/** * handle request and build XML * @access protected * */ function buildXml() { if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_RENAME)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } if (!isset($_GET["fileName"])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } if (!isset($_GET["newFileName"])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $fileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["fileName"]); $newFileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["newFileName"]); $oRenamedFileNode = new Ckfinder_Connector_Utils_XmlNode("RenamedFile"); $this->_connectorNode->addChild($oRenamedFileNode); $oRenamedFileNode->addAttribute("name", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($fileName)); $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!$resourceTypeInfo->checkExtension($newFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } if (!CKFinder_Connector_Utils_FileSystem::checkFileName($fileName) || $resourceTypeInfo->checkIsHiddenFile($fileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!CKFinder_Connector_Utils_FileSystem::checkFileName($newFileName) || $resourceTypeInfo->checkIsHiddenFile($newFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } if (!$resourceTypeInfo->checkExtension($fileName, false)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if ($_config->forceAscii()) { $newFileName = CKFinder_Connector_Utils_FileSystem::convertToAscii($newFileName); } $filePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $fileName); $newFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $newFileName); $bMoved = false; if (!file_exists($filePath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND); } if (!is_writable(dirname($newFilePath))) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } if (!is_writable($filePath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } if (file_exists($newFilePath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST); } $bMoved = @rename($filePath, $newFilePath); if (!$bMoved) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNKNOWN, "File " . CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($fileName) . "has not been renamed"); } else { $oRenamedFileNode->addAttribute("newName", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFileName)); $thumbPath = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getThumbsServerPath(), $fileName); CKFinder_Connector_Utils_FileSystem::unlink($thumbPath); } }
/** * Throw file upload error, return true if error has been thrown, false if error has been catched * * @param int $number * @param string $text * @access public */ function throwError($number, $uploaded = false, $exit = true) { if ($this->_catchAllErrors || in_array($number, $this->_skipErrorsArray)) { return false; } $oRegistry =& CKFinder_Connector_Core_Factory::getInstance("Core_Registry"); $sFileName = $oRegistry->get("FileUpload_fileName"); $sFileUrl = $oRegistry->get("FileUpload_url"); header('Content-Type: text/html; charset=utf-8'); $errorMessage = CKFinder_Connector_Utils_Misc::getErrorMessage($number, $sFileName); if (!$uploaded) { $sFileName = ""; } if (!empty($_GET['response_type']) && $_GET['response_type'] == 'txt') { echo $sFileName . "|" . $errorMessage; exit; } echo "<script type=\"text/javascript\">"; if (!empty($_GET['CKFinderFuncNum'])) { $errorMessage = CKFinder_Connector_Utils_Misc::getErrorMessage($number, $sFileName); if (!$uploaded) { $sFileUrl = ""; $sFileName = ""; } $funcNum = preg_replace("/[^0-9]/", "", $_GET['CKFinderFuncNum']); echo "window.parent.CKFinder.tools.callFunction({$funcNum}, '" . str_replace("'", "\\'", $sFileUrl . $sFileName) . "', '" . str_replace("'", "\\'", $errorMessage) . "');"; } else { echo "window.parent.OnUploadCompleted('" . str_replace("'", "\\'", $sFileName) . "', '" . str_replace("'", "\\'", $errorMessage) . "') ;"; } echo "</script>"; if ($exit) { exit; } }
function sendResponse() { $oRegistry =& CKFinder_Connector_Core_Factory::getInstance("Core_Registry"); $file_url = $this->_currentFolder->getUrl(); $oRegistry->set("FileUpload_url", $file_url); return parent::sendResponse(); }
/** * send response * @access public * */ function sendResponse() { $xml =& CKFinder_Connector_Core_Factory::getInstance("Core_Xml"); $this->_connectorNode =& $xml->getConnectorNode(); $this->checkConnector(); if ($this->mustCheckRequest()) { $this->checkRequest(); } $resourceTypeName = $this->_currentFolder->getResourceTypeName(); if (!empty($resourceTypeName)) { $this->_connectorNode->addAttribute("resourceType", $this->_currentFolder->getResourceTypeName()); } if ($this->mustAddCurrentFolderNode()) { $_currentFolder = new Ckfinder_Connector_Utils_XmlNode("CurrentFolder"); $this->_connectorNode->addChild($_currentFolder); $_currentFolder->addAttribute("path", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($this->_currentFolder->getClientPath())); $this->_errorHandler->setCatchAllErros(true); $_url = $this->_currentFolder->getUrl(); $_currentFolder->addAttribute("url", is_null($_url) ? "" : CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($_url)); $this->_errorHandler->setCatchAllErros(false); $_currentFolder->addAttribute("acl", $this->_currentFolder->getAclMask()); } $this->buildXml(); $_oErrorNode =& $xml->getErrorNode(); $_oErrorNode->addAttribute("number", "0"); echo $this->_connectorNode->asXML(); exit; }
/** * handle request and build XML * @access protected * */ protected function buildXml() { $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FOLDER_CREATE)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); $sNewFolderName = isset($_GET["NewFolderName"]) ? $_GET["NewFolderName"] : ""; $sNewFolderName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($sNewFolderName); if (!CKFinder_Connector_Utils_FileSystem::checkFileName($sNewFolderName) || $_resourceTypeConfig->checkIsHiddenFolder($sNewFolderName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $sServerDir = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $sNewFolderName); if (!is_writeable($this->_currentFolder->getServerPath())) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } $bCreated = false; if (file_exists($sServerDir)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST); } if ($perms = $_config->getChmodFolders()) { $oldUmask = umask(0); $bCreated = @mkdir($sServerDir, $perms); umask($oldUmask); } else { $bCreated = @mkdir($sServerDir); } if (!$bCreated) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } else { $oNewFolderNode = new Ckfinder_Connector_Utils_XmlNode("NewFolder"); $this->_connectorNode->addChild($oNewFolderNode); $oNewFolderNode->addAttribute("name", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($sNewFolderName)); } }
/** * Check whether Connector is enabled * @access protected * */ protected function checkConnector() { $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); if (!$_config->getIsEnabled()) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_CONNECTOR_DISABLED); } }
/** * Throw file upload error, return true if error has been thrown, false if error has been catched * * @param int $number * @param string $text * @access public */ function throwError($number, $uploaded = false, $exit = true) { if ($this->_catchAllErrors || in_array($number, $this->_skipErrorsArray)) { return false; } $oRegistry =& CKFinder_Connector_Core_Factory::getInstance("Core_Registry"); $sFileName = $oRegistry->get("FileUpload_fileName"); $sFileUrl = $oRegistry->get("FileUpload_url"); header('Content-Type: text/html; charset=utf-8'); /** * echo <script> is not called before CKFinder_Connector_Utils_Misc::getErrorMessage * because PHP has problems with including files that contain BOM character. * Having BOM character after <script> tag causes a javascript error. */ echo "<script type=\"text/javascript\">"; if (!empty($_GET['CKEditor'])) { $errorMessage = CKFinder_Connector_Utils_Misc::getErrorMessage($number, $sFileName); if (!$uploaded) { $sFileUrl = ""; $sFileName = ""; } $funcNum = preg_replace("/[^0-9]/", "", $_GET['CKEditorFuncNum']); echo "window.parent.CKEDITOR.tools.callFunction({$funcNum}, '" . str_replace("'", "\\'", $sFileUrl . $sFileName) . "', '" . str_replace("'", "\\'", $errorMessage) . "');"; } else { if (!$uploaded) { echo "window.parent.OnUploadCompleted(" . $number . ", '', '', '') ;"; } else { echo "window.parent.OnUploadCompleted(" . $number . ", '" . str_replace("'", "\\'", $sFileUrl . $sFileName) . "', '" . str_replace("'", "\\'", $sFileName) . "', '') ;"; } } echo "</script>"; if ($exit) { exit; } }
/** * handle request and build XML * @access protected * */ protected function buildXml() { $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); // Create the "ConnectorInfo" node. $_oConnInfo = new Ckfinder_Connector_Utils_XmlNode("ConnectorInfo"); $this->_connectorNode->addChild($_oConnInfo); $_oConnInfo->addAttribute("enabled", $_config->getIsEnabled() ? "true" : "false"); if (!$_config->getIsEnabled()) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_CONNECTOR_DISABLED); } $_ln = ''; $_lc = $_config->getLicenseKey() . ' '; if (1 == strpos(CKFINDER_CHARS, $_lc[0]) % 5) { $_ln = $_config->getLicenseName(); } $_oConnInfo->addAttribute("s", $_ln); $_oConnInfo->addAttribute("c", trim($_lc[11] . $_lc[0] . $_lc[8] . $_lc[12])); $_thumbnailsConfig = $_config->getThumbnailsConfig(); $_thumbnailsEnabled = $_thumbnailsConfig->getIsEnabled(); $_oConnInfo->addAttribute("thumbsEnabled", $_thumbnailsEnabled ? "true" : "false"); if ($_thumbnailsEnabled) { $_oConnInfo->addAttribute("thumbsUrl", $_thumbnailsConfig->getUrl()); $_oConnInfo->addAttribute("thumbsDirectAccess", $_thumbnailsConfig->getDirectAccess() ? "true" : "false"); } // Create the "ResourceTypes" node. $_oResourceTypes = new Ckfinder_Connector_Utils_XmlNode("ResourceTypes"); $this->_connectorNode->addChild($_oResourceTypes); // Load the resource types in an array. $_aTypes = $_config->getDefaultResourceTypes(); if (!sizeof($_aTypes)) { $_aTypes = $_config->getResourceTypeNames(); } $_aTypesSize = sizeof($_aTypes); if ($_aTypesSize) { for ($i = 0; $i < $_aTypesSize; $i++) { $_resourceTypeName = $_aTypes[$i]; $_acl = $_config->getAccessControlConfig(); $_aclMask = $_acl->getComputedMask($_resourceTypeName, "/"); if (($_aclMask & CKFINDER_CONNECTOR_ACL_FOLDER_VIEW) != CKFINDER_CONNECTOR_ACL_FOLDER_VIEW) { continue; } if (!isset($_GET['type']) || $_GET['type'] === $_resourceTypeName) { //print $_resourceTypeName; $_oTypeInfo = $_config->getResourceTypeConfig($_resourceTypeName); //print_r($_oTypeInfo); $_oResourceType[$i] = new Ckfinder_Connector_Utils_XmlNode("ResourceType"); $_oResourceTypes->addChild($_oResourceType[$i]); $_oResourceType[$i]->addAttribute("name", $_resourceTypeName); $_oResourceType[$i]->addAttribute("url", $_oTypeInfo->getUrl()); $_oResourceType[$i]->addAttribute("allowedExtensions", implode(",", $_oTypeInfo->getAllowedExtensions())); $_oResourceType[$i]->addAttribute("deniedExtensions", implode(",", $_oTypeInfo->getDeniedExtensions())); $_oResourceType[$i]->addAttribute("defaultView", $_oTypeInfo->getDefaultView()); $_oResourceType[$i]->addAttribute("hash", substr(md5($_oTypeInfo->getDirectory()), 0, 16)); $_oResourceType[$i]->addAttribute("hasChildren", CKFinder_Connector_Utils_FileSystem::hasChildren($_oTypeInfo->getDirectory()) ? "true" : "false"); $_oResourceType[$i]->addAttribute("acl", $_aclMask); } } } }
/** * Throw connector error, return true if error has been thrown, false if error has been catched * * @param int $number * @param string $text * @access public */ public function throwError($number, $text = false) { if ($this->_catchAllErrors || in_array($number, $this->_skipErrorsArray)) { return false; } $_xml =& CKFinder_Connector_Core_Factory::getInstance("Core_Xml"); $_xml->raiseError($number, $text); exit; }
/** * handle request and build XML * @access protected * */ protected function buildXml() { $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_VIEW)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } // Map the virtual path to the local server path. $_sServerDir = $this->_currentFolder->getServerPath(); // Create the "Files" node. $oFilesNode = new Ckfinder_Connector_Utils_XmlNode("Files"); $this->_connectorNode->addChild($oFilesNode); if (!is_dir($_sServerDir)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FOLDER_NOT_FOUND); } $files = array(); if ($dh = @opendir($_sServerDir)) { while (($file = readdir($dh)) !== false) { if ($file != "." && $file != ".." && !is_dir($_sServerDir . $file)) { $files[] = $file; } } closedir($dh); } else { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (sizeof($files) > 0) { natcasesort($files); $i = 0; foreach ($files as $file) { $filemtime = @filemtime($_sServerDir . $file); //otherwise file doesn't exist or we can't get it's filename properly if ($filemtime !== false) { $filename = basename($file); if (!$resourceTypeInfo->checkExtension($filename, false)) { continue; } if ($resourceTypeInfo->checkIsHiddenFile($filename)) { continue; } $oFileNode[$i] = new Ckfinder_Connector_Utils_XmlNode("File"); $oFilesNode->addChild($oFileNode[$i]); $oFileNode[$i]->addAttribute("name", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding(basename($file))); $oFileNode[$i]->addAttribute("date", @date("YmdHi", $filemtime)); $size = filesize($_sServerDir . $file); if ($size && $size < 1024) { $size = 1; } else { $size = (int) round($size / 1024); } $oFileNode[$i]->addAttribute("size", $size); $i++; } } } }
protected function execute() { \CKFinder_Connector_Core_Factory::initFactory(); $connector =& \CKFinder_Connector_Core_Factory::getInstance("Core_Connector"); if ($this->request->query->has('command')) { $connector->executeCommand($this->request->query->get('command')); } else { $connector->handleInvalidCommand(); } }
/** * handle request and build XML * @access protected * */ function buildXml() { if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FOLDER_RENAME)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } if (!isset($_GET["NewFolderName"])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $newFolderName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["NewFolderName"]); $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); if ($_config->forceAscii()) { $newFolderName = CKFinder_Connector_Utils_FileSystem::convertToAscii($newFolderName); } if (!CKFinder_Connector_Utils_FileSystem::checkFileName($newFolderName) || $resourceTypeInfo->checkIsHiddenFolder($newFolderName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } // The root folder cannot be deleted. if ($this->_currentFolder->getClientPath() == "/") { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $oldFolderPath = $this->_currentFolder->getServerPath(); $bMoved = false; if (!is_dir($oldFolderPath)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } //let's calculate new folder name $newFolderPath = dirname($oldFolderPath) . DIRECTORY_SEPARATOR . $newFolderName . DIRECTORY_SEPARATOR; if (file_exists(rtrim($newFolderPath, DIRECTORY_SEPARATOR))) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST); } if (eregi("\\.", basename($newFolderPath))) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } $bMoved = @rename($oldFolderPath, $newFolderPath); if (!$bMoved) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } else { $newThumbsServerPath = dirname($this->_currentFolder->getThumbsServerPath()) . '/' . $newFolderName . '/'; if (!@rename($this->_currentFolder->getThumbsServerPath(), $newThumbsServerPath)) { CKFinder_Connector_Utils_FileSystem::unlink($this->_currentFolder->getThumbsServerPath()); } } $newFolderPath = preg_replace(",[^/]+/?\$,", $newFolderName, $this->_currentFolder->getClientPath()) . '/'; $newFolderUrl = $resourceTypeInfo->getUrl() . ltrim($newFolderPath, '/'); $oRenameNode = new Ckfinder_Connector_Utils_XmlNode("RenamedFolder"); $this->_connectorNode->addChild($oRenameNode); $oRenameNode->addAttribute("newName", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderName)); $oRenameNode->addAttribute("newPath", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderPath)); $oRenameNode->addAttribute("newUrl", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($newFolderUrl)); }
/** * handle request and build XML * @access protected * */ protected function buildXml() { $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FOLDER_VIEW)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } // Map the virtual path to the local server path. $_sServerDir = $this->_currentFolder->getServerPath(); if (!is_dir($_sServerDir)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FOLDER_NOT_FOUND); } // Create the "Folders" node. $oFoldersNode = new Ckfinder_Connector_Utils_XmlNode("Folders"); $this->_connectorNode->addChild($oFoldersNode); $files = array(); if ($dh = @opendir($_sServerDir)) { while (($file = readdir($dh)) !== false) { if ($file != "." && $file != ".." && is_dir($_sServerDir . $file)) { $files[] = $file; } } closedir($dh); } else { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (sizeof($files) > 0) { natcasesort($files); $i = 0; foreach ($files as $file) { $oAcl = $_config->getAccessControlConfig(); $folderPath = $this->_currentFolder->getClientPath() . $file . "/"; $aclMask = $oAcl->getComputedMask($this->_currentFolder->getResourceTypeName(), $folderPath); if (($aclMask & CKFINDER_CONNECTOR_ACL_FOLDER_VIEW) != CKFINDER_CONNECTOR_ACL_FOLDER_VIEW) { continue; } if ($resourceTypeInfo->checkIsHiddenFolder($file)) { continue; } // Create the "Folder" node. $oFolderNode[$i] = new Ckfinder_Connector_Utils_XmlNode("Folder"); $oFoldersNode->addChild($oFolderNode[$i]); $oFolderNode[$i]->addAttribute("name", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($file)); $oFolderNode[$i]->addAttribute("hasChildren", CKFinder_Connector_Utils_FileSystem::hasChildren($folderPath, $resourceTypeInfo) ? "true" : "false"); $oFolderNode[$i]->addAttribute("acl", $aclMask); $i++; } } }
/** * Throw file upload error, return true if error has been thrown, false if error has been catched * * @param int $number * @param string $text * @access public */ public function throwError($number, $uploaded = false, $exit = true) { if ($this->_catchAllErrors || in_array($number, $this->_skipErrorsArray)) { return false; } $oRegistry =& CKFinder_Connector_Core_Factory::getInstance("Core_Registry"); $sFileName = $oRegistry->get("FileUpload_fileName"); $sFileUrl = $oRegistry->get("FileUpload_url"); $sEncodedFileName = CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($sFileName); $errorMessage = CKFinder_Connector_Utils_Misc::getErrorMessage($number, $sEncodedFileName); if (!empty($_GET['responseType']) && $_GET['responseType'] == 'json') { header('Content-Type: application/json; charset=utf-8'); $data = array('fileName' => $sEncodedFileName, 'uploaded' => (int) $uploaded); if ($uploaded) { $data['url'] = $sFileUrl . CKFinder_Connector_Utils_Misc::encodeURIComponent($sEncodedFileName); } if ($number !== CKFINDER_CONNECTOR_ERROR_NONE) { $data['error'] = array('number' => $number, 'message' => $errorMessage); } echo json_encode($data); } else { header('Content-Type: text/html; charset=utf-8'); /** * echo <script> is not called before CKFinder_Connector_Utils_Misc::getErrorMessage * because PHP has problems with including files that contain BOM character. * Having BOM character after <script> tag causes a javascript error. */ echo "<script type=\"text/javascript\">"; if (!empty($_GET['CKEditor'])) { if (!$uploaded) { $sFileUrl = ""; $sFileName = ""; $sEncodedFileName = ""; } $funcNum = preg_replace("/[^0-9]/", "", $_GET['CKEditorFuncNum']); echo "window.parent.CKEDITOR.tools.callFunction({$funcNum}, '" . str_replace("'", "\\'", $sFileUrl . CKFinder_Connector_Utils_Misc::encodeURIComponent($sEncodedFileName)) . "', '" . str_replace("'", "\\'", $errorMessage) . "');"; } else { if (!$uploaded) { echo "window.parent.OnUploadCompleted(" . $number . ", '', '', '') ;"; } else { echo "window.parent.OnUploadCompleted(" . $number . ", '" . str_replace("'", "\\'", $sFileUrl . CKFinder_Connector_Utils_Misc::encodeURIComponent($sEncodedFileName)) . "', '" . str_replace("'", "\\'", $sEncodedFileName) . "', '') ;"; } } echo "</script>"; } if ($exit) { exit; } }
/** * handle request and build XML * @access protected * */ protected function buildXml() { $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); // if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FOLDER_VIEW)) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); // } // Map the virtual path to the local server path. $_sServerDir = substr($this->_currentFolder->getServerPath(), 1); // if (!is_dir($_sServerDir)) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_FOLDER_NOT_FOUND); // } // Create the "Folders" node. $oFoldersNode = new Ckfinder_Connector_Utils_XmlNode("Folders"); $this->_connectorNode->addChild($oFoldersNode); $files = array(); global $config; $s3 = s3_con(); $items = $s3->getBucket($config['AmazonS3']['Bucket'], $_sServerDir, null, null, '/', true); foreach ($items as $key => $val) { if (array_key_exists('prefix', $val)) { //TODO: Replace the base directory in this URL $files[] = substr(str_replace($_sServerDir, "", $key), 0, -1); //$files[] = substr($key, 3, strlen($key) - 4); } } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (sizeof($files) > 0) { natcasesort($files); $i = 0; foreach ($files as $file) { $oAcl = $_config->getAccessControlConfig(); $folderPath = $this->_currentFolder->getClientPath() . $file . '/'; $aclMask = $oAcl->getComputedMask($this->_currentFolder->getResourceTypeName(), $folderPath); if (($aclMask & CKFINDER_CONNECTOR_ACL_FOLDER_VIEW) != CKFINDER_CONNECTOR_ACL_FOLDER_VIEW) { continue; } if ($resourceTypeInfo->checkIsHiddenFolder($file)) { continue; } // Create the "Folder" node. $oFolderNode[$i] = new Ckfinder_Connector_Utils_XmlNode("Folder"); $oFoldersNode->addChild($oFolderNode[$i]); $oFolderNode[$i]->addAttribute("name", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($file)); $oFolderNode[$i]->addAttribute("hasChildren", CKFinder_Connector_Utils_FileSystem::hasChildren($folderPath, $resourceTypeInfo) ? "true" : "false"); $oFolderNode[$i]->addAttribute("acl", $aclMask); $i++; } } }
/** * handle request and build XML * @access protected * */ protected function buildXml() { if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FOLDER_CREATE)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); $sNewFolderName = isset($_GET["NewFolderName"]) ? $_GET["NewFolderName"] : ""; $sNewFolderName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($sNewFolderName); if ($_config->forceAscii()) { $sNewFolderName = CKFinder_Connector_Utils_FileSystem::convertToAscii($sNewFolderName); } // if (!CKFinder_Connector_Utils_FileSystem::checkFolderName($sNewFolderName) || $_resourceTypeConfig->checkIsHiddenFolder($sNewFolderName)) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); // } $sServerDir = CKFinder_Connector_Utils_FileSystem::combinePaths($this->_currentFolder->getServerPath(), $sNewFolderName); // if (!is_writeable($this->_currentFolder->getServerPath())) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); // } $bCreated = false; global $config; $s3 = s3_con(); //Remove preceding slash, and add trailing slash (necessary for S3 to add a "folder") $bCreated = $s3->putObject("", $config['AmazonS3']['Bucket'], substr($sServerDir, 1) . "/"); //TODO: File/folder already exists // if (file_exists($sServerDir)) { // $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST); // } // if ($perms = $_config->getChmodFolders()) { // $oldUmask = umask(0); // $bCreated = @mkdir($sServerDir, $perms); // umask($oldUmask); // } // else { // $bCreated = @mkdir($sServerDir); // } if (!$bCreated) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); } else { $oNewFolderNode = new Ckfinder_Connector_Utils_XmlNode("NewFolder"); $this->_connectorNode->addChild($oNewFolderNode); $oNewFolderNode->addAttribute("name", CKFinder_Connector_Utils_FileSystem::convertToConnectorEncoding($sNewFolderName)); } }
/** * Throw file upload error, return true if error has been thrown, false if error has been catched * * @param int $number * @param string $text * @access public */ function throwError($number, $text = false, $exit = true) { if ($this->_catchAllErrors || in_array($number, $this->_skipErrorsArray)) { return false; } $oRegistry =& CKFinder_Connector_Core_Factory::getInstance("Core_Registry"); $sFileName = $oRegistry->get("FileUpload_fileName"); echo "<script type=\"text/javascript\">"; if (empty($text)) { echo "window.parent.OnUploadCompleted(" . $number . ") ;"; } else { echo "window.parent.OnUploadCompleted(" . $number . ",'" . str_replace("'", "\\'", $sFileName) . "') ;"; } echo "</script>"; if ($exit) { exit; } }
/** * Throw file upload error, return true if error has been thrown, false if error has been catched * * @param int $number * @param string $text * @access public */ public function throwError($number, $uploaded = false, $exit = true) { if ($this->_catchAllErrors || in_array($number, $this->_skipErrorsArray)) { return false; } $oRegistry =& CKFinder_Connector_Core_Factory::getInstance("Core_Registry"); $sFileName = $oRegistry->get("FileUpload_fileName"); header('Content-Type: text/html; charset=utf-8'); $errorMessage = CKFinder_Connector_Utils_Misc::getErrorMessage($number, $sFileName); if (!$uploaded) { $sFileName = ""; } echo "<script type=\"text/javascript\">"; echo "window.parent.OnUploadCompleted('" . str_replace("'", "\\'", $sFileName) . "', '" . str_replace("'", "\\'", $errorMessage) . "') ;"; echo "</script>"; if ($exit) { exit; } }
/** * handle request and build XML * @access protected * */ function buildXml() { $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); // Create the "ConnectorInfo" node. $_oConnInfo = new Ckfinder_Connector_Utils_XmlNode("ConnectorInfo"); $this->_connectorNode->addChild($_oConnInfo); $_oConnInfo->addAttribute("enabled", $_config->getIsEnabled() ? "true" : "false"); if (!$_config->getIsEnabled()) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_CONNECTOR_DISABLED); } $_ln = ''; $_lc = $_config->getLicenseKey() . ' '; $pos = strpos(CKFINDER_CHARS, $_lc[0]) % 5; if ($pos == 1 || $pos == 4) { $_ln = $_config->getLicenseName(); } $_oConnInfo->addAttribute("s", $_ln); $_oConnInfo->addAttribute("c", trim($_lc[11] . $_lc[0] . $_lc[8] . $_lc[12] . $_lc[26] . $_lc[2] . $_lc[3] . $_lc[25] . $_lc[1])); $_thumbnailsConfig = $_config->getThumbnailsConfig(); $_thumbnailsEnabled = $_thumbnailsConfig->getIsEnabled(); $_oConnInfo->addAttribute("thumbsEnabled", $_thumbnailsEnabled ? "true" : "false"); if ($_thumbnailsEnabled) { $_oConnInfo->addAttribute("thumbsUrl", $_thumbnailsConfig->getUrl()); $_oConnInfo->addAttribute("thumbsDirectAccess", $_thumbnailsConfig->getDirectAccess() ? "true" : "false"); } $_imagesConfig = $_config->getImagesConfig(); $_oConnInfo->addAttribute("imgWidth", $_imagesConfig->getMaxWidth()); $_oConnInfo->addAttribute("imgHeight", $_imagesConfig->getMaxHeight()); // Create the "ResourceTypes" node. $_oResourceTypes = new Ckfinder_Connector_Utils_XmlNode("ResourceTypes"); $this->_connectorNode->addChild($_oResourceTypes); // Create the "PluginsInfo" node. $_oPluginsInfo = new Ckfinder_Connector_Utils_XmlNode("PluginsInfo"); $this->_connectorNode->addChild($_oPluginsInfo); // Load the resource types in an array. $_aTypes = $_config->getDefaultResourceTypes(); if (!sizeof($_aTypes)) { $_aTypes = $_config->getResourceTypeNames(); } $_aTypesSize = sizeof($_aTypes); if ($_aTypesSize) { $phpMaxSize = 0; $max_upload = CKFinder_Connector_Utils_Misc::returnBytes(ini_get('upload_max_filesize')); if ($max_upload) { $phpMaxSize = $max_upload; } $max_post = CKFinder_Connector_Utils_Misc::returnBytes(ini_get('post_max_size')); if ($max_post) { $phpMaxSize = $phpMaxSize ? min($phpMaxSize, $max_post) : $max_post; } //ini_get('memory_limit') only works if compiled with "--enable-memory-limit" $memory_limit = CKFinder_Connector_Utils_Misc::returnBytes(@ini_get('memory_limit')); if ($memory_limit && $memory_limit != -1) { $phpMaxSize = $phpMaxSize ? min($phpMaxSize, $memory_limit) : $memory_limit; } $_oConnInfo->addAttribute("uploadMaxSize", $phpMaxSize); $_oConnInfo->addAttribute("uploadCheckImages", $_config->checkSizeAfterScaling() ? "false" : "true"); for ($i = 0; $i < $_aTypesSize; $i++) { $_resourceTypeName = $_aTypes[$i]; $_acl = $_config->getAccessControlConfig(); $_aclMask = $_acl->getComputedMask($_resourceTypeName, "/"); if (($_aclMask & CKFINDER_CONNECTOR_ACL_FOLDER_VIEW) != CKFINDER_CONNECTOR_ACL_FOLDER_VIEW) { continue; } if (!isset($_GET['type']) || $_GET['type'] === $_resourceTypeName) { //print $_resourceTypeName; $_oTypeInfo = $_config->getResourceTypeConfig($_resourceTypeName); //print_r($_oTypeInfo); $_oResourceType[$i] = new Ckfinder_Connector_Utils_XmlNode("ResourceType"); $_oResourceTypes->addChild($_oResourceType[$i]); $_oResourceType[$i]->addAttribute("name", $_resourceTypeName); $_oResourceType[$i]->addAttribute("url", $_oTypeInfo->getUrl()); $_oResourceType[$i]->addAttribute("allowedExtensions", implode(",", $_oTypeInfo->getAllowedExtensions())); $_oResourceType[$i]->addAttribute("deniedExtensions", implode(",", $_oTypeInfo->getDeniedExtensions())); $_oResourceType[$i]->addAttribute("hash", substr(md5($_oTypeInfo->getDirectory()), 0, 16)); $_oResourceType[$i]->addAttribute("hasChildren", CKFinder_Connector_Utils_FileSystem::hasChildren($_oTypeInfo->getDirectory()) ? "true" : "false"); $_oResourceType[$i]->addAttribute("acl", $_aclMask); $maxSize = $_oTypeInfo->getMaxSize(); if ($phpMaxSize) { $maxSize = $maxSize ? min($maxSize, $phpMaxSize) : $phpMaxSize; } $_oResourceType[$i]->addAttribute("maxSize", $maxSize); } } } $config = $GLOBALS['config']; if (!empty($config['Plugins']) && is_array($config['Plugins'])) { $_oConnInfo->addAttribute("plugins", implode(",", $config['Plugins'])); } CKFinder_Connector_Core_Hooks::run('InitCommand', array(&$this->_connectorNode)); }
/** * Simple function required by config.php - discover the server side path * to the directory relative to the "$baseUrl" attribute * * @package CKFinder * @subpackage Connector * @param string $baseUrl * @return string */ function resolveUrl($baseUrl) { $fileSystem =& CKFinder_Connector_Core_Factory::getInstance("Utils_FileSystem"); return $fileSystem->getDocumentRootPath() . $baseUrl; }
/** * Get ACL Mask * * @return int * @access public */ function getAclMask() { $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $_aclConfig = $_config->getAccessControlConfig(); if ($this->_aclMask == -1) { $this->_aclMask = $_aclConfig->getComputedMask($this->_resourceTypeName, $this->_clientPath); } return $this->_aclMask; }
/** * Get computed mask * * @param string $resourceType * @param string $folderPath * @return int */ public function getComputedMask($resourceType, $folderPath) { $_computedMask = 0; $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); /**#@+ * Get user role from Pi Engine session directly */ /* $_roleSessionVar = $_config->getRoleSessionVar(); $_userRole = null; if (strlen($_roleSessionVar) && isset($_SESSION[$_roleSessionVar])) { $_userRole = (string)$_SESSION[$_roleSessionVar]; } */ //$_userRole = Pi::service('session')->ckfinder->role; $_userRole = isset($_SESSION['PI_CKFINDER']['role']) ? $_SESSION['PI_CKFINDER']['role'] : null; /**#@-*/ if (!is_null($_userRole) && !strlen($_userRole)) { $_userRole = null; } $folderPath = trim($folderPath, "/"); $_pathParts = explode("/", $folderPath); $_currentPath = "/"; for ($i = -1; $i < sizeof($_pathParts); $i++) { if ($i >= 0) { if (!strlen($_pathParts[$i])) { continue; } if (array_key_exists($_currentPath . '*/', $this->_aclEntries)) { $_computedMask = $this->mergePathComputedMask($_computedMask, $resourceType, $_userRole, $_currentPath . '*/'); } $_currentPath .= $_pathParts[$i] . '/'; } if (array_key_exists($_currentPath, $this->_aclEntries)) { $_computedMask = $this->mergePathComputedMask($_computedMask, $resourceType, $_userRole, $_currentPath); } } return $_computedMask; }
/** * Check given file name * Return true if file name matches hidden file names list * * @param string $fileName * @access public * @return boolean */ function checkIsHiddenFile($fileName) { if (is_null($this->_config)) { $this->_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); } $regex = $this->_config->getHideFilesRegex(); if ($regex) { return preg_match($regex, $fileName); } return false; }
* Handle FileUpload command * * @package CKFinder * @subpackage CommandHandlers * @copyright CKSource - Frederico Knabben */ class CKFinder_Connector_CommandHandler_FileUpload extends CKFinder_Connector_CommandHandler_CommandHandlerBase { /** * Command name * * @access protected * @var string */ protected $command = "FileUpload"; /** * send response (save uploaded file, resize if required) * @access public * */ public function sendResponse() { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_NONE; $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $oRegistry =& CKFinder_Connector_Core_Factory::getInstance("Core_Registry"); $oRegistry->set("FileUpload_fileName", "unknown file"); $uploadedFile = array_shift($_FILES); if (!isset($uploadedFile['name'])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID); } $sUnsafeFileName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding(CKFinder_Connector_Utils_Misc::mbBasename($uploadedFile['name'])); $sFileName = CKFinder_Connector_Utils_FileSystem::secureFileName($sUnsafeFileName); if ($sFileName != $sUnsafeFileName) { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_INVALID_NAME_RENAMED; } $oRegistry->set("FileUpload_fileName", $sFileName); $this->checkConnector(); $this->checkRequest(); if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_UPLOAD)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } $_resourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); if (!CKFinder_Connector_Utils_FileSystem::checkFileName($sFileName) || $_resourceTypeConfig->checkIsHiddenFile($sFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig(); if (!$resourceTypeInfo->checkExtension($sFileName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION); } $oRegistry->set("FileUpload_fileName", $sFileName); $oRegistry->set("FileUpload_url", $this->_currentFolder->getUrl()); $maxSize = $resourceTypeInfo->getMaxSize(); if (!$_config->checkSizeAfterScaling() && $maxSize && $uploadedFile['size'] > $maxSize) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); } $htmlExtensions = $_config->getHtmlExtensions(); $sExtension = CKFinder_Connector_Utils_FileSystem::getExtension($sFileName); if ($htmlExtensions && !CKFinder_Connector_Utils_Misc::inArrayCaseInsensitive($sExtension, $htmlExtensions) && ($detectHtml = CKFinder_Connector_Utils_FileSystem::detectHtml($uploadedFile['tmp_name'])) === true) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE); } $secureImageUploads = $_config->getSecureImageUploads(); if ($secureImageUploads && ($isImageValid = CKFinder_Connector_Utils_FileSystem::isImageValid($uploadedFile['tmp_name'], $sExtension)) === false) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); } switch ($uploadedFile['error']) { case UPLOAD_ERR_OK: break; case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG); break; case UPLOAD_ERR_PARTIAL: case UPLOAD_ERR_NO_FILE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); break; case UPLOAD_ERR_NO_TMP_DIR: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_NO_TMP_DIR); break; case UPLOAD_ERR_CANT_WRITE: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); break; case UPLOAD_ERR_EXTENSION: $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED); break; } $sServerDir = $this->_currentFolder->getServerPath(); while (true) { $sFilePath = CKFinder_Connector_Utils_FileSystem::combinePaths($sServerDir, $sFileName); if (file_exists($sFilePath)) { $sFileName = CKFinder_Connector_Utils_FileSystem::autoRename($sServerDir, $sFileName); $oRegistry->set("FileUpload_fileName", $sFileName); $iErrorNumber = CKFINDER_CONNECTOR_ERROR_UPLOADED_FILE_RENAMED; } else { if (false === move_uploaded_file($uploadedFile['tmp_name'], $sFilePath)) { $iErrorNumber = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED; } else { if (isset($detectHtml) && $detectHtml === -1 && CKFinder_Connector_Utils_FileSystem::detectHtml($sFilePath) === true) { @unlink($sFilePath); $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_WRONG_HTML_FILE); } else { if (isset($isImageValid) && $isImageValid === -1 && CKFinder_Connector_Utils_FileSystem::isImageValid($sFilePath, $sExtension) === false) { @unlink($sFilePath); $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UPLOADED_CORRUPT); } } }
/** * Simple function required by config.php - discover the server side path * to the directory relative to the "$baseUrl" attribute * * @package CKFinder * @subpackage Connector * @param string $baseUrl * @return string */ function resolveUrl($baseUrl) { $fileSystem =& CKFinder_Connector_Core_Factory::getInstance("Utils_FileSystem"); $baseUrl = preg_replace("|^http(s)?://[^/]+|i", "", $baseUrl); return $fileSystem->getDocumentRootPath() . $baseUrl; }
/** * Create thumbnail * * @param string $sourceFile * @param string $targetFile * @param int $maxWidth * @param int $maxHeight * @param boolean $preserverAspectRatio * @param boolean $bmpSupported * @return boolean * @static * @access public */ public static function createThumb($sourceFile, $targetFile, $maxWidth, $maxHeight, $quality, $preserverAspectRatio, $bmpSupported = false) { $sourceImageAttr = @getimagesize($sourceFile); if ($sourceImageAttr === false) { return false; } $sourceImageWidth = isset($sourceImageAttr[0]) ? $sourceImageAttr[0] : 0; $sourceImageHeight = isset($sourceImageAttr[1]) ? $sourceImageAttr[1] : 0; $sourceImageMime = isset($sourceImageAttr["mime"]) ? $sourceImageAttr["mime"] : ""; $sourceImageBits = isset($sourceImageAttr["bits"]) ? $sourceImageAttr["bits"] : 8; $sourceImageChannels = isset($sourceImageAttr["channels"]) ? $sourceImageAttr["channels"] : 3; if (!$sourceImageWidth || !$sourceImageHeight || !$sourceImageMime) { return false; } $iFinalWidth = $maxWidth == 0 ? $sourceImageWidth : $maxWidth; $iFinalHeight = $maxHeight == 0 ? $sourceImageHeight : $maxHeight; if ($sourceImageWidth <= $iFinalWidth && $sourceImageHeight <= $iFinalHeight) { if ($sourceFile != $targetFile) { copy($sourceFile, $targetFile); } return true; } if ($preserverAspectRatio) { // Gets the best size for aspect ratio resampling $oSize = CKFinder_Connector_CommandHandler_Thumbnail::GetAspectRatioSize($iFinalWidth, $iFinalHeight, $sourceImageWidth, $sourceImageHeight); } else { $oSize = array('Width' => $iFinalWidth, 'Height' => $iFinalHeight); } CKFinder_Connector_Utils_Misc::setMemoryForImage($sourceImageWidth, $sourceImageHeight, $sourceImageBits, $sourceImageChannels); switch ($sourceImageAttr['mime']) { case 'image/gif': if (@imagetypes() & IMG_GIF) { $oImage = @imagecreatefromgif($sourceFile); } else { $ermsg = 'GIF images are not supported'; } break; case 'image/jpeg': if (@imagetypes() & IMG_JPG) { $oImage = @imagecreatefromjpeg($sourceFile); } else { $ermsg = 'JPEG images are not supported'; } break; case 'image/png': if (@imagetypes() & IMG_PNG) { $oImage = @imagecreatefrompng($sourceFile); } else { $ermsg = 'PNG images are not supported'; } break; case 'image/wbmp': if (@imagetypes() & IMG_WBMP) { $oImage = @imagecreatefromwbmp($sourceFile); } else { $ermsg = 'WBMP images are not supported'; } break; case 'image/bmp': /* * This is sad that PHP doesn't support bitmaps. * Anyway, we will use our custom function at least to display thumbnails. * We'll not resize images this way (if $sourceFile === $targetFile), * because user defined imagecreatefrombmp and imagecreatebmp are horribly slow */ if ($bmpSupported && @imagetypes() & IMG_JPG && $sourceFile != $targetFile) { $oImage = CKFinder_Connector_Utils_Misc::imageCreateFromBmp($sourceFile); } else { $ermsg = 'BMP/JPG images are not supported'; } break; default: $ermsg = $sourceImageAttr['mime'] . ' images are not supported'; break; } if (isset($ermsg) || false === $oImage) { return false; } $oThumbImage = imagecreatetruecolor($oSize["Width"], $oSize["Height"]); if ($sourceImageAttr['mime'] == 'image/png') { $bg = imagecolorallocatealpha($oThumbImage, 255, 255, 255, 127); // (PHP 4 >= 4.3.2, PHP 5) imagefill($oThumbImage, 0, 0, $bg); imagealphablending($oThumbImage, false); imagesavealpha($oThumbImage, true); } //imagecopyresampled($oThumbImage, $oImage, 0, 0, 0, 0, $oSize["Width"], $oSize["Height"], $sourceImageWidth, $sourceImageHeight); CKFinder_Connector_Utils_Misc::fastImageCopyResampled($oThumbImage, $oImage, 0, 0, 0, 0, $oSize["Width"], $oSize["Height"], $sourceImageWidth, $sourceImageHeight, (int) max(floor($quality / 20), 6)); switch ($sourceImageAttr['mime']) { case 'image/gif': imagegif($oThumbImage, $targetFile); break; case 'image/jpeg': case 'image/bmp': imagejpeg($oThumbImage, $targetFile, $quality); break; case 'image/png': imagepng($oThumbImage, $targetFile); break; case 'image/wbmp': imagewbmp($oThumbImage, $targetFile); break; } $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); if (file_exists($targetFile) && ($perms = $_config->getChmodFiles())) { $oldUmask = umask(0); chmod($targetFile, $perms); umask($oldUmask); } imageDestroy($oImage); imageDestroy($oThumbImage); return true; }
/** * handle request and build XML * @access protected * */ function buildXml() { if (empty($_POST['CKFinderCommand']) || $_POST['CKFinderCommand'] != 'true') { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } $clientPath = $this->_currentFolder->getClientPath(); $sServerDir = $this->_currentFolder->getServerPath(); $currentResourceTypeConfig = $this->_currentFolder->getResourceTypeConfig(); $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $_aclConfig = $_config->getAccessControlConfig(); $aclMasks = array(); $_resourceTypeConfig = array(); if (!$this->_currentFolder->checkAcl(CKFINDER_CONNECTOR_ACL_FILE_RENAME | CKFINDER_CONNECTOR_ACL_FILE_UPLOAD | CKFINDER_CONNECTOR_ACL_FILE_DELETE)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } // Create the "Errors" node. $oErrorsNode = new CKFinder_Connector_Utils_XmlNode("Errors"); $errorCode = CKFINDER_CONNECTOR_ERROR_NONE; $moved = 0; $movedAll = 0; if (!empty($_POST['moved'])) { $movedAll = intval($_POST['moved']); } $checkedPaths = array(); $oMoveFilesNode = new Ckfinder_Connector_Utils_XmlNode("MoveFiles"); if (!empty($_POST['files']) && is_array($_POST['files'])) { foreach ($_POST['files'] as $index => $arr) { if (empty($arr['name'])) { continue; } if (!isset($arr['name'], $arr['type'], $arr['folder'])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } // file name $name = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['name']); // resource type $type = $arr['type']; // client path $path = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($arr['folder']); // options $options = !empty($arr['options']) ? $arr['options'] : ''; $destinationFilePath = $sServerDir . $name; // check #1 (path) if (!CKFinder_Connector_Utils_FileSystem::checkFileName($name) || preg_match(CKFINDER_REGEX_INVALID_PATH, $path)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } // get resource type config for current file if (!isset($_resourceTypeConfig[$type])) { $_resourceTypeConfig[$type] = $_config->getResourceTypeConfig($type); } // check #2 (resource type) if (is_null($_resourceTypeConfig[$type])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } // check #3 (extension) if (!$_resourceTypeConfig[$type]->checkExtension($name, false)) { $errorCode = CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } // check #4 (extension) - when moving to another resource type, double check extension if ($currentResourceTypeConfig->getName() != $type) { if (!$currentResourceTypeConfig->checkExtension($name, false)) { $errorCode = CKFINDER_CONNECTOR_ERROR_INVALID_EXTENSION; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } } // check #5 (hidden folders) // cache results if (empty($checkedPaths[$path])) { $checkedPaths[$path] = true; if ($_resourceTypeConfig[$type]->checkIsHiddenPath($path)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } } $sourceFilePath = $_resourceTypeConfig[$type]->getDirectory() . $path . $name; // check #6 (hidden file name) if ($currentResourceTypeConfig->checkIsHiddenFile($name)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_REQUEST); } // check #7 (Access Control, need file view permission to source files) if (!isset($aclMasks[$type . "@" . $path])) { $aclMasks[$type . "@" . $path] = $_aclConfig->getComputedMask($type, $path); } $isAuthorized = ($aclMasks[$type . "@" . $path] & CKFINDER_CONNECTOR_ACL_FILE_VIEW) == CKFINDER_CONNECTOR_ACL_FILE_VIEW; if (!$isAuthorized) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_UNAUTHORIZED); } // check #8 (invalid file name) if (!file_exists($sourceFilePath) || !is_file($sourceFilePath)) { $errorCode = CKFINDER_CONNECTOR_ERROR_FILE_NOT_FOUND; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } // check #9 (max size) if ($currentResourceTypeConfig->getName() != $type) { $maxSize = $currentResourceTypeConfig->getMaxSize(); $fileSize = filesize($sourceFilePath); if ($maxSize && $fileSize > $maxSize) { $errorCode = CKFINDER_CONNECTOR_ERROR_UPLOADED_TOO_BIG; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } } //$overwrite // finally, no errors so far, we may attempt to copy a file // protection against copying files to itself if ($sourceFilePath == $destinationFilePath) { $errorCode = CKFINDER_CONNECTOR_ERROR_SOURCE_AND_TARGET_PATH_EQUAL; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } else { if (file_exists($destinationFilePath)) { if (strpos($options, "overwrite") !== false) { if (!@unlink($destinationFilePath)) { $errorCode = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } else { if (!@rename($sourceFilePath, $destinationFilePath)) { $errorCode = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } else { $moved++; } } } else { if (strpos($options, "autorename") !== false) { $iCounter = 1; while (true) { $fileName = CKFinder_Connector_Utils_FileSystem::getFileNameWithoutExtension($name) . "(" . $iCounter . ")" . "." . CKFinder_Connector_Utils_FileSystem::getExtension($name); $destinationFilePath = $sServerDir . $fileName; if (!file_exists($destinationFilePath)) { break; } else { $iCounter++; } } if (!@rename($sourceFilePath, $destinationFilePath)) { $errorCode = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } else { $moved++; } } else { $errorCode = CKFINDER_CONNECTOR_ERROR_ALREADY_EXIST; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } } } else { if (!@rename($sourceFilePath, $destinationFilePath)) { $errorCode = CKFINDER_CONNECTOR_ERROR_ACCESS_DENIED; $this->appendErrorNode($oErrorsNode, $errorCode, $name, $type, $path); continue; } else { $moved++; } } } } } $this->_connectorNode->addChild($oMoveFilesNode); if ($errorCode != CKFINDER_CONNECTOR_ERROR_NONE) { $this->_connectorNode->addChild($oErrorsNode); } $oMoveFilesNode->addAttribute("moved", $moved); $oMoveFilesNode->addAttribute("movedTotal", $movedAll + $moved); /** * Note: actually we could have more than one error. * This is just a flag for CKFinder interface telling it to check all errors. */ if ($errorCode != CKFINDER_CONNECTOR_ERROR_NONE) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_MOVE_FAILED); } }
/** * Get error handler * * @access public * @return CKFinder_Connector_ErrorHandler_Base|CKFinder_Connector_ErrorHandler_FileUpload|CKFinder_Connector_ErrorHandler_Http */ function &getErrorHandler() { $_errorHandler = $this->_registry->get("errorHandler"); $oErrorHandler =& CKFinder_Connector_Core_Factory::getInstance($_errorHandler); return $oErrorHandler; }
/** * Get computed mask * * @param string $resourceType * @param string $folderPath * @return int */ public function getComputedMask($resourceType, $folderPath) { $_computedMask = 0; $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); $_roleSessionVar = $_config->getRoleSessionVar(); $_userRole = null; if (strlen($_roleSessionVar) && isset($_SESSION[$_roleSessionVar])) { $_userRole = (string) $_SESSION[$_roleSessionVar]; } if (!is_null($_userRole) && !strlen($_userRole)) { $_userRole = null; } $folderPath = trim($folderPath, "/"); $_pathParts = explode("/", $folderPath); $_currentPath = "/"; for ($i = -1; $i < sizeof($_pathParts); $i++) { if ($i >= 0) { if (!strlen($_pathParts[$i])) { continue; } if (array_key_exists($_currentPath . '*/', $this->_aclEntries)) { $_computedMask = $this->mergePathComputedMask($_computedMask, $resourceType, $_userRole, $_currentPath . '*/'); } $_currentPath .= $_pathParts[$i] . '/'; } if (array_key_exists($_currentPath, $this->_aclEntries)) { $_computedMask = $this->mergePathComputedMask($_computedMask, $resourceType, $_userRole, $_currentPath); } } return $_computedMask; }
/** * Create directory recursively * * @access public * @static * @param string $dir * @return boolean */ public static function createDirectoryRecursively($dir) { if (DIRECTORY_SEPARATOR === "\\") { $dir = str_replace("/", "\\", $dir); } else { if (DIRECTORY_SEPARATOR === "/") { $dir = str_replace("\\", "/", $dir); } } $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); if ($perms = $_config->getChmodFolders()) { $oldUmask = umask(0); $bCreated = @mkdir($dir, $perms, true); umask($oldUmask); } else { $bCreated = @mkdir($dir, 0777, true); } return $bCreated; }