/**
* New folder
* @param string $dir The base dir
* @param string $new_dir The folder to be created
* @return string $error on failure
*/
public function folderNew()
{
if ($this->checkFeature('create', 'folder') === false) {
JError::raiseError(403, 'Access to this resource is restricted');
}
$args = func_get_args();
$dir = array_shift($args);
$new = array_shift($args);
// decode
$dir = rawurldecode($dir);
$new = rawurldecode($new);
$filesystem = $this->getFileSystem();
$name = WFUtility::makeSafe($new, $this->get('websafe_mode'), $this->get('websafe_spaces'), $this->get('websafe_textcase'));
// check for extension in destination name
if (WFUtility::validateFileName($name) === false) {
JError::raiseError(403, 'INVALID FOLDER NAME');
}
$result = $filesystem->createFolder($dir, $name, $args);
if ($result instanceof WFFileSystemResult) {
if (!$result->state) {
if ($result->message) {
$this->setResult($result->message, 'error');
} else {
$this->setResult(JText::sprintf('WF_MANAGER_NEW_FOLDER_ERROR', basename($new)), 'error');
}
} else {
$this->setResult($this->fireEvent('onFolderNew', array($new)));
}
}
return $this->getResult();
}
/**
* Return the full user directory path. Create if required
*
* @param string The base path
* @access public
* @return Full path to folder
*/
public function getRootDir()
{
static $root;
if (!isset($root)) {
$user = JFactory::getUser();
$wf = WFEditor::getInstance();
$profile = $wf->getProfile();
// Get base directory as shared parameter
$root = $this->get('dir', '');
// Remove whitespace
$root = trim($root);
if (!empty($root)) {
// Convert slashes / Strip double slashes
$root = preg_replace('/[\\\\]+/', '/', $root);
// Remove first leading slash
$root = ltrim($root, '/');
// Force default directory if base param starts with a variable or a . eg $id
if (preg_match('/[\\.\\$]/', $root[0])) {
$root = 'images';
}
jimport('joomla.user.helper');
// Joomla! 1.6+
if (method_exists('JUserHelper', 'getUserGroups')) {
$groups = JUserHelper::getUserGroups($user->id);
// get the first group
$group_id = array_shift(array_keys($groups));
// Joomla! 2.5?
if (is_int($group_id)) {
// usergroup table
$group = JTable::getInstance('Usergroup');
$group->load($group_id);
// usertype
$usertype = $group->title;
} else {
$usertype = $group_id;
}
} else {
$usertype = $user->usertype;
}
// Replace any path variables
$pattern = array('/\\$id/', '/\\$username/', '/\\$user(group|type)/', '/\\$(group|profile)/', '/\\$day/', '/\\$month/', '/\\$year/');
$replace = array($user->id, $user->username, $usertype, $profile->name, date('d'), date('m'), date('Y'));
$root = preg_replace($pattern, $replace, $root);
// split into path parts to preserve /
$parts = explode('/', $root);
$textcase = $wf->getParam('editor.websafe_textcase');
if (!empty($textcase)) {
$textcase = array_shift($textcase);
}
// clean path parts
$parts = WFUtility::makeSafe($parts, $wf->getParam('editor.websafe_mode', 'utf-8'), $wf->getParam('editor.websafe_allow_spaces', 0), $textcase);
//join path parts
$root = implode('/', $parts);
}
}
return $root;
}
/**
* Upload a file.
* @return array $error on failure or uploaded file name on success
*/
function upload()
{
// Check for request forgeries
WFToken::checkToken() or die;
// check for feature access
if (!$this->checkFeature('upload')) {
JError::raiseError(403, 'RESTRICTED ACCESS');
}
$wf = WFEditor::getInstance();
jimport('joomla.filesystem.file');
// HTTP headers for no cache etc
//header('Content-type: text/plain; charset=UTF-8');
header("Expires: Wed, 4 Apr 1984 13:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M_Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
// get uploaded file
$file = JRequest::getVar('file', '', 'files', 'array');
// get file name
$name = JRequest::getVar('name', $file['name']);
$ext = WFUtility::getExtension($name);
// check for extension in file name
if (preg_match('#\\.(php|php(3|4|5)|phtml|pl|py|jsp|asp|htm|shtml|sh|cgi)#i', basename($name, '.' . $ext))) {
JError::raiseError(403, 'INVALID FILE NAME');
}
// get chunks
$chunk = JRequest::getInt('chunk', 0);
$chunks = JRequest::getInt('chunks', 1);
// create a filesystem result object
$result = new WFFileSystemResult();
$filesystem = $this->getFileSystem();
$complete = false;
$contentType = JRequest::getVar('CONTENT_TYPE', '', 'SERVER');
// Only multipart uploading is supported for now
if ($contentType && strpos($contentType, "multipart") !== false) {
if (isset($file['tmp_name']) && is_uploaded_file($file['tmp_name'])) {
// validate file before continuing (first chunk only)
if ($chunk == 0 && $wf->getParam('validate_mimetype', 0) && !preg_match('#(htm|html|txt)#', $ext)) {
$this->validateUploadedFile($file);
}
// make file name 'web safe'
$name = WFUtility::makeSafe($name);
// get current dir
$dir = JRequest::getVar('upload-dir', '');
// check destination path
WFUtility::checkPath($dir);
// Normal upload
if ($chunks == 1) {
$result = $filesystem->upload('multipart', trim($file['tmp_name']), $dir, $name);
if (!$result->state) {
$result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR');
$result->code = 103;
}
$complete = true;
// Chunk uploading
} else {
$result = $filesystem->upload('multipart-chunking', trim($file['tmp_name']), $dir, $name, $chunks, $chunk);
if (!$result->state) {
$result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR');
$result->code = 103;
}
$complete = $chunk == $chunks - 1;
}
}
} else {
$result->state = false;
$result->code = 103;
$result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR');
$complete = true;
}
// upload finished
if ($complete) {
if (is_a($result, 'WFFileSystemResult')) {
if ($result->state === true) {
$this->setResult($this->fireEvent('onUpload', array($result->path)));
$this->setResult(basename($result->path), 'files');
}
}
die(json_encode($this->getResult()));
}
}
/**
* New folder
* @param string $dir The base dir
* @param string $new_dir The folder to be created
* @return string $error on failure
*/
public function folderNew()
{
if (!$this->checkFeature('create', 'folder')) {
JError::raiseError(403, 'RESTRICTED ACCESS');
}
$args = func_get_args();
$dir = array_shift($args);
$new = array_shift($args);
// decode
$dir = rawurldecode($dir);
$new = rawurldecode($new);
$filesystem = $this->getFileSystem();
$result = $filesystem->createFolder($dir, WFUtility::makeSafe($new, $this->get('websafe_mode')), $args);
if ($result instanceof WFFileSystemResult) {
if (!$result->state) {
if ($result->message) {
$this->setResult($result->message, 'error');
} else {
$this->setResult(JText::sprintf('WF_MANAGER_NEW_FOLDER_ERROR', basename($new)), 'error');
}
} else {
$this->setResult($this->fireEvent('onFolderNew', array($new)));
}
}
return $this->getResult();
}
function upload($method, $src, $dir, $name, $chunks = 1, $chunk = 0)
{
jimport('joomla.filesystem.file');
$path = WFUtility::makePath($this->getBaseDir(), rawurldecode($dir));
$dest = WFUtility::makePath($path, WFUtility::makeSafe($name));
// check for safe mode
$safe_mode = false;
if (function_exists('ini_get')) {
$safe_mode = ini_get('safe_mode');
} else {
$safe_mode = true;
}
$result = new WFFileSystemResult();
// get overwrite state
$conflict = $this->get('upload_conflict', 'overwrite');
// get suffix
$suffix = WFFileBrowser::getFileSuffix();
switch ($method) {
case 'multipart':
if ($conflict == 'unique') {
// get extension
$extension = JFile::getExt($name);
// get name without extension
$name = JFile::stripExt($name);
while (JFile::exists($dest)) {
$name .= $suffix;
$dest = WFUtility::makePath($path, WFUtility::makeSafe($name . '.' . $extension));
}
}
if (JFile::upload($src, $dest)) {
$result->state = true;
$result->path = $dest;
}
break;
case 'multipart-chunking':
if ($safe_mode || !is_writable(dirname($dest))) {
$result->message = WFText::_('WF_MANAGER_UPLOAD_NOSUPPORT');
$result->code = 103;
} else {
if ($chunk == 0 && $overwrite) {
// get extension
$extension = JFile::getExt($name);
// get name without extension
$name = JFile::stripExt($name);
// make unique file name
while (JFile::exists($dest)) {
$name .= $suffix;
$dest = WFUtility::makePath($path, WFUtility::makeSafe($name . '.' . $extension));
}
}
$out = fopen($dest, $chunk == 0 ? "wb" : "ab");
if ($out) {
// Read binary input stream and append it to temp file
$in = fopen($src, "rb");
if ($in) {
while ($buff = fread($in, 4096)) {
fwrite($out, $buff);
}
fclose($in);
fclose($out);
@unlink($src);
$result->state = true;
if ($chunk == $chunks - 1) {
if (is_file($dest)) {
$result->path = $dest;
}
}
} else {
$result->code = 102;
$result->message = 'UPLOAD_INPUT_STREAM_ERROR';
}
} else {
$result->code = 102;
$result->message = 'UPLOAD_OUTPUT_STREAM_ERROR';
}
}
break;
case 'stream':
if ($safe_mode || !is_writable(dirname($dest))) {
$result->message = WFText::_('WF_MANAGER_UPLOAD_NOSUPPORT');
} else {
// Open destination file
$out = fopen($dest, $chunk == 0 ? "wb" : "ab");
if ($out) {
// Read binary input stream and append it to temp file
$in = fopen("php://input", "rb");
if ($in) {
while ($buff = fread($in, 4096)) {
fwrite($out, $buff);
}
if (fclose($out) && is_file($dest)) {
$result->state = true;
$result->path = $dest;
}
}
}
}
break;
}
return $result;
}
