/**
* Executes all the necessary operation to upload the file in the document tool
*
* @author Hugues Peeters <*****@*****.**>
*
* @param array $uploadedFile - follows the $_FILES Structure
* @param string $baseWorkDir - base working directory of the module
* @param string $uploadPath - destination of the upload.
* This path is to append to $baseWorkDir
* @param int $maxFilledSpace - amount of bytes to not exceed in the base
* working directory
* @param string $uncompress - whether 'unzip' and file is a zip;
* extract the content.
* @param string $allowPHP - if set to true, then there is no security check for .php files (works for zip archives only)
* @return boolean : true if it succeds, false otherwise
*/
function treat_uploaded_file($uploadedFile, $baseWorkDir, $uploadPath, $maxFilledSpace, $uncompress = '', $allowPHP = false)
{
if (file_upload_failed($uploadedFile)) {
$failureStr = get_file_upload_error_message($uploadedFile);
return claro_failure::set_failure($failureStr);
}
if (!enough_size($uploadedFile['size'], $baseWorkDir, $maxFilledSpace)) {
return claro_failure::set_failure(get_lang('The upload has failed. There is not enough space in your directory'));
}
if ($uncompress == 'unzip' && preg_match('/.zip$/i', $uploadedFile['name'])) {
return treat_secure_uploaded_file_unzip($uploadedFile, $uploadPath, $baseWorkDir, $maxFilledSpace, $allowPHP);
} else {
/* TRY TO ADD AN EXTENSION TO FILES WITOUT EXTENSION */
$fileName = $uploadedFile['name'] . add_extension_for_uploaded_file($uploadedFile);
$fileName = trim($uploadedFile['name']);
/* CHECK FOR NO DESIRED CHARACTERS */
$fileName = replace_dangerous_char($fileName);
/* HANDLE DANGEROUS FILE NAME FOR SERVER SECURITY */
$fileName = get_secure_file_name($fileName);
/* COPY THE FILE TO THE DESIRED DESTINATION */
if (move_uploaded_file($uploadedFile['tmp_name'], $baseWorkDir . $uploadPath . '/' . $fileName)) {
chmod($baseWorkDir . $uploadPath . '/' . $fileName, CLARO_FILE_PERMISSIONS);
return $fileName;
} else {
return claro_failure::set_failure(get_lang('File upload failed'));
}
}
}
$expirydate = 0;
} else {
$expirydate = calculate_time_of_next_action($days, $hours, $minutes);
}
} elseif ($expirytype == 'date') {
$day = cleanvar($_REQUEST['day']);
$month = cleanvar($_REQUEST['month']);
$year = cleanvar($_REQUEST['year']);
$date = explode("-", $date);
$expirydate = mktime(0, 0, 0, $month, $day, $year);
} else {
$expirydate = 0;
}
// receive the uploaded file to a temp directory on the local server
if ($_FILES['file']['error'] != '' and $_FILES['file']['error'] != UPLOAD_ERR_OK) {
echo get_file_upload_error_message($_FILES['file']['error'], $_FILES['file']['name']);
} else {
$filepath = $CONFIG['attachment_fspath'] . $file_name;
$mv = move_uploaded_file($_FILES['file']['tmp_name'], $filepath);
if (!mv) {
trigger_error("Problem moving uploaded file from temp directory: {$filepath}", E_USER_WARNING);
}
if (!file_exists($filepath)) {
trigger_error("Error the temporary upload file ({$file}) was not found at: {$filepath}", E_USER_WARNING);
}
// Check file size
$filesize = filesize($filepath);
if ($filesize > $CONFIG['upload_max_filesize']) {
trigger_error("User Error: Attachment too large or file ('.{$file}.') upload error - size: " . filesize($filepath), E_USER_WARNING);
// throwing an error isn't the nicest thing to do for the user but there seems to be no way of
// checking file sizes at the client end before the attachment is uploaded. - INL
$incidentid = $id;
$title = $strFiles;
include APPLICATION_INCPATH . 'incident_html_top.inc.php';
// append incident number to attachment path to show this users attachments
$incident_attachment_fspath = $CONFIG['attachment_fspath'] . $id;
if (empty($incidentid)) {
$incidentid = mysql_real_escape_string($_REQUEST['id']);
}
// append incident number to attachment path to show this users attachments
$incident_attachment_fspath = $CONFIG['attachment_fspath'] . $incidentid;
$att_max_filesize = return_bytes($CONFIG['upload_max_filesize']);
// Have a look to see if we've uploaded a file and process it if we have
if ($_FILES['attachment']['name'] != '') {
// Check if we had an error whilst uploading
if ($_FILES['attachment']['error'] != '' and $_FILES['attachment']['error'] != UPLOAD_ERR_OK) {
echo get_file_upload_error_message($_FILES['attachment']['error'], $_FILES['attachment']['name']);
} else {
// OK to proceed
// Create an entry in the files table
$sql = "INSERT INTO `{$dbFiles}` (category, filename, size, userid, usertype, filedate) ";
$sql .= "VALUES ('public', '{$_FILES['attachment']['name']}', '{$_FILES['attachment']['size']}', '{$sit[2]}', 'user', NOW())";
mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$fileid = mysql_insert_id();
//create update
$updatetext = $SYSLANG['strFileUploaded'] . ": [[att={$fileid}]]{$_FILES['attachment']['name']}[[/att]]";
$currentowner = incident_owner($incidentid);
$currentstatus = incident_status($incidentid);
$sql = "INSERT INTO `{$dbUpdates}` (incidentid, userid, `type`, `currentowner`, `currentstatus`, ";
// File can be an uploaded package file
// or a local package file
// or a local unpackaged file
// later: an url to a package file)
// later: a local repository of many packages
// Actually interface display two input, and only one must be filed. If the user give both , the uploaded package win.
// If it's a zip file, it would be place into package repositorys.
pushClaroMessage(__LINE__ . '<pre>$_FILES =' . var_export($_FILES, 1) . '</pre>', 'dbg');
if (array_key_exists('uploadedModule', $_FILES) || array_key_exists('packageCandidatePath', $_REQUEST)) {
pushClaroMessage(__LINE__ . '<pre>$_REQUEST =' . var_export($_REQUEST, 1) . '</pre>', 'dbg');
// Thread uploaded file
if (array_key_exists('uploadedModule', $_FILES)) {
pushClaroMessage(__LINE__ . 'files founds', 'dbg');
if (file_upload_failed($_FILES['uploadedModule'])) {
$summary = get_lang('Module upload failed');
$details = get_file_upload_error_message($_FILES['uploadedModule']);
$dialogBox->error(Backlog_Reporter::report($summary, $details));
} else {
// move uploadefile to package repository, and unzip them
// actually it's done in function wich must be splited.
if (false !== ($modulePath = get_and_unzip_uploaded_package())) {
$moduleInstallable = true;
} else {
$summary = get_lang('Module unpackaging failed');
$details = implode("<br />\n", claro_failure::get_last_failure());
$dialogBox->error(Backlog_Reporter::report($summary, $details));
}
}
} elseif (array_key_exists('packageCandidatePath', $_REQUEST)) {
// If the target is a zip file, it must be unpack
// If it's a unziped package, We copye the content
}
// check from field
if ($fromfield == '') {
$errors = 1;
$error_string .= "<p class='error'>" . sprintf($strFieldMustNotBeBlank, $strFrom) . "</p>\n";
}
// check reply to field
if ($replytofield == '') {
$errors = 1;
$error_string .= "<p class='error'>" . sprintf($strFieldMustNotBeBlank, $strReplyTo) . "</p>\n";
}
$errorcode = $_FILES['attachment']['error'];
// check the for errors related to file size in php.ini(upload_max_filesize) TODO: Should i18n this..
if ($errorcode == 1 || $errorcode == 2) {
$errors = 1;
$error_string .= "<p>" . get_file_upload_error_message($_FILES['attachment']['error'], $_FILES['attachment']['name']) . "</p>\n";
}
// Store email body in session if theres been an error
if ($errors > 0) {
$_SESSION['temp-emailbody'] = $bodytext;
} else {
unset($_SESSION['temp-emailbody']);
}
// send email if no errors
if ($errors == 0) {
$extra_headers = "Reply-To: {$replytofield}\nErrors-To: " . user_email($sit[2]) . "\n";
$extra_headers .= "X-Mailer: {$CONFIG['application_shortname']} {$application_version_string}/PHP " . phpversion() . "\n";
$extra_headers .= "X-Originating-IP: {$_SERVER['REMOTE_ADDR']}\n";
if ($ccfield != '') {
$extra_headers .= "CC: {$ccfield}\n";
}
