/** * Truncate the filename if it is longer than the maxlen * Do this by deleting necessary at the end of the base filename (before the extensions) * * @param string $raw_filename the input filename * @param int $maxlen the maximum allowed length (0 means no limit) * * @return the truncated filename */ public static function truncate_filename($raw_filename, $maxlen) { return parent::truncate_filename($raw_filename, $maxlen); }
function upload_file(&$row, $article_id, $update = false, $attachment_id = false) { global $mainframe; // Get the component parameters jimport('joomla.application.component.helper'); $params = JComponentHelper::getParams('com_attachments'); // Get the auto-publish setting $auto_publish = $params->get('publish_default', false); // Make sure the attachments directory exists $upload_subdir = $params->get('attachments_subdir', 'attachments'); if ($upload_subdir == '') { $upload_subdir = 'attachments'; } $upload_dir = JPATH_SITE . DS . $upload_subdir; $secure = $params->get('secure', false); if (!AttachmentsHelper::setup_upload_directory($upload_dir, $secure)) { $errmsg = JText::_('ERROR UNABLE TO SETUP UPLOAD DIR'); JError::raiseError(500, "<p>" . $errmsg . " ({$upload_dir})</p>"); } // If we are updating, note the name of the old filename $old_filename = null; $old_filename_sys = null; if ($update) { $old_filename = $row->filename; $old_filename_sys = $row->filename_sys; } // Get the new filename $filename = $_FILES['upload']['name']; $ftype = $_FILES['upload']['type']; // Make sure a file was successfully uploaded if ($update) { $update_file = JRequest::getVar('change', true); } else { $update_file = true; } if ($update_file && $_FILES['upload']['size'] == 0 && $_FILES['upload']['tmp_name'] == '') { // Guess the type of error if ($filename == '') { $error = 'no_file'; $error_msg = JText::_('ERROR UPLOADING FILE') . ' ' . $filename; $error_msg .= ' (' . JText::_('YOU MUST SELECT A FILE TO UPLOAD') . ')'; if ($mainframe->isAdmin()) { return $error_msg; } } else { $error = 'file_too_big'; $error_msg = JText::_('ERROR UPLOADING FILE') . ' ' . $filename; $error_msg .= ' <br>(' . JText::_('ERROR MAY BE LARGER THAN LIMIT') . ' '; $error_msg .= get_cfg_var('upload_max_filesize') . ')'; if ($mainframe->isAdmin()) { return $error_msg; } } // Set up the view to redisplay the form with warnings if ($update) { require_once JPATH_COMPONENT_SITE . DS . 'views' . DS . 'update' . DS . 'view.php'; $view = new AttachmentsViewUpdate(); $view->assign('update_file', $update_file); $view->assign('attachment_id', $attachment_id); } else { require_once JPATH_COMPONENT_SITE . DS . 'views' . DS . 'upload' . DS . 'view.php'; $view = new AttachmentsViewUpload(); } $view->assign('save_url', JRoute::_("index.php?option=com_attachments&task=save&tmpl=component")); $view->assign('filename', $filename); $view->assign('article_id', $article_id); $view->assign('article_title', AttachmentsHelper::get_article_title($article_id)); $view->assign('description', $row->description); $view->assign('display_filename', $row->display_filename); $view->assign('user_field_1', $row->user_field_1); $view->assign('user_field_2', $row->user_field_2); $view->assign('user_field_3', $row->user_field_3); $view->assign('from', JRequest::getVar('from', '')); $view->assign('Itemid', JRequest::getVar('Itemid', 1)); $view->assignRef('params', $params); $view->display(null, $error, $error_msg, true); exit; } // Make sure the file type is okay (respect restrictions imposed by media manager) jimport('joomla.filesystem.file'); $cmparams =& JComponentHelper::getParams('com_media'); // First check to make sure the extension is allowed $allowable = explode(',', $cmparams->get('upload_extensions')); $ignored = explode(',', $cmparams->get('ignore_extensions')); $format = strtolower(JFile::getExt($filename)); $error = false; $error_msg = false; if (!in_array($format, $allowable) && !in_array($format, $ignored)) { $error = 'illegal_file_extension'; $error_msg = JText::_('ERROR UPLOADING FILE') . ': ' . $filename; $error_msg .= "<br>" . JText::_('ERROR ILLEGAL FILE EXTENSION') . " {$format}"; $error_msg .= "<br>" . JText::_('ERROR CHANGE IN MEDIA MANAGER'); } // Check to make sure the mime type is okay if ($cmparams->get('restrict_uploads', true)) { if ($cmparams->get('check_mime', true)) { $allowed_mime = explode(',', $cmparams->get('upload_mime')); $illegal_mime = explode(',', $cmparams->get('upload_mime_illegal')); if (strlen($ftype) && !in_array($ftype, $allowed_mime) && in_array($ftype, $illegal_mime)) { $error = 'illegal_mime_type'; $error_msg = JText::_('ERROR UPLOADING FILE') . ' ' . $filename; $error_msg .= ', ' . JText::_('ERROR ILLEGAL FILE MIME TYPE') . " {$ftype}"; $error_msg .= " <br>" . JText::_('ERROR CHANGE IN MEDIA MANAGER'); } } } // If there was an error, refresh the form with a warning if ($error) { if ($mainframe->isAdmin()) { return $error_msg; } // Set up the view to redisplay the form with warnings if ($update) { require_once JPATH_COMPONENT_SITE . DS . 'views' . DS . 'update' . DS . 'view.php'; $view = new AttachmentsViewUpdate(); $view->assign('update_file', JRequest::getVar('change', false)); $view->assign('attachment_id', $attachment_id); } else { require_once JPATH_COMPONENT_SITE . DS . 'views' . DS . 'upload' . DS . 'view.php'; $view = new AttachmentsViewUpload(); } $view->assign('save_url', JRoute::_("index.php?option=com_attachments&task=save&tmpl=component")); $view->assign('filename', $filename); $view->assign('article_id', $article_id); $view->assign('article_title', AttachmentsHelper::get_article_title($article_id)); $view->assign('description', $row->description); $view->assign('display_filename', $row->display_filename); $view->assign('user_field_1', $row->user_field_1); $view->assign('user_field_2', $row->user_field_2); $view->assign('user_field_3', $row->user_field_3); $view->assign('from', JRequest::getVar('from', '')); $view->assign('Itemid', JRequest::getVar('Itemid', 1)); $view->assignRef('params', $params); $view->display(null, $error, $error_msg, true); exit; } // Define where the attachments go $upload_url = $params->get('attachments_subdir', 'attachments'); $upload_dir = JPATH_SITE . DS . $upload_url; // Figure out the system filename $filename_sys = null; $url = null; $prepend = $params->get('prepend', 'article_id'); switch ($prepend) { case 'article_id': $prefix = sprintf("%03d_", $article_id); $filename_sys = $upload_dir . DS . $prefix . $filename; $url = $upload_url . "/" . $prefix . $filename; break; // NOTE: for attachment_id, save normally and make a second pass // to rename the file after we know the attachment ID // NOTE: for attachment_id, save normally and make a second pass // to rename the file after we know the attachment ID default: $filename_sys = $upload_dir . DS . $filename; $url = $upload_url . "/" . $filename; } // If not updating, make sure the system filename doesn't already exist $error = false; if (!$update && JFile::exists($filename_sys) && $prepend != 'attachment_id') { $error = 'file_not_on_server'; $error_msg = JText::_('ERROR FILE ALREADY ON SERVER'); $error_msg .= " ({$filename})"; if ($mainframe->isAdmin()) { return $error_msg; } // Set up the view to redisplay the form with warnings require_once JPATH_COMPONENT_SITE . DS . 'views' . DS . 'upload' . DS . 'view.php'; $view = new AttachmentsViewUpload(); $view->assign('filename', $filename); $view->assign('save_url', JRoute::_("index.php?option=com_attachments&task=save&tmpl=component")); $view->assign('article_id', $article_id); $view->assign('article_title', AttachmentsHelper::get_article_title($article_id)); $view->assign('description', $row->description); $view->assign('display_filename', $row->display_filename); $view->assign('user_field_1', $row->user_field_1); $view->assign('user_field_2', $row->user_field_2); $view->assign('user_field_3', $row->user_field_3); $view->assign('from', JRequest::getVar('from', '')); $view->assign('Itemid', JRequest::getVar('Itemid', 1)); $view->assignRef('params', $params); $view->display(null, $error, $error_msg, true); exit; } // Get the maximum allowed filename length (for the filename display) $max_filename_length = $params->get('max_filename_length', 0); if (is_numeric($max_filename_length)) { $max_filename_length = intval($max_filename_length); } else { $max_filename_length = 0; } // Create a display filename, if needed (for long filenames) if ($max_filename_length > 0 and strlen($row->display_filename) == 0 and strlen($filename) > $max_filename_length) { $row->display_filename = AttachmentsHelper::truncate_filename($filename, $max_filename_length); } // Copy the info about the uploaded file into the new record $row->filename = $filename; $row->filename_sys = $filename_sys; $row->url = $url; $row->file_type = $ftype; $row->file_size = $_FILES['upload']['size']; $row->published = $auto_publish; // Set the create/modify dates jimport('joomla.utilities.date'); $now = new JDate(); $row->create_date = $now->toMySQL(); $row->modification_date = $row->create_date; // Add the icon file type require_once JPATH_COMPONENT_SITE . DS . 'file_types.php'; $row->icon_filename = AttachmentsFileTypes::icon_filename($filename, $ftype); // Save the updated attachment if (!$row->store()) { JError::raiseError(500, $row->getError()); } // Get the upload id $db =& JFactory::getDBO(); $attachment_id = $db->insertid(); // If we're prepending attachment IDs, fix the system filename and URL and // update the attachment record (now that we know the attachment ID) if ($prepend == 'attachment_id') { $prefix = sprintf("%03d_", $attachment_id); $filename_sys = $upload_dir . DS . $prefix . $filename; $url = $upload_url . "/" . $prefix . $filename; $row->id = $attachment_id; $row->filename_sys = $filename_sys; $row->url = $url; $row->store(); } // Move the file $msg = ""; if (JFile::upload($_FILES['upload']['tmp_name'], $filename_sys)) { $size = intval($row->file_size / 1024.0); chmod($filename_sys, 0644); if ($update) { $msg = JText::_('UPDATED ATTACHMENT') . ' ' . $filename . " (" . $size . " Kb)!"; } else { $msg = JText::_('UPLOADED ATTACHMENT') . ' ' . $filename . " (" . $size . " Kb)!"; } } else { $query = "DELETE FROM #__attachments WHERE id={$attachment_id}"; $db->setQuery($query); $result = $db->query(); $msg = JText::_('ERROR MOVING FILE') . " {$_FILES['upload']['tmp_name']} -> {$filename_sys})"; } // If we are updating, we may need to delete the old file if ($update) { if ($filename != $old_filename) { JFile::delete($old_filename_sys); } } return $msg; }
/** * Add the infomation about the URL to the attaachment record and then save it * * @param &object &$attachment the attachment object * @param &object &$parent the attachments parent object * @param bool $verify whether the existance of the URL should be checked * @param bool $relative_url allow relative URLs * @param string $update the type of update (or false if it is not an update) * @param int $attachment_id the attachment ID, false if this is a new attachment * * @return an error message if there is a problem */ public static function add_url(&$attachment, &$parent, $verify, $relative_url = false, $update = false, $attachment_id = false) { $user = JFactory::getUser(); // Get the component parameters jimport('joomla.application.component.helper'); $params = JComponentHelper::getParams('com_attachments'); // Get the auto-publish setting $auto_publish = $params->get('publish_default', false); // Figure out if the user has permissions to publish $may_publish = $parent->userMayChangeAttachmentState($attachment->parent_id, $attachment->parent_entity, $attachment->created_by); // If we are updating, note the name of the old filename (if there was one) // (Needed for switching from a file to a URL) $old_filename = null; $old_filename_sys = null; $old_display_name = null; if ($update) { if ($attachment->filename_sys) { $old_filename = $attachment->filename; $old_filename_sys = $attachment->filename_sys; } $old_display_name = JRequest::getString('old_display_name', null); } // Check to make sure the URL is valid $from = JRequest::getWord('from'); // Get the info from the url $result = AttachmentsHelper::get_url_info($attachment->url, $attachment, $verify, $relative_url); // Save the info about the URL flags $attachment->url_verify = $verify; $attachment->url_relative = $relative_url; // If there was an error, bow out if ($result !== true) { $app = JFactory::getApplication(); if ($app->isAdmin()) { return $result; } $update_form = JRequest::getWord('update'); // Redisplay the upload/update form with complaints if ($update) { require_once JPATH_COMPONENT_SITE . '/views/update/view.html.php'; $view = new AttachmentsViewUpdate(); AttachmentsHelper::add_view_urls($view, 'update', $attachment->parent_id, $attachment->parent_type, $attachment_id, $from); $view->update = $update_form; } else { require_once JPATH_COMPONENT_SITE . '/views/upload/view.html.php'; $view = new AttachmentsViewUpload(); AttachmentsHelper::add_view_urls($view, 'upload', $attachment->parent_id, $attachment->parent_type, null, $from); } // Suppress the display filename if we are changing from file to url $display_name = $attachment->display_name; if ($update && ($update == 'file' || $update != $attachment->uri_type)) { $attachment->display_name = ''; } // Set up the view $view->attachment = $attachment; $view->new_parent = $parent->new; $view->parent = $parent; $view->params = $params; $view->from = $from; $view->Itemid = JRequest::getInt('Itemid', 1); $view->error = $result->error; $view->error_msg = $result->error_msg; // Display the view $view->display(); exit; } // Clear out the display_name if the URL has changed $old_url = JRequest::getString('old_url'); if ($attachment->display_name && $attachment->url != $old_url) { $old_display_name = JRequest::getString('old_display_name'); if ($old_display_name == $attachment->display_name) { $attachment->display_name = ''; } } // Get the maximum allowed filename length (for the filename display) $max_filename_length = $params->get('max_filename_length', 0); if (is_numeric($max_filename_length)) { $max_filename_length = (int) $max_filename_length; } else { $max_filename_length = 0; } // Create a display filename, if needed (for long URLs) if ($max_filename_length > 0 && strlen($attachment->display_name) == 0) { if ($attachment->filename) { $attachment->display_name = AttachmentsHelper::truncate_filename($attachment->filename, $max_filename_length); } else { $attachment->display_name = AttachmentsHelper::truncate_url($attachment->url, $max_filename_length); } } // Assume relative URLs are valid if ($relative_url) { $attachment->url_valid = true; } // If there is no filename, do something about it if (!$attachment->filename and !$attachment->display_name) { $attachment->display_name = $attachment->url; } // If the user is not authorised to change the state (eg, publish/unpublish), // ignore the form data and make sure the publish state is set correctly. if (!$may_publish) { $save_type = JString::strtolower(JRequest::getWord('save_type', 'update')); if ($save_type == 'upload') { // Use the default publish state jimport('joomla.application.component.helper'); $params = JComponentHelper::getParams('com_attachments'); $attachment->state = $params->get('publish_default', false); } else { // Restore the old state $db = JFactory::getDBO(); $query = $db->getQuery(true); $query->select('state')->from('#__attachments')->where('id = ' . (int) $attachment->id); $db->setQuery($query, 0, 1); $old_state = $db->loadResult(); if ($db->getErrorNum()) { $errmsg = $db->stderr() . ' (ERR 39)'; JError::raiseError(500, $errmsg); } $attachment->state = $old_state; } } // Set the create/modify dates $now = JFactory::getDate(); $attachment->created = $now->toSql(); $attachment->modified = $attachment->created; $attachment->uri_type = 'url'; // Check the URL length if (strlen($attachment->url) > AttachmentsDefines::$MAXIMUM_URL_LENGTH) { $errmsg = "URL is too long! (" . strlen($attachment->url) . ")"; // ??? Convert to translated error message JError::raiseError(500, $errmsg); } // Save the updated attachment if (!$attachment->store()) { $errmsg = JText::_('ATTACH_ERROR_SAVING_URL_ATTACHMENT_RECORD') . $attachment->getError() . ' (ERR 40)'; JError::raiseError(500, $errmsg); } // Delete any old attachment file if ($old_filename_sys) { jimport('joomla.filesystem.file'); if (JFile::exists($old_filename_sys)) { JFile::delete($old_filename_sys); AttachmentsHelper::clean_directory($old_filename_sys); } } if ($update) { $msg = JText::_('ATTACH_ATTACHMENT_UPDATED'); } else { $msg = JText::_('ATTACH_ATTACHMENT_SAVED'); } return $msg; }