function HandlePostUpload($pagename, $auth = 'upload') { global $UploadVerifyFunction, $UploadFileFmt, $LastModFile, $EnableUploadVersions, $Now; $page = RetrieveAuthPage($pagename, $auth, true, READPAGE_CURRENT); if (!$page) Abort("?cannot upload to $pagename"); $uploadfile = $_FILES['uploadfile']; $upname = $_REQUEST['upname']; if ($upname=='') $upname=$uploadfile['name']; $upname = MakeUploadName($pagename,$upname); if (!function_exists($UploadVerifyFunction)) Abort('?no UploadVerifyFunction available'); $filepath = FmtPageName("$UploadFileFmt/$upname",$pagename); $result = $UploadVerifyFunction($pagename,$uploadfile,$filepath); if ($result=='') { $filedir = preg_replace('#/[^/]*$#','',$filepath); mkdirp($filedir); if (IsEnabled($EnableUploadVersions, 0)) @rename($filepath, "$filepath,$Now"); if (!move_uploaded_file($uploadfile['tmp_name'],$filepath)) { Abort("?cannot move uploaded file to $filepath"); return; } fixperms($filepath,0444); if ($LastModFile) { touch($LastModFile); fixperms($LastModFile); } $result = "upresult=success"; } Redirect($pagename,"{\$PageUrl}?action=upload&uprname=$upname&$result"); }
function HandlePostUpload($pagename, $auth = 'upload') { global $UploadVerifyFunction, $UploadFileFmt, $LastModFile, $EnableUploadVersions, $Now, $RecentUploadsFmt, $FmtV, $NotifyItemUploadFmt, $NotifyItemFmt, $IsUploadPosted, $UploadRedirectFunction; UploadAuth($pagename, $auth); $uploadfile = $_FILES['uploadfile']; $upname = $_REQUEST['upname']; if ($upname=='') $upname=$uploadfile['name']; $upname = MakeUploadName($pagename,$upname); if (!function_exists($UploadVerifyFunction)) Abort('?no UploadVerifyFunction available'); $filepath = FmtPageName("$UploadFileFmt/$upname",$pagename); $result = $UploadVerifyFunction($pagename,$uploadfile,$filepath); if ($result=='') { $filedir = preg_replace('#/[^/]*$#','',$filepath); mkdirp($filedir); if (IsEnabled($EnableUploadVersions, 0)) @rename($filepath, "$filepath,$Now"); if (!move_uploaded_file($uploadfile['tmp_name'],$filepath)) { Abort("?cannot move uploaded file to $filepath"); return; } fixperms($filepath,0444); if ($LastModFile) { touch($LastModFile); fixperms($LastModFile); } $result = "upresult=success"; $FmtV['$upname'] = $upname; $FmtV['$upsize'] = $uploadfile['size']; if (IsEnabled($RecentUploadsFmt, 0)) { PostRecentChanges($pagename, '', '', $RecentUploadsFmt); } if (IsEnabled($NotifyItemUploadFmt, 0) && function_exists('NotifyUpdate')) { $NotifyItemFmt = $NotifyItemUploadFmt; $IsUploadPosted = 1; register_shutdown_function('NotifyUpdate', $pagename, getcwd()); } } SDV($UploadRedirectFunction, 'Redirect'); $UploadRedirectFunction($pagename,"{\$PageUrl}?action=upload&uprname=$upname&$result"); }
function RSSEnclosure($pagename, &$page, $k) { global $RSSEnclosureFmt, $UploadFileFmt, $UploadExts; if (!function_exists('MakeUploadName')) { return ''; } SDV($RSSEnclosureFmt, array('$Name.mp3')); $encl = ''; foreach ((array) $RSSEnclosureFmt as $fmt) { $path = FmtPageName($fmt, $pagename); $upname = MakeUploadName($pagename, $path); $filepath = FmtPageName("{$UploadFileFmt}/{$upname}", $pagename); if (file_exists($filepath)) { $length = filesize($filepath); $type = @$UploadExts[preg_replace('/.*\\./', '', $filepath)]; $url = LinkUpload($pagename, 'Attach:', $path, '', '', '$LinkUrl'); $encl .= "<{$k} url='{$url}' length='{$length}' type='{$type}' />"; } } return $encl; }
function HandlePostUpload($pagename) { global $UploadVerifyFunction, $UploadFileFmt, $LastModFile; $page = RetrieveAuthPage($pagename, 'upload'); if (!$page) { Abort("?cannot upload to {$pagename}"); } $uploadfile = $_FILES['uploadfile']; $upname = $_REQUEST['upname']; if ($upname == '') { $upname = $uploadfile['name']; } $upname = MakeUploadName($pagename, $upname); if (!function_exists($UploadVerifyFunction)) { Abort('?no UploadVerifyFunction available'); } $filepath = FmtPageName("{$UploadFileFmt}/{$upname}", $pagename); $result = $UploadVerifyFunction($pagename, $uploadfile, $filepath); if ($result == '') { $filedir = preg_replace('#/[^/]*$#', '', $filepath); mkdirp($filedir); if (!move_uploaded_file($uploadfile['tmp_name'], $filepath)) { Abort("?cannot move uploaded file to {$filepath}"); return; } fixperms($filepath); if ($LastModFile) { touch($LastModFile); fixperms($LastModFile); } $result = "upresult=success"; } Redirect($pagename, "\$PageUrl?action=upload&upname={$upname}&{$result}"); }
/** * Handle the .draw file format */ function HandlePostDrawing_draw($pagename) { global $UploadVerifyFunction, $UploadFileFmt, $LastModFile, $Now; global $RecentChangesFmt, $IsPagePosted, $EnableDrawingRecentChanges; $page = RetrieveAuthPage($pagename, 'upload'); if (!$page) { Abort("?cannot upload to {$pagename}"); } $uploadImage = $_FILES['uploadImage']; $uploadDrawing = $_FILES['uploadDrawing']; $uploadMap = $_FILES['uploadMap']; $drawingBaseTime = $_POST['drawingbasetime']; // The time the user began editing this drawing. $imageupname = $uploadImage['name']; $drawingupname = $uploadDrawing['name']; $mapupname = $uploadMap['name']; $imageupname = MakeUploadName($pagename, $imageupname); $drawingupname = MakeUploadName($pagename, $drawingupname); $mapupname = MakeUploadName($pagename, $mapupname); $imageFilePath = FmtPageName("{$UploadFileFmt}/{$imageupname}", $pagename); $drawingFilePath = FmtPageName("{$UploadFileFmt}/{$drawingupname}", $pagename); $mapFilePath = FmtPageName("{$UploadFileFmt}/{$mapupname}", $pagename); if (file_exists($drawingFilePath)) { // Only worth checking timestamps if a drawing actually currently exists! if (filemtime($drawingFilePath) > $drawingBaseTime) { // Assign a new timestamp to the client... hopefully this time they'll be ok... header("PmWikiDraw-DrawingChanged: {$Now}"); exit; } } // If we've got to here then we can assume its safe to overwrite the current file // Note: we should do the history archival/recent changes stuff here. if ($EnableDrawingRecentChanges == true && isset($_POST['drawingname'])) { $imageModified = $_POST['drawingname']; $RecentChangesFmt = array('Main.AllRecentChanges' => '* [[$Group/$Name]] Drawing - ' . $imageModified . ' modified . . . $CurrentTime', '$Group.RecentChanges' => '* [[$Group/$Name]] Drawing - ' . $imageModified . ' modified . . . $CurrentTime'); $IsPagePosted = true; $x = ""; $y = ""; PostRecentChanges($pagename, $x, $y); $IsPagePosted = false; } $filedir = preg_replace('#/[^/]*$#', '', $imageFilePath); mkdirp($filedir); if (!move_uploaded_file($uploadImage['tmp_name'], $imageFilePath)) { Abort("?cannot move uploaded image to {$imageFilePath}"); return; } fixperms($imageFilePath, 0444); if ($LastModFile) { touch($LastModFile); fixperms($LastModFile); } $filedir = preg_replace('#/[^/]*$#', '', $drawingFilePath); mkdirp($filedir); if (!move_uploaded_file($uploadDrawing['tmp_name'], $drawingFilePath)) { Abort("?cannot move uploaded drawing to {$drawingFilePath}"); return; } fixperms($drawingFilePath, 0444); if ($LastModFile) { touch($LastModFile); fixperms($LastModFile); } $filedir = preg_replace('#/[^/]*$#', '', $mapFilePath); mkdirp($filedir); if (!move_uploaded_file($uploadMap['tmp_name'], $mapFilePath)) { Abort("?cannot move uploaded map to {$mapFilePath}"); return; } fixperms($mapFilePath, 0444); if ($LastModFile) { touch($LastModFile); fixperms($LastModFile); } // Sets the drawingBaseTime header for incremental save support. header("PmWikiDraw-DrawingBaseTime: " . filemtime($drawingFilePath)); exit; }
function include_file($pagename, $argstr) { global $UploadFileFmt, $UploadUrlFmt, $UploadPrefixFmt; global $IncludeUploadTextToHtmlCmd; global $IncludeUploadToHtmlCmd; global $UrlScheme, $IncludeUploadUrlFopenEnabled; global $HandleAuth, $AuthFunction; $args = ParseArgs($argstr); $path = $args[''] ? implode('', $args['']) : ''; $class = $args['class'] ? $args['class'] : $this->class; $abs_url = ''; # figure out the file path if (preg_match("/^\\s*\\//", $path)) { # a path was given, give it a http: path # so that this will honour Apache permissions # However, this will only work if allow_url_fopen is enabled. if ($IncludeUploadUrlFopenEnabled) { $http = $UrlScheme ? $UrlScheme : 'http'; $filepath = $http . '://' . $_SERVER['HTTP_HOST'] . $path; } else { $filepath = $_SERVER['DOCUMENT_ROOT'] . $path; } // make the abs_url from the part of the URL minus the file $bits = explode("/", $filepath); array_pop($bits); $abs_url = implode('/', $bits); $abs_url .= '/'; } else { if (preg_match('!^(.*)/([^/]+)$!', $path, $match)) { $pagename = MakePageName($pagename, $match[1]); $path = $match[2]; } // permission check for accessing files from given page if (!$AuthFunction($pagename, $HandleAuth['includeupload'], false)) { return Keep("(:includeupload {$path}:) failed: access denied to include files from {$pagename}<br>\n"); } $upname = MakeUploadName($pagename, $path); $filepath = FmtPageName("{$UploadFileFmt}/{$upname}", $pagename); $abs_url = PUE(FmtPageName("{$UploadUrlFmt}{$UploadPrefixFmt}", $pagename)); } // read the file; if there was failure, the content is empty $filetext = $this->read_file($filepath); if ($filetext) { $ext = ''; if (preg_match('!\\.(\\w+)$!', $filepath, $match)) { $ext = $match[1]; } $filetype = $args['type'] ? $args['type'] : $ext; if ($IncludeUploadToHtmlCmd[$filetype]) { $command = $IncludeUploadToHtmlCmd[$filetype]; $tempfile = $this->put_file($filetext); $fcont = `{$command} {$tempfile}`; $fcont = $this->extract_body($fcont); $fcont = $this->absolute_url($fcont, $abs_url); @unlink($tempfile); return Keep(($class ? "<div class='{$class}'>" : '<div>') . $fcont . '</div>'); } else { if (preg_match('/htm.?/', $ext)) { $fcont = $this->extract_body($filetext); $fcont = $this->absolute_url($fcont, $abs_url); return Keep(($class ? "<div class='{$class}'>" : '<div>') . $fcont . '</div>'); } else { // by default, treat as text and escape HTML chars return Keep(($class ? "<pre class='{$class}'>" : '<pre>') . "filetype={$filetype}\n" . htmlspecialchars($filetext) . '</pre>'); } } } # fall through return Keep("(:includeupload {$path}:) failed: Could not open {$filepath}<br>\n"); }
function getUploadPath ($pagename, $path) { global $UploadFileFmt; if (preg_match('!^(.*)/([^/]+)$!', $path, $m)) { $pagename = MakePageName($pagename, $m[1]); $path = $m[2]; } $upname = MakeUploadName($pagename, $path); $filepath = FmtPageName("$UploadFileFmt/$upname", $pagename); return $filepath; }
function HandlePostUpload($pagename, $auth = 'upload') { global $UploadVerifyFunction, $UploadFileFmt, $LastModFile, $EnableUploadVersions, $Now, $RecentUploadsFmt, $FmtV; UploadAuth($pagename, $auth); $uploadfile = $_FILES['uploadfile']; $upname = $_REQUEST['upname']; if ($upname == '') { $upname = $uploadfile['name']; } $upname = MakeUploadName($pagename, $upname); if (!function_exists($UploadVerifyFunction)) { Abort('?no UploadVerifyFunction available'); } $filepath = FmtPageName("{$UploadFileFmt}/{$upname}", $pagename); $result = $UploadVerifyFunction($pagename, $uploadfile, $filepath); if ($result == '') { $filedir = preg_replace('#/[^/]*$#', '', $filepath); mkdirp($filedir); if (IsEnabled($EnableUploadVersions, 0)) { @rename($filepath, "{$filepath},{$Now}"); } if (!move_uploaded_file($uploadfile['tmp_name'], $filepath)) { Abort("?cannot move uploaded file to {$filepath}"); return; } fixperms($filepath, 0444); if ($LastModFile) { touch($LastModFile); fixperms($LastModFile); } $result = "upresult=success"; if (IsEnabled($RecentUploadsFmt, 0)) { $FmtV['$upname'] = $upname; $FmtV['$upsize'] = $uploadfile['size']; PostRecentChanges($pagename, '', '', $RecentUploadsFmt); } } Redirect($pagename, "{\$PageUrl}?action=upload&uprname={$upname}&{$result}"); }