示例#1
0
 function getMimeType()
 {
     if (isset($_SERVER['X-Mime-Type']) && is_mimetype_format($_SERVER['X-Mime-Type'])) {
         return $_SERVER['X-Mime-Type'];
     } else {
         return get_mimetype_by_extension(which_ext($_GET['qqfile']));
     }
 }
         } else {
             $file_error["keywords"][$key] = 1;
         }
     }
 }
 //starts upload of file
 if (!is_uploaded_file($_FILES["file"]["tmp_name"])) {
     $file_error["file"] = $BL['be_fprivup_err1'];
 } elseif ($_FILES["file"]["size"] > $phpwcms["file_maxsize"]) {
     $file_error["file"] = $BL['be_fprivup_err2'] . " " . number_format($phpwcms["file_maxsize"] / 1024, 2, ',', '.') . " kB";
 } else {
     $fileName = sanitize_filename($_FILES["file"]["name"]);
     $fileExt = check_image_extension($_FILES["file"]["tmp_name"], $fileName);
     $fileExt = $fileExt === false ? which_ext($fileName) : $fileExt;
     $fileHash = md5($fileName . microtime());
     $fileType = is_mimetype_format($_FILES["file"]["type"]) ? $_FILES["file"]["type"] : get_mimetype_by_extension($fileExt);
     $fileSize = intval($_FILES["file"]["size"]);
     // Check against forbidden file names
     $forbiddenUploadName = array('.htaccess', 'web.config', 'lighttpd.conf', 'nginx.conf');
     if (in_array(strtolower($fileName), $forbiddenUploadName)) {
         $file_error["file"] = sprintf($BL['be_fprivup_err7'], $fileName);
     }
     // Only allowed file extensions
     if (empty($file_error["file"])) {
         if (is_string($phpwcms['allowed_upload_ext'])) {
             $phpwcms['allowed_upload_ext'] = convertStringToArray(strtolower($phpwcms['allowed_upload_ext']));
         }
         if ($fileExt === '') {
             $file_error["file"] = sprintf($BL['be_fprivup_err9'], implode(', ', $phpwcms['allowed_upload_ext']));
         } elseif (is_array($phpwcms['allowed_upload_ext']) && count($phpwcms['allowed_upload_ext']) && !in_array(strtolower($fileExt), $phpwcms['allowed_upload_ext'])) {
             $file_error["file"] = sprintf($BL['be_fprivup_err8'], strtoupper($fileName), implode(', ', $phpwcms['allowed_upload_ext']));
示例#3
0
            $fileinfo['method'] = empty($phpwcms["inline_download"]) ? 'attachment' : 'inline';
            $fileinfo['mimetype'] = $download["f_type"];
            $fileinfo['file'] = $fileinfo['path'] . $fileinfo['filename'];
            $fileinfo['extension'] = $download["f_ext"];
            $fileinfo['realfname'] = $phpwcms['sanitize_dlname'] ? phpwcms_remove_accents($download["f_name"]) : $download["f_name"];
            // start download
            $success = dl_file_resume($fileinfo['file'], $fileinfo, true);
        }
    }
    // we hack in the stream.php here
} elseif ($file = isset($_GET['file']) ? clean_slweg($_GET['file'], 40) : '') {
    $filename = basename($file);
    $file = PHPWCMS_ROOT . '/' . PHPWCMS_FILES . $filename;
    if (is_file($file)) {
        $mime = empty($_GET['type']) ? '' : clean_slweg($_GET['type'], 100);
        if (!is_mimetype_format($mime)) {
            $mime = get_mimetype_by_extension(which_ext($file));
        }
        header('Content-Type: ' . $mime);
        if (BROWSER_OS == 'iOS') {
            require_once PHPWCMS_ROOT . '/include/inc_lib/functions.file.inc.php';
            rangeDownload($file);
        } else {
            header('Content-Transfer-Encoding: binary');
            if (!isset($_GET['ios'])) {
                header('Content-Disposition: inline; filename="' . ($phpwcms['sanitize_dlname'] ? phpwcms_remove_accents($filename) : $filename) . '"');
            }
            header('Content-Length: ' . filesize($file));
            readfile($file);
        }
        $success = true;
示例#4
0
function saveUploadedFile($file, $target, $exttype = '', $imgtype = '', $rename = 0, $maxsize = 0)
{
    // imgtype can be all exif_imagetype supported by your PHP install
    // see http://www.php.net/exif_imagetype
    $file_status = array('status' => false, 'error' => '', 'name' => '', 'tmp_name' => '', 'size' => 0, 'path' => '', 'ext' => '', 'rename' => '', 'maxsize' => intval($maxsize), 'error_num' => 0, 'type' => '');
    if (!isset($_FILES[$file]) || !is_uploaded_file($_FILES[$file]['tmp_name'])) {
        $file_status['error'] = 'Upload not defined';
        return $file_status;
    }
    $file_status['name'] = sanitize_filename($_FILES[$file]['name']);
    $file_status['ext'] = which_ext($file_status['name']);
    $file_status['tmp_name'] = $_FILES[$file]['tmp_name'];
    $file_status['size'] = $_FILES[$file]['size'];
    $file_status['type'] = empty($_FILES[$file]['type']) || !is_mimetype_format($_FILES[$file]['type']) ? get_mimetype_by_extension($file_status['ext']) : $_FILES[$file]['type'];
    $file_status['path'] = $target;
    $file_status['rename'] = $file_status['name'];
    $file_status['maxsize'] = empty($file_status['maxsize']) ? $GLOBALS['phpwcms']['file_maxsize'] : $file_status['maxsize'];
    if (intval($file_status['size']) > $file_status['maxsize']) {
        $file_status['error'] = 'File is too large';
        $file_status['error_num'] = 400;
        return $file_status;
    }
    if (empty($target)) {
        $file_status['error'] = 'Target directory not defined';
        $file_status['error_num'] = 412;
        return $file_status;
    }
    if (!@_mkdir($target)) {
        $file_status['error'] = 'The target directory "' . $target . '" can not be found or generated';
        $file_status['error_num'] = 412;
        return $file_status;
    }
    if ($_FILES[$file]['error']) {
        $file_status['error'] = $_FILES[$file]['error'];
        $file_status['error_num'] = 409;
        return $file_status;
    }
    if ($imgtype) {
        $imgtype = convertStringToArray(strtolower($imgtype));
        if (count($imgtype)) {
            $data = @getimagesize($_FILES[$file]['tmp_name']);
            $exif_imagetype = array(1 => 'gif', 2 => 'jpeg', 2 => 'jpg', 3 => 'png', 4 => 'swf', 5 => 'psd', 6 => 'bmp', 7 => 'tif', 8 => 'tiff', 9 => 'jpc', 10 => 'jp2', 11 => 'jpx', 12 => 'jb2', 13 => 'swc', 14 => 'iff', 15 => 'wbmp', 16 => 'xbm');
            if (!$data && !$exttype) {
                $file_status['error'] = 'Format' . ($file_status['ext'] ? ' *.' . $file_status['ext'] : '') . ' not supported (';
                $allowed = array();
                foreach ($imgtype as $value) {
                    $allowed[] = '*.' . $exif_imagetype[$value];
                }
                $file_status['error'] .= implode(', ', $allowed) . ')';
                $file_status['error_num'] = 415;
                @unlink($_FILES[$file]['tmp_name']);
                return $file_status;
            } elseif ($data) {
                if (empty($exif_imagetype[$data[2]]) || !in_array($data[2], $imgtype)) {
                    $file_status['error'] = 'File type ';
                    $file_status['error'] .= empty($exif_imagetype[$data[2]]) ? $data[2] : $exif_imagetype[$data[2]];
                    $file_status['error'] .= ' is not supported for this upload (';
                    foreach ($imgtype as $imgt) {
                        $file_status['error'] .= empty($exif_imagetype[$imgt]) ? $imgt : $exif_imagetype[$imgt];
                        $file_status['error'] .= ', ';
                    }
                    $file_status['error'] = trim(trim($file_status['error']), ',');
                    $file_status['error'] .= ' only)';
                    $file_status['error_num'] = 415;
                    @unlink($_FILES[$file]['tmp_name']);
                    return $file_status;
                }
                $file_status['image'] = $data;
                $exttype = '';
            }
        }
    }
    if ($exttype) {
        $exttype = convertStringToArray(strtolower($exttype));
        if (!in_array($file_status['ext'], $exttype)) {
            $file_status['error'] = 'File type *.' . $file_status['ext'] . ' is not supported for this upload (*.' . implode(', *.', $exttype) . ' only)';
            $file_status['error_num'] = 415;
            @unlink($_FILES[$file]['tmp_name']);
            return $file_status;
        }
    }
    if (!is_writable($target)) {
        $file_status['error'] = 'Target directory <b>' . str_replace(PHPWCMS_ROOT, '', $target) . '</b> is not writable';
        $file_status['error_num'] = 412;
        @unlink($_FILES[$file]['tmp_name']);
        return $file_status;
    }
    $rename = convertStringToArray($rename);
    if (count($rename)) {
        $_temp_name = cut_ext($file_status['rename']);
        foreach ($rename as $value) {
            switch ($value) {
                case 1:
                    $_temp_name = str_replace(array(':', '/', "\\", ' '), array('-', '-', '-', '_'), phpwcms_remove_accents($_temp_name));
                    $_temp_name = preg_replace('/[^0-9a-z_\\-\\.]/i', '', $_temp_name);
                    break;
                case 2:
                    $_temp_name = time() . '_' . $_temp_name;
                    break;
                case 3:
                    $_temp_name = date('Ymd-His') . '_' . $_temp_name;
                    break;
                case 4:
                    $_temp_name = date('Ymd') . '_' . $_temp_name;
                    break;
                case 5:
                    $_temp_name = generic_string(6) . '_' . $_temp_name;
                    break;
                case 6:
                    $_temp_name = md5($_temp_name . ($file_status['ext'] ? '.' . $file_status['ext'] : ''));
                    break;
                case 7:
                    $_temp_name = shortHash($_temp_name . ($file_status['ext'] ? '.' . $file_status['ext'] : ''));
                    break;
            }
        }
        $file_status['rename'] = $_temp_name . ($file_status['ext'] ? '.' . $file_status['ext'] : '');
    }
    @umask(0);
    if (!@move_uploaded_file($_FILES[$file]['tmp_name'], $target . $file_status['rename'])) {
        if (!copy($_FILES[$file]['tmp_name'], $target . $file_status['rename'])) {
            $file_status['error'] = 'Saving uploaded file <b>' . html($file_status['name']) . '</b> to <b>' . html(str_replace(PHPWCMS_ROOT, '', $target . $file_status['rename'])) . '</b> failed';
            $file_status['error_num'] = 412;
            @unlink($_FILES[$file]['tmp_name']);
            return $file_status;
        }
    }
    @chmod($target . $file_status['rename'], 0644);
    $file_status['status'] = true;
    return $file_status;
}
示例#5
0
 $file_error["upload"] = 0;
 $file_size = filesize($file_path);
 $file_ext = check_image_extension($file_path);
 $file_ext = false === $file_ext ? which_ext($file) : $file_ext;
 $file_name = sanitize_filename($ftp["filename"][$key]);
 $file_hash = md5($file_name . microtime());
 if (trim($file_type) === '') {
     //check file_type
     if (is_mimetype_by_extension($file_ext)) {
         $file_type = get_mimetype_by_extension($file_ext);
     } else {
         $file_check = getimagesize($file_path);
         if (version_compare("4.3.0", phpversion(), ">=") && $file_check) {
             $file_type = image_type_to_mime_type($file_check[2]);
         }
         if (!is_mimetype_format($file_type)) {
             $file_type = get_mimetype_by_extension($file_ext);
         }
     }
 }
 $sql = "INSERT INTO " . DB_PREPEND . "phpwcms_file (";
 $sql .= "f_pid, f_uid, f_kid, f_aktiv, f_public, f_name, f_created, f_size, f_type, f_ext, ";
 $sql .= "f_shortinfo, f_longinfo, f_keywords, f_hash, f_copyright, f_tags" . $ftp['fileVarsField'] . ") VALUES (";
 $sql .= $ftp["dir"] . ", " . intval($_SESSION["wcs_user_id"]) . ", 1, " . $ftp["aktiv"] . ", " . $ftp["public"] . ", ";
 $sql .= _dbEscape($file_name) . ", '" . time() . "', " . _dbEscape($file_size) . ", " . _dbEscape($file_type) . ", ";
 $sql .= _dbEscape($file_ext) . ", " . _dbEscape($ftp["short_info"]) . ", ";
 $sql .= _dbEscape($ftp["long_info"]) . ", " . _dbEscape($ftp["keys"]) . ", '" . $file_hash . "', ";
 $sql .= _dbEscape($ftp["copyright"]) . ", " . _dbEscape($ftp["tags"]) . $ftp['fileVarsValue'] . ")";
 $result = _dbQuery($sql, 'INSERT');
 if (isset($result['INSERT_ID'])) {
     $new_fileId = $result['INSERT_ID'];
示例#6
0
     $sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_file WHERE f_aktiv=1 AND f_trash=0 AND ";
     $sql .= "f_id=" . $dl . " AND f_kid=1 AND (f_public=1";
     if (empty($_SESSION["wcs_user_admin"])) {
         $sql .= " OR f_uid=" . intval($_SESSION["wcs_user_id"]);
     }
     $sql .= ") LIMIT 1";
 }
 if ($result = mysql_query($sql, $db) or die("error while retrieving file download infos")) {
     if ($download = mysql_fetch_array($result)) {
         $dl_filename = $download["f_hash"];
         if ($download["f_ext"]) {
             $dl_filename .= '.' . $download["f_ext"];
         }
         $dl_path = PHPWCMS_ROOT . $phpwcms["file_path"];
         if (file_exists($dl_path . $dl_filename)) {
             if (!is_mimetype_format($download["f_type"])) {
                 $download["f_type"] = get_mimetype_by_extension($download["f_ext"]);
             }
             header("Content-type: " . $download["f_type"]);
             header('Content-Disposition: attachment; filename="' . $download["f_name"] . '"');
             header("Content-Length: " . filesize($dl_path . $dl_filename));
             if (readfile($dl_path . $dl_filename)) {
                 exit;
             } else {
                 $err = 'Error reading file (4)';
             }
         } else {
             $err = 'File does not exist (1)';
         }
     } else {
         $err = 'File not found in database (2)';