Esempio n. 1
0
            } else {
                $Messages->add($error_message, 'error');
            }
        }
    }
    forget_param('renamedFiles');
    unset($renamedFiles);
    if ($upload_quickmode) {
        header_redirect(regenerate_url('ctrl', 'ctrl=files', '', '&'));
    }
}
// Process uploaded files:
if ($action != 'switchtab' && isset($_FILES) && count($_FILES)) {
    // Check that this action request is not a CSRF hacked request:
    $Session->assert_received_crumb('file');
    $upload_result = process_upload($fm_FileRoot->ID, $path, false, false, $upload_quickmode);
    if (isset($upload_result)) {
        $failedFiles = $upload_result['failedFiles'];
        $uploadedFiles = $upload_result['uploadedFiles'];
        $renamedFiles = $upload_result['renamedFiles'];
        $renamedMessages = $upload_result['renamedMessages'];
        foreach ($uploadedFiles as $uploadedFile) {
            $success_msg = sprintf(T_('The file «%s» has been successfully uploaded to the server.'), $uploadedFile->dget('name'));
            // Allow to insert/link new upload into currently edited link object:
            if ($mode == 'upload' && !empty($link_object_ID) && !empty($link_type)) {
                // The filemanager has been opened from a link owner object, offer to insert an img tag into original object.
                $LinkOwner = get_link_owner($link_type, $link_object_ID);
                // TODO: Add plugin hook to allow generating JS insert code(s)
                $img_tag = format_to_output($uploadedFile->get_tag(), 'formvalue');
                if ($uploadedFile->is_image()) {
                    $link_msg = $LinkOwner->translate('Link this image to your owner');
Esempio n. 2
0
    }
}
if ($commented_Item->can_attach() && ($action == 'preview' || $ok) && !empty($_FILES['uploadfile']) && !empty($_FILES['uploadfile']['size']) && !empty($_FILES['uploadfile']['size'][0])) {
    // attaching files is permitted
    $FileRootCache =& get_FileRootCache();
    if (is_logged_in()) {
        // registered user
        $root = FileRoot::gen_ID('user', $current_User->ID);
        $path = 'comments/p' . $commented_Item->ID;
    } else {
        // anonymous user
        $root = FileRoot::gen_ID('collection', $commented_Item->Blog->ID);
        $path = 'anonymous_comments/p' . $commented_Item->ID;
    }
    // process upload
    $result = process_upload($root, $path, true, false, false, false);
    if (!empty($result)) {
        $uploadedFiles = $result['uploadedFiles'];
        if (!empty($result['failedFiles'])) {
            // upload failed
            $Messages->add(T_('Couldn\'t attach selected file:') . $result['failedFiles'][0], 'warning');
        }
        if (!empty($uploadedFiles)) {
            // upload succeeded
            foreach ($uploadedFiles as $File) {
                if (empty($preview_attachments)) {
                    $preview_attachments = $File->ID;
                    //get_rdfp_rel_path();
                    // newly uploaded file must be checked by default
                    $checked_attachments = $File->ID;
                } else {
Esempio n. 3
0
// 'images' -> file input name attribute
if (empty($_FILES['images'])) {
    http_response_code(400);
    header('Content-Type: application/json');
    echo json_encode(array('result' => 'KO', 'error' => 'No files found for upload.'));
    exit;
}
// get the files posted
$images = $_FILES['images'];
$filenames = $images['name'];
$result = false;
$link = connect();
$ids = array();
for ($i = 0; $i < count($filenames); $i++) {
    $file = array('name' => $images['name'][$i], 'type' => $images['type'][$i], 'tmp_name' => $images['tmp_name'][$i], 'error' => $images['error'][$i], 'size' => $images['size'][$i]);
    $result = process_upload($file);
    if ($result === false || isset($result['error'])) {
        break;
    }
    $ids[] = $result['filename'];
}
$output = array();
if ($result !== false && !isset($result['error'])) {
    // if a collection name is defined, assume creation (we do not allow edition of collection names)
    if (isset($_POST['collection_name'])) {
        $sql = "INSERT INTO `image_collections` (`collectionname`) VALUES (:collectionname)";
        $stmt = $link->prepare($sql);
        $stmt->bindValue(':collectionname', $_POST['collection_name'], PDO::PARAM_STR);
        $stmt->execute();
        $collectionId = $link->lastInsertId();
    } else {
Esempio n. 4
0
 /**
  * Update user avatar file to the currently uploaded file
  *
  * @return mixed true on success, allowed action otherwise.
  */
 function update_avatar_from_upload()
 {
     global $current_User, $Messages, $Settings;
     if (!$current_User->can_moderate_user($this->ID) && $this->ID != $current_User->ID) {
         // user is only allowed to update him/herself
         $Messages->add(T_('You are only allowed to update your own profile!'), 'error');
         return 'view';
     }
     // process upload
     $FileRootCache =& get_FileRootCache();
     $root = FileRoot::gen_ID('user', $this->ID);
     $result = process_upload($root, 'profile_pictures', true, false, true, false, $Settings->get('min_picture_size'));
     if (empty($result)) {
         $Messages->add(T_('You don\'t have permission to selected user file root.'), 'error');
         return 'view';
     }
     $uploadedFiles = $result['uploadedFiles'];
     if (!empty($uploadedFiles)) {
         // upload was successful
         $File = $uploadedFiles[0];
         $duplicated_files = $File->get_duplicated_files(array('root_ID' => $this->ID));
         if (!empty($duplicated_files)) {
             // The file is the duplicate of other profile picture, we should delete it
             $File->dbdelete();
             $Messages->add(T_('It seems you are trying to upload the same profile picture twice.'), 'error');
             return 'edit';
         } elseif ($File->is_image()) {
             // uploaded file is an image
             $LinkOwner = new LinkUser($this);
             $File->link_to_Object($LinkOwner);
             $avatar_changed = false;
             if (empty($this->avatar_file_ID)) {
                 // set uploaded image as avatar
                 $this->set('avatar_file_ID', $File->ID, true);
                 // update profileupdate_date, because a publicly visible user property was changed
                 $this->set_profileupdate_date();
                 $this->dbupdate();
                 $avatar_changed = true;
                 $Messages->add(T_('Profile picture has been changed.'), 'success');
             } else {
                 // User already has the avatar
                 $Messages->add(T_('New picture has been uploaded.'), 'success');
             }
             // Clear previous Links to load new uploaded file
             $LinkOwner->clear_Links();
             // Send notification email about the changes of user account
             $this->send_account_changed_notification($avatar_changed, $File->ID);
             return true;
         } else {
             // uploaded file is not an image, delete the file
             $Messages->add(T_('The file you uploaded does not seem to be an image.'));
             $File->unlink();
         }
     }
     $failedFiles = $result['failedFiles'];
     if (!empty($failedFiles)) {
         $Messages->add($failedFiles[0]);
     }
     return 'edit';
 }
Esempio n. 5
0
    if ($command === 'rm' && isset($_POST['dst']) && !empty($_POST['dst'])) {
        // If error then out the error code
        if (true !== ($result = remove_file_obj($_POST['dst'], isset($_POST['rec']) ? true : false))) {
            echo (int) $result;
        }
    }
    exit;
}
/*------------------------------ End post request --------------------------------------------------*/
if (isset($_FILES['NewFile']) && !empty($_FILES['NewFile'])) {
    $_FILES['file'] = $_FILES['NewFile'];
}
/*------------------------------ Upload request ----------------------------------------------------*/
if ($CFG->enableUpload && isset($_FILES['file']) && !empty($_FILES['file'])) {
    // Upload file
    $ret = process_upload();
    if (isset($_GET['fckeditor']) && $ret) {
        echo <<<EOF
<script type="text/javascript">
(function(){var d=document.domain;while (true){try{var A=window.parent.document.domain;break;}catch(e) {};d=d.replace(/.*?(?:\\.|\$)/,'');if (d.length==0) break;try{document.domain=d;}catch (e){break;}}})();
EOF;
        $rpl = array('\\' => '\\\\', '"' => '\\"');
        $name = basename(strtr($ret[0], $rpl));
        echo 'window.parent.OnUploadCompleted(0,"' . $CFG->imgURL . '/' . $name . '","' . $name . '", "") ;';
        echo '</script>';
        exit;
    }
    exit;
}
/*-------------------------- End upload request and set upload limit -------------------------------*/
/*-------------------------------- Get request ------------------------------------------------------*/
Esempio n. 6
0
}
if (isset($_POST['update_thread'])) {
    //	var_dump($_POST);
    //	var_dump($threadInfo);
    //	var_dump($postInfo);
    //	 exit;
    if (!$_POST['subject'] || !$_POST['post']) {
        $error = "<div style='text-align:center'>" . LAN_27 . "</div>";
    } else {
        if (!isAuthor()) {
            require_once HEADERF;
            $ns->tablerender(LAN_95, "<div style='text-align:center'>" . LAN_96 . '</div>');
            require_once FOOTERF;
            exit;
        }
        if ($uploadResult = process_upload($postInfo['post_id'])) {
            $attachments = explode(',', $postInfo['post_attachments']);
            foreach ($uploadResult as $ur) {
                $_tmp = $ur['type'] . '*' . $ur['file'];
                if ($ur['thumb']) {
                    $_tmp .= '*' . $ur['thumb'];
                }
                if ($ur['fname']) {
                    $_tmp .= '*' . $ur['fname'];
                }
                $attachments[] = $_tmp;
            }
            $postVals['post_attachments'] = implode(',', $attachments);
        }
        $postVals['post_edit_datestamp'] = time();
        $postVals['post_edit_user'] = USERID;