public function execute() { $path = rtrim(waRequest::get('path'), ' /'); $path = wa()->getDataPath($path, true, null, false); $file = waRequest::get('file'); $path .= '/' . $file; if (file_exists($path) && is_file($path) && !in_array(waFiles::extension($path, array('php', 'phtml')))) { waFiles::readFile($path, $file); } else { throw new waException("File not found", 404); } }
public function execute() { $p = $path = rtrim(waRequest::post('path'), ' /'); if ($file = waRequest::post('file')) { $path .= '/' . $file; } $path = wa()->getDataPath($path, true, null, false); $name = trim(waRequest::post('name')); $name = preg_replace('!\\.\\.[/\\\\]!', '', $name); if ($file) { $name_ext = waFiles::extension($name); if ($name_ext != waFiles::extension($file) || !$name_ext) { if (strpos(strtolower($name), '.php') !== false) { if ($name_ext != 'php') { $name_ext = 'php'; } } if (in_array($name_ext, array('php', 'phtml'))) { $this->errors = sprintf(_w("Files with extension .%s are not allowed to security considerations."), $name_ext); return; } } } if (file_exists($path) && strlen($name)) { if (!is_writable(dirname($path))) { $this->errors = sprintf(_w("Folder or file could not bet renamed due to the insufficient file write permissions for the %s folder."), $p); } elseif (@rename($path, dirname($path) . '/' . $name)) { if ($file) { $this->response = $name; } else { $this->response = array('name' => $name, 'hash' => '#/files' . substr(dirname($path) . '/' . $name . '/', strlen(wa()->getDataPath('', true, null, false)))); } } else { $this->errors = _w("File (folder) can not be renamed"); } } else { if (!strlen($name)) { $this->errors = _w("Enter the new name"); } else { $this->errors = _w("Selected folder (file) does not exist anymore"); } } }
public function saveAction() { $app_id = $this->getAppId(); $theme_id = waRequest::get('theme_id'); $file = waRequest::get('file'); $errors = null; $path = wa()->getDataPath('themes', true, $app_id, false); $this->checkAccess($path); // copy original theme $theme = new waTheme($theme_id, $app_id); if ($theme['type'] == waTheme::ORIGINAL) { $theme->copy(); } // create file if (!$file) { // parent if (waRequest::post('type')) { $file = waRequest::post('parent'); $theme->addFile($file, '', array('parent' => 1)); } else { $file = waRequest::post('file'); if ($this->checkFile($file, $errors)) { $theme->addFile($file, waRequest::post('description')); } } if (!$errors) { if (!$theme->save()) { $errors = _ws('Insufficient file access permissions to save theme settings'); } else { $this->logAction('template_add', $file); } } } else { if (waRequest::post('file') && $file != waRequest::post('file')) { if (!$this->checkFile(waRequest::post('file'), $errors)) { $this->displayJson(array(), $errors); return; } $theme->removeFile($file); $file = waRequest::post('file'); if (!$theme->addFile($file, waRequest::post('description'))->save()) { $errors = _ws('Insufficient file access permissions to save theme settings'); } else { $this->logAction('template_edit', $file); } } else { $f = $theme->getFile($file); if (!empty($theme['parent_theme_id']) && $f['parent']) { $theme = new waTheme($theme['parent_theme_id']); if ($theme['type'] == waTheme::ORIGINAL) { $theme->copy(); } } if (!$theme->changeFile($file, waRequest::post('description'))) { $errors = _ws('Insufficient file access permissions to save theme settings'); } else { $this->logAction('template_edit', $file); } } @touch($theme->getPath() . '/' . waTheme::PATH); } $response = array(); if ($file && !$errors) { // update mtime of theme.xml @touch($path); $response['id'] = $file; switch ($ext = waFiles::extension($file)) { case 'css': case 'js': $response['type'] = $ext; break; default: $response['type'] = ''; } $response['theme'] = $theme_id; // if not parent if (!waRequest::post('type')) { $content = waRequest::post('content'); $file_path = $theme->getPath() . '/' . $file; if (!file_exists($file_path) || is_writable($file_path)) { if ($content || file_exists($file_path)) { $r = @file_put_contents($file_path, $content); if ($r !== false) { $r = true; if (in_array($ext, array('css', 'js'))) { $theme['edition'] = true; $theme->save(); } } } else { $r = @touch($file_path); } } else { $r = false; } if (!$r) { $errors = _ws('Insufficient access permissions to save the file') . ' ' . $file_path; } } else { $response['inherit'] = 1; } } $this->displayJson($response, $errors); }
public function importPhoto($id, $album) { $this->log('Import photo: ' . $id); $row = $this->query("SELECT * FROM PIXLIST WHERE PL_ID = " . (int) $id); $data = array('name' => preg_replace('/\\.[^\\.]+$/', '', $row['PL_FILENAME']), 'description' => $row['PL_DESC'], 'upload_datetime' => $row['PL_UPLOADDATETIME'], 'width' => $row['PL_WIDTH'], 'height' => $row['PL_HEIGHT'], 'size' => $row['PL_FILESIZE'], 'ext' => waFiles::extension($row['PL_DISKFILENAME']), 'contact_id' => $this->getContactId($row['C_ID']), 'status' => $album['status'] ? 1 : 0); if ($data['status'] <= 0) { $data['hash'] = md5(uniqid(time(), true)); } else { $data['hash'] = ''; } // insert photo $data['id'] = $this->getPhotoModel()->insert($data); // set url $this->getPhotoModel()->updateById($data['id'], array('url' => 'DSC_' . $data['id'])); // copy file $new_path = photosPhoto::getPhotoPath($data); $this->moveFile($row, $new_path); // fix width and height for old photos if (!$data['width'] && !$data['height'] && file_exists($new_path)) { $image = waImage::factory($new_path); $this->getPhotoModel()->updateById($data['id'], array('width' => $image->width, 'height' => $image->height)); } if ($exif_data = photosExif::getInfo($new_path)) { $this->getExifModel()->save($data['id'], $exif_data); } // set rights $sql = "INSERT IGNORE INTO photos_photo_rights SET group_id = 0, photo_id = " . (int) $data['id']; $this->dest->exec($sql); if (!$album['status']) { $sql = "INSERT IGNORE INTO photos_photo_rights\n SET group_id = -" . (int) $data['contact_id'] . ", photo_id = " . (int) $data['id']; $this->dest->exec($sql); } // add photo to album $sql = "INSERT IGNORE INTO photos_album_photos\n SET album_id = " . $album['id'] . ", photo_id = " . (int) $data['id'] . ", sort = " . (int) $row['PL_SORT']; $this->dest->exec($sql); // save old id => new id (for widgets) $this->old_photos[$id] = $data['id']; return $data['id']; }