/** * handle request and build XML * @access protected * */ function buildXml() { if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $this->checkConnector(); $this->checkRequest(); //resizing to 1x1 is almost equal to deleting a file, that's why FILE_DELETE permissions are required if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_DELETE) || !$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_UPLOAD)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!isset($_POST["fileName"])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_POST["fileName"]); if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName) || $resourceTypeInfo->checkIsHiddenFile($fileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$resourceTypeInfo->checkExtension($fileName, false)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $filePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName); if (!file_exists($filePath) || !is_file($filePath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); } $newWidth = trim($_POST['width']); $newHeight = trim($_POST['height']); $quality = 80; $resizeOriginal = !empty($_POST['width']) && !empty($_POST['height']); if ($resizeOriginal) { if (!preg_match("/^\\d+\$/", $newWidth) || !preg_match("/^\\d+\$/", $newHeight) || !preg_match("/^\\d+\$/", $newWidth)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!isset($_POST["newFileName"])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $newFileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_POST["newFileName"]); if (!$resourceTypeInfo->checkExtension($newFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } if (!CKFinder_Connector_Utils_FileSystem::checkFileName($newFileName) || $resourceTypeInfo->checkIsHiddenFile($newFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $newFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $newFileName); if (!is_writable(dirname($newFilePath))) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } if ($_POST['overwrite'] != "1" && file_exists($newFilePath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST); } $_imagesConfig = $_config->getImagesConfig(); $maxWidth = $_imagesConfig->getMaxWidth(); $maxHeight = $_imagesConfig->getMaxHeight(); // Shouldn't happen as the JavaScript validation should not allow this. if ($maxWidth > 0 && $newWidth > $maxWidth || $maxHeight > 0 && $newHeight > $maxHeight) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } } require_once CKFINDER_CONNECTOR_LIB_DIR . "/CommandHandler/Thumbnail.php"; if ($resizeOriginal) { $result = CKFinder_Connector_CommandHandler_Thumbnail::createThumb($filePath, $newFilePath, $newWidth, $newHeight, $quality, false); if (!$result) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } } $config = $this->getConfig(); $nameWithoutExt = preg_replace("/^(.+)\\_\\d+x\\d+\$/", "\$1", CKFinder_Connector_Utils_FileSystem::getFileNameWithoutExtension($fileName)); $extension = CKFinder_Connector_Utils_FileSystem::getExtension($fileName); foreach (array('small', 'medium', 'large') as $size) { if (!empty($_POST[$size]) && $_POST[$size] == '1') { $thumbName = $nameWithoutExt . "_" . $size . "." . $extension; $newFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $thumbName); if (!empty($config[$size . 'Thumb'])) { if (preg_match("/^(\\d+)x(\\d+)\$/", $config[$size . 'Thumb'], $matches)) { CKFinder_Connector_CommandHandler_Thumbnail::createThumb($filePath, $newFilePath, $matches[1], $matches[2], $quality, true); } } } } }
* Handle FileUpload command * * @package CKFinder * @subpackage CommandHandlers * @copyright CKSource - Frederico Knabben */ class CKFinder_Connector_CommandHandler_FileUpload extends CKFinder_Connector_CommandHandler_CommandHandlerBase { /** * Command name * * @access protected * @var string */ protected $command = "FileUpload"; /** * send response (save uploaded file, resize if required) * @access public * */ public function sendResponse() { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_NONE; $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $oRegistry =& CKFinder_Connector_Core_Factory::getInstance("Core_Registry"); $oRegistry->set("FileUpload_fileName", "unknown file"); $uploadedFile = array_shift($_FILES); if (!isset($uploadedFile['name'])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID); } $sUnsafeFileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding(CKFinder_Connector_Utils_Misc::mbBasename($uploadedFile['name'])); $sFileName = CKFinder_Connector_Utils_FileSystem::secureFileName($sUnsafeFileName); if ($sFileName != $sUnsafeFileName) { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID_NAME_RENAMED; } $oRegistry->set("FileUpload_fileName", $sFileName); $this->checkConnector(); $this->checkRequest(); if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_UPLOAD)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); if (!CKFinder_Connector_Utils_FileSystem::checkFileName($sFileName) || $_resourceTypeConfig->checkIsHiddenFile($sFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!$resourceTypeInfo->checkExtension($sFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } $oRegistry->set("FileUpload_fileName", $sFileName); $oRegistry->set("FileUpload_url", $this->_currentFolder->getUrl()); $maxSize = $resourceTypeInfo->getMaxSize(); if (!$_config->checkSizeAfterScaling() && $maxSize && $uploadedFile['size'] > $maxSize) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); } $htmlExtensions = $_config->getHtmlExtensions(); $sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileName); if ($htmlExtensions && !CKFinder_Connector_Utils_Misc::inArrayCaseInsensitive($sExtension, $htmlExtensions) && ($detectHtml = CKFinder_Connector_Utils_FileSystem::detectHtml($uploadedFile['tmp_name'])) === true) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE); } $secureImageUploads = $_config->getSecureImageUploads(); if ($secureImageUploads && ($isImageValid = CKFinder_Connector_Utils_FileSystem::isImageValid($uploadedFile['tmp_name'], $sExtension)) === false) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); } switch ($uploadedFile['error']) { case UPLOAD_ERR_OK: break; case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); break; case UPLOAD_ERR_PARTIAL: case UPLOAD_ERR_NO_FILE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); break; case UPLOAD_ERR_NO_TMP_DIR: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_NO_TMP_DIR); break; case UPLOAD_ERR_CANT_WRITE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); break; case UPLOAD_ERR_EXTENSION: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); break; } $sServerDir = $this->_currentFolder->getServerPath(); while (true) { $sFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($sServerDir, $sFileName); if (file_exists($sFilePath)) { $sFileName = CKFinder_Connector_Utils_FileSystem::autoRename($sServerDir, $sFileName); $oRegistry->set("FileUpload_fileName", $sFileName); $iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_FILE_RENAMED; } else { if (false === move_uploaded_file($uploadedFile['tmp_name'], $sFilePath)) { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED; } else { if (isset($detectHtml) && $detectHtml === -1 && CKFinder_Connector_Utils_FileSystem::detectHtml($sFilePath) === true) { @unlink($sFilePath); $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE); } else { if (isset($isImageValid) && $isImageValid === -1 && CKFinder_Connector_Utils_FileSystem::isImageValid($sFilePath, $sExtension) === false) { @unlink($sFilePath); $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); } } }
/** * send response (save uploaded file, resize if required) * @access public * */ public function sendResponse() { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_NONE; $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $oRegistry =& CKFinder_Connector_Core_Factory::getInstance("Core_Registry"); $oRegistry->set("FileUpload_fileName", "unknown file"); $uploadedFile = array_shift($_FILES); if (!isset($uploadedFile['name'])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID); } $sUnsafeFileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding(CKFinder_Connector_Utils_Misc::mbBasename($uploadedFile['name'])); $sFileName = str_replace(array(":", "*", "?", "|", "/"), "_", $sUnsafeFileName); if ($_config->forceAscii()) { $sFileName = CKFinder_Connector_Utils_FileSystem::convertToAscii($sFileName); } if ($sFileName != $sUnsafeFileName) { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID_NAME_RENAMED; } //file named with chinese charactor $sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileName); $sFileName = date("Ymd") . "_" . date("His") . "." . $sExtension; //end $oRegistry->set("FileUpload_fileName", $sFileName); $this->checkConnector(); $this->checkRequest(); if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_UPLOAD)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); if (!CKFinder_Connector_Utils_FileSystem::checkFileName($sFileName) || $_resourceTypeConfig->checkIsHiddenFile($sFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!$resourceTypeInfo->checkExtension($sFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } $sFileNameOrginal = $sFileName; $oRegistry->set("FileUpload_fileName", $sFileName); $oRegistry->set("FileUpload_url", $this->_currentFolder->getUrl()); $maxSize = $resourceTypeInfo->getMaxSize(); if (!$_config->checkSizeAfterScaling() && $maxSize && $uploadedFile['size'] > $maxSize) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); } $htmlExtensions = $_config->getHtmlExtensions(); $sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileNameOrginal); if ($htmlExtensions && !CKFinder_Connector_Utils_Misc::inArrayCaseInsensitive($sExtension, $htmlExtensions) && ($detectHtml = CKFinder_Connector_Utils_FileSystem::detectHtml($uploadedFile['tmp_name'])) === true) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE); } $sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileNameOrginal); $secureImageUploads = $_config->getSecureImageUploads(); if ($secureImageUploads && ($isImageValid = CKFinder_Connector_Utils_FileSystem::isImageValid($uploadedFile['tmp_name'], $sExtension)) === false) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); } switch ($uploadedFile['error']) { case UPLOAD_ERR_OK: break; case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); break; case UPLOAD_ERR_PARTIAL: case UPLOAD_ERR_NO_FILE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); break; case UPLOAD_ERR_NO_TMP_DIR: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_NO_TMP_DIR); break; case UPLOAD_ERR_CANT_WRITE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); break; case UPLOAD_ERR_EXTENSION: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); break; } $sServerDir = $this->_currentFolder->getServerPath(); $iCounter = 0; //personnal $now = time(); $yearDir = $sServerDir . '/' . date('Y', $now) . '/'; if (!file_exists($yearDir) && !is_dir($yearDir)) { mkdir($yearDir, 0777); } $monthDir = $yearDir . date('m', $now) . '/'; if (!file_exists($monthDir) && !is_dir($monthDir)) { mkdir($monthDir, 0777); } $dayDir = $monthDir . date('d', $now); if (!file_exists($dayDir) && !is_dir($dayDir)) { mkdir($dayDir, 0777); } $sServerDir = $dayDir; $oRegistry->set("FileUpload_url", $this->_currentFolder->getUrl() . date('Y', $now) . '/' . date('m', $now) . '/' . date('d', $now) . '/'); //personnal end //file_put_contents($_SERVER['DOCUMENT_ROOT'].'/s.txt',$this->_currentFolder->getUrl()); // while (true) { $sFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($sServerDir, $sFileName); if (file_exists($sFilePath)) { $iCounter++; $sFileName = CKFinder_Connector_Utils_FileSystem::getFileNameWithoutExtension($sFileNameOrginal) . "(" . $iCounter . ")" . "." . CKFinder_Connector_Utils_FileSystem::getExtension($sFileNameOrginal); $oRegistry->set("FileUpload_fileName", $sFileName); $iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_FILE_RENAMED; } else { if (false === move_uploaded_file($uploadedFile['tmp_name'], $sFilePath)) { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED; } else { if (isset($detectHtml) && $detectHtml === -1 && CKFinder_Connector_Utils_FileSystem::detectHtml($sFilePath) === true) { @unlink($sFilePath); $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE); } else { if (isset($isImageValid) && $isImageValid === -1 && CKFinder_Connector_Utils_FileSystem::isImageValid($sFilePath, $sExtension) === false) { @unlink($sFilePath); $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); } } } if (is_file($sFilePath) && ($perms = $_config->getChmodFiles())) { $oldumask = umask(0); @chmod($sFilePath, $perms); umask($oldumask); } break; } } if (!$_config->checkSizeAfterScaling()) { $this->_errorHandler->throwError($iErrorNumber, true, false); } //resize image if required require_once CKFINDER_CONNECTOR_LIB_DIR . "/CommandHandler/Thumbnail.php"; $_imagesConfig = $_config->getImagesConfig(); if ($_imagesConfig->getMaxWidth() > 0 && $_imagesConfig->getMaxHeight() > 0 && $_imagesConfig->getQuality() > 0) { CKFinder_Connector_CommandHandler_Thumbnail::createThumb($sFilePath, $sFilePath, $_imagesConfig->getMaxWidth(), $_imagesConfig->getMaxHeight(), $_imagesConfig->getQuality(), true); } if ($_config->checkSizeAfterScaling()) { //check file size after scaling, attempt to delete if too big clearstatcache(); if ($maxSize && filesize($sFilePath) > $maxSize) { @unlink($sFilePath); $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); } else { $this->_errorHandler->throwError($iErrorNumber, true, false); } } CKFinder_Connector_Core_Hooks::run('AfterFileUpload', array(&$this->_currentFolder, &$uploadedFile, &$sFilePath)); }