function compress_bmp(&$ofile, &$oname) { if (defined("AUTO_BMP2PNG_THRESHOLD")) { $oname = my_basename(addslashes($oname)); if (strcasecmp(".bmp", substr($oname, -4)) == 0 && filesize($ofile) > AUTO_BMP2PNG_THRESHOLD) { $h = @popen("identify -format \"%m\" " . escapeshellarg($ofile), "r"); if ($h) { $read = fread($h, 1024); pclose($h); if (strncasecmp("BMP", $read, 3) == 0) { $tp = $ofile . ".BMP2PNG"; @exec("convert -quality 75 " . escapeshellarg($ofile) . " png:" . escapeshellarg($tp)); if (file_exists($tp)) { unlink($ofile); $ofile = $tp; $oname = substr($oname, 0, -4) . ".png"; return 1; } } } } } return 0; }
$var = str_replace('..', '', $var); if ($is_file) { return dirname($var); } else { return $var; } } return ''; } if (!isset($curDirPath)) { $curDirPath = pathvar($_GET['openDir'], false) . pathvar($_GET['createDir'], false) . pathvar($_POST['moveTo'], false) . pathvar($_POST['newDirPath'], false) . pathvar($_POST['uploadPath'], false) . pathvar($_POST['filePath'], true) . pathvar($_GET['move'], true) . pathvar($_GET['rename'], true) . pathvar($_GET['replace'], true) . pathvar($_GET['comment'], true) . pathvar($_GET['metadata'], true) . pathvar($_GET['mkInvisibl'], true) . pathvar($_GET['mkVisibl'], true) . pathvar($_GET['public'], true) . pathvar($_GET['limited'], true) . pathvar($_POST['sourceFile'], true) . pathvar($_POST['replacePath'], true) . pathvar($_POST['commentPath'], true) . pathvar($_POST['metadataPath'], true); } if ($curDirPath == '/' or $curDirPath == '\\') { $curDirPath = ''; } $curDirName = my_basename($curDirPath); $parentDir = dirname($curDirPath); if ($parentDir == '\\') { $parentDir = '/'; } if (strpos($curDirName, '/../') !== false or !is_dir(realpath($basedir . $curDirPath))) { $tool_content .= $langInvalidDir; draw($tool_content, $menuTypeID); exit; } $order = 'ORDER BY filename'; $sort = 'name'; $reverse = false; if (isset($_GET['sort'])) { if ($_GET['sort'] == 'type') { $order = 'ORDER BY format';
header("Location: ${urlServer}"); exit(); } if ($uid) { require_once 'include/action.php'; $action = new action(); $action->record(MODULE_ID_VIDEO); } // ---------------------- // download video // ---------------------- $res2 = Database::get()->querySingle("SELECT * FROM video WHERE course_id = ?d AND id = ?d", $course_id, $_GET['id']); if (!$res2) { header("Location: ${urlServer}"); exit(); } $valid = ($uid || course_status($course_id) == COURSE_OPEN) ? true : token_validate($row2['path'], $_GET['token'], 30); if (!$valid) { header("Location: ${urlServer}"); exit(); } $vObj = MediaResourceFactory::initFromVideo($res2); $real_file = $webDir . "/video/" . q($_GET['course']) . q($vObj->getPath()); send_file_to_client($real_file, my_basename(q($vObj->getUrl())), $disposition, true);
/** * Send the .zip file to the browser. * * @return Does NOT return ! * @author Amand Tihon <*****@*****.**> */ function send() { $filename = $this->destDir . '.zip'; header('Content-Description: File Transfer'); header('Content-Type: application/zip'); header('Content-Length: ' . filesize($filename)); header("Content-Disposition: attachment; filename=\"" . my_basename($filename) . "\""); readfile($filename); exit(0); }
function rename_dir(&$dir, $enable_folder_rename, $fix_utf8) { global $normalise_directory_names; if ($enable_folder_rename != 'true') { echo 'This action is not enabled!'; exit(0); } $upperdir = substr($dir, 0, strrpos($dir, "/")); $newdir = parseInputParameterFile(trim(my_basename(' ' . $_GET['newdir']))); $newdir = fix_decoding($newdir, $fix_utf8); if ($normalise_directory_names) { $newdir = normalizeFileNames($newdir); } if ($dir == $_SESSION["TFU_ROOT_DIR"]) { $status = "&rename_dir=main"; } else { $createdir = $upperdir . "/" . $newdir; if (file_exists($createdir)) { $status = "&rename_dir=exists"; } else { $result = rename($dir, $upperdir . "/" . $newdir); if ($result) { $dir = $createdir; $_SESSION["TFU_DIR"] = $dir; $status = "&rename_dir=true"; } else { $status = "&rename_dir=false"; } } } return $status; }
$counter = @intval($_POST["counter"]); for ($i = 0; $i < $counter; $i++) { if (!isset($_FILES['attachfile' . $i])) { continue; } $attpost = $_FILES['attachfile' . $i]; @($errno = $attpost['error']); switch ($errno) { case UPLOAD_ERR_OK: $ofile = $attpost['tmp_name']; if (!file_exists($ofile)) { $msg .= "文件传输出错!"; break 2; } $oname = $attpost['name']; $htmlname = htmlspecialchars(my_basename($oname)); if (!is_uploaded_file($ofile)) { die; } if (compress_bmp($ofile, $oname)) { $msg .= "过大 BMP 图片 " . $htmlname . " 被自动转换成 PNG 格式。<br/>"; } $ret = bbs_upload_add_file($ofile, $oname); if ($ret) { $msg .= bbs_error_get_desc($ret); } else { $msg .= $htmlname . "上传成功!<br/>"; continue 2; } break; case UPLOAD_ERR_INI_SIZE:
function claro_copy_file($sourcePath, $targetPath) { $fileName = my_basename($sourcePath); if (is_file($sourcePath)) { return copy($sourcePath, $targetPath . '/' . $fileName); } elseif (is_dir($sourcePath)) { // check to not copy the directory inside itself if (preg_match('|^' . $sourcePath . '/|', $targetPath . '/')) { return false; } if (!claro_mkdir($targetPath . '/' . $fileName, CLARO_FILE_PERMISSIONS)) { return false; } $dirHandle = opendir($sourcePath); if (!$dirHandle) { return false; } $copiableFileList = array(); while ($element = readdir($dirHandle)) { if ($element == '.' || $element == '..') { continue; } $copiableFileList[] = $sourcePath . '/' . $element; } closedir($dirHandle); if (count($copiableFileList) > 0) { foreach ($copiableFileList as $thisFile) { if (!claro_copy_file($thisFile, $targetPath . '/' . $fileName)) { return false; } } } return true; } // end elseif is_dir() }
function atomic_post() { global $currentuser, $atomic_board, $atomic_brdarr, $atomic_brdnum, $dir_modes, $utmpnum; atomic_get_board(TRUE); $reid = isset($_GET["reid"]) ? @intval($_GET["reid"]) : 0; if ($reid > 0) { if (bbs_is_noreply_board($atomic_brdarr)) { atomic_error("本版只可发表文章,不可回复文章!"); } $articles = array(); $num = bbs_get_records_from_id($atomic_board, $reid, $dir_modes["NORMAL"], $articles); if ($num == 0) { atomic_error("错误的 Re 文编号"); } if ($articles[1]["FLAGS"][2] == 'y') { atomic_error("该文不可回复!"); } } if (isset($_GET["post"])) { if (!isset($_POST["title"])) { atomic_error("没有指定文章标题!"); } if (!isset($_POST["text"])) { atomic_error("没有指定文章内容!"); } $title = atomic_get_input(trim($_POST["title"])); $text = atomic_get_input($_POST["text"]); if (isset($_GET["reid"])) { $reID = @intval($_GET["reid"]); } else { $reID = 0; } $outgo = bbs_is_outgo_board($atomic_brdarr) ? 1 : 0; $anony = 0; $attmsg = ""; if (atomic_uploadable() && isset($_FILES['attachfile'])) { $attpost = $_FILES['attachfile']; @($errno = $attpost['error']); switch ($errno) { case UPLOAD_ERR_OK: $ofile = $attpost['tmp_name']; if (!file_exists($ofile)) { $attmsg = "文件传输出错!"; break; } $oname = $attpost['name']; $htmlname = htmlspecialchars(my_basename($oname)); if (!is_uploaded_file($ofile)) { die; } if (compress_bmp($ofile, $oname)) { $attmsg .= "过大 BMP 图片 " . $htmlname . " 被自动转换成 PNG 格式。<br/>"; } $ret = bbs_upload_add_file($ofile, $oname); if ($ret) { $attmsg .= bbs_error_get_desc($ret); } else { $attmsg .= $htmlname . "上传成功!<br/>"; } break; case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: $attmsg = "文件超过预定的大小" . sizestring(BBS_MAXATTACHMENTSIZE) . "字节"; break; case UPLOAD_ERR_PARTIAL: $attmsg = "文件传输出错!"; break; case UPLOAD_ERR_NO_FILE: $attmsg = "没有文件上传!"; break; default: $attmsg = "未知错误"; } } $ret = bbs_postarticle($atomic_board, $title, $text, $currentuser["signature"], $reID, $outgo, $anony, 0, 0); switch ($ret) { case -1: atomic_error("错误的讨论区名称!"); break; case -2: atomic_error("本版为二级目录版!"); break; case -3: atomic_error("标题为空!"); break; case -4: atomic_error("此讨论区是唯读的, 或是您尚无权限在此发表文章!"); break; case -5: atomic_error("很抱歉, 你被版务人员停止了本版的post权利!"); break; case -6: atomic_error("两次发文/信间隔过密,请休息几秒再试!"); break; case -7: atomic_error("无法读取索引文件! 请通知站务人员, 谢谢! "); break; case -8: atomic_error("本文不可回复!"); break; case -9: atomic_error("系统内部错误, 请迅速通知站务人员, 谢谢!"); break; case -21: atomic_error("您的积分不符合当前讨论区的设定, 暂时无法在当前讨论区发表文章..."); break; } atomic_header(); $url = "?act=board&board=" . $atomic_board; if (isset($attmsg)) { echo $attmsg . "<br/>"; } if ($ret == -10) { echo "<p>很抱歉,本文可能含有不当内容,需经审核方可发表。<br/><br/>" . "根据《帐号管理办法》,被系统过滤的文章视同公开发表。请耐心等待<br/>" . "站务人员的审核,不要多次尝试发表此文章。<br/><br/>" . "如有疑问,请致信 SYSOP 咨询。</p>"; echo "返回<a href='{$url}'>版面文章列表</a>"; } else { echo "发文成功!本页面将在3秒后自动返回<a href='{$url}'>版面文章列表</a><meta http-equiv='refresh' content='3; url=" . $url . "'/>"; } atomic_footer(); return; } if ($reid) { if (!strncmp($articles[1]["TITLE"], "Re: ", 4)) { $nowtitle = $articles[1]["TITLE"]; } else { $nowtitle = "Re: " . $articles[1]["TITLE"]; } } else { $nowtitle = ""; } atomic_header(); $html = "<p><a href='?act=board&board=" . $atomic_board . "'>" . $atomic_board . " 版</a>发表文章</p>"; $html .= "<form action='?act=post&board=" . $atomic_board . "&reid=" . $reid . "&post=1' method='post'" . (isset($_GET['upload']) ? " enctype='multipart/form-data'>" : ">"); $html .= '标题: <input type="text" name="title" size="40" maxlength="100" value="' . ($nowtitle ? htmlspecialchars($nowtitle, ENT_QUOTES) . " " : "") . '"/><br/>'; $html .= '<textarea name="text" rows="20" cols="80" wrap="physical">'; if ($reid > 0) { $filename = bbs_get_board_filename($atomic_board, $articles[1]["FILENAME"]); $q = @bbs_get_quote($filename); if ($q) { $html .= "\n" . $q; } } $html .= '</textarea><br/>'; if (isset($_GET['upload'])) { $html .= '<input name="attachfile" type="file"/><br/>'; } $html .= '<input type="submit" value="发表" /></form>'; echo $html; atomic_footer(); }
if (!isset($_SESSION['TFU_LAST_UPLOADS']) || isset($_GET['firstStart'])) { // we delete the info of the last upload items! unset($_SESSION['TFU_LAST_UPLOADS']); $_SESSION['TFU_LAST_UPLOADS'] = array(); } $_SESSION['TFU_UPLOAD_REMAINING'] = $_GET['remaining']; foreach ($_FILES as $fieldName => $file) { // we check the uploaded files first because we don't know if it's the flash or any other script! check_valid_extension($file['name']); $store = 1; if (is_supported_tfu_image($file['name']) && $size < 100000) { $store = resize_file($file['tmp_name'], $size, 80, $file['name']); } if ($store != 0) { // ok or try later $base_filename = my_basename($file['name']); $image = fix_decoding($base_filename, $fix_utf8); if ($normalise_file_names) { $image = normalizeFileNames($image); } $filename = $dir . '/' . $image; // here you can do additional checks if a file already exists any you don't want that the existing one will be overwritten. $uploaded = false; // This is only needed for JFU - ignore this small part if you use TFU standalone: $workaround_dir = $dir == "./../../../.." && is_writeable("./../../../../cache"); // start workaround for some php versions (e.g. 5.0.3!) if you upload to the main folder ! if ($workaround_dir) { $filename = $dir . "/cache/" . $image; } // end JFU if (@move_uploaded_file($file['tmp_name'], $filename)) {
natsort($plugins); foreach ($plugins as $f) { if ($enable_upload_debug) { tfu_debug('8. Execute plugin: ' . $f); } include_once $f; $exchangefilename = $filename; $store = 0; // if the plugin resize this variable has to be initialized! if (function_exists(basename($f, ".php") . "_process_upload_file")) { call_user_func(basename($f, ".php") . "_process_upload_file", $dir, $filename, $image); } if ($filename != $exchangefilename) { // The plugin has changed the filename. $filename = $exchangefilename; $image = my_basename($exchangefilename); } } if ($enable_upload_debug) { tfu_debug('8a. End plugins'); } } array_push($_SESSION['TFU_LAST_UPLOADS'], $filename . $current_desc); removeCacheThumb($filename); // this generates the two thumbnails of the preview // set this to true if you like this to be done at the upload an not on the fly. if (false) { send_thumb($filename, 90, 400, 275, true); send_thumb($filename, 90, 80, 55, true); } // end plugin
} else { if ($action == 'download') { // download a file - we set the header ! tfu_download($file, $enable_file_download); } else { if ($action == 'createThumb') { // create a thumbnail tfu_createThumb($file); } else { if ($action == 'zipdownload') { // download multipe files as zip! tfu_zip_download($file, $enable_file_download); } else { if ($action == 'createfile') { // creates an empty file during upload - if createfile is set an empty file is created + the directory has to be sent. $file = $dir . "/" . parseInputParameterFile(trim(my_basename(' ' . $_GET['newfile']))); $overwrite = !isset($_GET['createfile']); tfu_savetext($file, $overwrite); if ($overwrite) { $_SESSION["TFU_LAST_UPLOADS"][] = $file; } } } } } } } } } } }
$course_id = null; $res1 = Database::get()->querySingle("SELECT course.id FROM course WHERE course.code = ?s", q($_GET['course'])); if ($res1) { $course_id = intval($res1->id); } if ($course_id == null) { header("Location: {$urlServer}"); exit; } if ($uid) { require_once 'include/action.php'; $action = new action(); $action->record(MODULE_ID_VIDEO); } // ---------------------- // download video // ---------------------- $res2 = Database::get()->querySingle("SELECT * \n FROM video \n WHERE course_id = {$course_id}\n AND id = ?d", $_GET['id']); if (!$res2) { header("Location: {$urlServer}"); exit; } $valid = $uid || course_status($course_id) == COURSE_OPEN ? true : token_validate($row2['path'], $_GET['token'], 30); if (!$valid) { header("Location: {$urlServer}"); exit; } $vObj = MediaResourceFactory::initFromVideo($res2); $real_file = $webDir . "/video/" . q($_GET['course']) . q($vObj->getPath()); send_file_to_client($real_file, my_basename(q($vObj->getUrl())), 'inline', true);