From ee90d10ea3fd3cc6b7366449f0761a5a0bdeb5b2 Mon Sep 17 00:00:00 2001 From: cwsoft Date: Fri, 3 Feb 2017 22:28:17 +0100 Subject: [PATCH 01/21] Fix for JVN#10983966 --- wbce/admin/templates/uninstall.php | 59 +++++++++++++----------------- 1 file changed, 26 insertions(+), 33 deletions(-) diff --git a/wbce/admin/templates/uninstall.php b/wbce/admin/templates/uninstall.php index 6c83fbc36..6869ba53d 100644 --- a/wbce/admin/templates/uninstall.php +++ b/wbce/admin/templates/uninstall.php @@ -12,7 +12,8 @@ // Setup admin object require('../../config.php'); -require_once(WB_PATH.'/framework/class.admin.php'); +require_once WB_PATH . '/framework/class.admin.php'; + // suppress to print the header, so no new FTAN will be set $admin = new admin('Addons', 'templates_uninstall', false); if( !$admin->checkFTAN() ) @@ -23,28 +24,22 @@ // After check print the header $admin->print_header(); -// Check if user selected template -if(!isset($_POST['file']) OR $_POST['file'] == "") { - header("Location: index.php"); - exit(0); -} else { - $file = $_POST['file']; -} - -// Extra protection -if(trim($file) == '') { - header("Location: index.php"); - exit(0); +// Check if user selected a valid template file +$file = $_POST['file']; +$root_dir = realpath(WB_PATH . DIRECTORY_SEPARATOR . 'templates'); +$raw_dir = realpath($root_dir . DIRECTORY_SEPARATOR . $file); +if(! ($raw_dir && is_dir($raw_dir) && (strpos($raw_dir, $root_dir) === 0))) { + // template file not found inside WBCE templates folder + $admin->print_error($MESSAGE['GENERIC_NOT_INSTALLED']); } -// Include the WB functions file -require_once(WB_PATH.'/framework/functions.php'); +// Extract template folder from realpath for further usage inside script +$file = basename($raw_dir); -// Check if the template exists -if(!is_dir(WB_PATH.'/templates/'.$file)) { - $admin->print_error($MESSAGE['GENERIC_NOT_INSTALLED']); -} +// Include functions.php for backward compatibility with WBCE 1.x +require_once WB_PATH . '/framework/functions.php'; +// Helper function if (!function_exists("replace_all")) { function replace_all ($aStr = "", &$aArray ) { foreach($aArray as $k=>$v) $aStr = str_replace("{{".$k."}}", $v, $aStr); @@ -55,8 +50,6 @@ function replace_all ($aStr = "", &$aArray ) { /** * Check if the template is the standard-template or still in use */ - - // check whether the template is used as default wb theme if($file == DEFAULT_THEME) { $temp = array ('name' => $file ); @@ -70,45 +63,45 @@ function replace_all ($aStr = "", &$aArray ) { $admin->print_error( $msg ); } else { - + /** * Check if the template is still in use by a page ... */ $info = $database->query("SELECT page_id, page_title FROM ".TABLE_PREFIX."pages WHERE template='".$file."' order by page_title"); - + if ($info->numRows() > 0) { /** * Template is still in use, so we're collecting the page-titles */ - + /** * The base-message template-string for the top of the message */ - + $msg_template_str = $MESSAGE['GENERIC_CANNOT_UNINSTALL_IN_USE_TMPL']; $temp = explode(";",$MESSAGE['GENERIC_CANNOT_UNINSTALL_IN_USE_TMPL_PAGES']); $add = $info->numRows() == 1 ? $temp[0] : $temp[1]; - + /** * The template-string for displaying the Page-Titles ... in this case as a link */ $page_template_str = "- {{title}}
"; - + $values = array ('type' => 'Template', 'type_name' => $file, 'pages' => $add); $msg = replace_all ( $msg_template_str, $values ); - + $page_names = ""; - + while ($data = $info->fetchRow() ) { - + $page_info = array( - 'id' => $data['page_id'], + 'id' => $data['page_id'], 'title' => $data['page_title'] ); - + $page_names .= replace_all ( $page_template_str, $page_info ); } - + /** * Printing out the error-message and die(). */ From 3c248a7f1088454850769a451ba5a579a33bd2cf Mon Sep 17 00:00:00 2001 From: cwsoft Date: Mon, 6 Feb 2017 11:55:24 +0100 Subject: [PATCH 02/21] Some code refinement for JVN#53859609 --- wbce/admin/media/create.php | 6 +++--- wbce/admin/media/rename.php | 35 +++++++++++++++++++++-------------- wbce/admin/media/rename2.php | 34 ++++++++++++++++++++++------------ 3 files changed, 46 insertions(+), 29 deletions(-) diff --git a/wbce/admin/media/create.php b/wbce/admin/media/create.php index ae724d36c..15aad038c 100644 --- a/wbce/admin/media/create.php +++ b/wbce/admin/media/create.php @@ -13,9 +13,8 @@ // Print admin header require('../../config.php'); -require_once(WB_PATH.'/framework/class.admin.php'); -// Include the WB functions file -require_once(WB_PATH.'/framework/functions.php'); +// include functions.php (backwards compatibility with WBCE 1.x) +require_once WB_PATH . '/framework/functions.php'; // suppress to print the header, so no new FTAN will be set $admin = new admin('Media', 'media_create', false); @@ -31,6 +30,7 @@ } // Remove bad characters +// ToDo: Better would be to throw error when an invalid character is detected $name = trim(media_filename($name),'.'); // Target location diff --git a/wbce/admin/media/rename.php b/wbce/admin/media/rename.php index faef71d5e..6a74aed01 100644 --- a/wbce/admin/media/rename.php +++ b/wbce/admin/media/rename.php @@ -12,24 +12,32 @@ // Create admin object require('../../config.php'); -require_once(WB_PATH.'/framework/class.admin.php'); $admin = new admin('Media', 'media_rename', false); -// Include the WB functions file -require_once(WB_PATH.'/framework/functions.php'); - -// Get the current dir +// extract user specified directory from superglobal $_GET $directory = $admin->get_get('dir'); -$directory = ($directory == '/') ? '' : $directory; -$dirlink = 'browse.php?dir='.$directory; +// check if user specified a valid folder inside WBCE media folder +$root_dir = realpath(WB_PATH . DIRECTORY_SEPARATOR . MEDIA_DIRECTORY); +$raw_dir = realpath($root_dir . DIRECTORY_SEPARATOR . $directory); +if(! ($raw_dir && is_dir($raw_dir) && (strpos($raw_dir, $root_dir) === 0))) { + // selected folder not inside WBCE media folder + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], 'browse.php?dir=', false); + // stop any further script execution due to security violoation + die; +} + +// build relative directory starting from WBCE MEDIA (e.g. /folder/subfolder) +$directory = str_replace($root_dir, '', $raw_dir); +// convert Windows DIR_SEP \ with Linux DIR_SEP / (legacy code below relies on this) +$directory = str_replace('\\', '/', $directory); + +// build links for browsing the directory +$dirlink = 'browse.php?dir=' . $directory; $rootlink = 'browse.php?dir='; -// $file_id = intval($admin->get_get('id')); -// first Check to see if it contains .. -if (!check_media_path($directory)) { - $admin->print_error($MESSAGE['MEDIA_DIR_DOT_DOT_SLASH'],$rootlink, false); -} +// include functions.php (backwards compatibility with WBCE 1.x) +require_once WB_PATH . '/framework/functions.php'; // Get the temp id $file_id = intval($admin->checkIDKEY('id', false, $_SERVER['REQUEST_METHOD'])); @@ -94,7 +102,7 @@ $template = new Template(dirname($admin->correct_theme_source('media_rename.htt'))); $template->set_file('page', 'media_rename.htt'); $template->set_block('page', 'main_block', 'main'); -//echo WB_PATH.'/media/'.$directory.'/'.$rename_file; + if($type == 'folder') { $template->set_var('DISPlAY_EXTENSION', 'hide'); $extension = ''; @@ -114,7 +122,6 @@ 'FILENAME' => $rename_file, 'DIR' => $directory, 'FILE_ID' => $admin->getIDKEY($file_id), - // 'FILE_ID' => $file_id, 'TYPE' => $type, 'EXTENSION' => $extension, 'FTAN' => $admin->getFTAN() diff --git a/wbce/admin/media/rename2.php b/wbce/admin/media/rename2.php index 0527d2f1c..790fea1b3 100644 --- a/wbce/admin/media/rename2.php +++ b/wbce/admin/media/rename2.php @@ -12,25 +12,33 @@ // Create admin object require('../../config.php'); -require_once(WB_PATH.'/framework/class.admin.php'); $admin = new admin('Media', 'media_rename', false); -// Include the WB functions file -require_once(WB_PATH.'/framework/functions.php'); - -// Get the current dir +// extract user specified directory from superglobals $_GET or $_POST $requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); $directory = (isset(${$requestMethod}['dir'])) ? ${$requestMethod}['dir'] : ''; -$directory = ($directory == '/') ? '' : $directory; -$dirlink = 'browse.php?dir='.$directory; +// check if user specified a valid folder inside WBCE media folder +$root_dir = realpath(WB_PATH . DIRECTORY_SEPARATOR . MEDIA_DIRECTORY); +$raw_dir = realpath($root_dir . DIRECTORY_SEPARATOR . $directory); +if(! ($raw_dir && is_dir($raw_dir) && (strpos($raw_dir, $root_dir) === 0))) { + // selected folder not inside WBCE media folder + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], 'browse.php?dir=', false); + // stop any further script execution due to security violoation + die; +} + +// build relative directory starting from WBCE MEDIA (e.g. /folder/subfolder) +$directory = str_replace($root_dir, '', $raw_dir); +// convert Windows DIR_SEP \ with Linux DIR_SEP / (legacy code below relies on this) +$directory = str_replace('\\', '/', $directory); + +// build links for browsing the directory +$dirlink = 'browse.php?dir=' . $directory; $rootlink = 'browse.php?dir='; -// $file_id = intval($admin->get_post('id')); -// first Check to see if it contains .. -if (!check_media_path($directory)) { - $admin->print_error($MESSAGE['MEDIA_DIR_DOT_DOT_SLASH'],$rootlink, false); -} +// include functions.php (backwards compatibility with WBCE 1.x) +require_once WB_PATH . '/framework/functions.php'; // Get the temp id $file_id = intval($admin->checkIDKEY('id', false, $_SERVER['REQUEST_METHOD'])); @@ -150,6 +158,8 @@ } else { $admin->print_error($MESSAGE['MEDIA_FILE_EXISTS'], "rename.php?dir=$directory&id=$file_id", false); } + // stop script execution (file or folder already exists) + die; } // Try and rename the file/folder From e71198a0ad168c5caebaed5257217d97ef8bf3f2 Mon Sep 17 00:00:00 2001 From: cwsoft Date: Mon, 6 Feb 2017 15:19:26 +0100 Subject: [PATCH 03/21] Filter some more characters in function media_filename --- wbce/framework/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wbce/framework/functions.php b/wbce/framework/functions.php index 789c12a87..69b22d4ba 100644 --- a/wbce/framework/functions.php +++ b/wbce/framework/functions.php @@ -583,7 +583,7 @@ function media_filename($string) require_once WB_PATH . '/framework/functions-utf8.php'; $string = entities_to_7bit($string); // Now remove all bad characters - $bad = array('\'', '"', '`', '!', '@', '#', '$', '%', '^', '&', '*', '=', '+', '|', '/', '\\', ';', ':', ',', '?'); + $bad = array('\'', '"', '`', '!', '@', '#', '$', '%', '^', '&', '*', '=', '+', '|', '/', '\\', ';', ':', ',', '?', '<', '>'); $string = str_replace($bad, '', $string); // replace multiple dots in filename to single dot and (multiple) dots at the end of the filename to nothing $string = preg_replace(array('/\.+/', '/\.+$/', '/\s/'), array('.', '', '_'), $string); From 227a3bc62968204c2e3839b0ac9147770a0c1632 Mon Sep 17 00:00:00 2001 From: cwsoft Date: Mon, 6 Feb 2017 15:22:53 +0100 Subject: [PATCH 04/21] Took over filter settings for function media_filename from WBCE 1.2.x --- wbce/framework/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wbce/framework/functions.php b/wbce/framework/functions.php index 69b22d4ba..b731e7152 100644 --- a/wbce/framework/functions.php +++ b/wbce/framework/functions.php @@ -583,7 +583,7 @@ function media_filename($string) require_once WB_PATH . '/framework/functions-utf8.php'; $string = entities_to_7bit($string); // Now remove all bad characters - $bad = array('\'', '"', '`', '!', '@', '#', '$', '%', '^', '&', '*', '=', '+', '|', '/', '\\', ';', ':', ',', '?', '<', '>'); + $bad = array('\'', '"', '`', '!', '@', '#', '$', '%', '^', '&', '*', '=', '+', '|', '/', '\\', ';', ':', ',', '?','[',']','~','<','>'); $string = str_replace($bad, '', $string); // replace multiple dots in filename to single dot and (multiple) dots at the end of the filename to nothing $string = preg_replace(array('/\.+/', '/\.+$/', '/\s/'), array('.', '', '_'), $string); From c676c4a7b0ea60ade750698f937986d528424766 Mon Sep 17 00:00:00 2001 From: cwsoft Date: Wed, 8 Feb 2017 21:32:30 +0100 Subject: [PATCH 05/21] Merge fixes for WBCE media center from 1.2.x branch --- wbce/admin/media/browse.php | 87 ++++++++++------------- wbce/admin/media/create.php | 51 +++++--------- wbce/admin/media/delete.php | 37 +++++----- wbce/admin/media/rename.php | 25 +++---- wbce/admin/media/rename2.php | 102 +++++++++++---------------- wbce/admin/media/thumb.php | 21 +++--- wbce/admin/media/upload.php | 127 ++++++++++++++-------------------- wbce/install/install_data.sql | 2 +- wbce/upgrade-script.php | 12 ++-- 9 files changed, 190 insertions(+), 274 deletions(-) diff --git a/wbce/admin/media/browse.php b/wbce/admin/media/browse.php index 1cae41684..eee08c8df 100644 --- a/wbce/admin/media/browse.php +++ b/wbce/admin/media/browse.php @@ -12,23 +12,19 @@ // Create admin object require('../../config.php'); -require_once(WB_PATH.'/framework/class.admin.php'); $admin = new admin('Media', 'media', false); -$starttime = explode(" ", microtime()); -$starttime = $starttime[0]+$starttime[1]; +// Include WBCE functions file (legacy for WBCE 1.1.x) +require_once WB_PATH . '/framework/functions.php'; -// Include the WB functions file -require_once(WB_PATH.'/framework/functions.php'); -include ('parameters.php'); +// Include parameters +include 'parameters.php'; -// check if theme language file exists for the language set by the user (e.g. DE, EN) -if(!file_exists(THEME_PATH .'/languages/'.LANGUAGE .'.php')) { - // no theme language file exists for the language set by the user, include default theme language file EN.php - require_once(THEME_PATH .'/languages/EN.php'); -} else { - // a theme language file exists for the language defined by the user, load it +// include theme language file matching users language or default +if(file_exists(THEME_PATH .'/languages/'.LANGUAGE .'.php')) { require_once(THEME_PATH .'/languages/'.LANGUAGE .'.php'); +} else { + require_once(THEME_PATH .'/languages/EN.php'); } // Byte convert for filesize @@ -56,24 +52,25 @@ function get_filetype_icon($fname) { $extension = (isset($pathinfo['extension'])) ? strtolower($pathinfo['extension']) : ''; if (file_exists(THEME_PATH.'/images/files/'.$extension.'.png')) { return $extension; - } else { - return 'blank_16'; } + return 'blank_16'; } -function ShowTip($name,$detail='') { -$parts = explode(".", $name); -$ext = strtolower(end($parts)); -if (strpos('.gif.jpg.jpeg.png.bmp.',$ext) ) - return 'onmouseover="overlib(\'\',VAUTO, WIDTH)" onmouseout="nd()" ' ; -else +// Tooltip onmouseover +function ShowTip($name, $detail='') { + $parts = explode(".", $name); + $ext = strtolower(end($parts)); + if (strpos('.gif.jpg.jpeg.png.bmp.', $ext)) { + return 'onmouseover="overlib(\'\',VAUTO, WIDTH)" onmouseout="nd()" '; + } return ''; } +// Human readable filesize function fsize($size) { - if($size == 0) return("0 Bytes"); - $filesizename = array(" bytes", " kB", " MB", " GB", " TB"); - return round($size/pow(1024, ($i = floor(log($size, 1024)))), 1) . $filesizename[$i]; + if($size == 0) return("0 Bytes"); + $filesizename = array(" bytes", " kB", " MB", " GB", " TB"); + return round($size/pow(1024, ($i = floor(log($size, 1024)))), 1) . $filesizename[$i]; } // Setup template object, parse vars to it, then parse it @@ -82,29 +79,23 @@ function fsize($size) { $template->set_file('page', 'media_browse.htt'); $template->set_block('page', 'main_block', 'main'); -// Get the current dir +// Get current dir (relative to media) $currentHome = $admin->get_home_folder(); -$directory = (($currentHome) AND (!array_key_exists('dir',$_GET))) - ? - $currentHome - : - $admin->strip_slashes($admin->get_get('dir')) ; +$directory = $admin->get_get('dir'); +$directory = ($currentHome AND (!$directory)) ? $currentHome : $directory; +$directory = ($directory == '/' or $directory == '\\') ? '' : $directory; +$dirlink = 'browse.php?dir='.$directory; -if($directory == '/' OR $directory == '\\') { - $directory = ''; -} - -$dir_backlink = 'browse.php?dir='.$directory; - -// Check to see if it contains ../ +// Ensure directory is inside WBCE media folder if (!check_media_path($directory)) { - // $admin->print_header(); - $admin->print_error($MESSAGE['MEDIA_DIR_DOT_DOT_SLASH']); + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], 'browse.php?dir=', false); + die; } +// Ensure directory exists if(!file_exists(WB_PATH.MEDIA_DIRECTORY.$directory)) { - // $admin->print_header(); - $admin->print_error($MESSAGE['MEDIA_DIR_DOES_NOT_EXIST']); + $admin->print_error($MESSAGE['MEDIA_DIR_DOES_NOT_EXIST'], 'browse.php?dir=', false); + die; } // Check to see if the user wanted to go up a directory into the parent folder @@ -114,12 +105,14 @@ function fsize($size) { exit(0); } -if ($_SESSION['GROUP_ID'] != 1 && $pathsettings['global']['admin_only']) { // Only show admin the settings link +// Hide admin settings for non admins +if ($_SESSION['GROUP_ID'] != 1 && $pathsettings['global']['admin_only']) { $template->set_var('DISPLAY_SETTINGS', 'hide'); } // Workout the parent dir link $parent_dir_link = ADMIN_URL.'/media/browse.php?dir='.$directory.'&up=1'; + // Workout if the up arrow should be shown if(($directory == '') or ($directory==$currentHome)) { $display_up_arrow = 'hide'; @@ -130,7 +123,6 @@ function fsize($size) { // Insert values $template->set_var(array( 'THEME_URL' => THEME_URL, - // 'THEME_URL' => '', 'CURRENT_DIR' => $directory, 'PARENT_DIR_LINK' => $parent_dir_link, 'DISPLAY_UP_ARROW' => $display_up_arrow, @@ -144,13 +136,6 @@ function fsize($size) { // Generate list $template->set_block('main_block', 'list_block', 'list'); -$usedFiles = array(); -// require_once(ADMIN_PATH.'/media/dse.php'); -// $filename = $currentdir; -if(!empty($currentdir)) { - $usedFiles = $Dse->getMatchesFromDir( $currentdir, DseTwo::RETURN_USED); -} - // Check for potentially malicious files $forbidden_file_types = preg_replace( '/\s*[,;\|#]\s*/','|',RENAME_FILES_ON_UPLOAD); @@ -183,7 +168,6 @@ function fsize($size) { 'NAME' => $name, 'NAME_SLASHED' => addslashes($name), 'TEMP_ID' => $admin->getIDKEY($temp_id), - // 'TEMP_ID' => $temp_id, 'LINK' => "browse.php?dir=$directory/$link_name", 'LINK_TARGET' => '_self', 'ROW_BG_COLOR' => $row_bg_color, @@ -231,7 +215,7 @@ function fsize($size) { if (!$pathsettings['global']['show_thumbs']) { - $info = getimagesize(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$name); + $info = @getimagesize(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$name); if ($info[0]) { $imgdetail = fsize(filesize(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$name)).'
'.$info[0].' x '.$info[1].' px'; $icon = 'thumb.php?t=1&img='.$directory.'/'.$name; @@ -244,7 +228,6 @@ function fsize($size) { 'NAME' => $name, 'NAME_SLASHED' => addslashes($name), 'TEMP_ID' => $admin->getIDKEY($temp_id), - // 'TEMP_ID' => $temp_id, 'LINK' => WB_URL.MEDIA_DIRECTORY.$directory.'/'.$name, 'LINK_TARGET' => '_blank', 'ROW_BG_COLOR' => $row_bg_color, diff --git a/wbce/admin/media/create.php b/wbce/admin/media/create.php index 15aad038c..fd2b685e8 100644 --- a/wbce/admin/media/create.php +++ b/wbce/admin/media/create.php @@ -10,60 +10,45 @@ * @license GNU GPL2 (or any later version) */ -// Print admin header +// Create admin object require('../../config.php'); - -// include functions.php (backwards compatibility with WBCE 1.x) -require_once WB_PATH . '/framework/functions.php'; - -// suppress to print the header, so no new FTAN will be set $admin = new admin('Media', 'media_create', false); -// Get dir name and target location -$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); -$name = (isset(${$requestMethod}['name'])) ? ${$requestMethod}['name'] : ''; - -// Check to see if name or target contains ../ -if(strstr($name, '..')) { - $admin->print_header(); - $admin->print_error($MESSAGE['MEDIA_NAME_DOT_DOT_SLASH']); -} - -// Remove bad characters -// ToDo: Better would be to throw error when an invalid character is detected -$name = trim(media_filename($name),'.'); - -// Target location -$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); -$target = (isset(${$requestMethod}['target'])) ? ${$requestMethod}['target'] : ''; +// Include WBCE functions file (legacy for WBCE 1.1.x) +require_once WB_PATH . '/framework/functions.php'; -if (!$admin->checkFTAN()) -{ +// Check FTAN +if (!$admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } // After check print the header $admin->print_header(); +// Get new directory name +$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); +$name = (isset(${$requestMethod}['name'])) ? ${$requestMethod}['name'] : ''; +$name = media_filename($name); + +// Get target location and ensure target is inside WBCE media folder +$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); +$target = (isset(${$requestMethod}['target'])) ? ${$requestMethod}['target'] : ''; if (!check_media_path($target, false)) { - $admin->print_error($MESSAGE['MEDIA_TARGET_DOT_DOT_SLASH']); + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } -// Create relative path of the new dir name -$directory = WB_PATH.$target.'/'.$name; +// Create absolute path of the new dir name +$directory = WB_PATH . $target . '/' . $name; // Check to see if the folder already exists if(file_exists($directory)) { $admin->print_error($MESSAGE['MEDIA_DIR_EXISTS']); } -if ( sizeof(createFolderProtectFile( $directory )) ) -{ +// Create folder and add an index.php to prevent directory listing +if (sizeof(createFolderProtectFile($directory))) { $admin->print_error($MESSAGE['MEDIA_DIR_NOT_MADE']); } else { - $usedFiles = array(); - // feature freeze - // require_once(ADMIN_PATH.'/media/dse.php'); $admin->print_success($MESSAGE['MEDIA_DIR_MADE']); } diff --git a/wbce/admin/media/delete.php b/wbce/admin/media/delete.php index f10569190..32a9714a0 100644 --- a/wbce/admin/media/delete.php +++ b/wbce/admin/media/delete.php @@ -12,46 +12,36 @@ // Create admin object require('../../config.php'); -require_once(WB_PATH.'/framework/class.admin.php'); $admin = new admin('Media', 'media_delete', false); -// Include the WB functions file -require_once(WB_PATH.'/framework/functions.php'); +// Include WBCE functions file (legacy for WBCE 1.1.x) +require_once WB_PATH . '/framework/functions.php'; -// Get the current dir +// Get current dir (relative to media) $directory = $admin->get_get('dir'); -$directory = ($directory == '/') ? '' : $directory; - +$directory = ($directory == '/' or $directory == '\\') ? '' : $directory; $dirlink = 'browse.php?dir='.$directory; -$rootlink = 'browse.php?dir='; -// Check to see if it contains .. +// Ensure directory is inside WBCE media folder if (!check_media_path($directory)) { - // $admin->print_header(); - $admin->print_error($MESSAGE['MEDIA_DIR_DOT_DOT_SLASH'],$rootlink,false ); + $admin->print_error($MESSAGE['MEDIA_DIR_DOT_DOT_SLASH'], 'browse.php?dir=', false); + die; } // Get the file id $file_id = $admin->checkIDKEY('id', false, $_SERVER['REQUEST_METHOD']); if (!$file_id) { - $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $dirlink,false); + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $dirlink, false); + die; } // Get home folder not to show $home_folders = get_home_folders(); -$usedFiles = array(); -// feature freeze -// require_once(ADMIN_PATH.'/media/dse.php'); -/* -if(!empty($currentdir)) { - $usedFiles = $Dse->getMatchesFromDir( $directory, DseTwo::RETURN_USED); -} -*/ // Figure out what folder name the temp id is if($handle = opendir(WB_PATH.MEDIA_DIRECTORY.'/'.$directory)) { // Loop through the files and dirs an add to list - while (false !== ($file = readdir($handle))) { + while (false !== ($file = readdir($handle))) { if(substr($file, 0, 1) != '.' AND $file != '.svn' AND $file != 'index.php') { if(is_dir(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$file)) { if(!isset($home_folders[$directory.'/'.$file])) { @@ -88,11 +78,14 @@ // Check to see if we could find an id to match if(!isset($delete_file)) { $admin->print_error($MESSAGE['MEDIA_FILE_NOT_FOUND'], $dirlink, false); + die; } -$relative_path = WB_PATH.MEDIA_DIRECTORY.'/'.$directory.'/'.$delete_file; + // Check if the file/folder exists +$relative_path = WB_PATH.MEDIA_DIRECTORY.'/'.$directory.'/'.$delete_file; if(!file_exists($relative_path)) { $admin->print_error($MESSAGE['MEDIA_FILE_NOT_FOUND'], $dirlink, false); + die; } // Find out whether its a file or folder @@ -102,6 +95,7 @@ $admin->print_success($MESSAGE['MEDIA_DELETED_DIR'], $dirlink); } else { $admin->print_error($MESSAGE['MEDIA_CANNOT_DELETE_DIR'], $dirlink, false); + die; } } else { // Try and delete the file @@ -109,5 +103,6 @@ $admin->print_success($MESSAGE['MEDIA_DELETED_FILE'], $dirlink); } else { $admin->print_error($MESSAGE['MEDIA_CANNOT_DELETE_FILE'], $dirlink, false); + die; } } diff --git a/wbce/admin/media/rename.php b/wbce/admin/media/rename.php index 6a74aed01..dc71ff752 100644 --- a/wbce/admin/media/rename.php +++ b/wbce/admin/media/rename.php @@ -14,28 +14,20 @@ require('../../config.php'); $admin = new admin('Media', 'media_rename', false); -// extract user specified directory from superglobal $_GET +// Include WBCE functions file (legacy for WBCE 1.1.x) +require_once WB_PATH . '/framework/functions.php'; + +// Get current dir (relative to media) $directory = $admin->get_get('dir'); +$directory = ($directory == '/' or $directory == '\\') ? '' : $directory; +$dirlink = 'browse.php?dir='.$directory; -// check if user specified a valid folder inside WBCE media folder -$root_dir = realpath(WB_PATH . DIRECTORY_SEPARATOR . MEDIA_DIRECTORY); -$raw_dir = realpath($root_dir . DIRECTORY_SEPARATOR . $directory); -if(! ($raw_dir && is_dir($raw_dir) && (strpos($raw_dir, $root_dir) === 0))) { - // selected folder not inside WBCE media folder +// Ensure directory is inside WBCE media folder +if (!check_media_path($directory)) { $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], 'browse.php?dir=', false); - // stop any further script execution due to security violoation die; } -// build relative directory starting from WBCE MEDIA (e.g. /folder/subfolder) -$directory = str_replace($root_dir, '', $raw_dir); -// convert Windows DIR_SEP \ with Linux DIR_SEP / (legacy code below relies on this) -$directory = str_replace('\\', '/', $directory); - -// build links for browsing the directory -$dirlink = 'browse.php?dir=' . $directory; -$rootlink = 'browse.php?dir='; - // include functions.php (backwards compatibility with WBCE 1.x) require_once WB_PATH . '/framework/functions.php'; @@ -47,6 +39,7 @@ // Get home folder not to show $home_folders = get_home_folders(); + // Check for potentially malicious files $forbidden_file_types = preg_replace( '/\s*[,;\|#]\s*/','|',RENAME_FILES_ON_UPLOAD); diff --git a/wbce/admin/media/rename2.php b/wbce/admin/media/rename2.php index 790fea1b3..df03116e4 100644 --- a/wbce/admin/media/rename2.php +++ b/wbce/admin/media/rename2.php @@ -14,29 +14,21 @@ require('../../config.php'); $admin = new admin('Media', 'media_rename', false); -// extract user specified directory from superglobals $_GET or $_POST +// Include WBCE functions file (legacy for WBCE 1.1.x) +require_once WB_PATH . '/framework/functions.php'; + +// Get current dir (relative to media) $requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); $directory = (isset(${$requestMethod}['dir'])) ? ${$requestMethod}['dir'] : ''; +$directory = ($directory == '/' or $directory == '\\') ? '' : $directory; +$dirlink = 'browse.php?dir='.$directory; -// check if user specified a valid folder inside WBCE media folder -$root_dir = realpath(WB_PATH . DIRECTORY_SEPARATOR . MEDIA_DIRECTORY); -$raw_dir = realpath($root_dir . DIRECTORY_SEPARATOR . $directory); -if(! ($raw_dir && is_dir($raw_dir) && (strpos($raw_dir, $root_dir) === 0))) { - // selected folder not inside WBCE media folder +// Ensure directory is inside WBCE media folder +if (!check_media_path($directory)) { $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], 'browse.php?dir=', false); - // stop any further script execution due to security violoation die; } -// build relative directory starting from WBCE MEDIA (e.g. /folder/subfolder) -$directory = str_replace($root_dir, '', $raw_dir); -// convert Windows DIR_SEP \ with Linux DIR_SEP / (legacy code below relies on this) -$directory = str_replace('\\', '/', $directory); - -// build links for browsing the directory -$dirlink = 'browse.php?dir=' . $directory; -$rootlink = 'browse.php?dir='; - // include functions.php (backwards compatibility with WBCE 1.x) require_once WB_PATH . '/framework/functions.php'; @@ -44,6 +36,7 @@ $file_id = intval($admin->checkIDKEY('id', false, $_SERVER['REQUEST_METHOD'])); if (!$file_id) { $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$dirlink, false); + die; } // Check for potentially malicious files @@ -54,7 +47,7 @@ // Figure out what folder name the temp id is if($handle = opendir(WB_PATH.MEDIA_DIRECTORY.'/'.$directory)) { // Loop through the files and dirs an add to list - while (false !== ($file = readdir($handle))) { + while (false !== ($file = readdir($handle))) { $info = pathinfo($file); $ext = isset($info['extension']) ? $info['extension'] : ''; if(substr($file, 0, 1) != '.' AND $file != '.svn' AND $file != 'index.php') { @@ -69,6 +62,7 @@ } } } + $temp_id = 0; if(isset($DIR)) { sort($DIR); @@ -80,6 +74,7 @@ } } } + if(isset($FILE)) { sort($FILE); foreach($FILE AS $name) { @@ -92,63 +87,47 @@ } } -$file_id = $admin->getIDKEY($file_id); - +// Check if there is a file/folder to rename if(!isset($rename_file)) { $admin->print_error($MESSAGE['MEDIA_FILE_NOT_FOUND'], $dirlink, false); + die; } -// Check if they entered a new name -if(media_filename($admin->get_post('name')) == "") { +// Check if a new file/folder name was defined +$file_id = $admin->getIDKEY($file_id); +if($admin->get_post('name') == '') { $admin->print_error($MESSAGE['MEDIA_BLANK_NAME'], "rename.php?dir=$directory&id=$file_id", false); -} else { - $old_name = $admin->get_post('old_name'); - $new_name = media_filename($admin->get_post('name')); -} - -// Check if they entered an extension -if($type == 'file') { - if(media_filename($admin->get_post('extension')) == "") { - $admin->print_error($MESSAGE['MEDIA_BLANK_EXTENSION'], "rename.php?dir=$directory&id=$file_id", false); - } else { - $extension = media_filename($admin->get_post('extension')); - } -} else { - $extension = ''; + die; } -// Join new name and extension -$name = $new_name.$extension; +// Extract new name and file extension from user input +$new_name = media_filename($admin->get_post('name')); +$extension = media_filename($admin->get_post('extension')); -$info = pathinfo(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$name); -$ext = isset($info['extension']) ? $info['extension'] : ''; -$dots = (substr($info['basename'], 0, 1) == '.') || (substr($info['basename'], -1, 1) == '.'); +if($type == 'file' && ($extension == '' || $extension == '_')) { + $admin->print_error($MESSAGE['MEDIA_BLANK_EXTENSION'], "rename.php?dir=$directory&id=$file_id", false); + die; +} -if( preg_match('/'.$forbidden_file_types.'$/i', $ext) || $dots == '.' ) { +// Stop hiding files/folders by adding a leading dot +if (substr($new_name, 0, 1) == '.') { $admin->print_error($MESSAGE['MEDIA_CANNOT_RENAME'], "rename.php?dir=$directory&id=$file_id", false); + die; } -// Check if the name contains .. -if(strstr($name, '..')) { - $admin->print_error($MESSAGE['MEDIA_NAME_DOT_DOT_SLASH'], "rename.php?dir=$directory&id=$file_id", false); +// Check if the file extension is in blacklist +$ext = stristr($extension, '.'); +$ext = substr($ext, 1, strlen($ext)); +if (preg_match('/' . $forbidden_file_types . '$/i', $ext)) { + $admin->print_error($MESSAGE['MEDIA_CANNOT_RENAME'], "rename.php?dir=$directory&id=$file_id", false); + die; } -// Check if the name is index.php +// Concatenate new filename, strip invalid chars and perform some checks +$name = media_filename($new_name . $extension); if($name == 'index.php') { $admin->print_error($MESSAGE['MEDIA_NAME_INDEX_PHP'], "rename.php?dir=$directory&id=$file_id", false); -} - -// Check that the name still has a value -if($name == '') { - $admin->print_error($MESSAGE['MEDIA_BLANK_NAME'], "rename.php?dir=$directory&id=$file_id", false); -} - -$info = pathinfo(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$rename_file); -$ext = isset($info['extension']) ? $info['extension'] : ''; -$dots = (substr($info['basename'], 0, 1) == '.') || (substr($info['basename'], -1, 1) == '.'); - -if( preg_match('/'.$forbidden_file_types.'$/i', $ext) || $dots == '.' ) { - $admin->print_error($MESSAGE['MEDIA_CANNOT_RENAME'], "rename.php?dir=$directory&id=$file_id", false); + die; } // Check if we should overwrite or not @@ -162,13 +141,10 @@ die; } -// Try and rename the file/folder +// Finally, try to rename the file/folder if(rename(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$rename_file, WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$name)) { - $usedFiles = array(); - // feature freeze - // require_once(ADMIN_PATH.'/media/dse.php'); - $admin->print_success($MESSAGE['MEDIA_RENAMED'], $dirlink); } else { $admin->print_error($MESSAGE['MEDIA_CANNOT_RENAME'], "rename.php?dir=$directory&id=$file_id", false); + die; } diff --git a/wbce/admin/media/thumb.php b/wbce/admin/media/thumb.php index 783dc94ae..bcc60412d 100644 --- a/wbce/admin/media/thumb.php +++ b/wbce/admin/media/thumb.php @@ -12,25 +12,30 @@ require('../../config.php'); include_once('resize_img.php'); -require_once(WB_PATH.'/framework/functions.php'); +// Include WBCE functions file (legacy for WBCE 1.1.x) +require_once WB_PATH . '/framework/functions.php'; + +// Check if an image is specified if (isset($_GET['img']) && isset($_GET['t'])) { $image = addslashes($_GET['img']); + $type = (int) $_GET['t']; - // Check to see if it contains .. + // Ensure image is inside WBCE media folder if (!check_media_path($image)) { - $admin->print_error($MESSAGE['MEDIA_DIR_DOT_DOT_SLASH'], WB_URL, false); + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL, false); + die; } - $type = addslashes($_GET['t']); - $media = WB_PATH.MEDIA_DIRECTORY; - $img=new RESIZEIMAGE($media.$image); + // Create a thumbnail for the specified image + $img_path = WB_PATH . MEDIA_DIRECTORY .$image; + $img = new RESIZEIMAGE($img_path); if ($img->imgWidth) { if ($type == 1) { $img->resize_limitwh(50,50); - } else if ($type == 2) { + } elseif ($type == 2) { $img->resize_limitwh(200,200); - } + } $img->close(); } else { header ("Content-type: image/jpeg"); diff --git a/wbce/admin/media/upload.php b/wbce/admin/media/upload.php index c272d80a4..223b0957c 100644 --- a/wbce/admin/media/upload.php +++ b/wbce/admin/media/upload.php @@ -10,106 +10,90 @@ * @license GNU GPL2 (or any later version) */ -// Print admin header +// Create admin object require('../../config.php'); -include_once('resize_img.php'); -include_once('parameters.php'); - -require_once(WB_PATH.'/framework/class.admin.php'); -// require_once(WB_PATH.'/include/pclzip/pclzip.lib.php'); // Required to unzip file. -// suppress to print the header, so no new FTAN will be set $admin = new admin('Media', 'media_upload', false); -if( !$admin->checkFTAN() ) -{ +// Include WBCE functions file and PclZip class (legacy for WBCE 1.1.x) +require_once WB_PATH . '/framework/functions.php'; +require_once WB_PATH . '/include/pclzip/pclzip.lib.php'; + +// Check FTAN +if (!$admin->checkFTAN()) { $admin->print_header(); - $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] ); + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } // After check print the header $admin->print_header(); -// Target location +// Include required files +include_once('resize_img.php'); +include_once('parameters.php'); + +// Get target dir (relative to media) $requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); $target = (isset(${$requestMethod}['target'])) ? ${$requestMethod}['target'] : ''; +$target = ($target == '/' or $target == '\\') ? '' : $target; +$dirlink = 'index.php?dir=' . $target; -// Include the WB functions file -require_once(WB_PATH.'/framework/functions.php'); - -$directory = ($target == '/') ? '' : $target; -$dirlink = 'index.php?dir='.$directory; -$rootlink = 'index.php?dir='; - -// Check to see if target contains ../ -if (!check_media_path($target, false)) -{ - $admin->print_error($MESSAGE['MEDIA_TARGET_DOT_DOT_SLASH'] ); +// Ensure directory is inside WBCE media folder +if (!check_media_path($target, false)) { + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], 'index.php', false); + die; } -// Create relative path of the target location for the file -$relative = WB_PATH.$target.'/'; -$resizepath = str_replace(array('/',' '),'_',$target); +// Create absolute path of the new dir name +$directory = WB_PATH . $target . '/'; +$resizepath = str_replace(array('/', ' '), '_', $target); // Find out whether we should replace files or give an error $overwrite = ($admin->get_post('overwrite') != '') ? true : false; -// Get list of file types to which we're supposed to append 'txt' -$get_result=$database->query("SELECT value FROM ".TABLE_PREFIX."settings WHERE name='rename_files_on_upload' LIMIT 1"); -$file_extension_string=''; -if ($get_result->numRows()>0) { - $fetch_result=$get_result->fetchRow(); - $file_extension_string=$fetch_result['value']; -} +// Check for potentially malicious files +$forbidden_file_types = preg_replace( '/\s*[,;\|#]\s*/','|', RENAME_FILES_ON_UPLOAD); -$file_extensions=explode(",",$file_extension_string); -// get from settings and add to forbidden list -$forbidden_file_types = preg_replace( '/\s*[,;\|#]\s*/','|',RENAME_FILES_ON_UPLOAD); // Loop through the files $good_uploads = 0; $sum_dirs = 0; $sum_files = 0; - -for($count = 1; $count <= 10; $count++) -{ +for($count = 1; $count <= 10; $count++) { // If file was upload to tmp - if(isset($_FILES["file$count"]['name'])) - { + if(isset($_FILES["file$count"]['name'])) { // Remove bad characters $filename = trim(media_filename($_FILES["file$count"]['name']),'.') ; - // Check if there is still a filename left - // if($filename != '') { $info = pathinfo($filename); $ext = isset($info['extension']) ? $info['extension'] : ''; - if ( ($filename != '') && !preg_match("/" . $forbidden_file_types . "$/i", $ext) ) - { + // Check if file extension is not in forbidden list + if(($filename != '') && !preg_match("/" . $forbidden_file_types . "$/i", $ext)) { // Move to relative path (in media folder) - if(file_exists($relative.$filename) AND $overwrite == true) { - if(move_uploaded_file($_FILES["file$count"]['tmp_name'], $relative.$filename)) { + if(file_exists($directory.$filename) AND $overwrite == true) { + if(move_uploaded_file($_FILES["file$count"]['tmp_name'], $directory.$filename)) { $good_uploads++; $sum_files++; // Chmod the uploaded file - change_mode($relative.$filename); + change_mode($directory.$filename); } - } elseif(!file_exists($relative.$filename)) { - if(move_uploaded_file($_FILES["file$count"]['tmp_name'], $relative.$filename)) { + } elseif(!file_exists($directory.$filename)) { + if(move_uploaded_file($_FILES["file$count"]['tmp_name'], $directory.$filename)) { $good_uploads++; $sum_files++; // Chmod the uploaded file - change_mode($relative.$filename); + change_mode($directory.$filename); } } - if(file_exists($relative.$filename) && isset($pathsettings[$resizepath])) { + if(file_exists($directory.$filename) && isset($pathsettings[$resizepath])) { if ($pathsettings[$resizepath]['width'] || $pathsettings[$resizepath]['height'] ) { - $rimg=new RESIZEIMAGE($relative.$filename); - $rimg->resize_limitwh($pathsettings[$resizepath]['width'],$pathsettings[$resizepath]['height'],$relative.$filename); + $rimg=new RESIZEIMAGE($directory.$filename); + $rimg->resize_limitwh($pathsettings[$resizepath]['width'],$pathsettings[$resizepath]['height'],$directory.$filename); $rimg->close(); } } // store file name of first file for possible unzip action if ($count == 1) { - $filename1 = $relative . $filename; + $filename1 = $directory . $filename; } } } @@ -117,30 +101,23 @@ /* * Callback function to skip files in black-list */ -function pclzipCheckValidFile($p_event, &$p_header) -{ - // return 1; -// Check for potentially malicious files - $forbidden_file_types = preg_replace( '/\s*[,;\|#]\s*/','|',RENAME_FILES_ON_UPLOAD); +function pclzipCheckValidFile($p_event, &$p_header) { + // Check for potentially malicious files + global $forbidden_file_types; $info = pathinfo($p_header['filename']); $ext = isset($info['extension']) ? $info['extension'] : ''; $dots = (substr($info['basename'], 0, 1) == '.') || (substr($info['basename'], -1, 1) == '.'); - if( !preg_match('/'.$forbidden_file_types.'$/i', $ext) && $dots != '.' ) - { // ----- allowed file types are extracted - return 1; - }else - { // ----- all other files are skiped - return 0; - } + // Check if we should skip the file from beeing extracted + $skip_file = ($dots || preg_match('/' . $forbidden_file_types . '$/i', $ext)); + // Return 1 to extract the file, 0 to skip it + return ($skip_file) ? 0 : 1; } -/* ********************************* */ // If the user chose to unzip the first file, unzip into the current folder if (isset($_POST['unzip']) && isset($filename1) && file_exists($filename1) ) { // Required to unzip file. - require_once(WB_PATH.'/include/pclzip/pclzip.lib.php'); $archive = new PclZip($filename1); - $list = $archive->extract(PCLZIP_OPT_PATH, $relative,PCLZIP_CB_PRE_EXTRACT, 'pclzipCheckValidFile'); + $list = $archive->extract(PCLZIP_OPT_PATH, $directory,PCLZIP_CB_PRE_EXTRACT, 'pclzipCheckValidFile'); if($list == 0) { // error while trying to extract the archive (most likely wrong format) @@ -149,17 +126,19 @@ function pclzipCheckValidFile($p_event, &$p_header) $sum_files = 0; // rename executable files! foreach ($list as $key => $val) { - if( ($val['folder'] ) && change_mode($val['filename']) ) { - $sum_dirs++; + if( ($val['folder'] ) && change_mode($val['filename']) ) { + $sum_dirs++; } elseif( is_writable($val['filename']) && ($val['status'] == 'ok') && change_mode($val['filename']) ) { $sum_files++; } } - if (isset($_POST['delzip'])) { unlink($filename1); } + if (isset($_POST['delzip'])) { + unlink($filename1); + } $dir = dirname($filename1); - if(file_exists($dir)) { + if(file_exists($dir)) { $array = createFolderProtectFile($dir); - } + } } unset($list); diff --git a/wbce/install/install_data.sql b/wbce/install/install_data.sql index ef2128024..59ce3233c 100644 --- a/wbce/install/install_data.sql +++ b/wbce/install/install_data.sql @@ -67,7 +67,7 @@ INSERT INTO `{TABLE_PREFIX}settings` (`setting_id`, `name`, `value`) VALUES (29, 'page_extension', '.php'), (30, 'page_spacer', '-'), (31, 'pages_directory', '/pages'), -(32, 'rename_files_on_upload', 'ph.*?,cgi,pl,pm,exe,com,bat,pif,cmd,src,asp,aspx,js'), +(32, 'rename_files_on_upload', 'ph.*?,cgi,pl,pm,exe,com,bat,pif,cmd,src,asp,aspx,js,lnk'), (33, 'media_directory', '/media'), (34, 'wbmailer_routine', 'phpmail'), (35, 'wbmailer_default_sendername', 'WB Mailer'), diff --git a/wbce/upgrade-script.php b/wbce/upgrade-script.php index 2652f654b..a70a85fb1 100644 --- a/wbce/upgrade-script.php +++ b/wbce/upgrade-script.php @@ -200,7 +200,7 @@ function status_msg($message, $class = 'check', $element = 'span') '[TEMPLATE]/argos_theme/templates/users_form.htt', ); -// hopefully we add the removed files here these files are for 1.1.0 +// hopefully we add the removed files here these files are for 1.1.0 // as a result of adding class Settings and rework of the admin tool system $filesRemove['2'] = array( @@ -464,7 +464,7 @@ function status_msg($message, $class = 'check', $element = 'span') Settings::Set('redirect_timer','1500', false); echo "
Updating rename_files_on_upload to settings table
"; -Settings::Set('rename_files_on_upload','ph.*?,cgi,pl,pm,exe,com,bat,pif,cmd,src,asp,aspx,js', false); +Settings::Set('rename_files_on_upload','ph.*?,cgi,pl,pm,exe,com,bat,pif,cmd,src,asp,aspx,js,lnk', false); echo "
Adding mediasettings to settings table
"; Settings::Set('mediasettings','', false); @@ -476,7 +476,7 @@ function status_msg($message, $class = 'check', $element = 'span') Settings::Set ("wb_secform_timeout", '7200', false); Settings::Set ("wb_secform_tokenname", 'formtoken', false); Settings::Set ("wb_secform_usefp", false, false); -Settings::Set('fingerprint_with_ip_octets', '0', false); +Settings::Set('fingerprint_with_ip_octets', '0', false); echo "
Removing Secureform selector, no longer needed.
"; Settings::Del('secure_form_module'); // No longer needed as Singletab is removed @@ -496,7 +496,7 @@ function status_msg($message, $class = 'check', $element = 'span') /********************************************************** - * - making sure group_id is set correct there was a big bug in original WB + * - making sure group_id is set correct there was a big bug in original WB * WBCE 1.0.0 */ @@ -504,13 +504,13 @@ function status_msg($message, $class = 'check', $element = 'span') // set group_id to first group of groups_id $sql = "UPDATE $table SET `group_id` = CAST(groups_id AS SIGNED)"; -$query = $database->query($sql); +$query = $database->query($sql); echo ($database->is_error() ? __LINE__ .': '.$database->get_error().'
' : ''); // if admin, set group_id to 1 $sql = "UPDATE $table SET `group_id` = 1 WHERE FIND_IN_SET('1', groups_id) > '0'"; echo ($database->is_error() ? __LINE__ .': '.$database->get_error().'
' : ''); -$query = $database->query($sql); +$query = $database->query($sql); /********************************************************** From 7a4d23df6f5858f888e01cda5b049ce6971c3a24 Mon Sep 17 00:00:00 2001 From: NorHei Date: Wed, 8 Feb 2017 21:37:18 +0100 Subject: [PATCH 06/21] Added Ruuds Version of Short.php Ruud refined our Patch to have the intended 404 functionality. Thanks alot. o --- wbce/short.php | 110 +++++++++++++++++++++++++++++++++++-------------- 1 file changed, 79 insertions(+), 31 deletions(-) diff --git a/wbce/short.php b/wbce/short.php index beff02baa..caed883cb 100644 --- a/wbce/short.php +++ b/wbce/short.php @@ -1,53 +1,101 @@ preprocess( $wb_page_data); +$linkstart = WB_URL.PAGES_DIRECTORY; +$linkend = PAGE_EXTENSION; +$nwlinkstart = WB_URL; +$nwlinkend = '/'; + +preg_match_all('~'.$linkstart.'(.*?)\\'.$linkend.'~', $wb_page_data, $links); +foreach ($links[1] as $link) { + $wb_page_data = str_replace($linkstart.$link.$linkend, $nwlinkstart.$link.$nwlinkend, $wb_page_data); } +return true; +-- END droplet code */ + +/* .htaccess +RewriteEngine On +# If called directly - redirect to short url version +RewriteCond %{REQUEST_URI} !/pages/intro.php +RewriteCond %{REQUEST_URI} /pages +RewriteRule ^pages/(.*).php$ /$1/ [R=301,L] + +# Send the request to the short.php for processing +RewriteCond %{REQUEST_URI} !^/(pages|admin|framework|include|languages|media|account|search|temp|templates/.*)$ +RewriteCond %{REQUEST_FILENAME} !-d +RewriteCond %{REQUEST_FILENAME} !-f +RewriteRule ^([\/\sa-zA-Z0-9._-]+)$ /short.php?_wb=$1 [QSA,L] +-- END .htaccess */ + From 5d6848cf7432b740b8f92f408e42ac1d834c7062 Mon Sep 17 00:00:00 2001 From: cwsoft Date: Wed, 8 Feb 2017 22:02:10 +0100 Subject: [PATCH 07/21] Updated CHANGELOG.md --- CHANGELOG.md | 331 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 331 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index cd276fdfe..f4348f6b7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,337 @@ Please visit the [WBCE Github](https://github.com/WBCE/WebsiteBaker_CommunityEdi ## Auto generated Git commit history + * **2017-02-08:** NorHei [[7a4d23d](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/7a4d23df6f5858f888e01cda5b049ce6971c3a24)] + > Added Ruuds Version of Short.php + Ruud refined our Patch to have the intended 404 functionality. + Thanks alot. + o + + * **2017-02-08:** cwsoft [[c676c4a](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/c676c4a7b0ea60ade750698f937986d528424766)] + > Merge fixes for WBCE media center from 1.2.x branch + + * **2017-02-06:** cwsoft [[227a3bc](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/227a3bc62968204c2e3839b0ac9147770a0c1632)] + > Took over filter settings for function media_filename from WBCE 1.2.x + + * **2017-02-06:** cwsoft [[e71198a](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/e71198a0ad168c5caebaed5257217d97ef8bf3f2)] + > Filter some more characters in function media_filename + + * **2017-02-06:** cwsoft [[3c248a7](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/3c248a7f1088454850769a451ba5a579a33bd2cf)] + > Some code refinement for JVN#53859609 + + * **2017-02-03:** cwsoft [[ee90d10](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/ee90d10ea3fd3cc6b7366449f0761a5a0bdeb5b2)] + > Fix for JVN#10983966 + + * **2016-12-28:** NorHei [[1f582e0](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/1f582e0ae5531db0cd10f3ef5bd69ba5b0569298)] + > PHP Mailer just needed another patch + Sorry for the inconvienience + + * **2016-12-27:** NorHei [[fee3215](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/fee321522acaa841ad0cd7a6ae6f3450ca74fd29)] + > Bumped Version + + * **2016-12-27:** NorHei [[4b39293](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/4b3929375451b5463ace7968da878aa64e49abe8)] + > PHP Mailer Bug fix + http://www.golem.de/news/websicherheit-phpmailer-bringt-eine-boese-weihnachtsueberraschung-1612-125255.html + + https://github.com/PHPMailer/PHPMailer/releases + + * **2016-12-09:** NorHei [[3bc384d](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/3bc384dd53d354d87478b257b1764aeb21e41987)] + > Bugfix for frontend registration + https://forum.wbce.org/viewtopic.php?id=811 + https://forum.wbce.org/viewtopic.php?id=812 + + * **2016-04-27:** NorHei [[819d85c](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/819d85c0a1d23c08a99b2975d2d9ca8c9edd75f5)] + > NEw Version 1.1.7 + + * **2016-04-27:** NorHei [[1140097](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/114009721ec874cc5baf164e97fd08871e2680e2)] + > One more security enhancement add ftan to /account + edafe34 + https://github.com/WBCE/WebsiteBaker_CommunityEdition/issues/123 + + Thanks to Krzysztof + + * **2016-03-23:** NorHei [[9c726d5](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/9c726d5d8b6b57421c312f1e2624cc559ab5b2f8)] + > Bumped Version to 1.1.6 + + * **2016-03-23:** NorHei [[4e0ba92](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/4e0ba92085f5c5a6027bacef02be8b290e956089)] + > If /admin dir is changed , drag and Drop in manage sections stops working. + http://forum.wbce.org/viewtopic.php?pid=4109#p4109 + + Thanks to Bernd + + * **2016-03-21:** NorHei [[4a8bd98](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/4a8bd98e94a4dfcf0f4c569cc54750aa987c8e92)] + > Patch for php 5.2 !!! + Yess this is an outdated version , but as long as a single fix lets this keep + running , i see absolutely no problem in doing this . + + http://forum.wbce.org/viewtopic.php?id=491 + + Thanks to Chio + + * **2016-03-21:** NorHei [[0333c0f](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/0333c0fcb9b0437103fee599528cd1e2a0cf94a6)] + > Patch for problems whith WBstats when upgrading. + http://forum.wbce.org/viewtopic.php?pid=4012 + + Thanks To Marmot !!! + + * **2016-03-03:** NorHei [[4f4f38e](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/4f4f38e4eab8993eb85fc259e649cb810500edaa)] + > more fixes for the fix + + * **2016-03-03:** NorHei [[45b229d](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/45b229d2881a178cc29d8dcc76dc39133aa0eeaf)] + > Security patches again + http://forum.wbce.org/viewtopic.php?id=452 + + http://forum.wbce.org/viewtopic.php?id=440 + + * **2016-02-27:** NorHei [[88f8de5](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/88f8de51daeb6d34251a685362a38efc96b0acf9)] + > Security issue , some input fields directly piped to Database + Those Fields where piped directly whitout any validation + or escaping ... bad bad thing. + + http://forum.websitebaker.org/index.php/topic,28998.msg203463.html#msg203463 + https://www.htbridge.com/advisory/HTB23296 + + As far as i can see we got it all contained now. + + Happy baking + Norbert + + * **2016-02-21:** NorHei [[8c9211f](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/8c9211f53a4138986450aa212664ca53c4ca872b)] + > Bumped Version Number to 1.1.4 + + * **2016-02-21:** NorHei [[d016c41](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/d016c41f695cc73e8e05b726445cda998d7a5c94)] + > Constant WB_SECFORM_TIMEOUT not set on Upgrade from 2.8.1 + #110 + + Still needs some more testing as possibly other constants fail too . + * **2015-12-15:** NorHei [[5655bcb](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/5655bcbb0865ec8137df80368c908a6c5e7c25a6)] + > Merge branch 'master' of https://github.com/WBCE/WebsiteBaker_CommunityEdition + + * **2015-12-15:** NorHei [[9adebc0](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/9adebc01ace665acc66728dd1e09679fc22a7a88)] + > Set version number to stable + + * **2015-12-14:** instantflorian [[f0e1580](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/f0e15809dcac500cfd59d34041dd77decc0dc72d)] + > Yet another depreciated thing + + * **2015-12-13:** NorHei [[07a8ae5](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/07a8ae532c4e738d155c86ca2ca0903ba8990887)] + > Undefined index: _media_test in /.../admin/media/upload.php on line 103 + http://forum.wbce.org/viewtopic.php?pid=2593#p2593 + + Problem is in mediacenter, because the mediasettings only exist, when at least one time the mediaoptions are stored. So storing the options will end up this notice until an new folder is created. + One idea for solving this would be to check if mediasettings for a folder do exist: + upload.php line 102 + + [== PHP ==] + if(file_exists($relative.$filename) && isset($pathsettings[$resizepath])) { + + * **2015-12-12:** NorHei [[bbc84c9](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/bbc84c920c3f7e29b2a90a2f36c1c3d11b2e762e)] + > Deprecated: Methods with the same name as their class will not be constructors + Deprecated: Methods with the same name as their class will not be + constructors in a future version of PHP; Template has a + deprecated constructor in /.../include/phplib/template.inc on line 70 + + Deprecated: Methods with the same name as their class will not be + constructors in a future version of PHP; wbmailer has a + deprecated constructor in /.../framework/class.wbmailer.php on line 35 + + * **2015-12-11:** instantflorian [[0218f41](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/0218f418594564b88994289066704a68a2309931)] + > Add missing miniform DE translations + + * **2015-12-10:** instantflorian [[5e40987](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/5e40987b3290a7a25c7f33d63493e505cc088977)] + > Topics: Fix for PHP7, remove username display + + * **2015-12-08:** instantflorian [[29eab64](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/29eab64cb0c9b226da224202ae2b581527a29b12)] + > Replace index.html with index.php (and add another missing one) + + * **2015-12-08:** instantflorian [[e31a8eb](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/e31a8eb7b45a36314b22ce8557d077133bf80967)] + > Create templates directory for miniform module + to avoid irritating error messages during install + + * **2015-12-04:** NorHei [[971f38b](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/971f38b367dee3f5f37fa0b3920ddc4e28409d8f)] + > Fix for mysql strict mode. + Hopefully this will fix problems whith strict mode for now. + Not sure if its allowed to set this on every server. + Later we will go to fix all SQL queries. + + Thanks to marmot in this thread: + http://forum.wbce.org/viewtopic.php?pid=2483#p2483 + + * **2015-12-01:** NorHei [[7a216b3](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/7a216b3b644e6ec369a61f5b5b9c9838a31a3cb2)] + > Increased Version number to 1.1.3-rc.1 please read more! + YES i know that not entirely correct but i could not go to 1.1.2-rc.1 as this would be lower than 1.1.2 + From now on we strictly follow our versioning guidelines . + + https://github.com/WBCE/Versioning-Scheme + + * **2015-12-01:** NorHei [[7ad015f](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/7ad015f089475ce973e395d398738467c5012883)] + > Installed miniform 0.8 to avoid template deletion on upgrade. + Nothing else to say :-) + + * **2015-12-01:** NorHei [[6a199f5](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/6a199f50bcaf974e9badea243991ef300bf4e8c2)] + > Revert "Odd semicolon" + This reverts commit 98bda74703228b4271b3cc00f856d479884fe216. + + This nasty construct seems to rely on the concept that if the first expression in an if() is false , all othere aren't executed + + if(($addon['directory'] == DEFAULT_TEMPLATE) ? $selected = ' selected="selected"' : $selected = ''); + + So i had to undo changes as changing the backend theme stopped to function properly. + + * **2015-11-27:** NorHei [[98bda74](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/98bda74703228b4271b3cc00f856d479884fe216)] + > Odd semicolon + admin\settings\index.php + Ln:237 = Odd semicolon + Ln:249 = Odd semicolon + + * **2015-11-25:** NorHei [[d322a7f](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/d322a7f48795e9977ffec100b60cf6d1519b19c3)] + > This line does not end with the expected EOL:'LF' + html/admin/pages/add.php + ln:116/117 + This line does not end with the expected EOL:'LF' + + * **2015-11-25:** NorHei [[9aa8673](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/9aa8673c99d435c23866ebd585a5aad1041a85c7)] + > $key have the same name as the parent FOREACH $key + framework\addon.precheck.inc.php + Ln:161 = FOREACH $key have the same name as the parent FOREACH $key + Ln:161 = FOREACH $value have the same name as the parent FOREACH $value + Ln:298 = FOREACH $value have the same name as the parent FOREACH $value + Ln:318 = FOREACH $key have the same name as the parent FOREACH $key + + Fixed this. + + * **2015-11-25:** NorHei [[10729d6](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/10729d68d97d0110b260f4563f074f2ef74b8091)] + > increase version number + + * **2015-11-23:** NorHei [[0c6d01a](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/0c6d01a9aaf4745e0a2c3c2b052ba7d7dd82de34)] + > Notice: Undefined variable: menu_link in page_tree.php + Notice: Undefined variable: menu_link in ...\wbce\admin\pages\page_tree\page_tree.php on line 161 + + Issue #65 + + Hello, + when logged in to backend as a user I got a message in pages: + Notice: Undefined variable: menu_link in ...\wbce\admin\pages\page_tree\page_tree.php on line 161 + + Please initiate menu_link as below + $menu_link = false; + // manage SECTIONS and DATES Icons --> + $canManageSections = (MANAGE_SECTIONS == 'enabled' && $admin->get_permission('pages_modify') == true && $can_modify == true)?true:false; + + Thanks to qssocial + + * **2015-11-23:** NorHei [[5efd6b5](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/5efd6b528a2b2c46cd7aa8cc1e5e4610678e6ed9)] + > Wrong style align:... schould be text-align:...in module functions + + * **2015-11-23:** NorHei [[b591d37](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/b591d37feab10c3fe8add98ca53110cf964e3c9e)] + > brackets wrong again ...in search.php + + * **2015-11-23:** NorHei [[0eecc5e](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/0eecc5e2e623e4719e4942fb68f551aef8de00b2)] + > missing bracket in search.php + + * **2015-11-20:** instantflorian [[91615ad](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/91615adac6d9f839443334e715bd0f692eeebb3c)] + > WBCE reference in Argos BE theme + + * **2015-11-19:** instantflorian [[4fb357b](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/4fb357b1e99ed7d27c8599f87f0356cb81d2ca23)] + > width of input fields should not be 98% per default + + * **2015-11-19:** NorHei [[dd0714c](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/dd0714c6a000631790087d16c533cda84fbe2eb2)] + > Little typofix in HTTPS handling. + Https handling in initialize.php had a little typo . + + * **2015-11-19:** NorHei [[95c5bb7](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/95c5bb724b5209368716bfc37fe67a378c5bba7a)] + > Updated version to 1.1.1 for beta 2 + This is a Bugfix only release , fixed some upgrade bugs and some installer + bugs , a little but nasty bug in autoloader having trouble whith capital + letters in path and many more fixes. Just take a look here at git. + + * **2015-11-19:** NorHei [[ca2f33a](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/ca2f33ac00f924c74ed27335586c6cb4ee4c481b)] + > Bug in autoloader if WB_PATH contained Capital letters. + The autoloader enforces the use of non capital letters in classes loaded + by directory selection. The strtolower function did too much and lowered the + Path too ... + + * **2015-11-18:** NorHei [[15a191d](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/15a191d7aa761f8c331f5486936528bab0d6a781)] + > ['HTTPS'] is not reliable ... :-( + + * **2015-11-18:** NorHei [[3d58dd9](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/3d58dd99baa1c578c6398940a7f7b6f004826d66)] + > $_REQUEST['search_path'] may not be an array + PEntest experimented whith different contents in get vars. + Thx to evaki + + * **2015-11-18:** NorHei [[2f6b837](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/2f6b8370be748badf0c23cc28399338e325ec914)] + > Prevent direct access on initialize.php + + * **2015-11-18:** Bianka Martinovic [[bb79cb4](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/bb79cb4a354dea41146da851662e8ae443cad85f)] + > fix for issue #57 + + * **2015-11-17:** NorHei [[b4a6b1f](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/b4a6b1ffa3fc9b557e3cb7be4ffddf372dd724ab)] + > removed useless require for Secureform class as Autoloader takes care + + * **2015-11-17:** NorHei [[aaaf97a](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/aaaf97a3c18cd1959b07ec98a35d89f22ddaae1f)] + > removed useless require for DB class as it is already loaded + + * **2015-11-17:** NorHei [[448c389](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/448c38990e71e4c98f62d60e2d2f9a81f870b509)] + > getFTAN() returns a hidden field whith title="" alt="" + simply removed this + + Thx to Webbird for reporting + + * **2015-11-17:** NorHei [[9fd6f52](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/9fd6f525325f7d4ba1733c3493ccf60d0763b136)] + > Changed position of the OPF Loader so its available in frontend.functions now. + opf_controller was needed in frontend.functions.php too so i moved the + opf Loader up to load before frontend.functions.php is loaded. + + Thx to Mrbaseman who found that problem. + + * **2015-11-16:** instantflorian [[31e487b](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/31e487b4691ddfc7686acea1f3521bbffd8e2b2b)] + > changes on default FE templates + wbce template: replace short php tag with full php tag + simple responsive template: add direct access prohibition according to + wbce template + advanced flat be theme: login link was not shown after sending new + password + + * **2015-11-15:** NorHei [[57ce05d](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/57ce05d2f91ecd24e59f23bc78d46ed22da0089e)] + > Https Cookie Secure now set if called via https + Added Check if called via https cookie is set to secure only. + Later We schould add a switch for this. + + * **2015-11-15:** NorHei [[674ff66](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/674ff6609e302e9bf4b6cbb4d4b1a54a95c2d325)] + > Search input was not sanitized enough. + It was possible to submit arrays and provoke error messages. + Thx To Evaki! + + * **2015-11-15:** NorHei [[21a3520](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/21a3520c1a04d38bc62b0b48f510db503ebe8fde)] + > More changes for upgrade process + Secureform and captchacontroll not correctly set on upgrade from old + WB versions. + + * **2015-11-12:** instantflorian [[6756e97](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/6756e97310cb27275e47b1b434dfa086e9917692)] + > Error in name+directory in argos theme, Wording error in Advanced theme + + * **2015-11-11:** NorHei [[afa54d4](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/afa54d4302a64d9e8394375d9b7e248324666021)] + > Loginform Autocomplete and Upgrade Script + Small review of upgrade script especially issue #48 and a few other + minor changes. Now using Settings::Set() instead of the function build + into the script as it allows to not overwrite existing Settings. + + Allowing loginforms to have autocomplete was regarded a security issue, + So please templatebuilders pull before editing the templates as i already + added this once a time ago ;-) + + * **2015-11-10:** instantflorian [[d514045](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/d514045aea51a8e20f2f031a2b40205b6317928e)] + > Bugfix, misplaced + version number update + + * **2015-11-09:** NorHei [[d3705ef](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/d3705efb886fec3c70f458ba341bb6bdeaf4121b)] + > Added parameter overwrite to Settings::Set() + Settings::Set($key,$value,$overwrite=true) + + If overwrite is set to false this method won't overwrite existing values. + This was needed for upgrade script rewrite. + + * **2015-11-09:** cwsoft [[3d38caa](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/3d38caa93fe44017516ca849dd67060fb8fc9e83)] + > Updated CHANGELOG.md + * **2015-11-09:** instantflorian [[91e64e0](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/91e64e098f790a414cc3c6ae74cf5b78e943252a)] > New slogan From c199d7718e07ef81b43f84a4214c22657f5838d1 Mon Sep 17 00:00:00 2001 From: cwsoft Date: Thu, 9 Feb 2017 08:44:22 +0100 Subject: [PATCH 08/21] Merge pull request #215 from rjgamer/patch-4 Update SecureForm.php --- wbce/framework/SecureForm.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wbce/framework/SecureForm.php b/wbce/framework/SecureForm.php index 826cc2c97..491ec61e6 100644 --- a/wbce/framework/SecureForm.php +++ b/wbce/framework/SecureForm.php @@ -43,7 +43,7 @@ */ //no direct file access -if(count(get_included_files())==1) header("Location: ../index.php",TRUE,301); +if(count(get_included_files())==1) die(header("Location: ../index.php",TRUE,301)); /* Class WB extends this class, so all this functions are avainable in class WB @@ -139,7 +139,7 @@ private function _generate_secret() $TimeSeed = floor(time() / $secrettime) * $secrettime; //round(floor) time() to whole days $DomainSeed = $_SERVER['SERVER_NAME']; // generate a numerical from server name. - $Seed = $TimeSeed + $DomainSeed; + $Seed = $TimeSeed . $DomainSeed; $secret .= md5($Seed); // $secret .= $this->_secret . $this->_serverdata . session_id(); From 82da6f8d7ebe7a6ef1baa064528af632c0fe87de Mon Sep 17 00:00:00 2001 From: cwsoft Date: Thu, 9 Feb 2017 10:33:58 +0100 Subject: [PATCH 09/21] Code refinement for all Addon uninstall handlers --- wbce/admin/languages/uninstall.php | 43 ++++++++-------- wbce/admin/modules/uninstall.php | 79 ++++++++++++++---------------- wbce/admin/templates/uninstall.php | 11 ++--- 3 files changed, 63 insertions(+), 70 deletions(-) diff --git a/wbce/admin/languages/uninstall.php b/wbce/admin/languages/uninstall.php index d102244bc..5efc9fd13 100644 --- a/wbce/admin/languages/uninstall.php +++ b/wbce/admin/languages/uninstall.php @@ -12,52 +12,49 @@ // Setup admin object require('../../config.php'); -require_once(WB_PATH.'/framework/class.admin.php'); + $admin = new admin('Addons', 'languages_uninstall', false); -if( !$admin->checkFTAN() ) -{ - $admin->print_header(); - $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); +if(! $admin->checkFTAN()) { + $admin->print_header(); + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } // After check print the header $admin->print_header(); -// Check if user selected language -if(!isset($_POST['code']) OR $_POST['code'] == "") { - header("Location: index.php"); - exit(0); +// Check if user selected a valid language file +$lang_code = $admin->get_post('code'); +if (! preg_match('/[A-Z]{2}/', $lang_code)) { + // no valid WBCE language code defined (e.g. EN, DE ..) + $admin->print_error($MESSAGE['GENERIC_NOT_INSTALLED']); } -// Extra protection -if(trim($_POST['code']) == '') { - header("Location: index.php"); - exit(0); +// Check if the language files exists +if(! file_exists(WB_PATH . '/languages/' . $lang_code . '.php')) { + $admin->print_error($MESSAGE['GENERIC_NOT_INSTALLED']); } -// Include the WB functions file -require_once(WB_PATH.'/framework/functions.php'); +// Include functions.php for backward compatibility with WBCE 1.x +require_once WB_PATH . '/framework/functions.php'; -// Check if the language exists -if(!file_exists(WB_PATH.'/languages/'.$_POST['code'].'.php')) { - $admin->print_error($MESSAGE['GENERIC_NOT_INSTALLED']); -} +// Create escaped string (not needed here, but beeing explicit is better than implicit) +$lang_code_escaped = $database->escapeString($lang_code); // Check if the language is in use -if($_POST['code'] == DEFAULT_LANGUAGE OR $_POST['code'] == LANGUAGE) { +if($lang_code == DEFAULT_LANGUAGE OR $lang_code == LANGUAGE) { $admin->print_error($MESSAGE['GENERIC_CANNOT_UNINSTALL_IN_USE']); } else { - $query_users = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE language = '".$admin->add_slashes($_POST['code'])."' LIMIT 1"); + $query_users = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE language = '".$lang_code_escaped."' LIMIT 1"); if($query_users->numRows() > 0) { $admin->print_error($MESSAGE['GENERIC_CANNOT_UNINSTALL_IN_USE']); } } // Try to delete the language code -if(!unlink(WB_PATH.'/languages/'.$_POST['code'].'.php')) { +if(!unlink(WB_PATH.'/languages/'.$lang_code.'.php')) { $admin->print_error($MESSAGE['GENERIC_CANNOT_UNINSTALL']); } else { // Remove entry from DB - $database->query("DELETE FROM ".TABLE_PREFIX."addons WHERE directory = '".$_POST['code']."' AND type = 'language'"); + $database->query("DELETE FROM ".TABLE_PREFIX."addons WHERE directory = '".$lang_code_escaped."' AND type = 'language'"); } // Print success message diff --git a/wbce/admin/modules/uninstall.php b/wbce/admin/modules/uninstall.php index faa35e83e..29779ddd4 100644 --- a/wbce/admin/modules/uninstall.php +++ b/wbce/admin/modules/uninstall.php @@ -12,38 +12,31 @@ // Setup admin object require('../../config.php'); -require_once(WB_PATH.'/framework/class.admin.php'); + $admin = new admin('Addons', 'modules_uninstall', false); -if( !$admin->checkFTAN() ) -{ +if(! $admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } // After check print the header $admin->print_header(); -// Check if user selected module -if(!isset($_POST['file']) OR $_POST['file'] == "") { - header("Location: index.php"); - exit(0); -} else { - $file = $admin->add_slashes($_POST['file']); +// Check if user selected a valid module file +$file = $admin->get_post('file'); +$root_dir = realpath(WB_PATH . DIRECTORY_SEPARATOR . 'modules'); +$raw_dir = realpath($root_dir . DIRECTORY_SEPARATOR . $file); +if(! ($raw_dir && is_dir($raw_dir) && (strpos($raw_dir, $root_dir) === 0))) { + // module file not found inside WBCE modules folder + $admin->print_error($MESSAGE['GENERIC_NOT_INSTALLED']); } -// Extra protection -if(trim($file) == '') { - header("Location: index.php"); - exit(0); -} +// Extract module folder from realpath for further usage inside script +$file = basename($raw_dir); -// Include the WB functions file -require_once(WB_PATH.'/framework/functions.php'); - -// Check if the module exists -if(!is_dir(WB_PATH.'/modules/'.$file)) { - $admin->print_error($MESSAGE['GENERIC_NOT_INSTALLED']); -} +// Include functions.php for backward compatibility with WBCE 1.x +require_once WB_PATH . '/framework/functions.php'; +// Helper function if (!function_exists("replace_all")) { function replace_all ($aStr = "", &$aArray ) { foreach($aArray as $k=>$v) $aStr = str_replace("{{".$k."}}", $v, $aStr); @@ -51,47 +44,51 @@ function replace_all ($aStr = "", &$aArray ) { } } -$info = $database->query("SELECT section_id, page_id FROM ".TABLE_PREFIX."sections WHERE module='".$_POST['file']."'" ); - +/** +* Check if the module is used on pages/sections +*/ +$mod_dir = $database->escapeString($file); +$info = $database->query("SELECT section_id, page_id FROM ".TABLE_PREFIX."sections WHERE module='".$mod_dir."'" ); if ( $info->numRows() > 0) { - - /** - * Modul is in use, so we have to warn the user - */ - - $msg_template_str = $MESSAGE['GENERIC_CANNOT_UNINSTALL_IN_USE_TMPL']; - $temp = explode(";",$MESSAGE['GENERIC_CANNOT_UNINSTALL_IN_USE_TMPL_PAGES']); - $add = $info->numRows() == 1 ? $temp[0] : $temp[1]; - + // Module is in use, so we have to warn the user + $msg_template_str = $MESSAGE['GENERIC_CANNOT_UNINSTALL_IN_USE_TMPL']; + $temp = explode(";",$MESSAGE['GENERIC_CANNOT_UNINSTALL_IN_USE_TMPL_PAGES']); + $add = $info->numRows() == 1 ? $temp[0] : $temp[1]; + /** * The template-string for displaying the Page-Titles ... in this case as a link */ $page_template_str = "- {{title}}
"; - + $values = array ('type' => 'Modul', 'type_name' => $file, 'pages' => $add ); $msg = replace_all ( $msg_template_str, $values ); - + $page_names = ""; - + while ($data = $info->fetchRow() ) { - + $temp = $database->query("SELECT page_title from ".TABLE_PREFIX."pages where page_id=".$data['page_id']); $temp_title = $temp->fetchRow(); - + $page_info = array( - 'id' => $data['page_id'], + 'id' => $data['page_id'], 'title' => $temp_title['page_title'] ); - + $page_names .= replace_all ( $page_template_str, $page_info ); } - + /** * Printing out the error-message and die(). */ $admin->print_error(str_replace ($TEXT['FILE'], "Modul", $MESSAGE['GENERIC_CANNOT_UNINSTALL_IN_USE']).$msg.$page_names); } +include_once (WB_PATH.'/modules/'.$file.'/info.php'); +if(isset ($module_level) AND $module_level=="core") { + $admin->print_error($MESSAGE['GENERIC_CANNOT_UNINSTALL_CORE_MODULES']); +} + // Check if we have permissions on the directory if(!is_writable(WB_PATH.'/modules/'.$file)) { $admin->print_error($MESSAGE['GENERIC_CANNOT_UNINSTALL']); @@ -107,7 +104,7 @@ function replace_all ($aStr = "", &$aArray ) { $admin->print_error($MESSAGE['GENERIC_CANNOT_UNINSTALL']); } else { // Remove entry from DB - $database->query("DELETE FROM ".TABLE_PREFIX."addons WHERE directory = '".$file."' AND type = 'module'"); + $database->query("DELETE FROM ".TABLE_PREFIX."addons WHERE directory = '".$mod_dir."' AND type = 'module'"); } // Print success message diff --git a/wbce/admin/templates/uninstall.php b/wbce/admin/templates/uninstall.php index 6869ba53d..ac68cceab 100644 --- a/wbce/admin/templates/uninstall.php +++ b/wbce/admin/templates/uninstall.php @@ -12,9 +12,7 @@ // Setup admin object require('../../config.php'); -require_once WB_PATH . '/framework/class.admin.php'; -// suppress to print the header, so no new FTAN will be set $admin = new admin('Addons', 'templates_uninstall', false); if( !$admin->checkFTAN() ) { @@ -25,7 +23,7 @@ $admin->print_header(); // Check if user selected a valid template file -$file = $_POST['file']; +$file = $admin->get_post('file'); $root_dir = realpath(WB_PATH . DIRECTORY_SEPARATOR . 'templates'); $raw_dir = realpath($root_dir . DIRECTORY_SEPARATOR . $file); if(! ($raw_dir && is_dir($raw_dir) && (strpos($raw_dir, $root_dir) === 0))) { @@ -67,7 +65,8 @@ function replace_all ($aStr = "", &$aArray ) { /** * Check if the template is still in use by a page ... */ - $info = $database->query("SELECT page_id, page_title FROM ".TABLE_PREFIX."pages WHERE template='".$file."' order by page_title"); + $tpl_dir = $database->escapeString($file); + $info = $database->query("SELECT page_id, page_title FROM ".TABLE_PREFIX."pages WHERE template='".$tpl_dir."' order by page_title"); if ($info->numRows() > 0) { /** @@ -119,12 +118,12 @@ function replace_all ($aStr = "", &$aArray ) { $admin->print_error($MESSAGE['GENERIC_CANNOT_UNINSTALL']); } else { // Remove entry from DB - $database->query("DELETE FROM ".TABLE_PREFIX."addons WHERE directory = '".$file."' AND type = 'template'"); + $database->query("DELETE FROM ".TABLE_PREFIX."addons WHERE directory = '".$tpl_dir."' AND type = 'template'"); } // Update pages that use this template with default template // $database = new database(); -$database->query("UPDATE ".TABLE_PREFIX."pages SET template = '".DEFAULT_TEMPLATE."' WHERE template = '$file'"); +$database->query("UPDATE ".TABLE_PREFIX."pages SET template = '".DEFAULT_TEMPLATE."' WHERE template = '$tpl_dir'"); // Print success message $admin->print_success($MESSAGE['GENERIC_UNINSTALLED']); From 9640ce9fb630c018847e32d522fdd1985997818b Mon Sep 17 00:00:00 2001 From: cwsoft Date: Thu, 9 Feb 2017 21:20:35 +0100 Subject: [PATCH 10/21] Major code review and refinement of all Addon action handler files - unified permission checks and user input validation - removed obsolete code blocks - replaced inhouse code with PHP functions where possible --- wbce/admin/addons/index.php | 18 +-- wbce/admin/addons/reload.php | 69 ++++------ wbce/admin/languages/details.php | 120 ++++++++---------- wbce/admin/languages/index.php | 80 ++++++------ wbce/admin/languages/install.php | 69 +++++----- wbce/admin/languages/uninstall.php | 17 ++- wbce/admin/modules/details.php | 175 ++++++++++++-------------- wbce/admin/modules/index.php | 87 ++++++------- wbce/admin/modules/install.php | 60 +++++---- wbce/admin/modules/manual_install.php | 113 +++++++---------- wbce/admin/modules/uninstall.php | 44 +++---- wbce/admin/templates/details.php | 110 +++++++--------- wbce/admin/templates/index.php | 82 ++++++------ wbce/admin/templates/install.php | 55 ++++---- wbce/admin/templates/uninstall.php | 56 +++------ 15 files changed, 509 insertions(+), 646 deletions(-) diff --git a/wbce/admin/addons/index.php b/wbce/admin/addons/index.php index fa9b72824..acfb81d80 100644 --- a/wbce/admin/addons/index.php +++ b/wbce/admin/addons/index.php @@ -10,18 +10,20 @@ * @license GNU GPL2 (or any later version) */ -require('../../config.php'); -require_once(WB_PATH.'/framework/class.admin.php'); -$admin = new admin('Addons', 'addons'); +// Include required files +require '../../config.php'; + +// Setup admin object, print header and check section permissions +$admin = new admin('Addons', 'addons', true, true); -// Setup template object, parse vars to it, then parse it // Create new template object $template = new Template(dirname($admin->correct_theme_source('addons.htt'))); $template->set_file('page', 'addons.htt'); $template->set_block('page', 'main_block', 'main'); // Insert values into the template object -$template->set_var(array( +$template->set_var( + array( 'ADMIN_URL' => ADMIN_URL, 'THEME_URL' => THEME_URL, 'WB_URL' => WB_URL @@ -41,7 +43,7 @@ * Obsolete as we are using blocks ... see "parsing the blocks" section */ $display_none = "style=\"display: none;\""; -if($admin->get_permission('modules') != true) $template->set_var('DISPLAY_MODULES', $display_none); +if($admin->get_permission('modules') != true) $template->set_var('DISPLAY_MODULES', $display_none); if($admin->get_permission('templates') != true) $template->set_var('DISPLAY_TEMPLATES', $display_none); if($admin->get_permission('languages') != true) $template->set_var('DISPLAY_LANGUAGES', $display_none); if($admin->get_permission('admintools') != true) $template->set_var('DISPLAY_ADVANCED', $display_none); @@ -64,8 +66,8 @@ 'MESSAGE_RELOAD_ADDONS' => $MESSAGE['ADDON_RELOAD'], 'TEXT_RELOAD' => $TEXT['RELOAD'], 'RELOAD_URL' => ADMIN_URL . '/addons/reload.php', - 'URL_ADVANCED' => $admin->get_permission('admintools') - ? '' . $TEXT['ADVANCED'] . '' : '', + 'URL_ADVANCED' => $admin->get_permission('admintools') ? + '' . $TEXT['ADVANCED'] . '' : '', 'ADVANCED_URL' => $admin->get_permission('admintools') ? ADMIN_URL . '/addons/index.php' : '', 'TEXT_ADVANCED' => $TEXT['ADVANCED'], 'FTAN' => $admin->getFTAN() diff --git a/wbce/admin/addons/reload.php b/wbce/admin/addons/reload.php index e45f9f71e..ece7f1bc4 100644 --- a/wbce/admin/addons/reload.php +++ b/wbce/admin/addons/reload.php @@ -10,55 +10,39 @@ * @license GNU GPL2 (or any later version) */ -/** - * check if there is anything to do - */ +// Include required files +require '../../config.php'; +require_once WB_PATH . '/framework/functions.php'; // for WBCE 1.1.x compatibility + +// limit advanced Addon settings to users with access to admintools +$admin = new admin('Admintools', 'admintools', false, false); +if ($admin->get_permission('admintools') == false) { + die(header('Location: index.php')); +} + +// reload Addon overview page if not at least on advanced Addon setting was selected $post_check = array('reload_modules', 'reload_templates', 'reload_languages'); foreach ($post_check as $index => $key) { if (!isset($_POST[$key])) unset($post_check[$index]); } -if (count($post_check) == 0) die(header('Location: index.php?advanced')); - -/** - * check if user has permissions to access this file - */ -// include WB configuration file and WB admin class -require_once('../../config.php'); -require_once('../../framework/class.admin.php'); - -// check user permissions for admintools (redirect users with wrong permissions) -$admin = new admin('Admintools', 'admintools', false, false); - -if ($admin->get_permission('admintools') == false) die(header('Location: ../../index.php')); - -// check if the referer URL if available -$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : - (isset($HTTP_SERVER_VARS['HTTP_REFERER']) ? $HTTP_SERVER_VARS['HTTP_REFERER'] : ''); -$referer = ''; -// if referer is set, check if script was invoked from "admin/modules/index.php" -$required_url = ADMIN_URL . '/addons/index.php'; -if ($referer != '' && (!(strpos($referer, $required_url) !== false || strpos($referer, $required_url) !== false))) - die(header('Location: ../../index.php')); - -// include WB functions file -require_once(WB_PATH . '/framework/functions.php'); - -// load WB language file -require_once(WB_PATH . '/languages/' . LANGUAGE .'.php'); +if (count($post_check) == 0) { + die(header('Location: index.php?advanced')); +} -// create Admin object with admin header -$admin = new admin('Addons', '', false, false); +// Setup admin object, skip header for FTAN validation and check section permissions +$admin = new admin('Addons', 'addons', false, true); $js_back = ADMIN_URL . '/addons/index.php?advanced'; - -if (!$admin->checkFTAN()) -{ - $admin->print_header(); - $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$js_back); +if(! $admin->checkFTAN()) { + $admin->print_header(); + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back); } +// Output admin backend header (this creates a new FTAN) +$admin->print_header(); /** * Reload all specified Addons */ +require_once WB_PATH . '/languages/' . LANGUAGE .'.php'; $msg = array(); $table = TABLE_PREFIX . 'addons'; @@ -85,7 +69,7 @@ $admin->print_error($MESSAGE['ADDON_ERROR_RELOAD'], $js_back); } break; - + case 'reload_templates': if ($handle = opendir(WB_PATH . '/templates')) { // delete templates from database @@ -104,7 +88,6 @@ } else { // provide error message and stop - $admin->print_header(); $admin->print_error($MESSAGE['ADDON_ERROR_RELOAD'], $js_back); } break; @@ -114,7 +97,7 @@ // delete languages from database $sql = "DELETE FROM `$table` WHERE `type` = 'language'"; $database->query($sql); - + // loop over all languages while(false !== ($file = readdir($handle))) { if ($file != '' && substr($file, 0, 1) != '.' && $file != 'index.php') { @@ -124,10 +107,9 @@ closedir($handle); // add success message $msg[] = $MESSAGE['ADDON_LANGUAGES_RELOADED']; - + } else { // provide error message and stop - $admin->print_header(); $admin->print_error($MESSAGE['ADDON_ERROR_RELOAD'], $js_back); } break; @@ -135,6 +117,5 @@ } // output success message -$admin->print_header(); $admin->print_success(implode($msg, '
'), $js_back); $admin->print_footer(); diff --git a/wbce/admin/languages/details.php b/wbce/admin/languages/details.php index 562570a55..596d135bd 100644 --- a/wbce/admin/languages/details.php +++ b/wbce/admin/languages/details.php @@ -1,95 +1,79 @@ checkFTAN() ) -{ - $admin->print_header(); - $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); +// Setup admin object, skip header for FTAN validation and check section permissions +$admin = new admin('Addons', 'languages_view', false, true); +if(! $admin->checkFTAN()) { + $admin->print_header(); + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } -// After check print the header +// Output admin backend header (this creates a new FTAN) $admin->print_header(); -// Get language name -if(!isset($_POST['code']) OR $_POST['code'] == "") { - $code = ''; -} else { - $code = $_POST['code']; -} - -// fix secunia 2010-93-2 -if (!preg_match('/^[A-Z]{2}$/', $code)) { - header("Location: index.php"); - exit(0); +// Check if user selected a valid language file +$lang_code = $admin->get_post('code'); +if (! preg_match('/^[A-Z]{2}$/', $lang_code)) { + // no valid WBCE language code defined (e.g. EN, DE ..) + $admin->print_error($MESSAGE['GENERIC_NOT_INSTALLED']); } -// Check if the language exists -if(!file_exists(WB_PATH.'/languages/'.$code.'.php')) { - header("Location: index.php"); - exit(0); +// Check if the language files exists +if(! file_exists(WB_PATH . '/languages/' . $lang_code . '.php')) { + $admin->print_error($MESSAGE['GENERIC_NOT_INSTALLED']); } -// Setup template object, parse vars to it, then parse it // Create new template object $template = new Template(dirname($admin->correct_theme_source('languages_details.htt'))); -// $template->debug = true; $template->set_file('page', 'languages_details.htt'); $template->set_block('page', 'main_block', 'main'); // Insert values -require(WB_PATH.'/languages/'.$code.'.php'); -$template->set_var(array( - 'CODE' => $language_code, - 'NAME' => $language_name, - 'AUTHOR' => $language_author, - 'VERSION' => $language_version, - 'DESIGNED_FOR' => $language_platform, - 'ADMIN_URL' => ADMIN_URL, - 'WB_URL' => WB_URL, - 'THEME_URL' => THEME_URL - ) - ); +require(WB_PATH.'/languages/'.$lang_code.'.php'); +$template->set_var( + array( + 'CODE' => $language_code, + 'NAME' => $language_name, + 'AUTHOR' => $language_author, + 'VERSION' => $language_version, + 'DESIGNED_FOR' => $language_platform, + 'ADMIN_URL' => ADMIN_URL, + 'WB_URL' => WB_URL, + 'THEME_URL' => THEME_URL + ) +); // Restore language to original code require(WB_PATH.'/languages/'.LANGUAGE.'.php'); // Insert language headings -$template->set_var(array( - 'HEADING_LANGUAGE_DETAILS' => $HEADING['LANGUAGE_DETAILS'] - ) - ); -// Insert language text and messages -$template->set_var(array( - 'TEXT_CODE' => $TEXT['CODE'], - 'TEXT_NAME' => $TEXT['NAME'], - 'TEXT_TYPE' => $TEXT['TYPE'], - 'TEXT_AUTHOR' => $TEXT['AUTHOR'], - 'TEXT_VERSION' => $TEXT['VERSION'], - 'TEXT_DESIGNED_FOR' => $TEXT['DESIGNED_FOR'], - 'TEXT_BACK' => $TEXT['BACK'] - ) - ); +$template->set_var( + array( + // Headings + 'HEADING_LANGUAGE_DETAILS' => $HEADING['LANGUAGE_DETAILS'], + + // Text messages + 'TEXT_CODE' => $TEXT['CODE'], + 'TEXT_NAME' => $TEXT['NAME'], + 'TEXT_TYPE' => $TEXT['TYPE'], + 'TEXT_AUTHOR' => $TEXT['AUTHOR'], + 'TEXT_VERSION' => $TEXT['VERSION'], + 'TEXT_DESIGNED_FOR' => $TEXT['DESIGNED_FOR'], + 'TEXT_BACK' => $TEXT['BACK'] + ) +); // Parse language object $template->parse('main', 'main_block', false); diff --git a/wbce/admin/languages/index.php b/wbce/admin/languages/index.php index d580e0e6c..08cfb0ddc 100644 --- a/wbce/admin/languages/index.php +++ b/wbce/admin/languages/index.php @@ -1,31 +1,23 @@ correct_theme_source('languages.htt'))); -// $template->debug = true; $template->set_file('page', 'languages.htt'); $template->set_block('page', 'main_block', 'main'); @@ -52,31 +44,29 @@ } // Insert language headings -$template->set_var(array( - 'HEADING_INSTALL_LANGUAGE' => $HEADING['INSTALL_LANGUAGE'], - 'HEADING_UNINSTALL_LANGUAGE' => $HEADING['UNINSTALL_LANGUAGE'], - 'HEADING_LANGUAGE_DETAILS' => $HEADING['LANGUAGE_DETAILS'] - ) - ); -// insert urls -$template->set_var(array( - 'ADMIN_URL' => ADMIN_URL, - 'WB_URL' => WB_URL, - 'THEME_URL' => THEME_URL, - 'FTAN' => $admin->getFTAN() - ) - ); -// Insert language text and messages -$template->set_var(array( - 'URL_MODULES' => $admin->get_permission('modules') ? - '' . $MENU['MODULES'] . '' : '', - 'URL_ADVANCED' => '          ', - 'URL_TEMPLATES' => $admin->get_permission('templates') ? - '' . $MENU['TEMPLATES'] . '' : '', - 'TEXT_INSTALL' => $TEXT['INSTALL'], - 'TEXT_UNINSTALL' => $TEXT['UNINSTALL'], - 'TEXT_VIEW_DETAILS' => $TEXT['VIEW_DETAILS'], - 'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'] +$template->set_var( + array( + // Headings + 'HEADING_INSTALL_LANGUAGE' => $HEADING['INSTALL_LANGUAGE'], + 'HEADING_UNINSTALL_LANGUAGE' => $HEADING['UNINSTALL_LANGUAGE'], + 'HEADING_LANGUAGE_DETAILS' => $HEADING['LANGUAGE_DETAILS'], + + // URLs + 'ADMIN_URL' => ADMIN_URL, + 'WB_URL' => WB_URL, + 'THEME_URL' => THEME_URL, + 'FTAN' => $admin->getFTAN(), + + // Text messages + 'URL_MODULES' => $admin->get_permission('modules') ? + '' . $MENU['MODULES'] . '' : '', + 'URL_TEMPLATES' => $admin->get_permission('templates') ? + '' . $MENU['TEMPLATES'] . '' : '', + 'URL_ADVANCED' => '          ', + 'TEXT_INSTALL' => $TEXT['INSTALL'], + 'TEXT_UNINSTALL' => $TEXT['UNINSTALL'], + 'TEXT_VIEW_DETAILS' => $TEXT['VIEW_DETAILS'], + 'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'] ) ); diff --git a/wbce/admin/languages/install.php b/wbce/admin/languages/install.php index 97c65ca48..e01063541 100644 --- a/wbce/admin/languages/install.php +++ b/wbce/admin/languages/install.php @@ -13,65 +13,52 @@ // do not display notices and warnings during installation error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING); -// Setup admin object -require('../../config.php'); -require_once(WB_PATH.'/framework/class.admin.php'); -$admin = new admin('Addons', 'languages_install', false); -if( !$admin->checkFTAN() ) -{ - $admin->print_header(); - $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); +// Include required files +require '../../config.php'; +require_once WB_PATH . '/framework/addon.precheck.inc.php'; +require_once WB_PATH . '/framework/functions.php'; // WBCE 1.1.x compatibility +require_once WB_PATH . '/include/pclzip/pclzip.lib.php'; // WBCE 1.1.x compatibility + +// Setup admin object, skip header for FTAN validation and check section permissions +$admin = new admin('Addons', 'languages_install', false, true); +if(! $admin->checkFTAN()) { + $admin->print_header(); + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } -// After check print the header +// Output admin backend header (this creates a new FTAN) $admin->print_header(); // Check if user uploaded a file -if(!isset($_FILES['userfile'])) { - header("Location: index.php"); - exit(0); +if(! (isset($_FILES['userfile']) && isset($_FILES['userfile']['name']))) { + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } -// Include the WB functions file -require_once(WB_PATH.'/framework/functions.php'); - -// Create temp string -$temp_string = ''; -$salt = "abchefghjkmnpqrstuvwxyz0123456789"; -srand((double)microtime()*1000000); -$i = 0; -while ($i <= 7) { - $num = rand() % 33; - $tmp = substr($salt, $num, 1); - $temp_string = $temp_string . $tmp; - $i++; +// Check write permissions for languages folder +if(! is_writable(WB_PATH.'/languages/')) { + $admin->print_error($MESSAGE['GENERIC_BAD_PERMISSIONS']); } -// Set temp vars -$temp_dir = WB_PATH.'/temp/'; -$temp_file = $temp_dir . 'language'.$temp_string; +// Create unique file within WBCE /temp folder +$temp_dir = WB_PATH . '/temp/'; +$temp_file = tempnam($temp_dir, 'wb_'); -// Check if language dir is writable -if(!is_writable(WB_PATH.'/languages/')) { - if(file_exists($temp_file)) { unlink($temp_file); } // Remove temp file - $admin->print_error($MESSAGE['GENERIC_BAD_PERMISSIONS']); -} - -// Try to upload the file to the temp dir -if(!move_uploaded_file($_FILES['userfile']['tmp_name'], $temp_file)) { - if(file_exists($temp_file)) { unlink($temp_file); } // Remove temp file +// Move uploaded file into WBCE /temp folder +if(! move_uploaded_file($_FILES['userfile']['tmp_name'], $temp_file)) { + if(file_exists($temp_file)) { + unlink($temp_file); + } $admin->print_error($MESSAGE['GENERIC_CANNOT_UPLOAD']); } // Check if uploaded file is a valid language file (no binary file etc.) $content = file_get_contents($temp_file); -if (strpos($content, 'print_error($MESSAGE['GENERIC_INVALID_LANGUAGE_FILE']); +if (strpos($content, 'print_error($MESSAGE['GENERIC_INVALID_LANGUAGE_FILE']); +} // Remove any vars with name "language_code" unset($language_code); -// Include precheck files for versionCompare routine -require(WB_PATH . '/framework/addon.precheck.inc.php'); - // Read the temp file and look for a language code require($temp_file); $new_language_version=$language_version; diff --git a/wbce/admin/languages/uninstall.php b/wbce/admin/languages/uninstall.php index 5efc9fd13..5442a1913 100644 --- a/wbce/admin/languages/uninstall.php +++ b/wbce/admin/languages/uninstall.php @@ -10,22 +10,24 @@ * @license GNU GPL2 (or any later version) */ -// Setup admin object -require('../../config.php'); +// Include required files +require '../../config.php'; +require_once WB_PATH . '/framework/functions.php'; // WBCE 1.1.x compatibility -$admin = new admin('Addons', 'languages_uninstall', false); +// Setup admin object, skip header for FTAN validation and check section permissions +$admin = new admin('Addons', 'languages_uninstall', false, true); if(! $admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } -// After check print the header +// Output admin backend header (this creates a new FTAN) $admin->print_header(); // Check if user selected a valid language file $lang_code = $admin->get_post('code'); -if (! preg_match('/[A-Z]{2}/', $lang_code)) { +if (! preg_match('/^[A-Z]{2}$/', $lang_code)) { // no valid WBCE language code defined (e.g. EN, DE ..) - $admin->print_error($MESSAGE['GENERIC_NOT_INSTALLED']); + $admin->print_error($MESSAGE['GENERIC_NOT_INSTALLED']); } // Check if the language files exists @@ -33,9 +35,6 @@ $admin->print_error($MESSAGE['GENERIC_NOT_INSTALLED']); } -// Include functions.php for backward compatibility with WBCE 1.x -require_once WB_PATH . '/framework/functions.php'; - // Create escaped string (not needed here, but beeing explicit is better than implicit) $lang_code_escaped = $database->escapeString($lang_code); diff --git a/wbce/admin/modules/details.php b/wbce/admin/modules/details.php index 18913b2aa..cfce36228 100644 --- a/wbce/admin/modules/details.php +++ b/wbce/admin/modules/details.php @@ -1,61 +1,48 @@ checkFTAN() ) -{ - $admin->print_header(); - $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); +// Include required files +require '../../config.php'; +require_once WB_PATH . '/framework/functions.php'; // for WBCE 1.1.x compatibility + +// Setup admin object, skip header for FTAN validation and check section permissions +$admin = new admin('Addons', 'modules_view', false, true); +if(! $admin->checkFTAN()) { + $admin->print_header(); + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } -// After check print the header +// Output admin backend header (this creates a new FTAN) $admin->print_header(); -// Get module name -if(!isset($_POST['file']) OR $_POST['file'] == "") -{ - header("Location: index.php"); - exit(0); -} -else -{ - $file = preg_replace('/[^a-z0-9_-]/i', "", $_POST['file']); // fix secunia 2010-92-1 +// Check if user selected a valid module file +$file = trim($admin->get_post('file')); +$root_dir = realpath(WB_PATH . DIRECTORY_SEPARATOR . 'modules'); +$raw_dir = realpath($root_dir . DIRECTORY_SEPARATOR . $file); +if(! ($file && $raw_dir && is_dir($raw_dir) && (strpos($raw_dir, $root_dir) === 0))) { + // module file empty or outside WBCE module folder + $admin->print_error($MESSAGE['GENERIC_NOT_INSTALLED']); } -// Check if the module exists -if(!file_exists(WB_PATH.'/modules/'.$file)) { - header("Location: index.php"); - exit(0); -} +// Extract module folder from realpath for further usage inside script +$file = basename($raw_dir); -// Setup template object, parse vars to it, then parse it // Create new template object $template = new Template(dirname($admin->correct_theme_source('modules_details.htt'))); -// $template->debug = true; $template->set_file('page', 'modules_details.htt'); $template->set_block('page', 'main_block', 'main'); // Insert values -$result = $database->query("SELECT * FROM ".TABLE_PREFIX."addons WHERE type = 'module' AND directory = '$file'"); +$file_escaped = $database->escapeString($file); +$result = $database->query("SELECT * FROM ".TABLE_PREFIX."addons WHERE type = 'module' AND directory = '$file_escaped'"); if($result->numRows() > 0) { $module = $result->fetchRow(); } @@ -73,67 +60,67 @@ } else { $tool_description = false; } -} +} if($tool_description !== false) { // Override the module-description with correct desription in users language $module['description'] = $tool_description; } -$template->set_var(array( - 'NAME' => $module['name'], - 'AUTHOR' => $module['author'], - 'DESCRIPTION' => $module['description'], - 'VERSION' => $module['version'], - 'DESIGNED_FOR' => $module['platform'], - 'ADMIN_URL' => ADMIN_URL, - 'WB_URL' => WB_URL, - 'THEME_URL' => THEME_URL - ) - ); - -switch ($module['function']) { - case NULL: - $type_name = $TEXT['UNKNOWN']; - break; - case 'page': - $type_name = $TEXT['PAGE']; - break; - case 'wysiwyg': - $type_name = $TEXT['WYSIWYG_EDITOR']; - break; - case 'tool': - $type_name = $TEXT['ADMINISTRATION_TOOL']; - break; - case 'admin': - $type_name = $TEXT['ADMIN']; - break; - case 'administration': - $type_name = $TEXT['ADMINISTRATION']; - break; - case 'snippet': - $type_name = $TEXT['CODE_SNIPPET']; - break; - default: - $type_name = $TEXT['UNKNOWN']; +$template->set_var( + array( + 'NAME' => $module['name'], + 'AUTHOR' => $module['author'], + 'DESCRIPTION' => $module['description'], + 'VERSION' => $module['version'], + 'DESIGNED_FOR' => $module['platform'], + 'ADMIN_URL' => ADMIN_URL, + 'WB_URL' => WB_URL, + 'THEME_URL' => THEME_URL + ) +); + +$type_name = ''; +if (empty($module['function'])){ + $type_name = $TEXT['UNKNOWN']; +} +if (preg_match("/page/", $module['function'])){ + $type_name .= $TEXT['PAGE'].", "; } +if (preg_match("/wysiwyg/", $module['function'])){ + $type_name .= $TEXT['WYSIWYG_EDITOR'].", "; +} +if (preg_match("/tool/", $module['function'])){ + $type_name .= $TEXT['ADMINISTRATION_TOOL'].", "; +} +if (preg_match("/admin/", $module['function'])){ + $type_name .= $TEXT['ADMIN'].", "; +} +if (preg_match("/snippet/", $module['function'])){ + $type_name .= $TEXT['CODE_SNIPPET'].", "; +} +if (preg_match("/initialize/", $module['function'])){ + $type_name .= $TEXT['INITIALIZE'].", "; +} +if (preg_match("/preinit/", $module['function'])){ + $type_name .= $TEXT['PREINIT'].", "; +} + +$type_name= trim($type_name,", "); $template->set_var('TYPE', $type_name); -// Insert language headings -$template->set_var(array( - 'HEADING_MODULE_DETAILS' => $HEADING['MODULE_DETAILS'] - ) - ); -// Insert language text and messages -$template->set_var(array( - 'TEXT_NAME' => $TEXT['NAME'], - 'TEXT_TYPE' => $TEXT['TYPE'], - 'TEXT_AUTHOR' => $TEXT['AUTHOR'], - 'TEXT_VERSION' => $TEXT['VERSION'], - 'TEXT_DESIGNED_FOR' => $TEXT['DESIGNED_FOR'], - 'TEXT_DESCRIPTION' => $TEXT['DESCRIPTION'], - 'TEXT_BACK' => $TEXT['BACK'] - ) - ); +// Insert language headings and text messages +$template->set_var( + array( + 'HEADING_MODULE_DETAILS' => $HEADING['MODULE_DETAILS'], + 'TEXT_NAME' => $TEXT['NAME'], + 'TEXT_TYPE' => $TEXT['TYPE'], + 'TEXT_AUTHOR' => $TEXT['AUTHOR'], + 'TEXT_VERSION' => $TEXT['VERSION'], + 'TEXT_DESIGNED_FOR' => $TEXT['DESIGNED_FOR'], + 'TEXT_DESCRIPTION' => $TEXT['DESCRIPTION'], + 'TEXT_BACK' => $TEXT['BACK'] + ) +); // Parse module object $template->parse('main', 'main_block', false); diff --git a/wbce/admin/modules/index.php b/wbce/admin/modules/index.php index 2e10a90da..e8f1dc40d 100644 --- a/wbce/admin/modules/index.php +++ b/wbce/admin/modules/index.php @@ -10,15 +10,14 @@ * @license GNU GPL2 (or any later version) */ -// Print admin header -require('../../config.php'); -require_once(WB_PATH.'/framework/class.admin.php'); -$admin = new admin('Addons', 'modules'); +// Include required files +require '../../config.php'; + +// Setup admin object, print header and check section permissions +$admin = new admin('Addons', 'modules', true, true); -// Setup template object, parse vars to it, then parse it // Create new template object $template = new Template(dirname($admin->correct_theme_source('modules.htt'))); -// $template->debug = true; $template->set_file('page', 'modules.htt'); $template->set_block('page', 'main_block', 'main'); @@ -38,7 +37,13 @@ $template->set_block('main_block', 'install_list_block', 'install_list'); $template->set_block('main_block', 'upgrade_list_block', 'upgrade_list'); $template->set_block('main_block', 'uninstall_list_block', 'uninstall_list'); -$template->set_var(array('INSTALL_VISIBLE' => 'hide', 'UPGRADE_VISIBLE' => 'hide', 'UNINSTALL_VISIBLE' => 'hide')); +$template->set_var( + array( + 'INSTALL_VISIBLE' => 'hide', + 'UPGRADE_VISIBLE' => 'hide', + 'UNINSTALL_VISIBLE' => 'hide' + ) +); $show_block = false; foreach ($module_files as $index => $path) { @@ -57,8 +62,8 @@ $template->set_var('VALUE', basename($path)); $template->set_var('NAME', basename($path)); $template->parse('upgrade_list', 'upgrade_list_block', true); - } - + } + if (file_exists($path . '/uninstall.php')) { $show_block = true; $template->set_var('UNINSTALL_VISIBLE', ''); @@ -87,39 +92,37 @@ $template->set_var('DISPLAY_MANUAL_INSTALL', 'hide'); } -// Insert language headings -$template->set_var(array( - 'HEADING_INSTALL_MODULE' => $HEADING['INSTALL_MODULE'], - 'HEADING_UNINSTALL_MODULE' => $HEADING['UNINSTALL_MODULE'], - 'OVERWRITE_NEWER_FILES' => $MESSAGE['ADDON_OVERWRITE_NEWER_FILES'], - 'HEADING_MODULE_DETAILS' => $HEADING['MODULE_DETAILS'], - 'HEADING_INVOKE_MODULE_FILES' => $HEADING['INVOKE_MODULE_FILES'] - ) - ); -// insert urls -$template->set_var(array( - 'ADMIN_URL' => ADMIN_URL, - 'WB_URL' => WB_URL, - 'THEME_URL' => THEME_URL, - 'FTAN' => $admin->getFTAN() - ) - ); -// Insert language text and messages -$template->set_var(array( - 'URL_TEMPLATES' => $admin->get_permission('templates') ? - '' . $MENU['TEMPLATES'] . '' : '', - 'URL_LANGUAGES' => $admin->get_permission('languages') ? - '' . $MENU['LANGUAGES'] . '' : '', - 'URL_ADVANCED' => $admin->get_permission('admintools') ? - '' . $TEXT['ADVANCED'] . '' : '', - 'TEXT_INSTALL' => $TEXT['INSTALL'], - 'TEXT_UNINSTALL' => $TEXT['UNINSTALL'], - 'TEXT_VIEW_DETAILS' => $TEXT['VIEW_DETAILS'], - 'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], - 'TEXT_MANUAL_INSTALLATION' => $MESSAGE['ADDON_MANUAL_INSTALLATION'], - 'TEXT_MANUAL_INSTALLATION_WARNING' => $MESSAGE['ADDON_MANUAL_INSTALLATION_WARNING'], - 'TEXT_EXECUTE' => $TEXT['EXECUTE'], - 'TEXT_FILE' => $TEXT['FILE'] +// Insert language headings, urls and text messages +$template->set_var( + array( + // Headings + 'HEADING_INSTALL_MODULE' => $HEADING['INSTALL_MODULE'], + 'HEADING_UNINSTALL_MODULE' => $HEADING['UNINSTALL_MODULE'], + 'OVERWRITE_NEWER_FILES' => $MESSAGE['ADDON_OVERWRITE_NEWER_FILES'], + 'HEADING_MODULE_DETAILS' => $HEADING['MODULE_DETAILS'], + 'HEADING_INVOKE_MODULE_FILES' => $HEADING['INVOKE_MODULE_FILES'], + + // URLs + 'ADMIN_URL' => ADMIN_URL, + 'WB_URL' => WB_URL, + 'THEME_URL' => THEME_URL, + 'FTAN' => $admin->getFTAN(), + + // Text messages + 'URL_TEMPLATES' => $admin->get_permission('templates') ? + '' . $MENU['TEMPLATES'] . '' : '', + 'URL_LANGUAGES' => $admin->get_permission('languages') ? + '' . $MENU['LANGUAGES'] . '' : '', + 'URL_ADVANCED' => $admin->get_permission('admintools') ? + '' . $TEXT['ADVANCED'] . '' : '', + 'TEXT_INSTALL' => $TEXT['INSTALL'], + 'TEXT_UNINSTALL' => $TEXT['UNINSTALL'], + 'TEXT_VIEW_DETAILS' => $TEXT['VIEW_DETAILS'], + 'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], + 'TEXT_MANUAL_INSTALLATION' => $MESSAGE['ADDON_MANUAL_INSTALLATION'], + 'TEXT_MANUAL_INSTALLATION_WARNING' => $MESSAGE['ADDON_MANUAL_INSTALLATION_WARNING'], + 'TEXT_EXECUTE' => $TEXT['EXECUTE'], + 'TEXT_FILE' => $TEXT['FILE'] ) ); diff --git a/wbce/admin/modules/install.php b/wbce/admin/modules/install.php index 0ca3ab83e..7f57a7ac1 100644 --- a/wbce/admin/modules/install.php +++ b/wbce/admin/modules/install.php @@ -49,67 +49,74 @@ function find_addon_root_path($zip) { // do not display notices and warnings during installation error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING); -// Setup admin object -require('../../config.php'); -require_once(WB_PATH.'/framework/class.admin.php'); -$admin = new admin('Addons', 'modules_install', false); +// Include required files +require '../../config.php'; +require_once WB_PATH . '/framework/addon.precheck.inc.php'; +require_once WB_PATH . '/framework/functions.php'; // WBCE 1.1.x compatibility +require_once WB_PATH . '/include/pclzip/pclzip.lib.php'; // WBCE 1.1.x compatibility + +// Setup admin object, skip header for FTAN validation and check section permissions +$admin = new admin('Addons', 'modules_install', false, true); if(! $admin->checkFTAN()) { - $admin->print_header(); + $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } +// Output admin backend header (this creates a new FTAN) $admin->print_header(); -// Check if module folder is writable -if(! is_writable(WB_PATH.'/modules/')) { - if(file_exists($temp_file)) { unlink($temp_file); } // Remove temp file - $admin->print_error($MESSAGE['GENERIC_BAD_PERMISSIONS']); -} - // Check if user uploaded a file -if(!isset($_FILES['userfile'])) { - header("Location: index.php"); - exit(0); +if(! (isset($_FILES['userfile']) && isset($_FILES['userfile']['name']))) { + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } -// Include the WB functions file -require_once(WB_PATH.'/framework/functions.php'); +// Check write permissions for modules folder +if(! is_writable(WB_PATH.'/modules/')) { + $admin->print_error($MESSAGE['GENERIC_BAD_PERMISSIONS']); +} -// Set temp vars -$temp_dir = WB_PATH.'/temp/'; -$temp_file = $temp_dir . $_FILES['userfile']['name']; -$temp_unzip = WB_PATH.'/temp/unzip/'; +// Create unique file within WBCE /temp folder +$temp_dir = WB_PATH . '/temp/'; +$temp_file = tempnam($temp_dir, 'wb_'); +$temp_unzip = WB_PATH . '/temp/unzip/'; +// Move uploaded file to WBCE /temp folder and deal with possible upload errors if(! $_FILES['userfile']['error']) { - // Try to upload the file to the temp dir + // Try moving uploaded file to WBCE /temp folder if( !move_uploaded_file($_FILES['userfile']['tmp_name'], $temp_file)) { $admin->print_error($MESSAGE['GENERIC_BAD_PERMISSIONS']); } } else { - // index for language files - $key = 'UNKNOW_UPLOAD_ERROR'; + // work out error message + $error_code = $_FILES['userfile']['error']; switch ($error_code) { case UPLOAD_ERR_INI_SIZE: $key = 'UPLOAD_ERR_INI_SIZE'; + break; case UPLOAD_ERR_FORM_SIZE: $key = 'UPLOAD_ERR_FORM_SIZE'; + break; case UPLOAD_ERR_PARTIAL: $key = 'UPLOAD_ERR_PARTIAL'; + break; case UPLOAD_ERR_NO_FILE: $key = 'UPLOAD_ERR_NO_FILE'; + break; case UPLOAD_ERR_NO_TMP_DIR: $key = 'UPLOAD_ERR_NO_TMP_DIR'; + break; case UPLOAD_ERR_CANT_WRITE: $key = 'UPLOAD_ERR_CANT_WRITE'; + break; case UPLOAD_ERR_EXTENSION: $key = 'UPLOAD_ERR_EXTENSION'; + break; default: $key = 'UNKNOW_UPLOAD_ERROR'; } $admin->print_error($MESSAGE[$key].'
'.$MESSAGE['GENERIC_CANNOT_UPLOAD']); } -// include PclZip and create object from Add-on zip archive -require_once(WB_PATH . '/include/pclzip/pclzip.lib.php'); +// create PclZip object to extract Addon zip archives $archive = new PclZip($temp_file); // extract Add-on files into WBCE temp folder @@ -130,7 +137,6 @@ function find_addon_root_path($zip) { require($temp_unzip.'info.php'); // Perform Add-on requirement checks before proceeding -require(WB_PATH . '/framework/addon.precheck.inc.php'); preCheckAddon($temp_file); // Delete temporary unzip directory @@ -211,4 +217,4 @@ function find_addon_root_path($zip) { } // Print admin footer -$admin->print_footer(); \ No newline at end of file +$admin->print_footer(); diff --git a/wbce/admin/modules/manual_install.php b/wbce/admin/modules/manual_install.php index 715bae41d..8713dfccf 100644 --- a/wbce/admin/modules/manual_install.php +++ b/wbce/admin/modules/manual_install.php @@ -1,101 +1,76 @@ get_permission('admintools') == false) { + die(header('Location: index.php')); +} -if (!(isset($_POST['action']) && in_array($_POST['action'], array('install', 'upgrade', 'uninstall')))) { die(header('Location: index.php?advanced')); } -if (!(isset($_POST['file']) && $_POST['file'] != '' && (strpos($_POST['file'], '..') === false))){ die(header('Location: index.php?advanced')); } - +// Setup admin object, skip header for FTAN validation and check section permissions +$admin = new admin('Addons', 'modules_install', false, true); $js_back = ADMIN_URL . '/modules/index.php?advanced'; -if( !$admin->checkFTAN() ) -{ +if(! $admin->checkFTAN()) { $admin->print_header(); - $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$js_back); + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back); } +// Output admin backend header (this creates a new FTAN) +$admin->print_header(); -if ($admin->get_permission('admintools') == false) { die(header('Location: ../../index.php')); } - -// check if the referer URL if available -$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : - (isset($HTTP_SERVER_VARS['HTTP_REFERER']) ? $HTTP_SERVER_VARS['HTTP_REFERER'] : ''); -$referer = ''; -// if referer is set, check if script was invoked from "admin/modules/index.php" -$required_url = ADMIN_URL . '/modules/index.php'; -if ($referer != '' && (!(strpos($referer, $required_url) !== false || strpos($referer, $required_url) !== false))) -{ die(header('Location: ../../index.php')); } - -// include WB functions file -require_once(WB_PATH . '/framework/functions.php'); +// Check if a valid action was defined +$action = $admin->get_post('action'); +if (! in_array($action, array('install', 'upgrade', 'uninstall'))) { + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back); +} -// load WB language file -require_once(WB_PATH . '/languages/' . LANGUAGE .'.php'); +// Check if a valid module file was defined +$file = trim($admin->get_post('file')); +$root_dir = realpath(WB_PATH . DIRECTORY_SEPARATOR . 'modules'); +$raw_dir = realpath($root_dir . DIRECTORY_SEPARATOR . $file); +if(! ($file && $raw_dir && is_dir($raw_dir) && (strpos($raw_dir, $root_dir) === 0))) { + // module file empty or outside WBCE module folder + $admin->print_error($MESSAGE['GENERIC_NOT_INSTALLED'], $js_back); +} -// create Admin object with admin header -$admin = new admin('Addons', '', true, false); +// Extract module folder from realpath for further usage inside script +$file = basename($raw_dir); -/** - * Manually execute the specified module file (install.php, upgrade.php or uninstall.php) - */ -// check if specified module folder exists -$mod_path = WB_PATH . '/modules/' . basename(WB_PATH . '/' . $_POST['file']); - -// let the old variablename if module use it -$module_dir = $mod_path; -if (!file_exists($mod_path . '/' . $_POST['action'] . '.php')) -{ - $admin->print_header(); - $admin->print_error($TEXT['NOT_FOUND'].': "'.htmlentities(basename($mod_path)).'/'.$_POST['action'].'.php" ', $js_back); +// Execute specified module action handler (install.php, upgrade.php or uninstall.php) +$mod_path = WB_PATH . '/modules/' . $file; +if(file_exists($mod_path . '/' . $action . '.php')) { + require $mod_path . '/' . $action . '.php'; +} else { + $admin->print_error($TEXT['NOT_FOUND'].': "'.htmlentities($file).'/'.$action.'.php" ', $js_back); } -// include modules install.php script -require($mod_path . '/' . $_POST['action'] . '.php'); - // load module info into database and output status message load_module($mod_path, false); -$msg = $TEXT['EXECUTE'] . ': "' . htmlentities(basename($mod_path)) . '/' . $_POST['action'] . '.php"'; +$msg = $TEXT['EXECUTE'] . ': "' . htmlentities($file) . '/' . $action . '.php"'; -switch ($_POST['action']) -{ +switch ($action) { case 'install': - // $admin->print_header(); $admin->print_success($msg, $js_back); break; case 'upgrade': upgrade_module(basename($mod_path), false); - // $admin->print_header(); $admin->print_success($msg, $js_back); break; - + case 'uninstall': - // $admin->print_header(); $admin->print_success($msg, $js_back); break; } diff --git a/wbce/admin/modules/uninstall.php b/wbce/admin/modules/uninstall.php index 29779ddd4..f41e14b1c 100644 --- a/wbce/admin/modules/uninstall.php +++ b/wbce/admin/modules/uninstall.php @@ -10,32 +10,31 @@ * @license GNU GPL2 (or any later version) */ -// Setup admin object -require('../../config.php'); +// Include required files +require '../../config.php'; +require_once WB_PATH . '/framework/functions.php'; // WBCE 1.1.x compatibility -$admin = new admin('Addons', 'modules_uninstall', false); +// Setup admin object, skip header for FTAN validation and check section permissions +$admin = new admin('Addons', 'modules_uninstall', false, true); if(! $admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } -// After check print the header +// Output admin backend header (this creates a new FTAN) $admin->print_header(); // Check if user selected a valid module file -$file = $admin->get_post('file'); +$file = trim($admin->get_post('file')); $root_dir = realpath(WB_PATH . DIRECTORY_SEPARATOR . 'modules'); $raw_dir = realpath($root_dir . DIRECTORY_SEPARATOR . $file); -if(! ($raw_dir && is_dir($raw_dir) && (strpos($raw_dir, $root_dir) === 0))) { - // module file not found inside WBCE modules folder - $admin->print_error($MESSAGE['GENERIC_NOT_INSTALLED']); +if(! ($file && $raw_dir && is_dir($raw_dir) && (strpos($raw_dir, $root_dir) === 0))) { + // module file empty or outside WBCE module folder + $admin->print_error($MESSAGE['GENERIC_NOT_INSTALLED']); } // Extract module folder from realpath for further usage inside script $file = basename($raw_dir); -// Include functions.php for backward compatibility with WBCE 1.x -require_once WB_PATH . '/framework/functions.php'; - // Helper function if (!function_exists("replace_all")) { function replace_all ($aStr = "", &$aArray ) { @@ -45,10 +44,10 @@ function replace_all ($aStr = "", &$aArray ) { } /** -* Check if the module is used on pages/sections -*/ -$mod_dir = $database->escapeString($file); -$info = $database->query("SELECT section_id, page_id FROM ".TABLE_PREFIX."sections WHERE module='".$mod_dir."'" ); + * Check if the module is used on pages/sections + */ +$mod_dir_escaped = $database->escapeString($file); +$info = $database->query("SELECT section_id, page_id FROM ".TABLE_PREFIX."sections WHERE module='".$mod_dir_escaped."'" ); if ( $info->numRows() > 0) { // Module is in use, so we have to warn the user $msg_template_str = $MESSAGE['GENERIC_CANNOT_UNINSTALL_IN_USE_TMPL']; @@ -56,31 +55,24 @@ function replace_all ($aStr = "", &$aArray ) { $add = $info->numRows() == 1 ? $temp[0] : $temp[1]; /** - * The template-string for displaying the Page-Titles ... in this case as a link - */ + * The template-string for displaying the Page-Titles ... in this case as a link + */ $page_template_str = "- {{title}}
"; - $values = array ('type' => 'Modul', 'type_name' => $file, 'pages' => $add ); $msg = replace_all ( $msg_template_str, $values ); $page_names = ""; - while ($data = $info->fetchRow() ) { - $temp = $database->query("SELECT page_title from ".TABLE_PREFIX."pages where page_id=".$data['page_id']); $temp_title = $temp->fetchRow(); - $page_info = array( 'id' => $data['page_id'], 'title' => $temp_title['page_title'] ); - $page_names .= replace_all ( $page_template_str, $page_info ); } - /** - * Printing out the error-message and die(). - */ + // Print error-message and exit $admin->print_error(str_replace ($TEXT['FILE'], "Modul", $MESSAGE['GENERIC_CANNOT_UNINSTALL_IN_USE']).$msg.$page_names); } @@ -104,7 +96,7 @@ function replace_all ($aStr = "", &$aArray ) { $admin->print_error($MESSAGE['GENERIC_CANNOT_UNINSTALL']); } else { // Remove entry from DB - $database->query("DELETE FROM ".TABLE_PREFIX."addons WHERE directory = '".$mod_dir."' AND type = 'module'"); + $database->query("DELETE FROM ".TABLE_PREFIX."addons WHERE directory = '".$mod_dir_escaped."' AND type = 'module'"); } // Print success message diff --git a/wbce/admin/templates/details.php b/wbce/admin/templates/details.php index 854739388..f53252cda 100644 --- a/wbce/admin/templates/details.php +++ b/wbce/admin/templates/details.php @@ -1,60 +1,49 @@ checkFTAN() ) -{ +// Include required files +require '../../config.php'; +require_once WB_PATH . '/framework/functions.php'; // for WBCE 1.1.x compatibility + +// Setup admin object, skip header for FTAN validation and check section permissions +$admin = new admin('Addons', 'templates_view', false, true); +if(! $admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } +// Output admin backend header (this creates a new FTAN) +$admin->print_header(); -// Get template name -if(!isset($_POST['file']) OR $_POST['file'] == "") { - header("Location: index.php"); - exit(0); -} else { - $file = preg_replace('/[^a-z0-9_-]/i', "", $_POST['file']); // fix secunia 2010-92-2 -} - -// Check if the template exists -if(!file_exists(WB_PATH.'/templates/'.$file)) { - header("Location: index.php"); - exit(0); +// Check if user selected a valid template file +$file = trim($admin->get_post('file')); +$root_dir = realpath(WB_PATH . DIRECTORY_SEPARATOR . 'templates'); +$raw_dir = realpath($root_dir . DIRECTORY_SEPARATOR . $file); +if(! ($file && $raw_dir && is_dir($raw_dir) && (strpos($raw_dir, $root_dir) === 0))) { + // template file empty or outside WBCE templates folder + $admin->print_error($MESSAGE['GENERIC_NOT_INSTALLED']); } -// Print admin header -$admin = new admin('Addons', 'templates_view'); +// Extract template folder from realpath for further usage inside script +$file = basename($raw_dir); -// Setup template object, parse vars to it, then parse it // Create new template object $template = new Template(dirname($admin->correct_theme_source('templates_details.htt'))); -// $template->debug = true; $template->set_file('page', 'templates_details.htt'); $template->set_block('page', 'main_block', 'main'); $template->set_var('FTAN', $admin->getFTAN()); // Insert values -$result = $database->query("SELECT * FROM ".TABLE_PREFIX."addons WHERE type = 'template' AND directory = '$file'"); +$file_escaped = $database->escapeString($file); +$result = $database->query("SELECT * FROM ".TABLE_PREFIX."addons WHERE type = 'template' AND directory = '$file_escaped'"); if($result->numRows() > 0) { $row = $result->fetchRow(); } @@ -76,32 +65,29 @@ if($tool_description !== false) { // Override the template-description with correct desription in users language $row['description'] = $tool_description; -} +} + +$template->set_var( + array( + // General data + 'NAME' => $row['name'], + 'AUTHOR' => $row['author'], + 'DESCRIPTION' => $row['description'], + 'VERSION' => $row['version'], + 'DESIGNED_FOR' => $row['platform'], -$template->set_var(array( - 'NAME' => $row['name'], - 'AUTHOR' => $row['author'], - 'DESCRIPTION' => $row['description'], - 'VERSION' => $row['version'], - 'DESIGNED_FOR' => $row['platform'] - ) - ); + // Headings + 'HEADING_TEMPLATE_DETAILS' => $HEADING['TEMPLATE_DETAILS'], -// Insert language headings -$template->set_var(array( - 'HEADING_TEMPLATE_DETAILS' => $HEADING['TEMPLATE_DETAILS'] - ) - ); -// Insert language text and messages -$template->set_var(array( - 'TEXT_NAME' => $TEXT['NAME'], - 'TEXT_AUTHOR' => $TEXT['AUTHOR'], - 'TEXT_VERSION' => $TEXT['VERSION'], - 'TEXT_DESIGNED_FOR' => $TEXT['DESIGNED_FOR'], - 'TEXT_DESCRIPTION' => $TEXT['DESCRIPTION'], - 'TEXT_BACK' => $TEXT['BACK'] - ) - ); + // Text messages + 'TEXT_NAME' => $TEXT['NAME'], + 'TEXT_AUTHOR' => $TEXT['AUTHOR'], + 'TEXT_VERSION' => $TEXT['VERSION'], + 'TEXT_DESIGNED_FOR' => $TEXT['DESIGNED_FOR'], + 'TEXT_DESCRIPTION' => $TEXT['DESCRIPTION'], + 'TEXT_BACK' => $TEXT['BACK'] + ) +); // Parse template object $template->parse('main', 'main_block', false); diff --git a/wbce/admin/templates/index.php b/wbce/admin/templates/index.php index bffec15d6..9e546b712 100644 --- a/wbce/admin/templates/index.php +++ b/wbce/admin/templates/index.php @@ -1,30 +1,23 @@ correct_theme_source('templates.htt'))); -// $template->debug = true; $template->set_file('page', 'templates.htt'); $template->set_block('page', 'main_block', 'main'); $template->set_var('FTAN', $admin->getFTAN()); @@ -51,33 +44,30 @@ $template->set_var('DISPLAY_LIST', 'hide'); } -// Insert language headings -$template->set_var(array( - 'HEADING_INSTALL_TEMPLATE' => $HEADING['INSTALL_TEMPLATE'], - 'HEADING_UNINSTALL_TEMPLATE' => $HEADING['UNINSTALL_TEMPLATE'], - 'HEADING_TEMPLATE_DETAILS' => $HEADING['TEMPLATE_DETAILS'] - ) - ); -// insert urls -$template->set_var(array( - 'ADMIN_URL' => ADMIN_URL, - 'WB_URL' => WB_URL, - 'THEME_URL' => THEME_URL, - 'FTAN' => $admin->getFTAN() - ) - ); -// Insert language text and messages -$template->set_var(array( - 'URL_MODULES' => $admin->get_permission('modules') ? - '' . $MENU['MODULES'] . '' : '', - 'URL_LANGUAGES' => $admin->get_permission('languages') ? - '' . $MENU['LANGUAGES'] . '' : '', - 'URL_ADVANCED' => '          ', - 'TEXT_INSTALL' => $TEXT['INSTALL'], - 'TEXT_UNINSTALL' => $TEXT['UNINSTALL'], - 'TEXT_VIEW_DETAILS' => $TEXT['VIEW_DETAILS'], - 'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], - 'CHANGE_TEMPLATE_NOTICE' => $MESSAGE['TEMPLATES_CHANGE_TEMPLATE_NOTICE'] +// Insert language headings, urls and text messages +$template->set_var( + array( + // Headings + 'HEADING_INSTALL_TEMPLATE' => $HEADING['INSTALL_TEMPLATE'], + 'HEADING_TEMPLATE_DETAILS' => $HEADING['TEMPLATE_DETAILS'], + + // URLs + 'ADMIN_URL' => ADMIN_URL, + 'WB_URL' => WB_URL, + 'THEME_URL' => THEME_URL, + 'FTAN' => $admin->getFTAN(), + + // Text messages + 'URL_MODULES' => $admin->get_permission('modules') ? + '' . $MENU['MODULES'] . '' : '', + 'URL_LANGUAGES' => $admin->get_permission('languages') ? + '' . $MENU['LANGUAGES'] . '' : '', + 'URL_ADVANCED' => '          ', + 'TEXT_INSTALL' => $TEXT['INSTALL'], + 'TEXT_UNINSTALL' => $TEXT['UNINSTALL'], + 'TEXT_VIEW_DETAILS' => $TEXT['VIEW_DETAILS'], + 'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], + 'CHANGE_TEMPLATE_NOTICE' => $MESSAGE['TEMPLATES_CHANGE_TEMPLATE_NOTICE'] ) ); diff --git a/wbce/admin/templates/install.php b/wbce/admin/templates/install.php index 51d89c994..fdad8c9d5 100644 --- a/wbce/admin/templates/install.php +++ b/wbce/admin/templates/install.php @@ -49,46 +49,45 @@ function find_addon_root_path($zip) { // do not display notices and warnings during installation error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING); -// Setup admin object -require('../../config.php'); -require_once(WB_PATH.'/framework/class.admin.php'); - -// suppress to print the header, so no new FTAN will be set -$admin = new admin('Addons', 'templates_install', false); +// Include required files +require '../../config.php'; +require_once WB_PATH . '/framework/addon.precheck.inc.php'; +require_once WB_PATH . '/framework/functions.php'; // WBCE 1.1.x compatibility +require_once WB_PATH . '/include/pclzip/pclzip.lib.php'; // WBCE 1.1.x compatibility + +// Setup admin object, skip header for FTAN validation and check section permissions +$admin = new admin('Addons', 'templates_install', false, true); if(! $admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } +// Output admin backend header (this creates a new FTAN) $admin->print_header(); -// Check if template dir is writable -if(! is_writable(WB_PATH.'/templates/')) { - if(file_exists($temp_file)) { unlink($temp_file); } // Remove temp file - $admin->print_error($MESSAGE['TEMPLATES']['BAD_PERMISSIONS']); -} - // Check if user uploaded a file -if(! isset($_FILES['userfile'])) { - header("Location: index.php"); - exit(0); +if(! (isset($_FILES['userfile']) && isset($_FILES['userfile']['name']))) { + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } -// Include the WB functions file -require_once(WB_PATH.'/framework/functions.php'); +// Check write permissions for templates folder +if(! is_writable(WB_PATH.'/templates/')) { + $admin->print_error($MESSAGE['GENERIC_BAD_PERMISSIONS']); +} -// Set temp vars -$temp_dir = WB_PATH.'/temp/'; -$temp_file = $temp_dir . $_FILES['userfile']['name']; -$temp_unzip = WB_PATH.'/temp/unzip/'; +// Create unique file within WBCE /temp folder +$temp_dir = WB_PATH . '/temp/'; +$temp_file = tempnam($temp_dir, 'wb_'); +$temp_unzip = WB_PATH . '/temp/unzip/'; +// Move uploaded file to WBCE /temp folder and deal with possible upload errors if(! $_FILES['userfile']['error']) { - // Try to upload the file to the temp dir + // Try uploading file to WBCE /temp folder if( !move_uploaded_file($_FILES['userfile']['tmp_name'], $temp_file)) { $admin->print_error($MESSAGE['GENERIC_BAD_PERMISSIONS']); } } else { - // index for language files - $key = 'UNKNOW_UPLOAD_ERROR'; + // work out error message + $error_code = $_FILES['userfile']['error']; switch ($error_code) { case UPLOAD_ERR_INI_SIZE: $key = 'UPLOAD_ERR_INI_SIZE'; @@ -110,8 +109,7 @@ function find_addon_root_path($zip) { $admin->print_error($MESSAGE[$key].'
'.$MESSAGE['GENERIC_CANNOT_UPLOAD']); } -// include PclZip and create object from Add-on zip archive -require_once(WB_PATH . '/include/pclzip/pclzip.lib.php'); +// create PclZip object to extract Addon zip archives $archive = new PclZip($temp_file); // extract Add-on files into WBCE temp folder @@ -133,7 +131,6 @@ function find_addon_root_path($zip) { require($temp_unzip.'info.php'); // Perform Add-on requirement checks before proceeding -require(WB_PATH . '/framework/addon.precheck.inc.php'); preCheckAddon($temp_file); // Delete the temp unzip directory @@ -156,7 +153,7 @@ function find_addon_root_path($zip) { if(file_exists($temp_file)) { unlink($temp_file); } // Remove temp file $admin->print_error($MESSAGE['GENERIC_ALREADY_INSTALLED']); } - } + } $success_message=$MESSAGE['GENERIC_UPGRADED']; } else { $success_message=$MESSAGE['GENERIC_INSTALLED']; @@ -199,4 +196,4 @@ function find_addon_root_path($zip) { $admin->print_success($success_message); // Print admin footer -$admin->print_footer(); \ No newline at end of file +$admin->print_footer(); diff --git a/wbce/admin/templates/uninstall.php b/wbce/admin/templates/uninstall.php index ac68cceab..9b480a9f8 100644 --- a/wbce/admin/templates/uninstall.php +++ b/wbce/admin/templates/uninstall.php @@ -10,33 +10,31 @@ * @license GNU GPL2 (or any later version) */ -// Setup admin object -require('../../config.php'); +// Include required files +require '../../config.php'; +require_once WB_PATH . '/framework/functions.php'; // WBCE 1.1.x compatibility -$admin = new admin('Addons', 'templates_uninstall', false); -if( !$admin->checkFTAN() ) -{ +// Setup admin object, skip header for FTAN validation and check section permissions +$admin = new admin('Addons', 'templates_uninstall', false, true); +if(! $admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } -// After check print the header +// Output admin backend header (this creates a new FTAN) $admin->print_header(); // Check if user selected a valid template file -$file = $admin->get_post('file'); +$file = trim($admin->get_post('file')); $root_dir = realpath(WB_PATH . DIRECTORY_SEPARATOR . 'templates'); $raw_dir = realpath($root_dir . DIRECTORY_SEPARATOR . $file); -if(! ($raw_dir && is_dir($raw_dir) && (strpos($raw_dir, $root_dir) === 0))) { - // template file not found inside WBCE templates folder +if(! ($file && $raw_dir && is_dir($raw_dir) && (strpos($raw_dir, $root_dir) === 0))) { + // template file empty or outside WBCE module folder $admin->print_error($MESSAGE['GENERIC_NOT_INSTALLED']); } // Extract template folder from realpath for further usage inside script $file = basename($raw_dir); -// Include functions.php for backward compatibility with WBCE 1.x -require_once WB_PATH . '/framework/functions.php'; - // Helper function if (!function_exists("replace_all")) { function replace_all ($aStr = "", &$aArray ) { @@ -63,47 +61,34 @@ function replace_all ($aStr = "", &$aArray ) { } else { /** - * Check if the template is still in use by a page ... - */ - $tpl_dir = $database->escapeString($file); - $info = $database->query("SELECT page_id, page_title FROM ".TABLE_PREFIX."pages WHERE template='".$tpl_dir."' order by page_title"); + * Check if the template is still in use by a page ... + */ + $tpl_dir_escaped = $database->escapeString($file); + $info = $database->query("SELECT page_id, page_title FROM ".TABLE_PREFIX."pages WHERE template='".$tpl_dir_escaped."' order by page_title"); if ($info->numRows() > 0) { - /** - * Template is still in use, so we're collecting the page-titles - */ - - /** - * The base-message template-string for the top of the message - */ - + // Template is still in use, so we're collecting the page-titles $msg_template_str = $MESSAGE['GENERIC_CANNOT_UNINSTALL_IN_USE_TMPL']; $temp = explode(";",$MESSAGE['GENERIC_CANNOT_UNINSTALL_IN_USE_TMPL_PAGES']); $add = $info->numRows() == 1 ? $temp[0] : $temp[1]; /** - * The template-string for displaying the Page-Titles ... in this case as a link - */ + * The template-string for displaying the Page-Titles ... in this case as a link + */ $page_template_str = "- {{title}}
"; - $values = array ('type' => 'Template', 'type_name' => $file, 'pages' => $add); $msg = replace_all ( $msg_template_str, $values ); $page_names = ""; - while ($data = $info->fetchRow() ) { - $page_info = array( 'id' => $data['page_id'], 'title' => $data['page_title'] ); - $page_names .= replace_all ( $page_template_str, $page_info ); } - /** - * Printing out the error-message and die(). - */ + // Print error-message and exit $admin->print_error($MESSAGE['GENERIC_CANNOT_UNINSTALL_IN_USE'].$msg.$page_names); } } @@ -118,12 +103,11 @@ function replace_all ($aStr = "", &$aArray ) { $admin->print_error($MESSAGE['GENERIC_CANNOT_UNINSTALL']); } else { // Remove entry from DB - $database->query("DELETE FROM ".TABLE_PREFIX."addons WHERE directory = '".$tpl_dir."' AND type = 'template'"); + $database->query("DELETE FROM ".TABLE_PREFIX."addons WHERE directory = '".$tpl_dir_escaped."' AND type = 'template'"); } // Update pages that use this template with default template -// $database = new database(); -$database->query("UPDATE ".TABLE_PREFIX."pages SET template = '".DEFAULT_TEMPLATE."' WHERE template = '$tpl_dir'"); +$database->query("UPDATE ".TABLE_PREFIX."pages SET template = '".DEFAULT_TEMPLATE."' WHERE template = '$tpl_dir_escaped'"); // Print success message $admin->print_success($MESSAGE['GENERIC_UNINSTALLED']); From 63938321b282b6a50880b4fca41a702a46855539 Mon Sep 17 00:00:00 2001 From: cwsoft Date: Fri, 10 Feb 2017 08:02:35 +0100 Subject: [PATCH 11/21] Removed outdated mysql calls in Topics upgrade scripts --- wbce/modules/topics/inc/upgrade.inc.php | 28 +++++++++++-------------- wbce/modules/topics/upgrade.php | 18 +++++++--------- 2 files changed, 20 insertions(+), 26 deletions(-) diff --git a/wbce/modules/topics/inc/upgrade.inc.php b/wbce/modules/topics/inc/upgrade.inc.php index 7f14b2455..2ce04643e 100644 --- a/wbce/modules/topics/inc/upgrade.inc.php +++ b/wbce/modules/topics/inc/upgrade.inc.php @@ -7,15 +7,15 @@ // topics table: $query_topics = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_".$tablename." LIMIT 1"); -$topic_fetch = $query_topics->fetchRow(); +$topic_fetch = $query_topics->fetchRow(); + - // Add field authors to mod_topics if(!isset($topic_fetch['authors'])){ if($database->query("ALTER TABLE `".TABLE_PREFIX."mod_".$tablename."` ADD `authors` VARCHAR(255) NOT NULL DEFAULT ''")) { echo '
Database Field "authors" added successfully

'; } - echo '
'.mysql_error().'

'; + echo '
'.$database->get_error().'

'; } else { echo '
Database Field "authors" exists, update not needed

'; } @@ -24,14 +24,14 @@ echo ("OOPS, something went wrong. If it's a duplicate error then it's okay - it means that your database has already been modified.
The error was: ".$database->get_error()); } else { echo ("SUCCESS: The required changes have been made to your database."); -} +} // Add field comments_count to mod_topics if(!isset($topic_fetch['comments_count'])){ if($database->query("ALTER TABLE `".TABLE_PREFIX."mod_".$tablename."` ADD `comments_count` INT NOT NULL DEFAULT '-1'")) { echo '
Database Field "comments_count" added successfully

'; } - echo '
'.mysql_error().'

'; + echo '
'.$database->get_error().'

'; } else { echo '
Database Field "comments_count" exists, update not needed

'; } @@ -43,19 +43,19 @@ } -//Settings table +//Settings table // Add various_values: $query_settings = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_".$tablename."_settings LIMIT 1"); -$settings_fetch = $query_settings->fetchRow(); +$settings_fetch = $query_settings->fetchRow(); + - // Add field various_values to mod_topics if(!isset($settings_fetch['various_values'])){ if($database->query("ALTER TABLE `".TABLE_PREFIX."mod_".$tablename."_settings` ADD `various_values` VARCHAR(255) NOT NULL DEFAULT '150,450,0,0,2,0,0,0,0,0'")) { echo '
Database Field "various_values" added successfully

'; } - echo '
'.mysql_error().'

'; + echo '
'.$database->get_error().'

'; } else { echo '
Database Field "various_values" exists, update not needed

'; } @@ -71,7 +71,7 @@ if($database->query("ALTER TABLE `".TABLE_PREFIX."mod_".$tablename."_settings` ADD `autoarchive` VARCHAR(255) NOT NULL DEFAULT ''")) { echo '
Database Field "autoarchive" added successfully

'; } - echo '
'.mysql_error().'

'; + echo '
'.$database->get_error().'

'; } else { echo '
Database Field "autoarchive" exists, update not needed

'; } @@ -87,7 +87,7 @@ if($database->query("ALTER TABLE `".TABLE_PREFIX."mod_".$tablename."_settings` ADD `picture_values` VARCHAR(255) NOT NULL DEFAULT '0,0,300,0,70,70,fbx'")) { echo '
Database Field "picture_values" added successfully

'; } - echo '
'.mysql_error().'

'; + echo '
'.$database->get_error().'

'; } else { echo '
Database Field "picture_values" exists, update not needed

'; } @@ -103,7 +103,7 @@ if($database->query("ALTER TABLE `".TABLE_PREFIX."mod_".$tablename."_settings` ADD `is_master_for` VARCHAR(255) NOT NULL DEFAULT ''")) { echo '
Database Field "is_master_for" added successfully

'; } - echo '
'.mysql_error().'

'; + echo '
'.$database->get_error().'

'; } else { echo '
Database Field "is_master_for" exists, update not needed

'; } @@ -142,7 +142,3 @@ if (!file_exists($mpath.'frontend.css')) { copy($mpath.'defaults/frontend.default.css', $mpath.'frontend.css') ; } if (!file_exists($mpath.'comment_frame.css')) { copy($mpath.'defaults/comment_frame.default.css', $mpath.'comment_frame.css') ; } if (!file_exists($mpath.'frontend.js')) { copy($mpath.'defaults/frontend.default.js', $mpath.'frontend.js') ; } - - - -?> \ No newline at end of file diff --git a/wbce/modules/topics/upgrade.php b/wbce/modules/topics/upgrade.php index 9ab40b983..717bdcab7 100644 --- a/wbce/modules/topics/upgrade.php +++ b/wbce/modules/topics/upgrade.php @@ -32,29 +32,29 @@ $tablename = $mod_dir; $query = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_".$mod_dir); -$fetch = $query->fetchRow(); +$fetch = $query->fetchRow(); // Add field groups_id if(!isset($fetch['groups_id'])){ if($database->query("ALTER TABLE `".TABLE_PREFIX."mod_".$mod_dir."` ADD `groups_id` VARCHAR(255) NOT NULL DEFAULT ''")) { echo 'Database Field groups_id added successfully
'; } - echo ''.mysql_error().'
'; + echo ''.$database->get_error().'
'; } else { echo 'Database Field groups_id exists, update not needed
'; } - + $query = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_".$mod_dir.'_comments'); -$fetch = $query->fetchRow(); +$fetch = $query->fetchRow(); // Add field commentextra if(!isset($fetch['commentextra'])){ if($database->query("ALTER TABLE `".TABLE_PREFIX."mod_".$mod_dir."_comments` ADD `commentextra` VARCHAR(255) NOT NULL DEFAULT ''")) { echo 'Database Field commentextra added successfully
'; } - echo ''.mysql_error().'
'; + echo ''.$database->get_error().'
'; } else { echo 'Database Field commentextra exists, update not needed
'; -} - +} + // create the RSS count table $SQL = "CREATE TABLE IF NOT EXISTS `".TABLE_PREFIX."mod_topics_rss_count` ( ". @@ -99,7 +99,7 @@ function wb_unpack_and_import($temp_file, $temp_unzip) { // Include the PclZip class file require_once (WB_PATH . '/include/pclzip/pclzip.lib.php'); - + $imports= array(); $errors = array(); $count = 0; $archive = new PclZip($temp_file); @@ -162,5 +162,3 @@ function wb_unpack_and_import($temp_file, $temp_unzip) { } // install the droplet(s) wb_unpack_and_import(WB_PATH.'/modules/topics/droplets/droplet_topics_rss_statistic.zip', WB_PATH . '/temp/unzip/'); - -?> \ No newline at end of file From ca364d8c038ef325cc1116d82306c38d3e5256e1 Mon Sep 17 00:00:00 2001 From: instantflorian Date: Fri, 10 Feb 2017 08:53:36 +0100 Subject: [PATCH 12/21] Update version.php Changed version to 1.1.11 --- wbce/admin/interface/version.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wbce/admin/interface/version.php b/wbce/admin/interface/version.php index 3af6c0b3f..433f87b66 100644 --- a/wbce/admin/interface/version.php +++ b/wbce/admin/interface/version.php @@ -16,12 +16,12 @@ } // set WBCE version and release tag -define('NEW_WBCE_VERSION', '1.1.10'); +define('NEW_WBCE_VERSION', '1.1.11'); if (!defined('WBCE_VERSION')) { define('WBCE_VERSION', NEW_WBCE_VERSION); } -define('NEW_WBCE_TAG', '1.1.10'); +define('NEW_WBCE_TAG', '1.1.11'); if (!defined('WBCE_TAG')) { define('WBCE_TAG', NEW_WBCE_TAG); } From 0b83765a68ae6d4055367fd510562307411ce8b5 Mon Sep 17 00:00:00 2001 From: cwsoft Date: Fri, 10 Feb 2017 09:14:23 +0100 Subject: [PATCH 13/21] Updated CHANGELOG.md --- CHANGELOG.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f4348f6b7..6b4b3a75f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,28 @@ Please visit the [WBCE Github](https://github.com/WBCE/WebsiteBaker_CommunityEdi ## Auto generated Git commit history + * **2017-02-10:** instantflorian [[ca364d8](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/ca364d8c038ef325cc1116d82306c38d3e5256e1)] + > Update version.php + Changed version to 1.1.11 + * **2017-02-10:** cwsoft [[6393832](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/63938321b282b6a50880b4fca41a702a46855539)] + > Removed outdated mysql calls in Topics upgrade scripts + + * **2017-02-09:** cwsoft [[9640ce9](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/9640ce9fb630c018847e32d522fdd1985997818b)] + > Major code review and refinement of all Addon action handler files + - unified permission checks and user input validation + - removed obsolete code blocks + - replaced inhouse code with PHP functions where possible + + * **2017-02-09:** cwsoft [[82da6f8](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/82da6f8d7ebe7a6ef1baa064528af632c0fe87de)] + > Code refinement for all Addon uninstall handlers + + * **2017-02-09:** cwsoft [[c199d77](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/c199d7718e07ef81b43f84a4214c22657f5838d1)] + > Merge pull request #215 from rjgamer/patch-4 + Update SecureForm.php + + * **2017-02-08:** cwsoft [[5d6848c](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/5d6848cf7432b740b8f92f408e42ac1d834c7062)] + > Updated CHANGELOG.md + * **2017-02-08:** NorHei [[7a4d23d](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/7a4d23df6f5858f888e01cda5b049ce6971c3a24)] > Added Ruuds Version of Short.php Ruud refined our Patch to have the intended 404 functionality. From 89eff235c20ccf8f0983478452e1d6619c27da81 Mon Sep 17 00:00:00 2001 From: NorHei Date: Fri, 5 Feb 2016 16:00:39 +0100 Subject: [PATCH 14/21] Added a slightly modified version of PclZip This version avoides some problems whith PHP 7 fetched from here : https://github.com/piwik/component-decompress/commit/deca40d71d29d6140aad39db007aea82676b7631 --- wbce/include/pclzip/README.md | 14 + wbce/include/pclzip/gnu-lgpl.txt | 1008 +++---- wbce/include/pclzip/index.php | 26 +- wbce/include/pclzip/pclzip.lib.php | 4024 +++++++++++++--------------- wbce/include/pclzip/readme.txt | 842 +++--- 5 files changed, 2809 insertions(+), 3105 deletions(-) create mode 100644 wbce/include/pclzip/README.md diff --git a/wbce/include/pclzip/README.md b/wbce/include/pclzip/README.md new file mode 100644 index 000000000..756c21d06 --- /dev/null +++ b/wbce/include/pclzip/README.md @@ -0,0 +1,14 @@ +## Piwik modifications to libs/ + +In general, bug fixes and improvements are reported upstream. Until these are +included upstream, we maintain a list of bug fixes and local mods made to +third-party libraries: + + * PclZip/ + - line 1720, added possibility to define a callable for `PCLZIP_CB_PRE_EXTRACT`. Before one needed to pass a function name + - line 3676, ignore touch() - utime failed warning + - line 5401, replaced `php_uname()` by `PHP_OS` (see [#2](https://github.com/piwik/component-decompress/issues/2)) + +This version is from : + +https://github.com/piwik/component-decompress/commit/deca40d71d29d6140aad39db007aea82676b7631 \ No newline at end of file diff --git a/wbce/include/pclzip/gnu-lgpl.txt b/wbce/include/pclzip/gnu-lgpl.txt index b1e3f5a26..cbee875ba 100644 --- a/wbce/include/pclzip/gnu-lgpl.txt +++ b/wbce/include/pclzip/gnu-lgpl.txt @@ -1,504 +1,504 @@ - GNU LESSER GENERAL PUBLIC LICENSE - Version 2.1, February 1999 - - Copyright (C) 1991, 1999 Free Software Foundation, Inc. - 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - -[This is the first released version of the Lesser GPL. It also counts - as the successor of the GNU Library Public License, version 2, hence - the version number 2.1.] - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -Licenses are intended to guarantee your freedom to share and change -free software--to make sure the software is free for all its users. - - This license, the Lesser General Public License, applies to some -specially designated software packages--typically libraries--of the -Free Software Foundation and other authors who decide to use it. You -can use it too, but we suggest you first think carefully about whether -this license or the ordinary General Public License is the better -strategy to use in any particular case, based on the explanations below. - - When we speak of free software, we are referring to freedom of use, -not price. Our General Public Licenses are designed to make sure that -you have the freedom to distribute copies of free software (and charge -for this service if you wish); that you receive source code or can get -it if you want it; that you can change the software and use pieces of -it in new free programs; and that you are informed that you can do -these things. - - To protect your rights, we need to make restrictions that forbid -distributors to deny you these rights or to ask you to surrender these -rights. These restrictions translate to certain responsibilities for -you if you distribute copies of the library or if you modify it. - - For example, if you distribute copies of the library, whether gratis -or for a fee, you must give the recipients all the rights that we gave -you. You must make sure that they, too, receive or can get the source -code. If you link other code with the library, you must provide -complete object files to the recipients, so that they can relink them -with the library after making changes to the library and recompiling -it. And you must show them these terms so they know their rights. - - We protect your rights with a two-step method: (1) we copyright the -library, and (2) we offer you this license, which gives you legal -permission to copy, distribute and/or modify the library. - - To protect each distributor, we want to make it very clear that -there is no warranty for the free library. Also, if the library is -modified by someone else and passed on, the recipients should know -that what they have is not the original version, so that the original -author's reputation will not be affected by problems that might be -introduced by others. - - Finally, software patents pose a constant threat to the existence of -any free program. We wish to make sure that a company cannot -effectively restrict the users of a free program by obtaining a -restrictive license from a patent holder. Therefore, we insist that -any patent license obtained for a version of the library must be -consistent with the full freedom of use specified in this license. - - Most GNU software, including some libraries, is covered by the -ordinary GNU General Public License. This license, the GNU Lesser -General Public License, applies to certain designated libraries, and -is quite different from the ordinary General Public License. We use -this license for certain libraries in order to permit linking those -libraries into non-free programs. - - When a program is linked with a library, whether statically or using -a shared library, the combination of the two is legally speaking a -combined work, a derivative of the original library. The ordinary -General Public License therefore permits such linking only if the -entire combination fits its criteria of freedom. The Lesser General -Public License permits more lax criteria for linking other code with -the library. - - We call this license the "Lesser" General Public License because it -does Less to protect the user's freedom than the ordinary General -Public License. It also provides other free software developers Less -of an advantage over competing non-free programs. These disadvantages -are the reason we use the ordinary General Public License for many -libraries. However, the Lesser license provides advantages in certain -special circumstances. - - For example, on rare occasions, there may be a special need to -encourage the widest possible use of a certain library, so that it becomes -a de-facto standard. To achieve this, non-free programs must be -allowed to use the library. A more frequent case is that a free -library does the same job as widely used non-free libraries. In this -case, there is little to gain by limiting the free library to free -software only, so we use the Lesser General Public License. - - In other cases, permission to use a particular library in non-free -programs enables a greater number of people to use a large body of -free software. For example, permission to use the GNU C Library in -non-free programs enables many more people to use the whole GNU -operating system, as well as its variant, the GNU/Linux operating -system. - - Although the Lesser General Public License is Less protective of the -users' freedom, it does ensure that the user of a program that is -linked with the Library has the freedom and the wherewithal to run -that program using a modified version of the Library. - - The precise terms and conditions for copying, distribution and -modification follow. Pay close attention to the difference between a -"work based on the library" and a "work that uses the library". The -former contains code derived from the library, whereas the latter must -be combined with the library in order to run. - - GNU LESSER GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License Agreement applies to any software library or other -program which contains a notice placed by the copyright holder or -other authorized party saying it may be distributed under the terms of -this Lesser General Public License (also called "this License"). -Each licensee is addressed as "you". - - A "library" means a collection of software functions and/or data -prepared so as to be conveniently linked with application programs -(which use some of those functions and data) to form executables. - - The "Library", below, refers to any such software library or work -which has been distributed under these terms. A "work based on the -Library" means either the Library or any derivative work under -copyright law: that is to say, a work containing the Library or a -portion of it, either verbatim or with modifications and/or translated -straightforwardly into another language. (Hereinafter, translation is -included without limitation in the term "modification".) - - "Source code" for a work means the preferred form of the work for -making modifications to it. For a library, complete source code means -all the source code for all modules it contains, plus any associated -interface definition files, plus the scripts used to control compilation -and installation of the library. - - Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running a program using the Library is not restricted, and output from -such a program is covered only if its contents constitute a work based -on the Library (independent of the use of the Library in a tool for -writing it). Whether that is true depends on what the Library does -and what the program that uses the Library does. - - 1. You may copy and distribute verbatim copies of the Library's -complete source code as you receive it, in any medium, provided that -you conspicuously and appropriately publish on each copy an -appropriate copyright notice and disclaimer of warranty; keep intact -all the notices that refer to this License and to the absence of any -warranty; and distribute a copy of this License along with the -Library. - - You may charge a fee for the physical act of transferring a copy, -and you may at your option offer warranty protection in exchange for a -fee. - - 2. You may modify your copy or copies of the Library or any portion -of it, thus forming a work based on the Library, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) The modified work must itself be a software library. - - b) You must cause the files modified to carry prominent notices - stating that you changed the files and the date of any change. - - c) You must cause the whole of the work to be licensed at no - charge to all third parties under the terms of this License. - - d) If a facility in the modified Library refers to a function or a - table of data to be supplied by an application program that uses - the facility, other than as an argument passed when the facility - is invoked, then you must make a good faith effort to ensure that, - in the event an application does not supply such function or - table, the facility still operates, and performs whatever part of - its purpose remains meaningful. - - (For example, a function in a library to compute square roots has - a purpose that is entirely well-defined independent of the - application. Therefore, Subsection 2d requires that any - application-supplied function or table used by this function must - be optional: if the application does not supply it, the square - root function must still compute square roots.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Library, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Library, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote -it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Library. - -In addition, mere aggregation of another work not based on the Library -with the Library (or with a work based on the Library) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may opt to apply the terms of the ordinary GNU General Public -License instead of this License to a given copy of the Library. To do -this, you must alter all the notices that refer to this License, so -that they refer to the ordinary GNU General Public License, version 2, -instead of to this License. (If a newer version than version 2 of the -ordinary GNU General Public License has appeared, then you can specify -that version instead if you wish.) Do not make any other change in -these notices. - - Once this change is made in a given copy, it is irreversible for -that copy, so the ordinary GNU General Public License applies to all -subsequent copies and derivative works made from that copy. - - This option is useful when you wish to copy part of the code of -the Library into a program that is not a library. - - 4. You may copy and distribute the Library (or a portion or -derivative of it, under Section 2) in object code or executable form -under the terms of Sections 1 and 2 above provided that you accompany -it with the complete corresponding machine-readable source code, which -must be distributed under the terms of Sections 1 and 2 above on a -medium customarily used for software interchange. - - If distribution of object code is made by offering access to copy -from a designated place, then offering equivalent access to copy the -source code from the same place satisfies the requirement to -distribute the source code, even though third parties are not -compelled to copy the source along with the object code. - - 5. A program that contains no derivative of any portion of the -Library, but is designed to work with the Library by being compiled or -linked with it, is called a "work that uses the Library". Such a -work, in isolation, is not a derivative work of the Library, and -therefore falls outside the scope of this License. - - However, linking a "work that uses the Library" with the Library -creates an executable that is a derivative of the Library (because it -contains portions of the Library), rather than a "work that uses the -library". The executable is therefore covered by this License. -Section 6 states terms for distribution of such executables. - - When a "work that uses the Library" uses material from a header file -that is part of the Library, the object code for the work may be a -derivative work of the Library even though the source code is not. -Whether this is true is especially significant if the work can be -linked without the Library, or if the work is itself a library. The -threshold for this to be true is not precisely defined by law. - - If such an object file uses only numerical parameters, data -structure layouts and accessors, and small macros and small inline -functions (ten lines or less in length), then the use of the object -file is unrestricted, regardless of whether it is legally a derivative -work. (Executables containing this object code plus portions of the -Library will still fall under Section 6.) - - Otherwise, if the work is a derivative of the Library, you may -distribute the object code for the work under the terms of Section 6. -Any executables containing that work also fall under Section 6, -whether or not they are linked directly with the Library itself. - - 6. As an exception to the Sections above, you may also combine or -link a "work that uses the Library" with the Library to produce a -work containing portions of the Library, and distribute that work -under terms of your choice, provided that the terms permit -modification of the work for the customer's own use and reverse -engineering for debugging such modifications. - - You must give prominent notice with each copy of the work that the -Library is used in it and that the Library and its use are covered by -this License. You must supply a copy of this License. If the work -during execution displays copyright notices, you must include the -copyright notice for the Library among them, as well as a reference -directing the user to the copy of this License. Also, you must do one -of these things: - - a) Accompany the work with the complete corresponding - machine-readable source code for the Library including whatever - changes were used in the work (which must be distributed under - Sections 1 and 2 above); and, if the work is an executable linked - with the Library, with the complete machine-readable "work that - uses the Library", as object code and/or source code, so that the - user can modify the Library and then relink to produce a modified - executable containing the modified Library. (It is understood - that the user who changes the contents of definitions files in the - Library will not necessarily be able to recompile the application - to use the modified definitions.) - - b) Use a suitable shared library mechanism for linking with the - Library. A suitable mechanism is one that (1) uses at run time a - copy of the library already present on the user's computer system, - rather than copying library functions into the executable, and (2) - will operate properly with a modified version of the library, if - the user installs one, as long as the modified version is - interface-compatible with the version that the work was made with. - - c) Accompany the work with a written offer, valid for at - least three years, to give the same user the materials - specified in Subsection 6a, above, for a charge no more - than the cost of performing this distribution. - - d) If distribution of the work is made by offering access to copy - from a designated place, offer equivalent access to copy the above - specified materials from the same place. - - e) Verify that the user has already received a copy of these - materials or that you have already sent this user a copy. - - For an executable, the required form of the "work that uses the -Library" must include any data and utility programs needed for -reproducing the executable from it. However, as a special exception, -the materials to be distributed need not include anything that is -normally distributed (in either source or binary form) with the major -components (compiler, kernel, and so on) of the operating system on -which the executable runs, unless that component itself accompanies -the executable. - - It may happen that this requirement contradicts the license -restrictions of other proprietary libraries that do not normally -accompany the operating system. Such a contradiction means you cannot -use both them and the Library together in an executable that you -distribute. - - 7. You may place library facilities that are a work based on the -Library side-by-side in a single library together with other library -facilities not covered by this License, and distribute such a combined -library, provided that the separate distribution of the work based on -the Library and of the other library facilities is otherwise -permitted, and provided that you do these two things: - - a) Accompany the combined library with a copy of the same work - based on the Library, uncombined with any other library - facilities. This must be distributed under the terms of the - Sections above. - - b) Give prominent notice with the combined library of the fact - that part of it is a work based on the Library, and explaining - where to find the accompanying uncombined form of the same work. - - 8. You may not copy, modify, sublicense, link with, or distribute -the Library except as expressly provided under this License. Any -attempt otherwise to copy, modify, sublicense, link with, or -distribute the Library is void, and will automatically terminate your -rights under this License. However, parties who have received copies, -or rights, from you under this License will not have their licenses -terminated so long as such parties remain in full compliance. - - 9. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Library or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Library (or any work based on the -Library), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Library or works based on it. - - 10. Each time you redistribute the Library (or any work based on the -Library), the recipient automatically receives a license from the -original licensor to copy, distribute, link with or modify the Library -subject to these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties with -this License. - - 11. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Library at all. For example, if a patent -license would not permit royalty-free redistribution of the Library by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Library. - -If any portion of this section is held invalid or unenforceable under any -particular circumstance, the balance of the section is intended to apply, -and the section as a whole is intended to apply in other circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 12. If the distribution and/or use of the Library is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Library under this License may add -an explicit geographical distribution limitation excluding those countries, -so that distribution is permitted only in or among countries not thus -excluded. In such case, this License incorporates the limitation as if -written in the body of this License. - - 13. The Free Software Foundation may publish revised and/or new -versions of the Lesser General Public License from time to time. -Such new versions will be similar in spirit to the present version, -but may differ in detail to address new problems or concerns. - -Each version is given a distinguishing version number. If the Library -specifies a version number of this License which applies to it and -"any later version", you have the option of following the terms and -conditions either of that version or of any later version published by -the Free Software Foundation. If the Library does not specify a -license version number, you may choose any version ever published by -the Free Software Foundation. - - 14. If you wish to incorporate parts of the Library into other free -programs whose distribution conditions are incompatible with these, -write to the author to ask for permission. For software which is -copyrighted by the Free Software Foundation, write to the Free -Software Foundation; we sometimes make exceptions for this. Our -decision will be guided by the two goals of preserving the free status -of all derivatives of our free software and of promoting the sharing -and reuse of software generally. - - NO WARRANTY - - 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO -WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. -EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR -OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY -KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE -LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME -THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN -WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY -AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU -FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR -CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE -LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING -RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A -FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF -SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH -DAMAGES. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Libraries - - If you develop a new library, and you want it to be of the greatest -possible use to the public, we recommend making it free software that -everyone can redistribute and change. You can do so by permitting -redistribution under these terms (or, alternatively, under the terms of the -ordinary General Public License). - - To apply these terms, attach the following notices to the library. It is -safest to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least the -"copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -Also add information on how to contact you by electronic and paper mail. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the library, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the - library `Frob' (a library for tweaking knobs) written by James Random Hacker. - - , 1 April 1990 - Ty Coon, President of Vice - -That's all there is to it! - - + GNU LESSER GENERAL PUBLIC LICENSE + Version 2.1, February 1999 + + Copyright (C) 1991, 1999 Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + +[This is the first released version of the Lesser GPL. It also counts + as the successor of the GNU Library Public License, version 2, hence + the version number 2.1.] + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +Licenses are intended to guarantee your freedom to share and change +free software--to make sure the software is free for all its users. + + This license, the Lesser General Public License, applies to some +specially designated software packages--typically libraries--of the +Free Software Foundation and other authors who decide to use it. You +can use it too, but we suggest you first think carefully about whether +this license or the ordinary General Public License is the better +strategy to use in any particular case, based on the explanations below. + + When we speak of free software, we are referring to freedom of use, +not price. Our General Public Licenses are designed to make sure that +you have the freedom to distribute copies of free software (and charge +for this service if you wish); that you receive source code or can get +it if you want it; that you can change the software and use pieces of +it in new free programs; and that you are informed that you can do +these things. + + To protect your rights, we need to make restrictions that forbid +distributors to deny you these rights or to ask you to surrender these +rights. These restrictions translate to certain responsibilities for +you if you distribute copies of the library or if you modify it. + + For example, if you distribute copies of the library, whether gratis +or for a fee, you must give the recipients all the rights that we gave +you. You must make sure that they, too, receive or can get the source +code. If you link other code with the library, you must provide +complete object files to the recipients, so that they can relink them +with the library after making changes to the library and recompiling +it. And you must show them these terms so they know their rights. + + We protect your rights with a two-step method: (1) we copyright the +library, and (2) we offer you this license, which gives you legal +permission to copy, distribute and/or modify the library. + + To protect each distributor, we want to make it very clear that +there is no warranty for the free library. Also, if the library is +modified by someone else and passed on, the recipients should know +that what they have is not the original version, so that the original +author's reputation will not be affected by problems that might be +introduced by others. + + Finally, software patents pose a constant threat to the existence of +any free program. We wish to make sure that a company cannot +effectively restrict the users of a free program by obtaining a +restrictive license from a patent holder. Therefore, we insist that +any patent license obtained for a version of the library must be +consistent with the full freedom of use specified in this license. + + Most GNU software, including some libraries, is covered by the +ordinary GNU General Public License. This license, the GNU Lesser +General Public License, applies to certain designated libraries, and +is quite different from the ordinary General Public License. We use +this license for certain libraries in order to permit linking those +libraries into non-free programs. + + When a program is linked with a library, whether statically or using +a shared library, the combination of the two is legally speaking a +combined work, a derivative of the original library. The ordinary +General Public License therefore permits such linking only if the +entire combination fits its criteria of freedom. The Lesser General +Public License permits more lax criteria for linking other code with +the library. + + We call this license the "Lesser" General Public License because it +does Less to protect the user's freedom than the ordinary General +Public License. It also provides other free software developers Less +of an advantage over competing non-free programs. These disadvantages +are the reason we use the ordinary General Public License for many +libraries. However, the Lesser license provides advantages in certain +special circumstances. + + For example, on rare occasions, there may be a special need to +encourage the widest possible use of a certain library, so that it becomes +a de-facto standard. To achieve this, non-free programs must be +allowed to use the library. A more frequent case is that a free +library does the same job as widely used non-free libraries. In this +case, there is little to gain by limiting the free library to free +software only, so we use the Lesser General Public License. + + In other cases, permission to use a particular library in non-free +programs enables a greater number of people to use a large body of +free software. For example, permission to use the GNU C Library in +non-free programs enables many more people to use the whole GNU +operating system, as well as its variant, the GNU/Linux operating +system. + + Although the Lesser General Public License is Less protective of the +users' freedom, it does ensure that the user of a program that is +linked with the Library has the freedom and the wherewithal to run +that program using a modified version of the Library. + + The precise terms and conditions for copying, distribution and +modification follow. Pay close attention to the difference between a +"work based on the library" and a "work that uses the library". The +former contains code derived from the library, whereas the latter must +be combined with the library in order to run. + + GNU LESSER GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License Agreement applies to any software library or other +program which contains a notice placed by the copyright holder or +other authorized party saying it may be distributed under the terms of +this Lesser General Public License (also called "this License"). +Each licensee is addressed as "you". + + A "library" means a collection of software functions and/or data +prepared so as to be conveniently linked with application programs +(which use some of those functions and data) to form executables. + + The "Library", below, refers to any such software library or work +which has been distributed under these terms. A "work based on the +Library" means either the Library or any derivative work under +copyright law: that is to say, a work containing the Library or a +portion of it, either verbatim or with modifications and/or translated +straightforwardly into another language. (Hereinafter, translation is +included without limitation in the term "modification".) + + "Source code" for a work means the preferred form of the work for +making modifications to it. For a library, complete source code means +all the source code for all modules it contains, plus any associated +interface definition files, plus the scripts used to control compilation +and installation of the library. + + Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running a program using the Library is not restricted, and output from +such a program is covered only if its contents constitute a work based +on the Library (independent of the use of the Library in a tool for +writing it). Whether that is true depends on what the Library does +and what the program that uses the Library does. + + 1. You may copy and distribute verbatim copies of the Library's +complete source code as you receive it, in any medium, provided that +you conspicuously and appropriately publish on each copy an +appropriate copyright notice and disclaimer of warranty; keep intact +all the notices that refer to this License and to the absence of any +warranty; and distribute a copy of this License along with the +Library. + + You may charge a fee for the physical act of transferring a copy, +and you may at your option offer warranty protection in exchange for a +fee. + + 2. You may modify your copy or copies of the Library or any portion +of it, thus forming a work based on the Library, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) The modified work must itself be a software library. + + b) You must cause the files modified to carry prominent notices + stating that you changed the files and the date of any change. + + c) You must cause the whole of the work to be licensed at no + charge to all third parties under the terms of this License. + + d) If a facility in the modified Library refers to a function or a + table of data to be supplied by an application program that uses + the facility, other than as an argument passed when the facility + is invoked, then you must make a good faith effort to ensure that, + in the event an application does not supply such function or + table, the facility still operates, and performs whatever part of + its purpose remains meaningful. + + (For example, a function in a library to compute square roots has + a purpose that is entirely well-defined independent of the + application. Therefore, Subsection 2d requires that any + application-supplied function or table used by this function must + be optional: if the application does not supply it, the square + root function must still compute square roots.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Library, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Library, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote +it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Library. + +In addition, mere aggregation of another work not based on the Library +with the Library (or with a work based on the Library) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may opt to apply the terms of the ordinary GNU General Public +License instead of this License to a given copy of the Library. To do +this, you must alter all the notices that refer to this License, so +that they refer to the ordinary GNU General Public License, version 2, +instead of to this License. (If a newer version than version 2 of the +ordinary GNU General Public License has appeared, then you can specify +that version instead if you wish.) Do not make any other change in +these notices. + + Once this change is made in a given copy, it is irreversible for +that copy, so the ordinary GNU General Public License applies to all +subsequent copies and derivative works made from that copy. + + This option is useful when you wish to copy part of the code of +the Library into a program that is not a library. + + 4. You may copy and distribute the Library (or a portion or +derivative of it, under Section 2) in object code or executable form +under the terms of Sections 1 and 2 above provided that you accompany +it with the complete corresponding machine-readable source code, which +must be distributed under the terms of Sections 1 and 2 above on a +medium customarily used for software interchange. + + If distribution of object code is made by offering access to copy +from a designated place, then offering equivalent access to copy the +source code from the same place satisfies the requirement to +distribute the source code, even though third parties are not +compelled to copy the source along with the object code. + + 5. A program that contains no derivative of any portion of the +Library, but is designed to work with the Library by being compiled or +linked with it, is called a "work that uses the Library". Such a +work, in isolation, is not a derivative work of the Library, and +therefore falls outside the scope of this License. + + However, linking a "work that uses the Library" with the Library +creates an executable that is a derivative of the Library (because it +contains portions of the Library), rather than a "work that uses the +library". The executable is therefore covered by this License. +Section 6 states terms for distribution of such executables. + + When a "work that uses the Library" uses material from a header file +that is part of the Library, the object code for the work may be a +derivative work of the Library even though the source code is not. +Whether this is true is especially significant if the work can be +linked without the Library, or if the work is itself a library. The +threshold for this to be true is not precisely defined by law. + + If such an object file uses only numerical parameters, data +structure layouts and accessors, and small macros and small inline +functions (ten lines or less in length), then the use of the object +file is unrestricted, regardless of whether it is legally a derivative +work. (Executables containing this object code plus portions of the +Library will still fall under Section 6.) + + Otherwise, if the work is a derivative of the Library, you may +distribute the object code for the work under the terms of Section 6. +Any executables containing that work also fall under Section 6, +whether or not they are linked directly with the Library itself. + + 6. As an exception to the Sections above, you may also combine or +link a "work that uses the Library" with the Library to produce a +work containing portions of the Library, and distribute that work +under terms of your choice, provided that the terms permit +modification of the work for the customer's own use and reverse +engineering for debugging such modifications. + + You must give prominent notice with each copy of the work that the +Library is used in it and that the Library and its use are covered by +this License. You must supply a copy of this License. If the work +during execution displays copyright notices, you must include the +copyright notice for the Library among them, as well as a reference +directing the user to the copy of this License. Also, you must do one +of these things: + + a) Accompany the work with the complete corresponding + machine-readable source code for the Library including whatever + changes were used in the work (which must be distributed under + Sections 1 and 2 above); and, if the work is an executable linked + with the Library, with the complete machine-readable "work that + uses the Library", as object code and/or source code, so that the + user can modify the Library and then relink to produce a modified + executable containing the modified Library. (It is understood + that the user who changes the contents of definitions files in the + Library will not necessarily be able to recompile the application + to use the modified definitions.) + + b) Use a suitable shared library mechanism for linking with the + Library. A suitable mechanism is one that (1) uses at run time a + copy of the library already present on the user's computer system, + rather than copying library functions into the executable, and (2) + will operate properly with a modified version of the library, if + the user installs one, as long as the modified version is + interface-compatible with the version that the work was made with. + + c) Accompany the work with a written offer, valid for at + least three years, to give the same user the materials + specified in Subsection 6a, above, for a charge no more + than the cost of performing this distribution. + + d) If distribution of the work is made by offering access to copy + from a designated place, offer equivalent access to copy the above + specified materials from the same place. + + e) Verify that the user has already received a copy of these + materials or that you have already sent this user a copy. + + For an executable, the required form of the "work that uses the +Library" must include any data and utility programs needed for +reproducing the executable from it. However, as a special exception, +the materials to be distributed need not include anything that is +normally distributed (in either source or binary form) with the major +components (compiler, kernel, and so on) of the operating system on +which the executable runs, unless that component itself accompanies +the executable. + + It may happen that this requirement contradicts the license +restrictions of other proprietary libraries that do not normally +accompany the operating system. Such a contradiction means you cannot +use both them and the Library together in an executable that you +distribute. + + 7. You may place library facilities that are a work based on the +Library side-by-side in a single library together with other library +facilities not covered by this License, and distribute such a combined +library, provided that the separate distribution of the work based on +the Library and of the other library facilities is otherwise +permitted, and provided that you do these two things: + + a) Accompany the combined library with a copy of the same work + based on the Library, uncombined with any other library + facilities. This must be distributed under the terms of the + Sections above. + + b) Give prominent notice with the combined library of the fact + that part of it is a work based on the Library, and explaining + where to find the accompanying uncombined form of the same work. + + 8. You may not copy, modify, sublicense, link with, or distribute +the Library except as expressly provided under this License. Any +attempt otherwise to copy, modify, sublicense, link with, or +distribute the Library is void, and will automatically terminate your +rights under this License. However, parties who have received copies, +or rights, from you under this License will not have their licenses +terminated so long as such parties remain in full compliance. + + 9. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Library or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Library (or any work based on the +Library), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Library or works based on it. + + 10. Each time you redistribute the Library (or any work based on the +Library), the recipient automatically receives a license from the +original licensor to copy, distribute, link with or modify the Library +subject to these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties with +this License. + + 11. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Library at all. For example, if a patent +license would not permit royalty-free redistribution of the Library by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Library. + +If any portion of this section is held invalid or unenforceable under any +particular circumstance, the balance of the section is intended to apply, +and the section as a whole is intended to apply in other circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 12. If the distribution and/or use of the Library is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Library under this License may add +an explicit geographical distribution limitation excluding those countries, +so that distribution is permitted only in or among countries not thus +excluded. In such case, this License incorporates the limitation as if +written in the body of this License. + + 13. The Free Software Foundation may publish revised and/or new +versions of the Lesser General Public License from time to time. +Such new versions will be similar in spirit to the present version, +but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Library +specifies a version number of this License which applies to it and +"any later version", you have the option of following the terms and +conditions either of that version or of any later version published by +the Free Software Foundation. If the Library does not specify a +license version number, you may choose any version ever published by +the Free Software Foundation. + + 14. If you wish to incorporate parts of the Library into other free +programs whose distribution conditions are incompatible with these, +write to the author to ask for permission. For software which is +copyrighted by the Free Software Foundation, write to the Free +Software Foundation; we sometimes make exceptions for this. Our +decision will be guided by the two goals of preserving the free status +of all derivatives of our free software and of promoting the sharing +and reuse of software generally. + + NO WARRANTY + + 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO +WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. +EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR +OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY +KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE +LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME +THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN +WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY +AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU +FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR +CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE +LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING +RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A +FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF +SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH +DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Libraries + + If you develop a new library, and you want it to be of the greatest +possible use to the public, we recommend making it free software that +everyone can redistribute and change. You can do so by permitting +redistribution under these terms (or, alternatively, under the terms of the +ordinary General Public License). + + To apply these terms, attach the following notices to the library. It is +safest to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least the +"copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +Also add information on how to contact you by electronic and paper mail. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the library, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the + library `Frob' (a library for tweaking knobs) written by James Random Hacker. + + , 1 April 1990 + Ty Coon, President of Vice + +That's all there is to it! + + diff --git a/wbce/include/pclzip/index.php b/wbce/include/pclzip/index.php index 2fe104c07..fc25c9632 100644 --- a/wbce/include/pclzip/index.php +++ b/wbce/include/pclzip/index.php @@ -1,28 +1,4 @@ - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - header("Location: ../../index.php"); - -?> \ No newline at end of file +exit; diff --git a/wbce/include/pclzip/pclzip.lib.php b/wbce/include/pclzip/pclzip.lib.php index e980a6e0d..b4d5a9890 100644 --- a/wbce/include/pclzip/pclzip.lib.php +++ b/wbce/include/pclzip/pclzip.lib.php @@ -25,184 +25,184 @@ // $Id: pclzip.lib.php,v 1.60 2009/09/30 21:01:04 vblavet Exp $ // -------------------------------------------------------------------------------- - // ----- Constants - if (!defined('PCLZIP_READ_BLOCK_SIZE')) { - define( 'PCLZIP_READ_BLOCK_SIZE', 2048 ); - } - - // ----- File list separator - // In version 1.x of PclZip, the separator for file list is a space - // (which is not a very smart choice, specifically for windows paths !). - // A better separator should be a comma (,). This constant gives you the - // abilty to change that. - // However notice that changing this value, may have impact on existing - // scripts, using space separated filenames. - // Recommanded values for compatibility with older versions : - //define( 'PCLZIP_SEPARATOR', ' ' ); - // Recommanded values for smart separation of filenames. - if (!defined('PCLZIP_SEPARATOR')) { - define( 'PCLZIP_SEPARATOR', ',' ); - } - - // ----- Error configuration - // 0 : PclZip Class integrated error handling - // 1 : PclError external library error handling. By enabling this - // you must ensure that you have included PclError library. - // [2,...] : reserved for futur use - if (!defined('PCLZIP_ERROR_EXTERNAL')) { - define( 'PCLZIP_ERROR_EXTERNAL', 0 ); - } +// ----- Constants +if (!defined('PCLZIP_READ_BLOCK_SIZE')) { + define('PCLZIP_READ_BLOCK_SIZE', 2048); +} + +// ----- File list separator +// In version 1.x of PclZip, the separator for file list is a space +// (which is not a very smart choice, specifically for windows paths !). +// A better separator should be a comma (,). This constant gives you the +// abilty to change that. +// However notice that changing this value, may have impact on existing +// scripts, using space separated filenames. +// Recommanded values for compatibility with older versions : +//define( 'PCLZIP_SEPARATOR', ' ' ); +// Recommanded values for smart separation of filenames. +if (!defined('PCLZIP_SEPARATOR')) { + define('PCLZIP_SEPARATOR', ','); +} + +// ----- Error configuration +// 0 : PclZip Class integrated error handling +// 1 : PclError external library error handling. By enabling this +// you must ensure that you have included PclError library. +// [2,...] : reserved for futur use +if (!defined('PCLZIP_ERROR_EXTERNAL')) { + define('PCLZIP_ERROR_EXTERNAL', 0); +} + +// ----- Optional static temporary directory +// By default temporary files are generated in the script current +// path. +// If defined : +// - MUST BE terminated by a '/'. +// - MUST be a valid, already created directory +// Samples : +// define( 'PCLZIP_TEMPORARY_DIR', '/temp/' ); +// define( 'PCLZIP_TEMPORARY_DIR', 'C:/Temp/' ); +if (!defined('PCLZIP_TEMPORARY_DIR')) { + define('PCLZIP_TEMPORARY_DIR', ''); +} + +// ----- Optional threshold ratio for use of temporary files +// Pclzip sense the size of the file to add/extract and decide to +// use or not temporary file. The algorythm is looking for +// memory_limit of PHP and apply a ratio. +// threshold = memory_limit * ratio. +// Recommended values are under 0.5. Default 0.47. +// Samples : +// define( 'PCLZIP_TEMPORARY_FILE_RATIO', 0.5 ); +if (!defined('PCLZIP_TEMPORARY_FILE_RATIO')) { + define('PCLZIP_TEMPORARY_FILE_RATIO', 0.47); +} - // ----- Optional static temporary directory - // By default temporary files are generated in the script current - // path. - // If defined : - // - MUST BE terminated by a '/'. - // - MUST be a valid, already created directory - // Samples : - // define( 'PCLZIP_TEMPORARY_DIR', '/temp/' ); - // define( 'PCLZIP_TEMPORARY_DIR', 'C:/Temp/' ); - if (!defined('PCLZIP_TEMPORARY_DIR')) { - define( 'PCLZIP_TEMPORARY_DIR', '' ); - } +// -------------------------------------------------------------------------------- +// ***** UNDER THIS LINE NOTHING NEEDS TO BE MODIFIED ***** +// -------------------------------------------------------------------------------- - // ----- Optional threshold ratio for use of temporary files - // Pclzip sense the size of the file to add/extract and decide to - // use or not temporary file. The algorythm is looking for - // memory_limit of PHP and apply a ratio. - // threshold = memory_limit * ratio. - // Recommended values are under 0.5. Default 0.47. - // Samples : - // define( 'PCLZIP_TEMPORARY_FILE_RATIO', 0.5 ); - if (!defined('PCLZIP_TEMPORARY_FILE_RATIO')) { - define( 'PCLZIP_TEMPORARY_FILE_RATIO', 0.47 ); - } +// ----- Global variables +$g_pclzip_version = "2.8.2"; + +// ----- Error codes +// -1 : Unable to open file in binary write mode +// -2 : Unable to open file in binary read mode +// -3 : Invalid parameters +// -4 : File does not exist +// -5 : Filename is too long (max. 255) +// -6 : Not a valid zip file +// -7 : Invalid extracted file size +// -8 : Unable to create directory +// -9 : Invalid archive extension +// -10 : Invalid archive format +// -11 : Unable to delete file (unlink) +// -12 : Unable to rename file (rename) +// -13 : Invalid header checksum +// -14 : Invalid archive size +define('PCLZIP_ERR_USER_ABORTED', 2); +define('PCLZIP_ERR_NO_ERROR', 0); +define('PCLZIP_ERR_WRITE_OPEN_FAIL', -1); +define('PCLZIP_ERR_READ_OPEN_FAIL', -2); +define('PCLZIP_ERR_INVALID_PARAMETER', -3); +define('PCLZIP_ERR_MISSING_FILE', -4); +define('PCLZIP_ERR_FILENAME_TOO_LONG', -5); +define('PCLZIP_ERR_INVALID_ZIP', -6); +define('PCLZIP_ERR_BAD_EXTRACTED_FILE', -7); +define('PCLZIP_ERR_DIR_CREATE_FAIL', -8); +define('PCLZIP_ERR_BAD_EXTENSION', -9); +define('PCLZIP_ERR_BAD_FORMAT', -10); +define('PCLZIP_ERR_DELETE_FILE_FAIL', -11); +define('PCLZIP_ERR_RENAME_FILE_FAIL', -12); +define('PCLZIP_ERR_BAD_CHECKSUM', -13); +define('PCLZIP_ERR_INVALID_ARCHIVE_ZIP', -14); +define('PCLZIP_ERR_MISSING_OPTION_VALUE', -15); +define('PCLZIP_ERR_INVALID_OPTION_VALUE', -16); +define('PCLZIP_ERR_ALREADY_A_DIRECTORY', -17); +define('PCLZIP_ERR_UNSUPPORTED_COMPRESSION', -18); +define('PCLZIP_ERR_UNSUPPORTED_ENCRYPTION', -19); +define('PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE', -20); +define('PCLZIP_ERR_DIRECTORY_RESTRICTION', -21); + +// ----- Options values +define('PCLZIP_OPT_PATH', 77001); +define('PCLZIP_OPT_ADD_PATH', 77002); +define('PCLZIP_OPT_REMOVE_PATH', 77003); +define('PCLZIP_OPT_REMOVE_ALL_PATH', 77004); +define('PCLZIP_OPT_SET_CHMOD', 77005); +define('PCLZIP_OPT_EXTRACT_AS_STRING', 77006); +define('PCLZIP_OPT_NO_COMPRESSION', 77007); +define('PCLZIP_OPT_BY_NAME', 77008); +define('PCLZIP_OPT_BY_INDEX', 77009); +define('PCLZIP_OPT_BY_EREG', 77010); +define('PCLZIP_OPT_BY_PREG', 77011); +define('PCLZIP_OPT_COMMENT', 77012); +define('PCLZIP_OPT_ADD_COMMENT', 77013); +define('PCLZIP_OPT_PREPEND_COMMENT', 77014); +define('PCLZIP_OPT_EXTRACT_IN_OUTPUT', 77015); +define('PCLZIP_OPT_REPLACE_NEWER', 77016); +define('PCLZIP_OPT_STOP_ON_ERROR', 77017); +// Having big trouble with crypt. Need to multiply 2 long int +// which is not correctly supported by PHP ... +//define( 'PCLZIP_OPT_CRYPT', 77018 ); +define('PCLZIP_OPT_EXTRACT_DIR_RESTRICTION', 77019); +define('PCLZIP_OPT_TEMP_FILE_THRESHOLD', 77020); +define('PCLZIP_OPT_ADD_TEMP_FILE_THRESHOLD', 77020); // alias +define('PCLZIP_OPT_TEMP_FILE_ON', 77021); +define('PCLZIP_OPT_ADD_TEMP_FILE_ON', 77021); // alias +define('PCLZIP_OPT_TEMP_FILE_OFF', 77022); +define('PCLZIP_OPT_ADD_TEMP_FILE_OFF', 77022); // alias + +// ----- File description attributes +define('PCLZIP_ATT_FILE_NAME', 79001); +define('PCLZIP_ATT_FILE_NEW_SHORT_NAME', 79002); +define('PCLZIP_ATT_FILE_NEW_FULL_NAME', 79003); +define('PCLZIP_ATT_FILE_MTIME', 79004); +define('PCLZIP_ATT_FILE_CONTENT', 79005); +define('PCLZIP_ATT_FILE_COMMENT', 79006); + +// ----- Call backs values +define('PCLZIP_CB_PRE_EXTRACT', 78001); +define('PCLZIP_CB_POST_EXTRACT', 78002); +define('PCLZIP_CB_PRE_ADD', 78003); +define('PCLZIP_CB_POST_ADD', 78004); +/* For futur use +define( 'PCLZIP_CB_PRE_LIST', 78005 ); +define( 'PCLZIP_CB_POST_LIST', 78006 ); +define( 'PCLZIP_CB_PRE_DELETE', 78007 ); +define( 'PCLZIP_CB_POST_DELETE', 78008 ); +*/ // -------------------------------------------------------------------------------- -// ***** UNDER THIS LINE NOTHING NEEDS TO BE MODIFIED ***** +// Class : PclZip +// Description : +// PclZip is the class that represent a Zip archive. +// The public methods allow the manipulation of the archive. +// Attributes : +// Attributes must not be accessed directly. +// Methods : +// PclZip() : Object creator +// create() : Creates the Zip archive +// listContent() : List the content of the Zip archive +// extract() : Extract the content of the archive +// properties() : List the properties of the archive // -------------------------------------------------------------------------------- +class PclZip +{ + // ----- Filename of the zip file + public $zipname = ''; - // ----- Global variables - $g_pclzip_version = "2.8.2"; - - // ----- Error codes - // -1 : Unable to open file in binary write mode - // -2 : Unable to open file in binary read mode - // -3 : Invalid parameters - // -4 : File does not exist - // -5 : Filename is too long (max. 255) - // -6 : Not a valid zip file - // -7 : Invalid extracted file size - // -8 : Unable to create directory - // -9 : Invalid archive extension - // -10 : Invalid archive format - // -11 : Unable to delete file (unlink) - // -12 : Unable to rename file (rename) - // -13 : Invalid header checksum - // -14 : Invalid archive size - define( 'PCLZIP_ERR_USER_ABORTED', 2 ); - define( 'PCLZIP_ERR_NO_ERROR', 0 ); - define( 'PCLZIP_ERR_WRITE_OPEN_FAIL', -1 ); - define( 'PCLZIP_ERR_READ_OPEN_FAIL', -2 ); - define( 'PCLZIP_ERR_INVALID_PARAMETER', -3 ); - define( 'PCLZIP_ERR_MISSING_FILE', -4 ); - define( 'PCLZIP_ERR_FILENAME_TOO_LONG', -5 ); - define( 'PCLZIP_ERR_INVALID_ZIP', -6 ); - define( 'PCLZIP_ERR_BAD_EXTRACTED_FILE', -7 ); - define( 'PCLZIP_ERR_DIR_CREATE_FAIL', -8 ); - define( 'PCLZIP_ERR_BAD_EXTENSION', -9 ); - define( 'PCLZIP_ERR_BAD_FORMAT', -10 ); - define( 'PCLZIP_ERR_DELETE_FILE_FAIL', -11 ); - define( 'PCLZIP_ERR_RENAME_FILE_FAIL', -12 ); - define( 'PCLZIP_ERR_BAD_CHECKSUM', -13 ); - define( 'PCLZIP_ERR_INVALID_ARCHIVE_ZIP', -14 ); - define( 'PCLZIP_ERR_MISSING_OPTION_VALUE', -15 ); - define( 'PCLZIP_ERR_INVALID_OPTION_VALUE', -16 ); - define( 'PCLZIP_ERR_ALREADY_A_DIRECTORY', -17 ); - define( 'PCLZIP_ERR_UNSUPPORTED_COMPRESSION', -18 ); - define( 'PCLZIP_ERR_UNSUPPORTED_ENCRYPTION', -19 ); - define( 'PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE', -20 ); - define( 'PCLZIP_ERR_DIRECTORY_RESTRICTION', -21 ); - - // ----- Options values - define( 'PCLZIP_OPT_PATH', 77001 ); - define( 'PCLZIP_OPT_ADD_PATH', 77002 ); - define( 'PCLZIP_OPT_REMOVE_PATH', 77003 ); - define( 'PCLZIP_OPT_REMOVE_ALL_PATH', 77004 ); - define( 'PCLZIP_OPT_SET_CHMOD', 77005 ); - define( 'PCLZIP_OPT_EXTRACT_AS_STRING', 77006 ); - define( 'PCLZIP_OPT_NO_COMPRESSION', 77007 ); - define( 'PCLZIP_OPT_BY_NAME', 77008 ); - define( 'PCLZIP_OPT_BY_INDEX', 77009 ); - define( 'PCLZIP_OPT_BY_EREG', 77010 ); - define( 'PCLZIP_OPT_BY_PREG', 77011 ); - define( 'PCLZIP_OPT_COMMENT', 77012 ); - define( 'PCLZIP_OPT_ADD_COMMENT', 77013 ); - define( 'PCLZIP_OPT_PREPEND_COMMENT', 77014 ); - define( 'PCLZIP_OPT_EXTRACT_IN_OUTPUT', 77015 ); - define( 'PCLZIP_OPT_REPLACE_NEWER', 77016 ); - define( 'PCLZIP_OPT_STOP_ON_ERROR', 77017 ); - // Having big trouble with crypt. Need to multiply 2 long int - // which is not correctly supported by PHP ... - //define( 'PCLZIP_OPT_CRYPT', 77018 ); - define( 'PCLZIP_OPT_EXTRACT_DIR_RESTRICTION', 77019 ); - define( 'PCLZIP_OPT_TEMP_FILE_THRESHOLD', 77020 ); - define( 'PCLZIP_OPT_ADD_TEMP_FILE_THRESHOLD', 77020 ); // alias - define( 'PCLZIP_OPT_TEMP_FILE_ON', 77021 ); - define( 'PCLZIP_OPT_ADD_TEMP_FILE_ON', 77021 ); // alias - define( 'PCLZIP_OPT_TEMP_FILE_OFF', 77022 ); - define( 'PCLZIP_OPT_ADD_TEMP_FILE_OFF', 77022 ); // alias - - // ----- File description attributes - define( 'PCLZIP_ATT_FILE_NAME', 79001 ); - define( 'PCLZIP_ATT_FILE_NEW_SHORT_NAME', 79002 ); - define( 'PCLZIP_ATT_FILE_NEW_FULL_NAME', 79003 ); - define( 'PCLZIP_ATT_FILE_MTIME', 79004 ); - define( 'PCLZIP_ATT_FILE_CONTENT', 79005 ); - define( 'PCLZIP_ATT_FILE_COMMENT', 79006 ); - - // ----- Call backs values - define( 'PCLZIP_CB_PRE_EXTRACT', 78001 ); - define( 'PCLZIP_CB_POST_EXTRACT', 78002 ); - define( 'PCLZIP_CB_PRE_ADD', 78003 ); - define( 'PCLZIP_CB_POST_ADD', 78004 ); - /* For futur use - define( 'PCLZIP_CB_PRE_LIST', 78005 ); - define( 'PCLZIP_CB_POST_LIST', 78006 ); - define( 'PCLZIP_CB_PRE_DELETE', 78007 ); - define( 'PCLZIP_CB_POST_DELETE', 78008 ); - */ - - // -------------------------------------------------------------------------------- - // Class : PclZip - // Description : - // PclZip is the class that represent a Zip archive. - // The public methods allow the manipulation of the archive. - // Attributes : - // Attributes must not be accessed directly. - // Methods : - // PclZip() : Object creator - // create() : Creates the Zip archive - // listContent() : List the content of the Zip archive - // extract() : Extract the content of the archive - // properties() : List the properties of the archive - // -------------------------------------------------------------------------------- - class PclZip - { - // ----- Filename of the zip file - var $zipname = ''; + // ----- File descriptor of the zip file + public $zip_fd = 0; - // ----- File descriptor of the zip file - var $zip_fd = 0; + // ----- Internal error handling + public $error_code = 1; + public $error_string = ''; - // ----- Internal error handling - var $error_code = 1; - var $error_string = ''; - - // ----- Current status of the magic_quotes_runtime - // This value store the php configuration for magic_quotes - // The class can then disable the magic_quotes and reset it after - var $magic_quotes_status; + // ----- Current status of the magic_quotes_runtime + // This value store the php configuration for magic_quotes + // The class can then disable the magic_quotes and reset it after + public $magic_quotes_status; // -------------------------------------------------------------------------------- // Function : PclZip() @@ -212,30 +212,23 @@ class PclZip // Note that no real action is taken, if the archive does not exist it is not // created. Use create() for that. // -------------------------------------------------------------------------------- - function PclZip($p_zipname) + public function __construct($p_zipname) { // ----- Tests the zlib - if (!function_exists('gzopen')) - { - if (!function_exists('gzopen64')) - { - die('Abort '.basename(__FILE__).' : Missing zlib extensions'); - } - function gzopen($sfn,$m) - { - return gzopen64($sfn,$m); - } + if (!function_exists('gzopen')) { + die('Abort ' . basename(__FILE__) . ' : Missing zlib extensions'); } // ----- Set the attributes - $this->zipname = $p_zipname; - $this->zip_fd = 0; + $this->zipname = $p_zipname; + $this->zip_fd = 0; $this->magic_quotes_status = -1; // ----- Return return; } + // -------------------------------------------------------------------------------- // -------------------------------------------------------------------------------- // Function : @@ -274,16 +267,16 @@ function gzopen($sfn,$m) // The list of the added files, with a status of the add action. // (see PclZip::listContent() for list entry format) // -------------------------------------------------------------------------------- - function create($p_filelist) + public function create($p_filelist) { - $v_result=1; + $v_result = 1; // ----- Reset the error handler $this->privErrorReset(); // ----- Set default values - $v_options = array(); - $v_options[PCLZIP_OPT_NO_COMPRESSION] = FALSE; + $v_options = array(); + $v_options[PCLZIP_OPT_NO_COMPRESSION] = false; // ----- Look for variable options arguments $v_size = func_num_args(); @@ -301,28 +294,27 @@ function create($p_filelist) if ((is_integer($v_arg_list[0])) && ($v_arg_list[0] > 77000)) { // ----- Parse the options - $v_result = $this->privParseOptions($v_arg_list, $v_size, $v_options, - array (PCLZIP_OPT_REMOVE_PATH => 'optional', - PCLZIP_OPT_REMOVE_ALL_PATH => 'optional', - PCLZIP_OPT_ADD_PATH => 'optional', - PCLZIP_CB_PRE_ADD => 'optional', - PCLZIP_CB_POST_ADD => 'optional', - PCLZIP_OPT_NO_COMPRESSION => 'optional', - PCLZIP_OPT_COMMENT => 'optional', - PCLZIP_OPT_TEMP_FILE_THRESHOLD => 'optional', - PCLZIP_OPT_TEMP_FILE_ON => 'optional', - PCLZIP_OPT_TEMP_FILE_OFF => 'optional' - //, PCLZIP_OPT_CRYPT => 'optional' - )); + $v_result = $this->privParseOptions($v_arg_list, $v_size, $v_options, array( + PCLZIP_OPT_REMOVE_PATH => 'optional', + PCLZIP_OPT_REMOVE_ALL_PATH => 'optional', + PCLZIP_OPT_ADD_PATH => 'optional', + PCLZIP_CB_PRE_ADD => 'optional', + PCLZIP_CB_POST_ADD => 'optional', + PCLZIP_OPT_NO_COMPRESSION => 'optional', + PCLZIP_OPT_COMMENT => 'optional', + PCLZIP_OPT_TEMP_FILE_THRESHOLD => 'optional', + PCLZIP_OPT_TEMP_FILE_ON => 'optional', + PCLZIP_OPT_TEMP_FILE_OFF => 'optional' + //, PCLZIP_OPT_CRYPT => 'optional' + )); if ($v_result != 1) { return 0; } - } - // ----- Look for 2 args - // Here we need to support the first historic synopsis of the - // method. - else { + // ----- Look for 2 args + // Here we need to support the first historic synopsis of the + // method. + } else { // ----- Get the first argument $v_options[PCLZIP_OPT_ADD_PATH] = $v_arg_list[0]; @@ -330,76 +322,69 @@ function create($p_filelist) // ----- Look for the optional second argument if ($v_size == 2) { $v_options[PCLZIP_OPT_REMOVE_PATH] = $v_arg_list[1]; - } - else if ($v_size > 2) { - PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, - "Invalid number / type of arguments"); + } elseif ($v_size > 2) { + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Invalid number / type of arguments"); + return 0; } } } - + // ----- Look for default option values $this->privOptionDefaultThreshold($v_options); // ----- Init - $v_string_list = array(); - $v_att_list = array(); + $v_string_list = array(); + $v_att_list = array(); $v_filedescr_list = array(); - $p_result_list = array(); - + $p_result_list = array(); + // ----- Look if the $p_filelist is really an array if (is_array($p_filelist)) { - + // ----- Look if the first element is also an array // This will mean that this is a file description entry if (isset($p_filelist[0]) && is_array($p_filelist[0])) { $v_att_list = $p_filelist; - } - - // ----- The list is a list of string names - else { + + // ----- The list is a list of string names + } else { $v_string_list = $p_filelist; } - } - // ----- Look if the $p_filelist is a string - else if (is_string($p_filelist)) { + // ----- Look if the $p_filelist is a string + } elseif (is_string($p_filelist)) { // ----- Create a list from the string $v_string_list = explode(PCLZIP_SEPARATOR, $p_filelist); - } - // ----- Invalid variable type for $p_filelist - else { + // ----- Invalid variable type for $p_filelist + } else { PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Invalid variable type p_filelist"); + return 0; } - + // ----- Reformat the string list if (sizeof($v_string_list) != 0) { foreach ($v_string_list as $v_string) { if ($v_string != '') { $v_att_list[][PCLZIP_ATT_FILE_NAME] = $v_string; - } - else { + } else { } } } - + // ----- For each file in the list check the attributes - $v_supported_attributes - = array ( PCLZIP_ATT_FILE_NAME => 'mandatory' - ,PCLZIP_ATT_FILE_NEW_SHORT_NAME => 'optional' - ,PCLZIP_ATT_FILE_NEW_FULL_NAME => 'optional' - ,PCLZIP_ATT_FILE_MTIME => 'optional' - ,PCLZIP_ATT_FILE_CONTENT => 'optional' - ,PCLZIP_ATT_FILE_COMMENT => 'optional' - ); + $v_supported_attributes = array( + PCLZIP_ATT_FILE_NAME => 'mandatory', + PCLZIP_ATT_FILE_NEW_SHORT_NAME => 'optional', + PCLZIP_ATT_FILE_NEW_FULL_NAME => 'optional', + PCLZIP_ATT_FILE_MTIME => 'optional', + PCLZIP_ATT_FILE_CONTENT => 'optional', + PCLZIP_ATT_FILE_COMMENT => 'optional' + ); foreach ($v_att_list as $v_entry) { - $v_result = $this->privFileDescrParseAtt($v_entry, - $v_filedescr_list[], - $v_options, - $v_supported_attributes); + $v_result = $this->privFileDescrParseAtt($v_entry, $v_filedescr_list[], $v_options, $v_supported_attributes); if ($v_result != 1) { return 0; } @@ -457,16 +442,16 @@ function create($p_filelist) // The list of the added files, with a status of the add action. // (see PclZip::listContent() for list entry format) // -------------------------------------------------------------------------------- - function add($p_filelist) + public function add($p_filelist) { - $v_result=1; + $v_result = 1; // ----- Reset the error handler $this->privErrorReset(); // ----- Set default values - $v_options = array(); - $v_options[PCLZIP_OPT_NO_COMPRESSION] = FALSE; + $v_options = array(); + $v_options[PCLZIP_OPT_NO_COMPRESSION] = false; // ----- Look for variable options arguments $v_size = func_num_args(); @@ -484,30 +469,29 @@ function add($p_filelist) if ((is_integer($v_arg_list[0])) && ($v_arg_list[0] > 77000)) { // ----- Parse the options - $v_result = $this->privParseOptions($v_arg_list, $v_size, $v_options, - array (PCLZIP_OPT_REMOVE_PATH => 'optional', - PCLZIP_OPT_REMOVE_ALL_PATH => 'optional', - PCLZIP_OPT_ADD_PATH => 'optional', - PCLZIP_CB_PRE_ADD => 'optional', - PCLZIP_CB_POST_ADD => 'optional', - PCLZIP_OPT_NO_COMPRESSION => 'optional', - PCLZIP_OPT_COMMENT => 'optional', - PCLZIP_OPT_ADD_COMMENT => 'optional', - PCLZIP_OPT_PREPEND_COMMENT => 'optional', - PCLZIP_OPT_TEMP_FILE_THRESHOLD => 'optional', - PCLZIP_OPT_TEMP_FILE_ON => 'optional', - PCLZIP_OPT_TEMP_FILE_OFF => 'optional' - //, PCLZIP_OPT_CRYPT => 'optional' - )); + $v_result = $this->privParseOptions($v_arg_list, $v_size, $v_options, array( + PCLZIP_OPT_REMOVE_PATH => 'optional', + PCLZIP_OPT_REMOVE_ALL_PATH => 'optional', + PCLZIP_OPT_ADD_PATH => 'optional', + PCLZIP_CB_PRE_ADD => 'optional', + PCLZIP_CB_POST_ADD => 'optional', + PCLZIP_OPT_NO_COMPRESSION => 'optional', + PCLZIP_OPT_COMMENT => 'optional', + PCLZIP_OPT_ADD_COMMENT => 'optional', + PCLZIP_OPT_PREPEND_COMMENT => 'optional', + PCLZIP_OPT_TEMP_FILE_THRESHOLD => 'optional', + PCLZIP_OPT_TEMP_FILE_ON => 'optional', + PCLZIP_OPT_TEMP_FILE_OFF => 'optional' + //, PCLZIP_OPT_CRYPT => 'optional' + )); if ($v_result != 1) { return 0; } - } - // ----- Look for 2 args - // Here we need to support the first historic synopsis of the - // method. - else { + // ----- Look for 2 args + // Here we need to support the first historic synopsis of the + // method. + } else { // ----- Get the first argument $v_options[PCLZIP_OPT_ADD_PATH] = $v_add_path = $v_arg_list[0]; @@ -515,8 +499,7 @@ function add($p_filelist) // ----- Look for the optional second argument if ($v_size == 2) { $v_options[PCLZIP_OPT_REMOVE_PATH] = $v_arg_list[1]; - } - else if ($v_size > 2) { + } elseif ($v_size > 2) { // ----- Error log PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Invalid number / type of arguments"); @@ -530,59 +513,54 @@ function add($p_filelist) $this->privOptionDefaultThreshold($v_options); // ----- Init - $v_string_list = array(); - $v_att_list = array(); + $v_string_list = array(); + $v_att_list = array(); $v_filedescr_list = array(); - $p_result_list = array(); - + $p_result_list = array(); + // ----- Look if the $p_filelist is really an array if (is_array($p_filelist)) { - + // ----- Look if the first element is also an array // This will mean that this is a file description entry if (isset($p_filelist[0]) && is_array($p_filelist[0])) { $v_att_list = $p_filelist; - } - - // ----- The list is a list of string names - else { + + // ----- The list is a list of string names + } else { $v_string_list = $p_filelist; } - } - // ----- Look if the $p_filelist is a string - else if (is_string($p_filelist)) { + // ----- Look if the $p_filelist is a string + } elseif (is_string($p_filelist)) { // ----- Create a list from the string $v_string_list = explode(PCLZIP_SEPARATOR, $p_filelist); - } - // ----- Invalid variable type for $p_filelist - else { - PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Invalid variable type '".gettype($p_filelist)."' for p_filelist"); + // ----- Invalid variable type for $p_filelist + } else { + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Invalid variable type '" . gettype($p_filelist) . "' for p_filelist"); + return 0; } - + // ----- Reformat the string list if (sizeof($v_string_list) != 0) { foreach ($v_string_list as $v_string) { $v_att_list[][PCLZIP_ATT_FILE_NAME] = $v_string; } } - + // ----- For each file in the list check the attributes - $v_supported_attributes - = array ( PCLZIP_ATT_FILE_NAME => 'mandatory' - ,PCLZIP_ATT_FILE_NEW_SHORT_NAME => 'optional' - ,PCLZIP_ATT_FILE_NEW_FULL_NAME => 'optional' - ,PCLZIP_ATT_FILE_MTIME => 'optional' - ,PCLZIP_ATT_FILE_CONTENT => 'optional' - ,PCLZIP_ATT_FILE_COMMENT => 'optional' - ); + $v_supported_attributes = array( + PCLZIP_ATT_FILE_NAME => 'mandatory', + PCLZIP_ATT_FILE_NEW_SHORT_NAME => 'optional', + PCLZIP_ATT_FILE_NEW_FULL_NAME => 'optional', + PCLZIP_ATT_FILE_MTIME => 'optional', + PCLZIP_ATT_FILE_CONTENT => 'optional', + PCLZIP_ATT_FILE_COMMENT => 'optional' + ); foreach ($v_att_list as $v_entry) { - $v_result = $this->privFileDescrParseAtt($v_entry, - $v_filedescr_list[], - $v_options, - $v_supported_attributes); + $v_result = $this->privFileDescrParseAtt($v_entry, $v_filedescr_list[], $v_options, $v_supported_attributes); if ($v_result != 1) { return 0; } @@ -646,24 +624,24 @@ function add($p_filelist) // 0 on an unrecoverable failure, // The list of the files in the archive. // -------------------------------------------------------------------------------- - function listContent() + public function listContent() { - $v_result=1; + $v_result = 1; // ----- Reset the error handler $this->privErrorReset(); // ----- Check archive if (!$this->privCheckFormat()) { - return(0); + return (0); } // ----- Call the extracting fct $p_list = array(); - if (($v_result = $this->privList($p_list)) != 1) - { + if (($v_result = $this->privList($p_list)) != 1) { unset($p_list); - return(0); + + return (0); } // ----- Return @@ -703,30 +681,30 @@ function listContent() // The list of the extracted files, with a status of the action. // (see PclZip::listContent() for list entry format) // -------------------------------------------------------------------------------- - function extract() + public function extract() { - $v_result=1; + $v_result = 1; // ----- Reset the error handler $this->privErrorReset(); // ----- Check archive if (!$this->privCheckFormat()) { - return(0); + return (0); } // ----- Set default values - $v_options = array(); -// $v_path = "./"; - $v_path = ''; - $v_remove_path = ""; + $v_options = array(); + // $v_path = "./"; + $v_path = ''; + $v_remove_path = ""; $v_remove_all_path = false; // ----- Look for variable options arguments $v_size = func_num_args(); // ----- Default values for option - $v_options[PCLZIP_OPT_EXTRACT_AS_STRING] = FALSE; + $v_options[PCLZIP_OPT_EXTRACT_AS_STRING] = false; // ----- Look for arguments if ($v_size > 0) { @@ -737,27 +715,27 @@ function extract() if ((is_integer($v_arg_list[0])) && ($v_arg_list[0] > 77000)) { // ----- Parse the options - $v_result = $this->privParseOptions($v_arg_list, $v_size, $v_options, - array (PCLZIP_OPT_PATH => 'optional', - PCLZIP_OPT_REMOVE_PATH => 'optional', - PCLZIP_OPT_REMOVE_ALL_PATH => 'optional', - PCLZIP_OPT_ADD_PATH => 'optional', - PCLZIP_CB_PRE_EXTRACT => 'optional', - PCLZIP_CB_POST_EXTRACT => 'optional', - PCLZIP_OPT_SET_CHMOD => 'optional', - PCLZIP_OPT_BY_NAME => 'optional', - PCLZIP_OPT_BY_EREG => 'optional', - PCLZIP_OPT_BY_PREG => 'optional', - PCLZIP_OPT_BY_INDEX => 'optional', - PCLZIP_OPT_EXTRACT_AS_STRING => 'optional', - PCLZIP_OPT_EXTRACT_IN_OUTPUT => 'optional', - PCLZIP_OPT_REPLACE_NEWER => 'optional' - ,PCLZIP_OPT_STOP_ON_ERROR => 'optional' - ,PCLZIP_OPT_EXTRACT_DIR_RESTRICTION => 'optional', - PCLZIP_OPT_TEMP_FILE_THRESHOLD => 'optional', - PCLZIP_OPT_TEMP_FILE_ON => 'optional', - PCLZIP_OPT_TEMP_FILE_OFF => 'optional' - )); + $v_result = $this->privParseOptions($v_arg_list, $v_size, $v_options, array( + PCLZIP_OPT_PATH => 'optional', + PCLZIP_OPT_REMOVE_PATH => 'optional', + PCLZIP_OPT_REMOVE_ALL_PATH => 'optional', + PCLZIP_OPT_ADD_PATH => 'optional', + PCLZIP_CB_PRE_EXTRACT => 'optional', + PCLZIP_CB_POST_EXTRACT => 'optional', + PCLZIP_OPT_SET_CHMOD => 'optional', + PCLZIP_OPT_BY_NAME => 'optional', + PCLZIP_OPT_BY_EREG => 'optional', + PCLZIP_OPT_BY_PREG => 'optional', + PCLZIP_OPT_BY_INDEX => 'optional', + PCLZIP_OPT_EXTRACT_AS_STRING => 'optional', + PCLZIP_OPT_EXTRACT_IN_OUTPUT => 'optional', + PCLZIP_OPT_REPLACE_NEWER => 'optional', + PCLZIP_OPT_STOP_ON_ERROR => 'optional', + PCLZIP_OPT_EXTRACT_DIR_RESTRICTION => 'optional', + PCLZIP_OPT_TEMP_FILE_THRESHOLD => 'optional', + PCLZIP_OPT_TEMP_FILE_ON => 'optional', + PCLZIP_OPT_TEMP_FILE_OFF => 'optional' + )); if ($v_result != 1) { return 0; } @@ -779,12 +757,11 @@ function extract() } $v_path .= $v_options[PCLZIP_OPT_ADD_PATH]; } - } - // ----- Look for 2 args - // Here we need to support the first historic synopsis of the - // method. - else { + // ----- Look for 2 args + // Here we need to support the first historic synopsis of the + // method. + } else { // ----- Get the first argument $v_path = $v_arg_list[0]; @@ -792,8 +769,7 @@ function extract() // ----- Look for the optional second argument if ($v_size == 2) { $v_remove_path = $v_arg_list[1]; - } - else if ($v_size > 2) { + } elseif ($v_size > 2) { // ----- Error log PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Invalid number / type of arguments"); @@ -809,12 +785,12 @@ function extract() // ----- Trace // ----- Call the extracting fct - $p_list = array(); - $v_result = $this->privExtractByRule($p_list, $v_path, $v_remove_path, - $v_remove_all_path, $v_options); + $p_list = array(); + $v_result = $this->privExtractByRule($p_list, $v_path, $v_remove_path, $v_remove_all_path, $v_options); if ($v_result < 1) { unset($p_list); - return(0); + + return (0); } // ----- Return @@ -860,30 +836,30 @@ function extract() // (see PclZip::listContent() for list entry format) // -------------------------------------------------------------------------------- //function extractByIndex($p_index, options...) - function extractByIndex($p_index) + public function extractByIndex($p_index) { - $v_result=1; + $v_result = 1; // ----- Reset the error handler $this->privErrorReset(); // ----- Check archive if (!$this->privCheckFormat()) { - return(0); + return (0); } // ----- Set default values - $v_options = array(); -// $v_path = "./"; - $v_path = ''; - $v_remove_path = ""; + $v_options = array(); + // $v_path = "./"; + $v_path = ''; + $v_remove_path = ""; $v_remove_all_path = false; // ----- Look for variable options arguments $v_size = func_num_args(); // ----- Default values for option - $v_options[PCLZIP_OPT_EXTRACT_AS_STRING] = FALSE; + $v_options[PCLZIP_OPT_EXTRACT_AS_STRING] = false; // ----- Look for arguments if ($v_size > 1) { @@ -898,22 +874,22 @@ function extractByIndex($p_index) if ((is_integer($v_arg_list[0])) && ($v_arg_list[0] > 77000)) { // ----- Parse the options - $v_result = $this->privParseOptions($v_arg_list, $v_size, $v_options, - array (PCLZIP_OPT_PATH => 'optional', - PCLZIP_OPT_REMOVE_PATH => 'optional', - PCLZIP_OPT_REMOVE_ALL_PATH => 'optional', - PCLZIP_OPT_EXTRACT_AS_STRING => 'optional', - PCLZIP_OPT_ADD_PATH => 'optional', - PCLZIP_CB_PRE_EXTRACT => 'optional', - PCLZIP_CB_POST_EXTRACT => 'optional', - PCLZIP_OPT_SET_CHMOD => 'optional', - PCLZIP_OPT_REPLACE_NEWER => 'optional' - ,PCLZIP_OPT_STOP_ON_ERROR => 'optional' - ,PCLZIP_OPT_EXTRACT_DIR_RESTRICTION => 'optional', - PCLZIP_OPT_TEMP_FILE_THRESHOLD => 'optional', - PCLZIP_OPT_TEMP_FILE_ON => 'optional', - PCLZIP_OPT_TEMP_FILE_OFF => 'optional' - )); + $v_result = $this->privParseOptions($v_arg_list, $v_size, $v_options, array( + PCLZIP_OPT_PATH => 'optional', + PCLZIP_OPT_REMOVE_PATH => 'optional', + PCLZIP_OPT_REMOVE_ALL_PATH => 'optional', + PCLZIP_OPT_EXTRACT_AS_STRING => 'optional', + PCLZIP_OPT_ADD_PATH => 'optional', + PCLZIP_CB_PRE_EXTRACT => 'optional', + PCLZIP_CB_POST_EXTRACT => 'optional', + PCLZIP_OPT_SET_CHMOD => 'optional', + PCLZIP_OPT_REPLACE_NEWER => 'optional', + PCLZIP_OPT_STOP_ON_ERROR => 'optional', + PCLZIP_OPT_EXTRACT_DIR_RESTRICTION => 'optional', + PCLZIP_OPT_TEMP_FILE_THRESHOLD => 'optional', + PCLZIP_OPT_TEMP_FILE_ON => 'optional', + PCLZIP_OPT_TEMP_FILE_OFF => 'optional' + )); if ($v_result != 1) { return 0; } @@ -936,16 +912,14 @@ function extractByIndex($p_index) $v_path .= $v_options[PCLZIP_OPT_ADD_PATH]; } if (!isset($v_options[PCLZIP_OPT_EXTRACT_AS_STRING])) { - $v_options[PCLZIP_OPT_EXTRACT_AS_STRING] = FALSE; + $v_options[PCLZIP_OPT_EXTRACT_AS_STRING] = false; + } else { } - else { - } - } - // ----- Look for 2 args - // Here we need to support the first historic synopsis of the - // method. - else { + // ----- Look for 2 args + // Here we need to support the first historic synopsis of the + // method. + } else { // ----- Get the first argument $v_path = $v_arg_list[0]; @@ -953,8 +927,7 @@ function extractByIndex($p_index) // ----- Look for the optional second argument if ($v_size == 2) { $v_remove_path = $v_arg_list[1]; - } - else if ($v_size > 2) { + } elseif ($v_size > 2) { // ----- Error log PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Invalid number / type of arguments"); @@ -969,12 +942,16 @@ function extractByIndex($p_index) // ----- Trick // Here I want to reuse extractByRule(), so I need to parse the $p_index // with privParseOptions() - $v_arg_trick = array (PCLZIP_OPT_BY_INDEX, $p_index); + $v_arg_trick = array( + PCLZIP_OPT_BY_INDEX, + $p_index + ); $v_options_trick = array(); - $v_result = $this->privParseOptions($v_arg_trick, sizeof($v_arg_trick), $v_options_trick, - array (PCLZIP_OPT_BY_INDEX => 'optional' )); + $v_result = $this->privParseOptions($v_arg_trick, sizeof($v_arg_trick), $v_options_trick, array( + PCLZIP_OPT_BY_INDEX => 'optional' + )); if ($v_result != 1) { - return 0; + return 0; } $v_options[PCLZIP_OPT_BY_INDEX] = $v_options_trick[PCLZIP_OPT_BY_INDEX]; @@ -983,7 +960,7 @@ function extractByIndex($p_index) // ----- Call the extracting fct if (($v_result = $this->privExtractByRule($p_list, $v_path, $v_remove_path, $v_remove_all_path, $v_options)) < 1) { - return(0); + return (0); } // ----- Return @@ -1002,23 +979,23 @@ function extractByIndex($p_index) // Options : // PCLZIP_OPT_BY_INDEX : // PCLZIP_OPT_BY_NAME : - // PCLZIP_OPT_BY_EREG : + // PCLZIP_OPT_BY_EREG : // PCLZIP_OPT_BY_PREG : // Return Values : // 0 on failure, // The list of the files which are still present in the archive. // (see PclZip::listContent() for list entry format) // -------------------------------------------------------------------------------- - function delete() + public function delete() { - $v_result=1; + $v_result = 1; // ----- Reset the error handler $this->privErrorReset(); // ----- Check archive if (!$this->privCheckFormat()) { - return(0); + return (0); } // ----- Set default values @@ -1033,13 +1010,14 @@ function delete() $v_arg_list = func_get_args(); // ----- Parse the options - $v_result = $this->privParseOptions($v_arg_list, $v_size, $v_options, - array (PCLZIP_OPT_BY_NAME => 'optional', - PCLZIP_OPT_BY_EREG => 'optional', - PCLZIP_OPT_BY_PREG => 'optional', - PCLZIP_OPT_BY_INDEX => 'optional' )); + $v_result = $this->privParseOptions($v_arg_list, $v_size, $v_options, array( + PCLZIP_OPT_BY_NAME => 'optional', + PCLZIP_OPT_BY_EREG => 'optional', + PCLZIP_OPT_BY_PREG => 'optional', + PCLZIP_OPT_BY_INDEX => 'optional' + )); if ($v_result != 1) { - return 0; + return 0; } } @@ -1051,7 +1029,8 @@ function delete() if (($v_result = $this->privDeleteByRule($v_list, $v_options)) != 1) { $this->privSwapBackMagicQuotes(); unset($v_list); - return(0); + + return (0); } // ----- Magic quotes trick @@ -1068,9 +1047,9 @@ function delete() // ***** Deprecated ***** // delete(PCLZIP_OPT_BY_INDEX, $p_index) should be prefered. // -------------------------------------------------------------------------------- - function deleteByIndex($p_index) + public function deleteByIndex($p_index) { - + $p_list = $this->delete(PCLZIP_OPT_BY_INDEX, $p_index); // ----- Return @@ -1092,7 +1071,7 @@ function deleteByIndex($p_index) // 0 on failure, // An array with the archive properties. // -------------------------------------------------------------------------------- - function properties() + public function properties() { // ----- Reset the error handler @@ -1104,25 +1083,24 @@ function properties() // ----- Check archive if (!$this->privCheckFormat()) { $this->privSwapBackMagicQuotes(); - return(0); + + return (0); } // ----- Default properties - $v_prop = array(); + $v_prop = array(); $v_prop['comment'] = ''; - $v_prop['nb'] = 0; - $v_prop['status'] = 'not_exist'; + $v_prop['nb'] = 0; + $v_prop['status'] = 'not_exist'; // ----- Look if file exists - if (@is_file($this->zipname)) - { + if (@is_file($this->zipname)) { // ----- Open the zip file - if (($this->zip_fd = @fopen($this->zipname, 'rb')) == 0) - { + if (($this->zip_fd = @fopen($this->zipname, 'rb')) == 0) { $this->privSwapBackMagicQuotes(); - + // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Unable to open archive \''.$this->zipname.'\' in binary read mode'); + PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Unable to open archive \'' . $this->zipname . '\' in binary read mode'); // ----- Return return 0; @@ -1130,9 +1108,9 @@ function properties() // ----- Read the central directory informations $v_central_dir = array(); - if (($v_result = $this->privReadEndCentralDir($v_central_dir)) != 1) - { + if (($v_result = $this->privReadEndCentralDir($v_central_dir)) != 1) { $this->privSwapBackMagicQuotes(); + return 0; } @@ -1141,8 +1119,8 @@ function properties() // ----- Set the user attributes $v_prop['comment'] = $v_central_dir['comment']; - $v_prop['nb'] = $v_central_dir['entries']; - $v_prop['status'] = 'ok'; + $v_prop['nb'] = $v_central_dir['entries']; + $v_prop['status'] = 'ok'; } // ----- Magic quotes trick @@ -1165,7 +1143,7 @@ function properties() // 1 on success. // 0 or a negative value on error (error code). // -------------------------------------------------------------------------------- - function duplicate($p_archive) + public function duplicate($p_archive) { $v_result = 1; @@ -1173,33 +1151,27 @@ function duplicate($p_archive) $this->privErrorReset(); // ----- Look if the $p_archive is a PclZip object - if ((is_object($p_archive)) && (get_class($p_archive) == 'pclzip')) - { + if ((is_object($p_archive)) && (get_class($p_archive) == 'pclzip')) { // ----- Duplicate the archive $v_result = $this->privDuplicate($p_archive->zipname); - } - // ----- Look if the $p_archive is a string (so a filename) - else if (is_string($p_archive)) - { + // ----- Look if the $p_archive is a string (so a filename) + } elseif (is_string($p_archive)) { // ----- Check that $p_archive is a valid zip file // TBC : Should also check the archive format if (!is_file($p_archive)) { // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_MISSING_FILE, "No file with filename '".$p_archive."'"); + PclZip::privErrorLog(PCLZIP_ERR_MISSING_FILE, "No file with filename '" . $p_archive . "'"); $v_result = PCLZIP_ERR_MISSING_FILE; - } - else { + } else { // ----- Duplicate the archive $v_result = $this->privDuplicate($p_archive); } - } - // ----- Invalid variable - else - { + // ----- Invalid variable + } else { // ----- Error log PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Invalid variable type p_archive_to_add"); $v_result = PCLZIP_ERR_INVALID_PARAMETER; @@ -1224,7 +1196,7 @@ function duplicate($p_archive) // 1 on success, // 0 or negative values on error (see below). // -------------------------------------------------------------------------------- - function merge($p_archive_to_add) + public function merge($p_archive_to_add) { $v_result = 1; @@ -1233,31 +1205,26 @@ function merge($p_archive_to_add) // ----- Check archive if (!$this->privCheckFormat()) { - return(0); + return (0); } // ----- Look if the $p_archive_to_add is a PclZip object - if ((is_object($p_archive_to_add)) && (get_class($p_archive_to_add) == 'pclzip')) - { + if ((is_object($p_archive_to_add)) && (get_class($p_archive_to_add) == 'pclzip')) { // ----- Merge the archive $v_result = $this->privMerge($p_archive_to_add); - } - // ----- Look if the $p_archive_to_add is a string (so a filename) - else if (is_string($p_archive_to_add)) - { + // ----- Look if the $p_archive_to_add is a string (so a filename) + } elseif (is_string($p_archive_to_add)) { // ----- Create a temporary archive $v_object_archive = new PclZip($p_archive_to_add); // ----- Merge the archive $v_result = $this->privMerge($v_object_archive); - } - // ----- Invalid variable - else - { + // ----- Invalid variable + } else { // ----- Error log PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Invalid variable type p_archive_to_add"); $v_result = PCLZIP_ERR_INVALID_PARAMETER; @@ -1268,20 +1235,17 @@ function merge($p_archive_to_add) } // -------------------------------------------------------------------------------- - - // -------------------------------------------------------------------------------- // Function : errorCode() // Description : // Parameters : // -------------------------------------------------------------------------------- - function errorCode() + public function errorCode() { if (PCLZIP_ERROR_EXTERNAL == 1) { - return(PclErrorCode()); - } - else { - return($this->error_code); + return (PclErrorCode()); + } else { + return ($this->error_code); } } // -------------------------------------------------------------------------------- @@ -1291,43 +1255,42 @@ function errorCode() // Description : // Parameters : // -------------------------------------------------------------------------------- - function errorName($p_with_code=false) + public function errorName($p_with_code = false) { - $v_name = array ( PCLZIP_ERR_NO_ERROR => 'PCLZIP_ERR_NO_ERROR', - PCLZIP_ERR_WRITE_OPEN_FAIL => 'PCLZIP_ERR_WRITE_OPEN_FAIL', - PCLZIP_ERR_READ_OPEN_FAIL => 'PCLZIP_ERR_READ_OPEN_FAIL', - PCLZIP_ERR_INVALID_PARAMETER => 'PCLZIP_ERR_INVALID_PARAMETER', - PCLZIP_ERR_MISSING_FILE => 'PCLZIP_ERR_MISSING_FILE', - PCLZIP_ERR_FILENAME_TOO_LONG => 'PCLZIP_ERR_FILENAME_TOO_LONG', - PCLZIP_ERR_INVALID_ZIP => 'PCLZIP_ERR_INVALID_ZIP', - PCLZIP_ERR_BAD_EXTRACTED_FILE => 'PCLZIP_ERR_BAD_EXTRACTED_FILE', - PCLZIP_ERR_DIR_CREATE_FAIL => 'PCLZIP_ERR_DIR_CREATE_FAIL', - PCLZIP_ERR_BAD_EXTENSION => 'PCLZIP_ERR_BAD_EXTENSION', - PCLZIP_ERR_BAD_FORMAT => 'PCLZIP_ERR_BAD_FORMAT', - PCLZIP_ERR_DELETE_FILE_FAIL => 'PCLZIP_ERR_DELETE_FILE_FAIL', - PCLZIP_ERR_RENAME_FILE_FAIL => 'PCLZIP_ERR_RENAME_FILE_FAIL', - PCLZIP_ERR_BAD_CHECKSUM => 'PCLZIP_ERR_BAD_CHECKSUM', - PCLZIP_ERR_INVALID_ARCHIVE_ZIP => 'PCLZIP_ERR_INVALID_ARCHIVE_ZIP', - PCLZIP_ERR_MISSING_OPTION_VALUE => 'PCLZIP_ERR_MISSING_OPTION_VALUE', - PCLZIP_ERR_INVALID_OPTION_VALUE => 'PCLZIP_ERR_INVALID_OPTION_VALUE', - PCLZIP_ERR_UNSUPPORTED_COMPRESSION => 'PCLZIP_ERR_UNSUPPORTED_COMPRESSION', - PCLZIP_ERR_UNSUPPORTED_ENCRYPTION => 'PCLZIP_ERR_UNSUPPORTED_ENCRYPTION' - ,PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE => 'PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE' - ,PCLZIP_ERR_DIRECTORY_RESTRICTION => 'PCLZIP_ERR_DIRECTORY_RESTRICTION' - ); + $v_name = array( + PCLZIP_ERR_NO_ERROR => 'PCLZIP_ERR_NO_ERROR', + PCLZIP_ERR_WRITE_OPEN_FAIL => 'PCLZIP_ERR_WRITE_OPEN_FAIL', + PCLZIP_ERR_READ_OPEN_FAIL => 'PCLZIP_ERR_READ_OPEN_FAIL', + PCLZIP_ERR_INVALID_PARAMETER => 'PCLZIP_ERR_INVALID_PARAMETER', + PCLZIP_ERR_MISSING_FILE => 'PCLZIP_ERR_MISSING_FILE', + PCLZIP_ERR_FILENAME_TOO_LONG => 'PCLZIP_ERR_FILENAME_TOO_LONG', + PCLZIP_ERR_INVALID_ZIP => 'PCLZIP_ERR_INVALID_ZIP', + PCLZIP_ERR_BAD_EXTRACTED_FILE => 'PCLZIP_ERR_BAD_EXTRACTED_FILE', + PCLZIP_ERR_DIR_CREATE_FAIL => 'PCLZIP_ERR_DIR_CREATE_FAIL', + PCLZIP_ERR_BAD_EXTENSION => 'PCLZIP_ERR_BAD_EXTENSION', + PCLZIP_ERR_BAD_FORMAT => 'PCLZIP_ERR_BAD_FORMAT', + PCLZIP_ERR_DELETE_FILE_FAIL => 'PCLZIP_ERR_DELETE_FILE_FAIL', + PCLZIP_ERR_RENAME_FILE_FAIL => 'PCLZIP_ERR_RENAME_FILE_FAIL', + PCLZIP_ERR_BAD_CHECKSUM => 'PCLZIP_ERR_BAD_CHECKSUM', + PCLZIP_ERR_INVALID_ARCHIVE_ZIP => 'PCLZIP_ERR_INVALID_ARCHIVE_ZIP', + PCLZIP_ERR_MISSING_OPTION_VALUE => 'PCLZIP_ERR_MISSING_OPTION_VALUE', + PCLZIP_ERR_INVALID_OPTION_VALUE => 'PCLZIP_ERR_INVALID_OPTION_VALUE', + PCLZIP_ERR_UNSUPPORTED_COMPRESSION => 'PCLZIP_ERR_UNSUPPORTED_COMPRESSION', + PCLZIP_ERR_UNSUPPORTED_ENCRYPTION => 'PCLZIP_ERR_UNSUPPORTED_ENCRYPTION', + PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE => 'PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE', + PCLZIP_ERR_DIRECTORY_RESTRICTION => 'PCLZIP_ERR_DIRECTORY_RESTRICTION' + ); if (isset($v_name[$this->error_code])) { $v_value = $v_name[$this->error_code]; - } - else { + } else { $v_value = 'NoName'; } if ($p_with_code) { - return($v_value.' ('.$this->error_code.')'); - } - else { - return($v_value); + return ($v_value . ' (' . $this->error_code . ')'); + } else { + return ($v_value); } } // -------------------------------------------------------------------------------- @@ -1337,30 +1300,25 @@ function errorName($p_with_code=false) // Description : // Parameters : // -------------------------------------------------------------------------------- - function errorInfo($p_full=false) + public function errorInfo($p_full = false) { if (PCLZIP_ERROR_EXTERNAL == 1) { - return(PclErrorString()); - } - else { + return (PclErrorString()); + } else { if ($p_full) { - return($this->errorName(true)." : ".$this->error_string); - } - else { - return($this->error_string." [code ".$this->error_code."]"); + return ($this->errorName(true) . " : " . $this->error_string); + } else { + return ($this->error_string . " [code " . $this->error_code . "]"); } } } // -------------------------------------------------------------------------------- - -// -------------------------------------------------------------------------------- -// ***** UNDER THIS LINE ARE DEFINED PRIVATE INTERNAL FUNCTIONS ***** -// ***** ***** -// ***** THESES FUNCTIONS MUST NOT BE USED DIRECTLY ***** -// -------------------------------------------------------------------------------- - - + // -------------------------------------------------------------------------------- + // ***** UNDER THIS LINE ARE DEFINED PRIVATE INTERNAL FUNCTIONS ***** + // ***** ***** + // ***** THESES FUNCTIONS MUST NOT BE USED DIRECTLY ***** + // -------------------------------------------------------------------------------- // -------------------------------------------------------------------------------- // Function : privCheckFormat() @@ -1376,11 +1334,11 @@ function errorInfo($p_full=false) // true on success, // false on error, the error code is set. // -------------------------------------------------------------------------------- - function privCheckFormat($p_level=0) + public function privCheckFormat($p_level = 0) { $v_result = true; - // ----- Reset the file system cache + // ----- Reset the file system cache clearstatcache(); // ----- Reset the error handler @@ -1389,15 +1347,17 @@ function privCheckFormat($p_level=0) // ----- Look if the file exits if (!is_file($this->zipname)) { // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_MISSING_FILE, "Missing archive file '".$this->zipname."'"); - return(false); + PclZip::privErrorLog(PCLZIP_ERR_MISSING_FILE, "Missing archive file '" . $this->zipname . "'"); + + return (false); } // ----- Check that the file is readeable if (!is_readable($this->zipname)) { // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, "Unable to read archive '".$this->zipname."'"); - return(false); + PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, "Unable to read archive '" . $this->zipname . "'"); + + return (false); } // ----- Check the magic code @@ -1429,18 +1389,18 @@ function privCheckFormat($p_level=0) // 1 on success. // 0 on failure. // -------------------------------------------------------------------------------- - function privParseOptions(&$p_options_list, $p_size, &$v_result_list, $v_requested_options=false) + public function privParseOptions(&$p_options_list, $p_size, &$v_result_list, $v_requested_options = false) { - $v_result=1; - + $v_result = 1; + // ----- Read the options - $i=0; - while ($i<$p_size) { + $i = 0; + while ($i < $p_size) { // ----- Check if the option is supported if (!isset($v_requested_options[$p_options_list[$i]])) { // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Invalid optional parameter '".$p_options_list[$i]."' for this method"); + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Invalid optional parameter '" . $p_options_list[$i] . "' for this method"); // ----- Return return PclZip::errorCode(); @@ -1449,190 +1409,184 @@ function privParseOptions(&$p_options_list, $p_size, &$v_result_list, $v_request // ----- Look for next option switch ($p_options_list[$i]) { // ----- Look for options that request a path value - case PCLZIP_OPT_PATH : - case PCLZIP_OPT_REMOVE_PATH : - case PCLZIP_OPT_ADD_PATH : + case PCLZIP_OPT_PATH: + case PCLZIP_OPT_REMOVE_PATH: + case PCLZIP_OPT_ADD_PATH: // ----- Check the number of parameters - if (($i+1) >= $p_size) { + if (($i + 1) >= $p_size) { // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_MISSING_OPTION_VALUE, "Missing parameter value for option '".PclZipUtilOptionText($p_options_list[$i])."'"); + PclZip::privErrorLog(PCLZIP_ERR_MISSING_OPTION_VALUE, "Missing parameter value for option '" . PclZipUtilOptionText($p_options_list[$i]) . "'"); // ----- Return return PclZip::errorCode(); } // ----- Get the value - $v_result_list[$p_options_list[$i]] = PclZipUtilTranslateWinPath($p_options_list[$i+1], FALSE); + $v_result_list[$p_options_list[$i]] = PclZipUtilTranslateWinPath($p_options_list[$i + 1], false); $i++; - break; + break; - case PCLZIP_OPT_TEMP_FILE_THRESHOLD : + case PCLZIP_OPT_TEMP_FILE_THRESHOLD: // ----- Check the number of parameters - if (($i+1) >= $p_size) { - PclZip::privErrorLog(PCLZIP_ERR_MISSING_OPTION_VALUE, "Missing parameter value for option '".PclZipUtilOptionText($p_options_list[$i])."'"); + if (($i + 1) >= $p_size) { + PclZip::privErrorLog(PCLZIP_ERR_MISSING_OPTION_VALUE, "Missing parameter value for option '" . PclZipUtilOptionText($p_options_list[$i]) . "'"); + return PclZip::errorCode(); } - + // ----- Check for incompatible options if (isset($v_result_list[PCLZIP_OPT_TEMP_FILE_OFF])) { - PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Option '".PclZipUtilOptionText($p_options_list[$i])."' can not be used with option 'PCLZIP_OPT_TEMP_FILE_OFF'"); + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Option '" . PclZipUtilOptionText($p_options_list[$i]) . "' can not be used with option 'PCLZIP_OPT_TEMP_FILE_OFF'"); + return PclZip::errorCode(); } - + // ----- Check the value - $v_value = $p_options_list[$i+1]; - if ((!is_integer($v_value)) || ($v_value<0)) { - PclZip::privErrorLog(PCLZIP_ERR_INVALID_OPTION_VALUE, "Integer expected for option '".PclZipUtilOptionText($p_options_list[$i])."'"); + $v_value = $p_options_list[$i + 1]; + if ((!is_integer($v_value)) || ($v_value < 0)) { + PclZip::privErrorLog(PCLZIP_ERR_INVALID_OPTION_VALUE, "Integer expected for option '" . PclZipUtilOptionText($p_options_list[$i]) . "'"); + return PclZip::errorCode(); } // ----- Get the value (and convert it in bytes) - $v_result_list[$p_options_list[$i]] = $v_value*1048576; + $v_result_list[$p_options_list[$i]] = $v_value * 1048576; $i++; - break; + break; - case PCLZIP_OPT_TEMP_FILE_ON : + case PCLZIP_OPT_TEMP_FILE_ON: // ----- Check for incompatible options if (isset($v_result_list[PCLZIP_OPT_TEMP_FILE_OFF])) { - PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Option '".PclZipUtilOptionText($p_options_list[$i])."' can not be used with option 'PCLZIP_OPT_TEMP_FILE_OFF'"); + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Option '" . PclZipUtilOptionText($p_options_list[$i]) . "' can not be used with option 'PCLZIP_OPT_TEMP_FILE_OFF'"); + return PclZip::errorCode(); } - + $v_result_list[$p_options_list[$i]] = true; - break; + break; - case PCLZIP_OPT_TEMP_FILE_OFF : + case PCLZIP_OPT_TEMP_FILE_OFF: // ----- Check for incompatible options if (isset($v_result_list[PCLZIP_OPT_TEMP_FILE_ON])) { - PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Option '".PclZipUtilOptionText($p_options_list[$i])."' can not be used with option 'PCLZIP_OPT_TEMP_FILE_ON'"); + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Option '" . PclZipUtilOptionText($p_options_list[$i]) . "' can not be used with option 'PCLZIP_OPT_TEMP_FILE_ON'"); + return PclZip::errorCode(); } // ----- Check for incompatible options if (isset($v_result_list[PCLZIP_OPT_TEMP_FILE_THRESHOLD])) { - PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Option '".PclZipUtilOptionText($p_options_list[$i])."' can not be used with option 'PCLZIP_OPT_TEMP_FILE_THRESHOLD'"); + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Option '" . PclZipUtilOptionText($p_options_list[$i]) . "' can not be used with option 'PCLZIP_OPT_TEMP_FILE_THRESHOLD'"); + return PclZip::errorCode(); } - + $v_result_list[$p_options_list[$i]] = true; - break; + break; - case PCLZIP_OPT_EXTRACT_DIR_RESTRICTION : + case PCLZIP_OPT_EXTRACT_DIR_RESTRICTION: // ----- Check the number of parameters - if (($i+1) >= $p_size) { + if (($i + 1) >= $p_size) { // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_MISSING_OPTION_VALUE, "Missing parameter value for option '".PclZipUtilOptionText($p_options_list[$i])."'"); + PclZip::privErrorLog(PCLZIP_ERR_MISSING_OPTION_VALUE, "Missing parameter value for option '" . PclZipUtilOptionText($p_options_list[$i]) . "'"); // ----- Return return PclZip::errorCode(); } // ----- Get the value - if ( is_string($p_options_list[$i+1]) - && ($p_options_list[$i+1] != '')) { - $v_result_list[$p_options_list[$i]] = PclZipUtilTranslateWinPath($p_options_list[$i+1], FALSE); + if (is_string($p_options_list[$i + 1]) && ($p_options_list[$i + 1] != '')) { + $v_result_list[$p_options_list[$i]] = PclZipUtilTranslateWinPath($p_options_list[$i + 1], false); $i++; + } else { } - else { - } - break; + break; // ----- Look for options that request an array of string for value - case PCLZIP_OPT_BY_NAME : + case PCLZIP_OPT_BY_NAME: // ----- Check the number of parameters - if (($i+1) >= $p_size) { + if (($i + 1) >= $p_size) { // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_MISSING_OPTION_VALUE, "Missing parameter value for option '".PclZipUtilOptionText($p_options_list[$i])."'"); + PclZip::privErrorLog(PCLZIP_ERR_MISSING_OPTION_VALUE, "Missing parameter value for option '" . PclZipUtilOptionText($p_options_list[$i]) . "'"); // ----- Return return PclZip::errorCode(); } // ----- Get the value - if (is_string($p_options_list[$i+1])) { - $v_result_list[$p_options_list[$i]][0] = $p_options_list[$i+1]; - } - else if (is_array($p_options_list[$i+1])) { - $v_result_list[$p_options_list[$i]] = $p_options_list[$i+1]; - } - else { + if (is_string($p_options_list[$i + 1])) { + $v_result_list[$p_options_list[$i]][0] = $p_options_list[$i + 1]; + } elseif (is_array($p_options_list[$i + 1])) { + $v_result_list[$p_options_list[$i]] = $p_options_list[$i + 1]; + } else { // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_INVALID_OPTION_VALUE, "Wrong parameter value for option '".PclZipUtilOptionText($p_options_list[$i])."'"); + PclZip::privErrorLog(PCLZIP_ERR_INVALID_OPTION_VALUE, "Wrong parameter value for option '" . PclZipUtilOptionText($p_options_list[$i]) . "'"); // ----- Return return PclZip::errorCode(); } $i++; - break; + break; // ----- Look for options that request an EREG or PREG expression - case PCLZIP_OPT_BY_EREG : - // ereg() is deprecated starting with PHP 5.3. Move PCLZIP_OPT_BY_EREG - // to PCLZIP_OPT_BY_PREG + case PCLZIP_OPT_BY_EREG: $p_options_list[$i] = PCLZIP_OPT_BY_PREG; - case PCLZIP_OPT_BY_PREG : - //case PCLZIP_OPT_CRYPT : + // ereg() is deprecated starting with PHP 5.3. Move PCLZIP_OPT_BY_EREG + // to PCLZIP_OPT_BY_PREG + case PCLZIP_OPT_BY_PREG: + //case PCLZIP_OPT_CRYPT : // ----- Check the number of parameters - if (($i+1) >= $p_size) { + if (($i + 1) >= $p_size) { // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_MISSING_OPTION_VALUE, "Missing parameter value for option '".PclZipUtilOptionText($p_options_list[$i])."'"); + PclZip::privErrorLog(PCLZIP_ERR_MISSING_OPTION_VALUE, "Missing parameter value for option '" . PclZipUtilOptionText($p_options_list[$i]) . "'"); // ----- Return return PclZip::errorCode(); } // ----- Get the value - if (is_string($p_options_list[$i+1])) { - $v_result_list[$p_options_list[$i]] = $p_options_list[$i+1]; - } - else { + if (is_string($p_options_list[$i + 1])) { + $v_result_list[$p_options_list[$i]] = $p_options_list[$i + 1]; + } else { // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_INVALID_OPTION_VALUE, "Wrong parameter value for option '".PclZipUtilOptionText($p_options_list[$i])."'"); + PclZip::privErrorLog(PCLZIP_ERR_INVALID_OPTION_VALUE, "Wrong parameter value for option '" . PclZipUtilOptionText($p_options_list[$i]) . "'"); // ----- Return return PclZip::errorCode(); } $i++; - break; + break; // ----- Look for options that takes a string - case PCLZIP_OPT_COMMENT : - case PCLZIP_OPT_ADD_COMMENT : - case PCLZIP_OPT_PREPEND_COMMENT : + case PCLZIP_OPT_COMMENT: + case PCLZIP_OPT_ADD_COMMENT: + case PCLZIP_OPT_PREPEND_COMMENT: // ----- Check the number of parameters - if (($i+1) >= $p_size) { + if (($i + 1) >= $p_size) { // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_MISSING_OPTION_VALUE, - "Missing parameter value for option '" - .PclZipUtilOptionText($p_options_list[$i]) - ."'"); + PclZip::privErrorLog(PCLZIP_ERR_MISSING_OPTION_VALUE, "Missing parameter value for option '" . PclZipUtilOptionText($p_options_list[$i]) . "'"); // ----- Return return PclZip::errorCode(); } // ----- Get the value - if (is_string($p_options_list[$i+1])) { - $v_result_list[$p_options_list[$i]] = $p_options_list[$i+1]; - } - else { + if (is_string($p_options_list[$i + 1])) { + $v_result_list[$p_options_list[$i]] = $p_options_list[$i + 1]; + } else { // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_INVALID_OPTION_VALUE, - "Wrong parameter value for option '" - .PclZipUtilOptionText($p_options_list[$i]) - ."'"); + PclZip::privErrorLog(PCLZIP_ERR_INVALID_OPTION_VALUE, "Wrong parameter value for option '" . PclZipUtilOptionText($p_options_list[$i]) . "'"); // ----- Return return PclZip::errorCode(); } $i++; - break; + break; // ----- Look for options that request an array of index - case PCLZIP_OPT_BY_INDEX : + case PCLZIP_OPT_BY_INDEX: // ----- Check the number of parameters - if (($i+1) >= $p_size) { + if (($i + 1) >= $p_size) { // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_MISSING_OPTION_VALUE, "Missing parameter value for option '".PclZipUtilOptionText($p_options_list[$i])."'"); + PclZip::privErrorLog(PCLZIP_ERR_MISSING_OPTION_VALUE, "Missing parameter value for option '" . PclZipUtilOptionText($p_options_list[$i]) . "'"); // ----- Return return PclZip::errorCode(); @@ -1640,138 +1594,132 @@ function privParseOptions(&$p_options_list, $p_size, &$v_result_list, $v_request // ----- Get the value $v_work_list = array(); - if (is_string($p_options_list[$i+1])) { - - // ----- Remove spaces - $p_options_list[$i+1] = strtr($p_options_list[$i+1], ' ', ''); - - // ----- Parse items - $v_work_list = explode(",", $p_options_list[$i+1]); - } - else if (is_integer($p_options_list[$i+1])) { - $v_work_list[0] = $p_options_list[$i+1].'-'.$p_options_list[$i+1]; - } - else if (is_array($p_options_list[$i+1])) { - $v_work_list = $p_options_list[$i+1]; - } - else { + if (is_string($p_options_list[$i + 1])) { + + // ----- Remove spaces + $p_options_list[$i + 1] = strtr($p_options_list[$i + 1], ' ', ''); + + // ----- Parse items + $v_work_list = explode(",", $p_options_list[$i + 1]); + } elseif (is_integer($p_options_list[$i + 1])) { + $v_work_list[0] = $p_options_list[$i + 1] . '-' . $p_options_list[$i + 1]; + } elseif (is_array($p_options_list[$i + 1])) { + $v_work_list = $p_options_list[$i + 1]; + } else { // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_INVALID_OPTION_VALUE, "Value must be integer, string or array for option '".PclZipUtilOptionText($p_options_list[$i])."'"); + PclZip::privErrorLog(PCLZIP_ERR_INVALID_OPTION_VALUE, "Value must be integer, string or array for option '" . PclZipUtilOptionText($p_options_list[$i]) . "'"); // ----- Return return PclZip::errorCode(); } - + // ----- Reduce the index list // each index item in the list must be a couple with a start and // an end value : [0,3], [5-5], [8-10], ... // ----- Check the format of each item - $v_sort_flag=false; - $v_sort_value=0; - for ($j=0; $j= $p_size) { + if (($i + 1) >= $p_size) { // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_MISSING_OPTION_VALUE, "Missing parameter value for option '".PclZipUtilOptionText($p_options_list[$i])."'"); + PclZip::privErrorLog(PCLZIP_ERR_MISSING_OPTION_VALUE, "Missing parameter value for option '" . PclZipUtilOptionText($p_options_list[$i]) . "'"); // ----- Return return PclZip::errorCode(); } // ----- Get the value - $v_result_list[$p_options_list[$i]] = $p_options_list[$i+1]; + $v_result_list[$p_options_list[$i]] = $p_options_list[$i + 1]; $i++; - break; + break; // ----- Look for options that request a call-back - case PCLZIP_CB_PRE_EXTRACT : - case PCLZIP_CB_POST_EXTRACT : - case PCLZIP_CB_PRE_ADD : - case PCLZIP_CB_POST_ADD : - /* for futur use - case PCLZIP_CB_PRE_DELETE : - case PCLZIP_CB_POST_DELETE : - case PCLZIP_CB_PRE_LIST : - case PCLZIP_CB_POST_LIST : - */ + case PCLZIP_CB_PRE_EXTRACT: + case PCLZIP_CB_POST_EXTRACT: + case PCLZIP_CB_PRE_ADD: + case PCLZIP_CB_POST_ADD: + /* for futur use + case PCLZIP_CB_PRE_DELETE : + case PCLZIP_CB_POST_DELETE : + case PCLZIP_CB_PRE_LIST : + case PCLZIP_CB_POST_LIST : + */ // ----- Check the number of parameters - if (($i+1) >= $p_size) { + if (($i + 1) >= $p_size) { // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_MISSING_OPTION_VALUE, "Missing parameter value for option '".PclZipUtilOptionText($p_options_list[$i])."'"); + PclZip::privErrorLog(PCLZIP_ERR_MISSING_OPTION_VALUE, "Missing parameter value for option '" . PclZipUtilOptionText($p_options_list[$i]) . "'"); // ----- Return return PclZip::errorCode(); } // ----- Get the value - $v_function_name = $p_options_list[$i+1]; + $v_function_name = $p_options_list[$i + 1]; // ----- Check that the value is a valid existing function - if (!function_exists($v_function_name)) { + if ((is_string($v_function_name) && !function_exists($v_function_name)) && !is_callable($v_function_name)) { // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_INVALID_OPTION_VALUE, "Function '".$v_function_name."()' is not an existing function for option '".PclZipUtilOptionText($p_options_list[$i])."'"); + PclZip::privErrorLog(PCLZIP_ERR_INVALID_OPTION_VALUE, "Function '" . $v_function_name . "()' is not an existing function for option '" . PclZipUtilOptionText($p_options_list[$i]) . "'"); // ----- Return return PclZip::errorCode(); @@ -1780,13 +1728,11 @@ function privParseOptions(&$p_options_list, $p_size, &$v_result_list, $v_request // ----- Set the attribute $v_result_list[$p_options_list[$i]] = $v_function_name; $i++; - break; + break; - default : + default: // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, - "Unknown parameter '" - .$p_options_list[$i]."'"); + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Unknown parameter '" . $p_options_list[$i] . "'"); // ----- Return return PclZip::errorCode(); @@ -1798,13 +1744,13 @@ function privParseOptions(&$p_options_list, $p_size, &$v_result_list, $v_request // ----- Look for mandatory options if ($v_requested_options !== false) { - for ($key=reset($v_requested_options); $key=key($v_requested_options); $key=next($v_requested_options)) { + for ($key = reset($v_requested_options); $key = key($v_requested_options); $key = next($v_requested_options)) { // ----- Look for mandatory option if ($v_requested_options[$key] == 'mandatory') { // ----- Look if present if (!isset($v_result_list[$key])) { // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Missing mandatory parameter ".PclZipUtilOptionText($key)."(".$key.")"); + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Missing mandatory parameter " . PclZipUtilOptionText($key) . "(" . $key . ")"); // ----- Return return PclZip::errorCode(); @@ -1812,10 +1758,10 @@ function privParseOptions(&$p_options_list, $p_size, &$v_result_list, $v_request } } } - + // ----- Look for default values if (!isset($v_result_list[PCLZIP_OPT_TEMP_FILE_THRESHOLD])) { - + } // ----- Return @@ -1829,37 +1775,38 @@ function privParseOptions(&$p_options_list, $p_size, &$v_result_list, $v_request // Parameters : // Return Values : // -------------------------------------------------------------------------------- - function privOptionDefaultThreshold(&$p_options) + public function privOptionDefaultThreshold(&$p_options) { - $v_result=1; - - if (isset($p_options[PCLZIP_OPT_TEMP_FILE_THRESHOLD]) - || isset($p_options[PCLZIP_OPT_TEMP_FILE_OFF])) { + $v_result = 1; + + if (isset($p_options[PCLZIP_OPT_TEMP_FILE_THRESHOLD]) || isset($p_options[PCLZIP_OPT_TEMP_FILE_OFF])) { return $v_result; } - + // ----- Get 'memory_limit' configuration value $v_memory_limit = ini_get('memory_limit'); $v_memory_limit = trim($v_memory_limit); - $last = strtolower(substr($v_memory_limit, -1)); - - if($last == 'g') - //$v_memory_limit = $v_memory_limit*1024*1024*1024; - $v_memory_limit = $v_memory_limit*1073741824; - if($last == 'm') - //$v_memory_limit = $v_memory_limit*1024*1024; - $v_memory_limit = $v_memory_limit*1048576; - if($last == 'k') - $v_memory_limit = $v_memory_limit*1024; - - $p_options[PCLZIP_OPT_TEMP_FILE_THRESHOLD] = floor($v_memory_limit*PCLZIP_TEMPORARY_FILE_RATIO); - + $last = strtolower(substr($v_memory_limit, -1)); + + if ($last == 'g') { + //$v_memory_limit = $v_memory_limit*1024*1024*1024; + $v_memory_limit = $v_memory_limit * 1073741824; + } + if ($last == 'm') { + //$v_memory_limit = $v_memory_limit*1024*1024; + $v_memory_limit = $v_memory_limit * 1048576; + } + if ($last == 'k') { + $v_memory_limit = $v_memory_limit * 1024; + } + + $p_options[PCLZIP_OPT_TEMP_FILE_THRESHOLD] = floor($v_memory_limit * PCLZIP_TEMPORARY_FILE_RATIO); // ----- Sanity check : No threshold if value lower than 1M if ($p_options[PCLZIP_OPT_TEMP_FILE_THRESHOLD] < 1048576) { unset($p_options[PCLZIP_OPT_TEMP_FILE_THRESHOLD]); } - + // ----- Return return $v_result; } @@ -1873,17 +1820,17 @@ function privOptionDefaultThreshold(&$p_options) // 1 on success. // 0 on failure. // -------------------------------------------------------------------------------- - function privFileDescrParseAtt(&$p_file_list, &$p_filedescr, $v_options, $v_requested_options=false) + public function privFileDescrParseAtt(&$p_file_list, &$p_filedescr, $v_options, $v_requested_options = false) { - $v_result=1; - + $v_result = 1; + // ----- For each file in the list check the attributes foreach ($p_file_list as $v_key => $v_value) { - + // ----- Check if the option is supported if (!isset($v_requested_options[$v_key])) { // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Invalid file attribute '".$v_key."' for this file"); + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Invalid file attribute '" . $v_key . "' for this file"); // ----- Return return PclZip::errorCode(); @@ -1891,76 +1838,83 @@ function privFileDescrParseAtt(&$p_file_list, &$p_filedescr, $v_options, $v_requ // ----- Look for attribute switch ($v_key) { - case PCLZIP_ATT_FILE_NAME : + case PCLZIP_ATT_FILE_NAME: if (!is_string($v_value)) { - PclZip::privErrorLog(PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE, "Invalid type ".gettype($v_value).". String expected for attribute '".PclZipUtilOptionText($v_key)."'"); + PclZip::privErrorLog(PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE, "Invalid type " . gettype($v_value) . ". String expected for attribute '" . PclZipUtilOptionText($v_key) . "'"); + return PclZip::errorCode(); } $p_filedescr['filename'] = PclZipUtilPathReduction($v_value); - + if ($p_filedescr['filename'] == '') { - PclZip::privErrorLog(PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE, "Invalid empty filename for attribute '".PclZipUtilOptionText($v_key)."'"); + PclZip::privErrorLog(PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE, "Invalid empty filename for attribute '" . PclZipUtilOptionText($v_key) . "'"); + return PclZip::errorCode(); } - break; + break; - case PCLZIP_ATT_FILE_NEW_SHORT_NAME : + case PCLZIP_ATT_FILE_NEW_SHORT_NAME: if (!is_string($v_value)) { - PclZip::privErrorLog(PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE, "Invalid type ".gettype($v_value).". String expected for attribute '".PclZipUtilOptionText($v_key)."'"); + PclZip::privErrorLog(PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE, "Invalid type " . gettype($v_value) . ". String expected for attribute '" . PclZipUtilOptionText($v_key) . "'"); + return PclZip::errorCode(); } $p_filedescr['new_short_name'] = PclZipUtilPathReduction($v_value); if ($p_filedescr['new_short_name'] == '') { - PclZip::privErrorLog(PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE, "Invalid empty short filename for attribute '".PclZipUtilOptionText($v_key)."'"); + PclZip::privErrorLog(PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE, "Invalid empty short filename for attribute '" . PclZipUtilOptionText($v_key) . "'"); + return PclZip::errorCode(); } - break; + break; - case PCLZIP_ATT_FILE_NEW_FULL_NAME : + case PCLZIP_ATT_FILE_NEW_FULL_NAME: if (!is_string($v_value)) { - PclZip::privErrorLog(PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE, "Invalid type ".gettype($v_value).". String expected for attribute '".PclZipUtilOptionText($v_key)."'"); + PclZip::privErrorLog(PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE, "Invalid type " . gettype($v_value) . ". String expected for attribute '" . PclZipUtilOptionText($v_key) . "'"); + return PclZip::errorCode(); } $p_filedescr['new_full_name'] = PclZipUtilPathReduction($v_value); if ($p_filedescr['new_full_name'] == '') { - PclZip::privErrorLog(PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE, "Invalid empty full filename for attribute '".PclZipUtilOptionText($v_key)."'"); + PclZip::privErrorLog(PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE, "Invalid empty full filename for attribute '" . PclZipUtilOptionText($v_key) . "'"); + return PclZip::errorCode(); } - break; + break; // ----- Look for options that takes a string - case PCLZIP_ATT_FILE_COMMENT : + case PCLZIP_ATT_FILE_COMMENT: if (!is_string($v_value)) { - PclZip::privErrorLog(PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE, "Invalid type ".gettype($v_value).". String expected for attribute '".PclZipUtilOptionText($v_key)."'"); + PclZip::privErrorLog(PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE, "Invalid type " . gettype($v_value) . ". String expected for attribute '" . PclZipUtilOptionText($v_key) . "'"); + return PclZip::errorCode(); } $p_filedescr['comment'] = $v_value; - break; + break; - case PCLZIP_ATT_FILE_MTIME : + case PCLZIP_ATT_FILE_MTIME: if (!is_integer($v_value)) { - PclZip::privErrorLog(PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE, "Invalid type ".gettype($v_value).". Integer expected for attribute '".PclZipUtilOptionText($v_key)."'"); + PclZip::privErrorLog(PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE, "Invalid type " . gettype($v_value) . ". Integer expected for attribute '" . PclZipUtilOptionText($v_key) . "'"); + return PclZip::errorCode(); } $p_filedescr['mtime'] = $v_value; - break; + break; - case PCLZIP_ATT_FILE_CONTENT : + case PCLZIP_ATT_FILE_CONTENT: $p_filedescr['content'] = $v_value; - break; + break; - default : + default: // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, - "Unknown parameter '".$v_key."'"); + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Unknown parameter '" . $v_key . "'"); // ----- Return return PclZip::errorCode(); @@ -1968,21 +1922,22 @@ function privFileDescrParseAtt(&$p_file_list, &$p_filedescr, $v_options, $v_requ // ----- Look for mandatory options if ($v_requested_options !== false) { - for ($key=reset($v_requested_options); $key=key($v_requested_options); $key=next($v_requested_options)) { + for ($key = reset($v_requested_options); $key = key($v_requested_options); $key = next($v_requested_options)) { // ----- Look for mandatory option if ($v_requested_options[$key] == 'mandatory') { // ----- Look if present if (!isset($p_file_list[$key])) { - PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Missing mandatory parameter ".PclZipUtilOptionText($key)."(".$key.")"); + PclZip::privErrorLog(PCLZIP_ERR_INVALID_PARAMETER, "Missing mandatory parameter " . PclZipUtilOptionText($key) . "(" . $key . ")"); + return PclZip::errorCode(); } } } } - - // end foreach + + // end foreach } - + // ----- Return return $v_result; } @@ -1995,124 +1950,115 @@ function privFileDescrParseAtt(&$p_file_list, &$p_filedescr, $v_options, $v_requ // or a string to be added as file. For any other type of files (link, other) // just ignore the item. // Then prepare the information that will be stored for that file. - // When its a folder, expand the folder with all the files that are in that + // When its a folder, expand the folder with all the files that are in that // folder (recursively). // Parameters : // Return Values : // 1 on success. // 0 on failure. // -------------------------------------------------------------------------------- - function privFileDescrExpand(&$p_filedescr_list, &$p_options) + public function privFileDescrExpand(&$p_filedescr_list, &$p_options) { - $v_result=1; - + $v_result = 1; + // ----- Create a result list $v_result_list = array(); - + // ----- Look each entry - for ($i=0; $iprivCalculateStoredFilename($v_descr, $p_options); - + // ----- Add the descriptor in result list $v_result_list[sizeof($v_result_list)] = $v_descr; - + // ----- Look for folder if ($v_descr['type'] == 'folder') { // ----- List of items in folder $v_dirlist_descr = array(); - $v_dirlist_nb = 0; + $v_dirlist_nb = 0; if ($v_folder_handler = @opendir($v_descr['filename'])) { while (($v_item_handler = @readdir($v_folder_handler)) !== false) { // ----- Skip '.' and '..' if (($v_item_handler == '.') || ($v_item_handler == '..')) { - continue; + continue; } - + // ----- Compose the full filename - $v_dirlist_descr[$v_dirlist_nb]['filename'] = $v_descr['filename'].'/'.$v_item_handler; - + $v_dirlist_descr[$v_dirlist_nb]['filename'] = $v_descr['filename'] . '/' . $v_item_handler; + // ----- Look for different stored filename // Because the name of the folder was changed, the name of the // files/sub-folders also change - if (($v_descr['stored_filename'] != $v_descr['filename']) - && (!isset($p_options[PCLZIP_OPT_REMOVE_ALL_PATH]))) { + if (($v_descr['stored_filename'] != $v_descr['filename']) && (!isset($p_options[PCLZIP_OPT_REMOVE_ALL_PATH]))) { if ($v_descr['stored_filename'] != '') { - $v_dirlist_descr[$v_dirlist_nb]['new_full_name'] = $v_descr['stored_filename'].'/'.$v_item_handler; - } - else { + $v_dirlist_descr[$v_dirlist_nb]['new_full_name'] = $v_descr['stored_filename'] . '/' . $v_item_handler; + } else { $v_dirlist_descr[$v_dirlist_nb]['new_full_name'] = $v_item_handler; } } - + $v_dirlist_nb++; } - + @closedir($v_folder_handler); - } - else { + } else { // TBC : unable to open folder in read mode } - + // ----- Expand each element of the list if ($v_dirlist_nb != 0) { // ----- Expand if (($v_result = $this->privFileDescrExpand($v_dirlist_descr, $p_options)) != 1) { return $v_result; } - + // ----- Concat the resulting list $v_result_list = array_merge($v_result_list, $v_dirlist_descr); + } else { } - else { - } - + // ----- Free local array unset($v_dirlist_descr); } } - + // ----- Get the result list $p_filedescr_list = $v_result_list; @@ -2127,17 +2073,16 @@ function privFileDescrExpand(&$p_filedescr_list, &$p_options) // Parameters : // Return Values : // -------------------------------------------------------------------------------- - function privCreate($p_filedescr_list, &$p_result_list, &$p_options) + public function privCreate($p_filedescr_list, &$p_result_list, &$p_options) { - $v_result=1; + $v_result = 1; $v_list_detail = array(); - + // ----- Magic quotes trick $this->privDisableMagicQuotes(); // ----- Open the file in write mode - if (($v_result = $this->privOpenFd('wb')) != 1) - { + if (($v_result = $this->privOpenFd('wb')) != 1) { // ----- Return return $v_result; } @@ -2162,14 +2107,13 @@ function privCreate($p_filedescr_list, &$p_result_list, &$p_options) // Parameters : // Return Values : // -------------------------------------------------------------------------------- - function privAdd($p_filedescr_list, &$p_result_list, &$p_options) + public function privAdd($p_filedescr_list, &$p_result_list, &$p_options) { - $v_result=1; + $v_result = 1; $v_list_detail = array(); // ----- Look if the archive exists or is empty - if ((!is_file($this->zipname)) || (filesize($this->zipname) == 0)) - { + if ((!is_file($this->zipname)) || (filesize($this->zipname) == 0)) { // ----- Do a create $v_result = $this->privCreate($p_filedescr_list, $p_result_list, $p_options); @@ -2181,8 +2125,7 @@ function privAdd($p_filedescr_list, &$p_result_list, &$p_options) $this->privDisableMagicQuotes(); // ----- Open the zip file - if (($v_result=$this->privOpenFd('rb')) != 1) - { + if (($v_result = $this->privOpenFd('rb')) != 1) { // ----- Magic quotes trick $this->privSwapBackMagicQuotes(); @@ -2192,10 +2135,10 @@ function privAdd($p_filedescr_list, &$p_result_list, &$p_options) // ----- Read the central directory informations $v_central_dir = array(); - if (($v_result = $this->privReadEndCentralDir($v_central_dir)) != 1) - { + if (($v_result = $this->privReadEndCentralDir($v_central_dir)) != 1) { $this->privCloseFd(); $this->privSwapBackMagicQuotes(); + return $v_result; } @@ -2203,15 +2146,14 @@ function privAdd($p_filedescr_list, &$p_result_list, &$p_options) @rewind($this->zip_fd); // ----- Creates a temporay file - $v_zip_temp_name = PCLZIP_TEMPORARY_DIR.uniqid('pclzip-').'.tmp'; + $v_zip_temp_name = PCLZIP_TEMPORARY_DIR . uniqid('pclzip-') . '.tmp'; // ----- Open the temporary file in write mode - if (($v_zip_temp_fd = @fopen($v_zip_temp_name, 'wb')) == 0) - { + if (($v_zip_temp_fd = @fopen($v_zip_temp_name, 'wb')) == 0) { $this->privCloseFd(); $this->privSwapBackMagicQuotes(); - PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Unable to open temporary file \''.$v_zip_temp_name.'\' in binary write mode'); + PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Unable to open temporary file \'' . $v_zip_temp_name . '\' in binary write mode'); // ----- Return return PclZip::errorCode(); @@ -2220,10 +2162,9 @@ function privAdd($p_filedescr_list, &$p_result_list, &$p_options) // ----- Copy the files from the archive to the temporary file // TBC : Here I should better append the file and go back to erase the central dir $v_size = $v_central_dir['offset']; - while ($v_size != 0) - { + while ($v_size != 0) { $v_read_size = ($v_size < PCLZIP_READ_BLOCK_SIZE ? $v_size : PCLZIP_READ_BLOCK_SIZE); - $v_buffer = fread($this->zip_fd, $v_read_size); + $v_buffer = fread($this->zip_fd, $v_read_size); @fwrite($v_zip_temp_fd, $v_buffer, $v_read_size); $v_size -= $v_read_size; } @@ -2231,14 +2172,13 @@ function privAdd($p_filedescr_list, &$p_result_list, &$p_options) // ----- Swap the file descriptor // Here is a trick : I swap the temporary fd with the zip fd, in order to use // the following methods on the temporary fil and not the real archive - $v_swap = $this->zip_fd; - $this->zip_fd = $v_zip_temp_fd; + $v_swap = $this->zip_fd; + $this->zip_fd = $v_zip_temp_fd; $v_zip_temp_fd = $v_swap; // ----- Add the files $v_header_list = array(); - if (($v_result = $this->privAddFileList($p_filedescr_list, $v_header_list, $p_options)) != 1) - { + if (($v_result = $this->privAddFileList($p_filedescr_list, $v_header_list, $p_options)) != 1) { fclose($v_zip_temp_fd); $this->privCloseFd(); @unlink($v_zip_temp_name); @@ -2253,17 +2193,15 @@ function privAdd($p_filedescr_list, &$p_result_list, &$p_options) // ----- Copy the block of file headers from the old archive $v_size = $v_central_dir['size']; - while ($v_size != 0) - { + while ($v_size != 0) { $v_read_size = ($v_size < PCLZIP_READ_BLOCK_SIZE ? $v_size : PCLZIP_READ_BLOCK_SIZE); - $v_buffer = @fread($v_zip_temp_fd, $v_read_size); + $v_buffer = @fread($v_zip_temp_fd, $v_read_size); @fwrite($this->zip_fd, $v_buffer, $v_read_size); $v_size -= $v_read_size; } // ----- Create the Central Dir files header - for ($i=0, $v_count=0; $iprivWriteCentralFileHeader($v_header_list[$i])) != 1) { @@ -2288,18 +2226,17 @@ function privAdd($p_filedescr_list, &$p_result_list, &$p_options) $v_comment = $p_options[PCLZIP_OPT_COMMENT]; } if (isset($p_options[PCLZIP_OPT_ADD_COMMENT])) { - $v_comment = $v_comment.$p_options[PCLZIP_OPT_ADD_COMMENT]; + $v_comment = $v_comment . $p_options[PCLZIP_OPT_ADD_COMMENT]; } if (isset($p_options[PCLZIP_OPT_PREPEND_COMMENT])) { - $v_comment = $p_options[PCLZIP_OPT_PREPEND_COMMENT].$v_comment; + $v_comment = $p_options[PCLZIP_OPT_PREPEND_COMMENT] . $v_comment; } // ----- Calculate the size of the central header - $v_size = @ftell($this->zip_fd)-$v_offset; + $v_size = @ftell($this->zip_fd) - $v_offset; // ----- Create the central dir footer - if (($v_result = $this->privWriteCentralHeader($v_count+$v_central_dir['entries'], $v_size, $v_offset, $v_comment)) != 1) - { + if (($v_result = $this->privWriteCentralHeader($v_count + $v_central_dir['entries'], $v_size, $v_offset, $v_comment)) != 1) { // ----- Reset the file list unset($v_header_list); $this->privSwapBackMagicQuotes(); @@ -2309,8 +2246,8 @@ function privAdd($p_filedescr_list, &$p_result_list, &$p_options) } // ----- Swap back the file descriptor - $v_swap = $this->zip_fd; - $this->zip_fd = $v_zip_temp_fd; + $v_swap = $this->zip_fd; + $this->zip_fd = $v_zip_temp_fd; $v_zip_temp_fd = $v_swap; // ----- Close @@ -2341,25 +2278,23 @@ function privAdd($p_filedescr_list, &$p_result_list, &$p_options) // Description : // Parameters : // -------------------------------------------------------------------------------- - function privOpenFd($p_mode) + public function privOpenFd($p_mode) { - $v_result=1; + $v_result = 1; // ----- Look if already open - if ($this->zip_fd != 0) - { + if ($this->zip_fd != 0) { // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Zip file \''.$this->zipname.'\' already open'); + PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Zip file \'' . $this->zipname . '\' already open'); // ----- Return return PclZip::errorCode(); } // ----- Open the zip file - if (($this->zip_fd = @fopen($this->zipname, $p_mode)) == 0) - { + if (($this->zip_fd = @fopen($this->zipname, $p_mode)) == 0) { // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Unable to open archive \''.$this->zipname.'\' in '.$p_mode.' mode'); + PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Unable to open archive \'' . $this->zipname . '\' in ' . $p_mode . ' mode'); // ----- Return return PclZip::errorCode(); @@ -2375,12 +2310,13 @@ function privOpenFd($p_mode) // Description : // Parameters : // -------------------------------------------------------------------------------- - function privCloseFd() + public function privCloseFd() { - $v_result=1; + $v_result = 1; - if ($this->zip_fd != 0) + if ($this->zip_fd != 0) { @fclose($this->zip_fd); + } $this->zip_fd = 0; // ----- Return @@ -2401,15 +2337,14 @@ function privCloseFd() // $p_remove_dir : Path to remove in the filename path archived // Return Values : // -------------------------------------------------------------------------------- -// function privAddList($p_list, &$p_result_list, $p_add_dir, $p_remove_dir, $p_remove_all_dir, &$p_options) - function privAddList($p_filedescr_list, &$p_result_list, &$p_options) + // function privAddList($p_list, &$p_result_list, $p_add_dir, $p_remove_dir, $p_remove_all_dir, &$p_options) + public function privAddList($p_filedescr_list, &$p_result_list, &$p_options) { - $v_result=1; + $v_result = 1; // ----- Add the files $v_header_list = array(); - if (($v_result = $this->privAddFileList($p_filedescr_list, $v_header_list, $p_options)) != 1) - { + if (($v_result = $this->privAddFileList($p_filedescr_list, $v_header_list, $p_options)) != 1) { // ----- Return return $v_result; } @@ -2418,8 +2353,7 @@ function privAddList($p_filedescr_list, &$p_result_list, &$p_options) $v_offset = @ftell($this->zip_fd); // ----- Create the Central Dir files header - for ($i=0,$v_count=0; $iprivWriteCentralFileHeader($v_header_list[$i])) != 1) { @@ -2440,11 +2374,10 @@ function privAddList($p_filedescr_list, &$p_result_list, &$p_options) } // ----- Calculate the size of the central header - $v_size = @ftell($this->zip_fd)-$v_offset; + $v_size = @ftell($this->zip_fd) - $v_offset; // ----- Create the central dir footer - if (($v_result = $this->privWriteCentralHeader($v_count, $v_size, $v_offset, $v_comment)) != 1) - { + if (($v_result = $this->privWriteCentralHeader($v_count, $v_size, $v_offset, $v_comment)) != 1) { // ----- Reset the file list unset($v_header_list); @@ -2461,25 +2394,23 @@ function privAddList($p_filedescr_list, &$p_result_list, &$p_options) // Function : privAddFileList() // Description : // Parameters : - // $p_filedescr_list : An array containing the file description + // $p_filedescr_list : An array containing the file description // or directory names to add in the zip // $p_result_list : list of added files with their properties (specially the status field) // Return Values : // -------------------------------------------------------------------------------- - function privAddFileList($p_filedescr_list, &$p_result_list, &$p_options) + public function privAddFileList($p_filedescr_list, &$p_result_list, &$p_options) { - $v_result=1; + $v_result = 1; $v_header = array(); // ----- Recuperate the current number of elt in list $v_nb = sizeof($p_result_list); // ----- Loop on the files - for ($j=0; ($jprivAddFile($p_filedescr_list[$j], $v_header, - $p_options); + $v_result = $this->privAddFile($p_filedescr_list[$j], $v_header, $p_options); if ($v_result != 1) { return $v_result; } @@ -2528,10 +2453,10 @@ function privAddFileList($p_filedescr_list, &$p_result_list, &$p_options) // Parameters : // Return Values : // -------------------------------------------------------------------------------- - function privAddFile($p_filedescr, &$p_header, &$p_options) + public function privAddFile($p_filedescr, &$p_header, &$p_options) { - $v_result=1; - + $v_result = 1; + // ----- Working variable $p_filename = $p_filedescr['filename']; @@ -2543,76 +2468,69 @@ function privAddFile($p_filedescr, &$p_header, &$p_options) // ----- Return return PclZip::errorCode(); } - - // ----- Look for a stored different filename + + // ----- Look for a stored different filename /* TBC : Removed - if (isset($p_filedescr['stored_filename'])) { - $v_stored_filename = $p_filedescr['stored_filename']; - } - else { - $v_stored_filename = $p_filedescr['stored_filename']; - } - */ + if (isset($p_filedescr['stored_filename'])) { + $v_stored_filename = $p_filedescr['stored_filename']; + } else { + $v_stored_filename = $p_filedescr['stored_filename']; + } + */ // ----- Set the file properties clearstatcache(); - $p_header['version'] = 20; + $p_header['version'] = 20; $p_header['version_extracted'] = 10; - $p_header['flag'] = 0; - $p_header['compression'] = 0; - $p_header['crc'] = 0; - $p_header['compressed_size'] = 0; - $p_header['filename_len'] = strlen($p_filename); - $p_header['extra_len'] = 0; - $p_header['disk'] = 0; - $p_header['internal'] = 0; - $p_header['offset'] = 0; - $p_header['filename'] = $p_filename; -// TBC : Removed $p_header['stored_filename'] = $v_stored_filename; - $p_header['stored_filename'] = $p_filedescr['stored_filename']; - $p_header['extra'] = ''; - $p_header['status'] = 'ok'; - $p_header['index'] = -1; + $p_header['flag'] = 0; + $p_header['compression'] = 0; + $p_header['crc'] = 0; + $p_header['compressed_size'] = 0; + $p_header['filename_len'] = strlen($p_filename); + $p_header['extra_len'] = 0; + $p_header['disk'] = 0; + $p_header['internal'] = 0; + $p_header['offset'] = 0; + $p_header['filename'] = $p_filename; + // TBC : Removed $p_header['stored_filename'] = $v_stored_filename; + $p_header['stored_filename'] = $p_filedescr['stored_filename']; + $p_header['extra'] = ''; + $p_header['status'] = 'ok'; + $p_header['index'] = -1; // ----- Look for regular file - if ($p_filedescr['type']=='file') { + if ($p_filedescr['type'] == 'file') { $p_header['external'] = 0x00000000; - $p_header['size'] = filesize($p_filename); - } - - // ----- Look for regular folder - else if ($p_filedescr['type']=='folder') { + $p_header['size'] = filesize($p_filename); + + // ----- Look for regular folder + } elseif ($p_filedescr['type'] == 'folder') { $p_header['external'] = 0x00000010; - $p_header['mtime'] = filemtime($p_filename); - $p_header['size'] = filesize($p_filename); - } - - // ----- Look for virtual file - else if ($p_filedescr['type'] == 'virtual_file') { + $p_header['mtime'] = filemtime($p_filename); + $p_header['size'] = filesize($p_filename); + + // ----- Look for virtual file + } elseif ($p_filedescr['type'] == 'virtual_file') { $p_header['external'] = 0x00000000; - $p_header['size'] = strlen($p_filedescr['content']); + $p_header['size'] = strlen($p_filedescr['content']); } - // ----- Look for filetime if (isset($p_filedescr['mtime'])) { $p_header['mtime'] = $p_filedescr['mtime']; - } - else if ($p_filedescr['type'] == 'virtual_file') { + } elseif ($p_filedescr['type'] == 'virtual_file') { $p_header['mtime'] = time(); - } - else { + } else { $p_header['mtime'] = filemtime($p_filename); } // ------ Look for file comment if (isset($p_filedescr['comment'])) { $p_header['comment_len'] = strlen($p_filedescr['comment']); - $p_header['comment'] = $p_filedescr['comment']; - } - else { + $p_header['comment'] = $p_filedescr['comment']; + } else { $p_header['comment_len'] = 0; - $p_header['comment'] = ''; + $p_header['comment'] = ''; } // ----- Look for pre-add callback @@ -2625,12 +2543,12 @@ function privAddFile($p_filedescr, &$p_header, &$p_options) // ----- Call the callback // Here I do not use call_user_func() because I need to send a reference to the // header. -// eval('$v_result = '.$p_options[PCLZIP_CB_PRE_ADD].'(PCLZIP_CB_PRE_ADD, $v_local_header);'); + // eval('$v_result = '.$p_options[PCLZIP_CB_PRE_ADD].'(PCLZIP_CB_PRE_ADD, $v_local_header);'); $v_result = $p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header); if ($v_result == 0) { // ----- Change the file status $p_header['status'] = "skipped"; - $v_result = 1; + $v_result = 1; } // ----- Update the informations @@ -2644,7 +2562,7 @@ function privAddFile($p_filedescr, &$p_header, &$p_options) if ($p_header['stored_filename'] == "") { $p_header['status'] = "filtered"; } - + // ----- Check the path length if (strlen($p_header['stored_filename']) > 0xFF) { $p_header['status'] = 'filename_too_long'; @@ -2656,114 +2574,107 @@ function privAddFile($p_filedescr, &$p_header, &$p_options) // ----- Look for a file if ($p_filedescr['type'] == 'file') { // ----- Look for using temporary file to zip - if ( (!isset($p_options[PCLZIP_OPT_TEMP_FILE_OFF])) - && (isset($p_options[PCLZIP_OPT_TEMP_FILE_ON]) - || (isset($p_options[PCLZIP_OPT_TEMP_FILE_THRESHOLD]) - && ($p_options[PCLZIP_OPT_TEMP_FILE_THRESHOLD] <= $p_header['size'])) ) ) { + if ((!isset($p_options[PCLZIP_OPT_TEMP_FILE_OFF])) && (isset($p_options[PCLZIP_OPT_TEMP_FILE_ON]) || (isset($p_options[PCLZIP_OPT_TEMP_FILE_THRESHOLD]) && ($p_options[PCLZIP_OPT_TEMP_FILE_THRESHOLD] <= $p_header['size'])))) { $v_result = $this->privAddFileUsingTempFile($p_filedescr, $p_header, $p_options); if ($v_result < PCLZIP_ERR_NO_ERROR) { return $v_result; } - } - - // ----- Use "in memory" zip algo - else { - // ----- Open the source file - if (($v_file = @fopen($p_filename, "rb")) == 0) { - PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, "Unable to open file '$p_filename' in binary read mode"); - return PclZip::errorCode(); + // ----- Use "in memory" zip algo + } else { + + // ----- Open the source file + if (($v_file = @fopen($p_filename, "rb")) == 0) { + PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, "Unable to open file '$p_filename' in binary read mode"); + + return PclZip::errorCode(); + } + + // ----- Read the file content + $v_content = @fread($v_file, $p_header['size']); + + // ----- Close the file + @fclose($v_file); + + // ----- Calculate the CRC + $p_header['crc'] = @crc32($v_content); + + // ----- Look for no compression + if ($p_options[PCLZIP_OPT_NO_COMPRESSION]) { + // ----- Set header parameters + $p_header['compressed_size'] = $p_header['size']; + $p_header['compression'] = 0; + + // ----- Look for normal compression + } else { + // ----- Compress the content + $v_content = @gzdeflate($v_content); + + // ----- Set header parameters + $p_header['compressed_size'] = strlen($v_content); + $p_header['compression'] = 8; + } + + // ----- Call the header generation + if (($v_result = $this->privWriteFileHeader($p_header)) != 1) { + @fclose($v_file); + + return $v_result; + } + + // ----- Write the compressed (or not) content + @fwrite($this->zip_fd, $v_content, $p_header['compressed_size']); + } - // ----- Read the file content - $v_content = @fread($v_file, $p_header['size']); + // ----- Look for a virtual file (a file from string) + } elseif ($p_filedescr['type'] == 'virtual_file') { - // ----- Close the file - @fclose($v_file); + $v_content = $p_filedescr['content']; // ----- Calculate the CRC $p_header['crc'] = @crc32($v_content); - + // ----- Look for no compression if ($p_options[PCLZIP_OPT_NO_COMPRESSION]) { // ----- Set header parameters $p_header['compressed_size'] = $p_header['size']; - $p_header['compression'] = 0; - } - - // ----- Look for normal compression - else { + $p_header['compression'] = 0; + + // ----- Look for normal compression + } else { // ----- Compress the content $v_content = @gzdeflate($v_content); // ----- Set header parameters $p_header['compressed_size'] = strlen($v_content); - $p_header['compression'] = 8; + $p_header['compression'] = 8; } - + // ----- Call the header generation if (($v_result = $this->privWriteFileHeader($p_header)) != 1) { @fclose($v_file); + return $v_result; } // ----- Write the compressed (or not) content @fwrite($this->zip_fd, $v_content, $p_header['compressed_size']); - } - - } - - // ----- Look for a virtual file (a file from string) - else if ($p_filedescr['type'] == 'virtual_file') { - - $v_content = $p_filedescr['content']; - - // ----- Calculate the CRC - $p_header['crc'] = @crc32($v_content); - - // ----- Look for no compression - if ($p_options[PCLZIP_OPT_NO_COMPRESSION]) { - // ----- Set header parameters - $p_header['compressed_size'] = $p_header['size']; - $p_header['compression'] = 0; - } - - // ----- Look for normal compression - else { - // ----- Compress the content - $v_content = @gzdeflate($v_content); - - // ----- Set header parameters - $p_header['compressed_size'] = strlen($v_content); - $p_header['compression'] = 8; - } - - // ----- Call the header generation - if (($v_result = $this->privWriteFileHeader($p_header)) != 1) { - @fclose($v_file); - return $v_result; - } - - // ----- Write the compressed (or not) content - @fwrite($this->zip_fd, $v_content, $p_header['compressed_size']); - } - - // ----- Look for a directory - else if ($p_filedescr['type'] == 'folder') { - // ----- Look for directory last '/' - if (@substr($p_header['stored_filename'], -1) != '/') { - $p_header['stored_filename'] .= '/'; + // ----- Look for a directory + } elseif ($p_filedescr['type'] == 'folder') { + // ----- Look for directory last '/' + if (@substr($p_header['stored_filename'], -1) != '/') { + $p_header['stored_filename'] .= '/'; } // ----- Set the file properties - $p_header['size'] = 0; + $p_header['size'] = 0; //$p_header['external'] = 0x41FF0010; // Value for a folder : to be checked - $p_header['external'] = 0x00000010; // Value for a folder : to be checked + $p_header['external'] = 0x00000010; // Value for a folder : to be checked // ----- Call the header generation - if (($v_result = $this->privWriteFileHeader($p_header)) != 1) - { + if (($v_result = $this->privWriteFileHeader($p_header)) != 1) { return $v_result; } } @@ -2779,7 +2690,7 @@ function privAddFile($p_filedescr, &$p_header, &$p_options) // ----- Call the callback // Here I do not use call_user_func() because I need to send a reference to the // header. -// eval('$v_result = '.$p_options[PCLZIP_CB_POST_ADD].'(PCLZIP_CB_POST_ADD, $v_local_header);'); + // eval('$v_result = '.$p_options[PCLZIP_CB_POST_ADD].'(PCLZIP_CB_POST_ADD, $v_local_header);'); $v_result = $p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header); if ($v_result == 0) { // ----- Ignored @@ -2801,25 +2712,26 @@ function privAddFile($p_filedescr, &$p_header, &$p_options) // Parameters : // Return Values : // -------------------------------------------------------------------------------- - function privAddFileUsingTempFile($p_filedescr, &$p_header, &$p_options) + public function privAddFileUsingTempFile($p_filedescr, &$p_header, &$p_options) { - $v_result=PCLZIP_ERR_NO_ERROR; - + $v_result = PCLZIP_ERR_NO_ERROR; + // ----- Working variable $p_filename = $p_filedescr['filename']; - // ----- Open the source file if (($v_file = @fopen($p_filename, "rb")) == 0) { PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, "Unable to open file '$p_filename' in binary read mode"); + return PclZip::errorCode(); } // ----- Creates a compressed temporary file - $v_gzip_temp_name = PCLZIP_TEMPORARY_DIR.uniqid('pclzip-').'.gz'; + $v_gzip_temp_name = PCLZIP_TEMPORARY_DIR . uniqid('pclzip-') . '.gz'; if (($v_file_compressed = @gzopen($v_gzip_temp_name, "wb")) == 0) { fclose($v_file); - PclZip::privErrorLog(PCLZIP_ERR_WRITE_OPEN_FAIL, 'Unable to open temporary file \''.$v_gzip_temp_name.'\' in binary write mode'); + PclZip::privErrorLog(PCLZIP_ERR_WRITE_OPEN_FAIL, 'Unable to open temporary file \'' . $v_gzip_temp_name . '\' in binary write mode'); + return PclZip::errorCode(); } @@ -2827,7 +2739,7 @@ function privAddFileUsingTempFile($p_filedescr, &$p_header, &$p_options) $v_size = filesize($p_filename); while ($v_size != 0) { $v_read_size = ($v_size < PCLZIP_READ_BLOCK_SIZE ? $v_size : PCLZIP_READ_BLOCK_SIZE); - $v_buffer = @fread($v_file, $v_read_size); + $v_buffer = @fread($v_file, $v_read_size); //$v_binary_data = pack('a'.$v_read_size, $v_buffer); @gzputs($v_file_compressed, $v_buffer, $v_read_size); $v_size -= $v_read_size; @@ -2839,13 +2751,15 @@ function privAddFileUsingTempFile($p_filedescr, &$p_header, &$p_options) // ----- Check the minimum file size if (filesize($v_gzip_temp_name) < 18) { - PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, 'gzip temporary file \''.$v_gzip_temp_name.'\' has invalid filesize - should be minimum 18 bytes'); + PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, 'gzip temporary file \'' . $v_gzip_temp_name . '\' has invalid filesize - should be minimum 18 bytes'); + return PclZip::errorCode(); } // ----- Extract the compressed attributes if (($v_file_compressed = @fopen($v_gzip_temp_name, "rb")) == 0) { - PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Unable to open temporary file \''.$v_gzip_temp_name.'\' in binary read mode'); + PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Unable to open temporary file \'' . $v_gzip_temp_name . '\' in binary read mode'); + return PclZip::errorCode(); } @@ -2857,15 +2771,15 @@ function privAddFileUsingTempFile($p_filedescr, &$p_header, &$p_options) $v_data_header['os'] = bin2hex($v_data_header['os']); // ----- Read the gzip file footer - @fseek($v_file_compressed, filesize($v_gzip_temp_name)-8); + @fseek($v_file_compressed, filesize($v_gzip_temp_name) - 8); $v_binary_data = @fread($v_file_compressed, 8); $v_data_footer = unpack('Vcrc/Vcompressed_size', $v_binary_data); // ----- Set the attributes - $p_header['compression'] = ord($v_data_header['cm']); + $p_header['compression'] = ord($v_data_header['cm']); //$p_header['mtime'] = $v_data_header['mtime']; - $p_header['crc'] = $v_data_footer['crc']; - $p_header['compressed_size'] = filesize($v_gzip_temp_name)-18; + $p_header['crc'] = $v_data_footer['crc']; + $p_header['compressed_size'] = filesize($v_gzip_temp_name) - 18; // ----- Close the file @fclose($v_file_compressed); @@ -2876,19 +2790,18 @@ function privAddFileUsingTempFile($p_filedescr, &$p_header, &$p_options) } // ----- Add the compressed data - if (($v_file_compressed = @fopen($v_gzip_temp_name, "rb")) == 0) - { - PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Unable to open temporary file \''.$v_gzip_temp_name.'\' in binary read mode'); + if (($v_file_compressed = @fopen($v_gzip_temp_name, "rb")) == 0) { + PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Unable to open temporary file \'' . $v_gzip_temp_name . '\' in binary read mode'); + return PclZip::errorCode(); } // ----- Read the file by PCLZIP_READ_BLOCK_SIZE octets blocks fseek($v_file_compressed, 10); $v_size = $p_header['compressed_size']; - while ($v_size != 0) - { + while ($v_size != 0) { $v_read_size = ($v_size < PCLZIP_READ_BLOCK_SIZE ? $v_size : PCLZIP_READ_BLOCK_SIZE); - $v_buffer = @fread($v_file_compressed, $v_read_size); + $v_buffer = @fread($v_file_compressed, $v_read_size); //$v_binary_data = pack('a'.$v_read_size, $v_buffer); @fwrite($this->zip_fd, $v_buffer, $v_read_size); $v_size -= $v_read_size; @@ -2899,7 +2812,7 @@ function privAddFileUsingTempFile($p_filedescr, &$p_header, &$p_options) // ----- Unlink the temporary file @unlink($v_gzip_temp_name); - + // ----- Return return $v_result; } @@ -2913,52 +2826,46 @@ function privAddFileUsingTempFile($p_filedescr, &$p_header, &$p_options) // Parameters : // Return Values : // -------------------------------------------------------------------------------- - function privCalculateStoredFilename(&$p_filedescr, &$p_options) + public function privCalculateStoredFilename(&$p_filedescr, &$p_options) { - $v_result=1; - + $v_result = 1; + // ----- Working variables $p_filename = $p_filedescr['filename']; if (isset($p_options[PCLZIP_OPT_ADD_PATH])) { $p_add_dir = $p_options[PCLZIP_OPT_ADD_PATH]; - } - else { + } else { $p_add_dir = ''; } if (isset($p_options[PCLZIP_OPT_REMOVE_PATH])) { $p_remove_dir = $p_options[PCLZIP_OPT_REMOVE_PATH]; - } - else { + } else { $p_remove_dir = ''; } if (isset($p_options[PCLZIP_OPT_REMOVE_ALL_PATH])) { $p_remove_all_dir = $p_options[PCLZIP_OPT_REMOVE_ALL_PATH]; - } - else { + } else { $p_remove_all_dir = 0; } - // ----- Look for full name change if (isset($p_filedescr['new_full_name'])) { // ----- Remove drive letter if any $v_stored_filename = PclZipUtilTranslateWinPath($p_filedescr['new_full_name']); - } - - // ----- Look for path and/or short name change - else { + + // ----- Look for path and/or short name change + } else { // ----- Look for short name change // Its when we cahnge just the filename but not the path if (isset($p_filedescr['new_short_name'])) { $v_path_info = pathinfo($p_filename); - $v_dir = ''; + $v_dir = ''; if ($v_path_info['dirname'] != '') { - $v_dir = $v_path_info['dirname'].'/'; + $v_dir = $v_path_info['dirname'] . '/'; } - $v_stored_filename = $v_dir.$p_filedescr['new_short_name']; - } - else { + $v_stored_filename = $v_dir . $p_filedescr['new_short_name']; + } else { // ----- Calculate the stored filename $v_stored_filename = $p_filename; } @@ -2966,54 +2873,50 @@ function privCalculateStoredFilename(&$p_filedescr, &$p_options) // ----- Look for all path to remove if ($p_remove_all_dir) { $v_stored_filename = basename($p_filename); - } - // ----- Look for partial path remove - else if ($p_remove_dir != "") { - if (substr($p_remove_dir, -1) != '/') + + // ----- Look for partial path remove + } elseif ($p_remove_dir != "") { + if (substr($p_remove_dir, -1) != '/') { $p_remove_dir .= "/"; + } - if ( (substr($p_filename, 0, 2) == "./") - || (substr($p_remove_dir, 0, 2) == "./")) { - - if ( (substr($p_filename, 0, 2) == "./") - && (substr($p_remove_dir, 0, 2) != "./")) { - $p_remove_dir = "./".$p_remove_dir; + if ((substr($p_filename, 0, 2) == "./") || (substr($p_remove_dir, 0, 2) == "./")) { + + if ((substr($p_filename, 0, 2) == "./") && (substr($p_remove_dir, 0, 2) != "./")) { + $p_remove_dir = "./" . $p_remove_dir; } - if ( (substr($p_filename, 0, 2) != "./") - && (substr($p_remove_dir, 0, 2) == "./")) { + if ((substr($p_filename, 0, 2) != "./") && (substr($p_remove_dir, 0, 2) == "./")) { $p_remove_dir = substr($p_remove_dir, 2); } } - $v_compare = PclZipUtilPathInclusion($p_remove_dir, - $v_stored_filename); + $v_compare = PclZipUtilPathInclusion($p_remove_dir, $v_stored_filename); if ($v_compare > 0) { if ($v_compare == 2) { $v_stored_filename = ""; - } - else { - $v_stored_filename = substr($v_stored_filename, - strlen($p_remove_dir)); + } else { + $v_stored_filename = substr($v_stored_filename, strlen($p_remove_dir)); } } } - + // ----- Remove drive letter if any $v_stored_filename = PclZipUtilTranslateWinPath($v_stored_filename); - + // ----- Look for path to add if ($p_add_dir != "") { - if (substr($p_add_dir, -1) == "/") - $v_stored_filename = $p_add_dir.$v_stored_filename; - else - $v_stored_filename = $p_add_dir."/".$v_stored_filename; + if (substr($p_add_dir, -1) == "/") { + $v_stored_filename = $p_add_dir . $v_stored_filename; + } else { + $v_stored_filename = $p_add_dir . "/" . $v_stored_filename; + } } } // ----- Filename (reduce the path of stored name) - $v_stored_filename = PclZipUtilPathReduction($v_stored_filename); + $v_stored_filename = PclZipUtilPathReduction($v_stored_filename); $p_filedescr['stored_filename'] = $v_stored_filename; - + // ----- Return return $v_result; } @@ -3025,37 +2928,29 @@ function privCalculateStoredFilename(&$p_filedescr, &$p_options) // Parameters : // Return Values : // -------------------------------------------------------------------------------- - function privWriteFileHeader(&$p_header) + public function privWriteFileHeader(&$p_header) { - $v_result=1; + $v_result = 1; // ----- Store the offset position of the file $p_header['offset'] = ftell($this->zip_fd); // ----- Transform UNIX mtime to DOS format mdate/mtime - $v_date = getdate($p_header['mtime']); - $v_mtime = ($v_date['hours']<<11) + ($v_date['minutes']<<5) + $v_date['seconds']/2; - $v_mdate = (($v_date['year']-1980)<<9) + ($v_date['mon']<<5) + $v_date['mday']; + $v_date = getdate($p_header['mtime']); + $v_mtime = ($v_date['hours'] << 11) + ($v_date['minutes'] << 5) + $v_date['seconds'] / 2; + $v_mdate = (($v_date['year'] - 1980) << 9) + ($v_date['mon'] << 5) + $v_date['mday']; // ----- Packed data - $v_binary_data = pack("VvvvvvVVVvv", 0x04034b50, - $p_header['version_extracted'], $p_header['flag'], - $p_header['compression'], $v_mtime, $v_mdate, - $p_header['crc'], $p_header['compressed_size'], - $p_header['size'], - strlen($p_header['stored_filename']), - $p_header['extra_len']); + $v_binary_data = pack("VvvvvvVVVvv", 0x04034b50, $p_header['version_extracted'], $p_header['flag'], $p_header['compression'], $v_mtime, $v_mdate, $p_header['crc'], $p_header['compressed_size'], $p_header['size'], strlen($p_header['stored_filename']), $p_header['extra_len']); // ----- Write the first 148 bytes of the header in the archive fputs($this->zip_fd, $v_binary_data, 30); // ----- Write the variable fields - if (strlen($p_header['stored_filename']) != 0) - { + if (strlen($p_header['stored_filename']) != 0) { fputs($this->zip_fd, $p_header['stored_filename'], strlen($p_header['stored_filename'])); } - if ($p_header['extra_len'] != 0) - { + if ($p_header['extra_len'] != 0) { fputs($this->zip_fd, $p_header['extra'], $p_header['extra_len']); } @@ -3070,45 +2965,33 @@ function privWriteFileHeader(&$p_header) // Parameters : // Return Values : // -------------------------------------------------------------------------------- - function privWriteCentralFileHeader(&$p_header) + public function privWriteCentralFileHeader(&$p_header) { - $v_result=1; + $v_result = 1; // TBC - //for(reset($p_header); $key = key($p_header); next($p_header)) { + //for (reset($p_header); $key = key($p_header); next($p_header)) { //} // ----- Transform UNIX mtime to DOS format mdate/mtime - $v_date = getdate($p_header['mtime']); - $v_mtime = ($v_date['hours']<<11) + ($v_date['minutes']<<5) + $v_date['seconds']/2; - $v_mdate = (($v_date['year']-1980)<<9) + ($v_date['mon']<<5) + $v_date['mday']; - + $v_date = getdate($p_header['mtime']); + $v_mtime = ($v_date['hours'] << 11) + ($v_date['minutes'] << 5) + $v_date['seconds'] / 2; + $v_mdate = (($v_date['year'] - 1980) << 9) + ($v_date['mon'] << 5) + $v_date['mday']; // ----- Packed data - $v_binary_data = pack("VvvvvvvVVVvvvvvVV", 0x02014b50, - $p_header['version'], $p_header['version_extracted'], - $p_header['flag'], $p_header['compression'], - $v_mtime, $v_mdate, $p_header['crc'], - $p_header['compressed_size'], $p_header['size'], - strlen($p_header['stored_filename']), - $p_header['extra_len'], $p_header['comment_len'], - $p_header['disk'], $p_header['internal'], - $p_header['external'], $p_header['offset']); + $v_binary_data = pack("VvvvvvvVVVvvvvvVV", 0x02014b50, $p_header['version'], $p_header['version_extracted'], $p_header['flag'], $p_header['compression'], $v_mtime, $v_mdate, $p_header['crc'], $p_header['compressed_size'], $p_header['size'], strlen($p_header['stored_filename']), $p_header['extra_len'], $p_header['comment_len'], $p_header['disk'], $p_header['internal'], $p_header['external'], $p_header['offset']); // ----- Write the 42 bytes of the header in the zip file fputs($this->zip_fd, $v_binary_data, 46); // ----- Write the variable fields - if (strlen($p_header['stored_filename']) != 0) - { + if (strlen($p_header['stored_filename']) != 0) { fputs($this->zip_fd, $p_header['stored_filename'], strlen($p_header['stored_filename'])); } - if ($p_header['extra_len'] != 0) - { + if ($p_header['extra_len'] != 0) { fputs($this->zip_fd, $p_header['extra'], $p_header['extra_len']); } - if ($p_header['comment_len'] != 0) - { + if ($p_header['comment_len'] != 0) { fputs($this->zip_fd, $p_header['comment'], $p_header['comment_len']); } @@ -3123,21 +3006,18 @@ function privWriteCentralFileHeader(&$p_header) // Parameters : // Return Values : // -------------------------------------------------------------------------------- - function privWriteCentralHeader($p_nb_entries, $p_size, $p_offset, $p_comment) + public function privWriteCentralHeader($p_nb_entries, $p_size, $p_offset, $p_comment) { - $v_result=1; + $v_result = 1; // ----- Packed data - $v_binary_data = pack("VvvvvVVv", 0x06054b50, 0, 0, $p_nb_entries, - $p_nb_entries, $p_size, - $p_offset, strlen($p_comment)); + $v_binary_data = pack("VvvvvVVv", 0x06054b50, 0, 0, $p_nb_entries, $p_nb_entries, $p_size, $p_offset, strlen($p_comment)); // ----- Write the 22 bytes of the header in the zip file fputs($this->zip_fd, $v_binary_data, 22); // ----- Write the variable fields - if (strlen($p_comment) != 0) - { + if (strlen($p_comment) != 0) { fputs($this->zip_fd, $p_comment, strlen($p_comment)); } @@ -3152,21 +3032,20 @@ function privWriteCentralHeader($p_nb_entries, $p_size, $p_offset, $p_comment) // Parameters : // Return Values : // -------------------------------------------------------------------------------- - function privList(&$p_list) + public function privList(&$p_list) { - $v_result=1; + $v_result = 1; // ----- Magic quotes trick $this->privDisableMagicQuotes(); // ----- Open the zip file - if (($this->zip_fd = @fopen($this->zipname, 'rb')) == 0) - { + if (($this->zip_fd = @fopen($this->zipname, 'rb')) == 0) { // ----- Magic quotes trick $this->privSwapBackMagicQuotes(); - + // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Unable to open archive \''.$this->zipname.'\' in binary read mode'); + PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Unable to open archive \'' . $this->zipname . '\' in binary read mode'); // ----- Return return PclZip::errorCode(); @@ -3174,16 +3053,15 @@ function privList(&$p_list) // ----- Read the central directory informations $v_central_dir = array(); - if (($v_result = $this->privReadEndCentralDir($v_central_dir)) != 1) - { + if (($v_result = $this->privReadEndCentralDir($v_central_dir)) != 1) { $this->privSwapBackMagicQuotes(); + return $v_result; } // ----- Go to beginning of Central Dir @rewind($this->zip_fd); - if (@fseek($this->zip_fd, $v_central_dir['offset'])) - { + if (@fseek($this->zip_fd, $v_central_dir['offset'])) { $this->privSwapBackMagicQuotes(); // ----- Error log @@ -3194,12 +3072,11 @@ function privList(&$p_list) } // ----- Read each entry - for ($i=0; $i<$v_central_dir['entries']; $i++) - { + for ($i = 0; $i < $v_central_dir['entries']; $i++) { // ----- Read the file header - if (($v_result = $this->privReadCentralFileHeader($v_header)) != 1) - { + if (($v_result = $this->privReadCentralFileHeader($v_header)) != 1) { $this->privSwapBackMagicQuotes(); + return $v_result; } $v_header['index'] = $i; @@ -3239,23 +3116,23 @@ function privList(&$p_list) // Parameters : // Return Values : // -------------------------------------------------------------------------------- - function privConvertHeader2FileInfo($p_header, &$p_info) + public function privConvertHeader2FileInfo($p_header, &$p_info) { - $v_result=1; + $v_result = 1; // ----- Get the interesting attributes - $v_temp_path = PclZipUtilPathReduction($p_header['filename']); - $p_info['filename'] = $v_temp_path; - $v_temp_path = PclZipUtilPathReduction($p_header['stored_filename']); + $v_temp_path = PclZipUtilPathReduction($p_header['filename']); + $p_info['filename'] = $v_temp_path; + $v_temp_path = PclZipUtilPathReduction($p_header['stored_filename']); $p_info['stored_filename'] = $v_temp_path; - $p_info['size'] = $p_header['size']; + $p_info['size'] = $p_header['size']; $p_info['compressed_size'] = $p_header['compressed_size']; - $p_info['mtime'] = $p_header['mtime']; - $p_info['comment'] = $p_header['comment']; - $p_info['folder'] = (($p_header['external']&0x00000010)==0x00000010); - $p_info['index'] = $p_header['index']; - $p_info['status'] = $p_header['status']; - $p_info['crc'] = $p_header['crc']; + $p_info['mtime'] = $p_header['mtime']; + $p_info['comment'] = $p_header['comment']; + $p_info['folder'] = (($p_header['external'] & 0x00000010) == 0x00000010); + $p_info['index'] = $p_header['index']; + $p_info['status'] = $p_header['status']; + $p_info['crc'] = $p_header['crc']; // ----- Return return $v_result; @@ -3278,48 +3155,42 @@ function privConvertHeader2FileInfo($p_header, &$p_info) // Return Values : // 1 on success,0 or less on error (see error code list) // -------------------------------------------------------------------------------- - function privExtractByRule(&$p_file_list, $p_path, $p_remove_path, $p_remove_all_path, &$p_options) + public function privExtractByRule(&$p_file_list, $p_path, $p_remove_path, $p_remove_all_path, &$p_options) { - $v_result=1; + $v_result = 1; // ----- Magic quotes trick $this->privDisableMagicQuotes(); // ----- Check the path - if ( ($p_path == "") - || ( (substr($p_path, 0, 1) != "/") - && (substr($p_path, 0, 3) != "../") - && (substr($p_path,1,2)!=":/"))) - $p_path = "./".$p_path; + if (($p_path == "") || ((substr($p_path, 0, 1) != "/") && (substr($p_path, 0, 3) != "../") && (substr($p_path, 1, 2) != ":/"))) { + $p_path = "./" . $p_path; + } // ----- Reduce the path last (and duplicated) '/' - if (($p_path != "./") && ($p_path != "/")) - { + if (($p_path != "./") && ($p_path != "/")) { // ----- Look for the path end '/' - while (substr($p_path, -1) == "/") - { - $p_path = substr($p_path, 0, strlen($p_path)-1); + while (substr($p_path, -1) == "/") { + $p_path = substr($p_path, 0, strlen($p_path) - 1); } } // ----- Look for path to remove format (should end by /) - if (($p_remove_path != "") && (substr($p_remove_path, -1) != '/')) - { + if (($p_remove_path != "") && (substr($p_remove_path, -1) != '/')) { $p_remove_path .= '/'; } $p_remove_path_size = strlen($p_remove_path); // ----- Open the zip file - if (($v_result = $this->privOpenFd('rb')) != 1) - { + if (($v_result = $this->privOpenFd('rb')) != 1) { $this->privSwapBackMagicQuotes(); + return $v_result; } // ----- Read the central directory informations $v_central_dir = array(); - if (($v_result = $this->privReadEndCentralDir($v_central_dir)) != 1) - { + if (($v_result = $this->privReadEndCentralDir($v_central_dir)) != 1) { // ----- Close the zip file $this->privCloseFd(); $this->privSwapBackMagicQuotes(); @@ -3332,13 +3203,11 @@ function privExtractByRule(&$p_file_list, $p_path, $p_remove_path, $p_remove_all // ----- Read each entry $j_start = 0; - for ($i=0, $v_nb_extracted=0; $i<$v_central_dir['entries']; $i++) - { + for ($i = 0, $v_nb_extracted = 0; $i < $v_central_dir['entries']; $i++) { // ----- Read next Central dir entry @rewind($this->zip_fd); - if (@fseek($this->zip_fd, $v_pos_entry)) - { + if (@fseek($this->zip_fd, $v_pos_entry)) { // ----- Close the zip file $this->privCloseFd(); $this->privSwapBackMagicQuotes(); @@ -3352,8 +3221,7 @@ function privExtractByRule(&$p_file_list, $p_path, $p_remove_path, $p_remove_all // ----- Read the file header $v_header = array(); - if (($v_result = $this->privReadCentralFileHeader($v_header)) != 1) - { + if (($v_result = $this->privReadCentralFileHeader($v_header)) != 1) { // ----- Close the zip file $this->privCloseFd(); $this->privSwapBackMagicQuotes(); @@ -3371,135 +3239,115 @@ function privExtractByRule(&$p_file_list, $p_path, $p_remove_path, $p_remove_all $v_extract = false; // ----- Look for extract by name rule - if ( (isset($p_options[PCLZIP_OPT_BY_NAME])) - && ($p_options[PCLZIP_OPT_BY_NAME] != 0)) { + if ((isset($p_options[PCLZIP_OPT_BY_NAME])) && ($p_options[PCLZIP_OPT_BY_NAME] != 0)) { - // ----- Look if the filename is in the list - for ($j=0; ($j strlen($p_options[PCLZIP_OPT_BY_NAME][$j])) - && (substr($v_header['stored_filename'], 0, strlen($p_options[PCLZIP_OPT_BY_NAME][$j])) == $p_options[PCLZIP_OPT_BY_NAME][$j])) { - $v_extract = true; - } - } - // ----- Look for a filename - elseif ($v_header['stored_filename'] == $p_options[PCLZIP_OPT_BY_NAME][$j]) { - $v_extract = true; - } - } - } - - // ----- Look for extract by ereg rule - // ereg() is deprecated with PHP 5.3 - /* - else if ( (isset($p_options[PCLZIP_OPT_BY_EREG])) - && ($p_options[PCLZIP_OPT_BY_EREG] != "")) { - - if (ereg($p_options[PCLZIP_OPT_BY_EREG], $v_header['stored_filename'])) { + // ----- Look if the directory is in the filename path + if ((strlen($v_header['stored_filename']) > strlen($p_options[PCLZIP_OPT_BY_NAME][$j])) && (substr($v_header['stored_filename'], 0, strlen($p_options[PCLZIP_OPT_BY_NAME][$j])) == $p_options[PCLZIP_OPT_BY_NAME][$j])) { $v_extract = true; + } + + // ----- Look for a filename + } elseif ($v_header['stored_filename'] == $p_options[PCLZIP_OPT_BY_NAME][$j]) { + $v_extract = true; } - } - */ + } + // ----- Look for extract by ereg rule + // ereg() is deprecated with PHP 5.3 + /* + elseif ( (isset($p_options[PCLZIP_OPT_BY_EREG])) + && ($p_options[PCLZIP_OPT_BY_EREG] != "")) { + + if (ereg($p_options[PCLZIP_OPT_BY_EREG], $v_header['stored_filename'])) { + $v_extract = true; + } + } + */ - // ----- Look for extract by preg rule - else if ( (isset($p_options[PCLZIP_OPT_BY_PREG])) - && ($p_options[PCLZIP_OPT_BY_PREG] != "")) { + // ----- Look for extract by preg rule + } elseif ((isset($p_options[PCLZIP_OPT_BY_PREG])) && ($p_options[PCLZIP_OPT_BY_PREG] != "")) { - if (preg_match($p_options[PCLZIP_OPT_BY_PREG], $v_header['stored_filename'])) { - $v_extract = true; - } - } + if (preg_match($p_options[PCLZIP_OPT_BY_PREG], $v_header['stored_filename'])) { + $v_extract = true; + } - // ----- Look for extract by index rule - else if ( (isset($p_options[PCLZIP_OPT_BY_INDEX])) - && ($p_options[PCLZIP_OPT_BY_INDEX] != 0)) { - - // ----- Look if the index is in the list - for ($j=$j_start; ($j=$p_options[PCLZIP_OPT_BY_INDEX][$j]['start']) && ($i<=$p_options[PCLZIP_OPT_BY_INDEX][$j]['end'])) { - $v_extract = true; - } - if ($i>=$p_options[PCLZIP_OPT_BY_INDEX][$j]['end']) { - $j_start = $j+1; - } + // ----- Look if the index is in the list + for ($j = $j_start; ($j < sizeof($p_options[PCLZIP_OPT_BY_INDEX])) && (!$v_extract); $j++) { - if ($p_options[PCLZIP_OPT_BY_INDEX][$j]['start']>$i) { - break; - } + if (($i >= $p_options[PCLZIP_OPT_BY_INDEX][$j]['start']) && ($i <= $p_options[PCLZIP_OPT_BY_INDEX][$j]['end'])) { + $v_extract = true; + } + if ($i >= $p_options[PCLZIP_OPT_BY_INDEX][$j]['end']) { + $j_start = $j + 1; } - } - // ----- Look for no rule, which means extract all the archive - else { - $v_extract = true; + if ($p_options[PCLZIP_OPT_BY_INDEX][$j]['start'] > $i) { + break; + } + } + + // ----- Look for no rule, which means extract all the archive + } else { + $v_extract = true; } - // ----- Check compression method - if ( ($v_extract) - && ( ($v_header['compression'] != 8) - && ($v_header['compression'] != 0))) { - $v_header['status'] = 'unsupported_compression'; + // ----- Check compression method + if (($v_extract) && (($v_header['compression'] != 8) && ($v_header['compression'] != 0))) { + $v_header['status'] = 'unsupported_compression'; - // ----- Look for PCLZIP_OPT_STOP_ON_ERROR - if ( (isset($p_options[PCLZIP_OPT_STOP_ON_ERROR])) - && ($p_options[PCLZIP_OPT_STOP_ON_ERROR]===true)) { + // ----- Look for PCLZIP_OPT_STOP_ON_ERROR + if ((isset($p_options[PCLZIP_OPT_STOP_ON_ERROR])) && ($p_options[PCLZIP_OPT_STOP_ON_ERROR] === true)) { - $this->privSwapBackMagicQuotes(); - - PclZip::privErrorLog(PCLZIP_ERR_UNSUPPORTED_COMPRESSION, - "Filename '".$v_header['stored_filename']."' is " - ."compressed by an unsupported compression " - ."method (".$v_header['compression'].") "); + $this->privSwapBackMagicQuotes(); - return PclZip::errorCode(); - } - } - - // ----- Check encrypted files - if (($v_extract) && (($v_header['flag'] & 1) == 1)) { - $v_header['status'] = 'unsupported_encryption'; + PclZip::privErrorLog(PCLZIP_ERR_UNSUPPORTED_COMPRESSION, "Filename '" . $v_header['stored_filename'] . "' is " . "compressed by an unsupported compression " . "method (" . $v_header['compression'] . ") "); - // ----- Look for PCLZIP_OPT_STOP_ON_ERROR - if ( (isset($p_options[PCLZIP_OPT_STOP_ON_ERROR])) - && ($p_options[PCLZIP_OPT_STOP_ON_ERROR]===true)) { + return PclZip::errorCode(); + } + } + + // ----- Check encrypted files + if (($v_extract) && (($v_header['flag'] & 1) == 1)) { + $v_header['status'] = 'unsupported_encryption'; - $this->privSwapBackMagicQuotes(); + // ----- Look for PCLZIP_OPT_STOP_ON_ERROR + if ((isset($p_options[PCLZIP_OPT_STOP_ON_ERROR])) && ($p_options[PCLZIP_OPT_STOP_ON_ERROR] === true)) { - PclZip::privErrorLog(PCLZIP_ERR_UNSUPPORTED_ENCRYPTION, - "Unsupported encryption for " - ." filename '".$v_header['stored_filename'] - ."'"); + $this->privSwapBackMagicQuotes(); - return PclZip::errorCode(); - } - } + PclZip::privErrorLog(PCLZIP_ERR_UNSUPPORTED_ENCRYPTION, "Unsupported encryption for " . " filename '" . $v_header['stored_filename'] . "'"); + + return PclZip::errorCode(); + } + } // ----- Look for real extraction if (($v_extract) && ($v_header['status'] != 'ok')) { - $v_result = $this->privConvertHeader2FileInfo($v_header, - $p_file_list[$v_nb_extracted++]); - if ($v_result != 1) { - $this->privCloseFd(); - $this->privSwapBackMagicQuotes(); - return $v_result; - } + $v_result = $this->privConvertHeader2FileInfo($v_header, $p_file_list[$v_nb_extracted++]); + if ($v_result != 1) { + $this->privCloseFd(); + $this->privSwapBackMagicQuotes(); + + return $v_result; + } - $v_extract = false; + $v_extract = false; } - + // ----- Look for real extraction - if ($v_extract) - { + if ($v_extract) { // ----- Go to the file position @rewind($this->zip_fd); - if (@fseek($this->zip_fd, $v_header['offset'])) - { + if (@fseek($this->zip_fd, $v_header['offset'])) { // ----- Close the zip file $this->privCloseFd(); @@ -3522,12 +3370,12 @@ function privExtractByRule(&$p_file_list, $p_path, $p_remove_path, $p_remove_all if ($v_result1 < 1) { $this->privCloseFd(); $this->privSwapBackMagicQuotes(); + return $v_result1; } // ----- Get the only interesting attributes - if (($v_result = $this->privConvertHeader2FileInfo($v_header, $p_file_list[$v_nb_extracted])) != 1) - { + if (($v_result = $this->privConvertHeader2FileInfo($v_header, $p_file_list[$v_nb_extracted])) != 1) { // ----- Close the zip file $this->privCloseFd(); $this->privSwapBackMagicQuotes(); @@ -3540,20 +3388,20 @@ function privExtractByRule(&$p_file_list, $p_path, $p_remove_path, $p_remove_all // ----- Next extracted file $v_nb_extracted++; - + // ----- Look for user callback abort if ($v_result1 == 2) { - break; + break; } - } - // ----- Look for extraction in standard output - elseif ( (isset($p_options[PCLZIP_OPT_EXTRACT_IN_OUTPUT])) - && ($p_options[PCLZIP_OPT_EXTRACT_IN_OUTPUT])) { + + // ----- Look for extraction in standard output + } elseif ((isset($p_options[PCLZIP_OPT_EXTRACT_IN_OUTPUT])) && ($p_options[PCLZIP_OPT_EXTRACT_IN_OUTPUT])) { // ----- Extracting the file in standard output $v_result1 = $this->privExtractFileInOutput($v_header, $p_options); if ($v_result1 < 1) { $this->privCloseFd(); $this->privSwapBackMagicQuotes(); + return $v_result1; } @@ -3561,30 +3409,28 @@ function privExtractByRule(&$p_file_list, $p_path, $p_remove_path, $p_remove_all if (($v_result = $this->privConvertHeader2FileInfo($v_header, $p_file_list[$v_nb_extracted++])) != 1) { $this->privCloseFd(); $this->privSwapBackMagicQuotes(); + return $v_result; } // ----- Look for user callback abort if ($v_result1 == 2) { - break; + break; } - } - // ----- Look for normal extraction - else { + + // ----- Look for normal extraction + } else { // ----- Extracting the file - $v_result1 = $this->privExtractFile($v_header, - $p_path, $p_remove_path, - $p_remove_all_path, - $p_options); + $v_result1 = $this->privExtractFile($v_header, $p_path, $p_remove_path, $p_remove_all_path, $p_options); if ($v_result1 < 1) { $this->privCloseFd(); $this->privSwapBackMagicQuotes(); + return $v_result1; } // ----- Get the only interesting attributes - if (($v_result = $this->privConvertHeader2FileInfo($v_header, $p_file_list[$v_nb_extracted++])) != 1) - { + if (($v_result = $this->privConvertHeader2FileInfo($v_header, $p_file_list[$v_nb_extracted++])) != 1) { // ----- Close the zip file $this->privCloseFd(); $this->privSwapBackMagicQuotes(); @@ -3594,7 +3440,7 @@ function privExtractByRule(&$p_file_list, $p_path, $p_remove_path, $p_remove_all // ----- Look for user callback abort if ($v_result1 == 2) { - break; + break; } } } @@ -3618,42 +3464,37 @@ function privExtractByRule(&$p_file_list, $p_path, $p_remove_path, $p_remove_all // 1 : ... ? // PCLZIP_ERR_USER_ABORTED(2) : User ask for extraction stop in callback // -------------------------------------------------------------------------------- - function privExtractFile(&$p_entry, $p_path, $p_remove_path, $p_remove_all_path, &$p_options) + public function privExtractFile(&$p_entry, $p_path, $p_remove_path, $p_remove_all_path, &$p_options) { - $v_result=1; + $v_result = 1; // ----- Read the file header - if (($v_result = $this->privReadFileHeader($v_header)) != 1) - { + if (($v_result = $this->privReadFileHeader($v_header)) != 1) { // ----- Return return $v_result; } - // ----- Check that the file header is coherent with $p_entry info if ($this->privCheckFileHeaders($v_header, $p_entry) != 1) { - // TBC + // TBC } // ----- Look for all path to remove if ($p_remove_all_path == true) { - // ----- Look for folder entry that not need to be extracted - if (($p_entry['external']&0x00000010)==0x00000010) { + // ----- Look for folder entry that not need to be extracted + if (($p_entry['external'] & 0x00000010) == 0x00000010) { - $p_entry['status'] = "filtered"; + $p_entry['status'] = "filtered"; - return $v_result; - } + return $v_result; + } - // ----- Get the basename of the path - $p_entry['filename'] = basename($p_entry['filename']); - } + // ----- Get the basename of the path + $p_entry['filename'] = basename($p_entry['filename']); - // ----- Look for path to remove - else if ($p_remove_path != "") - { - if (PclZipUtilPathInclusion($p_remove_path, $p_entry['filename']) == 2) - { + // ----- Look for path to remove + } elseif ($p_remove_path != "") { + if (PclZipUtilPathInclusion($p_remove_path, $p_entry['filename']) == 2) { // ----- Change the file status $p_entry['status'] = "filtered"; @@ -3663,8 +3504,7 @@ function privExtractFile(&$p_entry, $p_path, $p_remove_path, $p_remove_all_path, } $p_remove_path_size = strlen($p_remove_path); - if (substr($p_entry['filename'], 0, $p_remove_path_size) == $p_remove_path) - { + if (substr($p_entry['filename'], 0, $p_remove_path_size) == $p_remove_path) { // ----- Remove the path $p_entry['filename'] = substr($p_entry['filename'], $p_remove_path_size); @@ -3674,19 +3514,15 @@ function privExtractFile(&$p_entry, $p_path, $p_remove_path, $p_remove_all_path, // ----- Add the path if ($p_path != '') { - $p_entry['filename'] = $p_path."/".$p_entry['filename']; + $p_entry['filename'] = $p_path . "/" . $p_entry['filename']; } - + // ----- Check a base_dir_restriction if (isset($p_options[PCLZIP_OPT_EXTRACT_DIR_RESTRICTION])) { - $v_inclusion - = PclZipUtilPathInclusion($p_options[PCLZIP_OPT_EXTRACT_DIR_RESTRICTION], - $p_entry['filename']); + $v_inclusion = PclZipUtilPathInclusion($p_options[PCLZIP_OPT_EXTRACT_DIR_RESTRICTION], $p_entry['filename']); if ($v_inclusion == 0) { - PclZip::privErrorLog(PCLZIP_ERR_DIRECTORY_RESTRICTION, - "Filename '".$p_entry['filename']."' is " - ."outside PCLZIP_OPT_EXTRACT_DIR_RESTRICTION"); + PclZip::privErrorLog(PCLZIP_ERR_DIRECTORY_RESTRICTION, "Filename '" . $p_entry['filename'] . "' is " . "outside PCLZIP_OPT_EXTRACT_DIR_RESTRICTION"); return PclZip::errorCode(); } @@ -3702,19 +3538,19 @@ function privExtractFile(&$p_entry, $p_path, $p_remove_path, $p_remove_all_path, // ----- Call the callback // Here I do not use call_user_func() because I need to send a reference to the // header. -// eval('$v_result = '.$p_options[PCLZIP_CB_PRE_EXTRACT].'(PCLZIP_CB_PRE_EXTRACT, $v_local_header);'); + // eval('$v_result = '.$p_options[PCLZIP_CB_PRE_EXTRACT].'(PCLZIP_CB_PRE_EXTRACT, $v_local_header);'); $v_result = $p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header); if ($v_result == 0) { // ----- Change the file status $p_entry['status'] = "skipped"; - $v_result = 1; + $v_result = 1; } - + // ----- Look for abort result if ($v_result == 2) { // ----- This status is internal and will be changed in 'skipped' $p_entry['status'] = "aborted"; - $v_result = PCLZIP_ERR_USER_ABORTED; + $v_result = PCLZIP_ERR_USER_ABORTED; } // ----- Update the informations @@ -3722,97 +3558,79 @@ function privExtractFile(&$p_entry, $p_path, $p_remove_path, $p_remove_all_path, $p_entry['filename'] = $v_local_header['filename']; } - // ----- Look if extraction should be done if ($p_entry['status'] == 'ok') { - // ----- Look for specific actions while the file exist - if (file_exists($p_entry['filename'])) - { + // ----- Look for specific actions while the file exist + if (file_exists($p_entry['filename'])) { - // ----- Look if file is a directory - if (is_dir($p_entry['filename'])) - { + // ----- Look if file is a directory + if (is_dir($p_entry['filename'])) { - // ----- Change the file status - $p_entry['status'] = "already_a_directory"; - - // ----- Look for PCLZIP_OPT_STOP_ON_ERROR - // For historical reason first PclZip implementation does not stop - // when this kind of error occurs. - if ( (isset($p_options[PCLZIP_OPT_STOP_ON_ERROR])) - && ($p_options[PCLZIP_OPT_STOP_ON_ERROR]===true)) { + // ----- Change the file status + $p_entry['status'] = "already_a_directory"; + + // ----- Look for PCLZIP_OPT_STOP_ON_ERROR + // For historical reason first PclZip implementation does not stop + // when this kind of error occurs. + if ((isset($p_options[PCLZIP_OPT_STOP_ON_ERROR])) && ($p_options[PCLZIP_OPT_STOP_ON_ERROR] === true)) { - PclZip::privErrorLog(PCLZIP_ERR_ALREADY_A_DIRECTORY, - "Filename '".$p_entry['filename']."' is " - ."already used by an existing directory"); + PclZip::privErrorLog(PCLZIP_ERR_ALREADY_A_DIRECTORY, "Filename '" . $p_entry['filename'] . "' is " . "already used by an existing directory"); return PclZip::errorCode(); - } - } - // ----- Look if file is write protected - else if (!is_writeable($p_entry['filename'])) - { + } - // ----- Change the file status - $p_entry['status'] = "write_protected"; + // ----- Look if file is write protected + } elseif (!is_writeable($p_entry['filename'])) { - // ----- Look for PCLZIP_OPT_STOP_ON_ERROR - // For historical reason first PclZip implementation does not stop - // when this kind of error occurs. - if ( (isset($p_options[PCLZIP_OPT_STOP_ON_ERROR])) - && ($p_options[PCLZIP_OPT_STOP_ON_ERROR]===true)) { + // ----- Change the file status + $p_entry['status'] = "write_protected"; + + // ----- Look for PCLZIP_OPT_STOP_ON_ERROR + // For historical reason first PclZip implementation does not stop + // when this kind of error occurs. + if ((isset($p_options[PCLZIP_OPT_STOP_ON_ERROR])) && ($p_options[PCLZIP_OPT_STOP_ON_ERROR] === true)) { - PclZip::privErrorLog(PCLZIP_ERR_WRITE_OPEN_FAIL, - "Filename '".$p_entry['filename']."' exists " - ."and is write protected"); + PclZip::privErrorLog(PCLZIP_ERR_WRITE_OPEN_FAIL, "Filename '" . $p_entry['filename'] . "' exists " . "and is write protected"); return PclZip::errorCode(); - } - } + } - // ----- Look if the extracted file is older - else if (filemtime($p_entry['filename']) > $p_entry['mtime']) - { - // ----- Change the file status - if ( (isset($p_options[PCLZIP_OPT_REPLACE_NEWER])) - && ($p_options[PCLZIP_OPT_REPLACE_NEWER]===true)) { - } - else { + // ----- Look if the extracted file is older + } elseif (filemtime($p_entry['filename']) > $p_entry['mtime']) { + // ----- Change the file status + if ((isset($p_options[PCLZIP_OPT_REPLACE_NEWER])) && ($p_options[PCLZIP_OPT_REPLACE_NEWER] === true)) { + } else { $p_entry['status'] = "newer_exist"; // ----- Look for PCLZIP_OPT_STOP_ON_ERROR // For historical reason first PclZip implementation does not stop // when this kind of error occurs. - if ( (isset($p_options[PCLZIP_OPT_STOP_ON_ERROR])) - && ($p_options[PCLZIP_OPT_STOP_ON_ERROR]===true)) { + if ((isset($p_options[PCLZIP_OPT_STOP_ON_ERROR])) && ($p_options[PCLZIP_OPT_STOP_ON_ERROR] === true)) { - PclZip::privErrorLog(PCLZIP_ERR_WRITE_OPEN_FAIL, - "Newer version of '".$p_entry['filename']."' exists " - ."and option PCLZIP_OPT_REPLACE_NEWER is not selected"); + PclZip::privErrorLog(PCLZIP_ERR_WRITE_OPEN_FAIL, "Newer version of '" . $p_entry['filename'] . "' exists " . "and option PCLZIP_OPT_REPLACE_NEWER is not selected"); - return PclZip::errorCode(); - } - } - } - else { - } - } + return PclZip::errorCode(); + } + } + } else { + } + + // ----- Check the directory availability and create it if necessary + } else { + if ((($p_entry['external'] & 0x00000010) == 0x00000010) || (substr($p_entry['filename'], -1) == '/')) { + $v_dir_to_check = $p_entry['filename']; + } elseif (!strstr($p_entry['filename'], "/")) { + $v_dir_to_check = ""; + } else { + $v_dir_to_check = dirname($p_entry['filename']); + } - // ----- Check the directory availability and create it if necessary - else { - if ((($p_entry['external']&0x00000010)==0x00000010) || (substr($p_entry['filename'], -1) == '/')) - $v_dir_to_check = $p_entry['filename']; - else if (!strstr($p_entry['filename'], "/")) - $v_dir_to_check = ""; - else - $v_dir_to_check = dirname($p_entry['filename']); + if (($v_result = $this->privDirCheck($v_dir_to_check, (($p_entry['external'] & 0x00000010) == 0x00000010))) != 1) { - if (($v_result = $this->privDirCheck($v_dir_to_check, (($p_entry['external']&0x00000010)==0x00000010))) != 1) { - // ----- Change the file status $p_entry['status'] = "path_creation_fail"; - + // ----- Return //return $v_result; $v_result = 1; @@ -3824,14 +3642,12 @@ function privExtractFile(&$p_entry, $p_path, $p_remove_path, $p_remove_all_path, if ($p_entry['status'] == 'ok') { // ----- Do the extraction (if not a folder) - if (!(($p_entry['external']&0x00000010)==0x00000010)) - { + if (!(($p_entry['external'] & 0x00000010) == 0x00000010)) { // ----- Look for not compressed file if ($p_entry['compression'] == 0) { - // ----- Opening destination file - if (($v_dest_file = @fopen($p_entry['filename'], 'wb')) == 0) - { + // ----- Opening destination file + if (($v_dest_file = @fopen($p_entry['filename'], 'wb')) == 0) { // ----- Change the file status $p_entry['status'] = "write_error"; @@ -3840,18 +3656,16 @@ function privExtractFile(&$p_entry, $p_path, $p_remove_path, $p_remove_all_path, return $v_result; } - // ----- Read the file by PCLZIP_READ_BLOCK_SIZE octets blocks $v_size = $p_entry['compressed_size']; - while ($v_size != 0) - { + while ($v_size != 0) { $v_read_size = ($v_size < PCLZIP_READ_BLOCK_SIZE ? $v_size : PCLZIP_READ_BLOCK_SIZE); - $v_buffer = @fread($this->zip_fd, $v_read_size); + $v_buffer = @fread($this->zip_fd, $v_read_size); /* Try to speed up the code - $v_binary_data = pack('a'.$v_read_size, $v_buffer); - @fwrite($v_dest_file, $v_binary_data, $v_read_size); - */ - @fwrite($v_dest_file, $v_buffer, $v_read_size); + $v_binary_data = pack('a'.$v_read_size, $v_buffer); + @fwrite($v_dest_file, $v_binary_data, $v_read_size); + */ + @fwrite($v_dest_file, $v_buffer, $v_read_size); $v_size -= $v_read_size; } @@ -3859,65 +3673,58 @@ function privExtractFile(&$p_entry, $p_path, $p_remove_path, $p_remove_all_path, fclose($v_dest_file); // ----- Change the file mtime - touch($p_entry['filename'], $p_entry['mtime']); - + @touch($p_entry['filename'], $p_entry['mtime']); - } - else { + } else { // ----- TBC // Need to be finished if (($p_entry['flag'] & 1) == 1) { - PclZip::privErrorLog(PCLZIP_ERR_UNSUPPORTED_ENCRYPTION, 'File \''.$p_entry['filename'].'\' is encrypted. Encrypted files are not supported.'); + PclZip::privErrorLog(PCLZIP_ERR_UNSUPPORTED_ENCRYPTION, 'File \'' . $p_entry['filename'] . '\' is encrypted. Encrypted files are not supported.'); + return PclZip::errorCode(); } - // ----- Look for using temporary file to unzip - if ( (!isset($p_options[PCLZIP_OPT_TEMP_FILE_OFF])) - && (isset($p_options[PCLZIP_OPT_TEMP_FILE_ON]) - || (isset($p_options[PCLZIP_OPT_TEMP_FILE_THRESHOLD]) - && ($p_options[PCLZIP_OPT_TEMP_FILE_THRESHOLD] <= $p_entry['size'])) ) ) { + if ((!isset($p_options[PCLZIP_OPT_TEMP_FILE_OFF])) && (isset($p_options[PCLZIP_OPT_TEMP_FILE_ON]) || (isset($p_options[PCLZIP_OPT_TEMP_FILE_THRESHOLD]) && ($p_options[PCLZIP_OPT_TEMP_FILE_THRESHOLD] <= $p_entry['size'])))) { $v_result = $this->privExtractFileUsingTempFile($p_entry, $p_options); if ($v_result < PCLZIP_ERR_NO_ERROR) { return $v_result; } - } - - // ----- Look for extract in memory - else { - + // ----- Look for extract in memory + } else { + // ----- Read the compressed file in a buffer (one shot) $v_buffer = @fread($this->zip_fd, $p_entry['compressed_size']); - + // ----- Decompress the file $v_file_content = @gzinflate($v_buffer); unset($v_buffer); - if ($v_file_content === FALSE) { - + if ($v_file_content === false) { + // ----- Change the file status // TBC $p_entry['status'] = "error"; - + return $v_result; } - + // ----- Opening destination file if (($v_dest_file = @fopen($p_entry['filename'], 'wb')) == 0) { - + // ----- Change the file status $p_entry['status'] = "write_error"; - + return $v_result; } - + // ----- Write the uncompressed data @fwrite($v_dest_file, $v_file_content, $p_entry['size']); unset($v_file_content); - + // ----- Closing the destination file @fclose($v_dest_file); - + } // ----- Change the file mtime @@ -3934,13 +3741,12 @@ function privExtractFile(&$p_entry, $p_path, $p_remove_path, $p_remove_all_path, } } - // ----- Change abort status - if ($p_entry['status'] == "aborted") { - $p_entry['status'] = "skipped"; - } - - // ----- Look for post-extract callback - elseif (isset($p_options[PCLZIP_CB_POST_EXTRACT])) { + // ----- Change abort status + if ($p_entry['status'] == "aborted") { + $p_entry['status'] = "skipped"; + + // ----- Look for post-extract callback + } elseif (isset($p_options[PCLZIP_CB_POST_EXTRACT])) { // ----- Generate a local information $v_local_header = array(); @@ -3949,12 +3755,12 @@ function privExtractFile(&$p_entry, $p_path, $p_remove_path, $p_remove_all_path, // ----- Call the callback // Here I do not use call_user_func() because I need to send a reference to the // header. -// eval('$v_result = '.$p_options[PCLZIP_CB_POST_EXTRACT].'(PCLZIP_CB_POST_EXTRACT, $v_local_header);'); + // eval('$v_result = '.$p_options[PCLZIP_CB_POST_EXTRACT].'(PCLZIP_CB_POST_EXTRACT, $v_local_header);'); $v_result = $p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header); // ----- Look for abort result if ($v_result == 2) { - $v_result = PCLZIP_ERR_USER_ABORTED; + $v_result = PCLZIP_ERR_USER_ABORTED; } } @@ -3969,29 +3775,28 @@ function privExtractFile(&$p_entry, $p_path, $p_remove_path, $p_remove_all_path, // Parameters : // Return Values : // -------------------------------------------------------------------------------- - function privExtractFileUsingTempFile(&$p_entry, &$p_options) + public function privExtractFileUsingTempFile(&$p_entry, &$p_options) { - $v_result=1; - + $v_result = 1; + // ----- Creates a temporary file - $v_gzip_temp_name = PCLZIP_TEMPORARY_DIR.uniqid('pclzip-').'.gz'; + $v_gzip_temp_name = PCLZIP_TEMPORARY_DIR . uniqid('pclzip-') . '.gz'; if (($v_dest_file = @fopen($v_gzip_temp_name, "wb")) == 0) { fclose($v_file); - PclZip::privErrorLog(PCLZIP_ERR_WRITE_OPEN_FAIL, 'Unable to open temporary file \''.$v_gzip_temp_name.'\' in binary write mode'); + PclZip::privErrorLog(PCLZIP_ERR_WRITE_OPEN_FAIL, 'Unable to open temporary file \'' . $v_gzip_temp_name . '\' in binary write mode'); + return PclZip::errorCode(); } - // ----- Write gz file format header $v_binary_data = pack('va1a1Va1a1', 0x8b1f, Chr($p_entry['compression']), Chr(0x00), time(), Chr(0x00), Chr(3)); @fwrite($v_dest_file, $v_binary_data, 10); // ----- Read the file by PCLZIP_READ_BLOCK_SIZE octets blocks $v_size = $p_entry['compressed_size']; - while ($v_size != 0) - { + while ($v_size != 0) { $v_read_size = ($v_size < PCLZIP_READ_BLOCK_SIZE ? $v_size : PCLZIP_READ_BLOCK_SIZE); - $v_buffer = @fread($this->zip_fd, $v_read_size); + $v_buffer = @fread($this->zip_fd, $v_read_size); //$v_binary_data = pack('a'.$v_read_size, $v_buffer); @fwrite($v_dest_file, $v_buffer, $v_read_size); $v_size -= $v_read_size; @@ -4007,6 +3812,7 @@ function privExtractFileUsingTempFile(&$p_entry, &$p_options) // ----- Opening destination file if (($v_dest_file = @fopen($p_entry['filename'], 'wb')) == 0) { $p_entry['status'] = "write_error"; + return $v_result; } @@ -4014,16 +3820,16 @@ function privExtractFileUsingTempFile(&$p_entry, &$p_options) if (($v_src_file = @gzopen($v_gzip_temp_name, 'rb')) == 0) { @fclose($v_dest_file); $p_entry['status'] = "read_error"; - PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Unable to open temporary file \''.$v_gzip_temp_name.'\' in binary read mode'); + PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Unable to open temporary file \'' . $v_gzip_temp_name . '\' in binary read mode'); + return PclZip::errorCode(); } - // ----- Read the file by PCLZIP_READ_BLOCK_SIZE octets blocks $v_size = $p_entry['size']; while ($v_size != 0) { $v_read_size = ($v_size < PCLZIP_READ_BLOCK_SIZE ? $v_size : PCLZIP_READ_BLOCK_SIZE); - $v_buffer = @gzread($v_src_file, $v_read_size); + $v_buffer = @gzread($v_src_file, $v_read_size); //$v_binary_data = pack('a'.$v_read_size, $v_buffer); @fwrite($v_dest_file, $v_buffer, $v_read_size); $v_size -= $v_read_size; @@ -4033,7 +3839,7 @@ function privExtractFileUsingTempFile(&$p_entry, &$p_options) // ----- Delete the temporary file @unlink($v_gzip_temp_name); - + // ----- Return return $v_result; } @@ -4045,19 +3851,18 @@ function privExtractFileUsingTempFile(&$p_entry, &$p_options) // Parameters : // Return Values : // -------------------------------------------------------------------------------- - function privExtractFileInOutput(&$p_entry, &$p_options) + public function privExtractFileInOutput(&$p_entry, &$p_options) { - $v_result=1; + $v_result = 1; // ----- Read the file header if (($v_result = $this->privReadFileHeader($v_header)) != 1) { return $v_result; } - // ----- Check that the file header is coherent with $p_entry info if ($this->privCheckFileHeaders($v_header, $p_entry) != 1) { - // TBC + // TBC } // ----- Look for pre-extract callback @@ -4070,19 +3875,19 @@ function privExtractFileInOutput(&$p_entry, &$p_options) // ----- Call the callback // Here I do not use call_user_func() because I need to send a reference to the // header. -// eval('$v_result = '.$p_options[PCLZIP_CB_PRE_EXTRACT].'(PCLZIP_CB_PRE_EXTRACT, $v_local_header);'); + // eval('$v_result = '.$p_options[PCLZIP_CB_PRE_EXTRACT].'(PCLZIP_CB_PRE_EXTRACT, $v_local_header);'); $v_result = $p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header); if ($v_result == 0) { // ----- Change the file status $p_entry['status'] = "skipped"; - $v_result = 1; + $v_result = 1; } // ----- Look for abort result if ($v_result == 2) { // ----- This status is internal and will be changed in 'skipped' $p_entry['status'] = "aborted"; - $v_result = PCLZIP_ERR_USER_ABORTED; + $v_result = PCLZIP_ERR_USER_ABORTED; } // ----- Update the informations @@ -4096,7 +3901,7 @@ function privExtractFileInOutput(&$p_entry, &$p_options) if ($p_entry['status'] == 'ok') { // ----- Do the extraction (if not a folder) - if (!(($p_entry['external']&0x00000010)==0x00000010)) { + if (!(($p_entry['external'] & 0x00000010) == 0x00000010)) { // ----- Look for not compressed file if ($p_entry['compressed_size'] == $p_entry['size']) { @@ -4106,12 +3911,11 @@ function privExtractFileInOutput(&$p_entry, &$p_options) // ----- Send the file to the output echo $v_buffer; unset($v_buffer); - } - else { + } else { // ----- Read the compressed file in a buffer (one shot) $v_buffer = @fread($this->zip_fd, $p_entry['compressed_size']); - + // ----- Decompress the file $v_file_content = gzinflate($v_buffer); unset($v_buffer); @@ -4123,13 +3927,12 @@ function privExtractFileInOutput(&$p_entry, &$p_options) } } - // ----- Change abort status - if ($p_entry['status'] == "aborted") { + // ----- Change abort status + if ($p_entry['status'] == "aborted") { $p_entry['status'] = "skipped"; - } - // ----- Look for post-extract callback - elseif (isset($p_options[PCLZIP_CB_POST_EXTRACT])) { + // ----- Look for post-extract callback + } elseif (isset($p_options[PCLZIP_CB_POST_EXTRACT])) { // ----- Generate a local information $v_local_header = array(); @@ -4138,12 +3941,12 @@ function privExtractFileInOutput(&$p_entry, &$p_options) // ----- Call the callback // Here I do not use call_user_func() because I need to send a reference to the // header. -// eval('$v_result = '.$p_options[PCLZIP_CB_POST_EXTRACT].'(PCLZIP_CB_POST_EXTRACT, $v_local_header);'); + // eval('$v_result = '.$p_options[PCLZIP_CB_POST_EXTRACT].'(PCLZIP_CB_POST_EXTRACT, $v_local_header);'); $v_result = $p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header); // ----- Look for abort result if ($v_result == 2) { - $v_result = PCLZIP_ERR_USER_ABORTED; + $v_result = PCLZIP_ERR_USER_ABORTED; } } @@ -4157,22 +3960,20 @@ function privExtractFileInOutput(&$p_entry, &$p_options) // Parameters : // Return Values : // -------------------------------------------------------------------------------- - function privExtractFileAsString(&$p_entry, &$p_string, &$p_options) + public function privExtractFileAsString(&$p_entry, &$p_string, &$p_options) { - $v_result=1; + $v_result = 1; // ----- Read the file header $v_header = array(); - if (($v_result = $this->privReadFileHeader($v_header)) != 1) - { + if (($v_result = $this->privReadFileHeader($v_header)) != 1) { // ----- Return return $v_result; } - // ----- Check that the file header is coherent with $p_entry info if ($this->privCheckFileHeaders($v_header, $p_entry) != 1) { - // TBC + // TBC } // ----- Look for pre-extract callback @@ -4185,19 +3986,19 @@ function privExtractFileAsString(&$p_entry, &$p_string, &$p_options) // ----- Call the callback // Here I do not use call_user_func() because I need to send a reference to the // header. -// eval('$v_result = '.$p_options[PCLZIP_CB_PRE_EXTRACT].'(PCLZIP_CB_PRE_EXTRACT, $v_local_header);'); + // eval('$v_result = '.$p_options[PCLZIP_CB_PRE_EXTRACT].'(PCLZIP_CB_PRE_EXTRACT, $v_local_header);'); $v_result = $p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header); if ($v_result == 0) { // ----- Change the file status $p_entry['status'] = "skipped"; - $v_result = 1; + $v_result = 1; } - + // ----- Look for abort result if ($v_result == 2) { // ----- This status is internal and will be changed in 'skipped' $p_entry['status'] = "aborted"; - $v_result = PCLZIP_ERR_USER_ABORTED; + $v_result = PCLZIP_ERR_USER_ABORTED; } // ----- Update the informations @@ -4205,58 +4006,54 @@ function privExtractFileAsString(&$p_entry, &$p_string, &$p_options) $p_entry['filename'] = $v_local_header['filename']; } - // ----- Look if extraction should be done if ($p_entry['status'] == 'ok') { // ----- Do the extraction (if not a folder) - if (!(($p_entry['external']&0x00000010)==0x00000010)) { + if (!(($p_entry['external'] & 0x00000010) == 0x00000010)) { // ----- Look for not compressed file - // if ($p_entry['compressed_size'] == $p_entry['size']) + // if ($p_entry['compressed_size'] == $p_entry['size']) if ($p_entry['compression'] == 0) { - + // ----- Reading the file $p_string = @fread($this->zip_fd, $p_entry['compressed_size']); - } - else { - + } else { + // ----- Reading the file $v_data = @fread($this->zip_fd, $p_entry['compressed_size']); - + // ----- Decompress the file - if (($p_string = @gzinflate($v_data)) === FALSE) { - // TBC + if (($p_string = @gzinflate($v_data)) === false) { + // TBC } } - + // ----- Trace + } else { + // TBC : error : can not extract a folder in a string } - else { - // TBC : error : can not extract a folder in a string - } - + } - // ----- Change abort status - if ($p_entry['status'] == "aborted") { - $p_entry['status'] = "skipped"; - } - - // ----- Look for post-extract callback - elseif (isset($p_options[PCLZIP_CB_POST_EXTRACT])) { + // ----- Change abort status + if ($p_entry['status'] == "aborted") { + $p_entry['status'] = "skipped"; + + // ----- Look for post-extract callback + } elseif (isset($p_options[PCLZIP_CB_POST_EXTRACT])) { // ----- Generate a local information $v_local_header = array(); $this->privConvertHeader2FileInfo($p_entry, $v_local_header); - + // ----- Swap the content to header $v_local_header['content'] = $p_string; - $p_string = ''; + $p_string = ''; // ----- Call the callback // Here I do not use call_user_func() because I need to send a reference to the // header. -// eval('$v_result = '.$p_options[PCLZIP_CB_POST_EXTRACT].'(PCLZIP_CB_POST_EXTRACT, $v_local_header);'); + // eval('$v_result = '.$p_options[PCLZIP_CB_POST_EXTRACT].'(PCLZIP_CB_POST_EXTRACT, $v_local_header);'); $v_result = $p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header); // ----- Swap back the content to header @@ -4265,7 +4062,7 @@ function privExtractFileAsString(&$p_entry, &$p_string, &$p_options) // ----- Look for abort result if ($v_result == 2) { - $v_result = PCLZIP_ERR_USER_ABORTED; + $v_result = PCLZIP_ERR_USER_ABORTED; } } @@ -4280,17 +4077,16 @@ function privExtractFileAsString(&$p_entry, &$p_string, &$p_options) // Parameters : // Return Values : // -------------------------------------------------------------------------------- - function privReadFileHeader(&$p_header) + public function privReadFileHeader(&$p_header) { - $v_result=1; + $v_result = 1; // ----- Read the 4 bytes signature $v_binary_data = @fread($this->zip_fd, 4); - $v_data = unpack('Vid', $v_binary_data); + $v_data = unpack('Vid', $v_binary_data); // ----- Check signature - if ($v_data['id'] != 0x04034b50) - { + if ($v_data['id'] != 0x04034b50) { // ----- Error log PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, 'Invalid archive structure'); @@ -4303,13 +4099,12 @@ function privReadFileHeader(&$p_header) $v_binary_data = fread($this->zip_fd, 26); // ----- Look for invalid block size - if (strlen($v_binary_data) != 26) - { + if (strlen($v_binary_data) != 26) { $p_header['filename'] = ""; - $p_header['status'] = "invalid_header"; + $p_header['status'] = "invalid_header"; // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, "Invalid block size : ".strlen($v_binary_data)); + PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, "Invalid block size : " . strlen($v_binary_data)); // ----- Return return PclZip::errorCode(); @@ -4324,46 +4119,42 @@ function privReadFileHeader(&$p_header) // ----- Get extra_fields if ($v_data['extra_len'] != 0) { $p_header['extra'] = fread($this->zip_fd, $v_data['extra_len']); - } - else { + } else { $p_header['extra'] = ''; } // ----- Extract properties $p_header['version_extracted'] = $v_data['version']; - $p_header['compression'] = $v_data['compression']; - $p_header['size'] = $v_data['size']; - $p_header['compressed_size'] = $v_data['compressed_size']; - $p_header['crc'] = $v_data['crc']; - $p_header['flag'] = $v_data['flag']; - $p_header['filename_len'] = $v_data['filename_len']; + $p_header['compression'] = $v_data['compression']; + $p_header['size'] = $v_data['size']; + $p_header['compressed_size'] = $v_data['compressed_size']; + $p_header['crc'] = $v_data['crc']; + $p_header['flag'] = $v_data['flag']; + $p_header['filename_len'] = $v_data['filename_len']; // ----- Recuperate date in UNIX format $p_header['mdate'] = $v_data['mdate']; $p_header['mtime'] = $v_data['mtime']; - if ($p_header['mdate'] && $p_header['mtime']) - { + if ($p_header['mdate'] && $p_header['mtime']) { // ----- Extract time - $v_hour = ($p_header['mtime'] & 0xF800) >> 11; - $v_minute = ($p_header['mtime'] & 0x07E0) >> 5; - $v_seconde = ($p_header['mtime'] & 0x001F)*2; + $v_hour = ($p_header['mtime'] & 0xF800) >> 11; + $v_minute = ($p_header['mtime'] & 0x07E0) >> 5; + $v_seconde = ($p_header['mtime'] & 0x001F) * 2; // ----- Extract date - $v_year = (($p_header['mdate'] & 0xFE00) >> 9) + 1980; + $v_year = (($p_header['mdate'] & 0xFE00) >> 9) + 1980; $v_month = ($p_header['mdate'] & 0x01E0) >> 5; - $v_day = $p_header['mdate'] & 0x001F; + $v_day = $p_header['mdate'] & 0x001F; // ----- Get UNIX date format $p_header['mtime'] = @mktime($v_hour, $v_minute, $v_seconde, $v_month, $v_day, $v_year); - } - else - { + } else { $p_header['mtime'] = time(); } // TBC - //for(reset($v_data); $key = key($v_data); next($v_data)) { + //for (reset($v_data); $key = key($v_data); next($v_data)) { //} // ----- Set the stored filename @@ -4383,17 +4174,16 @@ function privReadFileHeader(&$p_header) // Parameters : // Return Values : // -------------------------------------------------------------------------------- - function privReadCentralFileHeader(&$p_header) + public function privReadCentralFileHeader(&$p_header) { - $v_result=1; + $v_result = 1; // ----- Read the 4 bytes signature $v_binary_data = @fread($this->zip_fd, 4); - $v_data = unpack('Vid', $v_binary_data); + $v_data = unpack('Vid', $v_binary_data); // ----- Check signature - if ($v_data['id'] != 0x02014b50) - { + if ($v_data['id'] != 0x02014b50) { // ----- Error log PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, 'Invalid archive structure'); @@ -4406,13 +4196,12 @@ function privReadCentralFileHeader(&$p_header) $v_binary_data = fread($this->zip_fd, 42); // ----- Look for invalid block size - if (strlen($v_binary_data) != 42) - { + if (strlen($v_binary_data) != 42) { $p_header['filename'] = ""; - $p_header['status'] = "invalid_header"; + $p_header['status'] = "invalid_header"; // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, "Invalid block size : ".strlen($v_binary_data)); + PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, "Invalid block size : " . strlen($v_binary_data)); // ----- Return return PclZip::errorCode(); @@ -4422,46 +4211,46 @@ function privReadCentralFileHeader(&$p_header) $p_header = unpack('vversion/vversion_extracted/vflag/vcompression/vmtime/vmdate/Vcrc/Vcompressed_size/Vsize/vfilename_len/vextra_len/vcomment_len/vdisk/vinternal/Vexternal/Voffset', $v_binary_data); // ----- Get filename - if ($p_header['filename_len'] != 0) + if ($p_header['filename_len'] != 0) { $p_header['filename'] = fread($this->zip_fd, $p_header['filename_len']); - else + } else { $p_header['filename'] = ''; + } // ----- Get extra - if ($p_header['extra_len'] != 0) + if ($p_header['extra_len'] != 0) { $p_header['extra'] = fread($this->zip_fd, $p_header['extra_len']); - else + } else { $p_header['extra'] = ''; + } // ----- Get comment - if ($p_header['comment_len'] != 0) + if ($p_header['comment_len'] != 0) { $p_header['comment'] = fread($this->zip_fd, $p_header['comment_len']); - else + } else { $p_header['comment'] = ''; + } // ----- Extract properties // ----- Recuperate date in UNIX format //if ($p_header['mdate'] && $p_header['mtime']) // TBC : bug : this was ignoring time with 0/0/0 - if (1) - { + if (1) { // ----- Extract time - $v_hour = ($p_header['mtime'] & 0xF800) >> 11; - $v_minute = ($p_header['mtime'] & 0x07E0) >> 5; - $v_seconde = ($p_header['mtime'] & 0x001F)*2; + $v_hour = ($p_header['mtime'] & 0xF800) >> 11; + $v_minute = ($p_header['mtime'] & 0x07E0) >> 5; + $v_seconde = ($p_header['mtime'] & 0x001F) * 2; // ----- Extract date - $v_year = (($p_header['mdate'] & 0xFE00) >> 9) + 1980; + $v_year = (($p_header['mdate'] & 0xFE00) >> 9) + 1980; $v_month = ($p_header['mdate'] & 0x01E0) >> 5; - $v_day = $p_header['mdate'] & 0x001F; + $v_day = $p_header['mdate'] & 0x001F; // ----- Get UNIX date format $p_header['mtime'] = @mktime($v_hour, $v_minute, $v_seconde, $v_month, $v_day, $v_year); - } - else - { + } else { $p_header['mtime'] = time(); } @@ -4477,7 +4266,6 @@ function privReadCentralFileHeader(&$p_header) $p_header['external'] = 0x00000010; } - // ----- Return return $v_result; } @@ -4491,31 +4279,31 @@ function privReadCentralFileHeader(&$p_header) // 1 on success, // 0 on error; // -------------------------------------------------------------------------------- - function privCheckFileHeaders(&$p_local_header, &$p_central_header) + public function privCheckFileHeaders(&$p_local_header, &$p_central_header) { - $v_result=1; - - // ----- Check the static values - // TBC - if ($p_local_header['filename'] != $p_central_header['filename']) { - } - if ($p_local_header['version_extracted'] != $p_central_header['version_extracted']) { - } - if ($p_local_header['flag'] != $p_central_header['flag']) { - } - if ($p_local_header['compression'] != $p_central_header['compression']) { - } - if ($p_local_header['mtime'] != $p_central_header['mtime']) { - } - if ($p_local_header['filename_len'] != $p_central_header['filename_len']) { - } - - // ----- Look for flag bit 3 - if (($p_local_header['flag'] & 8) == 8) { - $p_local_header['size'] = $p_central_header['size']; - $p_local_header['compressed_size'] = $p_central_header['compressed_size']; - $p_local_header['crc'] = $p_central_header['crc']; - } + $v_result = 1; + + // ----- Check the static values + // TBC + if ($p_local_header['filename'] != $p_central_header['filename']) { + } + if ($p_local_header['version_extracted'] != $p_central_header['version_extracted']) { + } + if ($p_local_header['flag'] != $p_central_header['flag']) { + } + if ($p_local_header['compression'] != $p_central_header['compression']) { + } + if ($p_local_header['mtime'] != $p_central_header['mtime']) { + } + if ($p_local_header['filename_len'] != $p_central_header['filename_len']) { + } + + // ----- Look for flag bit 3 + if (($p_local_header['flag'] & 8) == 8) { + $p_local_header['size'] = $p_central_header['size']; + $p_local_header['compressed_size'] = $p_central_header['compressed_size']; + $p_local_header['crc'] = $p_central_header['crc']; + } // ----- Return return $v_result; @@ -4528,17 +4316,16 @@ function privCheckFileHeaders(&$p_local_header, &$p_central_header) // Parameters : // Return Values : // -------------------------------------------------------------------------------- - function privReadEndCentralDir(&$p_central_dir) + public function privReadEndCentralDir(&$p_central_dir) { - $v_result=1; + $v_result = 1; // ----- Go to the end of the zip file $v_size = filesize($this->zipname); @fseek($this->zip_fd, $v_size); - if (@ftell($this->zip_fd) != $v_size) - { + if (@ftell($this->zip_fd) != $v_size) { // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, 'Unable to go to the end of the archive \''.$this->zipname.'\''); + PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, 'Unable to go to the end of the archive \'' . $this->zipname . '\''); // ----- Return return PclZip::errorCode(); @@ -4548,11 +4335,10 @@ function privReadEndCentralDir(&$p_central_dir) // in this case the end of central dir is at 22 bytes of the file end $v_found = 0; if ($v_size > 26) { - @fseek($this->zip_fd, $v_size-22); - if (($v_pos = @ftell($this->zip_fd)) != ($v_size-22)) - { + @fseek($this->zip_fd, $v_size - 22); + if (($v_pos = @ftell($this->zip_fd)) != ($v_size - 22)) { // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, 'Unable to seek back to the middle of the archive \''.$this->zipname.'\''); + PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, 'Unable to seek back to the middle of the archive \'' . $this->zipname . '\''); // ----- Return return PclZip::errorCode(); @@ -4560,7 +4346,7 @@ function privReadEndCentralDir(&$p_central_dir) // ----- Read for bytes $v_binary_data = @fread($this->zip_fd, 4); - $v_data = @unpack('Vid', $v_binary_data); + $v_data = @unpack('Vid', $v_binary_data); // ----- Check signature if ($v_data['id'] == 0x06054b50) { @@ -4573,35 +4359,33 @@ function privReadEndCentralDir(&$p_central_dir) // ----- Go back to the maximum possible size of the Central Dir End Record if (!$v_found) { $v_maximum_size = 65557; // 0xFFFF + 22; - if ($v_maximum_size > $v_size) + if ($v_maximum_size > $v_size) { $v_maximum_size = $v_size; - @fseek($this->zip_fd, $v_size-$v_maximum_size); - if (@ftell($this->zip_fd) != ($v_size-$v_maximum_size)) - { + } + @fseek($this->zip_fd, $v_size - $v_maximum_size); + if (@ftell($this->zip_fd) != ($v_size - $v_maximum_size)) { // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, 'Unable to seek back to the middle of the archive \''.$this->zipname.'\''); + PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, 'Unable to seek back to the middle of the archive \'' . $this->zipname . '\''); // ----- Return return PclZip::errorCode(); } // ----- Read byte per byte in order to find the signature - $v_pos = ftell($this->zip_fd); + $v_pos = ftell($this->zip_fd); $v_bytes = 0x00000000; - while ($v_pos < $v_size) - { + while ($v_pos < $v_size) { // ----- Read a byte $v_byte = @fread($this->zip_fd, 1); // ----- Add the byte //$v_bytes = ($v_bytes << 8) | Ord($v_byte); - // Note we mask the old value down such that once shifted we can never end up with more than a 32bit number - // Otherwise on systems where we have 64bit integers the check below for the magic number will fail. - $v_bytes = ( ($v_bytes & 0xFFFFFF) << 8) | Ord($v_byte); + // Note we mask the old value down such that once shifted we can never end up with more than a 32bit number + // Otherwise on systems where we have 64bit integers the check below for the magic number will fail. + $v_bytes = (($v_bytes & 0xFFFFFF) << 8) | Ord($v_byte); // ----- Compare the bytes - if ($v_bytes == 0x504b0506) - { + if ($v_bytes == 0x504b0506) { $v_pos++; break; } @@ -4610,8 +4394,7 @@ function privReadEndCentralDir(&$p_central_dir) } // ----- Look if not found end of central dir - if ($v_pos == $v_size) - { + if ($v_pos == $v_size) { // ----- Error log PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, "Unable to find End of Central Dir Record signature"); @@ -4625,11 +4408,10 @@ function privReadEndCentralDir(&$p_central_dir) $v_binary_data = fread($this->zip_fd, 18); // ----- Look for invalid block size - if (strlen($v_binary_data) != 18) - { + if (strlen($v_binary_data) != 18) { // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, "Invalid End of Central Dir Record size : ".strlen($v_binary_data)); + PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, "Invalid End of Central Dir Record size : " . strlen($v_binary_data)); // ----- Return return PclZip::errorCode(); @@ -4641,37 +4423,35 @@ function privReadEndCentralDir(&$p_central_dir) // ----- Check the global size if (($v_pos + $v_data['comment_size'] + 18) != $v_size) { - // ----- Removed in release 2.2 see readme file - // The check of the file size is a little too strict. - // Some bugs where found when a zip is encrypted/decrypted with 'crypt'. - // While decrypted, zip has training 0 bytes - if (0) { - // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, - 'The central dir is not at the end of the archive.' - .' Some trailing bytes exists after the archive.'); + // ----- Removed in release 2.2 see readme file + // The check of the file size is a little too strict. + // Some bugs where found when a zip is encrypted/decrypted with 'crypt'. + // While decrypted, zip has training 0 bytes + if (0) { + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_BAD_FORMAT, 'The central dir is not at the end of the archive.' . ' Some trailing bytes exists after the archive.'); - // ----- Return - return PclZip::errorCode(); - } + // ----- Return + return PclZip::errorCode(); + } } // ----- Get comment if ($v_data['comment_size'] != 0) { $p_central_dir['comment'] = fread($this->zip_fd, $v_data['comment_size']); - } - else + } else { $p_central_dir['comment'] = ''; + } - $p_central_dir['entries'] = $v_data['entries']; + $p_central_dir['entries'] = $v_data['entries']; $p_central_dir['disk_entries'] = $v_data['disk_entries']; - $p_central_dir['offset'] = $v_data['offset']; - $p_central_dir['size'] = $v_data['size']; - $p_central_dir['disk'] = $v_data['disk']; - $p_central_dir['disk_start'] = $v_data['disk_start']; + $p_central_dir['offset'] = $v_data['offset']; + $p_central_dir['size'] = $v_data['size']; + $p_central_dir['disk'] = $v_data['disk']; + $p_central_dir['disk_start'] = $v_data['disk_start']; // TBC - //for(reset($p_central_dir); $key = key($p_central_dir); next($p_central_dir)) { + //for (reset($p_central_dir); $key = key($p_central_dir); next($p_central_dir)) { //} // ----- Return @@ -4685,23 +4465,22 @@ function privReadEndCentralDir(&$p_central_dir) // Parameters : // Return Values : // -------------------------------------------------------------------------------- - function privDeleteByRule(&$p_result_list, &$p_options) + public function privDeleteByRule(&$p_result_list, &$p_options) { - $v_result=1; + $v_result = 1; $v_list_detail = array(); // ----- Open the zip file - if (($v_result=$this->privOpenFd('rb')) != 1) - { + if (($v_result = $this->privOpenFd('rb')) != 1) { // ----- Return return $v_result; } // ----- Read the central directory informations $v_central_dir = array(); - if (($v_result = $this->privReadEndCentralDir($v_central_dir)) != 1) - { + if (($v_result = $this->privReadEndCentralDir($v_central_dir)) != 1) { $this->privCloseFd(); + return $v_result; } @@ -4712,8 +4491,7 @@ function privDeleteByRule(&$p_result_list, &$p_options) // ----- Start at beginning of Central Dir $v_pos_entry = $v_central_dir['offset']; @rewind($this->zip_fd); - if (@fseek($this->zip_fd, $v_pos_entry)) - { + if (@fseek($this->zip_fd, $v_pos_entry)) { // ----- Close the zip file $this->privCloseFd(); @@ -4726,21 +4504,18 @@ function privDeleteByRule(&$p_result_list, &$p_options) // ----- Read each entry $v_header_list = array(); - $j_start = 0; - for ($i=0, $v_nb_extracted=0; $i<$v_central_dir['entries']; $i++) - { + $j_start = 0; + for ($i = 0, $v_nb_extracted = 0; $i < $v_central_dir['entries']; $i++) { // ----- Read the file header $v_header_list[$v_nb_extracted] = array(); - if (($v_result = $this->privReadCentralFileHeader($v_header_list[$v_nb_extracted])) != 1) - { + if (($v_result = $this->privReadCentralFileHeader($v_header_list[$v_nb_extracted])) != 1) { // ----- Close the zip file $this->privCloseFd(); return $v_result; } - // ----- Store the index $v_header_list[$v_nb_extracted]['index'] = $i; @@ -4748,83 +4523,71 @@ function privDeleteByRule(&$p_result_list, &$p_options) $v_found = false; // ----- Look for extract by name rule - if ( (isset($p_options[PCLZIP_OPT_BY_NAME])) - && ($p_options[PCLZIP_OPT_BY_NAME] != 0)) { - - // ----- Look if the filename is in the list - for ($j=0; ($j strlen($p_options[PCLZIP_OPT_BY_NAME][$j])) - && (substr($v_header_list[$v_nb_extracted]['stored_filename'], 0, strlen($p_options[PCLZIP_OPT_BY_NAME][$j])) == $p_options[PCLZIP_OPT_BY_NAME][$j])) { - $v_found = true; - } - elseif ( (($v_header_list[$v_nb_extracted]['external']&0x00000010)==0x00000010) /* Indicates a folder */ - && ($v_header_list[$v_nb_extracted]['stored_filename'].'/' == $p_options[PCLZIP_OPT_BY_NAME][$j])) { - $v_found = true; - } - } - // ----- Look for a filename - elseif ($v_header_list[$v_nb_extracted]['stored_filename'] == $p_options[PCLZIP_OPT_BY_NAME][$j]) { - $v_found = true; - } - } - } + if ((isset($p_options[PCLZIP_OPT_BY_NAME])) && ($p_options[PCLZIP_OPT_BY_NAME] != 0)) { + + // ----- Look if the filename is in the list + for ($j = 0; ($j < sizeof($p_options[PCLZIP_OPT_BY_NAME])) && (!$v_found); $j++) { - // ----- Look for extract by ereg rule - // ereg() is deprecated with PHP 5.3 - /* - else if ( (isset($p_options[PCLZIP_OPT_BY_EREG])) - && ($p_options[PCLZIP_OPT_BY_EREG] != "")) { + // ----- Look for a directory + if (substr($p_options[PCLZIP_OPT_BY_NAME][$j], -1) == "/") { - if (ereg($p_options[PCLZIP_OPT_BY_EREG], $v_header_list[$v_nb_extracted]['stored_filename'])) { + // ----- Look if the directory is in the filename path + if ((strlen($v_header_list[$v_nb_extracted]['stored_filename']) > strlen($p_options[PCLZIP_OPT_BY_NAME][$j])) && (substr($v_header_list[$v_nb_extracted]['stored_filename'], 0, strlen($p_options[PCLZIP_OPT_BY_NAME][$j])) == $p_options[PCLZIP_OPT_BY_NAME][$j])) { $v_found = true; + } elseif ((($v_header_list[$v_nb_extracted]['external'] & 0x00000010) == 0x00000010) /* Indicates a folder */ && ($v_header_list[$v_nb_extracted]['stored_filename'] . '/' == $p_options[PCLZIP_OPT_BY_NAME][$j])) { + $v_found = true; + } + + // ----- Look for a filename + } elseif ($v_header_list[$v_nb_extracted]['stored_filename'] == $p_options[PCLZIP_OPT_BY_NAME][$j]) { + $v_found = true; } - } - */ + } - // ----- Look for extract by preg rule - else if ( (isset($p_options[PCLZIP_OPT_BY_PREG])) - && ($p_options[PCLZIP_OPT_BY_PREG] != "")) { + // ----- Look for extract by ereg rule + // ereg() is deprecated with PHP 5.3 + /* + elseif ( (isset($p_options[PCLZIP_OPT_BY_EREG])) + && ($p_options[PCLZIP_OPT_BY_EREG] != "")) { - if (preg_match($p_options[PCLZIP_OPT_BY_PREG], $v_header_list[$v_nb_extracted]['stored_filename'])) { - $v_found = true; - } - } + if (ereg($p_options[PCLZIP_OPT_BY_EREG], $v_header_list[$v_nb_extracted]['stored_filename'])) { + $v_found = true; + } + } + */ - // ----- Look for extract by index rule - else if ( (isset($p_options[PCLZIP_OPT_BY_INDEX])) - && ($p_options[PCLZIP_OPT_BY_INDEX] != 0)) { + // ----- Look for extract by preg rule + } elseif ((isset($p_options[PCLZIP_OPT_BY_PREG])) && ($p_options[PCLZIP_OPT_BY_PREG] != "")) { - // ----- Look if the index is in the list - for ($j=$j_start; ($j=$p_options[PCLZIP_OPT_BY_INDEX][$j]['start']) && ($i<=$p_options[PCLZIP_OPT_BY_INDEX][$j]['end'])) { - $v_found = true; - } - if ($i>=$p_options[PCLZIP_OPT_BY_INDEX][$j]['end']) { - $j_start = $j+1; - } + // ----- Look for extract by index rule + } elseif ((isset($p_options[PCLZIP_OPT_BY_INDEX])) && ($p_options[PCLZIP_OPT_BY_INDEX] != 0)) { - if ($p_options[PCLZIP_OPT_BY_INDEX][$j]['start']>$i) { - break; - } + // ----- Look if the index is in the list + for ($j = $j_start; ($j < sizeof($p_options[PCLZIP_OPT_BY_INDEX])) && (!$v_found); $j++) { + + if (($i >= $p_options[PCLZIP_OPT_BY_INDEX][$j]['start']) && ($i <= $p_options[PCLZIP_OPT_BY_INDEX][$j]['end'])) { + $v_found = true; } - } - else { - $v_found = true; + if ($i >= $p_options[PCLZIP_OPT_BY_INDEX][$j]['end']) { + $j_start = $j + 1; + } + + if ($p_options[PCLZIP_OPT_BY_INDEX][$j]['start'] > $i) { + break; + } + } + } else { + $v_found = true; } // ----- Look for deletion - if ($v_found) - { + if ($v_found) { unset($v_header_list[$v_nb_extracted]); - } - else - { + } else { $v_nb_extracted++; } } @@ -4832,151 +4595,148 @@ function privDeleteByRule(&$p_result_list, &$p_options) // ----- Look if something need to be deleted if ($v_nb_extracted > 0) { - // ----- Creates a temporay file - $v_zip_temp_name = PCLZIP_TEMPORARY_DIR.uniqid('pclzip-').'.tmp'; + // ----- Creates a temporay file + $v_zip_temp_name = PCLZIP_TEMPORARY_DIR . uniqid('pclzip-') . '.tmp'; - // ----- Creates a temporary zip archive - $v_temp_zip = new PclZip($v_zip_temp_name); + // ----- Creates a temporary zip archive + $v_temp_zip = new PclZip($v_zip_temp_name); - // ----- Open the temporary zip file in write mode - if (($v_result = $v_temp_zip->privOpenFd('wb')) != 1) { - $this->privCloseFd(); - - // ----- Return - return $v_result; - } - - // ----- Look which file need to be kept - for ($i=0; $izip_fd); - if (@fseek($this->zip_fd, $v_header_list[$i]['offset'])) { - // ----- Close the zip file - $this->privCloseFd(); - $v_temp_zip->privCloseFd(); - @unlink($v_zip_temp_name); + // ----- Open the temporary zip file in write mode + if (($v_result = $v_temp_zip->privOpenFd('wb')) != 1) { + $this->privCloseFd(); - // ----- Error log - PclZip::privErrorLog(PCLZIP_ERR_INVALID_ARCHIVE_ZIP, 'Invalid archive size'); + // ----- Return + return $v_result; + } - // ----- Return - return PclZip::errorCode(); - } + // ----- Look which file need to be kept + for ($i = 0; $i < sizeof($v_header_list); $i++) { - // ----- Read the file header - $v_local_header = array(); - if (($v_result = $this->privReadFileHeader($v_local_header)) != 1) { - // ----- Close the zip file - $this->privCloseFd(); - $v_temp_zip->privCloseFd(); - @unlink($v_zip_temp_name); + // ----- Calculate the position of the header + @rewind($this->zip_fd); + if (@fseek($this->zip_fd, $v_header_list[$i]['offset'])) { + // ----- Close the zip file + $this->privCloseFd(); + $v_temp_zip->privCloseFd(); + @unlink($v_zip_temp_name); - // ----- Return - return $v_result; - } - - // ----- Check that local file header is same as central file header - if ($this->privCheckFileHeaders($v_local_header, - $v_header_list[$i]) != 1) { - // TBC - } - unset($v_local_header); + // ----- Error log + PclZip::privErrorLog(PCLZIP_ERR_INVALID_ARCHIVE_ZIP, 'Invalid archive size'); - // ----- Write the file header - if (($v_result = $v_temp_zip->privWriteFileHeader($v_header_list[$i])) != 1) { - // ----- Close the zip file - $this->privCloseFd(); - $v_temp_zip->privCloseFd(); - @unlink($v_zip_temp_name); + // ----- Return + return PclZip::errorCode(); + } - // ----- Return - return $v_result; - } + // ----- Read the file header + $v_local_header = array(); + if (($v_result = $this->privReadFileHeader($v_local_header)) != 1) { + // ----- Close the zip file + $this->privCloseFd(); + $v_temp_zip->privCloseFd(); + @unlink($v_zip_temp_name); - // ----- Read/write the data block - if (($v_result = PclZipUtilCopyBlock($this->zip_fd, $v_temp_zip->zip_fd, $v_header_list[$i]['compressed_size'])) != 1) { - // ----- Close the zip file - $this->privCloseFd(); - $v_temp_zip->privCloseFd(); - @unlink($v_zip_temp_name); + // ----- Return + return $v_result; + } - // ----- Return - return $v_result; - } + // ----- Check that local file header is same as central file header + if ($this->privCheckFileHeaders($v_local_header, $v_header_list[$i]) != 1) { + // TBC } + unset($v_local_header); - // ----- Store the offset of the central dir - $v_offset = @ftell($v_temp_zip->zip_fd); + // ----- Write the file header + if (($v_result = $v_temp_zip->privWriteFileHeader($v_header_list[$i])) != 1) { + // ----- Close the zip file + $this->privCloseFd(); + $v_temp_zip->privCloseFd(); + @unlink($v_zip_temp_name); - // ----- Re-Create the Central Dir files header - for ($i=0; $iprivWriteCentralFileHeader($v_header_list[$i])) != 1) { - $v_temp_zip->privCloseFd(); - $this->privCloseFd(); - @unlink($v_zip_temp_name); + // ----- Return + return $v_result; + } - // ----- Return - return $v_result; - } + // ----- Read/write the data block + if (($v_result = PclZipUtilCopyBlock($this->zip_fd, $v_temp_zip->zip_fd, $v_header_list[$i]['compressed_size'])) != 1) { + // ----- Close the zip file + $this->privCloseFd(); + $v_temp_zip->privCloseFd(); + @unlink($v_zip_temp_name); - // ----- Transform the header to a 'usable' info - $v_temp_zip->privConvertHeader2FileInfo($v_header_list[$i], $p_result_list[$i]); + // ----- Return + return $v_result; } + } + // ----- Store the offset of the central dir + $v_offset = @ftell($v_temp_zip->zip_fd); - // ----- Zip file comment - $v_comment = ''; - if (isset($p_options[PCLZIP_OPT_COMMENT])) { - $v_comment = $p_options[PCLZIP_OPT_COMMENT]; + // ----- Re-Create the Central Dir files header + for ($i = 0; $i < sizeof($v_header_list); $i++) { + // ----- Create the file header + if (($v_result = $v_temp_zip->privWriteCentralFileHeader($v_header_list[$i])) != 1) { + $v_temp_zip->privCloseFd(); + $this->privCloseFd(); + @unlink($v_zip_temp_name); + + // ----- Return + return $v_result; } - // ----- Calculate the size of the central header - $v_size = @ftell($v_temp_zip->zip_fd)-$v_offset; + // ----- Transform the header to a 'usable' info + $v_temp_zip->privConvertHeader2FileInfo($v_header_list[$i], $p_result_list[$i]); + } - // ----- Create the central dir footer - if (($v_result = $v_temp_zip->privWriteCentralHeader(sizeof($v_header_list), $v_size, $v_offset, $v_comment)) != 1) { - // ----- Reset the file list - unset($v_header_list); - $v_temp_zip->privCloseFd(); - $this->privCloseFd(); - @unlink($v_zip_temp_name); + // ----- Zip file comment + $v_comment = ''; + if (isset($p_options[PCLZIP_OPT_COMMENT])) { + $v_comment = $p_options[PCLZIP_OPT_COMMENT]; + } - // ----- Return - return $v_result; - } + // ----- Calculate the size of the central header + $v_size = @ftell($v_temp_zip->zip_fd) - $v_offset; - // ----- Close + // ----- Create the central dir footer + if (($v_result = $v_temp_zip->privWriteCentralHeader(sizeof($v_header_list), $v_size, $v_offset, $v_comment)) != 1) { + // ----- Reset the file list + unset($v_header_list); $v_temp_zip->privCloseFd(); $this->privCloseFd(); + @unlink($v_zip_temp_name); - // ----- Delete the zip file - // TBC : I should test the result ... - @unlink($this->zipname); - - // ----- Rename the temporary file - // TBC : I should test the result ... - //@rename($v_zip_temp_name, $this->zipname); - PclZipUtilRename($v_zip_temp_name, $this->zipname); - - // ----- Destroy the temporary archive - unset($v_temp_zip); - } - - // ----- Remove every files : reset the file - else if ($v_central_dir['entries'] != 0) { - $this->privCloseFd(); + // ----- Return + return $v_result; + } - if (($v_result = $this->privOpenFd('wb')) != 1) { - return $v_result; - } + // ----- Close + $v_temp_zip->privCloseFd(); + $this->privCloseFd(); - if (($v_result = $this->privWriteCentralHeader(0, 0, 0, '')) != 1) { - return $v_result; - } + // ----- Delete the zip file + // TBC : I should test the result ... + @unlink($this->zipname); - $this->privCloseFd(); + // ----- Rename the temporary file + // TBC : I should test the result ... + //@rename($v_zip_temp_name, $this->zipname); + PclZipUtilRename($v_zip_temp_name, $this->zipname); + + // ----- Destroy the temporary archive + unset($v_temp_zip); + + // ----- Remove every files : reset the file + } elseif ($v_central_dir['entries'] != 0) { + $this->privCloseFd(); + + if (($v_result = $this->privOpenFd('wb')) != 1) { + return $v_result; + } + + if (($v_result = $this->privWriteCentralHeader(0, 0, 0, '')) != 1) { + return $v_result; + } + + $this->privCloseFd(); } // ----- Return @@ -4995,20 +4755,17 @@ function privDeleteByRule(&$p_result_list, &$p_options) // 1 : OK // -1 : Unable to create directory // -------------------------------------------------------------------------------- - function privDirCheck($p_dir, $p_is_dir=false) + public function privDirCheck($p_dir, $p_is_dir = false) { $v_result = 1; - // ----- Remove the final '/' - if (($p_is_dir) && (substr($p_dir, -1)=='/')) - { - $p_dir = substr($p_dir, 0, strlen($p_dir)-1); + if (($p_is_dir) && (substr($p_dir, -1) == '/')) { + $p_dir = substr($p_dir, 0, strlen($p_dir) - 1); } // ----- Check the directory availability - if ((is_dir($p_dir)) || ($p_dir == "")) - { + if ((is_dir($p_dir)) || ($p_dir == "")) { return 1; } @@ -5016,21 +4773,17 @@ function privDirCheck($p_dir, $p_is_dir=false) $p_parent_dir = dirname($p_dir); // ----- Just a check - if ($p_parent_dir != $p_dir) - { + if ($p_parent_dir != $p_dir) { // ----- Look for parent directory - if ($p_parent_dir != "") - { - if (($v_result = $this->privDirCheck($p_parent_dir)) != 1) - { + if ($p_parent_dir != "") { + if (($v_result = $this->privDirCheck($p_parent_dir)) != 1) { return $v_result; } } } // ----- Create the directory - if (!@mkdir($p_dir, 0777)) - { + if (!@mkdir($p_dir, 0777)) { // ----- Error log PclZip::privErrorLog(PCLZIP_ERR_DIR_CREATE_FAIL, "Unable to create directory '$p_dir'"); @@ -5050,13 +4803,12 @@ function privDirCheck($p_dir, $p_is_dir=false) // Parameters : // Return Values : // -------------------------------------------------------------------------------- - function privMerge(&$p_archive_to_add) + public function privMerge(&$p_archive_to_add) { - $v_result=1; + $v_result = 1; // ----- Look if the archive_to_add exists - if (!is_file($p_archive_to_add->zipname)) - { + if (!is_file($p_archive_to_add->zipname)) { // ----- Nothing to merge, so merge is a success $v_result = 1; @@ -5066,8 +4818,7 @@ function privMerge(&$p_archive_to_add) } // ----- Look if the archive exists - if (!is_file($this->zipname)) - { + if (!is_file($this->zipname)) { // ----- Do a duplicate $v_result = $this->privDuplicate($p_archive_to_add->zipname); @@ -5077,17 +4828,16 @@ function privMerge(&$p_archive_to_add) } // ----- Open the zip file - if (($v_result=$this->privOpenFd('rb')) != 1) - { + if (($v_result = $this->privOpenFd('rb')) != 1) { // ----- Return return $v_result; } // ----- Read the central directory informations $v_central_dir = array(); - if (($v_result = $this->privReadEndCentralDir($v_central_dir)) != 1) - { + if (($v_result = $this->privReadEndCentralDir($v_central_dir)) != 1) { $this->privCloseFd(); + return $v_result; } @@ -5095,8 +4845,7 @@ function privMerge(&$p_archive_to_add) @rewind($this->zip_fd); // ----- Open the archive_to_add file - if (($v_result=$p_archive_to_add->privOpenFd('rb')) != 1) - { + if (($v_result = $p_archive_to_add->privOpenFd('rb')) != 1) { $this->privCloseFd(); // ----- Return @@ -5105,8 +4854,7 @@ function privMerge(&$p_archive_to_add) // ----- Read the central directory informations $v_central_dir_to_add = array(); - if (($v_result = $p_archive_to_add->privReadEndCentralDir($v_central_dir_to_add)) != 1) - { + if (($v_result = $p_archive_to_add->privReadEndCentralDir($v_central_dir_to_add)) != 1) { $this->privCloseFd(); $p_archive_to_add->privCloseFd(); @@ -5117,15 +4865,14 @@ function privMerge(&$p_archive_to_add) @rewind($p_archive_to_add->zip_fd); // ----- Creates a temporay file - $v_zip_temp_name = PCLZIP_TEMPORARY_DIR.uniqid('pclzip-').'.tmp'; + $v_zip_temp_name = PCLZIP_TEMPORARY_DIR . uniqid('pclzip-') . '.tmp'; // ----- Open the temporary file in write mode - if (($v_zip_temp_fd = @fopen($v_zip_temp_name, 'wb')) == 0) - { + if (($v_zip_temp_fd = @fopen($v_zip_temp_name, 'wb')) == 0) { $this->privCloseFd(); $p_archive_to_add->privCloseFd(); - PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Unable to open temporary file \''.$v_zip_temp_name.'\' in binary write mode'); + PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Unable to open temporary file \'' . $v_zip_temp_name . '\' in binary write mode'); // ----- Return return PclZip::errorCode(); @@ -5134,20 +4881,18 @@ function privMerge(&$p_archive_to_add) // ----- Copy the files from the archive to the temporary file // TBC : Here I should better append the file and go back to erase the central dir $v_size = $v_central_dir['offset']; - while ($v_size != 0) - { + while ($v_size != 0) { $v_read_size = ($v_size < PCLZIP_READ_BLOCK_SIZE ? $v_size : PCLZIP_READ_BLOCK_SIZE); - $v_buffer = fread($this->zip_fd, $v_read_size); + $v_buffer = fread($this->zip_fd, $v_read_size); @fwrite($v_zip_temp_fd, $v_buffer, $v_read_size); $v_size -= $v_read_size; } // ----- Copy the files from the archive_to_add into the temporary file $v_size = $v_central_dir_to_add['offset']; - while ($v_size != 0) - { + while ($v_size != 0) { $v_read_size = ($v_size < PCLZIP_READ_BLOCK_SIZE ? $v_size : PCLZIP_READ_BLOCK_SIZE); - $v_buffer = fread($p_archive_to_add->zip_fd, $v_read_size); + $v_buffer = fread($p_archive_to_add->zip_fd, $v_read_size); @fwrite($v_zip_temp_fd, $v_buffer, $v_read_size); $v_size -= $v_read_size; } @@ -5157,40 +4902,37 @@ function privMerge(&$p_archive_to_add) // ----- Copy the block of file headers from the old archive $v_size = $v_central_dir['size']; - while ($v_size != 0) - { + while ($v_size != 0) { $v_read_size = ($v_size < PCLZIP_READ_BLOCK_SIZE ? $v_size : PCLZIP_READ_BLOCK_SIZE); - $v_buffer = @fread($this->zip_fd, $v_read_size); + $v_buffer = @fread($this->zip_fd, $v_read_size); @fwrite($v_zip_temp_fd, $v_buffer, $v_read_size); $v_size -= $v_read_size; } // ----- Copy the block of file headers from the archive_to_add $v_size = $v_central_dir_to_add['size']; - while ($v_size != 0) - { + while ($v_size != 0) { $v_read_size = ($v_size < PCLZIP_READ_BLOCK_SIZE ? $v_size : PCLZIP_READ_BLOCK_SIZE); - $v_buffer = @fread($p_archive_to_add->zip_fd, $v_read_size); + $v_buffer = @fread($p_archive_to_add->zip_fd, $v_read_size); @fwrite($v_zip_temp_fd, $v_buffer, $v_read_size); $v_size -= $v_read_size; } // ----- Merge the file comments - $v_comment = $v_central_dir['comment'].' '.$v_central_dir_to_add['comment']; + $v_comment = $v_central_dir['comment'] . ' ' . $v_central_dir_to_add['comment']; // ----- Calculate the size of the (new) central header - $v_size = @ftell($v_zip_temp_fd)-$v_offset; + $v_size = @ftell($v_zip_temp_fd) - $v_offset; // ----- Swap the file descriptor // Here is a trick : I swap the temporary fd with the zip fd, in order to use // the following methods on the temporary fil and not the real archive fd - $v_swap = $this->zip_fd; - $this->zip_fd = $v_zip_temp_fd; + $v_swap = $this->zip_fd; + $this->zip_fd = $v_zip_temp_fd; $v_zip_temp_fd = $v_swap; // ----- Create the central dir footer - if (($v_result = $this->privWriteCentralHeader($v_central_dir['entries']+$v_central_dir_to_add['entries'], $v_size, $v_offset, $v_comment)) != 1) - { + if (($v_result = $this->privWriteCentralHeader($v_central_dir['entries'] + $v_central_dir_to_add['entries'], $v_size, $v_offset, $v_comment)) != 1) { $this->privCloseFd(); $p_archive_to_add->privCloseFd(); @fclose($v_zip_temp_fd); @@ -5204,8 +4946,8 @@ function privMerge(&$p_archive_to_add) } // ----- Swap back the file descriptor - $v_swap = $this->zip_fd; - $this->zip_fd = $v_zip_temp_fd; + $v_swap = $this->zip_fd; + $this->zip_fd = $v_zip_temp_fd; $v_zip_temp_fd = $v_swap; // ----- Close @@ -5235,13 +4977,12 @@ function privMerge(&$p_archive_to_add) // Parameters : // Return Values : // -------------------------------------------------------------------------------- - function privDuplicate($p_archive_filename) + public function privDuplicate($p_archive_filename) { - $v_result=1; + $v_result = 1; // ----- Look if the $p_archive_filename exists - if (!is_file($p_archive_filename)) - { + if (!is_file($p_archive_filename)) { // ----- Nothing to duplicate, so duplicate is a success. $v_result = 1; @@ -5251,18 +4992,16 @@ function privDuplicate($p_archive_filename) } // ----- Open the zip file - if (($v_result=$this->privOpenFd('wb')) != 1) - { + if (($v_result = $this->privOpenFd('wb')) != 1) { // ----- Return return $v_result; } // ----- Open the temporary file in write mode - if (($v_zip_temp_fd = @fopen($p_archive_filename, 'rb')) == 0) - { + if (($v_zip_temp_fd = @fopen($p_archive_filename, 'rb')) == 0) { $this->privCloseFd(); - PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Unable to open archive file \''.$p_archive_filename.'\' in binary write mode'); + PclZip::privErrorLog(PCLZIP_ERR_READ_OPEN_FAIL, 'Unable to open archive file \'' . $p_archive_filename . '\' in binary write mode'); // ----- Return return PclZip::errorCode(); @@ -5271,10 +5010,9 @@ function privDuplicate($p_archive_filename) // ----- Copy the files from the archive to the temporary file // TBC : Here I should better append the file and go back to erase the central dir $v_size = filesize($p_archive_filename); - while ($v_size != 0) - { + while ($v_size != 0) { $v_read_size = ($v_size < PCLZIP_READ_BLOCK_SIZE ? $v_size : PCLZIP_READ_BLOCK_SIZE); - $v_buffer = fread($v_zip_temp_fd, $v_read_size); + $v_buffer = fread($v_zip_temp_fd, $v_read_size); @fwrite($this->zip_fd, $v_buffer, $v_read_size); $v_size -= $v_read_size; } @@ -5295,13 +5033,12 @@ function privDuplicate($p_archive_filename) // Description : // Parameters : // -------------------------------------------------------------------------------- - function privErrorLog($p_error_code=0, $p_error_string='') + public function privErrorLog($p_error_code = 0, $p_error_string = '') { if (PCLZIP_ERROR_EXTERNAL == 1) { PclError($p_error_code, $p_error_string); - } - else { - $this->error_code = $p_error_code; + } else { + $this->error_code = $p_error_code; $this->error_string = $p_error_string; } } @@ -5312,13 +5049,12 @@ function privErrorLog($p_error_code=0, $p_error_string='') // Description : // Parameters : // -------------------------------------------------------------------------------- - function privErrorReset() + public function privErrorReset() { if (PCLZIP_ERROR_EXTERNAL == 1) { PclErrorReset(); - } - else { - $this->error_code = 0; + } else { + $this->error_code = 0; $this->error_string = ''; } } @@ -5330,28 +5066,27 @@ function privErrorReset() // Parameters : // Return Values : // -------------------------------------------------------------------------------- - function privDisableMagicQuotes() + public function privDisableMagicQuotes() { - $v_result=1; + $v_result = 1; // ----- Look if function exists - if ( (!function_exists("get_magic_quotes_runtime")) - || (!function_exists("set_magic_quotes_runtime"))) { + if ((!function_exists("get_magic_quotes_runtime")) || (!function_exists("set_magic_quotes_runtime"))) { return $v_result; - } + } // ----- Look if already done if ($this->magic_quotes_status != -1) { return $v_result; - } + } - // ----- Get and memorize the magic_quote value - $this->magic_quotes_status = @get_magic_quotes_runtime(); + // ----- Get and memorize the magic_quote value + $this->magic_quotes_status = @get_magic_quotes_runtime(); - // ----- Disable magic_quotes - if ($this->magic_quotes_status == 1) { - @set_magic_quotes_runtime(0); - } + // ----- Disable magic_quotes + if ($this->magic_quotes_status == 1) { + @set_magic_quotes_runtime(0); + } // ----- Return return $v_result; @@ -5364,337 +5099,316 @@ function privDisableMagicQuotes() // Parameters : // Return Values : // -------------------------------------------------------------------------------- - function privSwapBackMagicQuotes() + public function privSwapBackMagicQuotes() { - $v_result=1; + $v_result = 1; // ----- Look if function exists - if ( (!function_exists("get_magic_quotes_runtime")) - || (!function_exists("set_magic_quotes_runtime"))) { + if ((!function_exists("get_magic_quotes_runtime")) || (!function_exists("set_magic_quotes_runtime"))) { return $v_result; - } + } // ----- Look if something to do if ($this->magic_quotes_status != -1) { return $v_result; - } + } - // ----- Swap back magic_quotes - if ($this->magic_quotes_status == 1) { - @set_magic_quotes_runtime($this->magic_quotes_status); - } + // ----- Swap back magic_quotes + if ($this->magic_quotes_status == 1) { + @set_magic_quotes_runtime($this->magic_quotes_status); + } // ----- Return return $v_result; } // -------------------------------------------------------------------------------- +} - } - // End of class - // -------------------------------------------------------------------------------- +// End of class +// -------------------------------------------------------------------------------- - // -------------------------------------------------------------------------------- - // Function : PclZipUtilPathReduction() - // Description : - // Parameters : - // Return Values : - // -------------------------------------------------------------------------------- - function PclZipUtilPathReduction($p_dir) - { - $v_result = ""; - - // ----- Look for not empty path - if ($p_dir != "") { - // ----- Explode path by directory names - $v_list = explode("/", $p_dir); - - // ----- Study directories from last to first - $v_skip = 0; - for ($i=sizeof($v_list)-1; $i>=0; $i--) { - // ----- Look for current path - if ($v_list[$i] == ".") { - // ----- Ignore this directory - // Should be the first $i=0, but no check is done - } - else if ($v_list[$i] == "..") { - $v_skip++; - } - else if ($v_list[$i] == "") { - // ----- First '/' i.e. root slash - if ($i == 0) { - $v_result = "/".$v_result; - if ($v_skip > 0) { - // ----- It is an invalid path, so the path is not modified - // TBC - $v_result = $p_dir; - $v_skip = 0; - } - } - // ----- Last '/' i.e. indicates a directory - else if ($i == (sizeof($v_list)-1)) { - $v_result = $v_list[$i]; - } - // ----- Double '/' inside the path - else { - // ----- Ignore only the double '//' in path, - // but not the first and last '/' - } - } - else { - // ----- Look for item to skip - if ($v_skip > 0) { - $v_skip--; - } - else { - $v_result = $v_list[$i].($i!=(sizeof($v_list)-1)?"/".$v_result:""); - } +// -------------------------------------------------------------------------------- +// Function : PclZipUtilPathReduction() +// Description : +// Parameters : +// Return Values : +// -------------------------------------------------------------------------------- +function PclZipUtilPathReduction($p_dir) +{ + $v_result = ""; + + // ----- Look for not empty path + if ($p_dir != "") { + // ----- Explode path by directory names + $v_list = explode("/", $p_dir); + + // ----- Study directories from last to first + $v_skip = 0; + for ($i = sizeof($v_list) - 1; $i >= 0; $i--) { + // ----- Look for current path + if ($v_list[$i] == ".") { + // ----- Ignore this directory + // Should be the first $i=0, but no check is done + } elseif ($v_list[$i] == "..") { + $v_skip++; + } elseif ($v_list[$i] == "") { + // ----- First '/' i.e. root slash + if ($i == 0) { + $v_result = "/" . $v_result; + if ($v_skip > 0) { + // ----- It is an invalid path, so the path is not modified + // TBC + $v_result = $p_dir; + $v_skip = 0; + } + + // ----- Last '/' i.e. indicates a directory + } elseif ($i == (sizeof($v_list) - 1)) { + $v_result = $v_list[$i]; + + // ----- Double '/' inside the path + } else { + // ----- Ignore only the double '//' in path, + // but not the first and last '/' } - } - - // ----- Look for skip - if ($v_skip > 0) { - while ($v_skip > 0) { - $v_result = '../'.$v_result; - $v_skip--; + } else { + // ----- Look for item to skip + if ($v_skip > 0) { + $v_skip--; + } else { + $v_result = $v_list[$i] . ($i != (sizeof($v_list) - 1) ? "/" . $v_result : ""); } } } - // ----- Return - return $v_result; + // ----- Look for skip + if ($v_skip > 0) { + while ($v_skip > 0) { + $v_result = '../' . $v_result; + $v_skip--; + } + } } - // -------------------------------------------------------------------------------- - // -------------------------------------------------------------------------------- - // Function : PclZipUtilPathInclusion() - // Description : - // This function indicates if the path $p_path is under the $p_dir tree. Or, - // said in an other way, if the file or sub-dir $p_path is inside the dir - // $p_dir. - // The function indicates also if the path is exactly the same as the dir. - // This function supports path with duplicated '/' like '//', but does not - // support '.' or '..' statements. - // Parameters : - // Return Values : - // 0 if $p_path is not inside directory $p_dir - // 1 if $p_path is inside directory $p_dir - // 2 if $p_path is exactly the same as $p_dir - // -------------------------------------------------------------------------------- - function PclZipUtilPathInclusion($p_dir, $p_path) - { - $v_result = 1; - - // ----- Look for path beginning by ./ - if ( ($p_dir == '.') - || ((strlen($p_dir) >=2) && (substr($p_dir, 0, 2) == './'))) { - $p_dir = PclZipUtilTranslateWinPath(getcwd(), FALSE).'/'.substr($p_dir, 1); - } - if ( ($p_path == '.') - || ((strlen($p_path) >=2) && (substr($p_path, 0, 2) == './'))) { - $p_path = PclZipUtilTranslateWinPath(getcwd(), FALSE).'/'.substr($p_path, 1); - } + // ----- Return + return $v_result; +} +// -------------------------------------------------------------------------------- - // ----- Explode dir and path by directory separator - $v_list_dir = explode("/", $p_dir); - $v_list_dir_size = sizeof($v_list_dir); - $v_list_path = explode("/", $p_path); - $v_list_path_size = sizeof($v_list_path); +// -------------------------------------------------------------------------------- +// Function : PclZipUtilPathInclusion() +// Description : +// This function indicates if the path $p_path is under the $p_dir tree. Or, +// said in an other way, if the file or sub-dir $p_path is inside the dir +// $p_dir. +// The function indicates also if the path is exactly the same as the dir. +// This function supports path with duplicated '/' like '//', but does not +// support '.' or '..' statements. +// Parameters : +// Return Values : +// 0 if $p_path is not inside directory $p_dir +// 1 if $p_path is inside directory $p_dir +// 2 if $p_path is exactly the same as $p_dir +// -------------------------------------------------------------------------------- +function PclZipUtilPathInclusion($p_dir, $p_path) +{ + $v_result = 1; - // ----- Study directories paths - $i = 0; - $j = 0; - while (($i < $v_list_dir_size) && ($j < $v_list_path_size) && ($v_result)) { + // ----- Look for path beginning by ./ + if (($p_dir == '.') || ((strlen($p_dir) >= 2) && (substr($p_dir, 0, 2) == './'))) { + $p_dir = PclZipUtilTranslateWinPath(getcwd(), false) . '/' . substr($p_dir, 1); + } + if (($p_path == '.') || ((strlen($p_path) >= 2) && (substr($p_path, 0, 2) == './'))) { + $p_path = PclZipUtilTranslateWinPath(getcwd(), false) . '/' . substr($p_path, 1); + } - // ----- Look for empty dir (path reduction) - if ($v_list_dir[$i] == '') { - $i++; - continue; - } - if ($v_list_path[$j] == '') { - $j++; - continue; - } + // ----- Explode dir and path by directory separator + $v_list_dir = explode("/", $p_dir); + $v_list_dir_size = sizeof($v_list_dir); + $v_list_path = explode("/", $p_path); + $v_list_path_size = sizeof($v_list_path); - // ----- Compare the items - if (($v_list_dir[$i] != $v_list_path[$j]) && ($v_list_dir[$i] != '') && ( $v_list_path[$j] != '')) { - $v_result = 0; - } + // ----- Study directories paths + $i = 0; + $j = 0; + while (($i < $v_list_dir_size) && ($j < $v_list_path_size) && ($v_result)) { - // ----- Next items + // ----- Look for empty dir (path reduction) + if ($v_list_dir[$i] == '') { $i++; + continue; + } + if ($v_list_path[$j] == '') { $j++; + continue; } - // ----- Look if everything seems to be the same - if ($v_result) { - // ----- Skip all the empty items - while (($j < $v_list_path_size) && ($v_list_path[$j] == '')) $j++; - while (($i < $v_list_dir_size) && ($v_list_dir[$i] == '')) $i++; - - if (($i >= $v_list_dir_size) && ($j >= $v_list_path_size)) { - // ----- There are exactly the same - $v_result = 2; - } - else if ($i < $v_list_dir_size) { - // ----- The path is shorter than the dir - $v_result = 0; - } + // ----- Compare the items + if (($v_list_dir[$i] != $v_list_path[$j]) && ($v_list_dir[$i] != '') && ($v_list_path[$j] != '')) { + $v_result = 0; } - // ----- Return - return $v_result; + // ----- Next items + $i++; + $j++; } - // -------------------------------------------------------------------------------- - - // -------------------------------------------------------------------------------- - // Function : PclZipUtilCopyBlock() - // Description : - // Parameters : - // $p_mode : read/write compression mode - // 0 : src & dest normal - // 1 : src gzip, dest normal - // 2 : src normal, dest gzip - // 3 : src & dest gzip - // Return Values : - // -------------------------------------------------------------------------------- - function PclZipUtilCopyBlock($p_src, $p_dest, $p_size, $p_mode=0) - { - $v_result = 1; - if ($p_mode==0) - { - while ($p_size != 0) - { - $v_read_size = ($p_size < PCLZIP_READ_BLOCK_SIZE ? $p_size : PCLZIP_READ_BLOCK_SIZE); - $v_buffer = @fread($p_src, $v_read_size); - @fwrite($p_dest, $v_buffer, $v_read_size); - $p_size -= $v_read_size; - } - } - else if ($p_mode==1) - { - while ($p_size != 0) - { - $v_read_size = ($p_size < PCLZIP_READ_BLOCK_SIZE ? $p_size : PCLZIP_READ_BLOCK_SIZE); - $v_buffer = @gzread($p_src, $v_read_size); - @fwrite($p_dest, $v_buffer, $v_read_size); - $p_size -= $v_read_size; - } + // ----- Look if everything seems to be the same + if ($v_result) { + // ----- Skip all the empty items + while (($j < $v_list_path_size) && ($v_list_path[$j] == '')) { + $j++; } - else if ($p_mode==2) - { - while ($p_size != 0) - { - $v_read_size = ($p_size < PCLZIP_READ_BLOCK_SIZE ? $p_size : PCLZIP_READ_BLOCK_SIZE); - $v_buffer = @fread($p_src, $v_read_size); - @gzwrite($p_dest, $v_buffer, $v_read_size); - $p_size -= $v_read_size; - } + while (($i < $v_list_dir_size) && ($v_list_dir[$i] == '')) { + $i++; } - else if ($p_mode==3) - { - while ($p_size != 0) - { - $v_read_size = ($p_size < PCLZIP_READ_BLOCK_SIZE ? $p_size : PCLZIP_READ_BLOCK_SIZE); - $v_buffer = @gzread($p_src, $v_read_size); - @gzwrite($p_dest, $v_buffer, $v_read_size); - $p_size -= $v_read_size; - } + + if (($i >= $v_list_dir_size) && ($j >= $v_list_path_size)) { + // ----- There are exactly the same + $v_result = 2; + } elseif ($i < $v_list_dir_size) { + // ----- The path is shorter than the dir + $v_result = 0; } + } - // ----- Return - return $v_result; + // ----- Return + return $v_result; +} +// -------------------------------------------------------------------------------- + +// -------------------------------------------------------------------------------- +// Function : PclZipUtilCopyBlock() +// Description : +// Parameters : +// $p_mode : read/write compression mode +// 0 : src & dest normal +// 1 : src gzip, dest normal +// 2 : src normal, dest gzip +// 3 : src & dest gzip +// Return Values : +// -------------------------------------------------------------------------------- +function PclZipUtilCopyBlock($p_src, $p_dest, $p_size, $p_mode = 0) +{ + $v_result = 1; + + if ($p_mode == 0) { + while ($p_size != 0) { + $v_read_size = ($p_size < PCLZIP_READ_BLOCK_SIZE ? $p_size : PCLZIP_READ_BLOCK_SIZE); + $v_buffer = @fread($p_src, $v_read_size); + @fwrite($p_dest, $v_buffer, $v_read_size); + $p_size -= $v_read_size; + } + } elseif ($p_mode == 1) { + while ($p_size != 0) { + $v_read_size = ($p_size < PCLZIP_READ_BLOCK_SIZE ? $p_size : PCLZIP_READ_BLOCK_SIZE); + $v_buffer = @gzread($p_src, $v_read_size); + @fwrite($p_dest, $v_buffer, $v_read_size); + $p_size -= $v_read_size; + } + } elseif ($p_mode == 2) { + while ($p_size != 0) { + $v_read_size = ($p_size < PCLZIP_READ_BLOCK_SIZE ? $p_size : PCLZIP_READ_BLOCK_SIZE); + $v_buffer = @fread($p_src, $v_read_size); + @gzwrite($p_dest, $v_buffer, $v_read_size); + $p_size -= $v_read_size; + } + } elseif ($p_mode == 3) { + while ($p_size != 0) { + $v_read_size = ($p_size < PCLZIP_READ_BLOCK_SIZE ? $p_size : PCLZIP_READ_BLOCK_SIZE); + $v_buffer = @gzread($p_src, $v_read_size); + @gzwrite($p_dest, $v_buffer, $v_read_size); + $p_size -= $v_read_size; + } } - // -------------------------------------------------------------------------------- - // -------------------------------------------------------------------------------- - // Function : PclZipUtilRename() - // Description : - // This function tries to do a simple rename() function. If it fails, it - // tries to copy the $p_src file in a new $p_dest file and then unlink the - // first one. - // Parameters : - // $p_src : Old filename - // $p_dest : New filename - // Return Values : - // 1 on success, 0 on failure. - // -------------------------------------------------------------------------------- - function PclZipUtilRename($p_src, $p_dest) - { - $v_result = 1; + // ----- Return + return $v_result; +} +// -------------------------------------------------------------------------------- + +// -------------------------------------------------------------------------------- +// Function : PclZipUtilRename() +// Description : +// This function tries to do a simple rename() function. If it fails, it +// tries to copy the $p_src file in a new $p_dest file and then unlink the +// first one. +// Parameters : +// $p_src : Old filename +// $p_dest : New filename +// Return Values : +// 1 on success, 0 on failure. +// -------------------------------------------------------------------------------- +function PclZipUtilRename($p_src, $p_dest) +{ + $v_result = 1; - // ----- Try to rename the files - if (!@rename($p_src, $p_dest)) { + // ----- Try to rename the files + if (!@rename($p_src, $p_dest)) { - // ----- Try to copy & unlink the src - if (!@copy($p_src, $p_dest)) { - $v_result = 0; - } - else if (!@unlink($p_src)) { - $v_result = 0; - } + // ----- Try to copy & unlink the src + if (!@copy($p_src, $p_dest)) { + $v_result = 0; + } elseif (!@unlink($p_src)) { + $v_result = 0; } - - // ----- Return - return $v_result; } - // -------------------------------------------------------------------------------- - // -------------------------------------------------------------------------------- - // Function : PclZipUtilOptionText() - // Description : - // Translate option value in text. Mainly for debug purpose. - // Parameters : - // $p_option : the option value. - // Return Values : - // The option text value. - // -------------------------------------------------------------------------------- - function PclZipUtilOptionText($p_option) - { - - $v_list = get_defined_constants(); - for (reset($v_list); $v_key = key($v_list); next($v_list)) { - $v_prefix = substr($v_key, 0, 10); - if (( ($v_prefix == 'PCLZIP_OPT') - || ($v_prefix == 'PCLZIP_CB_') - || ($v_prefix == 'PCLZIP_ATT')) - && ($v_list[$v_key] == $p_option)) { - return $v_key; - } - } - - $v_result = 'Unknown'; + // ----- Return + return $v_result; +} +// -------------------------------------------------------------------------------- - return $v_result; - } - // -------------------------------------------------------------------------------- +// -------------------------------------------------------------------------------- +// Function : PclZipUtilOptionText() +// Description : +// Translate option value in text. Mainly for debug purpose. +// Parameters : +// $p_option : the option value. +// Return Values : +// The option text value. +// -------------------------------------------------------------------------------- +function PclZipUtilOptionText($p_option) +{ - // -------------------------------------------------------------------------------- - // Function : PclZipUtilTranslateWinPath() - // Description : - // Translate windows path by replacing '\' by '/' and optionally removing - // drive letter. - // Parameters : - // $p_path : path to translate. - // $p_remove_disk_letter : true | false - // Return Values : - // The path translated. - // -------------------------------------------------------------------------------- - function PclZipUtilTranslateWinPath($p_path, $p_remove_disk_letter=true) - { - if (stristr(php_uname(), 'windows')) { - // ----- Look for potential disk letter - if (($p_remove_disk_letter) && (($v_position = strpos($p_path, ':')) != false)) { - $p_path = substr($p_path, $v_position+1); - } - // ----- Change potential windows directory separator - if ((strpos($p_path, '\\') > 0) || (substr($p_path, 0,1) == '\\')) { - $p_path = strtr($p_path, '\\', '/'); - } + $v_list = get_defined_constants(); + for (reset($v_list); $v_key = key($v_list); next($v_list)) { + $v_prefix = substr($v_key, 0, 10); + if ((($v_prefix == 'PCLZIP_OPT') || ($v_prefix == 'PCLZIP_CB_') || ($v_prefix == 'PCLZIP_ATT')) && ($v_list[$v_key] == $p_option)) { + return $v_key; } - return $p_path; } - // -------------------------------------------------------------------------------- + $v_result = 'Unknown'; + + return $v_result; +} +// -------------------------------------------------------------------------------- + +// -------------------------------------------------------------------------------- +// Function : PclZipUtilTranslateWinPath() +// Description : +// Translate windows path by replacing '\' by '/' and optionally removing +// drive letter. +// Parameters : +// $p_path : path to translate. +// $p_remove_disk_letter : true | false +// Return Values : +// The path translated. +// -------------------------------------------------------------------------------- +function PclZipUtilTranslateWinPath($p_path, $p_remove_disk_letter = true) +{ + if (stristr(PHP_OS, 'windows')) { + // ----- Look for potential disk letter + if (($p_remove_disk_letter) && (($v_position = strpos($p_path, ':')) != false)) { + $p_path = substr($p_path, $v_position + 1); + } + // ----- Change potential windows directory separator + if ((strpos($p_path, '\\') > 0) || (substr($p_path, 0, 1) == '\\')) { + $p_path = strtr($p_path, '\\', '/'); + } + } -?> + return $p_path; +} +// -------------------------------------------------------------------------------- \ No newline at end of file diff --git a/wbce/include/pclzip/readme.txt b/wbce/include/pclzip/readme.txt index d1b11e258..6ed883947 100644 --- a/wbce/include/pclzip/readme.txt +++ b/wbce/include/pclzip/readme.txt @@ -1,421 +1,421 @@ -// -------------------------------------------------------------------------------- -// PclZip 2.8.2 - readme.txt -// -------------------------------------------------------------------------------- -// License GNU/LGPL - August 2009 -// Vincent Blavet - vincent@phpconcept.net -// http://www.phpconcept.net -// -------------------------------------------------------------------------------- -// $Id: readme.txt,v 1.60 2009/09/30 20:35:21 vblavet Exp $ -// -------------------------------------------------------------------------------- - - - -0 - Sommaire -============ - 1 - Introduction - 2 - What's new - 3 - Corrected bugs - 4 - Known bugs or limitations - 5 - License - 6 - Warning - 7 - Documentation - 8 - Author - 9 - Contribute - -1 - Introduction -================ - - PclZip is a library that allow you to manage a Zip archive. - - Full documentation about PclZip can be found here : http://www.phpconcept.net/pclzip - -2 - What's new -============== - - Version 2.8.2 : - - PCLZIP_CB_PRE_EXTRACT and PCLZIP_CB_POST_EXTRACT are now supported with - extraction as a string (PCLZIP_OPT_EXTRACT_AS_STRING). The string - can also be modified in the post-extract call back. - **Bugs correction : - - PCLZIP_OPT_REMOVE_ALL_PATH was not working correctly - - Remove use of eval() and do direct call to callback functions - - Correct support of 64bits systems (Thanks to WordPress team) - - Version 2.8.1 : - - Move option PCLZIP_OPT_BY_EREG to PCLZIP_OPT_BY_PREG because ereg() is - deprecated in PHP 5.3. When using option PCLZIP_OPT_BY_EREG, PclZip will - automatically replace it by PCLZIP_OPT_BY_PREG. - - Version 2.8 : - - Improve extraction of zip archive for large files by using temporary files - This feature is working like the one defined in r2.7. - Options are renamed : PCLZIP_OPT_TEMP_FILE_ON, PCLZIP_OPT_TEMP_FILE_OFF, - PCLZIP_OPT_TEMP_FILE_THRESHOLD - - Add a ratio constant PCLZIP_TEMPORARY_FILE_RATIO to configure the auto - sense of temporary file use. - - Bug correction : Reduce filepath in returned file list to remove ennoying - './/' preambule in file path. - - Version 2.7 : - - Improve creation of zip archive for large files : - PclZip will now autosense the configured memory and use temporary files - when large file is suspected. - This feature can also ne triggered by manual options in create() and add() - methods. 'PCLZIP_OPT_ADD_TEMP_FILE_ON' force the use of temporary files, - 'PCLZIP_OPT_ADD_TEMP_FILE_OFF' disable the autosense technic, - 'PCLZIP_OPT_ADD_TEMP_FILE_THRESHOLD' allow for configuration of a size - threshold to use temporary files. - Using "temporary files" rather than "memory" might take more time, but - might give the ability to zip very large files : - Tested on my win laptop with a 88Mo file : - Zip "in-memory" : 18sec (max_execution_time=30, memory_limit=180Mo) - Zip "tmporary-files" : 23sec (max_execution_time=30, memory_limit=30Mo) - - Replace use of mktime() by time() to limit the E_STRICT error messages. - - Bug correction : When adding files with full windows path (drive letter) - PclZip is now working. Before, if the drive letter is not the default - path, PclZip was not able to add the file. - - Version 2.6 : - - Code optimisation - - New attributes PCLZIP_ATT_FILE_COMMENT gives the ability to - add a comment for a specific file. (Don't really know if this is usefull) - - New attribute PCLZIP_ATT_FILE_CONTENT gives the ability to add a string - as a file. - - New attribute PCLZIP_ATT_FILE_MTIME modify the timestamp associated with - a file. - - Correct a bug. Files archived with a timestamp with 0h0m0s were extracted - with current time - - Add CRC value in the informations returned back for each file after an - action. - - Add missing closedir() statement. - - When adding a folder, and removing the path of this folder, files were - incorrectly added with a '/' at the beginning. Which means files are - related to root in unix systems. Corrected. - - Add conditional if before constant definition. This will allow users - to redefine constants without changing the file, and then improve - upgrade of pclzip code for new versions. - - Version 2.5 : - - Introduce the ability to add file/folder with individual properties (file descriptor). - This gives for example the ability to change the filename of a zipped file. - . Able to add files individually - . Able to change full name - . Able to change short name - . Compatible with global options - - New attributes : PCLZIP_ATT_FILE_NAME, PCLZIP_ATT_FILE_NEW_SHORT_NAME, PCLZIP_ATT_FILE_NEW_FULL_NAME - - New error code : PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE - - Add a security control feature. PclZip can extract any file in any folder - of a system. People may use this to upload a zip file and try to override - a system file. The PCLZIP_OPT_EXTRACT_DIR_RESTRICTION will give the - ability to forgive any directory transversal behavior. - - New PCLZIP_OPT_EXTRACT_DIR_RESTRICTION : check extraction path - - New error code : PCLZIP_ERR_DIRECTORY_RESTRICTION - - Modification in PclZipUtilPathInclusion() : dir and path beginning with ./ will be prepend - by current path (getcwd()) - - Version 2.4 : - - Code improvment : try to speed up the code by removing unusefull call to pack() - - Correct bug in delete() : delete() should be called with no argument. This was not - the case in 2.3. This is corrected in 2.4. - - Correct a bug in path_inclusion function. When the path has several '../../', the - result was bad. - - Add a check for magic_quotes_runtime configuration. If enabled, PclZip will - disable it while working and det it back to its original value. - This resolve a lots of bad formated archive errors. - - Bug correction : PclZip now correctly unzip file in some specific situation, - when compressed content has same size as uncompressed content. - - Bug correction : When selecting option 'PCLZIP_OPT_REMOVE_ALL_PATH', - directories are not any more created. - - Code improvment : correct unclosed opendir(), better handling of . and .. in - loops. - - - Version 2.3 : - - Correct a bug with PHP5 : affecting the value 0xFE49FFE0 to a variable does not - give the same result in PHP4 and PHP5 .... - - Version 2.2 : - - Try development of PCLZIP_OPT_CRYPT ..... - However this becomes to a stop. To crypt/decrypt I need to multiply 2 long integers, - the result (greater than a long) is not supported by PHP. Even the use of bcmath - functions does not help. I did not find yet a solution ...; - - Add missing '/' at end of directory entries - - Check is a file is encrypted or not. Returns status 'unsupported_encryption' and/or - error code PCLZIP_ERR_UNSUPPORTED_ENCRYPTION. - - Corrected : Bad "version need to extract" field in local file header - - Add private method privCheckFileHeaders() in order to check local and central - file headers. PclZip is now supporting purpose bit flag bit 3. Purpose bit flag bit 3 gives - the ability to have a local file header without size, compressed size and crc filled. - - Add a generic status 'error' for file status - - Add control of compression type. PclZip only support deflate compression method. - Before v2.2, PclZip does not check the compression method used in an archive while - extracting. With v2.2 PclZip returns a new error status for a file using an unsupported - compression method. New status is "unsupported_compression". New error code is - PCLZIP_ERR_UNSUPPORTED_COMPRESSION. - - Add optional attribute PCLZIP_OPT_STOP_ON_ERROR. This will stop the extract of files - when errors like 'a folder with same name exists' or 'a newer file exists' or - 'a write protected file' exists, rather than set a status for the concerning file - and resume the extract of the zip. - - Add optional attribute PCLZIP_OPT_REPLACE_NEWER. This will force, during an extract' the - replacement of the file, even if a newer version of the file exists. - Note that today if a file with the same name already exists but is older it will be - replaced by the extracted one. - - Improve PclZipUtilOption() - - Support of zip archive with trailing bytes. Before 2.2, PclZip checks that the central - directory structure is the last data in the archive. Crypt encryption/decryption of - zip archive put trailing 0 bytes after decryption. PclZip is now supporting this. - - Version 2.1 : - - Add the ability to abort the extraction by using a user callback function. - The user can now return the value '2' in its callback which indicates to stop the - extraction. For a pre call-back extract is stopped before the extration of the current - file. For a post call back, the extraction is stopped after. - - Add the ability to extract a file (or several files) directly in the standard output. - This is done by the new parameter PCLZIP_OPT_EXTRACT_IN_OUTPUT with method extract(). - - Add support for parameters PCLZIP_OPT_COMMENT, PCLZIP_OPT_ADD_COMMENT, - PCLZIP_OPT_PREPEND_COMMENT. This will create, replace, add, or prepend comments - in the zip archive. - - When merging two archives, the comments are not any more lost, but merged, with a - blank space separator. - - Corrected bug : Files are not deleted when all files are asked to be deleted. - - Corrected bug : Folders with name '0' made PclZip to abort the create or add feature. - - - Version 2.0 : - ***** Warning : Some new features may break the backward compatibility for your scripts. - Please carefully read the readme file. - - Add the ability to delete by Index, name and regular expression. This feature is - performed by the method delete(), which uses the optional parameters - PCLZIP_OPT_BY_INDEX, PCLZIP_OPT_BY_NAME, PCLZIP_OPT_BY_EREG or PCLZIP_OPT_BY_PREG. - - Add the ability to extract by regular expression. To extract by regexp you must use the method - extract(), with the option PCLZIP_OPT_BY_EREG or PCLZIP_OPT_BY_PREG - (depending if you want to use ereg() or preg_match() syntax) followed by the - regular expression pattern. - - Add the ability to extract by index, directly with the extract() method. This is a - code improvment of the extractByIndex() method. - - Add the ability to extract by name. To extract by name you must use the method - extract(), with the option PCLZIP_OPT_BY_NAME followed by the filename to - extract or an array of filenames to extract. To extract all a folder, use the folder - name rather than the filename with a '/' at the end. - - Add the ability to add files without compression. This is done with a new attribute - which is PCLZIP_OPT_NO_COMPRESSION. - - Add the attribute PCLZIP_OPT_EXTRACT_AS_STRING, which allow to extract a file directly - in a string without using any file (or temporary file). - - Add constant PCLZIP_SEPARATOR for static configuration of filename separators in a single string. - The default separator is now a comma (,) and not any more a blank space. - THIS BREAK THE BACKWARD COMPATIBILITY : Please check if this may have an impact with - your script. - - Improve algorythm performance by removing the use of temporary files when adding or - extracting files in an archive. - - Add (correct) detection of empty filename zipping. This can occurs when the removed - path is the same - as a zipped dir. The dir is not zipped (['status'] = filtered), only its content. - - Add better support for windows paths (thanks for help from manus@manusfreedom.com). - - Corrected bug : When the archive file already exists with size=0, the add() method - fails. Corrected in 2.0. - - Remove the use of OS_WINDOWS constant. Use php_uname() function rather. - - Control the order of index ranges in extract by index feature. - - Change the internal management of folders (better handling of internal flag). - - - Version 1.3 : - - Removing the double include check. This is now done by include_once() and require_once() - PHP directives. - - Changing the error handling mecanism : Remove the use of an external error library. - The former PclError...() functions are replaced by internal equivalent methods. - By changing the environment variable PCLZIP_ERROR_EXTERNAL you can still use the former library. - Introducing the use of constants for error codes rather than integer values. This will help - in futur improvment. - Introduction of error handling functions like errorCode(), errorName() and errorInfo(). - - Remove the deprecated use of calling function with arguments passed by reference. - - Add the calling of extract(), extractByIndex(), create() and add() functions - with variable options rather than fixed arguments. - - Add the ability to remove all the file path while extracting or adding, - without any need to specify the path to remove. - This is available for extract(), extractByIndex(), create() and add() functionS by using - the new variable options parameters : - - PCLZIP_OPT_REMOVE_ALL_PATH : by indicating this option while calling the fct. - - Ability to change the mode of a file after the extraction (chmod()). - This is available for extract() and extractByIndex() functionS by using - the new variable options parameters. - - PCLZIP_OPT_SET_CHMOD : by setting the value of this option. - - Ability to definition call-back options. These call-back will be called during the adding, - or the extracting of file (extract(), extractByIndex(), create() and add() functions) : - - PCLZIP_CB_PRE_EXTRACT : will be called before each extraction of a file. The user - can trigerred the change the filename of the extracted file. The user can triggered the - skip of the extraction. This is adding a 'skipped' status in the file list result value. - - PCLZIP_CB_POST_EXTRACT : will be called after each extraction of a file. - Nothing can be triggered from that point. - - PCLZIP_CB_PRE_ADD : will be called before each add of a file. The user - can trigerred the change the stored filename of the added file. The user can triggered the - skip of the add. This is adding a 'skipped' status in the file list result value. - - PCLZIP_CB_POST_ADD : will be called after each add of a file. - Nothing can be triggered from that point. - - Two status are added in the file list returned as function result : skipped & filename_too_long - 'skipped' is used when a call-back function ask for skipping the file. - 'filename_too_long' is used while adding a file with a too long filename to archive (the file is - not added) - - Adding the function PclZipUtilPathInclusion(), that check the inclusion of a path into - a directory. - - Add a check of the presence of the archive file before some actions (like list, ...) - - Add the initialisation of field "index" in header array. This means that by - default index will be -1 when not explicitly set by the methods. - - Version 1.2 : - - Adding a duplicate function. - - Adding a merge function. The merge function is a "quick merge" function, - it just append the content of an archive at the end of the first one. There - is no check for duplicate files or more recent files. - - Improve the search of the central directory end. - - Version 1.1.2 : - - - Changing the license of PclZip. PclZip is now released under the GNU / LGPL license - (see License section). - - Adding the optional support of a static temporary directory. You will need to configure - the constant PCLZIP_TEMPORARY_DIR if you want to use this feature. - - Improving the rename() function. In some cases rename() does not work (different - Filesystems), so it will be replaced by a copy() + unlink() functions. - - Version 1.1.1 : - - - Maintenance release, no new feature. - - Version 1.1 : - - - New method Add() : adding files in the archive - - New method ExtractByIndex() : partial extract of the archive, files are identified by - their index in the archive - - New method DeleteByIndex() : delete some files/folder entries from the archive, - files are identified by their index in the archive. - - Adding a test of the zlib extension presence. If not present abort the script. - - Version 1.0.1 : - - - No new feature - - -3 - Corrected bugs -================== - - Corrected in Version 2.0 : - - Corrected : During an extraction, if a call-back fucntion is used and try to skip - a file, all the extraction process is stopped. - - Corrected in Version 1.3 : - - Corrected : Support of static synopsis for method extract() is broken. - - Corrected : invalid size of archive content field (0xFF) should be (0xFFFF). - - Corrected : When an extract is done with a remove_path parameter, the entry for - the directory with exactly the same path is not skipped/filtered. - - Corrected : extractByIndex() and deleteByIndex() were not managing index in the - right way. For example indexes '1,3-5,11' will only extract files 1 and 11. This - is due to a sort of the index resulting table that puts 11 before 3-5 (sort on - string and not interger). The sort is temporarilly removed, this means that - you must provide a sorted list of index ranges. - - Corrected in Version 1.2 : - - - Nothing. - - Corrected in Version 1.1.2 : - - - Corrected : Winzip is unable to delete or add new files in a PclZip created archives. - - Corrected in Version 1.1.1 : - - - Corrected : When archived file is not compressed (0% compression), the - extract method fails. - - Corrected in Version 1.1 : - - - Corrected : Adding a complete tree of folder may result in a bad archive - creation. - - Corrected in Version 1.0.1 : - - - Corrected : Error while compressing files greater than PCLZIP_READ_BLOCK_SIZE (default=1024). - - -4 - Known bugs or limitations -============================= - - Please publish bugs reports in SourceForge : - http://sourceforge.net/tracker/?group_id=40254&atid=427564 - - In Version 2.x : - - PclZip does only support file uncompressed or compressed with deflate (compression method 8) - - PclZip does not support password protected zip archive - - Some concern were seen when changing mtime of a file while archiving. - Seems to be linked to Daylight Saving Time (PclTest_changing_mtime). - - In Version 1.2 : - - - merge() methods does not check for duplicate files or last date of modifications. - - In Version 1.1 : - - - Limitation : Using 'extract' fields in the file header in the zip archive is not supported. - - WinZip is unable to delete a single file in a PclZip created archive. It is also unable to - add a file in a PclZip created archive. (Corrected in v.1.2) - - In Version 1.0.1 : - - - Adding a complete tree of folder may result in a bad archive - creation. (Corrected in V.1.1). - - Path given to methods must be in the unix format (/) and not the Windows format (\). - Workaround : Use only / directory separators. - - PclZip is using temporary files that are sometime the name of the file with a .tmp or .gz - added suffix. Files with these names may already exist and may be overwritten. - Workaround : none. - - PclZip does not check if the zlib extension is present. If it is absent, the zip - file is not created and the lib abort without warning. - Workaround : enable the zlib extension on the php install - - In Version 1.0 : - - - Error while compressing files greater than PCLZIP_READ_BLOCK_SIZE (default=1024). - (Corrected in v.1.0.1) - - Limitation : Multi-disk zip archive are not supported. - - -5 - License -=========== - - Since version 1.1.2, PclZip Library is released under GNU/LGPL license. - This library is free, so you can use it at no cost. - - HOWEVER, if you release a script, an application, a library or any kind of - code using PclZip library (or a part of it), YOU MUST : - - Indicate in the documentation (or a readme file), that your work - uses PclZip Library, and make a reference to the author and the web site - http://www.phpconcept.net - - Gives the ability to the final user to update the PclZip libary. - - I will also appreciate that you send me a mail (vincent@phpconcept.net), just to - be aware that someone is using PclZip. - - For more information about GNU/LGPL license : http://www.gnu.org - -6 - Warning -================= - - This library and the associated files are non commercial, non professional work. - It should not have unexpected results. However if any damage is caused by this software - the author can not be responsible. - The use of this software is at the risk of the user. - -7 - Documentation -================= - PclZip User Manuel is available in English on PhpConcept : http://www.phpconcept.net/pclzip/man/en/index.php - A Russian translation was done by Feskov Kuzma : http://php.russofile.ru/ru/authors/unsort/zip/ - -8 - Author -========== - - This software was written by Vincent Blavet (vincent@phpconcept.net) on its leasure time. - -9 - Contribute -============== - If you want to contribute to the development of PclZip, please contact vincent@phpconcept.net. - If you can help in financing PhpConcept hosting service, please go to - http://www.phpconcept.net/soutien.php +// -------------------------------------------------------------------------------- +// PclZip 2.8.2 - readme.txt +// -------------------------------------------------------------------------------- +// License GNU/LGPL - August 2009 +// Vincent Blavet - vincent@phpconcept.net +// http://www.phpconcept.net +// -------------------------------------------------------------------------------- +// $Id: readme.txt,v 1.60 2009/09/30 20:35:21 vblavet Exp $ +// -------------------------------------------------------------------------------- + + + +0 - Sommaire +============ + 1 - Introduction + 2 - What's new + 3 - Corrected bugs + 4 - Known bugs or limitations + 5 - License + 6 - Warning + 7 - Documentation + 8 - Author + 9 - Contribute + +1 - Introduction +================ + + PclZip is a library that allow you to manage a Zip archive. + + Full documentation about PclZip can be found here : http://www.phpconcept.net/pclzip + +2 - What's new +============== + + Version 2.8.2 : + - PCLZIP_CB_PRE_EXTRACT and PCLZIP_CB_POST_EXTRACT are now supported with + extraction as a string (PCLZIP_OPT_EXTRACT_AS_STRING). The string + can also be modified in the post-extract call back. + **Bugs correction : + - PCLZIP_OPT_REMOVE_ALL_PATH was not working correctly + - Remove use of eval() and do direct call to callback functions + - Correct support of 64bits systems (Thanks to WordPress team) + + Version 2.8.1 : + - Move option PCLZIP_OPT_BY_EREG to PCLZIP_OPT_BY_PREG because ereg() is + deprecated in PHP 5.3. When using option PCLZIP_OPT_BY_EREG, PclZip will + automatically replace it by PCLZIP_OPT_BY_PREG. + + Version 2.8 : + - Improve extraction of zip archive for large files by using temporary files + This feature is working like the one defined in r2.7. + Options are renamed : PCLZIP_OPT_TEMP_FILE_ON, PCLZIP_OPT_TEMP_FILE_OFF, + PCLZIP_OPT_TEMP_FILE_THRESHOLD + - Add a ratio constant PCLZIP_TEMPORARY_FILE_RATIO to configure the auto + sense of temporary file use. + - Bug correction : Reduce filepath in returned file list to remove ennoying + './/' preambule in file path. + + Version 2.7 : + - Improve creation of zip archive for large files : + PclZip will now autosense the configured memory and use temporary files + when large file is suspected. + This feature can also ne triggered by manual options in create() and add() + methods. 'PCLZIP_OPT_ADD_TEMP_FILE_ON' force the use of temporary files, + 'PCLZIP_OPT_ADD_TEMP_FILE_OFF' disable the autosense technic, + 'PCLZIP_OPT_ADD_TEMP_FILE_THRESHOLD' allow for configuration of a size + threshold to use temporary files. + Using "temporary files" rather than "memory" might take more time, but + might give the ability to zip very large files : + Tested on my win laptop with a 88Mo file : + Zip "in-memory" : 18sec (max_execution_time=30, memory_limit=180Mo) + Zip "tmporary-files" : 23sec (max_execution_time=30, memory_limit=30Mo) + - Replace use of mktime() by time() to limit the E_STRICT error messages. + - Bug correction : When adding files with full windows path (drive letter) + PclZip is now working. Before, if the drive letter is not the default + path, PclZip was not able to add the file. + + Version 2.6 : + - Code optimisation + - New attributes PCLZIP_ATT_FILE_COMMENT gives the ability to + add a comment for a specific file. (Don't really know if this is usefull) + - New attribute PCLZIP_ATT_FILE_CONTENT gives the ability to add a string + as a file. + - New attribute PCLZIP_ATT_FILE_MTIME modify the timestamp associated with + a file. + - Correct a bug. Files archived with a timestamp with 0h0m0s were extracted + with current time + - Add CRC value in the informations returned back for each file after an + action. + - Add missing closedir() statement. + - When adding a folder, and removing the path of this folder, files were + incorrectly added with a '/' at the beginning. Which means files are + related to root in unix systems. Corrected. + - Add conditional if before constant definition. This will allow users + to redefine constants without changing the file, and then improve + upgrade of pclzip code for new versions. + + Version 2.5 : + - Introduce the ability to add file/folder with individual properties (file descriptor). + This gives for example the ability to change the filename of a zipped file. + . Able to add files individually + . Able to change full name + . Able to change short name + . Compatible with global options + - New attributes : PCLZIP_ATT_FILE_NAME, PCLZIP_ATT_FILE_NEW_SHORT_NAME, PCLZIP_ATT_FILE_NEW_FULL_NAME + - New error code : PCLZIP_ERR_INVALID_ATTRIBUTE_VALUE + - Add a security control feature. PclZip can extract any file in any folder + of a system. People may use this to upload a zip file and try to override + a system file. The PCLZIP_OPT_EXTRACT_DIR_RESTRICTION will give the + ability to forgive any directory transversal behavior. + - New PCLZIP_OPT_EXTRACT_DIR_RESTRICTION : check extraction path + - New error code : PCLZIP_ERR_DIRECTORY_RESTRICTION + - Modification in PclZipUtilPathInclusion() : dir and path beginning with ./ will be prepend + by current path (getcwd()) + + Version 2.4 : + - Code improvment : try to speed up the code by removing unusefull call to pack() + - Correct bug in delete() : delete() should be called with no argument. This was not + the case in 2.3. This is corrected in 2.4. + - Correct a bug in path_inclusion function. When the path has several '../../', the + result was bad. + - Add a check for magic_quotes_runtime configuration. If enabled, PclZip will + disable it while working and det it back to its original value. + This resolve a lots of bad formated archive errors. + - Bug correction : PclZip now correctly unzip file in some specific situation, + when compressed content has same size as uncompressed content. + - Bug correction : When selecting option 'PCLZIP_OPT_REMOVE_ALL_PATH', + directories are not any more created. + - Code improvment : correct unclosed opendir(), better handling of . and .. in + loops. + + + Version 2.3 : + - Correct a bug with PHP5 : affecting the value 0xFE49FFE0 to a variable does not + give the same result in PHP4 and PHP5 .... + + Version 2.2 : + - Try development of PCLZIP_OPT_CRYPT ..... + However this becomes to a stop. To crypt/decrypt I need to multiply 2 long integers, + the result (greater than a long) is not supported by PHP. Even the use of bcmath + functions does not help. I did not find yet a solution ...; + - Add missing '/' at end of directory entries + - Check is a file is encrypted or not. Returns status 'unsupported_encryption' and/or + error code PCLZIP_ERR_UNSUPPORTED_ENCRYPTION. + - Corrected : Bad "version need to extract" field in local file header + - Add private method privCheckFileHeaders() in order to check local and central + file headers. PclZip is now supporting purpose bit flag bit 3. Purpose bit flag bit 3 gives + the ability to have a local file header without size, compressed size and crc filled. + - Add a generic status 'error' for file status + - Add control of compression type. PclZip only support deflate compression method. + Before v2.2, PclZip does not check the compression method used in an archive while + extracting. With v2.2 PclZip returns a new error status for a file using an unsupported + compression method. New status is "unsupported_compression". New error code is + PCLZIP_ERR_UNSUPPORTED_COMPRESSION. + - Add optional attribute PCLZIP_OPT_STOP_ON_ERROR. This will stop the extract of files + when errors like 'a folder with same name exists' or 'a newer file exists' or + 'a write protected file' exists, rather than set a status for the concerning file + and resume the extract of the zip. + - Add optional attribute PCLZIP_OPT_REPLACE_NEWER. This will force, during an extract' the + replacement of the file, even if a newer version of the file exists. + Note that today if a file with the same name already exists but is older it will be + replaced by the extracted one. + - Improve PclZipUtilOption() + - Support of zip archive with trailing bytes. Before 2.2, PclZip checks that the central + directory structure is the last data in the archive. Crypt encryption/decryption of + zip archive put trailing 0 bytes after decryption. PclZip is now supporting this. + + Version 2.1 : + - Add the ability to abort the extraction by using a user callback function. + The user can now return the value '2' in its callback which indicates to stop the + extraction. For a pre call-back extract is stopped before the extration of the current + file. For a post call back, the extraction is stopped after. + - Add the ability to extract a file (or several files) directly in the standard output. + This is done by the new parameter PCLZIP_OPT_EXTRACT_IN_OUTPUT with method extract(). + - Add support for parameters PCLZIP_OPT_COMMENT, PCLZIP_OPT_ADD_COMMENT, + PCLZIP_OPT_PREPEND_COMMENT. This will create, replace, add, or prepend comments + in the zip archive. + - When merging two archives, the comments are not any more lost, but merged, with a + blank space separator. + - Corrected bug : Files are not deleted when all files are asked to be deleted. + - Corrected bug : Folders with name '0' made PclZip to abort the create or add feature. + + + Version 2.0 : + ***** Warning : Some new features may break the backward compatibility for your scripts. + Please carefully read the readme file. + - Add the ability to delete by Index, name and regular expression. This feature is + performed by the method delete(), which uses the optional parameters + PCLZIP_OPT_BY_INDEX, PCLZIP_OPT_BY_NAME, PCLZIP_OPT_BY_EREG or PCLZIP_OPT_BY_PREG. + - Add the ability to extract by regular expression. To extract by regexp you must use the method + extract(), with the option PCLZIP_OPT_BY_EREG or PCLZIP_OPT_BY_PREG + (depending if you want to use ereg() or preg_match() syntax) followed by the + regular expression pattern. + - Add the ability to extract by index, directly with the extract() method. This is a + code improvment of the extractByIndex() method. + - Add the ability to extract by name. To extract by name you must use the method + extract(), with the option PCLZIP_OPT_BY_NAME followed by the filename to + extract or an array of filenames to extract. To extract all a folder, use the folder + name rather than the filename with a '/' at the end. + - Add the ability to add files without compression. This is done with a new attribute + which is PCLZIP_OPT_NO_COMPRESSION. + - Add the attribute PCLZIP_OPT_EXTRACT_AS_STRING, which allow to extract a file directly + in a string without using any file (or temporary file). + - Add constant PCLZIP_SEPARATOR for static configuration of filename separators in a single string. + The default separator is now a comma (,) and not any more a blank space. + THIS BREAK THE BACKWARD COMPATIBILITY : Please check if this may have an impact with + your script. + - Improve algorythm performance by removing the use of temporary files when adding or + extracting files in an archive. + - Add (correct) detection of empty filename zipping. This can occurs when the removed + path is the same + as a zipped dir. The dir is not zipped (['status'] = filtered), only its content. + - Add better support for windows paths (thanks for help from manus@manusfreedom.com). + - Corrected bug : When the archive file already exists with size=0, the add() method + fails. Corrected in 2.0. + - Remove the use of OS_WINDOWS constant. Use php_uname() function rather. + - Control the order of index ranges in extract by index feature. + - Change the internal management of folders (better handling of internal flag). + + + Version 1.3 : + - Removing the double include check. This is now done by include_once() and require_once() + PHP directives. + - Changing the error handling mecanism : Remove the use of an external error library. + The former PclError...() functions are replaced by internal equivalent methods. + By changing the environment variable PCLZIP_ERROR_EXTERNAL you can still use the former library. + Introducing the use of constants for error codes rather than integer values. This will help + in futur improvment. + Introduction of error handling functions like errorCode(), errorName() and errorInfo(). + - Remove the deprecated use of calling function with arguments passed by reference. + - Add the calling of extract(), extractByIndex(), create() and add() functions + with variable options rather than fixed arguments. + - Add the ability to remove all the file path while extracting or adding, + without any need to specify the path to remove. + This is available for extract(), extractByIndex(), create() and add() functionS by using + the new variable options parameters : + - PCLZIP_OPT_REMOVE_ALL_PATH : by indicating this option while calling the fct. + - Ability to change the mode of a file after the extraction (chmod()). + This is available for extract() and extractByIndex() functionS by using + the new variable options parameters. + - PCLZIP_OPT_SET_CHMOD : by setting the value of this option. + - Ability to definition call-back options. These call-back will be called during the adding, + or the extracting of file (extract(), extractByIndex(), create() and add() functions) : + - PCLZIP_CB_PRE_EXTRACT : will be called before each extraction of a file. The user + can trigerred the change the filename of the extracted file. The user can triggered the + skip of the extraction. This is adding a 'skipped' status in the file list result value. + - PCLZIP_CB_POST_EXTRACT : will be called after each extraction of a file. + Nothing can be triggered from that point. + - PCLZIP_CB_PRE_ADD : will be called before each add of a file. The user + can trigerred the change the stored filename of the added file. The user can triggered the + skip of the add. This is adding a 'skipped' status in the file list result value. + - PCLZIP_CB_POST_ADD : will be called after each add of a file. + Nothing can be triggered from that point. + - Two status are added in the file list returned as function result : skipped & filename_too_long + 'skipped' is used when a call-back function ask for skipping the file. + 'filename_too_long' is used while adding a file with a too long filename to archive (the file is + not added) + - Adding the function PclZipUtilPathInclusion(), that check the inclusion of a path into + a directory. + - Add a check of the presence of the archive file before some actions (like list, ...) + - Add the initialisation of field "index" in header array. This means that by + default index will be -1 when not explicitly set by the methods. + + Version 1.2 : + - Adding a duplicate function. + - Adding a merge function. The merge function is a "quick merge" function, + it just append the content of an archive at the end of the first one. There + is no check for duplicate files or more recent files. + - Improve the search of the central directory end. + + Version 1.1.2 : + + - Changing the license of PclZip. PclZip is now released under the GNU / LGPL license + (see License section). + - Adding the optional support of a static temporary directory. You will need to configure + the constant PCLZIP_TEMPORARY_DIR if you want to use this feature. + - Improving the rename() function. In some cases rename() does not work (different + Filesystems), so it will be replaced by a copy() + unlink() functions. + + Version 1.1.1 : + + - Maintenance release, no new feature. + + Version 1.1 : + + - New method Add() : adding files in the archive + - New method ExtractByIndex() : partial extract of the archive, files are identified by + their index in the archive + - New method DeleteByIndex() : delete some files/folder entries from the archive, + files are identified by their index in the archive. + - Adding a test of the zlib extension presence. If not present abort the script. + + Version 1.0.1 : + + - No new feature + + +3 - Corrected bugs +================== + + Corrected in Version 2.0 : + - Corrected : During an extraction, if a call-back fucntion is used and try to skip + a file, all the extraction process is stopped. + + Corrected in Version 1.3 : + - Corrected : Support of static synopsis for method extract() is broken. + - Corrected : invalid size of archive content field (0xFF) should be (0xFFFF). + - Corrected : When an extract is done with a remove_path parameter, the entry for + the directory with exactly the same path is not skipped/filtered. + - Corrected : extractByIndex() and deleteByIndex() were not managing index in the + right way. For example indexes '1,3-5,11' will only extract files 1 and 11. This + is due to a sort of the index resulting table that puts 11 before 3-5 (sort on + string and not interger). The sort is temporarilly removed, this means that + you must provide a sorted list of index ranges. + + Corrected in Version 1.2 : + + - Nothing. + + Corrected in Version 1.1.2 : + + - Corrected : Winzip is unable to delete or add new files in a PclZip created archives. + + Corrected in Version 1.1.1 : + + - Corrected : When archived file is not compressed (0% compression), the + extract method fails. + + Corrected in Version 1.1 : + + - Corrected : Adding a complete tree of folder may result in a bad archive + creation. + + Corrected in Version 1.0.1 : + + - Corrected : Error while compressing files greater than PCLZIP_READ_BLOCK_SIZE (default=1024). + + +4 - Known bugs or limitations +============================= + + Please publish bugs reports in SourceForge : + http://sourceforge.net/tracker/?group_id=40254&atid=427564 + + In Version 2.x : + - PclZip does only support file uncompressed or compressed with deflate (compression method 8) + - PclZip does not support password protected zip archive + - Some concern were seen when changing mtime of a file while archiving. + Seems to be linked to Daylight Saving Time (PclTest_changing_mtime). + + In Version 1.2 : + + - merge() methods does not check for duplicate files or last date of modifications. + + In Version 1.1 : + + - Limitation : Using 'extract' fields in the file header in the zip archive is not supported. + - WinZip is unable to delete a single file in a PclZip created archive. It is also unable to + add a file in a PclZip created archive. (Corrected in v.1.2) + + In Version 1.0.1 : + + - Adding a complete tree of folder may result in a bad archive + creation. (Corrected in V.1.1). + - Path given to methods must be in the unix format (/) and not the Windows format (\). + Workaround : Use only / directory separators. + - PclZip is using temporary files that are sometime the name of the file with a .tmp or .gz + added suffix. Files with these names may already exist and may be overwritten. + Workaround : none. + - PclZip does not check if the zlib extension is present. If it is absent, the zip + file is not created and the lib abort without warning. + Workaround : enable the zlib extension on the php install + + In Version 1.0 : + + - Error while compressing files greater than PCLZIP_READ_BLOCK_SIZE (default=1024). + (Corrected in v.1.0.1) + - Limitation : Multi-disk zip archive are not supported. + + +5 - License +=========== + + Since version 1.1.2, PclZip Library is released under GNU/LGPL license. + This library is free, so you can use it at no cost. + + HOWEVER, if you release a script, an application, a library or any kind of + code using PclZip library (or a part of it), YOU MUST : + - Indicate in the documentation (or a readme file), that your work + uses PclZip Library, and make a reference to the author and the web site + http://www.phpconcept.net + - Gives the ability to the final user to update the PclZip libary. + + I will also appreciate that you send me a mail (vincent@phpconcept.net), just to + be aware that someone is using PclZip. + + For more information about GNU/LGPL license : http://www.gnu.org + +6 - Warning +================= + + This library and the associated files are non commercial, non professional work. + It should not have unexpected results. However if any damage is caused by this software + the author can not be responsible. + The use of this software is at the risk of the user. + +7 - Documentation +================= + PclZip User Manuel is available in English on PhpConcept : http://www.phpconcept.net/pclzip/man/en/index.php + A Russian translation was done by Feskov Kuzma : http://php.russofile.ru/ru/authors/unsort/zip/ + +8 - Author +========== + + This software was written by Vincent Blavet (vincent@phpconcept.net) on its leasure time. + +9 - Contribute +============== + If you want to contribute to the development of PclZip, please contact vincent@phpconcept.net. + If you can help in financing PhpConcept hosting service, please go to + http://www.phpconcept.net/soutien.php From 503070864134d5cc7159fb4ce01e61aa60e605fc Mon Sep 17 00:00:00 2001 From: cwsoft Date: Fri, 10 Feb 2017 15:40:27 +0100 Subject: [PATCH 15/21] Updated PHP Mailer to v5.2.22 - Security fix for the 3rd party library PHPMailer - See [CVE-2017-5223](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5223) https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.22 --- wbce/include/phpmailer/ChangeLog.txt | 415 ------------------ wbce/include/phpmailer/README | 218 --------- wbce/include/phpmailer/VERSION | 2 +- wbce/include/phpmailer/class.phpmailer.php | 32 +- wbce/include/phpmailer/class.pop3.php | 2 +- wbce/include/phpmailer/class.smtp.php | 4 +- wbce/include/phpmailer/index.php | 28 -- wbce/include/phpmailer/language/index.php | 28 -- .../phpmailer/language/phpmailer.lang-br.php | 26 -- .../phpmailer/language/phpmailer.lang-cz.php | 25 -- .../phpmailer/language/phpmailer.lang-dk.php | 26 -- .../phpmailer/language/phpmailer.lang-en.php | 27 -- .../phpmailer/language/phpmailer.lang-no.php | 25 -- .../phpmailer/language/phpmailer.lang-se.php | 26 -- 14 files changed, 27 insertions(+), 857 deletions(-) delete mode 100644 wbce/include/phpmailer/ChangeLog.txt delete mode 100644 wbce/include/phpmailer/README delete mode 100644 wbce/include/phpmailer/index.php delete mode 100644 wbce/include/phpmailer/language/index.php delete mode 100644 wbce/include/phpmailer/language/phpmailer.lang-br.php delete mode 100644 wbce/include/phpmailer/language/phpmailer.lang-cz.php delete mode 100644 wbce/include/phpmailer/language/phpmailer.lang-dk.php delete mode 100644 wbce/include/phpmailer/language/phpmailer.lang-en.php delete mode 100644 wbce/include/phpmailer/language/phpmailer.lang-no.php delete mode 100644 wbce/include/phpmailer/language/phpmailer.lang-se.php diff --git a/wbce/include/phpmailer/ChangeLog.txt b/wbce/include/phpmailer/ChangeLog.txt deleted file mode 100644 index 76c75cf2a..000000000 --- a/wbce/include/phpmailer/ChangeLog.txt +++ /dev/null @@ -1,415 +0,0 @@ -ChangeLog - -NOTE: THIS VERSION OF PHPMAILER IS DESIGNED FOR PHP5/PHP6. - IT WILL NOT WORK WITH PHP4. - -Version 5.2 (July 19, 2011) -* protected MIME body and header -* better DKIM DNS Resource Record support -* better aly handling -* htmlfilter class added to extras -* moved to Apache Extras - -Version 5.1 (October 20, 2009) -* fixed filename issue with AddStringAttachment (thanks to Tony) -* fixed "SingleTo" property, now works with Senmail, Qmail, and SMTP in - addition to PHP mail() -* added DKIM digital signing functionality - New properties: - - DKIM_domain (sets the domain name) - - DKIM_private (holds DKIM private key) - - DKIM_passphrase (holds your DKIM passphrase) - - DKIM_selector (holds the DKIM "selector") - - DKIM_identity (holds the identifying email address) -* added callback function support - - callback function parameters include: - result, to, cc, bcc, subject and body - * see the test/test_callback.php file for usage. -* added "auto" identity functionality - - can automatically add: - - Return-path (if Sender not set) - - Reply-To (if ReplyTo not set) - - can be disabled: - - $mail->SetFrom('yourname@yourdomain.com','First Last',false); - - or by adding the $mail->Sender and/or $mail->ReplyTo properties - Note: "auto" identity added to help with emails ending up in spam - or junk boxes because of missing headers - -Version 5.0.2 (May 24, 2009) -* Fix for missing attachments when inline graphics are present -* Fix for missing Cc in header when using SMTP (mail was sent, - but not displayed in header -- Cc receiver only saw email To: - line and no Cc line, but did get the email (To receiver - saw same) - -Version 5.0.1 (April 05, 2009) -* Temporary fix for missing attachments - -Version 5.0.0 (April 02, 2009) - -* With the release of this version, we are initiating a new version numbering - system to differentiate from the PHP4 version of PHPMailer. -* Most notable in this release is fully object oriented code. -class.smtp.php: -* Refactored class.smtp.php to support new exception handling - code size reduced from 29.2 Kb to 25.6 Kb -* Removed unnecessary functions from class.smtp.php: - public function Expand($name) { - public function Help($keyword="") { - public function Noop() { - public function Send($from) { - public function SendOrMail($from) { - public function Verify($name) { -class.phpmailer.php: -* Refactored class.phpmailer.php with new exception handling -* Changed processing functionality of Sendmail and Qmail so they cannot be - inadvertently used -* removed getFile() function, just became a simple wrapper for - file_get_contents() -* added check for PHP version (will gracefully exit if not at least PHP 5.0) -class.phpmailer.php enhancements -* enhanced code to check if an attachment source is the same as an embedded or - inline graphic source to eliminate duplicate attachments -New /test_script -* We have written a test script you can use to test the script as part of your - installation. Once you press submit, the test script will send a multi-mime - email with either the message you type in or an HTML email with an inline - graphic. Two attachments are included in the email (one of the attachments - is also the inline graphic so you can see that only one copy of the graphic - is sent in the email). The test script will also display the functional - script that you can copy/paste to your editor to duplicate the functionality. -New examples -* All new examples in both basic and advanced modes. Advanced examples show - Exception handling. -PHPDocumentator (phpdocs) documentation for PHPMailer version 5.0.0 -* all new documentation - -Please note: the website has been updated to reflect the changes in PHPMailer -version 5.0.0. http://phpmailer.codeworxtech.com/ - -Version 2.3 (November 06, 2008) - -* added Arabic language (many thanks to Bahjat Al Mostafa) -* removed English language from language files and made it a default within - class.phpmailer.php - if no language is found, it will default to use - the english language translation -* fixed public/private declarations -* corrected line 1728, $basedir to $directory -* added $sign_cert_file to avoid improper duplicate use of $sign_key_file -* corrected $this->Hello on line 612 to $this->Helo -* changed default of $LE to "\r\n" to comply with RFC 2822. Can be set by the user - if default is not acceptable -* removed trim() from return results in EncodeQP -* /test and three files it contained are removed from version 2.3 -* fixed phpunit.php for compliance with PHP5 -* changed $this->AltBody = $textMsg; to $this->AltBody = html_entity_decode($textMsg); -* We have removed the /phpdoc from the downloads. All documentation is now on - the http://phpmailer.codeworxtech.com website. - -Version 2.2.1 () July 19 2008 - -* fixed line 1092 in class.smtp.php (my apologies, error on my part) - -Version 2.2 () July 15 2008 - -* Fixed redirect issue (display of UTF-8 in thank you redirect) -* fixed error in getResponse function declaration (class.pop3.php) -* PHPMailer now PHP6 compliant -* fixed line 1092 in class.smtp.php (endless loop from missing = sign) - -Version 2.1 (Wed, June 04 2008) - -** NOTE: WE HAVE A NEW LANGUAGE VARIABLE FOR DIGITALLY SIGNED S/MIME EMAILS. - IF YOU CAN HELP WITH LANGUAGES OTHER THAN ENGLISH AND SPANISH, IT WOULD BE - APPRECIATED. - -* added S/MIME functionality (ability to digitally sign emails) - BIG THANKS TO "sergiocambra" for posting this patch back in November 2007. - The "Signed Emails" functionality adds the Sign method to pass the private key - filename and the password to read it, and then email will be sent with - content-type multipart/signed and with the digital signature attached. -* fully compatible with E_STRICT error level - - Please note: - In about half the test environments this development version was subjected - to, an error was thrown for the date() functions used (line 1565 and 1569). - This is NOT a PHPMailer error, it is the result of an incorrectly configured - PHP5 installation. The fix is to modify your 'php.ini' file and include the - date.timezone = America/New York - directive, to your own server timezone - - If you do get this error, and are unable to access your php.ini file: - In your PHP script, add - date_default_timezone_set('America/Toronto'); - - do not try to use - $myVar = date_default_timezone_get(); - as a test, it will throw an error. -* added ability to define path (mainly for embedded images) - function MsgHTML($message,$basedir='') ... where: - $basedir is the fully qualified path -* fixed MsgHTML() function: - - Embedded Images where images are specified by :// will not be altered or embedded -* fixed the return value of SMTP exit code ( pclose ) -* addressed issue of multibyte characters in subject line and truncating -* added ability to have user specified Message ID - (default is still that PHPMailer create a unique Message ID) -* corrected unidentified message type to 'application/octet-stream' -* fixed chunk_split() multibyte issue (thanks to Colin Brown, et al). -* added check for added attachments -* enhanced conversion of HTML to text in MsgHTML (thanks to "brunny") - -Version 2.1.0beta2 (Sun, Dec 02 2007) -* implemented updated EncodeQP (thanks to coolbru, aka Marcus Bointon) -* finished all testing, all known bugs corrected, enhancements tested -- note: will NOT work with PHP4. - -please note, this is BETA software -** DO NOT USE THIS IN PRODUCTION OR LIVE PROJECTS -INTENDED STRICTLY FOR TESTING - -Version 2.1.0beta1 -please note, this is BETA software -** DO NOT USE THIS IN PRODUCTION OR LIVE PROJECTS -INTENDED STRICTLY FOR TESTING - -Version 2.0.0 rc2 (Fri, Nov 16 2007), interim release -* implements new property to control VERP in class.smtp.php - example (requires instantiating class.smtp.php): - $mail->do_verp = true; -* POP-before-SMTP functionality included, thanks to Richard Davey - (see class.pop3.php & pop3_before_smtp_test.php for examples) -* included example showing how to use PHPMailer with GMAIL -* fixed the missing Cc in SendMail() and Mail() - -****************** -A note on sending bulk emails: - -If the email you are sending is not personalized, consider using the -"undisclosed-recipient:;" strategy. That is, put all of your recipients -in the Bcc field and set the To field to "undisclosed-recipients:;". -It's a lot faster (only one send) and saves quite a bit on resources. -Contrary to some opinions, this will not get you listed in spam engines - -it's a legitimate way for you to send emails. - -A partial example for use with PHPMailer: - -$mail->AddAddress("undisclosed-recipients:;"); -$mail->AddBCC("email1@anydomain.com,email2@anyotherdomain.com,email3@anyalternatedomain.com"); - -Many email service providers restrict the number of emails that can be sent -in any given time period. Often that is between 50 - 60 emails maximum -per hour or per send session. - -If that's the case, then break up your Bcc lists into chunks that are one -less than your limit, and put a pause in your script. -******************* - -Version 2.0.0 rc1 (Thu, Nov 08 2007), interim release -* dramatically simplified using inline graphics ... it's fully automated and requires no user input -* added automatic document type detection for attachments and pictures -* added MsgHTML() function to replace Body tag for HTML emails -* fixed the SendMail security issues (input validation vulnerability) -* enhanced the AddAddresses functionality so that the "Name" portion is used in the email address -* removed the need to use the AltBody method (set from the HTML, or default text used) -* set the PHP Mail() function as the default (still support SendMail, SMTP Mail) -* removed the need to set the IsHTML property (set automatically) -* added Estonian language file by Indrek Päri -* added header injection patch -* added "set" method to permit users to create their own pseudo-properties like 'X-Headers', etc. - example of use: - $mail->set('X-Priority', '3'); - $mail->set('X-MSMail-Priority', 'Normal'); -* fixed warning message in SMTP get_lines method -* added TLS/SSL SMTP support - example of use: - $mail = new PHPMailer(); - $mail->Mailer = "smtp"; - $mail->Host = "smtp.example.com"; - $mail->SMTPSecure = "tls"; // option - //$mail->SMTPSecure = "ssl"; // option - ... - $mail->Send(); -* PHPMailer has been tested with PHP4 (4.4.7) and PHP5 (5.2.7) -* Works with PHP installed as a module or as CGI-PHP -- NOTE: will NOT work with PHP5 in E_STRICT error mode - -Version 1.73 (Sun, Jun 10 2005) -* Fixed denial of service bug: http://www.cybsec.com/vuln/PHPMailer-DOS.pdf -* Now has a total of 20 translations -* Fixed alt attachments bug: http://tinyurl.com/98u9k - -Version 1.72 (Wed, May 25 2004) -* Added Dutch, Swedish, Czech, Norwegian, and Turkish translations. -* Received: Removed this method because spam filter programs like -SpamAssassin reject this header. -* Fixed error count bug. -* SetLanguage default is now "language/". -* Fixed magic_quotes_runtime bug. - -Version 1.71 (Tue, Jul 28 2003) -* Made several speed enhancements -* Added German and Italian translation files -* Fixed HELO/AUTH bugs on keep-alive connects -* Now provides an error message if language file does not load -* Fixed attachment EOL bug -* Updated some unclear documentation -* Added additional tests and improved others - -Version 1.70 (Mon, Jun 20 2003) -* Added SMTP keep-alive support -* Added IsError method for error detection -* Added error message translation support (SetLanguage) -* Refactored many methods to increase library performance -* Hello now sends the newer EHLO message before HELO as per RFC 2821 -* Removed the boundary class and replaced it with GetBoundary -* Removed queue support methods -* New $Hostname variable -* New Message-ID header -* Received header reformat -* Helo variable default changed to $Hostname -* Removed extra spaces in Content-Type definition (#667182) -* Return-Path should be set to Sender when set -* Adds Q or B encoding to headers when necessary -* quoted-encoding should now encode NULs \000 -* Fixed encoding of body/AltBody (#553370) -* Adds "To: undisclosed-recipients:;" when all recipients are hidden (BCC) -* Multiple bug fixes - -Version 1.65 (Fri, Aug 09 2002) -* Fixed non-visible attachment bug (#585097) for Outlook -* SMTP connections are now closed after each transaction -* Fixed SMTP::Expand return value -* Converted SMTP class documentation to phpDocumentor format - -Version 1.62 (Wed, Jun 26 2002) -* Fixed multi-attach bug -* Set proper word wrapping -* Reduced memory use with attachments -* Added more debugging -* Changed documentation to phpDocumentor format - -Version 1.60 (Sat, Mar 30 2002) -* Sendmail pipe and address patch (Christian Holtje) -* Added embedded image and read confirmation support (A. Ognio) -* Added unit tests -* Added SMTP timeout support (*nix only) -* Added possibly temporary PluginDir variable for SMTP class -* Added LE message line ending variable -* Refactored boundary and attachment code -* Eliminated SMTP class warnings -* Added SendToQueue method for future queuing support - -Version 1.54 (Wed, Dec 19 2001) -* Add some queuing support code -* Fixed a pesky multi/alt bug -* Messages are no longer forced to have "To" addresses - -Version 1.50 (Thu, Nov 08 2001) -* Fix extra lines when not using SMTP mailer -* Set WordWrap variable to int with a zero default - -Version 1.47 (Tue, Oct 16 2001) -* Fixed Received header code format -* Fixed AltBody order error -* Fixed alternate port warning - -Version 1.45 (Tue, Sep 25 2001) -* Added enhanced SMTP debug support -* Added support for multiple ports on SMTP -* Added Received header for tracing -* Fixed AddStringAttachment encoding -* Fixed possible header name quote bug -* Fixed wordwrap() trim bug -* Couple other small bug fixes - -Version 1.41 (Wed, Aug 22 2001) -* Fixed AltBody bug w/o attachments -* Fixed rfc_date() for certain mail servers - -Version 1.40 (Sun, Aug 12 2001) -* Added multipart/alternative support (AltBody) -* Documentation update -* Fixed bug in Mercury MTA - -Version 1.29 (Fri, Aug 03 2001) -* Added AddStringAttachment() method -* Added SMTP authentication support - -Version 1.28 (Mon, Jul 30 2001) -* Fixed a typo in SMTP class -* Fixed header issue with Imail (win32) SMTP server -* Made fopen() calls for attachments use "rb" to fix win32 error - -Version 1.25 (Mon, Jul 02 2001) -* Added RFC 822 date fix (Patrice) -* Added improved error handling by adding a $ErrorInfo variable -* Removed MailerDebug variable (obsolete with new error handler) - -Version 1.20 (Mon, Jun 25 2001) -* Added quoted-printable encoding (Patrice) -* Set Version as public and removed PrintVersion() -* Changed phpdoc to only display public variables and methods - -Version 1.19 (Thu, Jun 21 2001) -* Fixed MS Mail header bug -* Added fix for Bcc problem with mail(). *Does not work on Win32* - (See PHP bug report: http://www.php.net/bugs.php?id=11616) -* mail() no longer passes a fifth parameter when not needed - -Version 1.15 (Fri, Jun 15 2001) -[Note: these changes contributed by Patrice Fournier] -* Changed all remaining \n to \r\n -* Bcc: header no longer writen to message except -when sent directly to sendmail -* Added a small message to non-MIME compliant mail reader -* Added Sender variable to change the Sender email -used in -f for sendmail/mail and in 'MAIL FROM' for smtp mode -* Changed boundary setting to a place it will be set only once -* Removed transfer encoding for whole message when using multipart -* Message body now uses Encoding in multipart messages -* Can set encoding and type to attachments 7bit, 8bit -and binary attachment are sent as is, base64 are encoded -* Can set Encoding to base64 to send 8 bits body -through 7 bits servers - -Version 1.10 (Tue, Jun 12 2001) -* Fixed win32 mail header bug (printed out headers in message body) - -Version 1.09 (Fri, Jun 08 2001) -* Changed date header to work with Netscape mail programs -* Altered phpdoc documentation - -Version 1.08 (Tue, Jun 05 2001) -* Added enhanced error-checking -* Added phpdoc documentation to source - -Version 1.06 (Fri, Jun 01 2001) -* Added optional name for file attachments - -Version 1.05 (Tue, May 29 2001) -* Code cleanup -* Eliminated sendmail header warning message -* Fixed possible SMTP error - -Version 1.03 (Thu, May 24 2001) -* Fixed problem where qmail sends out duplicate messages - -Version 1.02 (Wed, May 23 2001) -* Added multiple recipient and attachment Clear* methods -* Added Sendmail public variable -* Fixed problem with loading SMTP library multiple times - -Version 0.98 (Tue, May 22 2001) -* Fixed problem with redundant mail hosts sending out multiple messages -* Added additional error handler code -* Added AddCustomHeader() function -* Added support for Microsoft mail client headers (affects priority) -* Fixed small bug with Mailer variable -* Added PrintVersion() function - -Version 0.92 (Tue, May 15 2001) -* Changed file names to class.phpmailer.php and class.smtp.php to match - current PHP class trend. -* Fixed problem where body not being printed when a message is attached -* Several small bug fixes - -Version 0.90 (Tue, April 17 2001) -* Intial public release diff --git a/wbce/include/phpmailer/README b/wbce/include/phpmailer/README deleted file mode 100644 index 8d48dc05f..000000000 --- a/wbce/include/phpmailer/README +++ /dev/null @@ -1,218 +0,0 @@ -/******************************************************************* -* The http://phpmailer.codeworxtech.com/ website now carries a few * -* advertisements through the Google Adsense network. Please visit * -* the advertiser sites and help us offset some of our costs. * -* Thanks .... * -********************************************************************/ - -PHPMailer -Full Featured Email Transfer Class for PHP -========================================== - -Version 5.0.0 (April 02, 2009) - -With the release of this version, we are initiating a new version numbering -system to differentiate from the PHP4 version of PHPMailer. - -Most notable in this release is fully object oriented code. - -We now have available the PHPDocumentor (phpdocs) documentation. This is -separate from the regular download to keep file sizes down. Please see the -download area of http://phpmailer.codeworxtech.com. - -We also have created a new test script (see /test_script) that you can use -right out of the box. Copy the /test_script folder directly to your server (in -the same structure ... with class.phpmailer.php and class.smtp.php in the -folder above it. Then launch the test script with: -http://www.yourdomain.com/phpmailer/test_script/index.php -from this one script, you can test your server settings for mail(), sendmail (or -qmail), and SMTP. This will email you a sample email (using contents.html for -the email body) and two attachments. One of the attachments is used as an inline -image to demonstrate how PHPMailer will automatically detect if attachments are -the same source as inline graphics and only include one version. Once you click -the Submit button, the results will be displayed including any SMTP debug -information and send status. We will also display a version of the script that -you can cut and paste to include in your projects. Enjoy! - -Version 2.3 (November 08, 2008) - -We have removed the /phpdoc from the downloads. All documentation is now on -the http://phpmailer.codeworxtech.com website. - -The phpunit.php has been updated to support PHP5. - -For all other changes and notes, please see the changelog. - -Donations are accepted at PayPal with our id "paypal@worxteam.com". - -Version 2.2 (July 15 2008) - -- see the changelog. - -Version 2.1 (June 04 2008) - -With this release, we are announcing that the development of PHPMailer for PHP5 -will be our focus from this date on. We have implemented all the enhancements -and fixes from the latest release of PHPMailer for PHP4. - -Far more important, though, is that this release of PHPMailer (v2.1) is -fully tested with E_STRICT error checking enabled. - -** NOTE: WE HAVE A NEW LANGUAGE VARIABLE FOR DIGITALLY SIGNED S/MIME EMAILS. - IF YOU CAN HELP WITH LANGUAGES OTHER THAN ENGLISH AND SPANISH, IT WOULD BE - APPRECIATED. - -We have now added S/MIME functionality (ability to digitally sign emails). -BIG THANKS TO "sergiocambra" for posting this patch back in November 2007. -The "Signed Emails" functionality adds the Sign method to pass the private key -filename and the password to read it, and then email will be sent with -content-type multipart/signed and with the digital signature attached. - -A quick note on E_STRICT: - -- In about half the test environments the development version was subjected - to, an error was thrown for the date() functions (used at line 1565 and 1569). - This is NOT a PHPMailer error, it is the result of an incorrectly configured - PHP5 installation. The fix is to modify your 'php.ini' file and include the - date.timezone = America/New York - directive, (for your own server timezone) -- If you do get this error, and are unable to access your php.ini file, there is - a workaround. In your PHP script, add - date_default_timezone_set('America/Toronto'); - - * do NOT try to use - $myVar = date_default_timezone_get(); - as a test, it will throw an error. - -We have also included more example files to show the use of "sendmail", "mail()", -"smtp", and "gmail". - -We are also looking for more programmers to join the volunteer development team. -If you have an interest in this, please let us know. - -Enjoy! - - -Version 2.1.0beta1 & beta2 - -please note, this is BETA software -** DO NOT USE THIS IN PRODUCTION OR LIVE PROJECTS -INTENDED STRICTLY FOR TESTING - -** NOTE: - -As of November 2007, PHPMailer has a new project team headed by industry -veteran Andy Prevost (codeworxtech). The first release in more than two -years will focus on fixes, adding ease-of-use enhancements, provide -basic compatibility with PHP4 and PHP5 using PHP5 backwards compatibility -features. A new release is planned before year-end 2007 that will provide -full compatiblity with PHP4 and PHP5, as well as more bug fixes. - -We are looking for project developers to assist in restoring PHPMailer to -its leadership position. Our goals are to simplify use of PHPMailer, provide -good documentation and examples, and retain backward compatibility to level -1.7.3 standards. - -If you are interested in helping out, visit http://sourceforge.net/projects/phpmailer -and indicate your interest. - -** - -http://phpmailer.sourceforge.net/ - -This software is licenced under the LGPL. Please read LICENSE for information on the -software availability and distribution. - -Class Features: -- Send emails with multiple TOs, CCs, BCCs and REPLY-TOs -- Redundant SMTP servers -- Multipart/alternative emails for mail clients that do not read HTML email -- Support for 8bit, base64, binary, and quoted-printable encoding -- Uses the same methods as the very popular AspEmail active server (COM) component -- SMTP authentication -- Native language support -- Word wrap, and more! - -Why you might need it: - -Many PHP developers utilize email in their code. The only PHP function -that supports this is the mail() function. However, it does not expose -any of the popular features that many email clients use nowadays like -HTML-based emails and attachments. There are two proprietary -development tools out there that have all the functionality built into -easy to use classes: AspEmail(tm) and AspMail. Both of these -programs are COM components only available on Windows. They are also a -little pricey for smaller projects. - -Since I do Linux development I�ve missed these tools for my PHP coding. -So I built a version myself that implements the same methods (object -calls) that the Windows-based components do. It is open source and the -LGPL license allows you to place the class in your proprietary PHP -projects. - - -Installation: - -Copy class.phpmailer.php into your php.ini include_path. If you are -using the SMTP mailer then place class.smtp.php in your path as well. -In the language directory you will find several files like -phpmailer.lang-en.php. If you look right before the .php extension -that there are two letters. These represent the language type of the -translation file. For instance "en" is the English file and "br" is -the Portuguese file. Chose the file that best fits with your language -and place it in the PHP include path. If your language is English -then you have nothing more to do. If it is a different language then -you must point PHPMailer to the correct translation. To do this, call -the PHPMailer SetLanguage method like so: - -// To load the Portuguese version -$mail->SetLanguage("br", "/optional/path/to/language/directory/"); - -That's it. You should now be ready to use PHPMailer! - - -A Simple Example: - -IsSMTP(); // set mailer to use SMTP -$mail->Host = "smtp1.example.com;smtp2.example.com"; // specify main and backup server -$mail->SMTPAuth = true; // turn on SMTP authentication -$mail->Username = "jswan"; // SMTP username -$mail->Password = "secret"; // SMTP password - -$mail->From = "from@example.com"; -$mail->FromName = "Mailer"; -$mail->AddAddress("josh@example.net", "Josh Adams"); -$mail->AddAddress("ellen@example.com"); // name is optional -$mail->AddReplyTo("info@example.com", "Information"); - -$mail->WordWrap = 50; // set word wrap to 50 characters -$mail->AddAttachment("/var/tmp/file.tar.gz"); // add attachments -$mail->AddAttachment("/tmp/image.jpg", "new.jpg"); // optional name -$mail->IsHTML(true); // set email format to HTML - -$mail->Subject = "Here is the subject"; -$mail->Body = "This is the HTML message body in bold!"; -$mail->AltBody = "This is the body in plain text for non-HTML mail clients"; - -if(!$mail->Send()) -{ - echo "Message could not be sent.

"; - echo "Mailer Error: " . $mail->ErrorInfo; - exit; -} - -echo "Message has been sent"; -?> - -CHANGELOG - -See ChangeLog.txt - -Download: http://sourceforge.net/project/showfiles.php?group_id=26031 - -Andy Prevost diff --git a/wbce/include/phpmailer/VERSION b/wbce/include/phpmailer/VERSION index 567eefa2c..07b26572f 100644 --- a/wbce/include/phpmailer/VERSION +++ b/wbce/include/phpmailer/VERSION @@ -1 +1 @@ -5.2.21 +5.2.22 diff --git a/wbce/include/phpmailer/class.phpmailer.php b/wbce/include/phpmailer/class.phpmailer.php index 8ff13f110..477ee826e 100644 --- a/wbce/include/phpmailer/class.phpmailer.php +++ b/wbce/include/phpmailer/class.phpmailer.php @@ -31,7 +31,7 @@ class PHPMailer * The PHPMailer Version number. * @var string */ - public $Version = '5.2.21'; + public $Version = '5.2.22'; /** * Email priority. @@ -2492,6 +2492,7 @@ public function textLine($value) /** * Add an attachment from a path on the filesystem. + * Never use a user-supplied path to a file! * Returns false if the file could not be found or read. * @param string $path Path to the attachment. * @param string $name Overrides the attachment name. @@ -3017,6 +3018,7 @@ public function addStringAttachment( * displayed inline with the message, not just attached for download. * This is used in HTML messages that embed the images * the HTML refers to using the $cid value. + * Never use a user-supplied path to a file! * @param string $path Path to the attachment. * @param string $cid Content ID of the attachment; Use this to reference * the content when using an embedded image in HTML. @@ -3380,12 +3382,14 @@ public function getCustomHeaders() * Create a message body from an HTML string. * Automatically inlines images and creates a plain-text version by converting the HTML, * overwriting any existing values in Body and AltBody. - * $basedir is used when handling relative image paths, e.g. + * Do not source $message content from user input! + * $basedir is prepended when handling relative URLs, e.g. and must not be empty * will look for an image file in $basedir/images/a.png and convert it to inline. - * If you don't want to apply these transformations to your HTML, just set Body and AltBody yourself. + * If you don't provide a $basedir, relative paths will be left untouched (and thus probably break in email) + * If you don't want to apply these transformations to your HTML, just set Body and AltBody directly. * @access public * @param string $message HTML message string - * @param string $basedir base directory for relative paths to images + * @param string $basedir Absolute path to a base directory to prepend to relative paths to images * @param boolean|callable $advanced Whether to use the internal HTML to text converter * or your own custom converter @see PHPMailer::html2text() * @return string $message The transformed message Body @@ -3394,6 +3398,10 @@ public function msgHTML($message, $basedir = '', $advanced = false) { preg_match_all('/(src|background)=["\'](.*)["\']/Ui', $message, $images); if (array_key_exists(2, $images)) { + if (strlen($basedir) > 1 && substr($basedir, -1) != '/') { + // Ensure $basedir has a trailing / + $basedir .= '/'; + } foreach ($images[2] as $imgindex => $url) { // Convert data URIs into embedded images if (preg_match('#^data:(image[^;,]*)(;base64)?,#', $url, $match)) { @@ -3411,18 +3419,24 @@ public function msgHTML($message, $basedir = '', $advanced = false) $message ); } - } elseif (substr($url, 0, 4) !== 'cid:' && !preg_match('#^[a-z][a-z0-9+.-]*://#i', $url)) { - // Do not change urls for absolute images (thanks to corvuscorax) + continue; + } + if ( + // Only process relative URLs if a basedir is provided (i.e. no absolute local paths) + !empty($basedir) + // Ignore URLs containing parent dir traversal (..) + && (strpos($url, '..') === false) // Do not change urls that are already inline images + && substr($url, 0, 4) !== 'cid:' + // Do not change absolute URLs, including anonymous protocol + && !preg_match('#^[a-z][a-z0-9+.-]*:?//#i', $url) + ) { $filename = basename($url); $directory = dirname($url); if ($directory == '.') { $directory = ''; } $cid = md5($url) . '@phpmailer.0'; // RFC2392 S 2 - if (strlen($basedir) > 1 && substr($basedir, -1) != '/') { - $basedir .= '/'; - } if (strlen($directory) > 1 && substr($directory, -1) != '/') { $directory .= '/'; } diff --git a/wbce/include/phpmailer/class.pop3.php b/wbce/include/phpmailer/class.pop3.php index 373c886cd..f10e688e3 100644 --- a/wbce/include/phpmailer/class.pop3.php +++ b/wbce/include/phpmailer/class.pop3.php @@ -34,7 +34,7 @@ class POP3 * @var string * @access public */ - public $Version = '5.2.21'; + public $Version = '5.2.22'; /** * Default POP3 port number. diff --git a/wbce/include/phpmailer/class.smtp.php b/wbce/include/phpmailer/class.smtp.php index 270162b26..89321171b 100644 --- a/wbce/include/phpmailer/class.smtp.php +++ b/wbce/include/phpmailer/class.smtp.php @@ -30,7 +30,7 @@ class SMTP * The PHPMailer SMTP version number. * @var string */ - const VERSION = '5.2.21'; + const VERSION = '5.2.22'; /** * SMTP line break constant. @@ -81,7 +81,7 @@ class SMTP * @deprecated Use the `VERSION` constant instead * @see SMTP::VERSION */ - public $Version = '5.2.21'; + public $Version = '5.2.22'; /** * SMTP server port number. diff --git a/wbce/include/phpmailer/index.php b/wbce/include/phpmailer/index.php deleted file mode 100644 index b87bb9863..000000000 --- a/wbce/include/phpmailer/index.php +++ /dev/null @@ -1,28 +0,0 @@ - - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - -header("Location: ../../index.php"); - -?> \ No newline at end of file diff --git a/wbce/include/phpmailer/language/index.php b/wbce/include/phpmailer/language/index.php deleted file mode 100644 index 5580f39f0..000000000 --- a/wbce/include/phpmailer/language/index.php +++ /dev/null @@ -1,28 +0,0 @@ - - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - -header("Location: ../../../index.php"); - -?> \ No newline at end of file diff --git a/wbce/include/phpmailer/language/phpmailer.lang-br.php b/wbce/include/phpmailer/language/phpmailer.lang-br.php deleted file mode 100644 index 6afe60b18..000000000 --- a/wbce/include/phpmailer/language/phpmailer.lang-br.php +++ /dev/null @@ -1,26 +0,0 @@ - \ No newline at end of file diff --git a/wbce/include/phpmailer/language/phpmailer.lang-cz.php b/wbce/include/phpmailer/language/phpmailer.lang-cz.php deleted file mode 100644 index 1c8b20639..000000000 --- a/wbce/include/phpmailer/language/phpmailer.lang-cz.php +++ /dev/null @@ -1,25 +0,0 @@ - \ No newline at end of file diff --git a/wbce/include/phpmailer/language/phpmailer.lang-dk.php b/wbce/include/phpmailer/language/phpmailer.lang-dk.php deleted file mode 100644 index b26257316..000000000 --- a/wbce/include/phpmailer/language/phpmailer.lang-dk.php +++ /dev/null @@ -1,26 +0,0 @@ - -*/ - -$PHPMAILER_LANG['authenticate'] = 'SMTP fejl: Kunne ikke logge pÃ¥.'; -$PHPMAILER_LANG['connect_host'] = 'SMTP fejl: Kunne ikke tilslutte SMTP serveren.'; -$PHPMAILER_LANG['data_not_accepted'] = 'SMTP fejl: Data kunne ikke accepteres.'; -//$PHPMAILER_LANG['empty_message'] = 'Message body empty'; -$PHPMAILER_LANG['encoding'] = 'Ukendt encode-format: '; -$PHPMAILER_LANG['execute'] = 'Kunne ikke køre: '; -$PHPMAILER_LANG['file_access'] = 'Ingen adgang til fil: '; -$PHPMAILER_LANG['file_open'] = 'Fil fejl: Kunne ikke Ã¥bne filen: '; -$PHPMAILER_LANG['from_failed'] = 'Følgende afsenderadresse er forkert: '; -$PHPMAILER_LANG['instantiate'] = 'Kunne ikke initialisere email funktionen.'; -//$PHPMAILER_LANG['invalid_email'] = 'Not sending, email address is invalid: '; -$PHPMAILER_LANG['mailer_not_supported'] = ' mailer understøttes ikke.'; -$PHPMAILER_LANG['provide_address'] = 'Du skal indtaste mindst en modtagers emailadresse.'; -$PHPMAILER_LANG['recipients_failed'] = 'SMTP fejl: Følgende modtagere er forkerte: '; -//$PHPMAILER_LANG['signing'] = 'Signing Error: '; -//$PHPMAILER_LANG['smtp_connect_failed'] = 'SMTP Connect() failed.'; -//$PHPMAILER_LANG['smtp_error'] = 'SMTP server error: '; -//$PHPMAILER_LANG['variable_set'] = 'Cannot set or reset variable: '; -?> \ No newline at end of file diff --git a/wbce/include/phpmailer/language/phpmailer.lang-en.php b/wbce/include/phpmailer/language/phpmailer.lang-en.php deleted file mode 100644 index 3ea64d331..000000000 --- a/wbce/include/phpmailer/language/phpmailer.lang-en.php +++ /dev/null @@ -1,27 +0,0 @@ - \ No newline at end of file diff --git a/wbce/include/phpmailer/language/phpmailer.lang-se.php b/wbce/include/phpmailer/language/phpmailer.lang-se.php deleted file mode 100644 index 67e05f59c..000000000 --- a/wbce/include/phpmailer/language/phpmailer.lang-se.php +++ /dev/null @@ -1,26 +0,0 @@ - -*/ - -$PHPMAILER_LANG['authenticate'] = 'SMTP fel: Kunde inte autentisera.'; -$PHPMAILER_LANG['connect_host'] = 'SMTP fel: Kunde inte ansluta till SMTP-server.'; -$PHPMAILER_LANG['data_not_accepted'] = 'SMTP fel: Data accepterades inte.'; -//$PHPMAILER_LANG['empty_message'] = 'Message body empty'; -$PHPMAILER_LANG['encoding'] = 'Okänt encode-format: '; -$PHPMAILER_LANG['execute'] = 'Kunde inte köra: '; -$PHPMAILER_LANG['file_access'] = 'Ingen Ã¥tkomst till fil: '; -$PHPMAILER_LANG['file_open'] = 'Fil fel: Kunde inte öppna fil: '; -$PHPMAILER_LANG['from_failed'] = 'Följande avsändaradress är felaktig: '; -$PHPMAILER_LANG['instantiate'] = 'Kunde inte initiera e-postfunktion.'; -//$PHPMAILER_LANG['invalid_email'] = 'Not sending, email address is invalid: '; -$PHPMAILER_LANG['provide_address'] = 'Du mÃ¥ste ange minst en mottagares e-postadress.'; -$PHPMAILER_LANG['mailer_not_supported'] = ' mailer stöds inte.'; -$PHPMAILER_LANG['recipients_failed'] = 'SMTP fel: Följande mottagare är felaktig: '; -//$PHPMAILER_LANG['signing'] = 'Signing Error: '; -//$PHPMAILER_LANG['smtp_connect_failed'] = 'SMTP Connect() failed.'; -//$PHPMAILER_LANG['smtp_error'] = 'SMTP server error: '; -//$PHPMAILER_LANG['variable_set'] = 'Cannot set or reset variable: '; -?> \ No newline at end of file From 7aa7c08cea2c45ea652d9a7e18ffb697e1ecee1a Mon Sep 17 00:00:00 2001 From: cwsoft Date: Sat, 11 Feb 2017 07:49:41 +0100 Subject: [PATCH 16/21] Updated CHANGELOG.md --- CHANGELOG.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6b4b3a75f..0edc76d28 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,23 @@ Please visit the [WBCE Github](https://github.com/WBCE/WebsiteBaker_CommunityEdi ## Auto generated Git commit history + * **2017-02-10:** cwsoft [[5030708](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/503070864134d5cc7159fb4ce01e61aa60e605fc)] + > Updated PHP Mailer to v5.2.22 + - Security fix for the 3rd party library PHPMailer + - See [CVE-2017-5223](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5223) + + https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.22 + + * **2016-02-05:** NorHei [[89eff23](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/89eff235c20ccf8f0983478452e1d6619c27da81)] + > Added a slightly modified version of PclZip + This version avoides some problems whith PHP 7 + + fetched from here : + https://github.com/piwik/component-decompress/commit/deca40d71d29d6140aad39db007aea82676b7631 + + * **2017-02-10:** cwsoft [[0b83765](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/0b83765a68ae6d4055367fd510562307411ce8b5)] + > Updated CHANGELOG.md + * **2017-02-10:** instantflorian [[ca364d8](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/ca364d8c038ef325cc1116d82306c38d3e5256e1)] > Update version.php Changed version to 1.1.11 From 342331896c6f51790039969f7d598ff77f982029 Mon Sep 17 00:00:00 2001 From: instantflorian Date: Sat, 11 Feb 2017 17:13:56 +0100 Subject: [PATCH 17/21] Update module_settings.default.php Avoid problems with former UTF-8 invalid delimiter --- wbce/modules/topics/defaults/module_settings.default.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wbce/modules/topics/defaults/module_settings.default.php b/wbce/modules/topics/defaults/module_settings.default.php index 5cc6ce56a..618e0be0f 100644 --- a/wbce/modules/topics/defaults/module_settings.default.php +++ b/wbce/modules/topics/defaults/module_settings.default.php @@ -73,7 +73,7 @@ //Advanced setting: -$serializedelimiter = "»"; +$serializedelimiter = "$_$"; $create_topics_accessfiles = 1; //Support other Modules: @@ -93,4 +93,4 @@ $topics_virtual_directory = $topics_directory; -?> \ No newline at end of file +?> From d939b23eb7b2feccec77c633d8e9233bd11a232e Mon Sep 17 00:00:00 2001 From: instantflorian Date: Sat, 11 Feb 2017 17:38:20 +0100 Subject: [PATCH 18/21] Update module_settings.default.php correction to last commit, needs inverted commas instead of quotes --- wbce/modules/topics/defaults/module_settings.default.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wbce/modules/topics/defaults/module_settings.default.php b/wbce/modules/topics/defaults/module_settings.default.php index 618e0be0f..792012bf2 100644 --- a/wbce/modules/topics/defaults/module_settings.default.php +++ b/wbce/modules/topics/defaults/module_settings.default.php @@ -73,7 +73,7 @@ //Advanced setting: -$serializedelimiter = "$_$"; +$serializedelimiter = '$_$'; $create_topics_accessfiles = 1; //Support other Modules: From 331aa5ed6116f2a54b58497a45ea096646cafc7d Mon Sep 17 00:00:00 2001 From: instantflorian Date: Sun, 12 Feb 2017 08:33:58 +0100 Subject: [PATCH 19/21] Update modify_settings.php commented out hard codes see prev/next headlines --- wbce/modules/topics/modify_settings.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/wbce/modules/topics/modify_settings.php b/wbce/modules/topics/modify_settings.php index 331e56b0c..30736cbde 100644 --- a/wbce/modules/topics/modify_settings.php +++ b/wbce/modules/topics/modify_settings.php @@ -200,7 +200,7 @@ $setting_sa_string = $setting_pnsa_string; } -//Neu: Enthält auch die Daten zu den additional pictures +//Neu: Enthält auch die Daten zu den additional pictures $setting_additionalpics_string = '{THUMB}'; if (is_array($setting_pnsa_array) AND count($setting_pnsa_array) > 5 ) { $setting_additionalpics_string = $setting_pnsa_array[5]; @@ -502,9 +502,9 @@
'.$MOD_TOPICS['SEE_ALSO_FRONTEND'].''; - $next_link_title = '

'.$MOD_TOPICS['SEE_NEXT_POST'].'

'; - $previous_link_title = '

'.$MOD_TOPICS['SEE_PREV_POST'].'

'; + //$see_also_link_title = '

'.$MOD_TOPICS['SEE_ALSO_FRONTEND'].'

'; + //$next_link_title = '

'.$MOD_TOPICS['SEE_NEXT_POST'].'

'; + //$previous_link_title = '

'.$MOD_TOPICS['SEE_PREV_POST'].'

'; ?> From 9a1eb9270747221cb9596219f8459623bfc696c5 Mon Sep 17 00:00:00 2001 From: instantflorian Date: Sun, 12 Feb 2017 09:05:16 +0100 Subject: [PATCH 20/21] Update modify_settings.php undo last changes --- wbce/modules/topics/modify_settings.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wbce/modules/topics/modify_settings.php b/wbce/modules/topics/modify_settings.php index 30736cbde..cc9e137ee 100644 --- a/wbce/modules/topics/modify_settings.php +++ b/wbce/modules/topics/modify_settings.php @@ -502,9 +502,9 @@
'.$MOD_TOPICS['SEE_ALSO_FRONTEND'].''; - //$next_link_title = '

'.$MOD_TOPICS['SEE_NEXT_POST'].'

'; - //$previous_link_title = '

'.$MOD_TOPICS['SEE_PREV_POST'].'

'; + $see_also_link_title = '

'.$MOD_TOPICS['SEE_ALSO_FRONTEND'].'

'; + $next_link_title = '

'.$MOD_TOPICS['SEE_NEXT_POST'].'

'; + $previous_link_title = '

'.$MOD_TOPICS['SEE_PREV_POST'].'

'; ?> From 0edbb6def84ed9b6d5e1c49e3d7f10ea5715bcbd Mon Sep 17 00:00:00 2001 From: cwsoft Date: Sun, 12 Feb 2017 09:51:56 +0100 Subject: [PATCH 21/21] Updated CHANGELOG.md --- CHANGELOG.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0edc76d28..d8ba68162 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,21 @@ Please visit the [WBCE Github](https://github.com/WBCE/WebsiteBaker_CommunityEdi ## Auto generated Git commit history + * **2017-02-12:** instantflorian [[9a1eb92](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/9a1eb9270747221cb9596219f8459623bfc696c5)] + > Update modify_settings.php + undo last changes + * **2017-02-12:** instantflorian [[331aa5e](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/331aa5ed6116f2a54b58497a45ea096646cafc7d)] + > Update modify_settings.php + commented out hard codes see prev/next headlines + * **2017-02-11:** instantflorian [[d939b23](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/d939b23eb7b2feccec77c633d8e9233bd11a232e)] + > Update module_settings.default.php + correction to last commit, needs inverted commas instead of quotes + * **2017-02-11:** instantflorian [[3423318](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/342331896c6f51790039969f7d598ff77f982029)] + > Update module_settings.default.php + Avoid problems with former UTF-8 invalid delimiter + * **2017-02-11:** cwsoft [[7aa7c08](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/7aa7c08cea2c45ea652d9a7e18ffb697e1ecee1a)] + > Updated CHANGELOG.md + * **2017-02-10:** cwsoft [[5030708](https://github.com/WBCE/WebsiteBaker_CommunityEdition/commit/503070864134d5cc7159fb4ce01e61aa60e605fc)] > Updated PHP Mailer to v5.2.22 - Security fix for the 3rd party library PHPMailer