function process_post_data() { global $CONFIG, $mb_utf8_regex; global $lang_errors, $lang_editpics_php; $pid = (int) $_POST['id']; $aid = (int) $_POST['aid']; $pwidth = (int) $_POST['pwidth']; $pheight = (int) $_POST['pheight']; $title = $_POST['title']; $caption = $_POST['caption']; $keywords = $_POST['keywords']; $user1 = $_POST['user1']; $user2 = $_POST['user2']; $user3 = $_POST['user3']; $user4 = $_POST['user4']; $galleryicon = (int) $_POST['galleryicon']; $isgalleryicon = $galleryicon === $pid; // need to implement "Read EXIF info again" checkbox; comment out for now // $read_exif = isset($_POST['read_exif']); $reset_vcount = isset($_POST['reset_vcount']); $reset_votes = isset($_POST['reset_votes']); $del_comments = isset($_POST['del_comments']) || $delete; $result = cpg_db_query("SELECT * FROM {$CONFIG['TABLE_PICTURES']} AS p, {$CONFIG['TABLE_ALBUMS']} AS a WHERE a.aid = p.aid AND pid = '{$pid}'"); if (!mysql_num_rows($result)) { cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); } $pic = mysql_fetch_array($result); mysql_free_result($result); if (!(GALLERY_ADMIN_MODE || $pic['category'] == FIRST_USER_CAT + USER_ID || $CONFIG['users_can_edit_pics'] && $pic['owner_id'] == USER_ID) || !USER_ID) { cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__); } $update = "aid = '" . $aid . "'"; if (is_movie($pic['filename'])) { $update .= ", pwidth = " . $pwidth; $update .= ", pheight = " . $pheight; } $update .= ", title = '" . addslashes($title) . "'"; $update .= ", caption = '" . addslashes($caption) . "'"; $update .= ", keywords = '" . addslashes($keywords) . "'"; $update .= ", user1 = '" . addslashes($user1) . "'"; $update .= ", user2 = '" . addslashes($user2) . "'"; $update .= ", user3 = '" . addslashes($user3) . "'"; $update .= ", user4 = '" . addslashes($user4) . "'"; if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) { $sql = 'update ' . $CONFIG['TABLE_PICTURES'] . ' set galleryicon=0 where owner_id=' . $pic['owner_id'] . ';'; cpg_db_query($sql); $update .= ", galleryicon = " . addslashes($galleryicon); } if ($reset_vcount) { $update .= ", hits = '0'"; resetDetailHits($pid); } if ($reset_votes) { $update .= ", pic_rating = '0', votes = '0'"; resetDetailVotes($pid); } if ($del_comments) { $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='{$pid}'"; $result = cpg_db_query($query); } else { $query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid='{$pid}' LIMIT 1"; $result = cpg_db_query($query); } // rename a file if ($_POST['filename'] != $pic['filename']) { if ($CONFIG['thumb_use'] == 'ht' && $pic['pheight'] > $CONFIG['picture_width']) { $condition = true; } elseif ($CONFIG['thumb_use'] == 'wd' && $pic['pwidth'] > $CONFIG['picture_width']) { $condition = true; } elseif ($CONFIG['thumb_use'] == 'any' && max($pic['pwidth'], $pic['pheight']) > $CONFIG['picture_width']) { $condition = true; } else { $condition = false; } if ($CONFIG['make_intermediate'] && $condition) { $prefices = array('fullsize', 'normal', 'thumb'); } else { $prefices = array('fullsize', 'thumb'); } if (!is_image($pic['filename'])) { $prefices = array('fullsize'); } foreach ($prefices as $prefix) { $oldname = urldecode(get_pic_url($pic, $prefix)); $filename = replace_forbidden($_POST['filename']); $newname = str_replace($pic['filename'], $filename, $oldname); $old_mime = cpg_get_type($oldname); $new_mime = cpg_get_type($newname); if ($old_mime['mime'] != $new_mime['mime'] && isset($new_mime['mime'])) { cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['mime_conv'], $old_mime['mime'], $new_mime['mime']), __FILE__, __LINE__); } if (!is_known_filetype($newname)) { cpg_die(CRITICAL_ERROR, $lang_editpics_php['forb_ext'], __FILE__, __LINE__); } if (file_exists($newname)) { cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['file_exists'], $newname), __FILE__, __LINE__); } if (!file_exists($oldname)) { cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['src_file_missing'], $oldname), __FILE__, __LINE__); } if (rename($oldname, $newname)) { cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET filename = '{$filename}' WHERE pid = '{$pid}' LIMIT 1"); } else { cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['rename_failed'], $oldname, $newname), __FILE__, __LINE__); } } } }
} $dest_dir .= '/'; $filepath .= '/'; } else { $filepath = $CONFIG['userpics']; $dest_dir = $CONFIG['fullpath'] . $filepath; } // Check that target dir is writable if (!is_writable($dest_dir)) { cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['dest_dir_ro'], $dest_dir), __FILE__, __LINE__, true); } if (get_magic_quotes_gpc()) { $_FILES['userpicture']['name'] = stripslashes($_FILES['userpicture']['name']); } // Replace forbidden chars with underscores $picture_name = replace_forbidden($_FILES['userpicture']['name']); // Check that the file uploaded has a valid extension $matches = array(); if (!preg_match("/(.+)\\.(.*?)\\Z/", $picture_name, $matches)) { $matches[1] = 'invalid_fname'; $matches[2] = 'xxx'; } if ($matches[2] == '' || !is_known_filetype($matches)) { cpg_die(ERROR, sprintf($lang_db_input_php['err_invalid_fext'], $CONFIG['allowed_file_extensions']), __FILE__, __LINE__); } // Create a unique name for the uploaded file $nr = 0; $picture_name = $matches[1] . '.' . $matches[2]; while (file_exists($dest_dir . $picture_name)) { $picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2]; }
* @ignore */ define('IN_COPPERMINE', true); define('ADDPIC_PHP', true); require 'include/init.inc.php'; require 'include/picmgmt.inc.php'; if (!GALLERY_ADMIN_MODE) { die('Access denied'); } $aid = (int) $_GET['aid']; $pic_file = base64_decode($_GET['pic_file']); $dir_name = dirname($pic_file) . '/'; $file_name = basename($pic_file); # Create the holder $picture_name by translating the file name. # Translate any forbidden character into an underscore. $sane_name = replace_forbidden($file_name); $source = './' . $CONFIG['fullpath'] . $dir_name . $file_name; rename($source, './' . $CONFIG['fullpath'] . $dir_name . $sane_name); $sql = "SELECT pid FROM {$CONFIG['TABLE_PICTURES']} WHERE filepath='" . addslashes($dir_name) . "' AND filename='" . addslashes($file_name) . "' LIMIT 1"; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { $file_name = 'images/up_dup.gif'; } elseif (add_picture($aid, $dir_name, $sane_name)) { $file_name = 'images/up_ok.gif'; } else { $file_name = 'images/up_pb.gif'; echo $ERROR; } if (ob_get_length()) { ob_end_flush(); exit;
/** * getfoldercontent() * * return the files and directories of a folder in two arrays * * @param $folder the folder to read * @param $dir_array the array that will contain name of sub-dir * @param $pic_array the array that will contain name of picture * @param $expic_array an array that contains pictures already in db * @return */ function getfoldercontent($folder, &$dir_array, &$pic_array, &$expic_array) { global $CONFIG, $lang_db_input_php; $dir = opendir($CONFIG['fullpath'] . $folder); while ($file = readdir($dir)) { if (is_dir($CONFIG['fullpath'] . $folder . $file)) { if ($file != "." && $file != ".." && $CONFIG['fullpath'] . $folder . $file != $CONFIG['fullpath'] . '/edit' && $CONFIG['fullpath'] . $folder . $file != $CONFIG['fullpath'] . '/' . substr($CONFIG['userpics'], 0, strlen($CONFIG['userpics']) - 1)) { $dir_array[] = $file; } } if (is_file($CONFIG['fullpath'] . $folder . $file)) { if (strncmp($file, $CONFIG['thumb_pfx'], strlen($CONFIG['thumb_pfx'])) != 0 && strncmp($file, $CONFIG['normal_pfx'], strlen($CONFIG['normal_pfx'])) != 0 && $file != 'index.html') { $newfile = replace_forbidden($file); if ($newfile != $file) { //File name has been changed, let's get a unique filename and rename the existing file. $matches = array(); if (!preg_match("/(.+)\\.(.*?)\\Z/", $newfile, $matches)) { $matches[1] = 'invalid_fname'; $matches[2] = 'xxx'; } if ($matches[2] == '' || !is_known_filetype($matches)) { cpg_die(ERROR, sprintf($lang_db_input_php['err_invalid_fext'], $CONFIG['allowed_file_extensions']), __FILE__, __LINE__); } // Create a unique name for the uploaded file $nr = 0; $picture_name = $matches[1] . '.' . $matches[2]; while (file_exists($CONFIG['fullpath'] . $folder . $picture_name)) { $picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2]; } @rename($CONFIG['fullpath'] . $folder . $file, $CONFIG['fullpath'] . $folder . $picture_name); $file = $picture_name; } $pic_array[] = $file; } } } closedir($dir); natcasesort($dir_array); natcasesort($pic_array); }
$filepath = $CONFIG['userpics']; $dest_dir = $CONFIG['fullpath'] . $filepath; } // Check that target dir is writable if (!is_writable($dest_dir)) { cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['dest_dir_ro'], $dest_dir), __FILE__, __LINE__, true); } if (get_magic_quotes_gpc()) { //Using getRaw() as we have custom sanitization code below $picture_name = stripslashes($superCage->files->getRaw("/userpicture/name")); } else { $picture_name = $superCage->files->getRaw("/userpicture/name"); } $picture_name = CPGPluginAPI::filter('upload_file_name', $picture_name); // Replace forbidden chars (including white spaces and special chars) with underscores $picture_name = replace_forbidden($picture_name); // Check that the file uploaded has a valid extension if (!preg_match("/(.+)\\.(.*?)\\Z/", $picture_name, $matches)) { $matches[1] = 'invalid_fname'; $matches[2] = 'xxx'; } if ($matches[2] == '' || !is_known_filetype($matches)) { cpg_die(ERROR, $lang_db_input_php['err_invalid_fext'] . ' ' . $CONFIG['allowed_file_extensions'], __FILE__, __LINE__); } // Create a unique name for the uploaded file $nr = 0; $picture_name = $matches[1] . '.' . $matches[2]; while (file_exists($dest_dir . $picture_name)) { $picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2]; } $uploaded_pic = $dest_dir . $picture_name;
/** * getallpicindb() * * Fill an array where keys are the full path of all images in the picture table * * @param $pic_array the array to be filled * @return */ function getallpicindb(&$pic_array, $startdir) { global $CONFIG; $sql = "SELECT filepath, filename " . "FROM {$CONFIG['TABLE_PICTURES']} " . "WHERE filepath LIKE '{$startdir}%'"; $result = cpg_db_query($sql); while ($row = $result->fetchArray()) { $pic_file = $row['filepath'] . replace_forbidden($row['filename']); $pic_array[$pic_file] = 1; } $result->free(); }
$URI_failure_array[] = array('failure_ordinal' => $failure_ordinal, 'URI_name' => $_POST['URI_array'][$counter], 'error_code' => $lang_upload_php['incorrect_prefix']); // There is no need for further tests or action, so skip the remainder of the iteration. continue; } // To obtain the file name, we explode the URI into $pieces. $pieces = explode('/', $_POST['URI_array'][$counter]); // We pop off the end of the $pieces array to obtain the possible file name. $possible_file_name = array_pop($pieces); // Strip the hex equivalent for spaces from the possible file name and restore the spaces. $possible_file_name = strtr($possible_file_name, array("%20" => " ")); // Check possible filename and extension: // Check that the possible file name has a valid name and extension, and replace forbidden chars with underscores. // Initialise the $matches array. $matches = array(); // Create the holder $picture_name by translating the possible file name. Translate any forbidden character into an underscore. $picture_name = replace_forbidden($possible_file_name); // Analyze the file extension using regular expressions. if (!preg_match("/(.+)\\.(.*?)\\Z/", $picture_name, $matches)) { // The file name is invalid. $matches[1] = 'invalid_fname'; // Make a bogus file extension to tell Coppermine to use a different name. $matches[2] = 'xxx'; } // Set the variable $extension equal to $matches[2]. $extension = $matches[2]; // If there is no extension, or if the extension is unknown/not permitted by Coppermine, attenpt to detect a MIME type. if ($matches[2] == '' || !is_known_filetype($matches)) { // Check for stream_get_meta_data support. if (!function_exists('stream_get_meta_data')) { // We cannot get the header information for the file, so we reject the URI as unsafe. $URI_failure_array[] = array('failure_ordinal' => $failure_ordinal, 'URI_name' => $_POST['URI_array'][$counter], 'error_code' => $lang_upload_php['unsafe_URI']);
function process_post_data() { global $CONFIG, $USER_DATA, $lang_errors, $lang_editpics_php, $superCage; //Check if the form token is valid if (!checkFormToken()) { cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__); } $user_album_set = array(); $result = cpg_db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = " . (FIRST_USER_CAT + USER_ID) . " OR owner = " . USER_ID . " OR uploads = 'YES'"); while ($row = mysql_fetch_assoc($result)) { $user_album_set[$row['aid']] = 1; } mysql_free_result($result); $pid = $superCage->post->getInt('id'); $aid = $superCage->post->getInt('aid'); $pwidth = $superCage->post->getInt('pwidth'); $pheight = $superCage->post->getInt('pheight'); $title = cpgSanitizeUserTextInput($superCage->post->getEscaped('title')); $caption = cpgSanitizeUserTextInput($superCage->post->getEscaped('caption')); $keywords = cpgSanitizeUserTextInput(utf_replace($superCage->post->getEscaped('keywords'))); $user1 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user1')); $user2 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user2')); $user3 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user3')); $user4 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user4')); $galleryicon = $superCage->post->getInt('galleryicon'); $isgalleryicon = $galleryicon == $pid; $read_exif = $superCage->post->keyExists('read_exif') ? $superCage->post->getInt('read_exif') : 0; $reset_vcount = $superCage->post->keyExists('reset_vcount') ? $superCage->post->getInt('reset_vcount') : 0; $reset_votes = $superCage->post->keyExists('reset_votes') ? $superCage->post->getInt('reset_votes') : 0; $del_comments = $superCage->post->keyExists('del_comments') ? $superCage->post->getInt('del_comments') : 0; $result = cpg_db_query("SELECT category, owner_id, url_prefix, filepath, filename, pwidth, pheight, p.aid AS aid FROM {$CONFIG['TABLE_PICTURES']} AS p INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS a ON a.aid = p.aid WHERE pid = '{$pid}'"); if (!mysql_num_rows($result)) { cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); } $pic = mysql_fetch_assoc($result); mysql_free_result($result); if (!GALLERY_ADMIN_MODE && !MODERATOR_MODE && !USER_ADMIN_MODE && !user_is_allowed() && !$CONFIG['users_can_edit_pics']) { if ($pic['category'] != FIRST_USER_CAT + USER_ID) { cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); } if (!isset($user_album_set[$aid])) { cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); } } if (!USER_ID || !(GALLERY_ADMIN_MODE || $pic['category'] == FIRST_USER_CAT + USER_ID || $CONFIG['users_can_edit_pics'] && $pic['owner_id'] == USER_ID)) { cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__); } $result = cpg_db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid = '{$aid}'"); if (!mysql_num_rows($result)) { cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); } $new_alb = mysql_fetch_assoc($result); mysql_free_result($result); cpg_trim_keywords($keywords); $update = "aid = '{$aid}'"; if (is_movie($pic['filename'])) { $update .= ", pwidth = " . $pwidth; $update .= ", pheight = " . $pheight; } $update .= ", title = '{$title}'"; $update .= ", caption = '{$caption}'"; $update .= ", keywords = '{$keywords}'"; if (GALLERY_ADMIN_MODE) { $approved = $superCage->post->getAlpha('approved'); $update .= ", approved = '{$approved}'"; } elseif ($new_alb['category'] < FIRST_USER_CAT && $aid != $pic['aid']) { $approved = $USER_DATA['pub_upl_need_approval'] ? 'NO' : 'YES'; $update .= ", approved = '{$approved}'"; } elseif ($new_alb['category'] > FIRST_USER_CAT && $aid != $pic['aid'] && $pic['category'] < FIRST_USER_CAT) { $approved = $USER_DATA['priv_upl_need_approval'] ? 'NO' : 'YES'; $update .= ", approved = '{$approved}'"; } $update .= ", user1 = '{$user1}'"; $update .= ", user2 = '{$user2}'"; $update .= ", user3 = '{$user3}'"; $update .= ", user4 = '{$user4}'"; if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) { $sql = "UPDATE {$CONFIG['TABLE_PICTURES']} SET galleryicon = 0 WHERE owner_id = {$pic['owner_id']}"; cpg_db_query($sql); $update .= ", galleryicon = " . $galleryicon; } if ($reset_vcount) { $update .= ", hits = 0"; resetDetailHits($pid); } if ($reset_votes) { $update .= ", pic_rating = 0, votes = 0"; resetDetailVotes($pid); } if ($read_exif) { // If "read exif info again" is checked then just delete the entry from the exif table. // The new exif information will automatically be read when someone views the image. $query = "DELETE FROM {$CONFIG['TABLE_EXIF']} WHERE pid = '{$pid}'"; cpg_db_query($query); } if ($del_comments) { $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid = '{$pid}'"; cpg_db_query($query); } $query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid='{$pid}' LIMIT 1"; cpg_db_query($query); // Executes after a file update is committed CPGPluginAPI::action('after_edit_file', $pid); // rename a file if ($superCage->post->keyExists('filename')) { $post_filename = $superCage->post->getEscaped('filename'); } if ($post_filename != $pic['filename']) { if ($CONFIG['make_intermediate'] && cpg_picture_dimension_exceeds_intermediate_limit($pic['pwidth'], $pic['pheight'])) { $prefixes = array('fullsize', 'normal', 'thumb'); } else { $prefixes = array('fullsize', 'thumb'); } if ($CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) { $prefixes[] = 'orig'; } if (!is_image($pic['filename'])) { $prefixes = array('fullsize'); // Check for custom thumbnails $mime_content_old = cpg_get_type($pic['filename']); $mime_content_new = cpg_get_type(replace_forbidden($post_filename)); $file_base_name_old = str_replace('.' . $mime_content_old['extension'], '', basename($pic['filename'])); foreach (array('.gif', '.png', '.jpg') as $thumb_extension) { if (file_exists($CONFIG['fullpath'] . $pic['filepath'] . $CONFIG['thumb_pfx'] . $file_base_name_old . $thumb_extension)) { // Thumbnail found, check if it's the only file using that thumbnail $count = mysql_result(cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} WHERE filepath = '{$pic['filepath']}' AND filename LIKE '{$file_base_name_old}.%'"), 0); if ($count == 1) { $prefixes[] = 'thumb'; $custom_thumb = TRUE; break; } } } } $pic_prefix = array('thumb' => $CONFIG['thumb_pfx'], 'normal' => $CONFIG['normal_pfx'], 'orig' => $CONFIG['orig_pfx'], 'fullsize' => ''); $files_to_rename = array(); foreach ($prefixes as $prefix) { $oldname = urldecode($CONFIG['fullpath'] . $pic['filepath'] . $pic_prefix[$prefix] . $pic['filename']); $filename = replace_forbidden($post_filename); $newname = str_replace($pic['filename'], $filename, $oldname); if ($custom_thumb == TRUE && $prefix == 'thumb') { $oldname = str_replace('.' . $mime_content_old['extension'], $thumb_extension, $oldname); $newname = str_replace('.' . $mime_content_new['extension'], $thumb_extension, $newname); } $old_mime = cpg_get_type($oldname); $new_mime = cpg_get_type($newname); if ($old_mime['mime'] != $new_mime['mime'] && isset($new_mime['mime'])) { cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['mime_conv'], $old_mime['mime'], $new_mime['mime']), __FILE__, __LINE__); } if (!is_known_filetype($newname)) { cpg_die(CRITICAL_ERROR, $lang_editpics_php['forb_ext'], __FILE__, __LINE__); } if (file_exists($newname)) { cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['file_exists'], $newname), __FILE__, __LINE__); } if (!file_exists($oldname)) { cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['src_file_missing'], $oldname), __FILE__, __LINE__); } // Check if there will be no conflicts before doing anything $files_to_rename[] = array('oldname' => $oldname, 'filename' => $filename, 'newname' => $newname); } if (count($files_to_rename) > 0) { foreach ($files_to_rename as $file) { if (rename($file['oldname'], $file['newname'])) { cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET filename = '{$file['filename']}' WHERE pid = '{$pid}' LIMIT 1"); } else { cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['rename_failed'], $oldname, $newname), __FILE__, __LINE__); } } } } }
function process_picture() { global $CONFIG, $IMG_TYPES; global $lang_db_input_php, $lang_errors; $superCage = Inspekt::makeSuperCage(); @unlink(LOGFILE); if (!USER_ID || !USER_CAN_UPLOAD_PICTURES) { simple_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); } //$album = (int)$_GET['album']; $album = $superCage->get->getInt('album'); $title = ''; $caption = ''; $keywords = ''; $user1 = ''; $user2 = ''; $user3 = ''; $user4 = ''; $position = 0; // Check if the album id provided is valid if (!USER_IS_ADMIN) { $result = cpg_db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='{$album}' and category = '" . (USER_ID + FIRST_USER_CAT) . "'"); if (mysql_num_rows($result) == 0) { simple_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__); } $row = mysql_fetch_array($result); mysql_free_result($result); $category = $row['category']; } else { $result = cpg_db_query("SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='{$album}'"); if (mysql_num_rows($result) == 0) { simple_die(ERROR, $lang_db_input_php['unknown_album'], __FILE__, __LINE__); } $row = mysql_fetch_array($result); mysql_free_result($result); $category = $row['category']; } // Get position $result = cpg_db_query("SELECT position FROM {$CONFIG['TABLE_PICTURES']} WHERE aid='{$album}' order by position desc"); if (mysql_num_rows($result) == 0) { $position = 100; } else { $row = mysql_fetch_array($result); mysql_free_result($result); if ($row['position']) { $position = $row['position']; $position++; } } // Test if the filename of the temporary uploaded picture is empty // if ($_FILES['userpicture']['tmp_name'] == '') simple_die(ERROR, $lang_db_input_php['no_pic_uploaded'], __FILE__, __LINE__); if ($superCage->files->getRaw('/userpicture/tmp_name') == '') { simple_die(ERROR, $lang_db_input_php['no_pic_uploaded'], __FILE__, __LINE__); } // Create destination directory for pictures if (USER_ID && $CONFIG['silly_safe_mode'] != 1) { if (USER_IS_ADMIN && $category != USER_ID + FIRST_USER_CAT) { $filepath = 'wpw-' . date("Ymd"); } else { $filepath = $CONFIG['userpics'] . (USER_ID + FIRST_USER_CAT); } $dest_dir = $CONFIG['fullpath'] . $filepath; if (!is_dir($dest_dir)) { mkdir($dest_dir, octdec($CONFIG['default_dir_mode'])); if (!is_dir($dest_dir)) { simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_mkdir'], $dest_dir), __FILE__, __LINE__, true); } chmod($dest_dir, octdec($CONFIG['default_dir_mode'])); $fp = fopen($dest_dir . '/index.php', 'w'); fwrite($fp, ' '); fclose($fp); } $dest_dir .= '/'; $filepath .= '/'; } else { $filepath = $CONFIG['userpics']; $dest_dir = $CONFIG['fullpath'] . $filepath; } // Check that target dir is writable if (!is_writable($dest_dir)) { simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['dest_dir_ro'], $dest_dir), __FILE__, __LINE__, true); } $matches = array(); //if (get_magic_quotes_gpc()) $_FILES['userpicture']['name'] = stripslashes($_FILES['userpicture']['name']); //using getRaw as it will be sanitized in the code below in the preg_match. {SaWey} $filename = $superCage->files->getRaw('/userpicture/name'); if (get_magic_quotes_gpc()) { $filename = stripslashes($filename); } // Replace forbidden chars with underscores //$picture_name = replace_forbidden($_FILES['userpicture']['name']); $picture_name = replace_forbidden($filename); // Check that the file uploaded has a valid extension if (!preg_match("/(.+)\\.(.*?)\\Z/", $picture_name, $matches)) { $matches[1] = 'invalid_fname'; $matches[2] = 'xxx'; } if ($matches[2] == '' || !is_known_filetype($matches)) { simple_die(ERROR, sprintf($lang_db_input_php['err_invalid_fext'], $CONFIG['allowed_file_extensions']), __FILE__, __LINE__); } // Create a unique name for the uploaded file $nr = 0; $picture_name = $matches[1] . '.' . $matches[2]; while (file_exists($dest_dir . $picture_name)) { $picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2]; } $uploaded_pic = $dest_dir . $picture_name; // Move the picture into its final location if (!move_uploaded_file($superCage->files->getRaw('/userpicture/tmp_name'), $uploaded_pic)) { simple_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_move'], $picture_name, $dest_dir), __FILE__, __LINE__, true); } // Change file permission chmod($uploaded_pic, octdec($CONFIG['default_file_mode'])); // Check file size. Delete if it is excessive. if (filesize($uploaded_pic) > $CONFIG['max_upl_size'] << 10) { @unlink($uploaded_pic); simple_die(ERROR, sprintf($lang_db_input_php['err_imgsize_too_large'], $CONFIG['max_upl_size']), __FILE__, __LINE__); } elseif (is_image($picture_name)) { // Get picture information $imginfo = getimagesize($uploaded_pic); // cpg_getimagesize does not recognize the file as a picture if ($imginfo == null) { @unlink($uploaded_pic); simple_die(ERROR, $lang_db_input_php['err_invalid_img'], __FILE__, __LINE__, true); } // JPEG and PNG only are allowed with GD //if ($imginfo[2] != GIS_JPG && $imginfo[2] != GIS_PNG && ($CONFIG['thumb_method'] == 'gd1' || $CONFIG['thumb_method'] == 'gd2')) { if ($imginfo[2] != GIS_JPG && $imginfo[2] != GIS_PNG && $CONFIG['GIF_support'] == 0) { @unlink($uploaded_pic); simple_die(ERROR, $lang_errors['gd_file_type_err'], __FILE__, __LINE__, true); } // Check that picture size (in pixels) is lower than the maximum allowed if (max($imginfo[0], $imginfo[1]) > $CONFIG['max_upl_width_height']) { if (USER_IS_ADMIN && $CONFIG['auto_resize'] == 1 || !USER_IS_ADMIN && $CONFIG['auto_resize'] > 0) { //resize_image($uploaded_pic, $uploaded_pic, $CONFIG['max_upl_width_height'], $CONFIG['thumb_method'], $imginfo[0] > $CONFIG['max_upl_width_height'] ? 'wd' : 'ht'); resize_image($uploaded_pic, $uploaded_pic, $CONFIG['max_upl_width_height'], $CONFIG['thumb_method'], $CONFIG['thumb_use']); } else { @unlink($uploaded_pic); simple_die(ERROR, sprintf($lang_db_input_php['err_fsize_too_large'], $CONFIG['max_upl_width_height'], $CONFIG['max_upl_width_height']), __FILE__, __LINE__); } } } // Create thumbnail and internediate image and add the image into the DB $result = add_picture($album, $filepath, $picture_name, $position, $title, $caption, $keywords, $user1, $user2, $user3, $user4, $category); if ($result !== true) { @unlink($uploaded_pic); simple_die(CRITICAL_ERROR, isset($result['error']) ? $result['error'] : sprintf($lang_db_input_php['err_insert_pic'], $uploaded_pic) . '<br /><br />' . $ERROR, __FILE__, __LINE__, true); } else { echo "SUCCESS"; exit; } }
$transitory_file_name = $superCage->post->getRaw('file_name'); $album = $superCage->post->getInt('album'); $title = $superCage->post->getRaw('title'); $caption = $superCage->post->getRaw('caption'); $keywords = $superCage->post->getRaw('keywords'); $user1 = $superCage->post->getRaw('user1'); $user2 = $superCage->post->getRaw('user2'); $user3 = $superCage->post->getRaw('user3'); $user4 = $superCage->post->getRaw('user4'); //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ // We must check the file name for security reasons. if (get_magic_quotes_gpc()) { $transitory_file_name = stripslashes($transitory_file_name); } // Replace forbidden chars with underscores $picture_name = replace_forbidden($transitory_file_name); // Check that the file uploaded has a valid extension $matches = array(); if (!preg_match("/(.+)\\.(.*?)\\Z/", $picture_name, $matches)) { $matches[1] = 'invalid_fname'; $matches[2] = 'xxx'; } if ($matches[2] == '' || !stristr($CONFIG['allowed_file_extensions'], $matches[2])) { cpg_die(ERROR, $lang_image_processor_php['err_invalid_fext'], __FILE__, __LINE__); } //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ // Now let us delete the old preview image. First, we must verify the image path and preview path // have not been altered too severely. //Create the search strings. $preview_search_string = "^" . $preview_image_directory . ""; $primary_search_string = "^" . $transitory_file_directory . "";
function process_post_data() { global $CONFIG, $mb_utf8_regex; global $lang_errors, $lang_editpics_php; $superCage = Inspekt::makeSuperCage(); $pid = $superCage->post->getInt('id'); $aid = $superCage->post->getInt('aid'); $pwight = $superCage->post->getInt('pwidth'); $pheight = $superCage->post->getInt('pheight'); $title = cpgSanitizeUserTextInput($superCage->post->getEscaped('title')); $caption = cpgSanitizeUserTextInput($superCage->post->getEscaped('caption')); $keywords = cpgSanitizeUserTextInput(utf_replace($superCage->post->getEscaped('keywords'))); $user1 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user1')); $user2 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user2')); $user3 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user3')); $user4 = cpgSanitizeUserTextInput($superCage->post->getEscaped('user4')); $galleryicon = $superCage->post->getInt('galleryicon'); $isgalleryicon = $galleryicon === $pid; if ($superCage->post->keyExists('read_exif')) { $read_exif = $superCage->post->getInt('read_exif'); } if ($superCage->post->keyExists('reset_vcount')) { $reset_vcount = $superCage->post->getInt('reset_vcount'); } if ($superCage->post->keyExists('reset_votes')) { $reset_votes = $superCage->post->getInt('reset_votes'); } if ($superCage->post->keyExists('del_comments')) { $del_comments = $superCage->post->getInt('del_comments') || $delete; } $result = cpg_db_query("SELECT * FROM {$CONFIG['TABLE_PICTURES']} AS p, {$CONFIG['TABLE_ALBUMS']} AS a WHERE a.aid = p.aid AND pid = '{$pid}'"); if (!mysql_num_rows($result)) { cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); } $pic = mysql_fetch_array($result); mysql_free_result($result); if (!(GALLERY_ADMIN_MODE || $pic['category'] == FIRST_USER_CAT + USER_ID || $CONFIG['users_can_edit_pics'] && $pic['owner_id'] == USER_ID) || !USER_ID) { cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__); } $update = "aid = '" . $aid . "'"; if (is_movie($pic['filename'])) { $update .= ", pwidth = " . $pwidth; $update .= ", pheight = " . $pheight; } $update .= ", title = '" . $title . "'"; $update .= ", caption = '" . $caption . "'"; $update .= ", keywords = '" . $keywords . "'"; if (GALLERY_ADMIN_MODE) { $approved = $superCage->post->getAlpha('approved'); $update .= ", approved = '" . $approved . "'"; } $update .= ", user1 = '" . $user1 . "'"; $update .= ", user2 = '" . $user2 . "'"; $update .= ", user3 = '" . $user3 . "'"; $update .= ", user4 = '" . $user4 . "'"; if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) { $sql = 'update ' . $CONFIG['TABLE_PICTURES'] . ' set galleryicon=0 where owner_id=' . $pic['owner_id'] . ';'; cpg_db_query($sql); $update .= ", galleryicon = " . $galleryicon; } if ($reset_vcount) { $update .= ", hits = '0'"; resetDetailHits($pid); } if ($reset_votes) { $update .= ", pic_rating = '0', votes = '0'"; resetDetailVotes($pid); } if ($read_exif) { $filepath = urldecode(get_pic_url($pic, 'fullsize')); // If read exif info again is checked then we will just delete the entry from exif table. The new exif information will automatically be read when someone views the image. $query = "DELETE FROM {$CONFIG['TABLE_EXIF']} WHERE filename = '{$filepath}'"; cpg_db_query($query); } if ($del_comments) { $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='{$pid}'"; $result = cpg_db_query($query); } else { $query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid='{$pid}' LIMIT 1"; $result = cpg_db_query($query); } // rename a file if ($superCage->post->keyExists('filename') && ($matches = $superCage->post->getMatched('filename', '/^[0-9A-Za-z\\/_.-]+$/'))) { $post_filename = $matches[0]; } if ($post_filename != $pic['filename']) { if ($CONFIG['thumb_use'] == 'ht' && $pic['pheight'] > $CONFIG['picture_width']) { $condition = true; } elseif ($CONFIG['thumb_use'] == 'wd' && $pic['pwidth'] > $CONFIG['picture_width']) { $condition = true; } elseif ($CONFIG['thumb_use'] == 'any' && max($pic['pwidth'], $pic['pheight']) > $CONFIG['picture_width']) { $condition = true; } else { $condition = false; } if ($CONFIG['make_intermediate'] && $condition) { $prefices = array('fullsize', 'normal', 'thumb'); } else { $prefices = array('fullsize', 'thumb'); } if ($CONFIG['enable_watermark'] == '1' && ($CONFIG['which_files_to_watermark'] == 'both' || $CONFIG['which_files_to_watermark'] == 'original')) { $prefices[] = 'orig'; } if (!is_image($pic['filename'])) { $prefices = array('fullsize'); } foreach ($prefices as $prefix) { // OVI // $oldname = urldecode(get_pic_url($pic, $prefix)); $oldname = urldecode(get_pic_url($pic, $prefix, false, true)); // OVI $filename = replace_forbidden($post_filename); $newname = str_replace($pic['filename'], $filename, $oldname); $old_mime = cpg_get_type($oldname); $new_mime = cpg_get_type($newname); if ($old_mime['mime'] != $new_mime['mime'] && isset($new_mime['mime'])) { cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['mime_conv'], $old_mime['mime'], $new_mime['mime']), __FILE__, __LINE__); } if (!is_known_filetype($newname)) { cpg_die(CRITICAL_ERROR, $lang_editpics_php['forb_ext'], __FILE__, __LINE__); } // OVI //if (file_exists($newname)) //cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['file_exists'], $newname), __FILE__, __LINE__); //if (!file_exists($oldname)) //cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['src_file_missing'], $oldname), __FILE__, __LINE__); // OVI // OVI $imageContainer = new FileContainer($pic['pid'], $pic['owner_id']); $imageContainer->original_path = $oldname; //echo $imageContainer->original_path." ".$newname;exit(1); global $storage; if (!$storage->rename_file($imageContainer, $newname)) { cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['rename_failed'], $oldname, $newname), __FILE__, __LINE__); } // OVI /*if (rename($oldname, $newname)) { cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET filename = '$filename' WHERE pid = '$pid' LIMIT 1"); } else cpg_die(CRITICAL_ERROR, sprintf($lang_editpics_php['rename_failed'], $oldname, $newname), __FILE__, __LINE__); */ } // foreach // OVI cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET filename = '{$filename}' WHERE pid = '{$pid}' LIMIT 1"); // OVI } }