/** * Filter data from file uploader * * @param string $name * @return array $filtered */ function fn_filter_uploaded_data($name) { $udata_local = fn_rebuid_files('file_' . $name); $udata_other = !empty($_REQUEST['file_' . $name]) ? $_REQUEST['file_' . $name] : array(); $utype = !empty($_REQUEST['type_' . $name]) ? $_REQUEST['type_' . $name] : array(); //var_dump($udata_local);var_dump($udata_other);var_dump($utype); if (empty($utype)) { return array(); } $filtered = array(); //var_dump($udata_local); foreach ($utype as $id => $type) { if ($type == 'local' && !fn_is_empty(@$udata_local[$id])) { $filtered[$id] = fn_get_local_data(fn_strip_slashes($udata_local[$id])); } elseif ($type == 'server' && !fn_is_empty(@$udata_other[$id]) && AREA == 'A') { fn_get_last_key($udata_other[$id], 'fn_get_server_data', true); $filtered[$id] = $udata_other[$id]; } elseif ($type == 'url' && !fn_is_empty(@$udata_other[$id])) { fn_get_last_key($udata_other[$id], 'fn_get_url_data', true); $filtered[$id] = $udata_other[$id]; } if (!empty($filtered[$id]['name'])) { $filtered[$id]['name'] = str_replace(' ', '_', urldecode($filtered[$id]['name'])); // replace spaces with underscores $ext = fn_get_file_ext($filtered[$id]['name']); if (in_array($ext, Registry::get('config.forbidden_file_extensions'))) { unset($filtered[$id]); $msg = fn_get_lang_var('text_forbidden_file_extension'); $msg = str_replace('[ext]', $ext, $msg); fn_set_notification('E', fn_get_lang_var('error'), $msg); } } } static $shutdown_inited; if (!$shutdown_inited) { $shutdown_inited = true; register_shutdown_function('fn_remove_temp_data'); } //var_dump($filtered); //die(); return $filtered; }
/** * Filters data from instant file uploader * @param array $filter_by_ext allow file extensions * @return mixed filtered file data on success, false otherwise */ function fn_filter_instant_upload($filter_by_ext = array()) { if (!empty($_FILES['upload'])) { $_FILES['upload']['path'] = $_FILES['upload']['tmp_name']; $uploaded_data = fn_get_local_data(Bootstrap::stripSlashes($_FILES['upload'])); if (fn_check_uploaded_data($uploaded_data, $filter_by_ext)) { return $uploaded_data; } } return false; }
/** * Filter data from file uploader * * @param string $name * @return array $filtered */ function fn_filter_uploaded_data($name, $filter_by_ext = array()) { $udata_local = fn_rebuild_files('file_' . $name); $udata_other = !empty($_REQUEST['file_' . $name]) ? $_REQUEST['file_' . $name] : array(); $utype = !empty($_REQUEST['type_' . $name]) ? $_REQUEST['type_' . $name] : array(); //var_dump($name);echo"<br/>"; // if($name=='p_feature_var_extra_image_detailed'){ // var_dump($utype);die(); // } if (empty($utype)) { return array(); } $filtered = array(); foreach ($utype as $id => $type) { if ($type == 'local' && !fn_is_empty(@$udata_local[$id])) { $filtered[$id] = fn_get_local_data(Bootstrap::stripSlashes($udata_local[$id])); } elseif ($type == 'server' && !fn_is_empty(@$udata_other[$id]) && AREA == 'A') { fn_get_last_key($udata_other[$id], 'fn_get_server_data', true); $filtered[$id] = $udata_other[$id]; } elseif ($type == 'url' && !fn_is_empty(@$udata_other[$id])) { fn_get_last_key($udata_other[$id], 'fn_get_url_data', true); $filtered[$id] = $udata_other[$id]; } if (isset($filtered[$id]) && $filtered[$id] === false) { unset($filtered[$id]); fn_set_notification('E', __('error'), __('cant_upload_file')); } if (!empty($filtered[$id]) && is_array($filtered[$id]) && !empty($filtered[$id]['name'])) { $filtered[$id]['name'] = str_replace(' ', '_', urldecode($filtered[$id]['name'])); // replace spaces with underscores $ext = fn_get_file_ext($filtered[$id]['name']); if (!empty($filter_by_ext) && !in_array(fn_strtolower($ext), $filter_by_ext)) { unset($filtered[$id]); fn_set_notification('E', __('error'), __('text_not_allowed_to_upload_file_extension', array('[ext]' => $ext))); } elseif (in_array(fn_strtolower($ext), Registry::get('config.forbidden_file_extensions'))) { unset($filtered[$id]); fn_set_notification('E', __('error'), __('text_forbidden_file_extension', array('[ext]' => $ext))); } } if (!empty($filtered[$id]['path']) && in_array(fn_get_mime_content_type($filtered[$id]['path'], true, 'text/plain'), Registry::get('config.forbidden_mime_types'))) { fn_set_notification('E', __('error'), __('text_forbidden_file_mime', array('[mime]' => fn_get_mime_content_type($filtered[$id]['path'], true, 'text/plain')))); unset($filtered[$id]); } } static $shutdown_inited; if (!$shutdown_inited) { $shutdown_inited = true; register_shutdown_function('fn_remove_temp_data'); } return $filtered; }