Пример #1
1
 function CheckRights($method, $strong, &$path)
 {
     $result = true;
     if (!parent::CheckRights($method)) {
         $result = false;
         $GLOBALS["APPLICATION"]->ThrowException(GetMessage('WD_ACCESS_DENIED'), 'ACCESS_DENIED');
     } elseif ($path != '') {
         $io = CBXVirtualIo::GetInstance();
         $path = $io->CombinePath($this->_udecode($path));
         $strFileName = GetFileName($path);
         $extention = "." . strtolower(GetFileExtension($strFileName));
         if (in_array($method, array("COPY", "MOVE", "PUT"))) {
             if (!$GLOBALS["USER"]->IsAdmin() && HasScriptExtension($strFileName)) {
                 $result = false;
                 $GLOBALS['APPLICATION']->ThrowException(GetMessage("WD_FILE_ERROR13"), "FORBIDDEN_EXTENTION");
             } elseif (IsFileUnsafe($strFileName) || $strFileName == "index.php") {
                 $result = false;
                 $GLOBALS['APPLICATION']->ThrowException(GetMessage("WD_FILE_ERROR14"), "FORBIDDEN_NAME");
             } elseif (!$io->ValidatePathString($io->CombinePath("/", $path)) || !$io->ValidateFilenameString($strFileName)) {
                 $result = false;
                 $GLOBALS['APPLICATION']->ThrowException(GetMessage("WD_FILE_ERROR14"), "FORBIDDEN_NAME");
             } elseif (in_array($extention, $this->arFileForbiddenExtentions["WRITE"])) {
                 $result = false;
                 $GLOBALS['APPLICATION']->ThrowException(GetMessage("WD_FILE_ERROR13"), "FORBIDDEN_EXTENTION");
             }
         } elseif (in_array($extention, $this->arFileForbiddenExtentions["READ"])) {
             $result = false;
             $GLOBALS["APPLICATION"]->ThrowException(GetMessage('WD_ACCESS_DENIED'), 'ACCESS_DENIED');
         }
     }
     return $result;
 }
Пример #2
0
 function CheckRights($method = "", $strong = false, $path = "")
 {
     $result = true;
     if (!parent::CheckRights($method, $strong)) {
         $result = false;
         $GLOBALS["APPLICATION"]->ThrowException(GetMessage('WD_ACCESS_DENIED'), 'ACCESS_DENIED');
     } elseif (!empty($path)) {
         $path = $this->_udecode($path);
         $strFileName = basename($path);
         $extention = strtolower(strrchr($strFileName, '.'));
         if (in_array($method, array("COPY", "MOVE", "PUT"))) {
             if (IsFileUnsafe($strFileName) || $strFileName == "index.php") {
                 $result = false;
                 $GLOBALS['APPLICATION']->ThrowException(GetMessage("WD_FILE_ERROR14"), "FORBIDDEN_NAME");
             }
         }
     }
     return $result;
 }