private function upload_theme() { $folder_phpboost_themes = PATH_TO_ROOT . '/templates/'; if (!is_writable($folder_phpboost_themes)) { $is_writable = @chmod($folder_phpboost_themes, 0777); } else { $is_writable = true; } if ($is_writable) { $uploaded_file = $this->form->get_value('file'); if ($uploaded_file !== null) { $upload = new Upload($folder_phpboost_themes); if ($upload->file('upload_theme_file', '`([A-Za-z0-9-_]+)\\.(gz|zip)+$`i')) { $archive = $folder_phpboost_themes . $upload->get_filename(); if ($upload->get_extension() == 'gz') { include_once PATH_TO_ROOT . '/kernel/lib/php/pcl/pcltar.lib.php'; $archive_content = PclTarList($upload->get_filename()); } else { include_once PATH_TO_ROOT . '/kernel/lib/php/pcl/pclzip.lib.php'; $zip = new PclZip($archive); $archive_content = $zip->listContent(); } $archive_root_content = array(); $required_files = array('/config.ini', '/body.tpl', '/frame.tpl', '/theme/content.css', '/theme/design.css', '/theme/global.css'); foreach ($archive_content as $element) { if (substr($element['filename'], -1) == '/') { $element['filename'] = substr($element['filename'], 0, -1); } if (substr_count($element['filename'], '/') == 0) { $archive_root_content[] = array('filename' => $element['filename'], 'folder' => isset($element['folder']) && $element['folder'] == 1 || isset($element['typeflag']) && $element['typeflag'] == 5); } if (isset($archive_root_content[0])) { $name_in_archive = str_replace($archive_root_content[0]['filename'] . '/', '/', $element['filename']); if (in_array($name_in_archive, $required_files)) { unset($required_files[array_search($name_in_archive, $required_files)]); } } } if (count($archive_root_content) == 1 && $archive_root_content[0]['folder'] && empty($required_files)) { $theme_id = $archive_root_content[0]['filename']; if (!ThemesManager::get_theme_existed($theme_id)) { if ($upload->get_extension() == 'gz') { PclTarExtract($upload->get_filename(), $folder_phpboost_themes); } else { $zip->extract(PCLZIP_OPT_PATH, $folder_phpboost_themes, PCLZIP_OPT_SET_CHMOD, 0755); } $this->install_theme($theme_id, array('r-1' => 1, 'r0' => 1, 'r1' => 1)); } else { $this->view->put('MSG', MessageHelper::display(LangLoader::get_message('element.already_exists', 'status-messages-common'), MessageHelper::NOTICE)); } } else { $this->view->put('MSG', MessageHelper::display(LangLoader::get_message('error.invalid_archive_content', 'status-messages-common'), MessageHelper::NOTICE)); } $uploaded_file = new File($archive); $uploaded_file->delete(); } else { $this->view->put('MSG', MessageHelper::display($this->lang['themes.upload_invalid_format'], MessageHelper::NOTICE)); } } else { $this->view->put('MSG', MessageHelper::display(LangLoader::get_message('process.error', 'status-messages-common'), MessageHelper::NOTICE)); } } }
private function upload_module() { $modules_folder = PATH_TO_ROOT . '/'; if (!is_writable($modules_folder)) { $is_writable = @chmod($dir, 0755); } else { $is_writable = true; } if ($is_writable) { $file = $this->form->get_value('file'); if ($file !== null) { $modules_id = $file->get_name_without_extension(); if (ModulesManager::is_module_installed($modules_id)) { $upload = new Upload($modules_folder); $upload->disableContentCheck(); if ($upload->file('upload_module_file', '`([A-Za-z0-9-_]+)\\.(gz|zip)+$`i', false, 100000000, false)) { $archive_path = $modules_folder . $upload->get_filename(); if ($upload->get_extension() == 'gz') { include_once PATH_TO_ROOT . '/kernel/lib/php/pcl/pcltar.lib.php'; PclTarExtract($upload->get_filename(), $modules_folder); $file = new File($archive_path); $file->delete(); } else { if ($upload->get_extension() == 'zip') { include_once PATH_TO_ROOT . '/kernel/lib/php/pcl/pclzip.lib.php'; $zip = new PclZip($archive_path); $zip->extract(PCLZIP_OPT_PATH, $modules_folder, PCLZIP_OPT_SET_CHMOD, 0755); $file = new File($archive_path); $file->delete(); } else { $this->view->put('MSG', MessageHelper::display($this->lang['modules.upload_invalid_format'], MessageHelper::NOTICE, 4)); } } $this->upgrade_module($modules_id); } else { $this->view->put('MSG', MessageHelper::display($this->lang['modules.upload_error'], MessageHelper::NOTICE, 4)); } } else { $this->view->put('MSG', MessageHelper::display($this->lang['modules.not_installed_module'], MessageHelper::NOTICE, 4)); } } else { $this->view->put('MSG', MessageHelper::display($this->lang['modules.upload_error'], MessageHelper::NOTICE, 4)); } } }
$error = ''; if (!empty($authorized_pictures_extensions)) { $Upload = new Upload($dir); $idpic = 0; $idcat_post = retrieve(POST, 'cat', ''); $name_post = retrieve(POST, 'name', '', TSTRING_AS_RECEIVED); if (!$Upload->file('gallery', '`([a-z0-9()_-])+\\.(' . implode('|', array_map('preg_quote', $authorized_pictures_extensions)) . ')+$`i', Upload::UNIQ_NAME, $config->get_max_weight())) { $error = $Upload->get_error(); } } else { $error = 'e_upload_invalid_format'; } if ($error != '') { AppContext::get_response()->redirect(GalleryUrlBuilder::get_link_cat_add($id_category, $error) . '#message_helper'); } else { $path = $dir . $Upload->get_filename(); $error = $Upload->check_img($config->get_max_width(), $config->get_max_height(), Upload::DELETE_ON_ERROR); if (!empty($error)) { //Erreur, on arrête ici AppContext::get_response()->redirect(GalleryUrlBuilder::get_link_cat_add($id_category, $error) . '#message_helper'); } else { //Enregistrement de l'image dans la bdd. $Gallery->Resize_pics($path); if ($Gallery->get_error() != '') { AppContext::get_response()->redirect(GalleryUrlBuilder::get_link_cat_add($id_category, $Upload->get_error()) . '#message_helper'); } $idpic = $Gallery->Add_pics($idcat_post, $name_post, $Upload->get_filename(), AppContext::get_current_user()->get_id()); if ($Gallery->get_error() != '') { AppContext::get_response()->redirect(GalleryUrlBuilder::get_link_cat_add($id_category, $Upload->get_error()) . '#message_helper'); } //Régénération du cache des photos aléatoires.
if (!is_writable($dir)) { $is_writable = @chmod($dir, 0777); } @clearstatcache(); if (is_writable($dir)) { $weight_max = $unlimited_data ? 100000000 : $group_limit - $member_memory_used; $Upload = new Upload($dir); $Upload->file('upload_file', '`([a-z0-9()_-])+\\.(' . implode('|', array_map('preg_quote', $files_upload_config->get_authorized_extensions())) . ')+$`i', Upload::UNIQ_NAME, $weight_max); if ($Upload->get_error() != '') { $error = $Upload->get_error(); if ($Upload->get_error() == 'e_upload_max_weight') { $error = 'e_max_data_reach'; } AppContext::get_response()->redirect('/user/upload.php?f=' . $folder . '&erroru=' . $error . '&' . $popup_noamp . '#message_helper'); } else { $result = PersistenceContext::get_querier()->insert(DB_TABLE_UPLOAD, array('idcat' => $folder, 'name' => $Upload->get_original_filename(), 'path' => $Upload->get_filename(), 'user_id' => AppContext::get_current_user()->get_id(), 'size' => $Upload->get_human_readable_size(), 'type' => $Upload->get_extension(), 'timestamp' => time())); $id_file = $result->get_last_inserted_id(); } } else { $error = 'e_upload_failed_unwritable'; } } $anchor = !empty($error) ? '&error=' . $error . '&' . $popup_noamp . '#message_helper' : '&' . $popup_noamp . (!empty($id_file) ? '#fi1' . $id_file : ''); AppContext::get_response()->redirect(HOST . DIR . url('/user/upload.php?f=' . $folder . $anchor, '', '&')); } elseif (!empty($del_folder)) { AppContext::get_session()->csrf_get_protect(); //Protection csrf if (AppContext::get_current_user()->check_level(User::ADMIN_LEVEL)) { Uploads::Del_folder($del_folder); } else { $check_user_id = PersistenceContext::get_querier()->get_column_value(DB_TABLE_UPLOAD_CAT, 'user_id', 'WHERE id = :id', array('id' => $del_folder));
private function upload_module() { $modules_folder = PATH_TO_ROOT . '/'; if (!is_writable($modules_folder)) { $is_writable = @chmod($dir, 0755); } else { $is_writable = true; } if ($is_writable) { $uploaded_file = $this->form->get_value('file'); if ($uploaded_file !== null) { $upload = new Upload($modules_folder); if ($upload->file('upload_module_file', '`([a-z0-9()_-])+\\.(gz|zip)+$`i')) { $archive = $modules_folder . $upload->get_filename(); if ($upload->get_extension() == 'gz') { include_once PATH_TO_ROOT . '/kernel/lib/php/pcl/pcltar.lib.php'; $archive_content = PclTarList($upload->get_filename()); } else { include_once PATH_TO_ROOT . '/kernel/lib/php/pcl/pclzip.lib.php'; $zip = new PclZip($archive); $archive_content = $zip->listContent(); } $archive_root_content = array(); $required_files = array('/config.ini', '/index.php'); foreach ($archive_content as $element) { if (substr($element['filename'], -1) == '/') { $element['filename'] = substr($element['filename'], 0, -1); } if (substr_count($element['filename'], '/') == 0) { $archive_root_content[] = array('filename' => $element['filename'], 'folder' => isset($element['folder']) && $element['folder'] == 1 || isset($element['typeflag']) && $element['typeflag'] == 5); } if (isset($archive_root_content[0])) { $name_in_archive = str_replace($archive_root_content[0]['filename'] . '/', '/', $element['filename']); if (in_array($name_in_archive, $required_files)) { unset($required_files[array_search($name_in_archive, $required_files)]); } } } if (count($archive_root_content) == 1 && $archive_root_content[0]['folder'] && empty($required_files)) { $module_id = $archive_root_content[0]['filename']; if (!ModulesManager::is_module_installed($module_id)) { if ($upload->get_extension() == 'gz') { PclTarExtract($upload->get_filename(), $modules_folder); } else { $zip->extract(PCLZIP_OPT_PATH, $modules_folder, PCLZIP_OPT_SET_CHMOD, 0755); } $this->install_module($module_id, true); } else { $this->view->put('MSG', MessageHelper::display(LangLoader::get_message('element.already_exists', 'status-messages-common'), MessageHelper::NOTICE)); } } else { $this->view->put('MSG', MessageHelper::display(LangLoader::get_message('error.invalid_archive_content', 'status-messages-common'), MessageHelper::NOTICE)); } $uploaded_file = new File($archive); $uploaded_file->delete(); } else { $this->view->put('MSG', MessageHelper::display($this->lang['modules.upload_invalid_format'], MessageHelper::NOTICE)); } } else { $this->view->put('MSG', MessageHelper::display($this->lang['modules.upload_error'], MessageHelper::NOTICE)); } } }
private function upload_avatar($form, $member_extended_field) { $avatar = $form->get_value('upload_avatar'); $user_accounts_config = UserAccountsConfig::load(); $authorized_pictures_extensions = FileUploadConfig::load()->get_authorized_picture_extensions(); if (empty($authorized_pictures_extensions)) { return new MemberExtendedFieldErrorsMessageException(LangLoader::get_message('e_upload_invalid_format', 'errors')); } if ($form->get_value('link_avatar')) { if (preg_match('`([A-Za-z0-9()_-])+\\.(' . implode('|', array_map('preg_quote', $authorized_pictures_extensions)) . ')+$`i', $form->get_value('link_avatar'))) { $image = new Image($form->get_value('link_avatar')); if ($image->get_width() > $user_accounts_config->get_max_avatar_width() || $image->get_height() > $user_accounts_config->get_max_avatar_height()) { if ($user_accounts_config->is_avatar_auto_resizing_enabled()) { $directory = '/images/avatars/' . Url::encode_rewrite($image->get_name() . '_' . $this->key_hash()) . '.' . $image->get_extension(); $resizer = new ImageResizer(); $resizer->resize_with_max_values($image, $user_accounts_config->get_max_avatar_width(), $user_accounts_config->get_max_avatar_height(), PATH_TO_ROOT . $directory); $this->delete_old_avatar($member_extended_field); return $directory; } throw new MemberExtendedFieldErrorsMessageException(LangLoader::get_message('e_upload_max_dimension', 'errors')); } $this->delete_old_avatar($member_extended_field); return $form->get_value('link_avatar'); } else { throw new MemberExtendedFieldErrorsMessageException(LangLoader::get_message('e_upload_invalid_format', 'errors')); } } elseif (!empty($avatar)) { if (UserAccountsConfig::load()->is_avatar_upload_enabled()) { $dir = '/images/avatars/'; if ($user_accounts_config->is_avatar_auto_resizing_enabled()) { $image = new Image($avatar->get_temporary_filename()); $resizer = new ImageResizer(); $explode = explode('.', $avatar->get_name()); $extension = array_pop($explode); if (!in_array($extension, $authorized_pictures_extensions)) { return new MemberExtendedFieldErrorsMessageException(LangLoader::get_message('e_upload_invalid_format', 'errors')); } $explode = explode('.', $avatar->get_name()); $name = $explode[0]; $directory = $dir . Url::encode_rewrite($name . '_' . $this->key_hash()) . '.' . $extension; try { $resizer->resize_with_max_values($image, $user_accounts_config->get_max_avatar_width(), $user_accounts_config->get_max_avatar_height(), PATH_TO_ROOT . $directory); $this->delete_old_avatar($member_extended_field); return $directory; } catch (UnsupportedOperationException $e) { throw new MemberExtendedFieldErrorsMessageException(LangLoader::get_message('e_upload_invalid_format', 'errors')); } } else { $Upload = new Upload(PATH_TO_ROOT . $dir); $Upload->file($form->get_html_id() . '_upload_avatar', '`([A-Za-z0-9()_-])+\\.(' . implode('|', array_map('preg_quote', $authorized_pictures_extensions)) . ')+$`i', Upload::UNIQ_NAME, $user_accounts_config->get_max_avatar_weight() * 1024); $upload_error = $Upload->get_error(); if (!empty($upload_error)) { throw new MemberExtendedFieldErrorsMessageException(LangLoader::get_message($upload_error, 'errors')); } $error = $Upload->check_img($user_accounts_config->get_max_avatar_width(), $user_accounts_config->get_max_avatar_height(), Upload::DELETE_ON_ERROR); if (!empty($error)) { throw new MemberExtendedFieldErrorsMessageException(LangLoader::get_message($error, 'errors')); } else { $this->delete_old_avatar($member_extended_field); return $dir . $Upload->get_filename(); } } } } else { return MemberExtendedFieldsService::return_field_member($member_extended_field->get_field_name(), $member_extended_field->get_user_id()); } }