function OnCommentAdd($entityType, $entityID, &$arPost) { global $USER; $arParams =& $this->component->arParams; $arResult =& $this->component->arResult; $iFileSize = intval(COption::GetOptionString("forum", "file_max_size", 5242880)); $_REQUEST['FILE_NEW'] = isset($_REQUEST['FILE_NEW']) && is_array($_REQUEST['FILE_NEW']) ? $_REQUEST['FILE_NEW'] : array(); $arPost["FILES"] = array(); foreach ($_REQUEST['FILE_NEW'] as $fileID) { $arPost["FILES"][$fileID] = array("FILE_ID" => $fileID); $attach_file = CFile::MakeFileArray(intval($fileID)); $attach = ""; if ($attach_file && is_set($attach_file, "name")) { if ($arParams["ALLOW_UPLOAD"] == "Y") { $attach = CFile::CheckImageFile($attach_file, $iFileSize, 0, 0); } elseif ($arParams["ALLOW_UPLOAD"] == "F") { $attach = CFile::CheckFile($attach_file, $iFileSize, false, $arParams["ALLOW_UPLOAD_EXT"]); } elseif ($arParams["ALLOW_UPLOAD"] == "A") { $attach = CFile::CheckFile($attach_file, $iFileSize, false, false); } if ($attach != '') { unset($arPost['FILES'][$fileID]); $arPost['ERROR'] = $attach_file['name'] . ': ' . $attach; return false; } } } return true; }
$arFile = array( "name" => $fileName, "size" => $_FILES["mfi_files"]["size"][$i], "tmp_name" => $_FILES["mfi_files"]["tmp_name"][$i], "type" => $_FILES["mfi_files"]["type"][$i], "MODULE_ID" => $mid ); $res = ''; if ($arParams["ALLOW_UPLOAD"] == "I"): $res = CFile::CheckImageFile($arFile, $max_file_size, 0, 0); elseif ($arParams["ALLOW_UPLOAD"] == "F"): $res = CFile::CheckFile($arFile, $max_file_size, false, $arParams["ALLOW_UPLOAD_EXT"]); else: $res = CFile::CheckFile($arFile, $max_file_size, false, false); endif; if (strlen($res) <= 0) { $fileID = CFile::SaveFile($arFile, $mid); $tmp = array( "fileName" => $fileName, "fileID" => $fileID ); if ($fileID) { if (!isset($_SESSION["MFI_UPLOADED_FILES_".$cid])) {
public static function TryUploadFile(&$result, $options = array()) { //Options initialization --> $ownerTypeID = isset($options['OWNER_TYPE_ID']) ? intval($options['OWNER_TYPE_ID']) : CCrmOwnerType::Undefined; if ($ownerTypeID !== CCrmOwnerType::Undefined && !CCrmOwnerType::IsDefined($ownerTypeID)) { $ownerTypeID = CCrmOwnerType::Undefined; } $ownerID = isset($options['OWNER_ID']) ? max(intval($options['OWNER_ID']), 0) : 0; $scope = isset($options['SCOPE']) ? strtoupper($options['SCOPE']) : ''; if (!in_array($scope, array('I', 'A', 'F'), true)) { $scope = ''; } $extensions = isset($options['EXTENSIONS']) && is_array($options['EXTENSIONS']) ? $options['EXTENSIONS'] : array(); $maxFileSize = isset($options['MAX_FILE_SIZE']) ? max(intval($options['MAX_FILE_SIZE']), 0) : 0; //<-- Options initialization if (!is_array($result)) { $result = array(); } $file = is_array($_FILES) && isset($_FILES['file']) ? $_FILES['file'] : null; if (!is_array($file)) { $result['ERROR_MESSAGE'] = 'No files'; return false; } $file['MODULE_ID'] = 'crm'; if ($scope === 'I') { $error = CFile::CheckImageFile($file, $maxFileSize, 0, 0); } elseif ($scope === 'F') { $error = CFile::CheckFile($file, $maxFileSize, false, implode(',', $extensions)); } else { $error = CFile::CheckFile($file, $maxFileSize, false, false); } $isValid = !(is_string($error) && $error !== ''); if (!$isValid) { $result['ERROR_MESSAGE'] = $error; return false; } $fileID = CFile::SaveFile($file, 'crm'); if (!is_int($fileID) || $fileID <= 0) { $result['ERROR_MESSAGE'] = 'General error.'; return false; } if ($ownerTypeID != CCrmOwnerType::Undefined) { $key = 'CRM_MBL_' . CCrmOwnerType::ResolveName($ownerTypeID) . '_' . $ownerID . '_FILES'; if (!isset($_SESSION[$key])) { $_SESSION[$key] = array(); } $_SESSION[$key][] = $fileID; } $result['FILE_ID'] = $fileID; return true; }
if (isset($arrAdvert['PARENTS'][$intParentId][$arrFieldProp[$strNameField]]) && count($arrAdvert['PARENTS'][$intParentId][$arrFieldProp[$strNameField]])) { foreach ($arrAdvert['PARENTS'][$intParentId][$arrFieldProp[$strNameField]] as $intPropID => $intFileID) { if ($intFileID == intval($_REQUEST['file_id'])) { CIBlockElement::SetPropertyValueCode($intParentId, $arrFieldProp[$strNameField], array($intPropID => array('VALUE' => array('MODULE_ID' => 'iblock', 'del' => 'Y')))); break; }//\\ if }//\\ foreach }//\\ if }//\\ if } elseif ($_REQUEST['action'] == 'file') { // Сохраним файл $arrFile = $_FILES[$strNameField]; $arrFile['MODULE_ID'] = 'iblock'; //$res = CFile::CheckImageFile($arrFile, 20971520, 4000, 4000); $res = CFile::CheckFile($arrFile, 20971520, false, 'txt,doc,docx,xls,xlsx'); if (strlen($res)) { $arrResult['error'] = $res; $arrResult['result'] = 'fail'; } else { if ($strTypeBlock == 'P' && $intParentId) { // Это свойство родителя CIBlockElement::SetPropertyValueCode($intParentId, $arrFieldProp[$strNameField], array('VALUE' => $arrFile)); // Получим заново свойство $arrAdvert['PARENTS'][$intParentId][$arrFieldProp[$strNameField]] = array(); //$arrFileNew = array(); $res = CIBlockElement::GetProperty($intParentBlockID, $intParentId, 'sort', 'asc', array('ACTIVE' => 'Y', 'CODE' => $arrFieldProp[$strNameField])); while ($ob = $res->GetNext()) { if (intval($ob['VALUE'])) $arrAdvert['PARENTS'][$intParentId][$ob['CODE']][] = intval($ob['VALUE']); }//\\ while
$arResult['duplicate_url'] = SITE_DIR . 'bitrix/components/bitrix/crm.lead.import/show_file.php?name=duplicate'; } Header('Content-Type: application/x-javascript; charset=' . LANG_CHARSET); echo CUtil::PhpToJsObject($arResult); die; } } $strError = ''; $arResult['STEP'] = isset($_POST['step']) ? intval($_POST['step']) : 1; if ($_SERVER['REQUEST_METHOD'] == 'POST' && check_bitrix_sessid()) { if (isset($_POST['next'])) { if ($arResult['STEP'] == 1) { if ($_FILES['IMPORT_FILE']['error'] > 0) { ShowError(GetMessage('CRM_CSV_NF_ERROR')); } else { $error = CFile::CheckFile($_FILES['IMPORT_FILE'], 0, 0, 'csv,txt'); if ($error !== '') { ShowError($error); } else { if (isset($_SESSION['CRM_IMPORT_FILE'])) { unset($_SESSION['CRM_IMPORT_FILE']); } $sTmpFilePath = CTempFile::GetDirectoryName(12, 'crm'); CheckDirPath($sTmpFilePath); $_SESSION['CRM_IMPORT_FILE_SKIP_EMPTY'] = isset($_POST['IMPORT_FILE_SKIP_EMPTY']) && $_POST['IMPORT_FILE_SKIP_EMPTY'] == 'Y' ? true : false; $_SESSION['CRM_IMPORT_FILE_FIRST_HEADER'] = isset($_POST['IMPORT_FILE_FIRST_HEADER']) && $_POST['IMPORT_FILE_FIRST_HEADER'] == 'Y' ? true : false; $_SESSION['CRM_IMPORT_FILE'] = $sTmpFilePath . md5($_FILES['IMPORT_FILE']['tmp_name']) . '.tmp'; $_SESSION['CRM_IMPORT_FILE_POS'] = 0; move_uploaded_file($_FILES['IMPORT_FILE']['tmp_name'], $_SESSION['CRM_IMPORT_FILE']); @chmod($_SESSION['CRM_IMPORT_FILE'], BX_FILE_PERMISSIONS); if (isset($_POST['IMPORT_FILE_ENCODING'])) {
function OnCommentAdd($entityType, $entityID, &$arPost) { global $USER; $arParams =& $this->component->arParams; $arResult =& $this->component->arResult; $arForum =& $arResult['FORUM']; $iFileSize = intval(COption::GetOptionString("forum", "file_max_size", 50000)); $arCommentParams = array("FORUM_ID" => $arParams["FORUM_ID"], "TOPIC_ID" => null, "USER_ID" => $USER->IsAuthorized() ? $USER->GetID() : null); $arFiles = $arNewFiles = array(); if (isset($_REQUEST['FILE_NEW']) && is_array($_REQUEST['FILE_NEW'])) { foreach ($_REQUEST['FILE_NEW'] as $val) { $arNewFiles[$val] = array("FILE_ID" => $val); } } if (isset($_REQUEST['FILES']) && is_array($_REQUEST['FILES'])) { foreach ($_REQUEST['FILES'] as $val) { if (in_array($val, $_REQUEST["FILES_TO_UPLOAD"])) { $arFiles[$val] = array("FILE_ID" => $val); } } } if (!empty($arNewFiles)) { CForumFiles::Add(array_keys($arNewFiles), $arCommentParams); } $arFiles = $arFiles + $arNewFiles; if (!isset($arPost['FILES'])) { $arPost['FILES'] = array(); } $arPost['FILES'] = array_merge($arPost['FILES'], $arFiles); foreach ($arPost['FILES'] as $fileIndex => $fileArr) { $fileID = $fileArr['FILE_ID']; $attach_file = CFile::MakeFileArray(intval($fileID)); $attach = ""; if ($attach_file && is_set($attach_file, "name")) { // Y - Image files F - Files of specified type A - All files if ($arForum["ALLOW_UPLOAD"] == "Y") { $attach = CFile::CheckImageFile($attach_file, $iFileSize, 0, 0); } elseif ($arForum["ALLOW_UPLOAD"] == "F") { $attach = CFile::CheckFile($attach_file, $iFileSize, false, $arForum["ALLOW_UPLOAD_EXT"]); } elseif ($arForum["ALLOW_UPLOAD"] == "A") { $attach = CFile::CheckFile($attach_file, $iFileSize, false, false); } if ($attach != '') { unset($arPost['FILES'][$fileIndex]); $arPost['ERROR'] = $attach_file['name'] . ': ' . $attach; return false; } } } }
public static function CheckFile($arFile, $iMaxSize = 0, $iMaxWidth = 0, $iMaxHeight = 0, $access_typies = array(), $bForceMD5 = false, $bSkipExt = false) { if ($arFile["name"] == "") { return ""; } if (preg_match("#^php://filter#i", $arFile["tmp_name"])) { return GetMessage("FILE_BAD_FILE_TYPE") . ".<br>"; } $extension = GetFileExtension(strtolower($arFile["name"])); switch ($extension) { case "jpg": case "jpeg": case "gif": case "bmp": case "png": $file_type = "IMAGE"; break; case "swf": $file_type = "FLASH"; break; case "mp4": case "webm": case "ogg": $file_type = "VIDEO"; break; default: $file_type = "UNKNOWN"; } // IMAGE by default $flashEnabled = false; if (!in_array($file_type, $access_typies)) { $file_type = "IMAGE"; } if ($file_type == "FLASH") { $flashEnabled = true; static $flashMime = array("application/x-shockwave-flash", "application/vnd.adobe.flash.movie"); $res = CFile::CheckFile($arFile, $iMaxSize, $flashMime, CFile::GetFlashExtensions(), $bForceMD5, $bSkipExt); } else { if ($file_type == "VIDEO") { $res = CFile::CheckFile($arFile, $iMaxSize, "video/", "mp4,webm,ogg", $bForceMD5, $bSkipExt); } else { $res = CFile::CheckFile($arFile, $iMaxSize, "image/", CFile::GetImageExtensions(), $bForceMD5, $bSkipExt); } } if ($res != '') { return $res; } if ($file_type == 'IMAGE' || $file_type == "FLASH") { $imgArray = CFile::GetImageSize($arFile["tmp_name"], true, $flashEnabled); if (is_array($imgArray)) { $intWIDTH = $imgArray[0]; $intHEIGHT = $imgArray[1]; } else { return GetMessage("FILE_BAD_FILE_TYPE") . ".<br>"; } //check for dimensions if ($iMaxWidth > 0 && ($intWIDTH > $iMaxWidth || $intWIDTH == 0) || $iMaxHeight > 0 && ($intHEIGHT > $iMaxHeight || $intHEIGHT == 0)) { return GetMessage("FILE_BAD_MAX_RESOLUTION") . " (" . $iMaxWidth . " * " . $iMaxHeight . " " . GetMessage("main_include_dots") . ").<br>"; } } return null; }
$arLang[$res["LID"]] = $res; $arLangTitle["reference_id"][] = $res["LID"]; $arLangTitle["reference"][] = htmlspecialcharsbx($res["NAME"]); } $bInitVars = false; $bImportComplete = false; $APPLICATION->SetTitle(GetMessage("SMILE_IMPORT_TITLE")); $fileName = ''; if ($REQUEST_METHOD == "POST" && (strlen($save) > 0 || strlen($apply) > 0)) { $fileName = 'import' . $USER->GetID() . time() . '.zip'; if (!check_bitrix_sessid()) { $arError[] = array("id" => "bad_sessid", "text" => GetMessage("ERROR_BAD_SESSID")); } elseif (!empty($_FILES["IMPORT"]["tmp_name"])) { $sUploadDir = CTempFile::GetDirectoryName(1); CheckDirPath($sUploadDir); $res = CFile::CheckFile($_FILES["IMPORT"], 500000, false, 'zip'); if (strLen($res) > 0) { $arError[] = array("id" => "IMPORT", "text" => $res); } elseif (file_exists($sUploadDir . $fileName)) { $arError[] = array("id" => "IMPORT", "text" => GetMessage("ERROR_EXISTS_FILE")); } elseif (!@copy($_FILES["IMPORT"]["tmp_name"], $sUploadDir . $fileName)) { $arError[] = array("id" => "IMPORT", "text" => GetMessage("ERROR_COPY_FILE")); } else { @chmod($sUploadDir . $fileName, BX_FILE_PERMISSIONS); } } elseif (empty($_FILES["IMPORT"]["tmp_name"])) { $arError[] = array("id" => "IMPORT", "text" => GetMessage("ERROR_EXISTS_FILE")); } if (empty($arError)) { $GLOBALS["APPLICATION"]->ResetException(); $importCount = CSmile::import(array('FILE' => $sUploadDir . $fileName, 'SET_ID' => intval($_REQUEST['SET_ID'])));
public function CheckFields(&$arFields, $ID = false, $options = array()) { global $APPLICATION, $USER_FIELD_MANAGER; $this->LAST_ERROR = ''; if (($ID == false || isset($arFields['NAME']) && isset($arFields['LAST_NAME'])) && (empty($arFields['NAME']) && empty($arFields['LAST_NAME']))) { $this->LAST_ERROR .= GetMessage('CRM_ERROR_REQUIRED_FIELDS') . "<br />"; } if (isset($arFields['FM']) && is_array($arFields['FM'])) { $CCrmFieldMulti = new CCrmFieldMulti(); if (!$CCrmFieldMulti->CheckComplexFields($arFields['FM'])) { $this->LAST_ERROR .= $CCrmFieldMulti->LAST_ERROR; } } if (isset($arFields['PHOTO']) && is_array($arFields['PHOTO'])) { if (($strError = CFile::CheckFile($arFields['PHOTO'], 0, 0, CFile::GetImageExtensions())) != '') { $this->LAST_ERROR .= $strError . "<br />"; } } if (isset($arFields['BIRTHDATE']) && $arFields['BIRTHDATE'] !== '' && !CheckDateTime($arFields['BIRTHDATE'])) { $this->LAST_ERROR .= GetMessage('CRM_ERROR_FIELD_INCORRECT', array('%FIELD_NAME%' => self::GetFieldCaption('BIRTHDATE'))) . "<br />"; } $enableUserFildCheck = !(is_array($options) && isset($options['DISABLE_USER_FIELD_CHECK']) && $options['DISABLE_USER_FIELD_CHECK'] === true); if ($enableUserFildCheck) { // We have to prepare field data before check (issue #22966) CCrmEntityHelper::NormalizeUserFields($arFields, self::$sUFEntityID, $USER_FIELD_MANAGER, array('IS_NEW' => $ID == false)); if (!$USER_FIELD_MANAGER->CheckFields(self::$sUFEntityID, $ID, $arFields)) { $e = $APPLICATION->GetException(); $this->LAST_ERROR .= $e->GetString(); } } return $this->LAST_ERROR === ''; }
public function CheckFields(&$arFields, $ID = false, $options = array()) { global $APPLICATION, $USER_FIELD_MANAGER; $this->LAST_ERROR = ''; if (($ID == false || isset($arFields['TITLE'])) && empty($arFields['TITLE'])) { $this->LAST_ERROR .= GetMessage('CRM_ERROR_FIELD_IS_MISSING', array('%FIELD_NAME%' => GetMessage('CRM_FIELD_TITLE'))) . "<br />"; } if (isset($arFields['FM']) && is_array($arFields['FM'])) { $CCrmFieldMulti = new CCrmFieldMulti(); if (!$CCrmFieldMulti->CheckComplexFields($arFields['FM'])) { $this->LAST_ERROR .= $CCrmFieldMulti->LAST_ERROR; } } if (isset($arFields['LOGO']) && is_array($arFields['LOGO'])) { if (($strError = CFile::CheckFile($arFields['LOGO'], 0, 0, CFile::GetImageExtensions())) != '') { $this->LAST_ERROR .= $strError . "<br />"; } } $enableUserFildCheck = !(is_array($options) && isset($options['DISABLE_USER_FIELD_CHECK']) && $options['DISABLE_USER_FIELD_CHECK'] === true); if ($enableUserFildCheck) { // We have to prepare field data before check (issue #22966) CCrmEntityHelper::NormalizeUserFields($arFields, self::$sUFEntityID, $USER_FIELD_MANAGER, array('IS_NEW' => $ID == false)); if (!$USER_FIELD_MANAGER->CheckFields(self::$sUFEntityID, $ID, $arFields)) { $e = $APPLICATION->GetException(); $this->LAST_ERROR .= $e->GetString(); } } if (strlen($this->LAST_ERROR) > 0) { return false; } return true; }
/** * Checks file params * @param $file * @param $arFile * @return mixed|null|string */ private function checkFile($file, &$arFile) { $error = ""; if ($file["error"] > 0) $error = "BXU348: " . $file["error"]; else if (!is_uploaded_file($file['tmp_name'])) $error = "BXU348"; else if (!file_exists($file['tmp_name'])) $error = "BXU347"; elseif ($this->params["allowUpload"] == "F") $error = CFile::CheckFile($file, $this->params["uploadMaxFilesize"], false, $this->params["allowUploadExt"]); else $error = CFile::CheckFile($file, $this->params["uploadMaxFilesize"]); if (strlen($error) <= 0) { $key = (preg_match("/\\\\(.+?)\\\\/", $file["~name"], $matches) ? $matches[1] : "default"); $res = (array_key_exists($key, $arFile["files"]) ? $arFile["files"][$key] : array("copy" => $key)); if (preg_match("/\/(\d+)\/(\d+)\//", $file["~name"], $matches)) { $file["package"] = $matches[2]; $file["packages"] = $matches[1]; $res["packages"] = $matches[1]; $res["chunks"] = (is_array($res["chunks"]) ? $res["chunks"] : array()); $res["chunks"][self::getChunkKey($file["packages"], $file["package"])] = $file; $arFile["files"][$key] = $res; } else { if ($this->params["allowUpload"] == "I") $error = CFile::CheckImageFile($file, $this->params["uploadMaxFilesize"], 0, 0); if (strlen($error) <= 0) { $res = array_merge($res, $file); $arFile["files"][$key] = $res; } } } if (strlen($error) > 0) { $arFile["error"] = $error; } return $error; }
} $_SESSION['CRM_IMPORT_FILE_POS'] = $filePos; $_SESSION['CRM_IMPORT_FILE_FIRST_HEADER'] = false; Header('Content-Type: application/x-javascript; charset=' . LANG_CHARSET); echo CUtil::PhpToJsObject($arResult); die; } } $strError = ''; $arResult['STEP'] = isset($_POST['step']) ? intval($_POST['step']) : 1; if ($_SERVER['REQUEST_METHOD'] == 'POST' && check_bitrix_sessid()) { if (isset($_POST['next'])) { if ($arResult['STEP'] == 1) { if ($_FILES['IMPORT_FILE']['error'] > 0) { ShowError(GetMessage('CRM_PRODUCT_IMP_CSV_NF_ERROR')); } elseif (($strError = CFile::CheckFile($_FILES['IMPORT_FILE'], 0, 0, 'csv,txt')) == '') { $arFields = array('' => ''); $arFieldsUpper = array(); foreach ($arResult['HEADERS'] as $arField) { if ($arField['id'] === 'SECTION_ID') { for ($i = 1; $i <= $catalogImportLevels; $i++) { $arFields[$arField['id'] . '_' . $i] = GetMessage('CRM_PRODUCT_IMP_SECTION_HEADER', array('#LEVEL_NUM#' => $i)); $arFieldsUpper[$arField['id'] . '_' . $i] = ToUpper(GetMessage('CRM_PRODUCT_IMP_SECTION_HEADER', array('#LEVEL_NUM#' => $i))); } } else { //echo '"'.$arField['name'].'";'; $arFields[$arField['id']] = $arField['name']; $arFieldsUpper[$arField['id']] = ToUpper($arField['name']); if ($arField['mandatory'] == 'Y') { $arRequireFields[$arField['id']] = $arField['name']; }
function ForumMoveMessage($FID, $TID, $Message, $NewTID = 0, $arFields, &$strErrorMessage, &$strOKMessage, $iFileSize = false) { global $USER, $DB; $arError = array(); $arOK = array(); $NewFID = 0; $arForum = array(); $arTopic = array(); $arNewForum = array(); $arNewTopic = array(); $arCurrUser = array(); $SendSubscribe = false; //************************* Input params ************************************************************************** $TID = IntVal($TID); $FID = IntVal($FID); $NewTID = IntVal($NewTID); $Message = ForumDataToArray($Message); if (empty($Message)) $arError[] = GetMessage("FMM_NO_MESSAGE"); if ($TID <= 0) $arError[] = GetMessage("FMM_NO_TOPIC_SOURCE0"); else { $arTopic = CForumTopic::GetByID($TID); if ($arTopic) { $FID = IntVal($arTopic["FORUM_ID"]); $arForum = CForumNew::GetByID($FID); } else $arError[] = GetMessage("FMM_NO_TOPIC_SOURCE1"); } if (($NewTID <= 0) && (strLen(trim($arFields["TITLE"])) <= 0)) $arError[] = GetMessage("FMM_NO_TOPIC_RECIPIENT0"); elseif($NewTID > 0) { if ($NewTID == $TID) $arError[] = GetMessage("FMM_NO_TOPIC_EQUAL"); $arNewTopic = CForumTopic::GetByID($NewTID); if (!$arNewTopic) $arError[] = GetMessage("FMM_NO_TOPIC_RECIPIENT1"); elseif ($arNewTopic["STATE"] == "L") $arError[] = GetMessage("FMM_TOPIC_IS_LINK"); else { $NewFID = $arNewTopic["FORUM_ID"]; $arNewForum = CForumNew::GetByID($NewFID); } } //*************************/Input params ************************************************************************** //*************************!Proverka prav pol'zovatelya na forume-istochnike i forume-poluchatele********************* // Tak kak realizovan mehanizm peremeweniya tem s forumov, gde tekuwij pol'zovatel' yavlyaetsya moderatorom na forumy, // gde on moderatorov ne yavlyaetsya, to v dannom sluchae budet ispol'zovan tot zhe samyj shablon dejstvij. Isklyucheniem // yavlyaetsya to, chto esli pol'zovatel' na forume-poluchatele ne obladaet pravami moderirovaniya, tema budet neaktivna. //*************************!Proverka prav pol'zovatelya************************************************************* $arCurrUser["Perms"]["FID"] = ForumCurrUserPermissions($FID); $arCurrUser["Perms"]["NewFID"] = ForumCurrUserPermissions($NewFID); if ($arCurrUser["Perms"]["FID"] < "Q") $arError[] = GetMessage("FMM_NO_MODERATE"); //************************* Actions ******************************************************************************* $DB->StartTransaction(); if (count($arError) <= 0) { // Create topic if ($NewTID <= 0) { $arFields["APPROVED"] = ($arNewForum["MODERATION"]=="Y") ? "N" : "Y"; if ($arCurrUser["Perms"]["NewFID"] >= "Q") $arFields["APPROVED"] = "Y"; $arRes = array("NAME" => GetMessage("FR_GUEST")); $ShowName = GetMessage("FR_GUEST"); $db_res = CForumMessage::GetList(array("ID" => "ASC"), array("@ID" => implode(",", $Message), "TOPIC_ID" => $TID)); if ($db_res && $res = $db_res->Fetch()) { $arRes["NAME"] = $res["AUTHOR_NAME"]; $arRes["ID"] = $res["AUTHOR_ID"]; } $arFieldsTopic = array( "TITLE" => $arFields["TITLE"], "DESCRIPTION" => $arFields["DESCRIPTION"], "ICON_ID" => $arFields["ICON_ID"], "TAGS" => $arFields["TAGS"], "FORUM_ID" => $FID, "USER_START_ID" => $arRes["ID"], "USER_START_NAME" => $arRes["NAME"], "LAST_POSTER_NAME" => $arRes["NAME"], "LAST_POSTER_ID" => $arRes["ID"], "APPROVED" => $arFields["APPROVED"], ); $NewTID = CForumTopic::Add($arFieldsTopic); if (IntVal($NewTID)<=0) $arError[] = GetMessage("FMM_NO_TOPIC_NOT_CREATED"); else { $arNewTopic = CForumTopic::GetByID($NewTID); if ($arNewTopic) { $NewFID = $FID; $arNewForum = $arForum; $SendSubscribe = true; } else $arError[] = GetMessage("FMM_NO_TOPIC_NOT_CREATED"); } } } if (count($arError) <= 0) { // Move message $db_res = CForumMessage::GetList(array(), array("@ID" => implode(",", $Message), "TOPIC_ID" => $TID)); if ($db_res && $res = $db_res->Fetch()) { do { // echo "NewFID: ".$NewFID." -- FID:".$FID."<br/>"; $arMessage = array(); if ($NewFID != $FID) { $arMessage["APPROVED"] = ($arNewForum["MODERATION"] == "Y" ? "N" : "Y"); if ($arCurrUser["Perms"]["NewFID"] >= "Q") $arMessage["APPROVED"] = "Y"; $arMessage["FORUM_ID"] = $NewFID; $arMessage["POST_MESSAGE_HTML"] = ""; // check attach if (false && intVal($res["ATTACH_IMG"]) > 0) { $iFileSize = COption::GetOptionString("forum", "file_max_size", 50000); $attach_img = CFile::GetByID(intVal($res["ATTACH_IMG"])); $attach = ""; if ($attach_img && is_set($attach_img, "ORIGINAL_NAME")) { // Y - Image files F - Files of specified type A - All files if ($arNewForum["ALLOW_UPLOAD"]=="Y") $attach = CFile::CheckImageFile($attach_img["ORIGINAL_NAME"], $iFileSize, 0, 0); elseif ($arNewForum["ALLOW_UPLOAD"]=="F") $attach = CFile::CheckFile($attach_img["ORIGINAL_NAME"], $iFileSize, false, $arNewForum["ALLOW_UPLOAD_EXT"]); elseif ($arNewForum["ALLOW_UPLOAD"]=="A") $attach = CFile::CheckFile($attach_img["ORIGINAL_NAME"], $iFileSize, false, false); if (strLen($attach) > 0) $arMessage["ATTACH_IMG"] = ""; } } } if ($NewTID != $TID) { $arMessage["NEW_TOPIC"] = "N"; $arMessage["TOPIC_ID"] = $NewTID; } if (count($arMessage) > 0) { $MID = CForumMessage::Update($res["ID"], $arMessage, true); $res_log = ($SendSubscribe == true ? GetMessage("F_MESSAGE_WAS_MOVED_TO_NEW") : GetMessage("F_MESSAGE_WAS_MOVED")); $res_log = str_replace(array("#ID#", "#TOPIC_TITLE#", "#TOPIC_ID#", "#NEW_TOPIC_TITLE#", "#NEW_TOPIC_ID#"), array($MID, $arTopic["TITLE"], $arTopic["ID"], $arNewTopic['TITLE'], $arNewTopic['ID']), $res_log); $res["TITLE"] = $arNewTopic['TITLE']; $res["TOPIC_ID"] = $arNewTopic['ID']; $res["beforeTITLE"] = $arTopic["TITLE"]; $res["DESCRIPTION"] = $res_log; CForumEventLog::Log("message", "move", $MID, serialize($res)); $db_res2 = CForumFiles::GetList(array(), array("FILE_MESSAGE_ID" => $res["ID"])); if ($db_res2 && $res2 = $db_res2->Fetch()) { $arFiles = array(); do { $arFiles[] = $res2["FILE_ID"]; } while ($res2 = $db_res2->Fetch()); CForumFiles::UpdateByID($arFiles, $arMessage); } if (IntVal($MID) <= 0) { $arError[] = str_replace("##", $res["ID"], GetMessage("FMM_NO_MESSAGE_MOVE")); break; } } }while ($res = $db_res->Fetch()); } } if (count($arError) <= 0) { $db_res = CForumMessage::GetList(array(), array("TOPIC_ID" => $TID), false, 1); if (!($db_res && $res = $db_res->Fetch())): CForumTopic::Delete($TID); else: CForumTopic::SetStat($TID); endif; $db_res = CForumMessage::GetList(array(), array("TOPIC_ID" => $NewTID), false, 1); if (!($db_res && $res = $db_res->Fetch())): CForumTopic::Delete($NewTID); else: CForumTopic::SetStat($NewTID); endif; CForumNew::SetStat($FID); if ($NewFID != $FID) CForumNew::SetStat($NewFID); } if (count($arError) <= 0) $DB->Commit(); else $DB->Rollback(); if (count($arError) > 0) $strErrorMessage .= implode(". \n", $arError).". \n"; else { $strOKMessage .= GetMessage("FMM_YES_MESSAGE_MOVE"); if ($SendSubscribe) { foreach ($Message as $MID) CForumMessage::SendMailMessage($MID, array(), false, "NEW_FORUM_MESSAGE"); } return true; } return false; }
function CheckFields($arUserField, $value) { $aMsg = array(); if ($arUserField["SETTINGS"]["MAX_ALLOWED_SIZE"] > 0 && $value["size"] > $arUserField["SETTINGS"]["MAX_ALLOWED_SIZE"]) { $aMsg[] = array("id" => $arUserField["FIELD_NAME"], "text" => GetMessage("USER_TYPE_FILE_MAX_SIZE_ERROR", array("#FIELD_NAME#" => $arUserField["EDIT_FORM_LABEL"], "#MAX_ALLOWED_SIZE#" => $arUserField["SETTINGS"]["MAX_ALLOWED_SIZE"]))); } //Extention check if (is_array($arUserField["SETTINGS"]["EXTENSIONS"]) && count($arUserField["SETTINGS"]["EXTENSIONS"])) { foreach ($arUserField["SETTINGS"]["EXTENSIONS"] as $ext => $tmp_val) { $arUserField["SETTINGS"]["EXTENSIONS"][$ext] = $ext; } $error = CFile::CheckFile($value, 0, false, implode(",", $arUserField["SETTINGS"]["EXTENSIONS"])); } else { $error = ""; } if (strlen($error)) { $aMsg[] = array("id" => $arUserField["FIELD_NAME"], "text" => $error); } //For user without edit php permissions //we allow only pictures upload global $USER; if (!is_object($USER) || !$USER->IsAdmin()) { if (HasScriptExtension($value["name"])) { $aMsg[] = array("id" => $arUserField["FIELD_NAME"], "text" => GetMessage("FILE_BAD_TYPE") . " (" . $value["name"] . ")."); } } return $aMsg; }
public static function CheckImageFile($arFile, $iMaxSize = 0, $iMaxWidth = 0, $iMaxHeight = 0, $access_typies = array(), $bForceMD5 = false, $bSkipExt = false) { if ($arFile["name"] == "") { return ""; } if (preg_match("#^php://filter#i", $arFile["tmp_name"])) { return GetMessage("FILE_BAD_FILE_TYPE") . ".<br>"; } $file_type = GetFileType($arFile["name"]); // IMAGE by default $flashEnabled = false; if (!in_array($file_type, $access_typies)) { $file_type = "IMAGE"; } if ($file_type == "FLASH") { $flashEnabled = true; static $flashMime = array("application/x-shockwave-flash", "application/vnd.adobe.flash.movie"); $res = CFile::CheckFile($arFile, $iMaxSize, $flashMime, CFile::GetFlashExtensions(), $bForceMD5, $bSkipExt); } else { $res = CFile::CheckFile($arFile, $iMaxSize, "image/", CFile::GetImageExtensions(), $bForceMD5, $bSkipExt); } if ($res != '') { return $res; } $imgArray = CFile::GetImageSize($arFile["tmp_name"], true, $flashEnabled); if (is_array($imgArray)) { $intWIDTH = $imgArray[0]; $intHEIGHT = $imgArray[1]; } else { return GetMessage("FILE_BAD_FILE_TYPE") . ".<br>"; } //check for dimensions if ($iMaxWidth > 0 && ($intWIDTH > $iMaxWidth || $intWIDTH == 0) || $iMaxHeight > 0 && ($intHEIGHT > $iMaxHeight || $intHEIGHT == 0)) { return GetMessage("FILE_BAD_MAX_RESOLUTION") . " (" . $iMaxWidth . " * " . $iMaxHeight . " " . GetMessage("main_include_dots") . ").<br>"; } return null; }
function CheckFields(&$arFields, $ID = false, $bCheckDiskQuota = true) { global $DB, $APPLICATION, $USER; $this->LAST_ERROR = ""; $APPLICATION->ResetException(); if ($ID === false) { $db_events = GetModuleEvents("iblock", "OnStartIBlockElementAdd", true); } else { $arFields["ID"] = $ID; $db_events = GetModuleEvents("iblock", "OnStartIBlockElementUpdate", true); } foreach ($db_events as $arEvent) { $bEventRes = ExecuteModuleEventEx($arEvent, array(&$arFields)); if ($bEventRes === false) { break; } } if (($ID === false || is_set($arFields, "NAME")) && strlen($arFields["NAME"]) <= 0) { $this->LAST_ERROR .= GetMessage("IBLOCK_BAD_ELEMENT_NAME") . "<br>"; } if (isset($arFields["ACTIVE_FROM"]) && $arFields["ACTIVE_FROM"] != '' && !$DB->IsDate($arFields["ACTIVE_FROM"], false, LANG, "FULL")) { $this->LAST_ERROR .= GetMessage("IBLOCK_BAD_ACTIVE_FROM") . "<br>"; } if (isset($arFields["ACTIVE_TO"]) && $arFields["ACTIVE_TO"] != '' && !$DB->IsDate($arFields["ACTIVE_TO"], false, LANG, "FULL")) { $this->LAST_ERROR .= GetMessage("IBLOCK_BAD_ACTIVE_TO") . "<br>"; } if (is_set($arFields, "PREVIEW_PICTURE")) { if (is_array($arFields["PREVIEW_PICTURE"]) && array_key_exists("bucket", $arFields["PREVIEW_PICTURE"]) && is_object($arFields["PREVIEW_PICTURE"]["bucket"])) { //This is trusted image from xml import } elseif (is_array($arFields["PREVIEW_PICTURE"])) { $error = CFile::CheckImageFile($arFields["PREVIEW_PICTURE"]); if (strlen($error) > 0) { $this->LAST_ERROR .= $error . "<br>"; } elseif (($error = CFile::checkForDb($arFields, "PREVIEW_PICTURE")) !== "") { $this->LAST_ERROR .= GetMessage("IBLOCK_ERR_PREVIEW_PICTURE") . "<br>" . $error . "<br>"; } } elseif (intval($arFields["PREVIEW_PICTURE"]) > 0) { if (intval($arFields["WF_PARENT_ELEMENT_ID"]) <= 0 || CIBlockElement::DeleteFile($arFields["PREVIEW_PICTURE"], $ID, "PREVIEW", intval($arFields["WF_PARENT_ELEMENT_ID"]), $arFields["IBLOCK_ID"], true) <= 0) { $this->LAST_ERROR .= GetMessage("IBLOCK_ERR_PREVIEW_PICTURE") . "<br>"; } } } if (is_set($arFields, "DETAIL_PICTURE")) { if (is_array($arFields["DETAIL_PICTURE"]) && array_key_exists("bucket", $arFields["DETAIL_PICTURE"]) && is_object($arFields["DETAIL_PICTURE"]["bucket"])) { //This is trusted image from xml import } elseif (is_array($arFields["DETAIL_PICTURE"])) { $error = CFile::CheckImageFile($arFields["DETAIL_PICTURE"]); if (strlen($error) > 0) { $this->LAST_ERROR .= $error . "<br>"; } elseif (($error = CFile::checkForDb($arFields, "DETAIL_PICTURE")) !== "") { $this->LAST_ERROR .= GetMessage("IBLOCK_ERR_DETAIL_PICTURE") . "<br>" . $error . "<br>"; } } elseif (intval($arFields["DETAIL_PICTURE"]) > 0) { if (intval($arFields["WF_PARENT_ELEMENT_ID"]) <= 0 || CIBlockElement::DeleteFile($arFields["DETAIL_PICTURE"], $ID, "DETAIL", intval($arFields["WF_PARENT_ELEMENT_ID"]), $arFields["IBLOCK_ID"], true) <= 0) { $this->LAST_ERROR .= GetMessage("IBLOCK_ERR_DETAIL_PICTURE") . "<br>"; } } } if (array_key_exists("TAGS", $arFields) && CModule::IncludeModule('search')) { $arFields["TAGS"] = implode(", ", tags_prepare($arFields["TAGS"])); } if ($ID === false && !is_set($arFields, "IBLOCK_ID")) { $this->LAST_ERROR .= GetMessage("IBLOCK_BAD_BLOCK_ID") . "<br>"; } if ($ID !== false && is_set($arFields, "XML_ID") && strlen($arFields["XML_ID"]) <= 0) { $this->LAST_ERROR .= GetMessage("IBLOCK_BAD_EXTERNAL_CODE") . "<br>"; } //Find out IBLOCK_ID from fields or from element $IBLOCK_ID = intval($arFields["IBLOCK_ID"]); if ($IBLOCK_ID <= 0) { $IBLOCK_ID = 0; $res = $DB->Query("SELECT IBLOCK_ID FROM b_iblock_element WHERE ID=" . IntVal($ID)); if ($ar = $res->Fetch()) { $IBLOCK_ID = (int) $ar["IBLOCK_ID"]; } } //Read iblock metadata static $IBLOCK_CACHE = array(); if (!isset($IBLOCK_CACHE[$IBLOCK_ID])) { if ($IBLOCK_ID > 0) { $IBLOCK_CACHE[$IBLOCK_ID] = CIBlock::GetArrayByID($IBLOCK_ID); } else { $IBLOCK_CACHE[$IBLOCK_ID] = false; } } if ($IBLOCK_CACHE[$IBLOCK_ID]) { $arFields["IBLOCK_ID"] = $IBLOCK_ID; } else { $this->LAST_ERROR .= GetMessage("IBLOCK_BAD_BLOCK_ID") . "<br>"; } if (is_set($arFields, 'IBLOCK_SECTION') && !empty($arFields['IBLOCK_SECTION'])) { if (!is_array($arFields['IBLOCK_SECTION'])) { $arFields['IBLOCK_SECTION'] = array($arFields['IBLOCK_SECTION']); } $arFields['IBLOCK_SECTION'] = array_filter($arFields['IBLOCK_SECTION']); } if ($IBLOCK_CACHE[$IBLOCK_ID]) { $ar = $IBLOCK_CACHE[$IBLOCK_ID]["FIELDS"]; if (is_array($ar)) { $WF_PARENT_ELEMENT_ID = isset($arFields["WF_PARENT_ELEMENT_ID"]) ? intval($arFields["WF_PARENT_ELEMENT_ID"]) : 0; if (($WF_PARENT_ELEMENT_ID == 0 || $WF_PARENT_ELEMENT_ID == intval($ID)) && array_key_exists("CODE", $arFields) && strlen($arFields["CODE"]) > 0 && is_array($ar["CODE"]["DEFAULT_VALUE"]) && $ar["CODE"]["DEFAULT_VALUE"]["UNIQUE"] == "Y") { $res = $DB->Query("\n\t\t\t\t\t\tSELECT ID\n\t\t\t\t\t\tFROM b_iblock_element\n\t\t\t\t\t\tWHERE IBLOCK_ID = " . $IBLOCK_ID . "\n\t\t\t\t\t\tAND CODE = '" . $DB->ForSQL($arFields["CODE"]) . "'\n\t\t\t\t\t\tAND WF_PARENT_ELEMENT_ID IS NULL\n\t\t\t\t\t\tAND ID <> " . intval($ID)); if ($res->Fetch()) { $this->LAST_ERROR .= GetMessage("IBLOCK_DUP_ELEMENT_CODE") . "<br>"; } } $arOldElement = false; foreach ($ar as $FIELD_ID => $field) { if (preg_match("/^(SECTION_|LOG_)/", $FIELD_ID)) { continue; } if ($field["IS_REQUIRED"] === "Y") { switch ($FIELD_ID) { case "NAME": case "ACTIVE": case "PREVIEW_TEXT_TYPE": case "DETAIL_TEXT_TYPE": case "SORT": //We should never check for this fields break; case "IBLOCK_SECTION": if ($ID === false || array_key_exists($FIELD_ID, $arFields)) { $sum = 0; if (is_array($arFields[$FIELD_ID])) { foreach ($arFields[$FIELD_ID] as $k => $v) { if (intval($v) > 0) { $sum += intval($v); } } } else { $sum = intval($arFields[$FIELD_ID]); } if ($sum <= 0) { $this->LAST_ERROR .= GetMessage("IBLOCK_BAD_FIELD", array("#FIELD_NAME#" => $field["NAME"])) . "<br>"; } } break; case "PREVIEW_PICTURE": case "DETAIL_PICTURE": if ($ID !== false && !$arOldElement) { $rs = $DB->Query("SELECT PREVIEW_PICTURE, DETAIL_PICTURE from b_iblock_element WHERE ID = " . intval($ID)); $arOldElement = $rs->Fetch(); } if ($arOldElement && $arOldElement[$FIELD_ID] > 0) { //There was an picture so just check that it is not deleted if (array_key_exists($FIELD_ID, $arFields) && is_array($arFields[$FIELD_ID]) && $arFields[$FIELD_ID]["del"] === "Y") { $this->LAST_ERROR .= GetMessage("IBLOCK_BAD_FIELD", array("#FIELD_NAME#" => $field["NAME"])) . "<br>"; } } else { //There was NO picture so it MUST be present if (!array_key_exists($FIELD_ID, $arFields)) { $this->LAST_ERROR .= GetMessage("IBLOCK_BAD_FIELD", array("#FIELD_NAME#" => $field["NAME"])) . "<br>"; } elseif (is_array($arFields[$FIELD_ID])) { if ($arFields[$FIELD_ID]["del"] === "Y" || array_key_exists("error", $arFields[$FIELD_ID]) && $arFields[$FIELD_ID]["error"] !== 0 || $arFields[$FIELD_ID]["size"] <= 0) { $this->LAST_ERROR .= GetMessage("IBLOCK_BAD_FIELD", array("#FIELD_NAME#" => $field["NAME"])) . "<br>"; } } else { if (intval($arFields[$FIELD_ID]) <= 0) { $this->LAST_ERROR .= GetMessage("IBLOCK_BAD_FIELD", array("#FIELD_NAME#" => $field["NAME"])) . "<br>"; } } } break; default: if ($ID === false || array_key_exists($FIELD_ID, $arFields)) { if (is_array($arFields[$FIELD_ID])) { $val = implode("", $arFields[$FIELD_ID]); } else { $val = $arFields[$FIELD_ID]; } if (strlen($val) <= 0) { $this->LAST_ERROR .= GetMessage("IBLOCK_BAD_FIELD", array("#FIELD_NAME#" => $field["NAME"])) . "<br>"; } } break; } } } } } if (array_key_exists("PROPERTY_VALUES", $arFields) && is_array($arFields["PROPERTY_VALUES"])) { //First "normalize" properties to form: //$arFields["PROPERTY_VALUES"][<PROPERTY_ID>][<PROPERTY_VALUE_ID>] => $value $arProperties = array(); foreach ($arFields["PROPERTY_VALUES"] as $key => $property_values) { $arProperties[$key] = array(); if (is_array($property_values)) { if (array_key_exists("VALUE", $property_values)) { $arProperties[$key][] = $property_values["VALUE"]; } elseif (array_key_exists("tmp_name", $property_values)) { $arProperties[$key][] = $property_values; } else { foreach ($property_values as $key2 => $property_value) { if (is_array($property_value) && array_key_exists("VALUE", $property_value)) { //each of these may be "complex" $arProperties[$key][] = $property_value["VALUE"]; } else { //or simple $arProperties[$key][] = $property_value; } } } } else { $arProperties[$key][] = $property_values; } } foreach ($arProperties as $key => $property_values) { $arProperty = CIBlockProperty::GetPropertyArray($key, $IBLOCK_ID); if ($arProperty["USER_TYPE"] != "") { $arUserType = CIBlockProperty::GetUserType($arProperty["USER_TYPE"]); } else { $arUserType = array(); } if (array_key_exists("CheckFields", $arUserType)) { foreach ($property_values as $key2 => $property_value) { $arError = call_user_func_array($arUserType["CheckFields"], array($arProperty, array("VALUE" => $property_value))); if (is_array($arError)) { foreach ($arError as $err_mess) { $this->LAST_ERROR .= $err_mess . "<br>"; } } } } //Files check $bError = false; if ($arProperty["IS_REQUIRED"] == "Y" && $arProperty['PROPERTY_TYPE'] == 'F') { //New element if ($ID === false) { $bError = true; foreach ($property_values as $key2 => $property_value) { if (is_array($property_value) && array_key_exists("tmp_name", $property_value) && array_key_exists("size", $property_value)) { if ($property_value['size'] > 0) { $bError = false; break; } } elseif (intval($property_value) > 0) { //This is history copy of the file $bError = false; break; } } } else { $dbProperty = CIBlockElement::GetProperty($arProperty["IBLOCK_ID"], $ID, "sort", "asc", array("ID" => $arProperty["ORIG_ID"], "EMPTY" => "N")); $bCount = 0; while ($a = $dbProperty->Fetch()) { if ($a["VALUE"] > 0) { $bCount++; } } foreach ($property_values as $key2 => $property_value) { if (is_array($property_value)) { if ($property_value['size'] > 0) { $bCount++; break; } elseif ($property_value['del'] == 'Y') { $bCount--; } } elseif (intval($property_value) > 0) { //This is history copy of the file $bCount++; break; } } $bError = $bCount <= 0; } } if ($arProperty["IS_REQUIRED"] == "Y" && $arProperty['PROPERTY_TYPE'] != 'F') { $len = 0; foreach ($property_values as $key2 => $property_value) { if (array_key_exists("GetLength", $arUserType)) { $len += call_user_func_array($arUserType["GetLength"], array($arProperty, array("VALUE" => $property_value))); } else { $len += strlen($property_value); } if ($len > 0) { break; } } $bError = $len <= 0; } if ($bError) { $this->LAST_ERROR .= GetMessage("IBLOCK_BAD_PROPERTY", array("#PROPERTY#" => $arProperty["NAME"])) . "<br>"; } // check file properties for correctness if ($arProperty['PROPERTY_TYPE'] == 'F') { $bImageOnly = False; $arImageExtentions = explode(",", strtoupper(CFile::GetImageExtensions())); if (strlen($arProperty["FILE_TYPE"])) { $bImageOnly = True; $arAvailTypes = explode(",", strtoupper($arProperty["FILE_TYPE"])); foreach ($arAvailTypes as $avail_type) { if (!in_array(trim($avail_type), $arImageExtentions)) { $bImageOnly = False; break; } } } foreach ($property_values as $key2 => $property_value) { if (!is_array($property_value) && intval($property_value) > 0 && intval($arFields["WF_PARENT_ELEMENT_ID"]) > 0) { if (CIBlockElement::DeleteFile($property_value, $ID, "PROPERTY", intval($arFields["WF_PARENT_ELEMENT_ID"]), $arFields["IBLOCK_ID"], true) <= 0) { $this->LAST_ERROR .= GetMessage("IBLOCK_ERR_FILE_PROPERTY") . "<br>"; } } elseif (is_array($property_value)) { if (is_object($property_value["bucket"])) { //This is trusted image from xml import $error = ""; } else { if ($bImageOnly) { $error = CFile::CheckImageFile($property_value); } else { $error = CFile::CheckFile($property_value, 0, false, $arProperty["FILE_TYPE"]); } } //For user without edit php permissions //we allow only pictures upload if (!is_object($USER) || !$USER->IsAdmin()) { if (HasScriptExtension($property_value["name"])) { $error = GetMessage("FILE_BAD_TYPE") . " (" . $property_value["name"] . ")."; } } if (strlen($error) > 0) { $this->LAST_ERROR .= $error . "<br>"; } } } } } } $APPLICATION->ResetException(); if ($ID === false) { $db_events = GetModuleEvents("iblock", "OnBeforeIBlockElementAdd", true); } else { $arFields["ID"] = $ID; $db_events = GetModuleEvents("iblock", "OnBeforeIBlockElementUpdate", true); } foreach ($db_events as $arEvent) { $bEventRes = ExecuteModuleEventEx($arEvent, array(&$arFields)); if ($bEventRes === false) { if ($err = $APPLICATION->GetException()) { $this->LAST_ERROR .= $err->GetString() . "<br>"; } else { $APPLICATION->ThrowException("Unknown error"); $this->LAST_ERROR .= "Unknown error.<br>"; } break; } } /****************************** QUOTA ******************************/ if ($bCheckDiskQuota && empty($this->LAST_ERROR) && COption::GetOptionInt("main", "disk_space") > 0) { $quota = new CDiskQuota(); if (!$quota->checkDiskQuota($arFields)) { $this->LAST_ERROR = $quota->LAST_ERROR; } } /****************************** QUOTA ******************************/ if (!empty($this->LAST_ERROR)) { return false; } return true; }
protected static function getErrorSingle(array $input, $value) { if (is_array($value)) { switch ($value['error']) { case UPLOAD_ERR_OK: // success $errors = array(); if ($input['MAXSIZE'] && $value['size'] > $input['MAXSIZE']) { $errors['MAXSIZE'] = Loc::getMessage('INPUT_FILE_MAXSIZE_ERROR'); } // TODO check: file name, mime type, extension //$info = pathinfo($value['name']); if ($error = \CFile::CheckFile($value, 0, false, $input['ACCEPT'])) { $errors['CFILE'] = $error; } return $errors; case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: return array('MAXSIZE' => Loc::getMessage('INPUT_FILE_MAXSIZE_ERROR')); case UPLOAD_ERR_PARTIAL: return array('PARTIAL' => Loc::getMessage('INPUT_FILE_PARTIAL_ERROR')); case UPLOAD_ERR_NO_FILE: return $input['REQUIRED'] == 'Y' && (!is_numeric($value['ID']) || $value['DELETE']) ? array('REQUIRED' => Loc::getMessage('INPUT_REQUIRED_ERROR')) : array(); // TODO case UPLOAD_ERR_NO_TMP_DIR UPLOAD_ERR_CANT_WRITE UPLOAD_ERR_EXTENSION // TODO case UPLOAD_ERR_NO_TMP_DIR UPLOAD_ERR_CANT_WRITE UPLOAD_ERR_EXTENSION default: return array('INVALID' => Loc::getMessage('INPUT_INVALID_ERROR')); } } elseif (is_numeric($value)) { // TODO check if file id exists maybe ??? return array(); } else { return array('INVALID' => Loc::getMessage('INPUT_INVALID_ERROR')); } }
/** * Checks file params * @param $file * @param $arFile * @return mixed|null|string */ protected function checkFile($file, &$arFile) { $status = new Status("checked"); if ($file["error"] > 0) { $status = new Error("BXU347.2", $file["error"]); } else { if (array_key_exists("tmp_url", $file)) { $url = new Uri($file["tmp_url"]); if ($url->getHost() == '' && ($tmp = \CFile::MakeFileArray($url->getPath())) && is_array($tmp)) { $file = array_merge($tmp, $file); } else { if ($url->getHost() != '' && $this->http->query("HEAD", $file["tmp_url"]) && $this->http->getStatus() == "200") { $file = array_merge($file, array("size" => (int) $this->http->getHeaders()->get("content-length"), "type" => $this->http->getHeaders()->get("content-type"))); } else { $status = new Error("BXU347.2"); } } } else { if (!is_uploaded_file($file['tmp_name']) || !file_exists($file['tmp_name'])) { $status = new Error("BXU347.2"); } } } if ($status instanceof Error) { // } elseif ($this->params["allowUpload"] == "I") { $error = \CFile::CheckFile($file, $this->params["uploadMaxFilesize"], "image/", \CFile::GetImageExtensions()); if (!empty($error)) { $status = new Error("BXU347.3", $error); } } elseif ($this->params["allowUpload"] == "F") { $error = \CFile::CheckFile($file, $this->params["uploadMaxFilesize"], false, $this->params["allowUploadExt"]); if (!empty($error)) { $status = new Error("BXU347.3", $error); } } else { $error = \CFile::CheckFile($file, $this->params["uploadMaxFilesize"]); if (!empty($error)) { $status = new Error("BXU347.3", $error); } } if ($status instanceof Status) { $matches = array(); $name = $file["~name"]; if (preg_match("/^(.+?)\\.ch(\\d+)\\.(\\d+)\\.chs(\\d+)\$/", $file["~name"], $matches)) { $name = $matches[1]; } $key = !empty($name) ? $name : 'default'; $file["copy"] = $key; if (empty($matches)) { $arFile["files"][$key] = $file; } else { $fileAddInfo = array("chunks" => array(), "chunksInfo" => array("count" => $matches[4], "uploaded" => array(), "written" => array())); if (array_key_exists($key, $arFile["files"])) { $fileAddInfo = $arFile["files"][$key]; } $file["status"] = "inprogress"; $file["number"] = $matches[2]; $file["start"] = $matches[3]; $fileAddInfo["chunks"][self::getChunkKey($fileAddInfo["chunksInfo"]["count"], $file["number"])] = $file; $arFile["files"][$key] = $fileAddInfo; } } return $status; }
function CheckImageFile($arFile, $iMaxSize=0, $iMaxWidth=0, $iMaxHeight=0, $access_typies=array()) { if(strlen($arFile["name"])<=0) return ""; if(GetFileNameWithoutExtension(RemoveScriptExtension($arFile["name"])) == '') return GetMessage("FILE_BAD_FILENAME"); $file_type = GetFileType($arFile["name"]); // если тип файла не входит в массив допустимых типов то // присваиваем ему тип IMAGE по умолчанию if(!in_array($file_type, $access_typies)) $file_type = "IMAGE"; switch ($file_type) { case "FLASH": $res = CFile::CheckFile($arFile, $iMaxSize, "application/x-shockwave-flash", CFile::GetFlashExtensions()); break; default: $res = CFile::CheckFile($arFile, $iMaxSize, "image/", CFile::GetImageExtensions()); } if(strlen($res)>0) return $res; $imgArray = CFile::GetImageSize($arFile["tmp_name"]); if(is_array($imgArray)) { $intWIDTH = $imgArray[0]; $intHEIGHT = $imgArray[1]; } else return GetMessage("FILE_BAD_FILE_TYPE").".<br>"; //проверка на максимальный размер картинки (ширина/высота) if($iMaxWidth > 0 && ($intWIDTH > $iMaxWidth || $intWIDTH == 0) || $iMaxHeight > 0 && ($intHEIGHT > $iMaxHeight || $intHEIGHT == 0)) return GetMessage("FILE_BAD_MAX_RESOLUTION")." (".$iMaxWidth." * ".$iMaxHeight." ".GetMessage("main_include_dots").").<br>"; return null; }
function CheckImageFile($arFile, $iMaxSize = 0, $iMaxWidth = 0, $iMaxHeight = 0, $access_typies = array()) { if ($arFile["name"] == "") { return ""; } $file_type = GetFileType($arFile["name"]); // IMAGE by default if (!in_array($file_type, $access_typies)) { $file_type = "IMAGE"; } switch ($file_type) { case "FLASH": $res = CFile::CheckFile($arFile, $iMaxSize, "application/x-shockwave-flash", CFile::GetFlashExtensions()); break; default: $res = CFile::CheckFile($arFile, $iMaxSize, "image/", CFile::GetImageExtensions()); } if ($res != '') { return $res; } $imgArray = CFile::GetImageSize($arFile["tmp_name"], true); if (is_array($imgArray)) { $intWIDTH = $imgArray[0]; $intHEIGHT = $imgArray[1]; } else { return GetMessage("FILE_BAD_FILE_TYPE") . ".<br>"; } //check for dimensions if ($iMaxWidth > 0 && ($intWIDTH > $iMaxWidth || $intWIDTH == 0) || $iMaxHeight > 0 && ($intHEIGHT > $iMaxHeight || $intHEIGHT == 0)) { return GetMessage("FILE_BAD_MAX_RESOLUTION") . " (" . $iMaxWidth . " * " . $iMaxHeight . " " . GetMessage("main_include_dots") . ").<br>"; } return null; }
function CheckFields(&$arFields, &$arParams, $ACTION = "ADD", $extParams = array()) { $aMsg = array(); $arFiles = !is_array($arFields) ? array($arFields) : $arFields; $arParams = !is_array($arParams) ? array($arParams) : $arParams; $arParams["FORUM_ID"] = intVal($arParams["FORUM_ID"]); if (isset($arParams["TOPIC_ID"])) { $arParams["TOPIC_ID"] = intVal($arParams["TOPIC_ID"]); } $arParams["MESSAGE_ID"] = intVal($arParams["MESSAGE_ID"]); $arParams["USER_ID"] = intVal($arParams["USER_ID"]); if (empty($arFiles)) { return true; } elseif (!empty($arFiles["name"])) { $arFiles = array($arFiles); } $ACTION = $ACTION == "UPDATE" || "NOT_CHECK_DB" ? $ACTION : "ADD"; if ($arParams["FORUM_ID"] <= 0) { $aMsg[] = array("id" => 'bad_forum', "text" => GetMessage("F_ERR_EMPTY_FORUM_ID")); } else { // Y - Image files F - Files of specified type A - All files $arForum = !!$extParams["FORUM"] ? $extParams["FORUM"] : CForumNew::GetByID($arParams["FORUM_ID"]); if (empty($arForum)) { $aMsg[] = array("id" => 'bad_forum', "text" => GetMessage("F_ERR_FORUM_IS_LOST")); } elseif (!in_array($arForum["ALLOW_UPLOAD"], array("Y", "F", "A"))) { $aMsg[] = array("id" => 'bad_forum_permission', "text" => GetMessage("F_ERR_UPOAD_IS_DENIED")); } } if (empty($aMsg)) { $arFilesExists = array(); $iFileSize = intVal(COption::GetOptionString("forum", "file_max_size", 5242880)); foreach ($arFiles as $key => $val) { $res = ""; if (strLen($val["name"]) <= 0 && intVal($val["FILE_ID"]) <= 0) { unset($arFiles[$key]); continue; } elseif (strLen($val["name"]) > 0) { if ($arForum["ALLOW_UPLOAD"] == "Y") { $res = CFile::CheckImageFile($val, $iFileSize, 0, 0); } elseif ($arForum["ALLOW_UPLOAD"] == "F") { $res = CFile::CheckFile($val, $iFileSize, false, $arForum["ALLOW_UPLOAD_EXT"]); } else { $res = CFile::CheckFile($val, $iFileSize, false, false); } if (strLen($res) > 0) { $aMsg[] = array("id" => 'attach_error', "text" => $res); } } if (intVal($val["FILE_ID"]) > 0) { $arFiles[$key]["old_file"] = $val["FILE_ID"]; $arFilesExists[$val["FILE_ID"]] = $val; continue; } } if ($ACTION != "NOT_CHECK_DB" && !empty($arFilesExists)) { $arFilter = array("FILE_FORUM_ID" => $arParams["FORUM_ID"]); if (isset($arParams["TOPIC_ID"])) { $arFilter["FILE_TOPIC_ID"] = $arParams["TOPIC_ID"]; } if (isset($arParams["MESSAGE_ID"])) { $arFilter["FILE_MESSAGE_ID"] = $arParams["MESSAGE_ID"]; } $arFilter["@FILE_ID"] = array_keys($arFilesExists); $db_res = CForumFiles::GetList(array("FILE_ID" => "ASC"), $arFilter); if ($db_res && ($res = $db_res->Fetch())) { do { unset($arFilesExists[$res["FILE_ID"]]); } while ($res = $db_res->Fetch()); } if (!empty($arFilesExists)) { $aMsg[] = array("id" => 'attach_error', "text" => str_replace("#FILE_ID#", implode(", ", array_keys($arFilesExists)), GetMessage("F_ERR_UPOAD_FILES_IS_LOST"))); } } } if (!empty($aMsg)) { $e = new CAdminException($aMsg); $GLOBALS["APPLICATION"]->ThrowException($e); return false; } $arFields = $arFiles; return true; }
function SaveFile($name, $arRestriction = array()) { $wizard = $this->GetWizard(); $deleteFile = $wizard->GetVar($name . "_del"); $wizard->UnSetVar($name . "_del"); $oldFileID = $wizard->GetVar($name); $fileNew = $wizard->GetRealName($name . "_new"); if (!array_key_exists($fileNew, $_FILES) || strlen($_FILES[$fileNew]["name"]) <= 0 && $deleteFile === null) { return; } if (strlen($_FILES[$fileNew]["tmp_name"]) <= 0 && $deleteFile === null) { $this->SetError(GetMessage("MAIN_WIZARD_FILE_UPLOAD_ERROR"), $name . "_new"); return; } $arFile = $_FILES[$fileNew] + array("del" => $deleteFile == "Y" ? "Y" : "", "old_file" => intval($oldFileID) > 0 ? intval($oldFileID) : 0, "MODULE_ID" => "tmp_wizard"); $max_file_size = array_key_exists("max_file_size", $arRestriction) ? intval($arRestriction["max_file_size"]) : 0; $max_width = array_key_exists("max_width", $arRestriction) ? intval($arRestriction["max_width"]) : 0; $max_height = array_key_exists("max_height", $arRestriction) ? intval($arRestriction["max_height"]) : 0; $extensions = array_key_exists("extensions", $arRestriction) && strlen($arRestriction["extensions"]) > 0 ? trim($arRestriction["extensions"]) : false; $make_preview = array_key_exists("make_preview", $arRestriction) && $arRestriction["make_preview"] == "Y" ? true : false; $error = CFile::CheckFile($arFile, $max_file_size, false, $extensions); if (strlen($error) > 0) { $this->SetError($error, $name . "_new"); return; } if ($make_preview && $max_width > 0 && $max_height > 0) { list($sourceWidth, $sourceHeight, $type, $attr) = CFile::GetImageSize($arFile["tmp_name"]); if ($sourceWidth > $max_width || $sourceHeight > $max_height) { $success = CWizardUtil::CreateThumbnail($arFile["tmp_name"], $arFile["tmp_name"], $max_width, $max_height); if ($success) { $arFile["size"] = @filesize($arFile["tmp_name"]); } } } elseif ($max_width > 0 || $max_height > 0) { $error = CFile::CheckImageFile($arFile, $max_file_size, $max_width, $max_height); if (strlen($error) > 0) { $this->SetError($error, $name . "_new"); return; } } $fileID = (int) CFile::SaveFile($arFile, "tmp"); if ($fileID > 0) { $wizard->SetVar($name, $fileID); } else { $wizard->UnSetVar($name); } return $fileID; }
public static function getFrameAsData($file, $width, $height, $seconds, $for_html = true, $use_cache = true) { if ($program = static::findProgram("ffmpeg")) { if (file_exists($file)) { $param_string = serialize(func_get_args()); //$hash = sha1(md5_file($file).md5($param_string)); $time = static::seconds_to_format($seconds); $output = abs_path("/upload/frames/out" . md5($param_string) . ".jpg"); if ($use_cache) { $result = static::getCache(__FUNCTION__ . $param_string); } if (empty($result['RESULT'])) { $comm = $program . " -ss {$time} -i {$file} -frames:v 1 {$output}"; exec($comm); if (file_exists($output)) { if (intval($width) && intval($height)) { $obFile = new CFile(); $arFile = \CFile::MakeFileArray($output); $checkfile = $obFile->CheckFile($arFile, 400000, 'image/', 'gif,png,jpeg,jpg'); if (empty($checkfile)) { $obFile->ResizeImage($arFile, array("width" => $width, "height" => $height), BX_RESIZE_IMAGE_EXACT); $output = $arFile['tmp_name']; } } $base64data = static::getBase64File($output, $for_html); if (!empty($base64data)) { $result['RESULT'] = $base64data; unlink($output); static::setCache(__FUNCTION__ . $param_string, $result['RESULT']); } } } return $result['RESULT']; } } return false; }