public static function decodeSecureMagic($data, $sanitizeLevel = self::SANITIZE_HTML) { xapp_import('xapp.Utils.SystemTextEncoding'); return XApp_SystemTextEncoding::fromUTF8(self::sanitizeEx(self::securePath(XApp_SystemTextEncoding::magicDequote($data)), $sanitizeLevel)); }
/** * @return array * @throws Xapp_XFile_Exception */ public function put() { xapp_import('xapp.Path.Utils'); xapp_import('xapp.Utils.SystemTextEncoding'); $vars = array_merge($_GET, $_POST); $dstIn = '/'; $mount = '/'; if (array_key_exists('dstDir', $vars)) { $dstIn = XApp_Path_Utils::decodeSecureMagic($vars['dstDir']); } if (array_key_exists('mount', $vars)) { $mount = preg_replace('@[/\\\\]@', '', XApp_Path_Utils::decodeSecureMagic($vars['mount'])); } if ($dstIn === '.') { $dstIn = '/'; } $vfs = $this->getFileSystem($mount); $destination = $vfs->toRealPath(XApp_Path_Utils::normalizePath($mount . DIRECTORY_SEPARATOR . $dstIn)); $errors = array(); if (!$this->isLocal($mount, $this->getFSResources())) { return $this->putRemote($mount, $destination); } //writable check if (!is_writable($destination)) { throw new Xapp_XFile_Exception(XAPP_TEXT_FORMATTED('DIRECTORY_NOT_WRITEABLE', array($destination), 55100)); } //parse files $fileVars = $_FILES; foreach ($fileVars as $boxName => $boxData) { if (substr($boxName, 0, 9) != "userfile_") { continue; } $err = self::parseFileDataErrors($boxData); if ($err != null) { $errorMessage = $err[1]; $errors[] = XAPP_TEXT_FORMATTED('Error with upload %s', array($errorMessage)); continue; } //basic sanitize $userfile_name = $boxData["name"]; $userfile_name = XApp_Path_Utils::sanitizeEx(XApp_SystemTextEncoding::fromPostedFileName($userfile_name), XApp_Path_Utils::SANITIZE_HTML_STRICT); $userfile_name = substr($userfile_name, 0, 128); //rename if needed! $autorename = xapp_get_option(self::AUTO_RENAME); if ($autorename) { $userfile_name = self::autoRenameForDest($destination, $userfile_name); } /*** * file extension check */ $ext = pathinfo(strtolower($userfile_name), PATHINFO_EXTENSION); $allowable = explode(',', xapp_get_option(self::UPLOAD_EXTENSIONS, $this)); if ($ext == '' || $ext == false || !in_array($ext, $allowable)) { $errors[] = XAPP_TEXT_FORMATTED('UPLOAD_EXTENSIONS_NOT_ALLOWED', array($userfile_name, $ext)); xapp_clog('file not allowed'); continue; } try { //no need anymore if (file_exists($destination . "/" . $userfile_name)) { } } catch (Exception $e) { $errorMessage = $e->getMessage(); $errors[] = XAPP_TEXT_FORMATTED('UPLOAD_UNKOWN_ERROR', array($userfile_name, $errorMessage)); break; } if (isset($boxData["input_upload"])) { try { $input = fopen("php://input", "r"); $output = fopen("{$destination}/" . $userfile_name, "w"); $sizeRead = 0; while ($sizeRead < intval($boxData["size"])) { $chunk = fread($input, 4096); $sizeRead += strlen($chunk); fwrite($output, $chunk, strlen($chunk)); } fclose($input); fclose($output); } catch (Exception $e) { $errorMessage = $e->getMessage(); $errors[] = XAPP_TEXT_FORMATTED('UPLOAD_UNKOWN_ERROR', array($userfile_name, $errorMessage)); break; } } else { $result = @move_uploaded_file($boxData["tmp_name"], "{$destination}/" . $userfile_name); if (!$result) { $realPath = $destination . DIRECTORY_SEPARATOR . $userfile_name; $result = move_uploaded_file($boxData["tmp_name"], $realPath); } if (!$result) { $errors[] = XAPP_TEXT_FORMATTED('UPLOAD_UNKOWN_ERROR', array($userfile_name)); break; } } } return $errors; }
/** * * Copies $srcDir into $dstDirectory across multiple mount points * * @param $srcDir : expects sanitized absolute directory * @param $dstDirectory : expects sanitized absolute directory, if it doesn't exists, create it! * @param array $options : [recursive (true/false) default true, timeout (seconds) default 60, overwriteModus : XAPP_XFILE_OVERWRITE_NONE | XAPP_XFILE_OVERWRITE_ALL | XAPP_XFILE_OVERWRITE_IF_SIZE_DIFFERS * @param array|string $inclusionMask : null means all, if its a string : it must compatible to a scandir query, if its a string its a regular expression * @param array|string $exclusionMask : null means all, otherwise it must compatible to a scandir query,if its a string its a regular expression * @param $error : a pointer to an array reference, please track all errors and don't abort! Check __copyOrMoveFile below how to write the error messages right! * @param $success : track all copied items here */ public function copy($selection, $dst, $options = array(), $inclusionMask = array(), $exclusionMask = array(), &$error, &$success, $mode) { if ($this->isRemoteOperation($selection[0], $dst)) { } $dstDirectory = $this->toRealPath($dst); if (file_exists($dstDirectory) && !is_writable($dstDirectory)) { throw new Xapp_XFile_Exception(XAPP_TEXT_FORMATTED('DIRECTORY_NOT_WRITEABLE', array($dstDirectory), 55100)); } foreach ($selection as $selectedFile) { $itemPath = $this->toRealPath($selectedFile); if (is_dir($itemPath)) { $dstFile = $dstDirectory . DIRECTORY_SEPARATOR . basename($itemPath); XApp_File_Utils::copyDirectory(XApp_Directory_Utils::normalizePath($itemPath, false), XApp_Directory_Utils::normalizePath($dstFile, false), array(XApp_File_Utils::OPTION_RECURSIVE => true, XApp_File_Utils::OPTION_CONFLICT_MODUS => $mode), $inclusionMask, $exclusionMask, $error, $success); } else { if (is_file($itemPath)) { $destFile = $dstDirectory . DIRECTORY_SEPARATOR . basename($itemPath); if (!is_readable($itemPath)) { $error[] = XAPP_TEXT_FORMATTED('CAN_NOT_READ_FILE', array(basename($itemPath))); continue; } // auto rename file if (file_exists($destFile)) { $base = basename($destFile); $ext = ''; $dotPos = strrpos($base, "."); if ($dotPos > -1) { $radic = substr($base, 0, $dotPos); $ext = substr($base, $dotPos); } $i = 1; $newName = $base; while (file_exists($dstDirectory . "/" . $newName)) { $suffix = "-{$i}"; if (isset($radic)) { $newName = $radic . $suffix . $ext; } else { $newName = $base . $suffix; } $i++; } $destFile = $dstDirectory . "/" . $newName; } if (!file_exists($dstDirectory)) { $error[] = XAPP_TEXT_FORMATTED('DIRECTORY_DOES_NOT_EXISTS', array(basename($dstDirectory))); continue; } try { copy($itemPath, $destFile); // Like `cp`, preserve executable permission bits @chmod($destFile, fileperms($destFile) | fileperms($itemPath) & 0111); } catch (Exception $e) { $error[] = $e->getMessage(); return $error; } $success[] = XAPP_TEXT('THE_FILE') . " " . XApp_SystemTextEncoding::toUTF8(basename($itemPath)) . " " . XAPP_TEXT('HAS_BEEN_COPIED') . " " . XApp_SystemTextEncoding::toUTF8($dst); } } } return $error; }
/** * Transform a string from current charset to utf8 * @static * @param string $filesystemElement * @param bool $test Test if it's already UTF8 or not, to avoid double-encoding * @return string */ static function toUTF8($filesystemElement, $test = true) { if ($test && XApp_SystemTextEncoding::isUtf8($filesystemElement)) { return $filesystemElement; } $enc = XApp_SystemTextEncoding::getEncoding(); return XApp_SystemTextEncoding::changeCharset($enc, "UTF-8", $filesystemElement); }