Ejemplo n.º 1
0
 /**
  * Find filename which isn't already taken in the filesystem.
  *
  * @param  string  $folder      Relative path from JPATH_ROOT.
  * @param  string  $basename    Filename without extension.
  * @param  string  $extension   File extension.
  * @param  bool    $protected   True to randomize the filename. If not given, uses Kunena configuration setting.
  *
  * @return string
  *
  * @since  K4.0
  */
 public static function getAvailableFilename($folder, $basename, $extension, $protected = null)
 {
     if (is_null($protected)) {
         $protected = (bool) KunenaConfig::getInstance()->attachment_protection;
     }
     if ($protected) {
         // Ignore proposed filename and return totally random and unique name without file extension.
         do {
             $name = md5(rand());
         } while (file_exists(JPATH_ROOT . "/{$folder}/{$name}"));
         return $name;
     }
     // Lets find out if we need to rename the filename.
     $basename = preg_replace('/[[:space:]]/', '', KunenaFile::makeSafe($basename));
     $extension = trim($extension, '.');
     if (empty($basename)) {
         $basename = 'file_' . substr(md5(rand()), 2, 7);
     }
     $newName = "{$basename}.{$extension}";
     $date = date('Y-m-d');
     // Rename file if there is already one with the same name
     if (file_exists(JPATH_ROOT . "/{$folder}/{$newName}")) {
         $newName = "{$basename}_{$date}.{$extension}";
         for ($i = 2; file_exists(JPATH_ROOT . "/{$folder}/{$newName}"); $i++) {
             $newName = "{$basename}_{$date}-{$i}.{$extension}";
         }
     }
     return $newName;
 }
Ejemplo n.º 2
0
 function uploadFile($uploadPath, $input = 'kattachment', $filename = '', $ajax = true)
 {
     $this->resetStatus();
     // create upload directory if it does not exist
     if (!JFolder::exists($uploadPath)) {
         if (!JFolder::create($uploadPath)) {
             $this->fail(JText::_('COM_KUNENA_UPLOAD_ERROR_CREATE_DIR'));
             return false;
         }
     }
     KunenaFolder::createIndex($uploadPath);
     // Get file name and validate with path type
     $this->fileName = JRequest::getString($input . '_name', '', 'post');
     $this->fileSize = 0;
     $chunk = JRequest::getInt('chunk', 0);
     $chunks = JRequest::getInt('chunks', 0);
     if ($chunks && $chunk >= $chunks) {
         $this->error = JText::_('COM_KUNENA_UPLOAD_ERROR_EXTRA_CHUNK');
     }
     //If uploaded by using normal form (no AJAX)
     if ($ajax == false || isset($_REQUEST["multipart"])) {
         $file = JRequest::getVar($input, null, 'files', 'array');
         // File upload
         if (!empty($file['error'])) {
             // Any errors the server registered on uploading
             switch ($file['error']) {
                 case 0:
                     // UPLOAD_ERR_OK :
                     break;
                 case 1:
                     // UPLOAD_ERR_INI_SIZE :
                 // UPLOAD_ERR_INI_SIZE :
                 case 2:
                     // UPLOAD_ERR_FORM_SIZE :
                     $this->fail(JText::_('COM_KUNENA_UPLOAD_ERROR_SIZE') . 'DEBUG: file[error]' . htmlspecialchars($file['error'], ENT_COMPAT, 'UTF-8'));
                     break;
                 case 3:
                     // UPLOAD_ERR_PARTIAL :
                     $this->fail(JText::_('COM_KUNENA_UPLOAD_ERROR_PARTIAL'));
                     break;
                 case 4:
                     // UPLOAD_ERR_NO_FILE :
                     $this->fail(JText::_('COM_KUNENA_UPLOAD_ERROR_NO_FILE'));
                     break;
                 case 5:
                     // UPLOAD_ERR_NO_TMP_DIR :
                     $this->fail(JText::_('COM_KUNENA_UPLOAD_ERROR_NO_TMP_DIR'));
                     break;
                 case 7:
                     // UPLOAD_ERR_CANT_WRITE, PHP 5.1.0
                     $this->fail(JText::_('COM_KUNENA_UPLOAD_ERROR_CANT_WRITE'));
                     break;
                 case 8:
                     // UPLOAD_ERR_EXTENSION, PHP 5.2.0
                     $this->fail(JText::_('COM_KUNENA_UPLOAD_ERROR_PHP_EXTENSION'));
                     break;
                 default:
                     $this->fail(JText::_('COM_KUNENA_UPLOAD_ERROR_UNKNOWN'));
             }
             return false;
         } elseif (!is_uploaded_file($file['tmp_name'])) {
             $this->fail(JText::_('COM_KUNENA_UPLOAD_ERROR_NOT_UPLOADED'));
             return false;
         }
         $this->fileTemp = $file['tmp_name'];
         $this->fileSize = $file['size'];
         if (!$this->fileName) {
             // Need to add additonal path type check as array getVar does not
             $this->fileName = $file['name'];
         }
     } else {
         // Currently not in use: this is meant for experimental AJAX uploads
         // Open temp file
         $this->fileTemp = KunenaPath::tmpdir() . '/kunena_' . md5($this->_my->id . '/' . $this->_my->username . '/' . $this->fileName);
         $out = fopen($this->fileTemp, $chunk == 0 ? "wb" : "ab");
         if ($out) {
             // Read binary input stream and append it to temp file
             $in = fopen("php://input", "rb");
             if ($in) {
                 while (($buff = fread($in, 8192)) != false) {
                     fwrite($out, $buff);
                 }
             } else {
                 $this->fail(JText::_('COM_KUNENA_UPLOAD_ERROR_NO_INPUT'));
             }
             clearstatcache();
             $fileInfo = fstat($out);
             $this->fileSize = $fileInfo['size'];
             fclose($out);
             if (!$this->error) {
                 $this->checkFileSize($this->fileSize);
             }
             if ($chunk + 1 < $chunks) {
                 $this->status = empty($this->error);
                 return $this->status;
             }
         } else {
             $this->fail(JText::_('COM_KUNENA_UPLOAD_ERROR_CANT_WRITE'));
         }
     }
     // Terminate early if we already hit an error
     if ($this->error) {
         return false;
     }
     // assume the extension is false until we know its ok
     $extOk = false;
     $fileparts = $this->getValidExtension($this->validFileExts);
     $uploadedFileExtension = '';
     if ($fileparts) {
         $this->_isfile = true;
         $extOk = true;
         $uploadedFileBasename = $fileparts[0];
         $uploadedFileExtension = $fileparts[1];
     }
     $fileparts = $this->getValidExtension($this->validImageExts);
     if ($fileparts) {
         $this->_isimage = true;
         $extOk = true;
         $uploadedFileBasename = $fileparts[0];
         $uploadedFileExtension = $fileparts[1];
     }
     if ($extOk == false) {
         $imglist = implode(', ', $this->validImageExts);
         $filelist = implode(', ', $this->validFileExts);
         if ($imglist && $filelist) {
             $this->fail(JText::sprintf('COM_KUNENA_UPLOAD_ERROR_EXTENSION', $imglist, $filelist));
         } else {
             if ($imglist && !$filelist) {
                 $this->fail(JText::sprintf('COM_KUNENA_UPLOAD_ERROR_EXTENSION_FILE', $this->_config->filetypes));
             } else {
                 if (!$imglist && $filelist) {
                     $this->fail(JText::sprintf('COM_KUNENA_UPLOAD_ERROR_EXTENSION_IMAGE', $this->_config->imagetypes));
                 } else {
                     $this->fail(JText::sprintf('COM_KUNENA_UPLOAD_ERROR_NOT_ALLOWED', $filelist));
                 }
             }
         }
         $this->not_valid_img_ext = false;
         return false;
     }
     // Special processing for images
     if ($this->_isimage) {
         $this->imageInfo = CKunenaImageHelper::getProperties($this->fileTemp);
         // Let see if we need to check the MIME type
         if ($this->_config->checkmimetypes) {
             // check against whitelist of MIME types
             $validFileTypes = explode(",", $this->_config->imagemimetypes);
             //if the temp file does not have a width or a height, or it has a non ok MIME, return
             if (!is_int($this->imageInfo->width) || !is_int($this->imageInfo->height) || !in_array($this->imageInfo->mime, $validFileTypes)) {
                 $this->fail(JText::sprintf('COM_KUNENA_UPLOAD_ERROR_MIME', $this->imageInfo->mime, $this->_config->imagetypes));
                 return false;
             }
         }
         // If image is not inside allowed size limits, resize it
         if ($this->fileSize > $this->imagesize || $this->imageInfo->width > $this->imagewidth || $this->imageInfo->height > $this->imageheight) {
             $options = array('quality' => $this->imagequality);
             $imageRaw = new CKunenaImage($this->fileTemp);
             if ($imageRaw->getError()) {
                 $this->fail(JText::_($imageRaw->getError()));
                 return false;
             }
             $image = $imageRaw->resize($this->imagewidth, $this->imageheight);
             $type = $imageRaw->getType();
             unset($imageRaw);
             $image->toFile($this->fileTemp, $type, $options);
             clearstatcache();
             // Re-calculate physical file size: image has been shrunk
             $stat = stat($this->fileTemp);
             if (!$stat) {
                 $this->fail(JText::_('COM_KUNENA_UPLOAD_ERROR_STAT', htmlspecialchars($this->fileTemp, ENT_COMPAT, 'UTF-8')));
                 return false;
             }
             $this->fileSize = $stat['size'];
         }
     }
     $this->checkFileSize($this->fileSize);
     // Check again for error and terminate early if we already hit an error
     if ($this->error) {
         return false;
     }
     // Populate hash, file size and other info
     // Get a hash value from the file
     $this->fileHash = md5_file($this->fileTemp);
     // Override filename if given in the parameter
     if ($filename) {
         $uploadedFileBasename = $filename;
     }
     $uploadedFileBasename = KunenaFile::makeSafe($uploadedFileBasename);
     if (empty($uploadedFileBasename)) {
         $uploadedFileBasename = 'h' . substr($this->fileHash, 2, 7);
     }
     // Rename file if there is already one with the same name
     $newFileName = $uploadedFileBasename . "." . $uploadedFileExtension;
     $newFileName = preg_replace('/[[:space:]]/', '', $newFileName);
     $uploadedFileBasename = preg_replace('/[[:space:]]/', '', $uploadedFileBasename);
     if (file_exists($uploadPath . '/' . $newFileName)) {
         $newFileName = $uploadedFileBasename . "." . $uploadedFileExtension;
         for ($i = 2; file_exists("{$uploadPath}/{$newFileName}"); $i++) {
             $newFileName = $uploadedFileBasename . "-{$i}." . $uploadedFileExtension;
         }
     }
     $this->fileName = $newFileName;
     // All the processing is complete - now we need to move the file(s) into the final location
     @chmod($this->fileTemp, 0644);
     if (!JFile::copy($this->fileTemp, $uploadPath . '/' . $this->fileName)) {
         $this->fail(JText::sprintf('COM_KUNENA_UPLOAD_ERROR_NOT_MOVED', htmlspecialchars($uploadPath . '/' . $this->fileName, ENT_COMPAT, 'UTF-8')));
         unlink($this->fileTemp);
         return false;
     }
     unlink($this->fileTemp);
     JPath::setPermissions($uploadPath . '/' . $this->fileName);
     $this->ready = true;
     return $this->status = true;
 }