/** * accepts a file for upload */ function media_upload() { global $DIR_MEDIA, $member, $CONF; $uploadInfo = postFileInfo('uploadfile'); $filename = $uploadInfo['name']; $filetype = $uploadInfo['type']; $filesize = $uploadInfo['size']; $filetempname = $uploadInfo['tmp_name']; $fileerror = intval($uploadInfo['error']); switch ($fileerror) { case 0: // = UPLOAD_ERR_OK break; case 1: // = UPLOAD_ERR_INI_SIZE // = UPLOAD_ERR_INI_SIZE case 2: // = UPLOAD_ERR_FORM_SIZE media_doError(_ERROR_FILE_TOO_BIG); case 3: // = UPLOAD_ERR_PARTIAL // = UPLOAD_ERR_PARTIAL case 4: // = UPLOAD_ERR_NO_FILE // = UPLOAD_ERR_NO_FILE case 6: // = UPLOAD_ERR_NO_TMP_DIR // = UPLOAD_ERR_NO_TMP_DIR case 7: // = UPLOAD_ERR_CANT_WRITE // = UPLOAD_ERR_CANT_WRITE default: // include error code for debugging // (see http://www.php.net/manual/en/features.file-upload.errors.php) media_doError(_ERROR_BADREQUEST . ' (' . $fileerror . ')'); } if ($filesize > $CONF['MaxUploadSize']) { media_doError(_ERROR_FILE_TOO_BIG); } // check file type against allowed types $ok = 0; $allowedtypes = explode(',', $CONF['AllowedTypes']); foreach ($allowedtypes as $type) { if (preg_match("#\\." . $type . "\$#i", $filename)) { $ok = 1; } } if (!$ok) { media_doError(_ERROR_BADFILETYPE); } if (!is_uploaded_file($filetempname)) { media_doError(_ERROR_BADREQUEST); } // prefix filename with current date (YYYY-MM-DD-) // this to avoid nameclashes if ($CONF['MediaPrefix']) { $filename = strftime("%Y%m%d-", time()) . $filename; } $collection = requestVar('collection'); $res = MEDIA::addMediaObject($collection, $filetempname, $filename); if ($res != '') { media_doError($res); } // shows updated list afterwards media_select(); }
/** * Adds an uploaded file to the media archive * * @param collection * collection * @param uploadfile * the postFileInfo(..) array * @param filename * the filename that should be used to save the file as * (date prefix should be already added here) */ function addMediaObject($collection, $uploadfile, $filename) { global $DIR_MEDIA, $manager; // clean filename of characters that may cause trouble in a filename using cleanFileName() function from globalfunctions.php $filename = cleanFileName($filename); // should already have tested for allowable types before calling this method. This will only catch files with no extension at all if ($filename === false) { return _ERROR_BADFILETYPE; } $manager->notify('PreMediaUpload', array('collection' => &$collection, 'uploadfile' => $uploadfile, 'filename' => &$filename)); // don't allow uploads to unknown or forbidden collections $exceptReadOnly = true; if (!MEDIA::isValidCollection($collection, $exceptReadOnly)) { return _ERROR_DISALLOWED; } // check dir permissions (try to create dir if it does not exist) $mediadir = $DIR_MEDIA . $collection; // try to create new private media directories if needed if (!@is_dir($mediadir) && is_numeric($collection)) { $oldumask = umask(00); if (!@mkdir($mediadir, 0777)) { return _ERROR_BADPERMISSIONS; } umask($oldumask); } // if dir still not exists, the action is disallowed if (!@is_dir($mediadir)) { return _ERROR_DISALLOWED; } if (!is_writeable($mediadir)) { return _ERROR_BADPERMISSIONS; } // add trailing slash (don't add it earlier since it causes mkdir to fail on some systems) $mediadir .= '/'; if (file_exists($mediadir . $filename)) { return _ERROR_UPLOADDUPLICATE; } // move file to directory if (is_uploaded_file($uploadfile)) { if (!@move_uploaded_file($uploadfile, $mediadir . $filename)) { return _ERROR_UPLOADMOVEP; } } else { if (!copy($uploadfile, $mediadir . $filename)) { return _ERROR_UPLOADCOPY; } } // chmod uploaded file $oldumask = umask(00); @chmod($mediadir . $filename, 0644); umask($oldumask); $manager->notify('PostMediaUpload', array('collection' => $collection, 'mediadir' => $mediadir, 'filename' => $filename)); return ''; }
/** * accepts a file for upload */ function media_upload() { global $DIR_MEDIA, $member, $CONF, $funcNum, $responseType; $uploadInfo = postFileInfo('upload'); $filename = $uploadInfo['name']; $filetype = $uploadInfo['type']; $filesize = $uploadInfo['size']; $filetempname = $uploadInfo['tmp_name']; $fileerror = intval($uploadInfo['error']); // clean filename of characters that may cause trouble in a filename using cleanFileName() function from globalfunctions.php $filename = cleanFileName($filename); if ($filename === false) { upload_doError(_ERROR_BADFILETYPE . $filename); } switch ($fileerror) { case 0: // = UPLOAD_ERR_OK break; case 1: // = UPLOAD_ERR_INI_SIZE // = UPLOAD_ERR_INI_SIZE case 2: // = UPLOAD_ERR_FORM_SIZE upload_doError(_ERROR_FILE_TOO_BIG); case 3: // = UPLOAD_ERR_PARTIAL // = UPLOAD_ERR_PARTIAL case 4: // = UPLOAD_ERR_NO_FILE // = UPLOAD_ERR_NO_FILE case 6: // = UPLOAD_ERR_NO_TMP_DIR // = UPLOAD_ERR_NO_TMP_DIR case 7: // = UPLOAD_ERR_CANT_WRITE // = UPLOAD_ERR_CANT_WRITE default: // include error code for debugging // (see http://www.php.net/manual/en/features.file-upload.errors.php) upload_doError(_ERROR_BADREQUEST . ' (' . $fileerror . ')'); } if ($filesize > $CONF['MaxUploadSize']) { upload_doError(_ERROR_FILE_TOO_BIG); } // check file type against allowed types $ok = 0; $allowedtypes = explode(',', $CONF['AllowedTypes']); foreach ($allowedtypes as $type) { if (preg_match("#\\." . $type . "\$#i", $filename)) { $ok = 1; } } if (!$ok) { upload_doError(_ERROR_BADFILETYPE . $filename); } if (!is_uploaded_file($filetempname)) { upload_doError(_ERROR_BADREQUEST); } // prefix filename with current date (YYYYMMDD-HHMMSS-) // this to avoid nameclashes if ($CONF['MediaPrefix']) { $filename = strftime("%Y%m%d-%H%M%S-", time()) . $filename; } // currently selected collection $collection = requestVar('collection'); if (!$collection || !@is_dir($DIR_MEDIA . $collection)) { $collection = $member->getID(); } // avoid directory travarsal and accessing invalid directory if (!MEDIA::isValidCollection($collection)) { media_doError(_ERROR_DISALLOWED); } $res = MEDIA::addMediaObject($collection, $filetempname, $filename); if ($res != '') { upload_doError($res); } $url = $CONF['MediaURL'] . $collection . '/' . $filename; if ($responseType != 'json') { echo "<script type='text/javascript'>window.parent.CKEDITOR.tools.callFunction(" . $funcNum . ", '" . $url . "', '');</script>"; } else { $arr = array('uploaded' => 1, 'fileName' => $filename, 'url' => $url); header("Content-Type: application/json; charset=utf-8"); echo json_encode($arr); } }
function _newMediaObject($blogid, $username, $password, $info) { global $CONF, $DIR_MEDIA, $DIR_LIBS; // - login $mem = new MEMBER(); if (!$mem->login($username, $password)) { return _error(1, 'Could not log in'); } // - check if team member if (!BLOG::existsID($blogid)) { return _error(2, "No such blog ({$blogid})"); } if (!$mem->teamRights($blogid)) { return _error(3, 'Not a team member'); } $b = new BLOG($blogid); // - decode data $data = $info['bits']; // decoding was done transparantly by xmlrpclib // - check filesize if (strlen($data) > $CONF['MaxUploadSize']) { return _error(9, 'filesize is too big'); } // - check if filetype is allowed (check filename) $filename = $info['name']; $ok = 0; $allowedtypes = explode(',', $CONF['AllowedTypes']); foreach ($allowedtypes as $type) { //if (eregi("\." .$type. "$",$filename)) $ok = 1; if (preg_match("#\\." . $type . "\$#i", $filename)) { $ok = 1; } } if (!$ok) { _error(8, 'Filetype is not allowed'); } // - add file to media library //include_once($DIR_LIBS . 'MEDIA.php'); // media classes include_libs('MEDIA.php', true, false); // always use private media library of member $collection = $mem->getID(); // prefix filename with current date (YYYY-MM-DD-) // this to avoid nameclashes if ($CONF['MediaPrefix']) { $filename = strftime("%Y%m%d-", time()) . $filename; } $res = MEDIA::addMediaObjectRaw($collection, $filename, $data); if ($res) { return _error(10, $res); } // - return URL $urlstruct = new xmlrpcval(array("url" => new xmlrpcval($CONF['MediaURL'] . $collection . '/' . $filename, 'string')), 'struct'); return new xmlrpcresp($urlstruct); }