Skip to content
This repository has been archived by the owner on Jan 5, 2023. It is now read-only.

Commit

Permalink
Browse files Browse the repository at this point in the history
check if $fc_upload_addons is true before uploading addons
  • Loading branch information
patkon committed Oct 12, 2021
1 parent a2688ab commit 1c31fc2
Show file tree
Hide file tree
Showing 3 changed files with 100 additions and 64 deletions.
88 changes: 45 additions & 43 deletions acp/core/files.upload-script.php
Expand Up @@ -161,51 +161,53 @@
}
}

/* upload files to /upload/plugins/ */
if($_REQUEST['upload_type'] == 'plugin') {
if(array_key_exists('file',$_FILES) && $_FILES['file']['error'] == 0 ){
$tmp_name = $_FILES["file"]["tmp_name"];
$org_name = $_FILES["file"]["name"];
$suffix = strtolower(substr(strrchr($org_name,'.'),1));
$prefix = basename($org_name,".$suffix");
$files_name = clean_filename($prefix,$suffix);
if(!is_dir('../../upload/plugins')) {
mkdir("../../upload/plugins", 0777, true);
}
$target = "../../upload/plugins/$files_name";
@move_uploaded_file($tmp_name, $target);
if($fc_upload_addons === true) {
/* upload files to /upload/plugins/ */
if($_REQUEST['upload_type'] == 'plugin') {
if(array_key_exists('file',$_FILES) && $_FILES['file']['error'] == 0 ){
$tmp_name = $_FILES["file"]["tmp_name"];
$org_name = $_FILES["file"]["name"];
$suffix = strtolower(substr(strrchr($org_name,'.'),1));
$prefix = basename($org_name,".$suffix");
$files_name = clean_filename($prefix,$suffix);
if(!is_dir('../../upload/plugins')) {
mkdir("../../upload/plugins", 0777, true);
}
$target = "../../upload/plugins/$files_name";
@move_uploaded_file($tmp_name, $target);
}
}
}

/* upload files to /upload/themes/ */
if($_REQUEST['upload_type'] == 'theme') {
if(array_key_exists('file',$_FILES) && $_FILES['file']['error'] == 0 ){
$tmp_name = $_FILES["file"]["tmp_name"];
$org_name = $_FILES["file"]["name"];
$suffix = strtolower(substr(strrchr($org_name,'.'),1));
$prefix = basename($org_name,".$suffix");
$files_name = clean_filename($prefix,$suffix);
if(!is_dir('../../upload/themes')) {
mkdir("../../upload/themes", 0777, true);
}
$target = "../../upload/themes/$files_name";
@move_uploaded_file($tmp_name, $target);
/* upload files to /upload/themes/ */
if($_REQUEST['upload_type'] == 'theme') {
if(array_key_exists('file',$_FILES) && $_FILES['file']['error'] == 0 ){
$tmp_name = $_FILES["file"]["tmp_name"];
$org_name = $_FILES["file"]["name"];
$suffix = strtolower(substr(strrchr($org_name,'.'),1));
$prefix = basename($org_name,".$suffix");
$files_name = clean_filename($prefix,$suffix);
if(!is_dir('../../upload/themes')) {
mkdir("../../upload/themes", 0777, true);
}
$target = "../../upload/themes/$files_name";
@move_uploaded_file($tmp_name, $target);
}
}
}

/* upload files to /upload/modules/ */
if($_REQUEST['upload_type'] == 'module') {
if(array_key_exists('file',$_FILES) && $_FILES['file']['error'] == 0 ){
$tmp_name = $_FILES["file"]["tmp_name"];
$org_name = $_FILES["file"]["name"];
$suffix = strtolower(substr(strrchr($org_name,'.'),1));
$prefix = basename($org_name,".$suffix");
$files_name = clean_filename($prefix,$suffix);
if(!is_dir('../../upload/modules')) {
mkdir("../../upload/modules", 0777, true);
}
$target = "../../upload/modules/$files_name";
@move_uploaded_file($tmp_name, $target);
/* upload files to /upload/modules/ */
if($_REQUEST['upload_type'] == 'module') {
if(array_key_exists('file',$_FILES) && $_FILES['file']['error'] == 0 ){
$tmp_name = $_FILES["file"]["tmp_name"];
$org_name = $_FILES["file"]["name"];
$suffix = strtolower(substr(strrchr($org_name,'.'),1));
$prefix = basename($org_name,".$suffix");
$files_name = clean_filename($prefix,$suffix);
if(!is_dir('../../upload/modules')) {
mkdir("../../upload/modules", 0777, true);
}
$target = "../../upload/modules/$files_name";
@move_uploaded_file($tmp_name, $target);
}
}
}

Expand Down
4 changes: 2 additions & 2 deletions acp/core/functions_addons.php
Expand Up @@ -89,12 +89,12 @@ function fc_delete_addon($addon,$type) {
if($type == 'm') {
$dir = '../modules';
} else if($type == 'p') {
$dir = FC_CONTENT_DIR.'/plugins';
$dir = '../content/plugins';
} else if($type == 't') {
$dir = '../styles';
}

$remove_dir = $dir.'/'.$addon;
$remove_dir = $dir.'/'.basename($addon);
fc_reomove_addon_files($remove_dir);
$record_msg = 'removed addon: <strong>'.$addon.' ('.$type.')</strong>';
record_log($_SESSION['user_nick'],$record_msg,"8");
Expand Down
72 changes: 53 additions & 19 deletions acp/core/upload_addons.php
Expand Up @@ -66,16 +66,29 @@
}


/* delete files */
if(!empty($_GET['del'])) {
$file = basename($_GET['del']);
$path = basename($_GET['dir']);
if(is_file("../upload/$path/$file")) {
unlink("../upload/$path/$file");
/* delete uploaded zip files */

if(isset($_POST['delete_uploaded_zip'])) {
$file = basename($_POST['delete_uploaded_zip']);

if($_POST['dir'] == 't') {
$dir = 'themes';
} else if($_POST['dir'] == 'm') {
$dir = 'modules';
} else {
$dir = 'plugins';
}


if(is_file("../upload/$dir/$file")) {
unlink("../upload/$dir/$file");
}

}




/* check if we can write in /styles/, /modules/ and /content/plugins/ /*/

if(!is_writable('../styles/')) {
Expand Down Expand Up @@ -113,13 +126,13 @@
*
*/

if(!empty($_GET['plg'])) {
if(isset($_POST['install_uploaded_plg'])) {

if(!is_dir("../upload/plugins/extract")) {
mkdir("../upload/plugins/extract", 0777);
}
unset($all_files);
$plugin = basename($_GET['plg']);
$plugin = basename($_POST['install_uploaded_plg']);
$archive = new PclZip("../upload/plugins/$plugin");
$list = $archive->extract(
PCLZIP_OPT_PATH, '../upload/plugins/extract',
Expand Down Expand Up @@ -178,13 +191,13 @@
* 3. copy xyz.mod and it's contents to /modules/
*/

if(!empty($_GET['mod'])) {
if(isset($_POST['install_uploaded_mod'])) {

if(!is_dir("../upload/modules/extract")) {
mkdir("../upload/modules/extract", 0777);
}

$mod = basename($_GET['mod']);
$mod = basename($_POST['install_uploaded_mod']);
$archive = new PclZip("../upload/modules/$mod");
$list = $archive->extract(
PCLZIP_OPT_PATH, '../upload/modules/extract',
Expand Down Expand Up @@ -232,19 +245,21 @@

}


/**
* install themes
* 1. extract zip file
* 2. find theme folder from contents.php
* 3. copy theme folder and it's contents to /styles/
*/
if(!empty($_GET['installtheme'])) {

if(isset($_POST['install_uploaded_tpl'])) {

if(!is_dir("../upload/themes/extract")) {
mkdir("../upload/themes/extract", 0777);
}
unset($all_files);
$theme = basename($_GET['installtheme']);
$theme = basename($_POST['install_uploaded_tpl']);
$archive = new PclZip("../upload/themes/$theme");
$list = $archive->extract(
PCLZIP_OPT_PATH, '../upload/themes/extract',
Expand All @@ -260,7 +275,7 @@

if(is_file("../upload/themes/extract/$extracted/contents.php")) {
include '../upload/themes/extract/'.$extracted.'/contents.php';
/* themes root folder ($instRootDir) must be defined in contents.php */
// themes root folder ($instRootDir) must be defined in contents.php
$all_files = fc_scandir_rec("../upload/themes/extract/$extracted/$instRootDir");
} else {
echo '<div class="alert alert-danger">This is not a compatible Theme</div>';
Expand Down Expand Up @@ -328,8 +343,14 @@
echo '<td>Module:</td><td><strong>'.$this_pathinfo['basename'].'</strong> <small>Upload time: '.$filemtime.'</small></td>';
echo '<td>';
echo '<div class="btn-group float-end">';
echo '<a href="?tn=moduls&sub=u&mod='.$this_pathinfo['basename'].'" class="btn btn-fc">Install</a>';
echo '<a href="?tn=moduls&sub=u&dir=modules&del='.$this_pathinfo['basename'].'" class="btn btn-danger">'.$lang['delete'].'</a>';

echo '<form action="?tn=moduls&sub=u" method="POST">';
echo '<button class="btn btn-fc text-success" type="submit" name="install_uploaded_mod" value="'.$this_pathinfo['basename'].'">Install</button>';
echo '<button class="btn btn-fc text-danger" type="submit" name="delete_uploaded_zip" value="'.$this_pathinfo['basename'].'">Remove</button>';
echo '<input type="hidden" name="dir" value="m">';
echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['token'].'">';
echo '</form>';

echo '</div>';
echo '</td>';
echo '</tr>';
Expand All @@ -340,8 +361,14 @@
echo '<td>Plugin:</td><td><strong>'.$this_pathinfo['basename'].'</strong> <small>Upload time: '.$filemtime.'</small></td>';
echo '<td>';
echo '<div class="btn-group float-end">';
echo '<a href="?tn=moduls&sub=u&plg='.$this_pathinfo['basename'].'" class="btn btn-fc">Install</a>';
echo '<a href="?tn=moduls&sub=u&dir=plugins&del='.$this_pathinfo['basename'].'" class="btn btn-danger">'.$lang['delete'].'</a>';

echo '<form action="?tn=moduls&sub=u" method="POST">';
echo '<button class="btn btn-fc text-success" type="submit" name="install_uploaded_plg" value="'.$this_pathinfo['basename'].'">Install</button>';
echo '<button class="btn btn-fc text-danger" type="submit" name="delete_uploaded_zip" value="'.$this_pathinfo['basename'].'">Remove</button>';
echo '<input type="hidden" name="dir" value="p">';
echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['token'].'">';
echo '</form>';

echo '</div>';
echo '</td>';
echo '</tr>';
Expand All @@ -352,8 +379,14 @@
echo '<td>Theme:</td><td><strong>'.$this_pathinfo['basename'].'</strong> <small>Upload time: '.$filemtime.'</small></td>';
echo '<td>';
echo '<div class="btn-group float-end">';
echo '<a href="?tn=moduls&sub=u&installtheme='.$this_pathinfo['basename'].'" class="btn btn-fc">Install</a>';
echo '<a href="?tn=moduls&sub=u&dir=themes&del='.$this_pathinfo['basename'].'" class="btn btn-danger">'.$lang['delete'].'</a>';

echo '<form action="?tn=moduls&sub=u" method="POST">';
echo '<button class="btn btn-fc text-success" type="submit" name="install_uploaded_tpl" value="'.$this_pathinfo['basename'].'">Install</button>';
echo '<button class="btn btn-fc text-danger" type="submit" name="delete_uploaded_zip" value="'.$this_pathinfo['basename'].'">Remove</button>';
echo '<input type="hidden" name="dir" value="t">';
echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['token'].'">';
echo '</form>';

echo '</div>';
echo '</td>';
echo '</tr>';
Expand Down Expand Up @@ -415,6 +448,7 @@ function copy_recursive($source, $target) {
}



/**
* delete directory (recursive)
*/
Expand Down

0 comments on commit 1c31fc2

Please sign in to comment.