/** * Get details for an ajax-tree-list of entries for the content covered by this search hook. * * @return array A pair: the hook, and the options */ function ajax_tree() { $catalogue_name = get_param('catalogue_name', ''); if ($catalogue_name == '') { @ob_end_clean(); $tree = nice_get_catalogues(NULL, true); if ($tree->is_empty()) { inform_exit(do_lang_tempcode('NO_ENTRIES')); } require_code('form_templates'); $fields = form_input_list(do_lang_tempcode('NAME'), '', 'catalogue_name', $tree, NULL, true); if (running_script('iframe')) { $post_url = get_self_url_easy(); } else { $post_url = get_self_url(false, false, NULL, false, true); } $submit_name = do_lang_tempcode('PROCEED'); $hidden = build_keep_post_fields(); $title = get_page_title('SEARCH'); $tpl = do_template('FORM_SCREEN', array('_GUID' => 'a2812ac8056903811f444682d45ee448', 'TARGET' => '_self', 'GET' => true, 'SKIP_VALIDATION' => true, 'HIDDEN' => $hidden, 'TITLE' => $title, 'TEXT' => '', 'URL' => $post_url, 'FIELDS' => $fields, 'SUBMIT_NAME' => $submit_name)); $echo = globalise($tpl, NULL, '', true); $echo->evaluate_echo(); exit; } return array('choose_catalogue_category', array('catalogue_name' => $catalogue_name)); }
/** * Log permission checks to the permission_checks.log file, if it exists. * * @param MEMBER The user checking against * @param ID_TEXT The function that was called to check a permission * @param array Parameters to this permission-checking function * @param boolean Whether the permission was held */ function handle_permission_check_logging($member, $op, $params, $result) { global $PERMISSION_CHECK_LOGGER, $PERMISSIONS_ALREADY_LOGGED, $SITE_INFO; if ($PERMISSION_CHECK_LOGGER === NULL) { $file_path = get_custom_file_base() . '/data_custom/permissioncheckslog.php'; if ((!isset($SITE_INFO['no_extra_logs']) || $SITE_INFO['no_extra_logs'] == '0') && is_file($file_path) && is_writable_wrap($file_path)) { $PERMISSION_CHECK_LOGGER = fopen($file_path, 'at'); if (!function_exists('get_self_url')) { require_code('tempcode'); require_code('urls'); } $self_url = get_self_url(true); if (!is_string($self_url)) { $self_url = get_self_url_easy(); } // A weirdness can happen here. If some kind of fatal error happens then output buffers can malfunction making it impossible to use Tempcode as above. So we fall back to this. (This function may be called in a fatal error due to the 'display_php_errors' permissions). fwrite($PERMISSION_CHECK_LOGGER, chr(10) . chr(10) . date('Y/m/d h:m:i') . ' -- ' . $self_url . ' -- ' . $GLOBALS['FORUM_DRIVER']->get_username(get_member()) . chr(10)); } else { $PERMISSION_CHECK_LOGGER = false; } } static $fbe = NULL; if ($fbe === NULL) { $fbe = function_exists('fb'); } if ($PERMISSION_CHECK_LOGGER === false && (!$fbe || get_param_integer('keep_firephp', 0) == 0)) { return; } $sz = serialize(array($member, $op, $params)); if (array_key_exists($sz, $PERMISSIONS_ALREADY_LOGGED)) { return; } $PERMISSIONS_ALREADY_LOGGED[$sz] = 1; if ($result) { return; } require_code('permissions2'); _handle_permission_check_logging($member, $op, $params, $result); }
/** * Send out a notification to members enabled. */ function dispatch() { if (running_script('stress_test_loader')) { return; } if (get_page_name() == 'admin_import') { return; } $subject = $this->subject; $message = $this->message; $no_cc = $this->no_cc; if ($GLOBALS['DEBUG_MODE']) { if (strpos($this->message, 'keep_devtest') !== false && $this->notification_code != 'hack_attack' && $this->notification_code != 'auto_ban' && strpos($this->message, running_script('index') ? static_evaluate_tempcode(build_url(array('page' => '_SELF'), '_SELF', NULL, true, false, true)) : get_self_url_easy()) === false && (strpos(ocp_srv('HTTP_REFERER'), 'keep_devtest') === false || strpos($this->message, ocp_srv('HTTP_REFERER')) === false)) { // Bad URL - it has to be general, not session-specific fatal_exit(do_lang_tempcode('INTERNAL_ERROR')); } } $ob = _get_notification_ob_for_code($this->notification_code); if (is_null($ob)) { if (get_page_name() != 'admin_setupwizard') { // Setupwizard may have removed after register_shutdown_function was called fatal_exit('Missing notification code: ' . $this->notification_code); } return; } require_lang('notifications'); require_code('mail'); if (function_exists('set_time_limit')) { @set_time_limit(0); } if ($this->store_in_staff_messaging_system && addon_installed('staff_messaging')) { require_lang('messaging'); list($type, $id) = explode('_', $this->code_category, 2); $message_url = build_url(array('page' => 'admin_messaging', 'type' => 'view', 'id' => $id, 'message_type' => $type), get_module_zone('admin_messaging'), NULL, false, false, true); $message = do_lang('MESSAGING_NOTIFICATION_WRAPPER', $message, $message_url->evaluate()); require_code('feedback'); actualise_post_comment(true, $type, $id, $message_url, $subject, get_option('messaging_forum_name'), true, 1, true, true, true); } $testing = get_param_integer('keep_debug_notifications', 0) == 1; $start = 0; $max = 300; do { list($members, $possibly_has_more) = $ob->list_members_who_have_enabled($this->notification_code, $this->code_category, $this->to_member_ids, $start, $max); if (get_value('notification_safety_testing') === '1') { if (count($members) > 20) { $members = array(6 => A_INSTANT_EMAIL); // This is just for testing on ocportal.com, if lots of notifications going out it's probably a scary bug, so send just to Chris (#6) with a note $message = 'OVER-ADDRESSED?' . "\n\n" . $message; } } foreach ($members as $to_member_id => $setting) { if (!is_null($this->no_notify_for__notification_code)) { if (notifications_enabled($this->no_notify_for__notification_code, $this->no_notify_for__code_category, $to_member_id)) { continue; } // Signal they are getting some other notification for this } if ($to_member_id !== $this->from_member_id || $testing) { $no_cc = _dispatch_notification_to_member($to_member_id, $setting, $this->notification_code, $this->code_category, $subject, $message, $this->from_member_id, $this->priority, $no_cc); } } $start += $max; } while ($possibly_has_more); }
/** * This is it - the start of rendering of a website page. * Take in all inputs, sends them to the correct functions to process, gathers up all the outputs, sticks them together and echoes them. */ function do_site() { // More SEO redirection (monikers) // Does this URL arrangement support monikers? $url_id = get_param('id', NULL, true); if ($url_id !== NULL && url_monikers_enabled()) { $type = get_param('type', 'misc'); $looking_for = '_SEARCH:' . get_page_name() . ':' . $type . ':_WILD'; $hooks = find_all_hooks('systems', 'content_meta_aware'); $ob_info = NULL; foreach (array_keys($hooks) as $hook) { require_code('hooks/systems/content_meta_aware/' . filter_naughty($hook)); $ob = object_factory('Hook_content_meta_aware_' . $hook, true); if ($ob === NULL) { continue; } $ob_info = $ob->info(); $ob_info['view_pagelink_pattern'] = preg_replace('#:[^:]*$#', ':_WILD', $ob_info['view_pagelink_pattern']); if ($ob_info['view_pagelink_pattern'] == $looking_for && $ob_info['support_url_monikers']) { if (is_numeric($url_id)) { $correct_moniker = find_id_moniker(array('page' => get_page_name(), 'type' => get_param('type', 'misc'), 'id' => $url_id)); if ($correct_moniker !== NULL && $correct_moniker != $url_id && count($_POST) == 0) { header('HTTP/1.0 301 Moved Permanently'); $_new_url = build_url(array('page' => '_SELF', 'id' => $correct_moniker), '_SELF', NULL, true); $new_url = $_new_url->evaluate(); header('Location: ' . $new_url); exit; } } else { // See if it is deprecated if (strpos(get_db_type(), 'mysql') !== false) { $monikers = $GLOBALS['SITE_DB']->query_select('url_id_monikers USE INDEX (uim_moniker)', array('m_resource_id', 'm_deprecated'), array('m_resource_page' => get_page_name(), 'm_resource_type' => get_param('type', 'misc'), 'm_moniker' => $url_id)); } else { $monikers = $GLOBALS['SITE_DB']->query_select('url_id_monikers', array('m_resource_id', 'm_deprecated'), array('m_resource_page' => get_page_name(), 'm_resource_type' => get_param('type', 'misc'), 'm_moniker' => $url_id)); } if (!array_key_exists(0, $monikers)) { warn_exit(do_lang_tempcode('MISSING_RESOURCE')); } $deprecated = $monikers[0]['m_deprecated'] == 1; if ($deprecated && count($_POST) == 0) { $correct_moniker = find_id_moniker(array('page' => get_page_name(), 'type' => get_param('type', 'misc'), 'id' => $monikers[0]['m_resource_id'])); header('HTTP/1.0 301 Moved Permanently'); $_new_url = build_url(array('page' => '_SELF', 'id' => $correct_moniker), '_SELF', NULL, true); $new_url = $_new_url->evaluate(); header('Location: ' . $new_url); exit; } else { $_GET['id'] = $monikers[0]['m_resource_id']; // We need to know the ID number rather than the moniker } } break; } } } // Any messages to output? if (get_param_integer('redirected', 0) == 1) { $messages = $GLOBALS['SITE_DB']->query_select('messages_to_render', array('r_message', 'r_type'), array('r_session_id' => get_session_id()), 'ORDER BY r_time DESC'); foreach ($messages as $message) { if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($message['r_message']); } attach_message(protect_from_escaping($message['r_message']), $message['r_type']); } if (count($messages) != 0) { $GLOBALS['SITE_DB']->query('DELETE FROM ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'messages_to_render WHERE r_session_id=' . strval((int) get_session_id()) . ' OR r_time<' . strval(time() - 60 * 60)); } } if (in_safe_mode()) { $disable_safe_mode_url = get_self_url(true, true, array('keep_safe_mode' => NULL)); attach_message(do_lang_tempcode('CURRENTLY_HAS_KEEP_SAFE_MODE', escape_html($disable_safe_mode_url)), 'notice'); } if (get_param_integer('keep_fatalistic', 0) == 1) { $disable_fatalistic_url = get_self_url(true, true, array('keep_fatalistic' => NULL)); attach_message(do_lang_tempcode('CURRENTLY_HAS_KEEP_FATALISTIC', escape_html($disable_fatalistic_url)), 'notice'); } $special_page_type = get_param('special_page_type', 'view'); global $ZONE; $keep_markers = get_param_integer('keep_markers', 0); $show_edit_links = get_param_integer('show_edit_links', 0); global $KEEP_MARKERS, $SHOW_EDIT_LINKS; $KEEP_MARKERS = $keep_markers == 1 || $special_page_type == 'show_markers'; if ($KEEP_MARKERS && !headers_sent()) { header('Content-type: text/html; charset=' . get_charset()); } $SHOW_EDIT_LINKS = $show_edit_links == 1 || $special_page_type == 'show_edit_links'; $out_evaluated = NULL; if ($special_page_type != 'view' && $special_page_type != 'show_markers') { require_code('view_modes'); initialise_special_page_types($special_page_type); } // Set up Xdebug profiling if ($special_page_type == 'profile') { if (function_exists('xdebug_start_profiling')) { xdebug_start_profiling(); } // xdebug 1 style if (ini_get('xdebug.profiler_enable') != '1') { attach_message(escape_html('Profiling must be enabled in php.ini'), 'warn'); } // xdebug 2 style if (!is_writable_wrap(ini_get('xdebug.profiler_output_dir'))) { attach_message(escape_html('xdebug.profiler_output_dir needs setting to a writable directory'), 'warn'); } } // Allow the site to be closed $site_closed = get_option('site_closed'); if ($site_closed == '1' && !has_specific_permission(get_member(), 'access_closed_site') && !$GLOBALS['IS_ACTUALLY_ADMIN']) { require_code('site2'); closed_site(); } // Work out which page we're viewing global $PAGE; $PAGE = get_page_name(); $doing_special_page_type = $special_page_type != 'view' && $special_page_type != 'show_markers' && $special_page_type != 'show_edit_links' && $special_page_type != 'memory' && (has_specific_permission(get_member(), 'view_profiling_modes') || $GLOBALS['IS_ACTUALLY_ADMIN']); // Load up our frames into strings. Note that the header and the footer are fixed already. $middle = request_page($PAGE, true); global $CYCLES; $CYCLES = array(); // Here we reset some Tempcode environmental stuff, because template compilation or preprocessing may have dirtied things if ($middle === NULL || $middle->is_definitely_empty()) { $GLOBALS['HTTP_STATUS_CODE'] = '404'; if (!headers_sent()) { if (!browser_matches('ie') && strpos(ocp_srv('SERVER_SOFTWARE'), 'IIS') === false) { header('HTTP/1.0 404 Not Found'); } } $title = get_page_title('ERROR_OCCURRED'); $text = do_lang_tempcode('NO_PAGE_OUTPUT'); $middle = warn_screen($title, $text, false); } // Extra stuff we can tag on (like messages) $additional = new ocp_tempcode(); $site_closed = get_option('site_closed'); // May have been JUST changed in page load - think Setup Wizard if ($site_closed == '1' && $PAGE != 'login' && $PAGE != 'join' && get_param_integer('wide_high', 0) == 0) { $additional->attach(do_template('ADDITIONAL', array('_GUID' => '03a41a91606b3ad05330e7d6f3e741c1', 'TYPE' => 'notice', 'MESSAGE' => do_lang_tempcode(has_specific_permission(get_member(), 'access_closed_site') ? 'SITE_SPECIAL_ACCESS' : 'SITE_SPECIAL_ACCESS_SU')))); } if ($GLOBALS['IS_ACTUALLY_ADMIN']) { $unsu_link = get_self_url(true, true, array('keep_su' => NULL)); $su_username = $GLOBALS['FORUM_DRIVER']->get_username(get_member()); $additional->attach(do_template('ADDITIONAL', array('_GUID' => '13a41a91606b3ad05330e7d6f3e741c1', 'TYPE' => 'notice', 'MESSAGE' => do_lang_tempcode('USING_SU', escape_html($unsu_link), escape_html($su_username))))); } $out = new ocp_tempcode(); // This is important - it makes sure the tempcode tree appears nicely $middle->handle_symbol_preprocessing(); // Due to the '->evaluate()' below, plus so that some symbol preprocessing can be passed into header $out->attach(do_header()); if (function_exists('memory_get_usage') && get_param('special_page_type', '') == 'memory') { if (function_exists('memory_get_peak_usage')) { $memory_usage = memory_get_peak_usage(); } else { $memory_usage = memory_get_usage(); } $additional->attach(do_template('ADDITIONAL', array('_GUID' => 'd605c0d111742a8cd2d4ef270a1e5fe1', 'TYPE' => 'inform', 'MESSAGE' => do_lang_tempcode('MEMORY_USAGE', float_format(round(floatval($memory_usage) / 1024.0 / 1024.0, 2)))))); } // Whack it into our global template global $ATTACHED_MESSAGES; $global_template = 'GLOBAL'; if (get_option('show_docs') == '0') { $GLOBALS['HELPER_PANEL_TUTORIAL'] = ''; } $helper_panel_pic = $GLOBALS['HELPER_PANEL_PIC']; if ($helper_panel_pic != '') { if (find_theme_image($helper_panel_pic, true) == '') { $helper_panel_pic = ''; } } $global = do_template($global_template, array('HELPER_PANEL_TUTORIAL' => $GLOBALS['HELPER_PANEL_TUTORIAL'], 'HELPER_PANEL_HTML' => $GLOBALS['HELPER_PANEL_HTML'], 'HELPER_PANEL_TEXT' => $GLOBALS['HELPER_PANEL_TEXT'], 'HELPER_PANEL_PIC' => $helper_panel_pic, 'MIDDLE' => $doing_special_page_type ? $middle : $middle->evaluate(), 'MESSAGE_TOP' => $ATTACHED_MESSAGES, 'MESSAGE' => $additional, 'BREADCRUMBS' => breadcrumbs())); unset($middle); $out->attach($global); $out->attach(do_footer()); $out->handle_symbol_preprocessing(); if (get_value('xhtml_strict') === '1') { $out = make_xhtml_strict($out); } // Validation $novalidate = get_param_integer('keep_novalidate', get_param_integer('novalidate', 0)); $show_edit_links = get_param_integer('show_edit_links', 0); if ((in_array(ocp_srv('HTTP_HOST'), array('localhost', 'test.ocportal.com')) || $GLOBALS['FORUM_DRIVER']->is_staff(get_member())) && ($special_page_type == 'code' || $novalidate == 0 && get_option('validation') == '1') && $GLOBALS['REFRESH_URL'][0] == '' && $show_edit_links == 0) { require_code('view_modes'); $out_evaluated = $out->evaluate(NULL, false); do_xhtml_validation($out_evaluated, $special_page_type == 'code' && get_param_integer('preview_mode', NULL) === NULL, get_param_integer('preview_mode', 0)); } // Cacheing for spiders if (running_script('index') && count($_POST) == 0 && isset($GLOBALS['SITE_INFO']['fast_spider_cache']) && $GLOBALS['SITE_INFO']['fast_spider_cache'] == '1' && is_guest()) { $bot_type = get_bot_type(); if (($bot_type !== NULL || isset($GLOBALS['SITE_INFO']['any_guest_cached_too']) && $GLOBALS['SITE_INFO']['any_guest_cached_too'] == '1') && can_fast_spider_cache()) { $fast_cache_path = get_custom_file_base() . '/persistant_cache/' . md5(serialize(get_self_url_easy())); if ($bot_type === NULL) { $fast_cache_path .= '__non-bot'; } if (!array_key_exists('js_on', $_COOKIE)) { $fast_cache_path .= '__no-js'; } if (is_mobile()) { $fast_cache_path .= '_mobile'; } $fast_cache_path .= '.gcd'; if (!is_dir(get_custom_file_base() . '/persistant_cache/')) { if (@mkdir(get_custom_file_base() . '/persistant_cache/', 0777)) { fix_permissions(get_custom_file_base() . '/persistant_cache/', 0777); sync_file(get_custom_file_base() . '/persistant_cache/'); } else { intelligent_write_error($fast_cache_path); } } $out_evaluated = $out->evaluate(NULL, false); $myfile = @fopen($fast_cache_path, 'wb') or intelligent_write_error($fast_cache_path); if (function_exists('gzencode')) { fwrite($myfile, gzencode($out_evaluated, 9)); } else { fwrite($myfile, $out_evaluated); } fclose($myfile); fix_permissions($fast_cache_path); sync_file($fast_cache_path); } } if ($doing_special_page_type) { special_page_types($special_page_type, $out, $out_evaluated); } // We calculated the time before outputting so that latency and bandwidth do not adversely affect the result global $PAGE_START_TIME, $PAGE_STRING; $page_generation_time = microtime_diff($PAGE_START_TIME, microtime(false)); if (!$GLOBALS['QUICK_REDIRECT']) { if ($out_evaluated !== NULL) { echo $out_evaluated; } else { $GLOBALS['FINISHING_OUTPUT'] = true; $out->evaluate_echo(); } } // Finally, stats if ($PAGE_STRING !== NULL) { log_stats($PAGE_STRING, intval($page_generation_time)); } // When someone hits the Admin Zone front page. if ($ZONE['zone_name'] == 'adminzone' && get_page_name() == 'start') { // Security feature admins can turn on require_code('notifications'); $current_username = $GLOBALS['FORUM_DRIVER']->get_username(get_member()); $subject = do_lang('AFA_NOTIFICATION_MAIL_SUBJECT', $current_username, get_site_name(), get_ip_address()); $mail = do_lang('AFA_NOTIFICATION_MAIL', comcode_escape(get_site_name()), comcode_escape($current_username), comcode_escape(get_ip_address())); dispatch_notification('adminzone_frontpage_accessed', NULL, $subject, $mail); // Track very basic details of what sites use ocPortal. You can remove if you like. if (preg_match('#^localhost[\\.\\:$]?#', ocp_srv('HTTP_HOST')) == 0) { global $EXPIRE, $KEY; $timeout_before = @ini_get('default_socket_timeout'); @ini_set('default_socket_timeout', '3'); http_download_file('http://ocportal.com/user.php?url=' . urlencode(get_base_url()) . '&name=' . urlencode(get_site_name()) . '®istered=2&key=' . ($KEY === NULL ? '' : strval($KEY)) . '&expire=' . ($EXPIRE === NULL ? '' : strval($EXPIRE)) . '&version=' . urlencode(ocp_version_full()), NULL, false); @ini_set('default_socket_timeout', $timeout_before); } } // Little disk space check $last_space_check = get_value('last_space_check'); if ($last_space_check === NULL || intval($last_space_check) < time() - 60 * 60 * 3) { set_value('last_space_check', strval(time())); $low_space_check = intval(get_option('low_space_check')) * 1024 * 1024; $disk_space = @disk_free_space(get_file_base()); if (is_integer($disk_space) && $disk_space < $low_space_check) { require_code('notifications'); $subject = do_lang('LOW_DISK_SPACE_SUBJECT', NULL, NULL, NULL, get_site_default_lang()); $message = do_lang('LOW_DISK_SPACE_MAIL', strval(intval(round($disk_space / 1024 / 1024))), NULL, NULL, get_site_default_lang()); dispatch_notification('low_disk_space', NULL, $subject, $message, NULL, A_FROM_SYSTEM_PRIVILEGED); } } //exit(); }
/** * Force an AFM login. */ function get_afm_form() { $fields = get_afm_form_fields(); $title = get_page_title('ABSTRACT_FILE_MANAGEMENT'); $post_url = running_script('index') ? get_self_url(true) : get_self_url_easy(); $submit_name = do_lang_tempcode('PROCEED'); $hidden = build_keep_post_fields(); $hidden->attach(form_input_hidden('got_ftp_details', '1')); if (str_replace(array('on', 'true', 'yes'), array('1', '1', '1'), strtolower(ini_get('safe_mode'))) == '1') { $hidden->attach(form_input_hidden('uses_ftp', '1')); } $javascript = "var ftp_ticker=function() { var uses_ftp=document.getElementById('uses_ftp'); if (!uses_ftp) return; var form=uses_ftp.form; form.elements['ftp_domain'].disabled=!uses_ftp.checked; form.elements['ftp_directory'].disabled=!uses_ftp.checked; form.elements['ftp_username'].disabled=!uses_ftp.checked; form.elements['ftp_password'].disabled=!uses_ftp.checked; form.elements['remember_password'].disabled=!uses_ftp.checked; }; ftp_ticker(); document.getElementById('uses_ftp').onclick=ftp_ticker;"; @ob_end_clean(); $middle = do_template('FORM_SCREEN', array('_GUID' => 'c47a31fca47a7b22eeef3a6269cc2407', 'JAVASCRIPT' => $javascript, 'SKIP_VALIDATION' => true, 'HIDDEN' => $hidden, 'SUBMIT_NAME' => $submit_name, 'TITLE' => $title, 'FIELDS' => $fields, 'URL' => $post_url, 'TEXT' => paragraph(do_lang_tempcode('TEXT_ABSTRACT_FILE_MANAGEMENT')))); $echo = globalise($middle, NULL, '', true); $echo->evaluate_echo(); exit; }
/** * Get a well formed URL equivalent to the current URL. * * @param boolean Whether to evaluate the URL (so as we don't return tempcode) * @param boolean Whether to direct to the default page if there was a POST request leading to where we are now (i.e. to avoid missing post fields when we go to this URL) * @param ?array A map of extra parameters for the URL (NULL: none) * @param boolean Whether to also keep POSTed data, in the GET request (useful if either_param is used to get the data instead of post_param - of course the POST data must be of the not--persistant-state-changing variety) * @param boolean Whether to avoid mod_rewrite (sometimes essential so we can assume the standard URL parameter addition scheme in templates) * @return mixed The URL (tempcode or string) */ function get_self_url($evaluate = false, $root_if_posted = false, $extra_params = NULL, $posted_too = false, $avoid_remap = false) { global $SELF_URL_CACHED; $cacheable = $evaluate && !$root_if_posted && $extra_params === NULL && !$posted_too && !$avoid_remap; if ($cacheable && $SELF_URL_CACHED !== NULL) { return $SELF_URL_CACHED; } if (isset($_SERVER['PHP_SELF']) || isset($_ENV['PHP_SELF'])) { if (running_script('execute_temp')) { return get_self_url_easy(); } } if ($extra_params === NULL) { $extra_params = array(); } if ($posted_too) { $post_array = array(); foreach ($_POST as $key => $val) { if (is_array($val)) { continue; } if (get_magic_quotes_gpc()) { $val = stripslashes($val); } $post_array[$key] = $val; } $extra_params = array_merge($post_array, $extra_params); } $page = '_SELF'; if ($root_if_posted && count($_POST) != 0) { $page = ''; } $params = array('page' => $page); foreach ($extra_params as $key => $val) { if ($val === NULL) { unset($params[$key]); } $params[$key] = $val; } $url = build_url($params, '_SELF', NULL, true, $avoid_remap); if ($evaluate) { $ret = $url->evaluate(); if ($cacheable) { $SELF_URL_CACHED = $ret; } return $ret; } return $url; }
/** * ocPortal error handler (hooked into PHP error system). * * @param integer The error code-number * @param PATH The error message * @param string The file the error occurred in * @param integer The line the error occurred on * @return boolean Always false */ function ocportal_error_handler($errno, $errstr, $errfile, $errline) { if (error_reporting() == 0 && !$GLOBALS['DYING_BADLY']) { return false; } // This actually tells if @ was used oddly enough. You wouldn't figure from the PHP docs. if (error_reporting() & $errno || $GLOBALS['DYING_BADLY']) { // Strip down path for security if (substr(str_replace(DIRECTORY_SEPARATOR, '/', $errfile), 0, strlen(get_file_base() . '/')) == str_replace(DIRECTORY_SEPARATOR, '/', get_file_base() . '/')) { $errfile = substr($errfile, strlen(get_file_base() . '/')); } // Work out the error type if (!defined('E_RECOVERABLE_ERROR')) { define('E_RECOVERABLE_ERROR', 4096); } switch ($errno) { case E_RECOVERABLE_ERROR: // constant not defined in all php versions but we defined it // constant not defined in all php versions but we defined it case E_USER_ERROR: case E_PARSE: case E_CORE_ERROR: case E_COMPILE_ERROR: case E_ERROR: $type = 'error'; break; case -123: // Hacked in for the memtrack extension, which was buggy // Hacked in for the memtrack extension, which was buggy case E_CORE_WARNING: case E_COMPILE_WARNING: case E_USER_WARNING: case E_WARNING: $type = 'warning'; break; //case E_STRICT: (constant not defined in all php versions) //case E_DEPRECATED: (constant not defined in all php versions) //case E_USER_DEPRECATED: (constant not defined in all php versions) //case E_STRICT: (constant not defined in all php versions) //case E_DEPRECATED: (constant not defined in all php versions) //case E_USER_DEPRECATED: (constant not defined in all php versions) case E_USER_NOTICE: case E_NOTICE: $type = 'notice'; break; default: // We don't know the error type so it's probably best to continue (could be a problem with something getting deprecated) return false; } $GLOBALS['DYING_BADLY'] = false; // So error suppress works again if (strpos($errstr, 'Allowed memory') !== false) { global $_REQUIRED_CODE; if (!array_key_exists('failure', $_REQUIRED_CODE)) { @error_log('PHP ' . ucwords($type) . ': ' . $errstr . ' in ' . $errfile . ' on line ' . strval($errline) . ' @ ' . get_self_url_easy(), 0); // We really want to know the URL where this is happening (normal PHP error logging does not include it)! critical_error('EMERGENCY', $errstr . escape_html(' [' . $errfile . ' at ' . strval($errline) . ']')); } } require_code('failure'); _ocportal_error_handler($type, $errno, $errstr, $errfile, $errline); } return false; }
/** * Relay an error message, if appropriate, to e-mail listeners (sometimes ocProducts, and site staff). * * @param string A error message (in HTML) * @param boolean Also send to ocProducts * @param ID_TEXT The notification type */ function relay_error_notification($text, $ocproducts = true, $notification_type = 'error_occurred') { // Make sure we don't send too many error emails if (function_exists('get_value') && $GLOBALS['BOOTSTRAPPING'] == 0 && array_key_exists('SITE_DB', $GLOBALS) && !is_null($GLOBALS['SITE_DB'])) { $num = intval(get_value('num_error_mails_' . date('Y-m-d'))) + 1; if ($num == 51) { return; } // We've sent too many error mails today $GLOBALS['SITE_DB']->query('DELETE FROM ' . get_table_prefix() . 'values WHERE the_name LIKE \'' . db_encode_like('num\\_error\\_mails\\_%') . '\''); persistant_cache_delete('VALUES'); set_value('num_error_mails_' . date('Y-m-d'), strval($num)); } if (!function_exists('require_lang')) { return; } require_code('urls'); require_code('tempcode'); $error_url = running_script('index') ? static_evaluate_tempcode(build_url(array('page' => '_SELF'), '_SELF', NULL, true, false, true)) : get_self_url_easy(); require_code('notifications'); require_code('comcode'); $mail = do_lang('ERROR_MAIL', comcode_escape($error_url), str_replace(array('[html', '[/html'), array('[html', '[/html'), $text), NULL, get_site_default_lang()); dispatch_notification($notification_type, NULL, do_lang('ERROR_OCCURRED_SUBJECT', get_page_name(), NULL, NULL, get_site_default_lang()), $mail, NULL, A_FROM_SYSTEM_PRIVILEGED); if ($ocproducts && get_option('send_error_emails_ocproducts', true) == '1' && !running_script('cron_bridge') && strpos($text, '_custom/') === false && strpos($text, 'data/occle.php') === false && strpos($text, '/mini') === false && strpos($text, 'A transaction for the wrong IPN e-mail went through') === false && strpos($text, 'has been disabled for security reasons') === false && strpos($text, 'max_questions') === false && strpos($text, 'Error at offset') === false && strpos($text, 'Unable to allocate memory for pool') === false && strpos($text, 'Out of memory') === false && strpos($text, 'Disk is full writing') === false && strpos($text, 'Disk quota exceeded') === false && strpos($text, 'from storage engine') === false && strpos($text, 'Lost connection to MySQL server') === false && strpos($text, 'Unable to save result set') === false && strpos($text, '.MYI') === false && strpos($text, 'MySQL server has gone away') === false && strpos($text, 'Incorrect key file') === false && strpos($text, 'Too many connections') === false && strpos($text, 'marked as crashed and should be repaired') === false && strpos($text, 'connect to') === false && strpos($text, 'Access denied for') === false && strpos($text, 'Unknown database') === false && strpos($text, 'headers already sent') === false && preg_match('#Maximum execution time of \\d+ seconds#', $text) == 0 && preg_match('#Out of memory \\(allocated (1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24)\\d{6}\\)#', $text) == 0 && strpos($text, 'is marked as crashed and last') === false && strpos($text, 'failed to open stream: Permission denied') === false && strpos($text, 'phpinfo() has been disabled') === false && (strpos($text, 'Maximum execution time') === false || strpos($text, '/js_') === false && strpos($text, '/caches_filesystem.php') === false && strpos($text, '/files2.php') === false) && (strpos($text, 'doesn\'t exist') === false || strpos($text, 'import') === false) && (strpos($text, 'No such file or directory') === false || strpos($text, 'admin_setupwizard') === false) && strpos($text, 'File(/tmp/) is not within the allowed path') === false) { require_code('mail'); mail_wrap(do_lang('ERROR_OCCURRED_SUBJECT', get_page_name(), NULL, NULL, get_site_default_lang()) . ' ' . ocp_version_full(), $mail, array('errors_final' . strval(ocp_version()) . '@ocportal.com'), '', '', '', 3, NULL, true, NULL, true); } if ($ocproducts && !is_null(get_value('agency_email_address'))) { require_code('mail'); $agency_email_address = get_value('agency_email_address'); mail_wrap(do_lang('ERROR_OCCURRED_SUBJECT', get_page_name(), NULL, NULL, get_site_default_lang()) . ' ' . ocp_version_full(), $mail, array($agency_email_address), '', '', '', 3, NULL, true, NULL, true); } }
/** * Render that the page wasn't found. Show alternate likely candidates based on misspellings. * * @param ID_TEXT The codename of the page to load * @param ID_TEXT The zone the page is being loaded in * @return tempcode Message */ function page_not_found($codename, $zone) { $GLOBALS['HTTP_STATUS_CODE'] = '404'; if (!headers_sent()) { if (!browser_matches('ie') && strpos(ocp_srv('SERVER_SOFTWARE'), 'IIS') === false) { header('HTTP/1.0 404 Not Found'); } } // Maybe problem with SEO URLs if (get_zone_name() == '' && get_option('htm_short_urls') == '1' && has_zone_access(get_member(), 'adminzone')) { $self_url = get_self_url_easy(); $zones = find_all_zones(); foreach ($zones as $_zone) { if ($_zone != '' && $_zone != 'site' && strpos($self_url, '/' . $_zone . '/') !== false) { attach_message(do_lang_tempcode('HTACCESS_SEO_PROBLEM'), 'warn'); } } } // "Did you mean?" support $all_pages_in_zone = array_keys(find_all_pages_wrap($zone)); $did_mean = array(); foreach ($all_pages_in_zone as $possibility) { if (is_integer($possibility)) { $possibility = strval($possibility); } // e.g. '404' page has been converted to integer by PHP, grr $from = str_replace('cms_', '', str_replace('admin_', '', $possibility)); $to = str_replace('cms_', '', str_replace('admin_', '', $codename)); //$dist=levenshtein($from,$to); If we use this, change > to < also //$threshold=4; $dist = 0.0; similar_text($from, $to, $dist); $threshold = 75.0; if ($dist > $threshold && has_page_access(get_member(), $codename, $zone)) { $did_mean[$dist] = $possibility; } } ksort($did_mean); $_did_mean = array_pop($did_mean); if ($_did_mean == '') { $_did_mean = NULL; } if (ocp_srv('HTTP_REFERER') != '' && !handle_has_checked_recently('request-' . $zone . ':' . $codename)) { require_code('failure'); relay_error_notification(do_lang('_MISSING_RESOURCE', $zone . ':' . $codename) . ' ' . do_lang('REFERRER', ocp_srv('HTTP_REFERER'), substr(get_browser_string(), 0, 255)), false, 'error_occurred_missing_page'); } $title = get_page_title('ERROR_OCCURRED'); $add_access = has_actual_page_access(get_member(), 'cms_comcode_pages', NULL, NULL, 'submit_highrange_content'); $redirect_access = addon_installed('redirects_editor') && has_actual_page_access(get_member(), 'admin_redirects'); require_lang('zones'); $add_url = $add_access ? build_url(array('page' => 'cms_comcode_pages', 'type' => '_ed', 'page_link' => $zone . ':' . $codename), get_module_zone('cms_comcode_pages')) : new ocp_tempcode(); $add_redirect_url = $redirect_access ? build_url(array('page' => 'admin_redirects', 'type' => 'misc', 'page_link' => $zone . ':' . $codename), get_module_zone('admin_redirects')) : new ocp_tempcode(); return do_template('MISSING_SCREEN', array('_GUID' => '22f371577cd2ba437e7b0cb241931575', 'TITLE' => $title, 'DID_MEAN' => $_did_mean, 'ADD_URL' => $add_url, 'ADD_REDIRECT_URL' => $add_redirect_url, 'PAGE' => $codename)); }
/** * This function is a very basic query executor. It shouldn't usually be used by you, as there are specialised abstracted versions available. * * @param string The complete SQL query * @param ?integer The maximum number of rows to affect (NULL: no limit) * @param ?integer The start row to affect (NULL: no specification) * @param boolean Whether to output an error on failure * @param boolean Whether to get an insert ID * @param ?array Extra language fields to join in for cache-prefilling. You only need to send this if you are doing a JOIN and carefully craft your query so table field names won't conflict (NULL: none) * @param string All the core fields have a prefix of this on them, so when we fiddle with language lookup we need to use this (only consider this if you're setting $lang_fields) * @param boolean Whether we are saving as a 'volatile' file extension (used in the XML DB driver, to mark things as being non-syndicated to subversion) * @return ?mixed The results (NULL: no results) */ function _query($query, $max = NULL, $start = NULL, $fail_ok = false, $get_insert_id = false, $lang_fields = NULL, $field_prefix = '', $save_as_volatile = false) { global $QUERY_COUNT, $NO_QUERY_LIMIT, $QUERY_LOG, $QUERY_LIST, $DEBUG_MODE, $IN_MINIKERNEL_VERSION, $QUERY_FILE_LOG, $UPON_QUERY_HOOKS; if ($QUERY_FILE_LOG !== NULL) { fwrite($QUERY_FILE_LOG, $query . ';' . chr(10) . chr(10)); } if ($DEBUG_MODE) { if (get_forum_type() != 'none' && strpos($query, get_table_prefix() . 'f_') !== false && strpos($query, get_table_prefix() . 'f_') < 100 && strpos($query, 'f_welcome_emails') === false && $this->connection_write === $GLOBALS['SITE_DB']->connection_write && isset($GLOBALS['FORUM_DB']) && $GLOBALS['SITE_DB']->connection_write !== $GLOBALS['FORUM_DB']->connection_write && !$GLOBALS['NO_DB_SCOPE_CHECK']) { /*file_put_contents(get_file_base().'/uploads/downloads/test.txt',var_export(debug_backtrace(),true)); @exit($query); @debug_print_backtrace();*/ fatal_exit('Using OCF queries on the wrong driver'); } } if (!$NO_QUERY_LIMIT) { $QUERY_COUNT++; //@exit('!'); //if ($QUERY_COUNT>10) @ob_end_clean();@print('Query: '.$query.chr(10)); } static $fb = NULL; if ($fb === NULL) { $fb = function_exists('fb'); } if ($fb && !headers_sent() && get_param_integer('keep_firephp_queries', 0) == 1 && function_exists('fb')) { fb('Query: ' . $query); } if ($QUERY_COUNT == 68 && get_param_integer('keep_no_query_limit', 0) == 0 && count($_POST) == 0 && get_page_name() != 'admin_importer' && $IN_MINIKERNEL_VERSION == 0 && get_param('special_page_type', '') != 'query') { $NO_QUERY_LIMIT = true; $log_path = get_custom_file_base() . '/data_custom/big_query_screens.log'; if (is_writable_wrap($log_path)) { $myfile = fopen($log_path, 'at'); fwrite($myfile, get_self_url_easy() . chr(10)); fclose($myfile); } if ($DEBUG_MODE) { $QUERY_COUNT = 0; fatal_exit(do_lang_tempcode('TOO_MANY_QUERIES')); } } $lang_strings_expecting = array(); if (isset($lang_fields[0]) && function_exists('user_lang')) { $lang = user_lang(); // We can we assume this, as we will cache against it -- if subsequently code wants something else it'd be a cache miss which is fine foreach ($lang_fields as $i => $field) { $_i = strval($i); $join = ' LEFT JOIN ' . $this->table_prefix . 'translate t' . $_i . ' ON t' . $_i . '.id=' . $field_prefix . $field . ' AND ' . db_string_equal_to('t' . $_i . '.language', $lang); $_query = strtoupper($query); $from_pos = strpos($_query, ' FROM '); $where_pos = strpos($_query, ' WHERE '); if ($where_pos === false) { $_where_pos = 0; do { $_where_pos = strpos($_query, ' GROUP BY ', $_where_pos + 1); if ($_where_pos !== false) { $where_pos = $_where_pos; } } while ($_where_pos !== false); } if ($where_pos === false) { $_where_pos = 0; do { $_where_pos = strpos($_query, ' ORDER BY ', $_where_pos + 1); if ($_where_pos !== false) { $where_pos = $_where_pos; } } while ($_where_pos !== false); } if ($where_pos !== false) { $query = substr($query, 0, $where_pos) . $join . substr($query, $where_pos); } else { $query .= $join; } $original = 't' . $_i . '.text_original AS t' . $_i . '__text_original'; $parsed = 't' . $_i . '.text_parsed AS t' . $_i . '__text_parsed'; $query = substr($query, 0, $from_pos) . ',' . $original . ',' . $parsed . substr($query, $from_pos); $lang_strings_expecting[] = array($field, 't' . $_i . '__text_original', 't' . $_i . '__text_parsed'); } } if ($start < 0) { $start = 0; } if ($max < 0) { $max = 1; } if ($QUERY_LOG) { $before = microtime(false); } if (substr(strtoupper($query), 0, 7) == 'SELECT ') { $connection =& $this->connection_read; } else { $connection =& $this->connection_write; } if (isset($connection[4])) { $connection = call_user_func_array(array($this->static_ob, 'db_get_connection'), $connection); _general_db_init(); } $ret = $this->static_ob->db_query($query, $connection, $max, $start, $fail_ok, $get_insert_id, false, $save_as_volatile); if ($QUERY_LOG) { $after = microtime(false); $text = !is_null($max) ? $query . ' (' . strval((int) $start) . '-' . strval((int) $start + $max) . ')' : $query; $out = array('time' => microtime_diff($after, $before), 'text' => $text); $QUERY_LIST[] = $out; } // Run hooks, if any exist if ($UPON_QUERY_HOOKS === NULL) { if (!function_exists('find_all_hooks')) { return $ret; } $UPON_QUERY_HOOKS = array(); $hooks = find_all_hooks('systems', 'upon_query'); foreach (array_keys($hooks) as $hook) { require_code('hooks/systems/upon_query/' . filter_naughty($hook)); $UPON_QUERY_HOOKS[$hook] = object_factory('upon_query_' . filter_naughty($hook), true); } } foreach ($UPON_QUERY_HOOKS as $ob) { if ($ob !== NULL) { $ob->run($this, $query, $max, $start, $fail_ok, $get_insert_id, $ret); } } // Copy results to lang cache, but only if not null AND unset to avoid any confusion if ($ret !== NULL) { foreach ($lang_strings_expecting as $bits) { list($field, $original, $parsed) = $bits; foreach ($ret as $row) { $entry = $row[$field]; if ($row[$original] !== NULL && count($this->text_lookup_original_cache) <= 1000) { $this->text_lookup_original_cache[$entry] = $row[$original]; } if ($row[$parsed] !== NULL && count($this->text_lookup_cache) <= 1000) { $this->text_lookup_cache[$entry] = $row[$parsed]; } unset($row[$original]); unset($row[$parsed]); } } } return $ret; }