Index: /controller/wpsg_AdminController.class.php
===================================================================
--- /controller/wpsg_AdminController.class.php (revision 7146)
+++ /controller/wpsg_AdminController.class.php (revision 7147)
@@ -1603,41 +1603,5 @@
} // public function kundendatenAction()
-
- /*
- * Gibt den Absoluten Path des Speicherorts der Emailconfig an
- * Ist der Parameter $url auf true, so wird der relative Pfad fÃŒr die Ausgabe in URLs zurÃŒckgegeben
- */
- public function getMailConfFilePath($order_id, $url = false)
- {
-
- if ($order_id == '')
- { // Emaillogo
- if ($this->shop->isMultiBlog())
- {
-
- $path = wpsg_getUploadDir('wpsg_mailconf');
- $htaccess = WP_CONTENT_DIR.'/'.WPSG_MB_UPLOADS.'/wpsg/wpsg_mailconf/.htaccess';
-
- $url_content = WPSG_URL_CONTENT.WPSG_MB_UPLOADS.'/wpsg/wpsg_mailconf/';
-
- if ($url) $strReturn = $url_content.'/'.$order_id.'/';
- else $strReturn = $path.'/'.$order_id.'/';
-
- }
- else
- {
-
- $path = wpsg_getUploadDir('wpsg_mailconf');
- $htaccess = WPSG_PATH_CONTENT.'uploads/wpsg/wpsg_mailconf/.htaccess';
-
- if ($url) $strReturn = WPSG_URL_CONTENT.'uploads/wpsg/wpsg_mailconf/'.$order_id.'/';
- else $strReturn = $path.$order_id.'/';
-
- }
- return $strReturn;
- }
-
- } // public function getEmailFilePath()
-
+
/**
* Konfiguration der E-Mail Einstellungen
@@ -1646,6 +1610,13 @@
{
- if (isset($_REQUEST['submit']))
- {
+ if (isset($_REQUEST['getEmailLogo'])) {
+
+ $logo_path = wpsg_getUploadDir('wpsg_mailconf').'wpsg_email_logo.jpg';
+
+ if (!file_exists($logo_path)) throw new \Exception(_('E-Mail Logo existiert nicht.'));
+
+ wpsg_header::IMG($logo_path);
+
+ } else if (isset($_REQUEST['submit'])) {
$this->update_option('wpsg_htmlmail', $_REQUEST['wpsg_htmlmail']);
@@ -1661,15 +1632,14 @@
$ending = strtolower(preg_replace("/(.*)\./", "", $_FILES['wpsg_email_logo']['name']));
- if ($ending != "jpg" && $ending != "jpeg")
- {
+ if ($ending != "jpg" && $ending != "jpeg") {
+
$this->shop->addBackendError(__("UngÃŒltiger Dateityp (Logo) ! Es sind nur JPG/JPEG Dateien erlaubt!", "wpsg"));
- }
- else if ($ending == "jpg" || $ending == "jpeg")
- {
+
+ } else if ($ending == "jpg" || $ending == "jpeg") {
- $destination = $this->getMailConfFilePath('').'wpsg_email_logo.jpg';
-
- move_uploaded_file($_FILES['wpsg_email_logo']['tmp_name'], $destination);
- $this->update_option('wpsg_email_logo_url', $this->getMailConfFilePath('', true).'wpsg_email_logo.jpg');
+ $destination_path = wpsg_getUploadDir('wpsg_mailconf').'wpsg_email_logo.jpg';
+
+ move_uploaded_file($_FILES['wpsg_email_logo']['tmp_name'], $destination_path);
+
}
Index: /controller/wpsg_ShopController.class.php
===================================================================
--- /controller/wpsg_ShopController.class.php (revision 7146)
+++ /controller/wpsg_ShopController.class.php (revision 7147)
@@ -590,6 +590,5 @@
public function getUplodatStoragePath() {
- if ($this->isMultiBlog())
- {
+ if ($this->isMultiBlog()) {
$path = WP_CONTENT_DIR.'/'.WPSG_MB_UPLOADS.'/wpsg/';
@@ -600,13 +599,6 @@
}
-
- if (!file_exists($path.'.htaccess')) {
-
- $handle = fopen($path.'.htaccess', 'w+');
- $content = "Deny from all";
- fwrite($handle, $content, strlen($content));
- fclose($handle);
-
- }
+
+ $this->protectDirectory($path);
return $path;
@@ -620,6 +612,5 @@
{
- if (strlen($_GET['wpsg_quotecheck']) > 7 || get_magic_quotes_gpc())
- {
+ if (strlen($_GET['wpsg_quotecheck']) > 7 || get_magic_quotes_gpc()) {
$_POST = array_map('stripslashes_deep', $_POST);
@@ -1837,4 +1828,56 @@
}
+
+ /**
+ * Die Funktion soll ein Verzeichnis vor direkten Browseranfragen schÃŒtzen, in dem es eine .htaccess Datei anlegt
+ * @param $path
+ */
+ public function protectDirectory($path, $arEnableFiles = []) {
+
+ if (!file_exists($path)) mkdir($path, 0775, true);
+
+ $htaccess = \trailingslashit($path).'.htaccess';
+
+ if (!file_exists($htaccess))
+ {
+
+ $handle = fopen($htaccess, "w+");
+
+ $content = "
+
+Order Allow,Deny
+
+
+Require all denied
+
+
+# line below if for Apache 2.2
+
+deny from all
+
+
+# section for Apache 2.2 and 2.4
+IndexIgnore *
+
+ ";
+
+ foreach ($arEnableFiles as $f) {
+
+ $content .= "
+
+
+allow from all
+
+
+";
+
+ }
+
+ fwrite($handle, $content, strlen($content));
+ fclose($handle);
+
+ }
+
+ } // public function protectDirectory($path)
/**
@@ -3426,12 +3469,6 @@
}
- if (!file_exists($path)) wpsg_mkdir($path);
- if (!file_exists($path.'.htaccess'))
- {
-
- file_put_contents($path.'.htaccess', 'Allow from all');
-
- }
-
+ if (!file_exists($path)) mkdir($path, 0775, true);
+
if ($getUrl === true) return $url; else return $path;
Index: /controller/wpsg_SystemController.class.php
===================================================================
--- /controller/wpsg_SystemController.class.php (revision 7146)
+++ /controller/wpsg_SystemController.class.php (revision 7147)
@@ -288,54 +288,14 @@
{
- if ($this->isMultiBlog())
- {
+ if ($this->isMultiBlog()) {
$path = WP_CONTENT_DIR.'/'.WPSG_MB_UPLOADS.'/wpsg/';
- $htaccess = WP_CONTENT_DIR.'/'.WPSG_MB_UPLOADS.'/wpsg/.htaccess';
- }
- else
- {
+ } else {
$path = WPSG_PATH_CONTENT.'uploads/wpsg/';
- $htaccess = WPSG_PATH_CONTENT.'uploads/wpsg/.htaccess';
-
- }
-
- if (!file_exists($path))
- {
- mkdir($path, 0777, true);
- }
-
- /*
- * Zur Sicherheit ÃŒberprÃŒfe ich immer ob die .htaccess existiert
- */
-
- if (!file_exists($htaccess))
- {
-
- $handle = fopen($htaccess, "w+");
-
- $content = '
- Deny from all
-
-
- Allow from all
-
- ';
-
- fwrite($handle, $content, strlen($content));
- fclose($handle);
-
- }
-
- /* User Views erlauben */
- if (file_exists($path.'user_views/'))
- {
-
- @file_put_contents($path.'user_views/.htaccess', 'Allow from all');
-
- }
-
+
+ }
+
return $path;
Index: /lib/functions.inc.php
===================================================================
--- /lib/functions.inc.php (revision 7146)
+++ /lib/functions.inc.php (revision 7147)
@@ -1258,10 +1258,12 @@
* @return int
*/
- function wpsg_getDaysofMonth($month, $year)
- {
+ function wpsg_getDaysofMonth($month, $year) {
+
$time = mktime(0, 0, 0, $month, 1, $year);
+
return date('t', $time);
- }
-
+
+ }
+
/**
* Gibt das Upload Verzeichnis zurÃŒck, in dem Daten von wpShopGermany gespeichert werden
@@ -1269,15 +1271,14 @@
* @return string Der absolute Pfad
*/
- function wpsg_getUploadDir($strPathKey = '')
- {
-
- if ($GLOBALS['wpsg_sc']->isMultiBlog())
- {
+ function wpsg_getUploadDir($strPathKey = '', $htprotection = true)
+ {
+
+ if (strpos($strPathKey, '..')) throw new \Exception(__('UnzulÀssige Pfadangabe!'));
+
+ if ($GLOBALS['wpsg_sc']->isMultiBlog()) {
$path = WP_CONTENT_DIR.'/'.WPSG_MB_UPLOADS.'/wpsg/'.$strPathKey.'/';
- }
- else
- {
+ } else {
$path = WP_CONTENT_DIR.'/uploads/wpsg/'.$strPathKey.'/';
@@ -1285,15 +1286,31 @@
}
- if (!file_exists($path))
- {
-
- mkdir($path, 0777, true);
-
- }
+ if ($strPathKey === '' || $htprotection === false) {
+
+ if (!file_exists($path)) mkdir($path, 0775, true);
+
+ } else {
+
+ $GLOBALS['wpsg_sc']->protectDirectory($path);
+
+ }
return $path;
} // function wpsg_getUploadDir($strPathKey = '')
-
+
+ /**
+ * Siehe wpsg_getUploadDir
+ * Gibt aber die URL zurÃŒck
+ */
+ function wpsg_getUploadUrl($strPathKey = '', $htprotection = true) {
+
+ $path = wpsg_getUploadDir($strPathKey, $htprotection);
+ $upload_dir = \wp_upload_dir();
+
+ return str_replace($upload_dir['basedir'], $upload_dir['baseurl'], $path);
+
+ }
+
/**
* Verschiebt eine hochgeladene Datei
Index: /lib/wpsg_header.class.php
===================================================================
--- /lib/wpsg_header.class.php (revision 7146)
+++ /lib/wpsg_header.class.php (revision 7147)
@@ -21,4 +21,27 @@
} // public static function startDownload($filename)
+ public function IMG($file) {
+
+ $filename = basename($file);
+ $file_extension = strtolower(substr(strrchr($filename,"."),1));
+
+ switch ($file_extension) {
+
+ case "gif": $ctype = "image/gif"; break;
+ case "png": $ctype = "image/png"; break;
+ case "jpeg":
+ case "jpg": $ctype = "image/jpeg"; break;
+
+ default:
+
+ }
+
+ header('Content-type: '.$ctype);
+
+ readfile($file);
+ exit;
+
+ }
+
public static function PDFPlugin($file)
{
Index: /mods/wpsg_mod_billsafe.class.php
===================================================================
--- /mods/wpsg_mod_billsafe.class.php (revision 7146)
+++ /mods/wpsg_mod_billsafe.class.php (revision 7147)
@@ -925,55 +925,22 @@
{
- if ($this->shop->isMultiBlog())
- {
-
- $htaccess = WP_CONTENT_DIR.'/'.WPSG_MB_UPLOADS.'/wpsg/wpsg_billsafe/.htaccess';
+ if ($this->shop->isMultiBlog()) {
+
$path = WP_CONTENT_DIR.'/'.WPSG_MB_UPLOADS.'/wpsg/wpsg_billsafe/'.$order_id.'/';
- if (!file_exists($path)) mkdir($path, 0777, true);
-
- if ($url)
- {
-
- $url = WPSG_URL_CONTENT.WPSG_MB_UPLOADS.'/wpsg/wpsg_billsafe/'.$order_id.'/';
-
- }
+
+ if ($url) { $url = WPSG_URL_CONTENT.WPSG_MB_UPLOADS.'/wpsg/wpsg_billsafe/'.$order_id.'/'; }
- }
- else
- {
-
- $htaccess = WP_CONTENT_DIR.'/uploads/wpsg/wpsg_billsafe/.htaccess';
+ } else {
+
$path = WP_CONTENT_DIR.'/uploads/wpsg/wpsg_billsafe/'.$order_id.'/';
- if (!file_exists($path)) mkdir($path, 0777, true);
-
- if ($url)
- {
-
- $url = WPSG_URL_CONTENT.'uploads/wpsg/wpsg_billsafe/'.$order_id.'/';
-
- }
+
+ if ($url) { $url = WPSG_URL_CONTENT.'uploads/wpsg/wpsg_billsafe/'.$order_id.'/'; }
}
- if (!file_exists($htaccess))
- {
-
- $handle = fopen($htaccess, "w+");
-
- $content = 'Deny from all';
-
- fwrite($handle, $content, strlen($content));
- fclose($handle);
-
- }
-
- if ($url !== false)
- {
-
- return $url;
-
- }
-
- return $path;
+ $this->shop->protectDirectory($path);
+
+ if ($url !== false) return $url;
+ else return $path;
} // private function getFilePath($produkt_id, $url = false)
Index: /mods/wpsg_mod_deliverynote.class.php
===================================================================
--- /mods/wpsg_mod_deliverynote.class.php (revision 7146)
+++ /mods/wpsg_mod_deliverynote.class.php (revision 7147)
@@ -856,14 +856,12 @@
* Gibt den Absoluten Pfad zurÃŒck wo die Lieferscheine gespeichert sind
*/
- public function getFilePath($order_id, $url = false)
- {
-
- if ($order_id == '')
- { // Briefpapier/Logo
- if ($this->shop->isMultiBlog())
- {
+ public function getFilePath($order_id, $url = false) {
+
+ if ($order_id == '') {
+
+ // Briefpapier/Logo
+ if ($this->shop->isMultiBlog()) {
$path = WPSG_PATH_CONTENT.'/'.WPSG_MB_UPLOADS.'/wpsg/wpsg_deliverynote/'.$order_id.'/';
- $htaccess = WPSG_PATH_CONTENT.'/'.WPSG_MB_UPLOADS.'/wpsg/wpsg_deliverynote/.htaccess';
$url_content = WPSG_URL_CONTENT.WPSG_MB_UPLOADS.'/wpsg/wpsg_deliverynote/';
@@ -871,10 +869,7 @@
else $strReturn = $path;
- }
- else
- {
+ } else {
$path = WPSG_PATH_CONTENT.'uploads/wpsg/wpsg_deliverynote/'.$order_id.'/';
- $htaccess = WPSG_PATH_CONTENT.'uploads/wpsg/wpsg_deliverynote/.htaccess';
if ($url) $strReturn = WPSG_URL_CONTENT.'uploads/wpsg/wpsg_deliverynote/'.$order_id.'/';
@@ -883,17 +878,14 @@
}
- }
- else
- { // Lieferschein aus Bestellung
-
+ } else {
+
+ // Lieferschein aus Bestellung
$deliverynote = $this->db->fetchRow("SELECT * FROM `".WPSG_TBL_DELIVERYNOTE."` AS DN WHERE `order_id` = '".wpsg_q($order_id)."' ");
$datum = $deliverynote['cdate'];
$ym = date('Y/m/', strtotime($datum));
- if ($this->shop->isMultiBlog())
- {
+ if ($this->shop->isMultiBlog()) {
$path = WPSG_PATH_CONTENT.'/'.WPSG_MB_UPLOADS.'/wpsg/wpsg_deliverynote/'.$ym.$order_id.'/';
- $htaccess = WPSG_PATH_CONTENT.'/'.WPSG_MB_UPLOADS.'/wpsg/wpsg_deliverynote/.htaccess';
$url_content = WPSG_URL_CONTENT.WPSG_MB_UPLOADS.'/wpsg/wpsg_deliverynote/'.$ym;
@@ -901,10 +893,7 @@
else $strReturn = $path;
- }
- else
- {
+ } else {
$path = WPSG_PATH_CONTENT.'uploads/wpsg/wpsg_deliverynote/'.$ym.$order_id.'/';
- $htaccess = WPSG_PATH_CONTENT.'uploads/wpsg/wpsg_deliverynote/.htaccess';
if ($url) $strReturn = WPSG_URL_CONTENT.'uploads/wpsg/wpsg_deliverynote/'.$ym.$order_id.'/';
@@ -913,44 +902,10 @@
}
- } // if ($order_id == '')
-
-
- if (!file_exists($path))
- {
- mkdir($path, 0777, true);
- }
-
- /*
- * Zur Sicherheit ÃŒberprÃŒfe ich immer ob die .htaccess existiert
- */
-
- if (!file_exists($htaccess))
- {
-
- $handle = fopen($htaccess, "w+");
-
- $content = '
-
-Deny from all
-
-
-allow from all
-
-
-
-allow from all
-
-
-
-allow from all
-
-
- ';
-
- fwrite($handle, $content, strlen($content));
- fclose($handle);
-
- }
-
+ } // if ($order_id == '')
+
+ $this->shop->protectDirectory($path, [
+ 'wpsg_deliverynote_logo.jpg', 'wpsg_deliverynote_bp.jpg', 'wpsg_deliverynote_bp.pdf'
+ ] );
+
return $strReturn;
Index: /mods/wpsg_mod_downloadplus.class.php
===================================================================
--- /mods/wpsg_mod_downloadplus.class.php (revision 7146)
+++ /mods/wpsg_mod_downloadplus.class.php (revision 7147)
@@ -1630,15 +1630,5 @@
}
- if (!file_exists($path))
- {
-
- mkdir($path, 0777, true);
-
- $handle = fopen($path.'.htaccess', "w+");
- $content = "Deny from all";
- fwrite($handle, $content, strlen($content));
- fclose($handle);
-
- }
+ $this->shop->protectDirectory($path);
return $path;
@@ -1652,21 +1642,15 @@
{
- if ($this->shop->get_option('wpsg_mod_downloadplus_pdfindivpath') !== false && trim($this->shop->get_option('wpsg_mod_downloadplus_pdfindivpath')) != '')
- {
+ if ($this->shop->get_option('wpsg_mod_downloadplus_pdfindivpath') !== false && trim($this->shop->get_option('wpsg_mod_downloadplus_pdfindivpath')) != '') {
$path = $this->shop->get_option('wpsg_mod_downloadplus_pdfindivpath').'/'.$order_id.'/';
- }
- else
- {
-
- if ($this->shop->isMultiBlog())
- {
+ } else {
+
+ if ($this->shop->isMultiBlog()) {
$path = WP_CONTENT_DIR.'/'.WPSG_MB_UPLOADS.'/wpsg/wpsg_pdfprodukte_order/'.$order_id.'/';
- }
- else
- {
+ } else {
$path = WP_CONTENT_DIR.'/uploads/wpsg/wpsg_pdfprodukte_order/'.$order_id.'/';
@@ -1675,16 +1659,6 @@
}
-
- if (!file_exists($path))
- {
-
- mkdir($path, 0777, true);
-
- $handle = fopen($path.'.htaccess', "w+");
- $content = "Deny from all";
- fwrite($handle, $content, strlen($content));
- fclose($handle);
-
- }
+
+ $this->shop->protectDirectory($path);
return $path;
Index: /mods/wpsg_mod_downloadprodukte.class.php
===================================================================
--- /mods/wpsg_mod_downloadprodukte.class.php (revision 7146)
+++ /mods/wpsg_mod_downloadprodukte.class.php (revision 7147)
@@ -184,31 +184,11 @@
$temp = wpsg_getStr($_FILES['wpsg_mod_downloadprodukte_file']['tmp_name'][0]);
- //if (file_exists($_FILES['wpsg_mod_downloadprodukte_file']['tmp_name']))
- if (file_exists($temp))
- {
+
+ if (file_exists($temp)) {
$uploaddir = $this->getFilePath($produkt_id);
- if (!file_exists($uploaddir))
- {
-
- mkdir($uploaddir, 0777, true);
-
- $handle = fopen($uploaddir.'.htaccess', "w");
- $content = "Deny from all";
- fwrite($handle, $content, strlen($content));
- fclose($handle);
-
- }
- else
- {
-
- $handle = fopen($uploaddir.'.htaccess', "w");
- $content = "Deny from all";
- fwrite($handle, $content, strlen($content));
- fclose($handle);
-
- }
-
+ $this->shop->protectDirectory($uploaddir);
+
$uploadfile = $uploaddir.basename($_FILES['wpsg_mod_downloadprodukte_file']['name'][0]);
Index: /mods/wpsg_mod_orderupload.class.php
===================================================================
--- /mods/wpsg_mod_orderupload.class.php (revision 7146)
+++ /mods/wpsg_mod_orderupload.class.php (revision 7147)
@@ -299,5 +299,4 @@
$this->shop->view['arFiles'] = $arFiles;
- //$this->shop->render(WPSG_PATH_VIEW.'/mods/mod_orderupload/order_view_sidebar.phtml');
} // public function order_view_sidebar(&$order_id)
@@ -475,5 +474,4 @@
$url = WPSG_URL_CONTENT.WPSG_MB_UPLOADS.'/wpsg/wpsg_orderupload/'.$order_id.'/';
$path = WP_CONTENT_DIR.'/'.WPSG_MB_UPLOADS.'/wpsg/wpsg_orderupload/'.$order_id.'/';
- $htaccess = WP_CONTENT_DIR.'/'.WPSG_MB_UPLOADS.'/wpsg/wpsg_orderupload/.htaccess';
}
@@ -483,20 +481,9 @@
$url = WPSG_URL_CONTENT.'uploads/wpsg/wpsg_orderupload/'.$order_id.'/';
$path = WP_CONTENT_DIR.'/uploads/wpsg/wpsg_orderupload/'.$order_id.'/';
- $htaccess = WP_CONTENT_DIR.'/uploads/wpsg/wpsg_orderupload/.htaccess';
}
-
- if (!file_exists($path)) mkdir($path, 0777, true);
-
- if (!file_exists($htaccess))
- {
-
- $handle = fopen($htaccess, "w+");
- $content = "Deny from all";
- fwrite($handle, $content, strlen($content));
- fclose($handle);
-
- }
-
+
+ $this->shop->protectDirectory($path);
+
if ($burl) return $url;
else return $path;
Index: /mods/wpsg_mod_rechnungen.class.php
===================================================================
--- /mods/wpsg_mod_rechnungen.class.php (revision 7146)
+++ /mods/wpsg_mod_rechnungen.class.php (revision 7147)
@@ -1634,11 +1634,11 @@
{
- if ($order_id == '')
- { // Briefpapier/Logo
+ if ($order_id == '') {
+
+ // Briefpapier/Logo
if ($this->shop->isMultiBlog())
{
$path = WP_CONTENT_DIR.'/'.WPSG_MB_UPLOADS.'/wpsg/wpsg_rechnungen/';
- $htaccess = WP_CONTENT_DIR.'/'.WPSG_MB_UPLOADS.'/wpsg/wpsg_rechnungen/.htaccess';
$url_content = WPSG_URL_CONTENT.WPSG_MB_UPLOADS.'/wpsg/wpsg_rechnungen/';
@@ -1652,5 +1652,4 @@
$path = WPSG_PATH_CONTENT.'uploads/wpsg/wpsg_rechnungen/';
- $htaccess = WPSG_PATH_CONTENT.'uploads/wpsg/wpsg_rechnungen/.htaccess';
if ($url) $strReturn = WPSG_URL_CONTENT.'uploads/wpsg/wpsg_rechnungen/'.$order_id.'/';
@@ -1658,7 +1657,8 @@
}
- }
- else
- { // Rechnung aus Bestellung
+
+ } else {
+
+ // Rechnung aus Bestellung
$deliverynote = $this->db->fetchRow("SELECT * FROM `".WPSG_TBL_RECHNUNGEN."` AS DN WHERE `o_id` = '".wpsg_q($order_id)."' ");
@@ -1670,5 +1670,4 @@
$path = WP_CONTENT_DIR.'/'.WPSG_MB_UPLOADS.'/wpsg/wpsg_rechnungen/.$ym';
- $htaccess = WP_CONTENT_DIR.'/'.WPSG_MB_UPLOADS.'/wpsg/wpsg_rechnungen/.htaccess';
$url_content = WPSG_URL_CONTENT.WPSG_MB_UPLOADS.'/wpsg/wpsg_rechnungen/.$ym';
@@ -1682,5 +1681,4 @@
$path = WPSG_PATH_CONTENT.'uploads/wpsg/wpsg_rechnungen/'.$ym;
- $htaccess = WPSG_PATH_CONTENT.'uploads/wpsg/wpsg_rechnungen/.htaccess';
if ($url) $strReturn = WPSG_URL_CONTENT.'uploads/wpsg/wpsg_rechnungen/'.$ym.$order_id.'/';
@@ -1689,42 +1687,7 @@
}
}
-
- if (!file_exists($path))
- {
- mkdir($path, 0777, true);
- }
-
- /*
- * Zur Sicherheit ÃŒberprÃŒfe ich immer ob die .htaccess existiert
- */
-
- if (!file_exists($htaccess))
- {
-
- $handle = fopen($htaccess, "w+");
-
- $content = '
-
-Deny from all
-
-
-allow from all
-
-
-
-allow from all
-
-
-
-allow from all
-
-
- ';
-
- fwrite($handle, $content, strlen($content));
- fclose($handle);
-
- }
-
+
+ $this->shop->protectDirectory($path);
+
return $strReturn;
Index: /mods/wpsg_mod_voucherproduct.class.php
===================================================================
--- /mods/wpsg_mod_voucherproduct.class.php (revision 7146)
+++ /mods/wpsg_mod_voucherproduct.class.php (revision 7147)
@@ -636,5 +636,4 @@
$path = WP_CONTENT_DIR.'/'.WPSG_MB_UPLOADS.'/wpsg/wpsg_mod_gutscheinprodukt/'.$order_id.'/';
- $htaccess = WP_CONTENT_DIR.'/'.WPSG_MB_UPLOADS.'/wpsg/wpsg_mod_gutscheinprodukt/.htaccess';
}
@@ -643,30 +642,9 @@
$path = WPSG_PATH_CONTENT.'uploads/wpsg/wpsg_mod_gutscheinprodukt/'.$order_id;
- $htaccess = WPSG_PATH_CONTENT.'uploads/wpsg/wpsg_mod_gutscheinprodukt/.htaccess';
}
- if (!file_exists($path))
- {
-
- mkdir($path, 0777, true);
-
- }
-
- /*
- * Zur Sicherheit ÃŒberprÃŒfe ich immer ob die .htaccess existiert
- */
- if (!file_exists($htaccess))
- {
-
- $handle = fopen($htaccess, "w+");
-
- $content = 'Deny from all';
-
- fwrite($handle, $content, strlen($content));
- fclose($handle);
-
- }
-
+ $this->shop->protectDirectory($path);
+
return $path;
Index: /system/intern/mods/wpsg_mod_orderupload.class.php
===================================================================
--- /system/intern/mods/wpsg_mod_orderupload.class.php (revision 7146)
+++ /system/intern/mods/wpsg_mod_orderupload.class.php (revision 7147)
@@ -246,36 +246,20 @@
} // public function getNewName($filename, $order_id)
- public function getSavePath($order_id, $burl = false)
- {
+ public function getSavePath($order_id, $burl = false) {
- if ($this->shop->isMultiBlog())
- {
+ if ($this->shop->isMultiBlog()) {
$url = WPSG_URL_CONTENT.WPSG_MB_UPLOADS.'/wpsg/wpsg_orderupload/'.$order_id.'/';
$path = WP_CONTENT_DIR.'/'.WPSG_MB_UPLOADS.'/wpsg/wpsg_orderupload/'.$order_id.'/';
- $htaccess = WP_CONTENT_DIR.'/'.WPSG_MB_UPLOADS.'/wpsg/wpsg_orderupload/.htaccess';
- }
- else
- {
+ } else {
$url = WPSG_URL_CONTENT.'uploads/wpsg/wpsg_orderupload/'.$order_id.'/';
$path = WP_CONTENT_DIR.'/uploads/wpsg/wpsg_orderupload/'.$order_id.'/';
- $htaccess = WP_CONTENT_DIR.'/uploads/wpsg/wpsg_orderupload/.htaccess';
}
- if (!file_exists($path)) mkdir($path, 0777, true);
-
- if (!file_exists($htaccess))
- {
-
- $handle = fopen($htaccess, "w+");
- $content = "Deny from all";
- fwrite($handle, $content, strlen($content));
- fclose($handle);
-
- }
-
+ $this->shop->protectDirectory($path);
+
if ($burl) return $url;
else return $path;
Index: /system/intern/mods/wpsg_mod_videodownload.class.php
===================================================================
--- /system/intern/mods/wpsg_mod_videodownload.class.php (revision 7146)
+++ /system/intern/mods/wpsg_mod_videodownload.class.php (revision 7147)
@@ -1262,15 +1262,5 @@
}
- if (!file_exists($path))
- {
-
- mkdir($path, 0777, true);
-
- $handle = fopen($path.'.htaccess', "w+");
- $content = "Deny from all";
- fwrite($handle, $content, strlen($content));
- fclose($handle);
-
- }
+ $this->shop->protectDirectory($path);
return $path;
@@ -1308,16 +1298,6 @@
}
- if (!file_exists($path))
- {
-
- mkdir($path, 0777, true);
-
- $handle = fopen($path.'.htaccess', "w+");
- $content = "Deny from all";
- fwrite($handle, $content, strlen($content));
- fclose($handle);
-
- }
-
+ $this->shop->protectDirectory($path);
+
return $path;
Index: /views/admin/emailconf.phtml
===================================================================
--- /views/admin/emailconf.phtml (revision 7146)
+++ /views/admin/emailconf.phtml (revision 7147)
@@ -21,5 +21,5 @@
-
+
+
get_option('wpsg_email_logo_watermark')
); ?>
+
@@ -54,5 +56,5 @@