function getAttachmentUrl($apli, $post_id, $att_id, $att_path, $att_type, $att_size, $att_inline = 0, $compteur, $visible = 0, $Mmod) { global $icon_dir, $img_dir, $forum; global $mimetype_default, $mime_dspfmt, $mime_renderers; global $DOCUMENTROOT; load_mimetypes(); $att_name = substr(strstr(basename($att_path), '.'), 1); $att_name = substr(strstr(basename($att_name), '.'), 1); $att_path = $DOCUMENTROOT . $att_path; if (!is_file($att_path)) { return ' <span class="text-danger" style="font-size: .65rem;">' . upload_translate("Fichier non trouvÈ") . ' : ' . $att_name . '</span>'; } if ($att_inline) { if (isset($mime_dspfmt[$att_type])) { $display_mode = $mime_dspfmt[$att_type]; } else { $display_mode = $mime_dspfmt[$mimetype_default]; } } else { $display_mode = ATT_DSP_LINK; } if ($Mmod) { global $userdata; $marqueurM = "&Mmod=" . substr($userdata[2], 8, 6); } else { $marqueurM = ""; } $att_url = "getfile.php?att_id={$att_id}&apli={$apli}" . $marqueurM . "&att_name=" . rawurlencode($att_name); if ($visible != 1) { $visible_wrn = ' <span class="text-danger" style="font-size: .65rem;">' . upload_translate("Fichier non visible") . '</span>'; } switch ($display_mode) { case ATT_DSP_IMG: // display as an embedded image $size = @getImageSize("{$att_path}"); // $img_size = verifsize( $size ); $img_size = 'style="max-width: 100%; height:auto;"'; $text = str_replace('"', '\\"', $mime_renderers[ATT_DSP_IMG]); eval("\$ret=stripSlashes(\"{$text}\");"); break; case ATT_DSP_PLAINTEXT: // display as embedded text, PRE-formatted $att_contents = str_replace("\\", "\\\\", htmlSpecialChars(join('', file($att_path)), ENT_COMPAT | ENT_HTML401, cur_charset)); $att_contents = word_wrap($att_contents); $text = str_replace('"', '\\"', $mime_renderers[ATT_DSP_PLAINTEXT]); eval("\$ret=\"{$text}\";"); break; case ATT_DSP_HTML: // display as embedded HTML text //au choix la source ou la page $att_contents = word_wrap(nl2br(scr_html(join("", file($att_path))))); //$att_contents = removeHack (join ("", file ($att_path))); $text = str_replace('"', '\\"', $mime_renderers[ATT_DSP_HTML]); eval("\$ret=stripSlashes(\"{$text}\");"); break; case ATT_DSP_SWF: // Embedded Macromedia Shockwave Flash $size = @getImageSize("{$att_path}"); $img_size = verifsize($size); $text = str_replace('"', '\\"', $mime_renderers[ATT_DSP_SWF]); eval("\$ret=stripSlashes(\"{$text}\");"); break; default: // display as link $Fichier = new FileManagement(); // essai class PHP7 // $Fichier = new File(""); // $att_size = $Fichier->Pretty_Size($att_size); $att_size = $Fichier->file_size_format($att_size, 1); $att_icon = att_icon($att_name); $text = str_replace('"', '\\"', $mime_renderers[ATT_DSP_LINK]); eval("\$ret=stripSlashes(\"{$text}\");"); break; } return $ret; }
/** * Copy one uploaded file to his destination and insert an entry in the database * @access private * @return boolean TRUE if OK */ function uploadFile($IdPost, $IdTopic, $name, $size, $type, $src_file, $inline = DEFAULT_INLINE) { global $MAX_FILE_SIZE; global $mimetypes, $mimetype_default; global $insert_base; settype($size, 'integer'); $this->errno = 0; # Check temporary file # -------------------- if (empty($src_file) || strcasecmp($src_file, 'none') == 0) { $this->errno = NO_FILE; return false; } # Check size # ---------- if ($size == 0) { $this->errno = FILE_EMPTY; return false; } else { $fsize = filesize($src_file); } if ($size != $fsize) { $this->errno = ERR_FILE; return FALSE; } if ($size > $MAX_FILE_SIZE) { $this->errno = FILE_TOO_BIG; return FALSE; } # Check name # ---------- if (empty($name)) { $this->errno = NO_FILE; return false; } $name = preg_replace('#[/\\\\:\\*\\?"<>|]#i', '_', rawurldecode($name)); # Check type and extension # ------------------------ load_mimetypes(); $suffix = strtoLower(substr(strrchr($name, '.'), 1)); if (isset($mimetypes[$suffix])) { $type = $mimetypes[$suffix]; } elseif (empty($type) || $type == 'application/octet-stream') { $type = $mimetype_default; } if (!$this->isAllowedFile($name, $type)) { $this->errno = INVALID_FILE_TYPE; return FALSE; } # Find the path to upload directory # ------------------------------------------- global $DOCUMENTROOT; $rep = $DOCUMENTROOT; settype($log_filename, "string"); if ($insert_base == true) { # insert attachment reference in database # --------------------------------------- $id = insertAttachment($this->apli, $IdPost, $IdTopic, $this->IdForum, $name, $this->upload_dir, $inline, $size, $type); if ($id <= 0) { $this->errno = DB_ERROR; return FALSE; } # copy temporary file to the upload directory # ------------------------------------------- $dest_file = $rep . $this->upload_dir . "{$id}." . $this->apli . ".{$name}"; $copyfunc = function_exists('move_uploaded_file') ? 'move_uploaded_file' : 'copy'; if (!$copyfunc($src_file, $dest_file)) { deleteAttachment($this->apli, $IdPost, $rep . $this->upload_dir, $id, $name); $this->errno = COPY_ERROR; return FALSE; } @chmod($dest_file, 0766); $log_filename = $dest_file; } else { if ($this->apli == "minisite") { # copy temporary file to the upload directory # ------------------------------------------- global $rep_upload_minisite; $copyfunc = function_exists('move_uploaded_file') ? 'move_uploaded_file' : 'copy'; if (!$copyfunc($src_file, $rep . $rep_upload_minisite . $name)) { $this->errno = COPY_ERROR; return FALSE; } @chmod($rep . $rep_upload_minisite . $name, 0766); $log_filename = $rep . $rep_upload_minisite . $name; } elseif ($this->apli == "editeur") { # copy temporary file to the upload directory # ------------------------------------------- global $rep_upload_editeur; $copyfunc = function_exists('move_uploaded_file') ? 'move_uploaded_file' : 'copy'; if (!$copyfunc($src_file, $rep . $rep_upload_editeur . $name)) { $this->errno = COPY_ERROR; return FALSE; } @chmod($rep . $rep_upload_editeur . $name, 0766); $log_filename = $rep . $rep_upload_editeur . $name; } else { return FALSE; } } Ecr_Log("security", "Upload File(s) : " . getip(), $log_filename); return TRUE; }