private function __actionUpload() { $FileManager =& $this->_Parent->ExtensionManager->create('filemanager'); $file = General::processFilePostData($_FILES['fields']); $file = $file['upload']['file']; $context = $this->_context; array_shift($context); $dest_path = DOCROOT . $FileManager->getStartLocation() . (is_array($context) && !empty($context) ? '/' . implode('/', $context) . '/' : NULL); /* Array ( [0] => KnuckleboneWitch.jpg [1] => image/jpeg [2] => /Applications/MAMP/tmp/php/phpYCREds [3] => 0 [4] => 25854 ) */ $permission = $_POST['fields']['upload']['permissions']; return General::uploadFile($dest_path, $file[0], $file[2], $permission); }
function processRawFieldData($data, &$status, $simulate = false, $entry_id = NULL) { $status = self::__OK__; ## Its not an array, so just retain the current data and return if (!is_array($data)) { $status = self::__OK__; // Do a simple reconstruction of the file meta information. This is a workaround for // bug which causes all meta information to be dropped return array('file' => $data, 'mimetype' => self::__sniffMIMEType($data), 'size' => filesize(WORKSPACE . $data), 'meta' => serialize(self::getMetaInfo(WORKSPACE . $data, self::__sniffMIMEType($data)))); } if ($simulate) { return; } if ($data['error'] == UPLOAD_ERR_NO_FILE || $data['error'] != UPLOAD_ERR_OK) { return; } ## Sanitize the filename $data['name'] = Lang::createFilename($data['name']); ## Upload the new file $abs_path = DOCROOT . '/' . trim($this->get('destination'), '/'); $rel_path = str_replace('/workspace', '', $this->get('destination')); if (!General::uploadFile($abs_path, $data['name'], $data['tmp_name'], $this->_engine->Configuration->get('write_mode', 'file'))) { $message = __('There was an error while trying to upload the file <code>%1$s</code> to the target directory <code>%2$s</code>.', array($data['name'], 'workspace/' . $rel_path)); $status = self::__ERROR_CUSTOM__; return; } if ($entry_id) { $row = $this->Database->fetchRow(0, "SELECT * FROM `tbl_entries_data_" . $this->get('id') . "` WHERE `entry_id` = '{$entry_id}' LIMIT 1"); $existing_file = $abs_path . '/' . basename($row['file']); General::deleteFile($existing_file); } $status = self::__OK__; $file = rtrim($rel_path, '/') . '/' . trim($data['name'], '/'); return array('file' => $file, 'size' => $data['size'], 'mimetype' => $data['type'], 'meta' => serialize(self::getMetaInfo(WORKSPACE . $file, $data['type']))); }
public function processRawFieldData($data, &$status, $simulate = false, $entry_id = NULL) { $status = self::__OK__; //fixes bug where files are deleted, but their database entries are not. if ($data === NULL) { return array('file' => NULL, 'mimetype' => NULL, 'size' => NULL, 'meta' => NULL); } // Its not an array, so just retain the current data and return if (!is_array($data)) { $status = self::__OK__; // Ensure the file exists in the `WORKSPACE` directory // @link http://symphony-cms.com/discuss/issues/view/610/ $file = WORKSPACE . preg_replace(array('%/+%', '%(^|/)\\.\\./%'), '/', $data); $result = array('file' => $data, 'mimetype' => NULL, 'size' => NULL, 'meta' => NULL); // Grab the existing entry data to preserve the MIME type and size information if (isset($entry_id) && !is_null($entry_id)) { $row = Symphony::Database()->fetchRow(0, sprintf("SELECT `file`, `mimetype`, `size`, `meta` FROM `tbl_entries_data_%d` WHERE `entry_id` = %d", $this->get('id'), $entry_id)); if (!empty($row)) { $result = $row; } } if (!file_exists($file) || !is_readable($file)) { $status = self::__INVALID_FIELDS__; return $result; } else { if (empty($result['mimetype'])) { $result['mimetype'] = function_exists('mime_content_type') ? mime_content_type($file) : 'application/octet-stream'; } if (empty($result['size'])) { $result['size'] = filesize($file); } if (empty($result['meta'])) { $result['meta'] = serialize(self::getMetaInfo($file, $result['mimetype'])); } } return $result; } if ($simulate && is_null($entry_id)) { return $data; } // Upload the new file $abs_path = DOCROOT . '/' . trim($this->get('destination'), '/'); $rel_path = str_replace('/workspace', '', $this->get('destination')); $existing_file = NULL; if (!is_null($entry_id)) { $row = Symphony::Database()->fetchRow(0, sprintf("SELECT * FROM `tbl_entries_data_%s` WHERE `entry_id` = %d LIMIT 1", $this->get('id'), $entry_id)); $existing_file = '/' . trim($row['file'], '/'); // File was removed if ($data['error'] == UPLOAD_ERR_NO_FILE && !is_null($existing_file) && is_file(WORKSPACE . $existing_file)) { General::deleteFile(WORKSPACE . $existing_file); } } if ($data['error'] == UPLOAD_ERR_NO_FILE || $data['error'] != UPLOAD_ERR_OK) { return; } // Sanitize the filename $data['name'] = Lang::createFilename($data['name']); if (!General::uploadFile($abs_path, $data['name'], $data['tmp_name'], Symphony::Configuration()->get('write_mode', 'file'))) { $message = __('There was an error while trying to upload the file <code>%1$s</code> to the target directory <code>%2$s</code>.', array($data['name'], 'workspace/' . ltrim($rel_path, '/'))); $status = self::__ERROR_CUSTOM__; return; } $status = self::__OK__; $file = rtrim($rel_path, '/') . '/' . trim($data['name'], '/'); // File has been replaced if (!is_null($existing_file) && strtolower($existing_file) != strtolower($file) && is_file(WORKSPACE . $existing_file)) { General::deleteFile(WORKSPACE . $existing_file); } // If browser doesn't send MIME type (e.g. .flv in Safari) if (strlen(trim($data['type'])) == 0) { $data['type'] = function_exists('mime_content_type') ? mime_content_type($file) : 'application/octet-stream'; } return array('file' => $file, 'size' => $data['size'], 'mimetype' => $data['type'], 'meta' => serialize(self::getMetaInfo(WORKSPACE . $file, $data['type']))); }
/** * Uploads the zip file to a target directory using the current date. The function * then extracts the content of the zip to the same folder, removes the zip file * after extraction and calls the openExtracted function to append the files to the * $files array. * * @return boolean * True if the $files array is not empty, false otherwise */ public function beginProcess() { if (empty($_FILES['fields']['name']['file'])) { return false; } $target = $this->getTarget() . DateTimeObj::get('d-m-Y'); foreach ($_FILES['fields']['error'] as $key => $error) { if ($error == UPLOAD_ERR_OK) { $tmp = $_FILES['fields']['tmp_name'][$key]; // Upload files to /workspace/uploads/bulkimporter/11-11-2010 $file = $_FILES['fields']['name'][$key]; if (!file_exists($target)) { General::realiseDirectory($target); } if (!General::uploadFile($target, $file, $tmp)) { return false; } $uploadedZipPath = $target . "/" . $file; } } $zipManager = new ZipArchive(); $zip = $zipManager->open($uploadedZipPath); // The directory where the extracted zip contents should go to. $this->extracted_directory = $target; $path = ''; if ($this->archive_is_parent) { $path = '/' . preg_replace('/\\.[^\\.]+$/', '', basename($uploadedZipPath)); $this->extracted_archive = basename($path); if (!file_exists($this->extracted_directory . $path)) { General::realiseDirectory($this->extracted_directory . $path); } } $zipManager->extractTo($this->extracted_directory . $path); $zipManager->close(); // Delete the zip file General::deleteFile($uploadedZipPath); // Add the extracted files to the $files array $this->openExtracted($this->extracted_directory); return count($this->files) != 0; }
public function processRawFieldData($data, &$status, &$message = null, $simulate = false, $entry_id = null) { $status = self::__OK__; // No file given, save empty data: if ($data === null) { return array('file' => null, 'mimetype' => null, 'size' => null, 'meta' => null); } // Its not an array, so just retain the current data and return: if (is_array($data) === false) { $file = $this->getFilePath(basename($data)); $result = array('file' => $data, 'mimetype' => null, 'size' => null, 'meta' => null); // Grab the existing entry data to preserve the MIME type and size information if (isset($entry_id)) { $row = Symphony::Database()->fetchRow(0, sprintf("SELECT `file`, `mimetype`, `size`, `meta` FROM `tbl_entries_data_%d` WHERE `entry_id` = %d", $this->get('id'), $entry_id)); if (empty($row) === false) { $result = $row; } } // Found the file, add any missing meta information: if (file_exists($file) && is_readable($file)) { if (empty($result['mimetype'])) { $result['mimetype'] = General::getMimeType($file); } if (empty($result['size'])) { $result['size'] = filesize($file); } if (empty($result['meta'])) { $result['meta'] = serialize(self::getMetaInfo($file, $result['mimetype'])); } // The file was not found, or is unreadable: } else { $message = __('The file uploaded is no longer available. Please check that it exists, and is readable.'); $status = self::__INVALID_FIELDS__; } return $result; } if ($simulate && is_null($entry_id)) { return $data; } // Check to see if the entry already has a file associated with it: if (is_null($entry_id) === false) { $row = Symphony::Database()->fetchRow(0, sprintf("SELECT *\n FROM `tbl_entries_data_%s`\n WHERE `entry_id` = %d\n LIMIT 1", $this->get('id'), $entry_id)); $existing_file = isset($row['file']) ? $this->getFilePath($row['file']) : null; // File was removed: if ($data['error'] == UPLOAD_ERR_NO_FILE && !is_null($existing_file) && is_file($existing_file)) { General::deleteFile($existing_file); } } // Do not continue on upload error: if ($data['error'] == UPLOAD_ERR_NO_FILE || $data['error'] != UPLOAD_ERR_OK) { return false; } // Where to upload the new file? $abs_path = DOCROOT . '/' . trim($this->get('destination'), '/'); $rel_path = str_replace('/workspace', '', $this->get('destination')); // Sanitize the filename $data['name'] = Lang::createFilename($data['name']); // If a file already exists, then rename the file being uploaded by // adding `_1` to the filename. If `_1` already exists, the logic // will keep adding 1 until a filename is available (#672) if (file_exists($abs_path . '/' . $data['name'])) { $extension = General::getExtension($data['name']); $new_file = substr($abs_path . '/' . $data['name'], 0, -1 - strlen($extension)); $renamed_file = $new_file; $count = 1; do { $renamed_file = $new_file . '_' . $count . '.' . $extension; $count++; } while (file_exists($renamed_file)); // Extract the name filename from `$renamed_file`. $data['name'] = str_replace($abs_path . '/', '', $renamed_file); } $file = $this->getFilePath($data['name']); // Attempt to upload the file: $uploaded = General::uploadFile($abs_path, $data['name'], $data['tmp_name'], Symphony::Configuration()->get('write_mode', 'file')); if ($uploaded === false) { $message = __('There was an error while trying to upload the file %1$s to the target directory %2$s.', array('<code>' . $data['name'] . '</code>', '<code>workspace/' . ltrim($rel_path, '/') . '</code>')); $status = self::__ERROR_CUSTOM__; return false; } // File has been replaced: if (isset($existing_file) && $existing_file !== $file && is_file($existing_file)) { General::deleteFile($existing_file); } // Get the mimetype, don't trust the browser. RE: #1609 $data['type'] = General::getMimeType($file); return array('file' => basename($file), 'size' => $data['size'], 'mimetype' => $data['type'], 'meta' => serialize(self::getMetaInfo($file, $data['type']))); }
public function saveData(MessageStack $errors, Entry $entry, $data = null) { $permissions = Symphony::Configuration()->core()->symphony->{'file-write-mode'}; $data->entry_id = $entry->id; ### # Delegate: UploadField_PreUploadFile # Description: Allow extensions to manipulate saved data before the file is saved to disk. Extension::notify('UploadField_PreUploadFile', '/publish/', array('data' => $data, 'field' => $this, 'entry' => $entry)); $file = DOCROOT . '/' . $data->path . '/' . $data->file; // Upload the file: if ($data->tmp_name and $data->error == 0) { if (!General::uploadFile(DOCROOT . '/' . $data->path, $data->file, $data->tmp_name, $permissions)) { $errors->append(null, (object) array('message' => __('There was an error while trying to upload the file <code>%s</code> to the target directory <code>%s</code>.', array($data->name, trim($data->path, '/'))), 'code' => self::ERROR_INVALID)); return self::STATUS_ERROR; } // Remove file being replaced: if (isset($data->existing) and is_file($data->existing)) { $this->cleanupData($entry, $data, $data->existing); } } unset($data->existing); unset($data->error); unset($data->tmp_name); ### # Delegate: UploadField_PostUploadFile # Description: Allow extensions to manipulate saved data after the file is saved to disk. Extension::notify('UploadField_PostUploadFile', '/publish/', array('data' => $data, 'field' => $this, 'entry' => $entry)); try { $data->meta = serialize($data->meta); Symphony::Database()->insert(sprintf('tbl_data_%s_%s', $entry->section, $this->{'element-name'}), (array) $data, Database::UPDATE_ON_DUPLICATE); return self::STATUS_OK; } catch (Exception $e) { $errors->append(null, (object) array('message' => __('There was an error while trying to upload the file <code>%s</code> to the target directory <code>workspace/%s</code>.', array($data->name, $path)), 'code' => self::ERROR_INVALID)); } // Remove uploaded file: if (isset($file) and is_file($file)) { $this->cleanupData($entry, $data, $file); } return self::STATUS_ERROR; }
public function processRawFieldData($data, &$status, $simulate = false, $entry_id = null) { $status = self::__OK__; // Recal existing data: $existing = Symphony::Database()->fetchRow(0, sprintf("\n\t\t\t\t\t\tSELECT\n\t\t\t\t\t\t\tf.name,\n\t\t\t\t\t\t\tf.file,\n\t\t\t\t\t\t\tf.size,\n\t\t\t\t\t\t\tf.mimetype,\n\t\t\t\t\t\t\tf.meta\n\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\t`tbl_entries_data_%s` AS f\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\tf.entry_id = '%s'\n\t\t\t\t\t\tLIMIT 1\n\t\t\t\t\t", $this->get('id'), $entry_id)); if ($simulate && is_null($entry_id)) { return $data; } // No file sent, cleanup existing: if (is_null($data) or $data == '' or isset($data['error']) and $data['error'] != UPLOAD_ERR_OK) { if (isset($existing['file']) and is_file(WORKSPACE . $existing['file'])) { General::deleteFile(WORKSPACE . $existing['file']); } return; } // Accept a path: if (is_string($data)) { // Existing data found: if (is_array($existing) and $existing['file'] == $data) { return $existing; } else { if (is_file(WORKSPACE . '/' . $data)) { return array('name' => basename($data), 'file' => $data, 'mimetype' => $this->getMimeType($data), 'size' => filesize(WORKSPACE . '/' . $data), 'meta' => serialize($this->getMetaInfo(WORKSPACE . $data, $this->getMimeType($data)))); } } } $path = rtrim(preg_replace('%^/workspace%', '', $this->get('destination')), '/'); $name = $data['name']; // Sanitize the filename: if ($this->get('serialise') == 'yes') { $data['name'] = $this->getHashedFilename($data['name']); } if (!General::uploadFile(DOCROOT . '/' . trim($this->get('destination'), '/'), $data['name'], $data['tmp_name'], $this->Symphony->Configuration->get('write_mode', 'file'))) { $message = __('There was an error while trying to upload the file <code>%s</code> to the target directory <code>workspace/%s</code>.', array($data['name'], $path)); $status = self::__ERROR_CUSTOM__; return; } // Remove file being replaced: if (isset($existing['file']) and is_file(WORKSPACE . $existing['file'])) { General::deleteFile(WORKSPACE . $existing['file']); } $data = array('name' => $name, 'file' => $path . '/' . trim($data['name'], '/'), 'size' => $data['size'], 'mimetype' => $data['type'], 'meta' => serialize($this->getMetaInfo(WORKSPACE . $file, $data['type']))); ### # Delegate: UploadField_PostProccessFile # Description: Allow other extensions to add media previews. $this->Symphony->ExtensionManager->notifyMembers('UploadField_PostProccessFile', '/publish/', array('data' => $data, 'entry_id' => $entry_id, 'field_id' => $this->get('id'))); return $data; }
public function processRawFieldData($data, &$status, &$message = null, $simulate = false, $entry_id = NULL) { $status = self::__OK__; //fixes bug where files are deleted, but their database entries are not. if ($data === NULL) { return array('file' => NULL, 'mimetype' => NULL, 'size' => NULL, 'meta' => NULL); } // It's not an array, so just retain the current data and return if (!is_array($data)) { // Ensure the file exists in the `WORKSPACE` directory // @link http://symphony-cms.com/discuss/issues/view/610/ $file = WORKSPACE . preg_replace(array('%/+%', '%(^|/)\\.\\./%'), '/', $data); $result = array('file' => $data, 'mimetype' => NULL, 'size' => NULL, 'meta' => NULL); // Grab the existing entry data to preserve the MIME type and size information if (isset($entry_id) && !is_null($entry_id)) { $row = Symphony::Database()->fetchRow(0, sprintf("SELECT `file`, `mimetype`, `size`, `meta` FROM `tbl_entries_data_%d` WHERE `entry_id` = %d", $this->get('id'), $entry_id)); if (!empty($row)) { $result = $row; } } if (!file_exists($file) || !is_readable($file)) { $message = __('The file uploaded is no longer available. Please check that it exists, and is readable.'); $status = self::__INVALID_FIELDS__; return $result; } else { if (empty($result['mimetype'])) { $result['mimetype'] = function_exists('mime_content_type') ? mime_content_type($file) : 'application/octet-stream'; } if (empty($result['size'])) { $result['size'] = filesize($file); } if (empty($result['meta'])) { $result['meta'] = serialize(self::getMetaInfo($file, $result['mimetype'])); } } return $result; } if ($simulate && is_null($entry_id)) { return $data; } //My special Select box alteration :P //var_dump($_POST['fields']['enhanced_upload_field'][$this->get('element_name')]['directory'],$_POST);die; //var_dump($_POST); // Upload the new file $override_path = $this->get('override') == 'yes' ? $_POST['fields']['enhanced_upload_field'][$this->get('element_name')]['directory'] : trim($this->get('destination')); $abs_path = DOCROOT . $override_path . '/'; $rel_path = str_replace('/workspace', '', $override_path); $existing_file = NULL; if (!is_null($entry_id)) { $row = Symphony::Database()->fetchRow(0, sprintf("SELECT * FROM `tbl_entries_data_%s` WHERE `entry_id` = %d LIMIT 1", $this->get('id'), $entry_id)); $existing_file = '/' . trim($row['file'], '/'); // File was removed if ($data['error'] == UPLOAD_ERR_NO_FILE && !is_null($existing_file) && is_file(WORKSPACE . $existing_file)) { General::deleteFile(WORKSPACE . $existing_file); } } if ($data['error'] == UPLOAD_ERR_NO_FILE || $data['error'] != UPLOAD_ERR_OK) { return false; } // If a file already exists, then rename the file being uploaded by // adding `_1` to the filename. If `_1` already exists, the logic // will keep adding 1 until a filename is available (#672) $new_file = $abs_path . '/' . $data['name']; if (file_exists($new_file)) { $i = 1; $extension = General::getExtension($data['name']); $renamed_file = $new_file; do { $renamed_file = General::left($new_file, -strlen($extension) - 1) . '_' . $i . '.' . $extension; $i++; } while (file_exists($renamed_file)); // Extract the name filename from `$renamed_file`. $data['name'] = str_replace($abs_path . '/', '', $renamed_file); } // Sanitize the filename $data['name'] = Lang::createFilename($data['name']); // Actually upload the file, moving it from PHP's temporary store to the desired destination if (!General::uploadFile($abs_path, $data['name'], $data['tmp_name'], Symphony::Configuration()->get('write_mode', 'file'))) { $message = __('There was an error while trying to upload the file %1$s to the target directory %2$s.', array('<code>' . $data['name'] . '</code>', '<code>workspace/' . ltrim($rel_path, '/') . '</code>')); $status = self::__ERROR_CUSTOM__; return false; } $file = rtrim($rel_path, '/') . '/' . trim($data['name'], '/'); // File has been replaced if (!is_null($existing_file) && strtolower($existing_file) != strtolower($file) && is_file(WORKSPACE . $existing_file)) { General::deleteFile(WORKSPACE . $existing_file); } // If browser doesn't send MIME type (e.g. .flv in Safari) if (strlen(trim($data['type'])) == 0) { $data['type'] = function_exists('mime_content_type') ? mime_content_type($file) : 'application/octet-stream'; } //var_dump($_POST); return array('file' => $file, 'size' => $data['size'], 'mimetype' => $data['type'], 'meta' => serialize(self::getMetaInfo(WORKSPACE . $file, $data['type']))); }
public function processRawFieldData($data, &$status, $simulate = false, $entry_id = NULL) { $status = self::__OK__; ## Its not an array, so just retain the current data and return if (!is_array($data)) { $status = self::__OK__; $file = WORKSPACE . $data; // Do a simple reconstruction of the file meta information. This is a workaround for // bug which causes all meta information to be dropped return array('file' => $data, 'mimetype' => self::__sniffMIMEType($data), 'size' => file_exists($file) && is_readable($file) ? filesize($file) : NULL, 'meta' => serialize(self::getMetaInfo(WORKSPACE . $data, self::__sniffMIMEType($data)))); } if ($simulate) { return; } ## Upload the new file $abs_path = DOCROOT . '/' . trim($this->get('destination'), '/'); $rel_path = str_replace('/workspace', '', $this->get('destination')); $existing_file = NULL; if (!is_null($entry_id)) { $row = Symphony::Database()->fetchRow(0, sprintf("SELECT * FROM `tbl_entries_data_%s` WHERE `entry_id` = %d LIMIT 1", $this->get('id'), $entry_id)); $existing_file = rtrim($rel_path, '/') . '/' . trim(basename($row['file']), '/'); // File was removed if ($data['error'] == UPLOAD_ERR_NO_FILE && !is_null($existing_file) && file_exists(WORKSPACE . $existing_file)) { General::deleteFile(WORKSPACE . $existing_file); } } if ($data['error'] == UPLOAD_ERR_NO_FILE || $data['error'] != UPLOAD_ERR_OK) { return; } ## Sanitize the filename $data['name'] = Lang::createFilename($data['name']); if (!General::uploadFile($abs_path, $data['name'], $data['tmp_name'], Symphony::Configuration()->get('write_mode', 'file'))) { $message = __('There was an error while trying to upload the file <code>%1$s</code> to the target directory <code>%2$s</code>.', array($data['name'], 'workspace/' . ltrim($rel_path, '/'))); $status = self::__ERROR_CUSTOM__; return; } $status = self::__OK__; $file = rtrim($rel_path, '/') . '/' . trim($data['name'], '/'); // File has been replaced if (!is_null($existing_file) && strtolower($existing_file) != strtolower($file) && file_exists(WORKSPACE . $existing_file)) { General::deleteFile(WORKSPACE . $existing_file); } ## If browser doesn't send MIME type (e.g. .flv in Safari) if (strlen(trim($data['type'])) == 0) { $data['type'] = 'unknown'; } return array('file' => $file, 'size' => $data['size'], 'mimetype' => $data['type'], 'meta' => serialize(self::getMetaInfo(WORKSPACE . $file, $data['type']))); }
public function processRawFieldData($data, &$status, $simulate = false, $entry_id = NULL) { $status = self::__OK__; ## Its not an array, so just retain the current data and return if (!is_array($data)) { $status = self::__OK__; $file = WORKSPACE . $data; $result = array('file' => $data, 'mimetype' => NULL, 'size' => NULL, 'meta' => NULL); // Grab the existing entry data to preserve the MIME type and size information if (isset($entry_id) && !is_null($entry_id)) { $row = Symphony::Database()->fetchRow(0, sprintf("SELECT `file`, `mimetype`, `size`, `meta` FROM `tbl_entries_data_%d` WHERE `entry_id` = %d", $this->get('id'), $entry_id)); if (!empty($row)) { $result = $row; } } if (!file_exists($file) || !is_readable($file)) { $status = self::__INVALID_FIELDS__; return $result; } return $result; } if ($simulate) { return; } if (is_array($data) and isset($data['name'])) { $data['name'] = $this->getUniqueFilename($data['name']); } ## Upload the new file $abs_path = DOCROOT . '/' . trim($this->get('destination'), '/'); $rel_path = str_replace('/workspace', '', $this->get('destination')); $existing_file = NULL; if (!is_null($entry_id)) { $row = Symphony::Database()->fetchRow(0, sprintf("SELECT * FROM `tbl_entries_data_%s` WHERE `entry_id` = %d LIMIT 1", $this->get('id'), $entry_id)); $existing_file = rtrim($rel_path, '/') . '/' . trim(basename($row['file']), '/'); // File was removed if ($data['error'] == UPLOAD_ERR_NO_FILE && !is_null($existing_file) && file_exists(WORKSPACE . $existing_file)) { General::deleteFile(WORKSPACE . $existing_file); } } if ($data['error'] == UPLOAD_ERR_NO_FILE || $data['error'] != UPLOAD_ERR_OK) { return; } ## Sanitize the filename $data['name'] = Lang::createFilename($data['name']); // Do any pre-processing $meta = Image::getMetaInformation($data['tmp_name']); if ($this->get('resize_long_edge_dimension') != NULL and $meta->width > $this->get('resize_long_edge_dimension') || $meta->height > $this->get('resize_long_edge_dimension')) { try { $image = Image::load($data['tmp_name']); $dest_width = $dest_height = NULL; if ($image->Meta()->width > $image->Meta()->height) { $dest_width = $this->get('resize_long_edge_dimension'); } else { $dest_height = $this->get('resize_long_edge_dimension'); } $image->applyFilter('resize', array($dest_width, $dest_height)); $image->save($abs_path . '/' . $data['name'], 100); } catch (Exception $e) { $message = __('There was an error while trying to pre-process the file <code>%s</code>: %s.', array($data['name'], $e->getMessage())); $status = self::__ERROR_CUSTOM__; } } else { if (!General::uploadFile($abs_path, $data['name'], $data['tmp_name'], Symphony::Configuration()->get('write_mode', 'file'))) { $message = __('There was an error while trying to upload the file <code>%1$s</code> to the target directory <code>%2$s</code>.', array($data['name'], 'workspace/' . ltrim($rel_path, '/'))); $status = self::__ERROR_CUSTOM__; return; } } $status = self::__OK__; $file = rtrim($rel_path, '/') . '/' . trim($data['name'], '/'); // File has been replaced if (!is_null($existing_file) && strtolower($existing_file) != strtolower($file) && file_exists(WORKSPACE . $existing_file)) { General::deleteFile(WORKSPACE . $existing_file); } ## If browser doesn't send MIME type (e.g. .flv in Safari) if (strlen(trim($data['type'])) == 0) { $data['type'] = 'unknown'; } return array('file' => $file, 'size' => $data['size'], 'mimetype' => $data['type'], 'meta' => serialize(self::getMetaInfo(WORKSPACE . $file, $data['type']))); }
public function processRawFieldData($data, &$status, $simulate = false, $entry_id = null) { $status = self::__OK__; // Its not an array, so just retain the current data and return if (!is_array($data)) { $status = self::__OK__; // Recal existing data: $current = $this->_engine->Database->fetchRow(0, sprintf("\n\t\t\t\t\t\t\tSELECT\n\t\t\t\t\t\t\t\tf.name,\n\t\t\t\t\t\t\t\tf.file,\n\t\t\t\t\t\t\t\tf.size,\n\t\t\t\t\t\t\t\tf.mimetype,\n\t\t\t\t\t\t\t\tf.meta\n\t\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\t\t`tbl_entries_data_%s` AS f\n\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\tf.entry_id = '%s'\n\t\t\t\t\t\t\t\tAND f.file = '%s'\n\t\t\t\t\t\t\tLIMIT 1\n\t\t\t\t\t\t", $this->get('id'), $entry_id, $this->cleanValue($data))); // Existing data found: if (is_array($current) and count($current) == 5) { return $current; // Look at new file: } else { return array('name' => basename($data), 'file' => $data, 'mimetype' => $this->getMimeType($data), 'size' => filesize(WORKSPACE . $data), 'meta' => serialize($this->getMetaInfo(WORKSPACE . $data, $this->getMimeType($data)))); } } if ($simulate) { return; } if ($data['error'] == UPLOAD_ERR_NO_FILE or $data['error'] != UPLOAD_ERR_OK) { return; } // Sanitize the filename: if (is_array($data) and isset($data['name'])) { $name = $data['name']; $data['name'] = $this->getHashedFilename($data['name']); } // Upload the new file: $abs_path = DOCROOT . '/' . trim($this->get('destination'), '/'); $rel_path = str_replace('/workspace', '', $this->get('destination')); if (!General::uploadFile($abs_path, $data['name'], $data['tmp_name'], $this->_engine->Configuration->get('write_mode', 'file'))) { $message = "There was an error while trying to upload the file <code>{$data['name']}</code> to the target directory <code>workspace/{$rel_path}</code>."; $status = self::__ERROR_CUSTOM__; return; } if ($entry_id) { $field_id = $this->get('id'); $row = $this->Database->fetchRow(0, "\n\t\t\t\t\tSELECT\n\t\t\t\t\t\tf.*\n\t\t\t\t\tFROM\n\t\t\t\t\t\t`tbl_entries_data_{$field_id}` AS f\n\t\t\t\t\tWHERE\n\t\t\t\t\t\tf.entry_id = '{$entry_id}'\n\t\t\t\t\tLIMIT 1\n\t\t\t\t"); $existing_file = $abs_path . '/' . basename($row['file']); General::deleteFile($existing_file); } $status = self::__OK__; $file = rtrim($rel_path, '/') . '/' . trim($data['name'], '/'); return array('name' => $name, 'file' => $file, 'size' => $data['size'], 'mimetype' => $data['type'], 'meta' => serialize($this->getMetaInfo(WORKSPACE . $file, $data['type']))); }
protected function processFileUpload($key) { $value = array(); $file = $_FILES[$key]; if (empty($file) || empty($file['name']) || empty($file['tmp_name'])) { return $value; } $size = intval($file['size']); $ext = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION)); $filename = $file['name']; if ($size > self::MAX_SIZE) { throw new Exception(sprintf("File is too big: %d when the max is %d", $size, self::MAX_SIZE)); } if (!$ext || !in_array($ext, self::$EXT)) { throw new Exception(sprintf("File '%s' is not allowed. Please upload '%s' files only", $filename, implode(', ', self::$EXT))); } // unique file name $filename = time() . '-' . Lang::createFilename($file['name']); $value['file'] = self::DIR . $filename; $value['size'] = $size; // make a copy - to have the good name and ext $ret = General::uploadFile(WORKSPACE . self::DIR, $filename, $file['tmp_name'], Symphony::Configuration()->get('write_mode', 'file')); if ($ret) { return $value; } else { throw new Exception(sprintf('Could not save file `%s`. ', $filename)); } return null; }
function updateField($field_id, $entry_id, $value_raw, $formatter = NULL, $create_if_nonexistant = true, $handle = NULL) { $sql = "SELECT `type` FROM `tbl_customfields` WHERE `id` = '{$field_id}' LIMIT 1"; $field_type = $this->_db->fetchVar('type', 0, $sql); $existing_field = $this->_db->fetchRow(0, "SELECT * FROM `tbl_entries2customfields` WHERE `field_id` = '{$field_id}' AND `entry_id` = '{$entry_id}' LIMIT 1"); if (!$create_if_nonexistant) { return false; } if ($field_type == 'upload') { $sql = "SELECT * FROM `tbl_customfields` WHERE `id` = '{$field_id}' LIMIT 1"; $field = $this->_db->fetchRow(0, $sql); $field['destination_folder'] = trim($field['destination_folder'], '/'); $field['destination_folder'] = $field['destination_folder'] . "/"; $value_raw['deleted_files'] = preg_split('/,/', $value_raw['deleted_files'], -1, PREG_SPLIT_NO_EMPTY); $value_raw['deleted_files'] = array_map("trim", $value_raw['deleted_files']); if (is_array($value_raw['deleted_files']) && !empty($value_raw['deleted_files'])) { foreach ($value_raw['deleted_files'] as $file) { if (!@is_file(DOCROOT . $file) || General::deleteFile(DOCROOT . $file)) { $this->_db->query("DELETE FROM `tbl_entries2customfields_upload` WHERE `file` = '{$file}' AND `entry_id` = '{$entry_id}' AND `field_id` = '{$field_id}'"); } else { $this->_parent->log->pushToLog("Could not delete file '" . DOCROOT . $file . "' from entry. Check permissions.", SYM_LOG_ERROR, true); } } } if (is_array($value_raw['files']) && !empty($value_raw['files'])) { foreach ($value_raw['files'] as $file) { if ($file['error'] == 0 && $file['size'] != 0) { $filepath = "/" . $field['destination_folder'] . $file['name']; $retVal = General::uploadFile(DOCROOT . "/" . $field['destination_folder'], $file['name'], $file['tmp_name'], $this->_parent->getConfigVar("write_mode", "file")); if (!$retVal) { return false; } $array = array(); $array['entry_id'] = $entry_id; $array['field_id'] = $field_id; $array['file'] = $filepath; $array['type'] = $file['type']; $array['size'] = $file['size']; $this->_db->insert($array, 'tbl_entries2customfields_upload'); } } } if (is_array($existing_field) && !empty($existing_field)) { return true; } $field = array(); $field['value'] = NULL; $field['value_raw'] = NULL; $field['entry_id'] = $entry_id; $field['field_id'] = $field_id; $field['handle'] = NULL; return $this->_db->insert($field, 'tbl_entries2customfields'); } elseif ($field_type == 'foreign') { $this->_db->query("DELETE FROM `tbl_entries2customfields_list` WHERE `entry_id` = '{$entry_id}' AND `field_id` = '{$field_id}'"); $field = array(); if (is_array($value_raw) && !empty($value_raw)) { $field['value'] = NULL; $field['value_raw'] = NULL; foreach ($value_raw as $v) { $item = array(); $item['value'] = $v; $item['value_raw'] = General::sanitize($v); $item['entry_id'] = $entry_id; $item['field_id'] = $field_id; $item['handle'] = $v; $this->_db->insert($item, 'tbl_entries2customfields_list'); } } else { $field['value'] = $value_raw; $field['value_raw'] = $value_raw; } $field['handle'] = NULL; $field['entry_id'] = $entry_id; $field['field_id'] = $field_id; if (is_array($existing_field) && !empty($existing_field)) { $sql = "UPDATE `tbl_entries2customfields`\n\t\t\t\t\t\t\tSET `value_raw` = '" . mysql_escape_string($field['value_raw']) . "',\n\t\t\t\t\t\t\t\t`value` = '" . mysql_escape_string($field['value']) . "'\n\t\t\t\t\t\t\tWHERE `id` = '" . $existing_field['id'] . "' LIMIT 1"; return $this->_db->query($sql); } return $this->_db->insert($field, 'tbl_entries2customfields'); } elseif ($field_type == 'multiselect') { $this->_db->query("DELETE FROM `tbl_entries2customfields_list` WHERE `entry_id` = '{$entry_id}' AND `field_id` = '{$field_id}'"); if (is_array($value_raw) && !empty($value_raw)) { foreach ($value_raw as $item) { $field = array(); $field['value'] = $this->__applyFormattingToString($formatter, $item); $field['value_raw'] = General::sanitize($item); $field['entry_id'] = $entry_id; $field['field_id'] = $field_id; $field['handle'] = Lang::createHandle($item, $this->_parent->getConfigVar('handle_length', 'admin')); $this->_db->insert($field, 'tbl_entries2customfields_list'); } } if (is_array($existing_field) && !empty($existing_field)) { return true; } $field = array(); $field['value'] = NULL; $field['value_raw'] = NULL; $field['entry_id'] = $entry_id; $field['field_id'] = $field_id; $field['handle'] = NULL; return $this->_db->insert($field, 'tbl_entries2customfields'); } elseif ($field_type == 'list') { $list_items = preg_split('/,/', $value_raw, -1, PREG_SPLIT_NO_EMPTY); $list_items = array_map("trim", $list_items); $this->_db->query("DELETE FROM `tbl_entries2customfields_list` WHERE `entry_id` = '{$entry_id}' AND `field_id` = '{$field_id}'"); if (is_array($list_items) && !empty($list_items)) { foreach ($list_items as $item) { $field = array(); $field['value'] = $this->__applyFormattingToString($formatter, $item); $field['value_raw'] = General::sanitize($item); $field['entry_id'] = $entry_id; $field['field_id'] = $field_id; $field['handle'] = Lang::createHandle($item, $this->_parent->getConfigVar('handle_length', 'admin')); $this->_db->insert($field, 'tbl_entries2customfields_list'); } } $field = array(); $field['value'] = trim($this->__applyFormattingToString($formatter, $value_raw)); $field['value_raw'] = General::sanitize($value_raw); if (is_array($existing_field) && !empty($existing_field)) { $sql = "UPDATE `tbl_entries2customfields`\n\t\t\t\t\t\t\tSET `value_raw` = '" . mysql_escape_string($field['value_raw']) . "',\n\t\t\t\t\t\t\t\t`value` = '" . mysql_escape_string($field['value']) . "'\n\t\t\t\t\t\t\t\t" . ($handle ? ", `handle` = '{$handle}' " : "") . "\n\t\t\t\t\t\t\tWHERE `field_id` = '{$field_id}' AND `entry_id` = '{$entry_id}' LIMIT 1"; return $this->_db->query($sql); } $field['entry_id'] = $entry_id; $field['field_id'] = $field_id; $field['handle'] = NULL; return $this->_db->insert($field, 'tbl_entries2customfields'); } else { $value_raw = trim($value_raw); if ($field_type == 'checkbox' && !in_array(strtolower($value_raw), array('yes', 'no'))) { if ($value_raw == 'on') { $value_raw = 'yes'; } else { $value_raw = 'no'; } } $field = array(); $field['value'] = $this->__applyFormattingToString($formatter, $value_raw); $field['value_raw'] = General::sanitize($value_raw); if (is_array($existing_field) && !empty($existing_field)) { $sql = "UPDATE `tbl_entries2customfields`\n\t\t\t\t\t\t\tSET `value_raw` = '" . mysql_escape_string($field['value_raw']) . "',\n\t\t\t\t\t\t\t\t`value` = '" . mysql_escape_string($field['value']) . "'\n\t\t\t\t\t\t\t\t" . ($handle ? ", `handle` = '{$handle}' " : "") . "\n\t\t\t\t\t\t\tWHERE `field_id` = '{$field_id}' AND `entry_id` = '{$entry_id}' LIMIT 1"; return $this->_db->query($sql); } $field['entry_id'] = $entry_id; $field['field_id'] = $field_id; if ($handle) { $field['handle'] = $handle; } return $this->_db->insert($field, 'tbl_entries2customfields'); } }
public function processRawFieldData($data, &$status, &$message = null, $simulate = false, $entry_id = null) { $status = self::__OK__; // No file given, save empty data: if ($data === null) { return array('file' => null, 'mimetype' => null, 'size' => null, 'meta' => null); } // Its not an array, so just retain the current data and return: if (is_array($data) === false) { // Ensure the file exists in the `WORKSPACE` directory // @link http://symphony-cms.com/discuss/issues/view/610/ $file = WORKSPACE . preg_replace(array('%/+%', '%(^|/)\\.\\./%'), '/', $data); $result = array('file' => $data, 'mimetype' => null, 'size' => null, 'meta' => null); // Grab the existing entry data to preserve the MIME type and size information if (isset($entry_id)) { $row = Symphony::Database()->fetchRow(0, sprintf("SELECT `file`, `mimetype`, `size`, `meta` FROM `tbl_entries_data_%d` WHERE `entry_id` = %d", $this->get('id'), $entry_id)); if (empty($row) === false) { $result = $row; } } // Found the file, add any missing meta information: if (file_exists($file) && is_readable($file)) { if (empty($result['mimetype'])) { $result['mimetype'] = function_exists('mime_content_type') ? mime_content_type($file) : 'application/octet-stream'; } if (empty($result['size'])) { $result['size'] = filesize($file); } if (empty($result['meta'])) { $result['meta'] = serialize(self::getMetaInfo($file, $result['mimetype'])); } } else { $message = __('The file uploaded is no longer available. Please check that it exists, and is readable.'); $status = self::__INVALID_FIELDS__; } return $result; } if ($simulate && is_null($entry_id)) { return $data; } // Check to see if the entry already has a file associated with it: if (is_null($entry_id) === false) { $row = Symphony::Database()->fetchRow(0, sprintf("SELECT * FROM `tbl_entries_data_%s` WHERE `entry_id` = %d LIMIT 1", $this->get('id'), $entry_id)); $existing_file = '/' . trim($row['file'], '/'); // File was removed: if ($data['error'] == UPLOAD_ERR_NO_FILE && !is_null($existing_file) && is_file(WORKSPACE . $existing_file)) { General::deleteFile(WORKSPACE . $existing_file); } } // Do not continue on upload error: if ($data['error'] == UPLOAD_ERR_NO_FILE || $data['error'] != UPLOAD_ERR_OK) { return false; } // Where to upload the new file? $abs_path = DOCROOT . '/' . trim($this->get('destination'), '/'); $rel_path = str_replace('/workspace', '', $this->get('destination')); // If a file already exists, then rename the file being uploaded by // adding `_1` to the filename. If `_1` already exists, the logic // will keep adding 1 until a filename is available (#672) if (file_exists($abs_path . '/' . $data['name'])) { $extension = General::getExtension($data['name']); $new_file = substr($abs_path . '/' . $data['name'], 0, -1 - strlen($extension)); $renamed_file = $new_file; $count = 1; do { $renamed_file = $new_file . '_' . $count . '.' . $extension; $count++; } while (file_exists($renamed_file)); // Extract the name filename from `$renamed_file`. $data['name'] = str_replace($abs_path . '/', '', $renamed_file); } // Sanitize the filename $data['name'] = Lang::createFilename($data['name']); $file = rtrim($rel_path, '/') . '/' . trim($data['name'], '/'); // Attempt to upload the file: $uploaded = General::uploadFile($abs_path, $data['name'], $data['tmp_name'], Symphony::Configuration()->get('write_mode', 'file')); if ($uploaded === false) { $message = __('There was an error while trying to upload the file %1$s to the target directory %2$s.', array('<code>' . $data['name'] . '</code>', '<code>workspace/' . ltrim($rel_path, '/') . '</code>')); $status = self::__ERROR_CUSTOM__; return false; } // File has been replaced: if (isset($existing_file) && strtolower($existing_file) != strtolower($file) && is_file(WORKSPACE . $existing_file)) { General::deleteFile(WORKSPACE . $existing_file); } // If browser doesn't send MIME type (e.g. .flv in Safari) if (strlen(trim($data['type'])) == 0) { $data['type'] = function_exists('mime_content_type') ? mime_content_type($file) : 'application/octet-stream'; } return array('file' => $file, 'size' => $data['size'], 'mimetype' => $data['type'], 'meta' => serialize(self::getMetaInfo(WORKSPACE . $file, $data['type']))); }