<?php
// *************************************** Subpage: ADD FILE
// ----- METHOD ADD FILE
if ($media_method == 'add_file') {
if (rex_post('save', 'boolean') || rex_post('saveandexit', 'boolean')) {
if ($_FILES['file_new']['name'] != '' && $_FILES['file_new']['name'] != 'none') {
if (!rex_mediapool_isAllowedMediaType($_FILES['file_new']['name'], rex_post('args', 'array'))) {
$warning = $I18N->msg('pool_file_mediatype_not_allowed') . ' <var>.' . OOMedia::_getExtension($_FILES['file_new']['name'] . '</var>');
$whitelist = rex_mediapool_getMediaTypeWhitelist(rex_post('args', 'array'));
$warning .= count($whitelist) > 0 ? '<br />' . $I18N->msg('pool_file_allowed_mediatypes') . ' <var>' . rtrim(implode('</var> <var>', $whitelist), ', ') . '</var>' : '<br />' . $I18N->msg('pool_file_banned_mediatypes') . ' <var>' . rtrim(implode('</var> <var>', rex_mediapool_getMediaTypeBlacklist()), ', ') . '</var>';
} else {
$FILEINFOS['title'] = rex_request('ftitle', 'string');
if (!$PERMALL && !$REX['USER']->hasPerm("media[{$rex_file_category}]")) {
$rex_file_category = 0;
}
// function in function.rex_mediapool.inc.php
$return = rex_mediapool_saveMedia($_FILES['file_new'], $rex_file_category, $FILEINFOS, $REX['USER']->getValue('login'));
if ($return['ok']) {
$info = $return['msg'];
$subpage = '';
}
// ----- EXTENSION POINT
if ($return['ok'] == 1) {
rex_register_extension_point('MEDIA_ADDED', '', $return);
}
if (rex_post('saveandexit', 'boolean') && $return['ok'] == 1) {
$file_name = $return['filename'];
$ffiletype = $return['type'];
$title = $return['title'];
if ($opener_input_field == 'TINYIMG') {
<?php
// *************************************** Subpage: ADD FILE
$media_method = rex_request('media_method', 'string');
// ----- METHOD ADD FILE
if ($media_method == 'add_file') {
if (rex_post('save', 'boolean') || rex_post('saveandexit', 'boolean')) {
if ($_FILES['file_new']['name'] != '' && $_FILES['file_new']['name'] != 'none') {
if (!rex_mediapool_isAllowedMediaType($_FILES['file_new']['name'], rex_post('args', 'array'))) {
$warning = rex_i18n::msg('pool_file_mediatype_not_allowed') . ' <code>' . rex_file::extension($_FILES['file_new']['name'] . '</code>');
$whitelist = rex_mediapool_getMediaTypeWhitelist(rex_post('args', 'array'));
$warning .= count($whitelist) > 0 ? '<br />' . rex_i18n::msg('pool_file_allowed_mediatypes') . ' <code>' . rtrim(implode('</code>, <code>', $whitelist), ', ') . '</code>' : '<br />' . rex_i18n::msg('pool_file_banned_mediatypes') . ' <code>' . rtrim(implode('</code>, <code>', rex_mediapool_getMediaTypeBlacklist()), ', ') . '</code>';
} else {
$FILEINFOS['title'] = rex_request('ftitle', 'string');
if (!$PERMALL && !rex::getUser()->getComplexPerm('media')->hasCategoryPerm($rex_file_category)) {
$rex_file_category = 0;
}
// function in function.rex_mediapool.php
$return = rex_mediapool_saveMedia($_FILES['file_new'], $rex_file_category, $FILEINFOS, rex::getUser()->getValue('login'));
$info = $return['msg'];
$subpage = '';
// ----- EXTENSION POINT
if ($return['ok'] == 1) {
rex_extension::registerPoint(new rex_extension_point('MEDIA_ADDED', '', $return));
}
if (rex_post('saveandexit', 'boolean') && $return['ok'] == 1) {
$file_name = $return['filename'];
$ffiletype = $return['type'];
$title = $return['title'];
if ($opener_input_field == 'TINYIMG') {
if (rex_media::isImageType(rex_file::extension($file_name))) {
/**
* get whitelist of mediatypes(extensions) given via media widget "types" param.
*
* @param array $args widget params
*
* @return array whitelisted extensions
*/
function rex_mediapool_getMediaTypeWhitelist($args = [])
{
$blacklist = rex_mediapool_getMediaTypeBlacklist();
$whitelist = [];
if (isset($args['types'])) {
foreach (explode(',', $args['types']) as $ext) {
$ext = ltrim($ext, '.');
if (!in_array($ext, $blacklist)) {
// whitelist cannot override any blacklist entry from master
$whitelist[] = $ext;
}
}
}
return $whitelist;
}
if ($this->allowedExtensions && in_array(strtolower($ext), $this->allowedExtensions)) {
$these = implode(', ', $this->allowedExtensions);
return array('error' => 'Fehler: Die Datei hat eine ungültige Endung, verboten sind: ' . $these . '.');
}
if (!$replaceOldFile) {
$final_name = rex_mediapool_filename($filename . '.' . $ext);
}
if ($this->file->save($uploadDirectory . $final_name)) {
rex_mediapool_syncFile($final_name, rex_get('mediaCat', 'int'), '');
rex_set_session('media[rex_file_category]', rex_get('mediaCat', 'int'));
return array('success' => true, 'filename' => '' . $final_name . '', 'mediaCatId' => rex_get('mediaCat', 'int'), 'fileId' => rex_media::get($final_name)->getId(), 'originalname' => '' . $filename . '.' . $ext . '', 'timestamp' => time());
} else {
return array('error' => 'Die Datei konnte nicht gespeichert werden.' . 'Der Upload wurde abgebrochen, oder es handelt sich um einen internen Fehler');
}
}
}
// security proof // die() if not logged in
if (rex::getUser()->hasPerm('rex5_multiupload[]') or rex::getUser()->isAdmin()) {
// redaxo array without dots, strip them out
$blockedExt = rex_mediapool_getMediaTypeBlacklist();
$allowedExtensions = $blockedExt;
// max file size in bytes
//$sizeLimit = 10 * 1024 * 1024;
$sizeLimit = '10737418240';
$uploader = new qqFileUploader($allowedExtensions, $sizeLimit);
$result = $uploader->handleUpload(rex_path::media());
// to pass data through iframe you will need to encode all html tags
echo htmlspecialchars(json_encode($result), ENT_NOQUOTES);
} else {
die('ACCESS DENIED');
}
