private function upload_theme()
 {
     $folder_phpboost_themes = PATH_TO_ROOT . '/templates/';
     if (!is_writable($folder_phpboost_themes)) {
         $is_writable = @chmod($folder_phpboost_themes, 0777);
     } else {
         $is_writable = true;
     }
     if ($is_writable) {
         $uploaded_file = $this->form->get_value('file');
         if ($uploaded_file !== null) {
             $upload = new Upload($folder_phpboost_themes);
             if ($upload->file('upload_theme_file', '`([A-Za-z0-9-_]+)\\.(gz|zip)+$`i')) {
                 $archive = $folder_phpboost_themes . $upload->get_filename();
                 if ($upload->get_extension() == 'gz') {
                     include_once PATH_TO_ROOT . '/kernel/lib/php/pcl/pcltar.lib.php';
                     $archive_content = PclTarList($upload->get_filename());
                 } else {
                     include_once PATH_TO_ROOT . '/kernel/lib/php/pcl/pclzip.lib.php';
                     $zip = new PclZip($archive);
                     $archive_content = $zip->listContent();
                 }
                 $archive_root_content = array();
                 $required_files = array('/config.ini', '/body.tpl', '/frame.tpl', '/theme/content.css', '/theme/design.css', '/theme/global.css');
                 foreach ($archive_content as $element) {
                     if (substr($element['filename'], -1) == '/') {
                         $element['filename'] = substr($element['filename'], 0, -1);
                     }
                     if (substr_count($element['filename'], '/') == 0) {
                         $archive_root_content[] = array('filename' => $element['filename'], 'folder' => isset($element['folder']) && $element['folder'] == 1 || isset($element['typeflag']) && $element['typeflag'] == 5);
                     }
                     if (isset($archive_root_content[0])) {
                         $name_in_archive = str_replace($archive_root_content[0]['filename'] . '/', '/', $element['filename']);
                         if (in_array($name_in_archive, $required_files)) {
                             unset($required_files[array_search($name_in_archive, $required_files)]);
                         }
                     }
                 }
                 if (count($archive_root_content) == 1 && $archive_root_content[0]['folder'] && empty($required_files)) {
                     $theme_id = $archive_root_content[0]['filename'];
                     if (!ThemesManager::get_theme_existed($theme_id)) {
                         if ($upload->get_extension() == 'gz') {
                             PclTarExtract($upload->get_filename(), $folder_phpboost_themes);
                         } else {
                             $zip->extract(PCLZIP_OPT_PATH, $folder_phpboost_themes, PCLZIP_OPT_SET_CHMOD, 0755);
                         }
                         $this->install_theme($theme_id, array('r-1' => 1, 'r0' => 1, 'r1' => 1));
                     } else {
                         $this->view->put('MSG', MessageHelper::display(LangLoader::get_message('element.already_exists', 'status-messages-common'), MessageHelper::NOTICE));
                     }
                 } else {
                     $this->view->put('MSG', MessageHelper::display(LangLoader::get_message('error.invalid_archive_content', 'status-messages-common'), MessageHelper::NOTICE));
                 }
                 $uploaded_file = new File($archive);
                 $uploaded_file->delete();
             } else {
                 $this->view->put('MSG', MessageHelper::display($this->lang['themes.upload_invalid_format'], MessageHelper::NOTICE));
             }
         } else {
             $this->view->put('MSG', MessageHelper::display(LangLoader::get_message('process.error', 'status-messages-common'), MessageHelper::NOTICE));
         }
     }
 }
 private function upload_module()
 {
     $modules_folder = PATH_TO_ROOT . '/';
     if (!is_writable($modules_folder)) {
         $is_writable = @chmod($dir, 0755);
     } else {
         $is_writable = true;
     }
     if ($is_writable) {
         $file = $this->form->get_value('file');
         if ($file !== null) {
             $modules_id = $file->get_name_without_extension();
             if (ModulesManager::is_module_installed($modules_id)) {
                 $upload = new Upload($modules_folder);
                 $upload->disableContentCheck();
                 if ($upload->file('upload_module_file', '`([A-Za-z0-9-_]+)\\.(gz|zip)+$`i', false, 100000000, false)) {
                     $archive_path = $modules_folder . $upload->get_filename();
                     if ($upload->get_extension() == 'gz') {
                         include_once PATH_TO_ROOT . '/kernel/lib/php/pcl/pcltar.lib.php';
                         PclTarExtract($upload->get_filename(), $modules_folder);
                         $file = new File($archive_path);
                         $file->delete();
                     } else {
                         if ($upload->get_extension() == 'zip') {
                             include_once PATH_TO_ROOT . '/kernel/lib/php/pcl/pclzip.lib.php';
                             $zip = new PclZip($archive_path);
                             $zip->extract(PCLZIP_OPT_PATH, $modules_folder, PCLZIP_OPT_SET_CHMOD, 0755);
                             $file = new File($archive_path);
                             $file->delete();
                         } else {
                             $this->view->put('MSG', MessageHelper::display($this->lang['modules.upload_invalid_format'], MessageHelper::NOTICE, 4));
                         }
                     }
                     $this->upgrade_module($modules_id);
                 } else {
                     $this->view->put('MSG', MessageHelper::display($this->lang['modules.upload_error'], MessageHelper::NOTICE, 4));
                 }
             } else {
                 $this->view->put('MSG', MessageHelper::display($this->lang['modules.not_installed_module'], MessageHelper::NOTICE, 4));
             }
         } else {
             $this->view->put('MSG', MessageHelper::display($this->lang['modules.upload_error'], MessageHelper::NOTICE, 4));
         }
     }
 }
Beispiel #3
0
 $error = '';
 if (!empty($authorized_pictures_extensions)) {
     $Upload = new Upload($dir);
     $idpic = 0;
     $idcat_post = retrieve(POST, 'cat', '');
     $name_post = retrieve(POST, 'name', '', TSTRING_AS_RECEIVED);
     if (!$Upload->file('gallery', '`([a-z0-9()_-])+\\.(' . implode('|', array_map('preg_quote', $authorized_pictures_extensions)) . ')+$`i', Upload::UNIQ_NAME, $config->get_max_weight())) {
         $error = $Upload->get_error();
     }
 } else {
     $error = 'e_upload_invalid_format';
 }
 if ($error != '') {
     AppContext::get_response()->redirect(GalleryUrlBuilder::get_link_cat_add($id_category, $error) . '#message_helper');
 } else {
     $path = $dir . $Upload->get_filename();
     $error = $Upload->check_img($config->get_max_width(), $config->get_max_height(), Upload::DELETE_ON_ERROR);
     if (!empty($error)) {
         //Erreur, on arrête ici
         AppContext::get_response()->redirect(GalleryUrlBuilder::get_link_cat_add($id_category, $error) . '#message_helper');
     } else {
         //Enregistrement de l'image dans la bdd.
         $Gallery->Resize_pics($path);
         if ($Gallery->get_error() != '') {
             AppContext::get_response()->redirect(GalleryUrlBuilder::get_link_cat_add($id_category, $Upload->get_error()) . '#message_helper');
         }
         $idpic = $Gallery->Add_pics($idcat_post, $name_post, $Upload->get_filename(), AppContext::get_current_user()->get_id());
         if ($Gallery->get_error() != '') {
             AppContext::get_response()->redirect(GalleryUrlBuilder::get_link_cat_add($id_category, $Upload->get_error()) . '#message_helper');
         }
         //Régénération du cache des photos aléatoires.
Beispiel #4
0
        if (!is_writable($dir)) {
            $is_writable = @chmod($dir, 0777);
        }
        @clearstatcache();
        if (is_writable($dir)) {
            $weight_max = $unlimited_data ? 100000000 : $group_limit - $member_memory_used;
            $Upload = new Upload($dir);
            $Upload->file('upload_file', '`([a-z0-9()_-])+\\.(' . implode('|', array_map('preg_quote', $files_upload_config->get_authorized_extensions())) . ')+$`i', Upload::UNIQ_NAME, $weight_max);
            if ($Upload->get_error() != '') {
                $error = $Upload->get_error();
                if ($Upload->get_error() == 'e_upload_max_weight') {
                    $error = 'e_max_data_reach';
                }
                AppContext::get_response()->redirect('/user/upload.php?f=' . $folder . '&erroru=' . $error . '&' . $popup_noamp . '#message_helper');
            } else {
                $result = PersistenceContext::get_querier()->insert(DB_TABLE_UPLOAD, array('idcat' => $folder, 'name' => $Upload->get_original_filename(), 'path' => $Upload->get_filename(), 'user_id' => AppContext::get_current_user()->get_id(), 'size' => $Upload->get_human_readable_size(), 'type' => $Upload->get_extension(), 'timestamp' => time()));
                $id_file = $result->get_last_inserted_id();
            }
        } else {
            $error = 'e_upload_failed_unwritable';
        }
    }
    $anchor = !empty($error) ? '&error=' . $error . '&' . $popup_noamp . '#message_helper' : '&' . $popup_noamp . (!empty($id_file) ? '#fi1' . $id_file : '');
    AppContext::get_response()->redirect(HOST . DIR . url('/user/upload.php?f=' . $folder . $anchor, '', '&'));
} elseif (!empty($del_folder)) {
    AppContext::get_session()->csrf_get_protect();
    //Protection csrf
    if (AppContext::get_current_user()->check_level(User::ADMIN_LEVEL)) {
        Uploads::Del_folder($del_folder);
    } else {
        $check_user_id = PersistenceContext::get_querier()->get_column_value(DB_TABLE_UPLOAD_CAT, 'user_id', 'WHERE id = :id', array('id' => $del_folder));
 private function upload_module()
 {
     $modules_folder = PATH_TO_ROOT . '/';
     if (!is_writable($modules_folder)) {
         $is_writable = @chmod($dir, 0755);
     } else {
         $is_writable = true;
     }
     if ($is_writable) {
         $uploaded_file = $this->form->get_value('file');
         if ($uploaded_file !== null) {
             $upload = new Upload($modules_folder);
             if ($upload->file('upload_module_file', '`([a-z0-9()_-])+\\.(gz|zip)+$`i')) {
                 $archive = $modules_folder . $upload->get_filename();
                 if ($upload->get_extension() == 'gz') {
                     include_once PATH_TO_ROOT . '/kernel/lib/php/pcl/pcltar.lib.php';
                     $archive_content = PclTarList($upload->get_filename());
                 } else {
                     include_once PATH_TO_ROOT . '/kernel/lib/php/pcl/pclzip.lib.php';
                     $zip = new PclZip($archive);
                     $archive_content = $zip->listContent();
                 }
                 $archive_root_content = array();
                 $required_files = array('/config.ini', '/index.php');
                 foreach ($archive_content as $element) {
                     if (substr($element['filename'], -1) == '/') {
                         $element['filename'] = substr($element['filename'], 0, -1);
                     }
                     if (substr_count($element['filename'], '/') == 0) {
                         $archive_root_content[] = array('filename' => $element['filename'], 'folder' => isset($element['folder']) && $element['folder'] == 1 || isset($element['typeflag']) && $element['typeflag'] == 5);
                     }
                     if (isset($archive_root_content[0])) {
                         $name_in_archive = str_replace($archive_root_content[0]['filename'] . '/', '/', $element['filename']);
                         if (in_array($name_in_archive, $required_files)) {
                             unset($required_files[array_search($name_in_archive, $required_files)]);
                         }
                     }
                 }
                 if (count($archive_root_content) == 1 && $archive_root_content[0]['folder'] && empty($required_files)) {
                     $module_id = $archive_root_content[0]['filename'];
                     if (!ModulesManager::is_module_installed($module_id)) {
                         if ($upload->get_extension() == 'gz') {
                             PclTarExtract($upload->get_filename(), $modules_folder);
                         } else {
                             $zip->extract(PCLZIP_OPT_PATH, $modules_folder, PCLZIP_OPT_SET_CHMOD, 0755);
                         }
                         $this->install_module($module_id, true);
                     } else {
                         $this->view->put('MSG', MessageHelper::display(LangLoader::get_message('element.already_exists', 'status-messages-common'), MessageHelper::NOTICE));
                     }
                 } else {
                     $this->view->put('MSG', MessageHelper::display(LangLoader::get_message('error.invalid_archive_content', 'status-messages-common'), MessageHelper::NOTICE));
                 }
                 $uploaded_file = new File($archive);
                 $uploaded_file->delete();
             } else {
                 $this->view->put('MSG', MessageHelper::display($this->lang['modules.upload_invalid_format'], MessageHelper::NOTICE));
             }
         } else {
             $this->view->put('MSG', MessageHelper::display($this->lang['modules.upload_error'], MessageHelper::NOTICE));
         }
     }
 }
 private function upload_avatar($form, $member_extended_field)
 {
     $avatar = $form->get_value('upload_avatar');
     $user_accounts_config = UserAccountsConfig::load();
     $authorized_pictures_extensions = FileUploadConfig::load()->get_authorized_picture_extensions();
     if (empty($authorized_pictures_extensions)) {
         return new MemberExtendedFieldErrorsMessageException(LangLoader::get_message('e_upload_invalid_format', 'errors'));
     }
     if ($form->get_value('link_avatar')) {
         if (preg_match('`([A-Za-z0-9()_-])+\\.(' . implode('|', array_map('preg_quote', $authorized_pictures_extensions)) . ')+$`i', $form->get_value('link_avatar'))) {
             $image = new Image($form->get_value('link_avatar'));
             if ($image->get_width() > $user_accounts_config->get_max_avatar_width() || $image->get_height() > $user_accounts_config->get_max_avatar_height()) {
                 if ($user_accounts_config->is_avatar_auto_resizing_enabled()) {
                     $directory = '/images/avatars/' . Url::encode_rewrite($image->get_name() . '_' . $this->key_hash()) . '.' . $image->get_extension();
                     $resizer = new ImageResizer();
                     $resizer->resize_with_max_values($image, $user_accounts_config->get_max_avatar_width(), $user_accounts_config->get_max_avatar_height(), PATH_TO_ROOT . $directory);
                     $this->delete_old_avatar($member_extended_field);
                     return $directory;
                 }
                 throw new MemberExtendedFieldErrorsMessageException(LangLoader::get_message('e_upload_max_dimension', 'errors'));
             }
             $this->delete_old_avatar($member_extended_field);
             return $form->get_value('link_avatar');
         } else {
             throw new MemberExtendedFieldErrorsMessageException(LangLoader::get_message('e_upload_invalid_format', 'errors'));
         }
     } elseif (!empty($avatar)) {
         if (UserAccountsConfig::load()->is_avatar_upload_enabled()) {
             $dir = '/images/avatars/';
             if ($user_accounts_config->is_avatar_auto_resizing_enabled()) {
                 $image = new Image($avatar->get_temporary_filename());
                 $resizer = new ImageResizer();
                 $explode = explode('.', $avatar->get_name());
                 $extension = array_pop($explode);
                 if (!in_array($extension, $authorized_pictures_extensions)) {
                     return new MemberExtendedFieldErrorsMessageException(LangLoader::get_message('e_upload_invalid_format', 'errors'));
                 }
                 $explode = explode('.', $avatar->get_name());
                 $name = $explode[0];
                 $directory = $dir . Url::encode_rewrite($name . '_' . $this->key_hash()) . '.' . $extension;
                 try {
                     $resizer->resize_with_max_values($image, $user_accounts_config->get_max_avatar_width(), $user_accounts_config->get_max_avatar_height(), PATH_TO_ROOT . $directory);
                     $this->delete_old_avatar($member_extended_field);
                     return $directory;
                 } catch (UnsupportedOperationException $e) {
                     throw new MemberExtendedFieldErrorsMessageException(LangLoader::get_message('e_upload_invalid_format', 'errors'));
                 }
             } else {
                 $Upload = new Upload(PATH_TO_ROOT . $dir);
                 $Upload->file($form->get_html_id() . '_upload_avatar', '`([A-Za-z0-9()_-])+\\.(' . implode('|', array_map('preg_quote', $authorized_pictures_extensions)) . ')+$`i', Upload::UNIQ_NAME, $user_accounts_config->get_max_avatar_weight() * 1024);
                 $upload_error = $Upload->get_error();
                 if (!empty($upload_error)) {
                     throw new MemberExtendedFieldErrorsMessageException(LangLoader::get_message($upload_error, 'errors'));
                 }
                 $error = $Upload->check_img($user_accounts_config->get_max_avatar_width(), $user_accounts_config->get_max_avatar_height(), Upload::DELETE_ON_ERROR);
                 if (!empty($error)) {
                     throw new MemberExtendedFieldErrorsMessageException(LangLoader::get_message($error, 'errors'));
                 } else {
                     $this->delete_old_avatar($member_extended_field);
                     return $dir . $Upload->get_filename();
                 }
             }
         }
     } else {
         return MemberExtendedFieldsService::return_field_member($member_extended_field->get_field_name(), $member_extended_field->get_user_id());
     }
 }