PageRenderTime 52ms CodeModel.GetById 26ms RepoModel.GetById 1ms app.codeStats 0ms

/wp-content/plugins/opentickets-community-edition/libs/phpqrcode/index.php

https://gitlab.com/leobelizquierdo/cabotsubmitter-wordpress
PHP | 149 lines | 97 code | 25 blank | 27 comment | 39 complexity | aac9f8a76eea52855651201a67153c2c MD5 | raw file
    

  1. <?php    
    2. 

  2. 

  3. $debug = false;
    4. 

  4. 

  5. if ( $debug === true ) {
    6. 

  6. 	ini_set( 'display_erorrs', 1 );
    7. 

  7. 	ini_set( 'html_errors', 1 );
    8. 

  8. 	error_reporting( E_ALL );
    9. 

  9. } else {
    10. 

  10. 	ini_set( 'display_erorrs', 0 );
    11. 

  11. 	ini_set( 'html_errors', 0 );
    12. 

  12. 	error_reporting( 0 );
    13. 

  13. }
    14. 

  14. /* old abuse protection
    15. 

  15. $ref = isset($_SERVER['HTTP_REFERER']) ? parse_url($_SERVER['HTTP_REFERER']) : '';
    16. 

  16. $host = strtolower(isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : ( isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : '' ));
    17. 

  17. $same_server = isset($_SERVER['SERVER_ADDR'], $_SERVER['REMOTE_ADDR']) && $_SERVER['SERVER_ADDR'] == $_SERVER['REMOTE_ADDR'];
    18. 

  18. if (!$same_server && !(isset($ref['host']) && $host == strtolower($ref['host']))) die();
    19. 

  19. */
    20. 

  20. 

  21. if (!isset($_GET['d']) || empty($_GET['d'])) die();
    22. 

  22. $d = strrev( @base64_decode( str_replace( array( ' ', '-', '_', '~' ), array( '+', '+', '=', '/' ), $_GET['d'] ) ) );
    23. 

  23. if (empty($d)) die();
    24. 

  24. 

  25. // abuse protection
    26. 

  26. // check that needed values are presend
    27. 

  27. $d = @json_decode( $d, true );
    28. 

  28. if ( !is_array( $d ) ) die( $debug ? '<!-- not array -->' : '' );
    29. 

  29. $sig = isset( $d['sig'], $d['p'], $d['d'] ) ? $d['sig'] : false;
    30. 

  30. if ( empty( $sig ) ) die( $debug ? '<!-- empty sig -->' : '' );
    31. 

  31. unset( $d['sig'] );
    32. 

  32. ksort( $d );
    33. 

  33. 

  34. // find defines from the wp-config
    35. 

  35. function qsot_fetch_defines( $what, $p ) {
    36. 

  36. 	// get current host name for later compare
    37. 

  37. 	$current_host = strtolower( isset( $_SERVER['SERVER_NAME'] ) ? $_SERVER['SERVER_NAME'] : ( isset( $_SERVER['HTTP_HOST'] ) ? $_SERVER['HTTP_HOST'] : false ) );
    38. 

  38. 	if ( empty( $current_host ) ) die( $debug ? '<!-- empty current_host -->' : '' );
    39. 

  39. 

  40. 	// break down our indicator url
    41. 

  41. 	$p = @parse_url( $p );
    42. 

  42. 	// validate that the indicator url is from our domain
    43. 

  43. 	if ( strtolower( isset( $p['host'] ) ? $p['host'] : '' ) != $current_host ) die( $debug ? '<!-- current host mismatch : ' . $p['host'] . ' / ' . $current_host . ' -->' : '' );
    44. 

  44. 

  45. 	// otce path. the starting path to look up from
    46. 

  46. 	$otce_path = dirname( dirname( dirname( __FILE__ ) ) );
    47. 

  47. 

  48. 	// container for the path to the wp-config file
    49. 

  49. 	$path_to_file = '';
    50. 

  50. 

  51. 	// path to the possibly present custom config, which defines where the wp-config.php file is located, so we dont have to look for it
    52. 

  52. 	$custom_config_path = dirname( $otce_path ). DIRECTORY_SEPARATOR . 'qsot-phpqrconfig.php';
    53. 

  53. 	$custom_config_exists = false;
    54. 

  54. 

  55. 	// first check if we have a config file added above the otce dir that defines where to look for wp-config
    56. 

  56. 	if ( @file_exists( $custom_config_path ) && is_readable( $custom_config_path ) ) {
    57. 

  57. 		include_once $custom_config_path;
    58. 

  58. 		if ( defined( 'QSOT_WP_CONFIG_LOCATION' ) && @file_exists( QSOT_WP_CONFIG_LOCATION ) && is_readable( QSOT_WP_CONFIG_LOCATION ) ) {
    59. 

  59. 			$path_to_file = QSOT_WP_CONFIG_LOCATION;
    60. 

  60. 			$custom_config_exists = true;
    61. 

  61. 		}
    62. 

  62. 	}
    63. 

  63. 

  64. 	// if we do not know where the wp-config is yet, then look for it in the most common paths to check
    65. 

  65. 	if ( ! $path_to_file ) {
    66. 

  66. 		$search_paths = array(
    67. 

  67. 			dirname( dirname( dirname( $otce_path ) ) ),
    68. 

  68. 			rtrim( realpath( $_SERVER['DOCUMENT_ROOT'] ), '\\/' ),
    69. 

  69. 			dirname( dirname( dirname( dirname( $otce_path ) ) ) ),
    70. 

  70. 			dirname( realpath( $_SERVER['DOCUMENT_ROOT'] ) ),
    71. 

  71. 		);
    72. 

  72. 

  73. 		// cycle through all the common paths, and check for the existence of the wp-config.php file
    74. 

  74. 		foreach ( $search_paths as $search_path ) {
    75. 

  75. 			$test_file_path = $search_path . DIRECTORY_SEPARATOR . 'wp-config.php';
    76. 

  76. 			if ( @file_exists( $test_file_path ) && is_readable( $test_file_path ) ) {
    77. 

  77. 				$path_to_file = $test_file_path;
    78. 

  78. 				break;
    79. 

  79. 			}
    80. 

  80. 		}
    81. 

  81. 	}
    82. 

  82. 

  83. 	// if we still do not have a path to wp-config.php, then try to bruteforce the location by traversing upwards until we find it or cannot go any further
    84. 

  84. 	if ( ! $path_to_file ) {
    85. 

  85. 		$last_path = $next_path = $otce_path;
    86. 

  86. 		while ( ( $next_path = dirname( $next_path ) ) && $next_path != $last_path && is_readable( $next_path ) ) {
    87. 

  87. 			$last_path = $next_path;
    88. 

  88. 			if ( file_exists( $next_path . DIRECTORY_SEPARATOR . 'wp-config.php' ) ) {
    89. 

  89. 				$path_to_file = $next_path . DIRECTORY_SEPARATOR . 'wp-config.php';
    90. 

  90. 			}
    91. 

  91. 		}
    92. 

  92. 	}
    93. 

  93. 

  94. 	// determine where the wp-config is
    95. 

  95. 	if ( empty( $path_to_file ) || ! file_exists( $path_to_file ) || !is_readable( $path_to_file ) ) die( $debug ? '<!-- missing wp-config -->' : '' );
    96. 

  96. 

  97. 	// at this point we have the config file. lets try to create that custom config path if we can so we can save ourselves some time later
    98. 

  98. 	if ( ! $custom_config_exists && is_writable( dirname( $custom_config_path ) ) ) {
    99. 

  99. 		// if the config file exists, but does not contain what we need, then just try to remove it
    100. 

  100. 		if ( @file_exists( $custom_config_path ) && is_writable( $custom_config_path ) )
    101. 

  101. 			unlink( $custom_config_path );
    102. 

  102. 

  103. 		// if we can create the file from scratch, do it now
    104. 

  104. 		if ( ! @file_exists( $custom_config_path ) )
    105. 

  105. 			file_put_contents( $custom_config_path, "<?php if ( ! defined( 'QSOT_WP_CONFIG_LOCATION' ) ) define( 'QSOT_WP_CONFIG_LOCATION', '{$path_to_file}' );" );
    106. 

  106. 	}
    107. 

  107. 

  108. 	// search the config for the requested defines
    109. 

  109. 	$contents = file_get_contents( $path_to_file );
    110. 

  110. 	$out = array( $path_to_file );
    111. 

  111. 	foreach ( $what as $define ) {
    112. 

  112. 		preg_match_all( '#.*define.*' . preg_quote( $define, '#' ) . '(\'|")\s*,\s*(\'|")([^\2]+?)\2#s', $contents, $matches, PREG_SET_ORDER );
    113. 

  113. 		if ( empty( $matches ) ) {
    114. 

  114. 			$out[] = '';
    115. 

  115. 		} else {
    116. 

  116. 			$out[] = $matches[0][3];
    117. 

  117. 		}
    118. 

  118. 	}
    119. 

  119. 

  120. 	return $out;
    121. 

  121. }
    122. 

  122. 

  123. // validate signature
    124. 

  124. list( $wp_config, $key, $salt ) = qsot_fetch_defines( array( 'NONCE_KEY', 'NONCE_SALT' ), $d['p'] );
    125. 

  125. $test = sha1( $key . @json_encode( $d ) . $salt );
    126. 

  126. if ( $test != $sig ) die( $debug ? '<!-- hash mismatch : ' . $wp_config . ' = ' . $sig . ' / '. $test . ' -->' : '' );
    127. 

  127. // end abuse protection
    128. 

  128. 

  129. 

  130. include_once 'qrlib.php';
    131. 

  131. //QRCode::png($d, false, 'L', 3, 1);
    132. 

  132. $enc = QRencode::factory('L', 3, 1);
    133. 

  133. 

  134. $outfile = false;
    135. 

  135. try {
    136. 

  136. 	ob_start();
    137. 

  137. 	$tab = $enc->encode($d['d']);
    138. 

  138. 	$err = ob_get_contents();
    139. 

  139. 	ob_end_clean();
    140. 

  140. 

  141. 	if ($err != '')
    142. 

  142. 		QRtools::log($outfile, $err);
    143. 

  143. 

  144. 	$maxSize = (int)(QR_PNG_MAXIMUM_SIZE / (count($tab)+2 * $enc->margin));
    145. 

  145. 

  146. 	QRimage::jpg($tab, $outfile, 2.5/* min(max(1, $enc->size), $maxSize)*/, $enc->margin, 100);
    147. 

  147. } catch (Exception $e) {
    148. 

  148. 	QRtools::log($outfile, $e->getMessage());
    149. 

  149. }
    150. 

  150.