/** * Upload Finished callback * * This is called as soon as uploads have finished. * takes care of moving them to the right folder * * @param string $tempPath Path to the temporary directory containing the files at this moment * @param string $tempWebPath Points to the same folder as tempPath, but relative to the webroot * @param array $data Data given to setData() when creating the uploader * @param string $uploadId unique session id for the current upload * @param array $fileInfos uploaded file informations * @param array $response uploaded status * * @return array path and webpath */ public static function uploadFinished($tempPath, $tempWebPath, $data, $uploadId, $fileInfos, $response) { $path = $data['path']; $webPath = $data['webPath']; $objCategory = Category::getCategory($data['category_id']); // check for sufficient permissions if ($objCategory->getAddFilesAccessId() && !\Permission::checkAccess($objCategory->getAddFilesAccessId(), 'dynamic', true) && $objCategory->getOwnerId() != \FWUser::getFWUserObject()->objUser->getId()) { return; } //we remember the names of the uploaded files here. they are stored in the session afterwards, //so we can later display them highlighted. $arrFiles = array(); $uploadFiles = array(); //rename files, delete unwanted $arrFilesToRename = array(); //used to remember the files we need to rename $h = opendir($tempPath); if (!$h) { return array($path, $webPath); } while (false !== ($file = readdir($h))) { //skip . and .. if ($file == '.' || $file == '..') { continue; } try { //delete potentially malicious files $objTempFile = new \Cx\Lib\FileSystem\File($tempPath . '/' . $file); if (!\FWValidator::is_file_ending_harmless($file)) { $objTempFile->delete(); continue; } $cleanFile = \Cx\Lib\FileSystem\FileSystem::replaceCharacters($file); if ($cleanFile != $file) { $objTempFile->rename($tempPath . '/' . $cleanFile, false); $file = $cleanFile; } $info = pathinfo($file); //check if file needs to be renamed $newName = ''; $suffix = ''; if (file_exists($path . '/' . $file)) { $suffix = '_' . time(); $newName = $info['filename'] . $suffix . '.' . $info['extension']; $arrFilesToRename[$file] = $newName; array_push($arrFiles, $newName); } if (!isset($arrFilesToRename[$file])) { array_push($uploadFiles, $file); } //rename files where needed foreach ($arrFilesToRename as $oldName => $newName) { $objTempFile = new \Cx\Lib\FileSystem\File($tempPath . '/' . $oldName); $objTempFile->rename($tempPath . '/' . $newName, false); array_push($uploadFiles, $newName); } //move file from temp path into target folder $objImage = new \ImageManager(); foreach ($uploadFiles as $fileName) { $objFile = new \Cx\Lib\FileSystem\File($tempPath . '/' . $fileName); $objFile->move($path . '/' . $fileName, false); \Cx\Core\Core\Controller\Cx::instanciate()->getMediaSourceManager()->getThumbnailGenerator()->createThumbnailFromPath($path . '/' . $fileName); } } catch (\Cx\Lib\FileSystem\FileSystemException $e) { \DBG::msg($e->getMessage()); } $objDownloads = new downloads(''); $objDownloads->addDownloadFromUpload($info['filename'], $info['extension'], $suffix, $objCategory, $objDownloads, $fileInfos['name']); } return array($path, $webPath); }
public static function uploadFinished($tempPath, $tempWebPath, $data, $uploadId, $fileInfos) { global $objDatabase, $_ARRAYLANG, $_CONFIG; $originalNames = $fileInfos['originalFileNames']; $path = $data['path']; $webPath = $data['webPath']; $objCategory = Category::getCategory($data['category_id']); // check for sufficient permissions if ($objCategory->getAddFilesAccessId() && !\Permission::checkAccess($objCategory->getAddFilesAccessId(), 'dynamic', true) && $objCategory->getOwnerId() != \FWUser::getFWUserObject()->objUser->getId()) { return; } //we remember the names of the uploaded files here. they are stored in the session afterwards, //so we can later display them highlighted. $arrFiles = array(); //rename files, delete unwanted $arrFilesToRename = array(); //used to remember the files we need to rename $h = opendir($tempPath); while (false !== ($file = readdir($h))) { //skip . and .. if ($file == '.' || $file == '..') { continue; } //delete potentially malicious files if (!\FWValidator::is_file_ending_harmless($file)) { @unlink($tempPath . '/' . $file); continue; } $info = pathinfo($file); $cleanFile = \Cx\Lib\FileSystem\FileSystem::replaceCharacters($file); if ($cleanFile != $file) { rename($tempPath . '/' . $file, $tempPath . '/' . $cleanFile); $file = $cleanFile; } //check if file needs to be renamed $newName = ''; $suffix = ''; if (file_exists($path . '/' . $file)) { if (empty($_REQUEST['uploadForceOverwrite']) || !intval($_REQUEST['uploadForceOverwrite'] > 0)) { $suffix = '_' . time(); $newName = $info['filename'] . $suffix . '.' . $info['extension']; $arrFilesToRename[$file] = $newName; array_push($arrFiles, $newName); } } if (!isset($arrFilesToRename[$file])) { //file will keep this name - create thumb \ImageManager::_createThumb($tempPath . '/', $tempWebPath . '/', $file); } $objDownloads = new downloads(''); $objDownloads->addDownloadFromUpload($info['filename'], $info['extension'], $suffix, $objCategory, $objDownloads, $originalNames[$file]); } //rename files where needed foreach ($arrFilesToRename as $oldName => $newName) { rename($tempPath . '/' . $oldName, $tempPath . '/' . $newName); //file will keep this name - create thumb \ImageManager::_createThumb($tempPath . '/', $tempWebPath . '/', $newName); } //remeber the uploaded files $_SESSION['media_upload_files_' . $uploadId] = $arrFiles; /* unwanted files have been deleted, unallowed filenames corrected. we can now simply return the desired target path, as only valid files are present in $tempPath */ return array($path, $webPath); }