function __construct() { global $lang, $dB; $this->dB = $dB; // Parse the definitions to this object.. This nos not necessary but in case of changes... $this->root_url = __CHV_RELATIVE_ROOT__; $this->base_url = __CHV_BASE_URL__; $this->path_images = rtrim(__CHV_PATH_IMAGES__, '/') . '/'; $this->path_theme = __CHV_PATH_THEME__; // Parse the params $this->request_uri = $_SERVER['REQUEST_URI']; $this->script_name = $_SERVER['SCRIPT_NAME']; $this->valid_request = sanitize_path($this->request_uri); // Build the canonical request // All the dirs will have a traling slash no matter in what whe are (Linux, Windows, etc) $this->canonical_request = '/' . $this->valid_request; if (is_dir(__CHV_ROOT_DIR__ . $this->valid_request)) { $this->canonical_request .= '/'; } $this->handled_request = $this->root_url == '/' ? $this->valid_request : str_ireplace($this->root_url, '', $this->add_trailing_slashes($this->request_uri)); $this->request_array = explode('/', rtrim(str_replace("//", "/", str_replace("?", "/", $this->handled_request)), '/')); $this->base_request = $this->request_array[0]; // Override this vars just for the admin area if ($this->base_request == chevereto_config('admin_folder')) { $this->root_url = __CHV_RELATIVE_ADMIN__; $this->base_url = __CHV_ADMIN_URL__; } // If the request is invalid we make a 301 redirection to the canonical url. if ($this->root_url !== $this->request_uri and $this->canonical_request !== $this->request_uri) { $this->redirect($this->base_redirection($this->canonical_request), 301); } // It's a valid request on admin or index.php? if ($this->base_request !== chevereto_config('admin_folder')) { if ($this->is_index()) { $this->proccess_request(); } } else { // Admin credentials if (!check_value(chevereto_config('admin_password'))) { $admin_password_errors[] = 'You need to set the admin password in <code>$config[\'admin_password\']</code>'; } if (chevereto_config('admin_password') == 'password') { $admin_password_errors[] = 'You haven\'t changed the default admin password. Please set this value in <code>$config[\'admin_password\']</code>'; } if (check_value($admin_password_errors) && !is_localhost()) { chevereto_die($admin_password_errors, 'Config error', array('You need to fix the configuration related to the admin credentials before use this area.')); } require_once __CHV_PATH_ADMIN_CLASSES__ . 'class.adminhandler.php'; $handler = new AdminHandler($this->valid_request); die; } }
public function updates() { $builtin_path = SHOPP_PATH . '/templates'; $theme_path = sanitize_path(STYLESHEETPATH . '/shopp'); if (Shopp::str_true($this->form('theme_templates')) && !is_dir($theme_path)) { $this->form['theme_templates'] = 'off'; $this->notice(Shopp::__("Shopp theme templates can't be used because they don't exist."), 'error'); } if (empty($this->form('catalog_pagination'))) { $this->form['catalog_pagination'] = 0; } // Recount terms when this setting changes if ($this->form('outofstock_catalog') != shopp_setting('outofstock_catalog')) { $taxonomy = ProductCategory::$taxon; $terms = get_terms($taxonomy, array('hide_empty' => 0, 'fields' => 'ids')); if (!empty($terms)) { wp_update_term_count_now($terms, $taxonomy); } } shopp_set_formsettings(); $this->notice(Shopp::__('Presentation settings saved.'), 'notice', 20); }
/** * processes the post from the above * @param int $index the index of the entry in mass edit or 0 if single album * @param object $album the album object * @param string $redirectto used to redirect page refresh on move/copy/rename * @return string error flag if passwords don't match * @since 1.1.3 */ function processAlbumEdit($index, &$album, &$redirectto) { $redirectto = NULL; // no redirection required if ($index == 0) { $prefix = $suffix = ''; } else { $prefix = "{$index}-"; $suffix = "_{$index}"; } $notify = ''; $album->setTitle(process_language_string_save($prefix . 'albumtitle', 2)); $album->setDesc(process_language_string_save($prefix . 'albumdesc', EDITOR_SANITIZE_LEVEL)); if (isset($_POST['tag_list_tags_' . $prefix])) { $tags = sanitize($_POST['tag_list_tags_' . $prefix]); } else { $tags = array(); } $tags = array_unique($tags); $album->setTags($tags); if (isset($_POST[$prefix . 'thumb'])) { $album->setThumb(sanitize($_POST[$prefix . 'thumb'])); } $album->setCommentsAllowed(isset($_POST[$prefix . 'allowcomments'])); $sorttype = strtolower(sanitize($_POST[$prefix . 'sortby'], 3)); if ($sorttype == 'custom') { $sorttype = unquote(strtolower(sanitize($_POST[$prefix . 'customimagesort'], 3))); } $album->setSortType($sorttype); if ($sorttype == 'manual' || $sorttype == 'random') { $album->setSortDirection(false, 'image'); } else { if (empty($sorttype)) { $direction = false; } else { $direction = isset($_POST[$prefix . 'image_sortdirection']); } $album->setSortDirection($direction, 'image'); } $sorttype = strtolower(sanitize($_POST[$prefix . 'subalbumsortby'], 3)); if ($sorttype == 'custom') { $sorttype = strtolower(sanitize($_POST[$prefix . 'customalbumsort'], 3)); } $album->setSortType($sorttype, 'album'); if ($sorttype == 'manual' || $sorttype == 'random') { $album->setSortDirection(false, 'album'); } else { $album->setSortDirection(isset($_POST[$prefix . 'album_sortdirection']), 'album'); } if (isset($_POST['reset_hitcounter' . $prefix])) { $album->set('hitcounter', 0); } if (isset($_POST[$prefix . 'reset_rating'])) { $album->set('total_value', 0); $album->set('total_votes', 0); $album->set('used_ips', 0); } $pubdate = $album->setPublishDate(sanitize($_POST['publishdate-' . $prefix])); $album->setExpireDate(sanitize($_POST['expirationdate-' . $prefix])); $fail = ''; processCredentials($album, $suffix); $oldtheme = $album->getAlbumTheme(); if (isset($_POST[$prefix . 'album_theme'])) { $newtheme = sanitize($_POST[$prefix . 'album_theme']); if ($oldtheme != $newtheme) { $album->setAlbumTheme($newtheme); } } if (isset($_POST[$prefix . 'album_watermark'])) { $album->setWatermark(sanitize($_POST[$prefix . 'album_watermark'], 3)); $album->setWatermarkThumb(sanitize($_POST[$prefix . 'album_watermark_thumb'], 3)); } $album->setShow(isset($_POST[$prefix . 'Published'])); zp_apply_filter('save_album_custom_data', NULL, $prefix, $album); zp_apply_filter('save_album_utilities_data', $album, $prefix); $album->save(); // Move/Copy/Rename the album after saving. $movecopyrename_action = ''; if (isset($_POST['a-' . $prefix . 'MoveCopyRename'])) { $movecopyrename_action = sanitize($_POST['a-' . $prefix . 'MoveCopyRename'], 3); } if ($movecopyrename_action == 'delete') { $dest = dirname($album->name); if ($album->remove()) { if ($dest == '/' || $dest == '.') { $dest = ''; } $redirectto = $dest; } else { $notify = "&mcrerr=7"; } } if ($movecopyrename_action == 'move') { $dest = sanitize_path($_POST['a' . $prefix . '-albumselect']); // Append the album name. $dest = ($dest ? $dest . '/' : '') . (strpos($album->name, '/') === FALSE ? $album->name : basename($album->name)); if ($dest && $dest != $album->name) { if ($suffix = $album->isDynamic()) { // be sure there is a .alb suffix if (substr($dest, -4) != '.' . $suffix) { $dest .= '.' . suffix; } } if ($e = $album->move($dest)) { $notify = "&mcrerr=" . $e; } else { $redirectto = $dest; } } else { // Cannot move album to same album. $notify = "&mcrerr=3"; } } else { if ($movecopyrename_action == 'copy') { $dest = sanitize_path($_POST['a' . $prefix . '-albumselect']); if ($dest && $dest != $album->name) { if ($e = $album->copy($dest)) { $notify = "&mcrerr=" . $e; } } else { // Cannot copy album to existing album. // Or, copy with rename? $notify = '&mcrerr=3'; } } else { if ($movecopyrename_action == 'rename') { $renameto = sanitize_path($_POST['a' . $prefix . '-renameto']); $renameto = str_replace(array('/', '\\'), '', $renameto); if (dirname($album->name) != '.') { $renameto = dirname($album->name) . '/' . $renameto; } if ($renameto != $album->name) { if ($suffix = $album->isDynamic()) { // be sure there is a .alb suffix if (substr($renameto, -4) != '.' . $suffix) { $renameto .= '.' . $suffix; } } if ($e = $album->rename($renameto)) { $notify = "&mcrerr=" . $e; } else { $redirectto = $renameto; } } else { $notify = "&mcrerr=3"; } } } } return $notify; }
/** * Update the stored path to the activated theme * * Automatically updates the Ecart theme path setting when the * a new theme is activated. * * @since 1.1 * * @return void **/ function themepath () { global $Ecart; $Ecart->Settings->save('theme_templates',addslashes(sanitize_path(STYLESHEETPATH.'/'."ecart"))); }
public function presentation() { if (!current_user_can('shopp_settings_presentation')) { wp_die(__('You do not have sufficient permissions to access this page.')); } $builtin_path = SHOPP_PATH . '/templates'; $theme_path = sanitize_path(STYLESHEETPATH . '/shopp'); $term_recount = false; if (!empty($_POST['save'])) { check_admin_referer('shopp-settings-presentation'); $updated = __('Shopp presentation settings saved.', 'Shopp'); if (isset($_POST['settings']['theme_templates']) && $_POST['settings']['theme_templates'] == 'on' && !is_dir($theme_path)) { $_POST['settings']['theme_templates'] = 'off'; $updated = __('Shopp theme templates can\'t be used because they don\'t exist.', 'Shopp'); } if (empty($_POST['settings']['catalog_pagination'])) { $_POST['settings']['catalog_pagination'] = 0; } // Recount terms when this setting changes if (isset($_POST['settings']['outofstock_catalog']) && $_POST['settings']['outofstock_catalog'] != shopp_setting('outofstock_catalog')) { $term_recount = true; } shopp_set_formsettings(); $this->notice(Shopp::__('Presentation settings saved.'), 'notice', 20); } if ($term_recount) { $taxonomy = ProductCategory::$taxon; $terms = get_terms($taxonomy, array('hide_empty' => 0, 'fields' => 'ids')); if (!empty($terms)) { wp_update_term_count_now($terms, $taxonomy); } } // Copy templates to the current WordPress theme if (!empty($_POST['install'])) { check_admin_referer('shopp-settings-presentation'); copy_shopp_templates($builtin_path, $theme_path); } $status = 'available'; if (!is_dir($theme_path)) { $status = 'directory'; } else { if (!is_writable($theme_path)) { $status = 'permissions'; } else { $builtin = array_filter(scandir($builtin_path), 'filter_dotfiles'); $theme = array_filter(scandir($theme_path), 'filter_dotfiles'); if (empty($theme)) { $status = 'ready'; } else { if (array_diff($builtin, $theme)) { $status = 'incomplete'; } } } } $category_views = array('grid' => __('Grid', 'Shopp'), 'list' => __('List', 'Shopp')); $row_products = array(2, 3, 4, 5, 6, 7); $productOrderOptions = ProductCategory::sortoptions(); $productOrderOptions['custom'] = __('Custom', 'Shopp'); $orderOptions = array('ASC' => __('Order', 'Shopp'), 'DESC' => __('Reverse Order', 'Shopp'), 'RAND' => __('Shuffle', 'Shopp')); $orderBy = array('sortorder' => __('Custom arrangement', 'Shopp'), 'created' => __('Upload date', 'Shopp')); include $this->ui('presentation.php'); }
} else { $r = '?page=edit&album=' . html_encode(pathurlencode($ret = sanitize_path($return))); if (strpos($return, '*') === 0) { $r .= '&tab=subalbuminfo'; $star = '*'; } else { $star = ''; } $backurl = 'admin-edit.php' . $r . '&return=' . $star . html_encode(pathurlencode($ret)); } } if (isset($_REQUEST['album'])) { if (isset($_POST['album'])) { $folder = sanitize_path(urldecode($_POST['album'])); } else { $folder = sanitize_path($_GET['album']); } if (!empty($folder)) { $album = newAlbum($folder); if (!$album->isMyItem(ALBUM_RIGHTS)) { if (!zp_apply_filter('admin_managed_albums_access', false, $return)) { header('Location: ' . FULLWEBPATH . '/' . ZENFOLDER . '/admin.php'); exitZP(); } } } $albumparm = '&album=' . pathurlencode($folder); } if (isset($_GET['refresh'])) { if (empty($imageid)) { $metaURL = $backurl;
weightUnit = '<?php echo shopp_setting('weight_unit'); ?> ', dimensionUnit = '<?php echo shopp_setting('dimension_unit'); ?> ', storage = '<?php echo shopp_setting('product_storage'); ?> ', productspath = '<?php /* realpath needed for relative paths */ chdir(WP_CONTENT_DIR); echo addslashes(trailingslashit(sanitize_path(realpath(shopp_setting('products_path'))))); ?> ', imageupload_debug = <?php echo defined('SHOPP_IMAGEUPLOAD_DEBUG') && SHOPP_IMAGEUPLOAD_DEBUG ? 'true' : 'false'; ?> , fileupload_debug = <?php echo defined('SHOPP_FILEUPLOAD_DEBUG') && SHOPP_FILEUPLOAD_DEBUG ? 'true' : 'false'; ?> , dimensionsRequired = <?php echo $Shopp->Shipping->dimensions ? 'true' : 'false'; ?> , startWeekday = <?php
/** * Returns the albumname and TRUE or FALSE for the collection mode (album + subalbums) * * @param string $arrayfield "albumfolder" or "collection" * @return mixed */ function getRSSAlbumnameAndCollection($arrayfield) { $arrayfield = sanitize($arrayfield); if (!empty($arrayfield)) { if (isset($_GET['albumname'])) { $albumfolder = sanitize_path($_GET['albumname']); if (!file_exists(ALBUM_FOLDER_SERVERPATH . '/' . $albumfolder)) { $albumfolder = NULL; } $collection = FALSE; } else { if (isset($_GET['folder'])) { $albumfolder = sanitize_path($_GET['folder']); if (!file_exists(ALBUM_FOLDER_SERVERPATH . '/' . $albumfolder)) { $albumfolder = NULL; $collection = FALSE; } else { $collection = TRUE; } } else { $albumfolder = NULL; $collection = FALSE; } } $array = array("albumfolder" => $albumfolder, "collection" => $collection); return $array[$arrayfield]; } }
} /*** Workaround the admin request ***/ if (preg_match('/\\/admin\\//', $_SERVER['REQUEST_URI'])) { define('access', 'admin'); define('SKIP_MAINTENANCE', true); } /*** Include the core functions ***/ file_exists(__CHV_FILE_FUNCTIONS__) ? require_once __CHV_FILE_FUNCTIONS__ : die('Can\'t find <strong>' . __CHV_FILE_FUNCTIONS__ . '</strong>. Make sure you have uploaded this file.'); require_once __CHV_PATH_INCLUDES__ . 'template.functions.php'; /*** Set some url paths ***/ define('__CHV_URL_SYSTEM_JS__', absolute_to_url(__CHV_PATH_SYSTEM_JS__)); define('__CHV_URL_THEME__', absolute_to_url(__CHV_PATH_THEME__)); define('__CHV_URL_UPDATE_SCRIPT__', __CHV_BASE_URL__ . 'update.php'); // Virtual paths define('__CHV_VIRTUALFOLDER_IMAGE__', sanitize_path($config['virtual_folder_image'])); define('__CHV_VIRTUALFOLDER_UPLOADED__', sanitize_path($config['virtual_folder_uploaded'])); /*** Call the dB class ***/ require_once __CHV_PATH_CLASSES__ . 'class.db.php'; $dB = new dB(); /*** Call the Login class ***/ require_once __CHV_PATH_CLASSES__ . 'class.login.php'; $Login = new Login(); /*** Call the ShortURL class ***/ require_once __CHV_PATH_CLASSES__ . 'class.shorturl.php'; $ShortURL = new ShortURL(); /*** Flood protection ***/ if (preg_match('/upload/', access)) { $flood = is_upload_flood(); } /*** maintenance ***/ if (preg_match('/upload|API|pref/', access) && chevereto_config('maintenance')) {
if (!empty($title) && $newAlbum) { $album->setTitle($title); } if ($new) { $album->setOwner($_zp_current_admin_obj->getUser()); } $album->save(); } else { $AlbumDirName = str_replace(SERVERPATH, '', $_zp_gallery->albumdir); zp_error(gettext("The album could not be created in the “albums” folder. This is usually a permissions problem. Try setting the permissions on the “albums” and “cache” folders to be world-writable using a shell:") . " <code>chmod 777 " . $AlbumDirName . '/' . CACHEFOLDER . '/' . "</code>, " . gettext("or use your FTP program to give everyone write permissions to those folders.")); } foreach ($_FILES['files']['error'] as $key => $error) { $filecount++; if ($error == UPLOAD_ERR_OK) { $tmp_name = $_FILES['files']['tmp_name'][$key]; $name = sanitize_path($_FILES['files']['name'][$key]); $soename = seoFriendly($name); $error = zp_apply_filter('check_upload_quota', UPLOAD_ERR_OK, $tmp_name); if (!$error) { if (Gallery::validImage($name) || Gallery::validImageAlt($name)) { if (strrpos($soename, '.') === 0) { $soename = md5($name) . $soename; } // soe stripped out all the name. if (!$error) { $uploadfile = $targetPath . '/' . internalToFilesystem($soename); if (file_exists($uploadfile)) { $append = '_' . time(); $soename = stripSuffix($soename) . $append . '.' . getSuffix($soename); $uploadfile = $targetPath . '/' . internalToFilesystem($soename); }
/** * Handles saving updates from the product editor * * Saves all product related information which includes core product data * and supporting elements such as images, digital downloads, tags, * assigned categories, specs and pricing variations. * * @return void **/ function save_product ($Product) { $db = DB::get(); $Settings = &EcartSettings(); check_admin_referer('ecart-save-product'); if ( !(is_ecart_userlevel() || current_user_can('ecart_products')) ) wp_die(__('You do not have sufficient permissions to access this page.')); $Settings->saveform(); // Save workflow setting $base = $Settings->get('base_operations'); $taxrate = 0; if ($base['vat']) $taxrate = ecart_taxrate(null,true,$Product); if (empty($_POST['options'])) $Product->options = array(); else $_POST['options'] = stripslashes_deep($_POST['options']); if (empty($Product->slug)) $Product->slug = sanitize_title_with_dashes($_POST['name']); // Check for an existing product slug $exclude_product = !empty($Product->id)?"AND id != $Product->id":""; $existing = $db->query("SELECT slug FROM $Product->_table WHERE slug='$Product->slug' $exclude_product LIMIT 1"); if ($existing) { $suffix = 2; while($existing) { $altslug = substr($Product->slug, 0, 200-(strlen($suffix)+1)). "-".$suffix++; $existing = $db->query("SELECT slug FROM $Product->_table WHERE slug='$altslug' $exclude_product LIMIT 1"); } $Product->slug = $altslug; } if ($_POST['status'] == "publish") { $publishfields = array('month' => '','date' => '','year' => '','hour'=>'','minute'=>'','meridiem'=>''); $publishdate = join('',array_merge($publishfields,$_POST['publish'])); if (!empty($publishdate)) { if ($_POST['publish']['meridiem'] == "PM" && $_POST['publish']['hour'] < 12) $_POST['publish']['hour'] += 12; $_POST['publish'] = mktime($_POST['publish']['hour'],$_POST['publish']['minute'],0,$_POST['publish']['month'],$_POST['publish']['date'],$_POST['publish']['year']); } else { unset($_POST['publish']); // Auto set the publish date if not set (or more accurately, if set to an irrelevant timestamp) if ($Product->publish <= 86400) $Product->publish = time(); } } else { unset($_POST['publish']); $Product->publish = 0; } if (isset($_POST['content'])) $_POST['description'] = $_POST['content']; $Product->updates($_POST,array('categories','prices')); $Product->save(); $Product->save_categories($_POST['categories']); $Product->save_tags(explode(",",$_POST['taglist'])); if (!empty($_POST['price']) && is_array($_POST['price'])) { // Delete prices that were marked for removal if (!empty($_POST['deletePrices'])) { $deletes = array(); if (strpos($_POST['deletePrices'],",")) $deletes = explode(',',$_POST['deletePrices']); else $deletes = array($_POST['deletePrices']); foreach($deletes as $option) { $Price = new Price($option); $Price->delete(); } } // Save prices that there are updates for foreach($_POST['price'] as $i => $option) { if (empty($option['id'])) { $Price = new Price(); $option['product'] = $Product->id; } else $Price = new Price($option['id']); $option['sortorder'] = array_search($i,$_POST['sortorder'])+1; // Remove VAT amount to save in DB if ($base['vat'] && isset($option['tax']) && $option['tax'] == "on") { $option['price'] = (floatvalue($option['price'])/(1+$taxrate)); $option['saleprice'] = (floatvalue($option['saleprice'])/(1+$taxrate)); } $option['shipfee'] = floatvalue($option['shipfee']); $option['weight'] = floatvalue($option['weight']); if (isset($options['dimensions']) && is_array($options['dimensions'])) foreach ($option['dimensions'] as &$dimension) $dimension = floatvalue($dimension); $Price->updates($option); $Price->save(); if (!empty($option['download'])) $Price->attach_download($option['download']); if (!empty($option['downloadpath'])) { // Attach file specified by URI/path if (!empty($Price->download->id) || (empty($Price->download) && $Price->load_download())) { $File = $Price->download; } else $File = new ProductDownload(); $stored = false; $tmpfile = sanitize_path($option['downloadpath']); $File->storage = false; $Engine = $File->_engine(); // Set engine from storage settings $File->parent = $Price->id; $File->context = "price"; $File->type = "download"; $File->name = !empty($option['downloadfile'])?$option['downloadfile']:basename($tmpfile); $File->filename = $File->name; if ($File->found($tmpfile)) { $File->uri = $tmpfile; $stored = true; } else $stored = $File->store($tmpfile,'file'); if ($stored) { $File->readmeta(); $File->save(); } } // END attach file by path/uri } unset($Price); } // No variation options at all, delete all variation-pricelines if (!empty($Product->prices) && is_array($Product->prices) && (empty($_POST['options']['v']) || empty($_POST['options']['a']))) { foreach ($Product->prices as $priceline) { // Skip if not tied to variation options if ($priceline->optionkey == 0) continue; if ((empty($_POST['options']['v']) && $priceline->context == "variation") || (empty($_POST['options']['a']) && $priceline->context == "addon")) { $Price = new Price($priceline->id); $Price->delete(); } } } if (!empty($_POST['details']) || !empty($_POST['deletedSpecs'])) { $deletes = array(); if (!empty($_POST['deletedSpecs'])) { if (strpos($_POST['deletedSpecs'],",")) $deletes = explode(',',$_POST['deletedSpecs']); else $deletes = array($_POST['deletedSpecs']); foreach($deletes as $option) { $Spec = new Spec($option); $Spec->delete(); } unset($Spec); } if (is_array($_POST['details'])) { foreach ($_POST['details'] as $i => $spec) { if (in_array($spec['id'],$deletes)) continue; if (isset($spec['new'])) { $Spec = new Spec(); $spec['id'] = ''; $spec['parent'] = $Product->id; } else $Spec = new Spec($spec['id']); $spec['sortorder'] = array_search($i,$_POST['details-sortorder'])+1; $Spec->updates($spec); $Spec->save(); } } } if (!empty($_POST['deleteImages'])) { $deletes = array(); if (strpos($_POST['deleteImages'],",")) $deletes = explode(',',$_POST['deleteImages']); else $deletes = array($_POST['deleteImages']); $Product->delete_images($deletes); } if (!empty($_POST['images']) && is_array($_POST['images'])) { $Product->link_images($_POST['images']); $Product->save_imageorder($_POST['images']); if (!empty($_POST['imagedetails'])) $Product->update_images($_POST['imagedetails']); } do_action_ref_array('ecart_product_saved',array(&$Product)); unset($Product); return true; }
header('Location: ' . FULLWEBPATH . '/' . ZENFOLDER . '/admin.php'); exit; } } $sql = "SELECT `id` FROM " . prefix('albums') . " WHERE `folder`=" . db_quote($folder); $row = query_single_row($sql); $id = $row['id']; } if (!empty($id)) { $imagewhere = "WHERE `albumid`={$id}"; $r = " {$folder}"; $albumwhere = "WHERE `parentid`={$id}"; } } if (isset($_REQUEST['return'])) { $ret = sanitize_path($_REQUEST['return']); } if (!empty($ret)) { $ret = '&return=' . $ret; } $metaURL = $starturl = '?' . $type . 'refresh=start' . $albumparm . '&XSRFToken=' . getXSRFToken('refresh') . $ret; } } printAdminHeader($tab, 'refresh'); if (!empty($metaURL)) { ?> <meta http-equiv="refresh" content="1; url=<?php echo $metaURL; ?> " /> <?php
/** * Initializing routine for the session management. * * @since 1.1 * * @return boolean **/ function open ($path,$name) { $this->path = $path; if (empty($this->path)) $this->path = sanitize_path(realpath(ECART_TEMP_PATH)); $this->trash(); // Clear out any residual session information before loading new data if (empty($this->session)) $this->session = session_id(); // Grab our session id $this->ip = $_SERVER['REMOTE_ADDR']; // Save the IP address making the request if (!isset($_COOKIE[ECART_SECURE_KEY])) $this->securekey(); return true; }
/** * Read the wp-config file to import WP settings without loading all of WordPress * * @since 1.1 * @return boolean If the load was successful or not **/ function load_ecarts_wpconfig () { global $table_prefix; $configfile = 'wp-config.php'; $loadfile = 'wp-load.php'; $wp_config_path = $wp_abspath = false; $syspath = explode('/',$_SERVER['SCRIPT_FILENAME']); $uripath = explode('/',$_SERVER['SCRIPT_NAME']); $rootpath = array_diff($syspath,$uripath); $root = '/'.join('/',$rootpath); $filepath = dirname(!empty($_SERVER['SCRIPT_FILENAME'])?$_SERVER['SCRIPT_FILENAME']:__FILE__); if ( file_exists(sanitize_path($root).'/'.$loadfile)) $wp_abspath = $root; if ( isset($_SERVER['ECART_WPCONFIG_PATH']) && file_exists(sanitize_path($_SERVER['ECART_WPCONFIG_PATH']).'/'.$configfile) ) { // SetEnv ECART_WPCONFIG_PATH /path/to/wpconfig // and ECART_ABSPATH used on webserver site config $wp_config_path = $_SERVER['ECART_WPCONFIG_PATH']; } elseif ( strpos($filepath, $root) !== false ) { // Ecart directory has DOCUMENT_ROOT ancenstor, find wp-config.php $fullpath = explode ('/', sanitize_path($filepath) ); while (!$wp_config_path && ($dir = array_pop($fullpath)) !== null) { if (file_exists( sanitize_path(join('/',$fullpath)).'/'.$loadfile )) $wp_abspath = join('/',$fullpath); if (file_exists( sanitize_path(join('/',$fullpath)).'/'.$configfile )) $wp_config_path = join('/',$fullpath); } } elseif ( file_exists(sanitize_path($root).'/'.$configfile) ) { $wp_config_path = $root; // WordPress install in DOCUMENT_ROOT } elseif ( file_exists(sanitize_path(dirname($root)).'/'.$configfile) ) { $wp_config_path = dirname($root); // wp-config up one directory from DOCUMENT_ROOT } $wp_config_file = sanitize_path($wp_config_path).'/'.$configfile; if ( $wp_config_path !== false ) $config = file_get_contents($wp_config_file); else return false; preg_match_all('/^\s*?(define\(\s*?\'(.*?)\'\s*?,\s*(.*?)\);)/m',$config,$defines,PREG_SET_ORDER); foreach($defines as $defined) if (!defined($defined[2])) { list($line,$line,$name,$value) = $defined; $value = str_replace('__FILE__',"'$wp_abspath/$loadfile'",$value); $value = safe_define_ev($value); // Override ABSPATH with ECART_ABSPATH if ($name == "ABSPATH" && isset($_SERVER['ECART_ABSPATH']) && file_exists(sanitize_path($_SERVER['ECART_ABSPATH']).'/'.$loadfile)) $value = rtrim(sanitize_path($_SERVER['ECART_ABSPATH']),'/').'/'; define($name,$value); } // Get the $table_prefix value preg_match('/(\$table_prefix\s*?=.+?);/m',$config,$match); $table_prefix = safe_define_ev($match[1]); if(function_exists("date_default_timezone_set") && function_exists("date_default_timezone_get")) @date_default_timezone_set(@date_default_timezone_get()); return true; }
static function handleOptionSave($themename, $themealbum) { $notify = ''; $list = array(); foreach ($_POST as $key => $param) { if ($param) { if (strpos($key, 'ipBlocker_ip_') !== false) { if (preg_match("/^(([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\$/", $param)) { $p = explode('_', substr($key, 13)); $list[$p[1]][$p[0]] = $param; } } } } foreach ($list as $key => $range) { if (!array_key_exists('start', $range) || !array_key_exists('end', $range)) { unset($list[$key]); $notify .= gettext('IP address format error') . '<br />'; } } setOption('ipBlocker_list', serialize($list)); purgeOption('ipBlocker_import'); if (!empty($_POST['ipBlocker_import'])) { $file = SERVERPATH . '/' . UPLOAD_FOLDER . '/' . sanitize_path($_POST['ipBlocker_import']); if (file_exists($file)) { $import_list = array(); // insert current list into import list for posterity foreach ($list as $range) { $ipa = explode('.', $range['end']); $ipend = sprintf('%03u.%03u.%03u.%03u', @$ipa[0], @$ipa[1], @$ipa[2], @$ipa[3]); $ipa = explode('.', $range['start']); do { $current = sprintf('%03u.%03u.%03u.%03u', @$ipa[0], @$ipa[1], @$ipa[2], @$ipa[3]); $ipa[3]++; if ($ipa[3] > 255) { $ipa[3] = 0; $ipa[2]++; if ($ipa[2] > 255) { $ipa[2] = 0; $ipa[2]++; if ($ipa[1] > 255) { $ipa[1] = 0; $ipa[0]++; if ($ipa[0] > 255) { break; } } } } $import_list[] = $current; } while ($current < $ipend); } $import = explode("\n", file_get_contents($file)); foreach ($import as $ip) { $ip = trim($ip); if ($ip) { $ipa = explode('.', $ip); $import_list[] = sprintf('%03u.%03u.%03u.%03u', @$ipa[0], @$ipa[1], @$ipa[2], @$ipa[3]); } } $list = array(); if (!empty($import_list)) { $import_list = array_unique($import_list); // remove duplicates sort($import_list); //now make a range pair list for the storage. $current = $start = array_shift($import_list); $end = $start; $clean = false; while (!empty($import_list)) { $try = trim(array_shift($import_list)); if ($try) { // ignore empty lines $ipa = explode('.', $current); $ipa[3]++; if ($ipa[3] > 255) { $ipa[3] = 0; $ipa[2]++; if ($ipa[2] > 255) { $ipa[2] = 0; $ipa[2]++; if ($ipa[1] > 255) { $ipa[1] = 0; $ipa[0]++; if ($ipa[0] > 255) { break; } } } } $next = sprintf('%03u.%03u.%03u.%03u', @$ipa[0], @$ipa[1], @$ipa[2], @$ipa[3]); $current = $try; if ($clean = $current != $next) { $list[] = array('start' => $start, 'end' => $end); $start = $end = $current; } else { $end = $next; } } } if (!$clean) { $list[] = array('start' => $start, 'end' => $end); } setOption('ipBlocker_list', serialize($list)); } } } if ($notify) { return '&custom=' . $notify; } else { return false; } }
* Copyright 2010, Sebastian Tschan * https://blueimp.net * * Licensed under the MIT license: * http://creativecommons.org/licenses/MIT/ */ define('OFFSET_PATH', 3); require_once dirname(dirname(dirname(__FILE__))) . '/admin-globals.php'; $_zp_loggedin = NULL; if (isset($_POST['auth'])) { $hash = sanitize($_POST['auth']); $id = sanitize($_POST['id']); $_zp_loggedin = $_zp_authority->checkAuthorization($hash, $id); } admin_securityChecks(UPLOAD_RIGHTS, $return = currentRelativeURL()); $folder = zp_apply_filter('admin_upload_process', sanitize_path($_POST['folder'])); $types = array_keys($_zp_extra_filetypes); $types = array_merge($_zp_supported_images, $types); $types = zp_apply_filter('upload_filetypes', $types); $options = array('upload_dir' => $targetPath = ALBUM_FOLDER_SERVERPATH . internalToFilesystem($folder) . '/', 'upload_url' => imgSrcURI(ALBUM_FOLDER_WEBPATH . $folder) . '/', 'accept_file_types' => '/(' . implode('|\\.', $types) . ')$/i'); $new = !is_dir($targetPath); if (!empty($folder)) { if ($new) { $rightsalbum = newAlbum(dirname($folder), true, true); } else { $rightsalbum = newAlbum($folder, true, true); } if ($rightsalbum->exists) { if (!$rightsalbum->isMyItem(UPLOAD_RIGHTS)) { if (!zp_apply_filter('admin_managed_albums_access', false, $return)) { header('Location: ' . FULLWEBPATH . '/' . ZENFOLDER . '/admin.php');
/** * Handles the special cases of album/image[rewrite_suffix] * * Separates the image part from the album if it is an image reference * Strips off the mod_rewrite_suffix if present * Handles dynamic album names that do not have the .alb suffix appended * * @param string $albumvar $_GET index for "albums" * @param string $imagevar $_GET index for "images" */ function rewrite_get_album_image($albumvar, $imagevar) { global $_zp_rewritten, $_zp_albumHandlers; $ralbum = isset($_GET[$albumvar]) ? trim(sanitize_path($_GET[$albumvar]), '/') : NULL; $rimage = isset($_GET[$imagevar]) ? sanitize($_GET[$imagevar]) : NULL; // we assume that everything is correct if rewrite rules were not applied if ($_zp_rewritten) { if (!empty($ralbum) && empty($rimage)) { // rewrite rules never set the image part! $path = internalToFilesystem(getAlbumFolder(SERVERPATH) . $ralbum); if (IM_SUFFIX) { // require the rewrite have the suffix as well if (preg_match('|^(.*)' . preg_quote(IM_SUFFIX) . '$|', $ralbum, $matches)) { //has an IM_SUFFIX attached $rimage = basename($matches[1]); $ralbum = trim(dirname($matches[1]), '/'); $path = internalToFilesystem(getAlbumFolder(SERVERPATH) . $ralbum); } } else { // have to figure it out if (Gallery::validImage($ralbum) || Gallery::validImageAlt($ralbum)) { // it is an image request $rimage = basename($ralbum); $ralbum = trim(dirname($ralbum), '/'); $path = internalToFilesystem(getAlbumFolder(SERVERPATH) . $ralbum); } } if (!is_dir($path)) { if ($suffix = isHandledAlbum($path)) { // it is a dynamic album sans suffix $ralbum .= '.' . $suffix; } } } if (empty($ralbum)) { unset($_GET[$albumvar]); } else { $_GET[$albumvar] = $ralbum; } if (empty($rimage)) { unset($_GET[$imagevar]); } else { $_GET[$imagevar] = $rimage; } } return array($ralbum, $rimage); }
/* handle posts */ if (isset($_GET['action'])) { if ($_GET['action'] == 'upload') { // Check for files. $files_empty = true; if (isset($_FILES['files'])) { foreach ($_FILES['files']['name'] as $name) { if (!empty($name)) { $files_empty = false; } } } $newAlbum = $_POST['existingfolder'] == 'false' || isset($_POST['newalbum']); // Make sure the folder exists. If not, create it. if (isset($_POST['processed']) && !empty($_POST['folder']) && ($newAlbum || !$files_empty)) { $folder = sanitize_path($_POST['folder']); $uploaddir = $gallery->albumdir . UTF8ToFilesystem($folder); if (!is_dir($uploaddir)) { mkdir($uploaddir, CHMOD_VALUE); } @chmod($uploaddir, CHMOD_VALUE); $album = new Album($gallery, $folder); if ($album->exists) { if (!isset($_POST['publishalbum'])) { $album->setShow(false); } $title = sanitize($_POST['albumtitle'], 2); if (!empty($title) && $newAlbum) { $album->setTitle($title); } $album->save();
<?php define('OFFSET_PATH', 1); require_once dirname(__FILE__) . '/admin-functions.php'; require_once dirname(__FILE__) . '/functions-image.php'; if (getOption('zenphoto_release') != ZENPHOTO_RELEASE) { header("Location: " . FULLWEBPATH . "/" . ZENFOLDER . "/setup.php"); exit; } $albumname = sanitize_path($_REQUEST['a']); $imagename = sanitize_path($_REQUEST['i']); // get full width and height $albumobj = new Album(new Gallery(), $albumname); $imageobj = newImage($albumobj, $imagename); $currentthumbimage = $imageobj->getThumb(); setOption('image_use_side', 'longest', false); $cropwidth = getOption("thumb_crop_width"); $cropheight = getOption("thumb_crop_height"); $imagepart = $imagename; if (isImagePhoto($imageobj)) { $width = $imageobj->getWidth(); $height = $imageobj->getHeight(); } else { $imgpath = $imageobj->getThumbImageFile(); if ($imageobj->objectsThumb == NULL) { $imagepart = makeSpecialImageName($imgpath); } else { $imagepart = basename($imgpath); } $timg = get_image($imgpath); $width = imagesx($timg);
/** * Handles saving updates from the product editor * * Saves all product related information which includes core product data * and supporting elements such as images, digital downloads, tags, * assigned categories, specs and pricing variations. * * @author Jonathan Davis * @since 1.0 * * @param Product $Product * @return void **/ public function save(ShoppProduct $Product) { check_admin_referer('shopp-save-product'); if (!current_user_can('shopp_products')) { wp_die(__('You do not have sufficient permissions to access this page.')); } ShoppSettings()->saveform(); // Save workflow setting $status = $Product->status; // Set publish date if ('publish' == $_POST['status']) { $publishing = isset($_POST['publish']) ? $_POST['publish'] : array(); $fields = array('month' => '', 'date' => '', 'year' => '', 'hour' => '', 'minute' => '', 'meridiem' => ''); $publishdate = join('', array_merge($fields, $publishing)); if (!empty($publishdate)) { $publish =& $_POST['publish']; if ($publish['meridiem'] == "PM" && $publish['hour'] < 12) { $publish['hour'] += 12; } $publish = mktime($publish['hour'], $publish['minute'], 0, $publish['month'], $publish['date'], $publish['year']); $Product->status = 'future'; unset($_POST['status']); } else { unset($_POST['publish']); // Auto set the publish date if not set (or more accurately, if set to an irrelevant timestamp) if ($Product->publish <= 86400) { $Product->publish = null; } } } else { unset($_POST['publish']); $Product->publish = 0; } // Set a unique product slug if (empty($Product->slug)) { $Product->slug = sanitize_title($_POST['name']); } $Product->slug = wp_unique_post_slug($Product->slug, $Product->id, $Product->status, ShoppProduct::posttype(), 0); $Product->featured = 'off'; if (isset($_POST['content'])) { $_POST['description'] = $_POST['content']; } $Product->updates($_POST, array('meta', 'categories', 'prices', 'tags')); do_action('shopp_pre_product_save'); $Product->save(); // Remove deleted images if (!empty($_POST['deleteImages'])) { $deletes = array(); if (strpos($_POST['deleteImages'], ",") !== false) { $deletes = explode(',', $_POST['deleteImages']); } else { $deletes = array($_POST['deleteImages']); } $Product->delete_images($deletes); } // Update image data if (!empty($_POST['images']) && is_array($_POST['images'])) { $Product->link_images($_POST['images']); $Product->save_imageorder($_POST['images']); if (!empty($_POST['imagedetails'])) { $Product->update_images($_POST['imagedetails']); } } // Update Prices if (!empty($_POST['price']) && is_array($_POST['price'])) { // Delete prices that were marked for removal if (!empty($_POST['deletePrices'])) { $deletes = array(); if (strpos($_POST['deletePrices'], ",")) { $deletes = explode(',', $_POST['deletePrices']); } else { $deletes = array($_POST['deletePrices']); } foreach ($deletes as $option) { $Price = new ShoppPrice($option); $Price->delete(); } } $Product->resum(); // Save prices that there are updates for foreach ($_POST['price'] as $i => $priceline) { if (empty($priceline['id'])) { $Price = new ShoppPrice(); $priceline['product'] = $Product->id; } else { $Price = new ShoppPrice($priceline['id']); } $priceline['sortorder'] = array_search($i, $_POST['sortorder']) + 1; $priceline['shipfee'] = Shopp::floatval($priceline['shipfee']); if (isset($priceline['recurring']['trialprice'])) { $priceline['recurring']['trialprice'] = Shopp::floatval($priceline['recurring']['trialprice']); } if ($Price->stock != $priceline['stocked']) { $priceline['stock'] = (int) $priceline['stocked']; do_action('shopp_stock_product', $priceline['stock'], $Price, $Price->stock, $Price->stocklevel); } else { unset($priceline['stocked']); } $Price->updates($priceline); $Price->save(); // Save 'price' meta records after saving the price record if (isset($priceline['dimensions']) && is_array($priceline['dimensions'])) { $priceline['dimensions'] = array_map(array('Shopp', 'floatval'), $priceline['dimensions']); } $settings = array('donation', 'recurring', 'membership', 'dimensions'); $priceline['settings'] = array(); foreach ($settings as $setting) { if (!isset($priceline[$setting])) { continue; } $priceline['settings'][$setting] = $priceline[$setting]; } if (!empty($priceline['settings'])) { shopp_set_meta($Price->id, 'price', 'settings', $priceline['settings']); } if (!empty($priceline['options'])) { shopp_set_meta($Price->id, 'price', 'options', $priceline['options']); } $Product->sumprice($Price); if (!empty($priceline['download'])) { $Price->attach_download($priceline['download']); } if (!empty($priceline['downloadpath'])) { // Attach file specified by URI/path if (!empty($Price->download->id) || empty($Price->download) && $Price->load_download()) { $File = $Price->download; } else { $File = new ProductDownload(); } $stored = false; $tmpfile = sanitize_path($priceline['downloadpath']); $File->storage = false; $Engine = $File->engine(); // Set engine from storage settings $File->parent = $Price->id; $File->context = "price"; $File->type = "download"; $File->name = !empty($priceline['downloadfile']) ? $priceline['downloadfile'] : basename($tmpfile); $File->filename = $File->name; if ($File->found($tmpfile)) { $File->uri = $tmpfile; $stored = true; } else { $stored = $File->store($tmpfile, 'file'); } if ($stored) { $File->readmeta(); $File->save(); } } // END attach file by path/uri } // END foreach() unset($Price); } // END if (!empty($_POST['price'])) $Product->load_sold($Product->id); // Refresh accurate product sales stats $Product->sumup(); // Update taxonomies after pricing summary is generated // Summary table entry is needed for ProductTaxonomy::recount() to // count properly based on aggregate product inventory, see #2968 foreach (get_object_taxonomies(Product::$posttype) as $taxonomy) { $tags = ''; $taxonomy_obj = get_taxonomy($taxonomy); if (isset($_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy])) { $tags = $_POST['tax_input'][$taxonomy]; if (is_array($tags)) { // array = hierarchical, string = non-hierarchical. $tags = array_filter($tags); } } if (current_user_can($taxonomy_obj->cap->assign_terms)) { wp_set_post_terms($Product->id, $tags, $taxonomy); } } // Ensure taxonomy counts are updated on status changes, see #2968 if ($status != $_POST['status']) { $Post = new StdClass(); $Post->ID = $Product->id; $Post->post_type = ShoppProduct::$posttype; wp_transition_post_status($_POST['status'], $Product->status, $Post); } if (!empty($_POST['meta']['options'])) { $_POST['meta']['options'] = stripslashes_deep($_POST['meta']['options']); } else { $_POST['meta']['options'] = false; } // No variation options at all, delete all variation-pricelines if (!empty($Product->prices) && is_array($Product->prices) && (empty($_POST['meta']['options']['v']) || empty($_POST['meta']['options']['a']))) { foreach ($Product->prices as $priceline) { // Skip if not tied to variation options if ($priceline->optionkey == 0) { continue; } if (empty($_POST['meta']['options']['v']) && $priceline->context == "variation" || empty($_POST['meta']['options']['a']) && $priceline->context == "addon") { $Price = new ShoppPrice($priceline->id); $Price->delete(); } } } // Handle product spec/detail data if (!empty($_POST['details']) || !empty($_POST['deletedSpecs'])) { // Delete specs queued for removal $ids = array(); $deletes = array(); if (!empty($_POST['deletedSpecs'])) { if (strpos($_POST['deleteImages'], ",") !== false) { $deletes = explode(',', $_POST['deleteImages']); } else { $deletes = array($_POST['deletedSpecs']); } $ids = db::escape($_POST['deletedSpecs']); $Spec = new Spec(); db::query("DELETE FROM {$Spec->_table} WHERE id IN ({$ids})"); } if (is_array($_POST['details'])) { foreach ($_POST['details'] as $i => $spec) { if (in_array($spec['id'], $deletes)) { continue; } if (isset($spec['new'])) { $Spec = new Spec(); $spec['id'] = ''; $spec['parent'] = $Product->id; } else { $Spec = new Spec($spec['id']); } $spec['sortorder'] = array_search($i, $_POST['details-sortorder']) + 1; $Spec->updates($spec); $Spec->save(); } } } // Save any meta data if (isset($_POST['meta']) && is_array($_POST['meta'])) { foreach ($_POST['meta'] as $name => $value) { if (isset($Product->meta[$name])) { $Meta = $Product->meta[$name]; if (is_array($Meta)) { $Meta = reset($Product->meta[$name]); } } else { $Meta = new ShoppMetaObject(array('parent' => $Product->id, 'context' => 'product', 'type' => 'meta', 'name' => $name)); } $Meta->parent = $Product->id; $Meta->name = $name; $Meta->value = $value; $Meta->save(); } } $Product->load_data(); // Reload data so everything is fresh for shopp_product_saved do_action_ref_array('shopp_product_saved', array(&$Product)); unset($Product); }
/** * Setup path related constants * * @author Jonathan Davis * @since 1.3 * * @return void **/ public function paths() { // This should only run once if (defined('SHOPP_PATH')) { return; } $filepath = dirname(ShoppLoader::basepath()) . "/Shopp.php"; $path = sanitize_path(dirname($filepath)); $file = basename($filepath); $directory = basename($path); // Paths define('SHOPP_PATH', $path); define('SHOPP_DIR', $directory); define('SHOPP_PLUGINFILE', "{$directory}/{$file}"); define('SHOPP_PLUGINURI', set_url_scheme(plugins_url() . "/{$directory}")); define('SHOPP_ADMIN_DIR', '/core/ui'); define('SHOPP_ADMIN_PATH', SHOPP_PATH . SHOPP_ADMIN_DIR); define('SHOPP_ADMIN_URI', SHOPP_PLUGINURI . SHOPP_ADMIN_DIR); define('SHOPP_ICONS_URI', SHOPP_ADMIN_URI . '/icons'); define('SHOPP_FLOW_PATH', SHOPP_PATH . '/core/flow'); define('SHOPP_MODEL_PATH', SHOPP_PATH . '/core/model'); define('SHOPP_GATEWAYS', SHOPP_PATH . '/gateways'); define('SHOPP_SHIPPING', SHOPP_PATH . '/shipping'); define('SHOPP_STORAGE', SHOPP_PATH . '/storage'); define('SHOPP_THEME_APIS', SHOPP_PATH . '/api/theme'); // @deprecated define('SHOPP_DBSCHEMA', SHOPP_PATH . '/core/schema/schema.sql'); }
echo "\n<h2>" . $clear . "</h2>"; $albums = $_zp_gallery->getAlbums(); shuffle($albums); foreach ($albums as $folder) { $album = new Album($gallery, $folder); if (!$album->isDynamic()) { $count = $count + loadAlbum($album); } } } echo "\n" . "<br />" . sprintf(gettext("Finished: Total of %u images."), $count); if (isset($_REQUEST['return'])) { if (isset($_POST['return'])) { $ret = sanitize_path($_POST['return']); } else { $ret = sanitize_path($_GET['return']); } if (substr($ret, 0, 1) == '*') { if (empty($ret) || $ret == '*.' || $ret == '*/') { $r = '/admin-edit.php?page=edit'; } else { $r = '/admin-edit.php?page=edit&album=' . urlencode(substr($ret, 1)) . '&tab=subalbuminfo'; } } else { $r = '/admin-edit.php?page=edit&album=' . urlencode($ret); } } else { $r = '/admin.php'; } ?> <p class="buttons">
$words = trim($search->words); $images = $search->getImages(0); foreach ($images as $image) { $folder = $image['folder']; $filename = $image['filename']; $imagelist[] = '/' . $folder . '/' . $filename; } $subalbums = $search->getAlbums(0); foreach ($subalbums as $folder) { getSubalbumImages($folder); } $albumname = trim($words); $albumname = str_replace('!', ' NOT ', $albumname); $albumname = str_replace('&', ' AND ', $albumname); $albumname = str_replace('|', ' OR ', $albumname); $albumname = sanitize_path($albumname); $albumname = seoFriendlyURL($albumname); $old = ''; while ($old != $albumname) { $old = $albumname; $albumname = str_replace('--', '-', $albumname); } ?> <form action="?savealbum" method="post"><input type="hidden" name="savealbum" value="yes" /> <table> <tr> <td><?php echo gettext("Album name:"); ?> </td>
/** * check_install * This checks folders + permissions, .php files and settings. */ function check_install() { global $config, $install_errors; // Error friendly messages $requirements_error = array('There is a problem regarding server requirements. This means that Chevereto can\'t run because of the following:', 'Please notice that this issue is because your server setup. If you want to run Chevereto please contact your hosting company or system admin regarding this report.'); $folder_error = array('There is a problem regarding folders. This means that Chevereto can\'t run because one or more folders required doesn\'t exists. The missing folders are:', 'Please double-check your current setup for the missing files.'); $admin_folder_error = array('There is a problem regarding the admin folder and Chevereto won\'t run because the admin folder doesn\'t exists.', 'Please double-check <code>$config[\'admin_folder\']</code> in the <code>includes/config.php</code> file.'); $htaccess = 'In some operating systems this files are hidden, therefore you can\'t upload them. You need to <a href="http://www.google.com/search?q=show+hidden+htaccess" target="_blank">show this file</a> and then upload it.'; $htaccess_error = array('Some <code>.htaccess</code> file(s) doesn\'t exists and the system can\'t create this files.', $htaccess); $root_htaccess_error = array('The <code>.htaccess</code> file doesn\'t exists in the Chevereto root directory. This file must be uploaded to run Chevereto.', $htaccess); $file_error = array(str_replace('folders', 'files', $folder_error[0]), str_replace('folders', 'files', $folder_error[1])); $permission_error = array('There is a problem regarding permissions. This means that Chevereto can\'t upload files because of the following:', 'Chevereto needs a way to write in this folders. You can do this by doing <a href="http://www.google.com/search?q=chmod+777" target="_blank">chmod 0777</a> on the above folders or use <a href="http://www.suphp.org/" target="_blank">suPHP</a> or <a href="http://httpd.apache.org/docs/current/suexec.html" target="_blank">suEXEC</a> on your server setup.'); $config_error = array('There is a problem regarding your config setup. This means that Chevereto won\'t run because the config is not valid:', 'Please double-check your settings in the <code>includes/config.php</code> file.'); $definitions_error = array('Please take note that you must edit the <code>definitions.php</code> file the first time that you install Chevereto.', 'Please double-check your definitions in the <code>includes/definitions.php</code> file.'); $theme_error = array('There is a problem regarding your current theme. This means that Chevereto won\'t run because <code>' . $config['theme'] . '</code> theme has missing files:', 'Please double-check the theme hierarchy.'); $theme_data_error = array('There is a problem regarding your current theme data. This means that Chevereto won\'t run because <code>' . $config['theme'] . '</code> theme has not valid theme data in <code>style.css</code> header comments:', 'Please double-check the <code>style.css</code> header comments and refer to the <a href="http://chevereto.com/docs#themes">theme documentation</a> page.'); $virtual_folder_error = array('There is a problem regarding your virtual folders setup:', 'Either you set different values for virtual folders in <code>includes/config.php</code> or you delete this directories.'); // Check for the server requirements if (!check_requirements()) { chevereto_die($install_errors, 'System error', $requirements_error); } // Check for the image folders $image_folders = array(__CHV_PATH_IMAGES__); if (!check_files_folders($image_folders, 'Directory')) { chevereto_die($install_errors, 'Folder error', $folder_error); } if (!check_permissions($image_folders)) { chevereto_die($install_errors, 'Permissions error', $permission_error); } // Check for virtual folders $virtual_folders = array(sanitize_path($config['virtual_folder_image']), sanitize_path($config['virtual_folder_uploaded'])); foreach ($virtual_folders as $folder) { if (file_exists(__CHV_ROOT_DIR__ . $folder)) { $install_errors[] = 'The directory <code>' . __CHV_RELATIVE_ROOT__ . $folder . '</code> must not exists'; } } if (count($install_errors) > 0) { chevereto_die($install_errors, 'Virtual folders error', $virtual_folder_error); } // Check for upload.php if (!file_exists(__CHV_ROOT_DIR__ . 'upload.php')) { chevereto_die('Can\'t find <code>upload.php</code>', 'Missing upload.php', $file_error); } // Check for the root .htaccess file if (!file_exists(__CHV_ROOT_DIR__ . '.htaccess')) { chevereto_die('', '.htaccess error', $root_htaccess_error); } // Admin folder if (!check_value($config["admin_folder"])) { $config["admin_folder"] = "admin"; } if (!file_exists(__CHV_PATH_ADMIN__)) { chevereto_die('', 'Admin folder doesn\'t exists', $admin_folder_error); } // Check for the other .htaccess files $htaccess_files = array(__CHV_PATH_IMAGES__, __CHV_PATH_INCLUDES__, __CHV_PATH_ADMIN_INCLUDES__); foreach ($htaccess_files as $dir) { if (!file_exists($dir . '.htaccess')) { switch ($dir) { case __CHV_PATH_IMAGES__: $rules = 'static'; break; case __CHV_PATH_INCLUDES__: case __CHV_PATH_ADMIN_INCLUDES__: $rules = 'deny'; break; } if (!htaccess($rules, $dir)) { $install_errors[] = 'Can\'t create <code>' . $dir . '.htaccess</code> file. Please upload the <code>.htaccess</code> file to the target dir'; } } } if (count($install_errors) > 0) { chevereto_die($install_errors, '.htaccess error', $htaccess_error); } // Files check $include_files = array('chevereto.php', 'uploader.php', 'shorturl.php', 'definitions.php', 'template.functions.php'); $classes_files = array('class.handler.php', 'class.db.php', 'class.upload.php', 'class.filelist.php', 'class.imageresize.php', 'class.imageconvert.php', 'class.minify.php', 'class.shorturl.php'); $system_files = array('login.php', 'error.php', 'style.css', 'img/chevereto.png', 'img/logo.png', 'img/ico-warn.png', 'img/background.png', 'img/bkg-content.png'); $system_files_minify = array('style.css'); $system_files = array_merge_minified($system_files, $system_files_minify); $system_js_files = array('uploadify.swf', 'ZeroClipboard.swf', 'pref.php'); $system_js_files_minify = array('jquery.js', 'chevereto.js', 'functions.js', 'jquery.uploadify-3.1_chevereto.js'); $system_js_files = array_merge_minified($system_js_files, $system_js_files_minify); // Admin files $admin_classes_files = array('class.adminhandler.php', 'class.manage.php'); $admin_system_files = array('header.php', 'filemanager.php'); $admin_system_files_minify = array('style.css', 'js/admin.js'); $admin_system_files = array_merge_minified($admin_system_files, $admin_system_files_minify); foreach ($include_files as $key => $value) { $include_files[$key] = __CHV_PATH_INCLUDES__ . $value; } foreach ($classes_files as $key => $value) { $classes_files[$key] = __CHV_PATH_CLASSES__ . $value; } foreach ($system_files as $key => $value) { $system_files[$key] = __CHV_PATH_SYSTEM__ . $value; } foreach ($system_js_files as $key => $value) { $system_js_files[$key] = __CHV_PATH_SYSTEM_JS__ . $value; } foreach ($admin_classes_files as $key => $value) { $admin_classes_files[$key] = __CHV_PATH_ADMIN_CLASSES__ . $value; } foreach ($admin_system_files as $key => $value) { $admin_system_files[$key] = __CHV_PATH_ADMIN_SYSTEM__ . $value; } /*** The complete file check array ***/ $check_files = array('Includes' => $include_files, 'Classes' => $classes_files, 'System Files' => array_merge($system_files, $system_js_files), 'Admin .htaccess' => array(__CHV_PATH_ADMIN_INCLUDES__ . '.htaccess'), 'Admin Classes' => $admin_classes_files, 'Admin System' => $admin_system_files); foreach ($check_files as $key => $value) { check_files_folders($value, 'File'); } if (count($install_errors) > 0) { chevereto_die($install_errors, 'Setup error', $file_error); } if (!check_config()) { chevereto_die($install_errors, 'Config error', $config_error); } if (!check_definitions()) { chevereto_die($install_errors, 'Please change definitions.php', $definitions_error); } if (!check_theme()) { chevereto_die($install_errors, 'Theme error', $theme_error); } if (!check_theme_data()) { chevereto_die($install_errors, 'Theme data error', $theme_data_error); } }
function verify ($uri) { if (!$this->handles('download')) return $uri; $this->context('download'); $path = trailingslashit(sanitize_path($this->path)); $url = $path.$uri; if (!file_exists($url)) die('NULL'); if (is_dir($url)) die('ISDIR'); if (!is_readable($url)) die('READ'); die('OK'); }
function Ecart () { if (WP_DEBUG) { $this->_debug = new StdClass(); if (function_exists('memory_get_peak_usage')) $this->_debug->memory = memory_get_peak_usage(true); if (function_exists('memory_get_usage')) $this->_debug->memory = memory_get_usage(true); } // Determine system and URI paths $this->path = sanitize_path(dirname(__FILE__)); $this->file = basename(__FILE__); $this->directory = basename($this->path); $languages_path = array($this->directory,'lang'); load_plugin_textdomain('Ecart',false,sanitize_path(join('/',$languages_path))); $this->uri = get_template_directory_uri()."/core/".$this->directory; $this->siteurl = get_bloginfo('url'); $this->wpadminurl = admin_url(); if ($this->secure = is_ecart_secure()) { $this->uri = str_replace('http://','https://',$this->uri); $this->siteurl = str_replace('http://','https://',$this->siteurl); $this->wpadminurl = str_replace('http://','https://',$this->wpadminurl); } // Initialize settings & macros $this->Settings = new Settings(); if (!defined('BR')) define('BR','<br />'); // Overrideable macros if (!defined('ECART_NOSSL')) define('ECART_NOSSL',false); if (!defined('ECART_PREPAYMENT_DOWNLOADS')) define('ECART_PREPAYMENT_DOWNLOADS',false); if (!defined('ECART_SESSION_TIMEOUT')) define('ECART_SESSION_TIMEOUT',7200); if (!defined('ECART_QUERY_DEBUG')) define('ECART_QUERY_DEBUG',false); if (!defined('ECART_GATEWAY_TIMEOUT')) define('ECART_GATEWAY_TIMEOUT',10); if (!defined('ECART_SHIPPING_TIMEOUT')) define('ECART_SHIPPING_TIMEOUT',10); if (!defined('ECART_TEMP_PATH')) define('ECART_TEMP_PATH',sys_get_temp_dir()); // Settings & Paths define("ECART_DEBUG",($this->Settings->get('error_logging') == 2048)); define("ECART_PATH",$this->path); define("ECART_PLUGINURI",$this->uri); define("ECART_PLUGINFILE",$this->directory."/".$this->file); define("ECART_ADMIN_DIR","/core/ui"); define("ECART_ADMIN_PATH",ECART_PATH.ECART_ADMIN_DIR); define("ECART_ADMIN_URI",ECART_PLUGINURI.ECART_ADMIN_DIR); define("ECART_FLOW_PATH",ECART_PATH."/core/flow"); define("ECART_MODEL_PATH",ECART_PATH."/core/model"); define("ECART_GATEWAYS",ECART_PATH."/gateways"); define("ECART_SHIPPING",ECART_PATH."/shipping"); define("ECART_STORAGE",ECART_PATH."/storage"); define("ECART_DBSCHEMA",ECART_MODEL_PATH."/schema.sql"); define("ECART_TEMPLATES",($this->Settings->get('theme_templates') != "off" && is_dir(sanitize_path(get_stylesheet_directory().'/ecart')))? sanitize_path(get_stylesheet_directory().'/ecart'): ECART_PATH.'/'."templates"); define("ECART_TEMPLATES_URI",($this->Settings->get('theme_templates') != "off" && is_dir(sanitize_path(get_stylesheet_directory().'/ecart')))? sanitize_path(get_bloginfo('stylesheet_directory')."/ecart"): ECART_PLUGINURI."/templates"); define("ECART_PRETTYURLS",(get_option('permalink_structure') == "")?false:true); define("ECART_PERMALINKS",ECART_PRETTYURLS); // Deprecated // Initialize application control processing $this->Flow = new Flow(); $this->Shopping = new Shopping(); add_action('init', array(&$this,'init')); // Plugin management add_action('after_plugin_row_'.ECART_PLUGINFILE, array(&$this, 'status'),10,2); add_action('install_plugins_pre_plugin-information', array(&$this, 'changelog')); add_action('ecart_check_updates', array(&$this, 'updates')); add_action('ecart_init',array(&$this, 'loaded')); // Theme integration add_action('widgets_init', array(&$this, 'widgets')); add_filter('wp_list_pages',array(&$this,'secure_links')); add_filter('rewrite_rules_array',array(&$this,'rewrites')); add_action('admin_head-options-reading.php',array(&$this,'pages_index')); add_action('generate_rewrite_rules',array(&$this,'pages_index')); add_action('save_post', array(&$this, 'pages_index'),10,2); add_action('ecart_reindex_pages', array(&$this, 'pages_index')); add_filter('query_vars', array(&$this,'queryvars')); if (!wp_next_scheduled('ecart_check_updates')) wp_schedule_event(time(),'twicedaily','ecart_check_updates'); }
$alb = urldecode(sanitize_path($_REQUEST['themealbum'])); $album = newAlbum($alb); $albumtitle = $album->getTitle(); $themename = $album->getAlbumTheme(); } if (!empty($_REQUEST['optiontheme'])) { $themename = sanitize($_REQUEST['optiontheme']); } if (empty($alb)) { foreach ($themelist as $albumtitle => $alb) { break; } if (empty($alb)) { $album = NULL; } else { $alb = sanitize_path($alb); $album = newAlbum($alb); $albumtitle = $album->getTitle(); $themename = $album->getAlbumTheme(); } } if (!(false === ($requirePath = getPlugin('themeoptions.php', $themename)))) { require_once $requirePath; $optionHandler = new ThemeOptions(); $supportedOptions = $optionHandler->getOptionsSupported(); if (method_exists($optionHandler, 'getOptionsDisabled')) { $unsupportedOptions = $optionHandler->getOptionsDisabled(); } else { $unsupportedOptions = array(); } } else {
/** * Returns the URI for a template file * * @author Jonathan Davis * @since 1.2 * * @param string $name The name of the template file * @return string The URL for the template file **/ public static function template_url($name) { $themepath = get_stylesheet_directory(); $themeuri = get_stylesheet_directory_uri(); $builtin = SHOPP_PLUGINURI . '/templates'; $template = rtrim(Shopp::template_prefix(''), '/'); $path = "{$themepath}/{$template}"; if ('off' != shopp_setting('theme_templates') && is_dir(sanitize_path($path))) { $url = "{$themeuri}/{$template}/{$name}"; } else { $url = "{$builtin}/{$name}"; } return sanitize_path($url); }
/** * Output a default image when the requested image is not found * * @since 1.1 * @return void **/ function error () { header("HTTP/1.1 404 Not Found"); $notfound = sanitize_path(dirname(__FILE__)).'/ui/icons/notfound.png'; if (defined('ECART_NOTFOUND_IMAGE') && file_exists(ECART_NOTFOUND_IMAGE)) $notfound = ECART_NOTFOUND_IMAGE; if (!file_exists($notfound)) die('<h1>404 Not Found</h1>'); else { header("Cache-Control: no-cache, must-revalidate"); header("Content-type: image/png"); header("Content-Disposition: inline; filename=".basename($notfound).""); header("Content-Description: Delivered by WordPress/Ecart Image Server"); header("Content-length: ".@strlen($notfound)); @readfile($notfound); } die(); }
uidir = '<?php echo ECART_ADMIN_URI; ?>', siteurl = '<?php echo $Ecart->siteurl; ?>', adminurl = '<?php echo $Ecart->wpadminurl; ?>', ajaxurl = adminurl+'admin-ajax.php', addcategory_url = '<?php echo wp_nonce_url($Ecart->wpadminurl."admin-ajax.php", "ecart-ajax_add_category"); ?>', editslug_url = '<?php echo wp_nonce_url($Ecart->wpadminurl."admin-ajax.php", "wp_ajax_ecart_edit_slug"); ?>', fileverify_url = '<?php echo wp_nonce_url($Ecart->wpadminurl."admin-ajax.php", "ecart-ajax_verify_file"); ?>', adminpage = '<?php echo $this->Admin->pagename('categories'); ?>', request = <?php echo json_encode(stripslashes_deep($_GET)); ?>, worklist = <?php echo json_encode($this->categories(true)); ?>, filesizeLimit = <?php echo wp_max_upload_size(); ?>, priceTypes = <?php echo json_encode($priceTypes) ?>, weightUnit = '<?php echo $this->Settings->get('weight_unit'); ?>', dimensionsRequired = <?php echo $Ecart->Shipping->dimensions?'true':'false'; ?>, storage = '<?php echo $this->Settings->get('product_storage'); ?>', productspath = '<?php /* realpath needed for relative paths */ chdir(WP_CONTENT_DIR); echo addslashes(trailingslashit(sanitize_path(realpath($this->Settings->get('products_path'))))); ?>', imageupload_debug = <?php echo (defined('ECART_IMAGEUPLOAD_DEBUG') && ECART_IMAGEUPLOAD_DEBUG)?'true':'false'; ?>, fileupload_debug = <?php echo (defined('ECART_FILEUPLOAD_DEBUG') && ECART_FILEUPLOAD_DEBUG)?'true':'false'; ?>, // Warning/Error Dialogs DELETE_IMAGE_WARNING = "<?php _e('Are you sure you want to delete this category image?','Ecart'); ?>", SERVER_COMM_ERROR = "<?php _e('There was an error communicating with the server.','Ecart'); ?>", // Translatable dynamic interface labels NEW_DETAIL_DEFAULT = "<?php _e('Detail Name','Ecart'); ?>", NEW_OPTION_DEFAULT = "<?php _e('New Option','Ecart'); ?>", FACETED_DISABLED = "<?php _e('Faceted menu disabled','Ecart'); ?>", FACETED_AUTO = "<?php _e('Build faceted menu automatically','Ecart'); ?>", FACETED_RANGES = "<?php _e('Build as custom number ranges','Ecart'); ?>", FACETED_CUSTOM = "<?php _e('Build from preset options','Ecart'); ?>", ADD_IMAGE_BUTTON_TEXT = "<?php _e('Add New Image','Ecart'); ?>",