示例#1
0
/**
 * Filters data from instant file uploader
 * @param string $name name of uploaded data
 * @param array $filter_by_ext allow file extensions
 * @return mixed filtered file data on success, false otherwise
 */
function fn_filter_uploaded_data($name, $filter_by_ext = array())
{
    $udata_local = fn_rebuild_files('file_' . $name);
    $udata_other = !empty($_REQUEST['file_' . $name]) ? $_REQUEST['file_' . $name] : array();
    $utype = !empty($_REQUEST['type_' . $name]) ? $_REQUEST['type_' . $name] : array();
    if (empty($utype)) {
        return array();
    }
    $filtered = array();
    foreach ($utype as $id => $type) {
        if ($type == 'local' && !fn_is_empty(@$udata_local[$id])) {
            $filtered[$id] = fn_get_local_data(Bootstrap::stripSlashes($udata_local[$id]));
        } elseif ($type == 'server' && !fn_is_empty(@$udata_other[$id]) && (Registry::get('runtime.skip_area_checking') || AREA == 'A')) {
            fn_get_last_key($udata_other[$id], 'fn_get_server_data', true);
            $filtered[$id] = $udata_other[$id];
        } elseif ($type == 'url' && !fn_is_empty(@$udata_other[$id])) {
            fn_get_last_key($udata_other[$id], 'fn_get_url_data', true);
            $filtered[$id] = $udata_other[$id];
        }
        if (isset($filtered[$id]) && $filtered[$id] === false) {
            unset($filtered[$id]);
            fn_set_notification('E', __('error'), __('cant_upload_file'));
            continue;
        }
        if (!empty($filtered[$id]['name'])) {
            $filtered[$id]['name'] = str_replace(' ', '_', urldecode($filtered[$id]['name']));
            // replace spaces with underscores
            if (!fn_check_uploaded_data($filtered[$id], $filter_by_ext)) {
                unset($filtered[$id]);
            }
        }
    }
    static $shutdown_inited;
    if (!$shutdown_inited) {
        $shutdown_inited = true;
        register_shutdown_function('fn_remove_temp_data');
    }
    return $filtered;
}
示例#2
0
/**
 * Filter data from file uploader
 *
 * @param string $name
 * @return array $filtered
 */
function fn_filter_uploaded_data($name, $filter_by_ext = array())
{
    $udata_local = fn_rebuild_files('file_' . $name);
    $udata_other = !empty($_REQUEST['file_' . $name]) ? $_REQUEST['file_' . $name] : array();
    $utype = !empty($_REQUEST['type_' . $name]) ? $_REQUEST['type_' . $name] : array();
    //var_dump($name);echo"<br/>";
    //    if($name=='p_feature_var_extra_image_detailed'){
    //        var_dump($utype);die();
    //    }
    if (empty($utype)) {
        return array();
    }
    $filtered = array();
    foreach ($utype as $id => $type) {
        if ($type == 'local' && !fn_is_empty(@$udata_local[$id])) {
            $filtered[$id] = fn_get_local_data(Bootstrap::stripSlashes($udata_local[$id]));
        } elseif ($type == 'server' && !fn_is_empty(@$udata_other[$id]) && AREA == 'A') {
            fn_get_last_key($udata_other[$id], 'fn_get_server_data', true);
            $filtered[$id] = $udata_other[$id];
        } elseif ($type == 'url' && !fn_is_empty(@$udata_other[$id])) {
            fn_get_last_key($udata_other[$id], 'fn_get_url_data', true);
            $filtered[$id] = $udata_other[$id];
        }
        if (isset($filtered[$id]) && $filtered[$id] === false) {
            unset($filtered[$id]);
            fn_set_notification('E', __('error'), __('cant_upload_file'));
        }
        if (!empty($filtered[$id]) && is_array($filtered[$id]) && !empty($filtered[$id]['name'])) {
            $filtered[$id]['name'] = str_replace(' ', '_', urldecode($filtered[$id]['name']));
            // replace spaces with underscores
            $ext = fn_get_file_ext($filtered[$id]['name']);
            if (!empty($filter_by_ext) && !in_array(fn_strtolower($ext), $filter_by_ext)) {
                unset($filtered[$id]);
                fn_set_notification('E', __('error'), __('text_not_allowed_to_upload_file_extension', array('[ext]' => $ext)));
            } elseif (in_array(fn_strtolower($ext), Registry::get('config.forbidden_file_extensions'))) {
                unset($filtered[$id]);
                fn_set_notification('E', __('error'), __('text_forbidden_file_extension', array('[ext]' => $ext)));
            }
        }
        if (!empty($filtered[$id]['path']) && in_array(fn_get_mime_content_type($filtered[$id]['path'], true, 'text/plain'), Registry::get('config.forbidden_mime_types'))) {
            fn_set_notification('E', __('error'), __('text_forbidden_file_mime', array('[mime]' => fn_get_mime_content_type($filtered[$id]['path'], true, 'text/plain'))));
            unset($filtered[$id]);
        }
    }
    static $shutdown_inited;
    if (!$shutdown_inited) {
        $shutdown_inited = true;
        register_shutdown_function('fn_remove_temp_data');
    }
    return $filtered;
}