Rev 475 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 475 | Rev 476 | ||
|---|---|---|---|
| Line 75... | Line 75... | ||
| 75 | if (preg_match('@<h5>(.+)</h5>@ismU', $cont, $m)) return $m[1]; |
75 | if (preg_match('@<h5>(.+)</h5>@ismU', $cont, $m)) return $m[1]; |
| 76 | if (preg_match('@<h6>(.+)</h6>@ismU', $cont, $m)) return $m[1]; |
76 | if (preg_match('@<h6>(.+)</h6>@ismU', $cont, $m)) return $m[1]; |
| 77 | return pathinfo($file, PATHINFO_FILENAME); // filename without extension |
77 | return pathinfo($file, PATHINFO_FILENAME); // filename without extension |
| 78 | } |
78 | } |
| 79 | 79 | ||
| - | 80 | protected static function mayAccessResource($source) { |
|
| - | 81 | if (OIDplus::authUtils()::isAdminLoggedIn()) return true; |
|
| - | 82 | ||
| - | 83 | $candidates = array( |
|
| - | 84 | OIDplus::basePath().'/userdata/resources/security.ini', |
|
| - | 85 | OIDplus::basePath().'/res/security.ini' |
|
| - | 86 | ); |
|
| - | 87 | foreach ($candidates as $ini_file) { |
|
| - | 88 | if (file_exists($ini_file)) { |
|
| - | 89 | $data = @parse_ini_file($ini_file, true); |
|
| - | 90 | if (isset($data['Security']) && isset($data['Security'][$source])) { |
|
| - | 91 | $level = $data['Security'][$source]; |
|
| - | 92 | if ($level == 'PUBLIC') { |
|
| - | 93 | return true; |
|
| - | 94 | } else if ($level == 'RA') { |
|
| - | 95 | return |
|
| - | 96 | ((OIDplus::authUtils()::raNumLoggedIn() > 0) || |
|
| - | 97 | (OIDplus::authUtils()::isAdminLoggedIn())); |
|
| - | 98 | } else if ($level == 'ADMIN') { |
|
| - | 99 | return OIDplus::authUtils()::isAdminLoggedIn(); |
|
| - | 100 | } else { |
|
| - | 101 | throw new OIDplusException('Unexpected security level in %1 (expect PUBLIC, RA or ADMIN)', $ini_file); |
|
| - | 102 | } |
|
| - | 103 | } |
|
| - | 104 | } |
|
| - | 105 | } |
|
| - | 106 | return true; |
|
| - | 107 | } |
|
| - | 108 | ||
| 80 | private static function myglob($reldir, $onlydir=false) { |
109 | private static function myglob($reldir, $onlydir=false) { |
| 81 | $out = array(); |
110 | $out = array(); |
| 82 | 111 | ||
| 83 | $root = OIDplus::basePath().'/userdata/resources/'; |
112 | $root = OIDplus::basePath().'/userdata/resources/'; |
| 84 | $res = $onlydir ? glob($root.ltrim($reldir,'/'), GLOB_ONLYDIR) : glob($root.ltrim($reldir,'/')); |
113 | $res = $onlydir ? glob($root.ltrim($reldir,'/'), GLOB_ONLYDIR) : glob($root.ltrim($reldir,'/')); |
| Line 94... | Line 123... | ||
| 94 | $x = substr($x, strlen($root)); |
123 | $x = substr($x, strlen($root)); |
| 95 | if (strpos($x,'$') !== false) continue; |
124 | if (strpos($x,'$') !== false) continue; |
| 96 | $out[] = $x; |
125 | $out[] = $x; |
| 97 | } |
126 | } |
| 98 | 127 | ||
| 99 | return array_unique($out); |
128 | $out = array_unique($out); |
| - | 129 | ||
| - | 130 | return array_filter($out, function($v, $k) { |
|
| - | 131 | return self::mayAccessResource($v); |
|
| - | 132 | }, ARRAY_FILTER_USE_BOTH); |
|
| 100 | } |
133 | } |
| 101 | 134 | ||
| 102 | private static function realname($rel) { |
135 | private static function realname($rel) { |
| 103 | $candidate1 = OIDplus::basePath().'/userdata/resources/'.$rel; |
136 | $candidate1 = OIDplus::basePath().'/userdata/resources/'.$rel; |
| 104 | $candidate2 = OIDplus::basePath().'/res/'.$rel; |
137 | $candidate2 = OIDplus::basePath().'/res/'.$rel; |
| Line 160... | Line 193... | ||
| 160 | $out['text'] = '<p>'._L('You are being redirected...').'</p><script>window.location.href = '.js_escape($target).';</script>'; |
193 | $out['text'] = '<p>'._L('You are being redirected...').'</p><script>window.location.href = '.js_escape($target).';</script>'; |
| 161 | return; |
194 | return; |
| 162 | } |
195 | } |
| 163 | } |
196 | } |
| 164 | 197 | ||
| - | 198 | // Check for permission |
|
| - | 199 | ||
| - | 200 | if ($file != '') { |
|
| - | 201 | if (!self::mayAccessResource($file)) { |
|
| - | 202 | $out['title'] = _L('Access denied'); |
|
| - | 203 | $out['icon'] = 'img/error_big.png'; |
|
| - | 204 | $out['text'] = '<p>'._L('Authentication error. Please log in.').'</p>'; |
|
| - | 205 | return; |
|
| - | 206 | } |
|
| - | 207 | } |
|
| - | 208 | ||
| 165 | // First, "Go back to" line |
209 | // First, "Go back to" line |
| 166 | 210 | ||
| 167 | if ($file != '') { |
211 | if ($file != '') { |
| 168 | $dir = dirname($file); |
212 | $dir = dirname($file); |
| 169 | 213 | ||