Server IP : 103.119.228.120 / Your IP : 3.147.82.252 Web Server : Apache System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64 User : nobody ( 99) PHP Version : 5.6.40 Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /var/softaculous/sitepad/editor/site-inc/ |
Upload File : |
<?php /** * Part of sitemush DB changing * This is just below $wpdb connection * By Default we connect to sitemush DB to verify session */ // We need the ABSPATH if (!defined('ABSPATH')) exit; global $sitepad, $globals, $l, $SESS; function cleanpath($path){ $path = str_replace('\\\\', '/', $path); $path = str_replace('\\', '/', $path); $path = str_replace('//', '/', $path); return rtrim($path, '/'); } function r_print($array){ echo '<pre>'; print_r($array); echo '</pre>'; } // Generate a random string function generateRandStr($length = 10){ $characters = '0123456789abcdefghijklmnopqrstuvwxyz'; $charactersLength = strlen($characters); $randomString = ''; for($i = 0; $i < $length; $i++){ $randomString .= $characters[rand(0, $charactersLength - 1)]; } return $randomString; } // Connect to the database function soft_mysql_connect($host, $user, $pass, $newlink = false){ // Error handling for php8.1 try{ if(extension_loaded('mysqli')){ //echo 'mysqli'; $sconn = @mysqli_connect($host, $user, $pass); }else{ //echo 'mysql'; $sconn = @mysql_connect($host, $user, $pass, $newlink); } }catch(Exception $e){ return false; } return $sconn; } // Select the DB function soft_mysql_select_db($db, $conn){ // Error handling for php8.1 try{ if(extension_loaded('mysqli')){ $return = @mysqli_select_db($conn, $db); }else{ $return = @mysql_select_db($db, $conn); } }catch(Exception $e){ return false; } return $return; } // Verifies an email function emailvalidation($email){ if(!preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\+._-])*@([a-zA-Z0-9_-])+([.])+([a-zA-Z0-9\._-]+)+$/", $email)){ return false; }else{ return true; } } function _unserialize($str){ $var = @unserialize($str); if(empty($var)){ $str = preg_replace('!s:(\d+):"(.*?)";!se', "'s:'.strlen('$2').':\"$2\";'", $str); $var = @unserialize($str); } //If it is still empty false if(empty($var)){ return false; }else{ return $var; } } // Presently takes care of Slashes function inputsec($string){ //get_magic_quotes_gpc is depricated in php 7.4 if(version_compare(PHP_VERSION, '7.4', '<')){ if(!get_magic_quotes_gpc()){ $string = addslashes($string); }else{ $string = stripslashes($string); $string = addslashes($string); } }else{ $string = addslashes($string); } // This is to replace ` which can cause the command to be executed in exec() $string = str_replace('`', '\`', $string); return $string; } // Takes care of characters function htmlizer($string){ global $globals; $charset = !empty($globals['charset']) ? $globals['charset'] : null; $string = htmlentities($string, ENT_QUOTES | ENT_IGNORE, $charset); //$string = preg_replace('/(&#(\d{1,7}|x[0-9a-fA-F]{1,6});)/e', 'entity_check(\\2);', $string); return $string; } ///////////////////// // POSTING Functions ///////////////////// function POST($name, $e, $isset = 1){ global $error; //Check the POSTED NAME was posted if(($isset && (!isset($_POST[$name]) || strlen(trim($_POST[$name])) < 1)) || (empty($isset) && empty($_POST[$name]))){ $error[$name] = $e; }else{ return inputsec(htmlizer(trim($_POST[$name]))); } } // No htmlizer post - Dont use in SQL Queries function iPOST($name, $e, $isset = 1){ global $error; //Check the POSTED NAME was posted if(($isset && (!isset($_POST[$name]) || strlen(trim($_POST[$name])) < 1)) || (empty($isset) && empty($_POST[$name]))){ $error[$name] = $e; }else{ return inputsec(trim($_POST[$name])); } } //OPTIONAL Post function optPOST($name, $default = ''){ global $error; //Check the POSTED NAME was posted if(isset($_POST[$name])){ return inputsec(htmlizer(trim($_POST[$name]))); }else{ return $default; } } /** * Return the value of the POSTED key i.e. $_POST[$key]. Is mainly used for Themes to fill the forms again automatically. * * @package forms * @subpackage post * @author Pulkit Gupta * @param string $name The key of the $_POST array i.e. the name of the input / textarea / select text * @param string $default (Optional) Default value when the POST is empty * @return string The value of the POSTED Key or the $default value when the POST is empty * @since 1.0 */ function POSTval($name, $default = ''){ return (!empty($_POST) ? (empty($_POST[$name]) ? '' : inputsec(htmlizer(trim($_POST[$name])))) : $default); } /** * Return the value of the POSTED key i.e. $_POST[$key]. Is mainly used for Themes to fill the forms again automatically. * The difference betweern aPOSTval() and POSTval() is that aPOSTval() just trims the value while POSTval will do * inputsec(htmlizer(trim($_POST[$name])))) * * @package forms * @subpackage post * @author Pulkit Gupta * @param string $name The key of the $_POST array i.e. the name of the input / textarea / select text * @param string $default (Optional) Default value when the POST is empty * @return string The value of the POSTED Key or the $default value when the POST is empty * @since 1.0 */ function aPOSTval($name, $default = ''){ return (!empty($_POST) ? (empty($_POST[$name]) ? '' : trim($_POST[$name])) : $default); } //OPTIONAL REQUEST function optREQ($name, $default = ''){ global $error; //Check the POSTED NAME was posted if(isset($_REQUEST[$name])){ return inputsec(htmlizer(trim($_REQUEST[$name]))); }else{ return $default; } } // Clean FOR var directly function optInput($val){ global $error; return inputsec(htmlizer(trim($val))); } //Check if isset in REQUEST Array else return error lang function REQUEST($name, $e){ global $error; //Check the REQUEST NAME was sent if(!isset($_REQUEST[$name]) || strlen(trim($_REQUEST[$name])) < 1){ $error[$name] = $e; }else{ return inputsec(htmlizer(trim($_REQUEST[$name]))); } } //Checkbox function checkbox($name){ global $error; //Check the Checkbox posted if(isset($_POST[$name])){ return true; }else{ return false; } } function GET($name, $e){ global $error; //Check the POSTED NAME was posted if(!isset($_GET[$name]) || strlen(trim($_GET[$name])) < 1){ $error[$name] = $e; }else{ return inputsec(htmlizer(trim($_GET[$name]))); } } //OPTIONAL GET function optGET($name, $default = ''){ global $error; //Check the GETED NAME was GETed if(isset($_GET[$name])){ return inputsec(htmlizer(trim($_GET[$name]))); }else{ return $default; } } // Strips slashes if GPC was on function rawGPC($v){ //get_magic_quotes_gpc is depricated in php 7.4 if(version_compare(PHP_VERSION, '7.4', '<')){ if(get_magic_quotes_gpc()){ $v = stripslashes($v); } } return $v; } // Make a curl call function curl_call($url, $post = array()){ // Set the curl parameters. $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); // Connection Time OUT curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, (!empty($GLOBALS['globals']['curl_timeout']) ? $GLOBALS['globals']['curl_timeout'] : 10)); // You can timeout in one hour max curl_setopt($ch, CURLOPT_TIMEOUT, 3600); // Turn off the server and peer verification (TrustManager Concept). curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); // UserAgent and Cookies curl_setopt($ch, CURLOPT_USERAGENT, 'Softaculous'); if(!empty($post)){ curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post)); } curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // Get response from the server. $resp = curl_exec($ch); $curl_err = curl_error($ch); $meta = curl_getinfo($ch); curl_close($ch); if($meta['http_code'] == 405){ return curl_call($url); } if(empty($resp)){ return false; } return $resp; } /** * phpMyAdmin SPLIT SQL function which splits the SQL data into seperate chunks that can be passed as QUERIES. * * @package database * @author Pulkit Gupta * @param string $data The SQL RAW data * @returns array The chunks of SQL Queries * @since 1.0 */ function sqlsplit($data){ $ret = array(); $buffer = ''; // Defaults for parser $sql = ''; $start_pos = 0; $i = 0; $len= 0; $big_value = 200000000; $sql_delimiter = ';'; $finished = false; while (!($finished && $i >= $len)) { if ($data === FALSE) { // subtract data we didn't handle yet and stop processing //$offset -= strlen($buffer); break; } elseif ($data === TRUE) { // Handle rest of buffer } else { // Append new data to buffer $buffer .= $data; // free memory $data = false; // Do not parse string when we're not at the end and don't have ; inside if ((strpos($buffer, $sql_delimiter, $i) === FALSE) && !$finished) { continue; } } // Current length of our buffer $len = strlen($buffer); // Grab some SQL queries out of it while ($i < $len) { $found_delimiter = false; // Find first interesting character $old_i = $i; // this is about 7 times faster that looking for each sequence i // one by one with strpos() if (preg_match('/(\'|"|#|-- |\/\*|`|(?i)DELIMITER)/', $buffer, $matches, PREG_OFFSET_CAPTURE, $i)) { // in $matches, index 0 contains the match for the complete // expression but we don't use it $first_position = $matches[1][1]; } else { $first_position = $big_value; } /** * @todo we should not look for a delimiter that might be * inside quotes (or even double-quotes) */ // the cost of doing this one with preg_match() would be too high $first_sql_delimiter = strpos($buffer, $sql_delimiter, $i); if ($first_sql_delimiter === FALSE) { $first_sql_delimiter = $big_value; } else { $found_delimiter = true; } // set $i to the position of the first quote, comment.start or delimiter found $i = min($first_position, $first_sql_delimiter); if ($i == $big_value) { // none of the above was found in the string $i = $old_i; if (!$finished) { break; } // at the end there might be some whitespace... if (trim($buffer) == '') { $buffer = ''; $len = 0; break; } // We hit end of query, go there! $i = strlen($buffer) - 1; } // Grab current character $ch = $buffer[$i]; // Quotes if (strpos('\'"`', $ch) !== FALSE) { $quote = $ch; $endq = FALSE; while (!$endq) { // Find next quote $pos = strpos($buffer, $quote, $i + 1); // No quote? Too short string if ($pos === FALSE) { // We hit end of string => unclosed quote, but we handle it as end of query if ($finished) { $endq = TRUE; $i = $len - 1; } $found_delimiter = false; break; } // Was not the quote escaped? $j = $pos - 1; while ($buffer[$j] == '\\') $j--; // Even count means it was not escaped $endq = (((($pos - 1) - $j) % 2) == 0); // Skip the string $i = $pos; if ($first_sql_delimiter < $pos) { $found_delimiter = false; } } if (!$endq) { break; } $i++; // Aren't we at the end? if ($finished && $i == $len) { $i--; } else { continue; } } // Not enough data to decide if ((($i == ($len - 1) && ($ch == '-' || $ch == '/')) || ($i == ($len - 2) && (($ch == '-' && $buffer[$i + 1] == '-') || ($ch == '/' && $buffer[$i + 1] == '*')))) && !$finished) { break; } // Comments if ($ch == '#' || ($i < ($len - 1) && $ch == '-' && $buffer[$i + 1] == '-' && (($i < ($len - 2) && $buffer[$i + 2] <= ' ') || ($i == ($len - 1) && $finished))) || ($i < ($len - 1) && $ch == '/' && $buffer[$i + 1] == '*') ) { // Copy current string to SQL if ($start_pos != $i) { $sql .= substr($buffer, $start_pos, $i - $start_pos); } // Skip the rest $j = $i; $i = strpos($buffer, $ch == '/' ? '*/' : "\n", $i); // didn't we hit end of string? if ($i === FALSE) { if ($finished) { $i = $len - 1; } else { break; } } // Skip * if ($ch == '/') { // Check for MySQL conditional comments and include them as-is if ($buffer[$j + 2] == '!') { $comment = substr($buffer, $j + 3, $i - $j - 3); if (preg_match('/^[0-9]{5}/', $comment, $version)) { if ($version[0] <= 50000000) { $sql .= substr($comment, 5); } } else { $sql .= $comment; } } $i++; } // Skip last char $i++; // Next query part will start here $start_pos = $i; // Aren't we at the end? if ($i == $len) { $i--; } else { continue; } } // Change delimiter, if redefined, and skip it (don't send to server!) if (strtoupper(substr($buffer, $i, 9)) == "DELIMITER" && ($buffer[$i + 9] <= ' ') && ($i < $len - 11) && strpos($buffer, "\n", $i + 11) !== FALSE) { $new_line_pos = strpos($buffer, "\n", $i + 10); $sql_delimiter = substr($buffer, $i + 10, $new_line_pos - $i - 10); $i = $new_line_pos + 1; // Next query part will start here $start_pos = $i; continue; } // End of SQL if ($found_delimiter || ($finished && ($i == $len - 1))) { $tmp_sql = $sql; if ($start_pos < $len) { $length_to_grab = $i - $start_pos; if (! $found_delimiter) { $length_to_grab++; } $tmp_sql .= substr($buffer, $start_pos, $length_to_grab); unset($length_to_grab); } // Do not try to execute empty SQL if (! preg_match('/^([\s]*;)*$/', trim($tmp_sql))) { $sql = $tmp_sql; $ret[] = $sql; $buffer = substr($buffer, $i + strlen($sql_delimiter)); // Reset parser: $len = strlen($buffer); $sql = ''; $i = 0; $start_pos = 0; // Any chance we will get a complete query? //if ((strpos($buffer, ';') === FALSE) && !$finished) { if ((strpos($buffer, $sql_delimiter) === FALSE) && !$finished) { break; } } else { $i++; $start_pos = $i; } } } // End of parser loop } // End of import loop return $ret; } function resetfilelist(){ global $directorylist; $directorylist = array(); } function rmdir_recursive_fn($path){ //if(!is_safe_file($path)) return false; $path = (substr($path, -1) == '/' || substr($path, -1) == '\\' ? $path : $path.'/'); resetfilelist(); $files = filelist_fn($path, 1, 0, 'all'); $files = (!is_array($files) ? array() : $files); //First delete the files only foreach($files as $k => $v){ //if(is_safe_file($k)){ // Security Fix @chmod($k, 0777); //} if(file_exists($k) && is_file($k) && @filetype($k) == "file"){ @unlink($k); } } @clearstatcache(); $folders = filelist_fn($path, 1, 1, 'all'); $folders = (!is_array($folders) ? array() : $folders); @krsort($folders); //Now Delete the FOLDERS foreach($folders as $k => $v){ //if(is_safe_file($k)){ // Security Fix @chmod($k, 0777); //} if(is_dir($k)){ @rmdir($k); } } @rmdir($path); @clearstatcache(); } function filelist_fn($startdir="./", $searchSubdirs=1, $directoriesonly=0, $maxlevel="all", $level=1, $reset = 1) { //list the directory/file names that you want to ignore $ignoredDirectory[] = "."; $ignoredDirectory[] = ".."; $ignoredDirectory[] = "_vti_cnf"; global $directorylist; //initialize global array if(substr($startdir, -1) != '/'){ $startdir = $startdir.'/'; } if (is_dir($startdir)) { if ($dh = opendir($startdir)) { while (($file = readdir($dh)) !== false) { if (!(array_search($file,$ignoredDirectory) > -1)) { if (@filetype($startdir . $file) == "dir") { //build your directory array however you choose; //add other file details that you want. $directorylist[$startdir . $file]['level'] = $level; $directorylist[$startdir . $file]['dir'] = 1; $directorylist[$startdir . $file]['name'] = $file; $directorylist[$startdir . $file]['path'] = $startdir; if ($searchSubdirs) { if ((($maxlevel) == "all") or ($maxlevel > $level)) { filelist_fn($startdir . $file . "/", $searchSubdirs, $directoriesonly, $maxlevel, ($level + 1), 0); } } } else { if (!$directoriesonly) { // echo substr(strrchr($file, "."), 1); //if you want to include files; build your file array //however you choose; add other file details that you want. $directorylist[$startdir . $file]['level'] = $level; $directorylist[$startdir . $file]['dir'] = 0; $directorylist[$startdir . $file]['name'] = $file; $directorylist[$startdir . $file]['path'] = $startdir; } } } } closedir($dh); } } if(!empty($reset)){ $r = $directorylist; $directorylist = array(); return($r); } } /** * Get a web file but add little Softaculous information like the license key, unique, panel, is_vps, env, soft_email as * arguments to the $url given. This is mainly used to FETCH FILES from Softaculous.com and related softaculous websites. * * @package files * @author Pulkit Gupta * @param string $url The URL from which the DATA is to be fetched * @param string $path (Optional) If given the FETCHED data is saved in the file instead of having it returned * @return string The FETCHED DATA * @since 1.0 */ function get_softaculous_file($url, $return_url = 0){ global $sitepad; $license = (!empty($sitepad['license']) ? $sitepad['license']['license'] : $sitepad['server_license']['license']); if(strstr($url, '?')){ $url = $url.'&license='.$license; }else{ $url = $url.'?license='.$license; } if(!empty($return_url)){ return $url; } return curl_call($url); } /** * This function will preg_match the pattern and return the respective values in $var * @package Softaculous * @author Brijesh Kothari * @param $pattern This should be the pattern to be matched * @param $file This should have the data to search from * @param $var This will be the variable which will have the preg matched data * @param $valuenum This should be the no of regular expression to be returned in $var * @param $stripslashes 0 or 1 depending upon whether the stripslashes function is to be applied (1) or not (0) * @return string Will pass value by reference in $var * @since 4.5.4 */ function soft_preg_replace($pattern, $file, &$var, $valuenum, $stripslashes = ''){ preg_match($pattern, $file, $matches); if(empty($stripslashes)){ $var = @trim($matches[$valuenum]); }else{ $var = @stripslashes(trim($matches[$valuenum])); } } function makedate($date, $format = 'd/m/Y'){ if(empty($date)) return false; $year = substr($date, 0, 4); $month = substr($date, 4, 2); $day = substr($date, 6, 2); if($format == 'd/m/Y'){ // Check the Max DAY possible $maxday = (int) date('t', mktime(0, 0, 0, $month, 1, $year)); return ($day > $maxday ? $maxday : $day).'/'.$month.'/'.$year; } return date($format, mktime(0, 0, 0, $month, $day, $year)); } /** * Copies Recrsively a File / Folder and also maintains the PERMISSIONS and UID and GID * * @package softaculous * @subpackage settings * @author Pulkit Gupta * @param string $path The Source Path * @param string $dest The Destination Path * @return bool * @since 1.0 */ function copy_r($path, $dest, $exclude = array()){ global $__settings; foreach($exclude as $skip){ //echo 'Skip path : '.$skip.'<br />'; if(preg_match('#'.preg_quote($skip, '/').'#', $path)){ //echo 'Skipping : '.$path.'<br />'; return true; } } // Is it a Directory ? if( is_dir($path) ){ // Create the Destination Dir @mkdir($dest); $stat = stat($path); // Set the mode of the destination if(!empty($stat['mode'])){ @chmod($dest, $stat['mode']); } // Set the UID if(!empty($stat['uid'])){ @chown($dest, $stat['uid']); } // Set the GID if(!empty($stat['gid'])){ @chgrp($dest, $stat['gid']); } // Start reading the current directory $objects = scandir($path); if( sizeof($objects) > 0 ){ foreach( $objects as $file ) { if( $file == "." || $file == ".." ){ continue; } // Go on copy_r( $path.'/'.$file, $dest.'/'.$file, $exclude); } } return true; }elseif( is_file($path) ){ $ret = copy($path, $dest); $stat = stat($path); // Set the mode of the destination if(!empty($stat['mode'])){ @chmod($dest, $stat['mode']); } // Set the UID if(!empty($stat['uid'])){ @chown($dest, $stat['uid']); } // Set the GID if(!empty($stat['gid'])){ @chgrp($dest, $stat['gid']); } return $ret; }else{ return false; } } function error_handle($error, $table_width = '100%', $center = false, $return = false){ global $l; $str = ""; $table_width = preg_match('/%/is', $table_width) ? $table_width : $table_width.'px'; //on error call the form if(!empty($error)){ $str .= '<script language="javascript" type="text/javascript"><!-- // --><![CDATA[ </script>'; $str .= '<div class="alert alert-danger " style="width:'.$table_width.';'.(($center) ? 'margin:auto' : '').'"><a href="#" class="close" data-dismiss="alert">×</a><div>'; $str .= '<p style="margin-top:4px; font-size:16px;"> '.__('The following errors were found').' :</p> <ul type="square" style="margin-top:-4px;">'; foreach($error as $ek => $ev){ $str .= '<li style="font-size:13px;">'.$ev.'</li>'; } $str .= '</ul> </div></div>'; if(empty($return)){ echo $str; }else{ return $str; } } } /** * Checks if a file is symlink or hardlink * @package softaculous * @author Pulkit Gupta * @returns bool false if file is a symlink or a hardlink else true * @since 4.4.3 */ function is_safe_file($path){ // Is it a symlink ? if(is_link($path)) return false; // Is it a file and is a link ? $stat = @stat($path); if(!is_dir($path) && $stat['nlink'] > 1) return false; return true; } function mkdir_recursive($pathname, $mode){ is_dir(dirname($pathname)) || mkdir_recursive(dirname($pathname), $mode); return is_dir($pathname) || @mkdir($pathname, $mode); }