('docref_root', 'http://www.php.net/manual/en/');
    @ini_set('docref_ext', '.php');
    $SERVER_TIMEZONE = function_exists('date_default_timezone_get') ? @date_default_timezone_get() : ini_get('date.timezone');
    @ini_set('date.timezone', 'UTC');
    if (function_exists('date_default_timezone_set')) {
        date_default_timezone_set('UTC');
    }
    // Needed for HPHP
    $HAS_SET_ERROR_HANDLER = false;
    $DYING_BADLY = false;
    // If ocPortal is bailing out uncontrollably, setting this will make sure the error hander does not try and suppress
    $XSS_DETECT = function_exists('ocp_mark_as_escaped');
    $GLOBALS['DEBUG_MODE'] = (!array_key_exists('debug_mode', $SITE_INFO) || $SITE_INFO['debug_mode'] == '1') && (is_dir(get_file_base() . '/.svn') || is_dir(get_file_base() . '/.git') || function_exists('ocp_mark_as_escaped')) && (!array_key_exists('keep_no_debug_mode', $_GET) || $_GET['keep_no_debug_mode'] == '0');
    $GLOBALS['SEMI_DEBUG_MODE'] = (!array_key_exists('debug_mode', $SITE_INFO) || $SITE_INFO['debug_mode'] == '1') && (is_dir(get_file_base() . '/.svn') || is_dir(get_file_base() . '/.git') || function_exists('ocp_mark_as_escaped'));
    if (function_exists('set_time_limit')) {
        @set_time_limit(60);
    }
    if ($GLOBALS['DEBUG_MODE']) {
        if (function_exists('set_time_limit')) {
            @set_time_limit(10);
        }
        @ini_set('ocproducts.type_strictness', '1');
        @ini_set('ocproducts.xss_detect', '1');
    }
    if ($GLOBALS['DEBUG_MODE']) {
        require_code('developer_tools');
    }
    $JAVASCRIPTS = array('javascript' => 1, 'javascript_thumbnails' => 1);
    if ($GLOBALS['CURRENT_SHARE_USER'] !== NULL || get_domain() == 'myocp.com') {
        $JAVASCRIPTS['javascript_ajax'] = 1;
    }
    $CSSS = array('no_cache' => 1, 'global' => 1);
    // Try and make the PHP environment as we need it
    if (function_exists('set_magic_quotes_runtime')) {
        @set_magic_quotes_runtime(0);
    }
    // @'d because it's deprecated and PHP 5.3 may give an error
    @ini_set('auto_detect_line_endings', '0');
    @ini_set('include_path', '');
    @ini_set('default_socket_timeout', '60');
    @ini_set('allow_url_fopen', '0');
    @ini_set('suhosin.executor.disable_emodifier', '1');
    // Extra security if suhosin is available
    @ini_set('suhosin.executor.multiheader', '1');
    // Extra security if suhosin is available
    @ini_set('suhosin.executor.disable_eval', '0');
    @ini_set('suhosin.executor.eval.whitelist', '');
    @ini_set('suhosin.executor.func.whitelist', '');
    // Load most basic config
    $IN_MINIKERNEL_VERSION = 0;
    $EXITING = 0;
    if (array_key_exists('use_ocf', $_GET) && running_script('upgrader')) {
        $SITE_INFO['forum_type'] = 'ocf';
        $SITE_INFO['ocf_table_prefix'] = $SITE_INFO['table_prefix'];
    }
    $CACHE_TEMPLATES = true;
    // The URL to our install (no trailing /)
    $BASE_URL_HTTP = NULL;
    $BASE_URL_HTTPS = NULL;
    $WORDS_TO_FILTER = NULL;
    $FIELD_RESTRICTIONS = NULL;
    $VALID_ENCODING = false;
    $CONVERTED_ENCODING = false;
    if (!isset($MICRO_BOOTUP)) {
        $MICRO_BOOTUP = 0;
    }
    if (!isset($MICRO_AJAX_BOOTUP)) {
        $MICRO_AJAX_BOOTUP = 0;
    }
    require_code_no_override('version');
    if ($MICRO_BOOTUP == 0 && $MICRO_AJAX_BOOTUP == 0) {
        //@header('X-Powered-By: ocPortal '.ocp_version_full().' (PHP '.phpversion().')');
        @header('X-Powered-By: ocPortal');
        // Better to keep it vague, for security reasons
        $QUERY_LOG = false;
        if (isset($_REQUEST['special_page_type']) && $_REQUEST['special_page_type'] == 'query') {
            $QUERY_LOG = true;
        }
    }
    // Most critical things
    require_code('support');
    // A lot of support code is present in this
    srand(make_seed());
    mt_srand(make_seed());
    if ($MICRO_BOOTUP == 0 && $MICRO_AJAX_BOOTUP == 0) {
        if (running_script('index') && count($_POST) == 0) {
            $bot_type = get_bot_type();
            if ($bot_type !== NULL && isset($SITE_INFO['fast_spider_cache']) && $SITE_INFO['fast_spider_cache'] != '0') {
                fast_spider_cache(true);
            }
        }
    }
    require_code('caches');
    // Recently taken out of 'support' so makes sense to load it here
    require_code('database');
    // There's nothing without the database
    if ((!isset($SITE_INFO['known_suexec']) || $SITE_INFO['known_suexec'] == '0') && !is_writable_wrap(get_file_base() . '/.htaccess')) {
        require_code('support2');
        if (ip_banned(get_ip_address())) {
            critical_error('BANNED');
        }
    }
    if (running_script('messages') && get_param('action', 'new') == 'new' && get_param_integer('routine_refresh', 0) == 0) {
        require_code('chat_poller');
        chat_poller();
    }
    if ($MICRO_BOOTUP == 0) {
        load_user_stuff();
    }
    // For any kind of niceness we need these. The order is chosen for complex dependency reasons - don't mess with it
    if ($MICRO_AJAX_BOOTUP == 0) {
        require_code('themes');
        // Output needs to know about themes
        require_code('templates');
        // So that we can do error templates
        require_code('tempcode');
        // Output is done with tempcode
        if ($MICRO_BOOTUP == 0) {
            require_code('comcode');
            // Much output goes through comcode
        }
    }
    require_code('zones');
    // Zone is needed because zones are where all ocPortal pages reside
    require_code('config');
    // Config is needed for much active stuff
    if (get_option('collapse_user_zones', true) === '1' && $RELATIVE_PATH == 'site') {
        get_base_url();
        /*force calculation first*/
        $RELATIVE_PATH = '';
    }
    require_code('users');
    // Users are important due to permissions
    if ($MICRO_BOOTUP == 0 && $MICRO_AJAX_BOOTUP == 0) {
        if (running_script('index') && count($_POST) == 0) {
            if (isset($SITE_INFO['any_guest_cached_too']) && $SITE_INFO['any_guest_cached_too'] == '1' && is_guest(NULL, true)) {
                fast_spider_cache(false);
            }
        }
    }
    $CACHE_TEMPLATES = (get_option('is_on_template_cache') == '1' || get_param_integer('keep_cache', 0) == 1 || get_param_integer('cache', 0) == 1) && get_param_integer('keep_cache', NULL) !== 0 && get_param_integer('cache', NULL) !== 0;
    if ($MICRO_AJAX_BOOTUP == 0) {
        require_code('temporal');
        // Date/time functions
        require_code('files');
        // Contains fix_permissions, needed for 'lang'
        require_code('lang');
        // So that we can do language stuff (e.g. errors)
        convert_data_encodings();
        if ($MICRO_BOOTUP == 0) {
            require_code('permissions');
            // So we can check access
        }
    }
    // At this point we can display errors nicely
    $GLOBALS['SUPPRESS_ERROR_DEATH'] = false;
    set_error_handler('ocportal_error_handler');
    if (function_exists('error_get_last')) {
        register_shutdown_function('catch_fatal_errors');
    }
    $HAS_SET_ERROR_HANDLER = true;
    if ($MICRO_BOOTUP == 0) {
        if (method_exists($GLOBALS['FORUM_DRIVER'], 'forum_layer_initialise')) {
            $GLOBALS['FORUM_DRIVER']->forum_layer_initialise();
        }
    }
    if ($MICRO_AJAX_BOOTUP == 0) {
        $JAVASCRIPT = new ocp_tempcode();
    }
    if ($MICRO_BOOTUP == 0) {
        if ($IN_MINIKERNEL_VERSION != 1 && $MICRO_AJAX_BOOTUP == 0) {
            has_cookies();
            // Will determine at early point whether we have cookie support
            get_num_users_site();
            // Will kill site if there are too many users
        }
    }
    require_code('urls');
    // URL building is crucial
    @header('Content-type: text/html; charset=' . get_charset());
    if ($MICRO_AJAX_BOOTUP == 0 && $MICRO_BOOTUP == 0) {
        // Before anything gets outputted
        handle_logins();
        require_code('site');
        // This powers the site (top level page generation)
        // Are we installed?
        get_option('site_name');
    }
    // Our logging (change false to true for temporarily changing it so staff get logging)
    if (get_option('log_php_errors') == '1') {
        @ini_set('log_errors', '1');
        if (addon_installed('errorlog')) {
            @ini_set('error_log', get_custom_file_base() . '/data_custom/errorlog.php');
        }
    }
    if ($MICRO_BOOTUP == 0 && $MICRO_AJAX_BOOTUP == 0 && (get_option('display_php_errors') == '1' || running_script('upgrader') || has_specific_permission(get_member(), 'see_php_errors'))) {
        @ini_set('display_errors', '1');
    } elseif (!$GLOBALS['DEBUG_MODE']) {
        @ini_set('display_errors', '0');
    }
    // G-zip?
    @ini_set('zlib.output_compression', get_option('gzip_output') == '1' ? 'On' : 'Off');
    if (function_exists('setlocale') && $MICRO_AJAX_BOOTUP == 0) {
        $locales = explode(',', do_lang('locale'));
        setlocale(LC_ALL, $locales[0]);
        @setlocale(LC_ALL, $locales);
        unset($locales);
    }
    if ($MICRO_AJAX_BOOTUP == 0 && $MICRO_BOOTUP == 0 && (!isset($SITE_INFO['no_installer_checks']) || $SITE_INFO['no_installer_checks'] == '0')) {
        if (is_file(get_file_base() . '/install.php') && !is_file(get_file_base() . '/install_ok') && running_script('index')) {
            warn_exit(do_lang_tempcode('MUST_DELETE_INSTALLER'));
        }
    }
    if ($MICRO_AJAX_BOOTUP == 0 && $MICRO_BOOTUP == 0) {
        $changed_base_url = !array_key_exists('base_url', $SITE_INFO) && get_long_value('last_base_url') !== get_base_url(false);
        if (running_script('index') && (is_browser_decacheing() || $changed_base_url)) {
            require_code('view_modes');
            erase_tempcode_cache();
            erase_cached_templates(!$changed_base_url);
            erase_comcode_cache();
            erase_cached_language();
            persistant_cache_empty();
            if ($changed_base_url) {
                require_lang('zones');
                require_code('zones3');
                erase_comcode_page_cache();
                set_long_value('last_base_url', get_base_url(false));
            }
        }
        if (has_zone_access(get_member(), 'adminzone')) {
            $JAVASCRIPTS['javascript_staff'] = 1;
            $JAVASCRIPTS['javascript_ajax'] = 1;
            if (addon_installed('occle')) {
                $JAVASCRIPTS['javascript_button_occle'] = 1;
            }
        }
        if (addon_installed('realtime_rain') && get_option('bottom_show_realtime_rain_button', true) === '1') {
            $JAVASCRIPTS['javascript_button_realtime_rain'] = 1;
        }
    }
    /*ocp_memory_profile('startup');
    	$func=get_defined_functions();
    	print_r($func['user']);*/
    if (tacit_https() || is_page_https(get_zone_name(), get_page_name())) {
        @header('Cache-Control: private');
        @header('Pragma: private');
    }
    $BOOTSTRAPPING = 0;
    if ($GLOBALS['SEMI_DEBUG_MODE'] && $MICRO_AJAX_BOOTUP == 0) {
        if ($GLOBALS['SEMI_DEBUG_MODE']) {
            /*if ((mt_rand(0,2)==1) && ($GLOBALS['DEBUG_MODE']) && (running_script('index')))	We know this works now, so let's stop messing up our development speed
            		{
            			require_code('view_modes');
            			erase_cached_templates(true); // Stop anything trying to read a template cache item (E.g. CSS, JS) that might not exist!
            		}*/
            if (strpos(ocp_srv('HTTP_REFERER'), ocp_srv('HTTP_HOST')) !== false && strpos(ocp_srv('HTTP_REFERER'), 'keep_devtest') !== false && !running_script('attachment') && !running_script('upgrader') && strpos(ocp_srv('HTTP_REFERER'), 'login') === false && is_null(get_param('keep_devtest', NULL))) {
                $_GET['keep_devtest'] = '1';
                fatal_exit('URL not constructed properly: development mode in use but keep_devtest was not specified. This indicates that links have been made without build_url (in PHP) or keep_stub (in Javascript). Whilst not fatal this time, failure to use these functions can cause problems when your site goes live. See the ocPortal codebook for more details.');
            } else {
                $_GET['keep_devtest'] = '1';
            }
        }
        if (browser_matches('true_xhtml') && get_value('html5') !== '1' && get_value('html5') !== '_true' && get_param_integer('keep_no_xhtml', 0) == 0 && !running_script('upgrader')) {
            @header('Content-type: application/xhtml+xml; charset=' . get_charset());
        }
        if (isset($_CREATED_FILES)) {
            /**
             * Run after-tests for debug mode, to make sure coding standards are met.
             */
            function debug_mode_aftertests()
            {
                global $_CREATED_FILES, $_MODIFIED_FILES;
                // Use the info from ocProduct's custom PHP version to make sure that all files that were created/modified got synched as they should have been.
                foreach ($_CREATED_FILES as $file) {
                    if (substr($file, 0, strlen(get_file_base())) == get_file_base() && substr($file, -4) != '.log' && basename($file) != 'permissioncheckslog.php') {
                        @exit(escape_html('File not permission-synched: ' . $file));
                    }
                }
                foreach ($_MODIFIED_FILES as $file) {
                    if (strpos($file, '_cache') === false && substr($file, 0, strlen(get_file_base())) == get_file_base() && substr($file, -4) != '.log' && basename($file) != 'permissioncheckslog.php') {
                        @exit(escape_html('File not change-synched: ' . $file));
                    }
                }
                global $TITLE_CALLED, $SCREEN_TEMPLATE_CALLED, $EXITING;
                if (is_null($SCREEN_TEMPLATE_CALLED) && $EXITING == 0 && strpos(ocp_srv('PHP_SELF'), 'index.php') !== false) {
                    @exit(escape_html('No screen template called.'));
                }
                if (!$TITLE_CALLED && (is_null($SCREEN_TEMPLATE_CALLED) || $SCREEN_TEMPLATE_CALLED != '') && $EXITING == 0 && strpos(ocp_srv('PHP_SELF'), 'index.php') !== false) {
                    @exit(escape_html('No title used on screen.'));
                }
            }
            register_shutdown_function('debug_mode_aftertests');
        }
        if (ocp_srv('SCRIPT_FILENAME') != '' && $GLOBALS['DEBUG_MODE'] && strpos(ocp_srv('SCRIPT_FILENAME'), 'data_custom') === false) {
            if (@strlen(file_get_contents(ocp_srv('SCRIPT_FILENAME'), FILE_TEXT)) > 4500) {
                fatal_exit('Entry scripts (front controllers) should not be shoved full of code.');
            }
        }
    }
    // FirePHP console support, only for administrators
    if ((get_param_integer('keep_firephp', 0) == 1 || get_param_integer('keep_queries', 0) == 1) && ($GLOBALS['FORUM_DRIVER']->is_super_admin(get_member()) || $GLOBALS['IS_ACTUALLY_ADMIN'])) {
        require_code('firephp');
    }
    $default_memory_limit = get_value('memory_limit');
    if (is_null($default_memory_limit) || $default_memory_limit == '' || $default_memory_limit == '0' || $default_memory_limit == '-1') {
        $default_memory_limit = '64M';
    }
    @ini_set('memory_limit', $default_memory_limit);
    if (isset($GLOBALS['FORUM_DRIVER']) && $GLOBALS['FORUM_DRIVER']->is_super_admin(get_member())) {
        if (get_param_integer('keep_avoid_memory_limit', 0) == 1) {
            disable_php_memory_limit();
        }
        $memory_test = get_param_integer('keep_memory_limit_test', 0);
        if ($memory_test != 0 && $memory_test <= 32) {
            @ini_set('memory_limit', strval($memory_test) . 'M');
        }
    }
    if (get_option('sitewide_im', true) === '1' && running_script('index') && get_param('type', 'misc', true) != 'room') {
        require_code('chat');
        enter_chat_lobby();
    }
    // Startup hooks
    if (!running_script('upgrader')) {
        $startup_hooks = find_all_hooks('systems', 'startup');
        foreach (array_keys($startup_hooks) as $hook) {
            require_code('hooks/systems/startup/' . filter_naughty_harsh($hook));
            $ob = object_factory('Hook_startup_' . filter_naughty_harsh($hook), true);
            if ($ob === NULL) {
                continue;
            }
            $ob->run($MICRO_BOOTUP, $MICRO_AJAX_BOOTUP, 0);
        }
        if ($CURRENT_SHARE_USER !== NULL && float_to_raw_string(ocp_version_number()) != get_value('version')) {
            require_code('upgrade');
            clear_caches_2();
            version_specific();
            upgrade_modules();
            ocf_upgrade();
        }
    }
}
Пример #3
0
/**
 * AJAX script for dynamically extended selection tree.
 */
function ajax_tree_script()
{
    // Closed site
    $site_closed = get_option('site_closed');
    if ($site_closed == '1' && !has_specific_permission(get_member(), 'access_closed_site') && !$GLOBALS['IS_ACTUALLY_ADMIN']) {
        header('Content-Type: text/plain');
        @exit(get_option('closed'));
    }
    header("Cache-Control: no-cache, must-revalidate");
    // HTTP/1.1
    header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
    // Date in the past
    header('Content-Type: text/xml');
    $hook = filter_naughty_harsh(get_param('hook'));
    require_code('hooks/systems/ajax_tree/' . $hook);
    $object = object_factory('Hook_' . $hook);
    convert_data_encodings(true);
    $id = get_param('id', '', true);
    if ($id == '') {
        $id = NULL;
    }
    @ini_set('ocproducts.xss_detect', '0');
    $html_mask = get_param_integer('html_mask', 0) == 1;
    if (!$html_mask) {
        echo '<?xml version="1.0" encoding="' . get_charset() . '"?' . '>';
    }
    echo $html_mask ? '<html>' : '<request>';
    $_options = get_param('options', '', true);
    if ($_options == '') {
        $_options = serialize(array());
    }
    secure_serialized_data($_options);
    $options = @unserialize($_options);
    if ($options === false) {
        warn_exit(do_lang_tempcode('INTERNAL_ERROR'));
    }
    $val = $object->run($id, $options, get_param('default', NULL, true));
    echo str_replace('</body>', '<br id="ended" /></body>', $val);
    echo $html_mask ? '</html>' : '</request>';
}
Пример #4
0
/**
 * Convert some data from one encoding to the internal encoding.
 *
 * @param  string					Data to convert.
 * @param  ?string				Charset to convert from (NULL: that read by the last http_download_file call).
 * @param  ?string				Charset to convert to (NULL: current encoding).
 * @return string					Converted data.
 */
function convert_to_internal_encoding($data, $input_charset = NULL, $internal_charset = NULL)
{
    global $VALID_ENCODING;
    convert_data_encodings();
    // In case it hasn't run yet. We need $VALID_ENCODING to be set.
    if (is_null($input_charset)) {
        $input_charset = $GLOBALS['HTTP_CHARSET'];
    }
    if ($input_charset === '' || is_null($input_charset)) {
        return $data;
    }
    if (is_null($internal_charset)) {
        $internal_charset = get_charset();
    }
    if ((version_compare(phpversion(), '4.3.0') >= 0 || strtolower($internal_charset) == 'iso-8859-1') && strtolower($input_charset) == 'utf-8' && will_be_unicode_neutered($data) && in_array(strtolower($internal_charset), array('iso-8859-1', 'iso-8859-15', 'koi8-r', 'big5', 'gb2312', 'big5-hkscs', 'shift_jis', 'euc-jp'))) {
        $test = entity_utf8_decode($data, $internal_charset);
        if ($test !== false) {
            $data = $test;
        }
    } elseif (function_exists('unicode_decode') && $internal_charset != 'utf-8' && $input_charset == 'utf-8' && $VALID_ENCODING) {
        $test = @unicode_decode($data, $input_charset);
        if ($test !== false) {
            $data = $test;
        }
    } elseif (function_exists('unicode_encode') && $internal_charset == 'utf-8' && $input_charset != 'utf-8' && $VALID_ENCODING) {
        $test = @unicode_encode($data, $input_charset);
        if ($test !== false) {
            $data = $test;
        }
    } elseif (function_exists('iconv') && $VALID_ENCODING && get_value('disable_iconv') !== '1') {
        $test = @iconv($input_charset, $internal_charset . '//TRANSLIT', $data);
        if ($test !== false) {
            $data = $test;
        }
    } elseif (function_exists('mb_convert_encoding') && $VALID_ENCODING && get_value('disable_mbstring') !== '1') {
        if (function_exists('mb_list_encodings')) {
            $good_encoding = in_array(strtolower($input_charset), array_map('strtolower', mb_list_encodings()));
        } else {
            $good_encoding = true;
        }
        if ($good_encoding) {
            $test = @mb_convert_encoding($data, $internal_charset, $input_charset);
            if ($test !== false) {
                $data = $test;
            }
        }
    } elseif (strtolower($input_charset) == 'utf-8' && strtolower(substr($internal_charset, 0, 3)) != 'utf') {
        $test = utf8_decode($data);
        // Imperfect as it assumes ISO-8859-1, but it's our last resort.
        if ($test !== false) {
            $data = $test;
        }
    } elseif (strtolower($internal_charset) == 'utf-8' && strtolower(substr($input_charset, 0, 3)) != 'utf') {
        $test = utf8_encode($data);
        // Imperfect as it assumes ISO-8859-1, but it's our last resort.
        if ($test !== false) {
            $data = $test;
        }
    }
    return $data;
}
Пример #5
0
/**
 * High-level messages script handling
 */
function messages_script()
{
    get_page_title('', false);
    // Force session time to be updated
    // Closed site
    $site_closed = get_option('site_closed');
    if ($site_closed == '1' && !has_specific_permission(get_member(), 'access_closed_site') && !$GLOBALS['IS_ACTUALLY_ADMIN']) {
        header('Content-Type: text/plain');
        @exit(get_option('closed'));
    }
    // Check we are allowed here
    //if (!has_actual_page_access(get_member(),'chat')) access_denied('PAGE_ACCESS');	Actually we'll use room permissions for that; don't want to block the shoutbox
    // Check the action
    $action = get_param('action', 'new');
    if ($action == 'all') {
        // Getting all messages (i.e. up to five minutes ago)
        _chat_messages_script_ajax(either_param_integer('room_id'), true);
    } elseif ($action == 'post') {
        // Posting a message
        convert_data_encodings(true);
        $message = either_param('message');
        _chat_post_message_ajax(either_param_integer('room_id'), $message, post_param('font', ''), post_param('colour', ''), post_param_integer('first_message', 0));
    } elseif ($action == 'start_im') {
        require_lang('chat');
        $people = get_param('people');
        if ($people == '') {
            exit;
        }
        require_code('chat2');
        if (strpos($people, ',') === false) {
            $room_name = $GLOBALS['FORUM_DRIVER']->get_username(get_member());
        } else {
            $room_name = do_lang('IM_MULTI', $GLOBALS['FORUM_DRIVER']->get_username(get_member()));
        }
        add_chatroom('', $room_name, get_member(), filter_invites_for_blocking(strval(get_member()) . ',' . $people), '', '', '', user_lang(), 1);
        // Send response of new messages, so we get instant result
        _chat_messages_script_ajax(-2, false, either_param_integer('message_id'), either_param_integer('event_id'));
    } elseif ($action == 'join_im') {
        $room_id = get_param_integer('room_id');
        $room_check = $GLOBALS['SITE_DB']->query_select('chat_rooms', array('id', 'is_im', 'c_welcome', 'allow_list_groups', 'disallow_list_groups', 'allow_list', 'disallow_list', 'room_owner'), array('id' => $room_id), '', 1);
        if (!array_key_exists(0, $room_check)) {
            warn_exit(do_lang_tempcode('MISSING_RESOURCE'));
        }
        if (!check_chatroom_access($room_check[0], true, NULL, true)) {
            return;
        }
        // Possibly the room was closed already
        $event_id = $GLOBALS['SITE_DB']->query_insert('chat_events', array('e_type_code' => 'JOIN_IM', 'e_member_id' => get_member(), 'e_room_id' => $room_id, 'e_date_and_time' => time()), true);
        $myfile = @fopen(get_custom_file_base() . '/data_custom/modules/chat/chat_last_event.dat', 'wb') or intelligent_write_error(get_custom_file_base() . '/data_custom/modules/chat/chat_last_event.dat');
        fwrite($myfile, strval($event_id));
        fclose($myfile);
        sync_file(get_custom_file_base() . '/data_custom/modules/chat/chat_last_event.dat');
        // Catch up the current user so that they know who else is in the room just joined...
        $events_output = '';
        $peoplea = explode(',', $room_check[0]['allow_list']);
        foreach ($peoplea as $person) {
            $person = trim($person);
            if ($person == '') {
                continue;
            }
            $member_id = intval($person);
            if ($member_id != get_member()) {
                $username = $GLOBALS['FORUM_DRIVER']->get_username($member_id);
                $avatar_url = $GLOBALS['FORUM_DRIVER']->get_member_avatar_url($member_id);
                if (!is_null($username)) {
                    $events_output .= '<chat_event event_type="PREINVITED_TO_IM" away="' . (chatter_active($member_id) ? '0' : '1') . '" member_id="' . strval($member_id) . '" username="******" avatar_url="' . xmlentities($avatar_url) . '" room_id="' . strval($room_id) . '"></chat_event>';
                }
            }
        }
        _chat_messages_script_ajax(-1, false, -1, either_param_integer('event_id'), $events_output);
    } elseif ($action == 'deinvolve_im') {
        $room_id = get_param_integer('room_id');
        $room_check = $GLOBALS['SITE_DB']->query_select('chat_rooms', array('id', 'is_im', 'c_welcome', 'allow_list_groups', 'disallow_list_groups', 'allow_list', 'disallow_list', 'room_owner'), array('id' => $room_id), '', 1);
        if (!array_key_exists(0, $room_check)) {
            warn_exit(do_lang_tempcode('MISSING_RESOURCE'));
        }
        if (!check_chatroom_access($room_check[0], true, NULL, true)) {
            return;
        }
        // Possibly the room was closed already
        $allow_list = str_replace(',' . strval(get_member()) . ',', ',', ',' . $room_check[0]['allow_list'] . ',');
        $allow_list = substr($allow_list, 1, strlen($allow_list) - 2);
        $event_id = $GLOBALS['SITE_DB']->query_insert('chat_events', array('e_type_code' => 'DEINVOLVE_IM', 'e_member_id' => get_member(), 'e_room_id' => $room_id, 'e_date_and_time' => time()), true);
        $myfile = @fopen(get_custom_file_base() . '/data_custom/modules/chat/chat_last_event.dat', 'wb') or intelligent_write_error(get_custom_file_base() . '/data_custom/modules/chat/chat_last_event.dat');
        fwrite($myfile, strval($event_id));
        fclose($myfile);
        sync_file(get_custom_file_base() . '/data_custom/modules/chat/chat_last_event.dat');
        if ($allow_list == '') {
            require_code('chat2');
            delete_chatroom($room_id);
        } else {
            $peoplea = explode(',', $allow_list);
            $room_owner = $room_check[0]['room_owner'];
            if ($room_owner == get_member()) {
                $room_owner = intval($peoplea[0]);
            }
            $GLOBALS['SITE_DB']->query_update('chat_rooms', array('room_owner' => $room_owner, 'allow_list' => $allow_list), array('id' => $room_id), '', 1);
        }
    } elseif ($action == 'invite_im') {
        $room_id = get_param_integer('room_id');
        $people = get_param('people');
        if ($people == '') {
            exit;
        }
        foreach (explode(',', $people) as $person) {
            $person = trim($person);
            if ($person == '') {
                continue;
            }
            $event_id = $GLOBALS['SITE_DB']->query_insert('chat_events', array('e_type_code' => 'PREINVITED_TO_IM', 'e_member_id' => intval($person), 'e_room_id' => $room_id, 'e_date_and_time' => time()), true);
            $myfile = @fopen(get_custom_file_base() . '/data_custom/modules/chat/chat_last_event.dat', 'wb') or intelligent_write_error(get_custom_file_base() . '/data_custom/modules/chat/chat_last_event.dat');
            fwrite($myfile, strval($event_id));
            fclose($myfile);
            sync_file(get_custom_file_base() . '/data_custom/modules/chat/chat_last_event.dat');
        }
        $room_check = $GLOBALS['SITE_DB']->query_select('chat_rooms', array('id', 'is_im', 'c_welcome', 'allow_list_groups', 'disallow_list_groups', 'allow_list', 'disallow_list', 'room_owner'), array('id' => $room_id), '', 1);
        if (!array_key_exists(0, $room_check)) {
            warn_exit(do_lang_tempcode('MISSING_RESOURCE'));
        }
        if (!check_chatroom_access($room_check[0], true, NULL, true)) {
            return;
        }
        // Possibly the room was closed already
        $allow_list = $room_check[0]['allow_list'];
        $_people = $allow_list . ',' . filter_invites_for_blocking($people);
        $GLOBALS['SITE_DB']->query_update('chat_rooms', array('allow_list' => $_people), array('id' => $room_id), '', 1);
    } else {
        // Getting all new messages (i.e. up to our last refresh time)
        _chat_messages_script_ajax(either_param_integer('room_id'), false, either_param_integer('message_id'), either_param_integer('event_id'));
    }
}