function P4A_Strip_Double_Slashes($string) { $string = str_replace('//', '/', $string); if (strpos($string, '//') !== false) { $string = P4A_Strip_Double_Slashes($string); } return $string; }
/** * Moves uploaded files from P4A_UPLOADS_TMP_DIR to P4A_UPLOADS_DIR * @throws P4A_Exception */ public function saveUploads() { while ($field = $this->fields->nextItem()) { $field_type = $field->getType(); if ($field_type == 'file') { $new_value = $field->getNewValue(); $old_value = $field->getValue(); $target_dir = P4A_UPLOADS_DIR . '/' . $field->getUploadSubpath(); if (!is_dir($target_dir)) { if (!P4A_Mkdir_Recursive($target_dir)) { throw new P4A_Exception("Cannot create directory \"{$target_dir}\"", P4A_FILESYSTEM_ERROR); } } $a_new_value = explode(',', substr($new_value, 1, -1)); $a_old_value = explode(',', substr($old_value, 1, -1)); if ($old_value === null) { if ($new_value !== null) { $a_new_value[0] = P4A_Get_Unique_File_Name($a_new_value[6], $target_dir); unset($a_new_value[6]); $new_path = $target_dir . '/' . $a_new_value[0]; $old_path = P4A_UPLOADS_DIR . '/' . $a_new_value[1]; if (!rename($old_path, $new_path)) { throw new P4A_Exception("Cannot rename file \"{$old_path}\" to \"{$new_path}\"", P4A_FILESYSTEM_ERROR); } $a_new_value[1] = P4A_Strip_Double_Slashes(str_replace(P4A_UPLOADS_DIR, '', $new_path)); $field->setNewValue('{' . join($a_new_value, ',') . '}'); } else { $field->setNewValue(null); } } else { if ($new_value === null) { $path = P4A_UPLOADS_DIR . $a_old_value[1]; if (!@unlink($path) and @file_exists($path)) { throw new P4A_Exception("Cannot delete file \"{$path}\"", P4A_FILESYSTEM_ERROR); } $field->setNewValue(null); } elseif ($new_value != $old_value) { $path = P4A_UPLOADS_DIR . $a_old_value[1]; if (!@unlink($path) and @file_exists($path)) { throw new P4A_Exception("Cannot delete file \"{$path}\"", P4A_FILESYSTEM_ERROR); } $a_new_value[0] = P4A_Get_Unique_File_Name($a_new_value[6], $target_dir); unset($a_new_value[6]); $new_path = $target_dir . '/' . $a_new_value[0]; $old_path = P4A_UPLOADS_DIR . '/' . $a_new_value[1]; if (!@rename($old_path, $new_path)) { throw new P4A_Exception("Cannot rename file \"{$old_path}\" to \"{$new_path}\"", P4A_FILESYSTEM_ERROR); } $a_new_value[1] = str_replace(P4A_UPLOADS_DIR, '', $new_path); $field->setNewValue('{' . join($a_new_value, ',') . '}'); } } } } }
/** * Action handler for file preview (only images) */ public function filePreviewOnClick() { $file = P4A_Strip_Double_Slashes(P4A_UPLOADS_URL . $this->getNewValue(1)); $width = $this->getNewValue(4); $height = $this->getNewValue(5); if (P4A_Is_Mime_Type_Embeddable($this->getNewValue(3))) { $raw_html = P4A_Embedded_Player($file, $this->getNewValue(3), $width, $height); } else { $raw_html = "<img alt='' src='{$file}' width='{$width}' height='{$height}' />"; } $name = $this->getNewValue(6); if (strlen($name) == 0) { $name = $this->getNewValue(0); } P4a::singleton()->openMask("P4A_Preview_Mask")->setTitle($name)->setRawHTML($raw_html); }
} if (!defined('P4A_APPLICATION_LIBRARIES_DIR')) { define('P4A_APPLICATION_LIBRARIES_DIR', P4A_SERVER_DIR . P4A_APPLICATION_LIBRARIES_PATH); } if (!defined('P4A_APPLICATION_LIBRARIES_URL')) { define('P4A_APPLICATION_LIBRARIES_URL', P4A_SERVER_URL . P4A_APPLICATION_LIBRARIES_PATH); } //Uploads constants if (!defined('P4A_UPLOADS_PATH')) { define('P4A_UPLOADS_PATH', P4A_APPLICATION_PATH . '/uploads'); } if (!defined('P4A_UPLOADS_DIR')) { if (P4A_OS == 'windows') { define('P4A_UPLOADS_DIR', P4A_Strip_Double_Backslashes(P4A_SERVER_DIR . str_replace('/', '\\', P4A_UPLOADS_PATH))); } else { define('P4A_UPLOADS_DIR', P4A_Strip_Double_Slashes(P4A_SERVER_DIR . P4A_UPLOADS_PATH)); } } if (!defined('P4A_UPLOADS_URL')) { define('P4A_UPLOADS_URL', P4A_UPLOADS_PATH); } //Temporary uploads constants define('P4A_UPLOADS_TMP_NAME', 'tmp'); define('P4A_UPLOADS_TMP_PATH', P4A_UPLOADS_PATH . '/' . P4A_UPLOADS_TMP_NAME); define('P4A_UPLOADS_TMP_DIR', P4A_SERVER_DIR . P4A_UPLOADS_TMP_PATH); define('P4A_UPLOADS_TMP_URL', P4A_SERVER_URL . P4A_UPLOADS_TMP_PATH); //Current theme configuration if (!defined('P4A_THEME_NAME')) { define('P4A_THEME_NAME', 'default'); } if (!defined('P4A_THEME_PATH')) {
/** * Retrive data for the current page * @return array */ public function getRows($num_page, $rows) { $p4a = P4A::singleton(); $aReturn = array(); $parent = $p4a->getObject($this->getParentID()); $num_page_from_data_source = $parent->data->getNumPage(); $aCols = $parent->getVisibleCols(); $limit = $parent->data->getPageLimit(); $offset = $parent->data->getOffset(); $enabled = $this->isEnabled(); $action = null; if ($this->isActionTriggered('beforedisplay')) { $rows = $this->actionHandler('beforedisplay', $rows); } $i = 0; foreach ($rows as $row_number => $row) { $j = 0; $aReturn[$i]['row']['even'] = $i % 2 == 0; if ($num_page == $num_page_from_data_source and $row_number + $offset + 1 == $parent->data->getRowNumber()) { $aReturn[$i]['row']['active'] = true; } else { $aReturn[$i]['row']['active'] = false; } if (isset($row['_p4a_enabled'])) { $row_enabled = $row['_p4a_enabled']; } else { $row_enabled = true; } foreach ($aCols as $col_name) { $col_enabled = $parent->cols->{$col_name}->isEnabled(); $aReturn[$i]['cells'][$j]['action'] = ($enabled and $row_enabled and $col_enabled) ? $this->composeStringActions(array($row_number, $col_name)) : ''; $aReturn[$i]['cells'][$j]['clickable'] = ($enabled and $row_enabled and $col_enabled) ? 'clickable' : ''; if ($parent->cols->{$col_name}->data) { $aReturn[$i]['cells'][$j]['value'] = $parent->cols->{$col_name}->getDescription($row[$col_name]); $aReturn[$i]['cells'][$j]['type'] = $parent->data->fields->{$col_name}->getType(); } elseif ($parent->cols->{$col_name}->getType() == "image") { $value = $row[$col_name]; if (!empty($value)) { $value = substr($value, 1, -1); $value = explode(',', $value); list($type) = explode('/', $value[3]); if ($type == 'image') { if (P4A_GD) { try { $thumb = new P4A_Thumbnail_Generator(); $thumb->setCacheDir(P4A_UPLOADS_TMP_DIR)->setMaxWidth(P4A_TABLE_THUMB_HEIGHT)->setMaxHeight(P4A_TABLE_THUMB_HEIGHT)->setFilename(P4A_Strip_Double_Slashes(P4A_UPLOADS_DIR . $value[1]))->processFile()->cacheThumbnail(); $image_src = P4A_UPLOADS_TMP_PATH . '/' . $thumb->getCachedFilename(); $aReturn[$i]['cells'][$j]['value'] = "<img src='{$image_src}' alt='' />"; } catch (Exception $e) { $aReturn[$i]['cells'][$j]['value'] = ""; } } else { $image_src = P4A_UPLOADS_PATH . $value[1]; $aReturn[$i]['cells'][$j]['value'] = "<img src='{$image_src}' height='{$thumb_height}' alt='' />"; } } else { $aReturn[$i]['cells'][$j]['value'] = $value[0]; } } else { $aReturn[$i]['cells'][$j]['value'] = ''; } $aReturn[$i]['cells'][$j]['type'] = $parent->data->fields->{$col_name}->getType(); } elseif ($parent->cols->{$col_name}->getType() == "action") { $aReturn[$i]['cells'][$j]['value'] = __($parent->cols->{$col_name}->getLabel()); $aReturn[$i]['cells'][$j]['type'] = 'action'; if ($row_enabled and $col_enabled) { $aReturn[$i]['cells'][$j]['clickable'] = 'clickable'; $aReturn[$i]['cells'][$j]['action'] = $parent->cols->{$col_name}->composeStringActions(array($row_number, $col_name)); } else { $aReturn[$i]['cells'][$j]['action'] = $enabled ? $parent->cols->{$col_name}->composeStringActions(array($row_number, $col_name)) : ''; } } else { if ($parent->cols->{$col_name}->isFormatted()) { if ($parent->cols->{$col_name}->isActionTriggered('onformat')) { $aReturn[$i]['cells'][$j]['value'] = $parent->cols->{$col_name}->actionHandler('onformat', $row[$col_name], $parent->data->fields->{$col_name}->getType(), $parent->data->fields->{$col_name}->getNumOfDecimals(), $row); } else { $aReturn[$i]['cells'][$j]['value'] = $p4a->i18n->format($row[$col_name], $parent->data->fields->{$col_name}->getType(), $parent->data->fields->{$col_name}->getNumOfDecimals(), false); } } else { $aReturn[$i]['cells'][$j]['value'] = $row[$col_name]; } $aReturn[$i]['cells'][$j]['type'] = $parent->data->fields->{$col_name}->getType(); } $j++; } $i++; } return $aReturn; }
public function main() { // Processing get and post. if (array_key_exists('_object', $_REQUEST) and array_key_exists('_action', $_REQUEST) and array_key_exists('_action_id', $_REQUEST) and $_REQUEST['_object'] and $_REQUEST['_action'] and $_REQUEST['_action_id'] and $_REQUEST['_action_id'] == $this->getActionHistoryId() and isset($this->objects[$_REQUEST['_object']])) { $object = $_REQUEST['_object']; $action = $_REQUEST['_action']; $aParams = array(); // Removing files from request... // workaround for windows servers foreach ($_FILES as $key => $value) { unset($_REQUEST[$key]); } foreach ($_REQUEST as $key => $value) { if (substr($key, 0, 3) == 'fld' and $this->objects[$key]->isEnabled()) { if ($this->objects[$key]->getType() == 'file' and strlen($value) == 0) { $this->objects[$key]->setNewValue(null); continue; } $this->objects[$key]->setNewValue($value); } elseif (substr($key, 0, 5) == 'param' and strlen($value) > 0) { $aParams[] = $value; } } foreach ($_FILES as $key => $value) { $extension = P4A_Get_File_Extension($value['name']); if (!P4A_Is_Extension_Allowed($extension)) { throw new P4A_Exception("Uploading {$extension} files is denied", P4A_FILESYSTEM_ERROR); } if (!in_array($value['error'], array(UPLOAD_ERR_OK, UPLOAD_ERR_NO_FILE))) { throw new P4A_Exception("There was an error trying to upload file(s) (error code: " . $value['error'] . ")", P4A_FILESYSTEM_ERROR); } if ($value['error'] == UPLOAD_ERR_NO_FILE) { continue; } $value['future_name'] = str_replace(',', ';', $value['name']); $value['name'] = P4A_Get_Unique_File_Name("tmp.{$extension}", P4A_UPLOADS_TMP_DIR); move_uploaded_file($value['tmp_name'], P4A_UPLOADS_TMP_DIR . '/' . $value['name']); $value['tmp_name'] = P4A_Strip_Double_Slashes('/' . P4A_UPLOADS_TMP_NAME . '/' . $value['name']); if ($value['type'] == 'image/x-png') { $value['type'] = 'image/png'; } // fix for ie PNG upload bug if (substr($key, 0, 3) == 'fld') { list($width, $height) = @getimagesize(P4A_UPLOADS_TMP_DIR . '/' . $value['name']); $new_value = "{$value['name']},{$value['tmp_name']},{$value['size']},{$value['type']},{$width},{$height},{$value['future_name']}"; $this->objects[$key]->setNewValue('{' . $new_value . '}'); if ($this->objects[$key]->actionHandler('afterupload') == ABORT) { return ABORT; } } } $this->setActiveObject($this->objects[$object]); $action_return = $this->objects[$object]->{$action}($aParams); } if ($this->inAjaxCall()) { $this->_action_history_id++; if ($_REQUEST['_ajax'] == 2) { $this->active_mask->main(); } $this->raiseXMLResponse(); } elseif (P4A_ENABLE_RENDERING and is_object($this->active_mask)) { $this->_action_history_id++; $this->active_mask->main(); } $this->_to_redesign = array(); $this->_redesign_whole_mask = false; session_write_close(); session_id(substr(session_id(), 0, -6)); flush(); }
private function _getAsString($base_dir) { $return = "<ul class='p4a_dir_navigator'>"; $current = $this->base_dir . _DS_ . $this->current_subdir; foreach (scandir($base_dir) as $dir) { $absolute_dir = $base_dir . _DS_ . $dir; if (!is_dir($absolute_dir) or $absolute_dir == P4A_UPLOADS_TMP_DIR or substr($dir, 0, 1) == '.' or $dir == 'CVS') { continue; } $handler_return = $this->actionHandler('beforeRenderElement', $absolute_dir); if ($handler_return === ABORT) { continue; } if (!is_string($handler_return)) { $handler_return = ""; } if (P4A_OS == "linux") { $actions = $this->composeStringActions(str_replace(P4A_Strip_Double_Slashes("{$this->base_dir}/"), "", P4A_Strip_Double_Slashes($absolute_dir))); } else { $actions = $this->composeStringActions(str_replace(P4A_Strip_Double_Backslashes("{$this->base_dir}\\"), "", P4A_Strip_Double_Backslashes($absolute_dir))); } $description = $this->_trim($dir); if ($absolute_dir == $current) { $selected = "class='active_node {$handler_return}'"; if ($this->enable_selected_element) { $link_prefix = "<a href='#' {$actions}>"; $link_suffix = "</a>"; } else { $link_prefix = "<span>"; $link_suffix = "</span>"; } } else { $selected = "class='{$handler_return}'"; $link_prefix = "<a href='#' {$actions}>"; $link_suffix = "</a>"; } $return .= "<li {$selected}>{$link_prefix}{$description}{$link_suffix}\n"; if (strpos($current, $absolute_dir) !== false) { $return .= $this->_getAsString($absolute_dir); } $return .= "</li>\n"; } $return .= "</ul>"; return $return; }