<?php // *************************************** Subpage: ADD FILE // ----- METHOD ADD FILE if ($media_method == 'add_file') { if (rex_post('save', 'boolean') || rex_post('saveandexit', 'boolean')) { if ($_FILES['file_new']['name'] != '' && $_FILES['file_new']['name'] != 'none') { if (!rex_mediapool_isAllowedMediaType($_FILES['file_new']['name'], rex_post('args', 'array'))) { $warning = $I18N->msg('pool_file_mediatype_not_allowed') . ' <var>.' . OOMedia::_getExtension($_FILES['file_new']['name'] . '</var>'); $whitelist = rex_mediapool_getMediaTypeWhitelist(rex_post('args', 'array')); $warning .= count($whitelist) > 0 ? '<br />' . $I18N->msg('pool_file_allowed_mediatypes') . ' <var>' . rtrim(implode('</var> <var>', $whitelist), ', ') . '</var>' : '<br />' . $I18N->msg('pool_file_banned_mediatypes') . ' <var>' . rtrim(implode('</var> <var>', rex_mediapool_getMediaTypeBlacklist()), ', ') . '</var>'; } else { $FILEINFOS['title'] = rex_request('ftitle', 'string'); if (!$PERMALL && !$REX['USER']->hasPerm("media[{$rex_file_category}]")) { $rex_file_category = 0; } // function in function.rex_mediapool.inc.php $return = rex_mediapool_saveMedia($_FILES['file_new'], $rex_file_category, $FILEINFOS, $REX['USER']->getValue('login')); if ($return['ok']) { $info = $return['msg']; $subpage = ''; } // ----- EXTENSION POINT if ($return['ok'] == 1) { rex_register_extension_point('MEDIA_ADDED', '', $return); } if (rex_post('saveandexit', 'boolean') && $return['ok'] == 1) { $file_name = $return['filename']; $ffiletype = $return['type']; $title = $return['title']; if ($opener_input_field == 'TINYIMG') {
/** * check if mediatpye(extension) is allowed for upload. * * @param string $filename * @param array $args * * @return bool */ function rex_mediapool_isAllowedMediaType($filename, array $args = []) { $file_ext = rex_file::extension($filename); if ($filename === '' || strpos($file_ext, ' ') !== false || $file_ext === '') { return false; } $blacklist = rex_mediapool_getMediaTypeBlacklist(); $whitelist = rex_mediapool_getMediaTypeWhitelist($args); if (in_array($file_ext, $blacklist)) { return false; } if (count($whitelist) > 0 && !in_array($file_ext, $whitelist)) { return false; } return true; }