Acasă Explorează Ajutor
Autentificare
fusionpbx
/
fusionpbx-app-edit
oglindă de https://github.com/fusionpbx/fusionpbx-app-edit.git
2
0
Bifurcare 0
Fisiere Probleme 0 Wiki
Arbore: f32b7d94bb
Ramuri Etichete
fusionpbx-app-e...
/
file_save.php

file_save.php 5.1 KB
Istoric Crud

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175 
  1. <?php
    2. 

  2. /*
    3. 

  3. 	FusionPBX
    4. 

  4. 	Version: MPL 1.1
    5. 

  5. 

  6. 	The contents of this file are subject to the Mozilla Public License Version
    7. 

  7. 	1.1 (the "License"); you may not use this file except in compliance with
    8. 

  8. 	the License. You may obtain a copy of the License at
    9. 

  9. 	http://www.mozilla.org/MPL/
    10. 

  10. 

  11. 	Software distributed under the License is distributed on an "AS IS" basis,
    12. 

  12. 	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
    13. 

  13. 	for the specific language governing rights and limitations under the
    14. 

  14. 	License.
    15. 

  15. 

  16. 	The Original Code is FusionPBX
    17. 

  17. 

  18. 	The Initial Developer of the Original Code is
    19. 

  19. 	Mark J Crane <[email protected]>
    20. 

  20. 	Portions created by the Initial Developer are Copyright (C) 2008-2023
    21. 

  21. 	the Initial Developer. All Rights Reserved.
    22. 

  22. 

  23. 	Contributor(s):
    24. 

  24. 	Mark J Crane <[email protected]>
    25. 

  25. 	James Rose <[email protected]>
    26. 

  26. */
    27. 

  27. 

  28. //includes files
    29. 

  29. 	require_once dirname(__DIR__, 2) . "/resources/require.php";
    30. 

  30. 	require_once "resources/check_auth.php";
    31. 

  31. 

  32. //check permissions
    33. 

  33. 	if (permission_exists('edit_save')) {
    34. 

  34. 		//access granted
    35. 

  35. 	}
    36. 

  36. 	else {
    37. 

  37. 		echo "access denied";
    38. 

  38. 		exit;
    39. 

  39. 	}
    40. 

  40. 

  41. //add multi-lingual support
    42. 

  42. 	$language = new text;
    43. 

  43. 	$text = $language->get();
    44. 

  44. 

  45. //compare the tokens
    46. 

  46. 	$key_name = '/app/edit/'.$_POST['mode'];
    47. 

  47. 	$hash = hash_hmac('sha256', $key_name, $_SESSION['keys'][$key_name]);
    48. 

  48. 	if (!hash_equals($hash, $_POST['token'])) {
    49. 

  49. 		echo "access denied";
    50. 

  50. 		exit;
    51. 

  51. 	}
    52. 

  52. 

  53. //get the directory
    54. 

  54. 	if (!isset($_SESSION)) { session_start(); }
    55. 

  55. 	switch ($_SESSION["app"]["edit"]["dir"]) {
    56. 

  56. 		case 'scripts':
    57. 

  57. 			$edit_directory = $_SESSION['switch']['scripts']['dir'];
    58. 

  58. 			break;
    59. 

  59. 		case 'php':
    60. 

  60. 			$edit_directory = $_SERVER["DOCUMENT_ROOT"].'/'.PROJECT_PATH;
    61. 

  61. 			break;
    62. 

  62. 		case 'grammar':
    63. 

  63. 			$edit_directory = $_SESSION['switch']['grammar']['dir'];
    64. 

  64. 			break;
    65. 

  65. 		case 'provision':
    66. 

  66. 			switch (PHP_OS) {
    67. 

  67. 				case "Linux":
    68. 

  68. 					if (file_exists('/usr/share/fusionpbx/templates/provision')) {
    69. 

  69. 						$edit_directory = '/usr/share/fusionpbx/templates/provision';
    70. 

  70. 					}
    71. 

  71. 					elseif (file_exists('/etc/fusionpbx/resources/templates/provision')) {
    72. 

  72. 						$edit_directory = '/etc/fusionpbx/resources/templates/provision';
    73. 

  73. 					}
    74. 

  74. 					else {
    75. 

  75. 						$edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision";
    76. 

  76. 					}
    77. 

  77. 					break;
    78. 

  78. 				case "FreeBSD":
    79. 

  79. 					if (file_exists('/usr/local/share/fusionpbx/templates/provision')) {
    80. 

  80. 						$edit_directory = '/usr/share/fusionpbx/templates/provision';
    81. 

  81. 					}
    82. 

  82. 					elseif (file_exists('/usr/local/etc/fusionpbx/resources/templates/provision')) {
    83. 

  83. 						$edit_directory = '/usr/local/etc/fusionpbx/resources/templates/provision';
    84. 

  84. 					}
    85. 

  85. 					else {
    86. 

  86. 						$edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision";
    87. 

  87. 					}
    88. 

  88. 					break;
    89. 

  89. 				case "NetBSD":
    90. 

  90. 					if (file_exists('/usr/local/share/fusionpbx/templates/provision')) {
    91. 

  91. 						$edit_directory = '/usr/share/fusionpbx/templates/provision';
    92. 

  92. 					}
    93. 

  93. 					else {
    94. 

  94. 						$edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision";
    95. 

  95. 					}
    96. 

  96. 					break;
    97. 

  97. 				case "OpenBSD":
    98. 

  98. 					if (file_exists('/usr/local/share/fusionpbx/templates/provision')) {
    99. 

  99. 						$edit_directory = '/usr/share/fusionpbx/templates/provision';
    100. 

  100. 					}
    101. 

  101. 					else {
    102. 

  102. 						$edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision";
    103. 

  103. 					}
    104. 

  104. 					break;
    105. 

  105. 				default:
    106. 

  106. 					$edit_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/templates/provision/";
    107. 

  107. 			}
    108. 

  108. 			break;
    109. 

  109. 		case 'xml':
    110. 

  110. 			$edit_directory = $_SESSION['switch']['conf']['dir'];
    111. 

  111. 			break;
    112. 

  112. 	}
    113. 

  113. 	if (!isset($edit_directory) && is_array($_SESSION['editor']['path'])) {
    114. 

  114. 		foreach ($_SESSION['editor']['path'] as $path) {
    115. 

  115. 			if ($_SESSION["app"]["edit"]["dir"] == $path) {
    116. 

  116. 				$edit_directory = $path;
    117. 

  117. 				break;
    118. 

  118. 			}
    119. 

  119. 		}
    120. 

  120. 	}
    121. 

  121. 

  122. //set the file variable
    123. 

  123. 	$file_path = $_POST["filepath"];
    124. 

  124. 

  125. //remove attempts to change the directory
    126. 

  126. 	$file_path = str_replace('..', '', $file_path);
    127. 

  127. 	$file_path = str_replace ("\\", "/", $file_path);
    128. 

  128. 

  129. //break the path into an array
    130. 

  130. 	$path_array = pathinfo($file_path);
    131. 

  131. 	$path_prefix = substr($path_array['dirname'], 0, strlen($edit_directory));
    132. 

  132. 

  133. //validate the path
    134. 

  134. 	if (realpath($path_prefix) == realpath($edit_directory)) {
    135. 

  135. 		if ($file_path != '') {
    136. 

  136. 			try {
    137. 

  137. 				//save file content
    138. 

  138. 					$file_path = realpath($file_path);
    139. 

  139. 					$file_path = str_replace ('//', '/', $file_path);
    140. 

  140. 					$file_path = str_replace ("\\", "/", $file_path);
    141. 

  141. 					if (file_exists($file_path)) {
    142. 

  142. 						//create a file handle
    143. 

  143. 						$handle = fopen($file_path, 'wb');
    144. 

  144. 						if (!$handle) {
    145. 

  145. 							throw new Exception('Write Failed - Check File Owner & Permissions');
    146. 

  146. 						}
    147. 

  147. 

  148. 						//build a array of the content
    149. 

  149. 						$lines = explode("\n", str_replace ("\r\n", "\n", $_POST["content"]));
    150. 

  150. 

  151. 						//remove trailing spaces
    152. 

  152. 						$file_content = '';
    153. 

  153. 						foreach ($lines as $line) {
    154. 

  154. 							$file_content .= rtrim($line) . "\n";
    155. 

  155. 						}
    156. 

  156. 

  157. 						//save the file
    158. 

  158. 						fwrite($handle, $file_content);
    159. 

  159. 

  160. 						//close the file handle
    161. 

  161. 						fclose($handle);
    162. 

  162. 					}
    163. 

  163. 

  164. 				//set the reload_xml value to true
    165. 

  165. 					$_SESSION["reload_xml"] = true;
    166. 

  166. 

  167. 				//alert user of success
    168. 

  168. 					echo "Changes Saved";
    169. 

  169. 			}
    170. 

  170. 			catch(Exception $e) {
    171. 

  171. 				//alert error
    172. 

  172. 				echo $e->getMessage();
    173. 

  173. 			}
    174. 

  174. 		}
    175. 

  175. 	}
    176.