Exemple #1
0
/**
 * Clean a path to remove ./, ../, trailing slashes, etc.
 * 
 * This function is an alias to Rhymix\Framework\Filters\FilenameFilter::cleanPath().
 * 
 * @param string $path
 * @return string
 */
function clean_path($path)
{
    return Rhymix\Framework\Filters\FilenameFilter::cleanPath($path);
}
Exemple #2
0
 /**
  * Add an attachement
  *
  * <pre>
  * This method call trigger 'file.insertFile'.
  *
  * Before trigger object contains:
  * - module_srl
  * - upload_target_srl
  *
  * After trigger object contains:
  * - file_srl
  * - upload_target_srl
  * - module_srl
  * - direct_download
  * - source_filename
  * - uploaded_filename
  * - donwload_count
  * - file_size
  * - comment
  * - member_srl
  * - sid
  * </pre>
  *
  * @param object $file_info PHP file information array
  * @param int $module_srl Sequence of module to upload file
  * @param int $upload_target_srl Sequence of target to upload file
  * @param int $download_count Initial download count
  * @param bool $manual_insert If set true, pass validation check
  * @return Object
  */
 function insertFile($file_info, $module_srl, $upload_target_srl, $download_count = 0, $manual_insert = false)
 {
     // Call a trigger (before)
     $trigger_obj = new stdClass();
     $trigger_obj->module_srl = $module_srl;
     $trigger_obj->upload_target_srl = $upload_target_srl;
     $output = ModuleHandler::triggerCall('file.insertFile', 'before', $trigger_obj);
     if (!$output->toBool()) {
         return $output;
     }
     // A workaround for Firefox upload bug
     if (preg_match('/^=\\?UTF-8\\?B\\?(.+)\\?=$/i', $file_info['name'], $match)) {
         $file_info['name'] = base64_decode(strtr($match[1], ':', '/'));
     }
     if (!$manual_insert) {
         // Get the file configurations
         $logged_info = Context::get('logged_info');
         if ($logged_info->is_admin != 'Y') {
             $oFileModel = getModel('file');
             $config = $oFileModel->getFileConfig($module_srl);
             // check file type
             if (isset($config->allowed_filetypes) && $config->allowed_filetypes !== '*.*') {
                 $filetypes = explode(';', $config->allowed_filetypes);
                 $ext = array();
                 foreach ($filetypes as $item) {
                     $item = explode('.', $item);
                     $ext[] = strtolower($item[1]);
                 }
                 $uploaded_ext = explode('.', $file_info['name']);
                 $uploaded_ext = strtolower(array_pop($uploaded_ext));
                 if (!in_array($uploaded_ext, $ext)) {
                     return $this->stop('msg_not_allowed_filetype');
                 }
             }
             $allowed_filesize = $config->allowed_filesize * 1024 * 1024;
             $allowed_attach_size = $config->allowed_attach_size * 1024 * 1024;
             // An error appears if file size exceeds a limit
             if ($allowed_filesize < filesize($file_info['tmp_name'])) {
                 return new Object(-1, 'msg_exceeds_limit_size');
             }
             // Get total file size of all attachements (from DB)
             $size_args = new stdClass();
             $size_args->upload_target_srl = $upload_target_srl;
             $output = executeQuery('file.getAttachedFileSize', $size_args);
             $attached_size = (int) $output->data->attached_size + filesize($file_info['tmp_name']);
             if ($attached_size > $allowed_attach_size) {
                 return new Object(-1, 'msg_exceeds_limit_size');
             }
         }
     }
     // Sanitize filename
     $file_info['name'] = Rhymix\Framework\Filters\FilenameFilter::clean($file_info['name']);
     // Set upload path by checking if the attachement is an image or other kinds of file
     if (preg_match("/\\.(jpe?g|gif|png|wm[va]|mpe?g|avi|swf|flv|mp[1-4]|as[fx]|wav|midi?|moo?v|qt|r[am]{1,2}|m4v)\$/i", $file_info['name'])) {
         $path = sprintf("./files/attach/images/%s/%s", $module_srl, getNumberingPath($upload_target_srl, 3));
         // special character to '_'
         // change to random file name. because window php bug. window php is not recognize unicode character file name - by cherryfilter
         $ext = substr(strrchr($file_info['name'], '.'), 1);
         //$_filename = preg_replace('/[#$&*?+%"\']/', '_', $file_info['name']);
         $_filename = Rhymix\Framework\Security::getRandom(32, 'hex') . '.' . $ext;
         $filename = $path . $_filename;
         $idx = 1;
         while (file_exists($filename)) {
             $filename = $path . preg_replace('/\\.([a-z0-9]+)$/i', '_' . $idx . '.$1', $_filename);
             $idx++;
         }
         $direct_download = 'Y';
     } else {
         $path = sprintf("./files/attach/binaries/%s/%s", $module_srl, getNumberingPath($upload_target_srl, 3));
         $filename = $path . Rhymix\Framework\Security::getRandom(32, 'hex');
         $direct_download = 'N';
     }
     // Create a directory
     if (!Rhymix\Framework\Storage::isDirectory($path) && !Rhymix\Framework\Storage::createDirectory($path)) {
         return new Object(-1, 'msg_not_permitted_create');
     }
     // Move the file
     if ($manual_insert) {
         @copy($file_info['tmp_name'], $filename);
         if (!file_exists($filename)) {
             $filename = $path . Rhymix\Framework\Security::getRandom(32, 'hex') . '.' . $ext;
             @copy($file_info['tmp_name'], $filename);
         }
     } else {
         if (!@move_uploaded_file($file_info['tmp_name'], $filename)) {
             $filename = $path . Rhymix\Framework\Security::getRandom(32, 'hex') . '.' . $ext;
             if (!@move_uploaded_file($file_info['tmp_name'], $filename)) {
                 return new Object(-1, 'msg_file_upload_error');
             }
         }
     }
     // Get member information
     $oMemberModel = getModel('member');
     $member_srl = $oMemberModel->getLoggedMemberSrl();
     // List file information
     $args = new stdClass();
     $args->file_srl = getNextSequence();
     $args->upload_target_srl = $upload_target_srl;
     $args->module_srl = $module_srl;
     $args->direct_download = $direct_download;
     $args->source_filename = $file_info['name'];
     $args->uploaded_filename = $filename;
     $args->download_count = $download_count;
     $args->file_size = @filesize($filename);
     $args->comment = NULL;
     $args->member_srl = $member_srl;
     $args->sid = Rhymix\Framework\Security::getRandom(32, 'hex');
     $output = executeQuery('file.insertFile', $args);
     if (!$output->toBool()) {
         return $output;
     }
     // Call a trigger (after)
     ModuleHandler::triggerCall('file.insertFile', 'after', $args);
     $_SESSION['__XE_UPLOADING_FILES_INFO__'][$args->file_srl] = true;
     $output->add('file_srl', $args->file_srl);
     $output->add('file_size', $args->file_size);
     $output->add('sid', $args->sid);
     $output->add('direct_download', $args->direct_download);
     $output->add('source_filename', $args->source_filename);
     $output->add('upload_target_srl', $upload_target_srl);
     $output->add('uploaded_filename', $args->uploaded_filename);
     return $output;
 }
 /**
  * Get absolute file url
  *
  * @param string $path Path to get absolute url
  * @return string Absolute url
  */
 protected function _getAbsFileUrl($path)
 {
     $path = Rhymix\Framework\Filters\FilenameFilter::cleanPath($path);
     if (!strncmp($path, \RX_BASEDIR, strlen(\RX_BASEDIR))) {
         $path = \RX_BASEURL . substr($path, strlen(\RX_BASEDIR));
     }
     return $path;
 }