Example #1
0
 static function check_uploaded_file($files, $unused = null, $field = array())
 {
     $files = explode("|", $files);
     $size = 0;
     if (!empty($field["SIMPLE_FILE_SIZE"])) {
         $size = str_replace(array("M", "K"), array("000000", "000"), $field["SIMPLE_FILE_SIZE"]);
     }
     $exts = explode(",", INVALID_EXTENSIONS);
     foreach ($files as $file) {
         if ($file == "") {
             continue;
         }
         if (!file_exists($file)) {
             return "{t}Error{/t}: {t}file not found.{/t}";
         }
         if ($size != 0 and filesize($file) > $size) {
             return "{t}Error{/t}: {t}file is too big. Please upload a smaller one.{/t} (" . modify::basename($file) . " > " . $field["SIMPLE_FILE_SIZE"] . ")";
         }
         $ext = modify::getfileext($file);
         if (in_array($ext, $exts)) {
             return sprintf("{t}this file extension is not allowed{/t} (%s)", $ext);
         }
     }
     return "";
 }
Example #2
0
 static function select($path, $fields, $where, $order, $limit, $vars, $mfolder)
 {
     if (sys_allowedpath($path) != "") {
         return array();
     }
     $file_array = array();
     if (!($handle = @opendir($path))) {
         return array();
     }
     while (false !== ($file = readdir($handle))) {
         if ($file == '.' or $file == '..' or is_dir($path . $file)) {
             continue;
         }
         $file_array[] = $file;
     }
     closedir($handle);
     if ($fields == array("*")) {
         $fields = array("id", "folder");
     }
     $rows = array();
     foreach ($file_array as $filename) {
         $ext = modify::getfileext($filename);
         if ($ext == "meta") {
             continue;
         }
         $data = stat($path . $filename);
         $row = array();
         foreach ($fields as $field) {
             switch ($field) {
                 case "filedata":
                 case "id":
                     $row[$field] = $path . $filename;
                     break;
                 case "folder":
                     $row[$field] = $path;
                     break;
                 case "filename":
                 case "searchcontent":
                     $row[$field] = $filename;
                     break;
                 case "fileext":
                     $row[$field] = $ext;
                     break;
                 case "fileatime":
                     $row[$field] = $data["atime"];
                     break;
                 case "created":
                     $row[$field] = $data["ctime"];
                     break;
                 case "lastmodified":
                     $row[$field] = $data["mtime"];
                     break;
                 case "lastmodifiedby":
                     $row[$field] = "";
                     break;
                 case "fileperms":
                     $row[$field] = $data["mode"];
                     break;
                 case "filesize":
                     $row[$field] = $data["size"];
                     break;
                 default:
                     $row[$field] = "";
                     break;
             }
         }
         if (sys_select_where($row, $where, $vars)) {
             $rows[] = $row;
         }
     }
     $rows = sys_select($rows, $order, $limit, $fields);
     if (count($rows) > 0) {
         foreach ($rows as $key => $row) {
             $meta = self::_get_meta($row["id"]);
             foreach ($meta as $mkey => $mval) {
                 $rows[$key][$mkey] = $mval;
             }
         }
     }
     return $rows;
 }
Example #3
0
 static function select($path, $fields, $where, $order, $limit, $vars, $mfolder)
 {
     if ($fields == array("*")) {
         $fields = array("id", "folder");
     }
     $rows = array();
     $entries = self::_select_xml($path, $mfolder);
     foreach ($entries as $entry) {
         $ext = modify::getfileext($entry->title);
         $row = array();
         foreach ($fields as $field) {
             switch ($field) {
                 case "filedata":
                 case "id":
                     $row[$field] = basename($entry->id);
                     break;
                 case "folder":
                     $row[$field] = $path;
                     break;
                 case "filedata_show":
                 case "filename":
                 case "searchcontent":
                     $row[$field] = (string) $entry->title;
                     break;
                 case "fileext":
                     $row[$field] = $ext;
                     break;
                 case "created":
                     $row[$field] = strtotime($entry->published);
                     break;
                 case "lastmodified":
                     $row[$field] = strtotime($entry->updated);
                     break;
                 case "lastmodifiedby":
                     $row[$field] = (string) $entry->author->name;
                     break;
                 case "filesize":
                     $row[$field] = (int) $entry->gd_quotaBytesUsed;
                     break;
                 default:
                     $row[$field] = "";
                     break;
             }
         }
         $row["_lastmodified"] = strtotime($entry->updated);
         $row["_url"] = (string) $entry->content["src"];
         $row["_filename"] = (string) $entry->title;
         $meta = sys_build_meta($entry->docs_description, array());
         if (empty($meta)) {
             $meta["description"] = (string) $entry->docs_description;
         }
         $row = array_merge($row, $meta);
         if (sys_select_where($row, $where, $vars)) {
             $rows[] = $row;
         }
     }
     $rows = sys_select($rows, $order, $limit, $fields);
     if (count($rows) > 0 and in_array("filedata", $fields)) {
         foreach ($rows as $key => $row) {
             $filename = sys_cache_get_file("gdocs", $row["id"] . $row["_lastmodified"], "--" . modify::basename($row["_filename"]), true);
             if (!file_exists($filename) and (!isset($row["filesize"]) or $row["filesize"] < GDOCS_PREVIEW_LIMIT)) {
                 $fout = fopen($filename, "wb");
                 $fin = fopen($row["_url"], "rb", false, self::_get_context($mfolder));
                 if (is_resource($fin) and is_resource($fout)) {
                     while (!feof($fin)) {
                         fwrite($fout, fread($fin, 8192));
                     }
                     fclose($fin);
                     fclose($fout);
                 }
             }
             $rows[$key]["filedata"] = $filename;
         }
     }
     return $rows;
 }
Example #4
0
function _download_resize($row_filename)
{
    $row_filename_resize = SIMPLE_CACHE . "/thumbs/" . sha1($row_filename) . "_" . filemtime($row_filename) . "_" . $_REQUEST["image_width"] . "_" . $_REQUEST["image_height"] . ".jpg";
    if (file_exists($row_filename_resize)) {
        return $row_filename_resize;
    }
    $src_files = array("gif", "jpg", "jpeg", "png");
    $ext = modify::getfileext($row_filename);
    $new_width = "";
    $new_height = "";
    if (empty($_REQUEST["image_width"]) and empty($_REQUEST["image_height"])) {
        $new_width = 250;
        $new_height = 200;
    }
    if (isset($_REQUEST["image_width"]) and is_numeric($_REQUEST["image_width"]) and $_REQUEST["image_width"] > 0) {
        $new_width = $_REQUEST["image_width"];
    }
    if (isset($_REQUEST["image_height"]) and is_numeric($_REQUEST["image_height"]) and $_REQUEST["image_height"] > 0) {
        $new_height = $_REQUEST["image_height"];
    }
    if ($new_width != "" or $new_height != "") {
        $resize = "-resize \"" . $new_width . "x" . $new_height . ">\"";
    }
    if ($resize != "" or !in_array($ext, $src_files)) {
        $result = "";
        $src = modify::realfilename($row_filename);
        $target = modify::realfilename($row_filename_resize);
        $result = sys_exec(sys_find_bin("convert") . " -quality 50 " . $resize . " " . $src . "[0] " . $target);
        if ($result == "") {
            $row_filename = $row_filename_resize;
        } else {
            sys_log_message_log("php-fail", "proc_open: " . $result);
        }
        if ($result != "" and in_array($ext, $src_files)) {
            list($width, $height) = @getimagesize($row_filename);
            if ($width != "" and $height != "") {
                if ($width != $new_width or $height != $new_height) {
                    $prop = $width / $height;
                    if ($width != $new_width and $height != $new_height) {
                        $new_height2 = round($new_width / $prop);
                        if ($new_height2 > $new_height) {
                            $new_width = round($new_height * $prop);
                        }
                    } else {
                        if ($width != $new_width) {
                            $new_height = round($new_width / $prop);
                        } else {
                            $new_width = round($new_height * $prop);
                        }
                    }
                    $image_p = imagecreatetruecolor($new_width, $new_height);
                    imagecopyresized($image_p, imagecreatefromstring(file_get_contents($row_filename)), 0, 0, 0, 0, $new_width, $new_height, $width, $height);
                    imagejpeg($image_p, $row_filename_resize, 50);
                    $row_filename = $row_filename_resize;
                }
            }
        }
    }
    return $row_filename;
}
Example #5
0
 private static function _url_getfilename($url)
 {
     $filename = basename($url);
     if ($filename == "") {
         $filename = "default.txt";
     }
     $match = array();
     if (preg_match("|filename=(.*?)&|", $url, $match) and isset($match[1])) {
         $filename = rawurldecode($match[1]);
     } else {
         $filename = preg_replace("|([^a-z0-9-_.])|i", "_", $filename);
         $ext = modify::getfileext($filename);
         if ($ext == "" or strlen($ext) > 5) {
             $filename .= ".txt";
         }
         if (strlen($filename) > 50) {
             $filename = substr($filename, strlen($filename) - 50);
         }
     }
     return $filename;
 }
Example #6
0
 static function select($path, $fields, $where, $order, $limit, $vars, $mfolder)
 {
     $path = SIMPLE_STORE . "/backup/";
     if (sys_allowedpath($path) != "") {
         return array();
     }
     $file_array = array();
     if (!($handle = @opendir($path))) {
         return array();
     }
     while (false !== ($file = readdir($handle))) {
         if ($file == '.' or $file == '..' or is_dir($path . $file)) {
             continue;
         }
         if (modify::getfileext($file) != "tar") {
             continue;
         }
         $file_array[] = $file;
     }
     closedir($handle);
     $rows = array();
     foreach ($file_array as $filename) {
         $data = stat($path . $filename);
         $row = array();
         foreach ($fields as $field) {
             switch ($field) {
                 case "filedata":
                 case "id":
                     $row[$field] = $path . $filename;
                     break;
                 case "folder":
                     $row[$field] = $vars["folder"];
                     break;
                 case "category":
                     $row[$field] = str_replace(array("__"), array("/"), substr(modify::basename($filename), 0, strpos(modify::basename($filename), "--")));
                     break;
                 case "filename":
                     $row[$field] = basename(str_replace(array("__"), array("/"), modify::basename($filename)));
                     $row[$field] = substr($row[$field], 0, strpos($row[$field], "--"));
                     if ($row[$field] == "") {
                         $row[$field] = $filename;
                     }
                     break;
                 case "searchcontent":
                     $row[$field] = $filename;
                     break;
                 case "createdby":
                 case "lastmodifiedby":
                     $row[$field] = "";
                     break;
                 case "created":
                     $row[$field] = $data["ctime"];
                     break;
                 case "lastmodified":
                     $row[$field] = $data["mtime"];
                     break;
                 case "filesize":
                     $row[$field] = $data["size"];
                     break;
                 default:
                     $row[$field] = "";
                     break;
             }
         }
         if (sys_select_where($row, $where, $vars)) {
             $rows[] = $row;
         }
     }
     $rows = sys_select($rows, $order, $limit, $fields);
     return $rows;
 }
Example #7
0
$ext = modify::getfileext(urldecode($_SERVER["REQUEST_URI"]));
if (in_array($ext, explode(",", INVALID_EXTENSIONS))) {
    sys_error(t("{t}this file extension is not allowed{/t}") . " (" . $ext . ")", "403 Forbidden");
}
$content_length = sys_get_header("Content-Length");
if ($content_length == 0 and strtolower($_REQUEST["action"]) != "move") {
    _upload_success();
}
if (strtolower($_REQUEST["action"]) == "move" and !empty($_SERVER["HTTP_DESTINATION"])) {
    $_SERVER["REQUEST_URI"] = substr($_SERVER["HTTP_DESTINATION"], strpos($_SERVER["HTTP_DESTINATION"], "/sgdav/"));
}
if ($_REQUEST["item"] == "session") {
    $path = str_replace("//", "/", urldecode($_SERVER["REQUEST_URI"]));
    $filename = basename($path);
    $path = dirname($path);
    if (sys_strbegins($filename, "~") or sys_strbegins($filename, ".") or modify::getfileext($filename) == "tmp") {
        $target = SIMPLE_CACHE . "/upload/" . $_SESSION["username"] . sha1($path) . "--" . urlencode($filename);
        if ($fp = fopen("php://input", "r") and $ft = fopen($target, "wb")) {
            while (!feof($fp)) {
                fwrite($ft, fread($fp, 8192));
            }
            fclose($fp);
            fclose($ft);
            _upload_success();
        } else {
            sys_error("cant write", "403 Forbidden");
        }
    } else {
        $target_lnk = SIMPLE_CACHE . "/upload/" . $_SESSION["username"] . sha1($path) . "--" . urlencode($filename) . ".link";
        if (file_exists($target_lnk)) {
            $link = file($target_lnk);
Example #8
0
 static function select($path, $fields, $where, $order, $limit, $vars, $mfolder)
 {
     $file_array = array();
     try {
         $ntlm = self::_get_ntlm($mfolder);
         $w = new Java("jcifs.smb.SmbFile", "smb://" . $path, $ntlm);
         if ($files = $w->listFiles()) {
             foreach ($files as $file) {
                 if ($file->isFile()) {
                     $file_array[] = $file;
                 }
             }
         }
     } catch (Exception $e) {
         if (DEBUG_JAVA) {
             $msg = java_cast($e, "string");
         } else {
             $msg = $e->getMessage();
         }
         sys_warning("{t}Access denied.{/t} [select] " . $msg . " " . $path);
     }
     if ($fields == array("*")) {
         $fields = array("id", "folder");
     }
     $rows = array();
     foreach ($file_array as $file) {
         $ext = modify::getfileext($file->getName());
         if ($ext == "meta") {
             continue;
         }
         $row = array();
         foreach ($fields as $field) {
             switch ($field) {
                 case "filedata":
                 case "id":
                     $row[$field] = $path . $file->getName();
                     break;
                 case "folder":
                     $row[$field] = $path;
                     break;
                 case "filedata_show":
                 case "filename":
                 case "searchcontent":
                     $row[$field] = (string) $file->getName();
                     break;
                 case "fileext":
                     $row[$field] = $ext;
                     break;
                 case "fileatime":
                     $row[$field] = $file->getLastAccess();
                     break;
                 case "created":
                     $row[$field] = $file->createTime() / 1000;
                     break;
                 case "lastmodified":
                     $row[$field] = $file->getLastModified() / 1000;
                     break;
                 case "lastmodifiedby":
                     $row[$field] = "";
                     break;
                 case "filesize":
                     $row[$field] = $file->length();
                     break;
                 default:
                     $row[$field] = "";
                     break;
             }
         }
         $row["_lastmodified"] = $file->getLastModified() / 1000;
         if (sys_select_where($row, $where, $vars)) {
             $rows[] = $row;
         }
     }
     $rows = sys_select($rows, $order, $limit, $fields);
     if (count($rows) > 0) {
         if (in_array("filedata", $fields)) {
             foreach ($rows as $key => $row) {
                 $filename = sys_cache_get_file("cifs", $row["id"] . $row["_lastmodified"], "--" . modify::basename($row["id"]), true);
                 if (!file_exists($filename) and (!isset($row["filesize"]) or $row["filesize"] < CIFS_PREVIEW_LIMIT)) {
                     $w = new Java("jcifs.smb.SmbFile", "smb://" . $row["id"], $ntlm);
                     $out = new Java("java.io.FileOutputStream", modify::realfilename($filename, false));
                     $w->store($out);
                 }
                 $rows[$key]["filedata"] = $filename;
             }
         }
         foreach ($rows as $key => $row) {
             $meta = array();
             try {
                 $meta = self::_get_meta($row["id"], $mfolder, $ntlm);
             } catch (Exception $e) {
                 if (DEBUG_JAVA) {
                     $msg = java_cast($e, "string");
                 } else {
                     $msg = $e->getMessage();
                 }
                 sys_warning("{t}Access denied.{/t} [get_meta] " . $msg . " " . $path);
             }
             foreach ($meta as $mkey => $mval) {
                 $rows[$key][$mkey] = $mval;
             }
         }
     }
     return $rows;
 }