function ServerMapFolder($resourceType, $folderPath, $sCommand)
{
global $Config;
// Get the resource type directory.
$sResourceTypePath = GetResourceTypeDirectory($resourceType, $sCommand);
// Ensure that the directory exists.
$sErrorMsg = CreateServerFolder($sResourceTypePath);
if ($sErrorMsg != '') {
SendError(1, "Ошибка создания папки \"{$sResourceTypePath}\" ({$sErrorMsg})");
}
if ($Config['ThumbList'] && $resourceType == 'Image') {
ServerMapFolder('ImageThumb', $folderPath, $sCommand);
}
// Return the resource type directory combined with the required path.
return CombinePaths($sResourceTypePath, $folderPath);
}
function FileUpload($resourceType, $currentFolder, $sCommand)
{
global $dwfck_conf;
if (!isset($_FILES)) {
global $_FILES;
}
$sErrorNumber = '0';
$sFileName = '';
$sess_id = session_id();
if (!isset($sess_id) || $sess_id != $_COOKIE['FCK_NmSp_acl']) {
session_id($_COOKIE['FCK_NmSp_acl']);
session_start();
}
global $Dwfck_conf_values;
$dwfck_conf = $_SESSION['dwfck_conf'];
if (empty($dwfck_conf)) {
$dwfck_conf['deaccent'] = isset($Dwfck_conf_values['deaccent']) ? $Dwfck_conf_values['deaccent'] : 1;
$dwfck_conf['useslash'] = isset($Dwfck_conf_values['useslash']) ? $Dwfck_conf_values['useslash'] : 0;
$dwfck_conf['sepchar'] = isset($Dwfck_conf_values['sepchar']) ? $Dwfck_conf_values['sepchar'] : '_';
}
$auth = 0;
if (isset($_REQUEST['TopLevel'])) {
list($top_level, $auth) = explode(';;', $_REQUEST['TopLevel']);
}
$safe = false;
global $Dwfck_conf_values;
if ($Dwfck_conf_values['fnencode'] == 'safe') {
if (preg_match('/%[a-z]+[0-9]/', $currentFolder) || preg_match('/%[0-9][a-z]/', $currentFolder)) {
$safe = true;
}
}
$ns_tmp = dwiki_decodeFN(trim($currentFolder, '/'));
$ns_tmp = str_replace('/', ':', $ns_tmp);
$test = $ns_tmp . ':*';
if (!$safe) {
$test = urldecode($test);
while (preg_match('/%25/', $test)) {
$test = urldecode($test);
}
$test = urldecode($test);
}
$isadmin = isset($_SESSION['dwfck_conf']['isadmin']) ? $_SESSION['dwfck_conf']['isadmin'] : false;
if (!$isadmin) {
$AUTH = auth_aclcheck($test, $_SESSION['dwfck_client'], $_SESSION['dwfck_grps'], 1);
if ($AUTH < 8) {
$msg = "";
$sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
$sFileUrl = CombinePaths($sFileUrl, $_FILES['NewFile']['name']);
SendUploadResults('203', $sFileUrl, htmlentities($_FILES['NewFile']['name']), $msg);
return;
}
}
if (!$safe) {
$currentFolder = encode_dir($currentFolder);
}
if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])) {
global $Config;
$upload_err = $_FILES['NewFile']['error'];
if ($upload_err) {
send_ckg_UploadError($upload_err, $sFileUrl, htmlentities($_FILES['NewFile']['name']));
exit;
}
$oFile = $_FILES['NewFile'];
// Map the virtual path to the local server path.
$sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand);
// Get the uploaded file name.
$sFileName = dwiki_encodeFN($oFile['name']);
$sOriginalFileName = dwiki_encodeFN($sFileName);
// Get the extension.
$sExtension = substr($sFileName, strrpos($sFileName, '.') + 1);
$sExtension = strtolower($sExtension);
$image_file = false;
if (in_array($sExtension, $Config['AllowedExtensions']['Image'])) {
$image_file = true;
}
if (isset($Config['SecureImageUploads'])) {
if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) {
$sErrorNumber = '202';
}
}
if (isset($Config['HtmlExtensions'])) {
if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) {
$sErrorNumber = '202';
}
}
$sFileName = Dwfck_sanitize($sFileName, $image_file);
// Check if it is an allowed extension.
if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) {
$iCounter = 0;
while (true) {
//$sFileName = strtolower($sFileName);
if (!is_dir($sServerDir)) {
if (isset($Config['ChmodOnFolderCreate']) && !$Config['ChmodOnFolderCreate']) {
mkdir_rek($sServerDir, $permissions);
} else {
$permissions = 0777;
if (isset($Config['ChmodOnFolderCreate'])) {
$permissions = $Config['ChmodOnFolderCreate'];
}
// To create the folder with 0777 permissions, we need to set umask to zero.
$oldumask = umask(0);
mkdir_rek($sServerDir, $permissions);
umask($oldumask);
}
}
$sFilePath = $sServerDir . $sFileName;
if (is_file($sFilePath)) {
$iCounter++;
if ($Dwfck_conf_values['fnencode'] == 'safe') {
$sFileName = RemoveExtension(dwiki_decodeFN($sOriginalFileName)) . '_' . $iCounter . ".{$sExtension}";
} else {
$sFileName = RemoveExtension($sOriginalFileName) . '_' . $iCounter . ".{$sExtension}";
}
$sFileName = Dwfck_sanitize($sFileName, $image_file);
$sErrorNumber = '201';
} else {
move_uploaded_file($oFile['tmp_name'], $sFilePath);
if (is_file($sFilePath)) {
if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) {
break;
}
$permissions = 0777;
if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) {
$permissions = $Config['ChmodOnUpload'];
}
$oldumask = umask(0);
chmod($sFilePath, $permissions);
umask($oldumask);
}
break;
}
}
if (file_exists($sFilePath)) {
//previous checks failed, try once again
if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) {
@unlink($sFilePath);
$sErrorNumber = '202';
} else {
if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) {
@unlink($sFilePath);
$sErrorNumber = '202';
}
}
}
} else {
$sErrorNumber = '202';
}
} else {
$sErrorNumber = '202';
}
$sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
$sFileUrl = CombinePaths($sFileUrl, $sFileName);
SendUploadResults($sErrorNumber, $sFileUrl, htmlentities($sFileName));
exit;
}
function FolderDelete($resourceType, $currentFolder, $Command)
{
global $Config;
$thumb = 1;
//($resourceType=='Image' && $Config['ThumbList']) ? true : false;
$sServerDir = ServerMapFolder($resourceType, $currentFolder, $Command);
if (!filemanager_deldir($_SERVER['DOCUMENT_ROOT'] . GetResourceTypePath($resourceType, 'Delete'), $currentFolder . $_GET['DelFolder'] . '/', $thumb) || !rmdir($sServerDir . $_GET['DelFolder'] . '/')) {
echo '<Error number="1" originalDescription="Ошибка при удалении папки" />';
}
}
function FileUpload($resourceType, $currentFolder, $sCommand)
{
global $cfg;
global $db;
$tbl_attachment = $cfg['tbl_attachment'];
if (!isset($_FILES)) {
global $_FILES;
}
//print_r($_FILES['type']);
$sErrorNumber = '0';
$sFileName = '';
if (!isset($_FILES['NewFile'])) {
$temp = $_FILES['file'];
$_FILES['NewFile'] = $temp;
$flag = 0;
} else {
$flag = 1;
}
if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])) {
global $Config;
$oFile = $_FILES['NewFile'];
$mime_type = $oFile['type'];
// Map the virtual path to the local server path.
$sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand);
// Get the uploaded file name.
$sFileName = $oFile['name'];
$sFileName = SanitizeFileName($sFileName);
$sOriginalFileName = $sFileName;
// Get the extension.
$sExtension = substr($sFileName, strrpos($sFileName, '.') + 1);
$sExtension = strtolower($sExtension);
$sFileName = "flow_" . str_replace(array("0.", " "), array("", "_"), microtime()) . "." . $sExtension;
if (isset($Config['SecureImageUploads'])) {
if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) {
$sErrorNumber = '202';
}
}
if (isset($Config['HtmlExtensions'])) {
if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) {
$sErrorNumber = '202';
}
}
// Check if it is an allowed extension.
if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) {
$iCounter = 0;
while (true) {
$sFilePath = $sServerDir . $sFileName;
if (is_file($sFilePath)) {
$iCounter++;
$sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension;
$sErrorNumber = '201';
} else {
move_uploaded_file($oFile['tmp_name'], $sFilePath);
if (is_file($sFilePath)) {
if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) {
break;
}
$permissions = 0777;
if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) {
$permissions = $Config['ChmodOnUpload'];
}
$oldumask = umask(0);
chmod($sFilePath, $permissions);
umask($oldumask);
}
break;
}
}
if (file_exists($sFilePath)) {
//previous checks failed, try once again
if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) {
@unlink($sFilePath);
$sErrorNumber = '202';
} else {
if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) {
@unlink($sFilePath);
$sErrorNumber = '202';
}
}
}
} else {
$sErrorNumber = '202';
}
} else {
$sErrorNumber = '202';
}
if (isset($_GET['object_id'])) {
$object_id = intval($_GET['object_id']);
} else {
if (isset($_POST['object_id'])) {
$object_id = intval($_POST['object_id']);
} else {
global $object_id;
}
}
if (isset($_GET['class_id'])) {
$class_id = intval($_GET['class_id']);
} else {
if (isset($_POST['class_id'])) {
$class_id = intval($_POST['class_id']);
} else {
$class_id = 1;
}
}
if (!$sErrorNumber && file_exists($sFilePath)) {
$sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
$sFileUrl = CombinePaths($sFileUrl, $sFileName);
$sql = "insert into {$tbl_attachment} (catalog_id,object_id,filename,formername,ext,mime,mime_type,dt) values ('{$class_id}','{$object_id}','{$sFileName}','{$sOriginalFileName}','{$sExtension}','{$resourceType}','{$mime_type}','" . date("Y-m-d H:i:s", time() + 8 * 3600) . "')";
@$db->Execute($sql);
if ($resourceType == "File") {
$cmd = "download";
} else {
$cmd = "preview";
}
$sFileUrl = $cfg['flow_basedir'] . "file.php?cmd=" . $cmd . "&id=" . $db->Insert_ID();
}
if ($flag == "1") {
SendUploadResults($sErrorNumber, $sFileUrl, $sFileName);
} else {
echo "\r\n\t\t\t<script language='JavaScript'>\r\n\t\t\t\t<!--\r\n\t\t\t\t\twindow.location.href='" . $cfg['flow_basedir'] . "flowcms/filebrowser.php?Type={$resourceType}&class_id={$class_id}&object_id={$object_id}';\r\n\t\t\t\t//-->\r\n\t\t\t</script>\r\n\t\t";
}
exit;
}
function FileUpload($resourceType, $currentFolder, $sCommand)
{
if (!isset($_FILES)) {
global $_FILES;
}
$sErrorNumber = '0';
$sFileName = '';
if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])) {
global $Config;
$oFile = $_FILES['NewFile'];
// Map the virtual path to the local server path.
$sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand);
// Get the uploaded file name.
$sFileName = time() . "." . strtolower(array_pop(explode(".", $oFile['name'])));
$sFileName = SanitizeFileName($sFileName);
$sOriginalFileName = $sFileName;
// Get the extension.
$sExtension = substr($sFileName, strrpos($sFileName, '.') + 1);
$sExtension = strtolower($sExtension);
if (isset($Config['SecureImageUploads'])) {
if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) {
$sErrorNumber = '202';
}
}
if (isset($Config['HtmlExtensions'])) {
if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) {
$sErrorNumber = '202';
}
}
// Check if it is an allowed extension.
if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) {
$iCounter = 0;
while (true) {
$sFilePath = $sServerDir . $sFileName;
if (is_file($sFilePath)) {
$iCounter++;
$sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension;
$sErrorNumber = '201';
} else {
move_uploaded_file($oFile['tmp_name'], $sFilePath);
if (is_file($sFilePath)) {
if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) {
break;
}
$permissions = 0777;
if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) {
$permissions = $Config['ChmodOnUpload'];
}
$oldumask = umask(0);
chmod($sFilePath, $permissions);
umask($oldumask);
}
break;
}
}
if ($_POST['C1'] == "ON") {
$watermark = 1;
//是否附加水印(1为加水印,其他为不加水印);
} else {
$watermark = 2;
}
if ($_POST['R1'] == "V1") {
$watertype = 1;
//水印类型(1为文字,2为图片)
} else {
$watertype = 2;
}
if ($_POST['T1'] == "") {
$waterstring = 'http://www.bb580.com.cn';
//水印字符串
} else {
$waterstring = $_POST['T1'];
}
$waterimg = "logo.png";
//水印图片
if ($watermark == 1) {
$image_size = getimagesize($sFilePath);
$awidth = $image_size[0];
$aheight = $image_size[1];
$iinfo = getimagesize($sFilePath, $iinfo);
$nimage = imagecreatetruecolor($image_size[0], $image_size[1]);
$white = imagecolorallocate($nimage, 255, 255, 255);
$black = imagecolorallocate($nimage, 0, 0, 0);
$red = imagecolorallocate($nimage, 255, 0, 0);
imagefill($nimage, 0, 0, $white);
switch ($iinfo[2]) {
case 1:
$simage = imagecreatefromgif($sFilePath);
break;
case 2:
$simage = imagecreatefromjpeg($sFilePath);
break;
case 3:
$simage = imagecreatefrompng($sFilePath);
break;
case 6:
$simage = imagecreatefromwbmp($sFilePath);
break;
default:
die("不支持的文件类型");
exit;
}
imagecopy($nimage, $simage, 0, 0, 0, 0, $image_size[0], $image_size[1]);
switch ($watertype) {
case 1:
//加水印字符串
imagestring($nimage, 2, 3, $image_size[1] - 15, $waterstring, $black);
break;
case 2:
//加水印图片
$simage1 = imagecreatefrompng($waterimg);
imagecopy($nimage, $simage1, $awidth - 151, $aheight - 50, 0, 0, 151, 50);
imagedestroy($simage1);
break;
}
switch ($iinfo[2]) {
case 1:
imagegif($nimage, $sFilePath);
imagejpeg($nimage, $sFilePath);
break;
case 2:
imagejpeg($nimage, $sFilePath);
break;
case 3:
imagepng($nimage, $sFilePath);
break;
case 6:
imagewbmp($nimage, $sFilePath);
imagejpeg($nimage, $sFilePath);
break;
}
//覆盖原上传文件
imagedestroy($nimage);
imagedestroy($simage);
}
if (file_exists($sFilePath)) {
//previous checks failed, try once again
if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) {
@unlink($sFilePath);
$sErrorNumber = '202';
} else {
if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) {
@unlink($sFilePath);
$sErrorNumber = '202';
}
}
}
} else {
$sErrorNumber = '202';
}
} else {
$sErrorNumber = '202';
}
$sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
$sFileUrl = CombinePaths($sFileUrl, $sFileName);
SendUploadResults($sErrorNumber, $sFileUrl, $sFileName);
exit;
}
function FileUpload($resourceType, $currentFolder)
{
$sErrorNumber = '0';
$sFileName = '';
if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])) {
$oFile = $_FILES['NewFile'];
// Map the virtual path to the local server path.
$sServerDir = ServerMapFolder($resourceType, $currentFolder);
// Get the uploaded file name.
$sFileName = $oFile['name'];
$sOriginalFileName = $sFileName;
$iCounter = 0;
while (true) {
$sFilePath = $sServerDir . $sFileName;
if (is_file($sFilePath)) {
$iCounter++;
$oPathInfo = pathinfo($sFilePath);
$sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $oPathInfo['extension'];
$sErrorNumber = '201';
} else {
move_uploaded_file($oFile['tmp_name'], $sFilePath);
break;
}
}
} else {
$sErrorNumber = '202';
}
echo '<script type="text/javascript">';
echo 'window.parent.frames["frmUpload"].OnUploadCompleted(' . $sErrorNumber . ',"' . str_replace('"', '\\"', $sFileName) . '") ;';
echo '</script>';
exit;
}
function FileUpload($resourceType, $currentFolder)
{
$sErrorNumber = '0';
$sFileName = '';
if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])) {
global $Config;
$oFile = $_FILES['NewFile'];
// Map the virtual path to the local server path.
$sServerDir = ServerMapFolder($resourceType, $currentFolder);
// Get the uploaded file name.
$sFileName = $oFile['name'];
// Replace dots in the name with underscores (only one dot can be there... security issue).
if ($Config['ForceSingleExtension']) {
$sFileName = preg_replace('/\\.(?![^.]*$)/', '_', $sFileName);
}
$sOriginalFileName = $sFileName;
// Get the extension.
$sExtension = substr($sFileName, strrpos($sFileName, '.') + 1);
$sExtension = strtolower($sExtension);
// Selected image width
$iWidth = isset($_POST['WidthOpt']) && $_POST['WidthOpt'] ? intval($_POST['WidthOpt']) : (isset($_POST['Width']) && $_POST['Width'] ? intval($_POST['Width']) : 0);
$arAllowed = $Config['AllowedExtensions'][$resourceType];
$arDenied = $Config['DeniedExtensions'][$resourceType];
if ((count($arAllowed) == 0 || in_array($sExtension, $arAllowed)) && (count($arDenied) == 0 || !in_array($sExtension, $arDenied))) {
$iCounter = 0;
while (true) {
$sFilePath = $sServerDir . $sFileName;
if (is_file($sFilePath)) {
$iCounter++;
$sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension;
$sErrorNumber = '201';
} else {
if ($iWidth) {
$oImg = new Image($oFile);
$oImg->resize($iWidth);
$oImg->save($sFilePath);
} else {
move_uploaded_file($oFile['tmp_name'], $sFilePath);
}
if (is_file($sFilePath)) {
$oldumask = umask(0);
chmod($sFilePath, 0777);
umask($oldumask);
}
break;
}
}
} else {
$sErrorNumber = '202';
}
} else {
$sErrorNumber = '202';
}
echo '<script type="text/javascript">';
echo 'window.parent.frames["frmUpload"].OnUploadCompleted(' . $sErrorNumber . ',"' . str_replace('"', '\\"', $sFileName) . '") ;';
echo '</script>';
exit;
}
function FileUpload($resourceType, $currentFolder, $sCommand)
{
if (!isset($_FILES)) {
global $_FILES;
}
$sErrorNumber = '0';
$sFileName = '';
if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])) {
global $Config;
$oFile = $_FILES['NewFile'];
// No POST errors in uploading?
if ($oFile['error'] !== UPLOAD_ERR_OK) {
$sErrorNumber = '1';
switch ($oFile['error']) {
case UPLOAD_ERR_INI_SIZE:
$err_msg = 'The uploaded file exceeds the upload_max_filesize directive in php.ini';
break;
case UPLOAD_ERR_FORM_SIZE:
$err_msg = 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form';
break;
case UPLOAD_ERR_PARTIAL:
$err_msg = 'The uploaded file was only partially uploaded';
break;
case UPLOAD_ERR_NO_FILE:
$err_msg = 'No file was uploaded';
break;
case UPLOAD_ERR_NO_TMP_DIR:
$err_msg = 'Missing a temporary folder';
break;
case UPLOAD_ERR_CANT_WRITE:
$err_msg = 'Failed to write file to disk';
break;
case UPLOAD_ERR_EXTENSION:
$err_msg = 'File upload stopped by extension';
break;
default:
$err_msg = 'Unknown upload error';
}
SendUploadResults($sErrorNumber, '', '', $err_msg);
exit;
}
// Is of proper size?
if ($Config['k_max_upload_size']) {
$max = $Config['k_max_upload_size'] * 1024 * 1024;
if ($oFile['size'] > $Config['k_max_upload_size'] * 1024 * 1024) {
$sErrorNumber = '1';
$err_msg = 'File too large. Cannot be over ' . $Config['k_max_upload_size'] . ' MB in size.';
SendUploadResults($sErrorNumber, '', '', $err_msg);
exit;
}
}
// Map the virtual path to the local server path.
$sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand);
// Get the uploaded file name.
$sFileName = $oFile['name'];
$sFileName = SanitizeFileName($sFileName);
$sOriginalFileName = $sFileName;
// Get the extension.
$sExtension = '';
if (strrpos($sFileName, '.') !== false) {
$sExtension = substr($sFileName, strrpos($sFileName, '.') + 1);
$sExtension = strtolower($sExtension);
}
if ($sExtension != '') {
if (isset($Config['SecureImageUploads'])) {
if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) {
$sErrorNumber = '202';
}
}
if (isset($Config['HtmlExtensions'])) {
if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) {
$sErrorNumber = '202';
}
}
}
// Check if it is an allowed extension.
if ($sExtension != '' && !$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) {
$iCounter = 0;
while (true) {
$sFilePath = $sServerDir . $sFileName;
if (is_file($sFilePath)) {
$iCounter++;
$sFileName = RemoveExtension($sOriginalFileName) . '-' . $iCounter . '.' . $sExtension;
$sErrorNumber = '201';
} else {
if (defined('K_GALLERY_UPLOAD')) {
$res = rename($oFile['tmp_name'], $sFilePath);
} else {
$res = move_uploaded_file($oFile['tmp_name'], $sFilePath);
}
if ($res === FALSE) {
$sErrorNumber = '203';
break;
}
if (is_file($sFilePath)) {
if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) {
break;
}
$permissions = 0777;
if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) {
$permissions = $Config['ChmodOnUpload'];
}
$oldumask = umask(0);
chmod($sFilePath, $permissions);
umask($oldumask);
}
break;
}
}
if (file_exists($sFilePath)) {
//previous checks failed, try once again
if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) {
@unlink($sFilePath);
$sErrorNumber = '202';
} else {
if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) {
@unlink($sFilePath);
$sErrorNumber = '202';
}
}
}
} else {
$sErrorNumber = '202';
}
} else {
$sErrorNumber = '202';
}
$sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
$sFileUrl = CombinePaths($sFileUrl, $sFileName);
$res = SendUploadResults($sErrorNumber, $sFileUrl, $sFileName);
if (defined('K_GALLERY_UPLOAD')) {
return $res;
}
exit;
}
function GetFoldersAndFiles($resourceType, $currentFolder, $pagesize = '5')
{
// Map the virtual path to the local server path.
$sServerDir = ServerMapFolder($resourceType, $currentFolder, 'GetFoldersAndFiles');
// Arrays that will hold the folders and files names.
$aFolders = array();
$aFiles = array();
$oCurrentFolder = opendir($sServerDir);
while ($sFile = readdir($oCurrentFolder)) {
if ($sFile != '.' && $sFile != '..' && $sFile != 'Thumbs.db') {
if (is_dir($sServerDir . $sFile)) {
$aFolders[] = '<Folder name="' . ConvertToXmlAttribute($sFile) . '" />';
} else {
$iFileSize = @filesize($sServerDir . $sFile);
$iFileMtime = @filemtime($sServerDir . $sFile);
if (!$iFileSize) {
$iFileSize = 0;
}
if ($iFileSize > 0) {
$iFileSize = round($iFileSize / 1024);
if ($iFileSize < 1) {
$iFileSize = 1;
}
}
$aFiles[] = '<File name="' . ConvertToXmlAttribute($sFile) . '" size="' . $iFileSize . '" />';
}
}
}
$p = $_GET['p'];
if ($p < 1) {
$p = 1;
}
// Send the folders
natcasesort($aFolders);
echo '<Folders>';
foreach ($aFolders as $sFolder) {
echo $sFolder;
}
echo '</Folders>';
// Send the files
natcasesort($aFiles);
$an = count($aFiles);
foreach ($aFiles as $key => $val) {
$aFiles[$an - $key - 1] = $val;
}
echo '<Files>';
//foreach ( $aFiles as $sFiles )
//echo $sFiles ;
for ($i = ($p - 1) * $pagesize; $i < $pagesize * $p; $i++) {
echo $aFiles[$i];
}
echo '</Files>';
echo '<npage>';
echo $p;
echo '</npage>';
echo '<page>';
echo ceil(count($aFiles) / $pagesize);
echo '</page>';
unset($aFolders);
unset($aFiles);
}
function CreateFolder($resourceType, $currentFolder)
{
if (!isset($_GET)) {
global $_GET;
}
$sErrorNumber = '0';
$sErrorMsg = '';
if (isset($_GET['NewFolderName'])) {
$sNewFolderName = "Personals";
//$sNewFolderName = $_GET['NewFolderName'] ;
//$sNewFolderName = SanitizeFolderName( $sNewFolderName ) ;
if (strpos($sNewFolderName, '..') !== FALSE) {
$sErrorNumber = '102';
} else {
// Map the virtual path to the local server path of the current folder.
$sServerDir = ServerMapFolder($resourceType, $currentFolder, 'CreateFolder');
if (is_writable($sServerDir)) {
$sServerDir .= $sNewFolderName;
$sErrorMsg = CreateServerFolder($sServerDir);
switch ($sErrorMsg) {
case '':
$sErrorNumber = '0';
break;
case 'Invalid argument':
case 'No such file or directory':
$sErrorNumber = '102';
// Path too long.
break;
default:
$sErrorNumber = '110';
break;
}
} else {
$sErrorNumber = '103';
}
}
} else {
$sErrorNumber = '102';
}
// Create the "Error" node.
echo '<Error number="' . $sErrorNumber . '" />';
}
function FileUpload($resourceType, $currentFolder, $sCommand)
{
if (!isset($_FILES)) {
global $_FILES;
}
$sErrorNumber = '0';
$sFileName = '';
if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])) {
global $Config;
$oFile = $_FILES['NewFile'];
// Map the virtual path to the local server path.
$sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand);
// Get the uploaded file name.
$sFileName = $oFile['name'];
$sFileName = SanitizeFileName($sFileName);
$sOriginalFileName = $sFileName;
// Get the extension.
$sExtension = substr($sFileName, strrpos($sFileName, '.') + 1);
$sExtension = strtolower($sExtension);
if (isset($Config['SecureImageUploads'])) {
if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) {
$sErrorNumber = '202';
}
}
if (isset($Config['HtmlExtensions'])) {
if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) {
$sErrorNumber = '202';
}
}
// hack for XOOPS CHINA by ezsky < *****@*****.** >
$name_pattern = "";
if (!empty($Config['UserFilesNamePattern'])) {
$patterns = explode("|", $Config['UserFilesNamePattern']);
$delimiter = "";
foreach ($patterns as $pattern) {
switch ($pattern) {
case "date":
$name_pattern .= $delimiter . date("YmdHis");
break;
case "time":
$name_pattern .= $delimiter . strval(time());
break;
case "uid":
$name_pattern .= $delimiter . (is_object($GLOBALS["xoopsUser"]) ? str_pad($GLOBALS["xoopsUser"]->getVar("uid"), 10, "0", STR_PAD_LEFT) : "0");
break;
}
$delimiter = "-";
}
}
if (!empty($name_pattern)) {
$sFileName = $name_pattern . "." . $sExtension;
}
if (!empty($Config['UserFilesPathPattern'])) {
$sServerDir .= date($Config['UserFilesPathPattern']) . '/';
CreateServerFolder($sServerDir);
if (is_dir($sServerDir)) {
$currentFolder .= date($Config['UserFilesPathPattern']) . '/';
}
}
// end hack
// Check if it is an allowed extension.
if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) {
$iCounter = 0;
while (true) {
$sFilePath = $sServerDir . $sFileName;
if (is_file($sFilePath)) {
$iCounter++;
$sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension;
$sErrorNumber = '201';
} else {
move_uploaded_file($oFile['tmp_name'], $sFilePath);
if (is_file($sFilePath)) {
if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) {
break;
}
$permissions = 0777;
if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) {
$permissions = $Config['ChmodOnUpload'];
}
$oldumask = umask(0);
chmod($sFilePath, $permissions);
umask($oldumask);
}
break;
}
}
if (file_exists($sFilePath)) {
//previous checks failed, try once again
if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) {
@unlink($sFilePath);
$sErrorNumber = '202';
} else {
if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) {
@unlink($sFilePath);
$sErrorNumber = '202';
}
}
}
} else {
$sErrorNumber = '202';
}
} else {
$sErrorNumber = '202';
}
$sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
$sFileUrl = CombinePaths($sFileUrl, $sFileName);
SendUploadResults($sErrorNumber, $sFileUrl, $sFileName);
exit;
}
function CreateFolder($resourceType, $currentFolder)
{
$sErrorNumber = '0';
$sErrorMsg = '';
if (isset($_GET['NewFolderName'])) {
$sNewFolderName = $_GET['NewFolderName'];
if (strpos($sNewFolderName, '..') !== FALSE) {
$sErrorNumber = '102';
} else {
// Map the virtual path to the local server path of the current folder.
$sServerDir = ServerMapFolder($resourceType, $currentFolder);
if (is_writable($sServerDir)) {
$sServerDir .= $sNewFolderName;
$sErrorMsg = CreateServerFolder($sServerDir);
switch ($sErrorMsg) {
case '':
$sErrorNumber = '0';
break;
case 'Invalid argument':
case 'No such file or directory':
$sErrorNumber = '102';
// Path too long.
break;
default:
$sErrorNumber = '110';
break;
}
} else {
$sErrorNumber = '103';
}
}
} else {
$sErrorNumber = '102';
}
// Create the "Error" node.
echo '<Error number="' . $sErrorNumber . '" originalDescription="' . ConvertToXmlAttribute($sErrorMsg) . '" />';
}
protected static function DeleteFile($sFileName, $resourceType, $currentFolder, $sCommand)
{
$sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand);
$sFileUrl = $sServerDir . $sFileName;
if (is_file($sFileUrl)) {
return @unlink($sFileUrl);
}
return false;
}
function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '')
{
if (!isset($_FILES)) {
global $_FILES;
}
$sErrorNumber = '0';
$sFileName = '';
$customError = '';
//PATCH to detect a quick file upload.
if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name']) || isset($_FILES['upload']) && !is_null($_FILES['upload']['tmp_name'])) {
global $config;
//PATCH to detect a quick file upload.
$oFile = isset($_FILES['NewFile']) ? $_FILES['NewFile'] : $_FILES['upload'];
// Map the virtual path to the local server path.
$sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand);
// Get the uploaded file name.
$sFileName = $oFile['name'];
$sFileName = SanitizeFileName($sFileName);
$sOriginalFileName = $sFileName;
// Get the extension.
$sExtension = substr($sFileName, strrpos($sFileName, '.') + 1);
$sExtension = strtolower($sExtension);
if (isset($config['SecureImageUploads'])) {
if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) == false) {
$sErrorNumber = '202';
}
}
if (isset($config['HtmlExtensions'])) {
if (!IsHtmlExtension($sExtension, $config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) == true) {
$sErrorNumber = '202';
}
}
if ($oFile["size"] / 1024 > $config['MaxImageSize']) {
$sErrorNumber = '1';
$customError = "Can't upload max size " . $config['MaxImageSize'] . "KB";
}
// Check if it is an allowed extension.
if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) {
if ($config['UploadOrginalFilename']) {
// อัปโหลดใช้ชื่อเดิม
$iCounter = 0;
while (true) {
$sFilePath = $sServerDir . $sFileName;
if (is_file($sFilePath)) {
$iCounter++;
$sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension;
$sErrorNumber = '201';
} else {
move_uploaded_file($oFile['tmp_name'], $sFilePath);
if (is_file($sFilePath)) {
if (isset($config['ChmodOnUpload']) && !$config['ChmodOnUpload']) {
break;
}
$permissions = 0777;
if (isset($config['ChmodOnUpload']) && $config['ChmodOnUpload']) {
$permissions = $config['ChmodOnUpload'];
}
$oldumask = umask(0);
chmod($sFilePath, $permissions);
umask($oldumask);
}
break;
}
}
} else {
// อัปโหลดโดยใช้เวลาเป็นชื่อไฟล์
$iCounter = date('U');
while (true) {
$sFileName = "{$iCounter}.{$sExtension}";
$sFilePath = $sServerDir . $sFileName;
if (is_file($sFilePath)) {
$iCounter++;
$sFileName = "{$iCounter}.{$sExtension}";
} else {
move_uploaded_file($oFile['tmp_name'], $sFilePath);
if (is_file($sFilePath)) {
if (isset($config['ChmodOnUpload']) && !$config['ChmodOnUpload']) {
break;
}
$permissions = 0777;
if (isset($config['ChmodOnUpload']) && $config['ChmodOnUpload']) {
$permissions = $config['ChmodOnUpload'];
}
$oldumask = umask(0);
chmod($sFilePath, $permissions);
umask($oldumask);
}
break;
}
}
}
if (file_exists($sFilePath)) {
//previous checks failed, try once again
if (isset($isImageValid) && $isImageValid == -1 && IsImageValid($sFilePath, $sExtension) == false) {
@unlink($sFilePath);
$sErrorNumber = '202';
} elseif (isset($detectHtml) && $detectHtml == -1 && DetectHtml($sFilePath) == true) {
@unlink($sFilePath);
$sErrorNumber = '202';
}
}
} else {
$sErrorNumber = $sErrorNumber;
}
} else {
$sErrorNumber = '202';
}
$sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
$sFileUrl = CombinePaths($sFileUrl, $sFileName);
if ($CKEcallback == '') {
SendUploadResults($sErrorNumber, $sFileUrl, $sFileName);
} else {
//issue the CKEditor Callback
//SendCKEditorResults($sErrorNumber, $CKEcallback, WEB_URL.'/'.$sFileUrl, $sFileName);
SendCKEditorResults($sErrorNumber, $CKEcallback, $sFileUrl, $sFileName, $customError == "" ? "" : $customError);
}
exit;
}
function FileUpload($resourceType, $currentFolder, $sCommand)
{
if (!isset($_FILES)) {
global $_FILES;
}
$sErrorNumber = '0';
$sFileName = '';
if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])) {
global $Config;
$oFile = $_FILES['NewFile'];
// Map the virtual path to the local server path.
$sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand);
// Get the uploaded file name.
$sFileName = $oFile['name'];
$sFileName = SanitizeFileName($sFileName, $oFile['type']);
$sOriginalFileName = $sFileName;
// Get the extension.
$sExtension = substr($sFileName, strrpos($sFileName, '.') + 1);
$sExtension = strtolower($sExtension);
if (isset($Config['SecureImageUploads'])) {
if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) {
$sErrorNumber = '202';
}
}
if (isset($Config['HtmlExtensions'])) {
if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) {
$sErrorNumber = '202';
}
}
// Check if it is an allowed extension.
if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) {
$iCounter = 0;
while (true) {
$sFilePath = $sServerDir . $sFileName;
if (is_file($sFilePath)) {
$iCounter++;
$sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension;
$sErrorNumber = '0';
// Change $sErrorNumber '201' to '0' to allow create record files renamed
} else {
move_uploaded_file($oFile['tmp_name'], $sFilePath);
if (is_file($sFilePath)) {
if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) {
break;
}
$permissions = 0777;
if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) {
$permissions = $Config['ChmodOnUpload'];
}
//$oldumask = umask(0) ;
chmod($sFilePath, $permissions);
//umask( $oldumask ) ;
}
break;
}
}
if (file_exists($sFilePath)) {
//previous checks failed, try once again
if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) {
@unlink($sFilePath);
$sErrorNumber = '202';
} else {
if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) {
@unlink($sFilePath);
$sErrorNumber = '202';
}
}
}
} else {
$sErrorNumber = '202';
}
} else {
$sErrorNumber = '202';
}
if ($sErrorNumber == '0') {
// While we are in a course: Registering the newly uploaded file in the course's database.
if (api_is_in_course()) {
global $_course, $_user;
$repository_path = api_get_path(REL_COURSE_PATH) . api_get_course_path() . '/document/';
$to_group_id = 0;
if (api_is_in_group()) {
global $group_properties;
$to_group_id = $group_properties['id'];
}
if (file_exists($sFilePath)) {
$file_path = substr($sFilePath, strpos($sFilePath, $repository_path) + strlen($repository_path) - 1);
$path = explode('/', $file_path);
$file_name = $path[count($path) - 1];
$path[count($path) - 1] = '';
$folder_path = '/' + implode('/', $path);
$file_size = @filesize($sFilePath);
$doc_id = add_document($_course, $file_path, 'file', $file_size, $file_name);
api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'DocumentAdded', $_user['user_id'], $to_group_id);
item_property_update_on_folder($_course, $folder_path, $_user['user_id']);
}
}
}
$sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
$sFileUrl = CombinePaths($sFileUrl, $sFileName);
SendUploadResults($sErrorNumber, $sFileUrl, $sFileName);
exit;
}
function FileUpload($resourceType, $currentFolder, $sCommand)
{
if (!isset($_FILES)) {
global $_FILES;
}
$sErrorNumber = '0';
$sFileName = '';
if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])) {
global $Config;
$oFile = $_FILES['NewFile'];
// Map the virtual path to the local server path.
$sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand);
// Get the uploaded file name.
$sFileName = $oFile['name'];
$sFileName = SanitizeFileName($sFileName);
$sOriginalFileName = $sFileName;
// Get the extension.
$sExtension = substr($sFileName, strrpos($sFileName, '.') + 1);
$sExtension = strtolower($sExtension);
if (isset($Config['SecureImageUploads'])) {
if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) {
$sErrorNumber = '202';
}
}
if (isset($Config['HtmlExtensions'])) {
if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) {
$sErrorNumber = '202';
}
}
// Check if it is an allowed extension.
if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) {
$iCounter = 0;
while (true) {
$sFilePath = $sServerDir . $sFileName;
if (is_file($sFilePath)) {
$iCounter++;
$sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension;
$sErrorNumber = '201';
} else {
move_uploaded_file($oFile['tmp_name'], $sFilePath);
if (is_file($sFilePath)) {
if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) {
break;
}
$permissions = 0777;
if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) {
$permissions = $Config['ChmodOnUpload'];
}
$oldumask = umask(0);
chmod($sFilePath, $permissions);
umask($oldumask);
}
break;
}
}
if (file_exists($sFilePath)) {
//previous checks failed, try once again
if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) {
@unlink($sFilePath);
$sErrorNumber = '202';
} else {
if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) {
@unlink($sFilePath);
$sErrorNumber = '202';
}
}
}
} else {
$sErrorNumber = '202';
}
} else {
$sErrorNumber = '202';
}
$sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
$sFileUrl = CombinePaths($sFileUrl, $sFileName);
SendUploadResults($sErrorNumber, $sFileUrl, $sFileName);
exit;
}
function MoreFileUpload($resourceType, $currentFolder, $sCommand)
{
if (!isset($_FILES)) {
global $_FILES;
}
global $Config;
$sErrorNumber = '0';
$sFileName = '';
if (is_array($_FILES['NewFile']['name'])) {
foreach ($_FILES['NewFile']['name'] as $key => $value) {
if (!empty($_FILES['NewFile']['tmp_name'][$key])) {
// Map the virtual path to the local server path.
$sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand);
// Get the uploaded file name.
$sFileName = $_FILES['NewFile']['name'][$key];
$sFileName = SanitizeFileName($sFileName);
$sOriginalFileName = $sFileName;
// Get the extension.
$sExtension = substr($sFileName, strrpos($sFileName, '.') + 1);
$sExtension = strtolower($sExtension);
if (isset($Config['SecureImageUploads'])) {
if (($isImageValid = IsImageValid($_FILES['NewFile']['tmp_name'][$key], $sExtension)) === false) {
$sErrorNumber = '202';
}
}
if (isset($Config['HtmlExtensions'])) {
if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($_FILES['NewFile']['tmp_name'][$key])) === true) {
$sErrorNumber = '202';
}
}
// Check if it is an allowed extension.
if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) {
$iCounter = 0;
while (true) {
$sFilePath = $sServerDir . $sFileName;
if (is_file($sFilePath)) {
$iCounter++;
$sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension;
$sErrorNumber = '201';
} else {
move_uploaded_file($_FILES['NewFile']['tmp_name'][$key], $sFilePath);
//判断并给符合条件图片加上水印
if ($sExtension == 'jpg' || $sExtension == 'jpeg' || $sExtension == 'png' || $sExtension == 'gif' || $sExtension == 'bmp') {
require_once ROOT_PATH . '/includes/cls_image.php';
$image = new cls_image($GLOBALS['_CFG']['bgcolor']);
if (intval($GLOBALS['_CFG']['watermark_place']) > 0 && !empty($GLOBALS['_CFG']['watermark'])) {
$image->add_watermark($sFilePath, '', '../../../../../' . $GLOBALS['_CFG']['watermark'], $GLOBALS['_CFG']['watermark_place'], $GLOBALS['_CFG']['watermark_alpha']);
}
}
if (is_file($sFilePath)) {
if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) {
break;
}
$permissions = 0777;
if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) {
$permissions = $Config['ChmodOnUpload'];
}
$oldumask = umask(0);
chmod($sFilePath, $permissions);
umask($oldumask);
}
break;
}
}
if (file_exists($sFilePath)) {
//previous checks failed, try once again
if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) {
@unlink($sFilePath);
$sErrorNumber = '202';
} else {
if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) {
@unlink($sFilePath);
$sErrorNumber = '202';
}
}
}
} else {
$sErrorNumber = '202';
}
if ($sErrorNumber == '202') {
$sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
$sFileUrl = CombinePaths($sFileUrl, $sFileName);
SendUploadResults($sErrorNumber, $sFileUrl, $sFileName);
}
} else {
continue;
}
}
$sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
$sFileUrl = CombinePaths($sFileUrl, $sFileName);
SendUploadResults($sErrorNumber, $sFileUrl, $sFileName, $key);
} else {
$sErrorNumber = '202';
$sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
$sFileUrl = CombinePaths($sFileUrl, $sFileName);
SendUploadResults($sErrorNumber, $sFileUrl, $sFileName);
}
exit;
}
function FileUpload($resourceType, $currentFolder)
{
$sErrorNumber = '0';
$sFileName = '';
if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])) {
$oFile = $_FILES['NewFile'];
// Map the virtual path to the local server path.
$sServerDir = ServerMapFolder($resourceType, $currentFolder);
// Get the uploaded file name.
$sFileName = $oFile['name'];
$sOriginalFileName = $sFileName;
$sExtension = substr($sFileName, strrpos($sFileName, '.') + 1);
global $Config;
$arAllowed = $Config['AllowedExtensions'][$resourceType];
$arDenied = $Config['DeniedExtensions'][$resourceType];
if ((count($arAllowed) == 0 || in_array($sExtension, $arAllowed)) && (count($arDenied) == 0 || !in_array($sExtension, $arDenied))) {
$iCounter = 0;
while (true) {
$sFilePath = $sServerDir . $sFileName;
if (is_file($sFilePath)) {
$iCounter++;
$sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension;
$sErrorNumber = '201';
} else {
move_uploaded_file($oFile['tmp_name'], $sFilePath);
if (is_file($sFilePath)) {
$oldumask = umask(0);
chmod($sFilePath, 0777);
umask($oldumask);
}
break;
}
}
} else {
$sErrorNumber = '202';
}
} else {
$sErrorNumber = '202';
}
echo '<script type="text/javascript">';
echo 'window.parent.frames["frmUpload"].OnUploadCompleted(' . $sErrorNumber . ',"' . str_replace('"', '\\"', $sFileName) . '") ;';
echo '</script>';
exit;
}
function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '')
{
if (!isset($_FILES)) {
global $_FILES;
}
$sErrorNumber = '0' ;
$sFileName = '' ;
if ( isset( $_FILES['NewFile'] ) && !is_null( $_FILES['NewFile']['tmp_name'] )
# This is for the QuickUpload tab box
or (isset($_FILES['upload']) and !is_null($_FILES['upload']['tmp_name'])))
{
global $Config ;
$oFile = isset($_FILES['NewFile']) ? $_FILES['NewFile'] : $_FILES['upload'];
// Map the virtual path to the local server path.
$sServerDir = ServerMapFolder( $resourceType, $currentFolder, $sCommand ) ;
// Get the uploaded file name.
$sFileName = $oFile['name'] ;
$sFileName = SanitizeFileName( $sFileName ) ;
$sOriginalFileName = $sFileName ;
// Get the extension.
$sExtension = substr( $sFileName, ( strrpos($sFileName, '.') + 1 ) ) ;
$sExtension = strtolower( $sExtension ) ;
if ( isset( $Config['SecureImageUploads'] ) )
{
if ( ( $isImageValid = IsImageValid( $oFile['tmp_name'], $sExtension ) ) === false )
{
$sErrorNumber = '202' ;
}
}
if ( isset( $Config['HtmlExtensions'] ) )
{
if ( !IsHtmlExtension( $sExtension, $Config['HtmlExtensions'] ) &&
( $detectHtml = DetectHtml( $oFile['tmp_name'] ) ) === true )
{
$sErrorNumber = '202' ;
}
}
// Check if it is an allowed extension.
if ( !$sErrorNumber && IsAllowedExt( $sExtension, $resourceType ) )
{
$iCounter = 0 ;
while ( true )
{
$sFilePath = $sServerDir . $sFileName ;
if ( is_file( $sFilePath ) )
{
$iCounter++ ;
$sFileName = RemoveExtension( $sOriginalFileName ) . '(' . $iCounter . ').' . $sExtension ;
$sErrorNumber = '201' ;
}
else
{
move_uploaded_file( $oFile['tmp_name'], $sFilePath ) ;
if ( is_file( $sFilePath ) )
{
if ( isset( $Config['ChmodOnUpload'] ) && !$Config['ChmodOnUpload'] )
{
break ;
}
$permissions = 0777;
if ( isset( $Config['ChmodOnUpload'] ) && $Config['ChmodOnUpload'] )
{
$permissions = $Config['ChmodOnUpload'] ;
}
$oldumask = umask(0) ;
chmod( $sFilePath, $permissions ) ;
umask( $oldumask ) ;
}
break ;
}
}
if ( file_exists( $sFilePath ) )
{
//previous checks failed, try once again
if ( isset( $isImageValid ) && $isImageValid === -1 && IsImageValid( $sFilePath, $sExtension ) === false )
{
@unlink( $sFilePath ) ;
$sErrorNumber = '202' ;
}
else if ( isset( $detectHtml ) && $detectHtml === -1 && DetectHtml( $sFilePath ) === true )
{
@unlink( $sFilePath ) ;
$sErrorNumber = '202' ;
}
}
}
else
$sErrorNumber = '202' ;
}
else
$sErrorNumber = '202' ;
$sFileUrl = CombinePaths( GetResourceTypePath( $resourceType, $sCommand ) , $currentFolder ) ;
$sFileUrl = CombinePaths( $sFileUrl, $sFileName ) ;
// DOL_CHANGE
//SendUploadResults( $sErrorNumber, $sFileUrl, $sFileName ) ;
if($CKEcallback == '')
{
// this line already exists so wrap the if block around it
SendUploadResults( $sErrorNumber, $sFileUrl, $sFileName ) ;
}
else
{
//issue the CKEditor Callback
SendCKEditorResults ($CKEcallback, $sFileUrl,
($sErrorNumber != 0
? 'Error '. $sErrorNumber. ' upload failed. '. $sErrorMsg
: 'Upload Successful'));
}
exit ;
}
