Пример #1
0
 private static function protectDirs(Module_PageBuilder $module)
 {
     $path = $module->getContentPath();
     // 		if (false === GWF_HTAccess::protect404($path))
     // 		{
     // 			return GWF_HTML::err('ERR_WRITE_FILE', array($path));
     // 		}
     $filename = $path . '/.htaccess';
     $data = "RewriteEngine On\nRewriteRule (.*) /index.php?mo=PageBuilder&me=ServeContent&filename=\$1\n";
     if (!file_put_contents($filename, $data)) {
         return GWF_HTML::err('ERR_WRITE_FILE', array($filename));
     }
     return '';
 }
Пример #2
0
 public static function onUpload(Module_PageBuilder $module)
 {
     if (false !== ($error = GWF_Form::validateCSRF_WeakS())) {
         return $error;
     }
     if (false === ($file = GWF_Upload::getFile('file'))) {
         return GWF_HTML::err('ERR_MISSING_UPLOAD');
     }
     $back = '';
     # TODO: There are more unsafe languages!
     # But we want to keep the file extension.
     # Not really a big deal, unless you have malicious admin users.
     $name = $file['name'];
     // 		$name = str_replace(array('/', '\\'), '', $name);
     // 		$forbidden = array('.php',/* '.pl', '.py', '.asp'*/);
     // 		foreach ($forbidden as $ext)
     // 		{
     // 			if (Common::endsWith($name, $ext))
     // 			if (Common::endsWith($name, '.php'))
     // 			{
     // 				$name .= '.html';
     // 				$back .= $module->error('err_file_ext');
     // 				return $back;
     // 			}
     // 		}
     # This is evil, sometimes even with foo.php.html
     if (stripos($name, '.php') !== false) {
         return $module->error('err_file_ext');
     }
     # We do a sanity check here
     if (!preg_match('#^[a-z0-9_][a-z0-9_\\.]{0,62}$#iD', $name)) {
         $back .= $module->error('err_file_name');
         return $back;
     }
     # Copy the file
     $path = 'dbimg/content/' . $name;
     $epath = htmlspecialchars($path);
     if (Common::isFile($path)) {
         return $back . $module->error('err_upload_exists');
     }
     if (false === GWF_Upload::moveTo($file, $path)) {
         return $back . GWF_HTML::err('ERR_WRITE_FILE', array($epath));
     }
     # Is bbcode mode?
     $bbcode = (Common::getPostInt('type', 0) & (GWF_Page::HTML | GWF_Page::SMARTY)) === 0;
     # Append to page content as image or anchor.
     $_POST['content'] .= self::fileToContent($name, $path, $bbcode);
     return $module->message('msg_file_upped', array($epath));
 }
Пример #3
0
 public static function validateType(Module_PageBuilder $m, $arg, $locked_mode)
 {
     switch ($arg) {
         case GWF_Page::SMARTY:
         case GWF_Page::HTML:
             if ($m->isAuthor(GWF_User::getStaticOrGuest())) {
                 return false;
             }
             break;
         case GWF_Page::BBCODE:
             return false;
         default:
             break;
     }
     return $m->lang('err_type');
 }
Пример #4
0
 public function validate_url(Module_PageBuilder $m, $arg)
 {
     return $m->validateURL($arg, false);
 }
Пример #5
0
 public function validate_url(Module_PageBuilder $m, $arg)
 {
     # Allow duplicate URL when it's still the same
     $allow_dups = $this->page->getVar('page_url') === $arg;
     return $m->validateURL($arg, $allow_dups);
 }