/**
* send response
* @access public
*
*/
public function sendResponse()
{
$xml =& CKFinder_Connector_core_Factory::getInstance("core_Xml");
$this->_connectorNode =& $xml->getConnectorNode();
$this->checkConnector();
if ($this->mustCheckRequest()) {
$this->checkRequest();
}
$resourceTypeName = $this->_currentFolder->getResourceTypeName();
if (!empty($resourceTypeName)) {
$this->_connectorNode->addAttribute("resourceType", $this->_currentFolder->getResourceTypeName());
}
if ($this->mustAddCurrentFolderNode()) {
$_currentFolder = new Ckfinder_Connector_Utils_XmlNode("CurrentFolder");
$this->_connectorNode->addChild($_currentFolder);
$_currentFolder->addAttribute("path", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($this->_currentFolder->getClientPath()));
$this->_errorHandler->setCatchAllErros(true);
$_url = $this->_currentFolder->getUrl();
$_currentFolder->addAttribute("url", is_null($_url) ? "" : CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($_url));
$this->_errorHandler->setCatchAllErros(false);
$_currentFolder->addAttribute("acl", $this->_currentFolder->getAclMask());
}
$this->buildXml();
$_oErrorNode =& $xml->getErrorNode();
$_oErrorNode->addAttribute("number", "0");
echo $this->_connectorNode->asXML();
exit;
}
/**
* Check whether Connector is enabled
* @access protected
*
*/
protected function checkConnector()
{
$_config =& CKFinder_Connector_core_Factory::getInstance("core_config");
if (!$_config->getIsEnabled()) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_CONNECTOR_DISABLED);
}
}
/**
* Throw file upload error, return true if error has been thrown, false if error has been catched
*
* @param int $number
* @param string $text
* @access public
*/
public function throwError($number, $uploaded = false, $exit = true)
{
if ($this->_catchAllErrors || in_array($number, $this->_skipErrorsArray)) {
return false;
}
$oRegistry =& CKFinder_Connector_core_Factory::getInstance("core_Registry");
$sFileName = $oRegistry->get("FileUpload_fileName");
$sFileUrl = $oRegistry->get("FileUpload_url");
$sEncodedFileName = CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($sFileName);
header('Content-Type: text/html; charset=utf-8');
$errorMessage = CKFinder_Connector_Utils_Misc::getErrorMessage($number, $sEncodedFileName);
if (!$uploaded) {
$sFileName = "";
$sEncodedFileName = "";
}
if (!empty($_GET['response_type']) && $_GET['response_type'] == 'txt') {
echo $sFileName . "|" . $errorMessage;
} else {
echo "<script type=\"text/javascript\">";
if (!empty($_GET['CKFinderFuncNum'])) {
if (!$uploaded) {
$sFileUrl = "";
$sFileName = "";
}
$funcNum = preg_replace("/[^0-9]/", "", $_GET['CKFinderFuncNum']);
echo "window.parent.CKFinder.tools.callFunction({$funcNum}, '" . str_replace("'", "\\'", $sFileUrl . $sFileName) . "', '" . str_replace("'", "\\'", $errorMessage) . "');";
} else {
echo "window.parent.OnUploadCompleted('" . str_replace("'", "\\'", $sEncodedFileName) . "', '" . str_replace("'", "\\'", $errorMessage) . "') ;";
}
echo "</script>";
}
if ($exit) {
exit;
}
}
/**
* handle request and build XML
* @access protected
*
*/
protected function buildXml()
{
if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_RENAME)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
if (!isset($_GET["fileName"])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
if (!isset($_GET["newFileName"])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
$_config =& CKFinder_Connector_core_Factory::getInstance("core_config");
$fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["fileName"]);
$newFileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["newFileName"]);
$oRenamedFileNode = new Ckfinder_Connector_Utils_XmlNode("RenamedFile");
$this->_connectorNode->addChild($oRenamedFileNode);
$oRenamedFileNode->addAttribute("name", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($fileName));
$resourceTypeInfo = $this->_currentFolder->getResourceTypeconfig();
if (!$resourceTypeInfo->checkextension($newFileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION);
}
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName) || $resourceTypeInfo->checkIsHiddenFile($fileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($newFileName) || $resourceTypeInfo->checkIsHiddenFile($newFileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
if (!$resourceTypeInfo->checkextension($fileName, false)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
if ($_config->forceAscii()) {
$newFileName = CKFinder_Connector_Utils_FileSystem::convertToAscii($newFileName);
}
$filePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName);
$newFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $newFileName);
$bMoved = false;
if (!file_exists($filePath)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND);
}
if (!is_writable(dirname($newFilePath))) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
}
if (!is_writable($filePath)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
}
if (file_exists($newFilePath)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST);
}
$bMoved = @rename($filePath, $newFilePath);
if (!$bMoved) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNKNOWN, "File " . CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($fileName) . "has not been renamed");
} else {
$oRenamedFileNode->addAttribute("newName", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFileName));
$thumbPath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getThumbsServerPath(), $fileName);
CKFinder_Connector_Utils_FileSystem::unlink($thumbPath);
}
}
/**
* Throw connector error, return true if error has been thrown, false if error has been catched
*
* @param int $number
* @param string $text
* @access public
*/
public function throwError($number, $text = false)
{
if ($this->_catchAllErrors || in_array($number, $this->_skipErrorsArray)) {
return false;
}
$_xml =& CKFinder_Connector_core_Factory::getInstance("core_Xml");
$_xml->raiseError($number, $text);
exit;
}
/**
* handle request and build XML
* @access protected
*
*/
protected function buildXml()
{
if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FOLDER_RENAME)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
if (!isset($_GET["NewFolderName"])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
$newFolderName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["NewFolderName"]);
$_config =& CKFinder_Connector_core_Factory::getInstance("core_config");
if ($_config->forceAscii()) {
$newFolderName = CKFinder_Connector_Utils_FileSystem::convertToAscii($newFolderName);
}
$resourceTypeInfo = $this->_currentFolder->getResourceTypeconfig();
if (!CKFinder_Connector_Utils_FileSystem::checkFolderName($newFolderName) || $resourceTypeInfo->checkIsHiddenFolder($newFolderName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
// The root folder cannot be deleted.
if ($this->_currentFolder->getClientPath() == "/") {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
$oldFolderPath = $this->_currentFolder->getServerPath();
$bMoved = false;
if (!is_dir($oldFolderPath)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
//let's calculate new folder name
$newFolderPath = dirname($oldFolderPath) . '/' . $newFolderName . '/';
if (file_exists(rtrim($newFolderPath, '/'))) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST);
}
$bMoved = @rename($oldFolderPath, $newFolderPath);
if (!$bMoved) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
} else {
$newThumbsServerPath = dirname($this->_currentFolder->getThumbsServerPath()) . '/' . $newFolderName . '/';
if (!@rename($this->_currentFolder->getThumbsServerPath(), $newThumbsServerPath)) {
CKFinder_Connector_Utils_FileSystem::unlink($this->_currentFolder->getThumbsServerPath());
}
}
$newFolderPath = preg_replace(",[^/]+/?\$,", $newFolderName, $this->_currentFolder->getClientPath()) . '/';
$newFolderUrl = $resourceTypeInfo->getUrl() . ltrim($newFolderPath, '/');
$oRenameNode = new Ckfinder_Connector_Utils_XmlNode("RenamedFolder");
$this->_connectorNode->addChild($oRenameNode);
$oRenameNode->addAttribute("newName", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderName));
$oRenameNode->addAttribute("newPath", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderPath));
$oRenameNode->addAttribute("newUrl", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderUrl));
}
/**
* Throw file upload error, return true if error has been thrown, false if error has been catched
*
* @param int $number
* @param string $text
* @access public
*/
public function throwError($number, $uploaded = false, $exit = true)
{
if ($this->_catchAllErrors || in_array($number, $this->_skipErrorsArray)) {
return false;
}
$oRegistry =& CKFinder_Connector_core_Factory::getInstance("core_Registry");
$sFileName = $oRegistry->get("FileUpload_fileName");
$sFileUrl = $oRegistry->get("FileUpload_url");
$sEncodedFileName = CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($sFileName);
$errorMessage = CKFinder_Connector_Utils_Misc::getErrorMessage($number, $sEncodedFileName);
if (!empty($_GET['responseType']) && $_GET['responseType'] == 'json') {
header('Content-Type: application/json; charset=utf-8');
$data = array('fileName' => $sEncodedFileName, 'uploaded' => (int) $uploaded);
if ($uploaded) {
$data['url'] = $sFileUrl . CKFinder_Connector_Utils_Misc::encodeURIComponent($sEncodedFileName);
}
if ($number !== CKFINDER_CONNECTOR_ERROR_NONE) {
$data['error'] = array('number' => $number, 'message' => $errorMessage);
}
echo json_encode($data);
} else {
header('Content-Type: text/html; charset=utf-8');
/**
* echo <script> is not called before CKFinder_Connector_Utils_Misc::getErrorMessage
* because PHP has problems with including files that contain BOM character.
* Having BOM character after <script> tag causes a javascript error.
*/
echo "<script type=\"text/javascript\">";
if (!empty($_GET['CKEditor'])) {
if (!$uploaded) {
$sFileUrl = "";
$sFileName = "";
$sEncodedFileName = "";
}
$funcNum = preg_replace("/[^0-9]/", "", $_GET['CKEditorFuncNum']);
echo "window.parent.CKEDITOR.tools.callFunction({$funcNum}, '" . str_replace("'", "\\'", $sFileUrl . CKFinder_Connector_Utils_Misc::encodeURIComponent($sEncodedFileName)) . "', '" . str_replace("'", "\\'", $errorMessage) . "');";
} else {
if (!$uploaded) {
echo "window.parent.OnUploadCompleted(" . $number . ", '', '', '') ;";
} else {
echo "window.parent.OnUploadCompleted(" . $number . ", '" . str_replace("'", "\\'", $sFileUrl . CKFinder_Connector_Utils_Misc::encodeURIComponent($sEncodedFileName)) . "', '" . str_replace("'", "\\'", $sEncodedFileName) . "', '') ;";
}
}
echo "</script>";
}
if ($exit) {
exit;
}
}
/**
* handle request and build XML
* @access protected
*
*/
protected function buildXml()
{
$_config =& CKFinder_Connector_core_Factory::getInstance("core_config");
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FOLDER_VIEW)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
// Map the virtual path to the local server path.
$_sServerDir = $this->_currentFolder->getServerPath();
if (!is_dir($_sServerDir)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FOLDER_NOT_FOUND);
}
// Create the "Folders" node.
$oFoldersNode = new Ckfinder_Connector_Utils_XmlNode("Folders");
$this->_connectorNode->addChild($oFoldersNode);
$files = array();
if ($dh = @opendir($_sServerDir)) {
while (($file = readdir($dh)) !== false) {
if ($file != "." && $file != ".." && is_dir($_sServerDir . $file)) {
$files[] = $file;
}
}
closedir($dh);
} else {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
}
$resourceTypeInfo = $this->_currentFolder->getResourceTypeconfig();
if (sizeof($files) > 0) {
natcasesort($files);
$i = 0;
foreach ($files as $file) {
$oAcl = $_config->getAccessControlconfig();
$folderPath = $this->_currentFolder->getClientPath() . $file . "/";
$aclMask = $oAcl->getComputedMask($this->_currentFolder->getResourceTypeName(), $folderPath);
if (($aclMask & CKFINDER_CONNECTOR_ACL_FOLDER_VIEW) != CKFINDER_CONNECTOR_ACL_FOLDER_VIEW) {
continue;
}
if ($resourceTypeInfo->checkIsHiddenFolder($file)) {
continue;
}
// Create the "Folder" node.
$oFolderNode[$i] = new Ckfinder_Connector_Utils_XmlNode("Folder");
$oFoldersNode->addChild($oFolderNode[$i]);
$oFolderNode[$i]->addAttribute("name", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($file));
$oFolderNode[$i]->addAttribute("hasChildren", CKFinder_Connector_Utils_FileSystem::hasChildren($folderPath, $resourceTypeInfo) ? "true" : "false");
$oFolderNode[$i]->addAttribute("acl", $aclMask);
$i++;
}
}
}
/**
* handle request and build XML
* @access protected
*
*/
protected function buildXml()
{
if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
$_config =& CKFinder_Connector_core_Factory::getInstance("core_config");
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FOLDER_CREATE)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
$_resourceTypeconfig = $this->_currentFolder->getResourceTypeconfig();
$sNewFolderName = isset($_GET["NewFolderName"]) ? $_GET["NewFolderName"] : "";
$sNewFolderName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($sNewFolderName);
if ($_config->forceAscii()) {
$sNewFolderName = CKFinder_Connector_Utils_FileSystem::convertToAscii($sNewFolderName);
}
if (!CKFinder_Connector_Utils_FileSystem::checkFolderName($sNewFolderName) || $_resourceTypeconfig->checkIsHiddenFolder($sNewFolderName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
$sServerDir = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $sNewFolderName);
if (!is_writeable($this->_currentFolder->getServerPath())) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
}
$bCreated = false;
if (file_exists($sServerDir)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST);
}
if ($perms = $_config->getChmodFolders()) {
$oldUmask = umask(0);
$bCreated = @mkdir($sServerDir, $perms);
umask($oldUmask);
} else {
$bCreated = @mkdir($sServerDir);
}
if (!$bCreated) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
} else {
$oNewFolderNode = new Ckfinder_Connector_Utils_XmlNode("NewFolder");
$this->_connectorNode->addChild($oNewFolderNode);
$oNewFolderNode->addAttribute("name", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($sNewFolderName));
}
}
/**
* handle request and build XML
* @access protected
*
*/
protected function buildXml()
{
if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
$clientPath = $this->_currentFolder->getClientPath();
$sServerDir = $this->_currentFolder->getServerPath();
$currentResourceTypeconfig = $this->_currentFolder->getResourceTypeconfig();
$_config =& CKFinder_Connector_core_Factory::getInstance("core_config");
$_aclconfig = $_config->getAccessControlconfig();
$aclMasks = array();
$_resourceTypeconfig = array();
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_RENAME | CKFINDER_CONNECTOR_ACL_FILE_UPLOAD | CKFINDER_CONNECTOR_ACL_FILE_DELETE)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
// Create the "Errors" node.
$oErrorsNode = new CKFinder_Connector_Utils_XmlNode("Errors");
$errorCode = CKFINDER_CONNECTOR_ERROR_NONE;
$copied = 0;
$copiedAll = 0;
if (!empty($_POST['copied'])) {
$copiedAll = intval($_POST['copied']);
}
$checkedPaths = array();
$oCopyFilesNode = new Ckfinder_Connector_Utils_XmlNode("CopyFiles");
if (!empty($_POST['files']) && is_array($_POST['files'])) {
foreach ($_POST['files'] as $index => $arr) {
if (empty($arr['name'])) {
continue;
}
if (!isset($arr['name'], $arr['type'], $arr['folder'])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
// file name
$name = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['name']);
// resource type
$type = $arr['type'];
// client path
$path = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['folder']);
// options
$options = !empty($arr['options']) ? $arr['options'] : '';
$destinationFilePath = $sServerDir . $name;
// check #1 (path)
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($name) || preg_match(CKFINDER_REGEX_INVALID_PATH, $path)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
// get resource type config for current file
if (!isset($_resourceTypeconfig[$type])) {
$_resourceTypeconfig[$type] = $_config->getResourceTypeconfig($type);
}
// check #2 (resource type)
if (is_null($_resourceTypeconfig[$type])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
// check #3 (extension)
if (!$_resourceTypeconfig[$type]->checkextension($name, false)) {
$errorCode = CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION;
$this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path);
continue;
}
// check #4 (extension) - when moving to another resource type, double check extension
if ($currentResourceTypeconfig->getName() != $type) {
if (!$currentResourceTypeconfig->checkextension($name, false)) {
$errorCode = CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION;
$this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path);
continue;
}
}
// check #5 (hidden folders)
// cache results
if (empty($checkedPaths[$path])) {
$checkedPaths[$path] = true;
if ($_resourceTypeconfig[$type]->checkIsHiddenPath($path)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
}
$sourceFilePath = $_resourceTypeconfig[$type]->getDirectory() . $path . $name;
// check #6 (hidden file name)
if ($currentResourceTypeconfig->checkIsHiddenFile($name)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
// check #7 (Access Control, need file view permission to source files)
if (!isset($aclMasks[$type . "@" . $path])) {
$aclMasks[$type . "@" . $path] = $_aclconfig->getComputedMask($type, $path);
}
$isAuthorized = ($aclMasks[$type . "@" . $path] & CKFINDER_CONNECTOR_ACL_FILE_VIEW) == CKFINDER_CONNECTOR_ACL_FILE_VIEW;
if (!$isAuthorized) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
// check #8 (invalid file name)
if (!file_exists($sourceFilePath) || !is_file($sourceFilePath)) {
$errorCode = CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND;
$this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path);
continue;
}
// check #9 (max size)
if ($currentResourceTypeconfig->getName() != $type) {
$maxSize = $currentResourceTypeconfig->getMaxSize();
$fileSize = filesize($sourceFilePath);
if ($maxSize && $fileSize > $maxSize) {
$errorCode = CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG;
$this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path);
continue;
}
}
//$overwrite
// finally, no errors so far, we may attempt to copy a file
// protection against copying files to itself
if ($sourceFilePath == $destinationFilePath) {
$errorCode = CKFINDER_CONNECTOR_ERROR_SOURCE_AND_TARGET_PATH_EQUAL;
$this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path);
continue;
} else {
if (file_exists($destinationFilePath) && strpos($options, "overwrite") === false) {
if (strpos($options, "autorename") !== false) {
$fileName = CKFinder_Connector_Utils_FileSystem::autoRename($sServerDir, $name);
$destinationFilePath = $sServerDir . $fileName;
if (!@copy($sourceFilePath, $destinationFilePath)) {
$errorCode = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED;
$this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path);
continue;
} else {
$copied++;
}
} else {
$errorCode = CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST;
$this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path);
continue;
}
} else {
if (!@copy($sourceFilePath, $destinationFilePath)) {
$errorCode = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED;
$this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path);
continue;
} else {
$copied++;
}
}
}
}
}
$this->_connectorNode->addChild($oCopyFilesNode);
if ($errorCode != CKFINDER_CONNECTOR_ERROR_NONE) {
$this->_connectorNode->addChild($oErrorsNode);
}
$oCopyFilesNode->addAttribute("copied", $copied);
$oCopyFilesNode->addAttribute("copiedTotal", $copiedAll + $copied);
/**
* Note: actually we could have more than one error.
* This is just a flag for CKFinder interface telling it to check all errors.
*/
if ($errorCode != CKFINDER_CONNECTOR_ERROR_NONE) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_COPY_FAILED);
}
}
/**
* handle request and build XML
* @access protected
*
*/
function buildXml()
{
if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
$this->checkConnector();
$this->checkRequest();
//resizing to 1x1 is almost equal to deleting a file, that's why FILE_DELETE permissions are required
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_DELETE) || !$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_UPLOAD)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
$_config =& CKFinder_Connector_core_Factory::getInstance("core_config");
$resourceTypeInfo = $this->_currentFolder->getResourceTypeconfig();
if (!isset($_POST["fileName"])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
$fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_POST["fileName"]);
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName) || $resourceTypeInfo->checkIsHiddenFile($fileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
if (!$resourceTypeInfo->checkextension($fileName, false)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
$filePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName);
if (!file_exists($filePath) || !is_file($filePath)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND);
}
$newWidth = trim($_POST['width']);
$newHeight = trim($_POST['height']);
$quality = 80;
$resizeOriginal = !empty($_POST['width']) && !empty($_POST['height']);
if ($resizeOriginal) {
if (!preg_match("/^\\d+\$/", $newWidth) || !preg_match("/^\\d+\$/", $newHeight) || !preg_match("/^\\d+\$/", $newWidth)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
if (!isset($_POST["newFileName"])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
$newFileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_POST["newFileName"]);
if (!$resourceTypeInfo->checkextension($newFileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION);
}
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($newFileName) || $resourceTypeInfo->checkIsHiddenFile($newFileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
$newFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $newFileName);
if (!is_writable(dirname($newFilePath))) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
}
if ($_POST['overwrite'] != "1" && file_exists($newFilePath)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST);
}
$_imagesconfig = $_config->getImagesconfig();
$maxWidth = $_imagesconfig->getMaxWidth();
$maxHeight = $_imagesconfig->getMaxHeight();
// Shouldn't happen as the JavaScript validation should not allow this.
if ($maxWidth > 0 && $newWidth > $maxWidth || $maxHeight > 0 && $newHeight > $maxHeight) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
}
require_once CKFINDER_CONNECTOR_LIB_DIR . "/CommandHandler/Thumbnail.php";
if ($resizeOriginal) {
$result = CKFinder_Connector_CommandHandler_Thumbnail::createThumb($filePath, $newFilePath, $newWidth, $newHeight, $quality, false);
if (!$result) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
}
}
$config = $this->getconfig();
$nameWithoutExt = preg_replace("/^(.+)\\_\\d+x\\d+\$/", "\$1", CKFinder_Connector_Utils_FileSystem::getFileNameWithoutextension($fileName));
$extension = CKFinder_Connector_Utils_FileSystem::getextension($fileName);
foreach (array('small', 'medium', 'large') as $size) {
if (!empty($_POST[$size]) && $_POST[$size] == '1') {
$thumbName = $nameWithoutExt . "_" . $size . "." . $extension;
$newFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $thumbName);
if (!empty($config[$size . 'Thumb'])) {
if (preg_match("/^(\\d+)x(\\d+)\$/", $config[$size . 'Thumb'], $matches)) {
CKFinder_Connector_CommandHandler_Thumbnail::createThumb($filePath, $newFilePath, $matches[1], $matches[2], $quality, true);
}
}
}
}
}
/**
* Check given file name
* Return true if file name matches hidden file names list
*
* @param string $fileName
* @access public
* @return boolean
*/
public function checkIsHiddenFile($fileName)
{
if (is_null($this->_config)) {
$this->_config =& CKFinder_Connector_core_Factory::getInstance("core_config");
}
$regex = $this->_config->getHideFilesRegex();
if ($regex) {
return preg_match($regex, $fileName);
}
return false;
}
/**
* send response (save uploaded file, resize if required)
* @access public
*
*/
public function sendResponse()
{
$iErrorNumber = CKFINDER_CONNECTOR_ERROR_NONE;
$_config =& CKFinder_Connector_core_Factory::getInstance("core_config");
$oRegistry =& CKFinder_Connector_core_Factory::getInstance("core_Registry");
$oRegistry->set("FileUpload_fileName", "unknown file");
$uploadedFile = array_shift($_FILES);
if (!isset($uploadedFile['name'])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID);
}
$sUnsafeFileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding(CKFinder_Connector_Utils_Misc::mbBasename($uploadedFile['name']));
$sFileName = CKFinder_Connector_Utils_FileSystem::secureFileName($sUnsafeFileName);
if ($sFileName != $sUnsafeFileName) {
$iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID_NAME_RENAMED;
//增加自定义的重命名函数后在此增加的两行
/* $sextension = CKFinder_Connector_Utils_FileSystem::getextension($sFileName);
$sFileName = mySetFileName() . '.' . $sextension;
//添加以下两行解决中文乱码问题(重命名) */
/* $sextension=CKFinder_Connector_Utils_FileSystem::getextension($sFileName);
$sFileName=date("Ymd")."_".date("His").".".$sextension; */
}
$oRegistry->set("FileUpload_fileName", $sFileName);
$this->checkConnector();
$this->checkRequest();
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_UPLOAD)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
$_resourceTypeconfig = $this->_currentFolder->getResourceTypeconfig();
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($sFileName) || $_resourceTypeconfig->checkIsHiddenFile($sFileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
$resourceTypeInfo = $this->_currentFolder->getResourceTypeconfig();
if (!$resourceTypeInfo->checkextension($sFileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION);
}
$oRegistry->set("FileUpload_fileName", $sFileName);
$oRegistry->set("FileUpload_url", $this->_currentFolder->getUrl());
$maxSize = $resourceTypeInfo->getMaxSize();
if (!$_config->checkSizeAfterScaling() && $maxSize && $uploadedFile['size'] > $maxSize) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG);
}
$htmlextensions = $_config->getHtmlextensions();
$sextension = CKFinder_Connector_Utils_FileSystem::getextension($sFileName);
if ($htmlextensions && !CKFinder_Connector_Utils_Misc::inArrayCaseInsensitive($sextension, $htmlextensions) && ($detectHtml = CKFinder_Connector_Utils_FileSystem::detectHtml($uploadedFile['tmp_name'])) === true) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE);
}
$secureImageUploads = $_config->getSecureImageUploads();
if ($secureImageUploads && ($isImageValid = CKFinder_Connector_Utils_FileSystem::isImageValid($uploadedFile['tmp_name'], $sextension)) === false) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT);
}
switch ($uploadedFile['error']) {
case UPLOAD_ERR_OK:
break;
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG);
break;
case UPLOAD_ERR_PARTIAL:
case UPLOAD_ERR_NO_FILE:
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT);
break;
case UPLOAD_ERR_NO_TMP_DIR:
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_NO_TMP_DIR);
break;
case UPLOAD_ERR_CANT_WRITE:
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
break;
case UPLOAD_ERR_EXTENSION:
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
break;
}
$sServerDir = $this->_currentFolder->getServerPath();
while (true) {
$sFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($sServerDir, $sFileName);
if (file_exists($sFilePath)) {
$sFileName = CKFinder_Connector_Utils_FileSystem::autoRename($sServerDir, $sFileName);
$oRegistry->set("FileUpload_fileName", $sFileName);
$iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_FILE_RENAMED;
} else {
if (false === move_uploaded_file($uploadedFile['tmp_name'], $sFilePath)) {
$iErrorNumber = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED;
} else {
if (isset($detectHtml) && $detectHtml === -1 && CKFinder_Connector_Utils_FileSystem::detectHtml($sFilePath) === true) {
@unlink($sFilePath);
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE);
} else {
if (isset($isImageValid) && $isImageValid === -1 && CKFinder_Connector_Utils_FileSystem::isImageValid($sFilePath, $sextension) === false) {
@unlink($sFilePath);
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT);
}
}
}
if (is_file($sFilePath) && ($perms = $_config->getChmodFiles())) {
$oldumask = umask(0);
chmod($sFilePath, $perms);
umask($oldumask);
}
break;
}
}
if (!$_config->checkSizeAfterScaling()) {
$this->_errorHandler->throwError($iErrorNumber, true, false);
}
//resize image if required
require_once CKFINDER_CONNECTOR_LIB_DIR . "/CommandHandler/Thumbnail.php";
$_imagesconfig = $_config->getImagesconfig();
if ($_imagesconfig->getMaxWidth() > 0 && $_imagesconfig->getMaxHeight() > 0 && $_imagesconfig->getQuality() > 0) {
CKFinder_Connector_CommandHandler_Thumbnail::createThumb($sFilePath, $sFilePath, $_imagesconfig->getMaxWidth(), $_imagesconfig->getMaxHeight(), $_imagesconfig->getQuality(), true);
}
if ($_config->checkSizeAfterScaling()) {
//check file size after scaling, attempt to delete if too big
clearstatcache();
if ($maxSize && filesize($sFilePath) > $maxSize) {
@unlink($sFilePath);
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG);
} else {
$this->_errorHandler->throwError($iErrorNumber, true, false);
}
}
CKFinder_Connector_core_Hooks::run('AfterFileUpload', array(&$this->_currentFolder, &$uploadedFile, &$sFilePath));
}
/**
* handle request and build XML
* @access protected
*
*/
protected function buildXml()
{
$_config =& CKFinder_Connector_core_Factory::getInstance("core_config");
// Create the "ConnectorInfo" node.
$_oConnInfo = new Ckfinder_Connector_Utils_XmlNode("ConnectorInfo");
$this->_connectorNode->addChild($_oConnInfo);
$_oConnInfo->addAttribute("enabled", $_config->getIsEnabled() ? "true" : "false");
if (!$_config->getIsEnabled()) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_CONNECTOR_DISABLED);
}
$_ln = '';
$_lc = $_config->getLicenseKey() . ' ';
$pos = strpos(CKFINDER_CHARS, $_lc[0]) % 5;
if ($pos == 1 || $pos == 4) {
$_ln = $_config->getLicenseName();
}
$_oConnInfo->addAttribute("s", $_ln);
$_oConnInfo->addAttribute("c", trim($_lc[11] . $_lc[0] . $_lc[8] . $_lc[12] . $_lc[26] . $_lc[2] . $_lc[3] . $_lc[25] . $_lc[1]));
$_thumbnailsconfig = $_config->getThumbnailsconfig();
$_thumbnailsEnabled = $_thumbnailsconfig->getIsEnabled();
$_oConnInfo->addAttribute("thumbsEnabled", $_thumbnailsEnabled ? "true" : "false");
if ($_thumbnailsEnabled) {
$_oConnInfo->addAttribute("thumbsUrl", $_thumbnailsconfig->getUrl());
$_oConnInfo->addAttribute("thumbsDirectAccess", $_thumbnailsconfig->getDirectAccess() ? "true" : "false");
$_oConnInfo->addAttribute("thumbsWidth", $_thumbnailsconfig->getMaxWidth());
$_oConnInfo->addAttribute("thumbsHeight", $_thumbnailsconfig->getMaxHeight());
}
$_imagesconfig = $_config->getImagesconfig();
$_oConnInfo->addAttribute("imgWidth", $_imagesconfig->getMaxWidth());
$_oConnInfo->addAttribute("imgHeight", $_imagesconfig->getMaxHeight());
// Create the "ResourceTypes" node.
$_oResourceTypes = new Ckfinder_Connector_Utils_XmlNode("ResourceTypes");
$this->_connectorNode->addChild($_oResourceTypes);
// Create the "PluginsInfo" node.
$_oPluginsInfo = new Ckfinder_Connector_Utils_XmlNode("PluginsInfo");
$this->_connectorNode->addChild($_oPluginsInfo);
// Load the resource types in an array.
$_aTypes = $_config->getDefaultResourceTypes();
if (!sizeof($_aTypes)) {
$_aTypes = $_config->getResourceTypeNames();
}
$_aTypesSize = sizeof($_aTypes);
if ($_aTypesSize) {
$phpMaxSize = 0;
$max_upload = CKFinder_Connector_Utils_Misc::returnBytes(ini_get('upload_max_filesize'));
if ($max_upload) {
$phpMaxSize = $max_upload;
}
$max_post = CKFinder_Connector_Utils_Misc::returnBytes(ini_get('post_max_size'));
if ($max_post) {
$phpMaxSize = $phpMaxSize ? min($phpMaxSize, $max_post) : $max_post;
}
//ini_get('memory_limit') only works if compiled with "--enable-memory-limit"
$memory_limit = CKFinder_Connector_Utils_Misc::returnBytes(@ini_get('memory_limit'));
if ($memory_limit && $memory_limit != -1) {
$phpMaxSize = $phpMaxSize ? min($phpMaxSize, $memory_limit) : $memory_limit;
}
$_oConnInfo->addAttribute("uploadMaxSize", $phpMaxSize);
$_oConnInfo->addAttribute("uploadCheckImages", $_config->checkSizeAfterScaling() ? "false" : "true");
for ($i = 0; $i < $_aTypesSize; $i++) {
$_resourceTypeName = $_aTypes[$i];
$_acl = $_config->getAccessControlconfig();
$_aclMask = $_acl->getComputedMask($_resourceTypeName, "/");
if (($_aclMask & CKFINDER_CONNECTOR_ACL_FOLDER_VIEW) != CKFINDER_CONNECTOR_ACL_FOLDER_VIEW) {
continue;
}
if (!isset($_GET['type']) || $_GET['type'] === $_resourceTypeName) {
//print $_resourceTypeName;
$_oTypeInfo = $_config->getResourceTypeconfig($_resourceTypeName);
//print_r($_oTypeInfo);
$_oResourceType[$i] = new Ckfinder_Connector_Utils_XmlNode("ResourceType");
$_oResourceTypes->addChild($_oResourceType[$i]);
$_oResourceType[$i]->addAttribute("name", $_resourceTypeName);
$_oResourceType[$i]->addAttribute("url", $_oTypeInfo->getUrl());
$_oResourceType[$i]->addAttribute("allowedextensions", implode(",", $_oTypeInfo->getAllowedextensions()));
$_oResourceType[$i]->addAttribute("deniedextensions", implode(",", $_oTypeInfo->getDeniedextensions()));
$_oResourceType[$i]->addAttribute("hash", $_oTypeInfo->getHash());
$_oResourceType[$i]->addAttribute("hasChildren", CKFinder_Connector_Utils_FileSystem::hasChildren('/', $_oTypeInfo) ? "true" : "false");
$_oResourceType[$i]->addAttribute("acl", $_aclMask);
$maxSize = $_oTypeInfo->getMaxSize();
if ($phpMaxSize) {
$maxSize = $maxSize ? min($maxSize, $phpMaxSize) : $phpMaxSize;
}
$_oResourceType[$i]->addAttribute("maxSize", $maxSize);
}
}
}
$config = $GLOBALS['config'];
if (!empty($config['Plugins']) && is_array($config['Plugins'])) {
$_oConnInfo->addAttribute("plugins", implode(",", $config['Plugins']));
}
CKFinder_Connector_core_Hooks::run('InitCommand', array(&$this->_connectorNode));
}
/**
* Send files using X-Sendfile server module
*
* @param string $filePath
*/
public static function sendWithXSendfile($filePath)
{
if (stripos($_SERVER['SERVER_SOFTWARE'], 'nginx') !== FALSE) {
$fallback = true;
$config =& CKFinder_Connector_core_Factory::getInstance("core_config");
$XSendfileNginx = $config->getXSendfileNginx();
foreach ($XSendfileNginx as $location => $root) {
if (false !== stripos($filePath, $root)) {
$fallback = false;
$filePath = str_ireplace($root, $location, $filePath);
header("X-Accel-Redirect: " . $filePath);
// Nginx
break;
}
}
// fallback to standar method
if ($fallback) {
CKFinder_Connector_Utils_FileSystem::readfileChunked($filePath);
}
} elseif (stripos($_SERVER['SERVER_SOFTWARE'], 'lighttpd/1.4') !== FALSE) {
header("X-LIGHTTPD-send-file: " . $filePath);
// Lighttpd v1.4
} else {
header("X-Sendfile: " . $filePath);
// Apache, Lighttpd v1.5, Cherokee
}
}
/**
* Handle request and build XML
*/
public function buildXml()
{
if (!extension_loaded('zip')) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_COMMAND);
}
$this->checkConnector();
$this->checkRequest();
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_UPLOAD)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
$this->_config =& CKFinder_Connector_core_Factory::getInstance("core_config");
$currentResourceTypeconfig = $this->_currentFolder->getResourceTypeconfig();
$_sServerDir = $this->_currentFolder->getServerPath();
$files = array();
$_zipFilesSize = 0;
$config = $this->getconfig();
$zipMaxSize = $config['zipMaxSize'];
if (!empty($zipMaxSize) && $zipMaxSize == 'default') {
$zipMaxSize = $currentResourceTypeconfig->getMaxSize();
}
$_isBasket = isset($_POST['basket']) && $_POST['basket'] == 'true' ? true : false;
if (!empty($_POST['files'])) {
$_aclconfig = $this->_config->getAccessControlconfig();
$aclMasks = array();
$_resourceTypeconfig = array();
foreach ($_POST['files'] as $arr) {
if (empty($arr['name']) || empty($arr['type']) || empty($arr['folder'])) {
continue;
}
// file name
$name = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['name']);
// resource type
$type = $arr['type'];
// client path
$path = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['folder']);
// check #1 (path)
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($name) || preg_match(CKFINDER_REGEX_INVALID_PATH, $path)) {
continue;
}
// get resource type config for current file
if (!isset($_resourceTypeconfig[$type])) {
$_resourceTypeconfig[$type] = $this->_config->getResourceTypeconfig($type);
}
// check #2 (resource type)
if (is_null($_resourceTypeconfig[$type])) {
continue;
}
// check #3 (extension)
if (!$_resourceTypeconfig[$type]->checkextension($name, false)) {
continue;
}
// check #4 (extension) - when moving to another resource type, double check extension
if ($currentResourceTypeconfig->getName() != $type && !$currentResourceTypeconfig->checkextension($name, false)) {
continue;
}
// check #5 (hidden folders)
// cache results
if (empty($checkedPaths[$path])) {
$checkedPaths[$path] = true;
if ($_resourceTypeconfig[$type]->checkIsHiddenPath($path)) {
continue;
}
}
// check #6 (hidden file name)
if ($currentResourceTypeconfig->checkIsHiddenFile($name)) {
continue;
}
// check #7 (Access Control, need file view permission to source files)
if (!isset($aclMasks[$type . "@" . $path])) {
$aclMasks[$type . "@" . $path] = $_aclconfig->getComputedMask($type, $path);
}
$isAuthorized = ($aclMasks[$type . "@" . $path] & CKFINDER_CONNECTOR_ACL_FILE_VIEW) == CKFINDER_CONNECTOR_ACL_FILE_VIEW;
if (!$isAuthorized) {
continue;
}
$sourceFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($_resourceTypeconfig[$type]->getDirectory() . $path, $name);
// check #8 (invalid file name)
if (!file_exists($sourceFilePath) || !is_file($sourceFilePath)) {
continue;
}
// check #9 - max file size
if (!empty($zipMaxSize)) {
clearstatcache();
$_zipFilesSize += filesize($sourceFilePath);
if ($_zipFilesSize > $zipMaxSize) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_CREATED_FILE_TOO_BIG);
}
}
$zipPathPart = $_isBasket ? CKFinder_Connector_Utils_FileSystem::combinePaths($type, $path) : '';
$files[$sourceFilePath] = $zipPathPart . pathinfo($sourceFilePath, PATHINFO_BASENAME);
}
} else {
if (!is_dir($_sServerDir)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FOLDER_NOT_FOUND);
}
$files = $this->getFilesRecursively($_sServerDir, $zipMaxSize);
}
if (sizeof($files) < 1) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND);
}
// default destination dir - temp
$dest_dir = CKFinder_Connector_Utils_FileSystem::getTmpDir();
$resourceTypeInfo = $this->_currentFolder->getResourceTypeconfig();
// default file name - hash
$zip_filename = substr(md5(serialize($files)), 0, 16) . $resourceTypeInfo->getHash() . '.zip';
// compress files - do not download them
// change destination and name
if (isset($_POST['download']) && $_POST['download'] == 'false') {
$dest_dir = $_sServerDir;
if (isset($_POST['zipName']) && !empty($_POST['zipName'])) {
$zip_filename = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_POST['zipName']);
if (!$resourceTypeInfo->checkextension($zip_filename)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION);
}
}
}
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($zip_filename) || $resourceTypeInfo->checkIsHiddenFile($zip_filename)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
if ($this->_config->forceAscii()) {
$zip_filename = CKFinder_Connector_Utils_FileSystem::convertToAscii($zip_filename);
}
$zipFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($dest_dir, $zip_filename);
if (!is_writable(dirname($zipFilePath))) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
}
// usually we would need to create zip?
$createZip = true;
// only if file already exists and we want download it
// do not create new one - because hash of previously created is the same - existing archive is ok
if (file_exists($zipFilePath) && isset($_POST['download']) && $_POST['download'] == 'true') {
$createZip = false;
} else {
if (file_exists($zipFilePath) && (!isset($_POST['fileExistsAction']) || !in_array($_POST['fileExistsAction'], array('autorename', 'overwrite')))) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST);
}
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_UPLOAD)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
// check how to deal with existing file
if (isset($_POST['fileExistsAction']) && $_POST['fileExistsAction'] == 'autorename') {
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_UPLOAD | CKFINDER_CONNECTOR_ACL_FILE_RENAME)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
$zip_filename = CKFinder_Connector_Utils_FileSystem::autoRename($dest_dir, $zip_filename);
$zipFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($dest_dir, $zip_filename);
} elseif (isset($_POST['fileExistsAction']) && $_POST['fileExistsAction'] == 'overwrite') {
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_RENAME | CKFINDER_CONNECTOR_ACL_FILE_DELETE)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
if (!CKFinder_Connector_Utils_FileSystem::unlink($zipFilePath)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
}
}
}
if ($createZip) {
$zip = new ZipArchive();
$result = $zip->open($zipFilePath, ZIPARCHIVE::CREATE);
if ($result !== TRUE) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNKNOWN);
}
foreach ($files as $pathname => $filename) {
if (!empty($filename)) {
if (file_exists($pathname) && is_readable($pathname)) {
$zip->addFile($pathname, $filename);
}
} else {
$zip->addEmptyDir($pathname);
}
}
$zip->close();
}
$file = new CKFinder_Connector_Utils_XmlNode("ZipFile");
$file->addAttribute("name", $zip_filename);
$this->_connectorNode->addChild($file);
}
/**
* handle request and build XML
* @access protected
*
*/
protected function buildXml()
{
if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_DELETE)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
$oErrorsNode = new CKFinder_Connector_Utils_XmlNode("Errors");
$errorCode = CKFINDER_CONNECTOR_ERROR_NONE;
$deleted = 0;
$oDeleteFilesNode = new Ckfinder_Connector_Utils_XmlNode("DeleteFiles");
$currentResourceTypeconfig = $this->_currentFolder->getResourceTypeconfig();
$_config =& CKFinder_Connector_core_Factory::getInstance("core_config");
$_aclconfig = $_config->getAccessControlconfig();
$aclMasks = array();
$_resourceTypeconfig = array();
$checkedPaths = array();
if (!empty($_POST['files']) && is_array($_POST['files'])) {
foreach ($_POST['files'] as $arr) {
if (empty($arr['name'])) {
continue;
}
if (!isset($arr['type'], $arr['folder'])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
// file name
$name = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['name']);
// resource type
$type = $arr['type'];
// client path
$path = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['folder']);
if (!isset($_resourceTypeconfig[$type])) {
$_resourceTypeconfig[$type] = $_config->getResourceTypeconfig($type);
}
if (is_null($_resourceTypeconfig[$type]) || !CKFinder_Connector_Utils_FileSystem::checkFileName($name) || preg_match(CKFINDER_REGEX_INVALID_PATH, $path)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
if (!$_resourceTypeconfig[$type]->checkextension($name, false)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
if (empty($checkedPaths[$path])) {
$checkedPaths[$path] = true;
if ($_resourceTypeconfig[$type]->checkIsHiddenPath($path)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
}
if ($currentResourceTypeconfig->checkIsHiddenFile($name)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
if (!isset($aclMasks[$type . "@" . $path])) {
$aclMasks[$type . "@" . $path] = $_aclconfig->getComputedMask($type, $path);
}
$isAuthorized = ($aclMasks[$type . "@" . $path] & CKFINDER_CONNECTOR_ACL_FILE_DELETE) == CKFINDER_CONNECTOR_ACL_FILE_DELETE;
if (!$isAuthorized) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
$filePath = $_resourceTypeconfig[$type]->getDirectory() . $path . $name;
if (!file_exists($filePath) || !is_file($filePath)) {
$errorCode = CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND;
$this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path);
continue;
}
if (!CKFinder_Connector_Utils_FileSystem::unlink($filePath)) {
$errorCode = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED;
$this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path);
continue;
} else {
$deleted++;
$thumbPath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getThumbsServerPath(), $name);
@unlink($thumbPath);
}
}
}
$this->_connectorNode->addChild($oDeleteFilesNode);
if ($errorCode != CKFINDER_CONNECTOR_ERROR_NONE) {
$this->_connectorNode->addChild($oErrorsNode);
}
$oDeleteFilesNode->addAttribute("deleted", $deleted);
if ($errorCode != CKFINDER_CONNECTOR_ERROR_NONE) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_DELETE_FAILED);
}
}
/**
* Create thumbnail
*
* @param string $sourceFile
* @param string $targetFile
* @param int $maxWidth
* @param int $maxHeight
* @param boolean $preserverAspectRatio
* @param boolean $bmpSupported
* @return boolean
* @static
* @access public
*/
public static function createThumb($sourceFile, $targetFile, $maxWidth, $maxHeight, $quality, $preserverAspectRatio, $bmpSupported = false)
{
$sourceImageAttr = @getimagesize($sourceFile);
if ($sourceImageAttr === false) {
return false;
}
$sourceImageWidth = isset($sourceImageAttr[0]) ? $sourceImageAttr[0] : 0;
$sourceImageHeight = isset($sourceImageAttr[1]) ? $sourceImageAttr[1] : 0;
$sourceImageMime = isset($sourceImageAttr["mime"]) ? $sourceImageAttr["mime"] : "";
$sourceImageBits = isset($sourceImageAttr["bits"]) ? $sourceImageAttr["bits"] : 8;
$sourceImageChannels = isset($sourceImageAttr["channels"]) ? $sourceImageAttr["channels"] : 3;
if (!$sourceImageWidth || !$sourceImageHeight || !$sourceImageMime) {
return false;
}
$iFinalWidth = $maxWidth == 0 ? $sourceImageWidth : $maxWidth;
$iFinalHeight = $maxHeight == 0 ? $sourceImageHeight : $maxHeight;
if ($sourceImageWidth <= $iFinalWidth && $sourceImageHeight <= $iFinalHeight) {
if ($sourceFile != $targetFile) {
copy($sourceFile, $targetFile);
}
return true;
}
if ($preserverAspectRatio) {
// Gets the best size for aspect ratio resampling
$oSize = CKFinder_Connector_CommandHandler_Thumbnail::GetAspectRatioSize($iFinalWidth, $iFinalHeight, $sourceImageWidth, $sourceImageHeight);
} else {
$oSize = array('Width' => $iFinalWidth, 'Height' => $iFinalHeight);
}
CKFinder_Connector_Utils_Misc::setMemoryForImage($sourceImageWidth, $sourceImageHeight, $sourceImageBits, $sourceImageChannels);
switch ($sourceImageAttr['mime']) {
case 'image/gif':
if (@imagetypes() & IMG_GIF) {
$oImage = @imagecreatefromgif($sourceFile);
} else {
$ermsg = 'GIF images are not supported';
}
break;
case 'image/jpeg':
if (@imagetypes() & IMG_JPG) {
$oImage = @imagecreatefromjpeg($sourceFile);
} else {
$ermsg = 'JPEG images are not supported';
}
break;
case 'image/png':
if (@imagetypes() & IMG_PNG) {
$oImage = @imagecreatefrompng($sourceFile);
} else {
$ermsg = 'PNG images are not supported';
}
break;
case 'image/wbmp':
if (@imagetypes() & IMG_WBMP) {
$oImage = @imagecreatefromwbmp($sourceFile);
} else {
$ermsg = 'WBMP images are not supported';
}
break;
case 'image/bmp':
/*
* This is sad that PHP doesn't support bitmaps.
* Anyway, we will use our custom function at least to display thumbnails.
* We'll not resize images this way (if $sourceFile === $targetFile),
* because user defined imagecreatefrombmp and imagecreatebmp are horribly slow
*/
if ($bmpSupported && @imagetypes() & IMG_JPG && $sourceFile != $targetFile) {
$oImage = CKFinder_Connector_Utils_Misc::imageCreateFromBmp($sourceFile);
} else {
$ermsg = 'BMP/JPG images are not supported';
}
break;
default:
$ermsg = $sourceImageAttr['mime'] . ' images are not supported';
break;
}
if (isset($ermsg) || false === $oImage) {
return false;
}
$oThumbImage = imagecreatetruecolor($oSize["Width"], $oSize["Height"]);
if ($sourceImageAttr['mime'] == 'image/png') {
$bg = imagecolorallocatealpha($oThumbImage, 255, 255, 255, 127);
// (PHP 4 >= 4.3.2, PHP 5)
imagefill($oThumbImage, 0, 0, $bg);
imagealphablending($oThumbImage, false);
imagesavealpha($oThumbImage, true);
}
//imagecopyresampled($oThumbImage, $oImage, 0, 0, 0, 0, $oSize["Width"], $oSize["Height"], $sourceImageWidth, $sourceImageHeight);
CKFinder_Connector_Utils_Misc::fastImageCopyResampled($oThumbImage, $oImage, 0, 0, 0, 0, $oSize["Width"], $oSize["Height"], $sourceImageWidth, $sourceImageHeight, (int) max(floor($quality / 20), 6));
switch ($sourceImageAttr['mime']) {
case 'image/gif':
imagegif($oThumbImage, $targetFile);
break;
case 'image/jpeg':
case 'image/bmp':
imagejpeg($oThumbImage, $targetFile, $quality);
break;
case 'image/png':
imagepng($oThumbImage, $targetFile);
break;
case 'image/wbmp':
imagewbmp($oThumbImage, $targetFile);
break;
}
$_config =& CKFinder_Connector_core_Factory::getInstance("core_config");
if (file_exists($targetFile) && ($perms = $_config->getChmodFiles())) {
$oldUmask = umask(0);
chmod($targetFile, $perms);
umask($oldUmask);
}
imageDestroy($oImage);
imageDestroy($oThumbImage);
return true;
}
/**
* Get ACL Mask
*
* @return int
* @access public
*/
public function getAclMask()
{
$_config =& CKFinder_Connector_core_Factory::getInstance("core_config");
$_aclconfig = $_config->getAccessControlconfig();
if ($this->_aclMask == -1) {
$this->_aclMask = $_aclconfig->getComputedMask($this->_resourceTypeName, $this->_clientPath);
}
return $this->_aclMask;
}
/**
* Get computed mask
*
* @param string $resourceType
* @param string $folderPath
* @return int
*/
public function getComputedMask($resourceType, $folderPath)
{
$_computedMask = 0;
$_config =& CKFinder_Connector_core_Factory::getInstance("core_config");
$_roleSessionVar = $_config->getRoleSessionVar();
$_userRole = null;
if (strlen($_roleSessionVar) && isset($_SESSION[$_roleSessionVar])) {
$_userRole = (string) $_SESSION[$_roleSessionVar];
}
if (!is_null($_userRole) && !strlen($_userRole)) {
$_userRole = null;
}
$folderPath = trim($folderPath, "/");
$_pathParts = explode("/", $folderPath);
$_currentPath = "/";
for ($i = -1; $i < sizeof($_pathParts); $i++) {
if ($i >= 0) {
if (!strlen($_pathParts[$i])) {
continue;
}
if (array_key_exists($_currentPath . '*/', $this->_aclEntries)) {
$_computedMask = $this->mergePathComputedMask($_computedMask, $resourceType, $_userRole, $_currentPath . '*/');
}
$_currentPath .= $_pathParts[$i] . '/';
}
if (array_key_exists($_currentPath, $this->_aclEntries)) {
$_computedMask = $this->mergePathComputedMask($_computedMask, $resourceType, $_userRole, $_currentPath);
}
}
return $_computedMask;
}
function sendResponse()
{
$oRegistry =& CKFinder_Connector_core_Factory::getInstance("core_Registry");
$oRegistry->set("FileUpload_url", $this->_currentFolder->getUrl());
return parent::sendResponse();
}
/**
* handle request and build XML
* @access protected
*
*/
protected function buildXml()
{
$_config =& CKFinder_Connector_core_Factory::getInstance("core_config");
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_VIEW)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
// Map the virtual path to the local server path.
$_sServerDir = $this->_currentFolder->getServerPath();
// Create the "Files" node.
$oFilesNode = new Ckfinder_Connector_Utils_XmlNode("Files");
$this->_connectorNode->addChild($oFilesNode);
if (!is_dir($_sServerDir)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FOLDER_NOT_FOUND);
}
$files = array();
$thumbFiles = array();
if ($dh = @opendir($_sServerDir)) {
while (($file = readdir($dh)) !== false) {
if ($file != "." && $file != ".." && !is_dir($_sServerDir . $file)) {
$files[] = $file;
}
}
closedir($dh);
} else {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
}
$resourceTypeInfo = $this->_currentFolder->getResourceTypeconfig();
if (sizeof($files) > 0) {
$_thumbnailsconfig = $_config->getThumbnailsconfig();
$_thumbServerPath = '';
$_showThumbs = !empty($_GET['showThumbs']) && $_GET['showThumbs'] == 1;
if ($_thumbnailsconfig->getIsEnabled() && ($_thumbnailsconfig->getDirectAccess() || $_showThumbs)) {
$_thumbServerPath = $this->_currentFolder->getThumbsServerPath();
}
natcasesort($files);
$i = 0;
foreach ($files as $file) {
$filemtime = @filemtime($_sServerDir . $file);
//otherwise file doesn't exist or we can't get it's filename properly
if ($filemtime !== false) {
$filename = CKFinder_Connector_Utils_Misc::mbBasename($file);
if (!$resourceTypeInfo->checkextension($filename, false)) {
continue;
}
if ($resourceTypeInfo->checkIsHiddenFile($filename)) {
continue;
}
$oFileNode[$i] = new Ckfinder_Connector_Utils_XmlNode("File");
$oFilesNode->addChild($oFileNode[$i]);
$oFileNode[$i]->addAttribute("name", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding(CKFinder_Connector_Utils_Misc::mbBasename($file)));
$oFileNode[$i]->addAttribute("date", @date("YmdHi", $filemtime));
if (!empty($_thumbServerPath) && preg_match(CKFINDER_REGEX_IMAGES_EXT, $filename)) {
if (file_exists($_thumbServerPath . $filename)) {
$oFileNode[$i]->addAttribute("thumb", $filename);
} elseif ($_showThumbs) {
$oFileNode[$i]->addAttribute("thumb", "?" . $filename);
}
}
$size = filesize($_sServerDir . $file);
if ($size && $size < 1024) {
$size = 1;
} else {
$size = (int) round($size / 1024);
}
$oFileNode[$i]->addAttribute("size", $size);
$i++;
}
}
}
}
/**
* Get error handler
*
* @access public
* @return CKFinder_Connector_ErrorHandler_Base|CKFinder_Connector_ErrorHandler_FileUpload|CKFinder_Connector_ErrorHandler_Http
*/
public function &getErrorHandler()
{
$_errorHandler = $this->_registry->get("errorHandler");
$oErrorHandler =& CKFinder_Connector_core_Factory::getInstance($_errorHandler);
return $oErrorHandler;
}
/**
* Simple function required by config.php - discover the server side path
* to the directory relative to the "$baseUrl" attribute
*
* @package CKFinder
* @subpackage Connector
* @param string $baseUrl
* @return string
*/
function resolveUrl($baseUrl)
{
$fileSystem =& CKFinder_Connector_core_Factory::getInstance("Utils_FileSystem");
$baseUrl = preg_replace("|^http(s)?://[^/]+|i", "", $baseUrl);
return $fileSystem->getDocumentRootPath() . $baseUrl;
}
