Rev 475 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 475 | Rev 476 | ||
---|---|---|---|
Line 75... | Line 75... | ||
75 | if (preg_match('@<h5>(.+)</h5>@ismU', $cont, $m)) return $m[1]; |
75 | if (preg_match('@<h5>(.+)</h5>@ismU', $cont, $m)) return $m[1]; |
76 | if (preg_match('@<h6>(.+)</h6>@ismU', $cont, $m)) return $m[1]; |
76 | if (preg_match('@<h6>(.+)</h6>@ismU', $cont, $m)) return $m[1]; |
77 | return pathinfo($file, PATHINFO_FILENAME); // filename without extension |
77 | return pathinfo($file, PATHINFO_FILENAME); // filename without extension |
78 | } |
78 | } |
79 | 79 | ||
- | 80 | protected static function mayAccessResource($source) { |
|
- | 81 | if (OIDplus::authUtils()::isAdminLoggedIn()) return true; |
|
- | 82 | ||
- | 83 | $candidates = array( |
|
- | 84 | OIDplus::basePath().'/userdata/resources/security.ini', |
|
- | 85 | OIDplus::basePath().'/res/security.ini' |
|
- | 86 | ); |
|
- | 87 | foreach ($candidates as $ini_file) { |
|
- | 88 | if (file_exists($ini_file)) { |
|
- | 89 | $data = @parse_ini_file($ini_file, true); |
|
- | 90 | if (isset($data['Security']) && isset($data['Security'][$source])) { |
|
- | 91 | $level = $data['Security'][$source]; |
|
- | 92 | if ($level == 'PUBLIC') { |
|
- | 93 | return true; |
|
- | 94 | } else if ($level == 'RA') { |
|
- | 95 | return |
|
- | 96 | ((OIDplus::authUtils()::raNumLoggedIn() > 0) || |
|
- | 97 | (OIDplus::authUtils()::isAdminLoggedIn())); |
|
- | 98 | } else if ($level == 'ADMIN') { |
|
- | 99 | return OIDplus::authUtils()::isAdminLoggedIn(); |
|
- | 100 | } else { |
|
- | 101 | throw new OIDplusException('Unexpected security level in %1 (expect PUBLIC, RA or ADMIN)', $ini_file); |
|
- | 102 | } |
|
- | 103 | } |
|
- | 104 | } |
|
- | 105 | } |
|
- | 106 | return true; |
|
- | 107 | } |
|
- | 108 | ||
80 | private static function myglob($reldir, $onlydir=false) { |
109 | private static function myglob($reldir, $onlydir=false) { |
81 | $out = array(); |
110 | $out = array(); |
82 | 111 | ||
83 | $root = OIDplus::basePath().'/userdata/resources/'; |
112 | $root = OIDplus::basePath().'/userdata/resources/'; |
84 | $res = $onlydir ? glob($root.ltrim($reldir,'/'), GLOB_ONLYDIR) : glob($root.ltrim($reldir,'/')); |
113 | $res = $onlydir ? glob($root.ltrim($reldir,'/'), GLOB_ONLYDIR) : glob($root.ltrim($reldir,'/')); |
Line 94... | Line 123... | ||
94 | $x = substr($x, strlen($root)); |
123 | $x = substr($x, strlen($root)); |
95 | if (strpos($x,'$') !== false) continue; |
124 | if (strpos($x,'$') !== false) continue; |
96 | $out[] = $x; |
125 | $out[] = $x; |
97 | } |
126 | } |
98 | 127 | ||
99 | return array_unique($out); |
128 | $out = array_unique($out); |
- | 129 | ||
- | 130 | return array_filter($out, function($v, $k) { |
|
- | 131 | return self::mayAccessResource($v); |
|
- | 132 | }, ARRAY_FILTER_USE_BOTH); |
|
100 | } |
133 | } |
101 | 134 | ||
102 | private static function realname($rel) { |
135 | private static function realname($rel) { |
103 | $candidate1 = OIDplus::basePath().'/userdata/resources/'.$rel; |
136 | $candidate1 = OIDplus::basePath().'/userdata/resources/'.$rel; |
104 | $candidate2 = OIDplus::basePath().'/res/'.$rel; |
137 | $candidate2 = OIDplus::basePath().'/res/'.$rel; |
Line 160... | Line 193... | ||
160 | $out['text'] = '<p>'._L('You are being redirected...').'</p><script>window.location.href = '.js_escape($target).';</script>'; |
193 | $out['text'] = '<p>'._L('You are being redirected...').'</p><script>window.location.href = '.js_escape($target).';</script>'; |
161 | return; |
194 | return; |
162 | } |
195 | } |
163 | } |
196 | } |
164 | 197 | ||
- | 198 | // Check for permission |
|
- | 199 | ||
- | 200 | if ($file != '') { |
|
- | 201 | if (!self::mayAccessResource($file)) { |
|
- | 202 | $out['title'] = _L('Access denied'); |
|
- | 203 | $out['icon'] = 'img/error_big.png'; |
|
- | 204 | $out['text'] = '<p>'._L('Authentication error. Please log in.').'</p>'; |
|
- | 205 | return; |
|
- | 206 | } |
|
- | 207 | } |
|
- | 208 | ||
165 | // First, "Go back to" line |
209 | // First, "Go back to" line |
166 | 210 | ||
167 | if ($file != '') { |
211 | if ($file != '') { |
168 | $dir = dirname($file); |
212 | $dir = dirname($file); |
169 | 213 |