function file($field, $destination, $params = array()) { $allowed = a::get($params, 'allowed', c::get('upload.allowed', array('image/jpeg', 'image/png', 'image/gif'))); $maxsize = a::get($params, 'maxsize', c::get('upload.maxsize', self::max_size())); $overwrite = a::get($params, 'overwrite', c::get('upload.overwrite', true)); $sanitize = a::get($params, 'sanitize', true); $file = a::get($_FILES, $field); if (empty($file)) { return array('status' => 'error', 'msg' => l::get('upload.errors.missing-file', 'The file has not been found')); } $name = a::get($file, 'name'); $type = a::get($file, 'type'); $tmp_name = a::get($file, 'tmp_name'); $error = a::get($file, 'error'); $size = a::get($file, 'size'); $msg = false; $extension = self::mime_to_extension($type, 'jpg'); // convert the filename to a save name $fname = $sanitize ? f::safe_name(f::name($name)) : f::name($name); // setup the destination $destination = str_replace('{name}', $fname, $destination); $destination = str_replace('{extension}', $extension, $destination); if (file_exists($destination) && $overwrite == false) { return array('status' => 'error', 'msg' => l::get('upload.errors.file-exists', 'The file exists and cannot be overwritten')); } if (empty($tmp_name)) { return array('status' => 'error', 'msg' => l::get('upload.errors.missing-file', 'The file has not been found')); } if ($error != 0) { return array('status' => 'error', 'msg' => l::get('upload.errors.invalid-upload', 'The upload failed')); } if ($size > $maxsize) { return array('status' => 'error', 'msg' => l::get('upload.errors.too-big', 'The file is too big')); } if (!in_array($type, $allowed)) { return array('status' => 'error', 'msg' => l::get('upload.errors.invalid-file', 'The file type is not allowed') . ': ' . $type); } // try to change the permissions for the destination @chmod(dirname($destination), 0777); if (!@copy($tmp_name, $destination)) { return array('status' => 'error', 'msg' => l::get('upload.errors.move-error', 'The file could not be moved to the server')); } // try to change the permissions for the final file @chmod($destination, 0777); return array('status' => 'success', 'msg' => l::get('upload.success', 'The file has been uploaded'), 'type' => $type, 'extension' => $extension, 'file' => $destination, 'size' => $size, 'name' => f::filename($destination)); }
/** * A set of sanitizer methods * * @param string $string The string to sanitize * @param string $type The method * @param string $default The default value if the string will be empty afterwards * @return string The sanitized string */ static function sanitize($string, $type = 'str', $default = null) { $string = stripslashes((string) $string); $string = urldecode($string); $string = str::utf8($string); switch ($type) { case 'int': $string = (int) $string; break; case 'str': $string = (string) $string; break; case 'array': $string = (array) $string; break; case 'nohtml': $string = self::unhtml($string); break; case 'noxml': $string = self::unxml($string); break; case 'enum': $string = in_array($string, array('y', 'n')) ? $string : $default; $string = in_array($string, array('y', 'n')) ? $string : 'n'; break; case 'checkbox': $string = $string == 'on' ? 'y' : 'n'; break; case 'url': $string = v::url($string) ? $string : ''; break; case 'email': $string = v::email($string) ? $string : ''; break; case 'plain': $string = str::unxml($string); $string = str::unhtml($string); $string = str::trim($string); break; case 'lower': $string = str::lower($string); break; case 'upper': $string = str::upper($string); break; case 'words': $string = str::sanitize($string, 'plain'); $string = preg_replace('/[^\\pL]/u', ' ', $string); case 'tags': $string = str::sanitize($string, 'plain'); $string = preg_replace('/[^\\pL\\pN]/u', ' ', $string); $string = str::trim($string); case 'nobreaks': $string = str_replace('\\n', '', $string); $string = str_replace('\\r', '', $string); $string = str_replace('\\t', '', $string); break; case 'url': $string = self::urlify($string); break; case 'filename': $string = f::safe_name($string); break; } return trim($string); }
/** * Upload image * * Requirement: Kirby * * @param string $name Name POSTNAME * @return array * @version 1.0 - 2011-01-12 */ function secure_upload($options) { /* $options['field'] // (required) source string $options['path'] // (required) source string */ $options['image'] = isset($options['image']) ? $options['image'] : true; // default true $options['max_size'] = isset($options['max_size']) ? min($options['max_size'], server_maxupload()) : server_maxupload(); // default server max upload in bytes if (empty($options['field']) || empty($options['path'])) { return array('error' => 'Option field and path is required'); } if (!isset($_FILES[$options['field']])) { return array('error' => 'No file was selected'); } // validate path $upload_path = $options['path']; $upload_path = rtrim($upload_path, '/') . '/'; if (@realpath($upload_path) !== false) { $upload_path = str_replace("\\", "/", realpath($upload_path)); } if (!file_exists($upload_path)) { if (!@mkdir($upload_path, 0777)) { return array('error' => 'Directory isnt writable'); } chmod($upload_path, 0777); } if (!@is_dir($upload_path) || !is_writable($upload_path)) { return array('error' => 'Directory isnt writable'); } $upload_path = preg_replace("/(.+?)\\/*\$/", "\\1/", $upload_path); // ? // Remapping for loop if (!is_array($_FILES[$options['field']]['tmp_name'])) { $_FILES[$options['field']] = array_map(function ($item) { return array($item); }, $_FILES[$options['field']]); } $success = array(); foreach ($_FILES[$options['field']]['tmp_name'] as $key => $value) { // Get upload info $error = $_FILES[$options['field']]['error'][$key]; $name = $_FILES[$options['field']]['name'][$key]; $tmp_name = $_FILES[$options['field']]['tmp_name'][$key]; $size = $_FILES[$options['field']]['size'][$key]; $type = $_FILES[$options['field']]['type'][$key]; if (!is_uploaded_file($tmp_name) || $error != UPLOAD_ERR_OK) { continue; } $type = preg_replace("/^(.+?);.*\$/", "\\1", $type); // ? $type = strtolower(trim(stripslashes($type), '"')); $ext = f::extension($name); $name = f::safe_name(f::name($name)); $name = substr($name, 0, 100); // Check allowed file type $image_types = array('gif', 'jpg', 'jpeg', 'png', 'jpe'); if ($options['image']) { if (!in_array($ext, $image_types) || !is_image($type) || getimagesize($tmp_name) === false) { continue; } } // Check file size if ($options['max_size'] < $size) { continue; } // Unique filename if (file_exists($upload_path . $name . "." . $ext)) { $number = 1; while (file_exists($upload_path . $name . $number . "." . $ext)) { $number++; } $name = $name . $number; } // save if (!@move_uploaded_file($tmp_name, $upload_path . $name . "." . $ext)) { continue; } // TODO xss clean $success[] = array('extension' => $ext, 'filename' => $name . "." . $ext, 'original_filename' => $_FILES[$options['field']]['name'][$key], 'name' => $name, 'size' => $size, 'nice_size' => f::nice_size($size), 'md5' => md5(file_get_contents($upload_path . $name . "." . $ext))); } return array('failed' => count($_FILES[$options['field']]['tmp_name']) - count($success), 'success' => $success); }
$n = 0; $skipped = array(); $errors = array(); foreach (array_reverse($posts) as $post) { $n++; $output = array(); if (empty($post['title']) || empty($post['slug'])) { $errors[] = $post; continue; } $output[] = 'title: ' . $post['title']; $output[] = 'date: ' . date($dateformat, $post['date']); $output[] = 'text: ' . "\n\n" . trim($post['text']); $output[] = 'tags: ' . $post['tags']; $output[] = 'categories: ' . $post['cats']; $name = pad($n, $len) . '-' . f::safe_name($post['slug']); $dir = $root . '/' . $name; if (is_dir($dir)) { $skipped[] = basename($dir); continue; } dir::make($dir); $content = implode("\n\n" . '----' . "\n\n", $output); $file = $dir . '/' . $template; f::write($file, $content); } putmessage('Exported ' . $n . ' articles to ' . $root . '<br /><br />'); if (!empty($errors)) { putmessage(count($errors) . ' article(s) could not be imported<br /><br />'); } if (!empty($skipped)) {
$n++; $output = array(); if (empty($post->title) || empty($post->slug)) { $errors[] = $post; continue; } // collect tags $tags = array(); foreach ($post->tags as $t) { $tags[] = $t->name; } $output[] = 'title: ' . $post->title; $output[] = 'date: ' . date($dateformat, strtotime($post->display_date)); $output[] = 'text: ' . "\n\n" . trim($post->body_full); $output[] = 'tags: ' . implode(', ', $tags); $name = pad($n, $len) . '-' . f::safe_name(basename($post->slug)); $dir = $root . '/' . $name; if (is_dir($dir)) { $skipped[] = basename($dir); continue; } dir::make($dir); $content = implode("\n\n" . '----' . "\n\n", $output); $file = $dir . '/' . $template; f::write($file, $content); } putmessage('Exported ' . $n . ' articles to ' . $root . '<br /><br />'); if (!empty($errors)) { putmessage(count($errors) . ' article(s) could not be imported<br /><br />'); } if (!empty($skipped)) {