/** * send response (file) * @access public * */ function sendResponse() { if (!function_exists('ob_list_handlers') || !ob_list_handlers()) { @ob_end_clean(); } header("Content-Encoding: none"); $this->checkConnector(); $this->checkRequest(); if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_VIEW)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["FileName"]); $_resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$_resourceTypeInfo->checkExtension($fileName, false)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $filePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName); if ($_resourceTypeInfo->checkIsHiddenFile($fileName) || !file_exists($filePath) || !is_file($filePath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); } $fileName = CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($fileName); header("Cache-Control: cache, must-revalidate"); header("Pragma: public"); header("Expires: 0"); header("Content-type: application/octet-stream; name=\"" . $fileName . "\""); header("Content-Disposition: attachment; filename=\"" . str_replace("\"", "\\\"", $fileName) . "\""); header("Content-Length: " . filesize($filePath)); CKFinder_Connector_Utils_FileSystem::readfileChunked($filePath); exit; }
/** * handle request and build XML * @access protected * */ function buildXml() { if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_DELETE)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } if (!isset($_GET["FileName"])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["FileName"]); $_resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName) || $_resourceTypeInfo->checkIsHiddenFile($fileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$_resourceTypeInfo->checkExtension($fileName, false)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $filePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName); $bDeleted = false; if (!file_exists($filePath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); } if (!@unlink($filePath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } else { $bDeleted = true; } if ($bDeleted) { $thumbPath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getThumbsServerPath(), $fileName); @unlink($thumbPath); $oDeleteFileNode = new Ckfinder_Connector_Utils_XmlNode("DeletedFile"); $this->_connectorNode->addChild($oDeleteFileNode); $oDeleteFileNode->addAttribute("name", $fileName); } }
/** * handle request and build XML * @access protected * */ function buildXml() { if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_RENAME)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } if (!isset($_GET["fileName"])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } if (!isset($_GET["newFileName"])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["fileName"]); $newFileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["newFileName"]); $oRenamedFileNode = new Ckfinder_Connector_Utils_XmlNode("RenamedFile"); $this->_connectorNode->addChild($oRenamedFileNode); $oRenamedFileNode->addAttribute("name", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($fileName)); $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!$resourceTypeInfo->checkExtension($newFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName) || $resourceTypeInfo->checkIsHiddenFile($fileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!CKFinder_Connector_Utils_FileSystem::checkFileName($newFileName) || $resourceTypeInfo->checkIsHiddenFile($newFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } if (!$resourceTypeInfo->checkExtension($fileName, false)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if ($_config->forceAscii()) { $newFileName = CKFinder_Connector_Utils_FileSystem::convertToAscii($newFileName); } $filePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName); $newFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $newFileName); $bMoved = false; if (!file_exists($filePath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); } if (!is_writable(dirname($newFilePath))) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } if (!is_writable($filePath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } if (file_exists($newFilePath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST); } $bMoved = @rename($filePath, $newFilePath); if (!$bMoved) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNKNOWN, "File " . CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($fileName) . "has not been renamed"); } else { $oRenamedFileNode->addAttribute("newName", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFileName)); $thumbPath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getThumbsServerPath(), $fileName); CKFinder_Connector_Utils_FileSystem::unlink($thumbPath); } }
/** * handle request and build XML * @access protected * */ protected function buildXml() { $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FOLDER_CREATE)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); $sNewFolderName = isset($_GET["NewFolderName"]) ? $_GET["NewFolderName"] : ""; $sNewFolderName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($sNewFolderName); if (!CKFinder_Connector_Utils_FileSystem::checkFileName($sNewFolderName) || $_resourceTypeConfig->checkIsHiddenFolder($sNewFolderName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $sServerDir = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $sNewFolderName); if (!is_writeable($this->_currentFolder->getServerPath())) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } $bCreated = false; if (file_exists($sServerDir)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST); } if ($perms = $_config->getChmodFolders()) { $oldUmask = umask(0); $bCreated = @mkdir($sServerDir, $perms); umask($oldUmask); } else { $bCreated = @mkdir($sServerDir); } if (!$bCreated) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } else { $oNewFolderNode = new Ckfinder_Connector_Utils_XmlNode("NewFolder"); $this->_connectorNode->addChild($oNewFolderNode); $oNewFolderNode->addAttribute("name", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($sNewFolderName)); } }
function buildXml() { // A "must have", checking whether the connector is enabled and the basic parameters (like current folder) are safe. $this->checkConnector(); $this->checkRequest(); // Checking ACL permissions, we're just getting an information about a file, so FILE_VIEW permission seems to be ok. if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_VIEW)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } // Make sure we actually received a file name if (!isset($_GET["fileName"])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["fileName"]); $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); // Use the resource type configuration object to check whether the extension of a file to check is really allowed. if (!$resourceTypeInfo->checkExtension($fileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } // Make sure that the file name is really ok and has not been sent by a hacker if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName) || $resourceTypeInfo->checkIsHiddenFile($fileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $filePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName); if (!file_exists($filePath) || !is_file($filePath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); } //set session values to be check by process.php upon returning from pixlr.com $maketoken = md5(session_id()); /////////////////// //HACK KOEZIONCMS// $thumbFolder = $this->_currentFolder->getThumbsServerPath(); $pixlrSession = array('token' => substr($maketoken, 0, 16), 'ImagePath' => $filePath, 'clientImagePath' => $this->_currentFolder->getUrl(), 'fileName' => $fileName, 'return' => $_SERVER['HTTP_REFERER'], 'thumbLocation' => $thumbFolder . $fileName); Session::write('Pixlr', $pixlrSession); //$_SESSION['pixlr']['token'] = substr($maketoken,0,16); //$_SESSION['pixlr']['ImagePath'] = $filePath; //$_SESSION['pixlr']['clientImagePath'] = $this->_currentFolder->getUrl(); // ie: /CMSfiles/images/subdirectory/ //$_SESSION['pixlr']['fileName'] = $fileName; //$_SESSION['pixlr']['return'] = $_SERVER['HTTP_REFERER']; //$thumbFolder = $this->_currentFolder->getThumbsServerPath(); //$_SESSION['pixlr']['thumbLocation'] = $thumbFolder . $fileName; //get the client-side absolute path to the image being edited //$absolute_filePath = "http://".$_SERVER['HTTP_HOST'].$_SESSION['pixlr']['clientImagePath'].$_SESSION['pixlr']['fileName']; $absolute_filePath = "http://" . $_SERVER['HTTP_HOST'] . $pixlrSession['clientImagePath'] . $pixlrSession['fileName']; //get teh directory this plugin is in so we can return to the process.php script in this folder $pluginFolder = dirname(__FILE__); //the directory holding this plugin //make the directory a client-side absolute URL $clientPluginFolder = preg_replace("@" . $_SERVER['DOCUMENT_ROOT'] . "@", "http://" . $_SERVER['HTTP_HOST'], $pluginFolder); //parameters to send to pixlr.com $pixlr_params = array("referrer" => $_SERVER['HTTP_HOST'], "loc" => "en", "exit" => $_SERVER['HTTP_REFERER'] != "" ? urlencode($_SERVER['HTTP_REFERER']) : "http://www.pixlr.com", "image" => $absolute_filePath, "title" => $fileName, "method" => "GET", "target" => urlencode($clientPluginFolder . "/process.php?token=" . $pixlrSession['token']), "locktarget" => "TRUE", "locktitle" => "TRUE", "locktype" => "TRUE", "lockquality" => "80"); $pixlr_link = "http://www.pixlr.com/editor?"; foreach ($pixlr_params as $key => $val) { $pixlr_link .= $key . "=" . $val . "&"; } $pixlr_link = rtrim($pixlr_link, "&"); $oNode = new Ckfinder_Connector_Utils_XmlNode("Pixlr"); $oNode->addAttribute("pixlr_link", $pixlr_link); $this->_connectorNode->addChild($oNode); }
/** * handle request and build XML * @access protected * */ function buildXml() { if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FOLDER_RENAME)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } if (!isset($_GET["NewFolderName"])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $newFolderName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["NewFolderName"]); $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); if ($_config->forceAscii()) { $newFolderName = CKFinder_Connector_Utils_FileSystem::convertToAscii($newFolderName); } if (!CKFinder_Connector_Utils_FileSystem::checkFileName($newFolderName) || $resourceTypeInfo->checkIsHiddenFolder($newFolderName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } // The root folder cannot be deleted. if ($this->_currentFolder->getClientPath() == "/") { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $oldFolderPath = $this->_currentFolder->getServerPath(); $bMoved = false; if (!is_dir($oldFolderPath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } //let's calculate new folder name $newFolderPath = dirname($oldFolderPath) . DIRECTORY_SEPARATOR . $newFolderName . DIRECTORY_SEPARATOR; if (file_exists(rtrim($newFolderPath, DIRECTORY_SEPARATOR))) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST); } if (eregi("\\.", basename($newFolderPath))) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } $bMoved = @rename($oldFolderPath, $newFolderPath); if (!$bMoved) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } else { $newThumbsServerPath = dirname($this->_currentFolder->getThumbsServerPath()) . '/' . $newFolderName . '/'; if (!@rename($this->_currentFolder->getThumbsServerPath(), $newThumbsServerPath)) { CKFinder_Connector_Utils_FileSystem::unlink($this->_currentFolder->getThumbsServerPath()); } } $newFolderPath = preg_replace(",[^/]+/?\$,", $newFolderName, $this->_currentFolder->getClientPath()) . '/'; $newFolderUrl = $resourceTypeInfo->getUrl() . ltrim($newFolderPath, '/'); $oRenameNode = new Ckfinder_Connector_Utils_XmlNode("RenamedFolder"); $this->_connectorNode->addChild($oRenameNode); $oRenameNode->addAttribute("newName", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderName)); $oRenameNode->addAttribute("newPath", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderPath)); $oRenameNode->addAttribute("newUrl", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderUrl)); }
/** * handle request and build XML * @access protected */ function buildXml() { if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $this->checkConnector(); $this->checkRequest(); // Saving empty file is equal to deleting a file, that's why FILE_DELETE permissions are required if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_DELETE)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } if (!isset($_POST["fileName"])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } if (!isset($_POST["content"])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_POST["fileName"]); $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!$resourceTypeInfo->checkExtension($fileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName) || $resourceTypeInfo->checkIsHiddenFile($fileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $filePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName); if (!file_exists($filePath) || !is_file($filePath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); } if (!is_writable(dirname($filePath))) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } $fp = @fopen($filePath, 'wb'); if ($fp === false || !flock($fp, LOCK_EX)) { $result = false; } else { $result = fwrite($fp, $_POST["content"]); flock($fp, LOCK_UN); fclose($fp); } if ($result === false) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } }
/** * send response (file) * @access public * */ public function sendResponse() { if (!function_exists('ob_list_handlers') || ob_list_handlers()) { @ob_end_clean(); } header("Content-Encoding: none"); $this->checkConnector(); $this->checkRequest(); if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_VIEW)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["FileName"]); $_resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$_resourceTypeInfo->checkExtension($fileName, false)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $filePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName); if ($_resourceTypeInfo->checkIsHiddenFile($fileName) || !file_exists($filePath) || !is_file($filePath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); } $fileName = CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($fileName); header("Cache-Control: cache, must-revalidate"); header("Pragma: public"); header("Expires: 0"); if (!empty($_GET['format']) && $_GET['format'] == 'text') { header("Content-Type: text/plain; charset=utf-8"); } else { $user_agent = !empty($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ""; $encodedName = str_replace("\"", "\\\"", $fileName); if (strpos($user_agent, "MSIE") !== false) { $encodedName = str_replace(array("+", "%2E"), array(" ", "."), urlencode($encodedName)); } header("Content-type: application/octet-stream; name=\"" . $fileName . "\""); header("Content-Disposition: attachment; filename=\"" . $encodedName . "\""); } header("Content-Length: " . filesize($filePath)); CKFinder_Connector_Utils_FileSystem::readfileChunked($filePath); exit; }
/** * handle request and build XML * @access protected * */ protected function buildXml() { if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FOLDER_RENAME)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } if (!isset($_GET["NewFolderName"])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $newFolderName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["NewFolderName"]); $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!CKFinder_Connector_Utils_FileSystem::checkFileName($newFolderName) || $resourceTypeInfo->checkIsHiddenFolder($newFolderName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $oldFolderPath = $this->_currentFolder->getServerPath(); $bMoved = false; if (!is_dir($oldFolderPath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } //let's calculate new folder name $newFolderPath = dirname($oldFolderPath) . DIRECTORY_SEPARATOR . $newFolderName . DIRECTORY_SEPARATOR; if (file_exists($newFolderPath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST); } $bMoved = @rename($oldFolderPath, $newFolderPath); if (!$bMoved) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } else { CKFinder_Connector_Utils_FileSystem::unlink($this->_currentFolder->getThumbsServerPath()); } $newFolderPath = preg_replace(",[^/]+/?\$,", $newFolderName, $this->_currentFolder->getClientPath()) . '/'; $newFolderUrl = $resourceTypeInfo->getUrl() . ltrim($newFolderPath, '/'); $oRenameNode = new Ckfinder_Connector_Utils_XmlNode("RenamedFolder"); $this->_connectorNode->addChild($oRenameNode); $oRenameNode->addAttribute("newName", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderName)); $oRenameNode->addAttribute("newPath", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderPath)); $oRenameNode->addAttribute("newUrl", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderUrl)); }
function buildXml() { // A "must have", checking whether the connector is enabled and the basic parameters (like current folder) are safe. $this->checkConnector(); $this->checkRequest(); // Checking ACL permissions, we're just getting an information about a file, so FILE_VIEW permission seems to be ok. if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_VIEW)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } // Make sure we actually received a file name if (!isset($_GET["fileName"])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["fileName"]); $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); // Use the resource type configuration object to check whether the extension of a file to check is really allowed. if (!$resourceTypeInfo->checkExtension($fileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } // Make sure that the file name is really ok and has not been sent by a hacker if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName) || $resourceTypeInfo->checkIsHiddenFile($fileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $filePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName); if (!file_exists($filePath) || !is_file($filePath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); } $size = filesize($filePath); // *** The main part of this plugin **** // Adding a <FileSize> element to the XML response. //$oNode = new Ckfinder_Connector_Utils_XmlNode("FileSize"); //$oNode->addAttribute("size", $size); //$this->_connectorNode->addChild($oNode); $myNode = new Ckfinder_Connector_Utils_XmlNode("MyMessage"); $myNode->addAttribute("message", "Hello world!"); $this->_connectorNode->addChild($myNode); }
/** * handle request and build XML * @access protected * */ function buildXml() { $this->checkConnector(); $this->checkRequest(); if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_VIEW)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!isset($_GET["fileName"])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["fileName"]); if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName) || $resourceTypeInfo->checkIsHiddenFile($fileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$resourceTypeInfo->checkExtension($fileName, false)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $filePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName); if (!file_exists($filePath) || !is_file($filePath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); } list($width, $height) = getimagesize($filePath); $oNode = new Ckfinder_Connector_Utils_XmlNode("ImageInfo"); $oNode->addAttribute("width", $width); $oNode->addAttribute("height", $height); $this->_connectorNode->addChild($oNode); }
/** * handle request and send response * @access public * */ public function sendResponse() { @ob_end_clean(); header("Content-Encoding: none"); $this->checkConnector(); $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $_thumbnails = $_config->getThumbnailsConfig(); if (!$_thumbnails->getIsEnabled()) { header("X-CKFinder-Error: " . CKFINDER_CONNECTOR_ERROR_THUMBNAILS_DISABLED); header("HTTP/1.0 403 Forbidden"); exit; } if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_VIEW)) { header("X-CKFinder-Error: " . CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); header("HTTP/1.0 403 Forbidden"); exit; } if (!isset($_GET["FileName"])) { header("X-CKFinder-Error: " . CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); header("HTTP/1.0 404 Not Found"); exit; } $fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["FileName"]); $_resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName)) { header("X-CKFinder-Error: " . CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); header("HTTP/1.0 403 Forbidden"); exit; } $sourceFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName); if ($_resourceTypeInfo->checkIsHiddenFile($fileName) || !file_exists($sourceFilePath)) { header("X-CKFinder-Error: " . CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); header("HTTP/1.0 404 Not Found"); exit; } $thumbFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getThumbsServerPath(), $fileName); // If the thumbnail file doesn't exists, create it now. if (!file_exists($thumbFilePath)) { if (!$this->createThumb($sourceFilePath, $thumbFilePath, $_thumbnails->getMaxWidth(), $_thumbnails->getMaxHeight(), $_thumbnails->getQuality(), true)) { header("X-CKFinder-Error: " . CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); header("HTTP/1.0 500 Internal Server Error"); exit; } } $size = filesize($thumbFilePath); $sourceImageAttr = getimagesize($thumbFilePath); $mime = $sourceImageAttr["mime"]; $rtime = isset($_SERVER["HTTP_IF_MODIFIED_SINCE"]) ? @strtotime($_SERVER["HTTP_IF_MODIFIED_SINCE"]) : 0; $mtime = filemtime($thumbFilePath); if ($rtime >= $mtime) { header("HTTP/1.0 304 Not Modified"); exit; } //header("Cache-Control: cache, must-revalidate"); //header("Pragma: public"); //header("Expires: 0"); header('Cache-control: public'); header("Content-type: " . $mime . "; name=\"" . basename($thumbFilePath) . "\""); header("Last-Modified: " . gmdate('D, d M Y H:i:s', $mtime) . " GMT"); //header("Content-type: application/octet-stream; name=\"{$file}\""); //header("Content-Disposition: attachment; filename=\"{$file}\""); header("Content-Length: " . $size); readfile($thumbFilePath); exit; }
* Handle FileUpload command * * @package CKFinder * @subpackage CommandHandlers * @copyright CKSource - Frederico Knabben */ class CKFinder_Connector_CommandHandler_FileUpload extends CKFinder_Connector_CommandHandler_CommandHandlerBase { /** * Command name * * @access protected * @var string */ protected $command = "FileUpload"; /** * send response (save uploaded file, resize if required) * @access public * */ public function sendResponse() { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_NONE; $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $oRegistry =& CKFinder_Connector_Core_Factory::getInstance("Core_Registry"); $oRegistry->set("FileUpload_fileName", "unknown file"); $uploadedFile = array_shift($_FILES); if (!isset($uploadedFile['name'])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID); } $sUnsafeFileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding(CKFinder_Connector_Utils_Misc::mbBasename($uploadedFile['name'])); $sFileName = CKFinder_Connector_Utils_FileSystem::secureFileName($sUnsafeFileName); if ($sFileName != $sUnsafeFileName) { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID_NAME_RENAMED; } $oRegistry->set("FileUpload_fileName", $sFileName); $this->checkConnector(); $this->checkRequest(); if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_UPLOAD)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); if (!CKFinder_Connector_Utils_FileSystem::checkFileName($sFileName) || $_resourceTypeConfig->checkIsHiddenFile($sFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!$resourceTypeInfo->checkExtension($sFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } $oRegistry->set("FileUpload_fileName", $sFileName); $oRegistry->set("FileUpload_url", $this->_currentFolder->getUrl()); $maxSize = $resourceTypeInfo->getMaxSize(); if (!$_config->checkSizeAfterScaling() && $maxSize && $uploadedFile['size'] > $maxSize) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); } $htmlExtensions = $_config->getHtmlExtensions(); $sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileName); if ($htmlExtensions && !CKFinder_Connector_Utils_Misc::inArrayCaseInsensitive($sExtension, $htmlExtensions) && ($detectHtml = CKFinder_Connector_Utils_FileSystem::detectHtml($uploadedFile['tmp_name'])) === true) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE); } $secureImageUploads = $_config->getSecureImageUploads(); if ($secureImageUploads && ($isImageValid = CKFinder_Connector_Utils_FileSystem::isImageValid($uploadedFile['tmp_name'], $sExtension)) === false) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); } switch ($uploadedFile['error']) { case UPLOAD_ERR_OK: break; case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); break; case UPLOAD_ERR_PARTIAL: case UPLOAD_ERR_NO_FILE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); break; case UPLOAD_ERR_NO_TMP_DIR: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_NO_TMP_DIR); break; case UPLOAD_ERR_CANT_WRITE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); break; case UPLOAD_ERR_EXTENSION: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); break; } $sServerDir = $this->_currentFolder->getServerPath(); while (true) { $sFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($sServerDir, $sFileName); if (file_exists($sFilePath)) { $sFileName = CKFinder_Connector_Utils_FileSystem::autoRename($sServerDir, $sFileName); $oRegistry->set("FileUpload_fileName", $sFileName); $iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_FILE_RENAMED; } else { if (false === move_uploaded_file($uploadedFile['tmp_name'], $sFilePath)) { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED; } else { if (isset($detectHtml) && $detectHtml === -1 && CKFinder_Connector_Utils_FileSystem::detectHtml($sFilePath) === true) { @unlink($sFilePath); $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE); } else { if (isset($isImageValid) && $isImageValid === -1 && CKFinder_Connector_Utils_FileSystem::isImageValid($sFilePath, $sExtension) === false) { @unlink($sFilePath); $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); } } }
/** * handle request and send response * @access public * */ public function sendResponse() { // Get rid of BOM markers if (ob_get_level()) { while (@ob_end_clean() && ob_get_level()) { } } header("Content-Encoding: none"); $this->checkConnector(); $this->checkRequest(); $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $_thumbnails = $_config->getThumbnailsConfig(); if (!$_thumbnails->getIsEnabled()) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_THUMBNAILS_DISABLED); } if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_VIEW)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } if (!isset($_GET["FileName"])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["FileName"]); $_resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $sourceFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName); if ($_resourceTypeInfo->checkIsHiddenFile($fileName) || !file_exists($sourceFilePath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); } $thumbFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getThumbsServerPath(), $fileName); // If the thumbnail file doesn't exists, create it now. if (!file_exists($thumbFilePath)) { if (!$this->createThumb($sourceFilePath, $thumbFilePath, $_thumbnails->getMaxWidth(), $_thumbnails->getMaxHeight(), $_thumbnails->getQuality(), true, $_thumbnails->getBmpSupported())) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } } $size = filesize($thumbFilePath); $sourceImageAttr = getimagesize($thumbFilePath); $mime = $sourceImageAttr["mime"]; $rtime = isset($_SERVER["HTTP_IF_MODIFIED_SINCE"]) ? @strtotime($_SERVER["HTTP_IF_MODIFIED_SINCE"]) : 0; $mtime = filemtime($thumbFilePath); $etag = dechex($mtime) . "-" . dechex($size); $is304 = false; if (isset($_SERVER["HTTP_IF_NONE_MATCH"]) && $_SERVER["HTTP_IF_NONE_MATCH"] === $etag) { $is304 = true; } else { if ($rtime == $mtime) { $is304 = true; } } if ($is304) { header("HTTP/1.0 304 Not Modified"); exit; } //header("Cache-Control: cache, must-revalidate"); //header("Pragma: public"); //header("Expires: 0"); header('Cache-control: public'); header('Etag: ' . $etag); header("Content-type: " . $mime . "; name=\"" . CKFinder_Connector_Utils_Misc::mbBasename($thumbFilePath) . "\""); header("Last-Modified: " . gmdate('D, d M Y H:i:s', $mtime) . " GMT"); //header("Content-type: application/octet-stream; name=\"{$file}\""); //header("Content-Disposition: attachment; filename=\"{$file}\""); header("Content-Length: " . $size); readfile($thumbFilePath); exit; }
/** * Check whether $folderName is a valid folder name, return true on success * * @static * @access public * @param string $folderName * @return boolean */ public static function checkFolderName($folderName) { $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); if ($_config->getDisallowUnsafeCharacters()) { if (strpos($folderName, ".") !== false) { return false; } } return CKFinder_Connector_Utils_FileSystem::checkFileName($folderName); }
/** * handle request and build XML * @access protected * */ function buildXml() { if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $clientPath = $this->_currentFolder->getClientPath(); $sServerDir = $this->_currentFolder->getServerPath(); $currentResourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $_aclConfig = $_config->getAccessControlConfig(); $aclMasks = array(); $_resourceTypeConfig = array(); if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_RENAME | CKFINDER_CONNECTOR_ACL_FILE_UPLOAD | CKFINDER_CONNECTOR_ACL_FILE_DELETE)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } // Create the "Errors" node. $oErrorsNode = new CKFinder_Connector_Utils_XmlNode("Errors"); $errorCode = CKFINDER_CONNECTOR_ERROR_NONE; $moved = 0; $movedAll = 0; if (!empty($_POST['moved'])) { $movedAll = intval($_POST['moved']); } $checkedPaths = array(); $oMoveFilesNode = new Ckfinder_Connector_Utils_XmlNode("MoveFiles"); if (!empty($_POST['files']) && is_array($_POST['files'])) { foreach ($_POST['files'] as $index => $arr) { if (empty($arr['name'])) { continue; } if (!isset($arr['name'], $arr['type'], $arr['folder'])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } // file name $name = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['name']); // resource type $type = $arr['type']; // client path $path = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['folder']); // options $options = !empty($arr['options']) ? $arr['options'] : ''; $destinationFilePath = $sServerDir . $name; // check #1 (path) if (!CKFinder_Connector_Utils_FileSystem::checkFileName($name) || preg_match(CKFINDER_REGEX_INVALID_PATH, $path)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } // get resource type config for current file if (!isset($_resourceTypeConfig[$type])) { $_resourceTypeConfig[$type] = $_config->getResourceTypeConfig($type); } // check #2 (resource type) if (is_null($_resourceTypeConfig[$type])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } // check #3 (extension) if (!$_resourceTypeConfig[$type]->checkExtension($name, false)) { $errorCode = CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } // check #4 (extension) - when moving to another resource type, double check extension if ($currentResourceTypeConfig->getName() != $type) { if (!$currentResourceTypeConfig->checkExtension($name, false)) { $errorCode = CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } } // check #5 (hidden folders) // cache results if (empty($checkedPaths[$path])) { $checkedPaths[$path] = true; if ($_resourceTypeConfig[$type]->checkIsHiddenPath($path)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } } $sourceFilePath = $_resourceTypeConfig[$type]->getDirectory() . $path . $name; // check #6 (hidden file name) if ($currentResourceTypeConfig->checkIsHiddenFile($name)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } // check #7 (Access Control, need file view permission to source files) if (!isset($aclMasks[$type . "@" . $path])) { $aclMasks[$type . "@" . $path] = $_aclConfig->getComputedMask($type, $path); } $isAuthorized = ($aclMasks[$type . "@" . $path] & CKFINDER_CONNECTOR_ACL_FILE_VIEW) == CKFINDER_CONNECTOR_ACL_FILE_VIEW; if (!$isAuthorized) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } // check #8 (invalid file name) if (!file_exists($sourceFilePath) || !is_file($sourceFilePath)) { $errorCode = CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } // check #9 (max size) if ($currentResourceTypeConfig->getName() != $type) { $maxSize = $currentResourceTypeConfig->getMaxSize(); $fileSize = filesize($sourceFilePath); if ($maxSize && $fileSize > $maxSize) { $errorCode = CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } } //$overwrite // finally, no errors so far, we may attempt to copy a file // protection against copying files to itself if ($sourceFilePath == $destinationFilePath) { $errorCode = CKFINDER_CONNECTOR_ERROR_SOURCE_AND_TARGET_PATH_EQUAL; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } else { if (file_exists($destinationFilePath)) { if (strpos($options, "overwrite") !== false) { if (!@unlink($destinationFilePath)) { $errorCode = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } else { if (!@rename($sourceFilePath, $destinationFilePath)) { $errorCode = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } else { $moved++; } } } else { if (strpos($options, "autorename") !== false) { $iCounter = 1; while (true) { $fileName = CKFinder_Connector_Utils_FileSystem::getFileNameWithoutExtension($name) . "(" . $iCounter . ")" . "." . CKFinder_Connector_Utils_FileSystem::getExtension($name); $destinationFilePath = $sServerDir . $fileName; if (!file_exists($destinationFilePath)) { break; } else { $iCounter++; } } if (!@rename($sourceFilePath, $destinationFilePath)) { $errorCode = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } else { $moved++; } } else { $errorCode = CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } } } else { if (!@rename($sourceFilePath, $destinationFilePath)) { $errorCode = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } else { $moved++; } } } } } $this->_connectorNode->addChild($oMoveFilesNode); if ($errorCode != CKFINDER_CONNECTOR_ERROR_NONE) { $this->_connectorNode->addChild($oErrorsNode); } $oMoveFilesNode->addAttribute("moved", $moved); $oMoveFilesNode->addAttribute("movedTotal", $movedAll + $moved); /** * Note: actually we could have more than one error. * This is just a flag for CKFinder interface telling it to check all errors. */ if ($errorCode != CKFINDER_CONNECTOR_ERROR_NONE) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_MOVE_FAILED); } }
/** * send response (save uploaded file, resize if required) * @access public * */ public function sendResponse() { global $met_wate_class, $met_wate_bigimg, $met_text_wate, $met_text_bigsize, $met_text_color, $met_text_angle, $met_watermark, $met_text_fonts, $met_big_wate, $met_file_maxsize, $met_img_rename; $iErrorNumber = CKFINDER_CONNECTOR_ERROR_NONE; $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $oRegistry =& CKFinder_Connector_Core_Factory::getInstance("Core_Registry"); $oRegistry->set("FileUpload_fileName", "unknown file"); $uploadedFile = array_shift($_FILES); if (!isset($uploadedFile['name'])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID); } $sUnsafeFileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding(CKFinder_Connector_Utils_Misc::mbBasename($uploadedFile['name'])); $sFileName = str_replace(array(":", "*", "?", "|", "/", "——", " "), "_", $sUnsafeFileName); if ($_config->getDisallowUnsafeCharacters()) { $sFileName = str_replace(";", "_", $sFileName); } if ($_config->forceAscii()) { $sFileName = CKFinder_Connector_Utils_FileSystem::convertToAscii($sFileName); } $sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileName); $sFileName = str_replace(' ', '', $sFileName); if ($met_img_rename) { $sFileName = date("Ymd") . "_" . date("His") . "." . $sExtension; } if ($sFileName != $sUnsafeFileName) { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID_NAME_RENAMED; } $oRegistry->set("FileUpload_fileName", $sFileName); $this->checkConnector(); $this->checkRequest(); if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_UPLOAD)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); if (!CKFinder_Connector_Utils_FileSystem::checkFileName($sFileName) || $_resourceTypeConfig->checkIsHiddenFile($sFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!$resourceTypeInfo->checkExtension($sFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } $sFileNameOrginal = $sFileName; $oRegistry->set("FileUpload_fileName", $sFileName); $oRegistry->set("FileUpload_url", $this->_currentFolder->getUrl()); $maxSize = $resourceTypeInfo->getMaxSize(); if (!$_config->checkSizeAfterScaling() && $maxSize && $uploadedFile['size'] > $maxSize) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); } if ($uploadedFile['size'] > $met_file_maxsize * 1024 * 1024) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG_MET); } $htmlExtensions = $_config->getHtmlExtensions(); $sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileNameOrginal); if ($htmlExtensions && !CKFinder_Connector_Utils_Misc::inArrayCaseInsensitive($sExtension, $htmlExtensions) && ($detectHtml = CKFinder_Connector_Utils_FileSystem::detectHtml($uploadedFile['tmp_name'])) === true) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE); } $sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileNameOrginal); $secureImageUploads = $_config->getSecureImageUploads(); if ($secureImageUploads && ($isImageValid = CKFinder_Connector_Utils_FileSystem::isImageValid($uploadedFile['tmp_name'], $sExtension)) === false) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); } switch ($uploadedFile['error']) { case UPLOAD_ERR_OK: break; case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); break; case UPLOAD_ERR_PARTIAL: case UPLOAD_ERR_NO_FILE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); break; case UPLOAD_ERR_NO_TMP_DIR: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_NO_TMP_DIR); break; case UPLOAD_ERR_CANT_WRITE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); break; case UPLOAD_ERR_EXTENSION: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); break; } $sServerDir = $this->_currentFolder->getServerPath(); $iCounter = 0; while (true) { $sFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($sServerDir, $sFileName); if (file_exists($sFilePath)) { $iCounter++; $sFileName = CKFinder_Connector_Utils_FileSystem::getFileNameWithoutExtension($sFileNameOrginal) . "(" . $iCounter . ")" . "." . CKFinder_Connector_Utils_FileSystem::getExtension($sFileNameOrginal); $oRegistry->set("FileUpload_fileName", $sFileName); $iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_FILE_RENAMED; } else { //move_uploaded_file($uploadedFile['tmp_name'], $sFilePath) if (false === copy($uploadedFile['tmp_name'], $sFilePath)) { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED; } else { if (isset($detectHtml) && $detectHtml === -1 && CKFinder_Connector_Utils_FileSystem::detectHtml($sFilePath) === true) { @unlink($sFilePath); $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE); } else { if (isset($isImageValid) && $isImageValid === -1 && CKFinder_Connector_Utils_FileSystem::isImageValid($sFilePath, $sExtension) === false) { @unlink($sFilePath); $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); } } } if (is_file($sFilePath) && ($perms = $_config->getChmodFiles())) { $oldumask = umask(0); chmod($sFilePath, $perms); umask($oldumask); } break; } } $sFileName_water = $sFileName; if (stristr(PHP_OS, "WIN")) { $sFileName_water = iconv("GBK", "utf-8", $sFileName); } if ($met_big_wate == 1) { require_once CKFINDER_CONNECTOR_CONFIG_watermark_PATHX; $img = new Watermark(); if ($met_wate_class == 2) { $img->met_image_name = CKFINDER_CONNECTOR_CONFIG_img_PATHX . $met_wate_bigimg; $img->met_image_pos = $met_watermark; } else { $img->met_text = $met_text_wate; $img->met_text_size = $met_text_bigsize; $img->met_text_color = $met_text_color; $img->met_text_angle = $met_text_angle; $img->met_text_pos = $met_watermark; $img->met_text_font = CKFINDER_CONNECTOR_CONFIG_fonts_PATHX . $met_text_fonts; } if (!file_exists(CKFINDER_CONNECTOR_CONFIG_upload_PATHX . "/images/watermark/")) { mkdir(CKFINDER_CONNECTOR_CONFIG_upload_PATHX . "/images/watermark/"); } $img->src_image_name = CKFINDER_CONNECTOR_CONFIG_upload_PATHX . "/images/{$sFileName_water}"; $img->save_file = CKFINDER_CONNECTOR_CONFIG_upload_PATHX . "/images/watermark/{$sFileName_water}"; $img->create(); } if (!$_config->checkSizeAfterScaling()) { $this->_errorHandler->throwError($iErrorNumber, true, false); } //resize image if required require_once CKFINDER_CONNECTOR_LIB_DIR . "/CommandHandler/Thumbnail.php"; $_imagesConfig = $_config->getImagesConfig(); /*图片如果超过设定最大值,则把图片缩小 if ($_imagesConfig->getMaxWidth()>0 && $_imagesConfig->getMaxHeight()>0 && $_imagesConfig->getQuality()>0) { CKFinder_Connector_CommandHandler_Thumbnail::createThumb($sFilePath, $sFilePath, $_imagesConfig->getMaxWidth(), $_imagesConfig->getMaxHeight(), $_imagesConfig->getQuality(), true) ; } */ if ($met_big_wate == 1) { $oRegistry->set("FileUpload_url", $this->_currentFolder->getUrl() . 'watermark/'); } if ($_config->checkSizeAfterScaling()) { //check file size after scaling, attempt to delete if too big clearstatcache(); if ($maxSize && filesize($sFilePath) > $maxSize) { @unlink($sFilePath); $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); } else { $this->_errorHandler->throwError($iErrorNumber, true, false); } } CKFinder_Connector_Core_Hooks::run('AfterFileUpload', array(&$this->_currentFolder, &$uploadedFile, &$sFilePath)); }
/** * send response (save uploaded file, resize if required) * @access public * */ public function sendResponse() { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_NONE; $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $oRegistry =& CKFinder_Connector_Core_Factory::getInstance("Core_Registry"); $oRegistry->set("FileUpload_fileName", "unknown file"); $uploadedFile = array_shift($_FILES); if (!isset($uploadedFile['name'])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID); } $sUnsafeFileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding(CKFinder_Connector_Utils_Misc::mbBasename($uploadedFile['name'])); $sFileName = str_replace(array(":", "*", "?", "|", "/"), "_", $sUnsafeFileName); if ($_config->forceAscii()) { $sFileName = CKFinder_Connector_Utils_FileSystem::convertToAscii($sFileName); } if ($sFileName != $sUnsafeFileName) { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID_NAME_RENAMED; } //file named with chinese charactor $sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileName); $sFileName = date("Ymd") . "_" . date("His") . "." . $sExtension; //end $oRegistry->set("FileUpload_fileName", $sFileName); $this->checkConnector(); $this->checkRequest(); if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_UPLOAD)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); if (!CKFinder_Connector_Utils_FileSystem::checkFileName($sFileName) || $_resourceTypeConfig->checkIsHiddenFile($sFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!$resourceTypeInfo->checkExtension($sFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } $sFileNameOrginal = $sFileName; $oRegistry->set("FileUpload_fileName", $sFileName); $oRegistry->set("FileUpload_url", $this->_currentFolder->getUrl()); $maxSize = $resourceTypeInfo->getMaxSize(); if (!$_config->checkSizeAfterScaling() && $maxSize && $uploadedFile['size'] > $maxSize) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); } $htmlExtensions = $_config->getHtmlExtensions(); $sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileNameOrginal); if ($htmlExtensions && !CKFinder_Connector_Utils_Misc::inArrayCaseInsensitive($sExtension, $htmlExtensions) && ($detectHtml = CKFinder_Connector_Utils_FileSystem::detectHtml($uploadedFile['tmp_name'])) === true) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE); } $sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileNameOrginal); $secureImageUploads = $_config->getSecureImageUploads(); if ($secureImageUploads && ($isImageValid = CKFinder_Connector_Utils_FileSystem::isImageValid($uploadedFile['tmp_name'], $sExtension)) === false) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); } switch ($uploadedFile['error']) { case UPLOAD_ERR_OK: break; case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); break; case UPLOAD_ERR_PARTIAL: case UPLOAD_ERR_NO_FILE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); break; case UPLOAD_ERR_NO_TMP_DIR: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_NO_TMP_DIR); break; case UPLOAD_ERR_CANT_WRITE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); break; case UPLOAD_ERR_EXTENSION: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); break; } $sServerDir = $this->_currentFolder->getServerPath(); $iCounter = 0; //personnal $now = time(); $yearDir = $sServerDir . '/' . date('Y', $now) . '/'; if (!file_exists($yearDir) && !is_dir($yearDir)) { mkdir($yearDir, 0777); } $monthDir = $yearDir . date('m', $now) . '/'; if (!file_exists($monthDir) && !is_dir($monthDir)) { mkdir($monthDir, 0777); } $dayDir = $monthDir . date('d', $now); if (!file_exists($dayDir) && !is_dir($dayDir)) { mkdir($dayDir, 0777); } $sServerDir = $dayDir; $oRegistry->set("FileUpload_url", $this->_currentFolder->getUrl() . date('Y', $now) . '/' . date('m', $now) . '/' . date('d', $now) . '/'); //personnal end //file_put_contents($_SERVER['DOCUMENT_ROOT'].'/s.txt',$this->_currentFolder->getUrl()); // while (true) { $sFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($sServerDir, $sFileName); if (file_exists($sFilePath)) { $iCounter++; $sFileName = CKFinder_Connector_Utils_FileSystem::getFileNameWithoutExtension($sFileNameOrginal) . "(" . $iCounter . ")" . "." . CKFinder_Connector_Utils_FileSystem::getExtension($sFileNameOrginal); $oRegistry->set("FileUpload_fileName", $sFileName); $iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_FILE_RENAMED; } else { if (false === move_uploaded_file($uploadedFile['tmp_name'], $sFilePath)) { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED; } else { if (isset($detectHtml) && $detectHtml === -1 && CKFinder_Connector_Utils_FileSystem::detectHtml($sFilePath) === true) { @unlink($sFilePath); $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE); } else { if (isset($isImageValid) && $isImageValid === -1 && CKFinder_Connector_Utils_FileSystem::isImageValid($sFilePath, $sExtension) === false) { @unlink($sFilePath); $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); } } } if (is_file($sFilePath) && ($perms = $_config->getChmodFiles())) { $oldumask = umask(0); @chmod($sFilePath, $perms); umask($oldumask); } break; } } if (!$_config->checkSizeAfterScaling()) { $this->_errorHandler->throwError($iErrorNumber, true, false); } //resize image if required require_once CKFINDER_CONNECTOR_LIB_DIR . "/CommandHandler/Thumbnail.php"; $_imagesConfig = $_config->getImagesConfig(); if ($_imagesConfig->getMaxWidth() > 0 && $_imagesConfig->getMaxHeight() > 0 && $_imagesConfig->getQuality() > 0) { CKFinder_Connector_CommandHandler_Thumbnail::createThumb($sFilePath, $sFilePath, $_imagesConfig->getMaxWidth(), $_imagesConfig->getMaxHeight(), $_imagesConfig->getQuality(), true); } if ($_config->checkSizeAfterScaling()) { //check file size after scaling, attempt to delete if too big clearstatcache(); if ($maxSize && filesize($sFilePath) > $maxSize) { @unlink($sFilePath); $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); } else { $this->_errorHandler->throwError($iErrorNumber, true, false); } } CKFinder_Connector_Core_Hooks::run('AfterFileUpload', array(&$this->_currentFolder, &$uploadedFile, &$sFilePath)); }
/** * handle request and build XML * @access protected * */ protected function buildXml() { if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_DELETE)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $oErrorsNode = new CKFinder_Connector_Utils_XmlNode("Errors"); $errorCode = CKFINDER_CONNECTOR_ERROR_NONE; $deleted = 0; $oDeleteFilesNode = new Ckfinder_Connector_Utils_XmlNode("DeleteFiles"); $currentResourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $_aclConfig = $_config->getAccessControlConfig(); $aclMasks = array(); $_resourceTypeConfig = array(); $checkedPaths = array(); if (!empty($_POST['files']) && is_array($_POST['files'])) { foreach ($_POST['files'] as $arr) { if (empty($arr['name'])) { continue; } if (!isset($arr['type'], $arr['folder'])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } // file name $name = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['name']); // resource type $type = $arr['type']; // client path $path = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['folder']); if (!isset($_resourceTypeConfig[$type])) { $_resourceTypeConfig[$type] = $_config->getResourceTypeConfig($type); } if (is_null($_resourceTypeConfig[$type]) || !CKFinder_Connector_Utils_FileSystem::checkFileName($name) || preg_match(CKFINDER_REGEX_INVALID_PATH, $path)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$_resourceTypeConfig[$type]->checkExtension($name, false)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (empty($checkedPaths[$path])) { $checkedPaths[$path] = true; if ($_resourceTypeConfig[$type]->checkIsHiddenPath($path)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } } if ($currentResourceTypeConfig->checkIsHiddenFile($name)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!isset($aclMasks[$type . "@" . $path])) { $aclMasks[$type . "@" . $path] = $_aclConfig->getComputedMask($type, $path); } $isAuthorized = ($aclMasks[$type . "@" . $path] & CKFINDER_CONNECTOR_ACL_FILE_DELETE) == CKFINDER_CONNECTOR_ACL_FILE_DELETE; if (!$isAuthorized) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $filePath = $_resourceTypeConfig[$type]->getDirectory() . $path . $name; if (!file_exists($filePath) || !is_file($filePath)) { $errorCode = CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } if (!CKFinder_Connector_Utils_FileSystem::unlink($filePath)) { $errorCode = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } else { $deleted++; $thumbPath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getThumbsServerPath(), $name); @unlink($thumbPath); } } } $this->_connectorNode->addChild($oDeleteFilesNode); if ($errorCode != CKFINDER_CONNECTOR_ERROR_NONE) { $this->_connectorNode->addChild($oErrorsNode); } $oDeleteFilesNode->addAttribute("deleted", $deleted); if ($errorCode != CKFINDER_CONNECTOR_ERROR_NONE) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_DELETE_FAILED); } }
/** * Sends generated zip file to the user */ protected function sendZipFile() { if (!function_exists('ob_list_handlers') || ob_list_handlers()) { @ob_end_clean(); } header("Content-Encoding: none"); $this->checkConnector(); $this->checkRequest(); // empty wystarczy if (empty($_GET['FileName'])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); $hash = $resourceTypeInfo->getHash(); if ($hash !== $_GET['hash'] || $hash !== substr($_GET['FileName'], 16, 16)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_VIEW)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding(trim($_GET['FileName'])); if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (strtolower(pathinfo($fileName, PATHINFO_EXTENSION)) !== 'zip') { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } $dest_dir = CKFinder_Connector_Utils_FileSystem::getTmpDir(); $filePath = CKFinder_Connector_Utils_FileSystem::combinePaths($dest_dir, $fileName); if (!file_exists($filePath) || !is_file($filePath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); } if (!is_readable($filePath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } $zipFileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding(trim($_GET['ZipName'])); if (!CKFinder_Connector_Utils_FileSystem::checkFileName($zipFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $fileFilename = pathinfo($zipFileName, PATHINFO_BASENAME); header("Content-Encoding: none"); header("Cache-Control: cache, must-revalidate"); header("Pragma: public"); header("Expires: 0"); $user_agent = !empty($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ""; $encodedName = str_replace("\"", "\\\"", $fileFilename); if (strpos($user_agent, "MSIE") !== false) { $encodedName = str_replace(array("+", "%2E"), array(" ", "."), urlencode($encodedName)); } header("Content-type: application/octet-stream; name=\"" . $fileFilename . "\""); header("Content-Disposition: attachment; filename=\"" . $encodedName . "\""); header("Content-Length: " . filesize($filePath)); CKFinder_Connector_Utils_FileSystem::sendFile($filePath); exit; }