function appendErrorNode(&$oErrorsNode, $errorCode, $name, $type, $path)
{
$oErrorNode = new CKFinder_Connector_Utils_XmlNode("Error");
$oErrorNode->addAttribute("code", $errorCode);
$oErrorNode->addAttribute("name", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($name));
$oErrorNode->addAttribute("type", $type);
$oErrorNode->addAttribute("folder", $path);
$oErrorsNode->addChild($oErrorNode);
}
/**
* Handle request and build XML
*/
public function buildXml()
{
if (!extension_loaded('zip')) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_COMMAND);
}
$this->checkConnector();
$this->checkRequest();
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_UPLOAD)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
$this->_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config");
$currentResourceTypeConfig = $this->_currentFolder->getResourceTypeConfig();
$_sServerDir = $this->_currentFolder->getServerPath();
$files = array();
$_zipFilesSize = 0;
$config = $this->getConfig();
$zipMaxSize = $config['zipMaxSize'];
if (!empty($zipMaxSize) && $zipMaxSize == 'default') {
$zipMaxSize = $currentResourceTypeConfig->getMaxSize();
}
$_isBasket = isset($_POST['basket']) && $_POST['basket'] == 'true' ? true : false;
if (!empty($_POST['files'])) {
$_aclConfig = $this->_config->getAccessControlConfig();
$aclMasks = array();
$_resourceTypeConfig = array();
foreach ($_POST['files'] as $arr) {
if (empty($arr['name']) || empty($arr['type']) || empty($arr['folder'])) {
continue;
}
// file name
$name = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['name']);
// resource type
$type = $arr['type'];
// client path
$path = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['folder']);
// check #1 (path)
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($name) || preg_match(CKFINDER_REGEX_INVALID_PATH, $path)) {
continue;
}
// get resource type config for current file
if (!isset($_resourceTypeConfig[$type])) {
$_resourceTypeConfig[$type] = $this->_config->getResourceTypeConfig($type);
}
// check #2 (resource type)
if (is_null($_resourceTypeConfig[$type])) {
continue;
}
// check #3 (extension)
if (!$_resourceTypeConfig[$type]->checkExtension($name, false)) {
continue;
}
// check #4 (extension) - when moving to another resource type, double check extension
if ($currentResourceTypeConfig->getName() != $type && !$currentResourceTypeConfig->checkExtension($name, false)) {
continue;
}
// check #5 (hidden folders)
// cache results
if (empty($checkedPaths[$path])) {
$checkedPaths[$path] = true;
if ($_resourceTypeConfig[$type]->checkIsHiddenPath($path)) {
continue;
}
}
// check #6 (hidden file name)
if ($currentResourceTypeConfig->checkIsHiddenFile($name)) {
continue;
}
// check #7 (Access Control, need file view permission to source files)
if (!isset($aclMasks[$type . "@" . $path])) {
$aclMasks[$type . "@" . $path] = $_aclConfig->getComputedMask($type, $path);
}
$isAuthorized = ($aclMasks[$type . "@" . $path] & CKFINDER_CONNECTOR_ACL_FILE_VIEW) == CKFINDER_CONNECTOR_ACL_FILE_VIEW;
if (!$isAuthorized) {
continue;
}
$sourceFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($_resourceTypeConfig[$type]->getDirectory() . $path, $name);
// check #8 (invalid file name)
if (!file_exists($sourceFilePath) || !is_file($sourceFilePath)) {
continue;
}
// check #9 - max file size
if (!empty($zipMaxSize)) {
clearstatcache();
$_zipFilesSize += filesize($sourceFilePath);
if ($_zipFilesSize > $zipMaxSize) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_CREATED_FILE_TOO_BIG);
}
}
$zipPathPart = $_isBasket ? CKFinder_Connector_Utils_FileSystem::combinePaths($type, $path) : '';
$files[$sourceFilePath] = $zipPathPart . pathinfo($sourceFilePath, PATHINFO_BASENAME);
}
} else {
if (!is_dir($_sServerDir)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FOLDER_NOT_FOUND);
}
$files = $this->getFilesRecursively($_sServerDir, $zipMaxSize);
}
if (sizeof($files) < 1) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND);
}
// default destination dir - temp
$dest_dir = CKFinder_Connector_Utils_FileSystem::getTmpDir();
$resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig();
// default file name - hash
$zip_filename = substr(md5(serialize($files)), 0, 16) . $resourceTypeInfo->getHash() . '.zip';
// compress files - do not download them
// change destination and name
if (isset($_POST['download']) && $_POST['download'] == 'false') {
$dest_dir = $_sServerDir;
if (isset($_POST['zipName']) && !empty($_POST['zipName'])) {
$zip_filename = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_POST['zipName']);
if (!$resourceTypeInfo->checkExtension($zip_filename)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION);
}
}
}
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($zip_filename) || $resourceTypeInfo->checkIsHiddenFile($zip_filename)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
if ($this->_config->forceAscii()) {
$zip_filename = CKFinder_Connector_Utils_FileSystem::convertToAscii($zip_filename);
}
$zipFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($dest_dir, $zip_filename);
if (!is_writable(dirname($zipFilePath))) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
}
// usually we would need to create zip?
$createZip = true;
// only if file already exists and we want download it
// do not create new one - because hash of previously created is the same - existing archive is ok
if (file_exists($zipFilePath) && isset($_POST['download']) && $_POST['download'] == 'true') {
$createZip = false;
} else {
if (file_exists($zipFilePath) && (!isset($_POST['fileExistsAction']) || !in_array($_POST['fileExistsAction'], array('autorename', 'overwrite')))) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST);
}
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_UPLOAD)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
// check how to deal with existing file
if (isset($_POST['fileExistsAction']) && $_POST['fileExistsAction'] == 'autorename') {
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_UPLOAD | CKFINDER_CONNECTOR_ACL_FILE_RENAME)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
$zip_filename = CKFinder_Connector_Utils_FileSystem::autoRename($dest_dir, $zip_filename);
$zipFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($dest_dir, $zip_filename);
} elseif (isset($_POST['fileExistsAction']) && $_POST['fileExistsAction'] == 'overwrite') {
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_RENAME | CKFINDER_CONNECTOR_ACL_FILE_DELETE)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
if (!CKFinder_Connector_Utils_FileSystem::unlink($zipFilePath)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
}
}
}
if ($createZip) {
$zip = new ZipArchive();
$result = $zip->open($zipFilePath, ZIPARCHIVE::CREATE);
if ($result !== TRUE) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNKNOWN);
}
foreach ($files as $pathname => $filename) {
if (!empty($filename)) {
if (file_exists($pathname) && is_readable($pathname)) {
$zip->addFile($pathname, $filename);
}
} else {
$zip->addEmptyDir($pathname);
}
}
$zip->close();
}
$file = new CKFinder_Connector_Utils_XmlNode("ZipFile");
$file->addAttribute("name", $zip_filename);
$this->_connectorNode->addChild($file);
}