This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php |
||
2 | |||
3 | namespace XoopsModules\Modulebuilder\Common; |
||
4 | |||
5 | /* |
||
6 | You may not change or alter any portion of this comment or credits |
||
7 | of supporting developers from this source code or any supporting source code |
||
8 | which is considered copyrighted (c) material of the original comment or credit authors. |
||
9 | |||
10 | This program is distributed in the hope that it will be useful, |
||
11 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||
13 | */ |
||
14 | |||
15 | /** |
||
16 | * Modulebuilder module |
||
17 | * |
||
18 | * @copyright XOOPS Project (https://xoops.org) |
||
19 | * @license GNU GPL 2 or later (https://www.gnu.org/licenses/gpl-2.0.html) |
||
20 | * @author Xoops Development Team |
||
21 | */ |
||
22 | |||
23 | use Xmf\Request; |
||
24 | use XoopsModules\Modulebuilder; |
||
25 | |||
26 | //\defined('XOOPS_ROOT_PATH') || die('XOOPS root path not defined'); |
||
27 | |||
28 | require_once \dirname(__DIR__, 4) . '/mainfile.php'; |
||
29 | $moduleDirName = \basename(\dirname(__DIR__, 2)); |
||
30 | $moduleDirNameUpper = \mb_strtoupper($moduleDirName); |
||
31 | \xoops_loadLanguage('filechecker', $moduleDirName); |
||
32 | |||
33 | /** |
||
34 | * Class FileChecker |
||
35 | * check status of a directory |
||
36 | */ |
||
37 | class FileChecker |
||
38 | { |
||
39 | /** |
||
40 | * @param string $file_path |
||
41 | * @param string|null $original_file_path |
||
42 | * @param string $redirectFile |
||
43 | * @return bool|string |
||
44 | */ |
||
45 | public static function getFileStatus($file_path, $original_file_path = null, $redirectFile) |
||
46 | { |
||
47 | $pathIcon16 = \Xmf\Module\Admin::iconUrl('', '16'); |
||
48 | |||
49 | if (empty($file_path)) { |
||
50 | return false; |
||
51 | } |
||
52 | if (null === $redirectFile) { |
||
0 ignored issues
–
show
introduced
by
Loading history...
|
|||
53 | $redirectFile = $_SERVER['SCRIPT_NAME']; |
||
54 | } |
||
55 | $moduleDirName = \basename(\dirname(__DIR__, 2)); |
||
56 | $moduleDirNameUpper = \mb_strtoupper($moduleDirName); |
||
57 | if (null === $original_file_path) { |
||
58 | if (self::fileExists($file_path)) { |
||
59 | $path_status = "<img src='$pathIcon16/1.png' >"; |
||
60 | $path_status .= "$file_path (" . \constant('CO_' . $moduleDirNameUpper . '_' . 'FC_AVAILABLE') . ') '; |
||
61 | } else { |
||
62 | $path_status = "<img src='$pathIcon16/0.png' >"; |
||
63 | $path_status .= "$file_path (" . \constant('CO_' . $moduleDirNameUpper . '_' . 'FC_NOTAVAILABLE') . ') '; |
||
64 | } |
||
65 | } else { |
||
66 | if (self::compareFiles($file_path, $original_file_path)) { |
||
67 | $path_status = "<img src='$pathIcon16/1.png' >"; |
||
68 | $path_status .= "$file_path (" . \constant('CO_' . $moduleDirNameUpper . '_' . 'FC_AVAILABLE') . ') '; |
||
69 | } else { |
||
70 | $path_status = "<img src='$pathIcon16/0.png' >"; |
||
71 | $path_status .= "$file_path (" . \constant('CO_' . $moduleDirNameUpper . '_' . 'FC_NOTAVAILABLE') . ') '; |
||
72 | $path_status .= "<form action='" . $_SERVER['SCRIPT_NAME'] . "' method='post'>"; |
||
73 | $path_status .= "<input type='hidden' name='op' value='copyfile'>"; |
||
74 | $path_status .= "<input type='hidden' name='file_path' value='$file_path'>"; |
||
75 | $path_status .= "<input type='hidden' name='original_file_path' value='$original_file_path'>"; |
||
76 | $path_status .= "<input type='hidden' name='redirect' value='$redirectFile'>"; |
||
77 | $path_status .= "<button class='submit' onClick='this.form.submit();'>" . \constant('CO_' . $moduleDirNameUpper . '_' . 'FC_CREATETHEFILE') . '</button>'; |
||
78 | $path_status .= '</form>'; |
||
79 | } |
||
80 | } |
||
81 | |||
82 | return $path_status; |
||
83 | } |
||
84 | |||
85 | /** |
||
86 | * @param $source_path |
||
87 | * @param $destination_path |
||
88 | * |
||
89 | * @return bool |
||
90 | */ |
||
91 | public static function copyFile($source_path, $destination_path) |
||
92 | { |
||
93 | $source_path = \str_replace('..', '', $source_path); |
||
94 | $destination_path = \str_replace('..', '', $destination_path); |
||
95 | |||
96 | return @\copy($source_path, $destination_path); |
||
97 | } |
||
98 | |||
99 | /** |
||
100 | * @param $file1_path |
||
101 | * @param $file2_path |
||
102 | * |
||
103 | * @return bool |
||
104 | */ |
||
105 | public static function compareFiles($file1_path, $file2_path) |
||
106 | { |
||
107 | if (!self::fileExists($file1_path) || !self::fileExists($file2_path)) { |
||
108 | return false; |
||
109 | } |
||
110 | if (\filetype($file1_path) !== \filetype($file2_path)) { |
||
111 | return false; |
||
112 | } |
||
113 | if (\filesize($file1_path) !== \filesize($file2_path)) { |
||
114 | return false; |
||
115 | } |
||
116 | $crc1 = \mb_strtoupper(\dechex(\crc32(\file_get_contents($file1_path)))); |
||
117 | $crc2 = \mb_strtoupper(\dechex(\crc32(\file_get_contents($file2_path)))); |
||
118 | |||
119 | return !($crc1 !== $crc2); |
||
120 | } |
||
121 | |||
122 | /** |
||
123 | * @param $file_path |
||
124 | * |
||
125 | * @return bool |
||
126 | */ |
||
127 | public static function fileExists($file_path) |
||
128 | { |
||
129 | return \is_file($file_path); |
||
130 | } |
||
131 | |||
132 | /** |
||
133 | * @param $target |
||
134 | * @param int $mode |
||
135 | * |
||
136 | * @return bool |
||
137 | */ |
||
138 | public static function setFilePermissions($target, $mode = 0777) |
||
139 | { |
||
140 | $target = \str_replace('..', '', $target); |
||
141 | |||
142 | return @\chmod($target, (int)$mode); |
||
143 | } |
||
144 | } |
||
145 | |||
146 | $op = Request::getString('op', '', 'POST'); |
||
147 | switch ($op) { |
||
148 | case 'copyfile': |
||
149 | if (\Xmf\Request::hasVar('original_file_path', 'POST')) { |
||
150 | $original_file_path = $_POST['original_file_path']; |
||
151 | } |
||
152 | if (\Xmf\Request::hasVar('file_path', 'POST')) { |
||
153 | $file_path = $_POST['file_path']; |
||
154 | } |
||
155 | if (\Xmf\Request::hasVar('redirect', 'POST')) { |
||
156 | $redirect = $_POST['redirect']; |
||
157 | } |
||
158 | $msg = FileChecker::copyFile($original_file_path, $file_path) ? \constant('CO_' . $moduleDirNameUpper . '_' . 'FC_FILECOPIED') : \constant('CO_' . $moduleDirNameUpper . '_' . 'FC_FILENOTCOPIED'); |
||
159 | \redirect_header($redirect, 2, $msg . ': ' . $file_path); |
||
160 | break; |
||
161 | } |
||
162 |