function sDownloadFileName() { $sFN = ""; $sOrg = $this->sOriginalFilename(); if ($sOrg) { $oOrg = new WYPath($sOrg); $sExt = $oOrg->sExtension(); $sFN = $this->sDataFileName(false) . ($sExt !== "" ? ".{$sExt}" : ".dat"); } return $sFN; }
function WYFileUpload($sN, $multiple = false) { global $goApp; parent::WYHTMLTag("input"); $this->dAttributes["type"] = "file"; if ($multiple) { $this->dAttributes["name"] = $sN . '[]'; $this->dAttributes["multiple"] = "multiple"; } else { $this->dAttributes["name"] = $sN; } $this->dFileInfos = od_nil; if (isset($_FILES[$sN])) { $this->dFileInfos = $_FILES[$sN]; // how many files? if (is_array($this->dFileInfos["name"])) { $this->iNrOfFiles = count($this->dFileInfos["name"]); } else { $this->iNrOfFiles = 1; $tmpFI = array("name" => array($this->dFileInfos["name"]), "type" => array($this->dFileInfos["type"]), "tmp_name" => array($this->dFileInfos["tmp_name"]), "error" => array($this->dFileInfos["error"]), "size" => array($this->dFileInfos["size"])); $this->dFileInfos = $tmpFI; $tmpFI = NULL; } for ($i = 0; $i < $this->iNrOfFiles; $i++) { // security check $sOFN = isset($this->dFileInfos["name"][$i]) ? $this->dFileInfos["name"][$i] : ""; $oOFN = new WYPath($sOFN); if (!$oOFN->bCheck(WYPATH_CHECK_NOSCRIPT | WYPATH_CHECK_NOPATH)) { $goApp->log("error on file upload: illegal file type/name <{$sOFN}>"); @unlink($this->dFileInfos["tmp_name"][$j]); // delete evil uploaded file } else { if ($this->bFileUploaded($i) && $this->bUploadOK($i)) { $oTmpPath = new WYPath($this->dFileInfos["tmp_name"][$i]); $oToPath = od_clone($goApp->oDataPath); $oToPath->addComponent($oTmpPath->sBasename()); if (!$goApp->move_uploaded_file($oTmpPath, $oToPath)) { $goApp->log("WYFileUpload: Could not move uploaded file " . $oTmpPath->sPath . " to " . $oToPath->sPath); } else { $this->dFileInfos["tmp_name"][$i] = $oToPath->sPath; } } else { $goApp->log("error on file upload: " . $this->iErrorCode() . ": " . $this->sErrorMessage()); } } } } }
function WYURL($s) { global $goApp; $sQuery = ""; $iPos = 0; $aQueryPairs = array(); $sPair = ""; $aKeyValue = array(); $iMaxProtocolIdentLen = 5; // https $iPos = strpos($s, ":"); if ($iPos !== false && $iPos <= $iMaxProtocolIdentLen) { $this->sProtocol = strtolower(substr($s, 0, $iPos)); $s = substr($s, $iPos + 1); } else { $this->sProtocol = "http"; } if (substr($s, 0, 2) == "//") { $iPos = strpos($s, "/", 2); if ($iPos !== false) { $this->sHost = substr($s, 2, $iPos - 2); $s = substr($s, $iPos); if (!$s) { $s = "/"; } } else { $this->sHost = substr($s, 2); $s = "/"; } } else { $this->sHost = WYApplication::sHTTPHost(); } $iPos = strpos($s, "#"); if ($iPos !== false) { $this->sAnchor = substr($s, $iPos + 1); $s = substr($s, 0, $iPos); } else { $this->sAnchor = ""; } $this->dQuery = array(); $iPos = strpos($s, "?"); if ($iPos !== false) { $sQuery = substr($s, $iPos + 1); $aQueryPairs = explode("&", $sQuery); foreach ($aQueryPairs as $sPair) { $aKeyValue = explode("=", $sPair); $this->dQuery[$aKeyValue[0]] = isset($aKeyValue[1]) ? urldecode($aKeyValue[1]) : ""; } $s = substr($s, 0, $iPos); } parent::WYPath($s); }
function WYAudioElement($sN, $sL) { global $goApp; parent::WYAttachmentElement($sN); $this->sEditorPageName = "audio.php"; $this->iEditorWidth = 650; $this->iEditorHeight = 250; $this->sEditButtonCSSClass = "WebYepAudioEditButton"; $this->setVersion(WY_AUDIO_VERSION); $this->sLinkContent = $sL; if ($this->sOriginalFilename()) { $oP = new WYPath($this->sOriginalFilename()); if (!$oP->bCheck(WYPATH_CHECK_JUSTAUDIO | WYPATH_CHECK_NOSCRIPT | WYPATH_CHECK_NOPATH)) { $goApp->log("missuse of audio element, filename: " . $oP->sPath); exit(0); } unset($oP); $oP = new WYPath($this->sDownloadFileName()); if (!$oP->bCheck(WYPATH_CHECK_JUSTAUDIO | WYPATH_CHECK_NOSCRIPT | WYPATH_CHECK_NOPATH)) { $goApp->log("missuse of audio element, filename: " . $oP->sPath); exit(0); } } }
<?php // WebYep // (C) Objective Development Software GmbH // http://www.obdev.at $webyep_bDocumentPage = false; $webyep_sIncludePath = "."; include_once "{$webyep_sIncludePath}/webyep.php"; include_once @webyep_sConfigValue("webyep_sIncludePath") . "/elements/WYAudioElement.php"; include_once @webyep_sConfigValue("webyep_sIncludePath") . "/lib/WYPath.php"; $oFilename = new WYPath($_GET[WY_QK_AUDIO_FILENAME]); if (!$oFilename->bCheck(WYPATH_CHECK_JUSTAUDIO | WYPATH_CHECK_NOSCRIPT | WYPATH_CHECK_NOPATH)) { $goApp->log("missuse of mp3 player script, path: " . $oFilename->sPath); exit(0); } $oURL = od_clone($goApp->oDataURL); $oURL->addComponent($oFilename->sPath); ?> <html> <head> <title><?php echo WYTS("MP3PlayerWindowTitle"); ?> </title> <style type="text/css"> body { background-color: black; } </style> </head> <body>
include_once @webyep_sConfigValue("webyep_sIncludePath") . "/lib/WYHiddenField.php"; include_once @webyep_sConfigValue("webyep_sIncludePath") . "/lib/WYFileUpload.php"; $oHFFunctioNumber = new WYHiddenField('CKEditorFuncNum'); $iFunctionNumber = (int) $oHFFunctioNumber->sValue(); $oFU = new WYFileUpload("upload"); $bOK = false; $sResponse = ""; $sURL = ""; if (isset($_REQUEST['CKEditor'])) { if ($oFU->bUploadOK()) { $oOriginalName = od_clone($oFU->oOriginalFilename()); if ($oOriginalName->bCheck(WYPATH_CHECK_NOSCRIPT | WYPATH_CHECK_NOPATH | WYPATH_CHECK_JUSTIMAGE)) { $sFilename = $oOriginalName->sPath; $sExtension = $oOriginalName->sExtension(); $sFilename = str_replace(".{$sExtension}", "", $sFilename); $sFilename = WYPath::sMakeFilename($sFilename); $oDestPath = od_clone($goApp->oDataPath); $sDestFilename = "rtimg-{$sFilename}.{$sExtension}"; $oDestPath->addComponent($sDestFilename); $oFile = new WYFile($oFU->oFilePath()); if (!$oFile->bCopyTo($oDestPath)) { $goApp->log("Could not copy uploaded image file"); $sResponse = WYTS("FileUploadErrorUnknown", false); } else { $sResponse = ""; $bOK = true; $oURL = od_clone($goApp->oDataURL); $oURL->addComponent($sDestFilename); $sURL = $oURL->sURL(false, false, true); } } else {
// (C) Objective Development Software GmbH // http://www.obdev.at $webyep_bDocumentPage = false; $webyep_sIncludePath = "."; include_once "{$webyep_sIncludePath}/webyep.php"; include_once @webyep_sConfigValue("webyep_sIncludePath") . "/elements/WYAttachmentElement.php"; include_once @webyep_sConfigValue("webyep_sIncludePath") . "/lib/WYFile.php"; $aMimeTypes['pdf'] = "application/pdf"; $aMimeTypes['htm'] = "text/html"; $aMimeTypes['html'] = "text/html"; $aMimeTypes['php'] = "application/binary"; $aMimeTypes['txt'] = "text/plain"; $aMimeTypes['gif'] = "image/gif"; $aMimeTypes['jpg'] = "image/jpeg"; $oFilename = new WYPath($_GET[WY_QK_DOWNLOAD_FILENAME]); $oOrgFilename = new WYPath($_GET[WY_QK_ORIGINAL_FILENAME]); $sClientIP = $goApp->sClientIP(); if (!$oFilename->bCheck(WYPATH_CHECK_NOSCRIPT | WYPATH_CHECK_NOPATH)) { $goApp->log("missuse of download script from {$sClientIP}, path: " . $oFilename->sPath); exit(0); } if (!$oOrgFilename->bCheck(WYPATH_CHECK_NOSCRIPT | WYPATH_CHECK_NOPATH)) { $goApp->log("missuse of download script from {$sClientIP}, org file path: " . $oOrgFilename->sPath); exit(0); } $sOrgFilename = str_replace(" ", "_", $oOrgFilename->sPath); $oPath = od_clone($goApp->oDataPath); $oPath->addComponent($oFilename->sPath); if (strpos($oPath->sPath, "webyep-system") === false) { // goApp's log won't work when data path was modified! -> echo echo "missuse of download script from {$sClientIP}, mangled data path: " . $oPath->sPath;
function sDataFileName($bCreate) { global $goApp; $sFilename = ""; $sPrefix = ""; $iPageID = 0; $i = 0; $sFilename = $this->sFieldNameForFile(); if (!$this->bGlobal) { $iPageID = $goApp->oDocument->iPageID($bCreate); if ($iPageID) { if ($this->bUseDocumentInstance()) { $iDocInstance = $goApp->oDocument->iDocumentInstance(); } else { $iDocInstance = 0; } if ($this->bUseLoopID()) { $iLoopID = $goApp->oDocument->iLoopID(); } else { $iLoopID = 0; } $sPrefix = WYElement::sDataFileNamePrefix($iPageID, $iDocInstance, $iLoopID); $sFilename = $sPrefix . "-" . $sFilename; } else { $sFilename = ""; } } if ($sFilename) { $oP = new WYPath($sFilename); if (!$oP->bCheck(WYPATH_CHECK_NOPATH)) { $sFilename = ""; } } return $sFilename; }
$oHFLanguageCode = new WYHiddenField('langCode'); $sLangCode = $oHFLanguageCode->sValue(); $oHFAction = new WYHiddenField(ACTION); $sAction = $oHFAction->sValue(); // $sResponse = WYTS("RichTextSaved"); // $oCKBaseURL = od_clone($goApp->oProgramURL); // $oCKBaseURL->addComponent("opt"); // $oCKBaseURL->addComponent("ckeditor"); // $oCKJSURL = od_clone($oCKBaseURL); // $oCKJSURL->addComponent("ckeditor.js"); $goApp->outputWarningPanels(); // give App a chance to say something if ($sAction == ACTION_DELETE) { $oHFFilename = new WYHiddenField(FILENAME); $oFullPath = od_clone($goApp->oDataPath); $oFilename = new WYPath($oHFFilename->sValue()); if ($oFilename->bCheck(WYPATH_CHECK_JUSTIMAGE | WYPATH_CHECK_NOPATH)) { $oFullPath->addComponent($oFilename->sPath); $oFile = new WYFile($oFullPath); $oFile->bDelete(); } } $aEntries = array(); $r = opendir($goApp->oDataPath->sPath); while (($sEntry = readdir($r)) !== false) { if ($sEntry[0] == ".") { continue; } if (substr($sEntry, 0, 5) != "rtimg") { continue; }
/** * Liefert den Dateinamen des Vorschaubildes zum Dateinamen eines Bildes * * @access private * @param string der Dateiname des Bildes * @return string der Dateiname des Vorschaubildes */ function _sThumbnailName($sFilename) { global $goApp; $oP = $oF = od_nil; $sOrgExt = ""; $sTN = ""; $oP = new WYPath($sFilename); $sOrgExt = $oP->sExtension(); $oP = od_clone($goApp->oDataPath); $iPos = strrpos($sFilename, "."); $sTN = substr($sFilename, 0, $iPos) . "-tn.jpg"; $oP->addComponent($sTN); $oF = new WYFile($oP); if (!$oF->bExists()) { $oP->removeDemoSlotID(); // try again without demo slot ID unset($oF); $oF = new WYFile($oP); if (!$oF->bExists()) { $oP->setExtension($sOrgExt); $sTN = $oP->sBasename(); } } return $sTN; }
// WebYep // (C) Objective Development Software GmbH // http://www.obdev.at $webyep_bDocumentPage = false; $webyep_sIncludePath = "."; include_once "{$webyep_sIncludePath}/webyep.php"; include_once @webyep_sConfigValue("webyep_sIncludePath") . "/lib/WYImage.php"; include_once @webyep_sConfigValue("webyep_sIncludePath") . "/lib/WYPath.php"; include_once @webyep_sConfigValue("webyep_sIncludePath") . "/elements/WYImageElement.php"; $oImage = $oURL = od_nil; $sFilename = ""; if (isset($_GET[WY_QK_IMAGE_DETAIL])) { $sFilename = $_GET[WY_QK_IMAGE_DETAIL]; $sAltText = $_GET[WY_QK_IMAGE_ALTTEXT]; $bDemoContent = $_GET[WY_QK_IMAGE_DEMOCONTENT]; $oP = new WYPath($sFilename); if (!$oP->bCheck(WYPATH_CHECK_NOPATH | WYPATH_CHECK_JUSTIMAGE)) { $goApp->log("illegal filename in image-detail: <{$sFilename}>"); exit(-1); } $oURL = od_clone($goApp->oDataURL); if ($bDemoContent) { $oURL->removeDemoSlotID(); } $oURL->addComponent($sFilename); $oImage = new WYImage($oURL); if ($sAltText) { $oImage->setAttribute("alt", $sAltText); } $iW = $oImage->iWidth(); $iH = $oImage->iHeight();