Nederlands-, Vlaamstalige pHp-Fusion support site voor België en Nederland.
PHP-Fusion is een open-source "Content Magagement System" (CMS) geschreven in PHP en MySQL. Het beheren van uw site gaat met een eenvoudig en begrijpbaar administratie systeem. PHP-Fusion bevat o.a. een forum, shoutbox, enquêtes, profielpagina's, nieuws, fotogalerij, weblinks enz. Uiteraard is de standaardinstallatie nog uit te breiden met infusies (modules) en andere thema's (skins).
je kunt de toegestane bestandstype instellen.
Log in als beheerder op je site.
Ga naar beheerderspaneel --> Instellingen beheer --> Forum.
Je ziet daar de instelling "Toegestane bestandstypes".
Deze lijst kun je zelf aanvullen.
Dit probleem is geïntroduceerd in de laatste update, v7.02.07.
Getracht is wel om dit op te lossen via een silent update. Maar dit is volgens mij ook niet helemaal gelukt. Op mijn sites heb ik deze problemen ook nog. Ook op de engelstalige moedersite zijn er veel berichten over dit probleem, maar wordt er verder niets mee gedaan.
Er zijn dus 2 versies van v7.02.07 in omloop. De gewijzigde bestanden in de silent update zijn maincore.php en mimetypes_include.php.
Download nogmaals het pakket en vergelijke die 2 bestanden met je huidige.
Ik heb getracht het management ervan te overtuigen dat elke update, ook een silent update, een eigen versie nummer moet krijgen. Het antwoord komt hierop neer dat je als gebruiker maar Github in de gaten moet houden voor wijzigingen in de code. Verdere discussie hierover is niet mogelijk op de Engelstalige moedersite, want post word verwijderd en onderwerpen op slot gezet.
/*-------------------------------------------------------+
| PHP-Fusion Content Management System
| Copyright (C) 2002 - 2013 Nick Jones
| http://www.php-fusion.co.uk/
+--------------------------------------------------------+
| Filename: maincore.php
| Author: Nick Jones (Digitanium)
+--------------------------------------------------------+
| This program is released as free software under the
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at www.gnu.org/licenses/agpl.html. Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+--------------------------------------------------------*/
if (preg_match("/maincore.php/i", $_SERVER['PHP_SELF'])) { die(); }
// Calculate script start/end time
function get_microtime() {
list($usec, $sec) = explode(" ", microtime());
return ((float)$usec + (float)$sec);
}
// Define script start time
define("START_TIME", get_microtime());
define("IN_FUSION", TRUE);
// Prevent any possible XSS attacks via $_GET.
if (stripget($_GET)) {
die("Prevented a XSS attack through a GET variable!");
}
// Locate config.php and set the basedir path
$folder_level = ""; $i = 0;
while (!file_exists($folder_level."config.php")) {
$folder_level .= "../"; $i++;
if ($i == 7) { die("config.php file not found"); }
}
define("BASEDIR", $folder_level);
require_once BASEDIR."config.php";
// If config.php is empty, activate setup.php script
if (!isset($db_name)) { redirect("setup.php"); }
// Checking file types of the uploaded file with known mime types list to prevent uploading unwanted files
if(isset($_FILES) && count($_FILES)) {
require_once BASEDIR.'includes/mimetypes_include.php';
$mime_types = mimeTypes();
foreach($_FILES as $each) {
if(isset($each['name']) && strlen($each['tmp_name'])) {
$file_info = pathinfo($each['name']);
$extension = $file_info['extension'];
if(array_key_exists($extension, $mime_types)) {
//An extension may have more than one mime type
if(is_array($mime_types[$extension])) {
//We should check each extension one by one
$valid_mimetype = false;
foreach($mime_types[$extension] as $each_mimetype) {
//If we have a match, we set the value to true and break the loop
if($each_mimetype==$each['type']) {
$valid_mimetype = true;
break;
}
}
if(!$valid_mimetype) {
die('Prevented an unwanted file upload attempt!');
}
unset($valid_mimetype);
} else {
if($mime_types[$extension]!=$each['type']) {
die('Prevented an unwanted file upload attempt!');
}
}
} /*else { //Let's disable this for now
//almost impossible with provided array, but we throw an error anyways
die('Unknown file type');
}*/
unset($file_info,$extension);
}
}
unset($mime_types);
}
// Fetch the settings from the database
$settings = array();
$result = dbquery("SELECT * FROM ".DB_SETTINGS);
if (dbrows($result)) {
while ($data = dbarray($result)) {
$settings[$data['settings_name']] = $data['settings_value'];
}
} else {
die("Settings do not exist, please check your config.php file or run setup.php again.");
}
// Settings dependent functions
date_default_timezone_set($settings['default_timezone']);
//ob_start("ob_gzhandler"); //Uncomment this line and comment the one below to enable output compression.
ob_start();
// Redirects to the index if the URL is invalid (eg. file.php/folder/)
if ($_SERVER['SCRIPT_NAME'] != $_SERVER['PHP_SELF']) { redirect($settings['siteurl']); }
// Load the Global language file
include LOCALE.LOCALESET."global.php";
// Autenticate user
require_once CLASSES."Authenticate.class.php";
// Set a valid theme
function set_theme($theme) {
global $settings, $locale;
if (!defined("THEME")) {
// If the theme is valid set it
if (theme_exists($theme)) {
define("THEME", THEMES.($theme == "Default" ? $settings['theme'] : $theme)."/");
// The theme is invalid, search for a valid one inside themes folder and set it
} else {
$dh = opendir(THEMES);
while (false !== ($entry = readdir($dh))) {
if ($entry != "." && $entry != ".." && is_dir(THEMES.$entry)) {
if (theme_exists($entry)) {
define("THEME", THEMES.$entry."/");
break;
}
}
}
closedir($dh);
}
// If can't find and set any valid theme show a warning
if (!defined("THEME")) {
echo "".$theme." - ".$locale['global_300'].".
\n";
echo $locale['global_301'];
die();
}
}
}
// Set the admin password when needed
function set_admin_pass($password) {
Authenticate::setAdminCookie($password);
}
// Check if admin password matches userdata
function check_admin_pass($password) {
// Strip Slash Function, only stripslashes if magic_quotes_gpc is on
function stripslash($text) {
if (QUOTES_GPC) { $text = stripslashes($text); }
return $text;
}
// Add Slash Function, add correct number of slashes depending on quotes_gpc
function addslash($text) {
if (!QUOTES_GPC) {
$text = addslashes(addslashes($text));
} else {
$text = addslashes($text);
}
return $text;
}
// htmlentities is too agressive so we use this function
function phpentities($text) {
$search = array("&", "\"", "'", "\\", "<", ">");
$replace = array("&", """, "'", "\", "<", ">");
$text = str_replace($search, $replace, $text);
return $text;
}
// Trim a line of text to a preferred length
function trimlink($text, $length) {
$dec = array("&", "\"", "'", "\\", '\"', "\'", "<", ">");
$enc = array("&", """, "'", "\", """, "'", "<", ">");
$text = str_replace($enc, $dec, $text);
if (strlen($text) > $length) $text = substr($text, 0, ($length-3))."...";
$text = str_replace($dec, $enc, $text);
return $text;
}
// Validate numeric input
function isnum($value) {
if (!is_array($value)) {
return (preg_match("/^[0-9]+$/", $value));
} else {
return false;
}
}
// Custom preg-match function
function preg_check($expression, $value) {
if (!is_array($value)) {
return preg_match($expression, $value);
} else {
return false;
}
}
// Cache smileys mysql
function cache_smileys() {
global $smiley_cache;
$result = dbquery("SELECT smiley_code, smiley_image, smiley_text FROM ".DB_SMILEYS);
if (dbrows($result)) {
$smiley_cache = array();
while ($data = dbarray($result)) {
$smiley_cache[] = array(
"smiley_code" => $data['smiley_code'],
"smiley_image" => $data['smiley_image'],
"smiley_text" => $data['smiley_text']
);
}
} else {
$smiley_cache = array();
}
}
// Parse smiley bbcode
function parsesmileys($message) {
global $smiley_cache;
if (!preg_match("#(\[code\](.*?)\[/code\]|\[geshi=(.*?)\](.*?)\[/geshi\]|\[php\](.*?)\[/php\])#si", $message)) {
if (!$smiley_cache) { cache_smileys(); }
if (is_array($smiley_cache) && count($smiley_cache)) {
foreach ($smiley_cache as $smiley) {
$smiley_code = preg_quote($smiley['smiley_code'], '#');
$smiley_image = "";
$message = preg_replace("#{$smiley_code}#si", $smiley_image, $message);
}
}
}
return $message;
}
// Show smiley icons in comments, forum and other post pages
function displaysmileys($textarea, $form = "inputform") {
global $smiley_cache;
$smileys = ""; $i = 0;
if (!$smiley_cache) { cache_smileys(); }
if (is_array($smiley_cache) && count($smiley_cache)) {
foreach ($smiley_cache as $smiley) {
if ($i != 0 && ($i % 10 == 0)) { $smileys .= " \n"; $i++; }
$smileys .= ">\n";
}
}
return $smileys;
}
// Cache bbcode mysql
function cache_bbcode() {
global $bbcode_cache;
$result = dbquery("SELECT bbcode_name FROM ".DB_BBCODES." ORDER BY bbcode_order ASC");
if (dbrows($result)) {
$bbcode_cache = array();
while ($data = dbarray($result)) {
$bbcode_cache[] = $data['bbcode_name'];
}
} else {
$bbcode_cache = array();
}
}
// Parse bbcode
function parseubb($text, $selected = false) {
global $bbcode_cache;
if (!$bbcode_cache) { cache_bbcode(); }
if (is_array($bbcode_cache) && count($bbcode_cache)) {
if ($selected) { $sel_bbcodes = explode("|", $selected); }
foreach ($bbcode_cache as $bbcode) {
if ($selected && in_array($bbcode, $sel_bbcodes)) {
if (file_exists(INCLUDES."bbcodes/".$bbcode."_bbcode_include.php")) {
if (file_exists(LOCALE.LOCALESET."bbcodes/".$bbcode.".php")) {
include (LOCALE.LOCALESET."bbcodes/".$bbcode.".php");
} elseif (file_exists(LOCALE."English/bbcodes/".$bbcode.".php")) {
include (LOCALE."English/bbcodes/".$bbcode.".php");
}
include (INCLUDES."bbcodes/".$bbcode."_bbcode_include.php");
}
} elseif (!$selected) {
if (file_exists(INCLUDES."bbcodes/".$bbcode."_bbcode_include.php")) {
if (file_exists(LOCALE.LOCALESET."bbcodes/".$bbcode.".php")) {
include (LOCALE.LOCALESET."bbcodes/".$bbcode.".php");
} elseif (file_exists(LOCALE."English/bbcodes/".$bbcode.".php")) {
include (LOCALE."English/bbcodes/".$bbcode.".php");
}
include (INCLUDES."bbcodes/".$bbcode."_bbcode_include.php");
}
}
}
}
$text = descript($text, false);
return $text;
}
// Replace offensive words with the defined replacement word
function censorwords($text) {
global $settings;
if ($settings['bad_words_enabled'] == "1" && $settings['bad_words'] != "" ) {
$word_list = explode("\r\n", $settings['bad_words']);
for ($i=0; $i < count($word_list); $i++) {
if ($word_list[$i] != "") $text = preg_replace("/".$word_list[$i]."/si", $settings['bad_word_replace'], $text);
}
}
return $text;
}
// Display the user's level
function getuserlevel($userlevel) {
global $locale;
if ($userlevel == 101) { return $locale['user1'];
} elseif ($userlevel == 102) { return $locale['user2'];
} elseif ($userlevel == 103) { return $locale['user3']; }
}
// Check if user is assigned to the specified user group
function checkgroup($group) {
if (iSUPERADMIN) { return true; }
elseif (iADMIN && ($group == "0" || $group == "101" || $group == "102")) { return true;
} elseif (iMEMBER && ($group == "0" || $group == "101")) { return true;
} elseif (iGUEST && $group == "0") { return true;
} elseif (iMEMBER && $group && in_array($group, explode(".", iUSER_GROUPS))) {
return true;
} else {
return false;
}
}
// Cache groups mysql
function cache_groups() {
global $groups_cache;
$result = dbquery("SELECT * FROM ".DB_USER_GROUPS." ORDER BY group_id ASC");
if (dbrows($result)) {
$groups_cache = array();
while ($data = dbarray($result)) {
$groups_cache[] = $data;
}
} else {
$groups_cache = array();
}
}
// Compile access levels & user group array
function getusergroups() {
global $locale, $groups_cache;
$groups_array = array(
array("0", $locale['user0']),
array("101", $locale['user1']),
array("102", $locale['user2']),
array("103", $locale['user3'])
);
if (!$groups_cache) { cache_groups(); }
if (is_array($groups_cache) && count($groups_cache)) {
foreach ($groups_cache as $group) {
array_push($groups_array, array($group['group_id'], $group['group_name']));
}
}
return $groups_array;
}
// Get the name of the access level or user group
function getgroupname($group_id, $return_desc = false) {
global $locale, $groups_cache;
if ($group_id == "0") { return $locale['user0'];
} elseif ($group_id == "101") { return $locale['user1']; exit;
} elseif ($group_id == "102") { return $locale['user2']; exit;
} elseif ($group_id == "103") { return $locale['user3']; exit;
} else {
if (!$groups_cache) { cache_groups(); }
if (is_array($groups_cache) && count($groups_cache)) {
foreach ($groups_cache as $group) {
if ($group_id == $group['group_id']) { return ($return_desc ? ($group['group_description'] ? $group['group_description'] : '-') : $group['group_name']); exit; }
}
}
}
return $locale['user_na'];
}
// Getting the access levels used when asking the database for data
function groupaccess($field) {
if (iGUEST) { return "$field = '0'";
} elseif (iSUPERADMIN) { return "1 = 1";
} elseif (iADMIN) { $res = "($field='0' OR $field='101' OR $field='102'";
} elseif (iMEMBER) { $res = "($field='0' OR $field='101'";
}
if (iUSER_GROUPS != "" && !iSUPERADMIN) { $res .= " OR $field='".str_replace(".", "' OR $field='", iUSER_GROUPS)."'"; }
$res .= ")";
return $res;
}
// Create a list of files or folders and store them in an array
// You may filter out extensions by adding them to $extfilter as:
// $ext_filter = "gif|jpg"
function makefilelist($folder, $filter, $sort = true, $type = "files", $ext_filter = "") {
$res = array();
$filter = explode("|", $filter);
if ($type == "files" && !empty($ext_filter)) {
$ext_filter = explode("|", strtolower($ext_filter));
}
$temp = opendir($folder);
while ($file = readdir($temp)) {
if ($type == "files" && !in_array($file, $filter)) {
if (!empty($ext_filter)) {
if (!in_array(substr(strtolower(stristr($file, '.')), +1), $ext_filter) && !is_dir($folder.$file)) { $res[] = $file; }
} else {
if (!is_dir($folder.$file)) { $res[] = $file; }
}
} elseif ($type == "folders" && !in_array($file, $filter)) {
if (is_dir($folder.$file)) { $res[] = $file; }
}
}
closedir($temp);
if ($sort) { sort($res); }
return $res;
}
// Create a selection list from an array created by makefilelist()
function makefileopts($files, $selected = "") {
$res = "";
for ($i = 0; $i < count($files); $i++) {
$sel = ($selected == $files[$i] ? " selected='selected'" : "");
$res .= "\n";
}
return $res;
}
// Making Page Navigation
function makepagenav($start, $count, $total, $range = 0, $link = "", $getname = "rowstart") {
global $locale;
if ($link == "") { $link = FUSION_SELF."?"; }
if (!preg_match("#[0-9]+#", $count) || $count == 0) return false;
/*-------------------------------------------------------+
| PHP-Fusion Content Management System
| Copyright (C) 2002 - 2013 Nick Jones
| http://www.php-fusion.co.uk/
+--------------------------------------------------------+
| Filename: mimetypes_include.php
| Author: Arda Kilicdagi (Arda, SoulSmasher)
+--------------------------------------------------------+
| This program is released as free software under the
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at www.gnu.org/licenses/agpl.html. Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+--------------------------------------------------------*/
if (!defined("IN_FUSION")) { die("Access Denied"); }