/** * handle request and build XML * @access protected * */ protected function buildXml() { $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); // if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FOLDER_VIEW)) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); // } // Map the virtual path to the local server path. $_sServerDir = substr($this->_currentFolder->getServerPath(), 1); // if (!is_dir($_sServerDir)) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FOLDER_NOT_FOUND); // } // Create the "Folders" node. $oFoldersNode = new Ckfinder_Connector_Utils_XmlNode("Folders"); $this->_connectorNode->addChild($oFoldersNode); $files = array(); global $config; $s3 = s3_con(); $items = $s3->getBucket($config['AmazonS3']['Bucket'], $_sServerDir, null, null, '/', true); foreach ($items as $key => $val) { if (array_key_exists('prefix', $val)) { //TODO: Replace the base directory in this URL $files[] = substr(str_replace($_sServerDir, "", $key), 0, -1); //$files[] = substr($key, 3, strlen($key) - 4); } } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (sizeof($files) > 0) { natcasesort($files); $i = 0; foreach ($files as $file) { $oAcl = $_config->getAccessControlConfig(); $folderPath = $this->_currentFolder->getClientPath() . $file . '/'; $aclMask = $oAcl->getComputedMask($this->_currentFolder->getResourceTypeName(), $folderPath); if (($aclMask & CKFINDER_CONNECTOR_ACL_FOLDER_VIEW) != CKFINDER_CONNECTOR_ACL_FOLDER_VIEW) { continue; } if ($resourceTypeInfo->checkIsHiddenFolder($file)) { continue; } // Create the "Folder" node. $oFolderNode[$i] = new Ckfinder_Connector_Utils_XmlNode("Folder"); $oFoldersNode->addChild($oFolderNode[$i]); $oFolderNode[$i]->addAttribute("name", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($file)); $oFolderNode[$i]->addAttribute("hasChildren", CKFinder_Connector_Utils_FileSystem::hasChildren($folderPath, $resourceTypeInfo) ? "true" : "false"); $oFolderNode[$i]->addAttribute("acl", $aclMask); $i++; } } }
/** * handle request and build XML * @access protected * */ protected function buildXml() { if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FOLDER_CREATE)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); $sNewFolderName = isset($_GET["NewFolderName"]) ? $_GET["NewFolderName"] : ""; $sNewFolderName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($sNewFolderName); if ($_config->forceAscii()) { $sNewFolderName = CKFinder_Connector_Utils_FileSystem::convertToAscii($sNewFolderName); } // if (!CKFinder_Connector_Utils_FileSystem::checkFolderName($sNewFolderName) || $_resourceTypeConfig->checkIsHiddenFolder($sNewFolderName)) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); // } $sServerDir = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $sNewFolderName); // if (!is_writeable($this->_currentFolder->getServerPath())) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); // } $bCreated = false; global $config; $s3 = s3_con(); //Remove preceding slash, and add trailing slash (necessary for S3 to add a "folder") $bCreated = $s3->putObject("", $config['AmazonS3']['Bucket'], substr($sServerDir, 1) . "/"); //TODO: File/folder already exists // if (file_exists($sServerDir)) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST); // } // if ($perms = $_config->getChmodFolders()) { // $oldUmask = umask(0); // $bCreated = @mkdir($sServerDir, $perms); // umask($oldUmask); // } // else { // $bCreated = @mkdir($sServerDir); // } if (!$bCreated) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } else { $oNewFolderNode = new Ckfinder_Connector_Utils_XmlNode("NewFolder"); $this->_connectorNode->addChild($oNewFolderNode); $oNewFolderNode->addAttribute("name", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($sNewFolderName)); } }
/** * handle request and build XML * @access protected * */ protected function buildXml() { if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } // if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FOLDER_DELETE)) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); // } // The root folder cannot be deleted. if ($this->_currentFolder->getClientPath() == "/") { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $folderServerPath = $this->_currentFolder->getServerPath(); // if (!file_exists($folderServerPath) || !is_dir($folderServerPath)) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FOLDER_NOT_FOUND); // } global $config; $s3 = s3_con(); $items = $s3->getBucket($config['AmazonS3']['Bucket'], substr($folderServerPath, 1)); $success = true; foreach ($items as $item) { //Make sure it's not root folder if ($item['name'] !== substr($folderServerPath, 1)) { $success = $success && $s3->deleteObject($config['AmazonS3']['Bucket'], $item['name']); } } $success = $success && $s3->deleteObject($config['AmazonS3']['Bucket'], substr($folderServerPath, 1)); if (!$success) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } //Remove preceding slash, and add trailing slash (necessary for S3 to add a "folder") //$bCreated = $s3->putObject("", $config['AmazonS3']['Bucket'], substr($sServerDir, 1) . "/"); //TODO: Remove thumbnails server path given by $this->_currentFolder->getThumbsServerPath() // if (!CKFinder_Connector_Utils_FileSystem::unlink($folderServerPath)) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); // } // // CKFinder_Connector_Utils_FileSystem::unlink($this->_currentFolder->getThumbsServerPath()); }
/** * handle request and build XML * @access protected * */ protected function buildXml() { global $config, $baseDir; if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $sServerDir = substr($this->_currentFolder->getServerPath(), 1); //Remove leading slash $currentResourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $_aclConfig = $_config->getAccessControlConfig(); $aclMasks = array(); $_resourceTypeConfig = array(); if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_RENAME | CKFINDER_CONNECTOR_ACL_FILE_UPLOAD | CKFINDER_CONNECTOR_ACL_FILE_DELETE)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } // Create the "Errors" node. $oErrorsNode = new CKFinder_Connector_Utils_XmlNode("Errors"); $errorCode = CKFINDER_CONNECTOR_ERROR_NONE; $copied = 0; $copiedAll = 0; if (!empty($_POST['copied'])) { $copiedAll = intval($_POST['copied']); } $checkedPaths = array(); $oCopyFilesNode = new Ckfinder_Connector_Utils_XmlNode("CopyFiles"); if (!empty($_POST['files']) && is_array($_POST['files'])) { foreach ($_POST['files'] as $index => $arr) { if (empty($arr['name'])) { continue; } if (!isset($arr['name'], $arr['type'], $arr['folder'])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } // file name $name = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['name']); // resource type $type = $arr['type']; // client path $path = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['folder']); // options $options = !empty($arr['options']) ? $arr['options'] : ''; $destinationFilePath = $sServerDir . $name; // check #1 (path) if (!CKFinder_Connector_Utils_FileSystem::checkFileName($name) || preg_match(CKFINDER_REGEX_INVALID_PATH, $path)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } // get resource type config for current file if (!isset($_resourceTypeConfig[$type])) { $_resourceTypeConfig[$type] = $_config->getResourceTypeConfig($type); } // check #2 (resource type) if (is_null($_resourceTypeConfig[$type])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } // check #3 (extension) if (!$_resourceTypeConfig[$type]->checkExtension($name, false)) { $errorCode = CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } // check #4 (extension) - when moving to another resource type, double check extension if ($currentResourceTypeConfig->getName() != $type) { if (!$currentResourceTypeConfig->checkExtension($name, false)) { $errorCode = CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } } // check #5 (hidden folders) // cache results if (empty($checkedPaths[$path])) { $checkedPaths[$path] = true; if ($_resourceTypeConfig[$type]->checkIsHiddenPath($path)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } } //$sourceFilePath = $_resourceTypeConfig[$type]->getDirectory().$path.$name; $sourceFilePath = substr($baseDir, 1) . substr($path, 1) . $name; // check #6 (hidden file name) if ($currentResourceTypeConfig->checkIsHiddenFile($name)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } // check #7 (Access Control, need file view permission to source files) if (!isset($aclMasks[$type . "@" . $path])) { $aclMasks[$type . "@" . $path] = $_aclConfig->getComputedMask($type, $path); } $isAuthorized = ($aclMasks[$type . "@" . $path] & CKFINDER_CONNECTOR_ACL_FILE_VIEW) == CKFINDER_CONNECTOR_ACL_FILE_VIEW; if (!$isAuthorized) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } //$overwrite // finally, no errors so far, we may attempt to copy a file // protection against copying files to itself if ($sourceFilePath == $destinationFilePath) { $errorCode = CKFINDER_CONNECTOR_ERROR_SOURCE_AND_TARGET_PATH_EQUAL; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } //TODO: Check max size, check if file exists $s3 = s3_con(); $copy = $s3->copyObject($config['AmazonS3']['Bucket'], $sourceFilePath, $config['AmazonS3']['Bucket'], $destinationFilePath); if ($copy !== false) { $copied++; } else { $errorCode = CKFINDER_CONNECTOR_ERROR_COPY_FAILED; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); } // // check #8 (invalid file name) // if (!file_exists($sourceFilePath) || !is_file($sourceFilePath)) { // $errorCode = CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND; // $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); // continue; // } // // check #9 (max size) // if ($currentResourceTypeConfig->getName() != $type) { // $maxSize = $currentResourceTypeConfig->getMaxSize(); // $fileSize = filesize($sourceFilePath); // if ($maxSize && $fileSize>$maxSize) { // $errorCode = CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG; // $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); // continue; // } // } // // check if file exists if we don't force overwriting // if (file_exists($destinationFilePath) && strpos($options, "overwrite") === false) { // if (strpos($options, "autorename") !== false) { // $fileName = CKFinder_Connector_Utils_FileSystem::autoRename($sServerDir, $name); // $destinationFilePath = $sServerDir.$fileName; // if (!@copy($sourceFilePath, $destinationFilePath)) { // $errorCode = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED; // $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); // continue; // } // else { // $copied++; // } // } // else { // $errorCode = CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST; // $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); // continue; // } // } // // copy() overwrites without warning // else { // if (!@copy($sourceFilePath, $destinationFilePath)) { // $errorCode = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED; // $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); // continue; // } // else { // $copied++; // } // } } } $this->_connectorNode->addChild($oCopyFilesNode); if ($errorCode != CKFINDER_CONNECTOR_ERROR_NONE) { $this->_connectorNode->addChild($oErrorsNode); } $oCopyFilesNode->addAttribute("copied", $copied); $oCopyFilesNode->addAttribute("copiedTotal", $copiedAll + $copied); /** * Note: actually we could have more than one error. * This is just a flag for CKFinder interface telling it to check all errors. */ if ($errorCode != CKFINDER_CONNECTOR_ERROR_NONE) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_COPY_FAILED); } }
/** * handle request and build XML * @access protected * */ protected function buildXml() { if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FOLDER_RENAME)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } if (!isset($_GET["NewFolderName"])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $newFolderName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["NewFolderName"]); $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); if ($_config->forceAscii()) { $newFolderName = CKFinder_Connector_Utils_FileSystem::convertToAscii($newFolderName); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!CKFinder_Connector_Utils_FileSystem::checkFolderName($newFolderName) || $resourceTypeInfo->checkIsHiddenFolder($newFolderName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } // The root folder cannot be deleted. if ($this->_currentFolder->getClientPath() == "/") { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $oldFolderPath = substr($this->_currentFolder->getServerPath(), 1, -1); $newFolderPath = dirname($oldFolderPath) . '/' . $newFolderName; global $config; $s3 = s3_con(); $copied = true; $items = $s3->getBucket($config['AmazonS3']['Bucket'], $oldFolderPath); foreach ($items as $item) { //TODO: Possible bug, if repeating paths occur, it will mess up folder structure. Need to replace only first instance $newItemName = str_replace($oldFolderPath, $newFolderPath, $item['name']); $copy = $s3->copyObject($config['AmazonS3']['Bucket'], $item['name'], $config['AmazonS3']['Bucket'], $newItemName); if ($copy === false) { $copied = false; } } $deleted = true; foreach ($items as $item) { $deleted = $deleted && $s3->deleteObject($config['AmazonS3']['Bucket'], $item['name']); } // $bMoved = false; // if (!is_dir($oldFolderPath)) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); // } //let's calculate new folder name // if (file_exists(rtrim($newFolderPath, '/'))) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST); // } // $bMoved = @rename($oldFolderPath, $newFolderPath); if (!$copied || !$deleted) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } else { // $newThumbsServerPath = dirname($this->_currentFolder->getThumbsServerPath()) . '/' . $newFolderName . '/'; // if (!@rename($this->_currentFolder->getThumbsServerPath(), $newThumbsServerPath)) { // CKFinder_Connector_Utils_FileSystem::unlink($this->_currentFolder->getThumbsServerPath()); // } } $newFolderPath = preg_replace(",[^/]+/?\$,", $newFolderName, $this->_currentFolder->getClientPath()) . '/'; $newFolderUrl = $resourceTypeInfo->getUrl() . ltrim($newFolderPath, '/'); $oRenameNode = new Ckfinder_Connector_Utils_XmlNode("RenamedFolder"); $this->_connectorNode->addChild($oRenameNode); $oRenameNode->addAttribute("newName", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderName)); $oRenameNode->addAttribute("newPath", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderPath)); $oRenameNode->addAttribute("newUrl", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderUrl)); }
/** * Returns true if directory is not empty * * @access public * @static * @param string $clientPath client path (with trailing slash) * @param object $_resourceType resource type configuration * @return boolean */ public static function hasChildren($clientPath, $_resourceType) { global $config, $baseDir; if ($clientPath == "/") { $path = substr($baseDir, 1); } else { $path = substr($baseDir, 1) . substr($clientPath, 1); } $s3 = s3_con(); $items = $s3->getBucket($config['AmazonS3']['Bucket'], $path, null, 2, '/', true); if (sizeof($items) > 1) { return true; } return false; }
/** * handle request and build XML * @access protected * */ protected function buildXml() { if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } // if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_RENAME)) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); // } if (!isset($_GET["fileName"])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } if (!isset($_GET["newFileName"])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["fileName"]); $newFileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["newFileName"]); $oRenamedFileNode = new Ckfinder_Connector_Utils_XmlNode("RenamedFile"); $this->_connectorNode->addChild($oRenamedFileNode); $oRenamedFileNode->addAttribute("name", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($fileName)); $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!$resourceTypeInfo->checkExtension($newFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName) || $resourceTypeInfo->checkIsHiddenFile($fileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!CKFinder_Connector_Utils_FileSystem::checkFileName($newFileName) || $resourceTypeInfo->checkIsHiddenFile($newFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } if (!$resourceTypeInfo->checkExtension($fileName, false)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if ($_config->forceAscii()) { $newFileName = CKFinder_Connector_Utils_FileSystem::convertToAscii($newFileName); } $filePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName); $newFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $newFileName); $bMoved = true; global $config; $s3 = s3_con(); $copy = $s3->copyObject($config['AmazonS3']['Bucket'], substr($filePath, 1), $config['AmazonS3']['Bucket'], substr($newFilePath, 1)); if ($copy === false) { $bMoved = false; } $bMoved = $bMoved && $s3->deleteObject($config['AmazonS3']['Bucket'], substr($filePath, 1)); // if (!file_exists($filePath)) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); // } // if (!is_writable(dirname($newFilePath))) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); // } // // if (!is_writable($filePath)) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); // } // // if (file_exists($newFilePath)) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST); // } // $bMoved = @rename($filePath, $newFilePath); if (!$bMoved) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNKNOWN, "File " . CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($fileName) . "has not been renamed"); } else { $oRenamedFileNode->addAttribute("newName", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFileName)); $thumbPath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getThumbsServerPath(), $fileName); CKFinder_Connector_Utils_FileSystem::unlink($thumbPath); } }
/** * handle request and build XML * @access protected * */ protected function buildXml() { $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); // if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_VIEW)) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); // } // Map the virtual path to the local server path. $_sServerDir = $this->_currentFolder->getServerPath(); // Create the "Files" node. $oFilesNode = new Ckfinder_Connector_Utils_XmlNode("Files"); $this->_connectorNode->addChild($oFilesNode); // if (!is_dir($_sServerDir)) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FOLDER_NOT_FOUND); // } $fileNames = array(); $fileData = array(); $thumbFiles = array(); // if ($dh = @opendir($_sServerDir)) { // while (($file = readdir($dh)) !== false) { // if ($file != "." && $file != ".." && !is_dir($_sServerDir . $file)) { // $files[] = $file; // } // } // closedir($dh); // } else { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); // } global $config; $s3 = s3_con(); $items = $s3->getBucket($config['AmazonS3']['Bucket'], substr($_sServerDir, 1), null, null, '/', false); foreach ($items as $item) { //Make sure it's not empty (root folder usually) and not a sub-folder (evidenced from prefix key) if (array_key_exists('size', $item) && $item['size'] !== 0 && !array_key_exists('prefix', $item)) { $fileNames[] = $item['name']; $fileData[$item['name']] = $item; } } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (sizeof($fileNames) > 0) { $_thumbnailsConfig = $_config->getThumbnailsConfig(); $_thumbServerPath = ''; $_showThumbs = !empty($_GET['showThumbs']) && $_GET['showThumbs'] == 1; if ($_thumbnailsConfig->getIsEnabled() && ($_thumbnailsConfig->getDirectAccess() || $_showThumbs)) { $_thumbServerPath = $this->_currentFolder->getThumbsServerPath(); } natcasesort($fileNames); $i = 0; foreach ($fileNames as $file) { $filemtime = $fileData[$file]['time']; //otherwise file doesn't exist or we can't get it's filename properly if ($filemtime !== false) { // $filename = CKFinder_Connector_Utils_Misc::mbBasename($file); // if (!$resourceTypeInfo->checkExtension($filename, false)) { // continue; // } // if ($resourceTypeInfo->checkIsHiddenFile($filename)) { // continue; // } $oFileNode[$i] = new Ckfinder_Connector_Utils_XmlNode("File"); $oFilesNode->addChild($oFileNode[$i]); $oFileNode[$i]->addAttribute("name", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding(CKFinder_Connector_Utils_Misc::mbBasename($file))); $oFileNode[$i]->addAttribute("date", @date("YmdHi", $filemtime)); if (!empty($_thumbServerPath) && preg_match(CKFINDER_REGEX_IMAGES_EXT, $filename)) { if (file_exists($_thumbServerPath . $filename)) { $oFileNode[$i]->addAttribute("thumb", $filename); } elseif ($_showThumbs) { $oFileNode[$i]->addAttribute("thumb", "?" . $filename); } } $size = $fileData[$file]['size']; if ($size && $size < 1024) { $size = 1; } else { $size = (int) round($size / 1024); } $oFileNode[$i]->addAttribute("size", $size); $i++; } } } }
/** * handle request and build XML * @access protected * */ protected function buildXml() { if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_DELETE)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $oErrorsNode = new CKFinder_Connector_Utils_XmlNode("Errors"); $errorCode = CKFINDER_CONNECTOR_ERROR_NONE; $deleted = 0; $oDeleteFilesNode = new Ckfinder_Connector_Utils_XmlNode("DeleteFiles"); $currentResourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $_aclConfig = $_config->getAccessControlConfig(); $aclMasks = array(); $_resourceTypeConfig = array(); $checkedPaths = array(); if (!empty($_POST['files']) && is_array($_POST['files'])) { foreach ($_POST['files'] as $arr) { if (empty($arr['name'])) { continue; } if (!isset($arr['type'], $arr['folder'])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } // file name $name = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['name']); // resource type $type = $arr['type']; // client path $path = substr(CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['folder']), 1); if (!isset($_resourceTypeConfig[$type])) { $_resourceTypeConfig[$type] = $_config->getResourceTypeConfig($type); } if (is_null($_resourceTypeConfig[$type]) || !CKFinder_Connector_Utils_FileSystem::checkFileName($name) || preg_match(CKFINDER_REGEX_INVALID_PATH, $path)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$_resourceTypeConfig[$type]->checkExtension($name, false)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (empty($checkedPaths[$path])) { $checkedPaths[$path] = true; if ($_resourceTypeConfig[$type]->checkIsHiddenPath($path)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } } if ($currentResourceTypeConfig->checkIsHiddenFile($name)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!isset($aclMasks[$type . "@" . $path])) { $aclMasks[$type . "@" . $path] = $_aclConfig->getComputedMask($type, $path); } $isAuthorized = ($aclMasks[$type . "@" . $path] & CKFINDER_CONNECTOR_ACL_FILE_DELETE) == CKFINDER_CONNECTOR_ACL_FILE_DELETE; if (!$isAuthorized) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $filePath = substr($_resourceTypeConfig[$type]->getDirectory() . '/' . $path . $name, 1); // if (!file_exists($filePath) || !is_file($filePath) ) { // $errorCode = CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND; // $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); // continue; // } global $config; $s3 = s3_con(); if (!$s3->deleteObject($config['AmazonS3']['Bucket'], $filePath)) { $errorCode = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } else { $deleted++; //TODO: Delete thumbnail //$thumbPath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getThumbsServerPath(), $name); //@unlink($thumbPath); } } } $this->_connectorNode->addChild($oDeleteFilesNode); if ($errorCode != CKFINDER_CONNECTOR_ERROR_NONE) { $this->_connectorNode->addChild($oErrorsNode); } $oDeleteFilesNode->addAttribute("deleted", $deleted); if ($errorCode != CKFINDER_CONNECTOR_ERROR_NONE) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_DELETE_FAILED); } }
/** * send response (save uploaded file, resize if required) * @access public * */ public function sendResponse() { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_NONE; $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $oRegistry =& CKFinder_Connector_Core_Factory::getInstance("Core_Registry"); $oRegistry->set("FileUpload_fileName", "unknown file"); $uploadedFile = array_shift($_FILES); if (!isset($uploadedFile['name'])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID); } $sUnsafeFileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding(CKFinder_Connector_Utils_Misc::mbBasename($uploadedFile['name'])); $sFileName = CKFinder_Connector_Utils_FileSystem::secureFileName($sUnsafeFileName); if ($sFileName != $sUnsafeFileName) { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID_NAME_RENAMED; } $oRegistry->set("FileUpload_fileName", $sFileName); $this->checkConnector(); $this->checkRequest(); if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_UPLOAD)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); if (!CKFinder_Connector_Utils_FileSystem::checkFileName($sFileName) || $_resourceTypeConfig->checkIsHiddenFile($sFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!$resourceTypeInfo->checkExtension($sFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } $oRegistry->set("FileUpload_fileName", $sFileName); $oRegistry->set("FileUpload_url", $this->_currentFolder->getUrl()); $maxSize = $resourceTypeInfo->getMaxSize(); if (!$_config->checkSizeAfterScaling() && $maxSize && $uploadedFile['size'] > $maxSize) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); } $htmlExtensions = $_config->getHtmlExtensions(); $sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileName); if ($htmlExtensions && !CKFinder_Connector_Utils_Misc::inArrayCaseInsensitive($sExtension, $htmlExtensions) && ($detectHtml = CKFinder_Connector_Utils_FileSystem::detectHtml($uploadedFile['tmp_name'])) === true) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE); } $secureImageUploads = $_config->getSecureImageUploads(); if ($secureImageUploads && ($isImageValid = CKFinder_Connector_Utils_FileSystem::isImageValid($uploadedFile['tmp_name'], $sExtension)) === false) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); } switch ($uploadedFile['error']) { case UPLOAD_ERR_OK: break; case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); break; case UPLOAD_ERR_PARTIAL: case UPLOAD_ERR_NO_FILE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); break; case UPLOAD_ERR_NO_TMP_DIR: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_NO_TMP_DIR); break; case UPLOAD_ERR_CANT_WRITE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); break; case UPLOAD_ERR_EXTENSION: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); break; } $sServerDir = substr($this->_currentFolder->getServerPath(), 1); $fileName = $sServerDir . $sFileName; //The file in $_FILES[] or $uploadedFile['tmp_name'] will be deleted from the //temporary directory at the end of the request if it has not been moved away or renamed. //TODO: Check if file exists and use: //$sFileName = CKFinder_Connector_Utils_FileSystem::autoRename($sServerDir, $sFileName); global $config; $s3 = s3_con(); if (!$s3->putObject($s3->inputResource(fopen($uploadedFile['tmp_name'], 'rb'), filesize($uploadedFile['tmp_name'])), $config['AmazonS3']['Bucket'], $fileName, $s3::ACL_PUBLIC_READ)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } // while (true) // { // $sFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($sServerDir, $sFileName); // // if (file_exists($sFilePath)) { // $sFileName = CKFinder_Connector_Utils_FileSystem::autoRename($sServerDir, $sFileName); // $oRegistry->set("FileUpload_fileName", $sFileName); // // $iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_FILE_RENAMED; // } else { // if (false === move_uploaded_file($uploadedFile['tmp_name'], $sFilePath)) { // $iErrorNumber = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED; // } // else { // if (isset($detectHtml) && $detectHtml === -1 && CKFinder_Connector_Utils_FileSystem::detectHtml($sFilePath) === true) { // @unlink($sFilePath); // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE); // } // else if (isset($isImageValid) && $isImageValid === -1 && CKFinder_Connector_Utils_FileSystem::isImageValid($sFilePath, $sExtension) === false) { // @unlink($sFilePath); // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); // } // } // if (is_file($sFilePath) && ($perms = $_config->getChmodFiles())) { // $oldumask = umask(0); // chmod($sFilePath, $perms); // umask($oldumask); // } // break; // } // } if (!$_config->checkSizeAfterScaling()) { $this->_errorHandler->throwError($iErrorNumber, true, false); } //resize image if required require_once CKFINDER_CONNECTOR_LIB_DIR . "/CommandHandler/Thumbnail.php"; $_imagesConfig = $_config->getImagesConfig(); if ($_imagesConfig->getMaxWidth() > 0 && $_imagesConfig->getMaxHeight() > 0 && $_imagesConfig->getQuality() > 0) { CKFinder_Connector_CommandHandler_Thumbnail::createThumb($sFilePath, $sFilePath, $_imagesConfig->getMaxWidth(), $_imagesConfig->getMaxHeight(), $_imagesConfig->getQuality(), true); } if ($_config->checkSizeAfterScaling()) { //check file size after scaling, attempt to delete if too big clearstatcache(); if ($maxSize && filesize($sFilePath) > $maxSize) { @unlink($sFilePath); $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); } else { $this->_errorHandler->throwError($iErrorNumber, true, false); } } CKFinder_Connector_Core_Hooks::run('AfterFileUpload', array(&$this->_currentFolder, &$uploadedFile, &$sFilePath)); }