public function add_builder() { # which protected tool? if (empty($_GET['system_tool'])) { die('invalid system tool'); } $system_tool_id = valid::id_key($_GET['system_tool']); # get the system tool. $system_tool = ORM::factory('system_tool')->select('*, LOWER(name) AS name')->where(array('enabled' => 'yes', 'visible' => 'yes'))->find($system_tool_id); if (!$system_tool->loaded) { die('invalid system tool.'); } $toolname = valid::filter_php_filename($system_tool->name); if ($_POST) { # Validate page_name & duplicate check $filename = self::validate_page_name($_POST['label'], $_POST['page_name'], 'ROOT'); # create a new page. $max = ORM::factory('page')->select('MAX(position) as highest')->where('fk_site', $this->site_id)->find(); # does a template exist for this protected tool? $template = file_exists($this->assets->themes_dir("{$this->theme}/templates/" . strtolower($toolname) . '.html')) ? strtolower($toolname) : 'master'; $new_page = ORM::factory('page'); $new_page->fk_site = $this->site_id; $new_page->page_name = $filename; $new_page->label = $_POST['label']; $new_page->template = $template; $new_page->position = ++$max->highest; if (!empty($_POST['menu']) and 'yes' == $_POST['menu']) { $new_page->menu = 'yes'; } $new_page->save(); # init tool controller $tool_controller = new Tool_Controller(); # create the tool. $tool = $tool_controller->_create_tool($system_tool_id, NULL, NULL, TRUE); # add it to this page. $tool_controller->_add_to_page($tool, $new_page); # send html to javascript handler $visibility = empty($_POST['menu']) ? 'hidden' : 'enabled'; $vars = array('id' => $new_page->id, 'visibility' => $visibility, 'is_folder' => FALSE, 'is_protected' => TRUE, 'full_path' => $filename, 'filename' => $filename, 'page_builder' => "{$toolname}-{$system_tool_id}"); # output to the javascript UI. die(View::factory('page/page_wrapper_html', array('vars' => $vars))); } # Javascript duplicatate_page name filter Validation # convert filter_array to string for js $filter_array = self::get_folder_filenames('ROOT'); $filter_string = "'" . implode("','", $filter_array) . "'"; $primary = new View("page/new_builder"); $primary->filter = $filter_string; $primary->system_tool_id = $system_tool_id; $primary->toolname = $toolname; die($primary); }
public function upload() { if (!isset($_GET['dir'])) { $_GET['dir'] = ''; } $dir = self::validate_dir($_GET['dir']); # Do we have a file if (!is_uploaded_file($_FILES['Filedata']['tmp_name'])) { die('Invalid File'); } # test for size restrictions? # ( $_FILES['Filedata']['size'] > 90000 ) # NOTE:: IS THIS SECURE?? # Work-around maintaining the session because Flash Player doesn't send the cookies if (isset($_POST["PHPSESSID"])) { session_id($_POST["PHPSESSID"]); } # sanitize the filename. $ext = strrchr($_FILES['Filedata']['name'], '.'); $ext = strtolower($ext); $filename = str_replace($ext, '', $_FILES['Filedata']['name']); $filename = valid::filter_php_filename($filename) . $ext; # create thumbnails for images. if (array_key_exists($ext, $this->image_types)) { # does the thumb dir exist? if (!is_dir("{$dir}/_tmb")) { mkdir("{$dir}/_tmb"); } # initiliaze image as library object. $image = new Image($_FILES['Filedata']['tmp_name']); $width = $image->__get('width'); $height = $image->__get('height'); # Make square thumbnails (always need 100's for plusjade system) # are we instructed to make any more thumbnails? if (isset($_POST['thumb'])) { array_push($_POST['thumb'], 100); } else { $_POST['thumb'] = array(100); } foreach ($_POST['thumb'] as $size) { if (!is_dir("{$dir}/_tmb/{$size}")) { mkdir("{$dir}/_tmb/{$size}"); } if ($width > $height) { $image->resize($size, $size, Image::HEIGHT)->crop($size, $size); } else { $image->resize($size, $size, Image::WIDTH)->crop($size, $size); } $image->save("{$dir}/_tmb/{$size}/{$filename}"); } # save an optimized original version. # todo. save any apsurdly huge image to a max dimension. # if the file is over 300kb its likely not optimized. if (300000 < $_FILES['Filedata']['size']) { $image->quality(75)->save("{$dir}/{$filename}"); } else { move_uploaded_file($_FILES['Filedata']['tmp_name'], "{$dir}/{$filename}"); # $image->save("$dir/$filename"); } } else { # save the non image file. # turn php pages to text. str_replace('php', '', $ext, $match); if (0 < $match) { move_uploaded_file($_FILES['Filedata']['tmp_name'], "{$dir}/{$filename}.txt"); } else { move_uploaded_file($_FILES['Filedata']['tmp_name'], "{$dir}/{$filename}"); } } die('File uploaded'); }
public function save($folder = NULL, $file = NULL) { if ('templates' != $folder and 'css' != $folder) { die('invalid folder'); } $file = trim($file); if (empty($file)) { die('filename is required'); } $ext = 'templates' == $folder ? '.html' : '.sass'; $file = valid::filter_php_filename($file) . '%'; $file = str_ireplace("{$ext}%", '', $file) . $ext; if (!file_exists($this->assets->themes_dir("{$this->theme}/{$folder}") . $file) and !isset($_POST['contents'])) { die('Invalid File'); } if ($_POST) { $dest = $this->assets->themes_dir("{$this->theme}/{$folder}/{$file}"); file_put_contents($dest, $_POST['contents']); } }