/** * Gets called when custom data is to be added for a file custom data can for example be * plugin specific name value items that should get added into a file listning. * * @param MCManager $man MCManager reference that the plugin is assigned to. * @param BaseFile $file File reference to add custom info/data to. * @param string $type Where is the info needed for example list or info. * @param Array $custom Name/Value array to add custom items to. * @return bool true/false if the execution of the event chain should continue. */ function onCustomInfo(&$man, &$file, $type, &$input) { switch ($type) { case "list": $input['previewable'] = $file->isFile() && $man->verifyFile($file, "preview") >= 0; break; } return true; // Pass to next }
/** * Gets called when data is streamed/uploaded from client. This method should take care of * any uploaded files and move them to the correct location. * * @param MCManager $man MCManager reference that the plugin is assigned to. * @param string $cmd Upload command that is to be performed. * @param string $input Array of input arguments. * @return object Result object data or null if the event wasn't handled. */ function onUpload(&$man, $cmd, $input) { if ($cmd == "upload") { // Setup response $result = new Moxiecode_ResultSet("status,file,message"); $path = $man->decryptPath($input["path"]); $config = $man->getConfig(); // Check for flash upload if (isset($_FILES["Filedata"])) { $_FILES["file0"]["name"] = $_FILES["Filedata"]["name"]; $_FILES["file0"]["type"] = $_FILES["Filedata"]["type"]; $_FILES["file0"]["tmp_name"] = $_FILES["Filedata"]["tmp_name"]; $_FILES["file0"]["error"] = $_FILES["Filedata"]["error"]; $_FILES["file0"]["size"] = $_FILES["Filedata"]["size"]; // Remove extension, will be added later. $input["name0"] = substr($_FILES["Filedata"]["name"], 0, strrpos($_FILES["Filedata"]["name"], ".")); } if ($man->verifyPath($path)) { $file =& $man->getFile($path); $config = $file->getConfig(); $maxSizeBytes = preg_replace("/[^0-9]/", "", $config["upload.maxsize"]); if (strpos(strtolower($config["upload.maxsize"]), "k") > 0) { $maxSizeBytes *= 1024; } if (strpos(strtolower($config["upload.maxsize"]), "m") > 0) { $maxSizeBytes *= 1024 * 1024; } // Ok lets check the files array out. for ($i = 0; isset($_FILES['file' . $i]['tmp_name']); $i++) { $filename = utf8_encode($input["name" . $i]); // Do nothing in demo mode if (checkBool($config['general.demo'])) { $result->add("DEMO_ERROR", $man->encryptPath($file->getAbsolutePath()), "{#error.demo}"); continue; } // No access, tool disabled if (in_array("upload", explode(',', $config['general.disabled_tools'])) || !$file->canWrite() || !checkBool($config["filesystem.writable"])) { $result->add("ACCESS_ERROR", $man->encryptPath($file->getAbsolutePath()), "{#error.no_access}"); continue; } // Get ext to glue back on $ext = ""; if (strpos(basename($_FILES['file' . $i]['name']), ".") > 0) { $ar = explode('.', basename($_FILES['file' . $i]['name'])); $ext = array_pop($ar); } $file =& $man->getFile($path, $filename . "." . $ext, "", MC_IS_FILE); if ($man->verifyFile($file, "upload") < 0) { $result->add("ACCESS_ERROR", $man->encryptPath($file->getAbsolutePath()), $man->getInvalidFileMsg()); continue; } $config = $file->getConfig(); if (is_uploaded_file($_FILES['file' . $i]['tmp_name'])) { // Hack attempt if ($filename == $config['filesystem.local.access_file_name']) { @unlink($_FILES['file' . $i]['tmp_name']); $result->add("MCACCESS_ERROR", $man->encryptPath($file->getAbsolutePath()), "{#error.no_access}"); continue; } if ($file->exists() && (!isset($config["upload.overwrite"]) || $config["upload.overwrite"] == false)) { @unlink($_FILES['file' . $i]['tmp_name']); $result->add("OVERWRITE_ERROR", $man->encryptPath($file->getAbsolutePath()), "{#error.file_exists}"); continue; } if ($file->exists() && $config["upload.overwrite"] == true) { $file->delete(); } if (getClassName($file) == 'moxiecode_localfileimpl') { if (!move_uploaded_file($_FILES['file' . $i]['tmp_name'], $file->getAbsolutePath())) { $result->add("RW_ERROR", $man->encryptPath($file->getAbsolutePath()), "{#error.upload_failed}"); continue; } // Dispatch add event $file->importFile(); } else { $file->importFile($_FILES['file' . $i]['tmp_name']); } if ($file->getLength() > $maxSizeBytes) { $file->delete(); $result->add("SIZE_ERROR", $man->encryptPath($file->getAbsolutePath()), "{#error.error_to_large}"); continue; } // Verify uploaded file, if it fails delete it $status = $man->verifyFile($file, "upload"); if ($status < 0) { $file->delete(); $result->add("FILTER_ERROR", $man->encryptPath($file->getAbsolutePath()), $man->getInvalidFileMsg()); continue; } $result->add("OK", $man->encryptPath($file->getAbsolutePath()), "{#message.upload_ok}"); } else { $result->add("GENERAL_ERROR", $man->encryptPath($file->getAbsolutePath()), "{#error.upload_failed}"); } } } else { $result->add("PATH_ERROR", $man->encryptPath($path), "{#error.upload_failed}"); } return $result; } }
/** * Gets called when data is streamed/uploaded from client. This method should take care of * any uploaded files and move them to the correct location. * * @param MCManager $man MCManager reference that the plugin is assigned to. * @param string $cmd Upload command that is to be performed. * @param string $input Array of input arguments. * @return object Result object data or null if the event wasn't handled. */ function onUpload(&$man, $cmd, $input) { if ($cmd == "upload") { // Setup response $result = new Moxiecode_ResultSet("status,file,message"); $path = $man->decryptPath($input["path"]); $config = $man->getConfig(); if ($man->verifyPath($path)) { $file =& $man->getFile($path); $config = $file->getConfig(); $maxSizeBytes = preg_replace("/[^0-9]/", "", $config["upload.maxsize"]); if (strpos(strtolower($config["upload.maxsize"]), "k") > 0) { $maxSizeBytes *= 1024; } if (strpos(strtolower($config["upload.maxsize"]), "m") > 0) { $maxSizeBytes *= 1024 * 1024; } // Is chunked upload if (isset($input["chunk"])) { $filename = $input["name"]; $chunk = intval($input["chunk"]); $chunks = intval($input["chunks"]); // No access, tool disabled if (in_array("upload", explode(',', $config['general.disabled_tools'])) || !$file->canWrite() || !checkBool($config["filesystem.writable"])) { $result->add("ACCESS_ERROR", $man->encryptPath($file->getAbsolutePath()), "{#error.no_access}"); return $result; } $file =& $man->getFile($path, $filename, MC_IS_FILE); if ($man->verifyFile($file, "upload") < 0) { $result->add("ACCESS_ERROR", $man->encryptPath($file->getAbsolutePath()), $man->getInvalidFileMsg()); return $result; } // Hack attempt if ($filename == $config['filesystem.local.access_file_name']) { $result->add("MCACCESS_ERROR", $man->encryptPath($file->getAbsolutePath()), "{#error.no_access}"); return $result; } // Only peform IO when not in demo mode if (!checkBool($config['general.demo'])) { if ($chunk == 0 && $file->exists() && (!isset($config["upload.overwrite"]) || $config["upload.overwrite"] == false)) { $result->add("OVERWRITE_ERROR", $man->encryptPath($file->getAbsolutePath()), "{#error.file_exists}"); return $result; } if ($chunk == 0 && $file->exists() && $config["upload.overwrite"] == true) { $file->delete(); } // Write file $stream =& $file->open($chunk == 0 ? 'wb' : 'ab'); if ($stream) { $in = fopen("php://input", "rb"); if ($in) { while ($buff = fread($in, 4096)) { $stream->write($buff); } } $stream->close(); } // Check file size if ($file->getLength() > $maxSizeBytes) { $file->delete(); $result->add("SIZE_ERROR", $man->encryptPath($file->getAbsolutePath()), "{#error.error_to_large}"); return $result; } // Verify uploaded file, if it fails delete it $status = $man->verifyFile($file, "upload"); if ($status < 0) { $file->delete(); $result->add("FILTER_ERROR", $man->encryptPath($file->getAbsolutePath()), $man->getInvalidFileMsg()); return $result; } // Import file when all chunks are complete if ($chunk == $chunks - 1) { clearstatcache(); debug($chunk, $chunks, filesize($file->getAbsolutePath()), $chunk == 0 ? 'wb' : 'ab'); $file->importFile(); } } $result->add("OK", $man->encryptPath($file->getAbsolutePath()), "{#message.upload_ok}"); return $result; } else { // Ok lets check the files array out. for ($i = 0; isset($_FILES['file' . $i]['tmp_name']); $i++) { $filename = utf8_encode($input["name" . $i]); // Do nothing in demo mode if (checkBool($config['general.demo'])) { $result->add("DEMO_ERROR", $man->encryptPath($file->getAbsolutePath()), "{#error.demo}"); continue; } // No access, tool disabled if (in_array("upload", explode(',', $config['general.disabled_tools'])) || !$file->canWrite() || !checkBool($config["filesystem.writable"])) { $result->add("ACCESS_ERROR", $man->encryptPath($file->getAbsolutePath()), "{#error.no_access}"); continue; } // Get ext to glue back on $ext = ""; if (strpos(basename($_FILES['file' . $i]['name']), ".") > 0) { $ar = explode('.', basename($_FILES['file' . $i]['name'])); $ext = array_pop($ar); } $file =& $man->getFile($path, $filename . "." . $ext, "", MC_IS_FILE); if ($man->verifyFile($file, "upload") < 0) { $result->add("ACCESS_ERROR", $man->encryptPath($file->getAbsolutePath()), $man->getInvalidFileMsg()); continue; } $config = $file->getConfig(); if (is_uploaded_file($_FILES['file' . $i]['tmp_name'])) { // Hack attempt if ($filename == $config['filesystem.local.access_file_name']) { @unlink($_FILES['file' . $i]['tmp_name']); $result->add("MCACCESS_ERROR", $man->encryptPath($file->getAbsolutePath()), "{#error.no_access}"); continue; } if ($file->exists() && (!isset($config["upload.overwrite"]) || $config["upload.overwrite"] == false)) { @unlink($_FILES['file' . $i]['tmp_name']); $result->add("OVERWRITE_ERROR", $man->encryptPath($file->getAbsolutePath()), "{#error.file_exists}"); continue; } if ($file->exists() && $config["upload.overwrite"] == true) { $file->delete(); } if (getClassName($file) == 'moxiecode_localfileimpl') { if (!move_uploaded_file($_FILES['file' . $i]['tmp_name'], $file->getAbsolutePath())) { $result->add("RW_ERROR", $man->encryptPath($file->getAbsolutePath()), "{#error.upload_failed}"); continue; } // Dispatch add event $file->importFile(); } else { $file->importFile($_FILES['file' . $i]['tmp_name']); } if ($file->getLength() > $maxSizeBytes) { $file->delete(); $result->add("SIZE_ERROR", $man->encryptPath($file->getAbsolutePath()), "{#error.error_to_large}"); continue; } // Verify uploaded file, if it fails delete it $status = $man->verifyFile($file, "upload"); if ($status < 0) { $file->delete(); $result->add("FILTER_ERROR", $man->encryptPath($file->getAbsolutePath()), $man->getInvalidFileMsg()); continue; } $result->add("OK", $man->encryptPath($file->getAbsolutePath()), "{#message.upload_ok}"); } else { $result->add("GENERAL_ERROR", $man->encryptPath($file->getAbsolutePath()), "{#error.upload_failed}"); } } } } else { $result->add("PATH_ERROR", $man->encryptPath($path), "{#error.upload_failed}"); } return $result; } }