Пример #1
0
 function checkTempImage($path)
 {
     if (!verify_uploaded_image($path)) {
         $GLOBALS['log']->fatal("A user ({$GLOBALS['current_user']->id}) attempted to use an invalid file for the logo - {$path}");
         sugar_die('Invalid File Type');
     }
     return $path;
 }
Пример #2
0
 private function checkUploadImage()
 {
     $error = "";
     $files = array('sugarpdf_pdf_header_logo' => $_FILES['new_header_logo'], 'sugarpdf_pdf_small_header_logo' => $_FILES['new_small_header_logo']);
     foreach ($files as $k => $v) {
         if (empty($error) && isset($v) && !empty($v['name'])) {
             $file_name = K_PATH_CUSTOM_IMAGES . 'pdf_logo_' . basename($v['name']);
             if (file_exists($file_name)) {
                 rmdir_recursive($file_name);
             }
             if (!empty($v['error'])) {
                 $error = 'ERR_ALERT_FILE_UPLOAD';
             }
             if (!mkdir_recursive(K_PATH_CUSTOM_IMAGES)) {
                 $error = 'ERR_ALERT_FILE_UPLOAD';
             }
             if (empty($error)) {
                 if (!move_uploaded_file($v['tmp_name'], $file_name)) {
                     die("Possible file upload attack!\n");
                 }
                 if (file_exists($file_name) && is_file($file_name)) {
                     if (!empty($_REQUEST['sugarpdf_pdf_class']) && $_REQUEST['sugarpdf_pdf_class'] == "EZPDF") {
                         if (!verify_uploaded_image($file_name, true)) {
                             $error = 'LBL_ALERT_TYPE_IMAGE_EZPDF';
                         }
                     } else {
                         if (!verify_uploaded_image($file_name)) {
                             $error = 'LBL_ALERT_TYPE_IMAGE';
                         }
                     }
                     if (!empty($error)) {
                         rmdir_recursive($file_name);
                     } else {
                         $_POST[$k] = 'pdf_logo_' . basename($v['name']);
                     }
                 } else {
                     $error = 'ERR_ALERT_FILE_UPLOAD';
                 }
             }
         }
     }
     return $error;
 }
Пример #3
0
        sugar_cleanup();
        exit;
    }
    if (!move_uploaded_file($_FILES['file_1']['tmp_name'], $file_name)) {
        rmdir_recursive($uploadTmpDir);
        die("Possible file upload attack!\n");
    }
} else {
    $returnArray['data'] = 'not_recognize';
    echo $json->encode($returnArray);
    sugar_cleanup();
    exit;
}
if (file_exists($file_name) && is_file($file_name)) {
    $returnArray['path'] = $file_name;
    if (!verify_uploaded_image($file_name, $returnArray['forQuotes'] == 'quotes')) {
        $returnArray['data'] = 'other';
        $returnArray['path'] = '';
    } else {
        $img_size = getimagesize($file_name);
        $filetype = $img_size['mime'];
        $test = $img_size[0] / $img_size[1];
        if (($test > 10 || $test < 1) && $returnArray['forQuotes'] == 'company') {
            $rmdir = false;
            $returnArray['data'] = 'size';
        }
        if (($test > 20 || $test < 3) && $returnArray['forQuotes'] == 'quotes') {
            $returnArray['data'] = 'size';
        }
    }
    if (!empty($returnArray['data'])) {
Пример #4
0
    mkdir_recursive($cachedir);
}
// cn: bug 11012 - fixed some MIME types not getting picked up.  Also changed array iterator.
$imgType = array('image/gif', 'image/png', 'image/x-png', 'image/bmp', 'image/jpeg', 'image/jpg', 'image/pjpeg');
$ret = array();
foreach ($_FILES as $k => $file) {
    if (in_array(strtolower($_FILES[$k]['type']), $imgType) && $_FILES[$k]['size'] > 0) {
        $upload_file = new UploadFile($k);
        // check the file
        if ($upload_file->confirm_upload()) {
            $dest = $cachedir . basename($upload_file->get_stored_file_name());
            // target name
            $guid = create_guid();
            if ($upload_file->final_move($guid)) {
                // move to uploads
                $path = $upload_file->get_upload_path($guid);
                // if file is OK, copy to cache
                if (verify_uploaded_image($path) && copy($path, $dest)) {
                    $ret[] = $dest;
                }
                // remove temp file
                unlink($path);
            }
        }
    }
}
if (!empty($ret)) {
    $json = getJSONobj();
    echo $json->encode($ret);
    //return the parameters
}
Пример #5
0
 function checkTempImage($path)
 {
     if (!verify_uploaded_image($path)) {
         $error = translate('LBL_ALERT_TYPE_IMAGE');
         Log::fatal("A user ({$GLOBALS['current_user']->id}) attempted to use an invalid file for the logo - {$path}");
         $this->error = $error;
         return false;
     }
     return $path;
 }
Пример #6
0
 * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
 * 
 * The interactive user interfaces in modified source and object code versions
 * of this program must display Appropriate Legal Notices, as required under
 * Section 5 of the GNU Affero General Public License version 3.
 * 
 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
 * these Appropriate Legal Notices must retain the display of the "Powered by
 * SugarCRM" logo. If the display of the logo is not reasonably feasible for
 * technical reasons, the Appropriate Legal Notices must display the words
 * "Powered by SugarCRM".
 ********************************************************************************/
if (isset($_GET['DynamicAction']) && $_GET['DynamicAction'] == "saveImage") {
    $filename = pathinfo($_POST['filename'], PATHINFO_BASENAME);
    $ext = pathinfo($filename, PATHINFO_EXTENSION);
    if (!in_array(strtolower($ext), array('jpg', 'png', 'jpeg'))) {
        return false;
    }
    $image = str_replace(" ", "+", $_POST["imageStr"]);
    $data = substr($image, strpos($image, ","));
    if (sugar_mkdir(sugar_cached("images"), 0777, true)) {
        $filepath = sugar_cached("images/{$filename}");
        file_put_contents($filepath, base64_decode($data));
        if (!verify_uploaded_image($filepath)) {
            unlink($filepath);
            return false;
        }
    } else {
        return false;
    }
}
Пример #7
0
$json = getJSONobj();
$not_a_file = 0;
$divAndEl = explode(",", $_REQUEST['div_name_and_El']);
$div_name = $divAndEl[0];
$element_name = $divAndEl[1];
$ret = array();
$currGuid = create_guid();
$is_file_image = 0;
$upload = new UploadFile($element_name);
if (!$upload->confirm_upload()) {
    $not_a_file = 1;
} else {
    $currGuid .= preg_replace('/[^-a-z0-9_]/i', '_', $_FILES[$element_name]['name']);
    $file_name = "upload://{$currGuid}";
    if (!$upload->final_move($file_name)) {
        $not_a_file = 1;
    } else {
        $is_file_image = verify_uploaded_image($file_name);
    }
}
if ($not_a_file == 1) {
    $response = array('status' => 'failed', 'div_name' => $div_name, 'error_message' => $upload->getErrorMessage());
} else {
    $response = array('status' => 'success', 'div_name' => $div_name, 'new_file_name' => $currGuid, 'is_file_image' => $is_file_image);
}
if (!empty($response)) {
    $json = getJSONobj();
    print $json->encode($response);
}
sugar_cleanup();
exit;