static function file_download($folder, $view, $id, $field, $subitem, $write) { self::_require_access($folder, "read", $view); $sgsml = new sgsml($folder, $view, (array) $id, $write); $data = $sgsml->get_rows(array("id", "folder", sql_fieldname($field))); if (empty($data[0][$field])) { exit("{t}Item(s) not found or access denied.{/t}"); } $files = explode("|", trim($data[0][$field], "|")); if (!is_numeric($subitem) and $subitem != "") { foreach ($files as $key => $file) { if (modify::basename($file) == $subitem) { $subitem = $key; break; } } } if (!is_numeric($subitem)) { $subitem = 0; } if (empty($files[$subitem])) { exit("{t}file not found in database.{/t}"); } $file = sys_remove_handler($files[$subitem]); if (!file_exists($file)) { exit("{t}file not found.{/t}"); } return $file; }
function folder_process_session_find($finds) { /* find short syntax: find[]=table|field=value[,field2=value] => field and field2 find first asset: find[]=asset|table|limit|field=value[|field2=value2] => field and field2 find first folder: find[]=folder|simple_tree|limit|field=value find folders: find[]=folders|simple_tree|limit|field=value or: find[]=asset|table|limit|field=value&find[]=asset|table|limit|field=value union: find[]=assets|table|limit|field=value&find[]=assets|table|limit|field=value limit can be left blank */ if (!is_array($finds) or count($finds) == 0) { return array(); } if (!empty($_REQUEST["folder"])) { $finds[] = "assets|||folder=" . $_REQUEST["folder"]; } $table = ""; $result = array(); foreach ($finds as $find) { if (!strpos($find, "|")) { $delim = "¦"; } else { $delim = "|"; } $find = explode($delim, $find); if (count($find) == 1 and isset($_SESSION["ftype"])) { $find = array($_SESSION["ftype"], $find[0]); } if (count($find) == 2) { $find = explode("|", "asset|" . $find[0] . "||" . str_replace(",", "|", $find[1])); } if (count($find) < 4) { return array(); } $mode = $find[0]; $limit = $find[2]; if (empty($limit) or $limit > ASSET_PAGE_LIMIT) { $limit = ASSET_PAGE_LIMIT; } if ($find[1] != "") { $table = sql_fieldname($find[1]); } if ($table == "") { continue; } if (!sys_strbegins($table, "simple_")) { $table = "simple_" . $table; } $values = array(); $where = array(); $find = array_slice($find, 3); foreach ($find as $val) { $val = str_replace(array(utf8_encode("¦"), "¦"), "|", $val); if ($pos = strpos($val, "=")) { $field = sql_fieldname(substr($val, 0, $pos)); $values[$field] = explode(",", substr($val, $pos + 1)); if (count($values[$field]) == 1) { $where[] = $field . "=@" . $field . "@"; if ($field == "folder") { $values[$field] = folders_from_path($values[$field][0]); } } else { $where[] = $field . " in (@" . $field . "@)"; } } else { if ($pos = strpos($val, "~")) { $field = sql_fieldname(substr($val, 0, $pos)); $values[$field] = "%" . substr($val, $pos + 1) . "%"; $where[] = $field . " like @" . $field . "@"; } else { $values["id"] = explode(",", $val); $where[] = "id in (@id@)"; } } } $rows = db_select($table, array("folder", "id"), $where, "", is_numeric($limit) ? $limit : "", $values); if (!empty($rows) and is_array($rows) and count($rows) > 0) { if (($mode == "asset" or $mode == "folder") and count($rows) == 1) { $result["folder"] = $rows[0]["folder"]; if ($mode == "asset") { $result["item"] = $rows[0]["id"]; } } else { foreach ($rows as $row) { $result["folders"][] = $row["folder"]; if (!in_array($mode, array("folder", "folders"))) { $result["item"][] = $row["id"]; } } if (empty($result["folder"])) { foreach ($rows as $row) { if (!db_get_right($row["folder"], "read")) { continue; } $result["folder"] = $row["folder"]; break; } } } if ($mode != "assets") { break; } // OR asset|folder } } return $result; }
_upload_create_file($db_path, $target_lnk, $path, $filename); } } } // TODO use sgsml class folder_process_session_request(); folder_build_folders(); $GLOBALS["table"] = db_get_schema($GLOBALS["schemafile"], $GLOBALS["tfolder"], $GLOBALS["tview"]); $GLOBALS["tname"] = $GLOBALS["table"]["att"]["NAME"]; sys_process_session_request(); if (empty($_REQUEST["field"])) { $field = "filedata"; } else { $field = ltrim($_REQUEST["field"], "_"); } $field = sql_fieldname($field); if ($content_length > _upload_get_limit($field)) { sys_error(trans("{t}Upload failed{/t}: {t}file is too big. Please upload a smaller one.{/t} ({t}insufficient folder rights{/t})"), "409 Conflict"); } $t =& $GLOBALS["t"]; $t["sqlvars"]["item"] = $_REQUEST["item"]; $t["sqlvarsnoquote"]["permission_sql_read_nq"] = $_SESSION["permission_sql_write"]; $t["sqlvarsnoquote"]["permission_sql_write_nq"] = $_SESSION["permission_sql_write"]; $row = db_select_first($GLOBALS["tname"], array_unique(array($field, "folder", "id", "dsize")), $t["sqlwhere"], "", $t["sqlvars"], array("sqlvarsnoquote" => $t["sqlvarsnoquote"])); if (empty($row["folder"])) { sys_error(t("{t}file not found in database.{/t}")); } if (!db_get_right($row["folder"], "write")) { sys_error(trans("{t}Access to this file has been denied.{/t} ({t}insufficient folder rights{/t})"), "403 Forbidden"); } if (empty($row[$field])) {