Skip to content
This repository has been archived by the owner on Nov 25, 2020. It is now read-only.

Commit

Permalink
Update zoho-agent with a key.
Browse files Browse the repository at this point in the history 
(cherry picked from commit 1cdbca8)
  • Loading branch information
@cdujeu
cdujeu committed Oct 11, 2013
1 parent b0ef0ec commit 571dc17
Show file tree
Hide file tree
Showing 3 changed files with 94 additions and 57 deletions.
61 changes: 48 additions & 13 deletions core/src/plugins/editor.zoho/agent/save_zoho.php
View file
@@ -1,17 +1,52 @@
<?php

$vars = array_merge($_GET, $_POST);

if(!isSet($vars["ajxp_action"]) && isset($vars["id"]) && isset($vars["format"])){

/**
* Remove all "../../" tentatives, replace double slashes
* @static
* @param string $path
* @return string
*/
function securePath($path)
{
if ($path == null) $path = "";
//
// REMOVE ALL "../" TENTATIVES
//
$path = str_replace(chr(0), "", $path);
$dirs = explode('/', $path);
for ($i = 0; $i < count($dirs); $i++) {
if ($dirs[$i] == '.' or $dirs[$i] == '..') {
$dirs[$i] = '';
}
}
// rebuild safe directory string
$path = implode('/', $dirs);

//
// REPLACE DOUBLE SLASHES
//
while (preg_match('/\/\//', $path)) {
$path = str_replace('//', '/', $path);
}
return $path;
}

// DEFINE A SECRET KEY, DEFINE YOURS!
define('SECRET_KEY', 'z-agent-key');
$vars = array_merge($_GET, $_POST);

if (!isSet($vars["ajxp_action"]) && isset($vars["id"]) && isset($vars["format"])) {

$filezoho = $_FILES['content']["tmp_name"];
$cleanId = str_replace(array("..", "/"), "", $vars["id"]);
$cleanId = securePath($vars["id"]);
move_uploaded_file($filezoho, "files/".$cleanId.".".$vars["format"]);
}else if($vars["ajxp_action"] == "get_file" && isSet($vars["name"])){
if(file_exists("files/".$vars["name"])){
readfile("files/".$vars["name"]);
unlink("files/".$vars["name"]);

} else if ($vars["ajxp_action"] == "get_file" && isSet($vars["name"]) && isset($vars['key']) && $vars["key"] == SECRET_KEY) {

$path = securePath($path);
if (file_exists("files/".$path)) {
readfile("files/".$path);
unlink("files/".$path);
}
}


?>

}
89 changes: 45 additions & 44 deletions core/src/plugins/editor.zoho/class.ZohoEditor.php
View file
Expand Up @@ -28,60 +28,61 @@
* @package AjaXplorer_Plugins
* @subpackage Editor
*/
class ZohoEditor extends AJXP_Plugin {

public function performChecks(){
if(!extension_loaded("openssl")){
class ZohoEditor extends AJXP_Plugin
{
public function performChecks()
{
if (!extension_loaded("openssl")) {
throw new Exception("Zoho plugin requires PHP 'openssl' extension, as posting the document to the Zoho server requires the Https protocol.");
}
}


public function switchAction($action, $httpVars, $filesVars){
if(!isSet($this->actions[$action])) return false;
$repository = ConfService::getRepository();
if(!$repository->detectStreamWrapper(true)){
return false;
}
$streamData = $repository->streamData;
$destStreamURL = $streamData["protocol"]."://".$repository->getId();
if($action == "post_to_zohoserver"){
public function switchAction($action, $httpVars, $filesVars)
{
if(!isSet($this->actions[$action])) return false;

$repository = ConfService::getRepository();
if (!$repository->detectStreamWrapper(true)) {
return false;
}

$streamData = $repository->streamData;
$destStreamURL = $streamData["protocol"]."://".$repository->getId();

if ($action == "post_to_zohoserver") {

$sheetExt = explode(",", "xls,xlsx,ods,sxc,csv,tsv");
$presExt = explode(",", "ppt,pps,odp,sxi");
$docExt = explode(",", "doc,docx,rtf,odt,sxw");

require_once(AJXP_BIN_FOLDER."/http_class/http_class.php");

$file = base64_decode($httpVars["file"]);
$file = SystemTextEncoding::magicDequote(AJXP_Utils::securePath($file));
$target = base64_decode($httpVars["parent_url"]);
$tmp = call_user_func(array($streamData["classname"], "getRealFSReference"), $destStreamURL.$file);
$tmp = SystemTextEncoding::fromUTF8($tmp);
$file = base64_decode($httpVars["file"]);
$file = SystemTextEncoding::magicDequote(AJXP_Utils::securePath($file));
$target = base64_decode($httpVars["parent_url"]);
$tmp = call_user_func(array($streamData["classname"], "getRealFSReference"), $destStreamURL.$file);
$tmp = SystemTextEncoding::fromUTF8($tmp);

$node = new AJXP_Node($destStreamURL.$file);
AJXP_Controller::applyHook("node.read", array($node));

$extension = strtolower(pathinfo(urlencode(basename($file)), PATHINFO_EXTENSION));
$httpClient = new http_class();
$httpClient = new http_class();
$httpClient->request_method = "POST";

$secureToken = $httpVars["secure_token"];
$_SESSION["ZOHO_CURRENT_EDITED"] = $destStreamURL.$file;
$_SESSION["ZOHO_CURRENT_UUID"] = md5(rand()."-".microtime());

if($this->getFilteredOption("USE_ZOHO_AGENT", $repository->getId())){
if ($this->getFilteredOption("USE_ZOHO_AGENT", $repository->getId())) {
$saveUrl = $this->getFilteredOption("ZOHO_AGENT_URL", $repository->getId());
}else{
} else {
$saveUrl = $target."/".AJXP_PLUGINS_FOLDER."/editor.zoho/agent/save_zoho.php";
}


$params = array(
$params = array(
'id' => $_SESSION["ZOHO_CURRENT_UUID"],
'apikey' => $this->getFilteredOption("ZOHO_API_KEY", $repository->getId()),
'output' => 'url',
Expand All @@ -91,14 +92,14 @@ public function switchAction($action, $httpVars, $filesVars){
'format' => $extension,
'mode' => 'normaledit',
'saveurl' => $saveUrl
);
);

$service = "exportwriter";
if(in_array($extension, $sheetExt)){
if (in_array($extension, $sheetExt)) {
$service = "sheet";
}else if(in_array($extension, $presExt)){
} else if (in_array($extension, $presExt)) {
$service = "show";
}else if(in_array($extension, $docExt)){
} else if (in_array($extension, $docExt)) {
$service = "exportwriter";
}
$arguments = array();
Expand All @@ -108,11 +109,11 @@ public function switchAction($action, $httpVars, $filesVars){
"content" => array("FileName" => $tmp, "Content-Type" => "automatic/name")
);
$err = $httpClient->Open($arguments);
if(empty($err)){
if (empty($err)) {
$err = $httpClient->SendRequest($arguments);
if(empty($err)){
if (empty($err)) {
$response = "";
while(true){
while (true) {
$body = "";
$error = $httpClient->ReadReplyBody($body, 1000);
if($error != "" || strlen($body) == 0) break;
Expand All @@ -121,35 +122,35 @@ public function switchAction($action, $httpVars, $filesVars){
$result = trim($response);
$matchlines = explode("\n", $result);
$resultValues = array();
foreach($matchlines as $line){
foreach ($matchlines as $line) {
list($key, $val) = explode("=", $line, 2);
$resultValues[$key] = $val;
}
if($resultValues["RESULT"] == "TRUE" && isSet($resultValues["URL"])){
if ($resultValues["RESULT"] == "TRUE" && isSet($resultValues["URL"])) {
header("Location: ".$resultValues["URL"]);
}else{
} else {
echo "Zoho API Error ".$resultValues["ERROR_CODE"]." : ".$resultValues["WARNING"];
echo "<script>window.parent.setTimeout(function(){parent.hideLightBox();}, 2000);</script>";
}
}
$httpClient->Close();
}

}else if($action == "retrieve_from_zohoagent"){
} else if ($action == "retrieve_from_zohoagent") {
$targetFile = $_SESSION["ZOHO_CURRENT_EDITED"];
$id = $_SESSION["ZOHO_CURRENT_UUID"].".".pathinfo($targetFile, PATHINFO_EXTENSION);
$node = new AJXP_Node($targetFile);
$node->loadNodeInfo();
AJXP_Controller::applyHook("node.before_change", array(&$node));

if($this->getFilteredOption("USE_ZOHO_AGENT",$repository->getId()) ){
$data = AJXP_Utils::getRemoteContent( $this->getFilteredOption("ZOHO_AGENT_URL",$repository->getId())."?ajxp_action=get_file&name=".$id);
if(strlen($data)){
if ($this->getFilteredOption("USE_ZOHO_AGENT",$repository->getId()) ) {
$data = AJXP_Utils::getRemoteContent( $this->getFilteredOption("ZOHO_AGENT_URL",$repository->getId())."?ajxp_action=get_file&name=".$id."&key=".$this->getFilteredOption("ZOHO_AGENT_URL", $repository->getId()));
if (strlen($data)) {
file_put_contents($targetFile, $data);
echo "MODIFIED";
}
}else{
if(is_file(AJXP_INSTALL_PATH."/".AJXP_PLUGINS_FOLDER."/editor.zoho/agent/files/".$id)){
} else {
if (is_file(AJXP_INSTALL_PATH."/".AJXP_PLUGINS_FOLDER."/editor.zoho/agent/files/".$id)) {
copy(AJXP_INSTALL_PATH."/".AJXP_PLUGINS_FOLDER."/editor.zoho/agent/files/".$id, $targetFile);
unlink(AJXP_INSTALL_PATH."/".AJXP_PLUGINS_FOLDER."/editor.zoho/agent/files/".$id);
echo "MODIFIED";
Expand All @@ -159,6 +160,6 @@ public function switchAction($action, $httpVars, $filesVars){
}


}
}

}
1 change: 1 addition & 0 deletions core/src/plugins/editor.zoho/manifest.xml
View file
Expand Up @@ -6,6 +6,7 @@
<!--<global_param name="ZOHO_SECRET_KEY" type="string" description="CONF_MESSAGE[Zoho secret key, you must have registered to api.zoho.com]" label="CONF_MESSAGE[Secret Key]" mandatory="true"/>-->
<global_param name="USE_ZOHO_AGENT" expose="true" type="boolean" description="CONF_MESSAGE[If you are working locally or behind a firewall, you can install an ajaxplorer Zoho Agent somewhere in the public zone. See the plugin folder content.]" label="CONF_MESSAGE[Use Z-Agent]" mandatory="false" default="false"/>
<global_param name="ZOHO_AGENT_URL" type="string" description="CONF_MESSAGE[If you use the agent, enter its URL here.]" label="CONF_MESSAGE[Z-Agent URL]" mandatory="false"/>
<global_param name="ZOHO_AGENT_KEY" type="string" description="CONF_MESSAGE[Set up a key for this agent. Make sure to manually edit it as well inside the agent PHP file!]" label="CONF_MESSAGE[Z-Agent Key]" mandatory="true" default="z-agent-key"/>
</server_settings>
<client_settings>
<resources>
Expand Down

0 comments on commit 571dc17

Please sign in to comment.