/**
* accepts a file for upload
*/
function media_upload()
{
global $DIR_MEDIA, $member, $CONF;
$uploadInfo = postFileInfo('uploadfile');
$filename = $uploadInfo['name'];
$filetype = $uploadInfo['type'];
$filesize = $uploadInfo['size'];
$filetempname = $uploadInfo['tmp_name'];
$fileerror = intval($uploadInfo['error']);
switch ($fileerror) {
case 0:
// = UPLOAD_ERR_OK
break;
case 1:
// = UPLOAD_ERR_INI_SIZE
// = UPLOAD_ERR_INI_SIZE
case 2:
// = UPLOAD_ERR_FORM_SIZE
media_doError(_ERROR_FILE_TOO_BIG);
case 3:
// = UPLOAD_ERR_PARTIAL
// = UPLOAD_ERR_PARTIAL
case 4:
// = UPLOAD_ERR_NO_FILE
// = UPLOAD_ERR_NO_FILE
case 6:
// = UPLOAD_ERR_NO_TMP_DIR
// = UPLOAD_ERR_NO_TMP_DIR
case 7:
// = UPLOAD_ERR_CANT_WRITE
// = UPLOAD_ERR_CANT_WRITE
default:
// include error code for debugging
// (see http://www.php.net/manual/en/features.file-upload.errors.php)
media_doError(_ERROR_BADREQUEST . ' (' . $fileerror . ')');
}
if ($filesize > $CONF['MaxUploadSize']) {
media_doError(_ERROR_FILE_TOO_BIG);
}
// check file type against allowed types
$ok = 0;
$allowedtypes = explode(',', $CONF['AllowedTypes']);
foreach ($allowedtypes as $type) {
if (preg_match("#\\." . $type . "\$#i", $filename)) {
$ok = 1;
}
}
if (!$ok) {
media_doError(_ERROR_BADFILETYPE);
}
if (!is_uploaded_file($filetempname)) {
media_doError(_ERROR_BADREQUEST);
}
// prefix filename with current date (YYYY-MM-DD-)
// this to avoid nameclashes
if ($CONF['MediaPrefix']) {
$filename = strftime("%Y%m%d-", time()) . $filename;
}
$collection = requestVar('collection');
$res = MEDIA::addMediaObject($collection, $filetempname, $filename);
if ($res != '') {
media_doError($res);
}
// shows updated list afterwards
media_select();
}
/**
* Adds an uploaded file to the media archive
*
* @param collection
* collection
* @param uploadfile
* the postFileInfo(..) array
* @param filename
* the filename that should be used to save the file as
* (date prefix should be already added here)
*/
function addMediaObject($collection, $uploadfile, $filename)
{
global $DIR_MEDIA, $manager;
// clean filename of characters that may cause trouble in a filename using cleanFileName() function from globalfunctions.php
$filename = cleanFileName($filename);
// should already have tested for allowable types before calling this method. This will only catch files with no extension at all
if ($filename === false) {
return _ERROR_BADFILETYPE;
}
$manager->notify('PreMediaUpload', array('collection' => &$collection, 'uploadfile' => $uploadfile, 'filename' => &$filename));
// don't allow uploads to unknown or forbidden collections
$exceptReadOnly = true;
if (!MEDIA::isValidCollection($collection, $exceptReadOnly)) {
return _ERROR_DISALLOWED;
}
// check dir permissions (try to create dir if it does not exist)
$mediadir = $DIR_MEDIA . $collection;
// try to create new private media directories if needed
if (!@is_dir($mediadir) && is_numeric($collection)) {
$oldumask = umask(00);
if (!@mkdir($mediadir, 0777)) {
return _ERROR_BADPERMISSIONS;
}
umask($oldumask);
}
// if dir still not exists, the action is disallowed
if (!@is_dir($mediadir)) {
return _ERROR_DISALLOWED;
}
if (!is_writeable($mediadir)) {
return _ERROR_BADPERMISSIONS;
}
// add trailing slash (don't add it earlier since it causes mkdir to fail on some systems)
$mediadir .= '/';
if (file_exists($mediadir . $filename)) {
return _ERROR_UPLOADDUPLICATE;
}
// move file to directory
if (is_uploaded_file($uploadfile)) {
if (!@move_uploaded_file($uploadfile, $mediadir . $filename)) {
return _ERROR_UPLOADMOVEP;
}
} else {
if (!copy($uploadfile, $mediadir . $filename)) {
return _ERROR_UPLOADCOPY;
}
}
// chmod uploaded file
$oldumask = umask(00);
@chmod($mediadir . $filename, 0644);
umask($oldumask);
$manager->notify('PostMediaUpload', array('collection' => $collection, 'mediadir' => $mediadir, 'filename' => $filename));
return '';
}
/**
* accepts a file for upload
*/
function media_upload()
{
global $DIR_MEDIA, $member, $CONF, $funcNum, $responseType;
$uploadInfo = postFileInfo('upload');
$filename = $uploadInfo['name'];
$filetype = $uploadInfo['type'];
$filesize = $uploadInfo['size'];
$filetempname = $uploadInfo['tmp_name'];
$fileerror = intval($uploadInfo['error']);
// clean filename of characters that may cause trouble in a filename using cleanFileName() function from globalfunctions.php
$filename = cleanFileName($filename);
if ($filename === false) {
upload_doError(_ERROR_BADFILETYPE . $filename);
}
switch ($fileerror) {
case 0:
// = UPLOAD_ERR_OK
break;
case 1:
// = UPLOAD_ERR_INI_SIZE
// = UPLOAD_ERR_INI_SIZE
case 2:
// = UPLOAD_ERR_FORM_SIZE
upload_doError(_ERROR_FILE_TOO_BIG);
case 3:
// = UPLOAD_ERR_PARTIAL
// = UPLOAD_ERR_PARTIAL
case 4:
// = UPLOAD_ERR_NO_FILE
// = UPLOAD_ERR_NO_FILE
case 6:
// = UPLOAD_ERR_NO_TMP_DIR
// = UPLOAD_ERR_NO_TMP_DIR
case 7:
// = UPLOAD_ERR_CANT_WRITE
// = UPLOAD_ERR_CANT_WRITE
default:
// include error code for debugging
// (see http://www.php.net/manual/en/features.file-upload.errors.php)
upload_doError(_ERROR_BADREQUEST . ' (' . $fileerror . ')');
}
if ($filesize > $CONF['MaxUploadSize']) {
upload_doError(_ERROR_FILE_TOO_BIG);
}
// check file type against allowed types
$ok = 0;
$allowedtypes = explode(',', $CONF['AllowedTypes']);
foreach ($allowedtypes as $type) {
if (preg_match("#\\." . $type . "\$#i", $filename)) {
$ok = 1;
}
}
if (!$ok) {
upload_doError(_ERROR_BADFILETYPE . $filename);
}
if (!is_uploaded_file($filetempname)) {
upload_doError(_ERROR_BADREQUEST);
}
// prefix filename with current date (YYYYMMDD-HHMMSS-)
// this to avoid nameclashes
if ($CONF['MediaPrefix']) {
$filename = strftime("%Y%m%d-%H%M%S-", time()) . $filename;
}
// currently selected collection
$collection = requestVar('collection');
if (!$collection || !@is_dir($DIR_MEDIA . $collection)) {
$collection = $member->getID();
}
// avoid directory travarsal and accessing invalid directory
if (!MEDIA::isValidCollection($collection)) {
media_doError(_ERROR_DISALLOWED);
}
$res = MEDIA::addMediaObject($collection, $filetempname, $filename);
if ($res != '') {
upload_doError($res);
}
$url = $CONF['MediaURL'] . $collection . '/' . $filename;
if ($responseType != 'json') {
echo "<script type='text/javascript'>window.parent.CKEDITOR.tools.callFunction(" . $funcNum . ", '" . $url . "', '');</script>";
} else {
$arr = array('uploaded' => 1, 'fileName' => $filename, 'url' => $url);
header("Content-Type: application/json; charset=utf-8");
echo json_encode($arr);
}
}
function _newMediaObject($blogid, $username, $password, $info)
{
global $CONF, $DIR_MEDIA, $DIR_LIBS;
// - login
$mem = new MEMBER();
if (!$mem->login($username, $password)) {
return _error(1, 'Could not log in');
}
// - check if team member
if (!BLOG::existsID($blogid)) {
return _error(2, "No such blog ({$blogid})");
}
if (!$mem->teamRights($blogid)) {
return _error(3, 'Not a team member');
}
$b = new BLOG($blogid);
// - decode data
$data = $info['bits'];
// decoding was done transparantly by xmlrpclib
// - check filesize
if (strlen($data) > $CONF['MaxUploadSize']) {
return _error(9, 'filesize is too big');
}
// - check if filetype is allowed (check filename)
$filename = $info['name'];
$ok = 0;
$allowedtypes = explode(',', $CONF['AllowedTypes']);
foreach ($allowedtypes as $type) {
//if (eregi("\." .$type. "$",$filename)) $ok = 1;
if (preg_match("#\\." . $type . "\$#i", $filename)) {
$ok = 1;
}
}
if (!$ok) {
_error(8, 'Filetype is not allowed');
}
// - add file to media library
//include_once($DIR_LIBS . 'MEDIA.php'); // media classes
include_libs('MEDIA.php', true, false);
// always use private media library of member
$collection = $mem->getID();
// prefix filename with current date (YYYY-MM-DD-)
// this to avoid nameclashes
if ($CONF['MediaPrefix']) {
$filename = strftime("%Y%m%d-", time()) . $filename;
}
$res = MEDIA::addMediaObjectRaw($collection, $filename, $data);
if ($res) {
return _error(10, $res);
}
// - return URL
$urlstruct = new xmlrpcval(array("url" => new xmlrpcval($CONF['MediaURL'] . $collection . '/' . $filename, 'string')), 'struct');
return new xmlrpcresp($urlstruct);
}
