if ($id) {
$id = $context['path_to_root'] . 'inbox/skins/' . $id;
}
}
// process the provided file
if ($id) {
// not yet a success
$success = FALSE;
// ensure file exists
if (!is_readable($id)) {
Logger::error(sprintf(i18n::s('Impossible to read %s.'), basename($id)));
} elseif (isset($name) && preg_match('/\\.zip$/i', $name)) {
include_once '../shared/zipfile.php';
$zipfile = new zipfile();
// extract archive components and save them in mentioned directory
if ($count = $zipfile->explode($id, 'skins')) {
$context['text'] .= '<p>' . sprintf(i18n::s('%d files have been extracted.'), $count) . "</p>\n";
$success = TRUE;
} else {
Logger::error(sprintf(i18n::s('Nothing has been extracted from %s.'), $name));
}
// ensure we have the external library to explode other kinds of archives
} elseif (!is_readable('../included/tar.php')) {
Logger::error(i18n::s('Impossible to extract files.'));
} else {
include_once $context['path_to_root'] . 'included/tar.php';
$handle = new Archive_Tar($id);
if ($handle->extract($context['path_to_root'] . 'skins')) {
$success = TRUE;
} else {
Logger::error(sprintf(i18n::s('Error while processing %s.'), isset($name) ? $name : basename($id)));
if ($id) {
$id = $context['path_to_root'] . 'inbox/yacs/' . $id;
}
}
// process the provided file
if ($id) {
// not yet a success
$success = FALSE;
// ensure file exists
if (!is_readable($id)) {
Logger::error(sprintf(i18n::s('Impossible to read %s.'), basename($id)));
} elseif (isset($external_id) && preg_match('/\\.zip$/i', $external_id)) {
include_once '../shared/zipfile.php';
$zipfile = new zipfile();
// extract archive components and save them in mentioned directory --strip yacs from path, if any
if ($count = $zipfile->explode($id, 'scripts/staging', 'yacs/')) {
$context['text'] .= '<p>' . sprintf(i18n::s('%d files have been extracted.'), $count) . "</p>\n";
$success = TRUE;
} else {
Logger::error(sprintf(i18n::s('Nothing has been extracted from %s.'), $external_id));
}
// ensure we have the external library to explode other kinds of archives
} elseif (!is_readable('../included/tar.php')) {
Logger::error(i18n::s('Impossible to extract files.'));
} else {
include_once $context['path_to_root'] . 'included/tar.php';
$handle = new Archive_Tar($id);
if ($handle->extractModify($context['path_to_root'] . 'scripts/staging', 'yacs')) {
$success = TRUE;
} else {
Logger::error(sprintf(i18n::s('Impossible to complete update of the staging store from %s'), basename($external_id)));
// check files extracted from the archive file
function explode_callback($name)
{
global $context;
// reject all files put in sub-folders
$file_path = Files::get_path($_REQUEST['anchor'], 'images');
if (($path = substr($name, strlen($file_path . '/'))) && strpos($path, '/') !== FALSE) {
Safe::unlink($name);
} elseif (!($attributes = Safe::GetImageSize($name))) {
Safe::unlink($name);
} elseif ($attributes[0] > 5000 || $attributes[1] > 5000) {
Safe::unlink($name);
}
}
// extract archive components and save them in mentioned directory
if ($count = $zipfile->explode($_FILES['upload']['tmp_name'], $file_path, '', 'explode_callback')) {
$exploded = TRUE;
} else {
Logger::error(sprintf('Nothing has been extracted from %s.', $_FILES['upload']['name']));
}
// attach one file
} elseif ($file_name = Files::upload($_FILES['upload'], $file_path, array('Image', 'upload'))) {
$_REQUEST['image_name'] = $file_name;
// maybe this image has already been uploaded for this anchor
if (isset($_REQUEST['anchor']) && ($match =& Images::get_by_anchor_and_name($_REQUEST['anchor'], $file_name))) {
// if yes, switch to the matching record (and forget the record fetched previously, if any)
$_REQUEST['id'] = $match['id'];
$item = $match;
}
// remember file size
$_REQUEST['image_size'] = $_FILES['upload']['size'];
/**
* process uploaded file
*
* This function processes files from the temporary directory, and put them at their definitive
* place.
*
* It returns FALSE if there is a disk error, or if some virus has been detected, or if
* the operation fails for some other reason (e.g., file size).
*
* @param array usually, $_FILES['upload']
* @param string target location for the file
* @param mixed reference to the target anchor, of a function to parse every file individually
* @return mixed file name or array of file names or FALSE if an error has occured
*/
public static function upload($input, $file_path, $target = NULL, $overlay = NULL)
{
global $context, $_REQUEST;
// size exceeds php.ini settings -- UPLOAD_ERR_INI_SIZE
if (isset($input['error']) && $input['error'] == 1) {
Logger::error(i18n::s('The size of this file is over limit.'));
} elseif (isset($input['error']) && $input['error'] == 2) {
Logger::error(i18n::s('The size of this file is over limit.'));
} elseif (isset($input['error']) && $input['error'] == 3) {
Logger::error(i18n::s('No file has been transmitted.'));
} elseif (isset($input['error']) && $input['error'] == 4) {
Logger::error(i18n::s('No file has been transmitted.'));
} elseif (!$input['size']) {
Logger::error(i18n::s('No file has been transmitted.'));
}
// do we have a file?
if (!isset($input['name']) || !$input['name'] || $input['name'] == 'none') {
return FALSE;
}
// access the temporary uploaded file
$file_upload = $input['tmp_name'];
// $_FILES transcoding to utf8 is not automatic
$input['name'] = utf8::encode($input['name']);
// enhance file name
$file_name = $input['name'];
$file_extension = '';
$position = strrpos($input['name'], '.');
if ($position !== FALSE) {
$file_name = substr($input['name'], 0, $position);
$file_extension = strtolower(substr($input['name'], $position + 1));
}
$input['name'] = $file_name;
if ($file_extension) {
$input['name'] .= '.' . $file_extension;
}
// ensure we have a file name
$file_name = utf8::to_ascii($input['name']);
// uploads are not allowed
if (!Surfer::may_upload()) {
Logger::error(i18n::s('You are not allowed to perform this operation.'));
} elseif (!Files::is_authorized($input['name'])) {
Logger::error(i18n::s('This type of file is not allowed.'));
} elseif ($file_path && !Safe::is_uploaded_file($file_upload)) {
Logger::error(i18n::s('Possible file attack.'));
} else {
// create folders
if ($file_path) {
Safe::make_path($file_path);
}
// sanity check
if ($file_path && $file_path[strlen($file_path) - 1] != '/') {
$file_path .= '/';
}
// move the uploaded file
if ($file_path && !Safe::move_uploaded_file($file_upload, $context['path_to_root'] . $file_path . $file_name)) {
Logger::error(sprintf(i18n::s('Impossible to move the upload file to %s.'), $file_path . $file_name));
} else {
// process the file where it is
if (!$file_path) {
$file_path = str_replace($context['path_to_root'], '', dirname($file_upload));
$file_name = basename($file_upload);
}
// check against viruses
$result = Files::has_virus($context['path_to_root'] . $file_path . '/' . $file_name);
// no virus has been found in this file
if ($result == 'N') {
$context['text'] .= Skin::build_block(i18n::s('No virus has been found.'), 'note');
}
// this file has been infected!
if ($result == 'Y') {
// delete this file immediately
Safe::unlink($file_path . '/' . $file_name);
Logger::error(i18n::s('This file has been infected by a virus and has been rejected!'));
return FALSE;
}
// explode a .zip file
include_once $context['path_to_root'] . 'shared/zipfile.php';
if (preg_match('/\\.zip$/i', $file_name) && isset($_REQUEST['explode_files'])) {
$zipfile = new zipfile();
// check files extracted from the archive file
function explode_callback($name)
{
global $context;
// reject all files put in sub-folders
if (($path = substr($name, strlen($context['uploaded_path'] . '/'))) && strpos($path, '/') !== FALSE) {
Safe::unlink($name);
} elseif (!Files::is_authorized($name)) {
Safe::unlink($name);
} else {
// make it easy to download
$ascii = utf8::to_ascii(basename($name));
Safe::rename($name, $context['uploaded_path'] . '/' . $ascii);
// remember this name
$context['uploaded_files'][] = $ascii;
}
}
// extract archive components and save them in mentioned directory
$context['uploaded_files'] = array();
$context['uploaded_path'] = $file_path;
if (!($count = $zipfile->explode($context['path_to_root'] . $file_path . '/' . $file_name, $file_path, '', 'explode_callback'))) {
Logger::error(sprintf('Nothing has been extracted from %s.', $file_name));
return FALSE;
}
// one single file has been uploaded
} else {
$context['uploaded_files'] = array($file_name);
}
// ensure we know the surfer
Surfer::check_default_editor($_REQUEST);
// post-process all uploaded files
foreach ($context['uploaded_files'] as $file_name) {
// this will be filtered by umask anyway
Safe::chmod($context['path_to_root'] . $file_path . $file_name, $context['file_mask']);
// invoke post-processing function
if ($target && is_callable($target)) {
call_user_func($target, $file_name, $context['path_to_root'] . $file_path);
// we have to update an anchor page
} elseif ($target && is_string($target)) {
$fields = array();
// update a file with the same name for this anchor
if ($matching =& Files::get_by_anchor_and_name($target, $file_name)) {
$fields['id'] = $matching['id'];
} elseif (isset($input['id']) && ($matching = Files::get($input['id']))) {
$fields['id'] = $matching['id'];
// silently delete the previous version of the file
if (isset($matching['file_name'])) {
Safe::unlink($file_path . '/' . $matching['file_name']);
}
}
// prepare file record
$fields['file_name'] = $file_name;
$fields['file_size'] = filesize($context['path_to_root'] . $file_path . $file_name);
$fields['file_href'] = '';
$fields['anchor'] = $target;
// change title
if (isset($_REQUEST['title'])) {
$fields['title'] = $_REQUEST['title'];
}
// change has been documented
if (!isset($_REQUEST['version']) || !$_REQUEST['version']) {
$_REQUEST['version'] = '';
} else {
$_REQUEST['version'] = ' - ' . $_REQUEST['version'];
}
// always remember file uploads, for traceability
$_REQUEST['version'] = $fields['file_name'] . ' (' . Skin::build_number($fields['file_size'], i18n::s('bytes')) . ')' . $_REQUEST['version'];
// add to file history
$fields['description'] = Files::add_to_history($matching, $_REQUEST['version']);
// if this is an image, maybe we can derive a thumbnail for it?
if (Files::is_image($file_name)) {
include_once $context['path_to_root'] . 'images/image.php';
Image::shrink($context['path_to_root'] . $file_path . $file_name, $context['path_to_root'] . $file_path . 'thumbs/' . $file_name);
if (file_exists($context['path_to_root'] . $file_path . 'thumbs/' . $file_name)) {
$fields['thumbnail_url'] = $context['url_to_home'] . $context['url_to_root'] . $file_path . 'thumbs/' . rawurlencode($file_name);
}
}
// change active_set
if (isset($_REQUEST['active_set'])) {
$fields['active_set'] = $_REQUEST['active_set'];
}
// change source
if (isset($_REQUEST['source'])) {
$fields['source'] = $_REQUEST['source'];
}
// change keywords
if (isset($_REQUEST['keywords'])) {
$fields['keywords'] = $_REQUEST['keywords'];
}
// change alternate_href
if (isset($_REQUEST['alternate_href'])) {
$fields['alternate_href'] = $_REQUEST['alternate_href'];
}
// overlay, if any
if (is_object($overlay)) {
// allow for change detection
$overlay->snapshot();
// update the overlay from form content
$overlay->parse_fields($_REQUEST);
// save content of the overlay in this item
$fields['overlay'] = $overlay->save();
$fields['overlay_id'] = $overlay->get_id();
}
// create the record in the database
if (!($fields['id'] = Files::post($fields))) {
return FALSE;
}
// record surfer activity
Activities::post('file:' . $fields['id'], 'upload');
}
}
// so far so good
if (count($context['uploaded_files']) == 1) {
return $context['uploaded_files'][0];
} else {
return $context['uploaded_files'];
}
}
}
// some error has occured
return FALSE;
}
Logger::error(i18n::s('Nothing has been received.'));
} elseif (!Safe::is_uploaded_file($temporary)) {
Logger::error(i18n::s('Possible file attack.'));
}
// not yet a success
$success = FALSE;
// ensure file exists
if (!is_readable($temporary)) {
Logger::error(sprintf(i18n::s('Impossible to read %s.'), basename($temporary)));
} elseif (!preg_match('/\\.(bz2*|tar\\.gz|tgz|zip)$/i', $name)) {
$success = Safe::move_uploaded_file($temporary, $name);
} elseif (isset($name) && preg_match('/\\.zip$/i', $name)) {
include_once '../shared/zipfile.php';
$zipfile = new zipfile();
// extract archive components and save them in mentioned directory
if ($count = $zipfile->explode($temporary, $context['path_to_root'])) {
$context['text'] .= '<p>' . sprintf(i18n::s('%d files have been extracted.'), $count) . "</p>\n";
$success = TRUE;
} else {
Logger::error(sprintf(i18n::s('Nothing has been extracted from %s.'), $name));
}
// ensure we have the external library to explode other kinds of archives
} elseif (!is_readable('../included/tar.php')) {
Logger::error(i18n::s('Impossible to extract files.'));
} else {
include_once $context['path_to_root'] . 'included/tar.php';
$handle = new Archive_Tar($temporary);
if ($handle->extract($context['path_to_root'])) {
$success = TRUE;
} else {
Logger::error(sprintf(i18n::s('Error while processing %s.'), isset($name) ? $name : basename($temporary)));