/** * Constructor * * @param string $filename, the filename to use. io::sanitizeAsciiString will be used to clean this filename * @param string $filepath, the filepath to use (FS relativeà). The path must exists and be writable. Default : PATH_TMP_FS * @param string $separator, the CSV fields separator (default ;) * @param string $enclosure, the CSV fields enclosure (default ") * @return void */ function __construct($filename, $filepath = PATH_TMP_FS, $separator = ';', $enclosure = '"') { if (is_dir($filepath) && is_writable($filepath)) { $this->_filepath = $filepath; } else { $this->raiseError('File path does not exists or is not writable : ' . $filepath); return false; } $this->_filename = io::sanitizeAsciiString($filename); $this->_separator = $separator; $this->_enclosure = $enclosure; if (!($this->_file = @fopen($this->_filepath . '/' . $this->_filename, 'ab+'))) { $this->raiseError('Cannot open file ' . ($this->_filepath . '/' . $this->_filename) . ' for writing'); return false; } }
/** * Sets the codename base data. * * @param string $data The new base data to set * @param CMS_profile_user &$user the user who did the edition * @param boolean $checkForDuplicate : check the codename for website duplication * @return boolean true on success, false on failure * @access public */ function setCodename($data, &$user, $checkForDuplicate = true) { if (!is_a($user, "CMS_profile_user")) { $this->raiseError("Didn't received a valid user"); return false; } if (strtolower(io::sanitizeAsciiString($data)) != $data) { $this->raiseError("Page codename must be alphanumeric only"); return false; } if (strlen($data) > 100) { $this->raiseError("Page codename must have 100 characters max"); return false; } //check if codename already exists if ($checkForDuplicate && $data) { $pageId = CMS_tree::getPageByCodename($data, $this->getWebsite(), false, false); if ($pageId && (!$this->getID() && $pageId || $this->getID() != $pageId)) { $this->raiseError("Page codename already exists in current website"); return false; } } if (!$this->_checkBaseData(false)) { return false; } $this->_editedBaseData["codename"] = $data; $this->addEdition(RESOURCE_EDITION_BASEDATA, $user); return true; }
/** * Constructor. * initializes the linxDisplay. * * @param string $innerContent The tag content. * @return void * @access public */ function __construct($type, $value, $relativeOffset, $crosswebsite = false, $website = '') { $authorized_types = array("node", "relative", "codename"); $authorized_string_values = array("self", "brother", "father", "root"); $this->_crosswebsite = $crosswebsite; if (!SensitiveIO::isInSet($type, $authorized_types)) { $this->raiseError("Type unknown : " . $type); return; } if ($type == 'node' && !SensitiveIO::isPositiveInteger($value)) { $this->raiseError("Bad value for 'node' type : " . $value); return; } if ($type == 'relative' && !SensitiveIO::isInSet($value, $authorized_string_values)) { $this->raiseError("Bad value for 'relative' type : " . $value); return; } if ($type == 'codename' && strtolower(io::sanitizeAsciiString($value)) != $value) { $this->raiseError("Bad value for 'codename' type : " . $value); return; } if ($type == 'codename' && strtolower(io::sanitizeAsciiString($website)) != $website) { $this->raiseError("Bad value for 'website' : " . $website); return; } $this->_type = $type; $this->_value = $value; $this->_website = $website; if ($this->_type == 'relative') { $this->_relativeOffset = $relativeOffset; } }
//checks and assignments $cms_message = ""; if (!$_POST["url"] || $_POST["url"] == "http://" || !$_POST["root"]) { header("Location: websites.php?cms_message_id=" . MESSAGE_FORM_ERROR_MANDATORY_FIELDS . "&" . session_name() . "=" . session_id()); exit; } else { $website->setURL($_POST["url"]); $website->setAltDomains($_POST["altdomains"]); if ($website->getID()) { $page = CMS_tree::getPageByID($_POST["root"]); $website_root = $website->getRoot(); if ($page->getID() != $website_root->getID()) { $website->setRoot($page); } } else { if (!$website->setCodename(io::sanitizeAsciiString($_POST["codename"]))) { $cms_message = $cms_language->getMessage(MESSAGE_PAGE_ERROR_CODENAME); } $page = CMS_tree::getPageByID($_POST["root"]); $website->setRoot($page); } //set meta values $website->setLabel($_POST["label"]); $website->set404($_POST["page404"]); $website->set403($_POST["page403"]); $website->setRedirectAltDomain($_POST["altredir"]); $website->setMeta('description', $_POST['description']); $website->setMeta('keywords', $_POST['keywords']); $website->setMeta('category', $_POST['category']); $website->setMeta('robots', $_POST['robots']); $website->setMeta('author', $_POST['author']);
$view->setActionMessage($cms_language->getmessage(MESSAGE_ERROR_MODULE_RIGHTS, array($module->getLabel($cms_language)))); $view->setContent($objectsDatas); $view->show(); } //CHECKS objectId if (!$objectId && !$fieldId) { CMS_grandFather::raiseError('Missing objectId to list in module ' . $codename); $view->setContent($objectsDatas); $view->show(); } elseif (!$objectId && $fieldId) { $objectId = CMS_poly_object_catalog::getObjectIDForField($fieldId); } //load current object definition $object = CMS_poly_object_catalog::getObjectDefinition($objectId); //load fields objects for object $objectFields = CMS_poly_object_catalog::getFieldsDefinition($object->getID()); if ($objectFields[$fieldId]) { $objectType = $objectFields[$fieldId]->getTypeObject(); if (method_exists($objectType, 'getListOfNamesForObject')) { $conditions = $query ? array('keywords' => $query) : array(); $objectsNames = $objectType->getListOfNamesForObject(false, $conditions); $objectsDatas['objects'][] = array('id' => '', 'label' => ' '); foreach ($objectsNames as $id => $label) { if (!$query || stripos(io::sanitizeAsciiString(io::decodeEntities($label)), io::sanitizeAsciiString(trim($query))) !== false) { $objectsDatas['objects'][] = array('id' => $id, 'label' => io::decodeEntities($label)); } } } } $view->setContent($objectsDatas); $view->show();
/** * Clear type cache using metas * * @param string $type : the cache type to clear * @param array $metas : the cache metas to clear * @param contant $mode : the zend cache constant to clean matching cache * Zend_Cache::CLEANING_MODE_MATCHING_ANY_TAG (default) * Zend_Cache::CLEANING_MODE_MATCHING_TAG * Zend_Cache::CLEANING_MODE_NOT_MATCHING_TAG * @return boolean * @access public * @static */ function clearTypeCacheByMetas($type, $metas, $mode = Zend_Cache::CLEANING_MODE_MATCHING_ANY_TAG) { $type = io::sanitizeAsciiString($type); //Convert metas into tags $tags = CMS_cache::_createTags($metas); //CMS_grandFather::log('Clear cache '.$type.' for metas '.print_r($tags, true).' ('.io::getCallInfos().')'); $return = true; //check cache dir $cachedir = new CMS_file(PATH_CACHE_FS . '/' . $type, CMS_file::FILE_SYSTEM, CMS_file::TYPE_DIRECTORY); if ($cachedir->exists()) { //Frontend cache options $frontendOptions = array('lifetime' => null, 'caching' => true, 'automatic_cleaning_factor' => 10); //Backend cache options $backendOptions = array('cache_dir' => PATH_CACHE_FS . '/' . $type, 'cache_file_umask' => octdec(FILES_CHMOD), 'hashed_directory_umask' => octdec(DIRS_CHMOD), 'hashed_directory_level' => 1); // getting a Zend_Cache_Core object try { $cache = Zend_Cache::factory('Core', 'File', $frontendOptions, $backendOptions); } catch (Zend_Cache_Exception $e) { CMS_grandFather::raiseError($e->getMessage()); } if ($cache) { try { $return = $cache->clean($mode, $tags); } catch (Zend_Cache_Exception $e) { CMS_grandFather::raiseError($e->getMessage()); $return = false; } } else { $return = false; } } return $return; }
/** * get sanitized application codename * * @return string the sanitized codename * @access public */ function getAppCode() { return io::sanitizeAsciiString(APPLICATION_LABEL); }
/** * Get autologin cookie name * * @return string : the autologin cookie name * @access public * @static */ public static function getAutoLoginCookieName() { $input = APPLICATION_LABEL . "_autologin"; $sanitized = io::sanitizeAsciiString($input, '', '_-'); return $sanitized; }
/** * Set the value of an attribute. * * @param string $attribute The attribute we want (its the key of the associative array) * @return boolean * @access public */ function setAttribute($attribute, $value) { if (io::sanitizeAsciiString($attribute, '', '') != $attribute) { $this->raiseError('Tag attribute must be ascii only : ' . $attribute); return false; } $this->_attributes[$attribute] = $value; $this->_textContentInvalid = true; return true; }
/** * Gets the pages directory. It's derived from the label * * @param string $relativeTo Can be PATH_RELATIVETO_WEBROOT for relative to website root, or PATH_RELATIVETO_FILESYSTEM for relative to filesystem root * @return string The pages directory. * @access public */ function getPagesPath($relativeTo) { if ($this->_codename) { if (SensitiveIO::isInSet($relativeTo, array(PATH_RELATIVETO_WEBROOT, PATH_RELATIVETO_FILESYSTEM))) { $relative = $relativeTo == PATH_RELATIVETO_WEBROOT ? PATH_PAGES_WR : PATH_PAGES_FS; if ($this->_isMain) { if (!is_dir(PATH_PAGES_FS)) { if (!CMS_file::makeDir(PATH_PAGES_FS)) { $this->raiseError('Can\'t create pages dir : ' . PATH_PAGES_FS); } } return $relative; } else { if (!is_dir(PATH_PAGES_FS . "/" . io::sanitizeAsciiString($this->_codename))) { if (!CMS_file::makeDir(PATH_PAGES_FS . "/" . io::sanitizeAsciiString($this->_codename))) { $this->raiseError('Can\'t create pages dir : ' . PATH_PAGES_FS . '/' . io::sanitizeAsciiString($this->_codename)); } } return $relative . '/' . io::sanitizeAsciiString($this->_codename); } } else { $this->raiseError("Can't give pages path relative to anything other than WR or FS"); return false; } } else { return false; } }
/** * return the lat and long of a point by is adress * @param object $language cms_language object * @param string $address * @param string sCcTld country top level domain to wich restrain the geocoding * @return array of coordonate * @access protected */ public static function getCoordinates(&$language, $address = '', $sCcTld = false) { $lat = $long = ''; //for the moment the adress is mandatory but we'll set it optionnal in the future if (!$address) { CMS_grandFather::raiseError('Address is required for geocoding'); return false; } $sGoogleApiUrl = sprintf('http://maps.google.com/maps/api/geocode/json?address=%s&sensor=false&language=%s', urlencode(io::sanitizeAsciiString($address, ' ')), $language->getCode()); if ($sCcTld) { $sGoogleApiUrl .= '®ion=' . $sCcTld; } //creating a call context to limit call duration $oContext = stream_context_create(array('http' => array('method' => 'GET', 'timeout' => 4))); $sTmpData = file_get_contents($sGoogleApiUrl, false, $oContext); if ($sTmpData === false) { //error trying reading the file CMS_grandFather::raiseError('Unable to read distant file at address ' . $sGoogleApiUrl); } else { //if we can decode the answer if ($oAnswer = json_decode($sTmpData)) { if ($oAnswer->status != 'OK') { CMS_grandFather::raiseError('Error while requesting google maps api ' . $sGoogleApiUrl); } //we use the first result $oPoint = array_shift($oAnswer->results); unset($oAnswer); $lat = isset($oPoint->geometry->location->lat) ? $oPoint->geometry->location->lat : ''; $long = isset($oPoint->geometry->location->lng) ? $oPoint->geometry->location->lng : ''; } } return array('lat' => $lat, 'long' => $long); }
/** * Returns a queried CMS_page value identified by it's codename and a reference page to identify the requested website * Static function. * * @param string $codename The codename of the wanted CMS_page * @param integer $id The DB ID of the reference CMS_page. This id is used to get the website of reference * @param string $type The value type to get * @return CMS_page or false on failure to find it * @access public */ static function getPageCodenameValue($codename, $referencePageId, $type) { static $pagesInfos; if (!SensitiveIO::isPositiveInteger($referencePageId)) { CMS_grandFather::raiseError("Reference Page id must be positive integer : " . $referencePageId); return false; } if (strtolower(io::sanitizeAsciiString($codename)) != $codename) { $this->raiseError("Page codename must be alphanumeric only"); return false; } if (!isset($pagesInfos[$codename][$referencePageId])) { //get website of reference page Id $website = CMS_tree::getPageWebsite($referencePageId); if (!$website) { $pagesInfos[$codename][$referencePageId] = false; } else { //get page by codename $pagesInfos[$codename][$referencePageId] = CMS_tree::getPageByCodename($codename, $website, true, false); } } if ($pagesInfos[$codename][$referencePageId]) { return CMS_tree::getPageValue($pagesInfos[$codename][$referencePageId], $type); } return false; }
/** * Upload a file with as much as security we can * * @param string $fileVarName, var name in which we can found the file in $_FILES * @param string $destinationDirFS, the destination dir in which we want the file to be moved * @return array of uploaded file meta datas */ function uploadFile($fileVarName = 'Filedata', $destinationDirFS = PATH_UPLOAD_FS) { //for security, clean all files older than 4h in both uploads directories $yesterday = time() - 14400; //4h try { foreach (new DirectoryIterator(PATH_UPLOAD_FS) as $file) { if ($file->isFile() && $file->getFilename() != ".htaccess" && $file->getMTime() < $yesterday) { @unlink($file->getPathname()); } } } catch (Exception $e) { } try { foreach (new DirectoryIterator(PATH_UPLOAD_VAULT_FS) as $file) { if ($file->isFile() && $file->getFilename() != ".htaccess" && $file->getMTime() < $yesterday) { @unlink($file->getPathname()); } } } catch (Exception $e) { } //init returned file datas $fileDatas = array('error' => 0, 'filename' => '', 'filepath' => '', 'filesize' => '', 'fileicon' => '', 'success' => false); // Check if the upload exists if (!isset($_FILES[$fileVarName]) || !is_uploaded_file($_FILES[$fileVarName]["tmp_name"]) || $_FILES[$fileVarName]["error"] != 0) { CMS_grandFather::raiseError('Uploaded file has an error : ' . print_r($_FILES, true)); $fileDatas['error'] = CMS_file::UPLOAD_UPLOAD_FAILED; $view->setContent($fileDatas); $view->show(); } //move uploaded file to upload vault (and rename it with a clean name if needed) $originalFilename = io::sanitizeAsciiString($_FILES[$fileVarName]["name"]); if (io::strlen($originalFilename) > 250) { $originalFilename = sensitiveIO::ellipsis($originalFilename, 250, '-'); } //remove multiple extensions to avoid double extension threat (cf. http://www.acunetix.com/websitesecurity/upload-forms-threat.htm) if (substr_count('.', $originalFilename) > 1) { $parts = pathinfo($originalFilename); $originalFilename = str_replace('.', '-', $parts['filename']) . '.' . $parts['extension']; } $count = 2; $filename = $originalFilename; while (file_exists(PATH_UPLOAD_VAULT_FS . '/' . $filename) || file_exists($destinationDirFS . '/' . $filename)) { $pathinfo = pathinfo($originalFilename); $filename = $pathinfo['filename'] . '-' . $count++ . '.' . $pathinfo['extension']; } if (!@move_uploaded_file($_FILES[$fileVarName]["tmp_name"], PATH_UPLOAD_VAULT_FS . '/' . $filename)) { CMS_grandFather::raiseError('Can\'t move uploaded file to : ' . PATH_UPLOAD_VAULT_FS . '/' . $filename); $fileDatas['error'] = CMS_file::UPLOAD_FILE_VALIDATION_FAILED; return $fileDatas; } $file = new CMS_file(PATH_UPLOAD_VAULT_FS . '/' . $filename); $file->chmod(FILES_CHMOD); //check uploaded file if (!$file->checkUploadedFile()) { $file->delete(); $fileDatas['error'] = CMS_file::UPLOAD_SECURITY_ERROR; return $fileDatas; } //move file to final directory if (!CMS_file::moveTo(PATH_UPLOAD_VAULT_FS . '/' . $filename, $destinationDirFS . '/' . $filename)) { $fileDatas['error'] = CMS_file::UPLOAD_FILE_VALIDATION_FAILED; return $fileDatas; } $file = new CMS_file($destinationDirFS . '/' . $filename); $file->chmod(FILES_CHMOD); //return file datas $fileDatas = array('error' => 0, 'filename' => $file->getName(false), 'filepath' => $file->getFilePath(CMS_file::WEBROOT), 'filesize' => $file->getFileSize(), 'fileicon' => $file->getFileIcon(CMS_file::WEBROOT), 'extension' => $file->getExtension(), 'success' => true); return $fileDatas; }