function getValue($field, $source_array) { jimport('joomla.filesystem.file'); $upload_path = $field->getParam('upload_path', 'media' . DS . APP_EXTENSION . DS . 'files' . DS . $field->db_name); $allowed_extensions = explode(',', $field->getParam('file_extensions', 'jpg,gif,jpeg,png')); $delete_file = JArrayHelper::getValue($source_array, "{$field->db_name}_delete", 0, "INT"); if ($delete_file) { return ""; } $file = JRequest::getVar($field->db_name . '_replace', null, 'files'); if (!$file['name']) { $file = JRequest::getVar($field->db_name, null, 'files'); } $fname = $file['name']; if (!is_uploaded_file($file['tmp_name'])) { return null; } $ext = strtolower(JFile::getExt($fname)); if (!in_array($ext, $allowed_extensions)) { return null; } $file_name = JFile::makesafe('custom-' . trim($field->db_name) . '-' . time() . ".{$ext}"); JFile::upload($file['tmp_name'], $upload_path . DS . $file_name); return $file_name; }
function template_update_upload() { require_once JPATH_COMPONENT . DS . 'assets' . DS . 'export_helper.php'; jimport('joomla.filesystem.file'); $file = ""; $msg = ''; foreach ($_FILES as $k => $v) { // $msg .= 'key: '.$k.'<br />'; // $msg .= 'val: '.$v.'<br />'; if (strpos($k, 'uploadedupdatefile_') !== false && !empty($_FILES[$k]['name'])) { $file = $k; } } $arr = explode('_', $file); if (count($arr) > 1) { $tid = $arr[1]; if (!is_numeric($tid)) { return "Error!"; } // get previous file $ehelper = new OnepageTemplateHelper(); $tt = $ehelper->getTemplate($tid); $target_path = JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_onepage' . DS . 'export' . DS . 'templates' . DS; $newname = JFile::makesafe(basename($_FILES['uploadedupdatefile_' . $tid]['name'])); if (file_exists($target_path . $newname) && $tt['file'] != $newname) { $msg = 'Another theme is using the same filename'; } else { if (file_exists($target_path . $tt['file'])) { if (!JFile::delete($target_path . $tt['file'])) { $msg .= 'Could not remove old template file: ' . $tt['file'] . '<br />'; } } $msg .= $ehelper->updateFileName($tid, $newname); if (!empty($msg)) { //$userfile = JRequest::getVar('uploadedupdatefile_'.$tid, null, 'files'); //var_dump($userfile); die(); $target_path = $target_path . $newname; //echo $target_path.'<br />'; var_dump($_FILES); die(); if (JFile::upload($_FILES[$file]['tmp_name'], $target_path)) { $msg .= "The template file " . $newname . " has been uploaded"; } else { $msg .= "There was an error uploading the file, please try again! file: " . $newname; } } } } if (empty($msg)) { $msg = 'O.K.'; } //JFile::delete($_FILES[$file]['tmp_name']); $link = 'index.php?option=com_onepage&view=order_export'; $this->setRedirect($link, $msg); return $msg; //die('som tu'); }
/** * Upload Form * * @param string $file POST File * * @param string &$err Message Error * * @param string $settings $Setting * * @return boolean */ public static function canUpload($file, &$err, $settings) { if (empty($file['name'])) { $err = JText::_('JSN_UNIFORM_ERROR_UPLOAD_INPUT'); return false; } $params = JComponentHelper::getParams('com_media'); if (empty($settings->options->limitFileExtensions) || $settings->options->limitFileExtensions != 1) { $settings->options->allowedExtensions = $params->get('upload_extensions'); } if (empty($settings->options->limitFileSize) || $settings->options->limitFileSize != 1) { $settings->options->maxSize = $params->get('upload_maxsize'); $settings->options->maxSizeUnit = 'MB'; } jimport('joomla.filesystem.file'); if ($file['name'] !== JFile::makesafe($file['name'])) { $err = JText::_('JSN_UNIFORM_ERROR_WARNFILENAME'); return false; } $format = strtolower(JFile::getExt($file['name'])); $allowedExtensions = str_replace(" ", "", $settings->options->allowedExtensions); $allowable = explode(',', $allowedExtensions); switch ($settings->options->maxSizeUnit) { case 'KB': $uploadMaxSize = $settings->options->maxSize * 1024; break; case 'MB': $uploadMaxSize = $settings->options->maxSize * 1024 * 1024; break; case 'GB': $uploadMaxSize = $settings->options->maxSize * 1024 * 1024 * 1024; break; } if ($uploadMaxSize > (int) ini_get('upload_max_filesize') * 1024 * 1024) { if ((int) $file['size'] == 0 && (int) $file['error'] == 1 && empty($file['tmp_name'])) { $err = JText::sprintf('JSN_UNIFORM_POST_UPLOAD_SIZE', (int) ini_get('upload_max_filesize') . " MB"); return false; } } if (!in_array($format, $allowable) || in_array($format, array('php', 'phps', 'php3', 'php4', 'phtml', 'pl', 'py', 'jsp', 'asp', 'htm', 'shtml', 'sh', 'cgi', 'htaccess', 'exe', 'dll'))) { $err = JText::sprintf('JSN_UNIFORM_ERROR_WARNFILETYPE', "." . $format); return false; } if ((int) $file['size'] > $uploadMaxSize) { $err = JText::sprintf('JSN_UNIFORM_POST_UPLOAD_SIZE', $settings->options->maxSize . " " . $settings->options->maxSizeUnit); return false; } else { if ((int) $file['size'] == 0 && (int) $file['error'] == 1 && empty($file['tmp_name'])) { $err = JText::sprintf('JSN_UNIFORM_POST_UPLOAD_SIZE', $settings->options->maxSize . " " . $settings->options->maxSizeUnit); return false; } } return true; }
/** * Checks if the file can be uploaded * * @param array File information * @param string An error message to be returned * @return boolean */ public static function canUpload($file, &$err) { //$params = &JComponentHelper::getParams( 'com_media' ); $params = EasyBlogHelper::getConfig(); if (empty($file['name'])) { $err = 'COM_EASYBLOG_WARNEMPTYFILE'; return false; } jimport('joomla.filesystem.file'); if ($file['name'] !== JFile::makesafe($file['name'])) { $err = 'COM_EASYBLOG_WARNFILENAME'; return false; } $format = strtolower(JFile::getExt($file['name'])); if (!EasyImageHelper::isImage($file['name'])) { $err = 'COM_EASYBLOG_WARNINVALIDIMG'; return false; } $maxWidth = 160; $maxHeight = 160; // maxsize should get from eblog config //$maxSize = 2000000; //2MB //$maxSize = 200000; //200KB // 1 megabyte == 1048576 byte $byte = 1048576; $uploadMaxsize = (double) $params->get('main_upload_image_size', 0); $maxSize = $uploadMaxsize * $byte; if ($maxSize > 0 && (double) $file['size'] > $maxSize) { $err = 'COM_EASYBLOG_WARNFILETOOLARGE'; return false; } $user = JFactory::getUser(); $imginfo = null; if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) { $err = 'COM_EASYBLOG_WARNINVALIDIMG'; return false; } return true; }
/** * Checks if the file can be uploaded * * @param array File information * @param string An error message to be returned * @return boolean */ public static function canUpload($file, &$err) { //$params = JComponentHelper::getParams( 'com_media' ); $config = DiscussHelper::getConfig(); $maxSize = $config->get('main_upload_maxsize'); // Convert MB to B $maxSize = $maxSize * 1024 * 1024; if (empty($file['name'])) { $err = JText::_('COM_EASYDISCUSS_EMPTY_FILENAME'); return false; } jimport('joomla.filesystem.file'); if ($file['name'] !== JFile::makesafe($file['name'])) { $err = JText::_('COM_EASYDISCUSS_INVALID_FILENAME'); return false; } $format = strtolower(JFile::getExt($file['name'])); if (!DiscussImageHelper::isImage($file['name'])) { $err = JText::_('COM_EASYDISCUSS_INVALID_IMG'); return false; } $maxWidth = 160; $maxHeight = 160; // maxsize should get from eblog config //$maxSize = 2000000; //2MB //$maxSize = 200000; //200KB //$maxSize = (int) $params->get( 'main_upload_maxsize', 0 ); if ($maxSize > 0 && (int) $file['size'] > $maxSize) { $err = JText::_('COM_EASYDISCUSS_FILE_TOO_LARGE'); return false; } $user = JFactory::getUser(); $imginfo = null; if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) { $err = JText::_('COM_EASYDISCUSS_IMAGE_CORRUPT'); return false; } return true; }
/** * Checks uploaded file * * @param string $file The file name * @param string $err Set (return) the error string in it * @param string $file view 's parameters * @return string The file extension * @since 1.5 */ static function check(&$file, &$err, &$params) { if (!$params) { $params = JComponentHelper::getParams('com_flexicontent'); } if (empty($file['name'])) { $err = 'FLEXI_PLEASE_INPUT_A_FILE'; return false; } jimport('joomla.filesystem.file'); $file['altname'] = $file['name']; if ($file['name'] !== JFile::makesafe($file['name'])) { //$err = JText::_('FLEXI_WARNFILENAME').','.$file['name'].'|'.JFile::makesafe($file['name'])."<br/>"; //return false; $file['name'] = date('Y-m-d-H-i-s') . "." . flexicontent_upload::getExt($file['name']); } // *************************************** // Check if the image file type is allowed // *************************************** $format = strtolower(flexicontent_upload::getExt($file['name'])); $allowed_exts = $params->get('upload_extensions', 'bmp,csv,doc,docx,gif,ico,jpg,jpeg,odg,odp,ods,odt,pdf,png,ppt,pptx,swf,txt,xcf,xls,xlsx,zip,ics'); $allowed_exts = preg_split("/[\\s]*,[\\s]*/", $allowed_exts); foreach ($allowed_exts as $a => $allowed_ext) { $allowed_exts[$a] = strtolower($allowed_ext); } $ignored = explode(',', $params->get('ignore_extensions')); foreach ($ignored as $a => $ignored_ext) { $ignored[$a] = strtolower($ignored_ext); } if (!in_array($format, $allowed_exts) && !in_array($format, $ignored)) { $err = 'FLEXI_WARNFILETYPE'; return false; } // ************** // Check filesize // ************** $maxSize = (int) $params->get('upload_maxsize', 0); if ($maxSize > 0 && (int) $file['size'] > $maxSize) { $err = 'FLEXI_WARNFILETOOLARGE'; return false; } $imginfo = null; $images = explode(',', $params->get('image_extensions')); if ($params->get('restrict_uploads', 1)) { if (in_array($format, $images)) { // if its an image run it through getimagesize if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) { $err = 'FLEXI_WARNINVALIDIMG'; return false; } } else { if (!in_array($format, $ignored)) { // if its not an image...and we're not ignoring it $allowed_mime = explode(',', $params->get('upload_mime')); $illegal_mime = explode(',', $params->get('upload_mime_illegal')); if (function_exists('finfo_open') && $params->get('check_mime', 1)) { // We have fileinfo $finfo = finfo_open(FILEINFO_MIME); $type = finfo_file($finfo, $file['tmp_name']); if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) { $err = 'FLEXI_WARNINVALIDMIME'; return false; } finfo_close($finfo); } else { if (function_exists('mime_content_type') && $params->get('check_mime', 1)) { // we have mime magic $type = mime_content_type($file['tmp_name']); if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) { $err = 'FLEXI_WARNINVALIDMIME'; return false; } } } } } } // *************************** // Check fof XSS safe contents // *************************** $xss_check = JFile::read($file['tmp_name'], false, 256); $html_tags = array('abbr', 'acronym', 'address', 'applet', 'area', 'audioscope', 'base', 'basefont', 'bdo', 'bgsound', 'big', 'blackface', 'blink', 'blockquote', 'body', 'bq', 'br', 'button', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'comment', 'custom', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'embed', 'fieldset', 'fn', 'font', 'form', 'frame', 'frameset', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'hr', 'html', 'iframe', 'ilayer', 'img', 'input', 'ins', 'isindex', 'keygen', 'kbd', 'label', 'layer', 'legend', 'li', 'limittext', 'link', 'listing', 'map', 'marquee', 'menu', 'meta', 'multicol', 'nobr', 'noembed', 'noframes', 'noscript', 'nosmartquotes', 'object', 'ol', 'optgroup', 'option', 'param', 'plaintext', 'pre', 'rt', 'ruby', 's', 'samp', 'script', 'select', 'server', 'shadow', 'sidebar', 'small', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'title', 'tr', 'tt', 'ul', 'var', 'wbr', 'xml', 'xmp', '!DOCTYPE', '!--'); foreach ($html_tags as $tag) { // A tag is '<tagname ', so we need to add < and a space or '<tagname>' if (stristr($xss_check, '<' . $tag . ' ') || stristr($xss_check, '<' . $tag . '>')) { $err = 'FLEXI_WARNIEXSS'; return false; } } return true; }
case 2: $err = 'FILE TO LARGE THAN HTML FORM ALLOWS'; break; case 3: $err = 'ERROR PARTIAL UPLOAD'; break; case 4: return; break; // NO FILE // NO FILE default: $err = ''; break; } if (!$err) { // validation passed, move the file $fileTemp = $_FILES[$fieldName]['tmp_name']; $newFileName = JFile::makesafe($_FILES[$fieldName]['name']); $uploadPath = $folder . '/' . $newFileName; if (!JFile::upload($fileTemp, $uploadPath)) { $err = 'ERROR MOVING FILE'; } } if ($err) { // Error found $lang = JFactory::getLanguage(); $lang->load('com_media'); echo '<strong style="color:#ff0000">ERROR: ' . JText::_($err) . '</strong>'; } }
function getVM2en() { $this->flushTable(); $tr_from = JRequest::getVar('tr_fromlang', 'en-GB'); $to = JRequest::getVar('tr_tolang', 'en-GB'); $tr_type = JRequest::getVar('tr_type', 'site'); $xt = JRequest::getVar('tr_ext', ''); //echo $xt; //die('x:'.rand()); if (empty($xt)) { JRequest::setVar('format', 'html'); return; } $xt = str_replace('.ini', '', $xt); jimport('joomla.filesystem.folder'); jimport('joomla.filesystem.file'); $tr_type = JFile::makesafe($tr_type); $xt = JFile::makesafe($xt); $to = JFile::makesafe($to); $tr_from = JFile::makesafe($tr_from); $arr1 = $this->getIni($tr_from, $tr_type, $xt); $arr2 = $this->getIni($to, $tr_type, $xt); $arr2o = unserialize(serialize($arr2)); // get rid of the reference $arr1o = unserialize(serialize($arr1)); if (!empty($arr2o)) { foreach ($arr2o as $k => $a2) { // if sk['text'] en['text'] = sk['text'] if (!empty($arr2[$k])) { $arr1[$k] = $arr2[$k]; } if (!empty($arr3[$k])) { $arr2[$k] = $arr3[$k]; $arr1[$k] = $arr3[$k]; } } } else { // translat to file does not exists /* foreach ($arr1o as $k=>$a2) { //var_dump($arr1o); //var_dump($arr3); die(); if (!empty($arr3[$k])) { $arr2[$k] = $arr3[$k]; //$arr1[$k] = $arr3[$k]; } } */ //die(); } $user = JFactory::getUser(); $username = $user->username; if (!$this->checkDB($xt, $tr_type, $tr_from)) { $this->fillDB($xt, $tr_type, $tr_from, $arr1, $username); $this->getTranlations($xt, $tr_type, $tr_from, $arr1); } else { $this->getTranlations($xt, $tr_type, $tr_from, $arr1); } $ret[$tr_type][$tr_from] = $arr1; $arr2 = $this->getIni($to, $tr_type, $xt); // if absolutely no language file exists for target language if (empty($arr2)) { $arr2 = $this->getIni($tr_from, $tr_type, $xt); } // we need to check if it contains at least the same fields as the original language foreach ($arr1o as $kk => $vv) { if (!is_array($vv)) { if (!isset($arr2[$kk])) { $arr2[$kk] = $vv; } } } // vm2.0.22+ new lang files: if (stripos($xt, 'com_virtuemart') !== false) { $arr3 = $this->getIni($to, $tr_type, 'com_virtuemart'); } foreach ($arr1o as $k => $a2) { //var_dump($arr1o); //var_dump($arr3); die(); if (!empty($arr3[$k])) { $arr2[$k] = $arr3[$k]; //$arr1[$k] = $arr3[$k]; } } unset($arr1); if (!$this->checkDB($xt, $tr_type, $to)) { $this->fillDB($xt, $tr_type, $to, $arr2, $username); $this->getTranlations($xt, $tr_type, $to, $arr2, $arr1o); unset($arr1o); } else { $this->getTranlations($xt, $tr_type, $to, $arr2, $arr1o); unset($arr1o); } // ret['site']['to_language'] = ... $ret[$tr_type][$to] = $arr2; unset($arr2); //var_dump($ret); die(); return $ret; }
/** * Checks if the file can be uploaded * * @param array File information * @param string An error message to be returned * @return boolean */ public static function canUpload($file, &$err) { $params = JComponentHelper::getParams('com_media'); if (empty($file['name'])) { $err = 'COM_MEDIA_ERROR_UPLOAD_INPUT'; return false; } jimport('joomla.filesystem.file'); if ($file['name'] !== JFile::makesafe($file['name'])) { $err = 'COM_MEDIA_ERROR_WARNFILENAME'; return false; } $format = strtolower(JFile::getExt($file['name'])); // Media file names should never have executable extensions buried in them. $executable = array('php', 'js', 'exe', 'phtml', 'java', 'perl', 'py', 'asp', 'dll', 'go', 'ade', 'adp', 'bat', 'chm', 'cmd', 'com', 'cpl', 'hta', 'ins', 'isp', 'jse', 'lib', 'mde', 'msc', 'msp', 'mst', 'pif', 'scr', 'sct', 'shb', 'sys', 'vb', 'vbe', 'vbs', 'vxd', 'wsc', 'wsf', 'wsh'); $explodedFileName = explode('.', $file['name']); if (count($explodedFileName > 2)) { foreach ($executable as $extensionName) { if (in_array($extensionName, $explodedFileName)) { $app->enqueueMessage(JText::_('JLIB_MEDIA_ERROR_WARNFILETYPE'), 'notice'); return false; } } } $allowable = explode(',', $params->get('upload_extensions')); $ignored = explode(',', $params->get('ignore_extensions')); if ($format == '' || $format == false || !in_array($format, $allowable) && !in_array($format, $ignored)) { $err = 'COM_MEDIA_ERROR_WARNFILETYPE'; return false; } $maxSize = (int) ($params->get('upload_maxsize', 0) * 1024 * 1024); if ($maxSize > 0 && (int) $file['size'] > $maxSize) { $err = 'COM_MEDIA_ERROR_WARNFILETOOLARGE'; return false; } $user = JFactory::getUser(); $imginfo = null; if ($params->get('restrict_uploads', 1)) { $images = explode(',', $params->get('image_extensions')); if (in_array($format, $images)) { // if its an image run it through getimagesize // if tmp_name is empty, then the file was bigger than the PHP limit if (!empty($file['tmp_name'])) { if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) { $err = 'COM_MEDIA_ERROR_WARNINVALID_IMG'; return false; } } else { $err = 'COM_MEDIA_ERROR_WARNFILETOOLARGE'; return false; } } elseif (!in_array($format, $ignored)) { // if its not an image...and we're not ignoring it $allowed_mime = explode(',', $params->get('upload_mime')); $illegal_mime = explode(',', $params->get('upload_mime_illegal')); if (function_exists('finfo_open') && $params->get('check_mime', 1)) { // We have fileinfo $finfo = finfo_open(FILEINFO_MIME); $type = finfo_file($finfo, $file['tmp_name']); if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) { $err = 'COM_MEDIA_ERROR_WARNINVALID_MIME'; return false; } finfo_close($finfo); } elseif (function_exists('mime_content_type') && $params->get('check_mime', 1)) { // we have mime magic $type = mime_content_type($file['tmp_name']); if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) { $err = 'COM_MEDIA_ERROR_WARNINVALID_MIME'; return false; } } elseif (!$user->authorise('core.manage')) { $err = 'COM_MEDIA_ERROR_WARNNOTADMIN'; return false; } } } $xss_check = JFile::read($file['tmp_name'], false, 256); $html_tags = array('abbr', 'acronym', 'address', 'applet', 'area', 'audioscope', 'base', 'basefont', 'bdo', 'bgsound', 'big', 'blackface', 'blink', 'blockquote', 'body', 'bq', 'br', 'button', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'comment', 'custom', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'embed', 'fieldset', 'fn', 'font', 'form', 'frame', 'frameset', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'hr', 'html', 'iframe', 'ilayer', 'img', 'input', 'ins', 'isindex', 'keygen', 'kbd', 'label', 'layer', 'legend', 'li', 'limittext', 'link', 'listing', 'map', 'marquee', 'menu', 'meta', 'multicol', 'nobr', 'noembed', 'noframes', 'noscript', 'nosmartquotes', 'object', 'ol', 'optgroup', 'option', 'param', 'plaintext', 'pre', 'rt', 'ruby', 's', 'samp', 'script', 'select', 'server', 'shadow', 'sidebar', 'small', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'title', 'tr', 'tt', 'ul', 'var', 'wbr', 'xml', 'xmp', '!DOCTYPE', '!--'); foreach ($html_tags as $tag) { // A tag is '<tagname ', so we need to add < and a space or '<tagname>' if (stristr($xss_check, '<' . $tag . ' ') || stristr($xss_check, '<' . $tag . '>')) { $err = 'COM_MEDIA_ERROR_WARNIEXSS'; return false; } } return true; }
/** * function_description * * @return boolean */ function saveFile() { $mainframe = JFactory::getApplication(); jimport('joomla.filesystem.file'); jimport('joomla.filesystem.folder'); $db = JFactory::getDBO(); $user = JFactory::getUser(); $cache = JFactory::getCache('com_jtg'); // Get the post data $catid = JFactory::getApplication()->input->get('catid', null, 'array'); $catid = $catid ? implode(',', $catid) : ''; $level = JFactory::getApplication()->input->get('level', 0, 'integer'); $title = JFactory::getApplication()->input->get('title', '', 'string'); $terrain = JFactory::getApplication()->input->get('terrain', null, 'array'); $terrain = $terrain ? implode(', ', $terrain) : ''; $desc = $db->escape(implode(' ', JFactory::getApplication()->input->get('description', '', 'array'))); $file = JFactory::getApplication()->input->files->get('file'); $uid = $user->get('id'); $date = date("Y-m-d"); $jInput = JFactory::getApplication()->input; $jFileInput = new jInput($_FILES); $images = $jFileInput->get('images', array(), 'array'); $access = JRequest::getInt('access', 0); $hidden = JRequest::getInt('hidden', 0); $published = JRequest::getInt('published', 0); // Upload the file $upload_dir = JPATH_SITE . '/images/jtrackgallery/uploaded_tracks/'; $filename = strtolower(JFile::makeSafe($file['name'])); $newfile = $upload_dir . strtolower($filename); if (JFile::exists($newfile)) { $alert_text = json_encode(JText::sprintf("COM_JTG_FILE_ALREADY_EXISTS", $filename)); die("<script type='text/javascript' charset='UTF-8'>alert({$alert_text});window.history.back(-1);</script>"); } if (!JFile::upload($file['tmp_name'], $newfile)) { $alert_text = json_encode(JText::_('COM_JTG_UPLOAD_FAILS')); die("<script type='text/javascript'>alert({$alert_text});window.history.back(-1);</script>"); } else { chmod($newfile, 0777); } // Get the start coordinates.. // Default unit $gpsData = new GpsDataClass("Kilometer"); $gpsData = $cache->get(array($gpsData, 'loadFileAndData'), array($newfile, strtolower($filename)), "Kilometer"); $errors = $gpsData->displayErrors(); if ($errors) { $map = ""; $coords = ""; $distance_float = 0; $distance = 0; // Try to delete the file if (JFile::exists($upload_dir . strtolower($filename))) { JFile::delete($upload_dir . strtolower($filename)); } $alert_text = json_encode(JText::_('COM_JTG_NO_SUPPORT') . '\\n' . $errors); echo "<script type='text/javascript'>alert({$alert_text});window.history.back(-1);</script>"; exit; } $start_n = $gpsData->start[1]; $start_e = $gpsData->start[0]; $coords = $gpsData->allCoords; $isTrack = $gpsData->isTrack; $isWaypoint = $gpsData->isWaypoint; $isRoute = 0; $isCache = 0; $distance = $gpsData->distance; $query = "INSERT INTO #__jtg_files SET" . "\n uid='" . $uid . "'," . "\n catid='" . $catid . "'," . "\n title='" . $title . "'," . "\n file='" . strtolower($filename) . "'," . "\n terrain='" . $terrain . "'," . "\n description='" . $desc . "'," . "\n published='" . $published . "'," . "\n date='" . $date . "'," . "\n start_n='" . $start_n . "'," . "\n start_e='" . $start_e . "'," . "\n distance='" . $distance . "'," . "\n ele_asc='" . round($gpsData->totalAscent, 0) . "'," . "\n ele_desc='" . round($gpsData->totalDescent, 0) . "'," . "\n level='" . $level . "'," . "\n access='" . $access . "'," . "\n hidden='" . $hidden . "'," . "\n istrack='" . $isTrack . "'," . "\n iswp='" . $isWaypoint . "'," . "\n isroute='" . $isRoute . "'," . "\n iscache='" . $isCache . "'"; $db->setQuery($query); $db->execute(); if ($db->getErrorNum()) { echo $db->stderr(); return false; } $query = "SELECT id FROM #__jtg_files WHERE file='" . strtolower($filename) . "'"; $db->setQuery($query); $rows = $db->loadObject(); // Images upload part $cfg = JtgHelper::getConfig(); $types = explode(',', $cfg->type); if (count($images) > 0) { $img_dir = JPATH_SITE . '/images/jtrackgallery/uploaded_tracks_images/track_' . $rows->id . '/'; JFolder::create($img_dir, 0777); foreach ($images['name'] as $key => $value) { if ($value != "") { $imgfilename = JFile::makesafe($value); $ext = JFile::getExt($images['name'][$key]); if (in_array(strtolower($ext), $types)) { JtgHelper::createimageandthumbs($images['tmp_name'][$key], $ext, $img_dir, $imgfilename); } } } } return true; }
function getPhpExportThemes() { $path = JPATH_SITE . DS . 'components' . DS . 'com_onepage' . DS . 'xmlexport' . DS . 'php'; if (!file_exists($path)) { return array(); } jimport('joomla.filesystem.folder'); jimport('joomla.filesystem.file'); $files = JFolder::files($path, $filter = '.php', false, true); $arr = array(); foreach ($files as $f) { $pi = pathinfo($f); $file = $pi['filename']; $jf = JFile::makesafe($file); // security here: if ($jf != $file) { continue; } $path = JPATH_SITE . DS . 'components' . DS . 'com_onepage' . DS . 'xmlexport' . DS . 'php' . DS . $file . '.xml'; if (!file_exists($path)) { continue; } $arr[] = $file; } return $arr; }
/** * can Upload * * @param array $file * @param string $errorUploadMsg * @param int $frontEnd - if it is called from frontend or backend (1 - category view, 2 user control panel) * @param boolean $chunkMethod - if chunk method is used (multiple upload) then there are special rules * @param string $realSize - if chunk method is used we get info about real size of file (not only the part) * @return boolean True on success * @since 1.5 */ public static function canUpload($file, &$errUploadMsg, $frontEnd = 0, $chunkEnabled = 0, $realSize = 0) { $params = JComponentHelper::getParams('com_phocagallery'); $paramsL = array(); $paramsL['upload_extensions'] = 'gif,jpg,png,jpeg'; $paramsL['image_extensions'] = 'gif,jpg,png,jpeg'; $paramsL['upload_mime'] = 'image/jpeg,image/gif,image/png'; $paramsL['upload_mime_illegal'] = 'application/x-shockwave-flash,application/msword,application/excel,application/pdf,application/powerpoint,text/plain,application/x-zip,text/html'; // The file doesn't exist if (empty($file['name'])) { $errUploadMsg = 'COM_PHOCAGALLERY_ERROR_UNABLE_TO_UPLOAD_FILE'; return false; } // Not safe file jimport('joomla.filesystem.file'); if ($file['name'] !== JFile::makesafe($file['name'])) { $errUploadMsg = 'COM_PHOCAGALLERY_WARNING_FILENAME'; return false; } $format = strtolower(JFile::getExt($file['name'])); // Allowable extension $allowable = explode(',', $paramsL['upload_extensions']); if ($format == '' || $format == false || !in_array($format, $allowable)) { //if (!in_array($format, $allowable)) { $errUploadMsg = 'COM_PHOCAGALLERY_WARNING_FILETYPE'; return false; } // 'COM_PHOCAGALLERY_MAX_RESOLUTION' $imgSize = PhocaGalleryImage::getImageSize($file['tmp_name']); $maxResWidth = $params->get('upload_maxres_width', 3072); $maxResHeight = $params->get('upload_maxres_height', 2304); if ((int) $maxResWidth > 0 && (int) $maxResHeight > 0 && ((int) $imgSize[0] > (int) $maxResWidth || (int) $imgSize[1] > (int) $maxResHeight)) { $errUploadMsg = 'COM_PHOCAGALLERY_WARNING_FILE_TOOLARGE_RESOLUTION'; return false; } // User (only in ucp) - Check the size of all images by users if ($frontEnd == 2) { $user = JFactory::getUser(); $maxUserImageSize = (int) $params->get('user_images_max_size', 20971520); if ($chunkEnabled == 1) { $fileSize = $realSize; } else { $fileSize = $file['size']; } $allFileSize = PhocaGalleryFileUploadFront::getSizeAllOriginalImages($fileSize, $user->id); if ((int) $maxUserImageSize > 0 && (int) $allFileSize > $maxUserImageSize) { $errUploadMsg = JText::_('COM_PHOCAGALLERY_WARNING_USERIMAGES_TOOLARGE'); return false; } } // Max size of image // If chunk method is used, we need to get computed size $maxSize = $params->get('upload_maxsize', 3145728); if ($chunkEnabled == 1) { if ((int) $maxSize > 0 && (int) $realSize > (int) $maxSize) { $errUploadMsg = 'COM_PHOCAGALLERY_WARNING_FILE_TOOLARGE'; return false; } } else { if ((int) $maxSize > 0 && (int) $file['size'] > (int) $maxSize) { $errUploadMsg = 'COM_PHOCAGALLERY_WARNING_FILE_TOOLARGE'; return false; } } $user = JFactory::getUser(); $imginfo = null; // Image check $images = explode(',', $paramsL['image_extensions']); if (in_array($format, $images)) { // if its an image run it through getimagesize if ($chunkEnabled != 1) { if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) { $errUploadMsg = 'COM_PHOCAGALLERY_WARNING_INVALIDIMG'; return false; } } } else { if (!in_array($format, $images)) { // if its not an image...and we're not ignoring it $allowed_mime = explode(',', $paramsL['upload_mime']); $illegal_mime = explode(',', $paramsL['upload_mime_illegal']); if (function_exists('finfo_open')) { // We have fileinfo $finfo = finfo_open(FILEINFO_MIME); $type = finfo_file($finfo, $file['tmp_name']); if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) { $errUploadMsg = 'COM_PHOCAGALLERY_WARNING_INVALIDMIME'; return false; } finfo_close($finfo); } else { if (function_exists('mime_content_type')) { // we have mime magic $type = mime_content_type($file['tmp_name']); if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) { $errUploadMsg = 'COM_PHOCAGALLERY_WARNING_INVALIDMIME'; return false; } } } /* else if(!$user->authorize( 'login', 'administrator' )) { $errUploadMsg = = 'WARNNOTADMIN'; return false; }*/ } } // XSS Check $xss_check = JFile::read($file['tmp_name'], false, 256); $html_tags = array('abbr', 'acronym', 'address', 'applet', 'area', 'audioscope', 'base', 'basefont', 'bdo', 'bgsound', 'big', 'blackface', 'blink', 'blockquote', 'body', 'bq', 'br', 'button', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'comment', 'custom', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'embed', 'fieldset', 'fn', 'font', 'form', 'frame', 'frameset', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'hr', 'html', 'iframe', 'ilayer', 'img', 'input', 'ins', 'isindex', 'keygen', 'kbd', 'label', 'layer', 'legend', 'li', 'limittext', 'link', 'listing', 'map', 'marquee', 'menu', 'meta', 'multicol', 'nobr', 'noembed', 'noframes', 'noscript', 'nosmartquotes', 'object', 'ol', 'optgroup', 'option', 'param', 'plaintext', 'pre', 'rt', 'ruby', 's', 'samp', 'script', 'select', 'server', 'shadow', 'sidebar', 'small', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'title', 'tr', 'tt', 'ul', 'var', 'wbr', 'xml', 'xmp', '!DOCTYPE', '!--'); foreach ($html_tags as $tag) { // A tag is '<tagname ', so we need to add < and a space or '<tagname>' if (stristr($xss_check, '<' . $tag . ' ') || stristr($xss_check, '<' . $tag . '>')) { $errUploadMsg = 'COM_PHOCAGALLERY_WARNING_IEXSS'; return false; } } return true; }
public static function canUpload( $file, &$err, $manager = '', $frontEnd = 0, $chunkEnabled = 0, $realSize = 0) { $paramsC = JComponentHelper::getParams( 'com_phocadownload' ); if ($frontEnd == 1) { $aft = $paramsC->get( 'allowed_file_types_upload', PhocaDownloadSettings::getDefaultAllowedMimeTypesUpload() ); $dft = $paramsC->get( 'disallowed_file_types_upload', '' ); $allowedMimeType = PhocaDownloadFile::getMimeTypeString($aft); $disallowedMimeType = PhocaDownloadFile::getMimeTypeString($dft); $ignoreUploadCh = 0; $ignoreUploadCheck = $params->get( 'ignore_file_types_check', 2 ); if ($ignoreUploadCheck == 1 || $ignoreUploadCheck == 4 ) { $ignoreUploadCh = 1; } } else { $aft = $paramsC->get( 'allowed_file_types_download', PhocaDownloadSettings::getDefaultAllowedMimeTypesDownload() ); $dft = $paramsC->get( 'disallowed_file_types_download', '' ); $allowedMimeType = PhocaDownloadFile::getMimeTypeString($aft); $disallowedMimeType = PhocaDownloadFile::getMimeTypeString($dft); $ignoreUploadCh = 0; $ignoreUploadCheck = $paramsC->get( 'ignore_file_types_check', 2 ); if ($ignoreUploadCheck == 5 || $ignoreUploadCheck == 5 ) { $ignoreUploadCh = 1; } } $paramsL = array(); $group = PhocaDownloadSettings::getManagerGroup($manager); if ($group['f'] == 2) { $paramsL['upload_extensions'] = 'gif,jpg,png,jpeg'; $paramsL['image_extensions'] = 'gif,jpg,png,jpeg'; $paramsL['upload_mime'] = 'image/jpeg,image/gif,image/png'; $paramsL['upload_mime_illegal'] ='application/x-shockwave-flash,application/msword,application/excel,application/pdf,application/powerpoint,text/plain,application/x-zip,text/html'; $paramsL['upload_ext_illegal'] = $disallowedMimeType['ext']; } else { $paramsL['upload_extensions'] = $allowedMimeType['ext']; $paramsL['image_extensions'] = 'bmp,gif,jpg,png,jpeg'; $paramsL['upload_mime'] = $allowedMimeType['mime']; $paramsL['upload_mime_illegal'] = $disallowedMimeType['mime']; $paramsL['upload_ext_illegal'] = $disallowedMimeType['ext']; } // The file doesn't exist if(empty($file['name'])) { $err = 'COM_PHOCADOWNLOAD_WARNING_INPUT_FILE_UPLOAD'; return false; } // Not safe file jimport('joomla.filesystem.file'); if ($file['name'] !== JFile::makesafe($file['name'])) { $err = 'COM_PHOCADOWNLOAD_WARNFILENAME'; return false; } $format = strtolower(JFile::getExt($file['name'])); if ($ignoreUploadCh == 1) { } else { $allowable = explode( ',', $paramsL['upload_extensions']); $notAllowable = explode( ',', $paramsL['upload_ext_illegal']); if(in_array($format, $notAllowable)) { $err = 'COM_PHOCADOWNLOAD_WARNFILETYPE_DISALLOWED'; return false; } //if (!in_array($format, $allowable)) { if ($format == '' || $format == false || (!in_array($format, $allowable))) { $err = 'COM_PHOCADOWNLOAD_WARNFILETYPE_NOT_ALLOWED'; return false; } } // Max size of image // If chunk method is used, we need to get computed size $maxSize = $paramsC->get( 'upload_maxsize', 3145728 ); if ((int)$frontEnd > 0) { $maxSize = $paramsC->get( 'user_file_upload_size', 3145728 ); } else { $maxSize = $paramsC->get( 'upload_maxsize', 3145728 ); } if ($chunkEnabled == 1) { if ((int)$maxSize > 0 && (int)$realSize > (int)$maxSize) { $err = 'COM_PHOCADOWNLOAD_WARNFILETOOLARGE'; return false; } } else { if ((int)$maxSize > 0 && (int)$file['size'] > (int)$maxSize) { $err = 'COM_PHOCADOWNLOAD_WARNFILETOOLARGE'; return false; } } // User (only in ucp) - Check the size of all files by users if ($frontEnd == 2) { $user = JFactory::getUser(); $maxUserUploadSize = (int)$paramsC->get( 'user_files_max_size', 20971520 ); $maxUserUploadCount = (int)$paramsC->get( 'user_files_max_count', 5 ); $allFile = PhocaDownloadUser:: getUserFileInfo($file, $user->id); if ($chunkEnabled == 1) { $fileSize = $realSize; } else { $fileSize = $file['size']; } if ((int)$maxUserUploadSize > 0 && (int) $allFile['size'] > $maxUserUploadSize) { $err = JText::_('COM_PHOCADOWNLOAD_WARNUSERFILESTOOLARGE'); return false; } if ((int) $allFile['count'] > $maxUserUploadCount) { $err = JText::_('COM_PHOCADOWNLOAD_WARNUSERFILESTOOMUCH'); return false; } } // Image check $imginfo = null; $images = explode( ',', $paramsL['image_extensions']); if(in_array($format, $images)) { // if its an image run it through getimagesize $group = PhocaDownloadSettings::getManagerGroup($manager); if($group['i'] == 1) { if ($chunkEnabled != 1) { if(($imginfo = getimagesize($file['tmp_name'])) === FALSE) { $err = 'COM_PHOCADOWNLOAD_WARNINVALIDIMG'; $err = $imginfo[0]; return false; } } } } else if(!in_array($format, $images)) { // if its not an image...and we're not ignoring it $allowed_mime = explode(',', $paramsL['upload_mime']); $illegal_mime = explode(',', $paramsL['upload_mime_illegal']); if(function_exists('finfo_open')) {// We have fileinfo $finfo = finfo_open(FILEINFO_MIME); $type = finfo_file($finfo, $file['tmp_name']); if(strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) { $err = 'COM_PHOCADOWNLOAD_WARNINVALIDMIME'; return false; } finfo_close($finfo); } else if(function_exists('mime_content_type')) { // we have mime magic $type = mime_content_type($file['tmp_name']); if(strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) { $err = 'COM_PHOCADOWNLOAD_WARNINVALIDMIME'; return false; } } } // XSS Check $xss_check = JFile::read($file['tmp_name'],false,256); $html_tags = PhocaDownloadSettings::getHTMLTagsUpload(); foreach($html_tags as $tag) { // A tag is '<tagname ', so we need to add < and a space or '<tagname>' if(stristr($xss_check, '<'.$tag.' ') || stristr($xss_check, '<'.$tag.'>')) { $err = 'COM_PHOCADOWNLOAD_WARNIEXSS'; return false; } } return true; }
function prepareDirectory($tid) { jimport('joomla.filesystem.file'); $tname = $tid; $tname = JFile::makesafe($tname); $ex = JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_onepage' . DS . 'export' . DS; $exf = $ex . $tname; if (file_exists($exf)) { return $exf; } else { JFolder::create($exf); JFile::copy($ex . '.htaccess', $exf . DS . '.htaccess'); return $exf; } }
function template_update_upload() { return false; jimport('joomla.filesystem.file'); $file = ""; $msg = ''; foreach ($_FILES as $k => $v) { // $msg .= 'key: '.$k.'<br />'; // $msg .= 'val: '.$v.'<br />'; if (strpos($k, 'uploadedupdatefile_') !== false && !empty($_FILES[$k]['name'])) { $file = $k; } } $arr = explode('_', $file); if (count($arr) > 1) { $tid = $arr[1]; if (!is_numeric($tid)) { return "Error!"; } // get previous file $ehelper = new OnepageTemplateHelper(); $tt = $ehelper->getTemplate($tid); $target_path = JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_onepage' . DS . 'export' . DS; if (file_exists($target_path . $tt['file'])) { if (!JFile::delete($target_path . $tt['file'])) { $msg .= 'Could not remove old template file: ' . $tt['file']; } } $newname = JFile::makesafe(basename($_FILES['uploadedupdatefile_' . $tid]['name'])); $msg .= $ehelper->updateFileName($tid, $newname); //$userfile = JRequest::getVar('uploadedupdatefile_'.$tid, null, 'files'); //var_dump($userfile); die(); $target_path = $target_path . $newname; if (JFile::upload($_FILES[$file]['tmp_name'], $target_path)) { $msg .= "The template file " . $newname . " has been uploaded"; } else { $msg .= "There was an error uploading the file, please try again! file: " . $newname; } } else { $msg .= "There was an error uploading the file, please try again! "; } return $msg; }
/** * Checks if the file can be uploaded * * @param array File information * @param string An error message to be returned * * @return boolean * @since Joomla 1.6 */ public function canUpload($file, &$err, $maxfilesize, $allowedextensions) { if (empty($file['name'])) { $err = 'COM_VISFORMS_ERROR_UPLOAD_INPUT'; return false; } jimport('joomla.filesystem.file'); if ($file['name'] !== JFile::makesafe($file['name'])) { $err = 'COM_VISFORMS_ERROR_WARNFILENAME'; return false; } $format = strtolower(JFile::getExt($file['name'])); $allowable = explode(',', $allowedextensions); if ($format == '' || $format == false || !in_array($format, $allowable)) { $err = 'COM_VISFORMS_ERROR_WARNFILETYPE'; return false; } $maxSize = (int) ($maxfilesize * 1024); if ($maxSize > 0 && (int) $file['size'] > $maxSize) { $err = 'COM_VISFORMS_ERROR_WARNFILETOOLARGE'; return false; } $imginfo = null; $images = explode(',', "bmp,gif,jpg,jpeg,png"); if (in_array($format, $images)) { // if its an image run it through getimagesize // if tmp_name is empty, then the file was bigger than the PHP limit if (!empty($file['tmp_name'])) { if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) { $err = 'COM_VISFORMS_ERROR_WARNINVALID_IMG'; return false; } } else { $err = 'COM_VISFORMS_ERROR_WARNFILETOOLARGE'; return false; } } $xss_check = JFile::read($file['tmp_name'], false, 256); $html_tags = array('abbr', 'acronym', 'address', 'applet', 'area', 'audioscope', 'base', 'basefont', 'bdo', 'bgsound', 'big', 'blackface', 'blink', 'blockquote', 'body', 'bq', 'br', 'button', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'comment', 'custom', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'embed', 'fieldset', 'fn', 'font', 'form', 'frame', 'frameset', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'hr', 'html', 'iframe', 'ilayer', 'img', 'input', 'ins', 'isindex', 'keygen', 'kbd', 'label', 'layer', 'legend', 'li', 'limittext', 'link', 'listing', 'map', 'marquee', 'menu', 'meta', 'multicol', 'nobr', 'noembed', 'noframes', 'noscript', 'nosmartquotes', 'object', 'ol', 'optgroup', 'option', 'param', 'plaintext', 'pre', 'rt', 'ruby', 's', 'samp', 'script', 'select', 'server', 'shadow', 'sidebar', 'small', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'title', 'tr', 'tt', 'ul', 'var', 'wbr', 'xml', 'xmp', '!DOCTYPE', '!--'); foreach ($html_tags as $tag) { // A tag is '<tagname ', so we need to add < and a space or '<tagname>' if (stristr($xss_check, '<' . $tag . ' ') || stristr($xss_check, '<' . $tag . '>')) { $err = 'COM_VISFORMS_ERROR_WARNIEXSS'; return false; } } return true; }
/** * @brief Valida que el archivo dado sea un archivo valido, comprobandolo * con las opciones configuradas para subir archivos a la \a media. * * El codigo es tomado del Joomla y ajustado a las necesidades y requerimientos * actuales. * @param string $file Ruta del archivo a analizar. * @param bool $only_image Indica si se debe realizar una validación general o solo para imagenes. * @return array */ function isValidFile($file, $only_image = false) { jimport('joomla.filesystem.file'); $media =& JComponentHelper::getParams('com_media'); $filename = JFile::getName($file); if ($filename !== JFile::makesafe($filename)) { return array('error' => JText::_('NAMENOSURE')); } $format = strtolower(JFile::getExt($file)); $allowable = explode(',', $media->get('upload_extensions')); $ignored = explode(',', $media->get('ignore_extensions')); if (!in_array($format, $allowable) && !in_array($format, $ignored)) { return array('error' => JText::_('FILETYPEISNOVALID')); } if ($media->get('restrict_uploads', 1) || $only_image) { $images = explode(',', $media->get('image_extensions')); if (in_array($format, $images) || $only_image) { if (($imginfo = getimagesize($file)) === false) { return array('error' => JText::_('FILEISNOTIMAGE')); } } else { if (!in_array($format, $ignored)) { $allowed_mime = explode(',', $media->get('upload_mime')); $illegal_mime = explode(',', $media->get('upload_mime_illegal')); if (function_exists('finfo_open') && $media->get('check_mime', 1)) { $finfo = finfo_open(FILEINFO_MIME); $type = finfo_file($finfo, $file); if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) { return array('error' => JText::_('WARNINVALIDMIME')); } finfo_close($finfo); } else { if (function_exists('mime_content_type') && $media->get('check_mime', 1)) { $type = mime_content_type($file); if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) { return array('error' => JText::_('WARNINVALIDMIME')); } } } } } } return array('success' => true); }
private function putfile() { require_once JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_onepage' . DS . 'assets' . DS . 'export_helper.php'; $ehelper = new OnepageTemplateHelper(); // no direct access // POST: tid, localid, file, hash, $tid = JRequest::getVar('tid'); $localid = JRequest::getVar('localid'); //$ehelper->setStatus($tid, $localid, 'RECEIVING'); $hash = JRequest::getVar('hash'); $hash2 = $ehelper->getFileHash($tid); $eitem = $ehelper->getExportItem($tid, $localid); $tt = $ehelper->getTemplate($tid); jimport('joomla.filesystem.file'); $tname = $tid; $tname = JFile::makesafe($tname); $ex = JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_onepage' . DS . 'export' . DS; $exf = $ex . $tname; if (empty($_FILES)) { JFactory::getApplication()->close(); } if (strtolower($hash) == $hash2 && is_numeric($tid)) { $ehelper->prepareDirectory($tid); // here we should have autoincrement value instead of order id=local id $fileName = $_FILES['file_contents']['name']; $fileTemp = $_FILES['file_contents']['tmp_name']; $num = $eitem['ai']; if (!isset($num)) { $num = $localid; } else { $num = $num; } if (is_numeric($num)) { $num = $ehelper->addZeros($num, 4); } $tn = JFile::makesafe($tt['tid_name']); $path = $exf . DS . $num . '_' . $tn . '.pdf'; $path = $ehelper->getFileName2Save($tid, $localid); if (file_exists($path)) { $xt = rand(); JFile::move($path, $path . '_history_' . $xt . '.bck'); //JFile::delete($path); } if (!JFile::upload($fileTemp, $path)) { $ehelper->setStatus($tid, $localid, 'ERROR'); echo 'Error saving file!'; //JFile::write($exf.DS.'log'.DS.'log.txt', var_export($fileTemp, true)); } else { //echo 'Saving data: '.$tid.' '.$localid.' '.$path; // here we can send it to a customer $tt = $ehelper->getTemplate($tid); if ($ehelper->getStatus($tid, $localid) == 'AUTOPROCESSING') { if (!empty($tt['tid_autocreate']) && !empty($tt['tid_email'])) { $ehelper->setStatus($tid, $localid, 'CREATED', urlencode($path)); ob_start(); $ehelper->sendMail($tid, $localid, false); $x = ob_get_clean(); //JFile::write($exf.DS.'log'.DS.'log.txt', 'sending mail'.$x); //$ehelper->syntaxError(); } } $ehelper->setStatus($tid, $localid, 'CREATED', urlencode($path)); echo 'File Saved OK!'; } //file_put_contents($exf.DS.$localid.'_'.$tname.'.pdf', $file); /* else { echo 'ERROR: Nothing to save!'; } */ JFactory::getApplication()->close(); } else { JFile::write($exf . DS . 'log' . DS . 'log.txt', 'secret not equal'); $ehelper->setStatus($tid, $localid, 'ERROR'); echo 'Secret not equal !'; JFactory::getApplication()->close(); } }
function newMediaObject($blogid, $username, $password, $file) { jimport('joomla.utilities.error'); jimport('joomla.filesystem.file'); jimport('joomla.filesystem.folder'); global $xmlrpcerruser, $xmlrpcI4, $xmlrpcInt, $xmlrpcBoolean, $xmlrpcDouble, $xmlrpcString, $xmlrpcDateTime, $xmlrpcBase64, $xmlrpcArray, $xmlrpcStruct, $xmlrpcValue; EasyBlogXMLRPCHelper::loginUser($username, $password); $user = JUser::getInstance($username); $acl = EasyBlogACLHelper::getRuleSet($user->id); if (empty($acl->rules->upload_image)) { return new xmlrpcresp(0, $xmlrpcerruser + 2, JText::_('YOU DO NOT HAVE IMAGE UPLOAD RIGHT')); } $config = EasyBlogHelper::getConfig(); $main_image_path = $config->get('main_image_path'); $main_image_path = rtrim($main_image_path, '/'); $rel_upload_path = $main_image_path . '/' . $user->id; $userUploadPath = JPATH_ROOT . DIRECTORY_SEPARATOR . str_ireplace('/', DIRECTORY_SEPARATOR, $main_image_path . DIRECTORY_SEPARATOR . $user->id); $folder = JPath::clean($userUploadPath); $dir = $userUploadPath . DIRECTORY_SEPARATOR; $tmp_dir = JPATH_ROOT . DIRECTORY_SEPARATOR . 'tmp' . DIRECTORY_SEPARATOR; if (!JFolder::exists($dir)) { JFolder::create($dir); } if (strpos($file['name'], '/') !== FALSE) { $file['name'] = substr($file['name'], strrpos($file['name'], '/') + 1); } elseif (strpos($file['name'], '\\' !== FALSE)) { $file['name'] = substr($file['name'], strrpos($file['name'], '\\') + 1); } // Set FTP credentials, if given jimport('joomla.client.helper'); JClientHelper::setCredentialsFromRequest('ftp'); $ftp = JClientHelper::getCredentials('ftp'); $file['name'] = JFile::makesafe($file['name']); //$file['name'] = substr($file['name'], 0, -4) . rand() . '.' . JFile::getExt($file['name']); $file['name'] = substr($file['name'], 0, -4) . '.' . JFile::getExt($file['name']); // write to temp folder $file['tmp_name'] = $tmp_dir . $file['name']; @JFile::write($file['tmp_name'], $file['bits']); $file['size'] = 0; $error = ''; $allowed = EasyImageHelper::canUploadFile($file); if ($allowed !== true) { @JFile::delete($file['tmp_name']); return new xmlrpcresp(0, $xmlrpcerruser + 1, 'The file is not valid'); } // @JFile::write( $dir . $file['name'], $file['bits']); // @task: Ensure that images goes through the same resizing format when uploading via media manager. require_once EBLOG_CLASSES . DIRECTORY_SEPARATOR . 'mediamanager.php'; $media = new EasyBlogMediaManager(); $result = $media->upload($dir, $userUploadPath, $file, '/', 'user'); @JFile::delete($file['tmp_name']); $file['name'] = EasyBlogXMLRPCHelper::cleanImageName($file['name']); $fileUrl = rtrim(JURI::root(), '/') . '/' . $rel_upload_path . '/' . $file['name']; return new xmlrpcresp(new xmlrpcval(array('url' => new xmlrpcval($fileUrl)), 'struct')); }
function newMediaObject($blogid, $username, $password, $file) { global $xmlrpcStruct, $xmlrpcArray; if (!plgXMLRPCmetaWeblogHelper::authenticateUser($username, $password)) { return new xmlrpcresp(0, $xmlrpcerruser + 1, "Login Failed"); } $user =& JUser::getInstance($username); $access = new stdClass(); $access->canEditOwn = $user->authorize('com_content', 'edit', 'content', 'own'); if (strpos($file['name'], '/') !== FALSE) { $file['name'] = substr($file['name'], strrpos($file['name'], '/') + 1); } elseif (strpos($file['name'], '\\' !== FALSE)) { $file['name'] = substr($file['name'], strrpos($file['name'], '\\') + 1); } $dir = JPATH_ROOT . DS . 'media' . DS . $user->name . DS; $tmp_dir = JPATH_ROOT . DS . 'tmp' . DS; if (!is_dir($dir)) { mkdir($dir); } // Set FTP credentials, if given jimport('joomla.client.helper'); JClientHelper::setCredentialsFromRequest('ftp'); $ftp = JClientHelper::getCredentials('ftp'); $dirPrevPermission = JPath::getPermissions($dir); $tmp_dirPrevPermission = JPath::getPermissions($tmp_dir); jimport('joomla.filesystem.file'); $return = JFile::write($file, $filecontent); $file['name'] = JFile::makesafe($file['name']); $file['name'] = substr($file['name'], 0, -4) . rand() . '.' . JFile::getExt($file['name']); $file['tmp_name'] = $tmp_dir . $file['name']; JFile::write($file['tmp_name'], $file['bits']); jimport('joomla.application.component.helper'); require_once JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_media' . DS . 'helpers' . DS . 'media.php'; if (!MediaHelper::canUpload($file, $error)) { JFile::delete($file['tmp_name']); return new xmlrpcresp(0, $xmlrpcerruser + 1, 'The file is not valid'); } JFile::write($dir . $file['name'], $file['bits']); JFile::delete($file['tmp_name']); return new xmlrpcresp(new xmlrpcval(array('url' => new xmlrpcval(JURI::root() . 'media/' . $user->name . '/' . $file['name'])), 'struct')); }
/** * Checks if the file can be uploaded * * @param array File information * @param string An error message to be returned * @return boolean */ function canUpload($file, &$err) { $params =& JComponentHelper::getParams('com_media'); if (empty($file['name'])) { $err = 'Please input a file for upload'; return false; } jimport('joomla.filesystem.file'); if ($file['name'] !== JFile::makesafe($file['name'])) { $err = 'WARNFILENAME'; return false; } $format = strtolower(JFile::getExt($file['name'])); $allowable = explode(',', $params->get('upload_extensions')); $ignored = explode(',', $params->get('ignore_extensions')); if (!in_array($format, $allowable) && !in_array($format, $ignored)) { $err = 'WARNFILETYPE'; return false; } $maxSize = (int) $params->get('upload_maxsize', 0); if ($maxSize > 0 && (int) $file['size'] > $maxSize) { $err = 'WARNFILETOOLARGE'; return false; } $user = JFactory::getUser(); $imginfo = null; if ($params->get('restrict_uploads', 1)) { $images = explode(',', $params->get('image_extensions')); if (in_array($format, $images)) { // if its an image run it through getimagesize if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) { $err = 'WARNINVALIDIMG'; return false; } } else { if (!in_array($format, $ignored)) { // if its not an image...and we're not ignoring it $allowed_mime = explode(',', $params->get('upload_mime')); $illegal_mime = explode(',', $params->get('upload_mime_illegal')); if (function_exists('finfo_open') && $params->get('check_mime', 1)) { // We have fileinfo $finfo = finfo_open(FILEINFO_MIME); $type = finfo_file($finfo, $file['tmp_name']); if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) { $err = 'WARNINVALIDMIME'; return false; } finfo_close($finfo); } else { if (function_exists('mime_content_type') && $params->get('check_mime', 1)) { // we have mime magic $type = mime_content_type($file['tmp_name']); if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) { $err = 'WARNINVALIDMIME'; return false; } } else { if (!$user->authorize('login', 'administrator')) { $err = 'WARNNOTADMIN'; return false; } } } } } } $xss_check = JFile::read($file['tmp_name'], false, 256); $html_tags = array('abbr', 'acronym', 'address', 'applet', 'area', 'audioscope', 'base', 'basefont', 'bdo', 'bgsound', 'big', 'blackface', 'blink', 'blockquote', 'body', 'bq', 'br', 'button', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'comment', 'custom', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'embed', 'fieldset', 'fn', 'font', 'form', 'frame', 'frameset', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'hr', 'html', 'iframe', 'ilayer', 'img', 'input', 'ins', 'isindex', 'keygen', 'kbd', 'label', 'layer', 'legend', 'li', 'limittext', 'link', 'listing', 'map', 'marquee', 'menu', 'meta', 'multicol', 'nobr', 'noembed', 'noframes', 'noscript', 'nosmartquotes', 'object', 'ol', 'optgroup', 'option', 'param', 'plaintext', 'pre', 'rt', 'ruby', 's', 'samp', 'script', 'select', 'server', 'shadow', 'sidebar', 'small', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'title', 'tr', 'tt', 'ul', 'var', 'wbr', 'xml', 'xmp', '!DOCTYPE', '!--'); foreach ($html_tags as $tag) { // A tag is '<tagname ', so we need to add < and a space or '<tagname>' if (stristr($xss_check, '<' . $tag . ' ') || stristr($xss_check, '<' . $tag . '>')) { $err = 'WARNIEXSS'; return false; } } return true; }
function _migrateBloggerImage($image, $userid, $content) { jimport('joomla.utilities.error'); jimport('joomla.filesystem.file'); jimport('joomla.filesystem.folder'); $config = EasyBlogHelper::getConfig(); $main_image_path = $config->get('main_image_path'); $main_image_path = rtrim($main_image_path, '/'); $rel_upload_path = $main_image_path . '/' . $userid; $userUploadPath = JPATH_ROOT . DIRECTORY_SEPARATOR . str_ireplace('/', DIRECTORY_SEPARATOR, $main_image_path . DIRECTORY_SEPARATOR . $userid); $folder = JPath::clean($userUploadPath); $dir = $userUploadPath . DIRECTORY_SEPARATOR; $tmp_dir = JPATH_ROOT . DIRECTORY_SEPARATOR . 'tmp' . DIRECTORY_SEPARATOR; if (!JFolder::exists($dir)) { JFolder::create($dir); } //now let get the image from remove url. $segments = explode('/', $image); $fileName = $segments[count($segments) - 1]; $fileName = JFile::makesafe($fileName); $tmpFileName = $tmp_dir . $fileName; $file['name'] = $fileName; $file['tmp_name'] = $tmpFileName; // write to JOOMLA tmp folder file_put_contents($tmpFileName, file_get_contents($image)); require_once EBLOG_CLASSES . DIRECTORY_SEPARATOR . 'mediamanager.php'; $media = new EasyBlogMediaManager(); $result = $media->upload($file, 'user:'******'tmp_name']); if (isset($result->type)) { $relativeImagePath = $rel_upload_path . '/' . $file['name']; // lets replace the image from the content to this uploaded one. $content = str_replace($image, $relativeImagePath, $content); } return $content; }
/** * Normalizes a path * * @since 5.0 * @access public * @param string * @return */ public static function normalizeFileName($name) { // Fix file names containing "/" in the file title if (strpos($name, '/') !== false) { $name = substr($name, strrpos($name, '/') + 1); } // Fix file names containing "\" in the file title if (strpos($name, '\\') !== false) { $name = substr($name, strrpos($name, '\\') + 1); } // Ensure that the file name is safe $name = JFile::makesafe($name); $name = trim($name); // Remove the extension $name = substr($name, 0, -4) . '.' . JFile::getExt($name); // Ensure that the file name contains an extension if (strpos($name, '.') === false) { $name = EB::date()->format('Ymd-Hms') . '.' . $name; } // Do not allow spaces in the name $name = str_ireplace(' ', '-', $name); return $name; }
/** * Here's where are the chacheing get's done. * First we need to generate the cache name. * Then we need to create the directory path * relative to Cache/media, and based off an * md5_file($filename). */ private function generateCacheFileName() { $imageName = JFile::makesafe(basename($this->getFileName())); $imageName = JFile::removespace($imageName); $imageName = explode('.', $imageName); $imageName = str_replace('_', '', $imageName[0]); $cacheFileName = $imageName; $cacheFileName .= $this->thumbw . 'x' . $this->thumbh; $cacheFileName .= '_q' . intval($this->getQuality()); if ($this->square) { $cacheFileName .= '_sq'; } $cacheFileName .= '.jpg'; $this->broadDirectories = $this->generateCacheDir() . DS; $this->cacheFileName = $this->cacheDirectory . $this->broadDirectories . $this->cachePrefix . $cacheFileName; return true; }