static function check_uploaded_file($files, $unused = null, $field = array()) { $files = explode("|", $files); $size = 0; if (!empty($field["SIMPLE_FILE_SIZE"])) { $size = str_replace(array("M", "K"), array("000000", "000"), $field["SIMPLE_FILE_SIZE"]); } $exts = explode(",", INVALID_EXTENSIONS); foreach ($files as $file) { if ($file == "") { continue; } if (!file_exists($file)) { return "{t}Error{/t}: {t}file not found.{/t}"; } if ($size != 0 and filesize($file) > $size) { return "{t}Error{/t}: {t}file is too big. Please upload a smaller one.{/t} (" . modify::basename($file) . " > " . $field["SIMPLE_FILE_SIZE"] . ")"; } $ext = modify::getfileext($file); if (in_array($ext, $exts)) { return sprintf("{t}this file extension is not allowed{/t} (%s)", $ext); } } return ""; }
static function build_history($type, $value, $data_old) { if ($value == "0" and in_array($type, array("folder", "date", "datetime", "time"))) { return ""; } switch ($type) { case "folder": $value = modify::getpathfull($value, false, "/") . " ([/" . $value . "])"; break; case "password": $value = ""; break; case "date": $value = sys_date("{t}m/d/Y{/t}", $value); break; case "datetime": $value = sys_date("{t}m/d/Y g:i a{/t}", $value); break; case "time": $value = sys_date("{t}g:i a{/t}", $value); break; case "dateselect": $data = array(); foreach (explode("|", trim($value, "|")) as $date) { $data[] = sys_date("{t}m/d/Y{/t}", $date); } $value = implode(", ", $data); break; case "files": $new = explode("|", trim($value, "|")); $old = explode("|", trim($data_old, "|")); $value = array(""); foreach ($new as $file) { if ($file != "" and !in_array($file, $old)) { $value[] = "+ " . modify::basename($file); } } foreach ($old as $file) { if ($file != "" and !in_array($file, $new)) { $value[] = "- " . modify::basename($file); } } $value = rtrim(implode("\n ", $value)); break; case "select": $value = str_replace("|", ", ", trim($value, "|")); break; case "checkbox": $value = $value ? "{t}yes{/t}" : "{t}no{/t}"; break; case "textarea": $value = self::build_diff($data_old, $value); break; default: if (is_call_type($type)) { $value = call_type($type, "build_history", $data_old, $value); } break; } return $value; }
private static function _restore($filename) { ob_end_flush(); $filename = str_replace(" ", "+", $filename); $filename = SIMPLE_STORE . "/backup/" . basename($filename); if (!file_exists($filename)) { return "{t}file not found.{/t} (" . $filename . ")"; } if (filesize($filename) == 0) { return "{t}No entries found.{/t} (" . $filename . ")"; } self::_out("{t}Extracting files{/t}: " . $filename); self::_out(""); if (self::$_restore_here) { $ftitle = str_replace(array("__", "---", "--"), array("/", " ", " "), substr(modify::basename($filename), 0, -4)); $ftitle = substr($ftitle, strrpos($ftitle, "/") + 1); $id = folders::create(substr($ftitle, 0, 40), "blank", "", $_SESSION["folder"], false); self::$_restore_folder = $id; self::_out("{t}Insert{/t}: simple_sys_tree: " . $ftitle . " [" . $id . "]"); } $result = sys_exec(sys_find_bin("tar") . " -tf " . modify::realfilename($filename)); $file_list = explode("\n", $result); if (count($file_list) == 0) { return ""; } $base_dir = SIMPLE_STORE . "/restore_" . NOW . "/"; sys_mkdir($base_dir); $cmd = "cd " . modify::realfilename($base_dir) . " && " . sys_find_bin("tar") . " -xf " . modify::realfilename($filename); if (DEBUG) { self::_out("TAR: " . $cmd . "\n\n"); } echo sys_exec($cmd); $update_ids = array(); $update_folders = array(); $restore_maps = array(); $xml_file = array_shift($file_list); self::_out("{t}Parsing{/t}: " . $xml_file); $xml = simplexml_load_file($base_dir . $xml_file); foreach ($xml->table as $data) { $data = get_object_vars($data->assetfolder); unset($data["@attributes"]); $id = $data["id"]; if (!empty($data["anchor"])) { $existing = db_select_first("simple_sys_tree", array("id", "'' as lastmodified"), "anchor=@anchor@", "", array("anchor" => $data["anchor"])); if (!empty($existing["id"])) { unset($data["anchor"]); } } else { $existing = db_select_first("simple_sys_tree", array("id", "lastmodified"), "id=@id@", "", array("id" => $id)); } if (!isset($data["fdescription"])) { $data["fdescription"] = ""; } $ftype = $data["ftype"]; $keys = array("fsizecount", "fchsizecount", "fcount", "fchcount", "ffcount", "lft", "rgt", "flevel", "folder", "id", "ftype"); foreach ($keys as $key) { unset($data[$key]); } if (isset($restore_maps[$data["parent"]])) { $data["parent"] = $restore_maps[$data["parent"]]; } if (empty($existing["id"]) or self::$_restore_here) { $parent = db_select_value("simple_sys_tree", "id", "id=@id@", array("id" => $data["parent"])); if (empty($parent) or count($restore_maps) == 0 and self::$_restore_here) { $data["parent"] = self::$_restore_folder; } $id2 = folders::create($data["ftitle"], $ftype, $data["fdescription"], $data["parent"], false); self::_out("{t}Insert{/t}: simple_sys_tree: " . $data["ftitle"] . " [ID " . $id . " -> parent/id: " . $data["parent"] . "/" . $id2 . "]"); $restore_maps[$id] = $id2; $id = $id2; } else { $restore_maps[$id] = $existing["id"]; } if (!self::$_restore_missing and (!self::$_restore_onlynewer or $data["lastmodified"] > $existing["lastmodified"])) { self::_out("{t}Update{/t}: simple_sys_tree " . $id); $error = db_update("simple_sys_tree", $data, array("id=@id@"), array("id" => $id)); if ($error) { self::_out($error); } } } foreach ($xml->table as $table_item) { if (!isset($table_item->asset) or count($table_item->asset) == 0) { continue; } foreach ($table_item->asset as $asset) { $table = $table_item["name"]; if ($table == "simple_sys_tree") { continue; } $data = get_object_vars($asset); unset($data["@attributes"]); foreach ($data as $dkey => $val) { $obj = $asset->{$dkey}; if (!isset($obj["is_file"]) or $val == "") { continue; } $file_arr[$key] = ""; $file_arr = explode("|", trim($val, "|")); foreach ($file_arr as $key => $value) { foreach ($file_list as $file) { if (basename($file) != basename($value)) { continue; } $value = $base_dir . $file; break; } $file_arr[$key] = $value; } $data[$dkey] = "|" . implode("|", $file_arr) . "|"; } $id = $data["id"]; $existing = db_select_first($table, array("id", "lastmodified"), "id=@id@", "", array("id" => $id)); $folder = $data["folder"]; if (isset($restore_maps[$folder])) { $data["folder"] = $restore_maps[$folder]; } if (empty($existing["id"]) or self::$_restore_here) { if (self::$_restore_missing) { $data["id"] = $id; } else { $data["id"] = sql_genID($table) * 100; } self::_out("{t}Insert{/t}: " . $table . ": " . $data["id"]); $error = db_insert($table, $data); if ($error) { self::_out($error); } $update_folders[$data["folder"]] = $table; $update_ids[$data["folder"]][] = $data["id"]; } else { if (!self::$_restore_missing) { if (!self::$_restore_onlynewer or $data["lastmodified"] > $existing["lastmodified"]) { self::_out("{t}Update{/t}: " . $table . " " . $id); $error = db_update($table, $data, array("id=@id@"), array("id" => $id)); if ($error) { self::_out($error); } $update_folders[$data["folder"]] = $table; $update_ids[$data["folder"]][] = $id; } } } } } if (count($update_folders) > 0) { foreach ($update_folders as $folder => $table) { if (strpos($table, "nodb_")) { continue; } db_update_treesize($table, $folder); $ftype = str_replace("simple_", "", $table); $schema = db_get_schema(sys_find_module($ftype)); if (empty($schema["views"]["display"])) { continue; } if (!empty($schema["att"]["SQL_HANDLER"]) or !empty($schema["att"]["NO_SEARCH_INDEX"])) { continue; } self::_out("... "); $fields = $schema["fields"]; if (folder_in_trash($folder)) { continue; } foreach ($update_ids[$folder] as $id) { self::_out("{t}Rebuild search index{/t}: " . $table . " [" . $id . "]"); db_search_update($table, $id, $fields); } } } self::_out(""); $message = "{t}Restore complete{/t}: " . str_replace(array("__", "---", "--"), array("/", "] [", " ["), substr(modify::basename($filename), 0, -4)) . "]"; sys_log_message_log("info", $message); self::_out($message); return ""; }
function output() { if ($this->pagename == "rss") { $this->_output_rss(); } if ($this->pagename == "sitemap") { $this->_output_sitemap(); } $this->template->cms = $this; $this->template->page = $this->page; $template = sys_custom("templates/cms/" . basename($this->page["template"])); if (!file_exists($template)) { $template = sys_custom("templates/cms/pmwiki.php"); } $output = $this->template->render($template); echo $output; if (self::$cache_file != "" and $output != "" and $this->page["staticcache"] == "1" and sys_is_guest($_SESSION["username"]) and strpos($this->page["rread_users"], "|anonymous|") !== false) { sys_mkdir(dirname(self::$cache_file)); file_put_contents(self::$cache_file, $output, LOCK_EX); if ($this->page["attachment"] == "") { return; } $files = explode("|", trim($this->page["attachment"], "|")); foreach ($files as $file) { copy($file, dirname(self::$cache_file) . "/" . modify::basename($file)); } } }
static function update($path, $data, $where, $vars, $mfolder) { if (empty($vars["id"])) { return ""; } if (!empty($data["filedata"])) { $source = $data["filedata"]; } else { $source = $vars["id"]; } if (!empty($vars["folder_source"])) { return self::_move_file($vars["id"], $vars["folder_source"], $path, $mfolder); } $drop = array("filedata", "folder", "lastmodified", "handler", "mfolder", "dsize"); $meta = sys_build_meta_str($data, array_diff(array_keys($data), $drop)); $content = "<?xml version='1.0' encoding='UTF-8'?>" . "<entry xmlns='http://www.w3.org/2005/Atom' xmlns:docs='http://schemas.google.com/docs/2007'>" . "<category scheme='http://schemas.google.com/g/2005#kind' term='http://schemas.google.com/docs/2007#document'/>" . "<title>" . q(modify::basename($source)) . "</title>" . "<docs:description>" . q($meta) . "</docs:description></entry>"; if (file_exists($source) and sys_strbegins($source, SIMPLE_CACHE . "/upload/")) { $url = "https://docs.google.com/feeds/upload/create-session/default/private/full/" . $vars["id"] . "?convert=false"; $header = "X-Upload-Content-Type: application/octet-stream\r\n"; $context = self::_get_context_action($mfolder, "PUT", $content, $header); $http_response_header = array(); $response = file_get_contents($url, false, $context); preg_match("/Location: (.+)/m", implode("\n", $http_response_header), $match); if (!strpos($http_response_header[0], "200") or empty($match[1])) { return "{t}Error{/t} [update] " . implode("\n", $http_response_header) . "\n" . $response; } $header = "PUT " . $match[1] . " HTTP/1.0\r\n"; $header .= "Host: docs.google.com\r\n"; $header .= "Content-Length: " . filesize($source) . "\r\n\r\n"; $errorNumber = 0; $errorString = ""; $fp = fsockopen("ssl://docs.google.com", "443", $errorNumber, $errorString, 5); $fin = fopen($source, "rb"); if (is_resource($fp) and is_resource($fin)) { fwrite($fp, $header); while (!feof($fin)) { fwrite($fp, fread($fin, 8192)); } $resp = ""; while (!feof($fp)) { $resp .= fread($fp, 8192); } fclose($fp); fclose($fin); if (!sys_strbegins($resp, "HTTP/1.0 200")) { return "{t}Error{/t} [update2] " . $resp; } } else { return "{t}Error{/t} [update3] " . $errorString . " " . $errorNumber; } } else { $url = "https://docs.google.com/feeds/default/private/full/" . $vars["id"] . "?convert=false"; $context = self::_get_context_action($mfolder, "PUT", $content); $http_response_header = array(); $response = file_get_contents($url, false, $context); if (!strpos($http_response_header[0], "200")) { return "{t}Error{/t} [update4] " . $http_response_header . "\n" . $response; } } sys_cache_remove("gdocs_xml_" . md5(serialize(sys_credentials($mfolder)) . $path)); return ""; }
/** * Upload a file to the temp directory (data comes from php://input) * * @param string $filename Filename * @return array Array( tmp_path=>Path of the file, basename=>filename, filesize=>filesize) */ static function upload_file($filename) { if (empty($filename) or empty($_SESSION["username"])) { exit("{t}Upload failed{/t}"); } if (strpos($filename, "://")) { $target = sgsml::getfile_url($filename); } else { $target = sgsml::getfile_upload($filename); } if ($target == "" or !file_exists($target)) { exit("{t}Upload failed{/t}: {t}Failed to write file to disk.{/t}"); } return array("tmp_path" => $target, "basename" => modify::basename($target), "filesize" => modify::filesize($target)); }
function db_search_update($table, $id, $fields, $field_arr = array()) { if (strpos($table, "_nodb_")) { return; } $row = db_select_first($table, "*", "id=@id@", "", array("id" => $id)); if (empty($row["id"])) { return; } if ($table == "simple_sys_tree") { $id = 0; } else { $id = $row["id"]; } if ($table == "simple_sys_events") { $folder = db_select_value("simple_sys_tree", "id", "ftype=@ftype@", array("ftype" => "sys_events")); if (empty($folder)) { return; } } else { $folder = $row["folder"]; } $rread_users = "|anonymous|"; $rread_groups = ""; $searchindex = ""; $searchindex_snd = ""; $searchcontent = ""; foreach ($row as $data_key => $data) { if ($data_key == "rread_users") { $rread_users = $data; } if ($data_key == "rread_groups") { $rread_groups = $data; } if (count($field_arr) > 0 and isset($field_arr[$data_key])) { $fields[$data_key] = array("SIMPLE_TYPE" => $field_arr[$data_key]); } if (isset($fields[$data_key]) and $data != "" and (!is_numeric($data) or $data != 0) and $data != "null") { $field = $fields[$data_key]; if (isset($field["NOTINALL"]) or isset($field["NO_SEARCH_INDEX"])) { continue; } $data = trim($data, "|"); $data2 = $data; switch ($field["SIMPLE_TYPE"]) { case "pid": case "password": $data = ""; $data2 = ""; break; case "folder": case "id": $data2 = ""; break; case "checkbox": if ($data) { $data = $data_key; } else { $data = ""; } $data2 = $data; break; case "time": $data = sys_date("{t}g:i a{/t}", $data); $data2 = $data; break; case "date": $data = sys_date("{t}m/d/Y{/t}", $data); $data2 = $data; break; case "dateselect": $data2 = ""; foreach (explode("|", $data) as $date) { $data2 .= " " . sys_date("{t}m/d/Y g:i a{/t}", $date); } $data = $data2; break; case "datetime": $data = sys_date("{t}m/d/Y g:i a{/t}", $data); $data2 = $data; break; case "files": $data2 = ""; foreach (explode("|", $data) as $file) { $text = modify::displayfile($table, $file, true); $data2 .= " " . strip_tags($text) . " " . modify::basename($file); } $data = $data2; break; case "select": $data = str_replace("|", " ", $data); $data2 = $data; break; case "multitext": $data = str_replace(",", " ", $data); $data2 = $data; break; } if ($data != "") { $searchindex .= " " . preg_replace("/[ ]+/i", " ", modify::searchindex(trim($data))); } if ($data2 != "") { $searchcontent .= " " . trim(preg_replace("/[ ]+/i", " ", $data2)); } } } $searchcontent = trim($searchcontent); $searchindex = trim($searchindex); if (strlen($searchindex) > INDEX_LIMIT) { $pos = strpos($searchindex, " ", INDEX_LIMIT); if ($pos > 0) { $searchindex = substr($searchindex, 0, $pos); } } $search_arr = array_unique(explode(" ", $searchindex)); foreach ($search_arr as $key => $value) { $val = soundex($value); if ($val != "0000") { $search_arr[$key] = $val; } else { unset($search_arr[$key]); } } $searchindex_snd = implode(" ", $search_arr); if (strlen($searchindex_snd) > 8192) { $pos = strpos($searchindex_snd, " ", 8192); if ($pos > 0) { $searchindex_snd = substr($searchindex_snd, 0, $pos); } } $data = array("sindex" => $searchindex, "sindex_snd" => $searchindex_snd, "searchcontent" => $searchcontent, "lastmodifiedby" => !empty($row["lastmodifiedby"]) ? $row["lastmodifiedby"] : "anonymous", "lastmodified" => !empty($row["lastmodified"]) ? $row["lastmodified"] : 0, "rread_users" => $rread_users, "rread_groups" => $rread_groups); $count = db_count("simple_sys_search", array("id=@id@", "folder=@folder@"), array("id" => $id, "folder" => $folder)); if ($count > 0) { db_update("simple_sys_search", $data, array("id=@id@", "folder=@folder@"), array("id" => $id, "folder" => $folder)); } else { $data = array_merge($data, array("id" => $id, "folder" => $folder, "history" => "")); db_insert("simple_sys_search", $data); } }
} else { $field = ltrim($_REQUEST["field"], "_"); } if (empty($_REQUEST["folder"]) and !empty($_REQUEST["folder2"])) { $_REQUEST["folder"] = $_REQUEST["folder2"]; } if (empty($_REQUEST["view"]) and !empty($_REQUEST["view2"])) { $_REQUEST["view"] = $_REQUEST["view2"]; } if (empty($_REQUEST["folder"])) { header("Content-Length: 0"); exit; } $folder = folder_from_path($_REQUEST["folder"]); $row_filename = ajax::file_download($folder, @$_REQUEST["view"], @$_REQUEST["item"], $field, @$_REQUEST["subitem"], false); $filename = modify::basename($row_filename); $ext = substr(modify::getfileext($filename), 0, 3); if (in_array($ext, $bad_extensions)) { sys_error(trans("{t}Access to this file has been denied.{/t} ({t}this file extension is not allowed{/t})"), "403 Forbidden"); } if ($dispo == "inline" and !in_array($ext, $inline_extensions)) { $dispo = "attachment"; } $modified = filemtime($row_filename); $etag = '"' . md5($row_filename . $modified) . '"'; header("Last-Modified: " . gmdate("D, d M Y H:i:s", $modified) . " GMT"); header("ETag: {$etag}"); if (!empty($_SERVER["HTTP_IF_NONE_MATCH"]) and $etag == stripslashes($_SERVER["HTTP_IF_NONE_MATCH"]) and !DEBUG) { header("HTTP/1.0 304 Not Modified"); exit; }
static function insert($path, $data, $mfolder) { if (sys_allowedpath($path) != "" or !is_dir($path)) { return ""; } $sources = explode("|", trim($data["filedata"], "|")); foreach ($sources as $source) { $target = $path . modify::basename($source); if (is_dir($source) or !file_exists($source)) { continue; } if (file_exists($target)) { return "{t}Access denied.{/t}"; } if ($source != $target and !rename($source, $target)) { return "{t}Access denied.{/t}"; } self::_set_meta($data, $target); } return ""; }
sys_error("Missing parameters.", "403 Forbidden"); } $folder = $_REQUEST["folder"]; sys_check_auth(); import::header(); if (isset($_FILES["file"]) and is_array($_FILES["file"])) { $files = import::process_files(); if (!empty($files)) { if (!sys_validate_token()) { sys_die(t("{t}Invalid security token{/t}")); } $folder = folder_from_path($folder); $validate_only = isset($_REQUEST["validate_only"]); foreach ($files as $file) { $message = $validate_only ? t("{t}Validating %s ...{/t}") : t("{t}Processing %s ...{/t}"); setup::out(sprintf("<b>" . $message . "</b>", q(modify::basename($file)))); ajax::file_import($folder, $file, array("setup", "out"), $validate_only); setup::out("<hr>"); } } } $sgsml = new sgsml($folder, "new"); $view = $sgsml->view; $required_fields = array(); foreach ($sgsml->current_fields as $name => $field) { if (empty($field["REQUIRED"])) { continue; } $required_fields[$name] = !empty($field["DISPLAYNAME"]) ? $field["DISPLAYNAME"] : $name; } import::form($folder, $required_fields);
private static function _paste_item_copyfile($file, $id, $tname) { list($target, $filename) = sys_build_filename(modify::basename($file), $tname); dirs_checkdir($target); $target .= sys_get_pathnum($id) . "/"; dirs_checkdir($target); $target .= $id . $filename; copy($file, $target); return $target; }
private function _save(array &$data, $id = -1) { $insert = ($id > 0 or !is_numeric($id)) ? false : true; if (count($data) == 0) { return array(); } if (!empty($this->att["DEFAULT_SQL"]) and $this->att["DEFAULT_SQL"] == "no_select") { return self::_error("{t}Module{/t}", "{t}Access denied.{/t}"); } if (!empty($data["folder"])) { // check permissions if (!db_get_right($data["folder"], "write", $this->view)) { return self::_error("{t}Folder{/t}", "{t}Access denied.{/t}", "folder"); } $this->folder = $data["folder"]; } else { $data["folder"] = $this->folder; } // fill data array list($rdata, $data_row, $error) = $this->_complete_data($data, $id); if ($error) { return $error; } // validate if ($result = $this->_validate($rdata, $id)) { return $result; } if ($insert) { $id = sql_genID($this->tname) * 100; $sql_data = array("id" => $id, "dsize" => 0, "history" => sprintf("{t}Item created by %s at %s{/t}\n", $_SESSION["username"], sys_date("{t}m/d/y g:i:s a{/t}"))); } else { $sql_data = array("dsize" => 0, "history" => sprintf("{t}Item edited (%s) by %s at %s{/t}\n", "@fields@", $_SESSION["username"], sys_date("{t}m/d/y g:i:s a{/t}"))); } // count sizes, move files to store, delete old files foreach ($this->current_fields as $field_name => $field) { if ($field["SIMPLE_TYPE"] == "id") { continue; } if ($field["SIMPLE_TYPE"] == "files" and !empty($rdata[$field_name])) { foreach ($rdata[$field_name] as $val) { if (file_exists($val)) { $sql_data["dsize"] += filesize($val); } } // TODO 2 store handler? if (!empty($data_row[$field_name])) { $data_old = explode("|", trim($data_row[$field_name], "|")); foreach ($data_old as $filekey => $file) { if (in_array($file, $rdata[$field_name])) { continue; } if (ARCHIVE_DELETED_FILES and file_exists($file)) { $i = 1; $m = ""; $trash_name = SIMPLE_STORE . "/trash/" . $this->folder . "_" . $id . "_"; $trash_file = modify::basename($file); while (file_exists($trash_name . $m . $trash_file)) { $m = $i++ . "_"; } rename($file, $trash_name . $m . $trash_file); touch($trash_name . $m . $trash_file); } else { @unlink($file); } } } foreach ($rdata[$field_name] as $filekey => $file) { if ($file == "") { unset($rdata[$field_name][$filekey]); $data[$field_name] = implode("|", $rdata[$field_name]); continue; } if (file_exists(SIMPLE_CACHE . "/upload/" . basename($file))) { $filebase = modify::basename(basename($file)); list($target, $filename) = sys_build_filename($filebase, $this->tname); dirs_checkdir($target); $target .= sys_get_pathnum($id) . "/"; dirs_checkdir($target); $target .= md5($id) . $filename; rename(SIMPLE_CACHE . "/upload/" . basename($file), $target); $rdata[$field_name][$filekey] = $target; $data[$field_name] = implode("|", $rdata[$field_name]); } } $basenames = array(); foreach (array_reverse($rdata[$field_name]) as $filekey => $file) { $basename = modify::basename($file); if (isset($basenames[$basename])) { $old_filekey = $basenames[$basename]; $basename = preg_replace("|_rev\\d+|", "", $basename); $base = $basename; $i = 1; while (isset($basenames[$basename])) { if ($pos = strrpos($base, ".")) { $basename = substr($base, 0, $pos) . "_rev" . $i++ . substr($base, $pos); } else { $basename = $base . "_rev" . $i++; } } $target = str_replace(modify::basename($file), $basename, $file); if (rename($file, $target)) { // swap $rdata[$field_name][$filekey] = $rdata[$field_name][$old_filekey]; $rdata[$field_name][$old_filekey] = $target; $data[$field_name] = implode("|", $rdata[$field_name]); } } $basenames[$basename] = $filekey; } } if (!empty($field["STORE"]) and is_array($field["STORE"])) { foreach ($field["STORE"] as $store) { list($class, $function, $params) = sys_find_callback("modify", $store["FUNCTION"]); $rdata[$field_name] = call_user_func(array($class, $function), $rdata[$field_name], $rdata, $params); } } if (!isset($sql_data[$field_name]) and !is_null($rdata[$field_name])) { $sql_data[$field_name] = $rdata[$field_name]; } } // transform foreach ($sql_data as $key => $value) { $sql_data[$key] = self::scalarize($value, $this->fields[$key]); } // reduce to new values $sys_fields = array("history" => "", "dsize" => "", "seen" => ""); foreach ($sql_data as $data_key => $data_value) { if (isset($sys_fields[$data_key])) { continue; } $addfield = true; $field = $this->fields[$data_key]; if (!isset($this->current_fields[$data_key])) { $addfield = false; } if (isset($field["NOTINALL"])) { $addfield = false; } if (isset($field["NOTIN"]) and in_array($this->view, $field["NOTIN"])) { $addfield = false; } if (isset($field["READONLYIN"]) and (in_array($this->view, $field["READONLYIN"]) or in_array("all", $field["READONLYIN"]))) { $addfield = false; } if (isset($field["ONLYIN"])) { if (in_array($this->view, $field["ONLYIN"])) { $addfield = true; } else { $addfield = false; } } if (!$addfield) { unset($sql_data[$data_key]); } } // build history $sql_data = $this->build_history($sql_data, $data_row); if (!array_diff(array_keys($sql_data), array("history", "seen"))) { $sql_data = array(); } // save in db if ($insert) { $error_sql = db_insert($this->tname, $sql_data, array("handler" => $this->handler)); if ($error_sql != "") { return self::_error("{t}SQL failed.{/t}", $error_sql); } if ($this->notification) { sys_notification("{t}Item successfully created.{/t} (" . $id . ")"); } } else { if (count($sql_data) == 0) { return $id; } $error_sql = db_update($this->tname, $sql_data, array("id=@id@"), array("id" => $id, "folder" => $this->folder), array("handler" => $this->handler)); if ($error_sql != "") { return self::_error("{t}SQL failed.{/t}", $error_sql); } if ($this->notification) { sys_notification("{t}Item successfully updated.{/t} (" . (is_numeric($id) ? $id : 1) . ")"); } } if (empty($this->handler)) { db_update("simple_sys_tree", array("history" => "[" . $id . "/details] " . $sql_data["history"]), array("id=@id@"), array("id" => $this->folder)); db_update_treesize($this->tname, $this->folder); if (!$insert and $this->folder != $data_row["folder"]) { db_update("simple_sys_tree", array("history" => "[" . $id . "/details] " . $sql_data["history"]), array("id=@id@"), array("id" => $data_row["folder"])); db_update_treesize($this->tname, $data_row["folder"]); db_search_delete($this->tname, $id, $data_row["folder"]); } if (empty($this->att["NO_SEARCH_INDEX"])) { db_search_update($this->tname, $id, $this->fields); } sys_log_stat($insert ? "new_records" : "changed_records", 1); } // call triggers $trigger = ""; if ($insert and !empty($this->att["TRIGGER_NEW"])) { $trigger = $this->att["TRIGGER_NEW"]; } if (!$insert and !empty($this->att["TRIGGER_EDIT"])) { $trigger = $this->att["TRIGGER_EDIT"]; } if ($trigger and $result = asset_process_trigger($trigger, $id, $rdata, $this->tname)) { return self::_error("{t}Trigger failed{/t}", $result); } // send notification $tree_notification = db_select_value("simple_sys_tree", "notification", "id=@id@", array("id" => $this->folder)); if ($tree_notification != "") { $rdata["notification"] .= "," . $tree_notification; } if (!$insert and $this->folder != $data_row["folder"]) { $tree_notification = db_select_value("simple_sys_tree", "notification", "id=@id@", array("id" => $data_row["folder"])); if ($tree_notification != "") { $rdata["notification"] .= "," . $tree_notification; } } if (!empty($rdata["notification"])) { $rdata["notification"] = trim($rdata["notification"], ","); $smtp_data = asset::build_notification($this->att["NAME"], $this->current_fields, $rdata, $sql_data, $id, $data_row); if ($result = asset_process_trigger("sendmail", $id, $smtp_data)) { return self::_error("{t}Trigger failed{/t}", $result); } } // update stats if (!empty($this->handler)) { foreach ($sql_data as $data_key => $data_value) { $field = $this->fields[$data_key]; if ($field["SIMPLE_TYPE"] != "files") { continue; } foreach (explode("|", $data_value) as $file) { if (sys_strbegins($file, SIMPLE_CACHE . "/upload/")) { @unlink($file); } } } } return $id; }
static function select($path, $fields, $where, $order, $limit, $vars, $mfolder) { $path = SIMPLE_STORE . "/backup/"; if (sys_allowedpath($path) != "") { return array(); } $file_array = array(); if (!($handle = @opendir($path))) { return array(); } while (false !== ($file = readdir($handle))) { if ($file == '.' or $file == '..' or is_dir($path . $file)) { continue; } if (modify::getfileext($file) != "tar") { continue; } $file_array[] = $file; } closedir($handle); $rows = array(); foreach ($file_array as $filename) { $data = stat($path . $filename); $row = array(); foreach ($fields as $field) { switch ($field) { case "filedata": case "id": $row[$field] = $path . $filename; break; case "folder": $row[$field] = $vars["folder"]; break; case "category": $row[$field] = str_replace(array("__"), array("/"), substr(modify::basename($filename), 0, strpos(modify::basename($filename), "--"))); break; case "filename": $row[$field] = basename(str_replace(array("__"), array("/"), modify::basename($filename))); $row[$field] = substr($row[$field], 0, strpos($row[$field], "--")); if ($row[$field] == "") { $row[$field] = $filename; } break; case "searchcontent": $row[$field] = $filename; break; case "createdby": case "lastmodifiedby": $row[$field] = ""; break; case "created": $row[$field] = $data["ctime"]; break; case "lastmodified": $row[$field] = $data["mtime"]; break; case "filesize": $row[$field] = $data["size"]; break; default: $row[$field] = ""; break; } } if (sys_select_where($row, $where, $vars)) { $rows[] = $row; } } $rows = sys_select($rows, $order, $limit, $fields); return $rows; }
function _upload_append_file($row, $field, $target, $newfilename) { $t = $GLOBALS["t"]; if (!file_exists($target) and $fp = fopen("php://input", "r") and $ft = fopen($target, "wb")) { while (!feof($fp)) { fwrite($ft, fread($fp, 8192)); } fclose($fp); fclose($ft); } if (!file_exists($target)) { return false; } if ($row[$field] != "") { $files = explode("|", trim($row[$field], "|")); } else { $files = array(); } $files[] = $newfilename; $size = filesize($newfilename) + $row["dsize"]; $history = t("{t}Item edited (%s) by %s at %s{/t}", $field, $_SESSION["username"], sys_date("{t}m/d/y g:i:s a{/t}")) . "\n" . t("{t}File{/t}") . ": + " . modify::basename($newfilename) . "\n\n"; $error_sql = db_update($GLOBALS["tname"], array($field => "|" . implode("|", $files) . "|", "dsize" => $size, "history" => $history), $t["sqlwhere"], $t["sqlvars"], array("sqlvarsnoquote" => $t["sqlvarsnoquote"])); if ($error_sql == "") { db_update_treesize($GLOBALS["tname"], $row["folder"]); db_search_update($GLOBALS["tname"], $t["sqlvars"]["item"], $GLOBALS["table"]["fields"]); _upload_success("204 No Content"); } return false; }
static function preview_bin($filename, $ext) { if (!function_exists("proc_open")) { return "ERROR {t}Cannot call 'proc_open'. Please remove 'proc_open' from 'disable_functions' in php.ini and disable 'safe_mode'.{/t}"; } $result = ""; switch ($ext) { case "zip": $src = self::realfilename($filename); $result = sys_exec(sys_find_bin("unzip") . " -l -V " . $src); $result = substr($result, strpos($result, "\n") + 1); break; case "tar": $src = self::realfilename($filename); $result = sys_exec(sys_find_bin("tar") . " -tf " . $src); break; case "gz": case "tgz": if (!strpos(strtolower($filename), ".tar.gz") and !strpos(strtolower($filename), ".tgz")) { break; } $src = self::realfilename($filename); $cmd = sys_find_bin("gzip") . " -cd " . $src . " | " . sys_find_bin("tar") . " -t"; if (strpos(PHP_OS, "WIN") !== false) { $cmd = str_replace("/", "\\", $cmd); } $result = sys_exec($cmd); break; case "ppt": $tmp = SIMPLE_CACHE . "/debug/sys_exec_" . md5($_SESSION["username"] . NOW) . ".ppt"; copy($filename, $tmp); $result = sys_exec(sys_find_bin("ppthtml") . " " . self::realfilename($tmp)); unlink($tmp); if ($pos = strpos($result, "<BODY")) { $result = substr($result, $pos); } $result = utf8_decode(strip_tags($result)); break; case "doc": $src = self::realfilename($filename); $result = sys_exec(sys_find_bin("catdoc") . " -d utf-8 " . $src); break; case "xls": $src = self::realfilename($filename); $result = sys_exec(sys_find_bin("xls2csv") . " -d utf-8 " . $src); // $result = sys_exec(sys_find_bin("xlhtml")." -nh ".$src); break; case "docx": case "xlsx": case "pptx": case "ods": // oo-xls // oo-xls case "sxc": case "odt": // oo-doc // oo-doc case "sxw": case "odp": // oo-ppt // oo-ppt case "sxi": if ($ext == "docx") { $file = "word/document.xml"; $replace = array("</w:p>" => "\n"); } else { if ($ext == "xlsx") { $file = "xl/sharedStrings.xml"; $replace = array("</si>" => " "); } else { if ($ext == "pptx") { $file = "ppt/slides/*.xml"; $replace = array("</a:p>" => "\n"); } else { $file = "content.xml"; $replace = array("</text:p>" => "\n"); } } } $src = self::realfilename($filename); $result = sys_exec(sys_find_bin("unzip") . " -p " . $src . " " . $file); $result = utf8_decode(strip_tags(str_replace(array_keys($replace), array_values($replace), $result))); break; case "url": $match = array(); preg_match("/^URL=(.+)/m", file_get_contents($filename), $match); if (!empty($match[1])) { $result = "<a href='" . q(trim($match[1])) . "' target='_blank'>" . modify::basename(substr($filename, 0, -4)) . "</a>"; } break; case "pdf": $src = self::realfilename($filename); $result = sys_exec(sys_find_bin("pdfinfo") . " " . $src); $result .= sys_exec(sys_find_bin("pdftotext") . " " . $src . " @file@"); break; case "mp3": $src = self::realfilename($filename); $result = sys_exec(sys_find_bin("mp3info") . " -x " . $src); $result = substr($result, strpos($result, "\n") + 1); break; case "jpg": case "jpeg": $src = self::realfilename($filename); $result = sys_exec(sys_find_bin("exiv2") . " " . $src); $result = str_replace("\r", "", $result) . "\n"; $result = preg_replace("!(^.*No Exif.*|File ?name.*|File ?size.*|MIME type.*|.*?:\\s*)\n!im", "", $result); $gps = sys_exec(sys_find_bin("exiv2") . " -PEnv " . $src); $match = array(); preg_match("!GPSLatitude\\s+(\\d+)/(\\d+) (\\d+)/(\\d+) (\\d+)/(\\d+)!", $gps, $match); $match2 = array(); preg_match("!GPSLongitude\\s+(\\d+)/(\\d+) (\\d+)/(\\d+) (\\d+)/(\\d+)!", $gps, $match2); if (is_array($match) and count($match) == 7 and is_array($match2) and count($match2) == 7) { $latitude = $match[1] / $match[2] + $match[3] / $match[4] / 60 + $match[5] / $match[6] / 3600; if (!preg_match("/GPSLatitudeRef\\s+N/", $gps)) { $latitude *= -1; } $longitude = $match2[1] / $match2[2] + $match2[3] / $match2[4] / 60 + $match2[5] / $match2[6] / 3600; if (!preg_match("/GPSLongitudeRef\\s+E/", $gps)) { $longitude *= -1; } $result .= "GPS: <a target='_blank' href='http://maps.google.com/?ll={$latitude},{$longitude}'>Google Maps</a>"; } break; } return $result; }
private static function _set_meta($data, $id, $mfolder, $ntlm) { $w = new Java("jcifs.smb.SmbFile", "smb://" . $id, $ntlm); $lastmodified = $w->getLastModified() / 1000; $sourcefile = sys_cache_get_file("cifs", $id . $lastmodified, "--" . modify::basename($id . ".meta"), true); if (file_exists($sourcefile)) { $data = sys_build_meta(file_get_contents($sourcefile), $data); } $drop = array("filedata", "folder", "created", "lastmodified", "handler", "mfolder", "dsize", "id"); $data = sys_build_meta_str($data, array_diff(array_keys($data), $drop)); if ($data == "") { $w = new Java("jcifs.smb.SmbFile", "smb://" . $id . ".meta", $ntlm); if ($w->exists()) { $w->delete(); } } else { file_put_contents($sourcefile, $data, LOCK_EX); $in = new Java("java.io.FileInputStream", modify::realfilename($sourcefile, false)); $w = new Java("jcifs.smb.SmbFile", "smb://" . $id . ".meta", $ntlm); $w->load($in); } }