private function onImport() { if ($this->_accessLevel < ACCESS_LEVEL_EDIT) { CommonErrors::fatal(COMMONERROR_PERMISSION, $this, 'Invalid user level for action.'); } set_time_limit(500); $this->setImportTypes(); $dataType = $this->getTrimmedInput('dataType', $_POST); $importInto = $this->getTrimmedInput('importInto', $_POST); if (empty($dataType)) { $this->_template->assign('errorMessage', 'No data type was specified.'); $this->importSelectType(); return; } if (empty($importInto) && $dataType != 'Resume') { $this->_template->assign('errorMessage', 'No destination was specified.'); $this->importSelectType(); return; } /* If a file was submitted, then the user sent what colums he wanted to use already. */ if (isset($_POST['fileName'])) { if ($_SESSION['CATS']->isDemo()) { CommonErrors::fatal(COMMONERROR_PERMISSION, $this, 'Demo user can not import data.'); } if (!eval(Hooks::get('IMPORT_ON_IMPORT_1'))) { return; } switch ($dataType) { case 'Text File': $this->onImportFieldsDelimited(); return; default: $this->_template->assign('errorMessage', 'No 2nd parser has been included for the specified data type.'); $this->import(); return; } } /* Otherwise, parse the file... */ if (!eval(Hooks::get('IMPORT_ON_IMPORT_2'))) { return; } if (!isset($_FILES['file']) || empty($_FILES['file']['name'])) { $errorMessage = sprintf('No file was uploaded.'); $this->_template->assign('errorMessage', $errorMessage); $this->importSelectType(); return; } /* Get file metadata. */ $originalFilename = $_FILES['file']['name']; $tempFilename = $_FILES['file']['tmp_name']; $contentType = $_FILES['file']['type']; $fileSize = $_FILES['file']['size']; $fileUploadError = $_FILES['file']['error']; /* Recover from magic quotes. Note that tmp_name doesn't appear to * get escaped, and stripslashes() on it breaks on Windows. - Will */ if (get_magic_quotes_gpc()) { $originalFilename = stripslashes($originalFilename); $contentType = stripslashes($contentType); } if ($fileUploadError != UPLOAD_ERR_OK) { $this->_template->assign('errorMessage', FileUtility::getErrorMessage($fileUploadError)); $this->importSelectType(); return; } if ($fileSize <= 0) { $this->_template->assign('errorMessage', 'File size is less than 1 byte.'); $this->importSelectType(); return; } /* Make sure the attachments directory exists and create it if not. */ if (!is_dir(CATS_TEMP_DIR)) { $errorMessage = sprintf('Directory \'%s\' does not exist. CATS is not configured correctly.', CATS_TEMP_DIR); $this->_template->assign('errorMessage', $errorMessage); $this->importSelectType(); return; } /* Make a blind attempt to recover from invalid permissions. */ @chmod(CATS_TEMP_DIR, 0777); /* Make a random file name for the file. */ if ($dataType != 'Resume') { $randomFile = FileUtility::makeRandomFilename($tempFilename) . '.tmp'; } else { $randomFile = $originalFilename; } /* Build new path information for the file. */ $newFileFullPath = CATS_TEMP_DIR . '/' . $randomFile; if (!@copy($tempFilename, $newFileFullPath)) { $errorMessage = sprintf('Cannot copy temporary file from %s to %s.', $tempFilename, $newFileFullPath); $this->_template->assign('errorMessage', $errorMessage); $this->importSelectType(); return; } /* Try to remove the temp file; if it fails it doesn't matter. */ @unlink($tempFilename); /* Store the file ID as a valid file ID (so users can't inject other file ids to read files they shouldn't be reading. */ $_SESSION['CATS']->validImportFileIDs[] = $randomFile; if (!eval(Hooks::get('IMPORT_ON_IMPORT_3'))) { return; } switch ($dataType) { case 'Text File': $this->onImportDelimited($randomFile); break; default: $this->_template->assign('errorMessage', 'No parser exists for the specified data type.'); $this->importSelectType(); break; } }
/** * Creates an attachment to the specified data item from an HTTP POST file * upload. This will also pass the attachment along for text extraction and * indexing if requested. * * @param flag Data Item type flag. * @param integer Data Item ID. * @param string Name of HTTP POST file field. * @param boolean Is this a profile image attachment? * @param boolean Attempt to extract, store, and index the attachment's * text? * @return boolean Was the attachment created successfully? */ public function createFromUpload($dataItemType, $dataItemID, $fileField, $isProfileImage, $extractText) { /* Get file upload metadata. */ $originalFilename = $_FILES[$fileField]['name']; $tempFilename = $_FILES[$fileField]['tmp_name']; $contentType = $_FILES[$fileField]['type']; $fileSize = $_FILES[$fileField]['size']; $uploadError = $_FILES[$fileField]['error']; /* Recover from magic quotes. Note that tmp_name doesn't appear to * get escaped, and stripslashes() on it breaks on Windows. - Will */ if (get_magic_quotes_gpc()) { $originalFilename = stripslashes($originalFilename); $contentType = stripslashes($contentType); } /* Did a file upload error occur? */ if ($uploadError != UPLOAD_ERR_OK) { $this->_isError = true; $this->_error = FileUtility::getErrorMessage($uploadError); return false; } /* This usually indicates an error. */ if ($fileSize <= 0) { $this->_isError = true; $this->_error = 'File size is less than 1 byte.'; return false; } return $this->createGeneric($dataItemType, $dataItemID, $isProfileImage, $extractText, false, $originalFilename, $tempFilename, $contentType, false, true); }