/** * Upload a profile image. * @return boolean True iff success. */ function uploadProfileImage() { import('classes.file.PublicFileManager'); $publicFileManager = new PublicFileManager(); $user = $this->getUser(); $type = $publicFileManager->getUploadedFileType('uploadedFile'); $extension = $publicFileManager->getImageExtension($type); if (!$extension) { return false; } $uploadName = 'profileImage-' . (int) $user->getId() . $extension; if (!$publicFileManager->uploadSiteFile('uploadedFile', $uploadName)) { return false; } $filePath = $publicFileManager->getSiteFilesPath(); list($width, $height) = getimagesize($filePath . '/' . $uploadName); if ($width > PROFILE_IMAGE_MAX_WIDTH || $height > PROFILE_IMAGE_MAX_HEIGHT || $width <= 0 || $height <= 0) { $userSetting = null; $user->updateSetting('profileImage', $userSetting); $publicFileManager->removeSiteFile($filePath); return false; } $user->updateSetting('profileImage', array('name' => $publicFileManager->getUploadedFileName('uploadedFile'), 'uploadName' => $uploadName, 'width' => $width, 'height' => $height, 'dateUploaded' => Core::getCurrentDate())); return true; }
/** * Decompress uploaded plugin and install in the correct plugin directory. * @param $function string type of operation to perform after upload ('upgrade' or 'install') * @param $category string the category of the uploaded plugin (upgrade only) * @param $plugin string the name of the uploaded plugin (upgrade only) */ function uploadPlugin($function, $category = null, $plugin = null) { $this->validate(); $templateMgr =& TemplateManager::getManager(); $this->setupTemplate(true); $templateMgr->assign('error', false); $templateMgr->assign('uploaded', false); $templateMgr->assign('path', $function); $errorMsg = ''; if (Request::getUserVar('uploadPlugin')) { import('classes.file.PublicFileManager'); $publicFileManager = new PublicFileManager(); $pluginFile = Core::getBaseDir() . DIRECTORY_SEPARATOR . $publicFileManager->getSiteFilesPath() . DIRECTORY_SEPARATOR . $_FILES['newPlugin']['name']; // tar archive basename (less potential version number) must equal plugin directory name // and plugin files must be in a directory named after the plug-in. $matches = array(); String::regexp_match_get('/^[a-zA-Z0-9]+/', basename($pluginFile, '.tar.gz'), $matches); $pluginName = array_pop($matches); } else { $errorMsg = 'manager.plugins.fileSelectError'; } if (empty($errorMsg)) { if ($publicFileManager->uploadSiteFile('newPlugin', basename($pluginFile))) { // Create random dirname to avoid symlink attacks. $pluginDir = Core::getBaseDir() . DIRECTORY_SEPARATOR . $publicFileManager->getSiteFilesPath() . DIRECTORY_SEPARATOR . $pluginName . substr(md5(mt_rand()), 0, 10); mkdir($pluginDir); } else { $errorMsg = 'manager.plugins.uploadError'; } } if (empty($errorMsg)) { // Test whether the tar binary is available for the export to work $tarBinary = Config::getVar('cli', 'tar'); if (!empty($tarBinary) && file_exists($tarBinary)) { exec($tarBinary . ' -xzf ' . escapeshellarg($pluginFile) . ' -C ' . escapeshellarg($pluginDir)); } else { $errorMsg = 'manager.plugins.tarCommandNotFound'; } } if (empty($errorMsg)) { // We should now find a directory named after the // plug-in within the extracted archive. $pluginDir .= DIRECTORY_SEPARATOR . $pluginName; if (is_dir($pluginDir)) { if ($function == 'install') { $this->installPlugin($pluginDir, $templateMgr); } else { if ($function == 'upgrade') { $this->upgradePlugin($pluginDir, $templateMgr, $category, $plugin); } } $publicFileManager->removeSiteFile(basename($pluginFile)); } else { $errorMsg = 'manager.plugins.invalidPluginArchive'; } } if (!empty($errorMsg)) { $templateMgr->assign('error', true); $templateMgr->assign('message', $errorMsg); } $templateMgr->display('admin/managePlugins.tpl'); }
function uploadArchiveImage() { import('classes.file.PublicFileManager'); $fileManager = new PublicFileManager(); $archive =& $this->archive; $type = $fileManager->getUploadedFileType('archiveImage'); $extension = $fileManager->getImageExtension($type); if (!$extension) { return false; } $uploadName = 'archiveImage-' . (int) $archive->getArchiveId() . $extension; if (!$fileManager->uploadSiteFile('archiveImage', $uploadName)) { return false; } $filePath = $fileManager->getSiteFilesPath(); list($width, $height) = getimagesize($filePath . '/' . $uploadName); if (!Validation::isSiteAdmin() && ($width > 150 || $height > 150 || $width <= 0 || $height <= 0)) { $archiveSetting = null; $archive->updateSetting('archiveImage', $archiveSetting); $fileManager->removeSiteFile($filePath); return false; } $archiveSetting = array('name' => $fileManager->getUploadedFileName('archiveImage'), 'uploadName' => $uploadName, 'width' => $width, 'height' => $height, 'dateUploaded' => Core::getCurrentDate()); $archive->updateSetting('archiveImage', $archiveSetting); return true; }
/** * Uploads custom site logo. */ function uploadPageHeaderTitleImage($locale) { import('classes.file.PublicFileManager'); $publicFileManager = new PublicFileManager(); $site = Request::getSite(); if ($publicFileManager->uploadedFileExists('pageHeaderTitleImage')) { $type = $publicFileManager->getUploadedFileType('pageHeaderTitleImage'); $extension = $publicFileManager->getImageExtension($type); if (!$extension) { return false; } $uploadName = 'pageHeaderTitleImage_' . $locale . $extension; if ($publicFileManager->uploadSiteFile('pageHeaderTitleImage', $uploadName)) { $siteDao = DAORegistry::getDAO('SiteDAO'); $setting = $site->getSetting('pageHeaderTitleImage'); list($width, $height) = getimagesize($publicFileManager->getSiteFilesPath() . '/' . $uploadName); $setting[$locale] = array('originalFilename' => $publicFileManager->getUploadedFileName('pageHeaderTitleImage'), 'width' => $width, 'height' => $height, 'uploadName' => $uploadName, 'dateUploaded' => Core::getCurrentDate()); $site->updateSetting('pageHeaderTitleImage', $setting, 'object', true); } } return true; }
/** * Uploads custom stylesheet. * @param $settingName string setting key associated with the file */ function uploadStyleSheet($settingName) { $site =& Request::getSite(); $settingsDao = DAORegistry::getDAO('SiteSettingsDAO'); import('classes.file.PublicFileManager'); $fileManager = new PublicFileManager(); if ($fileManager->uploadedFileExists($settingName)) { $type = $fileManager->getUploadedFileType($settingName); if ($type != 'text/plain' && $type != 'text/css') { return false; } $uploadName = $settingName . '.css'; if ($fileManager->uploadSiteFile($settingName, $site->getSiteStyleFilename())) { $value = array('name' => $fileManager->getUploadedFileName($settingName), 'uploadName' => $uploadName, 'dateUploaded' => Core::getCurrentDate()); return $settingsDao->updateSetting($settingName, $value, 'object'); } } return false; }
/** * Decompress uploaded plugin and install in the correct plugin directory. * $param function string type of operation to perform after upload ('upgrade' or 'install') */ function uploadPlugin($function) { $templateMgr =& TemplateManager::getManager(); $this->setupTemplate(true); $templateMgr->assign('error', false); $templateMgr->assign('uploaded', false); $templateMgr->assign('path', $function); $templateMgr->assign('pageHierarchy', PluginManagementHandler::setBreadcrumbs(true)); if (Request::getUserVar('uploadPlugin')) { import('file.PublicFileManager'); $publicFileManager = new PublicFileManager(); $pluginFile = $_FILES['newPlugin']['name']; $pluginName = basename($pluginFile, '.tar.gz'); if ($publicFileManager->uploadSiteFile('newPlugin', $pluginFile)) { // tar archive basename must equal plugin directory name, and plugin files must be in root directory $pluginDir = Core::getBaseDir() . DIRECTORY_SEPARATOR . $publicFileManager->getSiteFilesPath(); exec('tar -xzf ' . escapeshellarg($pluginDir . DIRECTORY_SEPARATOR . $pluginFile) . ' -C ' . escapeshellarg($pluginDir)); if ($function == 'install') { PluginManagementHandler::installPlugin($pluginDir . DIRECTORY_SEPARATOR . $pluginName, $templateMgr); } else { if ($function == 'upgrade') { PluginManagementHandler::upgradePlugin($pluginDir . DIRECTORY_SEPARATOR . $pluginName, $templateMgr); } } $publicFileManager->removeSiteFile($pluginFile); } else { $templateMgr->assign('error', true); $templateMgr->assign('message', 'manager.plugins.uploadError'); } } else { if (Request::getUserVar('installPlugin')) { if (Request::getUserVar('pluginUploadLocation') == '') { $templateMgr->assign('error', true); $templateMgr->assign('message', 'manager.plugins.fileSelectError'); } } } $templateMgr->display('admin/managePlugins.tpl'); }