function WYFileUpload($sN, $multiple = false) { global $goApp; parent::WYHTMLTag("input"); $this->dAttributes["type"] = "file"; if ($multiple) { $this->dAttributes["name"] = $sN . '[]'; $this->dAttributes["multiple"] = "multiple"; } else { $this->dAttributes["name"] = $sN; } $this->dFileInfos = od_nil; if (isset($_FILES[$sN])) { $this->dFileInfos = $_FILES[$sN]; // how many files? if (is_array($this->dFileInfos["name"])) { $this->iNrOfFiles = count($this->dFileInfos["name"]); } else { $this->iNrOfFiles = 1; $tmpFI = array("name" => array($this->dFileInfos["name"]), "type" => array($this->dFileInfos["type"]), "tmp_name" => array($this->dFileInfos["tmp_name"]), "error" => array($this->dFileInfos["error"]), "size" => array($this->dFileInfos["size"])); $this->dFileInfos = $tmpFI; $tmpFI = NULL; } for ($i = 0; $i < $this->iNrOfFiles; $i++) { // security check $sOFN = isset($this->dFileInfos["name"][$i]) ? $this->dFileInfos["name"][$i] : ""; $oOFN = new WYPath($sOFN); if (!$oOFN->bCheck(WYPATH_CHECK_NOSCRIPT | WYPATH_CHECK_NOPATH)) { $goApp->log("error on file upload: illegal file type/name <{$sOFN}>"); @unlink($this->dFileInfos["tmp_name"][$j]); // delete evil uploaded file } else { if ($this->bFileUploaded($i) && $this->bUploadOK($i)) { $oTmpPath = new WYPath($this->dFileInfos["tmp_name"][$i]); $oToPath = od_clone($goApp->oDataPath); $oToPath->addComponent($oTmpPath->sBasename()); if (!$goApp->move_uploaded_file($oTmpPath, $oToPath)) { $goApp->log("WYFileUpload: Could not move uploaded file " . $oTmpPath->sPath . " to " . $oToPath->sPath); } else { $this->dFileInfos["tmp_name"][$i] = $oToPath->sPath; } } else { $goApp->log("error on file upload: " . $this->iErrorCode() . ": " . $this->sErrorMessage()); } } } } }