public function saveEdit($file, $name, $options = array(), $quality = 100) { // Check for request forgeries WFToken::checkToken() or die('Access to this resource is restricted'); // check for image editor access if ($this->checkAccess('image_editor', 1) === false) { JError::raiseError(403, 'Access to this resource is restricted'); } $browser = $this->getBrowser(); $filesystem = $browser->getFileSystem(); // check file self::validateImagePath($file); // clean temp $this->cleanEditorTmp($file, false); // check new name self::validateImagePath($name); $upload = JRequest::getVar('file', '', 'files', 'array'); // create a filesystem result object $result = new WFFileSystemResult(); if (isset($upload) && isset($upload['tmp_name']) && is_uploaded_file($upload['tmp_name'])) { $tmp = $upload['tmp_name']; self::validateImageFile($tmp); $exif = null; // get exif data from orignal file if (preg_match('#\\.jp(eg|g)$#i', basename($file)) && basename($file) == basename($name)) { // load exif classes require_once dirname(__FILE__) . '/pel/PelJpeg.php'; $src = WFUtility::makePath($filesystem->getBaseDir(), $file); $jpeg = new PelJpeg($src); $exif = $jpeg->getExif(); } $result = $filesystem->upload('multipart', trim($tmp), dirname($file), basename($name)); if ($result->state === true && $exif) { $pel = new PelDataWindow($result->path); if (PelJpeg::isValid($pel)) { $jpeg = new PelJpeg(); $jpeg->load($pel); $jpeg->setExif($exif); //$jpeg->saveFile($result->path); // write to file JFile::write($result->path, $jpeg->getBytes()); } } @unlink($tmp); } else { // set upload as false - JSON request $upload = false; $file = WFUtility::makePath($filesystem->getBaseDir(), $file); $dest = dirname($file) . '/' . basename($name); // get extension $ext = WFUtility::getExtension($dest); // load image class require_once dirname(__FILE__) . '/image/image.php'; // create image $image = new WFImage($file, $this->getParam('prefer_imagick', true)); foreach ($options as $filter) { if (isset($filter->task)) { $args = isset($filter->args) ? (array) $filter->args : array(); switch ($filter->task) { case 'resize': $w = $args[0]; $h = $args[1]; $image->resize($w, $h); break; case 'crop': $w = $args[0]; $h = $args[1]; $x = $args[2]; $y = $args[3]; $image->crop($w, $h, $x, $y); break; case 'rotate': $image->rotate(array_shift($args)); break; case 'flip': $image->flip(array_shift($args)); break; default: $image->filter($filter->task, $args); break; } } } // get image data $data = $image->toString($ext); // write to file if ($data) { $result->state = (bool) @JFile::write($dest, $data); } // set path $result->path = $dest; } if ($result->state === true) { // check if its a valid image if (@getimagesize($result->path) === false) { JFile::delete($result->path); throw new InvalidArgumentException('Invalid image file'); } else { $result->path = str_replace(WFUtility::cleanPath(JPATH_SITE), '', $result->path); $browser->setResult(WFUtility::cleanPath($result->path, '/'), 'files'); } } else { $browser->setResult($result->message || WFText::_('WF_IMGMANAGER_EXT_EDIT_SAVE_ERROR'), 'error'); } // set header and exit if ($upload) { header("Expires: Wed, 4 Apr 1984 13:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M_Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); die(json_encode($browser->getResult())); } // return to WFRequest return $browser->getResult(); }
/** * Upload a file. * @return array $error on failure or uploaded file name on success */ public function upload() { // Check for request forgeries WFToken::checkToken() or die; // check for feature access if (!$this->checkFeature('upload')) { JError::raiseError(403, 'Access to this resource is restricted'); } $filesystem = $this->getFileSystem(); jimport('joomla.filesystem.file'); header('Content-Type: text/json;charset=UTF-8'); header("Expires: Wed, 4 Apr 1984 13:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M_Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); // get uploaded file $file = JRequest::getVar('file', '', 'files', 'array'); // validate file data $this->validateUploadedFile($file); // get file name $name = JRequest::getVar('name', $file['name']); // decode name $name = rawurldecode($name); // check name if (WFUtility::validateFileName($name) === false) { throw new InvalidArgumentException('Upload Failed: The file name contains an invalid extension.'); } // check file name WFUtility::checkPath($name); // get extension from file name $ext = WFUtility::getExtension($file['name']); // trim extension $ext = trim($ext); // check extension exists if (empty($ext) || $ext === $file['name']) { throw new InvalidArgumentException('Upload Failed: The file name does not contain a valid extension.'); } // strip extension $name = WFUtility::stripExtension($name); // make file name 'web safe' $name = WFUtility::makeSafe($name, $this->get('websafe_mode', 'utf-8'), $this->get('websafe_spaces'), $this->get('websafe_textcase')); // check name if (WFUtility::validateFileName($name) === false) { throw new InvalidArgumentException('Upload Failed: The file name contains an invalid extension.'); } // target directory $dir = JRequest::getVar('upload-dir'); // deocode directory $dir = rawurldecode($dir); // check destination path WFUtility::checkPath($dir); $upload = $this->get('upload'); // Check file number limits if (!empty($upload['total_files'])) { if ($filesystem->countFiles($dir, true) > $upload['total_files']) { throw new InvalidArgumentException(WFText::_('WF_MANAGER_FILE_LIMIT_ERROR')); } } // Check total file size limit if (!empty($upload['total_size'])) { $size = $filesystem->getTotalSize($dir); if ($size / 1024 / 1024 > $upload['total_size']) { throw new InvalidArgumentException(WFText::_('WF_MANAGER_FILE_SIZE_LIMIT_ERROR')); } } // add random string if ($upload['add_random']) { $name = $name . '_' . substr(md5(uniqid(rand(), 1)), 0, 5); } // rebuild file name - name + extension $name = $name . '.' . $ext; // create a filesystem result object $result = new WFFileSystemResult(); $complete = false; $contentType = JRequest::getVar('CONTENT_TYPE', '', 'SERVER'); // relative path $relative = WFUtility::makePath($dir, $name); // Only multipart uploading is supported for now if ($contentType && strpos($contentType, "multipart") !== false) { $result = $filesystem->upload('multipart', trim($file['tmp_name']), $dir, $name); if (!$result->state) { if (empty($result->message)) { $result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR'); } $result->code = 103; } @unlink($file['tmp_name']); $complete = true; } else { $result->state = false; $result->code = 103; $result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR'); $complete = true; } // upload finished if ($complete) { if ($result instanceof WFFileSystemResult) { if ($result->state === true) { $this->setResult($this->fireEvent('onUpload', array($result->path, $relative))); $this->setResult(basename($result->path), 'files'); } else { $this->setResult($result->message, 'error'); } } die(json_encode($this->getResult())); } }
/** * Upload a file. * @return array $error on failure or uploaded file name on success */ public function upload() { // Check for request forgeries WFToken::checkToken() or die; //JError::setErrorHandling(E_ALL, 'callback', array('WFError', 'raiseError')); // check for feature access if (!$this->checkFeature('upload')) { JError::raiseError(403, 'Access to this resource is restricted'); } jimport('joomla.filesystem.file'); // get uploaded file $file = JRequest::getVar('file', '', 'files', 'array'); // validate file data $this->validateUploadedFile($file); $wf = WFEditor::getInstance(); // HTTP headers for no cache etc //header('Content-type: text/plain; charset=UTF-8'); header('Content-Type: text/json;charset=UTF-8'); header("Expires: Wed, 4 Apr 1984 13:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M_Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); // get file name $name = JRequest::getVar('name', $file['name']); // target directory $dir = JRequest::getVar('upload-dir'); // deocode directory $dir = rawurldecode($dir); // check destination path WFUtility::checkPath($dir); // decode name $name = rawurldecode($name); // check file name WFUtility::checkPath($name); // check for invalid extensions if (preg_match('#\\.(php|phtml|pl|py|jsp|asp|shtml|sh|cgi)$#i', $name)) { throw new InvalidArgumentException('INVALID FILE NAME'); } // get extension $ext = WFUtility::getExtension($name); // strip extension $name = WFUtility::stripExtension($name); // make file name 'web safe' $name = WFUtility::makeSafe($name, $this->get('websafe_mode', 'utf-8'), $this->get('websafe_spaces'), $this->get('websafe_textcase')); // empty name if ($name == '') { throw new InvalidArgumentException('INVALID FILE NAME'); } // check for extension in file name if (preg_match('#\\.(php|php(3|4|5)|phtml|pl|py|jsp|asp|htm|html|shtml|sh|cgi)\\b#i', $name)) { throw new InvalidArgumentException('INVALID FILE NAME'); } $upload = $this->get('upload'); // add random string if ($upload['add_random']) { $name = $name . '_' . substr(md5(uniqid(rand(), 1)), 0, 5); } // rebuild file name - name + extension $name = $name . '.' . $ext; // create a filesystem result object $result = new WFFileSystemResult(); $filesystem = $this->getFileSystem(); $complete = false; $contentType = JRequest::getVar('CONTENT_TYPE', '', 'SERVER'); // Only multipart uploading is supported for now if ($contentType && strpos($contentType, "multipart") !== false) { $result = $filesystem->upload('multipart', trim($file['tmp_name']), $dir, $name); if (!$result->state) { $result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR'); $result->code = 103; } @unlink($file['tmp_name']); $complete = true; } else { $result->state = false; $result->code = 103; $result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR'); $complete = true; } // upload finished if ($complete) { if ($result instanceof WFFileSystemResult) { if ($result->state === true) { $path = $result->path; // get root dir eg: JPATH_SITE $root = substr($filesystem->getBaseDir(), 0, -strlen($filesystem->getRootDir())); // get relative path $relative = substr($path, strlen($root)); // clean $relative = WFUtility::cleanPath($relative, '/'); $this->setResult($this->fireEvent('onUpload', array($result->path, $relative))); $this->setResult(basename($result->path), 'files'); } else { $this->setResult($result->message, 'error'); } } die(json_encode($this->getResult())); } }
/** * Upload a file. * @return array $error on failure or uploaded file name on success */ public function upload() { // Check for request forgeries WFToken::checkToken() or die; //JError::setErrorHandling(E_ALL, 'callback', array('WFError', 'raiseError')); // check for feature access if (!$this->checkFeature('upload')) { JError::raiseError(403, 'RESTRICTED ACCESS'); } $wf = WFEditor::getInstance(); jimport('joomla.filesystem.file'); // HTTP headers for no cache etc //header('Content-type: text/plain; charset=UTF-8'); header("Expires: Wed, 4 Apr 1984 13:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M_Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); // get uploaded file $file = JRequest::getVar('file', '', 'files', 'array'); // get file name $name = JRequest::getVar('name', $file['name']); // target directory $dir = JRequest::getVar('upload-dir'); // deocode directory $dir = rawurldecode($dir); // check destination path WFUtility::checkPath($dir); // decode name $name = rawurldecode($name); // get extension $ext = WFUtility::getExtension($name); // strip extension $name = WFUtility::stripExtension($name); // make file name 'web safe' $name = WFUtility::makeSafe($name, $this->get('websafe_mode', 'utf-8')); // empty name if ($name == '') { JError::raiseError(403, 'INVALID FILE NAME'); } // check for extension in file name or blank file name if (preg_match('#\\.(php|php(3|4|5)|phtml|pl|py|jsp|asp|htm|shtml|sh|cgi)#i', $name)) { JError::raiseError(403, 'INVALID FILE NAME'); } // create a filesystem result object $result = new WFFileSystemResult(); $filesystem = $this->getFileSystem(); $complete = false; $contentType = JRequest::getVar('CONTENT_TYPE', '', 'SERVER'); // rebuild file name - name + extension $name = $name . '.' . $ext; // Only multipart uploading is supported for now if ($contentType && strpos($contentType, "multipart") !== false) { if (isset($file['tmp_name']) && is_uploaded_file($file['tmp_name'])) { // check for valid extension if (in_array(strtolower($ext), $this->getFileTypes('array')) === false) { $result->state = false; $result->message = WFText::_('WF_MANAGER_UPLOAD_INVALID_EXT_ERROR'); $complete = true; @unlink($file['tmp_name']); } else { if ($this->validateUploadedFile($file, $result) === false) { $complete = true; @unlink($file['tmp_name']); } else { $result = $filesystem->upload('multipart', trim($file['tmp_name']), $dir, $name); if (!$result->state) { $result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR'); $result->code = 103; } @unlink($file['tmp_name']); $complete = true; } } } } else { $result->state = false; $result->code = 103; $result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR'); $complete = true; } // upload finished if ($complete) { if ($result instanceof WFFileSystemResult) { if ($result->state === true) { $path = $result->path; $this->setResult($this->fireEvent('onUpload', array($result->path))); $this->setResult(basename($result->path), 'files'); } else { $this->setResult($result->message, 'error'); } } die(json_encode($this->getResult())); } }
/** * Upload a file. * @return array $error on failure or uploaded file name on success */ function upload() { // Check for request forgeries WFToken::checkToken() or die; // check for feature access if (!$this->checkFeature('upload')) { JError::raiseError(403, 'RESTRICTED ACCESS'); } $wf = WFEditor::getInstance(); jimport('joomla.filesystem.file'); // HTTP headers for no cache etc //header('Content-type: text/plain; charset=UTF-8'); header("Expires: Wed, 4 Apr 1984 13:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M_Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); // get uploaded file $file = JRequest::getVar('file', '', 'files', 'array'); // get file name $name = JRequest::getVar('name', $file['name']); $ext = WFUtility::getExtension($name); // check for extension in file name if (preg_match('#\\.(php|php(3|4|5)|phtml|pl|py|jsp|asp|htm|shtml|sh|cgi)#i', basename($name, '.' . $ext))) { JError::raiseError(403, 'INVALID FILE NAME'); } // get chunks $chunk = JRequest::getInt('chunk', 0); $chunks = JRequest::getInt('chunks', 1); // create a filesystem result object $result = new WFFileSystemResult(); $filesystem = $this->getFileSystem(); $complete = false; $contentType = JRequest::getVar('CONTENT_TYPE', '', 'SERVER'); // Only multipart uploading is supported for now if ($contentType && strpos($contentType, "multipart") !== false) { if (isset($file['tmp_name']) && is_uploaded_file($file['tmp_name'])) { // validate file before continuing (first chunk only) if ($chunk == 0 && $wf->getParam('validate_mimetype', 0) && !preg_match('#(htm|html|txt)#', $ext)) { $this->validateUploadedFile($file); } // make file name 'web safe' $name = WFUtility::makeSafe($name); // get current dir $dir = JRequest::getVar('upload-dir', ''); // check destination path WFUtility::checkPath($dir); // Normal upload if ($chunks == 1) { $result = $filesystem->upload('multipart', trim($file['tmp_name']), $dir, $name); if (!$result->state) { $result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR'); $result->code = 103; } $complete = true; // Chunk uploading } else { $result = $filesystem->upload('multipart-chunking', trim($file['tmp_name']), $dir, $name, $chunks, $chunk); if (!$result->state) { $result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR'); $result->code = 103; } $complete = $chunk == $chunks - 1; } } } else { $result->state = false; $result->code = 103; $result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR'); $complete = true; } // upload finished if ($complete) { if (is_a($result, 'WFFileSystemResult')) { if ($result->state === true) { $this->setResult($this->fireEvent('onUpload', array($result->path))); $this->setResult(basename($result->path), 'files'); } } die(json_encode($this->getResult())); } }