<?php // *************************************** Subpage: ADD FILE // ----- METHOD ADD FILE if ($media_method == 'add_file') { if (rex_post('save', 'boolean') || rex_post('saveandexit', 'boolean')) { if ($_FILES['file_new']['name'] != '' && $_FILES['file_new']['name'] != 'none') { if (!rex_mediapool_isAllowedMediaType($_FILES['file_new']['name'], rex_post('args', 'array'))) { $warning = $I18N->msg('pool_file_mediatype_not_allowed') . ' <var>.' . OOMedia::_getExtension($_FILES['file_new']['name'] . '</var>'); $whitelist = rex_mediapool_getMediaTypeWhitelist(rex_post('args', 'array')); $warning .= count($whitelist) > 0 ? '<br />' . $I18N->msg('pool_file_allowed_mediatypes') . ' <var>' . rtrim(implode('</var> <var>', $whitelist), ', ') . '</var>' : '<br />' . $I18N->msg('pool_file_banned_mediatypes') . ' <var>' . rtrim(implode('</var> <var>', rex_mediapool_getMediaTypeBlacklist()), ', ') . '</var>'; } else { $FILEINFOS['title'] = rex_request('ftitle', 'string'); if (!$PERMALL && !$REX['USER']->hasPerm("media[{$rex_file_category}]")) { $rex_file_category = 0; } // function in function.rex_mediapool.inc.php $return = rex_mediapool_saveMedia($_FILES['file_new'], $rex_file_category, $FILEINFOS, $REX['USER']->getValue('login')); if ($return['ok']) { $info = $return['msg']; $subpage = ''; } // ----- EXTENSION POINT if ($return['ok'] == 1) { rex_register_extension_point('MEDIA_ADDED', '', $return); } if (rex_post('saveandexit', 'boolean') && $return['ok'] == 1) { $file_name = $return['filename']; $ffiletype = $return['type']; $title = $return['title']; if ($opener_input_field == 'TINYIMG') {
<?php // *************************************** Subpage: ADD FILE $media_method = rex_request('media_method', 'string'); // ----- METHOD ADD FILE if ($media_method == 'add_file') { if (rex_post('save', 'boolean') || rex_post('saveandexit', 'boolean')) { if ($_FILES['file_new']['name'] != '' && $_FILES['file_new']['name'] != 'none') { if (!rex_mediapool_isAllowedMediaType($_FILES['file_new']['name'], rex_post('args', 'array'))) { $warning = rex_i18n::msg('pool_file_mediatype_not_allowed') . ' <code>' . rex_file::extension($_FILES['file_new']['name'] . '</code>'); $whitelist = rex_mediapool_getMediaTypeWhitelist(rex_post('args', 'array')); $warning .= count($whitelist) > 0 ? '<br />' . rex_i18n::msg('pool_file_allowed_mediatypes') . ' <code>' . rtrim(implode('</code>, <code>', $whitelist), ', ') . '</code>' : '<br />' . rex_i18n::msg('pool_file_banned_mediatypes') . ' <code>' . rtrim(implode('</code>, <code>', rex_mediapool_getMediaTypeBlacklist()), ', ') . '</code>'; } else { $FILEINFOS['title'] = rex_request('ftitle', 'string'); if (!$PERMALL && !rex::getUser()->getComplexPerm('media')->hasCategoryPerm($rex_file_category)) { $rex_file_category = 0; } // function in function.rex_mediapool.php $return = rex_mediapool_saveMedia($_FILES['file_new'], $rex_file_category, $FILEINFOS, rex::getUser()->getValue('login')); $info = $return['msg']; $subpage = ''; // ----- EXTENSION POINT if ($return['ok'] == 1) { rex_extension::registerPoint(new rex_extension_point('MEDIA_ADDED', '', $return)); } if (rex_post('saveandexit', 'boolean') && $return['ok'] == 1) { $file_name = $return['filename']; $ffiletype = $return['type']; $title = $return['title']; if ($opener_input_field == 'TINYIMG') { if (rex_media::isImageType(rex_file::extension($file_name))) {
/** * get whitelist of mediatypes(extensions) given via media widget "types" param. * * @param array $args widget params * * @return array whitelisted extensions */ function rex_mediapool_getMediaTypeWhitelist($args = []) { $blacklist = rex_mediapool_getMediaTypeBlacklist(); $whitelist = []; if (isset($args['types'])) { foreach (explode(',', $args['types']) as $ext) { $ext = ltrim($ext, '.'); if (!in_array($ext, $blacklist)) { // whitelist cannot override any blacklist entry from master $whitelist[] = $ext; } } } return $whitelist; }
if ($this->allowedExtensions && in_array(strtolower($ext), $this->allowedExtensions)) { $these = implode(', ', $this->allowedExtensions); return array('error' => 'Fehler: Die Datei hat eine ungültige Endung, verboten sind: ' . $these . '.'); } if (!$replaceOldFile) { $final_name = rex_mediapool_filename($filename . '.' . $ext); } if ($this->file->save($uploadDirectory . $final_name)) { rex_mediapool_syncFile($final_name, rex_get('mediaCat', 'int'), ''); rex_set_session('media[rex_file_category]', rex_get('mediaCat', 'int')); return array('success' => true, 'filename' => '' . $final_name . '', 'mediaCatId' => rex_get('mediaCat', 'int'), 'fileId' => rex_media::get($final_name)->getId(), 'originalname' => '' . $filename . '.' . $ext . '', 'timestamp' => time()); } else { return array('error' => 'Die Datei konnte nicht gespeichert werden.' . 'Der Upload wurde abgebrochen, oder es handelt sich um einen internen Fehler'); } } } // security proof // die() if not logged in if (rex::getUser()->hasPerm('rex5_multiupload[]') or rex::getUser()->isAdmin()) { // redaxo array without dots, strip them out $blockedExt = rex_mediapool_getMediaTypeBlacklist(); $allowedExtensions = $blockedExt; // max file size in bytes //$sizeLimit = 10 * 1024 * 1024; $sizeLimit = '10737418240'; $uploader = new qqFileUploader($allowedExtensions, $sizeLimit); $result = $uploader->handleUpload(rex_path::media()); // to pass data through iframe you will need to encode all html tags echo htmlspecialchars(json_encode($result), ENT_NOQUOTES); } else { die('ACCESS DENIED'); }