function FileUpload($resourceType, $currentFolder, $sCommand)
{
global $dwfck_conf;
if (!isset($_FILES)) {
global $_FILES;
}
$sErrorNumber = '0';
$sFileName = '';
$sess_id = session_id();
if (!isset($sess_id) || $sess_id != $_COOKIE['FCK_NmSp_acl']) {
session_id($_COOKIE['FCK_NmSp_acl']);
session_start();
}
global $Dwfck_conf_values;
$dwfck_conf = $_SESSION['dwfck_conf'];
if (empty($dwfck_conf)) {
$dwfck_conf['deaccent'] = isset($Dwfck_conf_values['deaccent']) ? $Dwfck_conf_values['deaccent'] : 1;
$dwfck_conf['useslash'] = isset($Dwfck_conf_values['useslash']) ? $Dwfck_conf_values['useslash'] : 0;
$dwfck_conf['sepchar'] = isset($Dwfck_conf_values['sepchar']) ? $Dwfck_conf_values['sepchar'] : '_';
}
$auth = 0;
if (isset($_REQUEST['TopLevel'])) {
list($top_level, $auth) = explode(';;', $_REQUEST['TopLevel']);
}
$safe = false;
global $Dwfck_conf_values;
if ($Dwfck_conf_values['fnencode'] == 'safe') {
if (preg_match('/%[a-z]+[0-9]/', $currentFolder) || preg_match('/%[0-9][a-z]/', $currentFolder)) {
$safe = true;
}
}
$ns_tmp = dwiki_decodeFN(trim($currentFolder, '/'));
$ns_tmp = str_replace('/', ':', $ns_tmp);
$test = $ns_tmp . ':*';
if (!$safe) {
$test = urldecode($test);
while (preg_match('/%25/', $test)) {
$test = urldecode($test);
}
$test = urldecode($test);
}
$isadmin = isset($_SESSION['dwfck_conf']['isadmin']) ? $_SESSION['dwfck_conf']['isadmin'] : false;
if (!$isadmin) {
$AUTH = auth_aclcheck($test, $_SESSION['dwfck_client'], $_SESSION['dwfck_grps'], 1);
if ($AUTH < 8) {
$msg = "";
$sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
$sFileUrl = CombinePaths($sFileUrl, $_FILES['NewFile']['name']);
SendUploadResults('203', $sFileUrl, htmlentities($_FILES['NewFile']['name']), $msg);
return;
}
}
if (!$safe) {
$currentFolder = encode_dir($currentFolder);
}
if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])) {
global $Config;
$upload_err = $_FILES['NewFile']['error'];
if ($upload_err) {
send_ckg_UploadError($upload_err, $sFileUrl, htmlentities($_FILES['NewFile']['name']));
exit;
}
$oFile = $_FILES['NewFile'];
// Map the virtual path to the local server path.
$sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand);
// Get the uploaded file name.
$sFileName = dwiki_encodeFN($oFile['name']);
$sOriginalFileName = dwiki_encodeFN($sFileName);
// Get the extension.
$sExtension = substr($sFileName, strrpos($sFileName, '.') + 1);
$sExtension = strtolower($sExtension);
$image_file = false;
if (in_array($sExtension, $Config['AllowedExtensions']['Image'])) {
$image_file = true;
}
if (isset($Config['SecureImageUploads'])) {
if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) {
$sErrorNumber = '202';
}
}
if (isset($Config['HtmlExtensions'])) {
if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) {
$sErrorNumber = '202';
}
}
$sFileName = Dwfck_sanitize($sFileName, $image_file);
// Check if it is an allowed extension.
if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) {
$iCounter = 0;
while (true) {
//$sFileName = strtolower($sFileName);
if (!is_dir($sServerDir)) {
if (isset($Config['ChmodOnFolderCreate']) && !$Config['ChmodOnFolderCreate']) {
mkdir_rek($sServerDir, $permissions);
} else {
$permissions = 0777;
if (isset($Config['ChmodOnFolderCreate'])) {
$permissions = $Config['ChmodOnFolderCreate'];
}
// To create the folder with 0777 permissions, we need to set umask to zero.
$oldumask = umask(0);
mkdir_rek($sServerDir, $permissions);
umask($oldumask);
}
}
$sFilePath = $sServerDir . $sFileName;
if (is_file($sFilePath)) {
$iCounter++;
if ($Dwfck_conf_values['fnencode'] == 'safe') {
$sFileName = RemoveExtension(dwiki_decodeFN($sOriginalFileName)) . '_' . $iCounter . ".{$sExtension}";
} else {
$sFileName = RemoveExtension($sOriginalFileName) . '_' . $iCounter . ".{$sExtension}";
}
$sFileName = Dwfck_sanitize($sFileName, $image_file);
$sErrorNumber = '201';
} else {
move_uploaded_file($oFile['tmp_name'], $sFilePath);
if (is_file($sFilePath)) {
if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) {
break;
}
$permissions = 0777;
if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) {
$permissions = $Config['ChmodOnUpload'];
}
$oldumask = umask(0);
chmod($sFilePath, $permissions);
umask($oldumask);
}
break;
}
}
if (file_exists($sFilePath)) {
//previous checks failed, try once again
if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) {
@unlink($sFilePath);
$sErrorNumber = '202';
} else {
if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) {
@unlink($sFilePath);
$sErrorNumber = '202';
}
}
}
} else {
$sErrorNumber = '202';
}
} else {
$sErrorNumber = '202';
}
$sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
$sFileUrl = CombinePaths($sFileUrl, $sFileName);
SendUploadResults($sErrorNumber, $sFileUrl, htmlentities($sFileName));
exit;
}
define("PAGES", DOKU_INC . 'data/pages/');
define("FCKEDITOR", DOKU_PLUGIN . 'ckgedit/fckeditor/editor/');
define('CONNECTOR', FCKEDITOR . 'filemanager/connectors/php/');
require_once CONNECTOR . 'check_acl.php';
require_once DOKU_INC . 'inc/Input.class.php';
require_once CONNECTOR . 'SafeFN.class.php';
global $dwfck_conf;
global $Dwfck_conf_values;
$INPUT = new Input();
$page = $INPUT->str('dw_id');
$page = ltrim($page, ':');
$dwfck_conf = doku_config_values();
// needed for cleanID
$Dwfck_conf_values = $dwfck_conf;
$page = str_replace(':', '/', $page);
$page = dwiki_encodeFN($page);
if (!empty($Dwfck_conf_values['ckg_savedir'])) {
$path = $Dwfck_conf_values['ckg_savedir'] . '/pages/' . $page . '.txt';
} else {
$path = PAGES . $page . '.txt';
}
$resp = "";
$headers = array();
$lines = file($path);
foreach ($lines as $line) {
if (preg_match('/^=+([^=]+)=+\\s*$/', $line, $matches)) {
$suffix_anchor = "";
$suffix_header = "";
if (isset($headers[$matches[1]])) {
$headers[$matches[1]]++;
$suffix_anchor = $headers[$matches[1]];
