/**
* Upload a resume
*
* @param object $database Database
* @param string $option Component name
* @param object $member Profile
* @return string
*/
protected function _upload($database, $option, $member)
{
$path = $this->build_path($member->get('id'));
$emp = Request::getInt('emp', 0);
if (!$path) {
$this->setError(Lang::txt('PLG_MEMBERS_RESUME_SUPPORT_NO_UPLOAD_DIRECTORY'));
return $this->_view($database, $option, $member, $emp);
}
// Check for request forgeries
Request::checkToken(['get', 'post']);
// Incoming file
$file = Request::getVar('uploadres', '', 'files', 'array');
if (!$file['name']) {
$this->setError(Lang::txt('PLG_MEMBERS_RESUME_SUPPORT_NO_FILE'));
return $this->_view($database, $option, $member, $emp);
}
// Incoming
$title = Request::getVar('title', '');
$default_title = $member->get('firstname') ? $member->get('firstname') . ' ' . $member->get('lastname') . ' ' . ucfirst(Lang::txt('PLG_MEMBERS_RESUME_RESUME')) : $member->get('name') . ' ' . ucfirst(Lang::txt('PLG_MEMBERS_RESUME_RESUME'));
$path = PATH_APP . $path;
// Replace file title with user name
$file_ext = substr($file['name'], strripos($file['name'], '.'));
$file['name'] = $member->get('firstname') ? $member->get('firstname') . ' ' . $member->get('lastname') . ' ' . ucfirst(Lang::txt('PLG_MEMBERS_RESUME_RESUME')) : $member->get('name') . ' ' . ucfirst(Lang::txt('PLG_MEMBERS_RESUME_RESUME'));
$file['name'] .= $file_ext;
// Make the filename safe
$file['name'] = Filesystem::clean($file['name']);
$file['name'] = str_replace(' ', '_', $file['name']);
$ext = strtolower(Filesystem::extension($file['name']));
if (!in_array($ext, explode(',', $this->params->get('file_ext', 'jpg,jpeg,jpe,bmp,tif,tiff,png,gif,pdf,txt,rtf,doc,docx,ppt')))) {
$this->setError(Lang::txt('Disallowed file type.'));
return $this->_view($database, $option, $member, $emp);
}
$row = new \Components\Jobs\Tables\Resume($database);
if (!$row->loadResume($member->get('id'))) {
$row = new \Components\Jobs\Tables\Resume($database);
$row->id = 0;
$row->uid = $member->get('id');
$row->main = 1;
} else {
if (file_exists($path . DS . $row->filename)) {
Filesystem::delete($path . DS . $row->filename);
// Remove stats for prev resume
$jobstats = new \Components\Jobs\Tables\JobStats($database);
$jobstats->deleteStats($member->get('id'), 'seeker');
}
}
// Perform the upload
if (!Filesystem::upload($file['tmp_name'], $path . DS . $file['name'])) {
$this->setError(Lang::txt('ERROR_UPLOADING'));
} else {
$fpath = $path . DS . $file['name'];
if (!Filesystem::isSafe($fpath)) {
Filesystem::delete($fpath);
$this->setError(Lang::txt('File rejected because the anti-virus scan failed.'));
return $this->_view($database, $option, $member, $emp);
}
// File was uploaded, create database entry
$title = htmlspecialchars($title);
$row->created = Date::toSql();
$row->filename = $file['name'];
$row->title = $title ? $title : $default_title;
if (!$row->check()) {
$this->setError($row->getError());
}
if (!$row->store()) {
$this->setError($row->getError());
}
}
return $this->_view($database, $option, $member, $emp);
}
/**
* Upload file
*
* @param string $name
* @param string $temp
* @return bool
*/
public function upload($name, $temp)
{
$destination = $this->getUploadDir() . DS . $this->get('comment_id');
if (!is_dir($destination)) {
if (!\Filesystem::makeDirectory($destination)) {
$this->addError('Unable to create upload path.');
return false;
}
}
$filename = $this->uniqueFilename(array('filename' => $name, 'comment_id' => $this->get('comment_id')));
$destination .= DS . $filename;
if (!\Filesystem::upload($temp, $destination)) {
$this->addError('Unable to upload file.');
return false;
}
$this->set('filename', $filename);
return true;
}
/**
* Uploads a file to a given directory and returns an attachment string
* that is appended to report/comment bodies
*
* @param string $listdir Directory to upload files to
* @return string A string that gets appended to messages
*/
public function upload($listdir, $post_id)
{
// Check if they are logged in
if (User::isGuest()) {
return;
}
if (!$listdir) {
$this->setError(Lang::txt('PLG_GROUPS_FORUM_NO_UPLOAD_DIRECTORY'));
return;
}
// Incoming file
$file = Request::getVar('upload', '', 'files', 'array');
if (!$file['name']) {
return;
}
// Incoming
$description = trim(Request::getVar('description', ''));
// Construct our file path
$path = PATH_APP . DS . trim($this->params->get('filepath', '/site/forum'), DS) . DS . $listdir;
if ($post_id) {
$path .= DS . $post_id;
}
// Build the path if it doesn't exist
if (!is_dir($path)) {
if (!Filesystem::makeDirectory($path)) {
$this->setError(Lang::txt('PLG_GROUPS_FORUM_UNABLE_TO_CREATE_UPLOAD_PATH'));
return;
}
}
// Make the filename safe
$file['name'] = Filesystem::clean($file['name']);
$file['name'] = str_replace(' ', '_', $file['name']);
$ext = strtolower(Filesystem::extension($file['name']));
// Perform the upload
if (!Filesystem::upload($file['tmp_name'], $path . DS . $file['name'])) {
$this->setError(Lang::txt('PLG_GROUPS_FORUM_ERROR_UPLOADING'));
return;
} else {
// File was uploaded
// Create database entry
$row = new \Components\Forum\Tables\Attachment($this->database);
$row->bind(array('id' => 0, 'parent' => $listdir, 'post_id' => $post_id, 'filename' => $file['name'], 'description' => $description));
if (!$row->check()) {
$this->setError($row->getError());
}
if (!$row->store()) {
$this->setError($row->getError());
}
}
}
/**
* Upload a file
*
* @since 1.5
*/
function upload()
{
$params = Component::params('com_media');
// Check for request forgeries
if (!Session::checkToken(['get', 'post'], true)) {
$response = array('status' => '0', 'error' => Lang::txt('JINVALID_TOKEN'));
echo json_encode($response);
return;
}
// Get the user
$log = JLog::getInstance('upload.error.php');
// Get some data from the request
$file = Request::getVar('Filedata', '', 'files', 'array');
$folder = Request::getVar('folder', '', '', 'path');
$return = Request::getVar('return-url', null, 'post', 'base64');
if ($_SERVER['CONTENT_LENGTH'] > $params->get('upload_maxsize', 0) * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > (int) ini_get('upload_max_filesize') * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > (int) ini_get('post_max_size') * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > (int) ini_get('memory_limit') * 1024 * 1024) {
$response = array('status' => '0', 'error' => Lang::txt('COM_MEDIA_ERROR_WARNFILETOOLARGE'));
echo json_encode($response);
return;
}
// Set FTP credentials, if given
JClientHelper::setCredentialsFromRequest('ftp');
// Make the filename safe
$file['name'] = Filesystem::clean($file['name']);
if (isset($file['name'])) {
// The request is valid
$err = null;
$filepath = \Hubzero\Filesystem\Util::normalizePath(COM_MEDIA_BASE . '/' . $folder . '/' . strtolower($file['name']));
if (!MediaHelper::canUpload($file, $err)) {
$log->addEntry(array('comment' => 'Invalid: ' . $filepath . ': ' . $err));
$response = array('status' => '0', 'error' => Lang::txt($err));
echo json_encode($response);
return;
}
// Trigger the onContentBeforeSave event.
$object_file = new \Hubzero\Base\Object($file);
$object_file->filepath = $filepath;
$result = Event::trigger('content.onContentBeforeSave', array('com_media.file', &$object_file, true));
if (in_array(false, $result, true)) {
// There are some errors in the plugins
$log->addEntry(array('comment' => 'Errors before save: ' . $filepath . ' : ' . implode(', ', $object_file->getErrors())));
$response = array('status' => '0', 'error' => Lang::txts('COM_MEDIA_ERROR_BEFORE_SAVE', count($errors = $object_file->getErrors()), implode('<br />', $errors)));
echo json_encode($response);
return;
}
if (Filesystem::exists($filepath)) {
// File exists
$log->addEntry(array('comment' => 'File exists: ' . $filepath . ' by user_id ' . User::get('id')));
$response = array('status' => '0', 'error' => Lang::txt('COM_MEDIA_ERROR_FILE_EXISTS'));
echo json_encode($response);
return;
} elseif (!User::authorise('core.create', 'com_media')) {
// File does not exist and user is not authorised to create
$log->addEntry(array('comment' => 'Create not permitted: ' . $filepath . ' by user_id ' . User::get('id')));
$response = array('status' => '0', 'error' => Lang::txt('COM_MEDIA_ERROR_CREATE_NOT_PERMITTED'));
echo json_encode($response);
return;
}
$file = (array) $object_file;
if (!Filesystem::upload($file['tmp_name'], $file['filepath'])) {
// Error in upload
$log->addEntry(array('comment' => 'Error on upload: ' . $filepath));
$response = array('status' => '0', 'error' => Lang::txt('COM_MEDIA_ERROR_UNABLE_TO_UPLOAD_FILE'));
echo json_encode($response);
return;
} else {
// Trigger the onContentAfterSave event.
Event::trigger('content.onContentAfterSave', array('com_media.file', &$object_file, true));
$log->addEntry(array('comment' => $folder));
$response = array('status' => '1', 'error' => Lang::txt('COM_MEDIA_UPLOAD_COMPLETE', substr($file['filepath'], strlen(COM_MEDIA_BASE))));
echo json_encode($response);
return;
}
} else {
$response = array('status' => '0', 'error' => Lang::txt('COM_MEDIA_ERROR_BAD_REQUEST'));
echo json_encode($response);
return;
}
}
/**
* Upload a file to the wiki
*
* @return void
*/
public function _fileUpload()
{
// Check if they're logged in
if (User::isGuest()) {
return $this->_files();
}
if (Request::getVar('no_html', 0)) {
return $this->_ajaxUpload();
}
// Check for request forgeries
Request::checkToken();
// Ensure we have an ID to work with
$listdir = Request::getInt('listdir', 0, 'post');
if (!$listdir) {
$this->setError(Lang::txt('PLG_COURSES_PAGES_ERROR_NO_ID_PROVIDED'));
return $this->_files();
}
// Incoming file
$file = Request::getVar('upload', '', 'files', 'array');
if (!$file['name']) {
$this->setError(Lang::txt('PLG_COURSES_PAGES_ERROR_NO_FILE_PROVIDED'));
return $this->_files();
}
// Build the upload path if it doesn't exist
$path = $this->_path();
if (!is_dir($path)) {
if (!Filesystem::makeDirectory($path)) {
$this->setError(Lang::txt('PLG_COURSES_PAGES_ERROR_UNABLE_TO_MAKE_PATH'));
return $this->_files();
}
}
// Make the filename safe
$file['name'] = urldecode($file['name']);
$file['name'] = Filesystem::clean($file['name']);
$file['name'] = str_replace(' ', '_', $file['name']);
// Upload new files
if (!Filesystem::upload($file['tmp_name'], $path . DS . $file['name'])) {
$this->setError(Lang::txt('PLG_COURSES_PAGES_ERROR_UNABLE_TO_UPLOAD'));
}
if (!Filesystem::isSafe($path . DS . $file['name'])) {
Filesystem::delete($path . DS . $file['name']);
$this->setError(Lang::txt('PLG_COURSES_PAGES_ERROR_UNSAFE_FILE'));
}
// Push through to the media view
return $this->_files();
}
/**
* Upload a file
*
* @return void
*/
public function uploadTask()
{
// Check if they're logged in
/*if (User::isGuest())
{
$this->displayTask();
return;
}*/
if (Request::getVar('no_html', 0)) {
return $this->ajaxUploadTask();
}
// Ensure we have an ID to work with
$ticket = Request::getInt('ticket', 0, 'post');
$comment = Request::getInt('comment', 0, 'post');
if (!$ticket) {
$this->setError(Lang::txt('COM_SUPPORT_NO_ID'));
$this->displayTask();
return;
}
// Incoming file
$file = Request::getVar('upload', '', 'files', 'array');
if (!$file['name']) {
$this->setError(Lang::txt('COM_SUPPORT_NO_FILE'));
$this->displayTask();
return;
}
// Build the upload path if it doesn't exist
$path = PATH_APP . DS . trim($this->config->get('filepath', '/site/tickets'), DS) . DS . $ticket;
if (!is_dir($path)) {
if (!Filesystem::makeDirectory($path)) {
$this->setError(Lang::txt('Error uploading. Unable to create path.'));
$this->displayTask();
return;
}
}
// Make the filename safe
$file['name'] = urldecode($file['name']);
$file['name'] = Filesystem::clean($file['name']);
$file['name'] = str_replace(' ', '_', $file['name']);
$ext = Filesystem::extension($file['name']);
$filename = Filesystem::name($file['name']);
while (file_exists($path . DS . $filename . '.' . $ext)) {
$filename .= rand(10, 99);
}
//make sure that file is acceptable type
if (!in_array($ext, explode(',', $this->config->get('file_ext')))) {
$this->setError(Lang::txt('COM_SUPPORT_ERROR_INCORRECT_FILE_TYPE'));
echo $this->getError();
return;
}
$filename .= '.' . $ext;
// Upload new files
if (!\Filesystem::upload($file['tmp_name'], $path . DS . $filename)) {
$this->setError(Lang::txt('ERROR_UPLOADING'));
} else {
$fle = $path . DS . $filename;
if (!\Filesystem::isSafe($file)) {
if (\Filesystem::delete($file)) {
$this->setError(Lang::txt('ATTACHMENT: File rejected because the anti-virus scan failed.'));
echo $this->getError();
return;
}
}
// Create database entry
$asset = new Attachment();
$asset->bind(array('id' => 0, 'ticket' => $ticket, 'comment_id' => $comment, 'filename' => $filename, 'description' => Request::getVar('description', '')));
if (!$asset->store(true)) {
$this->setError($asset->getError());
}
}
// Push through to the media view
$this->displayTask();
}
/**
* Upload a screenshot
*
* @return void
*/
public function uploadTask()
{
// Incoming
$pid = Request::getInt('pid', 0);
if (!$pid) {
$this->setError(Lang::txt('COM_TOOLS_CONTRIBUTE_NO_ID'));
$this->displayTask($pid, $version);
return;
}
$version = Request::getVar('version', 'dev');
$title = preg_replace('/\\s+/', ' ', Request::getVar('title', ''));
$allowed = array('.gif', '.jpg', '.png', '.bmp');
$changing_version = Request::getInt('changing_version', 0);
if ($changing_version) {
// reload screen
$this->displayTask($pid, $version);
return;
}
// Get resource information
$resource = new \Components\Resources\Tables\Resource($this->database);
$resource->load($pid);
// Incoming file
$file = Request::getVar('upload', '', 'files', 'array');
if (!$file['name']) {
$this->setError(Lang::txt('COM_TOOLS_CONTRIBUTE_NO_FILE'));
$this->displayTask($pid, $version);
return;
}
// Make the filename safe
$file['name'] = Filesystem::clean($file['name']);
$file['name'] = str_replace(' ', '_', $file['name']);
$file['name'] = str_replace('-tn', '', $file['name']);
$file_basename = substr($file['name'], 0, strripos($file['name'], '.'));
// strip extention
$file_ext = substr($file['name'], strripos($file['name'], '.'));
// Make sure we have an allowed format
if (!in_array(strtolower($file_ext), $allowed)) {
$this->setError(Lang::txt('COM_TOOLS_CONTRIBUTE_WRONG_FILE_FORMAT'));
$this->displayTask($pid, $version);
return;
}
// Get version id
$objV = new \Components\Tools\Tables\Version($this->database);
$vid = $objV->getVersionIdFromResource($pid, $version);
if ($vid == NULL) {
$this->setError(Lang::txt('COM_TOOLS_CONTRIBUTE_VERSION_ID_NOT_FOUND'));
$this->displayTask($pid, $version);
return;
}
// Instantiate a new screenshot object
$row = new \Components\Resources\Tables\Screenshot($this->database);
// Check if file with the same name already exists
$files = $row->getFiles($pid, $vid);
if (count($files) > 0) {
$files = \Components\Tools\Helpers\Utils::transform($files, 'filename');
foreach ($files as $f) {
if ($f == $file['name']) {
// append extra characters in the end
$file['name'] = $file_basename . '_' . time() . $file_ext;
$file_basename = $file_basename . '_' . time();
}
}
}
$row->title = preg_replace('/"((.)*?)"/i', "“\\1”", $title);
$row->versionid = $vid;
$ordering = $row->getLastOrdering($pid, $vid);
$row->ordering = $ordering ? $ordering + 1 : count($files) + 1;
// put in the end
$row->filename = $file['name'];
$row->resourceid = $pid;
// Check content
if (!$row->check()) {
$this->setError($row->getError());
$this->displayTask($pid, $version);
return;
}
// Build the path
include_once PATH_CORE . DS . 'components' . DS . 'com_resources' . DS . 'helpers' . DS . 'html.php';
$listdir = \Components\Resources\Helpers\Html::build_path($resource->created, $pid, '');
$listdir .= DS . $vid;
$path = $this->_buildUploadPath($listdir, '');
// Make sure the upload path exist
if (!is_dir($path)) {
if (!Filesystem::makeDirectory($path)) {
$this->setError(Lang::txt('COM_TOOLS_UNABLE_TO_CREATE_UPLOAD_PATH') . $path);
$this->displayTask($pid, $version);
return;
}
}
// Perform the upload
if (!\Filesystem::upload($file['tmp_name'], $path . DS . $file['name'])) {
$this->setError(Lang::txt('COM_TOOLS_ERROR_UPLOADING'));
} else {
// Store new content
if (!$row->store()) {
$this->setError($row->getError());
$this->displayTask($pid, $version);
return;
}
if (!$row->id) {
$row->id = $row->insertid();
}
// Create thumbnail
$ss_height = intval($this->config->get('screenshot_maxheight', 58)) > 30 ? intval($this->config->get('screenshot_maxheight', 58)) : 58;
$ss_width = intval($this->config->get('screenshot_maxwidth', 91)) > 80 ? intval($this->config->get('screenshot_maxwidth', 91)) : 91;
$tn = \Components\Resources\Helpers\Html::thumbnail($file['name']);
if ($file_ext != '.swf') {
$this->_createThumb($path . DS . $file['name'], $ss_width, $ss_height, $path, $tn);
} else {
//$this->_createAnimThumb($path . DS . $file['name'], $ss_width, $ss_height, $path, $tn);
}
}
// Store new content
if (!$row->store()) {
$this->setError($row->getError());
$this->displayTask($pid, $version);
return;
}
$this->_rid = $pid;
// Push through to the screenshot view
$this->displayTask($pid, $version);
}
/**
* Upload a file
*
* @param integer $listdir Wish ID
* @return string
*/
public function uploadTask($listdir)
{
if (!$listdir) {
$this->setError(Lang::txt('COM_WISHLIST_ERROR_NO_UPLOAD_DIRECTORY'));
return '';
}
// Incoming file
$file = Request::getVar('upload', array(), 'files', 'array');
if (!isset($file['name']) || !$file['name']) {
$this->setError(Lang::txt('COM_WISHLIST_ERROR_NO_FILE'));
return '';
}
// Make the filename safe
$file['name'] = \Filesystem::clean($file['name']);
$file['name'] = str_replace(' ', '_', $file['name']);
//make sure that file is acceptable type
$attachment = new Attachment(array('id' => 0, 'description' => Request::getVar('description', ''), 'wish' => $listdir, 'filename' => $file['name']));
// make sure that file is acceptable type
if (!$attachment->isAllowedType()) {
$this->setError(Lang::txt('ATTACHMENT: Incorrect file type.'));
return Lang::txt('ATTACHMENT: Incorrect file type.');
}
$path = $attachment->link('dir');
// Build the path if it doesn't exist
if (!is_dir($path)) {
if (!\Filesystem::makeDirectory($path)) {
$this->setError(Lang::txt('COM_WISHLIST_UNABLE_TO_CREATE_UPLOAD_PATH'));
return 'ATTACHMENT: ' . Lang::txt('COM_WISHLIST_UNABLE_TO_CREATE_UPLOAD_PATH');
}
}
// Perform the upload
if (!\Filesystem::upload($file['tmp_name'], $path . DS . $file['name'])) {
$this->setError(Lang::txt('COM_WISHLIST_ERROR_UPLOADING'));
return 'ATTACHMENT: ' . Lang::txt('COM_WISHLIST_ERROR_UPLOADING');
} else {
// Scan for viruses
$path = $path . DS . $file['name'];
//PATH_CORE . DS . 'virustest';
if (!\Filesystem::isSafe($path)) {
if (\Filesystem::delete($path)) {
$this->setError(Lang::txt('ATTACHMENT: File rejected because the anti-virus scan failed.'));
return Lang::txt('ATTACHMENT: File rejected because the anti-virus scan failed.');
}
}
if (!$attachment->store(true)) {
$this->setError($attachment->getError());
}
return '{attachment#' . $attachment->get('id') . '}';
}
}
/**
* Upload a file or create a new folder
*
* @return void
*/
public function uploadTask()
{
// Check for request forgeries
Request::checkToken();
// Incoming directory (this should be a path built from a resource ID and its creation year/month)
$listdir = Request::getVar('listdir', '', 'post');
if (!$listdir) {
$this->setError(Lang::txt('COM_RESOURCES_ERROR_NO_LISTDIR'));
$this->displayTask();
return;
}
// Incoming sub-directory
$subdir = Request::getVar('dirPath', '', 'post');
// Build the path
$path = Utilities::buildUploadPath($listdir, $subdir);
// Are we creating a new folder?
$foldername = Request::getVar('foldername', '', 'post');
if ($foldername != '') {
// Make sure the name is valid
if (preg_match("/[^0-9a-zA-Z_]/i", $foldername)) {
$this->setError(Lang::txt('COM_RESOURCES_ERROR_DIR_INVALID_CHARACTERS'));
} else {
if (!is_dir($path . DS . $foldername)) {
if (!\Filesystem::makeDirectory($path . DS . $foldername)) {
$this->setError(Lang::txt('COM_RESOURCES_ERROR_UNABLE_TO_CREATE_UPLOAD_PATH'));
}
} else {
$this->setError(Lang::txt('COM_RESOURCES_ERROR_DIR_EXISTS'));
}
}
// Directory created
} else {
// Make sure the upload path exist
if (!is_dir($path)) {
if (!\Filesystem::makeDirectory($path)) {
$this->setError(Lang::txt('COM_RESOURCES_ERROR_UNABLE_TO_CREATE_UPLOAD_PATH'));
$this->displayTask();
return;
}
}
// Incoming file
$file = Request::getVar('upload', '', 'files', 'array');
if (!$file['name']) {
$this->setError(Lang::txt('COM_RESOURCES_ERROR_NO_FILE'));
$this->displayTask();
return;
}
// Make the filename safe
$file['name'] = \Filesystem::clean($file['name']);
// Ensure file names fit.
$ext = \Filesystem::extension($file['name']);
$file['name'] = str_replace(' ', '_', $file['name']);
if (strlen($file['name']) > 230) {
$file['name'] = substr($file['name'], 0, 230);
$file['name'] .= '.' . $ext;
}
// Perform the upload
if (!\Filesystem::upload($file['tmp_name'], $path . DS . $file['name'])) {
$this->setError(Lang::txt('COM_RESOURCES_ERROR_UPLOADING'));
} else {
// File was uploaded
// Was the file an archive that needs unzipping?
$batch = Request::getInt('batch', 0, 'post');
if ($batch) {
//build path
$path = rtrim($path, DS) . DS;
$escaped_file = escapeshellarg($path . $file['name']);
//determine command to uncompress
switch ($ext) {
case 'gz':
$cmd = "tar zxvf {$escaped_file} -C {$path}";
break;
case 'tar':
$cmd = "tar xvf {$escaped_file} -C {$path}";
break;
case 'zip':
default:
$cmd = "unzip -o {$escaped_file} -d {$path}";
}
//unzip file
if ($result = shell_exec($cmd)) {
// Remove original archive
\Filesystem::delete($path . $file['name']);
// Remove MACOSX dirs if there
if (\Filesystem::exists($path . '__MACOSX')) {
\Filesystem::deleteDirectory($path . '__MACOSX');
}
//remove ._ files
$dotFiles = \Filesystem::files($path, '._[^\\s]*', true, true);
foreach ($dotFiles as $dotFile) {
\Filesystem::delete($dotFile);
}
}
}
}
}
// Push through to the media view
$this->displayTask();
}
/**
* Upload an image
*
* @return void
*/
public function uploadTask()
{
// Check for request forgeries
Request::checkToken();
// Incoming
$id = Request::getInt('id', 0);
if (!$id) {
$this->setError(Lang::txt('COM_STORE_FEEDBACK_NO_ID'));
$this->displayTask($id);
return;
}
// Incoming file
$file = Request::getVar('upload', '', 'files', 'array');
if (!$file['name']) {
$this->setError(Lang::txt('COM_STORE_FEEDBACK_NO_FILE'));
$this->displayTask($id);
return;
}
// Build upload path
$path = PATH_APP . DS . trim($this->config->get('webpath', '/site/store'), DS) . DS . $id;
if (!is_dir($path)) {
if (!\Filesystem::makeDirectory($path)) {
$this->setError(Lang::txt('COM_STORE_UNABLE_TO_CREATE_UPLOAD_PATH'));
$this->displayTask($id);
return;
}
}
// Make the filename safe
$file['name'] = \Filesystem::clean($file['name']);
$file['name'] = str_replace(' ', '_', $file['name']);
require_once dirname(dirname(__DIR__)) . DS . 'helpers' . DS . 'imghandler.php';
// Perform the upload
if (!\Filesystem::upload($file['tmp_name'], $path . DS . $file['name'])) {
$this->setError(Lang::txt('COM_STORE_ERROR_UPLOADING'));
} else {
$ih = new ImgHandler();
// Do we have an old file we're replacing?
if ($curfile = Request::getVar('currentfile', '')) {
// Remove old image
if (file_exists($path . DS . $curfile)) {
if (!\Filesystem::delete($path . DS . $curfile)) {
$this->setError(Lang::txt('COM_STORE_UNABLE_TO_DELETE_FILE'));
$this->displayTask($id);
return;
}
}
// Get the old thumbnail name
$curthumb = $ih->createThumbName($curfile);
// Remove old thumbnail
if (file_exists($path . DS . $curthumb)) {
if (!\Filesystem::delete($path . DS . $curthumb)) {
$this->setError(Lang::txt('COM_STORE_UNABLE_TO_DELETE_FILE'));
$this->displayTask($id);
return;
}
}
}
// Create a thumbnail image
$ih->set('image', $file['name']);
$ih->set('path', $path . DS);
$ih->set('maxWidth', 80);
$ih->set('maxHeight', 80);
$ih->set('cropratio', '1:1');
$ih->set('outputName', $ih->createThumbName());
if (!$ih->process()) {
$this->setError($ih->getError());
}
}
// Push through to the image view
$this->displayTask($id);
}
/**
* Upload a file
*
* @return void
*/
public function uploadTask()
{
if (Request::getVar('no_html', 0)) {
return $this->ajaxUploadTask();
}
// Check for request forgeries
Request::checkToken();
// Incoming
$id = Request::getInt('id', 0);
if (!$id) {
$this->setError(Lang::txt('COM_STOREFRONT_ERROR_NO_ID'));
$this->displayTask('', $id);
return;
}
// Build the path
$type = strtolower(Request::getWord('type', ''));
$path = $this->_path($type, $id);
if (!$path) {
$this->displayTask('', $id);
return;
}
// Incoming file
$file = Request::getVar('upload', '', 'files', 'array');
if (!$file['name']) {
$this->setError(Lang::txt('COM_STOREFRONT_NO_FILE'));
$this->displayTask('', $id);
return;
}
$curfile = Request::getVar('curfile', '');
if (!is_dir($path)) {
if (!Filesystem::makeDirectory($path)) {
$this->setError(Lang::txt('COM_STOREFRONT_ERROR_UNABLE_TO_CREATE_UPLOAD_PATH'));
$this->displayTask('', $id);
return;
}
}
// Make the filename safe
$file['name'] = Filesystem::clean($file['name']);
$file['name'] = str_replace(' ', '_', $file['name']);
// Perform the upload
if (!Filesystem::upload($file['tmp_name'], $path . DS . $file['name'])) {
$this->setError(Lang::txt('COM_STOREFRONT_ERROR_UPLOADING'));
$file = $curfile;
} else {
if (!Filesystem::isSafe($path . DS . $file['name'])) {
Filesystem::delete($path . DS . $file['name']);
$this->setError(Lang::txt('COM_STOREFRONT_ERROR_FILE_UNSAFE'));
$this->displayTask($curfile, $id);
return;
}
// Do we have an old file we're replacing?
if ($curfile = Request::getVar('currentfile', '')) {
// Remove old image
if (file_exists($path . DS . $curfile)) {
if (!Filesystem::delete($path . DS . $curfile)) {
$this->setError(Lang::txt('COM_COURSES_ERROR_UNABLE_TO_DELETE_FILE'));
$this->displayTask($file['name'], $id);
return;
}
}
}
switch ($type) {
case 'product':
// Instantiate a model, change some info and save
$product = new Product($id);
$product->setImage($file['name']);
break;
default:
echo json_encode(array('error' => Lang::txt('COM_STOREFRONT_ERROR_INVALID_TYPE')));
return;
break;
}
if (!$product->update()) {
$this->setError('Error updating product');
}
$file = $file['name'];
}
// Push through to the image view
$this->displayTask($file, $id);
}
/**
* Upload one or more files
*
* @since 1.5
*/
public function upload()
{
// Check for request forgeries
Session::checkToken(['get', 'post']);
$params = Component::params('com_media');
// Get some data from the request
$files = Request::getVar('Filedata', '', 'files', 'array');
$return = Request::getVar('return-url', null, 'post', 'base64');
$this->folder = Request::getVar('folder', '', '', 'path');
// Set the redirect
if ($return) {
$this->setRedirect(base64_decode($return) . '&folder=' . $this->folder);
}
// Authorize the user
if (!$this->authoriseUser('create')) {
return false;
}
if ($_SERVER['CONTENT_LENGTH'] > $params->get('upload_maxsize', 0) * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > (int) ini_get('upload_max_filesize') * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > (int) ini_get('post_max_size') * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > (int) ini_get('memory_limit') * 1024 * 1024 && (int) ini_get('memory_limit') != -1) {
Notify::warning(Lang::txt('COM_MEDIA_ERROR_WARNFILETOOLARGE'));
return false;
}
// Input is in the form of an associative array containing numerically indexed arrays
// We want a numerically indexed array containing associative arrays
// Cast each item as array in case the Filedata parameter was not sent as such
$files = array_map(array($this, 'reformatFilesArray'), (array) $files['name'], (array) $files['type'], (array) $files['tmp_name'], (array) $files['error'], (array) $files['size']);
// Perform basic checks on file info before attempting anything
foreach ($files as &$file) {
if ($file['error'] == 1) {
Notify::warning(Lang::txt('COM_MEDIA_ERROR_WARNFILETOOLARGE'));
return false;
}
if ($file['size'] > $params->get('upload_maxsize', 0) * 1024 * 1024) {
Notify::warning(Lang::txt('COM_MEDIA_ERROR_WARNFILETOOLARGE'));
return false;
}
if (Filesystem::exists($file['filepath'])) {
// A file with this name already exists
Notify::warning(Lang::txt('COM_MEDIA_ERROR_FILE_EXISTS'));
return false;
}
if (!isset($file['name'])) {
// No filename (after the name was cleaned by Filesystem::clean()
$this->setRedirect('index.php', Lang::txt('COM_MEDIA_INVALID_REQUEST'), 'error');
return false;
}
}
// Set FTP credentials, if given
JClientHelper::setCredentialsFromRequest('ftp');
foreach ($files as &$file) {
// The request is valid
$err = null;
if (!MediaHelper::canUpload($file, $err)) {
// The file can't be upload
Notify::warning(Lang::txt($err));
return false;
}
// Trigger the onContentBeforeSave event.
$object_file = new \Hubzero\Base\Object($file);
$result = Event::trigger('content.onContentBeforeSave', array('com_media.file', &$object_file, true));
if (in_array(false, $result, true)) {
// There are some errors in the plugins
Notify::warning(Lang::txts('COM_MEDIA_ERROR_BEFORE_SAVE', count($errors = $object_file->getErrors()), implode('<br />', $errors)));
return false;
}
if (!Filesystem::upload($file['tmp_name'], $file['filepath'])) {
// Error in upload
Notify::warning(Lang::txt('COM_MEDIA_ERROR_UNABLE_TO_UPLOAD_FILE'));
return false;
} else {
// Trigger the onContentAfterSave event.
Event::trigger('content.onContentAfterSave', array('com_media.file', &$object_file, true));
$this->setMessage(Lang::txt('COM_MEDIA_UPLOAD_COMPLETE', substr($file['filepath'], strlen(COM_MEDIA_BASE))));
}
}
return true;
}
/**
* Save an attachment
*
* @return void
*/
public function saveTask()
{
if (Request::getVar('no_html', 0)) {
return $this->ajaxUploadTask();
}
// Incoming
$pid = Request::getInt('pid', 0);
if (!$pid) {
$this->setError(Lang::txt('CONTRIBUTE_NO_ID'));
$this->displayTask($pid);
return;
}
// Incoming file
$file = Request::getVar('upload', '', 'files', 'array');
if (!$file['name']) {
$this->setError(Lang::txt('CONTRIBUTE_NO_FILE'));
$this->displayTask($pid);
return;
}
// Make the filename safe
$file['name'] = \Filesystem::clean($file['name']);
// Ensure file names fit.
$ext = \Filesystem::extension($file['name']);
$file['name'] = str_replace(' ', '_', $file['name']);
if (strlen($file['name']) > 230) {
$file['name'] = substr($file['name'], 0, 230);
$file['name'] .= '.' . $ext;
}
// Instantiate a new resource object
$row = new Resource($this->database);
if (!$row->bind($_POST)) {
$this->setError($row->getError());
$this->displayTask($pid);
return;
}
$row->title = $row->title ? $row->title : $file['name'];
$row->introtext = $row->title;
$row->created = Date::toSql();
$row->created_by = User::get('id');
$row->published = 1;
$row->publish_up = Date::toSql();
$row->publish_down = '0000-00-00 00:00:00';
$row->standalone = 0;
$row->path = '';
// make sure no path is specified just yet
// Check content
if (!$row->check()) {
$this->setError($row->getError());
$this->displayTask($pid);
return;
}
// File already exists
if ($row->loadByFile($file['name'], $pid)) {
$this->setError(Lang::txt('A file with this name and type appears to already exist.'));
$this->displayTask($pid);
return;
}
// Store new content
if (!$row->store()) {
$this->setError($row->getError());
$this->displayTask($pid);
return;
}
if (!$row->id) {
$row->id = $row->insertid();
}
// Build the path
$listdir = $this->_buildPathFromDate($row->created, $row->id, '');
$path = $this->_buildUploadPath($listdir, '');
// Make sure the upload path exist
if (!is_dir($path)) {
if (!\Filesystem::makeDirectory($path)) {
$this->setError(Lang::txt('COM_CONTRIBUTE_UNABLE_TO_CREATE_UPLOAD_PATH'));
$this->displayTask($pid);
return;
}
}
// Perform the upload
if (!\Filesystem::upload($file['tmp_name'], $path . DS . $file['name'])) {
$this->setError(Lang::txt('COM_CONTRIBUTE_ERROR_UPLOADING'));
} else {
// File was uploaded
// Check the file type
$row->type = $this->_getChildType($file['name']);
// If it's a package (ZIP, etc) ...
/*
Breeze presentations haven't been used for some time.
Completely unnecessary code?
if ($row->type == 38)
{
require_once(PATH_CORE . DS . 'includes' . DS . 'pcl' . DS . 'pclzip.lib.php');
if (!extension_loaded('zlib'))
{
$this->setError(Lang::txt('COM_CONTRIBUTE_ZLIB_PACKAGE_REQUIRED'));
}
else
{
// Check the table of contents and look for a Breeze viewer.swf file
$isbreeze = 0;
$zip = new PclZip($path . DS . $file['name']);
$file_to_unzip = preg_replace('/(.+)\..*$/', '$1', $path . DS . $file['name']);
if (($list = $zip->listContent()) == 0)
{
die('Error: '.$zip->errorInfo(true));
}
for ($i=0; $i<sizeof($list); $i++)
{
if (substr($list[$i]['filename'], strlen($list[$i]['filename']) - 10, strlen($list[$i]['filename'])) == 'viewer.swf')
{
$isbreeze = $list[$i]['filename'];
break;
}
//$this->setError(substr($list[$i]['filename'], strlen($list[$i]['filename']), -4).' '.substr($file['name'], strlen($file['name']), -4));
}
if (!$isbreeze)
{
for ($i=0; $i<sizeof($list); $i++)
{
if (strtolower(substr($list[$i]['filename'], -3)) == 'swf'
&& substr($list[$i]['filename'], strlen($list[$i]['filename']), -4) == substr($file['name'], strlen($file['name']), -4))
{
$isbreeze = $list[$i]['filename'];
break;
}
//$this->setError(substr($list[$i]['filename'], strlen($list[$i]['filename']), -4).' '.substr($file['name'], strlen($file['name']), -4));
}
}
// It IS a breeze presentation
if ($isbreeze)
{
// unzip the file
$do = $zip->extract($path);
if (!$do)
{
$this->setError(Lang::txt('COM_CONTRIBUTE_UNABLE_TO_EXTRACT_PACKAGE'));
}
else
{
$row->path = $listdir . DS . $isbreeze;
@unlink($path . DS . $file['name']);
}
$row->type = $this->_getChildType($row->path);
$row->title = $isbreeze;
}
}
}*/
}
// Scan for viruses
$fpath = $path . DS . $file['name'];
if (!\Filesystem::isSafe($fpath)) {
if (\Filesystem::delete($fpath)) {
// Delete associations to the resource
$row->deleteExistence();
// Delete resource
$row->delete();
}
$this->setError(Lang::txt('File rejected because the anti-virus scan failed.'));
$this->displayTask($pid);
return;
}
if (!$row->path) {
$row->path = $listdir . DS . $file['name'];
}
$row->path = ltrim($row->path, DS);
// Store new content
if (!$row->store()) {
$this->setError($row->getError());
$this->displayTask($pid);
return;
}
// Instantiate a Resources Assoc object
$assoc = new Assoc($this->database);
// Get the last child in the ordering
$assoc->ordering = $assoc->getLastOrder($pid);
$assoc->ordering = $assoc->ordering ? $assoc->ordering : 0;
// Increase the ordering - new items are always last
$assoc->ordering++;
// Create new parent/child association
$assoc->parent_id = $pid;
$assoc->child_id = $row->id;
$assoc->grouping = 0;
if (!$assoc->check()) {
$this->setError($assoc->getError());
}
if (!$assoc->store(true)) {
$this->setError($assoc->getError());
} else {
if (is_readable($path . DS . $file['name'])) {
$hash = @sha1_file($path . DS . $file['name']);
if (!empty($hash)) {
$this->database->setQuery('SELECT id FROM `#__document_text_data` WHERE hash = \'' . $hash . '\'');
if (!($doc_id = $this->database->loadResult())) {
$this->database->execute('INSERT INTO `#__document_text_data` (hash) VALUES (\'' . $hash . '\')');
$doc_id = $this->database->insertId();
}
$this->database->execute('INSERT IGNORE INTO `#__document_resource_rel` (document_id, resource_id) VALUES (' . (int) $doc_id . ', ' . (int) $row->id . ')');
system('/usr/bin/textifier ' . escapeshellarg($path . DS . $file['name']) . ' >/dev/null');
}
}
}
// Push through to the attachments view
$this->displayTask($pid);
}
/**
* Validate data
*
* @return boolean True if data is valid
*/
public function check()
{
$this->content = trim($this->content);
if (!$this->content || $this->content == Lang::txt('Enter your comments...')) {
$this->setError(Lang::txt('Please provide a comment'));
return false;
}
$this->item_id = intval($this->item_id);
if (!$this->item_id) {
$this->setError(Lang::txt('Missing entry ID.'));
return false;
}
$this->item_type = strtolower(preg_replace("/[^a-zA-Z0-9\\-]/", '', trim($this->item_type)));
if (!$this->item_type) {
$this->setError(Lang::txt('Missing entry type.'));
return false;
}
if (!$this->created_by) {
$this->created_by = User::get('id');
}
if (!$this->id) {
$this->created = Date::toSql();
$this->state = 1;
} else {
$this->modified_by = User::get('id');
$this->modified = Date::toSql();
}
// Check file attachment
$fieldName = 'commentFile';
if (!empty($_FILES[$fieldName])) {
//any errors the server registered on uploading
$fileError = $_FILES[$fieldName]['error'];
if ($fileError > 0) {
switch ($fileError) {
case 1:
$this->setError(Lang::txt('FILE TO LARGE THAN PHP INI ALLOWS'));
return false;
break;
case 2:
$this->setError(Lang::txt('FILE TO LARGE THAN HTML FORM ALLOWS'));
return false;
break;
case 3:
$this->setError(Lang::txt('ERROR PARTIAL UPLOAD'));
return false;
break;
case 4:
return true;
break;
}
}
//check for filesize
$fileSize = $_FILES[$fieldName]['size'];
if ($fileSize > 2000000) {
$this->setError(Lang::txt('FILE BIGGER THAN 2MB'));
return false;
}
//check the file extension is ok
$fileName = $_FILES[$fieldName]['name'];
$uploadedFileNameParts = explode('.', $fileName);
$uploadedFileExtension = array_pop($uploadedFileNameParts);
$validFileExts = $this->getAllowedExtensions();
//assume the extension is false until we know its ok
$extOk = false;
//go through every ok extension, if the ok extension matches the file extension (case insensitive)
//then the file extension is ok
foreach ($validFileExts as $key => $value) {
if (preg_match("/{$value}/i", $uploadedFileExtension)) {
$extOk = true;
}
}
if ($extOk == false) {
$this->setError(Lang::txt('Invalid Extension. Only these file types allowed: ' . implode(', ', $this->getAllowedExtensions())));
return false;
}
//the name of the file in PHP's temp directory that we are going to move to our folder
$fileTemp = $_FILES[$fieldName]['tmp_name'];
//lose any special characters in the filename
$fileName = preg_replace("/[^A-Za-z0-9.]/i", "-", $fileName);
//always use constants when making file paths, to avoid the possibilty of remote file inclusion
$uploadDir = $this->getUploadDir();
// check if file exists -- rename if needed
$fileName = $this->checkFileName($uploadDir, $fileName);
$uploadPath = $uploadDir . DS . $fileName;
if (!\Filesystem::upload($fileTemp, $uploadPath)) {
$this->setError(Lang::txt('ERROR MOVING FILE'));
return false;
}
$this->attachmentNames = array($fileName);
}
return true;
}
/**
* Store changes to this database entry
*
* @param boolean $check Perform data validation check?
* @return boolean False if error, True on success
*/
public function store($check = true)
{
$result = parent::store($check);
if ($result) {
// Check file attachment
$fieldName = 'comment_file';
if (!empty($_FILES[$fieldName]) && !empty($_FILES[$fieldName]['name'])) {
if ($_FILES[$fieldName]['error']) {
$this->setError(\Lang::txt('PLG_HUBZERO_COMMENTS_ERROR_UPLOADING_FILE'));
}
$file = new Attachment();
$file->set('comment_id', $this->get('id'));
$fileName = $_FILES[$fieldName]['name'];
// the name of the file in PHP's temp directory that we are going to move to our folder
$fileTemp = $_FILES[$fieldName]['tmp_name'];
// lose any special characters in the filename
$fileName = preg_replace("/[^A-Za-z0-9.]/i", '-', $fileName);
// always use constants when making file paths, to avoid the possibilty of remote file inclusion
$uploadDir = $file->link('base');
if (!is_dir($uploadDir)) {
if (!\Filesystem::makeDirectory($uploadDir)) {
$this->setError(\Lang::txt('PLG_HUBZERO_COMMENTS_UNABLE_TO_CREATE_UPLOAD_PATH'));
}
}
if (!$this->getError()) {
// check if file exists -- rename if needed
$ext = strrchr($fileName, '.');
$prefix = substr($fileName, 0, -strlen($ext));
// rename file if exists
$i = 1;
while (is_file($uploadDir . DS . $fileName)) {
$fileName = $prefix . ++$i . $ext;
}
$uploadPath = $uploadDir . DS . $fileName;
if (!\Filesystem::upload($fileTemp, $uploadPath)) {
$this->setError(\Lang::txt('PLG_HUBZERO_COMMENTS_ERROR_MOVING_FILE'));
} else {
$file->set('filename', $fileName);
$file->store();
}
}
}
}
return $result;
}