WB 2.08.x

<?php

// $Id$

/*

 Website Baker Project <http://www.websitebaker.org/>

 Copyright (C) 2004-2009, Ryan Djurovich

 Website Baker is free software; you can redistribute it and/or modify

 it under the terms of the GNU General Public License as published by

 the Free Software Foundation; either version 2 of the License, or

 (at your option) any later version.

 Website Baker is distributed in the hope that it will be useful,

 but WITHOUT ANY WARRANTY; without even the implied warranty of

 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 GNU General Public License for more details.

 You should have received a copy of the GNU General Public License

 along with Website Baker; if not, write to the Free Software

 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

*/

// Get page & section id

if(!isset($_POST['page_id']) OR !is_numeric($_POST['page_id'])) {

	header("Location: index.php");

	exit(0);

} else {

	$page_id = $_POST['page_id'];

}

if(!isset($_POST['section_id']) OR !is_numeric($_POST['section_id'])) {

	header("Location: index.php");

	exit(0);

} else {

	$section_id = $_POST['section_id'];

}

// Create new admin object

require('../../config.php');

require_once(WB_PATH.'/framework/class.admin.php');

$admin = new admin('Pages', 'pages_modify');

// Get perms

$database = new database();

$results = $database->query("SELECT admin_groups,admin_users FROM ".TABLE_PREFIX."pages WHERE page_id = '$page_id'");

$results_array = $results->fetchRow();

$old_admin_groups = explode(',', str_replace('_', '', $results_array['admin_groups']));

$old_admin_users = explode(',', str_replace('_', '', $results_array['admin_users']));

$in_old_group = FALSE;

foreach($admin->get_groups_id() as $cur_gid){

    if (in_array($cur_gid, $old_admin_groups)) {

        $in_old_group = TRUE;

    }

}

if((!$in_old_group) AND !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) {

	$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']);

}

// Get page module

$database = new database();

$query = "SELECT module FROM ".TABLE_PREFIX."pages WHERE page_id = '$page_id'";

$results = $database->query($query);

if($database->is_error()) {

	$admin->print_error($database->get_error());

}

if($results->numRows() == 0) {

	$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);

}

$results_array = $results->fetchRow();

$module = $results_array['module'];

// Update the pages table

$now = time();

$query = "UPDATE ".TABLE_PREFIX."pages SET modified_when = '$now', modified_by = '".$admin->get_user_id()."' WHERE page_id = '$page_id'";

$database->query($query);

// Include the modules saving script if it exists

if(file_exists(WB_PATH.'/modules/'.$module.'/save.php')) {

	require(WB_PATH.'/modules/'.$module.'/save.php');

}

// Check if there is a db error, otherwise say successful

if($database->is_error()) {

	$admin->print_error($database->get_error(), $js_back);

} else {

	$admin->print_success($MESSAGE['PAGES']['SAVED'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id);

}

// Print admin footer

$admin->print_footer();

if(!defined('REVISION')) define('REVISION', '1305');

<?php

/**

 * $Id$

 * Website Baker Manual module installation

 *

 * This file contains the function to invoke the module install or upgrade

 * scripts update the Add-on information from the

 * database with the ones stored in the Add-on files (e.g. info.php or EN.php)

 *

 * LICENSE: GNU Lesser General Public License 3.0

 * 

 * @author		Christian Sommer

 * @copyright	(c) 2009

 * @license		http://www.gnu.org/copyleft/lesser.html

 * @version		0.2.0

 * @platform	Website Baker 2.7

 *

 * Website Baker Project <http://www.websitebaker.org/>

 * Copyright (C) 2004-2009, Ryan Djurovich

 *

 * Website Baker is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License as published by

 * the Free Software Foundation; either version 2 of the License, or

 * (at your option) any later version.

 *

 * Website Baker is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with Website Baker; if not, write to the Free Software

 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

*/

/**

 * check if there is anything to do

 */

if (!(isset($_POST['action']) && in_array($_POST['action'], array('install', 'upgrade', 'uninstall')))) die(header('Location: index.php?advanced'));

if (!(isset($_POST['file']) && $_POST['file'] != '' && (strpos($_POST['file'], '..') === false))) die(header('Location: index.php?advanced'));

/**

 * check if user has permissions to access this file

 */

// include WB configuration file and WB admin class

require_once('../../config.php');

require_once('../../framework/class.admin.php');

// check user permissions for admintools (redirect users with wrong permissions)

$admin = new admin('Admintools', 'admintools', false, false);

if ($admin->get_permission('admintools') == false) die(header('Location: ../../index.php'));

// check if the referer URL if available

$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 

	(isset($HTTP_SERVER_VARS['HTTP_REFERER']) ? $HTTP_SERVER_VARS['HTTP_REFERER'] : '');

// if referer is set, check if script was invoked from "admin/modules/index.php"

$required_url = ADMIN_URL . '/modules/index.php';

if ($referer != '' && (!(strpos($referer, $required_url) !== false || strpos($referer, $required_url) !== false))) 

	die(header('Location: ../../index.php'));

// include WB functions file

require_once(WB_PATH . '/framework/functions.php');

// load WB language file

require_once(WB_PATH . '/languages/' . LANGUAGE .'.php');

// create Admin object with admin header

$admin = new admin('Addons', '', true, false);

$js_back = ADMIN_URL . '/modules/index.php?advanced';

/**

 * Manually execute the specified module file (install.php, upgrade.php or uninstall.php)

 */

// check if specified module folder exists

$mod_path = WB_PATH . '/modules/' . basename(WB_PATH . '/' . $_POST['file']);

if (!file_exists($mod_path . '/' . $_POST['action'] . '.php')) $admin->print_error($TEXT['NOT_FOUND'] . ': <tt>"' . htmlentities(basename($mod_path)) . '/' . $_POST['action'] . '.php"</tt> ', $js_back);

// include modules install.php script

require($mod_path . '/' . $_POST['action'] . '.php');

// load module info into database and output status message

load_module($mod_path, false);

$msg = $TEXT['EXECUTE'] . ': <tt>"' . htmlentities(basename($mod_path)) . '/' . $_POST['action'] . '.php"</tt>';

switch ($_POST['action']) {

	case 'install':

		$admin->print_success($msg, $js_back);

		break;

	case 'upgrade':

		$admin->print_success($msg, $js_back);

		break;

	case 'uninstall':

		$admin->print_success($msg, $js_back);

		break;

}

<?php

// $Id$

/*

 Website Baker Project <http://www.websitebaker.org/>

 Copyright (C) 2004-2009, Ryan Djurovich

 Website Baker is free software; you can redistribute it and/or modify

 it under the terms of the GNU General Public License as published by

 the Free Software Foundation; either version 2 of the License, or

 (at your option) any later version.

 Website Baker is distributed in the hope that it will be useful,

 but WITHOUT ANY WARRANTY; without even the implied warranty of

 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 GNU General Public License for more details.

 You should have received a copy of the GNU General Public License

 along with Website Baker; if not, write to the Free Software

 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

*/

// Check if user uploaded a file

if(!isset($_FILES['userfile'])) {

	header("Location: index.php");

	exit(0);

}

// do not display notices and warnings during installation

error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING);

// Setup admin object

require('../../config.php');

require_once(WB_PATH.'/framework/class.admin.php');

$admin = new admin('Addons', 'modules_install');

// Include the WB functions file

require_once(WB_PATH.'/framework/functions.php');

// Set temp vars

$temp_dir = WB_PATH.'/temp/';

$temp_file = $temp_dir . $_FILES['userfile']['name'];

$temp_unzip = WB_PATH.'/temp/unzip/';

// Try to upload the file to the temp dir

if(!move_uploaded_file($_FILES['userfile']['tmp_name'], $temp_file)) {

	$admin->print_error($MESSAGE['GENERIC']['CANNOT_UPLOAD']);

}

// Include the PclZip class file (thanks to 

require_once(WB_PATH.'/include/pclzip/pclzip.lib.php');

// Remove any vars with name "module_directory"

unset($module_directory);

// Setup the PclZip object

$archive = new PclZip($temp_file);

// Unzip the files to the temp unzip folder

$list = $archive->extract(PCLZIP_OPT_PATH, $temp_unzip);

// Check if uploaded file is a valid Add-On zip file

if (!($list && file_exists($temp_unzip . 'index.php'))) $admin->print_error($MESSAGE['GENERIC']['INVALID_ADDON_FILE']);

// Include the modules info file

require($temp_unzip.'info.php');

// Perform Add-on requirement checks before proceeding

require(WB_PATH . '/framework/addon.precheck.inc.php');

preCheckAddon($temp_file);

// Delete the temp unzip directory

rm_full_dir($temp_unzip);

// Check if the file is valid

if(!isset($module_directory)) {

	if(file_exists($temp_file)) { unlink($temp_file); } // Remove temp file

	$admin->print_error($MESSAGE['GENERIC']['INVALID']);

}

// Check if this module is already installed

// and compare versions if so

$new_module_version=$module_version;

$action="install";

if(is_dir(WB_PATH.'/modules/'.$module_directory)) {

	if(file_exists(WB_PATH.'/modules/'.$module_directory.'/info.php')) {

		require(WB_PATH.'/modules/'.$module_directory.'/info.php');

		// Version to be installed is older than currently installed version

		if (versionCompare($module_version, $new_module_version, '>=')) {

			if(file_exists($temp_file)) { unlink($temp_file); } // Remove temp file

			$admin->print_error($MESSAGE['GENERIC']['ALREADY_INSTALLED']);

		}

		$action="upgrade";

	}

}

// Check if module dir is writable

if(!is_writable(WB_PATH.'/modules/')) {

	if(file_exists($temp_file)) { unlink($temp_file); } // Remove temp file

	$admin->print_error($MESSAGE['GENERIC']['BAD_PERMISSIONS']);

}

// Set module directory

$module_dir = WB_PATH.'/modules/'.$module_directory;

// Make sure the module dir exists, and chmod if needed

make_dir($module_dir);

// Unzip module to the module dir

$list = $archive->extract(PCLZIP_OPT_PATH, $module_dir);

if(!$list) {

	$admin->print_error($MESSAGE['GENERIC']['CANNOT_UNZIP']);

}

// Delete the temp zip file

if(file_exists($temp_file)) { unlink($temp_file); }

// Chmod all the uploaded files

$dir = dir($module_dir);

while (false !== $entry = $dir->read()) {

	// Skip pointers

	if(substr($entry, 0, 1) != '.' AND $entry != '.svn' AND !is_dir($module_dir.'/'.$entry)) {

		// Chmod file

		change_mode($module_dir.'/'.$entry, 'file');

	}

}

// Run the modules install // upgrade script if there is one

if(file_exists(WB_PATH.'/modules/'.$module_directory.'/'.$action.'.php')) {

	require(WB_PATH.'/modules/'.$module_directory.'/'.$action.'.php');

}

// Print success message

if ($action=="install") {

	// Load module info into DB

	load_module(WB_PATH.'/modules/'.$module_directory, false);

	$admin->print_success($MESSAGE['GENERIC']['INSTALLED']);

} else if ($action=="upgrade") {

	upgrade_module($module_directory, false);

	$admin->print_success($MESSAGE['GENERIC']['UPGRADED']);

}	

// Print admin footer

$admin->print_footer();