Ejemplo n.º 1
0
 function loadScripts()
 {
     $d =& JFactory::getDocument();
     // CSS styles
     $d->addStyleDeclaration('#fileList{' . 'width:670px;' . 'height:220px;' . 'overflow:auto;' . 'clear:both;' . '}' . '#fileList div.item{' . 'float:left;' . 'width:70px;' . 'border:1px solid #fff;' . 'background-color:#fff;' . 'text-align:center;' . '}' . '#fileList div.item div.name{' . 'height:15px;' . '}' . '#fileList div.item div.icon div.border{' . 'margin-top:10px;' . 'height:45px;' . 'width:68px;' . 'vertical-align:middle;' . 'overflow:hidden;' . '}' . '#fileList div.item div.icon div.border a{' . 'height:45px;' . 'width:68px;' . 'display:block;' . '}' . '#fileList div.item:hover{' . 'border:1px solid #0B55C4;' . 'background-color:#d2d7e0;' . 'cursor:pointer;' . '}');
     // Javascript
     if (LinkrHelper::getMediaParam('enable_flash', 1)) {
         JHTML::_('behavior.uploader', 'file-upload', array('targetURL' => $this->form->uploadURL, 'types' => '{\'Pictures (*.bmp, *.gif, *.jpg, *.jpeg, *.png)\':\'*.bmp;*.gif;*.jpg;*.jpeg;*.png\'}', 'onAllComplete' => 'function(){ window.location.reload(true); }'));
     }
     $d->addScriptDeclaration('var selectIcon	= function(u, f)' . '{' . 'if (document.uploadForm.deli.checked == true) {' . 'if (confirm("' . JText::_('VALIDDELETEITEMS', true) . '")) {' . 'window.location.href = "' . $this->form->deleteURL . '"+ f;' . '}' . '} else {' . 'window.parent.document.adminForm.icon.value=u;' . 'window.parent.document.getElementById("sbox-window").close();' . '}' . '}');
 }
Ejemplo n.º 2
0
 function canUpload()
 {
     // Check extension
     $ext = strtolower(JFile::getExt($this->file['name']));
     $allow = @explode(',', LinkrHelper::getMediaParam('upload_extensions'));
     $ignore = @explode(',', LinkrHelper::getMediaParam('ignore_extensions'));
     if (!in_array($ext, $allow) && !in_array($ext, $ignore)) {
         LinkrHelper::log('Upload failed: file extension check');
         return false;
     }
     // Check filesize
     $max = (int) LinkrHelper::getMediaParam('upload_maxsize', 0);
     if ($max > 0 && (int) $this->file['size'] > $max) {
         LinkrHelper::log('Upload failed: file size (' . $this->file['size'] . ') larger than maximum (' . $max . ')');
         return false;
     }
     // PHP image checks
     if (LinkrHelper::getMediaParam('restrict_uploads', 1)) {
         $imgx = explode(',', LinkrHelper::getMediaParam('image_extensions'));
         // GetImageSize
         if (in_array($ext, $imgx) && !getimagesize($this->file['tmp_name'])) {
             LinkrHelper::log('Upload Failed: could not get image information through "GetImageSize()"');
             return false;
         } else {
             if (!in_array($ext, $ignore)) {
                 $amime = explode(',', LinkrHelper::getMediaParam('upload_mime'));
                 $imime = explode(',', LinkrHelper::getMediaParam('upload_mime_illegal'));
                 // FileInfo
                 if (function_exists('finfo_open') && LinkrHelper::getMediaParam('check_mime', 1)) {
                     $finfo = finfo_open(FILEINFO_MIME);
                     $type = finfo_file($finfo, $this->file['tmp_name']);
                     if (strlen($type) && !in_array($type, $amime) && in_array($type, $imime)) {
                         LinkrHelper::log("Upload Failed: invalid mime-type ({$type})");
                         finfo_close($finfo);
                         return false;
                     }
                 } else {
                     if (function_exists('mime_content_type') && LinkrHelper::getMediaParam('check_mime', 1)) {
                         $type = mime_content_type($this->file['tmp_name']);
                         if (strlen($type) && !in_array($type, $amime) && in_array($type, $imime)) {
                             LinkrHelper::log("Upload Failed: invalid mime-type ({$type})");
                             return false;
                         }
                     } else {
                         $user =& JFactory::getUser();
                         if (!$user->authorize('login', 'administrator')) {
                             LinkrHelper::log('Upload Failed: can\'t check mime-type');
                             return false;
                         }
                     }
                 }
             }
         }
     }
     // Cross-site scripting
     $xss = JFile::read($this->file['tmp_name'], false, 256);
     $tags = array('abbr', 'acronym', 'address', 'applet', 'area', 'audioscope', 'base', 'basefont', 'bdo', 'bgsound', 'big', 'blackface', 'blink', 'blockquote', 'body', 'bq', 'br', 'button', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'comment', 'custom', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'embed', 'fieldset', 'fn', 'font', 'form', 'frame', 'frameset', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'hr', 'html', 'iframe', 'ilayer', 'img', 'input', 'ins', 'isindex', 'keygen', 'kbd', 'label', 'layer', 'legend', 'li', 'limittext', 'link', 'listing', 'map', 'marquee', 'menu', 'meta', 'multicol', 'nobr', 'noembed', 'noframes', 'noscript', 'nosmartquotes', 'object', 'ol', 'optgroup', 'option', 'param', 'plaintext', 'pre', 'rt', 'ruby', 's', 'samp', 'script', 'select', 'server', 'shadow', 'sidebar', 'small', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'title', 'tr', 'tt', 'ul', 'var', 'wbr', 'xml', 'xmp', '!DOCTYPE', '!--');
     foreach ($tags as $t) {
         if (stristr($xss, '<' . $t . ' ') || stristr($xss, '<' . $t . '>')) {
             LinkrHelper::log('Upload Failed: possibly an XSS attack');
             return false;
         }
     }
     // File passed the test!
     return true;
 }
Ejemplo n.º 3
0
 function folderItems()
 {
     // Get filetypes
     $exts = 'bmp,csv,doc,gif,jpg,jpeg,odg,odp,ods,odt,pdf,png,ppt,txt,xcf,xls';
     $exts = LinkrHelper::getMediaParam('upload_extensions', $exts);
     // Build regular expression
     $exts = preg_replace('/[^A-Z0-9,]/i', '', $exts);
     $exts = '\\.(' . str_replace(',', '|', $exts) . ')';
     // Get folder from request
     $info = $this->fileInfo();
     $folder = $info['path'];
     // Get folders
     if ($info['parent']) {
         $folders = LinkrHelper::listDirectories($info['path']);
     } else {
         $paths = LinkrHelper::getParam('paths', 'images');
         $regex = LinkrHelper::buildRegex($paths);
         $folders = LinkrHelper::listDirectories($info['base'], $regex);
     }
     // Get files
     $files = LinkrHelper::listFiles($folder, $exts);
     // Create output
     $items = '<div id="filedirlist">' . '<div style="clear:both;"></div>';
     // Parent directory
     $icon = JURI::root() . 'administrator/components/com_media/images/folderup_32.png';
     $icon = JHTML::image($icon, 'Folder', array('width' => 32, 'height' => 32, 'class' => 'big'));
     if ($info['parent']) {
         $click = 'LinkrHelper.fileDir(\'' . $info['parent.64'] . '\')';
         $items .= '<div class="item up">' . '<div class="icon" onclick="' . $click . '">' . '<div align="center" class="border"><a>' . $icon . '</a></div></div>' . '<div class="name">' . JText::_('up') . '</div>' . '</div>';
     }
     // Folders
     $icon = JURI::root() . 'administrator/components/com_media/images/folder.png';
     $icon = JHTML::image($icon, 'Folder', array('width' => 32, 'height' => 32, 'class' => 'big'));
     foreach ($folders as $d) {
         $click = 'LinkrHelper.fileDir(\'' . $d['path.64'] . '\')';
         $items .= '<div class="item">' . '<div class="icon" onclick="' . $click . '">' . '<div align="center" class="border"><a>' . $icon . '</a></div></div>' . '<div class="name">' . $d['name'] . '</div>' . '</div>';
     }
     // Files
     foreach ($files as $f) {
         $icon = array('width' => $f->width, 'height' => $f->height);
         $icon = JHTML::image($f->icon, $f->name, $icon);
         $title = $f->type . ' - ' . $f->name . ' (' . $f->size . ')';
         $name = str_replace('.' . $f->ext, '', $f->name);
         $click = 'LinkrHelper.file(\'' . $f->src . '\')';
         $items .= '<div class="item">' . '<div class="icon"title="' . $title . '"onclick="' . $click . '">' . '<div align="center" class="border"><a>' . $icon . '</a></div></div>' . '<div class="name">' . $name . '</div>' . '</div>';
     }
     return $items . '</div>';
 }
Ejemplo n.º 4
0
 function files()
 {
     // Get folder
     $folder = JRequest::getVar('f', '', 'REQUEST', 'base64');
     $folder = @base64_decode($folder);
     if (!$folder || !strlen($folder)) {
         return $this->badRequest();
     }
     // Check folder
     $i = $this->getFileInfo($folder);
     if ($folder != $i['base']) {
         foreach ($i['path.list'] as $p) {
             if (strpos($folder, $p) === 0) {
                 $c = true;
                 break;
             }
         }
         // Invalid folder
         if (!$c) {
             return $this->badRequest('Invalid directory');
         }
     }
     // Save folder
     $this->setState('current', $i['path.64']);
     // Get folders
     if ($folder != $i['base']) {
         $folders = LinkrHelper::listDirectories($folder);
     } else {
         $folders = LinkrHelper::listDirectories($i['base'], $i['base.regex']);
     }
     // Get files
     $exts = LinkrHelper::getMediaParam('upload_extensions', '');
     $exts = strlen($exts) ? $exts : 'bmp,csv,doc,gif,jpg,jpeg,odg,odp,ods,odt,pdf,png,ppt,txt,xcf,xls';
     $exts = preg_replace('/[^A-Z0-9,]/i', '', $exts);
     $exts = '\\.(' . str_replace(',', '|', $exts) . ')';
     $simple = (bool) LinkrHelper::getParam('simple_list', false);
     $simple = (bool) $this->getState('simplelist', $simple, 'INT');
     $files = LinkrHelper::listFiles($folder, $exts, $simple);
     // Return files data
     return array('files' => $files, 'folders' => $folders, 'current' => $i['path.64'], 'parent' => $i['parent'] ? $i['parent.64'] : false, 'mode' => $simple ? 'simple' : 'normal');
 }