function WYFileUpload($sN, $multiple = false)
{
global $goApp;
parent::WYHTMLTag("input");
$this->dAttributes["type"] = "file";
if ($multiple) {
$this->dAttributes["name"] = $sN . '[]';
$this->dAttributes["multiple"] = "multiple";
} else {
$this->dAttributes["name"] = $sN;
}
$this->dFileInfos = od_nil;
if (isset($_FILES[$sN])) {
$this->dFileInfos = $_FILES[$sN];
// how many files?
if (is_array($this->dFileInfos["name"])) {
$this->iNrOfFiles = count($this->dFileInfos["name"]);
} else {
$this->iNrOfFiles = 1;
$tmpFI = array("name" => array($this->dFileInfos["name"]), "type" => array($this->dFileInfos["type"]), "tmp_name" => array($this->dFileInfos["tmp_name"]), "error" => array($this->dFileInfos["error"]), "size" => array($this->dFileInfos["size"]));
$this->dFileInfos = $tmpFI;
$tmpFI = NULL;
}
for ($i = 0; $i < $this->iNrOfFiles; $i++) {
// security check
$sOFN = isset($this->dFileInfos["name"][$i]) ? $this->dFileInfos["name"][$i] : "";
$oOFN = new WYPath($sOFN);
if (!$oOFN->bCheck(WYPATH_CHECK_NOSCRIPT | WYPATH_CHECK_NOPATH)) {
$goApp->log("error on file upload: illegal file type/name <{$sOFN}>");
@unlink($this->dFileInfos["tmp_name"][$j]);
// delete evil uploaded file
} else {
if ($this->bFileUploaded($i) && $this->bUploadOK($i)) {
$oTmpPath = new WYPath($this->dFileInfos["tmp_name"][$i]);
$oToPath = od_clone($goApp->oDataPath);
$oToPath->addComponent($oTmpPath->sBasename());
if (!$goApp->move_uploaded_file($oTmpPath, $oToPath)) {
$goApp->log("WYFileUpload: Could not move uploaded file " . $oTmpPath->sPath . " to " . $oToPath->sPath);
} else {
$this->dFileInfos["tmp_name"][$i] = $oToPath->sPath;
}
} else {
$goApp->log("error on file upload: " . $this->iErrorCode() . ": " . $this->sErrorMessage());
}
}
}
}
}
function WYAudioElement($sN, $sL)
{
global $goApp;
parent::WYAttachmentElement($sN);
$this->sEditorPageName = "audio.php";
$this->iEditorWidth = 650;
$this->iEditorHeight = 250;
$this->sEditButtonCSSClass = "WebYepAudioEditButton";
$this->setVersion(WY_AUDIO_VERSION);
$this->sLinkContent = $sL;
if ($this->sOriginalFilename()) {
$oP = new WYPath($this->sOriginalFilename());
if (!$oP->bCheck(WYPATH_CHECK_JUSTAUDIO | WYPATH_CHECK_NOSCRIPT | WYPATH_CHECK_NOPATH)) {
$goApp->log("missuse of audio element, filename: " . $oP->sPath);
exit(0);
}
unset($oP);
$oP = new WYPath($this->sDownloadFileName());
if (!$oP->bCheck(WYPATH_CHECK_JUSTAUDIO | WYPATH_CHECK_NOSCRIPT | WYPATH_CHECK_NOPATH)) {
$goApp->log("missuse of audio element, filename: " . $oP->sPath);
exit(0);
}
}
}
<?php
// WebYep
// (C) Objective Development Software GmbH
// http://www.obdev.at
$webyep_bDocumentPage = false;
$webyep_sIncludePath = ".";
include_once "{$webyep_sIncludePath}/webyep.php";
include_once @webyep_sConfigValue("webyep_sIncludePath") . "/elements/WYAudioElement.php";
include_once @webyep_sConfigValue("webyep_sIncludePath") . "/lib/WYPath.php";
$oFilename = new WYPath($_GET[WY_QK_AUDIO_FILENAME]);
if (!$oFilename->bCheck(WYPATH_CHECK_JUSTAUDIO | WYPATH_CHECK_NOSCRIPT | WYPATH_CHECK_NOPATH)) {
$goApp->log("missuse of mp3 player script, path: " . $oFilename->sPath);
exit(0);
}
$oURL = od_clone($goApp->oDataURL);
$oURL->addComponent($oFilename->sPath);
?>
<html>
<head>
<title><?php
echo WYTS("MP3PlayerWindowTitle");
?>
</title>
<style type="text/css">
body {
background-color: black;
}
</style>
</head>
<body>
include_once @webyep_sConfigValue("webyep_sIncludePath") . "/lib/WYFile.php";
$aMimeTypes['pdf'] = "application/pdf";
$aMimeTypes['htm'] = "text/html";
$aMimeTypes['html'] = "text/html";
$aMimeTypes['php'] = "application/binary";
$aMimeTypes['txt'] = "text/plain";
$aMimeTypes['gif'] = "image/gif";
$aMimeTypes['jpg'] = "image/jpeg";
$oFilename = new WYPath($_GET[WY_QK_DOWNLOAD_FILENAME]);
$oOrgFilename = new WYPath($_GET[WY_QK_ORIGINAL_FILENAME]);
$sClientIP = $goApp->sClientIP();
if (!$oFilename->bCheck(WYPATH_CHECK_NOSCRIPT | WYPATH_CHECK_NOPATH)) {
$goApp->log("missuse of download script from {$sClientIP}, path: " . $oFilename->sPath);
exit(0);
}
if (!$oOrgFilename->bCheck(WYPATH_CHECK_NOSCRIPT | WYPATH_CHECK_NOPATH)) {
$goApp->log("missuse of download script from {$sClientIP}, org file path: " . $oOrgFilename->sPath);
exit(0);
}
$sOrgFilename = str_replace(" ", "_", $oOrgFilename->sPath);
$oPath = od_clone($goApp->oDataPath);
$oPath->addComponent($oFilename->sPath);
if (strpos($oPath->sPath, "webyep-system") === false) {
// goApp's log won't work when data path was modified! -> echo
echo "missuse of download script from {$sClientIP}, mangled data path: " . $oPath->sPath;
exit(0);
}
$sExtenstion = $oPath->sExtension();
$oF = new WYFile($oPath);
if (!$oF->bExists()) {
$oPath->removeDemoSlotID();
function sDataFileName($bCreate)
{
global $goApp;
$sFilename = "";
$sPrefix = "";
$iPageID = 0;
$i = 0;
$sFilename = $this->sFieldNameForFile();
if (!$this->bGlobal) {
$iPageID = $goApp->oDocument->iPageID($bCreate);
if ($iPageID) {
if ($this->bUseDocumentInstance()) {
$iDocInstance = $goApp->oDocument->iDocumentInstance();
} else {
$iDocInstance = 0;
}
if ($this->bUseLoopID()) {
$iLoopID = $goApp->oDocument->iLoopID();
} else {
$iLoopID = 0;
}
$sPrefix = WYElement::sDataFileNamePrefix($iPageID, $iDocInstance, $iLoopID);
$sFilename = $sPrefix . "-" . $sFilename;
} else {
$sFilename = "";
}
}
if ($sFilename) {
$oP = new WYPath($sFilename);
if (!$oP->bCheck(WYPATH_CHECK_NOPATH)) {
$sFilename = "";
}
}
return $sFilename;
}
$sLangCode = $oHFLanguageCode->sValue();
$oHFAction = new WYHiddenField(ACTION);
$sAction = $oHFAction->sValue();
// $sResponse = WYTS("RichTextSaved");
// $oCKBaseURL = od_clone($goApp->oProgramURL);
// $oCKBaseURL->addComponent("opt");
// $oCKBaseURL->addComponent("ckeditor");
// $oCKJSURL = od_clone($oCKBaseURL);
// $oCKJSURL->addComponent("ckeditor.js");
$goApp->outputWarningPanels();
// give App a chance to say something
if ($sAction == ACTION_DELETE) {
$oHFFilename = new WYHiddenField(FILENAME);
$oFullPath = od_clone($goApp->oDataPath);
$oFilename = new WYPath($oHFFilename->sValue());
if ($oFilename->bCheck(WYPATH_CHECK_JUSTIMAGE | WYPATH_CHECK_NOPATH)) {
$oFullPath->addComponent($oFilename->sPath);
$oFile = new WYFile($oFullPath);
$oFile->bDelete();
}
}
$aEntries = array();
$r = opendir($goApp->oDataPath->sPath);
while (($sEntry = readdir($r)) !== false) {
if ($sEntry[0] == ".") {
continue;
}
if (substr($sEntry, 0, 5) != "rtimg") {
continue;
}
unset($dEntry);
// (C) Objective Development Software GmbH
// http://www.obdev.at
$webyep_bDocumentPage = false;
$webyep_sIncludePath = ".";
include_once "{$webyep_sIncludePath}/webyep.php";
include_once @webyep_sConfigValue("webyep_sIncludePath") . "/lib/WYImage.php";
include_once @webyep_sConfigValue("webyep_sIncludePath") . "/lib/WYPath.php";
include_once @webyep_sConfigValue("webyep_sIncludePath") . "/elements/WYImageElement.php";
$oImage = $oURL = od_nil;
$sFilename = "";
if (isset($_GET[WY_QK_IMAGE_DETAIL])) {
$sFilename = $_GET[WY_QK_IMAGE_DETAIL];
$sAltText = $_GET[WY_QK_IMAGE_ALTTEXT];
$bDemoContent = $_GET[WY_QK_IMAGE_DEMOCONTENT];
$oP = new WYPath($sFilename);
if (!$oP->bCheck(WYPATH_CHECK_NOPATH | WYPATH_CHECK_JUSTIMAGE)) {
$goApp->log("illegal filename in image-detail: <{$sFilename}>");
exit(-1);
}
$oURL = od_clone($goApp->oDataURL);
if ($bDemoContent) {
$oURL->removeDemoSlotID();
}
$oURL->addComponent($sFilename);
$oImage = new WYImage($oURL);
if ($sAltText) {
$oImage->setAttribute("alt", $sAltText);
}
$iW = $oImage->iWidth();
$iH = $oImage->iHeight();
if (!$sAltText) {