예제 #1
1
 function CheckRights($method, $strong, &$path)
 {
     $result = true;
     if (!parent::CheckRights($method)) {
         $result = false;
         $GLOBALS["APPLICATION"]->ThrowException(GetMessage('WD_ACCESS_DENIED'), 'ACCESS_DENIED');
     } elseif ($path != '') {
         $io = CBXVirtualIo::GetInstance();
         $path = $io->CombinePath($this->_udecode($path));
         $strFileName = GetFileName($path);
         $extention = "." . strtolower(GetFileExtension($strFileName));
         if (in_array($method, array("COPY", "MOVE", "PUT"))) {
             if (!$GLOBALS["USER"]->IsAdmin() && HasScriptExtension($strFileName)) {
                 $result = false;
                 $GLOBALS['APPLICATION']->ThrowException(GetMessage("WD_FILE_ERROR13"), "FORBIDDEN_EXTENTION");
             } elseif (IsFileUnsafe($strFileName) || $strFileName == "index.php") {
                 $result = false;
                 $GLOBALS['APPLICATION']->ThrowException(GetMessage("WD_FILE_ERROR14"), "FORBIDDEN_NAME");
             } elseif (!$io->ValidatePathString($io->CombinePath("/", $path)) || !$io->ValidateFilenameString($strFileName)) {
                 $result = false;
                 $GLOBALS['APPLICATION']->ThrowException(GetMessage("WD_FILE_ERROR14"), "FORBIDDEN_NAME");
             } elseif (in_array($extention, $this->arFileForbiddenExtentions["WRITE"])) {
                 $result = false;
                 $GLOBALS['APPLICATION']->ThrowException(GetMessage("WD_FILE_ERROR13"), "FORBIDDEN_EXTENTION");
             }
         } elseif (in_array($extention, $this->arFileForbiddenExtentions["READ"])) {
             $result = false;
             $GLOBALS["APPLICATION"]->ThrowException(GetMessage('WD_ACCESS_DENIED'), 'ACCESS_DENIED');
         }
     }
     return $result;
 }
예제 #2
0
 public static function GetFileContent($did, $fname, $wf_path = "", $site = false)
 {
     $err_mess = CAllWorkflow::err_mess() . "<br>Function: GetFileContent<br>Line: ";
     global $DB, $APPLICATION, $USER;
     $did = intval($did);
     // check if executable
     if ($USER->IsAdmin() || CBXVirtualIoFileSystem::ValidatePathString($fname) && !HasScriptExtension($fname)) {
         if ($did > 0) {
             // check if it is associated wtih document
             $z = CWorkflow::GetFileByID($did, $fname);
             // found one
             if ($zr = $z->Fetch()) {
                 // get it's contents
                 $path = CWorkflow::GetTempDir() . $zr["TEMP_FILENAME"];
                 if (file_exists($path)) {
                     return $APPLICATION->GetFileContent($path);
                 }
             } else {
                 // lookup in database
                 $strSql = "SELECT FILENAME, SITE_ID FROM b_workflow_document WHERE ID='{$did}'";
                 $y = $DB->Query($strSql, false, $err_mess . __LINE__);
                 // found
                 if ($yr = $y->Fetch()) {
                     // get it's directory
                     $path = GetDirPath($yr["FILENAME"]);
                     // absolute path
                     $pathto = Rel2Abs($path, $fname);
                     $DOC_ROOT = CSite::GetSiteDocRoot($yr["SITE_ID"]);
                     $path = $DOC_ROOT . $pathto;
                     // give it another try
                     $u = CWorkflow::GetFileByID($did, $pathto);
                     // found
                     if ($ur = $u->Fetch()) {
                         // get it's contents
                         $path = CWorkflow::GetTempDir() . $ur["TEMP_FILENAME"];
                         if (file_exists($path)) {
                             return $APPLICATION->GetFileContent($path);
                         }
                     } elseif (file_exists($path)) {
                         // get it's contents
                         if ($USER->CanDoFileOperation('fm_view_file', array($yr["SITE_ID"], $pathto))) {
                             return $APPLICATION->GetFileContent($path);
                         }
                     }
                 }
             }
         }
         $DOC_ROOT = CSite::GetSiteDocRoot($site);
         // new one
         if (strlen($wf_path) > 0) {
             $pathto = Rel2Abs($wf_path, $fname);
             $path = $DOC_ROOT . $pathto;
             if (file_exists($path)) {
                 // get it's contents
                 if ($USER->CanDoFileOperation('fm_view_file', array($site, $pathto))) {
                     $src = $APPLICATION->GetFileContent($path);
                     return $src;
                 }
             }
         }
         // still failed to find
         // get path
         $path = $DOC_ROOT . $fname;
         if (file_exists($path)) {
             // get it's contents
             if ($USER->CanDoFileOperation('fm_view_file', array($site, $fname))) {
                 return $APPLICATION->GetFileContent($path);
             }
         }
     } else {
         return GetMessage("FLOW_ACCESS_DENIED_PHP_VIEW");
     }
 }
예제 #3
0
파일: zip.php 프로젝트: ASDAFF/entask.ru
 private function _extractFile(&$arEntry, $path, $removePath, $removeAllPath, &$arParams)
 {
     if (($res = $this->_readFileHeader($header)) != 1) {
         return $res;
     }
     //to be checked: file header should be coherent with $arEntry info
     $arEntry["filename"] = CharsetConverter::ConvertCharset($arEntry["filename"], "cp866", $this->fileSystemEncoding);
     $arEntry["stored_filename"] = CharsetConverter::ConvertCharset($arEntry["stored_filename"], "cp866", $this->fileSystemEncoding);
     //protecting against ../ etc in file path
     //only absolute path should be in the $arEntry
     $arEntry['filename'] = _normalizePath($arEntry['filename']);
     $arEntry['stored_filename'] = _normalizePath($arEntry['stored_filename']);
     if ($removeAllPath == true) {
         $arEntry['filename'] = basename($arEntry['filename']);
     } else {
         if ($removePath != "") {
             if ($this->_containsPath($removePath, $arEntry['filename']) == 2) {
                 //change file status
                 $arEntry['status'] = "filtered";
                 return $res;
             }
             $removePath_size = strlen($removePath);
             if (substr($arEntry['filename'], 0, $removePath_size) == $removePath) {
                 //remove path
                 $arEntry['filename'] = substr($arEntry['filename'], $removePath_size);
             }
         }
     }
     //making absolute path to the extracted file out of filename stored in the zip header and passed extracting path
     if ($path != '') {
         $arEntry['filename'] = $path . "/" . $arEntry['filename'];
     }
     //pre-extract callback
     if (isset($arParams['callback_pre_extract']) && $arParams['callback_pre_extract'] != '') {
         //generate local info
         $arLocalHeader = array();
         $this->_convertHeader2FileInfo($arEntry, $arLocalHeader);
         //callback call
         eval('$res = ' . $arParams['callback_pre_extract'] . '(\'callback_pre_extract\', $arLocalHeader);');
         //change file status
         if ($res == 0) {
             $arEntry['status'] = "skipped";
             $res = 1;
         }
         //update the info, only some fields can be modified
         $arEntry['filename'] = $arLocalHeader['filename'];
     }
     //check if extraction should be done
     if ($arEntry['status'] == 'ok') {
         $logicalFilename = $this->io->GetLogicalName($arEntry['filename']);
         if ((HasScriptExtension($arEntry['filename']) || IsFileUnsafe($arEntry['filename']) || !$this->io->ValidatePathString($logicalFilename) || !$this->io->ValidateFilenameString(GetFileName($logicalFilename))) && $this->checkBXPermissions == true) {
             $arEntry['status'] = "no_permissions";
         } else {
             //if the file exists, change status
             if (file_exists($arEntry['filename'])) {
                 if (is_dir($arEntry['filename'])) {
                     $arEntry['status'] = "already_a_directory";
                 } else {
                     if (!is_writeable($arEntry['filename'])) {
                         $arEntry['status'] = "write_protected";
                     } else {
                         if (filemtime($arEntry['filename']) > $arEntry['mtime'] && !$this->replaceExistentFiles) {
                             $arEntry['status'] = "newer_exist";
                         }
                     }
                 }
             } else {
                 //check the directory availability and create it if necessary
                 if (($arEntry['external'] & 0x10) == 0x10 || substr($arEntry['filename'], -1) == '/') {
                     $checkDir = $arEntry['filename'];
                 } else {
                     if (!strstr($arEntry['filename'], "/")) {
                         $checkDir = "";
                     } else {
                         $checkDir = dirname($arEntry['filename']);
                     }
                 }
                 if (($res = $this->_checkDir($checkDir, ($arEntry['external'] & 0x10) == 0x10)) != 1) {
                     //change file status
                     $arEntry['status'] = "path_creation_fail";
                     //return $res;
                     $res = 1;
                 }
             }
         }
     }
     //check if extraction should be done
     if ($arEntry['status'] == 'ok') {
         //if not a folder - extract
         if (!(($arEntry['external'] & 0x10) == 0x10)) {
             //if zip file with 0 compression
             if ($arEntry['compression'] == 0 && $arEntry['compressed_size'] == $arEntry['size']) {
                 if (($destFile = @fopen($arEntry['filename'], 'wb')) == 0) {
                     $arEntry['status'] = "write_error";
                     return $res;
                 }
                 //reading the fileby by self::ReadBlockSize octets blocks
                 $size = $arEntry['compressed_size'];
                 while ($size != 0) {
                     $length = $size < self::ReadBlockSize ? $size : self::ReadBlockSize;
                     $buffer = fread($this->zipfile, $length);
                     $binary_data = pack('a' . $length, $buffer);
                     @fwrite($destFile, $binary_data, $length);
                     $size -= $length;
                 }
                 //close the destination file
                 fclose($destFile);
                 //changing file modification time
                 touch($arEntry['filename'], $arEntry['mtime']);
             } else {
                 if (($destFile = @fopen($arEntry['filename'], 'wb')) == 0) {
                     //change file status
                     $arEntry['status'] = "write_error";
                     return $res;
                 }
                 //read the compressed file in a buffer (one shot)
                 $buffer = @fread($this->zipfile, $arEntry['compressed_size']);
                 //decompress the file
                 $fileContent = gzinflate($buffer);
                 unset($buffer);
                 //write uncompressed data
                 @fwrite($destFile, $fileContent, $arEntry['size']);
                 unset($fileContent);
                 @fclose($destFile);
                 touch($arEntry['filename'], $arEntry['mtime']);
             }
             if (isset($arParams['set_chmod']) && $arParams['set_chmod'] != 0) {
                 chmod($arEntry['filename'], $arParams['set_chmod']);
             }
         }
     }
     //post-extract callback
     if (isset($arParams['callback_post_extract']) && $arParams['callback_post_extract'] != '') {
         //make local info
         $arLocalHeader = array();
         $this->_convertHeader2FileInfo($arEntry, $arLocalHeader);
         //callback call
         eval('$res = ' . $arParams['callback_post_extract'] . '(\'callback_post_extract\', $arLocalHeader);');
     }
     return $res;
 }
예제 #4
0
 function BaseCheckFields($val)
 {
     $arErrors = array();
     if (!is_array($val)) {
         $val = array();
     }
     // Check uploaded file
     if ($val["B_NEW_FILE"] != "N" && isset($val["FILE"])) {
         if ($val["FILE"]["error"] == 1 || $val["FILE"]["error"] == 2) {
             $arErrors[] = GetMessage("IBLOCK_PROP_VIDEO_SIZE_ERROR", array('#FILE_NAME#' => $pathto)) . "\n";
         }
         if (strlen($val["FILE"]["tmp_name"]) > 0) {
             $name = $val["FILE"]["name"];
             $name = preg_replace("/[^a-zA-Z0-9_:\\.]/is", "_", $name);
             $ext = GetFileExtension($name);
             if (strlen($ext) == 0 || HasScriptExtension($name) || substr($name, 0, 1) == ".") {
                 $arErrors[] = GetMessage("IBLOCK_PROP_VIDEO_INCORRECT_EXT", array("#EXT#" => strtoupper($ext)));
             } elseif (!is_uploaded_file($val["FILE"]["tmp_name"])) {
                 $arErrors[] = GetMessage("IBLOCK_PROP_VIDEO_UPLOAD_ERROR");
             } else {
                 $quota = new CDiskQuota();
                 if (!$quota->checkDiskQuota(array("FILE_SIZE" => $val["FILE"]["size"]))) {
                     $arErrors[] = GetMessage("IBLOCK_PROP_VIDEO_QUOTE_ERROR") . "\n";
                 }
             }
         }
     }
     return $arErrors;
 }
예제 #5
0
 function CheckFields(&$arFields, $ID = false, $bCheckDiskQuota = true)
 {
     global $DB, $APPLICATION, $USER;
     $this->LAST_ERROR = "";
     $APPLICATION->ResetException();
     if ($ID === false) {
         $db_events = GetModuleEvents("iblock", "OnStartIBlockElementAdd", true);
     } else {
         $arFields["ID"] = $ID;
         $db_events = GetModuleEvents("iblock", "OnStartIBlockElementUpdate", true);
     }
     foreach ($db_events as $arEvent) {
         $bEventRes = ExecuteModuleEventEx($arEvent, array(&$arFields));
         if ($bEventRes === false) {
             break;
         }
     }
     if (($ID === false || is_set($arFields, "NAME")) && strlen($arFields["NAME"]) <= 0) {
         $this->LAST_ERROR .= GetMessage("IBLOCK_BAD_ELEMENT_NAME") . "<br>";
     }
     if (isset($arFields["ACTIVE_FROM"]) && $arFields["ACTIVE_FROM"] != '' && !$DB->IsDate($arFields["ACTIVE_FROM"], false, LANG, "FULL")) {
         $this->LAST_ERROR .= GetMessage("IBLOCK_BAD_ACTIVE_FROM") . "<br>";
     }
     if (isset($arFields["ACTIVE_TO"]) && $arFields["ACTIVE_TO"] != '' && !$DB->IsDate($arFields["ACTIVE_TO"], false, LANG, "FULL")) {
         $this->LAST_ERROR .= GetMessage("IBLOCK_BAD_ACTIVE_TO") . "<br>";
     }
     if (is_set($arFields, "PREVIEW_PICTURE")) {
         if (is_array($arFields["PREVIEW_PICTURE"]) && array_key_exists("bucket", $arFields["PREVIEW_PICTURE"]) && is_object($arFields["PREVIEW_PICTURE"]["bucket"])) {
             //This is trusted image from xml import
         } elseif (is_array($arFields["PREVIEW_PICTURE"])) {
             $error = CFile::CheckImageFile($arFields["PREVIEW_PICTURE"]);
             if (strlen($error) > 0) {
                 $this->LAST_ERROR .= $error . "<br>";
             } elseif (($error = CFile::checkForDb($arFields, "PREVIEW_PICTURE")) !== "") {
                 $this->LAST_ERROR .= GetMessage("IBLOCK_ERR_PREVIEW_PICTURE") . "<br>" . $error . "<br>";
             }
         } elseif (intval($arFields["PREVIEW_PICTURE"]) > 0) {
             if (intval($arFields["WF_PARENT_ELEMENT_ID"]) <= 0 || CIBlockElement::DeleteFile($arFields["PREVIEW_PICTURE"], $ID, "PREVIEW", intval($arFields["WF_PARENT_ELEMENT_ID"]), $arFields["IBLOCK_ID"], true) <= 0) {
                 $this->LAST_ERROR .= GetMessage("IBLOCK_ERR_PREVIEW_PICTURE") . "<br>";
             }
         }
     }
     if (is_set($arFields, "DETAIL_PICTURE")) {
         if (is_array($arFields["DETAIL_PICTURE"]) && array_key_exists("bucket", $arFields["DETAIL_PICTURE"]) && is_object($arFields["DETAIL_PICTURE"]["bucket"])) {
             //This is trusted image from xml import
         } elseif (is_array($arFields["DETAIL_PICTURE"])) {
             $error = CFile::CheckImageFile($arFields["DETAIL_PICTURE"]);
             if (strlen($error) > 0) {
                 $this->LAST_ERROR .= $error . "<br>";
             } elseif (($error = CFile::checkForDb($arFields, "DETAIL_PICTURE")) !== "") {
                 $this->LAST_ERROR .= GetMessage("IBLOCK_ERR_DETAIL_PICTURE") . "<br>" . $error . "<br>";
             }
         } elseif (intval($arFields["DETAIL_PICTURE"]) > 0) {
             if (intval($arFields["WF_PARENT_ELEMENT_ID"]) <= 0 || CIBlockElement::DeleteFile($arFields["DETAIL_PICTURE"], $ID, "DETAIL", intval($arFields["WF_PARENT_ELEMENT_ID"]), $arFields["IBLOCK_ID"], true) <= 0) {
                 $this->LAST_ERROR .= GetMessage("IBLOCK_ERR_DETAIL_PICTURE") . "<br>";
             }
         }
     }
     if (array_key_exists("TAGS", $arFields) && CModule::IncludeModule('search')) {
         $arFields["TAGS"] = implode(", ", tags_prepare($arFields["TAGS"]));
     }
     if ($ID === false && !is_set($arFields, "IBLOCK_ID")) {
         $this->LAST_ERROR .= GetMessage("IBLOCK_BAD_BLOCK_ID") . "<br>";
     }
     if ($ID !== false && is_set($arFields, "XML_ID") && strlen($arFields["XML_ID"]) <= 0) {
         $this->LAST_ERROR .= GetMessage("IBLOCK_BAD_EXTERNAL_CODE") . "<br>";
     }
     //Find out IBLOCK_ID from fields or from element
     $IBLOCK_ID = intval($arFields["IBLOCK_ID"]);
     if ($IBLOCK_ID <= 0) {
         $IBLOCK_ID = 0;
         $res = $DB->Query("SELECT IBLOCK_ID FROM b_iblock_element WHERE ID=" . IntVal($ID));
         if ($ar = $res->Fetch()) {
             $IBLOCK_ID = (int) $ar["IBLOCK_ID"];
         }
     }
     //Read iblock metadata
     static $IBLOCK_CACHE = array();
     if (!isset($IBLOCK_CACHE[$IBLOCK_ID])) {
         if ($IBLOCK_ID > 0) {
             $IBLOCK_CACHE[$IBLOCK_ID] = CIBlock::GetArrayByID($IBLOCK_ID);
         } else {
             $IBLOCK_CACHE[$IBLOCK_ID] = false;
         }
     }
     if ($IBLOCK_CACHE[$IBLOCK_ID]) {
         $arFields["IBLOCK_ID"] = $IBLOCK_ID;
     } else {
         $this->LAST_ERROR .= GetMessage("IBLOCK_BAD_BLOCK_ID") . "<br>";
     }
     if (is_set($arFields, 'IBLOCK_SECTION') && !empty($arFields['IBLOCK_SECTION'])) {
         if (!is_array($arFields['IBLOCK_SECTION'])) {
             $arFields['IBLOCK_SECTION'] = array($arFields['IBLOCK_SECTION']);
         }
         $arFields['IBLOCK_SECTION'] = array_filter($arFields['IBLOCK_SECTION']);
     }
     if ($IBLOCK_CACHE[$IBLOCK_ID]) {
         $ar = $IBLOCK_CACHE[$IBLOCK_ID]["FIELDS"];
         if (is_array($ar)) {
             $WF_PARENT_ELEMENT_ID = isset($arFields["WF_PARENT_ELEMENT_ID"]) ? intval($arFields["WF_PARENT_ELEMENT_ID"]) : 0;
             if (($WF_PARENT_ELEMENT_ID == 0 || $WF_PARENT_ELEMENT_ID == intval($ID)) && array_key_exists("CODE", $arFields) && strlen($arFields["CODE"]) > 0 && is_array($ar["CODE"]["DEFAULT_VALUE"]) && $ar["CODE"]["DEFAULT_VALUE"]["UNIQUE"] == "Y") {
                 $res = $DB->Query("\n\t\t\t\t\t\tSELECT ID\n\t\t\t\t\t\tFROM b_iblock_element\n\t\t\t\t\t\tWHERE IBLOCK_ID = " . $IBLOCK_ID . "\n\t\t\t\t\t\tAND CODE = '" . $DB->ForSQL($arFields["CODE"]) . "'\n\t\t\t\t\t\tAND WF_PARENT_ELEMENT_ID IS NULL\n\t\t\t\t\t\tAND ID <> " . intval($ID));
                 if ($res->Fetch()) {
                     $this->LAST_ERROR .= GetMessage("IBLOCK_DUP_ELEMENT_CODE") . "<br>";
                 }
             }
             $arOldElement = false;
             foreach ($ar as $FIELD_ID => $field) {
                 if (preg_match("/^(SECTION_|LOG_)/", $FIELD_ID)) {
                     continue;
                 }
                 if ($field["IS_REQUIRED"] === "Y") {
                     switch ($FIELD_ID) {
                         case "NAME":
                         case "ACTIVE":
                         case "PREVIEW_TEXT_TYPE":
                         case "DETAIL_TEXT_TYPE":
                         case "SORT":
                             //We should never check for this fields
                             break;
                         case "IBLOCK_SECTION":
                             if ($ID === false || array_key_exists($FIELD_ID, $arFields)) {
                                 $sum = 0;
                                 if (is_array($arFields[$FIELD_ID])) {
                                     foreach ($arFields[$FIELD_ID] as $k => $v) {
                                         if (intval($v) > 0) {
                                             $sum += intval($v);
                                         }
                                     }
                                 } else {
                                     $sum = intval($arFields[$FIELD_ID]);
                                 }
                                 if ($sum <= 0) {
                                     $this->LAST_ERROR .= GetMessage("IBLOCK_BAD_FIELD", array("#FIELD_NAME#" => $field["NAME"])) . "<br>";
                                 }
                             }
                             break;
                         case "PREVIEW_PICTURE":
                         case "DETAIL_PICTURE":
                             if ($ID !== false && !$arOldElement) {
                                 $rs = $DB->Query("SELECT PREVIEW_PICTURE, DETAIL_PICTURE from b_iblock_element WHERE ID = " . intval($ID));
                                 $arOldElement = $rs->Fetch();
                             }
                             if ($arOldElement && $arOldElement[$FIELD_ID] > 0) {
                                 //There was an picture so just check that it is not deleted
                                 if (array_key_exists($FIELD_ID, $arFields) && is_array($arFields[$FIELD_ID]) && $arFields[$FIELD_ID]["del"] === "Y") {
                                     $this->LAST_ERROR .= GetMessage("IBLOCK_BAD_FIELD", array("#FIELD_NAME#" => $field["NAME"])) . "<br>";
                                 }
                             } else {
                                 //There was NO picture so it MUST be present
                                 if (!array_key_exists($FIELD_ID, $arFields)) {
                                     $this->LAST_ERROR .= GetMessage("IBLOCK_BAD_FIELD", array("#FIELD_NAME#" => $field["NAME"])) . "<br>";
                                 } elseif (is_array($arFields[$FIELD_ID])) {
                                     if ($arFields[$FIELD_ID]["del"] === "Y" || array_key_exists("error", $arFields[$FIELD_ID]) && $arFields[$FIELD_ID]["error"] !== 0 || $arFields[$FIELD_ID]["size"] <= 0) {
                                         $this->LAST_ERROR .= GetMessage("IBLOCK_BAD_FIELD", array("#FIELD_NAME#" => $field["NAME"])) . "<br>";
                                     }
                                 } else {
                                     if (intval($arFields[$FIELD_ID]) <= 0) {
                                         $this->LAST_ERROR .= GetMessage("IBLOCK_BAD_FIELD", array("#FIELD_NAME#" => $field["NAME"])) . "<br>";
                                     }
                                 }
                             }
                             break;
                         default:
                             if ($ID === false || array_key_exists($FIELD_ID, $arFields)) {
                                 if (is_array($arFields[$FIELD_ID])) {
                                     $val = implode("", $arFields[$FIELD_ID]);
                                 } else {
                                     $val = $arFields[$FIELD_ID];
                                 }
                                 if (strlen($val) <= 0) {
                                     $this->LAST_ERROR .= GetMessage("IBLOCK_BAD_FIELD", array("#FIELD_NAME#" => $field["NAME"])) . "<br>";
                                 }
                             }
                             break;
                     }
                 }
             }
         }
     }
     if (array_key_exists("PROPERTY_VALUES", $arFields) && is_array($arFields["PROPERTY_VALUES"])) {
         //First "normalize" properties to form:
         //$arFields["PROPERTY_VALUES"][<PROPERTY_ID>][<PROPERTY_VALUE_ID>] => $value
         $arProperties = array();
         foreach ($arFields["PROPERTY_VALUES"] as $key => $property_values) {
             $arProperties[$key] = array();
             if (is_array($property_values)) {
                 if (array_key_exists("VALUE", $property_values)) {
                     $arProperties[$key][] = $property_values["VALUE"];
                 } elseif (array_key_exists("tmp_name", $property_values)) {
                     $arProperties[$key][] = $property_values;
                 } else {
                     foreach ($property_values as $key2 => $property_value) {
                         if (is_array($property_value) && array_key_exists("VALUE", $property_value)) {
                             //each of these may be "complex"
                             $arProperties[$key][] = $property_value["VALUE"];
                         } else {
                             //or simple
                             $arProperties[$key][] = $property_value;
                         }
                     }
                 }
             } else {
                 $arProperties[$key][] = $property_values;
             }
         }
         foreach ($arProperties as $key => $property_values) {
             $arProperty = CIBlockProperty::GetPropertyArray($key, $IBLOCK_ID);
             if ($arProperty["USER_TYPE"] != "") {
                 $arUserType = CIBlockProperty::GetUserType($arProperty["USER_TYPE"]);
             } else {
                 $arUserType = array();
             }
             if (array_key_exists("CheckFields", $arUserType)) {
                 foreach ($property_values as $key2 => $property_value) {
                     $arError = call_user_func_array($arUserType["CheckFields"], array($arProperty, array("VALUE" => $property_value)));
                     if (is_array($arError)) {
                         foreach ($arError as $err_mess) {
                             $this->LAST_ERROR .= $err_mess . "<br>";
                         }
                     }
                 }
             }
             //Files check
             $bError = false;
             if ($arProperty["IS_REQUIRED"] == "Y" && $arProperty['PROPERTY_TYPE'] == 'F') {
                 //New element
                 if ($ID === false) {
                     $bError = true;
                     foreach ($property_values as $key2 => $property_value) {
                         if (is_array($property_value) && array_key_exists("tmp_name", $property_value) && array_key_exists("size", $property_value)) {
                             if ($property_value['size'] > 0) {
                                 $bError = false;
                                 break;
                             }
                         } elseif (intval($property_value) > 0) {
                             //This is history copy of the file
                             $bError = false;
                             break;
                         }
                     }
                 } else {
                     $dbProperty = CIBlockElement::GetProperty($arProperty["IBLOCK_ID"], $ID, "sort", "asc", array("ID" => $arProperty["ORIG_ID"], "EMPTY" => "N"));
                     $bCount = 0;
                     while ($a = $dbProperty->Fetch()) {
                         if ($a["VALUE"] > 0) {
                             $bCount++;
                         }
                     }
                     foreach ($property_values as $key2 => $property_value) {
                         if (is_array($property_value)) {
                             if ($property_value['size'] > 0) {
                                 $bCount++;
                                 break;
                             } elseif ($property_value['del'] == 'Y') {
                                 $bCount--;
                             }
                         } elseif (intval($property_value) > 0) {
                             //This is history copy of the file
                             $bCount++;
                             break;
                         }
                     }
                     $bError = $bCount <= 0;
                 }
             }
             if ($arProperty["IS_REQUIRED"] == "Y" && $arProperty['PROPERTY_TYPE'] != 'F') {
                 $len = 0;
                 foreach ($property_values as $key2 => $property_value) {
                     if (array_key_exists("GetLength", $arUserType)) {
                         $len += call_user_func_array($arUserType["GetLength"], array($arProperty, array("VALUE" => $property_value)));
                     } else {
                         $len += strlen($property_value);
                     }
                     if ($len > 0) {
                         break;
                     }
                 }
                 $bError = $len <= 0;
             }
             if ($bError) {
                 $this->LAST_ERROR .= GetMessage("IBLOCK_BAD_PROPERTY", array("#PROPERTY#" => $arProperty["NAME"])) . "<br>";
             }
             // check file properties for correctness
             if ($arProperty['PROPERTY_TYPE'] == 'F') {
                 $bImageOnly = False;
                 $arImageExtentions = explode(",", strtoupper(CFile::GetImageExtensions()));
                 if (strlen($arProperty["FILE_TYPE"])) {
                     $bImageOnly = True;
                     $arAvailTypes = explode(",", strtoupper($arProperty["FILE_TYPE"]));
                     foreach ($arAvailTypes as $avail_type) {
                         if (!in_array(trim($avail_type), $arImageExtentions)) {
                             $bImageOnly = False;
                             break;
                         }
                     }
                 }
                 foreach ($property_values as $key2 => $property_value) {
                     if (!is_array($property_value) && intval($property_value) > 0 && intval($arFields["WF_PARENT_ELEMENT_ID"]) > 0) {
                         if (CIBlockElement::DeleteFile($property_value, $ID, "PROPERTY", intval($arFields["WF_PARENT_ELEMENT_ID"]), $arFields["IBLOCK_ID"], true) <= 0) {
                             $this->LAST_ERROR .= GetMessage("IBLOCK_ERR_FILE_PROPERTY") . "<br>";
                         }
                     } elseif (is_array($property_value)) {
                         if (is_object($property_value["bucket"])) {
                             //This is trusted image from xml import
                             $error = "";
                         } else {
                             if ($bImageOnly) {
                                 $error = CFile::CheckImageFile($property_value);
                             } else {
                                 $error = CFile::CheckFile($property_value, 0, false, $arProperty["FILE_TYPE"]);
                             }
                         }
                         //For user without edit php permissions
                         //we allow only pictures upload
                         if (!is_object($USER) || !$USER->IsAdmin()) {
                             if (HasScriptExtension($property_value["name"])) {
                                 $error = GetMessage("FILE_BAD_TYPE") . " (" . $property_value["name"] . ").";
                             }
                         }
                         if (strlen($error) > 0) {
                             $this->LAST_ERROR .= $error . "<br>";
                         }
                     }
                 }
             }
         }
     }
     $APPLICATION->ResetException();
     if ($ID === false) {
         $db_events = GetModuleEvents("iblock", "OnBeforeIBlockElementAdd", true);
     } else {
         $arFields["ID"] = $ID;
         $db_events = GetModuleEvents("iblock", "OnBeforeIBlockElementUpdate", true);
     }
     foreach ($db_events as $arEvent) {
         $bEventRes = ExecuteModuleEventEx($arEvent, array(&$arFields));
         if ($bEventRes === false) {
             if ($err = $APPLICATION->GetException()) {
                 $this->LAST_ERROR .= $err->GetString() . "<br>";
             } else {
                 $APPLICATION->ThrowException("Unknown error");
                 $this->LAST_ERROR .= "Unknown error.<br>";
             }
             break;
         }
     }
     /****************************** QUOTA ******************************/
     if ($bCheckDiskQuota && empty($this->LAST_ERROR) && COption::GetOptionInt("main", "disk_space") > 0) {
         $quota = new CDiskQuota();
         if (!$quota->checkDiskQuota($arFields)) {
             $this->LAST_ERROR = $quota->LAST_ERROR;
         }
     }
     /****************************** QUOTA ******************************/
     if (!empty($this->LAST_ERROR)) {
         return false;
     }
     return true;
 }
예제 #6
0
 function CheckFields($arUserField, $value)
 {
     $aMsg = array();
     if ($arUserField["SETTINGS"]["MAX_ALLOWED_SIZE"] > 0 && $value["size"] > $arUserField["SETTINGS"]["MAX_ALLOWED_SIZE"]) {
         $aMsg[] = array("id" => $arUserField["FIELD_NAME"], "text" => GetMessage("USER_TYPE_FILE_MAX_SIZE_ERROR", array("#FIELD_NAME#" => $arUserField["EDIT_FORM_LABEL"], "#MAX_ALLOWED_SIZE#" => $arUserField["SETTINGS"]["MAX_ALLOWED_SIZE"])));
     }
     //Extention check
     if (is_array($arUserField["SETTINGS"]["EXTENSIONS"]) && count($arUserField["SETTINGS"]["EXTENSIONS"])) {
         foreach ($arUserField["SETTINGS"]["EXTENSIONS"] as $ext => $tmp_val) {
             $arUserField["SETTINGS"]["EXTENSIONS"][$ext] = $ext;
         }
         $error = CFile::CheckFile($value, 0, false, implode(",", $arUserField["SETTINGS"]["EXTENSIONS"]));
     } else {
         $error = "";
     }
     if (strlen($error)) {
         $aMsg[] = array("id" => $arUserField["FIELD_NAME"], "text" => $error);
     }
     //For user without edit php permissions
     //we allow only pictures upload
     global $USER;
     if (!is_object($USER) || !$USER->IsAdmin()) {
         if (HasScriptExtension($value["name"])) {
             $aMsg[] = array("id" => $arUserField["FIELD_NAME"], "text" => GetMessage("FILE_BAD_TYPE") . " (" . $value["name"] . ").");
         }
     }
     return $aMsg;
 }
예제 #7
0
 function UploadFile($Params)
 {
     $buffer = 'parent.oWaitWindow.Hide();';
     $F = $Params['file'];
     $io = CBXVirtualIo::GetInstance();
     if (isset($F["tmp_name"]) && strlen($F["tmp_name"]) > 0 && strlen($F["name"]) > 0 || is_uploaded_file($F["tmp_name"])) {
         global $APPLICATION, $USER;
         $strWarning = '';
         $filename = $Params['filename'];
         $path = $Params['path'];
         $site = $Params['site'];
         $upload_and_open = $Params['upload_and_open'];
         $rootPath = CSite::GetSiteDocRoot($site);
         if ($filename == '') {
             $filename = $F["name"];
         }
         $pathto = Rel2Abs($path, $filename);
         if (strlen($filename) > 0 && ($mess = self::CheckFileName($filename)) !== true) {
             $strWarning = $mess;
         }
         if ($strWarning == '') {
             $fn = $io->ExtractNameFromPath($pathto);
             if ($APPLICATION->GetFileAccessPermission(array($site, $pathto)) > "R" && ($USER->IsAdmin() || !HasScriptExtension($fn) && substr($fn, 0, 1) != "." && $io->ValidateFilenameString($fn))) {
                 if (!$io->FileExists($rootPath . $pathto) || $_REQUEST["rewrite"] == "Y") {
                     //************************** Quota **************************//
                     $bQuota = true;
                     if (COption::GetOptionInt("main", "disk_space") > 0) {
                         $bQuota = false;
                         $quota = new CDiskQuota();
                         if ($quota->checkDiskQuota(array("FILE_SIZE" => filesize($F["tmp_name"])))) {
                             $bQuota = true;
                         }
                     }
                     //************************** Quota **************************//
                     if ($bQuota) {
                         $io->Copy($F["tmp_name"], $rootPath . $pathto);
                         $flTmp = $io->GetFile($rootPath . $pathto);
                         $flTmp->MarkWritable();
                         if (COption::GetOptionInt("main", "disk_space") > 0) {
                             CDiskQuota::updateDiskQuota("file", $flTmp->GetFileSize(), "copy");
                         }
                         $buffer = 'setTimeout(function(){parent.oBXDialogControls.Uploader.OnAfterUpload("' . $filename . '", ' . ($upload_and_open == "Y" ? 'true' : 'false') . ');}, 50);';
                     } else {
                         $strWarning = $quota->LAST_ERROR;
                     }
                 } else {
                     $strWarning = GetMessage("FD_LOAD_EXIST_ALERT");
                 }
             } else {
                 $strWarning = GetMessage("FD_LOAD_DENY_ALERT");
             }
         }
     } else {
         $strWarning = GetMessage("FD_LOAD_ERROR_ALERT");
     }
     if ($strWarning != '') {
         $buffer = 'alert("' . addslashes(htmlspecialcharsex($strWarning)) . '");';
     }
     return '<script>' . $buffer . '</script>';
 }
예제 #8
0
 function CopyEx($path_from, $path_to, $bDeleteAfterCopy = false, $bOverride = false)
 {
     global $APPLICATION, $USER;
     CMain::InitPathVars($site_from, $path_from);
     $DOC_ROOT_FROM = CSite::GetSiteDocRoot($site_from);
     CMain::InitPathVars($site_to, $path_to);
     $DOC_ROOT_TO = CSite::GetSiteDocRoot($site_to);
     $strWarning = '';
     //check: if we copy to the same directory
     if (strpos($DOC_ROOT_TO . $path_to . "/", $DOC_ROOT_FROM . $path_from . "/") === 0) {
         return GetMessage("FILEMAN_LIB_BAD_FOLDER") . ": \"" . $path_from . "\".\n";
     }
     $io = CBXVirtualIo::GetInstance();
     if ($io->DirectoryExists($DOC_ROOT_FROM . $path_from)) {
         // Minimal access - read/listing for copying files
         if (!$USER->CanDoFileOperation('fm_view_listing', array($site_from, $path_from))) {
             return GetMessage("FILEMAN_FILEMAN_FOLDER_READ_DENY") . " \"" . $path_from . "\".\n";
         }
         if ($bDeleteAfterCopy && !$USER->CanDoFileOperation('fm_delete_folder', array($site_from, $path_from))) {
             return GetMessage("FILEMAN_FILEMAN_FOLDER_DEL_DENY") . " \"" . $path_from . "\".\n";
         }
         //Check: folder exist or not
         $strWarTmp = CFileMan::CreateDir(array($site_to, $path_to));
         if (strlen($strWarTmp) > 0) {
             return $strWarTmp;
         }
         $APPLICATION->CopyFileAccessPermission(array($site_from, $path_from), array($site_to, $path_to));
     } else {
         // If we can write this file
         if (!$USER->CanDoFileOperation('fm_create_new_file', array($site_to, $path_to))) {
             return GetMessage("FILEMAN_FILEMAN_FILE_WRITE_DENY") . " \"" . $path_to . "\".\n";
         }
         // If we can't read source-file
         if (!$USER->CanDoFileOperation('fm_view_file', array($site_from, $path_from))) {
             return GetMessage("FILEMAN_FILEMAN_FILE_READ_DENY") . " \"" . $path_from . "\".\n";
         }
         // Copying php or system file without PHP or LPA access
         if (!($USER->CanDoOperation('edit_php') || $USER->CanDoFileOperation('fm_lpa', $arPath) || !(HasScriptExtension($Elem["NAME"]) || substr($Elem["NAME"], 0, 1) == "."))) {
             return GetMessage("FILEMAN_FILEMAN_FILE_READ_DENY") . " \"" . $path_from . "\".\n";
         }
         // If we can't move source-file
         if ($bDeleteAfterCopy && !$USER->CanDoFileOperation('fm_delete_file', array($site_from, $path_from))) {
             return GetMessage("FILEMAN_FILEMAN_FILE_DEL_DENY") . " \"" . $path_from . "\".\n";
         }
         //Check if folder already exist and trying to create if not
         $p = strrpos($path_to, "/");
         $path_to_dir = substr($path_to, 0, $p);
         $strWarTmp = CFileMan::CreateDir(array($site_to, $path_to_dir));
         if (strlen($strWarTmp) > 0) {
             return $strWarTmp;
         }
         if ($io->FileExists($DOC_ROOT_TO . $path_to) || $io->DirectoryExists($DOC_ROOT_TO . $path_to)) {
             if ($bOverride) {
                 $strWarn = CFileMan::DeleteEx(array($site_to, $path_to));
                 if ($strWarn != "") {
                     return $strWarn;
                 }
             } else {
                 return GetMessage("FILEMAN_FILEMAN_FILE_WITH_NAME") . " \"" . $path_to . "\" " . GetMessage("FILEMAN_FILEMAN_ALREADY_EXISTS") . "!\n";
             }
         }
         $APPLICATION->CopyFileAccessPermission(array($site_from, $path_from), array($site_to, $path_to));
         //************************** Quota **************************//
         if (COption::GetOptionInt("main", "disk_space") > 0) {
             $f = $io->GetFile($DOC_ROOT_FROM . $path_from);
             $size = $f->GetFileSize();
             $quota = new CDiskQuota();
             if (!$quota->checkDiskQuota(array("FILE_SIZE" => $size))) {
                 return $quota->LAST_ERROR;
             }
         }
         //************************** Quota **************************//
         // Copy file
         if (DEBUG_FILE_MAN) {
             echo "copy(" . $DOC_ROOT_FROM . $path_from . "," . $DOC_ROOT_TO . $path_to . ");<br>";
         }
         if (!$io->Copy($DOC_ROOT_FROM . $path_from, $DOC_ROOT_TO . $path_to)) {
             $strWarning .= GetMessage('FILEMAN_COPY_ERROR', array('#PATH_FROM#' => htmlspecialcharsex($path_from), '#PATH_TO#' => htmlspecialcharsex($path_to)));
         }
         //************************** Quota **************************//
         if (COption::GetOptionInt("main", "disk_space") > 0) {
             $quota->updateDiskQuota("file", $size, "copy");
         }
         //************************** Quota **************************//
         if (CModule::IncludeModule("search")) {
             $site = CSite::GetSiteByFullPath($DOC_ROOT_TO . $path_to);
             CSearch::ReIndexFile(array($site_to, $path_to), $site);
         }
         if ($bDeleteAfterCopy && strlen($strWarning) <= 0) {
             // If was command "delete after copy"?
             $strWarning .= CFileMan::DeleteFile(array($site_from, $path_from));
         }
         return $strWarning;
     }
     // Recursive
     $d = $io->GetDirectory($DOC_ROOT_FROM . $path_from);
     $arChildren = $d->GetChildren();
     foreach ($arChildren as $child) {
         $fn = $child->GetName();
         if ($child->IsDirectory()) {
             //go to recursion
             $strWarning .= CFileMan::CopyEx(array($site_from, $path_from . "/" . $fn), array($site_to, $path_to . "/" . $fn), $bDeleteAfterCopy, $bOverride);
             //back from recursion, in this subfolder all right
             //if($bDeleteAfterCopy) //necessary delete this subfolder
             //	$strWarning .= CFileMan::DeleteDir($path_from."/".$file);
         } else {
             if ($fn == ".access.php") {
                 continue;
             }
             //let's check, if we can to write there
             if (!$USER->CanDoFileOperation('fm_create_new_file', array($site_to, $path_to . "/" . $fn))) {
                 $strWarning .= GetMessage("FILEMAN_FILEMAN_FILE_WRITE_DENY") . " \"" . $path_to . "/" . $fn . "\".\n";
             } elseif (!$USER->CanDoFileOperation('fm_view_file', array($site_from, $path_from . "/" . $fn))) {
                 $strWarning .= GetMessage("FILEMAN_FILEMAN_FILE_READ_DENY") . " \"" . $path_from . "/" . $fn . "\".\n";
             } elseif (!($USER->CanDoOperation('edit_php') || $USER->CanDoFileOperation('fm_lpa', array($site_from, $path_from . "/" . $fn)) || !(HasScriptExtension($fn) || substr($fn, 0, 1) == "."))) {
                 $strWarning .= GetMessage("FILEMAN_FILEMAN_FILE_READ_DENY") . " \"" . $path_from . "/" . $fn . "\".\n";
             } else {
                 if ($io->FileExists($DOC_ROOT_TO . $path_to . "/" . $fn)) {
                     if ($bOverride) {
                         $strWarn = CFileMan::DeleteEx(array($site_to, $path_to . "/" . $fn));
                         if ($strWarn != "") {
                             $strWarning .= $strWarn . "\n";
                         }
                     } else {
                         $strWarning .= GetMessage("FILEMAN_FILEMAN_FILE_WITH_NAME") . " \"" . $path_to . "/" . $fn . "\" " . GetMessage("FILEMAN_FILEMAN_ALREADY_EXISTS") . "!\n";
                     }
                 }
                 if ($strWarning == "") {
                     //it means we can copy, if we found here
                     $APPLICATION->CopyFileAccessPermission(array($site_from, $path_from . "/" . $fn), array($site_to, $path_to . "/" . $fn));
                     if (DEBUG_FILE_MAN) {
                         echo "copy(" . $DOC_ROOT_FROM . $path_from . "/" . $fn . "," . $DOC_ROOT_TO . $path_to . "/" . $fn . ");<br>";
                     }
                     if (!$io->Copy($DOC_ROOT_FROM . $path_from . "/" . $fn, $DOC_ROOT_TO . $path_to . "/" . $fn)) {
                         $strWarning .= GetMessage('FILEMAN_COPY_ERROR', array('#PATH_FROM#' => htmlspecialcharsex($path_from . "/" . $fn), '#PATH_TO#' => htmlspecialcharsex($path_to . "/" . $fn)));
                     }
                     //************************** Quota **************************//
                     if (COption::GetOptionInt("main", "disk_space") > 0) {
                         $f = $io->GetFile($DOC_ROOT_TO . $path_to . "/" . $fn);
                         $quota = new CDiskQuota();
                         $quota->updateDiskQuota("file", $f->GetFileSize(), "copy");
                     }
                     //************************** Quota **************************//
                     if (CModule::IncludeModule("search")) {
                         $site = CSite::GetSiteByFullPath($DOC_ROOT_TO, $path_to . "/" . $fn);
                         CSearch::ReindexFile($path_to . "/" . $fn, $site);
                     }
                     if ($bDeleteAfterCopy && strlen($strWarning) <= 0) {
                         $strWarning .= CFileMan::DeleteFile(array($site_from, $path_from . "/" . $fn));
                     }
                 }
             }
         }
     }
     //we may be need, to delete our initial folder
     if ($bDeleteAfterCopy) {
         $strWarning .= CFileMan::DeleteDir(array($site_from, $path_from));
     }
     return $strWarning;
 }
예제 #9
0
 }
 $strFileName = "";
 if (strlen($strErrorMessage) <= 0) {
     $arOldSmile = false;
     if ($ID > 0) {
         $arOldSmile = CSocNetSmile::GetByID($ID);
     }
     if (is_set($_FILES, "IMAGE1") && strlen($_FILES["IMAGE1"]["name"]) > 0) {
         $res = CFile::CheckImageFile($_FILES["IMAGE1"], 0, 0, 0);
         if (strlen($res) > 0) {
             $strErrorMessage .= $res . "\n";
         } else {
             $io = CBXVirtualIo::GetInstance();
             $strFileName = basename($_FILES["IMAGE1"]["name"]);
             $strFileExt = strrchr($_FILES["IMAGE1"]["name"], ".");
             if (!$io->ValidateFilenameString($strFileName) || HasScriptExtension($strFileName)) {
                 $strErrorMessage .= GetMessage("FSE_ERROR_EXT") . ". \n";
             }
         }
         if (strlen($strErrorMessage) <= 0) {
             $strDirName = $_SERVER["DOCUMENT_ROOT"] . "/bitrix/images/socialnetwork/";
             if ($SMILE_TYPE == "I") {
                 $strDirName .= "icon";
             } else {
                 $strDirName .= "smile";
             }
             $strDirName .= "/";
             CheckDirPath($strDirName);
             if (file_exists($strDirName . $strFileName) && (!$arOldSmile || $arOldSmile["SMILE_TYPE"] != $SMILE_TYPE || $arOldSmile["IMAGE"] != $strFileName)) {
                 $strErrorMessage .= GetMessage("ERROR_EXISTS_IMAGE") . ". \n";
             } else {
예제 #10
0
    $APPLICATION->AuthForm(GetMessage("ACCESS_DENIED"));
}
require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/fileman/include.php";
$site = CFileMan::__CheckSite($site);
$DOC_ROOT = CSite::GetSiteDocRoot($site);
$strWarning = "";
$path = Rel2Abs("/", $path);
$arParsedPath = CFileMan::ParsePath($path);
$arPath = array($site, $path);
if ($type == "flash") {
    $ext = "swf,fla";
} elseif ($type == "image") {
    $ext = "gif,jpg,jpeg,bmp,png";
}
require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_popup_admin.php";
if (!$USER->CanDoFileOperation('fm_download_file', $arPath) || HasScriptExtension($path)) {
    ShowError($arParsedPath["HTML"] . '<br><br><img src="/bitrix/images/fileman/deny.gif" width="28" height="28" border="0" align="left" alt="">' . GetMessage("ACCESS_DENIED"));
} else {
    CFileMan::GetDirList(array($site, $path), $arDirs, $arFiles, array("EXTENSIONS" => $ext, "MIN_PERMISSION" => "R"), array("name" => "asc"));
    ?>
<script>
<!--
function DoEvent(str)
{
	try
	{
		eval("parent."+this.name+"_"+str);
	}
	catch(e){}
}
예제 #11
0
	$DIR_NAME = $_SESSION["BX_CML2_IMPORT"]["TEMP_DIR"];
else
	$DIR_NAME = $_SERVER["DOCUMENT_ROOT"]."/".COption::GetOptionString("main", "upload_dir", "upload")."/1c_catalog/";

if (
	isset($_GET["filename"])
	&& (strlen($_GET["filename"]) > 0)
	&& (strlen($DIR_NAME) > 0)
)
{
	//This check for 1c server on linux
	$filename = preg_replace("#^(/tmp/|upload/1c/webdata)#", "", $_GET["filename"]);
	$filename = trim(str_replace("\\", "/", trim($filename)), "/");

	$io = CBXVirtualIo::GetInstance();
	$bBadFile = HasScriptExtension($filename)
		|| IsFileUnsafe($filename)
		|| !$io->ValidatePathString("/".$filename)
	;

	if (!$bBadFile)
	{
		$FILE_NAME = rel2abs($DIR_NAME, "/".$filename);
		if ((strlen($FILE_NAME) > 1) && ($FILE_NAME === "/".$filename))
		{
			$ABS_FILE_NAME = $DIR_NAME.$FILE_NAME;
			$WORK_DIR_NAME = substr($ABS_FILE_NAME, 0, strrpos($ABS_FILE_NAME, "/")+1);
		}
	}
}
예제 #12
0
     case "OTR":
         $delimiter_r_char = substr($delimiter_other_r, 0, 1);
         break;
     case "TZP":
         $delimiter_r_char = ";";
         break;
 }
 if (strlen($delimiter_r_char) != 1) {
     $strError .= GetMessage("IBLOCK_ADM_EXP_NO_DELIMITER") . "<br>";
 }
 if (strlen($strError) <= 0) {
     $csvFile->SetDelimiter($delimiter_r_char);
 }
 if (strlen($_REQUEST["DATA_FILE_NAME"]) <= 0) {
     $strError .= GetMessage("IBLOCK_ADM_EXP_NO_FILE_NAME") . "<br>";
 } elseif (preg_match('/[^a-zA-Z0-9\\s!#\\$%&\\(\\)\\[\\]\\{\\}+\\.;=@\\^_\\~\\/\\\\\\-]/i', $_REQUEST["DATA_FILE_NAME"]) || preg_match('/^[a-z]+:\\/\\//i', $_REQUEST["DATA_FILE_NAME"]) || HasScriptExtension($_REQUEST["DATA_FILE_NAME"])) {
     $strError .= GetMessage("IBLOCK_ADM_EXP_FILE_NAME_ERROR") . "<br>";
 } else {
     $DATA_FILE_NAME = Rel2Abs("/", $_REQUEST["DATA_FILE_NAME"]);
     if (strtolower(substr($DATA_FILE_NAME, strlen($DATA_FILE_NAME) - 4)) != ".csv") {
         $DATA_FILE_NAME .= ".csv";
     }
 }
 if (strlen($strError) <= 0) {
     $fp = fopen($_SERVER["DOCUMENT_ROOT"] . $DATA_FILE_NAME, "w");
     if (!is_resource($fp)) {
         $strError .= GetMessage("IBLOCK_ADM_EXP_CANNOT_CREATE_FILE") . "<br>";
         $DATA_FILE_NAME = "";
     } else {
         fclose($fp);
     }
예제 #13
0
 /**
  * Checks if current user has access to the file or folder according to Bitrix permissions
  * @static
  * @param string $strFilename full path to the file
  * @param boolean $isFile true if we check file permissions, false if folder permissions should be checked
  * @return boolean
  */
 public static function HasAccess($strFilename, $isFile)
 {
     $result = false;
     $path = removeDocRoot($strFilename);
     global $USER;
     if (!$isFile) {
         if ($USER->CanDoFileOperation("fm_view_listing", array(SITE_ID, $path))) {
             $result = true;
         }
     } else {
         if ($USER->CanDoFileOperation('fm_view_file', array(SITE_ID, $path)) && ($USER->CanDoOperation('edit_php') || $USER->CanDoFileOperation('fm_lpa', array(SITE_ID, $path)) || !(HasScriptExtension($path) || substr(GetFileName($path), 0, 1) == "."))) {
             $result = true;
         }
     }
     return $result;
 }
예제 #14
0
			if(strlen($newfilename)<=0)
			{
				$strWarning .= GetMessage("FILEMAN_RENAME_NEW_NAME")." \"".$file."\"!\n";
			}
			elseif (($mess = CFileMan::CheckFileName($newfilename)) !== true)
			{
				$strWarning = $mess;
			}
			else
			{
				$pathto = Rel2Abs($path, $newfilename);
				if(!$USER->CanDoFileOperation('fm_create_new_file',Array($site, $pathto)))
					$strWarning .= GetMessage("FILEMAN_RENAME_ACCESS_ERROR")."\n";
				elseif(!$USER->CanDoOperation('edit_php') && (substr(CFileman::GetFileName($file), 0, 1) == "." || substr(CFileman::GetFileName($pathto), 0, 1)=="." || (!HasScriptExtension($file) && HasScriptExtension($pathto)))) // if not admin and renaming from non PHP to PHP
					$strWarning .= GetMessage("FILEMAN_RENAME_TOPHPFILE_ERROR")."\n";
				elseif(!$USER->CanDoOperation('edit_php') 	&& HasScriptExtension($file) && !HasScriptExtension($pathto)) // if not admin and renaming from PHP to non PHP
					$strWarning .= GetMessage("FILEMAN_RENAME_FROMPHPFILE_ERROR")."\n";
				else
				{
					$pathparsedtmp = CFileMan::ParsePath(Array($site, $pathto), false, false, "", $logical == "Y");
					$strWarningTmp = CFileMan::CreateDir($pathparsedtmp["PREV"]);

					if(strlen($strWarningTmp)>0)
						$strWarning .= $strWarningTmp;
					else
					{
						if(!$io->FileExists($DOC_ROOT.$path."/".$file))
							$strWarning .= GetMessage("FILEMAN_RENAME_FILE")." \"".$path."/".$file."\" ".GetMessage("FILEMAN_RENAME_NOT_FOUND")."!\n";
						elseif(!$io->Rename($DOC_ROOT.$path."/".$file, $DOC_ROOT.$pathto))
							$strWarning .= GetMessage("FILEMAN_RENAME_ERROR")." \"".$path."/".$file."\" ".GetMessage("FILEMAN_RENAME_IN")." \"".$pathto."\"!\n";
						else
예제 #15
0
 /**
  * Removes snippet
  *
  * @param array - list of params (template, path)
  * @return bool - result
  */
 public static function Remove($params = array())
 {
     global $APPLICATION;
     $res = false;
     $template = CFileMan::SecurePathVar($params['template']);
     $path = CFileMan::SecurePathVar($params["path"]);
     $contPath = $_SERVER["DOCUMENT_ROOT"] . BX_PERSONAL_ROOT . "/templates/" . $template . "/snippets";
     $snippetPath = $contPath . ($path == '' ? '' : '/' . $path);
     $io = CBXVirtualIo::GetInstance();
     if (!$io->ValidatePathString($snippetPath) || IsFileUnsafe($snippetPath) || HasScriptExtension($snippetPath)) {
         return false;
     }
     //Delete snippet file
     if ($io->FileExists($snippetPath)) {
         $res = $io->Delete($snippetPath);
     }
     $SNIPPETS = array();
     if ($io->FileExists($contPath . "/.content.php")) {
         @(include $contPath . "/.content.php");
     }
     $contentSrc = '<?if(!defined("B_PROLOG_INCLUDED") || B_PROLOG_INCLUDED!==true)die();?>' . chr(10);
     $contentSrc .= '<?' . chr(10) . '$SNIPPETS = Array();' . chr(10);
     foreach ($SNIPPETS as $k => $snip) {
         if ($io->FileExists(CFileMan::SecurePathVar($contPath . '/' . $k))) {
             $contentSrc .= '$SNIPPETS[\'' . CUtil::addslashes($k) . '\'] = Array(';
             if (isset($snip['title']) && $snip['title'] !== '') {
                 $contentSrc .= '\'title\' => \'' . Cutil::addslashes($snip['title']) . '\'';
                 if (isset($snip['description']) && $snip['description'] !== '') {
                     $contentSrc .= ', ';
                 }
             }
             if (isset($snip['description']) && $snip['description'] !== '') {
                 $contentSrc .= '\'description\' => \'' . Cutil::addslashes($snip['description']) . '\'';
             }
             $contentSrc .= ');' . chr(10);
         }
     }
     $contentSrc .= '?>';
     $APPLICATION->SaveFileContent($contPath . "/.content.php", $contentSrc);
     CSnippets::ClearCache();
     return $res;
 }
예제 #16
0
 function OnChangeFileComponent($path, $site)
 {
     /** @global CMain $APPLICATION */
     global $APPLICATION;
     // kind of optimization
     if (!HasScriptExtension($path)) {
         return;
     }
     $docRoot = CSite::GetSiteDocRoot($site);
     CUrlRewriter::Delete(array("SITE_ID" => $site, "PATH" => $path, "ID" => "NULL"));
     if (class_exists("\\Bitrix\\Main\\Application", false)) {
         \Bitrix\Main\Component\ParametersTable::deleteByFilter(array("SITE_ID" => $site, "REAL_PATH" => $path));
     }
     $fileSrc = $APPLICATION->GetFileContent($docRoot . $path);
     $arComponents = PHPParser::ParseScript($fileSrc);
     for ($i = 0, $cnt = count($arComponents); $i < $cnt; $i++) {
         if (class_exists("\\Bitrix\\Main\\Application", false)) {
             \Bitrix\Main\Component\ParametersTable::add(array('SITE_ID' => $site, 'COMPONENT_NAME' => $arComponents[$i]["DATA"]["COMPONENT_NAME"], 'TEMPLATE_NAME' => $arComponents[$i]["DATA"]["TEMPLATE_NAME"], 'REAL_PATH' => $path, 'SEF_MODE' => $arComponents[$i]["DATA"]["PARAMS"]["SEF_MODE"] == "Y" ? \Bitrix\Main\Component\ParametersTable::SEF_MODE : \Bitrix\Main\Component\ParametersTable::NOT_SEF_MODE, 'SEF_FOLDER' => $arComponents[$i]["DATA"]["PARAMS"]["SEF_MODE"] == "Y" ? $arComponents[$i]["DATA"]["PARAMS"]["SEF_FOLDER"] : null, 'START_CHAR' => $arComponents[$i]["START"], 'END_CHAR' => $arComponents[$i]["END"], 'PARAMETERS' => serialize($arComponents[$i]["DATA"]["PARAMS"])));
         }
         if (isset($arComponents[$i]["DATA"]["PARAMS"]) && is_array($arComponents[$i]["DATA"]["PARAMS"])) {
             if (array_key_exists("SEF_MODE", $arComponents[$i]["DATA"]["PARAMS"]) && $arComponents[$i]["DATA"]["PARAMS"]["SEF_MODE"] == "Y") {
                 CUrlRewriter::Add(array("SITE_ID" => $site, "CONDITION" => "#^" . $arComponents[$i]["DATA"]["PARAMS"]["SEF_FOLDER"] . "#", "ID" => $arComponents[$i]["DATA"]["COMPONENT_NAME"], "PATH" => $path));
             }
         }
     }
 }
예제 #17
0
IncludeModuleLangFile(__FILE__);
$strWarning = "";
$site = CFileMan::__CheckSite($site);
$DOC_ROOT = CSite::GetSiteDocRoot($site);
$io = CBXVirtualIo::GetInstance();
$path = $GLOBALS["APPLICATION"]->ConvertCharset($path, "UTF-8", LANG_CHARSET);
$arFile = CFile::MakeFileArray($io->GetPhysicalName($path));
$arFile["tmp_name"] = CBXVirtualIoFileSystem::ConvertCharset($arFile["tmp_name"], CBXVirtualIoFileSystem::directionDecode);
$path = $io->CombinePath("/", $path);
$arPath = array($site, $path);
if (!$USER->CanDoFileOperation('fm_download_file', $arPath)) {
    $strWarning = GetMessage("ACCESS_DENIED");
} else {
    if (!$io->FileExists($arFile["tmp_name"])) {
        $strWarning = GetMessage("FILEMAN_FILENOT_FOUND") . " ";
    } elseif (!$USER->CanDoOperation('edit_php') && (HasScriptExtension($path) || substr(CFileman::GetFileName($path), 0, 1) == ".")) {
        $strWarning .= GetMessage("FILEMAN_FILE_DOWNLOAD_PHPERROR") . "\n";
    }
}
if (strlen($strWarning) <= 0) {
    $flTmp = $io->GetFile($arFile["tmp_name"]);
    $fsize = $flTmp->GetFileSize();
    $bufSize = 4194304;
    //4M
    session_write_close();
    set_time_limit(0);
    header("Content-Type: application/force-download; name=\"" . $arFile["name"] . "\"");
    header("Content-Transfer-Encoding: binary");
    header("Content-Length: " . $fsize);
    header("Content-Disposition: attachment; filename=\"" . $arFile["name"] . "\"");
    header("Expires: 0");
예제 #18
0
$arErrors = array();
$arMessages = array();
if ($_SERVER["REQUEST_METHOD"] == "POST" && $_REQUEST["Export"] == "Y") {
    require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_admin_js.php";
    if (array_key_exists("NS", $_POST) && is_array($_POST["NS"])) {
        $NS = $_POST["NS"];
    } else {
        $NS = array("STEP" => 0, "IBLOCK_ID" => $_REQUEST["IBLOCK_ID"], "URL_DATA_FILE" => $_REQUEST["URL_DATA_FILE"], "SECTIONS_FILTER" => $_REQUEST["SECTIONS_FILTER"], "ELEMENTS_FILTER" => $_REQUEST["ELEMENTS_FILTER"], "DOWNLOAD_CLOUD_FILES" => $_REQUEST["DOWNLOAD_CLOUD_FILES"] === "N" ? "N" : "Y", "next_step" => array());
    }
    $NS["catalog"] = CModule::IncludeModule('catalog');
    //We have to strongly check all about file names at server side
    $ABS_FILE_NAME = false;
    $WORK_DIR_NAME = false;
    if (isset($NS["URL_DATA_FILE"]) && strlen($NS["URL_DATA_FILE"]) > 0) {
        $filename = trim(str_replace("\\", "/", trim($NS["URL_DATA_FILE"])), "/");
        if (preg_match('/[^a-zA-Z0-9\\s!#\\$%&\\(\\)\\[\\]\\{\\}+\\.;=@\\^_\\~\\/\\\\\\-]/i', $filename) || HasScriptExtension($filename)) {
            $arErrors[] = GetMessage("IBLOCK_CML2_FILE_NAME_ERROR");
        } else {
            $FILE_NAME = rel2abs($_SERVER["DOCUMENT_ROOT"], "/" . $filename);
            if (strlen($FILE_NAME) > 1 && $FILE_NAME === "/" . $filename) {
                $ABS_FILE_NAME = $_SERVER["DOCUMENT_ROOT"] . $FILE_NAME;
                if (strtolower(substr($ABS_FILE_NAME, -4)) != ".xml") {
                    $ABS_FILE_NAME .= ".xml";
                }
                $WORK_DIR_NAME = substr($ABS_FILE_NAME, 0, strrpos($ABS_FILE_NAME, "/") + 1);
            }
        }
    }
    $fp = false;
    if (!check_bitrix_sessid()) {
        $arErrors[] = GetMessage("IBLOCK_CML2_ACCESS_DENIED");
예제 #19
0
 public function Search($file)
 {
     global $APPLICATION, $USER;
     if ($this->maxResultCount && count($this->Result) >= $this->maxResultCount) {
         return "stop";
     }
     if ($this->bSkip) {
         if ($file == $this->Params['lastPath']) {
             $this->bSkip = false;
         } else {
             return;
         }
         // Files was handled earlier
     }
     $io = CBXVirtualIo::GetInstance();
     $bIsDir = $io->DirectoryExists($file);
     $replFileCount = 0;
     if ($bIsDir && !$this->Params['bDirsToo']) {
         return;
     }
     $entity = $bIsDir ? $io->GetDirectory($file) : $io->GetFile($file);
     $path = CFilemanUtils::TrimPath($file, $this->docRoot);
     $arPath = array($this->Params['site'], $path);
     // Check access
     if (!$USER->CanDoFileOperation('fm_view_file', $arPath)) {
         return;
     }
     $name = CFileman::GetFileName($file);
     // Name of file or dir
     // Check filename
     if ($this->Params['fileName'] != "") {
         if (!$this->Params['bCaseSens']) {
             $name = strtolower($name);
             $this->Params['fileName'] = strtolower($this->Params['fileName']);
         }
         // Simple find in file name
         if (strpos($this->Params['fileName'], "*") === false) {
             if (strpos($name, $this->Params['fileName']) === false) {
                 return;
             }
         } else {
             $pattern = str_replace('.', '\\.', $this->Params['fileName']);
             $pattern = str_replace('/', '', $pattern);
             $pattern = str_replace('*', '.*', $pattern);
             if (!preg_match('/^' . $pattern . '$/i', $io->ExtractNameFromPath($file))) {
                 return;
             }
         }
     }
     if (!$bIsDir) {
         // Check filesize
         $size = $entity->GetFileSize();
         // Filesize limits in Kb
         if ($this->Params['sizeFrom'] > 0 && $size < $this->Params['sizeFrom'] * 1024 || $this->Params['sizeTo'] > 0 && $size > $this->Params['sizeTo'] * 1024) {
             return;
         }
     } else {
         $size = 0;
     }
     // Check filetime
     $time = $entity->GetModificationTime() + CTimeZone::GetOffset();
     if ($this->Params['dateFrom'] && $time < MakeTimeStamp($this->Params['dateFrom'], CLang::GetDateFormat("FULL")) || $this->Params['dateTo'] && $time > MakeTimeStamp($this->Params['dateTo'], CLang::GetDateFormat("FULL"))) {
         return;
     }
     if ($this->Params['phrase'] != "") {
         // File size limits or it's dir or access denied
         if ($size > $this->maxFileOpenSize || $bIsDir || $this->bReplace && !$USER->CanDoFileOperation('fm_edit_existent_file', $arPath)) {
             return;
         }
         $fTmp = $io->GetFile($file);
         $phrase = $this->Params['phrase'];
         $fileContent = str_replace("\r\n", "\n", $fTmp->GetContents());
         $origFileContent = $fileContent;
         $isPHP = CFileman::IsPHP($fileContent) || HasScriptExtension($path) || substr($name, 0, 1) == ".";
         if (!$this->Params['bCaseSens']) {
             $phrase = strtolower($phrase);
             $fileContent = strtolower($fileContent);
         }
         $I_PCRE_MODIFIER = $this->Params['bCaseSens'] ? '' : 'i';
         // TODO: Add check Entire word
         //$this->Params['entire']
         if (strpos($fileContent, $phrase) === false) {
             return;
         }
         if ($this->bReplace) {
             if ($isPHP && !$USER->CanDoOperation('edit_php')) {
                 return;
             }
             // User can't write PHP files
             $pattern = '/' . preg_quote($this->Params['phrase'], '/') . '/' . $I_PCRE_MODIFIER . BX_UTF_PCRE_MODIFIER;
             $res = array();
             preg_match_all($pattern, $origFileContent, $res);
             $origFileContent = preg_replace($pattern, $this->Params['replacePhrase'], $origFileContent);
             $replFileCount = count($res[0]);
             $APPLICATION->SaveFileContent($file, $origFileContent);
         } else {
             if ($isPHP && !($USER->CanDoOperation('edit_php') || $USER->CanDoFileOperation('fm_lpa', $arPath))) {
                 return;
             }
             // User can't read PHP files
             $pattern = '/' . preg_quote($this->Params['phrase'], '/') . '/' . $I_PCRE_MODIFIER . BX_UTF_PCRE_MODIFIER;
             // Only for LPA. All php fragments will be cutted off
             if ($USER->CanDoFileOperation('fm_lpa', $arPath) && !$USER->CanDoOperation('edit_php')) {
                 $origFileContent = CMain::ProcessLPA($origFileContent, '');
             }
             $res = array();
             preg_match_all($pattern, $origFileContent, $res);
             $replFileCount = count($res[0]);
         }
     }
     $this->Result[] = array('path' => $path, 'size' => $size, 'b_dir' => $bIsDir, 'time' => $time, 'str_date' => date(CDatabase::DateFormatToPHP(CLang::GetDateFormat("FULL")), $time), 'str_size' => $bIsDir ? "" : CFile::FormatSize($size), 'type_src' => "/bitrix/images/fileman/types/" . ($bIsDir ? "folder" : CFileMan::GetFileTypeEx($file)) . ".gif", 'repl_count' => $replFileCount);
 }
예제 #20
0
     $is_archive = CBXArchive::IsArchive($fpath);
     if ($is_archive) {
         $arActions[] = array("ICON" => "unpack", "TEXT" => GetMessage("FILEMAN_ADMIN_ARC_UNPACK"), "ACTION" => "window.PackUnpackRun(['" . CUtil::JSEscape($fpath) . "'], false); return false;");
     }
 }
 if ($USER->CanDoFileOperation('fm_rename_' . $type, $arPath)) {
     $arActions[] = array("SEPARATOR" => true);
     $arActions[] = array("ICON" => "rename", "TEXT" => GetMessage("FILEMAN_RENAME_SAVE"), "ACTION" => 'setCheckbox(\'' . addslashes($f_NAME) . '\'); if(' . $lAdmin->table_id . '.IsActionEnabled(\'edit\')){document.forms[\'form_' . $lAdmin->table_id . '\'].elements[\'action_button\'].value=\'edit\'; ' . $lAdmin->ActionPost() . '}else{document.location.href=\'fileman_rename.php?' . $addUrl . '&path=' . urlencode($path) . '&site=' . $site . '&files[]=' . CFileman::GetFileName($arPath[1]) . '\'}');
 }
 // Copy
 if ($USER->CanDoFileOperation('fm_view_file', $arPath) && ($USER->CanDoOperation('edit_php') || $USER->CanDoFileOperation('fm_lpa', $arPath) || !(HasScriptExtension($f_NAME) || substr($Elem["NAME"], 0, 1) == ".")) && $Elem["TYPE"] == "F" || $Elem["TYPE"] == "D" && $USER->CanDoFileOperation('fm_view_listing', $arPath)) {
     $arActions[] = array("ICON" => "copy", "TEXT" => GetMessage("FILEMAN_ADM_COPY"), "ACTION" => "window.CopyMoveRun([{'path' : '" . CUtil::JSEscape($fpath) . "', 'isDir' : '" . $arrIsDir[$fpath] . "'}], true); return false;");
 }
 // Move
 if ($USER->CanDoOperation('fileman_admin_folders') && $USER->CanDoFileOperation('fm_delete_' . $type, $arPath)) {
     if ($USER->CanDoFileOperation('fm_view_file', $arPath) && ($USER->CanDoOperation('edit_php') || $USER->CanDoFileOperation('fm_lpa', $arPath) || !(HasScriptExtension($f_NAME) || substr($Elem["NAME"], 0, 1) == ".")) && $Elem["TYPE"] == "F" || $Elem["TYPE"] == "D" && $USER->CanDoFileOperation('fm_view_listing', $arPath)) {
         $arActions[] = array("ICON" => "move", "TEXT" => GetMessage("FILEMAN_ADM_MOVE"), "ACTION" => "window.CopyMoveRun([{'path' : '" . CUtil::JSEscape($fpath) . "', 'isDir' : '" . $arrIsDir[$fpath] . "'}], false); return false;");
     }
     $arActions[] = array("ICON" => "delete", "TEXT" => GetMessage("FILEMAN_ADMIN_DELETE"), "ACTION" => "if(confirm('" . GetMessage('FILEMAN_ALERT_DELETE') . "')) " . $lAdmin->ActionDoGroup(urlencode($f_NAME), "delete", $addUrl . "&site=" . urlencode($site) . "&path=" . urlencode($path) . "&show_perms_for=" . IntVal($show_perms_for)));
 }
 if ($USER->CanDoFileOperation('fm_edit_permission', $arPath)) {
     $arActions[] = array("SEPARATOR" => true);
     $arActions[] = array("ICON" => "access", "TEXT" => GetMessage("FILEMAN_ADMIN_ACCESS_PERMS_B"), "ACTION" => "setCheckbox('" . Cutil::JSEscape($f_NAME) . "'); setAccess('" . Cutil::JSEscape($site) . "', '" . Cutil::JSEscape(urlencode($path)) . "');");
     if (!CFileMan::IsWindows()) {
         // $arActions[] = Array(
         // "ICON" => "access",
         // "TEXT" => GetMessage("FILEMAN_ADMIN_ACCESS_PERMS"),
         // "TITLE" => GetMessage("FM_UTIL_SERVER_PERM_TITLE"),
         // "ACTION" => "setCheckbox('".Cutil::JSEscape($f_NAME)."'); setAccess('".Cutil::JSEscape($site)."', '".Cutil::JSEscape($path)."', true);"
         // );
     }
예제 #21
0
파일: tar_gz.php 프로젝트: ASDAFF/open_bx
 private function _extractList($p_path, &$p_list_detail, $p_mode, $p_file_list, $p_remove_path)
 {
     $v_result = true;
     $v_nb = 0;
     $v_extract_all = true;
     $v_listing = false;
     $p_path = str_replace("\\", "/", $p_path);
     $p_path = $this->io->GetPhysicalName($p_path);
     if ($p_path == '' || substr($p_path, 0, 1) != '/' && substr($p_path, 0, 3) != "../" && !strpos($p_path, ':')) {
         $p_path = "./" . $p_path;
     }
     $p_remove_path = str_replace("\\", "/", $p_remove_path);
     if ($p_remove_path != '' && substr($p_remove_path, -1) != '/') {
         $p_remove_path .= '/';
     }
     $p_remove_path_size = strlen($p_remove_path);
     switch ($p_mode) {
         case "complete":
             $v_extract_all = TRUE;
             $v_listing = FALSE;
             break;
         case "partial":
             $v_extract_all = FALSE;
             $v_listing = FALSE;
             break;
         case "list":
             $v_extract_all = FALSE;
             $v_listing = TRUE;
             break;
         default:
             $this->_arErrors[] = array("ERR_PARAM", str_replace("#EXTRACT_MODE#", $p_mode, GetMessage("MAIN_ARCHIVE_ERR_PARAM")));
             return false;
     }
     clearstatcache();
     while (self::$bMbstring ? mb_strlen($v_binary_data = $this->_readBlock(), "latin1") : strlen($v_binary_data = $this->_readBlock()) != 0) {
         $v_extract_file = FALSE;
         $v_extraction_stopped = 0;
         if (!$this->_readHeader($v_binary_data, $v_header)) {
             return false;
         }
         if ($v_header['filename'] == '') {
             continue;
         }
         // ----- Look for long filename
         if ($v_header['typeflag'] == 'L') {
             if (!$this->_readLongHeader($v_header)) {
                 return false;
             }
         }
         if (!$v_extract_all && is_array($p_file_list)) {
             // ----- By default no unzip if the file is not found
             $v_extract_file = false;
             $l = count($p_file_list);
             for ($i = 0; $i < $l; $i++) {
                 // ----- Look if it is a directory
                 if (substr($p_file_list[$i], -1) == '/') {
                     // ----- Look if the directory is in the filename path
                     if (strlen($v_header['filename']) > strlen($p_file_list[$i]) && substr($v_header['filename'], 0, strlen($p_file_list[$i])) == $p_file_list[$i]) {
                         $v_extract_file = TRUE;
                         break;
                     }
                 } elseif ($p_file_list[$i] == $v_header['filename']) {
                     // ----- It is a file, so compare the file names
                     $v_extract_file = TRUE;
                     break;
                 }
             }
         } else {
             $v_extract_file = TRUE;
         }
         // ----- Look if this file need to be extracted
         if ($v_extract_file && !$v_listing) {
             if ($p_remove_path != '' && substr($v_header['filename'], 0, $p_remove_path_size) == $p_remove_path) {
                 $v_header['filename'] = substr($v_header['filename'], $p_remove_path_size);
             }
             if ($p_path != './' && $p_path != '/') {
                 while (substr($p_path, -1) == '/') {
                     $p_path = substr($p_path, 0, strlen($p_path) - 1);
                 }
                 if (substr($v_header['filename'], 0, 1) == '/') {
                     $v_header['filename'] = $p_path . $v_header['filename'];
                 } else {
                     $v_header['filename'] = $p_path . '/' . $v_header['filename'];
                 }
             }
             if (file_exists($v_header['filename'])) {
                 if (@is_dir($v_header['filename']) && $v_header['typeflag'] == '') {
                     $this->_arErrors[] = array("DIR_EXISTS", str_replace("#FILE_NAME#", removeDocRoot($this->io->GetLogicalName($v_header['filename'])), GetMessage("MAIN_ARCHIVE_DIR_EXISTS")));
                     return false;
                 }
                 if (is_file($v_header['filename']) && $v_header['typeflag'] == "5") {
                     $this->_arErrors[] = array("FILE_EXISTS", str_replace("#FILE_NAME#", removeDocRoot($this->io->GetLogicalName($v_header['filename'])), GetMessage("MAIN_ARCHIVE_FILE_EXISTS")));
                     return false;
                 }
                 if (!is_writeable($v_header['filename'])) {
                     $this->_arErrors[] = array("FILE_PERMS", str_replace("#FILE_NAME#", removeDocRoot($this->io->GetLogicalName($v_header['filename'])), GetMessage("MAIN_ARCHIVE_FILE_PERMS")));
                     return false;
                 }
             } elseif (($v_result = $this->_dirCheck($v_header['typeflag'] == "5" ? $v_header['filename'] : dirname($v_header['filename']))) != 1) {
                 $this->_arErrors[] = array("NO_DIR", str_replace("#FILE_NAME#", removeDocRoot($this->io->GetLogicalName($v_header['filename'])), GetMessage("MAIN_ARCHIVE_NO_DIR")));
                 return false;
             }
             if ($v_extract_file) {
                 $logicalFilename = $this->io->GetLogicalName($v_header['filename']);
                 if ((HasScriptExtension($v_header['filename']) || IsFileUnsafe($v_header['filename']) || !$this->io->ValidatePathString($logicalFilename) || !$this->io->ValidateFilenameString(GetFileName($logicalFilename))) && $this->CheckBXPermissions == true) {
                     $this->_jumpBlock(ceil($v_header['size'] / 512));
                 } elseif (file_exists($v_header['filename']) && $this->ReplaceExistentFiles || !file_exists($v_header['filename'])) {
                     if ($v_header['typeflag'] == "5") {
                         if (!@file_exists($v_header['filename'])) {
                             if (!@mkdir($v_header['filename'], FX_DIR_PERMISSIONS)) {
                                 $this->_arErrors[] = array("ERR_CREATE_DIR", str_replace("#DIR_NAME#", removeDocRoot($this->io->GetLogicalName($v_header['filename'])), GetMessage("MAIN_ARCHIVE_ERR_CREATE_DIR")));
                                 return false;
                             }
                         }
                     } else {
                         if (($v_dest_file = @fopen($v_header['filename'], "wb")) == 0) {
                             $this->_arErrors[] = array("ERR_CREATE_FILE", str_replace("#FILE_NAME#", removeDocRoot($this->io->GetLogicalName($v_header['filename'])), GetMessage("MAIN_ARCHIVE_ERR_CREATE_FILE")));
                             return false;
                         } else {
                             $n = floor($v_header['size'] / 512);
                             for ($i = 0; $i < $n; $i++) {
                                 $v_content = $this->_readBlock();
                                 fwrite($v_dest_file, $v_content, 512);
                             }
                             if ($v_header['size'] % 512 != 0) {
                                 $v_content = $this->_readBlock();
                                 fwrite($v_dest_file, $v_content, $v_header['size'] % 512);
                             }
                             @fclose($v_dest_file);
                             @chmod($v_header['filename'], FX_FILE_PERMISSIONS);
                             @touch($v_header['filename'], $v_header['mtime']);
                         }
                         clearstatcache();
                         if (filesize($v_header['filename']) != $v_header['size']) {
                             $this->_arErrors[] = array("ERR_SIZE_CHECK", str_replace(array("#FILE_NAME#", "#SIZE#", "#EXP_SIZE#"), array(removeDocRoot($v_header['size']), filesize($v_header['filename']), $v_header['size']), GetMessage("MAIN_ARCHIVE_ERR_SIZE_CHECK")));
                             return false;
                         }
                     }
                 } else {
                     $this->_jumpBlock(ceil($v_header['size'] / 512));
                 }
             } else {
                 $this->_jumpBlock(ceil($v_header['size'] / 512));
             }
         } else {
             $this->_jumpBlock(ceil($v_header['size'] / 512));
         }
         if ($v_listing || $v_extract_file || $v_extraction_stopped) {
             if (($v_file_dir = dirname($v_header['filename'])) == $v_header['filename']) {
                 $v_file_dir = '';
             }
             if (substr($v_header['filename'], 0, 1) == '/' && $v_file_dir == '') {
                 $v_file_dir = '/';
             }
             $p_list_detail[$v_nb++] = $v_header;
         }
     }
     return true;
 }
예제 #22
0
 public static function IsBaseFilenameSafe($filename)
 {
     $isUnSafe = IsFileUnsafe($filename) || HasScriptExtension($filename) || !(preg_match("#^[^\\\\/:*?\"\\'~%<>|]+\$#is", $filename) > 0);
     return !$isUnSafe;
 }
예제 #23
0
 if (!$ismenu) {
     $aDDMenuEdit[] = array("TEXT" => GetMessage("FILEMAN_FILEEDIT_AS_TXT"), "ACTION" => "window.location='fileman_file_edit.php?" . $addUrl . "&amp;site=" . Urlencode($site) . "&amp;path=" . UrlEncode($path) . ($new == 'y' ? "&amp;new=Y" : "") . (strlen($back_url) > 0 ? "&amp;back_url=" . urlencode($back_url) : "") . (strlen($template) > 0 ? "&amp;template=" . urlencode($template) : "") . (strlen($template) > 0 ? "&amp;template=" . urlencode($template) : "") . (strlen($templateID) > 0 ? "&amp;templateID=" . urlencode($templateID) : "") . "';");
 }
 if ($USER->CanDoOperation('edit_php')) {
     $aDDMenuEdit[] = array("TEXT" => GetMessage("FILEMAN_FILEEDIT_AS_PHP"), "ACTION" => "window.location='fileman_file_edit.php?" . $addUrl . "&amp;site=" . Urlencode($site) . "&amp;path=" . UrlEncode($path) . "&amp;full_src=Y" . ($new == 'y' ? "&amp;new=Y" : "") . (strlen($back_url) > 0 ? "&amp;back_url=" . urlencode($back_url) : "") . (strlen($template) > 0 ? "&amp;template=" . urlencode($template) : "") . (strlen($template) > 0 ? "&amp;template=" . urlencode($template) : "") . (strlen($templateID) > 0 ? "&amp;templateID=" . urlencode($templateID) : "") . "';");
 }
 if ($ismenu) {
     $aDDMenuEdit[] = array("TEXT" => GetMessage("FILEMAN_FILEEDIT_AS_MENU"), "ACTION" => "window.location='fileman_menu_edit.php?" . $addUrl . "&amp;site=" . Urlencode($site) . "&amp;path=" . UrlEncode($arParsedPath["PREV"]) . "&amp;name=" . UrlEncode($regs[1]) . ($new == 'y' ? "&amp;new=Y" : "") . (strlen($back_url) > 0 ? "&amp;back_url=" . urlencode($back_url) : "") . "';");
 }
 $aDDMenuEdit[] = array("TEXT" => GetMessage("FILEMAN_FILEEDIT_AS_HTML"), "ACTION" => "return;", "ICON" => "checked");
 $aMenu[] = array("TEXT" => GetMessage("FILEMAN_FILE_EDIT"), "TITLE" => GetMessage("FILEMAN_FILE_EDIT"), "MENU" => $aDDMenuEdit);
 if ($bEdit) {
     if ($USER->CanDoFileOperation('fm_rename_file', $arPath)) {
         $aMenu[] = array("TEXT" => GetMessage("FILEMAN_FILEEDIT_RENAME"), "LINK" => "fileman_rename.php?" . $addUrl . "&amp;site=" . Urlencode($site) . "&amp;path=" . UrlEncode($arParsedPath["PREV"]) . "&amp;files[]=" . UrlEncode($arParsedPath["LAST"]));
     }
     if ($USER->CanDoFileOperation('fm_download_file', $arPath) && !(HasScriptExtension($path) || substr(CFileman::GetFileName($path), 0, 1) == ".") || $USER->CanDoOperation('edit_php')) {
         $aMenu[] = array("TEXT" => GetMessage("FILEMAN_FILEEDIT_DOWNLOAD"), "LINK" => "fileman_file_download.php?" . $addUrl . "&amp;site=" . Urlencode($site) . "&amp;path=" . UrlEncode($path));
     }
     if ($USER->CanDoFileOperation('fm_delete_file', $arPath)) {
         $folder_path = substr($path, 0, strrpos($path, "/"));
         $id = GetFileName($path);
         $aMenu[] = array("TEXT" => GetMessage("FILEMAN_FILE_DELETE"), "LINK" => "javascript:if(confirm('" . GetMessage("FILEMAN_FILE_DELETE_CONFIRM") . "')) window.location='/bitrix/admin/fileman_admin.php?ID=" . urlencode($id) . "&action=delete&" . $addUrl . "&site=" . urlencode($site) . "&path=" . urlencode($folder_path) . "&" . bitrix_sessid_get() . "';", "TITLE" => GetMessage("FILEMAN_FILE_DELETE"));
     }
 }
 $context = new CAdminContextMenu($aMenu);
 $context->Show();
 global $__fd_path;
 $__fd_path = $bEdit ? $arParsedPath["PREV"] : $path;
 $arContextTemplates = array();
 $arTemplates = CFileman::GetFileTemplates(LANGUAGE_ID, array($site_template));
 $cntTempl = count($arTemplates);
예제 #24
0
			"ELEMENTS_FILTER" => $_REQUEST["ELEMENTS_FILTER"],
			"DOWNLOAD_CLOUD_FILES" => $_REQUEST["DOWNLOAD_CLOUD_FILES"] === "N"? "N": "Y",
			"next_step" => array(),
		);

	$NS["catalog"] = CModule::IncludeModule('catalog');

	//We have to strongly check all about file names at server side
	$ABS_FILE_NAME = false;
	$WORK_DIR_NAME = false;
	if(isset($NS["URL_DATA_FILE"]) && (strlen($NS["URL_DATA_FILE"])>0))
	{
		$filename = trim(str_replace("\\", "/", trim($NS["URL_DATA_FILE"])), "/");
		if (
			preg_match('/[^a-zA-Z0-9\s!#\$%&\(\)\[\]\{\}+\.;=@\^_\~\/\\\\\-]/i', $filename)
			|| HasScriptExtension($filename)
		)
		{
			$arErrors[] = GetMessage("IBLOCK_CML2_FILE_NAME_ERROR");
		}
		else
		{
			$FILE_NAME = rel2abs($_SERVER["DOCUMENT_ROOT"], "/".$filename);
			if((strlen($FILE_NAME) > 1) && ($FILE_NAME === "/".$filename))
			{
				$ABS_FILE_NAME = $_SERVER["DOCUMENT_ROOT"].$FILE_NAME;
				if (strtolower(substr($ABS_FILE_NAME, -4)) != ".xml")
					$ABS_FILE_NAME .= ".xml";
				$WORK_DIR_NAME = substr($ABS_FILE_NAME, 0, strrpos($ABS_FILE_NAME, "/")+1);
			}
		}
예제 #25
0
 public static function UnZip($file_name, $last_zip_entry = "", $start_time = 0, $interval = 0)
 {
     global $APPLICATION;
     $io = CBXVirtualIo::GetInstance();
     //Function and securioty checks
     if (!function_exists("zip_open")) {
         return false;
     }
     $dir_name = substr($file_name, 0, strrpos($file_name, "/") + 1);
     if (strlen($dir_name) <= strlen($_SERVER["DOCUMENT_ROOT"])) {
         return false;
     }
     $hZip = zip_open($file_name);
     if (!$hZip) {
         return false;
     }
     //Skip from last step
     if ($last_zip_entry) {
         while ($entry = zip_read($hZip)) {
             if (zip_entry_name($entry) == $last_zip_entry) {
                 break;
             }
         }
     }
     $io = CBXVirtualIo::GetInstance();
     //Continue unzip
     while ($entry = zip_read($hZip)) {
         $entry_name = zip_entry_name($entry);
         //Check for directory
         zip_entry_open($hZip, $entry);
         if (zip_entry_filesize($entry)) {
             $file_name = trim(str_replace("\\", "/", trim($entry_name)), "/");
             $file_name = $APPLICATION->ConvertCharset($file_name, "cp866", LANG_CHARSET);
             $file_name = preg_replace("#^import_files/tmp/webdata/\\d+/\\d+/import_files/#", "import_files/", $file_name);
             $bBadFile = HasScriptExtension($file_name) || IsFileUnsafe($file_name) || !$io->ValidatePathString("/" . $file_name);
             if (!$bBadFile) {
                 $file_name = $io->GetPhysicalName($dir_name . rel2abs("/", $file_name));
                 CheckDirPath($file_name);
                 $fout = fopen($file_name, "wb");
                 if (!$fout) {
                     return false;
                 }
                 while ($data = zip_entry_read($entry, 102400)) {
                     $data_len = function_exists('mb_strlen') ? mb_strlen($data, 'latin1') : strlen($data);
                     $result = fwrite($fout, $data);
                     if ($result !== $data_len) {
                         return false;
                     }
                 }
             }
         }
         zip_entry_close($entry);
         //Jump to next step
         if ($interval > 0 && time() - $start_time > $interval) {
             zip_close($hZip);
             return $entry_name;
         }
     }
     zip_close($hZip);
     return true;
 }
예제 #26
0
		}

		if (strlen($delimiter_r_char) != 1)
			$strError .= GetMessage("IBLOCK_ADM_EXP_NO_DELIMITER")."<br>";

		if (strlen($strError) <= 0)
			$csvFile->SetDelimiter($delimiter_r_char);

		if (strlen($_REQUEST["DATA_FILE_NAME"]) <= 0)
		{
			$strError .= GetMessage("IBLOCK_ADM_EXP_NO_FILE_NAME")."<br>";
		}
		elseif (
			preg_match('/[^a-zA-Z0-9\s!#\$%&\(\)\[\]\{\}+\.;=@\^_\~\/\\\\\-]/i', $_REQUEST["DATA_FILE_NAME"])
			|| preg_match('/^[a-z]+:\\/\\//i', $_REQUEST["DATA_FILE_NAME"])
			|| HasScriptExtension($_REQUEST["DATA_FILE_NAME"])
		)
		{
			$strError .= GetMessage("IBLOCK_ADM_EXP_FILE_NAME_ERROR")."<br>";
		}
		else
		{
			$DATA_FILE_NAME = Rel2Abs("/", $_REQUEST["DATA_FILE_NAME"]);
			if (strtolower(substr($DATA_FILE_NAME, strlen($DATA_FILE_NAME)-4)) != ".csv")
				$DATA_FILE_NAME .= ".csv";
		}

		if (strlen($strError) <= 0)
		{
			$fp = fopen($_SERVER["DOCUMENT_ROOT"].$DATA_FILE_NAME, "w");
			if(!is_resource($fp))
예제 #27
0
         }
         $_SESSION["BX_CML2_EXPORT"]["zip"] = $arParams["USE_ZIP"] && function_exists("zip_open");
         echo "zip=" . ($_SESSION["BX_CML2_EXPORT"]["zip"] ? "yes" : "no") . "\n";
         echo "file_limit=0\n";
     }
 } elseif ($_GET["mode"] == "file") {
     $DIR_NAME = "/" . COption::GetOptionString("main", "upload_dir", "upload") . "/1c_exchange/";
     $ABS_FILE_NAME = false;
     $WORK_DIR_NAME = false;
     if (isset($_GET["filename"]) && strlen($_GET["filename"]) > 0) {
         //This check for 1c server on linux
         $filename = preg_replace("#^(/tmp/|upload/1c/webdata)#", "", $_GET["filename"]);
         //Filter file name crap all alone
         $filename = preg_replace("/[^a-zA-Z0-9_.\\/\\\\]/", "", $filename);
         $io = CBXVirtualIo::GetInstance();
         $bBadFile = HasScriptExtension($filename) || IsFileUnsafe($filename) || !$io->ValidatePathString("/" . $filename);
         if (!$bBadFile) {
             $filename = trim(str_replace("\\", "/", trim($filename)), "/");
             $FILE_NAME = rel2abs($_SERVER["DOCUMENT_ROOT"] . $DIR_NAME, "/" . $filename);
             if (strlen($FILE_NAME) > 1 && $FILE_NAME === "/" . $filename) {
                 $ABS_FILE_NAME = $_SERVER["DOCUMENT_ROOT"] . $DIR_NAME . $FILE_NAME;
                 $WORK_DIR_NAME = substr($ABS_FILE_NAME, 0, strrpos($ABS_FILE_NAME, "/") + 1);
             }
         }
     }
     if ($ABS_FILE_NAME) {
         if (function_exists("file_get_contents")) {
             $DATA = file_get_contents("php://input");
         } elseif (isset($GLOBALS["HTTP_RAW_POST_DATA"])) {
             $DATA =& $GLOBALS["HTTP_RAW_POST_DATA"];
         } else {
예제 #28
0
 if ($REQUEST_METHOD == "POST" && strlen($save) > 0 && check_bitrix_sessid()) {
     $pathTmp = $path;
     foreach ($arFiles as $ind => $file) {
         $newfilename = $filename[$ind];
         if (strlen($newfilename) <= 0) {
             $strWarning .= GetMessage("FILEMAN_RENAME_NEW_NAME") . " \"" . $file . "\"!\n";
         } elseif (($mess = CFileMan::CheckFileName($newfilename)) !== true) {
             $strWarning = $mess;
         } else {
             $pathto = Rel2Abs($path, $newfilename);
             if (!$USER->CanDoFileOperation('fm_create_new_file', array($site, $pathto))) {
                 $strWarning .= GetMessage("FILEMAN_RENAME_ACCESS_ERROR") . "\n";
             } elseif (!$USER->CanDoOperation('edit_php') && (substr(CFileman::GetFileName($file), 0, 1) == "." || substr(CFileman::GetFileName($pathto), 0, 1) == "." || !HasScriptExtension($file) && HasScriptExtension($pathto))) {
                 // if not admin and renaming from non PHP to PHP
                 $strWarning .= GetMessage("FILEMAN_RENAME_TOPHPFILE_ERROR") . "\n";
             } elseif (!$USER->CanDoOperation('edit_php') && HasScriptExtension($file) && !HasScriptExtension($pathto)) {
                 // if not admin and renaming from PHP to non PHP
                 $strWarning .= GetMessage("FILEMAN_RENAME_FROMPHPFILE_ERROR") . "\n";
             } else {
                 $pathparsedtmp = CFileMan::ParsePath(array($site, $pathto), false, false, "", $logical == "Y");
                 $strWarningTmp = CFileMan::CreateDir($pathparsedtmp["PREV"]);
                 if (strlen($strWarningTmp) > 0) {
                     $strWarning .= $strWarningTmp;
                 } else {
                     if (!$io->FileExists($DOC_ROOT . $path . "/" . $file)) {
                         $strWarning .= GetMessage("FILEMAN_RENAME_FILE") . " \"" . $path . "/" . $file . "\" " . GetMessage("FILEMAN_RENAME_NOT_FOUND") . "!\n";
                     } elseif (!$io->Rename($DOC_ROOT . $path . "/" . $file, $DOC_ROOT . $pathto)) {
                         $strWarning .= GetMessage("FILEMAN_RENAME_ERROR") . " \"" . $path . "/" . $file . "\" " . GetMessage("FILEMAN_RENAME_IN") . " \"" . $pathto . "\"!\n";
                     } else {
                         $APPLICATION->CopyFileAccessPermission(array($site, $path . "/" . $file), array($site, $pathto));
                         $APPLICATION->RemoveFileAccessPermission(array($site, $path . "/" . $file));
예제 #29
0
 if (!isset($SETUP_FILE_NAME) || strlen($SETUP_FILE_NAME) <= 0) {
     $arSetupErrors[] = GetMessage("CATI_NO_SAVE_FILE");
 }
 if (empty($arSetupErrors)) {
     $SETUP_FILE_NAME = str_replace('//', '/', $strCatalogDefaultFolder . Rel2Abs("/", $SETUP_FILE_NAME));
     if (preg_match(BX_CATALOG_FILENAME_REG, $SETUP_FILE_NAME)) {
         $arSetupErrors[] = GetMessage("CES_ERROR_BAD_EXPORT_FILENAME");
     } elseif ($strCatalogDefaultFolder == $SETUP_FILE_NAME) {
         $arSetupErrors[] = GetMessage("CATI_NO_SAVE_FILE");
     }
 }
 if (empty($arSetupErrors)) {
     if (strtolower(substr($SETUP_FILE_NAME, strlen($SETUP_FILE_NAME) - 4)) != ".csv") {
         $SETUP_FILE_NAME .= ".csv";
     }
     if (HasScriptExtension($SETUP_FILE_NAME)) {
         $arSetupErrors[] = GetMessage("CES_ERROR_BAD_EXPORT_FILENAME_EXTENTIONS");
     }
 }
 if (empty($arSetupErrors)) {
     if ($APPLICATION->GetFileAccessPermission($SETUP_FILE_NAME) < "W") {
         $arSetupErrors[] = str_replace("#FILE#", $SETUP_FILE_NAME, GetMessage('CATI_NO_RIGHTS_FILE'));
     } else {
         CheckDirPath($_SERVER["DOCUMENT_ROOT"] . $SETUP_FILE_NAME);
         if (!($fp = fopen($_SERVER["DOCUMENT_ROOT"] . $SETUP_FILE_NAME, "wb"))) {
             $arSetupErrors[] = GetMessage("CATI_CANNOT_CREATE_FILE");
         } else {
             fclose($fp);
             unlink($_SERVER["DOCUMENT_ROOT"] . $SETUP_FILE_NAME);
         }
     }
예제 #30
0
 $arFile["name"] = CFileman::GetFileName($arFile["name"]);
 $filename = ${"filename_" . $i};
 if (strlen($filename) <= 0) {
     $filename = $arFile["name"];
 }
 $pathto = Rel2Abs($path, $filename);
 if (!$USER->CanDoFileOperation('fm_upload_file', array($site, $pathto))) {
     $strWarning .= GetMessage("FILEMAN_FILEUPLOAD_ACCESS_DENIED") . " \"" . $pathto . "\"\n";
 } elseif ($arFile["error"] == 1 || $arFile["error"] == 2) {
     $strWarning .= GetMessage("FILEMAN_FILEUPLOAD_SIZE_ERROR", array('#FILE_NAME#' => $pathto)) . "\n";
 } elseif (($mess = CFileMan::CheckFileName(str_replace('/', '', $pathto))) !== true) {
     $strWarning .= $mess . ".\n";
 } else {
     if ($io->FileExists($DOC_ROOT . $pathto)) {
         $strWarning .= GetMessage("FILEMAN_FILEUPLOAD_FILE_EXISTS1") . " \"" . $pathto . "\" " . GetMessage("FILEMAN_FILEUPLOAD_FILE_EXISTS2") . ".\n";
     } elseif (!$USER->IsAdmin() && (HasScriptExtension($pathto) || substr(CFileman::GetFileName($pathto), 0, 1) == ".")) {
         $strWarning .= GetMessage("FILEMAN_FILEUPLOAD_PHPERROR") . " \"" . $pathto . "\".\n";
     } else {
         $bQuota = true;
         if (COption::GetOptionInt("main", "disk_space") > 0) {
             $f = $io->GetFile($arFile["tmp_name"]);
             $bQuota = false;
             $size = $f->GetFileSize();
             $quota = new CDiskQuota();
             if ($quota->checkDiskQuota(array("FILE_SIZE" => $size))) {
                 $bQuota = true;
             }
         }
         if ($bQuota) {
             if (!$io->Copy($arFile["tmp_name"], $DOC_ROOT . $pathto)) {
                 $strWarning .= GetMessage("FILEMAN_FILEUPLOAD_FILE_CREATE_ERROR") . " \"" . $pathto . "\"\n";