}
if (defined('MAINTENANCE_MODE_ON') && MAINTENANCE_MODE_ON) {
final_response(503, "This site is currently undergoing maintenance. " . "Uploads cannot be accepted at this time.");
}
// When Flash is running as an NPAPI plugin under Windows, it does not send
// the correct cookies with HTTP requests, but instead sends whatever cookies
// are associated with its IE plugin version. SWFUpload instances are made to
// pass the session ID explicitly to work around this.
$reason_session =& get_reason_session();
if (!empty($_REQUEST['reason_sid'])) {
$reason_session->start($_REQUEST['reason_sid']);
} else {
$reason_session->start();
}
$upload_sid = @$_REQUEST['upload_sid'];
$session = _get_async_upload_session($upload_sid);
if (!$session) {
if (empty($_REQUEST['upload_sid'])) {
final_response(400, "Upload session (upload_sid) not provided.");
} else {
final_response(400, "No upload session with ID " . $upload_sid);
}
}
// Permission check.
if (!can_upload($session)) {
final_response(403, "Permission denied.");
}
function can_upload($session)
{
if ($session['authenticator']) {
$auth = $session['authenticator'];
/**
* Gets information about a specific file, whether it was uploaded in the POST
* body of the current request or in the asynchronous upload session identified
* by the given ID.
*
* If no such file was received, if an empty file was received, or if there was
* an error in receiving or storing the file or if it was rejected by PHP,
* <code>null</code> will be returned.
*
* If an asynchronous upload session ID is given, but no session with that ID
* actually exists, a notice is triggered.
*
* @param string $name the form field name under which the file was submitted
* @param string $async_session_id the ID for the asynchronous upload session
* @param boolean $clear if true, and the uploaded file is found in the
* asynchronous session, the file's record will be removed from the
* session
* @return UploadedFile information about the uploaded file, or
* <code>null</code> if no such file was uploaded or if there was an
* error in uploading it
*/
function reason_get_uploaded_file($name, $async_session_id = null, $clear = false)
{
if ($async_session_id) {
$async_session = _get_async_upload_session($async_session_id);
if ($async_session) {
if (isset($async_session['files'][$name])) {
$records = $async_session['files'][$name];
if (is_array($records) && count($records) > 0) {
$keys = array_keys($records);
$key = $keys[count($keys) - 1];
$async_file = $records[$key];
$file = _uploaded_file_from_async($async_file);
if (!$file || $clear) {
unset($async_session['files'][$name][$key]);
$session =& get_reason_session();
$id = $async_session_id;
$session->set(_async_upload_session_key($id), $async_session);
}
if ($file) {
return $file;
}
}
}
} else {
trigger_warning("tried to get the file {$name} from asynchronous " . 'upload session ' . var_export($async_session_id, true) . ', but ' . 'no such session exists');
}
}
return isset($_FILES[$name]) ? _uploaded_file_from_php($_FILES[$name]) : null;
}
