/** * accepts a file for upload */ function media_upload() { global $DIR_MEDIA, $member, $CONF; $uploadInfo = postFileInfo('uploadfile'); $filename = $uploadInfo['name']; $filetype = $uploadInfo['type']; $filesize = $uploadInfo['size']; $filetempname = $uploadInfo['tmp_name']; $fileerror = intval($uploadInfo['error']); switch ($fileerror) { case 0: // = UPLOAD_ERR_OK break; case 1: // = UPLOAD_ERR_INI_SIZE // = UPLOAD_ERR_INI_SIZE case 2: // = UPLOAD_ERR_FORM_SIZE media_doError(_ERROR_FILE_TOO_BIG); case 3: // = UPLOAD_ERR_PARTIAL // = UPLOAD_ERR_PARTIAL case 4: // = UPLOAD_ERR_NO_FILE // = UPLOAD_ERR_NO_FILE case 6: // = UPLOAD_ERR_NO_TMP_DIR // = UPLOAD_ERR_NO_TMP_DIR case 7: // = UPLOAD_ERR_CANT_WRITE // = UPLOAD_ERR_CANT_WRITE default: // include error code for debugging // (see http://www.php.net/manual/en/features.file-upload.errors.php) media_doError(_ERROR_BADREQUEST . ' (' . $fileerror . ')'); } if ($filesize > $CONF['MaxUploadSize']) { media_doError(_ERROR_FILE_TOO_BIG); } // check file type against allowed types $ok = 0; $allowedtypes = explode(',', $CONF['AllowedTypes']); foreach ($allowedtypes as $type) { if (preg_match("#\\." . $type . "\$#i", $filename)) { $ok = 1; } } if (!$ok) { media_doError(_ERROR_BADFILETYPE); } if (!is_uploaded_file($filetempname)) { media_doError(_ERROR_BADREQUEST); } // prefix filename with current date (YYYY-MM-DD-) // this to avoid nameclashes if ($CONF['MediaPrefix']) { $filename = strftime("%Y%m%d-", time()) . $filename; } $collection = requestVar('collection'); $res = MEDIA::addMediaObject($collection, $filetempname, $filename); if ($res != '') { media_doError($res); } // shows updated list afterwards media_select(); }
/** * accepts a file for upload */ function media_upload() { global $DIR_MEDIA, $member, $CONF, $funcNum, $responseType; $uploadInfo = postFileInfo('upload'); $filename = $uploadInfo['name']; $filetype = $uploadInfo['type']; $filesize = $uploadInfo['size']; $filetempname = $uploadInfo['tmp_name']; $fileerror = intval($uploadInfo['error']); // clean filename of characters that may cause trouble in a filename using cleanFileName() function from globalfunctions.php $filename = cleanFileName($filename); if ($filename === false) { upload_doError(_ERROR_BADFILETYPE . $filename); } switch ($fileerror) { case 0: // = UPLOAD_ERR_OK break; case 1: // = UPLOAD_ERR_INI_SIZE // = UPLOAD_ERR_INI_SIZE case 2: // = UPLOAD_ERR_FORM_SIZE upload_doError(_ERROR_FILE_TOO_BIG); case 3: // = UPLOAD_ERR_PARTIAL // = UPLOAD_ERR_PARTIAL case 4: // = UPLOAD_ERR_NO_FILE // = UPLOAD_ERR_NO_FILE case 6: // = UPLOAD_ERR_NO_TMP_DIR // = UPLOAD_ERR_NO_TMP_DIR case 7: // = UPLOAD_ERR_CANT_WRITE // = UPLOAD_ERR_CANT_WRITE default: // include error code for debugging // (see http://www.php.net/manual/en/features.file-upload.errors.php) upload_doError(_ERROR_BADREQUEST . ' (' . $fileerror . ')'); } if ($filesize > $CONF['MaxUploadSize']) { upload_doError(_ERROR_FILE_TOO_BIG); } // check file type against allowed types $ok = 0; $allowedtypes = explode(',', $CONF['AllowedTypes']); foreach ($allowedtypes as $type) { if (preg_match("#\\." . $type . "\$#i", $filename)) { $ok = 1; } } if (!$ok) { upload_doError(_ERROR_BADFILETYPE . $filename); } if (!is_uploaded_file($filetempname)) { upload_doError(_ERROR_BADREQUEST); } // prefix filename with current date (YYYYMMDD-HHMMSS-) // this to avoid nameclashes if ($CONF['MediaPrefix']) { $filename = strftime("%Y%m%d-%H%M%S-", time()) . $filename; } // currently selected collection $collection = requestVar('collection'); if (!$collection || !@is_dir($DIR_MEDIA . $collection)) { $collection = $member->getID(); } // avoid directory travarsal and accessing invalid directory if (!MEDIA::isValidCollection($collection)) { media_doError(_ERROR_DISALLOWED); } $res = MEDIA::addMediaObject($collection, $filetempname, $filename); if ($res != '') { upload_doError($res); } $url = $CONF['MediaURL'] . $collection . '/' . $filename; if ($responseType != 'json') { echo "<script type='text/javascript'>window.parent.CKEDITOR.tools.callFunction(" . $funcNum . ", '" . $url . "', '');</script>"; } else { $arr = array('uploaded' => 1, 'fileName' => $filename, 'url' => $url); header("Content-Type: application/json; charset=utf-8"); echo json_encode($arr); } }
/** * Restores a database backup */ function do_restore() { $uploadInfo = postFileInfo('backup_file'); // first of all: get uploaded file: if (empty($uploadInfo['name'])) { return _BACKUP_RESTOR_NOFILEUPLOADED; } if (!is_uploaded_file($uploadInfo['tmp_name'])) { return _BACKUP_RESTOR_NOFILEUPLOADED; } $backup_file_name = $uploadInfo['name']; $backup_file_tmpname = $uploadInfo['tmp_name']; $backup_file_type = $uploadInfo['type']; if (!file_exists($backup_file_tmpname)) { return _BACKUP_RESTOR_UPLOAD_ERROR; } if (!preg_match("/^(text\\/[a-zA-Z]+)|(application\\/(x\\-)?gzip(\\-compressed)?)|(application\\/octet-stream)\$/is", $backup_file_type)) { return _BACKUP_RESTOR_UPLOAD_NOCORRECTTYPE; } if (preg_match("/\\.gz/is", $backup_file_name)) { $gzip = 1; } else { $gzip = 0; } if (!extension_loaded("zlib") && $gzip) { return _BACKUP_RESTOR_UPLOAD_NOZLIB; } // get sql query according to gzip setting (either decompress, or not) if ($gzip) { // decompress and read $gz_ptr = gzopen($backup_file_tmpname, 'rb'); $sql_query = ""; while (!gzeof($gz_ptr)) { $sql_query .= gzgets($gz_ptr, 100000); } } else { // just read $fsize = filesize($backup_file_tmpname); if ($fsize <= 0) { $sql_query = ''; } else { $sql_query = fread(fopen($backup_file_tmpname, 'r'), $fsize); } } // time to execute the query $this->_execute_queries($sql_query); }
function _skinfiles_uploadfile() { global $pluginUrl, $manager, $CONF; $directory = trim(requestVar('dir')); $directory = sfExpandDirectory($directory); if (sfValidPath($directory) && is_dir($directory) && is_writable($directory)) { $file = postFileInfo('name'); if ($file['size'] > $CONF['MaxUploadSize']) { echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE1 . "«" . htmlspecialchars($file['name']) . "» " . _SKINFILES_ERR_UPLOAD_FILE2 . _ERROR_FILE_TOO_BIG . "<br />"; echo _SKINFILES_ERR_UPLOAD_FILE3 . $CONF['MaxUploadSize'] . " / "; echo $file['size'] . " bytes</p>"; sfShowDirectory($directory); return; } if (!is_uploaded_file($file['tmp_name'])) { echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE1 . "«" . htmlspecialchars($file['name']) . "» " . _SKINFILES_ERR_UPLOAD_FILE2 . _ERROR_BADREQUEST . _SKINFILES_ERR_UPLOAD_FILE4 . "</p>"; sfShowDirectory($directory); return; } if (sfIllegalFilename($file['name'])) { echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE5 . "«" . htmlspecialchars($file['name']) . "» "; echo _SKINFILES_ERR_UPLOAD_FILE6 . "</p>"; sfShowDirectory($directory); return; } if (file_exists($directory . $file['name'])) { echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE1 . "«" . htmlspecialchars($file['name']) . "» " . _SKINFILES_ERR_UPLOAD_FILE2 . _ERROR_UPLOADDUPLICATE . "</p>"; sfShowDirectory($directory); return; } if (!@move_uploaded_file($file['tmp_name'], $directory . $file['name'])) { echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE1 . "«" . htmlspecialchars($file['name']) . "» " . _SKINFILES_ERR_UPLOAD_FILE2 . _ERROR_UPLOADMOVEP . _SKINFILES_ERR_UPLOAD_FILE4 . "</p>"; sfShowDirectory($directory); } $mask = @umask(00); @chmod($directory . $file['name'], 0755); @umask($mask); echo "<p class='message'>" . _SKINFILES_ERR_UPLOAD_FILE7 . "«" . htmlspecialchars($file['name']) . "» " . _SKINFILES_ERR_UPLOAD_FILE8 . "</p>"; sfShowDirectory($directory); } else { echo "<p class='error'>" . _SKINFILES_ERR_UPLOAD_FILE9 . "«" . htmlspecialchars(_skinfiles_basename($directory)) . "» " . _SKINFILES_ERR_UPLOAD_FILE10; echo _SKINFILES_ERR_UPLOAD_FILE11 . "</p>"; } }