This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php |
||
2 | // |
||
3 | // ------------------------------------------------------------------------ // |
||
4 | // XOOPS - PHP Content Management System // |
||
5 | // Copyright (c) 2000-2020 XOOPS.org // |
||
6 | // <https://xoops.org> // |
||
7 | // ------------------------------------------------------------------------ // |
||
8 | // This program is free software; you can redistribute it and/or modify // |
||
9 | // it under the terms of the GNU General Public License as published by // |
||
10 | // the Free Software Foundation; either version 2 of the License, or // |
||
11 | // (at your option) any later version. // |
||
12 | // // |
||
13 | // You may not change or alter any portion of this comment or credits // |
||
14 | // of supporting developers from this source code or any supporting // |
||
15 | // source code which is considered copyrighted (c) material of the // |
||
16 | // original comment or credit authors. // |
||
17 | // // |
||
18 | // This program is distributed in the hope that it will be useful, // |
||
19 | // but WITHOUT ANY WARRANTY; without even the implied warranty of // |
||
20 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // |
||
21 | // GNU General Public License for more details. // |
||
22 | // // |
||
23 | // You should have received a copy of the GNU General Public License // |
||
24 | // along with this program; if not, write to the Free Software // |
||
25 | // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA // |
||
26 | // ------------------------------------------------------------------------ // |
||
27 | // Author: Kazumi Ono (AKA onokazu) // |
||
28 | // URL: http://www.myweb.ne.jp/, https://xoops.org/, http://jp.xoops.org/ // |
||
29 | // Project: XOOPS Project // |
||
30 | // ------------------------------------------------------------------------- // |
||
31 | |||
32 | use XoopsModules\Newbb; |
||
33 | |||
34 | require_once __DIR__ . '/admin_header.php'; |
||
35 | //require_once dirname(__DIR__) . '/class/Utility.php'; |
||
36 | require_once dirname(__DIR__) . '/include/functions.stats.php'; |
||
37 | |||
38 | $attach_path = $GLOBALS['xoops']->path($GLOBALS['xoopsModuleConfig']['dir_attachments'] . '/'); |
||
39 | $thumb_path = $attach_path . 'thumbs/'; |
||
40 | $folder = [$attach_path, $thumb_path]; |
||
41 | |||
42 | /** @var Xmf\Module\Admin $adminObject */ |
||
43 | $adminObject = Xmf\Module\Admin::getInstance(); |
||
44 | |||
45 | /** |
||
46 | * @param $target |
||
47 | * @param int $mode |
||
48 | * @return bool |
||
49 | */ |
||
50 | function newbb_admin_mkdir($target, $mode = 0777) |
||
51 | { |
||
52 | $target = str_replace('..', '', $target); |
||
53 | |||
54 | // http://www.php.net/manual/en/function.mkdir.php |
||
55 | return is_dir($target) || (newbb_admin_mkdir(dirname($target), $mode) && (!mkdir($target, $mode) && !is_dir($target))); |
||
56 | } |
||
57 | |||
58 | /** |
||
59 | * @param $target |
||
60 | * @param int $mode |
||
61 | * @return bool |
||
62 | */ |
||
63 | function newbb_admin_chmod($target, $mode = 0777) |
||
64 | { |
||
65 | $target = str_replace('..', '', $target); |
||
66 | |||
67 | return @chmod($target, $mode); |
||
68 | } |
||
69 | |||
70 | /** |
||
71 | * @return array |
||
72 | */ |
||
73 | function newbb_getImageLibs() |
||
74 | { |
||
75 | $imageLibs = []; |
||
76 | unset($output, $status); |
||
77 | if (1 == $GLOBALS['xoopsModuleConfig']['image_lib'] || 0 == $GLOBALS['xoopsModuleConfig']['image_lib']) { |
||
78 | $path = empty($GLOBALS['xoopsModuleConfig']['path_magick']) ? '' : $GLOBALS['xoopsModuleConfig']['path_magick'] . '/'; |
||
79 | @exec($path . 'convert -version', $output, $status); |
||
0 ignored issues
–
show
|
|||
80 | if (empty($status) && !empty($output) && preg_match("/imagemagick[ \t]+([0-9\.]+)/i", $output[0], $matches)) { |
||
81 | $imageLibs['imagemagick'] = $matches[0]; |
||
82 | } |
||
83 | |||
84 | unset($output, $status); |
||
85 | } |
||
86 | if (2 == $GLOBALS['xoopsModuleConfig']['image_lib'] || 0 == $GLOBALS['xoopsModuleConfig']['image_lib']) { |
||
87 | $path = empty($GLOBALS['xoopsModuleConfig']['path_netpbm']) ? '' : $GLOBALS['xoopsModuleConfig']['path_netpbm'] . '/'; |
||
88 | @exec($path . 'jpegtopnm -version 2>&1', $output, $status); |
||
89 | if (empty($status) && !empty($output) && preg_match("/netpbm[ \t]+([0-9\.]+)/i", $output[0], $matches)) { |
||
90 | $imageLibs['netpbm'] = $matches[0]; |
||
91 | } |
||
92 | unset($output, $status); |
||
93 | } |
||
94 | |||
95 | if (function_exists('gd_info')) { |
||
96 | $tmpInfo = gd_info(); |
||
97 | $imageLibs['gd'] = $tmpInfo['GD Version']; |
||
98 | } |
||
99 | |||
100 | return $imageLibs; |
||
101 | } |
||
102 | |||
103 | xoops_cp_header(); |
||
104 | |||
105 | $imageLibs = newbb_getImageLibs(); |
||
106 | /** @var \XoopsModuleHandler $moduleHandler */ |
||
107 | $moduleHandler = xoops_getHandler('module'); |
||
108 | ///** @var Newbb\ReportHandler $reportHandler */ |
||
109 | //$reportHandler = \XoopsModules\Newbb\Helper::getInstance()->getHandler('Report'); |
||
110 | |||
111 | $isOK = false; |
||
112 | // START irmtfan add a poll_module config |
||
113 | //XOOPS_POLL |
||
114 | $xoopspoll = $moduleHandler->getByDirname($GLOBALS['xoopsModuleConfig']['poll_module']); |
||
115 | if (is_object($xoopspoll)) { |
||
116 | $isOK = $xoopspoll->getVar('isactive'); |
||
117 | } |
||
118 | // END irmtfan add a poll_module config |
||
119 | |||
120 | $memlimit_iniphp = return_bytes(@ini_get('memory_limit')); |
||
121 | $postmaxsize_iniphp = return_bytes(@ini_get('post_max_size')); |
||
122 | $uploadlimit = _AM_NEWBB_MEMLIMITTOLARGE; |
||
123 | if ($postmaxsize_iniphp < $memlimit_iniphp) { |
||
124 | $uploadlimit = sprintf(_AM_NEWBB_MEMLIMITOK, return_bytes($postmaxsize_iniphp, true)); |
||
125 | } |
||
126 | |||
127 | $adminObject->addInfoBox(_AM_NEWBB_PREFERENCES); |
||
128 | // START irmtfan better poll module display link and version - check if xoops poll module is available |
||
129 | if ($isOK) { |
||
130 | $pollLink = _AM_NEWBB_AVAILABLE . ': '; |
||
131 | $pollLink .= '<a href="' . XOOPS_URL . '/modules/' . $xoopspoll->getVar('dirname') . '/admin/index.php"'; |
||
132 | $pollLink .= ' alt="' . $xoopspoll->getVar('name') . ' ' . _VERSION . ' (' . $xoopspoll->getInfo('version') . ') "'; |
||
133 | $pollLink .= ' title="' . $xoopspoll->getVar('name') . ' ' . _VERSION . ' (' . $xoopspoll->getInfo('version') . ') "'; |
||
134 | $pollLink .= '>' . '(' . $xoopspoll->getVar('name') . ')</a>'; |
||
135 | } else { |
||
136 | $pollLink = _AM_NEWBB_NOTAVAILABLE; |
||
137 | } |
||
138 | $adminObject->addInfoBoxLine(sprintf(_AM_NEWBB_POLLMODULE . ': %s', $pollLink)); |
||
139 | // END irmtfan better poll module display link and version - check if xoops poll module is available |
||
140 | $adminObject->addInfoBoxLine(sprintf(_AM_NEWBB_IMAGEMAGICK . ' %s', array_key_exists('imagemagick', $imageLibs) ? _AM_NEWBB_AUTODETECTED . $imageLibs['imagemagick'] : _AM_NEWBB_NOTAVAILABLE)); |
||
141 | $adminObject->addInfoBoxLine(sprintf('NetPBM' . ': %s', array_key_exists('netpbm', $imageLibs) ? _AM_NEWBB_AUTODETECTED . $imageLibs['netpbm'] : _AM_NEWBB_NOTAVAILABLE)); |
||
142 | $adminObject->addInfoBoxLine(sprintf(_AM_NEWBB_GDLIB . ' %s', array_key_exists('gd', $imageLibs) ? _AM_NEWBB_AUTODETECTED . $imageLibs['gd'] : _AM_NEWBB_NOTAVAILABLE)); |
||
143 | $adminObject->addInfoBoxLine(sprintf(_AM_NEWBB_UPLOAD . ' %s', $uploadlimit)); |
||
144 | $adminObject->addInfoBoxLine(sprintf(_AM_NEWBB_INDEX_PDF_PAGE . '', '')); |
||
145 | |||
146 | $adminObject->addInfoBox(_AM_NEWBB_BOARDSUMMARY); |
||
147 | $adminObject->addInfoBoxLine(sprintf(_AM_NEWBB_TOTALTOPICS . ': %s', getTotalTopics())); |
||
148 | $adminObject->addInfoBoxLine(sprintf(_AM_NEWBB_TOTALPOSTS . ': %s', getTotalPosts())); |
||
149 | $adminObject->addInfoBoxLine(sprintf(_AM_NEWBB_TOTALVIEWS . ': %s', getTotalViews())); |
||
150 | |||
151 | $adminObject->addInfoBox(_AM_NEWBB_REPORT); |
||
152 | $adminObject->addInfoBoxLine(sprintf(_AM_NEWBB_REPORT_PENDING . ': %s', $reportHandler->getCount(new \Criteria('report_result', 0)))); |
||
153 | $adminObject->addInfoBoxLine(sprintf(_AM_NEWBB_REPORT_PROCESSED . ': %s', $reportHandler->getCount(new \Criteria('report_result', 1)))); |
||
154 | |||
155 | $uploadFolders = $configurator->uploadFolders; |
||
156 | foreach ($uploadFolders as $value) { |
||
157 | Newbb\Utility::prepareFolder($value); |
||
158 | $adminObject->addConfigBoxLine($value, 'folder'); |
||
159 | } |
||
160 | |||
161 | $adminObject->displayNavigation(basename(__FILE__)); |
||
162 | $adminObject->displayIndex(); |
||
163 | |||
164 | require_once __DIR__ . '/admin_footer.php'; |
||
165 | |||
166 | $cacheHelper = Newbb\Utility::cleanCache(); |
||
167 | //$cacheHelper = new \Xmf\Module\Helper\Cache('newbb'); |
||
168 | //$cacheHelper->delete('config'); |
||
169 | //$cacheHelper->delete('permission'); |
||
170 | |||
171 | /** |
||
172 | * @param $sizeAsString |
||
173 | * @param bool $b |
||
174 | * @return int|string |
||
175 | */ |
||
176 | function return_bytes($sizeAsString, $b = false) |
||
177 | { |
||
178 | if (false === $b) { |
||
179 | switch (mb_substr($sizeAsString, -1)) { |
||
180 | case 'M': |
||
181 | case 'm': |
||
182 | return (int)$sizeAsString * 1048576; |
||
183 | case 'K': |
||
184 | case 'k': |
||
185 | return (int)$sizeAsString * 1024; |
||
186 | case 'G': |
||
187 | case 'g': |
||
188 | return (int)$sizeAsString * 1073741824; |
||
189 | default: |
||
190 | return $sizeAsString; |
||
191 | } |
||
192 | } else { |
||
193 | $base = log($sizeAsString) / log(1024); |
||
194 | $suffix = ['', 'KB', 'MB', 'GB', 'TB']; |
||
195 | |||
196 | return round(pow(1024, $base - floor($base))) . ' ' . $suffix[(int)floor($base)]; |
||
197 | } |
||
198 | } |
||
199 |
If you suppress an error, we recommend checking for the error condition explicitly: