if (!isset($_GET['step']) || isset($_GET['step']) && !is_numeric($_GET['step']) || isset($_GET['step']) && is_numeric($_GET['step']) && $_GET['step'] < 5) { if (!file_exists(ABSPATH . 'index.htm') && !file_exists(ABSPATH . 'index.php')) { @file_put_contents(ABSPATH . 'index.htm', '<html></html>'); } } // Unpack importbuddy files into importbuddy directory. if (!file_exists(ABSPATH . 'importbuddy') || count($_GET) == 0 && count($_POST) == 0) { $unpack_importbuddy = true; if (file_exists(ABSPATH . 'importbuddy')) { // ImportBuddy directory already exists. We may need to re-unpack it if this file has been updated since. $signature = @file_get_contents(ABSPATH . 'importbuddy/_signature.php'); $signature = trim(str_replace('<?php die(); ?>', '', $signature)); if (md5(PB_BB_VERSION . PB_PASSWORD) != $signature) { // Signature mismatch. We will need to delete and unpack again to update. //echo '<!-- unlinking existing importbuddy directory. -->'; 5.1.0.10: Broke causing headers already sent error due to auth. recursive_unlink(ABSPATH . 'importbuddy'); } else { $unpack_importbuddy = false; } } if (true === $unpack_importbuddy) { unpack_importbuddy(); @file_put_contents(ABSPATH . 'importbuddy/_signature.php', '<?php die(); ?>' . md5(PB_BB_VERSION . PB_PASSWORD)); // Create a hash of this ImportBuddy version & password. On accessing importbuddy.php's authentication page all importbuddy files will be freshly unpacked if the importbuddy.php version and/or password mismatches to allow users to just replace importbuddy.php to upgrade ImportBuddy or password. } } // Database wrapper. require_once ABSPATH . 'importbuddy/classes/wp-db.php'; global $wpdb; //$wpdb = new wpdb(); if (isset($_GET['api']) && $_GET['api'] != '') {
/** * Recursively delete a directory * * @param string $file File name * @author A_Jelly_Doughnut */ function recursive_unlink($file) { if (!($dh = opendir($file))) { return false; } while (($subfile = readdir($dh)) !== false) { if ($subfile[0] == '.') { continue; } if (!unlink($file . '/' . $subfile)) { recursive_unlink($file . '/' . $subfile); } } closedir($dh); rmdir($file); return true; }
/** * Removes a file or a directory (optionally recursively) * * @param $path string (required) - Filename/Directory path to remove * @param $recursive bool (optional) - Recursively delete directories * @author jasmineaura */ function remove($path, $recursive = false) { global $phpbb_root_path, $user; if (strpos($path, $phpbb_root_path) !== 0) { $path = $phpbb_root_path . $path; } if (is_dir($path)) { if ($recursive) { // recursively delete (in functions_mod.php) return recursive_unlink($path); } else { if (check_empty_dir($path)) { // No error message. // If the directory is not empty it is probably not an error. if (!rmdir($path)) { return sprintf($user->lang['MODS_RMDIR_FAILURE'], $path); } } } } else { if (!unlink($path)) { return sprintf($user->lang['MODS_RMFILE_FAILURE'], $path); } } return true; }
function process_edits($editor, $actions, $details, $change = false, $display = true, $reverse = false) { global $template, $user, $db, $phpbb_root_path, $force_install, $mod_installed; global $dest_inherits, $dest_template, $children; $mod_installed = true; if ($reverse) { global $rev_actions; if (empty($rev_actions)) { // maybe should allow for potential extensions here $actions = parser::reverse_edits($actions); } else { $actions = $rev_actions; unset($rev_actions); } } $template->assign_vars(array('S_DISPLAY_DETAILS' => (bool) $display, 'S_CHANGE_FILES' => (bool) $change)); if (!empty($details['AUTHOR_NOTES']) && $details['AUTHOR_NOTES'] != $user->lang['UNKNOWN_MOD_AUTHOR-NOTES']) { $template->assign_vars(array('S_AUTHOR_NOTES' => true, 'AUTHOR_NOTES' => nl2br($details['AUTHOR_NOTES']))); } // not all MODs will have edits (!) if (isset($actions['EDITS'])) { $template->assign_var('S_EDITS', true); foreach ($actions['EDITS'] as $filename => $edits) { // see if the file to be opened actually exists if (!file_exists("{$phpbb_root_path}{$filename}")) { $is_inherit = strpos($filename, 'styles/') !== false && !empty($dest_inherits) ? true : false; $template->assign_block_vars('edit_files', array('S_MISSING_FILE' => $is_inherit ? false : true, 'INHERIT_MSG' => $is_inherit ? sprintf($user->lang['INHERIT_NO_CHANGE'], $dest_template, $dest_inherits) : '', 'FILENAME' => $filename)); $mod_installed = $is_inherit ? $mod_installed : false; continue; } else { $template->assign_block_vars('edit_files', array('FILENAME' => $filename, 'S_SUCCESS' => false)); $status = $editor->open_file($filename, $this->backup_root); if (is_string($status)) { $template->assign_block_vars('error', array('ERROR' => $status)); $mod_installed = false; continue; } $edit_success = true; foreach ($edits as $finds) { $comment = ''; foreach ($finds as $find => $commands) { if (isset($finds['comment']) && !$comment && $finds['comment'] != $user->lang['UNKNOWN_MOD_COMMENT']) { $comment = $finds['comment']; unset($finds['comment']); } if ($find == 'comment') { continue; } $find_tpl = array('FIND_STRING' => htmlspecialchars($find), 'COMMENT' => htmlspecialchars($comment)); $offset_ary = $editor->find($find); // special case for FINDs with no action associated if (is_null($commands)) { continue; } foreach ($commands as $type => $contents) { if (!$offset_ary) { $offset_ary['start'] = $offset_ary['end'] = false; } $status = false; $inline_template_ary = array(); $contents_orig = $contents; switch (strtoupper($type)) { case 'AFTER ADD': $status = $editor->add_string($find, $contents, 'AFTER', $offset_ary['start'], $offset_ary['end']); break; case 'BEFORE ADD': $status = $editor->add_string($find, $contents, 'BEFORE', $offset_ary['start'], $offset_ary['end']); break; case 'INCREMENT': case 'OPERATION': //$contents = ""; $status = $editor->inc_string($find, '', $contents); break; case 'REPLACE WITH': $status = $editor->replace_string($find, $contents, $offset_ary['start'], $offset_ary['end']); break; case 'IN-LINE-EDIT': // these aren't quite as straight forward. Still have multi-level arrays to sort through $inline_comment = ''; foreach ($contents as $inline_edit_id => $inline_edit) { if ($inline_edit_id === 'inline-comment') { // This is a special case for tucking comments in the array if ($inline_edit != $user->lang['UNKNOWN_MOD_INLINE-COMMENT']) { $inline_comment = $inline_edit; } continue; } foreach ($inline_edit as $inline_find => $inline_commands) { foreach ($inline_commands as $inline_action => $inline_contents) { // inline finds are pretty contankerous, so so them in the loop $line = $editor->inline_find($find, $inline_find, $offset_ary['start'], $offset_ary['end']); if (!$line) { // find failed $status = $mod_installed = false; $inline_template_ary[] = array('FIND' => array('S_SUCCESS' => $status, 'NAME' => $user->lang[$type], 'COMMAND' => htmlspecialchars($inline_find)), 'ACTION' => array()); continue 2; } $inline_contents = $inline_contents[0]; $contents_orig = $inline_find; switch (strtoupper($inline_action)) { case 'IN-LINE-': $editor->last_string_offset = $line['string_offset'] + $line['find_length'] - 1; $status = true; continue 2; break; case 'IN-LINE-BEFORE-ADD': $status = $editor->inline_add($find, $inline_find, $inline_contents, 'BEFORE', $line['array_offset'], $line['string_offset'], $line['find_length']); break; case 'IN-LINE-AFTER-ADD': $status = $editor->inline_add($find, $inline_find, $inline_contents, 'AFTER', $line['array_offset'], $line['string_offset'], $line['find_length']); break; case 'IN-LINE-REPLACE': case 'IN-LINE-REPLACE-WITH': $status = $editor->inline_replace($find, $inline_find, $inline_contents, $line['array_offset'], $line['string_offset'], $line['find_length']); break; case 'IN-LINE-OPERATION': $status = $editor->inc_string($find, $inline_find, $inline_contents); break; default: $message = sprintf($user->lang['UNRECOGNISED_COMMAND'], $inline_action); trigger_error($message, E_USER_WARNING); // ERROR! break; } $inline_template_ary[] = array('FIND' => array('S_SUCCESS' => $status, 'NAME' => $user->lang[$type], 'COMMAND' => is_array($contents_orig) ? $user->lang['INVALID_MOD_INSTRUCTION'] : htmlspecialchars($contents_orig)), 'ACTION' => array('S_SUCCESS' => $status, 'NAME' => $user->lang[$inline_action], 'COMMAND' => is_array($inline_contents) ? $user->lang['INVALID_MOD_INSTRUCTION'] : htmlspecialchars($inline_contents))); } if (!$status) { $mod_installed = false; } $editor->close_inline_edit(); } } break; default: $message = sprintf($user->lang['UNRECOGNISED_COMMAND'], $action); trigger_error($message, E_USER_WARNING); // ERROR! break; } $template->assign_block_vars('edit_files.finds', array_merge($find_tpl, array('S_SUCCESS' => $status))); if (!$status) { $edit_success = false; $mod_installed = false; } if (sizeof($inline_template_ary)) { foreach ($inline_template_ary as $inline_template) { // We must assign the vars for the FIND first $template->assign_block_vars('edit_files.finds.actions', $inline_template['FIND']); // And now the vars for the ACTION $template->assign_block_vars('edit_files.finds.actions.inline', $inline_template['ACTION']); } $inline_template_ary = array(); } else { if (!is_array($contents_orig)) { $template->assign_block_vars('edit_files.finds.actions', array('S_SUCCESS' => $status, 'NAME' => $user->lang[$type], 'COMMAND' => htmlspecialchars($contents_orig))); } } } } $editor->close_edit(); } $template->alter_block_array('edit_files', array('S_SUCCESS' => $edit_success), true, 'change'); } if ($change) { $status = $editor->close_file("{$this->edited_root}{$filename}"); if (is_string($status)) { $template->assign_block_vars('error', array('ERROR' => $status)); $mod_installed = false; } } } } // end foreach // Move included files if (isset($actions['NEW_FILES']) && !empty($actions['NEW_FILES']) && $change && ($mod_installed || $force_install)) { $template->assign_var('S_NEW_FILES', true); foreach ($actions['NEW_FILES'] as $source => $target) { $status = $editor->copy_content($this->mod_root . str_replace('*.*', '', $source), str_replace('*.*', '', $target)); if ($status !== true && !is_null($status)) { $mod_installed = false; } $template->assign_block_vars('new_files', array('S_SUCCESS' => $status === true ? true : false, 'S_NO_COPY_ATTEMPT' => is_null($status) ? true : false, 'SOURCE' => $source, 'TARGET' => $target)); } } if (!empty($actions['DELETE_FILES']) && $change && ($mod_installed || $force_install)) { foreach ($actions['DELETE_FILES'] as $file) { // purposely do not use !== false here, because we don't expect wildcards in position 0 if (strpos($file, '*.*')) { $file = str_replace('*.*', '', $file); if (is_dir($phpbb_root_path . $file)) { // recursively delete recursive_unlink($phpbb_root_path . $file); } else { unlink($phpbb_root_path . $file); } } else { // if there's no wildcard, we assume it is a single file unlink($phpbb_root_path . $file); } } } // Perform SQL queries last -- Queries usually cannot be done a second // time, so do them only if the edits were successful. Still complies // with the MODX spec in this location if (!empty($actions['SQL']) && ($mod_installed || $force_install || $display && !$change)) { $template->assign_var('S_SQL', true); parser::parse_sql($actions['SQL']); $db->sql_return_on_error(true); foreach ($actions['SQL'] as $query) { if ($change) { $query_success = $db->sql_query($query); if ($query_success) { $template->assign_block_vars('sql_queries', array('S_SUCCESS' => true, 'QUERY' => $query)); } else { $error = $db->sql_error(); $template->assign_block_vars('sql_queries', array('S_SUCCESS' => false, 'QUERY' => $query, 'ERROR_MSG' => $error['message'], 'ERROR_CODE' => $error['code'])); $mod_installed = false; } } else { if ($display) { $template->assign_block_vars('sql_queries', array('QUERY' => $query)); } } } $db->sql_return_on_error(false); } else { $template->assign_var('S_SQL', false); } return $mod_installed; }
/** * Remove a directory recursively. * * From http://php.net/rmdir#110489 * * @param $dir the directory to remove */ function recursive_unlink($dir) { if (!is_dir($dir)) { return true; } $files = array_diff(scandir($dir), array('.', '..')); foreach ($files as $filename) { $filename = $dir . '/' . $filename; if (is_dir($filename)) { @chmod($filename, 0777); recursive_unlink($filename); } else { unlink($filename); } } return rmdir($dir); }
/** * This action delete an existing user. * * Request parameter is: * - username * * @todo clean up this method. Idea: create a User->clean() method. */ public function deleteAction() { $username = Minz_Request::param('username'); $redirect_url = urldecode(Minz_Request::param('r', false, true)); if (!$redirect_url) { $redirect_url = array('c' => 'user', 'a' => 'manage'); } $self_deletion = Minz_Session::param('currentUser', '_') === $username; if (Minz_Request::isPost() && (FreshRSS_Auth::hasAccess('admin') || $self_deletion)) { $db = FreshRSS_Context::$system_conf->db; require_once APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php'; $ok = ctype_alnum($username); $user_data = join_path(DATA_PATH, 'users', $username); if ($ok) { $default_user = FreshRSS_Context::$system_conf->default_user; $ok &= strcasecmp($username, $default_user) !== 0; //It is forbidden to delete the default user } if ($ok && $self_deletion) { // We check the password if it's a self-destruction $nonce = Minz_Session::param('nonce'); $challenge = Minz_Request::param('challenge', ''); $ok &= FreshRSS_FormAuth::checkCredentials($username, FreshRSS_Context::$user_conf->passwordHash, $nonce, $challenge); } if ($ok) { $ok &= is_dir($user_data); } if ($ok) { $userDAO = new FreshRSS_UserDAO(); $ok &= $userDAO->deleteUser($username); $ok &= recursive_unlink($user_data); //TODO: delete Persona file } if ($ok && $self_deletion) { FreshRSS_Auth::removeAccess(); $redirect_url = array('c' => 'index', 'a' => 'index'); } invalidateHttpCache(); $notif = array('type' => $ok ? 'good' : 'bad', 'content' => _t('feedback.user.deleted' . (!$ok ? '.error' : ''), $username)); Minz_Session::_param('notification', $notif); } Minz_Request::forward($redirect_url, true); }
function saveStep2() { $user_default_config = Minz_Configuration::get('default_user'); if (!empty($_POST)) { $system_default_config = Minz_Configuration::get('default_system'); $_SESSION['title'] = $system_default_config->title; $_SESSION['old_entries'] = param('old_entries', $user_default_config->old_entries); $_SESSION['auth_type'] = param('auth_type', 'form'); $_SESSION['default_user'] = substr(preg_replace('/[^a-zA-Z0-9]/', '', param('default_user', '')), 0, 16); $_SESSION['mail_login'] = filter_var(param('mail_login', ''), FILTER_VALIDATE_EMAIL); $password_plain = param('passwordPlain', false); if ($password_plain !== false) { if (!function_exists('password_hash')) { include_once LIB_PATH . '/password_compat.php'; } $passwordHash = password_hash($password_plain, PASSWORD_BCRYPT, array('cost' => BCRYPT_COST)); $passwordHash = preg_replace('/^\\$2[xy]\\$/', '\\$2a\\$', $passwordHash); //Compatibility with bcrypt.js $_SESSION['passwordHash'] = $passwordHash; } if (empty($_SESSION['old_entries']) || empty($_SESSION['auth_type']) || empty($_SESSION['default_user'])) { return false; } if ($_SESSION['auth_type'] === 'form' && empty($_SESSION['passwordHash']) || $_SESSION['auth_type'] === 'persona' && empty($_SESSION['mail_login'])) { return false; } $_SESSION['salt'] = sha1(uniqid(mt_rand(), true) . implode('', stat(__FILE__))); if (!ctype_digit($_SESSION['old_entries']) || $_SESSION['old_entries'] < 1) { $_SESSION['old_entries'] = $user_default_config->old_entries; } $token = ''; if ($_SESSION['mail_login']) { $token = sha1($_SESSION['salt'] . $_SESSION['mail_login']); } $config_array = array('language' => $_SESSION['language'], 'theme' => $user_default_config->theme, 'old_entries' => $_SESSION['old_entries'], 'mail_login' => $_SESSION['mail_login'], 'passwordHash' => $_SESSION['passwordHash'], 'token' => $token); // Create default user files but first, we delete previous data to // avoid access right problems. $user_dir = join_path(USERS_PATH, $_SESSION['default_user']); $user_config_path = join_path($user_dir, 'config.php'); recursive_unlink($user_dir); mkdir($user_dir); file_put_contents($user_config_path, "<?php\n return " . var_export($config_array, true) . ';'); if ($_SESSION['mail_login'] != '') { $personaFile = join_path(DATA_PATH, 'persona', $_SESSION['mail_login'] . '.txt'); @unlink($personaFile); file_put_contents($personaFile, $_SESSION['default_user']); } header('Location: index.php?step=3'); } }
function upload_mod($action) { global $phpbb_root_path, $phpEx, $template, $user; $can_upload = @ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !@extension_loaded('zlib') ? false : true; // get FTP information if we need it $hidden_ary = get_connection_info(false); if (!isset($_FILES['modupload']) || $action != 'upload_mod') { $template->assign_vars(array('S_FRONTEND' => true, 'S_MOD_UPLOAD' => $can_upload ? true : false, 'U_UPLOAD' => $this->u_action . '&action=upload_mod', 'S_FORM_ENCTYPE' => $can_upload ? ' enctype="multipart/form-data"' : '', 'S_HIDDEN_FIELDS' => build_hidden_fields($hidden_ary))); add_form_key('acp_mods_upload'); return false; } // end pre_upload_mod if (!check_form_key('acp_mods_upload')) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } $user->add_lang('posting'); // For error messages include $phpbb_root_path . 'includes/functions_upload.' . $phpEx; $upload = new fileupload(); $upload->set_allowed_extensions(array('zip')); // Only allow ZIP files $write_method = 'editor_' . determine_write_method(false); // For Direct & Manual write methods, make sure store/mods/ directory is writable if ($write_method == 'editor_direct' || $write_method == 'editor_manual') { if (!is_writable($this->mods_dir)) { trigger_error($user->lang['MODS_NOT_WRITABLE'] . adm_back_link($this->u_action), E_USER_WARNING); } $write_method = 'editor_direct'; // Force Direct method, in the case of manual $upload_dir = $this->mods_dir; } else { if (is_writable($this->store_dir)) { $upload_dir = $this->store_dir; } else { trigger_error($user->lang['STORE_NOT_WRITABLE'] . adm_back_link($this->u_action), E_USER_WARNING); } } $editor = new $write_method(); // Make sure the store/mods/ directory exists and if it doesn't, create it if (!is_dir($this->mods_dir)) { $editor->recursive_mkdir($this->mods_dir); } // Proceed with the upload $file = $upload->form_upload('modupload'); if (empty($file->filename)) { trigger_error($user->lang['NO_UPLOAD_FILE'] . adm_back_link($this->u_action), E_USER_WARNING); } else { if ($file->init_error || sizeof($file->error)) { $file->remove(); trigger_error((sizeof($file->error) ? implode('<br />', $file->error) : $user->lang['MOD_UPLOAD_INIT_FAIL']) . adm_back_link($this->u_action), E_USER_WARNING); } } $file->clean_filename('real'); $file->move_file(str_replace($phpbb_root_path, '', $upload_dir), true, true); if (sizeof($file->error)) { $file->remove(); trigger_error(implode('<br />', $file->error) . adm_back_link($this->u_action), E_USER_WARNING); } include $phpbb_root_path . 'includes/functions_compress.' . $phpEx; $mod_dir = $upload_dir . '/' . str_replace('.zip', '', $file->get('realname')); $compress = new compress_zip('r', $file->destination_file); $compress->extract($mod_dir . '_tmp/'); $compress->close(); $folder_contents = scandir($mod_dir . '_tmp/', 1); // This ensures dir is at index 0 $folder_contents = array_diff($folder_contents, array('.', '..')); // We need to check if there's only one (main) directory inside the temp MOD directory if (sizeof($folder_contents) == 1) { $folder_contents = implode(null, $folder_contents); $from_dir = $mod_dir . '_tmp/' . $folder_contents; $to_dir = $this->mods_dir . '/' . $folder_contents; } else { if (!is_dir($mod_dir)) { $from_dir = $mod_dir . '_tmp/'; $to_dir = $mod_dir . '/'; } else { trigger_error($user->lang['MOD_UPLOAD_UNRECOGNIZED'] . adm_back_link($this->u_action), E_USER_WARNING); } } // Copy that directory to the new path $editor->copy_content($from_dir, $to_dir); // Finally remove the main tmp extraction directory, directly, just like we created it recursive_unlink($mod_dir . '_tmp/'); $template->assign_vars(array('S_MOD_SUCCESSBOX' => true, 'MESSAGE' => $user->lang['MOD_UPLOAD_SUCCESS'], 'U_RETURN' => $this->u_action)); // Remove the uploaded archive file $file->remove(); return true; }
public function deleteAction() { if (Minz_Request::isPost() && FreshRSS_Auth::hasAccess('admin')) { $db = FreshRSS_Context::$system_conf->db; require_once APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php'; $username = Minz_Request::param('username'); $ok = ctype_alnum($username); $user_data = join_path(DATA_PATH, 'users', $username); if ($ok) { $default_user = FreshRSS_Context::$system_conf->default_user; $ok &= strcasecmp($username, $default_user) !== 0; //It is forbidden to delete the default user } if ($ok) { $ok &= is_dir($user_data); } if ($ok) { $userDAO = new FreshRSS_UserDAO(); $ok &= $userDAO->deleteUser($username); $ok &= recursive_unlink($user_data); //TODO: delete Persona file } invalidateHttpCache(); $notif = array('type' => $ok ? 'good' : 'bad', 'content' => _t('feedback.user.deleted' . (!$ok ? '.error' : ''), $username)); Minz_Session::_param('notification', $notif); } Minz_Request::forward(array('c' => 'user', 'a' => 'manage'), true); }
/** * This action handles deletion of an extension. * * Only administrator can remove an extension. * This action must be reached by a POST request. * * Parameter is: * -e: extension name (urlencoded) */ public function removeAction() { if (!FreshRSS_Auth::hasAccess('admin')) { Minz_Error::error(403); } $url_redirect = array('c' => 'extension', 'a' => 'index'); if (Minz_Request::isPost()) { $ext_name = urldecode(Minz_Request::param('e')); $ext = Minz_ExtensionManager::findExtension($ext_name); if (is_null($ext)) { Minz_Request::bad(_t('feedback.extensions.not_found', $ext_name), $url_redirect); } $res = recursive_unlink($ext->getPath()); if ($res) { Minz_Request::good(_t('feedback.extensions.removed', $ext_name), $url_redirect); } else { Minz_Request::bad(_t('feedback.extensions.cannot_delete', $ext_name), $url_redirect); } } Minz_Request::forward($url_redirect, true); }