function my_pathinfo($param = NULL) { removeslash($param, 0); $tab["dirname"] = preg_match("/(^.+)\\//", $param, $dump) ? $dump[1] : "."; if (preg_match("/.*\\/(.*)\$/", $param, $dump)) { $tab["basename"] = $dump[1]; } else { removeslash($param, 1); preg_match("/(.*)/", $param, $dump); $tab["basename"] = $dump[1]; } if ($param === ".." || $param === ".") { dotordot($param, $tab); } else { if (preg_match("/[.]([^.\\/]*)\$/", $param, $dump)) { $tab["extension"] = $dump[1]; addslash($param); preg_match("/\\/([^\\/]*)\\.[^\\/]*\$/", $param, $dump); $tab["filename"] = $dump[1]; } else { preg_match("/\\/?([^\\/]+)[.\\/]?\$/", $param, $dump); $tab["filename"] = $dump[1]; } } return $tab; }
public function __construct() { global $topDirectory; $this->datafile = addslash(getSettingsPath()) . 'fileshare.dat'; $this->check_post($this->postlist); $this->load(); $this->userdir = addslash($topDirectory); }
public static function getTempDir($token = null) { if ($token !== null) { return array('tok' => $token, 'dir' => addslash(addslash(self::$config['tempdir']) . '.rutorrent/.fman/' . $token)); } if (is_null(self::$tmpdir)) { $tmp = self::newTempDir(); self::$tmpdir = $tmp; } return self::$tmpdir; }
public function move($files, $to) { $temp = Helper::getTempDir(); $args = array('action' => 'recursiveMove', 'params' => array('files' => $files, 'to' => addslash($to)), 'temp' => $temp); $task = $temp['dir'] . 'task'; file_put_contents($task, json_encode($args)); $task_opts = array('requester' => 'filemanager', 'name' => 'move'); $rtask = new \rTask($task_opts); $commands = array(Helper::getTaskCmd() . " " . escapeshellarg($task)); $ret = $rtask->start($commands, 0); // var_dump($ret); return $temp; }
public static function fastResume($torrent, $base, $add_path = true) { $files = array(); $info = $torrent->info; $psize = intval($info['piece length']); $base = trim($base); if ($base == '') { $req = new rXMLRPCRequest(new \model\xmlrpc\rXMLRPCCommand(\config\Conf::$userscgi, 'get_directory')); if ($req->success()) { $base = $req->val[0]; } } if ($psize && \model\xmlrpc\rTorrentSettings::get(\config\Conf::$userscgi)->correctDirectory($base)) { $base = addslash($base); $tsize = 0.0; if (isset($info['files'])) { foreach ($info['files'] as $key => $file) { $tsize += floatval($file['length']); $files[] = $add_path ? $info['name'] . "/" . implode('/', $file['path']) : implode('/', $file['path']); } } else { $tsize = floatval($info['length']); $files[] = $info['name']; } $chunks = intval(($tsize + $psize - 1) / $psize); $torrent->{'libtorrent_resume'}['bitfield'] = intval($chunks); if (!isset($torrent->{'libtorrent_resume'}['files'])) { $torrent->{'libtorrent_resume'}['files'] = array(); } foreach ($files as $key => $file) { $ss = LFS::stat($base . $file); if ($ss === false) { return false; } if (count($torrent->{'libtorrent_resume'}['files']) < $key) { $torrent->{'libtorrent_resume'}['files'][$key]['mtime'] = $ss["mtime"]; } else { $torrent->{'libtorrent_resume'}['files'][$key] = array("priority" => 2, "mtime" => $ss["mtime"]); } } return $torrent; } return false; }
function simplify_path ($path) { global $delim; if (@file_exists($path) && function_exists('realpath') && @realpath($path) != '') { $path = realpath($path); if (@is_dir($path)) { return addslash($path); } else { return $path; } } $pattern = $delim . '.' . $delim; if (@is_dir($path)) { $path = addslash($path); } while (strpos($path, $pattern) !== false) { $path = str_replace($pattern, $delim, $path); } $e = addslashes($delim); $regex = $e . '((\.[^\.' . $e . '][^' . $e . ']*)|(\.\.[^' . $e . ']+)|([^\.][^' . $e . ']*))' . $e . '\.\.' . $e; while (ereg($regex, $path)) { $path = ereg_replace($regex, $delim, $path); } return $path; }
} else { require_once INCLUDES . "html_buttons_include.php"; } $settings2 = array(); $result = dbquery("SELECT * FROM " . DB_SETTINGS); while ($data = dbarray($result)) { $settings2[$data['settings_name']] = $data['settings_value']; } if (isset($_POST['savesettings'])) { $error = 0; if (addslash($_POST['license_agreement']) != $settings2['license_agreement']) { $license_lastupdate = time(); } else { $license_lastupdate = $settings2['license_lastupdate']; } $license_agreement = addslash(preg_replace("(^<p>\\s</p>\$)", "", $_POST['license_agreement'])); $result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['enable_registration']) ? $_POST['enable_registration'] : "1") . "' WHERE settings_name='enable_registration'"); if (!$result) { $error = 1; } $result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['email_verification']) ? $_POST['email_verification'] : "1") . "' WHERE settings_name='email_verification'"); if (!$result) { $error = 1; } $result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['admin_activation']) ? $_POST['admin_activation'] : "0") . "' WHERE settings_name='admin_activation'"); if (!$result) { $error = 1; } $result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['display_validation']) ? $_POST['display_validation'] : "1") . "' WHERE settings_name='display_validation'"); if (!$result) { $error = 1;
} else { redirect(FUSION_SELF . $aidlink); } } } } if (isset($_GET['action']) && $_GET['action'] == "2" && (isset($_GET['t']) && $_GET['t'] == "a")) { if (isset($_POST['publish']) && (isset($_GET['submit_id']) && isnum($_GET['submit_id']))) { $result = dbquery("SELECT ts.submit_criteria, user_id\r\n\t\t\tFROM " . DB_SUBMISSIONS . " ts\r\n\t\t\tLEFT JOIN " . DB_USERS . " tu ON ts.submit_user=tu.user_id\r\n\t\t\tWHERE submit_id='" . $_GET['submit_id'] . "'"); if (dbrows($result)) { $data = dbarray($result); $submit_criteria = unserialize($data['submit_criteria']); $article_cat = isnum($_POST['article_cat']) ? $_POST['article_cat'] : 0; $article_subject = stripinput($_POST['article_subject']); $article_snippet = addslash($_POST['article_snippet']); $article_body = addslash($_POST['article_body']); $article_breaks = $_POST['article_breaks'] == "y" ? "y" : "n"; $result = dbquery("INSERT INTO " . DB_ARTICLES . " (article_cat, article_subject, article_snippet, article_article, article_breaks, article_name, article_datestamp, article_reads, article_allow_comments, article_allow_ratings) VALUES ('{$article_cat}', '{$article_subject}', '{$article_snippet}', '{$article_body}', '{$article_breaks}', '" . $data['user_id'] . "', '" . time() . "', '0', '1', '1' ,'" . LANGUAGE . "')"); $result = dbquery("DELETE FROM " . DB_SUBMISSIONS . " WHERE submit_id='" . $_GET['submit_id'] . "'"); opentable($locale['530']); echo "<br /><div style='text-align:center'>" . $locale['531'] . "<br /><br />\n"; echo "<a href='" . FUSION_SELF . $aidlink . "'>" . $locale['402'] . "</a><br /><br />\n"; echo "<a href='index.php" . $aidlink . "'>" . $locale['403'] . "</a></div><br />\n"; closetable(); } else { redirect(FUSION_SELF . $aidlink); } } else { if (isset($_POST['delete']) && (isset($_GET['submit_id']) && isnum($_GET['submit_id']))) { opentable($locale['532']); $result = dbquery("DELETE FROM " . DB_SUBMISSIONS . " WHERE submit_id='" . $_GET['submit_id'] . "'");
function findRemoteEXE($exe, $err, &$remoteRequests) { $st = getSettingsPath() . '/' . rand(); if (!array_key_exists($exe, $remoteRequests)) { $path = realpath(dirname('.')); global $pathToExternals; $cmd = array("sh", addslash($path) . "test.sh", $exe, $st); if (isset($pathToExternals[$exe]) && !empty($pathToExternals[$exe])) { $cmd[] = $pathToExternals[$exe]; } $req = new rXMLRPCRequest(new rXMLRPCCommand("execute", $cmd)); $req->run(); $remoteRequests[$exe] = array("path" => $st, "err" => array()); } $remoteRequests[$exe]["err"][] = $err; }
public function move($paths) { $files = array_map(array($this, 'getWorkDir'), (array) $paths->fls); // destination dir requires ending / $to = addslash($this->getUserDir($paths->to)); // var_dump($paths, $files); $fs = Fs::get(); if (!$fs->isDir($to)) { throw new Exception("Destination is not directory", 2); } $task_info = $fs->move($files, $to); return $task_info; }
| Affero GPL license. You can redistribute it and/or | modify it under the terms of this license which you | can read by viewing the included agpl.txt or online | at www.gnu.org/licenses/agpl.html. Removal of this | copyright header is strictly prohibited without | written permission from the original author(s). +--------------------------------------------------------*/ if (fusion_get_settings("tinymce_enabled")) { echo "<script language='javascript' type='text/javascript'>advanced();</script>\n"; } if (isset($_GET['submit_id']) && isnum($_GET['submit_id'])) { if (isset($_POST['publish']) && (isset($_GET['submit_id']) && isnum($_GET['submit_id']))) { $result = dbquery("SELECT ts.*, tu.user_id, tu.user_name FROM " . DB_SUBMISSIONS . " ts\n\t\t\tLEFT JOIN " . DB_USERS . " tu ON ts.submit_user=tu.user_id\n\t\t\tWHERE submit_id='" . $_GET['submit_id'] . "'"); if (dbrows($result)) { $data = dbarray($result); $data = array('article_id' => 0, 'article_subject' => form_sanitizer($_POST['article_subject'], '', 'article_subject'), 'article_cat' => form_sanitizer($_POST['article_cat'], 0, 'article_cat'), 'article_name' => $data['user_id'], 'article_snippet' => addslash(preg_replace("(^<p>\\s</p>\$)", "", $_POST['article_snippet'])), 'article_article' => addslash(preg_replace("(^<p>\\s</p>\$)", "", $_POST['article_article'])), 'article_keywords' => form_sanitizer($_POST['article_keywords'], '', 'article_keywords'), 'article_datestamp' => form_sanitizer($_POST['article_datestamp'], time(), 'article_datestamp'), 'article_visibility' => form_sanitizer($_POST['article_visibility'], 0, 'article_visibility'), 'article_draft' => isset($_POST['article_draft']) ? "1" : "0", 'article_allow_comments' => 0, 'article_allow_ratings' => 0, 'article_language' => form_sanitizer($_POST['article_language'], '', 'article_language')); if (fusion_get_settings('tinymce_enabled') != 1) { $data['article_breaks'] = isset($_POST['line_breaks']) ? "y" : "n"; } else { $data['article_breaks'] = "n"; } if (defender::safe()) { dbquery_insert(DB_ARTICLES, $data, "save"); $result = dbquery("DELETE FROM " . DB_SUBMISSIONS . " WHERE submit_id='" . $_GET['submit_id'] . "'"); if ($data['article_draft']) { addNotice("success", $locale['articles_0051']); } else { addNotice("success", $locale['articles_0050']); } redirect(clean_request("", array("submit_id"), FALSE)); }
} } elseif (isset($_POST['save_forum'])) { $forum_name = trim(stripinput($_POST['forum_name'])); $forum_description = trim(stripinput($_POST['forum_description'])); $forum_cat = isnum($_POST['forum_cat']) ? $_POST['forum_cat'] : 0; if (isset($_GET['action']) && $_GET['action'] == "edit" && (isset($_GET['forum_id']) && isnum($_GET['forum_id'])) && (isset($_GET['t']) && $_GET['t'] == "forum")) { $forum_mods = $_POST['forum_mods']; $forum_access = isnum($_POST['forum_access']) ? $_POST['forum_access'] : 0; $forum_post = isnum($_POST['forum_post']) ? $_POST['forum_post'] : 0; $forum_reply = isnum($_POST['forum_reply']) ? $_POST['forum_reply'] : 0; $forum_attach = isnum($_POST['forum_attach']) ? $_POST['forum_attach'] : 0; $forum_poll = isnum($_POST['forum_poll']) ? $_POST['forum_poll'] : 0; $forum_vote = isnum($_POST['forum_vote']) ? $_POST['forum_vote'] : 0; $result = dbquery("UPDATE " . DB_FORUMS . " SET forum_name='{$forum_name}', forum_cat='{$forum_cat}', forum_description='{$forum_description}', forum_moderators='{$forum_mods}', forum_access='{$forum_access}', forum_post='{$forum_post}', forum_reply='{$forum_reply}', forum_attach='{$forum_attach}', forum_poll='{$forum_poll}', forum_vote='{$forum_vote}' WHERE forum_id='" . $_GET['forum_id'] . "'"); // start fb4 mod $forum_icon = addslash(stripinput($_POST['forum_icon'])); $forum_parent = isset($_POST['forum_parent']) && isNum($_POST['forum_parent']) ? $_POST['forum_parent'] : 0; $result = dbquery("UPDATE " . $db_prefix . "fb_forums set forum_icon='{$forum_icon}', forum_parent='{$forum_parent}' where forum_id='" . $_GET['forum_id'] . "'"); // end fb4 mod redirect(FUSION_SELF . $aidlink . "§ion=forums&status=savefu"); } else { if ($forum_name) { $forum_order = isnum($_POST['forum_order']) ? $_POST['forum_order'] : ""; $forum_parent = isset($_POST['forum_parent']) && isNum($_POST['forum_parent']) ? $_POST['forum_parent'] : 0; if (!$forum_order) { $forum_order = dbresult(dbquery("SELECT MAX(forum_order) FROM " . DB_FORUMS . " f\n\t\t\t\tleft join " . DB_PREFIX . "fb_forums f2 on f2.forum_id=f.forum_id\n\t\t\t\tWHERE f2.forum_parent='{$forum_parent}'"), 0) + 1; } $result2 = dbquery("select * from " . DB_FORUMS . " f\n\t\t\tleft join " . DB_PREFIX . "fb_forums f2 on f2.forum_id=f.forum_id\n\t\t\tWHERE forum_cat='{$forum_cat}' AND forum_order>='{$forum_order}'" . ($forum_parent ? " AND f2.forum_parent='{$forum_parent}'" : "")); while ($data2 = dbarray($result2)) { $result = dbquery("UPDATE " . DB_FORUMS . " SET forum_order=forum_order+1 where forum_id='" . $data2['forum_id'] . "'"); }
function getTempDirectory() { global $tempDirectory; if (empty($tempDirectory)) { $directories = array(); if (ini_get('upload_tmp_dir')) { $directories[] = ini_get('upload_tmp_dir'); } if (function_exists('sys_get_temp_dir')) { $directories[] = sys_get_temp_dir(); } $directories[] = '/tmp'; foreach ($directories as $directory) { if (is_dir($directory) && is_writable($directory)) { $tempDirectory = $directory; break; } } if (empty($tempDirectory)) { $tempDirectory = getProfilePath() . '/tmp'; } $tempDirectory = addslash($tempDirectory); } return $tempDirectory; }
} if (isset($_GET['deny']) && isNum($_GET['deny']) && $userdata['user_id'] == $data['group_leader']) { $apply = dbcount("(apply_user)", DB_PREFIX . "fb_apply", "apply_group='" . $data['group_id'] . "' and apply_user='******'deny'] . "'"); if ($apply) { $query = dbquery("delete from " . DB_PREFIX . "fb_apply where apply_group='" . $data['group_id'] . "' and apply_user='******'deny'] . "'"); $message = str_replace(array("{1}"), array($settings['siteurl'] . "infusions/fusionboard4/groups.php?view=" . $data['group_id']), $locale['uc307']); sendMessage($applyUser['user_id'], $data['group_leader'], $locale['uc305'], $message); redirect(FUSION_SELF . "?section=groups&view=" . $_GET['view']); } else { redirect(FUSION_SELF . "?section=groups&view=" . $_GET['view']); } } if (isset($_GET['action']) && $_GET['action'] == "edit" && $userdata['user_id'] == $data['group_leader']) { if (isset($_POST['goGroup'])) { $group_name = isset($_POST['group_name']) ? addslash(stripinput($_POST['group_name'])) : ""; $group_desc = isset($_POST['group_desc']) ? addslash(stripinput($_POST['group_desc'])) : ""; $group_type = isset($_POST['group_type']) && isNum($_POST['group_type']) ? $_POST['group_type'] : 1; $group_wall = isset($_POST['group_wall']) && isNum($_POST['group_wall']) ? $_POST['group_wall'] : 0; $group_visibility = isset($_POST['group_visibility']) && isNum($_POST['group_visibility']) ? $_POST['group_visibility'] : 0; $group_moderate = isset($_POST['group_moderate']) && isNum($_POST['group_moderate']) ? $_POST['group_moderate'] : 0; $result = dbquery("update " . DB_PREFIX . "fb_groups set group_description='{$group_desc}', group_access='{$group_type}', \n\t\t\tgroup_wall='{$group_wall}', group_visibility='{$group_visibility}', group_moderate='{$group_moderate}' \n\t\t\twhere group_id='" . $_GET['view'] . "'"); $result = dbquery("update " . DB_USER_GROUPS . " set group_name='{$group_name}', group_description='{$group_desc}' where group_id='" . $_GET['view'] . "'"); redirect(FUSION_SELF . "?section=groups&view=" . $_GET['view']); } echo "<tr>\n<td class='forum-caption' style='padding-left:5px;'>" . $locale['uc367'] . "\"" . stripslash($data['group_name']) . "\"</td>\n</tr>\n"; echo "<tr>\n<td class='tbl1' style='padding:10px;'><form action='" . FUSION_SELF . "?section=groups&view=" . $_GET['view'] . "&action=edit' method='post' name='groupeditform'>\n"; echo $locale['uc266'] . "<br /><input name='group_name' class='textbox' style='font-size:14px;margin:3px;margin-left:6px;width:320px;' value='" . stripslash($data['group_name']) . "'><br />\n"; echo $locale['uc267'] . "<br /><textarea name='group_desc' class='textbox' style='font-size:14px;margin:3px;margin-left:6px;width:320px;'>" . stripslash($data['group_description']) . "</textarea><br />\n"; echo $locale['uc268'] . "<br />\n<select name='group_type' class='textbox grouptext'>\n"; echo "<option value='1'" . ($data['group_access'] == "1" ? " SELECTED" : "") . ">" . $locale['uc269'] . "</option>\n"; echo "<option value='2'" . ($data['group_access'] == "2" ? " SELECTED" : "") . ">" . $locale['uc270'] . "</option>\n";
if (!$result) { $error = 1; } $result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['maintenance']) ? $_POST['maintenance'] : "0") . "' WHERE settings_name='maintenance'"); if (!$result) { $error = 1; } $result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . addslash(descript($_POST['maintenance_message'])) . "' WHERE settings_name='maintenance_message'"); if (!$result) { $error = 1; } $result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['bad_words_enabled']) ? $_POST['bad_words_enabled'] : "0") . "' WHERE settings_name='bad_words_enabled'"); if (!$result) { $error = 1; } $result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . addslash($_POST['bad_words']) . "' WHERE settings_name='bad_words'"); if (!$result) { $error = 1; } $result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . stripinput($_POST['bad_word_replace']) . "' WHERE settings_name='bad_word_replace'"); if (!$result) { $error = 1; } if ($_POST['captcha'] == "recaptcha" && ($_POST['recaptcha_public'] == "" || $_POST['recaptcha_private'] == "")) { $error = 2; } else { $result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . stripinput($_POST['captcha']) . "' WHERE settings_name='captcha'"); if (!$result) { $error = 1; } $result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . stripinput($_POST['recaptcha_public']) . "' WHERE settings_name='recaptcha_public'");
<div class="info col-xs-3 col-sm-3 col-md-3 col-lg-3"> <?php if (empty($orders)) { echo '<h3>' . 'нет заказов' . '</h3>'; } ?> </div> </div> <div class="row"> <div class="content col-xs-12 col-sm-12 col-md-12 col-lg-12"> <?php if (is_array($orders)) { //условия закрываеться в конце дива foreach ($orders as $order) { // закрываем условие в конце после таблици $n = addslash($order['name']); //обработка переменных на вывод $e = htmlAll($order['email']); $p = clearData($order['phone'], "i"); $a = htmlAll($order['address']); ?> <table border="1" width="100%"> <tr> <td colspan="6"> <h3>Товарная накладная N </h3> <hr style="border-width: 3px; color: #003399"> <h5>Заказчик:<?php echo $n; ?> </h5> <h5>Email:<?php
+--------------------------------------------------------*/ require_once "../maincore.php"; require_once THEMES . "templates/admin_header.php"; require_once INCLUDES . "html_buttons_include.php"; include LOCALE . LOCALESET . "admin/downloads.php"; if (!checkrights("D") || !defined("iAUTH") || $_GET['aid'] != iAUTH) { redirect("../index.php"); } $result = dbquery("SELECT * FROM " . DB_DOWNLOAD_CATS); if (dbrows($result)) { if (isset($_GET['action']) && $_GET['action'] == "delete" && (isset($_GET['download_id']) && isnum($_GET['download_id']))) { $result = dbquery("DELETE FROM " . DB_DOWNLOADS . " WHERE download_id='" . $_GET['download_id'] . "'"); redirect(FUSION_SELF . $aidlink . "&download_cat_id=" . intval($_GET['download_cat_id'])); } elseif (isset($_POST['save_download'])) { $download_title = stripinput($_POST['download_title']); $download_description = addslash($_POST['download_description']); $download_url = stripinput($_POST['download_url']); $download_cat = intval($_POST['download_cat']); $download_license = stripinput($_POST['download_license']); $download_os = stripinput($_POST['download_os']); $download_version = stripinput($_POST['download_version']); $download_filesize = stripinput($_POST['download_filesize']); if ($download_title) { if (isset($_GET['action']) && $_GET['action'] == "edit" && (isset($_GET['download_id']) && isnum($_GET['download_id']))) { $download_datestamp = isset($_POST['update_datestamp']) ? ", download_datestamp='" . time() . "'" : ""; $result = dbquery("UPDATE " . DB_DOWNLOADS . " SET download_title='{$download_title}', download_description='{$download_description}', download_url='{$download_url}', download_cat='{$download_cat}', download_license='{$download_license}', download_os='{$download_os}', download_version='{$download_version}', download_filesize='{$download_filesize}'" . $download_datestamp . " WHERE download_id='" . $_GET['download_id'] . "'"); redirect(FUSION_SELF . $aidlink . "&download_cat_id=" . $download_cat); } else { $result = dbquery("INSERT INTO " . DB_DOWNLOADS . " (download_title, download_description, download_url, download_cat, download_license, download_os, download_version, download_filesize, download_datestamp, download_count) VALUES ('{$download_title}', '{$download_description}', '{$download_url}', '{$download_cat}', '{$download_license}', '{$download_os}', '{$download_version}', '{$download_filesize}', '" . time() . "', '0')"); redirect(FUSION_SELF . $aidlink . "&download_cat_id=" . $download_cat); }
<?php include "../../../../maincore.php"; if (!$_GET['sid']) { die("Access Denied"); } if (!iADMIN) { die("Access Denied"); } if (file_exists(INFUSIONS . "fusionboard4/locale/" . $settings['locale'] . ".php")) { include INFUSIONS . "fusionboard4/locale/" . $settings['locale'] . ".php"; } else { include INFUSIONS . "fusionboard4/locale/English.php"; } include INFUSIONS . "fusionboard4/includes/func.php"; if (isset($_GET['user']) && isNum($_GET['user'])) { $image = stripinput($_GET['image']); $desc = addslash(stripinput($_GET['desc'])); $result = dbquery("insert into " . DB_PREFIX . "fb_awards (award_user, award_image, award_desc) VALUES('" . $_GET['user'] . "', '{$image}', '{$desc}')"); } if (isset($_GET['del']) && isNum($_GET['del'])) { $query = dbquery("delete from " . DB_PREFIX . "fb_awards where award_id='" . $_GET['del'] . "'"); }
$result = dbquery("UPDATE " . DB_FAQ_CATS . " SET faq_cat_name='{$faq_cat_name}', faq_cat_description='{$faq_cat_description}' WHERE faq_cat_id='" . $_GET['faq_cat_id'] . "'"); redirect(FUSION_SELF . $aidlink . "&status=scu"); } else { $result = dbquery("INSERT INTO " . DB_FAQ_CATS . " (faq_cat_name, faq_cat_description) VALUES('{$faq_cat_name}', '{$faq_cat_description}')"); redirect(FUSION_SELF . $aidlink . "&status=scn"); } } else { $error = 1; } } else { $error = 2; } } elseif (isset($_POST['save_faq'])) { $faq_cat = intval($_POST['faq_cat']); $faq_question = stripinput($_POST['faq_question']); $faq_answer = addslash($_POST['faq_answer']); if ($faq_question && $faq_answer) { if (isset($_GET['action']) && $_GET['action'] == "edit" && (isset($_GET['faq_id']) && isnum($_GET['faq_id'])) && (isset($_GET['t']) && $_GET['t'] == "faq")) { $result = dbquery("UPDATE " . DB_FAQS . " SET faq_cat_id='{$faq_cat}', faq_question='{$faq_question}', faq_answer='{$faq_answer}' WHERE faq_id='" . $_GET['faq_id'] . "'"); redirect(FUSION_SELF . $aidlink . "&faq_cat_id={$faq_cat}&status=su"); } else { $result = dbquery("INSERT INTO " . DB_FAQS . " (faq_cat_id, faq_question, faq_answer) VALUES ('{$faq_cat}', '{$faq_question}', '{$faq_answer}')"); redirect(FUSION_SELF . $aidlink . "&faq_cat_id={$faq_cat}&status=sn"); } } else { $error = 3; } } elseif (isset($_GET['action']) && $_GET['action'] == "edit") { if (isset($_GET['faq_cat_id']) && isnum($_GET['faq_cat_id']) && (isset($_GET['t']) && $_GET['t'] == "cat")) { $result = dbquery("SELECT faq_cat_id, faq_cat_name, faq_cat_description FROM " . DB_FAQ_CATS . " WHERE faq_cat_id='" . $_GET['faq_cat_id'] . "'"); if (dbrows($result)) {
foreach ($_POST['take'] as $id => $val) { $query_id = dbquery("SELECT * FROM " . DB_DOWNLOADS . " WHERE download_id='{$id}'"); if (!dbrows($query_id)) { $imported[$id] = $locale['PDP866']; continue; } $imported[$id] = $locale['PDP043']; $data = dbarray($query_id); $name = $data['download_title']; $ver = $data['download_version']; $url = $_POST['down'][$id]; $size = $data['download_filesize']; $datestamp = $data['download_datestamp']; $cat_id = $_POST['cat'][$id]; $lid = $_POST['license'][$id]; $desc = addslash($data['download_description']); $ok = dbquery("INSERT INTO " . DB_PDP_DOWNLOADS . "" . " SET" . " cat_id='{$cat_id}', dl_name='{$name}'," . " dl_desc='{$desc}'," . " user_id='" . $userdata['user_id'] . "'," . " license_id='{$lid}', lizenz_okay='N'," . " lizenz_packet='N'," . " dl_count='" . $data['download_count'] . "'," . " dl_mtime='{$datestamp}', dl_ctime='{$datestamp}'," . " dl_status='" . PDP_PRO_ON . "'"); $id = mysql_insert_id(); $ok = dbquery("INSERT INTO " . DB_PDP_FILES . "" . " SET" . " download_id='{$id}'," . " file_version='{$ver}'," . " file_desc=''," . " file_url='{$url}'," . " file_size='{$size}'," . " file_timestamp='{$datestamp}'"); } // count cat downloads $query_id = dbquery("SELECT cat_id" . " FROM " . DB_PDP_CATS . ""); while ($data = dbarray($query_id)) { $count = ff_db_count("(*)", DB_PDP_DOWNLOADS, "(cat_id='" . $data['cat_id'] . "'" . " AND dl_status='" . PDP_PRO_ON . "')"); $mysql[] = "UPDATE " . DB_PDP_CATS . "" . " SET" . " count_downloads='" . $count . "'" . " WHERE cat_id='" . $data['cat_id'] . "'"; } fallback(FUSION_SELF . "?do_import=no"); } /* * CREATE CAT SEL */
if (isset($request['comment'])) { $comment = trim($request['comment']); if (strlen($comment)) { $torrent->comment($comment); } } if ($request['private']) { $torrent->is_private(true); } $fname = rTask::formatPath($taskNo) . '/result.torrent'; $torrent->save($fname); if ($request['start_seeding']) { $fname = getUniqueUploadedFilename($torrent->info['name'] . '.torrent'); $path_edit = trim($request['path_edit']); if (is_dir($path_edit)) { $path_edit = addslash($path_edit); } if (rTorrentSettings::get()->correctDirectory($path_edit)) { $path_edit = dirname($path_edit); if ($resumed = rTorrent::fastResume($torrent, $path_edit)) { $torrent = $resumed; } $torrent->save($fname); rTorrent::sendTorrent($torrent, true, true, $path_edit, null, true, isLocalMode()); @chmod($fname, $profileMask & 0666); } } exit(0); } exit(1); }
public function correctDirectory(&$dir, $resolve_links = false) { global $topDirectory; if (strlen($dir) && $dir[0] == '~') { $dir = $this->home . substr($dir, 1); } $dir = fullpath($dir, $this->directory); if ($resolve_links) { $path = realpath($dir); if (!$path) { $dir = addslash(realpath(dirname($dir))) . basename($dir); } else { $dir = $path; } } return strpos(addslash($dir), $topDirectory) === 0; }
default: $message = $locale['900']; $status = 'success'; $icon = "<i class='fa fa-check-square-o fa-lg fa-fw'></i>"; } if ($message) { addNotice($status, $icon . $message); } } if (isset($_POST['save_banners'])) { $error = 0; $result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . addslash($_POST['sitebanner1']) . "' WHERE settings_name='sitebanner1'"); if (!$result) { $error = 1; } $result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . addslash($_POST['sitebanner2']) . "' WHERE settings_name='sitebanner2'"); if (!$result) { $error = 1; } redirect(FUSION_SELF . $aidlink . "&error=" . $error, TRUE); } if (isset($_POST['preview_banners'])) { $sitebanner1 = ""; $sitebanner2 = ""; $sitebanner1 = stripslash($_POST['sitebanner1']); $sitebanner2 = stripslash($_POST['sitebanner2']); } else { $sitebanner1 = stripslashes($settings['sitebanner1']); $sitebanner2 = stripslashes($settings['sitebanner2']); } opentable($locale['850']);
public function startTask($hash, $outPath, $mode, $fileno) { global $rootPath; $ret = array("no" => -1, "pid" => 0, "status" => 255, "log" => array(), "errors" => array("Unknown error.")); if (rTorrentSettings::get()->isPluginRegistered('quotaspace')) { require_once dirname(__FILE__) . "/../quotaspace/rquota.php"; $qt = rQuota::load(); if (!$qt->check()) { $ret["errors"] = array("Quota limitation was reached. Unpack failed."); return $ret; } } $taskArgs = array('requester' => 'unpack', 'name' => 'unpack', 'hash' => $hash, 'dir' => $outPath, 'mode' => $mode, 'no' => $fileno); if ($outPath != '' && !rTorrentSettings::get()->correctDirectory($outPath)) { $outPath = ''; } if (!empty($mode)) { $req = new rXMLRPCRequest(new rXMLRPCCommand("f.get_frozen_path", array($hash, intval($fileno)))); if ($req->success()) { $filename = $req->val[0]; if ($filename == '') { $req = new rXMLRPCRequest(array(new rXMLRPCCommand("d.open", $hash), new rXMLRPCCommand("f.get_frozen_path", array($hash, intval($fileno))), new rXMLRPCCommand("d.close", $hash))); if ($req->success()) { $filename = $req->val[1]; } } if ($outPath == '') { $outPath = dirname($filename); } $commands = array(); $arh = getExternal($mode == "zip" ? 'unzip' : 'unrar'); $commands[] = escapeshellarg($rootPath . '/plugins/unpack/un' . $mode . '_file.sh') . " " . escapeshellarg($arh) . " " . escapeshellarg($filename) . " " . escapeshellarg(addslash($outPath)); $taskArgs['arg'] = call_user_func('end', explode('/', $filename)); $task = new rTask($taskArgs); $ret = $task->start($commands, 0); } } else { $req = new rXMLRPCRequest(array(new rXMLRPCCommand("d.get_base_path", $hash), new rXMLRPCCommand("d.get_custom1", $hash), new rXMLRPCCommand("d.get_name", $hash))); if ($req->success()) { $basename = $req->val[0]; $label = rawurldecode($req->val[1]); $tname = $req->val[2]; if ($basename == '') { $req = new rXMLRPCRequest(array(new rXMLRPCCommand("d.open", $hash), new rXMLRPCCommand("d.get_base_path", $hash), new rXMLRPCCommand("d.close", $hash))); if ($req->success()) { $basename = $req->val[1]; } } $req = new rXMLRPCRequest(new rXMLRPCCommand("f.multicall", array($hash, "", getCmd("f.get_path=")))); if ($req->success()) { $rarPresent = false; $zipPresent = false; foreach ($req->val as $no => $name) { if (USE_UNRAR && preg_match("'.*\\.(rar|r\\d\\d|\\d\\d\\d)\$'si", $name) == 1) { $rarPresent = true; } else { if (USE_UNZIP && preg_match("'.*\\.zip\$'si", $name) == 1) { $zipPresent = true; } } } $mode = $rarPresent && $zipPresent ? 'all' : ($rarPresent ? 'rar' : ($zipPresent ? 'zip' : null)); if ($mode) { $pathToUnrar = getExternal("unrar"); $pathToUnzip = getExternal("unzip"); $arh = $mode == "zip" ? $pathToUnzip : $pathToUnrar; if (is_dir($basename)) { $postfix = "_dir"; if ($outPath == '') { $outPath = $basename; } $basename = addslash($basename); } else { $postfix = "_file"; if ($outPath == '') { $outPath = dirname($basename); } $pathToUnzip = ""; } $outPath = addslash($outPath); if ($this->addLabel && $label != '') { $outPath .= addslash($label); } if ($this->addName && $tname != '') { $outPath .= addslash($tname); } $commands[] = escapeshellarg($rootPath . '/plugins/unpack/un' . $mode . $postfix . '.sh') . " " . escapeshellarg($arh) . " " . escapeshellarg($basename) . " " . escapeshellarg($outPath) . " " . escapeshellarg($pathToUnzip); $taskArgs['arg'] = call_user_func('end', explode('/', delslash($basename))); $task = new rTask($taskArgs); $ret = $task->start($commands, 0); } } } } return $ret; }
} elseif ($_GET['status'] == "del") { $message = $locale['512']; } if ($message) { echo "<div id='close-message'><div class='admin-message'>" . $message . "</div></div>\n"; } } $result = dbcount("(weblink_cat_id)", DB_WEBLINK_CATS); if (!empty($result)) { if (isset($_GET['action']) && $_GET['action'] == "delete" && (isset($_GET['weblink_id']) && isnum($_GET['weblink_id']))) { $result = dbquery("DELETE FROM " . DB_WEBLINKS . " WHERE weblink_id='" . $_GET['weblink_id'] . "'"); redirect(FUSION_SELF . $aidlink . "&weblink_cat_id=" . $_GET['weblink_cat_id'] . "&status=del"); } if (isset($_POST['save_link'])) { $weblink_name = stripinput($_POST['weblink_name']); $weblink_description = addslash($_POST['weblink_description']); $weblink_url = stripinput($_POST['weblink_url']); $weblink_cat = intval($_POST['weblink_cat']); if ($weblink_name) { if (isset($_GET['action']) && $_GET['action'] == "edit" && (isset($_GET['weblink_id']) && isnum($_GET['weblink_id']))) { $weblink_datestamp = isset($_POST['update_datestamp']) ? ", weblink_datestamp='" . time() . "'" : ""; $result = dbquery("UPDATE " . DB_WEBLINKS . " SET weblink_name='{$weblink_name}', weblink_description='{$weblink_description}', weblink_url='{$weblink_url}', weblink_cat='{$weblink_cat}'" . $weblink_datestamp . " WHERE weblink_id='" . $_GET['weblink_id'] . "'"); redirect(FUSION_SELF . $aidlink . "&weblink_cat_id={$weblink_cat}&status=su"); } else { $result = dbquery("INSERT INTO " . DB_WEBLINKS . " (weblink_name, weblink_description, weblink_url, weblink_cat, weblink_datestamp, weblink_count) VALUES ('{$weblink_name}', '{$weblink_description}', '{$weblink_url}', '{$weblink_cat}', '" . time() . "', '0')"); redirect(FUSION_SELF . $aidlink . "&weblink_cat_id={$weblink_cat}&status=sn"); } } else { redirect(FUSION_SELF . $aidlink); } }
<?php if (chdir(dirname(__FILE__))) { set_time_limit(0); if (count($argv) > 6) { $_SERVER['REMOTE_USER'] = $argv[6]; } if (count($argv) > 5) { require_once "unpack.php"; $up = rUnpack::load(); if ($up->enabled) { $base_name = intval($argv[3]) ? $argv[1] : addslash($argv[1]) . $argv[2]; $label = rawurldecode($argv[4]); if (@preg_match($up->filter . 'u', $label) == 1) { $up->startSilentTask($base_name, $label, $argv[5]); } } } }
$dir = isLocalMode() ? $theSettings->directory : $topDirectory; if (strpos(addslash($dir), $topDirectory) !== 0) { $dir = $topDirectory; } $dh = @opendir($dir); } $files = array(); $dirs = array(); if ($dh) { $dir = addslash($dir); while (false !== ($file = readdir($dh))) { $path = fullpath($dir . $file); if ($file == ".." && $dir == $topDirectory) { continue; } if (is_dir($path) && is_readable($path) && strpos(addslash($path), $topDirectory) === 0 && ($theSettings->uid < 0 || isUserHavePermission($theSettings->uid, $theSettings->gid, $path, 0x5))) { $dirs['/' . $file] = $path; } else { if (LFS::is_file($path) && is_readable($path) && ($theSettings->uid < 0 || isUserHavePermission($theSettings->uid, $theSettings->gid, $path, 0x4))) { $files[$file] = $path; } } } closedir($dh); ksort($files, SORT_STRING); ksort($dirs, SORT_STRING); $files = array_merge($dirs, $files); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru" lang="ru">
define("OVOVCMS_ROOT", str_replace("\\", "/", dirname(__FILE__))); define("CONFIG_PATH", OVOVCMS_ROOT . "/config"); define("COMMON_PATH", OVOVCMS_ROOT . "/common"); define("TPL_PATH", OVOVCMS_ROOT . "/templates/html"); define("INCLUDE_FUNCPATH", OVOVCMS_ROOT . "/include/function"); define("INCLUDE_CLASSPATH", OVOVCMS_ROOT . "/include/classlib"); header("Content-type:text/html; Charset=utf-8"); require_once INCLUDE_FUNCPATH . "/function.common.php"; require_once CONFIG_PATH . "/web.config.php"; require_once CONFIG_PATH . "/database.config.php"; //set_magic_quotes_runtime(0); // 检测魔术引号有无开启,如果没开启,把GET,POST,COOKIE手动转义. if (!get_magic_quotes_gpc()) { $_GET = addslash($_GET); $_POST = addslash($_POST); $_COOKIE = addslash($_COOKIE); } CheckInstall(); //检查是否安装 CheckSwitch(); //检查网站开关 require_once INCLUDE_CLASSPATH . "/mysql.class.php"; $Db = new Db(); include_once OVOVCMS_ROOT . "/include/inc/unsql.php"; require_once OVOVCMS_ROOT . "/smarty/libs/Smarty.class.php"; $smarty = new Smarty(); require_once INCLUDE_FUNCPATH . "/myLib.php"; $smarty->template_dir = OVOVCMS_ROOT . '/templates/ovov_web'; //这个放置模版文件 $smarty->compile_dir = OVOVCMS_ROOT . '/smarty/templates_web/'; //以下三个文件内容为空
$message = $locale['410']; } elseif ($_GET['status'] == "su") { $message = $locale['411']; } elseif ($_GET['status'] == "del") { $message = $locale['412']; } if ($message) { echo "<div id='close-message'><div class='alert alert-info m-t-10 admin-message'>" . $message . "</div></div>\n"; } } $result = dbcount("(article_cat_id)", DB_ARTICLE_CATS); if (!empty($result)) { if (isset($_POST['save'])) { $subject = stripinput($_POST['subject']); $body = addslash($_POST['body']); $body2 = addslash($_POST['body2']); $draft = isset($_POST['article_draft']) ? "1" : "0"; if ($settings['tinymce_enabled'] != 1) { $breaks = isset($_POST['line_breaks']) ? "y" : "n"; } else { $breaks = "n"; } $comments = isset($_POST['article_comments']) ? "1" : "0"; $ratings = isset($_POST['article_ratings']) ? "1" : "0"; if (isset($_POST['article_id']) && isnum($_POST['article_id']) && !defined("FUSION_NULL")) { $result = dbquery("UPDATE " . DB_ARTICLES . " SET article_cat='" . intval($_POST['article_cat']) . "', article_subject='{$subject}', article_snippet='{$body}', article_article='{$body2}', article_draft='{$draft}', article_breaks='{$breaks}', article_allow_comments='{$comments}', article_allow_ratings='{$ratings}' WHERE article_id='" . $_POST['article_id'] . "'"); redirect(FUSION_SELF . $aidlink . "&status=su"); } elseif (!defined("FUSION_NULL")) { $result = dbquery("INSERT INTO " . DB_ARTICLES . " (article_cat, article_subject, article_snippet, article_article, article_draft, article_breaks, article_name, article_datestamp, article_reads, article_allow_comments, article_allow_ratings) VALUES ('" . intval($_POST['article_cat']) . "', '{$subject}', '{$body}', '{$body2}', '{$draft}', '{$breaks}', '" . $userdata['user_id'] . "', '" . time() . "', '0', '{$comments}', '{$ratings}')"); redirect(FUSION_SELF . $aidlink . "&status=sn"); }
} } closedir($temp); sort($panel_list); array_unshift($panel_list, "none"); if (isset($_POST['save'])) { $error = ""; $panel_name = stripinput($_POST['panel_name']); $panel_url_list = stripinput($_POST['panel_url_list']); $panel_restriction = isset($_POST['panel_restriction']) && $_POST['panel_restriction'] == 1 ? 1 : 0; if ($panel_name == "") { $error .= $locale['470'] . "<br />"; } if ($_POST['panel_filename'] == "none") { $panel_filename = ""; $panel_content = isset($_POST['panel_content']) ? addslash($_POST['panel_content']) : ($panel_side == 1 || $panel_side == 4 ? "openside(\"name\");\n" . "echo \"Content\";\n" . "closeside();" : "opentable(\"name\");\n" . "echo \"Content\";\n" . "closetable();"); $panel_type = "php"; } else { $panel_filename = stripinput($_POST['panel_filename']); $panel_content = ""; $panel_type = "file"; } $panel_access = isnum($_POST['panel_access']) ? $_POST['panel_access'] : "0"; if ($panel_side == "1" || $panel_side == "4") { $panel_display = "0"; } else { $panel_display = isset($_POST['panel_display']) ? "1" : "0"; } if (isset($_GET['panel_id']) && isnum($_GET['panel_id'])) { if ($panel_name) { $data = dbarray(dbquery("SELECT panel_name FROM " . DB_PANELS . " WHERE panel_id='" . $_GET['panel_id'] . "'"));