Rev 4 | Only display areas with differences | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 4 | Rev 14 | ||
---|---|---|---|
1 | <?php |
1 | <?php |
2 | 2 | ||
3 | // ------------------------------------------------------------------------------- |
3 | // ------------------------------------------------------------------------------- |
4 | // | net2ftp: a web based FTP client | |
4 | // | net2ftp: a web based FTP client | |
5 | // | Copyright (c) 2003-2007 by David Gartner | |
5 | // | Copyright (c) 2003-2007 by David Gartner | |
6 | // | | |
6 | // | | |
7 | // | This program is free software; you can redistribute it and/or | |
7 | // | This program is free software; you can redistribute it and/or | |
8 | // | modify it under the terms of the GNU General Public License | |
8 | // | modify it under the terms of the GNU General Public License | |
9 | // | as published by the Free Software Foundation; either version 2 | |
9 | // | as published by the Free Software Foundation; either version 2 | |
10 | // | of the License, or (at your option) any later version. | |
10 | // | of the License, or (at your option) any later version. | |
11 | // | | |
11 | // | | |
12 | // ------------------------------------------------------------------------------- |
12 | // ------------------------------------------------------------------------------- |
13 | 13 | ||
14 | // Make sure this file is included by net2ftp, not accessed directly |
14 | // Make sure this file is included by net2ftp, not accessed directly |
15 | defined("NET2FTP") or die("Direct access to this location is not allowed."); |
15 | defined("NET2FTP") or die("Direct access to this location is not allowed."); |
16 | 16 | ||
17 | // ------------------------------------------------------------------------- |
17 | // ------------------------------------------------------------------------- |
18 | // Overview of the code |
18 | // Overview of the code |
19 | // 1 Replace \' by ' (remove_magic_quotes) |
19 | // 1 Replace \' by ' (remove_magic_quotes) |
20 | // 2 Start the session |
20 | // 2 Start the session |
21 | // 3 Register $_SERVER variables |
21 | // 3 Register $_SERVER variables |
22 | // 4.1 Register main variables - POST method |
22 | // 4.1 Register main variables - POST method |
23 | // 4.2 Register main variables - GET method |
23 | // 4.2 Register main variables - GET method |
24 | // 5.1 Delete the session data when logging out |
24 | // 5.1 Delete the session data when logging out |
25 | // 5.2 Redirect to login_small if session has expired |
25 | // 5.2 Redirect to login_small if session has expired |
26 | // 6 Register $_COOKIE variables |
26 | // 6 Register $_COOKIE variables |
27 | // 7 Determine the browser agent, version and platform |
27 | // 7 Determine the browser agent, version and platform |
28 | // ------------------------------------------------------------------------- |
28 | // ------------------------------------------------------------------------- |
29 | 29 | ||
30 | // ------------------------------------------------------------------------- |
30 | // ------------------------------------------------------------------------- |
31 | // 1 When a variable is submitted, quotes ' are replaced by backslash-quotes \' |
31 | // 1 When a variable is submitted, quotes ' are replaced by backslash-quotes \' |
32 | // This function removes the extra backslash that is added |
32 | // This function removes the extra backslash that is added |
33 | // ------------------------------------------------------------------------- |
33 | // ------------------------------------------------------------------------- |
34 | if (get_magic_quotes_gpc() == 1) { |
34 | if (get_magic_quotes_gpc() == 1) { |
35 | remove_magic_quotes($_POST); |
35 | remove_magic_quotes($_POST); |
36 | remove_magic_quotes($_GET); |
36 | remove_magic_quotes($_GET); |
37 | remove_magic_quotes($_COOKIE); |
37 | remove_magic_quotes($_COOKIE); |
38 | } |
38 | } |
39 | 39 | ||
40 | // Do not add remove_magic_quotes for $GLOBALS because this would call the same |
40 | // Do not add remove_magic_quotes for $GLOBALS because this would call the same |
41 | // function a second time, replacing \' by ' and \" by " |
41 | // function a second time, replacing \' by ' and \" by " |
42 | 42 | ||
43 | 43 | ||
44 | // ------------------------------------------------------------------------- |
44 | // ------------------------------------------------------------------------- |
45 | // 2 Start the session |
45 | // 2 Start the session |
46 | // ------------------------------------------------------------------------- |
46 | // ------------------------------------------------------------------------- |
47 | 47 | ||
48 | if (function_exists("session_name") == false) { |
48 | if (function_exists("session_name") == false) { |
49 | $net2ftp_result["success"] = false; |
49 | $net2ftp_result["success"] = false; |
50 | $net2ftp_result["error_message"] = "Sessions are not supported on this server."; |
50 | $net2ftp_result["error_message"] = "Sessions are not supported on this server."; |
51 | $net2ftp_result["debug_backtrace"] = debug_backtrace(); |
51 | $net2ftp_result["debug_backtrace"] = debug_backtrace(); |
52 | logError(); |
52 | logError(); |
53 | return false; |
53 | return false; |
54 | } |
54 | } |
55 | 55 | ||
56 | 56 | ||
57 | 57 | ||
58 | 58 | ||
59 | // Personal WebBase: Auskommentierung |
59 | // Personal WebBase: Auskommentierung |
60 | 60 | ||
61 | /* |
61 | /* |
62 | 62 | ||
63 | // PMA - Cookies are safer |
63 | // PMA - Cookies are safer |
64 | ini_set("session.use_cookies", true); |
64 | ini_set("session.use_cookies", true); |
65 | 65 | ||
66 | // PMA - but not all user allow cookies |
66 | // PMA - but not all user allow cookies |
67 | ini_set("session.use_only_cookies", false); |
67 | ini_set("session.use_only_cookies", false); |
68 | ini_set("session.use_trans_sid", true); |
68 | ini_set("session.use_trans_sid", true); |
69 | 69 | ||
70 | // PMA - Delete session/cookies when browser is closed |
70 | // PMA - Delete session/cookies when browser is closed |
71 | ini_set("session.cookie_lifetime", 0); |
71 | ini_set("session.cookie_lifetime", 0); |
72 | 72 | ||
73 | // PMA - Warn but dont work with bug |
73 | // PMA - Warn but dont work with bug |
74 | ini_set("session.bug_compat_42", false); |
74 | ini_set("session.bug_compat_42", false); |
75 | ini_set("session.bug_compat_warn", true); |
75 | ini_set("session.bug_compat_warn", true); |
76 | 76 | ||
77 | // PMA - Use more secure session ids (with PHP 5) |
77 | // PMA - Use more secure session ids (with PHP 5) |
78 | if (version_compare(PHP_VERSION, "5.0.0", "ge") && substr(PHP_OS, 0, 3) != "WIN") { |
78 | if (version_compare(PHP_VERSION, "5.0.0", "ge") && substr(PHP_OS, 0, 3) != "WIN") { |
79 | ini_set("session.hash_function", 1); |
79 | ini_set("session.hash_function", 1); |
80 | ini_set("session.hash_bits_per_character", 6); |
80 | ini_set("session.hash_bits_per_character", 6); |
81 | } |
81 | } |
82 | 82 | ||
83 | // PMA - [2006-01-25] Nicola Asuni - www.tecnick.com: maybe the PHP directive |
83 | // PMA - [2006-01-25] Nicola Asuni - www.tecnick.com: maybe the PHP directive |
84 | // session.save_handler is set to another value like "user" |
84 | // session.save_handler is set to another value like "user" |
85 | ini_set("session.save_handler", "files"); |
85 | ini_set("session.save_handler", "files"); |
86 | 86 | ||
87 | // Start the session |
87 | // Start the session |
88 | // PMA - On some servers (for example, sourceforge.net), we get a permission error on the session data directory, so prefix with @ |
88 | // PMA - On some servers (for example, sourceforge.net), we get a permission error on the session data directory, so prefix with @ |
89 | @session_start(); |
89 | @session_start(); |
90 | 90 | ||
91 | // Check if the session ID and the IP address have changed |
91 | // Check if the session ID and the IP address have changed |
92 | if (isset($_SESSION["net2ftp_session_id_new"]) == true) { $_SESSION["net2ftp_session_id_old"] = $_SESSION["net2ftp_session_id_new"]; } |
92 | if (isset($_SESSION["net2ftp_session_id_new"]) == true) { $_SESSION["net2ftp_session_id_old"] = $_SESSION["net2ftp_session_id_new"]; } |
93 | else { $_SESSION["net2ftp_session_id_old"] = ""; } |
93 | else { $_SESSION["net2ftp_session_id_old"] = ""; } |
94 | if (isset($_SESSION["net2ftp_remote_addr_new"]) == true) { $_SESSION["net2ftp_remote_addr_old"] = $_SESSION["net2ftp_remote_addr_new"]; } |
94 | if (isset($_SESSION["net2ftp_remote_addr_new"]) == true) { $_SESSION["net2ftp_remote_addr_old"] = $_SESSION["net2ftp_remote_addr_new"]; } |
95 | else { $_SESSION["net2ftp_remote_addr_old"] = ""; } |
95 | else { $_SESSION["net2ftp_remote_addr_old"] = ""; } |
96 | $_SESSION["net2ftp_session_id_new"] = session_id(); |
96 | $_SESSION["net2ftp_session_id_new"] = session_id(); |
97 | $_SESSION["net2ftp_remote_addr_new"] = $_SERVER["REMOTE_ADDR"]; |
97 | $_SESSION["net2ftp_remote_addr_new"] = $_SERVER["REMOTE_ADDR"]; |
98 | 98 | ||
99 | */ |
99 | */ |
100 | 100 | ||
101 | 101 | ||
102 | 102 | ||
103 | 103 | ||
104 | 104 | ||
105 | 105 | ||
106 | 106 | ||
107 | 107 | ||
108 | 108 | ||
109 | 109 | ||
110 | 110 | ||
111 | 111 | ||
112 | 112 | ||
113 | 113 | ||
114 | // Personal WebBase-Spezifischer Session-Abschnitt |
114 | // Personal WebBase-Spezifischer Session-Abschnitt |
115 | 115 | ||
116 | 116 | ||
117 | 117 | ||
118 | // http://de3.php.net/md5: Alexander Valyalkin |
118 | // http://de3.php.net/md5: Alexander Valyalkin |
119 | 119 | ||
120 | function get_rnd_iv($iv_len) |
120 | function get_rnd_iv($iv_len) |
121 | { |
121 | { |
122 | $iv = ''; |
122 | $iv = ''; |
123 | while ($iv_len-- > 0) { |
123 | while ($iv_len-- > 0) { |
124 | $iv .= chr(mt_rand() & 0xff); |
124 | $iv .= chr(mt_rand() & 0xff); |
125 | } |
125 | } |
126 | return $iv; |
126 | return $iv; |
127 | } |
127 | } |
128 | 128 | ||
129 | function ib_encrypt($plain_text, $password, $iv_len = 16) |
129 | function ib_encrypt($plain_text, $password, $iv_len = 16) |
130 | { |
130 | { |
131 | $plain_text .= "\x13"; |
131 | $plain_text .= "\x13"; |
132 | $n = strlen($plain_text); |
132 | $n = strlen($plain_text); |
133 | if ($n % 16) $plain_text .= str_repeat("\0", 16 - ($n % 16)); |
133 | if ($n % 16) $plain_text .= str_repeat("\0", 16 - ($n % 16)); |
134 | $i = 0; |
134 | $i = 0; |
135 | $enc_text = get_rnd_iv($iv_len); |
135 | $enc_text = get_rnd_iv($iv_len); |
136 | $iv = substr($password ^ $enc_text, 0, 512); |
136 | $iv = substr($password ^ $enc_text, 0, 512); |
137 | while ($i < $n) { |
137 | while ($i < $n) { |
138 | $block = substr($plain_text, $i, 16) ^ pack('H*', md5($iv)); |
138 | $block = substr($plain_text, $i, 16) ^ pack('H*', md5($iv)); |
139 | $enc_text .= $block; |
139 | $enc_text .= $block; |
140 | $iv = substr($block . $iv, 0, 512) ^ $password; |
140 | $iv = substr($block . $iv, 0, 512) ^ $password; |
141 | $i += 16; |
141 | $i += 16; |
142 | } |
142 | } |
143 | return base64_encode($enc_text); |
143 | return base64_encode($enc_text); |
144 | } |
144 | } |
145 | 145 | ||
146 | function ib_decrypt($enc_text, $password, $iv_len = 16) |
146 | function ib_decrypt($enc_text, $password, $iv_len = 16) |
147 | { |
147 | { |
148 | $enc_text = base64_decode($enc_text); |
148 | $enc_text = base64_decode($enc_text); |
149 | $n = strlen($enc_text); |
149 | $n = strlen($enc_text); |
150 | $i = $iv_len; |
150 | $i = $iv_len; |
151 | $plain_text = ''; |
151 | $plain_text = ''; |
152 | $iv = substr($password ^ substr($enc_text, 0, $iv_len), 0, 512); |
152 | $iv = substr($password ^ substr($enc_text, 0, $iv_len), 0, 512); |
153 | while ($i < $n) { |
153 | while ($i < $n) { |
154 | $block = substr($enc_text, $i, 16); |
154 | $block = substr($enc_text, $i, 16); |
155 | $plain_text .= $block ^ pack('H*', md5($iv)); |
155 | $plain_text .= $block ^ pack('H*', md5($iv)); |
156 | $iv = substr($block . $iv, 0, 512) ^ $password; |
156 | $iv = substr($block . $iv, 0, 512) ^ $password; |
157 | $i += 16; |
157 | $i += 16; |
158 | } |
158 | } |
159 | return preg_replace('/\\x13\\x00*$/', '', $plain_text); |
159 | return preg_replace('/\\x13\\x00*$/', '', $plain_text); |
160 | } |
160 | } |
161 | 161 | ||
162 | define('IBLEGAL', '1'); |
162 | define('WBLEGAL', '1'); |
163 | global $mysql_zugangsdaten; |
163 | global $mysql_zugangsdaten; |
164 | include '../../../includes/config.inc.php'; |
164 | include '../../../includes/config.inc.php'; |
165 | 165 | ||
166 | if ((isset($lock)) && ($lock)) |
166 | if ((isset($lock)) && ($lock)) |
167 | { |
167 | { |
168 | die('<h1>Personal WebBase ist gesperrt</h1>Die Variable "$lock" in "includes/config.inc.php" steht auf 1 bzw. true. Setzen Sie diese Variable erst auf 0, wenn das Hochladen der Dateien beim Installations- bzw. Updateprozess beendet ist. Wenn Sie Personal WebBase freigeben, bevor der Upload abgeschlossen ist, kann es zu einer Beschädigung der Kundendatenbank kommen!'); |
168 | die('<h1>Personal WebBase ist gesperrt</h1>Die Variable "$lock" in "includes/config.inc.php" steht auf 1 bzw. true. Setzen Sie diese Variable erst auf 0, wenn das Hochladen der Dateien beim Installations- bzw. Updateprozess beendet ist. Wenn Sie Personal WebBase freigeben, bevor der Upload abgeschlossen ist, kann es zu einer Beschädigung der Kundendatenbank kommen!'); |
169 | } |
169 | } |
170 | 170 | ||
171 | //@ini_set('session.auto_start', 0); |
171 | //@ini_set('session.auto_start', 0); |
172 | @ini_set('session.cache_expire', 180); |
172 | @ini_set('session.cache_expire', 180); |
173 | @ini_set('session.use_trans_sid', 0); |
173 | @ini_set('session.use_trans_sid', 0); |
174 | @ini_set('session.use_cookies', 1); |
174 | @ini_set('session.use_cookies', 1); |
175 | @ini_set('session.use_only_cookies', 1); |
175 | @ini_set('session.use_only_cookies', 1); |
176 | if ($force_ssl) @ini_set('session.cookie_secure', 1); |
176 | if ($force_ssl) @ini_set('session.cookie_secure', 1); |
177 | @ini_set('session.cookie_lifetime', 0); |
177 | @ini_set('session.cookie_lifetime', 0); |
178 | @ini_set('session.gc_maxlifetime', 1440); |
178 | @ini_set('session.gc_maxlifetime', 1440); |
179 | @ini_set('session.bug_compat_42', 0); |
179 | @ini_set('session.bug_compat_42', 0); |
180 | @ini_set('session.bug_compat_warn', 1); |
180 | @ini_set('session.bug_compat_warn', 1); |
181 | if (version_compare(PHP_VERSION, '5.0.0', 'ge') && substr(PHP_OS, 0, 3) != 'WIN') |
181 | if (version_compare(PHP_VERSION, '5.0.0', 'ge') && substr(PHP_OS, 0, 3) != 'WIN') |
182 | { |
182 | { |
183 | @ini_set('session.hash_function', 1); |
183 | @ini_set('session.hash_function', 1); |
184 | @ini_set('session.hash_bits_per_character', 6); |
184 | @ini_set('session.hash_bits_per_character', 6); |
185 | } |
185 | } |
186 | @ini_set('session.save_handler', 'user'); |
186 | @ini_set('session.save_handler', 'user'); |
187 | // @ini_set('session.save_path', '../../../includes/session/'); |
187 | // @ini_set('session.save_path', '../../../includes/session/'); |
188 | //@ini_set('arg_separator.output', '&'); |
188 | //@ini_set('arg_separator.output', '&'); |
189 | //@ini_set('url_rewriter.tags', 'a=href,area=href,frame=src,input=src,fieldset='); |
189 | //@ini_set('url_rewriter.tags', 'a=href,area=href,frame=src,input=src,fieldset='); |
190 | 190 | ||
191 | $ib_session_name = 'ironbase'; |
191 | $ib_session_name = 'ironbase'; |
192 | 192 | ||
193 | @session_unset(); |
193 | @session_unset(); |
194 | @session_destroy(); |
194 | @session_destroy(); |
195 | 195 | ||
196 | 196 | ||
197 | /* ib_newdatabasetable('sessions', $m2, 'SessionID', "varchar(255) NOT NULL", |
197 | /* ib_newdatabasetable('sessions', $m2, 'SessionID', "varchar(255) NOT NULL", |
198 | 'LastUpdated', "datetime NOT NULL", |
198 | 'LastUpdated', "datetime NOT NULL", |
199 | 'DataValue', "text"); */ |
199 | 'DataValue', "text"); */ |
200 | 200 | ||
201 | function sessao_open($aSavaPath, $aSessionName) |
201 | function sessao_open($aSavaPath, $aSessionName) |
202 | { |
202 | { |
203 | sessao_gc( ini_get('session.gc_maxlifetime') ); |
203 | sessao_gc( ini_get('session.gc_maxlifetime') ); |
204 | return True; |
204 | return True; |
205 | } |
205 | } |
206 | 206 | ||
207 | function sessao_close() |
207 | function sessao_close() |
208 | { |
208 | { |
209 | return True; |
209 | return True; |
210 | } |
210 | } |
211 | 211 | ||
212 | function sessao_read( $aKey ) |
212 | function sessao_read( $aKey ) |
213 | { |
213 | { |
214 | global $mysql_zugangsdaten; |
214 | global $mysql_zugangsdaten; |
215 | 215 | ||
216 | $ib_conn = @mysql_connect($mysql_zugangsdaten['server'], $mysql_zugangsdaten['username'], $mysql_zugangsdaten['passwort']); |
216 | $ib_conn = @mysql_connect($mysql_zugangsdaten['server'], $mysql_zugangsdaten['username'], $mysql_zugangsdaten['passwort']); |
217 | $ib_selc = @mysql_select_db($mysql_zugangsdaten['datenbank'], $ib_conn); |
217 | $ib_selc = @mysql_select_db($mysql_zugangsdaten['datenbank'], $ib_conn); |
218 | 218 | ||
219 | $busca = mysql_query("SELECT `DataValue` FROM `".$mysql_zugangsdaten['praefix']."sessions` WHERE `SessionID` = '".mysql_real_escape_string($aKey)."'"); |
219 | $busca = mysql_query("SELECT `DataValue` FROM `".$mysql_zugangsdaten['praefix']."sessions` WHERE `SessionID` = '".mysql_real_escape_string($aKey)."'"); |
220 | if (mysql_num_rows($busca) == 0) |
220 | if (mysql_num_rows($busca) == 0) |
221 | { |
221 | { |
222 | mysql_query("INSERT INTO `".$mysql_zugangsdaten['praefix']."sessions` (`SessionID`, `LastUpdated`, `DataValue`) VALUES ('".mysql_real_escape_string($aKey)."', NOW(), '')"); |
222 | mysql_query("INSERT INTO `".$mysql_zugangsdaten['praefix']."sessions` (`SessionID`, `LastUpdated`, `DataValue`) VALUES ('".mysql_real_escape_string($aKey)."', NOW(), '')"); |
223 | 223 | ||
224 | @mysql_close($ib_conn); |
224 | @mysql_close($ib_conn); |
225 | 225 | ||
226 | return ''; |
226 | return ''; |
227 | } |
227 | } |
228 | else |
228 | else |
229 | { |
229 | { |
230 | $r = mysql_fetch_array($busca); |
230 | $r = mysql_fetch_array($busca); |
231 | 231 | ||
232 | @mysql_close($ib_conn); |
232 | @mysql_close($ib_conn); |
233 | 233 | ||
234 | return ib_decrypt($r['DataValue'], $mysql_zugangsdaten['username'].':'.$mysql_zugangsdaten['passwort']); |
234 | return ib_decrypt($r['DataValue'], $mysql_zugangsdaten['username'].':'.$mysql_zugangsdaten['passwort']); |
235 | } |
235 | } |
236 | } |
236 | } |
237 | 237 | ||
238 | function sessao_write( $aKey, $aVal ) |
238 | function sessao_write( $aKey, $aVal ) |
239 | { |
239 | { |
240 | global $mysql_zugangsdaten; |
240 | global $mysql_zugangsdaten; |
241 | 241 | ||
242 | $ib_conn = @mysql_connect($mysql_zugangsdaten['server'], $mysql_zugangsdaten['username'], $mysql_zugangsdaten['passwort']); |
242 | $ib_conn = @mysql_connect($mysql_zugangsdaten['server'], $mysql_zugangsdaten['username'], $mysql_zugangsdaten['passwort']); |
243 | $ib_selc = @mysql_select_db($mysql_zugangsdaten['datenbank'], $ib_conn); |
243 | $ib_selc = @mysql_select_db($mysql_zugangsdaten['datenbank'], $ib_conn); |
244 | 244 | ||
245 | mysql_query("UPDATE `".$mysql_zugangsdaten['praefix']."sessions` SET `DataValue` = '".ib_encrypt($aVal, $mysql_zugangsdaten['username'].':'.$mysql_zugangsdaten['passwort'])."', `LastUpdated` = NOW() WHERE `SessionID` = '".mysql_real_escape_string($aKey)."'"); |
245 | mysql_query("UPDATE `".$mysql_zugangsdaten['praefix']."sessions` SET `DataValue` = '".ib_encrypt($aVal, $mysql_zugangsdaten['username'].':'.$mysql_zugangsdaten['passwort'])."', `LastUpdated` = NOW() WHERE `SessionID` = '".mysql_real_escape_string($aKey)."'"); |
246 | 246 | ||
247 | @mysql_close($ib_conn); |
247 | @mysql_close($ib_conn); |
248 | 248 | ||
249 | return True; |
249 | return True; |
250 | } |
250 | } |
251 | 251 | ||
252 | function sessao_destroy( $aKey ) |
252 | function sessao_destroy( $aKey ) |
253 | { |
253 | { |
254 | global $mysql_zugangsdaten; |
254 | global $mysql_zugangsdaten; |
255 | 255 | ||
256 | $ib_conn = @mysql_connect($mysql_zugangsdaten['server'], $mysql_zugangsdaten['username'], $mysql_zugangsdaten['passwort']); |
256 | $ib_conn = @mysql_connect($mysql_zugangsdaten['server'], $mysql_zugangsdaten['username'], $mysql_zugangsdaten['passwort']); |
257 | $ib_selc = @mysql_select_db($mysql_zugangsdaten['datenbank'], $ib_conn); |
257 | $ib_selc = @mysql_select_db($mysql_zugangsdaten['datenbank'], $ib_conn); |
258 | 258 | ||
259 | mysql_query("DELETE FROM `".$mysql_zugangsdaten['praefix']."sessions` WHERE `SessionID` = '".mysql_real_escape_string($aKey)."'"); |
259 | mysql_query("DELETE FROM `".$mysql_zugangsdaten['praefix']."sessions` WHERE `SessionID` = '".mysql_real_escape_string($aKey)."'"); |
260 | if (mysql_affected_rows() > 0) |
260 | if (mysql_affected_rows() > 0) |
261 | mysql_query("OPTIMIZE TABLE `".$mysql_zugangsdaten['praefix']."sessions`"); |
261 | mysql_query("OPTIMIZE TABLE `".$mysql_zugangsdaten['praefix']."sessions`"); |
262 | 262 | ||
263 | @mysql_close($ib_conn); |
263 | @mysql_close($ib_conn); |
264 | 264 | ||
265 | return True; |
265 | return True; |
266 | } |
266 | } |
267 | 267 | ||
268 | function sessao_gc( $aMaxLifeTime ) |
268 | function sessao_gc( $aMaxLifeTime ) |
269 | { |
269 | { |
270 | global $mysql_zugangsdaten; |
270 | global $mysql_zugangsdaten; |
271 | 271 | ||
272 | $ib_conn = @mysql_connect($mysql_zugangsdaten['server'], $mysql_zugangsdaten['username'], $mysql_zugangsdaten['passwort']); |
272 | $ib_conn = @mysql_connect($mysql_zugangsdaten['server'], $mysql_zugangsdaten['username'], $mysql_zugangsdaten['passwort']); |
273 | $ib_selc = @mysql_select_db($mysql_zugangsdaten['datenbank'], $ib_conn); |
273 | $ib_selc = @mysql_select_db($mysql_zugangsdaten['datenbank'], $ib_conn); |
274 | 274 | ||
275 | mysql_query("DELETE FROM `".$mysql_zugangsdaten['praefix']."sessions` WHERE UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`LastUpdated`) > '".mysql_real_escape_string($aMaxLifeTime)."'"); |
275 | mysql_query("DELETE FROM `".$mysql_zugangsdaten['praefix']."sessions` WHERE UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`LastUpdated`) > '".mysql_real_escape_string($aMaxLifeTime)."'"); |
276 | if (mysql_affected_rows() > 0) |
276 | if (mysql_affected_rows() > 0) |
277 | mysql_query("OPTIMIZE TABLE `".$mysql_zugangsdaten['praefix']."sessions`"); |
277 | mysql_query("OPTIMIZE TABLE `".$mysql_zugangsdaten['praefix']."sessions`"); |
278 | 278 | ||
279 | @mysql_close($ib_conn); |
279 | @mysql_close($ib_conn); |
280 | 280 | ||
281 | return True; |
281 | return True; |
282 | } |
282 | } |
283 | 283 | ||
284 | @session_set_save_handler("sessao_open", "sessao_close", "sessao_read", "sessao_write", "sessao_destroy", "sessao_gc"); |
284 | @session_set_save_handler("sessao_open", "sessao_close", "sessao_read", "sessao_write", "sessao_destroy", "sessao_gc"); |
285 | 285 | ||
286 | @session_name($ib_session_name); |
286 | @session_name($ib_session_name); |
287 | @session_start(); |
287 | @session_start(); |
288 | 288 | ||
289 | if ($_SESSION['ib_user_type'] == '') |
289 | if ($_SESSION['wb_user_type'] == '') |
290 | { |
290 | { |
291 | 291 | ||
292 | die('<script language="JavaScript"> |
292 | die('<script language="JavaScript"> |
293 | <!-- |
293 | <!-- |
294 | alert("Sie sind nicht mehr in Personal WebBase eingeloggt!"); |
294 | alert("Sie sind nicht mehr in Personal WebBase eingeloggt!"); |
295 | parent.window.close(); |
295 | parent.window.close(); |
296 | // --> |
296 | // --> |
297 | </script>'); |
297 | </script>'); |
298 | 298 | ||
299 | } |
299 | } |
300 | 300 | ||
301 | if (version_compare(PHP_VERSION, '5.1.2', 'lt') && isset($_COOKIE[$session_name]) && eregi("\r|\n", $_COOKIE[$session_name])) |
301 | if (version_compare(PHP_VERSION, '5.1.2', 'lt') && isset($_COOKIE[$session_name]) && eregi("\r|\n", $_COOKIE[$session_name])) |
302 | { |
302 | { |
303 | die('Angriff'); |
303 | die('Angriff'); |
304 | } |
304 | } |
305 | 305 | ||
306 | // http://lists.phpbar.de/pipermail/php/Week-of-Mon-20040322/007749.html |
306 | // http://lists.phpbar.de/pipermail/php/Week-of-Mon-20040322/007749.html |
307 | // Entnommen von functions.inc.php |
307 | // Entnommen von functions.inc.php |
308 | 308 | ||
309 | function fetchip() |
309 | function fetchip() |
310 | { |
310 | { |
311 | $client_ip = (isset($_SERVER['HTTP_CLIENT_IP'])) ? $_SERVER['HTTP_CLIENT_IP'] : ''; |
311 | $client_ip = (isset($_SERVER['HTTP_CLIENT_IP'])) ? $_SERVER['HTTP_CLIENT_IP'] : ''; |
312 | $x_forwarded_for = (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; |
312 | $x_forwarded_for = (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; |
313 | $remote_addr = (isset($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : ''; |
313 | $remote_addr = (isset($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : ''; |
314 | 314 | ||
315 | if (!empty($client_ip)) |
315 | if (!empty($client_ip)) |
316 | { |
316 | { |
317 | $ip_expl = explode('.',$client_ip); |
317 | $ip_expl = explode('.',$client_ip); |
318 | $referer = explode('.',$remote_addr); |
318 | $referer = explode('.',$remote_addr); |
319 | if($referer[0] != $ip_expl[0]) |
319 | if($referer[0] != $ip_expl[0]) |
320 | { |
320 | { |
321 | $ip=array_reverse($ip_expl); |
321 | $ip=array_reverse($ip_expl); |
322 | $return=implode('.',$ip); |
322 | $return=implode('.',$ip); |
323 | } |
323 | } |
324 | else |
324 | else |
325 | { |
325 | { |
326 | $return = $client_ip; |
326 | $return = $client_ip; |
327 | } |
327 | } |
328 | } |
328 | } |
329 | else if (!empty($x_forwarded_for)) |
329 | else if (!empty($x_forwarded_for)) |
330 | { |
330 | { |
331 | if(strstr($x_forwarded_for,',')) |
331 | if(strstr($x_forwarded_for,',')) |
332 | { |
332 | { |
333 | $ip_expl = explode(',',$x_forwarded_for); |
333 | $ip_expl = explode(',',$x_forwarded_for); |
334 | $return = end($ip_expl); |
334 | $return = end($ip_expl); |
335 | } |
335 | } |
336 | else |
336 | else |
337 | { |
337 | { |
338 | $return = $x_forwarded_for; |
338 | $return = $x_forwarded_for; |
339 | } |
339 | } |
340 | } |
340 | } |
341 | else |
341 | else |
342 | { |
342 | { |
343 | $return = $remote_addr; |
343 | $return = $remote_addr; |
344 | } |
344 | } |
345 | unset ($client_ip, $x_forwarded_for, $remote_addr, $ip_expl); |
345 | unset ($client_ip, $x_forwarded_for, $remote_addr, $ip_expl); |
346 | return $return; |
346 | return $return; |
347 | } |
347 | } |
348 | 348 | ||
349 | $usedns = TRUE; |
349 | $usedns = TRUE; |
350 | 350 | ||
351 | $useragent = $_SERVER['HTTP_USER_AGENT']; |
351 | $useragent = $_SERVER['HTTP_USER_AGENT']; |
352 | $host = fetchip(); |
352 | $host = fetchip(); |
353 | 353 | ||
354 | if ($usedns) // <- war im Originalen $global['dns']... was soll das sein?! |
354 | if ($usedns) // <- war im Originalen $global['dns']... was soll das sein?! |
355 | $dns = @gethostbyaddr($host); |
355 | $dns = @gethostbyaddr($host); |
356 | else |
356 | else |
357 | $dns = $host; |
357 | $dns = $host; |
358 | 358 | ||
359 | if ((isset($_SESSION['session_secured'])) && ($_SESSION['session_secured'])) |
359 | if ((isset($_SESSION['session_secured'])) && ($_SESSION['session_secured'])) |
360 | { |
360 | { |
361 | if ( |
361 | if ( |
362 | (($_SESSION['host'] != $host) && !$usedns) |
362 | (($_SESSION['host'] != $host) && !$usedns) |
363 | || ($_SESSION['dns'] != $dns) |
363 | || ($_SESSION['dns'] != $dns) |
364 | || ($_SESSION['useragent'] != $useragent) |
364 | || ($_SESSION['useragent'] != $useragent) |
365 | ) { |
365 | ) { |
366 | session_regenerate_id(); |
366 | session_regenerate_id(); |
367 | session_unset(); |
367 | session_unset(); |
368 | } |
368 | } |
369 | } else { |
369 | } else { |
370 | $_SESSION['host'] = $host; |
370 | $_SESSION['host'] = $host; |
371 | $_SESSION['dns'] = $dns; |
371 | $_SESSION['dns'] = $dns; |
372 | $_SESSION['useragent'] = $useragent; |
372 | $_SESSION['useragent'] = $useragent; |
373 | $_SESSION['session_secured'] = 1; |
373 | $_SESSION['session_secured'] = 1; |
374 | } |
374 | } |
375 | 375 | ||
376 | 376 | ||
377 | // Ende Personal WebBase-Abschnitt |
377 | // Ende Personal WebBase-Abschnitt |
378 | 378 | ||
379 | 379 | ||
380 | 380 | ||
381 | 381 | ||
382 | 382 | ||
383 | 383 | ||
384 | 384 | ||
385 | 385 | ||
386 | 386 | ||
387 | 387 | ||
388 | // ------------------------------------------------------------------------- |
388 | // ------------------------------------------------------------------------- |
389 | // 3 SERVER variabes |
389 | // 3 SERVER variabes |
390 | // ------------------------------------------------------------------------- |
390 | // ------------------------------------------------------------------------- |
391 | if (isset($_SERVER["SCRIPT_NAME"]) == true) { $net2ftp_globals["PHP_SELF"] = $_SERVER["SCRIPT_NAME"]; } |
391 | if (isset($_SERVER["SCRIPT_NAME"]) == true) { $net2ftp_globals["PHP_SELF"] = $_SERVER["SCRIPT_NAME"]; } |
392 | elseif (isset($_SERVER["PHP_SELF"]) == true) { $net2ftp_globals["PHP_SELF"] = $_SERVER["PHP_SELF"]; } |
392 | elseif (isset($_SERVER["PHP_SELF"]) == true) { $net2ftp_globals["PHP_SELF"] = $_SERVER["PHP_SELF"]; } |
393 | else { $net2ftp_globals["PHP_SELF"] = "index.php"; } |
393 | else { $net2ftp_globals["PHP_SELF"] = "index.php"; } |
394 | if (isset($_SERVER["HTTP_REFERER"]) == true) { $net2ftp_globals["HTTP_REFERER"] = $_SERVER["HTTP_REFERER"]; } |
394 | if (isset($_SERVER["HTTP_REFERER"]) == true) { $net2ftp_globals["HTTP_REFERER"] = $_SERVER["HTTP_REFERER"]; } |
395 | else { $net2ftp_globals["HTTP_REFERER"] = ""; } |
395 | else { $net2ftp_globals["HTTP_REFERER"] = ""; } |
396 | if (isset($_SERVER["HTTP_USER_AGENT"]) == true) { $net2ftp_globals["HTTP_USER_AGENT"] = $_SERVER["HTTP_USER_AGENT"]; } |
396 | if (isset($_SERVER["HTTP_USER_AGENT"]) == true) { $net2ftp_globals["HTTP_USER_AGENT"] = $_SERVER["HTTP_USER_AGENT"]; } |
397 | if (isset($_SERVER["REMOTE_ADDR"]) == true) { $net2ftp_globals["REMOTE_ADDR"] = $_SERVER["REMOTE_ADDR"]; } |
397 | if (isset($_SERVER["REMOTE_ADDR"]) == true) { $net2ftp_globals["REMOTE_ADDR"] = $_SERVER["REMOTE_ADDR"]; } |
398 | if (isset($_SERVER["REMOTE_PORT"]) == true) { $net2ftp_globals["REMOTE_PORT"] = $_SERVER["REMOTE_PORT"]; } |
398 | if (isset($_SERVER["REMOTE_PORT"]) == true) { $net2ftp_globals["REMOTE_PORT"] = $_SERVER["REMOTE_PORT"]; } |
399 | 399 | ||
400 | // Action URL |
400 | // Action URL |
401 | // Note that later on in this file parameters may be appended to the action_url (for Mambo and Drupal) |
401 | // Note that later on in this file parameters may be appended to the action_url (for Mambo and Drupal) |
402 | $net2ftp_globals["action_url"] = $net2ftp_globals["PHP_SELF"]; |
402 | $net2ftp_globals["action_url"] = $net2ftp_globals["PHP_SELF"]; |
403 | 403 | ||
404 | 404 | ||
405 | // ------------------------------------------------------------------------- |
405 | // ------------------------------------------------------------------------- |
406 | // 4 Register main variables |
406 | // 4 Register main variables |
407 | // ------------------------------------------------------------------------- |
407 | // ------------------------------------------------------------------------- |
408 | 408 | ||
409 | // ---------------------------------------------- |
409 | // ---------------------------------------------- |
410 | // FTP server |
410 | // FTP server |
411 | // ---------------------------------------------- |
411 | // ---------------------------------------------- |
412 | if (isset($_POST["ftpserver"]) == true) { $net2ftp_globals["ftpserver"] = validateFtpserver($_POST["ftpserver"]); } |
412 | if (isset($_POST["ftpserver"]) == true) { $net2ftp_globals["ftpserver"] = validateFtpserver($_POST["ftpserver"]); } |
413 | elseif (isset($_GET["ftpserver"]) == true) { $net2ftp_globals["ftpserver"] = validateFtpserver($_GET["ftpserver"]); } |
413 | elseif (isset($_GET["ftpserver"]) == true) { $net2ftp_globals["ftpserver"] = validateFtpserver($_GET["ftpserver"]); } |
414 | else { $net2ftp_globals["ftpserver"] = validateFtpserver(""); } |
414 | else { $net2ftp_globals["ftpserver"] = validateFtpserver(""); } |
415 | $net2ftp_globals["ftpserver_html"] = htmlEncode2($net2ftp_globals["ftpserver"]); |
415 | $net2ftp_globals["ftpserver_html"] = htmlEncode2($net2ftp_globals["ftpserver"]); |
416 | $net2ftp_globals["ftpserver_url"] = urlEncode2($net2ftp_globals["ftpserver"]); |
416 | $net2ftp_globals["ftpserver_url"] = urlEncode2($net2ftp_globals["ftpserver"]); |
417 | $net2ftp_globals["ftpserver_js"] = javascriptEncode2($net2ftp_globals["ftpserver"]); |
417 | $net2ftp_globals["ftpserver_js"] = javascriptEncode2($net2ftp_globals["ftpserver"]); |
418 | 418 | ||
419 | // ---------------------------------------------- |
419 | // ---------------------------------------------- |
420 | // FTP server port |
420 | // FTP server port |
421 | // ---------------------------------------------- |
421 | // ---------------------------------------------- |
422 | if (isset($_POST["ftpserverport"]) == true) { $net2ftp_globals["ftpserverport"] = validateFtpserverport($_POST["ftpserverport"]); } |
422 | if (isset($_POST["ftpserverport"]) == true) { $net2ftp_globals["ftpserverport"] = validateFtpserverport($_POST["ftpserverport"]); } |
423 | elseif (isset($_GET["ftpserverport"]) == true) { $net2ftp_globals["ftpserverport"] = validateFtpserverport($_GET["ftpserverport"]); } |
423 | elseif (isset($_GET["ftpserverport"]) == true) { $net2ftp_globals["ftpserverport"] = validateFtpserverport($_GET["ftpserverport"]); } |
424 | else { $net2ftp_globals["ftpserverport"] = validateFtpserverport(""); } |
424 | else { $net2ftp_globals["ftpserverport"] = validateFtpserverport(""); } |
425 | $net2ftp_globals["ftpserverport_html"] = htmlEncode2($net2ftp_globals["ftpserverport"]); |
425 | $net2ftp_globals["ftpserverport_html"] = htmlEncode2($net2ftp_globals["ftpserverport"]); |
426 | $net2ftp_globals["ftpserverport_url"] = urlEncode2($net2ftp_globals["ftpserverport"]); |
426 | $net2ftp_globals["ftpserverport_url"] = urlEncode2($net2ftp_globals["ftpserverport"]); |
427 | $net2ftp_globals["ftpserverport_js"] = javascriptEncode2($net2ftp_globals["ftpserverport"]); |
427 | $net2ftp_globals["ftpserverport_js"] = javascriptEncode2($net2ftp_globals["ftpserverport"]); |
428 | 428 | ||
429 | // ---------------------------------------------- |
429 | // ---------------------------------------------- |
430 | // Username |
430 | // Username |
431 | // ---------------------------------------------- |
431 | // ---------------------------------------------- |
432 | if (isset($_POST["username"]) == true) { $net2ftp_globals["username"] = validateUsername($_POST["username"]); } |
432 | if (isset($_POST["username"]) == true) { $net2ftp_globals["username"] = validateUsername($_POST["username"]); } |
433 | elseif (isset($_GET["username"]) == true) { $net2ftp_globals["username"] = validateUsername($_GET["username"]); } |
433 | elseif (isset($_GET["username"]) == true) { $net2ftp_globals["username"] = validateUsername($_GET["username"]); } |
434 | else { $net2ftp_globals["username"] = validateUsername(""); } |
434 | else { $net2ftp_globals["username"] = validateUsername(""); } |
435 | $net2ftp_globals["username_html"] = htmlEncode2($net2ftp_globals["username"]); |
435 | $net2ftp_globals["username_html"] = htmlEncode2($net2ftp_globals["username"]); |
436 | $net2ftp_globals["username_url"] = urlEncode2($net2ftp_globals["username"]); |
436 | $net2ftp_globals["username_url"] = urlEncode2($net2ftp_globals["username"]); |
437 | $net2ftp_globals["username_js"] = javascriptEncode2($net2ftp_globals["username"]); |
437 | $net2ftp_globals["username_js"] = javascriptEncode2($net2ftp_globals["username"]); |
438 | 438 | ||
439 | // ---------------------------------------------- |
439 | // ---------------------------------------------- |
440 | // Password |
440 | // Password |
441 | // ---------------------------------------------- |
441 | // ---------------------------------------------- |
442 | // From login form |
442 | // From login form |
443 | if (isset($_POST["password"]) == true) { |
443 | if (isset($_POST["password"]) == true) { |
444 | $net2ftp_globals["password_encrypted"] = encryptPassword(trim($_POST["password"])); |
444 | $net2ftp_globals["password_encrypted"] = encryptPassword(trim($_POST["password"])); |
445 | $_SESSION["net2ftp_password_encrypted_" . $net2ftp_globals["ftpserver"] . $net2ftp_globals["username"]] = encryptPassword(trim($_POST["password"])); |
445 | $_SESSION["net2ftp_password_encrypted_" . $net2ftp_globals["ftpserver"] . $net2ftp_globals["username"]] = encryptPassword(trim($_POST["password"])); |
446 | } |
446 | } |
447 | // From the upload page (SWFUpload Flash applet) |
447 | // From the upload page (SWFUpload Flash applet) |
448 | elseif (isset($_GET["password_encrypted"]) == true) { |
448 | elseif (isset($_GET["password_encrypted"]) == true) { |
449 | $net2ftp_globals["password_encrypted"] = trim($_GET["password_encrypted"]); |
449 | $net2ftp_globals["password_encrypted"] = trim($_GET["password_encrypted"]); |
450 | $_SESSION["net2ftp_password_encrypted_" . $net2ftp_globals["ftpserver"] . $net2ftp_globals["username"]] = trim($_GET["password_encrypted"]); |
450 | $_SESSION["net2ftp_password_encrypted_" . $net2ftp_globals["ftpserver"] . $net2ftp_globals["username"]] = trim($_GET["password_encrypted"]); |
451 | } |
451 | } |
452 | 452 | ||
453 | // ---------------------------------------------- |
453 | // ---------------------------------------------- |
454 | // Language |
454 | // Language |
455 | // ---------------------------------------------- |
455 | // ---------------------------------------------- |
456 | if (isset($_POST["language"]) == true) { $net2ftp_globals["language"] = validateLanguage($_POST["language"]); } |
456 | if (isset($_POST["language"]) == true) { $net2ftp_globals["language"] = validateLanguage($_POST["language"]); } |
457 | elseif (isset($_GET["language"]) == true) { $net2ftp_globals["language"] = validateLanguage($_GET["language"]); } |
457 | elseif (isset($_GET["language"]) == true) { $net2ftp_globals["language"] = validateLanguage($_GET["language"]); } |
458 | else { $net2ftp_globals["language"] = validateLanguage(""); } |
458 | else { $net2ftp_globals["language"] = validateLanguage(""); } |
459 | $net2ftp_globals["language_html"] = htmlEncode2($net2ftp_globals["language"]); |
459 | $net2ftp_globals["language_html"] = htmlEncode2($net2ftp_globals["language"]); |
460 | $net2ftp_globals["language_url"] = urlEncode2($net2ftp_globals["language"]); |
460 | $net2ftp_globals["language_url"] = urlEncode2($net2ftp_globals["language"]); |
461 | $net2ftp_globals["language_js"] = javascriptEncode2($net2ftp_globals["language"]); |
461 | $net2ftp_globals["language_js"] = javascriptEncode2($net2ftp_globals["language"]); |
462 | 462 | ||
463 | // ---------------------------------------------- |
463 | // ---------------------------------------------- |
464 | // Skin |
464 | // Skin |
465 | // ---------------------------------------------- |
465 | // ---------------------------------------------- |
466 | if (isset($_POST["skin"]) == true) { $net2ftp_globals["skin"] = validateSkin($_POST["skin"]); } |
466 | if (isset($_POST["skin"]) == true) { $net2ftp_globals["skin"] = validateSkin($_POST["skin"]); } |
467 | elseif (isset($_GET["skin"]) == true) { $net2ftp_globals["skin"] = validateSkin($_GET["skin"]); } |
467 | elseif (isset($_GET["skin"]) == true) { $net2ftp_globals["skin"] = validateSkin($_GET["skin"]); } |
468 | else { $net2ftp_globals["skin"] = validateSkin(""); } |
468 | else { $net2ftp_globals["skin"] = validateSkin(""); } |
469 | $net2ftp_globals["skin_html"] = htmlEncode2($net2ftp_globals["skin"]); |
469 | $net2ftp_globals["skin_html"] = htmlEncode2($net2ftp_globals["skin"]); |
470 | $net2ftp_globals["skin_url"] = urlEncode2($net2ftp_globals["skin"]); |
470 | $net2ftp_globals["skin_url"] = urlEncode2($net2ftp_globals["skin"]); |
471 | $net2ftp_globals["skin_js"] = javascriptEncode2($net2ftp_globals["skin"]); |
471 | $net2ftp_globals["skin_js"] = javascriptEncode2($net2ftp_globals["skin"]); |
472 | 472 | ||
473 | $skinArray = getSkinArray(); |
473 | $skinArray = getSkinArray(); |
474 | $net2ftp_globals["image_url"] = $skinArray[$net2ftp_globals["skin"]]["image_url"]; |
474 | $net2ftp_globals["image_url"] = $skinArray[$net2ftp_globals["skin"]]["image_url"]; |
475 | 475 | ||
476 | // ---------------------------------------------- |
476 | // ---------------------------------------------- |
477 | // FTP mode |
477 | // FTP mode |
478 | // ---------------------------------------------- |
478 | // ---------------------------------------------- |
479 | if (isset($_POST["ftpmode"]) == true) { $net2ftp_globals["ftpmode"] = validateFtpmode($_POST["ftpmode"]); } |
479 | if (isset($_POST["ftpmode"]) == true) { $net2ftp_globals["ftpmode"] = validateFtpmode($_POST["ftpmode"]); } |
480 | elseif (isset($_GET["ftpmode"]) == true) { $net2ftp_globals["ftpmode"] = validateFtpmode($_GET["ftpmode"]); } |
480 | elseif (isset($_GET["ftpmode"]) == true) { $net2ftp_globals["ftpmode"] = validateFtpmode($_GET["ftpmode"]); } |
481 | else { $net2ftp_globals["ftpmode"] = validateFtpmode(""); } |
481 | else { $net2ftp_globals["ftpmode"] = validateFtpmode(""); } |
482 | $net2ftp_globals["ftpmode_html"] = htmlEncode2($net2ftp_globals["ftpmode"]); |
482 | $net2ftp_globals["ftpmode_html"] = htmlEncode2($net2ftp_globals["ftpmode"]); |
483 | $net2ftp_globals["ftpmode_url"] = urlEncode2($net2ftp_globals["ftpmode"]); |
483 | $net2ftp_globals["ftpmode_url"] = urlEncode2($net2ftp_globals["ftpmode"]); |
484 | $net2ftp_globals["ftpmode_js"] = javascriptEncode2($net2ftp_globals["ftpmode"]); |
484 | $net2ftp_globals["ftpmode_js"] = javascriptEncode2($net2ftp_globals["ftpmode"]); |
485 | 485 | ||
486 | // ---------------------------------------------- |
486 | // ---------------------------------------------- |
487 | // Passive mode |
487 | // Passive mode |
488 | // ---------------------------------------------- |
488 | // ---------------------------------------------- |
489 | if (isset($_POST["passivemode"]) == true) { $net2ftp_globals["passivemode"] = validatePassivemode($_POST["passivemode"]); } |
489 | if (isset($_POST["passivemode"]) == true) { $net2ftp_globals["passivemode"] = validatePassivemode($_POST["passivemode"]); } |
490 | elseif (isset($_GET["passivemode"]) == true) { $net2ftp_globals["passivemode"] = validatePassivemode($_GET["passivemode"]); } |
490 | elseif (isset($_GET["passivemode"]) == true) { $net2ftp_globals["passivemode"] = validatePassivemode($_GET["passivemode"]); } |
491 | else { $net2ftp_globals["passivemode"] = validatePassivemode(""); } |
491 | else { $net2ftp_globals["passivemode"] = validatePassivemode(""); } |
492 | $net2ftp_globals["passivemode_html"] = htmlEncode2($net2ftp_globals["passivemode"]); |
492 | $net2ftp_globals["passivemode_html"] = htmlEncode2($net2ftp_globals["passivemode"]); |
493 | $net2ftp_globals["passivemode_url"] = urlEncode2($net2ftp_globals["passivemode"]); |
493 | $net2ftp_globals["passivemode_url"] = urlEncode2($net2ftp_globals["passivemode"]); |
494 | $net2ftp_globals["passivemode_js"] = javascriptEncode2($net2ftp_globals["passivemode"]); |
494 | $net2ftp_globals["passivemode_js"] = javascriptEncode2($net2ftp_globals["passivemode"]); |
495 | 495 | ||
496 | // ---------------------------------------------- |
496 | // ---------------------------------------------- |
497 | // SSL connect |
497 | // SSL connect |
498 | // ---------------------------------------------- |
498 | // ---------------------------------------------- |
499 | if (isset($_POST["sslconnect"]) == true) { $net2ftp_globals["sslconnect"] = validateSslconnect($_POST["sslconnect"]); } |
499 | if (isset($_POST["sslconnect"]) == true) { $net2ftp_globals["sslconnect"] = validateSslconnect($_POST["sslconnect"]); } |
500 | elseif (isset($_GET["sslconnect"]) == true) { $net2ftp_globals["sslconnect"] = validateSslconnect($_GET["sslconnect"]); } |
500 | elseif (isset($_GET["sslconnect"]) == true) { $net2ftp_globals["sslconnect"] = validateSslconnect($_GET["sslconnect"]); } |
501 | else { $net2ftp_globals["sslconnect"] = validateSslconnect(""); } |
501 | else { $net2ftp_globals["sslconnect"] = validateSslconnect(""); } |
502 | $net2ftp_globals["sslconnect_html"] = htmlEncode2($net2ftp_globals["sslconnect"]); |
502 | $net2ftp_globals["sslconnect_html"] = htmlEncode2($net2ftp_globals["sslconnect"]); |
503 | $net2ftp_globals["sslconnect_url"] = urlEncode2($net2ftp_globals["sslconnect"]); |
503 | $net2ftp_globals["sslconnect_url"] = urlEncode2($net2ftp_globals["sslconnect"]); |
504 | $net2ftp_globals["sslconnect_js"] = javascriptEncode2($net2ftp_globals["sslconnect"]); |
504 | $net2ftp_globals["sslconnect_js"] = javascriptEncode2($net2ftp_globals["sslconnect"]); |
505 | 505 | ||
506 | // ---------------------------------------------- |
506 | // ---------------------------------------------- |
507 | // View mode |
507 | // View mode |
508 | // ---------------------------------------------- |
508 | // ---------------------------------------------- |
509 | if (isset($_POST["viewmode"]) == true) { $net2ftp_globals["viewmode"] = validateViewmode($_POST["viewmode"]); } |
509 | if (isset($_POST["viewmode"]) == true) { $net2ftp_globals["viewmode"] = validateViewmode($_POST["viewmode"]); } |
510 | elseif (isset($_GET["viewmode"]) == true) { $net2ftp_globals["viewmode"] = validateViewmode($_GET["viewmode"]); } |
510 | elseif (isset($_GET["viewmode"]) == true) { $net2ftp_globals["viewmode"] = validateViewmode($_GET["viewmode"]); } |
511 | else { $net2ftp_globals["viewmode"] = validateViewmode(""); } |
511 | else { $net2ftp_globals["viewmode"] = validateViewmode(""); } |
512 | $net2ftp_globals["viewmode_html"] = htmlEncode2($net2ftp_globals["viewmode"]); |
512 | $net2ftp_globals["viewmode_html"] = htmlEncode2($net2ftp_globals["viewmode"]); |
513 | $net2ftp_globals["viewmode_url"] = urlEncode2($net2ftp_globals["viewmode"]); |
513 | $net2ftp_globals["viewmode_url"] = urlEncode2($net2ftp_globals["viewmode"]); |
514 | $net2ftp_globals["viewmode_js"] = javascriptEncode2($net2ftp_globals["viewmode"]); |
514 | $net2ftp_globals["viewmode_js"] = javascriptEncode2($net2ftp_globals["viewmode"]); |
515 | 515 | ||
516 | // ---------------------------------------------- |
516 | // ---------------------------------------------- |
517 | // Sort |
517 | // Sort |
518 | // ---------------------------------------------- |
518 | // ---------------------------------------------- |
519 | if (isset($_POST["sort"]) == true) { $net2ftp_globals["sort"] = validateSort($_POST["sort"]); } |
519 | if (isset($_POST["sort"]) == true) { $net2ftp_globals["sort"] = validateSort($_POST["sort"]); } |
520 | elseif (isset($_GET["sort"]) == true) { $net2ftp_globals["sort"] = validateSort($_GET["sort"]); } |
520 | elseif (isset($_GET["sort"]) == true) { $net2ftp_globals["sort"] = validateSort($_GET["sort"]); } |
521 | else { $net2ftp_globals["sort"] = validateSort(""); } |
521 | else { $net2ftp_globals["sort"] = validateSort(""); } |
522 | $net2ftp_globals["sort_html"] = htmlEncode2($net2ftp_globals["sort"]); |
522 | $net2ftp_globals["sort_html"] = htmlEncode2($net2ftp_globals["sort"]); |
523 | $net2ftp_globals["sort_url"] = urlEncode2($net2ftp_globals["sort"]); |
523 | $net2ftp_globals["sort_url"] = urlEncode2($net2ftp_globals["sort"]); |
524 | $net2ftp_globals["sort_js"] = javascriptEncode2($net2ftp_globals["sort"]); |
524 | $net2ftp_globals["sort_js"] = javascriptEncode2($net2ftp_globals["sort"]); |
525 | 525 | ||
526 | // ---------------------------------------------- |
526 | // ---------------------------------------------- |
527 | // Sort order |
527 | // Sort order |
528 | // ---------------------------------------------- |
528 | // ---------------------------------------------- |
529 | if (isset($_POST["sortorder"]) == true) { $net2ftp_globals["sortorder"] = validateSortorder($_POST["sortorder"]); } |
529 | if (isset($_POST["sortorder"]) == true) { $net2ftp_globals["sortorder"] = validateSortorder($_POST["sortorder"]); } |
530 | elseif (isset($_GET["sortorder"]) == true) { $net2ftp_globals["sortorder"] = validateSortorder($_GET["sortorder"]); } |
530 | elseif (isset($_GET["sortorder"]) == true) { $net2ftp_globals["sortorder"] = validateSortorder($_GET["sortorder"]); } |
531 | else { $net2ftp_globals["sortorder"] = validateSortorder(""); } |
531 | else { $net2ftp_globals["sortorder"] = validateSortorder(""); } |
532 | $net2ftp_globals["sortorder_html"] = htmlEncode2($net2ftp_globals["sortorder"]); |
532 | $net2ftp_globals["sortorder_html"] = htmlEncode2($net2ftp_globals["sortorder"]); |
533 | $net2ftp_globals["sortorder_url"] = urlEncode2($net2ftp_globals["sortorder"]); |
533 | $net2ftp_globals["sortorder_url"] = urlEncode2($net2ftp_globals["sortorder"]); |
534 | $net2ftp_globals["sortorder_js"] = javascriptEncode2($net2ftp_globals["sortorder"]); |
534 | $net2ftp_globals["sortorder_js"] = javascriptEncode2($net2ftp_globals["sortorder"]); |
535 | 535 | ||
536 | // ---------------------------------------------- |
536 | // ---------------------------------------------- |
537 | // State |
537 | // State |
538 | // ---------------------------------------------- |
538 | // ---------------------------------------------- |
539 | if (isset($_POST["state"]) == true) { $net2ftp_globals["state"] = validateState($_POST["state"]); } |
539 | if (isset($_POST["state"]) == true) { $net2ftp_globals["state"] = validateState($_POST["state"]); } |
540 | elseif (isset($_GET["state"]) == true) { $net2ftp_globals["state"] = validateState($_GET["state"]); } |
540 | elseif (isset($_GET["state"]) == true) { $net2ftp_globals["state"] = validateState($_GET["state"]); } |
541 | else { $net2ftp_globals["state"] = validateState(""); } |
541 | else { $net2ftp_globals["state"] = validateState(""); } |
542 | $net2ftp_globals["state_html"] = htmlEncode2($net2ftp_globals["state"]); |
542 | $net2ftp_globals["state_html"] = htmlEncode2($net2ftp_globals["state"]); |
543 | $net2ftp_globals["state_url"] = urlEncode2($net2ftp_globals["state"]); |
543 | $net2ftp_globals["state_url"] = urlEncode2($net2ftp_globals["state"]); |
544 | $net2ftp_globals["state_js"] = javascriptEncode2($net2ftp_globals["state"]); |
544 | $net2ftp_globals["state_js"] = javascriptEncode2($net2ftp_globals["state"]); |
545 | 545 | ||
546 | // ---------------------------------------------- |
546 | // ---------------------------------------------- |
547 | // State2 |
547 | // State2 |
548 | // ---------------------------------------------- |
548 | // ---------------------------------------------- |
549 | if (isset($_POST["state2"]) == true) { $net2ftp_globals["state2"] = validateState2($_POST["state2"]); } |
549 | if (isset($_POST["state2"]) == true) { $net2ftp_globals["state2"] = validateState2($_POST["state2"]); } |
550 | elseif (isset($_GET["state2"]) == true) { $net2ftp_globals["state2"] = validateState2($_GET["state2"]); } |
550 | elseif (isset($_GET["state2"]) == true) { $net2ftp_globals["state2"] = validateState2($_GET["state2"]); } |
551 | else { $net2ftp_globals["state2"] = validateState2(""); } |
551 | else { $net2ftp_globals["state2"] = validateState2(""); } |
552 | $net2ftp_globals["state2_html"] = htmlEncode2($net2ftp_globals["state2"]); |
552 | $net2ftp_globals["state2_html"] = htmlEncode2($net2ftp_globals["state2"]); |
553 | $net2ftp_globals["state2_url"] = urlEncode2($net2ftp_globals["state2"]); |
553 | $net2ftp_globals["state2_url"] = urlEncode2($net2ftp_globals["state2"]); |
554 | $net2ftp_globals["state2_js"] = javascriptEncode2($net2ftp_globals["state2"]); |
554 | $net2ftp_globals["state2_js"] = javascriptEncode2($net2ftp_globals["state2"]); |
555 | 555 | ||
556 | // ---------------------------------------------- |
556 | // ---------------------------------------------- |
557 | // Directory |
557 | // Directory |
558 | // ---------------------------------------------- |
558 | // ---------------------------------------------- |
559 | if (isset($_POST["directory"]) == true) { $net2ftp_globals["directory"] = validateDirectory($_POST["directory"]); } |
559 | if (isset($_POST["directory"]) == true) { $net2ftp_globals["directory"] = validateDirectory($_POST["directory"]); } |
560 | elseif (isset($_GET["directory"]) == true) { $net2ftp_globals["directory"] = validateDirectory($_GET["directory"]); } |
560 | elseif (isset($_GET["directory"]) == true) { $net2ftp_globals["directory"] = validateDirectory($_GET["directory"]); } |
561 | else { $net2ftp_globals["directory"] = ""; } |
561 | else { $net2ftp_globals["directory"] = ""; } |
562 | $net2ftp_globals["directory_html"] = htmlEncode2($net2ftp_globals["directory"]); |
562 | $net2ftp_globals["directory_html"] = htmlEncode2($net2ftp_globals["directory"]); |
563 | $net2ftp_globals["directory_url"] = urlEncode2($net2ftp_globals["directory"]); |
563 | $net2ftp_globals["directory_url"] = urlEncode2($net2ftp_globals["directory"]); |
564 | $net2ftp_globals["directory_js"] = javascriptEncode2($net2ftp_globals["directory"]); |
564 | $net2ftp_globals["directory_js"] = javascriptEncode2($net2ftp_globals["directory"]); |
565 | 565 | ||
566 | // printdirectory |
566 | // printdirectory |
567 | if ($net2ftp_globals["directory"] != "" && $net2ftp_globals["directory"] != "/") { |
567 | if ($net2ftp_globals["directory"] != "" && $net2ftp_globals["directory"] != "/") { |
568 | $net2ftp_globals["printdirectory"] = $net2ftp_globals["directory"]; |
568 | $net2ftp_globals["printdirectory"] = $net2ftp_globals["directory"]; |
569 | } |
569 | } |
570 | else { |
570 | else { |
571 | $net2ftp_globals["printdirectory"] = "/"; |
571 | $net2ftp_globals["printdirectory"] = "/"; |
572 | } |
572 | } |
573 | 573 | ||
574 | // ---------------------------------------------- |
574 | // ---------------------------------------------- |
575 | // Entry |
575 | // Entry |
576 | // ---------------------------------------------- |
576 | // ---------------------------------------------- |
577 | if (isset($_POST["entry"]) == true) { $net2ftp_globals["entry"] = validateEntry($_POST["entry"]); } |
577 | if (isset($_POST["entry"]) == true) { $net2ftp_globals["entry"] = validateEntry($_POST["entry"]); } |
578 | elseif (isset($_GET["entry"]) == true) { $net2ftp_globals["entry"] = validateEntry($_GET["entry"]); } |
578 | elseif (isset($_GET["entry"]) == true) { $net2ftp_globals["entry"] = validateEntry($_GET["entry"]); } |
579 | else { $net2ftp_globals["entry"] = ""; } |
579 | else { $net2ftp_globals["entry"] = ""; } |
580 | 580 | ||
581 | // Do not validate $entry when following symlinks, as this removes the -> symbol |
581 | // Do not validate $entry when following symlinks, as this removes the -> symbol |
582 | // Validation of $entry is done in /modules/followsymlink/followsymlink.inc.php |
582 | // Validation of $entry is done in /modules/followsymlink/followsymlink.inc.php |
583 | if ($net2ftp_globals["state"] == "followsymlink") { |
583 | if ($net2ftp_globals["state"] == "followsymlink") { |
584 | if (isset($_POST["entry"]) == true) { $net2ftp_globals["entry"] = $_POST["entry"]; } |
584 | if (isset($_POST["entry"]) == true) { $net2ftp_globals["entry"] = $_POST["entry"]; } |
585 | elseif (isset($_GET["entry"]) == true) { $net2ftp_globals["entry"] = $_GET["entry"]; } |
585 | elseif (isset($_GET["entry"]) == true) { $net2ftp_globals["entry"] = $_GET["entry"]; } |
586 | } |
586 | } |
587 | 587 | ||
588 | $net2ftp_globals["entry_html"] = htmlEncode2($net2ftp_globals["entry"]); |
588 | $net2ftp_globals["entry_html"] = htmlEncode2($net2ftp_globals["entry"]); |
589 | $net2ftp_globals["entry_url"] = urlEncode2($net2ftp_globals["entry"]); |
589 | $net2ftp_globals["entry_url"] = urlEncode2($net2ftp_globals["entry"]); |
590 | $net2ftp_globals["entry_js"] = javascriptEncode2($net2ftp_globals["entry"]); |
590 | $net2ftp_globals["entry_js"] = javascriptEncode2($net2ftp_globals["entry"]); |
591 | 591 | ||
592 | 592 | ||
593 | // ---------------------------------------------- |
593 | // ---------------------------------------------- |
594 | // Screen |
594 | // Screen |
595 | // ---------------------------------------------- |
595 | // ---------------------------------------------- |
596 | if (isset($_POST["screen"]) == true) { $net2ftp_globals["screen"] = validateScreen($_POST["screen"]); } |
596 | if (isset($_POST["screen"]) == true) { $net2ftp_globals["screen"] = validateScreen($_POST["screen"]); } |
597 | elseif (isset($_GET["screen"]) == true) { $net2ftp_globals["screen"] = validateScreen($_GET["screen"]); } |
597 | elseif (isset($_GET["screen"]) == true) { $net2ftp_globals["screen"] = validateScreen($_GET["screen"]); } |
598 | else { $net2ftp_globals["screen"] = validateScreen(""); } |
598 | else { $net2ftp_globals["screen"] = validateScreen(""); } |
599 | $net2ftp_globals["screen_html"] = htmlEncode2($net2ftp_globals["screen"]); |
599 | $net2ftp_globals["screen_html"] = htmlEncode2($net2ftp_globals["screen"]); |
600 | $net2ftp_globals["screen_url"] = urlEncode2($net2ftp_globals["screen"]); |
600 | $net2ftp_globals["screen_url"] = urlEncode2($net2ftp_globals["screen"]); |
601 | $net2ftp_globals["screen_js"] = javascriptEncode2($net2ftp_globals["screen"]); |
601 | $net2ftp_globals["screen_js"] = javascriptEncode2($net2ftp_globals["screen"]); |
602 | 602 | ||
603 | // ---------------------------------------------- |
603 | // ---------------------------------------------- |
604 | // MAMBO variables |
604 | // MAMBO variables |
605 | // ---------------------------------------------- |
605 | // ---------------------------------------------- |
606 | if (defined("_VALID_MOS") == true) { |
606 | if (defined("_VALID_MOS") == true) { |
607 | $option = $_GET["option"]; |
607 | $option = $_GET["option"]; |
608 | $Itemid = $_GET["Itemid"]; |
608 | $Itemid = $_GET["Itemid"]; |
609 | $net2ftp_globals["action_url"] .= "?option=$option&Itemid=$Itemid"; |
609 | $net2ftp_globals["action_url"] .= "?option=$option&Itemid=$Itemid"; |
610 | } |
610 | } |
611 | 611 | ||
612 | // ---------------------------------------------- |
612 | // ---------------------------------------------- |
613 | // DRUPAL variables |
613 | // DRUPAL variables |
614 | // ---------------------------------------------- |
614 | // ---------------------------------------------- |
615 | if (defined("CACHE_PERMANENT") == true) { |
615 | if (defined("CACHE_PERMANENT") == true) { |
616 | $q = $_GET["q"]; |
616 | $q = $_GET["q"]; |
617 | $net2ftp_globals["action_url"] .= "?q=$q"; |
617 | $net2ftp_globals["action_url"] .= "?q=$q"; |
618 | } |
618 | } |
619 | 619 | ||
620 | 620 | ||
621 | // ------------------------------------------------------------------------- |
621 | // ------------------------------------------------------------------------- |
622 | // 5.1 Delete the session data when logging out |
622 | // 5.1 Delete the session data when logging out |
623 | // ------------------------------------------------------------------------- |
623 | // ------------------------------------------------------------------------- |
624 | if ($net2ftp_globals["state"] == "logout") { |
624 | if ($net2ftp_globals["state"] == "logout") { |
625 | $_SESSION["net2ftp_password_encrypted_" . $net2ftp_globals["ftpserver"] . $net2ftp_globals["username"]] = ""; |
625 | $_SESSION["net2ftp_password_encrypted_" . $net2ftp_globals["ftpserver"] . $net2ftp_globals["username"]] = ""; |
626 | } |
626 | } |
627 | 627 | ||
628 | // ------------------------------------------------------------------------- |
628 | // ------------------------------------------------------------------------- |
629 | // 5.2 Redirect to login_small |
629 | // 5.2 Redirect to login_small |
630 | // if session has expired |
630 | // if session has expired |
631 | // if the IP address has changed (disabled as this may cause problems for some people) |
631 | // if the IP address has changed (disabled as this may cause problems for some people) |
632 | // if the password is blank |
632 | // if the password is blank |
633 | // ------------------------------------------------------------------------- |
633 | // ------------------------------------------------------------------------- |
634 | 634 | ||
635 | // Personal WebBase-Auskommentierung |
635 | // Personal WebBase-Auskommentierung |
636 | 636 | ||
637 | /* if ($net2ftp_globals["state"] != "login" && $net2ftp_globals["state"] != "login_small" && |
637 | /* if ($net2ftp_globals["state"] != "login" && $net2ftp_globals["state"] != "login_small" && |
638 | $_SESSION["net2ftp_session_id_old"] != $_SESSION["net2ftp_session_id_new"]) { |
638 | $_SESSION["net2ftp_session_id_old"] != $_SESSION["net2ftp_session_id_new"]) { |
639 | $net2ftp_globals["go_to_state"] = $net2ftp_globals["state"]; |
639 | $net2ftp_globals["go_to_state"] = $net2ftp_globals["state"]; |
640 | $net2ftp_globals["go_to_state2"] = $net2ftp_globals["state2"]; |
640 | $net2ftp_globals["go_to_state2"] = $net2ftp_globals["state2"]; |
641 | $net2ftp_globals["state"] = "login_small"; |
641 | $net2ftp_globals["state"] = "login_small"; |
642 | $net2ftp_globals["state2"] = "session_expired"; |
642 | $net2ftp_globals["state2"] = "session_expired"; |
643 | } |
643 | } |
644 | //elseif ($net2ftp_globals["state"] != "login" && $net2ftp_globals["state"] != "login_small" && |
644 | //elseif ($net2ftp_globals["state"] != "login" && $net2ftp_globals["state"] != "login_small" && |
645 | // $_SESSION["net2ftp_remote_addr_old"] != $_SESSION["net2ftp_remote_addr_new"]) { |
645 | // $_SESSION["net2ftp_remote_addr_old"] != $_SESSION["net2ftp_remote_addr_new"]) { |
646 | // $net2ftp_globals["go_to_state"] = $net2ftp_globals["state"]; |
646 | // $net2ftp_globals["go_to_state"] = $net2ftp_globals["state"]; |
647 | // $net2ftp_globals["go_to_state2"] = $net2ftp_globals["state2"]; |
647 | // $net2ftp_globals["go_to_state2"] = $net2ftp_globals["state2"]; |
648 | // $net2ftp_globals["state"] = "login_small"; |
648 | // $net2ftp_globals["state"] = "login_small"; |
649 | // $net2ftp_globals["state2"] = "session_ipchanged"; |
649 | // $net2ftp_globals["state2"] = "session_ipchanged"; |
650 | //} |
650 | //} |
651 | elseif (substr($net2ftp_globals["state"], 0, 5) != "admin" && $net2ftp_globals["state"] != "clearcookies" && |
651 | elseif (substr($net2ftp_globals["state"], 0, 5) != "admin" && $net2ftp_globals["state"] != "clearcookies" && |
652 | $net2ftp_globals["state"] != "login" && $net2ftp_globals["state"] != "login_small" && |
652 | $net2ftp_globals["state"] != "login" && $net2ftp_globals["state"] != "login_small" && |
653 | $net2ftp_globals["state"] != "logout" && $_SESSION["net2ftp_password_encrypted_" . $net2ftp_globals["ftpserver"] . $net2ftp_globals["username"]] == "") { |
653 | $net2ftp_globals["state"] != "logout" && $_SESSION["net2ftp_password_encrypted_" . $net2ftp_globals["ftpserver"] . $net2ftp_globals["username"]] == "") { |
654 | $net2ftp_globals["state"] = "login"; |
654 | $net2ftp_globals["state"] = "login"; |
655 | $net2ftp_globals["state2"] = ""; |
655 | $net2ftp_globals["state2"] = ""; |
656 | } */ |
656 | } */ |
657 | 657 | ||
658 | // ------------------------------------------------------------------------- |
658 | // ------------------------------------------------------------------------- |
659 | // 6 COOKIE variabes |
659 | // 6 COOKIE variabes |
660 | // ------------------------------------------------------------------------- |
660 | // ------------------------------------------------------------------------- |
661 | if (isset($_COOKIE["net2ftpcookie_ftpserver"]) == true) { $net2ftp_globals["cookie_ftpserver"] = validateFtpserver($_COOKIE["net2ftpcookie_ftpserver"]); } |
661 | if (isset($_COOKIE["net2ftpcookie_ftpserver"]) == true) { $net2ftp_globals["cookie_ftpserver"] = validateFtpserver($_COOKIE["net2ftpcookie_ftpserver"]); } |
662 | else { $net2ftp_globals["cookie_ftpserver"] = ""; } |
662 | else { $net2ftp_globals["cookie_ftpserver"] = ""; } |
663 | if (isset($_COOKIE["net2ftpcookie_ftpserverport"]) == true) { $net2ftp_globals["cookie_ftpserverport"] = validateFtpserverport($_COOKIE["net2ftpcookie_ftpserverport"]); } |
663 | if (isset($_COOKIE["net2ftpcookie_ftpserverport"]) == true) { $net2ftp_globals["cookie_ftpserverport"] = validateFtpserverport($_COOKIE["net2ftpcookie_ftpserverport"]); } |
664 | else { $net2ftp_globals["cookie_ftpserverport"] = ""; } |
664 | else { $net2ftp_globals["cookie_ftpserverport"] = ""; } |
665 | if (isset($_COOKIE["net2ftpcookie_username"]) == true) { $net2ftp_globals["cookie_username"] = validateUsername($_COOKIE["net2ftpcookie_username"]); } |
665 | if (isset($_COOKIE["net2ftpcookie_username"]) == true) { $net2ftp_globals["cookie_username"] = validateUsername($_COOKIE["net2ftpcookie_username"]); } |
666 | else { $net2ftp_globals["cookie_username"] = ""; } |
666 | else { $net2ftp_globals["cookie_username"] = ""; } |
667 | if (isset($_COOKIE["net2ftpcookie_language"]) == true) { $net2ftp_globals["cookie_language"] = validateLanguage($_COOKIE["net2ftpcookie_language"]); } |
667 | if (isset($_COOKIE["net2ftpcookie_language"]) == true) { $net2ftp_globals["cookie_language"] = validateLanguage($_COOKIE["net2ftpcookie_language"]); } |
668 | else { $net2ftp_globals["cookie_language"] = ""; } |
668 | else { $net2ftp_globals["cookie_language"] = ""; } |
669 | if (isset($_COOKIE["net2ftpcookie_skin"]) == true) { $net2ftp_globals["cookie_skin"] = validateSkin($_COOKIE["net2ftpcookie_skin"]); } |
669 | if (isset($_COOKIE["net2ftpcookie_skin"]) == true) { $net2ftp_globals["cookie_skin"] = validateSkin($_COOKIE["net2ftpcookie_skin"]); } |
670 | else { $net2ftp_globals["cookie_skin"] = ""; } |
670 | else { $net2ftp_globals["cookie_skin"] = ""; } |
671 | if (isset($_COOKIE["net2ftpcookie_ftpmode"]) == true) { $net2ftp_globals["cookie_ftpmode"] = validateFtpmode($_COOKIE["net2ftpcookie_ftpmode"]); } |
671 | if (isset($_COOKIE["net2ftpcookie_ftpmode"]) == true) { $net2ftp_globals["cookie_ftpmode"] = validateFtpmode($_COOKIE["net2ftpcookie_ftpmode"]); } |
672 | else { $net2ftp_globals["cookie_ftpmode"] = ""; } |
672 | else { $net2ftp_globals["cookie_ftpmode"] = ""; } |
673 | if (isset($_COOKIE["net2ftpcookie_passivemode"]) == true) { $net2ftp_globals["cookie_passivemode"] = validatePassivemode($_COOKIE["net2ftpcookie_passivemode"]); } |
673 | if (isset($_COOKIE["net2ftpcookie_passivemode"]) == true) { $net2ftp_globals["cookie_passivemode"] = validatePassivemode($_COOKIE["net2ftpcookie_passivemode"]); } |
674 | else { $net2ftp_globals["cookie_passivemode"] = ""; } |
674 | else { $net2ftp_globals["cookie_passivemode"] = ""; } |
675 | if (isset($_COOKIE["net2ftpcookie_sslconnect"]) == true) { $net2ftp_globals["cookie_sslconnect"] = validateSslconnect($_COOKIE["net2ftpcookie_sslconnect"]); } |
675 | if (isset($_COOKIE["net2ftpcookie_sslconnect"]) == true) { $net2ftp_globals["cookie_sslconnect"] = validateSslconnect($_COOKIE["net2ftpcookie_sslconnect"]); } |
676 | else { $net2ftp_globals["cookie_sslconnect"] = ""; } |
676 | else { $net2ftp_globals["cookie_sslconnect"] = ""; } |
677 | if (isset($_COOKIE["net2ftpcookie_viewmode"]) == true) { $net2ftp_globals["cookie_viewmode"] = validateViewmode($_COOKIE["net2ftpcookie_viewmode"]); } |
677 | if (isset($_COOKIE["net2ftpcookie_viewmode"]) == true) { $net2ftp_globals["cookie_viewmode"] = validateViewmode($_COOKIE["net2ftpcookie_viewmode"]); } |
678 | else { $net2ftp_globals["cookie_viewmode"] = ""; } |
678 | else { $net2ftp_globals["cookie_viewmode"] = ""; } |
679 | if (isset($_COOKIE["net2ftpcookie_directory"]) == true) { $net2ftp_globals["cookie_directory"] = validateDirectory($_COOKIE["net2ftpcookie_directory"]); } |
679 | if (isset($_COOKIE["net2ftpcookie_directory"]) == true) { $net2ftp_globals["cookie_directory"] = validateDirectory($_COOKIE["net2ftpcookie_directory"]); } |
680 | else { $net2ftp_globals["cookie_directory"] = ""; } |
680 | else { $net2ftp_globals["cookie_directory"] = ""; } |
681 | if (isset($_COOKIE["net2ftpcookie_sort"]) == true) { $net2ftp_globals["cookie_sort"] = validateSort($_COOKIE["net2ftpcookie_sort"]); } |
681 | if (isset($_COOKIE["net2ftpcookie_sort"]) == true) { $net2ftp_globals["cookie_sort"] = validateSort($_COOKIE["net2ftpcookie_sort"]); } |
682 | else { $net2ftp_globals["cookie_sort"] = ""; } |
682 | else { $net2ftp_globals["cookie_sort"] = ""; } |
683 | if (isset($_COOKIE["net2ftpcookie_sortorder"]) == true) { $net2ftp_globals["cookie_sortorder"] = validateSortorder($_COOKIE["net2ftpcookie_sortorder"]); } |
683 | if (isset($_COOKIE["net2ftpcookie_sortorder"]) == true) { $net2ftp_globals["cookie_sortorder"] = validateSortorder($_COOKIE["net2ftpcookie_sortorder"]); } |
684 | else { $net2ftp_globals["cookie_sortorder"] = ""; } |
684 | else { $net2ftp_globals["cookie_sortorder"] = ""; } |
685 | 685 | ||
686 | 686 | ||
687 | // ------------------------------------------------------------------------- |
687 | // ------------------------------------------------------------------------- |
688 | // 7 Get information about the browser and protocol |
688 | // 7 Get information about the browser and protocol |
689 | // ------------------------------------------------------------------------- |
689 | // ------------------------------------------------------------------------- |
690 | $net2ftp_globals["browser_agent"] = getBrowser("agent"); |
690 | $net2ftp_globals["browser_agent"] = getBrowser("agent"); |
691 | $net2ftp_globals["browser_version"] = getBrowser("version"); |
691 | $net2ftp_globals["browser_version"] = getBrowser("version"); |
692 | $net2ftp_globals["browser_platform"] = getBrowser("platform"); |
692 | $net2ftp_globals["browser_platform"] = getBrowser("platform"); |
693 | 693 | ||
694 | 694 | ||
695 | 695 | ||
696 | 696 | ||
697 | 697 | ||
698 | // ************************************************************************************** |
698 | // ************************************************************************************** |
699 | // ************************************************************************************** |
699 | // ************************************************************************************** |
700 | // ** ** |
700 | // ** ** |
701 | // ** ** |
701 | // ** ** |
702 | 702 | ||
703 | function remove_magic_quotes(&$x, $keyname="") { |
703 | function remove_magic_quotes(&$x, $keyname="") { |
704 | 704 | ||
705 | // http://www.php.net/manual/en/configuration.php#ini.magic-quotes-gpc (by the way: gpc = get post cookie) |
705 | // http://www.php.net/manual/en/configuration.php#ini.magic-quotes-gpc (by the way: gpc = get post cookie) |
706 | // if (magic_quotes_gpc == 1), then PHP converts automatically " --> \", ' --> \' |
706 | // if (magic_quotes_gpc == 1), then PHP converts automatically " --> \", ' --> \' |
707 | // Has only to be done when getting info from get post cookie |
707 | // Has only to be done when getting info from get post cookie |
708 | if (get_magic_quotes_gpc() == 1) { |
708 | if (get_magic_quotes_gpc() == 1) { |
709 | 709 | ||
710 | if (is_array($x)) { |
710 | if (is_array($x)) { |
711 | while (list($key,$value) = each($x)) { |
711 | while (list($key,$value) = each($x)) { |
712 | if ($value) { remove_magic_quotes($x[$key],$key); } |
712 | if ($value) { remove_magic_quotes($x[$key],$key); } |
713 | } |
713 | } |
714 | } |
714 | } |
715 | else { |
715 | else { |
716 | $quote = "'"; |
716 | $quote = "'"; |
717 | $doublequote = "\""; |
717 | $doublequote = "\""; |
718 | $backslash = "\\"; |
718 | $backslash = "\\"; |
719 | 719 | ||
720 | $x = str_replace("$backslash$quote", $quote, $x); |
720 | $x = str_replace("$backslash$quote", $quote, $x); |
721 | $x = str_replace("$backslash$doublequote", $doublequote, $x); |
721 | $x = str_replace("$backslash$doublequote", $doublequote, $x); |
722 | $x = str_replace("$backslash$backslash", $backslash, $x); |
722 | $x = str_replace("$backslash$backslash", $backslash, $x); |
723 | } |
723 | } |
724 | 724 | ||
725 | } // end if get_magic_quotes_gpc |
725 | } // end if get_magic_quotes_gpc |
726 | 726 | ||
727 | return $x; |
727 | return $x; |
728 | 728 | ||
729 | } // end function remove_magic_quotes |
729 | } // end function remove_magic_quotes |
730 | 730 | ||
731 | // ** ** |
731 | // ** ** |
732 | // ** ** |
732 | // ** ** |
733 | // ************************************************************************************** |
733 | // ************************************************************************************** |
734 | // ************************************************************************************** |
734 | // ************************************************************************************** |
735 | 735 | ||
736 | 736 | ||
737 | 737 | ||
738 | 738 | ||
739 | 739 | ||
740 | // ************************************************************************************** |
740 | // ************************************************************************************** |
741 | // ************************************************************************************** |
741 | // ************************************************************************************** |
742 | // ** ** |
742 | // ** ** |
743 | // ** ** |
743 | // ** ** |
744 | 744 | ||
745 | function validateFtpserver($ftpserver) { |
745 | function validateFtpserver($ftpserver) { |
746 | 746 | ||
747 | // -------------- |
747 | // -------------- |
748 | // Input: " ftp://something.domainname.com:123/directory/file " |
748 | // Input: " ftp://something.domainname.com:123/directory/file " |
749 | // Output: "something.domainname.com" |
749 | // Output: "something.domainname.com" |
750 | // -------------- |
750 | // -------------- |
751 | 751 | ||
752 | // Remove invisible characters in the beginning and at the end |
752 | // Remove invisible characters in the beginning and at the end |
753 | $ftpserver = trim($ftpserver); |
753 | $ftpserver = trim($ftpserver); |
754 | 754 | ||
755 | // Remove possible "ftp://" |
755 | // Remove possible "ftp://" |
756 | if (substr($ftpserver, 0, 6) == "ftp://") { |
756 | if (substr($ftpserver, 0, 6) == "ftp://") { |
757 | $ftpserver = substr($ftpserver, 6); |
757 | $ftpserver = substr($ftpserver, 6); |
758 | } |
758 | } |
759 | 759 | ||
760 | // Remove a possible port nr ":123" |
760 | // Remove a possible port nr ":123" |
761 | if (preg_match("/(.*)[:]{1}[0-9]+/", $ftpserver, $regs) == true) { |
761 | if (preg_match("/(.*)[:]{1}[0-9]+/", $ftpserver, $regs) == true) { |
762 | $ftpserver = $regs[1]; |
762 | $ftpserver = $regs[1]; |
763 | } |
763 | } |
764 | 764 | ||
765 | // Remove a possible trailing / or \ |
765 | // Remove a possible trailing / or \ |
766 | // Remove a possible directory and file "/directory/file" |
766 | // Remove a possible directory and file "/directory/file" |
767 | if (preg_match("/[\\/\\\\]*(.*)[\\/\\\\]{1,}.*/", $ftpserver, $regs) == true) { |
767 | if (preg_match("/[\\/\\\\]*(.*)[\\/\\\\]{1,}.*/", $ftpserver, $regs) == true) { |
768 | // Any characters like / or \ |
768 | // Any characters like / or \ |
769 | // Anything |
769 | // Anything |
770 | // Followed by at least one / or \ |
770 | // Followed by at least one / or \ |
771 | // Followed by any characters |
771 | // Followed by any characters |
772 | $ftpserver = $regs[1]; |
772 | $ftpserver = $regs[1]; |
773 | } |
773 | } |
774 | 774 | ||
775 | // FTP server may only contain specific characters |
775 | // FTP server may only contain specific characters |
776 | $ftpserver = preg_replace("/[^A-Za-z0-9._-]/", "", $ftpserver); |
776 | $ftpserver = preg_replace("/[^A-Za-z0-9._-]/", "", $ftpserver); |
777 | 777 | ||
778 | return $ftpserver; |
778 | return $ftpserver; |
779 | 779 | ||
780 | } // end validateFTPserver |
780 | } // end validateFTPserver |
781 | 781 | ||
782 | // ** ** |
782 | // ** ** |
783 | // ** ** |
783 | // ** ** |
784 | // ************************************************************************************** |
784 | // ************************************************************************************** |
785 | // ************************************************************************************** |
785 | // ************************************************************************************** |
786 | 786 | ||
787 | 787 | ||
788 | 788 | ||
789 | 789 | ||
790 | 790 | ||
791 | // ************************************************************************************** |
791 | // ************************************************************************************** |
792 | // ************************************************************************************** |
792 | // ************************************************************************************** |
793 | // ** ** |
793 | // ** ** |
794 | // ** ** |
794 | // ** ** |
795 | 795 | ||
796 | function validateFtpserverport($ftpserverport) { |
796 | function validateFtpserverport($ftpserverport) { |
797 | 797 | ||
798 | // -------------- |
798 | // -------------- |
799 | // This function validates the FTP server port |
799 | // This function validates the FTP server port |
800 | // -------------- |
800 | // -------------- |
801 | 801 | ||
802 | // Remove invisible characters in the beginning and at the end |
802 | // Remove invisible characters in the beginning and at the end |
803 | $ftpserverport = trim($ftpserverport); |
803 | $ftpserverport = trim($ftpserverport); |
804 | 804 | ||
805 | // FTP server port must be numeric and > 0 and < 65536, else set it to 21 |
805 | // FTP server port must be numeric and > 0 and < 65536, else set it to 21 |
806 | if (is_numeric($ftpserverport) != true || $ftpserverport < 0 || $ftpserverport > 65536) { |
806 | if (is_numeric($ftpserverport) != true || $ftpserverport < 0 || $ftpserverport > 65536) { |
807 | $ftpserverport = 21; |
807 | $ftpserverport = 21; |
808 | } |
808 | } |
809 | 809 | ||
810 | return $ftpserverport; |
810 | return $ftpserverport; |
811 | 811 | ||
812 | } // end validateFtpserverport |
812 | } // end validateFtpserverport |
813 | 813 | ||
814 | // ** ** |
814 | // ** ** |
815 | // ** ** |
815 | // ** ** |
816 | // ************************************************************************************** |
816 | // ************************************************************************************** |
817 | // ************************************************************************************** |
817 | // ************************************************************************************** |
818 | 818 | ||
819 | 819 | ||
820 | 820 | ||
821 | 821 | ||
822 | 822 | ||
823 | // ************************************************************************************** |
823 | // ************************************************************************************** |
824 | // ************************************************************************************** |
824 | // ************************************************************************************** |
825 | // ** ** |
825 | // ** ** |
826 | // ** ** |
826 | // ** ** |
827 | 827 | ||
828 | function validateUsername($username) { |
828 | function validateUsername($username) { |
829 | 829 | ||
830 | // -------------- |
830 | // -------------- |
831 | // This function validates the username |
831 | // This function validates the username |
832 | // -------------- |
832 | // -------------- |
833 | 833 | ||
834 | // Remove invisible characters in the beginning and at the end |
834 | // Remove invisible characters in the beginning and at the end |
835 | $username = trim($username); |
835 | $username = trim($username); |
836 | 836 | ||
837 | // Username may only contain specific characters |
837 | // Username may only contain specific characters |
838 | // $username = preg_replace("/[^A-Za-z0-9@+._\\/-]/", "", $username); |
838 | // $username = preg_replace("/[^A-Za-z0-9@+._\\/-]/", "", $username); |
839 | 839 | ||
840 | return $username; |
840 | return $username; |
841 | 841 | ||
842 | } // end validateUsername |
842 | } // end validateUsername |
843 | 843 | ||
844 | // ** ** |
844 | // ** ** |
845 | // ** ** |
845 | // ** ** |
846 | // ************************************************************************************** |
846 | // ************************************************************************************** |
847 | // ************************************************************************************** |
847 | // ************************************************************************************** |
848 | 848 | ||
849 | 849 | ||
850 | 850 | ||
851 | 851 | ||
852 | 852 | ||
853 | // ************************************************************************************** |
853 | // ************************************************************************************** |
854 | // ************************************************************************************** |
854 | // ************************************************************************************** |
855 | // ** ** |
855 | // ** ** |
856 | // ** ** |
856 | // ** ** |
857 | 857 | ||
858 | function validatePasswordEncrypted($password_encrypted) { |
858 | function validatePasswordEncrypted($password_encrypted) { |
859 | 859 | ||
860 | // -------------- |
860 | // -------------- |
861 | // This function validates the encrypted password |
861 | // This function validates the encrypted password |
862 | // -------------- |
862 | // -------------- |
863 | 863 | ||
864 | // Remove invisible characters in the beginning and at the end |
864 | // Remove invisible characters in the beginning and at the end |
865 | $password_encrypted = trim($password_encrypted); |
865 | $password_encrypted = trim($password_encrypted); |
866 | 866 | ||
867 | // Encrypted password may only contain specific characters |
867 | // Encrypted password may only contain specific characters |
868 | $password_encrypted = preg_replace("/[^A-Fa-f0-9]/", "", $password_encrypted); |
868 | $password_encrypted = preg_replace("/[^A-Fa-f0-9]/", "", $password_encrypted); |
869 | 869 | ||
870 | return $password_encrypted; |
870 | return $password_encrypted; |
871 | 871 | ||
872 | } // end validatePasswordEncrypted |
872 | } // end validatePasswordEncrypted |
873 | 873 | ||
874 | // ** ** |
874 | // ** ** |
875 | // ** ** |
875 | // ** ** |
876 | // ************************************************************************************** |
876 | // ************************************************************************************** |
877 | // ************************************************************************************** |
877 | // ************************************************************************************** |
878 | 878 | ||
879 | 879 | ||
880 | 880 | ||
881 | 881 | ||
882 | 882 | ||
883 | // ************************************************************************************** |
883 | // ************************************************************************************** |
884 | // ************************************************************************************** |
884 | // ************************************************************************************** |
885 | // ** ** |
885 | // ** ** |
886 | // ** ** |
886 | // ** ** |
887 | 887 | ||
888 | function validatePassword($password) { |
888 | function validatePassword($password) { |
889 | 889 | ||
890 | // -------------- |
890 | // -------------- |
891 | // This function validates the plain password |
891 | // This function validates the plain password |
892 | // -------------- |
892 | // -------------- |
893 | 893 | ||
894 | // Remove invisible characters in the beginning and at the end |
894 | // Remove invisible characters in the beginning and at the end |
895 | $password = trim($password); |
895 | $password = trim($password); |
896 | 896 | ||
897 | return $password; |
897 | return $password; |
898 | 898 | ||
899 | } // end validatePassword |
899 | } // end validatePassword |
900 | 900 | ||
901 | // ** ** |
901 | // ** ** |
902 | // ** ** |
902 | // ** ** |
903 | // ************************************************************************************** |
903 | // ************************************************************************************** |
904 | // ************************************************************************************** |
904 | // ************************************************************************************** |
905 | 905 | ||
906 | 906 | ||
907 | 907 | ||
908 | 908 | ||
909 | 909 | ||
910 | // ************************************************************************************** |
910 | // ************************************************************************************** |
911 | // ************************************************************************************** |
911 | // ************************************************************************************** |
912 | // ** ** |
912 | // ** ** |
913 | // ** ** |
913 | // ** ** |
914 | 914 | ||
915 | function validateLanguage($language) { |
915 | function validateLanguage($language) { |
916 | 916 | ||
917 | // -------------- |
917 | // -------------- |
918 | // This function validates the language |
918 | // This function validates the language |
919 | // -------------- |
919 | // -------------- |
920 | 920 | ||
921 | global $net2ftp_settings; |
921 | global $net2ftp_settings; |
922 | $languageArray = getLanguageArray(); |
922 | $languageArray = getLanguageArray(); |
923 | if (isset($languageArray[$language]) == true) { |
923 | if (isset($languageArray[$language]) == true) { |
924 | return $language; |
924 | return $language; |
925 | } |
925 | } |
926 | elseif (isset($_COOKIE["net2ftpcookie_language"]) == true && isset($languageArray[$_COOKIE["net2ftpcookie_language"]]) == true) { |
926 | elseif (isset($_COOKIE["net2ftpcookie_language"]) == true && isset($languageArray[$_COOKIE["net2ftpcookie_language"]]) == true) { |
927 | return $_COOKIE["net2ftpcookie_language"]; |
927 | return $_COOKIE["net2ftpcookie_language"]; |
928 | } |
928 | } |
929 | elseif (isset($languageArray[$net2ftp_settings["default_language"]]) == true){ |
929 | elseif (isset($languageArray[$net2ftp_settings["default_language"]]) == true){ |
930 | return $net2ftp_settings["default_language"]; |
930 | return $net2ftp_settings["default_language"]; |
931 | } |
931 | } |
932 | else { |
932 | else { |
933 | return "en"; |
933 | return "en"; |
934 | } |
934 | } |
935 | 935 | ||
936 | } // end validateLanguage |
936 | } // end validateLanguage |
937 | 937 | ||
938 | // ** ** |
938 | // ** ** |
939 | // ** ** |
939 | // ** ** |
940 | // ************************************************************************************** |
940 | // ************************************************************************************** |
941 | // ************************************************************************************** |
941 | // ************************************************************************************** |
942 | 942 | ||
943 | 943 | ||
944 | 944 | ||
945 | 945 | ||
946 | 946 | ||
947 | // ************************************************************************************** |
947 | // ************************************************************************************** |
948 | // ************************************************************************************** |
948 | // ************************************************************************************** |
949 | // ** ** |
949 | // ** ** |
950 | // ** ** |
950 | // ** ** |
951 | 951 | ||
952 | function validateSkin($skin) { |
952 | function validateSkin($skin) { |
953 | 953 | ||
954 | // -------------- |
954 | // -------------- |
955 | // This function validates the skin |
955 | // This function validates the skin |
956 | // -------------- |
956 | // -------------- |
957 | 957 | ||
958 | global $net2ftp_settings; |
958 | global $net2ftp_settings; |
959 | $skinArray = getSkinArray(); |
959 | $skinArray = getSkinArray(); |
960 | if (isset($skinArray[$skin]) == true) { |
960 | if (isset($skinArray[$skin]) == true) { |
961 | return $skin; |
961 | return $skin; |
962 | } |
962 | } |
963 | elseif (isset($_COOKIE["net2ftpcookie_skin"]) == true && isset($skinArray[$_COOKIE["net2ftpcookie_skin"]]) == true) { |
963 | elseif (isset($_COOKIE["net2ftpcookie_skin"]) == true && isset($skinArray[$_COOKIE["net2ftpcookie_skin"]]) == true) { |
964 | return $_COOKIE["net2ftpcookie_skin"]; |
964 | return $_COOKIE["net2ftpcookie_skin"]; |
965 | } |
965 | } |
966 | else { |
966 | else { |
967 | if (defined("_VALID_MOS") == true) { return "mambo"; } |
967 | if (defined("_VALID_MOS") == true) { return "mambo"; } |
968 | elseif (defined("CACHE_PERMANENT") == true) { return "drupal"; } |
968 | elseif (defined("CACHE_PERMANENT") == true) { return "drupal"; } |
969 | elseif (defined("XOOPS_ROOT_PATH") == true) { return "xoops"; } |
969 | elseif (defined("XOOPS_ROOT_PATH") == true) { return "xoops"; } |
970 | elseif (getBrowser("platform") == "Mobile") { return "mobile"; } |
970 | elseif (getBrowser("platform") == "Mobile") { return "mobile"; } |
971 | elseif (isset($skinArray[$net2ftp_settings["default_skin"]]) == true){ return $net2ftp_settings["default_skin"]; } |
971 | elseif (isset($skinArray[$net2ftp_settings["default_skin"]]) == true){ return $net2ftp_settings["default_skin"]; } |
972 | else { return "india"; } |
972 | else { return "india"; } |
973 | } |
973 | } |
974 | 974 | ||
975 | } // end validateSkin |
975 | } // end validateSkin |
976 | 976 | ||
977 | // ** ** |
977 | // ** ** |
978 | // ** ** |
978 | // ** ** |
979 | // ************************************************************************************** |
979 | // ************************************************************************************** |
980 | // ************************************************************************************** |
980 | // ************************************************************************************** |
981 | 981 | ||
982 | 982 | ||
983 | 983 | ||
984 | 984 | ||
985 | 985 | ||
986 | // ************************************************************************************** |
986 | // ************************************************************************************** |
987 | // ************************************************************************************** |
987 | // ************************************************************************************** |
988 | // ** ** |
988 | // ** ** |
989 | // ** ** |
989 | // ** ** |
990 | 990 | ||
991 | function validateFtpmode($ftpmode) { |
991 | function validateFtpmode($ftpmode) { |
992 | 992 | ||
993 | // -------------- |
993 | // -------------- |
994 | // This function validates the FTP mode |
994 | // This function validates the FTP mode |
995 | // -------------- |
995 | // -------------- |
996 | 996 | ||
997 | if ($ftpmode == "ascii" || $ftpmode == "binary" || $ftpmode == "automatic") { |
997 | if ($ftpmode == "ascii" || $ftpmode == "binary" || $ftpmode == "automatic") { |
998 | return $ftpmode; |
998 | return $ftpmode; |
999 | } |
999 | } |
1000 | elseif (isset($_COOKIE["net2ftpcookie_ftpmode"]) == true && ($_COOKIE["net2ftpcookie_ftpmode"] == "ascii" || $_COOKIE["net2ftpcookie_ftpmode"] == "binary" || $_COOKIE["net2ftpcookie_ftpmode"] == "automatic")) { |
1000 | elseif (isset($_COOKIE["net2ftpcookie_ftpmode"]) == true && ($_COOKIE["net2ftpcookie_ftpmode"] == "ascii" || $_COOKIE["net2ftpcookie_ftpmode"] == "binary" || $_COOKIE["net2ftpcookie_ftpmode"] == "automatic")) { |
1001 | return $_COOKIE["net2ftpcookie_ftpmode"]; |
1001 | return $_COOKIE["net2ftpcookie_ftpmode"]; |
1002 | } |
1002 | } |
1003 | else { |
1003 | else { |
1004 | // Before PHP version 4.3.11, bug 27633 can cause problems in ASCII mode ==> use BINARY mode |
1004 | // Before PHP version 4.3.11, bug 27633 can cause problems in ASCII mode ==> use BINARY mode |
1005 | // As from PHP version 4.3.11, bug 27633 is fixed ==> use Automatic mode |
1005 | // As from PHP version 4.3.11, bug 27633 is fixed ==> use Automatic mode |
1006 | if (version_compare(phpversion(), "4.3.11", "<")) { return "binary"; } |
1006 | if (version_compare(phpversion(), "4.3.11", "<")) { return "binary"; } |
1007 | else { return "automatic"; } |
1007 | else { return "automatic"; } |
1008 | } |
1008 | } |
1009 | 1009 | ||
1010 | } // end validateFtpmode |
1010 | } // end validateFtpmode |
1011 | 1011 | ||
1012 | // ** ** |
1012 | // ** ** |
1013 | // ** ** |
1013 | // ** ** |
1014 | // ************************************************************************************** |
1014 | // ************************************************************************************** |
1015 | // ************************************************************************************** |
1015 | // ************************************************************************************** |
1016 | 1016 | ||
1017 | 1017 | ||
1018 | 1018 | ||
1019 | 1019 | ||
1020 | 1020 | ||
1021 | // ************************************************************************************** |
1021 | // ************************************************************************************** |
1022 | // ************************************************************************************** |
1022 | // ************************************************************************************** |
1023 | // ** ** |
1023 | // ** ** |
1024 | // ** ** |
1024 | // ** ** |
1025 | 1025 | ||
1026 | function validatePassivemode($passivemode) { |
1026 | function validatePassivemode($passivemode) { |
1027 | 1027 | ||
1028 | // -------------- |
1028 | // -------------- |
1029 | // This function validates the passive mode |
1029 | // This function validates the passive mode |
1030 | // -------------- |
1030 | // -------------- |
1031 | 1031 | ||
1032 | if ($passivemode != "yes") { |
1032 | if ($passivemode != "yes") { |
1033 | $passivemode = "no"; |
1033 | $passivemode = "no"; |
1034 | } |
1034 | } |
1035 | return $passivemode; |
1035 | return $passivemode; |
1036 | 1036 | ||
1037 | } // end validatePassivemode |
1037 | } // end validatePassivemode |
1038 | 1038 | ||
1039 | // ** ** |
1039 | // ** ** |
1040 | // ** ** |
1040 | // ** ** |
1041 | // ************************************************************************************** |
1041 | // ************************************************************************************** |
1042 | // ************************************************************************************** |
1042 | // ************************************************************************************** |
1043 | 1043 | ||
1044 | 1044 | ||
1045 | 1045 | ||
1046 | 1046 | ||
1047 | 1047 | ||
1048 | // ************************************************************************************** |
1048 | // ************************************************************************************** |
1049 | // ************************************************************************************** |
1049 | // ************************************************************************************** |
1050 | // ** ** |
1050 | // ** ** |
1051 | // ** ** |
1051 | // ** ** |
1052 | 1052 | ||
1053 | function validateSslconnect($sslmode) { |
1053 | function validateSslconnect($sslmode) { |
1054 | 1054 | ||
1055 | // -------------- |
1055 | // -------------- |
1056 | // This function validates the SSL mode |
1056 | // This function validates the SSL mode |
1057 | // -------------- |
1057 | // -------------- |
1058 | 1058 | ||
1059 | if ($sslmode != "yes") { |
1059 | if ($sslmode != "yes") { |
1060 | $sslmode = "no"; |
1060 | $sslmode = "no"; |
1061 | } |
1061 | } |
1062 | return $sslmode; |
1062 | return $sslmode; |
1063 | 1063 | ||
1064 | } // end validateSslconnect |
1064 | } // end validateSslconnect |
1065 | 1065 | ||
1066 | // ** ** |
1066 | // ** ** |
1067 | // ** ** |
1067 | // ** ** |
1068 | // ************************************************************************************** |
1068 | // ************************************************************************************** |
1069 | // ************************************************************************************** |
1069 | // ************************************************************************************** |
1070 | 1070 | ||
1071 | 1071 | ||
1072 | 1072 | ||
1073 | 1073 | ||
1074 | 1074 | ||
1075 | // ************************************************************************************** |
1075 | // ************************************************************************************** |
1076 | // ************************************************************************************** |
1076 | // ************************************************************************************** |
1077 | // ** ** |
1077 | // ** ** |
1078 | // ** ** |
1078 | // ** ** |
1079 | 1079 | ||
1080 | function validateViewmode($viewmode) { |
1080 | function validateViewmode($viewmode) { |
1081 | 1081 | ||
1082 | // -------------- |
1082 | // -------------- |
1083 | // This function validates the view mode |
1083 | // This function validates the view mode |
1084 | // -------------- |
1084 | // -------------- |
1085 | 1085 | ||
1086 | if ($viewmode != "icons") { |
1086 | if ($viewmode != "icons") { |
1087 | $viewmode = "list"; |
1087 | $viewmode = "list"; |
1088 | } |
1088 | } |
1089 | return $viewmode; |
1089 | return $viewmode; |
1090 | 1090 | ||
1091 | } // end validateViewmode |
1091 | } // end validateViewmode |
1092 | 1092 | ||
1093 | // ** ** |
1093 | // ** ** |
1094 | // ** ** |
1094 | // ** ** |
1095 | // ************************************************************************************** |
1095 | // ************************************************************************************** |
1096 | // ************************************************************************************** |
1096 | // ************************************************************************************** |
1097 | 1097 | ||
1098 | 1098 | ||
1099 | 1099 | ||
1100 | 1100 | ||
1101 | 1101 | ||
1102 | // ************************************************************************************** |
1102 | // ************************************************************************************** |
1103 | // ************************************************************************************** |
1103 | // ************************************************************************************** |
1104 | // ** ** |
1104 | // ** ** |
1105 | // ** ** |
1105 | // ** ** |
1106 | 1106 | ||
1107 | function validateSort($sort) { |
1107 | function validateSort($sort) { |
1108 | 1108 | ||
1109 | // -------------- |
1109 | // -------------- |
1110 | // This function validates the sorting criteria |
1110 | // This function validates the sorting criteria |
1111 | // -------------- |
1111 | // -------------- |
1112 | 1112 | ||
1113 | if ( $sort != "" && |
1113 | if ( $sort != "" && |
1114 | $sort != "dirfilename" && |
1114 | $sort != "dirfilename" && |
1115 | $sort != "type" && |
1115 | $sort != "type" && |
1116 | $sort != "size" && |
1116 | $sort != "size" && |
1117 | $sort != "owner" && |
1117 | $sort != "owner" && |
1118 | $sort != "group" && |
1118 | $sort != "group" && |
1119 | $sort != "permissions" && |
1119 | $sort != "permissions" && |
1120 | $sort != "mtime") { |
1120 | $sort != "mtime") { |
1121 | $sort = "dirfilename"; |
1121 | $sort = "dirfilename"; |
1122 | } |
1122 | } |
1123 | return $sort; |
1123 | return $sort; |
1124 | 1124 | ||
1125 | } // end validateSort |
1125 | } // end validateSort |
1126 | 1126 | ||
1127 | // ** ** |
1127 | // ** ** |
1128 | // ** ** |
1128 | // ** ** |
1129 | // ************************************************************************************** |
1129 | // ************************************************************************************** |
1130 | // ************************************************************************************** |
1130 | // ************************************************************************************** |
1131 | 1131 | ||
1132 | 1132 | ||
1133 | 1133 | ||
1134 | 1134 | ||
1135 | 1135 | ||
1136 | // ************************************************************************************** |
1136 | // ************************************************************************************** |
1137 | // ************************************************************************************** |
1137 | // ************************************************************************************** |
1138 | // ** ** |
1138 | // ** ** |
1139 | // ** ** |
1139 | // ** ** |
1140 | 1140 | ||
1141 | function validateSortorder($sortorder) { |
1141 | function validateSortorder($sortorder) { |
1142 | 1142 | ||
1143 | // -------------- |
1143 | // -------------- |
1144 | // This function validates the sort order |
1144 | // This function validates the sort order |
1145 | // -------------- |
1145 | // -------------- |
1146 | 1146 | ||
1147 | if ( $sortorder != "" && |
1147 | if ( $sortorder != "" && |
1148 | $sortorder != "descending") { |
1148 | $sortorder != "descending") { |
1149 | $sortorder = "ascending"; |
1149 | $sortorder = "ascending"; |
1150 | } |
1150 | } |
1151 | return $sortorder; |
1151 | return $sortorder; |
1152 | 1152 | ||
1153 | } // end validateSortorder |
1153 | } // end validateSortorder |
1154 | 1154 | ||
1155 | // ** ** |
1155 | // ** ** |
1156 | // ** ** |
1156 | // ** ** |
1157 | // ************************************************************************************** |
1157 | // ************************************************************************************** |
1158 | // ************************************************************************************** |
1158 | // ************************************************************************************** |
1159 | 1159 | ||
1160 | 1160 | ||
1161 | 1161 | ||
1162 | 1162 | ||
1163 | 1163 | ||
1164 | // ************************************************************************************** |
1164 | // ************************************************************************************** |
1165 | // ************************************************************************************** |
1165 | // ************************************************************************************** |
1166 | // ** ** |
1166 | // ** ** |
1167 | // ** ** |
1167 | // ** ** |
1168 | 1168 | ||
1169 | function validateState($state) { |
1169 | function validateState($state) { |
1170 | 1170 | ||
1171 | // -------------- |
1171 | // -------------- |
1172 | // This function validates the state variable |
1172 | // This function validates the state variable |
1173 | // -------------- |
1173 | // -------------- |
1174 | 1174 | ||
1175 | $statelist[] = "admin"; |
1175 | $statelist[] = "admin"; |
1176 | $statelist[] = "admin_createtables"; |
1176 | $statelist[] = "admin_createtables"; |
1177 | $statelist[] = "admin_emptylogs"; |
1177 | $statelist[] = "admin_emptylogs"; |
1178 | $statelist[] = "admin_viewlogs"; |
1178 | $statelist[] = "admin_viewlogs"; |
1179 | $statelist[] = "advanced"; |
1179 | $statelist[] = "advanced"; |
1180 | $statelist[] = "advanced_ftpserver"; |
1180 | $statelist[] = "advanced_ftpserver"; |
1181 | $statelist[] = "advanced_parsing"; |
1181 | $statelist[] = "advanced_parsing"; |
1182 | $statelist[] = "advanced_webserver"; |
1182 | $statelist[] = "advanced_webserver"; |
1183 | $statelist[] = "bookmark"; |
1183 | $statelist[] = "bookmark"; |
1184 | $statelist[] = "browse"; |
1184 | $statelist[] = "browse"; |
1185 | $statelist[] = "calculatesize"; |
1185 | $statelist[] = "calculatesize"; |
1186 | $statelist[] = "chmod"; |
1186 | $statelist[] = "chmod"; |
1187 | $statelist[] = "clearcookies"; |
1187 | $statelist[] = "clearcookies"; |
1188 | $statelist[] = "copymovedelete"; |
1188 | $statelist[] = "copymovedelete"; |
1189 | $statelist[] = "downloadfile"; |
1189 | $statelist[] = "downloadfile"; |
1190 | $statelist[] = "downloadzip"; |
1190 | $statelist[] = "downloadzip"; |
1191 | $statelist[] = "edit"; |
1191 | $statelist[] = "edit"; |
1192 | $statelist[] = "findstring"; |
1192 | $statelist[] = "findstring"; |
1193 | $statelist[] = "followsymlink"; |
1193 | $statelist[] = "followsymlink"; |
1194 | $statelist[] = "install"; |
1194 | $statelist[] = "install"; |
1195 | $statelist[] = "jupload"; |
1195 | $statelist[] = "jupload"; |
1196 | $statelist[] = "login"; |
1196 | $statelist[] = "login"; |
1197 | $statelist[] = "login_small"; |
1197 | $statelist[] = "login_small"; |
1198 | $statelist[] = "logout"; |
1198 | $statelist[] = "logout"; |
1199 | $statelist[] = "newdir"; |
1199 | $statelist[] = "newdir"; |
1200 | $statelist[] = "newfile"; |
1200 | $statelist[] = "newfile"; |
1201 | $statelist[] = "raw"; |
1201 | $statelist[] = "raw"; |
1202 | $statelist[] = "rename"; |
1202 | $statelist[] = "rename"; |
1203 | $statelist[] = "unzip"; |
1203 | $statelist[] = "unzip"; |
1204 | $statelist[] = "upload"; |
1204 | $statelist[] = "upload"; |
1205 | $statelist[] = "view"; |
1205 | $statelist[] = "view"; |
1206 | $statelist[] = "zip"; |
1206 | $statelist[] = "zip"; |
1207 | 1207 | ||
1208 | if (in_array($state, $statelist) == false) { |
1208 | if (in_array($state, $statelist) == false) { |
1209 | $state = "login"; |
1209 | $state = "login"; |
1210 | } |
1210 | } |
1211 | 1211 | ||
1212 | return $state; |
1212 | return $state; |
1213 | 1213 | ||
1214 | } // end validateState |
1214 | } // end validateState |
1215 | 1215 | ||
1216 | // ** ** |
1216 | // ** ** |
1217 | // ** ** |
1217 | // ** ** |
1218 | // ************************************************************************************** |
1218 | // ************************************************************************************** |
1219 | // ************************************************************************************** |
1219 | // ************************************************************************************** |
1220 | 1220 | ||
1221 | 1221 | ||
1222 | 1222 | ||
1223 | 1223 | ||
1224 | 1224 | ||
1225 | // ************************************************************************************** |
1225 | // ************************************************************************************** |
1226 | // ************************************************************************************** |
1226 | // ************************************************************************************** |
1227 | // ** ** |
1227 | // ** ** |
1228 | // ** ** |
1228 | // ** ** |
1229 | 1229 | ||
1230 | function validateState2($state2) { |
1230 | function validateState2($state2) { |
1231 | 1231 | ||
1232 | // -------------- |
1232 | // -------------- |
1233 | // This function validates the state2 variable |
1233 | // This function validates the state2 variable |
1234 | // -------------- |
1234 | // -------------- |
1235 | 1235 | ||
1236 | if ($state2 != "") { |
1236 | if ($state2 != "") { |
1237 | 1237 | ||
1238 | // State2 may only contain specific characters |
1238 | // State2 may only contain specific characters |
1239 | $state2 = preg_replace("/[^A-Za-z0-9_-]/", "", $state2); |
1239 | $state2 = preg_replace("/[^A-Za-z0-9_-]/", "", $state2); |
1240 | } |
1240 | } |
1241 | 1241 | ||
1242 | return $state2; |
1242 | return $state2; |
1243 | 1243 | ||
1244 | } // end validateState2 |
1244 | } // end validateState2 |
1245 | 1245 | ||
1246 | // ** ** |
1246 | // ** ** |
1247 | // ** ** |
1247 | // ** ** |
1248 | // ************************************************************************************** |
1248 | // ************************************************************************************** |
1249 | // ************************************************************************************** |
1249 | // ************************************************************************************** |
1250 | 1250 | ||
1251 | 1251 | ||
1252 | 1252 | ||
1253 | 1253 | ||
1254 | 1254 | ||
1255 | // ************************************************************************************** |
1255 | // ************************************************************************************** |
1256 | // ************************************************************************************** |
1256 | // ************************************************************************************** |
1257 | // ** ** |
1257 | // ** ** |
1258 | // ** ** |
1258 | // ** ** |
1259 | 1259 | ||
1260 | function validateEntry($entry) { |
1260 | function validateEntry($entry) { |
1261 | 1261 | ||
1262 | // -------------- |
1262 | // -------------- |
1263 | // This function validates the entry |
1263 | // This function validates the entry |
1264 | // Remove the following characters \/:*?"<>| |
1264 | // Remove the following characters \/:*?"<>| |
1265 | // -------------- |
1265 | // -------------- |
1266 | 1266 | ||
1267 | // Remove \ / : * ? < > | |
1267 | // Remove \ / : * ? < > | |
1268 | $entry = preg_replace("/[\\\\\\/\\:\\*\\?\\<\\>\\|]/", "", $entry); |
1268 | $entry = preg_replace("/[\\\\\\/\\:\\*\\?\\<\\>\\|]/", "", $entry); |
1269 | 1269 | ||
1270 | return $entry; |
1270 | return $entry; |
1271 | 1271 | ||
1272 | } // end validateEntry |
1272 | } // end validateEntry |
1273 | 1273 | ||
1274 | // ** ** |
1274 | // ** ** |
1275 | // ** ** |
1275 | // ** ** |
1276 | // ************************************************************************************** |
1276 | // ************************************************************************************** |
1277 | // ************************************************************************************** |
1277 | // ************************************************************************************** |
1278 | 1278 | ||
1279 | 1279 | ||
1280 | 1280 | ||
1281 | 1281 | ||
1282 | 1282 | ||
1283 | // ************************************************************************************** |
1283 | // ************************************************************************************** |
1284 | // ************************************************************************************** |
1284 | // ************************************************************************************** |
1285 | // ** ** |
1285 | // ** ** |
1286 | // ** ** |
1286 | // ** ** |
1287 | 1287 | ||
1288 | function validateScreen($screen) { |
1288 | function validateScreen($screen) { |
1289 | 1289 | ||
1290 | // -------------- |
1290 | // -------------- |
1291 | // This function validates the screen variable |
1291 | // This function validates the screen variable |
1292 | // -------------- |
1292 | // -------------- |
1293 | 1293 | ||
1294 | if ($screen != 1 && $screen != 2 && $screen != 3) { |
1294 | if ($screen != 1 && $screen != 2 && $screen != 3) { |
1295 | $screen = 1; |
1295 | $screen = 1; |
1296 | } |
1296 | } |
1297 | return $screen; |
1297 | return $screen; |
1298 | 1298 | ||
1299 | } // end validateScreen |
1299 | } // end validateScreen |
1300 | 1300 | ||
1301 | // ** ** |
1301 | // ** ** |
1302 | // ** ** |
1302 | // ** ** |
1303 | // ************************************************************************************** |
1303 | // ************************************************************************************** |
1304 | // ************************************************************************************** |
1304 | // ************************************************************************************** |
1305 | 1305 | ||
1306 | 1306 | ||
1307 | 1307 | ||
1308 | 1308 | ||
1309 | 1309 | ||
1310 | // ************************************************************************************** |
1310 | // ************************************************************************************** |
1311 | // ************************************************************************************** |
1311 | // ************************************************************************************** |
1312 | // ** ** |
1312 | // ** ** |
1313 | // ** ** |
1313 | // ** ** |
1314 | 1314 | ||
1315 | function validateDirectory($directory) { |
1315 | function validateDirectory($directory) { |
1316 | 1316 | ||
1317 | // -------------- |
1317 | // -------------- |
1318 | // Input: "/dir1/dir2/dir3/../../dir4/dir5" |
1318 | // Input: "/dir1/dir2/dir3/../../dir4/dir5" |
1319 | // Output: "/dir1/dir4/dir5" |
1319 | // Output: "/dir1/dir4/dir5" |
1320 | // Remove the following characters \/:*?"<>| |
1320 | // Remove the following characters \/:*?"<>| |
1321 | // -------------- |
1321 | // -------------- |
1322 | 1322 | ||
1323 | // ------------------------------------------------------------------------- |
1323 | // ------------------------------------------------------------------------- |
1324 | // Nothing to do if the directory is the root directory |
1324 | // Nothing to do if the directory is the root directory |
1325 | // ------------------------------------------------------------------------- |
1325 | // ------------------------------------------------------------------------- |
1326 | if ($directory == "") { return ""; } |
1326 | if ($directory == "") { return ""; } |
1327 | elseif ($directory == "/") { return "/"; } |
1327 | elseif ($directory == "/") { return "/"; } |
1328 | 1328 | ||
1329 | // ------------------------------------------------------------------------- |
1329 | // ------------------------------------------------------------------------- |
1330 | // Check if the directory contains ".." |
1330 | // Check if the directory contains ".." |
1331 | // ------------------------------------------------------------------------- |
1331 | // ------------------------------------------------------------------------- |
1332 | if (strpos($directory, "..") === false) { |
1332 | if (strpos($directory, "..") === false) { |
1333 | $directory = "/" . stripDirectory($directory); |
1333 | $directory = "/" . stripDirectory($directory); |
1334 | } |
1334 | } |
1335 | else { |
1335 | else { |
1336 | $directory = stripDirectory($directory); |
1336 | $directory = stripDirectory($directory); |
1337 | 1337 | ||
1338 | // Split down into parts |
1338 | // Split down into parts |
1339 | // directoryparts[0] contains the first part, directoryparts[1] the second,... |
1339 | // directoryparts[0] contains the first part, directoryparts[1] the second,... |
1340 | $directoryparts = explode("/", $directory); |
1340 | $directoryparts = explode("/", $directory); |
1341 | 1341 | ||
1342 | // Start from the end |
1342 | // Start from the end |
1343 | // If you encounter N times a "..", do not take into account the next N parts which are not ".." |
1343 | // If you encounter N times a "..", do not take into account the next N parts which are not ".." |
1344 | // Example: "/dir1/dir2/dir3/../../dir4/dir5" ----> "/dir1/dir4/dir5" |
1344 | // Example: "/dir1/dir2/dir3/../../dir4/dir5" ----> "/dir1/dir4/dir5" |
1345 | $doubledotcounter = 0; |
1345 | $doubledotcounter = 0; |
1346 | $newdirectory = ""; |
1346 | $newdirectory = ""; |
1347 | $sizeof_directoryparts = sizeof($directoryparts); |
1347 | $sizeof_directoryparts = sizeof($directoryparts); |
1348 | for ($i=$sizeof_directoryparts-1; $i>=0; $i=$i-1) { |
1348 | for ($i=$sizeof_directoryparts-1; $i>=0; $i=$i-1) { |
1349 | if ($directoryparts[$i] == "..") { $doubledotcounter = $doubledotcounter + 1; } |
1349 | if ($directoryparts[$i] == "..") { $doubledotcounter = $doubledotcounter + 1; } |
1350 | else { |
1350 | else { |
1351 | if ($doubledotcounter == 0) { $newdirectory = $directoryparts[$i] . "/" . $newdirectory; } // Add the new part in front |
1351 | if ($doubledotcounter == 0) { $newdirectory = $directoryparts[$i] . "/" . $newdirectory; } // Add the new part in front |
1352 | elseif ($doubledotcounter > 0) { $doubledotcounter = $doubledotcounter - 1; } // Don't add the part, and reduce the counter by 1 |
1352 | elseif ($doubledotcounter > 0) { $doubledotcounter = $doubledotcounter - 1; } // Don't add the part, and reduce the counter by 1 |
1353 | } |
1353 | } |
1354 | } // end for |
1354 | } // end for |
1355 | 1355 | ||
1356 | $directory = "/" . stripDirectory($newdirectory); |
1356 | $directory = "/" . stripDirectory($newdirectory); |
1357 | 1357 | ||
1358 | } // end if else |
1358 | } // end if else |
1359 | 1359 | ||
1360 | // Remove : * ? " < > | |
1360 | // Remove : * ? " < > | |
1361 | // $directory = preg_replace("/[\\:\\*\\?\\\"\\<\\>\\|]/", "", $directory); |
1361 | // $directory = preg_replace("/[\\:\\*\\?\\\"\\<\\>\\|]/", "", $directory); |
1362 | 1362 | ||
1363 | // Remove : * ? < > | |
1363 | // Remove : * ? < > | |
1364 | $directory = preg_replace("/[\\:\\*\\?\\<\\>\\|]/", "", $directory); |
1364 | $directory = preg_replace("/[\\:\\*\\?\\<\\>\\|]/", "", $directory); |
1365 | 1365 | ||
1366 | return $directory; |
1366 | return $directory; |
1367 | 1367 | ||
1368 | } // end validateDirectory |
1368 | } // end validateDirectory |
1369 | 1369 | ||
1370 | // ** ** |
1370 | // ** ** |
1371 | // ** ** |
1371 | // ** ** |
1372 | // ************************************************************************************** |
1372 | // ************************************************************************************** |
1373 | // ************************************************************************************** |
1373 | // ************************************************************************************** |
1374 | 1374 | ||
1375 | 1375 | ||
1376 | 1376 | ||
1377 | 1377 | ||
1378 | 1378 | ||
1379 | // ************************************************************************************** |
1379 | // ************************************************************************************** |
1380 | // ************************************************************************************** |
1380 | // ************************************************************************************** |
1381 | // ** ** |
1381 | // ** ** |
1382 | // ** ** |
1382 | // ** ** |
1383 | 1383 | ||
1384 | function validateFileGetContents($file) { |
1384 | function validateFileGetContents($file) { |
1385 | 1385 | ||
1386 | // -------------- |
1386 | // -------------- |
1387 | // This function validates a filename; it may not contain ../ or ..\ or %00 |
1387 | // This function validates a filename; it may not contain ../ or ..\ or %00 |
1388 | // This is used to secure tiny_mce_gzip.php |
1388 | // This is used to secure tiny_mce_gzip.php |
1389 | // -------------- |
1389 | // -------------- |
1390 | 1390 | ||
1391 | $file = str_replace("../", "", $file); |
1391 | $file = str_replace("../", "", $file); |
1392 | $file = str_replace("..\\", "", $file); |
1392 | $file = str_replace("..\\", "", $file); |
1393 | $file = str_replace("%00", "", $file); |
1393 | $file = str_replace("%00", "", $file); |
1394 | return $file; |
1394 | return $file; |
1395 | 1395 | ||
1396 | } // end validateFileGetContents |
1396 | } // end validateFileGetContents |
1397 | 1397 | ||
1398 | // ** ** |
1398 | // ** ** |
1399 | // ** ** |
1399 | // ** ** |
1400 | // ************************************************************************************** |
1400 | // ************************************************************************************** |
1401 | // ************************************************************************************** |
1401 | // ************************************************************************************** |
1402 | 1402 | ||
1403 | 1403 | ||
1404 | 1404 | ||
1405 | 1405 | ||
1406 | 1406 | ||
1407 | // ************************************************************************************** |
1407 | // ************************************************************************************** |
1408 | // ************************************************************************************** |
1408 | // ************************************************************************************** |
1409 | // ** ** |
1409 | // ** ** |
1410 | // ** ** |
1410 | // ** ** |
1411 | 1411 | ||
1412 | function validateGenericInput($input) { |
1412 | function validateGenericInput($input) { |
1413 | 1413 | ||
1414 | // -------------- |
1414 | // -------------- |
1415 | // Remove the following characters <> |
1415 | // Remove the following characters <> |
1416 | // -------------- |
1416 | // -------------- |
1417 | 1417 | ||
1418 | $input = preg_replace("/\\<\\>]/", "", $input); |
1418 | $input = preg_replace("/\\<\\>]/", "", $input); |
1419 | return $input; |
1419 | return $input; |
1420 | 1420 | ||
1421 | } // end validateGenericInput |
1421 | } // end validateGenericInput |
1422 | 1422 | ||
1423 | // ** ** |
1423 | // ** ** |
1424 | // ** ** |
1424 | // ** ** |
1425 | // ************************************************************************************** |
1425 | // ************************************************************************************** |
1426 | // ************************************************************************************** |
1426 | // ************************************************************************************** |
1427 | 1427 | ||
1428 | 1428 | ||
1429 | 1429 | ||
1430 | 1430 | ||
1431 | 1431 | ||
1432 | // ************************************************************************************** |
1432 | // ************************************************************************************** |
1433 | // ************************************************************************************** |
1433 | // ************************************************************************************** |
1434 | // ** ** |
1434 | // ** ** |
1435 | // ** ** |
1435 | // ** ** |
1436 | 1436 | ||
1437 | function validateTextareaType($textareaType) { |
1437 | function validateTextareaType($textareaType) { |
1438 | 1438 | ||
1439 | // -------------- |
1439 | // -------------- |
1440 | // Remove the following characters <> |
1440 | // Remove the following characters <> |
1441 | // -------------- |
1441 | // -------------- |
1442 | 1442 | ||
1443 | if ( $textareaType != "plain" && |
1443 | if ( $textareaType != "plain" && |
1444 | $textareaType != "fckeditor" && |
1444 | $textareaType != "fckeditor" && |
1445 | $textareaType != "tinymce" && |
1445 | $textareaType != "tinymce" && |
1446 | $textareaType != "codepress") { |
1446 | $textareaType != "codepress") { |
1447 | $textareaType = "plain"; |
1447 | $textareaType = "plain"; |
1448 | } |
1448 | } |
1449 | return $textareaType; |
1449 | return $textareaType; |
1450 | 1450 | ||
1451 | } // end validateTextareaType |
1451 | } // end validateTextareaType |
1452 | 1452 | ||
1453 | // ** ** |
1453 | // ** ** |
1454 | // ** ** |
1454 | // ** ** |
1455 | // ************************************************************************************** |
1455 | // ************************************************************************************** |
1456 | // ************************************************************************************** |
1456 | // ************************************************************************************** |
1457 | 1457 | ||
1458 | ?> |
1458 | ?> |
1459 | 1459 |