/** * accepts a file for upload */ function media_upload() { global $DIR_MEDIA, $member, $CONF, $funcNum, $responseType; $uploadInfo = postFileInfo('upload'); $filename = $uploadInfo['name']; $filetype = $uploadInfo['type']; $filesize = $uploadInfo['size']; $filetempname = $uploadInfo['tmp_name']; $fileerror = intval($uploadInfo['error']); // clean filename of characters that may cause trouble in a filename using cleanFileName() function from globalfunctions.php $filename = cleanFileName($filename); if ($filename === false) { upload_doError(_ERROR_BADFILETYPE . $filename); } switch ($fileerror) { case 0: // = UPLOAD_ERR_OK break; case 1: // = UPLOAD_ERR_INI_SIZE // = UPLOAD_ERR_INI_SIZE case 2: // = UPLOAD_ERR_FORM_SIZE upload_doError(_ERROR_FILE_TOO_BIG); case 3: // = UPLOAD_ERR_PARTIAL // = UPLOAD_ERR_PARTIAL case 4: // = UPLOAD_ERR_NO_FILE // = UPLOAD_ERR_NO_FILE case 6: // = UPLOAD_ERR_NO_TMP_DIR // = UPLOAD_ERR_NO_TMP_DIR case 7: // = UPLOAD_ERR_CANT_WRITE // = UPLOAD_ERR_CANT_WRITE default: // include error code for debugging // (see http://www.php.net/manual/en/features.file-upload.errors.php) upload_doError(_ERROR_BADREQUEST . ' (' . $fileerror . ')'); } if ($filesize > $CONF['MaxUploadSize']) { upload_doError(_ERROR_FILE_TOO_BIG); } // check file type against allowed types $ok = 0; $allowedtypes = explode(',', $CONF['AllowedTypes']); foreach ($allowedtypes as $type) { if (preg_match("#\\." . $type . "\$#i", $filename)) { $ok = 1; } } if (!$ok) { upload_doError(_ERROR_BADFILETYPE . $filename); } if (!is_uploaded_file($filetempname)) { upload_doError(_ERROR_BADREQUEST); } // prefix filename with current date (YYYYMMDD-HHMMSS-) // this to avoid nameclashes if ($CONF['MediaPrefix']) { $filename = strftime("%Y%m%d-%H%M%S-", time()) . $filename; } // currently selected collection $collection = requestVar('collection'); if (!$collection || !@is_dir($DIR_MEDIA . $collection)) { $collection = $member->getID(); } // avoid directory travarsal and accessing invalid directory if (!MEDIA::isValidCollection($collection)) { media_doError(_ERROR_DISALLOWED); } $res = MEDIA::addMediaObject($collection, $filetempname, $filename); if ($res != '') { upload_doError($res); } $url = $CONF['MediaURL'] . $collection . '/' . $filename; if ($responseType != 'json') { echo "<script type='text/javascript'>window.parent.CKEDITOR.tools.callFunction(" . $funcNum . ", '" . $url . "', '');</script>"; } else { $arr = array('uploaded' => 1, 'fileName' => $filename, 'url' => $url); header("Content-Type: application/json; charset=utf-8"); echo json_encode($arr); } }
function media_select() { global $member, $CONF, $DIR_MEDIA, $manager; // show 10 files + navigation buttons // show msg when no files // show upload form // files sorted according to last modification date // currently selected collection $currentCollection = requestVar('collection'); if (!$currentCollection || !@is_dir($DIR_MEDIA . $currentCollection)) { $tinymce = $manager->getPlugin('NP_TinyMCE'); switch ($tinymce->getOption('def_dir_mode')) { case 'fix': $currentCollection = $tinymce->getOption('def_dir'); break; default: $currentCollection = $member->getID(); } } // avoid directory travarsal and accessing invalid directory if (!MEDIA::isValidCollection($currentCollection)) { media_doError(_ERROR_DISALLOWED); } media_head(); // get collection list $collections = MEDIA::getCollectionList(); if (sizeof($collections) > 1) { ?> <form method="post" action="media.php"><div> <label for="media_collection"><?php echo htmlspecialchars(_MEDIA_COLLECTION_LABEL); ?> </label> <select name="collection" id="media_collection" onchange="return form.submit()"> <?php foreach ($collections as $dirname => $description) { echo '<option value="', htmlspecialchars($dirname), '"'; if ($dirname == $currentCollection) { echo ' selected="selected"'; } echo '>', htmlspecialchars($description), '</option>'; } ?> </select> <input type="submit" name="action" value="<?php echo htmlspecialchars(_MEDIA_UPLOAD_TO); ?> " title="<?php echo htmlspecialchars(_MEDIA_UPLOADLINK); ?> " class="button" /> <?php $manager->addTicketHidden(); ?> </div></form> <?php } else { ?> <form method="post" action="media.php" style="float:right"><div> <input type="hidden" name="collection" value="<?php echo htmlspecialchars($currentCollection); ?> " /> <input type="submit" name="action" value="<?php echo htmlspecialchars(_MEDIA_UPLOAD_NEW); ?> " title="<?php echo htmlspecialchars(_MEDIA_UPLOADLINK); ?> " class="button" /> <?php $manager->addTicketHidden(); ?> </div></form> <?php } // if sizeof $filter = requestVar('filter'); $offset = intRequestVar('offset'); $arr = MEDIA::getMediaListByCollection($currentCollection, $filter); ?> <form method="post" action="media.php"><div> <label for="media_filter"><?php echo htmlspecialchars(_MEDIA_FILTER_LABEL); ?> </label> <input id="media_filter" type="text" name="filter" value="<?php echo htmlspecialchars($filter); ?> " /> <input type="submit" name="action" value="<?php echo htmlspecialchars(_MEDIA_FILTER_APPLY); ?> " class="button" /> <input type="hidden" name="collection" value="<?php echo htmlspecialchars($currentCollection); ?> " /> <input type="hidden" name="offset" value="<?php echo intval($offset); ?> " /> </div></form> <?php ?> <table width="100%"> <caption><?php echo _MEDIA_COLLECTION_LABEL . htmlspecialchars($collections[$currentCollection]); ?> </caption> <tr> <th><?php echo _MEDIA_MODIFIED; ?> </th><th><?php echo _MEDIA_FILENAME; ?> </th><th><?php echo _MEDIA_DIMENSIONS; ?> </th> </tr> <?php if (sizeof($arr) > 0) { if ($offset + $CONF['MediaPerPage'] >= sizeof($arr)) { $offset = sizeof($arr) - $CONF['MediaPerPage']; } if ($offset < 0) { $offset = 0; } $idxStart = $offset; $idxEnd = $offset + $CONF['MediaPerPage']; $idxNext = $idxEnd; $idxPrev = $idxStart - $CONF['MediaPerPage']; if ($idxPrev < 0) { $idxPrev = 0; } if ($idxEnd > sizeof($arr)) { $idxEnd = sizeof($arr); } for ($i = $idxStart; $i < $idxEnd; $i++) { $obj = $arr[$i]; $filename = $DIR_MEDIA . $currentCollection . '/' . $obj->filename; $old_level = error_reporting(0); $size = @GetImageSize($filename); error_reporting($old_level); $width = $size[0]; $height = $size[1]; $filetype = $size[2]; echo "<tr>"; echo "<td>" . date("Y-m-d", $obj->timestamp) . "</td>"; // strings for javascript $jsCurrentCollection = str_replace("'", "\\'", $currentCollection); $jsFileName = str_replace("'", "\\'", $obj->filename); if ($filetype != 0) { // image (gif/jpg/png/swf) echo "<td><span style=\"cursor:pointer;\" onclick=\"chooseImage('", htmlspecialchars($jsCurrentCollection), "','", htmlspecialchars($jsFileName), "'," . "'", htmlspecialchars($width), "','", htmlspecialchars($height), "'" . ")\" title=\"" . htmlspecialchars($obj->filename) . "\">" . htmlspecialchars(shorten($obj->filename, 25, '...')) . "</span>"; echo ' (<a href="', htmlspecialchars($CONF['MediaURL'] . $currentCollection . '/' . $obj->filename), '" onclick="window.open(this.href); return false;" title="', htmlspecialchars(_MEDIA_VIEW_TT), '">', _MEDIA_VIEW, '</a>)'; echo "</td>"; } else { // no image (e.g. mpg) echo "<td><span style=\"cursor:pointer;\" onclick=\"chooseOther('", htmlspecialchars($jsCurrentCollection), "','", htmlspecialchars($jsFileName), "'" . ")\" title=\"" . htmlspecialchars($obj->filename) . "\">" . htmlspecialchars(shorten($obj->filename, 30, '...')) . "</span></td>"; } echo '<td>', htmlspecialchars($width), 'x', htmlspecialchars($height), '</td>'; echo '</tr>'; } } // if (sizeof($arr)>0) ?> </table> <?php if ($idxStart > 0) { echo "<a href='media.php?offset={$idxPrev}&collection=" . urlencode($currentCollection) . "'>" . _LISTS_PREV . "</a> "; } if ($idxEnd < sizeof($arr)) { echo "<a href='media.php?offset={$idxNext}&collection=" . urlencode($currentCollection) . "'>" . _LISTS_NEXT . "</a> "; } ?> <input id="typeradio0" type="radio" name="typeradio" onclick="setType(0);" checked="checked" class="radio" /><label for="typeradio0"><?php echo _MEDIA_INLINE; ?> </label> <input id="typeradio1" type="radio" name="typeradio" onclick="setType(1);" class="radio" /><label for="typeradio1"><?php echo _MEDIA_POPUP; ?> </label> <?php media_foot(); }
/** * Adds an uploaded file to the media archive * * @param collection * collection * @param uploadfile * the postFileInfo(..) array * @param filename * the filename that should be used to save the file as * (date prefix should be already added here) */ function addMediaObject($collection, $uploadfile, $filename) { global $DIR_MEDIA, $manager; // clean filename of characters that may cause trouble in a filename using cleanFileName() function from globalfunctions.php $filename = cleanFileName($filename); // should already have tested for allowable types before calling this method. This will only catch files with no extension at all if ($filename === false) { return _ERROR_BADFILETYPE; } $manager->notify('PreMediaUpload', array('collection' => &$collection, 'uploadfile' => $uploadfile, 'filename' => &$filename)); // don't allow uploads to unknown or forbidden collections $exceptReadOnly = true; if (!MEDIA::isValidCollection($collection, $exceptReadOnly)) { return _ERROR_DISALLOWED; } // check dir permissions (try to create dir if it does not exist) $mediadir = $DIR_MEDIA . $collection; // try to create new private media directories if needed if (!@is_dir($mediadir) && is_numeric($collection)) { $oldumask = umask(00); if (!@mkdir($mediadir, 0777)) { return _ERROR_BADPERMISSIONS; } umask($oldumask); } // if dir still not exists, the action is disallowed if (!@is_dir($mediadir)) { return _ERROR_DISALLOWED; } if (!is_writeable($mediadir)) { return _ERROR_BADPERMISSIONS; } // add trailing slash (don't add it earlier since it causes mkdir to fail on some systems) $mediadir .= '/'; if (file_exists($mediadir . $filename)) { return _ERROR_UPLOADDUPLICATE; } // move file to directory if (is_uploaded_file($uploadfile)) { if (!@move_uploaded_file($uploadfile, $mediadir . $filename)) { return _ERROR_UPLOADMOVEP; } } else { if (!copy($uploadfile, $mediadir . $filename)) { return _ERROR_UPLOADCOPY; } } // chmod uploaded file $oldumask = umask(00); @chmod($mediadir . $filename, 0644); umask($oldumask); $manager->notify('PostMediaUpload', array('collection' => $collection, 'mediadir' => $mediadir, 'filename' => $filename)); return ''; }