Permalink
Browse files

Autoupdater Robot

  • Loading branch information...
1 parent b2ade2d commit e9b7f9eeb8281172cd7a5dc8d9b8609c2a7adb57 @CuteNews committed Jul 5, 2016
View
@@ -679,12 +679,14 @@ function _GL($v)
$result = array();
foreach ($vs as $vc)
{
- $el=explode(':', $vc, 2);
- $vc=isset($el[0])?$el[0]:false;
- $func = isset($el[1])?$el[1]:false;
- $var=false;
- if($vc) $var = isset($GLOBALS[trim($vc)])?$GLOBALS[trim($vc)]:false;
+ $el = explode(':', $vc, 2);
+ $vc = isset($el[0]) ? $el[0]:false;
+ $func = isset($el[1]) ? $el[1]:false;
+
+ $var = false;
+ if ($vc) $var = isset($GLOBALS[trim($vc)]) ? $GLOBALS[trim($vc)] : false;
if ($func) $var = call_user_func($func, $var);
+
$result[] = $var;
}
@@ -1014,16 +1016,16 @@ function cn_lang_init()
function cn_config_load()
{
global $_CN_access;
- //checking permission for load config
- $conf_dir=cn_path_construct(SERVDIR,'cdata');
- if(!is_dir($conf_dir)||!is_writable($conf_dir))
- {
+
+ // Checking permission for load config
+ $conf_dir = cn_path_construct(SERVDIR, 'cdata');
+ if (!is_dir($conf_dir) || !is_writable($conf_dir)) {
return false;
}
$conf_path=cn_path_construct(SERVDIR,'cdata').'conf.php';
$cfg = cn_touch_get($conf_path);
- if(!$cfg)
+ if (!$cfg)
{
if(defined('SHOW_NEWS'))
{
@@ -1033,7 +1035,7 @@ function cn_config_load()
else
{
//echo 'Need convert data - run migration_update_data.php';
- $cfg= cn_touch_get($conf_path, true);
+ $cfg = cn_touch_get($conf_path, true);
}
}
@@ -4077,7 +4079,6 @@ function cn_snippet_ckeditor($ids = '')
echo 'CKEDITOR.config.smiley_images = [ '.hook('settings/CKEDITOR_emoticons', $CKSmiles).' ];'."\n";
echo 'CKEDITOR.config.smiley_descriptions = [];'."\n";
echo "CKEDITOR.config.allowedContent = true;";
- echo 'CKEDITOR.config.enterMode = CKEDITOR.ENTER_BR;';
$ids = spsep($ids);
foreach ($ids as $id)
@@ -4249,7 +4250,7 @@ function cn_get_news($opts)
}
// Cache Key
- $cache_id = md5(json_encode(array($cfilter, $ufilter, $tag, $nocat, $date_out, $nlpros, $sort, $dir)));
+ $cache_id = md5(json_encode(array($cfilter, $ufilter, $tag, $nocat, $date_out, $nlpros, $sort, $dir, $source, $archive_id)));
$cache_dis = (defined('CACHE_DISABLE') && CACHE_DISABLE) ? 1 : 0;
if ($cache_dis || $FlatDB->cache_not_exists($cache_id)) {
View
@@ -0,0 +1,154 @@
+<?php
+
+class Downloader
+{
+ // Attempts to fetch the provided URL using any available means
+ function get_remote_file($url, $timeout = 30, $head_only = false, $max_redirects = 10)
+ {
+ $result = null;
+ $parsed_url = parse_url($url);
+ $allow_url_fopen = strtolower(@ini_get('allow_url_fopen'));
+
+ // Quite unlikely that this will be allowed on a shared host, but it can't hurt
+ if (function_exists('ini_set'))
+ @ini_set('default_socket_timeout', $timeout);
+
+ // If we have cURL, we might as well use it
+ if (function_exists('curl_init'))
+ {
+ // Setup the transfer
+ $ch = curl_init();
+ curl_setopt($ch, CURLOPT_URL, $url);
+ curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+ curl_setopt($ch, CURLOPT_HEADER, true);
+ curl_setopt($ch, CURLOPT_NOBODY, $head_only);
+ curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
+ curl_setopt($ch, CURLOPT_USERAGENT, 'CutePHP');
+
+ // Grab the page
+ $content = @curl_exec($ch);
+ $responce_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+ curl_close($ch);
+
+ // Process 301/302 redirect
+ if ($content !== false && ($responce_code == '301' || $responce_code == '302') && $max_redirects > 0)
+ {
+ $headers = explode("\r\n", trim($content));
+ foreach ($headers as $header)
+ if (substr($header, 0, 10) == 'Location: ')
+ {
+ $responce = get_remote_file(substr($header, 10), $timeout, $head_only, $max_redirects - 1);
+ if ($responce !== null)
+ $responce['headers'] = array_merge($headers, $responce['headers']);
+ return $responce;
+ }
+ }
+
+ // Ignore everything except a 200 response code
+ if ($content !== false && $responce_code == '200')
+ {
+ if ($head_only)
+ $result['headers'] = explode("\r\n", str_replace("\r\n\r\n", "\r\n", trim($content)));
+ else
+ {
+ preg_match('#HTTP/1.[01] 200 OK#', $content, $match, PREG_OFFSET_CAPTURE);
+ $last_content = substr($content, $match[0][1]);
+ $content_start = strpos($last_content, "\r\n\r\n");
+ if ($content_start !== false)
+ {
+ $result['headers'] = explode("\r\n", str_replace("\r\n\r\n", "\r\n", substr($content, 0, $match[0][1] + $content_start)));
+ $result['content'] = substr($last_content, $content_start + 4);
+ }
+ }
+ }
+ }
+ // fsockopen() is the second best thing
+ else if (function_exists('fsockopen'))
+ {
+ $remote = @fsockopen($parsed_url['host'], !empty($parsed_url['port']) ? intval($parsed_url['port']) : 80, $errno, $errstr, $timeout);
+ if ($remote)
+ {
+ // Send a standard HTTP 1.0 request for the page
+ fwrite($remote, ($head_only ? 'HEAD' : 'GET').' '.(!empty($parsed_url['path']) ? $parsed_url['path'] : '/').(!empty($parsed_url['query']) ? '?'.$parsed_url['query'] : '').' HTTP/1.0'."\r\n");
+ fwrite($remote, 'Host: '.$parsed_url['host']."\r\n");
+ fwrite($remote, 'User-Agent: CutePHP'."\r\n");
+ fwrite($remote, 'Connection: Close'."\r\n\r\n");
+ stream_set_timeout($remote, $timeout);
+ $stream_meta = stream_get_meta_data($remote);
+
+ // Fetch the response 1024 bytes at a time and watch out for a timeout
+ $content = false;
+ while (!feof($remote) && !$stream_meta['timed_out'])
+ {
+ $content .= fgets($remote, 1024);
+ $stream_meta = stream_get_meta_data($remote);
+ }
+ fclose($remote);
+
+ // Process 301/302 redirect
+ if ($content !== false && $max_redirects > 0 && preg_match('#^HTTP/1.[01] 30[12]#', $content))
+ {
+ $headers = explode("\r\n", trim($content));
+ foreach ($headers as $header)
+ if (substr($header, 0, 10) == 'Location: ')
+ {
+ $responce = get_remote_file(substr($header, 10), $timeout, $head_only, $max_redirects - 1);
+ if ($responce !== null)
+ $responce['headers'] = array_merge($headers, $responce['headers']);
+ return $responce;
+ }
+ }
+
+ // Ignore everything except a 200 response code
+ if ($content !== false && preg_match('#^HTTP/1.[01] 200 OK#', $content))
+ {
+ if ($head_only)
+ $result['headers'] = explode("\r\n", trim($content));
+ else
+ {
+ $content_start = strpos($content, "\r\n\r\n");
+ if ($content_start !== false)
+ {
+ $result['headers'] = explode("\r\n", substr($content, 0, $content_start));
+ $result['content'] = substr($content, $content_start + 4);
+ }
+ }
+ }
+ }
+ }
+ // Last case scenario, we use file_get_contents provided allow_url_fopen is enabled (any non 200 response results in a failure)
+ else if (in_array($allow_url_fopen, array('on', 'true', '1')))
+ {
+ // PHP5's version of file_get_contents() supports stream options
+ if (version_compare(PHP_VERSION, '5.0.0', '>='))
+ {
+ // Setup a stream context
+ $stream_context = stream_context_create(
+ array(
+ 'http' => array(
+ 'method' => $head_only ? 'HEAD' : 'GET',
+ 'user_agent' => 'CutePHP',
+ 'max_redirects' => $max_redirects + 1, // PHP >=5.1.0 only
+ 'timeout' => $timeout // PHP >=5.2.1 only
+ )
+ )
+ );
+ $content = @file_get_contents($url, false, $stream_context);
+ }
+ else
+ $content = @file_get_contents($url);
+
+ // Did we get anything?
+ if ($content !== false)
+ {
+ // Gotta love the fact that $http_response_header just appears in the global scope (*cough* hack! *cough*)
+ $result['headers'] = $http_response_header;
+ if (!$head_only)
+ $result['content'] = $content;
+ }
+ }
+
+ return $result;
+ }
+}
View
@@ -28,8 +28,8 @@
// definitions
define('EXEC_TIME', microtime(true));
-define('VERSION', '2.0.3');
-define('VERSION_ID', 203);
+define('VERSION', '2.0.4');
+define('VERSION_ID', 204);
define('VERSION_NAME', 'CuteNews v.' . VERSION);
define('SERVDIR', dirname(dirname(__FILE__).'.html'));
define('MODULE_DIR', SERVDIR . '/core/modules');
@@ -41,6 +41,7 @@
require_once SERVDIR . '/core/core.php';
require_once SERVDIR . '/core/security.php';
require_once SERVDIR . '/core/news.php';
+require_once SERVDIR . '/core/downloader.php';
require_once SERVDIR . '/core/captcha/captcha.php';
// magic quotes = ON, filtering it
View
@@ -1,5 +0,0 @@
-A300N200: Neuer Artikel
-E330N200: Artikel editieren
-H411: Hilfe
-V230S300: Seite besuchen
-D216: Einstellungen
@@ -547,45 +547,69 @@ function dashboard_personal()
}
// Update additional fields for personal data
- $o_more = base64_encode(serialize($member['more']));
- $n_more = base64_encode(serialize($more));
+ $o_more = base64_encode(serialize($member['more']));
+ $n_more = base64_encode(serialize($more));
+ $correct = false;
if ($o_more !== $n_more)
{
$any_changes = TRUE;
db_user_update($member['name'], "more=".$n_more);
}
+
// Set an avatar
- if(!empty($avatar_file)&&$avatar_file['error']==0)
+ if (!empty($avatar_file) && $avatar_file['error'] == 0)
{
- $uploads_dir=getoption('uploads_dir');
- if($uploads_dir)
- {
- $file_name='avatar_'.$member['name'].'_'.$avatar_file['name'];
- if(isset($member['avatar'])&&$member['avatar']!=$file_name)
- {
- // remove old avatar
- unlink($uploads_dir.$member['avatar']);
+ $uploads_dir = getoption('uploads_dir');
+ $avatar_tmp = $avatar_file['tmp_name'];
+
+ if ($uploads_dir)
+ {
+ $imgsize = getimagesize($avatar_tmp);
+ if (!empty($imgsize[0]) && !empty($imgsize[1])) {
+
+ if (preg_match('/(jpg|jpeg|gif|png)/i', $imgsize['mime'])) {
+
+ // remove old avatar
+ $file_name = 'avatar_' . $member['name'] . '_' . $avatar_file['name'];
+ if (isset($member['avatar']) && $member['avatar'] != $file_name) {
+ unlink($uploads_dir . $member['avatar']);
+ }
+
+ if (move_uploaded_file($avatar_file['tmp_name'], $uploads_dir . $file_name)) {
+
+ $correct = true;
+ $any_changes = true;
+ db_user_update($member['name'], "avatar=" . $file_name);
+ }
+ else {
+ cn_throw_message("Error: not uploaded", "e");
+ }
+ }
}
- move_uploaded_file($avatar_file['tmp_name'], $uploads_dir.$file_name);
- db_user_update($member['name'], "avatar=".$file_name);
- $any_changes = TRUE;
- }
+ }
}
- // Has changes?
- if ($any_changes)
- {
- db_user_update($member['name'], "nick=$editnickname", "e-hide=$edithidemail");
- // Update & Get member from DB
- mcache_set('#member', NULL);
- $member = member_get();
+ // Is correct?
+ if (!$correct) {
+ cn_throw_message("Error: avatar is not correct", "e");
+ } else {
- cn_throw_message("User info updated! $clause");
- }
- else
- {
- cn_throw_message("No changes", 'w');
+ // Has changes?
+ if ($any_changes)
+ {
+ db_user_update($member['name'], "nick=$editnickname", "e-hide=$edithidemail");
+
+ // Update & Get member from DB
+ mcache_set('#member', NULL);
+ $member = member_get();
+
+ cn_throw_message("User info updated! $clause");
+ }
+ else
+ {
+ cn_throw_message("No changes", 'w');
+ }
}
}
View
@@ -21,8 +21,39 @@ function help_invoke_about()
$registered = file_exists(SERVDIR.'/cdata/reg.php');
+ $downloader = new Downloader();
+ $errorget = false;
+ $version = $downloader->get_remote_file("http://cutephp.com/latest_version.php?licenseid=$reg_site_key&version_id=".VERSION_ID);
+
+ if ($version) {
+
+ $version_holder = $version['content'];
+
+ // Check responce format
+ if (preg_match('/^[0-9]+$/', $version_holder)) {
+
+ $version = (int)$version_holder;
+ if ($version == VERSION_ID) {
+ $version_holder = '<span style="color:#080;">Your Cutenews copy is up to date</span>';
+ }
+ else {
+ $version_holder = "<script>alert('There is a newer version with important security fixes, please update cuteNews!');</script>";
+ $version_holder .= "<br/><span style='color:red;font-size:18px;font-weight: bold;'>Upgrade Needed!!!</span>";
+ }
+
+ } else {
+ $errorget = true;
+ }
+ } else {
+ $errorget = true;
+ }
+
+ if ($errorget) {
+ $version_holder = "<span style='color:red;font-size:18px;'>---";
+ }
+
// ---
- cn_assign('registered, reg_site_key', $registered, $reg_site_key);
+ cn_assign('registered, reg_site_key, version_holder', $registered, $reg_site_key, $version_holder);
echoheader('', 'Help/About Cutenews'); echo exec_tpl('help/about'); echofooter();
}
Oops, something went wrong.

0 comments on commit e9b7f9e

Please sign in to comment.