protected function getInput() { $params = JUDirectoryHelper::getParams(); $max_upload = ini_get('upload_max_filesize'); $src = JUri::root() . JUDirectoryFrontHelper::getDirectory("collection_icon_directory", "media/com_judirectory/images/collection/", true) . $this->value; $html = "<div class=\"avatar\" style=\"float: left;\">"; if ($this->value) { $html .= "<div class=\"clearfix\"><img src=\"" . $src . "\" width=\"" . $params->get('collection_icon_width', 100) . "px\" height=\"" . $params->get('collection_icon_height', 100) . "px\" /></div>"; $html .= "<label><input type=\"checkbox\" name=\"remove_icon\" value=\"1\" /> " . JText::_('COM_JUDIRECTORY_REMOVE_ICON') . "</label>"; } $html .= "<div class=\"clearfix\"><input type=\"file\" name=\"collection_icon\" id=\"" . $this->id . "\" />"; $html .= "<input type=\"hidden\" name=\"" . $this->name . "\" value=\"" . $this->value . "\" /></div>"; $html .= "<div class=\"clearfix\"><i>" . JText::_('COM_JUDIRECTORY_MAX_UPLOAD_FILESIZE') . " <strong>" . JUDirectoryHelper::formatBytes($this->convertBytes($max_upload)) . "</strong></i></div>"; $html .= "</div>"; return $html; }
protected function getInput() { $params = JUDirectoryHelper::getParams(); $max_upload = ini_get('upload_max_filesize'); if ($this->value) { $src = JUri::root(true) . "/" . JUDirectoryFrontHelper::getDirectory("avatar_directory", "media/com_judirectory/images/avatar/", true) . $this->value; } else { $src = JUri::root(true) . "/" . JUDirectoryFrontHelper::getDirectory("avatar_directory", "media/com_judirectory/images/avatar/", true) . "default/" . $params->get('default_avatar', 'default-avatar.png'); } $html = '<div class="avatar" style="float: left;">'; $html .= '<div class="clearfix"><img src="' . $src . '" alt="Avatar" style="width:' . $params->get("avatar_width", 120) . 'px; height:' . $params->get("avatar_height", 120) . 'px;" /></div>'; if ($this->value) { $html .= '<label for="remove-avatar">' . JText::_("COM_JUDIRECTORY_REMOVE_AVATAR") . ' <input id="remove-avatar" type="checkbox" name="remove_avatar" value="1" /></label>'; } $html .= '<div class="clearfix"><input type="file" name="avatar" id="' . $this->id . '" />'; $html .= '<input type="hidden" name="' . $this->name . '" value="' . $this->value . '" /></div>'; $html .= '<div class="clearfix"><i>' . JText::_("COM_JUDIRECTORY_MAX_UPLOAD_FILESIZE") . ' <strong>' . JUDirectoryHelper::formatBytes($this->convertBytes($max_upload)) . '</strong></i></div>'; $html .= '</div>'; return $html; }
public function getInput($fieldValue = null) { if (!$this->isPublished()) { return ""; } $this->loadDefaultAssets(); if (isset($this->listing) && $this->listing->cat_id) { $params = JUDirectoryHelper::getParams($this->listing->cat_id); } else { $params = JUDirectoryHelper::getParams(null, $this->listing_id); } $max_upload = ini_get('upload_max_filesize'); $max_upload = JUDirectoryHelper::formatBytes(self::convertBytes($max_upload)); $value = !is_null($fieldValue) ? $fieldValue : $this->value; $image_src = JUDirectoryHelper::getListingImage($value); $this->setAttribute("type", "file", "input"); if (!$this->value) { $this->addAttribute("class", "validate-images", "input"); $this->addAttribute("class", $this->getInputClass(), "input"); } $this->setVariable('image_src', $image_src); $this->setVariable('max_upload', $max_upload); $this->setVariable('params', $params); $this->setVariable('value', $value); return $this->fetch('input.php', __CLASS__); }
public static function validateImageFile($file) { $app = JFactory::getApplication(); if (empty($file['name'])) { return false; } if (!JFile::exists($file['tmp_name'])) { $app->enqueueMessage(JText::_('COM_JUDIRECTORY_FILE_NOT_FOUND'), 'error'); return false; } $format = strtolower(JFile::getExt($file['name'])); $executable = array('php', 'js', 'exe', 'phtml', 'java', 'perl', 'py', 'asp', 'dll', 'go', 'ade', 'adp', 'bat', 'chm', 'cmd', 'com', 'cpl', 'hta', 'ins', 'isp', 'jse', 'lib', 'mde', 'msc', 'msp', 'mst', 'pif', 'scr', 'sct', 'shb', 'sys', 'vb', 'vbe', 'vbs', 'vxd', 'wsc', 'wsf', 'wsh'); $explodedFileName = explode('.', $file['name']); if (count($explodedFileName) > 2) { foreach ($executable as $extensionName) { if (in_array($extensionName, $explodedFileName)) { $app->enqueueMessage(JText::_('COM_JUDIRECTORY_INVALID_FILE_TYPE'), 'error'); return false; } } } $params = JUDirectoryHelper::getParams(); $allowable = $params->get('upload_extensions', 'bmp,gif,jpg,png'); $allowable = explode(',', strtolower(str_replace("\n", ",", trim($allowable)))); if ($format == '' || $format == false || !in_array($format, $allowable)) { $app->enqueueMessage(JText::sprintf('COM_JUDIRECTORY_INVALID_FILE_TYPE', $format), 'error'); return false; } $maxSize = (int) ($params->get('image_max_size', 400) * 1024); $maxSizeFormatted = JUDirectoryHelper::formatBytes($maxSize); if ($maxSize > 0 && (int) $file['size'] > $maxSize) { $app->enqueueMessage(JText::sprintf('COM_JUDIRECTORY_REACH_MAX_FILE_SIZE', $maxSizeFormatted), 'error'); return false; } $imgInfo = null; if (!empty($file['tmp_name'])) { if (($imgInfo = getimagesize($file['tmp_name'])) === false) { $app->enqueueMessage(JText::_('COM_JUDIRECTORY_INVALID_IMAGE_FILE'), 'error'); return false; } } else { $app->enqueueMessage(JText::sprintf('COM_JUDIRECTORY_REACH_MAX_FILE_SIZE', $maxSizeFormatted), 'error'); return false; } $xss_check = JFile::read($file['tmp_name'], false, 256); $html_tags = array('abbr', 'acronym', 'address', 'applet', 'area', 'audioscope', 'base', 'basefont', 'bdo', 'bgsound', 'big', 'blackface', 'blink', 'blockquote', 'body', 'bq', 'br', 'button', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'comment', 'custom', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'embed', 'fieldset', 'fn', 'font', 'form', 'frame', 'frameset', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'hr', 'html', 'iframe', 'ilayer', 'img', 'input', 'ins', 'isindex', 'keygen', 'kbd', 'label', 'layer', 'legend', 'li', 'limittext', 'link', 'listing', 'map', 'marquee', 'menu', 'meta', 'multicol', 'nobr', 'noembed', 'noframes', 'noscript', 'nosmartquotes', 'object', 'ol', 'optgroup', 'option', 'param', 'plaintext', 'pre', 'rt', 'ruby', 's', 'samp', 'script', 'select', 'server', 'shadow', 'sidebar', 'small', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'title', 'tr', 'tt', 'ul', 'var', 'wbr', 'xml', 'xmp', '!DOCTYPE', '!--'); foreach ($html_tags as $tag) { if (stristr($xss_check, '<' . $tag . ' ') || stristr($xss_check, '<' . $tag . '>')) { $app->enqueueMessage(JText::_('COM_JUDIRECTORY_IEXSS_WARNING'), 'error'); return false; } } return true; }
public function filterField($values) { $oldImages = $values ? $values : array(); $app = JFactory::getApplication(); $newImages = $app->input->files->get('field_' . $this->id); $gallery = $gallery['old'] = $gallery['new'] = array(); $params = JUDirectoryHelper::getParams(null, $this->listing_id); $maxUploadImage = 4; $count = 0; if ($this->listing_id) { $db = JFactory::getDbo(); $query = 'SELECT id FROM #__judirectory_images WHERE listing_id = ' . (int) $this->listing_id; $db->setQuery($query); $imageIds = $db->loadColumn(); foreach ($oldImages as $key => $image) { if (!in_array($image['id'], $imageIds)) { continue; } if ($maxUploadImage > 0 && $count >= $maxUploadImage) { break; } $gallery['old'][] = $image; if (!$image['remove']) { $count++; } } } $error = array(); if ($newImages && ($count < $maxUploadImage && $maxUploadImage > 0 || $maxUploadImage <= 0)) { $legal_extensions = "jpeg,jpg,png,gif,bmp"; $legal_mime = "image/jpeg,image/pjpeg,image/png,image/gif,image/bmp,image/x-windows-bmp"; $image_min_width = $params->get("image_min_width", 50); $image_min_height = $params->get("image_min_height", 50); $image_max_width = $params->get("image_max_width", 1024); $image_max_height = $params->get("image_max_height", 1024); $image_max_size = $params->get("image_max_size", 400) * 1024; $num_files_exceed_limit = 0; $num_files_invalid_dimension = 0; foreach ($newImages as $image) { if ($image['name']) { $image['name'] = str_replace(' ', '_', JFile::makeSafe($image['name'])); if ($count >= $maxUploadImage) { $num_files_exceed_limit++; continue; } if (!JUDirectoryFrontHelperPermission::canUpload($image, $error, $legal_extensions, $image_max_size, true, $legal_mime, '', $legal_extensions)) { continue; } $image_dimension = getimagesize($image['tmp_name']); if ($image_dimension[0] < $image_min_width || $image_dimension[1] < $image_min_height || $image_dimension[0] > $image_max_width || $image_dimension[1] > $image_max_height) { $num_files_invalid_dimension++; continue; } $gallery['new'][] = $image; $count++; } } $app = JFactory::getApplication(); if ($error) { foreach ($error as $key => $count) { switch ($key) { case 'WARN_SOURCE': case 'WARN_FILENAME': case 'WARN_FILETYPE': case 'WARN_FILETOOLARGE': case 'WARN_INVALID_IMG': case 'WARN_INVALID_MIME': case 'WARN_IEXSS': $error_str = JText::plural("COM_JUDIRECTORY_N_FILE_" . $key, $count); break; } $app->enqueueMessage($error_str, 'notice'); } } if ($num_files_exceed_limit) { $image_upload_limit = JUDirectoryHelper::formatBytes($image_max_size * 1024); $app->enqueueMessage(JText::plural('COM_JUDIRECTORY_N_IMAGES_ARE_NOT_SAVED_BECAUSE_THEY_EXCEEDED_FILE_SIZE_LIMIT', $num_files_exceed_limit, $image_upload_limit), 'notice'); } if ($num_files_invalid_dimension) { $app->enqueueMessage(JText::plural('COM_JUDIRECTORY_N_IMAGES_ARE_NOT_SAVED_BECAUSE_THEY_ARE_NOT_VALID_DIMENSION', $num_files_invalid_dimension, $image_min_width, $image_max_width, $image_min_height, $image_max_height), 'notice'); } } $gallery['count'] = $count; return $gallery; }