CMS_grandFather::raiseError('Error, user has no rights on page : ' . $cms_page->getID());
$view->show();
}
//get block datas
if (class_exists($blockClass)) {
$cms_block = new $blockClass();
$cms_block->initializeFromBasicAttributes($blockId);
$rawDatas = $cms_block->getRawData($cms_page->getID(), $cs, $rowTag, RESOURCE_LOCATION_EDITION, false);
} else {
CMS_grandFather::raiseError('Error, can\'t get block class : ' . $blockClass);
$view->show();
}
$maxFileSize = CMS_file::getMaxUploadFileSize('K');
if ($rawDatas['file'] && file_exists(PATH_MODULES_FILES_STANDARD_FS . '/edition/' . $rawDatas['file'])) {
$file = new CMS_file(PATH_MODULES_FILES_STANDARD_FS . '/edition/' . $rawDatas['file']);
$fileDatas = array('filename' => $file->getName(false), 'filepath' => $file->getFilePath(CMS_file::WEBROOT), 'filesize' => $file->getFileSize(), 'fileicon' => $file->getFileIcon(CMS_file::WEBROOT), 'extension' => $file->getExtension());
} else {
$fileDatas = array('filename' => '', 'filepath' => '', 'filesize' => '', 'fileicon' => '', 'extension' => '');
}
$filePath = $fileDatas['filepath'];
$fileDatas = sensitiveIO::jsonEncode($fileDatas);
$flashvars = sensitiveIO::sanitizeJSString($rawDatas["flashvars"]);
$params = sensitiveIO::sanitizeJSString($rawDatas["params"]);
$attributes = sensitiveIO::sanitizeJSString($rawDatas["attributes"]);
$jscontent = <<<END
\tvar blockWindow = Ext.getCmp('{$winId}');
\t//set window title
\tblockWindow.setTitle('{$cms_language->getJsMessage(MESSAGE_EDIT_FLASH)}');
\t//set help button on top of page
\tblockWindow.tools['help'].show();
\t//add a tooltip on button
/**
* set object Values
*
* @param array $values : the POST result values
* @param string prefixname : the prefix used for post names
* @param boolean newFormat : new automne v4 format (default false for compatibility)
* @param integer $objectID : the current object id. Must be set, but default is blank for compatibility with other objects
* @return boolean true on success, false on failure
* @access public
*/
function setValues($values, $prefixName, $newFormat = false, $objectID = '')
{
if (!sensitiveIO::isPositiveInteger($objectID)) {
$this->raiseError('ObjectID must be a positive integer : ' . $objectID);
return false;
}
//get field parameters
$params = $this->getParamsValues();
//get module codename
$moduleCodename = CMS_poly_object_catalog::getModuleCodenameForField($this->_field->getID());
if ($newFormat) {
//delete old images ?
//thumbnail
if ($this->_subfieldValues[0]->getValue() && (!$values[$prefixName . $this->_field->getID() . '_0'] || pathinfo($values[$prefixName . $this->_field->getID() . '_0'], PATHINFO_BASENAME) != $this->_subfieldValues[0]->getValue())) {
@unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[0]->getValue());
$this->_subfieldValues[0]->setValue('');
}
//image zoom
if ($this->_subfieldValues[2]->getValue() && (!isset($values[$prefixName . $this->_field->getID() . '_2']) || !$values[$prefixName . $this->_field->getID() . '_2'] || pathinfo($values[$prefixName . $this->_field->getID() . '_2'], PATHINFO_BASENAME) != $this->_subfieldValues[2]->getValue())) {
@unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[2]->getValue());
$this->_subfieldValues[2]->setValue('');
}
//set label from label field
if (!$this->_subfieldValues[1]->setValue(io::htmlspecialchars($values[$prefixName . $this->_field->getID() . '_1']))) {
return false;
}
//image zoom (if needed)
if ((!isset($values[$prefixName . $this->_field->getID() . '_makeZoom']) || $values[$prefixName . $this->_field->getID() . '_makeZoom'] != 1) && isset($values[$prefixName . $this->_field->getID() . '_2']) && $values[$prefixName . $this->_field->getID() . '_2'] && io::strpos($values[$prefixName . $this->_field->getID() . '_2'], PATH_UPLOAD_WR . '/') !== false) {
$filename = $values[$prefixName . $this->_field->getID() . '_2'];
//check for image type before doing anything
if (!in_array(io::strtolower(pathinfo($filename, PATHINFO_EXTENSION)), $this->_allowedExtensions)) {
return false;
}
//destroy old image if any
if ($this->_subfieldValues[2]->getValue()) {
@unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[2]->getValue());
$this->_subfieldValues[2]->setValue('');
}
//move and rename uploaded file
$filename = str_replace(PATH_UPLOAD_WR . '/', PATH_UPLOAD_FS . '/', $filename);
$basename = pathinfo($filename, PATHINFO_BASENAME);
//set thumbnail
$path = PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED;
$zoomBasename = "r" . $objectID . "_" . $this->_field->getID() . "_" . io::strtolower(SensitiveIO::sanitizeAsciiString($basename));
if (io::strlen($zoomBasename) > 255) {
$zoomBasename = sensitiveIO::ellipsis($zoomBasename, 255, '-', true);
}
$zoomFilename = $path . '/' . $zoomBasename;
CMS_file::moveTo($filename, $zoomFilename);
CMS_file::chmodFile(FILES_CHMOD, $zoomFilename);
//set it
if (!$this->_subfieldValues[2]->setValue($zoomBasename)) {
return false;
}
}
//thumbnail
if ($values[$prefixName . $this->_field->getID() . '_0'] && io::strpos($values[$prefixName . $this->_field->getID() . '_0'], PATH_UPLOAD_WR . '/') !== false) {
$filename = $values[$prefixName . $this->_field->getID() . '_0'];
//check for image type before doing anything
if (!in_array(io::strtolower(pathinfo($filename, PATHINFO_EXTENSION)), $this->_allowedExtensions)) {
return false;
}
//destroy old image if any
if ($this->_subfieldValues[0]->getValue()) {
@unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[0]->getValue());
$this->_subfieldValues[0]->setValue('');
}
//move and rename uploaded file
$filename = str_replace(PATH_UPLOAD_WR . '/', PATH_UPLOAD_FS . '/', $filename);
$basename = pathinfo($filename, PATHINFO_BASENAME);
//set thumbnail
$path = PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED;
$newBasename = "r" . $objectID . "_" . $this->_field->getID() . "_" . io::strtolower(SensitiveIO::sanitizeAsciiString($basename));
//rename image
$path_parts = pathinfo($newBasename);
$extension = io::strtolower($path_parts['extension']);
$newBasename = io::substr($path_parts['basename'], 0, -(io::strlen($extension) + 1)) . '_thumbnail.' . $extension;
if (io::strlen($newBasename) > 255) {
$newBasename = sensitiveIO::ellipsis($newBasename, 255, '-', true);
}
$newFilename = $path . '/' . $newBasename;
//move file from upload dir to new dir
CMS_file::moveTo($filename, $newFilename);
CMS_file::chmodFile(FILES_CHMOD, $newFilename);
//if we use original image as image zoom, set it
if (isset($values[$prefixName . $this->_field->getID() . '_makeZoom']) && $values[$prefixName . $this->_field->getID() . '_makeZoom'] == 1) {
$zoomFilename = str_replace('_thumbnail.' . $extension, '.' . $extension, $newFilename);
//copy image as zoom
CMS_file::copyTo($newFilename, $zoomFilename);
$zoomBasename = pathinfo($zoomFilename, PATHINFO_BASENAME);
//set image zoom
if (!$this->_subfieldValues[2]->setValue($zoomBasename)) {
return false;
}
}
//resize thumbnail if needed
if ($params['maxWidth'] > 0 || $params['maxHeight'] > 0) {
$oImage = new CMS_image($newFilename);
//get current file size
$sizeX = $oImage->getWidth();
$sizeY = $oImage->getHeight();
//check thumbnail size
if ($params['maxWidth'] && $sizeX > $params['maxWidth'] || $params['maxHeight'] && $sizeY > $params['maxHeight']) {
$newSizeX = $sizeX;
$newSizeY = $sizeY;
// Check width
if ($params['maxWidth'] && $newSizeX > $params['maxWidth']) {
$newSizeY = round($params['maxWidth'] * $newSizeY / $newSizeX);
$newSizeX = $params['maxWidth'];
}
if ($params['maxHeight'] && $newSizeY > $params['maxHeight']) {
$newSizeX = round($params['maxHeight'] * $newSizeX / $newSizeY);
$newSizeY = $params['maxHeight'];
}
if (!$oImage->resize($newSizeX, $newSizeY, $newFilename)) {
return false;
}
}
}
//set thumbnail
if (!$this->_subfieldValues[0]->setValue($newBasename)) {
return false;
}
}
// If label not set yet, set it
/*if(!$this->_subfieldValues[1]->getValue()){
if($this->_subfieldValues[0]->getValue()){
$this->_subfieldValues[1]->setValue($this->_subfieldValues[0]->getValue());
}
}*/
//if we had an imagezoom, check his size
if ($this->_subfieldValues[2]->getValue() && ($params['maxZoomWidth'] > 0 || $params['maxZoomHeight'] > 0)) {
//resize zoom if needed
$path = PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED;
$basename = $this->_subfieldValues[2]->getValue();
$filename = $path . '/' . $basename;
$extension = io::strtolower(pathinfo($basename, PATHINFO_EXTENSION));
$oImage = new CMS_image($filename);
//get current file size
$sizeX = $oImage->getWidth();
$sizeY = $oImage->getHeight();
//check zoom size
if ($params['maxZoomWidth'] && $sizeX > $params['maxZoomWidth'] || $params['maxZoomHeight'] && $sizeY > $params['maxZoomHeight']) {
$newSizeX = $sizeX;
$newSizeY = $sizeY;
// Check width
if ($params['maxZoomWidth'] && $newSizeX > $params['maxZoomWidth']) {
$newSizeY = round($params['maxZoomWidth'] * $newSizeY / $newSizeX);
$newSizeX = $params['maxZoomWidth'];
}
if ($params['maxZoomHeight'] && $newSizeY > $params['maxZoomHeight']) {
$newSizeX = round($params['maxZoomHeight'] * $newSizeX / $newSizeY);
$newSizeY = $params['maxZoomHeight'];
}
if (!$oImage->resize($newSizeX, $newSizeY, $filename)) {
return false;
}
}
}
//update files infos if needed
if ($this->_subfieldValues[0]->getValue() && file_exists(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[0]->getValue())) {
$file = new CMS_file(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[0]->getValue());
$imageDatas = array('filename' => $file->getName(false), 'filepath' => $file->getFilePath(CMS_file::WEBROOT), 'filesize' => $file->getFileSize(), 'fileicon' => $file->getFileIcon(CMS_file::WEBROOT), 'extension' => $file->getExtension());
} else {
$imageDatas = array('filename' => '', 'filepath' => '', 'filesize' => '', 'fileicon' => '', 'extension' => '');
}
$imageDatas['module'] = $moduleCodename;
$imageDatas['visualisation'] = RESOURCE_DATA_LOCATION_EDITED;
if ($params['useDistinctZoom'] || $this->_subfieldValues[2]->getValue()) {
//update files infos if needed
if ($this->_subfieldValues[2]->getValue() && file_exists(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[2]->getValue())) {
$file = new CMS_file(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[2]->getValue());
$zoomDatas = array('filename' => $file->getName(false), 'filepath' => $file->getFilePath(CMS_file::WEBROOT), 'filesize' => $file->getFileSize(), 'fileicon' => $file->getFileIcon(CMS_file::WEBROOT), 'extension' => $file->getExtension());
} else {
$zoomDatas = array('filename' => '', 'filepath' => '', 'filesize' => '', 'fileicon' => '', 'extension' => '');
}
$zoomDatas['module'] = $moduleCodename;
$zoomDatas['visualisation'] = RESOURCE_DATA_LOCATION_EDITED;
} else {
$zoomDatas = '';
}
$content = array('datas' => array('polymodFieldsValue[' . $prefixName . $this->_field->getID() . '_0]' => $imageDatas, 'polymodFieldsValue[' . $prefixName . $this->_field->getID() . '_2]' => $zoomDatas, 'polymodFieldsValue[' . $prefixName . $this->_field->getID() . '_1]' => sensitiveIO::decodeEntities($this->_subfieldValues[1]->getValue())));
$view = CMS_view::getInstance();
$view->addContent($content);
return true;
} else {
//Old format
//delete old images ?
if (isset($values[$prefixName . $this->_field->getID() . '_delete']) && $values[$prefixName . $this->_field->getID() . '_delete'] == 1) {
if ($this->_subfieldValues[0]->getValue()) {
@unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[0]->getValue());
$this->_subfieldValues[0]->setValue('');
} elseif (isset($values[$prefixName . $this->_field->getID() . '_0_hidden']) && $values[$prefixName . $this->_field->getID() . '_0_hidden']) {
@unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $values[$prefixName . $this->_field->getID() . '_0_hidden']);
$this->_subfieldValues[0]->setValue('');
}
if ($this->_subfieldValues[2]->getValue()) {
@unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[2]->getValue());
$this->_subfieldValues[2]->setValue('');
} elseif (isset($values[$prefixName . $this->_field->getID() . '_2_hidden']) && $values[$prefixName . $this->_field->getID() . '_2_hidden']) {
@unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $values[$prefixName . $this->_field->getID() . '_2_hidden']);
$this->_subfieldValues[2]->setValue('');
}
}
//set label from label field
if (!$this->_subfieldValues[1]->setValue(io::htmlspecialchars(@$values[$prefixName . $this->_field->getID() . '_1']))) {
return false;
}
//thumbnail
if (isset($_FILES[$prefixName . $this->_field->getID() . '_0']) && $_FILES[$prefixName . $this->_field->getID() . '_0']['name'] && !$_FILES[$prefixName . $this->_field->getID() . '_0']['error']) {
//check for image type before doing anything
if (!in_array(io::strtolower(pathinfo($_FILES[$prefixName . $this->_field->getID() . '_0']["name"], PATHINFO_EXTENSION)), $this->_allowedExtensions)) {
return false;
}
//set label as image name if none set
/*if (!$values[$prefixName.$this->_field->getID().'_1']) {
if (!$this->_subfieldValues[1]->setValue(io::htmlspecialchars($_FILES[$prefixName.$this->_field->getID().'_0']["name"]))) {
return false;
}
}*/
//destroy all old images if any
if ($this->_subfieldValues[0]->getValue()) {
@unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[0]->getValue());
$this->_subfieldValues[0]->setValue('');
} elseif (isset($values[$prefixName . $this->_field->getID() . '_0_hidden']) && $values[$prefixName . $this->_field->getID() . '_0_hidden']) {
@unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $values[$prefixName . $this->_field->getID() . '_0_hidden']);
$this->_subfieldValues[0]->setValue('');
}
if ($this->_subfieldValues[2]->getValue()) {
@unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[2]->getValue());
$this->_subfieldValues[2]->setValue('');
} elseif (isset($values[$prefixName . $this->_field->getID() . '_2_hidden']) && $values[$prefixName . $this->_field->getID() . '_2_hidden']) {
@unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $values[$prefixName . $this->_field->getID() . '_2_hidden']);
$this->_subfieldValues[2]->setValue('');
}
//set thumbnail (resize it if needed)
//create thumbnail path
$path = PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED;
$filename = "r" . $objectID . "_" . $this->_field->getID() . "_" . io::strtolower(SensitiveIO::sanitizeAsciiString($_FILES[$prefixName . $this->_field->getID() . '_0']["name"]));
if (io::strlen($filename) > 255) {
$filename = sensitiveIO::ellipsis($filename, 255, '-', true);
}
//move uploaded file
$fileDatas = CMS_file::uploadFile($prefixName . $this->_field->getID() . '_0', PATH_TMP_FS);
if ($fileDatas['error']) {
return false;
}
if (!CMS_file::moveTo(PATH_TMP_FS . '/' . $fileDatas['filename'], $path . "/" . $filename)) {
return false;
}
if ($params['maxWidth'] > 0) {
$oImage = new CMS_image($path . "/" . $filename);
//get current file size
$sizeX = $oImage->getWidth();
$sizeY = $oImage->getHeight();
//check thumbnail size
if ($sizeX > $params['maxWidth'] || $sizeY > $params['maxHeight']) {
$newSizeX = $sizeX;
$newSizeY = $sizeY;
// Check width
if ($params['maxWidth'] && $newSizeX > $params['maxWidth']) {
$newSizeY = round($params['maxWidth'] * $newSizeY / $newSizeX);
$newSizeX = $params['maxWidth'];
}
if ($params['maxHeight'] && $newSizeY > $params['maxHeight']) {
$newSizeX = round($params['maxHeight'] * $newSizeX / $newSizeY);
$newSizeY = $params['maxHeight'];
}
//resize image
$srcfilepath = $path . "/" . $filename;
$path_parts = pathinfo($srcfilepath);
$thumbnailFilename = io::substr($path_parts['basename'], 0, -(io::strlen($path_parts['extension']) + 1)) . '_thumbnail.' . $path_parts['extension'];
$destfilepath = $path . "/" . $thumbnailFilename;
$extension = io::strtolower($path_parts['extension']);
if (!$oImage->resize($newSizeX, $newSizeY, $destfilepath)) {
return false;
}
//if we use original image as image zoom, set it
if ($values[$prefixName . $this->_field->getID() . '_makeZoom'] == 1) {
//set image zoom
if (!$this->_subfieldValues[2]->setValue($filename)) {
return false;
}
} else {
//destroy original image
unlink($srcfilepath);
}
//set resized thumbnail
if (!$this->_subfieldValues[0]->setValue($thumbnailFilename)) {
return false;
}
} else {
//no need to resize thumbnail (below the maximum width), so set it
if (!$this->_subfieldValues[0]->setValue($filename)) {
return false;
}
//if we use original image as image zoom, set it
if ($values[$prefixName . $this->_field->getID() . '_makeZoom'] == 1) {
//set image zoom
if (!$this->_subfieldValues[2]->setValue($filename)) {
return false;
}
}
}
} else {
//no need to resize thumbnail, so set it
if (!$this->_subfieldValues[0]->setValue($filename)) {
return false;
}
//if we use original image as image zoom, set it
if ($values[$prefixName . $this->_field->getID() . '_makeZoom'] == 1) {
//set image zoom
if (!$this->_subfieldValues[2]->setValue($filename)) {
return false;
}
}
}
} elseif (isset($_FILES[$prefixName . $this->_field->getID() . '_0']) && $_FILES[$prefixName . $this->_field->getID() . '_0']['name'] && $_FILES[$prefixName . $this->_field->getID() . '_0']['error'] != 0) {
return false;
} elseif (isset($values[$prefixName . $this->_field->getID() . '_0_hidden']) && $values[$prefixName . $this->_field->getID() . '_0_hidden'] && (!isset($values[$prefixName . $this->_field->getID() . '_delete']) || $values[$prefixName . $this->_field->getID() . '_delete'] != 1)) {
//set label as image name if none set
if (!$this->_subfieldValues[0]->setValue($values[$prefixName . $this->_field->getID() . '_0_hidden'])) {
return false;
}
}
//image zoom (if needed)
if (isset($values[$prefixName . $this->_field->getID() . '_makeZoom']) && $values[$prefixName . $this->_field->getID() . '_makeZoom'] != 1 && isset($_FILES[$prefixName . $this->_field->getID() . '_2']['name']) && $_FILES[$prefixName . $this->_field->getID() . '_2']['name'] && !$_FILES[$prefixName . $this->_field->getID() . '_2']['error']) {
//check for image type before doing anything
if (!in_array(io::strtolower(pathinfo($_FILES[$prefixName . $this->_field->getID() . '_2']["name"], PATHINFO_EXTENSION)), $this->_allowedExtensions)) {
return false;
}
//create thumbnail path
$path = PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED;
$filename = "r" . $objectID . "_" . $this->_field->getID() . "_" . io::strtolower(SensitiveIO::sanitizeAsciiString($_FILES[$prefixName . $this->_field->getID() . '_2']["name"]));
if (io::strlen($filename) > 255) {
$filename = sensitiveIO::ellipsis($filename, 255, '-', true);
}
//move uploaded file
$fileDatas = CMS_file::uploadFile($prefixName . $this->_field->getID() . '_2', PATH_TMP_FS);
if ($fileDatas['error']) {
return false;
}
if (!CMS_file::moveTo(PATH_TMP_FS . '/' . $fileDatas['filename'], $path . "/" . $filename)) {
return false;
}
//set it
if (!$this->_subfieldValues[2]->setValue($filename)) {
return false;
}
} elseif (isset($_FILES[$prefixName . $this->_field->getID() . '_2']) && $_FILES[$prefixName . $this->_field->getID() . '_2']['name'] && $_FILES[$prefixName . $this->_field->getID() . '_2']['error'] != 0) {
return false;
} elseif (isset($values[$prefixName . $this->_field->getID() . '_2_hidden']) && $values[$prefixName . $this->_field->getID() . '_2_hidden'] && (!isset($values[$prefixName . $this->_field->getID() . '_delete']) || $values[$prefixName . $this->_field->getID() . '_delete'] != 1)) {
if (!$this->_subfieldValues[2]->setValue($values[$prefixName . $this->_field->getID() . '_2_hidden'])) {
return false;
}
}
return true;
}
}
/**
* Replace block definition vars.
*
* @param array data : the block datas
* @param string html_attributes : html attributes
* @param integer $location The location of the page
* @param boolean $public The needed precision for USERSPACE location
* @return string the HTML data
* @access public
*/
protected function _replaceBlockVars($data, $html_attributes, $location, $public)
{
//get folder for files
$folder = $this->_getFolderName($location, $public);
//must put the main website URL before
if ($public && ALTERNATIVE_DOMAIN) {
$mainurl = ALTERNATIVE_DOMAIN;
} else {
$mainurl = CMS_websitesCatalog::getCurrentDomain(@$this->_pageID);
}
$html = '<a href="' . $mainurl . PATH_MODULES_FILES_STANDARD_WR . '/' . $folder . '/' . $data["file"] . '"' . $html_attributes . ' title="' . io::htmlspecialchars($data["label"]) . '">' . $data["label"] . '</a>';
$file = new CMS_file(PATH_MODULES_FILES_STANDARD_FS . '/' . $folder . '/' . $data["file"]);
$filesize = $file->getFileSize();
$filesize = $filesize === false ? '0 M' : $filesize;
$filesdatas = explode('_', $data["file"]);
unset($filesdatas[0]);
$originalFilename = io::substr(implode('_', $filesdatas), 32);
$replace = array('{{data}}' => '<a href="' . $mainurl . PATH_MODULES_FILES_STANDARD_WR . '/' . $folder . '/' . $data["file"] . '"' . $html_attributes . ' title="' . io::htmlspecialchars($data["label"]) . '" class="atm-file atm-filetype-' . $file->getExtension() . '">' . io::htmlspecialchars($data["label"]) . '</a>', '{{href}}' => $mainurl . PATH_MODULES_FILES_STANDARD_WR . '/' . $folder . '/' . $data["file"], '{{filename}}' => $data["file"], '{{originalfilename}}' => $originalFilename, '{{label}}' => io::htmlspecialchars($data["label"]), '{{jslabel}}' => io::htmlspecialchars($data["label"]), '{{size}}' => $filesize, '{{type}}' => $file->getExtension(), '{{icon}}' => $file->getFileIcon(CMS_file::WEBROOT) ? '<img src="' . $file->getFileIcon(CMS_file::WEBROOT) . '" title="' . $file->getExtension() . '" alt="' . $file->getExtension() . '" />' : '');
return str_replace(array_keys($replace), $replace, $this->_definition);
}
* Used accross a fileupload request to process one uploaded file
*
* @package Automne
* @subpackage admin
* @author Sébastien Pauchet <*****@*****.**>
*/
require_once dirname(__FILE__) . '/../../cms_rc_admin.php';
//load interface instance
$view = CMS_view::getInstance();
//set default display mode for this page
$view->setDisplayMode(CMS_view::SHOW_JSON);
//This file is an admin file. Interface must be secure
$view->setSecure();
$file = sensitiveIO::sanitizeAsciiString(sensitiveIO::request('file'));
$module = sensitiveIO::sanitizeAsciiString(sensitiveIO::request('module'));
$visualisation = sensitiveIO::sanitizeAsciiString(sensitiveIO::request('visualisation'));
$fileDatas = array('filename' => '', 'filepath' => '', 'filesize' => '', 'fileicon' => '', 'module' => $module, 'visualisation' => $visualisation);
if (!$file || !$module) {
$view->setContent($fileDatas);
$view->show();
}
//check for the given file for queried module
if (!file_exists(PATH_MODULES_FILES_FS . '/' . $module . '/' . $visualisation . '/' . $file)) {
$view->setContent($fileDatas);
$view->show();
}
$file = new CMS_file(PATH_MODULES_FILES_FS . '/' . $module . '/' . $visualisation . '/' . $file);
//return file datas
$fileDatas = array('filename' => $file->getName(false), 'filepath' => $file->getFilePath(CMS_file::WEBROOT), 'filesize' => $file->getFileSize(), 'fileicon' => $file->getFileIcon(CMS_file::WEBROOT), 'extension' => $file->getExtension(), 'module' => $module, 'visualisation' => $visualisation);
$view->setContent($fileDatas);
$view->show();
/**
* set object Values
*
* @param array $values : the POST result values
* @param string prefixname : the prefix used for post names
* @param boolean newFormat : new automne v4 format (default false for compatibility)
* @param integer $objectID : the current object id. Must be set, but default is blank for compatibility with other objects
* @return boolean true on success, false on failure
* @access public
*/
function setValues($values, $prefixName, $newFormat = false, $objectID = '')
{
if (!sensitiveIO::isPositiveInteger($objectID)) {
$this->raiseError('ObjectID must be a positive integer : ' . $objectID);
return false;
}
//get field parameters
$params = $this->getParamsValues();
//get module codename
$moduleCodename = CMS_poly_object_catalog::getModuleCodenameForField($this->_field->getID());
if ($newFormat) {
//delete old files ?
//thumbnail
if ($this->_subfieldValues[1]->getValue() && (!$values[$prefixName . $this->_field->getID() . '_1'] || pathinfo($values[$prefixName . $this->_field->getID() . '_1'], PATHINFO_BASENAME) != $this->_subfieldValues[1]->getValue())) {
@unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[1]->getValue());
$this->_subfieldValues[1]->setValue('');
}
//file
if ($this->_subfieldValues[4]->getValue() && (!$values[$prefixName . $this->_field->getID() . '_4'] || pathinfo($values[$prefixName . $this->_field->getID() . '_4'], PATHINFO_BASENAME) != $this->_subfieldValues[4]->getValue())) {
@unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[4]->getValue());
$this->_subfieldValues[4]->setValue('');
//reset filesize
if (!$this->_subfieldValues[2]->setValue(0)) {
return false;
}
}
if (!(isset($values[$prefixName . $this->_field->getID() . '_0']) && $this->_subfieldValues[0]->setValue(io::htmlspecialchars($values[$prefixName . $this->_field->getID() . '_0'])))) {
return false;
}
//thumbnail
if (isset($values[$prefixName . $this->_field->getID() . '_1']) && $values[$prefixName . $this->_field->getID() . '_1'] && io::strpos($values[$prefixName . $this->_field->getID() . '_1'], PATH_UPLOAD_WR . '/') !== false) {
$filename = $values[$prefixName . $this->_field->getID() . '_1'];
//check for image type before doing anything
if (!in_array(io::strtolower(pathinfo($filename, PATHINFO_EXTENSION)), $this->_allowedExtensions)) {
return false;
}
//destroy old image if any
if ($this->_subfieldValues[1]->getValue()) {
@unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[1]->getValue());
$this->_subfieldValues[1]->setValue('');
}
//move and rename uploaded file
$filename = str_replace(PATH_UPLOAD_WR . '/', PATH_UPLOAD_FS . '/', $filename);
$basename = pathinfo($filename, PATHINFO_BASENAME);
//set thumbnail
$path = PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED;
$newBasename = "r" . $objectID . "_" . $this->_field->getID() . "_" . io::strtolower(SensitiveIO::sanitizeAsciiString($basename));
//rename image
$path_parts = pathinfo($newBasename);
$extension = io::strtolower($path_parts['extension']);
$newBasename = io::substr($path_parts['basename'], 0, -(io::strlen($extension) + 1)) . '_thumbnail.' . $extension;
if (io::strlen($newBasename) > 255) {
$newBasename = sensitiveIO::ellipsis($newBasename, 255, '-', true);
}
$newFilename = $path . '/' . $newBasename;
//move file from upload dir to new dir
CMS_file::moveTo($filename, $newFilename);
CMS_file::chmodFile(FILES_CHMOD, $newFilename);
//resize thumbnail if needed
if ($params['thumbMaxWidth'] > 0 || $params['thumbMaxHeight'] > 0) {
$oImage = new CMS_image($newFilename);
//get current file size
$sizeX = $oImage->getWidth();
$sizeY = $oImage->getHeight();
//check thumbnail size
list($sizeX, $sizeY) = @getimagesize($newFilename);
if ($params['thumbMaxWidth'] && $sizeX > $params['thumbMaxWidth'] || $params['thumbMaxHeight'] && $sizeY > $params['thumbMaxHeight']) {
$newSizeX = $sizeX;
$newSizeY = $sizeY;
// Check width
if ($params['thumbMaxWidth'] && $newSizeX > $params['thumbMaxWidth']) {
$newSizeY = round($params['thumbMaxWidth'] * $newSizeY / $newSizeX);
$newSizeX = $params['thumbMaxWidth'];
}
if ($params['thumbMaxHeight'] && $newSizeY > $params['thumbMaxHeight']) {
$newSizeX = round($params['thumbMaxHeight'] * $newSizeX / $newSizeY);
$newSizeY = $params['thumbMaxHeight'];
}
if (!$oImage->resize($newSizeX, $newSizeY, $newFilename)) {
return false;
}
}
}
//set thumbnail
if (!$this->_subfieldValues[1]->setValue($newBasename)) {
return false;
}
}
//File
//1- from external location
if (isset($values[$prefixName . $this->_field->getID() . '_externalfile']) && $values[$prefixName . $this->_field->getID() . '_externalfile']) {
//from FTP directory
$filename = $values[$prefixName . $this->_field->getID() . '_externalfile'];
//check file extension
if ($params['allowedType'] || $params['disallowedType']) {
$extension = io::strtolower(pathinfo($filename, PATHINFO_EXTENSION));
if (!$extension) {
return false;
}
//extension must be in allowed list
if ($params['allowedType'] && !in_array($extension, explode(',', io::strtolower($params['allowedType'])))) {
return false;
}
//extension must not be in disallowed list
if ($params['disallowedType'] && in_array($extension, explode(',', io::strtolower($params['disallowedType'])))) {
return false;
}
}
//destroy old file if any
if ($this->_subfieldValues[4]->getValue()) {
@unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[4]->getValue());
$this->_subfieldValues[4]->setValue('');
}
$new_filename = 'r' . $objectID . "_" . $this->_field->getID() . "_" . io::strtolower(SensitiveIO::sanitizeAsciiString($filename));
if (io::strlen($new_filename) > 255) {
$new_filename = sensitiveIO::ellipsis($new_filename, 255, '-', true);
}
$destination_path = PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/';
$ftp_dir = PATH_REALROOT_FS . $params['ftpDir'];
if (@file_exists($ftp_dir . $filename) && is_file($ftp_dir . $filename)) {
if (CMS_file::moveTo($ftp_dir . $filename, $destination_path . '/' . $new_filename)) {
CMS_file::chmodFile(FILES_CHMOD, $destination_path . '/' . $new_filename);
//set label as file name if none set
if (!$values[$prefixName . $this->_field->getID() . '_0']) {
if (!$this->_subfieldValues[0]->setValue(io::htmlspecialchars($filename))) {
return false;
}
}
//set it
if (!$this->_subfieldValues[4]->setValue($new_filename)) {
return false;
}
//and set filesize
$filesize = @filesize($destination_path . '/' . $new_filename);
if ($filesize !== false && $filesize > 0) {
//convert in MB
$filesize = round($filesize / 1048576, 2);
} else {
$filesize = '0';
}
if (!$this->_subfieldValues[2]->setValue($filesize)) {
return false;
}
//set file type
if (!$this->_subfieldValues[3]->setValue(self::OBJECT_FILE_TYPE_INTERNAL)) {
return false;
}
} else {
return false;
}
} else {
return false;
}
} else {
//2- from post
if ($values[$prefixName . $this->_field->getID() . '_4'] && io::strpos($values[$prefixName . $this->_field->getID() . '_4'], PATH_UPLOAD_WR . '/') !== false) {
//check file extension
if ($params['allowedType'] || $params['disallowedType']) {
$extension = io::strtolower(pathinfo($values[$prefixName . $this->_field->getID() . '_4'], PATHINFO_EXTENSION));
if (!$extension) {
return false;
}
//extension must be in allowed list
if ($params['allowedType'] && !in_array($extension, explode(',', io::strtolower($params['allowedType'])))) {
return false;
}
//extension must not be in disallowed list
if ($params['disallowedType'] && in_array($extension, explode(',', io::strtolower($params['disallowedType'])))) {
return false;
}
}
//set file type
if (!$this->_subfieldValues[3]->setValue(self::OBJECT_FILE_TYPE_INTERNAL)) {
return false;
}
//destroy old file if any
if ($this->_subfieldValues[4]->getValue()) {
@unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[4]->getValue());
$this->_subfieldValues[4]->setValue('');
}
//move and rename uploaded file
$filename = str_replace(PATH_UPLOAD_WR . '/', PATH_UPLOAD_FS . '/', $values[$prefixName . $this->_field->getID() . '_4']);
$basename = pathinfo($filename, PATHINFO_BASENAME);
//create file path
$path = PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED;
$newBasename = "r" . $objectID . "_" . $this->_field->getID() . "_" . io::strtolower(SensitiveIO::sanitizeAsciiString($basename));
if (io::strlen($newBasename) > 255) {
$newBasename = sensitiveIO::ellipsis($newBasename, 255, '-', true);
}
$newFilename = $path . '/' . $newBasename;
if (!CMS_file::moveTo($filename, $newFilename)) {
return false;
}
CMS_file::chmodFile(FILES_CHMOD, $newFilename);
//set it
if (!$this->_subfieldValues[4]->setValue($newBasename)) {
return false;
}
//and set filesize
$filesize = @filesize($newFilename);
if ($filesize !== false && $filesize > 0) {
//convert in MB
$filesize = round($filesize / 1048576, 2);
} else {
$filesize = '0';
}
if (!$this->_subfieldValues[2]->setValue($filesize)) {
return false;
}
}
}
// If label not set yet, set it
if (!$this->_subfieldValues[0]->getValue()) {
if ($this->_subfieldValues[4]->getValue()) {
$this->_subfieldValues[0]->setValue($this->_subfieldValues[4]->getValue());
}
}
//update files infos if needed
if ($this->_subfieldValues[1]->getValue() && file_exists(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[1]->getValue())) {
$file = new CMS_file(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[1]->getValue());
$imageDatas = array('filename' => $file->getName(false), 'filepath' => $file->getFilePath(CMS_file::WEBROOT), 'filesize' => $file->getFileSize(), 'fileicon' => $file->getFileIcon(CMS_file::WEBROOT), 'extension' => $file->getExtension());
} else {
$imageDatas = array('filename' => '', 'filepath' => '', 'filesize' => '', 'fileicon' => '', 'extension' => '');
}
//update files infos if needed
if ($this->_subfieldValues[4]->getValue() && file_exists(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[4]->getValue())) {
$file = new CMS_file(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[4]->getValue());
$fileDatas = array('filename' => $file->getName(false), 'filepath' => $file->getFilePath(CMS_file::WEBROOT), 'filesize' => $file->getFileSize(), 'fileicon' => $file->getFileIcon(CMS_file::WEBROOT), 'extension' => $file->getExtension());
} else {
$fileDatas = array('filename' => '', 'filepath' => '', 'filesize' => '', 'fileicon' => '', 'extension' => '');
}
$imageDatas['module'] = $fileDatas['module'] = $moduleCodename;
$imageDatas['visualisation'] = $fileDatas['visualisation'] = RESOURCE_DATA_LOCATION_EDITED;
$content = array('datas' => array('polymodFieldsValue[' . $prefixName . $this->_field->getID() . '_1]' => $imageDatas, 'polymodFieldsValue[' . $prefixName . $this->_field->getID() . '_4]' => $fileDatas, 'polymodFieldsValue[' . $prefixName . $this->_field->getID() . '_externalfile]' => '', 'polymodFieldsValue[' . $prefixName . $this->_field->getID() . '_0]' => sensitiveIO::decodeEntities($this->_subfieldValues[0]->getValue())));
$view = CMS_view::getInstance();
$view->addContent($content);
return true;
} else {
//Old format
//delete old files ?
if (isset($values[$prefixName . $this->_field->getID() . '_delete']) && $values[$prefixName . $this->_field->getID() . '_delete'] == 1) {
//thumbnail
if ($this->_subfieldValues[1]->getValue()) {
@unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[1]->getValue());
$this->_subfieldValues[1]->setValue('');
} elseif ($values[$prefixName . $this->_field->getID() . '_1_hidden']) {
@unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $values[$prefixName . $this->_field->getID() . '_1_hidden']);
$this->_subfieldValues[1]->setValue('');
}
//file
if ($this->_subfieldValues[4]->getValue()) {
@unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[4]->getValue());
$this->_subfieldValues[4]->setValue('');
} elseif ($values[$prefixName . $this->_field->getID() . '_4_hidden']) {
@unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $values[$prefixName . $this->_field->getID() . '_4_hidden']);
$this->_subfieldValues[4]->setValue('');
}
//reset filesize
if (!$this->_subfieldValues[2]->setValue(0)) {
return false;
}
}
if (!(isset($values[$prefixName . $this->_field->getID() . '_0']) && $this->_subfieldValues[0]->setValue(io::htmlspecialchars($values[$prefixName . $this->_field->getID() . '_0'])))) {
return false;
}
//thumbnail
if (isset($_FILES[$prefixName . $this->_field->getID() . '_1']) && $_FILES[$prefixName . $this->_field->getID() . '_1']['name'] && !$_FILES[$prefixName . $this->_field->getID() . '_1']['error']) {
//check for image type before doing anything
if (!in_array(io::strtolower(pathinfo($_FILES[$prefixName . $this->_field->getID() . '_1']["name"], PATHINFO_EXTENSION)), $this->_allowedExtensions)) {
return false;
}
//destroy old image if any
if ($this->_subfieldValues[1]->getValue()) {
@unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[1]->getValue());
$this->_subfieldValues[1]->setValue('');
} elseif ($values[$prefixName . $this->_field->getID() . '_1_hidden']) {
@unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $values[$prefixName . $this->_field->getID() . '_1_hidden']);
$this->_subfieldValues[1]->setValue('');
}
//set thumbnail (resize it if needed)
//create thumbnail path
$path = PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED;
$filename = "r" . $objectID . "_" . $this->_field->getID() . "_" . io::strtolower(SensitiveIO::sanitizeAsciiString($_FILES[$prefixName . $this->_field->getID() . '_1']["name"]));
if (io::strlen($filename) > 255) {
$filename = sensitiveIO::ellipsis($filename, 255, '-', true);
}
//move uploaded file
$fileDatas = CMS_file::uploadFile($prefixName . $this->_field->getID() . '_1', PATH_TMP_FS);
if ($fileDatas['error']) {
return false;
}
if (!CMS_file::moveTo(PATH_TMP_FS . '/' . $fileDatas['filename'], $path . "/" . $filename)) {
return false;
}
if ($params['thumbMaxWidth'] > 0 || $params['thumbMaxHeight'] > 0) {
$oImage = new CMS_image($path . "/" . $filename);
//get current file size
$sizeX = $oImage->getWidth();
$sizeY = $oImage->getHeight();
//check thumbnail size
if ($sizeX > $params['thumbMaxWidth'] || $sizeX > $params['thumbMaxHeight']) {
$newSizeX = $sizeX;
$newSizeY = $sizeY;
// Check width
if ($params['thumbMaxWidth'] && $newSizeX > $params['thumbMaxWidth']) {
$newSizeY = round($params['thumbMaxWidth'] * $newSizeY / $newSizeX);
$newSizeX = $params['thumbMaxWidth'];
}
if ($params['thumbMaxHeight'] && $newSizeY > $params['thumbMaxHeight']) {
$newSizeX = round($params['thumbMaxHeight'] * $newSizeX / $newSizeY);
$newSizeY = $params['thumbMaxHeight'];
}
//resize image
$srcfilepath = $path . "/" . $filename;
$path_parts = pathinfo($srcfilepath);
$thumbnailFilename = io::substr($path_parts['basename'], 0, -(io::strlen($path_parts['extension']) + 1)) . '.png';
$destfilepath = $path . "/" . $thumbnailFilename;
if (!$oImage->resize($newSizeX, $newSizeY, $destfilepath)) {
return false;
}
//destroy original image
@unlink($srcfilepath);
//set resized thumbnail
if (!$this->_subfieldValues[1]->setValue($thumbnailFilename)) {
return false;
}
} else {
//no need to resize thumbnail (below the maximum width), so set it
if (!$this->_subfieldValues[1]->setValue($filename)) {
return false;
}
}
} else {
//no need to resize thumbnail (no size limit), so set it
if (!$this->_subfieldValues[1]->setValue($filename)) {
return false;
}
}
} elseif (isset($_FILES[$prefixName . $this->_field->getID() . '_1']) && $_FILES[$prefixName . $this->_field->getID() . '_1']['name'] && $_FILES[$prefixName . $this->_field->getID() . '_1']['error'] != 0) {
return false;
} elseif (isset($values[$prefixName . $this->_field->getID() . '_1_hidden']) && $values[$prefixName . $this->_field->getID() . '_1_hidden'] && $values[$prefixName . $this->_field->getID() . '_delete'] != 1) {
if (!$this->_subfieldValues[1]->setValue($values[$prefixName . $this->_field->getID() . '_1_hidden'])) {
return false;
}
}
//File
//1- from external location
if (isset($values[$prefixName . $this->_field->getID() . '_externalfile']) && $values[$prefixName . $this->_field->getID() . '_externalfile']) {
//destroy old file if any
if ($this->_subfieldValues[4]->getValue()) {
@unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[4]->getValue());
$this->_subfieldValues[4]->setValue('');
} elseif ($values[$prefixName . $this->_field->getID() . '_4_hidden']) {
@unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $values[$prefixName . $this->_field->getID() . '_4_hidden']);
$this->_subfieldValues[4]->setValue('');
}
//from FTP directory
$filename = $values[$prefixName . $this->_field->getID() . '_externalfile'];
//io::substr($values[$prefixName.$this->_field->getID().'_externalfile'], 1);
//check file extension
if ($params['allowedType'] || $params['disallowedType']) {
$extension = io::strtolower(pathinfo($filename, PATHINFO_EXTENSION));
if (!$extension) {
return false;
}
//extension must be in allowed list
if ($params['allowedType'] && !in_array($extension, explode(',', io::strtolower($params['allowedType'])))) {
return false;
}
//extension must not be in disallowed list
if ($params['disallowedType'] && in_array($extension, explode(',', io::strtolower($params['disallowedType'])))) {
return false;
}
}
$new_filename = 'r' . $objectID . "_" . $this->_field->getID() . "_" . io::strtolower(SensitiveIO::sanitizeAsciiString($filename));
if (io::strlen($new_filename) > 255) {
$new_filename = sensitiveIO::ellipsis($new_filename, 255, '-', true);
}
$destination_path = PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/';
$ftp_dir = PATH_REALROOT_FS . $params['ftpDir'];
if (@file_exists($ftp_dir . $filename) && is_file($ftp_dir . $filename)) {
if (@copy($ftp_dir . $filename, $destination_path . '/' . $new_filename)) {
@chmod($destination_path . '/' . $new_filename, octdec(FILES_CHMOD));
//set label as file name if none set
if (!$values[$prefixName . $this->_field->getID() . '_0']) {
if (!$this->_subfieldValues[0]->setValue(io::htmlspecialchars($filename))) {
return false;
}
}
//set it
if (!$this->_subfieldValues[4]->setValue($new_filename)) {
return false;
}
//and set filesize
$filesize = @filesize($destination_path . '/' . $new_filename);
if ($filesize !== false && $filesize > 0) {
//convert in MB
$filesize = round($filesize / 1048576, 2);
} else {
$filesize = '0';
}
if (!$this->_subfieldValues[2]->setValue($filesize)) {
return false;
}
//set file type
if (!$this->_subfieldValues[3]->setValue(self::OBJECT_FILE_TYPE_INTERNAL)) {
return false;
}
} else {
return false;
}
} else {
return false;
}
} else {
//2- from post
if (isset($_FILES[$prefixName . $this->_field->getID() . '_4']) && $_FILES[$prefixName . $this->_field->getID() . '_4']['name'] && !$_FILES[$prefixName . $this->_field->getID() . '_4']['error']) {
//check file extension
if ($params['allowedType'] || $params['disallowedType']) {
$extension = io::strtolower(pathinfo($_FILES[$prefixName . $this->_field->getID() . '_4']['name'], PATHINFO_EXTENSION));
if (!$extension) {
return false;
}
//extension must be in allowed list
if ($params['allowedType'] && !in_array($extension, explode(',', io::strtolower($params['allowedType'])))) {
return false;
}
//extension must not be in disallowed list
if ($params['disallowedType'] && in_array($extension, explode(',', io::strtolower($params['disallowedType'])))) {
return false;
}
}
//set label as image name if none set
if (!$values[$prefixName . $this->_field->getID() . '_0']) {
if (!$this->_subfieldValues[0]->setValue(io::htmlspecialchars($_FILES[$prefixName . $this->_field->getID() . '_4']["name"]))) {
return false;
}
}
//set file type
if (!$this->_subfieldValues[3]->setValue(self::OBJECT_FILE_TYPE_INTERNAL)) {
return false;
}
//destroy old file if any
if ($this->_subfieldValues[4]->getValue()) {
@unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[4]->getValue());
$this->_subfieldValues[4]->setValue('');
}
//create thumnail path
$path = PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED;
$filename = "r" . $objectID . "_" . $this->_field->getID() . "_" . io::strtolower(SensitiveIO::sanitizeAsciiString($_FILES[$prefixName . $this->_field->getID() . '_4']["name"]));
if (io::strlen($filename) > 255) {
$filename = sensitiveIO::ellipsis($filename, 255, '-', true);
}
//move uploaded file
$fileDatas = CMS_file::uploadFile($prefixName . $this->_field->getID() . '_4', PATH_TMP_FS);
if ($fileDatas['error']) {
return false;
}
if (!CMS_file::moveTo(PATH_TMP_FS . '/' . $fileDatas['filename'], $path . "/" . $filename)) {
return false;
}
//set it
if (!$this->_subfieldValues[4]->setValue($filename)) {
return false;
}
//and set filesize
$filesize = @filesize($path . "/" . $filename);
if ($filesize !== false && $filesize > 0) {
//convert in MB
$filesize = round($filesize / 1048576, 2);
} else {
$filesize = '0';
}
if (!$this->_subfieldValues[2]->setValue($filesize)) {
return false;
}
} elseif (isset($_FILES[$prefixName . $this->_field->getID() . '_4']) && $_FILES[$prefixName . $this->_field->getID() . '_4']['name'] && $_FILES[$prefixName . $this->_field->getID() . '_4']['error'] != 0) {
return false;
} else {
//from hidden fields (previously set but not already saved)
if (isset($values[$prefixName . $this->_field->getID() . '_4_hidden']) && $values[$prefixName . $this->_field->getID() . '_4_hidden'] && (!isset($values[$prefixName . $this->_field->getID() . '_delete']) || $values[$prefixName . $this->_field->getID() . '_delete'] != 1)) {
//set label as image name if none set
if ($values[$prefixName . $this->_field->getID() . '_0']) {
if (!$this->_subfieldValues[0]->setValue(io::htmlspecialchars($values[$prefixName . $this->_field->getID() . '_0']))) {
return false;
}
}
//set filesize
if (!$this->_subfieldValues[2]->setValue($values[$prefixName . $this->_field->getID() . '_2_hidden'])) {
return false;
}
//set file type
if (!$this->_subfieldValues[3]->setValue($values[$prefixName . $this->_field->getID() . '_3_hidden'])) {
return false;
}
if (!$this->_subfieldValues[4]->setValue($values[$prefixName . $this->_field->getID() . '_4_hidden'])) {
return false;
}
}
}
}
// If label not set yet, set it
if (!$this->_subfieldValues[0]->getValue()) {
if ($this->_subfieldValues[4]->getValue()) {
$this->_subfieldValues[0]->setValue($this->_subfieldValues[4]->getValue());
}
}
return true;
}
}
/**
* Upload a file with as much as security we can
*
* @param string $fileVarName, var name in which we can found the file in $_FILES
* @param string $destinationDirFS, the destination dir in which we want the file to be moved
* @return array of uploaded file meta datas
*/
function uploadFile($fileVarName = 'Filedata', $destinationDirFS = PATH_UPLOAD_FS)
{
//for security, clean all files older than 4h in both uploads directories
$yesterday = time() - 14400;
//4h
try {
foreach (new DirectoryIterator(PATH_UPLOAD_FS) as $file) {
if ($file->isFile() && $file->getFilename() != ".htaccess" && $file->getMTime() < $yesterday) {
@unlink($file->getPathname());
}
}
} catch (Exception $e) {
}
try {
foreach (new DirectoryIterator(PATH_UPLOAD_VAULT_FS) as $file) {
if ($file->isFile() && $file->getFilename() != ".htaccess" && $file->getMTime() < $yesterday) {
@unlink($file->getPathname());
}
}
} catch (Exception $e) {
}
//init returned file datas
$fileDatas = array('error' => 0, 'filename' => '', 'filepath' => '', 'filesize' => '', 'fileicon' => '', 'success' => false);
// Check if the upload exists
if (!isset($_FILES[$fileVarName]) || !is_uploaded_file($_FILES[$fileVarName]["tmp_name"]) || $_FILES[$fileVarName]["error"] != 0) {
CMS_grandFather::raiseError('Uploaded file has an error : ' . print_r($_FILES, true));
$fileDatas['error'] = CMS_file::UPLOAD_UPLOAD_FAILED;
$view->setContent($fileDatas);
$view->show();
}
//move uploaded file to upload vault (and rename it with a clean name if needed)
$originalFilename = io::sanitizeAsciiString($_FILES[$fileVarName]["name"]);
if (io::strlen($originalFilename) > 250) {
$originalFilename = sensitiveIO::ellipsis($originalFilename, 250, '-');
}
//remove multiple extensions to avoid double extension threat (cf. http://www.acunetix.com/websitesecurity/upload-forms-threat.htm)
if (substr_count('.', $originalFilename) > 1) {
$parts = pathinfo($originalFilename);
$originalFilename = str_replace('.', '-', $parts['filename']) . '.' . $parts['extension'];
}
$count = 2;
$filename = $originalFilename;
while (file_exists(PATH_UPLOAD_VAULT_FS . '/' . $filename) || file_exists($destinationDirFS . '/' . $filename)) {
$pathinfo = pathinfo($originalFilename);
$filename = $pathinfo['filename'] . '-' . $count++ . '.' . $pathinfo['extension'];
}
if (!@move_uploaded_file($_FILES[$fileVarName]["tmp_name"], PATH_UPLOAD_VAULT_FS . '/' . $filename)) {
CMS_grandFather::raiseError('Can\'t move uploaded file to : ' . PATH_UPLOAD_VAULT_FS . '/' . $filename);
$fileDatas['error'] = CMS_file::UPLOAD_FILE_VALIDATION_FAILED;
return $fileDatas;
}
$file = new CMS_file(PATH_UPLOAD_VAULT_FS . '/' . $filename);
$file->chmod(FILES_CHMOD);
//check uploaded file
if (!$file->checkUploadedFile()) {
$file->delete();
$fileDatas['error'] = CMS_file::UPLOAD_SECURITY_ERROR;
return $fileDatas;
}
//move file to final directory
if (!CMS_file::moveTo(PATH_UPLOAD_VAULT_FS . '/' . $filename, $destinationDirFS . '/' . $filename)) {
$fileDatas['error'] = CMS_file::UPLOAD_FILE_VALIDATION_FAILED;
return $fileDatas;
}
$file = new CMS_file($destinationDirFS . '/' . $filename);
$file->chmod(FILES_CHMOD);
//return file datas
$fileDatas = array('error' => 0, 'filename' => $file->getName(false), 'filepath' => $file->getFilePath(CMS_file::WEBROOT), 'filesize' => $file->getFileSize(), 'fileicon' => $file->getFileIcon(CMS_file::WEBROOT), 'extension' => $file->getExtension(), 'success' => true);
return $fileDatas;
}
