Example #1
0
/**
 * accepts a file for upload
 */
function media_upload()
{
    global $DIR_MEDIA, $member, $CONF;
    $uploadInfo = postFileInfo('uploadfile');
    $filename = $uploadInfo['name'];
    $filetype = $uploadInfo['type'];
    $filesize = $uploadInfo['size'];
    $filetempname = $uploadInfo['tmp_name'];
    $fileerror = intval($uploadInfo['error']);
    switch ($fileerror) {
        case 0:
            // = UPLOAD_ERR_OK
            break;
        case 1:
            // = UPLOAD_ERR_INI_SIZE
        // = UPLOAD_ERR_INI_SIZE
        case 2:
            // = UPLOAD_ERR_FORM_SIZE
            media_doError(_ERROR_FILE_TOO_BIG);
        case 3:
            // = UPLOAD_ERR_PARTIAL
        // = UPLOAD_ERR_PARTIAL
        case 4:
            // = UPLOAD_ERR_NO_FILE
        // = UPLOAD_ERR_NO_FILE
        case 6:
            // = UPLOAD_ERR_NO_TMP_DIR
        // = UPLOAD_ERR_NO_TMP_DIR
        case 7:
            // = UPLOAD_ERR_CANT_WRITE
        // = UPLOAD_ERR_CANT_WRITE
        default:
            // include error code for debugging
            // (see http://www.php.net/manual/en/features.file-upload.errors.php)
            media_doError(_ERROR_BADREQUEST . ' (' . $fileerror . ')');
    }
    if ($filesize > $CONF['MaxUploadSize']) {
        media_doError(_ERROR_FILE_TOO_BIG);
    }
    // check file type against allowed types
    $ok = 0;
    $allowedtypes = explode(',', $CONF['AllowedTypes']);
    foreach ($allowedtypes as $type) {
        if (preg_match("#\\." . $type . "\$#i", $filename)) {
            $ok = 1;
        }
    }
    if (!$ok) {
        media_doError(_ERROR_BADFILETYPE);
    }
    if (!is_uploaded_file($filetempname)) {
        media_doError(_ERROR_BADREQUEST);
    }
    // prefix filename with current date (YYYY-MM-DD-)
    // this to avoid nameclashes
    if ($CONF['MediaPrefix']) {
        $filename = strftime("%Y%m%d-", time()) . $filename;
    }
    $collection = requestVar('collection');
    $res = MEDIA::addMediaObject($collection, $filetempname, $filename);
    if ($res != '') {
        media_doError($res);
    }
    // shows updated list afterwards
    media_select();
}
Example #2
0
/**
 * accepts a file for upload
 */
function media_upload()
{
    global $DIR_MEDIA, $member, $CONF, $funcNum, $responseType;
    $uploadInfo = postFileInfo('upload');
    $filename = $uploadInfo['name'];
    $filetype = $uploadInfo['type'];
    $filesize = $uploadInfo['size'];
    $filetempname = $uploadInfo['tmp_name'];
    $fileerror = intval($uploadInfo['error']);
    // clean filename of characters that may cause trouble in a filename using cleanFileName() function from globalfunctions.php
    $filename = cleanFileName($filename);
    if ($filename === false) {
        upload_doError(_ERROR_BADFILETYPE . $filename);
    }
    switch ($fileerror) {
        case 0:
            // = UPLOAD_ERR_OK
            break;
        case 1:
            // = UPLOAD_ERR_INI_SIZE
        // = UPLOAD_ERR_INI_SIZE
        case 2:
            // = UPLOAD_ERR_FORM_SIZE
            upload_doError(_ERROR_FILE_TOO_BIG);
        case 3:
            // = UPLOAD_ERR_PARTIAL
        // = UPLOAD_ERR_PARTIAL
        case 4:
            // = UPLOAD_ERR_NO_FILE
        // = UPLOAD_ERR_NO_FILE
        case 6:
            // = UPLOAD_ERR_NO_TMP_DIR
        // = UPLOAD_ERR_NO_TMP_DIR
        case 7:
            // = UPLOAD_ERR_CANT_WRITE
        // = UPLOAD_ERR_CANT_WRITE
        default:
            // include error code for debugging
            // (see http://www.php.net/manual/en/features.file-upload.errors.php)
            upload_doError(_ERROR_BADREQUEST . ' (' . $fileerror . ')');
    }
    if ($filesize > $CONF['MaxUploadSize']) {
        upload_doError(_ERROR_FILE_TOO_BIG);
    }
    // check file type against allowed types
    $ok = 0;
    $allowedtypes = explode(',', $CONF['AllowedTypes']);
    foreach ($allowedtypes as $type) {
        if (preg_match("#\\." . $type . "\$#i", $filename)) {
            $ok = 1;
        }
    }
    if (!$ok) {
        upload_doError(_ERROR_BADFILETYPE . $filename);
    }
    if (!is_uploaded_file($filetempname)) {
        upload_doError(_ERROR_BADREQUEST);
    }
    // prefix filename with current date (YYYYMMDD-HHMMSS-)
    // this to avoid nameclashes
    if ($CONF['MediaPrefix']) {
        $filename = strftime("%Y%m%d-%H%M%S-", time()) . $filename;
    }
    // currently selected collection
    $collection = requestVar('collection');
    if (!$collection || !@is_dir($DIR_MEDIA . $collection)) {
        $collection = $member->getID();
    }
    // avoid directory travarsal and accessing invalid directory
    if (!MEDIA::isValidCollection($collection)) {
        media_doError(_ERROR_DISALLOWED);
    }
    $res = MEDIA::addMediaObject($collection, $filetempname, $filename);
    if ($res != '') {
        upload_doError($res);
    }
    $url = $CONF['MediaURL'] . $collection . '/' . $filename;
    if ($responseType != 'json') {
        echo "<script type='text/javascript'>window.parent.CKEDITOR.tools.callFunction(" . $funcNum . ", '" . $url . "', '');</script>";
    } else {
        $arr = array('uploaded' => 1, 'fileName' => $filename, 'url' => $url);
        header("Content-Type: application/json; charset=utf-8");
        echo json_encode($arr);
    }
}
Example #3
0
 /**
  * Restores a database backup
  */
 function do_restore()
 {
     $uploadInfo = postFileInfo('backup_file');
     // first of all: get uploaded file:
     if (empty($uploadInfo['name'])) {
         return _BACKUP_RESTOR_NOFILEUPLOADED;
     }
     if (!is_uploaded_file($uploadInfo['tmp_name'])) {
         return _BACKUP_RESTOR_NOFILEUPLOADED;
     }
     $backup_file_name = $uploadInfo['name'];
     $backup_file_tmpname = $uploadInfo['tmp_name'];
     $backup_file_type = $uploadInfo['type'];
     if (!file_exists($backup_file_tmpname)) {
         return _BACKUP_RESTOR_UPLOAD_ERROR;
     }
     if (!preg_match("/^(text\\/[a-zA-Z]+)|(application\\/(x\\-)?gzip(\\-compressed)?)|(application\\/octet-stream)\$/is", $backup_file_type)) {
         return _BACKUP_RESTOR_UPLOAD_NOCORRECTTYPE;
     }
     if (preg_match("/\\.gz/is", $backup_file_name)) {
         $gzip = 1;
     } else {
         $gzip = 0;
     }
     if (!extension_loaded("zlib") && $gzip) {
         return _BACKUP_RESTOR_UPLOAD_NOZLIB;
     }
     // get sql query according to gzip setting (either decompress, or not)
     if ($gzip) {
         // decompress and read
         $gz_ptr = gzopen($backup_file_tmpname, 'rb');
         $sql_query = "";
         while (!gzeof($gz_ptr)) {
             $sql_query .= gzgets($gz_ptr, 100000);
         }
     } else {
         // just read
         $fsize = filesize($backup_file_tmpname);
         if ($fsize <= 0) {
             $sql_query = '';
         } else {
             $sql_query = fread(fopen($backup_file_tmpname, 'r'), $fsize);
         }
     }
     // time to execute the query
     $this->_execute_queries($sql_query);
 }
Example #4
0
function _skinfiles_uploadfile()
{
    global $pluginUrl, $manager, $CONF;
    $directory = trim(requestVar('dir'));
    $directory = sfExpandDirectory($directory);
    if (sfValidPath($directory) && is_dir($directory) && is_writable($directory)) {
        $file = postFileInfo('name');
        if ($file['size'] > $CONF['MaxUploadSize']) {
            echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE1 . "&laquo;" . htmlspecialchars($file['name']) . "&raquo; " . _SKINFILES_ERR_UPLOAD_FILE2 . _ERROR_FILE_TOO_BIG . "<br />";
            echo _SKINFILES_ERR_UPLOAD_FILE3 . $CONF['MaxUploadSize'] . " / ";
            echo $file['size'] . " bytes</p>";
            sfShowDirectory($directory);
            return;
        }
        if (!is_uploaded_file($file['tmp_name'])) {
            echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE1 . "&laquo;" . htmlspecialchars($file['name']) . "&raquo; " . _SKINFILES_ERR_UPLOAD_FILE2 . _ERROR_BADREQUEST . _SKINFILES_ERR_UPLOAD_FILE4 . "</p>";
            sfShowDirectory($directory);
            return;
        }
        if (sfIllegalFilename($file['name'])) {
            echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE5 . "&laquo;" . htmlspecialchars($file['name']) . "&raquo; ";
            echo _SKINFILES_ERR_UPLOAD_FILE6 . "</p>";
            sfShowDirectory($directory);
            return;
        }
        if (file_exists($directory . $file['name'])) {
            echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE1 . "&laquo;" . htmlspecialchars($file['name']) . "&raquo; " . _SKINFILES_ERR_UPLOAD_FILE2 . _ERROR_UPLOADDUPLICATE . "</p>";
            sfShowDirectory($directory);
            return;
        }
        if (!@move_uploaded_file($file['tmp_name'], $directory . $file['name'])) {
            echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE1 . "&laquo;" . htmlspecialchars($file['name']) . "&raquo; " . _SKINFILES_ERR_UPLOAD_FILE2 . _ERROR_UPLOADMOVEP . _SKINFILES_ERR_UPLOAD_FILE4 . "</p>";
            sfShowDirectory($directory);
        }
        $mask = @umask(00);
        @chmod($directory . $file['name'], 0755);
        @umask($mask);
        echo "<p class='message'>" . _SKINFILES_ERR_UPLOAD_FILE7 . "&laquo;" . htmlspecialchars($file['name']) . "&raquo; " . _SKINFILES_ERR_UPLOAD_FILE8 . "</p>";
        sfShowDirectory($directory);
    } else {
        echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE9 . "&laquo;" . htmlspecialchars(_skinfiles_basename($directory)) . "&raquo; " . _SKINFILES_ERR_UPLOAD_FILE10;
        echo _SKINFILES_ERR_UPLOAD_FILE11 . "</p>";
    }
}