public function getImage()
{
//filemanger library for file type error
include 'include/mime_type_lib.php';
$this->data = $this->load->language('filemanager/filemanager');
$this->load->model('tool/image');
$json = array();
if ($this->request->server['HTTPS']) {
$server = HTTPS_CATALOG;
} else {
$server = HTTP_CATALOG;
}
$filename = basename(html_entity_decode($this->request->get['image_url'], ENT_QUOTES, 'UTF-8'));
// Validate the filename length
if (utf8_strlen($filename) < 3 || utf8_strlen($filename) > 255) {
$json['error'] = $this->data['error_filename'];
}
// Allowed file extension types
$allowed = array('jpg', 'jpeg', 'png', 'gif', 'bmp', 'tiff', 'svg');
if (!in_array(utf8_strtolower(utf8_substr(strrchr($filename, '.'), 1)), $allowed)) {
$json['error'] = $this->data['error_file_type'];
}
$filetype = get_file_mime_type($filename);
// Allowed file mime types
$allowed = array('image/jpeg', 'image/pjpeg', 'image/png', 'image/x-png', 'image/gif');
if (!in_array($filetype, $allowed)) {
$json['error'] = $this->data['error_file_type'];
}
if (!$json && $this->request->get['image_url']) {
$json = array('thumb' => $this->model_tool_image->resize(utf8_substr($this->request->get['image_url'], utf8_strlen($server . 'image/')), 100, 100), 'path' => utf8_substr($this->request->get['image_url'], utf8_strlen($server . 'image/')), 'href' => $this->request->get['image_url']);
}
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
include 'config/config.php';
if ($_SESSION['RF']["verify"] != "RESPONSIVEfilemanager") {
die('forbiden');
}
include 'include/utils.php';
include 'include/mime_type_lib.php';
if (strpos($_POST['path'], '/') === 0 || strpos($_POST['path'], '../') !== FALSE || strpos($_POST['path'], './') === 0) {
die('wrong path');
}
if (strpos($_POST['name'], '/') !== FALSE) {
die('wrong path');
}
$path = $current_path . $_POST['path'];
$name = $_POST['name'];
$info = pathinfo($name);
if (!in_array(fix_strtolower($info['extension']), $ext)) {
die('wrong extension');
}
$img_size = (string) filesize($path . $name);
// Get the image size as string
$mime_type = get_file_mime_type($name);
// Get the correct MIME type depending on the file.
header('Pragma: private');
header('Cache-control: private, must-revalidate');
header("Content-Type: " . $mime_type);
// Set the correct MIME type
header("Content-Length: " . $img_size);
header('Content-Disposition: attachment; filename="' . $name . '"');
readfile($path . $name);
exit;
$max_cycles = 50;
$i = 0;
while ($cycle && $i < $max_cycles) {
$i++;
if ($path == $current_path) {
$cycle = FALSE;
}
if (file_exists($path . "config.php")) {
require_once $path . "config.php";
$cycle = FALSE;
}
$path = fix_dirname($path) . '/';
}
if (!empty($_FILES)) {
$info = pathinfo($_FILES['file']['name']);
$mime_type = get_file_mime_type($_FILES['file']['tmp_name']);
$extension = get_extension_from_mime($mime_type);
if ($extension === '' || $extension == 'so') {
$extension = $info['extension'];
}
if (in_array(fix_strtolower($extension), $ext)) {
$tempFile = $_FILES['file']['tmp_name'];
$targetPath = $storeFolder;
$targetPathThumb = $storeFolderThumb;
$_FILES['file']['name'] = fix_filename($info['filename'] . "." . $extension, $transliteration, $convert_spaces, $replace_with);
// LowerCase
if ($lower_case) {
$_FILES['file']['name'] = fix_strtolower($_FILES['file']['name']);
}
// Gen. new file name if exists
if (file_exists($targetPath . $_FILES['file']['name'])) {
/**
* Recursively scans a directory for text files (HTML and text only) and returns
* the result as an array.
*
* DEPRECATED. WILL BE REMOVED IN 6.7 -rgonzalez
*
* @deprecated
* @param $the_dir
* @param $the_array
* @return mixed
*/
function findTextFiles($the_dir, $the_array)
{
if (!is_dir($the_dir)) {
return $the_array;
}
$d = dir($the_dir);
while (false !== ($f = $d->read())) {
if ($f == "." || $f == "..") {
continue;
}
if (is_dir("{$the_dir}/{$f}")) {
// i think depth first is ok, given our cvs repo structure -Bob.
$the_array = findTextFiles("{$the_dir}/{$f}", $the_array);
} else {
$mime = get_file_mime_type("{$the_dir}/{$f}");
switch ($mime) {
// we take action on these cases
case "text/html":
case "text/plain":
array_push($the_array, "{$the_dir}/{$f}");
break;
// we consciously skip these types
// we consciously skip these types
case "application/pdf":
case "application/x-zip":
case "image/gif":
case "image/jpeg":
case "image/png":
case "text/rtf":
break;
default:
$GLOBALS['log']->info("no type handler for {$the_dir}/{$f} with get_file_mime_type: {$mime}\n");
}
}
}
return $the_array;
}
}
include 'include/utils.php';
include 'include/mime_type_lib.php';
if (strpos($_POST['path'], '/') === 0 || strpos($_POST['path'], '../') !== FALSE || strpos($_POST['path'], './') === 0) {
die('wrong path');
}
if (strpos($_POST['name'], '/') !== FALSE) {
die('wrong path');
}
$path = $current_path . $_POST['path'];
$name = $_POST['name'];
$info = pathinfo($name);
if (!in_array(fix_strtolower($info['extension']), $ext)) {
die('wrong extension');
}
$pdo = new PDO("mysql:dbname={$dbname};host={$host}", $user, $password);
$fm = new fileMgr($pdo);
$img_size = (string) filesize($path . $name);
// Get the image size as string
$mime_type = get_file_mime_type($path . $name);
// Get the correct MIME type depending on the file.
header('Pragma: private');
header('Cache-control: private, must-revalidate');
header("Content-Type: " . $mime_type);
// Set the correct MIME type
header("Content-Length: " . $img_size);
header('Content-Disposition: attachment; filename="' . $name . '"');
readfile($path . $name);
$mysqlPath = $fm->getFidByPath($path . $name);
$fm->download($mysqlPath['fid'], $_SESSION['uuid']);
exit;
/**
* Moves temporary files associated with the bean from the temporary folder
* to the upload folder.
*
* @param array $args The request arguments.
* @param SugarBean $bean The bean associated with the file.
* @throws SugarApiExceptionInvalidParameter If the file mime types differ
* from $imageFileMimeTypes.
*/
protected function moveTemporaryFiles($args, SugarBean $bean)
{
require_once 'include/upload_file.php';
require_once 'include/SugarFields/SugarFieldHandler.php';
$fileFields = $bean->getFieldDefinitions('type', array('file', 'image'));
$sfh = new SugarFieldHandler();
// FIXME This path should be changed with BR-1955.
$basepath = UploadStream::path('upload://tmp/');
$configDir = SugarConfig::getInstance()->get('upload_dir', 'upload');
foreach ($fileFields as $fieldName => $def) {
if (empty($args[$fieldName . '_guid'])) {
continue;
}
$this->verifyFieldAccess($bean, $fieldName);
$filepath = $basepath . $args[$fieldName . '_guid'];
if (!is_file($filepath)) {
continue;
}
if ($def['type'] === 'image') {
$filename = $args[$fieldName . '_guid'];
$bean->{$fieldName} = $filename;
} else {
// FIXME Image verification and mime type updating
// should not be duplicated from SugarFieldFile.
// SC-3338 is tracking this.
require_once 'include/utils/file_utils.php';
$filename = $bean->id;
$mimeType = get_file_mime_type($filepath, 'application/octet-stream');
$sf = $sfh->getSugarField($def['type']);
$extension = pathinfo($fieldName, PATHINFO_EXTENSION);
if (in_array($mimeType, $sf::$imageFileMimeTypes) && !verify_image_file($filepath)) {
throw new SugarApiExceptionInvalidParameter(string_format($GLOBALS['app_strings']['LBL_UPLOAD_IMAGE_FILE_NOT_SUPPORTED'], array($extension)));
}
$bean->file_mime_type = $mimeType;
$bean->file_ext = $extension;
}
$destination = rtrim($configDir, '/\\') . '/' . $filename;
// FIXME BR-1956 will address having multiple files
// associated with a record.
rename($filepath, $destination);
}
}
if (!in_array(fix_strtolower($info['extension']), $ext)) {
response(trans('wrong extension' . AddErrorLocation()), 400)->send();
exit;
}
if (!file_exists($path . $name)) {
response(trans('File_Not_Found' . AddErrorLocation()), 404)->send();
exit;
}
$file_name = $info['basename'];
$file_ext = $info['extension'];
$file_path = $path . $name;
// make sure the file exists
if (is_file($file_path) && is_readable($file_path)) {
$size = filesize($file_path);
$file_name = rawurldecode($file_name);
$mime_type = get_file_mime_type($file_path);
@ob_end_clean();
if (ini_get('zlib.output_compression')) {
ini_set('zlib.output_compression', 'Off');
}
header('Content-Type: ' . $mime_type);
header('Content-Disposition: attachment; filename="' . $file_name . '"');
header("Content-Transfer-Encoding: binary");
header('Accept-Ranges: bytes');
if (isset($_SERVER['HTTP_RANGE'])) {
list($a, $range) = explode("=", $_SERVER['HTTP_RANGE'], 2);
list($range) = explode(",", $range, 2);
list($range, $range_end) = explode("-", $range);
$range = intval($range);
if (!$range_end) {
$range_end = $size - 1;
/**
* Gets the mime type of a file
*
* @param string $filename Path to the file
* @return string|false The string mime type or false if the file does not exist
*/
public function getMimeType($filename)
{
return get_file_mime_type($filename);
}
/**
* Get MIME type for uploaded file
* @param array $_FILES_element $_FILES element required
* @return string MIME type
*/
function getMime($_FILES_element)
{
$filename = $_FILES_element['name'];
$file_ext = pathinfo($filename, PATHINFO_EXTENSION);
//If no file extension is available and the mime is octet-stream try to determine the mime type.
$recheckMime = empty($file_ext) && !empty($_FILES_element['type']) && $_FILES_element['type'] == 'application/octet-stream';
if (!empty($_FILES_element['type']) && !$recheckMime) {
$mime = $_FILES_element['type'];
} else {
// Try to get the mime type, using application/octet-stream as a default
$mime = get_file_mime_type($_FILES_element['tmp_name'], 'application/octet-stream');
}
return $mime;
}
/**
* TAG_TODO: написать очень, очень подробный комментарий сюда
*
*/
function send_email($mailer, $from, $to, $subject, $body, $headers = array(), $attachments = array(), $server_params = null)
{
logthis('[send_email] : sending email "' . $subject . '" from "' . $from . '" to "' . $to . '"');
// extract emails
if (!preg_match('~[a-zA-Z0-9.\\-]+@[a-zA-Z0-9.\\-]+~', $to, $mail_addresses)) {
logthis('[send_email] : no addresses found!', ZLogger::LOG_LEVEL_ERROR);
return false;
}
// $to may contain such structure: Julia (julia@example.com). Round brackets should be replaced with angle brackets
$to = preg_replace('~[\\<\\[\\(]*([a-zA-Z0-9.\\-]+@[a-zA-Z0-9.\\-]+)[\\>\\]\\)]*~', '<$1>', $to);
// encoding data for mail_mime
$encoding_parameters = array('head_encoding' => 'base64', 'text_encoding' => 'base64', 'html_encoding' => 'base64', 'head_charset' => 'utf-8', 'text_charset' => 'utf-8', 'html_charset' => 'utf-8');
// add some important headers
$headers_primary = array('From' => $from, 'To' => $to, 'Subject' => $subject);
$headers = array_merge($headers_primary, $headers);
// create mail body generator
$mime = new Mail_mime($encoding_parameters);
// by default, no text part
$mime->setTXTBody('');
$alarm = 0;
// replace image links with attached images
if ($image_count = preg_match_all('~<img[^>]+src="(?!cid:)([^"]+)"[^>]*>~', $body, $img_data)) {
for ($img_index = 0; $img_index < $image_count; $img_index++) {
// generate new CID
$cid = strtolower(str_replace('-', '', create_guid()));
// image full CID, must contain sender domain to be displayed inline instead as attachment
$cid_full = $cid . '@' . preg_replace('~[^@]*@~', '', $from);
// add image
$mime->addHTMLImage($img_data[1][$img_index], get_file_mime_type($img_data[1][$img_index]), '', true, $cid);
// replace local image link to inline
$new_image_link = str_replace($img_data[1][$img_index], 'cid:' . $cid_full, $img_data[0][$img_index]);
// new image link
$body = str_replace($img_data[0][$img_index], $new_image_link, $body);
}
}
// ok, HTML part is ready now
$mime->setHTMLBody($body);
// add attachments
foreach ($attachments as $attachment) {
$attachment_filename = $attachment['filename'];
$attachment_realname = $attachment['realname'];
$mime->addAttachment($attachment_filename, get_file_mime_type($attachment_filename), $attachment_realname, true, 'base64', 'attachment', '', '', '', 'base64', 'utf-8', '', 'utf-8');
}
// generate final headers
$headers_ready = $mime->headers($headers);
// get full message body
$body_ready = $mime->get();
// now send
$mail_result = $mailer->send($mail_addresses, $headers_ready, $body_ready);
// free mem as messages are big
unset($mime);
// log result
if ($mail_result === true) {
logthis('[send_email] : ok');
} else {
logthis('[send_email] : failed mailing to ' . $to . ' : ' . $mail_result->getMessage(), ZLogger::LOG_LEVEL_ERROR);
}
return $mail_result;
}
function force_download()
{
include FMPATH . 'config/config.php';
if ($_SESSION['RF']["verify"] != "RESPONSIVEfilemanager") {
die('forbiden');
}
include FMPATH . 'include/utils.php';
include FMPATH . 'include/mime_type_lib.php';
if (strpos($_POST['path'], '/') === 0 || strpos($_POST['path'], '../') !== FALSE || strpos($_POST['path'], './') === 0) {
die('wrong path');
}
if (strpos($_POST['name'], '/') !== FALSE) {
die('wrong path');
}
$path = $current_path . $_POST['path'];
$name = $_POST['name'];
$info = pathinfo($name);
if (!in_array(fix_strtolower($info['extension']), $ext)) {
die('wrong extension');
}
$img_size = (string) filesize($path . $name);
// Get the image size as string
$mime_type = get_file_mime_type($path . $name);
// Get the correct MIME type depending on the file.
header('Pragma: private');
header('Cache-control: private, must-revalidate');
header("Content-Type: " . $mime_type);
// Set the correct MIME type
header("Content-Length: " . $img_size);
header('Content-Disposition: attachment; filename="' . $name . '"');
readfile($path . $name);
exit;
}
public function save($bean, $params, $field, $vardef, $prefix = '')
{
$fakeDisplayParams = array();
$this->fillInOptions($vardef, $fakeDisplayParams);
require_once 'include/upload_file.php';
$upload_file = new UploadFile($prefix . $field . '_file');
//remove file
if (isset($_REQUEST['remove_file_' . $field]) && $params['remove_file_' . $field] == 1) {
$upload_file->unlink_file($bean->{$field});
$bean->{$field} = "";
}
$move = false;
// In case of failure midway, we need to reset the values of the bean
$originalvals = array('value' => $bean->{$field});
// Bug 57400 - Some beans with a filename field type do NOT have file_mime_type
// or file_ext. In the case of Documents, for example, this happens to be
// the case, since the DocumentRevisions bean is where these fields are found.
if (isset($bean->file_mime_type)) {
$originalvals['mime'] = $bean->file_mime_type;
}
if (isset($bean->file_ext)) {
$originalvals['ext'] = $bean->file_ext;
}
if (isset($_FILES[$prefix . $field . '_file']) && $upload_file->confirm_upload()) {
// in order to avoid any discrepancies of MIME type with the download code,
// call the same MIME function instead of using the uploaded file's mime type property.
$mimeType = get_file_mime_type($upload_file->get_temp_file_location(), 'application/octet-stream');
//verify the image
if (in_array($mimeType, self::$imageFileMimeTypes) && !verify_image_file($upload_file->get_temp_file_location())) {
$this->error = string_format($GLOBALS['app_strings']['LBL_UPLOAD_IMAGE_FILE_NOT_SUPPORTED'], array($upload_file->file_ext));
return;
}
$bean->{$field} = $upload_file->get_stored_file_name();
$bean->file_mime_type = $upload_file->mime_type;
$bean->file_ext = $upload_file->file_ext;
$move = true;
} else {
$this->error = $upload_file->getErrorMessage();
}
if (!empty($params['isDuplicate']) && $params['isDuplicate'] == 'true') {
// This way of detecting duplicates is used in Notes
$old_id = $params['relate_id'];
}
if (!empty($params['duplicateSave']) && !empty($params['duplicateId'])) {
// It's a duplicate
$old_id = $params['duplicateId'];
}
// case when we should copy one file to another using merge-duplicate view
// $params[$field . '_duplicateBeanId'] contains id of bean from
// which we should copy file.
if (!empty($params[$field . '_duplicateBeanId'])) {
$duplicateModuleId = $params[$field . '_duplicateBeanId'];
}
// Backwards compatibility for fields that still use customCode to handle the file uploads
if (!$move && empty($old_id) && isset($_FILES['uploadfile'])) {
$upload_file = new UploadFile('uploadfile');
if ($upload_file->confirm_upload()) {
$bean->{$field} = $upload_file->get_stored_file_name();
$bean->file_mime_type = $upload_file->mime_type;
$bean->file_ext = $upload_file->file_ext;
$move = true;
} else {
$this->error = $upload_file->getErrorMessage();
}
} elseif (!$move && !empty($old_id) && isset($_REQUEST['uploadfile']) && !isset($_REQUEST[$prefix . $field . '_file'])) {
// I think we are duplicating a backwards compatibility module.
$upload_file = new UploadFile('uploadfile');
}
if (empty($bean->id)) {
$bean->id = create_guid();
$bean->new_with_id = true;
}
if ($move) {
$temp = !empty($params['temp']);
// Added checking of final move to capture errors that might occur
if ($upload_file->final_move($bean->id, $temp)) {
if (!$temp) {
// This fixes an undefined index warning being thrown
$docType = isset($vardef['docType']) && isset($params[$prefix . $vardef['docType']]) ? $params[$prefix . $vardef['docType']] : null;
$upload_file->upload_doc($bean, $bean->id, $docType, $bean->{$field}, $upload_file->mime_type);
}
} else {
// Reset the bean back to original, but only if we had set them.
$bean->{$field} = $originalvals['value'];
// See comments for these properties above in regards to Bug 57400
if (isset($originalvals['mime'])) {
$bean->file_mime_type = $originalvals['mime'];
}
if (isset($originalvals['ext'])) {
$bean->file_ext = $originalvals['ext'];
}
// Report the error
$this->error = $upload_file->getErrorMessage();
}
} elseif (!empty($old_id)) {
// It's a duplicate, I think
if (empty($vardef['docUrl']) || empty($params[$prefix . $vardef['docUrl']])) {
$upload_file->duplicate_file($old_id, $bean->id, $bean->{$field});
} else {
$docType = $vardef['docType'];
$bean->{$docType} = $params[$prefix . $field . '_old_doctype'];
}
} elseif (!empty($params[$prefix . $field . '_remoteName'])) {
// We aren't moving, we might need to do some remote linking
$displayParams = array();
$this->fillInOptions($vardef, $displayParams);
if (isset($params[$prefix . $vardef['docId']]) && !empty($params[$prefix . $vardef['docId']]) && isset($params[$prefix . $vardef['docType']]) && !empty($params[$prefix . $vardef['docType']])) {
$bean->{$field} = $params[$prefix . $field . '_remoteName'];
require_once 'include/utils/file_utils.php';
$extension = get_file_extension($bean->{$field});
if (!empty($extension)) {
$bean->file_ext = $extension;
$bean->file_mime_type = get_mime_content_type_from_filename($bean->{$field});
}
}
} elseif (!empty($duplicateModuleId)) {
$upload_file->duplicate_file($duplicateModuleId, $bean->id, $bean->{$field});
$bean->{$field} = $params[$field];
require_once 'include/utils/file_utils.php';
$extension = get_file_extension($bean->{$field});
if (!empty($extension)) {
$bean->file_ext = $extension;
$bean->file_mime_type = get_mime_content_type_from_filename($bean->{$field});
}
}
if ($vardef['allowEapm'] == true && empty($bean->{$field})) {
$GLOBALS['log']->info("The {$field} is empty, clearing out the lot");
// Looks like we are emptying this out
$clearFields = array('docId', 'docType', 'docUrl', 'docDirectUrl');
foreach ($clearFields as $clearMe) {
if (!isset($vardef[$clearMe])) {
continue;
}
$clearField = $vardef[$clearMe];
$bean->{$clearField} = '';
}
}
}
/**
* Determines MIME-type encoding as possible.
* @param string $fileLocation relative path to file
* @return string MIME-type
*/
function email2GetMime($fileLocation)
{
return get_file_mime_type($fileLocation, 'application/octet-stream');
}
