function loadScripts()
{
$d =& JFactory::getDocument();
// CSS styles
$d->addStyleDeclaration('#fileList{' . 'width:670px;' . 'height:220px;' . 'overflow:auto;' . 'clear:both;' . '}' . '#fileList div.item{' . 'float:left;' . 'width:70px;' . 'border:1px solid #fff;' . 'background-color:#fff;' . 'text-align:center;' . '}' . '#fileList div.item div.name{' . 'height:15px;' . '}' . '#fileList div.item div.icon div.border{' . 'margin-top:10px;' . 'height:45px;' . 'width:68px;' . 'vertical-align:middle;' . 'overflow:hidden;' . '}' . '#fileList div.item div.icon div.border a{' . 'height:45px;' . 'width:68px;' . 'display:block;' . '}' . '#fileList div.item:hover{' . 'border:1px solid #0B55C4;' . 'background-color:#d2d7e0;' . 'cursor:pointer;' . '}');
// Javascript
if (LinkrHelper::getMediaParam('enable_flash', 1)) {
JHTML::_('behavior.uploader', 'file-upload', array('targetURL' => $this->form->uploadURL, 'types' => '{\'Pictures (*.bmp, *.gif, *.jpg, *.jpeg, *.png)\':\'*.bmp;*.gif;*.jpg;*.jpeg;*.png\'}', 'onAllComplete' => 'function(){ window.location.reload(true); }'));
}
$d->addScriptDeclaration('var selectIcon = function(u, f)' . '{' . 'if (document.uploadForm.deli.checked == true) {' . 'if (confirm("' . JText::_('VALIDDELETEITEMS', true) . '")) {' . 'window.location.href = "' . $this->form->deleteURL . '"+ f;' . '}' . '} else {' . 'window.parent.document.adminForm.icon.value=u;' . 'window.parent.document.getElementById("sbox-window").close();' . '}' . '}');
}
function canUpload()
{
// Check extension
$ext = strtolower(JFile::getExt($this->file['name']));
$allow = @explode(',', LinkrHelper::getMediaParam('upload_extensions'));
$ignore = @explode(',', LinkrHelper::getMediaParam('ignore_extensions'));
if (!in_array($ext, $allow) && !in_array($ext, $ignore)) {
LinkrHelper::log('Upload failed: file extension check');
return false;
}
// Check filesize
$max = (int) LinkrHelper::getMediaParam('upload_maxsize', 0);
if ($max > 0 && (int) $this->file['size'] > $max) {
LinkrHelper::log('Upload failed: file size (' . $this->file['size'] . ') larger than maximum (' . $max . ')');
return false;
}
// PHP image checks
if (LinkrHelper::getMediaParam('restrict_uploads', 1)) {
$imgx = explode(',', LinkrHelper::getMediaParam('image_extensions'));
// GetImageSize
if (in_array($ext, $imgx) && !getimagesize($this->file['tmp_name'])) {
LinkrHelper::log('Upload Failed: could not get image information through "GetImageSize()"');
return false;
} else {
if (!in_array($ext, $ignore)) {
$amime = explode(',', LinkrHelper::getMediaParam('upload_mime'));
$imime = explode(',', LinkrHelper::getMediaParam('upload_mime_illegal'));
// FileInfo
if (function_exists('finfo_open') && LinkrHelper::getMediaParam('check_mime', 1)) {
$finfo = finfo_open(FILEINFO_MIME);
$type = finfo_file($finfo, $this->file['tmp_name']);
if (strlen($type) && !in_array($type, $amime) && in_array($type, $imime)) {
LinkrHelper::log("Upload Failed: invalid mime-type ({$type})");
finfo_close($finfo);
return false;
}
} else {
if (function_exists('mime_content_type') && LinkrHelper::getMediaParam('check_mime', 1)) {
$type = mime_content_type($this->file['tmp_name']);
if (strlen($type) && !in_array($type, $amime) && in_array($type, $imime)) {
LinkrHelper::log("Upload Failed: invalid mime-type ({$type})");
return false;
}
} else {
$user =& JFactory::getUser();
if (!$user->authorize('login', 'administrator')) {
LinkrHelper::log('Upload Failed: can\'t check mime-type');
return false;
}
}
}
}
}
}
// Cross-site scripting
$xss = JFile::read($this->file['tmp_name'], false, 256);
$tags = array('abbr', 'acronym', 'address', 'applet', 'area', 'audioscope', 'base', 'basefont', 'bdo', 'bgsound', 'big', 'blackface', 'blink', 'blockquote', 'body', 'bq', 'br', 'button', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'comment', 'custom', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'embed', 'fieldset', 'fn', 'font', 'form', 'frame', 'frameset', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'hr', 'html', 'iframe', 'ilayer', 'img', 'input', 'ins', 'isindex', 'keygen', 'kbd', 'label', 'layer', 'legend', 'li', 'limittext', 'link', 'listing', 'map', 'marquee', 'menu', 'meta', 'multicol', 'nobr', 'noembed', 'noframes', 'noscript', 'nosmartquotes', 'object', 'ol', 'optgroup', 'option', 'param', 'plaintext', 'pre', 'rt', 'ruby', 's', 'samp', 'script', 'select', 'server', 'shadow', 'sidebar', 'small', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'title', 'tr', 'tt', 'ul', 'var', 'wbr', 'xml', 'xmp', '!DOCTYPE', '!--');
foreach ($tags as $t) {
if (stristr($xss, '<' . $t . ' ') || stristr($xss, '<' . $t . '>')) {
LinkrHelper::log('Upload Failed: possibly an XSS attack');
return false;
}
}
// File passed the test!
return true;
}
function folderItems()
{
// Get filetypes
$exts = 'bmp,csv,doc,gif,jpg,jpeg,odg,odp,ods,odt,pdf,png,ppt,txt,xcf,xls';
$exts = LinkrHelper::getMediaParam('upload_extensions', $exts);
// Build regular expression
$exts = preg_replace('/[^A-Z0-9,]/i', '', $exts);
$exts = '\\.(' . str_replace(',', '|', $exts) . ')';
// Get folder from request
$info = $this->fileInfo();
$folder = $info['path'];
// Get folders
if ($info['parent']) {
$folders = LinkrHelper::listDirectories($info['path']);
} else {
$paths = LinkrHelper::getParam('paths', 'images');
$regex = LinkrHelper::buildRegex($paths);
$folders = LinkrHelper::listDirectories($info['base'], $regex);
}
// Get files
$files = LinkrHelper::listFiles($folder, $exts);
// Create output
$items = '<div id="filedirlist">' . '<div style="clear:both;"></div>';
// Parent directory
$icon = JURI::root() . 'administrator/components/com_media/images/folderup_32.png';
$icon = JHTML::image($icon, 'Folder', array('width' => 32, 'height' => 32, 'class' => 'big'));
if ($info['parent']) {
$click = 'LinkrHelper.fileDir(\'' . $info['parent.64'] . '\')';
$items .= '<div class="item up">' . '<div class="icon" onclick="' . $click . '">' . '<div align="center" class="border"><a>' . $icon . '</a></div></div>' . '<div class="name">' . JText::_('up') . '</div>' . '</div>';
}
// Folders
$icon = JURI::root() . 'administrator/components/com_media/images/folder.png';
$icon = JHTML::image($icon, 'Folder', array('width' => 32, 'height' => 32, 'class' => 'big'));
foreach ($folders as $d) {
$click = 'LinkrHelper.fileDir(\'' . $d['path.64'] . '\')';
$items .= '<div class="item">' . '<div class="icon" onclick="' . $click . '">' . '<div align="center" class="border"><a>' . $icon . '</a></div></div>' . '<div class="name">' . $d['name'] . '</div>' . '</div>';
}
// Files
foreach ($files as $f) {
$icon = array('width' => $f->width, 'height' => $f->height);
$icon = JHTML::image($f->icon, $f->name, $icon);
$title = $f->type . ' - ' . $f->name . ' (' . $f->size . ')';
$name = str_replace('.' . $f->ext, '', $f->name);
$click = 'LinkrHelper.file(\'' . $f->src . '\')';
$items .= '<div class="item">' . '<div class="icon"title="' . $title . '"onclick="' . $click . '">' . '<div align="center" class="border"><a>' . $icon . '</a></div></div>' . '<div class="name">' . $name . '</div>' . '</div>';
}
return $items . '</div>';
}
function files()
{
// Get folder
$folder = JRequest::getVar('f', '', 'REQUEST', 'base64');
$folder = @base64_decode($folder);
if (!$folder || !strlen($folder)) {
return $this->badRequest();
}
// Check folder
$i = $this->getFileInfo($folder);
if ($folder != $i['base']) {
foreach ($i['path.list'] as $p) {
if (strpos($folder, $p) === 0) {
$c = true;
break;
}
}
// Invalid folder
if (!$c) {
return $this->badRequest('Invalid directory');
}
}
// Save folder
$this->setState('current', $i['path.64']);
// Get folders
if ($folder != $i['base']) {
$folders = LinkrHelper::listDirectories($folder);
} else {
$folders = LinkrHelper::listDirectories($i['base'], $i['base.regex']);
}
// Get files
$exts = LinkrHelper::getMediaParam('upload_extensions', '');
$exts = strlen($exts) ? $exts : 'bmp,csv,doc,gif,jpg,jpeg,odg,odp,ods,odt,pdf,png,ppt,txt,xcf,xls';
$exts = preg_replace('/[^A-Z0-9,]/i', '', $exts);
$exts = '\\.(' . str_replace(',', '|', $exts) . ')';
$simple = (bool) LinkrHelper::getParam('simple_list', false);
$simple = (bool) $this->getState('simplelist', $simple, 'INT');
$files = LinkrHelper::listFiles($folder, $exts, $simple);
// Return files data
return array('files' => $files, 'folders' => $folders, 'current' => $i['path.64'], 'parent' => $i['parent'] ? $i['parent.64'] : false, 'mode' => $simple ? 'simple' : 'normal');
}