function OnFileSave(&$arFile, $strFileName, $strSavePath, $bForceMD5 = false, $bSkipExt = false) { if(!$arFile["tmp_name"] && !$arFile["content"]) return false; if(array_key_exists("bucket", $arFile)) $bucket = $arFile["bucket"]; else $bucket = CCloudStorage::FindBucketForFile($arFile, $strFileName); if(!is_object($bucket)) return false; if(!$bucket->Init()) return false; if(array_key_exists("bucket", $arFile)) { $newName = bx_basename($arFile["tmp_name"]); $prefix = $bucket->GetFileSRC("/"); $subDir = substr($arFile["tmp_name"], strlen($prefix)); $subDir = substr($subDir, 0, -strlen($newName)-1); } else { if( $bForceMD5 != true && COption::GetOptionString("main", "save_original_file_name", "N")=="Y" ) { if(COption::GetOptionString("main", "convert_original_file_name", "Y")=="Y") $newName = CCloudStorage::translit($strFileName); else $newName = $strFileName; } else { $strFileExt = ($bSkipExt == true? '' : strrchr($strFileName, ".")); $newName = md5(uniqid(mt_rand(), true)).$strFileExt; } //check for double extension vulnerability $newName = RemoveScriptExtension($newName); while(true) { $strRand = md5(mt_rand()); $strRand = substr($strRand, 0, 3)."/".$strRand; if(substr($strSavePath, -1) == "/") $subDir = $strSavePath.$strRand; else $subDir = $strSavePath."/".$strRand; $subDir = ltrim($subDir, "/"); $filePath = "/".$subDir."/".$newName; if(!$bucket->FileExists($filePath)) break; } if(!$bucket->SaveFile($filePath, $arFile)) return false; } $arFile["HANDLER_ID"] = $bucket->ID; $arFile["SUBDIR"] = $subDir; $arFile["FILE_NAME"] = $newName; $arFile["WIDTH"] = 0; $arFile["HEIGHT"] = 0; if(array_key_exists("bucket", $arFile)) { $arFile["WIDTH"] = $arFile["width"]; $arFile["HEIGHT"] = $arFile["height"]; $arFile["size"] = $arFile["file_size"]; } elseif(array_key_exists("content", $arFile)) { $tmp_name = tempnam(); $fp = fopen($tmp_name, "ab"); if($fp) { if(fwrite($fp, $arFile["content"])) { $bucket->IncFileCounter(filesize($tmp_name)); $imgArray = CFile::GetImageSize($tmp_name); if(is_array($imgArray)) { $arFile["WIDTH"] = $imgArray[0]; $arFile["HEIGHT"] = $imgArray[1]; } } fclose($fp); unlink($tmp_name); } } else { $bucket->IncFileCounter(filesize($arFile["tmp_name"])); $imgArray = CFile::GetImageSize($arFile["tmp_name"]); if(is_array($imgArray)) { $arFile["WIDTH"] = $imgArray[0]; $arFile["HEIGHT"] = $imgArray[1]; } } if(isset($arFile["old_file"])) CFile::DoDelete($arFile["old_file"]); return true; }
public static function OnFileSave(&$arFile, $strFileName, $strSavePath, $bForceMD5 = false, $bSkipExt = false) { if (!$arFile["tmp_name"] && !array_key_exists("content", $arFile)) { return false; } if (array_key_exists("bucket", $arFile)) { $bucket = $arFile["bucket"]; } else { $bucket = CCloudStorage::FindBucketForFile($arFile, $strFileName); } if (!is_object($bucket)) { return false; } if (!$bucket->Init()) { return false; } $copySize = false; $subDir = ""; $filePath = ""; if (array_key_exists("content", $arFile)) { $arFile["tmp_name"] = CTempFile::GetFileName($arFile["name"]); CheckDirPath($arFile["tmp_name"]); $fp = fopen($arFile["tmp_name"], "ab"); if ($fp) { fwrite($fp, $arFile["content"]); fclose($fp); } } if (array_key_exists("bucket", $arFile)) { $newName = bx_basename($arFile["tmp_name"]); $prefix = $bucket->GetFileSRC("/"); $subDir = substr($arFile["tmp_name"], strlen($prefix)); $subDir = substr($subDir, 0, -strlen($newName) - 1); } else { if ($bForceMD5 != true && COption::GetOptionString("main", "save_original_file_name", "N") == "Y") { if (COption::GetOptionString("main", "convert_original_file_name", "Y") == "Y") { $newName = CCloudStorage::translit($strFileName); } else { $newName = $strFileName; } } else { $strFileExt = $bSkipExt == true ? '' : strrchr($strFileName, "."); $newName = md5(uniqid(mt_rand(), true)) . $strFileExt; } //check for double extension vulnerability $newName = RemoveScriptExtension($newName); while (true) { $strRand = md5(mt_rand()); $strRand = substr($strRand, 0, 3) . "/" . $strRand; if (substr($strSavePath, -1) == "/") { $subDir = $strSavePath . $strRand; } else { $subDir = $strSavePath . "/" . $strRand; } $subDir = ltrim($subDir, "/"); $filePath = "/" . $subDir . "/" . $newName; if (!$bucket->FileExists($filePath)) { break; } } $targetPath = $bucket->GetFileSRC("/"); if (strpos($arFile["tmp_name"], $targetPath) === 0) { $arDbFile = array("SUBDIR" => "", "FILE_NAME" => substr($arFile["tmp_name"], strlen($targetPath)), "CONTENT_TYPE" => $arFile["type"]); $copyPath = $bucket->FileCopy($arDbFile, $filePath); if (!$copyPath) { return false; } $copySize = $bucket->GetFileSize("/" . urldecode(substr($copyPath, strlen($targetPath)))); } else { $imgArray = CFile::GetImageSize($arFile["tmp_name"], true, false); if (is_array($imgArray) && $imgArray[2] == IMAGETYPE_JPEG) { $exifData = CFile::ExtractImageExif($arFile["tmp_name"]); if ($exifData && isset($exifData['Orientation'])) { $properlyOriented = CFile::ImageHandleOrientation($exifData['Orientation'], $arFile["tmp_name"]); if ($properlyOriented) { $jpgQuality = intval(COption::GetOptionString('main', 'image_resize_quality', '95')); if ($jpgQuality <= 0 || $jpgQuality > 100) { $jpgQuality = 95; } imagejpeg($properlyOriented, $arFile["tmp_name"], $jpgQuality); } } } if (!$bucket->SaveFile($filePath, $arFile)) { return false; } } } $arFile["HANDLER_ID"] = $bucket->ID; $arFile["SUBDIR"] = $subDir; $arFile["FILE_NAME"] = $newName; $arFile["WIDTH"] = 0; $arFile["HEIGHT"] = 0; if (array_key_exists("bucket", $arFile)) { $arFile["WIDTH"] = $arFile["width"]; $arFile["HEIGHT"] = $arFile["height"]; $arFile["size"] = $arFile["file_size"]; } elseif ($copySize !== false) { $arFile["size"] = $copySize; $bucket->IncFileCounter($copySize); } else { $bucket->IncFileCounter(filesize($arFile["tmp_name"])); $flashEnabled = !CFile::IsImage($arFile["ORIGINAL_NAME"], $arFile["type"]); $imgArray = CFile::GetImageSize($arFile["tmp_name"], true, $flashEnabled); if (is_array($imgArray)) { $arFile["WIDTH"] = $imgArray[0]; $arFile["HEIGHT"] = $imgArray[1]; } } if (isset($arFile["old_file"])) { CFile::DoDelete($arFile["old_file"]); } return true; }
public static function InitiateMultipartUpload($arBucket, &$NS, $filePath, $fileSize, $ContentType) { $filePath = '/'.trim($filePath, '/'); if($arBucket["PREFIX"]) { if(substr($filePath, 0, strlen($arBucket["PREFIX"])+2) != "/".$arBucket["PREFIX"]."/") $filePath = "/".$arBucket["PREFIX"].$filePath; } $NS = array( "filePath" => $filePath, "fileTemp" => CCloudStorage::translit("/tmp".$filePath, "/"), "partsCount" => 0, "Content-Type" => $ContentType, ); return true; }