function Page_Main() { global $conn; $GLOBALS["Page"] =& $this; //***$conn = ew_Connect(); // Get fn / table name parameters $key = EW_RANDOM_KEY . session_id(); $fn = @$_GET["fn"] != "" ? ew_StripSlashes($_GET["fn"]) : ""; if ($fn != "" && EW_ENCRYPT_FILE_PATH) { $fn = ew_Decrypt($fn, $key); } $table = @$_GET["t"] != "" ? ew_StripSlashes($_GET["t"]) : ""; if ($table != "" && EW_ENCRYPT_FILE_PATH) { $table = ew_Decrypt($table, $key); } // Global Page Loading event (in userfn*.php) //***Page_Loading(); // Get resize parameters $resize = @$_GET["resize"] != ""; $width = @$_GET["width"] != "" ? $_GET["width"] : 0; $height = @$_GET["height"] != "" ? $_GET["height"] : 0; if (@$_GET["width"] == "" && @$_GET["height"] == "") { $width = EW_THUMBNAIL_DEFAULT_WIDTH; $height = EW_THUMBNAIL_DEFAULT_HEIGHT; } // Resize image from physical file if ($fn != "") { $fn = str_replace("", "", $fn); $fn = ew_IncludeTrailingDelimiter(ew_AppRoot(), TRUE) . $fn; if (file_exists($fn) || @fopen($fn, "rb") !== FALSE) { // Allow remote file if (ob_get_length()) { ob_end_clean(); } $pathinfo = pathinfo($fn); $ext = strtolower(@$pathinfo["extension"]); $ct = ew_ContentType("", $fn); if ($ct != "") { header("Content-type: " . $ct); } if (in_array($ext, explode(",", EW_IMAGE_ALLOWED_FILE_EXT))) { $size = @getimagesize($fn); if ($size) { header("Content-type: {$size['mime']}"); } if ($width > 0 || $height > 0) { echo ew_ResizeFileToBinary($fn, $width, $height); } else { echo file_get_contents($fn); } } elseif (in_array($ext, explode(",", EW_DOWNLOAD_ALLOWED_FILE_EXT))) { echo file_get_contents($fn); } } } // Global Page Unloaded event (in userfn*.php) //***Page_Unloaded(); // Close connection //***ew_CloseConn(); }
include_once "ewcfg11.php"; include_once "adodb5/adodb.inc.php"; include_once "phpfn11.php"; // Get resize parameters $resize = @$_GET["resize"] != ""; $width = @$_GET["width"] != "" ? $_GET["width"] : 0; $height = @$_GET["height"] != "" ? $_GET["height"] : 0; if (@$_GET["width"] == "" && @$_GET["height"] == "") { $width = EW_THUMBNAIL_DEFAULT_WIDTH; $height = EW_THUMBNAIL_DEFAULT_HEIGHT; } $quality = @$_GET["quality"] != "" ? $_GET["quality"] : EW_THUMBNAIL_DEFAULT_QUALITY; // Resize image from physical file if (@$_GET["fn"] != "") { $fn = ew_StripSlashes($_GET["fn"]); $fn = str_replace("", "", $fn); $fn = ew_IncludeTrailingDelimiter(ew_AppRoot(), TRUE) . $fn; if (file_exists($fn) || fopen($fn, "rb") !== FALSE) { // Allow remote file $pathinfo = pathinfo($fn); $ext = strtolower(@$pathinfo["extension"]); if (in_array($ext, explode(",", EW_IMAGE_ALLOWED_FILE_EXT))) { $size = @getimagesize($fn); if ($size) { header("Content-type: {$size['mime']}"); } echo ew_ResizeFileToBinary($fn, $width, $height, $quality); } } exit; }
function ew_UploadPathEx($PhyPath, $DestPath) { if ($PhyPath) { $Path = ew_PathCombine(ew_AppRoot(), str_replace("/", EW_PATH_DELIMITER, $DestPath), TRUE); } else { $Path = ew_ScriptName(); $Path = substr($Path, 0, strrpos($Path, "/")); $Path = ew_PathCombine($Path, EW_ROOT_RELATIVE_PATH, FALSE); $Path = ew_PathCombine(ew_IncludeTrailingDelimiter($Path, FALSE), $DestPath, FALSE); } return ew_IncludeTrailingDelimiter($Path, $PhyPath); }
function ew_UploadPathEx($PhyPath, $DestPath) { global $EW_ROOT_RELATIVE_PATH; if ($PhyPath) { $Path = ew_PathCombine(ew_AppRoot(), str_replace("/", EW_PATH_DELIMITER, $DestPath), TRUE); } else { $Path = ew_PathCombine($EW_ROOT_RELATIVE_PATH, $DestPath, FALSE); } return ew_IncludeTrailingDelimiter($Path, $PhyPath); }
function ew_UploadPathEx($PhyPath, $DestPath) { if ($PhyPath) { $Path = ew_AppRoot(); $Path .= str_replace("/", EW_PATH_DELIMITER, $DestPath); } else { $Path = EW_ROOT_RELATIVE_PATH; $Path = str_replace("\\\\", "/", $Path); $Path = str_replace("\\", "/", $Path); $Path = ew_IncludeTrailingDelimiter($Path, FALSE) . $DestPath; } return ew_IncludeTrailingDelimiter($Path, $PhyPath); }
function ew_PathCombine($BasePath, $RelPath, $PhyPath) { if (preg_match('/^(http|ftp)s?\\:\\/\\//i', $RelPath)) { // Allow remote file return $RelPath; } $Delimiter = $PhyPath ? EW_PATH_DELIMITER : '/'; if ($BasePath != $Delimiter) { // If BasePath = root, do not remove delimiter $BasePath = ew_RemoveTrailingDelimiter($BasePath, $PhyPath); } $RelPath = $PhyPath ? str_replace(array('/', '\\'), EW_PATH_DELIMITER, $RelPath) : str_replace('\\', '/', $RelPath); $RelPath = ew_IncludeTrailingDelimiter($RelPath, $PhyPath); $p1 = strpos($RelPath, $Delimiter); $Path2 = ""; while ($p1 !== FALSE) { $Path = substr($RelPath, 0, $p1 + 1); if ($Path == $Delimiter || $Path == '.' . $Delimiter) { // Skip } elseif ($Path == '..' . $Delimiter) { $p2 = strrpos($BasePath, $Delimiter); if ($p2 === 0) { // BasePath = "/xxx", cannot move up $BasePath = $Delimiter; } elseif ($p2 !== FALSE && substr($BasePath, -2) != "..") { $BasePath = substr($BasePath, 0, $p2); } elseif ($BasePath != "" && $BasePath != "." && $BasePath != "..") { $BasePath = ""; } else { $Path2 .= ".." . $Delimiter; } } else { $Path2 .= $Path; } $RelPath = substr($RelPath, $p1 + 1); if ($RelPath === FALSE) { $RelPath = ""; } $p1 = strpos($RelPath, $Delimiter); } return ($BasePath === "" || $BasePath === "." ? "" : ew_IncludeTrailingDelimiter($BasePath, $PhyPath)) . $Path2 . $RelPath; }
function Page_Main() { global $conn, $uploadid, $uploadtable; $GLOBALS["Page"] =& $this; $Language = new cLanguage(); //**$conn = ew_Connect(); // Global Page Loading event (in userfn*.php) //**Page_Loading(); // Set up upload parameters $uploadid = @$_GET["id"] != "" ? $_GET["id"] : (@$_POST["id"] != "" ? $_POST["id"] : ""); $uploadtable = @$_GET["table"] != "" ? $_GET["table"] : (@$_POST["table"] != "" ? $_POST["table"] : ""); $exts = @$_POST["exts"] != "" ? $_POST["exts"] : ""; $filetypes = $exts == "" ? '/.+$/i' : '/\\.(' . str_replace(",", "|", $exts) . ')$/i'; $maxsize = @$_POST["maxsize"] != "" ? intval($_POST["maxsize"]) : NULL; $maxfilecount = @$_POST["maxfilecount"] != "" && @$_POST["maxfilecount"] != "0" ? intval($_POST["maxfilecount"]) : NULL; $url = ew_FullUrl() . "?rnd=" . ew_Random() . ($uploadid != "" ? "&id=" . $uploadid : "") . ($uploadtable != "" ? "&table=" . $uploadtable : ""); // Add id/table for display and delete $options = array("param_name" => $uploadid, "delete_type" => "POST", "user_dirs" => TRUE, "download_via_php" => TRUE, "script_url" => $url, "upload_dir" => EW_UPLOAD_TEMP_PATH ? ew_IncludeTrailingDelimiter(EW_UPLOAD_TEMP_PATH, TRUE) : ew_UploadPathEx(TRUE, EW_UPLOAD_DEST_PATH), "upload_url" => ew_UploadPathEx(FALSE, EW_UPLOAD_DEST_PATH), "max_file_size" => $maxsize, "max_number_of_files" => $maxfilecount, "accept_file_types" => $filetypes, "image_versions" => array(EW_UPLOAD_THUMBNAIL_FOLDER => array("max_width" => EW_UPLOAD_THUMBNAIL_WIDTH, "max_height" => EW_UPLOAD_THUMBNAIL_HEIGHT, "jpeg_quality" => EW_THUMBNAIL_DEFAULT_QUALITY, "png_quality" => 9))); $error_messages = array(1 => $Language->Phrase("UploadErrMsg1"), 2 => $Language->Phrase("UploadErrMsg2"), 3 => $Language->Phrase("UploadErrMsg3"), 4 => $Language->Phrase("UploadErrMsg4"), 6 => $Language->Phrase("UploadErrMsg6"), 7 => $Language->Phrase("UploadErrMsg7"), 8 => $Language->Phrase("UploadErrMsg8"), 'post_max_size' => $Language->Phrase("UploadErrMsgPostMaxSize"), 'max_file_size' => $Language->Phrase("UploadErrMsgMaxFileSize"), 'min_file_size' => $Language->Phrase("UploadErrMsgMinFileSize"), 'accept_file_types' => $Language->Phrase("UploadErrMsgAcceptFileTypes"), 'max_number_of_files' => $Language->Phrase("UploadErrMsgMaxNumberOfFiles"), 'max_width' => $Language->Phrase("UploadErrMsgMaxWidth"), 'min_width' => $Language->Phrase("UploadErrMsgMinWidth"), 'max_height' => $Language->Phrase("UploadErrMsgMaxHeight"), 'min_height' => $Language->Phrase("UploadErrMsgMinHeight")); ob_end_clean(); $upload_handler = new cUploadHandler($options, TRUE, $error_messages); // Global Page Unloaded event (in userfn*.php) //**Page_Unloaded(); // Close connection //**ew_CloseConn(); }