} else {
$link = 'files/edit.php';
}
Safe::redirect($context['url_to_home'] . $context['url_to_root'] . 'users/login.php?url=' . urlencode($link));
}
// permission denied to authenticated user
Safe::header('Status: 401 Unauthorized', TRUE, 401);
Logger::error(i18n::s('You are not allowed to perform this operation.'));
// file has been reserved
} elseif (isset($item['assign_id']) && $item['assign_id'] && !Surfer::is($item['assign_id']) && !$anchor->is_owned()) {
// prevent updates
$context['text'] .= Skin::build_block(sprintf(i18n::s('This file has been reserved by %s %s, and it is likely that an updated version will be made available soon.'), Users::get_link($item['assign_name'], $item['assign_address'], $item['assign_id']), Skin::build_date($item['assign_date'])), 'caution');
// follow-up commands
$context['text'] .= Skin::build_block(Skin::build_link($anchor->get_url('files'), i18n::s('Done'), 'button'), 'bottom');
// extension is not allowed
} elseif (Files::get_uploaded('upload', 'name') && !Files::is_authorized(Files::get_uploaded('upload', 'name'))) {
Safe::header('Status: 401 Unauthorized', TRUE, 401);
Logger::error(i18n::s('This type of file is not allowed.'));
// an error occured
} elseif (count($context['error'])) {
$item = $_REQUEST;
$with_form = TRUE;
// process uploaded data
} elseif (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'POST') {
// remember the previous version
if (isset($item['id'])) {
include_once '../versions/versions.php';
Versions::save($item, 'file:' . $item['id']);
}
// assume this is just an update of the record
$action = 'file:update';
function explode_callback($name)
{
global $context;
// reject all files put in sub-folders
if (($path = substr($name, strlen($context['uploaded_path'] . '/'))) && strpos($path, '/') !== FALSE) {
Safe::unlink($name);
} elseif (!Files::is_authorized($name)) {
Safe::unlink($name);
} else {
// make it easy to download
$ascii = utf8::to_ascii(basename($name));
Safe::rename($name, $context['uploaded_path'] . '/' . $ascii);
// remember this name
$context['uploaded_files'][] = $ascii;
}
}
/**
* create an attached file
*
* @param array of entity attributes (e.g., 'Content-Disposition')
* @param string file actual content
* @param array poster attributes
* @param string the target anchor (e.g., 'article:123')
* @param string reference of the object to be extended, if any
* @return string reference to the created object, or NULL
*/
public static function submit_file($entity_headers, $content, $user, $anchor, $target = NULL)
{
global $context;
// retrieve queue parameters
list($server, $account, $password, $allowed, $match, $section, $options, $hooks, $prefix, $suffix) = $context['mail_queue'];
// locate content-disposition
foreach ($entity_headers as $header) {
if (preg_match('/Content-Disposition/i', $header['name'])) {
$content_disposition = $header['value'];
break;
}
}
// find file name in content-disposition
$file_name = '';
if ($content_disposition && preg_match('/filename="*([a-zA-Z0-9\'\\(\\)\\+_,-\\.\\/:=\\? ]+)"*\\s*/i', $content_disposition, $matches)) {
$file_name = $matches[1];
}
// as an alternative, look in content-type
if (!$file_name) {
// locate content-type
foreach ($entity_headers as $header) {
if (preg_match('/Content-Type/i', $header['name'])) {
$content_type = $header['value'];
break;
}
}
// find file name in content-type
if ($content_type && preg_match('/name="*([a-zA-Z0-9\'\\(\\)\\+_,-\\.\\/:=\\? ]+)"*\\s*/i', $content_type, $matches)) {
$file_name = $matches[1];
}
}
// as an alternative, look in content-description
if (!$file_name) {
// locate content-description
foreach ($entity_headers as $header) {
if (preg_match('/Content-Description/i', $header['name'])) {
$content_description = $header['value'];
$file_name = $content_description;
break;
}
}
}
// sanity check
if (!$file_name) {
Logger::remember('agents/messages.php: No name to use for submitted file');
return NULL;
}
// we don't accept all extensions
if (!Files::is_authorized($file_name)) {
Logger::remember('agents/messages.php: Rejected file type for ' . $file_path . $file_name);
return NULL;
}
// file size
$file_size = strlen($content);
// sanity check
if ($file_size < 7) {
Logger::remember('agents/messages.php: Short file skipped');
return NULL;
}
// sanity check
if (!$anchor) {
Logger::remember('agents/messages.php: No anchor to use for submitted file', $file_name);
return NULL;
}
// get anchor data -- this is a mutable object
$host = Anchors::get($anchor, TRUE);
if (!is_object($host)) {
Logger::remember('agents/messages.php: Unknown anchor ' . $anchor);
return NULL;
}
// create target folders
list($anchor_type, $anchor_id) = explode(':', $anchor, 2);
$file_path = 'files/' . $anchor_type . '/' . $anchor_id;
if (!Safe::make_path($file_path)) {
Logger::remember('agents/messages.php: Impossible to create ' . $file_path);
return NULL;
}
$file_path = $context['path_to_root'] . $file_path . '/';
// save the entity in the file system
if (!($file = Safe::fopen($file_path . $file_name, 'wb'))) {
Logger::remember('agents/messages.php: Impossible to open ' . $file_path . $file_name);
return NULL;
}
if (fwrite($file, $content) === FALSE) {
Logger::remember('agents/messages.php: Impossible to write to ' . $file_path . $file_name);
return NULL;
}
fclose($file);
// update file description
$item = array();
$item['anchor'] = $anchor;
$item['file_name'] = $file_name;
$item['file_size'] = $file_size;
if (isset($content_description) && $content_description != $file_name) {
$item['description'] = $content_description;
}
$item['edit_date'] = gmstrftime('%Y-%m-%d %H:%M:%S', time());
$item['edit_name'] = $user['nick_name'];
$item['edit_id'] = $user['id'];
$item['edit_address'] = $user['email'];
// create a file record in the database
if (!($item['id'] = Files::post($item))) {
Logger::remember('agents/messages.php: ' . Logger::error_pop());
return NULL;
}
if ($context['debug_messages'] == 'Y') {
Logger::remember('agents/messages.php: Messages::submit_file()', $item, 'debug');
}
return 'file:' . $item['id'];
}
die(json_encode(array('data' => $msg, 'status' => $status, 'preview' => $preview, 'js' => $js)));
}
load_skin();
safe::make_path('temporary/uploaded/');
// we need a file
if (isset($_FILES[$name]) && count($_FILES[$name])) {
// Check for errors
if ($_FILES[$name]['error'] > 0) {
Safe::header('Status: Internal 500 server error', TRUE, 500);
outputJSON(i18n::s('An error ocurred when uploading.'));
}
/*if(!getimagesize($_FILES['SelectedFile']['tmp_name'])){
outputJSON('Please ensure you are uploading an image.');
}*/
// Check filetype
if (!Files::is_authorized($_FILES[$name]['name'])) {
Safe::header('Status: 415 Unsupported media', TRUE, 415);
outputJSON(i18n::s('Unsupported filetype uploaded.'));
}
// Check filesize
/*if($_FILES['SelectedFile']['size'] > Safe::get_cfg_var('upload_max_filesize')){
outputJSON('File uploaded exceeds maximum upload size.');
}*/
// Check if the file exists
if (file_exists(UPLOAD_PATH . $_FILES[$name]['name'])) {
Safe::header('Status: 500 Internal server error', TRUE, 500);
outputJSON(i18n::s('File with that name already exists in temporary folder.'));
}
// Upload file
$path = $context['path_to_root'] . UPLOAD_PATH . $_FILES[$name]['name'];
if (!Safe::move_uploaded_file($_FILES[$name]['tmp_name'], $path)) {
