0 ) { $nucleus['version'] .= '/' . getNucleusPatchLevel(); } /* Avoid notices */ if ( !array_key_exists('installscript', $CONF) || empty($CONF['installscript']) ) { $CONF['installscript'] = 0; } if ( !array_key_exists('UsingAdminArea', $CONF) ) { $CONF['UsingAdminArea'] = 0; } if ( !headers_sent() ) { header('Generator: Nucleus CMS ' . $nucleus['version']); } /* TODO: This is for compatibility since 4.0, should be obsoleted at future release. */ if ( !isset($DIR_LOCALES) ) { $DIR_LOCALES = $DIR_NUCLEUS . 'locales/'; } global $DIR_LANG; if ( !isset($DIR_LANG) ) { $DIR_LANG = $DIR_LOCALES; } /* load and initialize i18n class */ if (!class_exists('i18n', FALSE)) { include($DIR_LIBS . 'i18n.php'); } if ( !i18n::init('UTF-8', $DIR_LOCALES) ) { exit('Fail to initialize i18n class.'); } /* TODO: This is just for compatibility since 4.0, should be obsoleted at future release. */ define('_CHARSET', i18n::get_current_charset()); /* * NOTE: Since 4.0 release, Entity class becomes to be important class * with some wrapper functions for htmlspechalchars/htmlentity PHP's built-in function */ include($DIR_LIBS . 'ENTITY.php'); /* we will use postVar, getVar, ... methods instead of $_GET, $_POST ... */ if ( $CONF['installscript'] != 1 ) { /* vars were already included in install.php */ include_once($DIR_LIBS . 'vars4.1.0.php'); /* added for 4.0 DB::* wrapper and compatibility sql_* */ include_once($DIR_LIBS . 'sql/sql.php'); } /* include core classes that are needed for login & plugin handling */ include($DIR_LIBS . 'MEMBER.php'); include($DIR_LIBS . 'ACTIONLOG.php'); include($DIR_LIBS . 'MANAGER.php'); include($DIR_LIBS . 'PLUGIN.php'); $manager =& MANAGER::instance(); /* only needed when updating logs */ if ( $CONF['UsingAdminArea'] ) { /* XML-RPC client classes */ include($DIR_LIBS . 'xmlrpc.inc.php'); include($DIR_LIBS . 'ADMIN.php'); } /* connect to database */ global $MYSQL_HANDLER; if ( !isset($MYSQL_HANDLER) ) { $MYSQL_HANDLER = array('mysql',''); } if ( $MYSQL_HANDLER[0] == '' ) { $MYSQL_HANDLER[0] = 'mysql'; } DB::setConnectionInfo($MYSQL_HANDLER[1], $MYSQL_HOST, $MYSQL_USER, $MYSQL_PASSWORD, $MYSQL_DATABASE); /* force locale or charset */ $locale = ''; $charset = i18n::get_current_charset(); $data = array( 'locale' => &$locale, 'charset' => &$charset ); $manager->notify('ForceLocale', $data); if ( $data['locale'] !== '' ) { i18n::set_forced_locale($data['locale']); } if ( $data['charset'] !== '' ) { i18n::set_forced_charset($data['charset']); } unset($locale); unset($charset); /* convert forced charset to current charset */ if ( i18n::get_forced_charset() != i18n::get_current_charset() ) { $_POST = i18n::convert_array($_POST, i18n::get_forced_charset()); $_GET = i18n::convert_array($_GET, i18n::get_forced_charset()); $_REQUEST = i18n::convert_array($_REQUEST, i18n::get_forced_charset()); $_COOKIE = i18n::convert_array($_COOKIE, i18n::get_forced_charset()); $_FILES = i18n::convert_array($_FILES, i18n::get_forced_charset()); if ( session_id() !== '' ) { $_SESSION = i18n::convert_array($_SESSION, i18n::get_forced_charset()); } } /* sanitize option */ $bLoggingSanitizedResult = 0; $bSanitizeAndContinue = 0; $orgRequestURI = serverVar('REQUEST_URI'); sanitizeParams(); /* logs sanitized result if need */ if ( $orgRequestURI !== serverVar('REQUEST_URI') ) { $msg = "Sanitized [" . serverVar('REMOTE_ADDR') . "] "; $msg .= $orgRequestURI . " -> " . serverVar('REQUEST_URI'); if ( $bLoggingSanitizedResult ) { addToLog(WARNING, $msg); } if ( !$bSanitizeAndContinue ) { die(""); } } /* makes sure database connection gets closed on script termination */ register_shutdown_function('sql_disconnect'); /* get all variables that can come from the request and put them in the global scope */ $blogid = requestVar('blogid'); $itemid = intRequestVar('itemid'); $catid = intRequestVar('catid'); $skinid = requestVar('skinid'); $memberid = requestVar('memberid'); $archivelist = requestVar('archivelist'); $imagepopup = requestVar('imagepopup'); $archive = requestVar('archive'); $query = requestVar('query'); $highlight = requestVar('highlight'); $amount = requestVar('amount'); $action = requestVar('action'); $nextaction = requestVar('nextaction'); $maxresults = requestVar('maxresults'); $startpos = intRequestVar('startpos'); $errormessage = ''; $error = ''; $special = requestVar('special'); $virtualpath = ((getVar('virtualpath') != NULL) ? getVar('virtualpath') : serverVar('PATH_INFO')); /* get all variables that can come from the request and put them in the global scope */ $blogid = requestVar('blogid'); $itemid = intRequestVar('itemid'); $catid = intRequestVar('catid'); $skinid = requestVar('skinid'); $memberid = requestVar('memberid'); $archivelist = requestVar('archivelist'); $imagepopup = requestVar('imagepopup'); $archive = requestVar('archive'); $query = requestVar('query'); $highlight = requestVar('highlight'); $amount = requestVar('amount'); $action = requestVar('action'); $nextaction = requestVar('nextaction'); $maxresults = requestVar('maxresults'); $startpos = intRequestVar('startpos'); $errormessage = ''; $error = ''; $special = requestVar('special'); $virtualpath = ((getVar('virtualpath') != NULL) ? getVar('virtualpath') : serverVar('PATH_INFO')); /* read config */ getConfig(); /* Properly set $CONF['Self'] and others if it's not set... * usually when we are access from admin menu */ if ( !array_key_exists('Self', $CONF) ) { $CONF['Self'] = $CONF['IndexURL']; /* strip trailing */ if ( $CONF['Self'][i18n::strlen($CONF['Self']) -1] == "/" ) { $CONF['Self'] = i18n::substr($CONF['Self'], 0, i18n::strlen($CONF['Self']) -1); } } $CONF['ItemURL'] = $CONF['Self']; $CONF['ArchiveURL'] = $CONF['Self']; $CONF['ArchiveListURL'] = $CONF['Self']; $CONF['MemberURL'] = $CONF['Self']; $CONF['SearchURL'] = $CONF['Self']; $CONF['BlogURL'] = $CONF['Self']; $CONF['CategoryURL'] = $CONF['Self']; /* *switch URLMode back to normal when $CONF['Self'] ends in .php * this avoids urls like index.php/item/13/index.php/item/15 */ if ( !array_key_exists('URLMode', $CONF) || (($CONF['URLMode'] == 'pathinfo') && (i18n::substr($CONF['Self'], i18n::strlen($CONF['Self']) - 4) == '.php')) ) { $CONF['URLMode'] = 'normal'; } /* automatically use simpler toolbar for mozilla */ if ( ($CONF['DisableJsTools'] == 0) && i18n::strpos(serverVar('HTTP_USER_AGENT'), 'Mozilla/5.0') !== FALSE && i18n::strpos(serverVar('HTTP_USER_AGENT'), 'Gecko') !== FALSE ) { $CONF['DisableJsTools'] = 2; } $member = new Member(); if ( $action == 'login' ) { $login = postVar('login'); $password = postVar('password'); $shared = intPostVar('shared'); $member->login($login, $password, $shared); } elseif ( ($action == 'logout') ) { $member->logout(); } else { $member->cookielogin(); } /* TODO: This is for backward compatibility, should be obsoleted near future. */ if ( !preg_match('#^(.+)_(.+)_(.+)$#', $CONF['Locale']) && ($CONF['Locale'] = i18n::convert_old_language_file_name_to_locale($CONF['Locale'])) === FALSE ) { $CONF['Locale'] = 'en_Latn_US'; } if ( !array_key_exists('Language', $CONF) ) { $CONF['Language'] = i18n::convert_locale_to_old_language_file_name($CONF['Locale']); } $locale = $CONF['Locale']; /* NOTE: include translation file and set locale */ if ( $member->isLoggedIn() ) { if ( $member->getLocale() ) { $locale = $member->getLocale(); } } else { if ( i18n::get_forced_locale() !== '' ) { $locale = i18n::get_forced_locale(); } } include_translation($locale); i18n::set_current_locale($locale); /* login completed */ $manager->notify('PostAuthentication', array('loggedIn' => $member->isLoggedIn() ) ); /* next action */ if ( $member->isLoggedIn() && $nextaction ) { $action = $nextaction; } /* * Release ticket for plugin */ ticketForPlugin(); /* first, let's see if the site is disabled or not. always allow admin area access. */ if ( $CONF['DisableSite'] && !$member->isAdmin() && !$CONF['UsingAdminArea'] ) { redirect($CONF['DisableSiteURL']); exit; } /* load other classes */ include($DIR_LIBS . 'PARSER.php'); include($DIR_LIBS . 'SKIN.php'); include($DIR_LIBS . 'TEMPLATE.php'); include($DIR_LIBS . 'BLOG.php'); include($DIR_LIBS . 'BODYACTIONS.php'); include($DIR_LIBS . 'COMMENTS.php'); include($DIR_LIBS . 'COMMENT.php'); include($DIR_LIBS . 'NOTIFICATION.php'); include($DIR_LIBS . 'BAN.php'); include($DIR_LIBS . 'SEARCH.php'); include($DIR_LIBS . 'LINK.php'); /* set lastVisit cookie (if allowed) */ if ( !headers_sent() ) { if ( $CONF['LastVisit'] ) { setcookie($CONF['CookiePrefix'] . 'lastVisit', time(), time() + 2592000, $CONF['CookiePath'], $CONF['CookieDomain'], $CONF['CookieSecure']); } else { setcookie($CONF['CookiePrefix'] . 'lastVisit', '', (time() - 2592000), $CONF['CookiePath'], $CONF['CookieDomain'], $CONF['CookieSecure']); } } if ( !defined('_ARCHIVETYPE_MONTH') ) { define('_ARCHIVETYPE_DAY', 'day'); define('_ARCHIVETYPE_MONTH', 'month'); define('_ARCHIVETYPE_YEAR', 'year'); } /* decode path_info */ if ( $CONF['URLMode'] == 'pathinfo' ) { /* initialize keywords if this hasn't been done before */ if ( !isset($CONF['ItemKey']) || $CONF['ItemKey'] == '' ) { $CONF['ItemKey'] = 'item'; } if ( !isset($CONF['ArchiveKey']) || $CONF['ArchiveKey'] == '' ) { $CONF['ArchiveKey'] = 'archive'; } if ( !isset($CONF['ArchivesKey']) || $CONF['ArchivesKey'] == '' ) { $CONF['ArchivesKey'] = 'archives'; } if ( !isset($CONF['MemberKey']) || $CONF['MemberKey'] == '' ) { $CONF['MemberKey'] = 'member'; } if ( !isset($CONF['BlogKey']) || $CONF['BlogKey'] == '' ) { $CONF['BlogKey'] = 'blog'; } if ( !isset($CONF['CategoryKey']) || $CONF['CategoryKey'] == '' ) { $CONF['CategoryKey'] = 'category'; } if ( !isset($CONF['SpecialskinKey']) || $CONF['SpecialskinKey'] == '' ) { $CONF['SpecialskinKey'] = 'special'; } $parsed = false; $manager->notify( 'ParseURL', array( /* e.g. item, blog, ... */ 'type' => basename(serverVar('SCRIPT_NAME') ), 'info' => $virtualpath, 'complete' => &$parsed ) ); if ( !$parsed ) { /* default implementation */ $data = preg_split("#/#", $virtualpath ); for ( $i = 0; $i < sizeof($data); $i++ ) { switch ( $data[$i] ) { /* item/1 (blogid) */ case $CONF['ItemKey']: $i++; if ( $i < sizeof($data) ) { $itemid = intval($data[$i]); } break; /* archives/1 (blogid) */ case $CONF['ArchivesKey']: $i++; if ( $i < sizeof($data) ) { $archivelist = intval($data[$i]); } break; /* two possibilities: archive/yyyy-mm or archive/1/yyyy-mm (with blogid) */ case $CONF['ArchiveKey']: if ( (($i + 1) < sizeof($data) ) && (i18n::strpos($data[$i + 1], '-') === FALSE ) ) { $blogid = (integer) $data[++$i]; } $i++; if ( $i < sizeof($data) ) { $archive = $data[$i]; } break; /* blogid/1 */ case 'blogid': /* blog/1 */ case $CONF['BlogKey']: $i++; if ( $i < sizeof($data) ) { $blogid = intval($data[$i]); } break; /* category/1 (catid) */ case $CONF['CategoryKey']: case 'catid': $i++; if ( $i < sizeof($data) ) { $catid = intval($data[$i]); } break; case $CONF['MemberKey']: $i++; if ( $i < sizeof($data) ) { $memberid = intval($data[$i]); } break; case $CONF['SpecialskinKey']: $i++; if ( $i < sizeof($data) ) { $special = $data[$i]; $_REQUEST['special'] = $special; } break; default: // skip... } } } } /* * PostParseURL is a place to cleanup any of the path-related global variables before the selector function is run. * It has 2 values in the data in case the original virtualpath is needed, but most the use will be in tweaking * global variables to clean up (scrub out catid or add catid) or to set someother global variable based on * the values of something like catid or itemid * New in 3.60 */ $data = array( 'type' => basename(serverVar('SCRIPT_NAME')), 'info' => $virtualpath ); $manager->notify('PostParseURL', $data); /* * NOTE: Here is the end of initialization */ /** * Errors before the database connection has been made * * @param string $msg message to notify * @param string $title page title * @return void */ function startUpError($msg, $title) { header('Content-Type: text/xml; charset=' . i18n::get_current_charset()); echo "\n"; echo "
\n"; echo '' . $hsFile . '
line ' . $hsLine . '
';
}
else
{
$extraInfo = '';
}
startUpError(
'The page headers have already been sent out' . $extraInfo . '. This could cause Nucleus not to work in the expected way.
Usually, this is caused by spaces or newlines at the end of the config.php
file, at the end of the translation file or at the end of a plugin file. Please check this and try again.
If you don\'t want to see this error message again, without solving the problem, set $CONF[\'alertOnHeadersSent\']
in globalfunctions.php
to 0
' . $msg . "
\n"; } // shortcut function addToLog($level, $msg) { ActionLog::add($level, $msg); } // shows a link to help file function help($id) { echo helpHtml($id); } function helpHtml($id) { global $CONF; return helplink($id) . ''; } function helplink($id) { global $CONF; return ''; } /** * Includes a PHP file. This method can be called while parsing templates and skins */ function includephp($filename) { // make predefined variables global, so most simple scripts can be used here // apache (names taken from PHP doc) global $GATEWAY_INTERFACE, $SERVER_NAME, $SERVER_SOFTWARE, $SERVER_PROTOCOL; global $REQUEST_METHOD, $QUERY_STRING, $DOCUMENT_ROOT, $HTTP_ACCEPT; global $HTTP_ACCEPT_CHARSET, $HTTP_ACCEPT_ENCODING, $HTTP_ACCEPT_LANGUAGE; global $HTTP_CONNECTION, $HTTP_HOST, $HTTP_REFERER, $HTTP_USER_AGENT; global $REMOTE_ADDR, $REMOTE_PORT, $SCRIPT_FILENAME, $SERVER_ADMIN; global $SERVER_PORT, $SERVER_SIGNATURE, $PATH_TRANSLATED, $SCRIPT_NAME; global $REQUEST_URI; // php (taken from PHP doc) global $argv, $argc, $PHP_SELF, $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS; global $HTTP_POST_FILES, $HTTP_ENV_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS; // other global $PATH_INFO, $HTTPS, $HTTP_RAW_POST_DATA, $HTTP_X_FORWARDED_FOR; if (@file_exists($filename) ) { include($filename); } } /** * Checks if a certain plugin exists * @param string $plug * @return bool **/ function checkPlugin($plug) { global $DIR_PLUGINS; # replaced ereg_replace() below with preg_replace(). ereg* functions are deprecated in PHP 5.3.0 # original ereg_replace: ereg_replace( '[\\|/]', '', $plug) . '.php') # important note that '\' must be matched with '\\\\' in preg* expressions return file_exists($DIR_PLUGINS . preg_replace('#[\\\\|/]#', '', $plug) . '.php'); } /** * alterQueryStr() * * @param string $querystr querystring to alter (e.g. foo=1&bar=2&x=y) * @param string $param name of parameter to change (e.g. 'foo') * @param string $value New value for that parameter (e.g. 3) * @result string altered query string (for the examples above: foo=3&bar=2&x=y) */ function alterQueryStr($querystr, $param, $value) { $vars = preg_split('#', $querystr); $set = FALSE; for ( $i = 0; $i < count($vars); $i++ ) { $v = preg_split('#=#', $vars[$i]); if ( $v[0] == $param ) { $v[1] = $value; $vars[$i] = implode('=', $v); $set = true; break; } } if ( !$set ) { $vars[] = "{$param}={$value}"; } return ltrim(implode('&', $vars), '&'); } // passes one variable as hidden input field (multiple fields for arrays) // @see passRequestVars in varsx.x.x.php function passVar($key, $value) { // array ? if (is_array($value) ) { for ($i = 0; $i < sizeof($value); $i++) { passVar($key . '[' . $i . ']', $value[$i]); } return; } // other values: do stripslashes if needed ?>= '4.1.0') { if ( isset($_GET[$varName]) || isset($_POST[$varName]) || isset($_COOKIE[$varName]) || isset($_ENV[$varName]) || isset($_SESSION[$varName]) || isset($_FILES[$varName]) ) { die('Sorry. An error occurred.'); } } else { if ( isset($HTTP_GET_VARS[$varName]) || isset($HTTP_POST_VARS[$varName]) || isset($HTTP_COOKIE_VARS[$varName]) || isset($HTTP_ENV_VARS[$varName]) || isset($HTTP_SESSION_VARS[$varName]) || isset($HTTP_POST_FILES[$varName]) ) { die('Sorry. An error occurred.'); } } } } /** * sanitizeParams() * Sanitize parameters such as $_GET and $_SERVER['REQUEST_URI'] etc. * to avoid XSS. * * @param void * @return void */ function sanitizeParams() { $array = array(); $str = ''; $frontParam = ''; // REQUEST_URI of $_SERVER $str =& $_SERVER["REQUEST_URI"]; serverStringToArray($str, $array, $frontParam); sanitizeArray($array); arrayToServerString($array, $frontParam, $str); // QUERY_STRING of $_SERVER $str =& $_SERVER["QUERY_STRING"]; serverStringToArray($str, $array, $frontParam); sanitizeArray($array); arrayToServerString($array, $frontParam, $str); // $_GET convArrayForSanitizing($_GET, $array); sanitizeArray($array); revertArrayForSanitizing($array, $_GET); // $_REQUEST (only GET param) convArrayForSanitizing($_REQUEST, $array); sanitizeArray($array); revertArrayForSanitizing($array, $_REQUEST); return; } /** * ticketForPlugin() * * Check ticket when not checked in plugin's admin page * to avoid CSRF. * Also avoid the access to plugin/index.php by guest user. */ function ticketForPlugin() { global $CONF, $DIR_PLUGINS, $member, $ticketforplugin; /* initialize */ $ticketforplugin = array(); $ticketforplugin['ticket'] = FALSE; /* $_SERVER['PATH_TRANSLATED'] * http://www.php.net/manual/en/reserved.variables.server.php * Note: As of PHP 4.3.2, PATH_TRANSLATED is no longer set implicitly * under the Apache 2 SAPI in contrast to the situation in Apache 1, * where it's set to the same value as the SCRIPT_FILENAME server variable * when it's not populated by Apache. * This change was made to comply with the CGI specification * that PATH_TRANSLATED should only exist if PATH_INFO is defined. * Apache 2 users may use AcceptPathInfo = On inside httpd.conf to define PATH_INFO. */ /* Check if using plugin's php file. */ $p_translated = serverVar('SCRIPT_FILENAME'); if (!file_exists($p_translated) ) { header("HTTP/1.0 404 Not Found"); exit(''); } $p_translated = str_replace('\\', '/', $p_translated); $d_plugins = str_replace('\\', '/', $DIR_PLUGINS); // This isn't plugin php file. if ( i18n::strpos($p_translated, $d_plugins) !== 0 ) { return; } // Solve the plugin php file or admin directory $phppath = i18n::substr($p_translated, i18n::strlen($d_plugins) ); // Remove the first "/" if exists. $phppath = preg_replace('#^/#', '', $phppath); // Remove the first "NP_" and the last ".php" if exists. $path = preg_replace('#^NP_(.*)\.php$#', '$1', $phppath); // Remove the "/" and beyond. $path = preg_replace('#^([^/]*)/(.*)$#', '$1', $path); // Solve the plugin name. $plugins = array(); $query = sprintf('SELECT pfile FROM %s', sql_table('plugin')); $res = DB::getResult($query); foreach ( $res as $row ) { $name = i18n::substr($row['pfile'], 3); $plugins[strtolower($name)] = $name; } $res->closeCursor(); if (array_key_exists($path, $plugins)) { $plugin_name = $plugins[$path]; } else if (in_array($path, $plugins)) { $plugin_name = $path; } else { header("HTTP/1.0 404 Not Found"); exit(''); } /* Return if not index.php */ if ( ($phppath != strtolower($plugin_name) . '/') && ($phppath != strtolower($plugin_name) . '/index.php') ) { return; } /* Exit if not logged in. */ if ( !$member->isLoggedIn() ) { exit('You aren\'t logged in.'); } global $manager, $DIR_LIBS, $DIR_LOCALES, $HTTP_GET_VARS, $HTTP_POST_VARS; /* Check if this feature is needed (ie, if "$manager->checkTicket()" is not included in the script). */ if (!($p_translated = serverVar('PATH_TRANSLATED') ) ) { $p_translated = serverVar('SCRIPT_FILENAME'); } if ($file = @file($p_translated) ) { $prevline = ''; foreach($file as $line) { if (preg_match('/[\$]manager([\s]*)[\-]>([\s]*)checkTicket([\s]*)[\(]/i', $prevline . $line) ) { return; } $prevline = $line; } } /* Show a form if not valid ticket */ if ( ( i18n::strpos(serverVar('REQUEST_URI'), '?') !== FALSE || serverVar('QUERY_STRING') || strtoupper(serverVar('REQUEST_METHOD') ) == 'POST') && (!$manager->checkTicket() ) ) { $oPluginAdmin = new PluginAdmin($plugin_name); $oPluginAdmin->start(); echo '' . _ERROR_BADTICKET . "
\n"; /* Show the form to confirm action */ // PHP 4.0.x support $get = (isset($_GET) ) ? $_GET : $HTTP_GET_VARS; $post = (isset($_POST) ) ? $_POST : $HTTP_POST_VARS; // Resolve URI and QUERY_STRING if ($uri = serverVar('REQUEST_URI') ) { list($uri, $qstring) = preg_split('#\?#', $uri); } else { if ( !($uri = serverVar('PHP_SELF') ) ) { $uri = serverVar('SCRIPT_NAME'); } $qstring = serverVar('QUERY_STRING'); } if ($qstring) { $qstring = '?' . $qstring; } echo '' . _SETTINGS_UPDATE . ' : ' . _QMENU_PLUGINS . ' ' . Entity::hsc($plugin_name) . " ?
\n"; switch(strtoupper(serverVar('REQUEST_METHOD') ) ) { case 'POST': echo '\n"; $oPluginAdmin->end(); exit; } /* Create new ticket */ $ticket=$manager->addTicketToUrl(''); $ticketforplugin['ticket'] = preg_split($ticket, i18n::strpos($ticket, 'ticket=') + 7); return; } function _addInputTags(&$keys,$prefix=''){ foreach($keys as $key=>$value){ if ($prefix) $key=$prefix.'['.$key.']'; if (is_array($value)) _addInputTags($value,$key); else { if (get_magic_quotes_gpc()) $value=stripslashes($value); if ($key=='ticket') continue; echo ''."\n"; } } } /** * serverStringToArray() * Convert the server string such as $_SERVER['REQUEST_URI'] * to arry like arry['blogid']=1 and array['page']=2 etc. * * @param string $uri string * @param string &$query_elements elements of query according to application/x-www-form-urlencoded * @param string &$hier_part hierarchical part includes path * * NOTE: * RFC 3986: Uniform Resource Identifiers (URI): Generic Syntax * 3. Syntax Components * http://www.ietf.org/rfc/rfc3986.txt * * Hypertext Markup Language - 2.0 * 8.2.1. The form-urlencoded Media Type * http://tools.ietf.org/html/rfc1866#section-8.2.1 * * $_SERVER > Language Reference > Predefined Variables > PHP Manual * http://www.php.net/manual/en/reserved.variables.server.php */ function serverStringToArray($uri, &$query_elements, &$hier_part) { // init param $query_elements = array(); $hier_part = ""; // split hierarchical part, e.g. /index.php, query and fragment, e.g. blogid=1&page=2#section1 if ( i18n::strpos($uri, "?") > 0 ) { list($hier_part, $query_and_fragment) = preg_split("#\?#", $uri, 2); } else { $query_and_fragment = $uri; $hier_part = ''; } // If there is no query like blogid=1&page=2, return if ( i18n::strpos($uri, "=") == FALSE && !i18n::strlen($hier_part) ) { $hier_part = $uri; return; } $query_elements = preg_split("#", $query_and_fragment); return; } /** * arrayToServerString() * Convert array like array['blogid'] to server string * such as $_SERVER['REQUEST_URI'] * * @param array $query_elements elements of query according to application/x-www-form-urlencoded * @param string $hier_part hier-part defined in RFC3986 * @param string &$uri return value * @return void * * NOTE: * RFC 3986: Uniform Resource Identifiers (URI): Generic Syntax * 3. Syntax Components * http://www.ietf.org/rfc/rfc3986.txt * * Hypertext Markup Language - 2.0 * 8.2.1. The form-urlencoded Media Type * http://tools.ietf.org/html/rfc1866#section-8.2.1 * * $_SERVER > Language Reference > Predefined Variables > PHP Manual * http://www.php.net/manual/en/reserved.variables.server.php */ function arrayToServerString($query_elements, $hier_part, &$uri) { if ( i18n::strpos($uri, "?") !== FALSE ) { $uri = $hier_part . "?"; } else { $uri = $hier_part; } if ( count($query_elements) > 0 ) { $uri .= implode("&", $query_elements); } return; } /** * sanitizeArray() * Sanitize array parameters. * This function checks both key and value. * - check key if it inclues " (double quote), remove from array * - check value if it includes \ (escape sequece), remove remaining string * * @param array &$array elements of query according to application/x-www-form-urlencoded * @return void */ function sanitizeArray(&$array) { $excludeListForSanitization = array('query'); foreach ( $array as $k => $v ) { // split to key and value list($key, $val) = preg_split("#=#", $v, 2); if ( !isset($val) ) { continue; } // when magic quotes is on, need to use stripslashes, // and then addslashes if ( get_magic_quotes_gpc() ) { $val = stripslashes($val); } // note that we must use addslashes here because this function is called before the db connection is made // and sql_real_escape_string needs a db connection $val = addslashes($val); // if $key is included in exclude list, skip this param if ( !in_array($key, $excludeListForSanitization) ) { // check value if ( i18n::strpos($val, '\\') > 0 ) { list($val, $tmp) = preg_split('#\\\\#', $val); } // remove control code etc. $val = strtr($val, "\0\r\n<>'\"", " "); // check key if ( preg_match('#\"#', $key) > 0 ) { unset($array[$k]); continue; } // set sanitized info $array[$k] = sprintf("%s=%s", $key, $val); } } return; } /** * convArrayForSanitizing() * Convert array for sanitizeArray function * * @param string $src array to be sanitized * @param array &$array array to be temporarily stored * @return void */ function convArrayForSanitizing($src, &$array) { $array = array(); foreach ( $src as $key => $val ) { if ( !key_exists($key, $_GET) ) { continue; } $array[] = sprintf("%s=%s", $key, $val); continue; } return; } /** * revertArrayForSanitizing() * Revert array after sanitizeArray function * * @param array $array element of query according to application/x-www-form-urlencoded * @param array &$dst combination of key and value * @return void */ function revertArrayForSanitizing($array, &$dst) { foreach ( $array as $v ) { list($key, $val) = preg_split("#=#", $v, 2); $dst[$key] = $val; continue; } return; } /** * Stops processing the request and redirects to the given URL. * - no actual contents should have been sent to the output yet * - the URL will be stripped of illegal or dangerous characters */ function redirect($url) { $url = preg_replace('|[^a-z0-9-~+_.?#=&;,/:@%*]|i', '', $url); header('Location: ' . $url); exit; } /** * getBookmarklet() * Returns the Javascript code for a bookmarklet that works on most modern browsers * * @param integer $blogid ID for weblog * @return script to call Bookmarklet */ function getBookmarklet($blogid, $width=600, $height=500) { global $CONF; $script = "Q='';" . "x=document;" . "y=window;" . "if ( x.selection )" . "{" . " Q=x.selection.createRange().text;" . "}" . "else if ( y.getSelection )" . "{" . " Q=y.getSelection();" . "}" . "else if ( x.getSelection )" . "{" . " Q=x.getSelection();" . "}" . "wingm = window.open('{$CONF['AdminURL']}bookmarklet.php?blogid={$blogid}" . " &logtext=' + encodeURIComponent(Q) +" . " '&loglink=' + encodeURIComponent(x.location.href) +" . " '&loglinktitle=' + encodeURIComponent(x.title)," . " 'nucleusbm'," . " 'scrollbars=yes,width={$width},height={$height},left=10,top=10,status=yes,resizable=yes');" . "wingm.focus();"; return $script; } // END: functions from the end of file ADMIN.php /** * Returns a variable or null if not set * * @param mixed Variable * @return mixed Variable */ function ifset(&$var) { if (isset($var)) { return $var; } return null; } /** * Returns number of subscriber to an event * * @param event * @return number of subscriber(s) */ function numberOfEventSubscriber($event) { $query = sprintf('SELECT COUNT(*) as count FROM %s WHERE event=%s', sql_table('plugin_event'), DB::quoteValue($event)); $res = DB::getValue($query); return $res; } /** * sets $special global variable for use in index.php before selector() * * @param String id * @return nothing */ function selectSpecialSkinType($id) { global $special; $special = strtolower($id); } /** * cleans filename of uploaded file for writing to file system * * @param String str * @return String cleaned filename ready for use */ function cleanFileName($str) { $str = strtolower($str); $ext_point = i18n::strrpos($str,"."); if ($ext_point===false) return false; $ext = i18n::substr($str,$ext_point,i18n::strlen($str)); $str = i18n::substr($str,0,$ext_point); return preg_replace("/[^a-z0-9-]/","_",$str).$ext; } /** * Centralisation of the functions to send mail * Deprecated since 4.0: * Please use functions in NOTIFICATION class instead */ function getMailFooter() { NOTIFICATION::get_mail_footer(); } function isValidMailAddress($address) { return NOTIFICATION::address_validation($address); } /** * Centralisation of the functions that deals XML entities * Deprecated since 4.0: * Please use Entity::FunctionName(...) instead */ function highlight($text, $expression, $highlight) { return Entity::highlight($text, $expression, $highlight); } function shorten($string, $maxlength, $suffix) { return Entity::shorten($string, $maxlength, $suffix); } function stringStripTags ($string) { return Entity::strip_tags($string); } function toAscii($string) { return Entity::anchor_footnoting($string); } function stringToAttribute ($string) { return Entity::hsc($string); } function stringToXML ($string) { return Entity::hen($string); } function encode_desc($data) { return Entity::hen($data); } /** * Centralisation of the functions that deals with locales * This functions is based on the old way to deal with languages * Deprecated since 4.0: */ /* NOTE: use i18n::get_current_locale() directly instead of this */ function getLanguageName() { if( ($language = i18n::convert_locale_to_old_language_file_name(i18n::get_current_locale())) === FALSE ) { $language ='english'; } return $language; } /* NOTE: this is completely deprecated because generating much warnings */ function selectLanguage($language) { global $DIR_LANG; include($DIR_LANG . preg_replace('#[\\\\|/]#', '', $language) . '.php'); return; } /* NOTE: use i18n::get_available_locales() directly instead of this */ function checkLanguage($lang) { return ( preg_match('#^(.+)_(.+)_(.+)$#', $lang) || i18n::convert_old_language_file_name_to_locale($lang) ); } /* NOTE: use i18n::formatted_datetime() directly instead of this */ function formatDate($format, $timestamp, $default_format, &$blog) { $offset = date('Z', $timestamp); if ( $blog ) { $offset += $blog->getTimeOffset() * 3600; } return i18n::formatted_datetime($format, $timestamp, $offset, $default_format); } /** * NOTE: use DB::formatDateTime() directly instead of this * @deprecated */ function mysqldate($timestamp) { return DB::formatDateTime($timestamp); } /** * Centralisation of the functions that generate links * Deprecated since 4.0: * Please use Link::FunctionName(...) instead */ function createItemLink($itemid, $extra = '') { return Link::create_item_link($itemid, $extra); } function createMemberLink($memberid, $extra = '') { return Link::create_member_link($memberid, $extra); } function createCategoryLink($catid, $extra = '') { return Link::create_category_link($catid, $extra); } function createArchiveListLink($blogid = '', $extra = '') { return Link::create_archivelist_link($blogid, $extra); } function createArchiveLink($blogid, $archive, $extra = '') { return Link::create_archive_link($blogid, $archive, $extra); } function createBlogidLink($blogid, $params = '') { return Link::create_blogid_link($blogid, $params = ''); } function createLink($type, $params) { return Link::create_link($type, $params); } function createBlogLink($url, $params) { return Link::create_blog_link($url, $params); }