Example #1
0
 /**
  * Save an attachment
  *
  * @return     void
  */
 public function saveTask()
 {
     if (Request::getVar('no_html', 0)) {
         return $this->ajaxUploadTask();
     }
     // Incoming
     $pid = Request::getInt('pid', 0);
     if (!$pid) {
         $this->setError(Lang::txt('CONTRIBUTE_NO_ID'));
         $this->displayTask($pid);
         return;
     }
     // Incoming file
     $file = Request::getVar('upload', '', 'files', 'array');
     if (!$file['name']) {
         $this->setError(Lang::txt('CONTRIBUTE_NO_FILE'));
         $this->displayTask($pid);
         return;
     }
     // Make the filename safe
     $file['name'] = \Filesystem::clean($file['name']);
     // Ensure file names fit.
     $ext = \Filesystem::extension($file['name']);
     $file['name'] = str_replace(' ', '_', $file['name']);
     if (strlen($file['name']) > 230) {
         $file['name'] = substr($file['name'], 0, 230);
         $file['name'] .= '.' . $ext;
     }
     // Instantiate a new resource object
     $row = new Resource($this->database);
     if (!$row->bind($_POST)) {
         $this->setError($row->getError());
         $this->displayTask($pid);
         return;
     }
     $row->title = $row->title ? $row->title : $file['name'];
     $row->introtext = $row->title;
     $row->created = Date::toSql();
     $row->created_by = User::get('id');
     $row->published = 1;
     $row->publish_up = Date::toSql();
     $row->publish_down = '0000-00-00 00:00:00';
     $row->standalone = 0;
     $row->path = '';
     // make sure no path is specified just yet
     // Check content
     if (!$row->check()) {
         $this->setError($row->getError());
         $this->displayTask($pid);
         return;
     }
     // File already exists
     if ($row->loadByFile($file['name'], $pid)) {
         $this->setError(Lang::txt('A file with this name and type appears to already exist.'));
         $this->displayTask($pid);
         return;
     }
     // Store new content
     if (!$row->store()) {
         $this->setError($row->getError());
         $this->displayTask($pid);
         return;
     }
     if (!$row->id) {
         $row->id = $row->insertid();
     }
     // Build the path
     $listdir = $this->_buildPathFromDate($row->created, $row->id, '');
     $path = $this->_buildUploadPath($listdir, '');
     // Make sure the upload path exist
     if (!is_dir($path)) {
         if (!\Filesystem::makeDirectory($path)) {
             $this->setError(Lang::txt('COM_CONTRIBUTE_UNABLE_TO_CREATE_UPLOAD_PATH'));
             $this->displayTask($pid);
             return;
         }
     }
     // Perform the upload
     if (!\Filesystem::upload($file['tmp_name'], $path . DS . $file['name'])) {
         $this->setError(Lang::txt('COM_CONTRIBUTE_ERROR_UPLOADING'));
     } else {
         // File was uploaded
         // Check the file type
         $row->type = $this->_getChildType($file['name']);
         // If it's a package (ZIP, etc) ...
         /*
         			Breeze presentations haven't been used for some time.
         			Completely unnecessary code?
         			if ($row->type == 38)
         			{
         				require_once(PATH_CORE . DS . 'includes' . DS . 'pcl' . DS . 'pclzip.lib.php');
         
         				if (!extension_loaded('zlib'))
         				{
         					$this->setError(Lang::txt('COM_CONTRIBUTE_ZLIB_PACKAGE_REQUIRED'));
         				}
         				else
         				{
         					// Check the table of contents and look for a Breeze viewer.swf file
         					$isbreeze = 0;
         
         					$zip = new PclZip($path . DS . $file['name']);
         
         					$file_to_unzip = preg_replace('/(.+)\..*$/', '$1', $path . DS . $file['name']);
         
         					if (($list = $zip->listContent()) == 0)
         					{
         						die('Error: '.$zip->errorInfo(true));
         					}
         
         					for ($i=0; $i<sizeof($list); $i++)
         					{
         						if (substr($list[$i]['filename'], strlen($list[$i]['filename']) - 10, strlen($list[$i]['filename'])) == 'viewer.swf')
         						{
         							$isbreeze = $list[$i]['filename'];
         							break;
         						}
         						//$this->setError(substr($list[$i]['filename'], strlen($list[$i]['filename']), -4).' '.substr($file['name'], strlen($file['name']), -4));
         					}
         					if (!$isbreeze)
         					{
         						for ($i=0; $i<sizeof($list); $i++)
         						{
         							if (strtolower(substr($list[$i]['filename'], -3)) == 'swf'
         							 && substr($list[$i]['filename'], strlen($list[$i]['filename']), -4) == substr($file['name'], strlen($file['name']), -4))
         							{
         								$isbreeze = $list[$i]['filename'];
         								break;
         							}
         							//$this->setError(substr($list[$i]['filename'], strlen($list[$i]['filename']), -4).' '.substr($file['name'], strlen($file['name']), -4));
         						}
         					}
         
         					// It IS a breeze presentation
         					if ($isbreeze)
         					{
         						// unzip the file
         						$do = $zip->extract($path);
         						if (!$do)
         						{
         							$this->setError(Lang::txt('COM_CONTRIBUTE_UNABLE_TO_EXTRACT_PACKAGE'));
         						}
         						else
         						{
         							$row->path = $listdir . DS . $isbreeze;
         
         							@unlink($path . DS . $file['name']);
         						}
         						$row->type = $this->_getChildType($row->path);
         						$row->title = $isbreeze;
         					}
         				}
         			}*/
     }
     // Scan for viruses
     $fpath = $path . DS . $file['name'];
     if (!\Filesystem::isSafe($fpath)) {
         if (\Filesystem::delete($fpath)) {
             // Delete associations to the resource
             $row->deleteExistence();
             // Delete resource
             $row->delete();
         }
         $this->setError(Lang::txt('File rejected because the anti-virus scan failed.'));
         $this->displayTask($pid);
         return;
     }
     if (!$row->path) {
         $row->path = $listdir . DS . $file['name'];
     }
     $row->path = ltrim($row->path, DS);
     // Store new content
     if (!$row->store()) {
         $this->setError($row->getError());
         $this->displayTask($pid);
         return;
     }
     // Instantiate a Resources Assoc object
     $assoc = new Assoc($this->database);
     // Get the last child in the ordering
     $assoc->ordering = $assoc->getLastOrder($pid);
     $assoc->ordering = $assoc->ordering ? $assoc->ordering : 0;
     // Increase the ordering - new items are always last
     $assoc->ordering++;
     // Create new parent/child association
     $assoc->parent_id = $pid;
     $assoc->child_id = $row->id;
     $assoc->grouping = 0;
     if (!$assoc->check()) {
         $this->setError($assoc->getError());
     }
     if (!$assoc->store(true)) {
         $this->setError($assoc->getError());
     } else {
         if (is_readable($path . DS . $file['name'])) {
             $hash = @sha1_file($path . DS . $file['name']);
             if (!empty($hash)) {
                 $this->database->setQuery('SELECT id FROM `#__document_text_data` WHERE hash = \'' . $hash . '\'');
                 if (!($doc_id = $this->database->loadResult())) {
                     $this->database->execute('INSERT INTO `#__document_text_data` (hash) VALUES (\'' . $hash . '\')');
                     $doc_id = $this->database->insertId();
                 }
                 $this->database->execute('INSERT IGNORE INTO `#__document_resource_rel` (document_id, resource_id) VALUES (' . (int) $doc_id . ', ' . (int) $row->id . ')');
                 system('/usr/bin/textifier ' . escapeshellarg($path . DS . $file['name']) . ' >/dev/null');
             }
         }
     }
     // Push through to the attachments view
     $this->displayTask($pid);
 }