Example #1
0
function SendError($number, $text)
{
    if ($_GET['Command'] == 'FileUpload') {
        SendUploadResults($number, "", "", $text);
    }
    if (isset($GLOBALS['HeaderSent']) && $GLOBALS['HeaderSent']) {
        SendErrorNode($number, $text);
        CreateXmlFooter();
    } else {
        SetXmlHeaders();
        // Create the XML document header
        echo '<?xml version="1.0" encoding="utf-8" ?>';
        echo '<Connector>';
        SendErrorNode($number, $text);
        echo '</Connector>';
    }
    exit;
}
function SendError($number, $text)
{
    SendUploadResults($number, '', '', $text);
}
Example #3
0
function FileUpload($resourceType, $currentFolder, $sCommand)
{
    if (!isset($_FILES)) {
        global $_FILES;
    }
    $sErrorNumber = '0';
    $sFileName = '';
    if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])) {
        global $Config;
        $oFile = $_FILES['NewFile'];
        // No POST errors in uploading?
        if ($oFile['error'] !== UPLOAD_ERR_OK) {
            $sErrorNumber = '1';
            switch ($oFile['error']) {
                case UPLOAD_ERR_INI_SIZE:
                    $err_msg = 'The uploaded file exceeds the upload_max_filesize directive in php.ini';
                    break;
                case UPLOAD_ERR_FORM_SIZE:
                    $err_msg = 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form';
                    break;
                case UPLOAD_ERR_PARTIAL:
                    $err_msg = 'The uploaded file was only partially uploaded';
                    break;
                case UPLOAD_ERR_NO_FILE:
                    $err_msg = 'No file was uploaded';
                    break;
                case UPLOAD_ERR_NO_TMP_DIR:
                    $err_msg = 'Missing a temporary folder';
                    break;
                case UPLOAD_ERR_CANT_WRITE:
                    $err_msg = 'Failed to write file to disk';
                    break;
                case UPLOAD_ERR_EXTENSION:
                    $err_msg = 'File upload stopped by extension';
                    break;
                default:
                    $err_msg = 'Unknown upload error';
            }
            SendUploadResults($sErrorNumber, '', '', $err_msg);
            exit;
        }
        // Is of proper size?
        if ($Config['k_max_upload_size']) {
            $max = $Config['k_max_upload_size'] * 1024 * 1024;
            if ($oFile['size'] > $Config['k_max_upload_size'] * 1024 * 1024) {
                $sErrorNumber = '1';
                $err_msg = 'File too large. Cannot be over ' . $Config['k_max_upload_size'] . ' MB in size.';
                SendUploadResults($sErrorNumber, '', '', $err_msg);
                exit;
            }
        }
        // Map the virtual path to the local server path.
        $sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand);
        // Get the uploaded file name.
        $sFileName = $oFile['name'];
        $sFileName = SanitizeFileName($sFileName);
        $sOriginalFileName = $sFileName;
        // Get the extension.
        $sExtension = '';
        if (strrpos($sFileName, '.') !== false) {
            $sExtension = substr($sFileName, strrpos($sFileName, '.') + 1);
            $sExtension = strtolower($sExtension);
        }
        if ($sExtension != '') {
            if (isset($Config['SecureImageUploads'])) {
                if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) {
                    $sErrorNumber = '202';
                }
            }
            if (isset($Config['HtmlExtensions'])) {
                if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) {
                    $sErrorNumber = '202';
                }
            }
        }
        // Check if it is an allowed extension.
        if ($sExtension != '' && !$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) {
            $iCounter = 0;
            while (true) {
                $sFilePath = $sServerDir . $sFileName;
                if (is_file($sFilePath)) {
                    $iCounter++;
                    $sFileName = RemoveExtension($sOriginalFileName) . '-' . $iCounter . '.' . $sExtension;
                    $sErrorNumber = '201';
                } else {
                    if (defined('K_GALLERY_UPLOAD')) {
                        $res = rename($oFile['tmp_name'], $sFilePath);
                    } else {
                        $res = move_uploaded_file($oFile['tmp_name'], $sFilePath);
                    }
                    if ($res === FALSE) {
                        $sErrorNumber = '203';
                        break;
                    }
                    if (is_file($sFilePath)) {
                        if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) {
                            break;
                        }
                        $permissions = 0777;
                        if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) {
                            $permissions = $Config['ChmodOnUpload'];
                        }
                        $oldumask = umask(0);
                        chmod($sFilePath, $permissions);
                        umask($oldumask);
                    }
                    break;
                }
            }
            if (file_exists($sFilePath)) {
                //previous checks failed, try once again
                if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) {
                    @unlink($sFilePath);
                    $sErrorNumber = '202';
                } else {
                    if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) {
                        @unlink($sFilePath);
                        $sErrorNumber = '202';
                    }
                }
            }
        } else {
            $sErrorNumber = '202';
        }
    } else {
        $sErrorNumber = '202';
    }
    $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
    $sFileUrl = CombinePaths($sFileUrl, $sFileName);
    $res = SendUploadResults($sErrorNumber, $sFileUrl, $sFileName);
    if (defined('K_GALLERY_UPLOAD')) {
        return $res;
    }
    exit;
}
Example #4
0
function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '')
{
    if (!isset($_FILES)) {
        global $_FILES;
    }
    $sErrorNumber = '0';
    $sFileName = '';
    $customError = '';
    //PATCH to detect a quick file upload.
    if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name']) || isset($_FILES['upload']) && !is_null($_FILES['upload']['tmp_name'])) {
        global $config;
        //PATCH to detect a quick file upload.
        $oFile = isset($_FILES['NewFile']) ? $_FILES['NewFile'] : $_FILES['upload'];
        // Map the virtual path to the local server path.
        $sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand);
        // Get the uploaded file name.
        $sFileName = $oFile['name'];
        $sFileName = SanitizeFileName($sFileName);
        $sOriginalFileName = $sFileName;
        // Get the extension.
        $sExtension = substr($sFileName, strrpos($sFileName, '.') + 1);
        $sExtension = strtolower($sExtension);
        if (isset($config['SecureImageUploads'])) {
            if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) == false) {
                $sErrorNumber = '202';
            }
        }
        if (isset($config['HtmlExtensions'])) {
            if (!IsHtmlExtension($sExtension, $config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) == true) {
                $sErrorNumber = '202';
            }
        }
        if ($oFile["size"] / 1024 > $config['MaxImageSize']) {
            $sErrorNumber = '1';
            $customError = "Can't upload max size " . $config['MaxImageSize'] . "KB";
        }
        // Check if it is an allowed extension.
        if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) {
            if ($config['UploadOrginalFilename']) {
                // อัปโหลดใช้ชื่อเดิม
                $iCounter = 0;
                while (true) {
                    $sFilePath = $sServerDir . $sFileName;
                    if (is_file($sFilePath)) {
                        $iCounter++;
                        $sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension;
                        $sErrorNumber = '201';
                    } else {
                        move_uploaded_file($oFile['tmp_name'], $sFilePath);
                        if (is_file($sFilePath)) {
                            if (isset($config['ChmodOnUpload']) && !$config['ChmodOnUpload']) {
                                break;
                            }
                            $permissions = 0777;
                            if (isset($config['ChmodOnUpload']) && $config['ChmodOnUpload']) {
                                $permissions = $config['ChmodOnUpload'];
                            }
                            $oldumask = umask(0);
                            chmod($sFilePath, $permissions);
                            umask($oldumask);
                        }
                        break;
                    }
                }
            } else {
                // อัปโหลดโดยใช้เวลาเป็นชื่อไฟล์
                $iCounter = date('U');
                while (true) {
                    $sFileName = "{$iCounter}.{$sExtension}";
                    $sFilePath = $sServerDir . $sFileName;
                    if (is_file($sFilePath)) {
                        $iCounter++;
                        $sFileName = "{$iCounter}.{$sExtension}";
                    } else {
                        move_uploaded_file($oFile['tmp_name'], $sFilePath);
                        if (is_file($sFilePath)) {
                            if (isset($config['ChmodOnUpload']) && !$config['ChmodOnUpload']) {
                                break;
                            }
                            $permissions = 0777;
                            if (isset($config['ChmodOnUpload']) && $config['ChmodOnUpload']) {
                                $permissions = $config['ChmodOnUpload'];
                            }
                            $oldumask = umask(0);
                            chmod($sFilePath, $permissions);
                            umask($oldumask);
                        }
                        break;
                    }
                }
            }
            if (file_exists($sFilePath)) {
                //previous checks failed, try once again
                if (isset($isImageValid) && $isImageValid == -1 && IsImageValid($sFilePath, $sExtension) == false) {
                    @unlink($sFilePath);
                    $sErrorNumber = '202';
                } elseif (isset($detectHtml) && $detectHtml == -1 && DetectHtml($sFilePath) == true) {
                    @unlink($sFilePath);
                    $sErrorNumber = '202';
                }
            }
        } else {
            $sErrorNumber = $sErrorNumber;
        }
    } else {
        $sErrorNumber = '202';
    }
    $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
    $sFileUrl = CombinePaths($sFileUrl, $sFileName);
    if ($CKEcallback == '') {
        SendUploadResults($sErrorNumber, $sFileUrl, $sFileName);
    } else {
        //issue the CKEditor Callback
        //SendCKEditorResults($sErrorNumber, $CKEcallback, WEB_URL.'/'.$sFileUrl, $sFileName);
        SendCKEditorResults($sErrorNumber, $CKEcallback, $sFileUrl, $sFileName, $customError == "" ? "" : $customError);
    }
    exit;
}
Example #5
0
function FileUpload($resourceType, $currentFolder, $sCommand)
{
    if (!isset($_FILES)) {
        global $_FILES;
    }
    $sErrorNumber = '0';
    $sFileName = '';
    if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])) {
        global $Config;
        $oFile = $_FILES['NewFile'];
        // Map the virtual path to the local server path.
        $sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand);
        // Get the uploaded file name.
        $sFileName = $oFile['name'];
        $sFileName = SanitizeFileName($sFileName);
        $sOriginalFileName = $sFileName;
        // Get the extension.
        $sExtension = substr($sFileName, strrpos($sFileName, '.') + 1);
        $sExtension = strtolower($sExtension);
        if (isset($Config['SecureImageUploads'])) {
            if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) {
                $sErrorNumber = '202';
            }
        }
        if (isset($Config['HtmlExtensions'])) {
            if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) {
                $sErrorNumber = '202';
            }
        }
        // Check if it is an allowed extension.
        if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) {
            $iCounter = 0;
            while (true) {
                $sFilePath = $sServerDir . $sFileName;
                if (is_file($sFilePath)) {
                    $iCounter++;
                    $sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension;
                    $sErrorNumber = '201';
                } else {
                    move_uploaded_file($oFile['tmp_name'], $sFilePath);
                    if (is_file($sFilePath)) {
                        if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) {
                            break;
                        }
                        $permissions = 0777;
                        if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) {
                            $permissions = $Config['ChmodOnUpload'];
                        }
                        $oldumask = umask(0);
                        chmod($sFilePath, $permissions);
                        umask($oldumask);
                    }
                    break;
                }
            }
            if (file_exists($sFilePath)) {
                //previous checks failed, try once again
                if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) {
                    @unlink($sFilePath);
                    $sErrorNumber = '202';
                } else {
                    if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) {
                        @unlink($sFilePath);
                        $sErrorNumber = '202';
                    }
                }
            }
        } else {
            $sErrorNumber = '202';
        }
    } else {
        $sErrorNumber = '202';
    }
    $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
    $sFileUrl = CombinePaths($sFileUrl, $sFileName);
    SendUploadResults($sErrorNumber, $sFileUrl, $sFileName);
    exit;
}
Example #6
0
function send_ckg_UploadError($err, $sFileUrl, $file)
{
    switch ($err) {
        case UPLOAD_ERR_INI_SIZE:
            $msg = "The uploaded file exceeds the upload_max_filesize directive in php.ini.";
            break;
        case UPLOAD_ERR_FORM_SIZE:
            $msg = "The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.";
            break;
        case UPLOAD_ERR_PARTIAL:
            $msg = "The uploaded file was only partially uploaded.";
            break;
        case UPLOAD_ERR_NO_FILE:
            $msg = "No file was uploaded.";
            break;
        case 6:
            //   UPLOAD_ERR_NO_TMP_DIR  Introduced in PHP 4.3.10 and PHP 5.0.3.
            $msg = "Missing a temporary folder.";
            break;
        case 7:
            //UPLOAD_ERR_CANT_WRITE  Introduced in PHP 5.1.0.
            $msg = "Failed to write file to disk.";
            break;
        case 8:
            //UPLOAD_ERR_EXTENSION   Introduced in PHP 5.2.0.
            $msg = "PHP does not provide a way to ascertain which extension caused the file upload to stop; examining the list of loaded extensions with phpinfo() may help.";
            break;
        default:
            $msg = "Undetermined  upload error";
            break;
    }
    $upload_error = 300 + $err;
    SendUploadResults($upload_error, $sFileUrl, $file, $msg);
}
Example #7
0
 *    http://www.gnu.org/licenses/gpl.html
 *
 *  - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
 *    http://www.gnu.org/licenses/lgpl.html
 *
 *  - Mozilla Public License Version 1.1 or later (the "MPL")
 *    http://www.mozilla.org/MPL/MPL-1.1.html
 *
 * == END LICENSE ==
 *
 * Configuration file for the File Manager Connector for PHP.
 */
global $Config;
// add by kris
if (defined("FCKUPLOAD_DISABLED") && FCKUPLOAD_DISABLED) {
    SendUploadResults('1', '', '', 'ERROR: file uploader is disabled');
    // this should be "languaged"
    exit;
}
// SECURITY: You must explicitly enable this "connector". (Set it to "true").
// WARNING: don't just set "$Config['Enabled'] = true ;", you must be sure that only
//		authenticated users can access this file or use some kind of session checking.
$Config['Enabled'] = false;
// Path to user files relative to the document root.
$Config['UserFilesPath'] = '/userfiles/';
// Fill the following value it you prefer to specify the absolute path for the
// user files directory. Useful if you are using a virtual directory, symbolic
// link or alias. Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
// Attention: The above 'UserFilesPath' must point to the same directory.
$Config['UserFilesAbsolutePath'] = '';
// Due to security issues with Apache modules, it is recommended to leave the
Example #8
0
function FileUpload($resourceType, $currentFolder, $sCommand)
{
    if (!isset($_FILES)) {
        global $_FILES;
    }
    $sErrorNumber = '0';
    $sFileName = '';
    if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])) {
        global $Config;
        $oFile = $_FILES['NewFile'];
        // Map the virtual path to the local server path.
        $sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand);
        // Get the uploaded file name.
        $sFileName = time() . "." . strtolower(array_pop(explode(".", $oFile['name'])));
        $sFileName = SanitizeFileName($sFileName);
        $sOriginalFileName = $sFileName;
        // Get the extension.
        $sExtension = substr($sFileName, strrpos($sFileName, '.') + 1);
        $sExtension = strtolower($sExtension);
        if (isset($Config['SecureImageUploads'])) {
            if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) {
                $sErrorNumber = '202';
            }
        }
        if (isset($Config['HtmlExtensions'])) {
            if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) {
                $sErrorNumber = '202';
            }
        }
        // Check if it is an allowed extension.
        if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) {
            $iCounter = 0;
            while (true) {
                $sFilePath = $sServerDir . $sFileName;
                if (is_file($sFilePath)) {
                    $iCounter++;
                    $sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension;
                    $sErrorNumber = '201';
                } else {
                    move_uploaded_file($oFile['tmp_name'], $sFilePath);
                    if (is_file($sFilePath)) {
                        if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) {
                            break;
                        }
                        $permissions = 0777;
                        if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) {
                            $permissions = $Config['ChmodOnUpload'];
                        }
                        $oldumask = umask(0);
                        chmod($sFilePath, $permissions);
                        umask($oldumask);
                    }
                    break;
                }
            }
            if ($_POST['C1'] == "ON") {
                $watermark = 1;
                //是否附加水印(1为加水印,其他为不加水印);
            } else {
                $watermark = 2;
            }
            if ($_POST['R1'] == "V1") {
                $watertype = 1;
                //水印类型(1为文字,2为图片)
            } else {
                $watertype = 2;
            }
            if ($_POST['T1'] == "") {
                $waterstring = 'http://www.bb580.com.cn';
                //水印字符串
            } else {
                $waterstring = $_POST['T1'];
            }
            $waterimg = "logo.png";
            //水印图片
            if ($watermark == 1) {
                $image_size = getimagesize($sFilePath);
                $awidth = $image_size[0];
                $aheight = $image_size[1];
                $iinfo = getimagesize($sFilePath, $iinfo);
                $nimage = imagecreatetruecolor($image_size[0], $image_size[1]);
                $white = imagecolorallocate($nimage, 255, 255, 255);
                $black = imagecolorallocate($nimage, 0, 0, 0);
                $red = imagecolorallocate($nimage, 255, 0, 0);
                imagefill($nimage, 0, 0, $white);
                switch ($iinfo[2]) {
                    case 1:
                        $simage = imagecreatefromgif($sFilePath);
                        break;
                    case 2:
                        $simage = imagecreatefromjpeg($sFilePath);
                        break;
                    case 3:
                        $simage = imagecreatefrompng($sFilePath);
                        break;
                    case 6:
                        $simage = imagecreatefromwbmp($sFilePath);
                        break;
                    default:
                        die("不支持的文件类型");
                        exit;
                }
                imagecopy($nimage, $simage, 0, 0, 0, 0, $image_size[0], $image_size[1]);
                switch ($watertype) {
                    case 1:
                        //加水印字符串
                        imagestring($nimage, 2, 3, $image_size[1] - 15, $waterstring, $black);
                        break;
                    case 2:
                        //加水印图片
                        $simage1 = imagecreatefrompng($waterimg);
                        imagecopy($nimage, $simage1, $awidth - 151, $aheight - 50, 0, 0, 151, 50);
                        imagedestroy($simage1);
                        break;
                }
                switch ($iinfo[2]) {
                    case 1:
                        imagegif($nimage, $sFilePath);
                        imagejpeg($nimage, $sFilePath);
                        break;
                    case 2:
                        imagejpeg($nimage, $sFilePath);
                        break;
                    case 3:
                        imagepng($nimage, $sFilePath);
                        break;
                    case 6:
                        imagewbmp($nimage, $sFilePath);
                        imagejpeg($nimage, $sFilePath);
                        break;
                }
                //覆盖原上传文件
                imagedestroy($nimage);
                imagedestroy($simage);
            }
            if (file_exists($sFilePath)) {
                //previous checks failed, try once again
                if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) {
                    @unlink($sFilePath);
                    $sErrorNumber = '202';
                } else {
                    if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) {
                        @unlink($sFilePath);
                        $sErrorNumber = '202';
                    }
                }
            }
        } else {
            $sErrorNumber = '202';
        }
    } else {
        $sErrorNumber = '202';
    }
    $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
    $sFileUrl = CombinePaths($sFileUrl, $sFileName);
    SendUploadResults($sErrorNumber, $sFileUrl, $sFileName);
    exit;
}
function FileUpload($resourceType, $currentFolder, $sCommand)
{
    global $cfg;
    global $db;
    $tbl_attachment = $cfg['tbl_attachment'];
    if (!isset($_FILES)) {
        global $_FILES;
    }
    //print_r($_FILES['type']);
    $sErrorNumber = '0';
    $sFileName = '';
    if (!isset($_FILES['NewFile'])) {
        $temp = $_FILES['file'];
        $_FILES['NewFile'] = $temp;
        $flag = 0;
    } else {
        $flag = 1;
    }
    if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])) {
        global $Config;
        $oFile = $_FILES['NewFile'];
        $mime_type = $oFile['type'];
        // Map the virtual path to the local server path.
        $sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand);
        // Get the uploaded file name.
        $sFileName = $oFile['name'];
        $sFileName = SanitizeFileName($sFileName);
        $sOriginalFileName = $sFileName;
        // Get the extension.
        $sExtension = substr($sFileName, strrpos($sFileName, '.') + 1);
        $sExtension = strtolower($sExtension);
        $sFileName = "flow_" . str_replace(array("0.", " "), array("", "_"), microtime()) . "." . $sExtension;
        if (isset($Config['SecureImageUploads'])) {
            if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) {
                $sErrorNumber = '202';
            }
        }
        if (isset($Config['HtmlExtensions'])) {
            if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) {
                $sErrorNumber = '202';
            }
        }
        // Check if it is an allowed extension.
        if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) {
            $iCounter = 0;
            while (true) {
                $sFilePath = $sServerDir . $sFileName;
                if (is_file($sFilePath)) {
                    $iCounter++;
                    $sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension;
                    $sErrorNumber = '201';
                } else {
                    move_uploaded_file($oFile['tmp_name'], $sFilePath);
                    if (is_file($sFilePath)) {
                        if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) {
                            break;
                        }
                        $permissions = 0777;
                        if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) {
                            $permissions = $Config['ChmodOnUpload'];
                        }
                        $oldumask = umask(0);
                        chmod($sFilePath, $permissions);
                        umask($oldumask);
                    }
                    break;
                }
            }
            if (file_exists($sFilePath)) {
                //previous checks failed, try once again
                if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) {
                    @unlink($sFilePath);
                    $sErrorNumber = '202';
                } else {
                    if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) {
                        @unlink($sFilePath);
                        $sErrorNumber = '202';
                    }
                }
            }
        } else {
            $sErrorNumber = '202';
        }
    } else {
        $sErrorNumber = '202';
    }
    if (isset($_GET['object_id'])) {
        $object_id = intval($_GET['object_id']);
    } else {
        if (isset($_POST['object_id'])) {
            $object_id = intval($_POST['object_id']);
        } else {
            global $object_id;
        }
    }
    if (isset($_GET['class_id'])) {
        $class_id = intval($_GET['class_id']);
    } else {
        if (isset($_POST['class_id'])) {
            $class_id = intval($_POST['class_id']);
        } else {
            $class_id = 1;
        }
    }
    if (!$sErrorNumber && file_exists($sFilePath)) {
        $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
        $sFileUrl = CombinePaths($sFileUrl, $sFileName);
        $sql = "insert into {$tbl_attachment} (catalog_id,object_id,filename,formername,ext,mime,mime_type,dt) values ('{$class_id}','{$object_id}','{$sFileName}','{$sOriginalFileName}','{$sExtension}','{$resourceType}','{$mime_type}','" . date("Y-m-d H:i:s", time() + 8 * 3600) . "')";
        @$db->Execute($sql);
        if ($resourceType == "File") {
            $cmd = "download";
        } else {
            $cmd = "preview";
        }
        $sFileUrl = $cfg['flow_basedir'] . "file.php?cmd=" . $cmd . "&id=" . $db->Insert_ID();
    }
    if ($flag == "1") {
        SendUploadResults($sErrorNumber, $sFileUrl, $sFileName);
    } else {
        echo "\r\n\t\t\t<script language='JavaScript'>\r\n\t\t\t\t<!--\r\n\t\t\t\t\twindow.location.href='" . $cfg['flow_basedir'] . "flowcms/filebrowser.php?Type={$resourceType}&class_id={$class_id}&object_id={$object_id}';\r\n\t\t\t\t//-->\r\n\t\t\t</script>\r\n\t\t";
    }
    exit;
}
Example #10
0
    }
    exit;
}
if (!isset($check_allow_upload_dir['upload_file'])) {
    SendUploadResults(1, "", "", $lang_module['notlevel']);
}
if (!isset($_FILES, $_FILES['upload'], $_FILES['upload']['tmp_name'])) {
    SendUploadResults(1, "", "", $lang_module['errorNotSelectFile']);
}
$type = $nv_Request->get_string('type', 'post,get');
$allow_files_type = array();
if ($type == "image" and in_array('images', $admin_info['allow_files_type'])) {
    $allow_files_type = array('images');
} elseif ($type == "flash" and in_array('flash', $admin_info['allow_files_type'])) {
    $allow_files_type = array('flash');
} elseif (empty($type)) {
    $allow_files_type = $admin_info['allow_files_type'];
}
if (empty($allow_files_type)) {
    SendUploadResults(1, "", "", $lang_module['notlevel']);
}
require_once NV_ROOTDIR . "/includes/class/upload.class.php";
$upload = new upload($allow_files_type, $global_config['forbid_extensions'], $global_config['forbid_mimes'], NV_UPLOAD_MAX_FILESIZE, NV_MAX_WIDTH, NV_MAX_HEIGHT);
$upload_info = $upload->save_file($_FILES['upload'], NV_ROOTDIR . '/' . $imgfolder, false);
if (!empty($upload_info['error'])) {
    SendUploadResults(1, "", "", $upload_info['error']);
}
nv_filesList($imgfolder, false, $upload_info['basename']);
nv_insert_logs(NV_LANG_DATA, $module_name, $lang_module['upload_file'], $imgfolder . "/" . $upload_info['basename'], $admin_info['userid']);
SendUploadResults(0, NV_BASE_SITEURL . $imgfolder . "/" . $upload_info['basename'], $upload_info['basename'], "");
Example #11
0
function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '')
{
    if (!isset($_FILES)) {
        global $_FILES;
    }
    $sErrorNumber = '0';
    $sFileName = '';
    if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name']) || isset($_FILES['upload']) && !is_null($_FILES['upload']['tmp_name'])) {
        global $Config;
        $oFile = isset($_FILES['NewFile']) ? $_FILES['NewFile'] : $_FILES['upload'];
        // Map the virtual path to the local server path.
        $sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand);
        // Get the uploaded file name.
        $sFileName = filemanager_translit($oFile['name']);
        $sFileName = SanitizeFileName($sFileName);
        $sOriginalFileName = $sFileName;
        // Get the extension.
        $sExtension = substr($sFileName, strrpos($sFileName, '.') + 1);
        $sExtension = strtolower($sExtension);
        if (isset($Config['SecureImageUploads'])) {
            if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) {
                $sErrorNumber = '202';
            }
        }
        if (isset($Config['HtmlExtensions'])) {
            if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) {
                $sErrorNumber = '202';
            }
        }
        // Check if it is an allowed extension.
        if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) {
            $iCounter = 0;
            while (true) {
                $sFilePath = $sServerDir . $sFileName;
                if (is_file($sFilePath)) {
                    $iCounter++;
                    $sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension;
                    $sErrorNumber = '201';
                } else {
                    move_uploaded_file($oFile['tmp_name'], $sFilePath);
                    if (is_file($sFilePath)) {
                        if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) {
                            break;
                        }
                        $permissions = 0777;
                        if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) {
                            $permissions = $Config['ChmodOnUpload'];
                        }
                        $oldumask = umask(0);
                        chmod($sFilePath, $permissions);
                        umask($oldumask);
                        if ($Config['ThumbCreate'] && $_POST['thumb'] && in_array($sExtension, array("gif", "jpg", "jpeg", "png", "wbmp"))) {
                            filemanager_thumb($sFilePath, $_POST['thumb_x'], $_POST['thumb_y']);
                        }
                        if ($Config['ThumbList'] && $resourceType == 'Image') {
                            $sThumbPath = CombinePaths($_SERVER['DOCUMENT_ROOT'] . GetResourceTypePath('ImageThumb', 'Upload'), filemanager_getthumbname($currentFolder . $sFileName));
                            filemanager_thumb($sFilePath, $Config['ThumbListSize'], $Config['ThumbListSize'], $sThumbPath);
                        }
                    }
                    break;
                }
            }
            if (!empty($sFilePath) && file_exists($sFilePath)) {
                //previous checks failed, try once again
                if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) {
                    @unlink($sFilePath);
                    $sErrorNumber = '202';
                } else {
                    if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) {
                        @unlink($sFilePath);
                        $sErrorNumber = '202';
                    }
                }
            }
        } else {
            $sErrorNumber = '202';
        }
    } else {
        $sErrorNumber = '202';
    }
    $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
    $sFileUrl = CombinePaths($sFileUrl, $sFileName);
    if ($CKEcallback == '') {
        SendUploadResults($sErrorNumber, $sFileUrl, $sFileName);
    } else {
        //issue the CKEditor Callback
        SendCKEditorResults($sErrorNumber, $CKEcallback, $sFileUrl, $sFileName);
    }
    exit;
}
Example #12
0
function MoreFileUpload($resourceType, $currentFolder, $sCommand)
{
    if (!isset($_FILES)) {
        global $_FILES;
    }
    global $Config;
    $sErrorNumber = '0';
    $sFileName = '';
    if (is_array($_FILES['NewFile']['name'])) {
        foreach ($_FILES['NewFile']['name'] as $key => $value) {
            if (!empty($_FILES['NewFile']['tmp_name'][$key])) {
                // Map the virtual path to the local server path.
                $sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand);
                // Get the uploaded file name.
                $sFileName = $_FILES['NewFile']['name'][$key];
                $sFileName = SanitizeFileName($sFileName);
                $sOriginalFileName = $sFileName;
                // Get the extension.
                $sExtension = substr($sFileName, strrpos($sFileName, '.') + 1);
                $sExtension = strtolower($sExtension);
                if (isset($Config['SecureImageUploads'])) {
                    if (($isImageValid = IsImageValid($_FILES['NewFile']['tmp_name'][$key], $sExtension)) === false) {
                        $sErrorNumber = '202';
                    }
                }
                if (isset($Config['HtmlExtensions'])) {
                    if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($_FILES['NewFile']['tmp_name'][$key])) === true) {
                        $sErrorNumber = '202';
                    }
                }
                // Check if it is an allowed extension.
                if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) {
                    $iCounter = 0;
                    while (true) {
                        $sFilePath = $sServerDir . $sFileName;
                        if (is_file($sFilePath)) {
                            $iCounter++;
                            $sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension;
                            $sErrorNumber = '201';
                        } else {
                            move_uploaded_file($_FILES['NewFile']['tmp_name'][$key], $sFilePath);
                            //判断并给符合条件图片加上水印
                            if ($sExtension == 'jpg' || $sExtension == 'jpeg' || $sExtension == 'png' || $sExtension == 'gif' || $sExtension == 'bmp') {
                                require_once ROOT_PATH . '/includes/cls_image.php';
                                $image = new cls_image($GLOBALS['_CFG']['bgcolor']);
                                if (intval($GLOBALS['_CFG']['watermark_place']) > 0 && !empty($GLOBALS['_CFG']['watermark'])) {
                                    $image->add_watermark($sFilePath, '', '../../../../../' . $GLOBALS['_CFG']['watermark'], $GLOBALS['_CFG']['watermark_place'], $GLOBALS['_CFG']['watermark_alpha']);
                                }
                            }
                            if (is_file($sFilePath)) {
                                if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) {
                                    break;
                                }
                                $permissions = 0777;
                                if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) {
                                    $permissions = $Config['ChmodOnUpload'];
                                }
                                $oldumask = umask(0);
                                chmod($sFilePath, $permissions);
                                umask($oldumask);
                            }
                            break;
                        }
                    }
                    if (file_exists($sFilePath)) {
                        //previous checks failed, try once again
                        if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) {
                            @unlink($sFilePath);
                            $sErrorNumber = '202';
                        } else {
                            if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) {
                                @unlink($sFilePath);
                                $sErrorNumber = '202';
                            }
                        }
                    }
                } else {
                    $sErrorNumber = '202';
                }
                if ($sErrorNumber == '202') {
                    $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
                    $sFileUrl = CombinePaths($sFileUrl, $sFileName);
                    SendUploadResults($sErrorNumber, $sFileUrl, $sFileName);
                }
            } else {
                continue;
            }
        }
        $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
        $sFileUrl = CombinePaths($sFileUrl, $sFileName);
        SendUploadResults($sErrorNumber, $sFileUrl, $sFileName, $key);
    } else {
        $sErrorNumber = '202';
        $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
        $sFileUrl = CombinePaths($sFileUrl, $sFileName);
        SendUploadResults($sErrorNumber, $sFileUrl, $sFileName);
    }
    exit;
}
Example #13
0
function FileUpload($resourceType, $currentFolder, $sCommand)
{
    if (!isset($_FILES)) {
        global $_FILES;
    }
    $sErrorNumber = '0';
    $sFileName = '';
    if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])) {
        global $Config;
        $oFile = $_FILES['NewFile'];
        // Map the virtual path to the local server path.
        $sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand);
        // Get the uploaded file name.
        $sFileName = $oFile['name'];
        $sFileName = SanitizeFileName($sFileName, $oFile['type']);
        $sOriginalFileName = $sFileName;
        // Get the extension.
        $sExtension = substr($sFileName, strrpos($sFileName, '.') + 1);
        $sExtension = strtolower($sExtension);
        if (isset($Config['SecureImageUploads'])) {
            if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) {
                $sErrorNumber = '202';
            }
        }
        if (isset($Config['HtmlExtensions'])) {
            if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) {
                $sErrorNumber = '202';
            }
        }
        // Check if it is an allowed extension.
        if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) {
            $iCounter = 0;
            while (true) {
                $sFilePath = $sServerDir . $sFileName;
                if (is_file($sFilePath)) {
                    $iCounter++;
                    $sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension;
                    $sErrorNumber = '0';
                    // Change $sErrorNumber '201' to '0' to allow create record files renamed
                } else {
                    move_uploaded_file($oFile['tmp_name'], $sFilePath);
                    if (is_file($sFilePath)) {
                        if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) {
                            break;
                        }
                        $permissions = 0777;
                        if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) {
                            $permissions = $Config['ChmodOnUpload'];
                        }
                        //$oldumask = umask(0) ;
                        chmod($sFilePath, $permissions);
                        //umask( $oldumask ) ;
                    }
                    break;
                }
            }
            if (file_exists($sFilePath)) {
                //previous checks failed, try once again
                if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) {
                    @unlink($sFilePath);
                    $sErrorNumber = '202';
                } else {
                    if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) {
                        @unlink($sFilePath);
                        $sErrorNumber = '202';
                    }
                }
            }
        } else {
            $sErrorNumber = '202';
        }
    } else {
        $sErrorNumber = '202';
    }
    if ($sErrorNumber == '0') {
        // While we are in a course: Registering the newly uploaded file in the course's database.
        if (api_is_in_course()) {
            global $_course, $_user;
            $repository_path = api_get_path(REL_COURSE_PATH) . api_get_course_path() . '/document/';
            $to_group_id = 0;
            if (api_is_in_group()) {
                global $group_properties;
                $to_group_id = $group_properties['id'];
            }
            if (file_exists($sFilePath)) {
                $file_path = substr($sFilePath, strpos($sFilePath, $repository_path) + strlen($repository_path) - 1);
                $path = explode('/', $file_path);
                $file_name = $path[count($path) - 1];
                $path[count($path) - 1] = '';
                $folder_path = '/' + implode('/', $path);
                $file_size = @filesize($sFilePath);
                $doc_id = add_document($_course, $file_path, 'file', $file_size, $file_name);
                api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'DocumentAdded', $_user['user_id'], $to_group_id);
                item_property_update_on_folder($_course, $folder_path, $_user['user_id']);
            }
        }
    }
    $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
    $sFileUrl = CombinePaths($sFileUrl, $sFileName);
    SendUploadResults($sErrorNumber, $sFileUrl, $sFileName);
    exit;
}
Example #14
0
function FileUpload($resourceType, $currentFolder, $sCommand)
{
    dbConn();
    $email = getEmailFCK();
    $thumb_widthpx = 160;
    if (!isset($_FILES)) {
        global $_FILES;
    }
    $sErrorNumber = '0';
    $sFileName = '';
    if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name']) && $email != "") {
        global $Config;
        $oFile = $_FILES['NewFile'];
        // Map the virtual path to the local server path.
        //$sServerDir = ServerMapFolder( $resourceType, $currentFolder, $sCommand ) ;
        $s = GetRootPath() . $Config['UserTempPath'] . $currentFolder . "/";
        $s = str_replace("\\", "/", $s);
        $sServerDir = $s;
        $f = fopen("log2.txt", "a");
        fwrite($f, "\r\n  s = {$s} \r\n");
        // Get the uploaded file name.
        $sFileName = $oFile['name'];
        $sFileName = SanitizeFileName($sFileName);
        $sOriginalFileName = $sFileName;
        // Get the extension.
        $sExtension = substr($sFileName, strrpos($sFileName, '.') + 1);
        $sExtension = strtolower($sExtension);
        if (isset($Config['SecureImageUploads'])) {
            if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) {
                $sErrorNumber = '202';
            }
        }
        if (isset($Config['HtmlExtensions'])) {
            if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) {
                $sErrorNumber = '202';
            }
        }
        // Check if it is an allowed extension.
        if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) {
            $iCounter = 0;
            while (true) {
                $sFilePath = $sServerDir . "/" . $sFileName;
                //fwrite($f, "\r\n sFilePath = $sFilePath \r\n");
                //fwrite($f, "\nsServerDir = $sServerDir\n");
                if (is_file($sFilePath)) {
                    $iCounter++;
                    $sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension;
                    $sErrorNumber = '201';
                } else {
                    move_uploaded_file($oFile['tmp_name'], $sFilePath);
                    if (is_file($sFilePath)) {
                        $ftype = $_FILES['NewFile']['type'];
                        $file_size = $_FILES['NewFile']['size'];
                        $originalpic = file_get_contents($sFilePath);
                        list($width, $height) = getimagesize($sFilePath);
                        if ($width > $thumb_widthpx) {
                            $count = 1;
                            $p = str_replace($sFileName, "", $sFilePath, $count);
                            //fwrite($f, "\r\nfpath: $sFilePath\r\n");
                            $thumbpic = getThumbImage($p, $thumb_widthpx, $sFileName);
                        } else {
                            $thumbpic = $originalpic;
                            unlink($sFilePath);
                        }
                        $album_id = getAlbumId($email);
                        $table = 'user_imgs';
                        $fields = array('id', 'user_email', 'large_image', 'thumb_image', 'file_type', 'stat', 'file_name', 'file_size', 'album_id', 'admin_perm', 'view_count', 'rating');
                        $values = array(null, $email, $originalpic, $thumbpic, $ftype, 1, $sFileName, $file_size, $album_id, 1, 0, 0);
                        $rs = insertData($table, $fields, $values);
                        if (is_string($rs) || $rs == false) {
                            //$sErrorNumber = '202' ;
                            //file_put_contents("$sFileName", $thumbpic);
                        } else {
                            //fwrite($f, "is inserted = true");
                        }
                        if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) {
                            break;
                        }
                        $permissions = 0777;
                        if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) {
                            $permissions = $Config['ChmodOnUpload'];
                        }
                        $oldumask = umask(0);
                        chmod($sFilePath, $permissions);
                        umask($oldumask);
                    }
                    break;
                }
            }
            if (file_exists($sFilePath)) {
                //previous checks failed, try once again
                if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) {
                    @unlink($sFilePath);
                    $sErrorNumber = '202';
                } else {
                    if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) {
                        @unlink($sFilePath);
                        $sErrorNumber = '202';
                    }
                }
            }
        } else {
            $sErrorNumber = '202';
        }
    } else {
        $sErrorNumber = '202';
    }
    $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
    $sFileUrl = CombinePaths($sFileUrl, $sFileName);
    SendUploadResults($sErrorNumber, $sFileUrl, $sFileName);
    exit;
}
Example #15
0
function FileUpload($resourceType, $currentFolder, $sCommand)
{
    if (!isset($_FILES)) {
        global $_FILES;
    }
    $sErrorNumber = '0';
    $sFileName = '';
    if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])) {
        global $Config;
        $oFile = $_FILES['NewFile'];
        // Map the virtual path to the local server path.
        $sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand);
        // Get the uploaded file name.
        $sFileName = $oFile['name'];
        $sFileName = SanitizeFileName($sFileName);
        $sOriginalFileName = $sFileName;
        // Get the extension.
        $sExtension = substr($sFileName, strrpos($sFileName, '.') + 1);
        $sExtension = strtolower($sExtension);
        if (isset($Config['SecureImageUploads'])) {
            if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) {
                $sErrorNumber = '202';
            }
        }
        if (isset($Config['HtmlExtensions'])) {
            if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) {
                $sErrorNumber = '202';
            }
        }
        // hack for XOOPS CHINA by ezsky < *****@*****.** >
        $name_pattern = "";
        if (!empty($Config['UserFilesNamePattern'])) {
            $patterns = explode("|", $Config['UserFilesNamePattern']);
            $delimiter = "";
            foreach ($patterns as $pattern) {
                switch ($pattern) {
                    case "date":
                        $name_pattern .= $delimiter . date("YmdHis");
                        break;
                    case "time":
                        $name_pattern .= $delimiter . strval(time());
                        break;
                    case "uid":
                        $name_pattern .= $delimiter . (is_object($GLOBALS["xoopsUser"]) ? str_pad($GLOBALS["xoopsUser"]->getVar("uid"), 10, "0", STR_PAD_LEFT) : "0");
                        break;
                }
                $delimiter = "-";
            }
        }
        if (!empty($name_pattern)) {
            $sFileName = $name_pattern . "." . $sExtension;
        }
        if (!empty($Config['UserFilesPathPattern'])) {
            $sServerDir .= date($Config['UserFilesPathPattern']) . '/';
            CreateServerFolder($sServerDir);
            if (is_dir($sServerDir)) {
                $currentFolder .= date($Config['UserFilesPathPattern']) . '/';
            }
        }
        // end hack
        // Check if it is an allowed extension.
        if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) {
            $iCounter = 0;
            while (true) {
                $sFilePath = $sServerDir . $sFileName;
                if (is_file($sFilePath)) {
                    $iCounter++;
                    $sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension;
                    $sErrorNumber = '201';
                } else {
                    move_uploaded_file($oFile['tmp_name'], $sFilePath);
                    if (is_file($sFilePath)) {
                        if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) {
                            break;
                        }
                        $permissions = 0777;
                        if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) {
                            $permissions = $Config['ChmodOnUpload'];
                        }
                        $oldumask = umask(0);
                        chmod($sFilePath, $permissions);
                        umask($oldumask);
                    }
                    break;
                }
            }
            if (file_exists($sFilePath)) {
                //previous checks failed, try once again
                if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) {
                    @unlink($sFilePath);
                    $sErrorNumber = '202';
                } else {
                    if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) {
                        @unlink($sFilePath);
                        $sErrorNumber = '202';
                    }
                }
            }
        } else {
            $sErrorNumber = '202';
        }
    } else {
        $sErrorNumber = '202';
    }
    $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
    $sFileUrl = CombinePaths($sFileUrl, $sFileName);
    SendUploadResults($sErrorNumber, $sFileUrl, $sFileName);
    exit;
}
Example #16
0
function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '')
{
	if (!isset($_FILES)) {
		global $_FILES;
	}
	$sErrorNumber = '0' ;
	$sFileName = '' ;

	if ( isset( $_FILES['NewFile'] ) && !is_null( $_FILES['NewFile']['tmp_name'] )
       # This is for the QuickUpload tab box
        or (isset($_FILES['upload']) and !is_null($_FILES['upload']['tmp_name'])))
	{
		global $Config ;

		$oFile = isset($_FILES['NewFile']) ? $_FILES['NewFile'] : $_FILES['upload'];

		// Map the virtual path to the local server path.
		$sServerDir = ServerMapFolder( $resourceType, $currentFolder, $sCommand ) ;

		// Get the uploaded file name.
		$sFileName = $oFile['name'] ;
		$sFileName = SanitizeFileName( $sFileName ) ;

		$sOriginalFileName = $sFileName ;

		// Get the extension.
		$sExtension = substr( $sFileName, ( strrpos($sFileName, '.') + 1 ) ) ;
		$sExtension = strtolower( $sExtension ) ;

		if ( isset( $Config['SecureImageUploads'] ) )
		{
			if ( ( $isImageValid = IsImageValid( $oFile['tmp_name'], $sExtension ) ) === false )
			{
				$sErrorNumber = '202' ;
			}
		}

		if ( isset( $Config['HtmlExtensions'] ) )
		{
			if ( !IsHtmlExtension( $sExtension, $Config['HtmlExtensions'] ) &&
				( $detectHtml = DetectHtml( $oFile['tmp_name'] ) ) === true )
			{
				$sErrorNumber = '202' ;
			}
		}

		// Check if it is an allowed extension.
		if ( !$sErrorNumber && IsAllowedExt( $sExtension, $resourceType ) )
		{
			$iCounter = 0 ;

			while ( true )
			{
				$sFilePath = $sServerDir . $sFileName ;

				if ( is_file( $sFilePath ) )
				{
					$iCounter++ ;
					$sFileName = RemoveExtension( $sOriginalFileName ) . '(' . $iCounter . ').' . $sExtension ;
					$sErrorNumber = '201' ;
				}
				else
				{
					move_uploaded_file( $oFile['tmp_name'], $sFilePath ) ;

					if ( is_file( $sFilePath ) )
					{
						if ( isset( $Config['ChmodOnUpload'] ) && !$Config['ChmodOnUpload'] )
						{
							break ;
						}

						$permissions = 0777;

						if ( isset( $Config['ChmodOnUpload'] ) && $Config['ChmodOnUpload'] )
						{
							$permissions = $Config['ChmodOnUpload'] ;
						}

						$oldumask = umask(0) ;
						chmod( $sFilePath, $permissions ) ;
						umask( $oldumask ) ;
					}

					break ;
				}
			}

			if ( file_exists( $sFilePath ) )
			{
				//previous checks failed, try once again
				if ( isset( $isImageValid ) && $isImageValid === -1 && IsImageValid( $sFilePath, $sExtension ) === false )
				{
					@unlink( $sFilePath ) ;
					$sErrorNumber = '202' ;
				}
				else if ( isset( $detectHtml ) && $detectHtml === -1 && DetectHtml( $sFilePath ) === true )
				{
					@unlink( $sFilePath ) ;
					$sErrorNumber = '202' ;
				}
			}
		}
		else
			$sErrorNumber = '202' ;
	}
	else
		$sErrorNumber = '202' ;


	$sFileUrl = CombinePaths( GetResourceTypePath( $resourceType, $sCommand ) , $currentFolder ) ;
	$sFileUrl = CombinePaths( $sFileUrl, $sFileName ) ;


	// DOL_CHANGE
	//SendUploadResults( $sErrorNumber, $sFileUrl, $sFileName ) ;
	if($CKEcallback == '')
    {
        // this line already exists so wrap the if block around it
        SendUploadResults( $sErrorNumber, $sFileUrl, $sFileName ) ;
    }
    else
    {
    //issue the CKEditor Callback
    SendCKEditorResults ($CKEcallback, $sFileUrl,
    ($sErrorNumber != 0
      ? 'Error '. $sErrorNumber. ' upload failed. '. $sErrorMsg
      : 'Upload Successful'));
  }

	exit ;
}