/** * Validates an uploaded image. Creates UNIX commands to be used * by the process_images function, which has to be called after * the validation. * @author jep * @author soeren * @static * @param array $d * @param string $field_name The name of the field in the table $table, the image is assigned to [e.g. product_thumb_image] * @param string $table_name The name of a table in the database [e.g. #__{vm}_product] * @return boolean When the upload validation was sucessfull, true is returned, otherwise false */ function validate_image(&$d, $field_name, $table_name) { global $vmLogger; // The commands to be executed by the process_images // function are returned as strings in an array here. if (empty($d['image_commands']) || !empty($_REQUEST['image_commands'])) { unset($_REQUEST['image_commands']); $d['image_commands'] = array(); } // Generate the path to images $path = IMAGEPATH; $path .= $table_name . "/"; // Check permissions to write to destination directory // Workaround for Window$ if (strstr($path, ":")) { $path_begin = substr($path, strpos($path, ":") + 1, strlen($path)); $path = str_replace("//", "/", $path_begin); } if (!is_dir($path)) { mkdir($path, 0777); $vmLogger->debug('Had to create the directory ' . $path); } if (!is_writable($path) && !empty($_FILES[$field_name]["tmp_name"])) { $vmLogger->err('Cannot write to ' . $table_name . ' image directory: ' . $path); return false; } if (PSHOP_IMG_WIDTH == 0 or PSHOP_IMG_HEIGHT == 0) { $vmLogger->err('Thumb default height or width is set to 0! Cannot resize the image'); return false; } // Check for upload errors require_once CLASSPATH . 'ps_product_files.php'; ps_product_files::checkUploadedFile($field_name); // proof of concept fix by jmarsik 20090422 - safely move the uploaded file from upload_tmp_dir to temporary location (hopefully) included in open_basedir, following code will be much happier :) // if the file is not moved, following code will try to manipulate it using functions that check open_basedir (for example copy, file_exists, unlink, getimagesize) if (!empty($_FILES[$field_name]["tmp_name"]) && is_uploaded_file($_FILES[$field_name]["tmp_name"])) { $tmpfile_moved_from_uploaded_file = $path . "tmpForThumb_" . basename($_FILES[$field_name]["tmp_name"]); $vmLogger->debug("Moving file from " . $_FILES[$field_name]["tmp_name"] . " to " . $tmpfile_moved_from_uploaded_file . " (helps when upload_tmp_dir is not in open_basedir)"); move_uploaded_file($_FILES[$field_name]["tmp_name"], $tmpfile_moved_from_uploaded_file); $_FILES[$field_name]["tmp_name"] = $tmpfile_moved_from_uploaded_file; } $tmp_field_name = str_replace("thumb", "full", $field_name); // Class for resizing Thumbnails require_once CLASSPATH . "class.img2thumb.php"; if (@$d[$tmp_field_name . '_action'] == 'auto_resize') { // proof of concept fix by jmarsik 20090422 - safely move the uploaded file from upload_tmp_dir to temporary location (hopefully) included in open_basedir, following code will be much happier :) // if the file is not moved, following code will try to manipulate it using functions that check open_basedir (for example copy, file_exists, unlink, getimagesize) if (!empty($_FILES[$tmp_field_name]["tmp_name"]) && is_uploaded_file($_FILES[$tmp_field_name]["tmp_name"])) { $tmpfile_moved_from_uploaded_file = $path . "tmpForThumb_" . basename($_FILES[$tmp_field_name]["tmp_name"]); $vmLogger->debug("Moving file from " . $_FILES[$tmp_field_name]["tmp_name"] . " to " . $tmpfile_moved_from_uploaded_file . " (helps when upload_tmp_dir is not in open_basedir)"); move_uploaded_file($_FILES[$tmp_field_name]["tmp_name"], $tmpfile_moved_from_uploaded_file); $_FILES[$tmp_field_name]["tmp_name"] = $tmpfile_moved_from_uploaded_file; } // Resize the Full Image if (!empty($_FILES[$tmp_field_name]["tmp_name"])) { $full_file = $_FILES[$tmp_field_name]["tmp_name"]; $image_info = getimagesize($full_file); } elseif (!empty($d[$tmp_field_name . "_url"])) { $tmp_file_from_url = $full_file = ps_product_files::getRemoteFile($d[$tmp_field_name . "_url"]); if ($full_file) { $vmLogger->debug('Successfully fetched the image file from ' . $d[$tmp_field_name . "_url"] . ' for later resizing'); $image_info = getimagesize($full_file); } } if (!empty($image_info)) { if ($image_info[2] == 1) { if (function_exists("imagegif")) { $ext = ".gif"; $noimgif = ""; } else { $ext = ".jpg"; $noimgif = ".gif"; } } elseif ($image_info[2] == 2) { $ext = ".jpg"; $noimgif = ""; } elseif ($image_info[2] == 3) { $ext = ".png"; $noimgif = ""; } $vmLogger->debug('The resized Thumbnail will have extension ' . $noimgif . $ext); /* Generate Image Destination File Name */ if (!empty($d[$table_name . '_name'])) { $filename = substr($d[$table_name . '_name'], 0, 16); $filename = vmSafeFileName($filename); } else { $filename = md5('virtuemart'); } $to_file_thumb = uniqid($filename . '_'); $fileout = IMAGEPATH . "{$table_name}/resized/{$to_file_thumb}" . '_' . PSHOP_IMG_WIDTH . 'x' . PSHOP_IMG_HEIGHT . $noimgif . $ext; if (!file_exists(dirname($fileout))) { mkdir(dirname($fileout)); $vmLogger->debug('Created Directory ' . dirname($fileout)); } $neu = new Img2Thumb($full_file, PSHOP_IMG_WIDTH, PSHOP_IMG_HEIGHT, $fileout, 0, 255, 255, 255); $thumbname = 'resized/' . basename($fileout); $vmLogger->debug('Finished creating the thumbnail ' . $thumbname); if (isset($tmp_file_from_url)) { unlink(realpath($tmp_file_from_url)); } $tmp_field_name = str_replace("full", "thumb", $tmp_field_name); $tmp_field_name = str_replace("_url", "", $tmp_field_name); $_FILES[$tmp_field_name]['tmp_name'] = $fileout; $_FILES[$tmp_field_name]['name'] = $thumbname; $d[$tmp_field_name] = $thumbname; $curr_file = isset($_REQUEST[$tmp_field_name . "_curr"]) ? $_REQUEST[$tmp_field_name . "_curr"] : ""; if (!empty($curr_file)) { $delete = str_replace("\\", "/", realpath($path . "/" . $curr_file)); $d["image_commands"][] = array('command' => 'unlink', 'param1' => $delete); $vmLogger->debug('Preparing: delete old thumbnail image: ' . $delete); /* Remove the resized image if exists */ if (PSHOP_IMG_RESIZE_ENABLE == "1") { $pathinfo = pathinfo($delete); isset($pathinfo["dirname"]) or $pathinfo["dirname"] = ""; isset($pathinfo["extension"]) or $pathinfo["extension"] = ""; $filehash = basename($delete, "." . $pathinfo["extension"]); $resizedfilename = $pathinfo["dirname"] . "/resized/" . $filehash . "_" . PSHOP_IMG_WIDTH . "x" . PSHOP_IMG_HEIGHT . "." . $pathinfo["extension"]; $d["image_commands"][] = array('command' => 'unlink', 'param1' => $resizedfilename); $vmLogger->debug('Preparing: delete resized thumbnail ' . $resizedfilename); } } } } $temp_file = isset($_FILES[$field_name]['tmp_name']) ? $_FILES[$field_name]['tmp_name'] : ""; $file_type = isset($_FILES[$field_name]['type']) ? $_FILES[$field_name]['type'] : ""; $orig_file = isset($_FILES[$field_name]["name"]) ? $_FILES[$field_name]['name'] : ""; $curr_file = isset($_REQUEST[$field_name . "_curr"]) ? $_REQUEST[$field_name . "_curr"] : ""; /* Generate text to display in error messages */ if (stristr("thumb", $field_name)) { $image_type = "thumbnail image"; } elseif (stristr("full", $field_name)) { $image_type = "full image"; } else { $image_type = str_replace("_", " ", $field_name); } /* If User types "none" in Image Upload Field */ if (@$d[$field_name . "_action"] == "delete") { /* If there is a current image file */ if (!empty($curr_file)) { $delete = str_replace("\\", "/", realpath($path . "/" . $curr_file)); $d["image_commands"][] = array('command' => 'unlink', 'param1' => $delete); $vmLogger->debug('Preparing: delete old ' . $image_type . ' ' . $delete); /* Remove the resized image if exists */ if (PSHOP_IMG_RESIZE_ENABLE == "1" && $image_type == "thumbnail image") { $pathinfo = pathinfo($delete); isset($pathinfo["dirname"]) or $pathinfo["dirname"] = ""; isset($pathinfo["extension"]) or $pathinfo["extension"] = ""; $filehash = basename($delete, "." . $pathinfo["extension"]); $resizedfilename = $pathinfo["dirname"] . "/resized/" . $filehash . "_" . PSHOP_IMG_WIDTH . "x" . PSHOP_IMG_HEIGHT . "." . $pathinfo["extension"]; $d["image_commands"][] = array('command' => 'unlink', 'param1' => $resizedfilename); $vmLogger->debug('Preparing: delete resized thumbnail ' . $resizedfilename); } } $d[$field_name] = ""; return true; } elseif ($orig_file and $temp_file == "none") { $vmLogger->err($image_type . ' upload failed.'); return false; } else { // If nothing was entered in the Upload box, there is no image to process if (!$orig_file) { $d[$field_name] = $curr_file; return true; } } if (empty($temp_file)) { $vmLogger->err('The File Upload was not successful: there\'s no uploaded temporary file!'); return false; } /* Generate Image Destination File Name */ if (!empty($d[$table_name . '_name'])) { $filename = substr($d[$table_name . '_name'], 0, 16); $filename = vmSafeFileName($filename); } else { $filename = md5('virtuemart'); } $to_file = uniqid($filename . '_'); /* Check image file format */ if ($orig_file != "none") { $to_file .= $ext = '.' . Img2Thumb::GetImgType($temp_file); if (!$to_file) { $vmLogger->err($image_type . ' file is invalid: ' . $file_type . '.'); return false; } } /* ** If it gets to this point then there is an uploaded file in the system ** and it is a valid image file. */ /* If Updating */ if (!empty($curr_file)) { /* Command to remove old image file */ $delete = str_replace("\\", "/", realpath($path) . "/" . $curr_file); $d["image_commands"][] = array('command' => 'unlink', 'param1' => $delete); /* Remove the resized image if exists */ if (PSHOP_IMG_RESIZE_ENABLE == "1" && $image_type == "thumbnail image") { $pathinfo = pathinfo($delete); $filehash = basename($delete, "." . $pathinfo["extension"]); $resizedfilename = $pathinfo["dirname"] . "/resized/" . $filehash . "_" . PSHOP_IMG_WIDTH . "x" . PSHOP_IMG_HEIGHT . "." . $pathinfo["extension"]; $d["image_commands"][] = array('command' => 'unlink', 'param1' => $resizedfilename); $vmLogger->debug('Preparing: delete resized thumbnail ' . $resizedfilename); } } /* Command to move uploaded file into destination directory */ // Command to move uploaded file into destination directory $d["image_commands"][] = array('command' => 'move_uploaded_file', 'param1' => $temp_file, 'param2' => $path . $to_file); $d["image_commands"][] = array('command' => 'unlink', 'param1' => $temp_file); if (empty($d[$field_name])) { /* Return new image file name */ $d[$field_name] = $to_file; } return true; }
/** * Handles a download Request * * @param array $d * @return boolean */ function download_request(&$d) { global $download_id, $VM_LANG, $vmLogger; $db = new ps_DB(); $download_id = $db->getEscaped(vmGet($d, "download_id")); $q = "SELECT * FROM #__{vm}_product_download WHERE"; $q .= " download_id = '{$download_id}'"; $db->query($q); $db->next_record(); $download_id = $db->f("download_id"); $file_name = $db->f("file_name"); if (strncmp($file_name, 'http', 4) !== 0) { $datei = DOWNLOADROOT . $file_name; } else { $datei = $file_name; } $download_max = $db->f("download_max"); $end_date = $db->f("end_date"); $zeit = time(); if (!$download_id) { $vmLogger->err($VM_LANG->_('PHPSHOP_DOWNLOADS_ERR_INV', false)); return false; //vmRedirect("index.php?option=com_virtuemart&page=shop.downloads", $d["error"]); } elseif ($download_max == "0") { $q = "DELETE FROM #__{vm}_product_download"; $q .= " WHERE download_id = '" . $download_id . "'"; $db->query($q); $db->next_record(); $vmLogger->err($VM_LANG->_('PHPSHOP_DOWNLOADS_ERR_MAX', false)); return false; //vmRedirect("index.php?option=com_virtuemart&page=shop.downloads", $d["error"]); } elseif ($end_date != "0" && $zeit > $end_date) { $q = "DELETE FROM #__{vm}_product_download"; $q .= " WHERE download_id = '" . $download_id . "'"; $db->query($q); $db->next_record(); $vmLogger->err($VM_LANG->_('PHPSHOP_DOWNLOADS_ERR_EXP', false)); return false; //vmRedirect("index.php?option=com_virtuemart&page=shop.downloads", $d["error"]); } require_once CLASSPATH . 'connectionTools.class.php'; $download_count = true; if (@file_exists($datei)) { // Check if this is a request for a special range of the file (=Resume Download) $range_request = vmConnector::http_rangeRequest(filesize($datei), false); if ($range_request[0] == 0) { // this is not a request to resume a download, $download_count = true; } else { $download_count = false; } } else { $download_count = false; } // Parameter to check if the file should be removed after download, which is only true, // if we have a remote file, which was transferred to this server into a temporary file $unlink = false; if (strncmp($datei, 'http', 4) === 0) { require_once CLASSPATH . 'ps_product_files.php'; $datei_local = ps_product_files::getRemoteFile($datei); if ($datei_local !== false) { $datei = $datei_local; $unlink = true; } else { $vmLogger->err($VM_LANG->_('VM_DOWNLOAD_FILE_NOTFOUND', false)); return false; } } else { // Check, if file path is correct // and file is if (!@file_exists($datei)) { $vmLogger->err($VM_LANG->_('VM_DOWNLOAD_FILE_NOTFOUND', false)); return false; //vmRedirect("index.php?option=com_virtuemart&page=shop.downloads", $d["error"]); } if (!@is_readable($datei)) { $vmLogger->err($VM_LANG->_('VM_DOWNLOAD_FILE_NOTREADABLE', false)); return false; //vmRedirect("index.php?option=com_virtuemart&page=shop.downloads", $d["error"]); } } if ($download_count) { // decrement the download_max to limit the number of downloads $q = "UPDATE `#__{vm}_product_download` SET"; $q .= " `download_max`=`download_max` - 1"; $q .= " WHERE download_id = '" . $download_id . "'"; $db->query($q); $db->next_record(); } if ($end_date == "0") { // Set the Download Expiry Date, so the download can expire after DOWNLOAD_EXPIRE seconds $end_date = time('u') + DOWNLOAD_EXPIRE; $q = "UPDATE #__{vm}_product_download SET"; $q .= " end_date={$end_date}"; $q .= " WHERE download_id = '" . $download_id . "'"; $db->query($q); $db->next_record(); } if (ereg('Opera(/| )([0-9].[0-9]{1,2})', $_SERVER['HTTP_USER_AGENT'])) { $UserBrowser = "Opera"; } elseif (ereg('MSIE ([0-9].[0-9]{1,2})', $_SERVER['HTTP_USER_AGENT'])) { $UserBrowser = "IE"; } else { $UserBrowser = ''; } $mime_type = $UserBrowser == 'IE' || $UserBrowser == 'Opera' ? 'application/octetstream' : 'application/octet-stream'; // dump anything in the buffer while (@ob_end_clean()) { } vmConnector::sendFile($datei, $mime_type, basename($file_name)); if ($unlink) { // remove the temporarily downloaded remote file @unlink($datei); } $GLOBALS['vm_mainframe']->close(true); }