/** * New folder * @param string $dir The base dir * @param string $new_dir The folder to be created * @return string $error on failure */ public function folderNew() { if ($this->checkFeature('create', 'folder') === false) { JError::raiseError(403, 'Access to this resource is restricted'); } $args = func_get_args(); $dir = array_shift($args); $new = array_shift($args); // decode $dir = rawurldecode($dir); $new = rawurldecode($new); $filesystem = $this->getFileSystem(); $name = WFUtility::makeSafe($new, $this->get('websafe_mode'), $this->get('websafe_spaces'), $this->get('websafe_textcase')); // check for extension in destination name if (WFUtility::validateFileName($name) === false) { JError::raiseError(403, 'INVALID FOLDER NAME'); } $result = $filesystem->createFolder($dir, $name, $args); if ($result instanceof WFFileSystemResult) { if (!$result->state) { if ($result->message) { $this->setResult($result->message, 'error'); } else { $this->setResult(JText::sprintf('WF_MANAGER_NEW_FOLDER_ERROR', basename($new)), 'error'); } } else { $this->setResult($this->fireEvent('onFolderNew', array($new))); } } return $this->getResult(); }
/** * Return the full user directory path. Create if required * * @param string The base path * @access public * @return Full path to folder */ public function getRootDir() { static $root; if (!isset($root)) { $user = JFactory::getUser(); $wf = WFEditor::getInstance(); $profile = $wf->getProfile(); // Get base directory as shared parameter $root = $this->get('dir', ''); // Remove whitespace $root = trim($root); if (!empty($root)) { // Convert slashes / Strip double slashes $root = preg_replace('/[\\\\]+/', '/', $root); // Remove first leading slash $root = ltrim($root, '/'); // Force default directory if base param starts with a variable or a . eg $id if (preg_match('/[\\.\\$]/', $root[0])) { $root = 'images'; } jimport('joomla.user.helper'); // Joomla! 1.6+ if (method_exists('JUserHelper', 'getUserGroups')) { $groups = JUserHelper::getUserGroups($user->id); // get the first group $group_id = array_shift(array_keys($groups)); // Joomla! 2.5? if (is_int($group_id)) { // usergroup table $group = JTable::getInstance('Usergroup'); $group->load($group_id); // usertype $usertype = $group->title; } else { $usertype = $group_id; } } else { $usertype = $user->usertype; } // Replace any path variables $pattern = array('/\\$id/', '/\\$username/', '/\\$user(group|type)/', '/\\$(group|profile)/', '/\\$day/', '/\\$month/', '/\\$year/'); $replace = array($user->id, $user->username, $usertype, $profile->name, date('d'), date('m'), date('Y')); $root = preg_replace($pattern, $replace, $root); // split into path parts to preserve / $parts = explode('/', $root); $textcase = $wf->getParam('editor.websafe_textcase'); if (!empty($textcase)) { $textcase = array_shift($textcase); } // clean path parts $parts = WFUtility::makeSafe($parts, $wf->getParam('editor.websafe_mode', 'utf-8'), $wf->getParam('editor.websafe_allow_spaces', 0), $textcase); //join path parts $root = implode('/', $parts); } } return $root; }
/** * Upload a file. * @return array $error on failure or uploaded file name on success */ function upload() { // Check for request forgeries WFToken::checkToken() or die; // check for feature access if (!$this->checkFeature('upload')) { JError::raiseError(403, 'RESTRICTED ACCESS'); } $wf = WFEditor::getInstance(); jimport('joomla.filesystem.file'); // HTTP headers for no cache etc //header('Content-type: text/plain; charset=UTF-8'); header("Expires: Wed, 4 Apr 1984 13:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M_Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); // get uploaded file $file = JRequest::getVar('file', '', 'files', 'array'); // get file name $name = JRequest::getVar('name', $file['name']); $ext = WFUtility::getExtension($name); // check for extension in file name if (preg_match('#\\.(php|php(3|4|5)|phtml|pl|py|jsp|asp|htm|shtml|sh|cgi)#i', basename($name, '.' . $ext))) { JError::raiseError(403, 'INVALID FILE NAME'); } // get chunks $chunk = JRequest::getInt('chunk', 0); $chunks = JRequest::getInt('chunks', 1); // create a filesystem result object $result = new WFFileSystemResult(); $filesystem = $this->getFileSystem(); $complete = false; $contentType = JRequest::getVar('CONTENT_TYPE', '', 'SERVER'); // Only multipart uploading is supported for now if ($contentType && strpos($contentType, "multipart") !== false) { if (isset($file['tmp_name']) && is_uploaded_file($file['tmp_name'])) { // validate file before continuing (first chunk only) if ($chunk == 0 && $wf->getParam('validate_mimetype', 0) && !preg_match('#(htm|html|txt)#', $ext)) { $this->validateUploadedFile($file); } // make file name 'web safe' $name = WFUtility::makeSafe($name); // get current dir $dir = JRequest::getVar('upload-dir', ''); // check destination path WFUtility::checkPath($dir); // Normal upload if ($chunks == 1) { $result = $filesystem->upload('multipart', trim($file['tmp_name']), $dir, $name); if (!$result->state) { $result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR'); $result->code = 103; } $complete = true; // Chunk uploading } else { $result = $filesystem->upload('multipart-chunking', trim($file['tmp_name']), $dir, $name, $chunks, $chunk); if (!$result->state) { $result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR'); $result->code = 103; } $complete = $chunk == $chunks - 1; } } } else { $result->state = false; $result->code = 103; $result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR'); $complete = true; } // upload finished if ($complete) { if (is_a($result, 'WFFileSystemResult')) { if ($result->state === true) { $this->setResult($this->fireEvent('onUpload', array($result->path))); $this->setResult(basename($result->path), 'files'); } } die(json_encode($this->getResult())); } }
/** * New folder * @param string $dir The base dir * @param string $new_dir The folder to be created * @return string $error on failure */ public function folderNew() { if (!$this->checkFeature('create', 'folder')) { JError::raiseError(403, 'RESTRICTED ACCESS'); } $args = func_get_args(); $dir = array_shift($args); $new = array_shift($args); // decode $dir = rawurldecode($dir); $new = rawurldecode($new); $filesystem = $this->getFileSystem(); $result = $filesystem->createFolder($dir, WFUtility::makeSafe($new, $this->get('websafe_mode')), $args); if ($result instanceof WFFileSystemResult) { if (!$result->state) { if ($result->message) { $this->setResult($result->message, 'error'); } else { $this->setResult(JText::sprintf('WF_MANAGER_NEW_FOLDER_ERROR', basename($new)), 'error'); } } else { $this->setResult($this->fireEvent('onFolderNew', array($new))); } } return $this->getResult(); }
function upload($method, $src, $dir, $name, $chunks = 1, $chunk = 0) { jimport('joomla.filesystem.file'); $path = WFUtility::makePath($this->getBaseDir(), rawurldecode($dir)); $dest = WFUtility::makePath($path, WFUtility::makeSafe($name)); // check for safe mode $safe_mode = false; if (function_exists('ini_get')) { $safe_mode = ini_get('safe_mode'); } else { $safe_mode = true; } $result = new WFFileSystemResult(); // get overwrite state $conflict = $this->get('upload_conflict', 'overwrite'); // get suffix $suffix = WFFileBrowser::getFileSuffix(); switch ($method) { case 'multipart': if ($conflict == 'unique') { // get extension $extension = JFile::getExt($name); // get name without extension $name = JFile::stripExt($name); while (JFile::exists($dest)) { $name .= $suffix; $dest = WFUtility::makePath($path, WFUtility::makeSafe($name . '.' . $extension)); } } if (JFile::upload($src, $dest)) { $result->state = true; $result->path = $dest; } break; case 'multipart-chunking': if ($safe_mode || !is_writable(dirname($dest))) { $result->message = WFText::_('WF_MANAGER_UPLOAD_NOSUPPORT'); $result->code = 103; } else { if ($chunk == 0 && $overwrite) { // get extension $extension = JFile::getExt($name); // get name without extension $name = JFile::stripExt($name); // make unique file name while (JFile::exists($dest)) { $name .= $suffix; $dest = WFUtility::makePath($path, WFUtility::makeSafe($name . '.' . $extension)); } } $out = fopen($dest, $chunk == 0 ? "wb" : "ab"); if ($out) { // Read binary input stream and append it to temp file $in = fopen($src, "rb"); if ($in) { while ($buff = fread($in, 4096)) { fwrite($out, $buff); } fclose($in); fclose($out); @unlink($src); $result->state = true; if ($chunk == $chunks - 1) { if (is_file($dest)) { $result->path = $dest; } } } else { $result->code = 102; $result->message = 'UPLOAD_INPUT_STREAM_ERROR'; } } else { $result->code = 102; $result->message = 'UPLOAD_OUTPUT_STREAM_ERROR'; } } break; case 'stream': if ($safe_mode || !is_writable(dirname($dest))) { $result->message = WFText::_('WF_MANAGER_UPLOAD_NOSUPPORT'); } else { // Open destination file $out = fopen($dest, $chunk == 0 ? "wb" : "ab"); if ($out) { // Read binary input stream and append it to temp file $in = fopen("php://input", "rb"); if ($in) { while ($buff = fread($in, 4096)) { fwrite($out, $buff); } if (fclose($out) && is_file($dest)) { $result->state = true; $result->path = $dest; } } } } break; } return $result; }