} else { $link = 'files/edit.php'; } Safe::redirect($context['url_to_home'] . $context['url_to_root'] . 'users/login.php?url=' . urlencode($link)); } // permission denied to authenticated user Safe::header('Status: 401 Unauthorized', TRUE, 401); Logger::error(i18n::s('You are not allowed to perform this operation.')); // file has been reserved } elseif (isset($item['assign_id']) && $item['assign_id'] && !Surfer::is($item['assign_id']) && !$anchor->is_owned()) { // prevent updates $context['text'] .= Skin::build_block(sprintf(i18n::s('This file has been reserved by %s %s, and it is likely that an updated version will be made available soon.'), Users::get_link($item['assign_name'], $item['assign_address'], $item['assign_id']), Skin::build_date($item['assign_date'])), 'caution'); // follow-up commands $context['text'] .= Skin::build_block(Skin::build_link($anchor->get_url('files'), i18n::s('Done'), 'button'), 'bottom'); // extension is not allowed } elseif (Files::get_uploaded('upload', 'name') && !Files::is_authorized(Files::get_uploaded('upload', 'name'))) { Safe::header('Status: 401 Unauthorized', TRUE, 401); Logger::error(i18n::s('This type of file is not allowed.')); // an error occured } elseif (count($context['error'])) { $item = $_REQUEST; $with_form = TRUE; // process uploaded data } elseif (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'POST') { // remember the previous version if (isset($item['id'])) { include_once '../versions/versions.php'; Versions::save($item, 'file:' . $item['id']); } // assume this is just an update of the record $action = 'file:update';
function explode_callback($name) { global $context; // reject all files put in sub-folders if (($path = substr($name, strlen($context['uploaded_path'] . '/'))) && strpos($path, '/') !== FALSE) { Safe::unlink($name); } elseif (!Files::is_authorized($name)) { Safe::unlink($name); } else { // make it easy to download $ascii = utf8::to_ascii(basename($name)); Safe::rename($name, $context['uploaded_path'] . '/' . $ascii); // remember this name $context['uploaded_files'][] = $ascii; } }
/** * create an attached file * * @param array of entity attributes (e.g., 'Content-Disposition') * @param string file actual content * @param array poster attributes * @param string the target anchor (e.g., 'article:123') * @param string reference of the object to be extended, if any * @return string reference to the created object, or NULL */ public static function submit_file($entity_headers, $content, $user, $anchor, $target = NULL) { global $context; // retrieve queue parameters list($server, $account, $password, $allowed, $match, $section, $options, $hooks, $prefix, $suffix) = $context['mail_queue']; // locate content-disposition foreach ($entity_headers as $header) { if (preg_match('/Content-Disposition/i', $header['name'])) { $content_disposition = $header['value']; break; } } // find file name in content-disposition $file_name = ''; if ($content_disposition && preg_match('/filename="*([a-zA-Z0-9\'\\(\\)\\+_,-\\.\\/:=\\? ]+)"*\\s*/i', $content_disposition, $matches)) { $file_name = $matches[1]; } // as an alternative, look in content-type if (!$file_name) { // locate content-type foreach ($entity_headers as $header) { if (preg_match('/Content-Type/i', $header['name'])) { $content_type = $header['value']; break; } } // find file name in content-type if ($content_type && preg_match('/name="*([a-zA-Z0-9\'\\(\\)\\+_,-\\.\\/:=\\? ]+)"*\\s*/i', $content_type, $matches)) { $file_name = $matches[1]; } } // as an alternative, look in content-description if (!$file_name) { // locate content-description foreach ($entity_headers as $header) { if (preg_match('/Content-Description/i', $header['name'])) { $content_description = $header['value']; $file_name = $content_description; break; } } } // sanity check if (!$file_name) { Logger::remember('agents/messages.php: No name to use for submitted file'); return NULL; } // we don't accept all extensions if (!Files::is_authorized($file_name)) { Logger::remember('agents/messages.php: Rejected file type for ' . $file_path . $file_name); return NULL; } // file size $file_size = strlen($content); // sanity check if ($file_size < 7) { Logger::remember('agents/messages.php: Short file skipped'); return NULL; } // sanity check if (!$anchor) { Logger::remember('agents/messages.php: No anchor to use for submitted file', $file_name); return NULL; } // get anchor data -- this is a mutable object $host = Anchors::get($anchor, TRUE); if (!is_object($host)) { Logger::remember('agents/messages.php: Unknown anchor ' . $anchor); return NULL; } // create target folders list($anchor_type, $anchor_id) = explode(':', $anchor, 2); $file_path = 'files/' . $anchor_type . '/' . $anchor_id; if (!Safe::make_path($file_path)) { Logger::remember('agents/messages.php: Impossible to create ' . $file_path); return NULL; } $file_path = $context['path_to_root'] . $file_path . '/'; // save the entity in the file system if (!($file = Safe::fopen($file_path . $file_name, 'wb'))) { Logger::remember('agents/messages.php: Impossible to open ' . $file_path . $file_name); return NULL; } if (fwrite($file, $content) === FALSE) { Logger::remember('agents/messages.php: Impossible to write to ' . $file_path . $file_name); return NULL; } fclose($file); // update file description $item = array(); $item['anchor'] = $anchor; $item['file_name'] = $file_name; $item['file_size'] = $file_size; if (isset($content_description) && $content_description != $file_name) { $item['description'] = $content_description; } $item['edit_date'] = gmstrftime('%Y-%m-%d %H:%M:%S', time()); $item['edit_name'] = $user['nick_name']; $item['edit_id'] = $user['id']; $item['edit_address'] = $user['email']; // create a file record in the database if (!($item['id'] = Files::post($item))) { Logger::remember('agents/messages.php: ' . Logger::error_pop()); return NULL; } if ($context['debug_messages'] == 'Y') { Logger::remember('agents/messages.php: Messages::submit_file()', $item, 'debug'); } return 'file:' . $item['id']; }
die(json_encode(array('data' => $msg, 'status' => $status, 'preview' => $preview, 'js' => $js))); } load_skin(); safe::make_path('temporary/uploaded/'); // we need a file if (isset($_FILES[$name]) && count($_FILES[$name])) { // Check for errors if ($_FILES[$name]['error'] > 0) { Safe::header('Status: Internal 500 server error', TRUE, 500); outputJSON(i18n::s('An error ocurred when uploading.')); } /*if(!getimagesize($_FILES['SelectedFile']['tmp_name'])){ outputJSON('Please ensure you are uploading an image.'); }*/ // Check filetype if (!Files::is_authorized($_FILES[$name]['name'])) { Safe::header('Status: 415 Unsupported media', TRUE, 415); outputJSON(i18n::s('Unsupported filetype uploaded.')); } // Check filesize /*if($_FILES['SelectedFile']['size'] > Safe::get_cfg_var('upload_max_filesize')){ outputJSON('File uploaded exceeds maximum upload size.'); }*/ // Check if the file exists if (file_exists(UPLOAD_PATH . $_FILES[$name]['name'])) { Safe::header('Status: 500 Internal server error', TRUE, 500); outputJSON(i18n::s('File with that name already exists in temporary folder.')); } // Upload file $path = $context['path_to_root'] . UPLOAD_PATH . $_FILES[$name]['name']; if (!Safe::move_uploaded_file($_FILES[$name]['tmp_name'], $path)) {