$_FILES["submission"]["tmp_name"] = $tempfilename; $_FILES["submission"]["name"] = "textfile.txt"; $_FILES["submission"]["type"] = "text/plain"; $_FILES["submission"]["simple_move"] = true; if (checkUploadedFile("thumb") == _UPL_NO_FILE) { $thumbfilename = applyIdToPath("files/thumbs/", $objData["objid"]) . "-" . preg_replace('/[^0-9]/', "", $objData["objLastEdit"]) . ".jpg"; $_FILES["thumb"]["error"] = UPLOAD_ERR_OK; $_FILES["thumb"]["tmp_name"] = $thumbfilename; $_FILES["thumb"]["name"] = "thumbnail.jpg"; $_FILES["thumb"]["type"] = "image/jpeg"; $_FILES["thumb"]["simple_move"] = true; } } if (isset($_POST["submit"])) { $uploadError = checkUploadedFile("submission"); $uploadErrorThumb = checkUploadedFile("thumb"); if (($uploadError == "" || $uploadError == _UPL_NO_FILE) && ($uploadErrorThumb == "" || $uploadErrorThumb == _UPL_NO_FILE)) { if (submitImage($objid, $uploadError == _UPL_NO_FILE ? "" : "submission", $uploadErrorThumb == _UPL_NO_FILE ? "" : "thumb", $uploadErrorThumb, $imageChanged)) { if ($imageChanged) { if (isset($_POST["sendNotification"]) && $_POST["sendNotification"]) { function notifyClubWatchers($objCreator, $objid, $clubField) { global $_objects; // If this submission is going into some club, notify the club's watchers. $result = sql_query("SELECT `objForClub` FROM {$_objects} WHERE `objid` = '{$objid}' LIMIT 1"); $forClub = mysql_result($result, 0); // Notify the watchers. addArtUpdateToWatchers($objCreator, $objid, $forClub); } notifyClubWatchers($objData["objCreator"], $objid, "objForClub"); notifyClubWatchers($objData["objCreator"], $objid, "objForClub2");
/** * Upload config image */ function procLayoutAdminConfigImageUpload() { $layoutSrl = Context::get('layout_srl'); $name = Context::get('name'); $img = Context::get('img'); $this->setTemplatePath($this->module_path . 'tpl'); $this->setTemplateFile("after_upload_config_image.html"); if (!$img['tmp_name'] || !is_uploaded_file($img['tmp_name']) || !checkUploadedFile($img['tmp_name'])) { Context::set('msg', Context::getLang('upload failed')); return; } if (!preg_match('/\\.(jpg|jpeg|gif|png|swf)$/i', $img['name'])) { Context::set('msg', Context::getLang('msg_layout_image_target')); return; } $path = sprintf('./files/attach/images/%s/', $layoutSrl); $tmpPath = $path . 'tmp/'; if (!FileHandler::makeDir($tmpPath)) { Context::set('msg', Context::getLang('make directory failed')); return; } $ext = substr(strrchr($img['name'], '.'), 1); $_fileName = md5(crypt(rand(1000000, 900000), rand(0, 100))) . '.' . $ext; $fileName = $path . $_fileName; $tmpFileName = $tmpPath . $_fileName; if (!move_uploaded_file($img['tmp_name'], $tmpFileName)) { Context::set('msg', Context::getLang('move file failed')); return; } Context::set('name', $name); Context::set('fileName', $fileName); Context::set('tmpFileName', $tmpFileName); }
/** * Insert a image mark * * @param int $member_srl * @param object $target_file * * @return void */ function insertImageMark($member_srl, $target_file) { // Check uploaded file if (!checkUploadedFile($target_file)) { return; } $oModuleModel = getModel('module'); $config = $oModuleModel->getModuleConfig('member'); // Get an image size $max_width = $config->image_mark_max_width; if (!$max_width) { $max_width = "20"; } $max_height = $config->image_mark_max_height; if (!$max_height) { $max_height = "20"; } $target_path = sprintf('files/member_extra_info/image_mark/%s/', getNumberingPath($member_srl)); FileHandler::makeDir($target_path); $target_filename = sprintf('%s%d.gif', $target_path, $member_srl); // Get file information list($width, $height, $type, $attrs) = @getimagesize($target_file); if ($width > $max_width || $height > $max_height || $type != 1) { FileHandler::createImageFile($target_file, $target_filename, $max_width, $max_height, 'gif'); } else { @copy($target_file, $target_filename); } }
/** * All RSS feeds configurations * * @return void */ function procRssAdminInsertConfig() { $oModuleModel = getModel('module'); $total_config = $oModuleModel->getModuleConfig('rss'); $config_vars = Context::getRequestVars(); $config_vars->feed_document_count = (int) $config_vars->feed_document_count; if (!$config_vars->use_total_feed) { $alt_message = 'msg_invalid_request'; } if (!in_array($config_vars->use_total_feed, array('Y', 'N'))) { $config_vars->open_rss = 'Y'; } if ($config_vars->image || $config_vars->del_image) { $image_obj = $config_vars->image; $config_vars->image = $total_config->image; // Get a variable for the delete request if ($config_vars->del_image == 'Y' || $image_obj) { FileHandler::removeFile($config_vars->image); $config_vars->image = ''; $total_config->image = ''; } // Ignore if the file is not the one which has been successfully uploaded if ($image_obj['tmp_name'] && is_uploaded_file($image_obj['tmp_name']) && checkUploadedFile($image_obj['tmp_name'])) { // Ignore if the file is not an image (swf is accepted ~) $image_obj['name'] = Context::convertEncodingStr($image_obj['name']); if (!preg_match("/\\.(jpg|jpeg|gif|png)\$/i", $image_obj['name'])) { $alt_message = 'msg_rss_invalid_image_format'; } else { // Upload the file to a path $path = './files/attach/images/rss/'; // Create a directory if (!FileHandler::makeDir($path)) { $alt_message = 'msg_error_occured'; } else { $filename = $path . $image_obj['name']; // Move the file if (!move_uploaded_file($image_obj['tmp_name'], $filename)) { $alt_message = 'msg_error_occured'; } else { $config_vars->image = $filename; } } } } } if (!$config_vars->image && $config_vars->del_image != 'Y') { $config_vars->image = $total_config->image; } $output = $this->setFeedConfig($config_vars); if (!$alt_message) { $alt_message = 'success_updated'; } $alt_message = Context::getLang($alt_message); $this->setMessage($alt_message, 'info'); //$this->setLayoutPath('./common/tpl'); //$this->setLayoutFile('default_layout.html'); //$this->setTemplatePath($this->module_path.'tpl'); //$this->setTemplateFile("top_refresh.html"); $returnUrl = Context::get('success_return_url') ? Context::get('success_return_url') : getNotEncodedUrl('', 'module', 'admin', 'act', 'dispRssAdminIndex'); $this->setRedirectUrl($returnUrl); }
/** * Save the skin information * * @return mixed */ function procIntegration_searchAdminInsertSkin() { // Get configurations (using module model object) $oModuleModel = getModel('module'); $config = $oModuleModel->getModuleConfig('integration_search'); $args->skin = $config->skin; $args->target_module_srl = $config->target_module_srl; // Get skin information (to check extra_vars) $skin_info = $oModuleModel->loadSkinInfo($this->module_path, $config->skin); // Check received variables (delete the basic variables such as mo, act, module_srl, page) $obj = Context::getRequestVars(); unset($obj->act); unset($obj->module_srl); unset($obj->page); // Separately handle if the extra_vars is an image type in the original skin_info if ($skin_info->extra_vars) { foreach ($skin_info->extra_vars as $vars) { if ($vars->type != 'image') { continue; } $image_obj = $obj->{$vars->name}; // Get a variable on a request to delete $del_var = $obj->{"del_" . $vars->name}; unset($obj->{"del_" . $vars->name}); if ($del_var == 'Y') { FileHandler::removeFile($module_info->{$vars->name}); continue; } // Use the previous data if not uploaded if (!$image_obj['tmp_name']) { $obj->{$vars->name} = $module_info->{$vars->name}; continue; } // Ignore if the file is not successfully uploaded, and check uploaded file if (!is_uploaded_file($image_obj['tmp_name']) || !checkUploadedFile($image_obj['tmp_name'])) { unset($obj->{$vars->name}); continue; } // Ignore if the file is not an image if (!preg_match("/\\.(jpg|jpeg|gif|png)\$/i", $image_obj['name'])) { unset($obj->{$vars->name}); continue; } // Upload the file to a path $path = sprintf("./files/attach/images/%s/", $module_srl); // Create a directory if (!FileHandler::makeDir($path)) { return false; } $filename = $path . $image_obj['name']; // Move the file if (!move_uploaded_file($image_obj['tmp_name'], $filename)) { unset($obj->{$vars->name}); continue; } // Change a variable unset($obj->{$vars->name}); $obj->{$vars->name} = $filename; } } // Serialize and save $args->skin_vars = serialize($obj); $oModuleController = getController('module'); $output = $oModuleController->insertModuleConfig('integration_search', $args); $this->setMessage('success_updated', 'info'); $returnUrl = Context::get('success_return_url') ? Context::get('success_return_url') : getNotEncodedUrl('', 'module', 'admin', 'act', 'dispIntegration_searchAdminSkinInfo'); return $this->setRedirectUrl($returnUrl, $output); }
/** * Register a menu image button * @param object $args * @return array */ function _uploadButton($args) { // path setting $path = sprintf('./files/attach/menu_button/%d/', $args->menu_srl); if ($args->menu_normal_btn || $args->menu_hover_btn || $args->menu_active_btn && !is_dir($path)) { FileHandler::makeDir($path); } if ($args->isNormalDelete == 'Y' || $args->isHoverDelete == 'Y' || $args->isActiveDelete == 'Y') { $oMenuModel = getAdminModel('menu'); $itemInfo = $oMenuModel->getMenuItemInfo($args->menu_item_srl); if ($args->isNormalDelete == 'Y' && $itemInfo->normal_btn) { FileHandler::removeFile($itemInfo->normal_btn); } if ($args->isHoverDelete == 'Y' && $itemInfo->hover_btn) { FileHandler::removeFile($itemInfo->hover_btn); } if ($args->isActiveDelete == 'Y' && $itemInfo->active_btn) { FileHandler::removeFile($itemInfo->active_btn); } } $returnArray = array(); $date = date('YmdHis'); // normal button if ($args->menu_normal_btn) { $tmp_arr = explode('.', $args->menu_normal_btn['name']); $ext = $tmp_arr[count($tmp_arr) - 1]; $filename = sprintf('%s%d.%s.%s.%s', $path, $args->menu_item_srl, $date, 'menu_normal_btn', $ext); if (checkUploadedFile($args->menu_normal_btn['tmp_name'])) { move_uploaded_file($args->menu_normal_btn['tmp_name'], $filename); $returnArray['normal_btn'] = $filename; } } // hover button if ($args->menu_hover_btn) { $tmp_arr = explode('.', $args->menu_hover_btn['name']); $ext = $tmp_arr[count($tmp_arr) - 1]; $filename = sprintf('%s%d.%s.%s.%s', $path, $args->menu_item_srl, $date, 'menu_hover_btn', $ext); if (checkUploadedFile($args->menu_hover_btn['tmp_name'])) { move_uploaded_file($args->menu_hover_btn['tmp_name'], $filename); $returnArray['hover_btn'] = $filename; } } // active button if ($args->menu_active_btn) { $tmp_arr = explode('.', $args->menu_active_btn['name']); $ext = $tmp_arr[count($tmp_arr) - 1]; $filename = sprintf('%s%d.%s.%s.%s', $path, $args->menu_item_srl, $date, 'menu_active_btn', $ext); if (checkUploadedFile($args->menu_active_btn['tmp_name'])) { move_uploaded_file($args->menu_active_btn['tmp_name'], $filename); $returnArray['active_btn'] = $filename; } } return $returnArray; }
/** * @brief Updating Skins */ function procModuleAdminUpdateSkinInfo() { // Get information of the module_srl $module_srl = Context::get('module_srl'); $mode = Context::get('_mode'); $mode = $mode === 'P' ? 'P' : 'M'; $oModuleModel = getModel('module'); $columnList = array('module_srl', 'module', 'skin', 'mskin', 'is_skin_fix', 'is_mskin_fix'); $module_info = $oModuleModel->getModuleInfoByModuleSrl($module_srl, $columnList); if ($module_info->module_srl) { if ($mode === 'M') { if ($module_info->is_mskin_fix == 'Y') { $skin = $module_info->mskin; } else { $skin = $oModuleModel->getModuleDefaultSkin($module_info->module, 'M'); } } else { if ($module_info->is_skin_fix == 'Y') { $skin = $module_info->skin; } else { $skin = $oModuleModel->getModuleDefaultSkin($module_info->module, 'P'); } } // Get skin information (to check extra_vars) $module_path = _XE_PATH_ . 'modules/' . $module_info->module; if ($mode === 'M') { $skin_info = $oModuleModel->loadSkinInfo($module_path, $skin, 'm.skins'); $skin_vars = $oModuleModel->getModuleMobileSkinVars($module_srl); } else { $skin_info = $oModuleModel->loadSkinInfo($module_path, $skin); $skin_vars = $oModuleModel->getModuleSkinVars($module_srl); } // Check received variables (unset such variables as act, module_srl, page, mid, module) $obj = Context::getRequestVars(); unset($obj->act); unset($obj->error_return_url); unset($obj->module_srl); unset($obj->page); unset($obj->mid); unset($obj->module); unset($obj->_mode); // Separately handle if a type of extra_vars is an image in the original skin_info if ($skin_info->extra_vars) { foreach ($skin_info->extra_vars as $vars) { if ($vars->type != 'image') { continue; } $image_obj = $obj->{$vars->name}; // Get a variable to delete $del_var = $obj->{"del_" . $vars->name}; unset($obj->{"del_" . $vars->name}); if ($del_var == 'Y') { FileHandler::removeFile($skin_vars[$vars->name]->value); continue; } // Use the previous data if not uploaded if (!$image_obj['tmp_name']) { $obj->{$vars->name} = $skin_vars[$vars->name]->value; continue; } // Ignore if the file is not successfully uploaded if (!is_uploaded_file($image_obj['tmp_name']) || !checkUploadedFile($image_obj['tmp_name'])) { unset($obj->{$vars->name}); continue; } // Ignore if the file is not an image if (!preg_match("/\\.(jpg|jpeg|gif|png)\$/i", $image_obj['name'])) { unset($obj->{$vars->name}); continue; } // Upload the file to a path $path = sprintf("./files/attach/images/%s/", $module_srl); // Create a directory if (!FileHandler::makeDir($path)) { return false; } $filename = $path . $image_obj['name']; // Move the file if (!move_uploaded_file($image_obj['tmp_name'], $filename)) { unset($obj->{$vars->name}); continue; } // Upload the file FileHandler::removeFile($skin_vars[$vars->name]->value); // Change a variable unset($obj->{$vars->name}); $obj->{$vars->name} = $filename; } } // Load the entire skin of the module and then remove the image /* if($skin_info->extra_vars) { foreach($skin_info->extra_vars as $vars) { if($vars->type!='image') continue; $value = $skin_vars[$vars->name]; if(file_exists($value)) @unlink($value); } } */ $oModuleController = getController('module'); if ($mode === 'M') { $output = $oModuleController->insertModuleMobileSkinVars($module_srl, $obj); } else { $output = $oModuleController->insertModuleSkinVars($module_srl, $obj); } if (!$output->toBool()) { return $output; } } $this->setMessage('success_saved'); $this->setRedirectUrl(Context::get('error_return_url')); }
/** * @brief Add a file into the file box */ function insertModuleFileBox($vars) { // set module_filebox_srl $vars->module_filebox_srl = getNextSequence(); // get file path $oModuleModel = getModel('module'); $path = $oModuleModel->getModuleFileBoxPath($vars->module_filebox_srl); FileHandler::makeDir($path); $save_filename = sprintf('%s%s.%s', $path, $vars->module_filebox_srl, $vars->ext); $tmp = $vars->addfile['tmp_name']; // Check uploaded file if (!checkUploadedFile($tmp)) { return false; } // upload if (!@move_uploaded_file($tmp, $save_filename)) { return false; } // insert $args = new stdClass(); $args->module_filebox_srl = $vars->module_filebox_srl; $args->member_srl = $vars->member_srl; $args->comment = $vars->comment; $args->filename = $save_filename; $args->fileextension = strtolower(substr(strrchr($vars->addfile['name'], '.'), 1)); $args->filesize = $vars->addfile['size']; $output = executeQuery('module.insertModuleFileBox', $args); $output->add('save_filename', $save_filename); return $output; }
if (is_array($oldFiles) && count($oldFiles) > 0) { foreach ($oldFiles as $oldFile) { unlink($oldFile); // Delete old files } } uploadFile("avatar", $avatarFilename . '-' . time(), $extension); updateAvatar($_auth["useid"]); } } } if ($avatarError != "" && $avatarError != _UPL_NO_FILE) { notice($avatarError); } // ID $idError = checkUploadedFile("id"); if (!$idError) { $idImageName = $_FILES["id"]["tmp_name"]; } else { $idImageName = ""; } if ($idError != "" && $idError != _UPL_NO_FILE) { notice($idError); } // Featured work $objid = $_POST["useFeaturedObj"]; $objResult = sql_query("SELECT `objid`, `objTitle`, `objExtension`, `objLastEdit` " . "FROM `objects`, `objExtData`" . dbWhere(array("objid" => $objid, "objCreator" => $_auth["useid"], "objEid*" => "objid", "objDeleted" => 0, "objPending" => 0)) . "LIMIT 1"); $featChanged = false; if ($objData = mysql_fetch_assoc($objResult)) { $featImageName = applyIdToPath("files/data/", $objid) . "-" . preg_replace('/[^0-9]/', "", $objData["objLastEdit"]) . "." . $objData["objExtension"]; $featImageName2 = applyIdToPath("files/thumbs/", $objid) . "-" . preg_replace('/[^0-9]/', "", $objData["objLastEdit"]) . ".jpg";
function uploadSingleImage($fileVar, $width = 0, $height = 0, $maxFilesize = 0, &$filename, &$errors, $themePath) { $error = checkUploadedFile($fileVar); $lastfile = findNewestFile($themePath . $fileVar . "-*.jpg"); $filenameWithoutExt = $themePath . $fileVar . "-" . time(); $filename = $filenameWithoutExt . ".jpg"; $allowNoFile = false; if ($lastfile != "") { $allowNoFile = true; } if ($error != "" && $error != _UPL_NO_FILE) { $errors[$fileVar] = $error; $filename = $lastfile; return false; } if ($error == _UPL_NO_FILE) { $filename = $lastfile; if ($allowNoFile) { return true; } else { $errors[$fileVar] = $error; return false; } } uploadFile($fileVar, $filenameWithoutExt, $ext); if ($ext != "jpg") { $errors[$fileVar] = "Image type must be JPEG"; } else { if ($maxFilesize != 0 && filesize($filename) > $maxFilesize) { $errors[$fileVar] = "The image file size must not exceed {$maxFilesize} bytes."; } else { $fileinfo = getimagesize($filename); if ($width != 0 && $fileinfo[0] > $width) { $errors[$fileVar] = "The image width must be exactly {$width} pixels."; } else { if ($height != 0 && $fileinfo[1] > $height) { $errors[$fileVar] = "The image height must be exactly {$height} pixels."; } } } } if (count($errors) > 0) { if (file_exists($filename)) { unlink($filename); } $filename = $lastfile; return false; } if ($lastfile != "") { unlink($lastfile); } return true; }
/** * Add an attachement * * <pre> * This method call trigger 'file.insertFile'. * * Before trigger object contains: * - module_srl * - upload_target_srl * * After trigger object contains: * - file_srl * - upload_target_srl * - module_srl * - direct_download * - source_filename * - uploaded_filename * - donwload_count * - file_size * - comment * - member_srl * - sid * </pre> * * @param object $file_info PHP file information array * @param int $module_srl Sequence of module to upload file * @param int $upload_target_srl Sequence of target to upload file * @param int $download_count Initial download count * @param bool $manual_insert If set true, pass validation check * @return Object */ function insertFile($file_info, $module_srl, $upload_target_srl, $download_count = 0, $manual_insert = false) { // Call a trigger (before) $trigger_obj = new stdClass(); $trigger_obj->module_srl = $module_srl; $trigger_obj->upload_target_srl = $upload_target_srl; $output = ModuleHandler::triggerCall('file.insertFile', 'before', $trigger_obj); if (!$output->toBool()) { return $output; } // A workaround for Firefox upload bug if (preg_match('/^=\\?UTF-8\\?B\\?(.+)\\?=$/i', $file_info['name'], $match)) { $file_info['name'] = base64_decode(strtr($match[1], ':', '/')); } if (!$manual_insert) { // Get the file configurations $logged_info = Context::get('logged_info'); if ($logged_info->is_admin != 'Y') { $oFileModel = getModel('file'); $config = $oFileModel->getFileConfig($module_srl); // check file type if (isset($config->allowed_filetypes) && $config->allowed_filetypes !== '*.*') { $filetypes = explode(';', $config->allowed_filetypes); $ext = array(); foreach ($filetypes as $item) { $item = explode('.', $item); $ext[] = strtolower($item[1]); } $uploaded_ext = explode('.', $file_info['name']); $uploaded_ext = strtolower(array_pop($uploaded_ext)); if (!in_array($uploaded_ext, $ext)) { return $this->stop('msg_not_allowed_filetype'); } } $allowed_filesize = $config->allowed_filesize * 1024 * 1024; $allowed_attach_size = $config->allowed_attach_size * 1024 * 1024; // An error appears if file size exceeds a limit if ($allowed_filesize < filesize($file_info['tmp_name'])) { return new Object(-1, 'msg_exceeds_limit_size'); } // Get total file size of all attachements (from DB) $size_args = new stdClass(); $size_args->upload_target_srl = $upload_target_srl; $output = executeQuery('file.getAttachedFileSize', $size_args); $attached_size = (int) $output->data->attached_size + filesize($file_info['tmp_name']); if ($attached_size > $allowed_attach_size) { return new Object(-1, 'msg_exceeds_limit_size'); } } } // Get random number generator $random = new Password(); // Set upload path by checking if the attachement is an image or other kinds of file if (preg_match("/\\.(jpe?g|gif|png|wm[va]|mpe?g|avi|swf|flv|mp[1-4]|as[fx]|wav|midi?|moo?v|qt|r[am]{1,2}|m4v)\$/i", $file_info['name'])) { // Immediately remove the direct file if it has any kind of extensions for hacking $file_info['name'] = preg_replace('/\\.(php|phtm|phar|html?|cgi|pl|exe|jsp|asp|inc)/i', '$0-x', $file_info['name']); $file_info['name'] = str_replace(array('<', '>'), array('%3C', '%3E'), $file_info['name']); $path = sprintf("./files/attach/images/%s/%s", $module_srl, getNumberingPath($upload_target_srl, 3)); // special character to '_' // change to random file name. because window php bug. window php is not recognize unicode character file name - by cherryfilter $ext = substr(strrchr($file_info['name'], '.'), 1); //$_filename = preg_replace('/[#$&*?+%"\']/', '_', $file_info['name']); $_filename = $random->createSecureSalt(32, 'hex') . '.' . $ext; $filename = $path . $_filename; $idx = 1; while (file_exists($filename)) { $filename = $path . preg_replace('/\\.([a-z0-9]+)$/i', '_' . $idx . '.$1', $_filename); $idx++; } $direct_download = 'Y'; } else { $path = sprintf("./files/attach/binaries/%s/%s", $module_srl, getNumberingPath($upload_target_srl, 3)); $filename = $path . $random->createSecureSalt(32, 'hex'); $direct_download = 'N'; } // Create a directory if (!FileHandler::makeDir($path)) { return new Object(-1, 'msg_not_permitted_create'); } // Check uploaded file if (!checkUploadedFile($file_info['tmp_name'])) { return new Object(-1, 'msg_file_upload_error'); } // Get random number generator $random = new Password(); // Move the file if ($manual_insert) { @copy($file_info['tmp_name'], $filename); if (!file_exists($filename)) { $filename = $path . $random->createSecureSalt(32, 'hex') . '.' . $ext; @copy($file_info['tmp_name'], $filename); } } else { if (!@move_uploaded_file($file_info['tmp_name'], $filename)) { $filename = $path . $random->createSecureSalt(32, 'hex') . '.' . $ext; if (!@move_uploaded_file($file_info['tmp_name'], $filename)) { return new Object(-1, 'msg_file_upload_error'); } } } // Get member information $oMemberModel = getModel('member'); $member_srl = $oMemberModel->getLoggedMemberSrl(); // List file information $args = new stdClass(); $args->file_srl = getNextSequence(); $args->upload_target_srl = $upload_target_srl; $args->module_srl = $module_srl; $args->direct_download = $direct_download; $args->source_filename = $file_info['name']; $args->uploaded_filename = $filename; $args->download_count = $download_count; $args->file_size = @filesize($filename); $args->comment = NULL; $args->member_srl = $member_srl; $args->sid = $random->createSecureSalt(32, 'hex'); $output = executeQuery('file.insertFile', $args); if (!$output->toBool()) { return $output; } // Call a trigger (after) $trigger_output = ModuleHandler::triggerCall('file.insertFile', 'after', $args); if (!$trigger_output->toBool()) { return $trigger_output; } $_SESSION['__XE_UPLOADING_FILES_INFO__'][$args->file_srl] = true; $output->add('file_srl', $args->file_srl); $output->add('file_size', $args->file_size); $output->add('sid', $args->sid); $output->add('direct_download', $args->direct_download); $output->add('source_filename', $args->source_filename); $output->add('upload_target_srl', $upload_target_srl); $output->add('uploaded_filename', $args->uploaded_filename); return $output; }
function updatePluginVars($plugin_name, $extra_vars) { if (!(is_string($plugin_name) && is_object($extra_vars))) { return new Object(-1, 'msg_invalid_request'); } getDestroyXeVars($extra_vars); $oAjaxboardModel = getModel('ajaxboard'); $plugin_info = $oAjaxboardModel->getPluginInfo($plugin_name); $plugin_vars = $plugin_info->xml_info->extra_vars; $hash_id = md5('plugin_name:' . trim((string) $plugin_name)); foreach ($plugin_vars as $key => $val) { if ($val->type == 'image') { $img = $extra_vars->{$val->name}; $del = $extra_vars->{'del_' . $val->name}; unset($extra_vars->{'del_' . $val->name}); if ($del == 'Y') { FileHandler::removeFile($val->value); unset($extra_vars->{$val->name}); continue; } if (!$img['tmp_name'] && $val->value) { $extra_vars->{$val->name} = $val->value; continue; } $img_path = './files/attach/images/ajaxboard/' . $hash_id; $img_file = $img_path . '/' . $img['name']; if (!(is_uploaded_file($img['tmp_name']) && checkUploadedFile($img['tmp_name']) && preg_match('/\\.(jpg|jpeg|gif|png)$/i', $img['name']) && FileHandler::makeDir($img_path) && move_uploaded_file($img['tmp_name'], $img_file))) { unset($extra_vars->{$val->name}); continue; } FileHandler::removeFile($val->value); $extra_vars->{$val->name} = $img_file; } if ($val->type == 'module_srl') { $module_srls = array(); if ($extra_vars->{$val->name}) { $module_srls = explode(',', $extra_vars->{$val->name}); } foreach ($module_srls as $key => $module_srl) { $module_srls[$key] = (int) $module_srl; } $extra_vars->{$val->name} = $module_srls; } } $args = new stdClass(); $args->plugin_name = $plugin_name; $args->extra_vars = array(); foreach ($extra_vars as $key => $val) { $params = new stdClass(); $params->name = trim($key); $params->value = $val; $args->extra_vars[$key] = $params; } return $this->updatePluginInfo($plugin_name, $args); }
if ($conflicting) { $defaultTitle = $folName; // Put it back in the form for edition notice(_SET_FOLDER_EXISTS); break; } $values = array("folCreator" => $_auth["useid"], "folName" => $folName, "folIdent" => $folIdent); if ($folid == 0) { sql_query("INSERT INTO `folders`" . dbValues($values)); $folid = mysql_insert_id(); } else { sql_query("UPDATE `folders`" . dbSet($values) . dbWhere(array("folid" => $folid))); } // Upload icon. include_once INCLUDES . "files.php"; $iconError = checkUploadedFile("folIcon"); if (!$iconError) { if (filesize($_FILES["folIcon"]["tmp_name"]) > $_config["maxIconSize"]) { $iconError = sprintf(_SET_ICON_SIZE_EXCEEDED, $_config["maxIconSize"]); } else { // Check avatar image size/type. $iconInfo = getimagesize($_FILES["folIcon"]["tmp_name"]); list($iconWidth, $iconHeight) = preg_split('/x/', $_config["iconResolution"]); if ($iconInfo[0] != $iconWidth || $iconInfo[1] != $iconHeight || $iconInfo[2] != 1 && $iconInfo[2] != 2 && $iconInfo[2] != 3) { $iconError = sprintf(_SET_ICON_TOO_LARGE, $_config["iconResolution"]); } else { // Upload folder icon to /files/foldericons/#/#####/ $iconFilename = applyIdToPath("files/foldericons/", $folid); $oldFiles = glob($iconFilename . "-*", GLOB_NOESCAPE); if (is_array($oldFiles) && count($oldFiles) > 0) { foreach ($oldFiles as $oldFile) {
function addRequestDetail($helpdeskItem, $detailPostVar, $detailFileVar, $detailPrivacy) { global $_auth; $detailText = isset($_POST[$detailPostVar]) ? trim($_POST[$detailPostVar]) : ""; $fileName = ""; $fileNameOrig = ""; include_once INCLUDES . "files.php"; $uploadError = checkUploadedFile($detailFileVar); if ($uploadError != _UPL_NO_FILE && $uploadError != "") { return $uploadError; } if ($uploadError == "") { $fileNameOrig = $_FILES[$detailFileVar]["name"]; $fileName = applyIdToPath("files/helpdesk/", $helpdeskItem); $fileName .= "-" . substr(sha1(mt_rand() * (microtime() * 0.001)), 1, 16); uploadFile($detailFileVar, $fileName, $extension); $fileName .= "." . $extension; if ($detailText == "") { $detailText = "There is no text message in this detail."; } } if ($detailText != "") { sql_values(array("hddItem" => $helpdeskItem, "hddSubmitDate!" => "NOW()", "hddPrivacy" => $detailPrivacy, "hddCreator" => $_auth["useid"], "hddMessage" => $detailText, "hddAttachment" => $fileName, "hddAttachOrigName" => $fileNameOrig)); sql_insert("helpdeskDetails"); } return ""; }