function CLASSIFIEDS_saveImage($ad, $FILES, $clid) { global $_CONF, $_CLASSIFIEDS_CONF, $_TABLES, $LANG24; $args =& $ad; // Handle Magic GPC Garbage: while (list($key, $value) = each($args)) { if (!is_array($value)) { $args[$key] = COM_stripslashes($value); } else { while (list($subkey, $subvalue) = each($value)) { $value[$subkey] = COM_stripslashes($subvalue); } } } // Delete any images if needed if (array_key_exists('delete', $args)) { $delete = count($args['delete']); for ($i = 1; $i <= $delete; $i++) { $pi_filename = DB_getItem($_TABLES['cl_pic'], 'pi_filename', 'pi_pid = ' . $clid . ' AND pi_img_num = ' . key($args['delete'])); CLASSIFIEDS_deleteImage($pi_filename); DB_query("DELETE FROM {$_TABLES['cl_pic']} WHERE pi_pid = " . $clid . " AND pi_img_num = " . key($args['delete'])); next($args['delete']); } } // OK, let's upload any pictures with the ad if (DB_count($_TABLES['cl_pic'], 'pi_pid', $clid) > 0) { $index_start = DB_getItem($_TABLES['cl_pic'], 'max(pi_img_num)', "pi_pid = '" . $clid . "'") + 1; } else { $index_start = 1; } if (count($FILES) > 0 and $_CLASSIFIEDS_CONF['max_images_per_ad'] > 0) { require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); //Debug with story debug function if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } $upload->setMaxFileUploads($_CLASSIFIEDS_CONF['max_images_per_ad']); if (!empty($_CONF['image_lib'])) { if ($_CONF['image_lib'] == 'imagemagick') { // Using imagemagick $upload->setMogrifyPath($_CONF['path_to_mogrify']); } elseif ($_CONF['image_lib'] == 'netpbm') { // using netPBM $upload->setNetPBM($_CONF['path_to_netpbm']); } elseif ($_CONF['image_lib'] == 'gdlib') { // using the GD library $upload->setGDLib(); } $upload->setAutomaticResize(true); $upload->keepOriginalImage(false); if (isset($_CONF['jpeg_quality'])) { $upload->setJpegQuality($_CONF['jpeg_quality']); } } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); if (!$upload->setPath($_CLASSIFIEDS_CONF['path_images'])) { $output = COM_siteHeader('menu', $LANG24[30]); $output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $upload->printErrors(false); $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= COM_siteFooter(); echo $output; exit; } // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will // force any images bigger than the passed dimensions to be resized. // If mogrify is not set, any images larger than these dimensions // will get validation errors $upload->setMaxDimensions($_CLASSIFIEDS_CONF['max_image_width'], $_CLASSIFIEDS_CONF['max_image_height']); $upload->setMaxFileSize($_CLASSIFIEDS_CONF['max_image_size']); // size in bytes, 1048576 = 1MB // Set file permissions on file after it gets uploaded (number is in octal) $upload->setPerms('0644'); $filenames = array(); $end_index = $index_start + $upload->numFiles() - 1; for ($z = $index_start; $z <= $end_index; $z++) { $curfile = current($FILES); if (!empty($curfile['name'])) { $pos = strrpos($curfile['name'], '.') + 1; $fextension = substr($curfile['name'], $pos); $filenames[] = $clid . '_' . $z . '.' . $fextension; } next($FILES); } $upload->setFileNames($filenames); reset($FILES); $upload->uploadFiles(); if ($upload->areErrors()) { $retval = COM_siteHeader('menu', $LANG24[30]); $retval .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header')); $retval .= $upload->printErrors(false); $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $retval .= COM_siteFooter(); echo $retval; exit; } reset($filenames); for ($z = $index_start; $z <= $end_index; $z++) { DB_query("INSERT INTO {$_TABLES['cl_pic']} (pi_pid, pi_img_num, pi_filename) VALUES ('" . $clid . "', {$z}, '" . current($filenames) . "')"); next($filenames); } } return true; }
function addDownload() { global $_CONF, $_USER, $_TABLES, $filemgmt_FileStoreURL, $filemgmt_FileSnapURL, $filemgmt_FileStore, $filemgmt_SnapStore; global $myts, $eh, $_FMDOWNLOAD, $filemgmtFilePermissions; if (defined('DEMO_MODE')) { redirect_header($_CONF['site_url'] . "/index.php", 10, 'Uploads are disabled in demo mode'); exit; } $title = $myts->makeTboxData4Save($_POST['title']); $homepage = $myts->makeTboxData4Save($_POST['homepage']); $version = $myts->makeTboxData4Save($_POST['version']); $description = $myts->makeTareaData4Save($_POST['description']); $commentoption = $_POST['commentoption']; $fileurl = COM_applyFilter($_POST['fileurl']); $submitter = $_USER['uid']; $errormsg = ""; // Check if Title blank if ($title == "") { $eh->show("1104"); } // Check if Description blank if ($description == "") { $eh->show("1105"); } // Check if a file was uploaded if ($_FILES['newfile']['size'] == 0 && empty($fileurl)) { $eh->show("1017"); } if (!empty($_POST['cid'])) { $cid = $_POST['cid']; } else { $cid = 0; $eh->show("1110"); } $filename = ''; //$myts->makeTboxData4Save($_FILES['newfile']['name']); $url = ''; //$myts->makeTboxData4Save(rawurlencode($filename)); $snapfilename = ''; // = $myts->makeTboxData4Save($_FILES['newfileshot']['name']); $logourl = ''; //$myts->makeTboxData4Save(rawurlencode($snapfilename)); require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); $upload->setFieldName('newfile'); $upload->setPath($filemgmt_FileStore); $upload->setAllowAnyMimeType(true); // allow any file type $upload->setMaxFileSize(100000000); if ($upload->numFiles() > 0) { $upload->uploadFiles(); if ($upload->areErrors()) { $errmsg = "Upload Error: " . $upload->printErrors(false); COM_errorLog($errmsg); $eh->show("1106"); } else { $size = $myts->makeTboxData4Save(intval($upload->_currentFile['size'])); $filename = $myts->makeTboxData4Save($upload->_currentFile['name']); $url = $myts->makeTboxData4Save(rawurlencode($filename)); $pos = strrpos($filename, '.') + 1; $fileExtension = strtolower(substr($filename, $pos)); if (array_key_exists($fileExtension, $_FMDOWNLOAD)) { if ($_FMDOWNLOAD[$fileExtension] == 'reject') { COM_errorLOG("AddNewFile - New Upload file is rejected by config rule:{$uploadfilename}"); $eh->show("1109"); } else { $fileExtension = $_FMDOWNLOAD[$fileExtension]; $pos = strrpos($url, '.') + 1; $url = strtolower(substr($url, 0, $pos)) . $fileExtension; $pos2 = strrpos($filename, '.') + 1; $filename = substr($filename, 0, $pos2) . $fileExtension; } } $AddNewFile = true; } } if ($upload->numFiles() == 0 && !$upload->areErrors() && !empty($fileurl)) { $url = $fileurl; $size = 0; $AddNewFile = true; } $upload = new upload(); $upload->setFieldName('newfileshot'); $upload->setPath($filemgmt_SnapStore); $upload->setAllowAnyMimeType(false); $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); $upload->setAutomaticResize(true); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } $upload->setMaxDimensions(640, 480); $upload->setAutomaticResize(true); $upload->setMaxFileSize(100000000); $upload->uploadFiles(); if ($upload->numFiles() > 0) { if ($upload->areErrors()) { $errmsg = "Upload Error: " . $upload->printErrors(false); COM_errorLog($errmsg); $eh->show("1106"); } else { $snapfilename = $myts->makeTboxData4Save($upload->_currentFile['name']); $logourl = $myts->makeTboxData4Save(rawurlencode($snapfilename)); $AddNewFile = true; } } if ($AddNewFile) { $chown = @chmod($filemgmt_FileStore . $filename, $filemgmtFilePermissions); if (strlen($version) > 9) { $version = substr($version, 0, 8); } $fields = 'cid, title, url, homepage, version, size, logourl, submitter, status, date, hits, rating, votes, comments'; $sql = "INSERT INTO {$_TABLES['filemgmt_filedetail']} ({$fields}) VALUES "; $sql .= "('" . DB_escapeString($cid) . "','" . $title . "','" . $url . "','" . $homepage . "','" . $version . "','" . $size . "','" . $logourl . "','" . DB_escapeString($submitter) . "',1,UNIX_TIMESTAMP(),0,0,0,'" . DB_escapeString($commentoption) . "')"; DB_query($sql); $newid = DB_insertID(); DB_query("INSERT INTO {$_TABLES['filemgmt_filedesc']} (lid, description) VALUES ({$newid}, '" . $description . "')"); PLG_itemSaved($newid, 'filemgmt'); CACHE_remove_instance('whatsnew'); if (isset($duplicatefile) && $duplicatefile) { redirect_header("{$_CONF['site_admin_url']}/plugins/filemgmt/index.php", 2, _MD_NEWDLADDED_DUPFILE); } elseif (isset($duplicatesnap) && $duplicatesnap) { redirect_header("{$_CONF['site_admin_url']}/plugins/filemgmt/index.php", 2, _MD_NEWDLADDED_DUPSNAP); } else { redirect_header("{$_CONF['site_admin_url']}/plugins/filemgmt/index.php", 2, _MD_NEWDLADDED); } exit; } else { redirect_header("index.php", 2, _MD_ERRUPLOAD . ""); exit; } }
public function testNumFiles() { $this->assertEquals(0, $this->up->numFiles()); }
/** * Submit a new or updated story. The story is updated if it exists, or a new one is created * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @return int Response code as defined in lib-plugins.php */ function service_submit_story($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS; if (!SEC_hasRights('story.edit')) { $output .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter(); return PLG_RET_AUTH_FAILED; } require_once $_CONF['path_system'] . 'lib-comment.php'; $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit) { /* This is EDIT mode, so there should be an old sid */ if (empty($args['old_sid'])) { if (!empty($args['id'])) { $args['old_sid'] = $args['id']; } else { return PLG_RET_ERROR; } if (empty($args['sid'])) { $args['sid'] = $args['old_sid']; } } } else { if (empty($args['sid']) && !empty($args['id'])) { $args['sid'] = $args['id']; } } /* Store the first CATEGORY as the Topic ID */ if (!empty($args['category'][0])) { $args['tid'] = $args['category'][0]; } $content = ''; if (!empty($args['content'])) { $content = $args['content']; } else { if (!empty($args['summary'])) { $content = $args['summary']; } } if (!empty($content)) { $parts = explode('[page_break]', $content); if (count($parts) == 1) { $args['introtext'] = $content; $args['bodytext'] = ''; } else { $args['introtext'] = array_shift($parts); $args['bodytext'] = implode('[page_break]', $parts); } } /* Apply filters to the parameters passed by the webservice */ if ($args['gl_svc']) { if (isset($args['mode'])) { $args['mode'] = COM_applyBasicFilter($args['mode']); } if (isset($args['editopt'])) { $args['editopt'] = COM_applyBasicFilter($args['editopt']); } } /* - START: Set all the defaults - */ if (empty($args['tid'])) { // see if we have a default topic $topic = DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND')); if (!empty($topic)) { $args['tid'] = $topic; } else { // otherwise, just use the first one $o = array(); $s = array(); if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) { $args['tid'] = $o[0]; } else { $svc_msg['error_desc'] = 'No topics available'; return PLG_RET_ERROR; } } } if (empty($args['owner_id'])) { $args['owner_id'] = $_USER['uid']; } if (empty($args['group_id'])) { $args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']); } if (empty($args['postmode'])) { $args['postmode'] = $_CONF['postmode']; if (!empty($args['content_type'])) { if ($args['content_type'] == 'text') { $args['postmode'] = 'text'; } else { if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') { $args['postmode'] = 'html'; } } } } if ($args['gl_svc']) { /* Permissions */ if (!isset($args['perm_owner'])) { $args['perm_owner'] = $_CONF['default_permissions_story'][0]; } else { $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true); } if (!isset($args['perm_group'])) { $args['perm_group'] = $_CONF['default_permissions_story'][1]; } else { $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true); } if (!isset($args['perm_members'])) { $args['perm_members'] = $_CONF['default_permissions_story'][2]; } else { $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true); } if (!isset($args['perm_anon'])) { $args['perm_anon'] = $_CONF['default_permissions_story'][3]; } else { $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true); } if (!isset($args['draft_flag'])) { $args['draft_flag'] = $_CONF['draft_flag']; } if (empty($args['frontpage'])) { $args['frontpage'] = $_CONF['frontpage']; } if (empty($args['show_topic_icon'])) { $args['show_topic_icon'] = $_CONF['show_topic_icon']; } } /* - END: Set all the defaults - */ // TEST CODE /* foreach ($args as $k => $v) { if (!is_array($v)) { echo "$k => $v\r\n"; } else { echo "$k => $v\r\n"; foreach ($v as $k1 => $v1) { echo " $k1 => $v1\r\n"; } } }*/ // exit (); // END TEST CODE if (!isset($args['sid'])) { $args['sid'] = ''; } $args['sid'] = COM_sanitizeID($args['sid']); if (!$gl_edit) { if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) { $args['sid'] = WS_makeId($args['slug'], STORY_MAX_ID_LENGTH); } } $story = new Story(); $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit && !empty($args['gl_etag'])) { /* First load the original story to check if it has been modified */ $result = $story->loadFromDatabase($args['sid']); if ($result == STORY_LOADED_OK) { if ($args['gl_etag'] != date('c', $story->_date)) { $svc_msg['error_desc'] = 'A more recent version of the story is available'; return PLG_RET_PRECONDITION_FAILED; } } else { $svc_msg['error_desc'] = 'Error loading story'; return PLG_RET_ERROR; } } /* This function is also doing the security checks */ $result = $story->loadFromArgsArray($args); $sid = $story->getSid(); switch ($result) { case STORY_DUPLICATE_SID: $output .= COM_siteHeader('menu', $LANG24[5]); $output .= COM_errorLog($LANG24[24], 2); if (!$args['gl_svc']) { $output .= storyeditor($sid); } $output .= COM_siteFooter(); return PLG_RET_ERROR; case STORY_EXISTING_NO_EDIT_PERMISSION: $output .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}."); return PLG_RET_PERMISSION_DENIED; case STORY_NO_ACCESS_PARAMS: $output .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}."); return PLG_RET_PERMISSION_DENIED; case STORY_EMPTY_REQUIRED_FIELDS: $output .= COM_siteHeader('menu'); $output .= COM_errorLog($LANG24[31], 2); if (!$args['gl_svc']) { $output .= storyeditor($sid); } $output .= COM_siteFooter(); return PLG_RET_ERROR; default: break; } /* Image upload is not supported by the web-service at present */ if (!$args['gl_svc']) { // Delete any images if needed if (array_key_exists('delete', $args)) { $delete = count($args['delete']); for ($i = 1; $i <= $delete; $i++) { $ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete'])); STORY_deleteImage($ai_filename); DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete'])); next($args['delete']); } } // OK, let's upload any pictures with the article if (DB_count($_TABLES['article_images'], 'ai_sid', $sid) > 0) { $index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '{$sid}'") + 1; } else { $index_start = 1; } if (count($_FILES) > 0 and $_CONF['maximagesperarticle'] > 0) { require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } $upload->setMaxFileUploads($_CONF['maximagesperarticle']); if (!empty($_CONF['image_lib'])) { if ($_CONF['image_lib'] == 'imagemagick') { // Using imagemagick $upload->setMogrifyPath($_CONF['path_to_mogrify']); } elseif ($_CONF['image_lib'] == 'netpbm') { // using netPBM $upload->setNetPBM($_CONF['path_to_netpbm']); } elseif ($_CONF['image_lib'] == 'gdlib') { // using the GD library $upload->setGDLib(); } $upload->setAutomaticResize(true); if ($_CONF['keep_unscaled_image'] == 1) { $upload->keepOriginalImage(true); } else { $upload->keepOriginalImage(false); } if (isset($_CONF['jpeg_quality'])) { $upload->setJpegQuality($_CONF['jpeg_quality']); } } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); if (!$upload->setPath($_CONF['path_images'] . 'articles')) { $output = COM_siteHeader('menu', $LANG24[30]); $output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $upload->printErrors(false); $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= COM_siteFooter(); echo $output; exit; } // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will // force any images bigger than the passed dimensions to be resized. // If mogrify is not set, any images larger than these dimensions // will get validation errors $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']); $upload->setMaxFileSize($_CONF['max_image_size']); // size in bytes, 1048576 = 1MB // Set file permissions on file after it gets uploaded (number is in octal) $upload->setPerms('0644'); $filenames = array(); $end_index = $index_start + $upload->numFiles() - 1; for ($z = $index_start; $z <= $end_index; $z++) { $curfile = current($_FILES); if (!empty($curfile['name'])) { $pos = strrpos($curfile['name'], '.') + 1; $fextension = substr($curfile['name'], $pos); $filenames[] = $sid . '_' . $z . '.' . $fextension; } next($_FILES); } $upload->setFileNames($filenames); reset($_FILES); $upload->uploadFiles(); if ($upload->areErrors()) { $retval = COM_siteHeader('menu', $LANG24[30]); $retval .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header')); $retval .= $upload->printErrors(false); $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $retval .= COM_siteFooter(); echo $retval; exit; } reset($filenames); for ($z = $index_start; $z <= $end_index; $z++) { DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('{$sid}', {$z}, '" . current($filenames) . "')"); next($filenames); } } if ($_CONF['maximagesperarticle'] > 0) { $errors = $story->insertImages(); if (count($errors) > 0) { $output = COM_siteHeader('menu', $LANG24[54]); $output .= COM_startBlock($LANG24[54], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $LANG24[55] . '<p>'; for ($i = 1; $i <= count($errors); $i++) { $output .= current($errors) . '<br' . XHTML . '>'; next($errors); } $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= storyeditor($sid); $output .= COM_siteFooter(); echo $output; exit; } } } $result = $story->saveToDatabase(); if ($result == STORY_SAVED) { // see if any plugins want to act on that story if (!empty($args['old_sid']) && $args['old_sid'] != $sid) { PLG_itemSaved($sid, 'article', $args['old_sid']); } else { PLG_itemSaved($sid, 'article'); } // update feed(s) and Older Stories block COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid); COM_olderStuff(); CMT_updateCommentcodes(); if ($story->type == 'submission') { $output = COM_refresh($_CONF['site_admin_url'] . '/moderation.php?msg=9'); } else { $output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9); } /* @TODO Set the object id here */ $svc_msg['id'] = $sid; return PLG_RET_OK; } }