function uploadOriginalFile($field, &$post, $file) { $app = JFactory::getApplication(); $format = JRequest::getVar('format', 'html', '', 'cmd'); $err = null; // Get the component configuration $cparams = JComponentHelper::getParams('com_flexicontent'); $params = clone $cparams; // Merge field parameters into the global parameters $fparams = $field->parameters; $params->merge($fparams); jimport('joomla.utilities.date'); jimport('joomla.filesystem.file'); jimport('joomla.client.helper'); // Set FTP credentials, if given JClientHelper::setCredentialsFromRequest('ftp'); // Make the filename safe $file['name'] = JFile::makeSafe($file['name']); $all_media = $field->parameters->get('list_all_media_files', 0); $unique_thumb_method = $field->parameters->get('unique_thumb_method', 0); $image_source = $field->parameters->get('image_source', 0); // This should be always ZERO inside this function if ($image_source > 1) { global $fc_folder_mode_err; if (empty($fc_folder_mode_err[$field->id])) { echo __FUNCTION__ . "(): folder-mode: " . $image_source . " not implemented please change image-source mode in image/gallery field with id: " . $field->id; $fc_folder_mode_err[$field->id] = 1; $image_source = 1; } } // FLAG to indicate if images are shared across fields, has the effect of adding field id to image thumbnails $multiple_image_usages = !$image_source && $all_media && $unique_thumb_method == 0; $extra_prefix = $multiple_image_usages ? 'fld' . $field->id . '_' : ''; if (isset($file['name']) && $file['name'] != '') { // only handle the secure folder $path = COM_FLEXICONTENT_FILEPATH . DS; //sanitize filename further and make unique $filename = flexicontent_upload::sanitize($path, $file['name']); $filepath = JPath::clean(COM_FLEXICONTENT_FILEPATH . DS . strtolower($filename)); //perform security check according if (!flexicontent_upload::check($file, $err, $params)) { if ($format == 'json') { jimport('joomla.error.log'); $log = JLog::getInstance('com_flexicontent.error.php'); $log->addEntry(array('comment' => 'Invalid: ' . $filepath . ': ' . $err)); header('HTTP/1.0 415 Unsupported Media Type'); die('Error. Unsupported Media Type!'); } else { JError::raiseNotice(100, $field->label . ' : ' . JText::_($err)); return false; } } //get the extension to record it in the DB $ext = strtolower(JFile::getExt($filename)); if (!JFile::upload($file['tmp_name'], $filepath)) { if ($format == 'json') { jimport('joomla.error.log'); $log = JLog::getInstance('com_flexicontent.error.php'); $log->addEntry(array('comment' => 'Cannot upload: ' . $filepath)); header('HTTP/1.0 409 Conflict'); jexit('Error. File already exists'); } else { JError::raiseWarning(100, $field->label . ' : ' . JText::_('Error. Unable to upload file')); return false; } } else { $db = JFactory::getDBO(); $user = JFactory::getUser(); $config = JFactory::getConfig(); $timezone = $config->get('offset'); $date = JFactory::getDate('now'); $date->setTimeZone(new DateTimeZone($timezone)); $obj = new stdClass(); $obj->filename = $filename; $obj->altname = $file['name']; $obj->url = 0; $obj->secure = 1; $obj->ext = $ext; $obj->hits = 0; $obj->uploaded = FLEXI_J16GE ? $date->toSql() : $date->toMySQL(); $obj->uploaded_by = $user->get('id'); if ($format == 'json') { jimport('joomla.error.log'); $log = JLog::getInstance(); $log->addEntry(array('comment' => $filepath)); $db->insertObject('#__flexicontent_files', $obj); jexit('Upload complete'); } else { $db->insertObject('#__flexicontent_files', $obj); $app->enqueueMessage($field->label . ' : ' . JText::_('Upload complete')); $sizes = array('l', 'm', 's', 'b'); foreach ($sizes as $size) { // create the thumbnail $this->create_thumb($field, $filename, $size, $origpath = '', $destpath = '', $copy_original = 0, $extra_prefix); // set the filename for posting $post['originalname'] = $filename; } return true; } } } else { $err = 'File upload failed'; JError::raiseNotice(100, $field->label . ' : ' . JText::_($err)); return false; } }
/** * Upload a file from a server directory * * @since 1.0 */ function addlocal() { // Check for request forgeries JRequest::checkToken('request') or jexit('Invalid Token'); $app = JFactory::getApplication(); $db = JFactory::getDBO(); $user = JFactory::getUser(); $return = JRequest::getVar('return-url', null, 'post', 'base64'); $filesdir = JRequest::getVar('file-dir-path', '', 'post'); $regexp = JRequest::getVar('file-filter-re', '.', 'post'); $secure = JRequest::getInt('secure', 1, 'post'); $secure = $secure ? 1 : 0; $keep = JRequest::getInt('keep', 1, 'post'); $params = JComponentHelper::getParams('com_flexicontent'); $destpath = $secure ? COM_FLEXICONTENT_FILEPATH . DS : COM_FLEXICONTENT_MEDIAPATH . DS; $filedesc = JRequest::getVar('file-desc', ''); $filelang = JRequest::getVar('file-lang', ''); // allowed extensions $filterext = JRequest::getVar('file-filter-ext', '', 'post'); $filterext = $filterext ? explode(',', $filterext) : array(); foreach ($filterext as $_i => $_ext) { $filterext[$_i] = strtolower($_ext); } $confext = preg_split("/[\\s]*,[\\s]*/", strtolower($params->get('upload_extensions', 'bmp,csv,doc,gif,ico,jpg,jpeg,odg,odp,ods,odt,pdf,png,ppt,swf,txt,xcf,xls,zip,ics'))); // (optionally) Limit COMPONENT configured extensions, to those extensions requested by the FORM/URL variable $allowed = $filterext ? array_intersect($filterext, $confext) : $confext; jimport('joomla.utilities.date'); jimport('joomla.filesystem.file'); jimport('joomla.filesystem.folder'); $filesdir = JPath::clean(JPATH_SITE . $filesdir . DS); $filenames = JFolder::files($filesdir, $regexp); // create the folder if it doesnt exists if (!JFolder::exists($destpath)) { if (!JFolder::create($destpath)) { JError::raiseWarning(100, JText::_('Error. Unable to create folders')); return; } } // check if the form fields are not empty if (!$filesdir) { JError::raiseNotice(1, JText::_('FLEXI_WARN_NO_FILE_DIR')); if (!$return) { return; } // REDIRECT only if this was requested $app->redirect(base64_decode($return) . "&" . (FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken()) . "=1"); } $c = 0; $file_ids = array(); if ($filenames) { for ($n = 0; $n < count($filenames); $n++) { $ext = strtolower(JFile::getExt($filesdir . $filenames[$n])); if (!in_array($ext, $allowed)) { continue; } $source = $filesdir . $filenames[$n]; $filename = flexicontent_upload::sanitize($destpath, $filenames[$n]); $destination = $destpath . $filename; // Copy or move the file $success = $keep ? JFile::copy($source, $destination) : JFile::move($source, $destination); if ($success) { $filesize = filesize($destination); $obj = new stdClass(); $obj->filename = $filename; $obj->altname = $filename; $obj->url = 0; $obj->secure = $secure; $obj->ext = $ext; $obj->description = $filedesc; $obj->language = $filelang ? $filelang : '*'; $obj->hits = 0; $obj->size = $filesize; $obj->uploaded = JFactory::getDate('now')->toSql(); $obj->uploaded_by = $user->get('id'); // Add the record to the DB $db->insertObject('#__flexicontent_files', $obj); $file_ids[$filename] = $db->insertid(); $c++; } } $app->enqueueMessage(JText::sprintf('FLEXI_FILES_COPIED_SUCCESS', $c)); } else { JError::raiseNotice(1, JText::_('FLEXI_WARN_NO_FILES_IN_DIR')); if (!$return) { return; } // REDIRECT only if this was requested $app->redirect(base64_decode($return) . "&" . (FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken()) . "=1"); } if (!$return) { return $file_ids; } // REDIRECT only if this was requested $app->redirect(base64_decode($return) . "&" . (FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken()) . "=1"); }