function getValue($field, $source_array)
{
jimport('joomla.filesystem.file');
$upload_path = $field->getParam('upload_path', 'media' . DS . APP_EXTENSION . DS . 'files' . DS . $field->db_name);
$allowed_extensions = explode(',', $field->getParam('file_extensions', 'jpg,gif,jpeg,png'));
$delete_file = JArrayHelper::getValue($source_array, "{$field->db_name}_delete", 0, "INT");
if ($delete_file) {
return "";
}
$file = JRequest::getVar($field->db_name . '_replace', null, 'files');
if (!$file['name']) {
$file = JRequest::getVar($field->db_name, null, 'files');
}
$fname = $file['name'];
if (!is_uploaded_file($file['tmp_name'])) {
return null;
}
$ext = strtolower(JFile::getExt($fname));
if (!in_array($ext, $allowed_extensions)) {
return null;
}
$file_name = JFile::makesafe('custom-' . trim($field->db_name) . '-' . time() . ".{$ext}");
JFile::upload($file['tmp_name'], $upload_path . DS . $file_name);
return $file_name;
}
function template_update_upload()
{
require_once JPATH_COMPONENT . DS . 'assets' . DS . 'export_helper.php';
jimport('joomla.filesystem.file');
$file = "";
$msg = '';
foreach ($_FILES as $k => $v) {
// $msg .= 'key: '.$k.'<br />';
// $msg .= 'val: '.$v.'<br />';
if (strpos($k, 'uploadedupdatefile_') !== false && !empty($_FILES[$k]['name'])) {
$file = $k;
}
}
$arr = explode('_', $file);
if (count($arr) > 1) {
$tid = $arr[1];
if (!is_numeric($tid)) {
return "Error!";
}
// get previous file
$ehelper = new OnepageTemplateHelper();
$tt = $ehelper->getTemplate($tid);
$target_path = JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_onepage' . DS . 'export' . DS . 'templates' . DS;
$newname = JFile::makesafe(basename($_FILES['uploadedupdatefile_' . $tid]['name']));
if (file_exists($target_path . $newname) && $tt['file'] != $newname) {
$msg = 'Another theme is using the same filename';
} else {
if (file_exists($target_path . $tt['file'])) {
if (!JFile::delete($target_path . $tt['file'])) {
$msg .= 'Could not remove old template file: ' . $tt['file'] . '<br />';
}
}
$msg .= $ehelper->updateFileName($tid, $newname);
if (!empty($msg)) {
//$userfile = JRequest::getVar('uploadedupdatefile_'.$tid, null, 'files');
//var_dump($userfile); die();
$target_path = $target_path . $newname;
//echo $target_path.'<br />'; var_dump($_FILES); die();
if (JFile::upload($_FILES[$file]['tmp_name'], $target_path)) {
$msg .= "The template file " . $newname . " has been uploaded";
} else {
$msg .= "There was an error uploading the file, please try again! file: " . $newname;
}
}
}
}
if (empty($msg)) {
$msg = 'O.K.';
}
//JFile::delete($_FILES[$file]['tmp_name']);
$link = 'index.php?option=com_onepage&view=order_export';
$this->setRedirect($link, $msg);
return $msg;
//die('som tu');
}
/**
* Upload Form
*
* @param string $file POST File
*
* @param string &$err Message Error
*
* @param string $settings $Setting
*
* @return boolean
*/
public static function canUpload($file, &$err, $settings)
{
if (empty($file['name'])) {
$err = JText::_('JSN_UNIFORM_ERROR_UPLOAD_INPUT');
return false;
}
$params = JComponentHelper::getParams('com_media');
if (empty($settings->options->limitFileExtensions) || $settings->options->limitFileExtensions != 1) {
$settings->options->allowedExtensions = $params->get('upload_extensions');
}
if (empty($settings->options->limitFileSize) || $settings->options->limitFileSize != 1) {
$settings->options->maxSize = $params->get('upload_maxsize');
$settings->options->maxSizeUnit = 'MB';
}
jimport('joomla.filesystem.file');
if ($file['name'] !== JFile::makesafe($file['name'])) {
$err = JText::_('JSN_UNIFORM_ERROR_WARNFILENAME');
return false;
}
$format = strtolower(JFile::getExt($file['name']));
$allowedExtensions = str_replace(" ", "", $settings->options->allowedExtensions);
$allowable = explode(',', $allowedExtensions);
switch ($settings->options->maxSizeUnit) {
case 'KB':
$uploadMaxSize = $settings->options->maxSize * 1024;
break;
case 'MB':
$uploadMaxSize = $settings->options->maxSize * 1024 * 1024;
break;
case 'GB':
$uploadMaxSize = $settings->options->maxSize * 1024 * 1024 * 1024;
break;
}
if ($uploadMaxSize > (int) ini_get('upload_max_filesize') * 1024 * 1024) {
if ((int) $file['size'] == 0 && (int) $file['error'] == 1 && empty($file['tmp_name'])) {
$err = JText::sprintf('JSN_UNIFORM_POST_UPLOAD_SIZE', (int) ini_get('upload_max_filesize') . " MB");
return false;
}
}
if (!in_array($format, $allowable) || in_array($format, array('php', 'phps', 'php3', 'php4', 'phtml', 'pl', 'py', 'jsp', 'asp', 'htm', 'shtml', 'sh', 'cgi', 'htaccess', 'exe', 'dll'))) {
$err = JText::sprintf('JSN_UNIFORM_ERROR_WARNFILETYPE', "." . $format);
return false;
}
if ((int) $file['size'] > $uploadMaxSize) {
$err = JText::sprintf('JSN_UNIFORM_POST_UPLOAD_SIZE', $settings->options->maxSize . " " . $settings->options->maxSizeUnit);
return false;
} else {
if ((int) $file['size'] == 0 && (int) $file['error'] == 1 && empty($file['tmp_name'])) {
$err = JText::sprintf('JSN_UNIFORM_POST_UPLOAD_SIZE', $settings->options->maxSize . " " . $settings->options->maxSizeUnit);
return false;
}
}
return true;
}
/**
* Checks if the file can be uploaded
*
* @param array File information
* @param string An error message to be returned
* @return boolean
*/
public static function canUpload($file, &$err)
{
//$params = &JComponentHelper::getParams( 'com_media' );
$params = EasyBlogHelper::getConfig();
if (empty($file['name'])) {
$err = 'COM_EASYBLOG_WARNEMPTYFILE';
return false;
}
jimport('joomla.filesystem.file');
if ($file['name'] !== JFile::makesafe($file['name'])) {
$err = 'COM_EASYBLOG_WARNFILENAME';
return false;
}
$format = strtolower(JFile::getExt($file['name']));
if (!EasyImageHelper::isImage($file['name'])) {
$err = 'COM_EASYBLOG_WARNINVALIDIMG';
return false;
}
$maxWidth = 160;
$maxHeight = 160;
// maxsize should get from eblog config
//$maxSize = 2000000; //2MB
//$maxSize = 200000; //200KB
// 1 megabyte == 1048576 byte
$byte = 1048576;
$uploadMaxsize = (double) $params->get('main_upload_image_size', 0);
$maxSize = $uploadMaxsize * $byte;
if ($maxSize > 0 && (double) $file['size'] > $maxSize) {
$err = 'COM_EASYBLOG_WARNFILETOOLARGE';
return false;
}
$user = JFactory::getUser();
$imginfo = null;
if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) {
$err = 'COM_EASYBLOG_WARNINVALIDIMG';
return false;
}
return true;
}
/**
* Checks if the file can be uploaded
*
* @param array File information
* @param string An error message to be returned
* @return boolean
*/
public static function canUpload($file, &$err)
{
//$params = JComponentHelper::getParams( 'com_media' );
$config = DiscussHelper::getConfig();
$maxSize = $config->get('main_upload_maxsize');
// Convert MB to B
$maxSize = $maxSize * 1024 * 1024;
if (empty($file['name'])) {
$err = JText::_('COM_EASYDISCUSS_EMPTY_FILENAME');
return false;
}
jimport('joomla.filesystem.file');
if ($file['name'] !== JFile::makesafe($file['name'])) {
$err = JText::_('COM_EASYDISCUSS_INVALID_FILENAME');
return false;
}
$format = strtolower(JFile::getExt($file['name']));
if (!DiscussImageHelper::isImage($file['name'])) {
$err = JText::_('COM_EASYDISCUSS_INVALID_IMG');
return false;
}
$maxWidth = 160;
$maxHeight = 160;
// maxsize should get from eblog config
//$maxSize = 2000000; //2MB
//$maxSize = 200000; //200KB
//$maxSize = (int) $params->get( 'main_upload_maxsize', 0 );
if ($maxSize > 0 && (int) $file['size'] > $maxSize) {
$err = JText::_('COM_EASYDISCUSS_FILE_TOO_LARGE');
return false;
}
$user = JFactory::getUser();
$imginfo = null;
if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) {
$err = JText::_('COM_EASYDISCUSS_IMAGE_CORRUPT');
return false;
}
return true;
}
/**
* Checks uploaded file
*
* @param string $file The file name
* @param string $err Set (return) the error string in it
* @param string $file view 's parameters
* @return string The file extension
* @since 1.5
*/
static function check(&$file, &$err, &$params)
{
if (!$params) {
$params = JComponentHelper::getParams('com_flexicontent');
}
if (empty($file['name'])) {
$err = 'FLEXI_PLEASE_INPUT_A_FILE';
return false;
}
jimport('joomla.filesystem.file');
$file['altname'] = $file['name'];
if ($file['name'] !== JFile::makesafe($file['name'])) {
//$err = JText::_('FLEXI_WARNFILENAME').','.$file['name'].'|'.JFile::makesafe($file['name'])."<br/>";
//return false;
$file['name'] = date('Y-m-d-H-i-s') . "." . flexicontent_upload::getExt($file['name']);
}
// ***************************************
// Check if the image file type is allowed
// ***************************************
$format = strtolower(flexicontent_upload::getExt($file['name']));
$allowed_exts = $params->get('upload_extensions', 'bmp,csv,doc,docx,gif,ico,jpg,jpeg,odg,odp,ods,odt,pdf,png,ppt,pptx,swf,txt,xcf,xls,xlsx,zip,ics');
$allowed_exts = preg_split("/[\\s]*,[\\s]*/", $allowed_exts);
foreach ($allowed_exts as $a => $allowed_ext) {
$allowed_exts[$a] = strtolower($allowed_ext);
}
$ignored = explode(',', $params->get('ignore_extensions'));
foreach ($ignored as $a => $ignored_ext) {
$ignored[$a] = strtolower($ignored_ext);
}
if (!in_array($format, $allowed_exts) && !in_array($format, $ignored)) {
$err = 'FLEXI_WARNFILETYPE';
return false;
}
// **************
// Check filesize
// **************
$maxSize = (int) $params->get('upload_maxsize', 0);
if ($maxSize > 0 && (int) $file['size'] > $maxSize) {
$err = 'FLEXI_WARNFILETOOLARGE';
return false;
}
$imginfo = null;
$images = explode(',', $params->get('image_extensions'));
if ($params->get('restrict_uploads', 1)) {
if (in_array($format, $images)) {
// if its an image run it through getimagesize
if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) {
$err = 'FLEXI_WARNINVALIDIMG';
return false;
}
} else {
if (!in_array($format, $ignored)) {
// if its not an image...and we're not ignoring it
$allowed_mime = explode(',', $params->get('upload_mime'));
$illegal_mime = explode(',', $params->get('upload_mime_illegal'));
if (function_exists('finfo_open') && $params->get('check_mime', 1)) {
// We have fileinfo
$finfo = finfo_open(FILEINFO_MIME);
$type = finfo_file($finfo, $file['tmp_name']);
if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
$err = 'FLEXI_WARNINVALIDMIME';
return false;
}
finfo_close($finfo);
} else {
if (function_exists('mime_content_type') && $params->get('check_mime', 1)) {
// we have mime magic
$type = mime_content_type($file['tmp_name']);
if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
$err = 'FLEXI_WARNINVALIDMIME';
return false;
}
}
}
}
}
}
// ***************************
// Check fof XSS safe contents
// ***************************
$xss_check = JFile::read($file['tmp_name'], false, 256);
$html_tags = array('abbr', 'acronym', 'address', 'applet', 'area', 'audioscope', 'base', 'basefont', 'bdo', 'bgsound', 'big', 'blackface', 'blink', 'blockquote', 'body', 'bq', 'br', 'button', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'comment', 'custom', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'embed', 'fieldset', 'fn', 'font', 'form', 'frame', 'frameset', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'hr', 'html', 'iframe', 'ilayer', 'img', 'input', 'ins', 'isindex', 'keygen', 'kbd', 'label', 'layer', 'legend', 'li', 'limittext', 'link', 'listing', 'map', 'marquee', 'menu', 'meta', 'multicol', 'nobr', 'noembed', 'noframes', 'noscript', 'nosmartquotes', 'object', 'ol', 'optgroup', 'option', 'param', 'plaintext', 'pre', 'rt', 'ruby', 's', 'samp', 'script', 'select', 'server', 'shadow', 'sidebar', 'small', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'title', 'tr', 'tt', 'ul', 'var', 'wbr', 'xml', 'xmp', '!DOCTYPE', '!--');
foreach ($html_tags as $tag) {
// A tag is '<tagname ', so we need to add < and a space or '<tagname>'
if (stristr($xss_check, '<' . $tag . ' ') || stristr($xss_check, '<' . $tag . '>')) {
$err = 'FLEXI_WARNIEXSS';
return false;
}
}
return true;
}
case 2:
$err = 'FILE TO LARGE THAN HTML FORM ALLOWS';
break;
case 3:
$err = 'ERROR PARTIAL UPLOAD';
break;
case 4:
return;
break;
// NO FILE
// NO FILE
default:
$err = '';
break;
}
if (!$err) {
// validation passed, move the file
$fileTemp = $_FILES[$fieldName]['tmp_name'];
$newFileName = JFile::makesafe($_FILES[$fieldName]['name']);
$uploadPath = $folder . '/' . $newFileName;
if (!JFile::upload($fileTemp, $uploadPath)) {
$err = 'ERROR MOVING FILE';
}
}
if ($err) {
// Error found
$lang = JFactory::getLanguage();
$lang->load('com_media');
echo '<strong style="color:#ff0000">ERROR: ' . JText::_($err) . '</strong>';
}
}
function getVM2en()
{
$this->flushTable();
$tr_from = JRequest::getVar('tr_fromlang', 'en-GB');
$to = JRequest::getVar('tr_tolang', 'en-GB');
$tr_type = JRequest::getVar('tr_type', 'site');
$xt = JRequest::getVar('tr_ext', '');
//echo $xt;
//die('x:'.rand());
if (empty($xt)) {
JRequest::setVar('format', 'html');
return;
}
$xt = str_replace('.ini', '', $xt);
jimport('joomla.filesystem.folder');
jimport('joomla.filesystem.file');
$tr_type = JFile::makesafe($tr_type);
$xt = JFile::makesafe($xt);
$to = JFile::makesafe($to);
$tr_from = JFile::makesafe($tr_from);
$arr1 = $this->getIni($tr_from, $tr_type, $xt);
$arr2 = $this->getIni($to, $tr_type, $xt);
$arr2o = unserialize(serialize($arr2));
// get rid of the reference
$arr1o = unserialize(serialize($arr1));
if (!empty($arr2o)) {
foreach ($arr2o as $k => $a2) {
// if sk['text'] en['text'] = sk['text']
if (!empty($arr2[$k])) {
$arr1[$k] = $arr2[$k];
}
if (!empty($arr3[$k])) {
$arr2[$k] = $arr3[$k];
$arr1[$k] = $arr3[$k];
}
}
} else {
// translat to file does not exists
/*
foreach ($arr1o as $k=>$a2)
{
//var_dump($arr1o);
//var_dump($arr3); die();
if (!empty($arr3[$k]))
{
$arr2[$k] = $arr3[$k];
//$arr1[$k] = $arr3[$k];
}
}
*/
//die();
}
$user = JFactory::getUser();
$username = $user->username;
if (!$this->checkDB($xt, $tr_type, $tr_from)) {
$this->fillDB($xt, $tr_type, $tr_from, $arr1, $username);
$this->getTranlations($xt, $tr_type, $tr_from, $arr1);
} else {
$this->getTranlations($xt, $tr_type, $tr_from, $arr1);
}
$ret[$tr_type][$tr_from] = $arr1;
$arr2 = $this->getIni($to, $tr_type, $xt);
// if absolutely no language file exists for target language
if (empty($arr2)) {
$arr2 = $this->getIni($tr_from, $tr_type, $xt);
}
// we need to check if it contains at least the same fields as the original language
foreach ($arr1o as $kk => $vv) {
if (!is_array($vv)) {
if (!isset($arr2[$kk])) {
$arr2[$kk] = $vv;
}
}
}
// vm2.0.22+ new lang files:
if (stripos($xt, 'com_virtuemart') !== false) {
$arr3 = $this->getIni($to, $tr_type, 'com_virtuemart');
}
foreach ($arr1o as $k => $a2) {
//var_dump($arr1o);
//var_dump($arr3); die();
if (!empty($arr3[$k])) {
$arr2[$k] = $arr3[$k];
//$arr1[$k] = $arr3[$k];
}
}
unset($arr1);
if (!$this->checkDB($xt, $tr_type, $to)) {
$this->fillDB($xt, $tr_type, $to, $arr2, $username);
$this->getTranlations($xt, $tr_type, $to, $arr2, $arr1o);
unset($arr1o);
} else {
$this->getTranlations($xt, $tr_type, $to, $arr2, $arr1o);
unset($arr1o);
}
// ret['site']['to_language'] = ...
$ret[$tr_type][$to] = $arr2;
unset($arr2);
//var_dump($ret); die();
return $ret;
}
/**
* Checks if the file can be uploaded
*
* @param array File information
* @param string An error message to be returned
* @return boolean
*/
public static function canUpload($file, &$err)
{
$params = JComponentHelper::getParams('com_media');
if (empty($file['name'])) {
$err = 'COM_MEDIA_ERROR_UPLOAD_INPUT';
return false;
}
jimport('joomla.filesystem.file');
if ($file['name'] !== JFile::makesafe($file['name'])) {
$err = 'COM_MEDIA_ERROR_WARNFILENAME';
return false;
}
$format = strtolower(JFile::getExt($file['name']));
// Media file names should never have executable extensions buried in them.
$executable = array('php', 'js', 'exe', 'phtml', 'java', 'perl', 'py', 'asp', 'dll', 'go', 'ade', 'adp', 'bat', 'chm', 'cmd', 'com', 'cpl', 'hta', 'ins', 'isp', 'jse', 'lib', 'mde', 'msc', 'msp', 'mst', 'pif', 'scr', 'sct', 'shb', 'sys', 'vb', 'vbe', 'vbs', 'vxd', 'wsc', 'wsf', 'wsh');
$explodedFileName = explode('.', $file['name']);
if (count($explodedFileName > 2)) {
foreach ($executable as $extensionName) {
if (in_array($extensionName, $explodedFileName)) {
$app->enqueueMessage(JText::_('JLIB_MEDIA_ERROR_WARNFILETYPE'), 'notice');
return false;
}
}
}
$allowable = explode(',', $params->get('upload_extensions'));
$ignored = explode(',', $params->get('ignore_extensions'));
if ($format == '' || $format == false || !in_array($format, $allowable) && !in_array($format, $ignored)) {
$err = 'COM_MEDIA_ERROR_WARNFILETYPE';
return false;
}
$maxSize = (int) ($params->get('upload_maxsize', 0) * 1024 * 1024);
if ($maxSize > 0 && (int) $file['size'] > $maxSize) {
$err = 'COM_MEDIA_ERROR_WARNFILETOOLARGE';
return false;
}
$user = JFactory::getUser();
$imginfo = null;
if ($params->get('restrict_uploads', 1)) {
$images = explode(',', $params->get('image_extensions'));
if (in_array($format, $images)) {
// if its an image run it through getimagesize
// if tmp_name is empty, then the file was bigger than the PHP limit
if (!empty($file['tmp_name'])) {
if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) {
$err = 'COM_MEDIA_ERROR_WARNINVALID_IMG';
return false;
}
} else {
$err = 'COM_MEDIA_ERROR_WARNFILETOOLARGE';
return false;
}
} elseif (!in_array($format, $ignored)) {
// if its not an image...and we're not ignoring it
$allowed_mime = explode(',', $params->get('upload_mime'));
$illegal_mime = explode(',', $params->get('upload_mime_illegal'));
if (function_exists('finfo_open') && $params->get('check_mime', 1)) {
// We have fileinfo
$finfo = finfo_open(FILEINFO_MIME);
$type = finfo_file($finfo, $file['tmp_name']);
if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
$err = 'COM_MEDIA_ERROR_WARNINVALID_MIME';
return false;
}
finfo_close($finfo);
} elseif (function_exists('mime_content_type') && $params->get('check_mime', 1)) {
// we have mime magic
$type = mime_content_type($file['tmp_name']);
if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
$err = 'COM_MEDIA_ERROR_WARNINVALID_MIME';
return false;
}
} elseif (!$user->authorise('core.manage')) {
$err = 'COM_MEDIA_ERROR_WARNNOTADMIN';
return false;
}
}
}
$xss_check = JFile::read($file['tmp_name'], false, 256);
$html_tags = array('abbr', 'acronym', 'address', 'applet', 'area', 'audioscope', 'base', 'basefont', 'bdo', 'bgsound', 'big', 'blackface', 'blink', 'blockquote', 'body', 'bq', 'br', 'button', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'comment', 'custom', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'embed', 'fieldset', 'fn', 'font', 'form', 'frame', 'frameset', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'hr', 'html', 'iframe', 'ilayer', 'img', 'input', 'ins', 'isindex', 'keygen', 'kbd', 'label', 'layer', 'legend', 'li', 'limittext', 'link', 'listing', 'map', 'marquee', 'menu', 'meta', 'multicol', 'nobr', 'noembed', 'noframes', 'noscript', 'nosmartquotes', 'object', 'ol', 'optgroup', 'option', 'param', 'plaintext', 'pre', 'rt', 'ruby', 's', 'samp', 'script', 'select', 'server', 'shadow', 'sidebar', 'small', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'title', 'tr', 'tt', 'ul', 'var', 'wbr', 'xml', 'xmp', '!DOCTYPE', '!--');
foreach ($html_tags as $tag) {
// A tag is '<tagname ', so we need to add < and a space or '<tagname>'
if (stristr($xss_check, '<' . $tag . ' ') || stristr($xss_check, '<' . $tag . '>')) {
$err = 'COM_MEDIA_ERROR_WARNIEXSS';
return false;
}
}
return true;
}
/**
* function_description
*
* @return boolean
*/
function saveFile()
{
$mainframe = JFactory::getApplication();
jimport('joomla.filesystem.file');
jimport('joomla.filesystem.folder');
$db = JFactory::getDBO();
$user = JFactory::getUser();
$cache = JFactory::getCache('com_jtg');
// Get the post data
$catid = JFactory::getApplication()->input->get('catid', null, 'array');
$catid = $catid ? implode(',', $catid) : '';
$level = JFactory::getApplication()->input->get('level', 0, 'integer');
$title = JFactory::getApplication()->input->get('title', '', 'string');
$terrain = JFactory::getApplication()->input->get('terrain', null, 'array');
$terrain = $terrain ? implode(', ', $terrain) : '';
$desc = $db->escape(implode(' ', JFactory::getApplication()->input->get('description', '', 'array')));
$file = JFactory::getApplication()->input->files->get('file');
$uid = $user->get('id');
$date = date("Y-m-d");
$jInput = JFactory::getApplication()->input;
$jFileInput = new jInput($_FILES);
$images = $jFileInput->get('images', array(), 'array');
$access = JRequest::getInt('access', 0);
$hidden = JRequest::getInt('hidden', 0);
$published = JRequest::getInt('published', 0);
// Upload the file
$upload_dir = JPATH_SITE . '/images/jtrackgallery/uploaded_tracks/';
$filename = strtolower(JFile::makeSafe($file['name']));
$newfile = $upload_dir . strtolower($filename);
if (JFile::exists($newfile)) {
$alert_text = json_encode(JText::sprintf("COM_JTG_FILE_ALREADY_EXISTS", $filename));
die("<script type='text/javascript' charset='UTF-8'>alert({$alert_text});window.history.back(-1);</script>");
}
if (!JFile::upload($file['tmp_name'], $newfile)) {
$alert_text = json_encode(JText::_('COM_JTG_UPLOAD_FAILS'));
die("<script type='text/javascript'>alert({$alert_text});window.history.back(-1);</script>");
} else {
chmod($newfile, 0777);
}
// Get the start coordinates..
// Default unit
$gpsData = new GpsDataClass("Kilometer");
$gpsData = $cache->get(array($gpsData, 'loadFileAndData'), array($newfile, strtolower($filename)), "Kilometer");
$errors = $gpsData->displayErrors();
if ($errors) {
$map = "";
$coords = "";
$distance_float = 0;
$distance = 0;
// Try to delete the file
if (JFile::exists($upload_dir . strtolower($filename))) {
JFile::delete($upload_dir . strtolower($filename));
}
$alert_text = json_encode(JText::_('COM_JTG_NO_SUPPORT') . '\\n' . $errors);
echo "<script type='text/javascript'>alert({$alert_text});window.history.back(-1);</script>";
exit;
}
$start_n = $gpsData->start[1];
$start_e = $gpsData->start[0];
$coords = $gpsData->allCoords;
$isTrack = $gpsData->isTrack;
$isWaypoint = $gpsData->isWaypoint;
$isRoute = 0;
$isCache = 0;
$distance = $gpsData->distance;
$query = "INSERT INTO #__jtg_files SET" . "\n uid='" . $uid . "'," . "\n catid='" . $catid . "'," . "\n title='" . $title . "'," . "\n file='" . strtolower($filename) . "'," . "\n terrain='" . $terrain . "'," . "\n description='" . $desc . "'," . "\n published='" . $published . "'," . "\n date='" . $date . "'," . "\n start_n='" . $start_n . "'," . "\n start_e='" . $start_e . "'," . "\n distance='" . $distance . "'," . "\n ele_asc='" . round($gpsData->totalAscent, 0) . "'," . "\n ele_desc='" . round($gpsData->totalDescent, 0) . "'," . "\n level='" . $level . "'," . "\n access='" . $access . "'," . "\n hidden='" . $hidden . "'," . "\n istrack='" . $isTrack . "'," . "\n iswp='" . $isWaypoint . "'," . "\n isroute='" . $isRoute . "'," . "\n iscache='" . $isCache . "'";
$db->setQuery($query);
$db->execute();
if ($db->getErrorNum()) {
echo $db->stderr();
return false;
}
$query = "SELECT id FROM #__jtg_files WHERE file='" . strtolower($filename) . "'";
$db->setQuery($query);
$rows = $db->loadObject();
// Images upload part
$cfg = JtgHelper::getConfig();
$types = explode(',', $cfg->type);
if (count($images) > 0) {
$img_dir = JPATH_SITE . '/images/jtrackgallery/uploaded_tracks_images/track_' . $rows->id . '/';
JFolder::create($img_dir, 0777);
foreach ($images['name'] as $key => $value) {
if ($value != "") {
$imgfilename = JFile::makesafe($value);
$ext = JFile::getExt($images['name'][$key]);
if (in_array(strtolower($ext), $types)) {
JtgHelper::createimageandthumbs($images['tmp_name'][$key], $ext, $img_dir, $imgfilename);
}
}
}
}
return true;
}
function getPhpExportThemes()
{
$path = JPATH_SITE . DS . 'components' . DS . 'com_onepage' . DS . 'xmlexport' . DS . 'php';
if (!file_exists($path)) {
return array();
}
jimport('joomla.filesystem.folder');
jimport('joomla.filesystem.file');
$files = JFolder::files($path, $filter = '.php', false, true);
$arr = array();
foreach ($files as $f) {
$pi = pathinfo($f);
$file = $pi['filename'];
$jf = JFile::makesafe($file);
// security here:
if ($jf != $file) {
continue;
}
$path = JPATH_SITE . DS . 'components' . DS . 'com_onepage' . DS . 'xmlexport' . DS . 'php' . DS . $file . '.xml';
if (!file_exists($path)) {
continue;
}
$arr[] = $file;
}
return $arr;
}
/**
* can Upload
*
* @param array $file
* @param string $errorUploadMsg
* @param int $frontEnd - if it is called from frontend or backend (1 - category view, 2 user control panel)
* @param boolean $chunkMethod - if chunk method is used (multiple upload) then there are special rules
* @param string $realSize - if chunk method is used we get info about real size of file (not only the part)
* @return boolean True on success
* @since 1.5
*/
public static function canUpload($file, &$errUploadMsg, $frontEnd = 0, $chunkEnabled = 0, $realSize = 0)
{
$params = JComponentHelper::getParams('com_phocagallery');
$paramsL = array();
$paramsL['upload_extensions'] = 'gif,jpg,png,jpeg';
$paramsL['image_extensions'] = 'gif,jpg,png,jpeg';
$paramsL['upload_mime'] = 'image/jpeg,image/gif,image/png';
$paramsL['upload_mime_illegal'] = 'application/x-shockwave-flash,application/msword,application/excel,application/pdf,application/powerpoint,text/plain,application/x-zip,text/html';
// The file doesn't exist
if (empty($file['name'])) {
$errUploadMsg = 'COM_PHOCAGALLERY_ERROR_UNABLE_TO_UPLOAD_FILE';
return false;
}
// Not safe file
jimport('joomla.filesystem.file');
if ($file['name'] !== JFile::makesafe($file['name'])) {
$errUploadMsg = 'COM_PHOCAGALLERY_WARNING_FILENAME';
return false;
}
$format = strtolower(JFile::getExt($file['name']));
// Allowable extension
$allowable = explode(',', $paramsL['upload_extensions']);
if ($format == '' || $format == false || !in_array($format, $allowable)) {
//if (!in_array($format, $allowable)) {
$errUploadMsg = 'COM_PHOCAGALLERY_WARNING_FILETYPE';
return false;
}
// 'COM_PHOCAGALLERY_MAX_RESOLUTION'
$imgSize = PhocaGalleryImage::getImageSize($file['tmp_name']);
$maxResWidth = $params->get('upload_maxres_width', 3072);
$maxResHeight = $params->get('upload_maxres_height', 2304);
if ((int) $maxResWidth > 0 && (int) $maxResHeight > 0 && ((int) $imgSize[0] > (int) $maxResWidth || (int) $imgSize[1] > (int) $maxResHeight)) {
$errUploadMsg = 'COM_PHOCAGALLERY_WARNING_FILE_TOOLARGE_RESOLUTION';
return false;
}
// User (only in ucp) - Check the size of all images by users
if ($frontEnd == 2) {
$user = JFactory::getUser();
$maxUserImageSize = (int) $params->get('user_images_max_size', 20971520);
if ($chunkEnabled == 1) {
$fileSize = $realSize;
} else {
$fileSize = $file['size'];
}
$allFileSize = PhocaGalleryFileUploadFront::getSizeAllOriginalImages($fileSize, $user->id);
if ((int) $maxUserImageSize > 0 && (int) $allFileSize > $maxUserImageSize) {
$errUploadMsg = JText::_('COM_PHOCAGALLERY_WARNING_USERIMAGES_TOOLARGE');
return false;
}
}
// Max size of image
// If chunk method is used, we need to get computed size
$maxSize = $params->get('upload_maxsize', 3145728);
if ($chunkEnabled == 1) {
if ((int) $maxSize > 0 && (int) $realSize > (int) $maxSize) {
$errUploadMsg = 'COM_PHOCAGALLERY_WARNING_FILE_TOOLARGE';
return false;
}
} else {
if ((int) $maxSize > 0 && (int) $file['size'] > (int) $maxSize) {
$errUploadMsg = 'COM_PHOCAGALLERY_WARNING_FILE_TOOLARGE';
return false;
}
}
$user = JFactory::getUser();
$imginfo = null;
// Image check
$images = explode(',', $paramsL['image_extensions']);
if (in_array($format, $images)) {
// if its an image run it through getimagesize
if ($chunkEnabled != 1) {
if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) {
$errUploadMsg = 'COM_PHOCAGALLERY_WARNING_INVALIDIMG';
return false;
}
}
} else {
if (!in_array($format, $images)) {
// if its not an image...and we're not ignoring it
$allowed_mime = explode(',', $paramsL['upload_mime']);
$illegal_mime = explode(',', $paramsL['upload_mime_illegal']);
if (function_exists('finfo_open')) {
// We have fileinfo
$finfo = finfo_open(FILEINFO_MIME);
$type = finfo_file($finfo, $file['tmp_name']);
if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
$errUploadMsg = 'COM_PHOCAGALLERY_WARNING_INVALIDMIME';
return false;
}
finfo_close($finfo);
} else {
if (function_exists('mime_content_type')) {
// we have mime magic
$type = mime_content_type($file['tmp_name']);
if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
$errUploadMsg = 'COM_PHOCAGALLERY_WARNING_INVALIDMIME';
return false;
}
}
}
/* else if(!$user->authorize( 'login', 'administrator' )) {
$errUploadMsg = = 'WARNNOTADMIN';
return false;
}*/
}
}
// XSS Check
$xss_check = JFile::read($file['tmp_name'], false, 256);
$html_tags = array('abbr', 'acronym', 'address', 'applet', 'area', 'audioscope', 'base', 'basefont', 'bdo', 'bgsound', 'big', 'blackface', 'blink', 'blockquote', 'body', 'bq', 'br', 'button', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'comment', 'custom', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'embed', 'fieldset', 'fn', 'font', 'form', 'frame', 'frameset', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'hr', 'html', 'iframe', 'ilayer', 'img', 'input', 'ins', 'isindex', 'keygen', 'kbd', 'label', 'layer', 'legend', 'li', 'limittext', 'link', 'listing', 'map', 'marquee', 'menu', 'meta', 'multicol', 'nobr', 'noembed', 'noframes', 'noscript', 'nosmartquotes', 'object', 'ol', 'optgroup', 'option', 'param', 'plaintext', 'pre', 'rt', 'ruby', 's', 'samp', 'script', 'select', 'server', 'shadow', 'sidebar', 'small', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'title', 'tr', 'tt', 'ul', 'var', 'wbr', 'xml', 'xmp', '!DOCTYPE', '!--');
foreach ($html_tags as $tag) {
// A tag is '<tagname ', so we need to add < and a space or '<tagname>'
if (stristr($xss_check, '<' . $tag . ' ') || stristr($xss_check, '<' . $tag . '>')) {
$errUploadMsg = 'COM_PHOCAGALLERY_WARNING_IEXSS';
return false;
}
}
return true;
}
public static function canUpload( $file, &$err, $manager = '', $frontEnd = 0, $chunkEnabled = 0, $realSize = 0) {
$paramsC = JComponentHelper::getParams( 'com_phocadownload' );
if ($frontEnd == 1) {
$aft = $paramsC->get( 'allowed_file_types_upload', PhocaDownloadSettings::getDefaultAllowedMimeTypesUpload() );
$dft = $paramsC->get( 'disallowed_file_types_upload', '' );
$allowedMimeType = PhocaDownloadFile::getMimeTypeString($aft);
$disallowedMimeType = PhocaDownloadFile::getMimeTypeString($dft);
$ignoreUploadCh = 0;
$ignoreUploadCheck = $params->get( 'ignore_file_types_check', 2 );
if ($ignoreUploadCheck == 1 || $ignoreUploadCheck == 4 ) {
$ignoreUploadCh = 1;
}
} else {
$aft = $paramsC->get( 'allowed_file_types_download', PhocaDownloadSettings::getDefaultAllowedMimeTypesDownload() );
$dft = $paramsC->get( 'disallowed_file_types_download', '' );
$allowedMimeType = PhocaDownloadFile::getMimeTypeString($aft);
$disallowedMimeType = PhocaDownloadFile::getMimeTypeString($dft);
$ignoreUploadCh = 0;
$ignoreUploadCheck = $paramsC->get( 'ignore_file_types_check', 2 );
if ($ignoreUploadCheck == 5 || $ignoreUploadCheck == 5 ) {
$ignoreUploadCh = 1;
}
}
$paramsL = array();
$group = PhocaDownloadSettings::getManagerGroup($manager);
if ($group['f'] == 2) {
$paramsL['upload_extensions'] = 'gif,jpg,png,jpeg';
$paramsL['image_extensions'] = 'gif,jpg,png,jpeg';
$paramsL['upload_mime'] = 'image/jpeg,image/gif,image/png';
$paramsL['upload_mime_illegal'] ='application/x-shockwave-flash,application/msword,application/excel,application/pdf,application/powerpoint,text/plain,application/x-zip,text/html';
$paramsL['upload_ext_illegal'] = $disallowedMimeType['ext'];
} else {
$paramsL['upload_extensions'] = $allowedMimeType['ext'];
$paramsL['image_extensions'] = 'bmp,gif,jpg,png,jpeg';
$paramsL['upload_mime'] = $allowedMimeType['mime'];
$paramsL['upload_mime_illegal'] = $disallowedMimeType['mime'];
$paramsL['upload_ext_illegal'] = $disallowedMimeType['ext'];
}
// The file doesn't exist
if(empty($file['name'])) {
$err = 'COM_PHOCADOWNLOAD_WARNING_INPUT_FILE_UPLOAD';
return false;
}
// Not safe file
jimport('joomla.filesystem.file');
if ($file['name'] !== JFile::makesafe($file['name'])) {
$err = 'COM_PHOCADOWNLOAD_WARNFILENAME';
return false;
}
$format = strtolower(JFile::getExt($file['name']));
if ($ignoreUploadCh == 1) {
} else {
$allowable = explode( ',', $paramsL['upload_extensions']);
$notAllowable = explode( ',', $paramsL['upload_ext_illegal']);
if(in_array($format, $notAllowable)) {
$err = 'COM_PHOCADOWNLOAD_WARNFILETYPE_DISALLOWED';
return false;
}
//if (!in_array($format, $allowable)) {
if ($format == '' || $format == false || (!in_array($format, $allowable))) {
$err = 'COM_PHOCADOWNLOAD_WARNFILETYPE_NOT_ALLOWED';
return false;
}
}
// Max size of image
// If chunk method is used, we need to get computed size
$maxSize = $paramsC->get( 'upload_maxsize', 3145728 );
if ((int)$frontEnd > 0) {
$maxSize = $paramsC->get( 'user_file_upload_size', 3145728 );
} else {
$maxSize = $paramsC->get( 'upload_maxsize', 3145728 );
}
if ($chunkEnabled == 1) {
if ((int)$maxSize > 0 && (int)$realSize > (int)$maxSize) {
$err = 'COM_PHOCADOWNLOAD_WARNFILETOOLARGE';
return false;
}
} else {
if ((int)$maxSize > 0 && (int)$file['size'] > (int)$maxSize) {
$err = 'COM_PHOCADOWNLOAD_WARNFILETOOLARGE';
return false;
}
}
// User (only in ucp) - Check the size of all files by users
if ($frontEnd == 2) {
$user = JFactory::getUser();
$maxUserUploadSize = (int)$paramsC->get( 'user_files_max_size', 20971520 );
$maxUserUploadCount = (int)$paramsC->get( 'user_files_max_count', 5 );
$allFile = PhocaDownloadUser:: getUserFileInfo($file, $user->id);
if ($chunkEnabled == 1) {
$fileSize = $realSize;
} else {
$fileSize = $file['size'];
}
if ((int)$maxUserUploadSize > 0 && (int) $allFile['size'] > $maxUserUploadSize) {
$err = JText::_('COM_PHOCADOWNLOAD_WARNUSERFILESTOOLARGE');
return false;
}
if ((int) $allFile['count'] > $maxUserUploadCount) {
$err = JText::_('COM_PHOCADOWNLOAD_WARNUSERFILESTOOMUCH');
return false;
}
}
// Image check
$imginfo = null;
$images = explode( ',', $paramsL['image_extensions']);
if(in_array($format, $images)) { // if its an image run it through getimagesize
$group = PhocaDownloadSettings::getManagerGroup($manager);
if($group['i'] == 1) {
if ($chunkEnabled != 1) {
if(($imginfo = getimagesize($file['tmp_name'])) === FALSE) {
$err = 'COM_PHOCADOWNLOAD_WARNINVALIDIMG';
$err = $imginfo[0];
return false;
}
}
}
} else if(!in_array($format, $images)) { // if its not an image...and we're not ignoring it
$allowed_mime = explode(',', $paramsL['upload_mime']);
$illegal_mime = explode(',', $paramsL['upload_mime_illegal']);
if(function_exists('finfo_open')) {// We have fileinfo
$finfo = finfo_open(FILEINFO_MIME);
$type = finfo_file($finfo, $file['tmp_name']);
if(strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
$err = 'COM_PHOCADOWNLOAD_WARNINVALIDMIME';
return false;
}
finfo_close($finfo);
} else if(function_exists('mime_content_type')) { // we have mime magic
$type = mime_content_type($file['tmp_name']);
if(strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
$err = 'COM_PHOCADOWNLOAD_WARNINVALIDMIME';
return false;
}
}
}
// XSS Check
$xss_check = JFile::read($file['tmp_name'],false,256);
$html_tags = PhocaDownloadSettings::getHTMLTagsUpload();
foreach($html_tags as $tag) { // A tag is '<tagname ', so we need to add < and a space or '<tagname>'
if(stristr($xss_check, '<'.$tag.' ') || stristr($xss_check, '<'.$tag.'>')) {
$err = 'COM_PHOCADOWNLOAD_WARNIEXSS';
return false;
}
}
return true;
}
function prepareDirectory($tid)
{
jimport('joomla.filesystem.file');
$tname = $tid;
$tname = JFile::makesafe($tname);
$ex = JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_onepage' . DS . 'export' . DS;
$exf = $ex . $tname;
if (file_exists($exf)) {
return $exf;
} else {
JFolder::create($exf);
JFile::copy($ex . '.htaccess', $exf . DS . '.htaccess');
return $exf;
}
}
function template_update_upload()
{
return false;
jimport('joomla.filesystem.file');
$file = "";
$msg = '';
foreach ($_FILES as $k => $v) {
// $msg .= 'key: '.$k.'<br />';
// $msg .= 'val: '.$v.'<br />';
if (strpos($k, 'uploadedupdatefile_') !== false && !empty($_FILES[$k]['name'])) {
$file = $k;
}
}
$arr = explode('_', $file);
if (count($arr) > 1) {
$tid = $arr[1];
if (!is_numeric($tid)) {
return "Error!";
}
// get previous file
$ehelper = new OnepageTemplateHelper();
$tt = $ehelper->getTemplate($tid);
$target_path = JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_onepage' . DS . 'export' . DS;
if (file_exists($target_path . $tt['file'])) {
if (!JFile::delete($target_path . $tt['file'])) {
$msg .= 'Could not remove old template file: ' . $tt['file'];
}
}
$newname = JFile::makesafe(basename($_FILES['uploadedupdatefile_' . $tid]['name']));
$msg .= $ehelper->updateFileName($tid, $newname);
//$userfile = JRequest::getVar('uploadedupdatefile_'.$tid, null, 'files');
//var_dump($userfile); die();
$target_path = $target_path . $newname;
if (JFile::upload($_FILES[$file]['tmp_name'], $target_path)) {
$msg .= "The template file " . $newname . " has been uploaded";
} else {
$msg .= "There was an error uploading the file, please try again! file: " . $newname;
}
} else {
$msg .= "There was an error uploading the file, please try again! ";
}
return $msg;
}
/**
* Checks if the file can be uploaded
*
* @param array File information
* @param string An error message to be returned
*
* @return boolean
* @since Joomla 1.6
*/
public function canUpload($file, &$err, $maxfilesize, $allowedextensions)
{
if (empty($file['name'])) {
$err = 'COM_VISFORMS_ERROR_UPLOAD_INPUT';
return false;
}
jimport('joomla.filesystem.file');
if ($file['name'] !== JFile::makesafe($file['name'])) {
$err = 'COM_VISFORMS_ERROR_WARNFILENAME';
return false;
}
$format = strtolower(JFile::getExt($file['name']));
$allowable = explode(',', $allowedextensions);
if ($format == '' || $format == false || !in_array($format, $allowable)) {
$err = 'COM_VISFORMS_ERROR_WARNFILETYPE';
return false;
}
$maxSize = (int) ($maxfilesize * 1024);
if ($maxSize > 0 && (int) $file['size'] > $maxSize) {
$err = 'COM_VISFORMS_ERROR_WARNFILETOOLARGE';
return false;
}
$imginfo = null;
$images = explode(',', "bmp,gif,jpg,jpeg,png");
if (in_array($format, $images)) {
// if its an image run it through getimagesize
// if tmp_name is empty, then the file was bigger than the PHP limit
if (!empty($file['tmp_name'])) {
if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) {
$err = 'COM_VISFORMS_ERROR_WARNINVALID_IMG';
return false;
}
} else {
$err = 'COM_VISFORMS_ERROR_WARNFILETOOLARGE';
return false;
}
}
$xss_check = JFile::read($file['tmp_name'], false, 256);
$html_tags = array('abbr', 'acronym', 'address', 'applet', 'area', 'audioscope', 'base', 'basefont', 'bdo', 'bgsound', 'big', 'blackface', 'blink', 'blockquote', 'body', 'bq', 'br', 'button', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'comment', 'custom', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'embed', 'fieldset', 'fn', 'font', 'form', 'frame', 'frameset', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'hr', 'html', 'iframe', 'ilayer', 'img', 'input', 'ins', 'isindex', 'keygen', 'kbd', 'label', 'layer', 'legend', 'li', 'limittext', 'link', 'listing', 'map', 'marquee', 'menu', 'meta', 'multicol', 'nobr', 'noembed', 'noframes', 'noscript', 'nosmartquotes', 'object', 'ol', 'optgroup', 'option', 'param', 'plaintext', 'pre', 'rt', 'ruby', 's', 'samp', 'script', 'select', 'server', 'shadow', 'sidebar', 'small', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'title', 'tr', 'tt', 'ul', 'var', 'wbr', 'xml', 'xmp', '!DOCTYPE', '!--');
foreach ($html_tags as $tag) {
// A tag is '<tagname ', so we need to add < and a space or '<tagname>'
if (stristr($xss_check, '<' . $tag . ' ') || stristr($xss_check, '<' . $tag . '>')) {
$err = 'COM_VISFORMS_ERROR_WARNIEXSS';
return false;
}
}
return true;
}
/**
* @brief Valida que el archivo dado sea un archivo valido, comprobandolo
* con las opciones configuradas para subir archivos a la \a media.
*
* El codigo es tomado del Joomla y ajustado a las necesidades y requerimientos
* actuales.
* @param string $file Ruta del archivo a analizar.
* @param bool $only_image Indica si se debe realizar una validaciĆ³n general o solo para imagenes.
* @return array
*/
function isValidFile($file, $only_image = false)
{
jimport('joomla.filesystem.file');
$media =& JComponentHelper::getParams('com_media');
$filename = JFile::getName($file);
if ($filename !== JFile::makesafe($filename)) {
return array('error' => JText::_('NAMENOSURE'));
}
$format = strtolower(JFile::getExt($file));
$allowable = explode(',', $media->get('upload_extensions'));
$ignored = explode(',', $media->get('ignore_extensions'));
if (!in_array($format, $allowable) && !in_array($format, $ignored)) {
return array('error' => JText::_('FILETYPEISNOVALID'));
}
if ($media->get('restrict_uploads', 1) || $only_image) {
$images = explode(',', $media->get('image_extensions'));
if (in_array($format, $images) || $only_image) {
if (($imginfo = getimagesize($file)) === false) {
return array('error' => JText::_('FILEISNOTIMAGE'));
}
} else {
if (!in_array($format, $ignored)) {
$allowed_mime = explode(',', $media->get('upload_mime'));
$illegal_mime = explode(',', $media->get('upload_mime_illegal'));
if (function_exists('finfo_open') && $media->get('check_mime', 1)) {
$finfo = finfo_open(FILEINFO_MIME);
$type = finfo_file($finfo, $file);
if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
return array('error' => JText::_('WARNINVALIDMIME'));
}
finfo_close($finfo);
} else {
if (function_exists('mime_content_type') && $media->get('check_mime', 1)) {
$type = mime_content_type($file);
if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
return array('error' => JText::_('WARNINVALIDMIME'));
}
}
}
}
}
}
return array('success' => true);
}
private function putfile()
{
require_once JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_onepage' . DS . 'assets' . DS . 'export_helper.php';
$ehelper = new OnepageTemplateHelper();
// no direct access
// POST: tid, localid, file, hash,
$tid = JRequest::getVar('tid');
$localid = JRequest::getVar('localid');
//$ehelper->setStatus($tid, $localid, 'RECEIVING');
$hash = JRequest::getVar('hash');
$hash2 = $ehelper->getFileHash($tid);
$eitem = $ehelper->getExportItem($tid, $localid);
$tt = $ehelper->getTemplate($tid);
jimport('joomla.filesystem.file');
$tname = $tid;
$tname = JFile::makesafe($tname);
$ex = JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_onepage' . DS . 'export' . DS;
$exf = $ex . $tname;
if (empty($_FILES)) {
JFactory::getApplication()->close();
}
if (strtolower($hash) == $hash2 && is_numeric($tid)) {
$ehelper->prepareDirectory($tid);
// here we should have autoincrement value instead of order id=local id
$fileName = $_FILES['file_contents']['name'];
$fileTemp = $_FILES['file_contents']['tmp_name'];
$num = $eitem['ai'];
if (!isset($num)) {
$num = $localid;
} else {
$num = $num;
}
if (is_numeric($num)) {
$num = $ehelper->addZeros($num, 4);
}
$tn = JFile::makesafe($tt['tid_name']);
$path = $exf . DS . $num . '_' . $tn . '.pdf';
$path = $ehelper->getFileName2Save($tid, $localid);
if (file_exists($path)) {
$xt = rand();
JFile::move($path, $path . '_history_' . $xt . '.bck');
//JFile::delete($path);
}
if (!JFile::upload($fileTemp, $path)) {
$ehelper->setStatus($tid, $localid, 'ERROR');
echo 'Error saving file!';
//JFile::write($exf.DS.'log'.DS.'log.txt', var_export($fileTemp, true));
} else {
//echo 'Saving data: '.$tid.' '.$localid.' '.$path;
// here we can send it to a customer
$tt = $ehelper->getTemplate($tid);
if ($ehelper->getStatus($tid, $localid) == 'AUTOPROCESSING') {
if (!empty($tt['tid_autocreate']) && !empty($tt['tid_email'])) {
$ehelper->setStatus($tid, $localid, 'CREATED', urlencode($path));
ob_start();
$ehelper->sendMail($tid, $localid, false);
$x = ob_get_clean();
//JFile::write($exf.DS.'log'.DS.'log.txt', 'sending mail'.$x);
//$ehelper->syntaxError();
}
}
$ehelper->setStatus($tid, $localid, 'CREATED', urlencode($path));
echo 'File Saved OK!';
}
//file_put_contents($exf.DS.$localid.'_'.$tname.'.pdf', $file);
/*
else
{
echo 'ERROR: Nothing to save!';
}
*/
JFactory::getApplication()->close();
} else {
JFile::write($exf . DS . 'log' . DS . 'log.txt', 'secret not equal');
$ehelper->setStatus($tid, $localid, 'ERROR');
echo 'Secret not equal !';
JFactory::getApplication()->close();
}
}
function newMediaObject($blogid, $username, $password, $file)
{
jimport('joomla.utilities.error');
jimport('joomla.filesystem.file');
jimport('joomla.filesystem.folder');
global $xmlrpcerruser, $xmlrpcI4, $xmlrpcInt, $xmlrpcBoolean, $xmlrpcDouble, $xmlrpcString, $xmlrpcDateTime, $xmlrpcBase64, $xmlrpcArray, $xmlrpcStruct, $xmlrpcValue;
EasyBlogXMLRPCHelper::loginUser($username, $password);
$user = JUser::getInstance($username);
$acl = EasyBlogACLHelper::getRuleSet($user->id);
if (empty($acl->rules->upload_image)) {
return new xmlrpcresp(0, $xmlrpcerruser + 2, JText::_('YOU DO NOT HAVE IMAGE UPLOAD RIGHT'));
}
$config = EasyBlogHelper::getConfig();
$main_image_path = $config->get('main_image_path');
$main_image_path = rtrim($main_image_path, '/');
$rel_upload_path = $main_image_path . '/' . $user->id;
$userUploadPath = JPATH_ROOT . DIRECTORY_SEPARATOR . str_ireplace('/', DIRECTORY_SEPARATOR, $main_image_path . DIRECTORY_SEPARATOR . $user->id);
$folder = JPath::clean($userUploadPath);
$dir = $userUploadPath . DIRECTORY_SEPARATOR;
$tmp_dir = JPATH_ROOT . DIRECTORY_SEPARATOR . 'tmp' . DIRECTORY_SEPARATOR;
if (!JFolder::exists($dir)) {
JFolder::create($dir);
}
if (strpos($file['name'], '/') !== FALSE) {
$file['name'] = substr($file['name'], strrpos($file['name'], '/') + 1);
} elseif (strpos($file['name'], '\\' !== FALSE)) {
$file['name'] = substr($file['name'], strrpos($file['name'], '\\') + 1);
}
// Set FTP credentials, if given
jimport('joomla.client.helper');
JClientHelper::setCredentialsFromRequest('ftp');
$ftp = JClientHelper::getCredentials('ftp');
$file['name'] = JFile::makesafe($file['name']);
//$file['name'] = substr($file['name'], 0, -4) . rand() . '.' . JFile::getExt($file['name']);
$file['name'] = substr($file['name'], 0, -4) . '.' . JFile::getExt($file['name']);
// write to temp folder
$file['tmp_name'] = $tmp_dir . $file['name'];
@JFile::write($file['tmp_name'], $file['bits']);
$file['size'] = 0;
$error = '';
$allowed = EasyImageHelper::canUploadFile($file);
if ($allowed !== true) {
@JFile::delete($file['tmp_name']);
return new xmlrpcresp(0, $xmlrpcerruser + 1, 'The file is not valid');
}
// @JFile::write( $dir . $file['name'], $file['bits']);
// @task: Ensure that images goes through the same resizing format when uploading via media manager.
require_once EBLOG_CLASSES . DIRECTORY_SEPARATOR . 'mediamanager.php';
$media = new EasyBlogMediaManager();
$result = $media->upload($dir, $userUploadPath, $file, '/', 'user');
@JFile::delete($file['tmp_name']);
$file['name'] = EasyBlogXMLRPCHelper::cleanImageName($file['name']);
$fileUrl = rtrim(JURI::root(), '/') . '/' . $rel_upload_path . '/' . $file['name'];
return new xmlrpcresp(new xmlrpcval(array('url' => new xmlrpcval($fileUrl)), 'struct'));
}
function newMediaObject($blogid, $username, $password, $file)
{
global $xmlrpcStruct, $xmlrpcArray;
if (!plgXMLRPCmetaWeblogHelper::authenticateUser($username, $password)) {
return new xmlrpcresp(0, $xmlrpcerruser + 1, "Login Failed");
}
$user =& JUser::getInstance($username);
$access = new stdClass();
$access->canEditOwn = $user->authorize('com_content', 'edit', 'content', 'own');
if (strpos($file['name'], '/') !== FALSE) {
$file['name'] = substr($file['name'], strrpos($file['name'], '/') + 1);
} elseif (strpos($file['name'], '\\' !== FALSE)) {
$file['name'] = substr($file['name'], strrpos($file['name'], '\\') + 1);
}
$dir = JPATH_ROOT . DS . 'media' . DS . $user->name . DS;
$tmp_dir = JPATH_ROOT . DS . 'tmp' . DS;
if (!is_dir($dir)) {
mkdir($dir);
}
// Set FTP credentials, if given
jimport('joomla.client.helper');
JClientHelper::setCredentialsFromRequest('ftp');
$ftp = JClientHelper::getCredentials('ftp');
$dirPrevPermission = JPath::getPermissions($dir);
$tmp_dirPrevPermission = JPath::getPermissions($tmp_dir);
jimport('joomla.filesystem.file');
$return = JFile::write($file, $filecontent);
$file['name'] = JFile::makesafe($file['name']);
$file['name'] = substr($file['name'], 0, -4) . rand() . '.' . JFile::getExt($file['name']);
$file['tmp_name'] = $tmp_dir . $file['name'];
JFile::write($file['tmp_name'], $file['bits']);
jimport('joomla.application.component.helper');
require_once JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_media' . DS . 'helpers' . DS . 'media.php';
if (!MediaHelper::canUpload($file, $error)) {
JFile::delete($file['tmp_name']);
return new xmlrpcresp(0, $xmlrpcerruser + 1, 'The file is not valid');
}
JFile::write($dir . $file['name'], $file['bits']);
JFile::delete($file['tmp_name']);
return new xmlrpcresp(new xmlrpcval(array('url' => new xmlrpcval(JURI::root() . 'media/' . $user->name . '/' . $file['name'])), 'struct'));
}
/**
* Checks if the file can be uploaded
*
* @param array File information
* @param string An error message to be returned
* @return boolean
*/
function canUpload($file, &$err)
{
$params =& JComponentHelper::getParams('com_media');
if (empty($file['name'])) {
$err = 'Please input a file for upload';
return false;
}
jimport('joomla.filesystem.file');
if ($file['name'] !== JFile::makesafe($file['name'])) {
$err = 'WARNFILENAME';
return false;
}
$format = strtolower(JFile::getExt($file['name']));
$allowable = explode(',', $params->get('upload_extensions'));
$ignored = explode(',', $params->get('ignore_extensions'));
if (!in_array($format, $allowable) && !in_array($format, $ignored)) {
$err = 'WARNFILETYPE';
return false;
}
$maxSize = (int) $params->get('upload_maxsize', 0);
if ($maxSize > 0 && (int) $file['size'] > $maxSize) {
$err = 'WARNFILETOOLARGE';
return false;
}
$user = JFactory::getUser();
$imginfo = null;
if ($params->get('restrict_uploads', 1)) {
$images = explode(',', $params->get('image_extensions'));
if (in_array($format, $images)) {
// if its an image run it through getimagesize
if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) {
$err = 'WARNINVALIDIMG';
return false;
}
} else {
if (!in_array($format, $ignored)) {
// if its not an image...and we're not ignoring it
$allowed_mime = explode(',', $params->get('upload_mime'));
$illegal_mime = explode(',', $params->get('upload_mime_illegal'));
if (function_exists('finfo_open') && $params->get('check_mime', 1)) {
// We have fileinfo
$finfo = finfo_open(FILEINFO_MIME);
$type = finfo_file($finfo, $file['tmp_name']);
if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
$err = 'WARNINVALIDMIME';
return false;
}
finfo_close($finfo);
} else {
if (function_exists('mime_content_type') && $params->get('check_mime', 1)) {
// we have mime magic
$type = mime_content_type($file['tmp_name']);
if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
$err = 'WARNINVALIDMIME';
return false;
}
} else {
if (!$user->authorize('login', 'administrator')) {
$err = 'WARNNOTADMIN';
return false;
}
}
}
}
}
}
$xss_check = JFile::read($file['tmp_name'], false, 256);
$html_tags = array('abbr', 'acronym', 'address', 'applet', 'area', 'audioscope', 'base', 'basefont', 'bdo', 'bgsound', 'big', 'blackface', 'blink', 'blockquote', 'body', 'bq', 'br', 'button', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'comment', 'custom', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'embed', 'fieldset', 'fn', 'font', 'form', 'frame', 'frameset', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'hr', 'html', 'iframe', 'ilayer', 'img', 'input', 'ins', 'isindex', 'keygen', 'kbd', 'label', 'layer', 'legend', 'li', 'limittext', 'link', 'listing', 'map', 'marquee', 'menu', 'meta', 'multicol', 'nobr', 'noembed', 'noframes', 'noscript', 'nosmartquotes', 'object', 'ol', 'optgroup', 'option', 'param', 'plaintext', 'pre', 'rt', 'ruby', 's', 'samp', 'script', 'select', 'server', 'shadow', 'sidebar', 'small', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'title', 'tr', 'tt', 'ul', 'var', 'wbr', 'xml', 'xmp', '!DOCTYPE', '!--');
foreach ($html_tags as $tag) {
// A tag is '<tagname ', so we need to add < and a space or '<tagname>'
if (stristr($xss_check, '<' . $tag . ' ') || stristr($xss_check, '<' . $tag . '>')) {
$err = 'WARNIEXSS';
return false;
}
}
return true;
}
function _migrateBloggerImage($image, $userid, $content)
{
jimport('joomla.utilities.error');
jimport('joomla.filesystem.file');
jimport('joomla.filesystem.folder');
$config = EasyBlogHelper::getConfig();
$main_image_path = $config->get('main_image_path');
$main_image_path = rtrim($main_image_path, '/');
$rel_upload_path = $main_image_path . '/' . $userid;
$userUploadPath = JPATH_ROOT . DIRECTORY_SEPARATOR . str_ireplace('/', DIRECTORY_SEPARATOR, $main_image_path . DIRECTORY_SEPARATOR . $userid);
$folder = JPath::clean($userUploadPath);
$dir = $userUploadPath . DIRECTORY_SEPARATOR;
$tmp_dir = JPATH_ROOT . DIRECTORY_SEPARATOR . 'tmp' . DIRECTORY_SEPARATOR;
if (!JFolder::exists($dir)) {
JFolder::create($dir);
}
//now let get the image from remove url.
$segments = explode('/', $image);
$fileName = $segments[count($segments) - 1];
$fileName = JFile::makesafe($fileName);
$tmpFileName = $tmp_dir . $fileName;
$file['name'] = $fileName;
$file['tmp_name'] = $tmpFileName;
// write to JOOMLA tmp folder
file_put_contents($tmpFileName, file_get_contents($image));
require_once EBLOG_CLASSES . DIRECTORY_SEPARATOR . 'mediamanager.php';
$media = new EasyBlogMediaManager();
$result = $media->upload($file, 'user:'******'tmp_name']);
if (isset($result->type)) {
$relativeImagePath = $rel_upload_path . '/' . $file['name'];
// lets replace the image from the content to this uploaded one.
$content = str_replace($image, $relativeImagePath, $content);
}
return $content;
}
/**
* Normalizes a path
*
* @since 5.0
* @access public
* @param string
* @return
*/
public static function normalizeFileName($name)
{
// Fix file names containing "/" in the file title
if (strpos($name, '/') !== false) {
$name = substr($name, strrpos($name, '/') + 1);
}
// Fix file names containing "\" in the file title
if (strpos($name, '\\') !== false) {
$name = substr($name, strrpos($name, '\\') + 1);
}
// Ensure that the file name is safe
$name = JFile::makesafe($name);
$name = trim($name);
// Remove the extension
$name = substr($name, 0, -4) . '.' . JFile::getExt($name);
// Ensure that the file name contains an extension
if (strpos($name, '.') === false) {
$name = EB::date()->format('Ymd-Hms') . '.' . $name;
}
// Do not allow spaces in the name
$name = str_ireplace(' ', '-', $name);
return $name;
}
/**
* Here's where are the chacheing get's done.
* First we need to generate the cache name.
* Then we need to create the directory path
* relative to Cache/media, and based off an
* md5_file($filename).
*/
private function generateCacheFileName()
{
$imageName = JFile::makesafe(basename($this->getFileName()));
$imageName = JFile::removespace($imageName);
$imageName = explode('.', $imageName);
$imageName = str_replace('_', '', $imageName[0]);
$cacheFileName = $imageName;
$cacheFileName .= $this->thumbw . 'x' . $this->thumbh;
$cacheFileName .= '_q' . intval($this->getQuality());
if ($this->square) {
$cacheFileName .= '_sq';
}
$cacheFileName .= '.jpg';
$this->broadDirectories = $this->generateCacheDir() . DS;
$this->cacheFileName = $this->cacheDirectory . $this->broadDirectories . $this->cachePrefix . $cacheFileName;
return true;
}
