private function saveNewsImage($file) { $newFilename = uniqid() . cleanFileName($file->getClientOriginalName()); $destinationPath = public_path('assets/img/news/'); $uploadSuccess = \Image::make($file->getRealPath())->fit(640, 360)->save($destinationPath . $newFilename); return $newFilename; }
function indexProcessUpload() { global $cfg, $messages; $file_name = stripslashes($_FILES['upload_file']['name']); $file_name = str_replace(array("'", ","), "", $file_name); $file_name = cleanFileName($file_name); $ext_msg = ""; if ($_FILES['upload_file']['size'] <= 1000000 && $_FILES['upload_file']['size'] > 0) { if (ereg(getFileFilter($cfg["file_types_array"]), $file_name)) { //FILE IS BEING UPLOADED if (is_file($cfg["torrent_file_path"] . $file_name)) { // Error $messages .= "<b>Error</b> with (<b>" . $file_name . "</b>), the file already exists on the server.<br><center><a href=\"" . $_SERVER['PHP_SELF'] . "\">[Refresh]</a></center>"; $ext_msg = "DUPLICATE :: "; } else { if (move_uploaded_file($_FILES['upload_file']['tmp_name'], $cfg["torrent_file_path"] . $file_name)) { chmod($cfg["torrent_file_path"] . $file_name, 0644); AuditAction($cfg["constants"]["file_upload"], $file_name); // init stat-file injectTorrent($file_name); // instant action ? $actionId = getRequestVar('aid'); if (isset($actionId)) { switch ($actionId) { case 3: $_REQUEST['queue'] = 'on'; case 2: if ($cfg["enable_file_priority"]) { include_once "setpriority.php"; // Process setPriority Request. setPriority(urldecode($file_name)); } include_once "ClientHandler.php"; $clientHandler = ClientHandler::getClientHandlerInstance($cfg); $clientHandler->startTorrentClient($file_name, 0); // just a sec.. sleep(1); break; } } } else { $messages .= "<font color=\"#ff0000\" size=3>ERROR: File not uploaded, file could not be found or could not be moved:<br>" . $cfg["torrent_file_path"] . $file_name . "</font><br>"; } } } else { $messages .= "<font color=\"#ff0000\" size=3>ERROR: The type of file you are uploading is not allowed.</font><br>"; } } else { $messages .= "<font color=\"#ff0000\" size=3>ERROR: File not uploaded, check file size limit.</font><br>"; } if ($messages != "") { // there was an error AuditAction($cfg["constants"]["error"], $cfg["constants"]["file_upload"] . " :: " . $ext_msg . $file_name); } else { header("location: index.php"); exit; } }
/** * Writes caches to flat file in cache dir. * @param string $key Key to the main cache entry (not timestamp) * @param mixed $var Variable to be cached * @param string $ieId I-E focus ID * @param string $type Folder in cache * @param string $file Cache file name */ function writeCacheFile($key, $var, $ieId, $type, $file) { global $sugar_config; $cleanIeId = cleanDirName($ieId); $cleanType = cleanDirName($type); $cleanFile = cleanFileName($file); $the_file = sugar_cached("modules/Emails/{$cleanIeId}/{$cleanType}/{$cleanFile}"); $timestamp = strtotime('now'); $array = array(); $array['timestamp'] = $timestamp; $array[$key] = serialize($var); // serialized since varexport_helper() can't handle PHP objects return $this->_writeCacheFile($array, $the_file); }
********************************************************************************/ require_once 'include/JSON.php'; require_once 'include/entryPoint.php'; global $sugar_config; $supportedExtensions = array('jpg', 'png', 'jpeg'); $json = getJSONobj(); $rmdir = true; $returnArray = array(); if ($json->decode(html_entity_decode($_REQUEST['forQuotes']))) { $returnArray['forQuotes'] = "quotes"; } else { $returnArray['forQuotes'] = "company"; } if (isset($_FILES['file_1'])) { $uploadTmpDir = $sugar_config['tmp_dir'] . 'tmp_logo_' . $returnArray['forQuotes'] . '_upload'; $file_name = $uploadTmpDir . DIRECTORY_SEPARATOR . cleanFileName(basename($_FILES['file_1']['name'])); if (file_exists($uploadTmpDir)) { rmdir_recursive($uploadTmpDir); } mkdir_recursive($uploadTmpDir, null, true); if (!empty($_FILES['file_1']['error'])) { rmdir_recursive($uploadTmpDir); $returnArray['data'] = 'not_recognize'; echo $json->encode($returnArray); sugar_cleanup(); exit; } if (!move_uploaded_file($_FILES['file_1']['tmp_name'], $file_name)) { rmdir_recursive($uploadTmpDir); die("Possible file upload attack!\n"); }
if (!$mixtapes) { echo "<div align='center'>Looks like you haven't uploaded any mixtapes yet. You can upload them <a href='" . base_url('upload/mixtape') . "' title='Upload Mixtape' style='color:orange;'>here</a>.</div>"; } else { ?> <div id="mixtapes"> <table class="table table-striped"> <thead style="font-weight:bold; text-align:center; font-size:18px"> <td>Tape</td> <td>Date Uploaded</td> <td>Status</td> <td>Actions</td> </thead> <tbody> <?php foreach ($mixtapes as $key => $mixtape) { $cname = cleanFileName($mixtape->file_name); $file_name = strlen($cname) > 25 ? $file_name = substr($cname, 0, 30) . '...' : $cname; ?> <tr> <!--b. mixtape row--> <td class="mixtape" style="text-align:center;max-width:350px;overflow:hidden;text-overflow:ellipsis"> <div class="row"> <strong><?php if (!empty($mixtape->tape_title)) { echo '<a href="' . base_url('mixtape/' . $this->ion_auth->user()->row()->username . '/' . $mixtape->tape_url) . '" title="' . htmlspecialchars($mixtape->tape_artist, ENT_QUOTES) . ' - ' . htmlspecialchars($mixtape->tape_title, ENT_QUOTES) . '">' . htmlspecialchars($mixtape->tape_title, ENT_QUOTES) . '</a>'; } else { echo $file_name; } ?> </strong></div> <div class="row">
public function testcleanFileName() { //execute the method and test if it returns expected values $this->assertSame('file.txt', cleanFileName('file<?>.txt')); $this->assertSame('file_1.txt', cleanFileName('file_1<?>.txt')); $this->assertSame('file.txt', cleanFileName('file.txt')); }
function cliWatchDir($tpath = "", $username = "") { global $cfg; if (isset($tpath) && $tpath != "" && isset($username) && $username != "") { if (is_dir($tpath)) { $cfg['user'] = $username; $watchDir = checkDirPathString($tpath); if ($dirHandle = opendir($tpath)) { while (false !== ($file = readdir($dirHandle))) { if (strtolower(substr($file, -8)) == ".torrent") { $file_name = stripslashes($file); $file_name = str_replace(array("'", ","), "", $file_name); $file_name = cleanFileName($file_name); echo "Injecting and Starting " . $watchDir . $file . " as " . $file_name . " for user " . $cfg['user'] . "..."; if (is_file($watchDir . $file) && copy($watchDir . $file, $cfg["torrent_file_path"] . $file_name)) { @unlink($watchDir . $file); chmod($cfg["torrent_file_path"] . $file_name, 0644); AuditAction($cfg["constants"]["file_upload"], $file_name); // init stat-file injectTorrent($file_name); // file-prio if ($cfg["enable_file_priority"]) { include_once "setpriority.php"; // Process setPriority Request. setPriority($file_name); } // queue if ($cfg["AllowQueing"]) { $_REQUEST['queue'] = 'on'; } else { $_REQUEST['queue'] = 'off'; } // start include_once "ClientHandler.php"; $clientHandler = ClientHandler::getClientHandlerInstance($cfg); $clientHandler->startTorrentClient($file_name, 0); // just 2 secs.. sleep(2); if ($clientHandler->status == 3) { // hooray echo " done\n"; } else { // start failed echo "\n ERROR : " . $clientHandler->messages . "\n"; } } else { echo "\n ERROR: File could not be found or could not be copied: " . $watchDir . $file . "\n"; } } } closedir($dirHandle); } } else { echo "ERROR: " . $tpath . " is not a dir.\n"; exit; } } else { printUsage(); } exit; }
$messages .= "<b>Error</b> Getting the File (<b>" . htmlentities($file_name) . "</b>), Could be a Dead URL.<br><center><a href=\"" . $_SERVER['PHP_SELF'] . "\">[Refresh]</a></center>"; } if ($messages == "") { AuditAction($cfg["constants"]["url_upload"], $file_name); header("location: index.php"); exit; } else { // there was an error AuditAction($cfg["constants"]["error"], $cfg["constants"]["url_upload"] . " :: " . $ext_msg . $file_name); } } // Handle the file upload if there is one if (!empty($_FILES['upload_file']['name'])) { $file_name = stripslashes($_FILES['upload_file']['name']); $file_name = str_replace(array("'", ","), "", $file_name); $file_name = cleanFileName($file_name); $ext_msg = ""; if ($_FILES['upload_file']['size'] <= 1000000 && $_FILES['upload_file']['size'] > 0) { if (ereg(getFileFilter($cfg["file_types_array"]), $file_name)) { //FILE IS BEING UPLOADED if (is_file($cfg["torrent_file_path"] . $file_name)) { // Error $messages .= "<b>Error</b> with (<b>" . htmlentities($file_name) . "</b>), the file already exists on the server.<br><center><a href=\"" . $_SERVER['PHP_SELF'] . "\">[Refresh]</a></center>"; $ext_msg = "DUPLICATE :: "; } else { if (move_uploaded_file($_FILES['upload_file']['tmp_name'], $cfg["torrent_file_path"] . $file_name)) { chmod($cfg["torrent_file_path"] . $file_name, 0644); AuditAction($cfg["constants"]["file_upload"], $file_name); header("location: index.php"); } else { $messages .= "<font color=\"#ff0000\" size=3>ERROR: File not uploaded, file could not be found or could not be moved:<br>" . $cfg["torrent_file_path"] . htmlentities($file_name) . "</font><br>";
httpseeds = optional list of http-seed URLs, in the format: url[|url...] *****/ include_once "config.php"; include_once "functions.php"; // is enabled ? if ($cfg["enable_maketorrent"] != 1) { AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to use maketorrent"); showErrorPage("maketorrent is disabled."); } // Variable information $tpath = $cfg["torrent_file_path"]; $tfile = @$_POST['torrent']; $file = @$_GET['path']; $torrent = cleanFileName(StripFolders(trim($file))) . ".torrent"; $announce = @$_POST['announce'] ? $_POST['announce'] : "http://"; $ancelist = @$_POST['announcelist']; $comment = @$_POST['comments']; $peice = @$_POST['piecesize']; $alert = @$_POST['alert'] ? 1 : "''"; $private = @($_POST['Private'] == "Private") ? true : false; $dht = @($_POST['DHT'] == "DHT") ? true : false; // Let's create the torrent if (!empty($announce) && $announce != "http://") { // Create maketorrent directory if it doesn't exist if (!is_dir($tpath)) { @mkdir($tpath); } // Clean up old files if (@file_exists($tpath . $tfile)) {
/** * Grabs the data that was parsed from a Podcast * * @author Ross Carlson * @since 11/02/2005 * @param $item An array with all the values to grab * @param $folder The subfolder to store the file in * @return boolean true|false * **/ function getPodcastData($item, $folder) { global $include_path, $podcast_folder; if ($item['file'] == "") { return false; } $be = new jzBackend(); $display = new jzDisplay(); // Let's clean the new folder name $folder = trim(cleanFileName($folder)); // Let's grab the file and save it to disk $ext = substr($item['file'], strlen($item['file']) - 3, 3); $track = trim(cleanFileName($item['title'] . "." . $ext)); if (substr($podcast_folder, 0, 1) != "/") { $dir = str_replace("\\", "/", getcwd()) . "/" . $podcast_folder . "/" . $folder; } else { $dir = $podcast_folder . "/" . $folder; } $track = $dir . "/" . $track; // Now let's create the directory we need makedir($dir); // Now let's see if the file already exists if (!is_file($track)) { ?> <script language="javascript"> t.innerHTML = '<?php echo word("Downloading") . ": " . $display->returnShortName($item['title'], 45); ?> '; --> </SCRIPT> <?php flushdisplay(); // Now let's grab the file and write it out $fName = str_replace("&", "&", $item['file']); $data = file_get_contents($fName); $handle = fopen($track, "w"); fwrite($handle, $data); fclose($handle); ?> <script language="javascript"> t.innerHTML = '<?php echo word("Download Complete!"); ?> '; --> </SCRIPT> <?php flushdisplay(); } else { ?> <script language="javascript"> t.innerHTML = '<?php echo word("Exists - moving to next track..."); ?> '; --> </SCRIPT> <?php flushdisplay(); } return $track; }
/** * Add a specific file to ZIP * * @param string $strFile File to add * @param ZipArchive $objZip ZipArchive object * @param string $strVersion Version string * @param string $strDate Date string */ function addFileToZIP($strFile, $objZip, $strVersion, $strDate) { if (!shouldIgnore($strFile)) { $fileContents = file_get_contents($strFile); $fileContents = replaceMetaData($fileContents, $strVersion, $strDate); //$objZip->addFile($strFile, cleanFileName($strFile)); $objZip->addFromString(cleanFileName($strFile), $fileContents); } }
/** * accepts a file for upload */ function media_upload() { global $DIR_MEDIA, $member, $CONF; $uploadInfo = postFileInfo('uploadfile'); $filename = $uploadInfo['name']; $filetype = $uploadInfo['type']; $filesize = $uploadInfo['size']; $filetempname = $uploadInfo['tmp_name']; $fileerror = intval($uploadInfo['error']); // clean filename of characters that may cause trouble in a filename using cleanFileName() function from globalfunctions.php $filename = cleanFileName($filename); if ($filename === false) { media_doError(_ERROR_BADFILETYPE); } switch ($fileerror) { case 0: // = UPLOAD_ERR_OK break; case 1: // = UPLOAD_ERR_INI_SIZE // = UPLOAD_ERR_INI_SIZE case 2: // = UPLOAD_ERR_FORM_SIZE media_doError(_ERROR_FILE_TOO_BIG); case 3: // = UPLOAD_ERR_PARTIAL // = UPLOAD_ERR_PARTIAL case 4: // = UPLOAD_ERR_NO_FILE // = UPLOAD_ERR_NO_FILE case 6: // = UPLOAD_ERR_NO_TMP_DIR // = UPLOAD_ERR_NO_TMP_DIR case 7: // = UPLOAD_ERR_CANT_WRITE // = UPLOAD_ERR_CANT_WRITE default: // include error code for debugging // (see http://www.php.net/manual/en/features.file-upload.errors.php) media_doError(_ERROR_BADREQUEST . ' (' . $fileerror . ')'); } if ($filesize > $CONF['MaxUploadSize']) { media_doError(_ERROR_FILE_TOO_BIG); } // check file type against allowed types $ok = 0; $allowedtypes = explode(',', $CONF['AllowedTypes']); foreach ($allowedtypes as $type) { //if (eregi("\." .$type. "$",$filename)) $ok = 1; if (preg_match("#\\." . $type . "\$#i", $filename)) { $ok = 1; } } if (!$ok) { media_doError(_ERROR_BADFILETYPE); } if (!is_uploaded_file($filetempname)) { media_doError(_ERROR_BADREQUEST); } // prefix filename with current date (YYYY-MM-DD-) // this to avoid nameclashes if ($CONF['MediaPrefix']) { $filename = strftime("%Y%m%d-", time()) . $filename; } $collection = requestVar('collection'); $res = MEDIA::addMediaObject($collection, $filetempname, $filename); if ($res != '') { media_doError($res); } // shows updated list afterwards media_select(); }
echo "<div align='center'>Looks like you haven't uploaded any songs yet. You can upload them <a href='" . base_url('upload') . "' title='Upload Songs' style='color:orange;'>here</a>.</div>"; } else { ?> <div id="songs"> <table class="table table-striped"> <thead style="font-weight:bold; text-align:center; font-size:18px"> <td>Song</td> <td>Date Uploaded</td> <td>Status</td> <td>Visibility</td> <td>Actions</td> </thead> <tbody> <?php foreach ($songs as $key => $song) { $cname = cleanFileName($song->file_name); if (strlen($cname) > 25) { $file_name = substr($cname, 0, 30) . '...'; } else { $file_name = $cname; } ?> <tr> <!--b. song row--> <td class="song" style="text-align:center"> <div class="row" style="max-width:350px;overflow:hidden;text-overflow:ellipsis"> <strong><?php if (!empty($song->song_title)) { echo '<a href="' . base_url('song/' . $this->ion_auth->user()->row()->username . '/' . $song->song_url) . '" title="' . htmlspecialchars($song->song_artist, ENT_QUOTES) . ' - ' . htmlspecialchars($song->song_title, ENT_QUOTES) . '">' . $song->song_title . '</a>'; } else { echo $file_name;
/** * accepts a file for upload */ function media_upload() { global $DIR_MEDIA, $member, $CONF, $funcNum, $responseType; $uploadInfo = postFileInfo('upload'); $filename = $uploadInfo['name']; $filetype = $uploadInfo['type']; $filesize = $uploadInfo['size']; $filetempname = $uploadInfo['tmp_name']; $fileerror = intval($uploadInfo['error']); // clean filename of characters that may cause trouble in a filename using cleanFileName() function from globalfunctions.php $filename = cleanFileName($filename); if ($filename === false) { upload_doError(_ERROR_BADFILETYPE . $filename); } switch ($fileerror) { case 0: // = UPLOAD_ERR_OK break; case 1: // = UPLOAD_ERR_INI_SIZE // = UPLOAD_ERR_INI_SIZE case 2: // = UPLOAD_ERR_FORM_SIZE upload_doError(_ERROR_FILE_TOO_BIG); case 3: // = UPLOAD_ERR_PARTIAL // = UPLOAD_ERR_PARTIAL case 4: // = UPLOAD_ERR_NO_FILE // = UPLOAD_ERR_NO_FILE case 6: // = UPLOAD_ERR_NO_TMP_DIR // = UPLOAD_ERR_NO_TMP_DIR case 7: // = UPLOAD_ERR_CANT_WRITE // = UPLOAD_ERR_CANT_WRITE default: // include error code for debugging // (see http://www.php.net/manual/en/features.file-upload.errors.php) upload_doError(_ERROR_BADREQUEST . ' (' . $fileerror . ')'); } if ($filesize > $CONF['MaxUploadSize']) { upload_doError(_ERROR_FILE_TOO_BIG); } // check file type against allowed types $ok = 0; $allowedtypes = explode(',', $CONF['AllowedTypes']); foreach ($allowedtypes as $type) { if (preg_match("#\\." . $type . "\$#i", $filename)) { $ok = 1; } } if (!$ok) { upload_doError(_ERROR_BADFILETYPE . $filename); } if (!is_uploaded_file($filetempname)) { upload_doError(_ERROR_BADREQUEST); } // prefix filename with current date (YYYYMMDD-HHMMSS-) // this to avoid nameclashes if ($CONF['MediaPrefix']) { $filename = strftime("%Y%m%d-%H%M%S-", time()) . $filename; } // currently selected collection $collection = requestVar('collection'); if (!$collection || !@is_dir($DIR_MEDIA . $collection)) { $collection = $member->getID(); } // avoid directory travarsal and accessing invalid directory if (!MEDIA::isValidCollection($collection)) { media_doError(_ERROR_DISALLOWED); } $res = MEDIA::addMediaObject($collection, $filetempname, $filename); if ($res != '') { upload_doError($res); } $url = $CONF['MediaURL'] . $collection . '/' . $filename; if ($responseType != 'json') { echo "<script type='text/javascript'>window.parent.CKEDITOR.tools.callFunction(" . $funcNum . ", '" . $url . "', '');</script>"; } else { $arr = array('uploaded' => 1, 'fileName' => $filename, 'url' => $url); header("Content-Type: application/json; charset=utf-8"); echo json_encode($arr); } }
/** * Adds an uploaded file to the media archive * * @param collection * collection * @param uploadfile * the postFileInfo(..) array * @param filename * the filename that should be used to save the file as * (date prefix should be already added here) */ function addMediaObject($collection, $uploadfile, $filename) { global $DIR_MEDIA, $manager; // clean filename of characters that may cause trouble in a filename using cleanFileName() function from globalfunctions.php $filename = cleanFileName($filename); // should already have tested for allowable types before calling this method. This will only catch files with no extension at all if ($filename === false) { return _ERROR_BADFILETYPE; } $manager->notify('PreMediaUpload', array('collection' => &$collection, 'uploadfile' => $uploadfile, 'filename' => &$filename)); // don't allow uploads to unknown or forbidden collections $exceptReadOnly = true; if (!MEDIA::isValidCollection($collection, $exceptReadOnly)) { return _ERROR_DISALLOWED; } // check dir permissions (try to create dir if it does not exist) $mediadir = $DIR_MEDIA . $collection; // try to create new private media directories if needed if (!@is_dir($mediadir) && is_numeric($collection)) { $oldumask = umask(00); if (!@mkdir($mediadir, 0777)) { return _ERROR_BADPERMISSIONS; } umask($oldumask); } // if dir still not exists, the action is disallowed if (!@is_dir($mediadir)) { return _ERROR_DISALLOWED; } if (!is_writeable($mediadir)) { return _ERROR_BADPERMISSIONS; } // add trailing slash (don't add it earlier since it causes mkdir to fail on some systems) $mediadir .= '/'; if (file_exists($mediadir . $filename)) { return _ERROR_UPLOADDUPLICATE; } // move file to directory if (is_uploaded_file($uploadfile)) { if (!@move_uploaded_file($uploadfile, $mediadir . $filename)) { return _ERROR_UPLOADMOVEP; } } else { if (!copy($uploadfile, $mediadir . $filename)) { return _ERROR_UPLOADCOPY; } } // chmod uploaded file $oldumask = umask(00); @chmod($mediadir . $filename, 0644); umask($oldumask); $manager->notify('PostMediaUpload', array('collection' => $collection, 'mediadir' => $mediadir, 'filename' => $filename)); return ''; }
fwrite($handle, $iData); fclose($handle); } // Now let's create the node in the backend and assign it some values $newNode = new jzMediaNode($node->getPath("string") . "/" . $_POST['edit_podcast_path']); $newNode->addDescription($desc); $newNode->addMainArt($imgFile); // Now let's loop and look at each enclosure $i = 1; foreach ($retArray as $item) { // Let's grab it $track = getPodcastData($item, $title); if (stristr($track, ".mp3")) { // Now that we've got the link we need to add it to the backend $ext = substr($item['file'], strlen($item['file']) - 3, 3); $nTrack = trim(cleanFileName($item['title'] . "." . $ext)); $pArr = explode("/", $_POST['edit_podcast_path']); $path = array(); foreach ($pArr as $p) { $path[] = $p; } $path[] = $nTrack; $tr = $node->inject($path, $track); if ($tr !== false) { $meta = $tr->getMeta(); $meta['title'] = $item['title']; $tr->setMeta($meta); } } // Now should we stop? if ($_POST['edit_podcast_max'] != "ALL" and $_POST['edit_podcast_max'] != "") {