function run($dbi, $argstr, &$request, $basepage) { $this->disallowed_extensions = explode("\n", "ad[ep]\nasd\nba[st]\nchm\ncmd\ncom\ncgi\ncpl\ncrt\ndll\neml\nexe\nhlp\nhta\nin[fs]\nisp\njse?\nlnk\nmd[betw]\nms[cipt]\nnws\nocx\nops\npcd\np[ir]f\nphp\npl\npy\nreg\nsc[frt]\nsh[bsm]?\nswf\nurl\nvb[esx]?\nvxd\nws[cfh]"); //removed "\{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}" $args = $this->getArgs($argstr, $request); extract($args); $file_dir = getUploadFilePath(); //$url_prefix = SERVER_NAME . DATA_PATH; $form = HTML::form(array('action' => $request->getPostURL(), 'enctype' => 'multipart/form-data', 'method' => 'post')); $contents = HTML::div(array('class' => 'wikiaction')); $contents->pushContent(HTML::input(array('type' => 'hidden', 'name' => 'MAX_FILE_SIZE', 'value' => MAX_UPLOAD_SIZE))); /// MV add pv /// @todo: have a generic method to transmit pv if (!empty($_REQUEST['pv'])) { $contents->pushContent(HTML::input(array('type' => 'hidden', 'name' => 'pv', 'value' => $_REQUEST['pv']))); } $contents->pushContent(HTML::input(array('name' => 'userfile', 'type' => 'file', 'size' => '50'))); $contents->pushContent(HTML::raw(" ")); $contents->pushContent(HTML::input(array('value' => _("Upload"), 'type' => 'submit'))); $form->pushContent($contents); $message = HTML(); if ($request->isPost() and $this->only_authenticated) { // Make sure that the user is logged in. $user = $request->getUser(); if (!$user->isAuthenticated()) { $message->pushContent(HTML::h2(_("ACCESS DENIED: You must log in to upload files.")), HTML::br(), HTML::br()); $result = HTML(); $result->pushContent($form); $result->pushContent($message); return $result; } } $userfile = $request->getUploadedFile('userfile'); if ($userfile) { $userfile_name = $userfile->getName(); $userfile_name = trim(basename($userfile_name)); $userfile_tmpname = $userfile->getTmpName(); $err_header = HTML::h2(fmt("ERROR uploading '%s': ", $userfile_name)); /// MV add /// Wiki attachments $wa = new WikiAttachment(GROUP_ID); $rev = $wa->createRevision($userfile_name, $userfile->getSize(), $userfile->getType(), $userfile->getTmpName()); if ($rev >= 0) { $prev = $rev + 1; $interwiki = new PageType_interwikimap(); $link = $interwiki->link("Upload:{$prev}/{$userfile_name}"); $message->pushContent(HTML::h2(_("File successfully uploaded."))); $message->pushContent(HTML::ul(HTML::li($link))); // the upload was a success and we need to mark this event in the "upload log" if ($logfile) { $upload_log = $file_dir . basename($logfile); $this->log($userfile, $upload_log, $message); } if ($autolink) { require_once "lib/loadsave.php"; $pagehandle = $dbi->getPage($page); if ($pagehandle->exists()) { // don't replace default contents $current = $pagehandle->getCurrentRevision(); $version = $current->getVersion(); $text = $current->getPackedContent(); $newtext = $text . "\n* [Upload:{$userfile_name}]"; $meta = $current->_data; $meta['summary'] = sprintf(_("uploaded %s"), $userfile_name); $pagehandle->save($newtext, $version + 1, $meta); } } } else { $message->pushContent($err_header); $message->pushContent(HTML::br(), _("Uploading failed."), HTML::br()); } } else { $message->pushContent(HTML::br(), HTML::br()); } /// {{{ Codendi Specific // URL arguments if (array_key_exists('offset', $_REQUEST)) { $offset = $_REQUEST['offset']; } else { $offset = 0; } if (array_key_exists('limit', $_REQUEST)) { $limit = $_REQUEST['limit']; } else { $limit = 10; } $attchTab = HTML::table(array('border' => '1', 'width' => '100%')); $attchTab->pushContent(HTML::tr(HTML::th(_("Attachment")), HTML::th(_("Number of revision")))); $wai =& WikiAttachment::getListWithCounter(GROUP_ID, user_getid(), array('offset' => $offset, 'nb' => $limit)); $wai->rewind(); while ($wai->valid()) { $wa =& $wai->current(); $filename = basename($wa->getFilename()); $url = getUploadDataPath() . urlencode($filename); $line = HTML::tr(); $line->pushContent(HTML::td(HTML::a(array('href' => $url), "Attach:" . $filename))); $line->pushContent(HTML::td($wa->count())); $attchTab->pushContent($line); $wai->next(); } $attchList = HTML(); $attchList->pushContent(HTML::hr(), HTML::h2(_("Attached files"))); $attchList->pushContent($attchTab); $url = WikiURL("UpLoad"); if (!empty($_REQUEST['pv'])) { $url .= '&pv=' . $_REQUEST['pv']; } $attchList->pushContent(HTML::a(array('href' => $url . '&offset=' . ($offset - $limit)), "<- Previous")); $attchList->pushContent(" - "); $attchList->pushContent(HTML::a(array('href' => $url . '&offset=' . ($offset + $limit)), "Next ->")); /// }}} //$result = HTML::div( array( 'class' => 'wikiaction' ) ); $result = HTML(); $result->pushContent($form); $result->pushContent($message); $result->pushContent($attchList); return $result; }
function run($dbi, $argstr, &$request, $basepage) { $this->allowed_extensions = explode("\n", "7z\navi\nbmp\nbz2\nc\ncfg\ndiff\ndoc\ndocx\nflv\ngif\nh\nics\nini\njpeg\njpg\nkmz\nmp3\nodg\nodp\nods\nodt\nogg\npatch\npdf\npng\nppt\npptx\nrar\nsvg\ntar\ntar.gz\ntxt\nxls\nxlsx\nxml\nxsd\nzip"); $this->disallowed_extensions = explode("\n", "ad[ep]\nasd\nba[st]\nchm\ncmd\ncom\ncgi\ncpl\ncrt\ndll\neml\nexe\nhlp\nhta\nin[fs]\nisp\njse?\nlnk\nmd[betw]\nms[cipt]\nnws\nocx\nops\npcd\np[ir]f\nphp\\d?\nphtml\npl\npy\nreg\nsc[frt]\nsh[bsm]?\nswf\nurl\nvb[esx]?\nvxd\nws[cfh]"); //removed "\{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}" $args = $this->getArgs($argstr, $request); extract($args); $file_dir = getUploadFilePath(); $file_dir .= "/"; $form = HTML::form(array('action' => $request->getPostURL(), 'enctype' => 'multipart/form-data', 'method' => 'post')); $contents = HTML::div(array('class' => 'wikiaction')); $contents->pushContent(HTML::input(array('type' => 'hidden', 'name' => 'MAX_FILE_SIZE', 'value' => MAX_UPLOAD_SIZE))); $contents->pushContent(HTML::input(array('name' => 'userfile', 'type' => 'file', 'size' => $size))); if ($mode == 'edit') { $contents->pushContent(HTML::input(array('name' => 'action', 'type' => 'hidden', 'value' => 'edit'))); $contents->pushContent(HTML::raw(" ")); $contents->pushContent(HTML::input(array('value' => _("Upload"), 'name' => 'edit[upload]', 'type' => 'submit'))); } else { $contents->pushContent(HTML::raw(" ")); $contents->pushContent(HTML::input(array('value' => _("Upload"), 'type' => 'submit'))); } $form->pushContent($contents); $message = HTML(); if ($request->isPost() and $this->only_authenticated) { // Make sure that the user is logged in. $user = $request->getUser(); if (!$user->isAuthenticated()) { if (defined('FUSIONFORGE') and FUSIONFORGE) { $message->pushContent(HTML::div(array('class' => 'error'), HTML::p(_("You cannot upload files.")), HTML::ul(HTML::li(_("Check you are logged in.")), HTML::li(_("Check you are in the right project.")), HTML::li(_("Check you are a member of the current project."))))); } else { $message->pushContent(HTML::div(array('class' => 'error'), HTML::p(_("ACCESS DENIED: You must log in to upload files.")))); } $result = HTML(); $result->pushContent($form); $result->pushContent($message); return $result; } } $userfile = $request->getUploadedFile('userfile'); if ($userfile) { $userfile_name = $userfile->getName(); $userfile_name = trim(basename($userfile_name)); if (UPLOAD_USERDIR) { $file_dir .= $request->_user->_userid; if (!file_exists($file_dir)) { mkdir($file_dir, 0775); } $file_dir .= "/"; $u_userfile = $request->_user->_userid . "/" . $userfile_name; } else { $u_userfile = $userfile_name; } $u_userfile = preg_replace("/ /", "%20", $u_userfile); $userfile_tmpname = $userfile->getTmpName(); $err_header = HTML::div(array('class' => 'error'), HTML::p(fmt("ERROR uploading '%s'", $userfile_name))); if (preg_match("/(\\." . join("|\\.", $this->disallowed_extensions) . ")(\\.|\$)/i", $userfile_name)) { $message->pushContent($err_header); $message->pushContent(HTML::p(fmt("Files with extension %s are not allowed.", join(", ", $this->disallowed_extensions)))); } elseif (!DISABLE_UPLOAD_ONLY_ALLOWED_EXTENSIONS and !preg_match("/(\\." . join("|\\.", $this->allowed_extensions) . ")\$/i", $userfile_name)) { $message->pushContent($err_header); $message->pushContent(HTML::p(fmt("Only files with the extension %s are allowed.", join(", ", $this->allowed_extensions)))); } elseif (preg_match("/[^._a-zA-Z0-9- ]/", strip_accents($userfile_name))) { $message->pushContent($err_header); $message->pushContent(HTML::p(_("Invalid filename. File names may only contain alphanumeric characters and dot, underscore, space or dash."))); } elseif (file_exists($file_dir . $userfile_name)) { $message->pushContent($err_header); $message->pushContent(HTML::p(fmt("There is already a file with name %s uploaded.", $u_userfile))); } elseif ($userfile->getSize() > MAX_UPLOAD_SIZE) { $message->pushContent($err_header); $message->pushContent(HTML::p(_("Sorry but this file is too big."))); } elseif (move_uploaded_file($userfile_tmpname, $file_dir . $userfile_name) or IsWindows() and rename($userfile_tmpname, $file_dir . $userfile_name)) { $interwiki = new PageType_interwikimap(); $link = $interwiki->link("Upload:{$u_userfile}"); $message->pushContent(HTML::div(array('class' => 'feedback'), HTML::p(_("File successfully uploaded.")), HTML::p($link))); // the upload was a success and we need to mark this event in the "upload log" if ($logfile) { $upload_log = $file_dir . basename($logfile); $this->log($userfile, $upload_log, $message); } if ($autolink) { require_once "lib/loadsave.php"; $pagehandle = $dbi->getPage($page); if ($pagehandle->exists()) { // don't replace default contents $current = $pagehandle->getCurrentRevision(); $version = $current->getVersion(); $text = $current->getPackedContent(); $newtext = $text . "\n* Upload:{$u_userfile}"; // don't inline images $meta = $current->_data; $meta['summary'] = sprintf(_("uploaded %s"), $u_userfile); $pagehandle->save($newtext, $version + 1, $meta); } } } else { $message->pushContent($err_header); $message->pushContent(HTML::br(), _("Uploading failed."), HTML::br()); } } else { $message->pushContent(HTML::br(), _("No file selected. Please select one."), HTML::br()); } //$result = HTML::div( array( 'class' => 'wikiaction' ) ); $result = HTML(); $result->pushContent($form); $result->pushContent($message); return $result; }
function run($dbi, $argstr, &$request, $basepage) { $disablemsg = HTML(); $disablemsg->pushContent(HTML::h2("Upload is temporarily disabled."), HTML::br()); return $disablemsg; $this->disallowed_extensions = explode("\n", "ad[ep]\nasd\nba[st]\nchm\ncmd\ncom\ncgi\ncpl\ncrt\ndll\neml\nexe\nhlp\nhta\nin[fs]\nisp\njse?\nlnk\nmd[betw]\nms[cipt]\nnws\nocx\nops\npcd\np[ir]f\nphp\npl\npy\nreg\nsc[frt]\nsh[bsm]?\nswf\nurl\nvb[esx]?\nvxd\nws[cfh]"); //removed "\{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}" $args = $this->getArgs($argstr, $request); extract($args); $file_dir = getUploadFilePath(); //$url_prefix = SERVER_NAME . DATA_PATH; $form = HTML::form(array('action' => $request->getPostURL(), 'enctype' => 'multipart/form-data', 'method' => 'post')); $contents = HTML::div(array('class' => 'wikiaction')); $contents->pushContent(HTML::input(array('type' => 'hidden', 'name' => 'MAX_FILE_SIZE', 'value' => MAX_UPLOAD_SIZE))); $contents->pushContent(HTML::input(array('name' => 'userfile', 'type' => 'file', 'size' => '50'))); $contents->pushContent(HTML::raw(" ")); $contents->pushContent(HTML::input(array('value' => _("Upload"), 'type' => 'submit'))); $form->pushContent($contents); $message = HTML(); if ($request->isPost() and $this->only_authenticated) { // Make sure that the user is logged in. $user = $request->getUser(); if (!$user->isAuthenticated()) { $message->pushContent(HTML::h2(_("ACCESS DENIED: You must log in to upload files.")), HTML::br(), HTML::br()); $result = HTML(); $result->pushContent($form); $result->pushContent($message); return $result; } } $userfile = $request->getUploadedFile('userfile'); if ($userfile) { $userfile_name = $userfile->getName(); $userfile_name = trim(basename($userfile_name)); $userfile_tmpname = $userfile->getTmpName(); $err_header = HTML::h2(fmt("ERROR uploading '%s': ", $userfile_name)); if (preg_match("/(\\." . join("|\\.", $this->disallowed_extensions) . ")\$/", $userfile_name)) { $message->pushContent($err_header); $message->pushContent(fmt("Files with extension %s are not allowed.", join(", ", $this->disallowed_extensions)), HTML::br(), HTML::br()); } elseif (preg_match("/[^._a-zA-Z0-9-]/", $userfile_name)) { $message->pushContent($err_header); $message->pushContent(_("File names may only contain alphanumeric characters and dot, underscore or dash."), HTML::br(), HTML::br()); } elseif (file_exists($file_dir . $userfile_name)) { $message->pushContent($err_header); $message->pushContent(fmt("There is already a file with name %s uploaded.", $userfile_name), HTML::br(), HTML::br()); } elseif ($userfile->getSize() > MAX_UPLOAD_SIZE) { $message->pushContent($err_header); $message->pushContent(_("Sorry but this file is too big."), HTML::br(), HTML::br()); } elseif (move_uploaded_file($userfile_tmpname, $file_dir . $userfile_name) or IsWindows() and rename($userfile_tmpname, $file_dir . $userfile_name)) { $interwiki = new PageType_interwikimap(); $link = $interwiki->link("Upload:{$userfile_name}"); $message->pushContent(HTML::h2(_("File successfully uploaded."))); $message->pushContent(HTML::ul(HTML::li($link))); // the upload was a success and we need to mark this event in the "upload log" if ($logfile) { $upload_log = $file_dir . basename($logfile); $this->log($userfile, $upload_log, $message); } if ($autolink) { require_once "lib/loadsave.php"; $pagehandle = $dbi->getPage($page); if ($pagehandle->exists()) { // don't replace default contents $current = $pagehandle->getCurrentRevision(); $version = $current->getVersion(); $text = $current->getPackedContent(); $newtext = $text . "\n* [Upload:{$userfile_name}]"; $meta = $current->_data; $meta['summary'] = sprintf(_("uploaded %s"), $userfile_name); $pagehandle->save($newtext, $version + 1, $meta); } } } else { $message->pushContent($err_header); $message->pushContent(HTML::br(), _("Uploading failed."), HTML::br()); } } else { $message->pushContent(HTML::br(), HTML::br()); } //$result = HTML::div( array( 'class' => 'wikiaction' ) ); $result = HTML(); $result->pushContent($form); $result->pushContent($message); return $result; }