/**
* This generates an action event and delegates to _media_upload_action().
* Action plugins are allowed to pre/postprocess the uploaded file.
* (The triggered event is preventable.)
*
* Event data:
* $data[0] fn_tmp: the temporary file name (read from $_FILES)
* $data[1] fn: the file name of the uploaded file
* $data[2] id: the future directory id of the uploaded file
* $data[3] imime: the mimetype of the uploaded file
* $data[4] overwrite: if an existing file is going to be overwritten
*
* @triggers MEDIA_UPLOAD_FINISH
*/
function media_save($file, $id, $ow, $auth, $move)
{
if ($auth < AUTH_UPLOAD) {
return array("You don't have permissions to upload files.", -1);
}
if (!isset($file['mime']) || !isset($file['ext'])) {
list($ext, $mime) = mimetype($id);
if (!isset($file['mime'])) {
$file['mime'] = $mime;
}
if (!isset($file['ext'])) {
$file['ext'] = $ext;
}
}
global $lang, $conf;
// get filename
$id = cleanID($id);
$fn = mediaFN($id);
// get filetype regexp
$types = array_keys(getMimeTypes());
$types = array_map(create_function('$q', 'return preg_quote($q,"/");'), $types);
$regex = join('|', $types);
// because a temp file was created already
if (!preg_match('/\\.(' . $regex . ')$/i', $fn)) {
return array($lang['uploadwrong'], -1);
}
//check for overwrite
$overwrite = @file_exists($fn);
$auth_ow = $conf['mediarevisions'] ? AUTH_UPLOAD : AUTH_DELETE;
if ($overwrite && (!$ow || $auth < $auth_ow)) {
return array($lang['uploadexist'], 0);
}
// check for valid content
$ok = media_contentcheck($file['name'], $file['mime']);
if ($ok == -1) {
return array(sprintf($lang['uploadbadcontent'], '.' . $file['ext']), -1);
} elseif ($ok == -2) {
return array($lang['uploadspam'], -1);
} elseif ($ok == -3) {
return array($lang['uploadxss'], -1);
}
// prepare event data
$data[0] = $file['name'];
$data[1] = $fn;
$data[2] = $id;
$data[3] = $file['mime'];
$data[4] = $overwrite;
$data[5] = $move;
// trigger event
return trigger_event('MEDIA_UPLOAD_FINISH', $data, '_media_upload_action', true);
}
/**
* Uploads a file to the wiki.
*
* Michael Klier <*****@*****.**>
*/
function putAttachment($id, $file, $params)
{
$id = cleanID($id);
global $conf;
global $lang;
$auth = auth_quickaclcheck(getNS($id) . ':*');
if ($auth >= AUTH_UPLOAD) {
if (!isset($id)) {
return new IXR_ERROR(1, 'Filename not given.');
}
$ftmp = $conf['tmpdir'] . '/' . md5($id . clientIP());
// save temporary file
@unlink($ftmp);
$buff = base64_decode($file);
io_saveFile($ftmp, $buff);
// get filename
list($iext, $imime, $dl) = mimetype($id);
$id = cleanID($id);
$fn = mediaFN($id);
// get filetype regexp
$types = array_keys(getMimeTypes());
$types = array_map(create_function('$q', 'return preg_quote($q,"/");'), $types);
$regex = join('|', $types);
// because a temp file was created already
if (preg_match('/\\.(' . $regex . ')$/i', $fn)) {
//check for overwrite
$overwrite = @file_exists($fn);
if ($overwrite && (!$params['ow'] || $auth < AUTH_DELETE)) {
return new IXR_ERROR(1, $lang['uploadexist'] . '1');
}
// check for valid content
$ok = media_contentcheck($ftmp, $imime);
if ($ok == -1) {
return new IXR_ERROR(1, sprintf($lang['uploadexist'] . '2', ".{$iext}"));
} elseif ($ok == -2) {
return new IXR_ERROR(1, $lang['uploadspam']);
} elseif ($ok == -3) {
return new IXR_ERROR(1, $lang['uploadxss']);
}
// prepare event data
$data[0] = $ftmp;
$data[1] = $fn;
$data[2] = $id;
$data[3] = $imime;
$data[4] = $overwrite;
// trigger event
return trigger_event('MEDIA_UPLOAD_FINISH', $data, array($this, '_media_upload_action'), true);
} else {
return new IXR_ERROR(1, $lang['uploadwrong']);
}
} else {
return new IXR_ERROR(1, "You don't have permissions to upload files.");
}
}
/**
* Handles media file uploads
*
* This generates an action event and delegates to _media_upload_action().
* Action plugins are allowed to pre/postprocess the uploaded file.
* (The triggered event is preventable.)
*
* Event data:
* $data[0] fn_tmp: the temporary file name (read from $_FILES)
* $data[1] fn: the file name of the uploaded file
* $data[2] id: the future directory id of the uploaded file
* $data[3] imime: the mimetype of the uploaded file
* $data[4] overwrite: if an existing file is going to be overwritten
*
* @triggers MEDIA_UPLOAD_FINISH
* @author Andreas Gohr <*****@*****.**>
* @author Michael Klier <*****@*****.**>
* @return mixed false on error, id of the new file on success
*/
function media_upload($ns, $auth)
{
if ($auth < AUTH_UPLOAD) {
return false;
}
if (!checkSecurityToken()) {
return false;
}
require_once DOKU_INC . 'inc/confutils.php';
global $lang;
global $conf;
// get file and id
$id = $_POST['id'];
$file = $_FILES['upload'];
if (empty($id)) {
$id = $file['name'];
}
// check for errors (messages are done in lib/exe/mediamanager.php)
if ($file['error']) {
return false;
}
// check extensions
list($fext, $fmime, $dl) = mimetype($file['name']);
list($iext, $imime, $dl) = mimetype($id);
if ($fext && !$iext) {
// no extension specified in id - read original one
$id .= '.' . $fext;
$imime = $fmime;
} elseif ($fext && $fext != $iext) {
// extension was changed, print warning
msg(sprintf($lang['mediaextchange'], $fext, $iext));
}
// get filename
$id = cleanID($ns . ':' . $id, false, true);
$fn = mediaFN($id);
// get filetype regexp
$types = array_keys(getMimeTypes());
$types = array_map(create_function('$q', 'return preg_quote($q,"/");'), $types);
$regex = join('|', $types);
// because a temp file was created already
if (preg_match('/\\.(' . $regex . ')$/i', $fn)) {
//check for overwrite
$overwrite = @file_exists($fn);
if ($overwrite && (!$_REQUEST['ow'] || $auth < AUTH_DELETE)) {
msg($lang['uploadexist'], 0);
return false;
}
// check for valid content
$ok = media_contentcheck($file['tmp_name'], $imime);
if ($ok == -1) {
msg(sprintf($lang['uploadbadcontent'], ".{$iext}"), -1);
return false;
} elseif ($ok == -2) {
msg($lang['uploadspam'], -1);
return false;
} elseif ($ok == -3) {
msg($lang['uploadxss'], -1);
return false;
}
// prepare event data
$data[0] = $file['tmp_name'];
$data[1] = $fn;
$data[2] = $id;
$data[3] = $imime;
$data[4] = $overwrite;
// trigger event
return trigger_event('MEDIA_UPLOAD_FINISH', $data, '_media_upload_action', true);
} else {
msg($lang['uploadwrong'], -1);
}
return false;
}
