1
0
Fork 0
Dieser Commit ist enthalten in:
o.pinke 2020-07-24 19:31:13 +02:00
Ursprung dcc1f7f323
Commit dc11334aaf
1 geänderte Dateien mit 165 neuen und 192 gelöschten Zeilen

Datei anzeigen

@ -1,4 +1,5 @@
<?php
/**
* Project:
* Contenido Content Management System
@ -31,215 +32,191 @@
* }}
*
*/
if(!defined('CON_FRAMEWORK')) {
die('Illegal call');
if (!defined('CON_FRAMEWORK')) {
die('Illegal call');
}
// Checks all links without front_content.php
function checkLinks() {
global $auth, $cfgClient, $client, $cfg, $cronjob, $db, $aErrors, $lang, $langart, $whitelist;
global $aSearchIDInfosArt, $aSearchIDInfosCat, $aSearchIDInfosCatArt, $aSearchIDInfosNonID;
global $auth, $cfgClient, $client, $cfg, $cronjob, $db, $aErrors, $lang, $langart, $whitelist;
global $aSearchIDInfosArt, $aSearchIDInfosCat, $aSearchIDInfosCatArt, $aSearchIDInfosNonID;
if(count($aSearchIDInfosArt) > 0) { // Checks idarts
if (count($aSearchIDInfosArt) > 0) { // Checks idarts
for ($i = 0; $i < count($aSearchIDInfosArt); $i++) {
for($i = 0; $i < count($aSearchIDInfosArt); $i++) {
if($i == 0) {
$sSearch = Contenido_Security::toInteger($aSearchIDInfosArt[$i]['id']);
} else {
$sSearch .= ", " . Contenido_Security::toInteger($aSearchIDInfosArt[$i]['id']);
}
}
// Check articles
$aFind = array();
$sql = "SELECT idart, online FROM " . $cfg['tab']['art_lang'] . " WHERE idart IN (" . $sSearch . ")";
$db->query($sql);
while($db->next_record()) {
$aFind[$db->f("idart")] = array("online" => $db->f("online"));
}
for($i = 0; $i < count($aSearchIDInfosArt); $i++) {
if(isset($aFind[$aSearchIDInfosArt[$i]['id']]) && $aFind[$aSearchIDInfosArt[$i]['id']]['online'] == 0) {
$aErrors['art'][] = array_merge($aSearchIDInfosArt[$i], array("error_type" => "offline"));
} elseif(!isset($aFind[$aSearchIDInfosArt[$i]['id']])) {
$aErrors['art'][] = array_merge($aSearchIDInfosArt[$i], array("error_type" => "unknown"));
}
}
}
$int_cnt_aSearchIDInfosCat = 0;
if(is_countable($aSearchIDInfosCat)) {
$int_cnt_aSearchIDInfosCat = count($aSearchIDInfosCat);
if ($i == 0) {
$sSearch = Contenido_Security::toInteger($aSearchIDInfosArt[$i]['id']);
} else {
$sSearch .= ", " . Contenido_Security::toInteger($aSearchIDInfosArt[$i]['id']);
}
}
if($int_cnt_aSearchIDInfosCat > 0) { // Checks idcats
for($i = 0; $i < $int_cnt_aSearchIDInfosCat; $i++) {
// Check articles
$aFind = array();
$sql = "SELECT idart, online FROM " . $cfg['tab']['art_lang'] . " WHERE idart IN (" . $sSearch . ")";
$db->query($sql);
if($i == 0) {
$sSearch = $aSearchIDInfosCat[$i]['id'];
} else {
$sSearch .= ", " . $aSearchIDInfosCat[$i]['id'];
}
while ($db->next_record()) {
$aFind[$db->f("idart")] = array("online" => $db->f("online"));
}
}
for ($i = 0; $i < count($aSearchIDInfosArt); $i++) {
// Check categorys
$aFind = array();
$sql = "SELECT idcat, startidartlang, visible FROM " . $cfg['tab']['cat_lang'] . " WHERE idcat IN (" . $sSearch . ") AND idlang = '" . Contenido_Security::toInteger($lang) . "'";
$db->query($sql);
if (isset($aFind[$aSearchIDInfosArt[$i]['id']]) && $aFind[$aSearchIDInfosArt[$i]['id']]['online'] == 0) {
$aErrors['art'][] = array_merge($aSearchIDInfosArt[$i], array("error_type" => "offline"));
} elseif (!isset($aFind[$aSearchIDInfosArt[$i]['id']])) {
$aErrors['art'][] = array_merge($aSearchIDInfosArt[$i], array("error_type" => "unknown"));
}
}
}
while($db->next_record()) {
$aFind[$db->f("idcat")] = array("online" => $db->f("visible"), "startidart" => $db->f("startidartlang"));
}
$int_cnt_aSearchIDInfosCat = 0;
for($i = 0; $i < count($aSearchIDInfosCat); $i++) {
if (is_countable($aSearchIDInfosCat)) {
$int_cnt_aSearchIDInfosCat = count($aSearchIDInfosCat);
}
if(is_array($aFind[$aSearchIDInfosCat[$i]['id']]) && $aFind[$aSearchIDInfosCat[$i]['id']]['startidart'] == 0) {
$aErrors['cat'][] = array_merge($aSearchIDInfosCat[$i], array("error_type" => "startart"));
} elseif(is_array($aFind[$aSearchIDInfosCat[$i]['id']]) && $aFind[$aSearchIDInfosCat[$i]['id']]['online'] == 0) {
$aErrors['cat'][] = array_merge($aSearchIDInfosCat[$i], array("error_type" => "offline"));
} elseif(!is_array($aFind[$aSearchIDInfosCat[$i]['id']])) {
$aErrors['cat'][] = array_merge($aSearchIDInfosCat[$i], array("error_type" => "unknown"));
}
if ($int_cnt_aSearchIDInfosCat > 0) { // Checks idcats
for ($i = 0; $i < $int_cnt_aSearchIDInfosCat; $i++) {
if(is_array($aFind[$aSearchIDInfosCat[$i]['id']]) && $aFind[$aSearchIDInfosCat[$i]['id']]['startidart'] != 0) {
if ($i == 0) {
$sSearch = $aSearchIDInfosCat[$i]['id'];
} else {
$sSearch .= ", " . $aSearchIDInfosCat[$i]['id'];
}
}
$sql = "SELECT idart FROM " . $cfg['tab']['art_lang'] . " WHERE idartlang = '" . $aFind[$aSearchIDInfosCat[$i]['id']]['startidart'] . "' AND online = '1'";
$db->query($sql);
// Check categorys
$aFind = array();
$sql = "SELECT idcat, startidartlang, visible FROM " . $cfg['tab']['cat_lang'] . " WHERE idcat IN (" . $sSearch . ") AND idlang = '" . Contenido_Security::toInteger($lang) . "'";
$db->query($sql);
if($db->num_rows() == 0) {
$aErrors['cat'][] = array_merge($aSearchIDInfosCat[$i], array("error_type" => "startart"));
}
while ($db->next_record()) {
$aFind[$db->f("idcat")] = array("online" => $db->f("visible"), "startidart" => $db->f("startidartlang"));
}
}
for ($i = 0; $i < count($aSearchIDInfosCat); $i++) {
}
if (is_array($aFind[$aSearchIDInfosCat[$i]['id']]) && $aFind[$aSearchIDInfosCat[$i]['id']]['startidart'] == 0) {
$aErrors['cat'][] = array_merge($aSearchIDInfosCat[$i], array("error_type" => "startart"));
} elseif (is_array($aFind[$aSearchIDInfosCat[$i]['id']]) && $aFind[$aSearchIDInfosCat[$i]['id']]['online'] == 0) {
$aErrors['cat'][] = array_merge($aSearchIDInfosCat[$i], array("error_type" => "offline"));
} elseif (!is_array($aFind[$aSearchIDInfosCat[$i]['id']])) {
$aErrors['cat'][] = array_merge($aSearchIDInfosCat[$i], array("error_type" => "unknown"));
}
}
if (is_array($aFind[$aSearchIDInfosCat[$i]['id']]) && $aFind[$aSearchIDInfosCat[$i]['id']]['startidart'] != 0) {
if(count($aSearchIDInfosCatArt) > 0) { // Checks idcatarts
$sql = "SELECT idart FROM " . $cfg['tab']['art_lang'] . " WHERE idartlang = '" . $aFind[$aSearchIDInfosCat[$i]['id']]['startidart'] . "' AND online = '1'";
$db->query($sql);
for($i = 0; $i < count($aSearchIDInfosCatArt); $i++) {
if ($db->num_rows() == 0) {
$aErrors['cat'][] = array_merge($aSearchIDInfosCat[$i], array("error_type" => "startart"));
}
}
}
}
if($i == 0) {
$sSearch = Contenido_Security::toInteger($aSearchIDInfosCatArt[$i]['id']);
} else {
$sSearch .= ", " . Contenido_Security::toInteger($aSearchIDInfosCatArt[$i]['id']);
}
if (count($aSearchIDInfosCatArt) > 0) { // Checks idcatarts
for ($i = 0; $i < count($aSearchIDInfosCatArt); $i++) {
}
if ($i == 0) {
$sSearch = Contenido_Security::toInteger($aSearchIDInfosCatArt[$i]['id']);
} else {
$sSearch .= ", " . Contenido_Security::toInteger($aSearchIDInfosCatArt[$i]['id']);
}
}
// Check articles
$aFind = array();
$sql = "SELECT idcatart FROM " . $cfg['tab']['cat_art'] . " WHERE idcatart IN (" . $sSearch . ")";
$db->query($sql);
// Check articles
$aFind = array();
$sql = "SELECT idcatart FROM " . $cfg['tab']['cat_art'] . " WHERE idcatart IN (" . $sSearch . ")";
$db->query($sql);
while($db->next_record()) {
$aFind[] = $db->f("idcatart");
}
while ($db->next_record()) {
$aFind[] = $db->f("idcatart");
}
for($i = 0; $i < count($aSearchIDInfosCatArt); $i++) {
for ($i = 0; $i < count($aSearchIDInfosCatArt); $i++) {
if(!in_array($aSearchIDInfosCatArt[$i]['id'], $aFind)) {
$aErrors['art'][] = array_merge($aSearchIDInfosCatArt[$i], array("error_type" => "unknown"));
}
if (!in_array($aSearchIDInfosCatArt[$i]['id'], $aFind)) {
$aErrors['art'][] = array_merge($aSearchIDInfosCatArt[$i], array("error_type" => "unknown"));
}
}
}
}
if (count($aSearchIDInfosNonID) != 0) { // Checks other links (e. g. http, www, dfbs)
// Select userrights (is the user admin or sysadmin?)
$sql = "SELECT username FROM " . $cfg['tab']['phplib_auth_user_md5'] . " WHERE user_id='" . Contenido_Security::escapeDB($auth->auth['uid'], $db) . "' AND perms LIKE '%admin%'";
$db->query($sql);
}
if ($db->num_rows() > 0 || $cronjob == true) { // User is admin when he is or when he run the cronjob
$iAdmin = true;
}
if(count($aSearchIDInfosNonID) != 0) { // Checks other links (e. g. http, www, dfbs)
for ($i = 0; $i < count($aSearchIDInfosNonID); $i++) {
// Select userrights (is the user admin or sysadmin?)
$sql = "SELECT username FROM " . $cfg['tab']['phplib_auth_user_md5'] . " WHERE user_id='" . Contenido_Security::escapeDB($auth->auth['uid'], $db) . "' AND perms LIKE '%admin%'";
$db->query($sql);
if (url_is_uri($aSearchIDInfosNonID[$i]['url'])) {
if($db->num_rows() > 0 || $cronjob == true) { // User is admin when he is or when he run the cronjob
$iAdmin = true;
}
if (substr($aSearchIDInfosNonID[$i]['url'], 0, strlen($aSearchIDInfosNonID[$i]['url'])) == $cfgClient[$client]['path']['htmlpath']) {
$iPing = @file_exists(str_replace($cfgClient[$client]['path']['htmlpath'], $cfgClient[$client]['path']['frontend'], $aSearchIDInfosNonID[$i]['url']));
} else {
$iPing = @fopen($aSearchIDInfosNonID[$i]['url'], 'r');
}
for($i = 0; $i < count($aSearchIDInfosNonID); $i++) {
if (!$iPing) {
if(url_is_uri($aSearchIDInfosNonID[$i]['url'])) {
if (url_is_image($aSearchIDInfosNonID[$i]['url'])) {
$aErrors['docimages'][] = array_merge($aSearchIDInfosNonID[$i], array("error_type" => "unknown"));
} else {
$aErrors['others'][] = array_merge($aSearchIDInfosNonID[$i], array("error_type" => "unknown"));
}
}
} elseif (substr($aSearchIDInfosNonID[$i]['url'], strlen($aSearchIDInfosNonID[$i]['url']) - 5, 5) == ".html") {
if(substr($aSearchIDInfosNonID[$i]['url'], 0, strlen($aSearchIDInfosNonID[$i]['url'])) == $cfgClient[$client]['path']['htmlpath']) {
$iPing = @file_exists(str_replace($cfgClient[$client]['path']['htmlpath'], $cfgClient[$client]['path']['frontend'], $aSearchIDInfosNonID[$i]['url']));
} else {
$iPing = @fopen($aSearchIDInfosNonID[$i]['url'], 'r');
}
$iPing = @file_exists($cfgClient[$client]['path']['htmlpath'] . $aSearchIDInfosNonID[$i]['url']);
if(!$iPing) {
if (!$iPing) {
$aErrors['art'][] = array_merge($aSearchIDInfosNonID[$i], array("error_type" => "unknown"));
}
} elseif (substr($aSearchIDInfosNonID[$i]['url'], 0, 20) == "dbfs.php?file=dbfs:/") {
if(url_is_image($aSearchIDInfosNonID[$i]['url'])) {
$aErrors['docimages'][] = array_merge($aSearchIDInfosNonID[$i], array("error_type" => "unknown"));
} else {
$aErrors['others'][] = array_merge($aSearchIDInfosNonID[$i], array("error_type" => "unknown"));
}
$sDBurl = substr($aSearchIDInfosNonID[$i]['url'], 20, strlen($aSearchIDInfosNonID[$i]['url']));
}
$iPos = strrpos($sDBurl, '/');
$sDirname = substr($sDBurl, 0, $iPos);
$sFilename = substr($sDBurl, $iPos + 1);
} elseif(substr($aSearchIDInfosNonID[$i]['url'], strlen($aSearchIDInfosNonID[$i]['url'])-5, 5) == ".html") {
// Check categorys
$sql = "SELECT iddbfs FROM " . $cfg['tab']['dbfs'] . " WHERE dirname IN('" . $sDirname . "', '" . clHtmlEntityDecode($sDirname) . "', '" . urldecode($sDirname) . "') AND filename = '" . $sFilename . "'";
$db->query($sql);
$iPing = @file_exists($cfgClient[$client]['path']['htmlpath'] . $aSearchIDInfosNonID[$i]['url']);
if ($db->num_rows() == 0) {
$aErrors['docimages'][] = array_merge($aSearchIDInfosNonID[$i], array("error_type" => "dbfs"));
}
} else {
if(!$iPing) {
$aErrors['art'][] = array_merge($aSearchIDInfosNonID[$i], array("error_type" => "unknown"));
}
if (!file_exists($cfgClient[$client]['path']['frontend'] . $aSearchIDInfosNonID[$i]['url'])) {
} elseif(substr($aSearchIDInfosNonID[$i]['url'], 0, 20) == "dbfs.php?file=dbfs:/") {
$sDBurl = substr($aSearchIDInfosNonID[$i]['url'], 20, strlen($aSearchIDInfosNonID[$i]['url']));
$iPos = strrpos($sDBurl, '/');
$sDirname = substr($sDBurl, 0, $iPos);
$sFilename = substr($sDBurl, $iPos + 1);
// Check categorys
$sql = "SELECT iddbfs FROM " . $cfg['tab']['dbfs'] . " WHERE dirname IN('" . $sDirname . "', '" . clHtmlEntityDecode($sDirname) . "', '" . urldecode($sDirname) . "') AND filename = '" . $sFilename . "'";
$db->query($sql);
if($db->num_rows() == 0) {
$aErrors['docimages'][] = array_merge($aSearchIDInfosNonID[$i], array("error_type" => "dbfs"));
}
} else {
if(!file_exists($cfgClient[$client]['path']['frontend'] . $aSearchIDInfosNonID[$i]['url'])) {
if(url_is_image($aSearchIDInfosNonID[$i]['url'])) {
$aErrors['docimages'][] = array_merge($aSearchIDInfosNonID[$i], array("error_type" => "unknown"));
} else {
$aErrors['others'][] = array_merge($aSearchIDInfosNonID[$i], array("error_type" => "unknown"));
}
}
}
}
}
return $aErrors;
if (url_is_image($aSearchIDInfosNonID[$i]['url'])) {
$aErrors['docimages'][] = array_merge($aSearchIDInfosNonID[$i], array("error_type" => "unknown"));
} else {
$aErrors['others'][] = array_merge($aSearchIDInfosNonID[$i], array("error_type" => "unknown"));
}
}
}
}
}
return $aErrors;
}
// Searchs front_content.php-links
function searchFrontContentLinks($sValue, $iArt, $sArt, $iCat, $sCat) {
global $aSearchIDInfosArt, $aSearchIDInfosCat, $aSearchIDInfosCatArt, $aWhitelist;
global $aSearchIDInfosArt, $aSearchIDInfosCat, $aSearchIDInfosCatArt, $aWhitelist;
// detect urls with parameter idart
$matches = array();
if (preg_match_all('/(?!file|ftp|http|ww)front_content.php\?idart=([0-9]*)/i', $sValue, $matches)) {
if (preg_match_all('/(?!file|ftp|http|ww)front_content.php\?idart=([0-9]*)/i', $sValue, $matches)) {
for ($i = 0; $i < count($matches[0]); $i++) {
if (!in_array($matches[0][$i], $aWhitelist)) {
$aSearchIDInfosArt[] = array(
@ -247,11 +224,11 @@ function searchFrontContentLinks($sValue, $iArt, $sArt, $iCat, $sCat) {
);
}
}
}
}
// detect urls with parameter idcat
$matches = array();
if (preg_match_all('/(?!file|ftp|http|ww)front_content.php\?idcat=([0-9]*)/i', $sValue, $matches)) {
if (preg_match_all('/(?!file|ftp|http|ww)front_content.php\?idcat=([0-9]*)/i', $sValue, $matches)) {
for ($i = 0; $i < count($matches[0]); $i++) {
if (!in_array($matches[0][$i], $aWhitelist)) {
$aSearchIDInfosCat[] = array(
@ -259,11 +236,11 @@ function searchFrontContentLinks($sValue, $iArt, $sArt, $iCat, $sCat) {
);
}
}
}
}
// detect urls with parameter idcatart
$matches = array();
if (preg_match_all('/(?!file|ftp|http|ww)front_content.php\?idcatart=([0-9]*)/i', $sValue, $matches)) { // idcatart
if (preg_match_all('/(?!file|ftp|http|ww)front_content.php\?idcatart=([0-9]*)/i', $sValue, $matches)) { // idcatart
for ($i = 0; $i < count($matches[0]); $i++) {
if (!in_array($matches[0][$i], $aWhitelist)) {
$aSearchIDInfosCatArt[] = array(
@ -271,46 +248,42 @@ function searchFrontContentLinks($sValue, $iArt, $sArt, $iCat, $sCat) {
);
}
}
}
}
}
// Searchs extern and intern links
function searchLinks($sValue, $iArt, $sArt, $iCat, $sCat, $iLang, $sFromtype = "") {
global $aUrl, $aSearchIDInfosNonID, $aWhitelist;
global $aUrl, $aSearchIDInfosNonID, $aWhitelist;
// Extern URL
if(preg_match_all('~(?:(?:action|data|href|src)=["\']((?:file|ftp|http|ww)[^\s]*)["\'])~i', $sValue, $aMatches) && $_GET['mode'] != 1) {
// Extern URL
if (preg_match_all('~(?:(?:action|data|href|src)=["\']((?:file|ftp|http|ww)[^\s]*)["\'])~i', $sValue, $aMatches) && $_GET['mode'] != 1) {
for($i = 0; $i < count($aMatches[1]); $i++) {
for ($i = 0; $i < count($aMatches[1]); $i++) {
if(!in_array($aMatches[1][$i], $aWhitelist)) {
$aSearchIDInfosNonID[] = array("url" => $aMatches[1][$i], "idart" => $iArt, "nameart" => $sArt, "idcat" => $iCat, "namecat" => $sCat, "lang" => $iLang, "urltype" => "extern");
}
if (!in_array($aMatches[1][$i], $aWhitelist)) {
$aSearchIDInfosNonID[] = array("url" => $aMatches[1][$i], "idart" => $iArt, "nameart" => $sArt, "idcat" => $iCat, "namecat" => $sCat, "lang" => $iLang, "urltype" => "extern");
}
}
}
}
// Redirect
if ($sFromtype == "Redirect" && (preg_match('!(' . preg_quote($aUrl['cms']) . '[^\s]*)!i', $sValue, $aMatches)
|| (preg_match('~(?:file|ftp|http|ww)[^\s]*~i', $sValue, $aMatches) && $_GET['mode'] != 1))
&& (stripos($sValue, 'front_content.php') === false)
&& !in_array($aMatches[0], $aWhitelist)) {
$aSearchIDInfosNonID[] = array("url" => $aMatches[0], "idart" => $iArt, "nameart" => $sArt, "idcat" => $iCat, "namecat" => $sCat, "lang" => $iLang, "urltype" => "unknown");
}
}
// Intern URL
if (preg_match_all('~(?:(?:action|data|href|src)=["\'])(?!file://)(?!ftp://)(?!http://)(?!https://)(?!ww)(?!mailto)(?!\#)(?!/\#)([^"\']+)(?:["\'])~i', $sValue, $aMatches) && $_GET['mode'] != 2) {
// Redirect
if($sFromtype == "Redirect" && (preg_match('!(' . preg_quote($aUrl['cms']) . '[^\s]*)!i', $sValue, $aMatches)
|| (preg_match('~(?:file|ftp|http|ww)[^\s]*~i', $sValue, $aMatches) && $_GET['mode'] != 1))
&& (stripos($sValue, 'front_content.php') === false)
&& !in_array($aMatches[0], $aWhitelist)) {
$aSearchIDInfosNonID[] = array("url" => $aMatches[0], "idart" => $iArt, "nameart" => $sArt, "idcat" => $iCat, "namecat" => $sCat, "lang" => $iLang, "urltype" => "unknown");
}
// Intern URL
if(preg_match_all('~(?:(?:action|data|href|src)=["\'])(?!file://)(?!ftp://)(?!http://)(?!https://)(?!ww)(?!mailto)(?!\#)(?!/\#)([^"\']+)(?:["\'])~i', $sValue, $aMatches) && $_GET['mode'] != 2) {
for($i = 0; $i < count($aMatches[1]); $i++) {
if(strpos($aMatches[1][$i], "front_content.php") === false && !in_array($aMatches[1][$i], $aWhitelist)) {
$aSearchIDInfosNonID[] = array("url" => $aMatches[1][$i], "idart" => $iArt, "nameart" => $sArt, "idcat" => $iCat, "namecat" => $sCat, "lang" => $iLang, "urltype" => "intern");
}
}
}
for ($i = 0; $i < count($aMatches[1]); $i++) {
if (strpos($aMatches[1][$i], "front_content.php") === false && !in_array($aMatches[1][$i], $aWhitelist)) {
$aSearchIDInfosNonID[] = array("url" => $aMatches[1][$i], "idart" => $iArt, "nameart" => $sArt, "idcat" => $iCat, "namecat" => $sCat, "lang" => $iLang, "urltype" => "intern");
}
}
}
}
?>