function ew_UploadPathEx($PhyPath, $DestPath) { global $EW_ROOT_RELATIVE_PATH; if ($PhyPath) { $Path = ew_PathCombine(ew_AppRoot(), str_replace("/", EW_PATH_DELIMITER, $DestPath), TRUE); } else { $Path = ew_PathCombine($EW_ROOT_RELATIVE_PATH, $DestPath, FALSE); } return ew_IncludeTrailingDelimiter($Path, $PhyPath); }
function ew_UploadPathEx($PhyPath, $DestPath) { if ($PhyPath) { $Path = ew_PathCombine(ew_AppRoot(), str_replace("/", EW_PATH_DELIMITER, $DestPath), TRUE); } else { $Path = ew_ScriptName(); $Path = substr($Path, 0, strrpos($Path, "/")); $Path = ew_PathCombine($Path, EW_ROOT_RELATIVE_PATH, FALSE); $Path = ew_PathCombine(ew_IncludeTrailingDelimiter($Path, FALSE), $DestPath, FALSE); } return ew_IncludeTrailingDelimiter($Path, $PhyPath); }
include_once "ewmysql9.php"; include_once "phpfn9.php"; // Get resize parameters $resize = @$_GET["resize"] != ""; $width = @$_GET["width"] != "" ? $_GET["width"] : 0; $height = @$_GET["height"] != "" ? $_GET["height"] : 0; if (@$_GET["width"] == "" && @$_GET["height"] == "") { $width = EW_THUMBNAIL_DEFAULT_WIDTH; $height = EW_THUMBNAIL_DEFAULT_HEIGHT; } $quality = @$_GET["quality"] != "" ? $_GET["quality"] : EW_THUMBNAIL_DEFAULT_QUALITY; // Resize image from physical file if (@$_GET["fn"] != "") { $fn = ew_StripSlashes($_GET["fn"]); $fn = str_replace("", "", $fn); $fn = ew_PathCombine(ew_AppRoot(), $fn, TRUE); // P7 if (file_exists($fn) || fopen($fn, "rb") !== FALSE) { // Allow remote file $pathinfo = pathinfo($fn); $ext = strtolower($pathinfo['extension']); if (in_array($ext, explode(',', EW_IMAGE_ALLOWED_FILE_EXT))) { $size = getimagesize($fn); if ($size) { header("Content-type: {$size['mime']}"); } echo ew_ResizeFileToBinary($fn, $width, $height, $quality); } } exit; } else {
function Page_Main() { global $conn; $GLOBALS["Page"] =& $this; //**$conn = ew_Connect(); // Get fn / table name parameters $key = EW_RANDOM_KEY . session_id(); $fn = @$_GET["fn"] != "" ? ew_StripSlashes($_GET["fn"]) : ""; if ($fn != "" && EW_ENCRYPT_FILE_PATH) { $fn = ew_Decrypt($fn, $key); } $table = @$_GET["t"] != "" ? ew_StripSlashes($_GET["t"]) : ""; if ($table != "" && EW_ENCRYPT_FILE_PATH) { $table = ew_Decrypt($table, $key); } // Security $Security = new cAdvancedSecurity(); if (!$Security->IsLoggedIn()) { $Security->AutoLogin(); } if (!$Security->IsLoggedIn()) { exit; } // No permission // Global Page Loading event (in userfn*.php) //**Page_Loading(); // Get resize parameters $resize = @$_GET["resize"] != ""; $width = @$_GET["width"] != "" ? $_GET["width"] : 0; $height = @$_GET["height"] != "" ? $_GET["height"] : 0; if (@$_GET["width"] == "" && @$_GET["height"] == "") { $width = EW_THUMBNAIL_DEFAULT_WIDTH; $height = EW_THUMBNAIL_DEFAULT_HEIGHT; } // Resize image from physical file if ($fn != "") { $fn = str_replace("", "", $fn); $info = pathinfo($fn); $fn = ew_PathCombine(ew_AppRoot(), $info["dirname"], TRUE) . $info["basename"]; if (file_exists($fn) || @fopen($fn, "rb") !== FALSE) { // Allow remote file if (ob_get_length()) { ob_end_clean(); } $pathinfo = pathinfo($fn); $ext = strtolower(@$pathinfo["extension"]); $ct = ew_ContentType("", $fn); if ($ct != "") { header("Content-type: " . $ct); } if (in_array($ext, explode(",", EW_IMAGE_ALLOWED_FILE_EXT))) { $size = @getimagesize($fn); if ($size) { header("Content-type: {$size['mime']}"); } if ($width > 0 || $height > 0) { echo ew_ResizeFileToBinary($fn, $width, $height); } else { echo file_get_contents($fn); } } elseif (in_array($ext, explode(",", EW_DOWNLOAD_ALLOWED_FILE_EXT))) { echo file_get_contents($fn); } } } // Global Page Unloaded event (in userfn*.php) //**Page_Unloaded(); // Close connection //**ew_CloseConn(); }
function ew_GetUrl($url) { global $EW_RELATIVE_PATH; if ($url != "" && strpos($url, "://") === FALSE && strpos($url, "\\") === FALSE && strpos($url, "javascript:") === FALSE) { $path = ""; if (strrpos($url, "/") !== FALSE) { $path = substr($url, 0, strrpos($url, "/")); $url = substr($url, strrpos($url, "/") + 1); } $path = ew_PathCombine($EW_RELATIVE_PATH, $path, FALSE); if ($path != "") { $path = ew_IncludeTrailingDelimiter($path, FALSE); } return $path . $url; } else { return $url; } }
function ew_ServerMapPath($Path) { return ew_PathCombine(ew_AppRoot(), $Path, TRUE); }
$path = ew_UploadPathEx(FALSE, $EW_RELATIVE_PATH); // Application root $path = ew_PathCombine($path, EW_UPLOAD_DEST_PATH, FALSE); // Global upload folder $path = ew_PathCombine($path, 'userfiles/', FALSE); // User files folder under global upload folder $Config['UserFilesPath'] = $path; // Fill the following value it you prefer to specify the absolute path for the // user files directory. Useful if you are using a virtual directory, symbolic // link or alias. Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'. // Attention: The above 'UserFilesPath' must point to the same directory. $path = ew_PathCombine(realpath($EW_ROOT_RELATIVE_PATH), $EW_RELATIVE_PATH, TRUE); // Application root $path = ew_PathCombine($path, EW_UPLOAD_DEST_PATH, TRUE); // Global upload folder $path = ew_PathCombine($path, 'userfiles/', TRUE); // User files folder under global upload folder $Config['UserFilesAbsolutePath'] = $path; // Due to security issues with Apache modules, it is recommended to leave the // following setting enabled. $Config['ForceSingleExtension'] = true; // Perform additional checks for image files. // If set to true, validate image size (using getimagesize). $Config['SecureImageUploads'] = true; // What the user can do with this connector. $Config['ConfigAllowedCommands'] = array('QuickUpload', 'FileUpload', 'GetFolders', 'GetFoldersAndFiles', 'CreateFolder'); // Allowed Resource Types. $Config['ConfigAllowedTypes'] = array('File', 'Image', 'Flash', 'Media'); // For security, HTML is allowed in the first Kb of data for files having the // following extensions only. $Config['HtmlExtensions'] = array("html", "htm", "xml", "xsd", "txt", "js");