/** * This generates an action event and delegates to _media_upload_action(). * Action plugins are allowed to pre/postprocess the uploaded file. * (The triggered event is preventable.) * * Event data: * $data[0] fn_tmp: the temporary file name (read from $_FILES) * $data[1] fn: the file name of the uploaded file * $data[2] id: the future directory id of the uploaded file * $data[3] imime: the mimetype of the uploaded file * $data[4] overwrite: if an existing file is going to be overwritten * * @triggers MEDIA_UPLOAD_FINISH */ function media_save($file, $id, $ow, $auth, $move) { if ($auth < AUTH_UPLOAD) { return array("You don't have permissions to upload files.", -1); } if (!isset($file['mime']) || !isset($file['ext'])) { list($ext, $mime) = mimetype($id); if (!isset($file['mime'])) { $file['mime'] = $mime; } if (!isset($file['ext'])) { $file['ext'] = $ext; } } global $lang, $conf; // get filename $id = cleanID($id); $fn = mediaFN($id); // get filetype regexp $types = array_keys(getMimeTypes()); $types = array_map(create_function('$q', 'return preg_quote($q,"/");'), $types); $regex = join('|', $types); // because a temp file was created already if (!preg_match('/\\.(' . $regex . ')$/i', $fn)) { return array($lang['uploadwrong'], -1); } //check for overwrite $overwrite = @file_exists($fn); $auth_ow = $conf['mediarevisions'] ? AUTH_UPLOAD : AUTH_DELETE; if ($overwrite && (!$ow || $auth < $auth_ow)) { return array($lang['uploadexist'], 0); } // check for valid content $ok = media_contentcheck($file['name'], $file['mime']); if ($ok == -1) { return array(sprintf($lang['uploadbadcontent'], '.' . $file['ext']), -1); } elseif ($ok == -2) { return array($lang['uploadspam'], -1); } elseif ($ok == -3) { return array($lang['uploadxss'], -1); } // prepare event data $data[0] = $file['name']; $data[1] = $fn; $data[2] = $id; $data[3] = $file['mime']; $data[4] = $overwrite; $data[5] = $move; // trigger event return trigger_event('MEDIA_UPLOAD_FINISH', $data, '_media_upload_action', true); }
/** * Uploads a file to the wiki. * * Michael Klier <*****@*****.**> */ function putAttachment($id, $file, $params) { $id = cleanID($id); global $conf; global $lang; $auth = auth_quickaclcheck(getNS($id) . ':*'); if ($auth >= AUTH_UPLOAD) { if (!isset($id)) { return new IXR_ERROR(1, 'Filename not given.'); } $ftmp = $conf['tmpdir'] . '/' . md5($id . clientIP()); // save temporary file @unlink($ftmp); $buff = base64_decode($file); io_saveFile($ftmp, $buff); // get filename list($iext, $imime, $dl) = mimetype($id); $id = cleanID($id); $fn = mediaFN($id); // get filetype regexp $types = array_keys(getMimeTypes()); $types = array_map(create_function('$q', 'return preg_quote($q,"/");'), $types); $regex = join('|', $types); // because a temp file was created already if (preg_match('/\\.(' . $regex . ')$/i', $fn)) { //check for overwrite $overwrite = @file_exists($fn); if ($overwrite && (!$params['ow'] || $auth < AUTH_DELETE)) { return new IXR_ERROR(1, $lang['uploadexist'] . '1'); } // check for valid content $ok = media_contentcheck($ftmp, $imime); if ($ok == -1) { return new IXR_ERROR(1, sprintf($lang['uploadexist'] . '2', ".{$iext}")); } elseif ($ok == -2) { return new IXR_ERROR(1, $lang['uploadspam']); } elseif ($ok == -3) { return new IXR_ERROR(1, $lang['uploadxss']); } // prepare event data $data[0] = $ftmp; $data[1] = $fn; $data[2] = $id; $data[3] = $imime; $data[4] = $overwrite; // trigger event return trigger_event('MEDIA_UPLOAD_FINISH', $data, array($this, '_media_upload_action'), true); } else { return new IXR_ERROR(1, $lang['uploadwrong']); } } else { return new IXR_ERROR(1, "You don't have permissions to upload files."); } }
/** * Handles media file uploads * * This generates an action event and delegates to _media_upload_action(). * Action plugins are allowed to pre/postprocess the uploaded file. * (The triggered event is preventable.) * * Event data: * $data[0] fn_tmp: the temporary file name (read from $_FILES) * $data[1] fn: the file name of the uploaded file * $data[2] id: the future directory id of the uploaded file * $data[3] imime: the mimetype of the uploaded file * $data[4] overwrite: if an existing file is going to be overwritten * * @triggers MEDIA_UPLOAD_FINISH * @author Andreas Gohr <*****@*****.**> * @author Michael Klier <*****@*****.**> * @return mixed false on error, id of the new file on success */ function media_upload($ns, $auth) { if ($auth < AUTH_UPLOAD) { return false; } if (!checkSecurityToken()) { return false; } require_once DOKU_INC . 'inc/confutils.php'; global $lang; global $conf; // get file and id $id = $_POST['id']; $file = $_FILES['upload']; if (empty($id)) { $id = $file['name']; } // check for errors (messages are done in lib/exe/mediamanager.php) if ($file['error']) { return false; } // check extensions list($fext, $fmime, $dl) = mimetype($file['name']); list($iext, $imime, $dl) = mimetype($id); if ($fext && !$iext) { // no extension specified in id - read original one $id .= '.' . $fext; $imime = $fmime; } elseif ($fext && $fext != $iext) { // extension was changed, print warning msg(sprintf($lang['mediaextchange'], $fext, $iext)); } // get filename $id = cleanID($ns . ':' . $id, false, true); $fn = mediaFN($id); // get filetype regexp $types = array_keys(getMimeTypes()); $types = array_map(create_function('$q', 'return preg_quote($q,"/");'), $types); $regex = join('|', $types); // because a temp file was created already if (preg_match('/\\.(' . $regex . ')$/i', $fn)) { //check for overwrite $overwrite = @file_exists($fn); if ($overwrite && (!$_REQUEST['ow'] || $auth < AUTH_DELETE)) { msg($lang['uploadexist'], 0); return false; } // check for valid content $ok = media_contentcheck($file['tmp_name'], $imime); if ($ok == -1) { msg(sprintf($lang['uploadbadcontent'], ".{$iext}"), -1); return false; } elseif ($ok == -2) { msg($lang['uploadspam'], -1); return false; } elseif ($ok == -3) { msg($lang['uploadxss'], -1); return false; } // prepare event data $data[0] = $file['tmp_name']; $data[1] = $fn; $data[2] = $id; $data[3] = $imime; $data[4] = $overwrite; // trigger event return trigger_event('MEDIA_UPLOAD_FINISH', $data, '_media_upload_action', true); } else { msg($lang['uploadwrong'], -1); } return false; }