public function write_file($file, $name) { $filename = PerchUtil::tidy_file_name($name); if (strpos($filename, '.php') !== false) { $filename .= '.txt'; } // diffuse PHP files if (strpos($filename, '.phtml') !== false) { $filename .= '.txt'; } // diffuse PHP files $target = PerchUtil::file_path($this->file_path . '/' . $filename); if (file_exists($target)) { $dot = strrpos($filename, '.'); $filename_a = substr($filename, 0, $dot); $filename_b = substr($filename, $dot); $count = 1; while (file_exists(PerchUtil::file_path($this->file_path . '/' . PerchUtil::tidy_file_name($filename_a . '-' . $count . $filename_b)))) { $count++; } $filename = PerchUtil::tidy_file_name($filename_a . '-' . $count . $filename_b); $target = PerchUtil::file_path($this->file_path . '/' . $filename); } PerchUtil::move_uploaded_file($file, $target); return array('name' => $filename, 'path' => $target); }
} //checking for naughty uploading of php files. $target = PERCH_RESFILEPATH . DIRECTORY_SEPARATOR . $filename; if (file_exists($target)) { $ext = strrpos($filename, '.'); $fileName_a = substr($filename, 0, $ext); $fileName_b = substr($filename, $ext); $count = 1; while (file_exists(PERCH_RESFILEPATH . DIRECTORY_SEPARATOR . $fileName_a . '_' . $count . $fileName_b)) { $count++; } $filename = $fileName_a . '_' . $count . $fileName_b; $target = PERCH_RESFILEPATH . DIRECTORY_SEPARATOR . $filename; } } PerchUtil::move_uploaded_file($_FILES['upload']['tmp_name'], $target); if (is_object($Image)) { $Image->process_versions($filename, $Template); } } if ($new_image) { PerchUtil::redirect($API->app_path() . '/images/edit/?album_id=' . $albumID . '&id=' . $result->id() . '&created=1'); } else { $message = $HTML->success_message('Your image has been successfully updated. Return to %simage listing%s', '<a href="' . $API->app_path() . '/images/?id=' . $albumID . '">', '</a>'); } } else { $message = $HTML->failure_message('Sorry, that image could not be updated.'); } if (is_object($Image)) { $details = $Image->to_array(); } else {
} if (isset($_POST['logo_remove']) && $_POST['logo_remove'] == '1') { $data['logoPath'] = ''; } foreach ($data as $key => $value) { $Settings->set($key, $value); } $Lang = PerchLang::fetch(); $Lang->reload(); $Alert->set('success', PerchLang::get("Your settings have been updated.")); // image upload if (isset($_FILES['customlogo']) && (int) $_FILES['customlogo']['size'] > 0) { if (is_array(getimagesize($_FILES['customlogo']['tmp_name']))) { $filename = $_FILES['customlogo']['name']; if (strpos($filename, '.php') !== false) { $filename .= '.txt'; } // diffuse PHP files $target = PERCH_RESFILEPATH . '/' . $filename; if (file_exists($target)) { $filename = time() . '_' . $_FILES['customlogo']['name']; $target = PERCH_RESFILEPATH . '/' . $filename; } PerchUtil::move_uploaded_file($_FILES['customlogo']['tmp_name'], $target); $Settings->set('logoPath', PERCH_RESPATH . '/' . $filename); } } $Settings->reload(); } PerchUtil::debug('Image folder writable? ' . $image_folder_writable); $details = $Settings->get_as_array();
public function process_response($SubmittedForm) { $opts = $this->_load_options(); $data = array(); $data['fields'] = array(); $data['files'] = array(); $data['page'] = $SubmittedForm->page; if (class_exists('PerchContent_Pages')) { $Pages = new PerchContent_Pages(); $Page = $Pages->find_by_path($SubmittedForm->page); if ($Page) { $data['page'] = array('id' => $Page->pageID(), 'title' => $Page->pageTitle(), 'path' => $Page->pagePath(), 'navtext' => $Page->pageNavText()); } } // Anti-spam $spam = false; $antispam = $SubmittedForm->get_antispam_values(); $environment = $_SERVER; $akismetAPIKey = false; if (isset($opts->akismet) && $opts->akismet) { if (isset($opts->akismetAPIKey) && $opts->akismetAPIKey != '') { $akismetAPIKey = $opts->akismetAPIKey; } } $spam = $this->_check_for_spam($antispam, $environment, $akismetAPIKey); // Files if (!$spam && PerchUtil::count($SubmittedForm->files)) { if (isset($opts->fileLocation) && $opts->fileLocation != '') { foreach ($SubmittedForm->files as $key => &$details) { if ($details['error'] == '0' && $details['size'] > 0) { // no error, upload worked $attrs = $SubmittedForm->get_template_attributes($key); if (is_uploaded_file($details['tmp_name'])) { $filename = $details['name']; $dest = rtrim($opts->fileLocation, '\\/') . DIRECTORY_SEPARATOR; if (file_exists($dest . $filename)) { $filename = time() . $filename; } if (file_exists($dest . $filename)) { $filename = time() . mt_rand() . $filename; } if (PerchUtil::move_uploaded_file($details['tmp_name'], $dest . $filename)) { $details['new_path'] = $dest . $filename; $details['new_filename'] = $filename; $file = new stdClass(); $file->name = $filename; $file->path = $dest . $filename; $file->size = $details['size']; $file->mime = ''; if (isset($SubmittedForm->mimetypes[$key])) { $file->mime = $SubmittedForm->mimetypes[$key]; } $file->attributes = $attrs->get_attributes(); $data['files'][$key] = $file; } } } } } else { PerchUtil::debug('Form ' . $SubmittedForm->id . ': File save location not set, files discarded.', 'error'); } } // Fields if (PerchUtil::count($SubmittedForm->data)) { foreach ($SubmittedForm->data as $key => $value) { $attrs = $SubmittedForm->get_template_attributes($key); if ($attrs) { $field = new stdClass(); $field->attributes = $attrs->get_attributes(); // skip submit fields if (isset($field->attributes['type']) && $field->attributes['type'] == 'submit') { // skip it. } else { // skip honeypot field if (isset($field->attributes['antispam']) && $field->attributes['antispam'] == 'honeypot') { // skip it } else { $field->value = $value; $data['fields'][$attrs->id()] = $field; } } } } } if (!$spam && isset($opts->email) && $opts->email) { $this->_send_email($opts, $data); } if (isset($opts->store) && $opts->store) { $json = PerchUtil::json_safe_encode($data); $record = array(); $record['responseJSON'] = $json; $record['formID'] = $this->id(); $record['responseIP'] = $_SERVER['REMOTE_ADDR']; if ($spam) { $record['responseSpam'] = '1'; } $spam_data = array(); $spam_data['fields'] = $antispam; $spam_data['environment'] = $environment; $record['responseSpamData'] = PerchUtil::json_safe_encode($spam_data); $Responses = new PerchForms_Responses($this->api); $Response = $Responses->create($record); } if ($spam || !isset($opts->store) || !$opts->store) { // not storing, so drop files if (PerchUtil::count($data['files'])) { foreach ($data['files'] as $file) { if (file_exists($file->path)) { @unlink($file->path); } } } } // Redirect? if (isset($opts->successURL) && $opts->successURL) { PerchUtil::redirect(trim($opts->successURL)); } }