コード例 #1
0
 /**
  * 	protectedUpload
  *
  * 	takes a file from a temporary folder and registers it in the file
  * 	manager
  *
  * @param array $_uldmap
  * 	request data
  * @param array $filespecmap
  * 	file spec
  */
 function protectedUpload($_uldmap, $filespecmap = NULL)
 {
     $filespecmapnull = false;
     if (is_null($filespecmap)) {
         $filespecmapnull = true;
         $filerequestid = $_uldmap['t'] . '_' . $_uldmap['fld'] . '_' . $_uldmap['oid'];
         $filespecmap = $_FILES[$filerequestid];
     }
     if (!isset($filespecmap)) {
         return FALSE;
     }
     if ($filespecmap['error'] != UPLOAD_ERR_OK) {
         return FALSE;
     }
     $ds = DIRECTORY_SEPARATOR;
     $protect = 0;
     if (isset($_uldmap['protect'])) {
         $protect = $_uldmap['protect'] == "on" ? 1 : 0;
     }
     $oowner = isset($_uldmap['easycontactusr']) ? $_uldmap['easycontactusr']->id : 0;
     $filename = $filespecmap['name'];
     $tmpname = $filespecmap['tmp_name'];
     $filesize = $filespecmap['size'];
     $filetype = $filespecmap['type'];
     $Type = $_uldmap['t'];
     $fieldname = $_uldmap['fld'];
     $id = $_uldmap['oid'];
     $basename = EasyContactFormsUtils::subStringBefore($filename, ".");
     if ($protect && ($basename == NULL || preg_match('/^[A-Fa-f0-9]{32}$/', $basename))) {
         echo EasyContactFormsIHTML::showMessage(EasyContactFormsT::get('ImpossibleToPerformOperation'), 'warningMessage');
         return FALSE;
     }
     global $wpdb;
     $query = "SELECT\n\t\t\t\tCount\n\t\t\tFROM\n\t\t\t\t#wp__easycontactforms_files\n\t\t\tWHERE\n\t\t\t\tDoctype=%s\n\t\t\t\tAND Docid=%d\n\t\t\t\tAND Docfield=%s";
     $query = $wpdb->prepare($query, $Type, $id, $fieldname);
     $counter = EasyContactFormsDB::getValue($query);
     $counter = isset($counter) ? $counter : 0;
     $query = "SELECT\n\t\t\t\tid\n\t\t\tFROM\n\t\t\t\t#wp__easycontactforms_files\n\t\t\tWHERE\n\t\t\t\tDoctype=%s\n\t\t\t\tAND Docid=%d\n\t\t\t\tAND Docfield=%s";
     $query = $wpdb->prepare($query, $Type, $id, $fieldname);
     $fileid = EasyContactFormsDB::getValue($query);
     if (isset($fileid)) {
         EasyContactFormsFiles::deletefile($fileid);
         EasyContactFormsFiles::delete($fileid);
     }
     $file = EasyContactFormsClassLoader::getObject('Files', true);
     $file->set('Count', $counter);
     $file->set('Docfield', $fieldname);
     $file->set('Doctype', $Type);
     $file->set('Docid', $id);
     $file->set('Name', $filename);
     $file->set('Size', $filesize);
     $file->set('Type', $filetype);
     $file->set('Protected', $protect);
     $file->set('Webdir', 0);
     $file->set('ObjectOwner', $oowner);
     $filespec = (object) array();
     $filespec->protect = $protect;
     $filespec->fieldname = $fieldname;
     $filespec->docType = $Type;
     $filespec->filename = $filename;
     if ($Type == "Files") {
         $filespec->id = $file->get('id');
         $Storagename = $file->getStorageFileName($filespec);
         $file->set('Storagename', $Storagename);
         $file->set('Docid', $file->get('id'));
     } else {
         $filespec->id = $id;
         $Storagename = $file->getStorageFileName($filespec);
         $file->set('Storagename', $Storagename);
     }
     $file->save();
     $filedirectory = EASYCONTACTFORMS__fileUploadDir;
     if (!is_dir($filedirectory)) {
         if (!EasyContactFormsUtils::createFolder($filedirectory)) {
             return FALSE;
         }
     }
     $newpath = $filedirectory . $ds . $Storagename;
     if ($filespecmapnull) {
         if (!move_uploaded_file($tmpname, $newpath)) {
             return FALSE;
         }
     } else {
         rename($tmpname, $newpath);
     }
     return TRUE;
 }