function file_insert() { global $txp_user, $file_base_path, $file_max_upload_size; if (!has_privs('file.edit.own')) { file_list(gTxt('restricted_area')); return; } extract(doSlash(gpsa(array('category', 'permissions', 'description')))); $name = file_get_uploaded_name(); $file = file_get_uploaded(); if ($file === false) { // could not get uploaded file file_list(array(gTxt('file_upload_failed') . " {$name} - " . upload_get_errormsg($_FILES['thefile']['error']), E_ERROR)); return; } $size = filesize($file); if ($file_max_upload_size < $size) { unlink($file); file_list(array(gTxt('file_upload_failed') . " {$name} - " . upload_get_errormsg(UPLOAD_ERR_FORM_SIZE), E_ERROR)); return; } $newname = sanitizeForFile($name); $newpath = build_file_path($file_base_path, $newname); if (!is_file($newname)) { $id = file_db_add($newname, $category, $permissions, $description, $size); if (!$id) { file_list(array(gTxt('file_upload_failed') . ' (db_add)', E_ERROR)); } else { $id = assert_int($id); if (!shift_uploaded_file($file, $newpath)) { safe_delete("txp_file", "id = {$id}"); safe_alter("txp_file", "auto_increment={$id}"); if (isset($GLOBALS['ID'])) { unset($GLOBALS['ID']); } file_list(array($newpath . ' ' . gTxt('upload_dir_perms'), E_ERROR)); // clean up file } else { file_set_perm($newpath); $message = gTxt('file_uploaded', array('{name}' => htmlspecialchars($newname))); file_edit($message, $id); } } } else { $message = gTxt('file_already_exists', array('{name}' => $newname)); file_list($message); } }
function output_file_download($filename) { global $file_error, $file_base_path, $pretext; callback_event('file_download'); if (!isset($file_error)) { $filename = sanitizeForFile($filename); $fullpath = build_file_path($file_base_path, $filename); if (is_file($fullpath)) { // Discard any error PHP messages. ob_clean(); $filesize = filesize($fullpath); $sent = 0; header('Content-Description: File Download'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . $filename . '"; size = "' . $filesize . '"'); // Fix for IE6 PDF bug on servers configured to send cache headers. header('Cache-Control: private'); @ini_set("zlib.output_compression", "Off"); @set_time_limit(0); @ignore_user_abort(true); if ($file = fopen($fullpath, 'rb')) { while (!feof($file) and connection_status() == 0) { echo fread($file, 1024 * 64); $sent += 1024 * 64; ob_flush(); flush(); } fclose($file); // Record download. if (connection_status() == 0 and !connection_aborted()) { safe_update('txp_file', "downloads = downloads + 1", "id = " . intval($pretext['id'])); } else { $pretext['request_uri'] .= $sent >= $filesize ? '#aborted' : "#aborted-at-" . floor($sent * 100 / $filesize) . "%"; } log_hit('200'); } } else { $file_error = 404; } } // Deal with error. if (isset($file_error)) { switch ($file_error) { case 403: txp_die(gTxt('403_forbidden'), '403'); break; case 404: txp_die(gTxt('404_not_found'), '404'); break; default: txp_die(gTxt('500_internal_server_error'), '500'); break; } } }
set_error_level($production_status); if (isset($feed)) { exit($feed()); } if (gps('parentid') && gps('submit')) { saveComment(); } elseif (gps('parentid') and $comments_mode == 1) { // popup comments? header("Content-type: text/html; charset=utf-8"); exit(popComments(gps('parentid'))); } // we are dealing with a download if (@$s == 'file_download') { callback_event('file_download'); if (!isset($file_error)) { $filename = sanitizeForFile($filename); $fullpath = build_file_path($file_base_path, $filename); if (is_file($fullpath)) { // discard any error php messages ob_clean(); $filesize = filesize($fullpath); $sent = 0; header('Content-Description: File Download'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . $filename . '"; size = "' . $filesize . '"'); // Fix for lame IE 6 pdf bug on servers configured to send cache headers header('Cache-Control: private'); @ini_set("zlib.output_compression", "Off"); @set_time_limit(0); @ignore_user_abort(true); if ($file = fopen($fullpath, 'rb')) {
function file_save() { global $file_base_path, $file_statuses, $txp_user; $varray = array_map('assert_string', gpsa(array('id', 'category', 'title', 'description', 'status', 'publish_now', 'year', 'month', 'day', 'hour', 'minute', 'second'))); extract(doSlash($varray)); $filename = $varray['filename'] = sanitizeForFile(gps('filename')); if ($filename == '') { file_list(array(gTxt('file_not_updated', array('{name}' => $filename)), E_ERROR)); return; } $id = $varray['id'] = assert_int($id); $permissions = gps('perms'); if (is_array($permissions)) { asort($permissions); $permissions = implode(",", $permissions); } $varray['permissions'] = $permissions; $perms = doSlash($permissions); $rs = safe_row('filename, author', 'txp_file', "id={$id}"); if (!has_privs('file.edit') && !($rs['author'] === $txp_user && has_privs('file.edit.own'))) { require_privs(); } $old_filename = $varray['old_filename'] = sanitizeForFile($rs['filename']); if ($old_filename != false && strcmp($old_filename, $filename) != 0) { $old_path = build_file_path($file_base_path, $old_filename); $new_path = build_file_path($file_base_path, $filename); if (file_exists($old_path) && shift_uploaded_file($old_path, $new_path) === false) { file_list(array(gTxt('file_cannot_rename', array('{name}' => $filename)), E_ERROR)); return; } else { file_set_perm($new_path); } } $created_ts = @safe_strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second); if ($publish_now) { $created = 'now()'; } elseif ($created_ts > 0) { $created = "from_unixtime('" . $created_ts . "')"; } else { $created = ''; } $size = filesize(build_file_path($file_base_path, $filename)); $constraints = array('category' => new CategoryConstraint(gps('category'), array('type' => 'file')), 'status' => new ChoiceConstraint(gps('status'), array('choices' => array_keys($file_statuses), 'message' => 'invalid_status'))); callback_event_ref('file_ui', 'validate_save', 0, $varray, $constraints); $validator = new Validator($constraints); $rs = $validator->validate() && safe_update('txp_file', "\n filename = '" . doSlash($filename) . "',\n title = '{$title}',\n category = '{$category}',\n permissions = '{$perms}',\n description = '{$description}',\n status = '{$status}',\n size = '{$size}',\n modified = now()" . ($created ? ", created = {$created}" : ''), "id = {$id}"); if (!$rs) { // Update failed, rollback name. if (isset($old_path) && shift_uploaded_file($new_path, $old_path) === false) { file_list(array(gTxt('file_unsynchronized', array('{name}' => $filename)), E_ERROR)); return; } else { file_list(array(gTxt('file_not_updated', array('{name}' => $filename)), E_ERROR)); return; } } update_lastmod('file_saved', compact('id', 'filename', 'title', 'category', 'description', 'status', 'size')); file_list(gTxt('file_updated', array('{name}' => $filename))); }
function file_save() { global $file_base_path, $txp_user; extract(doSlash(gpsa(array('id', 'category', 'title', 'description', 'status', 'publish_now', 'year', 'month', 'day', 'hour', 'minute', 'second')))); $filename = sanitizeForFile(gps('filename')); if ($filename == '') { $message = gTxt('file_not_updated', array('{name}' => $filename)); return file_list($message); } $id = assert_int($id); $permissions = gps('perms'); if (is_array($permissions)) { asort($permissions); $permissions = implode(",", $permissions); } $perms = doSlash($permissions); $rs = safe_row('filename, author', 'txp_file', "id={$id}"); if (!has_privs('file.edit') && !($rs['author'] == $txp_user && has_privs('file.edit.own'))) { file_edit(gTxt('restricted_area')); return; } $old_filename = sanitizeForFile($rs['filename']); if ($old_filename != false && strcmp($old_filename, $filename) != 0) { $old_path = build_file_path($file_base_path, $old_filename); $new_path = build_file_path($file_base_path, $filename); if (file_exists($old_path) && shift_uploaded_file($old_path, $new_path) === false) { $message = gTxt('file_cannot_rename', array('{name}' => $filename)); return file_list($message); } else { file_set_perm($new_path); } } $created_ts = @safe_strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second); if ($publish_now) { $created = 'now()'; } elseif ($created_ts > 0) { $created = "from_unixtime('" . $created_ts . "')"; } else { $created = ''; } $size = filesize(build_file_path($file_base_path, $filename)); $rs = safe_update('txp_file', "\n\t\t\tfilename = '" . doSlash($filename) . "',\n\t\t\ttitle = '{$title}',\n\t\t\tcategory = '{$category}',\n\t\t\tpermissions = '{$perms}',\n\t\t\tdescription = '{$description}',\n\t\t\tstatus = '{$status}',\n\t\t\tsize = '{$size}',\n\t\t\tmodified = now(),\n\t\t\tauthor = '" . doSlash($txp_user) . "'" . ($created ? ", created = {$created}" : ''), "id = {$id}"); if (!$rs) { // update failed, rollback name if (shift_uploaded_file($new_path, $old_path) === false) { $message = gTxt('file_unsynchronized', array('{name}' => $filename)); return file_list($message); } else { $message = gTxt('file_not_updated', array('{name}' => $filename)); return file_list($message); } } $message = gTxt('file_updated', array('{name}' => $filename)); file_list($message); }
function smd_ebook_tidy($msg = '') { global $smd_ebook_event; require_privs('plugin_prefs.' . $smd_ebook_event); if (ps('smd_ebook_cleanup')) { $to_delete = ps('smd_ebook_files'); foreach ($to_delete as $del) { $path = realpath(get_pref('tempdir') . DS . $del); unlink($path); } $msg = gTxt('smd_ebook_deleted'); } pagetop(gTxt('smd_ebook_tab_name'), $msg); extract(smd_ebook_buttons('cln')); $btnbar = has_privs('plugin_prefs.' . $smd_ebook_event) ? '<span class="smd_ebook_buttons">' . $btnMgr . n . $btnPrf . n . $btnCln . '</span>' : ''; $filelist = array(); $valid = array('mobi', 'html', 'ncx', 'opf', 'smd', 'xml'); $tmp = get_pref('tempdir') . DS; // Grab all files then remove unnecessary ones: faster than multiple globs // for each file type and more robust than relying on GLOB_BRACE support $allfiles = glob($tmp . 'smd_ebook_*/*.*'); foreach ($allfiles as $file) { $info = explode('.', $file); $lastpart = count($info) - 1; $ext = trim($info[$lastpart]); if (in_array($ext, $valid)) { $filelist[] = $file; } } echo n . '<div id="' . $smd_ebook_event . '_control" class="txp-control-panel">' . $btnbar . '</div>'; $filesel = ''; if ($filelist) { $filez = array(); foreach ($filelist as $val) { $val = basename($val); $key = sanitizeForFile($val); $filez[$key] = $val; } $selout[] = '<select id="smd_ebook_files" name="smd_ebook_files[]" class="list" size="20" multiple="multiple">'; foreach ($filez as $key => $leaf) { $selout[] = t . '<option value="' . $key . '">' . txpspecialchars($leaf) . '</option>' . n; } $selout[] = '</select>'; $filesel = join(n, $selout); } echo n . '<div class="txp-list">'; echo n . startTable(); echo n . '<form method="post" action="?event=' . $smd_ebook_event . '">'; echo n . tr(tda(strong(gTxt('smd_ebook_tidy')))); echo $filesel ? n . tr(tda($filesel)) : n . tr(tda(gTxt('smd_ebook_no_files'))); echo n . tr(tda(fInput('submit', 'smd_ebook_cleanup', gTxt('delete'), 'publish'), ' class="noline"')); echo n . sInput('smd_ebook_tidy'); echo n . tInput(); echo n . '</form>'; echo n . endTable(); echo n . '</div>'; }