Exemplo n.º 1
0
function do_SWFUpload($formatter, $options = array())
{
    global $DBInfo;
    $swfupload_dir = $DBInfo->upload_dir . '/.swfupload';
    $mysubdir = '';
    if (!is_dir($swfupload_dir)) {
        $om = umask(00);
        mkdir($swfupload_dir, 0777);
        umask($om);
        $fp = fopen($swfupload_dir . '/.htaccess', 'w');
        if ($fp) {
            $htaccess = <<<EOF
Options -Indexes
Order deny,allow

EOF;
            fwrite($fp, $htaccess);
            fclose($fp);
        }
    }
    // check subdir
    if (!empty($DBInfo->swfupload_depth) and $DBInfo->swfupload_depth > 2) {
        $depth = $DBInfo->swfupload_depth;
    } else {
        $depth = 2;
    }
    $myid = md5($_SERVER['REMOTE_ADDR'] . '.' . 'MONIWIKI');
    // FIXME
    if (session_id() != '') {
        // ip based
        if (0 and $_SESSION['_swfupload']) {
            // XXX flash bug?
            $myid = $_SESSION['_swfupload'];
        } else {
            if (!empty($options['value']) and ($p = strpos($options['value'], '/')) !== false) {
                $tmp = explode('/', $options['value']);
                #list($dum,$myid,$dum2)=explode('/',$options['value'],3);
                $myid = $tmp[1];
            }
        }
    }
    $prefix = substr($myid, 0, $depth);
    $mysubdir = $prefix . '/' . $myid . '/';
    // debug
    //$options['_mysubdir']=$mysubdir;
    //$fp=fopen($swfupload_dir.'/swflog.txt','a+');
    //foreach ($options as $k=>$v) {
    //    if (is_string($v))
    //         fwrite($fp,sprintf("%s=>%s\n",$k,$v));
    //}
    //foreach ($_SESSION as $k=>$v) {
    //    if (is_string($v))
    //         fwrite($fp,sprintf("%s=>%s\n",$k,$v));
    //}
    //fwrite($fp,"------------------------\n");
    //fclose($fp);
    // set the personal subdir
    if (!empty($options['value']) and preg_match('/^[a-z0-9\\/]+$/i', $options['value'])) {
        //if ($mysubdir == $options['value']) // XXX check subdir
        //    $mysubdir = $options['value'];
        list($dum, $myval, $dum2) = explode('/', $options['value'], 3);
        // XXX
        if (!is_dir($swfupload_dir . '/' . $mysubdir)) {
            $om = umask(00);
            _mkdir_p($swfupload_dir . '/' . $mysubdir, 0777);
            umask($om);
        }
    }
    //move the uploaded file
    if (isset($_FILES['Filedata']['tmp_name'])) {
        move_uploaded_file($_FILES['Filedata']['tmp_name'], $swfupload_dir . '/' . $mysubdir . $_FILES['Filedata']['name']);
        echo "Success";
        return;
    } else {
        if (isset($options['MYFILES']) and is_array($options['MYFILES'])) {
            include_once 'plugin/UploadFile.php';
            $options['_pds_subdir'] = $mysubdir;
            // a temporary pds dir
            $options['_pds_remove'] = 1;
            // remove all files in pds dir
            do_UploadFile($formatter, $options);
        } else {
            $formatter->send_header("", $options);
            $formatter->send_title("", "", $options);
            $out = macro_SWFUpload($formatter, '');
            print $formatter->get_javascripts();
            print $out;
            if (!in_array('UploadedFiles', $formatter->actions)) {
                $formatter->actions[] = 'UploadedFiles';
            }
            $formatter->send_footer("", $options);
        }
    }
}
Exemplo n.º 2
0
function do_SWFUpload($formatter, $options = array())
{
    global $DBInfo;
    if ($_SERVER['REQUEST_METHOD'] == 'POST' && !$DBInfo->security->writable($options)) {
        $options['title'] = _("Page is not writable");
        return do_invalid($formatter, $options);
    }
    // check allowed file extensions
    $allowed_re = '.*';
    if (!empty($DBInfo->pds_allowed)) {
        $allowed_re = $DBInfo->pds_allowed;
    }
    $swfupload_dir = $DBInfo->upload_dir . '/.swfupload';
    $mysubdir = '';
    if (!is_dir($swfupload_dir)) {
        $om = umask(00);
        mkdir($swfupload_dir, 0777);
        umask($om);
        $fp = fopen($swfupload_dir . '/.htaccess', 'w');
        if ($fp) {
            $htaccess = <<<EOF
# FCGI or CGI user can use .user.ini
Options -Indexes
AddType text/plain .php5 .php4 .php3 .phtml .php .html .map .mm
<Files ~ "\\.php">
#ForceType text/plain
SetHandler text/plain
</Files>
Order deny,allow
deny from all

EOF;
            fwrite($fp, $htaccess);
            fclose($fp);
        }
    }
    // check subdir
    if (!empty($DBInfo->swfupload_depth) and $DBInfo->swfupload_depth > 2) {
        $depth = $DBInfo->swfupload_depth;
    } else {
        $depth = 2;
    }
    $seed = $_SERVER['REMOTE_ADDR'] . '.' . 'MONIWIKI';
    if ($DBInfo->seed) {
        $seed .= $DBInfo->seed;
    }
    $myid = md5($seed);
    // FIXME
    if (session_id() != '') {
        // ip based
        if (0 and $_SESSION['_swfupload']) {
            // XXX flash bug?
            $myid = $_SESSION['_swfupload'];
        } else {
            if (!empty($options['value']) and ($p = strpos($options['value'], '/')) !== false) {
                $tmp = explode('/', $options['value']);
                #list($dum,$myid,$dum2)=explode('/',$options['value'],3);
                $myid = $tmp[1];
            }
        }
    }
    $prefix = substr($myid, 0, $depth);
    $mysubdir = $prefix . '/' . $myid . '/';
    // debug
    //$options['_mysubdir']=$mysubdir;
    //$fp=fopen($swfupload_dir.'/swflog.txt','a+');
    //foreach ($options as $k=>$v) {
    //    if (is_string($v))
    //         fwrite($fp,sprintf("%s=>%s\n",$k,$v));
    //}
    //foreach ($_SESSION as $k=>$v) {
    //    if (is_string($v))
    //         fwrite($fp,sprintf("%s=>%s\n",$k,$v));
    //}
    //fwrite($fp,"------------------------\n");
    //fclose($fp);
    // set the personal subdir
    if (!empty($options['value']) and preg_match('/^[a-z0-9\\/]+$/i', $options['value'])) {
        //if ($mysubdir == $options['value']) // XXX check subdir
        //    $mysubdir = $options['value'];
        list($dum, $myval, $dum2) = explode('/', $options['value'], 3);
        // XXX
        if (!is_dir($swfupload_dir . '/' . $mysubdir)) {
            $om = umask(00);
            _mkdir_p($swfupload_dir . '/' . $mysubdir, 0777);
            umask($om);
        }
    }
    //move the uploaded file
    if (isset($_FILES['Filedata']['tmp_name'])) {
        if (preg_match('/\\.(' . $allowed_re . ')$/i', $_FILES['Filedata']['name'])) {
            move_uploaded_file($_FILES['Filedata']['tmp_name'], $swfupload_dir . '/' . $mysubdir . $_FILES['Filedata']['name']);
        }
        echo "Success";
        return;
    } else {
        if (isset($options['MYFILES']) and is_array($options['MYFILES'])) {
            include_once 'plugin/UploadFile.php';
            $options['_pds_subdir'] = $mysubdir;
            // a temporary pds dir
            $options['_pds_remove'] = 1;
            // remove all files in pds dir
            do_UploadFile($formatter, $options);
        } else {
            $formatter->send_header("", $options);
            $formatter->send_title("", "", $options);
            $out = macro_SWFUpload($formatter, '');
            print $formatter->get_javascripts();
            print $out;
            if (!in_array('UploadedFiles', $formatter->actions)) {
                $formatter->actions[] = 'UploadedFiles';
            }
            $formatter->send_footer("", $options);
        }
    }
}