/** * Function to store the matching patch package for the currently installed VM version to the cache path * * @param array $d * @return boolean */ function getPatchPackage(&$d) { global $vm_mainframe, $vmLogger, $mosConfig_cachepath, $VM_LANG; $allowed_extensions = array('gz', 'zip'); if (empty($_FILES['uploaded_package']['tmp_name'])) { // retrieve the latest version number from virtuemart.net require_once ADMINPATH . 'version.php'; $VMVERSION = new vmVersion(); // This URL should return a string - the direct URL to the matching patch package $url = "http://virtuemart.net/index2.php?option=com_versions&catid=1&myVersion={$VMVERSION->RELEASE}&task=listpatchpackages&j=" . (vmIsJoomla('1.5') ? '1.5' : '1.0'); $result = vmConnector::handleCommunication($url); if (!empty($result) && (strncmp('http://dev.virtuemart.net', $result, 25) === 0 || strncmp('http://virtuemart.net', $result, 21) === 0)) { $filename = basename($result); $doc_id_pos = strpos($filename, '?'); if ($doc_id_pos > 0) { $filename = substr($filename, 0, $doc_id_pos); } // Was the package already downloaded? if (file_exists($mosConfig_cachepath . '/' . $filename)) { $vmLogger->info($VM_LANG->_('VM_UPDATE_PACKAGE_EXISTS') . ' ' . $mosConfig_cachepath . '/' . $filename); } else { // If not, store it on this server $patch_package = vmConnector::handleCommunication($result); if (!file_put_contents($mosConfig_cachepath . '/' . $filename, $patch_package)) { $vmLogger->err($VM_LANG->_('VM_UPDATE_ERR_STORE_FAILED')); return false; } } // cache the location of the stored package file $_SESSION['vm_updatepackage'] = $mosConfig_cachepath . '/' . $filename; } else { $vmLogger->err($VM_LANG->_('VM_UPDATE_ERR_RETRIEVE_FAILED')); return false; } if (vmIsXHR()) { $vm_mainframe->addResponseScript('parent.loadPage("' . $GLOBALS['sess']->url($_SERVER['PHP_SELF'] . '?page=admin.update_preview', false, false) . '");'); } return true; } else { // make sure the file name is safe for storage. $filename = vmSafeFileName($_FILES['uploaded_package']['name']); $fileinfo = pathinfo($filename); if (!in_array(strtolower($fileinfo['extension']), $allowed_extensions)) { $vmLogger->err('An invalid patch package extension was detected. Allowed Types: ' . implode(', ', $allowed_extensions)); return false; } // Handle the uploaded package file- the integrity validation is done in another function if (move_uploaded_file($_FILES['uploaded_package']['tmp_name'], $mosConfig_cachepath . '/' . $filename)) { $_SESSION['vm_updatepackage'] = $mosConfig_cachepath . '/' . $filename; if (vmIsXHR()) { $vm_mainframe->addResponseScript('parent.loadPage("' . $GLOBALS['sess']->url($_SERVER['PHP_SELF'] . '?page=admin.update_preview', false, false) . '");'); } } else { $vmLogger->err('Failed to store the uploaded patch package file.'); return false; } } }
/** * Validates an uploaded image. Creates UNIX commands to be used * by the process_images function, which has to be called after * the validation. * @author jep * @author soeren * @static * @param array $d * @param string $field_name The name of the field in the table $table, the image is assigned to [e.g. product_thumb_image] * @param string $table_name The name of a table in the database [e.g. #__{vm}_product] * @return boolean When the upload validation was sucessfull, true is returned, otherwise false */ function validate_image(&$d, $field_name, $table_name) { global $vmLogger; // The commands to be executed by the process_images // function are returned as strings in an array here. if (empty($d['image_commands']) || !empty($_REQUEST['image_commands'])) { unset($_REQUEST['image_commands']); $d['image_commands'] = array(); } // Generate the path to images $path = IMAGEPATH; $path .= $table_name . "/"; // Check permissions to write to destination directory // Workaround for Window$ if (strstr($path, ":")) { $path_begin = substr($path, strpos($path, ":") + 1, strlen($path)); $path = str_replace("//", "/", $path_begin); } if (!is_dir($path)) { mkdir($path, 0777); $vmLogger->debug('Had to create the directory ' . $path); } if (!is_writable($path) && !empty($_FILES[$field_name]["tmp_name"])) { $vmLogger->err('Cannot write to ' . $table_name . ' image directory: ' . $path); return false; } if (PSHOP_IMG_WIDTH == 0 or PSHOP_IMG_HEIGHT == 0) { $vmLogger->err('Thumb default height or width is set to 0! Cannot resize the image'); return false; } // Check for upload errors require_once CLASSPATH . 'ps_product_files.php'; ps_product_files::checkUploadedFile($field_name); // proof of concept fix by jmarsik 20090422 - safely move the uploaded file from upload_tmp_dir to temporary location (hopefully) included in open_basedir, following code will be much happier :) // if the file is not moved, following code will try to manipulate it using functions that check open_basedir (for example copy, file_exists, unlink, getimagesize) if (!empty($_FILES[$field_name]["tmp_name"]) && is_uploaded_file($_FILES[$field_name]["tmp_name"])) { $tmpfile_moved_from_uploaded_file = $path . "tmpForThumb_" . basename($_FILES[$field_name]["tmp_name"]); $vmLogger->debug("Moving file from " . $_FILES[$field_name]["tmp_name"] . " to " . $tmpfile_moved_from_uploaded_file . " (helps when upload_tmp_dir is not in open_basedir)"); move_uploaded_file($_FILES[$field_name]["tmp_name"], $tmpfile_moved_from_uploaded_file); $_FILES[$field_name]["tmp_name"] = $tmpfile_moved_from_uploaded_file; } $tmp_field_name = str_replace("thumb", "full", $field_name); // Class for resizing Thumbnails require_once CLASSPATH . "class.img2thumb.php"; if (@$d[$tmp_field_name . '_action'] == 'auto_resize') { // proof of concept fix by jmarsik 20090422 - safely move the uploaded file from upload_tmp_dir to temporary location (hopefully) included in open_basedir, following code will be much happier :) // if the file is not moved, following code will try to manipulate it using functions that check open_basedir (for example copy, file_exists, unlink, getimagesize) if (!empty($_FILES[$tmp_field_name]["tmp_name"]) && is_uploaded_file($_FILES[$tmp_field_name]["tmp_name"])) { $tmpfile_moved_from_uploaded_file = $path . "tmpForThumb_" . basename($_FILES[$tmp_field_name]["tmp_name"]); $vmLogger->debug("Moving file from " . $_FILES[$tmp_field_name]["tmp_name"] . " to " . $tmpfile_moved_from_uploaded_file . " (helps when upload_tmp_dir is not in open_basedir)"); move_uploaded_file($_FILES[$tmp_field_name]["tmp_name"], $tmpfile_moved_from_uploaded_file); $_FILES[$tmp_field_name]["tmp_name"] = $tmpfile_moved_from_uploaded_file; } // Resize the Full Image if (!empty($_FILES[$tmp_field_name]["tmp_name"])) { $full_file = $_FILES[$tmp_field_name]["tmp_name"]; $image_info = getimagesize($full_file); } elseif (!empty($d[$tmp_field_name . "_url"])) { $tmp_file_from_url = $full_file = ps_product_files::getRemoteFile($d[$tmp_field_name . "_url"]); if ($full_file) { $vmLogger->debug('Successfully fetched the image file from ' . $d[$tmp_field_name . "_url"] . ' for later resizing'); $image_info = getimagesize($full_file); } } if (!empty($image_info)) { if ($image_info[2] == 1) { if (function_exists("imagegif")) { $ext = ".gif"; $noimgif = ""; } else { $ext = ".jpg"; $noimgif = ".gif"; } } elseif ($image_info[2] == 2) { $ext = ".jpg"; $noimgif = ""; } elseif ($image_info[2] == 3) { $ext = ".png"; $noimgif = ""; } $vmLogger->debug('The resized Thumbnail will have extension ' . $noimgif . $ext); /* Generate Image Destination File Name */ if (!empty($d[$table_name . '_name'])) { $filename = substr($d[$table_name . '_name'], 0, 16); $filename = vmSafeFileName($filename); } else { $filename = md5('virtuemart'); } $to_file_thumb = uniqid($filename . '_'); $fileout = IMAGEPATH . "{$table_name}/resized/{$to_file_thumb}" . '_' . PSHOP_IMG_WIDTH . 'x' . PSHOP_IMG_HEIGHT . $noimgif . $ext; if (!file_exists(dirname($fileout))) { mkdir(dirname($fileout)); $vmLogger->debug('Created Directory ' . dirname($fileout)); } $neu = new Img2Thumb($full_file, PSHOP_IMG_WIDTH, PSHOP_IMG_HEIGHT, $fileout, 0, 255, 255, 255); $thumbname = 'resized/' . basename($fileout); $vmLogger->debug('Finished creating the thumbnail ' . $thumbname); if (isset($tmp_file_from_url)) { unlink(realpath($tmp_file_from_url)); } $tmp_field_name = str_replace("full", "thumb", $tmp_field_name); $tmp_field_name = str_replace("_url", "", $tmp_field_name); $_FILES[$tmp_field_name]['tmp_name'] = $fileout; $_FILES[$tmp_field_name]['name'] = $thumbname; $d[$tmp_field_name] = $thumbname; $curr_file = isset($_REQUEST[$tmp_field_name . "_curr"]) ? $_REQUEST[$tmp_field_name . "_curr"] : ""; if (!empty($curr_file)) { $delete = str_replace("\\", "/", realpath($path . "/" . $curr_file)); $d["image_commands"][] = array('command' => 'unlink', 'param1' => $delete); $vmLogger->debug('Preparing: delete old thumbnail image: ' . $delete); /* Remove the resized image if exists */ if (PSHOP_IMG_RESIZE_ENABLE == "1") { $pathinfo = pathinfo($delete); isset($pathinfo["dirname"]) or $pathinfo["dirname"] = ""; isset($pathinfo["extension"]) or $pathinfo["extension"] = ""; $filehash = basename($delete, "." . $pathinfo["extension"]); $resizedfilename = $pathinfo["dirname"] . "/resized/" . $filehash . "_" . PSHOP_IMG_WIDTH . "x" . PSHOP_IMG_HEIGHT . "." . $pathinfo["extension"]; $d["image_commands"][] = array('command' => 'unlink', 'param1' => $resizedfilename); $vmLogger->debug('Preparing: delete resized thumbnail ' . $resizedfilename); } } } } $temp_file = isset($_FILES[$field_name]['tmp_name']) ? $_FILES[$field_name]['tmp_name'] : ""; $file_type = isset($_FILES[$field_name]['type']) ? $_FILES[$field_name]['type'] : ""; $orig_file = isset($_FILES[$field_name]["name"]) ? $_FILES[$field_name]['name'] : ""; $curr_file = isset($_REQUEST[$field_name . "_curr"]) ? $_REQUEST[$field_name . "_curr"] : ""; /* Generate text to display in error messages */ if (stristr("thumb", $field_name)) { $image_type = "thumbnail image"; } elseif (stristr("full", $field_name)) { $image_type = "full image"; } else { $image_type = str_replace("_", " ", $field_name); } /* If User types "none" in Image Upload Field */ if (@$d[$field_name . "_action"] == "delete") { /* If there is a current image file */ if (!empty($curr_file)) { $delete = str_replace("\\", "/", realpath($path . "/" . $curr_file)); $d["image_commands"][] = array('command' => 'unlink', 'param1' => $delete); $vmLogger->debug('Preparing: delete old ' . $image_type . ' ' . $delete); /* Remove the resized image if exists */ if (PSHOP_IMG_RESIZE_ENABLE == "1" && $image_type == "thumbnail image") { $pathinfo = pathinfo($delete); isset($pathinfo["dirname"]) or $pathinfo["dirname"] = ""; isset($pathinfo["extension"]) or $pathinfo["extension"] = ""; $filehash = basename($delete, "." . $pathinfo["extension"]); $resizedfilename = $pathinfo["dirname"] . "/resized/" . $filehash . "_" . PSHOP_IMG_WIDTH . "x" . PSHOP_IMG_HEIGHT . "." . $pathinfo["extension"]; $d["image_commands"][] = array('command' => 'unlink', 'param1' => $resizedfilename); $vmLogger->debug('Preparing: delete resized thumbnail ' . $resizedfilename); } } $d[$field_name] = ""; return true; } elseif ($orig_file and $temp_file == "none") { $vmLogger->err($image_type . ' upload failed.'); return false; } else { // If nothing was entered in the Upload box, there is no image to process if (!$orig_file) { $d[$field_name] = $curr_file; return true; } } if (empty($temp_file)) { $vmLogger->err('The File Upload was not successful: there\'s no uploaded temporary file!'); return false; } /* Generate Image Destination File Name */ if (!empty($d[$table_name . '_name'])) { $filename = substr($d[$table_name . '_name'], 0, 16); $filename = vmSafeFileName($filename); } else { $filename = md5('virtuemart'); } $to_file = uniqid($filename . '_'); /* Check image file format */ if ($orig_file != "none") { $to_file .= $ext = '.' . Img2Thumb::GetImgType($temp_file); if (!$to_file) { $vmLogger->err($image_type . ' file is invalid: ' . $file_type . '.'); return false; } } /* ** If it gets to this point then there is an uploaded file in the system ** and it is a valid image file. */ /* If Updating */ if (!empty($curr_file)) { /* Command to remove old image file */ $delete = str_replace("\\", "/", realpath($path) . "/" . $curr_file); $d["image_commands"][] = array('command' => 'unlink', 'param1' => $delete); /* Remove the resized image if exists */ if (PSHOP_IMG_RESIZE_ENABLE == "1" && $image_type == "thumbnail image") { $pathinfo = pathinfo($delete); $filehash = basename($delete, "." . $pathinfo["extension"]); $resizedfilename = $pathinfo["dirname"] . "/resized/" . $filehash . "_" . PSHOP_IMG_WIDTH . "x" . PSHOP_IMG_HEIGHT . "." . $pathinfo["extension"]; $d["image_commands"][] = array('command' => 'unlink', 'param1' => $resizedfilename); $vmLogger->debug('Preparing: delete resized thumbnail ' . $resizedfilename); } } /* Command to move uploaded file into destination directory */ // Command to move uploaded file into destination directory $d["image_commands"][] = array('command' => 'move_uploaded_file', 'param1' => $temp_file, 'param2' => $path . $to_file); $d["image_commands"][] = array('command' => 'unlink', 'param1' => $temp_file); if (empty($d[$field_name])) { /* Return new image file name */ $d[$field_name] = $to_file; } return true; }