/** * accepts a file for upload */ function media_upload() { global $DIR_MEDIA, $member, $CONF; $uploadInfo = postFileInfo('uploadfile'); $filename = $uploadInfo['name']; $filetype = $uploadInfo['type']; $filesize = $uploadInfo['size']; $filetempname = $uploadInfo['tmp_name']; $fileerror = intval($uploadInfo['error']); switch ($fileerror) { case 0: // = UPLOAD_ERR_OK break; case 1: // = UPLOAD_ERR_INI_SIZE // = UPLOAD_ERR_INI_SIZE case 2: // = UPLOAD_ERR_FORM_SIZE media_doError(_ERROR_FILE_TOO_BIG); case 3: // = UPLOAD_ERR_PARTIAL // = UPLOAD_ERR_PARTIAL case 4: // = UPLOAD_ERR_NO_FILE // = UPLOAD_ERR_NO_FILE case 6: // = UPLOAD_ERR_NO_TMP_DIR // = UPLOAD_ERR_NO_TMP_DIR case 7: // = UPLOAD_ERR_CANT_WRITE // = UPLOAD_ERR_CANT_WRITE default: // include error code for debugging // (see http://www.php.net/manual/en/features.file-upload.errors.php) media_doError(_ERROR_BADREQUEST . ' (' . $fileerror . ')'); } if ($filesize > $CONF['MaxUploadSize']) { media_doError(_ERROR_FILE_TOO_BIG); } // check file type against allowed types $ok = 0; $allowedtypes = explode(',', $CONF['AllowedTypes']); foreach ($allowedtypes as $type) { if (preg_match("#\\." . $type . "\$#i", $filename)) { $ok = 1; } } if (!$ok) { media_doError(_ERROR_BADFILETYPE); } if (!is_uploaded_file($filetempname)) { media_doError(_ERROR_BADREQUEST); } // prefix filename with current date (YYYY-MM-DD-) // this to avoid nameclashes if ($CONF['MediaPrefix']) { $filename = strftime("%Y%m%d-", time()) . $filename; } $collection = requestVar('collection'); $res = MEDIA::addMediaObject($collection, $filetempname, $filename); if ($res != '') { media_doError($res); } // shows updated list afterwards media_select(); }
/** * accepts a file for upload */ function media_upload() { global $DIR_MEDIA, $member, $CONF, $funcNum, $responseType; $uploadInfo = postFileInfo('upload'); $filename = $uploadInfo['name']; $filetype = $uploadInfo['type']; $filesize = $uploadInfo['size']; $filetempname = $uploadInfo['tmp_name']; $fileerror = intval($uploadInfo['error']); // clean filename of characters that may cause trouble in a filename using cleanFileName() function from globalfunctions.php $filename = cleanFileName($filename); if ($filename === false) { upload_doError(_ERROR_BADFILETYPE . $filename); } switch ($fileerror) { case 0: // = UPLOAD_ERR_OK break; case 1: // = UPLOAD_ERR_INI_SIZE // = UPLOAD_ERR_INI_SIZE case 2: // = UPLOAD_ERR_FORM_SIZE upload_doError(_ERROR_FILE_TOO_BIG); case 3: // = UPLOAD_ERR_PARTIAL // = UPLOAD_ERR_PARTIAL case 4: // = UPLOAD_ERR_NO_FILE // = UPLOAD_ERR_NO_FILE case 6: // = UPLOAD_ERR_NO_TMP_DIR // = UPLOAD_ERR_NO_TMP_DIR case 7: // = UPLOAD_ERR_CANT_WRITE // = UPLOAD_ERR_CANT_WRITE default: // include error code for debugging // (see http://www.php.net/manual/en/features.file-upload.errors.php) upload_doError(_ERROR_BADREQUEST . ' (' . $fileerror . ')'); } if ($filesize > $CONF['MaxUploadSize']) { upload_doError(_ERROR_FILE_TOO_BIG); } // check file type against allowed types $ok = 0; $allowedtypes = explode(',', $CONF['AllowedTypes']); foreach ($allowedtypes as $type) { if (preg_match("#\\." . $type . "\$#i", $filename)) { $ok = 1; } } if (!$ok) { upload_doError(_ERROR_BADFILETYPE . $filename); } if (!is_uploaded_file($filetempname)) { upload_doError(_ERROR_BADREQUEST); } // prefix filename with current date (YYYYMMDD-HHMMSS-) // this to avoid nameclashes if ($CONF['MediaPrefix']) { $filename = strftime("%Y%m%d-%H%M%S-", time()) . $filename; } // currently selected collection $collection = requestVar('collection'); if (!$collection || !@is_dir($DIR_MEDIA . $collection)) { $collection = $member->getID(); } // avoid directory travarsal and accessing invalid directory if (!MEDIA::isValidCollection($collection)) { media_doError(_ERROR_DISALLOWED); } $res = MEDIA::addMediaObject($collection, $filetempname, $filename); if ($res != '') { upload_doError($res); } $url = $CONF['MediaURL'] . $collection . '/' . $filename; if ($responseType != 'json') { echo "<script type='text/javascript'>window.parent.CKEDITOR.tools.callFunction(" . $funcNum . ", '" . $url . "', '');</script>"; } else { $arr = array('uploaded' => 1, 'fileName' => $filename, 'url' => $url); header("Content-Type: application/json; charset=utf-8"); echo json_encode($arr); } }