function file_insert()
{
global $txp_user, $file_base_path, $file_max_upload_size;
if (!has_privs('file.edit.own')) {
file_list(gTxt('restricted_area'));
return;
}
extract(doSlash(gpsa(array('category', 'permissions', 'description'))));
$name = file_get_uploaded_name();
$file = file_get_uploaded();
if ($file === false) {
// could not get uploaded file
file_list(array(gTxt('file_upload_failed') . " {$name} - " . upload_get_errormsg($_FILES['thefile']['error']), E_ERROR));
return;
}
$size = filesize($file);
if ($file_max_upload_size < $size) {
unlink($file);
file_list(array(gTxt('file_upload_failed') . " {$name} - " . upload_get_errormsg(UPLOAD_ERR_FORM_SIZE), E_ERROR));
return;
}
$newname = sanitizeForFile($name);
$newpath = build_file_path($file_base_path, $newname);
if (!is_file($newname)) {
$id = file_db_add($newname, $category, $permissions, $description, $size);
if (!$id) {
file_list(array(gTxt('file_upload_failed') . ' (db_add)', E_ERROR));
} else {
$id = assert_int($id);
if (!shift_uploaded_file($file, $newpath)) {
safe_delete("txp_file", "id = {$id}");
safe_alter("txp_file", "auto_increment={$id}");
if (isset($GLOBALS['ID'])) {
unset($GLOBALS['ID']);
}
file_list(array($newpath . ' ' . gTxt('upload_dir_perms'), E_ERROR));
// clean up file
} else {
file_set_perm($newpath);
$message = gTxt('file_uploaded', array('{name}' => htmlspecialchars($newname)));
file_edit($message, $id);
}
}
} else {
$message = gTxt('file_already_exists', array('{name}' => $newname));
file_list($message);
}
}
function output_file_download($filename)
{
global $file_error, $file_base_path, $pretext;
callback_event('file_download');
if (!isset($file_error)) {
$filename = sanitizeForFile($filename);
$fullpath = build_file_path($file_base_path, $filename);
if (is_file($fullpath)) {
// Discard any error PHP messages.
ob_clean();
$filesize = filesize($fullpath);
$sent = 0;
header('Content-Description: File Download');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . $filename . '"; size = "' . $filesize . '"');
// Fix for IE6 PDF bug on servers configured to send cache headers.
header('Cache-Control: private');
@ini_set("zlib.output_compression", "Off");
@set_time_limit(0);
@ignore_user_abort(true);
if ($file = fopen($fullpath, 'rb')) {
while (!feof($file) and connection_status() == 0) {
echo fread($file, 1024 * 64);
$sent += 1024 * 64;
ob_flush();
flush();
}
fclose($file);
// Record download.
if (connection_status() == 0 and !connection_aborted()) {
safe_update('txp_file', "downloads = downloads + 1", "id = " . intval($pretext['id']));
} else {
$pretext['request_uri'] .= $sent >= $filesize ? '#aborted' : "#aborted-at-" . floor($sent * 100 / $filesize) . "%";
}
log_hit('200');
}
} else {
$file_error = 404;
}
}
// Deal with error.
if (isset($file_error)) {
switch ($file_error) {
case 403:
txp_die(gTxt('403_forbidden'), '403');
break;
case 404:
txp_die(gTxt('404_not_found'), '404');
break;
default:
txp_die(gTxt('500_internal_server_error'), '500');
break;
}
}
}
set_error_level($production_status);
if (isset($feed)) {
exit($feed());
}
if (gps('parentid') && gps('submit')) {
saveComment();
} elseif (gps('parentid') and $comments_mode == 1) {
// popup comments?
header("Content-type: text/html; charset=utf-8");
exit(popComments(gps('parentid')));
}
// we are dealing with a download
if (@$s == 'file_download') {
callback_event('file_download');
if (!isset($file_error)) {
$filename = sanitizeForFile($filename);
$fullpath = build_file_path($file_base_path, $filename);
if (is_file($fullpath)) {
// discard any error php messages
ob_clean();
$filesize = filesize($fullpath);
$sent = 0;
header('Content-Description: File Download');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . $filename . '"; size = "' . $filesize . '"');
// Fix for lame IE 6 pdf bug on servers configured to send cache headers
header('Cache-Control: private');
@ini_set("zlib.output_compression", "Off");
@set_time_limit(0);
@ignore_user_abort(true);
if ($file = fopen($fullpath, 'rb')) {
function file_save()
{
global $file_base_path, $file_statuses, $txp_user;
$varray = array_map('assert_string', gpsa(array('id', 'category', 'title', 'description', 'status', 'publish_now', 'year', 'month', 'day', 'hour', 'minute', 'second')));
extract(doSlash($varray));
$filename = $varray['filename'] = sanitizeForFile(gps('filename'));
if ($filename == '') {
file_list(array(gTxt('file_not_updated', array('{name}' => $filename)), E_ERROR));
return;
}
$id = $varray['id'] = assert_int($id);
$permissions = gps('perms');
if (is_array($permissions)) {
asort($permissions);
$permissions = implode(",", $permissions);
}
$varray['permissions'] = $permissions;
$perms = doSlash($permissions);
$rs = safe_row('filename, author', 'txp_file', "id={$id}");
if (!has_privs('file.edit') && !($rs['author'] === $txp_user && has_privs('file.edit.own'))) {
require_privs();
}
$old_filename = $varray['old_filename'] = sanitizeForFile($rs['filename']);
if ($old_filename != false && strcmp($old_filename, $filename) != 0) {
$old_path = build_file_path($file_base_path, $old_filename);
$new_path = build_file_path($file_base_path, $filename);
if (file_exists($old_path) && shift_uploaded_file($old_path, $new_path) === false) {
file_list(array(gTxt('file_cannot_rename', array('{name}' => $filename)), E_ERROR));
return;
} else {
file_set_perm($new_path);
}
}
$created_ts = @safe_strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second);
if ($publish_now) {
$created = 'now()';
} elseif ($created_ts > 0) {
$created = "from_unixtime('" . $created_ts . "')";
} else {
$created = '';
}
$size = filesize(build_file_path($file_base_path, $filename));
$constraints = array('category' => new CategoryConstraint(gps('category'), array('type' => 'file')), 'status' => new ChoiceConstraint(gps('status'), array('choices' => array_keys($file_statuses), 'message' => 'invalid_status')));
callback_event_ref('file_ui', 'validate_save', 0, $varray, $constraints);
$validator = new Validator($constraints);
$rs = $validator->validate() && safe_update('txp_file', "\n filename = '" . doSlash($filename) . "',\n title = '{$title}',\n category = '{$category}',\n permissions = '{$perms}',\n description = '{$description}',\n status = '{$status}',\n size = '{$size}',\n modified = now()" . ($created ? ", created = {$created}" : ''), "id = {$id}");
if (!$rs) {
// Update failed, rollback name.
if (isset($old_path) && shift_uploaded_file($new_path, $old_path) === false) {
file_list(array(gTxt('file_unsynchronized', array('{name}' => $filename)), E_ERROR));
return;
} else {
file_list(array(gTxt('file_not_updated', array('{name}' => $filename)), E_ERROR));
return;
}
}
update_lastmod('file_saved', compact('id', 'filename', 'title', 'category', 'description', 'status', 'size'));
file_list(gTxt('file_updated', array('{name}' => $filename)));
}
function file_save()
{
global $file_base_path, $txp_user;
extract(doSlash(gpsa(array('id', 'category', 'title', 'description', 'status', 'publish_now', 'year', 'month', 'day', 'hour', 'minute', 'second'))));
$filename = sanitizeForFile(gps('filename'));
if ($filename == '') {
$message = gTxt('file_not_updated', array('{name}' => $filename));
return file_list($message);
}
$id = assert_int($id);
$permissions = gps('perms');
if (is_array($permissions)) {
asort($permissions);
$permissions = implode(",", $permissions);
}
$perms = doSlash($permissions);
$rs = safe_row('filename, author', 'txp_file', "id={$id}");
if (!has_privs('file.edit') && !($rs['author'] == $txp_user && has_privs('file.edit.own'))) {
file_edit(gTxt('restricted_area'));
return;
}
$old_filename = sanitizeForFile($rs['filename']);
if ($old_filename != false && strcmp($old_filename, $filename) != 0) {
$old_path = build_file_path($file_base_path, $old_filename);
$new_path = build_file_path($file_base_path, $filename);
if (file_exists($old_path) && shift_uploaded_file($old_path, $new_path) === false) {
$message = gTxt('file_cannot_rename', array('{name}' => $filename));
return file_list($message);
} else {
file_set_perm($new_path);
}
}
$created_ts = @safe_strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second);
if ($publish_now) {
$created = 'now()';
} elseif ($created_ts > 0) {
$created = "from_unixtime('" . $created_ts . "')";
} else {
$created = '';
}
$size = filesize(build_file_path($file_base_path, $filename));
$rs = safe_update('txp_file', "\n\t\t\tfilename = '" . doSlash($filename) . "',\n\t\t\ttitle = '{$title}',\n\t\t\tcategory = '{$category}',\n\t\t\tpermissions = '{$perms}',\n\t\t\tdescription = '{$description}',\n\t\t\tstatus = '{$status}',\n\t\t\tsize = '{$size}',\n\t\t\tmodified = now(),\n\t\t\tauthor = '" . doSlash($txp_user) . "'" . ($created ? ", created = {$created}" : ''), "id = {$id}");
if (!$rs) {
// update failed, rollback name
if (shift_uploaded_file($new_path, $old_path) === false) {
$message = gTxt('file_unsynchronized', array('{name}' => $filename));
return file_list($message);
} else {
$message = gTxt('file_not_updated', array('{name}' => $filename));
return file_list($message);
}
}
$message = gTxt('file_updated', array('{name}' => $filename));
file_list($message);
}
function smd_ebook_tidy($msg = '')
{
global $smd_ebook_event;
require_privs('plugin_prefs.' . $smd_ebook_event);
if (ps('smd_ebook_cleanup')) {
$to_delete = ps('smd_ebook_files');
foreach ($to_delete as $del) {
$path = realpath(get_pref('tempdir') . DS . $del);
unlink($path);
}
$msg = gTxt('smd_ebook_deleted');
}
pagetop(gTxt('smd_ebook_tab_name'), $msg);
extract(smd_ebook_buttons('cln'));
$btnbar = has_privs('plugin_prefs.' . $smd_ebook_event) ? '<span class="smd_ebook_buttons">' . $btnMgr . n . $btnPrf . n . $btnCln . '</span>' : '';
$filelist = array();
$valid = array('mobi', 'html', 'ncx', 'opf', 'smd', 'xml');
$tmp = get_pref('tempdir') . DS;
// Grab all files then remove unnecessary ones: faster than multiple globs
// for each file type and more robust than relying on GLOB_BRACE support
$allfiles = glob($tmp . 'smd_ebook_*/*.*');
foreach ($allfiles as $file) {
$info = explode('.', $file);
$lastpart = count($info) - 1;
$ext = trim($info[$lastpart]);
if (in_array($ext, $valid)) {
$filelist[] = $file;
}
}
echo n . '<div id="' . $smd_ebook_event . '_control" class="txp-control-panel">' . $btnbar . '</div>';
$filesel = '';
if ($filelist) {
$filez = array();
foreach ($filelist as $val) {
$val = basename($val);
$key = sanitizeForFile($val);
$filez[$key] = $val;
}
$selout[] = '<select id="smd_ebook_files" name="smd_ebook_files[]" class="list" size="20" multiple="multiple">';
foreach ($filez as $key => $leaf) {
$selout[] = t . '<option value="' . $key . '">' . txpspecialchars($leaf) . '</option>' . n;
}
$selout[] = '</select>';
$filesel = join(n, $selout);
}
echo n . '<div class="txp-list">';
echo n . startTable();
echo n . '<form method="post" action="?event=' . $smd_ebook_event . '">';
echo n . tr(tda(strong(gTxt('smd_ebook_tidy'))));
echo $filesel ? n . tr(tda($filesel)) : n . tr(tda(gTxt('smd_ebook_no_files')));
echo n . tr(tda(fInput('submit', 'smd_ebook_cleanup', gTxt('delete'), 'publish'), ' class="noline"'));
echo n . sInput('smd_ebook_tidy');
echo n . tInput();
echo n . '</form>';
echo n . endTable();
echo n . '</div>';
}
