public function upload_files() { $files = array(); if ($this->token->validate('upload_files')) { $r = $this->entityManager->getRepository('\\PortlandLabs\\Concrete5\\MigrationTool\\Entity\\Import\\Batch'); $batch = $r->findOneById($this->request->request('id')); if (is_object($batch)) { $cf = \Core::make('helper/file'); $fp = \FilePermissions::getGlobal(); if (isset($_FILES['file']) && is_uploaded_file($_FILES['file']['tmp_name'])) { if (!$fp->canAddFileType($cf->getExtension($_FILES['file']['name']))) { throw new \Exception(Importer::getErrorMessage(Importer::E_FILE_INVALID_EXTENSION)); } else { $ih = new Importer(); $response = $ih->import($_FILES['file']['tmp_name'], $_FILES['file']['name']); if (!$response instanceof \Concrete\Core\File\Version) { throw new \Exception(Importer::getErrorMessage($response)); } else { $file = $response->getFile(); $fs = Set::getByName($batch->getID()); if (!is_object($fs)) { $fs = Set::createAndGetSet($batch->getID(), Set::TYPE_PRIVATE); } $fs->addFileToSet($file); $files[] = $file; } } } } } $this->flash('success', t('File(s) uploaded successfully')); $r = new \Concrete\Core\File\EditResponse(); $r->setFiles($files); $r->outputJSON(); }
public function action_document_submit($bID = false) { if ($this->bID != $bID) { return false; } //print_r( $_FILES ); // exit; $this->view(); //$this->set('action', $this->post() ); if ($this->CheckCase(intval($this->post('CaseID'))) == false) { return; } $error = \Concrete\Core\File\Importer::E_PHP_FILE_ERROR_DEFAULT; if (isset($_FILES['document']) && is_uploaded_file($_FILES['document']['tmp_name'])) { $file = $_FILES['document']['tmp_name']; $filename = $_FILES['document']['name']; $importer = new \Concrete\Core\File\Importer(); $result = $importer->import($file, $filename); if ($result instanceof \Concrete\Core\File\Version) { //TODO::WARNING!!! //потенциальная опастность! //пользователь может подделать CaseID и добавить документ к другому делу $db = Loader::db(); $ql = "INSERT INTO `CaseDocuments` ( bID, CaseID, DocumentOwnerID, DocumentID, DocumentDescription, DocumentURL, DocumentDate ) VALUES ( ?, ?, ?, ?, ?, ?, ? )"; $val = array(intval($bID), intval($this->post('CaseID')), $result->getAuthorUserID(), $result->getFileID(), $this->post('Description'), $result->getURL(), $result->getDateAdded()); $db->query($ql, $val); $this->redirect('/'); } else { $error = $result; } } else { if (isset($_FILES['document'])) { $error = $_FILES['document']['error']; } } $this->set('errorMessage', \Concrete\Core\File\Importer::getErrorMessage($error)); }
/** * Returns a text string explaining the error that was passed. * * @param int $code * * @return string */ public function getErrorMessage($code) { return parent::getErrorMessage($code); }