function getMimeType() { if (isset($_SERVER['X-Mime-Type']) && is_mimetype_format($_SERVER['X-Mime-Type'])) { return $_SERVER['X-Mime-Type']; } else { return get_mimetype_by_extension(which_ext($_GET['qqfile'])); } }
function get_mediaplayer_stream($fileid = 0, $flash = false) { $fileid = intval($fileid); if (!$fileid) { return ''; } // internal $sql = 'SELECT * FROM ' . DB_PREPEND . 'phpwcms_file WHERE f_aktiv=1 AND f_public=1 AND f_id=' . $fileid; if (!FEUSER_LOGIN_STATUS) { $sql .= ' AND f_granted=0'; } $file = _dbQuery($sql); if (isset($file[0])) { global $fmp_data; $file = $file[0]; $file['fmp_file'] = PHPWCMS_URL . 'download.php?file=' . $file['f_hash']; if ($file['f_ext']) { $file['fmp_file'] .= '.' . $file['f_ext']; $file['f_type'] = get_mimetype_by_extension($file['f_ext']); $fmp_data['fmp_file_ext'] = $file['f_ext']; if ($flash) { $fmp_data['flashvars_type'] = $file['f_ext']; if (in_array($file['f_ext'], array('jpeg', 'jpg', 'png', 'gif', 'swf'))) { $fmp_data['fmp_img_id'] = 0; } } else { $fmp_data['video_type'] = $file['f_type']; } } $file['fmp_file'] .= '&type=' . urlencode($file['f_type']); if (BROWSER_OS == 'iOS') { $file['fmp_file'] .= '&ios=/' . $file['f_name']; } return $file['fmp_file']; } return ''; }
$article_thumbnail = $article_enclosure->get_thumbnail(); if (!$article_thumbnail && $article_enclosure->get_link()) { $article_thumbnail = $article_enclosure->get_link(); if ($article_thumbnail && ($article_thumbnail_ext = which_ext($article_thumbnail)) && in_array($article_thumbnail_ext, array('jpg', 'jpeg', 'png', 'gif'))) { if ($feedimport_result['cnt_object']['image_url_replace'][0] !== '') { $article_thumbnail = str_replace($feedimport_result['cnt_object']['image_url_replace'][0], $feedimport_result['cnt_object']['image_url_replace'][1], $article_thumbnail); } $article_thumbnail_name = basename($article_thumbnail); $article_thumbnail_hash = md5($article_thumbnail_name . microtime()); $article_thumbnail_store = PHPWCMS_STORAGE . $article_thumbnail_hash . '.' . $article_thumbnail_ext; $oldmask = umask(0); $insert = false; if ($dir = @opendir(PHPWCMS_STORAGE) && copy($article_thumbnail, $article_thumbnail_store)) { if ($article_thumbnail_size = filesize($article_thumbnail_store)) { // yeah, we have it $data = array('f_pid' => $feedimport_result['cnt_object']['image_folder_id'], 'f_uid' => $feedimport_result['cnt_object']['author_id'], 'f_kid' => 1, 'f_aktiv' => 1, 'f_public' => 1, 'f_name' => $article_thumbnail_name, 'f_created' => now(), 'f_size' => $article_thumbnail_size, 'f_type' => get_mimetype_by_extension($article_thumbnail_ext), 'f_ext' => $article_thumbnail_ext, 'f_longinfo' => $article_title, 'f_hash' => $article_thumbnail_hash, 'f_copyright' => '', 'f_tags' => $article_categories); if (PHPWCMS_CHARSET != 'utf-8') { $data['f_name'] = makeCharsetConversion($data['f_name'], 'utf-8', PHPWCMS_CHARSET); $data['f_longinfo'] = makeCharsetConversion($data['f_longinfo'], 'utf-8', PHPWCMS_CHARSET); $data['f_copyright'] = makeCharsetConversion($data['f_copyright'], 'utf-8', PHPWCMS_CHARSET); $data['f_tags'] = makeCharsetConversion($data['f_tags'], 'utf-8', PHPWCMS_CHARSET); } $insert = _dbInsert('phpwcms_file', $data); if (isset($insert['INSERT_ID'])) { $feedimport_result['image']['name'] = $article_thumbnail_name; $feedimport_result['image']['id'] = $insert['INSERT_ID']; $feedimport_result['image']['width'] = $phpwcms["content_width"]; $feedimport_result['image']['height'] = ''; $feedimport_result['image']['hash'] = $article_thumbnail_hash; $feedimport_result['image']['ext'] = $article_thumbnail_ext; $feedimport_result['image']['list_usesummary'] = 1;
} else { $file_error["keywords"][$key] = 1; } } } //starts upload of file if (!is_uploaded_file($_FILES["file"]["tmp_name"])) { $file_error["file"] = $BL['be_fprivup_err1']; } elseif ($_FILES["file"]["size"] > $phpwcms["file_maxsize"]) { $file_error["file"] = $BL['be_fprivup_err2'] . " " . number_format($phpwcms["file_maxsize"] / 1024, 2, ',', '.') . " kB"; } else { $fileName = sanitize_filename($_FILES["file"]["name"]); $fileExt = check_image_extension($_FILES["file"]["tmp_name"], $fileName); $fileExt = $fileExt === false ? which_ext($fileName) : $fileExt; $fileHash = md5($fileName . microtime()); $fileType = is_mimetype_format($_FILES["file"]["type"]) ? $_FILES["file"]["type"] : get_mimetype_by_extension($fileExt); $fileSize = intval($_FILES["file"]["size"]); // Check against forbidden file names $forbiddenUploadName = array('.htaccess', 'web.config', 'lighttpd.conf', 'nginx.conf'); if (in_array(strtolower($fileName), $forbiddenUploadName)) { $file_error["file"] = sprintf($BL['be_fprivup_err7'], $fileName); } // Only allowed file extensions if (empty($file_error["file"])) { if (is_string($phpwcms['allowed_upload_ext'])) { $phpwcms['allowed_upload_ext'] = convertStringToArray(strtolower($phpwcms['allowed_upload_ext'])); } if ($fileExt === '') { $file_error["file"] = sprintf($BL['be_fprivup_err9'], implode(', ', $phpwcms['allowed_upload_ext'])); } elseif (is_array($phpwcms['allowed_upload_ext']) && count($phpwcms['allowed_upload_ext']) && !in_array(strtolower($fileExt), $phpwcms['allowed_upload_ext'])) { $file_error["file"] = sprintf($BL['be_fprivup_err8'], strtoupper($fileName), implode(', ', $phpwcms['allowed_upload_ext']));
$fileinfo['mimetype'] = $download["f_type"]; $fileinfo['file'] = $fileinfo['path'] . $fileinfo['filename']; $fileinfo['extension'] = $download["f_ext"]; $fileinfo['realfname'] = $phpwcms['sanitize_dlname'] ? phpwcms_remove_accents($download["f_name"]) : $download["f_name"]; // start download $success = dl_file_resume($fileinfo['file'], $fileinfo, true); } } // we hack in the stream.php here } elseif ($file = isset($_GET['file']) ? clean_slweg($_GET['file'], 40) : '') { $filename = basename($file); $file = PHPWCMS_ROOT . '/' . PHPWCMS_FILES . $filename; if (is_file($file)) { $mime = empty($_GET['type']) ? '' : clean_slweg($_GET['type'], 100); if (!is_mimetype_format($mime)) { $mime = get_mimetype_by_extension(which_ext($file)); } header('Content-Type: ' . $mime); if (BROWSER_OS == 'iOS') { require_once PHPWCMS_ROOT . '/include/inc_lib/functions.file.inc.php'; rangeDownload($file); } else { header('Content-Transfer-Encoding: binary'); if (!isset($_GET['ios'])) { header('Content-Disposition: inline; filename="' . ($phpwcms['sanitize_dlname'] ? phpwcms_remove_accents($filename) : $filename) . '"'); } header('Content-Length: ' . filesize($file)); readfile($file); } $success = true; }
function saveUploadedFile($file, $target, $exttype = '', $imgtype = '', $rename = 0, $maxsize = 0) { // imgtype can be all exif_imagetype supported by your PHP install // see http://www.php.net/exif_imagetype $file_status = array('status' => false, 'error' => '', 'name' => '', 'tmp_name' => '', 'size' => 0, 'path' => '', 'ext' => '', 'rename' => '', 'maxsize' => intval($maxsize), 'error_num' => 0, 'type' => ''); if (!isset($_FILES[$file]) || !is_uploaded_file($_FILES[$file]['tmp_name'])) { $file_status['error'] = 'Upload not defined'; return $file_status; } $file_status['name'] = sanitize_filename($_FILES[$file]['name']); $file_status['ext'] = which_ext($file_status['name']); $file_status['tmp_name'] = $_FILES[$file]['tmp_name']; $file_status['size'] = $_FILES[$file]['size']; $file_status['type'] = empty($_FILES[$file]['type']) || !is_mimetype_format($_FILES[$file]['type']) ? get_mimetype_by_extension($file_status['ext']) : $_FILES[$file]['type']; $file_status['path'] = $target; $file_status['rename'] = $file_status['name']; $file_status['maxsize'] = empty($file_status['maxsize']) ? $GLOBALS['phpwcms']['file_maxsize'] : $file_status['maxsize']; if (intval($file_status['size']) > $file_status['maxsize']) { $file_status['error'] = 'File is too large'; $file_status['error_num'] = 400; return $file_status; } if (empty($target)) { $file_status['error'] = 'Target directory not defined'; $file_status['error_num'] = 412; return $file_status; } if (!@_mkdir($target)) { $file_status['error'] = 'The target directory "' . $target . '" can not be found or generated'; $file_status['error_num'] = 412; return $file_status; } if ($_FILES[$file]['error']) { $file_status['error'] = $_FILES[$file]['error']; $file_status['error_num'] = 409; return $file_status; } if ($imgtype) { $imgtype = convertStringToArray(strtolower($imgtype)); if (count($imgtype)) { $data = @getimagesize($_FILES[$file]['tmp_name']); $exif_imagetype = array(1 => 'gif', 2 => 'jpeg', 2 => 'jpg', 3 => 'png', 4 => 'swf', 5 => 'psd', 6 => 'bmp', 7 => 'tif', 8 => 'tiff', 9 => 'jpc', 10 => 'jp2', 11 => 'jpx', 12 => 'jb2', 13 => 'swc', 14 => 'iff', 15 => 'wbmp', 16 => 'xbm'); if (!$data && !$exttype) { $file_status['error'] = 'Format' . ($file_status['ext'] ? ' *.' . $file_status['ext'] : '') . ' not supported ('; $allowed = array(); foreach ($imgtype as $value) { $allowed[] = '*.' . $exif_imagetype[$value]; } $file_status['error'] .= implode(', ', $allowed) . ')'; $file_status['error_num'] = 415; @unlink($_FILES[$file]['tmp_name']); return $file_status; } elseif ($data) { if (empty($exif_imagetype[$data[2]]) || !in_array($data[2], $imgtype)) { $file_status['error'] = 'File type '; $file_status['error'] .= empty($exif_imagetype[$data[2]]) ? $data[2] : $exif_imagetype[$data[2]]; $file_status['error'] .= ' is not supported for this upload ('; foreach ($imgtype as $imgt) { $file_status['error'] .= empty($exif_imagetype[$imgt]) ? $imgt : $exif_imagetype[$imgt]; $file_status['error'] .= ', '; } $file_status['error'] = trim(trim($file_status['error']), ','); $file_status['error'] .= ' only)'; $file_status['error_num'] = 415; @unlink($_FILES[$file]['tmp_name']); return $file_status; } $file_status['image'] = $data; $exttype = ''; } } } if ($exttype) { $exttype = convertStringToArray(strtolower($exttype)); if (!in_array($file_status['ext'], $exttype)) { $file_status['error'] = 'File type *.' . $file_status['ext'] . ' is not supported for this upload (*.' . implode(', *.', $exttype) . ' only)'; $file_status['error_num'] = 415; @unlink($_FILES[$file]['tmp_name']); return $file_status; } } if (!is_writable($target)) { $file_status['error'] = 'Target directory <b>' . str_replace(PHPWCMS_ROOT, '', $target) . '</b> is not writable'; $file_status['error_num'] = 412; @unlink($_FILES[$file]['tmp_name']); return $file_status; } $rename = convertStringToArray($rename); if (count($rename)) { $_temp_name = cut_ext($file_status['rename']); foreach ($rename as $value) { switch ($value) { case 1: $_temp_name = str_replace(array(':', '/', "\\", ' '), array('-', '-', '-', '_'), phpwcms_remove_accents($_temp_name)); $_temp_name = preg_replace('/[^0-9a-z_\\-\\.]/i', '', $_temp_name); break; case 2: $_temp_name = time() . '_' . $_temp_name; break; case 3: $_temp_name = date('Ymd-His') . '_' . $_temp_name; break; case 4: $_temp_name = date('Ymd') . '_' . $_temp_name; break; case 5: $_temp_name = generic_string(6) . '_' . $_temp_name; break; case 6: $_temp_name = md5($_temp_name . ($file_status['ext'] ? '.' . $file_status['ext'] : '')); break; case 7: $_temp_name = shortHash($_temp_name . ($file_status['ext'] ? '.' . $file_status['ext'] : '')); break; } } $file_status['rename'] = $_temp_name . ($file_status['ext'] ? '.' . $file_status['ext'] : ''); } @umask(0); if (!@move_uploaded_file($_FILES[$file]['tmp_name'], $target . $file_status['rename'])) { if (!copy($_FILES[$file]['tmp_name'], $target . $file_status['rename'])) { $file_status['error'] = 'Saving uploaded file <b>' . html($file_status['name']) . '</b> to <b>' . html(str_replace(PHPWCMS_ROOT, '', $target . $file_status['rename'])) . '</b> failed'; $file_status['error_num'] = 412; @unlink($_FILES[$file]['tmp_name']); return $file_status; } } @chmod($target . $file_status['rename'], 0644); $file_status['status'] = true; return $file_status; }
$file_size = filesize($file_path); $file_ext = check_image_extension($file_path); $file_ext = false === $file_ext ? which_ext($file) : $file_ext; $file_name = sanitize_filename($ftp["filename"][$key]); $file_hash = md5($file_name . microtime()); if (trim($file_type) === '') { //check file_type if (is_mimetype_by_extension($file_ext)) { $file_type = get_mimetype_by_extension($file_ext); } else { $file_check = getimagesize($file_path); if (version_compare("4.3.0", phpversion(), ">=") && $file_check) { $file_type = image_type_to_mime_type($file_check[2]); } if (!is_mimetype_format($file_type)) { $file_type = get_mimetype_by_extension($file_ext); } } } $sql = "INSERT INTO " . DB_PREPEND . "phpwcms_file ("; $sql .= "f_pid, f_uid, f_kid, f_aktiv, f_public, f_name, f_created, f_size, f_type, f_ext, "; $sql .= "f_shortinfo, f_longinfo, f_keywords, f_hash, f_copyright, f_tags" . $ftp['fileVarsField'] . ") VALUES ("; $sql .= $ftp["dir"] . ", " . intval($_SESSION["wcs_user_id"]) . ", 1, " . $ftp["aktiv"] . ", " . $ftp["public"] . ", "; $sql .= _dbEscape($file_name) . ", '" . time() . "', " . _dbEscape($file_size) . ", " . _dbEscape($file_type) . ", "; $sql .= _dbEscape($file_ext) . ", " . _dbEscape($ftp["short_info"]) . ", "; $sql .= _dbEscape($ftp["long_info"]) . ", " . _dbEscape($ftp["keys"]) . ", '" . $file_hash . "', "; $sql .= _dbEscape($ftp["copyright"]) . ", " . _dbEscape($ftp["tags"]) . $ftp['fileVarsValue'] . ")"; $result = _dbQuery($sql, 'INSERT'); if (isset($result['INSERT_ID'])) { $new_fileId = $result['INSERT_ID']; //Festlegen der aktuellen File-ID
$sql .= "f_id=" . $dl . " AND f_kid=1 AND (f_public=1"; if (empty($_SESSION["wcs_user_admin"])) { $sql .= " OR f_uid=" . intval($_SESSION["wcs_user_id"]); } $sql .= ") LIMIT 1"; } if ($result = mysql_query($sql, $db) or die("error while retrieving file download infos")) { if ($download = mysql_fetch_array($result)) { $dl_filename = $download["f_hash"]; if ($download["f_ext"]) { $dl_filename .= '.' . $download["f_ext"]; } $dl_path = PHPWCMS_ROOT . $phpwcms["file_path"]; if (file_exists($dl_path . $dl_filename)) { if (!is_mimetype_format($download["f_type"])) { $download["f_type"] = get_mimetype_by_extension($download["f_ext"]); } header("Content-type: " . $download["f_type"]); header('Content-Disposition: attachment; filename="' . $download["f_name"] . '"'); header("Content-Length: " . filesize($dl_path . $dl_filename)); if (readfile($dl_path . $dl_filename)) { exit; } else { $err = 'Error reading file (4)'; } } else { $err = 'File does not exist (1)'; } } else { $err = 'File not found in database (2)'; }
} } $basis = floor($value["max_width"] / $grid); if (!$basis) { $basis = 1; } $value["max_width"] = $basis * $grid; $basis = floor($value["max_height"] / $grid); if (!$basis) { $basis = 1; } $value["max_height"] = $basis * $grid; } if (($image = get_cached_image($value, false, false)) && !empty($image[0])) { // Redirect, the "old" way if (!empty($phpwcms['cmsimage_redirect'])) { headerRedirect(PHPWCMS_URL . PHPWCMS_IMAGES . $image[0], 301); } if (empty($image['type'])) { $image['type'] = get_mimetype_by_extension(which_ext($image[0])); } header('Content-Type: ' . $image['type']); header('Content-Disposition: inline'); @readfile(PHPWCMS_THUMB . $image[0]); exit; } } } } // uncached transparent GIF phpwcms_empty_gif();