Файловый менеджер

Файловый менеджер - Редактировать - /home/lmsyaran/public_html/khsh/controller.php.tar

Назад
home/lmsyaran/public_html/joomla3/components/com_mailto/controller.php��0000644��00000007432�15117142454�0022406 0��ustar�00��<?php /** * @package Joomla.Site * @subpackage com_mailto * * @copyright (C) 2006 Open Source Matters, Inc. <https://www.joomla.org> * @license GNU General Public License version 2 or later; see LICENSE.txt / defined('_JEXEC') or die; /* * Mailer Component Controller. * * @since 1.5 / class MailtoController extends JControllerLegacy { /* * Show the form so that the user can send the link to someone. * * @return void * * @since 1.5 / public function mailto() { $this->input->set('view', 'mailto'); $this->display(); } /* * Send the message and display a notice * * @return void * * @since 1.5 / public function send() { // Check for request forgeries $this->checkToken(); $app = JFactory::getApplication(); $model = $this->getModel('mailto'); $data = $model->getData(); // Validate the posted data. $form = $model->getForm(); if (!$form) { JError::raiseError(500, $model->getError()); return false; } if (!$model->validate($form, $data)) { $errors = $model->getErrors(); foreach ($errors as $error) { $errorMessage = $error; if ($error instanceof Exception) { $errorMessage = $error->getMessage(); } $app->enqueueMessage($errorMessage, 'error'); } return $this->mailto(); } // An array of email headers we do not want to allow as input $headers = array ( 'Content-Type:', 'MIME-Version:', 'Content-Transfer-Encoding:', 'bcc:', 'cc:' ); / * Here is the meat and potatoes of the header injection test. We * iterate over the array of form input and check for header strings. * If we find one, send an unauthorized header and die. / foreach ($data as $key => $value) { foreach ($headers as $header) { if (is_string($value) && strpos($value, $header) !== false) { JError::raiseError(403, ''); } } } / * Free up memory / unset($headers, $fields); $siteName = $app->get('sitename'); $link = MailtoHelper::validateHash($this->input->post->get('link', '', 'post')); // Verify that this is a local link if (!$link \|\| !JUri::isInternal($link)) { // Non-local url... JError::raiseNotice(500, JText::_('COM_MAILTO_EMAIL_NOT_SENT')); return $this->mailto(); } $subject_default = JText::sprintf('COM_MAILTO_SENT_BY', $data['sender']); $subject = $data['subject'] !== '' ? $data['subject'] : $subject_default; // Check for a valid to address $error = false; if (!$data['emailto'] \|\| !JMailHelper::isEmailAddress($data['emailto'])) { $error = JText::sprintf('COM_MAILTO_EMAIL_INVALID', $data['emailto']); JError::raiseWarning(0, $error); } // Check for a valid from address if (!$data['emailfrom'] \|\| !JMailHelper::isEmailAddress($data['emailfrom'])) { $error = JText::sprintf('COM_MAILTO_EMAIL_INVALID', $data['emailfrom']); JError::raiseWarning(0, $error); } if ($error) { return $this->mailto(); } // Build the message to send $msg = JText::_('COM_MAILTO_EMAIL_MSG'); $body = sprintf($msg, $siteName, $data['sender'], $data['emailfrom'], $link); // Clean the email data $subject = JMailHelper::cleanSubject($subject); $body = JMailHelper::cleanBody($body); // To send we need to use punycode. $data['emailfrom'] = JStringPunycode::emailToPunycode($data['emailfrom']); $data['emailfrom'] = JMailHelper::cleanAddress($data['emailfrom']); $data['emailto'] = JStringPunycode::emailToPunycode($data['emailto']); // Send the email if (JFactory::getMailer()->sendMail($data['emailfrom'], $data['sender'], $data['emailto'], $subject, $body) !== true) { JError::raiseNotice(500, JText::_('COM_MAILTO_EMAIL_NOT_SENT')); return $this->mailto(); } $this->input->set('view', 'sent'); $this->display(); } } ��home/lmsyaran/public_html/j3/components/com_rsticketspro/controller.php��0000644��00000012372�15117604425�0022625 0��ustar�00��<?php /* * @package RSTickets! Pro * * @copyright (c) 2010 - 2016 RSJoomla! * @link https://www.rsjoomla.com * @license GNU General Public License http://www.gnu.org/licenses/gpl-3.0.en.html / defined('_JEXEC') or die('Restricted access'); class RsticketsproController extends JControllerLegacy { public function captcha() { if (RSTicketsProHelper::getConfig('captcha_enabled') == 1) { require_once JPATH_ADMINISTRATOR . '/components/com_rsticketspro/helpers/captcha/captcha.php'; $captcha = new RsticketsproCaptcha; $captcha->setLength(RSTicketsProHelper::getConfig('captcha_characters')); ob_end_clean(); $captcha->getImage(); JFactory::getApplication()->setHeader('content-type', 'image/jpeg'); JFactory::getApplication()->sendHeaders(); } JFactory::getApplication()->close(); } public function resetsearch() { $model = $this->getModel('tickets'); $model->resetSearch(); $this->setRedirect(RSTicketsProHelper::route('index.php?option=com_rsticketspro&view=tickets', false)); } public function cron() { if (file_exists(JPATH_ADMINISTRATOR.'/components/com_rsticketspro/helpers/cron.php')) { require_once JPATH_ADMINISTRATOR.'/components/com_rsticketspro/helpers/cron.php'; $types = array(1,2); $cron = new RSTicketsProCron($types); $cron->parse(); } } public function viewinline() { try { $db = JFactory::getDbo(); $query = $db->getQuery(true); $app = JFactory::getApplication(); $user = JFactory::getUser(); $filename = $app->input->getString('filename',''); $ticket_id = $app->input->getInt('cid',0); $is_staff = RSTicketsProHelper::isStaff(); $permissions = RSTicketsProHelper::getCurrentPermissions(); $departments = RSTicketsProHelper::getCurrentDepartments(); $query->select($db->qn('customer_id')) ->select($db->qn('department_id')) ->select($db->qn('staff_id')) ->from($db->qn('#__rsticketspro_tickets')) ->where($db->qn('id') .' = ' . $db->q($ticket_id)); $ticket = $db->setQuery($query)->loadObject(); if (!$ticket) { throw new Exception(JText::_('RST_CUSTOMER_CANNOT_VIEW_TICKET')); } // Check for permissions if (!$is_staff && $ticket->customer_id != $user->get('id')) { throw new Exception(JText::_('RST_CUSTOMER_CANNOT_VIEW_TICKET')); } if ($is_staff) { // Staff - check if belongs to department only if he is not the customer if ($ticket->customer_id != $user->get('id') && !in_array($ticket->department_id, $departments)) { throw new Exception(JText::_('RST_STAFF_CANNOT_VIEW_TICKET')); } if (RSTicketsProHelper::getConfig('staff_force_departments') && !in_array($ticket->department_id, $departments)) { throw new Exception(JText::_('RST_STAFF_CANNOT_VIEW_TICKET')); } if (!$permissions->see_unassigned_tickets && $ticket->staff_id == 0) { throw new Exception(JText::_('RST_STAFF_CANNOT_VIEW_TICKET')); } if (!$permissions->see_other_tickets && $ticket->staff_id > 0 && $ticket->staff_id != $user->get('id')) { throw new Exception(JText::_('RST_STAFF_CANNOT_VIEW_TICKET')); } } $query->clear() ->select('') ->from($db->qn('#__rsticketspro_ticket_files')) ->where($db->qn('ticket_id') . ' = ' . $db->q($ticket_id)) ->where($db->qn('filename') . ' = ' . $db->q($filename)); $file = $db->setQuery($query)->loadObject(); if (empty($file)) { throw new Exception(JText::_('RST_CANNOT_DOWNLOAD_FILE')); } $hash = md5($file->id . ' ' . $file->ticket_message_id); $path = RST_UPLOAD_FOLDER . '/' . $hash; if (!file_exists($path)) { throw new Exception(JText::_('RST_CANNOT_DOWNLOAD_FILE_NOT_EXIST')); } $extension = strtolower(JFile::getExt($file->filename)); $images = array('jpg', 'jpeg', 'gif', 'png'); if (in_array($extension, $images)) { if ($extension === 'jpg') { $extension = 'jpeg'; } header('Content-Type: image/'.$extension); } @ob_end_clean(); header("Cache-Control: public, must-revalidate"); header('Cache-Control: pre-check=0, post-check=0, max-age=0'); header("Cache-Control: no-cache"); header("Pragma: no-cache"); header("Expires: 0"); header("Content-Description: File Transfer"); header("Expires: Sat, 01 Jan 2000 01:00:00 GMT"); header("Content-Length: " . (string) filesize($path)); header('Content-Disposition: inline; filename="' . $file->filename . '"'); header("Content-Transfer-Encoding: binary\n"); readfile($path); $app->close(); } catch (Exception $e) { $app->enqueueMessage($e->getMessage(), 'warning'); $app->redirect(RSTicketsProHelper::route('index.php?option=com_rsticketspro&view=tickets', false)); } } public function display($cachable = false, $urlparams = array()) { $app = JFactory::getApplication(); if ($app->isClient('site')) { $vName = $app->input->getCmd('view', ''); $allowed = JFolder::folders(__DIR__ . '/views'); if (!in_array($vName, $allowed)) { $app->input->set('view', 'tickets'); } } parent::display($cachable, $urlparams); } }��

| ver. 1.4 | Github | . | PHP 8.1.33 | Генерация страницы: 0.02 | proxy | phpinfo | Настройка