public static function do_download_file($type) { global $wf; // used by the "From URL" control if (isset($_REQUEST["url"])) { $url = trim($_REQUEST["url"]); if ($url) { MPC::incl("files"); $model_id = $_REQUEST["model_id"]; // need to check the extensions $pi = pathinfo(urldecode($url)); $field = MPM_Field::find_by_id($model_id); if ($field) { $type_options = $field->type_options; $extensions = $type_options["allowed_types"]; if (!in_array(strtolower($pi["extension"]), $extensions)) { self::ajax_error( sprintf( __("Cannot download %s. This field only allows the file types %s", MASTERPRESS_DOMAIN ), $type, implode(", ", $extensions))); } list($dir, $sub) = MPC_Files::upload_dir($field); $name = MPC_Files::sanitize_filename($pi["filename"], $type_options).".".md5($url); if ($type == "image") { $file = $wf->image_from_url($url, $name, $dir); } else { $file = $wf->file_from_url($url, $name, $dir); } if ($file->exists()) { // check the file size $limit = self::get_filesize_limit(); if (isset($type_options["allowed_maxsize"])) { if (is_numeric($type_options["allowed_maxsize"])) { $limit = WOOF_File::to_bytes($type_options["allowed_maxsize"]."M"); } } if ($file->filesizeinbytes() > $limit) { $file->delete(); self::ajax_error( sprintf( __("The %s was downloaded, but it could not saved as it was too large. This field only allows files up to %s", MASTERPRESS_DOMAIN ), $type, WOOF_File::format_filesize($limit, "MB", TRUE, $sep = " "))); } $info = array( "url" => $file->permalink() ); self::ajax_success($info); } else { self::ajax_error( sprintf( __("The %s could not be downloaded. Please check the URL is valid and try again", MASTERPRESS_DOMAIN ), $type ) ); } } else { self::ajax_error( sprintf( __( "This %s field could not be found in the database to check the validity of this download.", MASTERPRESS_DOMAIN ), $type ) ); } } } self::ajax_error(__("No URL specified", MASTERPRESS_DOMAIN)); }
/** * Returns array('success'=>true) or array('error'=>'error message') */ function handleUpload() { $dir = $this->options["dir"]; if (!is_writable($dir)){ return array('error' => "Sorry, the file could not be uploaded as the upload directory isn't writable."); } if (!$this->file){ return array('error' => __('No files were uploaded.', MASTERPRESS_DOMAIN)); } $size = $this->file->getSize(); if ($size == 0) { return array('error' => 'File is empty'); } if ($size > $this->options["size_limit"]) { return array('error' => sprintf( __('Sorry, the file is too large. The maximum size allowed is %s bytes', MASTERPRESS_DOMAIN), $this->options["size_limit"])); } $pathinfo = pathinfo($this->file->getName()); $filename = $pathinfo['filename']; //$filename = md5(uniqid()); $ext = $pathinfo['extension']; if($this->options["allowed_extensions"] && !in_array(strtolower($ext), $this->options["allowed_extensions"])){ $these = implode(', ', $this->options["allowed_extensions"]); return array('error' => sprintf( __('Sorry, you cannot upload a file of this type. Files must have an extension in the following list: %s.', MASTERPRESS_DOMAIN), $these) ); } // traversal mod to allow serial numbering for non-replace $count = 0; // mod the file name based on options $v = ".v"; $filename = MPC_Files::sanitize_filename($filename, $this->options); if (!isset($this->options["overwrite"])) { $basefilename = $filename; while (file_exists($dir . $filename . '.' . $ext)) { $count++; $filename = $basefilename.$v.$count; } } if ($this->file->save($dir . $filename . '.' . $ext)) { // traversal mod to return the eventual filename (why wasn't this included???) return array("dir" => $this->options["sub_dir"], 'success' => true, 'filename' => $filename . '.' . $ext); } else { return array('error'=> __('Could not save uploaded file.', MASTERPRESS_DOMAIN) . __('The upload was cancelled, or a server error has occurred.', MASTERPRESS_DOMAIN)); } }