public function getImage() { //filemanger library for file type error include 'include/mime_type_lib.php'; $this->data = $this->load->language('filemanager/filemanager'); $this->load->model('tool/image'); $json = array(); if ($this->request->server['HTTPS']) { $server = HTTPS_CATALOG; } else { $server = HTTP_CATALOG; } $filename = basename(html_entity_decode($this->request->get['image_url'], ENT_QUOTES, 'UTF-8')); // Validate the filename length if (utf8_strlen($filename) < 3 || utf8_strlen($filename) > 255) { $json['error'] = $this->data['error_filename']; } // Allowed file extension types $allowed = array('jpg', 'jpeg', 'png', 'gif', 'bmp', 'tiff', 'svg'); if (!in_array(utf8_strtolower(utf8_substr(strrchr($filename, '.'), 1)), $allowed)) { $json['error'] = $this->data['error_file_type']; } $filetype = get_file_mime_type($filename); // Allowed file mime types $allowed = array('image/jpeg', 'image/pjpeg', 'image/png', 'image/x-png', 'image/gif'); if (!in_array($filetype, $allowed)) { $json['error'] = $this->data['error_file_type']; } if (!$json && $this->request->get['image_url']) { $json = array('thumb' => $this->model_tool_image->resize(utf8_substr($this->request->get['image_url'], utf8_strlen($server . 'image/')), 100, 100), 'path' => utf8_substr($this->request->get['image_url'], utf8_strlen($server . 'image/')), 'href' => $this->request->get['image_url']); } $this->response->addHeader('Content-Type: application/json'); $this->response->setOutput(json_encode($json)); }
include 'config/config.php'; if ($_SESSION['RF']["verify"] != "RESPONSIVEfilemanager") { die('forbiden'); } include 'include/utils.php'; include 'include/mime_type_lib.php'; if (strpos($_POST['path'], '/') === 0 || strpos($_POST['path'], '../') !== FALSE || strpos($_POST['path'], './') === 0) { die('wrong path'); } if (strpos($_POST['name'], '/') !== FALSE) { die('wrong path'); } $path = $current_path . $_POST['path']; $name = $_POST['name']; $info = pathinfo($name); if (!in_array(fix_strtolower($info['extension']), $ext)) { die('wrong extension'); } $img_size = (string) filesize($path . $name); // Get the image size as string $mime_type = get_file_mime_type($name); // Get the correct MIME type depending on the file. header('Pragma: private'); header('Cache-control: private, must-revalidate'); header("Content-Type: " . $mime_type); // Set the correct MIME type header("Content-Length: " . $img_size); header('Content-Disposition: attachment; filename="' . $name . '"'); readfile($path . $name); exit;
$max_cycles = 50; $i = 0; while ($cycle && $i < $max_cycles) { $i++; if ($path == $current_path) { $cycle = FALSE; } if (file_exists($path . "config.php")) { require_once $path . "config.php"; $cycle = FALSE; } $path = fix_dirname($path) . '/'; } if (!empty($_FILES)) { $info = pathinfo($_FILES['file']['name']); $mime_type = get_file_mime_type($_FILES['file']['tmp_name']); $extension = get_extension_from_mime($mime_type); if ($extension === '' || $extension == 'so') { $extension = $info['extension']; } if (in_array(fix_strtolower($extension), $ext)) { $tempFile = $_FILES['file']['tmp_name']; $targetPath = $storeFolder; $targetPathThumb = $storeFolderThumb; $_FILES['file']['name'] = fix_filename($info['filename'] . "." . $extension, $transliteration, $convert_spaces, $replace_with); // LowerCase if ($lower_case) { $_FILES['file']['name'] = fix_strtolower($_FILES['file']['name']); } // Gen. new file name if exists if (file_exists($targetPath . $_FILES['file']['name'])) {
/** * Recursively scans a directory for text files (HTML and text only) and returns * the result as an array. * * DEPRECATED. WILL BE REMOVED IN 6.7 -rgonzalez * * @deprecated * @param $the_dir * @param $the_array * @return mixed */ function findTextFiles($the_dir, $the_array) { if (!is_dir($the_dir)) { return $the_array; } $d = dir($the_dir); while (false !== ($f = $d->read())) { if ($f == "." || $f == "..") { continue; } if (is_dir("{$the_dir}/{$f}")) { // i think depth first is ok, given our cvs repo structure -Bob. $the_array = findTextFiles("{$the_dir}/{$f}", $the_array); } else { $mime = get_file_mime_type("{$the_dir}/{$f}"); switch ($mime) { // we take action on these cases case "text/html": case "text/plain": array_push($the_array, "{$the_dir}/{$f}"); break; // we consciously skip these types // we consciously skip these types case "application/pdf": case "application/x-zip": case "image/gif": case "image/jpeg": case "image/png": case "text/rtf": break; default: $GLOBALS['log']->info("no type handler for {$the_dir}/{$f} with get_file_mime_type: {$mime}\n"); } } } return $the_array; }
} include 'include/utils.php'; include 'include/mime_type_lib.php'; if (strpos($_POST['path'], '/') === 0 || strpos($_POST['path'], '../') !== FALSE || strpos($_POST['path'], './') === 0) { die('wrong path'); } if (strpos($_POST['name'], '/') !== FALSE) { die('wrong path'); } $path = $current_path . $_POST['path']; $name = $_POST['name']; $info = pathinfo($name); if (!in_array(fix_strtolower($info['extension']), $ext)) { die('wrong extension'); } $pdo = new PDO("mysql:dbname={$dbname};host={$host}", $user, $password); $fm = new fileMgr($pdo); $img_size = (string) filesize($path . $name); // Get the image size as string $mime_type = get_file_mime_type($path . $name); // Get the correct MIME type depending on the file. header('Pragma: private'); header('Cache-control: private, must-revalidate'); header("Content-Type: " . $mime_type); // Set the correct MIME type header("Content-Length: " . $img_size); header('Content-Disposition: attachment; filename="' . $name . '"'); readfile($path . $name); $mysqlPath = $fm->getFidByPath($path . $name); $fm->download($mysqlPath['fid'], $_SESSION['uuid']); exit;
/** * Moves temporary files associated with the bean from the temporary folder * to the upload folder. * * @param array $args The request arguments. * @param SugarBean $bean The bean associated with the file. * @throws SugarApiExceptionInvalidParameter If the file mime types differ * from $imageFileMimeTypes. */ protected function moveTemporaryFiles($args, SugarBean $bean) { require_once 'include/upload_file.php'; require_once 'include/SugarFields/SugarFieldHandler.php'; $fileFields = $bean->getFieldDefinitions('type', array('file', 'image')); $sfh = new SugarFieldHandler(); // FIXME This path should be changed with BR-1955. $basepath = UploadStream::path('upload://tmp/'); $configDir = SugarConfig::getInstance()->get('upload_dir', 'upload'); foreach ($fileFields as $fieldName => $def) { if (empty($args[$fieldName . '_guid'])) { continue; } $this->verifyFieldAccess($bean, $fieldName); $filepath = $basepath . $args[$fieldName . '_guid']; if (!is_file($filepath)) { continue; } if ($def['type'] === 'image') { $filename = $args[$fieldName . '_guid']; $bean->{$fieldName} = $filename; } else { // FIXME Image verification and mime type updating // should not be duplicated from SugarFieldFile. // SC-3338 is tracking this. require_once 'include/utils/file_utils.php'; $filename = $bean->id; $mimeType = get_file_mime_type($filepath, 'application/octet-stream'); $sf = $sfh->getSugarField($def['type']); $extension = pathinfo($fieldName, PATHINFO_EXTENSION); if (in_array($mimeType, $sf::$imageFileMimeTypes) && !verify_image_file($filepath)) { throw new SugarApiExceptionInvalidParameter(string_format($GLOBALS['app_strings']['LBL_UPLOAD_IMAGE_FILE_NOT_SUPPORTED'], array($extension))); } $bean->file_mime_type = $mimeType; $bean->file_ext = $extension; } $destination = rtrim($configDir, '/\\') . '/' . $filename; // FIXME BR-1956 will address having multiple files // associated with a record. rename($filepath, $destination); } }
if (!in_array(fix_strtolower($info['extension']), $ext)) { response(trans('wrong extension' . AddErrorLocation()), 400)->send(); exit; } if (!file_exists($path . $name)) { response(trans('File_Not_Found' . AddErrorLocation()), 404)->send(); exit; } $file_name = $info['basename']; $file_ext = $info['extension']; $file_path = $path . $name; // make sure the file exists if (is_file($file_path) && is_readable($file_path)) { $size = filesize($file_path); $file_name = rawurldecode($file_name); $mime_type = get_file_mime_type($file_path); @ob_end_clean(); if (ini_get('zlib.output_compression')) { ini_set('zlib.output_compression', 'Off'); } header('Content-Type: ' . $mime_type); header('Content-Disposition: attachment; filename="' . $file_name . '"'); header("Content-Transfer-Encoding: binary"); header('Accept-Ranges: bytes'); if (isset($_SERVER['HTTP_RANGE'])) { list($a, $range) = explode("=", $_SERVER['HTTP_RANGE'], 2); list($range) = explode(",", $range, 2); list($range, $range_end) = explode("-", $range); $range = intval($range); if (!$range_end) { $range_end = $size - 1;
/** * Gets the mime type of a file * * @param string $filename Path to the file * @return string|false The string mime type or false if the file does not exist */ public function getMimeType($filename) { return get_file_mime_type($filename); }
/** * Get MIME type for uploaded file * @param array $_FILES_element $_FILES element required * @return string MIME type */ function getMime($_FILES_element) { $filename = $_FILES_element['name']; $file_ext = pathinfo($filename, PATHINFO_EXTENSION); //If no file extension is available and the mime is octet-stream try to determine the mime type. $recheckMime = empty($file_ext) && !empty($_FILES_element['type']) && $_FILES_element['type'] == 'application/octet-stream'; if (!empty($_FILES_element['type']) && !$recheckMime) { $mime = $_FILES_element['type']; } else { // Try to get the mime type, using application/octet-stream as a default $mime = get_file_mime_type($_FILES_element['tmp_name'], 'application/octet-stream'); } return $mime; }
/** * TAG_TODO: написать очень, очень подробный комментарий сюда * */ function send_email($mailer, $from, $to, $subject, $body, $headers = array(), $attachments = array(), $server_params = null) { logthis('[send_email] : sending email "' . $subject . '" from "' . $from . '" to "' . $to . '"'); // extract emails if (!preg_match('~[a-zA-Z0-9.\\-]+@[a-zA-Z0-9.\\-]+~', $to, $mail_addresses)) { logthis('[send_email] : no addresses found!', ZLogger::LOG_LEVEL_ERROR); return false; } // $to may contain such structure: Julia (julia@example.com). Round brackets should be replaced with angle brackets $to = preg_replace('~[\\<\\[\\(]*([a-zA-Z0-9.\\-]+@[a-zA-Z0-9.\\-]+)[\\>\\]\\)]*~', '<$1>', $to); // encoding data for mail_mime $encoding_parameters = array('head_encoding' => 'base64', 'text_encoding' => 'base64', 'html_encoding' => 'base64', 'head_charset' => 'utf-8', 'text_charset' => 'utf-8', 'html_charset' => 'utf-8'); // add some important headers $headers_primary = array('From' => $from, 'To' => $to, 'Subject' => $subject); $headers = array_merge($headers_primary, $headers); // create mail body generator $mime = new Mail_mime($encoding_parameters); // by default, no text part $mime->setTXTBody(''); $alarm = 0; // replace image links with attached images if ($image_count = preg_match_all('~<img[^>]+src="(?!cid:)([^"]+)"[^>]*>~', $body, $img_data)) { for ($img_index = 0; $img_index < $image_count; $img_index++) { // generate new CID $cid = strtolower(str_replace('-', '', create_guid())); // image full CID, must contain sender domain to be displayed inline instead as attachment $cid_full = $cid . '@' . preg_replace('~[^@]*@~', '', $from); // add image $mime->addHTMLImage($img_data[1][$img_index], get_file_mime_type($img_data[1][$img_index]), '', true, $cid); // replace local image link to inline $new_image_link = str_replace($img_data[1][$img_index], 'cid:' . $cid_full, $img_data[0][$img_index]); // new image link $body = str_replace($img_data[0][$img_index], $new_image_link, $body); } } // ok, HTML part is ready now $mime->setHTMLBody($body); // add attachments foreach ($attachments as $attachment) { $attachment_filename = $attachment['filename']; $attachment_realname = $attachment['realname']; $mime->addAttachment($attachment_filename, get_file_mime_type($attachment_filename), $attachment_realname, true, 'base64', 'attachment', '', '', '', 'base64', 'utf-8', '', 'utf-8'); } // generate final headers $headers_ready = $mime->headers($headers); // get full message body $body_ready = $mime->get(); // now send $mail_result = $mailer->send($mail_addresses, $headers_ready, $body_ready); // free mem as messages are big unset($mime); // log result if ($mail_result === true) { logthis('[send_email] : ok'); } else { logthis('[send_email] : failed mailing to ' . $to . ' : ' . $mail_result->getMessage(), ZLogger::LOG_LEVEL_ERROR); } return $mail_result; }
function force_download() { include FMPATH . 'config/config.php'; if ($_SESSION['RF']["verify"] != "RESPONSIVEfilemanager") { die('forbiden'); } include FMPATH . 'include/utils.php'; include FMPATH . 'include/mime_type_lib.php'; if (strpos($_POST['path'], '/') === 0 || strpos($_POST['path'], '../') !== FALSE || strpos($_POST['path'], './') === 0) { die('wrong path'); } if (strpos($_POST['name'], '/') !== FALSE) { die('wrong path'); } $path = $current_path . $_POST['path']; $name = $_POST['name']; $info = pathinfo($name); if (!in_array(fix_strtolower($info['extension']), $ext)) { die('wrong extension'); } $img_size = (string) filesize($path . $name); // Get the image size as string $mime_type = get_file_mime_type($path . $name); // Get the correct MIME type depending on the file. header('Pragma: private'); header('Cache-control: private, must-revalidate'); header("Content-Type: " . $mime_type); // Set the correct MIME type header("Content-Length: " . $img_size); header('Content-Disposition: attachment; filename="' . $name . '"'); readfile($path . $name); exit; }
public function save($bean, $params, $field, $vardef, $prefix = '') { $fakeDisplayParams = array(); $this->fillInOptions($vardef, $fakeDisplayParams); require_once 'include/upload_file.php'; $upload_file = new UploadFile($prefix . $field . '_file'); //remove file if (isset($_REQUEST['remove_file_' . $field]) && $params['remove_file_' . $field] == 1) { $upload_file->unlink_file($bean->{$field}); $bean->{$field} = ""; } $move = false; // In case of failure midway, we need to reset the values of the bean $originalvals = array('value' => $bean->{$field}); // Bug 57400 - Some beans with a filename field type do NOT have file_mime_type // or file_ext. In the case of Documents, for example, this happens to be // the case, since the DocumentRevisions bean is where these fields are found. if (isset($bean->file_mime_type)) { $originalvals['mime'] = $bean->file_mime_type; } if (isset($bean->file_ext)) { $originalvals['ext'] = $bean->file_ext; } if (isset($_FILES[$prefix . $field . '_file']) && $upload_file->confirm_upload()) { // in order to avoid any discrepancies of MIME type with the download code, // call the same MIME function instead of using the uploaded file's mime type property. $mimeType = get_file_mime_type($upload_file->get_temp_file_location(), 'application/octet-stream'); //verify the image if (in_array($mimeType, self::$imageFileMimeTypes) && !verify_image_file($upload_file->get_temp_file_location())) { $this->error = string_format($GLOBALS['app_strings']['LBL_UPLOAD_IMAGE_FILE_NOT_SUPPORTED'], array($upload_file->file_ext)); return; } $bean->{$field} = $upload_file->get_stored_file_name(); $bean->file_mime_type = $upload_file->mime_type; $bean->file_ext = $upload_file->file_ext; $move = true; } else { $this->error = $upload_file->getErrorMessage(); } if (!empty($params['isDuplicate']) && $params['isDuplicate'] == 'true') { // This way of detecting duplicates is used in Notes $old_id = $params['relate_id']; } if (!empty($params['duplicateSave']) && !empty($params['duplicateId'])) { // It's a duplicate $old_id = $params['duplicateId']; } // case when we should copy one file to another using merge-duplicate view // $params[$field . '_duplicateBeanId'] contains id of bean from // which we should copy file. if (!empty($params[$field . '_duplicateBeanId'])) { $duplicateModuleId = $params[$field . '_duplicateBeanId']; } // Backwards compatibility for fields that still use customCode to handle the file uploads if (!$move && empty($old_id) && isset($_FILES['uploadfile'])) { $upload_file = new UploadFile('uploadfile'); if ($upload_file->confirm_upload()) { $bean->{$field} = $upload_file->get_stored_file_name(); $bean->file_mime_type = $upload_file->mime_type; $bean->file_ext = $upload_file->file_ext; $move = true; } else { $this->error = $upload_file->getErrorMessage(); } } elseif (!$move && !empty($old_id) && isset($_REQUEST['uploadfile']) && !isset($_REQUEST[$prefix . $field . '_file'])) { // I think we are duplicating a backwards compatibility module. $upload_file = new UploadFile('uploadfile'); } if (empty($bean->id)) { $bean->id = create_guid(); $bean->new_with_id = true; } if ($move) { $temp = !empty($params['temp']); // Added checking of final move to capture errors that might occur if ($upload_file->final_move($bean->id, $temp)) { if (!$temp) { // This fixes an undefined index warning being thrown $docType = isset($vardef['docType']) && isset($params[$prefix . $vardef['docType']]) ? $params[$prefix . $vardef['docType']] : null; $upload_file->upload_doc($bean, $bean->id, $docType, $bean->{$field}, $upload_file->mime_type); } } else { // Reset the bean back to original, but only if we had set them. $bean->{$field} = $originalvals['value']; // See comments for these properties above in regards to Bug 57400 if (isset($originalvals['mime'])) { $bean->file_mime_type = $originalvals['mime']; } if (isset($originalvals['ext'])) { $bean->file_ext = $originalvals['ext']; } // Report the error $this->error = $upload_file->getErrorMessage(); } } elseif (!empty($old_id)) { // It's a duplicate, I think if (empty($vardef['docUrl']) || empty($params[$prefix . $vardef['docUrl']])) { $upload_file->duplicate_file($old_id, $bean->id, $bean->{$field}); } else { $docType = $vardef['docType']; $bean->{$docType} = $params[$prefix . $field . '_old_doctype']; } } elseif (!empty($params[$prefix . $field . '_remoteName'])) { // We aren't moving, we might need to do some remote linking $displayParams = array(); $this->fillInOptions($vardef, $displayParams); if (isset($params[$prefix . $vardef['docId']]) && !empty($params[$prefix . $vardef['docId']]) && isset($params[$prefix . $vardef['docType']]) && !empty($params[$prefix . $vardef['docType']])) { $bean->{$field} = $params[$prefix . $field . '_remoteName']; require_once 'include/utils/file_utils.php'; $extension = get_file_extension($bean->{$field}); if (!empty($extension)) { $bean->file_ext = $extension; $bean->file_mime_type = get_mime_content_type_from_filename($bean->{$field}); } } } elseif (!empty($duplicateModuleId)) { $upload_file->duplicate_file($duplicateModuleId, $bean->id, $bean->{$field}); $bean->{$field} = $params[$field]; require_once 'include/utils/file_utils.php'; $extension = get_file_extension($bean->{$field}); if (!empty($extension)) { $bean->file_ext = $extension; $bean->file_mime_type = get_mime_content_type_from_filename($bean->{$field}); } } if ($vardef['allowEapm'] == true && empty($bean->{$field})) { $GLOBALS['log']->info("The {$field} is empty, clearing out the lot"); // Looks like we are emptying this out $clearFields = array('docId', 'docType', 'docUrl', 'docDirectUrl'); foreach ($clearFields as $clearMe) { if (!isset($vardef[$clearMe])) { continue; } $clearField = $vardef[$clearMe]; $bean->{$clearField} = ''; } } }
/** * Determines MIME-type encoding as possible. * @param string $fileLocation relative path to file * @return string MIME-type */ function email2GetMime($fileLocation) { return get_file_mime_type($fileLocation, 'application/octet-stream'); }