define('BASE_PATH', $base);
}
// Include general configuration
/*MARKER*/
require_once BASE_PATH . '/lib/sitemap.php';
// security check done ASAP
if (!checkAuth() || empty($_SESSION['rc1']) || empty($_SESSION['rc2'])) {
    die("No external access to file");
}
$do = getGETparam4IdOrNumber('do');
$status = getGETparam4IdOrNumber('status');
$status_message = getGETparam4DisplayHTML('msg');
// Set the default template
$dir_temp = BASE_PATH . "/lib/templates/";
$get_temp = getGETparam4FullFilePath('template', $template[0] . '.tpl.html');
$chstatus = is_writable_ex($dir_temp . $get_temp);
// @dev: to test the error feedback on read-only on Win+UNIX: add '|| 1' here.
// Check for filename
if (!empty($get_temp)) {
    if (@fopen($dir_temp . $get_temp, 'r')) {
        $handle = fopen($dir_temp . $get_temp, 'r');
        // PHP5+ Feature
        $contents = stream_get_contents($handle);
        if (0) {
            // PHP4 Compatibility
            $flen = filesize($dir_temp . $get_temp);
            if ($flen > 0) {
                $contents = @fread($handle, $flen);
            }
        }
        fclose($handle);
    //  }
    exit;
}
/**
 * Regenerate all thumbnails. This will delete any existing thumbnails!
 */
if ($_SERVER['REQUEST_METHOD'] == 'GET' && $do_action == 'confirm_regen') {
    FbX::SetFeedbackLocation('lightbox.Manage.php', 'page_id=' . $page_id);
    try {
        $album_name = getGETparam4Filename('album');
        if (!empty($album_name)) {
            FbX::SetFeedbackLocation('lightbox.Manage.php', 'page_id=' . $page_id . '&album=' . $album_name);
            // Only if current user has the rights
            if ($perm->is_level_okay('manageModLightbox', $_SESSION['ccms_userLevel'])) {
                $dest = BASE_PATH . '/media/albums/' . $album_name;
                if (!is_dir($dest) && is_writable_ex($dest)) {
                    throw new FbX($ccms['lang']['system']['error_dirwrite']);
                }
                if (!is_dir($dest . '/_thumbs')) {
                    if (!@mkdir($dest . '/_thumbs')) {
                        throw new FbX($ccms['lang']['system']['error_dirwrite']);
                    }
                }
                foreach (array_diff(scandir($dest), array('.', '..', 'index.html', 'info.txt')) as $f) {
                    if (is_file($dest . '/' . $f)) {
                        $extension = pathinfo($f, PATHINFO_EXTENSION);
                        $uploadedfile = $dest . '/' . $f;
                        // Do resize
                        switch ($extension) {
                            case 'jpg':
                            case 'jpeg':
示例#3
0
 //
 if ($err == 0) {
     $htaccess = @file_get_contents(BASE_PATH . '/.htaccess');
     $newpath = $_SESSION['variables']['rootdir'];
     // remove the <IfDefine> and </IfDefine> to turn on the rewrite rules, now that we have the site configured!
     $htaccess = preg_replace('/([# \\t]*)(<IfDefine CCMS_installed>)/', '# \\2', $htaccess);
     $htaccess = preg_replace('/([# \\t]*)(<\\/IfDefine>(\\s*#\\s*CCMS_installed)?)/', '# \\2', $htaccess);
     // make sure the regexes tolerate ErrorDocument/RewriteBase lines which point at a subdirectory instead of the / root:
     $htaccess = preg_replace('/(ErrorDocument\\s+[0-9]+\\s+)\\/(.*)(index\\.php\\?page)/', '\\1' . $newpath . '\\3', $htaccess);
     $htaccess = preg_replace('/(RewriteBase\\s+)\\/.*/', '\\1' . $newpath, $htaccess);
     if (!$htaccess) {
         $errors[] = 'Fatal: could not set the RewriteBase in the .htaccess file.';
         $err++;
     } else {
         if (!$cfg['IN_DEVELOPMENT_ENVIRONMENT'] || WRITE_CFG_FILES_TO_DISK) {
             if (is_writable_ex(BASE_PATH . '/.htaccess') && ($fp = fopen(BASE_PATH . '/.htaccess', 'w'))) {
                 if (fwrite($fp, $htaccess, strlen($htaccess))) {
                     $log[] = "Successfully rewrote the .htaccess file";
                 } else {
                     $errors[] = "Fatal: Problem saving new .htaccess file.";
                     $errors[] = 'Make sure the file is writable, or <a href="index.php?do=ftp">do so now</a>.';
                     $err++;
                 }
                 fclose($fp);
             } else {
                 $errors[] = 'Fatal: the .htaccess file is not writable.';
                 $errors[] = 'Make sure the file is writable, or <a href="index.php?do=ftp">do so now</a>.';
                 $err++;
             }
         } else {
             if ($cfg['IN_DEVELOPMENT_ENVIRONMENT'] && DUMP_QUERIES_N_STUFF_IN_DEVMODE) {
示例#4
0
 if ($perm->is_level_okay('managePageEditing', $_SESSION['ccms_userLevel']) && ($row->iscoding != 'Y' || $perm->is_level_okay('managePageCoding', $_SESSION['ccms_userLevel'])) && (!in_array($row->urlpage, $cfg['restrict']) || in_array($_SESSION['ccms_userID'], $owner))) {
     $active = $row->published;
     $name = $row->urlpage;
     if ($row->iscoding == 'Y') {
         // code pages: only for users with elevated rights, so we're okay with less filtering (none at all, in this case!)
         $type = 'code';
         $content = getPOSTparam4RAWCONTENT('content');
         // accept ANYTHING: it's code, so can carry anything, including javascript and PHP code chunks!
     } else {
         $type = 'text';
         $content = getPOSTparam4RAWHTML('content');
         // [i_a] must be RAW HTML, no htmlspecialchars(). Filtering required if malicious input risk expected.
     }
     $filename = BASE_PATH . '/content/' . $name . '.php';
     $keywords = getPOSTparam4DisplayHTML('keywords');
     if (is_writable_ex($filename)) {
         if (!($handle = fopen($filename, 'w'))) {
             die('[ERR105] ' . $ccms['lang']['system']['error_openfile'] . ' (' . $filename . ').');
         }
         if (fwrite($handle, $content) === FALSE) {
             die('[ERR106] ' . $ccms['lang']['system']['error_write'] . ' (' . $filename . ').');
         }
         fclose($handle);
     } else {
         die($ccms['lang']['system']['error_chmod']);
     }
     // Save keywords to database
     $values = array();
     // [i_a] make sure $values is an empty array to start with here
     $values['keywords'] = MySQL::SQLValue($keywords, MySQL::SQLVALUE_TEXT);
     if ($db->UpdateRow($cfg['db_prefix'] . 'pages', $values, array('page_id' => MySQL::SQLValue($page_id, MySQL::SQLVALUE_NUMBER)))) {