} if (defined('MAINTENANCE_MODE_ON') && MAINTENANCE_MODE_ON) { final_response(503, "This site is currently undergoing maintenance. " . "Uploads cannot be accepted at this time."); } // When Flash is running as an NPAPI plugin under Windows, it does not send // the correct cookies with HTTP requests, but instead sends whatever cookies // are associated with its IE plugin version. SWFUpload instances are made to // pass the session ID explicitly to work around this. $reason_session =& get_reason_session(); if (!empty($_REQUEST['reason_sid'])) { $reason_session->start($_REQUEST['reason_sid']); } else { $reason_session->start(); } $upload_sid = @$_REQUEST['upload_sid']; $session = _get_async_upload_session($upload_sid); if (!$session) { if (empty($_REQUEST['upload_sid'])) { final_response(400, "Upload session (upload_sid) not provided."); } else { final_response(400, "No upload session with ID " . $upload_sid); } } // Permission check. if (!can_upload($session)) { final_response(403, "Permission denied."); } function can_upload($session) { if ($session['authenticator']) { $auth = $session['authenticator'];
/** * Gets information about a specific file, whether it was uploaded in the POST * body of the current request or in the asynchronous upload session identified * by the given ID. * * If no such file was received, if an empty file was received, or if there was * an error in receiving or storing the file or if it was rejected by PHP, * <code>null</code> will be returned. * * If an asynchronous upload session ID is given, but no session with that ID * actually exists, a notice is triggered. * * @param string $name the form field name under which the file was submitted * @param string $async_session_id the ID for the asynchronous upload session * @param boolean $clear if true, and the uploaded file is found in the * asynchronous session, the file's record will be removed from the * session * @return UploadedFile information about the uploaded file, or * <code>null</code> if no such file was uploaded or if there was an * error in uploading it */ function reason_get_uploaded_file($name, $async_session_id = null, $clear = false) { if ($async_session_id) { $async_session = _get_async_upload_session($async_session_id); if ($async_session) { if (isset($async_session['files'][$name])) { $records = $async_session['files'][$name]; if (is_array($records) && count($records) > 0) { $keys = array_keys($records); $key = $keys[count($keys) - 1]; $async_file = $records[$key]; $file = _uploaded_file_from_async($async_file); if (!$file || $clear) { unset($async_session['files'][$name][$key]); $session =& get_reason_session(); $id = $async_session_id; $session->set(_async_upload_session_key($id), $async_session); } if ($file) { return $file; } } } } else { trigger_warning("tried to get the file {$name} from asynchronous " . 'upload session ' . var_export($async_session_id, true) . ', but ' . 'no such session exists'); } } return isset($_FILES[$name]) ? _uploaded_file_from_php($_FILES[$name]) : null; }