public static function getPathSet( $manager = '') { $group = PhocaDownloadSettings::getManagerGroup($manager); // Params $paramsC = JComponentHelper::getParams( 'com_phocadownload' ); // Folder where to stored files for download $downloadFolder = $paramsC->get( 'download_folder', 'phocadownload' ); $downloadFolderPap = $paramsC->get( 'download_folder_pap', 'phocadownloadpap' ); // Absolute path which can be outside public_html - if this will be set, download folder will be ignored $absolutePath = $paramsC->get( 'absolute_path', '' ); // Path of preview and play $downloadFolderPap = JPath::clean($downloadFolderPap); $path['orig_abs_pap'] = JPATH_ROOT . DS . $downloadFolderPap; $path['orig_abs_pap_ds'] = $path['orig_abs_pap'] . DS ; if ($group['f'] == 2) { // Images $path['orig_abs'] = JPATH_ROOT . DS . 'images' . DS . 'phocadownload' ; $path['orig_abs_ds'] = $path['orig_abs'] . DS ; $path['orig_abs_user_upload'] = $path['orig_abs'] . DS . 'userupload' ; $path['orig_abs_user_upload_pap']= $path['orig_abs_pap'] . DS . 'userupload' ; $path['orig_rel_ds'] = '../images/phocadownload/'; } else if ($group['f'] == 3) { // Play and Preview $path['orig_abs'] = $path['orig_abs_pap']; $path['orig_abs_ds'] = $path['orig_abs_pap_ds']; $path['orig_abs_user_upload'] = $path['orig_abs'] . DS . 'userupload' ; $path['orig_abs_user_upload_pap']= $path['orig_abs_pap'] . DS . 'userupload' ; $path['orig_rel_ds'] = '../'.str_replace('/', DS, JPath::clean($downloadFolderPap)).'/'; } else { // Standard Path if ($absolutePath != '') { $downloadFolder = str_replace('/', DS, JPath::clean($absolutePath)); $path['orig_abs'] = str_replace('/', DS, JPath::clean($absolutePath)); $path['orig_abs_ds'] = JPath::clean($path['orig_abs'] . DS) ; $path['orig_abs_user_upload'] = JPath::clean($path['orig_abs'] . DS . 'userupload') ; $path['orig_abs_user_upload_pap']= JPath::clean($path['orig_abs_pap'] . DS . 'userupload') ; //$downloadFolderRel = str_replace(DS, '/', JPath::clean($downloadFolder)); $path['orig_rel_ds'] = ''; } else { $downloadFolder = str_replace('/', DS, JPath::clean($downloadFolder)); $path['orig_abs'] = JPATH_ROOT . DS . $downloadFolder ; $path['orig_abs_ds'] = JPATH_ROOT . DS . $downloadFolder . DS ; $path['orig_abs_user_upload'] = $path['orig_abs'] . DS . 'userupload' ; $path['orig_abs_user_upload_pap']= $path['orig_abs_pap'] . DS . 'userupload' ; $downloadFolderRel = str_replace(DS, '/', JPath::clean($downloadFolder)); $path['orig_rel_ds'] = '../' . $downloadFolderRel .'/'; } } return $path; }
protected function getInput() { // Initialize variables. $html = array(); // Manager $managerOutput = $this->element['manager'] ? '&manager=' . (string) $this->element['manager'] : ''; $group = PhocaDownloadSettings::getManagerGroup((string) $this->element['manager']); $textButton = 'COM_PHOCADOWNLOAD_FORM_SELECT_' . strtoupper($group['t']); $link = 'index.php?option=com_phocadownload&view=phocadownloadmanager' . $group['c'] . $managerOutput . '&field=' . $this->id; // Initialize some field attributes. $attr = $this->element['class'] ? ' class="' . (string) $this->element['class'] . '"' : ''; $attr .= $this->element['size'] ? ' size="' . (int) $this->element['size'] . '"' : ''; // Initialize JavaScript field attributes. $onchange = (string) $this->element['onchange']; // Load the modal behavior script. JHtml::_('behavior.modal', 'a.modal_' . $this->id); // If external image, we don't need the filename will be required $extId = (int) $this->form->getValue('extid'); if ($extId > 0) { $readonly = ' readonly="readonly"'; return '<input type="text" name="' . $this->name . '" id="' . $this->id . '" value="-" ' . $attr . $readonly . ' />'; } // Build the script. $script = array(); $script[] = ' function phocaSelectFileName_' . $this->id . '(title) {'; $script[] = ' document.getElementById("' . $this->id . '_id").value = title;'; $script[] = ' ' . $onchange; $script[] = ' SqueezeBox.close();'; $script[] = ' }'; // Add the script to the document head. JFactory::getDocument()->addScriptDeclaration(implode("\n", $script)); /*$html[] = '<div class="fltlft">'; $html[] = ' <input type="text" id="'.$this->id.'_id" name="'.$this->name.'" value="'. $this->value.'"' . ' '.$attr.' />'; $html[] = '</div>'; // Create the user select button. $html[] = '<div class="button2-left">'; $html[] = ' <div class="blank">'; $html[] = ' <a class="modal_'.$this->id.'" title="'.JText::_($textButton).'"' . ' href="'.($this->element['readonly'] ? '' : $link).'"' . ' rel="{handler: \'iframe\', size: {x: 780, y: 560}}">'; $html[] = ' '.JText::_($textButton).'</a>'; $html[] = ' </div>'; $html[] = '</div>';*/ $html[] = '<div class="input-append">'; $html[] = '<input type="text" id="' . $this->id . '_id" name="' . $this->name . '" value="' . $this->value . '"' . ' ' . $attr . ' />'; $html[] = '<a class="modal_' . $this->id . ' btn" title="' . JText::_($textButton) . '"' . ' href="' . ($this->element['readonly'] ? '' : $link) . '"' . ' rel="{handler: \'iframe\', size: {x: 780, y: 560}}">' . JText::_($textButton) . '</a>'; $html[] = '</div>' . "\n"; return implode("\n", $html); }
{pdfiledate} {pddownloads} {pddescription} {pdfeatures} {pdchangelog} {pdnotes} <div class="pd-mirrors">{pdmirrorlink2} {pdmirrorlink1}</div> <div class="pd-report">{pdreportlink}</div> <div class="pd-rating">{pdrating}</div> <div class="pd-tags">{pdtags}</div> <div class="pd-cb"></div> </div>';*/ $fileLayout = PhocaDownloadSettings::getLayoutText('file'); $fileLayoutParams = PhocaDownloadSettings::getLayoutParams('file'); $replace = array($pdTitle, $pdImage, $pdFile, $pdFileSize, $pdVersion, $pdLicense, $pdAuthor, $pdAuthorEmail, $pdFileDate, $pdDownloads, $pdDescription, $pdFeatures, $pdChangelog, $pdNotes, $pdMirrorLink1, $pdMirrorLink2, $pdReportLink, $pdRating, $pdTags, $pdVideo); $output = str_replace($fileLayoutParams['search'], $replace, $fileLayout); echo $output; } // --------------------------------------------------- $o = '<div class="pd-cb"> </div>'; if ((int)$v->confirm_license > 0) { $o .= '<h4 class="pdfv-confirm-lic-text">'.JText::_('COM_PHOCADOWNLOAD_LICENSE_AGREEMENT').'</h4>'; $o .= '<div id="phoca-dl-license" style="height:'.(int)$this->t['licenseboxheight'].'px">'.$v->licensetext.'</div>';
if ($pdDesc != '') { echo '<li class="description">' . $pdDesc . '</li>'; } echo $pdSubcategories; echo '</ul>'; echo '</div>'; echo $pdClear; } else { $categoriesLayout = PhocaDownloadSettings::getLayoutText('categories'); /*'<div class="pd-categoriesbox"> <div class="pd-title">{pdtitle}</div> {pdsubcategories} {pdclear} </div>'; //<div class="pd-desc">{pdDescription}</div>*/ $categoriesLayoutParams = PhocaDownloadSettings::getLayoutParams('categories'); $replace = array($pdTitle, $pdDesc, $pdSubcategories, $pdClear); $output = str_replace($categoriesLayoutParams['search'], $replace, $categoriesLayout); echo $output; } } } } //echo '</div>'; echo '<div class="pd-cb"></div>'; // - - - - - - - - - - // Most viewed docs (files) // - - - - - - - - - - $outputFile = ''; if (!empty($this->t['mostvieweddocs']) && $this->t['displaymostdownload'] == 1) { $l = new PhocaDownloadLayout();
public static function download($fileData, $downloadId, $currentLink, $type = 0) { $app = JFactory::getApplication(); $params = $app->getParams(); $directLink = $fileData['directlink']; // Direct Link 0 or 1 $externalLink = $fileData['externallink']; $absOrRelFile = $fileData['file']; // Relative Path or Absolute Path // Type = 1 - Token - unique download link - cannot be direct if ($type == 1) { $directLink = 0; } // NO FILES FOUND (abs file) $error = false; $error = preg_match("/COM_PHOCADOWNLOAD_ERROR/i", $absOrRelFile); if ($error) { $msg = JText::_('COM_PHOCADOWNLOAD_ERROR_WHILE_DOWNLOADING_FILE') . ' ' . JText::_($absOrRelFile); $app->redirect(JRoute::_($currentLink), $msg); } else { // Get extensions $extension = JFile::getExt(strtolower($absOrRelFile)); $aft = $params->get('allowed_file_types_download', PhocaDownloadSettings::getDefaultAllowedMimeTypesDownload()); $dft = $params->get('disallowed_file_types_download', ''); // Get Mime from params ( ext --> mime) $allowedMimeType = PhocaDownloadFile::getMimeType($extension, $aft); $disallowedMimeType = PhocaDownloadFile::getMimeType($extension, $dft); // NO MIME FOUND $errorAllowed = false; // !!! IF YES - Disallow Downloading $errorDisallowed = false; // !!! IF YES - Allow Downloading $errorAllowed = preg_match("/PhocaError/i", $allowedMimeType); $errorDisallowed = preg_match("/PhocaError/i", $disallowedMimeType); $ignoreDownloadCheck = $params->get('ignore_file_types_check', 2); if ($ignoreDownloadCheck == 3 || $ignoreDownloadCheck == 4 || $ignoreDownloadCheck == 5) { $errorAllowed = false; $errorDisallowed = true; } if ($errorAllowed) { $msg = JText::_('COM_PHOCADOWNLOAD_WARNFILETYPE_DOWNLOAD'); $app->redirect(JRoute::_($currentLink), $msg); } else { if (!$errorDisallowed) { $msg = JText::_('COM_PHOCADOWNLOAD_WARNFILETYPE_DISALLOWED_DOWNLOAD'); $app->redirect(JRoute::_($currentLink), $msg); } else { if ($directLink == 1) { // Direct Link on the same server $fileWithoutPath = basename($absOrRelFile); $addHit = self::hit($downloadId); if ($type == 1) { self::hitToken($downloadId); } if ((int) $params->get('send_mail_download', 0) > 0) { PhocaDownloadMail::sendMail((int) $params->get('send_mail_download', 0), $fileWithoutPath, 1); } // USER Statistics if ((int) $params->get('enable_user_statistics', 1) == 1) { $addUserStat = PhocaDownloadStat::createUserStatEntry($downloadId); } PhocaDownloadLog::log($downloadId, 1); $app->redirect($absOrRelFile); exit; } else { if ($directLink == 0 && $externalLink != '') { // External Link but with redirect // In case there is directLink the external Link does not go this way but directly to the external URL $addHit = self::hit($downloadId); if ($type == 1) { self::hitToken($downloadId); } if ((int) $params->get('send_mail_download', 0) > 0) { PhocaDownloadMail::sendMail((int) $params->get('send_mail_download', 0), $externalLink, 1); } // USER Statistics if ((int) $params->get('enable_user_statistics', 1) == 1) { $addUserStat = PhocaDownloadStat::createUserStatEntry($downloadId); } PhocaDownloadLog::log($downloadId, 1); $app->redirect($externalLink); exit; } else { // Clears file status cache clearstatcache(); $fileWithoutPath = basename($absOrRelFile); $fileSize = filesize($absOrRelFile); $mimeType = ''; $mimeType = $allowedMimeType; // HIT Statistics $addHit = self::hit($downloadId); if ($type == 1) { self::hitToken($downloadId); } if ((int) $params->get('send_mail_download', 0) > 0) { PhocaDownloadMail::sendMail((int) $params->get('send_mail_download', 0), $fileWithoutPath, 1); } // USER Statistics if ((int) $params->get('enable_user_statistics', 1) == 1) { $addUserStat = PhocaDownloadStat::createUserStatEntry($downloadId); } PhocaDownloadLog::log($downloadId, 1); if ($fileSize == 0) { die(JText::_('COM_PHOCADOWNLOAD_FILE_SIZE_EMPTY')); exit; } // Clean the output buffer ob_end_clean(); // test for protocol and set the appropriate headers jimport('joomla.environment.uri'); $_tmp_uri = JURI::getInstance(JURI::current()); $_tmp_protocol = $_tmp_uri->getScheme(); if ($_tmp_protocol == "https") { // SSL Support header('Cache-Control: private, max-age=0, must-revalidate, no-store'); } else { header("Cache-Control: public, must-revalidate"); header('Cache-Control: pre-check=0, post-check=0, max-age=0'); header("Pragma: no-cache"); header("Expires: 0"); } /* end if protocol https */ header("Content-Description: File Transfer"); header("Expires: Sat, 30 Dec 1990 07:07:07 GMT"); header("Accept-Ranges: bytes"); // HTTP Range /* $httpRange = 0; if(isset($_SERVER['HTTP_RANGE'])) { list($a, $httpRange) = explode('=', $_SERVER['HTTP_RANGE']); str_replace($httpRange, '-', $httpRange); $newFileSize = $fileSize - 1; $newFileSizeHR = $fileSize - $httpRange; header("HTTP/1.1 206 Partial Content"); header("Content-Length: ".(string)$newFileSizeHR); header("Content-Range: bytes ".$httpRange . $newFileSize .'/'. $fileSize); } else { $newFileSize = $fileSize - 1; header("Content-Length: ".(string)$fileSize); header("Content-Range: bytes 0-".$newFileSize . '/'.$fileSize); } header("Content-Type: " . (string)$mimeType); header('Content-Disposition: attachment; filename="'.$fileWithoutPath.'"'); header("Content-Transfer-Encoding: binary\n");*/ // Modified by Rene // HTTP Range - see RFC2616 for more informations (http://www.ietf.org/rfc/rfc2616.txt) $httpRange = 0; $newFileSize = $fileSize - 1; // Default values! Will be overridden if a valid range header field was detected! $resultLenght = (string) $fileSize; $resultRange = "0-" . $newFileSize; // We support requests for a single range only. // So we check if we have a range field. If yes ensure that it is a valid one. // If it is not valid we ignore it and sending the whole file. if (isset($_SERVER['HTTP_RANGE']) && preg_match('%^bytes=\\d*\\-\\d*$%', $_SERVER['HTTP_RANGE'])) { // Let's take the right side list($a, $httpRange) = explode('=', $_SERVER['HTTP_RANGE']); // and get the two values (as strings!) $httpRange = explode('-', $httpRange); // Check if we have values! If not we have nothing to do! if (!empty($httpRange[0]) || !empty($httpRange[1])) { // We need the new content length ... $resultLenght = $fileSize - $httpRange[0] - $httpRange[1]; // ... and we can add the 206 Status. header("HTTP/1.1 206 Partial Content"); // Now we need the content-range, so we have to build it depending on the given range! // ex.: -500 -> the last 500 bytes if (empty($httpRange[0])) { $resultRange = $resultLenght . '-' . $newFileSize; } elseif (empty($httpRange[1])) { $resultRange = $httpRange[0] . '-' . $newFileSize; } else { $resultRange = $httpRange[0] . '-' . $httpRange[1]; } //header("Content-Range: bytes ".$httpRange . $newFileSize .'/'. $fileSize); } } header("Content-Length: " . $resultLenght); header("Content-Range: bytes " . $resultRange . '/' . $fileSize); header("Content-Type: " . (string) $mimeType); header('Content-Disposition: attachment; filename="' . $fileWithoutPath . '"'); header("Content-Transfer-Encoding: binary\n"); // TEST TEMP SOLUTION ob_end_clean(); //@readfile($absOrRelFile); // Try to deliver in chunks @set_time_limit(0); $fp = @fopen($absOrRelFile, 'rb'); if ($fp !== false) { while (!feof($fp)) { echo fread($fp, 8192); } fclose($fp); } else { @readfile($absOrRelFile); } flush(); exit; /* http://www.phoca.cz/forum/viewtopic.php?f=31&t=11811 $fp = @fopen($absOrRelFile, 'rb'); // HTTP Range - see RFC2616 for more informations (http://www.ietf.org/rfc/rfc2616.txt) $newFileSize = $fileSize - 1; // Default values! Will be overridden if a valid range header field was detected! $rangeStart = 0; $rangeEnd = 0; $resultLength = $fileSize; // We support requests for a single range only. // So we check if we have a range field. If yes ensure that it is a valid one. // If it is not valid we ignore it and sending the whole file. if ($fp && isset($_SERVER['HTTP_RANGE']) && preg_match('%^bytes=\d*\-\d*$%', $_SERVER['HTTP_RANGE'])) { // Let's take the right side list($a, $httpRange) = explode('=', $_SERVER['HTTP_RANGE']); // and get the two values (as strings!) $httpRange = explode('-', $httpRange); // Check if we have values! If not we have nothing to do! if (sizeof($httpRange) == 2) { // Explictly convert to int $rangeStart = intval($httpRange[0]); $rangeEnd = intval($httpRange[1]); // Allowed to be empty == 0 if (($rangeStart || $rangeEnd) // something actually set? && $rangeStart < $fileSize // must be smaller && $rangeEnd < $fileSize // must be smaller && (!$rangeEnd || $rangeEnd > $rangeStart) // end > start, if end is set ) { header("HTTP/1.1 206 Partial Content"); if (!$rangeEnd) { $resultLength = $fileSize - $rangeStart; $range = $rangeStart . "-" . ($fileSize - 1) . "/" . $fileSize; } else { $resultLength = ($rangeEnd - $rangeStart 1); $range = $rangeStart . "-" . $rangeEnd . "/" . $fileSize; } header("Content-Range: bytes " . $range); } else { // Didn't validate: kill $rangeStart = 0; $rangeEnd = 0; } } } header("Content-Length: ". $resultLength); header("Content-Type: " . (string)$mimeType); header('Content-Disposition: attachment; filename="'.$fileWithoutPath.'"'); header("Content-Transfer-Encoding: binary\n"); @@ -211,13 +198,25 @@ class PhocaDownloadAccessFront // Try to deliver in chunks @set_time_limit(0); if ($fp !== false) { if ($rangeStart) { // Need to pass only part of the file, starting at $rangeStart fseek($fp, $rangeStart, SEEK_SET); } // If $rangeEnd is open ended (0, whole file from $rangeStart) try fpassthru, // else send in small chunks if ($rangeEnd || @!fpassthru($fp)) { while ($resultLength > 0 && !feof($fp)) { // 4 * 1460 (default MSS with ethernet 1500 MTU) // This is optimized for network packets, not disk access $bytes = min(5840, $resultLength); echo fread($fp, $bytes); $resultLength = $resultLength - $bytes; } } fclose($fp); } else { // Ranges are disabled at this point and were never set up @readfile($absOrRelFile); } flush(); exit; */ } } } } } return false; }
public static function canUpload( $file, &$err, $manager = '', $frontEnd = 0, $chunkEnabled = 0, $realSize = 0) { $paramsC = JComponentHelper::getParams( 'com_phocadownload' ); if ($frontEnd == 1) { $aft = $paramsC->get( 'allowed_file_types_upload', PhocaDownloadSettings::getDefaultAllowedMimeTypesUpload() ); $dft = $paramsC->get( 'disallowed_file_types_upload', '' ); $allowedMimeType = PhocaDownloadFile::getMimeTypeString($aft); $disallowedMimeType = PhocaDownloadFile::getMimeTypeString($dft); $ignoreUploadCh = 0; $ignoreUploadCheck = $params->get( 'ignore_file_types_check', 2 ); if ($ignoreUploadCheck == 1 || $ignoreUploadCheck == 4 ) { $ignoreUploadCh = 1; } } else { $aft = $paramsC->get( 'allowed_file_types_download', PhocaDownloadSettings::getDefaultAllowedMimeTypesDownload() ); $dft = $paramsC->get( 'disallowed_file_types_download', '' ); $allowedMimeType = PhocaDownloadFile::getMimeTypeString($aft); $disallowedMimeType = PhocaDownloadFile::getMimeTypeString($dft); $ignoreUploadCh = 0; $ignoreUploadCheck = $paramsC->get( 'ignore_file_types_check', 2 ); if ($ignoreUploadCheck == 5 || $ignoreUploadCheck == 5 ) { $ignoreUploadCh = 1; } } $paramsL = array(); $group = PhocaDownloadSettings::getManagerGroup($manager); if ($group['f'] == 2) { $paramsL['upload_extensions'] = 'gif,jpg,png,jpeg'; $paramsL['image_extensions'] = 'gif,jpg,png,jpeg'; $paramsL['upload_mime'] = 'image/jpeg,image/gif,image/png'; $paramsL['upload_mime_illegal'] ='application/x-shockwave-flash,application/msword,application/excel,application/pdf,application/powerpoint,text/plain,application/x-zip,text/html'; $paramsL['upload_ext_illegal'] = $disallowedMimeType['ext']; } else { $paramsL['upload_extensions'] = $allowedMimeType['ext']; $paramsL['image_extensions'] = 'bmp,gif,jpg,png,jpeg'; $paramsL['upload_mime'] = $allowedMimeType['mime']; $paramsL['upload_mime_illegal'] = $disallowedMimeType['mime']; $paramsL['upload_ext_illegal'] = $disallowedMimeType['ext']; } // The file doesn't exist if(empty($file['name'])) { $err = 'COM_PHOCADOWNLOAD_WARNING_INPUT_FILE_UPLOAD'; return false; } // Not safe file jimport('joomla.filesystem.file'); if ($file['name'] !== JFile::makesafe($file['name'])) { $err = 'COM_PHOCADOWNLOAD_WARNFILENAME'; return false; } $format = strtolower(JFile::getExt($file['name'])); if ($ignoreUploadCh == 1) { } else { $allowable = explode( ',', $paramsL['upload_extensions']); $notAllowable = explode( ',', $paramsL['upload_ext_illegal']); if(in_array($format, $notAllowable)) { $err = 'COM_PHOCADOWNLOAD_WARNFILETYPE_DISALLOWED'; return false; } //if (!in_array($format, $allowable)) { if ($format == '' || $format == false || (!in_array($format, $allowable))) { $err = 'COM_PHOCADOWNLOAD_WARNFILETYPE_NOT_ALLOWED'; return false; } } // Max size of image // If chunk method is used, we need to get computed size $maxSize = $paramsC->get( 'upload_maxsize', 3145728 ); if ((int)$frontEnd > 0) { $maxSize = $paramsC->get( 'user_file_upload_size', 3145728 ); } else { $maxSize = $paramsC->get( 'upload_maxsize', 3145728 ); } if ($chunkEnabled == 1) { if ((int)$maxSize > 0 && (int)$realSize > (int)$maxSize) { $err = 'COM_PHOCADOWNLOAD_WARNFILETOOLARGE'; return false; } } else { if ((int)$maxSize > 0 && (int)$file['size'] > (int)$maxSize) { $err = 'COM_PHOCADOWNLOAD_WARNFILETOOLARGE'; return false; } } // User (only in ucp) - Check the size of all files by users if ($frontEnd == 2) { $user = JFactory::getUser(); $maxUserUploadSize = (int)$paramsC->get( 'user_files_max_size', 20971520 ); $maxUserUploadCount = (int)$paramsC->get( 'user_files_max_count', 5 ); $allFile = PhocaDownloadUser:: getUserFileInfo($file, $user->id); if ($chunkEnabled == 1) { $fileSize = $realSize; } else { $fileSize = $file['size']; } if ((int)$maxUserUploadSize > 0 && (int) $allFile['size'] > $maxUserUploadSize) { $err = JText::_('COM_PHOCADOWNLOAD_WARNUSERFILESTOOLARGE'); return false; } if ((int) $allFile['count'] > $maxUserUploadCount) { $err = JText::_('COM_PHOCADOWNLOAD_WARNUSERFILESTOOMUCH'); return false; } } // Image check $imginfo = null; $images = explode( ',', $paramsL['image_extensions']); if(in_array($format, $images)) { // if its an image run it through getimagesize $group = PhocaDownloadSettings::getManagerGroup($manager); if($group['i'] == 1) { if ($chunkEnabled != 1) { if(($imginfo = getimagesize($file['tmp_name'])) === FALSE) { $err = 'COM_PHOCADOWNLOAD_WARNINVALIDIMG'; $err = $imginfo[0]; return false; } } } } else if(!in_array($format, $images)) { // if its not an image...and we're not ignoring it $allowed_mime = explode(',', $paramsL['upload_mime']); $illegal_mime = explode(',', $paramsL['upload_mime_illegal']); if(function_exists('finfo_open')) {// We have fileinfo $finfo = finfo_open(FILEINFO_MIME); $type = finfo_file($finfo, $file['tmp_name']); if(strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) { $err = 'COM_PHOCADOWNLOAD_WARNINVALIDMIME'; return false; } finfo_close($finfo); } else if(function_exists('mime_content_type')) { // we have mime magic $type = mime_content_type($file['tmp_name']); if(strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) { $err = 'COM_PHOCADOWNLOAD_WARNINVALIDMIME'; return false; } } } // XSS Check $xss_check = JFile::read($file['tmp_name'],false,256); $html_tags = PhocaDownloadSettings::getHTMLTagsUpload(); foreach($html_tags as $tag) { // A tag is '<tagname ', so we need to add < and a space or '<tagname>' if(stristr($xss_check, '<'.$tag.' ') || stristr($xss_check, '<'.$tag.'>')) { $err = 'COM_PHOCADOWNLOAD_WARNIEXSS'; return false; } } return true; }
<?php defined('_JEXEC') or die('Restricted access'); $group = PhocaDownloadSettings::getManagerGroup($this->manager); $link = 'index.php?option=' . $this->t['o'] . '&view=' . $this->t['task'] . '&manager=' . $this->manager . $group['c'] . '&folder=' . $this->folderstate->parent . '&field=' . $this->field; echo '<tr><td> </td>' . '<td class="ph-img-table">' . '<a href="' . $link . '" >' . JHTML::_('image', $this->t['i'] . 'icon-16-up.png', '') . '</a>' . '</td>' . '<td><a href="' . $link . '" >..</a></td>' . '</tr>';
public function display($tpl = null) { $this->t = PhocaDownloadUtils::setVars('manager'); $this->field = JRequest::getVar('field'); $this->fce = 'phocaSelectFileName_' . $this->field; JHTML::stylesheet($this->t['s']); $this->folderstate = $this->get('FolderState'); $this->files = $this->get('Files'); $this->folders = $this->get('Folders'); $this->session = JFactory::getSession(); $this->manager = JRequest::getVar('manager', '', '', 'file'); if ($this->manager == 'filemultiple') { $this->form = $this->get('Form'); } $params = JComponentHelper::getParams($this->t['o']); $this->t['multipleuploadchunk'] = $params->get('multiple_upload_chunk', 0); $this->t['uploadmaxsize'] = $params->get('upload_maxsize', 3145728); $this->t['uploadmaxsizeread'] = PhocaDownloadFile::getFileSizeReadable($this->t['uploadmaxsize']); $this->t['enablemultiple'] = $params->get('enable_multiple_upload_admin', 0); $this->t['multipleuploadmethod'] = $params->get('multiple_upload_method', 1); $this->currentFolder = ''; if (isset($this->folderstate->folder) && $this->folderstate->folder != '') { $this->currentFolder = $this->folderstate->folder; } // - - - - - - - - - - //TABS // - - - - - - - - - - $this->t['tab'] = JRequest::getVar('tab', '', '', 'string'); $this->t['displaytabs'] = 0; // UPLOAD $this->t['currenttab']['upload'] = $this->t['displaytabs']; $this->t['displaytabs']++; // MULTIPLE UPLOAD if ((int) $this->t['enablemultiple'] >= 0) { $this->t['currenttab']['multipleupload'] = $this->t['displaytabs']; $this->t['displaytabs']++; } $group = PhocaDownloadSettings::getManagerGroup($this->manager); // - - - - - - - - - - - // Upload // - - - - - - - - - - - $sU = new PhocaDownloadFileUploadSingle(); $sU->returnUrl = 'index.php?option=com_phocadownload&view=phocadownloadmanager&tab=upload' . str_replace('&', '&', $group['c']) . '&manager=' . $this->manager . '&field=' . $this->field . '&folder=' . $this->currentFolder; $sU->tab = 'upload'; $this->t['su_output'] = $sU->getSingleUploadHTML(); $this->t['su_url'] = JURI::base() . 'index.php?option=com_phocadownload&task=phocadownloadupload.upload&' . $this->session->getName() . '=' . $this->session->getId() . '&' . JSession::getFormToken() . '=1&viewback=phocadownloadmanager&manager=' . $this->manager . '&field=' . $this->field . '&' . 'folder=' . $this->currentFolder . '&tab=upload'; // - - - - - - - - - - - // Multiple Upload // - - - - - - - - - - - // Get infos from multiple upload $muFailed = JRequest::getVar('mufailed', '0', '', 'int'); $muUploaded = JRequest::getVar('muuploaded', '0', '', 'int'); $this->t['mu_response_msg'] = $muUploadedMsg = ''; if ($muUploaded > 0) { $muUploadedMsg = JText::_('COM_PHOCADOWNLOAD_COUNT_UPLOADED_FILE') . ': ' . $muUploaded; } if ($muFailed > 0) { $muFailedMsg = JText::_('COM_PHOCADOWNLOAD_COUNT_NOT_UPLOADED_FILE') . ': ' . $muFailed; } if ($muFailed > 0 && $muUploaded > 0) { $this->t['mu_response_msg'] = '<div class="alert alert-info">' . '<button type="button" class="close" data-dismiss="alert">×</button>' . JText::_('COM_PHOCADOWNLOAD_COUNT_UPLOADED_FILE') . ': ' . $muUploaded . '<br />' . JText::_('COM_PHOCADOWNLOAD_COUNT_NOT_UPLOADED_FILE') . ': ' . $muFailed . '</div>'; } else { if ($muFailed > 0 && $muUploaded == 0) { $this->t['mu_response_msg'] = '<div class="alert alert-error">' . '<button type="button" class="close" data-dismiss="alert">×</button>' . JText::_('COM_PHOCADOWNLOAD_COUNT_NOT_UPLOADED_FILE') . ': ' . $muFailed . '</div>'; } else { if ($muFailed == 0 && $muUploaded > 0) { $this->t['mu_response_msg'] = '<div class="alert alert-success">' . '<button type="button" class="close" data-dismiss="alert">×</button>' . JText::_('COM_PHOCADOWNLOAD_COUNT_UPLOADED_FILE') . ': ' . $muUploaded . '</div>'; } else { $this->t['mu_response_msg'] = ''; } } } if ((int) $this->t['enablemultiple'] >= 0) { PhocadownloadFileUploadMultiple::renderMultipleUploadLibraries(); $mU = new PhocaDownloadFileUploadMultiple(); $mU->frontEnd = 0; $mU->method = $this->t['multipleuploadmethod']; $mU->url = JURI::base() . 'index.php?option=com_phocadownload&task=phocadownloadupload.multipleupload&' . $this->session->getName() . '=' . $this->session->getId() . '&' . JSession::getFormToken() . '=1&tab=multipleupload&manager=' . $this->manager . '&field=' . $this->field . '&folder=' . $this->currentFolder; $mU->reload = JURI::base() . 'index.php?option=com_phocadownload&view=phocadownloadmanager' . str_replace('&', '&', $group['c']) . '&' . $this->session->getName() . '=' . $this->session->getId() . '&' . JSession::getFormToken() . '=1&tab=multipleupload&' . 'manager=' . $this->manager . '&field=' . $this->field . '&folder=' . $this->currentFolder; $mU->maxFileSize = PhocadownloadFileUploadMultiple::getMultipleUploadSizeFormat($this->t['uploadmaxsize']); $mU->chunkSize = '1mb'; $mU->renderMultipleUploadJS(0, $this->t['multipleuploadchunk']); $this->t['mu_output'] = $mU->getMultipleUploadHTML(); } $this->t['ftp'] = !JClientHelper::hasCredentials('ftp'); $this->t['path'] = PhocaDownloadPath::getPathSet($this->manager); $this->addToolbar(); parent::display($tpl); echo JHTML::_('behavior.keepalive'); }
function getList() { static $list; //Params $params = JComponentHelper::getParams('com_phocadownload'); // Only process the list once per request if (is_array($list)) { return $list; } // Get current path from request $current = $this->getState('folder'); // If undefined, set to empty if ($current == 'undefined') { $current = ''; } // File Manager, Icon Manager $manager = $this->getState('manager'); if ($manager == 'undefined') { $manager = ''; } $path = PhocaDownloadPath::getPathSet($manager); $group = PhocaDownloadSettings::getManagerGroup($manager); //$path = PhocaDownloadPath::getPathSet(); // Initialize variables if (strlen($current) > 0) { $orig_path = $path['orig_abs_ds'] . $current; } else { $orig_path = $path['orig_abs_ds']; } $orig_path_server = str_replace(DS, '/', $path['orig_abs'] . '/'); // Absolute Path defined by user $absolutePath = $params->get('absolute_path', ''); $absolutePath = str_replace(DS, '/', $absolutePath); // Be aware - absolute path is not set for images folder and for preview and play folder - see documentation if ($absolutePath != '' && $group['f'] == 1) { $orig_path_server = str_replace(DS, '/', JPath::clean($absolutePath . '/')); //$absolutePath ; } $files = array(); $folders = array(); // Get the list of files and folders from the given folder $file_list = JFolder::files($orig_path); $folder_list = JFolder::folders($orig_path, '', false, false, array()); // Iterate over the files if they exist //file - abc.img, file_no - folder/abc.img if ($file_list !== false) { foreach ($file_list as $file) { if (is_file($orig_path . DS . $file) && substr($file, 0, 1) != '.' && strtolower($file) !== 'index.html') { $tmp = new JObject(); $tmp->name = basename($file); $tmp->path_with_name = str_replace(DS, '/', JPath::clean($orig_path . DS . $file)); $tmp->path_without_name_relative = $path['orig_rel_ds'] . str_replace($orig_path_server, '', $tmp->path_with_name); $tmp->path_with_name = str_replace(DS, '/', JPath::clean($orig_path . DS . $file)); $tmp->path_with_name_relative_no = str_replace($orig_path_server, '', $tmp->path_with_name); $files[] = $tmp; } } } // Iterate over the folders if they exist if ($folder_list !== false) { foreach ($folder_list as $folder) { $tmp = new JObject(); $tmp->name = basename($folder); $tmp->path_with_name = str_replace(DS, '/', JPath::clean($orig_path . DS . $folder)); $tmp->path_without_name_relative = $path['orig_rel_ds'] . str_replace($orig_path_server, '', $tmp->path_with_name); $tmp->path_with_name_relative_no = str_replace($orig_path_server, '', $tmp->path_with_name); $folders[] = $tmp; } } $list = array('folders' => $folders, 'files' => $files); return $list; }
function createfolder() { $app = JFactory::getApplication(); // Check for request forgeries JRequest::checkToken() or jexit('COM_PHOCADOWNLOAD_INVALID_TOKEN'); // Set FTP credentials, if given jimport('joomla.client.helper'); JClientHelper::setCredentialsFromRequest('ftp'); $paramsC = JComponentHelper::getParams('com_phocadownload'); $folder_permissions = $paramsC->get('folder_permissions', 0755); //$folder_permissions = octdec((int)$folder_permissions); $folderNew = JRequest::getCmd('foldername', ''); $folderCheck = JRequest::getVar('foldername', null, '', 'string', JREQUEST_ALLOWRAW); $parent = JRequest::getVar('folderbase', '', '', 'path'); $tab = JRequest::getVar('tab', 0, '', 'string'); $field = JRequest::getVar('field'); $viewBack = JRequest::getVar('viewback', '', '', 'phocadownloadmanager'); $manager = JRequest::getVar('manager', 'file', '', 'string'); $link = ''; if ($manager != '') { $group = PhocaDownloadSettings::getManagerGroup($manager); $link = 'index.php?option=com_phocadownload&view=' . (string) $viewBack . '&manager=' . (string) $manager . str_replace('&', '&', $group['c']) . '&folder=' . $parent . '&tab=' . (string) $tab . '&field=' . $field; $path = PhocaDownloadPath::getPathSet($manager); // we use viewback to get right path } else { $app->enqueueMessage(JText::_('COM_PHOCADOWNLOAD_ERROR_CONTROLLER_MANAGER_NOT_SET')); $app->redirect('index.php?option=com_phocadownload'); exit; } JRequest::setVar('folder', $parent); if ($folderCheck !== null && $folderNew !== $folderCheck) { $app->enqueueMessage(JText::_('COM_PHOCADOWNLOAD_WARNING_DIRNAME')); $app->redirect($link); } if (strlen($folderNew) > 0) { $folder = JPath::clean($path['orig_abs_ds'] . $parent . DS . $folderNew); if (!JFolder::exists($folder) && !JFile::exists($folder)) { //JFolder::create($path, $folder_permissions ); switch ((int) $folder_permissions) { case 777: JFolder::create($folder, 0777); break; case 705: JFolder::create($folder, 0705); break; case 666: JFolder::create($folder, 0666); break; case 644: JFolder::create($folder, 0644); break; case 755: default: JFolder::create($folder, 0755); break; } if (isset($folder)) { $data = "<html>\n<body bgcolor=\"#FFFFFF\">\n</body>\n</html>"; JFile::write($folder . DS . "index.html", $data); } else { $app->redirect($link, JText::_('COM_PHOCADOWNLOAD_ERROR_FOLDER_CREATING')); } $app->redirect($link, JText::_('COM_PHOCADOWNLOAD_SUCCESS_FOLDER_CREATING')); } else { $app->redirect($link, JText::_('COM_PHOCADOWNLOAD_ERROR_FOLDER_CREATING_EXISTS')); } //JRequest::setVar('folder', ($parent) ? $parent.'/'.$folder : $folder); } $app->redirect($link); }