コード例 #1
0
ファイル: files.php プロジェクト: ppiedaderawnet/concrete5
 protected function canAccess()
 {
     $cp = \FilePermissions::getGlobal();
     if ($cp->canSearchFiles()) {
         return true;
     }
     return false;
 }
コード例 #2
0
ファイル: controller.php プロジェクト: rii-J/concrete5-de
	public function displayItem() {
		$u = new User();
		if ($u->isRegistered()) {
			$fp = FilePermissions::getGlobal();
			if ($fp->canSearchFiles() && $u->config('UI_FILEMANAGER')) {
				return true;
			}
		}
		return false;
	}
コード例 #3
0
 public function canImport($file)
 {
     $cf = Loader::helper("file");
     $fp = FilePermissions::getGlobal();
     if (!$fp->canAddFiles()) {
         $message = FileImporter::getErrorMessage(FileImporter::E_PHP_FILE_ERROR_DEFAULT);
         return $message;
     }
     if (!$fp->canAddFileType($cf->getExtension($file))) {
         $message = FileImporter::getErrorMessage(FileImporter::E_FILE_INVALID_EXTENSION);
         return $message;
     }
     return true;
 }
コード例 #4
0
ファイル: sets.php プロジェクト: ppiedaderawnet/concrete5
 public function submit()
 {
     $requestSets = array();
     if (is_array($this->request->request->get('fsID'))) {
         $requestSets = $this->request->request->get('fsID');
     }
     $fsp = \FilePermissions::getGlobal();
     if ($this->validateAction()) {
         $sets = Set::getMySets();
         foreach ($sets as $set) {
             if (in_array($set->getFileSetID(), $requestSets) && $fsp->canAddFile($this->file) && !$this->file->inFileSet($set)) {
                 // This was checked and it wasn't in the file set previously
                 $set->addFileToSet($this->file);
             }
             if ($this->file->inFileSet($set) && !in_array($set->getFileSetID(), $requestSets) && $fsp->canAddFile($this->file)) {
                 // This was not checked but it used to be in the set.
                 $set->removeFileFromSet($this->file);
             }
         }
     }
     $fsNew = $this->request->request->get('fsNew');
     $fsNewShare = $this->request->request->get('fsNewShare');
     if (is_array($fsNew)) {
         foreach ($fsNew as $i => $name) {
             if ($name) {
                 $type = $fsNewShare[$i] == 1 ? Set::TYPE_PUBLIC : Set::TYPE_PRIVATE;
                 $fs = Set::createAndGetSet($fsNew[$i], $type);
                 $fs->addFileToSet($this->file);
             }
         }
     }
     $response = new EditResponse();
     $response->setFile($this->file);
     $response->setMessage(t('File sets updated successfully.'));
     $response->outputJSON();
 }
コード例 #5
0
<?php

defined('C5_EXECUTE') or die("Access Denied.");
$u = new User();
$ch = Loader::helper('concrete/file');
$h = Loader::helper('concrete/interface');
$form = Loader::helper('form');
$fp = FilePermissions::getGlobal();
if (!$fp->canAddFiles()) {
    die(t("Unable to add files."));
}
$types = $fp->getAllowedFileExtensions();
$searchInstance = Loader::helper('text')->entities($_REQUEST['searchInstance']);
$ocID = 0;
if (Loader::helper('validation/numbers')->integer($_REQUEST['ocID'])) {
    $ocID = $_REQUEST['ocID'];
}
$types = $ch->serializeUploadFileExtensions($types);
$valt = Loader::helper('validation/token');
?>
<div class="ccm-ui">
<ul class="tabs" id="ccm-file-import-tabs">
<li class="active"><a href="javascript:void(0)" id="ccm-file-add-multiple"><?php 
echo t('Upload Multiple');
?>
</a></li>
<li><a href="javascript:void(0)" id="ccm-file-add-incoming"><?php 
echo t('Add Incoming');
?>
</a></li>
<li><a href="javascript:void(0)" id="ccm-file-add-remote"><?php 
コード例 #6
0
ファイル: file_list.php プロジェクト: homer6/concrete5-mirror
 protected function setupFilePermissions()
 {
     $u = new User();
     if ($this->permissionLevel == false || $u->isSuperUser()) {
         return false;
     }
     $vs = FileSetPermissions::getOverriddenSets($this->permissionLevel, FilePermissions::PTYPE_ALL);
     $nvs = FileSetPermissions::getOverriddenSets($this->permissionLevel, FilePermissions::PTYPE_NONE);
     $vsm = FileSetPermissions::getOverriddenSets($this->permissionLevel, FilePermissions::PTYPE_MINE);
     // we remove all the items from nonviewableSets that appear in viewableSets because viewing trumps non-viewing
     for ($i = 0; $i < count($nvs); $i++) {
         if (in_array($nvs[$i], $vs)) {
             unset($nvs[$i]);
         }
     }
     // we have $nvs, which is an array of sets of files that we CANNOT see
     // first, we add -1 so that we are always dealing with an array that at least has one value, just for
     // query writing sanity sake
     $nvs[] = -1;
     $vs[] = -1;
     $vsm[] = -1;
     //$this->debug();
     // this excludes all file that are found in sets that I can't find
     $this->filter(false, '((select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $nvs) . ')) = 0)');
     $uID = $u->isRegistered() ? $u->getUserID() : 0;
     // This excludes all files found in sets where I may only read mine, and I did not upload the file
     $this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $vsm) . ')) = 0)');
     $fp = FilePermissions::getGlobal();
     if ($fp->getFileSearchLevel() == FilePermissions::PTYPE_MINE) {
         // this means that we're only allowed to read files we've uploaded (unless, of course, those files are in previously covered sets)
         $this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $vs) . ')) > 0)');
     }
     // now we filter out files we directly don't have access to
     $groups = $u->getUserGroups();
     $groupIDs = array();
     foreach ($groups as $key => $value) {
         $groupIDs[] = $key;
     }
     $uID = -1;
     if ($u->isRegistered()) {
         $uID = $u->getUserID();
     }
     if (PERMISSIONS_MODEL != 'simple') {
         // There is a really stupid MySQL bug that, if the subquery returns null, the entire query is nullified
         // So I have to do this query OUTSIDE of MySQL and give it to mysql
         $db = Loader::db();
         $fIDs = $db->GetCol("select Files.fID from Files inner join FilePermissions on FilePermissions.fID = Files.fID where fOverrideSetPermissions = 1 and (FilePermissions.gID in (" . implode(',', $groupIDs) . ") or FilePermissions.uID = {$uID}) having max(" . $this->permissionLevel . ") = 0");
         if (count($fIDs) > 0) {
             $this->filter(false, "(f.fID not in (" . implode(',', $fIDs) . "))");
         }
     }
 }
コード例 #7
0
 function importFile($fileUrl)
 {
     $u = new User();
     $cf = Loader::helper('file');
     $fp = FilePermissions::getGlobal();
     if (!$fp->canAddFiles()) {
         die(t("Unable to add files."));
     }
     //$valt = Loader::helper('validation/token');
     Loader::library("file/importer");
     Loader::library('3rdparty/Zend/Http/Client');
     Loader::library('3rdparty/Zend/Uri/Http');
     $file = Loader::helper('file');
     Loader::helper('mime');
     $error = array();
     // load all the incoming fields into an array
     $this_url = $fileUrl;
     // validate URL
     if (Zend_Uri_Http::check($this_url)) {
         // URL appears to be good... add it
         $incoming_urls[] = $this_url;
     } else {
         $errors[] = '"' . $this_url . '"' . t(' is not a valid URL.');
     }
     //}
     //if (!$valt->validate('import_remote')) {
     //	$errors[] = $valt->getErrorMessage();
     //}
     if (count($incoming_urls) < 1) {
         $errors[] = t('You must specify at least one valid URL.');
     }
     $import_responses = array();
     // if we haven't gotten any errors yet then try to process the form
     if (count($errors) < 1) {
         // itterate over each incoming URL adding if relevant
         foreach ($incoming_urls as $this_url) {
             // try to D/L the provided file
             // This all sets up the CURL actions to check the page
             $ch = curl_init();
             curl_setopt($ch, CURLOPT_URL, $this_url);
             curl_setopt($ch, CURLOPT_HEADER, true);
             curl_setopt($ch, CURLOPT_NOBODY, true);
             curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
             curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
             curl_setopt($ch, CURLOPT_MAXREDIRS, 10);
             //follow up to 10 redirections - avoids loops
             $data = curl_exec($ch);
             $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
             // Get the HTTP Code
             // Get final redirected URL, will be the same if URL is not redirected
             $new_url = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);
             curl_close($ch);
             // Array of HTTP status codes. Trim down if you would like to.
             $codes = array(0 => 'Domain Not Found', 100 => 'Continue', 101 => 'Switching Protocols', 200 => 'OK', 201 => 'Created', 202 => 'Accepted', 203 => 'Non-Authoritative Information', 204 => 'No Content', 205 => 'Reset Content', 206 => 'Partial Content', 300 => 'Multiple Choices', 301 => 'Moved Permanently', 302 => 'Found', 303 => 'See Other', 304 => 'Not Modified', 305 => 'Use Proxy', 307 => 'Temporary Redirect', 400 => 'Bad Request', 401 => 'Unauthorized', 402 => 'Payment Required', 403 => 'Forbidden', 404 => 'Not Found', 405 => 'Method Not Allowed', 406 => 'Not Acceptable', 407 => 'Proxy Authentication Required', 408 => 'Request Timeout', 409 => 'Conflict', 410 => 'Gone', 411 => 'Length Required', 412 => 'Precondition Failed', 413 => 'Request Entity Too Large', 414 => 'Request-URI Too Long', 415 => 'Unsupported Media Type', 416 => 'Requested Range Not Satisfiable', 417 => 'Expectation Failed', 500 => 'Internal Server Error', 501 => 'Not Implemented', 502 => 'Bad Gateway', 503 => 'Service Unavailable', 504 => 'Gateway Timeout', 505 => 'HTTP Version Not Supported');
             if (isset($codes[$http_code])) {
                 if ($codes[$http_code] == "OK") {
                     $client = new Zend_Http_Client($this_url);
                     $response = $client->request();
                     if ($response->isSuccessful()) {
                         $uri = Zend_Uri_Http::fromString($this_url);
                         $fname = '';
                         $fpath = $file->getTemporaryDirectory();
                         // figure out a filename based on filename, mimetype, ???
                         if (preg_match('/^.+?[\\/]([-\\w%]+\\.[-\\w%]+)$/', $uri->getPath(), $matches)) {
                             // got a filename (with extension)... use it
                             $fname = $matches[1];
                         } else {
                             if (!is_null($response->getHeader('Content-Type'))) {
                                 // use mimetype from http response
                                 $fextension = MimeHelper::mimeToExtension($response->getHeader('Content-Type'));
                                 if ($fextension === false) {
                                     $errors[] = t('Unknown mime-type: ') . $response->getHeader('Content-Type');
                                 } else {
                                     // make sure we're coming up with a unique filename
                                     do {
                                         // make up a filename based on the current date/time, a random int, and the extension from the mime-type
                                         $fname = date('d-m-Y_H:i_') . mt_rand(100, 999) . '.' . $fextension;
                                     } while (file_exists($fpath . '/' . $fname));
                                 }
                             }
                         }
                         //else {
                         // if we can't get the filename from the file itself OR from the mime-type I'm not sure there's much else we can do
                         //}
                         if (strlen($fname)) {
                             // write the downloaded file to a temporary location on disk
                             $handle = fopen($fpath . '/' . $fname, "w");
                             fwrite($handle, $response->getBody());
                             fclose($handle);
                             // import the file into concrete
                             if ($fp->canAddFileType($cf->getExtension($fname))) {
                                 $fi = new FileImporter();
                                 $resp = $fi->import($fpath . '/' . $fname, $fname, $fr);
                             } else {
                                 $resp = FileImporter::E_FILE_INVALID_EXTENSION;
                             }
                             if (!$resp instanceof FileVersion) {
                                 $errors[] .= $fname . ': ' . FileImporter::getErrorMessage($resp) . "\n";
                             } else {
                                 $import_responses[] = $resp;
                             }
                             // clean up the file
                             unlink($fpath . '/' . $fname);
                         } else {
                             // could not figure out a file name
                             $errors[] = t('Could not determine the name of the file at ') . $this_url;
                         }
                     } else {
                         // warn that we couldn't download the file
                         $errors[] = t('There was an error downloading ') . $this_url;
                     }
                 }
             } else {
                 $errors[] = t("Error connecting to file's server, file skipped");
             }
         }
     }
     //print_r($errors);
     if ($resp instanceof FileVersion) {
         return $resp;
     }
 }
コード例 #8
0
 /**
  * Display this class
  */
 private function prepareSmarty()
 {
     $this->smarty = new Template();
     $this->smarty->assign('heading', $this->file->filename);
     $this->smarty->assign('title', $this->file->filename);
     $this->smarty->assign('file', $this->file);
     $this->smarty->requireResource('file');
     $select = new Select('permission', '', FilePermissions::getAll());
     $select->selected_value = $this->file->permission;
     $this->smarty->assign('permission', $select->render());
 }
コード例 #9
0
 public function permissions()
 {
     try {
         $file = File::find('alias', $this->getParam('alias', ''));
     } catch (FileNotFoundException $e) {
         System::displayError(System::getLanguage()->_('ErrorFileNotFound'), '404 Not Found');
     }
     $form = new Form('form-permissions', '');
     $fieldset = new Fieldset(System::getLanguage()->_('PermissionSetting'));
     $permission = new Select('permission', System::getLanguage()->_('Permission'), FilePermissions::getAll());
     $permission->selected_value = $file->permission;
     $password = new Password('password', System::getLanguage()->_('Password'));
     $fieldset->addElements($permission, $password);
     $form->addElements($fieldset);
     if (Utils::getPOST('submit', false) !== false) {
         if ($form->validate()) {
             if ($permission->selected_value == 2 && empty($password->value)) {
                 $password->error = System::getLanguage()->_('InvalidPassword');
             } else {
                 $file->permission->setPermission($permission->selected_value, $password->value);
                 System::forwardToRoute(Router::getInstance()->build('DownloadController', 'download', $file));
                 exit;
             }
         }
     }
     $form->addButton(new Button(System::getLanguage()->_('Cancel'), 'icon icon-cancel', Router::getInstance()->build('DownloadController', 'download', $file)));
     $smarty = new Template();
     $smarty->assign('title', System::getLanguage()->_('PermissionSetting'));
     $smarty->assign('form', $form->__toString());
     $smarty->display('form.tpl');
 }
コード例 #10
0
ファイル: index.php プロジェクト: hbelow/check
 /**
  * Return true if the PHP process is allowed to create files
  *
  * @return boolean True if the PHP process is allowed to create files
  */
 protected function checkFilePermissions()
 {
     $permissions = new FilePermissions();
     if ($permissions->hasSafeMode()) {
         return true;
     }
     if (!$permissions->canCreateFolder()) {
         return true;
     }
     if (!$permissions->canCreateFile()) {
         return true;
     }
     return false;
 }
コード例 #11
0
 public function upload()
 {
     $form = new Form('form-upload', Router::getInstance()->build('UploadController', 'upload'));
     $form->setAttribute('data-noajax', 'true');
     $form->setEnctype();
     $fieldset = new Fieldset(System::getLanguage()->_('General'));
     $folderInput = new Select('folder', System::getLanguage()->_('ChooseFolder'), Folder::getAll());
     $folderInput->selected_value = Utils::getGET('parent', NULL);
     $fieldset->addElements($folderInput);
     $form->addElements($fieldset);
     $fieldset = new Fieldset(System::getLanguage()->_('FileUpload'));
     $fileInput = new FileUpload('file', System::getLanguage()->_('ChooseFile'), false);
     $fieldset->addElements($fileInput);
     $form->addElements($fieldset);
     if (DOWNLOAD_VIA_SERVER) {
         $fieldset = new Fieldset(System::getLanguage()->_('UploadFromURL'));
         $url = new Text('url', System::getLanguage()->_('EnterURL'), false);
         $name = new Text('name', System::getLanguage()->_('Name'), false);
         $name->setValue(System::getLanguage()->_('DownloadedFile'));
         $fieldset->addElements($url, $name);
         $form->addElements($fieldset);
     }
     $fieldset = new Fieldset(System::getLanguage()->_('PermissionSetting'));
     $permissionInput = new Select('permissions', System::getLanguage()->_('Permission'), FilePermissions::getAll());
     $permissionInput->selected_value = DEFAULT_FILE_PERMISSION;
     $password = new Password('password', System::getLanguage()->_('Password'), false);
     $fieldset->addElements($permissionInput, $password);
     $form->addElements($fieldset);
     if (Utils::getPOST('submit', false) != false) {
         if ($permissionInput->selected_value == 2 && empty($password->value)) {
             $password->error = System::getLanguage()->_('ErrorEmptyTextfield');
         } else {
             if ($form->validate() && (!empty($url->value) || !empty($fileInput->uploaded_file))) {
                 // Specify input control for error display
                 $err = empty($url->value) ? $fileInput : $url;
                 try {
                     $folder = Folder::find('_id', $folderInput->selected_value);
                     $file = new File();
                     $file->folder = $folder;
                     $file->permission = $permissionInput->selected_value;
                     $file->password = $password->value;
                     if (empty($url->value)) {
                         $file->filename = $fileInput->filename;
                         $file->upload($fileInput->uploaded_file);
                     } else {
                         $file->filename = $name->value;
                         $file->remote($url->value);
                     }
                     $file->save();
                     System::forwardToRoute(Router::getInstance()->build('BrowserController', 'show', $folder));
                     exit;
                 } catch (UploadException $e) {
                     $fileInput->filename = '';
                     $fileInput->uploaded_file = '';
                     $err->error = $e->getMessage();
                     if ($e->getCode() != 0) {
                         $err->error .= ' Code: ' . $e->getCode();
                     }
                 } catch (QuotaExceededException $e) {
                     $err->error = System::getLanguage()->_('ErrorQuotaExceeded');
                 } catch (Exception $e) {
                     $fileInput->filename = '';
                     $fileInput->uploaded_file = '';
                     $err->error = System::getLanguage()->_('ErrorWhileUpload') . ' ' . $e->getMessage();
                 }
             }
         }
     }
     $form->setSubmit(new Button(System::getLanguage()->_('Upload'), 'open'));
     if ($folderInput->selected_value == 0) {
         $form->addButton(new Button(System::getLanguage()->_('Cancel'), '', Router::getInstance()->build('BrowserController', 'index')));
     } else {
         $form->addButton(new Button(System::getLanguage()->_('Cancel'), '', Router::getInstance()->build('BrowserController', 'show', new Folder($folderInput->selected_value))));
     }
     $smarty = new Template();
     $smarty->assign('title', System::getLanguage()->_('Upload'));
     $smarty->assign('heading', System::getLanguage()->_('FileUpload'));
     $smarty->assign('form', $form->__toString());
     $smarty->assign('BODY_CLASS', 'preventreload');
     $smarty->requireResource('upload');
     $smarty->display('form.tpl');
 }
コード例 #12
0
 public function upload_files()
 {
     $files = array();
     if ($this->token->validate('upload_files')) {
         $r = $this->entityManager->getRepository('\\PortlandLabs\\Concrete5\\MigrationTool\\Entity\\Import\\Batch');
         $batch = $r->findOneById($this->request->request('id'));
         if (is_object($batch)) {
             $cf = \Core::make('helper/file');
             $fp = \FilePermissions::getGlobal();
             if (isset($_FILES['file']) && is_uploaded_file($_FILES['file']['tmp_name'])) {
                 if (!$fp->canAddFileType($cf->getExtension($_FILES['file']['name']))) {
                     throw new \Exception(Importer::getErrorMessage(Importer::E_FILE_INVALID_EXTENSION));
                 } else {
                     $ih = new Importer();
                     $response = $ih->import($_FILES['file']['tmp_name'], $_FILES['file']['name']);
                     if (!$response instanceof \Concrete\Core\File\Version) {
                         throw new \Exception(Importer::getErrorMessage($response));
                     } else {
                         $file = $response->getFile();
                         $fs = Set::getByName($batch->getID());
                         if (!is_object($fs)) {
                             $fs = Set::createAndGetSet($batch->getID(), Set::TYPE_PRIVATE);
                         }
                         $fs->addFileToSet($file);
                         $files[] = $file;
                     }
                 }
             }
         }
     }
     $this->flash('success', t('File(s) uploaded successfully'));
     $r = new \Concrete\Core\File\EditResponse();
     $r->setFiles($files);
     $r->outputJSON();
 }
コード例 #13
0
 public function permission()
 {
     $permission = $this->getRequestParam('permission', NULL);
     $password = $this->getRequestParam('password', '');
     $file_alias = $this->getRequestParam('file_alias', NULL);
     $file_id = $this->getRequestParam('file_id', NULL);
     $response = new AjaxResponse();
     try {
         if ($permission == NULL || !FilePermissions::tryParse($permission)) {
             throw new Exception();
         }
         if ($file_alias != NULL) {
             $file = File::find('alias', $file_alias);
         } else {
             if ($file_id != NULL) {
                 $file = File::find('_id', $file_id);
             } else {
                 throw new Exception();
             }
         }
         $file->permission = $permission;
         $file->password = $password;
         $file->save();
         $response->success = true;
     } catch (InvalidArgumentException $e) {
         $response->success = false;
         $response->message = System::getLanguage()->_('ErrorInvalidParameter');
     } catch (InvalidPasswordException $e) {
         $response->success = false;
         $response->message = System::getLanguage()->_('ErrorInvalidPassword');
     } catch (NotAuthorisedException $e) {
         $response->success = false;
         $response->message = System::getLanguage()->_('PermissionDenied');
     } catch (Exception $e) {
         $response->success = false;
         $response->message = System::getLanguage()->_('ErrorInvalidParameter');
     }
     $response->send();
 }
コード例 #14
0
 /**
  * Setter
  */
 public function __set($property, $value)
 {
     if (!in_array($property, explode(',', File::READONLY))) {
         if ($property == 'password') {
             $this->salt = hash('sha512', uniqid());
             $this->password = Utils::createPasswordHash($value, $this->salt);
             return;
         } else {
             if ($property == 'permission') {
                 $this->permission = FilePermissions::parse($value);
                 return;
             } else {
                 if ($property == 'folder' && $value === NULL) {
                     $this->folderid = NULL;
                     return;
                 } else {
                     if ($property == 'folder' && $value instanceof Folder) {
                         $this->folderid = $value->id;
                         return;
                     }
                 }
             }
         }
         $this->{$property} = $value;
         if ($property == 'filename') {
             $this->ext = File::getExtension($this->filename);
         }
     } else {
         throw new InvalidArgumentException('Property ' . $property . ' is readonly');
     }
 }