// Big no-no #3: bad data structure $raw_file_contents = file_get_contents($_FILES['cctm_settings_file']['tmp_name']); $data_from_file = json_decode($raw_file_contents, true); // Let's check that this thing is legit if (!CCTM_ImportExport::is_valid_def_structure($data_from_file)) { self::$errors['format'] = __('The uploaded file is not in the correct format.', CCTM_TXTDOMAIN); $data['msg'] = self::format_errors(); $data['content'] = CCTM::load_view('import.php', $data); print CCTM::load_view('templates/default.php', $data); return; } // create_verify_storage_directories will set errors, and we add another error here // to let the user know that we can't interface with the library dir $basename = basename($_FILES['cctm_settings_file']['name']); // Sometimes you can get filenames that look lie "your_def.cctm (1).json" if (!CCTM_ImportExport::is_valid_basename($basename)) { // grab anything left of the first period, then re-create the .cctm.json extension list($basename) = explode('.', $basename); $basename .= CCTM_ImportExport::extension; } if (!@move_uploaded_file($_FILES['cctm_settings_file']['tmp_name'], $dir . '/' . $basename)) { self::$errors['library'] = sprintf(__('We could not upload the definition file to your library. This may be due to permissions errors or some other server configuration. Use FTP to upload your file to %', CCTM_TXTDOMAIN), "<code>{$dir}/{$basename}</code>"); } // Any other errors? if (!empty(self::$errors)) { $data['msg'] = self::format_errors(); self::set_flash($data['msg']); } // Refresh the list of files print '<script type="text/javascript">window.location.replace("?page=cctm_tools&a=import_def");</script>'; return;