function plugins_front()
{
$this->plugins_array = $this->log_array = $this->keys_array = $this->objects_array = array();
$this->site_index = tep_create_safe_string(tep_get_site_path(), '_', "/[^0-9a-z\\-_]+/i");
$this->ajax_prefix = PLUGINS_AJAX_PREFIX;
$this->enumerate();
}
function plugins_admin()
{
require_once DIR_FS_CLASSES . 'plugins_base.php';
$this->site_index = tep_create_safe_string(tep_get_site_path(), '_', "/[^0-9a-z\\-_]+/i");
$this->prefix = PLUGINS_ADMIN_PREFIX;
$this->ajax_prefix = PLUGINS_AJAX_PREFIX;
$this->plugins_array = $this->keys_array = $this->objects_array = array();
$this->enumerate();
}
function create_safe_string($string, $separator = SEO_DEFAULT_WORDS_SEPARATOR, $flat = false)
{
if ($flat) {
$string = tep_create_safe_string(strtolower($string), $separator, "/[^0-9a-z]+/i");
} else {
$string = tep_create_safe_string(strtolower($string), $separator, "/[^0-9a-z\\/]+/i");
}
return $string;
}
function plugins_base()
{
extract(tep_load('languages'));
$this->scripts_array = $this->strings_array = array();
$this->site_index = tep_create_safe_string(tep_get_site_path(), '_', "/[^0-9a-z\\-_]+/i");
$this->key = get_class($this);
$key_path = tep_trail_path($this->key);
$this->web_path = DIR_WS_PLUGINS . $key_path;
$this->fs_path = DIR_FS_PLUGINS . $key_path;
$this->web_template_path = DIR_WS_TEMPLATE . $key_path;
$this->fs_template_path = DIR_FS_TEMPLATE . $key_path;
$this->fs_language_path = DIR_FS_STRINGS . tep_trail_path($lng->path) . $key_path;
$this->active = $this->scripts_check();
}
function create_safe_string($string, $separator = SEO_DEFAULT_WORDS_SEPARATOR)
{
$string = tep_create_safe_string(strtolower($string), $separator, "/[^0-9a-z\\-_]+/i");
if (SEO_DEFAULT_WORD_LENGTH > 1) {
$words_array = explode($separator, $string);
if (is_array($words_array)) {
for ($i = 0, $j = count($words_array); $i < $j; $i++) {
if (strlen($words_array[$i]) < SEO_DEFAULT_WORD_LENGTH) {
unset($words_array[$i]);
}
}
if (count($words_array)) {
$string = implode($separator, $words_array);
}
}
}
return $string;
}
function set_posted_template($load = true)
{
if (!isset($this->options_array['template'])) {
$this->options_array['template'] = 'stock';
}
$template = $this->options_array['template'];
if (isset($_POST['template'])) {
$template = tep_create_safe_string($_POST['template'], '_', "/[^0-9a-z\\-_\\/]+/i");
$this->options_array['template'] = $template;
}
if (!$load) {
return $template;
}
$this->load_template_files($template);
$options = $this->load_options();
$options['template'] = $template;
$this->save_options($options);
return $template;
}
tep_redirect(tep_href_link($g_script, tep_get_all_get_params('action') . 'action=new_template'));
}
$action = 'new_template';
break;
case 'template_download':
if (empty($tID)) {
$messageStack->add_session(ERROR_TEMPLATE_INVALID);
tep_redirect(tep_href_link($g_script, tep_get_all_get_params('action', 'tID')));
}
$template_query = $g_db->query("select template_title, template_content from " . TABLE_TEMPLATES . " where template_id = '" . (int) $tID . "'");
if (!$g_db->num_rows($template_query)) {
$messageStack->add_session(ERROR_TEMPLATE_INVALID);
tep_redirect(tep_href_link($g_script, tep_get_all_get_params('action', 'tID')));
}
$template_array = $g_db->fetch_array($template_query);
$filename = tep_create_safe_string(strtolower($template_array['template_title']), '-') . '.html';
header('Content-type: application/x-octet-stream');
header('Content-disposition: attachment; filename=' . $filename);
echo $template_array['template_content'];
$g_session->close();
break;
default:
break;
}
require DIR_FS_OBJECTS . 'html_start_sub1.php';
require DIR_FS_OBJECTS . 'html_start_sub2.php';
if ($action == 'new_template') {
$parameters = array('template_id' => '', 'group_id' => TEMPLATE_SYSTEM_GROUP, 'template_title' => '', 'template_subject' => '', 'template_content' => $template_content);
$tInfo = new objectInfo($parameters);
$groups_query = "select group_id as id, group_title as text from " . TABLE_TEMPLATES_GROUPS . " order by group_title";
$groups_array = $g_db->query_to_array($groups_query);
</div>
<div class="comboHeading">
<div><?php
echo TEXT_INFO_UPDATE;
?>
</div>
</div>
<div class="formArea"><?php
echo tep_draw_form('seo_types', $g_script, 'action=update', 'post');
?>
<table width="100%" cellspacing="0" cellpadding="0">
<?php
$count = 0;
foreach ($sites_array as $filename) {
$name = substr(basename($filename), strlen($multi_prefix), -4);
$name = strtolower(tep_create_safe_string($name, '_', $multi_filter));
require $filename;
$count++;
$site_string = tep_draw_checkbox_field('mark[' . $name . ']', 1, false, 'id="label_site_' . $count . '" title="' . sprintf(TEXT_INFO_MARK, $name) . '"');
$site_string .= '<label style="font-size: 14px;" class="lpad" for="label_site_' . $count . '">' . $count . '. ' . TEXT_SITE . ' ' . $name . '</label>';
$buttons = array('<a href="' . tep_href_link($g_script, 'site=' . $name . '&action=restart') . '">' . tep_image(DIR_WS_ICONS . 'icon_restart.png', TEXT_RESTART_USING . ' ' . basename($filename)) . '</a>', '<a href="' . tep_href_link($g_script, 'site=' . $name . '&action=delete') . '">' . tep_image(DIR_WS_ICONS . 'icon_delete.png', TEXT_DELETE_CONFIG . ' ' . basename($filename)) . '</a>');
?>
<tr class="dataTableRow">
<td><fieldset><legend><?php
echo $site_string;
?>
</legend><table class="tabledata">
<tr class="dataTableHeadingRow">
<th><?php
echo TABLE_HEADING_MULTI_NAME;
?>
function create_safe_string($string)
{
$string = tep_create_safe_string(strtolower($string), '-', "/[^0-9a-z\\/\\-.]+/i");
return $string;
}
function process_options()
{
extract(tep_load('defs', 'database', 'message_stack'));
$cStrings =& $this->strings;
$remove_flag = $error = false;
// Load existing options
$options_array = $this->load_options();
$front_popup_remove = isset($_GET['front_popup_remove']) ? $db->prepare_input($_GET['front_popup_remove']) : '';
$back_popup_remove = isset($_GET['back_popup_remove']) ? $db->prepare_input($_GET['back_popup_remove']) : '';
if (isset($options_array['front_scripts']) && !empty($front_popup_remove)) {
unset($options_array['front_scripts'][$front_popup_remove]);
$remove_flag = true;
}
if (isset($options_array['back_scripts']) && !empty($back_popup_remove)) {
unset($options_array['back_scripts'][$back_popup_remove]);
$remove_flag = true;
}
if ($remove_flag) {
// Store user options
$this->save_options($options_array);
$msg->add_session(sprintf($cStrings->SUCCESS_PLUGIN_RECONFIGURED, $this->title), 'success');
tep_redirect(tep_href_link($cDefs->script, tep_get_all_get_params('action', 'front_popup_remove', 'back_popup_remove') . 'action=set_options'));
}
$front_common_selector = isset($_POST['front_common_selector']) && !empty($_POST['front_common_selector']) ? $db->prepare_input($_POST['front_common_selector']) : $this->front_common_selector;
$back_common_selector = isset($_POST['back_common_selector']) && !empty($_POST['back_common_selector']) ? $db->prepare_input($_POST['back_common_selector']) : $this->back_common_selector;
// Prepare the options array for storage
$options_array = array('front_all' => isset($_POST['front_all']) ? true : false, 'back_all' => isset($_POST['back_all']) ? true : false, 'front_scripts' => isset($options_array['front_scripts']) ? $options_array['front_scripts'] : array(), 'back_scripts' => isset($options_array['back_scripts']) ? $options_array['back_scripts'] : array(), 'front_common_selector' => $front_common_selector, 'back_common_selector' => $back_common_selector);
$filter = "/[^0-9a-z\\#\\-_\\.\\s]+/i";
if (isset($_POST['script_entry']) && !empty($_POST['script_entry'])) {
$key = $db->prepare_input($_POST['script_entry']);
$selector = tep_create_safe_string($_POST['script_selector'], '', $filter);
if (empty($selector)) {
$selector = $this->front_common_selector;
$msg->add_session(sprintf($cStrings->WARNING_PLUGIN_SELECTOR_EMPTY, $key), 'warning');
}
$options_array['front_scripts'][$key] = $selector;
}
if (isset($_POST['admin_entry']) && !empty($_POST['admin_entry'])) {
$key = $db->prepare_input($_POST['admin_entry']);
$selector = tep_create_safe_string($_POST['admin_selector'], '', $filter);
if (empty($selector)) {
$selector = $this->front_common_selector;
$msg->add_session(sprintf($cStrings->WARNING_PLUGIN_SELECTOR_EMPTY, $key), 'warning');
}
$options_array['back_scripts'][$key] = $selector;
}
// Store user options
$this->save_options($options_array);
if (!$error) {
$msg->add_session(sprintf($cStrings->SUCCESS_PLUGIN_RECONFIGURED, $this->title), 'success');
}
tep_redirect(tep_href_link($cDefs->script, tep_get_all_get_params('action', 'front_popup_remove', 'back_popup_remove') . 'action=set_options'));
}
return $string;
}
//-MS- safe string added EOM
$check = rawurldecode($_SERVER['REQUEST_URI']);
if (strpos($check, '<') !== false || strpos($check, '>') !== false) {
require 'die.php';
exit;
}
if (strpos($check, '(') !== false || strpos($check, ')') !== false) {
require 'die.php';
exit;
}
// include server parameters
if (!file_exists('includes/configure.php')) {
require 'die.php';
exit;
}
require 'includes/configure.php';
$check = basename($check);
$location = HTTP_SERVER . DIR_WS_HTTP_CATALOG;
$length = strlen($terminator);
if (strlen($check) > strlen($terminator) && substr($check, -$length) != $terminator) {
$check = tep_create_safe_string($check);
if (!empty($check)) {
$check .= $terminator;
}
$location .= $check;
}
header("HTTP/1.1 301");
header("Location: " . $location);
exit;
$result = tep_write_contents($current_path_file, $g_db->prepare_input($_POST['file_contents']));
if (!$result) {
$messageStack->add_session(WARNING_FILE_LENGTH, 'warning');
}
tep_redirect(tep_href_link($g_script, tep_get_all_get_params('action')));
break;
case 'processuploads':
for ($i = 1; $i < 6; $i++) {
if (isset($GLOBALS['file_' . $i]) && tep_not_null($GLOBALS['file_' . $i])) {
new upload('file_' . $i, $current_path);
}
}
tep_redirect(tep_href_link($g_script));
break;
case 'download':
$filename = tep_create_safe_string(basename($_GET['filename']), '', "/[^0-9a-z_\\-\\.]+/i");
if (!empty($filename) && is_file($current_path . '/' . $filename)) {
header('Content-type: application/x-octet-stream');
header('Content-disposition: attachment; filename=' . $filename);
readfile($current_path . '/' . $filename);
}
$g_session->close();
break;
case 'upload':
case 'new_folder':
case 'new_file':
break;
case 'edit':
break;
case 'delete':
break;
/**
* Given a body string and an encoding type,
* this function will decode and return it.
*
* @param string Input body to decode
* @param string Encoding type to use.
* @return string Decoded body
* @access private
*/
function _decodeBody($input, $encoding = '7bit', $params = array())
{
$result = $input;
switch ($encoding) {
case '7bit':
break;
case '8bit':
$result = imap_8bit($result);
$result = $this->_quotedPrintableDecode($result);
break;
case 'quoted-printable':
$result = $this->_quotedPrintableDecode($input);
break;
case 'base64':
$result = base64_decode($input);
break;
}
if (isset($params['charset']) && strtoupper($params['charset']) != CHARSET) {
$charset = strtoupper($params['charset']);
$charset = tep_create_safe_string($charset, '', "/[^0-9a-z\\-_\\/]+/i");
$pos = strpos($charset, 'ISO-');
if ($pos) {
$charset = substr($charset, $pos);
}
$pos = strpos($charset, 'UTF-');
if ($pos) {
$charset = substr($charset, $pos);
}
$result = iconv($charset, CHARSET . '//IGNORE//TRANSLIT', $result);
}
// $result = utf8_encode($result);
return $result;
}
extract(tep_load('email'));
$text = strip_tags($body);
//$images_path = tep_front_physical_path(DIR_WS_CATALOG_IMAGES);
//$cEmail->add_html($body, $text, $images_path);
$cEmail->add_html($body, $text);
if (isset($_FILES['attach_file']) && is_array($_FILES['attach_file']) && isset($_FILES['attach_file']['name']) && is_array($_FILES['attach_file']['name'])) {
foreach ($_FILES['attach_file']['name'] as $key => $file) {
if (empty($file)) {
continue;
}
$check = $_FILES['attach_file']['error'][$key];
if ($check != UPLOAD_ERR_OK) {
$messageStack->add_session(sprintf(ERROR_FILE_UPLOAD, $file));
continue;
}
$name = tep_create_safe_string(strtolower(basename($file)), '-', "/[^0-9a-z\\/\\-.]+/i");
$tmp_file = $_FILES['attach_file']['tmp_name'][$key];
$fp = fopen($tmp_file, "r");
if ($fp) {
$attachment = fread($fp, filesize($tmp_file));
$attach_array = array('attachment' => $attachment, 'name' => $name, 'type' => 'application/octet-stream');
fclose($fp);
move_uploaded_file($tmp_file, DIR_FS_ADMIN . HELPDESK_ATTACHMENTS_FOLDER . $name);
$sql_data_array = array('helpdesk_entries_id' => (int) $he_id, 'attachment' => $name);
$g_db->perform(TABLE_HELPDESK_ATTACHMENTS, $sql_data_array);
//@unlink($file);
$cEmail->add_attachment($attach_array['attachment'], $attach_array['name'], $attach_array['type']);
$messageStack->add_session(sprintf(SUCCESS_FILE_ATTACH, $name), 'success');
}
}
}
<?php
/*
//----------------------------------------------------------------------------
// Copyright (c) 2006-2010 Asymmetric Software. Innovation & Excellence.
// Author: Mark Samios
// http://www.asymmetrics.com
//----------------------------------------------------------------------------
// Admin: Ajax callback modules handler/switch do not call it directly
//----------------------------------------------------------------------------
// I-Metrics CMS
//----------------------------------------------------------------------------
// Script is intended to be used with:
// osCommerce, Open Source E-Commerce Solutions
// http://www.oscommerce.com
// Copyright (c) 2003 osCommerce
------------------------------------------------------------------------------
// Released under the GNU General Public License
//----------------------------------------------------------------------------
//
*/
require 'includes/application_top.php';
$module = isset($_POST['module']) ? $g_db->prepare_input($_POST['module'], true) : '';
$module = tep_create_safe_string($module, '', "[^0-9a-z\\-_]");
$file_module = 'js_' . $module . '.php';
if (!empty($module) && is_file(DIR_FS_MODULES . $file_module)) {
require DIR_FS_MODULES . $file_module;
} else {
echo 'invalid module request ' . $module;
}
require DIR_FS_INCLUDES . 'application_bottom.php';
function get_help()
{
extract(tep_load('sessions'));
$help = isset($_GET['ajax']) && !empty($_GET['ajax']) ? $_GET['ajax'] : '';
if (empty($help)) {
$file = $this->admin_path . 'back/help_default.html';
} else {
$help = tep_create_safe_string($help, '', "[^0-9a-z\\-_]");
$file = $this->admin_path . 'back/help_' . $help . '.html';
}
if (!is_file($file)) {
return false;
}
$contents = '';
$result = tep_read_contents($file, $contents);
if (!$result) {
return false;
}
echo '<div>' . $contents . '</div>';
$cSessions->close();
return true;
}
function help_desk_parsepart($p, $i, $link, $msgid, &$partsarray, &$attachments_array)
{
//global $link, $msgid,$partsarray;
//where to write file attachments to:
$filestore = DIR_FS_ADMIN . HELPDESK_ATTACHMENTS_FOLDER;
//fetch part
$part = imap_fetchbody($link, $msgid, $i);
//if type is not text
if ($p->type != 0 || $p->type == 0 && isset($p->disposition)) {
//if ($p->type != 0 ) {
//DECODE PART
switch ($p->encoding) {
case 3:
//decode if base64
$part = base64_decode($part);
break;
case 4:
//decode if quoted printable
$part = quoted_printable_decode($part);
break;
default:
//no need to decode binary or 8bit!
break;
}
//get filename of attachment if present
$filename = '';
// if there are any dparameters present in this part
if (isset($p->dparameters) && is_array($p->dparameters) && count($p->dparameters) > 0) {
foreach ($p->dparameters as $dparam) {
if (strtoupper($dparam->attribute) == 'NAME' || strtoupper($dparam->attribute) == 'FILENAME') {
$filename = $dparam->value;
}
}
}
//if no filename found
if ($filename == '') {
// if there are any parameters present in this part
if (isset($p->parameters) && is_array($p->parameters) && count($p->parameters) > 0) {
foreach ($p->parameters as $param) {
if (strtoupper($param->attribute) == 'NAME' || strtoupper($param->attribute) == 'FILENAME') {
$filename = $param->value;
}
}
}
}
//write to disk and set partsarray variable
if ($filename != '') {
$filename = helpdesk_decode_string($filename);
$filename = basename(strtolower($filename));
$filename = tep_create_safe_string($filename, '-', '/[^0-9a-z_\\-\\.]+/');
if (strlen($filename) < 5) {
$filename = tep_create_random_value(32, 'mixed_lower');
}
$partsarray[$i]['attachment'] = array('filename' => $filename, 'binary' => $part);
$index = 0;
$org_filename = $filename;
while (is_file($filestore . $filename)) {
$index++;
$filename = 'copy' . $index . '-' . $org_filename;
}
$fp = fopen($filestore . $filename, "w+");
if (!$fp) {
echo '<div class="messageStackError">' . sprintf(ERROR_WRITE_ATTACHMENT, $filestore) . '</div>';
} else {
echo '<div class="linepad heavy">' . sprintf(TEXT_INFO_ATTACHMENT_WRITE, $filestore . $filename) . '</div>';
fwrite($fp, $part);
fclose($fp);
if (!in_array($filename, $attachments_array)) {
$attachments_array[] = $filename;
}
}
}
//end if type!=0
//elseif part is text
} elseif ($p->type == 0) {
//decode text
//if QUOTED-PRINTABLE
if ($p->encoding == 4) {
$part = quoted_printable_decode($part);
}
//if base 64
if ($p->encoding == 3) {
$part = base64_decode($part);
}
//OPTIONAL PROCESSING e.g. nl2br for plain text
//if plain text
if (strtoupper($p->subtype) == 'PLAIN') {
1;
//if HTML
} elseif (strtoupper($p->subtype) == 'HTML') {
1;
}
$partsarray[$i]['text'] = array('type' => $p->subtype, 'string' => $part);
}
//if subparts... recurse into function and parse them too!
if (isset($p->parts) && count($p->parts) > 0) {
foreach ($p->parts as $pno => $parr) {
help_desk_parsepart($parr, $i . '.' . ($pno + 1), $link, $msgid, $partsarray, $attachments_array);
}
}
return;
}
function tep_validate_url(&$url)
{
$result = false;
$url = tep_create_safe_string($url, '', "/[^0-9a-z_\\-\\.\\/\\:]+/i");
if (empty($url)) {
return $result;
}
$url_array = parse_url($url);
if (is_array($url_array) && isset($url_array['host']) && strpos($url_array['host'], '.')) {
$url = (isset($url_array['scheme']) ? $url_array['scheme'] . '://' : '') . (isset($url_array['host']) ? $url_array['host'] : '') . (isset($url_array['path']) ? $url_array['path'] : '') . (isset($url_array['query']) ? '?' . $url_array['query'] : '');
} else {
$url = '';
}
return !empty($url);
}
