/**
* send response (file)
* @access public
*
*/
function sendResponse()
{
if (!function_exists('ob_list_handlers') || !ob_list_handlers()) {
@ob_end_clean();
}
header("Content-Encoding: none");
$this->checkConnector();
$this->checkRequest();
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_VIEW)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
$fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["FileName"]);
$_resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig();
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
if (!$_resourceTypeInfo->checkExtension($fileName, false)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
$filePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName);
if ($_resourceTypeInfo->checkIsHiddenFile($fileName) || !file_exists($filePath) || !is_file($filePath)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND);
}
$fileName = CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($fileName);
header("Cache-Control: cache, must-revalidate");
header("Pragma: public");
header("Expires: 0");
header("Content-type: application/octet-stream; name=\"" . $fileName . "\"");
header("Content-Disposition: attachment; filename=\"" . str_replace("\"", "\\\"", $fileName) . "\"");
header("Content-Length: " . filesize($filePath));
CKFinder_Connector_Utils_FileSystem::readfileChunked($filePath);
exit;
}
/**
* handle request and build XML
* @access protected
*
*/
function buildXml()
{
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_DELETE)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
if (!isset($_GET["FileName"])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
$fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["FileName"]);
$_resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig();
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName) || $_resourceTypeInfo->checkIsHiddenFile($fileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
if (!$_resourceTypeInfo->checkExtension($fileName, false)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
$filePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName);
$bDeleted = false;
if (!file_exists($filePath)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND);
}
if (!@unlink($filePath)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
} else {
$bDeleted = true;
}
if ($bDeleted) {
$thumbPath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getThumbsServerPath(), $fileName);
@unlink($thumbPath);
$oDeleteFileNode = new Ckfinder_Connector_Utils_XmlNode("DeletedFile");
$this->_connectorNode->addChild($oDeleteFileNode);
$oDeleteFileNode->addAttribute("name", $fileName);
}
}
/**
* handle request and build XML
* @access protected
*
*/
function buildXml()
{
if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_RENAME)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
if (!isset($_GET["fileName"])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
if (!isset($_GET["newFileName"])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
$_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config");
$fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["fileName"]);
$newFileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["newFileName"]);
$oRenamedFileNode = new Ckfinder_Connector_Utils_XmlNode("RenamedFile");
$this->_connectorNode->addChild($oRenamedFileNode);
$oRenamedFileNode->addAttribute("name", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($fileName));
$resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig();
if (!$resourceTypeInfo->checkExtension($newFileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION);
}
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName) || $resourceTypeInfo->checkIsHiddenFile($fileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($newFileName) || $resourceTypeInfo->checkIsHiddenFile($newFileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
if (!$resourceTypeInfo->checkExtension($fileName, false)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
if ($_config->forceAscii()) {
$newFileName = CKFinder_Connector_Utils_FileSystem::convertToAscii($newFileName);
}
$filePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName);
$newFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $newFileName);
$bMoved = false;
if (!file_exists($filePath)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND);
}
if (!is_writable(dirname($newFilePath))) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
}
if (!is_writable($filePath)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
}
if (file_exists($newFilePath)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST);
}
$bMoved = @rename($filePath, $newFilePath);
if (!$bMoved) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNKNOWN, "File " . CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($fileName) . "has not been renamed");
} else {
$oRenamedFileNode->addAttribute("newName", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFileName));
$thumbPath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getThumbsServerPath(), $fileName);
CKFinder_Connector_Utils_FileSystem::unlink($thumbPath);
}
}
/**
* handle request and build XML
* @access protected
*
*/
protected function buildXml()
{
$_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config");
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FOLDER_CREATE)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
$_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig();
$sNewFolderName = isset($_GET["NewFolderName"]) ? $_GET["NewFolderName"] : "";
$sNewFolderName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($sNewFolderName);
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($sNewFolderName) || $_resourceTypeConfig->checkIsHiddenFolder($sNewFolderName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
$sServerDir = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $sNewFolderName);
if (!is_writeable($this->_currentFolder->getServerPath())) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
}
$bCreated = false;
if (file_exists($sServerDir)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST);
}
if ($perms = $_config->getChmodFolders()) {
$oldUmask = umask(0);
$bCreated = @mkdir($sServerDir, $perms);
umask($oldUmask);
} else {
$bCreated = @mkdir($sServerDir);
}
if (!$bCreated) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
} else {
$oNewFolderNode = new Ckfinder_Connector_Utils_XmlNode("NewFolder");
$this->_connectorNode->addChild($oNewFolderNode);
$oNewFolderNode->addAttribute("name", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($sNewFolderName));
}
}
function buildXml()
{
// A "must have", checking whether the connector is enabled and the basic parameters (like current folder) are safe.
$this->checkConnector();
$this->checkRequest();
// Checking ACL permissions, we're just getting an information about a file, so FILE_VIEW permission seems to be ok.
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_VIEW)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
// Make sure we actually received a file name
if (!isset($_GET["fileName"])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
$fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["fileName"]);
$resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig();
// Use the resource type configuration object to check whether the extension of a file to check is really allowed.
if (!$resourceTypeInfo->checkExtension($fileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION);
}
// Make sure that the file name is really ok and has not been sent by a hacker
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName) || $resourceTypeInfo->checkIsHiddenFile($fileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
$filePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName);
if (!file_exists($filePath) || !is_file($filePath)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND);
}
//set session values to be check by process.php upon returning from pixlr.com
$maketoken = md5(session_id());
///////////////////
//HACK KOEZIONCMS//
$thumbFolder = $this->_currentFolder->getThumbsServerPath();
$pixlrSession = array('token' => substr($maketoken, 0, 16), 'ImagePath' => $filePath, 'clientImagePath' => $this->_currentFolder->getUrl(), 'fileName' => $fileName, 'return' => $_SERVER['HTTP_REFERER'], 'thumbLocation' => $thumbFolder . $fileName);
Session::write('Pixlr', $pixlrSession);
//$_SESSION['pixlr']['token'] = substr($maketoken,0,16);
//$_SESSION['pixlr']['ImagePath'] = $filePath;
//$_SESSION['pixlr']['clientImagePath'] = $this->_currentFolder->getUrl(); // ie: /CMSfiles/images/subdirectory/
//$_SESSION['pixlr']['fileName'] = $fileName;
//$_SESSION['pixlr']['return'] = $_SERVER['HTTP_REFERER'];
//$thumbFolder = $this->_currentFolder->getThumbsServerPath();
//$_SESSION['pixlr']['thumbLocation'] = $thumbFolder . $fileName;
//get the client-side absolute path to the image being edited
//$absolute_filePath = "http://".$_SERVER['HTTP_HOST'].$_SESSION['pixlr']['clientImagePath'].$_SESSION['pixlr']['fileName'];
$absolute_filePath = "http://" . $_SERVER['HTTP_HOST'] . $pixlrSession['clientImagePath'] . $pixlrSession['fileName'];
//get teh directory this plugin is in so we can return to the process.php script in this folder
$pluginFolder = dirname(__FILE__);
//the directory holding this plugin
//make the directory a client-side absolute URL
$clientPluginFolder = preg_replace("@" . $_SERVER['DOCUMENT_ROOT'] . "@", "http://" . $_SERVER['HTTP_HOST'], $pluginFolder);
//parameters to send to pixlr.com
$pixlr_params = array("referrer" => $_SERVER['HTTP_HOST'], "loc" => "en", "exit" => $_SERVER['HTTP_REFERER'] != "" ? urlencode($_SERVER['HTTP_REFERER']) : "http://www.pixlr.com", "image" => $absolute_filePath, "title" => $fileName, "method" => "GET", "target" => urlencode($clientPluginFolder . "/process.php?token=" . $pixlrSession['token']), "locktarget" => "TRUE", "locktitle" => "TRUE", "locktype" => "TRUE", "lockquality" => "80");
$pixlr_link = "http://www.pixlr.com/editor?";
foreach ($pixlr_params as $key => $val) {
$pixlr_link .= $key . "=" . $val . "&";
}
$pixlr_link = rtrim($pixlr_link, "&");
$oNode = new Ckfinder_Connector_Utils_XmlNode("Pixlr");
$oNode->addAttribute("pixlr_link", $pixlr_link);
$this->_connectorNode->addChild($oNode);
}
/**
* handle request and build XML
* @access protected
*
*/
function buildXml()
{
if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FOLDER_RENAME)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
if (!isset($_GET["NewFolderName"])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
$newFolderName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["NewFolderName"]);
$resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig();
$_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config");
if ($_config->forceAscii()) {
$newFolderName = CKFinder_Connector_Utils_FileSystem::convertToAscii($newFolderName);
}
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($newFolderName) || $resourceTypeInfo->checkIsHiddenFolder($newFolderName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
// The root folder cannot be deleted.
if ($this->_currentFolder->getClientPath() == "/") {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
$oldFolderPath = $this->_currentFolder->getServerPath();
$bMoved = false;
if (!is_dir($oldFolderPath)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
//let's calculate new folder name
$newFolderPath = dirname($oldFolderPath) . DIRECTORY_SEPARATOR . $newFolderName . DIRECTORY_SEPARATOR;
if (file_exists(rtrim($newFolderPath, DIRECTORY_SEPARATOR))) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST);
}
if (eregi("\\.", basename($newFolderPath))) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
}
$bMoved = @rename($oldFolderPath, $newFolderPath);
if (!$bMoved) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
} else {
$newThumbsServerPath = dirname($this->_currentFolder->getThumbsServerPath()) . '/' . $newFolderName . '/';
if (!@rename($this->_currentFolder->getThumbsServerPath(), $newThumbsServerPath)) {
CKFinder_Connector_Utils_FileSystem::unlink($this->_currentFolder->getThumbsServerPath());
}
}
$newFolderPath = preg_replace(",[^/]+/?\$,", $newFolderName, $this->_currentFolder->getClientPath()) . '/';
$newFolderUrl = $resourceTypeInfo->getUrl() . ltrim($newFolderPath, '/');
$oRenameNode = new Ckfinder_Connector_Utils_XmlNode("RenamedFolder");
$this->_connectorNode->addChild($oRenameNode);
$oRenameNode->addAttribute("newName", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderName));
$oRenameNode->addAttribute("newPath", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderPath));
$oRenameNode->addAttribute("newUrl", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderUrl));
}
/**
* handle request and build XML
* @access protected
*/
function buildXml()
{
if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
$this->checkConnector();
$this->checkRequest();
// Saving empty file is equal to deleting a file, that's why FILE_DELETE permissions are required
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_DELETE)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
if (!isset($_POST["fileName"])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
if (!isset($_POST["content"])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
$fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_POST["fileName"]);
$resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig();
if (!$resourceTypeInfo->checkExtension($fileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION);
}
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName) || $resourceTypeInfo->checkIsHiddenFile($fileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
$filePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName);
if (!file_exists($filePath) || !is_file($filePath)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND);
}
if (!is_writable(dirname($filePath))) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
}
$fp = @fopen($filePath, 'wb');
if ($fp === false || !flock($fp, LOCK_EX)) {
$result = false;
} else {
$result = fwrite($fp, $_POST["content"]);
flock($fp, LOCK_UN);
fclose($fp);
}
if ($result === false) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
}
}
/**
* send response (file)
* @access public
*
*/
public function sendResponse()
{
if (!function_exists('ob_list_handlers') || ob_list_handlers()) {
@ob_end_clean();
}
header("Content-Encoding: none");
$this->checkConnector();
$this->checkRequest();
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_VIEW)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
$fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["FileName"]);
$_resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig();
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
if (!$_resourceTypeInfo->checkExtension($fileName, false)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
$filePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName);
if ($_resourceTypeInfo->checkIsHiddenFile($fileName) || !file_exists($filePath) || !is_file($filePath)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND);
}
$fileName = CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($fileName);
header("Cache-Control: cache, must-revalidate");
header("Pragma: public");
header("Expires: 0");
if (!empty($_GET['format']) && $_GET['format'] == 'text') {
header("Content-Type: text/plain; charset=utf-8");
} else {
$user_agent = !empty($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : "";
$encodedName = str_replace("\"", "\\\"", $fileName);
if (strpos($user_agent, "MSIE") !== false) {
$encodedName = str_replace(array("+", "%2E"), array(" ", "."), urlencode($encodedName));
}
header("Content-type: application/octet-stream; name=\"" . $fileName . "\"");
header("Content-Disposition: attachment; filename=\"" . $encodedName . "\"");
}
header("Content-Length: " . filesize($filePath));
CKFinder_Connector_Utils_FileSystem::readfileChunked($filePath);
exit;
}
/**
* handle request and build XML
* @access protected
*
*/
protected function buildXml()
{
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FOLDER_RENAME)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
if (!isset($_GET["NewFolderName"])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
$newFolderName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["NewFolderName"]);
$resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig();
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($newFolderName) || $resourceTypeInfo->checkIsHiddenFolder($newFolderName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
$oldFolderPath = $this->_currentFolder->getServerPath();
$bMoved = false;
if (!is_dir($oldFolderPath)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
//let's calculate new folder name
$newFolderPath = dirname($oldFolderPath) . DIRECTORY_SEPARATOR . $newFolderName . DIRECTORY_SEPARATOR;
if (file_exists($newFolderPath)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST);
}
$bMoved = @rename($oldFolderPath, $newFolderPath);
if (!$bMoved) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
} else {
CKFinder_Connector_Utils_FileSystem::unlink($this->_currentFolder->getThumbsServerPath());
}
$newFolderPath = preg_replace(",[^/]+/?\$,", $newFolderName, $this->_currentFolder->getClientPath()) . '/';
$newFolderUrl = $resourceTypeInfo->getUrl() . ltrim($newFolderPath, '/');
$oRenameNode = new Ckfinder_Connector_Utils_XmlNode("RenamedFolder");
$this->_connectorNode->addChild($oRenameNode);
$oRenameNode->addAttribute("newName", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderName));
$oRenameNode->addAttribute("newPath", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderPath));
$oRenameNode->addAttribute("newUrl", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderUrl));
}
function buildXml()
{
// A "must have", checking whether the connector is enabled and the basic parameters (like current folder) are safe.
$this->checkConnector();
$this->checkRequest();
// Checking ACL permissions, we're just getting an information about a file, so FILE_VIEW permission seems to be ok.
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_VIEW)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
// Make sure we actually received a file name
if (!isset($_GET["fileName"])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
$fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["fileName"]);
$resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig();
// Use the resource type configuration object to check whether the extension of a file to check is really allowed.
if (!$resourceTypeInfo->checkExtension($fileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION);
}
// Make sure that the file name is really ok and has not been sent by a hacker
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName) || $resourceTypeInfo->checkIsHiddenFile($fileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
$filePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName);
if (!file_exists($filePath) || !is_file($filePath)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND);
}
$size = filesize($filePath);
// *** The main part of this plugin ****
// Adding a <FileSize> element to the XML response.
//$oNode = new Ckfinder_Connector_Utils_XmlNode("FileSize");
//$oNode->addAttribute("size", $size);
//$this->_connectorNode->addChild($oNode);
$myNode = new Ckfinder_Connector_Utils_XmlNode("MyMessage");
$myNode->addAttribute("message", "Hello world!");
$this->_connectorNode->addChild($myNode);
}
/**
* handle request and build XML
* @access protected
*
*/
function buildXml()
{
$this->checkConnector();
$this->checkRequest();
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_VIEW)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
$resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig();
if (!isset($_GET["fileName"])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
$fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["fileName"]);
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName) || $resourceTypeInfo->checkIsHiddenFile($fileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
if (!$resourceTypeInfo->checkExtension($fileName, false)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
$filePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName);
if (!file_exists($filePath) || !is_file($filePath)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND);
}
list($width, $height) = getimagesize($filePath);
$oNode = new Ckfinder_Connector_Utils_XmlNode("ImageInfo");
$oNode->addAttribute("width", $width);
$oNode->addAttribute("height", $height);
$this->_connectorNode->addChild($oNode);
}
/**
* handle request and send response
* @access public
*
*/
public function sendResponse()
{
@ob_end_clean();
header("Content-Encoding: none");
$this->checkConnector();
$_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config");
$_thumbnails = $_config->getThumbnailsConfig();
if (!$_thumbnails->getIsEnabled()) {
header("X-CKFinder-Error: " . CKFINDER_CONNECTOR_ERROR_THUMBNAILS_DISABLED);
header("HTTP/1.0 403 Forbidden");
exit;
}
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_VIEW)) {
header("X-CKFinder-Error: " . CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
header("HTTP/1.0 403 Forbidden");
exit;
}
if (!isset($_GET["FileName"])) {
header("X-CKFinder-Error: " . CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
header("HTTP/1.0 404 Not Found");
exit;
}
$fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["FileName"]);
$_resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig();
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName)) {
header("X-CKFinder-Error: " . CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
header("HTTP/1.0 403 Forbidden");
exit;
}
$sourceFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName);
if ($_resourceTypeInfo->checkIsHiddenFile($fileName) || !file_exists($sourceFilePath)) {
header("X-CKFinder-Error: " . CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND);
header("HTTP/1.0 404 Not Found");
exit;
}
$thumbFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getThumbsServerPath(), $fileName);
// If the thumbnail file doesn't exists, create it now.
if (!file_exists($thumbFilePath)) {
if (!$this->createThumb($sourceFilePath, $thumbFilePath, $_thumbnails->getMaxWidth(), $_thumbnails->getMaxHeight(), $_thumbnails->getQuality(), true)) {
header("X-CKFinder-Error: " . CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
header("HTTP/1.0 500 Internal Server Error");
exit;
}
}
$size = filesize($thumbFilePath);
$sourceImageAttr = getimagesize($thumbFilePath);
$mime = $sourceImageAttr["mime"];
$rtime = isset($_SERVER["HTTP_IF_MODIFIED_SINCE"]) ? @strtotime($_SERVER["HTTP_IF_MODIFIED_SINCE"]) : 0;
$mtime = filemtime($thumbFilePath);
if ($rtime >= $mtime) {
header("HTTP/1.0 304 Not Modified");
exit;
}
//header("Cache-Control: cache, must-revalidate");
//header("Pragma: public");
//header("Expires: 0");
header('Cache-control: public');
header("Content-type: " . $mime . "; name=\"" . basename($thumbFilePath) . "\"");
header("Last-Modified: " . gmdate('D, d M Y H:i:s', $mtime) . " GMT");
//header("Content-type: application/octet-stream; name=\"{$file}\"");
//header("Content-Disposition: attachment; filename=\"{$file}\"");
header("Content-Length: " . $size);
readfile($thumbFilePath);
exit;
}
* Handle FileUpload command
*
* @package CKFinder
* @subpackage CommandHandlers
* @copyright CKSource - Frederico Knabben
*/
class CKFinder_Connector_CommandHandler_FileUpload extends CKFinder_Connector_CommandHandler_CommandHandlerBase
{
/**
* Command name
*
* @access protected
* @var string
*/
protected $command = "FileUpload";
/**
* send response (save uploaded file, resize if required)
* @access public
*
*/
public function sendResponse()
{
$iErrorNumber = CKFINDER_CONNECTOR_ERROR_NONE;
$_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config");
$oRegistry =& CKFinder_Connector_Core_Factory::getInstance("Core_Registry");
$oRegistry->set("FileUpload_fileName", "unknown file");
$uploadedFile = array_shift($_FILES);
if (!isset($uploadedFile['name'])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID);
}
$sUnsafeFileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding(CKFinder_Connector_Utils_Misc::mbBasename($uploadedFile['name']));
$sFileName = CKFinder_Connector_Utils_FileSystem::secureFileName($sUnsafeFileName);
if ($sFileName != $sUnsafeFileName) {
$iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID_NAME_RENAMED;
}
$oRegistry->set("FileUpload_fileName", $sFileName);
$this->checkConnector();
$this->checkRequest();
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_UPLOAD)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
$_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig();
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($sFileName) || $_resourceTypeConfig->checkIsHiddenFile($sFileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
$resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig();
if (!$resourceTypeInfo->checkExtension($sFileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION);
}
$oRegistry->set("FileUpload_fileName", $sFileName);
$oRegistry->set("FileUpload_url", $this->_currentFolder->getUrl());
$maxSize = $resourceTypeInfo->getMaxSize();
if (!$_config->checkSizeAfterScaling() && $maxSize && $uploadedFile['size'] > $maxSize) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG);
}
$htmlExtensions = $_config->getHtmlExtensions();
$sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileName);
if ($htmlExtensions && !CKFinder_Connector_Utils_Misc::inArrayCaseInsensitive($sExtension, $htmlExtensions) && ($detectHtml = CKFinder_Connector_Utils_FileSystem::detectHtml($uploadedFile['tmp_name'])) === true) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE);
}
$secureImageUploads = $_config->getSecureImageUploads();
if ($secureImageUploads && ($isImageValid = CKFinder_Connector_Utils_FileSystem::isImageValid($uploadedFile['tmp_name'], $sExtension)) === false) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT);
}
switch ($uploadedFile['error']) {
case UPLOAD_ERR_OK:
break;
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG);
break;
case UPLOAD_ERR_PARTIAL:
case UPLOAD_ERR_NO_FILE:
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT);
break;
case UPLOAD_ERR_NO_TMP_DIR:
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_NO_TMP_DIR);
break;
case UPLOAD_ERR_CANT_WRITE:
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
break;
case UPLOAD_ERR_EXTENSION:
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
break;
}
$sServerDir = $this->_currentFolder->getServerPath();
while (true) {
$sFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($sServerDir, $sFileName);
if (file_exists($sFilePath)) {
$sFileName = CKFinder_Connector_Utils_FileSystem::autoRename($sServerDir, $sFileName);
$oRegistry->set("FileUpload_fileName", $sFileName);
$iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_FILE_RENAMED;
} else {
if (false === move_uploaded_file($uploadedFile['tmp_name'], $sFilePath)) {
$iErrorNumber = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED;
} else {
if (isset($detectHtml) && $detectHtml === -1 && CKFinder_Connector_Utils_FileSystem::detectHtml($sFilePath) === true) {
@unlink($sFilePath);
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE);
} else {
if (isset($isImageValid) && $isImageValid === -1 && CKFinder_Connector_Utils_FileSystem::isImageValid($sFilePath, $sExtension) === false) {
@unlink($sFilePath);
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT);
}
}
}
/**
* handle request and send response
* @access public
*
*/
public function sendResponse()
{
// Get rid of BOM markers
if (ob_get_level()) {
while (@ob_end_clean() && ob_get_level()) {
}
}
header("Content-Encoding: none");
$this->checkConnector();
$this->checkRequest();
$_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config");
$_thumbnails = $_config->getThumbnailsConfig();
if (!$_thumbnails->getIsEnabled()) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_THUMBNAILS_DISABLED);
}
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_VIEW)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
if (!isset($_GET["FileName"])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
$fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["FileName"]);
$_resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig();
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
$sourceFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName);
if ($_resourceTypeInfo->checkIsHiddenFile($fileName) || !file_exists($sourceFilePath)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND);
}
$thumbFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getThumbsServerPath(), $fileName);
// If the thumbnail file doesn't exists, create it now.
if (!file_exists($thumbFilePath)) {
if (!$this->createThumb($sourceFilePath, $thumbFilePath, $_thumbnails->getMaxWidth(), $_thumbnails->getMaxHeight(), $_thumbnails->getQuality(), true, $_thumbnails->getBmpSupported())) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
}
}
$size = filesize($thumbFilePath);
$sourceImageAttr = getimagesize($thumbFilePath);
$mime = $sourceImageAttr["mime"];
$rtime = isset($_SERVER["HTTP_IF_MODIFIED_SINCE"]) ? @strtotime($_SERVER["HTTP_IF_MODIFIED_SINCE"]) : 0;
$mtime = filemtime($thumbFilePath);
$etag = dechex($mtime) . "-" . dechex($size);
$is304 = false;
if (isset($_SERVER["HTTP_IF_NONE_MATCH"]) && $_SERVER["HTTP_IF_NONE_MATCH"] === $etag) {
$is304 = true;
} else {
if ($rtime == $mtime) {
$is304 = true;
}
}
if ($is304) {
header("HTTP/1.0 304 Not Modified");
exit;
}
//header("Cache-Control: cache, must-revalidate");
//header("Pragma: public");
//header("Expires: 0");
header('Cache-control: public');
header('Etag: ' . $etag);
header("Content-type: " . $mime . "; name=\"" . CKFinder_Connector_Utils_Misc::mbBasename($thumbFilePath) . "\"");
header("Last-Modified: " . gmdate('D, d M Y H:i:s', $mtime) . " GMT");
//header("Content-type: application/octet-stream; name=\"{$file}\"");
//header("Content-Disposition: attachment; filename=\"{$file}\"");
header("Content-Length: " . $size);
readfile($thumbFilePath);
exit;
}
/**
* Check whether $folderName is a valid folder name, return true on success
*
* @static
* @access public
* @param string $folderName
* @return boolean
*/
public static function checkFolderName($folderName)
{
$_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config");
if ($_config->getDisallowUnsafeCharacters()) {
if (strpos($folderName, ".") !== false) {
return false;
}
}
return CKFinder_Connector_Utils_FileSystem::checkFileName($folderName);
}
/**
* handle request and build XML
* @access protected
*
*/
function buildXml()
{
if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
$clientPath = $this->_currentFolder->getClientPath();
$sServerDir = $this->_currentFolder->getServerPath();
$currentResourceTypeConfig = $this->_currentFolder->getResourceTypeConfig();
$_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config");
$_aclConfig = $_config->getAccessControlConfig();
$aclMasks = array();
$_resourceTypeConfig = array();
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_RENAME | CKFINDER_CONNECTOR_ACL_FILE_UPLOAD | CKFINDER_CONNECTOR_ACL_FILE_DELETE)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
// Create the "Errors" node.
$oErrorsNode = new CKFinder_Connector_Utils_XmlNode("Errors");
$errorCode = CKFINDER_CONNECTOR_ERROR_NONE;
$moved = 0;
$movedAll = 0;
if (!empty($_POST['moved'])) {
$movedAll = intval($_POST['moved']);
}
$checkedPaths = array();
$oMoveFilesNode = new Ckfinder_Connector_Utils_XmlNode("MoveFiles");
if (!empty($_POST['files']) && is_array($_POST['files'])) {
foreach ($_POST['files'] as $index => $arr) {
if (empty($arr['name'])) {
continue;
}
if (!isset($arr['name'], $arr['type'], $arr['folder'])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
// file name
$name = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['name']);
// resource type
$type = $arr['type'];
// client path
$path = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['folder']);
// options
$options = !empty($arr['options']) ? $arr['options'] : '';
$destinationFilePath = $sServerDir . $name;
// check #1 (path)
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($name) || preg_match(CKFINDER_REGEX_INVALID_PATH, $path)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
// get resource type config for current file
if (!isset($_resourceTypeConfig[$type])) {
$_resourceTypeConfig[$type] = $_config->getResourceTypeConfig($type);
}
// check #2 (resource type)
if (is_null($_resourceTypeConfig[$type])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
// check #3 (extension)
if (!$_resourceTypeConfig[$type]->checkExtension($name, false)) {
$errorCode = CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION;
$this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path);
continue;
}
// check #4 (extension) - when moving to another resource type, double check extension
if ($currentResourceTypeConfig->getName() != $type) {
if (!$currentResourceTypeConfig->checkExtension($name, false)) {
$errorCode = CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION;
$this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path);
continue;
}
}
// check #5 (hidden folders)
// cache results
if (empty($checkedPaths[$path])) {
$checkedPaths[$path] = true;
if ($_resourceTypeConfig[$type]->checkIsHiddenPath($path)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
}
$sourceFilePath = $_resourceTypeConfig[$type]->getDirectory() . $path . $name;
// check #6 (hidden file name)
if ($currentResourceTypeConfig->checkIsHiddenFile($name)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
// check #7 (Access Control, need file view permission to source files)
if (!isset($aclMasks[$type . "@" . $path])) {
$aclMasks[$type . "@" . $path] = $_aclConfig->getComputedMask($type, $path);
}
$isAuthorized = ($aclMasks[$type . "@" . $path] & CKFINDER_CONNECTOR_ACL_FILE_VIEW) == CKFINDER_CONNECTOR_ACL_FILE_VIEW;
if (!$isAuthorized) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
// check #8 (invalid file name)
if (!file_exists($sourceFilePath) || !is_file($sourceFilePath)) {
$errorCode = CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND;
$this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path);
continue;
}
// check #9 (max size)
if ($currentResourceTypeConfig->getName() != $type) {
$maxSize = $currentResourceTypeConfig->getMaxSize();
$fileSize = filesize($sourceFilePath);
if ($maxSize && $fileSize > $maxSize) {
$errorCode = CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG;
$this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path);
continue;
}
}
//$overwrite
// finally, no errors so far, we may attempt to copy a file
// protection against copying files to itself
if ($sourceFilePath == $destinationFilePath) {
$errorCode = CKFINDER_CONNECTOR_ERROR_SOURCE_AND_TARGET_PATH_EQUAL;
$this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path);
continue;
} else {
if (file_exists($destinationFilePath)) {
if (strpos($options, "overwrite") !== false) {
if (!@unlink($destinationFilePath)) {
$errorCode = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED;
$this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path);
continue;
} else {
if (!@rename($sourceFilePath, $destinationFilePath)) {
$errorCode = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED;
$this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path);
continue;
} else {
$moved++;
}
}
} else {
if (strpos($options, "autorename") !== false) {
$iCounter = 1;
while (true) {
$fileName = CKFinder_Connector_Utils_FileSystem::getFileNameWithoutExtension($name) . "(" . $iCounter . ")" . "." . CKFinder_Connector_Utils_FileSystem::getExtension($name);
$destinationFilePath = $sServerDir . $fileName;
if (!file_exists($destinationFilePath)) {
break;
} else {
$iCounter++;
}
}
if (!@rename($sourceFilePath, $destinationFilePath)) {
$errorCode = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED;
$this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path);
continue;
} else {
$moved++;
}
} else {
$errorCode = CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST;
$this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path);
continue;
}
}
} else {
if (!@rename($sourceFilePath, $destinationFilePath)) {
$errorCode = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED;
$this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path);
continue;
} else {
$moved++;
}
}
}
}
}
$this->_connectorNode->addChild($oMoveFilesNode);
if ($errorCode != CKFINDER_CONNECTOR_ERROR_NONE) {
$this->_connectorNode->addChild($oErrorsNode);
}
$oMoveFilesNode->addAttribute("moved", $moved);
$oMoveFilesNode->addAttribute("movedTotal", $movedAll + $moved);
/**
* Note: actually we could have more than one error.
* This is just a flag for CKFinder interface telling it to check all errors.
*/
if ($errorCode != CKFINDER_CONNECTOR_ERROR_NONE) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_MOVE_FAILED);
}
}
/**
* send response (save uploaded file, resize if required)
* @access public
*
*/
public function sendResponse()
{
global $met_wate_class, $met_wate_bigimg, $met_text_wate, $met_text_bigsize, $met_text_color, $met_text_angle, $met_watermark, $met_text_fonts, $met_big_wate, $met_file_maxsize, $met_img_rename;
$iErrorNumber = CKFINDER_CONNECTOR_ERROR_NONE;
$_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config");
$oRegistry =& CKFinder_Connector_Core_Factory::getInstance("Core_Registry");
$oRegistry->set("FileUpload_fileName", "unknown file");
$uploadedFile = array_shift($_FILES);
if (!isset($uploadedFile['name'])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID);
}
$sUnsafeFileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding(CKFinder_Connector_Utils_Misc::mbBasename($uploadedFile['name']));
$sFileName = str_replace(array(":", "*", "?", "|", "/", "——", " "), "_", $sUnsafeFileName);
if ($_config->getDisallowUnsafeCharacters()) {
$sFileName = str_replace(";", "_", $sFileName);
}
if ($_config->forceAscii()) {
$sFileName = CKFinder_Connector_Utils_FileSystem::convertToAscii($sFileName);
}
$sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileName);
$sFileName = str_replace(' ', '', $sFileName);
if ($met_img_rename) {
$sFileName = date("Ymd") . "_" . date("His") . "." . $sExtension;
}
if ($sFileName != $sUnsafeFileName) {
$iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID_NAME_RENAMED;
}
$oRegistry->set("FileUpload_fileName", $sFileName);
$this->checkConnector();
$this->checkRequest();
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_UPLOAD)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
$_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig();
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($sFileName) || $_resourceTypeConfig->checkIsHiddenFile($sFileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
$resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig();
if (!$resourceTypeInfo->checkExtension($sFileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION);
}
$sFileNameOrginal = $sFileName;
$oRegistry->set("FileUpload_fileName", $sFileName);
$oRegistry->set("FileUpload_url", $this->_currentFolder->getUrl());
$maxSize = $resourceTypeInfo->getMaxSize();
if (!$_config->checkSizeAfterScaling() && $maxSize && $uploadedFile['size'] > $maxSize) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG);
}
if ($uploadedFile['size'] > $met_file_maxsize * 1024 * 1024) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG_MET);
}
$htmlExtensions = $_config->getHtmlExtensions();
$sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileNameOrginal);
if ($htmlExtensions && !CKFinder_Connector_Utils_Misc::inArrayCaseInsensitive($sExtension, $htmlExtensions) && ($detectHtml = CKFinder_Connector_Utils_FileSystem::detectHtml($uploadedFile['tmp_name'])) === true) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE);
}
$sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileNameOrginal);
$secureImageUploads = $_config->getSecureImageUploads();
if ($secureImageUploads && ($isImageValid = CKFinder_Connector_Utils_FileSystem::isImageValid($uploadedFile['tmp_name'], $sExtension)) === false) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT);
}
switch ($uploadedFile['error']) {
case UPLOAD_ERR_OK:
break;
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG);
break;
case UPLOAD_ERR_PARTIAL:
case UPLOAD_ERR_NO_FILE:
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT);
break;
case UPLOAD_ERR_NO_TMP_DIR:
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_NO_TMP_DIR);
break;
case UPLOAD_ERR_CANT_WRITE:
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
break;
case UPLOAD_ERR_EXTENSION:
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
break;
}
$sServerDir = $this->_currentFolder->getServerPath();
$iCounter = 0;
while (true) {
$sFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($sServerDir, $sFileName);
if (file_exists($sFilePath)) {
$iCounter++;
$sFileName = CKFinder_Connector_Utils_FileSystem::getFileNameWithoutExtension($sFileNameOrginal) . "(" . $iCounter . ")" . "." . CKFinder_Connector_Utils_FileSystem::getExtension($sFileNameOrginal);
$oRegistry->set("FileUpload_fileName", $sFileName);
$iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_FILE_RENAMED;
} else {
//move_uploaded_file($uploadedFile['tmp_name'], $sFilePath)
if (false === copy($uploadedFile['tmp_name'], $sFilePath)) {
$iErrorNumber = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED;
} else {
if (isset($detectHtml) && $detectHtml === -1 && CKFinder_Connector_Utils_FileSystem::detectHtml($sFilePath) === true) {
@unlink($sFilePath);
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE);
} else {
if (isset($isImageValid) && $isImageValid === -1 && CKFinder_Connector_Utils_FileSystem::isImageValid($sFilePath, $sExtension) === false) {
@unlink($sFilePath);
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT);
}
}
}
if (is_file($sFilePath) && ($perms = $_config->getChmodFiles())) {
$oldumask = umask(0);
chmod($sFilePath, $perms);
umask($oldumask);
}
break;
}
}
$sFileName_water = $sFileName;
if (stristr(PHP_OS, "WIN")) {
$sFileName_water = iconv("GBK", "utf-8", $sFileName);
}
if ($met_big_wate == 1) {
require_once CKFINDER_CONNECTOR_CONFIG_watermark_PATHX;
$img = new Watermark();
if ($met_wate_class == 2) {
$img->met_image_name = CKFINDER_CONNECTOR_CONFIG_img_PATHX . $met_wate_bigimg;
$img->met_image_pos = $met_watermark;
} else {
$img->met_text = $met_text_wate;
$img->met_text_size = $met_text_bigsize;
$img->met_text_color = $met_text_color;
$img->met_text_angle = $met_text_angle;
$img->met_text_pos = $met_watermark;
$img->met_text_font = CKFINDER_CONNECTOR_CONFIG_fonts_PATHX . $met_text_fonts;
}
if (!file_exists(CKFINDER_CONNECTOR_CONFIG_upload_PATHX . "/images/watermark/")) {
mkdir(CKFINDER_CONNECTOR_CONFIG_upload_PATHX . "/images/watermark/");
}
$img->src_image_name = CKFINDER_CONNECTOR_CONFIG_upload_PATHX . "/images/{$sFileName_water}";
$img->save_file = CKFINDER_CONNECTOR_CONFIG_upload_PATHX . "/images/watermark/{$sFileName_water}";
$img->create();
}
if (!$_config->checkSizeAfterScaling()) {
$this->_errorHandler->throwError($iErrorNumber, true, false);
}
//resize image if required
require_once CKFINDER_CONNECTOR_LIB_DIR . "/CommandHandler/Thumbnail.php";
$_imagesConfig = $_config->getImagesConfig();
/*图片如果超过设定最大值,则把图片缩小
if ($_imagesConfig->getMaxWidth()>0 && $_imagesConfig->getMaxHeight()>0 && $_imagesConfig->getQuality()>0) {
CKFinder_Connector_CommandHandler_Thumbnail::createThumb($sFilePath, $sFilePath, $_imagesConfig->getMaxWidth(), $_imagesConfig->getMaxHeight(), $_imagesConfig->getQuality(), true) ;
}
*/
if ($met_big_wate == 1) {
$oRegistry->set("FileUpload_url", $this->_currentFolder->getUrl() . 'watermark/');
}
if ($_config->checkSizeAfterScaling()) {
//check file size after scaling, attempt to delete if too big
clearstatcache();
if ($maxSize && filesize($sFilePath) > $maxSize) {
@unlink($sFilePath);
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG);
} else {
$this->_errorHandler->throwError($iErrorNumber, true, false);
}
}
CKFinder_Connector_Core_Hooks::run('AfterFileUpload', array(&$this->_currentFolder, &$uploadedFile, &$sFilePath));
}
/**
* send response (save uploaded file, resize if required)
* @access public
*
*/
public function sendResponse()
{
$iErrorNumber = CKFINDER_CONNECTOR_ERROR_NONE;
$_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config");
$oRegistry =& CKFinder_Connector_Core_Factory::getInstance("Core_Registry");
$oRegistry->set("FileUpload_fileName", "unknown file");
$uploadedFile = array_shift($_FILES);
if (!isset($uploadedFile['name'])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID);
}
$sUnsafeFileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding(CKFinder_Connector_Utils_Misc::mbBasename($uploadedFile['name']));
$sFileName = str_replace(array(":", "*", "?", "|", "/"), "_", $sUnsafeFileName);
if ($_config->forceAscii()) {
$sFileName = CKFinder_Connector_Utils_FileSystem::convertToAscii($sFileName);
}
if ($sFileName != $sUnsafeFileName) {
$iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID_NAME_RENAMED;
}
//file named with chinese charactor
$sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileName);
$sFileName = date("Ymd") . "_" . date("His") . "." . $sExtension;
//end
$oRegistry->set("FileUpload_fileName", $sFileName);
$this->checkConnector();
$this->checkRequest();
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_UPLOAD)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
$_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig();
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($sFileName) || $_resourceTypeConfig->checkIsHiddenFile($sFileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME);
}
$resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig();
if (!$resourceTypeInfo->checkExtension($sFileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION);
}
$sFileNameOrginal = $sFileName;
$oRegistry->set("FileUpload_fileName", $sFileName);
$oRegistry->set("FileUpload_url", $this->_currentFolder->getUrl());
$maxSize = $resourceTypeInfo->getMaxSize();
if (!$_config->checkSizeAfterScaling() && $maxSize && $uploadedFile['size'] > $maxSize) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG);
}
$htmlExtensions = $_config->getHtmlExtensions();
$sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileNameOrginal);
if ($htmlExtensions && !CKFinder_Connector_Utils_Misc::inArrayCaseInsensitive($sExtension, $htmlExtensions) && ($detectHtml = CKFinder_Connector_Utils_FileSystem::detectHtml($uploadedFile['tmp_name'])) === true) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE);
}
$sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileNameOrginal);
$secureImageUploads = $_config->getSecureImageUploads();
if ($secureImageUploads && ($isImageValid = CKFinder_Connector_Utils_FileSystem::isImageValid($uploadedFile['tmp_name'], $sExtension)) === false) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT);
}
switch ($uploadedFile['error']) {
case UPLOAD_ERR_OK:
break;
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG);
break;
case UPLOAD_ERR_PARTIAL:
case UPLOAD_ERR_NO_FILE:
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT);
break;
case UPLOAD_ERR_NO_TMP_DIR:
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_NO_TMP_DIR);
break;
case UPLOAD_ERR_CANT_WRITE:
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
break;
case UPLOAD_ERR_EXTENSION:
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
break;
}
$sServerDir = $this->_currentFolder->getServerPath();
$iCounter = 0;
//personnal
$now = time();
$yearDir = $sServerDir . '/' . date('Y', $now) . '/';
if (!file_exists($yearDir) && !is_dir($yearDir)) {
mkdir($yearDir, 0777);
}
$monthDir = $yearDir . date('m', $now) . '/';
if (!file_exists($monthDir) && !is_dir($monthDir)) {
mkdir($monthDir, 0777);
}
$dayDir = $monthDir . date('d', $now);
if (!file_exists($dayDir) && !is_dir($dayDir)) {
mkdir($dayDir, 0777);
}
$sServerDir = $dayDir;
$oRegistry->set("FileUpload_url", $this->_currentFolder->getUrl() . date('Y', $now) . '/' . date('m', $now) . '/' . date('d', $now) . '/');
//personnal end
//file_put_contents($_SERVER['DOCUMENT_ROOT'].'/s.txt',$this->_currentFolder->getUrl());
//
while (true) {
$sFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($sServerDir, $sFileName);
if (file_exists($sFilePath)) {
$iCounter++;
$sFileName = CKFinder_Connector_Utils_FileSystem::getFileNameWithoutExtension($sFileNameOrginal) . "(" . $iCounter . ")" . "." . CKFinder_Connector_Utils_FileSystem::getExtension($sFileNameOrginal);
$oRegistry->set("FileUpload_fileName", $sFileName);
$iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_FILE_RENAMED;
} else {
if (false === move_uploaded_file($uploadedFile['tmp_name'], $sFilePath)) {
$iErrorNumber = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED;
} else {
if (isset($detectHtml) && $detectHtml === -1 && CKFinder_Connector_Utils_FileSystem::detectHtml($sFilePath) === true) {
@unlink($sFilePath);
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE);
} else {
if (isset($isImageValid) && $isImageValid === -1 && CKFinder_Connector_Utils_FileSystem::isImageValid($sFilePath, $sExtension) === false) {
@unlink($sFilePath);
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT);
}
}
}
if (is_file($sFilePath) && ($perms = $_config->getChmodFiles())) {
$oldumask = umask(0);
@chmod($sFilePath, $perms);
umask($oldumask);
}
break;
}
}
if (!$_config->checkSizeAfterScaling()) {
$this->_errorHandler->throwError($iErrorNumber, true, false);
}
//resize image if required
require_once CKFINDER_CONNECTOR_LIB_DIR . "/CommandHandler/Thumbnail.php";
$_imagesConfig = $_config->getImagesConfig();
if ($_imagesConfig->getMaxWidth() > 0 && $_imagesConfig->getMaxHeight() > 0 && $_imagesConfig->getQuality() > 0) {
CKFinder_Connector_CommandHandler_Thumbnail::createThumb($sFilePath, $sFilePath, $_imagesConfig->getMaxWidth(), $_imagesConfig->getMaxHeight(), $_imagesConfig->getQuality(), true);
}
if ($_config->checkSizeAfterScaling()) {
//check file size after scaling, attempt to delete if too big
clearstatcache();
if ($maxSize && filesize($sFilePath) > $maxSize) {
@unlink($sFilePath);
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG);
} else {
$this->_errorHandler->throwError($iErrorNumber, true, false);
}
}
CKFinder_Connector_Core_Hooks::run('AfterFileUpload', array(&$this->_currentFolder, &$uploadedFile, &$sFilePath));
}
/**
* handle request and build XML
* @access protected
*
*/
protected function buildXml()
{
if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_DELETE)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
$oErrorsNode = new CKFinder_Connector_Utils_XmlNode("Errors");
$errorCode = CKFINDER_CONNECTOR_ERROR_NONE;
$deleted = 0;
$oDeleteFilesNode = new Ckfinder_Connector_Utils_XmlNode("DeleteFiles");
$currentResourceTypeConfig = $this->_currentFolder->getResourceTypeConfig();
$_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config");
$_aclConfig = $_config->getAccessControlConfig();
$aclMasks = array();
$_resourceTypeConfig = array();
$checkedPaths = array();
if (!empty($_POST['files']) && is_array($_POST['files'])) {
foreach ($_POST['files'] as $arr) {
if (empty($arr['name'])) {
continue;
}
if (!isset($arr['type'], $arr['folder'])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
// file name
$name = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['name']);
// resource type
$type = $arr['type'];
// client path
$path = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['folder']);
if (!isset($_resourceTypeConfig[$type])) {
$_resourceTypeConfig[$type] = $_config->getResourceTypeConfig($type);
}
if (is_null($_resourceTypeConfig[$type]) || !CKFinder_Connector_Utils_FileSystem::checkFileName($name) || preg_match(CKFINDER_REGEX_INVALID_PATH, $path)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
if (!$_resourceTypeConfig[$type]->checkExtension($name, false)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
if (empty($checkedPaths[$path])) {
$checkedPaths[$path] = true;
if ($_resourceTypeConfig[$type]->checkIsHiddenPath($path)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
}
if ($currentResourceTypeConfig->checkIsHiddenFile($name)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
if (!isset($aclMasks[$type . "@" . $path])) {
$aclMasks[$type . "@" . $path] = $_aclConfig->getComputedMask($type, $path);
}
$isAuthorized = ($aclMasks[$type . "@" . $path] & CKFINDER_CONNECTOR_ACL_FILE_DELETE) == CKFINDER_CONNECTOR_ACL_FILE_DELETE;
if (!$isAuthorized) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
$filePath = $_resourceTypeConfig[$type]->getDirectory() . $path . $name;
if (!file_exists($filePath) || !is_file($filePath)) {
$errorCode = CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND;
$this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path);
continue;
}
if (!CKFinder_Connector_Utils_FileSystem::unlink($filePath)) {
$errorCode = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED;
$this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path);
continue;
} else {
$deleted++;
$thumbPath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getThumbsServerPath(), $name);
@unlink($thumbPath);
}
}
}
$this->_connectorNode->addChild($oDeleteFilesNode);
if ($errorCode != CKFINDER_CONNECTOR_ERROR_NONE) {
$this->_connectorNode->addChild($oErrorsNode);
}
$oDeleteFilesNode->addAttribute("deleted", $deleted);
if ($errorCode != CKFINDER_CONNECTOR_ERROR_NONE) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_DELETE_FAILED);
}
}
/**
* Sends generated zip file to the user
*/
protected function sendZipFile()
{
if (!function_exists('ob_list_handlers') || ob_list_handlers()) {
@ob_end_clean();
}
header("Content-Encoding: none");
$this->checkConnector();
$this->checkRequest();
// empty wystarczy
if (empty($_GET['FileName'])) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND);
}
$resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig();
$hash = $resourceTypeInfo->getHash();
if ($hash !== $_GET['hash'] || $hash !== substr($_GET['FileName'], 16, 16)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_VIEW)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED);
}
$fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding(trim($_GET['FileName']));
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
if (strtolower(pathinfo($fileName, PATHINFO_EXTENSION)) !== 'zip') {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION);
}
$dest_dir = CKFinder_Connector_Utils_FileSystem::getTmpDir();
$filePath = CKFinder_Connector_Utils_FileSystem::combinePaths($dest_dir, $fileName);
if (!file_exists($filePath) || !is_file($filePath)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND);
}
if (!is_readable($filePath)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED);
}
$zipFileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding(trim($_GET['ZipName']));
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($zipFileName)) {
$this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST);
}
$fileFilename = pathinfo($zipFileName, PATHINFO_BASENAME);
header("Content-Encoding: none");
header("Cache-Control: cache, must-revalidate");
header("Pragma: public");
header("Expires: 0");
$user_agent = !empty($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : "";
$encodedName = str_replace("\"", "\\\"", $fileFilename);
if (strpos($user_agent, "MSIE") !== false) {
$encodedName = str_replace(array("+", "%2E"), array(" ", "."), urlencode($encodedName));
}
header("Content-type: application/octet-stream; name=\"" . $fileFilename . "\"");
header("Content-Disposition: attachment; filename=\"" . $encodedName . "\"");
header("Content-Length: " . filesize($filePath));
CKFinder_Connector_Utils_FileSystem::sendFile($filePath);
exit;
}
