function vjs_begin_delete_elements($ids) { if (count($ids) == 0) { return 0; } $vjs_extensions = array('ogg', 'ogv', 'mp4', 'm4v', 'webm', 'webmv'); $files_ext = array_merge(array(), $vjs_extensions, array_map('strtoupper', $vjs_extensions)); // Find details base on ID and if supported video files $query = ' SELECT id, path, representative_ext FROM ' . IMAGES_TABLE . ' WHERE id IN (' . implode(',', $ids) . ') AND ' . SQL_VIDEOS . ' ;'; $result = pwg_query($query); while ($row = pwg_db_fetch_assoc($result)) { if (url_is_remote($row['path'])) { continue; } $files = array(); $files[] = get_element_path($row); $ok = true; if (!isset($conf['never_delete_originals'])) { foreach ($files as $path) { // Don't delete the actual video or representative // It is done by PWG core // Delete any other video source format $file_wo_ext = pathinfo($path); $file_dir = dirname($path); foreach ($files_ext as $file_ext) { $path_ext = $file_dir . "/pwg_representative/" . $file_wo_ext['filename'] . "." . $file_ext; if (is_file($path_ext) and !unlink($path_ext)) { $ok = false; trigger_error('"' . $path_ext . '" cannot be removed', E_USER_WARNING); break; } } // Delete video thumbnails $filematch = $file_dir . "/pwg_representative/" . $file_wo_ext['filename'] . "-th_*"; $matches = glob($filematch); if (is_array($matches)) { foreach ($matches as $filename) { if (is_file($filename) and !unlink($filename)) { $ok = false; trigger_error('"' . $filename . '" cannot be removed', E_USER_WARNING); break; } } } // End videos thumbnails } // End for each files } // End IF } // End While }
/** * get the full path of an image * * @param array $element_info element information from db (at least 'path') * @return string */ function get_element_path($element_info) { $path = $element_info['path']; if (!url_is_remote($path)) { $path = PHPWG_ROOT_PATH . $path; } return $path; }
list($dbnow) = pwg_db_fetch_row(pwg_query('SELECT NOW();')); define('CURRENT_DATE', $dbnow); // +-----------------------------------------------------------------------+ // | template initialization | // +-----------------------------------------------------------------------+ $template = new Template(PHPWG_ROOT_PATH . 'admin/themes', 'clear'); $template->set_filenames(array('upgrade' => 'upgrade.tpl')); $template->assign(array('RELEASE' => PHPWG_VERSION, 'L_UPGRADE_HELP' => l10n('Need help ? Ask your question on <a href="%s">Piwigo message board</a>.', PHPWG_URL . '/forum'))); // +-----------------------------------------------------------------------+ // | Remote sites are not compatible with Piwigo 2.4+ | // +-----------------------------------------------------------------------+ $has_remote_site = false; $query = 'SELECT galleries_url FROM ' . SITES_TABLE . ';'; $result = pwg_query($query); while ($row = pwg_db_fetch_assoc($result)) { if (url_is_remote($row['galleries_url'])) { $has_remote_site = true; } } if ($has_remote_site) { include_once PHPWG_ROOT_PATH . 'admin/include/updates.class.php'; include_once PHPWG_ROOT_PATH . 'admin/include/pclzip.lib.php'; $page['errors'] = array(); $step = 3; updates::upgrade_to('2.3.4', $step, false); if (!empty($page['errors'])) { echo '<ul>'; foreach ($page['errors'] as $error) { echo '<li>' . $error . '</li>'; } echo '</ul>';
function ws_images_addRemote($params, &$service) { global $conf; if (!is_admin()) { return new PwgError(401, 'Access denied'); } load_language('plugin.lang', URLUPLOADER_PATH); $params = array_map('trim', $params); $allowed_extensions = array('jpg', 'jpeg', 'png', 'gif'); $allowed_mimes = array('image/jpeg', 'image/png', 'image/gif'); // check empty url if (empty($params['file_url'])) { return new PwgError(WS_ERR_INVALID_PARAM, l10n('File URL is empty')); } // check remote url if (!url_is_remote($params['file_url'])) { return new PwgError(WS_ERR_INVALID_PARAM, l10n('Invalid file URL')); } // check file extension if (!in_array(strtolower(get_extension($params['file_url'])), $allowed_extensions)) { return new PwgError(WS_ERR_INVALID_PARAM, l10n('Invalid file type')); } // download file include_once PHPWG_ROOT_PATH . 'admin/include/functions.php'; $temp_filename = $conf['data_location'] . basename($params['file_url']); $file = fopen($temp_filename, 'w+'); $result = fetchRemote($params['file_url'], $file); fclose($file); // download failed ? if (!$result) { @unlink($temp_filename); return new PwgError(WS_ERR_INVALID_PARAM, l10n('Unable to download file')); } // check mime-type if (!in_array(get_mime($temp_filename, $allowed_mimes[0]), $allowed_mimes)) { @unlink($temp_filename); return new PwgError(WS_ERR_INVALID_PARAM, l10n('Invalid file type')); } // add photo include_once PHPWG_ROOT_PATH . 'admin/include/functions_upload.inc.php'; $image_id = add_uploaded_file($temp_filename, basename($temp_filename), array($params['category']), $params['level']); $updates = array(); if (!empty($params['name'])) { $updates['name'] = $params['name']; } if ($params['url_in_comment'] == 'true') { $url = parse_url($params['file_url']); $url = $url['scheme'] . '://' . $url['host']; $updates['comment'] = '<a href="' . $url . '">' . $url . '</a>'; } single_update(IMAGES_TABLE, $updates, array('id' => $image_id)); // return infos $query = ' SELECT id, name, permalink FROM ' . CATEGORIES_TABLE . ' WHERE id = ' . $params['category'] . ' ;'; $category = pwg_db_fetch_assoc(pwg_query($query)); $url_params = array('image_id' => $image_id, 'section' => 'categories', 'category' => $category); $query = ' SELECT id, path, name FROM ' . IMAGES_TABLE . ' WHERE id = ' . $image_id . ' ;'; $image_infos = pwg_db_fetch_assoc(pwg_query($query)); $query = ' SELECT COUNT(*) AS nb_photos FROM ' . IMAGE_CATEGORY_TABLE . ' WHERE category_id = ' . $params['category'] . ' ;'; $category_infos = pwg_db_fetch_assoc(pwg_query($query)); $category_name = get_cat_display_name_from_id($params['category'], null); return array('image_id' => $image_id, 'url' => make_picture_url($url_params), 'src' => DerivativeImage::thumb_url($image_infos), 'name' => $image_infos['name'], 'category' => array('id' => $params['category'], 'nb_photos' => $category_infos['nb_photos'], 'label' => $category_name)); }
die('synchronization is disabled'); } check_status(ACCESS_ADMINISTRATOR); if (!is_numeric($_GET['site'])) { die('site param missing or invalid'); } $site_id = $_GET['site']; $query = ' SELECT galleries_url FROM ' . SITES_TABLE . ' WHERE id = ' . $site_id; list($site_url) = pwg_db_fetch_row(pwg_query($query)); if (!isset($site_url)) { die('site ' . $site_id . ' does not exist'); } $site_is_remote = url_is_remote($site_url); list($dbnow) = pwg_db_fetch_row(pwg_query('SELECT NOW();')); define('CURRENT_DATE', $dbnow); $error_labels = array('PWG-UPDATE-1' => array(l10n('wrong filename'), l10n('The name of directories and files must be composed of letters, numbers, "-", "_" or "."')), 'PWG-ERROR-NO-FS' => array(l10n('File/directory read error'), l10n('The file or directory cannot be accessed (either it does not exist or the access is denied)'))); $errors = array(); $infos = array(); if ($site_is_remote) { fatal_error('remote sites not supported'); } else { include_once PHPWG_ROOT_PATH . 'admin/site_reader_local.php'; $site_reader = new LocalSiteReader($site_url); } $general_failure = true; if (isset($_POST['submit'])) { if ($site_reader->open()) { $general_failure = false;
/** * Resolves relative links in CSS file. * * @param string $css file content * @param string $dir * @param string $header CSS directives that must appear first in * the minified file. * @return string */ private static function process_css_rec($css, $dir, &$header) { static $PATTERN_URL = "#url\\(\\s*['|\"]{0,1}(.*?)['|\"]{0,1}\\s*\\)#"; static $PATTERN_IMPORT = "#@import\\s*['|\"]{0,1}(.*?)['|\"]{0,1};#"; if (preg_match_all($PATTERN_URL, $css, $matches, PREG_SET_ORDER)) { $search = $replace = array(); foreach ($matches as $match) { if (!url_is_remote($match[1]) && $match[1][0] != '/' && strpos($match[1], 'data:image/') === false) { $relative = $dir . "/{$match['1']}"; $search[] = $match[0]; $replace[] = 'url(' . embellish_url(get_absolute_root_url(false) . $relative) . ')'; } } $css = str_replace($search, $replace, $css); } if (preg_match_all($PATTERN_IMPORT, $css, $matches, PREG_SET_ORDER)) { $search = $replace = array(); foreach ($matches as $match) { $search[] = $match[0]; if (strpos($match[1], '..') !== false or strpos($match[1], '://') !== false or !is_readable(PHPWG_ROOT_PATH . $dir . '/' . $match[1])) { // If anything is suspicious, don't try to process the // @import. Since @import need to be first and we are // concatenating several CSS files, remove it from here and return // it through $header. $header .= $match[0]; $replace[] = ''; } else { $sub_css = file_get_contents(PHPWG_ROOT_PATH . $dir . "/{$match['1']}"); $replace[] = self::process_css_rec($sub_css, dirname($dir . "/{$match['1']}"), $header); } } $css = str_replace($search, $replace, $css); } return $css; }
$template->assign(array('F_ACTION' => get_root_url() . 'admin.php' . get_query_string_diff(array('action', 'site', 'pwg_token')), 'PWG_TOKEN' => get_pwg_token())); $query = ' SELECT c.site_id, COUNT(DISTINCT c.id) AS nb_categories, COUNT(i.id) AS nb_images FROM ' . CATEGORIES_TABLE . ' AS c LEFT JOIN ' . IMAGES_TABLE . ' AS i ON c.id=i.storage_category_id WHERE c.site_id IS NOT NULL GROUP BY c.site_id ;'; $sites_detail = hash_from_query($query, 'site_id'); $query = ' SELECT * FROM ' . SITES_TABLE . ' ;'; $result = pwg_query($query); while ($row = pwg_db_fetch_assoc($result)) { $is_remote = url_is_remote($row['galleries_url']); $base_url = PHPWG_ROOT_PATH . 'admin.php'; $base_url .= '?page=site_manager'; $base_url .= '&site=' . $row['id']; $base_url .= '&pwg_token=' . get_pwg_token(); $base_url .= '&action='; $update_url = PHPWG_ROOT_PATH . 'admin.php'; $update_url .= '?page=site_update'; $update_url .= '&site=' . $row['id']; $tpl_var = array('NAME' => $row['galleries_url'], 'TYPE' => l10n($is_remote ? 'Remote' : 'Local'), 'CATEGORIES' => (int) @$sites_detail[$row['id']]['nb_categories'], 'IMAGES' => (int) @$sites_detail[$row['id']]['nb_images'], 'U_SYNCHRONIZE' => $update_url); if ($row['id'] != 1) { $tpl_var['U_DELETE'] = $base_url . 'delete'; } $plugin_links = array(); //$plugin_links is array of array composed of U_HREF, U_HINT & U_CAPTION $plugin_links = trigger_change('get_admins_site_links', $plugin_links, $row['id'], $is_remote);
/** * Retrieve data from external URL. * * @param string $src * @param string|Ressource $dest - can be a file ressource or string * @param array $get_data - data added to request url * @param array $post_data - data transmitted with POST * @param string $user_agent * @param int $step (internal use) * @return bool */ function fetchRemote($src, &$dest, $get_data = array(), $post_data = array(), $user_agent = 'Piwigo', $step = 0) { // Try to retrieve data from local file? if (!url_is_remote($src)) { $content = @file_get_contents($src); if ($content !== false) { is_resource($dest) ? @fwrite($dest, $content) : ($dest = $content); return true; } else { return false; } } // After 3 redirections, return false if ($step > 3) { return false; } // Initialization $method = empty($post_data) ? 'GET' : 'POST'; $request = empty($post_data) ? '' : http_build_query($post_data, '', '&'); if (!empty($get_data)) { $src .= strpos($src, '?') === false ? '?' : '&'; $src .= http_build_query($get_data, '', '&'); } // Initialize $dest is_resource($dest) or $dest = ''; // Try curl to read remote file // TODO : remove all these @ if (function_exists('curl_init') && function_exists('curl_exec')) { $ch = @curl_init(); @curl_setopt($ch, CURLOPT_URL, $src); @curl_setopt($ch, CURLOPT_HEADER, 1); @curl_setopt($ch, CURLOPT_USERAGENT, $user_agent); @curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); if ($method == 'POST') { @curl_setopt($ch, CURLOPT_POST, 1); @curl_setopt($ch, CURLOPT_POSTFIELDS, $request); } $content = @curl_exec($ch); $header_length = @curl_getinfo($ch, CURLINFO_HEADER_SIZE); $status = @curl_getinfo($ch, CURLINFO_HTTP_CODE); @curl_close($ch); if ($content !== false and $status >= 200 and $status < 400) { if (preg_match('/Location:\\s+?(.+)/', substr($content, 0, $header_length), $m)) { return fetchRemote($m[1], $dest, array(), array(), $user_agent, $step + 1); } $content = substr($content, $header_length); is_resource($dest) ? @fwrite($dest, $content) : ($dest = $content); return true; } } // Try file_get_contents to read remote file if (ini_get('allow_url_fopen')) { $opts = array('http' => array('method' => $method, 'user_agent' => $user_agent)); if ($method == 'POST') { $opts['http']['content'] = $request; } $context = @stream_context_create($opts); $content = @file_get_contents($src, false, $context); if ($content !== false) { is_resource($dest) ? @fwrite($dest, $content) : ($dest = $content); return true; } } // Try fsockopen to read remote file $src = parse_url($src); $host = $src['host']; $path = isset($src['path']) ? $src['path'] : '/'; $path .= isset($src['query']) ? '?' . $src['query'] : ''; if (($s = @fsockopen($host, 80, $errno, $errstr, 5)) === false) { return false; } $http_request = $method . " " . $path . " HTTP/1.0\r\n"; $http_request .= "Host: " . $host . "\r\n"; if ($method == 'POST') { $http_request .= "Content-Type: application/x-www-form-urlencoded;\r\n"; $http_request .= "Content-Length: " . strlen($request) . "\r\n"; } $http_request .= "User-Agent: " . $user_agent . "\r\n"; $http_request .= "Accept: */*\r\n"; $http_request .= "\r\n"; $http_request .= $request; fwrite($s, $http_request); $i = 0; $in_content = false; while (!feof($s)) { $line = fgets($s); if (rtrim($line, "\r\n") == '' && !$in_content) { $in_content = true; $i++; continue; } if ($i == 0) { if (!preg_match('/HTTP\\/(\\d\\.\\d)\\s*(\\d+)\\s*(.*)/', rtrim($line, "\r\n"), $m)) { fclose($s); return false; } $status = (int) $m[2]; if ($status < 200 || $status >= 400) { fclose($s); return false; } } if (!$in_content) { if (preg_match('/Location:\\s+?(.+)$/', rtrim($line, "\r\n"), $m)) { fclose($s); return fetchRemote(trim($m[1]), $dest, array(), array(), $user_agent, $step + 1); } $i++; continue; } is_resource($dest) ? @fwrite($dest, $line) : ($dest .= $line); $i++; } fclose($s); return true; }
/** * Returns the 'home page' of this gallery */ function get_gallery_home_url() { global $conf; if (!empty($conf['gallery_url'])) { if (url_is_remote($conf['gallery_url']) or $conf['gallery_url'][0] == '/') { return $conf['gallery_url']; } return get_root_url() . $conf['gallery_url']; } else { return make_index_url(); } }
do_error(404, 'Requested file not found'); } if ($_GET['part'] == 'e') { pwg_log($_GET['id'], 'high'); } else { if ($_GET['part'] == 'e') { pwg_log($_GET['id'], 'other'); } else { if ($_GET['part'] == 'f') { pwg_log($_GET['id'], 'high', $format['format_id']); } } } $http_headers = array(); $ctype = null; if (!url_is_remote($file)) { if (!@is_readable($file)) { do_error(404, "Requested file not found - {$file}"); } $http_headers[] = 'Content-Length: ' . @filesize($file); if (function_exists('mime_content_type')) { $ctype = mime_content_type($file); } $gmt_mtime = gmdate('D, d M Y H:i:s', filemtime($file)) . ' GMT'; $http_headers[] = 'Last-Modified: ' . $gmt_mtime; // following lines would indicate how the client should handle the cache /* $max_age=300; $http_headers[] = 'Expires: '.gmdate('D, d M Y H:i:s', time()+$max_age).' GMT'; // HTTP/1.1 only $http_headers[] = 'Cache-Control: private, must-revalidate, max-age='.$max_age;*/ if ('f' != $_GET['part'] and isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {