/** * Returns a unused filename in CATS_TEMP_DIR. * // FIXME: Merge me with makeRandomFilename(). * * @return string filename */ public static function makeRandomTemporaryFilePath() { /* Even though the possibility of generating a filename that * already exists is small, we need to handle it just in case. */ do { $filePath = CATS_TEMP_DIR . '/' . FileUtility::makeRandomFilename(); } while (file_exists($filePath)); return $filePath; }
private function onImport() { if ($this->_accessLevel < ACCESS_LEVEL_EDIT) { CommonErrors::fatal(COMMONERROR_PERMISSION, $this, 'Invalid user level for action.'); } set_time_limit(500); $this->setImportTypes(); $dataType = $this->getTrimmedInput('dataType', $_POST); $importInto = $this->getTrimmedInput('importInto', $_POST); if (empty($dataType)) { $this->_template->assign('errorMessage', 'No data type was specified.'); $this->importSelectType(); return; } if (empty($importInto) && $dataType != 'Resume') { $this->_template->assign('errorMessage', 'No destination was specified.'); $this->importSelectType(); return; } /* If a file was submitted, then the user sent what colums he wanted to use already. */ if (isset($_POST['fileName'])) { if ($_SESSION['CATS']->isDemo()) { CommonErrors::fatal(COMMONERROR_PERMISSION, $this, 'Demo user can not import data.'); } if (!eval(Hooks::get('IMPORT_ON_IMPORT_1'))) { return; } switch ($dataType) { case 'Text File': $this->onImportFieldsDelimited(); return; default: $this->_template->assign('errorMessage', 'No 2nd parser has been included for the specified data type.'); $this->import(); return; } } /* Otherwise, parse the file... */ if (!eval(Hooks::get('IMPORT_ON_IMPORT_2'))) { return; } if (!isset($_FILES['file']) || empty($_FILES['file']['name'])) { $errorMessage = sprintf('No file was uploaded.'); $this->_template->assign('errorMessage', $errorMessage); $this->importSelectType(); return; } /* Get file metadata. */ $originalFilename = $_FILES['file']['name']; $tempFilename = $_FILES['file']['tmp_name']; $contentType = $_FILES['file']['type']; $fileSize = $_FILES['file']['size']; $fileUploadError = $_FILES['file']['error']; /* Recover from magic quotes. Note that tmp_name doesn't appear to * get escaped, and stripslashes() on it breaks on Windows. - Will */ if (get_magic_quotes_gpc()) { $originalFilename = stripslashes($originalFilename); $contentType = stripslashes($contentType); } if ($fileUploadError != UPLOAD_ERR_OK) { $this->_template->assign('errorMessage', FileUtility::getErrorMessage($fileUploadError)); $this->importSelectType(); return; } if ($fileSize <= 0) { $this->_template->assign('errorMessage', 'File size is less than 1 byte.'); $this->importSelectType(); return; } /* Make sure the attachments directory exists and create it if not. */ if (!is_dir(CATS_TEMP_DIR)) { $errorMessage = sprintf('Directory \'%s\' does not exist. CATS is not configured correctly.', CATS_TEMP_DIR); $this->_template->assign('errorMessage', $errorMessage); $this->importSelectType(); return; } /* Make a blind attempt to recover from invalid permissions. */ @chmod(CATS_TEMP_DIR, 0777); /* Make a random file name for the file. */ if ($dataType != 'Resume') { $randomFile = FileUtility::makeRandomFilename($tempFilename) . '.tmp'; } else { $randomFile = $originalFilename; } /* Build new path information for the file. */ $newFileFullPath = CATS_TEMP_DIR . '/' . $randomFile; if (!@copy($tempFilename, $newFileFullPath)) { $errorMessage = sprintf('Cannot copy temporary file from %s to %s.', $tempFilename, $newFileFullPath); $this->_template->assign('errorMessage', $errorMessage); $this->importSelectType(); return; } /* Try to remove the temp file; if it fails it doesn't matter. */ @unlink($tempFilename); /* Store the file ID as a valid file ID (so users can't inject other file ids to read files they shouldn't be reading. */ $_SESSION['CATS']->validImportFileIDs[] = $randomFile; if (!eval(Hooks::get('IMPORT_ON_IMPORT_3'))) { return; } switch ($dataType) { case 'Text File': $this->onImportDelimited($randomFile); break; default: $this->_template->assign('errorMessage', 'No parser exists for the specified data type.'); $this->importSelectType(); break; } }
/** * Executes a shell command in a platform-independent way and returns the * results in an array containing the exact system command executed, the * raw output of that command, and the command's return code. * * @param string command to execute * @return array command results */ private function _executeCommand($command) { /* Running on Windows? */ if (SystemUtility::isWindows()) { /* Generate a random temp file name. */ $tempFile = sprintf('%s/%s.txt', realpath(CATS_TEMP_DIR), FileUtility::makeRandomFilename()); /* Create a new COM Windows Scripting Host Shell object. */ $WSHShell = new COM('WScript.Shell'); /* Build the command to execute. */ $command = sprintf('cmd.exe /C "%s > "%s""', $command, $tempFile); /* Execute the command via the Windows Scripting Host Shell. */ $returnCode = $WSHShell->Run($command, 0, true); /* Grab the contents of the temporary file and remove it. */ $output = file($tempFile); @unlink($tempFile); } else { @exec($command, $output, $returnCode); } return array('command' => $command, 'output' => $output, 'returnCode' => $returnCode); }