/** * Upload the users avatar * * @param KCommandContext A command context object * @return void */ public function uploadAvatar(KCommandContext $context) { $avatar = KRequest::get('files.avatar', 'raw'); if (!$avatar['name']) { return; } //Prepare MediaHelper JLoader::register('MediaHelper', JPATH_ROOT . '/components/com_media/helpers/media.php'); // is it an image if (!MediaHelper::isImage($avatar['name'])) { JError::raiseWarning(21, sprintf(JText::_("%s failed to upload because it's not an image."), $avatar['name'])); return; } // are we allowed to upload this filetype if (!MediaHelper::canUpload($avatar, $error)) { JError::raiseWarning(21, sprintf(JText::_("%s failed to upload because %s"), $avatar['name'], lcfirst($error))); return; } // @todo put in some max file size checks $path = 'images/com_portfolio/avatars/' . $context->data->user_id . '/'; $ext = JFile::getExt($avatar['name']); $name = JFile::makeSafe($this->getService('koowa:filter.slug')->sanitize($context->data->title) . '.' . $ext); JFile::upload($avatar['tmp_name'], JPATH_ROOT . '/' . $path . $name); $context->data->avatar = $path . $name; }
/** * Upload an icon for a work * * @param KCommandContext A command context object * @return void */ public function uploadIcon(KCommandContext $context) { $icon = KRequest::get('files.icon', 'raw'); if (!$icon['name']) { return; } //Prepare MediaHelper JLoader::register('MediaHelper', JPATH_ROOT . '/components/com_media/helpers/media.php'); // is it an image if (!MediaHelper::isImage($icon['name'])) { JError::raiseWarning(21, sprintf(JText::_("%s failed to upload because it's not an image."), $icon['name'])); return; } // are we allowed to upload this filetype if (!MediaHelper::canUpload($icon, $error)) { JError::raiseWarning(21, sprintf(JText::_("%s failed to upload because %s"), $icon['name'], lcfirst($error))); return; } $slug = $this->getService('koowa:filter.slug'); $path = 'images/com_portfolio/work/' . $slug->sanitize($context->data->title) . '/icon/'; $ext = JFile::getExt($icon['name']); $name = JFile::makeSafe($slug->sanitize($context->data->title) . '.' . $ext); JFile::upload($icon['tmp_name'], JPATH_ROOT . '/' . $path . $name); $context->data->icon = $path . $name; }
public function setAvatar(KCommandContext $context) { //@TODO we shouldn't clear all cache, only the cache for this user if (JFolder::exists(JPATH_ROOT . '/cache/com_ninjaboard/avatars')) { JFolder::delete(JPATH_ROOT . '/cache/com_ninjaboard/avatars'); } //If nothing is uploaded, don't execute if (!KRequest::get('files.avatar.name', 'raw')) { return; } //Prepare MediaHelper JLoader::register('MediaHelper', JPATH_ROOT . '/components/com_media/helpers/media.php'); $person = KFactory::tmp('admin::com.ninjaboard.model.people')->id($context->result->id)->getItem(); $error = null; $errors = array(); $identifier = $this->getIdentifier(); $name = $identifier->type . '_' . $identifier->package; $relative = '/media/' . $name . '/images/avatars/' . $person->id . '/'; $absolute = JPATH_ROOT . $relative; $attachments = array(); $avatar = KRequest::get('files.avatar', 'raw'); //if we are a bmp we cant upload it if (strtolower(JFile::getExt($avatar['name'])) == 'bmp') { JError::raiseWarning(21, sprintf(JText::_('%s failed to upload because this file type is not supported'), $avatar['name'])); return $this; } if (!MediaHelper::canUpload($avatar, $error)) { $message = JText::_("%s failed to upload because %s"); JError::raiseWarning(21, sprintf($message, $avatar['name'], lcfirst($error))); return $this; } if (!MediaHelper::isImage($avatar['name'])) { $message = JText::_("%s failed to upload because it's not an image."); JError::raiseWarning(21, sprintf($message, $avatar['name'])); return $this; } $this->params = KFactory::get('admin::com.ninjaboard.model.settings')->getParams(); $params = $this->params['avatar_settings']; $maxSize = (int) $params['upload_size_limit']; if ($maxSize > 0 && (int) $avatar['size'] > $maxSize) { $message = JText::_("%s failed uploading because it's too large."); JError::raiseWarning(21, sprintf($message, $avatar['name'])); return $this; } $upload = JFile::makeSafe(uniqid(time())) . '.' . JFile::getExt($avatar['name']); JFile::upload($avatar['tmp_name'], $absolute . $upload); $person->avatar = $relative . $upload; $person->avatar_on = gmdate('Y-m-d H:i:s'); $person->save(); return $this; }
/** * Method for uploading files on save * * @param KCommandContext A command context object * @return void */ public function _afterSave(KCommandContext $context) { //Prepare MediaHelper JLoader::register('MediaHelper', JPATH_ROOT . '/components/com_media/helpers/media.php'); $item = $this->getModel()->getItem(); KRequest::set('files.icon', null); foreach (KRequest::get('files', 'raw') as $key => $file) { if ($file['error'] != UPLOAD_ERR_OK || !$file) { continue; } // are we allowed to upload this filetype if (!MediaHelper::canUpload($file, $error)) { JError::raiseWarning(21, sprintf(JText::_("%s failed to upload because %s"), $file['name'], lcfirst($error))); return; } $slug = $this->getService('koowa:filter.slug'); $ext = JFile::getExt($file['name']); $name = $slug->sanitize(JFile::stripExt($file['name'])) . '-' . time() . '.' . $ext; $name = JFile::makeSafe($name); $path = 'images/com_portfolio/work/' . $slug->sanitize($context->data->title) . '/'; // if this is an image, check we are allowed to upload it if (strpos($key, 'image') === false) { $path .= 'files/'; $row = $this->getService('com://admin/portfolio.database.row.file'); } else { if (!MediaHelper::isImage($file['name'])) { JError::raiseWarning(21, sprintf(JText::_("%s failed to upload because it's not an image."), $file['name'])); return; } $path .= 'images/'; $row = $this->getService('com://admin/portfolio.database.row.image'); $this->generateThumb($file, JPATH_ROOT . '/' . $path . 'thumb-' . $name); } JFile::upload($file['tmp_name'], JPATH_ROOT . '/' . $path . $name); $row->setData(array('directory' => $path, 'filename' => $name, 'work_id' => $item->id))->save(); } }
function _uploadFile($varName, $overwrite = false) { $mainframe = JFactory::getApplication(); $file = JRequest::getVar($varName, '', 'files', 'array'); $format = JRequest::getVar('format', 'html', '', 'cmd'); $return = JRequest::getVar('return-url', null, 'post', 'base64'); $err = null; // Set FTP credentials, if given jimport('joomla.client.helper'); JClientHelper::setCredentialsFromRequest('ftp'); require_once JPATH_COMPONENT . DS . 'helpers' . DS . 'media.php'; // Make the filename safe jimport('joomla.filesystem.file'); $file['name'] = JFile::makeSafe($file['name']); if (isset($file['name'])) { $filepath = JPath::clean(JPATH_SITE . DS . 'tmp' . DS . strtolower($file['name'])); $format = strtolower(JFile::getExt($file['name'])); $allowable = array('png'); $ignore = array(); if (!in_array($format, $allowable) && !in_array($format, $ignore)) { JError::raiseNotice(100, JText::_('Error: File is a wrong type, please upload a png')); return false; } if (!MediaHelper::canUpload($file, $err)) { JError::raiseNotice(100, JText::_($err)); // REDIRECT if ($return) { $mainframe->redirect(base64_decode($return)); } return; } if (JFile::exists($filepath) && !$overwrite) { JError::raiseNotice(100, JText::_('Error. File already exists')); // REDIRECT if ($return) { $mainframe->redirect(base64_decode($return)); } return; } if (!JFile::upload($file['tmp_name'], $filepath)) { JError::raiseWarning(100, JText::_('Error. Unable to upload file')); // REDIRECT if ($return) { $mainframe->redirect(base64_decode($return)); } return; } else { $mainframe->enqueueMessage(JText::_('Upload complete')); // REDIRECT if ($return) { $mainframe->redirect(base64_decode($return)); } $params =& JComponentHelper::getParams('com_webmapplus'); $filepath = str_replace(JPATH_ROOT, "", $filepath); $file_information = pathinfo($filepath); return $file_information; } } else { $mainframe->redirect('index.php', 'Invalid Request', 'error'); } }
/** * Upload a file * * @return void * * @since 1.0.4 */ function upload() { $params = JComponentHelper::getParams('com_media'); // Check for request forgeries if (!JSession::checkToken('request')) { $response = array('status' => '0', 'error' => JText::_('JINVALID_TOKEN')); echo json_encode($response); return; } // Get the user $user = JFactory::getUser(); JLog::addLogger(array('text_file' => 'upload.error.php'), JLog::ALL, array('upload')); // Get some data from the request $file = $this->input->files->get('Filedata', '', 'array'); $folder = $this->input->get('folder', '', 'path'); // Instantiate the media helper $mediaHelper = new JHelperMedia(); if ($_SERVER['CONTENT_LENGTH'] > $params->get('upload_maxsize', 0) * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > $mediaHelper->toBytes(ini_get('upload_max_filesize')) || $_SERVER['CONTENT_LENGTH'] > $mediaHelper->toBytes(ini_get('post_max_size')) || $_SERVER['CONTENT_LENGTH'] > $mediaHelper->toBytes(ini_get('memory_limit'))) { $response = array('status' => '0', 'error' => JText::_('COM_BWPOSTMAN_MEDIA_ERROR_WARNFILETOOLARGE')); echo json_encode($response); return; } // Set FTP credentials, if given JClientHelper::setCredentialsFromRequest('ftp'); // Make the filename safe $file['name'] = JFile::makeSafe($file['name']); if (isset($file['name'])) { // The request is valid $err = null; $filepath = JPath::clean(COM_MEDIA_BASE . '/' . $folder . '/' . strtolower($file['name'])); if (!MediaHelper::canUpload($file, $err)) { JLog::add('Invalid: ' . $filepath . ': ' . $err, JLog::INFO, 'upload'); $response = array('status' => '0', 'error' => JText::_($err)); echo json_encode($response); return; } // Trigger the onContentBeforeSave event. JPluginHelper::importPlugin('content'); $object_file = new JObject($file); $object_file->filepath = $filepath; if (JFile::exists($object_file->filepath)) { // File exists JLog::add('File exists: ' . $object_file->filepath . ' by user_id ' . $user->id, JLog::INFO, 'upload'); $response = array('status' => '0', 'error' => JText::_('COM_BWPOSTMAN_MEDIA_ERROR_FILE_EXISTS')); echo json_encode($response); return; } elseif (!$user->authorise('core.create', 'com_media')) { // File does not exist and user is not authorised to create JLog::add('Create not permitted: ' . $object_file->filepath . ' by user_id ' . $user->id, JLog::INFO, 'upload'); $response = array('status' => '0', 'error' => JText::_('COM_BWPOSTMAN_MEDIA_ERROR_CREATE_NOT_PERMITTED')); echo json_encode($response); return; } if (!JFile::upload($object_file->tmp_name, $object_file->filepath)) { // Error in upload JLog::add('Error on upload: ' . $object_file->filepath, JLog::INFO, 'upload'); $response = array('status' => '0', 'error' => JText::_('COM_BWPOSTMAN_MEDIA_ERROR_UNABLE_TO_UPLOAD_FILE')); echo json_encode($response); return; } else { JLog::add($folder, JLog::INFO, 'upload'); $response = array('status' => '1', 'error' => JText::sprintf('COM_BWPOSTMAN_MEDIA_UPLOAD_COMPLETE', substr($object_file->filepath, strlen(COM_MEDIA_BASE)))); echo json_encode($response); return; } } else { $response = array('status' => '0', 'error' => JText::_('COM_BWPOSTMAN_MEDIA_ERROR_BAD_REQUEST')); echo json_encode($response); return; } }
protected function uploadFile($file, $checkUpload = true) { if (isset($file['name'])) { JLoader::import('joomla.filesystem.file'); // Can we upload this file type? if ($checkUpload) { if (!class_exists('MediaHelper')) { require_once JPATH_ADMINISTRATOR . '/components/com_media/helpers/media.php'; } $err = ''; $paths = array(JPATH_ROOT, JPATH_ADMINISTRATOR); $jlang = JFactory::getLanguage(); $jlang->load('com_media', $paths[0], 'en-GB', true); $jlang->load('com_media', $paths[0], null, true); $jlang->load('com_media', $paths[1], 'en-GB', true); $jlang->load('com_media', $paths[1], null, true); if (!MediaHelper::canUpload($file, $err)) { if (!empty($err)) { $err = JText::_($err); } else { $app = JFactory::getApplication(); $errors = $app->getMessageQueue(); if (count($errors)) { $error = array_pop($errors); $err = $error['message']; } else { $err = ''; } } $content = file_get_contents($file['tmp_name']); if (preg_match('/\\<\\?php/i', $content)) { $err = JText::_('J2STORE_UPLOAD_FILE_PHP_TAGS'); } if (!empty($err)) { $this->setError(JText::_('J2STORE_UPLOAD_ERR_MEDIAHELPER_ERROR') . ' ' . $err); } else { $this->setError(JText::_('J2STORE_UPLOAD_ERR_GENERIC_ERROR')); } return false; } } // Get a (very!) randomised name $serverkey = JFactory::getConfig()->get('secret', ''); $sig = $file['name'] . microtime() . $serverkey; if (function_exists('sha256')) { $mangledname = sha256($sig); } elseif (function_exists('sha1')) { $mangledname = sha1($sig); } else { $mangledname = md5($sig); } $upload_folder_path = JPATH_ROOT . '/media/j2store/uploads'; if (!JFolder::exists($upload_folder_path)) { if (!JFolder::create($upload_folder_path)) { $this->setError(JText::_('J2STORE_UPLOAD_ERROR_FOLDER_PERMISSION_ERROR')); } } //sanitize file name $filename = basename(preg_replace('/[^a-zA-Z0-9\\.\\-\\s+]/', '', html_entity_decode($file['name'], ENT_QUOTES, 'UTF-8'))); $name = $filename . '.' . md5(mt_rand()); // ...and its full path $filepath = JPath::clean(JPATH_ROOT . '/media/j2store/uploads/' . $name); // If we have a name clash, abort the upload if (JFile::exists($filepath)) { $this->setError(JText::_('J2STORE_UPLOAD_ERR_NAMECLASH')); return false; } // Do the upload if ($checkUpload) { if (!JFile::upload($file['tmp_name'], $filepath)) { $this->setError(JText::_('J2STORE_UPLOAD_ERR_CANTJFILEUPLOAD')); return false; } } else { if (!JFile::copy($file['tmp_name'], $filepath)) { $this->setError(JText::_('J2STORE_UPLOAD_ERR_CANTJFILEUPLOAD')); return false; } } // Get the MIME type if (function_exists('mime_content_type')) { $mime = mime_content_type($filepath); } elseif (function_exists('finfo_open')) { $finfo = finfo_open(FILEINFO_MIME_TYPE); $mime = finfo_file($finfo, $filepath); } else { $mime = 'application/octet-stream'; } // Return the file info return array('original_name' => $file['name'], 'mangled_name' => $mangledname, 'saved_name' => $name, 'mime_type' => $mime); } else { $this->setError(JText::_('J2STORE_ATTACHMENTS_ERR_NOFILE')); return false; } }
/** * Upload one or more files * * @return boolean * * @since 1.5 */ public function upload() { // Check for request forgeries JSession::checkToken('request') or jexit(JText::_('JINVALID_TOKEN')); $params = JComponentHelper::getParams('com_media'); // Get some data from the request $files = $this->input->files->get('Filedata', '', 'array'); $return = $this->input->post->get('return-url', null, 'base64'); $this->folder = $this->input->get('folder', '', 'path'); // Set the redirect if ($return) { $this->setRedirect(base64_decode($return) . '&folder=' . $this->folder); } // Authorize the user if (!$this->authoriseUser('create')) { return false; } if ( $_SERVER['CONTENT_LENGTH'] > ($params->get('upload_maxsize', 0) * 1024 * 1024) || $_SERVER['CONTENT_LENGTH'] > (int) (ini_get('upload_max_filesize')) * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > (int) (ini_get('post_max_size')) * 1024 * 1024 || (($_SERVER['CONTENT_LENGTH'] > (int) (ini_get('memory_limit')) * 1024 * 1024) && ((int) (ini_get('memory_limit')) != -1)) ) { JError::raiseWarning(100, JText::_('COM_MEDIA_ERROR_WARNFILETOOLARGE')); return false; } // Perform basic checks on file info before attempting anything foreach ($files as &$file) { $file['name'] = JFile::makeSafe($file['name']); $file['filepath'] = JPath::clean(implode(DIRECTORY_SEPARATOR, array(COM_MEDIA_BASE, $this->folder, $file['name']))); if ($file['error'] == 1) { JError::raiseWarning(100, JText::_('COM_MEDIA_ERROR_WARNFILETOOLARGE')); return false; } if ($file['size'] > ($params->get('upload_maxsize', 0) * 1024 * 1024)) { JError::raiseNotice(100, JText::_('COM_MEDIA_ERROR_WARNFILETOOLARGE')); return false; } if (JFile::exists($file['filepath'])) { // A file with this name already exists JError::raiseWarning(100, JText::_('COM_MEDIA_ERROR_FILE_EXISTS')); return false; } if (!isset($file['name'])) { // No filename (after the name was cleaned by JFile::makeSafe) $this->setRedirect('index.php', JText::_('COM_MEDIA_INVALID_REQUEST'), 'error'); return false; } } // Set FTP credentials, if given JClientHelper::setCredentialsFromRequest('ftp'); JPluginHelper::importPlugin('content'); $dispatcher = JEventDispatcher::getInstance(); foreach ($files as &$file) { // The request is valid $err = null; if (!MediaHelper::canUpload($file, $err)) { // The file can't be upload JError::raiseNotice(100, JText::_($err)); return false; } // Trigger the onContentBeforeSave event. $object_file = new JObject($file); $result = $dispatcher->trigger('onContentBeforeSave', array('com_media.file', &$object_file)); if (in_array(false, $result, true)) { // There are some errors in the plugins JError::raiseWarning(100, JText::plural('COM_MEDIA_ERROR_BEFORE_SAVE', count($errors = $object_file->getErrors()), implode('<br />', $errors))); return false; } if (!JFile::upload($object_file->tmp_name, $object_file->filepath)) { // Error in upload JError::raiseWarning(100, JText::_('COM_MEDIA_ERROR_UNABLE_TO_UPLOAD_FILE')); return false; } else { // Trigger the onContentAfterSave event. $dispatcher->trigger('onContentAfterSave', array('com_media.file', &$object_file, true)); $this->setMessage(JText::sprintf('COM_MEDIA_UPLOAD_COMPLETE', substr($object_file->filepath, strlen(COM_MEDIA_BASE)))); } } return true; }
/** * Helper method for uploading a file * * @author Stian Didriksen <*****@*****.**> * @param array $config Configuration array * ->name Where to find the file object in $_FILES * ->to Where the file upload destination * ->rename If given a string, that will be the new name, false to keep the current name * ->randomize Wether to create a random name for the uploaded file or not * ->image Set to true if an additional image validation is needed * ->root The root of the move operation, change this if you need to go up the root * @return array Result of the operation */ protected function _upload(array $config) { $config = new KConfig($config); $identifier = $this->getIdentifier(); $package = $identifier->package; $folder = KInflector::pluralize($identifier->name); $config->append(array('name' => 'image', 'to' => '/images/stories/com_' . $package . '/' . $folder . '/', 'rename' => false, 'randomize' => false, 'image' => false, 'root' => JPATH_ROOT)); //Prepare MediaHelper JLoader::register('MediaHelper', JPATH_ROOT . '/components/com_media/helpers/media.php'); $error = null; $file = KRequest::get('files.' . $config->name, 'raw'); if (!MediaHelper::canUpload($file, $error)) { $message = JText::_("%s failed to upload because %s"); JError::raiseWarning(21, sprintf($message, $file['name'], lcfirst($error))); return array(); } if ($config->image && !MediaHelper::isImage($file['name'])) { $message = JText::_("%s failed to upload because it's not an image."); JError::raiseWarning(21, sprintf($message, $file['name'])); return array(); } $name = $config->rename ? $config->rename : $file['name']; $upload = JFile::makeSafe($config->randomize ? uniqid(time()) . '.' . JFile::getExt($name) : $name); $relative = $config->to . $upload; $absolute = $config->root . $relative; JFile::upload($file['tmp_name'], $absolute); return array('filename' => $upload, 'filepath' => array('relative' => $relative, 'absolute' => $absolute)); }
function upload() { global $mainframe; $version = new JVersion(); $joomla = $version->getShortVersion(); if (substr($joomla, 0, 3) >= '1.6') { $mainframe = JFactory::getApplication(); } $fileArr = JRequest::getVar('Filedata', '', 'files', 'array'); $folder = JRequest::getVar('folder', '', '', 'path'); $format = JRequest::getVar('format', 'html', '', 'cmd'); $return = JRequest::getVar('return-url', null, 'post', 'base64'); $parentId = JRequest::getVar('parentId'); $err = null; //------------------------------ // to get the image size from seeting table $dealImageSize = EnmasseHelper::getDealImageSize(); if (!empty($dealImageSize)) { $image_height = $dealImageSize->image_height; $image_width = $dealImageSize->image_width; } else { $image_height = 252; $image_width = 400; } for ($i = 0; $i < count($fileArr['name']); $i++) { $file[$i]['name'] = $fileArr['name'][$i]; $file[$i]['type'] = $fileArr['type'][$i]; $file[$i]['tmp_name'] = $fileArr['tmp_name'][$i]; $file[$i]['error'] = $fileArr['error'][$i]; $file[$i]['size'] = $fileArr['size'][$i]; } // Set FTP credentials, if given jimport('joomla.client.helper'); JClientHelper::setCredentialsFromRequest('ftp'); // Make the filename safe jimport('joomla.filesystem.file'); $random = rand(); for ($count = 0; $count < count($file); $count++) { $file[$count]['name'] = JFile::makeSafe($file[$count]['name']); if (isset($file[$count]['name'])) { $filepath = JPath::clean(JPATH_SITE . DS . 'components' . DS . 'com_enmasse' . DS . 'upload' . DS . strtolower($random . '-' . $count . '-' . $file[$count]['name'])); $imagepath = JPath::clean('components' . DS . 'com_enmasse' . DS . 'upload' . DS . strtolower($random . '-' . $count . '-' . $file[$count]['name'])); $imagePathArr[$count] = $imagepath; if (!MediaHelper::canUpload($file[$count], $err)) { if ($format == 'json') { jimport('joomla.error.log'); $log =& JLog::getInstance('upload.error.php'); $log->addEntry(array('comment' => 'Invalid: ' . $filepath . ': ' . $err)); header('HTTP/1.0 415 Unsupported Media Type'); jexit('Error. Unsupported Media Type!'); } else { JError::raiseNotice(100, JText::_($err)); // REDIRECT if ($return) { $mainframe->redirect(base64_decode($return) . '&folder=' . $folder . '&parentId=' . $parentId); } return; } } $image = $file[$count]["name"]; $uploadedfile = $file[$count]['tmp_name']; $filename = stripslashes($file[$count]['name']); $extension = $this->getExtension($filename); $extension = strtolower($extension); $size = filesize($file[$count]['tmp_name']); if ($extension == "jpg" || $extension == "jpeg") { $uploadedfile = $file[$count]['tmp_name']; $src = imagecreatefromjpeg($uploadedfile); } else { if ($extension == "png") { $uploadedfile = $file[$count]['tmp_name']; $src = imagecreatefrompng($uploadedfile); } } list($width, $height) = getimagesize($uploadedfile); $newwidth = 60; $newheight = $height / $width * $newwidth; $tmp = imagecreatetruecolor($newwidth, $newheight); $newwidth1 = $image_width; $newheight1 = $image_height; $tmp1 = imagecreatetruecolor($newwidth1, $newheight1); imagecopyresampled($tmp, $src, 0, 0, 0, 0, $newwidth, $newheight, $width, $height); imagecopyresampled($tmp1, $src, 0, 0, 0, 0, $newwidth1, $newheight1, $width, $height); $filename = $filepath; $filename1 = $filepath; imagejpeg($tmp, $filename, 100); imagejpeg($tmp1, $filename1, 100); imagedestroy($src); imagedestroy($tmp); imagedestroy($tmp1); if ($count == count($file) - 1) { $mainframe->redirect(base64_decode($return) . '&folder=' . urlencode(serialize($imagePathArr)) . '&parentId=' . $parentId); } } else { $mainframe->redirect('index.php', 'Invalid Request', 'error'); } } //$mainframe->redirect(base64_decode($return).'&folder='.$imagepath.'&parentId='.$parentId); }
/** * Upload a file * @return void * @since 1.5 */ function upload() { return; // Check for request forgeries if (!JRequest::checkToken('request')) { $response = array('status' => '0', 'error' => JText::_('JINVALID_TOKEN')); echo json_encode($response); return; } // Get the user $user = JFactory::getUser(); // Get some data from the request $file = JRequest::getVar('Filedata', '', 'files', 'array'); $folder = JRequest::getVar('folder', '', '', 'path'); $return = JRequest::getVar('return-url', null, 'post', 'base64'); // Set FTP credentials, if given jimport('joomla.client.helper'); JClientHelper::setCredentialsFromRequest('ftp'); // Make the filename safe $file['name'] = JFile::makeSafe($file['name']); if (isset($file['name'])) { // The request is valid $err = null; $filepath = JPath::clean(JPATH_COMPONENT . DS . $folder . DS . strtolower($file['name'])); if (!MediaHelper::canUpload($file, $err)) { $response = array('status' => '0', 'error' => JText::_($err)); echo json_encode($response); return; } // Trigger the onContentBeforeSave event. JPluginHelper::importPlugin('content'); $dispatcher = JDispatcher::getInstance(); $object_file = new JObject($file); $object_file->filepath = $filepath; $result = $dispatcher->trigger('onContentBeforeSave', array('com_media.file', $object_file)); if (in_array(false, $result, true)) { // There are some errors in the plugins $log->addEntry(array('comment' => 'Errors before save: ' . $filepath . ' : ' . implode(', ', $object_file->getErrors()))); $response = array('status' => '0', 'error' => JText::plural('COM_MEDIA_ERROR_BEFORE_SAVE', count($errors = $object_file->getErrors()), implode('<br />', $errors))); echo json_encode($response); return; } if (JFile::exists($filepath)) { // File exists $response = array('status' => '0', 'error' => JText::_('COM_MEDIA_ERROR_FILE_EXISTS')); echo json_encode($response); return; } elseif (!$user->authorise('core.create', 'com_media')) { // File does not exist and user is not authorised to create $response = array('status' => '0', 'error' => JText::_('COM_MEDIA_ERROR_CREATE_NOT_PERMITTED')); echo json_encode($response); return; } $file = (array) $object_file; if (!JFile::upload($file['tmp_name'], $file['filepath'])) { // Error in upload $response = array('status' => '0', 'error' => JText::_('COM_MEDIA_ERROR_UNABLE_TO_UPLOAD_FILE')); echo json_encode($response); return; } else { // Trigger the onContentAfterSave event. //$dispatcher->trigger('onContentAfterSave', array('com_media.file', &$object_file), null); $response = array('status' => '1', 'error' => JText::sprintf('COM_MEDIA_UPLOAD_COMPLETE', substr($file['filepath'], strlen('COM_MEDIA_BASE')))); echo json_encode($response); return; } } else { $response = array('status' => '0', 'error' => JText::_('COM_MEDIA_ERROR_BAD_REQUEST')); echo json_encode($response); return; } }
/** * Upload a file * * @since 1.5 */ function upload() { $params = JComponentHelper::getParams('com_media'); // Check for request forgeries if (!JSession::checkToken('request')) { $response = array('status' => '0', 'error' => JText::_('JINVALID_TOKEN')); echo json_encode($response); return; } // Get the user $user = JFactory::getUser(); $log = JLog::getInstance('upload.error.php'); // Get some data from the request $file = JRequest::getVar('Filedata', '', 'files', 'array'); $folder = JRequest::getVar('folder', '', '', 'path'); $return = JRequest::getVar('return-url', null, 'post', 'base64'); if ($_SERVER['CONTENT_LENGTH'] > $params->get('upload_maxsize', 0) * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > (int) ini_get('upload_max_filesize') * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > (int) ini_get('post_max_size') * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > (int) ini_get('memory_limit') * 1024 * 1024) { $response = array('status' => '0', 'error' => JText::_('COM_MEDIA_ERROR_WARNFILETOOLARGE')); echo json_encode($response); return; } // Set FTP credentials, if given JClientHelper::setCredentialsFromRequest('ftp'); // Make the filename safe $file['name'] = JFile::makeSafe($file['name']); if (isset($file['name'])) { // The request is valid $err = null; $filepath = JPath::clean(COM_MEDIA_BASE . '/' . $folder . '/' . strtolower($file['name'])); if (!MediaHelper::canUpload($file, $err)) { $log->addEntry(array('comment' => 'Invalid: ' . $filepath . ': ' . $err)); $response = array('status' => '0', 'error' => JText::_($err)); echo json_encode($response); return; } // Trigger the onContentBeforeSave event. JPluginHelper::importPlugin('content'); $dispatcher = JDispatcher::getInstance(); $object_file = new JObject($file); $object_file->filepath = $filepath; $result = $dispatcher->trigger('onContentBeforeSave', array('com_media.file', &$object_file)); if (in_array(false, $result, true)) { // There are some errors in the plugins $log->addEntry(array('comment' => 'Errors before save: ' . $filepath . ' : ' . implode(', ', $object_file->getErrors()))); $response = array('status' => '0', 'error' => JText::plural('COM_MEDIA_ERROR_BEFORE_SAVE', count($errors = $object_file->getErrors()), implode('<br />', $errors))); echo json_encode($response); return; } if (JFile::exists($filepath)) { // File exists $log->addEntry(array('comment' => 'File exists: ' . $filepath . ' by user_id ' . $user->id)); $response = array('status' => '0', 'error' => JText::_('COM_MEDIA_ERROR_FILE_EXISTS')); echo json_encode($response); return; } elseif (!$user->authorise('core.create', 'com_media')) { // File does not exist and user is not authorised to create $log->addEntry(array('comment' => 'Create not permitted: ' . $filepath . ' by user_id ' . $user->id)); $response = array('status' => '0', 'error' => JText::_('COM_MEDIA_ERROR_CREATE_NOT_PERMITTED')); echo json_encode($response); return; } $file = (array) $object_file; if (!JFile::upload($file['tmp_name'], $file['filepath'])) { // Error in upload $log->addEntry(array('comment' => 'Error on upload: ' . $filepath)); $response = array('status' => '0', 'error' => JText::_('COM_MEDIA_ERROR_UNABLE_TO_UPLOAD_FILE')); echo json_encode($response); return; } else { // Trigger the onContentAfterSave event. $dispatcher->trigger('onContentAfterSave', array('com_media.file', &$object_file, true)); $log->addEntry(array('comment' => $folder)); $response = array('status' => '1', 'error' => JText::sprintf('COM_MEDIA_UPLOAD_COMPLETE', substr($file['filepath'], strlen(COM_MEDIA_BASE)))); echo json_encode($response); return; } } else { $response = array('status' => '0', 'error' => JText::_('COM_MEDIA_ERROR_BAD_REQUEST')); echo json_encode($response); return; } }
/** * Upload a file * * @since 1.5 */ function upload() { // Check for request forgeries JSession::checkToken('request') or jexit(JText::_('JINVALID_TOKEN')); // Get the user $user = JFactory::getUser(); // Get some data from the request $file = JRequest::getVar('Filedata', '', 'files', 'array'); $folder = JRequest::getVar('folder', '', '', 'path'); $return = JRequest::getVar('return-url', null, 'post', 'base64'); // Set FTP credentials, if given JClientHelper::setCredentialsFromRequest('ftp'); // Set the redirect if ($return) { $this->setRedirect(base64_decode($return) . '&folder=' . $folder); } // Make the filename safe $file['name'] = JFile::makeSafe($file['name']); if (isset($file['name'])) { // The request is valid $err = null; if (!MediaHelper::canUpload($file, $err)) { // The file can't be upload JError::raiseNotice(100, JText::_($err)); return false; } $filepath = JPath::clean(COM_MEDIA_BASE . '/' . $folder . '/' . strtolower($file['name'])); // Trigger the onContentBeforeSave event. JPluginHelper::importPlugin('content'); $dispatcher = JDispatcher::getInstance(); $object_file = new JObject($file); $object_file->filepath = $filepath; $result = $dispatcher->trigger('onContentBeforeSave', array('com_media.file', &$object_file)); if (in_array(false, $result, true)) { // There are some errors in the plugins JError::raiseWarning(100, JText::plural('COM_MEDIA_ERROR_BEFORE_SAVE', count($errors = $object_file->getErrors()), implode('<br />', $errors))); return false; } $file = (array) $object_file; if (JFile::exists($file['filepath'])) { // File exists JError::raiseWarning(100, JText::_('COM_MEDIA_ERROR_FILE_EXISTS')); return false; } elseif (!$user->authorise('core.create', 'com_media')) { // File does not exist and user is not authorised to create JError::raiseWarning(403, JText::_('COM_MEDIA_ERROR_CREATE_NOT_PERMITTED')); return false; } if (!JFile::upload($file['tmp_name'], $file['filepath'])) { // Error in upload JError::raiseWarning(100, JText::_('COM_MEDIA_ERROR_UNABLE_TO_UPLOAD_FILE')); return false; } else { // Trigger the onContentAfterSave event. $dispatcher->trigger('onContentAfterSave', array('com_media.file', &$object_file, true)); $this->setMessage(JText::sprintf('COM_MEDIA_UPLOAD_COMPLETE', substr($file['filepath'], strlen(COM_MEDIA_BASE)))); return true; } } else { $this->setRedirect('index.php', JText::_('COM_MEDIA_INVALID_REQUEST'), 'error'); return false; } }
/** * Action to handle media upload * * @return void */ public function uploadAction() { if ($this->request->getMethod() != 'POST') { return; } $params = JComponentHelper::getParams('com_media'); $file = JRequest::getVar('jsn-file-upload', '', 'files', 'array'); if (!class_exists('MediaHelper')) { require_once JPATH_ADMINISTRATOR . '/components/com_media/helpers/media.php'; } // Load com_media language $this->language->load('com_media'); // The request is valid $error = null; // Make sure uploaded file is an image file if (!preg_match('/\\.(jpg|png|gif|xcf|odg|bmp|jpeg|ico)$/', $file['name'])) { throw new Exception(JText::_('COM_MEDIA_ERROR_WARNFILETYPE')); } // Do some additional checks if (!MediaHelper::canUpload($file, $error)) { throw new Exception(JText::_(empty($error) ? 'JSN_TPLFW_GENERAL_UPLOADED_FILE_TYPE_NOT_SUPPORTED' : $error)); } $filepath = JPath::clean($this->_getPath() . '/' . JFile::makeSafe($file['name'])); if (!JFile::upload($file['tmp_name'], $filepath)) { throw new Exception(JText::_('COM_MEDIA_ERROR_UNABLE_TO_UPLOAD_FILE')); } // Prepare image file path $path = str_replace(DIRECTORY_SEPARATOR, '/', $filepath); $path = substr($path, strlen($this->rootPath)); $this->setResponse(array('id' => md5($path), 'path' => $path)); }
public function upload() { $app = JFactory::getApplication(); // load language fo component media $lang = JFactory::getLanguage(); $lang->load('com_media'); $params = JComponentHelper::getParams('com_media'); require_once JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_media' . DS . 'helpers' . DS . 'media.php'; define('COM_AUP_MEDIA_BASE', JPATH_ROOT . DS . 'components' . DS . 'com_alphauserpoints' . DS . 'assets' . DS . 'images' . DS . 'awards'); // Check for request forgeries JRequest::checkToken('request') or jexit('Invalid Token'); $files = JFactory::getApplication()->input->files->get('Filedata', '', 'array'); $file = $files[0]; $folder = JFactory::getApplication()->input->get('folder', 'icon', 'path'); $format = JFactory::getApplication()->input->get('format', 'html', 'cmd'); $return = JFactory::getApplication()->input->get('return-url', null, 'base64'); $err = null; // Set FTP credentials, if given jimport('joomla.client.helper'); JClientHelper::setCredentialsFromRequest('ftp'); // Make the filename safe jimport('joomla.filesystem.file'); $file['name'] = JFile::makeSafe($file['name']); if (isset($file['name'])) { $filepath = JPath::clean(COM_AUP_MEDIA_BASE . DS . $folder . DS . strtolower($file['name'])); if (!MediaHelper::canUpload($file, $err)) { if ($format == 'json') { jimport('joomla.error.log'); $log = JLog::getInstance('upload.error.php'); $log->addEntry(array('comment' => 'Invalid: ' . $filepath . ': ' . $err)); header('HTTP/1.0 415 Unsupported Media Type'); jexit('Error. Unsupported Media Type!'); } else { JError::raiseNotice(100, JText::_($err)); // REDIRECT if ($return) { $this->setRedirect(base64_decode($return)); $this->redirect(); } return; } } if (JFile::exists($filepath)) { if ($format == 'json') { jimport('joomla.error.log'); $log = JLog::getInstance('upload.error.php'); $log->addEntry(array('comment' => 'File already exists: ' . $filepath)); header('HTTP/1.0 409 Conflict'); jexit('Error. File already exists'); } else { JError::raiseNotice(100, JText::_('Error. File already exists')); // REDIRECT if ($return) { $this->setRedirect(base64_decode($return)); $this->redirect(); } return; } } if (!JFile::upload($file['tmp_name'], $filepath)) { if ($format == 'json') { jimport('joomla.error.log'); $log = JLog::getInstance('upload.error.php'); $log->addEntry(array('comment' => 'Cannot upload: ' . $filepath)); header('HTTP/1.0 400 Bad Request'); jexit('Error. Unable to upload file'); } else { JError::raiseWarning(100, JText::_('Error. Unable to upload file')); // REDIRECT if ($return) { $this->setRedirect(base64_decode($return)); $this->redirect(); } return; } } else { if ($format == 'json') { jimport('joomla.error.log'); $log = JLog::getInstance(); $log->addEntry(array('comment' => $folder)); jexit('Upload complete'); } else { $app->enqueueMessage(JText::_('Upload complete')); // REDIRECT if ($return) { $this->setRedirect(base64_decode($return)); $this->redirect(); } return; } } } else { $this->setRedirect('index.php', 'Invalid Request', 'error'); $this->redirect(); } }
/** * Upload one or more files * * @since 1.5 */ public function upload() { // Check for request forgeries Session::checkToken(['get', 'post']); $params = Component::params('com_media'); // Get some data from the request $files = Request::getVar('Filedata', '', 'files', 'array'); $return = Request::getVar('return-url', null, 'post', 'base64'); $this->folder = Request::getVar('folder', '', '', 'path'); // Set the redirect if ($return) { $this->setRedirect(base64_decode($return) . '&folder=' . $this->folder); } // Authorize the user if (!$this->authoriseUser('create')) { return false; } if ($_SERVER['CONTENT_LENGTH'] > $params->get('upload_maxsize', 0) * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > (int) ini_get('upload_max_filesize') * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > (int) ini_get('post_max_size') * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > (int) ini_get('memory_limit') * 1024 * 1024 && (int) ini_get('memory_limit') != -1) { Notify::warning(Lang::txt('COM_MEDIA_ERROR_WARNFILETOOLARGE')); return false; } // Input is in the form of an associative array containing numerically indexed arrays // We want a numerically indexed array containing associative arrays // Cast each item as array in case the Filedata parameter was not sent as such $files = array_map(array($this, 'reformatFilesArray'), (array) $files['name'], (array) $files['type'], (array) $files['tmp_name'], (array) $files['error'], (array) $files['size']); // Perform basic checks on file info before attempting anything foreach ($files as &$file) { if ($file['error'] == 1) { Notify::warning(Lang::txt('COM_MEDIA_ERROR_WARNFILETOOLARGE')); return false; } if ($file['size'] > $params->get('upload_maxsize', 0) * 1024 * 1024) { Notify::warning(Lang::txt('COM_MEDIA_ERROR_WARNFILETOOLARGE')); return false; } if (Filesystem::exists($file['filepath'])) { // A file with this name already exists Notify::warning(Lang::txt('COM_MEDIA_ERROR_FILE_EXISTS')); return false; } if (!isset($file['name'])) { // No filename (after the name was cleaned by Filesystem::clean() $this->setRedirect('index.php', Lang::txt('COM_MEDIA_INVALID_REQUEST'), 'error'); return false; } } // Set FTP credentials, if given JClientHelper::setCredentialsFromRequest('ftp'); foreach ($files as &$file) { // The request is valid $err = null; if (!MediaHelper::canUpload($file, $err)) { // The file can't be upload Notify::warning(Lang::txt($err)); return false; } // Trigger the onContentBeforeSave event. $object_file = new \Hubzero\Base\Object($file); $result = Event::trigger('content.onContentBeforeSave', array('com_media.file', &$object_file, true)); if (in_array(false, $result, true)) { // There are some errors in the plugins Notify::warning(Lang::txts('COM_MEDIA_ERROR_BEFORE_SAVE', count($errors = $object_file->getErrors()), implode('<br />', $errors))); return false; } if (!Filesystem::upload($file['tmp_name'], $file['filepath'])) { // Error in upload Notify::warning(Lang::txt('COM_MEDIA_ERROR_UNABLE_TO_UPLOAD_FILE')); return false; } else { // Trigger the onContentAfterSave event. Event::trigger('content.onContentAfterSave', array('com_media.file', &$object_file, true)); $this->setMessage(Lang::txt('COM_MEDIA_UPLOAD_COMPLETE', substr($file['filepath'], strlen(COM_MEDIA_BASE)))); } } return true; }
public function uploadavatar() { $app = JFactory::getApplication(); $db = JFactory::getDBO(); $user = JFactory::getUser(); // load language for component media $lang = JFactory::getLanguage(); $lang->load('com_media', JPATH_SITE); $lang = JFactory::getLanguage(); $lang->load('com_media', JPATH_ADMINISTRATOR); $params = JComponentHelper::getParams('com_media'); require_once JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_media' . DS . 'helpers' . DS . 'media.php'; define('COM_AUP_MEDIA_BASE_IMAGE', JPATH_ROOT . DS . 'components' . DS . 'com_alphauserpoints' . DS . 'assets' . DS . 'images'); // Check for request forgeries JRequest::checkToken('request') or jexit('Invalid Token'); $files = JFactory::getApplication()->input->files->get('filedata', '', 'array'); $file = $files[0]; $folder = JFactory::getApplication()->input->get('folder', 'avatars', 'path'); $format = JFactory::getApplication()->input->get('format', 'html', 'cmd'); $return = JFactory::getApplication()->input->get('return-url', null, 'base64'); $referrerid = JFactory::getApplication()->input->get('referrerid', '', 'string'); $err = null; // Set FTP credentials, if given jimport('joomla.client.helper'); JClientHelper::setCredentialsFromRequest('ftp'); // Make the filename safe jimport('joomla.filesystem.file'); $file['name'] = JFile::makeSafe($file['name']); if (isset($file['name']) && $referrerid != '') { $extention = JFile::getExt($file['name']); $newnameavatar = strtolower($referrerid . '.' . $extention); //chmod (COM_AUP_MEDIA_BASE_IMAGE.DS.$folder, 0755) ; $filepath = JPath::clean(COM_AUP_MEDIA_BASE_IMAGE . DS . $folder . DS . $newnameavatar); // erase old avatar if (file_exists($filepath)) { @unlink($filepath); } if (!MediaHelper::canUpload($file, $err)) { if ($format == 'json') { jimport('joomla.error.log'); $log = JLog::getInstance('upload.error.php'); $log->addEntry(array('comment' => 'Invalid: ' . $filepath . ': ' . $err)); header('HTTP/1.0 415 Unsupported Media Type'); jexit('Error. Unsupported Media Type!'); } else { JError::raiseNotice(100, JText::_($err)); // REDIRECT if ($return) { $this->setRedirect(base64_decode($return)); $this->redirect(); } return; } } if (JFile::exists($filepath)) { if ($format == 'json') { jimport('joomla.error.log'); $log = JLog::getInstance('upload.error.php'); $log->addEntry(array('comment' => 'File already exists: ' . $filepath)); header('HTTP/1.0 409 Conflict'); jexit('Error. File already exists'); } else { JError::raiseNotice(100, JText::_('UPLOAD FAILED. FILE ALREADY EXISTS')); // REDIRECT if ($return) { $this->setRedirect(base64_decode($return)); $this->redirect(); } return; } } if (!JFile::upload($file['tmp_name'], $filepath)) { if ($format == 'json') { jimport('joomla.error.log'); $log = JLog::getInstance('upload.error.php'); $log->addEntry(array('comment' => 'Cannot upload: ' . $filepath)); header('HTTP/1.0 400 Bad Request'); jexit('ERROR. UNABLE TO UPLOAD FILE'); } else { JError::raiseWarning(100, JText::_('ERROR. UNABLE TO UPLOAD FILE')); // REDIRECT if ($return) { $this->setRedirect(base64_decode($return)); $this->redirect(); } return; } } else { // SAVE IN PROFIL USER ALPHAUSERPOINTS $query = "UPDATE #__alpha_userpoints" . "\n SET avatar='" . $newnameavatar . "'" . "\n WHERE referreid='" . $referrerid . "' AND userid='" . $user->id . "'"; $db->setQuery($query); if (!$db->query()) { JError::raiseError(500, $db->getErrorMsg()); return false; } require_once JPATH_SITE . DS . 'components' . DS . 'com_alphauserpoints' . DS . 'helper.php'; if ($format == 'json') { jimport('joomla.error.log'); $log = JLog::getInstance(); $log->addEntry(array('comment' => $folder)); jexit('Upload complete'); // apply rule for upload avatar AlphaUserPointsHelper::userpoints('sysplgaup_uploadavatar', '', 0, $referrerid); } else { $app->enqueueMessage(JText::_('UPLOAD COMPLETE')); // apply rule for upload avatar AlphaUserPointsHelper::userpoints('sysplgaup_uploadavatar', '', 0, $referrerid); // REDIRECT if ($return) { $this->setRedirect(base64_decode($return)); $this->redirect(); } return; } } } else { $this->setRedirect('index.php', 'Invalid Request', 'error'); $this->redirect(); } }
public function setAttachments(KCommandContext $context) { $data = $context['result']; $me = KFactory::get('admin::com.ninjaboard.model.people')->getMe(); if (is_a($data, 'KDatabaseRowsetInterface')) { $data = (object) end($data->getData()); } $err = null; $errors = array(); $identifier = $this->getIdentifier(); $destination = JPATH_ROOT . '/media/' . $identifier->type . '_' . $identifier->package . '/attachments/'; $attachments = array(); require_once JPATH_ROOT . '/components/com_media/helpers/media.php'; $files = KRequest::get('files.attachments.name', 'raw', array()); if ($files) { // Check Forum Attachment Settings $params = KFactory::get('admin::com.ninjaboard.model.settings')->getParams(); if (!$params['attachment_settings']['enable_attachments']) { JError::raiseWarning(21, JText::_('Attachments have been disabled on this forum.')); $this->execute('cancel'); return false; } // Check User Attachment Permissions $row = $this->getModel()->getItem(); $topic = KFactory::tmp('site::com.ninjaboard.model.topics')->id($row->ninjaboard_topic_id)->getItem(); $forum = KFactory::tmp('site::com.ninjaboard.model.forums')->id($topic->forum_id)->getItem(); if ($forum->attachment_permissions < 2) { JError::raiseWarning(21, JText::_("You don't have the permissions to use Attachments in this forum.")); $this->execute('cancel'); return false; } } foreach ($files as $i => $file) { //If no name is set, then we can't upload if (!trim($file)) { continue; } foreach (KRequest::get('files.attachments', 'raw') as $key => $values) { $attachment[$key] = KRequest::get('files.attachments.' . $key . '.' . $i, 'raw'); } if (MediaHelper::canUpload($attachment, $err)) { $attachments[] = $attachment; } else { $errors[] = array_merge($attachment, array('error' => $err)); } } foreach ($attachments as $attachment) { $upload = JFile::makeSafe(uniqid(time())) . '.' . JFile::getExt($attachment['name']); JFile::upload($attachment['tmp_name'], $destination . $upload); KFactory::tmp('site::com.ninjaboard.model.attachments')->post($data->id)->getItem()->setData(array('post' => $data->id, 'file' => $upload, 'name' => $attachment['name'], 'joomla_user_id' => $me->id))->save(); } //Makes sure the page don't scroll after redirect when there are errors if ($errors) { $this->_redirect_hash = false; } foreach ($errors as $error) { JError::raiseWarning(21, sprintf(JText::_("%s couldn't upload because %s"), $error['name'], lcfirst($error['error']))); } foreach (KRequest::get('post.attachments', 'int', array()) as $attachment) { $item = KFactory::tmp('site::com.ninjaboard.model.attachments')->id($attachment)->getItem(); if (JFile::exists($destination . $item->file)) { JFile::delete($destination . $item->file); } $item->delete(); } }
function uploadImage() { $mainframe = JFactory::getApplication(); // Check for request forgeries JRequest::checkToken('request') or jexit('Invalid Token'); $file = JRequest::getVar('photo_path', '', 'files', 'array'); $folder = JRequest::getVar('folder', '', '', 'path'); $format = JRequest::getVar('format', 'html', '', 'cmd'); $return = JRequest::getVar('return-url', null, 'post', 'base64'); $err = null; // Set FTP credentials, if given jimport('joomla.client.helper'); JClientHelper::setCredentialsFromRequest('ftp'); require_once JPATH_COMPONENT . DS . 'helpers' . DS . 'media.php'; // Make the filename safe jimport('joomla.filesystem.file'); $file['name'] = JFile::makeSafe($file['name']); if (isset($file['name'])) { $filepath = JPath::clean(COM_WEBMAPPLUS_MEDIA_BASE . DS . $folder . DS . strtolower($file['name'])); if (!MediaHelper::canUpload($file, $err)) { if ($format == 'json') { jimport('joomla.error.log'); $log =& JLog::getInstance('upload.error.php'); $log->addEntry(array('comment' => 'Invalid: ' . $filepath . ': ' . $err)); header('HTTP/1.0 415 Unsupported Media Type'); jexit('Error. Unsupported Media Type!'); } else { JError::raiseNotice(100, JText::_($err)); // REDIRECT if ($return) { $mainframe->redirect(base64_decode($return) . '&folder=' . $folder); } return; } } if (JFile::exists($filepath)) { if ($format == 'json') { jimport('joomla.error.log'); $log =& JLog::getInstance('upload.error.php'); $log->addEntry(array('comment' => 'File already exists: ' . $filepath)); header('HTTP/1.0 409 Conflict'); jexit('Error. File already exists'); } else { JError::raiseNotice(100, JText::_('Error. File already exists')); // REDIRECT if ($return) { $mainframe->redirect(base64_decode($return) . '&folder=' . $folder); } return; } } if (!JFile::upload($file['tmp_name'], $filepath)) { if ($format == 'json') { jimport('joomla.error.log'); $log =& JLog::getInstance('upload.error.php'); $log->addEntry(array('comment' => 'Cannot upload: ' . $filepath)); header('HTTP/1.0 400 Bad Request'); jexit('Error. Unable to upload file'); } else { JError::raiseWarning(100, JText::_('Error. Unable to upload file')); // REDIRECT if ($return) { $mainframe->redirect(base64_decode($return) . '&folder=' . $folder); } return; } } else { if ($format == 'json') { jimport('joomla.error.log'); $log =& JLog::getInstance(); $log->addEntry(array('comment' => $folder)); jexit('Upload complete'); } else { $mainframe->enqueueMessage(JText::_('Upload complete')); // REDIRECT if ($return) { $mainframe->redirect(base64_decode($return) . '&folder=' . $folder); } $params =& JComponentHelper::getParams('com_webmapplus'); $height = $params->get('picture_height'); $width = $params->get('picture_width'); MediaHelper::createthumb($filepath, $filepath, $width, $height); $filepath = str_replace(JPATH_ROOT, "", $filepath); $file_information = pathinfo($filepath); return $file_information['basename']; } } } else { $mainframe->redirect('index.php', 'Invalid Request', 'error'); } }
function uploadranks() { $kunena_config = KunenaFactory::getConfig(); $kunena_app =& JFactory::getApplication(); // load language fo component media JPlugin::loadLanguage('com_media'); $params =& JComponentHelper::getParams('com_media'); require_once JPATH_ADMINISTRATOR . '/components/com_media/helpers/media.php'; define('COM_KUNENA_MEDIA_BASE', JPATH_ROOT . '/components/com_kunena/template/' . $kunena_config->template . '/images'); // Check for request forgeries JRequest::checkToken('request') or jexit('Invalid Token'); $file = JRequest::getVar('Filedata', '', 'files', 'array'); $folderranks = JRequest::getVar('folderranks', 'ranks', '', 'path'); $format = JRequest::getVar('format', 'html', '', 'cmd'); $return = JRequest::getVar('return-url', null, 'post', 'base64'); $err = null; // Set FTP credentials, if given jimport('joomla.client.helper'); JClientHelper::setCredentialsFromRequest('ftp'); // Make the filename safe jimport('joomla.filesystem.file'); $file['name'] = JFile::makeSafe($file['name']); if (isset($file['name'])) { $filepathranks = JPath::clean(COM_KUNENA_MEDIA_BASE . '/' . $folderranks . '/' . strtolower($file['name'])); if (!MediaHelper::canUpload($file, $err)) { if ($format == 'json') { jimport('joomla.error.log'); $log =& JLog::getInstance('upload.error.php'); $log->addEntry(array('comment' => 'Invalid: ' . $filepathranks . ': ' . $err)); header('HTTP/1.0 415 Unsupported Media Type'); jexit('Error. Unsupported Media Type!'); } else { JError::raiseNotice(100, JText::_($err)); // REDIRECT if ($return) { while (@ob_end_clean()) { } $kunena_app->redirect(base64_decode($return)); } return; } } if (JFile::exists($filepathranks)) { if ($format == 'json') { jimport('joomla.error.log'); $log =& JLog::getInstance('upload.error.php'); $log->addEntry(array('comment' => 'File already exists: ' . $filepathranks)); header('HTTP/1.0 409 Conflict'); jexit('Error. File already exists'); } else { JError::raiseNotice(100, JText::_('COM_KUNENA_A_RANKS_UPLOAD_ERROR_EXIST')); // REDIRECT if ($return) { while (@ob_end_clean()) { } $kunena_app->redirect(base64_decode($return)); } return; } } if (!JFile::upload($file['tmp_name'], $filepathranks)) { if ($format == 'json') { jimport('joomla.error.log'); $log =& JLog::getInstance('upload.error.php'); $log->addEntry(array('comment' => 'Cannot upload: ' . $filepathranks)); header('HTTP/1.0 400 Bad Request'); jexit('Error. Unable to upload file'); } else { JError::raiseWarning(100, JText::_('COM_KUNENA_A_RANKS_UPLOAD_ERROR_UNABLE')); // REDIRECT if ($return) { while (@ob_end_clean()) { } $kunena_app->redirect(base64_decode($return)); } return; } } else { if ($format == 'json') { jimport('joomla.error.log'); $log =& JLog::getInstance(); $log->addEntry(array('comment' => $filepathranks)); jexit('Upload complete'); } else { $kunena_app->enqueueMessage(JText::_('COM_KUNENA_A_RANKS_UPLOAD_SUCCESS')); // REDIRECT if ($return) { while (@ob_end_clean()) { } $kunena_app->redirect(base64_decode($return)); } return; } } } else { while (@ob_end_clean()) { } $kunena_app->redirect('index.php', 'Invalid Request', 'error'); } }
public static function upload($file, $uploadfolder, $format, $view) { jimport( 'joomla.filesystem.folder' ); $config = KunenaFactory::getConfig (); // load language fo component media JPlugin::loadLanguage( 'com_media' ); $params = JComponentHelper::getParams('com_media'); require_once( JPATH_ADMINISTRATOR.'/components/com_media/helpers/media.php' ); define('COM_KUNENA_MEDIA_BASE', JPATH_ROOT.'/components/com_kunena/template/'.$config->template.'/images'); $err = null; // Set FTP credentials, if given jimport('joomla.client.helper'); JClientHelper::setCredentialsFromRequest('ftp'); // Make the filename safe jimport('joomla.filesystem.file'); $file['name'] = JFile::makeSafe($file['name']); if ( !JFolder::exists(COM_KUNENA_MEDIA_BASE.'/'.$uploadfolder) ) return false; if (isset($file['name'])) { $filepath = JPath::clean(COM_KUNENA_MEDIA_BASE.'/'.$uploadfolder.'/'.strtolower($file['name'])); if (!MediaHelper::canUpload( $file, $err )) { if ($format == 'json') { jimport('joomla.error.log'); $log = &JLog::getInstance('upload.error.php'); $log->addEntry(array('comment' => 'Invalid: '.$filepath.': '.$err)); header('HTTP/1.0 415 Unsupported Media Type'); jexit('Error. Unsupported Media Type!'); } else { return false; } } if (JFile::exists($filepath)) { if ($format == 'json') { jimport('joomla.error.log'); $log = &JLog::getInstance('upload.error.php'); $log->addEntry(array('comment' => 'File already exists: '.$filepath)); header('HTTP/1.0 409 Conflict'); jexit('Error. File already exists'); } else { return false; } } if (!JFile::upload($file['tmp_name'], $filepath)) { if ($format == 'json') { jimport('joomla.error.log'); $log = &JLog::getInstance('upload.error.php'); $log->addEntry(array('comment' => 'Cannot upload: '.$filepath)); header('HTTP/1.0 400 Bad Request'); jexit('Error. Unable to upload file'); } else { return false; } } else { if ($format == 'json') { jimport('joomla.error.log'); $log = &JLog::getInstance(); $log->addEntry(array('comment' => $uploadfolder)); jexit('Upload complete'); } else { return true; } } } else { return false; } }
/** * Upload one or more files * * @return boolean * * @since 1.5 */ public function upload() { // Check for request forgeries JSession::checkToken('request') or jexit(JText::_('JINVALID_TOKEN')); $params = JComponentHelper::getParams('com_media'); // Get some data from the request $files = $this->input->files->get('Filedata', '', 'array'); $return = JFactory::getSession()->get('com_media.return_url'); $this->folder = $this->input->get('folder', '', 'path'); // Don't redirect to an external URL. if (!JUri::isInternal($return)) { $return = ''; } // Set the redirect if ($return) { $this->setRedirect($return . '&folder=' . $this->folder); } else { $this->setRedirect('index.php?option=com_media&folder=' . $this->folder); } // Authorize the user if (!$this->authoriseUser('create')) { return false; } // Total length of post back data in bytes. $contentLength = (int) $_SERVER['CONTENT_LENGTH']; // Instantiate the media helper $mediaHelper = new JHelperMedia(); // Maximum allowed size of post back data in MB. $postMaxSize = $mediaHelper->toBytes(ini_get('post_max_size')); // Maximum allowed size of script execution in MB. $memoryLimit = $mediaHelper->toBytes(ini_get('memory_limit')); // Check for the total size of post back data. if ($postMaxSize > 0 && $contentLength > $postMaxSize || $memoryLimit != -1 && $contentLength > $memoryLimit) { JError::raiseWarning(100, JText::_('COM_MEDIA_ERROR_WARNUPLOADTOOLARGE')); return false; } $uploadMaxSize = $params->get('upload_maxsize', 0) * 1024 * 1024; $uploadMaxFileSize = $mediaHelper->toBytes(ini_get('upload_max_filesize')); // Perform basic checks on file info before attempting anything foreach ($files as &$file) { $file['name'] = JFile::makeSafe($file['name']); $file['filepath'] = JPath::clean(implode(DIRECTORY_SEPARATOR, array(COM_MEDIA_BASE, $this->folder, $file['name']))); if ($file['error'] == 1 || $uploadMaxSize > 0 && $file['size'] > $uploadMaxSize || $uploadMaxFileSize > 0 && $file['size'] > $uploadMaxFileSize) { // File size exceed either 'upload_max_filesize' or 'upload_maxsize'. JError::raiseWarning(100, JText::_('COM_MEDIA_ERROR_WARNFILETOOLARGE')); return false; } if (JFile::exists($file['filepath'])) { // A file with this name already exists JError::raiseWarning(100, JText::_('COM_MEDIA_ERROR_FILE_EXISTS')); return false; } if (!isset($file['name'])) { // No filename (after the name was cleaned by JFile::makeSafe) $this->setRedirect('index.php', JText::_('COM_MEDIA_INVALID_REQUEST'), 'error'); return false; } } // Set FTP credentials, if given JClientHelper::setCredentialsFromRequest('ftp'); JPluginHelper::importPlugin('content'); $dispatcher = JEventDispatcher::getInstance(); foreach ($files as &$file) { // The request is valid $err = null; if (!MediaHelper::canUpload($file, $err)) { // The file can't be uploaded return false; } // Trigger the onContentBeforeSave event. $object_file = new JObject($file); $result = $dispatcher->trigger('onContentBeforeSave', array('com_media.file', &$object_file, true)); if (in_array(false, $result, true)) { // There are some errors in the plugins JError::raiseWarning(100, JText::plural('COM_MEDIA_ERROR_BEFORE_SAVE', count($errors = $object_file->getErrors()), implode('<br />', $errors))); return false; } if (!JFile::upload($object_file->tmp_name, $object_file->filepath)) { // Error in upload JError::raiseWarning(100, JText::_('COM_MEDIA_ERROR_UNABLE_TO_UPLOAD_FILE')); return false; } else { // Trigger the onContentAfterSave event. $dispatcher->trigger('onContentAfterSave', array('com_media.file', &$object_file, true)); $this->setMessage(JText::sprintf('COM_MEDIA_UPLOAD_COMPLETE', substr($object_file->filepath, strlen(COM_MEDIA_BASE)))); } } return true; }
public function saveImage($file = '', $replace = 0) { // Import libraries jimport('joomla.filesystem.file'); require_once JPATH_ROOT . '/administrator/components/com_media/helpers/media.php'; // Define some constants $params = JComponentHelper::getParams('com_media'); define('COM_MEDIA_BASE', JPATH_ROOT . '/' . $params->get('file_path')); define('COM_MEDIA_BASEURL', JURI::root() . $params->get('file_path')); // And set some variables $folder = ''; $filepath = JPath::clean(COM_MEDIA_BASE . '/' . $folder . '/' . strtolower($file['name'])); // Basic validation if (!isset($file['name'])) { return false; } // Make the filename safe $file['name'] = JFile::makeSafe($file['name']); // More Validations if (!MediaHelper::canUpload($file, $err)) { JError::raiseNotice(100, JText::_($err)); return false; } // Only accept if file type is image $file_format = strtolower(JFile::getExt($file['name'])); $allowable = array('jpg', 'png', 'gif', 'xcf', 'odg', 'bmp'); // depends also on smart_resize_image if (!in_array($file_format, $allowable)) { $err = 'WARNFILETYPE'; JError::raiseNotice(100, JText::_($err)); return false; } // Image resize $resize_ok = $this->smart_resize_image($file['tmp_name'], 80, 80, true); // Check if file exists if (JFile::exists($filepath)) { $exists = 1; } // File exists, warn user if ($replace == 0 && $exists == 1) { JError::raiseNotice(100, JText::_('COM_COMMUNITY_NETWORK_IMAGE_FILE_ALREADY_EXISTS_ERROR')); return false; } // Delete the existing file if ($replace == 1 && $exists == 1) { $delete_ok = $this->deleteImage($file['name']); } // Delete failed if (!$delete_ok) { // i think the function already raised error msg } // Try to upload if (!JFile::upload($file['tmp_name'], $filepath)) { JError::raiseWarning(100, JText::_('COM_COMMUNITY_NETWORK_UNABLE_TO_UPLOAD_FILE_ERROR')); return false; } // upload succesful return COM_MEDIA_BASEURL . '/' . strtolower($file['name']); }
/** * Upload a file * * @since 1.5 */ function upload() { global $mainframe; // Check for request forgeries JRequest::checkToken('request') or jexit('Invalid Token'); $file = JRequest::getVar('Filedata', '', 'files', 'array'); $folder = JRequest::getVar('folder', '', '', 'path'); $format = JRequest::getVar('format', 'html', '', 'cmd'); $return = JRequest::getVar('return-url', null, 'post', 'base64'); $err = null; // Set FTP credentials, if given jimport('joomla.client.helper'); JClientHelper::setCredentialsFromRequest('ftp'); // Make the filename safe jimport('joomla.filesystem.file'); $file['name'] = JFile::makeSafe($file['name']); if (isset($file['name'])) { $filepath = JPath::clean(COM_MEDIA_BASE . DS . $folder . DS . strtolower($file['name'])); if (!MediaHelper::canUpload($file, $err)) { if ($format == 'json') { jimport('joomla.error.log'); $log =& JLog::getInstance('upload.error.php'); $log->addEntry(array('comment' => 'Invalid: ' . $filepath . ': ' . $err)); header('HTTP/1.0 415 Unsupported Media Type'); jexit('Error. Unsupported Media Type!'); } else { JError::raiseNotice(100, JText::_($err)); // REDIRECT if ($return) { $mainframe->redirect(base64_decode($return) . '&folder=' . $folder); } return; } } if (JFile::exists($filepath)) { if ($format == 'json') { jimport('joomla.error.log'); $log =& JLog::getInstance('upload.error.php'); $log->addEntry(array('comment' => 'File already exists: ' . $filepath)); header('HTTP/1.0 409 Conflict'); jexit('Error. File already exists'); } else { JError::raiseNotice(100, JText::_('Error. File already exists')); // REDIRECT if ($return) { $mainframe->redirect(base64_decode($return) . '&folder=' . $folder); } return; } } if (!JFile::upload($file['tmp_name'], $filepath)) { if ($format == 'json') { jimport('joomla.error.log'); $log =& JLog::getInstance('upload.error.php'); $log->addEntry(array('comment' => 'Cannot upload: ' . $filepath)); header('HTTP/1.0 400 Bad Request'); jexit('Error. Unable to upload file'); } else { JError::raiseWarning(100, JText::_('Error. Unable to upload file')); // REDIRECT if ($return) { $mainframe->redirect(base64_decode($return) . '&folder=' . $folder); } return; } } else { if ($format == 'json') { jimport('joomla.error.log'); $log =& JLog::getInstance(); $log->addEntry(array('comment' => $folder)); jexit('Upload complete'); } else { $mainframe->enqueueMessage(JText::_('Upload complete')); // REDIRECT if ($return) { $mainframe->redirect(base64_decode($return) . '&folder=' . $folder); } return; } } } else { $mainframe->redirect('index.php', 'Invalid Request', 'error'); } }
// Check if root is outside document root or Joomla directory if ($root != '/' and strpos(realpath(dirname(JPATH_BASE)), realpath(JPATH_ROOT . $root)) !== false) { // Hacking attemp, die immediately jexit('Invalid root directory!'); } // Get allowed file extensions from com_media's configuration $params = JComponentHelper::getParams('com_media'); $regEx = '^[a-zA-Z0-9\\-_]+\\.(' . str_replace(',', '|', $params->get('upload_extensions')) . ')$'; // Execute requested task switch ($task = $app->input->getCmd('task')) { case 'post.upload': // Check if uploaded file is image? if (JSNVersion::isJoomlaCompatible('2.5')) { // Load com_media's helper class require_once JPATH_ROOT . '/administrator/components/com_media/helpers/media.php'; if (!@MediaHelper::canUpload($_FILES['file'], $err)) { jexit(JText::_('JSN_EXTFW_GENERAL_UPLOADED_FILE_TYPE_NOT_SUPPORTED')); } } elseif (!@JHelperMedia::canUpload($_FILES['file'])) { jexit(JText::_('JSN_EXTFW_GENERAL_UPLOADED_FILE_TYPE_NOT_SUPPORTED')); } // Move uploaded file to target directory if (!JFile::upload($_FILES['file']['tmp_name'], JPATH_ROOT . $root . '/' . $_FILES['file']['name'])) { jexit(JText::_('JSN_EXTFW_GENERAL_MOVE_UPLOAD_FILE_FAIL')); } exit; break; case 'get.directory': // Get directory list $list = JFolder::folders(JPATH_ROOT . $root); // Initialize return value
public static function upload($file, $uploadfolder, $format) { jimport( 'joomla.filesystem.folder' ); require_once( JPATH_ADMINISTRATOR.'/components/com_media/helpers/media.php' ); $err = null; // Set FTP credentials, if given jimport('joomla.client.helper'); JClientHelper::setCredentialsFromRequest('ftp'); // Make the filename safe jimport('joomla.filesystem.file'); $file['name'] = JFile::makeSafe($file['name']); if (empty($file['tmp_name']) || !is_uploaded_file($file['tmp_name']) || !empty($file['error'])) { return false; } if (!JFolder::exists($uploadfolder)) { return false; } if (isset($file['name'])) { $filepath = JPath::clean($uploadfolder.'/'.strtolower($file['name'])); if (!MediaHelper::canUpload( $file, $err )) { if ($format == 'json') { //jimport('joomla.error.log'); //$log = JLog::getInstance('upload.error.php'); //$log->addEntry(array('comment' => 'Invalid: '.$filepath.': '.$err)); header('HTTP/1.0 415 Unsupported Media Type'); jexit('Error. Unsupported Media Type!'); } else { return false; } } if (JFile::exists($filepath)) { if ($format == 'json') { //jimport('joomla.error.log'); //$log = JLog::getInstance('upload.error.php'); //$log->addEntry(array('comment' => 'File already exists: '.$filepath)); header('HTTP/1.0 409 Conflict'); jexit('Error. File already exists'); } else { $ext = JFile::getExt($file['name']); $name = JFile::stripExt($file['name']); $newFileName = ''; for ($i = 2; file_exists("{$uploadfolder}/{$newFileName}"); $i++) { $newFileName = $name . "-$i." . $ext; } $filepath = $uploadfolder . '/' . $newFileName; } } if (!JFile::upload($file['tmp_name'], $filepath)) { if ($format == 'json') { //jimport('joomla.error.log'); //$log = JLog::getInstance('upload.error.php'); //$log->addEntry(array('comment' => 'Cannot upload: '.$filepath)); header('HTTP/1.0 400 Bad Request'); jexit('Error. Unable to upload file'); } else { return false; } } else { if ($format == 'json') { //jimport('joomla.error.log'); //$log = JLog::getInstance(); //$log->addEntry(array('comment' => $uploadfolder)); jexit('Upload complete'); } else { return true; } } } else { return false; } }
function newMediaObject($blogid, $username, $password, $file) { global $xmlrpcStruct, $xmlrpcArray; if (!plgXMLRPCmetaWeblogHelper::authenticateUser($username, $password)) { return new xmlrpcresp(0, $xmlrpcerruser + 1, "Login Failed"); } $user =& JUser::getInstance($username); $access = new stdClass(); $access->canEditOwn = $user->authorize('com_content', 'edit', 'content', 'own'); if (strpos($file['name'], '/') !== FALSE) { $file['name'] = substr($file['name'], strrpos($file['name'], '/') + 1); } elseif (strpos($file['name'], '\\' !== FALSE)) { $file['name'] = substr($file['name'], strrpos($file['name'], '\\') + 1); } $dir = JPATH_ROOT . DS . 'media' . DS . $user->name . DS; $tmp_dir = JPATH_ROOT . DS . 'tmp' . DS; if (!is_dir($dir)) { mkdir($dir); } // Set FTP credentials, if given jimport('joomla.client.helper'); JClientHelper::setCredentialsFromRequest('ftp'); $ftp = JClientHelper::getCredentials('ftp'); $dirPrevPermission = JPath::getPermissions($dir); $tmp_dirPrevPermission = JPath::getPermissions($tmp_dir); jimport('joomla.filesystem.file'); $return = JFile::write($file, $filecontent); $file['name'] = JFile::makesafe($file['name']); $file['name'] = substr($file['name'], 0, -4) . rand() . '.' . JFile::getExt($file['name']); $file['tmp_name'] = $tmp_dir . $file['name']; JFile::write($file['tmp_name'], $file['bits']); jimport('joomla.application.component.helper'); require_once JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_media' . DS . 'helpers' . DS . 'media.php'; if (!MediaHelper::canUpload($file, $error)) { JFile::delete($file['tmp_name']); return new xmlrpcresp(0, $xmlrpcerruser + 1, 'The file is not valid'); } JFile::write($dir . $file['name'], $file['bits']); JFile::delete($file['tmp_name']); return new xmlrpcresp(new xmlrpcval(array('url' => new xmlrpcval(JURI::root() . 'media/' . $user->name . '/' . $file['name'])), 'struct')); }