/** * handle request and build XML * @access protected * */ function buildXml() { if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_RENAME)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } if (!isset($_GET["fileName"])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } if (!isset($_GET["newFileName"])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["fileName"]); $newFileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["newFileName"]); $oRenamedFileNode = new Ckfinder_Connector_Utils_XmlNode("RenamedFile"); $this->_connectorNode->addChild($oRenamedFileNode); $oRenamedFileNode->addAttribute("name", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($fileName)); $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!$resourceTypeInfo->checkExtension($newFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName) || $resourceTypeInfo->checkIsHiddenFile($fileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!CKFinder_Connector_Utils_FileSystem::checkFileName($newFileName) || $resourceTypeInfo->checkIsHiddenFile($newFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } if (!$resourceTypeInfo->checkExtension($fileName, false)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if ($_config->forceAscii()) { $newFileName = CKFinder_Connector_Utils_FileSystem::convertToAscii($newFileName); } $filePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName); $newFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $newFileName); $bMoved = false; if (!file_exists($filePath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); } if (!is_writable(dirname($newFilePath))) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } if (!is_writable($filePath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } if (file_exists($newFilePath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST); } $bMoved = @rename($filePath, $newFilePath); if (!$bMoved) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNKNOWN, "File " . CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($fileName) . "has not been renamed"); } else { $oRenamedFileNode->addAttribute("newName", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFileName)); $thumbPath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getThumbsServerPath(), $fileName); CKFinder_Connector_Utils_FileSystem::unlink($thumbPath); } }
/** * handle request and build XML * @access protected * */ function buildXml() { if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FOLDER_RENAME)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } if (!isset($_GET["NewFolderName"])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $newFolderName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["NewFolderName"]); $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); if ($_config->forceAscii()) { $newFolderName = CKFinder_Connector_Utils_FileSystem::convertToAscii($newFolderName); } if (!CKFinder_Connector_Utils_FileSystem::checkFileName($newFolderName) || $resourceTypeInfo->checkIsHiddenFolder($newFolderName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } // The root folder cannot be deleted. if ($this->_currentFolder->getClientPath() == "/") { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $oldFolderPath = $this->_currentFolder->getServerPath(); $bMoved = false; if (!is_dir($oldFolderPath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } //let's calculate new folder name $newFolderPath = dirname($oldFolderPath) . DIRECTORY_SEPARATOR . $newFolderName . DIRECTORY_SEPARATOR; if (file_exists(rtrim($newFolderPath, DIRECTORY_SEPARATOR))) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST); } if (eregi("\\.", basename($newFolderPath))) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } $bMoved = @rename($oldFolderPath, $newFolderPath); if (!$bMoved) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } else { $newThumbsServerPath = dirname($this->_currentFolder->getThumbsServerPath()) . '/' . $newFolderName . '/'; if (!@rename($this->_currentFolder->getThumbsServerPath(), $newThumbsServerPath)) { CKFinder_Connector_Utils_FileSystem::unlink($this->_currentFolder->getThumbsServerPath()); } } $newFolderPath = preg_replace(",[^/]+/?\$,", $newFolderName, $this->_currentFolder->getClientPath()) . '/'; $newFolderUrl = $resourceTypeInfo->getUrl() . ltrim($newFolderPath, '/'); $oRenameNode = new Ckfinder_Connector_Utils_XmlNode("RenamedFolder"); $this->_connectorNode->addChild($oRenameNode); $oRenameNode->addAttribute("newName", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderName)); $oRenameNode->addAttribute("newPath", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderPath)); $oRenameNode->addAttribute("newUrl", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderUrl)); }
/** * handle request and build XML * @access protected * */ protected function buildXml() { if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FOLDER_CREATE)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); $sNewFolderName = isset($_GET["NewFolderName"]) ? $_GET["NewFolderName"] : ""; $sNewFolderName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($sNewFolderName); if ($_config->forceAscii()) { $sNewFolderName = CKFinder_Connector_Utils_FileSystem::convertToAscii($sNewFolderName); } // if (!CKFinder_Connector_Utils_FileSystem::checkFolderName($sNewFolderName) || $_resourceTypeConfig->checkIsHiddenFolder($sNewFolderName)) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); // } $sServerDir = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $sNewFolderName); // if (!is_writeable($this->_currentFolder->getServerPath())) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); // } $bCreated = false; global $config; $s3 = s3_con(); //Remove preceding slash, and add trailing slash (necessary for S3 to add a "folder") $bCreated = $s3->putObject("", $config['AmazonS3']['Bucket'], substr($sServerDir, 1) . "/"); //TODO: File/folder already exists // if (file_exists($sServerDir)) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST); // } // if ($perms = $_config->getChmodFolders()) { // $oldUmask = umask(0); // $bCreated = @mkdir($sServerDir, $perms); // umask($oldUmask); // } // else { // $bCreated = @mkdir($sServerDir); // } if (!$bCreated) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } else { $oNewFolderNode = new Ckfinder_Connector_Utils_XmlNode("NewFolder"); $this->_connectorNode->addChild($oNewFolderNode); $oNewFolderNode->addAttribute("name", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($sNewFolderName)); } }
/** * handle request and build XML * @access protected * */ protected function buildXml() { if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FOLDER_CREATE)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); $sNewFolderName = isset($_GET["NewFolderName"]) ? $_GET["NewFolderName"] : ""; $sNewFolderName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($sNewFolderName); if ($_config->forceAscii()) { $sNewFolderName = CKFinder_Connector_Utils_FileSystem::convertToAscii($sNewFolderName); } if (!CKFinder_Connector_Utils_FileSystem::checkFileName($sNewFolderName) || $_resourceTypeConfig->checkIsHiddenFolder($sNewFolderName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $sServerDir = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $sNewFolderName); if (!is_writeable($this->_currentFolder->getServerPath())) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } $bCreated = false; if (eregi("\\.", basename($sServerDir))) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } if (file_exists($sServerDir)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST); } if ($perms = $_config->getChmodFolders()) { $oldUmask = umask(0); $bCreated = @mkdir($sServerDir, $perms); umask($oldUmask); } else { $bCreated = @mkdir($sServerDir); } if (!$bCreated) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } else { $oNewFolderNode = new Ckfinder_Connector_Utils_XmlNode("NewFolder"); $this->_connectorNode->addChild($oNewFolderNode); $oNewFolderNode->addAttribute("name", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($sNewFolderName)); } }
/** * Handle request and build XML */ public function buildXml() { if (!extension_loaded('zip')) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_COMMAND); } $this->checkConnector(); $this->checkRequest(); if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_UPLOAD)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $this->_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $currentResourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); $_sServerDir = $this->_currentFolder->getServerPath(); $files = array(); $_zipFilesSize = 0; $config = $this->getConfig(); $zipMaxSize = $config['zipMaxSize']; if (!empty($zipMaxSize) && $zipMaxSize == 'default') { $zipMaxSize = $currentResourceTypeConfig->getMaxSize(); } $_isBasket = isset($_POST['basket']) && $_POST['basket'] == 'true' ? true : false; if (!empty($_POST['files'])) { $_aclConfig = $this->_config->getAccessControlConfig(); $aclMasks = array(); $_resourceTypeConfig = array(); foreach ($_POST['files'] as $arr) { if (empty($arr['name']) || empty($arr['type']) || empty($arr['folder'])) { continue; } // file name $name = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['name']); // resource type $type = $arr['type']; // client path $path = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['folder']); // check #1 (path) if (!CKFinder_Connector_Utils_FileSystem::checkFileName($name) || preg_match(CKFINDER_REGEX_INVALID_PATH, $path)) { continue; } // get resource type config for current file if (!isset($_resourceTypeConfig[$type])) { $_resourceTypeConfig[$type] = $this->_config->getResourceTypeConfig($type); } // check #2 (resource type) if (is_null($_resourceTypeConfig[$type])) { continue; } // check #3 (extension) if (!$_resourceTypeConfig[$type]->checkExtension($name, false)) { continue; } // check #4 (extension) - when moving to another resource type, double check extension if ($currentResourceTypeConfig->getName() != $type && !$currentResourceTypeConfig->checkExtension($name, false)) { continue; } // check #5 (hidden folders) // cache results if (empty($checkedPaths[$path])) { $checkedPaths[$path] = true; if ($_resourceTypeConfig[$type]->checkIsHiddenPath($path)) { continue; } } // check #6 (hidden file name) if ($currentResourceTypeConfig->checkIsHiddenFile($name)) { continue; } // check #7 (Access Control, need file view permission to source files) if (!isset($aclMasks[$type . "@" . $path])) { $aclMasks[$type . "@" . $path] = $_aclConfig->getComputedMask($type, $path); } $isAuthorized = ($aclMasks[$type . "@" . $path] & CKFINDER_CONNECTOR_ACL_FILE_VIEW) == CKFINDER_CONNECTOR_ACL_FILE_VIEW; if (!$isAuthorized) { continue; } $sourceFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($_resourceTypeConfig[$type]->getDirectory() . $path, $name); // check #8 (invalid file name) if (!file_exists($sourceFilePath) || !is_file($sourceFilePath)) { continue; } // check #9 - max file size if (!empty($zipMaxSize)) { clearstatcache(); $_zipFilesSize += filesize($sourceFilePath); if ($_zipFilesSize > $zipMaxSize) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_CREATED_FILE_TOO_BIG); } } $zipPathPart = $_isBasket ? CKFinder_Connector_Utils_FileSystem::combinePaths($type, $path) : ''; $files[$sourceFilePath] = $zipPathPart . pathinfo($sourceFilePath, PATHINFO_BASENAME); } } else { if (!is_dir($_sServerDir)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FOLDER_NOT_FOUND); } $files = $this->getFilesRecursively($_sServerDir, $zipMaxSize); } if (sizeof($files) < 1) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); } // default destination dir - temp $dest_dir = CKFinder_Connector_Utils_FileSystem::getTmpDir(); $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); // default file name - hash $zip_filename = substr(md5(serialize($files)), 0, 16) . $resourceTypeInfo->getHash() . '.zip'; // compress files - do not download them // change destination and name if (isset($_POST['download']) && $_POST['download'] == 'false') { $dest_dir = $_sServerDir; if (isset($_POST['zipName']) && !empty($_POST['zipName'])) { $zip_filename = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_POST['zipName']); if (!$resourceTypeInfo->checkExtension($zip_filename)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } } } if (!CKFinder_Connector_Utils_FileSystem::checkFileName($zip_filename) || $resourceTypeInfo->checkIsHiddenFile($zip_filename)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } if ($this->_config->forceAscii()) { $zip_filename = CKFinder_Connector_Utils_FileSystem::convertToAscii($zip_filename); } $zipFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($dest_dir, $zip_filename); if (!is_writable(dirname($zipFilePath))) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } // usually we would need to create zip? $createZip = true; // only if file already exists and we want download it // do not create new one - because hash of previously created is the same - existing archive is ok if (file_exists($zipFilePath) && isset($_POST['download']) && $_POST['download'] == 'true') { $createZip = false; } else { if (file_exists($zipFilePath) && (!isset($_POST['fileExistsAction']) || !in_array($_POST['fileExistsAction'], array('autorename', 'overwrite')))) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST); } if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_UPLOAD)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } // check how to deal with existing file if (isset($_POST['fileExistsAction']) && $_POST['fileExistsAction'] == 'autorename') { if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_UPLOAD | CKFINDER_CONNECTOR_ACL_FILE_RENAME)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $zip_filename = CKFinder_Connector_Utils_FileSystem::autoRename($dest_dir, $zip_filename); $zipFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($dest_dir, $zip_filename); } elseif (isset($_POST['fileExistsAction']) && $_POST['fileExistsAction'] == 'overwrite') { if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_RENAME | CKFINDER_CONNECTOR_ACL_FILE_DELETE)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } if (!CKFinder_Connector_Utils_FileSystem::unlink($zipFilePath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } } } if ($createZip) { $zip = new ZipArchive(); $result = $zip->open($zipFilePath, ZIPARCHIVE::CREATE); if ($result !== TRUE) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNKNOWN); } foreach ($files as $pathname => $filename) { if (!empty($filename)) { if (file_exists($pathname) && is_readable($pathname)) { $zip->addFile($pathname, $filename); } } else { $zip->addEmptyDir($pathname); } } $zip->close(); } $file = new CKFinder_Connector_Utils_XmlNode("ZipFile"); $file->addAttribute("name", $zip_filename); $this->_connectorNode->addChild($file); }
/** * send response (save uploaded file, resize if required) * @access public * */ public function sendResponse() { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_NONE; $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $oRegistry =& CKFinder_Connector_Core_Factory::getInstance("Core_Registry"); $oRegistry->set("FileUpload_fileName", "unknown file"); $uploadedFile = array_shift($_FILES); if (!isset($uploadedFile['name'])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID); } $sUnsafeFileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding(CKFinder_Connector_Utils_Misc::mbBasename($uploadedFile['name'])); $sFileName = str_replace(array(":", "*", "?", "|", "/"), "_", $sUnsafeFileName); if ($_config->forceAscii()) { $sFileName = CKFinder_Connector_Utils_FileSystem::convertToAscii($sFileName); } if ($sFileName != $sUnsafeFileName) { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID_NAME_RENAMED; } //以下两行解决中文乱码问题 $sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileName); $sFileName = date("Ymd") . "_" . date("His") . "." . $sExtension; $oRegistry->set("FileUpload_fileName", $sFileName); $this->checkConnector(); $this->checkRequest(); if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_UPLOAD)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); if (!CKFinder_Connector_Utils_FileSystem::checkFileName($sFileName) || $_resourceTypeConfig->checkIsHiddenFile($sFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!$resourceTypeInfo->checkExtension($sFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } $sFileNameOrginal = $sFileName; $oRegistry->set("FileUpload_fileName", $sFileName); $oRegistry->set("FileUpload_url", $this->_currentFolder->getUrl()); $maxSize = $resourceTypeInfo->getMaxSize(); if (!$_config->checkSizeAfterScaling() && $maxSize && $uploadedFile['size'] > $maxSize) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); } $htmlExtensions = $_config->getHtmlExtensions(); $sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileNameOrginal); if ($htmlExtensions && !CKFinder_Connector_Utils_Misc::inArrayCaseInsensitive($sExtension, $htmlExtensions) && ($detectHtml = CKFinder_Connector_Utils_FileSystem::detectHtml($uploadedFile['tmp_name'])) === true) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE); } $sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileNameOrginal); $secureImageUploads = $_config->getSecureImageUploads(); if ($secureImageUploads && ($isImageValid = CKFinder_Connector_Utils_FileSystem::isImageValid($uploadedFile['tmp_name'], $sExtension)) === false) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); } switch ($uploadedFile['error']) { case UPLOAD_ERR_OK: break; case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); break; case UPLOAD_ERR_PARTIAL: case UPLOAD_ERR_NO_FILE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); break; case UPLOAD_ERR_NO_TMP_DIR: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_NO_TMP_DIR); break; case UPLOAD_ERR_CANT_WRITE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); break; case UPLOAD_ERR_EXTENSION: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); break; } $sServerDir = $this->_currentFolder->getServerPath(); $iCounter = 0; while (true) { $sFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($sServerDir, $sFileName); if (file_exists($sFilePath)) { $iCounter++; $sFileName = CKFinder_Connector_Utils_FileSystem::getFileNameWithoutExtension($sFileNameOrginal) . "(" . $iCounter . ")" . "." . CKFinder_Connector_Utils_FileSystem::getExtension($sFileNameOrginal); $oRegistry->set("FileUpload_fileName", $sFileName); $iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_FILE_RENAMED; } else { if (false === move_uploaded_file($uploadedFile['tmp_name'], $sFilePath)) { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED; } else { if (isset($detectHtml) && $detectHtml === -1 && CKFinder_Connector_Utils_FileSystem::detectHtml($sFilePath) === true) { @unlink($sFilePath); $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE); } else { if (isset($isImageValid) && $isImageValid === -1 && CKFinder_Connector_Utils_FileSystem::isImageValid($sFilePath, $sExtension) === false) { @unlink($sFilePath); $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); } } } if (is_file($sFilePath) && ($perms = $_config->getChmodFiles())) { $oldumask = umask(0); chmod($sFilePath, $perms); umask($oldumask); } break; } } if (!$_config->checkSizeAfterScaling()) { $this->_errorHandler->throwError($iErrorNumber, true, false); } //resize image if required require_once CKFINDER_CONNECTOR_LIB_DIR . "/CommandHandler/Thumbnail.php"; $_imagesConfig = $_config->getImagesConfig(); if ($_imagesConfig->getMaxWidth() > 0 && $_imagesConfig->getMaxHeight() > 0 && $_imagesConfig->getQuality() > 0) { CKFinder_Connector_CommandHandler_Thumbnail::createThumb($sFilePath, $sFilePath, $_imagesConfig->getMaxWidth(), $_imagesConfig->getMaxHeight(), $_imagesConfig->getQuality(), true); } if ($_config->checkSizeAfterScaling()) { //check file size after scaling, attempt to delete if too big clearstatcache(); if ($maxSize && filesize($sFilePath) > $maxSize) { @unlink($sFilePath); $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); } else { $this->_errorHandler->throwError($iErrorNumber, true, false); } } CKFinder_Connector_Core_Hooks::run('AfterFileUpload', array(&$this->_currentFolder, &$uploadedFile, &$sFilePath)); }
/** * Secure file name from unsafe characters * * @param string $fileName * @access public * @static * @return string $fileName */ public static function secureFileName($fileName) { $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $fileName = str_replace(array(":", "*", "?", "|", "/"), "_", $fileName); if ($_config->getDisallowUnsafeCharacters()) { $fileName = str_replace(";", "_", $fileName); } if ($_config->forceAscii()) { $fileName = CKFinder_Connector_Utils_FileSystem::convertToAscii($fileName); } return $fileName; }
/** * handle request and build XML * @access protected * */ protected function buildXml() { if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FOLDER_RENAME)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } if (!isset($_GET["NewFolderName"])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $newFolderName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["NewFolderName"]); $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); if ($_config->forceAscii()) { $newFolderName = CKFinder_Connector_Utils_FileSystem::convertToAscii($newFolderName); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!CKFinder_Connector_Utils_FileSystem::checkFolderName($newFolderName) || $resourceTypeInfo->checkIsHiddenFolder($newFolderName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } // The root folder cannot be deleted. if ($this->_currentFolder->getClientPath() == "/") { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $oldFolderPath = substr($this->_currentFolder->getServerPath(), 1, -1); $newFolderPath = dirname($oldFolderPath) . '/' . $newFolderName; global $config; $s3 = s3_con(); $copied = true; $items = $s3->getBucket($config['AmazonS3']['Bucket'], $oldFolderPath); foreach ($items as $item) { //TODO: Possible bug, if repeating paths occur, it will mess up folder structure. Need to replace only first instance $newItemName = str_replace($oldFolderPath, $newFolderPath, $item['name']); $copy = $s3->copyObject($config['AmazonS3']['Bucket'], $item['name'], $config['AmazonS3']['Bucket'], $newItemName); if ($copy === false) { $copied = false; } } $deleted = true; foreach ($items as $item) { $deleted = $deleted && $s3->deleteObject($config['AmazonS3']['Bucket'], $item['name']); } // $bMoved = false; // if (!is_dir($oldFolderPath)) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); // } //let's calculate new folder name // if (file_exists(rtrim($newFolderPath, '/'))) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST); // } // $bMoved = @rename($oldFolderPath, $newFolderPath); if (!$copied || !$deleted) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } else { // $newThumbsServerPath = dirname($this->_currentFolder->getThumbsServerPath()) . '/' . $newFolderName . '/'; // if (!@rename($this->_currentFolder->getThumbsServerPath(), $newThumbsServerPath)) { // CKFinder_Connector_Utils_FileSystem::unlink($this->_currentFolder->getThumbsServerPath()); // } } $newFolderPath = preg_replace(",[^/]+/?\$,", $newFolderName, $this->_currentFolder->getClientPath()) . '/'; $newFolderUrl = $resourceTypeInfo->getUrl() . ltrim($newFolderPath, '/'); $oRenameNode = new Ckfinder_Connector_Utils_XmlNode("RenamedFolder"); $this->_connectorNode->addChild($oRenameNode); $oRenameNode->addAttribute("newName", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderName)); $oRenameNode->addAttribute("newPath", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderPath)); $oRenameNode->addAttribute("newUrl", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderUrl)); }
/** * send response (save uploaded file, resize if required) * @access public * */ public function sendResponse() { global $met_wate_class, $met_wate_bigimg, $met_text_wate, $met_text_bigsize, $met_text_color, $met_text_angle, $met_watermark, $met_text_fonts, $met_big_wate, $met_file_maxsize, $met_img_rename; $iErrorNumber = CKFINDER_CONNECTOR_ERROR_NONE; $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $oRegistry =& CKFinder_Connector_Core_Factory::getInstance("Core_Registry"); $oRegistry->set("FileUpload_fileName", "unknown file"); $uploadedFile = array_shift($_FILES); if (!isset($uploadedFile['name'])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID); } $sUnsafeFileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding(CKFinder_Connector_Utils_Misc::mbBasename($uploadedFile['name'])); $sFileName = str_replace(array(":", "*", "?", "|", "/", "——", " "), "_", $sUnsafeFileName); if ($_config->getDisallowUnsafeCharacters()) { $sFileName = str_replace(";", "_", $sFileName); } if ($_config->forceAscii()) { $sFileName = CKFinder_Connector_Utils_FileSystem::convertToAscii($sFileName); } $sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileName); $sFileName = str_replace(' ', '', $sFileName); if ($met_img_rename) { $sFileName = date("Ymd") . "_" . date("His") . "." . $sExtension; } if ($sFileName != $sUnsafeFileName) { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID_NAME_RENAMED; } $oRegistry->set("FileUpload_fileName", $sFileName); $this->checkConnector(); $this->checkRequest(); if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_UPLOAD)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); if (!CKFinder_Connector_Utils_FileSystem::checkFileName($sFileName) || $_resourceTypeConfig->checkIsHiddenFile($sFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!$resourceTypeInfo->checkExtension($sFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } $sFileNameOrginal = $sFileName; $oRegistry->set("FileUpload_fileName", $sFileName); $oRegistry->set("FileUpload_url", $this->_currentFolder->getUrl()); $maxSize = $resourceTypeInfo->getMaxSize(); if (!$_config->checkSizeAfterScaling() && $maxSize && $uploadedFile['size'] > $maxSize) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); } if ($uploadedFile['size'] > $met_file_maxsize * 1024 * 1024) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG_MET); } $htmlExtensions = $_config->getHtmlExtensions(); $sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileNameOrginal); if ($htmlExtensions && !CKFinder_Connector_Utils_Misc::inArrayCaseInsensitive($sExtension, $htmlExtensions) && ($detectHtml = CKFinder_Connector_Utils_FileSystem::detectHtml($uploadedFile['tmp_name'])) === true) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE); } $sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileNameOrginal); $secureImageUploads = $_config->getSecureImageUploads(); if ($secureImageUploads && ($isImageValid = CKFinder_Connector_Utils_FileSystem::isImageValid($uploadedFile['tmp_name'], $sExtension)) === false) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); } switch ($uploadedFile['error']) { case UPLOAD_ERR_OK: break; case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); break; case UPLOAD_ERR_PARTIAL: case UPLOAD_ERR_NO_FILE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); break; case UPLOAD_ERR_NO_TMP_DIR: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_NO_TMP_DIR); break; case UPLOAD_ERR_CANT_WRITE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); break; case UPLOAD_ERR_EXTENSION: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); break; } $sServerDir = $this->_currentFolder->getServerPath(); $iCounter = 0; while (true) { $sFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($sServerDir, $sFileName); if (file_exists($sFilePath)) { $iCounter++; $sFileName = CKFinder_Connector_Utils_FileSystem::getFileNameWithoutExtension($sFileNameOrginal) . "(" . $iCounter . ")" . "." . CKFinder_Connector_Utils_FileSystem::getExtension($sFileNameOrginal); $oRegistry->set("FileUpload_fileName", $sFileName); $iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_FILE_RENAMED; } else { //move_uploaded_file($uploadedFile['tmp_name'], $sFilePath) if (false === copy($uploadedFile['tmp_name'], $sFilePath)) { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED; } else { if (isset($detectHtml) && $detectHtml === -1 && CKFinder_Connector_Utils_FileSystem::detectHtml($sFilePath) === true) { @unlink($sFilePath); $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE); } else { if (isset($isImageValid) && $isImageValid === -1 && CKFinder_Connector_Utils_FileSystem::isImageValid($sFilePath, $sExtension) === false) { @unlink($sFilePath); $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); } } } if (is_file($sFilePath) && ($perms = $_config->getChmodFiles())) { $oldumask = umask(0); chmod($sFilePath, $perms); umask($oldumask); } break; } } $sFileName_water = $sFileName; if (stristr(PHP_OS, "WIN")) { $sFileName_water = iconv("GBK", "utf-8", $sFileName); } if ($met_big_wate == 1) { require_once CKFINDER_CONNECTOR_CONFIG_watermark_PATHX; $img = new Watermark(); if ($met_wate_class == 2) { $img->met_image_name = CKFINDER_CONNECTOR_CONFIG_img_PATHX . $met_wate_bigimg; $img->met_image_pos = $met_watermark; } else { $img->met_text = $met_text_wate; $img->met_text_size = $met_text_bigsize; $img->met_text_color = $met_text_color; $img->met_text_angle = $met_text_angle; $img->met_text_pos = $met_watermark; $img->met_text_font = CKFINDER_CONNECTOR_CONFIG_fonts_PATHX . $met_text_fonts; } if (!file_exists(CKFINDER_CONNECTOR_CONFIG_upload_PATHX . "/images/watermark/")) { mkdir(CKFINDER_CONNECTOR_CONFIG_upload_PATHX . "/images/watermark/"); } $img->src_image_name = CKFINDER_CONNECTOR_CONFIG_upload_PATHX . "/images/{$sFileName_water}"; $img->save_file = CKFINDER_CONNECTOR_CONFIG_upload_PATHX . "/images/watermark/{$sFileName_water}"; $img->create(); } if (!$_config->checkSizeAfterScaling()) { $this->_errorHandler->throwError($iErrorNumber, true, false); } //resize image if required require_once CKFINDER_CONNECTOR_LIB_DIR . "/CommandHandler/Thumbnail.php"; $_imagesConfig = $_config->getImagesConfig(); /*图片如果超过设定最大值,则把图片缩小 if ($_imagesConfig->getMaxWidth()>0 && $_imagesConfig->getMaxHeight()>0 && $_imagesConfig->getQuality()>0) { CKFinder_Connector_CommandHandler_Thumbnail::createThumb($sFilePath, $sFilePath, $_imagesConfig->getMaxWidth(), $_imagesConfig->getMaxHeight(), $_imagesConfig->getQuality(), true) ; } */ if ($met_big_wate == 1) { $oRegistry->set("FileUpload_url", $this->_currentFolder->getUrl() . 'watermark/'); } if ($_config->checkSizeAfterScaling()) { //check file size after scaling, attempt to delete if too big clearstatcache(); if ($maxSize && filesize($sFilePath) > $maxSize) { @unlink($sFilePath); $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); } else { $this->_errorHandler->throwError($iErrorNumber, true, false); } } CKFinder_Connector_Core_Hooks::run('AfterFileUpload', array(&$this->_currentFolder, &$uploadedFile, &$sFilePath)); }