/** * Save an attachment * * @return void */ public function saveTask() { if (Request::getVar('no_html', 0)) { return $this->ajaxUploadTask(); } // Incoming $pid = Request::getInt('pid', 0); if (!$pid) { $this->setError(Lang::txt('CONTRIBUTE_NO_ID')); $this->displayTask($pid); return; } // Incoming file $file = Request::getVar('upload', '', 'files', 'array'); if (!$file['name']) { $this->setError(Lang::txt('CONTRIBUTE_NO_FILE')); $this->displayTask($pid); return; } // Make the filename safe $file['name'] = \Filesystem::clean($file['name']); // Ensure file names fit. $ext = \Filesystem::extension($file['name']); $file['name'] = str_replace(' ', '_', $file['name']); if (strlen($file['name']) > 230) { $file['name'] = substr($file['name'], 0, 230); $file['name'] .= '.' . $ext; } // Instantiate a new resource object $row = new Resource($this->database); if (!$row->bind($_POST)) { $this->setError($row->getError()); $this->displayTask($pid); return; } $row->title = $row->title ? $row->title : $file['name']; $row->introtext = $row->title; $row->created = Date::toSql(); $row->created_by = User::get('id'); $row->published = 1; $row->publish_up = Date::toSql(); $row->publish_down = '0000-00-00 00:00:00'; $row->standalone = 0; $row->path = ''; // make sure no path is specified just yet // Check content if (!$row->check()) { $this->setError($row->getError()); $this->displayTask($pid); return; } // File already exists if ($row->loadByFile($file['name'], $pid)) { $this->setError(Lang::txt('A file with this name and type appears to already exist.')); $this->displayTask($pid); return; } // Store new content if (!$row->store()) { $this->setError($row->getError()); $this->displayTask($pid); return; } if (!$row->id) { $row->id = $row->insertid(); } // Build the path $listdir = $this->_buildPathFromDate($row->created, $row->id, ''); $path = $this->_buildUploadPath($listdir, ''); // Make sure the upload path exist if (!is_dir($path)) { if (!\Filesystem::makeDirectory($path)) { $this->setError(Lang::txt('COM_CONTRIBUTE_UNABLE_TO_CREATE_UPLOAD_PATH')); $this->displayTask($pid); return; } } // Perform the upload if (!\Filesystem::upload($file['tmp_name'], $path . DS . $file['name'])) { $this->setError(Lang::txt('COM_CONTRIBUTE_ERROR_UPLOADING')); } else { // File was uploaded // Check the file type $row->type = $this->_getChildType($file['name']); // If it's a package (ZIP, etc) ... /* Breeze presentations haven't been used for some time. Completely unnecessary code? if ($row->type == 38) { require_once(PATH_CORE . DS . 'includes' . DS . 'pcl' . DS . 'pclzip.lib.php'); if (!extension_loaded('zlib')) { $this->setError(Lang::txt('COM_CONTRIBUTE_ZLIB_PACKAGE_REQUIRED')); } else { // Check the table of contents and look for a Breeze viewer.swf file $isbreeze = 0; $zip = new PclZip($path . DS . $file['name']); $file_to_unzip = preg_replace('/(.+)\..*$/', '$1', $path . DS . $file['name']); if (($list = $zip->listContent()) == 0) { die('Error: '.$zip->errorInfo(true)); } for ($i=0; $i<sizeof($list); $i++) { if (substr($list[$i]['filename'], strlen($list[$i]['filename']) - 10, strlen($list[$i]['filename'])) == 'viewer.swf') { $isbreeze = $list[$i]['filename']; break; } //$this->setError(substr($list[$i]['filename'], strlen($list[$i]['filename']), -4).' '.substr($file['name'], strlen($file['name']), -4)); } if (!$isbreeze) { for ($i=0; $i<sizeof($list); $i++) { if (strtolower(substr($list[$i]['filename'], -3)) == 'swf' && substr($list[$i]['filename'], strlen($list[$i]['filename']), -4) == substr($file['name'], strlen($file['name']), -4)) { $isbreeze = $list[$i]['filename']; break; } //$this->setError(substr($list[$i]['filename'], strlen($list[$i]['filename']), -4).' '.substr($file['name'], strlen($file['name']), -4)); } } // It IS a breeze presentation if ($isbreeze) { // unzip the file $do = $zip->extract($path); if (!$do) { $this->setError(Lang::txt('COM_CONTRIBUTE_UNABLE_TO_EXTRACT_PACKAGE')); } else { $row->path = $listdir . DS . $isbreeze; @unlink($path . DS . $file['name']); } $row->type = $this->_getChildType($row->path); $row->title = $isbreeze; } } }*/ } // Scan for viruses $fpath = $path . DS . $file['name']; if (!\Filesystem::isSafe($fpath)) { if (\Filesystem::delete($fpath)) { // Delete associations to the resource $row->deleteExistence(); // Delete resource $row->delete(); } $this->setError(Lang::txt('File rejected because the anti-virus scan failed.')); $this->displayTask($pid); return; } if (!$row->path) { $row->path = $listdir . DS . $file['name']; } $row->path = ltrim($row->path, DS); // Store new content if (!$row->store()) { $this->setError($row->getError()); $this->displayTask($pid); return; } // Instantiate a Resources Assoc object $assoc = new Assoc($this->database); // Get the last child in the ordering $assoc->ordering = $assoc->getLastOrder($pid); $assoc->ordering = $assoc->ordering ? $assoc->ordering : 0; // Increase the ordering - new items are always last $assoc->ordering++; // Create new parent/child association $assoc->parent_id = $pid; $assoc->child_id = $row->id; $assoc->grouping = 0; if (!$assoc->check()) { $this->setError($assoc->getError()); } if (!$assoc->store(true)) { $this->setError($assoc->getError()); } else { if (is_readable($path . DS . $file['name'])) { $hash = @sha1_file($path . DS . $file['name']); if (!empty($hash)) { $this->database->setQuery('SELECT id FROM `#__document_text_data` WHERE hash = \'' . $hash . '\''); if (!($doc_id = $this->database->loadResult())) { $this->database->execute('INSERT INTO `#__document_text_data` (hash) VALUES (\'' . $hash . '\')'); $doc_id = $this->database->insertId(); } $this->database->execute('INSERT IGNORE INTO `#__document_resource_rel` (document_id, resource_id) VALUES (' . (int) $doc_id . ', ' . (int) $row->id . ')'); system('/usr/bin/textifier ' . escapeshellarg($path . DS . $file['name']) . ' >/dev/null'); } } } // Push through to the attachments view $this->displayTask($pid); }