diff --git a/oc-includes/osclass/utils.php b/oc-includes/osclass/utils.php index 1f9b184d34..3b3c6f5126 100755 --- a/oc-includes/osclass/utils.php +++ b/oc-includes/osclass/utils.php @@ -768,24 +768,42 @@ function download_fsockopen($sourceFile, $fileout = null, $post_data = null) if ('localhost' == strtolower($host)) $host = '127.0.0.1'; - $link = $aUrl['path'] . ( isset($aUrl['query']) ? '?' . $aUrl['query'] : '' ); + $path = $aUrl['path']; + $query = $aUrl['query']; + $link = $aUrl['path'] . ( isset($aUrl['query']) ? '?' . $aUrl['query'] : '' ); if (empty($link)) $link .= '/'; - $fp = @fsockopen($host, 80, $errno, $errstr, 30); + $port = 80; + if (preg_match("/^https:/i", $sourceFile)) { + $ishttps = true; + $host_ssl = "ssl://" .$host; + $port = 443; + $fp = @fsockopen($host_ssl, $port, $errno, $errstr, 30); + } else { + $fp = @fsockopen($host, $port, $errno, $errstr, 30); + } + if (!$fp) { - return false; + return false; } else { $ua = Params::getServerParam('HTTP_USER_AGENT') . ' Osclass (v.' . osc_version() . ')'; - $out = ($post_data!=null && is_array($post_data)?"POST":"GET") . " $link HTTP/1.1\r\n"; + //$out = ($post_data!=null && is_array($post_data)?"POST":"GET") . " $link HTTP/1.1\r\n"; + $out = ($ishttps || $post_data!=null && is_array($post_data)?"POST":"GET") . ($ishttps ? " $path" : " $link") ." HTTP/1.1\r\n"; $out .= "Host: $host\r\n"; $out .= "User-Agent: $ua\r\n"; + + $out .= "Content-type: application/x-www-form-urlencoded\r\n"; + $out .= "Content-length: ".strlen($query)."\r\n"; + $out .= "Connection: Close\r\n\r\n"; - $out .= "\r\n"; + $out .= ($ishttps ? $query ."\r\n" : ""); + $out .= "\r\n"; if($post_data!=null && is_array($post_data)) { $out .= http_build_query($post_data); } + fwrite($fp, $out); $contents = ''; @@ -800,7 +818,8 @@ function download_fsockopen($sourceFile, $fileout = null, $post_data = null) $aResult = processResponse($contents); $headers = processHeaders($aResult['headers']); - $location = @$headers['location']; + $location = @$headers['location']; + if (isset($location) && $location != "") { $aUrl = parse_url($headers['location']); @@ -809,21 +828,20 @@ function download_fsockopen($sourceFile, $fileout = null, $post_data = null) $host = '127.0.0.1'; $requestPath = $aUrl['path'] . ( isset($aUrl['query']) ? '?' . $aUrl['query'] : '' ); - if (empty($requestPath)) $requestPath .= '/'; - - download_fsockopen($host, $requestPath, $fileout); + + download_fsockopen($location, $fileout); } else { $body = $aResult['body']; - $transferEncoding = @$headers['transfer-encoding']; + $transferEncoding = @$headers['transfer-encoding']; if($transferEncoding == 'chunked' ) { $body = http_chunked_decode($aResult['body']); } if($fileout!=null) { $ff = @fopen($fileout, 'w+'); if($ff!==FALSE) { - fwrite($ff, $body); + fwrite($ff, $body); fclose($ff); return true; } else { @@ -838,6 +856,7 @@ function download_fsockopen($sourceFile, $fileout = null, $post_data = null) function osc_downloadFile($sourceFile, $downloadedFile, $post_data = null) { + if(strpos($downloadedFile, "../")!==false || strpos($downloadedFile, "..\\")!==false) { return false; } @@ -870,9 +889,9 @@ function osc_downloadFile($sourceFile, $downloadedFile, $post_data = null) return false; } } else if (testFsockopen()) { // test curl/fsockopen - $downloadedFile = osc_content_path() . 'downloads/' . $downloadedFile; + $downloadedFile = osc_content_path() . 'downloads/' . $downloadedFile; download_fsockopen($sourceFile, $downloadedFile); - return true; + return true; } return false; } @@ -981,10 +1000,9 @@ function osc_unzip_file($file, $to) { return 0; } - if (class_exists('ZipArchive')) { + if (class_exists('ZipArchive')) { return _unzip_file_ziparchive($file, $to); } - // if ZipArchive class doesn't exist, we use PclZip return _unzip_file_pclzip($file, $to); } @@ -1004,9 +1022,9 @@ function _unzip_file_ziparchive($file, $to) { $zip = new ZipArchive(); $zipopen = $zip->open($file, 4); - if ($zipopen !== true) { + if ($zipopen !== true) { return 2; - } + } // The zip is empty if($zip->numFiles==0) { return 2; @@ -1045,7 +1063,6 @@ function _unzip_file_ziparchive($file, $to) { @fwrite($fp, $content); @fclose($fp); } - $zip->close(); return 1; @@ -2086,7 +2103,6 @@ function osc_market($section, $code) { **** DOWNLOAD FILE **** ***********************/ if( isset($data['s_update_url']) && isset($data['s_source_file']) && isset($data['e_type'])) { - if($data['e_type']=='THEME') { $folder = 'themes/'; } else if($data['e_type']=='LANGUAGE') { @@ -2105,14 +2121,13 @@ function osc_market($section, $code) { $filename = date('YmdHis')."_".osc_sanitize_string($data['s_title'])."_".$data['s_version'].".zip"; $url_source_file = $data['s_source_file']; - $result = osc_downloadFile($url_source_file, $filename, $download_post_data); - if ($result) { // Everything is OK, continue /********************** ***** UNZIP FILE ***** **********************/ @mkdir(osc_content_path() . 'downloads/oc-temp/'); + $res = osc_unzip_file(osc_content_path() . 'downloads/' . $filename, osc_content_path() . 'downloads/oc-temp/'); if ($res == 1) { // Everything is OK, continue /**********************