|
|
@@ -17,56 +17,69 @@
|
|
|
|
|
|
The Initial Developer of the Original Code is
|
|
|
Mark J Crane <[email protected]>
|
|
|
- Portions created by the Initial Developer are Copyright (C) 2008-2012
|
|
|
+ Portions created by the Initial Developer are Copyright (C) 2008-2019
|
|
|
the Initial Developer. All Rights Reserved.
|
|
|
|
|
|
Contributor(s):
|
|
|
Mark J Crane <[email protected]>
|
|
|
James Rose <[email protected]>
|
|
|
*/
|
|
|
-include "root.php";
|
|
|
-require_once "resources/require.php";
|
|
|
-require_once "resources/check_auth.php";
|
|
|
-if (permission_exists('script_editor_save')) {
|
|
|
- //access granted
|
|
|
-}
|
|
|
-else {
|
|
|
- echo "access denied";
|
|
|
- exit;
|
|
|
-}
|
|
|
+
|
|
|
+//includes
|
|
|
+ include "root.php";
|
|
|
+ require_once "resources/require.php";
|
|
|
+ require_once "resources/check_auth.php";
|
|
|
+
|
|
|
+//check permissions
|
|
|
+ if (permission_exists('script_editor_save')) {
|
|
|
+ //access granted
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ echo "access denied";
|
|
|
+ exit;
|
|
|
+ }
|
|
|
|
|
|
//add multi-lingual support
|
|
|
$language = new text;
|
|
|
$text = $language->get();
|
|
|
|
|
|
- $filepath = $_POST["filepath"];
|
|
|
- if ($filepath != '') {
|
|
|
+//compare the tokens
|
|
|
+ $key_name = '/app/edit/'.$_POST['mode'];
|
|
|
+ $hash = hash_hmac('sha256', $key_name, $_SESSION['keys'][$key_name]);
|
|
|
+ if (!hash_equals($hash, $_POST['token'])) {
|
|
|
+ echo "access denied";
|
|
|
+ exit;
|
|
|
+ }
|
|
|
+
|
|
|
+//run the code if file path exists
|
|
|
+ $file_path = $_POST["filepath"];
|
|
|
+ if ($file_path != '') {
|
|
|
|
|
|
try {
|
|
|
//save file content
|
|
|
- $filepath = realpath($filepath); //filepath
|
|
|
- $filepath = str_replace ('//', '/', $filepath);
|
|
|
- $filepath = str_replace ("\\", "/", $filepath);
|
|
|
- $content = $_POST["content"];
|
|
|
-
|
|
|
- $handle = fopen($filepath, 'wb');
|
|
|
- if (!$handle) {
|
|
|
- throw new Exception('Write Failed - Check File Owner & Permissions');
|
|
|
+ $file_path = realpath($file_path);
|
|
|
+ $file_path = str_replace ('//', '/', $file_path);
|
|
|
+ $file_path = str_replace ("\\", "/", $file_path);
|
|
|
+ if (file_exists($file_path)) {
|
|
|
+ $handle = fopen($file_path, 'wb');
|
|
|
+ if (!$handle) {
|
|
|
+ throw new Exception('Write Failed - Check File Owner & Permissions');
|
|
|
+ }
|
|
|
+ fwrite($handle, $_POST["content"]);
|
|
|
+ fclose($handle);
|
|
|
}
|
|
|
- fwrite($handle, $content);
|
|
|
- fclose($handle);
|
|
|
|
|
|
//set the reload_xml value to true
|
|
|
$_SESSION["reload_xml"] = true;
|
|
|
|
|
|
//alert user of success
|
|
|
- echo "<script>alert('Changes Saved'); parent.focus_editor();</script>";
|
|
|
+ echo "Changes Saved";
|
|
|
}
|
|
|
catch(Exception $e) {
|
|
|
- //alert error
|
|
|
- echo "<script>alert('".$e->getMessage()."'); parent.focus_editor();</script>";
|
|
|
+ //alert error
|
|
|
+ echo $e->getMessage();
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
-?>
|
|
|
+?>
|
FusionPBX