function getDiff($str1,$str2) {
if (TYPO3_OS!='WIN') {
// Create file 1 and write string
- $file1 = tempnam('','');
+ $file1 = t3lib_div::tempnam('diff1_');
t3lib_div::writeFile($file1,$str1);
// Create file 2 and write string
- $file2 = tempnam('','');
+ $file2 = t3lib_div::tempnam('diff2_');
t3lib_div::writeFile($file2,$str2);
// Perform diff.
$cmd = $GLOBALS['TYPO3_CONF_VARS']['BE']['diff_path'].' '.$file1.' '.$file2;
exec($cmd,$res);
-
+
unlink($file1);
unlink($file2);
* 2551: function isAbsPath($path)
* 2563: function isAllowedAbsPath($path)
* 2581: function verifyFilenameAgainstDenyPattern($filename)
+
* 2598: function stdAuthCode($uid_or_record,$fields='')
* 2632: function loadTCA($table)
* 2651: function resolveSheetDefInDS($dataStructArray,$sheet='sDEF')
*/
function upload_copy_move($source,$destination) {
if (is_uploaded_file($source)) {
+ $uploaded = TRUE;
// Return the value of move_uploaded_file, and if false the temporary $source is still around so the user can use unlink to delete it:
- return move_uploaded_file($source, $destination);
- } else @copy($source,$destination);
+ $uploadedResult = move_uploaded_file($source, $destination);
+ } else {
+ $uploaded = FALSE;
+ @copy($source,$destination);
+ }
// Setting file system mode of file:
- if (@is_file($destination) && TYPO3_OS!='WIN') { @chmod ($destination, octdec($GLOBALS['TYPO3_CONF_VARS']['BE']['fileCreateMask'])); }
+ if (@is_file($destination) && TYPO3_OS!='WIN') {
+ @chmod ($destination, octdec($GLOBALS['TYPO3_CONF_VARS']['BE']['fileCreateMask']));
+ }
// If here the file is copied and the temporary $source is still around, so when returning false the user can try unlink to delete the $source
- return false;
+ return $uploaded ? $uploadedResult : FALSE;
}
/**
$authCode = substr(md5($authCode),0,8);
return $authCode;
}
+
+ /**
+ * Create temporary filename (Create file with unique file name)
+ * This function should be used for getting temporary filenames - will make your applications safe for open_basedir = on
+ *
+ * @param string Prefix to temp file (which will have no extension btw)
+ * @return string result from PHP function tempnam() with PATH_site.'typo3temp/' set for temp path.
+ */
+ function tempnam($filePrefix) {
+ return tempnam(PATH_site.'typo3temp/',$filePrefix);
+ }
/**
* Loads the $TCA (Table Configuration Array) for the $table
$id = $cmds['data'];
if ($GLOBALS['HTTP_POST_FILES']['upload_'.$id]['name']) {
$theFile = $GLOBALS['HTTP_POST_FILES']['upload_'.$id]['tmp_name']; // filename of the uploaded file
+ $theFileSize = $GLOBALS['HTTP_POST_FILES']['upload_'.$id]['size']; // filesize of the uploaded file
$theName = $this->cleanFileName(stripslashes($GLOBALS['HTTP_POST_FILES']['upload_'.$id]['name'])); // The original filename
- if (@is_file($theFile) && $theName) { // Check the file
+ if (is_uploaded_file($theFile) && $theName) { // Check the file
if ($this->actionPerms['uploadFile']) {
- if (filesize($theFile)<($this->maxUploadFileSize*1024)) {
+ if ($theFileSize<($this->maxUploadFileSize*1024)) {
$fI = t3lib_div::split_fileref($theName);
$theTarget = $this->is_directory($cmds['target']); // Check the target dir
if ($theTarget && $this->checkPathAgainstMounts($theTarget.'/')) {
while(list($k,$v)=each($paths)) {
reset($programs);
while(list(,$filename)=each($programs)) {
- if (@file_exists($v) && @is_file($v.$filename.$isExt)) { // file_exists was necessary on windows, because is_file issued a warning if the path was not correct.
+# if (@file_exists($v) && @is_file($v.$filename.$isExt)) { // file_exists was necessary on windows, because is_file issued a warning if the path was not correct.
+ if($this->_checkImageMagick_getVersion($v.$filename.$isExt) > 0 ) {
$index[$v][$filename]=$this->_checkImageMagick_getVersion($v.$filename.$isExt);
}
}
$ret = TRUE;
if (!$absFile) {
- $absFile = tempnam ('', $this->prefixId);
+ $absFile = t3lib_div::tempnam($this->prefixId);
if(!$absFile) {
$this->errorPush(T3_ERR_SV_FILE_WRITE, 'Can not create temp file.');
$ret = FALSE;
$theDestFile=''; // Must be cleared. Else a faulty fileref may be inserted if the below code returns an error!! (Change: 22/12/2000)
// Check various things before copying file:
- if (@is_dir($dest) && @is_file($theFile)) { // File and destination must exist
- if (!$maxSize || filesize($theFile)<=($maxSize*1024)) { // Check file size:
+ if (@is_dir($dest) && (@is_file($theFile) || @is_uploaded_file($theFile))) { // File and destination must exist
+
+ // Finding size. For safe_mode we have to rely on the size in the upload array if the file is uploaded.
+ if (is_uploaded_file($theFile) && $theFile==$uploadedFileArray['tmp_name']) {
+ $fileSize = $uploadedFileArray['size'];
+ } else {
+ $fileSize = filesize($theFile);
+ }
+
+ if (!$maxSize || $fileSize<=($maxSize*1024)) { // Check file size:
// Prepare filename:
$theEndFileName = isset($this->alternativeFileName[$theFile]) ? $this->alternativeFileName[$theFile] : $theFile;
$fI = t3lib_div::split_fileref($theEndFileName);
if (!@is_file($theDestFile)) $this->log($table,$id,5,0,1,"Copying file '%s' failed!: The destination path (%s) may be write protected. Please make it write enabled!. (%s)",16,array($theFile, dirname($theDestFile), $recFID),$propArr['event_pid']);
} else $this->log($table,$id,5,0,1,"Copying file '%s' failed!: No destination file (%s) possible!. (%s)",11,array($theFile, $theDestFile, $recFID),$propArr['event_pid']);
} else $this->log($table,$id,5,0,1,"Fileextension '%s' not allowed. (%s)",12,array($fI['fileext'], $recFID),$propArr['event_pid']);
- } else $this->log($table,$id,5,0,1,"Filesize (%s) of file '%s' exceeds limit (%s). (%s)",13,array(t3lib_div::formatSize(@filesize($theFile)),$theFile,t3lib_div::formatSize($maxSize*1024),$recFID),$propArr['event_pid']);
+ } else $this->log($table,$id,5,0,1,"Filesize (%s) of file '%s' exceeds limit (%s). (%s)",13,array(t3lib_div::formatSize($fileSize),$theFile,t3lib_div::formatSize($maxSize*1024),$recFID),$propArr['event_pid']);
} else $this->log($table,$id,5,0,1,"The destination (%s) or the source file (%s) does not exist. (%s)",14,array($dest, $theFile, $recFID),$propArr['event_pid']);
// If the destination file was created, we will set the new filename in the value array, otherwise unset the entry in the value array!
'tidy_option' => 'cached', // options [all, cached, output]. 'all' = the content is always passed through 'tidy' before it may be stored in cache. 'cached' = only if the page is put into the cache, 'output' = only the output code just before it's echoed out.
'tidy_path' => 'tidy -i --quiet true --tidy-mark true -wrap 0', // Path with options for tidy. For XHTML output, add " --output-xhtml true"
'logfile_dir' => '', // Path where TYPO3 should write webserver-style logfiles to. This path must be write-enabled for the webserver. Doesn't work for Windows! Remember slash AFTER! Eg: 'fileadmin/' or '/var/typo3logs/'. Please see the TypoScript reference!
+ 'logfile_write' => '', // Keywords for write-mode of logfiles. Default is unix "echo". Keyword "fputs" will make PHP use "fputs" instead (compliant with safe_mode)
'publish_dir' => '', // Path where TYPO3 should write staticly published documents. This path must be write-enabled for the webserver. Remember slash AFTER! Eg: 'publish/' or '/www/htdocs/publish/'. See admPanel option 'publish'
'addAllowedPaths' => '', // Additional relative paths (comma-list) to allow TypoScript resources be in. Should be prepended with '/'. If not, then any path where the first part is like this path will match. That is: 'myfolder/ , myarchive' will match eg. 'myfolder/', 'myarchive/', 'myarchive_one/', 'myarchive_2/' ... No check is done to see if this directory actually exists in the root of the site. Paths are matched by simply checking if these strings equals the first part of any TypoScript resource filepath. (See class template, function init() in t3lib/class.t3lib_tsparser.php)
'allowedTempPaths' => '', // Additional paths allowed for temporary images. Used with imgResource. Eg. 'alttypo3temp/,another_temp_dir/';
reset($allDirs);
$root="";
while(list(,$dirParts)=each($allDirs)) {
- $root.=$dirParts."/";
+ $root.=$dirParts;
if (!is_dir($extDirPath.$root)) {
@mkdir($extDirPath.$root, 0777);
if (!@is_dir($extDirPath.$root)) {
- return "Error: The directory '".$extDirPath.$root."' could not be created...";
+ return "Error: The directory '".$extDirPath.$root."/' could not be created...";
}
}
}
$path=PATH_site.$this->typePaths[$type];
$suffix="";
if ((string)$type=="L" && !@is_dir($path)) {
- @mkdir($path, 0777);
+ @mkdir(ereg_replace('\/$','',$path), 0777);
}
break;
default:
break;
}
if ($path && @is_dir($path)) {
- $extDirPath = $path.$importedData["extKey"].$suffix."/";
+ $extDirPath = $path.$importedData["extKey"].$suffix;
if (@is_dir($extDirPath)) {
// Install dir was found
- $res = $this->removeExtDirectory($extDirPath);
- if ($res) return "ERROR: Could not remove extension directory '".$extDirPath."'";
+ $res = $this->removeExtDirectory($extDirPath.'/');
+ if ($res) return "ERROR: Could not remove extension directory '".$extDirPath."/'";
}
#die("stop here...");
// we go create...
@mkdir($extDirPath, 0777);
- if (!is_dir($extDirPath)) return "ERROR: Could not create extension directory '".$extDirPath."'";
- return array($extDirPath);
+ if (!is_dir($extDirPath)) return "ERROR: Could not create extension directory '".$extDirPath."/'";
+ return array($extDirPath.'/');
} else return "ERROR: The extension install path '".$path."' was not a directory.";
}
$uploadFolder = PATH_site.$this->ulFolder($eKey);
if ($info["EM_CONF"]["uploadfolder"] && !@is_dir($uploadFolder)) {
if (t3lib_div::GPvar("_uploadfolder")) {
- mkdir($uploadFolder, 0777);
+ mkdir(ereg_replace('\/$','',$uploadFolder), 0777);
$indexContent = '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
$dirs_in_path=explode("/",ereg_replace("/$","",$crDir));
while(list(,$dirP)=each($dirs_in_path)) {
if (strcmp($dirP,"")) {
- $crDirStart.=$dirP."/";
+ $crDirStart.=$dirP;
if (!@is_dir(PATH_site.$crDirStart)) {
mkdir(PATH_site.$crDirStart, 0777);
#debug(array(PATH_site.$crDirStart));
- $finalDir=PATH_site.$crDirStart;
+ $finalDir=PATH_site.$crDirStart.'/';
}
} else die("ERROR: The path '".PATH_site.$crDir."' could not be created.");
}
* @link http://typo3.org/doc.0.html?&tx_extrepmgm_pi1[extUid]=270&cHash=4ad9d7acb4
*/
function checkAlternativeIdMethods() {
+ global $TYPO3_CONF_VARS;
+
# IF (TYPO3_OS=='WIN') return; # Commenting out this line will make it work for windows Apache mod_rewrite as well.
// Redirect by mod_rewrite:
if ($parts[$pCount-1]='html') {
if ($pCount>2) {
$this->type = intval($parts[$pCount-2]);
- $this->id= $parts[$pCount-3];
+ $this->id = $parts[$pCount-3];
} else {
$this->type = 0;
- $this->id= $parts[0];
+ $this->id = $parts[0];
}
}
}
}
// If PATH_INFO
if (t3lib_div::getIndpEnv('PATH_INFO')) { // If pathinfo contains stuff...
- # line below is NOT needed (anymore), because getIndpEnv already filters this out if needed. Only true PATH_INFO gets through.
-# if (t3lib_div::getIndpEnv('PATH_INFO')!=t3lib_div::getIndpEnv('SCRIPT_NAME') && count(explode('/',t3lib_div::getIndpEnv('PATH_INFO')))>1) { // There must be at least one '/' in the path - else the PATH_INFO value does not make sense., ALSO t3lib_div::getIndpEnv('PATH_INFO')!=t3lib_div::getIndpEnv('SCRIPT_NAME') is necessary because some servers are seen to set pathinfo equal to script_name
- $parts=t3lib_div::trimExplode('/',t3lib_div::getIndpEnv('PATH_INFO'),1);
- $parts[]='html';
- $pCount = count($parts);
- if ($pCount>2) {
- $this->type = intval($parts[$pCount-2]);
- $this->id= $parts[$pCount-3];
- } else {
- $this->type = 0;
- $this->id= $parts[0];
- }
- $this->absRefPrefix_force=1;
-# }
+ $parts=t3lib_div::trimExplode('/',t3lib_div::getIndpEnv('PATH_INFO'),1);
+ $parts[]='html';
+ $pCount = count($parts);
+ if ($pCount>2) {
+ $this->type = intval($parts[$pCount-2]);
+ $this->id = $parts[$pCount-3];
+ } else {
+ $this->type = 0;
+ $this->id = $parts[0];
+ }
+ $this->absRefPrefix_force=1;
}
// Call post processing function for custom URL methods.
* @return void
*/
function determineId() {
+ global $TYPO3_CONF_VARS;
+
// Getting ARG-v values if some
$this->setIDfromArgV();
parse_str($addParams,$GET_VARS);
break;
case 'M5':
- $query='SELECT params FROM cache_md5params WHERE md5hash="'.addslashes(substr($str,2)).'"';
- $res=mysql(TYPO3_db,$query);
- $row=mysql_fetch_assoc($res);
+ $query = 'SELECT params FROM cache_md5params WHERE md5hash="'.addslashes(substr($str,2)).'"';
+ $res = mysql(TYPO3_db,$query);
+ $row = mysql_fetch_assoc($res);
$this->updateMD5paramsRecord(substr($str,2));
parse_str($row['params'],$GET_VARS);
break;
}
+
+ $this->mergingWithGetVars($GET_VARS);
+ }
+
+ function mergingWithGetVars($GET_VARS) {
if (is_array($GET_VARS)) {
- if (!is_array($GLOBALS['HTTP_GET_VARS'])) $GLOBALS['HTTP_GET_VARS']=array();
- $GLOBALS['HTTP_GET_VARS']=t3lib_div::array_merge_recursive_overrule($GLOBALS['HTTP_GET_VARS'],$GET_VARS);
+ t3lib_div::addSlashesOnArray($GET_VARS); // Since TYPO3 expects input in GETVARS to be escaped we will have to do so with the merging parameters.
+ if (!is_array($GLOBALS['HTTP_GET_VARS'])) $GLOBALS['HTTP_GET_VARS'] = array();
+ $GLOBALS['HTTP_GET_VARS'] = $_GET = t3lib_div::array_merge_recursive_overrule($GLOBALS['HTTP_GET_VARS'],$GET_VARS);
+
// Setting these specifically (like in the init-function):
- if (isset($GET_VARS['cHash'])) $this->cHash=$GET_VARS['cHash'];
- if (isset($GET_VARS['no_cache'])) $this->no_cache=$GET_VARS['no_cache'] ? 1 : 0;
- if (isset($GET_VARS['jumpurl'])) $this->jumpurl=$GET_VARS['jumpurl'];
- if (isset($GET_VARS['MP'])) $this->MP=$this->TYPO3_CONF_VARS['FE']['enable_mount_pids'] ? $GET_VARS['MP'] : '';
+ if (isset($GET_VARS['type'])) $this->type = $GET_VARS['type'];
+ if (isset($GET_VARS['cHash'])) $this->cHash = $GET_VARS['cHash'];
+ if (isset($GET_VARS['no_cache'])) $this->no_cache = $GET_VARS['no_cache'] ? 1 : 0;
+ if (isset($GET_VARS['jumpurl'])) $this->jumpurl = $GET_VARS['jumpurl'];
+ if (isset($GET_VARS['MP'])) $this->MP = $this->TYPO3_CONF_VARS['FE']['enable_mount_pids'] ? $GET_VARS['MP'] : '';
}
- }
-
-
+ }
if (!$this->config['config']['stat_apache_notExtended']) {
$LogLine.= ' "'.t3lib_div::getIndpEnv('HTTP_REFERER').'" "'.t3lib_div::getIndpEnv('HTTP_USER_AGENT').'"';
}
- $execCmd = 'echo "'.addslashes($LogLine).'" >> '.$this->config['stat_vars']['logFile'];
- $GLOBALS['TT']->push('Write to log file');
- exec($execCmd);
- $GLOBALS['TT']->pull();
+
+ switch($GLOBALS['TYPO3_CONF_VARS']['FE']['logfile_write']) {
+ case 'fputs':
+ $GLOBALS['TT']->push('Write to log file (fputs)');
+ $logfilehandle = fopen(PATH_site.$this->config['stat_vars']['logFile'], 'a');
+ fputs($logfilehandle, $LogLine."\n");
+ @fclose($logfilehandle);
+ $GLOBALS['TT']->pull();
+ break;
+ default:
+ $GLOBALS['TT']->push('Write to log file (echo)');
+ $execCmd = 'echo "'.addslashes($LogLine).'" >> '.PATH_site.$this->config['stat_vars']['logFile'];
+ exec($execCmd);
+ $GLOBALS['TT']->pull();
+ break;
+ }
+
$GLOBALS['TT']->setTSlogMessage('Writing to logfile: OK',0);
} else {
$GLOBALS['TT']->setTSlogMessage('Writing to logfile: Error - logFile did not exist or OS is Windows!',3);
function tidyHTML($content) {
if ($this->TYPO3_CONF_VARS['FE']['tidy'] && $this->TYPO3_CONF_VARS['FE']['tidy_path']) {
$oldContent = $content;
- $fname = tempnam('','Typo3_Tidydoc_'); // Create temporary name
+ $fname = t3lib_div::tempnam('Typo3_Tidydoc_'); // Create temporary name
@unlink ($fname); // Delete if exists, just to be safe.
$fp = fopen ($fname,'wb'); // Open for writing
fputs ($fp, $content); // Put $content