private function onAdd()
{
$form = $this->formAdd();
if (false !== ($error = $form->validate($this->module))) {
return $error . $this->templateAdd();
}
$file = $form->getVar('file');
$tmp = $file['tmp_name'];
$postid = $this->post->getID();
$userid = GWF_Session::getUserID();
$options = 0;
$options |= isset($_POST['guest_view']) ? GWF_ForumAttachment::GUEST_VISIBLE : 0;
$options |= isset($_POST['guest_down']) ? GWF_ForumAttachment::GUEST_DOWNLOAD : 0;
# Put in db
$attach = new GWF_ForumAttachment(array('fatt_aid' => 0, 'fatt_uid' => $userid, 'fatt_pid' => $postid, 'fatt_mime' => GWF_Upload::getMimeType($tmp), 'fatt_size' => filesize($tmp), 'fatt_downloads' => 0, 'fatt_filename' => $file['name'], 'fatt_options' => $options, 'fatt_date' => GWF_Time::getDate(GWF_Date::LEN_SECOND)));
if (false === $attach->insert()) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
$aid = $attach->getID();
# Copy file
$path = $attach->dbimgPath();
if (false === GWF_Upload::moveTo($file, $path)) {
@unlink($tmp);
return GWF_HTML::err('ERR_WRITE_FILE', $path);
}
@unlink($tmp);
$this->post->increase('post_attachments', 1);
return $this->module->message('msg_attach_added', array($this->post->getShowHREF()));
}
public static function onUpload(Module_PageBuilder $module)
{
if (false !== ($error = GWF_Form::validateCSRF_WeakS())) {
return $error;
}
if (false === ($file = GWF_Upload::getFile('file'))) {
return GWF_HTML::err('ERR_MISSING_UPLOAD');
}
$back = '';
# TODO: There are more unsafe languages!
# But we want to keep the file extension.
# Not really a big deal, unless you have malicious admin users.
$name = $file['name'];
// $name = str_replace(array('/', '\\'), '', $name);
// $forbidden = array('.php',/* '.pl', '.py', '.asp'*/);
// foreach ($forbidden as $ext)
// {
// if (Common::endsWith($name, $ext))
// if (Common::endsWith($name, '.php'))
// {
// $name .= '.html';
// $back .= $module->error('err_file_ext');
// return $back;
// }
// }
# This is evil, sometimes even with foo.php.html
if (stripos($name, '.php') !== false) {
return $module->error('err_file_ext');
}
# We do a sanity check here
if (!preg_match('#^[a-z0-9_][a-z0-9_\\.]{0,62}$#iD', $name)) {
$back .= $module->error('err_file_name');
return $back;
}
# Copy the file
$path = 'dbimg/content/' . $name;
$epath = htmlspecialchars($path);
if (Common::isFile($path)) {
return $back . $module->error('err_upload_exists');
}
if (false === GWF_Upload::moveTo($file, $path)) {
return $back . GWF_HTML::err('ERR_WRITE_FILE', array($epath));
}
# Is bbcode mode?
$bbcode = (Common::getPostInt('type', 0) & (GWF_Page::HTML | GWF_Page::SMARTY)) === 0;
# Append to page content as image or anchor.
$_POST['content'] .= self::fileToContent($name, $path, $bbcode);
return $module->message('msg_file_upped', array($epath));
}
private function onReup(GWF_Download $dl)
{
$form = $this->getFormReup($dl);
if (false !== ($err = $form->validate($this->module))) {
return $err . $this->templateEdit($dl);
}
if (false === ($file = $form->getVar('file'))) {
return $this->module->error('err_file') . $this->templateEdit($dl);
}
if ($this->module->isModerated($this->module)) {
return GWF_HTML::err('ERR_NO_PERMISSION') . $this->templateEdit($dl);
}
$tempname = 'dbimg/dl/' . $dl->getVar('dl_id');
if (false === ($file = GWF_Upload::moveTo($file, $tempname))) {
return GWF_HTML::err('ERR_WRITE_FILE', array($tempname)) . $this->templateEdit($dl);
}
if (false === $dl->saveVars(array('dl_uid' => GWF_Session::getUserID(), 'dl_mime' => GWF_Upload::getMimeType($file['tmp_name']), 'dl_date' => GWF_Time::getDate(GWF_Date::LEN_SECOND)))) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
return $this->module->message('msg_uploaded') . $this->templateEdit($dl);
}
private function uploadedFile(GWF_Form $form)
{
if (false === ($file = $form->getVar('file'))) {
// echo $this->module->error('err_file');
return;
}
$tempname = 'dbimg/dl/' . basename($file['tmp_name']);
if (false === ($file = GWF_Upload::moveTo($file, $tempname))) {
echo GWF_HTML::err('ERR_WRITE_FILE', array($tempname));
}
GWF_Session::set(self::SESS_FILE, $file);
}
public function onSetLogo(WC_Site $site, $is_admin)
{
$form = $this->getFormLogo($site, $is_admin);
if (false !== ($errors = $form->validate($this->module))) {
return $errors;
}
# Upload Icon
if (false === ($file = $form->getVar('new_logo'))) {
return $this->module->error('err_no_logo');
}
// if (!(GWF_Upload::isImageFile($file))) {
// return $this->module->error('err_no_logo');
// }
if (false === GWF_Upload::resizeImage($file, 32, 32, 32, 32)) {
return $this->module->error('err_no_logo');
}
$sid = $site->getID();
$filename = 'dbimg/logo/' . $sid;
if (false === ($file = GWF_Upload::moveTo($file, $filename))) {
return $this->module->error('err_write_logo', array($filename));
}
# Convert to GIF
if (false === ($img = imagecreatefromstring(file_get_contents($filename)))) {
return $this->module->error('err_no_logo');
}
$filenamegif = 'dbimg/logo_gif/' . $sid . '.gif';
if (false === imagegif($img, $filenamegif)) {
return $this->module->error('err_write_logo', array($filenamegif));
}
imagedestroy($img);
$site->increase('site_logo_v', 1);
$site->saveOption(WC_Site::HAS_LOGO);
}
private function unReUpload(array $file, GWF_ForumAttachment $attach)
{
$temp = $file['tmp_name'];
$target = $attach->dbimgPath();
$success = GWF_Upload::moveTo($file, $target);
@unlink($temp);
if (!$success) {
return GWF_HTML::err('ERR_WRITE_FILE', $target);
}
if (false === $attach->saveVars(array('fatt_mime' => GWF_Upload::getMimeType($target), 'fatt_size' => filesize($target), 'fatt_downloads' => 0, 'fatt_filename' => $file['name'], 'fatt_date' => GWF_Time::getDate(GWF_Date::LEN_SECOND)))) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
return false;
}
public function onUpload(WC_Challenge $chall)
{
$module = Module_WeChall::instance();
$form = $this->getForm($chall);
if (false === ($file = $form->getVar('image'))) {
return GWF_HTML::error('Smile', array($chall->lang('err_no_image')));
}
if (!GWF_Upload::isImageFile($file)) {
return GWF_HTML::error('Smile', array($chall->lang('err_no_image')));
}
if (false === GWF_Upload::resizeImage($file, 64, 64, 16, 16)) {
return GWF_HTML::error('Smile', array($chall->lang('err_no_image')));
}
$whitelist = array('.jpg', '.jpeg', '.gif', '.png');
$filename = $file['name'];
$allowed = false;
foreach ($whitelist as $allow) {
if (Common::endsWith($filename, $allow)) {
$allowed = true;
break;
}
}
if (strpos($filename, '.php') !== false) {
$allowed = false;
}
if (!preg_match('/^[\\x00-\\x7f]+$/D', $filename)) {
return GWF_HTML::error('Smile Path', array($chall->lang('err_ascii')));
}
if (!$allowed) {
return GWF_HTML::error('Smile', array($chall->lang('err_no_image')));
}
$fullpath = "challenge/livinskull/smile/smiles/{$filename}";
$efp = htmlspecialchars($fullpath);
if (false === ($file = GWF_Upload::moveTo($file, $fullpath))) {
return GWF_HTML::err('ERR_WRITE_FILE', array($efp));
}
$efp = htmlspecialchars($fullpath);
$rule = htmlspecialchars("<img src=\"/{$efp}\" />");
return GWF_HTML::message('Smile', $chall->lang('msg_uploaded', array($rule)));
}
private function saveAvatar(array $file)
{
if (!GWF_Upload::isImageFile($file)) {
return $this->module->error('err_no_image');
}
if (false === GWF_Upload::resizeImage($file, $this->module->cfgAvatarMaxWidth(), $this->module->cfgAvatarMaxHeight(), $this->module->cfgAvatarMinWidth(), $this->module->cfgAvatarMinHeight())) {
return $this->module->error('err_no_image');
}
$user = GWF_Session::getUser();
$uid = $user->getID();
if (false === ($file = GWF_Upload::moveTo($file, 'dbimg/avatar/' . $uid))) {
return $this->module->error('err_write_avatar');
}
$user->saveOption(GWF_User::HAS_AVATAR, true);
$user->increase('user_avatar_v', 1);
return $this->module->message('msg_avatar_saved');
}
