From aeed902abd95396bfd17aa56e1e048a9362f0867 Mon Sep 17 00:00:00 2001 From: garvinhicking Date: Thu, 30 Nov 2006 21:34:29 +0000 Subject: [PATCH] Ensure to not be able to call s9y files under circumstances where .htaccess does not deny request AND register_globals is turned on --- docs/NEWS | 9 +- include/admin/configuration.inc.php | 6 +- include/admin/installer.inc.php | 8 +- include/compat.inc.php | 14 +- include/functions.inc.php | 8 +- include/functions_calendars.inc.php | 191 +++++++--- include/functions_comments.inc.php | 18 +- include/functions_config.inc.php | 4 + include/functions_entries.inc.php | 4 + include/functions_entries_admin.inc.php | 4 + include/functions_images.inc.php | 12 +- include/functions_images_crop.inc.php | 450 ++++++++++++++++++++++++ include/functions_installer.inc.php | 3 + include/functions_permalinks.inc.php | 4 + include/functions_plugins_admin.inc.php | 3 + include/functions_rss.inc.php | 28 +- include/functions_smarty.inc.php | 6 +- include/functions_trackbacks.inc.php | 23 +- include/functions_upgrader.inc.php | 21 +- include/genpage.inc.php | 6 +- include/lang.inc.php | 4 + include/plugin_internal.inc.php | 4 + templates/kubrick/config.inc.php | 4 + 23 files changed, 744 insertions(+), 90 deletions(-) create mode 100644 include/functions_images_crop.inc.php diff --git a/docs/NEWS b/docs/NEWS index 499bbff..0f3c40c 100644 --- a/docs/NEWS +++ b/docs/NEWS @@ -350,7 +350,14 @@ Version 1.1-alpha5() * Removed config option "XHTML11 compliance" and enabled by default now (garvinhicking) -Version 1.0.3 () +Version 1.0.4 () +------------------------------------------------------------------------ + + * Fix local file inclusion bug on systems with two conditions: + register_globals=on AND missing .htaccess for restricting access to + .inc.php files. (garvinhicking) + +Version 1.0.3 (November 7th, 2006) ------------------------------------------------------------------------ * Fix PHP 5.2.0 compatibility issue. (garvinhicking) diff --git a/include/admin/configuration.inc.php b/include/admin/configuration.inc.php index a4af5e2..4ecb2cf 100644 --- a/include/admin/configuration.inc.php +++ b/include/admin/configuration.inc.php @@ -2,6 +2,10 @@ # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # All rights reserved. See LICENSE file for licensing details +if (IN_serendipity !== true) { + die ("Don't hack!"); +} + umask(0000); $umask = 0775; @define('IN_installer', true); @@ -47,7 +51,7 @@ switch ($_POST['installAction'] && serendipity_checkFormToken()) { $permalinkNew[] = $serendipity[$permitem['var']]; } } - } + } if (serendipity_checkPermission('siteConfiguration') && serialize($permalinkOld) != serialize($permalinkNew)) { printf(ATTEMPT_WRITE_FILE, $serendipity['serendipityPath'] . '.htaccess'); diff --git a/include/admin/installer.inc.php b/include/admin/installer.inc.php index 36ddc05..3da52df 100644 --- a/include/admin/installer.inc.php +++ b/include/admin/installer.inc.php @@ -2,6 +2,10 @@ # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # All rights reserved. See LICENSE file for licensing details +if (IN_serendipity !== true) { + die ("Don't hack!"); +} + umask(0000); $umask = 0775; @define('IN_installer', true); @@ -36,11 +40,11 @@ function serendipity_installerResultDiagnose($result, $s) { return ''. $s .''; } if ( $result === S9Y_I_WARNING ) { - return ''. $s .''; + return ''. $s .' [?]'; } if ( $result === S9Y_I_ERROR ) { $errorCount++; - return ''. $s .''; + return ''. $s .' [!]'; } } diff --git a/include/compat.inc.php b/include/compat.inc.php index 467968c..8bf2f09 100644 --- a/include/compat.inc.php +++ b/include/compat.inc.php @@ -2,6 +2,10 @@ # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # All rights reserved. See LICENSE file for licensing details +if (IN_serendipity !== true) { + die ("Don't hack!"); +} + if (defined('S9Y_FRAMEWORK_COMPAT')) { return; } @@ -38,11 +42,11 @@ function memSnap($tshow = '') { static $avail = null; static $show = true; static $memUsage = 0; - + if (!$show) { return false; } - + if ($avail === false) { return true; } elseif ($avail === null) { @@ -53,11 +57,11 @@ function memSnap($tshow = '') { return false; } } - + if ($memUsage === 0) { $memUsage = $avail; } - + $current = memory_get_usage(); echo '[' . date('d.m.Y H:i') . '] ' . number_format($current - $memUsage, 2, ',', '.') . ' label "' . $tshow . '", totalling ' . number_format($current, 2, ',', '.') . '
' . "\n"; $memUsage = $current; @@ -222,7 +226,7 @@ function serendipity_getCharset() { $charset = ''; } } - + if (!empty($serendipity['POST']['charset'])) { if ($serendipity['POST']['charset'] == 'UTF-8/') { $charset = 'UTF-8/'; diff --git a/include/functions.inc.php b/include/functions.inc.php index 09058b6..24aeba5 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -2,6 +2,10 @@ # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # All rights reserved. See LICENSE file for licensing details +if (IN_serendipity !== true) { + die ("Don't hack!"); +} + if (defined('S9Y_FRAMEWORK_FUNCTIONS')) { return; } @@ -323,7 +327,7 @@ function serendipity_walkRecursive($ary, $child_name = 'id', $parent_name = 'par if ($depth !== 0) { return true; } - + if (count($_remain) > 0) { // Remaining items need to be appended foreach($_remain AS $key => $data) { @@ -1146,7 +1150,7 @@ function &serendipity_pickKey(&$array, $key, $default) { function serendipity_db_time() { static $ts = null; static $cache = 300; // Seconds to cache - + if ($ts === null) { $now = time(); $ts = $now - ($now % $cache) + $cache; diff --git a/include/functions_calendars.inc.php b/include/functions_calendars.inc.php index e347b5f..2c8dae4 100644 --- a/include/functions_calendars.inc.php +++ b/include/functions_calendars.inc.php @@ -2,8 +2,17 @@ # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # All rights reserved. See LICENSE file for licensing details +if (IN_serendipity !== true) { + die ("Don't hack!"); +} + +if (defined('S9Y_FRAMEWORK_CALENDARS')) { + return; +} +@define('S9Y_FRAMEWORK_CALENDARS', true); + /** - * Gregorian to Jalali Convertor + * Gregorian to Persian Convertor * * @author farsiweb.info * @access public @@ -12,50 +21,50 @@ * @param int day * @return array converted time */ -function g2j($g_y, $g_m, $g_d){ +function g2p($g_y, $g_m, $g_d){ $g_days_in_month = array(31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31); $j_days_in_month = array(31, 31, 31, 31, 31, 31, 30, 30, 30, 30, 30, 29); - + $gy = $g_y-1600; $gm = $g_m-1; $gd = $g_d-1; - + $g_day_no = 365*$gy+floor(($gy+3)/4)-floor(($gy+99)/100)+floor(($gy+399)/400); - + for ($i=0; $i < $gm; ++$i){ $g_day_no += $g_days_in_month[$i]; } - + if ($gm>1 && (($gy%4==0 && $gy%100!=0) || ($gy%400==0))){ /* leap and after Feb */ ++$g_day_no; } - + $g_day_no += $gd; $j_day_no = $g_day_no-79; $j_np = floor($j_day_no/12053); $j_day_no %= 12053; $jy = 979+33*$j_np+4*floor($j_day_no/1461); $j_day_no %= 1461; - + if ($j_day_no >= 366) { $jy += floor(($j_day_no-1)/365); $j_day_no = ($j_day_no-1)%365; } $j_all_days = $j_day_no+1; - + for ($i = 0; $i < 11 && $j_day_no >= $j_days_in_month[$i]; ++$i) { $j_day_no -= $j_days_in_month[$i]; } - + $jm = $i+1; $jd = $j_day_no+1; - + return array($jy, $jm, $jd, $j_all_days); } /** - * Jalali to Gregorian Convertor + * Persian to Gregorian Convertor * * @author farsiweb.info * @access public @@ -64,7 +73,7 @@ function g2j($g_y, $g_m, $g_d){ * @param int day * @return array converted time */ -function j2g($j_y, $j_m, $j_d){ +function p2g($j_y, $j_m, $j_d){ $g_days_in_month = array(31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31); $j_days_in_month = array(31, 31, 31, 31, 31, 31, 30, 30, 30, 30, 30, 29); $jy = $j_y-979; @@ -102,12 +111,12 @@ function j2g($j_y, $j_m, $j_d){ } $gm = $i+1; $gd = $g_day_no+1; - + return array($gy, $gm, $gd); } - + /** - * Format a string according to Jalali calendar (UTF) + * Format a string according to Persian calendar (UTF) * * @author Omid Mottaghi * @access public @@ -115,13 +124,17 @@ function j2g($j_y, $j_m, $j_d){ * @param int Timestamp to format * @return string Formatted local time/date according to locale settings */ -function jalali_strftime_utf($format, $timestamp) { - +function persian_strftime_utf($format, $timestamp='') { + + if($timestamp==''){ + $timestamp = mktime(); + } + $g_d=date('j', $timestamp); $g_m=date('n', $timestamp); $g_y=date('Y', $timestamp); - list($jy, $jm, $jd, $j_all_days) = g2j($g_y, $g_m, $g_d); + list($jy, $jm, $jd, $j_all_days) = g2p($g_y, $g_m, $g_d); $j_month_name = array('', 'فروردین', 'اردیبهشت', 'خرداد', 'تیر', 'مرداد', 'شهریور', 'مهر', 'آبان', 'آذر', 'دی', 'بهمن', 'اسفند'); @@ -146,12 +159,12 @@ function jalali_strftime_utf($format, $timestamp) { 'Wed' => '5', 'Thu' => '6', 'Fri' => '7'); - + // calculate string $output_str=''; - + for ($i=0; $i1 && (($g_y%4==0 && $g_y%100!=0) || ($g_y%400==0))){ + $j_days_in_month[12]++; + $leap = 1; + } + $j_month_name = array('', 'فروردین', 'اردیبهشت', 'خرداد', 'تیر', 'مرداد', 'شهریور', 'مهر', 'آبان', 'آذر', 'دی', 'بهمن', 'اسفند'); $j_week_name = array('Saturday' => 'شنبه', @@ -294,12 +315,12 @@ function jalali_date_utf($format, $timestamp) { 'Wed' => '5', 'Thu' => '6', 'Fri' => '7'); - + // calculate string $output_str=''; - + for ($i=0; $i 0 * * @author Omid Mottaghi * @access public @@ -416,7 +443,73 @@ function jalali_date_utf($format, $timestamp) { * @param int is daylight savings time set? * @return int returned timestamp */ -function jalali_mktime($hour=0, $min=0, $sec=0, $mon=1, $day=1, $year=1349, $is_dst=-1){ - list($year, $mon, $day)=j2g($year, $mon, $day); +function persian_mktime($hour='', $min='', $sec='', $mon='', $day='', $year='', $is_dst=-1){ + $j_days_in_month = array(31, 31, 31, 31, 31, 31, 30, 30, 30, 30, 30, 29); + + if ( (string) $hour == '') { $hour = persian_date_utf('H'); } + if ( (string) $min == '') { $min = persian_date_utf('i'); } + if ( (string) $sec == '') { $sec = persian_date_utf('s'); } + if ( (string) $day == '') { $day = persian_date_utf('j'); } + if ( (string) $mon == '') { $mon = persian_date_utf('n'); } + if ( (string) $year == '') { $year = persian_date_utf('Y'); } + + /* + an ugly, beta code snippet to support days <= zero! + it should work, but days in one or more months should calculate! + */ + + /* + if($day <= 0){ + // change sign + $day = abs($day); + + // calculate months and days that shall decrease + // this do-while has a lot of errors!!! + do{ + // $month_days = $j_days_in_month[$mon] + $months = floor($day/30); + $days = $day % 30; + }while(); + + $mon -= $months; + $day -= $days; + if ($day < 1) { + $mon--; + } + } + */ + + if($mon <= 0){ + // change sign + $mon = abs($mon); + + // calculate years and months that shall decrease + $years = floor($mon/12); + $months = $mon % 12; + + $year -= $years; + $mon -= $months; + if ($mon < 1) { + $year--; + $mon += 12; + } + } + + if ($day < 1) { + $temp_month = $mon-1; + $temp_year = $year; + if($temp_month <= 0){ + $temp_month = 12; + $temp_year--; + } + if ($temp_month>1 && (($temp_year%4==0 && $temp_year%100!=0) || ($temp_year%400==0))){ + $j_days_in_month[12] = 30; + }else{ + $j_days_in_month[12] = 29; + } + $day += $j_days_in_month[$temp_month]; + } + + list($year, $mon, $day)=p2g($year, $mon, $day); return mktime($hour, $min, $sec, $mon, $day, $year, $is_dst); } diff --git a/include/functions_comments.inc.php b/include/functions_comments.inc.php index ffab9c8..2e64a53 100644 --- a/include/functions_comments.inc.php +++ b/include/functions_comments.inc.php @@ -2,6 +2,10 @@ # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # All rights reserved. See LICENSE file for licensing details +if (IN_serendipity !== true) { + die ("Don't hack!"); +} + if (defined('S9Y_FRAMEWORK_COMMENTS')) { return; } @@ -126,7 +130,7 @@ function serendipity_fetchComments($id, $limit = null, $order = '', $showAll = f } else { $limit = ''; } - + if ($type == 'comments' || empty($type)) { $type = 'NORMAL'; } elseif ($type == 'trackbacks') { @@ -142,7 +146,7 @@ function serendipity_fetchComments($id, $limit = null, $order = '', $showAll = f if (!$showAll) { $and .= ' AND co.status = \'approved\''; } - + $and .= $where; if ($serendipity['dbType'] == 'postgres') { @@ -332,7 +336,7 @@ function serendipity_printCommentsByAuthor() { } $sql_limit = $serendipity['fetchLimit'] * ($serendipity['GET']['page']-1) . ',' . $serendipity['fetchLimit']; $c = serendipity_fetchComments(null, $sql_limit, 'co.entry_id DESC, co.id ASC', false, $type, $sql_where); - + $entry_comments = array(); foreach($c as $i => $comment) { if (!isset($entry_comments[$comment['entry_id']])) { @@ -341,7 +345,7 @@ function serendipity_printCommentsByAuthor() { } $entry_comments[$comment['entry_id']]['comments'][] = $comment; } - + foreach($entry_comments AS $entry_id => $_data) { $entry_comments[$entry_id]['tpl_comments'] =& serendipity_printComments($_data['comments'], VIEWMODE_LINEAR, 0, null, 'COMMENTS', 'comments.tpl'); } @@ -356,10 +360,10 @@ function serendipity_printCommentsByAuthor() { $and .= ' AND co.status = \'approved\''; } - $cc = serendipity_db_query("SELECT count(co.id) AS counter + $cc = serendipity_db_query("SELECT count(co.id) AS counter FROM {$serendipity['dbPrefix']}comments AS co - WHERE co.entry_id > 0 - AND co.type LIKE '" . $type . "' + WHERE co.entry_id > 0 + AND co.type LIKE '" . $type . "' AND co.status = 'approved' " . $sql_where . " GROUP BY co.author", true, 'assoc'); if (!isset($cc['counter'])) { diff --git a/include/functions_config.inc.php b/include/functions_config.inc.php index f8ec76d..e03c2d3 100644 --- a/include/functions_config.inc.php +++ b/include/functions_config.inc.php @@ -2,6 +2,10 @@ # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # All rights reserved. See LICENSE file for licensing details +if (IN_serendipity !== true) { + die ("Don't hack!"); +} + if (defined('S9Y_FRAMEWORK_CONFIG')) { return; } diff --git a/include/functions_entries.inc.php b/include/functions_entries.inc.php index ec0845e..5911b2e 100644 --- a/include/functions_entries.inc.php +++ b/include/functions_entries.inc.php @@ -2,6 +2,10 @@ # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # All rights reserved. See LICENSE file for licensing details +if (IN_serendipity !== true) { + die ("Don't hack!"); +} + if (defined('S9Y_FRAMEWORK_ENTRIES')) { return; } diff --git a/include/functions_entries_admin.inc.php b/include/functions_entries_admin.inc.php index 5927e06..6321489 100644 --- a/include/functions_entries_admin.inc.php +++ b/include/functions_entries_admin.inc.php @@ -2,6 +2,10 @@ # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # All rights reserved. See LICENSE file for licensing details +if (IN_serendipity !== true) { + die ("Don't hack!"); +} + if (defined('S9Y_FRAMEWORK_ENTRIES_ADMIN')) { return; } diff --git a/include/functions_images.inc.php b/include/functions_images.inc.php index 44a1af2..f29d50c 100644 --- a/include/functions_images.inc.php +++ b/include/functions_images.inc.php @@ -2,6 +2,10 @@ # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # All rights reserved. See LICENSE file for licensing details +if (IN_serendipity !== true) { + die ("Don't hack!"); +} + if (defined('S9Y_FRAMEWORK_IMAGES')) { return; } @@ -3315,15 +3319,15 @@ function serendipity_checkDirUpload($dir) { return true; } */ - + $allowed = serendipity_ACLGet(0, 'directory', 'write', $dir); $mygroups = serendipity_checkPermission(null, null, true); - + // Usergroup "0" always means that access is granted. If no array exists, no ACL restrictions have been set and all is fine. if (!is_array($allowed) || isset($allowed[0])) { return true; } - + if (!is_array($mygroups)) { return true; } @@ -3334,6 +3338,6 @@ function serendipity_checkDirUpload($dir) { break; } } - + return false; } diff --git a/include/functions_images_crop.inc.php b/include/functions_images_crop.inc.php new file mode 100644 index 0000000..3992a3b --- /dev/null +++ b/include/functions_images_crop.inc.php @@ -0,0 +1,450 @@ + $val) { + if (is_array($val)) { + $this->makeImgComp($array[$key]); + } elseif (preg_match('@^.*_(x|y)$@', $key)) { + $array[preg_replace('@^(.*)_(x|y)$@', '\1', $key)] = $val; + } + } + + return true; + } + + // Constructor. + function imgedit($img_name, $http_img_name) { + global $serendipity; + $this->makeImgComp($_REQUEST); + + // Store the given variables + $this->real_img_name = $this->img_name = $img_name; + $this->real_img_info = getimagesize($this->real_img_name); + $this->real_img_width = $this->real_img_info[0]; + $this->real_img_height = $this->real_img_info[1]; + + $this->http_img_name = $http_img_name; + + // Set even more variables + $this->setDefaults(); + + return true; + } + + // The main logic + function main() { + + // 1. Parse the $_REQUEST vars. + $this->parseRequest(); + + // 2. Get the current size of the cropping area + $this->getCurrentArea(); + + // 3. Parse any actions + $this->parseRequestActions(); + + // 4. Valide the results of any actions + $this->validateCoordinates(); + + // 5. Populate the template + $this->setVars(); + + return true; + } + + // Sets default vars. + function setDefaults() { + $this->orientation_available = true; + + $this->img_width = $this->real_img_width; + $this->img_height = $this->real_img_height; + $this->img_name = $this->real_img_name; + + $this->zoombox_width = 100; + $this->area_border = 6; + + // Set values if they haven't been submitted yet. + if (!isset($_REQUEST['area_orientation']) || ($_REQUEST['area_orientation'] != 'h' && $_REQUEST['area_orientation'] != 'v')) { + $_REQUEST['area_orientation'] = 'h'; + } + + if (!isset($_REQUEST['autoguess_clicked'])) { + $_REQUEST['autoguess_clicked'] = 'false'; + } + + if (!isset($_REQUEST['zoombox_x'])) { + $_REQUEST['zoombox_x'] = -$this->area_border; + } + + if (!isset($_REQUEST['zoombox_y'])) { + $_REQUEST['zoombox_y'] = -$this->area_border; + } + + if (!isset($_REQUEST['move_increase'])) { + $_REQUEST['move_increase'] = 8; + } else { + $_REQUEST['move_increase'] = intval($_REQUEST['move_increase']); + } + + return true; + } + + // Parse the $_REQUEST vars + function parseRequest() { + if (isset($_REQUEST['toggle_area_orientation'])) { + if ($_REQUEST['area_orientation'] == 'h') { + $_REQUEST['area_orientation'] = 'v'; + } else { + $_REQUEST['area_orientation'] = 'h'; + } + } + + if (isset($_REQUEST['zoombox_factor'])) { + $_REQUEST['zoombox_factor'] = floatval($_REQUEST['zoombox_factor']); + } else { + $_REQUEST['zoombox_factor'] = 1; + } + + if (isset($_REQUEST['action']['enlarge'])) { + $_REQUEST['zoombox_factor'] += 0.1; + } elseif (isset($_REQUEST['action']['reduce'])) { + $_REQUEST['zoombox_factor'] -= 0.1; + } + + if ($_REQUEST['zoombox_factor'] > 3) { + $_REQUEST['zoombox_factor'] = 3; + } elseif ($_REQUEST['zoombox_factor'] < 0.1) { + $_REQUEST['zoombox_factor'] = 0.1; + } + + if (isset($_REQUEST['action']['moveup'])) { + $_REQUEST['zoombox_y'] -= $_REQUEST['move_increase']; + } elseif (isset($_REQUEST['action']['movedown'])) { + $_REQUEST['zoombox_y'] += $_REQUEST['move_increase']; + } elseif (isset($_REQUEST['action']['moveleft'])) { + $_REQUEST['zoombox_x'] -= $_REQUEST['move_increase']; + } elseif (isset($_REQUEST['action']['moveright'])) { + $_REQUEST['zoombox_x'] += $_REQUEST['move_increase']; + } + + return true; + } + + // Fit an image inside the cropping area. + function imgFit($orientation) { + if ($orientation == 'height') { + $this->imgFitHeight(); + } else { + $this->imgFitWidth(); + } + + $_REQUEST['zoombox_factor'] = $this->ratio; + $_REQUEST['autoguess_clicked'] = 'true'; + $_REQUEST['zoombox_x'] = -$this->area_border; + $_REQUEST['zoombox_y'] = -$this->area_border; + + return true; + } + + // Fit an image, using height as fixed value + function imgFitHeight() { + $this->img_height = $this->inner_area_y - $this->area_border; + $this->ratio = round($this->img_height / $this->real_img_height, 3); + $this->img_width = intval(round($this->real_img_width * $this->ratio)); + + return true; + } + + // Fit an image, using width as fixed value + function imgFitWidth() { + $this->img_width = $this->inner_area_x - $this->area_border; + $this->ratio = round($this->img_width / $this->real_img_width, 3); + $this->img_height = intval(round($this->real_img_height * $this->ratio)); + + return true; + } + + // Parse actions that were submitted + function parseRequestActions() { + global $serendipity; + + if (isset($_REQUEST['autoscale'])) { + + if ($this->real_img_width > $this->real_img_height) { + // The image is a horizontal one. Resize height to fit. + $this->imgFit('height'); + } else { + // The image is a vertical one. Resize width to fit. + $this->imgFit('width'); + } + + + } elseif (isset($_REQUEST['scale'])) { + + + if ($this->real_img_width > $this->real_img_height) { + // The image is a horizontal one. Resize width to fit. + $this->imgFit('width'); + } else { + // The image is a vertical one. Resize height to fit. + $this->imgFit('height'); + } + + } else { + + $this->img_width = intval(round($this->real_img_width * $_REQUEST['zoombox_factor'])); + $this->img_height = intval(round($this->real_img_height * $_REQUEST['zoombox_factor'])); + + } + + + // Check which template to use + if (isset($_REQUEST['crop'])) { + $this->output_template = 'admin/media_imgedit_done.tpl'; + } else { + $this->output_template = 'admin/media_imgedit.tpl'; + if ($this->orientation_available) { + $this->imgedit_smarty['orientation_available'] = true; + } + } + + // The final action. Cropping will take place. + if (isset($_REQUEST['crop'])) { + $new_img_name = $this->img_name . '.tmp'; + + if ($this->img_width <= $this->area_width && $this->img_height <= $this->area_height) { + $this->imgedit_smarty['image_no_cut'] = true; + + $new_img_width = $this->img_width; + $new_img_height = $this->img_height; + } else { + $this->imgedit_smarty['image_cut'] = true; + + $new_img_width = $this->area_width - $this->area_border - $this->area_border; + $new_img_height = $this->area_height - $this->area_border - $this->area_border; + } + + $this->slice_from_x = ($this->area_border + $_REQUEST['zoombox_x']) / $_REQUEST['zoombox_factor']; + $this->slice_from_y = ($this->area_border + $_REQUEST['zoombox_y']) / $_REQUEST['zoombox_factor']; + + $slice_width = $new_img_width / $_REQUEST['zoombox_factor']; + $slice_height = $new_img_height / $_REQUEST['zoombox_factor']; + + $this->slice_to_x = $this->slice_from_x + $this->slice_width; + $this->slice_to_y = $this->slice_from_y + $this->slice_height; + + // TODO: + // - Operate also on PNG, TIFF etc. + // - Support image magick + // - Save file as new image! + // - Optionally ask whether to only make a thumbnail from the extracted portion + + // PHP: int imagecopyresampled ( resource dst_im, resource src_im, int dstX, int dstY, int srcX, int srcY, int dstW, int dstH, int srcW, int srcH) + // Open the user's image. + $img_res = imagecreatefromjpeg($this->img_name); + + // Init a blank picture to save the cropped image in. + $new_img_res = imagecreatetruecolor($new_img_width, $new_img_height); + + // Crop the image based on user input, save the resulting image. If either action fails, report an error. + if (!imagecopyresampled($new_img_res, $img_res, 0, 0, $this->slice_from_x, $this->slice_from_y, $new_img_width, $new_img_height, $slice_width, $slice_height) || + !imageJpeg($new_img_res, $new_img_name, 90)) { + + $this->imgedit_smarty['image_error'] = true; + } + + $backup = $this->increment($this->img_name); + rename($this->img_name, $backup . '.backup'); + rename($new_img_name, $this->img_name); + $http_new_file = preg_replace('@^' . preg_quote($serendipity['serendipityPath'] . $serendipity['uploadPath']) . '@', '', $this->img_name); + serendipity_makeThumbnail(basename($http_new_file), dirname($http_new_file) . '/'); + + $this->img_name = $new_img_name; + $this->img_width = $new_img_width; + $this->img_height = $new_img_height; + } + + return true; + } + + function increment($fullfile) { + $d = dirname($fullfile) . '/'; + $f = basename($fullfile); + + $f = time() . '.' . $f; + + return $d . $f; + } + + // Checks if any coordinates are out of allowed range + function validateCoordinates() { + if ($this->img_width > $this->area_width) { + $c_img_width = $this->img_width; + $ca_img_width = $this->area_width; + $x_area_border = $this->area_border; + } else { + $c_img_width = $this->area_width; + $ca_img_width = $this->img_width; + $x_area_border = -$this->area_border; + } + + if ($this->img_height > $this->area_height) { + $c_img_height = $this->img_height; + $ca_img_height = $this->area_height; + $y_area_border = $this->area_border; + } else { + $c_img_height = $this->area_height; + $ca_img_height = $this->img_height; + $y_area_border = -$this->area_border; + } + + if ($_REQUEST['zoombox_x'] < (0 - $this->area_border)) { + $_REQUEST['zoombox_x'] = 0 - $this->area_border; + } elseif ($_REQUEST['zoombox_x'] > ($this->img_width - $ca_img_width + $x_area_border)) { + $_REQUEST['zoombox_x'] = $this->img_width - $ca_img_width + $x_area_border; + } + + if ($_REQUEST['zoombox_y'] < (0 - $this->area_border)) { + $_REQUEST['zoombox_y'] = 0 - $this->area_border; + } elseif ($_REQUEST['zoombox_y'] > ($this->img_height - $ca_img_height + $y_area_border)) { + $_REQUEST['zoombox_y'] = $this->img_height - $ca_img_height + $y_area_border; + } + + $this->overlay_clip_top += $_REQUEST['zoombox_y']; + $this->overlay_clip_bottom += $_REQUEST['zoombox_y']; + $this->overlay_clip_left += $_REQUEST['zoombox_x']; + $this->overlay_clip_right += $_REQUEST['zoombox_x']; + + return true; + } + + // Sets the sizes of the cropping area + function setArea($img_name, $orientation = 'h') { + global $serendipity; + + $fimg = serendipity_getTemplateFile('admin/img/' . $img_name, 'serendipityPath'); + $hfimg = serendipity_getTemplateFile('admin/img/' . $img_name, 'serendipityHTTPPath'); + $img_info = getImageSize($fimg); + + if ($orientation == 'h') { + $this->harea_width = $img_info[0]; + $this->harea_height = $img_info[1]; + $this->harea_img_name = $hfimg; + } else { + $this->varea_width = $img_info[0]; + $this->varea_height = $img_info[1]; + $this->varea_img_name = $hfimg; + } + + return true; + } + + // Get the size of the selected cropping area + function getCurrentArea() { + if ($_REQUEST['area_orientation'] == 'h') { + $this->area_width = $this->harea_width; + $this->area_height = $this->harea_height; + $this->varea_visibility = 'hidden'; + $this->harea_visibility = 'visible'; + } else { + $this->area_width = $this->varea_width; + $this->area_height = $this->varea_height; + $this->varea_visibility = 'visible'; + $this->harea_visibility = 'hidden'; + } + + $this->inner_area_x = $this->area_width - $this->area_border; + $this->inner_area_y = $this->area_height - $this->area_border; + + $this->overlay_clip_top = $this->area_border; + $this->overlay_clip_right = $this->area_width - $this->area_border; + $this->overlay_clip_bottom = $this->area_height - $this->area_border; + $this->overlay_clip_left = $this->area_border; + + return true; + } + + // Set the template variables + function setVars() { + + $this->imgedit_smarty['zoombox_width'] = $this->zoombox_width; + $this->imgedit_smarty['zoombox_padding'] = $this->zoombox_width + 20; + $this->imgedit_smarty['area_width'] = $this->area_width; + $this->imgedit_smarty['area_height'] = $this->area_height; + $this->imgedit_smarty['varea_width'] = $this->varea_width; + $this->imgedit_smarty['varea_height'] = $this->varea_height; + $this->imgedit_smarty['varea_img_name'] = $this->varea_img_name; + $this->imgedit_smarty['varea_visibility'] = $this->varea_visibility; + $this->imgedit_smarty['harea_width'] = $this->harea_width; + $this->imgedit_smarty['harea_height'] = $this->harea_height; + $this->imgedit_smarty['harea_img_name'] = $this->harea_img_name; + $this->imgedit_smarty['harea_visibility'] = $this->harea_visibility; + $this->imgedit_smarty['area_border'] = $this->area_border; + $this->imgedit_smarty['refresh_line'] = time(); + + $this->imgedit_smarty['real_img_width'] = $this->real_img_width; + $this->imgedit_smarty['real_img_height'] = $this->real_img_height; + $this->imgedit_smarty['real_img_name'] = $this->real_img_name; + $this->imgedit_smarty['http_img_name'] = $this->http_img_name; + + $this->imgedit_smarty['img_width'] = $this->img_width; + $this->imgedit_smarty['img_height'] = $this->img_height; + $this->imgedit_smarty['zoom_img_width'] = $this->img_width; + $this->imgedit_smarty['zoom_img_height'] = $this->img_height; + $this->imgedit_smarty['img_name'] = $this->img_name; + + $this->imgedit_smarty['overlay_clip_top'] = $this->overlay_clip_top; + $this->imgedit_smarty['overlay_clip_bottom'] = $this->overlay_clip_bottom; + $this->imgedit_smarty['overlay_clip_left'] = $this->overlay_clip_left; + $this->imgedit_smarty['overlay_clip_right'] = $this->overlay_clip_right; + + $this->imgedit_smarty['slice_from_x'] = $this->slice_from_x; + $this->imgedit_smarty['slice_from_y'] = $this->slice_from_y; + $this->imgedit_smarty['slice_to_x'] = $this->slice_to_x; + $this->imgedit_smarty['slice_to_y'] = $this->slice_to_y; + + $this->imgedit_smarty['zoombox_x'] = $_REQUEST['zoombox_x']; + $this->imgedit_smarty['zoombox_y'] = $_REQUEST['zoombox_y']; + $this->imgedit_smarty['zoombox_factor'] = $_REQUEST['zoombox_factor']; + + $this->imgedit_smarty['php_self'] = $_SERVER['PHP_SELF']; + $this->imgedit_smarty['area_orientation'] = $_REQUEST['area_orientation']; + $this->imgedit_smarty['move_increase'] = $_REQUEST['move_increase']; + $this->imgedit_smarty['autoguess_clicked'] = $_REQUEST['autoguess_clicked']; + + $this->imgedit_smarty['my_url'] = htmlspecialchars($_SERVER['REQUEST_URI']); + + if ($_REQUEST['autoguess_clicked'] == 'true') { + $this->imgedit_smarty['scale_visibility'] = 'visible'; + } else { + $this->imgedit_smarty['scale_visibility'] = 'hidden'; + } + + return true; + } +} diff --git a/include/functions_installer.inc.php b/include/functions_installer.inc.php index 2a72978..69d7ce6 100644 --- a/include/functions_installer.inc.php +++ b/include/functions_installer.inc.php @@ -2,6 +2,9 @@ # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # All rights reserved. See LICENSE file for licensing details +if (IN_serendipity !== true) { + die ("Don't hack!"); +} if (defined('S9Y_FRAMEWORK_INSTALLER')) { return; diff --git a/include/functions_permalinks.inc.php b/include/functions_permalinks.inc.php index a11c1ab..85680a0 100644 --- a/include/functions_permalinks.inc.php +++ b/include/functions_permalinks.inc.php @@ -2,6 +2,10 @@ # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # All rights reserved. See LICENSE file for licensing details +if (IN_serendipity !== true) { + die ("Don't hack!"); +} + if (defined('S9Y_FRAMEWORK_PERMALINKS')) { return; } diff --git a/include/functions_plugins_admin.inc.php b/include/functions_plugins_admin.inc.php index 5ed42b4..fd9bd58 100644 --- a/include/functions_plugins_admin.inc.php +++ b/include/functions_plugins_admin.inc.php @@ -2,6 +2,9 @@ # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # All rights reserved. See LICENSE file for licensing details +if (IN_serendipity !== true) { + die ("Don't hack!"); +} if (defined('S9Y_FRAMEWORK_PLUGINS_ADMIN')) { return; diff --git a/include/functions_rss.inc.php b/include/functions_rss.inc.php index af17010..451b2c7 100644 --- a/include/functions_rss.inc.php +++ b/include/functions_rss.inc.php @@ -2,6 +2,15 @@ # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # All rights reserved. See LICENSE file for licensing details +if (IN_serendipity !== true) { + die ("Don't hack!"); +} + +if (defined('S9Y_FRAMEWORK_RSS')) { + return; +} +@define('S9Y_FRAMEWORK_RSS', true); + /** * Parses entries to display them for RSS/Atom feeds to be passed on to generic Smarty templates * @@ -36,7 +45,10 @@ function serendipity_printEntries_rss(&$entries, $version, $comments = false, $f $entry['feed_entryLink'] = serendipity_archiveURL($entry['feed_id'], $entry['title'], 'baseURL', true, array('timestamp' => $entry['timestamp'])); if ($options['comments'] == true) { // Display username as part of the title for easier feed-readability - $entry['title'] = $entry['author'] . ': ' . $entry['title']; + if ($entry['type'] == 'TRACKBACK' && !empty($entry['ctitle'])) { + $entry['author'] .= ' - ' . $entry['ctitle']; + } + $entry['title'] = (!empty($entry['author']) ? $entry['author'] : ANONYMOUS) . ': ' . $entry['title']; } // Embed a link to extended entry, if existing @@ -78,7 +90,7 @@ function serendipity_printEntries_rss(&$entries, $version, $comments = false, $f $cat['feed_category_name'] = serendipity_utf8_encode(htmlspecialchars($cat['category_name'])); } } - + // Prepare variables // 1. UTF8 encoding + htmlspecialchars. $entry['feed_title'] = serendipity_utf8_encode(htmlspecialchars($entry['title'])); @@ -101,28 +113,28 @@ function serendipity_printEntries_rss(&$entries, $version, $comments = false, $f case 'opml1.0': $entry_hook = 'frontend_display:opml-1.0:per_entry'; break; - + case '0.91': $entry_hook = 'frontend_display:rss-0.91:per_entry'; break; - + case '1.0': $entry_hook = 'frontend_display:rss-1.0:per_entry'; break; - + case '2.0': $entry_hook = 'frontend_display:rss-2.0:per_entry'; break; - + case 'atom0.3': $entry_hook = 'frontend_display:atom-0.3:per_entry'; break; - + case 'atom1.0': $entry_hook = 'frontend_display:atom-1.0:per_entry'; break; } - + serendipity_plugin_api::hook_event($entry_hook, $entry); $entry['per_entry_display_dat'] = $entry['display_dat']; } diff --git a/include/functions_smarty.inc.php b/include/functions_smarty.inc.php index 55aeba3..2a2602a 100644 --- a/include/functions_smarty.inc.php +++ b/include/functions_smarty.inc.php @@ -2,6 +2,10 @@ # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # All rights reserved. See LICENSE file for licensing details +if (IN_serendipity !== true) { + die ("Don't hack!"); +} + if (defined('S9Y_FRAMEWORK_SMARTY')) { return; } @@ -354,7 +358,7 @@ function serendipity_smarty_showCommentForm($params, &$smarty) { if (!isset($params['data'])) { $params['data'] = $serendipity['POST']; } - + if (!isset($params['showToolbar'])) { $params['showToolbar'] = true; } diff --git a/include/functions_trackbacks.inc.php b/include/functions_trackbacks.inc.php index c14081b..1781aca 100644 --- a/include/functions_trackbacks.inc.php +++ b/include/functions_trackbacks.inc.php @@ -2,6 +2,15 @@ # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # All rights reserved. See LICENSE file for licensing details +if (IN_serendipity !== true) { + die ("Don't hack!"); +} + +if (defined('S9Y_FRAMEWORK_TRACKBACKS')) { + return; +} +@define('S9Y_FRAMEWORK_TRACKBACKS', true); + /** * Check a HTTP response if it is a valid XML trackback response * @@ -86,15 +95,19 @@ function _serendipity_send($loc, $data) { require_once S9Y_PEAR_PATH . 'HTTP/Request.php'; $options = array('allowRedirects' => true, 'maxRedirects' => 5, 'method' => 'POST'); serendipity_plugin_api::hook_event('backend_http_request', $options, 'trackback_send'); + serendipity_request_start(); + $req = &new HTTP_Request($uri, $options); $req->addRawPostData($data, true); $res = $req->sendRequest(); if (PEAR::isError($res)) { + serendipity_request_end(); return false; } $fContent = $req->getResponseBody(); + serendipity_request_end(); return $fContent; } @@ -199,15 +212,18 @@ global $serendipity; require_once S9Y_PEAR_PATH . 'HTTP/Request.php'; $options = array('allowRedirects' => true, 'maxRedirects' => 5, 'method' => 'GET'); serendipity_plugin_api::hook_event('backend_http_request', $options, 'trackback_detect'); + serendipity_request_start(); $req = &new HTTP_Request($parsed_loc, $options); $res = $req->sendRequest(); if (PEAR::isError($res)) { echo '
• ' . sprintf(TRACKBACK_COULD_NOT_CONNECT, $u['host'], $u['port']) .'
'; + serendipity_request_end(); return; } $fContent = $req->getResponseBody(); + serendipity_request_end(); if (strlen($fContent) != 0) { serendipity_trackback_autodiscover($fContent, $parsed_loc, $url, $author, $title, $text, $loc); @@ -322,7 +338,7 @@ function add_pingback ($id, $postdata) { * @return string Output text */ function serendipity_trackback_excerpt($text) { - return substr(strip_tags($text), 0, 255); + return serendipity_mb('substr', strip_tags($text), 0, 255); } /** @@ -443,7 +459,8 @@ function serendipity_handle_references($id, $author, $title, $text) { $query = "SELECT COUNT(id) FROM {$serendipity['dbPrefix']}references WHERE entry_id = '". (int)$tmpid ."' - AND link = '" . serendipity_db_escape_string($locations[$i]) . "'"; + AND link = '" . serendipity_db_escape_string($locations[$i]) . "' + AND type = ''"; $row = serendipity_db_query($query, true, 'num'); if ($row[0] > 0) { @@ -455,7 +472,7 @@ function serendipity_handle_references($id, $author, $title, $text) { $checked_locations[$locations[$i]] = true; // Store trackbacked link so that no further trackbacks will be sent to the same link } } - serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}references WHERE entry_id='" . (int)$tmpid . "'"); + serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}references WHERE entry_id='" . (int)$tmpid . "' AND type = ''"); for ($i = 0; $i < $j; ++$i) { $query = "INSERT INTO {$serendipity['dbPrefix']}references (entry_id, name, link) VALUES("; diff --git a/include/functions_upgrader.inc.php b/include/functions_upgrader.inc.php index 6045123..804f5a5 100644 --- a/include/functions_upgrader.inc.php +++ b/include/functions_upgrader.inc.php @@ -2,6 +2,15 @@ # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # All rights reserved. See LICENSE file for licensing details +if (IN_serendipity !== true) { + die ("Don't hack!"); +} + +if (defined('S9Y_FRAMEWORK_UPGRADER')) { + return; +} +@define('S9Y_FRAMEWORK_UPGRADER', true); + /** * This is a list of functions that are used by the upgrader. Define functions here that * are not used within usual Serendipity control flow @@ -84,7 +93,7 @@ function serendipity_fixPlugins($case) { 'serendipity_event_searchhighlight', 'serendipity_event_textile' ); - + $elements = array( 'ENTRY_BODY', 'EXTENDED_BODY', @@ -97,24 +106,24 @@ function serendipity_fixPlugins($case) { $where[] = "name LIKE '$plugin:%'"; } - $rows = serendipity_db_query("SELECT name, value, authorid - FROM {$serendipity['dbPrefix']}config + $rows = serendipity_db_query("SELECT name, value, authorid + FROM {$serendipity['dbPrefix']}config WHERE " . implode(' OR ', $where)); if (!is_array($rows)) { return false; } - + foreach($rows AS $row) { if (preg_match('@^(serendipity_event_.+):([a-z0-9]+)/(.+)@i', $row['name'], $plugin_data)) { foreach($elements AS $element) { if ($plugin_data[3] != constant($element)) { continue; } - + $new = $plugin_data[1] . ':' . $plugin_data[2] . '/' . $element; serendipity_db_query("UPDATE {$serendipity['dbPrefix']}config SET name = '$new' - WHERE name = '{$row['name']}' + WHERE name = '{$row['name']}' AND value = '{$row['value']}' AND authorid = '{$row['authorid']}'"); } diff --git a/include/genpage.inc.php b/include/genpage.inc.php index 36f02da..504a12a 100644 --- a/include/genpage.inc.php +++ b/include/genpage.inc.php @@ -2,6 +2,10 @@ # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # All rights reserved. See LICENSE file for licensing details +if (IN_serendipity !== true) { + die ("Don't hack!"); +} + if (!defined('S9Y_FRAMEWORK')) { include('serendipity_config.inc.php'); } @@ -97,7 +101,7 @@ if ($serendipity['smarty_raw_mode']) { case 'comments': serendipity_printCommentsByAuthor(); // use 'content_message' for pagination? - + break; // Show the archive diff --git a/include/lang.inc.php b/include/lang.inc.php index 5f62335..e2302a1 100644 --- a/include/lang.inc.php +++ b/include/lang.inc.php @@ -2,6 +2,10 @@ # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # All rights reserved. See LICENSE file for licensing details +if (IN_serendipity !== true) { + die ("Don't hack!"); +} + if (!defined('serendipity_LANG_LOADED') || serendipity_LANG_LOADED !== true) { $charset = serendipity_getCharset(); diff --git a/include/plugin_internal.inc.php b/include/plugin_internal.inc.php index 17cc3f4..fefade7 100644 --- a/include/plugin_internal.inc.php +++ b/include/plugin_internal.inc.php @@ -2,6 +2,10 @@ # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) # All rights reserved. See LICENSE file for licensing details +if (IN_serendipity !== true) { + die ("Don't hack!"); +} + if (defined('S9Y_FRAMEWORK_PLUGIN_INTERNAL')) { return; } diff --git a/templates/kubrick/config.inc.php b/templates/kubrick/config.inc.php index 091e22c..8d5978f 100644 --- a/templates/kubrick/config.inc.php +++ b/templates/kubrick/config.inc.php @@ -1,5 +1,9 @@