/**
* Clean a path to remove ./, ../, trailing slashes, etc.
*
* This function is an alias to Rhymix\Framework\Filters\FilenameFilter::cleanPath().
*
* @param string $path
* @return string
*/
function clean_path($path)
{
return Rhymix\Framework\Filters\FilenameFilter::cleanPath($path);
}
/**
* Add an attachement
*
* <pre>
* This method call trigger 'file.insertFile'.
*
* Before trigger object contains:
* - module_srl
* - upload_target_srl
*
* After trigger object contains:
* - file_srl
* - upload_target_srl
* - module_srl
* - direct_download
* - source_filename
* - uploaded_filename
* - donwload_count
* - file_size
* - comment
* - member_srl
* - sid
* </pre>
*
* @param object $file_info PHP file information array
* @param int $module_srl Sequence of module to upload file
* @param int $upload_target_srl Sequence of target to upload file
* @param int $download_count Initial download count
* @param bool $manual_insert If set true, pass validation check
* @return Object
*/
function insertFile($file_info, $module_srl, $upload_target_srl, $download_count = 0, $manual_insert = false)
{
// Call a trigger (before)
$trigger_obj = new stdClass();
$trigger_obj->module_srl = $module_srl;
$trigger_obj->upload_target_srl = $upload_target_srl;
$output = ModuleHandler::triggerCall('file.insertFile', 'before', $trigger_obj);
if (!$output->toBool()) {
return $output;
}
// A workaround for Firefox upload bug
if (preg_match('/^=\\?UTF-8\\?B\\?(.+)\\?=$/i', $file_info['name'], $match)) {
$file_info['name'] = base64_decode(strtr($match[1], ':', '/'));
}
if (!$manual_insert) {
// Get the file configurations
$logged_info = Context::get('logged_info');
if ($logged_info->is_admin != 'Y') {
$oFileModel = getModel('file');
$config = $oFileModel->getFileConfig($module_srl);
// check file type
if (isset($config->allowed_filetypes) && $config->allowed_filetypes !== '*.*') {
$filetypes = explode(';', $config->allowed_filetypes);
$ext = array();
foreach ($filetypes as $item) {
$item = explode('.', $item);
$ext[] = strtolower($item[1]);
}
$uploaded_ext = explode('.', $file_info['name']);
$uploaded_ext = strtolower(array_pop($uploaded_ext));
if (!in_array($uploaded_ext, $ext)) {
return $this->stop('msg_not_allowed_filetype');
}
}
$allowed_filesize = $config->allowed_filesize * 1024 * 1024;
$allowed_attach_size = $config->allowed_attach_size * 1024 * 1024;
// An error appears if file size exceeds a limit
if ($allowed_filesize < filesize($file_info['tmp_name'])) {
return new Object(-1, 'msg_exceeds_limit_size');
}
// Get total file size of all attachements (from DB)
$size_args = new stdClass();
$size_args->upload_target_srl = $upload_target_srl;
$output = executeQuery('file.getAttachedFileSize', $size_args);
$attached_size = (int) $output->data->attached_size + filesize($file_info['tmp_name']);
if ($attached_size > $allowed_attach_size) {
return new Object(-1, 'msg_exceeds_limit_size');
}
}
}
// Sanitize filename
$file_info['name'] = Rhymix\Framework\Filters\FilenameFilter::clean($file_info['name']);
// Set upload path by checking if the attachement is an image or other kinds of file
if (preg_match("/\\.(jpe?g|gif|png|wm[va]|mpe?g|avi|swf|flv|mp[1-4]|as[fx]|wav|midi?|moo?v|qt|r[am]{1,2}|m4v)\$/i", $file_info['name'])) {
$path = sprintf("./files/attach/images/%s/%s", $module_srl, getNumberingPath($upload_target_srl, 3));
// special character to '_'
// change to random file name. because window php bug. window php is not recognize unicode character file name - by cherryfilter
$ext = substr(strrchr($file_info['name'], '.'), 1);
//$_filename = preg_replace('/[#$&*?+%"\']/', '_', $file_info['name']);
$_filename = Rhymix\Framework\Security::getRandom(32, 'hex') . '.' . $ext;
$filename = $path . $_filename;
$idx = 1;
while (file_exists($filename)) {
$filename = $path . preg_replace('/\\.([a-z0-9]+)$/i', '_' . $idx . '.$1', $_filename);
$idx++;
}
$direct_download = 'Y';
} else {
$path = sprintf("./files/attach/binaries/%s/%s", $module_srl, getNumberingPath($upload_target_srl, 3));
$filename = $path . Rhymix\Framework\Security::getRandom(32, 'hex');
$direct_download = 'N';
}
// Create a directory
if (!Rhymix\Framework\Storage::isDirectory($path) && !Rhymix\Framework\Storage::createDirectory($path)) {
return new Object(-1, 'msg_not_permitted_create');
}
// Move the file
if ($manual_insert) {
@copy($file_info['tmp_name'], $filename);
if (!file_exists($filename)) {
$filename = $path . Rhymix\Framework\Security::getRandom(32, 'hex') . '.' . $ext;
@copy($file_info['tmp_name'], $filename);
}
} else {
if (!@move_uploaded_file($file_info['tmp_name'], $filename)) {
$filename = $path . Rhymix\Framework\Security::getRandom(32, 'hex') . '.' . $ext;
if (!@move_uploaded_file($file_info['tmp_name'], $filename)) {
return new Object(-1, 'msg_file_upload_error');
}
}
}
// Get member information
$oMemberModel = getModel('member');
$member_srl = $oMemberModel->getLoggedMemberSrl();
// List file information
$args = new stdClass();
$args->file_srl = getNextSequence();
$args->upload_target_srl = $upload_target_srl;
$args->module_srl = $module_srl;
$args->direct_download = $direct_download;
$args->source_filename = $file_info['name'];
$args->uploaded_filename = $filename;
$args->download_count = $download_count;
$args->file_size = @filesize($filename);
$args->comment = NULL;
$args->member_srl = $member_srl;
$args->sid = Rhymix\Framework\Security::getRandom(32, 'hex');
$output = executeQuery('file.insertFile', $args);
if (!$output->toBool()) {
return $output;
}
// Call a trigger (after)
ModuleHandler::triggerCall('file.insertFile', 'after', $args);
$_SESSION['__XE_UPLOADING_FILES_INFO__'][$args->file_srl] = true;
$output->add('file_srl', $args->file_srl);
$output->add('file_size', $args->file_size);
$output->add('sid', $args->sid);
$output->add('direct_download', $args->direct_download);
$output->add('source_filename', $args->source_filename);
$output->add('upload_target_srl', $upload_target_srl);
$output->add('uploaded_filename', $args->uploaded_filename);
return $output;
}
/**
* Get absolute file url
*
* @param string $path Path to get absolute url
* @return string Absolute url
*/
protected function _getAbsFileUrl($path)
{
$path = Rhymix\Framework\Filters\FilenameFilter::cleanPath($path);
if (!strncmp($path, \RX_BASEDIR, strlen(\RX_BASEDIR))) {
$path = \RX_BASEURL . substr($path, strlen(\RX_BASEDIR));
}
return $path;
}