/** * Get server path to thumbnails directory * * @access public * @return string */ function getThumbsServerPath() { if (is_null($this->_thumbsServerPath)) { $this->_resourceTypeConfig = $this->getResourceTypeConfig(); $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $_thumbnailsConfig = $_config->getThumbnailsConfig(); // Get the resource type directory. $this->_thumbsServerPath = CKFinder_Connector_Utils_FileSystem::combinePaths($_thumbnailsConfig->getDirectory(), $this->_resourceTypeConfig->getName()); // Return the resource type directory combined with the required path. $this->_thumbsServerPath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_thumbsServerPath, ltrim($this->_clientPath, '/')); if (!is_dir($this->_thumbsServerPath)) { if (!CKFinder_Connector_Utils_FileSystem::createDirectoryRecursively($this->_thumbsServerPath)) { /** * @todo Ckfinder_Connector_Utils_Xml::raiseError(); perhaps we should return error * */ } } } return $this->_thumbsServerPath; }
/** * Check request * @access protected * */ protected function checkRequest() { if (preg_match(CKFINDER_REGEX_INVALID_PATH, $this->_currentFolder->getClientPath())) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); if (is_null($_resourceTypeConfig)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_TYPE); } $_clientPath = $this->_currentFolder->getClientPath(); $_clientPathParts = explode("/", trim($_clientPath, "/")); if ($_clientPathParts) { foreach ($_clientPathParts as $_part) { if ($_resourceTypeConfig->checkIsHiddenFolder($_part)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } } } if (!is_dir($this->_currentFolder->getServerPath())) { if ($_clientPath == "/") { if (!CKFinder_Connector_Utils_FileSystem::createDirectoryRecursively($this->_currentFolder->getServerPath())) { /** * @todo handle error */ } } else { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FOLDER_NOT_FOUND); } } }
/** * Extract one file from zip archive * * @param string $extractPath * @param string $extractClientPath * @param array $filePathInfo * @param string $sFileName * @param string $originalFileName */ protected function extractTo($extractPath, $extractClientPath, $filePathInfo, $sFileName, $originalFileName) { $sfilePathInfo = pathinfo($extractPath . $sFileName); $extractClientPathDir = $filePathInfo['dirname']; if ($filePathInfo['dirname'] == '.') { $extractClientPathDir = ''; } $folderPath = CKFinder_Connector_Utils_FileSystem::combinePaths($extractClientPath, $extractClientPathDir); $_aclConfig = $this->_config->getAccessControlConfig(); $aclMask = $_aclConfig->getComputedMask($this->_currentFolder->getResourceTypeName(), $folderPath); $canCreateFolder = ($aclMask & CKFINDER_CONNECTOR_ACL_FOLDER_CREATE) == CKFINDER_CONNECTOR_ACL_FOLDER_CREATE; // create sub-directory of zip archive if (empty($sfilePathInfo['extension'])) { $fileStat = $this->zip->statName($originalFileName); $isDir = false; if ($fileStat && empty($fileStat['size'])) { $isDir = true; } if (!empty($sfilePathInfo['dirname']) && !empty($sfilePathInfo['basename']) && !file_exists($sfilePathInfo['dirname'] . '/' . $sfilePathInfo['basename'])) { if (!$canCreateFolder) { return; } if ($isDir) { CKFinder_Connector_Utils_FileSystem::createDirectoryRecursively($sfilePathInfo['dirname'] . '/' . $sfilePathInfo['basename']); return; } else { CKFinder_Connector_Utils_FileSystem::createDirectoryRecursively($sfilePathInfo['dirname']); } } else { return; } } // extract file if (!file_exists($sfilePathInfo['dirname'])) { if (!$canCreateFolder) { $this->errorCode = CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED; $this->appendErrorNode($this->skippedFilesNode, $this->errorCode, $originalFileName); return; } CKFinder_Connector_Utils_FileSystem::createDirectoryRecursively($sfilePathInfo['dirname']); } $isAuthorized = ($aclMask & CKFINDER_CONNECTOR_ACL_FILE_UPLOAD) == CKFINDER_CONNECTOR_ACL_FILE_UPLOAD; if (!$isAuthorized) { $this->errorCode = CKFINDER_CONNECTOR_ERROR_COPY_FAILED; $this->appendErrorNode($this->skippedFilesNode, $this->errorCode, $originalFileName); return; } if (copy('zip://' . $this->filePath . '#' . $originalFileName, $extractPath . $sFileName)) { $this->appendUnzippedNode($this->unzippedNodes, $originalFileName); // chmod extracted file if (is_file($extractPath . $sFileName) && ($perms = $this->_config->getChmodFiles())) { $oldumask = umask(0); chmod($extractPath . $sFileName, $perms); umask($oldumask); } } else { $this->errorCode = CKFINDER_CONNECTOR_ERROR_COPY_FAILED; $this->appendErrorNode($this->skippedFilesNode, $this->errorCode, $originalFileName); } }
/** * Create directory recursively * * @static * @access public * @param string $dir * @param int $mode * @return boolean */ function createDirectoryRecursively($dir) { if (is_dir($dir)) { return true; } //attempt to create directory $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); if ($perms = $_config->getChmodFolders()) { $oldUmask = umask(0); $bCreated = @mkdir($dir, $perms); umask($oldUmask); } else { $bCreated = @mkdir($dir); } if ($bCreated) { return true; } //failed to create directory, perhaps we need to create parent directories first if (!CKFinder_Connector_Utils_FileSystem::createDirectoryRecursively(dirname($dir))) { return false; } //parent directories created successfully, let's try to create directory once again if ($perms) { $old_umask = umask(0); $result = @mkdir($dir, $perms); umask($old_umask); } else { $result = @mkdir($dir); } return $result; }
/** * Check request * @access protected * */ protected function checkRequest() { if (strtoupper($_SERVER['REQUEST_METHOD']) === 'POST') { /* @var $_config CKFinder_Connector_Core_Config */ $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); if ($_config->getEnableCsrfProtection() && !$this->checkCsrfToken()) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } } if (preg_match(CKFINDER_REGEX_INVALID_PATH, $this->_currentFolder->getClientPath())) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); if (is_null($_resourceTypeConfig)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_TYPE); } $_clientPath = $this->_currentFolder->getClientPath(); $_clientPathParts = explode("/", trim($_clientPath, "/")); if ($_clientPathParts) { foreach ($_clientPathParts as $_part) { if ($_resourceTypeConfig->checkIsHiddenFolder($_part)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } } } if (!is_dir($this->_currentFolder->getServerPath())) { if ($_clientPath == "/") { if (!CKFinder_Connector_Utils_FileSystem::createDirectoryRecursively($this->_currentFolder->getServerPath())) { /** * @todo handle error */ } } else { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FOLDER_NOT_FOUND); } } }
/** * send response (save uploaded file, resize if required) * @access public * */ public function sendResponse() { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_NONE; $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $oRegistry =& CKFinder_Connector_Core_Factory::getInstance("Core_Registry"); $oRegistry->set("FileUpload_fileName", "unknown file"); $uploadedFile = array_shift($_FILES); if (!isset($uploadedFile['name'])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID); } $sUnsafeFileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding(CKFinder_Connector_Utils_Misc::mbBasename($uploadedFile['name'])); $sFileName = CKFinder_Connector_Utils_FileSystem::secureFileName($sUnsafeFileName); //---重命名--20150508 $sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileName); $sFileName = date('YmdHis') . substr(md5($sFileName), -8) . '.' . $sExtension; if ($sFileName != $sUnsafeFileName) { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID_NAME_RENAMED; } $oRegistry->set("FileUpload_fileName", $sFileName); $this->checkConnector(); $this->checkRequest(); if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_UPLOAD)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); if (!CKFinder_Connector_Utils_FileSystem::checkFileName($sFileName) || $_resourceTypeConfig->checkIsHiddenFile($sFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!$resourceTypeInfo->checkExtension($sFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } $oRegistry->set("FileUpload_fileName", $sFileName); //$oRegistry->set("FileUpload_url", $this->_currentFolder->getUrl()); if ($_GET['command'] == 'QuickUpload') { $oRegistry->set("FileUpload_url", $this->_currentFolder->getUrl() . date('Y/m/')); } else { $oRegistry->set("FileUpload_url", $this->_currentFolder->getUrl()); } $maxSize = $resourceTypeInfo->getMaxSize(); if (!$_config->checkSizeAfterScaling() && $maxSize && $uploadedFile['size'] > $maxSize) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); } $htmlExtensions = $_config->getHtmlExtensions(); $sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileName); if ($htmlExtensions && !CKFinder_Connector_Utils_Misc::inArrayCaseInsensitive($sExtension, $htmlExtensions) && ($detectHtml = CKFinder_Connector_Utils_FileSystem::detectHtml($uploadedFile['tmp_name'])) === true) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE); } $secureImageUploads = $_config->getSecureImageUploads(); if ($secureImageUploads && ($isImageValid = CKFinder_Connector_Utils_FileSystem::isImageValid($uploadedFile['tmp_name'], $sExtension)) === false) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); } switch ($uploadedFile['error']) { case UPLOAD_ERR_OK: break; case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); break; case UPLOAD_ERR_PARTIAL: case UPLOAD_ERR_NO_FILE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); break; case UPLOAD_ERR_NO_TMP_DIR: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_NO_TMP_DIR); break; case UPLOAD_ERR_CANT_WRITE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); break; case UPLOAD_ERR_EXTENSION: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); break; } $sServerDir = $this->_currentFolder->getServerPath(); if ($_GET['command'] == 'QuickUpload') { //---20150508上传根据年月安排目录 $sServerDir .= date('Y/m/'); } if (!file_exists($sServerDir)) { //目录若未出现则创建它 CKFinder_Connector_Utils_FileSystem::createDirectoryRecursively($sServerDir); } while (true) { $sFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($sServerDir, $sFileName); if (file_exists($sFilePath)) { $sFileName = CKFinder_Connector_Utils_FileSystem::autoRename($sServerDir, $sFileName); $oRegistry->set("FileUpload_fileName", $sFileName); $iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_FILE_RENAMED; } else { if (false === move_uploaded_file($uploadedFile['tmp_name'], $sFilePath)) { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED; } else { if (isset($detectHtml) && $detectHtml === -1 && CKFinder_Connector_Utils_FileSystem::detectHtml($sFilePath) === true) { @unlink($sFilePath); $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE); } else { if (isset($isImageValid) && $isImageValid === -1 && CKFinder_Connector_Utils_FileSystem::isImageValid($sFilePath, $sExtension) === false) { @unlink($sFilePath); $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); } } } if (is_file($sFilePath) && ($perms = $_config->getChmodFiles())) { $oldumask = umask(0); chmod($sFilePath, $perms); umask($oldumask); } break; } } if (!$_config->checkSizeAfterScaling()) { $this->_errorHandler->throwError($iErrorNumber, true, false); } //resize image if required require_once CKFINDER_CONNECTOR_LIB_DIR . "/CommandHandler/Thumbnail.php"; $_imagesConfig = $_config->getImagesConfig(); if ($_imagesConfig->getMaxWidth() > 0 && $_imagesConfig->getMaxHeight() > 0 && $_imagesConfig->getQuality() > 0) { CKFinder_Connector_CommandHandler_Thumbnail::createThumb($sFilePath, $sFilePath, $_imagesConfig->getMaxWidth(), $_imagesConfig->getMaxHeight(), $_imagesConfig->getQuality(), true); } if ($_config->checkSizeAfterScaling()) { //check file size after scaling, attempt to delete if too big clearstatcache(); if ($maxSize && filesize($sFilePath) > $maxSize) { @unlink($sFilePath); $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); } else { $this->_errorHandler->throwError($iErrorNumber, true, false); } } CKFinder_Connector_Core_Hooks::run('AfterFileUpload', array(&$this->_currentFolder, &$uploadedFile, &$sFilePath)); }