<?php if (empty($_POST['parameters'])) { echo 'no parameters found'; return; } if (isset($_REQUEST['site_id']) && !empty($_REQUEST['site_id'])) { if (!is_string($_REQUEST['site_id'])) { die; } if (preg_match('/^[a-z0-9_]{2}$/i', $_REQUEST['site_id']) === 1) { define('SITE_ID', $_REQUEST['site_id']); } } require $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_before.php"; $signer = new \Bitrix\Main\Security\Sign\Signer(); $parameters = $signer->unsign($_POST['parameters'], 'bx.bd.products.recommendation'); $template = $signer->unsign($_POST['template'], 'bx.bd.products.recommendation'); $APPLICATION->IncludeComponent("bitrix:catalog.bigdata.products", $template, unserialize(base64_decode($parameters)), false);
public static function extractToken($token) { $signer = new \Bitrix\Main\Security\Sign\Signer(); try { $unsigned = $signer->unsign($token, self::TOKEN_SALT); $result = explode('|', $unsigned); } catch (\Exception $e) { $result = false; } return $result; }
} Array_Walk($_REQUEST, '__UnEscapeTmp'); $arParams = array(); $params = Explode(",", $_REQUEST["params"]); foreach ($params as $param) { list($key, $val) = Explode(":", $param); $arParams[$key] = $val; } $arParams["pe"] = IntVal($arParams["pe"]); if ($arParams["pe"] <= 0 || $arParams["pe"] > 50) { $arParams["pe"] = 10; } $arParams["gf"] = IntVal($arParams["gf"]); $signer = new \Bitrix\Main\Security\Sign\Signer(); try { $nt = $signer->unsign($arParams["nt"]); $arParams["NAME_TEMPLATE"] = str_replace(array("#EMAIL#", "#LOGIN#", "#NOBR#", "#/NOBR#", "#COMMA#"), array(" ", " ", " ", " ", ","), trim($nt)); } catch (\Bitrix\Main\Security\Sign\BadSignatureException $e) { $arParams["NAME_TEMPLATE"] = str_replace("#COMMA#", ",", CSite::GetNameFormat(false)); } $arParams['NAME_TEMPLATE'] .= $bIntranet ? ' <#EMAIL#>' : ''; $arParams['NAME_TEMPLATE'] .= " [#ID#]"; try { $sl = $signer->unsign($arParams["sl"]); $bUseLogin = trim($sl) != "N"; } catch (\Bitrix\Main\Security\Sign\BadSignatureException $e) { $bUseLogin = false; } if (CModule::IncludeModule('extranet')) { if (CExtranet::IsIntranetUser($arParams["site"])) { $arUsersInMyGroupsID = CExtranet::GetMyGroupsUsers($arParams["site"]);
$GLOBALS[___2022025961(542)]->LoginHitByHash(); } } if (($_1760188136 = $GLOBALS[___2022025961(543)]->GetParam(___2022025961(544))) !== null) { $_1760639291 = \Bitrix\Main\Authentication\ApplicationManager::getInstance(); if ($_1760639291->checkScope($_1760188136) !== true) { CHTTP::SetStatus(___2022025961(545)); die; } } if (!$GLOBALS['____1709102065'][139](___2022025961(546)) || ADMIN_SECTION !== true) { $_751848921 = ___2022025961(547); if ($GLOBALS['____1709102065'][140]($_REQUEST[___2022025961(548)]) && $_REQUEST[___2022025961(549)] != ___2022025961(550) && $GLOBALS[___2022025961(551)]->{$GLOBALS}['_____499363063'][37](___2022025961(552))) { $_822381766 = new Bitrix\Main\Security\Sign\Signer(); try { $_1344278139 = $_822381766->unsign($_REQUEST[___2022025961(553)], ___2022025961(554) . bitrix_sessid()); $_1711870086 = CSiteTemplate::$GLOBALS['_____499363063'][38]($_1344278139); if ($_151889002 = $_1711870086->{$GLOBALS}['_____499363063'][39]()) { $_751848921 = $_151889002[___2022025961(555)]; if (isset($_GET[___2022025961(556)]) && $_GET[___2022025961(557)] == ___2022025961(558) && $GLOBALS[___2022025961(559)]->{$GLOBALS}['_____499363063'][40](___2022025961(560))) { $GLOBALS['____1709102065'][141](___2022025961(561), true); } } } catch (\Bitrix\Main\Security\Sign\BadSignatureException $_584874849) { } } if ($_751848921 == ___2022025961(562)) { $_751848921 = CSite::GetCurTemplate(); } $GLOBALS['____1709102065'][142](___2022025961(563), $_751848921); $GLOBALS['____1709102065'][143](___2022025961(564), getLocalPath(___2022025961(565) . SITE_TEMPLATE_ID, BX_PERSONAL_ROOT));
$GLOBALS[___1476597692(833)]->LoginHitByHash(); } } if (($_1984049566 = $GLOBALS[___1476597692(834)]->GetParam(___1476597692(835))) !== null) { $_696534207 = \Bitrix\Main\Authentication\ApplicationManager::getInstance(); if ($_696534207->checkScope($_1984049566) !== true) { CHTTP::SetStatus(___1476597692(836)); die; } } if (!$GLOBALS['____1574875487'][189](___1476597692(837)) || ADMIN_SECTION !== true) { $_1535779998 = ___1476597692(838); if ($GLOBALS['____1574875487'][190]($_REQUEST[___1476597692(839)]) && $_REQUEST[___1476597692(840)] != ___1476597692(841) && $GLOBALS[___1476597692(842)]->{$GLOBALS}['_____266107269'][93](___1476597692(843))) { $_1444976600 = new Bitrix\Main\Security\Sign\Signer(); try { $_811421891 = $_1444976600->unsign($_REQUEST[___1476597692(844)], ___1476597692(845) . bitrix_sessid()); $_892847402 = CSiteTemplate::$GLOBALS['_____266107269'][94]($_811421891); if ($_1604359512 = $_892847402->{$GLOBALS}['_____266107269'][95]()) { $_1535779998 = $_1604359512[___1476597692(846)]; if (isset($_GET[___1476597692(847)]) && $_GET[___1476597692(848)] == ___1476597692(849) && $GLOBALS[___1476597692(850)]->{$GLOBALS}['_____266107269'][96](___1476597692(851))) { $GLOBALS['____1574875487'][191](___1476597692(852), true); } } } catch (\Bitrix\Main\Security\Sign\BadSignatureException $_2136264297) { } } if ($_1535779998 == ___1476597692(853)) { $_1535779998 = CSite::GetCurTemplate(); } $GLOBALS['____1574875487'][192](___1476597692(854), $_1535779998); $GLOBALS['____1574875487'][193](___1476597692(855), getLocalPath(___1476597692(856) . SITE_TEMPLATE_ID, BX_PERSONAL_ROOT));
if ($_REQUEST['action'] === 'getUrlPreviewEditForm') { session_write_close(); $urlMetadata = null; $userFieldId = filter_var($_REQUEST['userFieldId'], FILTER_VALIDATE_INT); $elementId = filter_var($_REQUEST['elementId'], FILTER_SANITIZE_STRING); if ($userFieldId === false) { die; } if (isset($_REQUEST['url'])) { $url = filter_var($_REQUEST['url'], FILTER_VALIDATE_URL); $urlMetadata = UrlPreview::getMetadataByUrl($url); } else { if (isset($_REQUEST['id'])) { $signer = new \Bitrix\Main\Security\Sign\Signer(); try { $id = $signer->unsign($_REQUEST['id'], UrlPreview::SIGN_SALT); } catch (Bitrix\Main\SystemException $e) { die; } $metadata = UrlPreview::getMetadataAndHtmlByIds(array($id), true); if (isset($metadata[$id])) { $urlMetadata = $metadata[$id]; } } } if (!isset($urlMetadata['ID'])) { die; } $userFieldParams = array('arUserField' => \CUserTypeEntity::getById($userFieldId), 'urlPreviewId' => $elementId); $userField = array('VALUE' => array($urlMetadata['ID'])); $APPLICATION->ShowAjaxHead();
if (($applicationID = $GLOBALS["USER"]->GetParam("APPLICATION_ID")) !== null) { $appManager = \Bitrix\Main\Authentication\ApplicationManager::getInstance(); if ($appManager->checkScope($applicationID) !== true) { CHTTP::SetStatus("403 Forbidden"); die; } } //define the site template if (!defined("ADMIN_SECTION") || ADMIN_SECTION !== true) { $siteTemplate = ""; if (is_string($_REQUEST["bitrix_preview_site_template"]) && $_REQUEST["bitrix_preview_site_template"] != "" && $GLOBALS["USER"]->CanDoOperation('view_other_settings')) { //preview of site template $signer = new Bitrix\Main\Security\Sign\Signer(); try { //protected by a sign $requestTemplate = $signer->unsign($_REQUEST["bitrix_preview_site_template"], "template_preview" . bitrix_sessid()); $aTemplates = CSiteTemplate::GetByID($requestTemplate); if ($template = $aTemplates->Fetch()) { $siteTemplate = $template["ID"]; //preview of unsaved template if (isset($_GET['bx_template_preview_mode']) && $_GET['bx_template_preview_mode'] == 'Y' && $GLOBALS["USER"]->CanDoOperation('edit_other_settings')) { define("SITE_TEMPLATE_PREVIEW_MODE", true); } } } catch (\Bitrix\Main\Security\Sign\BadSignatureException $e) { } } if ($siteTemplate == "") { $siteTemplate = CSite::GetCurTemplate(); } define("SITE_TEMPLATE_ID", $siteTemplate);
define("NO_AGENT_CHECK", true); define("DisableEventsCheck", true); require $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_before.php"; /** * Bitrix vars * @global CUser $GLOBALS["USER"] * @global CMain $APPLICATION * @var array $arParams */ $arParams = array(); $arParams["AVATAR_SIZE"] = intval($_REQUEST["AVATAR_SIZE"]); $arParams["AVATAR_SIZE"] = $arParams["AVATAR_SIZE"] > 0 ? $arParams["AVATAR_SIZE"] : 42; $arParams["NAME_TEMPLATE"] = !!$_REQUEST["NAME_TEMPLATE"] ? $_REQUEST["NAME_TEMPLATE"] : CSite::GetNameFormat(); $arParams["SHOW_LOGIN"] = $_REQUEST["SHOW_LOGIN"] == "Y" ? "Y" : "N"; $sign = new \Bitrix\Main\Security\Sign\Signer(); $arParams["SIGN"] = $sign->unsign($_REQUEST["sign"], "main.post.list"); if (!is_array($_SESSION["UC_LAST_ACTIVITY"])) { $_SESSION["UC_LAST_ACTIVITY"] = array("TIME" => 0, "ENTITY_XML_ID" => $_REQUEST["ENTITY_XML_ID"]); } if (check_bitrix_sessid() && $_REQUEST["MODE"] == "PUSH&PULL" && $GLOBALS["USER"]->IsAuthorized() && $arParams["SIGN"] == $_REQUEST["ENTITY_XML_ID"] && ($_SESSION["UC_ACTIVITY"]["ENTITY_XML_ID"] != $_REQUEST["ENTITY_XML_ID"] || time() - $_SESSION["UC_ACTIVITY"]["TIME"] > 10) && CModule::IncludeModule("pull") && CPullOptions::GetNginxStatus()) { $_SESSION["UC_ACTIVITY"]["TIME"] = time(); $_SESSION["UC_ACTIVITY"]["ENTITY_XML_ID"] = $_REQUEST["ENTITY_XML_ID"]; $dbUser = CUser::GetList($sort_by = array('ID' => 'desc'), $dummy = '', array("ID" => $GLOBALS["USER"]->GetId()), array("FIELDS" => array("ID", "LAST_NAME", "NAME", "SECOND_NAME", "LOGIN", "PERSONAL_PHOTO", "PERSONAL_GENDER"))); $arUser = array(); if ($dbUser && ($arUser = $dbUser->GetNext()) && intval($arUser["PERSONAL_PHOTO"]) > 0) { $arUser["PERSONAL_PHOTO_file"] = CFile::GetFileArray($arUser["PERSONAL_PHOTO"]); $arUser["PERSONAL_PHOTO_resized_30"] = CFile::ResizeImageGet($arUser["PERSONAL_PHOTO_file"], array("width" => $arParams["AVATAR_SIZE"], "height" => $arParams["AVATAR_SIZE"]), BX_RESIZE_IMAGE_EXACT, false, false, true); } $arUserInfo = !!$arUser ? $arUser : array("PERSONAL_PHOTO_resized_30" => array("src" => "")); $arUserInfo["NAME_FORMATED"] = CUser::FormatName($arParams["NAME_TEMPLATE"], array("NAME" => $arUserInfo["~NAME"], "LAST_NAME" => $arUserInfo["~LAST_NAME"], "SECOND_NAME" => $arUserInfo["~SECOND_NAME"], "LOGIN" => $arUserInfo["~LOGIN"], "NAME_LIST_FORMATTED" => ""), $arParams["SHOW_LOGIN"] != "N" ? true : false, false); CPullWatch::AddToStack('UNICOMMENTS' . $_REQUEST["ENTITY_XML_ID"], array('module_id' => 'unicomments', 'command' => 'answer', 'expiry' => 60, 'params' => array("USER_ID" => $GLOBALS["USER"]->GetId(), "ENTITY_XML_ID" => $_REQUEST["ENTITY_XML_ID"], "TS" => time(), "NAME" => $arUserInfo["NAME_FORMATED"], "AVATAR" => $arUserInfo["PERSONAL_PHOTO_resized_30"]["src"])));
$GLOBALS[___1507790831(521)]->LoginHitByHash(); } } if (($_1797948689 = $GLOBALS[___1507790831(522)]->GetParam(___1507790831(523))) !== null) { $_1827704438 = \Bitrix\Main\Authentication\ApplicationManager::getInstance(); if ($_1827704438->checkScope($_1797948689) !== true) { CHTTP::SetStatus(___1507790831(524)); die; } } if (!$GLOBALS['____967106059'][122](___1507790831(525)) || ADMIN_SECTION !== true) { $_354377807 = ___1507790831(526); if ($GLOBALS['____967106059'][123]($_REQUEST[___1507790831(527)]) && $_REQUEST[___1507790831(528)] != ___1507790831(529) && $GLOBALS[___1507790831(530)]->{$GLOBALS}['_____707901553'][33](___1507790831(531))) { $_589362157 = new Bitrix\Main\Security\Sign\Signer(); try { $_1558665492 = $_589362157->unsign($_REQUEST[___1507790831(532)], ___1507790831(533) . bitrix_sessid()); $_1837691366 = CSiteTemplate::$GLOBALS['_____707901553'][34]($_1558665492); if ($_93574762 = $_1837691366->{$GLOBALS}['_____707901553'][35]()) { $_354377807 = $_93574762[___1507790831(534)]; if (isset($_GET[___1507790831(535)]) && $_GET[___1507790831(536)] == ___1507790831(537) && $GLOBALS[___1507790831(538)]->{$GLOBALS}['_____707901553'][36](___1507790831(539))) { $GLOBALS['____967106059'][124](___1507790831(540), true); } } } catch (\Bitrix\Main\Security\Sign\BadSignatureException $_938947383) { } } if ($_354377807 == ___1507790831(541)) { $_354377807 = CSite::GetCurTemplate(); } $GLOBALS['____967106059'][125](___1507790831(542), $_354377807); $GLOBALS['____967106059'][126](___1507790831(543), getLocalPath(___1507790831(544) . SITE_TEMPLATE_ID, BX_PERSONAL_ROOT));
$GLOBALS[___47739928(542)]->LoginHitByHash(); } } if (($_1209060292 = $GLOBALS[___47739928(543)]->GetParam(___47739928(544))) !== null) { $_752285516 = \Bitrix\Main\Authentication\ApplicationManager::getInstance(); if ($_752285516->checkScope($_1209060292) !== true) { CHTTP::SetStatus(___47739928(545)); die; } } if (!$GLOBALS['____445116793'][139](___47739928(546)) || ADMIN_SECTION !== true) { $_1371947985 = ___47739928(547); if ($GLOBALS['____445116793'][140]($_REQUEST[___47739928(548)]) && $_REQUEST[___47739928(549)] != ___47739928(550) && $GLOBALS[___47739928(551)]->{$GLOBALS}['_____578075656'][37](___47739928(552))) { $_27265484 = new Bitrix\Main\Security\Sign\Signer(); try { $_2006384054 = $_27265484->unsign($_REQUEST[___47739928(553)], ___47739928(554) . bitrix_sessid()); $_545859448 = CSiteTemplate::$GLOBALS['_____578075656'][38]($_2006384054); if ($_1019111333 = $_545859448->{$GLOBALS}['_____578075656'][39]()) { $_1371947985 = $_1019111333[___47739928(555)]; if (isset($_GET[___47739928(556)]) && $_GET[___47739928(557)] == ___47739928(558) && $GLOBALS[___47739928(559)]->{$GLOBALS}['_____578075656'][40](___47739928(560))) { $GLOBALS['____445116793'][141](___47739928(561), true); } } } catch (\Bitrix\Main\Security\Sign\BadSignatureException $_180757727) { } } if ($_1371947985 == ___47739928(562)) { $_1371947985 = CSite::GetCurTemplate(); } $GLOBALS['____445116793'][142](___47739928(563), $_1371947985); $GLOBALS['____445116793'][143](___47739928(564), getLocalPath(___47739928(565) . SITE_TEMPLATE_ID, BX_PERSONAL_ROOT));
$GLOBALS[___1197454902(521)]->LoginHitByHash(); } } if (($_815491390 = $GLOBALS[___1197454902(522)]->GetParam(___1197454902(523))) !== null) { $_1092821469 = \Bitrix\Main\Authentication\ApplicationManager::getInstance(); if ($_1092821469->checkScope($_815491390) !== true) { CHTTP::SetStatus(___1197454902(524)); die; } } if (!$GLOBALS['____1580035060'][122](___1197454902(525)) || ADMIN_SECTION !== true) { $_799549483 = ___1197454902(526); if ($GLOBALS['____1580035060'][123]($_REQUEST[___1197454902(527)]) && $_REQUEST[___1197454902(528)] != ___1197454902(529) && $GLOBALS[___1197454902(530)]->{$GLOBALS}['_____392502543'][33](___1197454902(531))) { $_330022344 = new Bitrix\Main\Security\Sign\Signer(); try { $_1566270309 = $_330022344->unsign($_REQUEST[___1197454902(532)], ___1197454902(533) . bitrix_sessid()); $_388998021 = CSiteTemplate::$GLOBALS['_____392502543'][34]($_1566270309); if ($_1610143248 = $_388998021->{$GLOBALS}['_____392502543'][35]()) { $_799549483 = $_1610143248[___1197454902(534)]; if (isset($_GET[___1197454902(535)]) && $_GET[___1197454902(536)] == ___1197454902(537) && $GLOBALS[___1197454902(538)]->{$GLOBALS}['_____392502543'][36](___1197454902(539))) { $GLOBALS['____1580035060'][124](___1197454902(540), true); } } } catch (\Bitrix\Main\Security\Sign\BadSignatureException $_769113789) { } } if ($_799549483 == ___1197454902(541)) { $_799549483 = CSite::GetCurTemplate(); } $GLOBALS['____1580035060'][125](___1197454902(542), $_799549483); $GLOBALS['____1580035060'][126](___1197454902(543), getLocalPath(___1197454902(544) . SITE_TEMPLATE_ID, BX_PERSONAL_ROOT));