X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fmain.inc;h=f5ecd4d6f491659c21229184443e957aba89341c;hb=3b06c6c4718610a408cae2e9b76c3134ca30b84c;hp=cffb8ee67c9871bc519b0df6851d368cdb20e472;hpb=1c67490b878ae789ad0f27d8777e520a3d914c89;p=fa-stable.git diff --git a/includes/main.inc b/includes/main.inc index cffb8ee6..f5ecd4d6 100644 --- a/includes/main.inc +++ b/includes/main.inc @@ -11,33 +11,34 @@ ***********************************************************************/ include_once($path_to_root . "/includes/db/connect_db.inc"); -include_once($path_to_root . "/includes/errors.inc"); +include_once($path_to_root . "/admin/db/transactions_db.inc"); include_once($path_to_root . "/includes/types.inc"); -include_once($path_to_root . "/includes/systypes.inc"); include_once($path_to_root . "/includes/references.inc"); include_once($path_to_root . "/includes/db/comments_db.inc"); include_once($path_to_root . "/includes/db/sql_functions.inc"); include_once($path_to_root . "/includes/db/audit_trail_db.inc"); -//include_once($path_to_root . "/includes/validation.inc"); include_once($path_to_root . "/admin/db/users_db.inc"); include_once($path_to_root . "/includes/ui/ui_view.inc"); include_once($path_to_root . "/includes/ui/ui_controls.inc"); - -function page($title, $no_menu=false, $is_index=false, $onload="", $js="", $script_only=false) + +$page_nested = -1; + +function page($title, $no_menu=false, $is_index=false, $onload="", $js="", $script_only=false, $css='') { - global $path_to_root, $page_security; + global $path_to_root, $page_security, $page_nested; + if (++$page_nested) return; $hide_menu = $no_menu; - include($path_to_root . "/includes/page/header.inc"); + include_once($path_to_root . "/includes/page/header.inc"); - page_header($title, $no_menu, $is_index, $onload, $js); + page_header($title, $no_menu, $is_index, $onload, $js, $css); check_page_security($page_security); // error_box(); - if($script_only) { + if($script_only) { echo ''; @@ -47,29 +48,18 @@ function page($title, $no_menu=false, $is_index=false, $onload="", $js="", $scri } } -function end_page($no_menu=false, $is_index=false, $hide_back_link=false) +function end_page($no_menu=false, $is_index=false, $final_screen=false, $type_no=0, $trans_no=0) { - global $path_to_root; + global $path_to_root, $page_nested; + + if ($page_nested-- > 0) return; - if (!$is_index && !$hide_back_link && function_exists('hyperlink_back')) - hyperlink_back(true, $no_menu); + if (!$is_index && function_exists('hyperlink_back')) + hyperlink_back(true, $no_menu, $type_no, $trans_no, $final_screen); div_end(); // end of _page_body section - include($path_to_root . "/includes/page/footer.inc"); - page_footer($no_menu, $is_index, $hide_back_link); -} - -function flush_dir($path, $wipe = false) -{ - $dir = opendir($path); - while(false !== ($fname = readdir($dir))) { - if($fname=='.' || $fname=='..' || $fname=='CVS' || (!$wipe && $fname=='index.php')) continue; - if(is_dir($path.'/'.$fname)) { - flush_dir($path.'/'.$fname, $wipe); - if ($wipe) @rmdir($path.'/'.$fname); - } else - @unlink($path.'/'.$fname); - } + include_once($path_to_root . "/includes/page/footer.inc"); + page_footer($no_menu, $is_index); } function cache_js_file($fpath, $text) @@ -78,13 +68,34 @@ function cache_js_file($fpath, $text) if(!$go_debug) $text = js_compress($text); - $file = fopen($fpath, 'w'); + $file = force_open($fpath); if (!$file) return false; if (!fwrite($file, $text)) return false; return fclose($file); } +/* + Open file for writing with creration of subfolders if needed. +*/ +function force_open($fname) +{ + $file = pathinfo($fname); + + $path = $fname[0] == '/' ? '/' : ''; + $tree = explode('/', $file['dirname']); + foreach($tree as $level) { + $path .= $level; + if (!file_exists($path)) { + if (!mkdir($path)) { + return null; + } + } + $path .= '/'; + } + return fopen($fname, 'w'); +} + function add_js_file($filename) { global $js_static; @@ -270,9 +281,9 @@ function check_write($path) { if ($path == ''//|| $path == '.' || $path == '..' ) return 0; - + return is_writable($path) ? (is_dir($path) ? 1 : -1) - : ($path =='.' ? 0 : check_write(dirname($path))); + : (is_file($path) ? 0 : ($path == '.' || $path == '..' ? 0 : check_write(dirname($path)))); } /* @@ -283,11 +294,12 @@ function check_write($path) function copy_files($flist, $from, $to, $strict=false) { foreach ($flist as $file) { - if (file_exists($from.'/'.$file)) + if (file_exists($from.'/'.$file)) { if (!copy_file($file, $from, $to)) return false; - if ($strict && !is_file($from.'/'.$file)) // if + } else if ($strict) { unlink($to.'/'.$file); + } } return true; } @@ -312,24 +324,25 @@ function copy_file($file, $from, $to) return @copy($from.'/'.$file, $to.'/'.$file); } } - /* Search for file, looking first for company specific version, then for version provided by any extension module, finally in main FA directory. - Also adds include path for any related files. + Also adds include path for any related files, and sets $local_path_to_root + to enable local translation domains. Returns found file path or null. */ function find_custom_file($rep) { - global $installed_extensions, $comp_path, $path_to_root; + global $installed_extensions, $path_to_root, $local_path_to_root; // customized per company version - $path = $comp_path.'/'.user_company(); + $path = company_path(); $file = $path.$rep; if (file_exists($file)) { // add local include path - set_include_path($path.PATH_SEPARATOR.get_include_path()); + $local_path_to_root = $path; + set_include_path(dirname($file).PATH_SEPARATOR.get_include_path()); return $file; } // file added by active extension modules @@ -342,6 +355,7 @@ function find_custom_file($rep) $file = $path.$rep; if (file_exists($file)) { set_include_path($path.PATH_SEPARATOR.get_include_path()); + $local_path_to_root = $path; return $file; } } @@ -353,6 +367,14 @@ function find_custom_file($rep) return null; } - +/* + + Protect against directory traversal. + Changes all not POSIX compatible chars to underscore. +*/ +function clean_file_name($filename) { + $filename = str_replace(chr(0), '', $filename); + return preg_replace('/[^a-zA-Z0-9.\-_]/', '_', $filename); +} ?> \ No newline at end of file