function security_warnOnInputWithNoReferer()
{
if (!@$GLOBALS['SETTINGS']['advanced']['checkReferer']) {
return;
}
if (@$_SERVER['HTTP_REFERER']) {
return;
}
if (isFlashUploader()) {
return;
}
// skip for flash uploader (flash doesn't always send referer)
// allowed link combinations
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
if (!array_diff(array_keys($_REQUEST), array('menu', 'userNum', 'resetCode'))) {
return;
}
// skip if nothing but password-reset form keys
}
//
$error = '';
$userInput = @$_REQUEST || @$_POST || @$_GET || @$_SERVER['QUERY_STRING'] || @$_SERVER['PATH_INFO'];
if ($userInput) {
$format = "Security Warning: A manually entered link with user input was detected.\n";
$format .= "If you didn't type this url in yourself, please close this browser window.\n";
$error = nl2br(t($format));
if (isAjaxRequest()) {
$error = strip_tags(html_entity_decode($error));
}
}
return $error;
}
function loginCookie_get()
{
// get login data
$loginData = array();
$cookieLoginDataEncoded = getPrefixedCookie(loginCookie_name());
// Flash Cookie Bug Fix - Flash sometimes sends no cookies (or cookies from IE when you're using Firefox).
// ... So we fake it by passing the loginCookie via a POST request. Security: Use POST instead of GET so
// ... sessions can't be force-created or hijacked with GET urls (and so login data won't get stored in server logs)
$loginDataEncoded = isFlashUploader() ? @$_POST['_FLASH_COOKIE_BUG_FIX_'] : $cookieLoginDataEncoded;
if ($loginDataEncoded) {
$loginData = json_decode(base64_decode(strrev($loginDataEncoded)), true);
}
// check if session has expired
$sessionExpired = false;
if ($loginData) {
// get session expiry in seconds
$maxSeconds = loginExpirySeconds();
// clear login username and passwordHash if login_expiry_limit exceeded, and set $hasExpired
$secondsAgo = time() - $loginData['lastAccess'];
if ($loginData['lastAccess'] && $secondsAgo > $maxSeconds) {
$loginData['username'] = '';
$loginData['passwordHash'] = '';
$sessionExpired = true;
loginCookie_remove();
}
}
//
$username = $sessionExpired ? '' : (isset($loginData['username']) ? $loginData['username'] : '');
$passwordHash = $sessionExpired ? '' : (isset($loginData['passwordHash']) ? $loginData['passwordHash'] : '');
return array($sessionExpired, $username, $passwordHash);
}
}
list($uploadDir, $uploadUrl) = getUploadDirAndUrl($schema[$fieldname]);
if (!file_exists($uploadDir)) {
mkdir_recursive($uploadDir, 0755);
}
// create upload dir (if not possible, dir not exists error will show below)
if (!file_exists($uploadDir)) {
die("Upload directory '" . htmlencode($uploadDir) . "' doesn't exist!");
} elseif (!is_writable($uploadDir)) {
die("Upload directory '" . htmlencode($uploadDir) . "' isn't writable!");
}
// submit uploads
if (@$_REQUEST['submitUploads']) {
submitUploadForm();
// if this is the flash uploader, report the errors instead of generating a non-flash upload html form
if (isFlashUploader()) {
print $GLOBALS['errors'];
exit;
}
}
//
function submitUploadForm()
{
global $errors, $menu;
$isWysiwyg = @$_REQUEST['wysiwygForm'];
//
if ($isWysiwyg) {
disableInDemoMode('', 'default/wysiwygUploads.php', false);
} else {
disableInDemoMode('', 'default/uploadForm.php', false);
}