/**
* logic for uploading an image
*
* @access public
* @return void
*
*/
function uploadimage()
{
$app = JFactory::getApplication();
// Check for request forgeries
JSession::checkToken() or jexit('Invalid token');
$jemsettings = JEMAdmin::config();
$file = JFactory::getApplication()->input->files->get('userfile', array(), 'array');
$task = JFactory::getApplication()->input->get('task', '');
// Set FTP credentials, if given
jimport('joomla.client.helper');
JClientHelper::setCredentialsFromRequest('ftp');
//$ftp = JClientHelper::getCredentials('ftp');
//set the target directory
if ($task == 'venueimgup') {
$base_Dir = JPATH_SITE.'/images/jem/venues/';
} else if ($task == 'eventimgup') {
$base_Dir = JPATH_SITE.'/images/jem/events/';
} else if ($task == 'categoriesimgup') {
$base_Dir = JPATH_SITE.'/images/jem/categories/';
}
//do we have an upload?
if (empty($file['name'])) {
echo "<script> alert('".JText::_('COM_JEM_IMAGE_EMPTY')."'); window.history.go(-1); </script>\n";
$app->close();
}
//check the image
$check = JEMImage::check($file, $jemsettings);
if ($check === false) {
$app->redirect($_SERVER['HTTP_REFERER']);
}
//sanitize the image filename
$filename = JEMImage::sanitize($base_Dir, $file['name']);
$filepath = $base_Dir . $filename;
//upload the image
if (!JFile::upload($file['tmp_name'], $filepath)) {
echo "<script> alert('".JText::_('COM_JEM_UPLOAD_FAILED')."'); window.history.go(-1); </script>\n";
$app->close();
} else {
echo "<script> alert('".JText::_('COM_JEM_UPLOAD_COMPLETE')."'); window.history.go(-1); window.parent.SelectImage('$filename', '$filename'); </script>\n";
$app->close();
}
}
/**
* upload files for the specified object
*
* @param array data from JInput 'files'
* @param string object identification (should be event<eventid>, category<categoryid>, etc...)
*/
static function postUpload($post_files, $object)
{
require_once JPATH_SITE.'/components/com_jem/classes/image.class.php';
$user = JemFactory::getUser();
$jemsettings = JEMHelper::config();
$path = JPATH_SITE.'/'.$jemsettings->attachments_path.'/'.$object;
if (!(is_array($post_files) && count($post_files))) {
return false;
}
$allowed = explode(",", $jemsettings->attachments_types);
foreach ($allowed as $k => $v) {
$allowed[$k] = trim($v);
}
$maxsizeinput = $jemsettings->attachments_maxsize*1024; //size in kb
foreach ($post_files['name'] as $k => $file)
{
if (empty($file)) {
continue;
}
// check if the filetype is valid
$fileext = strtolower(JFile::getExt($file));
if (!in_array($fileext, $allowed)) {
JError::raiseWarning(0, JText::_('COM_JEM_ERROR_ATTACHEMENT_EXTENSION_NOT_ALLOWED').': '.$file);
continue;
}
// check size
if ($post_files['size'][$k] > $maxsizeinput) {
JError::raiseWarning(0, JText::sprintf('COM_JEM_ERROR_ATTACHEMENT_FILE_TOO_BIG', $file, $post_files['size'][$k], $maxsizeinput));
continue;
}
if (!JFolder::exists($path)) {
// try to create it
$res = JFolder::create($path);
if (!$res) {
JError::raiseWarning(0, JText::_('COM_JEM_ERROR_COULD_NOT_CREATE_FOLDER').': '.$path);
return false;
}
}
// TODO: Probably move this to a helper class
$sanitizedFilename = JEMImage::sanitize($path, $file);
// Make sure that the full file path is safe.
$filepath = JPath::clean( $path.'/'.$sanitizedFilename);
// Since Joomla! 3.4.0 JFile::upload has some more params to control new security parsing
// Unfortunately this parsing is partially stupid so it may reject archives for non-understandable reason.
if (version_compare(JVERSION, '3.4', 'lt')) {
JFile::upload($post_files['tmp_name'][$k], $filepath);
} else {
// switch off parsing archives for byte sequences looking like a script file extension
// but keep all other checks running
JFile::upload($post_files['tmp_name'][$k], $filepath, false, false, array('fobidden_ext_in_content' => false));
}
$table = JTable::getInstance('jem_attachments', '');
$table->file = $sanitizedFilename;
$table->object = $object;
if (isset($post_files['customname'][$k]) && !empty($post_files['customname'][$k])) {
$table->name = $post_files['customname'][$k];
}
if (isset($post_files['description'][$k]) && !empty($post_files['description'][$k])) {
$table->description = $post_files['description'][$k];
}
if (isset($post_files['access'][$k])) {
$table->access = intval($post_files['access'][$k]);
}
$table->added = strftime('%F %T');
$table->added_by = $user->get('id');
if (!($table->check() && $table->store())) {
JError::raiseWarning(0, JText::_('COM_JEM_ATTACHMENT_ERROR_SAVING_TO_DB').': '.$table->getError());
}
}
return true;
}
/**
* Overloaded store method for the Venue table.
*/
public function store($updateNulls = false)
{
$date = JFactory::getDate();
$user = JemFactory::getUser();
$userid = $user->get('id');
$app = JFactory::getApplication();
$jinput = $app->input;
$jemsettings = JEMHelper::config();
// Check if we're in the front or back
if ($app->isAdmin())
$backend = true;
else
$backend = false;
if ($this->id) {
// Existing event
$this->modified = $date->toSql();
$this->modified_by = $userid;
}
else
{
// New event
if (!intval($this->created)){
$this->created = $date->toSql();
}
if (empty($this->created_by)){
$this->created_by = $userid;
}
}
// Check if image was selected
jimport('joomla.filesystem.file');
$image_dir = JPATH_SITE.'/images/jem/venues/';
$allowable = array ('gif', 'jpg', 'png');
$image_to_delete = false;
// get image (frontend) - allow "removal on save" (Hoffi, 2014-06-07)
if (!$backend) {
if (($jemsettings->imageenabled == 2 || $jemsettings->imageenabled == 1)) {
$file = $jinput->files->get('userfile', array(), 'array');
$removeimage = $jinput->getInt('removeimage', 0);
if (!empty($file['name'])) {
//check the image
$check = JEMImage::check($file, $jemsettings);
if ($check !== false) {
//sanitize the image filename
$filename = JEMImage::sanitize($image_dir, $file['name']);
$filepath = $image_dir . $filename;
if (JFile::upload($file['tmp_name'], $filepath)) {
$image_to_delete = $this->locimage; // delete previous image
$this->locimage = $filename;
}
}
} elseif (!empty($removeimage)) {
// if removeimage is non-zero remove image from venue
// (file will be deleted later (e.g. housekeeping) if unused)
$image_to_delete = $this->locimage;
$this->locimage = '';
}
} // end image if
} // if (!backend)
$format = JFile::getExt($image_dir . $this->locimage);
if (!in_array($format, $allowable))
{
$this->locimage = '';
}
if (!$backend) {
/* check if the user has the required rank for autopublish new venues */
if (!$this->id && !$user->can('publish', 'venue', $this->id, $this->created_by)) {
$this->published = 0;
}
}
// item must be stored BEFORE image deletion
$ret = parent::store($updateNulls);
if ($ret && $image_to_delete) {
JemHelper::delete_unused_image_files('venue', $image_to_delete);
}
return $ret;
}
