function getMimeType()
{
if (isset($_SERVER['X-Mime-Type']) && is_mimetype_format($_SERVER['X-Mime-Type'])) {
return $_SERVER['X-Mime-Type'];
} else {
return get_mimetype_by_extension(which_ext($_GET['qqfile']));
}
}
function get_mediaplayer_stream($fileid = 0, $flash = false)
{
$fileid = intval($fileid);
if (!$fileid) {
return '';
}
// internal
$sql = 'SELECT * FROM ' . DB_PREPEND . 'phpwcms_file WHERE f_aktiv=1 AND f_public=1 AND f_id=' . $fileid;
if (!FEUSER_LOGIN_STATUS) {
$sql .= ' AND f_granted=0';
}
$file = _dbQuery($sql);
if (isset($file[0])) {
global $fmp_data;
$file = $file[0];
$file['fmp_file'] = PHPWCMS_URL . 'download.php?file=' . $file['f_hash'];
if ($file['f_ext']) {
$file['fmp_file'] .= '.' . $file['f_ext'];
$file['f_type'] = get_mimetype_by_extension($file['f_ext']);
$fmp_data['fmp_file_ext'] = $file['f_ext'];
if ($flash) {
$fmp_data['flashvars_type'] = $file['f_ext'];
if (in_array($file['f_ext'], array('jpeg', 'jpg', 'png', 'gif', 'swf'))) {
$fmp_data['fmp_img_id'] = 0;
}
} else {
$fmp_data['video_type'] = $file['f_type'];
}
}
$file['fmp_file'] .= '&type=' . urlencode($file['f_type']);
if (BROWSER_OS == 'iOS') {
$file['fmp_file'] .= '&ios=/' . $file['f_name'];
}
return $file['fmp_file'];
}
return '';
}
$article_thumbnail = $article_enclosure->get_thumbnail();
if (!$article_thumbnail && $article_enclosure->get_link()) {
$article_thumbnail = $article_enclosure->get_link();
if ($article_thumbnail && ($article_thumbnail_ext = which_ext($article_thumbnail)) && in_array($article_thumbnail_ext, array('jpg', 'jpeg', 'png', 'gif'))) {
if ($feedimport_result['cnt_object']['image_url_replace'][0] !== '') {
$article_thumbnail = str_replace($feedimport_result['cnt_object']['image_url_replace'][0], $feedimport_result['cnt_object']['image_url_replace'][1], $article_thumbnail);
}
$article_thumbnail_name = basename($article_thumbnail);
$article_thumbnail_hash = md5($article_thumbnail_name . microtime());
$article_thumbnail_store = PHPWCMS_STORAGE . $article_thumbnail_hash . '.' . $article_thumbnail_ext;
$oldmask = umask(0);
$insert = false;
if ($dir = @opendir(PHPWCMS_STORAGE) && copy($article_thumbnail, $article_thumbnail_store)) {
if ($article_thumbnail_size = filesize($article_thumbnail_store)) {
// yeah, we have it
$data = array('f_pid' => $feedimport_result['cnt_object']['image_folder_id'], 'f_uid' => $feedimport_result['cnt_object']['author_id'], 'f_kid' => 1, 'f_aktiv' => 1, 'f_public' => 1, 'f_name' => $article_thumbnail_name, 'f_created' => now(), 'f_size' => $article_thumbnail_size, 'f_type' => get_mimetype_by_extension($article_thumbnail_ext), 'f_ext' => $article_thumbnail_ext, 'f_longinfo' => $article_title, 'f_hash' => $article_thumbnail_hash, 'f_copyright' => '', 'f_tags' => $article_categories);
if (PHPWCMS_CHARSET != 'utf-8') {
$data['f_name'] = makeCharsetConversion($data['f_name'], 'utf-8', PHPWCMS_CHARSET);
$data['f_longinfo'] = makeCharsetConversion($data['f_longinfo'], 'utf-8', PHPWCMS_CHARSET);
$data['f_copyright'] = makeCharsetConversion($data['f_copyright'], 'utf-8', PHPWCMS_CHARSET);
$data['f_tags'] = makeCharsetConversion($data['f_tags'], 'utf-8', PHPWCMS_CHARSET);
}
$insert = _dbInsert('phpwcms_file', $data);
if (isset($insert['INSERT_ID'])) {
$feedimport_result['image']['name'] = $article_thumbnail_name;
$feedimport_result['image']['id'] = $insert['INSERT_ID'];
$feedimport_result['image']['width'] = $phpwcms["content_width"];
$feedimport_result['image']['height'] = '';
$feedimport_result['image']['hash'] = $article_thumbnail_hash;
$feedimport_result['image']['ext'] = $article_thumbnail_ext;
$feedimport_result['image']['list_usesummary'] = 1;
} else {
$file_error["keywords"][$key] = 1;
}
}
}
//starts upload of file
if (!is_uploaded_file($_FILES["file"]["tmp_name"])) {
$file_error["file"] = $BL['be_fprivup_err1'];
} elseif ($_FILES["file"]["size"] > $phpwcms["file_maxsize"]) {
$file_error["file"] = $BL['be_fprivup_err2'] . " " . number_format($phpwcms["file_maxsize"] / 1024, 2, ',', '.') . " kB";
} else {
$fileName = sanitize_filename($_FILES["file"]["name"]);
$fileExt = check_image_extension($_FILES["file"]["tmp_name"], $fileName);
$fileExt = $fileExt === false ? which_ext($fileName) : $fileExt;
$fileHash = md5($fileName . microtime());
$fileType = is_mimetype_format($_FILES["file"]["type"]) ? $_FILES["file"]["type"] : get_mimetype_by_extension($fileExt);
$fileSize = intval($_FILES["file"]["size"]);
// Check against forbidden file names
$forbiddenUploadName = array('.htaccess', 'web.config', 'lighttpd.conf', 'nginx.conf');
if (in_array(strtolower($fileName), $forbiddenUploadName)) {
$file_error["file"] = sprintf($BL['be_fprivup_err7'], $fileName);
}
// Only allowed file extensions
if (empty($file_error["file"])) {
if (is_string($phpwcms['allowed_upload_ext'])) {
$phpwcms['allowed_upload_ext'] = convertStringToArray(strtolower($phpwcms['allowed_upload_ext']));
}
if ($fileExt === '') {
$file_error["file"] = sprintf($BL['be_fprivup_err9'], implode(', ', $phpwcms['allowed_upload_ext']));
} elseif (is_array($phpwcms['allowed_upload_ext']) && count($phpwcms['allowed_upload_ext']) && !in_array(strtolower($fileExt), $phpwcms['allowed_upload_ext'])) {
$file_error["file"] = sprintf($BL['be_fprivup_err8'], strtoupper($fileName), implode(', ', $phpwcms['allowed_upload_ext']));
$fileinfo['mimetype'] = $download["f_type"];
$fileinfo['file'] = $fileinfo['path'] . $fileinfo['filename'];
$fileinfo['extension'] = $download["f_ext"];
$fileinfo['realfname'] = $phpwcms['sanitize_dlname'] ? phpwcms_remove_accents($download["f_name"]) : $download["f_name"];
// start download
$success = dl_file_resume($fileinfo['file'], $fileinfo, true);
}
}
// we hack in the stream.php here
} elseif ($file = isset($_GET['file']) ? clean_slweg($_GET['file'], 40) : '') {
$filename = basename($file);
$file = PHPWCMS_ROOT . '/' . PHPWCMS_FILES . $filename;
if (is_file($file)) {
$mime = empty($_GET['type']) ? '' : clean_slweg($_GET['type'], 100);
if (!is_mimetype_format($mime)) {
$mime = get_mimetype_by_extension(which_ext($file));
}
header('Content-Type: ' . $mime);
if (BROWSER_OS == 'iOS') {
require_once PHPWCMS_ROOT . '/include/inc_lib/functions.file.inc.php';
rangeDownload($file);
} else {
header('Content-Transfer-Encoding: binary');
if (!isset($_GET['ios'])) {
header('Content-Disposition: inline; filename="' . ($phpwcms['sanitize_dlname'] ? phpwcms_remove_accents($filename) : $filename) . '"');
}
header('Content-Length: ' . filesize($file));
readfile($file);
}
$success = true;
}
function saveUploadedFile($file, $target, $exttype = '', $imgtype = '', $rename = 0, $maxsize = 0)
{
// imgtype can be all exif_imagetype supported by your PHP install
// see http://www.php.net/exif_imagetype
$file_status = array('status' => false, 'error' => '', 'name' => '', 'tmp_name' => '', 'size' => 0, 'path' => '', 'ext' => '', 'rename' => '', 'maxsize' => intval($maxsize), 'error_num' => 0, 'type' => '');
if (!isset($_FILES[$file]) || !is_uploaded_file($_FILES[$file]['tmp_name'])) {
$file_status['error'] = 'Upload not defined';
return $file_status;
}
$file_status['name'] = sanitize_filename($_FILES[$file]['name']);
$file_status['ext'] = which_ext($file_status['name']);
$file_status['tmp_name'] = $_FILES[$file]['tmp_name'];
$file_status['size'] = $_FILES[$file]['size'];
$file_status['type'] = empty($_FILES[$file]['type']) || !is_mimetype_format($_FILES[$file]['type']) ? get_mimetype_by_extension($file_status['ext']) : $_FILES[$file]['type'];
$file_status['path'] = $target;
$file_status['rename'] = $file_status['name'];
$file_status['maxsize'] = empty($file_status['maxsize']) ? $GLOBALS['phpwcms']['file_maxsize'] : $file_status['maxsize'];
if (intval($file_status['size']) > $file_status['maxsize']) {
$file_status['error'] = 'File is too large';
$file_status['error_num'] = 400;
return $file_status;
}
if (empty($target)) {
$file_status['error'] = 'Target directory not defined';
$file_status['error_num'] = 412;
return $file_status;
}
if (!@_mkdir($target)) {
$file_status['error'] = 'The target directory "' . $target . '" can not be found or generated';
$file_status['error_num'] = 412;
return $file_status;
}
if ($_FILES[$file]['error']) {
$file_status['error'] = $_FILES[$file]['error'];
$file_status['error_num'] = 409;
return $file_status;
}
if ($imgtype) {
$imgtype = convertStringToArray(strtolower($imgtype));
if (count($imgtype)) {
$data = @getimagesize($_FILES[$file]['tmp_name']);
$exif_imagetype = array(1 => 'gif', 2 => 'jpeg', 2 => 'jpg', 3 => 'png', 4 => 'swf', 5 => 'psd', 6 => 'bmp', 7 => 'tif', 8 => 'tiff', 9 => 'jpc', 10 => 'jp2', 11 => 'jpx', 12 => 'jb2', 13 => 'swc', 14 => 'iff', 15 => 'wbmp', 16 => 'xbm');
if (!$data && !$exttype) {
$file_status['error'] = 'Format' . ($file_status['ext'] ? ' *.' . $file_status['ext'] : '') . ' not supported (';
$allowed = array();
foreach ($imgtype as $value) {
$allowed[] = '*.' . $exif_imagetype[$value];
}
$file_status['error'] .= implode(', ', $allowed) . ')';
$file_status['error_num'] = 415;
@unlink($_FILES[$file]['tmp_name']);
return $file_status;
} elseif ($data) {
if (empty($exif_imagetype[$data[2]]) || !in_array($data[2], $imgtype)) {
$file_status['error'] = 'File type ';
$file_status['error'] .= empty($exif_imagetype[$data[2]]) ? $data[2] : $exif_imagetype[$data[2]];
$file_status['error'] .= ' is not supported for this upload (';
foreach ($imgtype as $imgt) {
$file_status['error'] .= empty($exif_imagetype[$imgt]) ? $imgt : $exif_imagetype[$imgt];
$file_status['error'] .= ', ';
}
$file_status['error'] = trim(trim($file_status['error']), ',');
$file_status['error'] .= ' only)';
$file_status['error_num'] = 415;
@unlink($_FILES[$file]['tmp_name']);
return $file_status;
}
$file_status['image'] = $data;
$exttype = '';
}
}
}
if ($exttype) {
$exttype = convertStringToArray(strtolower($exttype));
if (!in_array($file_status['ext'], $exttype)) {
$file_status['error'] = 'File type *.' . $file_status['ext'] . ' is not supported for this upload (*.' . implode(', *.', $exttype) . ' only)';
$file_status['error_num'] = 415;
@unlink($_FILES[$file]['tmp_name']);
return $file_status;
}
}
if (!is_writable($target)) {
$file_status['error'] = 'Target directory <b>' . str_replace(PHPWCMS_ROOT, '', $target) . '</b> is not writable';
$file_status['error_num'] = 412;
@unlink($_FILES[$file]['tmp_name']);
return $file_status;
}
$rename = convertStringToArray($rename);
if (count($rename)) {
$_temp_name = cut_ext($file_status['rename']);
foreach ($rename as $value) {
switch ($value) {
case 1:
$_temp_name = str_replace(array(':', '/', "\\", ' '), array('-', '-', '-', '_'), phpwcms_remove_accents($_temp_name));
$_temp_name = preg_replace('/[^0-9a-z_\\-\\.]/i', '', $_temp_name);
break;
case 2:
$_temp_name = time() . '_' . $_temp_name;
break;
case 3:
$_temp_name = date('Ymd-His') . '_' . $_temp_name;
break;
case 4:
$_temp_name = date('Ymd') . '_' . $_temp_name;
break;
case 5:
$_temp_name = generic_string(6) . '_' . $_temp_name;
break;
case 6:
$_temp_name = md5($_temp_name . ($file_status['ext'] ? '.' . $file_status['ext'] : ''));
break;
case 7:
$_temp_name = shortHash($_temp_name . ($file_status['ext'] ? '.' . $file_status['ext'] : ''));
break;
}
}
$file_status['rename'] = $_temp_name . ($file_status['ext'] ? '.' . $file_status['ext'] : '');
}
@umask(0);
if (!@move_uploaded_file($_FILES[$file]['tmp_name'], $target . $file_status['rename'])) {
if (!copy($_FILES[$file]['tmp_name'], $target . $file_status['rename'])) {
$file_status['error'] = 'Saving uploaded file <b>' . html($file_status['name']) . '</b> to <b>' . html(str_replace(PHPWCMS_ROOT, '', $target . $file_status['rename'])) . '</b> failed';
$file_status['error_num'] = 412;
@unlink($_FILES[$file]['tmp_name']);
return $file_status;
}
}
@chmod($target . $file_status['rename'], 0644);
$file_status['status'] = true;
return $file_status;
}
$file_size = filesize($file_path);
$file_ext = check_image_extension($file_path);
$file_ext = false === $file_ext ? which_ext($file) : $file_ext;
$file_name = sanitize_filename($ftp["filename"][$key]);
$file_hash = md5($file_name . microtime());
if (trim($file_type) === '') {
//check file_type
if (is_mimetype_by_extension($file_ext)) {
$file_type = get_mimetype_by_extension($file_ext);
} else {
$file_check = getimagesize($file_path);
if (version_compare("4.3.0", phpversion(), ">=") && $file_check) {
$file_type = image_type_to_mime_type($file_check[2]);
}
if (!is_mimetype_format($file_type)) {
$file_type = get_mimetype_by_extension($file_ext);
}
}
}
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_file (";
$sql .= "f_pid, f_uid, f_kid, f_aktiv, f_public, f_name, f_created, f_size, f_type, f_ext, ";
$sql .= "f_shortinfo, f_longinfo, f_keywords, f_hash, f_copyright, f_tags" . $ftp['fileVarsField'] . ") VALUES (";
$sql .= $ftp["dir"] . ", " . intval($_SESSION["wcs_user_id"]) . ", 1, " . $ftp["aktiv"] . ", " . $ftp["public"] . ", ";
$sql .= _dbEscape($file_name) . ", '" . time() . "', " . _dbEscape($file_size) . ", " . _dbEscape($file_type) . ", ";
$sql .= _dbEscape($file_ext) . ", " . _dbEscape($ftp["short_info"]) . ", ";
$sql .= _dbEscape($ftp["long_info"]) . ", " . _dbEscape($ftp["keys"]) . ", '" . $file_hash . "', ";
$sql .= _dbEscape($ftp["copyright"]) . ", " . _dbEscape($ftp["tags"]) . $ftp['fileVarsValue'] . ")";
$result = _dbQuery($sql, 'INSERT');
if (isset($result['INSERT_ID'])) {
$new_fileId = $result['INSERT_ID'];
//Festlegen der aktuellen File-ID
$sql .= "f_id=" . $dl . " AND f_kid=1 AND (f_public=1";
if (empty($_SESSION["wcs_user_admin"])) {
$sql .= " OR f_uid=" . intval($_SESSION["wcs_user_id"]);
}
$sql .= ") LIMIT 1";
}
if ($result = mysql_query($sql, $db) or die("error while retrieving file download infos")) {
if ($download = mysql_fetch_array($result)) {
$dl_filename = $download["f_hash"];
if ($download["f_ext"]) {
$dl_filename .= '.' . $download["f_ext"];
}
$dl_path = PHPWCMS_ROOT . $phpwcms["file_path"];
if (file_exists($dl_path . $dl_filename)) {
if (!is_mimetype_format($download["f_type"])) {
$download["f_type"] = get_mimetype_by_extension($download["f_ext"]);
}
header("Content-type: " . $download["f_type"]);
header('Content-Disposition: attachment; filename="' . $download["f_name"] . '"');
header("Content-Length: " . filesize($dl_path . $dl_filename));
if (readfile($dl_path . $dl_filename)) {
exit;
} else {
$err = 'Error reading file (4)';
}
} else {
$err = 'File does not exist (1)';
}
} else {
$err = 'File not found in database (2)';
}
}
}
$basis = floor($value["max_width"] / $grid);
if (!$basis) {
$basis = 1;
}
$value["max_width"] = $basis * $grid;
$basis = floor($value["max_height"] / $grid);
if (!$basis) {
$basis = 1;
}
$value["max_height"] = $basis * $grid;
}
if (($image = get_cached_image($value, false, false)) && !empty($image[0])) {
// Redirect, the "old" way
if (!empty($phpwcms['cmsimage_redirect'])) {
headerRedirect(PHPWCMS_URL . PHPWCMS_IMAGES . $image[0], 301);
}
if (empty($image['type'])) {
$image['type'] = get_mimetype_by_extension(which_ext($image[0]));
}
header('Content-Type: ' . $image['type']);
header('Content-Disposition: inline');
@readfile(PHPWCMS_THUMB . $image[0]);
exit;
}
}
}
}
// uncached transparent GIF
phpwcms_empty_gif();
