/** * Check whether Connector is enabled * @access protected * */ protected function checkConnector() { $_config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); if (!$_config->getIsEnabled()) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_CONNECTOR_DISABLED); } }
/** * handle request and build XML * @access protected * */ protected function buildXml() { if (empty($_POST['QFinderCommand']) || $_POST['QFinderCommand'] != 'true') { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FILE_RENAME)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } if (!isset($_GET["fileName"])) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_NAME); } if (!isset($_GET["newFileName"])) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_NAME); } $_config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); $fileName = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["fileName"]); $newFileName = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["newFileName"]); $oRenamedFileNode = new Qfinder_Connector_Utils_XmlNode("RenamedFile"); $this->_connectorNode->addChild($oRenamedFileNode); $oRenamedFileNode->addAttribute("name", QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($fileName)); $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!$resourceTypeInfo->checkExtension($newFileName)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } if (!QFinder_Connector_Utils_FileSystem::checkFileName($fileName) || $resourceTypeInfo->checkIsHiddenFile($fileName)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!QFinder_Connector_Utils_FileSystem::checkFileName($newFileName) || $resourceTypeInfo->checkIsHiddenFile($newFileName)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_NAME); } if (!$resourceTypeInfo->checkExtension($fileName, false)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if ($_config->forceAscii()) { $newFileName = QFinder_Connector_Utils_FileSystem::convertToAscii($newFileName); } $filePath = QFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName); $newFilePath = QFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $newFileName); $bMoved = false; if (!file_exists($filePath)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); } if (!is_writable(dirname($newFilePath))) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } if (!is_writable($filePath)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } if (file_exists($newFilePath)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ALREADY_EXIST); } $bMoved = @rename($filePath, $newFilePath); if (!$bMoved) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNKNOWN, "File " . QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($fileName) . "has not been renamed"); } else { $oRenamedFileNode->addAttribute("newName", QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFileName)); $thumbPath = QFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getThumbsServerPath(), $fileName); QFinder_Connector_Utils_FileSystem::unlink($thumbPath); } }
/** * send response * @access public * */ public function sendResponse() { $xml =& QFinder_Connector_Core_Factory::getInstance("Core_Xml"); $this->_connectorNode =& $xml->getConnectorNode(); $this->checkConnector(); if ($this->mustCheckRequest()) { $this->checkRequest(); } $resourceTypeName = $this->_currentFolder->getResourceTypeName(); if (!empty($resourceTypeName)) { $this->_connectorNode->addAttribute("resourceType", $this->_currentFolder->getResourceTypeName()); } if ($this->mustAddCurrentFolderNode()) { $_currentFolder = new Qfinder_Connector_Utils_XmlNode("CurrentFolder"); $this->_connectorNode->addChild($_currentFolder); $_currentFolder->addAttribute("path", QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($this->_currentFolder->getClientPath())); $this->_errorHandler->setCatchAllErros(true); $_url = $this->_currentFolder->getUrl(); $_currentFolder->addAttribute("url", is_null($_url) ? "" : QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($_url)); $this->_errorHandler->setCatchAllErros(false); $_currentFolder->addAttribute("acl", $this->_currentFolder->getAclMask()); } $this->buildXml(); $_oErrorNode =& $xml->getErrorNode(); $_oErrorNode->addAttribute("number", "0"); echo $this->_connectorNode->asXML(); exit; }
/** * Throw file upload error, return true if error has been thrown, false if error has been catched * * @param int $number * @param string $text * @access public */ public function throwError($number, $uploaded = false, $exit = true) { if ($this->_catchAllErrors || in_array($number, $this->_skipErrorsArray)) { return false; } $oRegistry =& QFinder_Connector_Core_Factory::getInstance("Core_Registry"); $sFileName = $oRegistry->get("FileUpload_fileName"); $sFileUrl = $oRegistry->get("FileUpload_url"); $sEncodedFileName = QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($sFileName); header('Content-Type: text/html; charset=utf-8'); $errorMessage = QFinder_Connector_Utils_Misc::getErrorMessage($number, $sEncodedFileName); if (!$uploaded) { $sFileName = ""; $sEncodedFileName = ""; } if (!empty($_GET['response_type']) && $_GET['response_type'] == 'txt') { echo $sFileName . "|" . $errorMessage; } else { echo "<script type=\"text/javascript\">"; if (!empty($_GET['QFinderFuncNum'])) { if (!$uploaded) { $sFileUrl = ""; $sFileName = ""; } $funcNum = preg_replace("/[^0-9]/", "", $_GET['QFinderFuncNum']); echo "window.parent.QFinder.tools.callFunction({$funcNum}, '" . str_replace("'", "\\'", $sFileUrl . $sFileName) . "', '" . str_replace("'", "\\'", $errorMessage) . "');"; } else { echo "window.parent.OnUploadCompleted('" . str_replace("'", "\\'", $sEncodedFileName) . "', '" . str_replace("'", "\\'", $errorMessage) . "') ;"; } echo "</script>"; } if ($exit) { exit; } }
/** * Throw connector error, return true if error has been thrown, false if error has been catched * * @param int $number * @param string $text * @access public */ public function throwError($number, $text = false) { if ($this->_catchAllErrors || in_array($number, $this->_skipErrorsArray)) { return false; } $_xml =& QFinder_Connector_Core_Factory::getInstance("Core_Xml"); $_xml->raiseError($number, $text); exit; }
/** * handle request and build XML * @access protected * */ protected function buildXml() { if (empty($_POST['QFinderCommand']) || $_POST['QFinderCommand'] != 'true') { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FOLDER_RENAME)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } if (!isset($_GET["NewFolderName"])) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_NAME); } $newFolderName = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["NewFolderName"]); $_config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); if ($_config->forceAscii()) { $newFolderName = QFinder_Connector_Utils_FileSystem::convertToAscii($newFolderName); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!QFinder_Connector_Utils_FileSystem::checkFolderName($newFolderName) || $resourceTypeInfo->checkIsHiddenFolder($newFolderName)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_NAME); } // The root folder cannot be deleted. if ($this->_currentFolder->getClientPath() == "/") { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $oldFolderPath = $this->_currentFolder->getServerPath(); $bMoved = false; if (!is_dir($oldFolderPath)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } //let's calculate new folder name $newFolderPath = dirname($oldFolderPath) . '/' . $newFolderName . '/'; if (file_exists(rtrim($newFolderPath, '/'))) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ALREADY_EXIST); } $bMoved = @rename($oldFolderPath, $newFolderPath); if (!$bMoved) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } else { $newThumbsServerPath = dirname($this->_currentFolder->getThumbsServerPath()) . '/' . $newFolderName . '/'; if (!@rename($this->_currentFolder->getThumbsServerPath(), $newThumbsServerPath)) { QFinder_Connector_Utils_FileSystem::unlink($this->_currentFolder->getThumbsServerPath()); } } $newFolderPath = preg_replace(",[^/]+/?\$,", $newFolderName, $this->_currentFolder->getClientPath()) . '/'; $newFolderUrl = $resourceTypeInfo->getUrl() . ltrim($newFolderPath, '/'); $oRenameNode = new Qfinder_Connector_Utils_XmlNode("RenamedFolder"); $this->_connectorNode->addChild($oRenameNode); $oRenameNode->addAttribute("newName", QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderName)); $oRenameNode->addAttribute("newPath", QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderPath)); $oRenameNode->addAttribute("newUrl", QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderUrl)); }
/** * handle request and build XML * @access protected * */ protected function buildXml() { $_config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FOLDER_VIEW)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } // Map the virtual path to the local server path. $_sServerDir = $this->_currentFolder->getServerPath(); if (!is_dir($_sServerDir)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_FOLDER_NOT_FOUND); } // Create the "Folders" node. $oFoldersNode = new Qfinder_Connector_Utils_XmlNode("Folders"); $this->_connectorNode->addChild($oFoldersNode); $files = array(); if ($dh = @opendir($_sServerDir)) { while (($file = readdir($dh)) !== false) { if ($file != "." && $file != ".." && is_dir($_sServerDir . $file)) { $files[] = $file; } } closedir($dh); } else { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (sizeof($files) > 0) { natcasesort($files); $i = 0; foreach ($files as $file) { $oAcl = $_config->getAccessControlConfig(); $folderPath = $this->_currentFolder->getClientPath() . $file . "/"; $aclMask = $oAcl->getComputedMask($this->_currentFolder->getResourceTypeName(), $folderPath); if (($aclMask & QFINDER_CONNECTOR_ACL_FOLDER_VIEW) != QFINDER_CONNECTOR_ACL_FOLDER_VIEW) { continue; } if ($resourceTypeInfo->checkIsHiddenFolder($file)) { continue; } // Create the "Folder" node. $oFolderNode[$i] = new Qfinder_Connector_Utils_XmlNode("Folder"); $oFoldersNode->addChild($oFolderNode[$i]); $oFolderNode[$i]->addAttribute("name", QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($file)); $oFolderNode[$i]->addAttribute("hasChildren", QFinder_Connector_Utils_FileSystem::hasChildren($folderPath, $resourceTypeInfo) ? "true" : "false"); $oFolderNode[$i]->addAttribute("acl", $aclMask); $i++; } } }
/** * handle request and build XML * @access protected * */ protected function buildXml() { if (empty($_POST['QFinderCommand']) || $_POST['QFinderCommand'] != 'true') { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $_config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FOLDER_CREATE)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); $sNewFolderName = isset($_GET["NewFolderName"]) ? $_GET["NewFolderName"] : ""; $sNewFolderName = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($sNewFolderName); if ($_config->forceAscii()) { $sNewFolderName = QFinder_Connector_Utils_FileSystem::convertToAscii($sNewFolderName); } if (!QFinder_Connector_Utils_FileSystem::checkFolderName($sNewFolderName) || $_resourceTypeConfig->checkIsHiddenFolder($sNewFolderName)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_NAME); } $sServerDir = QFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $sNewFolderName); if (!is_writeable($this->_currentFolder->getServerPath())) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } $bCreated = false; if (file_exists($sServerDir)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ALREADY_EXIST); } if ($perms = $_config->getChmodFolders()) { $oldUmask = umask(0); $bCreated = @mkdir($sServerDir, $perms); umask($oldUmask); } else { $bCreated = @mkdir($sServerDir); } if (!$bCreated) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } else { $oNewFolderNode = new Qfinder_Connector_Utils_XmlNode("NewFolder"); $this->_connectorNode->addChild($oNewFolderNode); $oNewFolderNode->addAttribute("name", QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($sNewFolderName)); } }
/** * Throw file upload error, return true if error has been thrown, false if error has been catched * * @param int $number * @param string $text * @access public */ public function throwError($number, $uploaded = false, $exit = true) { if ($this->_catchAllErrors || in_array($number, $this->_skipErrorsArray)) { return false; } $oRegistry =& QFinder_Connector_Core_Factory::getInstance("Core_Registry"); $sFileName = $oRegistry->get("FileUpload_fileName"); $sFileUrl = $oRegistry->get("FileUpload_url"); $sEncodedFileName = QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($sFileName); header('Content-Type: text/html; charset=utf-8'); /** * echo <script> is not called before QFinder_Connector_Utils_Misc::getErrorMessage * because PHP has problems with including files that contain BOM character. * Having BOM character after <script> tag causes a javascript error. */ echo "<script type=\"text/javascript\">"; if (!empty($_GET['CKEditor'])) { $errorMessage = QFinder_Connector_Utils_Misc::getErrorMessage($number, $sEncodedFileName); if (!$uploaded) { $sFileUrl = ""; $sFileName = ""; $sEncodedFileName = ""; } $funcNum = preg_replace("/[^0-9]/", "", $_GET['CKEditorFuncNum']); echo "window.parent.CKEDITOR.tools.callFunction({$funcNum}, '" . str_replace("'", "\\'", $sFileUrl . QFinder_Connector_Utils_Misc::encodeURIComponent($sEncodedFileName)) . "', '" . str_replace("'", "\\'", $errorMessage) . "');"; } else { if (!$uploaded) { echo "window.parent.OnUploadCompleted(" . $number . ", '', '', '') ;"; } else { echo "window.parent.OnUploadCompleted(" . $number . ", '" . str_replace("'", "\\'", $sFileUrl . QFinder_Connector_Utils_Misc::encodeURIComponent($sEncodedFileName)) . "', '" . str_replace("'", "\\'", $sEncodedFileName) . "', '') ;"; } } echo "</script>"; if ($exit) { exit; } }
/** * handle request and build XML * @access protected * */ protected function buildXml() { if (empty($_POST['QFinderCommand']) || $_POST['QFinderCommand'] != 'true') { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FILE_DELETE)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $oErrorsNode = new QFinder_Connector_Utils_XmlNode("Errors"); $errorCode = QFINDER_CONNECTOR_ERROR_NONE; $deleted = 0; $oDeleteFilesNode = new Qfinder_Connector_Utils_XmlNode("DeleteFiles"); $currentResourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); $_config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); $_aclConfig = $_config->getAccessControlConfig(); $aclMasks = array(); $_resourceTypeConfig = array(); $checkedPaths = array(); if (!empty($_POST['files']) && is_array($_POST['files'])) { foreach ($_POST['files'] as $arr) { if (empty($arr['name'])) { continue; } if (!isset($arr['type'], $arr['folder'])) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } // file name $name = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['name']); // resource type $type = $arr['type']; // client path $path = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['folder']); if (!isset($_resourceTypeConfig[$type])) { $_resourceTypeConfig[$type] = $_config->getResourceTypeConfig($type); } if (is_null($_resourceTypeConfig[$type]) || !QFinder_Connector_Utils_FileSystem::checkFileName($name) || preg_match(QFINDER_REGEX_INVALID_PATH, $path)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$_resourceTypeConfig[$type]->checkExtension($name, false)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (empty($checkedPaths[$path])) { $checkedPaths[$path] = true; if ($_resourceTypeConfig[$type]->checkIsHiddenPath($path)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } } if ($currentResourceTypeConfig->checkIsHiddenFile($name)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!isset($aclMasks[$type . "@" . $path])) { $aclMasks[$type . "@" . $path] = $_aclConfig->getComputedMask($type, $path); } $isAuthorized = ($aclMasks[$type . "@" . $path] & QFINDER_CONNECTOR_ACL_FILE_DELETE) == QFINDER_CONNECTOR_ACL_FILE_DELETE; if (!$isAuthorized) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $filePath = $_resourceTypeConfig[$type]->getDirectory() . $path . $name; if (!file_exists($filePath) || !is_file($filePath)) { $errorCode = QFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } if (!QFinder_Connector_Utils_FileSystem::unlink($filePath)) { $errorCode = QFINDER_CONNECTOR_ERROR_ACCESS_DENIED; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } else { $deleted++; $thumbPath = QFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getThumbsServerPath(), $name); @unlink($thumbPath); } } } $this->_connectorNode->addChild($oDeleteFilesNode); if ($errorCode != QFINDER_CONNECTOR_ERROR_NONE) { $this->_connectorNode->addChild($oErrorsNode); } $oDeleteFilesNode->addAttribute("deleted", $deleted); if ($errorCode != QFINDER_CONNECTOR_ERROR_NONE) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_DELETE_FAILED); } }
/** * handle request and build XML * @access protected * */ function buildXml() { if (empty($_POST['QFinderCommand']) || $_POST['QFinderCommand'] != 'true') { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $this->checkConnector(); $this->checkRequest(); //resizing to 1x1 is almost equal to deleting a file, that's why FILE_DELETE permissions are required if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FILE_DELETE) || !$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FILE_UPLOAD)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $_config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!isset($_POST["fileName"])) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_NAME); } $fileName = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_POST["fileName"]); if (!QFinder_Connector_Utils_FileSystem::checkFileName($fileName) || $resourceTypeInfo->checkIsHiddenFile($fileName)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$resourceTypeInfo->checkExtension($fileName, false)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $filePath = QFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName); if (!file_exists($filePath) || !is_file($filePath)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); } $newWidth = trim($_POST['width']); $newHeight = trim($_POST['height']); $quality = 80; $resizeOriginal = !empty($_POST['width']) && !empty($_POST['height']); if ($resizeOriginal) { if (!preg_match("/^\\d+\$/", $newWidth) || !preg_match("/^\\d+\$/", $newHeight) || !preg_match("/^\\d+\$/", $newWidth)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!isset($_POST["newFileName"])) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_NAME); } $newFileName = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_POST["newFileName"]); if (!$resourceTypeInfo->checkExtension($newFileName)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } if (!QFinder_Connector_Utils_FileSystem::checkFileName($newFileName) || $resourceTypeInfo->checkIsHiddenFile($newFileName)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_NAME); } $newFilePath = QFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $newFileName); if (!is_writable(dirname($newFilePath))) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } if ($_POST['overwrite'] != "1" && file_exists($newFilePath)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ALREADY_EXIST); } $_imagesConfig = $_config->getImagesConfig(); $maxWidth = $_imagesConfig->getMaxWidth(); $maxHeight = $_imagesConfig->getMaxHeight(); // Shouldn't happen as the JavaScript validation should not allow this. if ($maxWidth > 0 && $newWidth > $maxWidth || $maxHeight > 0 && $newHeight > $maxHeight) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } } require_once QFINDER_CONNECTOR_LIB_DIR . "/CommandHandler/Thumbnail.php"; if ($resizeOriginal) { $result = QFinder_Connector_CommandHandler_Thumbnail::createThumb($filePath, $newFilePath, $newWidth, $newHeight, $quality, false); if (!$result) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } } $config = $this->getConfig(); $nameWithoutExt = preg_replace("/^(.+)\\_\\d+x\\d+\$/", "\$1", QFinder_Connector_Utils_FileSystem::getFileNameWithoutExtension($fileName)); $extension = QFinder_Connector_Utils_FileSystem::getExtension($fileName); foreach (array('small', 'medium', 'large') as $size) { if (!empty($_POST[$size]) && $_POST[$size] == '1') { $thumbName = $nameWithoutExt . "_" . $size . "." . $extension; $newFilePath = QFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $thumbName); if (!empty($config[$size . 'Thumb'])) { if (preg_match("/^(\\d+)x(\\d+)\$/", $config[$size . 'Thumb'], $matches)) { QFinder_Connector_CommandHandler_Thumbnail::createThumb($filePath, $newFilePath, $matches[1], $matches[2], $quality, true); } } } } }
/** * Get computed mask * * @param string $resourceType * @param string $folderPath * @return int */ public function getComputedMask($resourceType, $folderPath) { $_computedMask = 0; $_config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); $_roleSessionVar = $_config->getRoleSessionVar(); $_userRole = null; if (strlen($_roleSessionVar) && isset($_SESSION[$_roleSessionVar])) { $_userRole = (string) $_SESSION[$_roleSessionVar]; } if (!is_null($_userRole) && !strlen($_userRole)) { $_userRole = null; } $folderPath = trim($folderPath, "/"); $_pathParts = explode("/", $folderPath); $_currentPath = "/"; for ($i = -1; $i < sizeof($_pathParts); $i++) { if ($i >= 0) { if (!strlen($_pathParts[$i])) { continue; } if (array_key_exists($_currentPath . '*/', $this->_aclEntries)) { $_computedMask = $this->mergePathComputedMask($_computedMask, $resourceType, $_userRole, $_currentPath . '*/'); } $_currentPath .= $_pathParts[$i] . '/'; } if (array_key_exists($_currentPath, $this->_aclEntries)) { $_computedMask = $this->mergePathComputedMask($_computedMask, $resourceType, $_userRole, $_currentPath); } } return $_computedMask; }
function sendResponse() { $oRegistry =& QFinder_Connector_Core_Factory::getInstance("Core_Registry"); $oRegistry->set("FileUpload_url", $this->_currentFolder->getUrl()); return parent::sendResponse(); }
/** * Get ACL Mask * * @return int * @access public */ public function getAclMask() { $_config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); $_aclConfig = $_config->getAccessControlConfig(); if ($this->_aclMask == -1) { $this->_aclMask = $_aclConfig->getComputedMask($this->_resourceTypeName, $this->_clientPath); } return $this->_aclMask; }
/** * Simple function required by config.php - discover the server side path * to the directory relative to the "$baseUrl" attribute * * @package QFinder * @subpackage Connector * @param string $baseUrl * @return string */ function resolveUrl($baseUrl) { $fileSystem =& QFinder_Connector_Core_Factory::getInstance("Utils_FileSystem"); $baseUrl = preg_replace("|^http(s)?://[^/]+|i", "", $baseUrl); return $fileSystem->getDocumentRootPath() . $baseUrl; }
/** * handle request and build XML * @access protected * */ protected function buildXml() { $_config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FILE_VIEW)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } // Map the virtual path to the local server path. $_sServerDir = $this->_currentFolder->getServerPath(); // Create the "Files" node. $oFilesNode = new Qfinder_Connector_Utils_XmlNode("Files"); $this->_connectorNode->addChild($oFilesNode); if (!is_dir($_sServerDir)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_FOLDER_NOT_FOUND); } $files = array(); $thumbFiles = array(); if ($dh = @opendir($_sServerDir)) { while (($file = readdir($dh)) !== false) { if ($file != "." && $file != ".." && !is_dir($_sServerDir . $file)) { $files[] = $file; } } closedir($dh); } else { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (sizeof($files) > 0) { $_thumbnailsConfig = $_config->getThumbnailsConfig(); $_thumbServerPath = ''; $_showThumbs = !empty($_GET['showThumbs']) && $_GET['showThumbs'] == 1; if ($_thumbnailsConfig->getIsEnabled() && ($_thumbnailsConfig->getDirectAccess() || $_showThumbs)) { $_thumbServerPath = $this->_currentFolder->getThumbsServerPath(); } natcasesort($files); $i = 0; foreach ($files as $file) { $filemtime = @filemtime($_sServerDir . $file); //otherwise file doesn't exist or we can't get it's filename properly if ($filemtime !== false) { $filename = QFinder_Connector_Utils_Misc::mbBasename($file); if (!$resourceTypeInfo->checkExtension($filename, false)) { continue; } if ($resourceTypeInfo->checkIsHiddenFile($filename)) { continue; } $oFileNode[$i] = new Qfinder_Connector_Utils_XmlNode("File"); $oFilesNode->addChild($oFileNode[$i]); $oFileNode[$i]->addAttribute("name", QFinder_Connector_Utils_FileSystem::convertToConnectorEncoding(QFinder_Connector_Utils_Misc::mbBasename($file))); $oFileNode[$i]->addAttribute("date", @date("YmdHi", $filemtime)); if (!empty($_thumbServerPath) && preg_match(QFINDER_REGEX_IMAGES_EXT, $filename)) { if (file_exists($_thumbServerPath . $filename)) { $oFileNode[$i]->addAttribute("thumb", $filename); } elseif ($_showThumbs) { $oFileNode[$i]->addAttribute("thumb", "?" . $filename); } } $size = filesize($_sServerDir . $file); if ($size && $size < 1024) { $size = 1; } else { $size = (int) round($size / 1024); } $oFileNode[$i]->addAttribute("size", $size); $i++; } } } }
/** * send response (save uploaded file, resize if required) * @access public * */ public function sendResponse() { $iErrorNumber = QFINDER_CONNECTOR_ERROR_NONE; $_config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); $oRegistry =& QFinder_Connector_Core_Factory::getInstance("Core_Registry"); $oRegistry->set("FileUpload_fileName", "unknown file"); $uploadedFile = array_shift($_FILES); if (!isset($uploadedFile['name'])) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UPLOADED_INVALID); } $sUnsafeFileName = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding(QFinder_Connector_Utils_Misc::mbBasename($uploadedFile['name'])); $sFileName = QFinder_Connector_Utils_FileSystem::secureFileName($sUnsafeFileName); if ($sFileName != $sUnsafeFileName) { $iErrorNumber = QFINDER_CONNECTOR_ERROR_UPLOADED_INVALID_NAME_RENAMED; } $oRegistry->set("FileUpload_fileName", $sFileName); $this->checkConnector(); $this->checkRequest(); if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FILE_UPLOAD)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); if (!QFinder_Connector_Utils_FileSystem::checkFileName($sFileName) || $_resourceTypeConfig->checkIsHiddenFile($sFileName)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_NAME); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!$resourceTypeInfo->checkExtension($sFileName)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } $oRegistry->set("FileUpload_fileName", $sFileName); $oRegistry->set("FileUpload_url", $this->_currentFolder->getUrl()); $maxSize = $resourceTypeInfo->getMaxSize(); if (!$_config->checkSizeAfterScaling() && $maxSize && $uploadedFile['size'] > $maxSize) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); } $htmlExtensions = $_config->getHtmlExtensions(); $sExtension = QFinder_Connector_Utils_FileSystem::getExtension($sFileName); if ($htmlExtensions && !QFinder_Connector_Utils_Misc::inArrayCaseInsensitive($sExtension, $htmlExtensions) && ($detectHtml = QFinder_Connector_Utils_FileSystem::detectHtml($uploadedFile['tmp_name'])) === true) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE); } $secureImageUploads = $_config->getSecureImageUploads(); if ($secureImageUploads && ($isImageValid = QFinder_Connector_Utils_FileSystem::isImageValid($uploadedFile['tmp_name'], $sExtension)) === false) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); } switch ($uploadedFile['error']) { case UPLOAD_ERR_OK: break; case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); break; case UPLOAD_ERR_PARTIAL: case UPLOAD_ERR_NO_FILE: $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); break; case UPLOAD_ERR_NO_TMP_DIR: $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UPLOADED_NO_TMP_DIR); break; case UPLOAD_ERR_CANT_WRITE: $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); break; case UPLOAD_ERR_EXTENSION: $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); break; } $sServerDir = $this->_currentFolder->getServerPath(); while (true) { $sFilePath = QFinder_Connector_Utils_FileSystem::combinePaths($sServerDir, $sFileName); if (file_exists($sFilePath)) { $sFileName = QFinder_Connector_Utils_FileSystem::autoRename($sServerDir, $sFileName); $oRegistry->set("FileUpload_fileName", $sFileName); $iErrorNumber = QFINDER_CONNECTOR_ERROR_UPLOADED_FILE_RENAMED; } else { if (false === move_uploaded_file($uploadedFile['tmp_name'], $sFilePath)) { $iErrorNumber = QFINDER_CONNECTOR_ERROR_ACCESS_DENIED; } else { if (isset($detectHtml) && $detectHtml === -1 && QFinder_Connector_Utils_FileSystem::detectHtml($sFilePath) === true) { @unlink($sFilePath); $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE); } else { if (isset($isImageValid) && $isImageValid === -1 && QFinder_Connector_Utils_FileSystem::isImageValid($sFilePath, $sExtension) === false) { @unlink($sFilePath); $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); } } } if (is_file($sFilePath) && ($perms = $_config->getChmodFiles())) { $oldumask = umask(0); chmod($sFilePath, $perms); umask($oldumask); } break; } } if (!$_config->checkSizeAfterScaling()) { $this->_errorHandler->throwError($iErrorNumber, true, false); } //resize image if required require_once QFINDER_CONNECTOR_LIB_DIR . "/CommandHandler/Thumbnail.php"; $_imagesConfig = $_config->getImagesConfig(); if ($_imagesConfig->getMaxWidth() > 0 && $_imagesConfig->getMaxHeight() > 0 && $_imagesConfig->getQuality() > 0) { QFinder_Connector_CommandHandler_Thumbnail::createThumb($sFilePath, $sFilePath, $_imagesConfig->getMaxWidth(), $_imagesConfig->getMaxHeight(), $_imagesConfig->getQuality(), true); } if ($_config->checkSizeAfterScaling()) { //check file size after scaling, attempt to delete if too big clearstatcache(); if ($maxSize && filesize($sFilePath) > $maxSize) { @unlink($sFilePath); $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); } else { $this->_errorHandler->throwError($iErrorNumber, true, false); } } QFinder_Connector_Core_Hooks::run('AfterFileUpload', array(&$this->_currentFolder, &$uploadedFile, &$sFilePath)); }
/** * Send files using X-Sendfile server module * * @param string $filePath */ public static function sendWithXSendfile($filePath) { if (stripos($_SERVER['SERVER_SOFTWARE'], 'nginx') !== FALSE) { $fallback = true; $config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); $XSendfileNginx = $config->getXSendfileNginx(); foreach ($XSendfileNginx as $location => $root) { if (false !== stripos($filePath, $root)) { $fallback = false; $filePath = str_ireplace($root, $location, $filePath); header("X-Accel-Redirect: " . $filePath); // Nginx break; } } // fallback to standar method if ($fallback) { QFinder_Connector_Utils_FileSystem::readfileChunked($filePath); } } elseif (stripos($_SERVER['SERVER_SOFTWARE'], 'lighttpd/1.4') !== FALSE) { header("X-LIGHTTPD-send-file: " . $filePath); // Lighttpd v1.4 } else { header("X-Sendfile: " . $filePath); // Apache, Lighttpd v1.5, Cherokee } }
/** * handle request and build XML * @access protected * */ protected function buildXml() { $_config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); // Create the "ConnectorInfo" node. $_oConnInfo = new Qfinder_Connector_Utils_XmlNode("ConnectorInfo"); $this->_connectorNode->addChild($_oConnInfo); $_oConnInfo->addAttribute("enabled", $_config->getIsEnabled() ? "true" : "false"); if (!$_config->getIsEnabled()) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_CONNECTOR_DISABLED); } $_ln = ''; $_lc = $_config->getLicenseKey() . ' '; $pos = strpos(QFINDER_CHARS, $_lc[0]) % 5; if ($pos == 1 || $pos == 4) { $_ln = $_config->getLicenseName(); } $_oConnInfo->addAttribute("s", $_ln); $_oConnInfo->addAttribute("c", trim($_lc[11] . $_lc[0] . $_lc[8] . $_lc[12] . $_lc[26] . $_lc[2] . $_lc[3] . $_lc[25] . $_lc[1])); $_thumbnailsConfig = $_config->getThumbnailsConfig(); $_thumbnailsEnabled = $_thumbnailsConfig->getIsEnabled(); $_oConnInfo->addAttribute("thumbsEnabled", $_thumbnailsEnabled ? "true" : "false"); if ($_thumbnailsEnabled) { $_oConnInfo->addAttribute("thumbsUrl", $_thumbnailsConfig->getUrl()); $_oConnInfo->addAttribute("thumbsDirectAccess", $_thumbnailsConfig->getDirectAccess() ? "true" : "false"); $_oConnInfo->addAttribute("thumbsWidth", $_thumbnailsConfig->getMaxWidth()); $_oConnInfo->addAttribute("thumbsHeight", $_thumbnailsConfig->getMaxHeight()); } $_imagesConfig = $_config->getImagesConfig(); $_oConnInfo->addAttribute("imgWidth", $_imagesConfig->getMaxWidth()); $_oConnInfo->addAttribute("imgHeight", $_imagesConfig->getMaxHeight()); // Create the "ResourceTypes" node. $_oResourceTypes = new Qfinder_Connector_Utils_XmlNode("ResourceTypes"); $this->_connectorNode->addChild($_oResourceTypes); // Create the "PluginsInfo" node. $_oPluginsInfo = new Qfinder_Connector_Utils_XmlNode("PluginsInfo"); $this->_connectorNode->addChild($_oPluginsInfo); // Load the resource types in an array. $_aTypes = $_config->getDefaultResourceTypes(); if (!sizeof($_aTypes)) { $_aTypes = $_config->getResourceTypeNames(); } $_aTypesSize = sizeof($_aTypes); if ($_aTypesSize) { $phpMaxSize = 0; $max_upload = QFinder_Connector_Utils_Misc::returnBytes(ini_get('upload_max_filesize')); if ($max_upload) { $phpMaxSize = $max_upload; } $max_post = QFinder_Connector_Utils_Misc::returnBytes(ini_get('post_max_size')); if ($max_post) { $phpMaxSize = $phpMaxSize ? min($phpMaxSize, $max_post) : $max_post; } //ini_get('memory_limit') only works if compiled with "--enable-memory-limit" $memory_limit = QFinder_Connector_Utils_Misc::returnBytes(@ini_get('memory_limit')); if ($memory_limit && $memory_limit != -1) { $phpMaxSize = $phpMaxSize ? min($phpMaxSize, $memory_limit) : $memory_limit; } $_oConnInfo->addAttribute("uploadMaxSize", $phpMaxSize); $_oConnInfo->addAttribute("uploadCheckImages", $_config->checkSizeAfterScaling() ? "false" : "true"); for ($i = 0; $i < $_aTypesSize; $i++) { $_resourceTypeName = $_aTypes[$i]; $_acl = $_config->getAccessControlConfig(); $_aclMask = $_acl->getComputedMask($_resourceTypeName, "/"); if (($_aclMask & QFINDER_CONNECTOR_ACL_FOLDER_VIEW) != QFINDER_CONNECTOR_ACL_FOLDER_VIEW) { continue; } if (!isset($_GET['type']) || $_GET['type'] === $_resourceTypeName) { //print $_resourceTypeName; $_oTypeInfo = $_config->getResourceTypeConfig($_resourceTypeName); //print_r($_oTypeInfo); $_oResourceType[$i] = new Qfinder_Connector_Utils_XmlNode("ResourceType"); $_oResourceTypes->addChild($_oResourceType[$i]); $_oResourceType[$i]->addAttribute("name", $_resourceTypeName); $_oResourceType[$i]->addAttribute("url", $_oTypeInfo->getUrl()); $_oResourceType[$i]->addAttribute("allowedExtensions", implode(",", $_oTypeInfo->getAllowedExtensions())); $_oResourceType[$i]->addAttribute("deniedExtensions", implode(",", $_oTypeInfo->getDeniedExtensions())); $_oResourceType[$i]->addAttribute("hash", $_oTypeInfo->getHash()); $_oResourceType[$i]->addAttribute("hasChildren", QFinder_Connector_Utils_FileSystem::hasChildren('/', $_oTypeInfo) ? "true" : "false"); $_oResourceType[$i]->addAttribute("acl", $_aclMask); $maxSize = $_oTypeInfo->getMaxSize(); if ($phpMaxSize) { $maxSize = $maxSize ? min($maxSize, $phpMaxSize) : $phpMaxSize; } $_oResourceType[$i]->addAttribute("maxSize", $maxSize); } } } $config = $GLOBALS['config']; if (!empty($config['Plugins']) && is_array($config['Plugins'])) { $_oConnInfo->addAttribute("plugins", implode(",", $config['Plugins'])); } QFinder_Connector_Core_Hooks::run('InitCommand', array(&$this->_connectorNode)); }
/** * Check given file name * Return true if file name matches hidden file names list * * @param string $fileName * @access public * @return boolean */ public function checkIsHiddenFile($fileName) { if (is_null($this->_config)) { $this->_config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); } $regex = $this->_config->getHideFilesRegex(); if ($regex) { return preg_match($regex, $fileName); } return false; }
/** * Get error handler * * @access public * @return QFinder_Connector_ErrorHandler_Base|QFinder_Connector_ErrorHandler_FileUpload|QFinder_Connector_ErrorHandler_Http */ public function &getErrorHandler() { $_errorHandler = $this->_registry->get("errorHandler"); $oErrorHandler =& QFinder_Connector_Core_Factory::getInstance($_errorHandler); return $oErrorHandler; }
/** * Create thumbnail * * @param string $sourceFile * @param string $targetFile * @param int $maxWidth * @param int $maxHeight * @param boolean $preserverAspectRatio * @param boolean $bmpSupported * @return boolean * @static * @access public */ public static function createThumb($sourceFile, $targetFile, $maxWidth, $maxHeight, $quality, $preserverAspectRatio, $bmpSupported = false) { $sourceImageAttr = @getimagesize($sourceFile); if ($sourceImageAttr === false) { return false; } $sourceImageWidth = isset($sourceImageAttr[0]) ? $sourceImageAttr[0] : 0; $sourceImageHeight = isset($sourceImageAttr[1]) ? $sourceImageAttr[1] : 0; $sourceImageMime = isset($sourceImageAttr["mime"]) ? $sourceImageAttr["mime"] : ""; $sourceImageBits = isset($sourceImageAttr["bits"]) ? $sourceImageAttr["bits"] : 8; $sourceImageChannels = isset($sourceImageAttr["channels"]) ? $sourceImageAttr["channels"] : 3; if (!$sourceImageWidth || !$sourceImageHeight || !$sourceImageMime) { return false; } $iFinalWidth = $maxWidth == 0 ? $sourceImageWidth : $maxWidth; $iFinalHeight = $maxHeight == 0 ? $sourceImageHeight : $maxHeight; if ($sourceImageWidth <= $iFinalWidth && $sourceImageHeight <= $iFinalHeight) { if ($sourceFile != $targetFile) { copy($sourceFile, $targetFile); } return true; } if ($preserverAspectRatio) { // Gets the best size for aspect ratio resampling $oSize = QFinder_Connector_CommandHandler_Thumbnail::GetAspectRatioSize($iFinalWidth, $iFinalHeight, $sourceImageWidth, $sourceImageHeight); } else { $oSize = array('Width' => $iFinalWidth, 'Height' => $iFinalHeight); } QFinder_Connector_Utils_Misc::setMemoryForImage($sourceImageWidth, $sourceImageHeight, $sourceImageBits, $sourceImageChannels); switch ($sourceImageAttr['mime']) { case 'image/gif': if (@imagetypes() & IMG_GIF) { $oImage = @imagecreatefromgif($sourceFile); } else { $ermsg = 'GIF images are not supported'; } break; case 'image/jpeg': if (@imagetypes() & IMG_JPG) { $oImage = @imagecreatefromjpeg($sourceFile); } else { $ermsg = 'JPEG images are not supported'; } break; case 'image/png': if (@imagetypes() & IMG_PNG) { $oImage = @imagecreatefrompng($sourceFile); } else { $ermsg = 'PNG images are not supported'; } break; case 'image/wbmp': if (@imagetypes() & IMG_WBMP) { $oImage = @imagecreatefromwbmp($sourceFile); } else { $ermsg = 'WBMP images are not supported'; } break; case 'image/bmp': /* * This is sad that PHP doesn't support bitmaps. * Anyway, we will use our custom function at least to display thumbnails. * We'll not resize images this way (if $sourceFile === $targetFile), * because user defined imagecreatefrombmp and imagecreatebmp are horribly slow */ if ($bmpSupported && @imagetypes() & IMG_JPG && $sourceFile != $targetFile) { $oImage = QFinder_Connector_Utils_Misc::imageCreateFromBmp($sourceFile); } else { $ermsg = 'BMP/JPG images are not supported'; } break; default: $ermsg = $sourceImageAttr['mime'] . ' images are not supported'; break; } if (isset($ermsg) || false === $oImage) { return false; } $oThumbImage = imagecreatetruecolor($oSize["Width"], $oSize["Height"]); if ($sourceImageAttr['mime'] == 'image/png') { $bg = imagecolorallocatealpha($oThumbImage, 255, 255, 255, 127); // (PHP 4 >= 4.3.2, PHP 5) imagefill($oThumbImage, 0, 0, $bg); imagealphablending($oThumbImage, false); imagesavealpha($oThumbImage, true); } //imagecopyresampled($oThumbImage, $oImage, 0, 0, 0, 0, $oSize["Width"], $oSize["Height"], $sourceImageWidth, $sourceImageHeight); QFinder_Connector_Utils_Misc::fastImageCopyResampled($oThumbImage, $oImage, 0, 0, 0, 0, $oSize["Width"], $oSize["Height"], $sourceImageWidth, $sourceImageHeight, (int) max(floor($quality / 20), 6)); switch ($sourceImageAttr['mime']) { case 'image/gif': imagegif($oThumbImage, $targetFile); break; case 'image/jpeg': case 'image/bmp': imagejpeg($oThumbImage, $targetFile, $quality); break; case 'image/png': imagepng($oThumbImage, $targetFile); break; case 'image/wbmp': imagewbmp($oThumbImage, $targetFile); break; } $_config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); if (file_exists($targetFile) && ($perms = $_config->getChmodFiles())) { $oldUmask = umask(0); chmod($targetFile, $perms); umask($oldUmask); } imageDestroy($oImage); imageDestroy($oThumbImage); return true; }
/** * handle request and build XML * @access protected * */ protected function buildXml() { if (empty($_POST['QFinderCommand']) || $_POST['QFinderCommand'] != 'true') { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $clientPath = $this->_currentFolder->getClientPath(); $sServerDir = $this->_currentFolder->getServerPath(); $currentResourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); $_config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); $_aclConfig = $_config->getAccessControlConfig(); $aclMasks = array(); $_resourceTypeConfig = array(); if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FILE_RENAME | QFINDER_CONNECTOR_ACL_FILE_UPLOAD | QFINDER_CONNECTOR_ACL_FILE_DELETE)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } // Create the "Errors" node. $oErrorsNode = new QFinder_Connector_Utils_XmlNode("Errors"); $errorCode = QFINDER_CONNECTOR_ERROR_NONE; $copied = 0; $copiedAll = 0; if (!empty($_POST['copied'])) { $copiedAll = intval($_POST['copied']); } $checkedPaths = array(); $oCopyFilesNode = new Qfinder_Connector_Utils_XmlNode("CopyFiles"); if (!empty($_POST['files']) && is_array($_POST['files'])) { foreach ($_POST['files'] as $index => $arr) { if (empty($arr['name'])) { continue; } if (!isset($arr['name'], $arr['type'], $arr['folder'])) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } // file name $name = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['name']); // resource type $type = $arr['type']; // client path $path = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['folder']); // options $options = !empty($arr['options']) ? $arr['options'] : ''; $destinationFilePath = $sServerDir . $name; // check #1 (path) if (!QFinder_Connector_Utils_FileSystem::checkFileName($name) || preg_match(QFINDER_REGEX_INVALID_PATH, $path)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } // get resource type config for current file if (!isset($_resourceTypeConfig[$type])) { $_resourceTypeConfig[$type] = $_config->getResourceTypeConfig($type); } // check #2 (resource type) if (is_null($_resourceTypeConfig[$type])) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } // check #3 (extension) if (!$_resourceTypeConfig[$type]->checkExtension($name, false)) { $errorCode = QFINDER_CONNECTOR_ERROR_INVALID_EXTENSION; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } // check #4 (extension) - when moving to another resource type, double check extension if ($currentResourceTypeConfig->getName() != $type) { if (!$currentResourceTypeConfig->checkExtension($name, false)) { $errorCode = QFINDER_CONNECTOR_ERROR_INVALID_EXTENSION; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } } // check #5 (hidden folders) // cache results if (empty($checkedPaths[$path])) { $checkedPaths[$path] = true; if ($_resourceTypeConfig[$type]->checkIsHiddenPath($path)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } } $sourceFilePath = $_resourceTypeConfig[$type]->getDirectory() . $path . $name; // check #6 (hidden file name) if ($currentResourceTypeConfig->checkIsHiddenFile($name)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } // check #7 (Access Control, need file view permission to source files) if (!isset($aclMasks[$type . "@" . $path])) { $aclMasks[$type . "@" . $path] = $_aclConfig->getComputedMask($type, $path); } $isAuthorized = ($aclMasks[$type . "@" . $path] & QFINDER_CONNECTOR_ACL_FILE_VIEW) == QFINDER_CONNECTOR_ACL_FILE_VIEW; if (!$isAuthorized) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } // check #8 (invalid file name) if (!file_exists($sourceFilePath) || !is_file($sourceFilePath)) { $errorCode = QFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } // check #9 (max size) if ($currentResourceTypeConfig->getName() != $type) { $maxSize = $currentResourceTypeConfig->getMaxSize(); $fileSize = filesize($sourceFilePath); if ($maxSize && $fileSize > $maxSize) { $errorCode = QFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } } //$overwrite // finally, no errors so far, we may attempt to copy a file // protection against copying files to itself if ($sourceFilePath == $destinationFilePath) { $errorCode = QFINDER_CONNECTOR_ERROR_SOURCE_AND_TARGET_PATH_EQUAL; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } else { if (file_exists($destinationFilePath) && strpos($options, "overwrite") === false) { if (strpos($options, "autorename") !== false) { $fileName = QFinder_Connector_Utils_FileSystem::autoRename($sServerDir, $name); $destinationFilePath = $sServerDir . $fileName; if (!@copy($sourceFilePath, $destinationFilePath)) { $errorCode = QFINDER_CONNECTOR_ERROR_ACCESS_DENIED; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } else { $copied++; } } else { $errorCode = QFINDER_CONNECTOR_ERROR_ALREADY_EXIST; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } } else { if (!@copy($sourceFilePath, $destinationFilePath)) { $errorCode = QFINDER_CONNECTOR_ERROR_ACCESS_DENIED; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } else { $copied++; } } } } } $this->_connectorNode->addChild($oCopyFilesNode); if ($errorCode != QFINDER_CONNECTOR_ERROR_NONE) { $this->_connectorNode->addChild($oErrorsNode); } $oCopyFilesNode->addAttribute("copied", $copied); $oCopyFilesNode->addAttribute("copiedTotal", $copiedAll + $copied); /** * Note: actually we could have more than one error. * This is just a flag for QFinder interface telling it to check all errors. */ if ($errorCode != QFINDER_CONNECTOR_ERROR_NONE) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_COPY_FAILED); } }
/** * Handle request and build XML */ public function buildXml() { if (!extension_loaded('zip')) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_COMMAND); } $this->checkConnector(); $this->checkRequest(); if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FILE_UPLOAD)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $this->_config =& QFinder_Connector_Core_Factory::getInstance("Core_Config"); $currentResourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); $_sServerDir = $this->_currentFolder->getServerPath(); $files = array(); $_zipFilesSize = 0; $config = $this->getConfig(); $zipMaxSize = $config['zipMaxSize']; if (!empty($zipMaxSize) && $zipMaxSize == 'default') { $zipMaxSize = $currentResourceTypeConfig->getMaxSize(); } $_isBasket = isset($_POST['basket']) && $_POST['basket'] == 'true' ? true : false; if (!empty($_POST['files'])) { $_aclConfig = $this->_config->getAccessControlConfig(); $aclMasks = array(); $_resourceTypeConfig = array(); foreach ($_POST['files'] as $arr) { if (empty($arr['name']) || empty($arr['type']) || empty($arr['folder'])) { continue; } // file name $name = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['name']); // resource type $type = $arr['type']; // client path $path = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['folder']); // check #1 (path) if (!QFinder_Connector_Utils_FileSystem::checkFileName($name) || preg_match(QFINDER_REGEX_INVALID_PATH, $path)) { continue; } // get resource type config for current file if (!isset($_resourceTypeConfig[$type])) { $_resourceTypeConfig[$type] = $this->_config->getResourceTypeConfig($type); } // check #2 (resource type) if (is_null($_resourceTypeConfig[$type])) { continue; } // check #3 (extension) if (!$_resourceTypeConfig[$type]->checkExtension($name, false)) { continue; } // check #4 (extension) - when moving to another resource type, double check extension if ($currentResourceTypeConfig->getName() != $type && !$currentResourceTypeConfig->checkExtension($name, false)) { continue; } // check #5 (hidden folders) // cache results if (empty($checkedPaths[$path])) { $checkedPaths[$path] = true; if ($_resourceTypeConfig[$type]->checkIsHiddenPath($path)) { continue; } } // check #6 (hidden file name) if ($currentResourceTypeConfig->checkIsHiddenFile($name)) { continue; } // check #7 (Access Control, need file view permission to source files) if (!isset($aclMasks[$type . "@" . $path])) { $aclMasks[$type . "@" . $path] = $_aclConfig->getComputedMask($type, $path); } $isAuthorized = ($aclMasks[$type . "@" . $path] & QFINDER_CONNECTOR_ACL_FILE_VIEW) == QFINDER_CONNECTOR_ACL_FILE_VIEW; if (!$isAuthorized) { continue; } $sourceFilePath = QFinder_Connector_Utils_FileSystem::combinePaths($_resourceTypeConfig[$type]->getDirectory() . $path, $name); // check #8 (invalid file name) if (!file_exists($sourceFilePath) || !is_file($sourceFilePath)) { continue; } // check #9 - max file size if (!empty($zipMaxSize)) { clearstatcache(); $_zipFilesSize += filesize($sourceFilePath); if ($_zipFilesSize > $zipMaxSize) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_CREATED_FILE_TOO_BIG); } } $zipPathPart = $_isBasket ? QFinder_Connector_Utils_FileSystem::combinePaths($type, $path) : ''; $files[$sourceFilePath] = $zipPathPart . pathinfo($sourceFilePath, PATHINFO_BASENAME); } } else { if (!is_dir($_sServerDir)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_FOLDER_NOT_FOUND); } $files = $this->getFilesRecursively($_sServerDir, $zipMaxSize); } if (sizeof($files) < 1) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); } // default destination dir - temp $dest_dir = QFinder_Connector_Utils_FileSystem::getTmpDir(); $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); // default file name - hash $zip_filename = substr(md5(serialize($files)), 0, 16) . $resourceTypeInfo->getHash() . '.zip'; // compress files - do not download them // change destination and name if (isset($_POST['download']) && $_POST['download'] == 'false') { $dest_dir = $_sServerDir; if (isset($_POST['zipName']) && !empty($_POST['zipName'])) { $zip_filename = QFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_POST['zipName']); if (!$resourceTypeInfo->checkExtension($zip_filename)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } } } if (!QFinder_Connector_Utils_FileSystem::checkFileName($zip_filename) || $resourceTypeInfo->checkIsHiddenFile($zip_filename)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_INVALID_NAME); } if ($this->_config->forceAscii()) { $zip_filename = QFinder_Connector_Utils_FileSystem::convertToAscii($zip_filename); } $zipFilePath = QFinder_Connector_Utils_FileSystem::combinePaths($dest_dir, $zip_filename); if (!is_writable(dirname($zipFilePath))) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } // usually we would need to create zip? $createZip = true; // only if file already exists and we want download it // do not create new one - because hash of previously created is the same - existing archive is ok if (file_exists($zipFilePath) && isset($_POST['download']) && $_POST['download'] == 'true') { $createZip = false; } else { if (file_exists($zipFilePath) && (!isset($_POST['fileExistsAction']) || !in_array($_POST['fileExistsAction'], array('autorename', 'overwrite')))) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ALREADY_EXIST); } if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FILE_UPLOAD)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } // check how to deal with existing file if (isset($_POST['fileExistsAction']) && $_POST['fileExistsAction'] == 'autorename') { if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FILE_UPLOAD | QFINDER_CONNECTOR_ACL_FILE_RENAME)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $zip_filename = QFinder_Connector_Utils_FileSystem::autoRename($dest_dir, $zip_filename); $zipFilePath = QFinder_Connector_Utils_FileSystem::combinePaths($dest_dir, $zip_filename); } elseif (isset($_POST['fileExistsAction']) && $_POST['fileExistsAction'] == 'overwrite') { if (!$this->_currentFolder->checkAcl(QFINDER_CONNECTOR_ACL_FILE_RENAME | QFINDER_CONNECTOR_ACL_FILE_DELETE)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } if (!QFinder_Connector_Utils_FileSystem::unlink($zipFilePath)) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } } } if ($createZip) { $zip = new ZipArchive(); $result = $zip->open($zipFilePath, ZIPARCHIVE::CREATE); if ($result !== TRUE) { $this->_errorHandler->throwError(QFINDER_CONNECTOR_ERROR_UNKNOWN); } foreach ($files as $pathname => $filename) { if (!empty($filename)) { if (file_exists($pathname) && is_readable($pathname)) { $zip->addFile($pathname, $filename); } } else { $zip->addEmptyDir($pathname); } } $zip->close(); } $file = new QFinder_Connector_Utils_XmlNode("ZipFile"); $file->addAttribute("name", $zip_filename); $this->_connectorNode->addChild($file); }