function validate(&$data, $format, $strict = true) { global $ost; //Call parent to Validate the structure if (!parent::validate($data, $format, $strict) && $strict) { $this->exerr(400, 'Unexpected or invalid data received'); } //Nuke attachments IF API files are not allowed. if (!$ost->getConfig()->allowAPIAttachments()) { $data['attachments'] = array(); } //Validate attachments: Do error checking... soft fail - set the error and pass on the request. if ($data['attachments'] && is_array($data['attachments'])) { foreach ($data['attachments'] as &$attachment) { if (!$ost->isFileTypeAllowed($attachment)) { $attachment['error'] = 'Invalid file type (ext) for ' . Format::htmlchars($attachment['name']); } elseif ($attachment['encoding'] && !strcasecmp($attachment['encoding'], 'base64')) { if (!($attachment['data'] = base64_decode($attachment['data'], true))) { $attachment['error'] = sprintf('%s: Poorly encoded base64 data', Format::htmlchars($attachment['name'])); } } if (!$attachment['error'] && ($size = $ost->getConfig()->getMaxFileSize()) && ($fsize = $attachment['size'] ?: strlen($attachment['data'])) && $fsize > $size) { $attachment['error'] = sprintf('File %s (%s) is too big. Maximum of %s allowed', Format::htmlchars($attachment['name']), Format::file_size($fsize), Format::file_size($size)); } } unset($attachment); } return true; }
function getAttachmentsLinks($separator = ' ', $target = '') { $str = ''; if ($attachments = $this->attachments->getSeparates()) { foreach ($attachments as $attachment) { /* The h key must match validation in file.php */ $hash = $attachment['key'] . md5($attachment['id'] . session_id() . strtolower($attachment['key'])); if ($attachment['size']) { $size = sprintf(' <small>(<i>%s</i>)</small>', Format::file_size($attachment['size'])); } $str .= sprintf('<a class="Icon file no-pjax" href="file.php?h=%s" target="%s">%s</a>%s %s', $hash, $target, Format::htmlchars($attachment['name']), $size, $separator); } } return $str; }
function getAttachmentsLinks($separator = ' ', $target = '') { $str = ''; if ($attachments = $this->attachments->getSeparates()) { foreach ($attachments as $attachment) { /* The h key must match validation in file.php */ if ($attachment['size']) { $size = sprintf(' <small>(<i>%s</i>)</small>', Format::file_size($attachment['size'])); } $str .= sprintf('<a class="Icon file no-pjax" href="%s" target="%s">%s</a>%s %s', $attachment['download_url'], $target, Format::htmlchars($attachment['name']), $size, $separator); } } return $str; }
</option><?php $next *= 2; } // Add extra option if top-limit in php.ini doesn't fall // at a power of two if ($next < $limit * 2) { $selected = $limit == $config['max_file_size'] ? 'selected="selected"' : ''; ?> <option value="<?php echo $limit; ?> " <?php echo $selected; ?> ><?php echo Format::file_size($limit); ?> </option><?php } ?> </select> <i class="help-tip icon-question-sign" href="#max_file_size"></i> <div class="error"><?php echo $errors['max_file_size']; ?> </div> </td> </tr> <?php if (($bks = FileStorageBackend::allRegistered()) && count($bks) > 1) { ?>
<div><?php echo $entry->getBody()->toHtml(); ?> </div> <div class="clear"></div> <?php if ($entry->has_attachments) { ?> <div class="attachments"><?php foreach ($entry->attachments as $A) { if ($A->inline) { continue; } $size = ''; if ($A->file->size) { $size = sprintf('<small class="filesize faded">%s</small>', Format::file_size($A->file->size)); } ?> <span class="attachment-info"> <i class="icon-paperclip icon-flip-horizontal"></i> <a class="no-pjax truncate filename" href="<?php echo $A->file->getDownloadUrl(); ?> " download="<?php echo Format::htmlchars($A->getFilename()); ?> " target="_blank"><?php echo Format::htmlchars($A->getFilename()); ?> </a><?php
function getAttachmentStr($refid, $type) { $sql = 'SELECT attach_id,file_size,file_name FROM ' . TICKET_ATTACHMENT_TABLE . ' WHERE deleted=0 AND ticket_id=' . db_input($this->getId()) . ' AND ref_id=' . db_input($refid) . ' AND ref_type=' . db_input($type); $res = db_query($sql); if ($res && db_num_rows($res)) { while (list($id, $size, $name) = db_fetch_row($res)) { $hash = MD5($this->getId() * $refid . session_id()); $size = Format::file_size($size); $name = Format::htmlchars($name); $attachstr .= "<a class='Icon file' href='attachment.php?id={$id}&ref={$hash}' target='_blank'><b>{$name}</b></a> (<i>{$size}</i>) "; } } return $attachstr; }
<em>(Number of files the staff is allowed to upload simultaneously)</em> <font class="error"> <?php echo $errors['max_staff_file_uploads']; ?> </font> </td> </tr> <tr> <td width="180">Maximum File Size:</td> <td> <input type="text" name="max_file_size" value="<?php echo $config['max_file_size']; ?> "> in bytes. <em>(System Max. <?php echo Format::file_size(ini_get('upload_max_filesize')); ?> )</em> <font class="error"> <?php echo $errors['max_file_size']; ?> </font> </td> </tr> <tr> <td width="180">Ticket Response Files:</td> <td> <input type="checkbox" name="email_attachments" <?php echo $config['email_attachments'] ? 'checked="checked"' : ''; ?> >Email attachments to the user
function getConfigurationOptions() { // Compute size selections $sizes = array('262144' => '— ' . __('Small') . ' —'); $next = 512 << 10; $max = strtoupper(ini_get('upload_max_filesize')); $limit = (int) $max; if (!$limit) { $limit = 2 << 20; } elseif (strpos($max, 'K')) { $limit <<= 10; } elseif (strpos($max, 'M')) { $limit <<= 20; } elseif (strpos($max, 'G')) { $limit <<= 30; } while ($next <= $limit) { // Select the closest, larger value (in case the // current value is between two) $sizes[$next] = Format::file_size($next); $next *= 2; } // Add extra option if top-limit in php.ini doesn't fall // at a power of two if ($next < $limit * 2) { $sizes[$limit] = Format::file_size($limit); } $types = array(); foreach (self::getFileTypes() as $type => $info) { $types[$type] = $info['description']; } global $cfg; return array('size' => new ChoiceField(array('label' => __('Maximum File Size'), 'hint' => __('Choose maximum size of a single file uploaded to this field'), 'default' => $cfg->getMaxFileSize(), 'choices' => $sizes)), 'mimetypes' => new ChoiceField(array('label' => __('Restrict by File Type'), 'hint' => __('Optionally, choose acceptable file types.'), 'required' => false, 'choices' => $types, 'configuration' => array('multiselect' => true, 'prompt' => __('No restrictions')))), 'extensions' => new TextareaField(array('label' => __('Additional File Type Filters'), 'hint' => __('Optionally, enter comma-separated list of additional file types, by extension. (e.g .doc, .pdf).'), 'configuration' => array('html' => false, 'rows' => 2))), 'max' => new TextboxField(array('label' => __('Maximum Files'), 'hint' => __('Users cannot upload more than this many files.'), 'default' => false, 'required' => false, 'validator' => 'number', 'configuration' => array('size' => 8, 'length' => 4, 'placeholder' => __('No limit'))))); }
function getAttachmentsLinks($refId, $type, $separator = ' ', $target = '') { $str = ''; foreach ($this->getAttachments($refId, $type) as $attachment) { /* The has here can be changed but must match validation in attachment.php */ $hash = md5($attachment['file_id'] . session_id() . $attachment['file_hash']); if ($attachment['size']) { $size = sprintf('(<i>%s</i>)', Format::file_size($attachment['size'])); } $str .= sprintf('<a class="Icon file" href="attachment.php?id=%d&h=%s" target="%s">%s</a>%s %s', $attachment['attach_id'], $hash, $target, Format::htmlchars($attachment['name']), $size, $separator); } return $str; }
function format($files, $restrict = false) { global $ost; if (!$files || !is_array($files)) { return null; } //Reformat $_FILE for the sane. $attachments = array(); foreach ($files as $k => $a) { if (is_array($a)) { foreach ($a as $i => $v) { $attachments[$i][$k] = $v; } } } //Basic validation. foreach ($attachments as $i => &$file) { //skip no file upload "error" - why PHP calls it an error is beyond me. if ($file['error'] && $file['error'] == UPLOAD_ERR_NO_FILE) { unset($attachments[$i]); continue; } if ($file['error']) { //PHP defined error! $file['error'] = 'File upload error #' . $file['error']; } elseif (!$file['tmp_name'] || !is_uploaded_file($file['tmp_name'])) { $file['error'] = 'Invalid or bad upload POST'; } elseif ($restrict) { // make sure file type & size are allowed. if (!$ost->isFileTypeAllowed($file)) { $file['error'] = 'Invalid file type for ' . Format::htmlchars($file['name']); } elseif ($ost->getConfig()->getMaxFileSize() && $file['size'] > $ost->getConfig()->getMaxFileSize()) { $file['error'] = sprintf('File %s (%s) is too big. Maximum of %s allowed', Format::htmlchars($file['name']), Format::file_size($file['size']), Format::file_size($ost->getConfig()->getMaxFileSize())); } } } unset($file); return array_filter($attachments); }
</div> </div> <?php if ($entry->has_attachments && ($files = $entry->attachments)) { ?> <div class="info"> <?php foreach ($files as $A) { ?> <div> <span><?php echo Format::htmlchars($A->file->name); ?> </span> <span class="faded">(<?php echo Format::file_size($A->file->size); ?> )</span> </div> <?php } ?> </div> <?php } ?> </div> <?php } } ?>
// current value is between two) $diff = $next - $config['max_file_size']; $selected = ($diff >= 0 && $diff < $next / 2) ? 'selected="selected"' : ''; ?> <option value="<?php echo $next; ?>" <?php echo $selected; ?>><?php echo Format::file_size($next); ?></option><?php $next *= 2; } // Add extra option if top-limit in php.ini doesn't fall // at a power of two if ($next < $limit * 2) { $selected = ($limit == $config['max_file_size']) ? 'selected="selected"' : ''; ?> <option value="<?php echo $limit; ?>" <?php echo $selected; ?>><?php echo Format::file_size($limit); ?></option><?php } ?> </select> <i class="help-tip icon-question-sign" href="#max_file_size"></i> <div class="error"><?php echo $errors['max_file_size']; ?></div> </td> </tr> <?php if (($bks = FileStorageBackend::allRegistered()) && count($bks) > 1) { ?> <tr> <td width="180"><?php echo __('Store Attachments'); ?>:</td> <td><select name="default_storage_bk"><?php foreach ($bks as $char=>$class) { $selected = $config['default_storage_bk'] == $char
function getAttachmentsLinks($file = 'attachment.php', $target = '', $separator = ' ') { $str = ''; foreach ($this->getAttachments() as $attachment) { if ($attachment['inline']) { continue; } /* The hash can be changed but must match validation in @file */ $hash = md5($attachment['file_id'] . session_id() . $attachment['file_hash']); $size = ''; if ($attachment['size']) { $size = sprintf('<em>(%s)</em>', Format::file_size($attachment['size'])); } $str .= sprintf('<a class="Icon file no-pjax" href="%s?id=%d&h=%s" target="%s">%s</a>%s %s', $file, $attachment['attach_id'], $hash, $target, Format::htmlchars($attachment['name']), $size, $separator); } return $str; }
function getAttachmentsLinks($file = 'attachment.php', $target = '_blank', $separator = ' ') { $str = ''; foreach ($this->getAttachments() as $attachment) { if ($attachment['inline']) { continue; } $size = ''; if ($attachment['size']) { $size = sprintf('<em>(%s)</em>', Format::file_size($attachment['size'])); } $str .= sprintf('<a class="Icon file no-pjax" href="%s" target="%s">%s</a>%s %s', $attachment['download_url'], $target, Format::htmlchars($attachment['name']), $size, $separator); } return $str; }
function validateFileUploads(&$files) { $errors = 0; foreach ($files as &$file) { if (!$this->isFileTypeAllowed($file)) { $file['error'] = 'Invalid file type for ' . $file['name']; } elseif ($file['size'] > $this->getConfig()->getMaxFileSize()) { $file['error'] = sprintf('File (%s) is too big. Maximum of %s allowed', $file['name'], Format::file_size($this->getConfig()->getMaxFileSize())); } elseif (!$file['error'] && !is_uploaded_file($file['tmp_name'])) { $file['error'] = 'Invalid or bad upload POST'; } if ($file['error']) { $errors++; } } return !$errors; }