/** * Uploads file to the given media folder. * * @param array $files The array of Files (file descriptor returned by PHP) * @param string $destinationFolder Name of a folder in media/com_redcore/. * @param array $options Array of options for check * maxFileSize => Maximum allowed file size. Set 0 to disable check * allowedFileExtensions => Comma separated string list of allowed file extensions. * allowedMIMETypes => Comma separated string list of allowed MIME types. * setUniqueFileName => If set this will mangle destination file name * overrideExistingFile => If set this will override File with the same name if it exists * * @return array|bool */ public static function uploadFiles($files, $destinationFolder, $options = array()) { jimport('joomla.filesystem.file'); jimport('joomla.filesystem.path'); $app = JFactory::getApplication(); $resultFile = array(); foreach ($files as &$file) { // Get unique name if (!empty($options['setUniqueFileName'])) { $fileExtension = self::getExt($file['name']); $file['destinationFileName'] = self::getUniqueName($file['name']) . '.' . $fileExtension; } else { $file['destinationFileName'] = self::makeSafe($file['name']); } // Get full path $file['filePath'] = JPath::clean($destinationFolder . '/' . $file['destinationFileName']); // Can we upload this file type? if (!self::canUpload($file, $options)) { return false; } } JPluginHelper::importPlugin('content'); $dispatcher = RFactory::getDispatcher(); foreach ($files as &$file) { // Trigger the onContentBeforeSave event. $objectFile = new JObject($file); $result = $dispatcher->trigger('onContentBeforeSave', array('com_redcore.file', &$objectFile, true)); if (in_array(false, $result, true)) { // There are some errors in the plugins $errors = $objectFile->getErrors(); $app->enqueueMessage(JText::sprintf('LIB_REDCORE_ERROR_BEFORE_SAVE', implode('<br />', $errors)), 'error'); return false; } if (!self::upload($objectFile->tmp_name, $objectFile->filePath)) { // Error in upload $app->enqueueMessage(JText::_('LIB_REDCORE_ERROR_UNABLE_TO_UPLOAD_FILE'), 'error'); return false; } else { // Trigger the onContentAfterSave event. $dispatcher->trigger('onContentAfterSave', array('com_redcore.file', &$objectFile, true)); } $resultFile[] = array('original_filename' => $objectFile->name, 'uploaded_filename' => $objectFile->destinationFileName, 'mime_type' => !empty($objectFile->mimeTypeName) ? $objectFile->mimeTypeName : self::getMimeType($file), 'filepath' => $objectFile->filePath); } // Return the file info return $resultFile; }
/** * Method for uploading a file * * @since 1.5 * @return void */ function save() { $dispatcher = JDispatcher::getInstance(); $params = JComponentHelper::getParams('com_playjoom'); $allowableExtensions = $params->get('upload_cover_extensions', 'jpg,jpeg,png,gif'); // Check for request forgeries JRequest::checkToken('request') or jexit(JText::_('JINVALID_TOKEN')); // Get the user $user = JFactory::getUser(); // Get some data from the request $file = JRequest::getVar('Filedata', '', 'files', 'array'); $ArtistAlbum = JRequest::getVar('artistalbum'); $this->folder = $this->input->get('folder', '', 'path'); $return = null; $dispatcher->trigger('onEventLogging', array(array('method' => __METHOD__ . ":" . __LINE__, 'message' => 'Start uploading and save cover for: ' . $ArtistAlbum . ', file ' . $file['name'], 'priority' => JLog::INFO, 'section' => 'admin'))); // Set the redirect //$this->setRedirect(JRoute::_('index.php?option=com_playjoom&view=covers')); $file['name'] = JFile::makeSafe($file['name']); if (isset($file['name'])) { // The request is valid $err = null; if (!PlayJoomMediaHelper::canUpload($file, $err, $allowableExtensions)) { // The file can't be upload JError::raiseNotice(100, JText::_($err)); $dispatcher->trigger('onEventLogging', array(array('method' => __METHOD__ . ":" . __LINE__, 'message' => 'The file ' . $file['name'] . ' can\'t be upload. Error: ' . $err, 'priority' => JLog::ERROR, 'section' => 'admin'))); return false; } //Get global tmp path $tmp_path = JFactory::getConfig()->get('tmp_path'); $filepath = JPath::clean($tmp_path . '/image/' . strtolower($file['name'])); // Trigger the onContentBeforeSave event. JPluginHelper::importPlugin('content'); $object_file = new JObject($file); $object_file->filepath = $filepath; $result = $dispatcher->trigger('onContentBeforeSave', array('com_playjoom.file', &$object_file)); if (in_array(false, $result, true)) { // There are some errors in the plugins $dispatcher->trigger('onEventLogging', array(array('method' => __METHOD__ . ":" . __LINE__, 'message' => 'Error occours before saving. ' . $object_file->getErrors(), 'priority' => JLog::ERROR, 'section' => 'admin'))); JError::raiseWarning(100, JText::plural('COM_PLAYJOOM_ERROR_BEFORE_SAVE', count($errors = $object_file->getErrors()), implode('<br />', $errors))); return false; } $file = (array) $object_file; if (JFile::exists($filepath)) { // File exists JError::raiseWarning(100, JText::_('COM_PLAYJOOM_ERROR_FILE_EXISTS')); $dispatcher->trigger('onEventLogging', array(array('method' => __METHOD__ . ":" . __LINE__, 'message' => 'File already exists. ' . $filepath, 'priority' => JLog::ERROR, 'section' => 'admin'))); return false; } elseif (!$user->authorise('core.create', 'com_playjoom')) { // File does not exist and user is not authorised to create JError::raiseWarning(403, JText::_('COM_PLAYJOOM_ERROR_CREATE_NOT_PERMITTED')); $dispatcher->trigger('onEventLogging', array(array('method' => __METHOD__ . ":" . __LINE__, 'message' => 'The User ' . $user->get('username') . ' has not permitted to upload the file: ' . $file, 'priority' => JLog::ERROR, 'section' => 'admin'))); return false; } if (!JFile::upload($file['tmp_name'], $file['filepath'])) { // Error in upload JError::raiseWarning(100, JText::_('COM_PLAYJOOM_ERROR_UNABLE_TO_UPLOAD_FILE')); $dispatcher->trigger('onEventLogging', array(array('method' => __METHOD__ . ":" . __LINE__, 'message' => 'Unable to upload file: ' . $file['tmp_name'] . ' in path: ' . $file['filepath'], 'priority' => JLog::ERROR, 'section' => 'admin'))); return false; } else { if (PlayJoomControllerAddCover::AddCover($file['filepath'], $ArtistAlbum)) { // Trigger the onContentAfterSave event. $dispatcher->trigger('onContentAfterSave', array('com_playjoom.file', &$object_file, true)); $dispatcher->trigger('onEventLogging', array(array('method' => __METHOD__ . ":" . __LINE__, 'message' => 'Saving cover complete. File: ' . $file['filepath'], 'priority' => JLog::INFO, 'section' => 'admin'))); $link = JRoute::_('index.php?option=com_playjoom&view=covers', false); $msg = JText::sprintf('COM_PLAYJOOM_UPLOAD_COMPLETE', substr($file['filepath'], strlen(PLAYJOOM_BASE_PATH))); $this->setRedirect($link, $msg); //Delete temp cover file, after adding in database unlink($file['filepath']); return true; } else { $this->setMessage(JText::sprintf('COM_PLAYJOOM_FAULTY_TOADD_DATABASE', substr($file['filepath'], strlen(PLAYJOOM_BASE_PATH)))); $dispatcher->trigger('onEventLogging', array(array('method' => __METHOD__ . ":" . __LINE__, 'message' => 'Not Possible to add the cover into the database', 'priority' => JLog::ERROR, 'section' => 'admin'))); //Delete temp cover file, after adding in database unlink($file['filepath']); } return true; } } else { $dispatcher->trigger('onEventLogging', array(array('method' => __METHOD__ . ":" . __LINE__, 'message' => JText::_('COM_PLAYJOOM_INVALID_REQUEST'), 'priority' => JLog::ERROR, 'section' => 'admin'))); return false; } }
/** * Upload a file * * @since 1.5 */ function upload() { $params = JComponentHelper::getParams('com_media'); // Check for request forgeries if (!JSession::checkToken('request')) { $response = array('status' => '0', 'error' => JText::_('JINVALID_TOKEN')); echo json_encode($response); return; } // Get the user $user = JFactory::getUser(); $log = JLog::getInstance('upload.error.php'); // Get some data from the request $file = JRequest::getVar('Filedata', '', 'files', 'array'); $folder = JRequest::getVar('folder', '', '', 'path'); $return = JRequest::getVar('return-url', null, 'post', 'base64'); if ($_SERVER['CONTENT_LENGTH'] > $params->get('upload_maxsize', 0) * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > (int) ini_get('upload_max_filesize') * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > (int) ini_get('post_max_size') * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > (int) ini_get('memory_limit') * 1024 * 1024) { $response = array('status' => '0', 'error' => JText::_('COM_MEDIA_ERROR_WARNFILETOOLARGE')); echo json_encode($response); return; } // Set FTP credentials, if given JClientHelper::setCredentialsFromRequest('ftp'); // Make the filename safe $file['name'] = JFile::makeSafe($file['name']); if (isset($file['name'])) { // The request is valid $err = null; $filepath = JPath::clean(COM_MEDIA_BASE . '/' . $folder . '/' . strtolower($file['name'])); if (!MediaHelper::canUpload($file, $err)) { $log->addEntry(array('comment' => 'Invalid: ' . $filepath . ': ' . $err)); $response = array('status' => '0', 'error' => JText::_($err)); echo json_encode($response); return; } // Trigger the onContentBeforeSave event. JPluginHelper::importPlugin('content'); $dispatcher = JDispatcher::getInstance(); $object_file = new JObject($file); $object_file->filepath = $filepath; $result = $dispatcher->trigger('onContentBeforeSave', array('com_media.file', &$object_file)); if (in_array(false, $result, true)) { // There are some errors in the plugins $log->addEntry(array('comment' => 'Errors before save: ' . $filepath . ' : ' . implode(', ', $object_file->getErrors()))); $response = array('status' => '0', 'error' => JText::plural('COM_MEDIA_ERROR_BEFORE_SAVE', count($errors = $object_file->getErrors()), implode('<br />', $errors))); echo json_encode($response); return; } if (JFile::exists($filepath)) { // File exists $log->addEntry(array('comment' => 'File exists: ' . $filepath . ' by user_id ' . $user->id)); $response = array('status' => '0', 'error' => JText::_('COM_MEDIA_ERROR_FILE_EXISTS')); echo json_encode($response); return; } elseif (!$user->authorise('core.create', 'com_media')) { // File does not exist and user is not authorised to create $log->addEntry(array('comment' => 'Create not permitted: ' . $filepath . ' by user_id ' . $user->id)); $response = array('status' => '0', 'error' => JText::_('COM_MEDIA_ERROR_CREATE_NOT_PERMITTED')); echo json_encode($response); return; } $file = (array) $object_file; if (!JFile::upload($file['tmp_name'], $file['filepath'])) { // Error in upload $log->addEntry(array('comment' => 'Error on upload: ' . $filepath)); $response = array('status' => '0', 'error' => JText::_('COM_MEDIA_ERROR_UNABLE_TO_UPLOAD_FILE')); echo json_encode($response); return; } else { // Trigger the onContentAfterSave event. $dispatcher->trigger('onContentAfterSave', array('com_media.file', &$object_file, true)); $log->addEntry(array('comment' => $folder)); $response = array('status' => '1', 'error' => JText::sprintf('COM_MEDIA_UPLOAD_COMPLETE', substr($file['filepath'], strlen(COM_MEDIA_BASE)))); echo json_encode($response); return; } } else { $response = array('status' => '0', 'error' => JText::_('COM_MEDIA_ERROR_BAD_REQUEST')); echo json_encode($response); return; } }
/** * Upload a file * @return void * @since 1.5 */ function upload() { return; // Check for request forgeries if (!JRequest::checkToken('request')) { $response = array('status' => '0', 'error' => JText::_('JINVALID_TOKEN')); echo json_encode($response); return; } // Get the user $user = JFactory::getUser(); // Get some data from the request $file = JRequest::getVar('Filedata', '', 'files', 'array'); $folder = JRequest::getVar('folder', '', '', 'path'); $return = JRequest::getVar('return-url', null, 'post', 'base64'); // Set FTP credentials, if given jimport('joomla.client.helper'); JClientHelper::setCredentialsFromRequest('ftp'); // Make the filename safe $file['name'] = JFile::makeSafe($file['name']); if (isset($file['name'])) { // The request is valid $err = null; $filepath = JPath::clean(JPATH_COMPONENT . DS . $folder . DS . strtolower($file['name'])); if (!MediaHelper::canUpload($file, $err)) { $response = array('status' => '0', 'error' => JText::_($err)); echo json_encode($response); return; } // Trigger the onContentBeforeSave event. JPluginHelper::importPlugin('content'); $dispatcher = JDispatcher::getInstance(); $object_file = new JObject($file); $object_file->filepath = $filepath; $result = $dispatcher->trigger('onContentBeforeSave', array('com_media.file', $object_file)); if (in_array(false, $result, true)) { // There are some errors in the plugins $log->addEntry(array('comment' => 'Errors before save: ' . $filepath . ' : ' . implode(', ', $object_file->getErrors()))); $response = array('status' => '0', 'error' => JText::plural('COM_MEDIA_ERROR_BEFORE_SAVE', count($errors = $object_file->getErrors()), implode('<br />', $errors))); echo json_encode($response); return; } if (JFile::exists($filepath)) { // File exists $response = array('status' => '0', 'error' => JText::_('COM_MEDIA_ERROR_FILE_EXISTS')); echo json_encode($response); return; } elseif (!$user->authorise('core.create', 'com_media')) { // File does not exist and user is not authorised to create $response = array('status' => '0', 'error' => JText::_('COM_MEDIA_ERROR_CREATE_NOT_PERMITTED')); echo json_encode($response); return; } $file = (array) $object_file; if (!JFile::upload($file['tmp_name'], $file['filepath'])) { // Error in upload $response = array('status' => '0', 'error' => JText::_('COM_MEDIA_ERROR_UNABLE_TO_UPLOAD_FILE')); echo json_encode($response); return; } else { // Trigger the onContentAfterSave event. //$dispatcher->trigger('onContentAfterSave', array('com_media.file', &$object_file), null); $response = array('status' => '1', 'error' => JText::sprintf('COM_MEDIA_UPLOAD_COMPLETE', substr($file['filepath'], strlen('COM_MEDIA_BASE')))); echo json_encode($response); return; } } else { $response = array('status' => '0', 'error' => JText::_('COM_MEDIA_ERROR_BAD_REQUEST')); echo json_encode($response); return; } }
/** * Deletes paths from the current path * * @return boolean * * @since 1.5 */ public function delete() { JSession::checkToken('request') or jexit(JText::_('JINVALID_TOKEN')); // Get some data from the request $tmpl = $this->input->get('tmpl'); $paths = $this->input->get('rm', array(), 'array'); $folder = $this->input->get('folder', '', 'path'); $redirect = 'index.php?option=com_media&folder=' . $folder; if ($tmpl == 'component') { // We are inside the iframe $redirect .= '&view=mediaList&tmpl=component'; } $this->setRedirect($redirect); // Nothing to delete if (empty($paths)) { return true; } // Authorize the user if (!$this->authoriseUser('delete')) { return false; } // Set FTP credentials, if given JClientHelper::setCredentialsFromRequest('ftp'); JPluginHelper::importPlugin('content'); $dispatcher = JEventDispatcher::getInstance(); $ret = true; foreach ($paths as $path) { if ($path !== JFile::makeSafe($path)) { // Filename is not safe $filename = htmlspecialchars($path, ENT_COMPAT, 'UTF-8'); JError::raiseWarning(100, JText::sprintf('COM_MEDIA_ERROR_UNABLE_TO_DELETE_FILE_WARNFILENAME', substr($filename, strlen(COM_MEDIA_BASE)))); continue; } $fullPath = JPath::clean(implode(DIRECTORY_SEPARATOR, array(COM_MEDIA_BASE, $folder, $path))); $object_file = new JObject(array('filepath' => $fullPath)); if (is_file($object_file->filepath)) { // Trigger the onContentBeforeDelete event. $result = $dispatcher->trigger('onContentBeforeDelete', array('com_media.file', &$object_file)); if (in_array(false, $result, true)) { // There are some errors in the plugins $errors = $object_file->getErrors(); JError::raiseWarning(100, JText::plural('COM_MEDIA_ERROR_BEFORE_DELETE', count($errors), implode('<br />', $errors))); continue; } $ret &= JFile::delete($object_file->filepath); // Trigger the onContentAfterDelete event. $dispatcher->trigger('onContentAfterDelete', array('com_media.file', &$object_file)); $this->setMessage(JText::sprintf('COM_MEDIA_DELETE_COMPLETE', substr($object_file->filepath, strlen(COM_MEDIA_BASE)))); } elseif (is_dir($object_file->filepath)) { $contents = JFolder::files($object_file->filepath, '.', true, false, array('.svn', 'CVS', '.DS_Store', '__MACOSX', 'index.html')); if (empty($contents)) { // Trigger the onContentBeforeDelete event. $result = $dispatcher->trigger('onContentBeforeDelete', array('com_media.folder', &$object_file)); if (in_array(false, $result, true)) { // There are some errors in the plugins $errors = $object_file->getErrors(); JError::raiseWarning(100, JText::plural('COM_MEDIA_ERROR_BEFORE_DELETE', count($errors), implode('<br />', $errors))); continue; } $ret &= JFolder::delete($object_file->filepath); // Trigger the onContentAfterDelete event. $dispatcher->trigger('onContentAfterDelete', array('com_media.folder', &$object_file)); $this->setMessage(JText::sprintf('COM_MEDIA_DELETE_COMPLETE', substr($object_file->filepath, strlen(COM_MEDIA_BASE)))); } else { // This makes no sense... $folderPath = substr($object_file->filepath, strlen(COM_MEDIA_BASE)); JError::raiseWarning(100, JText::sprintf('COM_MEDIA_ERROR_UNABLE_TO_DELETE_FOLDER_NOT_EMPTY', $folderPath)); } } } return $ret; }
/** * Deletes paths from the current path * * @param string $listFolder The image directory to delete a file from * @since 1.5 */ function delete() { JSession::checkToken('request') or jexit(JText::_('JINVALID_TOKEN')); $app = JFactory::getApplication(); $user = JFactory::getUser(); // Get some data from the request $tmpl = JRequest::getCmd('tmpl'); $paths = JRequest::getVar('rm', array(), '', 'array'); $folder = JRequest::getVar('folder', '', '', 'path'); if ($tmpl == 'component') { // We are inside the iframe $this->setRedirect('index.php?option=com_media&view=mediaList&folder=' . $folder . '&tmpl=component'); } else { $this->setRedirect('index.php?option=com_media&folder=' . $folder); } if (!$user->authorise('core.delete', 'com_media')) { // User is not authorised to delete JError::raiseWarning(403, JText::_('JLIB_APPLICATION_ERROR_DELETE_NOT_PERMITTED')); return false; } else { // Set FTP credentials, if given JClientHelper::setCredentialsFromRequest('ftp'); // Initialise variables. $ret = true; if (count($paths)) { JPluginHelper::importPlugin('content'); $dispatcher = JDispatcher::getInstance(); foreach ($paths as $path) { if ($path !== JFile::makeSafe($path)) { // filename is not safe $filename = htmlspecialchars($path, ENT_COMPAT, 'UTF-8'); JError::raiseWarning(100, JText::sprintf('COM_MEDIA_ERROR_UNABLE_TO_DELETE_FILE_WARNFILENAME', substr($filename, strlen(COM_MEDIA_BASE)))); continue; } $fullPath = JPath::clean(COM_MEDIA_BASE . '/' . $folder . '/' . $path); $object_file = new JObject(array('filepath' => $fullPath)); if (is_file($fullPath)) { // Trigger the onContentBeforeDelete event. $result = $dispatcher->trigger('onContentBeforeDelete', array('com_media.file', &$object_file)); if (in_array(false, $result, true)) { // There are some errors in the plugins JError::raiseWarning(100, JText::plural('COM_MEDIA_ERROR_BEFORE_DELETE', count($errors = $object_file->getErrors()), implode('<br />', $errors))); continue; } $ret &= JFile::delete($fullPath); // Trigger the onContentAfterDelete event. $dispatcher->trigger('onContentAfterDelete', array('com_media.file', &$object_file)); $this->setMessage(JText::sprintf('COM_MEDIA_DELETE_COMPLETE', substr($fullPath, strlen(COM_MEDIA_BASE)))); } elseif (is_dir($fullPath)) { if (count(JFolder::files($fullPath, '.', true, false, array('.svn', 'CVS', '.DS_Store', '__MACOSX'), array('index.html', '^\\..*', '.*~'))) == 0) { // Trigger the onContentBeforeDelete event. $result = $dispatcher->trigger('onContentBeforeDelete', array('com_media.folder', &$object_file)); if (in_array(false, $result, true)) { // There are some errors in the plugins JError::raiseWarning(100, JText::plural('COM_MEDIA_ERROR_BEFORE_DELETE', count($errors = $object_file->getErrors()), implode('<br />', $errors))); continue; } $ret &= JFolder::delete($fullPath); // Trigger the onContentAfterDelete event. $dispatcher->trigger('onContentAfterDelete', array('com_media.folder', &$object_file)); $this->setMessage(JText::sprintf('COM_MEDIA_DELETE_COMPLETE', substr($fullPath, strlen(COM_MEDIA_BASE)))); } else { //This makes no sense... JError::raiseWarning(100, JText::sprintf('COM_MEDIA_ERROR_UNABLE_TO_DELETE_FOLDER_NOT_EMPTY', substr($fullPath, strlen(COM_MEDIA_BASE)))); } } } } return $ret; } }
/** * Upload a file * * @return void * * @since 1.5 */ public function upload() { $params = JComponentHelper::getParams('com_media'); // Check for request forgeries if (!JSession::checkToken('request')) { $response = array('status' => '0', 'message' => JText::_('JINVALID_TOKEN'), 'error' => JText::_('JINVALID_TOKEN')); echo json_encode($response); return; } // Get the user $user = JFactory::getUser(); JLog::addLogger(array('text_file' => 'upload.error.php'), JLog::ALL, array('upload')); // Get some data from the request $file = $this->input->files->get('Filedata', '', 'array'); $folder = $this->input->get('folder', '', 'path'); // Instantiate the media helper $mediaHelper = new JHelperMedia(); if ($_SERVER['CONTENT_LENGTH'] > $params->get('upload_maxsize', 0) * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > $mediaHelper->toBytes(ini_get('upload_max_filesize')) || $_SERVER['CONTENT_LENGTH'] > $mediaHelper->toBytes(ini_get('post_max_size')) || $_SERVER['CONTENT_LENGTH'] > $mediaHelper->toBytes(ini_get('memory_limit'))) { $response = array('status' => '0', 'message' => JText::_('COM_MEDIA_ERROR_WARNFILETOOLARGE'), 'error' => JText::_('COM_MEDIA_ERROR_WARNFILETOOLARGE')); echo json_encode($response); return; } // Set FTP credentials, if given JClientHelper::setCredentialsFromRequest('ftp'); if (isset($file['name'])) { // Make the filename safe $file['name'] = JFile::makeSafe($file['name']); // We need a URL safe name $fileparts = pathinfo(COM_MEDIA_BASE . '/' . $folder . '/' . $file['name']); // Transform filename to punycode $fileparts['filename'] = JStringPunycode::toPunycode($fileparts['filename']); $tempExt = !empty($fileparts['extension']) ? strtolower($fileparts['extension']) : ''; // Transform filename to punycode, then neglect otherthan non-alphanumeric characters & underscores. Also transform extension to lowercase $safeFileName = preg_replace(array("/[\\s]/", "/[^a-zA-Z0-9_]/"), array("_", ""), $fileparts['filename']) . '.' . $tempExt; // Create filepath with safe-filename $files['final'] = $fileparts['dirname'] . DIRECTORY_SEPARATOR . $safeFileName; $file['name'] = $safeFileName; $filepath = JPath::clean($files['final']); if (!$mediaHelper->canUpload($file, 'com_media')) { JLog::add('Invalid: ' . $filepath, JLog::INFO, 'upload'); $response = array('status' => '0', 'message' => JText::_('COM_MEDIA_ERROR_UNABLE_TO_UPLOAD_FILE'), 'error' => JText::_('COM_MEDIA_ERROR_UNABLE_TO_UPLOAD_FILE')); echo json_encode($response); return; } // Trigger the onContentBeforeSave event. JPluginHelper::importPlugin('content'); $dispatcher = JEventDispatcher::getInstance(); $object_file = new JObject($file); $object_file->filepath = $filepath; $result = $dispatcher->trigger('onContentBeforeSave', array('com_media.file', &$object_file, true)); if (in_array(false, $result, true)) { // There are some errors in the plugins JLog::add('Errors before save: ' . $object_file->filepath . ' : ' . implode(', ', $object_file->getErrors()), JLog::INFO, 'upload'); $response = array('status' => '0', 'message' => JText::plural('COM_MEDIA_ERROR_BEFORE_SAVE', count($errors = $object_file->getErrors()), implode('<br />', $errors)), 'error' => JText::plural('COM_MEDIA_ERROR_BEFORE_SAVE', count($errors = $object_file->getErrors()), implode('<br />', $errors))); echo json_encode($response); return; } if (JFile::exists($object_file->filepath)) { // File exists JLog::add('File exists: ' . $object_file->filepath . ' by user_id ' . $user->id, JLog::INFO, 'upload'); $response = array('status' => '0', 'message' => JText::_('COM_MEDIA_ERROR_FILE_EXISTS'), 'error' => JText::_('COM_MEDIA_ERROR_FILE_EXISTS'), 'location' => str_replace(JPATH_ROOT, '', $filepath)); echo json_encode($response); return; } elseif (!$user->authorise('core.create', 'com_media')) { // File does not exist and user is not authorised to create JLog::add('Create not permitted: ' . $object_file->filepath . ' by user_id ' . $user->id, JLog::INFO, 'upload'); $response = array('status' => '0', 'error' => JText::_('COM_MEDIA_ERROR_CREATE_NOT_PERMITTED'), 'message' => JText::_('COM_MEDIA_ERROR_CREATE_NOT_PERMITTED')); echo json_encode($response); return; } if (!JFile::upload($object_file->tmp_name, $object_file->filepath)) { // Error in upload JLog::add('Error on upload: ' . $object_file->filepath, JLog::INFO, 'upload'); $response = array('status' => '0', 'message' => JText::_('COM_MEDIA_ERROR_UNABLE_TO_UPLOAD_FILE'), 'error' => JText::_('COM_MEDIA_ERROR_UNABLE_TO_UPLOAD_FILE')); echo json_encode($response); return; } else { // Trigger the onContentAfterSave event. $dispatcher->trigger('onContentAfterSave', array('com_media.file', &$object_file, true)); JLog::add($folder, JLog::INFO, 'upload'); $returnUrl = str_replace(JPATH_ROOT, '', $object_file->filepath); $response = array('status' => '1', 'message' => JText::sprintf('COM_MEDIA_UPLOAD_COMPLETE', $returnUrl), 'error' => JText::sprintf('COM_MEDIA_UPLOAD_COMPLETE', $returnUrl), 'location' => str_replace('\\', '/', $returnUrl)); echo json_encode($response); return; } } else { $response = array('status' => '0', 'error' => JText::_('COM_MEDIA_ERROR_BAD_REQUEST'), 'message' => JText::_('COM_MEDIA_ERROR_BAD_REQUEST')); echo json_encode($response); return; } }
/** * Create a folder * * @param string $path Path of the folder to create * @since 1.5 */ function create() { // Check for request forgeries JRequest::checkToken() or jexit(JText::_('JINVALID_TOKEN')); $user = JFactory::getUser(); $folder = JRequest::getCmd('foldername', ''); $folderCheck = JRequest::getVar('foldername', null, '', 'string', JREQUEST_ALLOWRAW); $parent = JRequest::getVar('folderbase', '', '', 'path'); $this->setRedirect('index.php?option=com_media&folder=' . $parent . '&tmpl=' . JRequest::getCmd('tmpl', 'index')); if (strlen($folder) > 0) { if (!$user->authorise('core.create', 'com_media')) { // User is not authorised to delete JError::raiseWarning(403, JText::_('JLIB_APPLICATION_ERROR_CREATE_NOT_PERMITTED')); return false; } // Set FTP credentials, if given jimport('joomla.client.helper'); JClientHelper::setCredentialsFromRequest('ftp'); JRequest::setVar('folder', $parent); if ($folderCheck !== null && $folder !== $folderCheck) { $this->setMessage(JText::_('COM_MEDIA_ERROR_UNABLE_TO_CREATE_FOLDER_WARNDIRNAME')); return false; } $path = JPath::clean(COM_MEDIA_BASE . DS . $parent . DS . $folder); if (!is_dir($path) && !is_file($path)) { // Trigger the onContentBeforeSave event. $object_file = new JObject(array('filepath' => $path)); JPluginHelper::importPlugin('content'); $dispatcher = JDispatcher::getInstance(); $result = $dispatcher->trigger('onContentBeforeSave', array('com_media.folder', &$object_file)); if (in_array(false, $result, true)) { // There are some errors in the plugins JError::raiseWarning(100, JText::plural('COM_MEDIA_ERROR_BEFORE_SAVE', count($errors = $object_file->getErrors()), implode('<br />', $errors))); continue; } JFolder::create($path); $data = "<html>\n<body bgcolor=\"#FFFFFF\">\n</body>\n</html>"; JFile::write($path . DS . "index.html", $data); // Trigger the onContentAfterSave event. $dispatcher->trigger('onContentAfterSave', array('com_media.folder', &$object_file, true)); $this->setMessage(JText::sprintf('COM_MEDIA_CREATE_COMPLETE', substr($path, strlen(COM_MEDIA_BASE)))); } JRequest::setVar('folder', $parent ? $parent . '/' . $folder : $folder); } }
/** * Upload a file * * @since 1.5 */ function upload() { $dispatcher = JDispatcher::getInstance(); $params = JComponentHelper::getParams('com_playjoom'); // Check for request forgeries if (!JSession::checkToken('request')) { $response = array('status' => '0', 'error' => JText::_('JINVALID_TOKEN')); echo json_encode($response); return; } // Get the user $user = JFactory::getUser(); $input = JFactory::getApplication()->input; JLog::addLogger(array('text_file' => 'upload.error.php'), JLog::ALL, array('upload')); // Get some data from the request $file = JRequest::getVar('Filedata', '', 'files', 'array'); $folder = JRequest::getVar('folder', '', 'path'); $return = $input->post->get('return-url', null, 'base64'); $dispatcher->trigger('onEventLogging', array(array('method' => __METHOD__ . ":" . __LINE__, 'message' => 'Start uploading file.json: ' . $folder . DIRECTORY_SEPARATOR . $file['name'], 'priority' => JLog::INFO, 'section' => 'admin'))); if ($_SERVER['CONTENT_LENGTH'] > $params->get('upload_maxsize', 100) * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > (int) ini_get('upload_max_filesize') * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > (int) ini_get('post_max_size') * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > (int) ini_get('memory_limit') * 1024 * 1024) { $response = array('status' => '0', 'error' => JText::_('COM_PLAYJOOM_ERROR_WARNFILETOOLARGE')); echo json_encode($response); return; } // Set FTP credentials, if given JClientHelper::setCredentialsFromRequest('ftp'); // Make the filename safe $file['name'] = JFile::makeSafe($file['name']); if (isset($file['name'])) { // The request is valid $err = null; $filepath = JPath::clean(PLAYJOOM_BASE_PATH . '/' . $folder . '/' . strtolower($file['name'])); $allowableExtensions = $params->get('upload_audio_extensions', 'mp3,wav,flac'); if (!PlayJoomMediaHelper::canUpload($file, $err, $allowableExtensions)) { JLog::add('Invalid: ' . $filepath . ': ' . $err, JLog::INFO, 'upload'); $response = array('status' => '0', 'error' => JText::_($err)); echo json_encode($response); return; } // Trigger the onContentBeforeSave event. JPluginHelper::importPlugin('content'); $dispatcher = JEventDispatcher::getInstance(); $object_file = new JObject($file); $object_file->filepath = $filepath; $result = $dispatcher->trigger('onContentBeforeSave', array('com_playjoom.file', &$object_file)); if (in_array(false, $result, true)) { // There are some errors in the plugins JLog::add('Errors before save: ' . $filepath . ' : ' . implode(', ', $object_file->getErrors()), JLog::INFO, 'upload'); $response = array('status' => '0', 'error' => JText::plural('COM_PLAYJOOM_ERROR_BEFORE_SAVE', count($errors = $object_file->getErrors()), implode('<br />', $errors))); echo json_encode($response); return; } if (JFile::exists($filepath)) { // File exists JLog::add('File exists: ' . $filepath . ' by user_id ' . $user->id, JLog::INFO, 'upload'); $response = array('status' => '0', 'error' => JText::_('COM_PLAYJOOM_ERROR_FILE_EXISTS')); echo json_encode($response); return; } elseif (!$user->authorise('core.create', 'com_playjoom')) { // File does not exist and user is not authorised to create JLog::add('Create not permitted: ' . $filepath . ' by user_id ' . $user->id, JLog::INFO, 'upload'); $response = array('status' => '0', 'error' => JText::_('COM_PLAYJOOM_ERROR_CREATE_NOT_PERMITTED')); echo json_encode($response); return; } $file = (array) $object_file; if (!JFile::upload($file['tmp_name'], $file['filepath'])) { // Error in upload JLog::add('Error on upload: ' . $filepath, JLog::INFO, 'upload'); $response = array('status' => '0', 'error' => JText::_('COM_PLAYJOOM_ERROR_UNABLE_TO_UPLOAD_FILE')); echo json_encode($response); return; } else { // Trigger the onContentAfterSave event. $dispatcher->trigger('onContentAfterSave', array('com_playjoom.file', &$object_file, true)); JLog::add($folder, JLog::INFO, 'upload'); $response = array('status' => '1', 'error' => JText::sprintf('COM_PLAYJOOM_UPLOAD_COMPLETE', substr($file['filepath'], strlen(PLAYJOOM_BASE_PATH)))); echo json_encode($response); return; } } else { $response = array('status' => '0', 'error' => JText::_('COM_PLAYJOOM_ERROR_BAD_REQUEST')); echo json_encode($response); return; } }
/** * Create a folder * * @return boolean * * @since 1.5 */ public function create() { // Check for request forgeries JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN')); $user = JFactory::getUser(); $folder = $this->input->get('foldername', ''); $folderCheck = (string) $this->input->get('foldername', null, 'raw'); $parent = $this->input->get('folderbase', '', 'path'); $this->setRedirect('index.php?option=com_media&folder=' . $parent . '&tmpl=' . $this->input->get('tmpl', 'index')); if (strlen($folder) > 0) { if (!$user->authorise('core.create', 'com_media')) { // User is not authorised to create JError::raiseWarning(403, JText::_('COM_MEDIA_ERROR_CREATE_NOT_PERMITTED')); return false; } // Set FTP credentials, if given JClientHelper::setCredentialsFromRequest('ftp'); $this->input->set('folder', $parent); if ($folderCheck !== null && $folder !== $folderCheck) { $app = JFactory::getApplication(); $app->enqueueMessage(JText::_('COM_MEDIA_ERROR_UNABLE_TO_CREATE_FOLDER_WARNDIRNAME'), 'warning'); return false; } $path = JPath::clean(COM_MEDIA_BASE . '/' . $parent . '/' . $folder); if (!is_dir($path) && !is_file($path)) { // Trigger the onContentBeforeSave event. $object_file = new JObject(array('filepath' => $path)); JPluginHelper::importPlugin('content'); $result = JFactory::getApplication()->triggerEvent('onContentBeforeSave', array('com_media.folder', &$object_file, true)); if (in_array(false, $result, true)) { // There are some errors in the plugins JError::raiseWarning(100, JText::plural('COM_MEDIA_ERROR_BEFORE_SAVE', count($errors = $object_file->getErrors()), implode('<br />', $errors))); return false; } if (JFolder::create($object_file->filepath)) { $data = "<html>\n<body bgcolor=\"#FFFFFF\">\n</body>\n</html>"; JFile::write($object_file->filepath . "/index.html", $data); // Trigger the onContentAfterSave event. JFactory::getApplication()->triggerEvent('onContentAfterSave', array('com_media.folder', &$object_file, true)); $this->setMessage(JText::sprintf('COM_MEDIA_CREATE_COMPLETE', substr($object_file->filepath, strlen(COM_MEDIA_BASE)))); } } $this->input->set('folder', $parent ? $parent . '/' . $folder : $folder); } else { // File name is of zero length (null). JError::raiseWarning(100, JText::_('COM_MEDIA_ERROR_UNABLE_TO_CREATE_FOLDER_WARNDIRNAME')); return false; } return true; }
/** * Create a folder * * @return boolean * * @since 1.5 */ public function create() { // Check for request forgeries JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN')); $user = JFactory::getUser(); $folder = $this->input->get('new-folder-name', '', 'path'); $parent = $this->input->get('new-folder-base', '', 'path'); if (empty($parent)) { $parent = $this->getFoldersModel()->getCurrentFolder(); } $this->setRedirect('index.php?option=com_media&folder=' . $parent . '&tmpl=' . $this->input->get('tmpl', 'index')); // File name is of zero length (null) if (!strlen($folder)) { $this->setWarning(JText::_('COM_MEDIA_ERROR_UNABLE_TO_CREATE_FOLDER_EMPTY')); return false; } // User is not authorised to create if (!$user->authorise('core.create', 'com_media')) { $this->setWarning(JText::_('COM_MEDIA_ERROR_CREATE_NOT_PERMITTED')); return false; } // Set FTP credentials, if given JClientHelper::setCredentialsFromRequest('ftp'); $this->input->set('folder', $parent); $path = JPath::clean(COM_MEDIA_BASE . '/' . $parent . '/' . $folder); if (is_dir($path) || is_file($path)) { $this->input->set('folder', $parent ? $parent . '/' . $folder : $folder); } // Trigger the onContentBeforeSave event. $fileObject = new JObject(array('filepath' => $path)); $result = $this->triggerEvent('onContentBeforeSave', array('com_media.folder', &$fileObject, true)); if (in_array(false, $result, true)) { // There are some errors in the plugins $this->setWarning(JText::plural('COM_MEDIA_ERROR_BEFORE_SAVE', count($errors = $fileObject->getErrors()), implode('<br />', $errors))); return false; } // Try to create the folder try { $this->getFolderModel()->create($parent . '/' . $folder); } catch (Exception $e) { // There are some errors in the plugins $this->setWarning('EXCEPTION: ' . $e->getMessage()); return false; } $this->createIndexFileInFolder($fileObject); $this->input->set('folder', $parent ? $parent . '/' . $folder : $folder); return true; }
/** * Create a folder * * @param string $path Path of the folder to create * @since 1.5 */ function create() { // Check for request forgeries JRequest::checkToken() or jexit(JText::_('JINVALID_TOKEN')); $dispatcher = JDispatcher::getInstance(); //Get Post datas $jinput = JFactory::getApplication()->input; $folder = $jinput->post->get('foldername', 'default_value', 'filter'); $parent = $jinput->post->get('folderbase', 'default_value', 'filter'); //Filter folder name for not allowed characters $filterArray = array("/%/", "/'/", "/\$/", "/</", "/>/", "/\"/", "/\\*/", "/&/", "/=/"); $replaceArray = array(null, null, null, null, null, null, null, null, null); $folder = preg_replace($filterArray, $replaceArray, $folder); $dispatcher->trigger('onEventLogging', array(array('method' => __METHOD__ . ":" . __LINE__, 'message' => 'Create a folder.Foldername: ' . PLAYJOOM_BASE_PATH . DIRECTORY_SEPARATOR . $parent . DIRECTORY_SEPARATOR . $folder, 'priority' => JLog::INFO, 'section' => 'admin'))); $user = JFactory::getUser(); $this->setRedirect('index.php?option=com_playjoom&view=media&folder=' . $parent . '&tmpl=' . JRequest::getCmd('tmpl', 'index')); if (strlen($folder) > 0) { if (!$user->authorise('core.create', 'com_playjoom')) { // User is not authorised to delete JError::raiseWarning(403, JText::_('JLIB_APPLICATION_ERROR_CREATE_NOT_PERMITTED')); $dispatcher->trigger('onEventLogging', array(array('method' => __METHOD__ . ":" . __LINE__, 'message' => 'User is not allowed to create a folder.', 'priority' => JLog::WARNING, 'section' => 'admin'))); return false; } // Set FTP credentials, if given JClientHelper::setCredentialsFromRequest('ftp'); JRequest::setVar('folder', $parent); $path = JPath::clean(PLAYJOOM_BASE_PATH . '/' . $parent . '/' . $folder); if (!is_dir($path) && !is_file($path)) { // Trigger the onContentBeforeSave event. $object_file = new JObject(array('filepath' => $path)); JPluginHelper::importPlugin('content'); $result = $dispatcher->trigger('onContentBeforeSave', array('com_playjoom.folder', &$object_file)); if (in_array(false, $result, true)) { // There are some errors in the plugins $dispatcher->trigger('onEventLogging', array(array('method' => __METHOD__ . ":" . __LINE__, 'message' => 'Error occours before saving. ' . $object_file->getErrors(), 'priority' => JLog::ERROR, 'section' => 'admin'))); JError::raiseWarning(100, JText::plural('COM_PLAYJOOM_ERROR_BEFORE_SAVE', count($errors = $object_file->getErrors()), implode('<br />', $errors))); continue; } JFolder::create($path); $data = "<html>\n<body bgcolor=\"#FFFFFF\">\n</body>\n</html>"; JFile::write($path . "/index.html", $data); // Trigger the onContentAfterSave event. $dispatcher->trigger('onContentAfterSave', array('com_playjoom.folder', &$object_file, true)); $dispatcher->trigger('onEventLogging', array(array('method' => __METHOD__ . ":" . __LINE__, 'message' => 'create folder complete.', 'priority' => JLog::INFO, 'section' => 'admin'))); $this->setMessage(JText::sprintf('COM_PLAYJOOM_CREATE_COMPLETE', substr($path, strlen(PLAYJOOM_BASE_PATH)))); } JRequest::setVar('folder', $parent ? $parent . '/' . $folder : $folder); } }
/** * Method to delete an object * * @return bool * @throws Exception */ public function delete() { $this->checkNameSafe(); $contents = JFolder::files($this->full_path, '.', true, false, $this->skipList); if (!empty($contents)) { throw new Exception(JText::sprintf('COM_MEDIA_ERROR_UNABLE_TO_DELETE_FOLDER_NOT_EMPTY', $this->path)); } // Trigger the onContentBeforeDelete event $folderObject = new JObject(array('filepath' => $this->full_path)); $result = $this->triggerEvent('onContentBeforeDelete', array('com_media.folder', &$folderObject)); if (in_array(false, $result, true)) { // There are some errors in the plugins $errors = $folderObject->getErrors(); throw new Exception(JText::plural('COM_MEDIA_ERROR_BEFORE_DELETE', count($errors), implode('<br />', $errors))); } $rt = JFolder::delete($this->full_path); // Trigger the onContentAfterDelete event. $this->triggerEvent('onContentAfterDelete', array('com_media.folder', &$folderObject)); return $rt; }
/** * Delete a file * * @return bool * @throws RuntimeException * @throws Exception * @since 3.7.0 */ public function delete() { if (empty($this->fileProperties)) { return false; } $fileName = $this->fileProperties['name']; $filePath = $this->fileProperties['path']; if ($fileName !== JFile::makeSafe($fileName)) { // Filename is not safe $filename = htmlspecialchars($fileName, ENT_COMPAT, 'UTF-8'); throw new RuntimeException(JText::sprintf('COM_MEDIA_ERROR_UNABLE_TO_DELETE_FILE_WARNFILENAME', substr($filename, strlen(COM_MEDIA_BASE)))); } if (!is_file($filePath)) { return false; } // Trigger the onContentBeforeDelete event $fileObject = new JObject(array('filepath' => $filePath)); $result = $this->triggerEvent('onContentBeforeDelete', array('com_media.file', &$fileObject)); if (in_array(false, $result, true)) { // There are some errors in the plugins $errors = $fileObject->getErrors(); throw new Exception(JText::plural('COM_MEDIA_ERROR_BEFORE_DELETE', count($errors), implode('<br />', $errors))); } $rt = JFile::delete($fileObject->filepath); // Trigger the onContentAfterDelete event. $this->triggerEvent('onContentAfterDelete', array('com_media.file', &$fileObject)); return $rt; }
/** * Upload one or more files * * @return boolean * * @since 1.5 */ public function upload() { // Check for request forgeries JSession::checkToken('request') or jexit(JText::_('JINVALID_TOKEN')); // Get some data from the request $files = $this->input->files->get('files', '', 'array'); $return = JFactory::getSession()->get('com_media.return_url'); $this->folder = $this->input->get('folder', '', 'path'); if (empty($this->folder)) { $this->folder = $this->getFoldersModel()->getCurrentFolder(); } // Don't redirect to an external URL. if (!JUri::isInternal($return)) { $return = ''; } // Set the redirect $return = $return ?: 'index.php?option=com_media'; $this->setRedirect($return . '&folder=' . $this->folder); // Authorize the user if (!$this->isUserAuthorized('create')) { return false; } // Total length of post back data in bytes. $contentLength = (int) $_SERVER['CONTENT_LENGTH']; // Instantiate the media helper $mediaHelper = new JHelperMedia(); // Maximum allowed size of post back data in MB. $postMaxSize = $mediaHelper->toBytes(ini_get('post_max_size')); // Maximum allowed size of script execution in MB. $memoryLimit = $mediaHelper->toBytes(ini_get('memory_limit')); // Check for the total size of post back data. if ($postMaxSize > 0 && $contentLength > $postMaxSize || $memoryLimit != -1 && $contentLength > $memoryLimit) { $this->setWarning(JText::_('COM_MEDIA_ERROR_WARNUPLOADTOOLARGE')); return false; } // Get com_config params $params = JComponentHelper::getParams('com_media'); $uploadMaxSize = $params->get('upload_maxsize', 0) * 1024 * 1024; $uploadMaxFileSize = $mediaHelper->toBytes(ini_get('upload_max_filesize')); // Perform basic checks on file info before attempting anything foreach ($files as &$file) { $file['name'] = JFile::makeSafe($file['name']); $file['name'] = str_replace(' ', '-', $file['name']); $file['filepath'] = JPath::clean(implode(DIRECTORY_SEPARATOR, array(COM_MEDIA_BASE, $this->folder, $file['name']))); // File size exceed either 'upload_max_filesize' or 'upload_maxsize'. if ($file['error'] == 1 || $uploadMaxSize > 0 && $file['size'] > $uploadMaxSize || $uploadMaxFileSize > 0 && $file['size'] > $uploadMaxFileSize) { $this->setWarning(JText::_('COM_MEDIA_ERROR_WARNFILETOOLARGE')); return false; } // A file with this name already exists if (JFile::exists($file['filepath'])) { $this->setWarning(JText::_('COM_MEDIA_ERROR_FILE_EXISTS')); return false; } // No filename (after the name was cleaned by JFile::makeSafe) if (!isset($file['name'])) { $this->setRedirect('index.php', JText::_('COM_MEDIA_INVALID_REQUEST'), 'error'); return false; } } // Set FTP credentials, if given JClientHelper::setCredentialsFromRequest('ftp'); $mediaHelper = new JHelperMedia(); foreach ($files as &$file) { // The file can't be uploaded if (!$mediaHelper->canUpload($file)) { return false; } // Trigger the onContentBeforeSave event. $fileObject = new JObject($file); $result = $this->triggerEvent('onContentBeforeSave', array('com_media.file', &$fileObject, true)); // There are some errors in the plugins if (in_array(false, $result, true)) { $this->setWarning(JText::plural('COM_MEDIA_ERROR_BEFORE_SAVE', count($errors = $fileObject->getErrors()), implode('<br />', $errors))); return false; } // Error in upload if (!JFile::upload($fileObject->tmp_name, $fileObject->filepath)) { $this->setWarning(JText::_('COM_MEDIA_ERROR_UNABLE_TO_UPLOAD_FILE')); return false; } // Trigger the onContentAfterSave event. $this->triggerEvent('onContentAfterSave', array('com_media.file', &$fileObject, true)); $this->setMessage(JText::sprintf('COM_MEDIA_UPLOAD_COMPLETE', substr($fileObject->filepath, strlen(COM_MEDIA_BASE)))); } return true; }