Server : LiteSpeed System : Linux server 3.10.0-1160.90.1.el7.x86_64 #1 SMP Thu May 4 15:21:22 UTC 2023 x86_64 User : alsaif ( 1057) PHP Version : 7.4.33 Disable Function : show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/alsaif/public_html/administrator/components/com_falang/liveupdate/classes/ |
<?php
/**
* @package LiveUpdate
* @copyright Copyright (c)2010-2016 Nicholas K. Dionysopoulos / AkeebaBackup.com
* @license GNU GPLv3 or later <https://www.gnu.org/licenses/gpl.html>
*/
defined('_JEXEC') or die();
/**
* Allows downloading packages over the web to your server
*/
class LiveUpdateDownloadHelper
{
/**
* Downloads from a URL and saves the result as a local file
*
* @param string $url The URL to fetch
* @param string $target Where to save the file
*
* @return boolean True on success
*/
public static function download($url, $target)
{
// Import Joomla! libraries
JLoader::import('joomla.filesystem.file');
/** @var bool Did we try to force permissions? */
$hackPermissions = false;
// Make sure the target does not exist
if (JFile::exists($target))
{
if (!@unlink($target))
{
JFile::delete($target);
}
}
// Try to open the output file for writing
$fp = @fopen($target, 'wb');
if ($fp === false)
{
// The file can not be opened for writing. Let's try a hack.
$empty = '';
if (JFile::write($target, $empty))
{
if (self::chmod($target, 511))
{
$fp = @fopen($target, 'wb');
$hackPermissions = true;
}
}
}
$result = false;
if ($fp !== false)
{
// First try to download directly to file if $fp !== false
$adapters = self::getAdapters();
$result = false;
while (!empty($adapters) && ($result === false))
{
// Run the current download method
$method = 'get' . strtoupper(array_shift($adapters));
$result = self::$method($url, $fp);
// Check if we have a download
if ($result === true)
{
// The download is complete, close the file pointer
@fclose($fp);
// If the filesize is not at least 1 byte, we consider it failed.
clearstatcache();
$filesize = @filesize($target);
if ($filesize <= 0)
{
$result = false;
$fp = @fopen($target, 'wb');
}
}
}
// If we have no download, close the file pointer
if ($result === false)
{
@fclose($fp);
}
}
if ($result === false)
{
// Delete the target file if it exists
if (file_exists($target))
{
if (!@unlink($target))
{
JFile::delete($target);
}
}
// Download and write using JFile::write();
$result = JFile::write($target, self::downloadAndReturn($url));
}
return $result;
}
/**
* Downloads from a URL and returns the result as a string
*
* @param string $url The URL to download from
*
* @return mixed Result string on success, false on failure
*/
public static function downloadAndReturn($url)
{
$adapters = self::getAdapters();
$result = false;
while (!empty($adapters) && ($result === false))
{
// Run the current download method
$method = 'get' . strtoupper(array_shift($adapters));
$result = self::$method($url, null);
}
return $result;
}
/**
* Does the server support PHP's cURL extension?
*
* @return boolean True if it is supported
*/
private static function hasCURL()
{
static $result = null;
if (is_null($result))
{
$result = function_exists('curl_init');
}
return $result;
}
/**
* Downloads the contents of a URL and writes them to disk (if $fp is not null)
* or returns them as a string (if $fp is null) using cURL
*
* @param string $url The URL to download from
* @param resource $fp The file pointer to download to. Omit to return the contents.
* @param boolean $nofollow Should we ignore 30x redirects?
*
* @return boolean|string False on failure, true on success ($fp not null) or the URL contents (if $fp is null)
*
* @throws LiveUpdateDownloadException When we get a 4xx/5xx HTTP status
*/
private static function &getCURL($url, $fp = null, $nofollow = false)
{
$result = false;
$ch = curl_init($url);
$config = new LiveUpdateConfig();
$config->applyCACert($ch);
if (!@curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1) && !$nofollow)
{
// Safe Mode is enabled. We have to fetch the headers and
// parse any redirections present in there.
curl_setopt($ch, CURLOPT_AUTOREFERER, true);
curl_setopt($ch, CURLOPT_FAILONERROR, true);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
// Get the headers
$data = curl_exec($ch);
curl_close($ch);
// Init
$newURL = $url;
// Parse the headers
$lines = explode("\n", $data);
foreach ($lines as $line)
{
if (substr($line, 0, 9) == "Location:")
{
$newURL = trim(substr($line, 9));
}
}
// Download from the new URL
if ($url != $newURL)
{
return self::getCURL($newURL, $fp);
}
else
{
return self::getCURL($newURL, $fp, true);
}
}
else
{
@curl_setopt($ch, CURLOPT_MAXREDIRS, 20);
}
curl_setopt($ch, CURLOPT_AUTOREFERER, true);
curl_setopt($ch, CURLOPT_FAILONERROR, true);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
// Pretend we are IE7, so that webservers play nice with us
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)');
if (is_resource($fp))
{
curl_setopt($ch, CURLOPT_FILE, $fp);
}
$result = curl_exec($ch);
$http_status = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($http_status >= 400)
{
throw new LiveUpdateDownloadException('Invalid header', 403);
}
curl_close($ch);
return $result;
}
/**
* Does the server support URL fopen() wrappers?
*
* @return boolean
*/
private static function hasFOPEN()
{
static $result = null;
if (is_null($result))
{
// If we are not allowed to use ini_get, we assume that URL fopen is
// disabled.
if (!function_exists('ini_get'))
{
$result = false;
}
else
{
$result = ini_get('allow_url_fopen');
}
}
return $result;
}
/**
* Downloads the contents of a URL and writes them to disk (if $fp is not null)
* or returns them as a string (if $fp is null) using fopen() URL wrappers
*
* @param string $url The URL to download from
* @param resource $fp The file pointer to download to. Omit to return the contents.
*
* @return boolean|string False on failure, true on success ($fp not null) or the URL contents (if $fp is null)
*/
private static function &getFOPEN($url, $fp = null)
{
$result = false;
// Track errors
if (function_exists('ini_set'))
{
$track_errors = ini_set('track_errors', true);
}
// Open the URL for reading
if (function_exists('stream_context_create'))
{
// PHP 5+ way (best)
$httpopts = array(
'user_agent' => 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)',
'timeout' => 10.0,
);
$context = stream_context_create(array('http' => $httpopts));
$ih = @fopen($url, 'r', false, $context);
}
else
{
// PHP 4 way (actually, it's just a fallback as we can't run this code in PHP4)
if (function_exists('ini_set'))
{
ini_set('user_agent', 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)');
}
$ih = @fopen($url, 'r');
}
// If fopen() fails, abort
if (!is_resource($ih))
{
return $result;
}
// Try to download
$bytes = 0;
$result = true;
$return = '';
while (!feof($ih) && $result)
{
$contents = fread($ih, 4096);
if ($contents === false)
{
@fclose($ih);
$result = false;
return $result;
}
else
{
$bytes += strlen($contents);
if (is_resource($fp))
{
$result = @fwrite($fp, $contents);
}
else
{
$return .= $contents;
unset($contents);
}
}
}
@fclose($ih);
if (!isset($http_response_header))
{
throw new LiveUpdateDownloadException('No headers', 404);
}
else
{
$http_code = 200;
$nLines = count($http_response_header);
for ($i = $nLines - 1; $i >= 0; $i--)
{
$line = $http_response_header[$i];
if (strncasecmp("HTTP", $line, 4) == 0)
{
$response = explode(' ', $line);
$http_code = $response[1];
break;
}
}
if ($http_code >= 400)
{
throw new LiveUpdateDownloadException('Invalid HTTP status', $http_code);
}
}
if (is_resource($fp))
{
return $result;
}
elseif ($result === true)
{
return $return;
}
else
{
return $result;
}
}
/**
* Detect and return available download methods
*
* @return array
*/
private static function getAdapters()
{
// Detect available adapters
$adapters = array();
if (self::hasCURL())
{
$adapters[] = 'curl';
}
if (self::hasFOPEN())
{
$adapters[] = 'fopen';
}
return $adapters;
}
/**
* Change the permissions of a file, optionally using FTP
*
* @param string $file Absolute path to file
* @param int $mode Permissions, e.g. 0755
*
* @return boolean Ture if successful
*/
private static function chmod($path, $mode)
{
if (is_string($mode))
{
$mode = octdec($mode);
if (($mode < 0600) || ($mode > 0777))
{
$mode = 0755;
}
}
// Initialize variables
JLoader::import('joomla.client.helper');
$ftpOptions = JClientHelper::getCredentials('ftp');
// Check to make sure the path valid and clean
$path = JPath::clean($path);
if ($ftpOptions['enabled'] == 1)
{
// Connect the FTP client
JLoader::import('joomla.client.ftp');
if (version_compare(JVERSION, '3.0', 'ge'))
{
$ftp = JClientFTP::getInstance(
$ftpOptions['host'], $ftpOptions['port'], array(), $ftpOptions['user'], $ftpOptions['pass']
);
}
else
{
if (version_compare(JVERSION, '3.0', 'ge'))
{
$ftp = JClientFTP::getInstance(
$ftpOptions['host'], $ftpOptions['port'], array(), $ftpOptions['user'], $ftpOptions['pass']
);
}
else
{
$ftp = JFTP::getInstance(
$ftpOptions['host'], $ftpOptions['port'], array(), $ftpOptions['user'], $ftpOptions['pass']
);
}
}
}
if (@chmod($path, $mode))
{
$ret = true;
}
elseif ($ftpOptions['enabled'] == 1)
{
// Translate path and delete
JLoader::import('joomla.client.ftp');
$path = JPath::clean(str_replace(JPATH_ROOT, $ftpOptions['root'], $path), '/');
// FTP connector throws an error
$ret = $ftp->chmod($path, $mode);
}
else
{
return false;
}
}
}
class LiveUpdateDownloadException extends Exception
{
}
;