/**
* accepts a file for upload
*/
function media_upload()
{
global $DIR_MEDIA, $member, $CONF;
$uploadInfo = postFileInfo('uploadfile');
$filename = $uploadInfo['name'];
$filetype = $uploadInfo['type'];
$filesize = $uploadInfo['size'];
$filetempname = $uploadInfo['tmp_name'];
$fileerror = intval($uploadInfo['error']);
switch ($fileerror) {
case 0:
// = UPLOAD_ERR_OK
break;
case 1:
// = UPLOAD_ERR_INI_SIZE
// = UPLOAD_ERR_INI_SIZE
case 2:
// = UPLOAD_ERR_FORM_SIZE
media_doError(_ERROR_FILE_TOO_BIG);
case 3:
// = UPLOAD_ERR_PARTIAL
// = UPLOAD_ERR_PARTIAL
case 4:
// = UPLOAD_ERR_NO_FILE
// = UPLOAD_ERR_NO_FILE
case 6:
// = UPLOAD_ERR_NO_TMP_DIR
// = UPLOAD_ERR_NO_TMP_DIR
case 7:
// = UPLOAD_ERR_CANT_WRITE
// = UPLOAD_ERR_CANT_WRITE
default:
// include error code for debugging
// (see http://www.php.net/manual/en/features.file-upload.errors.php)
media_doError(_ERROR_BADREQUEST . ' (' . $fileerror . ')');
}
if ($filesize > $CONF['MaxUploadSize']) {
media_doError(_ERROR_FILE_TOO_BIG);
}
// check file type against allowed types
$ok = 0;
$allowedtypes = explode(',', $CONF['AllowedTypes']);
foreach ($allowedtypes as $type) {
if (preg_match("#\\." . $type . "\$#i", $filename)) {
$ok = 1;
}
}
if (!$ok) {
media_doError(_ERROR_BADFILETYPE);
}
if (!is_uploaded_file($filetempname)) {
media_doError(_ERROR_BADREQUEST);
}
// prefix filename with current date (YYYY-MM-DD-)
// this to avoid nameclashes
if ($CONF['MediaPrefix']) {
$filename = strftime("%Y%m%d-", time()) . $filename;
}
$collection = requestVar('collection');
$res = MEDIA::addMediaObject($collection, $filetempname, $filename);
if ($res != '') {
media_doError($res);
}
// shows updated list afterwards
media_select();
}
/**
* accepts a file for upload
*/
function media_upload()
{
global $DIR_MEDIA, $member, $CONF, $funcNum, $responseType;
$uploadInfo = postFileInfo('upload');
$filename = $uploadInfo['name'];
$filetype = $uploadInfo['type'];
$filesize = $uploadInfo['size'];
$filetempname = $uploadInfo['tmp_name'];
$fileerror = intval($uploadInfo['error']);
// clean filename of characters that may cause trouble in a filename using cleanFileName() function from globalfunctions.php
$filename = cleanFileName($filename);
if ($filename === false) {
upload_doError(_ERROR_BADFILETYPE . $filename);
}
switch ($fileerror) {
case 0:
// = UPLOAD_ERR_OK
break;
case 1:
// = UPLOAD_ERR_INI_SIZE
// = UPLOAD_ERR_INI_SIZE
case 2:
// = UPLOAD_ERR_FORM_SIZE
upload_doError(_ERROR_FILE_TOO_BIG);
case 3:
// = UPLOAD_ERR_PARTIAL
// = UPLOAD_ERR_PARTIAL
case 4:
// = UPLOAD_ERR_NO_FILE
// = UPLOAD_ERR_NO_FILE
case 6:
// = UPLOAD_ERR_NO_TMP_DIR
// = UPLOAD_ERR_NO_TMP_DIR
case 7:
// = UPLOAD_ERR_CANT_WRITE
// = UPLOAD_ERR_CANT_WRITE
default:
// include error code for debugging
// (see http://www.php.net/manual/en/features.file-upload.errors.php)
upload_doError(_ERROR_BADREQUEST . ' (' . $fileerror . ')');
}
if ($filesize > $CONF['MaxUploadSize']) {
upload_doError(_ERROR_FILE_TOO_BIG);
}
// check file type against allowed types
$ok = 0;
$allowedtypes = explode(',', $CONF['AllowedTypes']);
foreach ($allowedtypes as $type) {
if (preg_match("#\\." . $type . "\$#i", $filename)) {
$ok = 1;
}
}
if (!$ok) {
upload_doError(_ERROR_BADFILETYPE . $filename);
}
if (!is_uploaded_file($filetempname)) {
upload_doError(_ERROR_BADREQUEST);
}
// prefix filename with current date (YYYYMMDD-HHMMSS-)
// this to avoid nameclashes
if ($CONF['MediaPrefix']) {
$filename = strftime("%Y%m%d-%H%M%S-", time()) . $filename;
}
// currently selected collection
$collection = requestVar('collection');
if (!$collection || !@is_dir($DIR_MEDIA . $collection)) {
$collection = $member->getID();
}
// avoid directory travarsal and accessing invalid directory
if (!MEDIA::isValidCollection($collection)) {
media_doError(_ERROR_DISALLOWED);
}
$res = MEDIA::addMediaObject($collection, $filetempname, $filename);
if ($res != '') {
upload_doError($res);
}
$url = $CONF['MediaURL'] . $collection . '/' . $filename;
if ($responseType != 'json') {
echo "<script type='text/javascript'>window.parent.CKEDITOR.tools.callFunction(" . $funcNum . ", '" . $url . "', '');</script>";
} else {
$arr = array('uploaded' => 1, 'fileName' => $filename, 'url' => $url);
header("Content-Type: application/json; charset=utf-8");
echo json_encode($arr);
}
}
/**
* Restores a database backup
*/
function do_restore()
{
$uploadInfo = postFileInfo('backup_file');
// first of all: get uploaded file:
if (empty($uploadInfo['name'])) {
return _BACKUP_RESTOR_NOFILEUPLOADED;
}
if (!is_uploaded_file($uploadInfo['tmp_name'])) {
return _BACKUP_RESTOR_NOFILEUPLOADED;
}
$backup_file_name = $uploadInfo['name'];
$backup_file_tmpname = $uploadInfo['tmp_name'];
$backup_file_type = $uploadInfo['type'];
if (!file_exists($backup_file_tmpname)) {
return _BACKUP_RESTOR_UPLOAD_ERROR;
}
if (!preg_match("/^(text\\/[a-zA-Z]+)|(application\\/(x\\-)?gzip(\\-compressed)?)|(application\\/octet-stream)\$/is", $backup_file_type)) {
return _BACKUP_RESTOR_UPLOAD_NOCORRECTTYPE;
}
if (preg_match("/\\.gz/is", $backup_file_name)) {
$gzip = 1;
} else {
$gzip = 0;
}
if (!extension_loaded("zlib") && $gzip) {
return _BACKUP_RESTOR_UPLOAD_NOZLIB;
}
// get sql query according to gzip setting (either decompress, or not)
if ($gzip) {
// decompress and read
$gz_ptr = gzopen($backup_file_tmpname, 'rb');
$sql_query = "";
while (!gzeof($gz_ptr)) {
$sql_query .= gzgets($gz_ptr, 100000);
}
} else {
// just read
$fsize = filesize($backup_file_tmpname);
if ($fsize <= 0) {
$sql_query = '';
} else {
$sql_query = fread(fopen($backup_file_tmpname, 'r'), $fsize);
}
}
// time to execute the query
$this->_execute_queries($sql_query);
}
function _skinfiles_uploadfile()
{
global $pluginUrl, $manager, $CONF;
$directory = trim(requestVar('dir'));
$directory = sfExpandDirectory($directory);
if (sfValidPath($directory) && is_dir($directory) && is_writable($directory)) {
$file = postFileInfo('name');
if ($file['size'] > $CONF['MaxUploadSize']) {
echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE1 . "«" . htmlspecialchars($file['name']) . "» " . _SKINFILES_ERR_UPLOAD_FILE2 . _ERROR_FILE_TOO_BIG . "<br />";
echo _SKINFILES_ERR_UPLOAD_FILE3 . $CONF['MaxUploadSize'] . " / ";
echo $file['size'] . " bytes</p>";
sfShowDirectory($directory);
return;
}
if (!is_uploaded_file($file['tmp_name'])) {
echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE1 . "«" . htmlspecialchars($file['name']) . "» " . _SKINFILES_ERR_UPLOAD_FILE2 . _ERROR_BADREQUEST . _SKINFILES_ERR_UPLOAD_FILE4 . "</p>";
sfShowDirectory($directory);
return;
}
if (sfIllegalFilename($file['name'])) {
echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE5 . "«" . htmlspecialchars($file['name']) . "» ";
echo _SKINFILES_ERR_UPLOAD_FILE6 . "</p>";
sfShowDirectory($directory);
return;
}
if (file_exists($directory . $file['name'])) {
echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE1 . "«" . htmlspecialchars($file['name']) . "» " . _SKINFILES_ERR_UPLOAD_FILE2 . _ERROR_UPLOADDUPLICATE . "</p>";
sfShowDirectory($directory);
return;
}
if (!@move_uploaded_file($file['tmp_name'], $directory . $file['name'])) {
echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE1 . "«" . htmlspecialchars($file['name']) . "» " . _SKINFILES_ERR_UPLOAD_FILE2 . _ERROR_UPLOADMOVEP . _SKINFILES_ERR_UPLOAD_FILE4 . "</p>";
sfShowDirectory($directory);
}
$mask = @umask(00);
@chmod($directory . $file['name'], 0755);
@umask($mask);
echo "<p class='message'>" . _SKINFILES_ERR_UPLOAD_FILE7 . "«" . htmlspecialchars($file['name']) . "» " . _SKINFILES_ERR_UPLOAD_FILE8 . "</p>";
sfShowDirectory($directory);
} else {
echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE9 . "«" . htmlspecialchars(_skinfiles_basename($directory)) . "» " . _SKINFILES_ERR_UPLOAD_FILE10;
echo _SKINFILES_ERR_UPLOAD_FILE11 . "</p>";
}
}