if ($_SESSION['GROUP_ID'] != 1 && $pathsettings['global']['admin_only']) { // Only show admin the settings link $template->set_var('DISPLAY_SETTINGS', 'hide'); } // Workout the parent dir link $parent_dir_link = ADMIN_URL . '/media/browse.php?dir=' . $directory . '&up=1'; // Workout if the up arrow should be shown if ($directory == '' or $directory == $currentHome) { $display_up_arrow = 'hide'; } else { $display_up_arrow = ''; } // Insert values $template->set_var(array('THEME_URL' => THEME_URL, 'CURRENT_DIR' => $directory, 'PARENT_DIR_LINK' => $parent_dir_link, 'DISPLAY_UP_ARROW' => $display_up_arrow, 'INCLUDE_PATH' => WB_URL . '/include')); // Get home folder not to show $home_folders = get_home_folders(); // Generate list $template->set_block('main_block', 'list_block', 'list'); $usedFiles = array(); // require_once(ADMIN_PATH.'/media/dse.php'); // $filename = $currentdir; if (!empty($currentdir)) { $usedFiles = $Dse->getMatchesFromDir($currentdir, DseTwo::RETURN_USED); } // Check for potentially malicious files $forbidden_file_types = preg_replace('/\\s*[,;\\|#]\\s*/', '|', RENAME_FILES_ON_UPLOAD); if ($handle = opendir(WB_PATH . MEDIA_DIRECTORY . '/' . $directory)) { // Loop through the files and dirs an add to list while (false !== ($file = readdir($handle))) { $info = pathinfo($file); $ext = isset($info['extension']) ? $info['extension'] : '';
function build_page(&$admin, &$database) { global $HEADING, $TEXT, $MENU, $MESSAGE; // Include the functions file include_once get_include(LEPTON_PATH . '/framework/summary.functions.php'); include_once get_include(ADMIN_PATH . '/media/function.inc.php'); $memory_limit = ini_get('memory_limit'); $post_max_size = ini_get('post_max_size'); $upload_max_filesize = ini_get('upload_max_filesize'); $maxUploadFiles = 12; $request = $_SERVER['REQUEST_METHOD']; $allowed_img_types = 'jpg|png|gif|tif'; $actions = isset($_POST['action']) ? trim(stripslashes($admin->get_post('action'))) : 'show'; $actions = isset($_POST['media_reload']) && $_POST['media_reload'] == true ? 'media_reload' : $actions; $actions = isset($_POST['cancel']) ? 'show' : $actions; // Get home folder not to show $home_folders = get_home_folders(); $currentHome = $admin->get_home_folder(); $pathsettings = get_media_settings(); // Get the user specified dir parent_path if ($request == 'GET' && isset($_REQUEST)) { $directory = rawurldecode(trim(stripslashes($admin->get_get('dir')))); } elseif (isset($_POST['current_select'])) { $directory = str_replace(MEDIA_DIRECTORY, '', rawurldecode(trim(stripslashes($admin->get_post('current_select'))))); } elseif (isset($_POST['current_dir'])) { $directory = rawurldecode(trim(stripslashes($admin->get_post('current_dir')))); } //$directory = is_null($directory) ? $currentHome : $directory; // $directory is not always null ... 8-/ $directory = is_null($directory) || empty($directory) ? $currentHome : $directory; $directory = $directory == '/' || $directory == '\\' ? '' : $directory; $target = $current_dir = $directory; $backlink = 'index.php?dir=' . $directory; $FILE = array(); $dirs = array(); $skip = LEPTON_PATH; directory_list(LEPTON_PATH . MEDIA_DIRECTORY, false, 0, $dirs, $skip); // dirs with readWrite access $dirs_rw = media_dirs_rw($admin); array_walk($dirs_rw, 'remove_path', LEPTON_PATH); if ($admin->get_user_id() == 1) { $id = array_unshift($dirs_rw, MEDIA_DIRECTORY); } // Define absolute path to WB media directory (using Unix path seperator) $mediaPath = str_replace('\\', '/', LEPTON_PATH . MEDIA_DIRECTORY); /* comment out to show only Home Folder till yet not build in overall $acess_denied = (($currentHome != '') && (strpos($mediaPath.$directory, $currentHome))) ? false : true; */ // sytem_admin if not superadmin, no homefolder, groupmember 1 $system_admin = $admin->ami_group_member('1') == true || $admin->get_user_id() == 1; $group_admin = empty($currentHome) == true && $admin->ami_group_member('1') == true; //$full_home_folder_access = $directory == '' || in_array(MEDIA_DIRECTORY.$directory, $dirs_rw) || $group_admin ; /* * If HOME_FOLDERS are not active the user have access to all media files, * otherwise check if the shown folders in list are within the personal folder * and grant desired rights only for this folders (upload, create directory a.s.o.) */ $full_home_folder_access = !HOME_FOLDERS ? true : empty($_SESSION['HOME_FOLDER']) || in_array(MEDIA_DIRECTORY . $directory, $dirs_rw) || $group_admin; if (strstr($current_dir, '..')) { // target_path contains ../ $admin->print_error($MESSAGE['MEDIA_TARGET_DOT_DOT_SLASH'], $backlink); } // Build canonicalized absolute path from user input and check if path exists (False if not) $userPath = str_replace('\\', '/', realpath($mediaPath . $directory)); // Ensure that the user specified path is located inside WB media folder if ($userPath == false || strpos($userPath, $mediaPath) !== 0) { // User defined path is invalid or is located outside the WB media directory $admin->print_error($MESSAGE['MEDIA_DIR_ACCESS_DENIED'], $backlink); } if (!is_writeable($mediaPath . $directory)) { $admin->print_error($MESSAGE['GENERIC_BAD_PERMISSIONS'], $backlink); } $tpl = new Template(THEME_PATH . '/templates', 'keep'); // false | true $tpl->debug = false; $file_array = array('page' => 'media.htt', 'browse' => 'media_browse.htt', 'rename' => 'media_rename.htt', 'settings' => 'setparameter.htt'); $tpl->set_file($file_array); $tpl->set_block('page', 'main_block', 'main'); // BEGIN left side always with main_block and the dropdown list may later as dirtree // First insert language text and messages $tpl->set_var(array('TEXT_RELOAD' => $TEXT['RELOAD'], 'TEXT_TARGET_FOLDER' => $TEXT['TARGET_FOLDER'], 'TEXT_CREATE_FOLDER' => $TEXT['CREATE_FOLDER'], 'TEXT_NAME' => $TEXT['TITLE'], 'TEXT_UPLOAD_FILES' => $TEXT['UPLOAD_FILES'], 'TEXT_UNZIP_FILE' => $TEXT['UNZIP_FILE'], 'TEXT_DELETE_ZIP' => $TEXT['DELETE_ZIP'], 'TEXT_OVERWRITE_EXISTING' => $TEXT['OVERWRITE_EXISTING'], 'TEXT_FILES' => $TEXT['FILES'])); $tpl->set_var(array('USER_ID' => $admin->is_authenticated() ? $admin->get_user_id() : '', 'ADMIN_URL' => ADMIN_URL, 'LEPTON_URL' => LEPTON_URL, 'LEPTON_PATH' => LEPTON_PATH, 'THEME_URL' => THEME_URL)); // && (($admin->ami_group_member('1') != true) || ($admin->get_user_id() != 1)) // set optionen media_settings_block $tpl->set_block('main_block', 'media_settings_block', 'media_settings'); // Only show admin the settings link if ($pathsettings['global']['admin_only'] == true) { if ($system_admin != true) { $tpl->set_var('DISPLAY_SETTINGS', 'hide'); $tpl->set_block('media_settings', ''); } else { $tpl->parse('media_settings', 'media_settings_block', true); } } else { $tpl->parse('media_settings', 'media_settings_block', true); } // set optionen media_upload_block $tpl->set_var(array('CHANGE_SETTINGS' => $TEXT['MODIFY_SETTINGS'], 'HEADING_BROWSE_MEDIA' => $HEADING['BROWSE_MEDIA'], 'HEADING_MEDIA' => $MENU['MEDIA'] . ' ' . $TEXT['FOLDERS'], 'HEADING_CREATE_FOLDER' => $HEADING['CREATE_FOLDER'], 'HEADING_UPLOAD_FILES' => $HEADING['UPLOAD_FILES'], 'OPTIONS' => $TEXT['OPTION'], 'SETTINGS_URL' => $_SERVER['SCRIPT_NAME'])); $tpl->set_var(array('HOME_DIRECTORY' => $currentHome, 'MEDIA_DIRECTORY' => MEDIA_DIRECTORY, 'CURRENT_DIR' => $directory)); // create dropdownlist dir_list_block $tpl->set_block('main_block', 'dir_list_block', 'dir_list'); // select the correct directory list $use_dirs = !HOME_FOLDERS ? $dirs : empty($_SESSION['HOME_FOLDER']) ? $dirs : $dirs_rw; if (count($use_dirs) > 0) { foreach ($use_dirs as $name) { // prevent duplicate entries - default directory is also set by template! if ($name == MEDIA_DIRECTORY . $currentHome) { continue; } $tpl->set_var(array('MEDIA_NAME' => $name, 'SELECTED' => MEDIA_DIRECTORY . $directory == $name ? ' selected="selected"' : '')); $tpl->parse('dir_list', 'dir_list_block', true); } } else { $tpl->set_var('dir_list', ''); } // Insert permissions values, hide for some actions // workout action should show default blocks switch ($actions) { // all others remove from left side case 'none': case 'show': case 'media_reload': case 'media_create': case 'media_upload': case 'media_delete': case 'save_media_rename': $tpl->set_block('main_block', 'media_create_block', 'media_create'); if ($admin->get_permission('media_create') != true || $full_home_folder_access == false) { $tpl->set_var('DISPLAY_CREATE', 'hide'); $tpl->set_block('media_create', ''); } else { $tpl->set_var(array('DISPLAY_CREATE' => '', 'MAX_UPLOADS' => $maxUploadFiles, 'ALLOW_EXTS' => RENAME_FILES_ON_UPLOAD)); $tpl->parse('media_create', 'media_create_block', true); } $tpl->set_block('main_block', 'input_upload_block', 'input_upload'); for ($x = 0; $x <= $maxUploadFiles; $x++) { $tpl->parse('input_upload', 'input_upload_block', true); } $tpl->set_block('main_block', 'media_upload_block', 'media_upload'); if ($admin->get_permission('media_upload') != true || $full_home_folder_access == false) { $tpl->set_var('DISPLAY_UPLOAD', 'hide'); $tpl->set_block('media_upload', ''); } else { $tpl->set_var(array('DISPLAY_UPLOAD' => '')); $tpl->parse('media_upload', 'media_upload_block', true); } break; default: // all the other action has to hide the blocks $tpl->set_block('main_block', 'media_create_block', 'media_create'); $tpl->set_var('DISPLAY_CREATE', 'hide'); $tpl->parse('media_create', ''); $tpl->set_block('main_block', 'media_upload_block', 'media_upload'); $tpl->set_var('DISPLAY_UPLOAD', 'hide'); $tpl->parse('media_upload', ''); break; } // END workout main_wrapper // Now prepare and parse values for the wrapper template show modus switch ($actions) { case 'none': case 'show': case 'media_reload': case 'media_create': case 'media_upload': case 'media_delete': case 'save_media_rename': $tpl->loadfile('browse'); $tpl->set_block('main_block', 'main_wrapper_block', 'browse'); // Workout the parent dir link PARENT_PATH //$parent_path = !empty($directory) ? dirname($directory) : $directory; if (!empty($directory)) { if (HOME_FOLDERS && !empty($_SESSION['HOME_FOLDER'])) { $parent_path = $_SESSION['HOME_FOLDER']; } else { $parent_path = dirname($directory); } } else { $parent_path = $directory; } // $parent_dir_link = ADMIN_URL.'/media/index.php?dir='.$directory.'&up=1'; $parent_dir_link = 1; // Workout if the up arrow should be shown $display_up_arrow = ''; // $display_up_arrow = (($directory == '') || ($directory == $currentHome)) ? 'hide' : ''; // Insert header info values main_wrapper_block $tpl->set_var(array('THEME_URL' => THEME_URL, 'ROOT_DIRECTORY' => MEDIA_DIRECTORY, 'MEDIA_DIRECTORY' => MEDIA_DIRECTORY, 'CURRENT_PATH' => $directory, 'PARENT_DIR_LINK' => $parent_dir_link, 'PARENT_PATH' => $parent_path)); $tpl->set_block('browse', 'up_link_block', 'up_link'); if (!empty($directory) && $directory != $parent_path) { // show only if parent <> directory $tpl->set_var(array('PARENT_DIR_LINK' => $parent_dir_link, 'TEXT_UP' => $TEXT['UP'], 'DISPLAY_UP_ARROW' => '')); $tpl->parse('up_link', 'up_link_block', true); } else { $tpl->set_block('up_link', ''); $tpl->set_var(array('UP_LINK_COL' => ' display_up_arrow', 'TEXT_UP' => $TEXT['UP'], 'DISPLAY_UP_ARROW' => ' display_up_arrow')); } // now set the dirs and files file_list_block and permissions $tpl->set_block('browse', 'file_list_block', 'file_list'); $tpl->set_block('file_list', 'media_rename_block', 'media_rename'); $tpl->set_block('file_list', 'media_delete_block', 'media_delete'); // get dirs and files in currentDir $FILE = scan_current_dir(LEPTON_PATH . MEDIA_DIRECTORY . '/' . $directory); $temp_id = 0; $line = $row_id = 1; if (count($FILE['path']) > 0) { foreach ($FILE['path'] as $name) { $temp_id++; $link_name = str_replace(' ', '%20', $name); $tpl->set_var(array('NAME' => $name, 'NAME_SLASHED' => addslashes($name), 'TEMP_ID' => $temp_id, 'LINK' => 'index.php?dir=' . $directory . '/' . $link_name, 'LINK_RELATION' => '', 'ROW_ID' => $line++ & 1, 'FT_ICON' => THEME_URL . '/images/folder_16.png', 'FILETYPE_ICON' => THEME_URL . '/images/folder_16.png', 'FILETYPE' => 'dir', 'FILENAME' => '/' . addslashes($name), 'LINK_TARGET' => '_self', 'ENABLE_OVERLIB' => '', 'EXTENSION' => '', 'MOUSEOVER' => '', 'CLASS_PREVIEW' => '', 'IMAGEDETAIL' => '', 'DISPLAY_ICON' => '', 'SIZE' => '', 'DATE' => '', 'PREVIEW' => '', 'LINK_PATH' => $directory . '/' . $link_name, 'MEDIA_PATH' => MEDIA_DIRECTORY)); $tpl->parse('file_list', 'file_list_block', true); } } // now set the files file_list_block and permissions if (count($FILE['filename']) > 0) { // convert to correct searchpattern $allowed_file_types = str_replace(',', '|', RENAME_FILES_ON_UPLOAD); foreach ($FILE['filename'] as $name) { $preview = 'preview'; if (!preg_match("/\\." . $allowed_file_types . "\$/i", $name)) { $preview = ''; continue; } $temp_id++; $overlib = preg_match("/\\." . $allowed_img_types . "\$/i", $name) ? ' overlib' : ''; if ($preview) { $filetype = get_filetype(LEPTON_URL . MEDIA_DIRECTORY . $directory . '/' . $name); $size = filesize(LEPTON_PATH . MEDIA_DIRECTORY . $directory . '/' . $name); $bytes = byte_convert($size); $fdate = filemtime(LEPTON_PATH . MEDIA_DIRECTORY . $directory . '/' . $name); $date = date(DATE_FORMAT . ' ' . TIME_FORMAT, $fdate); $filetypeicon = get_filetype_icon(LEPTON_URL . MEDIA_DIRECTORY . $directory . '/' . $name); $tooltip = ''; $imgdetail = $bytes; $icon = THEME_URL . '/images/files/unknown.png'; if (!$pathsettings['global']['show_thumbs']) { $info = @getimagesize(LEPTON_PATH . MEDIA_DIRECTORY . $directory . '/' . $name); if ($info[0]) { $imgdetail = fsize(filesize(LEPTON_PATH . MEDIA_DIRECTORY . $directory . '/' . $name)) . '<br /> ' . $info[0] . ' x ' . $info[1] . ' px'; $icon = 'thumb.php?t=1&img=' . $directory . '/' . $name; $tooltip = ShowTip('thumb.php?t=2&img=' . $directory . '/' . $name, $allowed_img_types); } else { $icon = THEME_URL . '/images/files/' . $filetypeicon . '.png'; } } else { $filetypeicon = get_filetype_icon(LEPTON_PATH . MEDIA_DIRECTORY . $directory . '/' . $name); $icon = THEME_URL . '/images/files/' . $filetypeicon . '.png'; } $tpl->set_var(array('NAME' => $name, 'NAME_SLASHED' => addslashes($name), 'TEMP_ID' => $temp_id, 'LINK' => LEPTON_URL . MEDIA_DIRECTORY . $directory . '/' . $name, 'LINK_RELATION' => '', 'ROW_ID' => $line++ & 1, 'FT_ICON' => $icon, 'FILETYPE_ICON' => THEME_URL . '/images/files/' . $filetypeicon . '.png', 'FILENAME' => addslashes($name), 'LINK_TARGET' => '_top', 'ENABLE_OVERLIB' => $overlib, 'FILETYPE' => 'file', 'EXTENSION' => $filetype, 'MOUSEOVER' => $tooltip, 'CLASS_PREVIEW' => '', 'IMAGEDETAIL' => $imgdetail, 'DISPLAY_ICON' => '', 'SIZE' => $bytes, 'DATE' => $date, 'PREVIEW' => $preview)); $tpl->parse('file_list', 'file_list_block', true); } } } $tpl->set_var(array('TEXT_CURRENT_FOLDER' => $TEXT['CURRENT_FOLDER'], 'TEXT_RELOAD' => $TEXT['RELOAD'], 'TEXT_RENAME' => $TEXT['RENAME'], 'TEXT_DELETE' => $TEXT['DELETE'], 'TEXT_SIZE' => $TEXT['SIZE'], 'TEXT_DATE' => $TEXT['DATE'], 'TEXT_NAME' => $TEXT['NAME'], 'TEXT_TYPE' => $TEXT['TYPE'], 'MEDIA_BROWSE' => '', 'NONE_FOUND' => $MESSAGE['MEDIA_NONE_FOUND'], 'CHANGE_SETTINGS' => $TEXT['MODIFY_SETTINGS'], 'CONFIRM_DELETE' => js_alert_encode($MESSAGE['MEDIA_CONFIRM_DELETE']), 'CONFIRM_DELETE_FILE' => js_alert_encode($MESSAGE['MEDIA_CONFIRM_DELETE_FILE']), 'CONFIRM_DELETE_DIR' => js_alert_encode($MESSAGE['MEDIA_CONFIRM_DELETE_DIR']))); // If no files are in the media folder say so if ($temp_id == 0) { $tpl->set_var('DISPLAY_LIST_TABLE', ' hide'); $tpl->set_var('DISPLAY_NONE_FOUND', ' center'); $tpl->set_var("file_list_block", "<tr><td></td></tr>"); $tpl->parse('file_list', 'file_list_block', true); } else { $tpl->set_var('DISPLAY_LIST_TABLE', ''); $tpl->set_var('DISPLAY_NONE_FOUND', ' hide'); } $tpl->set_block('file_list', 'media_rename_block', 'media_rename'); $tpl->set_block('file_list', 'media_delete_block', 'media_delete'); // Insert permissions values if ($admin->get_permission('media_rename') != true || $full_home_folder_access == false) { $tpl->set_var('DISPLAY_RENAME', 'hide'); $tpl->set_var('RENHAME_CONTENT', ''); $tpl->parse('media_rename', ''); } else { $tpl->set_var('RENHAME_CONTENT', ''); $tpl->parse('media_rename', 'media_rename_block', true); } if ($admin->get_permission('media_delete') != true || $full_home_folder_access == false) { $tpl->set_var('DISPLAY_DELETE', 'hide'); $tpl->set_var('DELETE_CONTENT', ''); $tpl->parse('media_delete', ''); } else { $tpl->set_var('DELETE_CONTENT', ''); $tpl->parse('media_delete', 'media_delete_block', true); } break; } // begin with save modus actions switch ($actions) { // save actions case 'save_media_settings': if (($x = save_media_settings($pathsettings)) == 0) { $admin->print_error($MESSAGE['SETTINGS_UNABLE_WRITE_CONFIG'], $backlink); } else { $admin->print_success($MESSAGE['SETTINGS_SAVED'], $backlink); } break; case 'save_media_rename': $ext = trim(stripslashes($admin->get_post('extension'))); $ext = empty($ext) ? '' : '.' . $ext; $old_file = media_filename(trim(stripslashes($admin->get_post('old_name')))) . $ext; $rename_file = media_filename(trim(stripslashes($admin->get_post('name')))) . $ext; $type = trim(stripslashes($admin->get_post('filetype'))); // perhaps change dots in underscore by tpye = directory $rename_file = trim($rename_file, '.'); $old_file = LEPTON_PATH . MEDIA_DIRECTORY . $directory . '/' . $old_file; $rename_file = LEPTON_PATH . MEDIA_DIRECTORY . $directory . '/' . $rename_file; if ($type == 'dir') { $rename_file = str_replace('.', '_', $rename_file); } elseif (!preg_match("/\\." . $allowed_file_types . "\$/i", $rename_file)) { $admin->print_error($TEXT['EXTENSION'] . ': ' . $MESSAGE['GENERIC_INVALID'], $backlink); } if (rename($old_file, $rename_file)) { $admin->print_success($MESSAGE['MEDIA_RENAMED'], $backlink); } else { $admin->print_error($MESSAGE['MEDIA_CANNOT_RENAME'], $backlink); } break; } // mask input modus switch ($actions) { case 'media_rename': clearstatcache(); $rename_file = media_filename(trim(stripslashes($admin->get_post('filename')))); $ext = trim(stripslashes($admin->get_post('fileext'))); $type = trim(stripslashes($admin->get_post('filetype'))); $rename_file = basename($rename_file); $tpl->loadfile('rename'); $tpl->set_block('main_block', 'main_wrapper_block', 'rename'); // false | true $tpl->debug = false; $tpl->set_var(array('THEME_URL' => THEME_URL, 'TEXT_CURRENT_FOLDER' => $TEXT['CURRENT_FOLDER'], 'FILENAME' => $rename_file, 'BASENAME' => trim(str_replace($ext, '', basename($rename_file)), '.'), 'ROOT_DIRECTORY' => MEDIA_DIRECTORY, 'DISPLAY_UP_ARROW' => ' display_up_arrow', 'CURRENT_PATH' => $directory, 'DIR' => $directory, 'FILE_TYPE' => $type, 'EXTENSION' => '.' . ltrim($ext, '.'), 'FILE_EXT' => ltrim($ext, '.'), 'TEXT_OVERWRITE_EXIST' => $TEXT['OVERWRITE_EXISTING'], 'TEXT_TO' => '', 'MEDIA_BROWSE' => '', 'TEXT_RENAME' => $TEXT['RENAME'], 'TEXT_CANCEL' => $TEXT['CANCEL'])); $tpl->parse('rename', 'main_wrapper_block', true); break; case 'media_settings': // load template language file $lang = THEME_PATH . '/languages/' . LANGUAGE . '.php'; include_once !file_exists($lang) ? THEME_PATH . '/languages/EN.php' : $lang; $tpl->loadfile('settings'); $tpl->set_block('main_block', 'main_wrapper_block', 'settings'); // false | true $tpl->debug = false; $admin_only = isset($pathsettings['global']['admin_only']) && $pathsettings['global']['admin_only'] == true ? ' checked="checked"' : ''; $show_thumbs = isset($pathsettings['global']['show_thumbs']) && $pathsettings['global']['show_thumbs'] == true ? ' checked="checked"' : ''; $tpl->set_var(array('TEXT_HEADER' => $TEXT['TEXT_HEADER'], 'SAVE_TEXT' => $TEXT['SAVE'], 'CANCEL' => $TEXT['CANCEL'], 'RESET' => $TEXT['RESET'], 'NO_SHOW_THUMBS' => $TEXT['NO_SHOW_THUMBS'], 'MEDIA_BROWSE' => '', 'ADMIN_ONLY' => $TEXT['ADMIN_ONLY'], 'SETTINGS' => $TEXT['SETTINGS'], 'CURRENT_PATH' => $directory, 'ADMIN_URL' => ADMIN_URL, 'WIDTH' => $TEXT['WIDTH'], 'HEIGHT' => $TEXT['HEIGHT'], 'ADMIN_ONLY_SELECTED' => $admin_only, 'NO_SHOW_THUMBS_SELECTED' => $show_thumbs, 'NONE_FOUND' => '', 'DISPLAY_NONE' => '')); // Get dirs in currentDir $dirs = array(); $skip = LEPTON_PATH; directory_list(LEPTON_PATH . MEDIA_DIRECTORY, false, 0, $dirs, $skip); $line = $row_id = 1; $tpl->set_block('settings', 'dir_settings_block', 'dir_settings'); if (isset($dirs)) { $good_dirs = 0; $dir_filter = MEDIA_DIRECTORY . $directory; $parent = substr_count($dir_filter, '/') + 1; $dir_filter = str_replace(array('/', ' '), '_', $dir_filter); foreach ($dirs as $name) { $relative = $name; // str_replace(LEPTON_PATH, '', $name); $subparent = substr_count($relative, '/') + 1; $safepath = str_replace(array('/', ' '), '_', $relative); $continue = strlen(str_replace($safepath, '', $dir_filter)); // if( (substr_count($safepath,$dir_filter) == 0) || ( $dir_filter == $safepath ) ) if ($parent != $subparent - 1 || substr_count($safepath, $dir_filter) == 0 || $dir_filter == $safepath) { continue; } $good_dirs++; $cur_width = $cur_height = ''; if (isset($pathsettings[$safepath]['width'])) { $cur_width = $pathsettings[$safepath]['width']; } if (isset($pathsettings[$safepath]['height'])) { $cur_height = $pathsettings[$safepath]['height']; } $cur_width = $cur_width != 0 ? (int) $cur_width : '-'; $cur_height = $cur_height != 0 ? (int) $cur_height : '-'; $tpl->set_var(array('PATH_NAME' => basename($relative), 'FIELD_NAME' => $safepath, 'CUR_WIDTH' => $cur_width, 'CUR_HEIGHT' => $cur_height, 'ROW_ID' => $line++ & 1)); $tpl->parse('dir_settings', 'dir_settings_block', true); } if ($good_dirs == 0) { $tpl->set_var(array('PATH_NAME' => '', 'FIELD_NAME' => '', 'CUR_WIDTH' => '', 'CUR_HEIGHT' => '', 'ROW_ID' => '', 'DISPLAY_NONE' => ' hide')); $tpl->parse('dir_settings', 'dir_settings_block', true); $tpl->set_var('NONE_FOUND', $MESSAGE['MEDIA_NONE_FOUND']); $tpl->parse('settings', 'dir_settings_block', true); } } else { $tpl->set_var('NONE_FOUND', $MESSAGE['MEDIA_NONE_FOUND']); $tpl->parse('settings', 'dir_settings_block', true); } break; } // normal actions switch ($actions) { case 'media_upload': $target_path = str_replace('\\', '/', LEPTON_PATH . MEDIA_DIRECTORY . $directory); // Create relative path of the new dir name $resizepath = MEDIA_DIRECTORY . $directory; $resizepath = str_replace(array('/', ' '), '_', $resizepath); // Find out whether we should replace files or give an error $overwrite = $admin->get_post('overwrite') != '' ? true : false; // convert to correct searchpattern $allowed_file_types = str_replace(',', '|', RENAME_FILES_ON_UPLOAD); $good_uploads = 0; // If the user chose to unzip the first file, unzip into the current folder if (isset($_POST['unzip']) && $_POST['unzip'] == true) { // include_once(get_include('thumb.php')); if (isset($_FILES['upload']['error'][0]) && $_FILES['upload']['error'][0] == UPLOAD_ERR_OK) { $src_file = isset($_FILES['upload']['name'][0]) ? $_FILES['upload']['name'][0] : null; if ($src_file && preg_match('/\\.zip$/i', $src_file)) { /* * Callback function to skip files not in white-list */ function pclzipCheckValidFile($p_event, &$p_header) { // return 1; $allowed_file_types = str_replace(',', '|', RENAME_FILES_ON_UPLOAD); $info = pathinfo($p_header['filename']); $ext = isset($info['extension']) ? $info['extension'] : ''; $dots = substr($info['basename'], 0, 1) == '.' || substr($info['basename'], -1, 1) == '.'; if (preg_match('/' . $allowed_file_types . '$/i', $ext) && $dots != '.') { // ----- allowed file types are extracted return 1; } else { // ----- all other files are skiped return 0; } } /* ********************************* */ require_once get_include(LEPTON_PATH . '/modules/lib_lepton/pclzip/pclzip.lib.php'); $archive = new PclZip($_FILES['upload']['tmp_name'][0]); $list = $archive->extract(PCLZIP_OPT_PATH, $target_path, PCLZIP_CB_PRE_EXTRACT, 'pclzipCheckValidFile'); $good_uploads = sizeof($list); if ($archive->error_code != 0) { $admin->print_error('UNABLE TO UNZIP FILE' . ' :: ' . $archive->errorInfo(true), $backlink); } } } } else { // proceed normal multi-upload $file_count = sizeof($_FILES['upload']['error']); for ($x = 0; $x < $file_count; $x++) { // If file was upload to tmp if (isset($_FILES['upload']['name'][$x])) { // Remove bad characters $filename = media_filename($_FILES['upload']['name'][$x]); // Check if there is still a filename left and allowed filetyp if ($filename != '' && preg_match("/\\." . $allowed_file_types . "\$/i", $filename)) { // Move to relative path (in media folder) if (file_exists($target_path . '/' . $filename) && $overwrite === true) { if (move_uploaded_file($_FILES['upload']['tmp_name'][$x], $target_path . '/' . $filename)) { $good_uploads++; // Chmod the uploaded file change_mode($target_path . '/' . $filename, 'file'); } } elseif (!file_exists($target_path . '/' . $filename)) { if (move_uploaded_file($_FILES['upload']['tmp_name'][$x], $target_path . '/' . $filename)) { $good_uploads++; // Chmod the uploaded file change_mode($target_path . '/' . $filename); } } if (file_exists($target_path . '/' . $filename) && preg_match("/\\." . $allowed_img_types . "\$/i", $filename)) { if (isset($pathsettings[$resizepath])) { include_once get_include(ADMIN_PATH . '/media/resize_img.php'); if ($pathsettings[$resizepath]['width'] || $pathsettings[$resizepath]['height']) { $rimg = new RESIZEIMAGE($target_path . '/' . $filename); $rimg->resize_limitwh($pathsettings[$resizepath]['width'], $pathsettings[$resizepath]['height'], $target_path . '/' . $filename); $rimg->close(); } } } // store file name of first file for possible unzip action if ($x == 1) { $filename1 = $target_path . '/' . $filename; } } } } } if (isset($_POST['delzip'])) { if (file_exists($filename1)) { unlink($filename1); } } if ($good_uploads == 1) { $admin->print_success($good_uploads . ' ' . $MESSAGE['MEDIA_SINGLE_UPLOADED'], $backlink); } else { $admin->print_success($good_uploads . ' ' . $MESSAGE['MEDIA_UPLOADED'], $backlink); } break; case 'media_create': // $directory = rawurldecode(trim(stripslashes($admin->get_post('current_dir')))); // Remove bad characters from user folder name $target = $admin->get_post('target') != null ? media_filename(trim(stripslashes($admin->get_post('target')))) : $current_dir; $userPath = LEPTON_PATH . MEDIA_DIRECTORY; $err_msg = array(); if ($target == null || $target == $current_dir) { $err_msg[] = $MESSAGE['MEDIA_BLANK_NAME']; } else { // Try and make the dir $target = trim($target, '.'); $dirname = $userPath . $current_dir . '/' . $target; if (file_exists($dirname)) { $err_msg[] = $MESSAGE['MEDIA_DIR_EXISTS']; } else { if (make_dir($dirname)) { change_mode($dirname); if (is_writable($dirname)) { // Create default "index.php" file $rel_pages_dir = str_replace(LEPTON_PATH . MEDIA_DIRECTORY, '', dirname($dirname)); $step_back = str_repeat('../', substr_count($rel_pages_dir, '/') + 1); $content = '<?php' . "\n"; $content .= '// This file is generated by LEPTON Ver.' . VERSION . ';' . "\n"; $content .= "\t" . 'header(\'Location: ' . $step_back . 'index.php\');' . "\n"; $content .= '?>'; $filename = $dirname . '/index.php'; // write content into file $handle = fopen($filename, 'w'); fwrite($handle, $content); fclose($handle); change_mode($filename, 'file'); } else { $err_msg[] = $MESSAGE['GENERIC_BAD_PERMISSIONS']; } } else { $err_msg[] = $MESSAGE['GENERIC_BAD_PERMISSIONS']; } } } if (sizeof($err_msg) > 0) { $admin->print_error(implode('<br />', $err_msg)); } else { $admin->print_success($MESSAGE['MEDIA_DIR_MADE'], $backlink); } break; case 'media_delete': $filetype = isset($_POST['filetype']) ? trim(stripslashes($admin->get_post('filetype'))) : ''; $filename = isset($_POST['filename']) ? trim(stripslashes($admin->get_post('filename'))) : ''; $relative_path = LEPTON_PATH . MEDIA_DIRECTORY . $directory; // Find out whether its a file or folder if ($filetype == 'dir') { // Try and delete the directory if (rm_full_dir($relative_path . '/' . $filename)) { $admin->print_success($MESSAGE['MEDIA_DELETED_DIR'], $backlink); } else { $admin->print_error($MESSAGE['MEDIA_CANNOT_DELETE_DIR'], $backlink); } } elseif ($filetype == 'file') { // Try and delete the file if (unlink($relative_path . '/' . $filename)) { $admin->print_success($MESSAGE['MEDIA_DELETED_FILE'], $backlink); } else { $admin->print_error($MESSAGE['MEDIA_CANNOT_DELETE_FILE'], $backlink); } } else { $admin->print_error($MESSAGE['MEDIA_CANNOT_DELETE_FILE'], $backlink); } break; } // Parse template for preferences form $tpl->parse('main', 'main_wrapper_block', false); $tpl->parse('main', 'main_block', false); $output = $tpl->finish($tpl->parse('output', 'page')); return $output; }