function _saveUpload_promoteTempFile($uploadInfo, $uploadDir, $skipUploadSecurityCheck)
{
// move and rename upload (from system /tmp/ folder to our /uploads/ folder)
list($saveAsFilename, $saveAsFilepath) = _saveUpload_getSaveAsFilenameAndPath($uploadInfo['name'], $uploadDir);
// get save-as filename
if ($skipUploadSecurityCheck) {
rename_winsafe($uploadInfo['tmp_name'], $saveAsFilepath) || die("Error moving uploaded file! {$php_errormsg}");
} else {
move_uploaded_file($uploadInfo['tmp_name'], $saveAsFilepath) || die("Error moving uploaded file! {$php_errormsg}");
}
// Set permissions (make upload readable and writable)
// Note: Sometimes when upload are create in /tmp/ by PHP they don't the correct read and write permissions
$permissions = fileperms($saveAsFilepath);
$isReadable = ($permissions | 0444) == $permissions;
// has read bits for User, Group, and World
$isWritable = ($permissions | 0222) == $permissions;
// has write bits for User, Group, and World
if (!$isReadable) {
chmod($saveAsFilepath, 0666) || die("Error changing permissions on '" . htmlspecialchars($saveAsFilepath) . "'! {$php_errormsg}");
}
return array($saveAsFilename, $saveAsFilepath);
}
function renameOrRemoveDefaultFiles()
{
$dirs = array();
$dirs[] = DATA_DIR;
$dirs[] = DATA_DIR . '/schema';
$dirs[] = DATA_DIR . '/schemaPresets';
foreach ($dirs as $dir) {
foreach (scandir($dir) as $filename) {
$filepath = "{$dir}/{$filename}";
if (!is_file($filepath)) {
continue;
}
if (!preg_match('/\\.default$/', $filename)) {
continue;
}
// rename default file if no target file exists
$defaultFile = $filepath;
$targetFile = preg_replace('/\\.default$/', '', $defaultFile);
if (!is_file($targetFile)) {
@rename_winsafe($defaultFile, $targetFile) || die("Error renaming '{$defaultFile}'!<br/>Make sure this file and it's parent directory are writable!");
} else {
@unlink($defaultFile) || die("Error deleting '{$defaultFile}'!<br/> Make sure this file and it's parent directory are writable! PHP Error: {$php_errormsg}");
}
}
}
}
function saveTableDetails()
{
global $TABLE_PREFIX, $schema, $APP, $tableName, $tableNameWithPrefix;
$oldSchemaFilepath = DATA_DIR . '/schema/' . getTableNameWithoutPrefix($_REQUEST['tableName']) . ".ini.php";
$newSchemaFilepath = DATA_DIR . '/schema/' . getTableNameWithoutPrefix($_REQUEST['newTableName']) . ".ini.php";
//
security_dieUnlessPostForm();
security_dieUnlessInternalReferer();
security_dieOnInvalidCsrfToken();
//
disableInDemoMode('', 'database/listTables.php');
// error checking
$errors = '';
if ($_REQUEST['newTableName'] == '') {
$errors .= "You must specify a tablename!<br/>\n";
}
if (preg_match("/dragSortOrder/", @$_REQUEST['listPageFields']) || preg_match("/dragSortOrder/", $_REQUEST['listPageOrder'])) {
if (!preg_match("/^dragSortOrder/", @$_REQUEST['listPageFields'])) {
$errors .= "If used, dragSortOrder must be the first field in 'ListPage Fields'!<br/>\n";
}
if (!preg_match("/^dragSortOrder/", $_REQUEST['listPageOrder'])) {
$errors .= "If used, dragSortOrder must be the first field in 'Order By'!<br/>\n";
}
}
if (@$_REQUEST['tableName'] && !$schema) {
$errors .= "Error updating schema file. Please wait a few seconds and try again.<br/>\n";
}
if (!is_writable(DATA_DIR . '/schema/')) {
$errors .= "Schema dir '/data/schema/' isn't writable. Please update permissions.<br/>\n";
} elseif (!is_writable($oldSchemaFilepath)) {
$errors .= "Schema file '/data/schema/" . basename($oldSchemaFilepath) . "' isn't writable. Please update permissions.<br/>\n";
}
// v2.53 - require urls to start with scheme:// or / (to ensure links are valid when moving between sites)
$fieldNamesToLabels = array();
$fieldNamesToLabels['_listPage'] = 'List Page Url';
$fieldNamesToLabels['_detailPage'] = 'Detail Page Url';
$fieldNamesToLabels['_previewPage'] = 'Preview Page Url';
foreach ($fieldNamesToLabels as $name => $label) {
$startsWithHttpOrSlash = preg_match("|^(\\w+:/)?/|", @$_REQUEST[$name]);
if (@$_REQUEST[$name] && !$startsWithHttpOrSlash) {
$errors .= t("{$label} must start with /") . "<br/>\n";
}
}
//
if ($errors) {
alert($errors);
return;
}
// force add table prefix (if not specified)
$_REQUEST['newTableName'] = getTableNameWithPrefix($_REQUEST['newTableName']);
### rename table
if ($_REQUEST['tableName'] != $_REQUEST['newTableName']) {
$error = getTablenameErrors($_REQUEST['newTableName']);
if ($error) {
alert($error);
return;
}
// rename mysql table
$result = mysql_query("RENAME TABLE `" . mysql_escape($_REQUEST['tableName']) . "`\n TO `" . mysql_escape($_REQUEST['newTableName']) . "`") or die("Error renaming MySQL table:\n\n" . htmlencode(mysql_error()) . "\n");
// rename schema file
rename_winsafe($oldSchemaFilepath, $newSchemaFilepath) or die("Error renaming schema file!");
// update uploads table with new table name
$where = array('tableName' => getTableNameWithoutPrefix($_REQUEST['tableName']));
// old tableName
$colsToValues = array('tableName' => getTableNameWithoutPrefix($_REQUEST['newTableName']));
// new tableName
$result = mysql_update('uploads', null, $where, $colsToValues);
// update tableName form field
$_REQUEST['tableName'] = $_REQUEST['newTableName'];
// update globals with new tablename
$tableName = $_REQUEST['tableName'];
// sic
$tableNameWithPrefix = $_REQUEST['tableName'];
}
### update schema fields
$schema['menuName'] = $_REQUEST['menuName'];
$schema['_indent'] = @$_REQUEST['_indent'];
$schema['menuType'] = $_REQUEST['menuType'];
$schema['menuOrder'] = $_REQUEST['menuOrder'];
if ($_REQUEST['menuType'] != 'link') {
$schema['menuHidden'] = $_REQUEST['menuHidden'];
$schema['listPageFields'] = @$_REQUEST['listPageFields'];
$schema['listPageOrder'] = $_REQUEST['listPageOrder'];
$schema['listPageSearchFields'] = $_REQUEST['listPageSearchFields'];
$schema['_perPageDefault'] = @$_REQUEST['_perPageDefault'];
$schema['_maxRecords'] = $_REQUEST['_maxRecords'];
$schema['_maxRecordsPerUser'] = $_REQUEST['_maxRecordsPerUser'];
$schema['_disableAdd'] = $_REQUEST['_disableAdd'];
$schema['_disableView'] = $_REQUEST['_disableView'];
$schema['_disableModify'] = $_REQUEST['_disableModify'];
$schema['_disableErase'] = $_REQUEST['_disableErase'];
$schema['_disablePreview'] = $_REQUEST['_disablePreview'];
$schema['_filenameFields'] = @$_REQUEST['_filenameFields'];
$schema['_listPage'] = @$_REQUEST['_listPage'];
$schema['_detailPage'] = $_REQUEST['_detailPage'];
$schema['_previewPage'] = $_REQUEST['_previewPage'];
$schema['_hideRecordsFromDisabledAccounts'] = $_REQUEST['_hideRecordsFromDisabledAccounts'];
$schema['_requiredPlugins'] = @$_REQUEST['_requiredPlugins'];
}
if ($_REQUEST['menuType'] == 'link') {
$schema['_url'] = $_REQUEST['_url'];
$schema['_linkTarget'] = @$_REQUEST['_linkTarget'];
$schema['_linkMessage'] = @$_REQUEST['_linkMessage'];
$schema['_iframeHeight'] = @$_REQUEST['_iframeHeight'];
unset($schema['_targetBlank']);
// unset old schema value (if it exists)
}
if ($_REQUEST['menuType'] == 'category') {
$schema['_maxDepth'] = $_REQUEST['_maxDepth'];
}
saveSchema($_REQUEST['tableName'], $schema);
//
notice("Table details for '" . htmlencode($schema['menuName']) . "' have been saved.");
}