/**
* @override
*/
public function handleRequest()
{
// HTTP headers for no cache etc
header('Content-type: text/plain; charset=UTF-8');
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
// Get parameters
$chunk = isset($_REQUEST["chunk"]) ? $_REQUEST["chunk"] : 0;
$chunks = isset($_REQUEST["chunks"]) ? $_REQUEST["chunks"] : 0;
$fileName = isset($_REQUEST["name"]) ? $_REQUEST["name"] : '';
$fileCount = $_GET['files'];
if (\FWValidator::is_file_ending_harmless($fileName)) {
try {
$this->addChunk($fileName, $chunk, $chunks);
} catch (UploaderException $e) {
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "' . $e->getMessage() . '"}, "id" : "id"}');
}
} else {
if ($chunk == 0) {
// only count first chunk
// TODO: there must be a way to cancel the upload process on the client side
$this->addHarmfulFileToResponse($fileName);
}
}
if ($chunk == $chunks - 1) {
//upload finished
$this->handleCallback($fileCount);
}
die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}');
}
/**
* @override
*/
public function handleRequest()
{
global $_FILES;
//get a writable directory
$targetDir = '/upload_' . $this->uploadId;
$tempPath = $_SESSION->getTempPath();
$webTempPath = $_SESSION->getWebTempPath();
//make sure target directory exists
if (!file_exists($tempPath . $targetDir)) {
\Cx\Lib\FileSystem\FileSystem::make_folder($webTempPath . $targetDir);
}
//move all uploaded file to this upload's temp directory
foreach ($_FILES["uploaderFiles"]["error"] as $key => $error) {
if ($error == UPLOAD_ERR_OK) {
$tmpName = $_FILES["uploaderFiles"]["tmp_name"][$key];
$name = $_FILES["uploaderFiles"]["name"][$key];
if (!\FWValidator::is_file_ending_harmless($name)) {
die('Error:' . sprintf('The file %s was refused due to its file extension which is not allowed!', htmlentities($name, ENT_QUOTES, CONTREXX_CHARSET)));
}
//TODO: Uploader::addChunk does this also -> centralize in function
// remember the "raw" file name, we want to store all original
// file names in the session.
$originalFileName = $name;
// Clean the fileName for security reasons
// we're using a-zA-Z0-9 instead of \w because of the umlauts.
// linux excludes them from \w, windows includes them. we do not want different
// behaviours on different operating systems.
$name = preg_replace('/[^a-zA-Z0-9\\._-]+/', '', $name);
$originalFileNames = array();
if (isset($_SESSION['upload']['handlers'][$this->uploadId]['originalFileNames'])) {
$originalFileNames = $_SESSION['upload']['handlers'][$this->uploadId]['originalFileNames'];
}
$originalFileNames[$name] = $originalFileName;
$_SESSION['upload']['handlers'][$this->uploadId]['originalFileNames'] = $originalFileNames;
//end of TODO-region
//move file somewhere we know both the web- and normal path...
@move_uploaded_file($tmpName, ASCMS_TEMP_PATH . '/' . $name);
//...then do a safe-mode-safe (yeah) move operation
\Cx\Lib\FileSystem\FileSystem::move(ASCMS_TEMP_WEB_PATH . '/' . $name, $webTempPath . $targetDir . '/' . $name, true);
}
}
//and call back.
$this->notifyCallback();
//redirect the user where he belongs
$this->redirect();
}
/**
* @override
*/
public function handleRequest()
{
// Get parameters
$chunk = $_POST['partitionIndex'];
$chunks = $_POST['partitionCount'];
$fileName = contrexx_stripslashes($_FILES['file']['name']);
$fileCount = $_GET['files'];
// check if the file has a valid file extension
if (\FWValidator::is_file_ending_harmless($fileName)) {
try {
$this->addChunk($fileName, $chunk, $chunks);
} catch (UploaderException $e) {
die('Error:' . $e->getMessage());
}
if ($chunk == $chunks - 1) {
//upload of current file finished
$this->handleCallback($fileCount);
}
} else {
$this->addHarmfulFileToResponse($fileName);
}
die(0);
}
/**
* Process upload form
*
* @global array $_ARRAYLANG
* @return boolean true if file uplod successfully and false if it failed
*/
private function processFormUpload()
{
global $_ARRAYLANG;
$objSession = \cmsSession::getInstance();
$uploaderId = isset($_POST['media_upload_file']) ? contrexx_input2raw($_POST['media_upload_file']) : 0;
if (empty($uploaderId)) {
return false;
}
$tempPath = $objSession->getTempPath() . '/' . contrexx_input2raw($uploaderId);
if (!\Cx\Lib\FileSystem\FileSystem::exists($tempPath)) {
return false;
}
$errorMsg = array();
foreach (glob($tempPath . '/*') as $file) {
$i = 0;
$fileName = basename($file);
$path = $tempPath . '/' . $fileName;
$file = $this->path . $fileName;
$arrFile = pathinfo($file);
while (file_exists($file)) {
$suffix = '-' . (time() + ++$i);
$file = $this->path . $arrFile['filename'] . $suffix . '.' . $arrFile['extension'];
}
if (!\FWValidator::is_file_ending_harmless($path)) {
$errorMsg[] = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_EXTENSION_NOT_ALLOWED'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET));
continue;
}
try {
$objFile = new \Cx\Lib\FileSystem\File($path);
$objFile->move($file, false);
$fileObj = new \File();
$fileObj->setChmod($this->path, $this->webPath, basename($file));
} catch (\Cx\Lib\FileSystem\FileSystemException $e) {
\DBG::msg($e->getMessage());
$errorMsg[] = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_UPLOAD_FAILED'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET));
}
}
if (!empty($errorMsg)) {
$this->_strErrorMessage = explode('<br>', $errorMsg);
return false;
}
$this->_strOkMessage = $_ARRAYLANG['TXT_MEDIA_FILE_UPLOADED_SUCESSFULLY'];
return true;
}
/**
* Copy the Upload the image to the path
* Note: validation should be done before calling this function
*
* @param string $imagePath Temp path of the uploaded media
*
* @return boolean|string relative path of the uploaded file, false otherwise
*/
function uploadMedia($imagePath)
{
if ($imagePath == '' || !\FWValidator::is_file_ending_harmless($imagePath)) {
return false;
}
// get extension
$imageName = basename($imagePath);
$arrImageInfo = pathinfo($imageName);
$imageExtension = !empty($arrImageInfo['extension']) ? '.' . $arrImageInfo['extension'] : '';
$imageBasename = $arrImageInfo['filename'];
$randomSum = rand(10, 99);
// encode filename
if ($this->arrSettings['settingsEncryptFilenames'] == 1) {
$imageName = md5($randomSum . $imageBasename) . $imageExtension;
}
// check filename
if (file_exists($this->imagePath . 'images/' . $imageName)) {
$imageName = $imageBasename . '_' . time() . $imageExtension;
}
// upload file
if (\Cx\Lib\FileSystem\FileSystem::copy_file($imagePath, $this->imagePath . 'images/' . $imageName) === false) {
return false;
}
$imageDimension = getimagesize($this->imagePath . 'images/' . $imageName);
$intNewWidth = $imageDimension[0];
$intNewHeight = $imageDimension[1];
$imageFormat = $imageDimension[0] > $imageDimension[1] ? 1 : 0;
$setNewSize = 0;
if ($imageDimension[0] > 640 && $imageFormat == 1) {
$doubleFactorDimension = 640 / $imageDimension[0];
$intNewWidth = 640;
$intNewHeight = round($doubleFactorDimension * $imageDimension[1], 0);
$setNewSize = 1;
} elseif ($imageDimension[1] > 480) {
$doubleFactorDimension = 480 / $imageDimension[1];
$intNewHeight = 480;
$intNewWidth = round($doubleFactorDimension * $imageDimension[0], 0);
$setNewSize = 1;
}
if ($setNewSize == 1) {
$objImage = new \ImageManager();
$objImage->loadImage($this->imagePath . 'images/' . $imageName);
$objImage->resizeImage($intNewWidth, $intNewHeight, 100);
$objImage->saveNewImage($this->imagePath . 'images/' . $imageName, true);
}
$objFile = new \File();
$objFile->setChmod($this->imagePath, $this->imageWebPath, 'images/' . $imageName);
// create thumbnail
$this->checkThumbnail($this->imageWebPath . 'images/' . $imageName);
return $this->imageWebPath . 'images/' . $imageName;
}
/**
* Process upload form
*
* @global array $_ARRAYLANG
* @return boolean true if file uplod successfully and false if it failed
*/
private function processFormUpload()
{
global $_ARRAYLANG;
$inputField = 'media_upload_file';
if (!isset($_FILES[$inputField]) || !is_array($_FILES[$inputField])) {
return false;
}
$fileName = !empty($_FILES[$inputField]['name']) ? contrexx_stripslashes($_FILES[$inputField]['name']) : '';
$fileTmpName = !empty($_FILES[$inputField]['tmp_name']) ? $_FILES[$inputField]['tmp_name'] : '';
if (MediaLibrary::isIllegalFileName($fileName)) {
$this->_strErrorMessage = $_ARRAYLANG['TXT_MEDIA_FILE_DONT_CREATE'];
return false;
}
switch ($_FILES[$inputField]['error']) {
case UPLOAD_ERR_INI_SIZE:
$this->_strErrorMessage = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_SIZE_EXCEEDS_LIMIT'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET), $this->getFormatedFileSize(\FWSystem::getMaxUploadFileSize()));
break;
case UPLOAD_ERR_FORM_SIZE:
$this->_strErrorMessage = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_TOO_LARGE'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET));
break;
case UPLOAD_ERR_PARTIAL:
$this->_strErrorMessage = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_CORRUPT'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET));
break;
case UPLOAD_ERR_NO_FILE:
$this->_strErrorMessage = $_ARRAYLANG['TXT_MEDIA_NO_FILE'];
continue;
break;
default:
if (!empty($fileTmpName)) {
$suffix = '';
$file = $this->path . $fileName;
$arrFile = pathinfo($file);
$i = 0;
while (file_exists($file)) {
$suffix = '-' . (time() + ++$i);
$file = $this->path . $arrFile['filename'] . $suffix . '.' . $arrFile['extension'];
}
if (\FWValidator::is_file_ending_harmless($fileName)) {
$fileExtension = $arrFile['extension'];
if (@move_uploaded_file($fileTmpName, $file)) {
$fileName = $arrFile['filename'];
$obj_file = new \File();
$obj_file->setChmod($this->path, $this->webPath, $fileName);
$this->_strOkMessage = $_ARRAYLANG['TXT_MEDIA_FILE_UPLOADED_SUCESSFULLY'];
return true;
} else {
$this->_strErrorMessage = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_UPLOAD_FAILED'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET));
}
} else {
$this->_strErrorMessage = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_EXTENSION_NOT_ALLOWED'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET));
}
}
break;
}
return false;
}
function uploadPicture()
{
$status = "";
$path = "pictures/";
//check file array
if (isset($_FILES) && !empty($_FILES)) {
//get file info
$tmpFile = $_FILES['pic']['tmp_name'];
$fileName = $_FILES['pic']['name'];
if ($fileName != "" && \FWValidator::is_file_ending_harmless($fileName)) {
//check extension
$info = pathinfo($fileName);
$exte = $info['extension'];
$exte = !empty($exte) ? '.' . $exte : '';
$part1 = substr($fileName, 0, strlen($fileName) - strlen($exte));
$rand = rand(10, 99);
$fileName = md5($rand . $fileName) . $exte;
//check file
// TODO: $x is not defined
$x = 0;
if (file_exists($this->mediaPath . $path . $fileName)) {
$fileName = $rand . $part1 . '_' . (time() + $x) . $exte;
$fileName = md5($fileName) . $exte;
}
//upload file
if (@move_uploaded_file($tmpFile, $this->mediaPath . $path . $fileName)) {
$objFile = new \File();
$objFile->setChmod($this->mediaPath, $this->mediaWebPath, $path . $fileName);
$status = $fileName;
} else {
$status = "error";
}
} else {
$status = "error";
}
}
return $status;
}
/**
* Upload submitted files
*
* Move all files that are allowed to be uploaded in the folder that
* has been specified in the configuration option "File upload deposition path"
* @access private
* @global array
* @param array Files that have been submited
* @see getSettings(), _cleanFileName(), errorMsg, FWSystem::getMaxUploadFileSize()
* @return array A list of files that have been stored successfully in the system
*/
function _uploadFilesLegacy($arrFields)
{
global $_ARRAYLANG;
$arrSettings = $this->getSettings();
$arrFiles = array();
if (isset($_FILES) && is_array($_FILES)) {
foreach (array_keys($_FILES) as $file) {
$fileName = !empty($_FILES[$file]['name']) ? $this->_cleanFileName($_FILES[$file]['name']) : '';
$fileTmpName = !empty($_FILES[$file]['tmp_name']) ? $_FILES[$file]['tmp_name'] : '';
switch ($_FILES[$file]['error']) {
case UPLOAD_ERR_INI_SIZE:
//Die hochgeladene Datei überschreitet die in der Anweisung upload_max_filesize in php.ini festgelegte Grösse.
$this->errorMsg .= sprintf($_ARRAYLANG['TXT_CONTACT_FILE_SIZE_EXCEEDS_LIMIT'], $fileName, \FWSystem::getMaxUploadFileSize()) . '<br />';
break;
case UPLOAD_ERR_FORM_SIZE:
//Die hochgeladene Datei überschreitet die in dem HTML Formular mittels der Anweisung MAX_FILE_SIZE angegebene maximale Dateigrösse.
$this->errorMsg .= sprintf($_ARRAYLANG['TXT_CONTACT_FILE_TOO_LARGE'], $fileName) . '<br />';
break;
case UPLOAD_ERR_PARTIAL:
//Die Datei wurde nur teilweise hochgeladen.
$this->errorMsg .= sprintf($_ARRAYLANG['TXT_CONTACT_FILE_CORRUPT'], $fileName) . '<br />';
break;
case UPLOAD_ERR_NO_FILE:
//Es wurde keine Datei hochgeladen.
continue;
break;
default:
if (!empty($fileTmpName)) {
$arrFile = pathinfo($fileName);
$i = '';
$suffix = '';
$documentRootPath = \Env::get('cx')->getWebsiteDocumentRootPath();
$filePath = $arrSettings['fileUploadDepositionPath'] . '/' . $arrFile['filename'] . $suffix . '.' . $arrFile['extension'];
while (file_exists($documentRootPath . $filePath)) {
$suffix = '-' . ++$i;
$filePath = $arrSettings['fileUploadDepositionPath'] . '/' . $arrFile['filename'] . $suffix . '.' . $arrFile['extension'];
}
$arrMatch = array();
if (\FWValidator::is_file_ending_harmless($fileName)) {
if (@move_uploaded_file($fileTmpName, $documentRootPath . $filePath)) {
$id = intval(substr($file, 17));
$arrFiles[$id] = array('path' => $filePath, 'name' => $fileName);
} else {
$this->errorMsg .= sprintf($_ARRAYLANG['TXT_CONTACT_FILE_UPLOAD_FAILED'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET)) . '<br />';
}
} else {
$this->errorMsg .= sprintf($_ARRAYLANG['TXT_CONTACT_FILE_EXTENSION_NOT_ALLOWED'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET)) . '<br />';
}
}
break;
}
}
}
return $arrFiles;
}
/**
* upload media
*
* upload added media
*
* @access public
* @return string $fileName
*/
function uploadMedia($name, $path)
{
//check file array
if (isset($_FILES) && !empty($_FILES)) {
//get file info
$status = "";
$tmpFile = $_FILES[$name]['tmp_name'];
$fileName = $_FILES[$name]['name'];
$fileType = $_FILES[$name]['type'];
$this->fileSize = $_FILES[$name]['size'];
if ($fileName != "" && \FWValidator::is_file_ending_harmless($fileName)) {
//check extension
$info = pathinfo($fileName);
$exte = $info['extension'];
$exte = !empty($exte) ? '.' . $exte : '';
$part1 = substr($fileName, 0, strlen($fileName) - strlen($exte));
$rand = rand(10, 99);
$arrSettings = $this->getSettings();
if ($arrSettings['encodeFilename']['value'] == 1) {
$fileName = md5($rand . $part1) . $exte;
}
//check file
if (file_exists($this->mediaPath . $path . $fileName)) {
// TODO: $x is never set!
// $fileName = $part1 . '_' . (time() + $x) . $exte;
$fileName = $part1 . '_' . time() . $exte;
}
//check extension
$info = pathinfo($fileName);
$exte = $info['extension'];
$exte = !empty($exte) ? '.' . $exte : '';
$part1 = substr($fileName, 0, strlen($fileName) - strlen($exte));
$rand = rand(10, 99);
$arrSettings = $this->getSettings();
if ($arrSettings['encodeFilename']['value'] == 1) {
$fileName = md5($rand . $part1) . $exte;
}
//check file
if (file_exists($this->mediaPath . $path . $fileName)) {
// TODO: $x is never set!
// $fileName = $part1 . '_' . (time() + $x) . $exte;
$fileName = $part1 . '_' . time() . $exte;
}
//upload file
if (@move_uploaded_file($tmpFile, $this->mediaPath . $path . $fileName)) {
$obj_file = new \File();
$obj_file->setChmod($this->mediaPath, $this->mediaWebPath, $path . $fileName);
$status = $fileName;
} else {
$status = "error";
}
//make thumb
if (($fileType == "image/gif" || $fileType == "image/jpeg" || $fileType == "image/jpg" || $fileType == "image/png") && $path != "uploads/") {
$this->createThumb($fileName, $path);
}
} else {
$status = "error";
}
}
return $status;
}
/**
* Checks if a customized version of a file exists in the website data
* repository and returns its path if it exists.
*
* @param string $file Path of file to look for a customized
* version for.
* @param boolean $webPath Whether or not to return the relative web
* path instead of the absolute file system
* path (default).
* @param boolean $isWebsite If $isWebsite is provided, then it is set
* to TRUE if the file can be located in the
* website data repository. Otherwise it is
* set to FALSE.
* @return mixed Path (as string) to customized version of
* file or FALSE if none exists.
*/
public function getFileFromWebsiteRepository($file, $webPath = false, &$isWebsite = false)
{
// When the LegacyClassLoader is not initialized you cant load the FWValidator class
// which is needed for the security check following next
if (!$this->legacyClassLoader) {
return false;
}
// Checks if the file is a harmless one, because you can upload anything
// over the ftp which probably not should be executed
if (!\FWValidator::is_file_ending_harmless($file)) {
return false;
}
// check if customized version of file exists
if (!file_exists($this->cx->getWebsiteDocumentRootPath() . $file)) {
return false;
}
// customized version of file found in website's data repository
$isWebsite = true;
return ($webPath ? $this->cx->getWebsiteOffsetPath() : $this->cx->getWebsiteDocumentRootPath()) . $file;
}
/**
* Upload a Csv File
*
* @param String $name File name
* @param String $path uploading file path
*
* @return String
*/
function uploadCSV($name, $path)
{
//check file array
if (isset($_FILES) && !empty($_FILES)) {
//get file info
$status = "";
$tmpFile = $_FILES[$name]['tmp_name'];
$fileName = $_FILES[$name]['name'];
$fileType = $_FILES[$name]['type'];
$fileSize = $_FILES[$name]['size'];
if ($fileName != "" && \FWValidator::is_file_ending_harmless($fileName)) {
//check extension
$info = pathinfo($fileName);
$exte = $info['extension'];
$exte = !empty($exte) ? '.' . $exte : '';
$fileName = time() . $exte;
//upload file
if (@move_uploaded_file($tmpFile, $path . $fileName)) {
@chmod($path . $fileName, '0777');
$status = $fileName;
} else {
$status = "error";
}
} else {
$status = "error";
}
}
return $status;
}
/**
* Move the uploaded image to destination path from the temp path
*
* @return mixed $status | false
*/
public function uploadPicture()
{
$status = "";
$path = "pictures/";
//check file array
$uploaderId = isset($_POST['marketUploaderId']) ? contrexx_input2raw($_POST['marketUploaderId']) : 0;
$fileName = isset($_POST['uploadImage']) ? contrexx_input2raw($_POST['uploadImage']) : 0;
if (empty($uploaderId) || empty($fileName)) {
return false;
}
//get file info
$objSession = \cmsSession::getInstance();
$tmpFile = $objSession->getTempPath() . '/' . $uploaderId . '/' . $fileName;
if (!\Cx\Lib\FileSystem\FileSystem::exists($tmpFile)) {
return false;
}
if ($fileName != '' && \FWValidator::is_file_ending_harmless($fileName)) {
//check extension
$info = pathinfo($fileName);
$exte = $info['extension'];
$exte = !empty($exte) ? '.' . $exte : '';
$part1 = substr($fileName, 0, strlen($fileName) - strlen($exte));
$rand = rand(10, 99);
$fileName = md5($rand . $fileName) . $exte;
//check file
// TODO: $x is not defined
$x = 0;
if (file_exists($this->mediaPath . $path . $fileName)) {
$fileName = $rand . $part1 . '_' . (time() + $x) . $exte;
$fileName = md5($fileName) . $exte;
}
//Move the uploaded file to the path specified in the variable $this->mediaPath
try {
$objFile = new \Cx\Lib\FileSystem\File($tmpFile);
if ($objFile->move($this->mediaPath . $path . $fileName, false)) {
$objFile = new \File();
$objFile->setChmod($this->mediaPath, $this->mediaWebPath, $path . $fileName);
$status = $fileName;
} else {
$status = "error";
}
} catch (\Cx\Lib\FileSystem\FileSystemException $e) {
\DBG::msg($e->getMessage());
}
} else {
$status = "error";
}
return $status;
}
/**
* Move the uploaded images into place and link to the user
*
* @param \User $objUser \User object
* @param array $arrProfile Array profile data
* @param array $arrImages Uploaded images array
* @param string $uploaderId Uploader id
*
* @return boolean TRUE on success false otherwise
*/
protected function addUploadedImagesToProfile($objUser, &$arrProfile, $arrImages, $uploaderId)
{
global $_CORELANG;
$objSession = \cmsSession::getInstance();
$arrErrorMsg = array();
foreach ($arrImages as $attribute => $arrHistories) {
foreach ($arrHistories as $historyId => $data) {
$arrUploadedImages = array();
if ($historyId === 'new') {
foreach ($data as $historyIndex => $filePath) {
$arrUploadedImages[] = array('path' => contrexx_input2raw($filePath), 'history_index' => $historyIndex);
}
} else {
$arrUploadedImages[] = array('path' => contrexx_input2raw($data));
}
foreach ($arrUploadedImages as $arrImage) {
$fileName = basename($arrImage['path']);
$path = $objSession->getTempPath() . '/' . contrexx_input2raw($uploaderId) . '/' . $fileName;
if (!\Cx\Lib\FileSystem\FileSystem::exists($path) || !\FWValidator::is_file_ending_harmless($path)) {
continue;
}
$fileSize = filesize($path);
if (!$this->isImageWithinAllowedSize($fileSize, $attribute == 'picture')) {
$objAttribute = $objUser->objAttribute->getById($attribute);
$arrErrorMsg[] = sprintf($_CORELANG['TXT_ACCESS_PIC_TOO_BIG'], htmlentities($objAttribute->getName(), ENT_QUOTES, CONTREXX_CHARSET));
continue;
}
// resize image and put it into place (ASCMS_ACCESS_PHOTO_IMG_PATH / ASCMS_ACCESS_PROFILE_IMG_PATH)
if (($imageName = $this->moveUploadedImageInToPlace($objUser, $path, $fileName, $attribute == 'picture')) === false) {
continue;
}
// create thumbnail
if ($this->createThumbnailOfImage($imageName, $attribute == 'picture') !== false) {
if ($historyId === 'new') {
$arrProfile[$attribute][$historyId][$arrImage['history_index']] = $imageName;
} else {
$arrProfile[$attribute][$historyId] = $imageName;
}
}
}
}
}
if (count($arrErrorMsg)) {
return $arrErrorMsg;
} else {
return true;
}
}
/**
* Upload the media files
*
* @param string $fileName name of the media file
* @param string $path folder path
* @param string $uploaderId uploader id
*
* @return string $status name of the uploaded file / error
*/
function uploadMedia($fileName, $path, $uploaderId)
{
if (empty($uploaderId) || empty($fileName)) {
return 'error';
}
$cx = \Cx\Core\Core\Controller\Cx::instanciate();
$objSession = $cx->getComponent('Session')->getSession();
$tempPath = $objSession->getTempPath() . '/' . $uploaderId . '/' . $fileName;
//Check the uploaded file exists in /tmp folder
if (!\Cx\Lib\FileSystem\FileSystem::exists($tempPath)) {
//If the file still exists in the mediaPath then return the filename
if (\Cx\Lib\FileSystem\FileSystem::exists($this->mediaPath . $path . $fileName)) {
return $fileName;
}
return 'error';
}
$info = pathinfo($fileName);
$exte = $info['extension'];
$extension = !empty($exte) ? '.' . $exte : '';
$file = substr($fileName, 0, strlen($fileName) - strlen($extension));
$rand = rand(10, 99);
$arrSettings = $this->getSettings();
if ($arrSettings['encodeFilename']['value'] == 1) {
$fileName = md5($rand . $file) . $extension;
}
//Rename the file if the filename already exists
while (\Cx\Lib\FileSystem\FileSystem::exists($this->mediaPath . $path . $fileName)) {
$fileName = $file . '_' . time() . $extension;
}
$filePath = $this->mediaPath . $path . $fileName;
if (!\FWValidator::is_file_ending_harmless($filePath)) {
return 'error';
}
//Move the file from /tmp folder into mediaPath and set the permission
try {
$objFile = new \Cx\Lib\FileSystem\File($tempPath);
if ($objFile->move($filePath, false)) {
$fileObj = new \File();
$fileObj->setChmod($this->mediaPath, $this->mediaWebPath, $path . $fileName);
$status = $fileName;
}
} catch (\Cx\Lib\FileSystem\FileSystemException $e) {
\DBG::msg($e->getMessage());
$status = 'error';
}
//make the thumb
if (($exte == "gif" || $exte == "jpeg" || $exte == "jpg" || $exte == "png") && $path != "uploads/") {
$this->createThumb($fileName, $path);
}
return $status;
}
public static function uploadFinished($tempPath, $tempWebPath, $data, $uploadId, $fileInfos)
{
global $objDatabase, $_ARRAYLANG, $_CONFIG;
$originalNames = $fileInfos['originalFileNames'];
$path = $data['path'];
$webPath = $data['webPath'];
$objCategory = Category::getCategory($data['category_id']);
// check for sufficient permissions
if ($objCategory->getAddFilesAccessId() && !\Permission::checkAccess($objCategory->getAddFilesAccessId(), 'dynamic', true) && $objCategory->getOwnerId() != \FWUser::getFWUserObject()->objUser->getId()) {
return;
}
//we remember the names of the uploaded files here. they are stored in the session afterwards,
//so we can later display them highlighted.
$arrFiles = array();
//rename files, delete unwanted
$arrFilesToRename = array();
//used to remember the files we need to rename
$h = opendir($tempPath);
while (false !== ($file = readdir($h))) {
//skip . and ..
if ($file == '.' || $file == '..') {
continue;
}
//delete potentially malicious files
if (!\FWValidator::is_file_ending_harmless($file)) {
@unlink($tempPath . '/' . $file);
continue;
}
$info = pathinfo($file);
$cleanFile = \Cx\Lib\FileSystem\FileSystem::replaceCharacters($file);
if ($cleanFile != $file) {
rename($tempPath . '/' . $file, $tempPath . '/' . $cleanFile);
$file = $cleanFile;
}
//check if file needs to be renamed
$newName = '';
$suffix = '';
if (file_exists($path . '/' . $file)) {
if (empty($_REQUEST['uploadForceOverwrite']) || !intval($_REQUEST['uploadForceOverwrite'] > 0)) {
$suffix = '_' . time();
$newName = $info['filename'] . $suffix . '.' . $info['extension'];
$arrFilesToRename[$file] = $newName;
array_push($arrFiles, $newName);
}
}
if (!isset($arrFilesToRename[$file])) {
//file will keep this name - create thumb
\ImageManager::_createThumb($tempPath . '/', $tempWebPath . '/', $file);
}
$objDownloads = new downloads('');
$objDownloads->addDownloadFromUpload($info['filename'], $info['extension'], $suffix, $objCategory, $objDownloads, $originalNames[$file]);
}
//rename files where needed
foreach ($arrFilesToRename as $oldName => $newName) {
rename($tempPath . '/' . $oldName, $tempPath . '/' . $newName);
//file will keep this name - create thumb
\ImageManager::_createThumb($tempPath . '/', $tempWebPath . '/', $newName);
}
//remeber the uploaded files
$_SESSION['media_upload_files_' . $uploadId] = $arrFiles;
/* unwanted files have been deleted, unallowed filenames corrected.
we can now simply return the desired target path, as only valid
files are present in $tempPath */
return array($path, $webPath);
}
public function moveFile(File $file, $destination)
{
global $_ARRAYLANG;
if (!empty($destination) || !\FWValidator::is_file_ending_harmless($destination)) {
if (is_dir($this->getFullPath($file) . $file->getFullName())) {
$fileName = $this->getFullPath($file) . $file->getFullName();
$destinationFileName = $this->getFullPath($file) . $destination;
} else {
$fileName = $this->getFullPath($file) . $file->getFullName();
$destinationFileName = $this->getFullPath($file) . $destination . '.' . $file->getExtension();
}
if ($fileName == $destinationFileName) {
return sprintf($_ARRAYLANG['TXT_FILEBROWSER_FILE_SUCCESSFULLY_RENAMED'], $file->getName());
}
$destinationFolder = realpath(pathinfo($this->getFullPath($file) . $destination, PATHINFO_DIRNAME));
if (!MediaSourceManager::isSubdirectory($this->rootPath, $destinationFolder)) {
return sprintf($_ARRAYLANG['TXT_FILEBROWSER_FILE_UNSUCCESSFULLY_RENAMED'], $file->getName());
}
$this->removeThumbnails($file);
if (!\Cx\Lib\FileSystem\FileSystem::move($fileName, $destinationFileName, false)) {
return sprintf($_ARRAYLANG['TXT_FILEBROWSER_FILE_UNSUCCESSFULLY_RENAMED'], $file->getName());
}
return sprintf($_ARRAYLANG['TXT_FILEBROWSER_FILE_SUCCESSFULLY_RENAMED'], $file->getName());
} else {
return sprintf($_ARRAYLANG['TXT_FILEBROWSER_FILE_UNSUCCESSFULLY_RENAMED'], $file->getName());
}
}
/**
* Upload Finished callback
*
* This is called as soon as uploads have finished.
* takes care of moving them to the right folder
*
* @param string $tempPath Path to the temporary directory containing the files at this moment
* @param string $tempWebPath Points to the same folder as tempPath, but relative to the webroot
* @param array $data Data given to setData() when creating the uploader
* @param string $uploadId unique session id for the current upload
* @param array $fileInfos uploaded file informations
* @param array $response uploaded status
*
* @return array path and webpath
*/
public static function uploadFinished($tempPath, $tempWebPath, $data, $uploadId, $fileInfos, $response)
{
$path = $data['path'];
$webPath = $data['webPath'];
$objCategory = Category::getCategory($data['category_id']);
// check for sufficient permissions
if ($objCategory->getAddFilesAccessId() && !\Permission::checkAccess($objCategory->getAddFilesAccessId(), 'dynamic', true) && $objCategory->getOwnerId() != \FWUser::getFWUserObject()->objUser->getId()) {
return;
}
//we remember the names of the uploaded files here. they are stored in the session afterwards,
//so we can later display them highlighted.
$arrFiles = array();
$uploadFiles = array();
//rename files, delete unwanted
$arrFilesToRename = array();
//used to remember the files we need to rename
$h = opendir($tempPath);
if (!$h) {
return array($path, $webPath);
}
while (false !== ($file = readdir($h))) {
//skip . and ..
if ($file == '.' || $file == '..') {
continue;
}
try {
//delete potentially malicious files
$objTempFile = new \Cx\Lib\FileSystem\File($tempPath . '/' . $file);
if (!\FWValidator::is_file_ending_harmless($file)) {
$objTempFile->delete();
continue;
}
$cleanFile = \Cx\Lib\FileSystem\FileSystem::replaceCharacters($file);
if ($cleanFile != $file) {
$objTempFile->rename($tempPath . '/' . $cleanFile, false);
$file = $cleanFile;
}
$info = pathinfo($file);
//check if file needs to be renamed
$newName = '';
$suffix = '';
if (file_exists($path . '/' . $file)) {
$suffix = '_' . time();
$newName = $info['filename'] . $suffix . '.' . $info['extension'];
$arrFilesToRename[$file] = $newName;
array_push($arrFiles, $newName);
}
if (!isset($arrFilesToRename[$file])) {
array_push($uploadFiles, $file);
}
//rename files where needed
foreach ($arrFilesToRename as $oldName => $newName) {
$objTempFile = new \Cx\Lib\FileSystem\File($tempPath . '/' . $oldName);
$objTempFile->rename($tempPath . '/' . $newName, false);
array_push($uploadFiles, $newName);
}
//move file from temp path into target folder
$objImage = new \ImageManager();
foreach ($uploadFiles as $fileName) {
$objFile = new \Cx\Lib\FileSystem\File($tempPath . '/' . $fileName);
$objFile->move($path . '/' . $fileName, false);
\Cx\Core\Core\Controller\Cx::instanciate()->getMediaSourceManager()->getThumbnailGenerator()->createThumbnailFromPath($path . '/' . $fileName);
}
} catch (\Cx\Lib\FileSystem\FileSystemException $e) {
\DBG::msg($e->getMessage());
}
$objDownloads = new downloads('');
$objDownloads->addDownloadFromUpload($info['filename'], $info['extension'], $suffix, $objCategory, $objDownloads, $fileInfos['name']);
}
return array($path, $webPath);
}
/**
* create new file or folder
*
* @param array $params supplied arguments from JsonData-request
* @return string
*/
public function newWithin($params)
{
global $_ARRAYLANG, $objInit;
$_ARRAYLANG = $objInit->loadLanguageData('ViewManager');
if (empty($params['post']['theme']) || empty($params['post']['name'])) {
return array('status' => 'error', 'message' => $_ARRAYLANG['TXT_THEME_OPERATION_FAILED_FOR_EMPTY_NAME']);
}
if ($params['post']['isFolder'] && preg_match('/^\\./', trim($params['post']['name']))) {
// folder name should not start with dot(.)
return array('status' => 'error', 'reload' => false, 'message' => sprintf($_ARRAYLANG['TXT_THEME_FOLDER_NAME_NOT_ALLOWED'], contrexx_input2xhtml($params['post']['name'])));
}
$matches = null;
preg_match('@{([0-9A-Za-z._-]+)(:([_a-zA-Z][A-Za-z_0-9]*))?}@sm', $params['post']['name'], $matches);
if (!empty($matches)) {
return array('status' => 'error', 'reload' => false, 'message' => sprintf($_ARRAYLANG['TXT_THEME_NAME_NOT_ALLOWED'], contrexx_input2xhtml($params['post']['newName'])));
}
// Cannot rename the virtual directory
$virtualDirs = array('/' . \Cx\Core\Core\Model\Entity\SystemComponent::TYPE_CORE_MODULE, '/' . \Cx\Core\Core\Model\Entity\SystemComponent::TYPE_MODULE, '/' . \Cx\Core\Core\Model\Entity\SystemComponent::TYPE_CORE);
$currentThemeFolderDirPath = \Env::get('cx')->getWebsiteThemesPath() . '/' . $params['post']['theme'] . '/';
// Create the theme folder, if it does not exist
if (!\Cx\Lib\FileSystem\FileSystem::exists($currentThemeFolderDirPath)) {
if (!\Cx\Lib\FileSystem\FileSystem::make_folder($currentThemeFolderDirPath)) {
return array('status' => 'error', 'reload' => false, 'message' => $_ARRAYLANG['TXT_THEME_NEWFILE_FAILED']);
}
}
$newFileName = \Cx\Lib\FileSystem\FileSystem::replaceCharacters($params['post']['name']);
if (!\FWValidator::is_file_ending_harmless($newFileName)) {
return array('status' => 'error', 'reload' => false, 'message' => sprintf($_ARRAYLANG['TXT_THEME_FILE_EXTENSION_NOT_ALLOWED'], contrexx_input2xhtml($newFileName)));
}
if (in_array('/' . $newFileName, $virtualDirs)) {
return array('status' => 'error', 'reload' => false, 'message' => $_ARRAYLANG['TXT_THEME_OPERATION_FAILED_FOR_VIRTUAL_FOLDER']);
}
if (!\Cx\Lib\FileSystem\FileSystem::exists($currentThemeFolderDirPath . $newFileName)) {
if ($params['post']['isFolder']) {
$status = \Cx\Lib\FileSystem\FileSystem::make_folder($currentThemeFolderDirPath . $newFileName);
$succesMessage = sprintf($_ARRAYLANG['TXT_THEME_FOLDER_CREATE_SUCCESS'], contrexx_input2xhtml($newFileName));
} else {
$status = \Cx\Lib\FileSystem\FileSystem::touch($currentThemeFolderDirPath . $newFileName);
$succesMessage = sprintf($_ARRAYLANG['TXT_THEME_FILE_CREATE_SUCCESS'], contrexx_input2xhtml($newFileName));
}
if (!$status) {
return array('status' => 'error', 'message' => $_ARRAYLANG['TXT_THEME_NEWFILE_FAILED']);
}
return array('status' => 'success', 'reload' => true, 'message' => $succesMessage, 'path' => '/' . $newFileName);
}
return array('status' => 'error', 'message' => sprintf($_ARRAYLANG['TXT_THEME_OPERATION_FAILED_FOR_FILE_ALREADY_EXITS'], contrexx_input2xhtml($newFileName)));
}
/**
* this is called as soon as uploads have finished.
* takes care of moving them to the right folder
*
* @return string the directory to move to
*/
public static function uploadFinished($tempPath, $tempWebPath, $data, $uploadId, $fileInfos)
{
$path = $data['path'];
$webPath = $data['webPath'];
//we remember the names of the uploaded files here. they are stored in the session afterwards,
//so we can later display them highlighted.
$arrFiles = array();
//rename files, delete unwanted
$arrFilesToRename = array();
//used to remember the files we need to rename
$h = opendir($tempPath);
while (false !== ($file = readdir($h))) {
$info = pathinfo($file);
//skip . and ..
if ($file == '.' || $file == '..') {
continue;
}
$file = \Cx\Lib\FileSystem\FileSystem::replaceCharacters($file);
//delete potentially malicious files
if (!\FWValidator::is_file_ending_harmless($file)) {
@unlink($tempPath . '/' . $file);
continue;
}
//check if file needs to be renamed
$newName = '';
$suffix = '';
if (file_exists($path . $file)) {
$suffix = '_' . time();
if (empty($_REQUEST['uploadForceOverwrite']) || !intval($_REQUEST['uploadForceOverwrite'] > 0)) {
$newName = $info['filename'] . $suffix . '.' . $info['extension'];
$arrFilesToRename[$file] = $newName;
array_push($arrFiles, $newName);
}
} else {
array_push($arrFiles, $file);
}
}
//rename files where needed
foreach ($arrFilesToRename as $oldName => $newName) {
rename($tempPath . '/' . $oldName, $tempPath . '/' . $newName);
}
//create thumbnails
// foreach($arrFiles as $file) {
// $fileType = pathinfo($file);
// if ($fileType['extension'] == 'jpg' || $fileType['extension'] == 'jpeg' || $fileType['extension'] == 'png' || $fileType['extension'] == 'gif') {
// $objFile = new File();
// $_objImage = new ImageManager();
// $_objImage->_createThumbWhq($tempPath.'/', $tempWebPath.'/', $file, 1e10, 80, 90);
//
// if ($objFile->setChmod($tempPath, $tempWebPath, ImageManager::getThumbnailFilename($file)))
// $this->_pushStatusMessage(sprintf($_ARRAYLANG['TXT_FILEBROWSER_THUMBNAIL_SUCCESSFULLY_CREATED'], $strWebPath.$file));
// }
// }
//remember the uploaded files
if (isset($_SESSION["filebrowser_upload_files_{$uploadId}"])) {
//do not overwrite already uploaded files
$arrFiles = array_merge($_SESSION["filebrowser_upload_files_{$uploadId}"], $arrFiles);
}
$_SESSION["filebrowser_upload_files_{$uploadId}"] = $arrFiles;
/* unwanted files have been deleted, unallowed filenames corrected.
we can now simply return the desired target path, as only valid
files are present in $tempPath */
return array($path, $webPath);
}
/**
* this is called as soon as uploads have finished.
* takes care of moving them to the right folder
*
* @return string the directory to move to
*/
public static function uploadFinished($tempPath, $tempWebPath, $data, $uploadId, $fileInfos, $response)
{
$path = $data['path'];
$webPath = $data['webPath'];
//we remember the names of the uploaded files here. they are stored in the session afterwards,
//so we can later display them highlighted.
$arrFiles = array();
//rename files, delete unwanted
$arrFilesToRename = array();
//used to remember the files we need to rename
$h = opendir($tempPath);
if ($h) {
while (false !== ($file = readdir($h))) {
//delete potentially malicious files
// TODO: this is probably an overhead, because the uploader might already to this. doesn't it?
if (!\FWValidator::is_file_ending_harmless($file)) {
@unlink($file);
continue;
}
if (self::isIllegalFileName($file)) {
$response->addMessage(\Cx\Core_Modules\Upload\Controller\UploadResponse::STATUS_ERROR, "You are not able to create the requested file.");
\Cx\Lib\FileSystem\FileSystem::delete_file($tempPath . '/' . $file);
continue;
}
//skip . and ..
if ($file == '.' || $file == '..') {
continue;
}
//clean file name
$newName = $file;
\Cx\Lib\FileSystem\FileSystem::clean_path($newName);
//check if file needs to be renamed
if (file_exists($path . $newName)) {
$info = pathinfo($newName);
$exte = $info['extension'];
$exte = !empty($exte) ? '.' . $exte : '';
$part1 = $info['filename'];
if (empty($_REQUEST['uploadForceOverwrite']) || !intval($_REQUEST['uploadForceOverwrite'] > 0)) {
$newName = $part1 . '_' . time() . $exte;
}
}
//if the name has changed, the file needs to be renamed afterwards
if ($newName != $file) {
$arrFilesToRename[$file] = $newName;
}
array_push($arrFiles, $newName);
}
}
//rename files where needed
foreach ($arrFilesToRename as $oldName => $newName) {
rename($tempPath . '/' . $oldName, $tempPath . '/' . $newName);
}
//remeber the uploaded files
$files = $_SESSION["media_upload_files_{$uploadId}"];
$_SESSION["media_upload_files_{$uploadId}"] = array_merge($arrFiles, $files ? $files->toArray() : []);
/* unwanted files have been deleted, unallowed filenames corrected.
we can now simply return the desired target path, as only valid
files are present in $tempPath */
return array($data['path'], $data['webPath']);
}
/**
* Copy the Upload the image to the path
* Note: validation should be done before calling this function
*
* @param string $filePath Temp path of the uploaded media
*
* @return boolean|string relative path of the uploaded file, false otherwise
*/
function uploadMedia($filePath)
{
if ($filePath == '' || !\FWValidator::is_file_ending_harmless($filePath)) {
return false;
}
$fileName = basename($filePath);
//get extension
$arrFileInfo = pathinfo($fileName);
$fileExtension = !empty($arrFileInfo['extension']) ? '.' . $arrFileInfo['extension'] : '';
$fileBasename = $arrFileInfo['filename'];
$randomSum = rand(10, 99);
//encode filename
if ($this->arrSettings['settingsEncryptFilenames'] == 1) {
$fileName = md5($randomSum . $fileBasename) . $fileExtension;
}
//check filename
if (file_exists($this->imagePath . 'uploads/' . $fileName)) {
$fileName = $fileBasename . '_' . time() . $fileExtension;
}
//upload file
if (\Cx\Lib\FileSystem\FileSystem::copy_file($filePath, $this->imagePath . 'uploads/' . $fileName) !== false) {
$objFile = new \File();
$objFile->setChmod($this->imagePath, $this->imageWebPath, 'uploads/' . $fileName);
return $this->imageWebPath . 'uploads/' . $fileName;
} else {
return false;
}
}
/**
* Sanitizes the filename by adding a .txt file extension to files with
* bad extensions and by removing strange characters.
*
* @param string $filename The filename to be sanitized
*
* @return string The sanitized filename
*/
public static function sanitizeFileName($filename)
{
$filename = FileSystem::replaceCharacters(filter_var($filename, FILTER_SANITIZE_URL));
$fileInfo = pathinfo($filename);
if (empty($filename)) {
$filename = 'file' . date('Y-m-d H:i:s');
}
if (!isset($fileInfo['extension'])) {
$filename = $filename . '.txt';
}
if (!\FWValidator::is_file_ending_harmless($filename)) {
$filename = $filename . '.txt';
}
return $filename;
}
