/**
  * Check input, strip slashes etc. set alert, if input is not ok.
  *
  * @return	boolean		Input ok, true/false
  */
 function checkInput()
 {
     global $lng;
     include_once "./Services/AdvancedEditing/classes/class.ilObjAdvancedEditing.php";
     if (is_array($_POST[$this->getPostVar()])) {
         $_POST[$this->getPostVar()] = ilUtil::stripSlashesRecursive($_POST[$this->getPostVar()], true, ilObjAdvancedEditing::_getUsedHTMLTagsAsString("assessment"));
     }
     $foundvalues = $_POST[$this->getPostVar()];
     if (is_array($foundvalues)) {
         // check answers
         if (is_array($foundvalues['answer'])) {
             foreach ($foundvalues['answer'] as $aidx => $answervalue) {
                 if (strlen($answervalue) == 0 && strlen($foundvalues['imagename'][$aidx]) == 0) {
                     $this->setAlert($lng->txt("msg_input_is_required"));
                     return FALSE;
                 }
             }
         }
         if (!$this->hideImages) {
             if (is_array($_FILES[$this->getPostVar()]['error']['image'])) {
                 foreach ($_FILES[$this->getPostVar()]['error']['image'] as $index => $error) {
                     // error handling
                     if ($error > 0) {
                         switch ($error) {
                             case UPLOAD_ERR_INI_SIZE:
                                 $this->setAlert($lng->txt("form_msg_file_size_exceeds"));
                                 return false;
                                 break;
                             case UPLOAD_ERR_FORM_SIZE:
                                 $this->setAlert($lng->txt("form_msg_file_size_exceeds"));
                                 return false;
                                 break;
                             case UPLOAD_ERR_PARTIAL:
                                 $this->setAlert($lng->txt("form_msg_file_partially_uploaded"));
                                 return false;
                                 break;
                             case UPLOAD_ERR_NO_FILE:
                                 if ($this->getRequired()) {
                                     if (!strlen($foundvalues['imagename'][$index]) && !strlen($foundvalues['answer'][$index])) {
                                         $this->setAlert($lng->txt("form_msg_file_no_upload"));
                                         return false;
                                     }
                                 }
                                 break;
                             case UPLOAD_ERR_NO_TMP_DIR:
                                 $this->setAlert($lng->txt("form_msg_file_missing_tmp_dir"));
                                 return false;
                                 break;
                             case UPLOAD_ERR_CANT_WRITE:
                                 $this->setAlert($lng->txt("form_msg_file_cannot_write_to_disk"));
                                 return false;
                                 break;
                             case UPLOAD_ERR_EXTENSION:
                                 $this->setAlert($lng->txt("form_msg_file_upload_stopped_ext"));
                                 return false;
                                 break;
                         }
                     }
                 }
             }
             if (is_array($_FILES[$this->getPostVar()]['tmp_name']['image'])) {
                 foreach ($_FILES[$this->getPostVar()]['tmp_name']['image'] as $index => $tmpname) {
                     $filename = $_FILES[$this->getPostVar()]['name']['image'][$index];
                     $filename_arr = pathinfo($filename);
                     $suffix = $filename_arr["extension"];
                     // check suffixes
                     if (strlen($tmpname) && is_array($this->getSuffixes())) {
                         $vir = ilUtil::virusHandling($tmpname, $filename);
                         if ($vir[0] == false) {
                             $this->setAlert($lng->txt("form_msg_file_virus_found") . "<br />" . $vir[1]);
                             return false;
                         }
                         if (!in_array(strtolower($suffix), $this->getSuffixes())) {
                             $this->setAlert($lng->txt("form_msg_file_wrong_file_type"));
                             return false;
                         }
                     }
                 }
             }
         }
     }
     return $this->checkSubItemsInput();
 }
 /**
  * Check input, strip slashes etc. set alert, if input is not ok.
  *
  * @return	boolean		Input ok, true/false
  */
 function checkInput()
 {
     global $lng;
     $pictures = $_FILES[$this->getPostVar()];
     $uploadcheck = true;
     if (is_array($pictures)) {
         foreach ($pictures['name'] as $index => $name) {
             // remove trailing '/'
             while (substr($name, -1) == '/') {
                 $name = substr($name, 0, -1);
             }
             $filename = $name;
             $filename_arr = pathinfo($name);
             $suffix = $filename_arr["extension"];
             $mimetype = $pictures["type"][$index];
             $size_bytes = $pictures["size"][$index];
             $temp_name = $pictures["tmp_name"][$index];
             $error = $pictures["error"][$index];
             // error handling
             if ($error > 0) {
                 switch ($error) {
                     case UPLOAD_ERR_INI_SIZE:
                         $this->setAlert($lng->txt("form_msg_file_size_exceeds"));
                         $uploadcheck = false;
                         break;
                     case UPLOAD_ERR_FORM_SIZE:
                         $this->setAlert($lng->txt("form_msg_file_size_exceeds"));
                         $uploadcheck = false;
                         break;
                     case UPLOAD_ERR_PARTIAL:
                         $this->setAlert($lng->txt("form_msg_file_partially_uploaded"));
                         $uploadcheck = false;
                         break;
                     case UPLOAD_ERR_NO_FILE:
                         if ($this->getRequired()) {
                             $filename = $this->filenames[$index];
                             if (!strlen($filename)) {
                                 $this->setAlert($lng->txt("form_msg_file_no_upload"));
                                 $uploadcheck = false;
                             }
                         }
                         break;
                     case UPLOAD_ERR_NO_TMP_DIR:
                         $this->setAlert($lng->txt("form_msg_file_missing_tmp_dir"));
                         $uploadcheck = false;
                         break;
                     case UPLOAD_ERR_CANT_WRITE:
                         $this->setAlert($lng->txt("form_msg_file_cannot_write_to_disk"));
                         $uploadcheck = false;
                         break;
                     case UPLOAD_ERR_EXTENSION:
                         $this->setAlert($lng->txt("form_msg_file_upload_stopped_ext"));
                         $uploadcheck = false;
                         break;
                 }
             }
             // check suffixes
             if ($pictures["tmp_name"][$index] != "" && is_array($this->getSuffixes())) {
                 if (!in_array(strtolower($suffix), $this->getSuffixes())) {
                     $this->setAlert($lng->txt("form_msg_file_wrong_file_type"));
                     $uploadcheck = false;
                 }
             }
             // virus handling
             if ($pictures["tmp_name"][$index] != "") {
                 $vir = ilUtil::virusHandling($temp_name, $filename);
                 if ($vir[0] == false) {
                     $this->setAlert($lng->txt("form_msg_file_virus_found") . "<br />" . $vir[1]);
                     $uploadcheck = false;
                 }
             }
         }
     }
     if (!$uploadcheck) {
         return FALSE;
     }
     return $this->checkSubItemsInput();
 }
 /**
  * Check input, strip slashes etc. set alert, if input is not ok.
  *
  * @return	boolean		Input ok, true/false
  */
 function checkInput()
 {
     global $lng;
     // remove trailing '/'
     while (substr($_FILES[$this->getPostVar()]["name"], -1) == '/') {
         $_FILES[$this->getPostVar()]["name"] = substr($_FILES[$this->getPostVar()]["name"], 0, -1);
     }
     $filename = $_FILES[$this->getPostVar()]["name"];
     $filename_arr = pathinfo($_FILES[$this->getPostVar()]["name"]);
     $suffix = $filename_arr["extension"];
     $mimetype = $_FILES[$this->getPostVar()]["type"];
     $size_bytes = $_FILES[$this->getPostVar()]["size"];
     $temp_name = $_FILES[$this->getPostVar()]["tmp_name"];
     $error = $_FILES[$this->getPostVar()]["error"];
     // error handling
     if ($error > 0) {
         switch ($error) {
             case UPLOAD_ERR_INI_SIZE:
                 $this->setAlert($lng->txt("form_msg_file_size_exceeds"));
                 return false;
                 break;
             case UPLOAD_ERR_FORM_SIZE:
                 $this->setAlert($lng->txt("form_msg_file_size_exceeds"));
                 return false;
                 break;
             case UPLOAD_ERR_PARTIAL:
                 $this->setAlert($lng->txt("form_msg_file_partially_uploaded"));
                 return false;
                 break;
             case UPLOAD_ERR_NO_FILE:
                 if ($this->getRequired()) {
                     if (!strlen($this->getValue())) {
                         $this->setAlert($lng->txt("form_msg_file_no_upload"));
                         return false;
                     }
                 }
                 break;
             case UPLOAD_ERR_NO_TMP_DIR:
                 $this->setAlert($lng->txt("form_msg_file_missing_tmp_dir"));
                 return false;
                 break;
             case UPLOAD_ERR_CANT_WRITE:
                 $this->setAlert($lng->txt("form_msg_file_cannot_write_to_disk"));
                 return false;
                 break;
             case UPLOAD_ERR_EXTENSION:
                 $this->setAlert($lng->txt("form_msg_file_upload_stopped_ext"));
                 return false;
                 break;
         }
     }
     // check suffixes
     if ($_FILES[$this->getPostVar()]["tmp_name"] != "" && is_array($this->getSuffixes())) {
         if (!in_array(strtolower($suffix), $this->getSuffixes())) {
             $this->setAlert($lng->txt("form_msg_file_wrong_file_type"));
             return false;
         }
     }
     // virus handling
     if ($_FILES[$this->getPostVar()]["tmp_name"] != "") {
         $vir = ilUtil::virusHandling($temp_name, $filename);
         if ($vir[0] == false) {
             $this->setAlert($lng->txt("form_msg_file_virus_found") . "<br />" . $vir[1]);
             return false;
         }
     }
     if (is_array($_POST[$this->getPostVar()])) {
         if ($this->getRequired() && strlen($_POST[$this->getPostVar()]['width']) == 0 || $this->getRequired() && strlen($_POST[$this->getPostVar()]['height']) == 0) {
             $this->setAlert($lng->txt("msg_input_is_required"));
             return false;
         }
         if (is_array($_POST[$this->getPostVar()]['flash_param_name'])) {
             foreach ($_POST[$this->getPostVar()]['flash_param_name'] as $idx => $val) {
                 if (strlen($val) == 0 || strlen($_POST[$this->getPostVar()]['flash_param_value'][$idx]) == 0) {
                     $this->setAlert($lng->txt("msg_input_is_required"));
                     return false;
                 }
             }
         }
     }
     return true;
 }
 /**
  * Check input, strip slashes etc. set alert, if input is not ok.
  *
  * @return	boolean		Input ok, true/false
  */
 function checkInput()
 {
     global $lng;
     if (is_array($_POST[$this->getPostVar()])) {
         $_POST[$this->getPostVar()] = ilUtil::stripSlashesRecursive($_POST[$this->getPostVar()]);
     }
     if (is_array($_FILES[$this->getPostVar()]['error']['image'])) {
         foreach ($_FILES[$this->getPostVar()]['error']['image'] as $index => $error) {
             // error handling
             if ($error > 0) {
                 switch ($error) {
                     case UPLOAD_ERR_INI_SIZE:
                         $this->setAlert($lng->txt("form_msg_file_size_exceeds"));
                         return false;
                         break;
                     case UPLOAD_ERR_FORM_SIZE:
                         $this->setAlert($lng->txt("form_msg_file_size_exceeds"));
                         return false;
                         break;
                     case UPLOAD_ERR_PARTIAL:
                         $this->setAlert($lng->txt("form_msg_file_partially_uploaded"));
                         return false;
                         break;
                     case UPLOAD_ERR_NO_FILE:
                         if ($this->getRequired()) {
                             if (!strlen($_POST[$this->getPostVar()]['imagename'][$index])) {
                                 $this->setAlert($lng->txt("form_msg_file_no_upload"));
                                 return false;
                             }
                         }
                         break;
                     case UPLOAD_ERR_NO_TMP_DIR:
                         $this->setAlert($lng->txt("form_msg_file_missing_tmp_dir"));
                         return false;
                         break;
                     case UPLOAD_ERR_CANT_WRITE:
                         $this->setAlert($lng->txt("form_msg_file_cannot_write_to_disk"));
                         return false;
                         break;
                     case UPLOAD_ERR_EXTENSION:
                         $this->setAlert($lng->txt("form_msg_file_upload_stopped_ext"));
                         return false;
                         break;
                 }
             }
         }
     } else {
         if ($this->getRequired()) {
             $this->setAlert($lng->txt("form_msg_file_no_upload"));
             return false;
         }
     }
     if (is_array($_FILES[$this->getPostVar()]['tmp_name']['image'])) {
         foreach ($_FILES[$this->getPostVar()]['tmp_name']['image'] as $index => $tmpname) {
             $filename = $_FILES[$this->getPostVar()]['name']['image'][$index];
             $filename_arr = pathinfo($filename);
             $suffix = $filename_arr["extension"];
             $mimetype = $_FILES[$this->getPostVar()]['type']['image'][$index];
             $size_bytes = $_FILES[$this->getPostVar()]['size']['image'][$index];
             // check suffixes
             if (strlen($tmpname) && is_array($this->getSuffixes())) {
                 if (!in_array(strtolower($suffix), $this->getSuffixes())) {
                     $this->setAlert($lng->txt("form_msg_file_wrong_file_type"));
                     return false;
                 }
             }
         }
     }
     if (is_array($_FILES[$this->getPostVar()]['tmp_name']['image'])) {
         foreach ($_FILES[$this->getPostVar()]['tmp_name']['image'] as $index => $tmpname) {
             $filename = $_FILES[$this->getPostVar()]['name']['image'][$index];
             $filename_arr = pathinfo($filename);
             $suffix = $filename_arr["extension"];
             $mimetype = $_FILES[$this->getPostVar()]['type']['image'][$index];
             $size_bytes = $_FILES[$this->getPostVar()]['size']['image'][$index];
             // virus handling
             if (strlen($tmpname)) {
                 $vir = ilUtil::virusHandling($tmpname, $filename);
                 if ($vir[0] == false) {
                     $this->setAlert($lng->txt("form_msg_file_virus_found") . "<br />" . $vir[1]);
                     return false;
                 }
             }
         }
     }
     return $this->checkSubItemsInput();
 }
예제 #5
0
         $errors->fields[] = array('name' => 'img_file', 'message' => $lng->txt("form_msg_file_upload_stopped_ext"));
         break;
 }
 // check suffixes
 if (!$errors->fields && !$errors->general) {
     $finfo = pathinfo($_FILES['img_file']['name']);
     require_once 'Services/Utilities/classes/class.ilMimeTypeUtil.php';
     $mime_type = ilMimeTypeUtil::getMimeType($_FILES['img_file']['tmp_name'], $_FILES['img_file']['name'], $_FILES['img_file']['type']);
     if (!in_array(strtolower($finfo['extension']), $tinyMCE_valid_imgs) || !in_array($mime_type, array('image/gif', 'image/jpeg', 'image/png'))) {
         $errors->fields[] = array('name' => 'img_file', 'message' => $lng->txt("form_msg_file_wrong_file_type"));
     }
 }
 // virus handling
 if (!$errors->fields && !$errors->general) {
     if ($_FILES['img_file']["tmp_name"] != "") {
         $vir = ilUtil::virusHandling($_FILES['img_file']["tmp_name"], $_FILES['img_file']["name"]);
         if ($vir[0] == false) {
             $errors->fields[] = array('name' => 'img_file', 'message' => $lng->txt("form_msg_file_virus_found") . "<br />" . $vir[1]);
         }
     }
 }
 if (!$errors->fields && !$errors->general) {
     include_once 'webservice/soap/include/inc.soap_functions.php';
     $safefilename = preg_replace('/[^a-zA-z0-9_\\.]/', '', $_FILES['img_file']['name']);
     $media_object = ilSoapFunctions::saveTempFileAsMediaObject(session_id() . '::' . CLIENT_ID, $safefilename, $_FILES['img_file']['tmp_name']);
     if (file_exists($iliasAbsolutePath . $iliasMobPath . 'mm_' . $media_object->getId() . '/' . $media_object->getTitle())) {
         // only save usage if the file was uploaded
         $media_object->_saveUsage($media_object->getId(), $_GET['obj_type'] . ':html', (int) $_GET['obj_id']);
         // Append file to array of existings mobs of this context (obj_type and obj_id)
         $mobs[$media_object->getId()] = $media_object->getId();
         $uploadedFile = $media_object->getId();
예제 #6
0
 /**
  * Check file upload
  *
  * @return	boolean Input ok, true/false
  */
 function checkUpload()
 {
     $this->lng->loadLanguageModule("form");
     // remove trailing '/'
     while (substr($_FILES["upload"]["name"], -1) == '/') {
         $_FILES["upload"]["name"] = substr($_FILES["upload"]["name"], 0, -1);
     }
     $filename = $_FILES["upload"]["name"];
     $filename_arr = pathinfo($_FILES["upload"]["name"]);
     $suffix = $filename_arr["extension"];
     $mimetype = $_FILES["upload"]["type"];
     $size_bytes = $_FILES["upload"]["size"];
     $temp_name = $_FILES["upload"]["tmp_name"];
     $error = $_FILES["upload"]["error"];
     if ($size_bytes > $this->getMaxFilesizeInBytes()) {
         ilUtil::sendFailure($this->lng->txt("form_msg_file_size_exceeds"), true);
         return false;
     }
     // error handling
     if ($error > 0) {
         switch ($error) {
             case UPLOAD_ERR_INI_SIZE:
                 ilUtil::sendFailure($this->lng->txt("form_msg_file_size_exceeds"), true);
                 return false;
                 break;
             case UPLOAD_ERR_FORM_SIZE:
                 ilUtil::sendFailure($this->lng->txt("form_msg_file_size_exceeds"), true);
                 return false;
                 break;
             case UPLOAD_ERR_PARTIAL:
                 ilUtil::sendFailure($this->lng->txt("form_msg_file_partially_uploaded"), true);
                 return false;
                 break;
             case UPLOAD_ERR_NO_FILE:
                 ilUtil::sendFailure($this->lng->txt("form_msg_file_no_upload"), true);
                 return false;
                 break;
             case UPLOAD_ERR_NO_TMP_DIR:
                 ilUtil::sendFailure($this->lng->txt("form_msg_file_missing_tmp_dir"), true);
                 return false;
                 break;
             case UPLOAD_ERR_CANT_WRITE:
                 ilUtil::sendFailure($this->lng->txt("form_msg_file_cannot_write_to_disk"), true);
                 return false;
                 break;
             case UPLOAD_ERR_EXTENSION:
                 ilUtil::sendFailure($this->lng->txt("form_msg_file_upload_stopped_ext"), true);
                 return false;
                 break;
         }
     }
     // check suffixes
     if (strlen($suffix) && count($this->getAllowedExtensionsArray())) {
         if (!in_array(strtolower($suffix), $this->getAllowedExtensionsArray())) {
             ilUtil::sendFailure($this->lng->txt("form_msg_file_wrong_file_type"), true);
             return false;
         }
     }
     // virus handling
     if (strlen($temp_name)) {
         $vir = ilUtil::virusHandling($temp_name, $filename);
         if ($vir[0] == false) {
             ilUtil::sendFailure($this->lng->txt("form_msg_file_virus_found") . "<br />" . $vir[1], true);
             return false;
         }
     }
     return true;
 }
예제 #7
0
 /**
  * PUTfinished handler
  *
  * @param  array  parameter passing array
  * @return bool   true on success
  */
 public function PUTfinished(&$options)
 {
     $this->writelog('PUTfinished(' . var_export($options, true) . ')');
     if ($this->putObjDAV->getResourceType() == "") {
         $vir = ilUtil::virusHandling($this->putObjDAV->obj->getDirectory($this->putObjDAV->obj->version) . '/' . $this->putObjDAV->obj->filename, $this->putObjDAV->obj->filename);
         if ($vir[0] == false) {
             $this->writelog('PUTfinished Virus found: ' . $vir[1]);
             //delete file
             ilDAVServer::DELETE($options);
             return false;
         }
     }
     // Update the content length in the file object, if the
     // the client did not specify a content_length
     if ($options['content_length'] == null) {
         $objDAV = $this->putObjDAV;
         $objDAV->setContentLength($objDAV->getContentOutputStreamLength());
         $objDAV->write();
         $this->putObjDAV = null;
     }
     return true;
 }
 /**
  * store content as file in filesystem
  * @param   $filename Filename
  * @param   $content base64 decoded content
  * @access	public
  * @return bool
  */
 function storeContentAsFile($filename, $content, $secure_filename = false)
 {
     // TODO:
     // CHECK UPLOAD LIMIT
     //
     if ($secure_filename) {
         // replace whitespaces with underscores
         $filename = preg_replace("/\\s/", "_", $filename);
         // remove all special characters
         $filename = preg_replace("/[^_a-zA-Z0-9\\.]/", "", $filename);
     }
     if (count($content) > 0) {
         // CHECK IF FILE WITH SAME NAME EXISTS
         $filename = $this->getAbsolutePath($filename);
         $this->__rotateFiles($filename);
         file_put_contents($filename, $content);
         // check for virus
         $vir = ilUtil::virusHandling($filename);
         if (!$vir[0] || $vir[1] != "") {
             unlink($filename);
             return false;
         }
         return true;
     }
     return false;
 }
예제 #9
0
 /**
  * move uploaded file
  * 
  * @static
  * 
  */
 public static function moveUploadedFile($a_file, $a_name, $a_target, $a_raise_errors = true, $a_mode = "move_uploaded")
 {
     global $lng, $ilias;
     //echo "<br>ilUtli::moveuploadedFile($a_name)";
     if (!is_file($a_file)) {
         if ($a_raise_errors) {
             $ilias->raiseError($lng->txt("upload_error_file_not_found"), $ilias->error_obj->MESSAGE);
         } else {
             ilUtil::sendFailure($lng->txt("upload_error_file_not_found"), true);
         }
         return false;
     }
     // virus handling
     $vir = ilUtil::virusHandling($a_file, $a_name);
     if (!$vir[0]) {
         unlink($a_file);
         if ($a_raise_errors) {
             $ilias->raiseError($lng->txt("file_is_infected") . "<br />" . $vir[1], $ilias->error_obj->MESSAGE);
         } else {
             ilUtil::sendFailure($lng->txt("file_is_infected") . "<br />" . $vir[1], true);
         }
         return false;
     } else {
         if ($vir[1] != "") {
             ilUtil::sendInfo($vir[1], true);
         }
         switch ($a_mode) {
             case "rename":
                 return rename($a_file, $a_target);
                 break;
             case "copy":
                 return copy($a_file, $a_target);
                 break;
             default:
                 return move_uploaded_file($a_file, $a_target);
                 break;
         }
     }
 }
예제 #10
0
 /**
  * Check input, strip slashes etc. set alert, if input is not ok.
  *
  * @return	boolean		Input ok, true/false
  */
 function checkInput()
 {
     global $lng;
     $_FILES[$this->getPostVar()]["name"] = ilUtil::stripSlashes($_FILES[$this->getPostVar()]["name"]);
     $_FILES[$this->getPostVar()]["name"] = rtrim($_FILES[$this->getPostVar()]["name"], "/");
     $filename = $_FILES[$this->getPostVar()]["name"];
     $filename_arr = pathinfo($_FILES[$this->getPostVar()]["name"]);
     $suffix = $filename_arr["extension"];
     $mimetype = $_FILES[$this->getPostVar()]["type"];
     $size_bytes = $_FILES[$this->getPostVar()]["size"];
     $temp_name = $_FILES[$this->getPostVar()]["tmp_name"];
     $error = $_FILES[$this->getPostVar()]["error"];
     $_POST[$this->getPostVar()] = $_FILES[$this->getPostVar()];
     // if no information is received, something went wrong
     // this is e.g. the case, if the post_max_size has been exceeded
     if (!is_array($_FILES[$this->getPostVar()])) {
         $this->setAlert($lng->txt("form_msg_file_size_exceeds"));
         return false;
     }
     // error handling
     if ($error > 0) {
         switch ($error) {
             case UPLOAD_ERR_INI_SIZE:
                 $this->setAlert($lng->txt("form_msg_file_size_exceeds"));
                 return false;
                 break;
             case UPLOAD_ERR_FORM_SIZE:
                 $this->setAlert($lng->txt("form_msg_file_size_exceeds"));
                 return false;
                 break;
             case UPLOAD_ERR_PARTIAL:
                 $this->setAlert($lng->txt("form_msg_file_partially_uploaded"));
                 return false;
                 break;
             case UPLOAD_ERR_NO_FILE:
                 if ($this->getRequired()) {
                     if (!strlen($this->getValue())) {
                         $this->setAlert($lng->txt("form_msg_file_no_upload"));
                         return false;
                     }
                 }
                 break;
             case UPLOAD_ERR_NO_TMP_DIR:
                 $this->setAlert($lng->txt("form_msg_file_missing_tmp_dir"));
                 return false;
                 break;
             case UPLOAD_ERR_CANT_WRITE:
                 $this->setAlert($lng->txt("form_msg_file_cannot_write_to_disk"));
                 return false;
                 break;
             case UPLOAD_ERR_EXTENSION:
                 $this->setAlert($lng->txt("form_msg_file_upload_stopped_ext"));
                 return false;
                 break;
         }
     }
     // check suffixes
     if ($_FILES[$this->getPostVar()]["tmp_name"] != "" && is_array($this->getSuffixes()) && count($this->getSuffixes()) > 0) {
         if (!in_array(strtolower($suffix), $this->getSuffixes())) {
             $this->setAlert($lng->txt("form_msg_file_wrong_file_type"));
             return false;
         }
     }
     // virus handling
     if ($_FILES[$this->getPostVar()]["tmp_name"] != "") {
         $vir = ilUtil::virusHandling($temp_name, $filename);
         if ($vir[0] == false) {
             $this->setAlert($lng->txt("form_msg_file_virus_found") . "<br />" . $vir[1]);
             return false;
         }
     }
     return true;
 }
 /**
  * Check input, strip slashes etc. set alert, if input is not ok.
  *
  * @return	boolean		Input ok, true/false
  */
 function checkInput()
 {
     global $lng;
     if (is_array($_POST[$this->getPostVar()])) {
         $_POST[$this->getPostVar()] = ilUtil::stripSlashesRecursive($_POST[$this->getPostVar()]);
     }
     // remove trailing '/'
     while (substr($_FILES[$this->getPostVar()]["name"], -1) == '/') {
         $_FILES[$this->getPostVar()]["name"] = substr($_FILES[$this->getPostVar()]["name"], 0, -1);
     }
     $filename = $_FILES[$this->getPostVar()]["name"];
     $filename_arr = pathinfo($_FILES[$this->getPostVar()]["name"]);
     $suffix = $filename_arr["extension"];
     $mimetype = $_FILES[$this->getPostVar()]["type"];
     $size_bytes = $_FILES[$this->getPostVar()]["size"];
     $temp_name = $_FILES[$this->getPostVar()]["tmp_name"];
     $error = $_FILES[$this->getPostVar()]["error"];
     // error handling
     if ($error > 0) {
         switch ($error) {
             case UPLOAD_ERR_INI_SIZE:
                 $this->setAlert($lng->txt("form_msg_file_size_exceeds"));
                 return false;
                 break;
             case UPLOAD_ERR_FORM_SIZE:
                 $this->setAlert($lng->txt("form_msg_file_size_exceeds"));
                 return false;
                 break;
             case UPLOAD_ERR_PARTIAL:
                 $this->setAlert($lng->txt("form_msg_file_partially_uploaded"));
                 return false;
                 break;
             case UPLOAD_ERR_NO_FILE:
                 if ($this->getRequired()) {
                     if (!strlen($this->getValue())) {
                         $this->setAlert($lng->txt("form_msg_file_no_upload"));
                         return false;
                     }
                 }
                 break;
             case UPLOAD_ERR_NO_TMP_DIR:
                 $this->setAlert($lng->txt("form_msg_file_missing_tmp_dir"));
                 return false;
                 break;
             case UPLOAD_ERR_CANT_WRITE:
                 $this->setAlert($lng->txt("form_msg_file_cannot_write_to_disk"));
                 return false;
                 break;
             case UPLOAD_ERR_EXTENSION:
                 $this->setAlert($lng->txt("form_msg_file_upload_stopped_ext"));
                 return false;
                 break;
         }
     }
     // check suffixes
     if ($_FILES[$this->getPostVar()]["tmp_name"] != "" && is_array($this->getSuffixes())) {
         if (!in_array(strtolower($suffix), $this->getSuffixes())) {
             $this->setAlert($lng->txt("form_msg_file_wrong_file_type"));
             return false;
         }
     }
     // virus handling
     if ($_FILES[$this->getPostVar()]["tmp_name"] != "") {
         $vir = ilUtil::virusHandling($temp_name, $filename);
         if ($vir[0] == false) {
             $this->setAlert($lng->txt("form_msg_file_virus_found") . "<br />" . $vir[1]);
             return false;
         }
     }
     $max = 0;
     if (is_array($_POST[$this->getPostVar()]['coords']['name'])) {
         foreach ($_POST[$this->getPostVar()]['coords']['name'] as $idx => $name) {
             if (!strlen($_POST[$this->getPostVar()]['coords']['points'][$idx]) && $this->getRequired) {
                 $this->setAlert($lng->txt('form_msg_area_missing_points'));
                 return false;
             }
             if (!is_numeric($_POST[$this->getPostVar()]['coords']['points'][$idx])) {
                 $this->setAlert($lng->txt('form_msg_numeric_value_required'));
                 return false;
             }
             if ($_POST[$this->getPostVar()]['coords']['points'][$idx] > 0) {
                 $max = $_POST[$this->getPostVar()]['coords']['points'][$idx];
             }
         }
     }
     if ($max == 0 && !$filename) {
         $this->setAlert($lng->txt("enter_enough_positive_points"));
         return false;
     }
     return true;
 }
예제 #12
0
 /**
  * copy an uploaded file to the target directory (including virus check)
  *
  * @param    string      file name
  * @param    string      target path and name
  * @return  	boolean     true/false
  * @access 	static
  */
 static function _copyUploadFile($a_file, $a_target, $a_raise_errors = true)
 {
     global $lng, $ilias;
     $file = self::_getUploadDirectory() . "/" . $a_file;
     // check if file exists
     if (!is_file($file)) {
         if ($a_raise_errors) {
             $ilias->raiseError($lng->txt("upload_error_file_not_found"), $ilias->error_obj->MESSAGE);
         } else {
             ilUtil::sendFailure($lng->txt("upload_error_file_not_found"), true);
         }
         return false;
     }
     // virus handling
     $vir = ilUtil::virusHandling($file, $a_file);
     if (!$vir[0]) {
         if ($a_raise_errors) {
             $ilias->raiseError($lng->txt("file_is_infected") . "<br />" . $vir[1], $ilias->error_obj->MESSAGE);
         } else {
             ilUtil::sendFailure($lng->txt("file_is_infected") . "<br />" . $vir[1], true);
         }
         return false;
     } else {
         if ($vir[1] != "") {
             ilUtil::sendInfo($vir[1], true);
         }
         return copy($file, $a_target);
     }
 }
예제 #13
0
 /**
  * unzips in given directory and processes uploaded zip for use as single files
  *
  * @author Jan Hippchen
  * @version 1.6.9.07
  * @param string $a_directory Directory to unzip 
  * @param string $a_file Filename of archive
  * @param boolean structure  True if archive structure is to be overtaken
  * @param integer $ref_id ref_id of parent object, if null, files wont be included in system (just checked)
  * @param string containerType object type of created containerobjects (folder or category)
  * @throws ilFileUtilsException
  */
 function processZipFile($a_directory, $a_file, $structure, $ref_id = null, $containerType = null, $tree = null, $access_handler = null)
 {
     global $lng;
     include_once "Services/Utilities/classes/class.ilUtil.php";
     self::$new_files = array();
     $pathinfo = pathinfo($a_file);
     $file = $pathinfo["basename"];
     // Copy zip-file to new directory, unzip and remove it
     // TODO: check archive for broken file
     //copy ($a_file, $a_directory . "/" . $file);
     move_uploaded_file($a_file, $a_directory . "/" . $file);
     ilUtil::unzip($a_directory . "/" . $file);
     unlink($a_directory . "/" . $file);
     //echo "-".$a_directory . "/" . $file."-";
     // Stores filename and paths into $filearray to check for viruses
     // Checks if filenames can be read, else -> throw exception and leave
     ilFileUtils::recursive_dirscan($a_directory, $filearray);
     // if there are no files unziped (->broken file!)
     if (empty($filearray)) {
         throw new ilFileUtilsException($lng->txt("archive_broken"), ilFileUtilsException::$BROKEN_FILE);
         break;
     }
     // virus handling
     foreach ($filearray["file"] as $key => $value) {
         // remove "invisible" files
         if (substr($value, 0, 1) == "." || stristr($filearray["path"][$key], "/__MACOSX/")) {
             unlink($filearray["path"][$key] . $value);
             unset($filearray["path"][$key]);
             unset($filearray["file"][$key]);
             continue;
         }
         $vir = ilUtil::virusHandling($filearray["path"][$key], $value);
         if (!$vir[0]) {
             // Unlink file and throw exception
             unlink($filearray[path][$key]);
             throw new ilFileUtilsException($lng->txt("file_is_infected") . "<br />" . $vir[1], ilFileUtilsException::$INFECTED_FILE);
             break;
         } else {
             if ($vir[1] != "") {
                 throw new ilFileUtilsException($vir[1], ilFileUtilsException::$INFECTED_FILE);
                 break;
             }
         }
     }
     // If archive is to be used "flat"
     if (!$structure) {
         foreach (array_count_values($filearray["file"]) as $key => $value) {
             // Archive contains same filenames in different directories
             if ($value != "1") {
                 $doublettes .= " '" . ilFileUtils::utf8_encode($key) . "'";
             }
         }
         if (isset($doublettes)) {
             throw new ilFileUtilsException($lng->txt("exc_upload_error") . "<br />" . $lng->txt("zip_structure_error") . $doublettes, ilFileUtilsException::$DOUBLETTES_FOUND);
             break;
         }
     } else {
         $mac_dir = $a_directory . "/__MACOSX";
         if (file_exists($mac_dir)) {
             ilUtil::delDir($mac_dir);
         }
     }
     // Everything fine since we got here; so we can store files and folders into the system (if ref_id is given)
     if ($ref_id != null) {
         ilFileUtils::createObjects($a_directory, $structure, $ref_id, $containerType, $tree, $access_handler);
     }
 }
 public function checkUploads($foundvalues)
 {
     if (is_array($_FILES) && count($_FILES) && $this->getSingleline()) {
         if (!$this->hideImages) {
             if (is_array($_FILES[$this->getPostVar()]['error']['image'])) {
                 foreach ($_FILES[$this->getPostVar()]['error']['image'] as $index => $error) {
                     // error handling
                     if ($error > 0) {
                         switch ($error) {
                             case UPLOAD_ERR_INI_SIZE:
                                 $this->setAlert($this->lng->txt("form_msg_file_size_exceeds"));
                                 return false;
                                 break;
                             case UPLOAD_ERR_FORM_SIZE:
                                 $this->setAlert($this->lng->txt("form_msg_file_size_exceeds"));
                                 return false;
                                 break;
                             case UPLOAD_ERR_PARTIAL:
                                 $this->setAlert($this->lng->txt("form_msg_file_partially_uploaded"));
                                 return false;
                                 break;
                             case UPLOAD_ERR_NO_FILE:
                                 if ($this->getRequired() && !$this->isIgnoreMissingUploadsEnabled()) {
                                     if (!strlen($foundvalues['imagename'][$index]) && !strlen($foundvalues['answer'][$index])) {
                                         $this->setAlert($this->lng->txt("form_msg_file_no_upload"));
                                         return false;
                                     }
                                 }
                                 break;
                             case UPLOAD_ERR_NO_TMP_DIR:
                                 $this->setAlert($this->lng->txt("form_msg_file_missing_tmp_dir"));
                                 return false;
                                 break;
                             case UPLOAD_ERR_CANT_WRITE:
                                 $this->setAlert($this->lng->txt("form_msg_file_cannot_write_to_disk"));
                                 return false;
                                 break;
                             case UPLOAD_ERR_EXTENSION:
                                 $this->setAlert($this->lng->txt("form_msg_file_upload_stopped_ext"));
                                 return false;
                                 break;
                         }
                     }
                 }
             } else {
                 if ($this->getRequired()) {
                     $this->setAlert($this->lng->txt("form_msg_file_no_upload"));
                     return false;
                 }
             }
             if (is_array($_FILES[$this->getPostVar()]['tmp_name']['image'])) {
                 foreach ($_FILES[$this->getPostVar()]['tmp_name']['image'] as $index => $tmpname) {
                     $filename = $_FILES[$this->getPostVar()]['name']['image'][$index];
                     $filename_arr = pathinfo($filename);
                     $suffix = $filename_arr["extension"];
                     $mimetype = $_FILES[$this->getPostVar()]['type']['image'][$index];
                     $size_bytes = $_FILES[$this->getPostVar()]['size']['image'][$index];
                     // check suffixes
                     if (strlen($tmpname) && is_array($this->getSuffixes())) {
                         if (!in_array(strtolower($suffix), $this->getSuffixes())) {
                             $this->setAlert($this->lng->txt("form_msg_file_wrong_file_type"));
                             return false;
                         }
                     }
                 }
             }
             if (is_array($_FILES[$this->getPostVar()]['tmp_name']['image'])) {
                 foreach ($_FILES[$this->getPostVar()]['tmp_name']['image'] as $index => $tmpname) {
                     if ($_FILES[$this->getPostVar()]['error']['image'][$index] > 0) {
                         continue;
                     }
                     $mimetype = ilObjMediaObject::getMimeType($tmpname);
                     if (!preg_match("/^image/", $mimetype)) {
                         $_FILES[$this->getPostVar()]['error']['image'][$index] = self::CUSTOM_UPLOAD_ERR;
                         $this->setAlert($this->lng->txt("form_msg_file_wrong_mime_type"));
                         return false;
                     }
                 }
             }
             if (is_array($_FILES[$this->getPostVar()]['tmp_name']['image'])) {
                 foreach ($_FILES[$this->getPostVar()]['tmp_name']['image'] as $index => $tmpname) {
                     $filename = $_FILES[$this->getPostVar()]['name']['image'][$index];
                     $filename_arr = pathinfo($filename);
                     $suffix = $filename_arr["extension"];
                     $mimetype = $_FILES[$this->getPostVar()]['type']['image'][$index];
                     $size_bytes = $_FILES[$this->getPostVar()]['size']['image'][$index];
                     // virus handling
                     if (strlen($tmpname)) {
                         $vir = ilUtil::virusHandling($tmpname, $filename);
                         if ($vir[0] == false) {
                             $_FILES[$this->getPostVar()]['error']['image'][$index] = self::CUSTOM_UPLOAD_ERR;
                             $this->setAlert($this->lng->txt("form_msg_file_virus_found") . "<br />" . $vir[1]);
                             return false;
                         }
                     }
                 }
             }
         }
     }
     return true;
 }