function Server_MapPath($path) { // This function is available only for Apache if (function_exists('apache_lookup_uri')) { $info = apache_lookup_uri($path); return $info->filename . $info->path_info; } // This isn't correct but for the moment there's no other solution // If this script is under a virtual directory or symlink it will detect the problem and stop return GetRootPath() . $path; }
$GLOBALS["UserFilesPath"] = $_GET['ServerPath']; } else { $GLOBALS["UserFilesPath"] = '/userfiles/'; } } if (!ereg('/$', $GLOBALS["UserFilesPath"])) { $GLOBALS["UserFilesPath"] .= '/'; } if (strlen($Config['UserFilesAbsolutePath']) > 0) { $GLOBALS["UserFilesDirectory"] = $Config['UserFilesAbsolutePath']; if (!ereg('/$', $GLOBALS["UserFilesDirectory"])) { $GLOBALS["UserFilesDirectory"] .= '/'; } } else { // Map the "UserFiles" path to a local directory. $GLOBALS["UserFilesDirectory"] = GetRootPath() . $GLOBALS["UserFilesPath"]; } DoResponse(); function DoResponse() { if (!isset($_GET['Command']) || !isset($_GET['Type']) || !isset($_GET['CurrentFolder'])) { return; } // Get the main request informaiton. $sCommand = $_GET['Command']; $sResourceType = $_GET['Type']; $sCurrentFolder = $_GET['CurrentFolder']; // Check if it is an allowed type. if (!in_array($sResourceType, array('File', 'Image', 'Flash', 'Media'))) { return; }
$sExtension = strtolower($sExtension); // The the file type (from the QueryString, by default 'File'). $sType = isset($_GET['Type']) ? $_GET['Type'] : 'File'; // Get the allowed and denied extensions arrays. $arAllowed = $Config['AllowedExtensions'][$sType]; $arDenied = $Config['DeniedExtensions'][$sType]; // Check if it is an allowed extension. if (count($arAllowed) > 0 && !in_array($sExtension, $arAllowed) || count($arDenied) > 0 && in_array($sExtension, $arDenied)) { SendResults('202'); } $sErrorNumber = '0'; $sFileUrl = ''; // Initializes the counter used to rename the file, if another one with the same name already exists. $iCounter = 0; // The the target directory. $sServerDir = GetRootPath() . $Config["UserFilesPath"]; while (true) { // Compose the file path. $sFilePath = $sServerDir . $sFileName; // If a file with that name already exists. if (is_file($sFilePath)) { $iCounter++; $sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension; $sErrorNumber = '201'; } else { move_uploaded_file($oFile['tmp_name'], $sFilePath); if (is_file($sFilePath)) { $oldumask = umask(0); chmod($sFilePath, 0777); umask($oldumask); }
<?php define("YIQIINC", preg_replace("/[\\/\\\\]{1,}/i", '/', dirname(__FILE__))); define("YIQIROOT", preg_replace("/[\\/\\\\]{1,}/i", '/', substr(YIQIINC, 0, -8))); define("YIQIPATH", str_replace(GetRootPath(), "", YIQIROOT . '/')); header("content-type:text/html; charset=utf-8"); error_reporting(E_ALL ^ E_NOTICE); require_once 'common.func.php'; require_once 'data.class.php'; require_once 'templets.inc.php'; require_once 'version.php'; if (phpversion() > '5.1.0') { date_default_timezone_set('Asia/Shanghai'); } function GetRootPath() { $sRealPath = realpath('.'); $sSelfPath = $_SERVER['PHP_SELF']; $sSelfPath = substr($sSelfPath, 0, strrpos($sSelfPath, '/')); return preg_replace("/[\\/\\\\]{1,}/i", '/', substr($sRealPath, 0, strlen($sRealPath) - strlen($sSelfPath))); }
function FileUpload($resourceType, $currentFolder, $sCommand) { dbConn(); $email = getEmailFCK(); $thumb_widthpx = 160; if (!isset($_FILES)) { global $_FILES; } $sErrorNumber = '0'; $sFileName = ''; if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name']) && $email != "") { global $Config; $oFile = $_FILES['NewFile']; // Map the virtual path to the local server path. //$sServerDir = ServerMapFolder( $resourceType, $currentFolder, $sCommand ) ; $s = GetRootPath() . $Config['UserTempPath'] . $currentFolder . "/"; $s = str_replace("\\", "/", $s); $sServerDir = $s; $f = fopen("log2.txt", "a"); fwrite($f, "\r\n s = {$s} \r\n"); // Get the uploaded file name. $sFileName = $oFile['name']; $sFileName = SanitizeFileName($sFileName); $sOriginalFileName = $sFileName; // Get the extension. $sExtension = substr($sFileName, strrpos($sFileName, '.') + 1); $sExtension = strtolower($sExtension); if (isset($Config['SecureImageUploads'])) { if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) { $sErrorNumber = '202'; } } if (isset($Config['HtmlExtensions'])) { if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) { $sErrorNumber = '202'; } } // Check if it is an allowed extension. if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) { $iCounter = 0; while (true) { $sFilePath = $sServerDir . "/" . $sFileName; //fwrite($f, "\r\n sFilePath = $sFilePath \r\n"); //fwrite($f, "\nsServerDir = $sServerDir\n"); if (is_file($sFilePath)) { $iCounter++; $sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension; $sErrorNumber = '201'; } else { move_uploaded_file($oFile['tmp_name'], $sFilePath); if (is_file($sFilePath)) { $ftype = $_FILES['NewFile']['type']; $file_size = $_FILES['NewFile']['size']; $originalpic = file_get_contents($sFilePath); list($width, $height) = getimagesize($sFilePath); if ($width > $thumb_widthpx) { $count = 1; $p = str_replace($sFileName, "", $sFilePath, $count); //fwrite($f, "\r\nfpath: $sFilePath\r\n"); $thumbpic = getThumbImage($p, $thumb_widthpx, $sFileName); } else { $thumbpic = $originalpic; unlink($sFilePath); } $album_id = getAlbumId($email); $table = 'user_imgs'; $fields = array('id', 'user_email', 'large_image', 'thumb_image', 'file_type', 'stat', 'file_name', 'file_size', 'album_id', 'admin_perm', 'view_count', 'rating'); $values = array(null, $email, $originalpic, $thumbpic, $ftype, 1, $sFileName, $file_size, $album_id, 1, 0, 0); $rs = insertData($table, $fields, $values); if (is_string($rs) || $rs == false) { //$sErrorNumber = '202' ; //file_put_contents("$sFileName", $thumbpic); } else { //fwrite($f, "is inserted = true"); } if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) { break; } $permissions = 0777; if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) { $permissions = $Config['ChmodOnUpload']; } $oldumask = umask(0); chmod($sFilePath, $permissions); umask($oldumask); } break; } } if (file_exists($sFilePath)) { //previous checks failed, try once again if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) { @unlink($sFilePath); $sErrorNumber = '202'; } else { if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) { @unlink($sFilePath); $sErrorNumber = '202'; } } } } else { $sErrorNumber = '202'; } } else { $sErrorNumber = '202'; } $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder); $sFileUrl = CombinePaths($sFileUrl, $sFileName); SendUploadResults($sErrorNumber, $sFileUrl, $sFileName); exit; }
// Get the allowed and denied extensions arrays. $arAllowed = $Config['AllowedExtensions'][$sType]; $arDenied = $Config['DeniedExtensions'][$sType]; // Check if it is an allowed extension. if (count($arAllowed) > 0 && !in_array($sExtension, $arAllowed) || count($arDenied) > 0 && in_array($sExtension, $arDenied)) { SendResults('202'); } $sErrorNumber = '0'; $sFileUrl = ''; // Initializes the counter used to rename the file, if another one with the same name already exists. $iCounter = 0; // The the target directory. if (isset($Config['UserFilesAbsolutePath']) && strlen($Config['UserFilesAbsolutePath']) > 0) { $sServerDir = $Config['UserFilesAbsolutePath']; } else { $sServerDir = GetRootPath() . $Config["UserFilesPath"] . $sType . "/"; } while (true) { // Compose the file path. $sFilePath = $sServerDir . $sFileName; // If a file with that name already exists. if (is_file($sFilePath)) { $iCounter++; $sFileName = RemoveExtension($sOriginalFileName) . '(' . $iCounter . ').' . $sExtension; $sErrorNumber = '201'; } else { move_uploaded_file($oFile['tmp_name'], $sFilePath); if (is_file($sFilePath)) { $oldumask = umask(0); chmod($sFilePath, 0777); umask($oldumask);