protected function canAccess()
{
$cp = \FilePermissions::getGlobal();
if ($cp->canSearchFiles()) {
return true;
}
return false;
}
public function displayItem() {
$u = new User();
if ($u->isRegistered()) {
$fp = FilePermissions::getGlobal();
if ($fp->canSearchFiles() && $u->config('UI_FILEMANAGER')) {
return true;
}
}
return false;
}
public function canImport($file)
{
$cf = Loader::helper("file");
$fp = FilePermissions::getGlobal();
if (!$fp->canAddFiles()) {
$message = FileImporter::getErrorMessage(FileImporter::E_PHP_FILE_ERROR_DEFAULT);
return $message;
}
if (!$fp->canAddFileType($cf->getExtension($file))) {
$message = FileImporter::getErrorMessage(FileImporter::E_FILE_INVALID_EXTENSION);
return $message;
}
return true;
}
public function submit()
{
$requestSets = array();
if (is_array($this->request->request->get('fsID'))) {
$requestSets = $this->request->request->get('fsID');
}
$fsp = \FilePermissions::getGlobal();
if ($this->validateAction()) {
$sets = Set::getMySets();
foreach ($sets as $set) {
if (in_array($set->getFileSetID(), $requestSets) && $fsp->canAddFile($this->file) && !$this->file->inFileSet($set)) {
// This was checked and it wasn't in the file set previously
$set->addFileToSet($this->file);
}
if ($this->file->inFileSet($set) && !in_array($set->getFileSetID(), $requestSets) && $fsp->canAddFile($this->file)) {
// This was not checked but it used to be in the set.
$set->removeFileFromSet($this->file);
}
}
}
$fsNew = $this->request->request->get('fsNew');
$fsNewShare = $this->request->request->get('fsNewShare');
if (is_array($fsNew)) {
foreach ($fsNew as $i => $name) {
if ($name) {
$type = $fsNewShare[$i] == 1 ? Set::TYPE_PUBLIC : Set::TYPE_PRIVATE;
$fs = Set::createAndGetSet($fsNew[$i], $type);
$fs->addFileToSet($this->file);
}
}
}
$response = new EditResponse();
$response->setFile($this->file);
$response->setMessage(t('File sets updated successfully.'));
$response->outputJSON();
}
<?php
defined('C5_EXECUTE') or die("Access Denied.");
$u = new User();
$ch = Loader::helper('concrete/file');
$h = Loader::helper('concrete/interface');
$form = Loader::helper('form');
$fp = FilePermissions::getGlobal();
if (!$fp->canAddFiles()) {
die(t("Unable to add files."));
}
$types = $fp->getAllowedFileExtensions();
$searchInstance = Loader::helper('text')->entities($_REQUEST['searchInstance']);
$ocID = 0;
if (Loader::helper('validation/numbers')->integer($_REQUEST['ocID'])) {
$ocID = $_REQUEST['ocID'];
}
$types = $ch->serializeUploadFileExtensions($types);
$valt = Loader::helper('validation/token');
?>
<div class="ccm-ui">
<ul class="tabs" id="ccm-file-import-tabs">
<li class="active"><a href="javascript:void(0)" id="ccm-file-add-multiple"><?php
echo t('Upload Multiple');
?>
</a></li>
<li><a href="javascript:void(0)" id="ccm-file-add-incoming"><?php
echo t('Add Incoming');
?>
</a></li>
<li><a href="javascript:void(0)" id="ccm-file-add-remote"><?php
protected function setupFilePermissions()
{
$u = new User();
if ($this->permissionLevel == false || $u->isSuperUser()) {
return false;
}
$vs = FileSetPermissions::getOverriddenSets($this->permissionLevel, FilePermissions::PTYPE_ALL);
$nvs = FileSetPermissions::getOverriddenSets($this->permissionLevel, FilePermissions::PTYPE_NONE);
$vsm = FileSetPermissions::getOverriddenSets($this->permissionLevel, FilePermissions::PTYPE_MINE);
// we remove all the items from nonviewableSets that appear in viewableSets because viewing trumps non-viewing
for ($i = 0; $i < count($nvs); $i++) {
if (in_array($nvs[$i], $vs)) {
unset($nvs[$i]);
}
}
// we have $nvs, which is an array of sets of files that we CANNOT see
// first, we add -1 so that we are always dealing with an array that at least has one value, just for
// query writing sanity sake
$nvs[] = -1;
$vs[] = -1;
$vsm[] = -1;
//$this->debug();
// this excludes all file that are found in sets that I can't find
$this->filter(false, '((select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $nvs) . ')) = 0)');
$uID = $u->isRegistered() ? $u->getUserID() : 0;
// This excludes all files found in sets where I may only read mine, and I did not upload the file
$this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $vsm) . ')) = 0)');
$fp = FilePermissions::getGlobal();
if ($fp->getFileSearchLevel() == FilePermissions::PTYPE_MINE) {
// this means that we're only allowed to read files we've uploaded (unless, of course, those files are in previously covered sets)
$this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $vs) . ')) > 0)');
}
// now we filter out files we directly don't have access to
$groups = $u->getUserGroups();
$groupIDs = array();
foreach ($groups as $key => $value) {
$groupIDs[] = $key;
}
$uID = -1;
if ($u->isRegistered()) {
$uID = $u->getUserID();
}
if (PERMISSIONS_MODEL != 'simple') {
// There is a really stupid MySQL bug that, if the subquery returns null, the entire query is nullified
// So I have to do this query OUTSIDE of MySQL and give it to mysql
$db = Loader::db();
$fIDs = $db->GetCol("select Files.fID from Files inner join FilePermissions on FilePermissions.fID = Files.fID where fOverrideSetPermissions = 1 and (FilePermissions.gID in (" . implode(',', $groupIDs) . ") or FilePermissions.uID = {$uID}) having max(" . $this->permissionLevel . ") = 0");
if (count($fIDs) > 0) {
$this->filter(false, "(f.fID not in (" . implode(',', $fIDs) . "))");
}
}
}
function importFile($fileUrl)
{
$u = new User();
$cf = Loader::helper('file');
$fp = FilePermissions::getGlobal();
if (!$fp->canAddFiles()) {
die(t("Unable to add files."));
}
//$valt = Loader::helper('validation/token');
Loader::library("file/importer");
Loader::library('3rdparty/Zend/Http/Client');
Loader::library('3rdparty/Zend/Uri/Http');
$file = Loader::helper('file');
Loader::helper('mime');
$error = array();
// load all the incoming fields into an array
$this_url = $fileUrl;
// validate URL
if (Zend_Uri_Http::check($this_url)) {
// URL appears to be good... add it
$incoming_urls[] = $this_url;
} else {
$errors[] = '"' . $this_url . '"' . t(' is not a valid URL.');
}
//}
//if (!$valt->validate('import_remote')) {
// $errors[] = $valt->getErrorMessage();
//}
if (count($incoming_urls) < 1) {
$errors[] = t('You must specify at least one valid URL.');
}
$import_responses = array();
// if we haven't gotten any errors yet then try to process the form
if (count($errors) < 1) {
// itterate over each incoming URL adding if relevant
foreach ($incoming_urls as $this_url) {
// try to D/L the provided file
// This all sets up the CURL actions to check the page
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $this_url);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_NOBODY, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_MAXREDIRS, 10);
//follow up to 10 redirections - avoids loops
$data = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
// Get the HTTP Code
// Get final redirected URL, will be the same if URL is not redirected
$new_url = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);
curl_close($ch);
// Array of HTTP status codes. Trim down if you would like to.
$codes = array(0 => 'Domain Not Found', 100 => 'Continue', 101 => 'Switching Protocols', 200 => 'OK', 201 => 'Created', 202 => 'Accepted', 203 => 'Non-Authoritative Information', 204 => 'No Content', 205 => 'Reset Content', 206 => 'Partial Content', 300 => 'Multiple Choices', 301 => 'Moved Permanently', 302 => 'Found', 303 => 'See Other', 304 => 'Not Modified', 305 => 'Use Proxy', 307 => 'Temporary Redirect', 400 => 'Bad Request', 401 => 'Unauthorized', 402 => 'Payment Required', 403 => 'Forbidden', 404 => 'Not Found', 405 => 'Method Not Allowed', 406 => 'Not Acceptable', 407 => 'Proxy Authentication Required', 408 => 'Request Timeout', 409 => 'Conflict', 410 => 'Gone', 411 => 'Length Required', 412 => 'Precondition Failed', 413 => 'Request Entity Too Large', 414 => 'Request-URI Too Long', 415 => 'Unsupported Media Type', 416 => 'Requested Range Not Satisfiable', 417 => 'Expectation Failed', 500 => 'Internal Server Error', 501 => 'Not Implemented', 502 => 'Bad Gateway', 503 => 'Service Unavailable', 504 => 'Gateway Timeout', 505 => 'HTTP Version Not Supported');
if (isset($codes[$http_code])) {
if ($codes[$http_code] == "OK") {
$client = new Zend_Http_Client($this_url);
$response = $client->request();
if ($response->isSuccessful()) {
$uri = Zend_Uri_Http::fromString($this_url);
$fname = '';
$fpath = $file->getTemporaryDirectory();
// figure out a filename based on filename, mimetype, ???
if (preg_match('/^.+?[\\/]([-\\w%]+\\.[-\\w%]+)$/', $uri->getPath(), $matches)) {
// got a filename (with extension)... use it
$fname = $matches[1];
} else {
if (!is_null($response->getHeader('Content-Type'))) {
// use mimetype from http response
$fextension = MimeHelper::mimeToExtension($response->getHeader('Content-Type'));
if ($fextension === false) {
$errors[] = t('Unknown mime-type: ') . $response->getHeader('Content-Type');
} else {
// make sure we're coming up with a unique filename
do {
// make up a filename based on the current date/time, a random int, and the extension from the mime-type
$fname = date('d-m-Y_H:i_') . mt_rand(100, 999) . '.' . $fextension;
} while (file_exists($fpath . '/' . $fname));
}
}
}
//else {
// if we can't get the filename from the file itself OR from the mime-type I'm not sure there's much else we can do
//}
if (strlen($fname)) {
// write the downloaded file to a temporary location on disk
$handle = fopen($fpath . '/' . $fname, "w");
fwrite($handle, $response->getBody());
fclose($handle);
// import the file into concrete
if ($fp->canAddFileType($cf->getExtension($fname))) {
$fi = new FileImporter();
$resp = $fi->import($fpath . '/' . $fname, $fname, $fr);
} else {
$resp = FileImporter::E_FILE_INVALID_EXTENSION;
}
if (!$resp instanceof FileVersion) {
$errors[] .= $fname . ': ' . FileImporter::getErrorMessage($resp) . "\n";
} else {
$import_responses[] = $resp;
}
// clean up the file
unlink($fpath . '/' . $fname);
} else {
// could not figure out a file name
$errors[] = t('Could not determine the name of the file at ') . $this_url;
}
} else {
// warn that we couldn't download the file
$errors[] = t('There was an error downloading ') . $this_url;
}
}
} else {
$errors[] = t("Error connecting to file's server, file skipped");
}
}
}
//print_r($errors);
if ($resp instanceof FileVersion) {
return $resp;
}
}
/**
* Display this class
*/
private function prepareSmarty()
{
$this->smarty = new Template();
$this->smarty->assign('heading', $this->file->filename);
$this->smarty->assign('title', $this->file->filename);
$this->smarty->assign('file', $this->file);
$this->smarty->requireResource('file');
$select = new Select('permission', '', FilePermissions::getAll());
$select->selected_value = $this->file->permission;
$this->smarty->assign('permission', $select->render());
}
public function permissions()
{
try {
$file = File::find('alias', $this->getParam('alias', ''));
} catch (FileNotFoundException $e) {
System::displayError(System::getLanguage()->_('ErrorFileNotFound'), '404 Not Found');
}
$form = new Form('form-permissions', '');
$fieldset = new Fieldset(System::getLanguage()->_('PermissionSetting'));
$permission = new Select('permission', System::getLanguage()->_('Permission'), FilePermissions::getAll());
$permission->selected_value = $file->permission;
$password = new Password('password', System::getLanguage()->_('Password'));
$fieldset->addElements($permission, $password);
$form->addElements($fieldset);
if (Utils::getPOST('submit', false) !== false) {
if ($form->validate()) {
if ($permission->selected_value == 2 && empty($password->value)) {
$password->error = System::getLanguage()->_('InvalidPassword');
} else {
$file->permission->setPermission($permission->selected_value, $password->value);
System::forwardToRoute(Router::getInstance()->build('DownloadController', 'download', $file));
exit;
}
}
}
$form->addButton(new Button(System::getLanguage()->_('Cancel'), 'icon icon-cancel', Router::getInstance()->build('DownloadController', 'download', $file)));
$smarty = new Template();
$smarty->assign('title', System::getLanguage()->_('PermissionSetting'));
$smarty->assign('form', $form->__toString());
$smarty->display('form.tpl');
}
/**
* Return true if the PHP process is allowed to create files
*
* @return boolean True if the PHP process is allowed to create files
*/
protected function checkFilePermissions()
{
$permissions = new FilePermissions();
if ($permissions->hasSafeMode()) {
return true;
}
if (!$permissions->canCreateFolder()) {
return true;
}
if (!$permissions->canCreateFile()) {
return true;
}
return false;
}
public function upload()
{
$form = new Form('form-upload', Router::getInstance()->build('UploadController', 'upload'));
$form->setAttribute('data-noajax', 'true');
$form->setEnctype();
$fieldset = new Fieldset(System::getLanguage()->_('General'));
$folderInput = new Select('folder', System::getLanguage()->_('ChooseFolder'), Folder::getAll());
$folderInput->selected_value = Utils::getGET('parent', NULL);
$fieldset->addElements($folderInput);
$form->addElements($fieldset);
$fieldset = new Fieldset(System::getLanguage()->_('FileUpload'));
$fileInput = new FileUpload('file', System::getLanguage()->_('ChooseFile'), false);
$fieldset->addElements($fileInput);
$form->addElements($fieldset);
if (DOWNLOAD_VIA_SERVER) {
$fieldset = new Fieldset(System::getLanguage()->_('UploadFromURL'));
$url = new Text('url', System::getLanguage()->_('EnterURL'), false);
$name = new Text('name', System::getLanguage()->_('Name'), false);
$name->setValue(System::getLanguage()->_('DownloadedFile'));
$fieldset->addElements($url, $name);
$form->addElements($fieldset);
}
$fieldset = new Fieldset(System::getLanguage()->_('PermissionSetting'));
$permissionInput = new Select('permissions', System::getLanguage()->_('Permission'), FilePermissions::getAll());
$permissionInput->selected_value = DEFAULT_FILE_PERMISSION;
$password = new Password('password', System::getLanguage()->_('Password'), false);
$fieldset->addElements($permissionInput, $password);
$form->addElements($fieldset);
if (Utils::getPOST('submit', false) != false) {
if ($permissionInput->selected_value == 2 && empty($password->value)) {
$password->error = System::getLanguage()->_('ErrorEmptyTextfield');
} else {
if ($form->validate() && (!empty($url->value) || !empty($fileInput->uploaded_file))) {
// Specify input control for error display
$err = empty($url->value) ? $fileInput : $url;
try {
$folder = Folder::find('_id', $folderInput->selected_value);
$file = new File();
$file->folder = $folder;
$file->permission = $permissionInput->selected_value;
$file->password = $password->value;
if (empty($url->value)) {
$file->filename = $fileInput->filename;
$file->upload($fileInput->uploaded_file);
} else {
$file->filename = $name->value;
$file->remote($url->value);
}
$file->save();
System::forwardToRoute(Router::getInstance()->build('BrowserController', 'show', $folder));
exit;
} catch (UploadException $e) {
$fileInput->filename = '';
$fileInput->uploaded_file = '';
$err->error = $e->getMessage();
if ($e->getCode() != 0) {
$err->error .= ' Code: ' . $e->getCode();
}
} catch (QuotaExceededException $e) {
$err->error = System::getLanguage()->_('ErrorQuotaExceeded');
} catch (Exception $e) {
$fileInput->filename = '';
$fileInput->uploaded_file = '';
$err->error = System::getLanguage()->_('ErrorWhileUpload') . ' ' . $e->getMessage();
}
}
}
}
$form->setSubmit(new Button(System::getLanguage()->_('Upload'), 'open'));
if ($folderInput->selected_value == 0) {
$form->addButton(new Button(System::getLanguage()->_('Cancel'), '', Router::getInstance()->build('BrowserController', 'index')));
} else {
$form->addButton(new Button(System::getLanguage()->_('Cancel'), '', Router::getInstance()->build('BrowserController', 'show', new Folder($folderInput->selected_value))));
}
$smarty = new Template();
$smarty->assign('title', System::getLanguage()->_('Upload'));
$smarty->assign('heading', System::getLanguage()->_('FileUpload'));
$smarty->assign('form', $form->__toString());
$smarty->assign('BODY_CLASS', 'preventreload');
$smarty->requireResource('upload');
$smarty->display('form.tpl');
}
public function upload_files()
{
$files = array();
if ($this->token->validate('upload_files')) {
$r = $this->entityManager->getRepository('\\PortlandLabs\\Concrete5\\MigrationTool\\Entity\\Import\\Batch');
$batch = $r->findOneById($this->request->request('id'));
if (is_object($batch)) {
$cf = \Core::make('helper/file');
$fp = \FilePermissions::getGlobal();
if (isset($_FILES['file']) && is_uploaded_file($_FILES['file']['tmp_name'])) {
if (!$fp->canAddFileType($cf->getExtension($_FILES['file']['name']))) {
throw new \Exception(Importer::getErrorMessage(Importer::E_FILE_INVALID_EXTENSION));
} else {
$ih = new Importer();
$response = $ih->import($_FILES['file']['tmp_name'], $_FILES['file']['name']);
if (!$response instanceof \Concrete\Core\File\Version) {
throw new \Exception(Importer::getErrorMessage($response));
} else {
$file = $response->getFile();
$fs = Set::getByName($batch->getID());
if (!is_object($fs)) {
$fs = Set::createAndGetSet($batch->getID(), Set::TYPE_PRIVATE);
}
$fs->addFileToSet($file);
$files[] = $file;
}
}
}
}
}
$this->flash('success', t('File(s) uploaded successfully'));
$r = new \Concrete\Core\File\EditResponse();
$r->setFiles($files);
$r->outputJSON();
}
public function permission()
{
$permission = $this->getRequestParam('permission', NULL);
$password = $this->getRequestParam('password', '');
$file_alias = $this->getRequestParam('file_alias', NULL);
$file_id = $this->getRequestParam('file_id', NULL);
$response = new AjaxResponse();
try {
if ($permission == NULL || !FilePermissions::tryParse($permission)) {
throw new Exception();
}
if ($file_alias != NULL) {
$file = File::find('alias', $file_alias);
} else {
if ($file_id != NULL) {
$file = File::find('_id', $file_id);
} else {
throw new Exception();
}
}
$file->permission = $permission;
$file->password = $password;
$file->save();
$response->success = true;
} catch (InvalidArgumentException $e) {
$response->success = false;
$response->message = System::getLanguage()->_('ErrorInvalidParameter');
} catch (InvalidPasswordException $e) {
$response->success = false;
$response->message = System::getLanguage()->_('ErrorInvalidPassword');
} catch (NotAuthorisedException $e) {
$response->success = false;
$response->message = System::getLanguage()->_('PermissionDenied');
} catch (Exception $e) {
$response->success = false;
$response->message = System::getLanguage()->_('ErrorInvalidParameter');
}
$response->send();
}
/**
* Setter
*/
public function __set($property, $value)
{
if (!in_array($property, explode(',', File::READONLY))) {
if ($property == 'password') {
$this->salt = hash('sha512', uniqid());
$this->password = Utils::createPasswordHash($value, $this->salt);
return;
} else {
if ($property == 'permission') {
$this->permission = FilePermissions::parse($value);
return;
} else {
if ($property == 'folder' && $value === NULL) {
$this->folderid = NULL;
return;
} else {
if ($property == 'folder' && $value instanceof Folder) {
$this->folderid = $value->id;
return;
}
}
}
}
$this->{$property} = $value;
if ($property == 'filename') {
$this->ext = File::getExtension($this->filename);
}
} else {
throw new InvalidArgumentException('Property ' . $property . ' is readonly');
}
}