Esempio n. 1
0
 public function testSaveToBXFileAfterGetContent()
 {
     $Request = new RequestBXFile(self::$_urlTestFiles . '/favicon.png');
     $Request->send();
     $this->assertEquals('PNG', substr($Request->getBody(), 1, 3));
     $fileID = $Request->saveToBXFile('/upload//obx.core/test/RequestBXFile');
     $this->assertTrue($fileID > 0);
     $arFile = \CFile::GetFileArray($fileID);
     $this->assertEquals('favicon.png', $arFile['ORIGINAL_NAME']);
     $this->assertEquals('image/png', $arFile['CONTENT_TYPE']);
     $this->assertFileExists(self::$_docRoot . '/upload/' . $arFile['SUBDIR'] . '/' . $arFile['FILE_NAME']);
     \CFile::DoDelete($arFile['ID']);
     $this->assertFileNotExists(self::$_docRoot . '/upload/' . $arFile['SUBDIR'] . '/' . $arFile['FILE_NAME']);
 }
Esempio n. 2
0
 function SaveFile($arFile, $strSavePath, $bForceMD5 = false, $bSkipExt = false)
 {
     $strFileName = GetFileName($arFile["name"]);
     /* filename.gif */
     if (isset($arFile["del"]) && $arFile["del"] != '') {
         CFile::DoDelete($arFile["old_file"]);
         if ($strFileName == '') {
             return "NULL";
         }
     }
     if ($arFile["name"] == '') {
         if (isset($arFile["description"]) && intval($arFile["old_file"]) > 0) {
             CFile::UpdateDesc($arFile["old_file"], $arFile["description"]);
         }
         return false;
     }
     if (array_key_exists("content", $arFile)) {
         if (!array_key_exists("size", $arFile)) {
             $arFile["size"] = CUtil::BinStrlen($arFile["content"]);
         }
     } else {
         $arFile["size"] = filesize($arFile["tmp_name"]);
     }
     $arFile["ORIGINAL_NAME"] = $strFileName;
     $io = CBXVirtualIo::GetInstance();
     if (self::validateFile($strFileName, $arFile, $bForceMD5) !== "") {
         return false;
     }
     $upload_dir = COption::GetOptionString("main", "upload_dir", "upload");
     if ($arFile["type"] == "image/pjpeg" || $arFile["type"] == "image/jpg") {
         $arFile["type"] = "image/jpeg";
     }
     //.jpe is not image type on many systems
     if (strtolower(GetFileExtension($strFileName)) == "jpe") {
         $strFileName = substr($strFileName, 0, -4) . ".jpg";
     }
     $bExternalStorage = false;
     foreach (GetModuleEvents("main", "OnFileSave", true) as $arEvent) {
         if (ExecuteModuleEventEx($arEvent, array(&$arFile, $strFileName, $strSavePath, $bForceMD5, $bSkipExt))) {
             $bExternalStorage = true;
             break;
         }
     }
     if (!$bExternalStorage) {
         $newName = '';
         if ($bForceMD5 != true && COption::GetOptionString("main", "save_original_file_name", "N") == "Y") {
             $dir_add = '';
             $i = 0;
             while (true) {
                 $dir_add = substr(md5(uniqid(mt_rand(), true)), 0, 3);
                 if (!$io->FileExists($_SERVER["DOCUMENT_ROOT"] . "/" . $upload_dir . "/" . $strSavePath . "/" . $dir_add . "/" . $strFileName)) {
                     break;
                 }
                 if ($i >= 25) {
                     $j = 0;
                     while (true) {
                         $dir_add = substr(md5(mt_rand()), 0, 3) . "/" . substr(md5(mt_rand()), 0, 3);
                         if (!$io->FileExists($_SERVER["DOCUMENT_ROOT"] . "/" . $upload_dir . "/" . $strSavePath . "/" . $dir_add . "/" . $strFileName)) {
                             break;
                         }
                         if ($j >= 25) {
                             $dir_add = substr(md5(mt_rand()), 0, 3) . "/" . md5(mt_rand());
                             break;
                         }
                         $j++;
                     }
                     break;
                 }
                 $i++;
             }
             if (substr($strSavePath, -1, 1) != "/") {
                 $strSavePath .= "/" . $dir_add;
             } else {
                 $strSavePath .= $dir_add . "/";
             }
             $newName = $strFileName;
         } else {
             $strFileExt = $bSkipExt == true ? '' : strrchr($strFileName, ".");
             while (true) {
                 $newName = md5(uniqid(mt_rand(), true)) . $strFileExt;
                 if (substr($strSavePath, -1, 1) != "/") {
                     $strSavePath .= "/" . substr($newName, 0, 3);
                 } else {
                     $strSavePath .= substr($newName, 0, 3) . "/";
                 }
                 if (!$io->FileExists($_SERVER["DOCUMENT_ROOT"] . "/" . $upload_dir . "/" . $strSavePath . "/" . $newName)) {
                     break;
                 }
             }
         }
         $arFile["SUBDIR"] = $strSavePath;
         $arFile["FILE_NAME"] = $newName;
         $strDirName = $_SERVER["DOCUMENT_ROOT"] . "/" . $upload_dir . "/" . $strSavePath . "/";
         $strDbFileNameX = $strDirName . $newName;
         $strPhysicalFileNameX = $io->GetPhysicalName($strDbFileNameX);
         CheckDirPath($strDirName);
         if (is_set($arFile, "content")) {
             $f = fopen($strPhysicalFileNameX, "ab");
             if (!$f) {
                 return false;
             }
             if (!fwrite($f, $arFile["content"])) {
                 return false;
             }
             fclose($f);
         } elseif (!copy($arFile["tmp_name"], $strPhysicalFileNameX) && !move_uploaded_file($arFile["tmp_name"], $strPhysicalFileNameX)) {
             CFile::DoDelete($arFile["old_file"]);
             return false;
         }
         if (isset($arFile["old_file"])) {
             CFile::DoDelete($arFile["old_file"]);
         }
         @chmod($strPhysicalFileNameX, BX_FILE_PERMISSIONS);
         $imgArray = CFile::GetImageSize($strDbFileNameX);
         if (is_array($imgArray)) {
             $arFile["WIDTH"] = $imgArray[0];
             $arFile["HEIGHT"] = $imgArray[1];
         } else {
             $arFile["WIDTH"] = 0;
             $arFile["HEIGHT"] = 0;
         }
     }
     /****************************** QUOTA ******************************/
     if (COption::GetOptionInt("main", "disk_space") > 0) {
         CDiskQuota::updateDiskQuota("file", $arFile["size"], "insert");
     }
     /****************************** QUOTA ******************************/
     $NEW_IMAGE_ID = CFile::DoInsert(array("HEIGHT" => $arFile["HEIGHT"], "WIDTH" => $arFile["WIDTH"], "FILE_SIZE" => $arFile["size"], "CONTENT_TYPE" => $arFile["type"], "SUBDIR" => $arFile["SUBDIR"], "FILE_NAME" => $arFile["FILE_NAME"], "MODULE_ID" => $arFile["MODULE_ID"], "ORIGINAL_NAME" => $arFile["ORIGINAL_NAME"], "DESCRIPTION" => isset($arFile["description"]) ? $arFile["description"] : '', "HANDLER_ID" => isset($arFile["HANDLER_ID"]) ? $arFile["HANDLER_ID"] : ''));
     CFile::CleanCache($NEW_IMAGE_ID);
     return $NEW_IMAGE_ID;
 }
Esempio n. 3
0
 public static function OnFileSave(&$arFile, $strFileName, $strSavePath, $bForceMD5 = false, $bSkipExt = false)
 {
     if (!$arFile["tmp_name"] && !array_key_exists("content", $arFile)) {
         return false;
     }
     if (array_key_exists("bucket", $arFile)) {
         $bucket = $arFile["bucket"];
     } else {
         $bucket = CCloudStorage::FindBucketForFile($arFile, $strFileName);
     }
     if (!is_object($bucket)) {
         return false;
     }
     if (!$bucket->Init()) {
         return false;
     }
     $copySize = false;
     $subDir = "";
     $filePath = "";
     if (array_key_exists("content", $arFile)) {
         $arFile["tmp_name"] = CTempFile::GetFileName($arFile["name"]);
         CheckDirPath($arFile["tmp_name"]);
         $fp = fopen($arFile["tmp_name"], "ab");
         if ($fp) {
             fwrite($fp, $arFile["content"]);
             fclose($fp);
         }
     }
     if (array_key_exists("bucket", $arFile)) {
         $newName = bx_basename($arFile["tmp_name"]);
         $prefix = $bucket->GetFileSRC("/");
         $subDir = substr($arFile["tmp_name"], strlen($prefix));
         $subDir = substr($subDir, 0, -strlen($newName) - 1);
     } else {
         if ($bForceMD5 != true && COption::GetOptionString("main", "save_original_file_name", "N") == "Y") {
             if (COption::GetOptionString("main", "convert_original_file_name", "Y") == "Y") {
                 $newName = CCloudStorage::translit($strFileName);
             } else {
                 $newName = $strFileName;
             }
         } else {
             $strFileExt = $bSkipExt == true ? '' : strrchr($strFileName, ".");
             $newName = md5(uniqid(mt_rand(), true)) . $strFileExt;
         }
         //check for double extension vulnerability
         $newName = RemoveScriptExtension($newName);
         while (true) {
             $strRand = md5(mt_rand());
             $strRand = substr($strRand, 0, 3) . "/" . $strRand;
             if (substr($strSavePath, -1) == "/") {
                 $subDir = $strSavePath . $strRand;
             } else {
                 $subDir = $strSavePath . "/" . $strRand;
             }
             $subDir = ltrim($subDir, "/");
             $filePath = "/" . $subDir . "/" . $newName;
             if (!$bucket->FileExists($filePath)) {
                 break;
             }
         }
         $targetPath = $bucket->GetFileSRC("/");
         if (strpos($arFile["tmp_name"], $targetPath) === 0) {
             $arDbFile = array("SUBDIR" => "", "FILE_NAME" => substr($arFile["tmp_name"], strlen($targetPath)), "CONTENT_TYPE" => $arFile["type"]);
             $copyPath = $bucket->FileCopy($arDbFile, $filePath);
             if (!$copyPath) {
                 return false;
             }
             $copySize = $bucket->GetFileSize("/" . urldecode(substr($copyPath, strlen($targetPath))));
         } else {
             $imgArray = CFile::GetImageSize($arFile["tmp_name"], true, false);
             if (is_array($imgArray) && $imgArray[2] == IMAGETYPE_JPEG) {
                 $exifData = CFile::ExtractImageExif($arFile["tmp_name"]);
                 if ($exifData && isset($exifData['Orientation'])) {
                     $properlyOriented = CFile::ImageHandleOrientation($exifData['Orientation'], $arFile["tmp_name"]);
                     if ($properlyOriented) {
                         $jpgQuality = intval(COption::GetOptionString('main', 'image_resize_quality', '95'));
                         if ($jpgQuality <= 0 || $jpgQuality > 100) {
                             $jpgQuality = 95;
                         }
                         imagejpeg($properlyOriented, $arFile["tmp_name"], $jpgQuality);
                     }
                 }
             }
             if (!$bucket->SaveFile($filePath, $arFile)) {
                 return false;
             }
         }
     }
     $arFile["HANDLER_ID"] = $bucket->ID;
     $arFile["SUBDIR"] = $subDir;
     $arFile["FILE_NAME"] = $newName;
     $arFile["WIDTH"] = 0;
     $arFile["HEIGHT"] = 0;
     if (array_key_exists("bucket", $arFile)) {
         $arFile["WIDTH"] = $arFile["width"];
         $arFile["HEIGHT"] = $arFile["height"];
         $arFile["size"] = $arFile["file_size"];
     } elseif ($copySize !== false) {
         $arFile["size"] = $copySize;
         $bucket->IncFileCounter($copySize);
     } else {
         $bucket->IncFileCounter(filesize($arFile["tmp_name"]));
         $flashEnabled = !CFile::IsImage($arFile["ORIGINAL_NAME"], $arFile["type"]);
         $imgArray = CFile::GetImageSize($arFile["tmp_name"], true, $flashEnabled);
         if (is_array($imgArray)) {
             $arFile["WIDTH"] = $imgArray[0];
             $arFile["HEIGHT"] = $imgArray[1];
         }
     }
     if (isset($arFile["old_file"])) {
         CFile::DoDelete($arFile["old_file"]);
     }
     return true;
 }
Esempio n. 4
0
	function OnFileSave(&$arFile, $strFileName, $strSavePath, $bForceMD5 = false, $bSkipExt = false)
	{
		if(!$arFile["tmp_name"] && !$arFile["content"])
			return false;

		if(array_key_exists("bucket", $arFile))
			$bucket = $arFile["bucket"];
		else
			$bucket = CCloudStorage::FindBucketForFile($arFile, $strFileName);

		if(!is_object($bucket))
			return false;

		if(!$bucket->Init())
			return false;

		if(array_key_exists("bucket", $arFile))
		{
			$newName = bx_basename($arFile["tmp_name"]);

			$prefix = $bucket->GetFileSRC("/");
			$subDir = substr($arFile["tmp_name"], strlen($prefix));
			$subDir = substr($subDir, 0, -strlen($newName)-1);
		}
		else
		{
			if(
				$bForceMD5 != true
				&& COption::GetOptionString("main", "save_original_file_name", "N")=="Y"
			)
			{
				if(COption::GetOptionString("main", "convert_original_file_name", "Y")=="Y")
					$newName = CCloudStorage::translit($strFileName);
				else
					$newName = $strFileName;
			}
			else
			{
				$strFileExt = ($bSkipExt == true? '' : strrchr($strFileName, "."));
				$newName = md5(uniqid(mt_rand(), true)).$strFileExt;
			}

			//check for double extension vulnerability
			$newName = RemoveScriptExtension($newName);

			while(true)
			{
				$strRand = md5(mt_rand());
				$strRand = substr($strRand, 0, 3)."/".$strRand;

				if(substr($strSavePath, -1) == "/")
					$subDir = $strSavePath.$strRand;
				else
					$subDir = $strSavePath."/".$strRand;
				$subDir = ltrim($subDir, "/");

				$filePath = "/".$subDir."/".$newName;

				if(!$bucket->FileExists($filePath))
					break;
			}

			if(!$bucket->SaveFile($filePath, $arFile))
				return false;
		}

		$arFile["HANDLER_ID"] = $bucket->ID;
		$arFile["SUBDIR"] = $subDir;
		$arFile["FILE_NAME"] = $newName;

		$arFile["WIDTH"] = 0;
		$arFile["HEIGHT"] = 0;
		if(array_key_exists("bucket", $arFile))
		{
			$arFile["WIDTH"] = $arFile["width"];
			$arFile["HEIGHT"] = $arFile["height"];
			$arFile["size"] = $arFile["file_size"];
		}
		elseif(array_key_exists("content", $arFile))
		{
			$tmp_name = tempnam();
			$fp = fopen($tmp_name, "ab");
			if($fp)
			{
				if(fwrite($fp, $arFile["content"]))
				{
					$bucket->IncFileCounter(filesize($tmp_name));
					$imgArray = CFile::GetImageSize($tmp_name);
					if(is_array($imgArray))
					{
						$arFile["WIDTH"] = $imgArray[0];
						$arFile["HEIGHT"] = $imgArray[1];
					}
				}
				fclose($fp);
				unlink($tmp_name);
			}
		}
		else
		{
			$bucket->IncFileCounter(filesize($arFile["tmp_name"]));
			$imgArray = CFile::GetImageSize($arFile["tmp_name"]);
			if(is_array($imgArray))
			{
				$arFile["WIDTH"] = $imgArray[0];
				$arFile["HEIGHT"] = $imgArray[1];
			}
		}

		if(isset($arFile["old_file"]))
			CFile::DoDelete($arFile["old_file"]);

		return true;
	}
Esempio n. 5
0
	function SaveFile($arFile, $strSavePath, $bForceMD5=false, $bSkipExt=false)
	{
		$strFileName = GetFileName($arFile["name"]);	/* filename.gif */

		if(isset($arFile["del"]) && $arFile["del"] <> '')
		{
			CFile::DoDelete($arFile["old_file"]);
			if($strFileName == '')
				return "NULL";
		}

		if($arFile["name"] == '')
		{
			if(is_set($arFile, "description") && intval($arFile["old_file"])>0)
				CFile::UpdateDesc($arFile["old_file"], $arFile["description"]);
			return false;
		}

		if(is_set($arFile, "content") && !is_set($arFile, "size"))
			$arFile["size"] = CUtil::BinStrlen($arFile["content"]);
		else
			$arFile["size"] = filesize($arFile["tmp_name"]);

		/****************************** QUOTA ******************************/
		if (COption::GetOptionInt("main", "disk_space") > 0)
		{
			$quota = new CDiskQuota();
			if (!$quota->checkDiskQuota($arFile))
				return false;
		}
		/****************************** QUOTA ******************************/

		$arFile["ORIGINAL_NAME"] = $strFileName;

		$io = CBXVirtualIo::GetInstance();
		if($bForceMD5 != true && COption::GetOptionString("main", "save_original_file_name", "N") == "Y")
		{
			if(COption::GetOptionString("main", "translit_original_file_name", "N") == "Y")
				$strFileName = CUtil::translit($strFileName, LANGUAGE_ID, array("max_len"=>1024, "safe_chars"=>"."));

			if(COption::GetOptionString("main", "convert_original_file_name", "Y") == "Y")
				$strFileName = $io->RandomizeInvalidFilename($strFileName);
		}

		if(!$io->ValidateFilenameString($strFileName))
			return false;

		//check for double extension vulnerability
		$strFileName = RemoveScriptExtension($strFileName);
		if($strFileName == '')
			return false;

		if(strlen($strFileName) > 255)
			return false;

		//check .htaccess etc.
		if(IsFileUnsafe($strFileName))
			return false;

		//nginx returns octet-stream for .jpg
		if(GetFileNameWithoutExtension($strFileName) == '')
			return false;

		$upload_dir = COption::GetOptionString("main", "upload_dir", "upload");

		if($arFile["type"]=="image/pjpeg" || $arFile["type"]=="image/jpg")
			$arFile["type"]="image/jpeg";

		//.jpe is not image type on many systems
		if(strtolower(GetFileExtension($strFileName)) == "jpe")
			$strFileName = substr($strFileName, 0, -4).".jpg";

		$bExternalStorage = false;
		foreach(GetModuleEvents("main", "OnFileSave", true) as $arEvent)
		{
			if(ExecuteModuleEventEx($arEvent, array(&$arFile, $strFileName, $strSavePath, $bForceMD5, $bSkipExt)))
			{
				$bExternalStorage = true;
				break;
			}
		}

		if(!$bExternalStorage)
		{
			$newName = '';
			if($bForceMD5 != true && COption::GetOptionString("main", "save_original_file_name", "N")=="Y")
			{
				$dir_add = '';
				$i=0;
				while(true)
				{
					$dir_add = substr(md5(uniqid(mt_rand(), true)), 0, 3);
					if(!$io->FileExists($_SERVER["DOCUMENT_ROOT"]."/".$upload_dir."/".$strSavePath."/".$dir_add."/".$strFileName))
						break;
					if($i>=25)
					{
						$j=0;
						while(true)
						{
							$dir_add = substr(md5(mt_rand()), 0, 3)."/".substr(md5(mt_rand()), 0, 3);
							if(!$io->FileExists($_SERVER["DOCUMENT_ROOT"]."/".$upload_dir."/".$strSavePath."/".$dir_add."/".$strFileName))
								break;
							if($j>=25)
							{
								$dir_add = substr(md5(mt_rand()), 0, 3)."/".md5(mt_rand());
								break;
							}
							$j++;
						}
						break;
					}
					$i++;
				}
				if(substr($strSavePath, -1, 1) <> "/")
					$strSavePath .= "/".$dir_add;
				else
					$strSavePath .= $dir_add."/";

				$newName = $strFileName;
			}
			else
			{
				$strFileExt = ($bSkipExt == true? '' : strrchr($strFileName, "."));
				while(true)
				{
					$newName = md5(uniqid(mt_rand(), true)).$strFileExt;
					if(substr($strSavePath, -1, 1) <> "/")
						$strSavePath .= "/".substr($newName, 0, 3);
					else
						$strSavePath .= substr($newName, 0, 3)."/";

					if(!$io->FileExists($_SERVER["DOCUMENT_ROOT"]."/".$upload_dir."/".$strSavePath."/".$newName))
						break;
				}
			}

			$arFile["SUBDIR"] = $strSavePath;
			$arFile["FILE_NAME"] = $newName;
			$strDirName = $_SERVER["DOCUMENT_ROOT"]."/".$upload_dir."/".$strSavePath."/";
			$strDbFileNameX = $strDirName.$newName;
			$strPhysicalFileNameX = $io->GetPhysicalName($strDbFileNameX);

			CheckDirPath($strDirName);

			if(is_set($arFile, "content"))
			{
				$f = fopen($strPhysicalFileNameX, "ab");
				if(!$f)
					return false;
				if(!fwrite($f, $arFile["content"]))
					return false;
				fclose($f);
			}
			elseif(
				!copy($arFile["tmp_name"], $strPhysicalFileNameX)
				&& !move_uploaded_file($arFile["tmp_name"], $strPhysicalFileNameX)
			)
			{
				CFile::DoDelete($arFile["old_file"]);
				return false;
			}

			if(isset($arFile["old_file"]))
				CFile::DoDelete($arFile["old_file"]);

			@chmod($strPhysicalFileNameX, BX_FILE_PERMISSIONS);

			$imgArray = CFile::GetImageSize($strDbFileNameX);

			if(is_array($imgArray))
			{
				$arFile["WIDTH"] = $imgArray[0];
				$arFile["HEIGHT"] = $imgArray[1];
			}
			else
			{
				$arFile["WIDTH"] = 0;
				$arFile["HEIGHT"] = 0;
			}
		} //if(!$bExternalStorage)


		/****************************** QUOTA ******************************/
		if (COption::GetOptionInt("main", "disk_space") > 0)
		{
			CDiskQuota::updateDiskQuota("file", $arFile["size"], "insert");
		}
		/****************************** QUOTA ******************************/

		$NEW_IMAGE_ID = CFile::DoInsert(array(
			"HEIGHT" => $arFile["HEIGHT"],
			"WIDTH" => $arFile["WIDTH"],
			"FILE_SIZE" => $arFile["size"],
			"CONTENT_TYPE" => $arFile["type"],
			"SUBDIR" => $arFile["SUBDIR"],
			"FILE_NAME" => $arFile["FILE_NAME"],
			"MODULE_ID" => $arFile["MODULE_ID"],
			"ORIGINAL_NAME" => $arFile["ORIGINAL_NAME"],
			"DESCRIPTION" => isset($arFile["description"])? $arFile["description"]: '',
			"HANDLER_ID" => isset($arFile["HANDLER_ID"])? $arFile["HANDLER_ID"]: '',
		));

		CFile::CleanCache($NEW_IMAGE_ID);
		return $NEW_IMAGE_ID;
	}
Esempio n. 6
0
 function SaveFile($arFile, $strSavePath, $bForceMD5 = false, $bSkipExt = false)
 {
     $strFileName = GetFileName($arFile["name"]);
     /* filename.gif */
     if (isset($arFile["del"]) && $arFile["del"] != '') {
         CFile::DoDelete($arFile["old_file"]);
         if ($strFileName == '') {
             return "NULL";
         }
     }
     if ($arFile["name"] == '') {
         if (isset($arFile["description"]) && intval($arFile["old_file"]) > 0) {
             CFile::UpdateDesc($arFile["old_file"], $arFile["description"]);
         }
         return false;
     }
     if (isset($arFile["content"])) {
         if (!isset($arFile["size"])) {
             $arFile["size"] = CUtil::BinStrlen($arFile["content"]);
         }
     } else {
         try {
             $file = new IO\File($arFile["tmp_name"]);
             $arFile["size"] = $file->getSize();
         } catch (IO\IoException $e) {
             $arFile["size"] = 0;
         }
     }
     $arFile["ORIGINAL_NAME"] = $strFileName;
     //translit, replace unsafe chars, etc.
     $strFileName = self::transformName($strFileName, $bForceMD5, $bSkipExt);
     //transformed name must be valid, check disk quota, etc.
     if (self::validateFile($strFileName, $arFile) !== "") {
         return false;
     }
     if ($arFile["type"] == "image/pjpeg" || $arFile["type"] == "image/jpg") {
         $arFile["type"] = "image/jpeg";
     }
     $bExternalStorage = false;
     foreach (GetModuleEvents("main", "OnFileSave", true) as $arEvent) {
         if (ExecuteModuleEventEx($arEvent, array(&$arFile, $strFileName, $strSavePath, $bForceMD5, $bSkipExt))) {
             $bExternalStorage = true;
             break;
         }
     }
     if (!$bExternalStorage) {
         $upload_dir = COption::GetOptionString("main", "upload_dir", "upload");
         $io = CBXVirtualIo::GetInstance();
         if ($bForceMD5 != true && COption::GetOptionString("main", "save_original_file_name", "N") == "Y") {
             $dir_add = '';
             $i = 0;
             while (true) {
                 $dir_add = substr(md5(uniqid("", true)), 0, 3);
                 if (!$io->FileExists($_SERVER["DOCUMENT_ROOT"] . "/" . $upload_dir . "/" . $strSavePath . "/" . $dir_add . "/" . $strFileName)) {
                     break;
                 }
                 if ($i >= 25) {
                     $j = 0;
                     while (true) {
                         $dir_add = substr(md5(mt_rand()), 0, 3) . "/" . substr(md5(mt_rand()), 0, 3);
                         if (!$io->FileExists($_SERVER["DOCUMENT_ROOT"] . "/" . $upload_dir . "/" . $strSavePath . "/" . $dir_add . "/" . $strFileName)) {
                             break;
                         }
                         if ($j >= 25) {
                             $dir_add = substr(md5(mt_rand()), 0, 3) . "/" . md5(mt_rand());
                             break;
                         }
                         $j++;
                     }
                     break;
                 }
                 $i++;
             }
             if (substr($strSavePath, -1, 1) != "/") {
                 $strSavePath .= "/" . $dir_add;
             } else {
                 $strSavePath .= $dir_add . "/";
             }
         } else {
             $strFileExt = $bSkipExt == true || ($ext = GetFileExtension($strFileName)) == '' ? '' : "." . $ext;
             while (true) {
                 if (substr($strSavePath, -1, 1) != "/") {
                     $strSavePath .= "/" . substr($strFileName, 0, 3);
                 } else {
                     $strSavePath .= substr($strFileName, 0, 3) . "/";
                 }
                 if (!$io->FileExists($_SERVER["DOCUMENT_ROOT"] . "/" . $upload_dir . "/" . $strSavePath . "/" . $strFileName)) {
                     break;
                 }
                 //try the new name
                 $strFileName = md5(uniqid("", true)) . $strFileExt;
             }
         }
         $arFile["SUBDIR"] = $strSavePath;
         $arFile["FILE_NAME"] = $strFileName;
         $strDirName = $_SERVER["DOCUMENT_ROOT"] . "/" . $upload_dir . "/" . $strSavePath . "/";
         $strDbFileNameX = $strDirName . $strFileName;
         $strPhysicalFileNameX = $io->GetPhysicalName($strDbFileNameX);
         CheckDirPath($strDirName);
         if (is_set($arFile, "content")) {
             $f = fopen($strPhysicalFileNameX, "ab");
             if (!$f) {
                 return false;
             }
             if (fwrite($f, $arFile["content"]) === false) {
                 return false;
             }
             fclose($f);
         } elseif (!copy($arFile["tmp_name"], $strPhysicalFileNameX) && !move_uploaded_file($arFile["tmp_name"], $strPhysicalFileNameX)) {
             CFile::DoDelete($arFile["old_file"]);
             return false;
         }
         if (isset($arFile["old_file"])) {
             CFile::DoDelete($arFile["old_file"]);
         }
         @chmod($strPhysicalFileNameX, BX_FILE_PERMISSIONS);
         //flash is not an image
         $flashEnabled = !CFile::IsImage($arFile["ORIGINAL_NAME"], $arFile["type"]);
         $imgArray = CFile::GetImageSize($strDbFileNameX, false, $flashEnabled);
         if (is_array($imgArray)) {
             $arFile["WIDTH"] = $imgArray[0];
             $arFile["HEIGHT"] = $imgArray[1];
             if ($imgArray[2] == IMAGETYPE_JPEG) {
                 $exifData = CFile::ExtractImageExif($io->GetPhysicalName($strDbFileNameX));
                 if ($exifData && isset($exifData['Orientation'])) {
                     //swap width and height
                     if ($exifData['Orientation'] >= 5 && $exifData['Orientation'] <= 8) {
                         $arFile["WIDTH"] = $imgArray[1];
                         $arFile["HEIGHT"] = $imgArray[0];
                     }
                     $properlyOriented = CFile::ImageHandleOrientation($exifData['Orientation'], $io->GetPhysicalName($strDbFileNameX));
                     if ($properlyOriented) {
                         $jpgQuality = intval(COption::GetOptionString('main', 'image_resize_quality', '95'));
                         if ($jpgQuality <= 0 || $jpgQuality > 100) {
                             $jpgQuality = 95;
                         }
                         imagejpeg($properlyOriented, $io->GetPhysicalName($strDbFileNameX), $jpgQuality);
                     }
                 }
             }
         } else {
             $arFile["WIDTH"] = 0;
             $arFile["HEIGHT"] = 0;
         }
     }
     if ($arFile["WIDTH"] == 0 || $arFile["HEIGHT"] == 0) {
         //mock image because we got false from CFile::GetImageSize()
         if (strpos($arFile["type"], "image/") === 0) {
             $arFile["type"] = "application/octet-stream";
         }
     }
     if ($arFile["type"] == '' || !is_string($arFile["type"])) {
         $arFile["type"] = "application/octet-stream";
     }
     /****************************** QUOTA ******************************/
     if (COption::GetOptionInt("main", "disk_space") > 0) {
         CDiskQuota::updateDiskQuota("file", $arFile["size"], "insert");
     }
     /****************************** QUOTA ******************************/
     $NEW_IMAGE_ID = CFile::DoInsert(array("HEIGHT" => $arFile["HEIGHT"], "WIDTH" => $arFile["WIDTH"], "FILE_SIZE" => $arFile["size"], "CONTENT_TYPE" => $arFile["type"], "SUBDIR" => $arFile["SUBDIR"], "FILE_NAME" => $arFile["FILE_NAME"], "MODULE_ID" => $arFile["MODULE_ID"], "ORIGINAL_NAME" => $arFile["ORIGINAL_NAME"], "DESCRIPTION" => isset($arFile["description"]) ? $arFile["description"] : '', "HANDLER_ID" => isset($arFile["HANDLER_ID"]) ? $arFile["HANDLER_ID"] : '', "EXTERNAL_ID" => isset($arFile["external_id"]) ? $arFile["external_id"] : md5(mt_rand())));
     CFile::CleanCache($NEW_IMAGE_ID);
     return $NEW_IMAGE_ID;
 }