CMS_grandFather::raiseError('Error, user has no rights on page : ' . $cms_page->getID());
    $view->show();
}
//get block datas
if (class_exists($blockClass)) {
    $cms_block = new $blockClass();
    $cms_block->initializeFromBasicAttributes($blockId);
    $rawDatas = $cms_block->getRawData($cms_page->getID(), $cs, $rowTag, RESOURCE_LOCATION_EDITION, false);
} else {
    CMS_grandFather::raiseError('Error, can\'t get block class : ' . $blockClass);
    $view->show();
}
$maxFileSize = CMS_file::getMaxUploadFileSize('K');
if ($rawDatas['file'] && file_exists(PATH_MODULES_FILES_STANDARD_FS . '/edition/' . $rawDatas['file'])) {
    $file = new CMS_file(PATH_MODULES_FILES_STANDARD_FS . '/edition/' . $rawDatas['file']);
    $fileDatas = array('filename' => $file->getName(false), 'filepath' => $file->getFilePath(CMS_file::WEBROOT), 'filesize' => $file->getFileSize(), 'fileicon' => $file->getFileIcon(CMS_file::WEBROOT), 'extension' => $file->getExtension());
} else {
    $fileDatas = array('filename' => '', 'filepath' => '', 'filesize' => '', 'fileicon' => '', 'extension' => '');
}
$filePath = $fileDatas['filepath'];
$fileDatas = sensitiveIO::jsonEncode($fileDatas);
$flashvars = sensitiveIO::sanitizeJSString($rawDatas["flashvars"]);
$params = sensitiveIO::sanitizeJSString($rawDatas["params"]);
$attributes = sensitiveIO::sanitizeJSString($rawDatas["attributes"]);
$jscontent = <<<END
\tvar blockWindow = Ext.getCmp('{$winId}');
\t//set window title
\tblockWindow.setTitle('{$cms_language->getJsMessage(MESSAGE_EDIT_FLASH)}');
\t//set help button on top of page
\tblockWindow.tools['help'].show();
\t//add a tooltip on button
Exemplo n.º 2
0
}
if (!function_exists('imagecreatefrompng')) {
    CMS_grandFather::raiseError('Can\'t find imagecreatefrompng, please install GD library.');
    $return['error'] = $cms_language->getJsMessage(MESSAGE_PAGE_PNG_SUPPORT);
    $view->setContent($return);
    $view->show();
}
//Resize image
if (!$image->resize($width, $height, '', true, $autocrop)) {
    CMS_grandFather::raiseError('Error during treatment of file ' . $image->getFilename() . ', please check GD library.');
    $return['error'] = $cms_language->getJsMessage(MESSAGE_PAGE_LIB_GD_VERIF);
    $view->setContent($return);
    $view->show();
}
//Crop image if needed
if ($cropTop || $cropBottom || $cropLeft || $cropRight) {
    if (!$image->crop($cropTop, $cropBottom, $cropLeft, $cropRight)) {
        CMS_grandFather::raiseError('Error during treatment of file ' . $image->getFilename() . ', please check GD library.');
        $return['error'] = $cms_language->getJsMessage(MESSAGE_PAGE_LIB_GD_VERIF);
        $view->setContent($return);
        $view->show();
    }
}
$newimage = new CMS_file($image->getFilename());
//set new image infos and return
clearstatcache();
$return['filesize'] = $newimage->getFileSize();
$return['filepath'] = $newimage->getFilePath(CMS_file::WEBROOT);
$return['filename'] = $newimage->getFilename(false);
$view->setContent($return);
$view->show();
Exemplo n.º 3
0
 /**
  * set object Values
  *
  * @param array $values : the POST result values
  * @param string prefixname : the prefix used for post names
  * @param boolean newFormat : new automne v4 format (default false for compatibility)
  * @param integer $objectID : the current object id. Must be set, but default is blank for compatibility with other objects
  * @return boolean true on success, false on failure
  * @access public
  */
 function setValues($values, $prefixName, $newFormat = false, $objectID = '')
 {
     if (!sensitiveIO::isPositiveInteger($objectID)) {
         $this->raiseError('ObjectID must be a positive integer : ' . $objectID);
         return false;
     }
     //get field parameters
     $params = $this->getParamsValues();
     //get module codename
     $moduleCodename = CMS_poly_object_catalog::getModuleCodenameForField($this->_field->getID());
     if ($newFormat) {
         //delete old images ?
         //thumbnail
         if ($this->_subfieldValues[0]->getValue() && (!$values[$prefixName . $this->_field->getID() . '_0'] || pathinfo($values[$prefixName . $this->_field->getID() . '_0'], PATHINFO_BASENAME) != $this->_subfieldValues[0]->getValue())) {
             @unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[0]->getValue());
             $this->_subfieldValues[0]->setValue('');
         }
         //image zoom
         if ($this->_subfieldValues[2]->getValue() && (!isset($values[$prefixName . $this->_field->getID() . '_2']) || !$values[$prefixName . $this->_field->getID() . '_2'] || pathinfo($values[$prefixName . $this->_field->getID() . '_2'], PATHINFO_BASENAME) != $this->_subfieldValues[2]->getValue())) {
             @unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[2]->getValue());
             $this->_subfieldValues[2]->setValue('');
         }
         //set label from label field
         if (!$this->_subfieldValues[1]->setValue(io::htmlspecialchars($values[$prefixName . $this->_field->getID() . '_1']))) {
             return false;
         }
         //image zoom (if needed)
         if ((!isset($values[$prefixName . $this->_field->getID() . '_makeZoom']) || $values[$prefixName . $this->_field->getID() . '_makeZoom'] != 1) && isset($values[$prefixName . $this->_field->getID() . '_2']) && $values[$prefixName . $this->_field->getID() . '_2'] && io::strpos($values[$prefixName . $this->_field->getID() . '_2'], PATH_UPLOAD_WR . '/') !== false) {
             $filename = $values[$prefixName . $this->_field->getID() . '_2'];
             //check for image type before doing anything
             if (!in_array(io::strtolower(pathinfo($filename, PATHINFO_EXTENSION)), $this->_allowedExtensions)) {
                 return false;
             }
             //destroy old image if any
             if ($this->_subfieldValues[2]->getValue()) {
                 @unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[2]->getValue());
                 $this->_subfieldValues[2]->setValue('');
             }
             //move and rename uploaded file
             $filename = str_replace(PATH_UPLOAD_WR . '/', PATH_UPLOAD_FS . '/', $filename);
             $basename = pathinfo($filename, PATHINFO_BASENAME);
             //set thumbnail
             $path = PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED;
             $zoomBasename = "r" . $objectID . "_" . $this->_field->getID() . "_" . io::strtolower(SensitiveIO::sanitizeAsciiString($basename));
             if (io::strlen($zoomBasename) > 255) {
                 $zoomBasename = sensitiveIO::ellipsis($zoomBasename, 255, '-', true);
             }
             $zoomFilename = $path . '/' . $zoomBasename;
             CMS_file::moveTo($filename, $zoomFilename);
             CMS_file::chmodFile(FILES_CHMOD, $zoomFilename);
             //set it
             if (!$this->_subfieldValues[2]->setValue($zoomBasename)) {
                 return false;
             }
         }
         //thumbnail
         if ($values[$prefixName . $this->_field->getID() . '_0'] && io::strpos($values[$prefixName . $this->_field->getID() . '_0'], PATH_UPLOAD_WR . '/') !== false) {
             $filename = $values[$prefixName . $this->_field->getID() . '_0'];
             //check for image type before doing anything
             if (!in_array(io::strtolower(pathinfo($filename, PATHINFO_EXTENSION)), $this->_allowedExtensions)) {
                 return false;
             }
             //destroy old image if any
             if ($this->_subfieldValues[0]->getValue()) {
                 @unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[0]->getValue());
                 $this->_subfieldValues[0]->setValue('');
             }
             //move and rename uploaded file
             $filename = str_replace(PATH_UPLOAD_WR . '/', PATH_UPLOAD_FS . '/', $filename);
             $basename = pathinfo($filename, PATHINFO_BASENAME);
             //set thumbnail
             $path = PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED;
             $newBasename = "r" . $objectID . "_" . $this->_field->getID() . "_" . io::strtolower(SensitiveIO::sanitizeAsciiString($basename));
             //rename image
             $path_parts = pathinfo($newBasename);
             $extension = io::strtolower($path_parts['extension']);
             $newBasename = io::substr($path_parts['basename'], 0, -(io::strlen($extension) + 1)) . '_thumbnail.' . $extension;
             if (io::strlen($newBasename) > 255) {
                 $newBasename = sensitiveIO::ellipsis($newBasename, 255, '-', true);
             }
             $newFilename = $path . '/' . $newBasename;
             //move file from upload dir to new dir
             CMS_file::moveTo($filename, $newFilename);
             CMS_file::chmodFile(FILES_CHMOD, $newFilename);
             //if we use original image as image zoom, set it
             if (isset($values[$prefixName . $this->_field->getID() . '_makeZoom']) && $values[$prefixName . $this->_field->getID() . '_makeZoom'] == 1) {
                 $zoomFilename = str_replace('_thumbnail.' . $extension, '.' . $extension, $newFilename);
                 //copy image as zoom
                 CMS_file::copyTo($newFilename, $zoomFilename);
                 $zoomBasename = pathinfo($zoomFilename, PATHINFO_BASENAME);
                 //set image zoom
                 if (!$this->_subfieldValues[2]->setValue($zoomBasename)) {
                     return false;
                 }
             }
             //resize thumbnail if needed
             if ($params['maxWidth'] > 0 || $params['maxHeight'] > 0) {
                 $oImage = new CMS_image($newFilename);
                 //get current file size
                 $sizeX = $oImage->getWidth();
                 $sizeY = $oImage->getHeight();
                 //check thumbnail size
                 if ($params['maxWidth'] && $sizeX > $params['maxWidth'] || $params['maxHeight'] && $sizeY > $params['maxHeight']) {
                     $newSizeX = $sizeX;
                     $newSizeY = $sizeY;
                     // Check width
                     if ($params['maxWidth'] && $newSizeX > $params['maxWidth']) {
                         $newSizeY = round($params['maxWidth'] * $newSizeY / $newSizeX);
                         $newSizeX = $params['maxWidth'];
                     }
                     if ($params['maxHeight'] && $newSizeY > $params['maxHeight']) {
                         $newSizeX = round($params['maxHeight'] * $newSizeX / $newSizeY);
                         $newSizeY = $params['maxHeight'];
                     }
                     if (!$oImage->resize($newSizeX, $newSizeY, $newFilename)) {
                         return false;
                     }
                 }
             }
             //set thumbnail
             if (!$this->_subfieldValues[0]->setValue($newBasename)) {
                 return false;
             }
         }
         // If label not set yet, set it
         /*if(!$this->_subfieldValues[1]->getValue()){
         			if($this->_subfieldValues[0]->getValue()){
         				$this->_subfieldValues[1]->setValue($this->_subfieldValues[0]->getValue());
         			}
         		}*/
         //if we had an imagezoom, check his size
         if ($this->_subfieldValues[2]->getValue() && ($params['maxZoomWidth'] > 0 || $params['maxZoomHeight'] > 0)) {
             //resize zoom if needed
             $path = PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED;
             $basename = $this->_subfieldValues[2]->getValue();
             $filename = $path . '/' . $basename;
             $extension = io::strtolower(pathinfo($basename, PATHINFO_EXTENSION));
             $oImage = new CMS_image($filename);
             //get current file size
             $sizeX = $oImage->getWidth();
             $sizeY = $oImage->getHeight();
             //check zoom size
             if ($params['maxZoomWidth'] && $sizeX > $params['maxZoomWidth'] || $params['maxZoomHeight'] && $sizeY > $params['maxZoomHeight']) {
                 $newSizeX = $sizeX;
                 $newSizeY = $sizeY;
                 // Check width
                 if ($params['maxZoomWidth'] && $newSizeX > $params['maxZoomWidth']) {
                     $newSizeY = round($params['maxZoomWidth'] * $newSizeY / $newSizeX);
                     $newSizeX = $params['maxZoomWidth'];
                 }
                 if ($params['maxZoomHeight'] && $newSizeY > $params['maxZoomHeight']) {
                     $newSizeX = round($params['maxZoomHeight'] * $newSizeX / $newSizeY);
                     $newSizeY = $params['maxZoomHeight'];
                 }
                 if (!$oImage->resize($newSizeX, $newSizeY, $filename)) {
                     return false;
                 }
             }
         }
         //update files infos if needed
         if ($this->_subfieldValues[0]->getValue() && file_exists(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[0]->getValue())) {
             $file = new CMS_file(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[0]->getValue());
             $imageDatas = array('filename' => $file->getName(false), 'filepath' => $file->getFilePath(CMS_file::WEBROOT), 'filesize' => $file->getFileSize(), 'fileicon' => $file->getFileIcon(CMS_file::WEBROOT), 'extension' => $file->getExtension());
         } else {
             $imageDatas = array('filename' => '', 'filepath' => '', 'filesize' => '', 'fileicon' => '', 'extension' => '');
         }
         $imageDatas['module'] = $moduleCodename;
         $imageDatas['visualisation'] = RESOURCE_DATA_LOCATION_EDITED;
         if ($params['useDistinctZoom'] || $this->_subfieldValues[2]->getValue()) {
             //update files infos if needed
             if ($this->_subfieldValues[2]->getValue() && file_exists(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[2]->getValue())) {
                 $file = new CMS_file(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[2]->getValue());
                 $zoomDatas = array('filename' => $file->getName(false), 'filepath' => $file->getFilePath(CMS_file::WEBROOT), 'filesize' => $file->getFileSize(), 'fileicon' => $file->getFileIcon(CMS_file::WEBROOT), 'extension' => $file->getExtension());
             } else {
                 $zoomDatas = array('filename' => '', 'filepath' => '', 'filesize' => '', 'fileicon' => '', 'extension' => '');
             }
             $zoomDatas['module'] = $moduleCodename;
             $zoomDatas['visualisation'] = RESOURCE_DATA_LOCATION_EDITED;
         } else {
             $zoomDatas = '';
         }
         $content = array('datas' => array('polymodFieldsValue[' . $prefixName . $this->_field->getID() . '_0]' => $imageDatas, 'polymodFieldsValue[' . $prefixName . $this->_field->getID() . '_2]' => $zoomDatas, 'polymodFieldsValue[' . $prefixName . $this->_field->getID() . '_1]' => sensitiveIO::decodeEntities($this->_subfieldValues[1]->getValue())));
         $view = CMS_view::getInstance();
         $view->addContent($content);
         return true;
     } else {
         //Old format
         //delete old images ?
         if (isset($values[$prefixName . $this->_field->getID() . '_delete']) && $values[$prefixName . $this->_field->getID() . '_delete'] == 1) {
             if ($this->_subfieldValues[0]->getValue()) {
                 @unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[0]->getValue());
                 $this->_subfieldValues[0]->setValue('');
             } elseif (isset($values[$prefixName . $this->_field->getID() . '_0_hidden']) && $values[$prefixName . $this->_field->getID() . '_0_hidden']) {
                 @unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $values[$prefixName . $this->_field->getID() . '_0_hidden']);
                 $this->_subfieldValues[0]->setValue('');
             }
             if ($this->_subfieldValues[2]->getValue()) {
                 @unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[2]->getValue());
                 $this->_subfieldValues[2]->setValue('');
             } elseif (isset($values[$prefixName . $this->_field->getID() . '_2_hidden']) && $values[$prefixName . $this->_field->getID() . '_2_hidden']) {
                 @unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $values[$prefixName . $this->_field->getID() . '_2_hidden']);
                 $this->_subfieldValues[2]->setValue('');
             }
         }
         //set label from label field
         if (!$this->_subfieldValues[1]->setValue(io::htmlspecialchars(@$values[$prefixName . $this->_field->getID() . '_1']))) {
             return false;
         }
         //thumbnail
         if (isset($_FILES[$prefixName . $this->_field->getID() . '_0']) && $_FILES[$prefixName . $this->_field->getID() . '_0']['name'] && !$_FILES[$prefixName . $this->_field->getID() . '_0']['error']) {
             //check for image type before doing anything
             if (!in_array(io::strtolower(pathinfo($_FILES[$prefixName . $this->_field->getID() . '_0']["name"], PATHINFO_EXTENSION)), $this->_allowedExtensions)) {
                 return false;
             }
             //set label as image name if none set
             /*if (!$values[$prefixName.$this->_field->getID().'_1']) {
             			if (!$this->_subfieldValues[1]->setValue(io::htmlspecialchars($_FILES[$prefixName.$this->_field->getID().'_0']["name"]))) {
             				return false;
             			}
             		}*/
             //destroy all old images if any
             if ($this->_subfieldValues[0]->getValue()) {
                 @unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[0]->getValue());
                 $this->_subfieldValues[0]->setValue('');
             } elseif (isset($values[$prefixName . $this->_field->getID() . '_0_hidden']) && $values[$prefixName . $this->_field->getID() . '_0_hidden']) {
                 @unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $values[$prefixName . $this->_field->getID() . '_0_hidden']);
                 $this->_subfieldValues[0]->setValue('');
             }
             if ($this->_subfieldValues[2]->getValue()) {
                 @unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[2]->getValue());
                 $this->_subfieldValues[2]->setValue('');
             } elseif (isset($values[$prefixName . $this->_field->getID() . '_2_hidden']) && $values[$prefixName . $this->_field->getID() . '_2_hidden']) {
                 @unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $values[$prefixName . $this->_field->getID() . '_2_hidden']);
                 $this->_subfieldValues[2]->setValue('');
             }
             //set thumbnail (resize it if needed)
             //create thumbnail path
             $path = PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED;
             $filename = "r" . $objectID . "_" . $this->_field->getID() . "_" . io::strtolower(SensitiveIO::sanitizeAsciiString($_FILES[$prefixName . $this->_field->getID() . '_0']["name"]));
             if (io::strlen($filename) > 255) {
                 $filename = sensitiveIO::ellipsis($filename, 255, '-', true);
             }
             //move uploaded file
             $fileDatas = CMS_file::uploadFile($prefixName . $this->_field->getID() . '_0', PATH_TMP_FS);
             if ($fileDatas['error']) {
                 return false;
             }
             if (!CMS_file::moveTo(PATH_TMP_FS . '/' . $fileDatas['filename'], $path . "/" . $filename)) {
                 return false;
             }
             if ($params['maxWidth'] > 0) {
                 $oImage = new CMS_image($path . "/" . $filename);
                 //get current file size
                 $sizeX = $oImage->getWidth();
                 $sizeY = $oImage->getHeight();
                 //check thumbnail size
                 if ($sizeX > $params['maxWidth'] || $sizeY > $params['maxHeight']) {
                     $newSizeX = $sizeX;
                     $newSizeY = $sizeY;
                     // Check width
                     if ($params['maxWidth'] && $newSizeX > $params['maxWidth']) {
                         $newSizeY = round($params['maxWidth'] * $newSizeY / $newSizeX);
                         $newSizeX = $params['maxWidth'];
                     }
                     if ($params['maxHeight'] && $newSizeY > $params['maxHeight']) {
                         $newSizeX = round($params['maxHeight'] * $newSizeX / $newSizeY);
                         $newSizeY = $params['maxHeight'];
                     }
                     //resize image
                     $srcfilepath = $path . "/" . $filename;
                     $path_parts = pathinfo($srcfilepath);
                     $thumbnailFilename = io::substr($path_parts['basename'], 0, -(io::strlen($path_parts['extension']) + 1)) . '_thumbnail.' . $path_parts['extension'];
                     $destfilepath = $path . "/" . $thumbnailFilename;
                     $extension = io::strtolower($path_parts['extension']);
                     if (!$oImage->resize($newSizeX, $newSizeY, $destfilepath)) {
                         return false;
                     }
                     //if we use original image as image zoom, set it
                     if ($values[$prefixName . $this->_field->getID() . '_makeZoom'] == 1) {
                         //set image zoom
                         if (!$this->_subfieldValues[2]->setValue($filename)) {
                             return false;
                         }
                     } else {
                         //destroy original image
                         unlink($srcfilepath);
                     }
                     //set resized thumbnail
                     if (!$this->_subfieldValues[0]->setValue($thumbnailFilename)) {
                         return false;
                     }
                 } else {
                     //no need to resize thumbnail (below the maximum width), so set it
                     if (!$this->_subfieldValues[0]->setValue($filename)) {
                         return false;
                     }
                     //if we use original image as image zoom, set it
                     if ($values[$prefixName . $this->_field->getID() . '_makeZoom'] == 1) {
                         //set image zoom
                         if (!$this->_subfieldValues[2]->setValue($filename)) {
                             return false;
                         }
                     }
                 }
             } else {
                 //no need to resize thumbnail, so set it
                 if (!$this->_subfieldValues[0]->setValue($filename)) {
                     return false;
                 }
                 //if we use original image as image zoom, set it
                 if ($values[$prefixName . $this->_field->getID() . '_makeZoom'] == 1) {
                     //set image zoom
                     if (!$this->_subfieldValues[2]->setValue($filename)) {
                         return false;
                     }
                 }
             }
         } elseif (isset($_FILES[$prefixName . $this->_field->getID() . '_0']) && $_FILES[$prefixName . $this->_field->getID() . '_0']['name'] && $_FILES[$prefixName . $this->_field->getID() . '_0']['error'] != 0) {
             return false;
         } elseif (isset($values[$prefixName . $this->_field->getID() . '_0_hidden']) && $values[$prefixName . $this->_field->getID() . '_0_hidden'] && (!isset($values[$prefixName . $this->_field->getID() . '_delete']) || $values[$prefixName . $this->_field->getID() . '_delete'] != 1)) {
             //set label as image name if none set
             if (!$this->_subfieldValues[0]->setValue($values[$prefixName . $this->_field->getID() . '_0_hidden'])) {
                 return false;
             }
         }
         //image zoom (if needed)
         if (isset($values[$prefixName . $this->_field->getID() . '_makeZoom']) && $values[$prefixName . $this->_field->getID() . '_makeZoom'] != 1 && isset($_FILES[$prefixName . $this->_field->getID() . '_2']['name']) && $_FILES[$prefixName . $this->_field->getID() . '_2']['name'] && !$_FILES[$prefixName . $this->_field->getID() . '_2']['error']) {
             //check for image type before doing anything
             if (!in_array(io::strtolower(pathinfo($_FILES[$prefixName . $this->_field->getID() . '_2']["name"], PATHINFO_EXTENSION)), $this->_allowedExtensions)) {
                 return false;
             }
             //create thumbnail path
             $path = PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED;
             $filename = "r" . $objectID . "_" . $this->_field->getID() . "_" . io::strtolower(SensitiveIO::sanitizeAsciiString($_FILES[$prefixName . $this->_field->getID() . '_2']["name"]));
             if (io::strlen($filename) > 255) {
                 $filename = sensitiveIO::ellipsis($filename, 255, '-', true);
             }
             //move uploaded file
             $fileDatas = CMS_file::uploadFile($prefixName . $this->_field->getID() . '_2', PATH_TMP_FS);
             if ($fileDatas['error']) {
                 return false;
             }
             if (!CMS_file::moveTo(PATH_TMP_FS . '/' . $fileDatas['filename'], $path . "/" . $filename)) {
                 return false;
             }
             //set it
             if (!$this->_subfieldValues[2]->setValue($filename)) {
                 return false;
             }
         } elseif (isset($_FILES[$prefixName . $this->_field->getID() . '_2']) && $_FILES[$prefixName . $this->_field->getID() . '_2']['name'] && $_FILES[$prefixName . $this->_field->getID() . '_2']['error'] != 0) {
             return false;
         } elseif (isset($values[$prefixName . $this->_field->getID() . '_2_hidden']) && $values[$prefixName . $this->_field->getID() . '_2_hidden'] && (!isset($values[$prefixName . $this->_field->getID() . '_delete']) || $values[$prefixName . $this->_field->getID() . '_delete'] != 1)) {
             if (!$this->_subfieldValues[2]->setValue($values[$prefixName . $this->_field->getID() . '_2_hidden'])) {
                 return false;
             }
         }
         return true;
     }
 }
Exemplo n.º 4
0
 * Used accross a fileupload request to process one uploaded file
 * 
 * @package Automne
 * @subpackage admin
 * @author Sébastien Pauchet <*****@*****.**>
 */
require_once dirname(__FILE__) . '/../../cms_rc_admin.php';
//load interface instance
$view = CMS_view::getInstance();
//set default display mode for this page
$view->setDisplayMode(CMS_view::SHOW_JSON);
//This file is an admin file. Interface must be secure
$view->setSecure();
$file = sensitiveIO::sanitizeAsciiString(sensitiveIO::request('file'));
$module = sensitiveIO::sanitizeAsciiString(sensitiveIO::request('module'));
$visualisation = sensitiveIO::sanitizeAsciiString(sensitiveIO::request('visualisation'));
$fileDatas = array('filename' => '', 'filepath' => '', 'filesize' => '', 'fileicon' => '', 'module' => $module, 'visualisation' => $visualisation);
if (!$file || !$module) {
    $view->setContent($fileDatas);
    $view->show();
}
//check for the given file for queried module
if (!file_exists(PATH_MODULES_FILES_FS . '/' . $module . '/' . $visualisation . '/' . $file)) {
    $view->setContent($fileDatas);
    $view->show();
}
$file = new CMS_file(PATH_MODULES_FILES_FS . '/' . $module . '/' . $visualisation . '/' . $file);
//return file datas
$fileDatas = array('filename' => $file->getName(false), 'filepath' => $file->getFilePath(CMS_file::WEBROOT), 'filesize' => $file->getFileSize(), 'fileicon' => $file->getFileIcon(CMS_file::WEBROOT), 'extension' => $file->getExtension(), 'module' => $module, 'visualisation' => $visualisation);
$view->setContent($fileDatas);
$view->show();
Exemplo n.º 5
0
 /**
  * set object Values
  *
  * @param array $values : the POST result values
  * @param string prefixname : the prefix used for post names
  * @param boolean newFormat : new automne v4 format (default false for compatibility)
  * @param integer $objectID : the current object id. Must be set, but default is blank for compatibility with other objects
  * @return boolean true on success, false on failure
  * @access public
  */
 function setValues($values, $prefixName, $newFormat = false, $objectID = '')
 {
     if (!sensitiveIO::isPositiveInteger($objectID)) {
         $this->raiseError('ObjectID must be a positive integer : ' . $objectID);
         return false;
     }
     //get field parameters
     $params = $this->getParamsValues();
     //get module codename
     $moduleCodename = CMS_poly_object_catalog::getModuleCodenameForField($this->_field->getID());
     if ($newFormat) {
         //delete old files ?
         //thumbnail
         if ($this->_subfieldValues[1]->getValue() && (!$values[$prefixName . $this->_field->getID() . '_1'] || pathinfo($values[$prefixName . $this->_field->getID() . '_1'], PATHINFO_BASENAME) != $this->_subfieldValues[1]->getValue())) {
             @unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[1]->getValue());
             $this->_subfieldValues[1]->setValue('');
         }
         //file
         if ($this->_subfieldValues[4]->getValue() && (!$values[$prefixName . $this->_field->getID() . '_4'] || pathinfo($values[$prefixName . $this->_field->getID() . '_4'], PATHINFO_BASENAME) != $this->_subfieldValues[4]->getValue())) {
             @unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[4]->getValue());
             $this->_subfieldValues[4]->setValue('');
             //reset filesize
             if (!$this->_subfieldValues[2]->setValue(0)) {
                 return false;
             }
         }
         if (!(isset($values[$prefixName . $this->_field->getID() . '_0']) && $this->_subfieldValues[0]->setValue(io::htmlspecialchars($values[$prefixName . $this->_field->getID() . '_0'])))) {
             return false;
         }
         //thumbnail
         if (isset($values[$prefixName . $this->_field->getID() . '_1']) && $values[$prefixName . $this->_field->getID() . '_1'] && io::strpos($values[$prefixName . $this->_field->getID() . '_1'], PATH_UPLOAD_WR . '/') !== false) {
             $filename = $values[$prefixName . $this->_field->getID() . '_1'];
             //check for image type before doing anything
             if (!in_array(io::strtolower(pathinfo($filename, PATHINFO_EXTENSION)), $this->_allowedExtensions)) {
                 return false;
             }
             //destroy old image if any
             if ($this->_subfieldValues[1]->getValue()) {
                 @unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[1]->getValue());
                 $this->_subfieldValues[1]->setValue('');
             }
             //move and rename uploaded file
             $filename = str_replace(PATH_UPLOAD_WR . '/', PATH_UPLOAD_FS . '/', $filename);
             $basename = pathinfo($filename, PATHINFO_BASENAME);
             //set thumbnail
             $path = PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED;
             $newBasename = "r" . $objectID . "_" . $this->_field->getID() . "_" . io::strtolower(SensitiveIO::sanitizeAsciiString($basename));
             //rename image
             $path_parts = pathinfo($newBasename);
             $extension = io::strtolower($path_parts['extension']);
             $newBasename = io::substr($path_parts['basename'], 0, -(io::strlen($extension) + 1)) . '_thumbnail.' . $extension;
             if (io::strlen($newBasename) > 255) {
                 $newBasename = sensitiveIO::ellipsis($newBasename, 255, '-', true);
             }
             $newFilename = $path . '/' . $newBasename;
             //move file from upload dir to new dir
             CMS_file::moveTo($filename, $newFilename);
             CMS_file::chmodFile(FILES_CHMOD, $newFilename);
             //resize thumbnail if needed
             if ($params['thumbMaxWidth'] > 0 || $params['thumbMaxHeight'] > 0) {
                 $oImage = new CMS_image($newFilename);
                 //get current file size
                 $sizeX = $oImage->getWidth();
                 $sizeY = $oImage->getHeight();
                 //check thumbnail size
                 list($sizeX, $sizeY) = @getimagesize($newFilename);
                 if ($params['thumbMaxWidth'] && $sizeX > $params['thumbMaxWidth'] || $params['thumbMaxHeight'] && $sizeY > $params['thumbMaxHeight']) {
                     $newSizeX = $sizeX;
                     $newSizeY = $sizeY;
                     // Check width
                     if ($params['thumbMaxWidth'] && $newSizeX > $params['thumbMaxWidth']) {
                         $newSizeY = round($params['thumbMaxWidth'] * $newSizeY / $newSizeX);
                         $newSizeX = $params['thumbMaxWidth'];
                     }
                     if ($params['thumbMaxHeight'] && $newSizeY > $params['thumbMaxHeight']) {
                         $newSizeX = round($params['thumbMaxHeight'] * $newSizeX / $newSizeY);
                         $newSizeY = $params['thumbMaxHeight'];
                     }
                     if (!$oImage->resize($newSizeX, $newSizeY, $newFilename)) {
                         return false;
                     }
                 }
             }
             //set thumbnail
             if (!$this->_subfieldValues[1]->setValue($newBasename)) {
                 return false;
             }
         }
         //File
         //1- from external location
         if (isset($values[$prefixName . $this->_field->getID() . '_externalfile']) && $values[$prefixName . $this->_field->getID() . '_externalfile']) {
             //from FTP directory
             $filename = $values[$prefixName . $this->_field->getID() . '_externalfile'];
             //check file extension
             if ($params['allowedType'] || $params['disallowedType']) {
                 $extension = io::strtolower(pathinfo($filename, PATHINFO_EXTENSION));
                 if (!$extension) {
                     return false;
                 }
                 //extension must be in allowed list
                 if ($params['allowedType'] && !in_array($extension, explode(',', io::strtolower($params['allowedType'])))) {
                     return false;
                 }
                 //extension must not be in disallowed list
                 if ($params['disallowedType'] && in_array($extension, explode(',', io::strtolower($params['disallowedType'])))) {
                     return false;
                 }
             }
             //destroy old file if any
             if ($this->_subfieldValues[4]->getValue()) {
                 @unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[4]->getValue());
                 $this->_subfieldValues[4]->setValue('');
             }
             $new_filename = 'r' . $objectID . "_" . $this->_field->getID() . "_" . io::strtolower(SensitiveIO::sanitizeAsciiString($filename));
             if (io::strlen($new_filename) > 255) {
                 $new_filename = sensitiveIO::ellipsis($new_filename, 255, '-', true);
             }
             $destination_path = PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/';
             $ftp_dir = PATH_REALROOT_FS . $params['ftpDir'];
             if (@file_exists($ftp_dir . $filename) && is_file($ftp_dir . $filename)) {
                 if (CMS_file::moveTo($ftp_dir . $filename, $destination_path . '/' . $new_filename)) {
                     CMS_file::chmodFile(FILES_CHMOD, $destination_path . '/' . $new_filename);
                     //set label as file name if none set
                     if (!$values[$prefixName . $this->_field->getID() . '_0']) {
                         if (!$this->_subfieldValues[0]->setValue(io::htmlspecialchars($filename))) {
                             return false;
                         }
                     }
                     //set it
                     if (!$this->_subfieldValues[4]->setValue($new_filename)) {
                         return false;
                     }
                     //and set filesize
                     $filesize = @filesize($destination_path . '/' . $new_filename);
                     if ($filesize !== false && $filesize > 0) {
                         //convert in MB
                         $filesize = round($filesize / 1048576, 2);
                     } else {
                         $filesize = '0';
                     }
                     if (!$this->_subfieldValues[2]->setValue($filesize)) {
                         return false;
                     }
                     //set file type
                     if (!$this->_subfieldValues[3]->setValue(self::OBJECT_FILE_TYPE_INTERNAL)) {
                         return false;
                     }
                 } else {
                     return false;
                 }
             } else {
                 return false;
             }
         } else {
             //2- from post
             if ($values[$prefixName . $this->_field->getID() . '_4'] && io::strpos($values[$prefixName . $this->_field->getID() . '_4'], PATH_UPLOAD_WR . '/') !== false) {
                 //check file extension
                 if ($params['allowedType'] || $params['disallowedType']) {
                     $extension = io::strtolower(pathinfo($values[$prefixName . $this->_field->getID() . '_4'], PATHINFO_EXTENSION));
                     if (!$extension) {
                         return false;
                     }
                     //extension must be in allowed list
                     if ($params['allowedType'] && !in_array($extension, explode(',', io::strtolower($params['allowedType'])))) {
                         return false;
                     }
                     //extension must not be in disallowed list
                     if ($params['disallowedType'] && in_array($extension, explode(',', io::strtolower($params['disallowedType'])))) {
                         return false;
                     }
                 }
                 //set file type
                 if (!$this->_subfieldValues[3]->setValue(self::OBJECT_FILE_TYPE_INTERNAL)) {
                     return false;
                 }
                 //destroy old file if any
                 if ($this->_subfieldValues[4]->getValue()) {
                     @unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[4]->getValue());
                     $this->_subfieldValues[4]->setValue('');
                 }
                 //move and rename uploaded file
                 $filename = str_replace(PATH_UPLOAD_WR . '/', PATH_UPLOAD_FS . '/', $values[$prefixName . $this->_field->getID() . '_4']);
                 $basename = pathinfo($filename, PATHINFO_BASENAME);
                 //create file path
                 $path = PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED;
                 $newBasename = "r" . $objectID . "_" . $this->_field->getID() . "_" . io::strtolower(SensitiveIO::sanitizeAsciiString($basename));
                 if (io::strlen($newBasename) > 255) {
                     $newBasename = sensitiveIO::ellipsis($newBasename, 255, '-', true);
                 }
                 $newFilename = $path . '/' . $newBasename;
                 if (!CMS_file::moveTo($filename, $newFilename)) {
                     return false;
                 }
                 CMS_file::chmodFile(FILES_CHMOD, $newFilename);
                 //set it
                 if (!$this->_subfieldValues[4]->setValue($newBasename)) {
                     return false;
                 }
                 //and set filesize
                 $filesize = @filesize($newFilename);
                 if ($filesize !== false && $filesize > 0) {
                     //convert in MB
                     $filesize = round($filesize / 1048576, 2);
                 } else {
                     $filesize = '0';
                 }
                 if (!$this->_subfieldValues[2]->setValue($filesize)) {
                     return false;
                 }
             }
         }
         // If label not set yet, set it
         if (!$this->_subfieldValues[0]->getValue()) {
             if ($this->_subfieldValues[4]->getValue()) {
                 $this->_subfieldValues[0]->setValue($this->_subfieldValues[4]->getValue());
             }
         }
         //update files infos if needed
         if ($this->_subfieldValues[1]->getValue() && file_exists(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[1]->getValue())) {
             $file = new CMS_file(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[1]->getValue());
             $imageDatas = array('filename' => $file->getName(false), 'filepath' => $file->getFilePath(CMS_file::WEBROOT), 'filesize' => $file->getFileSize(), 'fileicon' => $file->getFileIcon(CMS_file::WEBROOT), 'extension' => $file->getExtension());
         } else {
             $imageDatas = array('filename' => '', 'filepath' => '', 'filesize' => '', 'fileicon' => '', 'extension' => '');
         }
         //update files infos if needed
         if ($this->_subfieldValues[4]->getValue() && file_exists(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[4]->getValue())) {
             $file = new CMS_file(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[4]->getValue());
             $fileDatas = array('filename' => $file->getName(false), 'filepath' => $file->getFilePath(CMS_file::WEBROOT), 'filesize' => $file->getFileSize(), 'fileicon' => $file->getFileIcon(CMS_file::WEBROOT), 'extension' => $file->getExtension());
         } else {
             $fileDatas = array('filename' => '', 'filepath' => '', 'filesize' => '', 'fileicon' => '', 'extension' => '');
         }
         $imageDatas['module'] = $fileDatas['module'] = $moduleCodename;
         $imageDatas['visualisation'] = $fileDatas['visualisation'] = RESOURCE_DATA_LOCATION_EDITED;
         $content = array('datas' => array('polymodFieldsValue[' . $prefixName . $this->_field->getID() . '_1]' => $imageDatas, 'polymodFieldsValue[' . $prefixName . $this->_field->getID() . '_4]' => $fileDatas, 'polymodFieldsValue[' . $prefixName . $this->_field->getID() . '_externalfile]' => '', 'polymodFieldsValue[' . $prefixName . $this->_field->getID() . '_0]' => sensitiveIO::decodeEntities($this->_subfieldValues[0]->getValue())));
         $view = CMS_view::getInstance();
         $view->addContent($content);
         return true;
     } else {
         //Old format
         //delete old files ?
         if (isset($values[$prefixName . $this->_field->getID() . '_delete']) && $values[$prefixName . $this->_field->getID() . '_delete'] == 1) {
             //thumbnail
             if ($this->_subfieldValues[1]->getValue()) {
                 @unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[1]->getValue());
                 $this->_subfieldValues[1]->setValue('');
             } elseif ($values[$prefixName . $this->_field->getID() . '_1_hidden']) {
                 @unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $values[$prefixName . $this->_field->getID() . '_1_hidden']);
                 $this->_subfieldValues[1]->setValue('');
             }
             //file
             if ($this->_subfieldValues[4]->getValue()) {
                 @unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[4]->getValue());
                 $this->_subfieldValues[4]->setValue('');
             } elseif ($values[$prefixName . $this->_field->getID() . '_4_hidden']) {
                 @unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $values[$prefixName . $this->_field->getID() . '_4_hidden']);
                 $this->_subfieldValues[4]->setValue('');
             }
             //reset filesize
             if (!$this->_subfieldValues[2]->setValue(0)) {
                 return false;
             }
         }
         if (!(isset($values[$prefixName . $this->_field->getID() . '_0']) && $this->_subfieldValues[0]->setValue(io::htmlspecialchars($values[$prefixName . $this->_field->getID() . '_0'])))) {
             return false;
         }
         //thumbnail
         if (isset($_FILES[$prefixName . $this->_field->getID() . '_1']) && $_FILES[$prefixName . $this->_field->getID() . '_1']['name'] && !$_FILES[$prefixName . $this->_field->getID() . '_1']['error']) {
             //check for image type before doing anything
             if (!in_array(io::strtolower(pathinfo($_FILES[$prefixName . $this->_field->getID() . '_1']["name"], PATHINFO_EXTENSION)), $this->_allowedExtensions)) {
                 return false;
             }
             //destroy old image if any
             if ($this->_subfieldValues[1]->getValue()) {
                 @unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[1]->getValue());
                 $this->_subfieldValues[1]->setValue('');
             } elseif ($values[$prefixName . $this->_field->getID() . '_1_hidden']) {
                 @unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $values[$prefixName . $this->_field->getID() . '_1_hidden']);
                 $this->_subfieldValues[1]->setValue('');
             }
             //set thumbnail (resize it if needed)
             //create thumbnail path
             $path = PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED;
             $filename = "r" . $objectID . "_" . $this->_field->getID() . "_" . io::strtolower(SensitiveIO::sanitizeAsciiString($_FILES[$prefixName . $this->_field->getID() . '_1']["name"]));
             if (io::strlen($filename) > 255) {
                 $filename = sensitiveIO::ellipsis($filename, 255, '-', true);
             }
             //move uploaded file
             $fileDatas = CMS_file::uploadFile($prefixName . $this->_field->getID() . '_1', PATH_TMP_FS);
             if ($fileDatas['error']) {
                 return false;
             }
             if (!CMS_file::moveTo(PATH_TMP_FS . '/' . $fileDatas['filename'], $path . "/" . $filename)) {
                 return false;
             }
             if ($params['thumbMaxWidth'] > 0 || $params['thumbMaxHeight'] > 0) {
                 $oImage = new CMS_image($path . "/" . $filename);
                 //get current file size
                 $sizeX = $oImage->getWidth();
                 $sizeY = $oImage->getHeight();
                 //check thumbnail size
                 if ($sizeX > $params['thumbMaxWidth'] || $sizeX > $params['thumbMaxHeight']) {
                     $newSizeX = $sizeX;
                     $newSizeY = $sizeY;
                     // Check width
                     if ($params['thumbMaxWidth'] && $newSizeX > $params['thumbMaxWidth']) {
                         $newSizeY = round($params['thumbMaxWidth'] * $newSizeY / $newSizeX);
                         $newSizeX = $params['thumbMaxWidth'];
                     }
                     if ($params['thumbMaxHeight'] && $newSizeY > $params['thumbMaxHeight']) {
                         $newSizeX = round($params['thumbMaxHeight'] * $newSizeX / $newSizeY);
                         $newSizeY = $params['thumbMaxHeight'];
                     }
                     //resize image
                     $srcfilepath = $path . "/" . $filename;
                     $path_parts = pathinfo($srcfilepath);
                     $thumbnailFilename = io::substr($path_parts['basename'], 0, -(io::strlen($path_parts['extension']) + 1)) . '.png';
                     $destfilepath = $path . "/" . $thumbnailFilename;
                     if (!$oImage->resize($newSizeX, $newSizeY, $destfilepath)) {
                         return false;
                     }
                     //destroy original image
                     @unlink($srcfilepath);
                     //set resized thumbnail
                     if (!$this->_subfieldValues[1]->setValue($thumbnailFilename)) {
                         return false;
                     }
                 } else {
                     //no need to resize thumbnail (below the maximum width), so set it
                     if (!$this->_subfieldValues[1]->setValue($filename)) {
                         return false;
                     }
                 }
             } else {
                 //no need to resize thumbnail (no size limit), so set it
                 if (!$this->_subfieldValues[1]->setValue($filename)) {
                     return false;
                 }
             }
         } elseif (isset($_FILES[$prefixName . $this->_field->getID() . '_1']) && $_FILES[$prefixName . $this->_field->getID() . '_1']['name'] && $_FILES[$prefixName . $this->_field->getID() . '_1']['error'] != 0) {
             return false;
         } elseif (isset($values[$prefixName . $this->_field->getID() . '_1_hidden']) && $values[$prefixName . $this->_field->getID() . '_1_hidden'] && $values[$prefixName . $this->_field->getID() . '_delete'] != 1) {
             if (!$this->_subfieldValues[1]->setValue($values[$prefixName . $this->_field->getID() . '_1_hidden'])) {
                 return false;
             }
         }
         //File
         //1- from external location
         if (isset($values[$prefixName . $this->_field->getID() . '_externalfile']) && $values[$prefixName . $this->_field->getID() . '_externalfile']) {
             //destroy old file if any
             if ($this->_subfieldValues[4]->getValue()) {
                 @unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[4]->getValue());
                 $this->_subfieldValues[4]->setValue('');
             } elseif ($values[$prefixName . $this->_field->getID() . '_4_hidden']) {
                 @unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $values[$prefixName . $this->_field->getID() . '_4_hidden']);
                 $this->_subfieldValues[4]->setValue('');
             }
             //from FTP directory
             $filename = $values[$prefixName . $this->_field->getID() . '_externalfile'];
             //io::substr($values[$prefixName.$this->_field->getID().'_externalfile'], 1);
             //check file extension
             if ($params['allowedType'] || $params['disallowedType']) {
                 $extension = io::strtolower(pathinfo($filename, PATHINFO_EXTENSION));
                 if (!$extension) {
                     return false;
                 }
                 //extension must be in allowed list
                 if ($params['allowedType'] && !in_array($extension, explode(',', io::strtolower($params['allowedType'])))) {
                     return false;
                 }
                 //extension must not be in disallowed list
                 if ($params['disallowedType'] && in_array($extension, explode(',', io::strtolower($params['disallowedType'])))) {
                     return false;
                 }
             }
             $new_filename = 'r' . $objectID . "_" . $this->_field->getID() . "_" . io::strtolower(SensitiveIO::sanitizeAsciiString($filename));
             if (io::strlen($new_filename) > 255) {
                 $new_filename = sensitiveIO::ellipsis($new_filename, 255, '-', true);
             }
             $destination_path = PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/';
             $ftp_dir = PATH_REALROOT_FS . $params['ftpDir'];
             if (@file_exists($ftp_dir . $filename) && is_file($ftp_dir . $filename)) {
                 if (@copy($ftp_dir . $filename, $destination_path . '/' . $new_filename)) {
                     @chmod($destination_path . '/' . $new_filename, octdec(FILES_CHMOD));
                     //set label as file name if none set
                     if (!$values[$prefixName . $this->_field->getID() . '_0']) {
                         if (!$this->_subfieldValues[0]->setValue(io::htmlspecialchars($filename))) {
                             return false;
                         }
                     }
                     //set it
                     if (!$this->_subfieldValues[4]->setValue($new_filename)) {
                         return false;
                     }
                     //and set filesize
                     $filesize = @filesize($destination_path . '/' . $new_filename);
                     if ($filesize !== false && $filesize > 0) {
                         //convert in MB
                         $filesize = round($filesize / 1048576, 2);
                     } else {
                         $filesize = '0';
                     }
                     if (!$this->_subfieldValues[2]->setValue($filesize)) {
                         return false;
                     }
                     //set file type
                     if (!$this->_subfieldValues[3]->setValue(self::OBJECT_FILE_TYPE_INTERNAL)) {
                         return false;
                     }
                 } else {
                     return false;
                 }
             } else {
                 return false;
             }
         } else {
             //2- from post
             if (isset($_FILES[$prefixName . $this->_field->getID() . '_4']) && $_FILES[$prefixName . $this->_field->getID() . '_4']['name'] && !$_FILES[$prefixName . $this->_field->getID() . '_4']['error']) {
                 //check file extension
                 if ($params['allowedType'] || $params['disallowedType']) {
                     $extension = io::strtolower(pathinfo($_FILES[$prefixName . $this->_field->getID() . '_4']['name'], PATHINFO_EXTENSION));
                     if (!$extension) {
                         return false;
                     }
                     //extension must be in allowed list
                     if ($params['allowedType'] && !in_array($extension, explode(',', io::strtolower($params['allowedType'])))) {
                         return false;
                     }
                     //extension must not be in disallowed list
                     if ($params['disallowedType'] && in_array($extension, explode(',', io::strtolower($params['disallowedType'])))) {
                         return false;
                     }
                 }
                 //set label as image name if none set
                 if (!$values[$prefixName . $this->_field->getID() . '_0']) {
                     if (!$this->_subfieldValues[0]->setValue(io::htmlspecialchars($_FILES[$prefixName . $this->_field->getID() . '_4']["name"]))) {
                         return false;
                     }
                 }
                 //set file type
                 if (!$this->_subfieldValues[3]->setValue(self::OBJECT_FILE_TYPE_INTERNAL)) {
                     return false;
                 }
                 //destroy old file if any
                 if ($this->_subfieldValues[4]->getValue()) {
                     @unlink(PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED . '/' . $this->_subfieldValues[4]->getValue());
                     $this->_subfieldValues[4]->setValue('');
                 }
                 //create thumnail path
                 $path = PATH_MODULES_FILES_FS . '/' . $moduleCodename . '/' . RESOURCE_DATA_LOCATION_EDITED;
                 $filename = "r" . $objectID . "_" . $this->_field->getID() . "_" . io::strtolower(SensitiveIO::sanitizeAsciiString($_FILES[$prefixName . $this->_field->getID() . '_4']["name"]));
                 if (io::strlen($filename) > 255) {
                     $filename = sensitiveIO::ellipsis($filename, 255, '-', true);
                 }
                 //move uploaded file
                 $fileDatas = CMS_file::uploadFile($prefixName . $this->_field->getID() . '_4', PATH_TMP_FS);
                 if ($fileDatas['error']) {
                     return false;
                 }
                 if (!CMS_file::moveTo(PATH_TMP_FS . '/' . $fileDatas['filename'], $path . "/" . $filename)) {
                     return false;
                 }
                 //set it
                 if (!$this->_subfieldValues[4]->setValue($filename)) {
                     return false;
                 }
                 //and set filesize
                 $filesize = @filesize($path . "/" . $filename);
                 if ($filesize !== false && $filesize > 0) {
                     //convert in MB
                     $filesize = round($filesize / 1048576, 2);
                 } else {
                     $filesize = '0';
                 }
                 if (!$this->_subfieldValues[2]->setValue($filesize)) {
                     return false;
                 }
             } elseif (isset($_FILES[$prefixName . $this->_field->getID() . '_4']) && $_FILES[$prefixName . $this->_field->getID() . '_4']['name'] && $_FILES[$prefixName . $this->_field->getID() . '_4']['error'] != 0) {
                 return false;
             } else {
                 //from hidden fields (previously set but not already saved)
                 if (isset($values[$prefixName . $this->_field->getID() . '_4_hidden']) && $values[$prefixName . $this->_field->getID() . '_4_hidden'] && (!isset($values[$prefixName . $this->_field->getID() . '_delete']) || $values[$prefixName . $this->_field->getID() . '_delete'] != 1)) {
                     //set label as image name if none set
                     if ($values[$prefixName . $this->_field->getID() . '_0']) {
                         if (!$this->_subfieldValues[0]->setValue(io::htmlspecialchars($values[$prefixName . $this->_field->getID() . '_0']))) {
                             return false;
                         }
                     }
                     //set filesize
                     if (!$this->_subfieldValues[2]->setValue($values[$prefixName . $this->_field->getID() . '_2_hidden'])) {
                         return false;
                     }
                     //set file type
                     if (!$this->_subfieldValues[3]->setValue($values[$prefixName . $this->_field->getID() . '_3_hidden'])) {
                         return false;
                     }
                     if (!$this->_subfieldValues[4]->setValue($values[$prefixName . $this->_field->getID() . '_4_hidden'])) {
                         return false;
                     }
                 }
             }
         }
         // If label not set yet, set it
         if (!$this->_subfieldValues[0]->getValue()) {
             if ($this->_subfieldValues[4]->getValue()) {
                 $this->_subfieldValues[0]->setValue($this->_subfieldValues[4]->getValue());
             }
         }
         return true;
     }
 }
Exemplo n.º 6
0
 /**
  * Upload a file with as much as security we can
  *
  * @param string $fileVarName, var name in which we can found the file in $_FILES
  * @param string $destinationDirFS, the destination dir in which we want the file to be moved
  * @return array of uploaded file meta datas
  */
 function uploadFile($fileVarName = 'Filedata', $destinationDirFS = PATH_UPLOAD_FS)
 {
     //for security, clean all files older than 4h in both uploads directories
     $yesterday = time() - 14400;
     //4h
     try {
         foreach (new DirectoryIterator(PATH_UPLOAD_FS) as $file) {
             if ($file->isFile() && $file->getFilename() != ".htaccess" && $file->getMTime() < $yesterday) {
                 @unlink($file->getPathname());
             }
         }
     } catch (Exception $e) {
     }
     try {
         foreach (new DirectoryIterator(PATH_UPLOAD_VAULT_FS) as $file) {
             if ($file->isFile() && $file->getFilename() != ".htaccess" && $file->getMTime() < $yesterday) {
                 @unlink($file->getPathname());
             }
         }
     } catch (Exception $e) {
     }
     //init returned file datas
     $fileDatas = array('error' => 0, 'filename' => '', 'filepath' => '', 'filesize' => '', 'fileicon' => '', 'success' => false);
     // Check if the upload exists
     if (!isset($_FILES[$fileVarName]) || !is_uploaded_file($_FILES[$fileVarName]["tmp_name"]) || $_FILES[$fileVarName]["error"] != 0) {
         CMS_grandFather::raiseError('Uploaded file has an error : ' . print_r($_FILES, true));
         $fileDatas['error'] = CMS_file::UPLOAD_UPLOAD_FAILED;
         $view->setContent($fileDatas);
         $view->show();
     }
     //move uploaded file to upload vault (and rename it with a clean name if needed)
     $originalFilename = io::sanitizeAsciiString($_FILES[$fileVarName]["name"]);
     if (io::strlen($originalFilename) > 250) {
         $originalFilename = sensitiveIO::ellipsis($originalFilename, 250, '-');
     }
     //remove multiple extensions to avoid double extension threat (cf. http://www.acunetix.com/websitesecurity/upload-forms-threat.htm)
     if (substr_count('.', $originalFilename) > 1) {
         $parts = pathinfo($originalFilename);
         $originalFilename = str_replace('.', '-', $parts['filename']) . '.' . $parts['extension'];
     }
     $count = 2;
     $filename = $originalFilename;
     while (file_exists(PATH_UPLOAD_VAULT_FS . '/' . $filename) || file_exists($destinationDirFS . '/' . $filename)) {
         $pathinfo = pathinfo($originalFilename);
         $filename = $pathinfo['filename'] . '-' . $count++ . '.' . $pathinfo['extension'];
     }
     if (!@move_uploaded_file($_FILES[$fileVarName]["tmp_name"], PATH_UPLOAD_VAULT_FS . '/' . $filename)) {
         CMS_grandFather::raiseError('Can\'t move uploaded file to : ' . PATH_UPLOAD_VAULT_FS . '/' . $filename);
         $fileDatas['error'] = CMS_file::UPLOAD_FILE_VALIDATION_FAILED;
         return $fileDatas;
     }
     $file = new CMS_file(PATH_UPLOAD_VAULT_FS . '/' . $filename);
     $file->chmod(FILES_CHMOD);
     //check uploaded file
     if (!$file->checkUploadedFile()) {
         $file->delete();
         $fileDatas['error'] = CMS_file::UPLOAD_SECURITY_ERROR;
         return $fileDatas;
     }
     //move file to final directory
     if (!CMS_file::moveTo(PATH_UPLOAD_VAULT_FS . '/' . $filename, $destinationDirFS . '/' . $filename)) {
         $fileDatas['error'] = CMS_file::UPLOAD_FILE_VALIDATION_FAILED;
         return $fileDatas;
     }
     $file = new CMS_file($destinationDirFS . '/' . $filename);
     $file->chmod(FILES_CHMOD);
     //return file datas
     $fileDatas = array('error' => 0, 'filename' => $file->getName(false), 'filepath' => $file->getFilePath(CMS_file::WEBROOT), 'filesize' => $file->getFileSize(), 'fileicon' => $file->getFileIcon(CMS_file::WEBROOT), 'extension' => $file->getExtension(), 'success' => true);
     return $fileDatas;
 }