function checkTempImage($path)
{
if (!verify_uploaded_image($path)) {
$GLOBALS['log']->fatal("A user ({$GLOBALS['current_user']->id}) attempted to use an invalid file for the logo - {$path}");
sugar_die('Invalid File Type');
}
return $path;
}
private function checkUploadImage()
{
$error = "";
$files = array('sugarpdf_pdf_header_logo' => $_FILES['new_header_logo'], 'sugarpdf_pdf_small_header_logo' => $_FILES['new_small_header_logo']);
foreach ($files as $k => $v) {
if (empty($error) && isset($v) && !empty($v['name'])) {
$file_name = K_PATH_CUSTOM_IMAGES . 'pdf_logo_' . basename($v['name']);
if (file_exists($file_name)) {
rmdir_recursive($file_name);
}
if (!empty($v['error'])) {
$error = 'ERR_ALERT_FILE_UPLOAD';
}
if (!mkdir_recursive(K_PATH_CUSTOM_IMAGES)) {
$error = 'ERR_ALERT_FILE_UPLOAD';
}
if (empty($error)) {
if (!move_uploaded_file($v['tmp_name'], $file_name)) {
die("Possible file upload attack!\n");
}
if (file_exists($file_name) && is_file($file_name)) {
if (!empty($_REQUEST['sugarpdf_pdf_class']) && $_REQUEST['sugarpdf_pdf_class'] == "EZPDF") {
if (!verify_uploaded_image($file_name, true)) {
$error = 'LBL_ALERT_TYPE_IMAGE_EZPDF';
}
} else {
if (!verify_uploaded_image($file_name)) {
$error = 'LBL_ALERT_TYPE_IMAGE';
}
}
if (!empty($error)) {
rmdir_recursive($file_name);
} else {
$_POST[$k] = 'pdf_logo_' . basename($v['name']);
}
} else {
$error = 'ERR_ALERT_FILE_UPLOAD';
}
}
}
}
return $error;
}
sugar_cleanup();
exit;
}
if (!move_uploaded_file($_FILES['file_1']['tmp_name'], $file_name)) {
rmdir_recursive($uploadTmpDir);
die("Possible file upload attack!\n");
}
} else {
$returnArray['data'] = 'not_recognize';
echo $json->encode($returnArray);
sugar_cleanup();
exit;
}
if (file_exists($file_name) && is_file($file_name)) {
$returnArray['path'] = $file_name;
if (!verify_uploaded_image($file_name, $returnArray['forQuotes'] == 'quotes')) {
$returnArray['data'] = 'other';
$returnArray['path'] = '';
} else {
$img_size = getimagesize($file_name);
$filetype = $img_size['mime'];
$test = $img_size[0] / $img_size[1];
if (($test > 10 || $test < 1) && $returnArray['forQuotes'] == 'company') {
$rmdir = false;
$returnArray['data'] = 'size';
}
if (($test > 20 || $test < 3) && $returnArray['forQuotes'] == 'quotes') {
$returnArray['data'] = 'size';
}
}
if (!empty($returnArray['data'])) {
mkdir_recursive($cachedir);
}
// cn: bug 11012 - fixed some MIME types not getting picked up. Also changed array iterator.
$imgType = array('image/gif', 'image/png', 'image/x-png', 'image/bmp', 'image/jpeg', 'image/jpg', 'image/pjpeg');
$ret = array();
foreach ($_FILES as $k => $file) {
if (in_array(strtolower($_FILES[$k]['type']), $imgType) && $_FILES[$k]['size'] > 0) {
$upload_file = new UploadFile($k);
// check the file
if ($upload_file->confirm_upload()) {
$dest = $cachedir . basename($upload_file->get_stored_file_name());
// target name
$guid = create_guid();
if ($upload_file->final_move($guid)) {
// move to uploads
$path = $upload_file->get_upload_path($guid);
// if file is OK, copy to cache
if (verify_uploaded_image($path) && copy($path, $dest)) {
$ret[] = $dest;
}
// remove temp file
unlink($path);
}
}
}
}
if (!empty($ret)) {
$json = getJSONobj();
echo $json->encode($ret);
//return the parameters
}
function checkTempImage($path)
{
if (!verify_uploaded_image($path)) {
$error = translate('LBL_ALERT_TYPE_IMAGE');
Log::fatal("A user ({$GLOBALS['current_user']->id}) attempted to use an invalid file for the logo - {$path}");
$this->error = $error;
return false;
}
return $path;
}
* SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "Powered by
* SugarCRM" logo. If the display of the logo is not reasonably feasible for
* technical reasons, the Appropriate Legal Notices must display the words
* "Powered by SugarCRM".
********************************************************************************/
if (isset($_GET['DynamicAction']) && $_GET['DynamicAction'] == "saveImage") {
$filename = pathinfo($_POST['filename'], PATHINFO_BASENAME);
$ext = pathinfo($filename, PATHINFO_EXTENSION);
if (!in_array(strtolower($ext), array('jpg', 'png', 'jpeg'))) {
return false;
}
$image = str_replace(" ", "+", $_POST["imageStr"]);
$data = substr($image, strpos($image, ","));
if (sugar_mkdir(sugar_cached("images"), 0777, true)) {
$filepath = sugar_cached("images/{$filename}");
file_put_contents($filepath, base64_decode($data));
if (!verify_uploaded_image($filepath)) {
unlink($filepath);
return false;
}
} else {
return false;
}
}
$json = getJSONobj();
$not_a_file = 0;
$divAndEl = explode(",", $_REQUEST['div_name_and_El']);
$div_name = $divAndEl[0];
$element_name = $divAndEl[1];
$ret = array();
$currGuid = create_guid();
$is_file_image = 0;
$upload = new UploadFile($element_name);
if (!$upload->confirm_upload()) {
$not_a_file = 1;
} else {
$currGuid .= preg_replace('/[^-a-z0-9_]/i', '_', $_FILES[$element_name]['name']);
$file_name = "upload://{$currGuid}";
if (!$upload->final_move($file_name)) {
$not_a_file = 1;
} else {
$is_file_image = verify_uploaded_image($file_name);
}
}
if ($not_a_file == 1) {
$response = array('status' => 'failed', 'div_name' => $div_name, 'error_message' => $upload->getErrorMessage());
} else {
$response = array('status' => 'success', 'div_name' => $div_name, 'new_file_name' => $currGuid, 'is_file_image' => $is_file_image);
}
if (!empty($response)) {
$json = getJSONobj();
print $json->encode($response);
}
sugar_cleanup();
exit;
