function file_save() { global $file_base_path; extract(doSlash(gpsa(array('id', 'filename', 'category', 'description', 'status', 'publish_now', 'year', 'month', 'day', 'hour', 'minute', 'second')))); $id = assert_int($id); $permissions = gps('perms'); if (is_array($permissions)) { asort($permissions); $permissions = implode(",", $permissions); } $perms = doSlash($permissions); $old_filename = fetch('filename', 'txp_file', 'id', $id); if ($old_filename != false && strcmp($old_filename, $filename) != 0) { $old_path = build_file_path($file_base_path, $old_filename); $new_path = build_file_path($file_base_path, $filename); if (file_exists($old_path) && shift_uploaded_file($old_path, $new_path) === false) { $message = gTxt('file_cannot_rename', array('{name}' => $filename)); return file_list($message); } else { file_set_perm($new_path); } } $created_ts = @safe_strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second); if ($publish_now) { $created = 'now()'; } elseif ($created_ts > 0) { $created = "from_unixtime('" . $created_ts . "')"; } else { $created = ''; } $size = filesize(build_file_path($file_base_path, $filename)); $rs = safe_update('txp_file', "\n\t\t\tfilename = '{$filename}',\n\t\t\tcategory = '{$category}',\n\t\t\tpermissions = '{$perms}',\n\t\t\tdescription = '{$description}',\n\t\t\tstatus = '{$status}',\n\t\t\tsize = '{$size}',\n\t\t\tmodified = now()" . ($created ? ", created = {$created}" : ''), "id = {$id}"); if (!$rs) { // update failed, rollback name if (shift_uploaded_file($new_path, $old_path) === false) { $message = gTxt('file_unsynchronized', array('{name}' => $filename)); return file_list($message); } else { $message = gTxt('file_not_updated', array('{name}' => $filename)); return file_list($message); } } $message = gTxt('file_updated', array('{name}' => $filename)); file_list($message); }
function thumbnail_insert_post() { global $img_dir; $id = $this->psi('id'); $file = $_FILES['thefile']['tmp_name']; $name = $_FILES['thefile']['name']; $file = get_uploaded_file($file); list(, , $extension) = @getimagesize($file); if ($file !== false && $this->extensions[$extension]) { $ext = $this->extensions[$extension]; $newpath = IMPATH . $id . 't' . $ext; if (shift_uploaded_file($file, $newpath) == false) { image_list($newpath . sp . gTxt('upload_dir_perms')); } else { chmod($newpath, 0644); safe_update("txp_image", "thumbnail = 1", "id = {$id}"); update_lastmod(); $this->_message(gTxt('image_uploaded', array('{name}' => $name))); $this->_set_view('edit', $id); } } else { if ($file === false) { $this->_error(upload_get_errormsg($_FILES['thefile']['error'])); $this->_set_view('edit', $id); } else { $this->_error(gTxt('only_graphic_files_allowed')); $this->_set_view('edit', $id); } } }
function file_save() { global $file_base_path; extract(doSlash(gpsa(array('id', 'filename', 'category', 'description')))); $permissions = ""; if (isset($_GET['perms'])) { $permissions = urldecode($_GET['perms']); } elseif (isset($_POST['perms'])) { $permissions = $_POST['perms']; } if (is_array($permissions)) { asort($permissions); $permissions = implode(",", $permissions); } $perms = mysql_real_escape_string($permissions); $old_filename = fetch('filename', 'txp_file', 'id', '$id'); if ($old_filename != false && strcmp($old_filename, $filename) != 0) { $old_path = build_file_path($file_base_path, $old_filename); $new_path = build_file_path($file_base_path, $filename); if (file_exists($old_path) && shift_uploaded_file($old_path, $new_path) === false) { file_list(messenger("file", $filename, "could not be renamed")); return; } else { file_set_perm($new_path); } } $rs = safe_update("txp_file", "filename = '{$filename}',\n\t\t\tcategory = '{$category}',\n\t\t\tpermissions = '{$perms}',\n\t\t\tdescription = '{$description}'", "id = '{$id}'"); if (!$rs) { // update failed, rollback name if (shift_uploaded_file($new_path, $old_path) === false) { file_list(messenger("file", $filename, "has become unsyned with database. Manually fix file name.")); return; } else { file_list(messenger(gTxt('file'), $filename, "was not updated")); return; } } file_list(messenger(gTxt('file'), $filename, "updated")); }
function thumbnail_insert() { global $txpcfg, $extensions, $txp_user, $img_dir, $path_to_site; extract($txpcfg); $id = assert_int(gps('id')); $author = fetch('author', 'txp_image', 'id', $id); if (!has_privs('image.edit') && !($author === $txp_user && has_privs('image.edit.own'))) { image_list(gTxt('restricted_area')); return; } $file = $_FILES['thefile']['tmp_name']; $name = $_FILES['thefile']['name']; $file = get_uploaded_file($file); if (empty($file)) { image_edit(array(upload_get_errormsg(UPLOAD_ERR_NO_FILE), E_ERROR), $id); return; } list($w, $h, $extension) = getimagesize($file); if ($file !== false && @$extensions[$extension]) { $ext = $extensions[$extension]; $newpath = IMPATH . $id . 't' . $ext; if (shift_uploaded_file($file, $newpath) == false) { image_list(array($newpath . sp . gTxt('upload_dir_perms'), E_ERROR)); } else { chmod($newpath, 0644); safe_update("txp_image", "thumbnail = 1, thumb_w = {$w}, thumb_h = {$h}, date = now()", "id = {$id}"); $message = gTxt('image_uploaded', array('{name}' => $name)); update_lastmod(); image_edit($message, $id); } } else { if ($file === false) { image_list(array(upload_get_errormsg($_FILES['thefile']['error']), E_ERROR)); } else { image_list(array(gTxt('only_graphic_files_allowed'), E_ERROR)); } } }
function file_save() { global $file_base_path, $file_statuses, $txp_user; $varray = array_map('assert_string', gpsa(array('id', 'category', 'title', 'description', 'status', 'publish_now', 'year', 'month', 'day', 'hour', 'minute', 'second'))); extract(doSlash($varray)); $filename = $varray['filename'] = sanitizeForFile(gps('filename')); if ($filename == '') { file_list(array(gTxt('file_not_updated', array('{name}' => $filename)), E_ERROR)); return; } $id = $varray['id'] = assert_int($id); $permissions = gps('perms'); if (is_array($permissions)) { asort($permissions); $permissions = implode(",", $permissions); } $varray['permissions'] = $permissions; $perms = doSlash($permissions); $rs = safe_row('filename, author', 'txp_file', "id={$id}"); if (!has_privs('file.edit') && !($rs['author'] === $txp_user && has_privs('file.edit.own'))) { require_privs(); } $old_filename = $varray['old_filename'] = sanitizeForFile($rs['filename']); if ($old_filename != false && strcmp($old_filename, $filename) != 0) { $old_path = build_file_path($file_base_path, $old_filename); $new_path = build_file_path($file_base_path, $filename); if (file_exists($old_path) && shift_uploaded_file($old_path, $new_path) === false) { file_list(array(gTxt('file_cannot_rename', array('{name}' => $filename)), E_ERROR)); return; } else { file_set_perm($new_path); } } $created_ts = @safe_strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second); if ($publish_now) { $created = 'now()'; } elseif ($created_ts > 0) { $created = "from_unixtime('" . $created_ts . "')"; } else { $created = ''; } $size = filesize(build_file_path($file_base_path, $filename)); $constraints = array('category' => new CategoryConstraint(gps('category'), array('type' => 'file')), 'status' => new ChoiceConstraint(gps('status'), array('choices' => array_keys($file_statuses), 'message' => 'invalid_status'))); callback_event_ref('file_ui', 'validate_save', 0, $varray, $constraints); $validator = new Validator($constraints); $rs = $validator->validate() && safe_update('txp_file', "\n filename = '" . doSlash($filename) . "',\n title = '{$title}',\n category = '{$category}',\n permissions = '{$perms}',\n description = '{$description}',\n status = '{$status}',\n size = '{$size}',\n modified = now()" . ($created ? ", created = {$created}" : ''), "id = {$id}"); if (!$rs) { // Update failed, rollback name. if (isset($old_path) && shift_uploaded_file($new_path, $old_path) === false) { file_list(array(gTxt('file_unsynchronized', array('{name}' => $filename)), E_ERROR)); return; } else { file_list(array(gTxt('file_not_updated', array('{name}' => $filename)), E_ERROR)); return; } } update_lastmod('file_saved', compact('id', 'filename', 'title', 'category', 'description', 'status', 'size')); file_list(gTxt('file_updated', array('{name}' => $filename))); }
/** * Uploads an image. * * Can be used to upload a new image or replace an existing one. * If $id is specified, the image will be replaced. If $uploaded is set FALSE, * $file can take a local file instead of HTTP file upload variable. * * All uploaded files will included on the Images panel. * * @param array $file HTTP file upload variables * @param array $meta Image meta data, allowed keys 'caption', 'alt', 'category' * @param int $id Existing image's ID * @param bool $uploaded If FALSE, $file takes a filename instead of upload vars * @return array|string An array of array(message, id) on success, localized error string on error * @package Image * @example * print_r(image_data( * $_FILES['myfile'], * array( * 'caption' => '', * 'alt' => '', * 'category' => '', * ) * )); */ function image_data($file, $meta = array(), $id = 0, $uploaded = true) { global $txp_user, $event; $name = $file['name']; $error = $file['error']; $file = $file['tmp_name']; if ($uploaded) { $file = get_uploaded_file($file); if (get_pref('file_max_upload_size') < filesize($file)) { unlink($file); return upload_get_errormsg(UPLOAD_ERR_FORM_SIZE); } } if (empty($file)) { return upload_get_errormsg(UPLOAD_ERR_NO_FILE); } list($w, $h, $extension) = getimagesize($file); $ext = get_safe_image_types($extension); if (!$ext) { return gTxt('only_graphic_files_allowed'); } $name = substr($name, 0, strrpos($name, '.')) . $ext; $safename = doSlash($name); $meta = lAtts(array('category' => '', 'caption' => '', 'alt' => ''), (array) $meta, false); extract(doSlash($meta)); $q = "\n name = '{$safename}',\n ext = '{$ext}',\n w = {$w},\n h = {$h},\n alt = '{$alt}',\n caption = '{$caption}',\n category = '{$category}',\n date = now(),\n author = '" . doSlash($txp_user) . "'\n "; if (empty($id)) { $rs = safe_insert('txp_image', $q); if ($rs) { $id = $GLOBALS['ID'] = $rs; } $update = false; } else { $id = assert_int($id); $rs = safe_update('txp_image', $q, "id = {$id}"); $update = true; } if (!$rs) { return gTxt('image_save_error'); } $newpath = IMPATH . $id . $ext; if (shift_uploaded_file($file, $newpath) == false) { if (!$update) { safe_delete('txp_image', "id = {$id}"); } unset($GLOBALS['ID']); return $newpath . sp . gTxt('upload_dir_perms'); } @chmod($newpath, 0644); // GD is supported if (check_gd($ext)) { // Auto-generate a thumbnail using the last settings if (get_pref('thumb_w') > 0 || get_pref('thumb_h') > 0) { $t = new txp_thumb($id); $t->crop = (bool) get_pref('thumb_crop'); $t->hint = '0'; $t->width = (int) get_pref('thumb_w'); $t->height = (int) get_pref('thumb_h'); $t->write(); } } $message = gTxt('image_uploaded', array('{name}' => $name)); update_lastmod('image_uploaded', compact('id', 'name', 'ext', 'w', 'h', 'alt', 'caption', 'category', 'txpuser')); // call post-upload plugins with new image's $id callback_event('image_uploaded', $event, false, $id); return array($message, $id); }
function image_data($file, $category = '', $id = '', $uploaded = true) { global $txpcfg, $extensions, $txp_user; extract($txpcfg); $name = $file['name']; $error = $file['error']; $file = $file['tmp_name']; if ($uploaded) { $file = get_uploaded_file($file); } list($w, $h, $extension) = getimagesize($file); if ($file !== false && @$extensions[$extension]) { $ext = $extensions[$extension]; $name = substr($name, 0, strrpos($name, '.')); $name .= $ext; $name2db = doSlash($name); $q = "w = '{$w}',\n\t\t\t\t h = '{$h}',\n\t\t\t\t ext = '{$ext}',\n\t\t\t\t name = '{$name2db}',\n\t\t\t\t date = now(),\n\t\t\t\t caption = '',\n\t\t\t\t author = '{$txp_user}'"; if (empty($id)) { $q .= ", category = '{$category}'"; $rs = safe_insert("txp_image", $q); $id = mysql_insert_id(); } else { $id = doSlash($id); $rs = safe_update('txp_image', $q, "id = {$id}"); } if (!$rs) { return gTxt('image_save_error'); } else { $newpath = IMPATH . $id . $ext; if (shift_uploaded_file($file, $newpath) == false) { safe_delete("txp_image", "id='{$id}'"); safe_alter("txp_image", "auto_increment={$id}"); return $newpath . sp . gTxt('upload_dir_perms'); } else { chmod($newpath, 0755); return array(messenger('image', $name, 'uploaded'), $id); } } } else { if ($file === false) { return upload_get_errormsg($error); } else { return gTxt('only_graphic_files_allowed'); } } }
function image_data($file, $meta = '', $id = '', $uploaded = true) { global $txpcfg, $extensions, $txp_user, $prefs, $file_max_upload_size, $event; extract($txpcfg); $name = $file['name']; $error = $file['error']; $file = $file['tmp_name']; if ($uploaded) { $file = get_uploaded_file($file); if ($file_max_upload_size < filesize($file)) { unlink($file); return upload_get_errormsg(UPLOAD_ERR_FORM_SIZE); } } if (empty($file)) { return upload_get_errormsg(UPLOAD_ERR_NO_FILE); } list($w, $h, $extension) = getimagesize($file); if ($file !== false && @$extensions[$extension]) { $ext = $extensions[$extension]; $name = substr($name, 0, strrpos($name, '.')) . $ext; $safename = doSlash($name); if ($meta == false) { $meta = array('category' => '', 'caption' => '', 'alt' => ''); } extract(doSlash($meta)); $q = "\n\t\t\t\tname = '{$safename}',\n\t\t\t\text = '{$ext}',\n\t\t\t\tw = {$w},\n\t\t\t\th = {$h},\n\t\t\t\talt = '{$alt}',\n\t\t\t\tcaption = '{$caption}',\n\t\t\t\tcategory = '{$category}',\n\t\t\t\tdate = now(),\n\t\t\t\tauthor = '" . doSlash($txp_user) . "'\n\t\t\t"; if (empty($id)) { $rs = safe_insert('txp_image', $q); $id = $GLOBALS['ID'] = mysql_insert_id(); } else { $id = assert_int($id); $rs = safe_update('txp_image', $q, "id = {$id}"); } if (!$rs) { return gTxt('image_save_error'); } else { $newpath = IMPATH . $id . $ext; if (shift_uploaded_file($file, $newpath) == false) { $id = assert_int($id); safe_delete('txp_image', "id = {$id}"); safe_alter('txp_image', "auto_increment = {$id}"); if (isset($GLOBALS['ID'])) { unset($GLOBALS['ID']); } return $newpath . sp . gTxt('upload_dir_perms'); } else { @chmod($newpath, 0644); // GD is supported if (check_gd($ext)) { // Auto-generate a thumbnail using the last settings if (isset($prefs['thumb_w'], $prefs['thumb_h'], $prefs['thumb_crop'])) { $width = intval($prefs['thumb_w']); $height = intval($prefs['thumb_h']); if ($width > 0 or $height > 0) { $t = new txp_thumb($id); $t->crop = $prefs['thumb_crop'] == '1'; $t->hint = '0'; $t->width = $width; $t->height = $height; $t->write(); } } } $message = gTxt('image_uploaded', array('{name}' => $name)); update_lastmod(); // call post-upload plugins with new image's $id callback_event('image_uploaded', $event, false, $id); return array($message, $id); } } } else { if ($file === false) { return upload_get_errormsg($error); } else { return gTxt('only_graphic_files_allowed'); } } }
function file_save() { global $file_base_path; extract(doSlash(gpsa(array('id', 'filename', 'category', 'description')))); $id = assert_int($id); $permissions = gps('perms'); if (is_array($permissions)) { asort($permissions); $permissions = implode(",", $permissions); } $perms = doSlash($permissions); $old_filename = fetch('filename', 'txp_file', 'id', $id); if ($old_filename != false && strcmp($old_filename, $filename) != 0) { $old_path = build_file_path($file_base_path, $old_filename); $new_path = build_file_path($file_base_path, $filename); if (file_exists($old_path) && shift_uploaded_file($old_path, $new_path) === false) { $message = gTxt('file_cannot_rename', array('{name}' => $filename)); return file_list($message); } else { file_set_perm($new_path); } } $rs = safe_update('txp_file', "\n\t\t\tfilename = '{$filename}',\n\t\t\tcategory = '{$category}',\n\t\t\tpermissions = '{$perms}',\n\t\t\tdescription = '{$description}'\n\t\t", "id = {$id}"); if (!$rs) { // update failed, rollback name if (shift_uploaded_file($new_path, $old_path) === false) { $message = gTxt('file_unsynchronized', array('{name}' => $filename)); return file_list($message); } else { $message = gTxt('file_not_updated', array('{name}' => $filename)); return file_list($message); } } $message = gTxt('file_updated', array('{name}' => $filename)); file_list($message); }
function image_data($file, $meta = '', $id = '', $uploaded = true) { global $txpcfg, $txp_user, $prefs, $file_max_upload_size; $extensions = array(0, '.gif', '.jpg', '.png', '.swf'); extract($txpcfg); $name = $file['name']; $error = $file['error']; $file = $file['tmp_name']; if ($uploaded) { $file = get_uploaded_file($file); if ($file_max_upload_size < filesize($file)) { unlink($file); return upload_get_errormsg(UPLOAD_ERR_FORM_SIZE); } } list($w, $h, $extension) = @getimagesize($file); if ($file !== false && @$extensions[$extension]) { $ext = $extensions[$extension]; $name = doSlash(substr($name, 0, strrpos($name, '.')) . $ext); if ($meta == false) { $meta = array('category' => '', 'caption' => '', 'alt' => ''); } extract(doSlash($meta)); $q = "\n\t\t\tname = '{$name}',\n\t\t\text = '{$ext}',\n\t\t\tw = {$w},\n\t\t\th = {$h},\n\t\t\talt = '{$alt}',\n\t\t\tcaption = '{$caption}',\n\t\t\tcategory = '{$category}',\n\t\t\tdate = now(),\n\t\t\tauthor = '{$txp_user}'\n\t\t"; if (empty($id)) { $rs = safe_insert('txp_image', $q); $id = $GLOBALS['ID'] = mysql_insert_id(); } else { $id = assert_int($id); $rs = safe_update('txp_image', $q, "id = {$id}"); } if (!$rs) { return gTxt('image_save_error'); } else { $newpath = IMPATH . $id . $ext; if (shift_uploaded_file($file, $newpath) == false) { $id = assert_int($id); safe_delete('txp_image', "id = {$id}"); safe_alter('txp_image', "auto_increment = {$id}"); if (isset($GLOBALS['ID'])) { unset($GLOBALS['ID']); } return $newpath . sp . gTxt('upload_dir_perms'); } else { @chmod($newpath, 0644); // Auto-generate a thumbnail using the last settings if (isset($prefs['thumb_w'], $prefs['thumb_h'], $prefs['thumb_crop'])) { img_makethumb($id, $prefs['thumb_w'], $prefs['thumb_h'], $prefs['thumb_crop']); } update_lastmod(); $message = gTxt('image_uploaded', array('{name}' => $name)); return array($message, $id); } } } else { // missing or invalid file if ($file === false) { return upload_get_errormsg($error); } else { return gTxt('only_graphic_files_allowed'); } } }
function save_post() { global $file_base_path; extract(doSlash(gpsa(array('id', 'filename', 'category', 'description', 'status', 'publish_now', 'year', 'month', 'day', 'hour', 'minute', 'second')))); $old_filename = safe_field('filename', 'txp_file', "id='{$id}'"); if ($old_filename and $old_filename != $filename) { if (safe_field('id', 'txp_file', "filename='" . doSlash($filename) . "'")) { $this->_error(gTxt('file_already_exists', array('{name}' => $filename))); return; } $old_path = $this->file_path($old_filename); $new_path = $this->file_path($filename); if (!shift_uploaded_file($old_path, $new_path)) { $this->_error(messenger("file", $filename, "could not be renamed")); return; } else { $this->file_set_perm($new_path); } } $created_ts = @safe_strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second); if ($publish_now) { $created = 'now()'; } elseif ($created_ts > 0) { $created = "from_unixtime('" . $created_ts . "')"; } else { $created = ''; } $size = filesize($this->file_path($filename)); $rs = safe_update('txp_file', "\n\t\t\tfilename = '{$filename}',\n\t\t\tcategory = '{$category}',\n\t\t\tdescription = '{$description}',\n\t\t\tstatus = '{$status}',\n\t\t\tsize = '{$size}',\n\t\t\tmodified = now()" . ($created ? ", created = {$created}" : ''), "id = {$id}"); if (!$rs) { // update failed, rollback name if (shift_uploaded_file($new_path, $old_path) === false) { $this->_error(messenger("file", $filename, "has become unsyned with database. Manually fix file name.")); return; } else { $this->_error(messenger(gTxt('file'), $filename, "was not updated")); return; } } $this->_message(messenger(gTxt('file'), $filename, "updated")); }
function thumbnail_insert() { global $txpcfg, $extensions, $txp_user, $img_dir, $path_to_site; extract($txpcfg); $id = gps('id'); $file = $_FILES['thefile']['tmp_name']; $name = $_FILES['thefile']['name']; $file = get_uploaded_file($file); list(, , $extension) = getimagesize($file); if ($file !== false && $extensions[$extension]) { $ext = $extensions[$extension]; $newpath = IMPATH . $id . 't' . $ext; if (shift_uploaded_file($file, $newpath) == false) { image_list($newpath . sp . gTxt('upload_dir_perms')); } else { chmod($newpath, 0755); safe_update("txp_image", "thumbnail='1'", "id='{$id}'"); image_edit(messenger('image', $name, 'uploaded'), $id); } } else { if ($file === false) { image_list(upload_get_errormsg($_FILES['thefile']['error'])); } else { image_list(gTxt('only_graphic_files_allowed')); } } }