function _getAdminMenus(&$menuOrder) { global $CURRENT_USER; if (!@$CURRENT_USER['isAdmin']) { return array(); } $menu = @$_REQUEST['menu']; $action = getRequestedAction(); $adminMenus = array(); $adminMenus[] = array('menuType' => 'menugroup', 'menuName' => t('Admin'), 'menuOrder' => ++$menuOrder, 'tableName' => '', 'link' => '', 'isSelected' => ''); $adminMenus[] = array('menuType' => 'custom', 'menuName' => t('General Settings'), 'menuOrder' => ++$menuOrder, 'link' => '?menu=admin&action=general', 'isSelected' => $menu == 'admin' && ($action == 'general' || $action == 'vendor' || $action == 'adminSave')); $adminMenus[] = array('menuType' => 'custom', 'menuName' => t('Section Editors'), 'menuOrder' => ++$menuOrder, 'link' => '?menu=database', 'isSelected' => $menu == 'database'); $adminMenus[] = array('menuType' => 'custom', 'menuName' => t('Code Generator'), 'menuOrder' => ++$menuOrder, 'link' => '?menu=_codeGenerator', 'isSelected' => $menu == '_codeGenerator'); $adminMenus[] = array('menuType' => 'custom', 'menuName' => t('Plugins'), 'menuOrder' => ++$menuOrder, 'link' => '?menu=admin&action=plugins', 'isSelected' => $menu == 'admin' && $action == 'plugins'); $adminMenus[] = array('menuType' => 'custom', 'menuName' => t('Email Templates'), 'menuOrder' => ++$menuOrder, 'link' => '?menu=_email_templates', 'isSelected' => $menu == '_email_templates'); if (@$GLOBALS['SETTINGS']['advanced']['outgoingMail'] != 'sendOnly') { // only show outgoing mail menu if logging is enabled $count = mysql_count('_outgoing_mail'); $countText = $count ? " ({$count})" : ""; $adminMenus[] = array('menuType' => 'custom', 'menuName' => t('Outgoing Mail') . $countText, 'menuOrder' => ++$menuOrder, 'link' => '?menu=_outgoing_mail', 'isSelected' => $menu == '_outgoing_mail'); } // $errorCount = mysql_count('_error_log'); $adminMenus[] = array('menuType' => 'custom', 'menuName' => t('Error Log') . " ({$errorCount})", 'menuOrder' => ++$menuOrder, 'link' => '?menu=_error_log', 'isSelected' => $menu == '_error_log', 'tableName' => '_error_log', 'recordCount' => $errorCount); //array_pop($adminMenus); // remove "Error Log" from menu // return $adminMenus; }
<?php # set globals global $APP, $SETTINGS, $CURRENT_USER, $TABLE_PREFIX; $APP['selectedMenu'] = 'admin'; ### check access level if (!$GLOBALS['CURRENT_USER']['isAdmin']) { alert(t("You don't have permissions to access this menu.")); showInterface(''); } ### Dispatch actions $action = getRequestedAction(); if (!$action || $action == 'listTables') { if (@$_REQUEST['newOrder']) { updateMenuOrder(); } if (@$action == '' && !alert()) { createMissingSchemaTablesAndFields(); } // skip if action specified or alerts, such as when user is redirected back to this page showInterface('database/listTables.php'); } elseif ($action == 'addTable') { include "lib/menus/database/addTable.php"; } elseif ($action == 'addTable_save') { addTable(); } elseif ($action == 'editTable') { include "lib/menus/database/editTable.php"; } elseif ($action == 'adminHome') { showInterface('admin/home.php'); } elseif ($action == 'recreateThumbnails') { recreateThumbnails();
function isFlashUploader() { if (!@$_REQUEST['_FLASH_UPLOADER_'] && !@$_REQUEST['_FLASH_COOKIE_BUG_FIX_']) { return false; } // test for both so cookie bug fix can only be used by flash uploader and upload submissions // Past this line and we're dealing with the flash uploader (or someone pretending to be the flash uploader) // debug - log flash uploader requests $logRequests = false; // for debugging if ($logRequests) { $log = "HTTP_USER_AGENT: " . $_SERVER['HTTP_USER_AGENT'] . "\n"; if ($_POST) { $log .= "_POST: " . print_r($_POST, true) . "\n"; } if ($_FILES) { $log .= "_FILES: " . print_r($_FILES, true) . "\n"; } //if ($_SERVER) { $log .= "_SERVER: " .print_r($_SERVER, true). "\n"; } if ($_COOKIE) { $log .= "_COOKIE: " . print_r($_COOKIE, true) . "\n"; } $log .= "\n"; file_put_contents(SCRIPT_DIR . "/data/debug_flash_uploader.log", $log, FILE_APPEND); } // error checking: test for required and unique flash uploader fields $errors = ''; if ($_SERVER['REQUEST_METHOD'] != 'POST') { die("REQUEST_METHOD must be POST\n"); } else { if (!@$_POST['_FLASH_COOKIE_BUG_FIX_']) { die("No _FLASH_COOKIE_BUG_FIX_ value submitted!\n"); } if (!@$_POST['_FLASH_UPLOADER_']) { die("No _FLASH_UPLOADER_ value submitted!\n"); } if (getRequestedAction() != 'uploadForm') { die("getRequestedAction() must be 'uploadForm'!\n"); } // SECURITY: this prevents _FLASH_COOKIE_BUG_FIX_ flash login from being used for anything but uploads if (!@$_POST['submitUploads']) { die("No submitUploads value submitted!\n"); } // SECURITY: This prevents anything but saving of uploads (won't even allow displaying upload form) //if (!@$_FILES) { die("Nothing is in _FILES array!\n"); } //elseif (!@$_FILES['Filedata']) { die("Nothing is in _FILES['Filedata'] array!\n"); } } if ($errors) { die(__FUNCTION__ . ": Flash Uploader Errors\n{$errors}!\n"); } // return true; }
$escapedTableName = mysql_escape($TABLE_PREFIX . $tableName); $hasEditorAccess = userSectionAccess($tableName) >= 9; $hasAuthorAccess = userSectionAccess($tableName) >= 6; $hasViewerAccess = userSectionAccess($tableName) >= 3; $hasViewerAccessOnly = userSectionAccess($tableName) == 3; $hasAuthorViewerAccess = userSectionAccess($tableName) >= 7; $isSingleMenu = @$schema['menuType'] == 'single'; // get action if ($isSingleMenu && $hasAuthorAccess) { $_defaultAction = 'edit'; } elseif ($isSingleMenu && $hasViewerAccess) { $_defaultAction = 'view'; } else { $_defaultAction = 'list'; } $action = getRequestedAction($_defaultAction); // doAction('section_init', $tableName, $action); // _redirectForCustomMenus(); // If file exists, call: /lib/menus/$menu/actionHandler.php _myAccountMenuOverrides(); // override menuName, recordNum, selectedRecords and action // error checking _displayRequiredPluginErrors(); displaySectionAccessErrors($action); _displayRecordAccessErrors($action); // display alerts $message = ''; if (@$_REQUEST['saved']) { $recordNum = (int) @$_REQUEST['saved'];