$file = new file(); $file->load($_REQUEST['id']); $file->refresh(); $DB->disconnect(); core_terminate(); } } } } echo false; core_terminate(); } else { if ($_REQUEST['engine'] == 'tinymce') { $DB = new database(); $DB->connect(); $file = file::register_upload($_FILES['file']['tmp_name'], $_FILES['file']['name'], 0, NULL, true); if (!empty($file)) { echo json_encode(array('location' => file::file_url($file->id))); } else { echo json_encode(false); } $DB->disconnect(); core_terminate(); } else { // plUpload engine if ($user->permission("files.upload") == "true") { // Get parameters $chunk = isset($_REQUEST["chunk"]) ? $_REQUEST["chunk"] : 0; $chunks = isset($_REQUEST["chunks"]) ? $_REQUEST["chunks"] : 0; $fileName = isset($_REQUEST["name"]) ? $_REQUEST["name"] : ''; // Clean the fileName for security reasons
function metaWeblog_newMediaObject($args) { global $DB; global $session; $out = array(); list($website_id, $username, $password, $file_struct) = $args; // check auth if (metaWeblog_userAllowed($username, $password, $website_id)) { $file_name_tmp = uniqid('metaweblog-upload-'); file_put_contents(NAVIGATE_PRIVATE . '/' . $website_id . '/files/' . $file_name_tmp, $file_struct['bits']); $file = file::register_upload($file_name_tmp, $file_struct['name'], 0, NULL, false); @unlink(AVIGATE_PRIVATE . '/' . $website_id . '/files/' . $file_name_tmp); // if everything goes fine, file is renamed, so cannot be deleted here $out = array('id' => $file->id, 'file' => $file->name, 'url' => file::file_url($file->id, 'inline'), 'type' => $file->mime); } else { $out = new IXR_Error(401, "User not allowed."); } return $out; }
function run() { global $user; global $layout; global $DB; global $website; $out = ''; $item = new file(); switch ($_REQUEST['act']) { case 1: // json retrieval & operations // json retrieval & operations case "json": if ($_REQUEST['op'] == 'upload') { $tmp_name = $_REQUEST['tmp_name']; if ($tmp_name == "{{BASE64}}") { $tmp_name = base64_encode($_REQUEST['name']); } $file = file::register_upload($tmp_name, $_REQUEST['name'], $_REQUEST['parent']); if (!empty($file)) { echo json_encode(array('id' => $file->id, 'name' => $file->name)); } else { echo json_encode(false); } } switch ($_REQUEST['op']) { case 'create_folder': file::create_folder($_REQUEST['name'], $_REQUEST['mime'], $_REQUEST['parent']); echo json_encode(true); break; case 'edit_folder': $f = new file(); $f->load(intval($_REQUEST['id'])); $f->name = $_REQUEST['name']; $f->mime = $_REQUEST['mime']; $ok = $f->save(); echo json_encode($ok); break; case 'edit_file': $f = new file(); $f->load(intval($_REQUEST['id'])); $f->name = $_REQUEST['name']; $ok = $f->save(); echo json_encode($ok); break; case 'duplicate_file': //error_reporting(~0); //ini_set('display_errors', 1); $status = false; $f = new file(); $f->load(intval($_REQUEST['id'])); $f->id = 0; $f->insert(); if (!empty($f->id)) { $done = copy(NAVIGATE_PRIVATE . '/' . $website->id . '/files/' . intval($_REQUEST['id']), NAVIGATE_PRIVATE . '/' . $website->id . '/files/' . $f->id); $status = "true"; if (!$done) { $f->delete(); $status = t(56, "Unexpected error"); } } echo $status; break; case 'move': if (is_array($_REQUEST['item'])) { $ok = true; for ($i = 0; $i < count($_REQUEST['item']); $i++) { unset($item); $item = new file(); $item->load($_REQUEST['item'][$i]); $item->parent = $_REQUEST['folder']; $ok = $ok & $item->update(); } echo json_encode($ok ? true : false); } else { $item->load($_REQUEST['item']); $item->parent = $_REQUEST['folder']; echo json_encode($item->update()); } break; case 'delete': try { $item->load($_REQUEST['id']); $status = $item->delete(); echo json_encode($status); } catch (Exception $e) { echo $e->getMessage(); } break; case 'permissions': $item->load($_REQUEST['id']); if (!empty($_POST)) { $item->access = intval($_POST['access']); $item->permission = intval($_POST['permission']); $item->enabled = intval($_POST['enabled']); $item->groups = $_POST['groups']; if ($item->access < 3) { $item->groups = array(); } $status = $item->save(); echo json_encode($status); } else { echo json_encode(array('access' => $item->access, 'groups' => $item->groups, 'permission' => $item->permission, 'enabled' => $item->enabled)); } break; case 'description': $item->load($_REQUEST['id']); if (!empty($_POST)) { $item->title = array(); $item->description = array(); foreach ($website->languages as $language) { $lcode = $language['code']; if (!isset($_REQUEST['titles'][$lcode])) { break; } $item->title[$lcode] = $_REQUEST['titles'][$lcode]; $item->description[$lcode] = $_REQUEST['descriptions'][$lcode]; } $status = $item->save(); echo json_encode($status); } else { // return file title and description (alt) $data = array('title' => $item->title, 'description' => $item->description); echo json_encode($data); } break; case 'focalpoint': $item->load($_REQUEST['id']); if (!empty($_POST)) { $item->focalpoint = $_REQUEST['top'] . '#' . $_REQUEST['left']; $status = $item->save(); // remove cached thumbnails file::thumbnails_remove($item->id); echo json_encode($status); } else { if (empty($item->focalpoint)) { $item->focalpoint = '50#50'; $item->save(); // remove cached thumbnails file::thumbnails_remove($item->id); } echo $item->focalpoint; } break; case 'video_info': if ($_REQUEST['provider'] == 'youtube') { $item->load_from_youtube($_REQUEST['reference'], false); // force cache reload } else { if ($_REQUEST['provider'] == 'vimeo') { $item->load_from_vimeo($_REQUEST['reference'], false); // force cache reload } else { if (!empty($_REQUEST['reference']) && is_numeric($_REQUEST['reference'])) { $item->load($_REQUEST['reference']); } else { if (is_numeric($_REQUEST['provider'])) { $item->load($_REQUEST['provider']); } else { unset($item); } } if (!empty($item)) { // add some extra data $item->extra = array('reference' => $item->id, 'link' => '', 'thumbnail' => 'img/icons/ricebowl/mimetypes/video.png', 'thumbnail_big' => 'img/icons/ricebowl/mimetypes/video.png', 'thumbnail_url' => 'img/icons/ricebowl/mimetypes/video.png', 'duration' => '', 'embed_code' => '<video src="' . file::file_url($item->id, 'inline') . '></video>'); } } } if (!empty($item)) { echo json_encode($item); } else { echo false; } break; } session_write_close(); $DB->disconnect(); exit; break; case 2: // show/edit item properties // show/edit item properties case "edit": $item->load($_REQUEST['id']); if (isset($_REQUEST['form-sent'])) { $item->load_from_post(); try { $item->save(); unset($item); $item = new file(); $item->load($_REQUEST['id']); $layout->navigate_notification(t(53, "Data saved successfully."), false, false, 'fa fa-check'); } catch (Exception $e) { $layout->navigate_notification($e->getMessage(), true, true); } } $out = files_item_properties($item); break; case 10: case 'media_browser': files_media_browser($_GET['limit'], $_GET['offset']); break; case 92: // pixlr (image editor) overlay remover // pixlr (image editor) overlay remover case 'pixlr_exit': ob_clean(); file::thumbnails_remove(intval($_GET['id'])); echo ' <html> <head></head> <body> <script language="javascript" type="text/javascript"> //window.parent.eval("$(\'#thumbnail-cache\').attr(\'src\', $(\'#thumbnail-cache\').attr(\'src\') + \'&refresh=\' + new Date().getTime());"); window.parent.eval(\'$("#image-preview").attr("src", $("#image-preview").attr("src") + "&refresh=" + new Date().getTime());\'); window.parent.eval("pixlr.overlay.hide();"); </script> </body> </html> '; core_terminate(); break; /* case 91: // picnik editing ob_clean(); // $strPicnikUrl is the URL that we use to launch Picnik. $strPicnikUrl = "http://www.picnik.com/service"; // $aPicnikParams collects together all the params we'll give Picnik. Start with an API key $aPicnikParams['_apikey'] = $website->picnik_api_key; // tell Picnik where to send the exported image $aPicnikParams['_export'] = NAVIGATE_URL.'/navigate_upload.php?wid='.$website->id.'&engine=picnik&id='.$_REQUEST['id'].'&engine=picnik&session_id='.session_id(); // give the export button a title $aPicnikParams['_export_title'] = t(34, 'Save'); // turn on the close button, and tell it to come back here //$aPicnikParams['_close_target'] = $strRoot; // send in the previous "king" image in case the user feels like decorating it $aPicnikParams['_import'] = NAVIGATE_DOWNLOAD.'?wid='.$website->id.'&id='.$_REQUEST['id'].'&disposition=attachment&sid='.session_id(); // tell Picnik to redirect the user to the following URL after the HTTP POST instead of just redirecting to _export $aPicnikParams['_redirect'] = NAVIGATE_DOWNLOAD.'?wid='.$website->id.'&id='.$_REQUEST['id'].'&disposition=inline&ts='.core_time(); //'javascript: return false;'; // tell Picnik our name. It'll use it in a few places as appropriate $aPicnikParams['_host_name'] = 'Navigate'; // turn off the "Save & Share" tab so users don't get confused $aPicnikParams['_exclude'] = "out"; echo '<html><head></head><body>'; echo '<form id="picnik_form" method="POST" action="'.$strPicnikUrl.'" style=" visibility: hidden; ">'; // put all the API parameters into the form as hidden inputs foreach( $aPicnikParams as $key => $value ) { echo "<input type='hidden' name='$key' value='$value'/>\n"; } //echo "<input type='text' name='address' value='Your Majesty'/>\n"; echo "<input type='submit' value='Picnik'/>\n"; echo "</form>"; echo '<script language="javascript" type="text/javascript"> document.forms[0].submit(); </script>'; echo '</body></html>'; core_terminate(); break; */ /* case 91: // picnik editing ob_clean(); // $strPicnikUrl is the URL that we use to launch Picnik. $strPicnikUrl = "http://www.picnik.com/service"; // $aPicnikParams collects together all the params we'll give Picnik. Start with an API key $aPicnikParams['_apikey'] = $website->picnik_api_key; // tell Picnik where to send the exported image $aPicnikParams['_export'] = NAVIGATE_URL.'/navigate_upload.php?wid='.$website->id.'&engine=picnik&id='.$_REQUEST['id'].'&engine=picnik&session_id='.session_id(); // give the export button a title $aPicnikParams['_export_title'] = t(34, 'Save'); // turn on the close button, and tell it to come back here //$aPicnikParams['_close_target'] = $strRoot; // send in the previous "king" image in case the user feels like decorating it $aPicnikParams['_import'] = NAVIGATE_DOWNLOAD.'?wid='.$website->id.'&id='.$_REQUEST['id'].'&disposition=attachment&sid='.session_id(); // tell Picnik to redirect the user to the following URL after the HTTP POST instead of just redirecting to _export $aPicnikParams['_redirect'] = NAVIGATE_DOWNLOAD.'?wid='.$website->id.'&id='.$_REQUEST['id'].'&disposition=inline&ts='.core_time(); //'javascript: return false;'; // tell Picnik our name. It'll use it in a few places as appropriate $aPicnikParams['_host_name'] = 'Navigate'; // turn off the "Save & Share" tab so users don't get confused $aPicnikParams['_exclude'] = "out"; echo '<html><head></head><body>'; echo '<form id="picnik_form" method="POST" action="'.$strPicnikUrl.'" style=" visibility: hidden; ">'; // put all the API parameters into the form as hidden inputs foreach( $aPicnikParams as $key => $value ) { echo "<input type='hidden' name='$key' value='$value'/>\n"; } //echo "<input type='text' name='address' value='Your Majesty'/>\n"; echo "<input type='submit' value='Picnik'/>\n"; echo "</form>"; echo '<script language="javascript" type="text/javascript"> document.forms[0].submit(); </script>'; echo '</body></html>'; core_terminate(); break; */ case 0: // list / search result // list / search result default: // show requested folder or search $out = files_browser($_REQUEST['parent'], $_REQUEST['navigate-quicksearch']); users_log::action($_REQUEST['fid'], intval($_REQUEST['parent']), 'list', '', json_encode($_REQUEST)); break; } return $out; }