function do_SWFUpload($formatter, $options = array())
{
global $DBInfo;
$swfupload_dir = $DBInfo->upload_dir . '/.swfupload';
$mysubdir = '';
if (!is_dir($swfupload_dir)) {
$om = umask(00);
mkdir($swfupload_dir, 0777);
umask($om);
$fp = fopen($swfupload_dir . '/.htaccess', 'w');
if ($fp) {
$htaccess = <<<EOF
Options -Indexes
Order deny,allow
EOF;
fwrite($fp, $htaccess);
fclose($fp);
}
}
// check subdir
if (!empty($DBInfo->swfupload_depth) and $DBInfo->swfupload_depth > 2) {
$depth = $DBInfo->swfupload_depth;
} else {
$depth = 2;
}
$myid = md5($_SERVER['REMOTE_ADDR'] . '.' . 'MONIWIKI');
// FIXME
if (session_id() != '') {
// ip based
if (0 and $_SESSION['_swfupload']) {
// XXX flash bug?
$myid = $_SESSION['_swfupload'];
} else {
if (!empty($options['value']) and ($p = strpos($options['value'], '/')) !== false) {
$tmp = explode('/', $options['value']);
#list($dum,$myid,$dum2)=explode('/',$options['value'],3);
$myid = $tmp[1];
}
}
}
$prefix = substr($myid, 0, $depth);
$mysubdir = $prefix . '/' . $myid . '/';
// debug
//$options['_mysubdir']=$mysubdir;
//$fp=fopen($swfupload_dir.'/swflog.txt','a+');
//foreach ($options as $k=>$v) {
// if (is_string($v))
// fwrite($fp,sprintf("%s=>%s\n",$k,$v));
//}
//foreach ($_SESSION as $k=>$v) {
// if (is_string($v))
// fwrite($fp,sprintf("%s=>%s\n",$k,$v));
//}
//fwrite($fp,"------------------------\n");
//fclose($fp);
// set the personal subdir
if (!empty($options['value']) and preg_match('/^[a-z0-9\\/]+$/i', $options['value'])) {
//if ($mysubdir == $options['value']) // XXX check subdir
// $mysubdir = $options['value'];
list($dum, $myval, $dum2) = explode('/', $options['value'], 3);
// XXX
if (!is_dir($swfupload_dir . '/' . $mysubdir)) {
$om = umask(00);
_mkdir_p($swfupload_dir . '/' . $mysubdir, 0777);
umask($om);
}
}
//move the uploaded file
if (isset($_FILES['Filedata']['tmp_name'])) {
move_uploaded_file($_FILES['Filedata']['tmp_name'], $swfupload_dir . '/' . $mysubdir . $_FILES['Filedata']['name']);
echo "Success";
return;
} else {
if (isset($options['MYFILES']) and is_array($options['MYFILES'])) {
include_once 'plugin/UploadFile.php';
$options['_pds_subdir'] = $mysubdir;
// a temporary pds dir
$options['_pds_remove'] = 1;
// remove all files in pds dir
do_UploadFile($formatter, $options);
} else {
$formatter->send_header("", $options);
$formatter->send_title("", "", $options);
$out = macro_SWFUpload($formatter, '');
print $formatter->get_javascripts();
print $out;
if (!in_array('UploadedFiles', $formatter->actions)) {
$formatter->actions[] = 'UploadedFiles';
}
$formatter->send_footer("", $options);
}
}
}
function do_SWFUpload($formatter, $options = array())
{
global $DBInfo;
if ($_SERVER['REQUEST_METHOD'] == 'POST' && !$DBInfo->security->writable($options)) {
$options['title'] = _("Page is not writable");
return do_invalid($formatter, $options);
}
// check allowed file extensions
$allowed_re = '.*';
if (!empty($DBInfo->pds_allowed)) {
$allowed_re = $DBInfo->pds_allowed;
}
$swfupload_dir = $DBInfo->upload_dir . '/.swfupload';
$mysubdir = '';
if (!is_dir($swfupload_dir)) {
$om = umask(00);
mkdir($swfupload_dir, 0777);
umask($om);
$fp = fopen($swfupload_dir . '/.htaccess', 'w');
if ($fp) {
$htaccess = <<<EOF
# FCGI or CGI user can use .user.ini
Options -Indexes
AddType text/plain .php5 .php4 .php3 .phtml .php .html .map .mm
<Files ~ "\\.php">
#ForceType text/plain
SetHandler text/plain
</Files>
Order deny,allow
deny from all
EOF;
fwrite($fp, $htaccess);
fclose($fp);
}
}
// check subdir
if (!empty($DBInfo->swfupload_depth) and $DBInfo->swfupload_depth > 2) {
$depth = $DBInfo->swfupload_depth;
} else {
$depth = 2;
}
$seed = $_SERVER['REMOTE_ADDR'] . '.' . 'MONIWIKI';
if ($DBInfo->seed) {
$seed .= $DBInfo->seed;
}
$myid = md5($seed);
// FIXME
if (session_id() != '') {
// ip based
if (0 and $_SESSION['_swfupload']) {
// XXX flash bug?
$myid = $_SESSION['_swfupload'];
} else {
if (!empty($options['value']) and ($p = strpos($options['value'], '/')) !== false) {
$tmp = explode('/', $options['value']);
#list($dum,$myid,$dum2)=explode('/',$options['value'],3);
$myid = $tmp[1];
}
}
}
$prefix = substr($myid, 0, $depth);
$mysubdir = $prefix . '/' . $myid . '/';
// debug
//$options['_mysubdir']=$mysubdir;
//$fp=fopen($swfupload_dir.'/swflog.txt','a+');
//foreach ($options as $k=>$v) {
// if (is_string($v))
// fwrite($fp,sprintf("%s=>%s\n",$k,$v));
//}
//foreach ($_SESSION as $k=>$v) {
// if (is_string($v))
// fwrite($fp,sprintf("%s=>%s\n",$k,$v));
//}
//fwrite($fp,"------------------------\n");
//fclose($fp);
// set the personal subdir
if (!empty($options['value']) and preg_match('/^[a-z0-9\\/]+$/i', $options['value'])) {
//if ($mysubdir == $options['value']) // XXX check subdir
// $mysubdir = $options['value'];
list($dum, $myval, $dum2) = explode('/', $options['value'], 3);
// XXX
if (!is_dir($swfupload_dir . '/' . $mysubdir)) {
$om = umask(00);
_mkdir_p($swfupload_dir . '/' . $mysubdir, 0777);
umask($om);
}
}
//move the uploaded file
if (isset($_FILES['Filedata']['tmp_name'])) {
if (preg_match('/\\.(' . $allowed_re . ')$/i', $_FILES['Filedata']['name'])) {
move_uploaded_file($_FILES['Filedata']['tmp_name'], $swfupload_dir . '/' . $mysubdir . $_FILES['Filedata']['name']);
}
echo "Success";
return;
} else {
if (isset($options['MYFILES']) and is_array($options['MYFILES'])) {
include_once 'plugin/UploadFile.php';
$options['_pds_subdir'] = $mysubdir;
// a temporary pds dir
$options['_pds_remove'] = 1;
// remove all files in pds dir
do_UploadFile($formatter, $options);
} else {
$formatter->send_header("", $options);
$formatter->send_title("", "", $options);
$out = macro_SWFUpload($formatter, '');
print $formatter->get_javascripts();
print $out;
if (!in_array('UploadedFiles', $formatter->actions)) {
$formatter->actions[] = 'UploadedFiles';
}
$formatter->send_footer("", $options);
}
}
}