当前位置: 首页>>代码示例>>PHP>>正文


PHP Security::check_abs_path方法代码示例

本文整理汇总了PHP中Security::check_abs_path方法的典型用法代码示例。如果您正苦于以下问题:PHP Security::check_abs_path方法的具体用法?PHP Security::check_abs_path怎么用?PHP Security::check_abs_path使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在Security的用法示例。


在下文中一共展示了Security::check_abs_path方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: classicAction

 /**
  * @param string $name
  * @param Request $request
  * @return Response
  */
 public function classicAction($name, Request $request)
 {
     // get.
     $_GET = $request->query->all();
     // post.
     $_POST = $request->request->all();
     $rootDir = $this->get('kernel')->getRealRootDir();
     //$_REQUEST = $request->request->all();
     $mainPath = $rootDir . 'main/';
     $fileToLoad = $mainPath . $name;
     // Setting legacy values inside the container
     /** @var Connection $dbConnection */
     $dbConnection = $this->container->get('database_connection');
     $em = $this->get('kernel')->getContainer()->get('doctrine.orm.entity_manager');
     $database = new \Database($dbConnection, array());
     $database->setConnection($dbConnection);
     $database->setManager($em);
     Container::$container = $this->container;
     Container::$dataDir = $this->container->get('kernel')->getDataDir();
     Container::$courseDir = $this->container->get('kernel')->getDataDir();
     //Container::$configDir = $this->container->get('kernel')->getConfigDir();
     $this->container->get('twig')->addGlobal('api_get_cidreq', api_get_cidreq());
     //$breadcrumb = $this->container->get('chamilo_core.block.breadcrumb');
     if (is_file($fileToLoad) && \Security::check_abs_path($fileToLoad, $mainPath)) {
         // Files inside /main need this variables to be set
         $is_allowed_in_course = api_is_allowed_in_course();
         $is_courseAdmin = api_is_course_admin();
         $is_platformAdmin = api_is_platform_admin();
         $toolNameFromFile = basename(dirname($fileToLoad));
         $charset = 'UTF-8';
         // Default values
         $_course = api_get_course_info();
         $_user = api_get_user_info();
         $debug = $this->container->get('kernel')->getEnvironment() == 'dev' ? true : false;
         // Loading file
         ob_start();
         require_once $fileToLoad;
         $out = ob_get_contents();
         ob_end_clean();
         // No browser cache when executing an exercise.
         if ($name == 'exercice/exercise_submit.php') {
             $responseHeaders = array('cache-control' => 'no-store, no-cache, must-revalidate');
         }
         $js = isset($htmlHeadXtra) ? $htmlHeadXtra : array();
         // $interbreadcrumb is loaded in the require_once file.
         $interbreadcrumb = isset($interbreadcrumb) ? $interbreadcrumb : null;
         $template = Container::$legacyTemplate;
         $defaultLayout = 'layout_one_col.html.twig';
         if (!empty($template)) {
             $defaultLayout = $template;
         }
         return $this->render('ChamiloCoreBundle::' . $defaultLayout, array('legacy_breadcrumb' => $interbreadcrumb, 'content' => $out, 'js' => $js));
     } else {
         // Found does not exist
         throw new NotFoundHttpException();
     }
 }
开发者ID:omaoibrahim,项目名称:chamilo-lms,代码行数:62,代码来源:LegacyController.php

示例2: api_get_path

    $archive_path = api_get_path(SYS_ARCHIVE_PATH);
}
$archive_file = isset($_GET['archive']) ? $_GET['archive'] : null;
$archive_file = str_replace(array('..', '/', '\\'), '', $archive_file);
list($extension) = getextension($archive_file);
if (empty($extension) || !file_exists($archive_path . $archive_file)) {
    exit;
}
$extension = strtolower($extension);
$content_type = '';
if (in_array($extension, array('xml', 'csv')) && (api_is_platform_admin(true) || api_is_drh())) {
    $content_type = 'application/force-download';
} elseif ($extension == 'zip' && $_cid && (api_is_platform_admin(true) || $is_courseAdmin)) {
    $content_type = 'application/force-download';
}
if (empty($content_type)) {
    api_not_allowed(true);
}
if (Security::check_abs_path($archive_path . $archive_file, $archive_path)) {
    header('Expires: Wed, 01 Jan 1990 00:00:00 GMT');
    header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
    header('Cache-Control: public');
    header('Pragma: no-cache');
    header('Content-Type: ' . $content_type);
    header('Content-Length: ' . filesize($archive_path . $archive_file));
    header('Content-Disposition: attachment; filename=' . $archive_file);
    readfile($archive_path . $archive_file);
    exit;
} else {
    api_not_allowed(true);
}
开发者ID:annickvdp,项目名称:Chamilo1.9.10,代码行数:31,代码来源:download.php

示例3: api_is_allowed_to_edit

                                                    1 => Allow learners to delete their own publications = YES
        
        +------------------+------------------------------+----------------------------+
        |Can download work?|      doc visible for all = 0 |     doc visible for all = 1|
        +------------------+------------------------------+----------------------------+
        |  visibility = 0  | editor only                  | editor only                |
        |                  |                              |                            |
        +------------------+------------------------------+----------------------------+
        |  visibility = 1  | editor                       | editor                     |
        |                  | + owner of the work          | + any student              |
        +------------------+------------------------------+----------------------------+
        (editor = teacher + admin + anybody with right api_is_allowed_to_edit)
        */
        $work_is_visible = $item_info['visibility'] == 1 && $row['accepted'] == 1;
        $doc_visible_for_all = $course_info['show_score'] == 1;
        $is_editor = api_is_allowed_to_edit(true, true, true);
        $student_is_owner_of_work = user_is_author($row['id'], $row['user_id']);
        if ($is_editor || $student_is_owner_of_work || $doc_visible_for_all && $work_is_visible) {
            $title = str_replace(' ', '_', $row['title']);
            event_download($title);
            if (Security::check_abs_path($full_file_name, api_get_path(SYS_COURSE_PATH) . api_get_course_path() . '/')) {
                DocumentManager::file_send_for_download($full_file_name, true, $title);
            }
        } else {
            api_not_allowed();
        }
    }
} else {
    api_not_allowed();
}
exit;
开发者ID:ilosada,项目名称:chamilo-lms-icpna,代码行数:31,代码来源:download.php

示例4: downloadAllDeletedDocument

 /**
  * @param array $courseInfo
  * @param int $sessionId
  *
  * @return bool
  */
 public static function downloadAllDeletedDocument($courseInfo, $sessionId)
 {
     // Zip library for creation of the zip file.
     require api_get_path(LIBRARY_PATH) . 'pclzip/pclzip.lib.php';
     $files = self::getDeletedDocuments($courseInfo, $sessionId);
     if (empty($files)) {
         return false;
     }
     $coursePath = api_get_path(SYS_COURSE_PATH) . $courseInfo['path'] . '/document';
     // Creating a ZIP file.
     $tempZipFile = api_get_path(SYS_ARCHIVE_PATH) . api_get_unique_id() . ".zip";
     $zip = new PclZip($tempZipFile);
     foreach ($files as $file) {
         $zip->add($coursePath . $file['path'], PCLZIP_OPT_REMOVE_PATH, $coursePath);
     }
     if (Security::check_abs_path($tempZipFile, api_get_path(SYS_ARCHIVE_PATH))) {
         DocumentManager::file_send_for_download($tempZipFile, true);
         @unlink($tempZipFile);
         exit;
     }
 }
开发者ID:daffef,项目名称:chamilo-lms,代码行数:27,代码来源:document.lib.php

示例5: error_log

                //check if the document is in the database
                if (!DocumentManager::get_document_id($_course, $_REQUEST['file'])) {
                    //file not found!
                    if ($debug > 0) {
                        error_log("404 " . $_REQUEST["file"]);
                    }
                    header("HTTP/1.0 404 Not Found");
                    $error404 = '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">';
                    $error404 .= '<html><head>';
                    $error404 .= '<title>404 Not Found</title>';
                    $error404 .= '</head><body>';
                    $error404 .= '<h1>Not Found</h1>';
                    $error404 .= '<p>The requested URL was not found on this server.</p>';
                    $error404 .= '<hr>';
                    $error404 .= '</body></html>';
                    echo $error404;
                    exit;
                }
                $doc_url = str_replace('../', '', $_REQUEST['file']);
                if ($debug > 0) {
                    error_log($doc_url);
                }
                $full_file_name = $coursePath . $doc_url;
                if (Security::check_abs_path($full_file_name, $coursePath . '/')) {
                    DocumentManager::file_send_for_download($full_file_name, false);
                }
                exit;
            }
        }
    }
}
开发者ID:ilosada,项目名称:chamilo-lms-icpna,代码行数:31,代码来源:api.php

示例6: api_not_allowed

if (isset($_SESSION['oLP'])) {
    $obj = $_SESSION['oLP'];
} else {
    api_not_allowed();
}
//If is visible for the current user
if (!learnpath::is_lp_visible_for_student($obj->get_id(), api_get_user_id())) {
    api_not_allowed();
}
$doc_url = isset($_GET['doc_url']) ? $_GET['doc_url'] : null;
// Change the '&' that got rewritten to '///' by mod_rewrite back to '&'
$doc_url = str_replace('///', '&', $doc_url);
// Still a space present? it must be a '+' (that got replaced by mod_rewrite)
$doc_url = str_replace(' ', '+', $doc_url);
$doc_url = str_replace(array('../', '\\..', '\\0', '..\\'), array('', '', '', ''), $doc_url);
//echo $doc_url;
if (strpos($doc_url, '../') or strpos($doc_url, '/..')) {
    $doc_url = '';
}
$sys_course_path = api_get_path(SYS_COURSE_PATH) . $_course['path'] . '/scorm';
//var_dump($sys_course_path);
if (is_dir($sys_course_path . $doc_url)) {
    api_not_allowed();
}
if (Security::check_abs_path($sys_course_path . $doc_url, $sys_course_path . '/')) {
    $full_file_name = $sys_course_path . $doc_url;
    // Launch event
    Event::event_download($doc_url);
    DocumentManager::file_send_for_download($full_file_name);
}
exit;
开发者ID:KRCM13,项目名称:chamilo-lms,代码行数:31,代码来源:download_scorm.php

示例7: installProfileSettings

/**
 * Update settings based on installation profile defined in a JSON file
 * @param string $installationProfile The name of the JSON file in main/install/profiles/ folder
 * @return bool false on failure (no bad consequences anyway, just ignoring profile)
 */
function installProfileSettings($installationProfile = '')
{
    if (empty($installationProfile)) {
        return false;
    }
    $jsonPath = api_get_path(SYS_PATH) . 'main/install/profiles/' . $installationProfile . '.json';
    // Make sure the path to the profile is not hacked
    if (!Security::check_abs_path($jsonPath, api_get_path(SYS_PATH) . 'main/install/profiles/')) {
        return false;
    }
    if (!is_file($jsonPath)) {
        return false;
    }
    if (!is_readable($jsonPath)) {
        return false;
    }
    if (!function_exists('json_decode')) {
        // The php-json extension is not available. Ignore profile.
        return false;
    }
    $json = file_get_contents($jsonPath);
    $params = json_decode($json);
    if ($params === false or $params === null) {
        return false;
    }
    $settings = $params->params;
    if (!empty($params->parent)) {
        $res = installProfileSettings($params->parent);
    }
    foreach ($settings as $id => $param) {
        $sql = "UPDATE settings_current\n                SET selected_value = '" . $param->selected_value . "'\n                WHERE variable = '" . $param->variable . "'";
        if (!empty($param->subkey)) {
            $sql .= " AND subkey='" . $param->subkey . "'";
        }
        Database::query($sql);
    }
    return true;
}
开发者ID:KRCM13,项目名称:chamilo-lms,代码行数:43,代码来源:install.lib.php

示例8: while

// the number of /.. into the url
while (substr($cwd, -3, 3) == '/..') {
    // go to parent directory
    $cwd = substr($cwd, 0, -3);
    if (strlen($cwd) == 0) {
        $cwd = '/';
    }
    $nParent++;
}
for (; $nParent > 0; $nParent--) {
    $cwd = strrpos($cwd, '/') > -1 ? substr($cwd, 0, strrpos($cwd, '/')) : $cwd;
}
if (strlen($cwd) == 0) {
    $cwd = '/';
}
if (Security::check_abs_path($cwd, api_get_path(SYS_PATH))) {
    die;
}
if ($action == 'list') {
    /*==== List files ====*/
    if ($debug > 0) {
        error_log("sending file list", 0);
    }
    // get files list
    $files = DocumentManager::get_all_document_data($_course, $cwd, 0, NULL, false);
    // adding download link to files
    foreach ($files as $k => $f) {
        if ($f['filetype'] == 'file') {
            //$files[$k]['download'] = api_get_path(WEB_CODE_PATH)."/document/document.php?cidReq=$cidReq&action=download&id=".urlencode($f['path']);
            $files[$k]['download'] = api_get_path(WEB_COURSE_PATH) . $cidReq . "/document" . $f['path'];
        }
开发者ID:KRCM13,项目名称:chamilo-lms,代码行数:31,代码来源:remote.php

示例9: getJavascript

 /**
  * @param Application $app
  * @param string $file
  * @return BinaryFileResponse
  */
 public function getJavascript(Application $app, $file)
 {
     $mainPath = $app['paths']['sys_root'] . 'main/inc/lib/javascript/';
     $fileToLoad = $mainPath . $file;
     if (is_file($fileToLoad) && \Security::check_abs_path($fileToLoad, $mainPath)) {
         return $app->sendFile($fileToLoad);
     }
 }
开发者ID:ilosada,项目名称:chamilo-lms-icpna,代码行数:13,代码来源:LegacyController.php

示例10: del_dir

/**
 * Delete a work-tool directory
 * @param	string	Base "work" directory for this course as /var/www/chamilo/courses/ABCD/work/
 * @param	string	The directory name as the bit after "work/", without trailing slash
 * @return	integer	-1 on error
 */
function del_dir($id)
{
    global $_course;
    $id = intval($id);
    $work_data = get_work_data_by_id($id);
    if (empty($work_data)) {
        return false;
    }
    $base_work_dir = api_get_path(SYS_COURSE_PATH) . $_course['path'] . '/work';
    $work_data_url = $base_work_dir . $work_data['url'];
    $check = Security::check_abs_path($work_data_url . '/', $base_work_dir . '/');
    $table = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
    $course_id = api_get_course_int_id();
    if (!empty($work_data['url'])) {
        //Deleting all contents inside the folder
        //@todo replace to parent_id
        $sql = "UPDATE {$table} SET active = 2 WHERE c_id = {$course_id} AND filetype = 'folder'  AND id =  {$id}";
        $res = Database::query($sql);
        $sql = "UPDATE {$table} SET active = 2 WHERE c_id = {$course_id} AND parent_id =  {$id}";
        $res = Database::query($sql);
        if ($check) {
            require_once api_get_path(LIBRARY_PATH) . 'fileManage.lib.php';
            $new_dir = $work_data_url . '_DELETED_' . $id;
            if (api_get_setting('permanently_remove_deleted_files') == 'true') {
                my_delete($work_data_url);
            } else {
                if (file_exists($work_data_url)) {
                    rename($work_data_url, $new_dir);
                }
            }
        }
    }
}
开发者ID:ragebat,项目名称:chamilo-lms,代码行数:39,代码来源:work.lib.php

示例11: WriteFileCont

/**
 * Writes the file contents into the given file path.
 * @param    string    Urlencoded path
 * @param    string    The file contents
 * @return   boolean   True on success, false on security error
 */
function WriteFileCont($full_file_path, $content)
{
    // Check if this is not an attack, trying to get into other directories or something like that.
    global $_course;
    if (Security::check_abs_path(dirname($full_file_path) . '/', api_get_path(SYS_COURSE_PATH) . $_course['path'] . '/')) {
        // Check if this is not an attack, trying to upload a php file or something like that.
        if (basename($full_file_path) != Security::filter_filename(basename($full_file_path))) {
            return false;
        }
        if (!($fp = fopen(urldecode($full_file_path), 'w'))) {
            //die('Could not open Quiz input.');
        }
        fwrite($fp, $content);
        fclose($fp);
        return true;
    }
    return false;
}
开发者ID:annickvdp,项目名称:Chamilo1.9.10,代码行数:24,代码来源:hotpotatoes.lib.php

示例12: substr

        $doc_url = substr($doc_url, 0, $dul);
    }
    //create the path
    $document_explorer = api_get_path(WEB_COURSE_PATH) . api_get_course_path();
    //redirect
    header('Location: ' . $document_explorer);
}
$tbl_forum_attachment = Database::get_course_table(TABLE_FORUM_ATTACHMENT);
$tbl_forum_post = Database::get_course_table(TABLE_FORUM_POST);
$course_id = api_get_course_int_id();
$courseInfo = api_get_course_info_by_id($course_id);
// launch event
Event::event_download($doc_url);
$sql = 'SELECT thread_id, forum_id,filename
        FROM ' . $tbl_forum_post . '  f
        INNER JOIN ' . $tbl_forum_attachment . ' a
        ON a.post_id=f.post_id
        WHERE
            f.c_id = ' . $course_id . ' AND
            a.c_id = ' . $course_id . ' AND
            path LIKE BINARY "' . $doc_url . '"';
$result = Database::query($sql);
$row = Database::fetch_array($result);
$forum_thread_visibility = api_get_item_visibility($courseInfo, TOOL_FORUM_THREAD, $row['thread_id'], api_get_session_id());
$forum_forum_visibility = api_get_item_visibility($courseInfo, TOOL_FORUM, $row['forum_id'], api_get_session_id());
if ($forum_thread_visibility == 1 && $forum_forum_visibility == 1) {
    if (Security::check_abs_path($full_file_name, api_get_path(SYS_COURSE_PATH) . $courseInfo['path'] . '/upload/forum/')) {
        DocumentManager::file_send_for_download($full_file_name, true, $row['filename']);
    }
}
exit;
开发者ID:KRCM13,项目名称:chamilo-lms,代码行数:31,代码来源:download.php

示例13: Skill

$objSkill = new Skill();
$skill = $objSkill->get($skillId);
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $params = array('name' => $_POST['name'], 'description' => $_POST['description'], 'criteria' => $_POST['criteria'], 'id' => $skillId);
    if (isset($_FILES['image']) && $_FILES['image']['error'] == 0) {
        $dirPermissions = api_get_permissions_for_new_directories();
        $fileName = sha1($_POST['name']);
        $badgePath = api_get_path(SYS_UPLOAD_PATH) . 'badges/';
        $existsBadgesDirectory = is_dir($badgePath);
        if (!$existsBadgesDirectory) {
            $existsBadgesDirectory = api_create_protected_dir('badges', api_get_path(SYS_UPLOAD_PATH));
        }
        if ($existsBadgesDirectory) {
            if (!empty($skill['icon'])) {
                $iconFileAbsolutePath = $badgePath . $skill['icon'];
                if (Security::check_abs_path($iconFileAbsolutePath, $badgePath)) {
                    unlink($badgePath . $skill['icon']);
                }
            }
            $skillImagePath = sprintf("%s%s.png", $badgePath, $fileName);
            $skillImage = new Image($_FILES['image']['tmp_name']);
            $skillImage->send_image($skillImagePath, -1, 'png');
            $skillThumbPath = sprintf("%s%s-small.png", $badgePath, $fileName);
            $skillImageThumb = new Image($skillImagePath);
            $skillImageThumb->resize(ICON_SIZE_BIG, ICON_SIZE_BIG);
            $skillImageThumb->send_image($skillThumbPath);
            $params['icon'] = sprintf("%s.png", $fileName);
        } else {
            Session::write('errorMessage', get_lang('UplUnableToSaveFile'));
        }
    }
开发者ID:omaoibrahim,项目名称:chamilo-lms,代码行数:31,代码来源:skill_badge_create.php

示例14: api_protect_course_script

 *	but this code will hopefully be replaced soon by an Apache URL
 *	rewrite mechanism.
 *
 *	@package chamilo.work
 */
//require_once '../inc/global.inc.php';
require_once 'work.lib.php';
// Course protection
api_protect_course_script(true);
$commentId = isset($_GET['comment_id']) ? intval($_GET['comment_id']) : null;
if (empty($commentId)) {
    api_not_allowed(true);
}
$workData = getWorkComment($commentId);
$courseInfo = api_get_course_info();
if (!empty($workData)) {
    if (empty($workData['file_path']) || isset($workData['file_path']) && !file_exists($workData['file_path'])) {
        api_not_allowed(true);
    }
    $work = get_work_data_by_id($workData['work_id']);
    protectWork($courseInfo, $work['parent_id']);
    if (user_is_author($workData['work_id']) || $courseInfo['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1) {
        if (Security::check_abs_path($workData['file_path'], api_get_path(SYS_COURSE_PATH) . api_get_course_path() . '/')) {
            DocumentManager::file_send_for_download($workData['file_path'], true, $workData['file_name_to_show']);
        }
    } else {
        api_not_allowed(true);
    }
} else {
    api_not_allowed(true);
}
开发者ID:omaoibrahim,项目名称:chamilo-lms,代码行数:31,代码来源:download_comment_file.php

示例15: api_get_course_id

         // the session* didn't work, try it from the course (out of a
         // session context)
         $document_data = DocumentManager::get_document_data_by_id($document_id, api_get_course_id(), false, 0);
     }
     // Check whether the document is in the database
     if (empty($document_data)) {
         api_not_allowed();
     }
     // Launch event
     Event::event_download($document_data['url']);
     // Check visibility of document and paths
     if (!($is_allowed_to_edit || $group_member_with_upload_rights) && !DocumentManager::is_visible_by_id($document_id, $courseInfo, $sessionId, api_get_user_id())) {
         api_not_allowed(true);
     }
     $full_file_name = $base_work_dir . $document_data['path'];
     if (Security::check_abs_path($full_file_name, $base_work_dir . '/')) {
         DocumentManager::file_send_for_download($full_file_name, true);
     }
     exit;
     break;
 case 'downloadfolder':
     if (api_get_setting('students_download_folders') == 'true' || api_is_allowed_to_edit() || api_is_platform_admin()) {
         // Get the document data from the ID
         $document_data = DocumentManager::get_document_data_by_id($document_id, api_get_course_id(), false, $sessionId);
         if ($sessionId != 0 && !$document_data) {
             // If there is a session defined and asking for the
             // document * from the session* didn't work, try it from the
             // course (out of a session context)
             $document_data = DocumentManager::get_document_data_by_id($document_id, api_get_course_id(), false, 0);
         }
         //filter when I am into shared folder, I can download only my shared folder
开发者ID:omaoibrahim,项目名称:chamilo-lms,代码行数:31,代码来源:document.php


注:本文中的Security::check_abs_path方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。