protected function transformName($name, $bForceMD5 = false, $bSkipExt = false)
{
//safe filename without path
$fileName = GetFileName($name);
$originalName = $bForceMD5 != true && COption::GetOptionString("main", "save_original_file_name", "N") == "Y";
if ($originalName) {
//transforming original name:
//transliteration
if (COption::GetOptionString("main", "translit_original_file_name", "N") == "Y") {
$fileName = CUtil::translit($fileName, LANGUAGE_ID, array("max_len" => 1024, "safe_chars" => ".", "replace_space" => '-'));
}
//replace invalid characters
if (COption::GetOptionString("main", "convert_original_file_name", "Y") == "Y") {
$io = CBXVirtualIo::GetInstance();
$fileName = $io->RandomizeInvalidFilename($fileName);
}
}
//double extension vulnerability
$fileName = RemoveScriptExtension($fileName);
//safe extention without "."
$fileExt = GetFileExtension($fileName);
if (!$originalName) {
//name is md5-generated:
$fileName = md5(uniqid("", true)) . ($bSkipExt == true ? '' : "." . $fileExt);
}
//.jpe is not image type on many systems
if ($bSkipExt == false && strtolower($fileExt) == "jpe") {
$fileName = substr($fileName, 0, -4) . ".jpg";
}
return $fileName;
}
protected function validateFile(&$strFileName, $arFile, $bForceMD5 = false)
{
$strFileName = GetFileName($arFile["name"]);
//File is going to be deleted
if (isset($arFile["del"]) && $arFile["del"] != "") {
//There is no new file as replacement
if ($strFileName == "") {
return "";
}
}
if ($arFile["name"] == "") {
return "";
}
if (COption::GetOptionInt("main", "disk_space") > 0) {
$quota = new CDiskQuota();
if (!$quota->checkDiskQuota($arFile)) {
return GetMessage("FILE_BAD_QUOTA");
}
}
$io = CBXVirtualIo::GetInstance();
if ($bForceMD5 != true && COption::GetOptionString("main", "save_original_file_name", "N") == "Y") {
if (COption::GetOptionString("main", "translit_original_file_name", "N") == "Y") {
$strFileName = CUtil::translit($strFileName, LANGUAGE_ID, array("max_len" => 1024, "safe_chars" => ".", "replace_space" => '-'));
}
if (COption::GetOptionString("main", "convert_original_file_name", "Y") == "Y") {
$strFileName = $io->RandomizeInvalidFilename($strFileName);
}
}
if (!$io->ValidateFilenameString($strFileName)) {
return GetMessage("MAIN_BAD_FILENAME1");
}
//check for double extension vulnerability
$strFileName = RemoveScriptExtension($strFileName);
if ($strFileName == '') {
return GetMessage("FILE_BAD_FILENAME");
}
if (strlen($strFileName) > 255) {
return GetMessage("MAIN_BAD_FILENAME_LEN");
}
//check .htaccess etc.
if (IsFileUnsafe($strFileName)) {
return GetMessage("FILE_BAD_TYPE");
}
//nginx returns octet-stream for .jpg
if (GetFileNameWithoutExtension($strFileName) == '') {
return GetMessage("FILE_BAD_FILENAME");
}
return "";
}
public function __construct($pzipname)
{
$this->io = CBXVirtualIo::GetInstance();
//protecting against creating malicious php file with gzdeflate
$pzipname = GetDirPath($this->_convertWinPath($pzipname, false)) . $this->io->RandomizeInvalidFilename(GetFileName($pzipname));
if (HasScriptExtension($pzipname)) {
$pzipname = RemoveScriptExtension($pzipname) . ".zip";
}
$this->zipname = $pzipname;
$this->step_time = 30;
$this->arPackedFiles = array();
$this->_errorReset();
$this->fileSystemEncoding = $this->_getfileSystemEncoding();
self::$bMbstring = extension_loaded("mbstring");
return;
}
$arLang[$res["LID"]] = $res;
$arLangTitle["reference_id"][] = $res["LID"];
$arLangTitle["reference"][] = htmlspecialcharsbx($res["NAME"]);
}
$bInitVars = false;
/********************************************************************
/Input params
********************************************************************/
$APPLICATION->SetTitle($ID > 0 ? GetMessage("FORUM_EDIT_RECORD", array("#ID#" => $ID)) : GetMessage("FORUM_NEW_RECORD"));
/********************************************************************
Action
********************************************************************/
$fileName = '';
if ($REQUEST_METHOD == "POST" && $forumPermissions >= "W" && (strlen($save) > 0 || strlen($apply) > 0)) {
if (isset($_FILES["IMAGE"]["name"])) {
$fileName = RemoveScriptExtension($_FILES["IMAGE"]["name"]);
}
if (!check_bitrix_sessid()) {
$arError[] = array("id" => "bad_sessid", "text" => GetMessage("ERROR_BAD_SESSID"));
} elseif ($ID > 0 && !CForumNew::CanUserUpdateForum($ID, $USER->GetUserGroupArray(), $USER->GetID())) {
$arError[] = array("id" => "not_right_for_edit", "text" => GetMessage("FE_NO_PERMS2UPDATE"));
} elseif ($ID <= 0 && !CForumNew::CanUserAddForum($USER->GetUserGroupArray(), $USER->GetID())) {
$arError[] = array("id" => "not_right_for_add", "text" => GetMessage("FE_NO_PERMS2ADD"));
} elseif (!empty($_FILES["IMAGE"]["tmp_name"])) {
$sUploadDir = $_SERVER["DOCUMENT_ROOT"] . BX_ROOT . "/images/forum/" . ($_REQUEST["TYPE"] == "I" ? "icon" : "smile") . "/";
CheckDirPath($sUploadDir);
$arSmile = $ID > 0 ? CForumSmile::GetByID($ID) : $arSmile;
$res = CFile::CheckImageFile($_FILES["IMAGE"], COption::GetOptionString("forum", "file_max_size", 50000), 0, 0);
if (strLen($res) > 0) {
$arError[] = array("id" => "IMAGE", "text" => $res);
} elseif (file_exists($sUploadDir . $fileName) && !(isset($arSmile["IMAGE"]) && $arSmile["IMAGE"] != $fileName)) {
public static function OnFileSave(&$arFile, $strFileName, $strSavePath, $bForceMD5 = false, $bSkipExt = false)
{
if (!$arFile["tmp_name"] && !array_key_exists("content", $arFile)) {
return false;
}
if (array_key_exists("bucket", $arFile)) {
$bucket = $arFile["bucket"];
} else {
$bucket = CCloudStorage::FindBucketForFile($arFile, $strFileName);
}
if (!is_object($bucket)) {
return false;
}
if (!$bucket->Init()) {
return false;
}
$copySize = false;
$subDir = "";
$filePath = "";
if (array_key_exists("content", $arFile)) {
$arFile["tmp_name"] = CTempFile::GetFileName($arFile["name"]);
CheckDirPath($arFile["tmp_name"]);
$fp = fopen($arFile["tmp_name"], "ab");
if ($fp) {
fwrite($fp, $arFile["content"]);
fclose($fp);
}
}
if (array_key_exists("bucket", $arFile)) {
$newName = bx_basename($arFile["tmp_name"]);
$prefix = $bucket->GetFileSRC("/");
$subDir = substr($arFile["tmp_name"], strlen($prefix));
$subDir = substr($subDir, 0, -strlen($newName) - 1);
} else {
if ($bForceMD5 != true && COption::GetOptionString("main", "save_original_file_name", "N") == "Y") {
if (COption::GetOptionString("main", "convert_original_file_name", "Y") == "Y") {
$newName = CCloudStorage::translit($strFileName);
} else {
$newName = $strFileName;
}
} else {
$strFileExt = $bSkipExt == true ? '' : strrchr($strFileName, ".");
$newName = md5(uniqid(mt_rand(), true)) . $strFileExt;
}
//check for double extension vulnerability
$newName = RemoveScriptExtension($newName);
while (true) {
$strRand = md5(mt_rand());
$strRand = substr($strRand, 0, 3) . "/" . $strRand;
if (substr($strSavePath, -1) == "/") {
$subDir = $strSavePath . $strRand;
} else {
$subDir = $strSavePath . "/" . $strRand;
}
$subDir = ltrim($subDir, "/");
$filePath = "/" . $subDir . "/" . $newName;
if (!$bucket->FileExists($filePath)) {
break;
}
}
$targetPath = $bucket->GetFileSRC("/");
if (strpos($arFile["tmp_name"], $targetPath) === 0) {
$arDbFile = array("SUBDIR" => "", "FILE_NAME" => substr($arFile["tmp_name"], strlen($targetPath)), "CONTENT_TYPE" => $arFile["type"]);
$copyPath = $bucket->FileCopy($arDbFile, $filePath);
if (!$copyPath) {
return false;
}
$copySize = $bucket->GetFileSize("/" . urldecode(substr($copyPath, strlen($targetPath))));
} else {
$imgArray = CFile::GetImageSize($arFile["tmp_name"], true, false);
if (is_array($imgArray) && $imgArray[2] == IMAGETYPE_JPEG) {
$exifData = CFile::ExtractImageExif($arFile["tmp_name"]);
if ($exifData && isset($exifData['Orientation'])) {
$properlyOriented = CFile::ImageHandleOrientation($exifData['Orientation'], $arFile["tmp_name"]);
if ($properlyOriented) {
$jpgQuality = intval(COption::GetOptionString('main', 'image_resize_quality', '95'));
if ($jpgQuality <= 0 || $jpgQuality > 100) {
$jpgQuality = 95;
}
imagejpeg($properlyOriented, $arFile["tmp_name"], $jpgQuality);
}
}
}
if (!$bucket->SaveFile($filePath, $arFile)) {
return false;
}
}
}
$arFile["HANDLER_ID"] = $bucket->ID;
$arFile["SUBDIR"] = $subDir;
$arFile["FILE_NAME"] = $newName;
$arFile["WIDTH"] = 0;
$arFile["HEIGHT"] = 0;
if (array_key_exists("bucket", $arFile)) {
$arFile["WIDTH"] = $arFile["width"];
$arFile["HEIGHT"] = $arFile["height"];
$arFile["size"] = $arFile["file_size"];
} elseif ($copySize !== false) {
$arFile["size"] = $copySize;
$bucket->IncFileCounter($copySize);
} else {
$bucket->IncFileCounter(filesize($arFile["tmp_name"]));
$flashEnabled = !CFile::IsImage($arFile["ORIGINAL_NAME"], $arFile["type"]);
$imgArray = CFile::GetImageSize($arFile["tmp_name"], true, $flashEnabled);
if (is_array($imgArray)) {
$arFile["WIDTH"] = $imgArray[0];
$arFile["HEIGHT"] = $imgArray[1];
}
}
if (isset($arFile["old_file"])) {
CFile::DoDelete($arFile["old_file"]);
}
return true;
}
public static function Request($action, $site)
{
global $USER;
if (!$USER->CanDoOperation('fileman_view_file_structure')) {
return;
}
$io = CBXVirtualIo::GetInstance();
CUtil::JSPostUnescape();
switch ($action) {
case "count":
case "search":
case "replace":
$oSearch = new CFilemanSearch();
$oSearch->Init(array('lastPath' => isset($_POST['last_path']) ? $_POST['last_path'] : false, 'bCount' => $action == "count", 'bReplace' => $action == "replace", "fileName" => trim($_POST['file']), "phrase" => trim($_POST['phrase']), "replacePhrase" => trim($_POST['replace_phrase']), "dir" => CFilemanUtils::NormalizePath($_POST['dir']), "bSubdir" => $_POST['subdir'], "dateFrom" => $_POST['date_from'], "dateTo" => $_POST['date_to'], "sizeFrom" => intVal($_POST['size_from']), "sizeTo" => intVal($_POST['size_to']), "entire" => $_POST['entire'], "bCaseSens" => $_POST['case_sens'], "bDirsToo" => $_POST['dirs_too'], "ssess" => $_POST['ssess'], "bInResult" => $_POST['in_result'], "site" => CFileMan::__CheckSite($_GET['fu_site'])));
CFileMan::SaveLastPath(CFilemanUtils::NormalizePath($_POST['dir']));
break;
case "clean_old":
CFilemanSearch::CleanOldSearchResult();
break;
case "search_save_config":
CFilemanSearch::SaveConfig(array("advMode" => (bool) $_POST['adv_mode'], "bSubdir" => (bool) $_POST['subdir'], "entire" => (bool) $_POST['entire'], "bCaseSens" => (bool) $_POST['case_sens'], "bDirsToo" => (bool) $_POST['dirs_too']));
break;
case "copy_save_config":
CFilemanCopy::SaveConfig(array("advMode" => (bool) $_POST['adv_mode'], "caseOption" => $_POST['case_option']));
break;
case "copy":
case "move":
$oCopy = new CFilemanCopy();
$oCopy->Init(array("bCopy" => $action == "copy", "caseOption" => $_POST['case_option'], "arFiles" => $_POST['files'], "copyTo" => $_POST['copy_to'], "createCopyTo" => $_POST['create_copy_to'] == "Y", "userCaseAnswer" => isset($_POST['uc_answer']) ? $_POST['uc_answer'] : false, "userCaseToAll" => isset($_POST['uc_to_all']) ? $_POST['uc_to_all'] : false, "userCaseLastPath" => isset($_POST['uc_last_path']) ? $_POST['uc_last_path'] : false, "bSearch" => $_POST['search'] == "Y", "ssess" => $_POST['ssess'], "siteTo" => CFileMan::__CheckSite($_GET['fu_site'])));
CFileMan::SaveLastPath($_POST['copy_to']);
break;
case "get_last_pathes":
?>
<script>window.bx_last_pathes = <?php
echo CUtil::PhpToJSObject(CFilemanUtils::GetLastPathes());
?>
;</script>
<?php
break;
case "pack":
if (isset($_POST["startFile"])) {
$startFile = trim($_POST["startFile"]);
}
if (isset($_POST["quickPath"])) {
$quickPath = trim($_POST["quickPath"]);
}
if (isset($_POST["packTo"])) {
if (substr($_POST["packTo"], 0, 1) == "/") {
$pack_to = $_POST["packTo"];
} else {
$pack_to = "/" . $_POST["packTo"];
}
}
$siteTo = CFileMan::__CheckSite($_POST['siteTo']);
$docRootTo = CSite::GetSiteDocRoot($siteTo) ? CSite::GetSiteDocRoot($siteTo) : '';
$siteFrom = CFileMan::__CheckSite($site);
$docRootFrom = CSite::GetSiteDocRoot($siteFrom);
if (!$USER->IsAdmin()) {
$pack_to = RemoveScriptExtension($pack_to);
}
//check writing permissions
if (!$USER->CanDoFileOperation('fm_create_new_file', array($siteTo, $pack_to))) {
?>
<script>
window.BXFM_archivePermsError = true;
</script>
<?php
return;
}
if (IsFileUnsafe($docRootTo . $pack_to) || CFileMan::CheckFileName(GetFileName($pack_to)) !== true) {
?>
<script>
window.BXFM_archiveFNameError = true;
</script>
<?php
return;
}
//ask if the file already exists
if (file_exists($io->GetPhysicalName($docRootTo . $pack_to))) {
if (empty($startFile)) {
if ($_POST["bPackReplace"] != "replace") {
?>
<script>
window.BXFM_archiveExists = {
fileOld:
{
name: "<?php
echo CUtil::JSEscape(basename($pack_to));
?>
",
path: "<?php
echo CUtil::JSEscape($pack_to);
?>
",
site: "<?php
echo CUtil::JSEscape($siteTo);
?>
",
size: "<?php
echo CFile::FormatSize(filesize($io->GetPhysicalName($docRootTo . $pack_to)));
?>
",
date: "<?php
echo date(CDatabase::DateFormatToPHP(CLang::GetDateFormat('FULL')), filemtime($io->GetPhysicalName($docRootTo . $pack_to)) + CTimeZone::GetOffset());
?>
"
}
};
</script>
<?php
return;
}
}
}
$packarc = CBXArchive::GetArchive($docRootTo . $pack_to, trim($_POST['arcType']));
if ($packarc instanceof IBXArchive) {
//this set of options is common for every archive type
$packarc->SetOptions(array("COMPRESS" => true, "STEP_TIME" => COption::GetOptionString("fileman", "archive_step_time", 30), "ADD_PATH" => false, "REMOVE_PATH" => $docRootFrom . $quickPath, "CHECK_PERMISSIONS" => $USER->IsAdmin() ? false : true));
$arPackFiles = array();
foreach ($_POST["files"] as $path2file) {
$arPackFiles[] = $docRootFrom . $path2file['path'];
}
@set_time_limit(0);
$pRes = $packarc->Pack($arPackFiles, $startFile);
switch ($pRes) {
case IBXArchive::StatusContinue:
?>
<script>
window.fmPackTimeout = true;
window.fmPackLastFile = '<?php
echo CUtil::JSEscape($packarc->GetStartFile());
?>
';
</script>
<?php
break;
case IBXArchive::StatusSuccess:
?>
<script>
window.fmPackTimeout = false;
window.fmPackLastFile = '';
window.fmPackSuccess = true;
</script>
<?php
break;
case IBXArchive::StatusError:
$arErrors = $packarc->GetErrors();
?>
<script>
window.fmPackTimeout = false;
window.fmPackSuccess = false;
window.fmPackErrors = <?php
echo CUtil::PhpToJSObject($arErrors);
?>
;
</script>
<?php
break;
}
} else {
?>
<script>
window.fmPackSuccess = false;
window.fmPackErrors = <?php
echo CUtil::PhpToJsObject(GetMessage("FM_UTIL_ARC_ERROR"));
?>
;
</script>
<?php
}
break;
case "unpack":
global $USER;
if (isset($_POST["packTo"])) {
if (substr($_POST["packTo"], 0, 1) == "/") {
$pack_to = $_POST["packTo"];
} else {
$pack_to = "/" . $_POST["packTo"];
}
}
$siteFrom = CFileMan::__CheckSite($_GET['site']);
$siteTo = CFileMan::__CheckSite($_POST['siteTo']);
$docRootFrom = CSite::GetSiteDocRoot($siteFrom);
$docRootTo = CSite::GetSiteDocRoot($siteTo);
if (!($USER->CanDoFileOperation('fm_create_new_file', array($siteTo, $_POST["packTo"])) || $USER->CanDoFileOperation('fm_create_new_folder', array($siteTo, $_POST["packTo"])))) {
?>
<script>
window.BXFM_archivePermsError = true;
</script>
<?php
return;
}
$bReplaceFiles = $_POST["case_option"] == "replace" ? true : false;
$arc = CBXArchive::GetArchive($docRootFrom . $_POST["files"][0]);
if ($arc instanceof IBXArchive) {
global $USER;
$arc->SetOptions(array("REMOVE_PATH" => $docRootFrom, "UNPACK_REPLACE" => $bReplaceFiles, "CHECK_PERMISSIONS" => $USER->IsAdmin() ? false : true));
$uRes = $arc->Unpack($docRootTo . $pack_to);
if (!$uRes) {
$uErrors = $arc->GetErrors();
?>
<script>
window.fmUnpackSuccess = false;
window.fmUnpackErrors = <?php
echo CUtil::PhpToJSObject($uErrors);
?>
</script>
<?php
} else {
?>
<script>
window.fmUnpackSuccess = true;
</script>
<?php
}
} else {
?>
<script>
window.fmUnpackSuccess = false;
window.fmUnpackErrors = <?php
echo CUtil::PhpToJsObject(GetMessage("FM_UTIL_ARC_ERROR"));
?>
;
</script>
<?php
}
break;
}
}
function OnFileSave(&$arFile, $strFileName, $strSavePath, $bForceMD5 = false, $bSkipExt = false)
{
if(!$arFile["tmp_name"] && !$arFile["content"])
return false;
if(array_key_exists("bucket", $arFile))
$bucket = $arFile["bucket"];
else
$bucket = CCloudStorage::FindBucketForFile($arFile, $strFileName);
if(!is_object($bucket))
return false;
if(!$bucket->Init())
return false;
if(array_key_exists("bucket", $arFile))
{
$newName = bx_basename($arFile["tmp_name"]);
$prefix = $bucket->GetFileSRC("/");
$subDir = substr($arFile["tmp_name"], strlen($prefix));
$subDir = substr($subDir, 0, -strlen($newName)-1);
}
else
{
if(
$bForceMD5 != true
&& COption::GetOptionString("main", "save_original_file_name", "N")=="Y"
)
{
if(COption::GetOptionString("main", "convert_original_file_name", "Y")=="Y")
$newName = CCloudStorage::translit($strFileName);
else
$newName = $strFileName;
}
else
{
$strFileExt = ($bSkipExt == true? '' : strrchr($strFileName, "."));
$newName = md5(uniqid(mt_rand(), true)).$strFileExt;
}
//check for double extension vulnerability
$newName = RemoveScriptExtension($newName);
while(true)
{
$strRand = md5(mt_rand());
$strRand = substr($strRand, 0, 3)."/".$strRand;
if(substr($strSavePath, -1) == "/")
$subDir = $strSavePath.$strRand;
else
$subDir = $strSavePath."/".$strRand;
$subDir = ltrim($subDir, "/");
$filePath = "/".$subDir."/".$newName;
if(!$bucket->FileExists($filePath))
break;
}
if(!$bucket->SaveFile($filePath, $arFile))
return false;
}
$arFile["HANDLER_ID"] = $bucket->ID;
$arFile["SUBDIR"] = $subDir;
$arFile["FILE_NAME"] = $newName;
$arFile["WIDTH"] = 0;
$arFile["HEIGHT"] = 0;
if(array_key_exists("bucket", $arFile))
{
$arFile["WIDTH"] = $arFile["width"];
$arFile["HEIGHT"] = $arFile["height"];
$arFile["size"] = $arFile["file_size"];
}
elseif(array_key_exists("content", $arFile))
{
$tmp_name = tempnam();
$fp = fopen($tmp_name, "ab");
if($fp)
{
if(fwrite($fp, $arFile["content"]))
{
$bucket->IncFileCounter(filesize($tmp_name));
$imgArray = CFile::GetImageSize($tmp_name);
if(is_array($imgArray))
{
$arFile["WIDTH"] = $imgArray[0];
$arFile["HEIGHT"] = $imgArray[1];
}
}
fclose($fp);
unlink($tmp_name);
}
}
else
{
$bucket->IncFileCounter(filesize($arFile["tmp_name"]));
$imgArray = CFile::GetImageSize($arFile["tmp_name"]);
if(is_array($imgArray))
{
$arFile["WIDTH"] = $imgArray[0];
$arFile["HEIGHT"] = $imgArray[1];
}
}
if(isset($arFile["old_file"]))
CFile::DoDelete($arFile["old_file"]);
return true;
}
function CheckImageFile($arFile, $iMaxSize=0, $iMaxWidth=0, $iMaxHeight=0, $access_typies=array())
{
if(strlen($arFile["name"])<=0)
return "";
if(GetFileNameWithoutExtension(RemoveScriptExtension($arFile["name"])) == '')
return GetMessage("FILE_BAD_FILENAME");
$file_type = GetFileType($arFile["name"]);
// если тип файла не входит в массив допустимых типов то
// присваиваем ему тип IMAGE по умолчанию
if(!in_array($file_type, $access_typies))
$file_type = "IMAGE";
switch ($file_type)
{
case "FLASH":
$res = CFile::CheckFile($arFile, $iMaxSize, "application/x-shockwave-flash", CFile::GetFlashExtensions());
break;
default:
$res = CFile::CheckFile($arFile, $iMaxSize, "image/", CFile::GetImageExtensions());
}
if(strlen($res)>0)
return $res;
$imgArray = CFile::GetImageSize($arFile["tmp_name"]);
if(is_array($imgArray))
{
$intWIDTH = $imgArray[0];
$intHEIGHT = $imgArray[1];
}
else
return GetMessage("FILE_BAD_FILE_TYPE").".<br>";
//проверка на максимальный размер картинки (ширина/высота)
if($iMaxWidth > 0 && ($intWIDTH > $iMaxWidth || $intWIDTH == 0) || $iMaxHeight > 0 && ($intHEIGHT > $iMaxHeight || $intHEIGHT == 0))
return GetMessage("FILE_BAD_MAX_RESOLUTION")." (".$iMaxWidth." * ".$iMaxHeight." ".GetMessage("main_include_dots").").<br>";
return null;
}
