/** * Deletes paths from the current path * * @since 1.5 */ public function delete() { Session::checkToken(['get', 'post']); // Get some data from the request $tmpl = Request::getCmd('tmpl'); $paths = Request::getVar('rm', array(), '', 'array'); $folder = Request::getVar('folder', '', '', 'path'); $redirect = 'index.php?option=com_media&folder=' . $folder; if ($tmpl == 'component') { // We are inside the iframe $redirect .= '&view=mediaList&tmpl=component'; } $this->setRedirect($redirect); // Nothing to delete if (empty($paths)) { return true; } // Authorize the user if (!$this->authoriseUser('delete')) { return false; } // Set FTP credentials, if given JClientHelper::setCredentialsFromRequest('ftp'); // Initialise variables. $ret = true; foreach ($paths as $path) { if ($path !== Filesystem::clean($path)) { // filename is not safe $filename = htmlspecialchars($path, ENT_COMPAT, 'UTF-8'); Notify::warning(Lang::txt('COM_MEDIA_ERROR_UNABLE_TO_DELETE_FILE_WARNFILENAME', substr($filename, strlen(COM_MEDIA_BASE)))); continue; } $fullPath = Filesystem::cleanPath(implode(DIRECTORY_SEPARATOR, array(COM_MEDIA_BASE, $folder, $path))); $object_file = new \Hubzero\Base\Object(array('filepath' => $fullPath)); if (is_file($fullPath)) { // Trigger the onContentBeforeDelete event. $result = Event::trigger('content.onContentBeforeDelete', array('com_media.file', &$object_file)); if (in_array(false, $result, true)) { // There are some errors in the plugins Notify::warning(Lang::txts('COM_MEDIA_ERROR_BEFORE_DELETE', count($errors = $object_file->getErrors()), implode('<br />', $errors))); continue; } $ret &= Filesystem::delete($fullPath); // Trigger the onContentAfterDelete event. Event::trigger('content.onContentAfterDelete', array('com_media.file', &$object_file)); $this->setMessage(Lang::txt('COM_MEDIA_DELETE_COMPLETE', substr($fullPath, strlen(COM_MEDIA_BASE)))); } elseif (is_dir($fullPath)) { $contents = Filesystem::files($fullPath, '.', true, false, array('.svn', 'CVS', '.DS_Store', '__MACOSX', 'index.html')); if (empty($contents)) { // Trigger the onContentBeforeDelete event. $result = Event::trigger('content.onContentBeforeDelete', array('com_media.folder', &$object_file)); if (in_array(false, $result, true)) { // There are some errors in the plugins Notify::warning(Lang::txts('COM_MEDIA_ERROR_BEFORE_DELETE', count($errors = $object_file->getErrors()), implode('<br />', $errors))); continue; } $ret &= Filesystem::deleteDirectory($fullPath); // Trigger the onContentAfterDelete event. Event::trigger('content.onContentAfterDelete', array('com_media.folder', &$object_file)); $this->setMessage(Lang::txt('COM_MEDIA_DELETE_COMPLETE', substr($fullPath, strlen(COM_MEDIA_BASE)))); } else { // This makes no sense... Notify::warning(Lang::txt('COM_MEDIA_ERROR_UNABLE_TO_DELETE_FOLDER_NOT_EMPTY', substr($fullPath, strlen(COM_MEDIA_BASE)))); } } } return $ret; }
/** * Upload a file * * @since 1.5 */ function upload() { $params = Component::params('com_media'); // Check for request forgeries if (!Session::checkToken(['get', 'post'], true)) { $response = array('status' => '0', 'error' => Lang::txt('JINVALID_TOKEN')); echo json_encode($response); return; } // Get the user $log = JLog::getInstance('upload.error.php'); // Get some data from the request $file = Request::getVar('Filedata', '', 'files', 'array'); $folder = Request::getVar('folder', '', '', 'path'); $return = Request::getVar('return-url', null, 'post', 'base64'); if ($_SERVER['CONTENT_LENGTH'] > $params->get('upload_maxsize', 0) * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > (int) ini_get('upload_max_filesize') * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > (int) ini_get('post_max_size') * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > (int) ini_get('memory_limit') * 1024 * 1024) { $response = array('status' => '0', 'error' => Lang::txt('COM_MEDIA_ERROR_WARNFILETOOLARGE')); echo json_encode($response); return; } // Set FTP credentials, if given JClientHelper::setCredentialsFromRequest('ftp'); // Make the filename safe $file['name'] = Filesystem::clean($file['name']); if (isset($file['name'])) { // The request is valid $err = null; $filepath = \Hubzero\Filesystem\Util::normalizePath(COM_MEDIA_BASE . '/' . $folder . '/' . strtolower($file['name'])); if (!MediaHelper::canUpload($file, $err)) { $log->addEntry(array('comment' => 'Invalid: ' . $filepath . ': ' . $err)); $response = array('status' => '0', 'error' => Lang::txt($err)); echo json_encode($response); return; } // Trigger the onContentBeforeSave event. $object_file = new \Hubzero\Base\Object($file); $object_file->filepath = $filepath; $result = Event::trigger('content.onContentBeforeSave', array('com_media.file', &$object_file, true)); if (in_array(false, $result, true)) { // There are some errors in the plugins $log->addEntry(array('comment' => 'Errors before save: ' . $filepath . ' : ' . implode(', ', $object_file->getErrors()))); $response = array('status' => '0', 'error' => Lang::txts('COM_MEDIA_ERROR_BEFORE_SAVE', count($errors = $object_file->getErrors()), implode('<br />', $errors))); echo json_encode($response); return; } if (Filesystem::exists($filepath)) { // File exists $log->addEntry(array('comment' => 'File exists: ' . $filepath . ' by user_id ' . User::get('id'))); $response = array('status' => '0', 'error' => Lang::txt('COM_MEDIA_ERROR_FILE_EXISTS')); echo json_encode($response); return; } elseif (!User::authorise('core.create', 'com_media')) { // File does not exist and user is not authorised to create $log->addEntry(array('comment' => 'Create not permitted: ' . $filepath . ' by user_id ' . User::get('id'))); $response = array('status' => '0', 'error' => Lang::txt('COM_MEDIA_ERROR_CREATE_NOT_PERMITTED')); echo json_encode($response); return; } $file = (array) $object_file; if (!Filesystem::upload($file['tmp_name'], $file['filepath'])) { // Error in upload $log->addEntry(array('comment' => 'Error on upload: ' . $filepath)); $response = array('status' => '0', 'error' => Lang::txt('COM_MEDIA_ERROR_UNABLE_TO_UPLOAD_FILE')); echo json_encode($response); return; } else { // Trigger the onContentAfterSave event. Event::trigger('content.onContentAfterSave', array('com_media.file', &$object_file, true)); $log->addEntry(array('comment' => $folder)); $response = array('status' => '1', 'error' => Lang::txt('COM_MEDIA_UPLOAD_COMPLETE', substr($file['filepath'], strlen(COM_MEDIA_BASE)))); echo json_encode($response); return; } } else { $response = array('status' => '0', 'error' => Lang::txt('COM_MEDIA_ERROR_BAD_REQUEST')); echo json_encode($response); return; } }
/** * Create a folder * * @param string $path Path of the folder to create * @since 1.5 */ public function create() { // Check for request forgeries Session::checkToken(['get', 'post']); $folder = Request::getCmd('foldername', ''); $folderCheck = Request::getVar('foldername', null, '', 'string', JREQUEST_ALLOWRAW); $parent = Request::getVar('folderbase', '', '', 'path'); $this->setRedirect('index.php?option=com_media&folder=' . $parent . '&tmpl=' . Request::getCmd('tmpl', 'index')); if (strlen($folder) > 0) { if (!User::authorise('core.create', 'com_media')) { // User is not authorised to delete Notify::warning(Lang::txt('JLIB_APPLICATION_ERROR_CREATE_NOT_PERMITTED')); return false; } // Set FTP credentials, if given JClientHelper::setCredentialsFromRequest('ftp'); Request::setVar('folder', $parent); if ($folderCheck !== null && $folder !== $folderCheck) { $this->setMessage(Lang::txt('COM_MEDIA_ERROR_UNABLE_TO_CREATE_FOLDER_WARNDIRNAME')); return false; } $path = \Hubzero\Filesystem\Util::normalizePath(COM_MEDIA_BASE . '/' . $parent . '/' . $folder); if (!is_dir($path) && !is_file($path)) { // Trigger the onContentBeforeSave event. $object_file = new \Hubzero\Base\Object(array('filepath' => $path)); $result = Event::trigger('content.onContentBeforeSave', array('com_media.folder', &$object_file, true)); if (in_array(false, $result, true)) { // There are some errors in the plugins Notify::warning(Lang::txts('COM_MEDIA_ERROR_BEFORE_SAVE', count($errors = $object_file->getErrors()), implode('<br />', $errors))); return false; } Filesystem::makeDirectory($path); $data = "<html>\n<body bgcolor=\"#FFFFFF\">\n</body>\n</html>"; Filesystem::write($path . "/index.html", $data); // Trigger the onContentAfterSave event. Event::trigger('content.onContentAfterSave', array('com_media.folder', &$object_file, true)); $this->setMessage(Lang::txt('COM_MEDIA_CREATE_COMPLETE', substr($path, strlen(COM_MEDIA_BASE)))); } Request::setVar('folder', $parent ? $parent . '/' . $folder : $folder); } }