Project

General

Profile

1 2 Manuela
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         modules
6
 * @author          Ryan Djurovich, Christian Sommer, WebsiteBaker Project
7
 * @copyright       Ryan Djurovich
8
 * @copyright       WebsiteBaker Org. e.V.
9
 * @link            http://websitebaker.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.3
12
 * @requirements    PHP 5.3.6 and higher
13
 * @version         $Id$
14
 * @filesource      $HeadURL$
15
 * @lastmodified    $Date$
16
 *
17
 */
18
19
/**
20
 * check if there is anything to do
21
 */
22
23
/**
24
 * check if user has permissions to access this file
25
 */
26
// Include config file and admin class file
27
if ( !defined( 'WB_PATH' ) ){ require( dirname(dirname((__DIR__))).'/config.php' ); }
28
29
if ( !class_exists('admin', false) ) { require(WB_PATH.'/framework/class.admin.php'); }
30
// Include the WB functions file
31
if ( !function_exists( 'get_modul_version' ) ) { require(WB_PATH.'/framework/functions.php'); }
32
if (!function_exists("replace_all")) {
33
    function replace_all ($aStr = "", &$aArray ) {
34
        foreach($aArray as $k=>$v) $aStr = str_replace("{{".$k."}}", $v, $aStr);
35
        return $aStr;
36
    }
37
}
38
39
// check user permissions for admintools (redirect users with wrong permissions)
40
$admin = new admin('Admintools', 'admintools', false, false);
41
/*
42
if (!(isset($_POST['action']) && in_array($_POST['action'], array('install', 'upgrade', 'uninstall')))) { die(header('Location: index.php?advanced')); }
43
if (!(isset($_POST['file']) && $_POST['file'] != '' && (strpos($_POST['file'], '..') === false))){  die(header('Location: index.php?advanced'));  }
44
*/
45
$sCallingScript = $_SERVER["SCRIPT_NAME"];
46
47
$js_back = ADMIN_URL . '/modules/index.php?advanced';
48
49
if( !$admin->checkFTAN() ){
50
    $admin->print_header();
51
    $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back);
52
}
53
54
if ($admin->get_permission('admintools') == false) {
55
    $admin->print_header();
56
    $admin->print_error($MESSAGE['ADMIN_INSUFFICIENT_PRIVELLIGES'], $js_back);
57
  }
58
59
60
// check if the referer URL if available
61
$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] :
62
    (isset($HTTP_SERVER_VARS['HTTP_REFERER']) ? $HTTP_SERVER_VARS['HTTP_REFERER'] : '');
63
$referer = '';
64
// if referer is set, check if script was invoked from "admin/modules/index.php"
65
$required_url = ADMIN_URL . '/modules/index.php';
66
if ($referer != '' && (!(strpos($referer, $required_url) !== false || strpos($referer, $required_url) !== false)))
67
{
68
    $admin->print_header();
69
    $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back);
70
}
71
72
// include WB functions file
73
require_once(WB_PATH . '/framework/functions.php');
74
75
// load WB language file
76
require_once(WB_PATH . '/languages/' . LANGUAGE .'.php');
77
78
// create Admin object with admin header
79
$admin = new admin('Addons', '', true, false);
80
$aValideActions = array( 'uninstall', 'install', 'upgrade' );
81
82
$sAction = $admin->StripCodeFromText($_POST['action']);
83
$sAction = ( in_array($sAction, $aValideActions) ? $sAction : 'upgrade' );
84
/**
85
 * Manually execute the specified module file (install.php, upgrade.php or uninstall.php)
86
 */
87
    $sAddonName = '';
88
    if (!isset($_POST['file']) || $_POST['file'] == false) {
89
        $iAddonId = 0;
90
        $admin->print_error( $MESSAGE['GENERIC_FORGOT_OPTIONS'], $js_back );
91
    } else {
92
        $iAddonId = $admin->checkIDKEY('file',0);
93
    }
94
95
    if ( is_numeric($iAddonId)&&($iAddonId == 0)){
96
        $admin->print_error($iAddonId.' '.$MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back );
97
    }
98
// Get module directory
99
    if ($sAction != 'install') {
100
        $sqlAddons = 'SELECT `directory` FROM `'.TABLE_PREFIX.'addons` '
101
                   . 'WHERE `addon_id`='.(int)$iAddonId.' '
102
                   . ''.'';
103
        if ($sAddonName = $database->get_one($sqlAddons)) {
104
            $sAddonName = preg_replace('/[^a-z0-9_-]/i', "", $sAddonName);  // fix secunia 2010-92-2
105
        }
106
    } else {
107
        $sAddonName = preg_replace('/[^a-z0-9_-]/i', "", $iAddonId);  // fix secunia 2010-92-2
108
    }
109
// Extra protection
110
if(trim($sAddonName) == '') {
111
    $admin->print_error($MESSAGE['GENERIC_ERROR_OPENING_FILE'], $js_back );
112
}
113
114
// check whether the module is needed in core
115
$aPreventFromUninstall = array ( 'captcha_control', 'jsadmin', 'output_filter', 'wysiwyg', 'menu_link' );
116
if(
117
    $sAction == 'uninstall' &&
118
    preg_match('/'.$sAddonsFile.'/si', implode('|', $aPreventFromUninstall ))
119
) {
120
    $temp = array ('name' => $file );
121
    $msg = replace_all( $MESSAGE['MEDIA_CANNOT_DELETE_DIR'], $temp );
122
    $admin->print_error( $msg );
123
}
124
125
// check if specified module folder exists
126
$sAddonRelPath = '/modules/'.$sAddonName;
127
// let the old variablename if module use it
128
129
if (!file_exists( WB_PATH.$sAddonRelPath.'/'.$sAction. '.php')){
130
    $admin->print_header();
131
    $admin->print_error($TEXT['NOT_FOUND'].': <tt>"'.$sAddonName.'/'.$sAction.'.php"</tt> ', $js_back);
132
}
133
// include modules install.php script
134
if( in_array($sAction, $aValideActions) ) {
135
    require(WB_PATH.$sAddonRelPath . '/' . $sAction . '.php');
136
}
137
// load module info into database and output status message
138
load_module(WB_PATH.$sAddonRelPath, false);
139
$msg = $TEXT['EXECUTE'] . ': <tt>"'.$sAddonName.'/'.$sAction.'.php"</tt>';
140
141
switch ($sAction)
142
{
143
    case 'install':
144
        $admin->print_success($msg, $js_back);
145
        break;
146
147
    case 'upgrade':
148
        upgrade_module($sAddonName, false);
149
        $admin->print_success($msg, $js_back);
150
        break;
151
152
    case 'uninstall':
153
        $admin->print_success($msg, $js_back);
154
        break;
155
}