function CheckRights($method, $strong, &$path)
{
$result = true;
if (!parent::CheckRights($method)) {
$result = false;
$GLOBALS["APPLICATION"]->ThrowException(GetMessage('WD_ACCESS_DENIED'), 'ACCESS_DENIED');
} elseif ($path != '') {
$io = CBXVirtualIo::GetInstance();
$path = $io->CombinePath($this->_udecode($path));
$strFileName = GetFileName($path);
$extention = "." . strtolower(GetFileExtension($strFileName));
if (in_array($method, array("COPY", "MOVE", "PUT"))) {
if (!$GLOBALS["USER"]->IsAdmin() && HasScriptExtension($strFileName)) {
$result = false;
$GLOBALS['APPLICATION']->ThrowException(GetMessage("WD_FILE_ERROR13"), "FORBIDDEN_EXTENTION");
} elseif (IsFileUnsafe($strFileName) || $strFileName == "index.php") {
$result = false;
$GLOBALS['APPLICATION']->ThrowException(GetMessage("WD_FILE_ERROR14"), "FORBIDDEN_NAME");
} elseif (!$io->ValidatePathString($io->CombinePath("/", $path)) || !$io->ValidateFilenameString($strFileName)) {
$result = false;
$GLOBALS['APPLICATION']->ThrowException(GetMessage("WD_FILE_ERROR14"), "FORBIDDEN_NAME");
} elseif (in_array($extention, $this->arFileForbiddenExtentions["WRITE"])) {
$result = false;
$GLOBALS['APPLICATION']->ThrowException(GetMessage("WD_FILE_ERROR13"), "FORBIDDEN_EXTENTION");
}
} elseif (in_array($extention, $this->arFileForbiddenExtentions["READ"])) {
$result = false;
$GLOBALS["APPLICATION"]->ThrowException(GetMessage('WD_ACCESS_DENIED'), 'ACCESS_DENIED');
}
}
return $result;
}
public static function GetFileContent($did, $fname, $wf_path = "", $site = false)
{
$err_mess = CAllWorkflow::err_mess() . "<br>Function: GetFileContent<br>Line: ";
global $DB, $APPLICATION, $USER;
$did = intval($did);
// check if executable
if ($USER->IsAdmin() || CBXVirtualIoFileSystem::ValidatePathString($fname) && !HasScriptExtension($fname)) {
if ($did > 0) {
// check if it is associated wtih document
$z = CWorkflow::GetFileByID($did, $fname);
// found one
if ($zr = $z->Fetch()) {
// get it's contents
$path = CWorkflow::GetTempDir() . $zr["TEMP_FILENAME"];
if (file_exists($path)) {
return $APPLICATION->GetFileContent($path);
}
} else {
// lookup in database
$strSql = "SELECT FILENAME, SITE_ID FROM b_workflow_document WHERE ID='{$did}'";
$y = $DB->Query($strSql, false, $err_mess . __LINE__);
// found
if ($yr = $y->Fetch()) {
// get it's directory
$path = GetDirPath($yr["FILENAME"]);
// absolute path
$pathto = Rel2Abs($path, $fname);
$DOC_ROOT = CSite::GetSiteDocRoot($yr["SITE_ID"]);
$path = $DOC_ROOT . $pathto;
// give it another try
$u = CWorkflow::GetFileByID($did, $pathto);
// found
if ($ur = $u->Fetch()) {
// get it's contents
$path = CWorkflow::GetTempDir() . $ur["TEMP_FILENAME"];
if (file_exists($path)) {
return $APPLICATION->GetFileContent($path);
}
} elseif (file_exists($path)) {
// get it's contents
if ($USER->CanDoFileOperation('fm_view_file', array($yr["SITE_ID"], $pathto))) {
return $APPLICATION->GetFileContent($path);
}
}
}
}
}
$DOC_ROOT = CSite::GetSiteDocRoot($site);
// new one
if (strlen($wf_path) > 0) {
$pathto = Rel2Abs($wf_path, $fname);
$path = $DOC_ROOT . $pathto;
if (file_exists($path)) {
// get it's contents
if ($USER->CanDoFileOperation('fm_view_file', array($site, $pathto))) {
$src = $APPLICATION->GetFileContent($path);
return $src;
}
}
}
// still failed to find
// get path
$path = $DOC_ROOT . $fname;
if (file_exists($path)) {
// get it's contents
if ($USER->CanDoFileOperation('fm_view_file', array($site, $fname))) {
return $APPLICATION->GetFileContent($path);
}
}
} else {
return GetMessage("FLOW_ACCESS_DENIED_PHP_VIEW");
}
}
private function _extractFile(&$arEntry, $path, $removePath, $removeAllPath, &$arParams)
{
if (($res = $this->_readFileHeader($header)) != 1) {
return $res;
}
//to be checked: file header should be coherent with $arEntry info
$arEntry["filename"] = CharsetConverter::ConvertCharset($arEntry["filename"], "cp866", $this->fileSystemEncoding);
$arEntry["stored_filename"] = CharsetConverter::ConvertCharset($arEntry["stored_filename"], "cp866", $this->fileSystemEncoding);
//protecting against ../ etc in file path
//only absolute path should be in the $arEntry
$arEntry['filename'] = _normalizePath($arEntry['filename']);
$arEntry['stored_filename'] = _normalizePath($arEntry['stored_filename']);
if ($removeAllPath == true) {
$arEntry['filename'] = basename($arEntry['filename']);
} else {
if ($removePath != "") {
if ($this->_containsPath($removePath, $arEntry['filename']) == 2) {
//change file status
$arEntry['status'] = "filtered";
return $res;
}
$removePath_size = strlen($removePath);
if (substr($arEntry['filename'], 0, $removePath_size) == $removePath) {
//remove path
$arEntry['filename'] = substr($arEntry['filename'], $removePath_size);
}
}
}
//making absolute path to the extracted file out of filename stored in the zip header and passed extracting path
if ($path != '') {
$arEntry['filename'] = $path . "/" . $arEntry['filename'];
}
//pre-extract callback
if (isset($arParams['callback_pre_extract']) && $arParams['callback_pre_extract'] != '') {
//generate local info
$arLocalHeader = array();
$this->_convertHeader2FileInfo($arEntry, $arLocalHeader);
//callback call
eval('$res = ' . $arParams['callback_pre_extract'] . '(\'callback_pre_extract\', $arLocalHeader);');
//change file status
if ($res == 0) {
$arEntry['status'] = "skipped";
$res = 1;
}
//update the info, only some fields can be modified
$arEntry['filename'] = $arLocalHeader['filename'];
}
//check if extraction should be done
if ($arEntry['status'] == 'ok') {
$logicalFilename = $this->io->GetLogicalName($arEntry['filename']);
if ((HasScriptExtension($arEntry['filename']) || IsFileUnsafe($arEntry['filename']) || !$this->io->ValidatePathString($logicalFilename) || !$this->io->ValidateFilenameString(GetFileName($logicalFilename))) && $this->checkBXPermissions == true) {
$arEntry['status'] = "no_permissions";
} else {
//if the file exists, change status
if (file_exists($arEntry['filename'])) {
if (is_dir($arEntry['filename'])) {
$arEntry['status'] = "already_a_directory";
} else {
if (!is_writeable($arEntry['filename'])) {
$arEntry['status'] = "write_protected";
} else {
if (filemtime($arEntry['filename']) > $arEntry['mtime'] && !$this->replaceExistentFiles) {
$arEntry['status'] = "newer_exist";
}
}
}
} else {
//check the directory availability and create it if necessary
if (($arEntry['external'] & 0x10) == 0x10 || substr($arEntry['filename'], -1) == '/') {
$checkDir = $arEntry['filename'];
} else {
if (!strstr($arEntry['filename'], "/")) {
$checkDir = "";
} else {
$checkDir = dirname($arEntry['filename']);
}
}
if (($res = $this->_checkDir($checkDir, ($arEntry['external'] & 0x10) == 0x10)) != 1) {
//change file status
$arEntry['status'] = "path_creation_fail";
//return $res;
$res = 1;
}
}
}
}
//check if extraction should be done
if ($arEntry['status'] == 'ok') {
//if not a folder - extract
if (!(($arEntry['external'] & 0x10) == 0x10)) {
//if zip file with 0 compression
if ($arEntry['compression'] == 0 && $arEntry['compressed_size'] == $arEntry['size']) {
if (($destFile = @fopen($arEntry['filename'], 'wb')) == 0) {
$arEntry['status'] = "write_error";
return $res;
}
//reading the fileby by self::ReadBlockSize octets blocks
$size = $arEntry['compressed_size'];
while ($size != 0) {
$length = $size < self::ReadBlockSize ? $size : self::ReadBlockSize;
$buffer = fread($this->zipfile, $length);
$binary_data = pack('a' . $length, $buffer);
@fwrite($destFile, $binary_data, $length);
$size -= $length;
}
//close the destination file
fclose($destFile);
//changing file modification time
touch($arEntry['filename'], $arEntry['mtime']);
} else {
if (($destFile = @fopen($arEntry['filename'], 'wb')) == 0) {
//change file status
$arEntry['status'] = "write_error";
return $res;
}
//read the compressed file in a buffer (one shot)
$buffer = @fread($this->zipfile, $arEntry['compressed_size']);
//decompress the file
$fileContent = gzinflate($buffer);
unset($buffer);
//write uncompressed data
@fwrite($destFile, $fileContent, $arEntry['size']);
unset($fileContent);
@fclose($destFile);
touch($arEntry['filename'], $arEntry['mtime']);
}
if (isset($arParams['set_chmod']) && $arParams['set_chmod'] != 0) {
chmod($arEntry['filename'], $arParams['set_chmod']);
}
}
}
//post-extract callback
if (isset($arParams['callback_post_extract']) && $arParams['callback_post_extract'] != '') {
//make local info
$arLocalHeader = array();
$this->_convertHeader2FileInfo($arEntry, $arLocalHeader);
//callback call
eval('$res = ' . $arParams['callback_post_extract'] . '(\'callback_post_extract\', $arLocalHeader);');
}
return $res;
}
function BaseCheckFields($val)
{
$arErrors = array();
if (!is_array($val)) {
$val = array();
}
// Check uploaded file
if ($val["B_NEW_FILE"] != "N" && isset($val["FILE"])) {
if ($val["FILE"]["error"] == 1 || $val["FILE"]["error"] == 2) {
$arErrors[] = GetMessage("IBLOCK_PROP_VIDEO_SIZE_ERROR", array('#FILE_NAME#' => $pathto)) . "\n";
}
if (strlen($val["FILE"]["tmp_name"]) > 0) {
$name = $val["FILE"]["name"];
$name = preg_replace("/[^a-zA-Z0-9_:\\.]/is", "_", $name);
$ext = GetFileExtension($name);
if (strlen($ext) == 0 || HasScriptExtension($name) || substr($name, 0, 1) == ".") {
$arErrors[] = GetMessage("IBLOCK_PROP_VIDEO_INCORRECT_EXT", array("#EXT#" => strtoupper($ext)));
} elseif (!is_uploaded_file($val["FILE"]["tmp_name"])) {
$arErrors[] = GetMessage("IBLOCK_PROP_VIDEO_UPLOAD_ERROR");
} else {
$quota = new CDiskQuota();
if (!$quota->checkDiskQuota(array("FILE_SIZE" => $val["FILE"]["size"]))) {
$arErrors[] = GetMessage("IBLOCK_PROP_VIDEO_QUOTE_ERROR") . "\n";
}
}
}
}
return $arErrors;
}
function CheckFields(&$arFields, $ID = false, $bCheckDiskQuota = true)
{
global $DB, $APPLICATION, $USER;
$this->LAST_ERROR = "";
$APPLICATION->ResetException();
if ($ID === false) {
$db_events = GetModuleEvents("iblock", "OnStartIBlockElementAdd", true);
} else {
$arFields["ID"] = $ID;
$db_events = GetModuleEvents("iblock", "OnStartIBlockElementUpdate", true);
}
foreach ($db_events as $arEvent) {
$bEventRes = ExecuteModuleEventEx($arEvent, array(&$arFields));
if ($bEventRes === false) {
break;
}
}
if (($ID === false || is_set($arFields, "NAME")) && strlen($arFields["NAME"]) <= 0) {
$this->LAST_ERROR .= GetMessage("IBLOCK_BAD_ELEMENT_NAME") . "<br>";
}
if (isset($arFields["ACTIVE_FROM"]) && $arFields["ACTIVE_FROM"] != '' && !$DB->IsDate($arFields["ACTIVE_FROM"], false, LANG, "FULL")) {
$this->LAST_ERROR .= GetMessage("IBLOCK_BAD_ACTIVE_FROM") . "<br>";
}
if (isset($arFields["ACTIVE_TO"]) && $arFields["ACTIVE_TO"] != '' && !$DB->IsDate($arFields["ACTIVE_TO"], false, LANG, "FULL")) {
$this->LAST_ERROR .= GetMessage("IBLOCK_BAD_ACTIVE_TO") . "<br>";
}
if (is_set($arFields, "PREVIEW_PICTURE")) {
if (is_array($arFields["PREVIEW_PICTURE"]) && array_key_exists("bucket", $arFields["PREVIEW_PICTURE"]) && is_object($arFields["PREVIEW_PICTURE"]["bucket"])) {
//This is trusted image from xml import
} elseif (is_array($arFields["PREVIEW_PICTURE"])) {
$error = CFile::CheckImageFile($arFields["PREVIEW_PICTURE"]);
if (strlen($error) > 0) {
$this->LAST_ERROR .= $error . "<br>";
} elseif (($error = CFile::checkForDb($arFields, "PREVIEW_PICTURE")) !== "") {
$this->LAST_ERROR .= GetMessage("IBLOCK_ERR_PREVIEW_PICTURE") . "<br>" . $error . "<br>";
}
} elseif (intval($arFields["PREVIEW_PICTURE"]) > 0) {
if (intval($arFields["WF_PARENT_ELEMENT_ID"]) <= 0 || CIBlockElement::DeleteFile($arFields["PREVIEW_PICTURE"], $ID, "PREVIEW", intval($arFields["WF_PARENT_ELEMENT_ID"]), $arFields["IBLOCK_ID"], true) <= 0) {
$this->LAST_ERROR .= GetMessage("IBLOCK_ERR_PREVIEW_PICTURE") . "<br>";
}
}
}
if (is_set($arFields, "DETAIL_PICTURE")) {
if (is_array($arFields["DETAIL_PICTURE"]) && array_key_exists("bucket", $arFields["DETAIL_PICTURE"]) && is_object($arFields["DETAIL_PICTURE"]["bucket"])) {
//This is trusted image from xml import
} elseif (is_array($arFields["DETAIL_PICTURE"])) {
$error = CFile::CheckImageFile($arFields["DETAIL_PICTURE"]);
if (strlen($error) > 0) {
$this->LAST_ERROR .= $error . "<br>";
} elseif (($error = CFile::checkForDb($arFields, "DETAIL_PICTURE")) !== "") {
$this->LAST_ERROR .= GetMessage("IBLOCK_ERR_DETAIL_PICTURE") . "<br>" . $error . "<br>";
}
} elseif (intval($arFields["DETAIL_PICTURE"]) > 0) {
if (intval($arFields["WF_PARENT_ELEMENT_ID"]) <= 0 || CIBlockElement::DeleteFile($arFields["DETAIL_PICTURE"], $ID, "DETAIL", intval($arFields["WF_PARENT_ELEMENT_ID"]), $arFields["IBLOCK_ID"], true) <= 0) {
$this->LAST_ERROR .= GetMessage("IBLOCK_ERR_DETAIL_PICTURE") . "<br>";
}
}
}
if (array_key_exists("TAGS", $arFields) && CModule::IncludeModule('search')) {
$arFields["TAGS"] = implode(", ", tags_prepare($arFields["TAGS"]));
}
if ($ID === false && !is_set($arFields, "IBLOCK_ID")) {
$this->LAST_ERROR .= GetMessage("IBLOCK_BAD_BLOCK_ID") . "<br>";
}
if ($ID !== false && is_set($arFields, "XML_ID") && strlen($arFields["XML_ID"]) <= 0) {
$this->LAST_ERROR .= GetMessage("IBLOCK_BAD_EXTERNAL_CODE") . "<br>";
}
//Find out IBLOCK_ID from fields or from element
$IBLOCK_ID = intval($arFields["IBLOCK_ID"]);
if ($IBLOCK_ID <= 0) {
$IBLOCK_ID = 0;
$res = $DB->Query("SELECT IBLOCK_ID FROM b_iblock_element WHERE ID=" . IntVal($ID));
if ($ar = $res->Fetch()) {
$IBLOCK_ID = (int) $ar["IBLOCK_ID"];
}
}
//Read iblock metadata
static $IBLOCK_CACHE = array();
if (!isset($IBLOCK_CACHE[$IBLOCK_ID])) {
if ($IBLOCK_ID > 0) {
$IBLOCK_CACHE[$IBLOCK_ID] = CIBlock::GetArrayByID($IBLOCK_ID);
} else {
$IBLOCK_CACHE[$IBLOCK_ID] = false;
}
}
if ($IBLOCK_CACHE[$IBLOCK_ID]) {
$arFields["IBLOCK_ID"] = $IBLOCK_ID;
} else {
$this->LAST_ERROR .= GetMessage("IBLOCK_BAD_BLOCK_ID") . "<br>";
}
if (is_set($arFields, 'IBLOCK_SECTION') && !empty($arFields['IBLOCK_SECTION'])) {
if (!is_array($arFields['IBLOCK_SECTION'])) {
$arFields['IBLOCK_SECTION'] = array($arFields['IBLOCK_SECTION']);
}
$arFields['IBLOCK_SECTION'] = array_filter($arFields['IBLOCK_SECTION']);
}
if ($IBLOCK_CACHE[$IBLOCK_ID]) {
$ar = $IBLOCK_CACHE[$IBLOCK_ID]["FIELDS"];
if (is_array($ar)) {
$WF_PARENT_ELEMENT_ID = isset($arFields["WF_PARENT_ELEMENT_ID"]) ? intval($arFields["WF_PARENT_ELEMENT_ID"]) : 0;
if (($WF_PARENT_ELEMENT_ID == 0 || $WF_PARENT_ELEMENT_ID == intval($ID)) && array_key_exists("CODE", $arFields) && strlen($arFields["CODE"]) > 0 && is_array($ar["CODE"]["DEFAULT_VALUE"]) && $ar["CODE"]["DEFAULT_VALUE"]["UNIQUE"] == "Y") {
$res = $DB->Query("\n\t\t\t\t\t\tSELECT ID\n\t\t\t\t\t\tFROM b_iblock_element\n\t\t\t\t\t\tWHERE IBLOCK_ID = " . $IBLOCK_ID . "\n\t\t\t\t\t\tAND CODE = '" . $DB->ForSQL($arFields["CODE"]) . "'\n\t\t\t\t\t\tAND WF_PARENT_ELEMENT_ID IS NULL\n\t\t\t\t\t\tAND ID <> " . intval($ID));
if ($res->Fetch()) {
$this->LAST_ERROR .= GetMessage("IBLOCK_DUP_ELEMENT_CODE") . "<br>";
}
}
$arOldElement = false;
foreach ($ar as $FIELD_ID => $field) {
if (preg_match("/^(SECTION_|LOG_)/", $FIELD_ID)) {
continue;
}
if ($field["IS_REQUIRED"] === "Y") {
switch ($FIELD_ID) {
case "NAME":
case "ACTIVE":
case "PREVIEW_TEXT_TYPE":
case "DETAIL_TEXT_TYPE":
case "SORT":
//We should never check for this fields
break;
case "IBLOCK_SECTION":
if ($ID === false || array_key_exists($FIELD_ID, $arFields)) {
$sum = 0;
if (is_array($arFields[$FIELD_ID])) {
foreach ($arFields[$FIELD_ID] as $k => $v) {
if (intval($v) > 0) {
$sum += intval($v);
}
}
} else {
$sum = intval($arFields[$FIELD_ID]);
}
if ($sum <= 0) {
$this->LAST_ERROR .= GetMessage("IBLOCK_BAD_FIELD", array("#FIELD_NAME#" => $field["NAME"])) . "<br>";
}
}
break;
case "PREVIEW_PICTURE":
case "DETAIL_PICTURE":
if ($ID !== false && !$arOldElement) {
$rs = $DB->Query("SELECT PREVIEW_PICTURE, DETAIL_PICTURE from b_iblock_element WHERE ID = " . intval($ID));
$arOldElement = $rs->Fetch();
}
if ($arOldElement && $arOldElement[$FIELD_ID] > 0) {
//There was an picture so just check that it is not deleted
if (array_key_exists($FIELD_ID, $arFields) && is_array($arFields[$FIELD_ID]) && $arFields[$FIELD_ID]["del"] === "Y") {
$this->LAST_ERROR .= GetMessage("IBLOCK_BAD_FIELD", array("#FIELD_NAME#" => $field["NAME"])) . "<br>";
}
} else {
//There was NO picture so it MUST be present
if (!array_key_exists($FIELD_ID, $arFields)) {
$this->LAST_ERROR .= GetMessage("IBLOCK_BAD_FIELD", array("#FIELD_NAME#" => $field["NAME"])) . "<br>";
} elseif (is_array($arFields[$FIELD_ID])) {
if ($arFields[$FIELD_ID]["del"] === "Y" || array_key_exists("error", $arFields[$FIELD_ID]) && $arFields[$FIELD_ID]["error"] !== 0 || $arFields[$FIELD_ID]["size"] <= 0) {
$this->LAST_ERROR .= GetMessage("IBLOCK_BAD_FIELD", array("#FIELD_NAME#" => $field["NAME"])) . "<br>";
}
} else {
if (intval($arFields[$FIELD_ID]) <= 0) {
$this->LAST_ERROR .= GetMessage("IBLOCK_BAD_FIELD", array("#FIELD_NAME#" => $field["NAME"])) . "<br>";
}
}
}
break;
default:
if ($ID === false || array_key_exists($FIELD_ID, $arFields)) {
if (is_array($arFields[$FIELD_ID])) {
$val = implode("", $arFields[$FIELD_ID]);
} else {
$val = $arFields[$FIELD_ID];
}
if (strlen($val) <= 0) {
$this->LAST_ERROR .= GetMessage("IBLOCK_BAD_FIELD", array("#FIELD_NAME#" => $field["NAME"])) . "<br>";
}
}
break;
}
}
}
}
}
if (array_key_exists("PROPERTY_VALUES", $arFields) && is_array($arFields["PROPERTY_VALUES"])) {
//First "normalize" properties to form:
//$arFields["PROPERTY_VALUES"][<PROPERTY_ID>][<PROPERTY_VALUE_ID>] => $value
$arProperties = array();
foreach ($arFields["PROPERTY_VALUES"] as $key => $property_values) {
$arProperties[$key] = array();
if (is_array($property_values)) {
if (array_key_exists("VALUE", $property_values)) {
$arProperties[$key][] = $property_values["VALUE"];
} elseif (array_key_exists("tmp_name", $property_values)) {
$arProperties[$key][] = $property_values;
} else {
foreach ($property_values as $key2 => $property_value) {
if (is_array($property_value) && array_key_exists("VALUE", $property_value)) {
//each of these may be "complex"
$arProperties[$key][] = $property_value["VALUE"];
} else {
//or simple
$arProperties[$key][] = $property_value;
}
}
}
} else {
$arProperties[$key][] = $property_values;
}
}
foreach ($arProperties as $key => $property_values) {
$arProperty = CIBlockProperty::GetPropertyArray($key, $IBLOCK_ID);
if ($arProperty["USER_TYPE"] != "") {
$arUserType = CIBlockProperty::GetUserType($arProperty["USER_TYPE"]);
} else {
$arUserType = array();
}
if (array_key_exists("CheckFields", $arUserType)) {
foreach ($property_values as $key2 => $property_value) {
$arError = call_user_func_array($arUserType["CheckFields"], array($arProperty, array("VALUE" => $property_value)));
if (is_array($arError)) {
foreach ($arError as $err_mess) {
$this->LAST_ERROR .= $err_mess . "<br>";
}
}
}
}
//Files check
$bError = false;
if ($arProperty["IS_REQUIRED"] == "Y" && $arProperty['PROPERTY_TYPE'] == 'F') {
//New element
if ($ID === false) {
$bError = true;
foreach ($property_values as $key2 => $property_value) {
if (is_array($property_value) && array_key_exists("tmp_name", $property_value) && array_key_exists("size", $property_value)) {
if ($property_value['size'] > 0) {
$bError = false;
break;
}
} elseif (intval($property_value) > 0) {
//This is history copy of the file
$bError = false;
break;
}
}
} else {
$dbProperty = CIBlockElement::GetProperty($arProperty["IBLOCK_ID"], $ID, "sort", "asc", array("ID" => $arProperty["ORIG_ID"], "EMPTY" => "N"));
$bCount = 0;
while ($a = $dbProperty->Fetch()) {
if ($a["VALUE"] > 0) {
$bCount++;
}
}
foreach ($property_values as $key2 => $property_value) {
if (is_array($property_value)) {
if ($property_value['size'] > 0) {
$bCount++;
break;
} elseif ($property_value['del'] == 'Y') {
$bCount--;
}
} elseif (intval($property_value) > 0) {
//This is history copy of the file
$bCount++;
break;
}
}
$bError = $bCount <= 0;
}
}
if ($arProperty["IS_REQUIRED"] == "Y" && $arProperty['PROPERTY_TYPE'] != 'F') {
$len = 0;
foreach ($property_values as $key2 => $property_value) {
if (array_key_exists("GetLength", $arUserType)) {
$len += call_user_func_array($arUserType["GetLength"], array($arProperty, array("VALUE" => $property_value)));
} else {
$len += strlen($property_value);
}
if ($len > 0) {
break;
}
}
$bError = $len <= 0;
}
if ($bError) {
$this->LAST_ERROR .= GetMessage("IBLOCK_BAD_PROPERTY", array("#PROPERTY#" => $arProperty["NAME"])) . "<br>";
}
// check file properties for correctness
if ($arProperty['PROPERTY_TYPE'] == 'F') {
$bImageOnly = False;
$arImageExtentions = explode(",", strtoupper(CFile::GetImageExtensions()));
if (strlen($arProperty["FILE_TYPE"])) {
$bImageOnly = True;
$arAvailTypes = explode(",", strtoupper($arProperty["FILE_TYPE"]));
foreach ($arAvailTypes as $avail_type) {
if (!in_array(trim($avail_type), $arImageExtentions)) {
$bImageOnly = False;
break;
}
}
}
foreach ($property_values as $key2 => $property_value) {
if (!is_array($property_value) && intval($property_value) > 0 && intval($arFields["WF_PARENT_ELEMENT_ID"]) > 0) {
if (CIBlockElement::DeleteFile($property_value, $ID, "PROPERTY", intval($arFields["WF_PARENT_ELEMENT_ID"]), $arFields["IBLOCK_ID"], true) <= 0) {
$this->LAST_ERROR .= GetMessage("IBLOCK_ERR_FILE_PROPERTY") . "<br>";
}
} elseif (is_array($property_value)) {
if (is_object($property_value["bucket"])) {
//This is trusted image from xml import
$error = "";
} else {
if ($bImageOnly) {
$error = CFile::CheckImageFile($property_value);
} else {
$error = CFile::CheckFile($property_value, 0, false, $arProperty["FILE_TYPE"]);
}
}
//For user without edit php permissions
//we allow only pictures upload
if (!is_object($USER) || !$USER->IsAdmin()) {
if (HasScriptExtension($property_value["name"])) {
$error = GetMessage("FILE_BAD_TYPE") . " (" . $property_value["name"] . ").";
}
}
if (strlen($error) > 0) {
$this->LAST_ERROR .= $error . "<br>";
}
}
}
}
}
}
$APPLICATION->ResetException();
if ($ID === false) {
$db_events = GetModuleEvents("iblock", "OnBeforeIBlockElementAdd", true);
} else {
$arFields["ID"] = $ID;
$db_events = GetModuleEvents("iblock", "OnBeforeIBlockElementUpdate", true);
}
foreach ($db_events as $arEvent) {
$bEventRes = ExecuteModuleEventEx($arEvent, array(&$arFields));
if ($bEventRes === false) {
if ($err = $APPLICATION->GetException()) {
$this->LAST_ERROR .= $err->GetString() . "<br>";
} else {
$APPLICATION->ThrowException("Unknown error");
$this->LAST_ERROR .= "Unknown error.<br>";
}
break;
}
}
/****************************** QUOTA ******************************/
if ($bCheckDiskQuota && empty($this->LAST_ERROR) && COption::GetOptionInt("main", "disk_space") > 0) {
$quota = new CDiskQuota();
if (!$quota->checkDiskQuota($arFields)) {
$this->LAST_ERROR = $quota->LAST_ERROR;
}
}
/****************************** QUOTA ******************************/
if (!empty($this->LAST_ERROR)) {
return false;
}
return true;
}
function CheckFields($arUserField, $value)
{
$aMsg = array();
if ($arUserField["SETTINGS"]["MAX_ALLOWED_SIZE"] > 0 && $value["size"] > $arUserField["SETTINGS"]["MAX_ALLOWED_SIZE"]) {
$aMsg[] = array("id" => $arUserField["FIELD_NAME"], "text" => GetMessage("USER_TYPE_FILE_MAX_SIZE_ERROR", array("#FIELD_NAME#" => $arUserField["EDIT_FORM_LABEL"], "#MAX_ALLOWED_SIZE#" => $arUserField["SETTINGS"]["MAX_ALLOWED_SIZE"])));
}
//Extention check
if (is_array($arUserField["SETTINGS"]["EXTENSIONS"]) && count($arUserField["SETTINGS"]["EXTENSIONS"])) {
foreach ($arUserField["SETTINGS"]["EXTENSIONS"] as $ext => $tmp_val) {
$arUserField["SETTINGS"]["EXTENSIONS"][$ext] = $ext;
}
$error = CFile::CheckFile($value, 0, false, implode(",", $arUserField["SETTINGS"]["EXTENSIONS"]));
} else {
$error = "";
}
if (strlen($error)) {
$aMsg[] = array("id" => $arUserField["FIELD_NAME"], "text" => $error);
}
//For user without edit php permissions
//we allow only pictures upload
global $USER;
if (!is_object($USER) || !$USER->IsAdmin()) {
if (HasScriptExtension($value["name"])) {
$aMsg[] = array("id" => $arUserField["FIELD_NAME"], "text" => GetMessage("FILE_BAD_TYPE") . " (" . $value["name"] . ").");
}
}
return $aMsg;
}
function UploadFile($Params)
{
$buffer = 'parent.oWaitWindow.Hide();';
$F = $Params['file'];
$io = CBXVirtualIo::GetInstance();
if (isset($F["tmp_name"]) && strlen($F["tmp_name"]) > 0 && strlen($F["name"]) > 0 || is_uploaded_file($F["tmp_name"])) {
global $APPLICATION, $USER;
$strWarning = '';
$filename = $Params['filename'];
$path = $Params['path'];
$site = $Params['site'];
$upload_and_open = $Params['upload_and_open'];
$rootPath = CSite::GetSiteDocRoot($site);
if ($filename == '') {
$filename = $F["name"];
}
$pathto = Rel2Abs($path, $filename);
if (strlen($filename) > 0 && ($mess = self::CheckFileName($filename)) !== true) {
$strWarning = $mess;
}
if ($strWarning == '') {
$fn = $io->ExtractNameFromPath($pathto);
if ($APPLICATION->GetFileAccessPermission(array($site, $pathto)) > "R" && ($USER->IsAdmin() || !HasScriptExtension($fn) && substr($fn, 0, 1) != "." && $io->ValidateFilenameString($fn))) {
if (!$io->FileExists($rootPath . $pathto) || $_REQUEST["rewrite"] == "Y") {
//************************** Quota **************************//
$bQuota = true;
if (COption::GetOptionInt("main", "disk_space") > 0) {
$bQuota = false;
$quota = new CDiskQuota();
if ($quota->checkDiskQuota(array("FILE_SIZE" => filesize($F["tmp_name"])))) {
$bQuota = true;
}
}
//************************** Quota **************************//
if ($bQuota) {
$io->Copy($F["tmp_name"], $rootPath . $pathto);
$flTmp = $io->GetFile($rootPath . $pathto);
$flTmp->MarkWritable();
if (COption::GetOptionInt("main", "disk_space") > 0) {
CDiskQuota::updateDiskQuota("file", $flTmp->GetFileSize(), "copy");
}
$buffer = 'setTimeout(function(){parent.oBXDialogControls.Uploader.OnAfterUpload("' . $filename . '", ' . ($upload_and_open == "Y" ? 'true' : 'false') . ');}, 50);';
} else {
$strWarning = $quota->LAST_ERROR;
}
} else {
$strWarning = GetMessage("FD_LOAD_EXIST_ALERT");
}
} else {
$strWarning = GetMessage("FD_LOAD_DENY_ALERT");
}
}
} else {
$strWarning = GetMessage("FD_LOAD_ERROR_ALERT");
}
if ($strWarning != '') {
$buffer = 'alert("' . addslashes(htmlspecialcharsex($strWarning)) . '");';
}
return '<script>' . $buffer . '</script>';
}
function CopyEx($path_from, $path_to, $bDeleteAfterCopy = false, $bOverride = false)
{
global $APPLICATION, $USER;
CMain::InitPathVars($site_from, $path_from);
$DOC_ROOT_FROM = CSite::GetSiteDocRoot($site_from);
CMain::InitPathVars($site_to, $path_to);
$DOC_ROOT_TO = CSite::GetSiteDocRoot($site_to);
$strWarning = '';
//check: if we copy to the same directory
if (strpos($DOC_ROOT_TO . $path_to . "/", $DOC_ROOT_FROM . $path_from . "/") === 0) {
return GetMessage("FILEMAN_LIB_BAD_FOLDER") . ": \"" . $path_from . "\".\n";
}
$io = CBXVirtualIo::GetInstance();
if ($io->DirectoryExists($DOC_ROOT_FROM . $path_from)) {
// Minimal access - read/listing for copying files
if (!$USER->CanDoFileOperation('fm_view_listing', array($site_from, $path_from))) {
return GetMessage("FILEMAN_FILEMAN_FOLDER_READ_DENY") . " \"" . $path_from . "\".\n";
}
if ($bDeleteAfterCopy && !$USER->CanDoFileOperation('fm_delete_folder', array($site_from, $path_from))) {
return GetMessage("FILEMAN_FILEMAN_FOLDER_DEL_DENY") . " \"" . $path_from . "\".\n";
}
//Check: folder exist or not
$strWarTmp = CFileMan::CreateDir(array($site_to, $path_to));
if (strlen($strWarTmp) > 0) {
return $strWarTmp;
}
$APPLICATION->CopyFileAccessPermission(array($site_from, $path_from), array($site_to, $path_to));
} else {
// If we can write this file
if (!$USER->CanDoFileOperation('fm_create_new_file', array($site_to, $path_to))) {
return GetMessage("FILEMAN_FILEMAN_FILE_WRITE_DENY") . " \"" . $path_to . "\".\n";
}
// If we can't read source-file
if (!$USER->CanDoFileOperation('fm_view_file', array($site_from, $path_from))) {
return GetMessage("FILEMAN_FILEMAN_FILE_READ_DENY") . " \"" . $path_from . "\".\n";
}
// Copying php or system file without PHP or LPA access
if (!($USER->CanDoOperation('edit_php') || $USER->CanDoFileOperation('fm_lpa', $arPath) || !(HasScriptExtension($Elem["NAME"]) || substr($Elem["NAME"], 0, 1) == "."))) {
return GetMessage("FILEMAN_FILEMAN_FILE_READ_DENY") . " \"" . $path_from . "\".\n";
}
// If we can't move source-file
if ($bDeleteAfterCopy && !$USER->CanDoFileOperation('fm_delete_file', array($site_from, $path_from))) {
return GetMessage("FILEMAN_FILEMAN_FILE_DEL_DENY") . " \"" . $path_from . "\".\n";
}
//Check if folder already exist and trying to create if not
$p = strrpos($path_to, "/");
$path_to_dir = substr($path_to, 0, $p);
$strWarTmp = CFileMan::CreateDir(array($site_to, $path_to_dir));
if (strlen($strWarTmp) > 0) {
return $strWarTmp;
}
if ($io->FileExists($DOC_ROOT_TO . $path_to) || $io->DirectoryExists($DOC_ROOT_TO . $path_to)) {
if ($bOverride) {
$strWarn = CFileMan::DeleteEx(array($site_to, $path_to));
if ($strWarn != "") {
return $strWarn;
}
} else {
return GetMessage("FILEMAN_FILEMAN_FILE_WITH_NAME") . " \"" . $path_to . "\" " . GetMessage("FILEMAN_FILEMAN_ALREADY_EXISTS") . "!\n";
}
}
$APPLICATION->CopyFileAccessPermission(array($site_from, $path_from), array($site_to, $path_to));
//************************** Quota **************************//
if (COption::GetOptionInt("main", "disk_space") > 0) {
$f = $io->GetFile($DOC_ROOT_FROM . $path_from);
$size = $f->GetFileSize();
$quota = new CDiskQuota();
if (!$quota->checkDiskQuota(array("FILE_SIZE" => $size))) {
return $quota->LAST_ERROR;
}
}
//************************** Quota **************************//
// Copy file
if (DEBUG_FILE_MAN) {
echo "copy(" . $DOC_ROOT_FROM . $path_from . "," . $DOC_ROOT_TO . $path_to . ");<br>";
}
if (!$io->Copy($DOC_ROOT_FROM . $path_from, $DOC_ROOT_TO . $path_to)) {
$strWarning .= GetMessage('FILEMAN_COPY_ERROR', array('#PATH_FROM#' => htmlspecialcharsex($path_from), '#PATH_TO#' => htmlspecialcharsex($path_to)));
}
//************************** Quota **************************//
if (COption::GetOptionInt("main", "disk_space") > 0) {
$quota->updateDiskQuota("file", $size, "copy");
}
//************************** Quota **************************//
if (CModule::IncludeModule("search")) {
$site = CSite::GetSiteByFullPath($DOC_ROOT_TO . $path_to);
CSearch::ReIndexFile(array($site_to, $path_to), $site);
}
if ($bDeleteAfterCopy && strlen($strWarning) <= 0) {
// If was command "delete after copy"?
$strWarning .= CFileMan::DeleteFile(array($site_from, $path_from));
}
return $strWarning;
}
// Recursive
$d = $io->GetDirectory($DOC_ROOT_FROM . $path_from);
$arChildren = $d->GetChildren();
foreach ($arChildren as $child) {
$fn = $child->GetName();
if ($child->IsDirectory()) {
//go to recursion
$strWarning .= CFileMan::CopyEx(array($site_from, $path_from . "/" . $fn), array($site_to, $path_to . "/" . $fn), $bDeleteAfterCopy, $bOverride);
//back from recursion, in this subfolder all right
//if($bDeleteAfterCopy) //necessary delete this subfolder
// $strWarning .= CFileMan::DeleteDir($path_from."/".$file);
} else {
if ($fn == ".access.php") {
continue;
}
//let's check, if we can to write there
if (!$USER->CanDoFileOperation('fm_create_new_file', array($site_to, $path_to . "/" . $fn))) {
$strWarning .= GetMessage("FILEMAN_FILEMAN_FILE_WRITE_DENY") . " \"" . $path_to . "/" . $fn . "\".\n";
} elseif (!$USER->CanDoFileOperation('fm_view_file', array($site_from, $path_from . "/" . $fn))) {
$strWarning .= GetMessage("FILEMAN_FILEMAN_FILE_READ_DENY") . " \"" . $path_from . "/" . $fn . "\".\n";
} elseif (!($USER->CanDoOperation('edit_php') || $USER->CanDoFileOperation('fm_lpa', array($site_from, $path_from . "/" . $fn)) || !(HasScriptExtension($fn) || substr($fn, 0, 1) == "."))) {
$strWarning .= GetMessage("FILEMAN_FILEMAN_FILE_READ_DENY") . " \"" . $path_from . "/" . $fn . "\".\n";
} else {
if ($io->FileExists($DOC_ROOT_TO . $path_to . "/" . $fn)) {
if ($bOverride) {
$strWarn = CFileMan::DeleteEx(array($site_to, $path_to . "/" . $fn));
if ($strWarn != "") {
$strWarning .= $strWarn . "\n";
}
} else {
$strWarning .= GetMessage("FILEMAN_FILEMAN_FILE_WITH_NAME") . " \"" . $path_to . "/" . $fn . "\" " . GetMessage("FILEMAN_FILEMAN_ALREADY_EXISTS") . "!\n";
}
}
if ($strWarning == "") {
//it means we can copy, if we found here
$APPLICATION->CopyFileAccessPermission(array($site_from, $path_from . "/" . $fn), array($site_to, $path_to . "/" . $fn));
if (DEBUG_FILE_MAN) {
echo "copy(" . $DOC_ROOT_FROM . $path_from . "/" . $fn . "," . $DOC_ROOT_TO . $path_to . "/" . $fn . ");<br>";
}
if (!$io->Copy($DOC_ROOT_FROM . $path_from . "/" . $fn, $DOC_ROOT_TO . $path_to . "/" . $fn)) {
$strWarning .= GetMessage('FILEMAN_COPY_ERROR', array('#PATH_FROM#' => htmlspecialcharsex($path_from . "/" . $fn), '#PATH_TO#' => htmlspecialcharsex($path_to . "/" . $fn)));
}
//************************** Quota **************************//
if (COption::GetOptionInt("main", "disk_space") > 0) {
$f = $io->GetFile($DOC_ROOT_TO . $path_to . "/" . $fn);
$quota = new CDiskQuota();
$quota->updateDiskQuota("file", $f->GetFileSize(), "copy");
}
//************************** Quota **************************//
if (CModule::IncludeModule("search")) {
$site = CSite::GetSiteByFullPath($DOC_ROOT_TO, $path_to . "/" . $fn);
CSearch::ReindexFile($path_to . "/" . $fn, $site);
}
if ($bDeleteAfterCopy && strlen($strWarning) <= 0) {
$strWarning .= CFileMan::DeleteFile(array($site_from, $path_from . "/" . $fn));
}
}
}
}
}
//we may be need, to delete our initial folder
if ($bDeleteAfterCopy) {
$strWarning .= CFileMan::DeleteDir(array($site_from, $path_from));
}
return $strWarning;
}
}
$strFileName = "";
if (strlen($strErrorMessage) <= 0) {
$arOldSmile = false;
if ($ID > 0) {
$arOldSmile = CSocNetSmile::GetByID($ID);
}
if (is_set($_FILES, "IMAGE1") && strlen($_FILES["IMAGE1"]["name"]) > 0) {
$res = CFile::CheckImageFile($_FILES["IMAGE1"], 0, 0, 0);
if (strlen($res) > 0) {
$strErrorMessage .= $res . "\n";
} else {
$io = CBXVirtualIo::GetInstance();
$strFileName = basename($_FILES["IMAGE1"]["name"]);
$strFileExt = strrchr($_FILES["IMAGE1"]["name"], ".");
if (!$io->ValidateFilenameString($strFileName) || HasScriptExtension($strFileName)) {
$strErrorMessage .= GetMessage("FSE_ERROR_EXT") . ". \n";
}
}
if (strlen($strErrorMessage) <= 0) {
$strDirName = $_SERVER["DOCUMENT_ROOT"] . "/bitrix/images/socialnetwork/";
if ($SMILE_TYPE == "I") {
$strDirName .= "icon";
} else {
$strDirName .= "smile";
}
$strDirName .= "/";
CheckDirPath($strDirName);
if (file_exists($strDirName . $strFileName) && (!$arOldSmile || $arOldSmile["SMILE_TYPE"] != $SMILE_TYPE || $arOldSmile["IMAGE"] != $strFileName)) {
$strErrorMessage .= GetMessage("ERROR_EXISTS_IMAGE") . ". \n";
} else {
$APPLICATION->AuthForm(GetMessage("ACCESS_DENIED"));
}
require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/fileman/include.php";
$site = CFileMan::__CheckSite($site);
$DOC_ROOT = CSite::GetSiteDocRoot($site);
$strWarning = "";
$path = Rel2Abs("/", $path);
$arParsedPath = CFileMan::ParsePath($path);
$arPath = array($site, $path);
if ($type == "flash") {
$ext = "swf,fla";
} elseif ($type == "image") {
$ext = "gif,jpg,jpeg,bmp,png";
}
require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_popup_admin.php";
if (!$USER->CanDoFileOperation('fm_download_file', $arPath) || HasScriptExtension($path)) {
ShowError($arParsedPath["HTML"] . '<br><br><img src="/bitrix/images/fileman/deny.gif" width="28" height="28" border="0" align="left" alt="">' . GetMessage("ACCESS_DENIED"));
} else {
CFileMan::GetDirList(array($site, $path), $arDirs, $arFiles, array("EXTENSIONS" => $ext, "MIN_PERMISSION" => "R"), array("name" => "asc"));
?>
<script>
<!--
function DoEvent(str)
{
try
{
eval("parent."+this.name+"_"+str);
}
catch(e){}
}
$DIR_NAME = $_SESSION["BX_CML2_IMPORT"]["TEMP_DIR"];
else
$DIR_NAME = $_SERVER["DOCUMENT_ROOT"]."/".COption::GetOptionString("main", "upload_dir", "upload")."/1c_catalog/";
if (
isset($_GET["filename"])
&& (strlen($_GET["filename"]) > 0)
&& (strlen($DIR_NAME) > 0)
)
{
//This check for 1c server on linux
$filename = preg_replace("#^(/tmp/|upload/1c/webdata)#", "", $_GET["filename"]);
$filename = trim(str_replace("\\", "/", trim($filename)), "/");
$io = CBXVirtualIo::GetInstance();
$bBadFile = HasScriptExtension($filename)
|| IsFileUnsafe($filename)
|| !$io->ValidatePathString("/".$filename)
;
if (!$bBadFile)
{
$FILE_NAME = rel2abs($DIR_NAME, "/".$filename);
if ((strlen($FILE_NAME) > 1) && ($FILE_NAME === "/".$filename))
{
$ABS_FILE_NAME = $DIR_NAME.$FILE_NAME;
$WORK_DIR_NAME = substr($ABS_FILE_NAME, 0, strrpos($ABS_FILE_NAME, "/")+1);
}
}
}
case "OTR":
$delimiter_r_char = substr($delimiter_other_r, 0, 1);
break;
case "TZP":
$delimiter_r_char = ";";
break;
}
if (strlen($delimiter_r_char) != 1) {
$strError .= GetMessage("IBLOCK_ADM_EXP_NO_DELIMITER") . "<br>";
}
if (strlen($strError) <= 0) {
$csvFile->SetDelimiter($delimiter_r_char);
}
if (strlen($_REQUEST["DATA_FILE_NAME"]) <= 0) {
$strError .= GetMessage("IBLOCK_ADM_EXP_NO_FILE_NAME") . "<br>";
} elseif (preg_match('/[^a-zA-Z0-9\\s!#\\$%&\\(\\)\\[\\]\\{\\}+\\.;=@\\^_\\~\\/\\\\\\-]/i', $_REQUEST["DATA_FILE_NAME"]) || preg_match('/^[a-z]+:\\/\\//i', $_REQUEST["DATA_FILE_NAME"]) || HasScriptExtension($_REQUEST["DATA_FILE_NAME"])) {
$strError .= GetMessage("IBLOCK_ADM_EXP_FILE_NAME_ERROR") . "<br>";
} else {
$DATA_FILE_NAME = Rel2Abs("/", $_REQUEST["DATA_FILE_NAME"]);
if (strtolower(substr($DATA_FILE_NAME, strlen($DATA_FILE_NAME) - 4)) != ".csv") {
$DATA_FILE_NAME .= ".csv";
}
}
if (strlen($strError) <= 0) {
$fp = fopen($_SERVER["DOCUMENT_ROOT"] . $DATA_FILE_NAME, "w");
if (!is_resource($fp)) {
$strError .= GetMessage("IBLOCK_ADM_EXP_CANNOT_CREATE_FILE") . "<br>";
$DATA_FILE_NAME = "";
} else {
fclose($fp);
}
/**
* Checks if current user has access to the file or folder according to Bitrix permissions
* @static
* @param string $strFilename full path to the file
* @param boolean $isFile true if we check file permissions, false if folder permissions should be checked
* @return boolean
*/
public static function HasAccess($strFilename, $isFile)
{
$result = false;
$path = removeDocRoot($strFilename);
global $USER;
if (!$isFile) {
if ($USER->CanDoFileOperation("fm_view_listing", array(SITE_ID, $path))) {
$result = true;
}
} else {
if ($USER->CanDoFileOperation('fm_view_file', array(SITE_ID, $path)) && ($USER->CanDoOperation('edit_php') || $USER->CanDoFileOperation('fm_lpa', array(SITE_ID, $path)) || !(HasScriptExtension($path) || substr(GetFileName($path), 0, 1) == "."))) {
$result = true;
}
}
return $result;
}
if(strlen($newfilename)<=0)
{
$strWarning .= GetMessage("FILEMAN_RENAME_NEW_NAME")." \"".$file."\"!\n";
}
elseif (($mess = CFileMan::CheckFileName($newfilename)) !== true)
{
$strWarning = $mess;
}
else
{
$pathto = Rel2Abs($path, $newfilename);
if(!$USER->CanDoFileOperation('fm_create_new_file',Array($site, $pathto)))
$strWarning .= GetMessage("FILEMAN_RENAME_ACCESS_ERROR")."\n";
elseif(!$USER->CanDoOperation('edit_php') && (substr(CFileman::GetFileName($file), 0, 1) == "." || substr(CFileman::GetFileName($pathto), 0, 1)=="." || (!HasScriptExtension($file) && HasScriptExtension($pathto)))) // if not admin and renaming from non PHP to PHP
$strWarning .= GetMessage("FILEMAN_RENAME_TOPHPFILE_ERROR")."\n";
elseif(!$USER->CanDoOperation('edit_php') && HasScriptExtension($file) && !HasScriptExtension($pathto)) // if not admin and renaming from PHP to non PHP
$strWarning .= GetMessage("FILEMAN_RENAME_FROMPHPFILE_ERROR")."\n";
else
{
$pathparsedtmp = CFileMan::ParsePath(Array($site, $pathto), false, false, "", $logical == "Y");
$strWarningTmp = CFileMan::CreateDir($pathparsedtmp["PREV"]);
if(strlen($strWarningTmp)>0)
$strWarning .= $strWarningTmp;
else
{
if(!$io->FileExists($DOC_ROOT.$path."/".$file))
$strWarning .= GetMessage("FILEMAN_RENAME_FILE")." \"".$path."/".$file."\" ".GetMessage("FILEMAN_RENAME_NOT_FOUND")."!\n";
elseif(!$io->Rename($DOC_ROOT.$path."/".$file, $DOC_ROOT.$pathto))
$strWarning .= GetMessage("FILEMAN_RENAME_ERROR")." \"".$path."/".$file."\" ".GetMessage("FILEMAN_RENAME_IN")." \"".$pathto."\"!\n";
else
/**
* Removes snippet
*
* @param array - list of params (template, path)
* @return bool - result
*/
public static function Remove($params = array())
{
global $APPLICATION;
$res = false;
$template = CFileMan::SecurePathVar($params['template']);
$path = CFileMan::SecurePathVar($params["path"]);
$contPath = $_SERVER["DOCUMENT_ROOT"] . BX_PERSONAL_ROOT . "/templates/" . $template . "/snippets";
$snippetPath = $contPath . ($path == '' ? '' : '/' . $path);
$io = CBXVirtualIo::GetInstance();
if (!$io->ValidatePathString($snippetPath) || IsFileUnsafe($snippetPath) || HasScriptExtension($snippetPath)) {
return false;
}
//Delete snippet file
if ($io->FileExists($snippetPath)) {
$res = $io->Delete($snippetPath);
}
$SNIPPETS = array();
if ($io->FileExists($contPath . "/.content.php")) {
@(include $contPath . "/.content.php");
}
$contentSrc = '<?if(!defined("B_PROLOG_INCLUDED") || B_PROLOG_INCLUDED!==true)die();?>' . chr(10);
$contentSrc .= '<?' . chr(10) . '$SNIPPETS = Array();' . chr(10);
foreach ($SNIPPETS as $k => $snip) {
if ($io->FileExists(CFileMan::SecurePathVar($contPath . '/' . $k))) {
$contentSrc .= '$SNIPPETS[\'' . CUtil::addslashes($k) . '\'] = Array(';
if (isset($snip['title']) && $snip['title'] !== '') {
$contentSrc .= '\'title\' => \'' . Cutil::addslashes($snip['title']) . '\'';
if (isset($snip['description']) && $snip['description'] !== '') {
$contentSrc .= ', ';
}
}
if (isset($snip['description']) && $snip['description'] !== '') {
$contentSrc .= '\'description\' => \'' . Cutil::addslashes($snip['description']) . '\'';
}
$contentSrc .= ');' . chr(10);
}
}
$contentSrc .= '?>';
$APPLICATION->SaveFileContent($contPath . "/.content.php", $contentSrc);
CSnippets::ClearCache();
return $res;
}
function OnChangeFileComponent($path, $site)
{
/** @global CMain $APPLICATION */
global $APPLICATION;
// kind of optimization
if (!HasScriptExtension($path)) {
return;
}
$docRoot = CSite::GetSiteDocRoot($site);
CUrlRewriter::Delete(array("SITE_ID" => $site, "PATH" => $path, "ID" => "NULL"));
if (class_exists("\\Bitrix\\Main\\Application", false)) {
\Bitrix\Main\Component\ParametersTable::deleteByFilter(array("SITE_ID" => $site, "REAL_PATH" => $path));
}
$fileSrc = $APPLICATION->GetFileContent($docRoot . $path);
$arComponents = PHPParser::ParseScript($fileSrc);
for ($i = 0, $cnt = count($arComponents); $i < $cnt; $i++) {
if (class_exists("\\Bitrix\\Main\\Application", false)) {
\Bitrix\Main\Component\ParametersTable::add(array('SITE_ID' => $site, 'COMPONENT_NAME' => $arComponents[$i]["DATA"]["COMPONENT_NAME"], 'TEMPLATE_NAME' => $arComponents[$i]["DATA"]["TEMPLATE_NAME"], 'REAL_PATH' => $path, 'SEF_MODE' => $arComponents[$i]["DATA"]["PARAMS"]["SEF_MODE"] == "Y" ? \Bitrix\Main\Component\ParametersTable::SEF_MODE : \Bitrix\Main\Component\ParametersTable::NOT_SEF_MODE, 'SEF_FOLDER' => $arComponents[$i]["DATA"]["PARAMS"]["SEF_MODE"] == "Y" ? $arComponents[$i]["DATA"]["PARAMS"]["SEF_FOLDER"] : null, 'START_CHAR' => $arComponents[$i]["START"], 'END_CHAR' => $arComponents[$i]["END"], 'PARAMETERS' => serialize($arComponents[$i]["DATA"]["PARAMS"])));
}
if (isset($arComponents[$i]["DATA"]["PARAMS"]) && is_array($arComponents[$i]["DATA"]["PARAMS"])) {
if (array_key_exists("SEF_MODE", $arComponents[$i]["DATA"]["PARAMS"]) && $arComponents[$i]["DATA"]["PARAMS"]["SEF_MODE"] == "Y") {
CUrlRewriter::Add(array("SITE_ID" => $site, "CONDITION" => "#^" . $arComponents[$i]["DATA"]["PARAMS"]["SEF_FOLDER"] . "#", "ID" => $arComponents[$i]["DATA"]["COMPONENT_NAME"], "PATH" => $path));
}
}
}
}
IncludeModuleLangFile(__FILE__);
$strWarning = "";
$site = CFileMan::__CheckSite($site);
$DOC_ROOT = CSite::GetSiteDocRoot($site);
$io = CBXVirtualIo::GetInstance();
$path = $GLOBALS["APPLICATION"]->ConvertCharset($path, "UTF-8", LANG_CHARSET);
$arFile = CFile::MakeFileArray($io->GetPhysicalName($path));
$arFile["tmp_name"] = CBXVirtualIoFileSystem::ConvertCharset($arFile["tmp_name"], CBXVirtualIoFileSystem::directionDecode);
$path = $io->CombinePath("/", $path);
$arPath = array($site, $path);
if (!$USER->CanDoFileOperation('fm_download_file', $arPath)) {
$strWarning = GetMessage("ACCESS_DENIED");
} else {
if (!$io->FileExists($arFile["tmp_name"])) {
$strWarning = GetMessage("FILEMAN_FILENOT_FOUND") . " ";
} elseif (!$USER->CanDoOperation('edit_php') && (HasScriptExtension($path) || substr(CFileman::GetFileName($path), 0, 1) == ".")) {
$strWarning .= GetMessage("FILEMAN_FILE_DOWNLOAD_PHPERROR") . "\n";
}
}
if (strlen($strWarning) <= 0) {
$flTmp = $io->GetFile($arFile["tmp_name"]);
$fsize = $flTmp->GetFileSize();
$bufSize = 4194304;
//4M
session_write_close();
set_time_limit(0);
header("Content-Type: application/force-download; name=\"" . $arFile["name"] . "\"");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . $fsize);
header("Content-Disposition: attachment; filename=\"" . $arFile["name"] . "\"");
header("Expires: 0");
$arErrors = array();
$arMessages = array();
if ($_SERVER["REQUEST_METHOD"] == "POST" && $_REQUEST["Export"] == "Y") {
require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_admin_js.php";
if (array_key_exists("NS", $_POST) && is_array($_POST["NS"])) {
$NS = $_POST["NS"];
} else {
$NS = array("STEP" => 0, "IBLOCK_ID" => $_REQUEST["IBLOCK_ID"], "URL_DATA_FILE" => $_REQUEST["URL_DATA_FILE"], "SECTIONS_FILTER" => $_REQUEST["SECTIONS_FILTER"], "ELEMENTS_FILTER" => $_REQUEST["ELEMENTS_FILTER"], "DOWNLOAD_CLOUD_FILES" => $_REQUEST["DOWNLOAD_CLOUD_FILES"] === "N" ? "N" : "Y", "next_step" => array());
}
$NS["catalog"] = CModule::IncludeModule('catalog');
//We have to strongly check all about file names at server side
$ABS_FILE_NAME = false;
$WORK_DIR_NAME = false;
if (isset($NS["URL_DATA_FILE"]) && strlen($NS["URL_DATA_FILE"]) > 0) {
$filename = trim(str_replace("\\", "/", trim($NS["URL_DATA_FILE"])), "/");
if (preg_match('/[^a-zA-Z0-9\\s!#\\$%&\\(\\)\\[\\]\\{\\}+\\.;=@\\^_\\~\\/\\\\\\-]/i', $filename) || HasScriptExtension($filename)) {
$arErrors[] = GetMessage("IBLOCK_CML2_FILE_NAME_ERROR");
} else {
$FILE_NAME = rel2abs($_SERVER["DOCUMENT_ROOT"], "/" . $filename);
if (strlen($FILE_NAME) > 1 && $FILE_NAME === "/" . $filename) {
$ABS_FILE_NAME = $_SERVER["DOCUMENT_ROOT"] . $FILE_NAME;
if (strtolower(substr($ABS_FILE_NAME, -4)) != ".xml") {
$ABS_FILE_NAME .= ".xml";
}
$WORK_DIR_NAME = substr($ABS_FILE_NAME, 0, strrpos($ABS_FILE_NAME, "/") + 1);
}
}
}
$fp = false;
if (!check_bitrix_sessid()) {
$arErrors[] = GetMessage("IBLOCK_CML2_ACCESS_DENIED");
public function Search($file)
{
global $APPLICATION, $USER;
if ($this->maxResultCount && count($this->Result) >= $this->maxResultCount) {
return "stop";
}
if ($this->bSkip) {
if ($file == $this->Params['lastPath']) {
$this->bSkip = false;
} else {
return;
}
// Files was handled earlier
}
$io = CBXVirtualIo::GetInstance();
$bIsDir = $io->DirectoryExists($file);
$replFileCount = 0;
if ($bIsDir && !$this->Params['bDirsToo']) {
return;
}
$entity = $bIsDir ? $io->GetDirectory($file) : $io->GetFile($file);
$path = CFilemanUtils::TrimPath($file, $this->docRoot);
$arPath = array($this->Params['site'], $path);
// Check access
if (!$USER->CanDoFileOperation('fm_view_file', $arPath)) {
return;
}
$name = CFileman::GetFileName($file);
// Name of file or dir
// Check filename
if ($this->Params['fileName'] != "") {
if (!$this->Params['bCaseSens']) {
$name = strtolower($name);
$this->Params['fileName'] = strtolower($this->Params['fileName']);
}
// Simple find in file name
if (strpos($this->Params['fileName'], "*") === false) {
if (strpos($name, $this->Params['fileName']) === false) {
return;
}
} else {
$pattern = str_replace('.', '\\.', $this->Params['fileName']);
$pattern = str_replace('/', '', $pattern);
$pattern = str_replace('*', '.*', $pattern);
if (!preg_match('/^' . $pattern . '$/i', $io->ExtractNameFromPath($file))) {
return;
}
}
}
if (!$bIsDir) {
// Check filesize
$size = $entity->GetFileSize();
// Filesize limits in Kb
if ($this->Params['sizeFrom'] > 0 && $size < $this->Params['sizeFrom'] * 1024 || $this->Params['sizeTo'] > 0 && $size > $this->Params['sizeTo'] * 1024) {
return;
}
} else {
$size = 0;
}
// Check filetime
$time = $entity->GetModificationTime() + CTimeZone::GetOffset();
if ($this->Params['dateFrom'] && $time < MakeTimeStamp($this->Params['dateFrom'], CLang::GetDateFormat("FULL")) || $this->Params['dateTo'] && $time > MakeTimeStamp($this->Params['dateTo'], CLang::GetDateFormat("FULL"))) {
return;
}
if ($this->Params['phrase'] != "") {
// File size limits or it's dir or access denied
if ($size > $this->maxFileOpenSize || $bIsDir || $this->bReplace && !$USER->CanDoFileOperation('fm_edit_existent_file', $arPath)) {
return;
}
$fTmp = $io->GetFile($file);
$phrase = $this->Params['phrase'];
$fileContent = str_replace("\r\n", "\n", $fTmp->GetContents());
$origFileContent = $fileContent;
$isPHP = CFileman::IsPHP($fileContent) || HasScriptExtension($path) || substr($name, 0, 1) == ".";
if (!$this->Params['bCaseSens']) {
$phrase = strtolower($phrase);
$fileContent = strtolower($fileContent);
}
$I_PCRE_MODIFIER = $this->Params['bCaseSens'] ? '' : 'i';
// TODO: Add check Entire word
//$this->Params['entire']
if (strpos($fileContent, $phrase) === false) {
return;
}
if ($this->bReplace) {
if ($isPHP && !$USER->CanDoOperation('edit_php')) {
return;
}
// User can't write PHP files
$pattern = '/' . preg_quote($this->Params['phrase'], '/') . '/' . $I_PCRE_MODIFIER . BX_UTF_PCRE_MODIFIER;
$res = array();
preg_match_all($pattern, $origFileContent, $res);
$origFileContent = preg_replace($pattern, $this->Params['replacePhrase'], $origFileContent);
$replFileCount = count($res[0]);
$APPLICATION->SaveFileContent($file, $origFileContent);
} else {
if ($isPHP && !($USER->CanDoOperation('edit_php') || $USER->CanDoFileOperation('fm_lpa', $arPath))) {
return;
}
// User can't read PHP files
$pattern = '/' . preg_quote($this->Params['phrase'], '/') . '/' . $I_PCRE_MODIFIER . BX_UTF_PCRE_MODIFIER;
// Only for LPA. All php fragments will be cutted off
if ($USER->CanDoFileOperation('fm_lpa', $arPath) && !$USER->CanDoOperation('edit_php')) {
$origFileContent = CMain::ProcessLPA($origFileContent, '');
}
$res = array();
preg_match_all($pattern, $origFileContent, $res);
$replFileCount = count($res[0]);
}
}
$this->Result[] = array('path' => $path, 'size' => $size, 'b_dir' => $bIsDir, 'time' => $time, 'str_date' => date(CDatabase::DateFormatToPHP(CLang::GetDateFormat("FULL")), $time), 'str_size' => $bIsDir ? "" : CFile::FormatSize($size), 'type_src' => "/bitrix/images/fileman/types/" . ($bIsDir ? "folder" : CFileMan::GetFileTypeEx($file)) . ".gif", 'repl_count' => $replFileCount);
}
$is_archive = CBXArchive::IsArchive($fpath);
if ($is_archive) {
$arActions[] = array("ICON" => "unpack", "TEXT" => GetMessage("FILEMAN_ADMIN_ARC_UNPACK"), "ACTION" => "window.PackUnpackRun(['" . CUtil::JSEscape($fpath) . "'], false); return false;");
}
}
if ($USER->CanDoFileOperation('fm_rename_' . $type, $arPath)) {
$arActions[] = array("SEPARATOR" => true);
$arActions[] = array("ICON" => "rename", "TEXT" => GetMessage("FILEMAN_RENAME_SAVE"), "ACTION" => 'setCheckbox(\'' . addslashes($f_NAME) . '\'); if(' . $lAdmin->table_id . '.IsActionEnabled(\'edit\')){document.forms[\'form_' . $lAdmin->table_id . '\'].elements[\'action_button\'].value=\'edit\'; ' . $lAdmin->ActionPost() . '}else{document.location.href=\'fileman_rename.php?' . $addUrl . '&path=' . urlencode($path) . '&site=' . $site . '&files[]=' . CFileman::GetFileName($arPath[1]) . '\'}');
}
// Copy
if ($USER->CanDoFileOperation('fm_view_file', $arPath) && ($USER->CanDoOperation('edit_php') || $USER->CanDoFileOperation('fm_lpa', $arPath) || !(HasScriptExtension($f_NAME) || substr($Elem["NAME"], 0, 1) == ".")) && $Elem["TYPE"] == "F" || $Elem["TYPE"] == "D" && $USER->CanDoFileOperation('fm_view_listing', $arPath)) {
$arActions[] = array("ICON" => "copy", "TEXT" => GetMessage("FILEMAN_ADM_COPY"), "ACTION" => "window.CopyMoveRun([{'path' : '" . CUtil::JSEscape($fpath) . "', 'isDir' : '" . $arrIsDir[$fpath] . "'}], true); return false;");
}
// Move
if ($USER->CanDoOperation('fileman_admin_folders') && $USER->CanDoFileOperation('fm_delete_' . $type, $arPath)) {
if ($USER->CanDoFileOperation('fm_view_file', $arPath) && ($USER->CanDoOperation('edit_php') || $USER->CanDoFileOperation('fm_lpa', $arPath) || !(HasScriptExtension($f_NAME) || substr($Elem["NAME"], 0, 1) == ".")) && $Elem["TYPE"] == "F" || $Elem["TYPE"] == "D" && $USER->CanDoFileOperation('fm_view_listing', $arPath)) {
$arActions[] = array("ICON" => "move", "TEXT" => GetMessage("FILEMAN_ADM_MOVE"), "ACTION" => "window.CopyMoveRun([{'path' : '" . CUtil::JSEscape($fpath) . "', 'isDir' : '" . $arrIsDir[$fpath] . "'}], false); return false;");
}
$arActions[] = array("ICON" => "delete", "TEXT" => GetMessage("FILEMAN_ADMIN_DELETE"), "ACTION" => "if(confirm('" . GetMessage('FILEMAN_ALERT_DELETE') . "')) " . $lAdmin->ActionDoGroup(urlencode($f_NAME), "delete", $addUrl . "&site=" . urlencode($site) . "&path=" . urlencode($path) . "&show_perms_for=" . IntVal($show_perms_for)));
}
if ($USER->CanDoFileOperation('fm_edit_permission', $arPath)) {
$arActions[] = array("SEPARATOR" => true);
$arActions[] = array("ICON" => "access", "TEXT" => GetMessage("FILEMAN_ADMIN_ACCESS_PERMS_B"), "ACTION" => "setCheckbox('" . Cutil::JSEscape($f_NAME) . "'); setAccess('" . Cutil::JSEscape($site) . "', '" . Cutil::JSEscape(urlencode($path)) . "');");
if (!CFileMan::IsWindows()) {
// $arActions[] = Array(
// "ICON" => "access",
// "TEXT" => GetMessage("FILEMAN_ADMIN_ACCESS_PERMS"),
// "TITLE" => GetMessage("FM_UTIL_SERVER_PERM_TITLE"),
// "ACTION" => "setCheckbox('".Cutil::JSEscape($f_NAME)."'); setAccess('".Cutil::JSEscape($site)."', '".Cutil::JSEscape($path)."', true);"
// );
}
private function _extractList($p_path, &$p_list_detail, $p_mode, $p_file_list, $p_remove_path)
{
$v_result = true;
$v_nb = 0;
$v_extract_all = true;
$v_listing = false;
$p_path = str_replace("\\", "/", $p_path);
$p_path = $this->io->GetPhysicalName($p_path);
if ($p_path == '' || substr($p_path, 0, 1) != '/' && substr($p_path, 0, 3) != "../" && !strpos($p_path, ':')) {
$p_path = "./" . $p_path;
}
$p_remove_path = str_replace("\\", "/", $p_remove_path);
if ($p_remove_path != '' && substr($p_remove_path, -1) != '/') {
$p_remove_path .= '/';
}
$p_remove_path_size = strlen($p_remove_path);
switch ($p_mode) {
case "complete":
$v_extract_all = TRUE;
$v_listing = FALSE;
break;
case "partial":
$v_extract_all = FALSE;
$v_listing = FALSE;
break;
case "list":
$v_extract_all = FALSE;
$v_listing = TRUE;
break;
default:
$this->_arErrors[] = array("ERR_PARAM", str_replace("#EXTRACT_MODE#", $p_mode, GetMessage("MAIN_ARCHIVE_ERR_PARAM")));
return false;
}
clearstatcache();
while (self::$bMbstring ? mb_strlen($v_binary_data = $this->_readBlock(), "latin1") : strlen($v_binary_data = $this->_readBlock()) != 0) {
$v_extract_file = FALSE;
$v_extraction_stopped = 0;
if (!$this->_readHeader($v_binary_data, $v_header)) {
return false;
}
if ($v_header['filename'] == '') {
continue;
}
// ----- Look for long filename
if ($v_header['typeflag'] == 'L') {
if (!$this->_readLongHeader($v_header)) {
return false;
}
}
if (!$v_extract_all && is_array($p_file_list)) {
// ----- By default no unzip if the file is not found
$v_extract_file = false;
$l = count($p_file_list);
for ($i = 0; $i < $l; $i++) {
// ----- Look if it is a directory
if (substr($p_file_list[$i], -1) == '/') {
// ----- Look if the directory is in the filename path
if (strlen($v_header['filename']) > strlen($p_file_list[$i]) && substr($v_header['filename'], 0, strlen($p_file_list[$i])) == $p_file_list[$i]) {
$v_extract_file = TRUE;
break;
}
} elseif ($p_file_list[$i] == $v_header['filename']) {
// ----- It is a file, so compare the file names
$v_extract_file = TRUE;
break;
}
}
} else {
$v_extract_file = TRUE;
}
// ----- Look if this file need to be extracted
if ($v_extract_file && !$v_listing) {
if ($p_remove_path != '' && substr($v_header['filename'], 0, $p_remove_path_size) == $p_remove_path) {
$v_header['filename'] = substr($v_header['filename'], $p_remove_path_size);
}
if ($p_path != './' && $p_path != '/') {
while (substr($p_path, -1) == '/') {
$p_path = substr($p_path, 0, strlen($p_path) - 1);
}
if (substr($v_header['filename'], 0, 1) == '/') {
$v_header['filename'] = $p_path . $v_header['filename'];
} else {
$v_header['filename'] = $p_path . '/' . $v_header['filename'];
}
}
if (file_exists($v_header['filename'])) {
if (@is_dir($v_header['filename']) && $v_header['typeflag'] == '') {
$this->_arErrors[] = array("DIR_EXISTS", str_replace("#FILE_NAME#", removeDocRoot($this->io->GetLogicalName($v_header['filename'])), GetMessage("MAIN_ARCHIVE_DIR_EXISTS")));
return false;
}
if (is_file($v_header['filename']) && $v_header['typeflag'] == "5") {
$this->_arErrors[] = array("FILE_EXISTS", str_replace("#FILE_NAME#", removeDocRoot($this->io->GetLogicalName($v_header['filename'])), GetMessage("MAIN_ARCHIVE_FILE_EXISTS")));
return false;
}
if (!is_writeable($v_header['filename'])) {
$this->_arErrors[] = array("FILE_PERMS", str_replace("#FILE_NAME#", removeDocRoot($this->io->GetLogicalName($v_header['filename'])), GetMessage("MAIN_ARCHIVE_FILE_PERMS")));
return false;
}
} elseif (($v_result = $this->_dirCheck($v_header['typeflag'] == "5" ? $v_header['filename'] : dirname($v_header['filename']))) != 1) {
$this->_arErrors[] = array("NO_DIR", str_replace("#FILE_NAME#", removeDocRoot($this->io->GetLogicalName($v_header['filename'])), GetMessage("MAIN_ARCHIVE_NO_DIR")));
return false;
}
if ($v_extract_file) {
$logicalFilename = $this->io->GetLogicalName($v_header['filename']);
if ((HasScriptExtension($v_header['filename']) || IsFileUnsafe($v_header['filename']) || !$this->io->ValidatePathString($logicalFilename) || !$this->io->ValidateFilenameString(GetFileName($logicalFilename))) && $this->CheckBXPermissions == true) {
$this->_jumpBlock(ceil($v_header['size'] / 512));
} elseif (file_exists($v_header['filename']) && $this->ReplaceExistentFiles || !file_exists($v_header['filename'])) {
if ($v_header['typeflag'] == "5") {
if (!@file_exists($v_header['filename'])) {
if (!@mkdir($v_header['filename'], FX_DIR_PERMISSIONS)) {
$this->_arErrors[] = array("ERR_CREATE_DIR", str_replace("#DIR_NAME#", removeDocRoot($this->io->GetLogicalName($v_header['filename'])), GetMessage("MAIN_ARCHIVE_ERR_CREATE_DIR")));
return false;
}
}
} else {
if (($v_dest_file = @fopen($v_header['filename'], "wb")) == 0) {
$this->_arErrors[] = array("ERR_CREATE_FILE", str_replace("#FILE_NAME#", removeDocRoot($this->io->GetLogicalName($v_header['filename'])), GetMessage("MAIN_ARCHIVE_ERR_CREATE_FILE")));
return false;
} else {
$n = floor($v_header['size'] / 512);
for ($i = 0; $i < $n; $i++) {
$v_content = $this->_readBlock();
fwrite($v_dest_file, $v_content, 512);
}
if ($v_header['size'] % 512 != 0) {
$v_content = $this->_readBlock();
fwrite($v_dest_file, $v_content, $v_header['size'] % 512);
}
@fclose($v_dest_file);
@chmod($v_header['filename'], FX_FILE_PERMISSIONS);
@touch($v_header['filename'], $v_header['mtime']);
}
clearstatcache();
if (filesize($v_header['filename']) != $v_header['size']) {
$this->_arErrors[] = array("ERR_SIZE_CHECK", str_replace(array("#FILE_NAME#", "#SIZE#", "#EXP_SIZE#"), array(removeDocRoot($v_header['size']), filesize($v_header['filename']), $v_header['size']), GetMessage("MAIN_ARCHIVE_ERR_SIZE_CHECK")));
return false;
}
}
} else {
$this->_jumpBlock(ceil($v_header['size'] / 512));
}
} else {
$this->_jumpBlock(ceil($v_header['size'] / 512));
}
} else {
$this->_jumpBlock(ceil($v_header['size'] / 512));
}
if ($v_listing || $v_extract_file || $v_extraction_stopped) {
if (($v_file_dir = dirname($v_header['filename'])) == $v_header['filename']) {
$v_file_dir = '';
}
if (substr($v_header['filename'], 0, 1) == '/' && $v_file_dir == '') {
$v_file_dir = '/';
}
$p_list_detail[$v_nb++] = $v_header;
}
}
return true;
}
public static function IsBaseFilenameSafe($filename)
{
$isUnSafe = IsFileUnsafe($filename) || HasScriptExtension($filename) || !(preg_match("#^[^\\\\/:*?\"\\'~%<>|]+\$#is", $filename) > 0);
return !$isUnSafe;
}
if (!$ismenu) {
$aDDMenuEdit[] = array("TEXT" => GetMessage("FILEMAN_FILEEDIT_AS_TXT"), "ACTION" => "window.location='fileman_file_edit.php?" . $addUrl . "&site=" . Urlencode($site) . "&path=" . UrlEncode($path) . ($new == 'y' ? "&new=Y" : "") . (strlen($back_url) > 0 ? "&back_url=" . urlencode($back_url) : "") . (strlen($template) > 0 ? "&template=" . urlencode($template) : "") . (strlen($template) > 0 ? "&template=" . urlencode($template) : "") . (strlen($templateID) > 0 ? "&templateID=" . urlencode($templateID) : "") . "';");
}
if ($USER->CanDoOperation('edit_php')) {
$aDDMenuEdit[] = array("TEXT" => GetMessage("FILEMAN_FILEEDIT_AS_PHP"), "ACTION" => "window.location='fileman_file_edit.php?" . $addUrl . "&site=" . Urlencode($site) . "&path=" . UrlEncode($path) . "&full_src=Y" . ($new == 'y' ? "&new=Y" : "") . (strlen($back_url) > 0 ? "&back_url=" . urlencode($back_url) : "") . (strlen($template) > 0 ? "&template=" . urlencode($template) : "") . (strlen($template) > 0 ? "&template=" . urlencode($template) : "") . (strlen($templateID) > 0 ? "&templateID=" . urlencode($templateID) : "") . "';");
}
if ($ismenu) {
$aDDMenuEdit[] = array("TEXT" => GetMessage("FILEMAN_FILEEDIT_AS_MENU"), "ACTION" => "window.location='fileman_menu_edit.php?" . $addUrl . "&site=" . Urlencode($site) . "&path=" . UrlEncode($arParsedPath["PREV"]) . "&name=" . UrlEncode($regs[1]) . ($new == 'y' ? "&new=Y" : "") . (strlen($back_url) > 0 ? "&back_url=" . urlencode($back_url) : "") . "';");
}
$aDDMenuEdit[] = array("TEXT" => GetMessage("FILEMAN_FILEEDIT_AS_HTML"), "ACTION" => "return;", "ICON" => "checked");
$aMenu[] = array("TEXT" => GetMessage("FILEMAN_FILE_EDIT"), "TITLE" => GetMessage("FILEMAN_FILE_EDIT"), "MENU" => $aDDMenuEdit);
if ($bEdit) {
if ($USER->CanDoFileOperation('fm_rename_file', $arPath)) {
$aMenu[] = array("TEXT" => GetMessage("FILEMAN_FILEEDIT_RENAME"), "LINK" => "fileman_rename.php?" . $addUrl . "&site=" . Urlencode($site) . "&path=" . UrlEncode($arParsedPath["PREV"]) . "&files[]=" . UrlEncode($arParsedPath["LAST"]));
}
if ($USER->CanDoFileOperation('fm_download_file', $arPath) && !(HasScriptExtension($path) || substr(CFileman::GetFileName($path), 0, 1) == ".") || $USER->CanDoOperation('edit_php')) {
$aMenu[] = array("TEXT" => GetMessage("FILEMAN_FILEEDIT_DOWNLOAD"), "LINK" => "fileman_file_download.php?" . $addUrl . "&site=" . Urlencode($site) . "&path=" . UrlEncode($path));
}
if ($USER->CanDoFileOperation('fm_delete_file', $arPath)) {
$folder_path = substr($path, 0, strrpos($path, "/"));
$id = GetFileName($path);
$aMenu[] = array("TEXT" => GetMessage("FILEMAN_FILE_DELETE"), "LINK" => "javascript:if(confirm('" . GetMessage("FILEMAN_FILE_DELETE_CONFIRM") . "')) window.location='/bitrix/admin/fileman_admin.php?ID=" . urlencode($id) . "&action=delete&" . $addUrl . "&site=" . urlencode($site) . "&path=" . urlencode($folder_path) . "&" . bitrix_sessid_get() . "';", "TITLE" => GetMessage("FILEMAN_FILE_DELETE"));
}
}
$context = new CAdminContextMenu($aMenu);
$context->Show();
global $__fd_path;
$__fd_path = $bEdit ? $arParsedPath["PREV"] : $path;
$arContextTemplates = array();
$arTemplates = CFileman::GetFileTemplates(LANGUAGE_ID, array($site_template));
$cntTempl = count($arTemplates);
"ELEMENTS_FILTER" => $_REQUEST["ELEMENTS_FILTER"],
"DOWNLOAD_CLOUD_FILES" => $_REQUEST["DOWNLOAD_CLOUD_FILES"] === "N"? "N": "Y",
"next_step" => array(),
);
$NS["catalog"] = CModule::IncludeModule('catalog');
//We have to strongly check all about file names at server side
$ABS_FILE_NAME = false;
$WORK_DIR_NAME = false;
if(isset($NS["URL_DATA_FILE"]) && (strlen($NS["URL_DATA_FILE"])>0))
{
$filename = trim(str_replace("\\", "/", trim($NS["URL_DATA_FILE"])), "/");
if (
preg_match('/[^a-zA-Z0-9\s!#\$%&\(\)\[\]\{\}+\.;=@\^_\~\/\\\\\-]/i', $filename)
|| HasScriptExtension($filename)
)
{
$arErrors[] = GetMessage("IBLOCK_CML2_FILE_NAME_ERROR");
}
else
{
$FILE_NAME = rel2abs($_SERVER["DOCUMENT_ROOT"], "/".$filename);
if((strlen($FILE_NAME) > 1) && ($FILE_NAME === "/".$filename))
{
$ABS_FILE_NAME = $_SERVER["DOCUMENT_ROOT"].$FILE_NAME;
if (strtolower(substr($ABS_FILE_NAME, -4)) != ".xml")
$ABS_FILE_NAME .= ".xml";
$WORK_DIR_NAME = substr($ABS_FILE_NAME, 0, strrpos($ABS_FILE_NAME, "/")+1);
}
}
public static function UnZip($file_name, $last_zip_entry = "", $start_time = 0, $interval = 0)
{
global $APPLICATION;
$io = CBXVirtualIo::GetInstance();
//Function and securioty checks
if (!function_exists("zip_open")) {
return false;
}
$dir_name = substr($file_name, 0, strrpos($file_name, "/") + 1);
if (strlen($dir_name) <= strlen($_SERVER["DOCUMENT_ROOT"])) {
return false;
}
$hZip = zip_open($file_name);
if (!$hZip) {
return false;
}
//Skip from last step
if ($last_zip_entry) {
while ($entry = zip_read($hZip)) {
if (zip_entry_name($entry) == $last_zip_entry) {
break;
}
}
}
$io = CBXVirtualIo::GetInstance();
//Continue unzip
while ($entry = zip_read($hZip)) {
$entry_name = zip_entry_name($entry);
//Check for directory
zip_entry_open($hZip, $entry);
if (zip_entry_filesize($entry)) {
$file_name = trim(str_replace("\\", "/", trim($entry_name)), "/");
$file_name = $APPLICATION->ConvertCharset($file_name, "cp866", LANG_CHARSET);
$file_name = preg_replace("#^import_files/tmp/webdata/\\d+/\\d+/import_files/#", "import_files/", $file_name);
$bBadFile = HasScriptExtension($file_name) || IsFileUnsafe($file_name) || !$io->ValidatePathString("/" . $file_name);
if (!$bBadFile) {
$file_name = $io->GetPhysicalName($dir_name . rel2abs("/", $file_name));
CheckDirPath($file_name);
$fout = fopen($file_name, "wb");
if (!$fout) {
return false;
}
while ($data = zip_entry_read($entry, 102400)) {
$data_len = function_exists('mb_strlen') ? mb_strlen($data, 'latin1') : strlen($data);
$result = fwrite($fout, $data);
if ($result !== $data_len) {
return false;
}
}
}
}
zip_entry_close($entry);
//Jump to next step
if ($interval > 0 && time() - $start_time > $interval) {
zip_close($hZip);
return $entry_name;
}
}
zip_close($hZip);
return true;
}
}
if (strlen($delimiter_r_char) != 1)
$strError .= GetMessage("IBLOCK_ADM_EXP_NO_DELIMITER")."<br>";
if (strlen($strError) <= 0)
$csvFile->SetDelimiter($delimiter_r_char);
if (strlen($_REQUEST["DATA_FILE_NAME"]) <= 0)
{
$strError .= GetMessage("IBLOCK_ADM_EXP_NO_FILE_NAME")."<br>";
}
elseif (
preg_match('/[^a-zA-Z0-9\s!#\$%&\(\)\[\]\{\}+\.;=@\^_\~\/\\\\\-]/i', $_REQUEST["DATA_FILE_NAME"])
|| preg_match('/^[a-z]+:\\/\\//i', $_REQUEST["DATA_FILE_NAME"])
|| HasScriptExtension($_REQUEST["DATA_FILE_NAME"])
)
{
$strError .= GetMessage("IBLOCK_ADM_EXP_FILE_NAME_ERROR")."<br>";
}
else
{
$DATA_FILE_NAME = Rel2Abs("/", $_REQUEST["DATA_FILE_NAME"]);
if (strtolower(substr($DATA_FILE_NAME, strlen($DATA_FILE_NAME)-4)) != ".csv")
$DATA_FILE_NAME .= ".csv";
}
if (strlen($strError) <= 0)
{
$fp = fopen($_SERVER["DOCUMENT_ROOT"].$DATA_FILE_NAME, "w");
if(!is_resource($fp))
}
$_SESSION["BX_CML2_EXPORT"]["zip"] = $arParams["USE_ZIP"] && function_exists("zip_open");
echo "zip=" . ($_SESSION["BX_CML2_EXPORT"]["zip"] ? "yes" : "no") . "\n";
echo "file_limit=0\n";
}
} elseif ($_GET["mode"] == "file") {
$DIR_NAME = "/" . COption::GetOptionString("main", "upload_dir", "upload") . "/1c_exchange/";
$ABS_FILE_NAME = false;
$WORK_DIR_NAME = false;
if (isset($_GET["filename"]) && strlen($_GET["filename"]) > 0) {
//This check for 1c server on linux
$filename = preg_replace("#^(/tmp/|upload/1c/webdata)#", "", $_GET["filename"]);
//Filter file name crap all alone
$filename = preg_replace("/[^a-zA-Z0-9_.\\/\\\\]/", "", $filename);
$io = CBXVirtualIo::GetInstance();
$bBadFile = HasScriptExtension($filename) || IsFileUnsafe($filename) || !$io->ValidatePathString("/" . $filename);
if (!$bBadFile) {
$filename = trim(str_replace("\\", "/", trim($filename)), "/");
$FILE_NAME = rel2abs($_SERVER["DOCUMENT_ROOT"] . $DIR_NAME, "/" . $filename);
if (strlen($FILE_NAME) > 1 && $FILE_NAME === "/" . $filename) {
$ABS_FILE_NAME = $_SERVER["DOCUMENT_ROOT"] . $DIR_NAME . $FILE_NAME;
$WORK_DIR_NAME = substr($ABS_FILE_NAME, 0, strrpos($ABS_FILE_NAME, "/") + 1);
}
}
}
if ($ABS_FILE_NAME) {
if (function_exists("file_get_contents")) {
$DATA = file_get_contents("php://input");
} elseif (isset($GLOBALS["HTTP_RAW_POST_DATA"])) {
$DATA =& $GLOBALS["HTTP_RAW_POST_DATA"];
} else {
if ($REQUEST_METHOD == "POST" && strlen($save) > 0 && check_bitrix_sessid()) {
$pathTmp = $path;
foreach ($arFiles as $ind => $file) {
$newfilename = $filename[$ind];
if (strlen($newfilename) <= 0) {
$strWarning .= GetMessage("FILEMAN_RENAME_NEW_NAME") . " \"" . $file . "\"!\n";
} elseif (($mess = CFileMan::CheckFileName($newfilename)) !== true) {
$strWarning = $mess;
} else {
$pathto = Rel2Abs($path, $newfilename);
if (!$USER->CanDoFileOperation('fm_create_new_file', array($site, $pathto))) {
$strWarning .= GetMessage("FILEMAN_RENAME_ACCESS_ERROR") . "\n";
} elseif (!$USER->CanDoOperation('edit_php') && (substr(CFileman::GetFileName($file), 0, 1) == "." || substr(CFileman::GetFileName($pathto), 0, 1) == "." || !HasScriptExtension($file) && HasScriptExtension($pathto))) {
// if not admin and renaming from non PHP to PHP
$strWarning .= GetMessage("FILEMAN_RENAME_TOPHPFILE_ERROR") . "\n";
} elseif (!$USER->CanDoOperation('edit_php') && HasScriptExtension($file) && !HasScriptExtension($pathto)) {
// if not admin and renaming from PHP to non PHP
$strWarning .= GetMessage("FILEMAN_RENAME_FROMPHPFILE_ERROR") . "\n";
} else {
$pathparsedtmp = CFileMan::ParsePath(array($site, $pathto), false, false, "", $logical == "Y");
$strWarningTmp = CFileMan::CreateDir($pathparsedtmp["PREV"]);
if (strlen($strWarningTmp) > 0) {
$strWarning .= $strWarningTmp;
} else {
if (!$io->FileExists($DOC_ROOT . $path . "/" . $file)) {
$strWarning .= GetMessage("FILEMAN_RENAME_FILE") . " \"" . $path . "/" . $file . "\" " . GetMessage("FILEMAN_RENAME_NOT_FOUND") . "!\n";
} elseif (!$io->Rename($DOC_ROOT . $path . "/" . $file, $DOC_ROOT . $pathto)) {
$strWarning .= GetMessage("FILEMAN_RENAME_ERROR") . " \"" . $path . "/" . $file . "\" " . GetMessage("FILEMAN_RENAME_IN") . " \"" . $pathto . "\"!\n";
} else {
$APPLICATION->CopyFileAccessPermission(array($site, $path . "/" . $file), array($site, $pathto));
$APPLICATION->RemoveFileAccessPermission(array($site, $path . "/" . $file));
if (!isset($SETUP_FILE_NAME) || strlen($SETUP_FILE_NAME) <= 0) {
$arSetupErrors[] = GetMessage("CATI_NO_SAVE_FILE");
}
if (empty($arSetupErrors)) {
$SETUP_FILE_NAME = str_replace('//', '/', $strCatalogDefaultFolder . Rel2Abs("/", $SETUP_FILE_NAME));
if (preg_match(BX_CATALOG_FILENAME_REG, $SETUP_FILE_NAME)) {
$arSetupErrors[] = GetMessage("CES_ERROR_BAD_EXPORT_FILENAME");
} elseif ($strCatalogDefaultFolder == $SETUP_FILE_NAME) {
$arSetupErrors[] = GetMessage("CATI_NO_SAVE_FILE");
}
}
if (empty($arSetupErrors)) {
if (strtolower(substr($SETUP_FILE_NAME, strlen($SETUP_FILE_NAME) - 4)) != ".csv") {
$SETUP_FILE_NAME .= ".csv";
}
if (HasScriptExtension($SETUP_FILE_NAME)) {
$arSetupErrors[] = GetMessage("CES_ERROR_BAD_EXPORT_FILENAME_EXTENTIONS");
}
}
if (empty($arSetupErrors)) {
if ($APPLICATION->GetFileAccessPermission($SETUP_FILE_NAME) < "W") {
$arSetupErrors[] = str_replace("#FILE#", $SETUP_FILE_NAME, GetMessage('CATI_NO_RIGHTS_FILE'));
} else {
CheckDirPath($_SERVER["DOCUMENT_ROOT"] . $SETUP_FILE_NAME);
if (!($fp = fopen($_SERVER["DOCUMENT_ROOT"] . $SETUP_FILE_NAME, "wb"))) {
$arSetupErrors[] = GetMessage("CATI_CANNOT_CREATE_FILE");
} else {
fclose($fp);
unlink($_SERVER["DOCUMENT_ROOT"] . $SETUP_FILE_NAME);
}
}
$arFile["name"] = CFileman::GetFileName($arFile["name"]);
$filename = ${"filename_" . $i};
if (strlen($filename) <= 0) {
$filename = $arFile["name"];
}
$pathto = Rel2Abs($path, $filename);
if (!$USER->CanDoFileOperation('fm_upload_file', array($site, $pathto))) {
$strWarning .= GetMessage("FILEMAN_FILEUPLOAD_ACCESS_DENIED") . " \"" . $pathto . "\"\n";
} elseif ($arFile["error"] == 1 || $arFile["error"] == 2) {
$strWarning .= GetMessage("FILEMAN_FILEUPLOAD_SIZE_ERROR", array('#FILE_NAME#' => $pathto)) . "\n";
} elseif (($mess = CFileMan::CheckFileName(str_replace('/', '', $pathto))) !== true) {
$strWarning .= $mess . ".\n";
} else {
if ($io->FileExists($DOC_ROOT . $pathto)) {
$strWarning .= GetMessage("FILEMAN_FILEUPLOAD_FILE_EXISTS1") . " \"" . $pathto . "\" " . GetMessage("FILEMAN_FILEUPLOAD_FILE_EXISTS2") . ".\n";
} elseif (!$USER->IsAdmin() && (HasScriptExtension($pathto) || substr(CFileman::GetFileName($pathto), 0, 1) == ".")) {
$strWarning .= GetMessage("FILEMAN_FILEUPLOAD_PHPERROR") . " \"" . $pathto . "\".\n";
} else {
$bQuota = true;
if (COption::GetOptionInt("main", "disk_space") > 0) {
$f = $io->GetFile($arFile["tmp_name"]);
$bQuota = false;
$size = $f->GetFileSize();
$quota = new CDiskQuota();
if ($quota->checkDiskQuota(array("FILE_SIZE" => $size))) {
$bQuota = true;
}
}
if ($bQuota) {
if (!$io->Copy($arFile["tmp_name"], $DOC_ROOT . $pathto)) {
$strWarning .= GetMessage("FILEMAN_FILEUPLOAD_FILE_CREATE_ERROR") . " \"" . $pathto . "\"\n";