function FileUpload($resourceType, $currentFolder, $sCommand) { global $dwfck_conf; if (!isset($_FILES)) { global $_FILES; } $sErrorNumber = '0'; $sFileName = ''; $sess_id = session_id(); if (!isset($sess_id) || $sess_id != $_COOKIE['FCK_NmSp_acl']) { session_id($_COOKIE['FCK_NmSp_acl']); session_start(); } global $Dwfck_conf_values; $dwfck_conf = $_SESSION['dwfck_conf']; if (empty($dwfck_conf)) { $dwfck_conf['deaccent'] = isset($Dwfck_conf_values['deaccent']) ? $Dwfck_conf_values['deaccent'] : 1; $dwfck_conf['useslash'] = isset($Dwfck_conf_values['useslash']) ? $Dwfck_conf_values['useslash'] : 0; $dwfck_conf['sepchar'] = isset($Dwfck_conf_values['sepchar']) ? $Dwfck_conf_values['sepchar'] : '_'; } $auth = 0; if (isset($_REQUEST['TopLevel'])) { list($top_level, $auth) = explode(';;', $_REQUEST['TopLevel']); } $safe = false; global $Dwfck_conf_values; if ($Dwfck_conf_values['fnencode'] == 'safe') { if (preg_match('/%[a-z]+[0-9]/', $currentFolder) || preg_match('/%[0-9][a-z]/', $currentFolder)) { $safe = true; } } $ns_tmp = dwiki_decodeFN(trim($currentFolder, '/')); $ns_tmp = str_replace('/', ':', $ns_tmp); $test = $ns_tmp . ':*'; if (!$safe) { $test = urldecode($test); while (preg_match('/%25/', $test)) { $test = urldecode($test); } $test = urldecode($test); } $isadmin = isset($_SESSION['dwfck_conf']['isadmin']) ? $_SESSION['dwfck_conf']['isadmin'] : false; if (!$isadmin) { $AUTH = auth_aclcheck($test, $_SESSION['dwfck_client'], $_SESSION['dwfck_grps'], 1); if ($AUTH < 8) { $msg = ""; $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder); $sFileUrl = CombinePaths($sFileUrl, $_FILES['NewFile']['name']); SendUploadResults('203', $sFileUrl, htmlentities($_FILES['NewFile']['name']), $msg); return; } } if (!$safe) { $currentFolder = encode_dir($currentFolder); } if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])) { global $Config; $upload_err = $_FILES['NewFile']['error']; if ($upload_err) { send_ckg_UploadError($upload_err, $sFileUrl, htmlentities($_FILES['NewFile']['name'])); exit; } $oFile = $_FILES['NewFile']; // Map the virtual path to the local server path. $sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand); // Get the uploaded file name. $sFileName = dwiki_encodeFN($oFile['name']); $sOriginalFileName = dwiki_encodeFN($sFileName); // Get the extension. $sExtension = substr($sFileName, strrpos($sFileName, '.') + 1); $sExtension = strtolower($sExtension); $image_file = false; if (in_array($sExtension, $Config['AllowedExtensions']['Image'])) { $image_file = true; } if (isset($Config['SecureImageUploads'])) { if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) { $sErrorNumber = '202'; } } if (isset($Config['HtmlExtensions'])) { if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) && ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) { $sErrorNumber = '202'; } } $sFileName = Dwfck_sanitize($sFileName, $image_file); // Check if it is an allowed extension. if (!$sErrorNumber && IsAllowedExt($sExtension, $resourceType)) { $iCounter = 0; while (true) { //$sFileName = strtolower($sFileName); if (!is_dir($sServerDir)) { if (isset($Config['ChmodOnFolderCreate']) && !$Config['ChmodOnFolderCreate']) { mkdir_rek($sServerDir, $permissions); } else { $permissions = 0777; if (isset($Config['ChmodOnFolderCreate'])) { $permissions = $Config['ChmodOnFolderCreate']; } // To create the folder with 0777 permissions, we need to set umask to zero. $oldumask = umask(0); mkdir_rek($sServerDir, $permissions); umask($oldumask); } } $sFilePath = $sServerDir . $sFileName; if (is_file($sFilePath)) { $iCounter++; if ($Dwfck_conf_values['fnencode'] == 'safe') { $sFileName = RemoveExtension(dwiki_decodeFN($sOriginalFileName)) . '_' . $iCounter . ".{$sExtension}"; } else { $sFileName = RemoveExtension($sOriginalFileName) . '_' . $iCounter . ".{$sExtension}"; } $sFileName = Dwfck_sanitize($sFileName, $image_file); $sErrorNumber = '201'; } else { move_uploaded_file($oFile['tmp_name'], $sFilePath); if (is_file($sFilePath)) { if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) { break; } $permissions = 0777; if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) { $permissions = $Config['ChmodOnUpload']; } $oldumask = umask(0); chmod($sFilePath, $permissions); umask($oldumask); } break; } } if (file_exists($sFilePath)) { //previous checks failed, try once again if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) { @unlink($sFilePath); $sErrorNumber = '202'; } else { if (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) { @unlink($sFilePath); $sErrorNumber = '202'; } } } } else { $sErrorNumber = '202'; } } else { $sErrorNumber = '202'; } $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder); $sFileUrl = CombinePaths($sFileUrl, $sFileName); SendUploadResults($sErrorNumber, $sFileUrl, htmlentities($sFileName)); exit; }
define("PAGES", DOKU_INC . 'data/pages/'); define("FCKEDITOR", DOKU_PLUGIN . 'ckgedit/fckeditor/editor/'); define('CONNECTOR', FCKEDITOR . 'filemanager/connectors/php/'); require_once CONNECTOR . 'check_acl.php'; require_once DOKU_INC . 'inc/Input.class.php'; require_once CONNECTOR . 'SafeFN.class.php'; global $dwfck_conf; global $Dwfck_conf_values; $INPUT = new Input(); $page = $INPUT->str('dw_id'); $page = ltrim($page, ':'); $dwfck_conf = doku_config_values(); // needed for cleanID $Dwfck_conf_values = $dwfck_conf; $page = str_replace(':', '/', $page); $page = dwiki_encodeFN($page); if (!empty($Dwfck_conf_values['ckg_savedir'])) { $path = $Dwfck_conf_values['ckg_savedir'] . '/pages/' . $page . '.txt'; } else { $path = PAGES . $page . '.txt'; } $resp = ""; $headers = array(); $lines = file($path); foreach ($lines as $line) { if (preg_match('/^=+([^=]+)=+\\s*$/', $line, $matches)) { $suffix_anchor = ""; $suffix_header = ""; if (isset($headers[$matches[1]])) { $headers[$matches[1]]++; $suffix_anchor = $headers[$matches[1]];