} else { $Messages->add($error_message, 'error'); } } } forget_param('renamedFiles'); unset($renamedFiles); if ($upload_quickmode) { header_redirect(regenerate_url('ctrl', 'ctrl=files', '', '&')); } } // Process uploaded files: if ($action != 'switchtab' && isset($_FILES) && count($_FILES)) { // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('file'); $upload_result = process_upload($fm_FileRoot->ID, $path, false, false, $upload_quickmode); if (isset($upload_result)) { $failedFiles = $upload_result['failedFiles']; $uploadedFiles = $upload_result['uploadedFiles']; $renamedFiles = $upload_result['renamedFiles']; $renamedMessages = $upload_result['renamedMessages']; foreach ($uploadedFiles as $uploadedFile) { $success_msg = sprintf(T_('The file «%s» has been successfully uploaded to the server.'), $uploadedFile->dget('name')); // Allow to insert/link new upload into currently edited link object: if ($mode == 'upload' && !empty($link_object_ID) && !empty($link_type)) { // The filemanager has been opened from a link owner object, offer to insert an img tag into original object. $LinkOwner = get_link_owner($link_type, $link_object_ID); // TODO: Add plugin hook to allow generating JS insert code(s) $img_tag = format_to_output($uploadedFile->get_tag(), 'formvalue'); if ($uploadedFile->is_image()) { $link_msg = $LinkOwner->translate('Link this image to your owner');
} } if ($commented_Item->can_attach() && ($action == 'preview' || $ok) && !empty($_FILES['uploadfile']) && !empty($_FILES['uploadfile']['size']) && !empty($_FILES['uploadfile']['size'][0])) { // attaching files is permitted $FileRootCache =& get_FileRootCache(); if (is_logged_in()) { // registered user $root = FileRoot::gen_ID('user', $current_User->ID); $path = 'comments/p' . $commented_Item->ID; } else { // anonymous user $root = FileRoot::gen_ID('collection', $commented_Item->Blog->ID); $path = 'anonymous_comments/p' . $commented_Item->ID; } // process upload $result = process_upload($root, $path, true, false, false, false); if (!empty($result)) { $uploadedFiles = $result['uploadedFiles']; if (!empty($result['failedFiles'])) { // upload failed $Messages->add(T_('Couldn\'t attach selected file:') . $result['failedFiles'][0], 'warning'); } if (!empty($uploadedFiles)) { // upload succeeded foreach ($uploadedFiles as $File) { if (empty($preview_attachments)) { $preview_attachments = $File->ID; //get_rdfp_rel_path(); // newly uploaded file must be checked by default $checked_attachments = $File->ID; } else {
// 'images' -> file input name attribute if (empty($_FILES['images'])) { http_response_code(400); header('Content-Type: application/json'); echo json_encode(array('result' => 'KO', 'error' => 'No files found for upload.')); exit; } // get the files posted $images = $_FILES['images']; $filenames = $images['name']; $result = false; $link = connect(); $ids = array(); for ($i = 0; $i < count($filenames); $i++) { $file = array('name' => $images['name'][$i], 'type' => $images['type'][$i], 'tmp_name' => $images['tmp_name'][$i], 'error' => $images['error'][$i], 'size' => $images['size'][$i]); $result = process_upload($file); if ($result === false || isset($result['error'])) { break; } $ids[] = $result['filename']; } $output = array(); if ($result !== false && !isset($result['error'])) { // if a collection name is defined, assume creation (we do not allow edition of collection names) if (isset($_POST['collection_name'])) { $sql = "INSERT INTO `image_collections` (`collectionname`) VALUES (:collectionname)"; $stmt = $link->prepare($sql); $stmt->bindValue(':collectionname', $_POST['collection_name'], PDO::PARAM_STR); $stmt->execute(); $collectionId = $link->lastInsertId(); } else {
/** * Update user avatar file to the currently uploaded file * * @return mixed true on success, allowed action otherwise. */ function update_avatar_from_upload() { global $current_User, $Messages, $Settings; if (!$current_User->can_moderate_user($this->ID) && $this->ID != $current_User->ID) { // user is only allowed to update him/herself $Messages->add(T_('You are only allowed to update your own profile!'), 'error'); return 'view'; } // process upload $FileRootCache =& get_FileRootCache(); $root = FileRoot::gen_ID('user', $this->ID); $result = process_upload($root, 'profile_pictures', true, false, true, false, $Settings->get('min_picture_size')); if (empty($result)) { $Messages->add(T_('You don\'t have permission to selected user file root.'), 'error'); return 'view'; } $uploadedFiles = $result['uploadedFiles']; if (!empty($uploadedFiles)) { // upload was successful $File = $uploadedFiles[0]; $duplicated_files = $File->get_duplicated_files(array('root_ID' => $this->ID)); if (!empty($duplicated_files)) { // The file is the duplicate of other profile picture, we should delete it $File->dbdelete(); $Messages->add(T_('It seems you are trying to upload the same profile picture twice.'), 'error'); return 'edit'; } elseif ($File->is_image()) { // uploaded file is an image $LinkOwner = new LinkUser($this); $File->link_to_Object($LinkOwner); $avatar_changed = false; if (empty($this->avatar_file_ID)) { // set uploaded image as avatar $this->set('avatar_file_ID', $File->ID, true); // update profileupdate_date, because a publicly visible user property was changed $this->set_profileupdate_date(); $this->dbupdate(); $avatar_changed = true; $Messages->add(T_('Profile picture has been changed.'), 'success'); } else { // User already has the avatar $Messages->add(T_('New picture has been uploaded.'), 'success'); } // Clear previous Links to load new uploaded file $LinkOwner->clear_Links(); // Send notification email about the changes of user account $this->send_account_changed_notification($avatar_changed, $File->ID); return true; } else { // uploaded file is not an image, delete the file $Messages->add(T_('The file you uploaded does not seem to be an image.')); $File->unlink(); } } $failedFiles = $result['failedFiles']; if (!empty($failedFiles)) { $Messages->add($failedFiles[0]); } return 'edit'; }
if ($command === 'rm' && isset($_POST['dst']) && !empty($_POST['dst'])) { // If error then out the error code if (true !== ($result = remove_file_obj($_POST['dst'], isset($_POST['rec']) ? true : false))) { echo (int) $result; } } exit; } /*------------------------------ End post request --------------------------------------------------*/ if (isset($_FILES['NewFile']) && !empty($_FILES['NewFile'])) { $_FILES['file'] = $_FILES['NewFile']; } /*------------------------------ Upload request ----------------------------------------------------*/ if ($CFG->enableUpload && isset($_FILES['file']) && !empty($_FILES['file'])) { // Upload file $ret = process_upload(); if (isset($_GET['fckeditor']) && $ret) { echo <<<EOF <script type="text/javascript"> (function(){var d=document.domain;while (true){try{var A=window.parent.document.domain;break;}catch(e) {};d=d.replace(/.*?(?:\\.|\$)/,'');if (d.length==0) break;try{document.domain=d;}catch (e){break;}}})(); EOF; $rpl = array('\\' => '\\\\', '"' => '\\"'); $name = basename(strtr($ret[0], $rpl)); echo 'window.parent.OnUploadCompleted(0,"' . $CFG->imgURL . '/' . $name . '","' . $name . '", "") ;'; echo '</script>'; exit; } exit; } /*-------------------------- End upload request and set upload limit -------------------------------*/ /*-------------------------------- Get request ------------------------------------------------------*/
} if (isset($_POST['update_thread'])) { // var_dump($_POST); // var_dump($threadInfo); // var_dump($postInfo); // exit; if (!$_POST['subject'] || !$_POST['post']) { $error = "<div style='text-align:center'>" . LAN_27 . "</div>"; } else { if (!isAuthor()) { require_once HEADERF; $ns->tablerender(LAN_95, "<div style='text-align:center'>" . LAN_96 . '</div>'); require_once FOOTERF; exit; } if ($uploadResult = process_upload($postInfo['post_id'])) { $attachments = explode(',', $postInfo['post_attachments']); foreach ($uploadResult as $ur) { $_tmp = $ur['type'] . '*' . $ur['file']; if ($ur['thumb']) { $_tmp .= '*' . $ur['thumb']; } if ($ur['fname']) { $_tmp .= '*' . $ur['fname']; } $attachments[] = $_tmp; } $postVals['post_attachments'] = implode(',', $attachments); } $postVals['post_edit_datestamp'] = time(); $postVals['post_edit_user'] = USERID;