Compare commits
6 commits
master
...
improve_ac
| Author | SHA1 | Date | |
|---|---|---|---|
|
12f8cec2e7 | ||
|
|
be3ad3bd19 | ||
|
|
2d09635500 | ||
|
|
8bd12356c6 | ||
|
|
9caf7e3c45 | ||
|
|
55e712bc43 |
5 changed files with 57 additions and 48 deletions
44
i.php
44
i.php
|
|
@ -29,8 +29,7 @@ defined('PWG_LOCAL_DIR') or define('PWG_LOCAL_DIR', 'local/');
|
|||
defined('PWG_DERIVATIVE_DIR') or define('PWG_DERIVATIVE_DIR', $conf['data_location'].'i/');
|
||||
|
||||
@include(PHPWG_ROOT_PATH.PWG_LOCAL_DIR .'config/database.inc.php');
|
||||
|
||||
include(PHPWG_ROOT_PATH . 'include/Logger.class.php');
|
||||
include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
|
||||
|
||||
$logger = new Logger(array(
|
||||
'directory' => PHPWG_ROOT_PATH . $conf['data_location'] . $conf['log_dir'],
|
||||
|
|
@ -41,40 +40,6 @@ $logger = new Logger(array(
|
|||
'filename' => 'log_' . date('Y-m-d') . '_' . sha1(date('Y-m-d') . $conf['db_password']) . '.txt',
|
||||
));
|
||||
|
||||
|
||||
function trigger_notify() {}
|
||||
function get_extension( $filename )
|
||||
{
|
||||
return substr( strrchr( $filename, '.' ), 1, strlen ( $filename ) );
|
||||
}
|
||||
|
||||
function mkgetdir($dir)
|
||||
{
|
||||
if ( !is_dir($dir) )
|
||||
{
|
||||
global $conf;
|
||||
if (substr(PHP_OS, 0, 3) == 'WIN')
|
||||
{
|
||||
$dir = str_replace('/', DIRECTORY_SEPARATOR, $dir);
|
||||
}
|
||||
$umask = umask(0);
|
||||
$mkd = @mkdir($dir, $conf['chmod_value'], true);
|
||||
umask($umask);
|
||||
if ($mkd==false && !is_dir($dir) /* retest existence because of potential concurrent i.php with slow file systems*/)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
$file = $dir.'/index.htm';
|
||||
file_exists($file) or @file_put_contents( $file, 'Not allowed!' );
|
||||
}
|
||||
if ( !is_writable($dir) )
|
||||
{
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
// end fast bootstrap
|
||||
|
||||
function ierror($msg, $code)
|
||||
|
|
@ -258,11 +223,11 @@ function parse_request()
|
|||
}
|
||||
}
|
||||
|
||||
if (is_file(PHPWG_ROOT_PATH.$req.$ext))
|
||||
if (@is_file(PHPWG_ROOT_PATH.$req.$ext))
|
||||
{
|
||||
$req = './'.$req; // will be used to match #iamges.path
|
||||
}
|
||||
elseif (is_file(PHPWG_ROOT_PATH.'../'.$req.$ext))
|
||||
elseif (@is_file(PHPWG_ROOT_PATH.'../'.$req.$ext))
|
||||
{
|
||||
$req = '../'.$req;
|
||||
}
|
||||
|
|
@ -345,6 +310,9 @@ function try_switch_source(DerivativeParams $params, $original_mtime)
|
|||
function send_derivative($expires)
|
||||
{
|
||||
global $page;
|
||||
|
||||
include_once(PHPWG_ROOT_PATH.'include/access_check.inc.php');
|
||||
checkAccess();
|
||||
|
||||
if (isset($_GET['ajaxload']) and $_GET['ajaxload'] == 'true')
|
||||
{
|
||||
|
|
|
|||
41
include/access_check.inc.php
Normal file
41
include/access_check.inc.php
Normal file
|
|
@ -0,0 +1,41 @@
|
|||
<?php
|
||||
function doError($code, $str) {
|
||||
set_status_header($code);
|
||||
echo $str ;
|
||||
exit();
|
||||
}
|
||||
|
||||
/**
|
||||
* exits if there is no access.
|
||||
*/
|
||||
function checkAccess() {
|
||||
global $page;
|
||||
|
||||
$picid = '';
|
||||
$query = 'SELECT id FROM '.IMAGES_TABLE.' WHERE path=\''.$page['src_location'].'\';';
|
||||
$result = pwg_query($query);
|
||||
if (!is_object($result)) {
|
||||
header('Location:'.$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING']);
|
||||
}
|
||||
if (($row = pwg_db_fetch_assoc($result))) {
|
||||
if (isset($row['id'])) {
|
||||
$picid = $row['id'];
|
||||
} else {
|
||||
doError(404, 'Requested id not found');
|
||||
}
|
||||
} else {
|
||||
doError(404, 'Requested id not found');
|
||||
}
|
||||
|
||||
$query = 'SELECT id FROM '.CATEGORIES_TABLE.' INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON category_id = id WHERE image_id = '.$picid.' '.get_sql_condition_FandF(
|
||||
array(
|
||||
'forbidden_categories' => 'category_id',
|
||||
'forbidden_images' => 'image_id',
|
||||
),
|
||||
' AND'
|
||||
).'
|
||||
LIMIT 1;';
|
||||
if (pwg_db_num_rows(pwg_query($query)) < 1) {
|
||||
doError(401, 'Access denied');
|
||||
}
|
||||
}
|
||||
|
|
@ -778,7 +778,7 @@ $conf['pem_languages_category'] = 8;
|
|||
$conf['upload_form_automatic_rotation'] = true;
|
||||
|
||||
// 0-'auto', 1-'derivative' 2-'script'
|
||||
$conf['derivative_url_style']=0;
|
||||
$conf['derivative_url_style']=2;
|
||||
|
||||
$conf['chmod_value']= substr_compare(PHP_SAPI, 'apa', 0, 3)==0 ? 0777 : 0755;
|
||||
|
||||
|
|
@ -794,7 +794,7 @@ $conf['max_requests']=3;
|
|||
|
||||
// one of '', 'images', 'all'
|
||||
//TODO: Put this in admin and also manage .htaccess in #sites and upload folders
|
||||
$conf['original_url_protection'] = '';
|
||||
$conf['original_url_protection'] = 'all';
|
||||
|
||||
|
||||
// Default behaviour when a new album is created: should the new album inherit the group/user
|
||||
|
|
|
|||
|
|
@ -111,7 +111,7 @@ define('MKGETDIR_PROTECT_INDEX', 4);
|
|||
/** sets mkgetdir() add a .htaccess file*/
|
||||
define('MKGETDIR_PROTECT_HTACCESS', 8);
|
||||
/** default options for mkgetdir() = MKGETDIR_RECURSIVE | MKGETDIR_DIE_ON_ERROR | MKGETDIR_PROTECT_INDEX */
|
||||
define('MKGETDIR_DEFAULT', MKGETDIR_RECURSIVE | MKGETDIR_DIE_ON_ERROR | MKGETDIR_PROTECT_INDEX);
|
||||
define('MKGETDIR_DEFAULT', MKGETDIR_RECURSIVE | MKGETDIR_DIE_ON_ERROR | MKGETDIR_PROTECT_HTACCESS);
|
||||
|
||||
/**
|
||||
* creates directory if not exists and ensures that directory is writable
|
||||
|
|
@ -122,7 +122,7 @@ define('MKGETDIR_DEFAULT', MKGETDIR_RECURSIVE | MKGETDIR_DIE_ON_ERROR | MKGETDIR
|
|||
*/
|
||||
function mkgetdir($dir, $flags=MKGETDIR_DEFAULT)
|
||||
{
|
||||
if ( !is_dir($dir) )
|
||||
if ( !@is_dir($dir) )
|
||||
{
|
||||
global $conf;
|
||||
if (substr(PHP_OS, 0, 3) == 'WIN')
|
||||
|
|
@ -140,12 +140,12 @@ function mkgetdir($dir, $flags=MKGETDIR_DEFAULT)
|
|||
if( $flags&MKGETDIR_PROTECT_HTACCESS )
|
||||
{
|
||||
$file = $dir.'/.htaccess';
|
||||
file_exists($file) or @file_put_contents( $file, 'deny from all' );
|
||||
file_exists($file) or @file_put_contents( $file, 'DENY FROM all' );
|
||||
}
|
||||
if( $flags&MKGETDIR_PROTECT_INDEX )
|
||||
{
|
||||
$file = $dir.'/index.htm';
|
||||
file_exists($file) or @file_put_contents( $file, 'Not allowed!' );
|
||||
$file = $dir.'/.htaccess';
|
||||
file_exists($file) or @file_put_contents( $file, 'Options -Indexes' );
|
||||
}
|
||||
}
|
||||
if ( !is_writable($dir) )
|
||||
|
|
@ -391,7 +391,7 @@ SELECT id, name
|
|||
$languages = array();
|
||||
while ($row = pwg_db_fetch_assoc($result))
|
||||
{
|
||||
if (is_dir(PHPWG_ROOT_PATH.'language/'.$row['id']))
|
||||
if (@is_dir(PHPWG_ROOT_PATH.'language/'.$row['id']))
|
||||
{
|
||||
$languages[ $row['id'] ] = $row['name'];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -94,7 +94,7 @@ class Template
|
|||
if (!isset($conf['data_dir_checked']))
|
||||
{
|
||||
$dir = PHPWG_ROOT_PATH.$conf['data_location'];
|
||||
mkgetdir($dir, MKGETDIR_DEFAULT&~MKGETDIR_DIE_ON_ERROR);
|
||||
mkgetdir($dir, MKGETDIR_RECURSIVE | MKGETDIR_PROTECT_INDEX);
|
||||
if (!is_writable($dir))
|
||||
{
|
||||
load_language('admin.lang');
|
||||
|
|
@ -1923,7 +1923,7 @@ final class FileCombiner
|
|||
$output .= "\n";
|
||||
}
|
||||
$output = "/*BEGIN header */\n" . $header . "\n" . $output;
|
||||
mkgetdir( dirname(PHPWG_ROOT_PATH.$file) );
|
||||
mkgetdir( dirname(PHPWG_ROOT_PATH.$file), MKGETDIR_RECURSIVE | MKGETDIR_DIE_ON_ERROR | MKGETDIR_PROTECT_INDEX );
|
||||
file_put_contents( PHPWG_ROOT_PATH.$file, $output );
|
||||
@chmod(PHPWG_ROOT_PATH.$file, 0644);
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue