当前位置: 首页>>代码示例>>PHP>>正文


PHP filepath_is_safe函数代码示例

本文整理汇总了PHP中filepath_is_safe函数的典型用法代码示例。如果您正苦于以下问题:PHP filepath_is_safe函数的具体用法?PHP filepath_is_safe怎么用?PHP filepath_is_safe使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了filepath_is_safe函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: i18n_merge_impl

/**
 * i18n Merge Implementation
 *
 * Does the merging of a plugin's language file with the global $i18n language
 *
 * @since 3.0
 * @author mvlcek
 * @uses GSPLUGINPATH
 *
 * @param string $plugin null if merging in core langs
 * @param string $lang
 * @param string $globali18n
 * @return bool
 */
function i18n_merge_impl($plugin, $lang, &$globali18n)
{
    $i18n = array();
    // local from file
    if (!isset($globali18n)) {
        $globali18n = array();
    }
    //global ref to $i18n
    $path = $plugin ? GSPLUGINPATH . $plugin . '/lang/' : GSLANGPATH;
    $filename = $path . $lang . '.php';
    $prefix = $plugin ? $plugin . '/' : '';
    if (!filepath_is_safe($filename, $path) || !file_exists($filename)) {
        return false;
    }
    include $filename;
    // if core lang and glboal is empty assign
    if (!$plugin && !$globali18n && count($i18n) > 0) {
        $globali18n = $i18n;
        return true;
    }
    // replace on per key basis
    if (count($i18n) > 0) {
        foreach ($i18n as $code => $text) {
            if (!array_key_exists($prefix . $code, $globali18n)) {
                $globali18n[$prefix . $code] = $text;
            }
        }
    }
    return true;
}
开发者ID:Kevinf63,项目名称:KevPortfolio,代码行数:44,代码来源:basic.php

示例2: login_cookie_check

 * Displays the log file passed to it 
 *
 * @package GetSimple
 * @subpackage Support
 */
// Setup inclusions
$load['plugin'] = true;
include 'inc/common.php';
// Variable Settings
login_cookie_check();
$log_name = var_out(isset($_GET['log']) ? $_GET['log'] : '');
$log_path = GSDATAOTHERPATH . 'logs/';
$log_file = $log_path . $log_name;
$whois_url = 'http://whois.arin.net/rest/ip/';
// filepath_is_safe returns false if file does nt exist
if (!isset($log_name) || !filepath_is_safe($log_file, $log_path)) {
    $log_data = false;
}
if (isset($_GET['action']) && $_GET['action'] == 'delete' && strlen($log_name) > 0) {
    // check for csrf
    if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) {
        $nonce = $_GET['nonce'];
        if (!check_nonce($nonce, "delete")) {
            die("CSRF detected!");
        }
    }
    unlink($log_file);
    exec_action('logfile_delete');
    redirect('support.php?success=' . urlencode('Log ' . $log_name . i18n_r('MSG_HAS_BEEN_CLR')));
}
if (!isset($log_data)) {
开发者ID:hatasu,项目名称:appdroid,代码行数:31,代码来源:log.php

示例3: delete_bak

    delete_bak($id);
    redirect("backups.php?upd=bak-success&id=" . $id);
} elseif ($p == 'restore') {
    // check for csrf
    if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) {
        $nonce = $_GET['nonce'];
        if (!check_nonce($nonce, "restore", "backup-edit.php")) {
            die("CSRF detected!");
        }
    }
    if (isset($_GET['new'])) {
        updateSlugs($_GET['new'], $id);
        restore_bak($id);
        $existing = GSDATAPAGESPATH . $_GET['new'] . ".xml";
        $bakfile = GSBACKUPSPATH . "pages/" . $_GET['new'] . ".bak.xml";
        if (!filepath_is_safe($existing, GSDATAPAGESPATH)) {
            die;
        }
        copy($existing, $bakfile);
        unlink($existing);
        redirect("edit.php?id=" . $id . "&old=" . $_GET['new'] . "&upd=edit-success&type=restore");
    } else {
        restore_bak($id);
        redirect("edit.php?id=" . $id . "&upd=edit-success&type=restore");
    }
}
get_template('header', cl($SITENAME) . ' » ' . i18n_r('BAK_MANAGEMENT') . ' » ' . i18n_r('VIEWPAGE_TITLE'));
?>
	
<?php 
include 'template/include-nav.php';
开发者ID:hatasu,项目名称:appdroid,代码行数:31,代码来源:backup-edit.php

示例4: die

    if ($_GET['t'] && is_dir(GSTHEMESPATH . $_GET['t'] . '/')) {
        $template = $_GET['t'];
    }
}
if (isset($_GET['f'])) {
    $_GET['f'] = $_GET['f'];
    if ($_GET['f'] && is_file(GSTHEMESPATH . $template . '/' . $_GET['f'])) {
        $template_file = $_GET['f'];
    }
}
# if no template is selected, use the default
if ($template_file == '') {
    $template_file = 'template.php';
}
$themepath = GSTHEMESPATH . $template . DIRECTORY_SEPARATOR;
if (!filepath_is_safe($themepath . $template_file, GSTHEMESPATH, true)) {
    die;
}
# check for form submission
if (isset($_POST['submitsave'])) {
    # check for csrf
    if (!defined('GSNOCSRF') || GSNOCSRF == FALSE) {
        $nonce = $_POST['nonce'];
        if (!check_nonce($nonce, "save")) {
            die("CSRF detected!");
        }
    }
    # save edited template file
    $SavedFile = $_POST['edited_file'];
    $FileContents = get_magic_quotes_gpc() ? stripslashes($_POST['content']) : $_POST['content'];
    $fh = fopen(GSTHEMESPATH . $SavedFile, 'w') or die("can't open file");
开发者ID:hatasu,项目名称:appdroid,代码行数:31,代码来源:theme-edit.php

示例5: restore_backup

/**
 * Restore From Backup to custom destintation
 * source locked to GSBACKUPSPATH
 *
 * @since 3.4
 *
 * @param string $backfilepath filepath to backup file
 * @param string $destination  filepath retore to
 * @return bool success
 */
function restore_backup($bakfilepath, $destination)
{
    if (!filepath_is_safe($bakfilepath, GSBACKUPSPATH)) {
        return false;
    }
    return copy_file($bakfilepath, $destination);
}
开发者ID:kix23,项目名称:GetSimpleCMS,代码行数:17,代码来源:template_functions.php

示例6: login_cookie_check

include 'inc/common.php';
login_cookie_check();
exec_action('load-backup-edit');
# get page url to display
if ($_GET['id'] != '') {
    $id = $_GET['id'];
    $file = getBackupName($id, 'xml');
    $draft = isset($_GET['draft']);
    // (bool) using draft pages
    if ($draft) {
        $path = GSBACKUPSPATH . getRelPath(GSDATADRAFTSPATH, GSDATAPATH);
    } else {
        $path = GSBACKUPSPATH . getRelPath(GSDATAPAGESPATH, GSDATAPATH);
    }
    // backups/pages/
    if (!filepath_is_safe($path . $file, $path)) {
        die;
    }
    $data = getXML($path . $file);
    $title = htmldecode($data->title);
    $pubDate = $data->pubDate;
    $parent = $data->parent;
    $metak = htmldecode($data->meta);
    $metad = htmldecode($data->metad);
    $url = $data->url;
    $content = htmldecode($data->content);
    $private = $data->private;
    $template = $data->template;
    $menu = htmldecode($data->menu);
    $menuStatus = $data->menuStatus;
    $menuOrder = $data->menuOrder;
开发者ID:kix23,项目名称:GetSimpleCMS,代码行数:31,代码来源:backup-edit.php

示例7: i18n_merge_impl

/**
 * i18n Merge Implementation
 *
 * Does the merging of a plugin's language file with the global $i18n language
 *
 * @since 3.0
 * @author mvlcek
 * @uses GSPLUGINPATH
 *
 * @param string $plugin null if merging in core langs
 * @param string $lang
 * @param string $globali18n
 * @return bool
 */
function i18n_merge_impl($plugin = '', $lang, &$globali18n)
{
    $i18n = array();
    // local from file
    if (!isset($globali18n)) {
        $globali18n = array();
    }
    //global ref to $i18n
    $path = isset($plugin) && $plugin !== '' ? GSPLUGINPATH . $plugin . '/lang/' : GSLANGPATH;
    $filename = $path . $lang . '.php';
    $prefix = $plugin ? $plugin . '/' : '';
    // @todo being overly safe here since we are direclty including input that can come from anywhere
    if (!filepath_is_safe($filename, $path) || !file_exists($filename)) {
        return false;
    }
    include $filename;
    // if core lang and glboal is empty assign
    if (!$plugin && !$globali18n && count($i18n) > 0) {
        $globali18n = $i18n;
        return true;
    }
    // replace on per key basis
    if (count($i18n) > 0) {
        foreach ($i18n as $code => $text) {
            if (!array_key_exists($prefix . $code, $globali18n)) {
                $globali18n[$prefix . $code] = $text;
            }
        }
    }
    return true;
}
开发者ID:kix23,项目名称:GetSimpleCMS,代码行数:45,代码来源:basic.php

示例8: login_cookie_check

 * Download Files
 *
 * Forces the download of file types
 *
 * @package GetSimple
 * @subpackage Download
 */
// Setup inclusions
$load['plugin'] = true;
// Include common.php
include 'inc/common.php';
login_cookie_check();
# check if all variables are set
if (isset($_GET['file'])) {
    $file = removerelativepath($_GET['file']);
    if (!filepath_is_safe($file, GSDATAUPLOADPATH) && !filepath_is_safe($file, GSBACKUPSPATH . DIRECTORY_SEPARATOR . 'zip')) {
        die;
    }
    $extention = pathinfo($file, PATHINFO_EXTENSION);
    header("Content-disposition: attachment; filename=" . $file);
    # set content headers
    if ($extention == 'zip') {
        header("Content-type: application/octet-stream");
    } elseif ($extention == 'gz') {
        header("Content-type: application/x-gzip");
    } elseif ($extention == 'mpg') {
        header("Content-type: video/mpeg");
    } elseif ($extention == 'jpg' || $extention == 'jpeg') {
        header("Content-type: image/jpeg");
    } elseif ($extention == 'txt' || $extention == 'log') {
        header("Content-type: text/plain");
开发者ID:Foltys,项目名称:Masopust,代码行数:31,代码来源:download.php

示例9: check_for_csrf

 */
# setup inclusions
$load['plugin'] = true;
include 'inc/common.php';
if (getDef('GSALLOWRESETPASS', true) === false) {
    die;
}
if (isset($_POST['submitted'])) {
    check_for_csrf("reset_password");
    $randSleep = rand(250000, 2000000);
    // random sleep for .25 to 2 seconds
    if (isset($_POST['username']) and !empty($_POST['username'])) {
        # user filename
        $file = _id($_POST['username']) . '.xml';
        # get user information from existing XML file
        if (filepath_is_safe(GSUSERSPATH . $file, GSUSERSPATH) && file_exists(GSUSERSPATH . $file)) {
            $data = getXML(GSUSERSPATH . $file);
            $userid = strtolower($data->USR);
            $EMAIL = $data->EMAIL;
            if (strtolower($_POST['username']) === $userid) {
                # create new random password
                $random = createRandomPassword();
                // $random = '1234';
                # create backup
                backup_datafile(GSUSERSPATH . $file);
                # copy user file into password change trigger file
                $flagfile = GSUSERSPATH . getPWDresetName(_id($userid), 'xml');
                copy_file(GSUSERSPATH . $file, $flagfile);
                # change password and resave xml file
                $data->PWD = passhash($random);
                $status = XMLsave($data, GSUSERSPATH . $file);
开发者ID:kix23,项目名称:GetSimpleCMS,代码行数:31,代码来源:resetpassword.php

示例10: delete_draft_backup

/**
 * Delete Draft Backup File
 *
 * @since 3.4
 *
 * @param string $id File ID to delete
 * @return bool success
 */
function delete_draft_backup($id)
{
    $filepath = GSBACKUPSPATH . getRelPath(GSDATADRAFTSPATH, GSDATAPATH);
    // backups/pages/
    $file = $filepath . $bakpagespath . $id . ".bak.xml";
    if (filepath_is_safe($file, $filepath)) {
        return delete_file($file, $filepath);
    }
}
开发者ID:kazami0083,项目名称:GetSimple,代码行数:17,代码来源:template_functions.php

示例11: exec_action

exec_action('load-image');
// Variable Settings
$subPath = isset($_GET['path']) ? $_GET['path'] : "";
if ($subPath != '') {
    $subPath = tsl($subPath);
}
$uploadsPath = GSDATAUPLOADPATH;
$uploadsPathRel = getRelPath(GSDATAUPLOADPATH);
$thumbPathRel = getRelPath(GSTHUMBNAILPATH);
$src = strippath($_GET['i']);
$thumb_folder = GSTHUMBNAILPATH . $subPath;
$src_folder = $uploadsPath;
$src_url = tsl($SITEURL) . $uploadsPathRel . $subPath;
$thumb_folder_rel = $thumbPathRel . $subPath;
$thumb_url = tsl($SITEURL) . $thumb_folder_rel;
if (!filepath_is_safe($src_folder . $subPath . $src, GSDATAUPLOADPATH)) {
    redirect("upload.php");
}
// handle jcrop thumbnail creation
if ($_SERVER['REQUEST_METHOD'] == 'POST' && matchArrayAll(array('x', 'y', 'w', 'h'), array_keys($_POST))) {
    exec_action('image-crop');
    $x = (int) $_POST['x'];
    $y = (int) $_POST['y'];
    $w = (int) $_POST['w'];
    $h = (int) $_POST['h'];
    $max = 10000;
    // set a max to prevent excessive processing injections
    if ($x < $max && $y < $max && $w < $max && $h < $max) {
        require_once 'inc/imagemanipulation.php';
        $objImage = new ImageManipulation($src_folder . $subPath . $src);
        if ($objImage->imageok) {
开发者ID:kix23,项目名称:GetSimpleCMS,代码行数:31,代码来源:image.php

示例12: tsl

    }
    return;
}
$themepath = GSTHEMESPATH . tsl($template);
// prevent traversal
if ($template_file != '' and !filepath_is_safe($themepath . $template_file, $themepath)) {
    die(i18n_r('INVALID_OPER'));
}
# check for form submission
if (isset($_POST['submitsave'])) {
    check_for_csrf("save");
    # save edited template file
    $filename = $_POST['edited_file'];
    $FileContents = get_magic_quotes_gpc() ? stripslashes($_POST['content']) : $_POST['content'];
    // prevent traversal
    if (!filepath_is_safe(GSTHEMESPATH . $filename, GSTHEMESPATH)) {
        die(i18n_r('INVALID_OPER'));
    }
    $status = save_file(GSTHEMESPATH . $filename, $FileContents);
    exec_action('theme-aftersave');
    // @hook theme-aftersave after a theme-edit file save
    if ($status) {
        $success = sprintf(i18n_r('TEMPLATE_FILE'), $filename);
    } else {
        $error = i18n_r('ERROR');
    }
    if (isset($_POST['ajaxsave'])) {
        echo "<div>";
        include 'template/error_checking.php';
        echo '<input id="nonce" name="nonce" type="hidden" value="' . get_nonce("save") . '" />';
        echo "</div>";
开发者ID:kix23,项目名称:GetSimpleCMS,代码行数:31,代码来源:theme-edit.php

示例13: pathinfo

$path_parts = pathinfo($from_name);
$file = basename($from_name);
$sub_path = dirname($from_name);
$outfile = $save_to_file ? basename($to_name) : null;
// if empty do not resize
if (empty($max_y)) {
    $max_y = null;
}
if (empty($max_x)) {
    $max_x = null;
}
// debugLog($file);
// debugLog($sub_path);
// debugLog($outfile);
// travesal protection
if (!filepath_is_safe(GSDATAUPLOADPATH . $sub_path . $file, GSDATAUPLOADPATH, true, true)) {
    die('invalid image');
}
// Debugging Request
// returns the imagemanipulation object json encoded,
// add base64 encoded image data ['data']
// add filesize ['bytes']
// add url to image if it was saved ['url']
if (isset($_REQUEST['debug']) || isset($_REQUEST['json'])) {
    ob_start();
    // $outfile = null;
}
// @todo: if needing to save as attachement from post, might need this else second request might be made with post data missing
// header('Content-Disposition: Attachment;filename='.$outfile);
$image = generate_thumbnail($file, $sub_path, $outfile, $max_x, $max_y, $crop, $image_quality, $show = true, $image_type);
if (isset($_REQUEST['debug']) || isset($_REQUEST['json'])) {
开发者ID:kix23,项目名称:GetSimpleCMS,代码行数:31,代码来源:thumb.php

示例14: preg_replace

        }
    }
    $TEMPLATE = preg_replace('/\\/+/', '/', $TEMPLATE);
    if (strlen($TEMPLATE) <= 0 || $TEMPLATE == '/') {
        unset($TEMPLATE);
    }
}
// Send back list of theme files from a certain directory for theme-edit.php
if (isset($TEMPLATE)) {
    $TEMPLATE_FILE = '';
    $template = '';
    $theme_templates = '';
    if ($template == '') {
        $template = 'template.php';
    }
    if (!filepath_is_safe(GSTHEMESPATH . $TEMPLATE, GSTHEMESPATH)) {
        die;
    }
    $templates = directoryToArray(GSTHEMESPATH . $TEMPLATE . '/', true);
    $allowed_extensions = array('php', 'css', 'js', 'html', 'htm');
    $theme_templates .= '<select class="text" id="theme_files" style="width:425px;" name="f" >';
    foreach ($templates as $file) {
        $extension = pathinfo($file, PATHINFO_EXTENSION);
        if (in_array($extension, $allowed_extensions)) {
            $filename = pathinfo($file, PATHINFO_BASENAME);
            $filenamefull = substr(strstr($file, '/theme/' . $TEMPLATE . '/'), strlen('/theme/' . $TEMPLATE . '/'));
            if ($TEMPLATE_FILE == $filename) {
                $sel = "selected";
            } else {
                $sel = "";
            }
开发者ID:elephantcode,项目名称:elephantcode,代码行数:31,代码来源:ajax.php

示例15: login_cookie_check

login_cookie_check();
// disable this entirely if not enabled
if (getdef('GSALLOWDOWNLOADS', true) === false) {
    die(i18n('NOT_ALLOWED'));
}
# check if all variables are set
if (isset($_GET['file'])) {
    $file = removerelativepath($_GET['file']);
    // check that this file is safe to access
    $archivesafe = filepath_is_safe($file, GSBACKUPSPATH . DIRECTORY_SEPARATOR . 'zip');
    // check for archives
    if ($archivesafe) {
        check_for_csrf("archive", "download.php");
    }
    // check archive nonce
    $filesafe = filepath_is_safe($file, GSDATAUPLOADPATH);
    // check for uploads
    if (!($filesafe || $archivesafe)) {
        die(i18n('NOT_ALLOWED'));
    }
    // file specified is non existant or LFI! WE DIE
    $extention = getFileExtension($file);
    header("Content-disposition: attachment; filename=" . $file);
    # set content headers
    if ($extention == 'zip') {
        header("Content-type: application/octet-stream");
    } elseif ($extention == 'gz') {
        header("Content-type: application/x-gzip");
    } elseif ($extention == 'mpg') {
        header("Content-type: video/mpeg");
    } elseif ($extention == 'jpg' || $extention == 'jpeg') {
开发者ID:HelgeSverre,项目名称:GetSimpleCMS,代码行数:31,代码来源:download.php


注:本文中的filepath_is_safe函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。