/** * Executes all the necessary operation to upload the file in the document tool * * @author Hugues Peeters <*****@*****.**> * * @param array $uploadedFile - follows the $_FILES Structure * @param string $baseWorkDir - base working directory of the module * @param string $uploadPath - destination of the upload. * This path is to append to $baseWorkDir * @param int $maxFilledSpace - amount of bytes to not exceed in the base * working directory * @param string $uncompress - whether 'unzip' and file is a zip; * extract the content. * @param string $allowPHP - if set to true, then there is no security check for .php files (works for zip archives only) * @return boolean : true if it succeds, false otherwise */ function treat_uploaded_file($uploadedFile, $baseWorkDir, $uploadPath, $maxFilledSpace, $uncompress = '', $allowPHP = false) { if (file_upload_failed($uploadedFile)) { $failureStr = get_file_upload_error_message($uploadedFile); return claro_failure::set_failure($failureStr); } if (!enough_size($uploadedFile['size'], $baseWorkDir, $maxFilledSpace)) { return claro_failure::set_failure(get_lang('The upload has failed. There is not enough space in your directory')); } if ($uncompress == 'unzip' && preg_match('/.zip$/i', $uploadedFile['name'])) { return treat_secure_uploaded_file_unzip($uploadedFile, $uploadPath, $baseWorkDir, $maxFilledSpace, $allowPHP); } else { /* TRY TO ADD AN EXTENSION TO FILES WITOUT EXTENSION */ $fileName = $uploadedFile['name'] . add_extension_for_uploaded_file($uploadedFile); $fileName = trim($uploadedFile['name']); /* CHECK FOR NO DESIRED CHARACTERS */ $fileName = replace_dangerous_char($fileName); /* HANDLE DANGEROUS FILE NAME FOR SERVER SECURITY */ $fileName = get_secure_file_name($fileName); /* COPY THE FILE TO THE DESIRED DESTINATION */ if (move_uploaded_file($uploadedFile['tmp_name'], $baseWorkDir . $uploadPath . '/' . $fileName)) { chmod($baseWorkDir . $uploadPath . '/' . $fileName, CLARO_FILE_PERMISSIONS); return $fileName; } else { return claro_failure::set_failure(get_lang('File upload failed')); } } }
$expirydate = 0; } else { $expirydate = calculate_time_of_next_action($days, $hours, $minutes); } } elseif ($expirytype == 'date') { $day = cleanvar($_REQUEST['day']); $month = cleanvar($_REQUEST['month']); $year = cleanvar($_REQUEST['year']); $date = explode("-", $date); $expirydate = mktime(0, 0, 0, $month, $day, $year); } else { $expirydate = 0; } // receive the uploaded file to a temp directory on the local server if ($_FILES['file']['error'] != '' and $_FILES['file']['error'] != UPLOAD_ERR_OK) { echo get_file_upload_error_message($_FILES['file']['error'], $_FILES['file']['name']); } else { $filepath = $CONFIG['attachment_fspath'] . $file_name; $mv = move_uploaded_file($_FILES['file']['tmp_name'], $filepath); if (!mv) { trigger_error("Problem moving uploaded file from temp directory: {$filepath}", E_USER_WARNING); } if (!file_exists($filepath)) { trigger_error("Error the temporary upload file ({$file}) was not found at: {$filepath}", E_USER_WARNING); } // Check file size $filesize = filesize($filepath); if ($filesize > $CONFIG['upload_max_filesize']) { trigger_error("User Error: Attachment too large or file ('.{$file}.') upload error - size: " . filesize($filepath), E_USER_WARNING); // throwing an error isn't the nicest thing to do for the user but there seems to be no way of // checking file sizes at the client end before the attachment is uploaded. - INL
$incidentid = $id; $title = $strFiles; include APPLICATION_INCPATH . 'incident_html_top.inc.php'; // append incident number to attachment path to show this users attachments $incident_attachment_fspath = $CONFIG['attachment_fspath'] . $id; if (empty($incidentid)) { $incidentid = mysql_real_escape_string($_REQUEST['id']); } // append incident number to attachment path to show this users attachments $incident_attachment_fspath = $CONFIG['attachment_fspath'] . $incidentid; $att_max_filesize = return_bytes($CONFIG['upload_max_filesize']); // Have a look to see if we've uploaded a file and process it if we have if ($_FILES['attachment']['name'] != '') { // Check if we had an error whilst uploading if ($_FILES['attachment']['error'] != '' and $_FILES['attachment']['error'] != UPLOAD_ERR_OK) { echo get_file_upload_error_message($_FILES['attachment']['error'], $_FILES['attachment']['name']); } else { // OK to proceed // Create an entry in the files table $sql = "INSERT INTO `{$dbFiles}` (category, filename, size, userid, usertype, filedate) "; $sql .= "VALUES ('public', '{$_FILES['attachment']['name']}', '{$_FILES['attachment']['size']}', '{$sit[2]}', 'user', NOW())"; mysql_query($sql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_ERROR); } $fileid = mysql_insert_id(); //create update $updatetext = $SYSLANG['strFileUploaded'] . ": [[att={$fileid}]]{$_FILES['attachment']['name']}[[/att]]"; $currentowner = incident_owner($incidentid); $currentstatus = incident_status($incidentid); $sql = "INSERT INTO `{$dbUpdates}` (incidentid, userid, `type`, `currentowner`, `currentstatus`, ";
// File can be an uploaded package file // or a local package file // or a local unpackaged file // later: an url to a package file) // later: a local repository of many packages // Actually interface display two input, and only one must be filed. If the user give both , the uploaded package win. // If it's a zip file, it would be place into package repositorys. pushClaroMessage(__LINE__ . '<pre>$_FILES =' . var_export($_FILES, 1) . '</pre>', 'dbg'); if (array_key_exists('uploadedModule', $_FILES) || array_key_exists('packageCandidatePath', $_REQUEST)) { pushClaroMessage(__LINE__ . '<pre>$_REQUEST =' . var_export($_REQUEST, 1) . '</pre>', 'dbg'); // Thread uploaded file if (array_key_exists('uploadedModule', $_FILES)) { pushClaroMessage(__LINE__ . 'files founds', 'dbg'); if (file_upload_failed($_FILES['uploadedModule'])) { $summary = get_lang('Module upload failed'); $details = get_file_upload_error_message($_FILES['uploadedModule']); $dialogBox->error(Backlog_Reporter::report($summary, $details)); } else { // move uploadefile to package repository, and unzip them // actually it's done in function wich must be splited. if (false !== ($modulePath = get_and_unzip_uploaded_package())) { $moduleInstallable = true; } else { $summary = get_lang('Module unpackaging failed'); $details = implode("<br />\n", claro_failure::get_last_failure()); $dialogBox->error(Backlog_Reporter::report($summary, $details)); } } } elseif (array_key_exists('packageCandidatePath', $_REQUEST)) { // If the target is a zip file, it must be unpack // If it's a unziped package, We copye the content
} // check from field if ($fromfield == '') { $errors = 1; $error_string .= "<p class='error'>" . sprintf($strFieldMustNotBeBlank, $strFrom) . "</p>\n"; } // check reply to field if ($replytofield == '') { $errors = 1; $error_string .= "<p class='error'>" . sprintf($strFieldMustNotBeBlank, $strReplyTo) . "</p>\n"; } $errorcode = $_FILES['attachment']['error']; // check the for errors related to file size in php.ini(upload_max_filesize) TODO: Should i18n this.. if ($errorcode == 1 || $errorcode == 2) { $errors = 1; $error_string .= "<p>" . get_file_upload_error_message($_FILES['attachment']['error'], $_FILES['attachment']['name']) . "</p>\n"; } // Store email body in session if theres been an error if ($errors > 0) { $_SESSION['temp-emailbody'] = $bodytext; } else { unset($_SESSION['temp-emailbody']); } // send email if no errors if ($errors == 0) { $extra_headers = "Reply-To: {$replytofield}\nErrors-To: " . user_email($sit[2]) . "\n"; $extra_headers .= "X-Mailer: {$CONFIG['application_shortname']} {$application_version_string}/PHP " . phpversion() . "\n"; $extra_headers .= "X-Originating-IP: {$_SERVER['REMOTE_ADDR']}\n"; if ($ccfield != '') { $extra_headers .= "CC: {$ccfield}\n"; }