function WYFileUpload($sN, $multiple = false)
{
global $goApp;
parent::WYHTMLTag("input");
$this->dAttributes["type"] = "file";
if ($multiple) {
$this->dAttributes["name"] = $sN . '[]';
$this->dAttributes["multiple"] = "multiple";
} else {
$this->dAttributes["name"] = $sN;
}
$this->dFileInfos = od_nil;
if (isset($_FILES[$sN])) {
$this->dFileInfos = $_FILES[$sN];
// how many files?
if (is_array($this->dFileInfos["name"])) {
$this->iNrOfFiles = count($this->dFileInfos["name"]);
} else {
$this->iNrOfFiles = 1;
$tmpFI = array("name" => array($this->dFileInfos["name"]), "type" => array($this->dFileInfos["type"]), "tmp_name" => array($this->dFileInfos["tmp_name"]), "error" => array($this->dFileInfos["error"]), "size" => array($this->dFileInfos["size"]));
$this->dFileInfos = $tmpFI;
$tmpFI = NULL;
}
for ($i = 0; $i < $this->iNrOfFiles; $i++) {
// security check
$sOFN = isset($this->dFileInfos["name"][$i]) ? $this->dFileInfos["name"][$i] : "";
$oOFN = new WYPath($sOFN);
if (!$oOFN->bCheck(WYPATH_CHECK_NOSCRIPT | WYPATH_CHECK_NOPATH)) {
$goApp->log("error on file upload: illegal file type/name <{$sOFN}>");
@unlink($this->dFileInfos["tmp_name"][$j]);
// delete evil uploaded file
} else {
if ($this->bFileUploaded($i) && $this->bUploadOK($i)) {
$oTmpPath = new WYPath($this->dFileInfos["tmp_name"][$i]);
$oToPath = od_clone($goApp->oDataPath);
$oToPath->addComponent($oTmpPath->sBasename());
if (!$goApp->move_uploaded_file($oTmpPath, $oToPath)) {
$goApp->log("WYFileUpload: Could not move uploaded file " . $oTmpPath->sPath . " to " . $oToPath->sPath);
} else {
$this->dFileInfos["tmp_name"][$i] = $oToPath->sPath;
}
} else {
$goApp->log("error on file upload: " . $this->iErrorCode() . ": " . $this->sErrorMessage());
}
}
}
}
}
