if (!is_dir($destdir)) { mkdir($destdir); } else { $importtemplateoutput .= "<div class=\"warningheader\">" . $clang->gT("Error") . "</div><br />\n"; $importtemplateoutput .= sprintf($clang->gT("Template '%s' does already exist."), $newdir) . "<br/><br/>\n"; $importtemplateoutput .= "<br/><input type=\"submit\" onclick=\"window.open('{$scriptname}?action=templates', '_top')\" value=\"" . $clang->gT("Template Editor") . "\"/>\n"; $importtemplateoutput .= "</div>\n"; return; } $aImportedFilesInfo = array(); $aErrorFilesInfo = array(); if (is_file($zipfile)) { $importtemplateoutput .= "<div class=\"successheader\">" . $clang->gT("Success") . "</div><br />\n"; $importtemplateoutput .= $clang->gT("File upload succeeded.") . "<br /><br />\n"; $importtemplateoutput .= $clang->gT("Reading file..") . "<br /><br />\n"; if ($z->extract($extractdir, $zipfile) != 'OK') { $importtemplateoutput .= "<div class=\"warningheader\">" . $clang->gT("Error") . "</div><br />\n"; $importtemplateoutput .= $clang->gT("This file is not a valid ZIP file archive. Import failed.") . "<br/><br/>\n"; $importtemplateoutput .= "<br/><input type=\"submit\" onclick=\"window.open('{$scriptname}?action=templates', '_top')\" value=\"" . $clang->gT("Template Editor") . "\"/>\n"; $importtemplateoutput .= "</div>\n"; return; } $ErrorListHeader = ""; $ImportListHeader = ""; // now read tempdir and copy authorized files only $dh = opendir($extractdir); while ($direntry = readdir($dh)) { if ($direntry != "." && $direntry != "..") { if (is_file($extractdir . "/" . $direntry)) { // is a file $extfile = substr(strrchr($direntry, '.'), 1);
/** * Responsible to import a template archive. * * @access public * @return void */ public function upload() { $clang = $this->getController()->lang; // $this->getController()->_js_admin_includes(Yii::app()->getConfig('adminscripts') . 'templates.js'); $aViewUrls = $this->_initialise('default', 'welcome', 'startpage.pstpl', FALSE); $lid = returnGlobal('lid'); $action = returnGlobal('action'); if ($action == 'templateupload') { if (Yii::app()->getConfig('demoMode')) { $this->getController()->error($clang->gT("Demo mode: Uploading templates is disabled.")); } Yii::import('application.libraries.admin.Phpzip', true); $zipfile = $_FILES['the_file']['tmp_name']; $zip = new PHPZip(); // Create temporary directory so that if dangerous content is unzipped it would be unaccessible $extractdir = self::_tempdir(Yii::app()->getConfig('tempdir')); $basedestdir = Yii::app()->getConfig('usertemplaterootdir'); $newdir = str_replace('.', '', self::_strip_ext(sanitize_paranoid_string($_FILES['the_file']['name']))); $destdir = $basedestdir . '/' . $newdir . '/'; if (!is_writeable($basedestdir)) { $this->getController()->error(sprintf($clang->gT("Incorrect permissions in your %s folder."), $basedestdir)); } if (!is_dir($destdir)) { mkdir($destdir); } else { $this->getController()->error(sprintf($clang->gT("Template '%s' does already exist."), $newdir)); } $aImportedFilesInfo = array(); $aErrorFilesInfo = array(); if (is_file($zipfile)) { if ($zip->extract($extractdir, $zipfile) != 'OK') { $this->getController()->error($clang->gT("This file is not a valid ZIP file archive. Import failed.")); } // Now read tempdir and copy authorized files only $dh = opendir($extractdir); while ($direntry = readdir($dh)) { if ($direntry != "." && $direntry != "..") { if (is_file($extractdir . "/" . $direntry)) { // Is a file $extfile = substr(strrchr($direntry, '.'), 1); if (!(stripos(',' . Yii::app()->getConfig('allowedresourcesuploads') . ',', ',' . $extfile . ',') === false)) { // Extension allowed if (!copy($extractdir . "/" . $direntry, $destdir . $direntry)) { $aErrorFilesInfo[] = array("filename" => $direntry, "status" => $clang->gT("Copy failed")); } else { $aImportedFilesInfo[] = array("filename" => $direntry, "status" => $clang->gT("OK")); } } else { // Extension forbidden $aErrorFilesInfo[] = array("filename" => $direntry, "status" => $clang->gT("Error") . " (" . $clang->gT("Forbidden Extension") . ")"); } unlink($extractdir . "/" . $direntry); } } } // Delete the temporary file unlink($zipfile); closedir($dh); // Delete temporary folder rmdir($extractdir); if (count($aErrorFilesInfo) == 0 && count($aImportedFilesInfo) == 0) { $this->getController()->error($clang->gT("This ZIP archive contains no valid template files. Import failed.")); } } else { $this->getController()->error(sprintf($clang->gT("An error occurred uploading your file. This may be caused by incorrect permissions in your %s folder."), $basedestdir)); } if (count($aImportedFilesInfo) > 0) { $templateFixes = $this->_templateFixes($newdir); } else { $templateFixes = array(); } $aViewUrls = 'importuploaded_view'; $aData = array('aImportedFilesInfo' => $aImportedFilesInfo, 'aErrorFilesInfo' => $aErrorFilesInfo, 'lid' => $lid, 'newdir' => $newdir, 'templateFixes' => $templateFixes); } else { $aViewUrls = 'importform_view'; $aData = array('lid' => $lid); } $this->_renderWrappedTemplate('templates', $aViewUrls, $aData); }