header("Content-Type: application/json;charset=UTF-8"); header('Content-Disposition: attachment; filename="response.json"'); die($content); } else { require_once "ext/smarty/libs/Smarty.class.php"; $smarty = new Smarty(); $smarty->template_dir = 'tpl'; $smarty->compile_dir = 'tpl_c'; $smarty->plugins_dir[] = 'smarty_plugins'; $f = new Files($config, $storage, $auth, $groups, $smarty); $content = $f->{$action}(); $smarty->assign('error', FALSE); $smarty->assign('auth', $auth); $smarty->assign('container', $content); $smarty->display('Page.tpl'); } } catch (Exception $e) { require_once "ext/smarty/libs/Smarty.class.php"; $smarty = new Smarty(); $smarty->template_dir = 'tpl'; $smarty->compile_dir = 'tpl_c'; $smarty->plugins_dir[] = 'smarty_plugins'; $smarty->assign('error', TRUE); # use htmlentities() to deal better with SURFconext exception html frenzy $smarty->assign('errorMessage', htmlentities($e->getMessage())); $smarty->assign('action', NULL); $smarty->display('Page.tpl'); logHandler("ERROR: " . $e->getMessage()); logHandler("ERROR TRACE: " . $e->getTraceAsString()); exit(1); }
function handleUpload() { $ownerDir = base64_encode($this->auth->getUserId()); $targetDir = getConfig($this->config, 'file_storage_dir', TRUE) . "/{$ownerDir}"; $cachePath = getConfig($this->config, 'cache_dir', TRUE); if (!file_exists($targetDir)) { @mkdir($targetDir); } $httpHeaders = getallheaders(); if (array_key_exists('X-Requested-With', $httpHeaders) && $httpHeaders['X-Requested-With'] === "XMLHttpRequest" && array_key_exists('X-File-Name', $httpHeaders) && array_key_exists('X-File-Size', $httpHeaders)) { $fileName = basename($httpHeaders['X-File-Name']); $fileSize = $httpHeaders['X-File-Size']; $fileChunk = 0; if (array_key_exists('X-File-Chunk', $httpHeaders)) { $fileChunk = $httpHeaders['X-File-Chunk']; } $fileName = filter_var($fileName, FILTER_SANITIZE_SPECIAL_CHARS); if ($fileName === FALSE) { logHandler("Invalid X-File-Name '" . $fN . "' by user '" . $this->auth->getUserId() . "'"); die; } if (!is_numeric($fileSize) || $fileSize < 0) { logHandler("Invalid X-File-Size '" . $fileSize . "' by user '" . $this->auth->getUserId() . "'"); die; } $fileSize = (int) $fileSize; if (!is_numeric($fileChunk) || $fileChunk < 0) { logHandler("Invalid X-File-Chunk '" . $fileChunk . "' by user '" . $this->auth->getUserId() . "'"); die; } $fileChunk = (int) $fileChunk; $out = fopen($targetDir . DIRECTORY_SEPARATOR . $fileName, $fileChunk == 0 ? "wb" : "ab"); if ($out) { $in = fopen("php://input", "rb"); if ($in) { while ($buffer = fread($in, 4096)) { fwrite($out, $buffer); } } else { // FIXME: failed to open input stream } fclose($in); fclose($out); flush(); /* only check file when upload is complete */ if ($fileSize == filesize($targetDir . DIRECTORY_SEPARATOR . $fileName)) { $metaData = new stdClass(); $metaData->fileName = $fileName; analyzeFile($metaData, $targetDir, $cachePath); $metaData->fileOwner = $this->auth->getUserId(); $metaData->fileDescription = 'Uploaded on ' . strftime("%c", time()); $metaData->fileGroups = array(); $metaData->fileTokens = array(); $metaData->fileLicense = 'none'; $metaData->fileTags = array(); $this->storage->post($metaData); logHandler("User '" . $this->auth->getUserID() . "' uploaded file '" . $metaData->fileName . "'"); } } else { // FIXME: failed to open output stream } } exit(0); }