function qa_upload_file($localfilename, $sourcefilename, $maxfilesize = null, $onlyimage = false, $imagemaxwidth = null, $imagemaxheight = null) { if (qa_to_override(__FUNCTION__)) { $args = func_get_args(); return qa_call_override(__FUNCTION__, $args); } $result = array(); // Check per-user upload limits require_once QA_INCLUDE_DIR . 'qa-app-users.php'; require_once QA_INCLUDE_DIR . 'qa-app-limits.php'; switch (qa_user_permit_error(null, QA_LIMIT_UPLOADS)) { case 'limit': $result['error'] = qa_lang('main/upload_limit'); return $result; case false: qa_limits_increment(qa_get_logged_in_userid(), QA_LIMIT_UPLOADS); break; default: $result['error'] = qa_lang('users/no_permission'); return $result; } // Check the uploaded file is not too large $filesize = filesize($localfilename); if (isset($maxfilesize)) { $maxfilesize = min($maxfilesize, qa_get_max_upload_size()); } else { $maxfilesize = qa_get_max_upload_size(); } if ($filesize <= 0 || $filesize > $maxfilesize) { // if file was too big for PHP, $filesize will be zero $result['error'] = qa_lang_sub('main/max_upload_size_x', number_format($maxfilesize / 1048576, 1) . 'MB'); return $result; } // Find out what type of source file was uploaded and if appropriate, check it's an image and get preliminary size measure $pathinfo = pathinfo($sourcefilename); $format = strtolower(@$pathinfo['extension']); $isimage = $format == 'png' || $format == 'gif' || $format == 'jpeg' || $format == 'jpg'; // allowed image extensions if ($isimage) { $imagesize = @getimagesize($localfilename); if (is_array($imagesize)) { $result['width'] = $imagesize[0]; $result['height'] = $imagesize[1]; switch ($imagesize['2']) { // reassign format based on actual content, if we can case IMAGETYPE_GIF: $format = 'gif'; break; case IMAGETYPE_JPEG: $format = 'jpeg'; break; case IMAGETYPE_PNG: $format = 'png'; break; } } } $result['format'] = $format; if ($onlyimage) { if (!$isimage || !is_array($imagesize)) { $result['error'] = qa_lang_sub('main/image_not_read', 'GIF, JPG, PNG'); return $result; } } // Read in the raw file contents $content = file_get_contents($localfilename); // If appropriate, get more accurate image size and apply constraints to it require_once QA_INCLUDE_DIR . 'qa-util-image.php'; if ($isimage && qa_has_gd_image()) { $image = @imagecreatefromstring($content); if (is_resource($image)) { $result['width'] = $width = imagesx($image); $result['height'] = $height = imagesy($image); if (isset($imagemaxwidth) || isset($imagemaxheight)) { if (qa_image_constrain($width, $height, isset($imagemaxwidth) ? $imagemaxwidth : $width, isset($imagemaxheight) ? $imagemaxheight : $height)) { qa_gd_image_resize($image, $width, $height); if (is_resource($image)) { $content = qa_gd_image_jpeg($image); $result['format'] = $format = 'jpeg'; $result['width'] = $width; $result['height'] = $height; } } } if (is_resource($image)) { // might have been lost imagedestroy($image); } } } // Create the blob and return require_once QA_INCLUDE_DIR . 'qa-app-blobs.php'; $userid = qa_get_logged_in_userid(); $cookieid = isset($userid) ? qa_cookie_get() : qa_cookie_get_create(); $result['blobid'] = qa_create_blob($content, $format, $sourcefilename, $userid, $cookieid, qa_remote_ip_address()); if (!isset($result['blobid'])) { $result['error'] = qa_lang('main/general_error'); return $result; } $result['bloburl'] = qa_get_blob_url($result['blobid'], true); return $result; }
function process_request($request) { $message = ''; $url = ''; if (is_array($_FILES) && count($_FILES)) { // Check that we're allowed to upload images (if not, no other uploads are allowed either) if (!qa_opt('wysiwyg_editor_upload_images')) { $message = qa_lang('users/no_permission'); } // Check that we haven't reached the upload limit and are not blocked if (empty($message)) { require_once QA_INCLUDE_DIR . 'qa-app-users.php'; require_once QA_INCLUDE_DIR . 'qa-app-limits.php'; switch (qa_user_permit_error(null, QA_LIMIT_UPLOADS)) { case 'limit': $message = qa_lang('main/upload_limit'); break; case false: qa_limits_increment(qa_get_logged_in_userid(), QA_LIMIT_UPLOADS); break; default: $message = qa_lang('users/no_permission'); break; } } // Find out some information about the uploaded file and check it's not too large if (empty($message)) { require_once QA_INCLUDE_DIR . 'qa-app-blobs.php'; $file = reset($_FILES); $pathinfo = pathinfo($file['name']); $extension = strtolower(@$pathinfo['extension']); $filesize = $file['size']; $maxsize = min(qa_opt('wysiwyg_editor_upload_max_size'), qa_get_max_upload_size()); if ($filesize <= 0 || $filesize > $maxsize) { // if file was too big for PHP, $filesize will be zero $message = qa_lang_sub('main/max_upload_size_x', number_format($maxsize / 1048576, 1) . 'MB'); } } // If it's only allowed to be an image, check it's an image if (empty($message)) { if (qa_get('qa_only_image') || !qa_opt('wysiwyg_editor_upload_all')) { // check if we need to confirm it's an image switch ($extension) { case 'png': // these are allowed image extensions // these are allowed image extensions case 'gif': case 'jpeg': case 'jpg': if (function_exists('getimagesize')) { // getimagesize() does not require GD library if (!is_array(@getimagesize($file['tmp_name']))) { $message = qa_lang_sub('main/image_not_read', 'GIF, JPG, PNG'); } } break; default: $message = qa_lang_sub('main/image_not_read', 'GIF, JPG, PNG'); break; } } } // If there have been no errors, looks like we're all set... if (empty($message)) { require_once QA_INCLUDE_DIR . 'qa-db-blobs.php'; $userid = qa_get_logged_in_userid(); $cookieid = isset($userid) ? qa_cookie_get() : qa_cookie_get_create(); $blobid = qa_db_blob_create(file_get_contents($file['tmp_name']), $extension, @$file['name'], $userid, $cookieid, qa_remote_ip_address()); if (isset($blobid)) { $url = qa_get_blob_url($blobid, true); } else { $message = 'Failed to create object in database - please try again'; } } } echo "<script type='text/javascript'>window.parent.CKEDITOR.tools.callFunction(" . qa_js(qa_get('CKEditorFuncNum')) . ", " . qa_js($url) . ", " . qa_js($message) . ");</script>"; return null; }