/** * @override */ public function handleRequest() { // HTTP headers for no cache etc header('Content-type: text/plain; charset=UTF-8'); header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); // Get parameters $chunk = isset($_REQUEST["chunk"]) ? $_REQUEST["chunk"] : 0; $chunks = isset($_REQUEST["chunks"]) ? $_REQUEST["chunks"] : 0; $fileName = isset($_REQUEST["name"]) ? $_REQUEST["name"] : ''; $fileCount = $_GET['files']; if (\FWValidator::is_file_ending_harmless($fileName)) { try { $this->addChunk($fileName, $chunk, $chunks); } catch (UploaderException $e) { die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "' . $e->getMessage() . '"}, "id" : "id"}'); } } else { if ($chunk == 0) { // only count first chunk // TODO: there must be a way to cancel the upload process on the client side $this->addHarmfulFileToResponse($fileName); } } if ($chunk == $chunks - 1) { //upload finished $this->handleCallback($fileCount); } die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}'); }
/** * @override */ public function handleRequest() { global $_FILES; //get a writable directory $targetDir = '/upload_' . $this->uploadId; $tempPath = $_SESSION->getTempPath(); $webTempPath = $_SESSION->getWebTempPath(); //make sure target directory exists if (!file_exists($tempPath . $targetDir)) { \Cx\Lib\FileSystem\FileSystem::make_folder($webTempPath . $targetDir); } //move all uploaded file to this upload's temp directory foreach ($_FILES["uploaderFiles"]["error"] as $key => $error) { if ($error == UPLOAD_ERR_OK) { $tmpName = $_FILES["uploaderFiles"]["tmp_name"][$key]; $name = $_FILES["uploaderFiles"]["name"][$key]; if (!\FWValidator::is_file_ending_harmless($name)) { die('Error:' . sprintf('The file %s was refused due to its file extension which is not allowed!', htmlentities($name, ENT_QUOTES, CONTREXX_CHARSET))); } //TODO: Uploader::addChunk does this also -> centralize in function // remember the "raw" file name, we want to store all original // file names in the session. $originalFileName = $name; // Clean the fileName for security reasons // we're using a-zA-Z0-9 instead of \w because of the umlauts. // linux excludes them from \w, windows includes them. we do not want different // behaviours on different operating systems. $name = preg_replace('/[^a-zA-Z0-9\\._-]+/', '', $name); $originalFileNames = array(); if (isset($_SESSION['upload']['handlers'][$this->uploadId]['originalFileNames'])) { $originalFileNames = $_SESSION['upload']['handlers'][$this->uploadId]['originalFileNames']; } $originalFileNames[$name] = $originalFileName; $_SESSION['upload']['handlers'][$this->uploadId]['originalFileNames'] = $originalFileNames; //end of TODO-region //move file somewhere we know both the web- and normal path... @move_uploaded_file($tmpName, ASCMS_TEMP_PATH . '/' . $name); //...then do a safe-mode-safe (yeah) move operation \Cx\Lib\FileSystem\FileSystem::move(ASCMS_TEMP_WEB_PATH . '/' . $name, $webTempPath . $targetDir . '/' . $name, true); } } //and call back. $this->notifyCallback(); //redirect the user where he belongs $this->redirect(); }
/** * @override */ public function handleRequest() { // Get parameters $chunk = $_POST['partitionIndex']; $chunks = $_POST['partitionCount']; $fileName = contrexx_stripslashes($_FILES['file']['name']); $fileCount = $_GET['files']; // check if the file has a valid file extension if (\FWValidator::is_file_ending_harmless($fileName)) { try { $this->addChunk($fileName, $chunk, $chunks); } catch (UploaderException $e) { die('Error:' . $e->getMessage()); } if ($chunk == $chunks - 1) { //upload of current file finished $this->handleCallback($fileCount); } } else { $this->addHarmfulFileToResponse($fileName); } die(0); }
/** * Process upload form * * @global array $_ARRAYLANG * @return boolean true if file uplod successfully and false if it failed */ private function processFormUpload() { global $_ARRAYLANG; $objSession = \cmsSession::getInstance(); $uploaderId = isset($_POST['media_upload_file']) ? contrexx_input2raw($_POST['media_upload_file']) : 0; if (empty($uploaderId)) { return false; } $tempPath = $objSession->getTempPath() . '/' . contrexx_input2raw($uploaderId); if (!\Cx\Lib\FileSystem\FileSystem::exists($tempPath)) { return false; } $errorMsg = array(); foreach (glob($tempPath . '/*') as $file) { $i = 0; $fileName = basename($file); $path = $tempPath . '/' . $fileName; $file = $this->path . $fileName; $arrFile = pathinfo($file); while (file_exists($file)) { $suffix = '-' . (time() + ++$i); $file = $this->path . $arrFile['filename'] . $suffix . '.' . $arrFile['extension']; } if (!\FWValidator::is_file_ending_harmless($path)) { $errorMsg[] = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_EXTENSION_NOT_ALLOWED'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET)); continue; } try { $objFile = new \Cx\Lib\FileSystem\File($path); $objFile->move($file, false); $fileObj = new \File(); $fileObj->setChmod($this->path, $this->webPath, basename($file)); } catch (\Cx\Lib\FileSystem\FileSystemException $e) { \DBG::msg($e->getMessage()); $errorMsg[] = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_UPLOAD_FAILED'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET)); } } if (!empty($errorMsg)) { $this->_strErrorMessage = explode('<br>', $errorMsg); return false; } $this->_strOkMessage = $_ARRAYLANG['TXT_MEDIA_FILE_UPLOADED_SUCESSFULLY']; return true; }
/** * Copy the Upload the image to the path * Note: validation should be done before calling this function * * @param string $imagePath Temp path of the uploaded media * * @return boolean|string relative path of the uploaded file, false otherwise */ function uploadMedia($imagePath) { if ($imagePath == '' || !\FWValidator::is_file_ending_harmless($imagePath)) { return false; } // get extension $imageName = basename($imagePath); $arrImageInfo = pathinfo($imageName); $imageExtension = !empty($arrImageInfo['extension']) ? '.' . $arrImageInfo['extension'] : ''; $imageBasename = $arrImageInfo['filename']; $randomSum = rand(10, 99); // encode filename if ($this->arrSettings['settingsEncryptFilenames'] == 1) { $imageName = md5($randomSum . $imageBasename) . $imageExtension; } // check filename if (file_exists($this->imagePath . 'images/' . $imageName)) { $imageName = $imageBasename . '_' . time() . $imageExtension; } // upload file if (\Cx\Lib\FileSystem\FileSystem::copy_file($imagePath, $this->imagePath . 'images/' . $imageName) === false) { return false; } $imageDimension = getimagesize($this->imagePath . 'images/' . $imageName); $intNewWidth = $imageDimension[0]; $intNewHeight = $imageDimension[1]; $imageFormat = $imageDimension[0] > $imageDimension[1] ? 1 : 0; $setNewSize = 0; if ($imageDimension[0] > 640 && $imageFormat == 1) { $doubleFactorDimension = 640 / $imageDimension[0]; $intNewWidth = 640; $intNewHeight = round($doubleFactorDimension * $imageDimension[1], 0); $setNewSize = 1; } elseif ($imageDimension[1] > 480) { $doubleFactorDimension = 480 / $imageDimension[1]; $intNewHeight = 480; $intNewWidth = round($doubleFactorDimension * $imageDimension[0], 0); $setNewSize = 1; } if ($setNewSize == 1) { $objImage = new \ImageManager(); $objImage->loadImage($this->imagePath . 'images/' . $imageName); $objImage->resizeImage($intNewWidth, $intNewHeight, 100); $objImage->saveNewImage($this->imagePath . 'images/' . $imageName, true); } $objFile = new \File(); $objFile->setChmod($this->imagePath, $this->imageWebPath, 'images/' . $imageName); // create thumbnail $this->checkThumbnail($this->imageWebPath . 'images/' . $imageName); return $this->imageWebPath . 'images/' . $imageName; }
/** * Process upload form * * @global array $_ARRAYLANG * @return boolean true if file uplod successfully and false if it failed */ private function processFormUpload() { global $_ARRAYLANG; $inputField = 'media_upload_file'; if (!isset($_FILES[$inputField]) || !is_array($_FILES[$inputField])) { return false; } $fileName = !empty($_FILES[$inputField]['name']) ? contrexx_stripslashes($_FILES[$inputField]['name']) : ''; $fileTmpName = !empty($_FILES[$inputField]['tmp_name']) ? $_FILES[$inputField]['tmp_name'] : ''; if (MediaLibrary::isIllegalFileName($fileName)) { $this->_strErrorMessage = $_ARRAYLANG['TXT_MEDIA_FILE_DONT_CREATE']; return false; } switch ($_FILES[$inputField]['error']) { case UPLOAD_ERR_INI_SIZE: $this->_strErrorMessage = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_SIZE_EXCEEDS_LIMIT'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET), $this->getFormatedFileSize(\FWSystem::getMaxUploadFileSize())); break; case UPLOAD_ERR_FORM_SIZE: $this->_strErrorMessage = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_TOO_LARGE'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET)); break; case UPLOAD_ERR_PARTIAL: $this->_strErrorMessage = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_CORRUPT'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET)); break; case UPLOAD_ERR_NO_FILE: $this->_strErrorMessage = $_ARRAYLANG['TXT_MEDIA_NO_FILE']; continue; break; default: if (!empty($fileTmpName)) { $suffix = ''; $file = $this->path . $fileName; $arrFile = pathinfo($file); $i = 0; while (file_exists($file)) { $suffix = '-' . (time() + ++$i); $file = $this->path . $arrFile['filename'] . $suffix . '.' . $arrFile['extension']; } if (\FWValidator::is_file_ending_harmless($fileName)) { $fileExtension = $arrFile['extension']; if (@move_uploaded_file($fileTmpName, $file)) { $fileName = $arrFile['filename']; $obj_file = new \File(); $obj_file->setChmod($this->path, $this->webPath, $fileName); $this->_strOkMessage = $_ARRAYLANG['TXT_MEDIA_FILE_UPLOADED_SUCESSFULLY']; return true; } else { $this->_strErrorMessage = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_UPLOAD_FAILED'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET)); } } else { $this->_strErrorMessage = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_EXTENSION_NOT_ALLOWED'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET)); } } break; } return false; }
function uploadPicture() { $status = ""; $path = "pictures/"; //check file array if (isset($_FILES) && !empty($_FILES)) { //get file info $tmpFile = $_FILES['pic']['tmp_name']; $fileName = $_FILES['pic']['name']; if ($fileName != "" && \FWValidator::is_file_ending_harmless($fileName)) { //check extension $info = pathinfo($fileName); $exte = $info['extension']; $exte = !empty($exte) ? '.' . $exte : ''; $part1 = substr($fileName, 0, strlen($fileName) - strlen($exte)); $rand = rand(10, 99); $fileName = md5($rand . $fileName) . $exte; //check file // TODO: $x is not defined $x = 0; if (file_exists($this->mediaPath . $path . $fileName)) { $fileName = $rand . $part1 . '_' . (time() + $x) . $exte; $fileName = md5($fileName) . $exte; } //upload file if (@move_uploaded_file($tmpFile, $this->mediaPath . $path . $fileName)) { $objFile = new \File(); $objFile->setChmod($this->mediaPath, $this->mediaWebPath, $path . $fileName); $status = $fileName; } else { $status = "error"; } } else { $status = "error"; } } return $status; }
/** * Upload submitted files * * Move all files that are allowed to be uploaded in the folder that * has been specified in the configuration option "File upload deposition path" * @access private * @global array * @param array Files that have been submited * @see getSettings(), _cleanFileName(), errorMsg, FWSystem::getMaxUploadFileSize() * @return array A list of files that have been stored successfully in the system */ function _uploadFilesLegacy($arrFields) { global $_ARRAYLANG; $arrSettings = $this->getSettings(); $arrFiles = array(); if (isset($_FILES) && is_array($_FILES)) { foreach (array_keys($_FILES) as $file) { $fileName = !empty($_FILES[$file]['name']) ? $this->_cleanFileName($_FILES[$file]['name']) : ''; $fileTmpName = !empty($_FILES[$file]['tmp_name']) ? $_FILES[$file]['tmp_name'] : ''; switch ($_FILES[$file]['error']) { case UPLOAD_ERR_INI_SIZE: //Die hochgeladene Datei überschreitet die in der Anweisung upload_max_filesize in php.ini festgelegte Grösse. $this->errorMsg .= sprintf($_ARRAYLANG['TXT_CONTACT_FILE_SIZE_EXCEEDS_LIMIT'], $fileName, \FWSystem::getMaxUploadFileSize()) . '<br />'; break; case UPLOAD_ERR_FORM_SIZE: //Die hochgeladene Datei überschreitet die in dem HTML Formular mittels der Anweisung MAX_FILE_SIZE angegebene maximale Dateigrösse. $this->errorMsg .= sprintf($_ARRAYLANG['TXT_CONTACT_FILE_TOO_LARGE'], $fileName) . '<br />'; break; case UPLOAD_ERR_PARTIAL: //Die Datei wurde nur teilweise hochgeladen. $this->errorMsg .= sprintf($_ARRAYLANG['TXT_CONTACT_FILE_CORRUPT'], $fileName) . '<br />'; break; case UPLOAD_ERR_NO_FILE: //Es wurde keine Datei hochgeladen. continue; break; default: if (!empty($fileTmpName)) { $arrFile = pathinfo($fileName); $i = ''; $suffix = ''; $documentRootPath = \Env::get('cx')->getWebsiteDocumentRootPath(); $filePath = $arrSettings['fileUploadDepositionPath'] . '/' . $arrFile['filename'] . $suffix . '.' . $arrFile['extension']; while (file_exists($documentRootPath . $filePath)) { $suffix = '-' . ++$i; $filePath = $arrSettings['fileUploadDepositionPath'] . '/' . $arrFile['filename'] . $suffix . '.' . $arrFile['extension']; } $arrMatch = array(); if (\FWValidator::is_file_ending_harmless($fileName)) { if (@move_uploaded_file($fileTmpName, $documentRootPath . $filePath)) { $id = intval(substr($file, 17)); $arrFiles[$id] = array('path' => $filePath, 'name' => $fileName); } else { $this->errorMsg .= sprintf($_ARRAYLANG['TXT_CONTACT_FILE_UPLOAD_FAILED'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET)) . '<br />'; } } else { $this->errorMsg .= sprintf($_ARRAYLANG['TXT_CONTACT_FILE_EXTENSION_NOT_ALLOWED'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET)) . '<br />'; } } break; } } } return $arrFiles; }
/** * upload media * * upload added media * * @access public * @return string $fileName */ function uploadMedia($name, $path) { //check file array if (isset($_FILES) && !empty($_FILES)) { //get file info $status = ""; $tmpFile = $_FILES[$name]['tmp_name']; $fileName = $_FILES[$name]['name']; $fileType = $_FILES[$name]['type']; $this->fileSize = $_FILES[$name]['size']; if ($fileName != "" && \FWValidator::is_file_ending_harmless($fileName)) { //check extension $info = pathinfo($fileName); $exte = $info['extension']; $exte = !empty($exte) ? '.' . $exte : ''; $part1 = substr($fileName, 0, strlen($fileName) - strlen($exte)); $rand = rand(10, 99); $arrSettings = $this->getSettings(); if ($arrSettings['encodeFilename']['value'] == 1) { $fileName = md5($rand . $part1) . $exte; } //check file if (file_exists($this->mediaPath . $path . $fileName)) { // TODO: $x is never set! // $fileName = $part1 . '_' . (time() + $x) . $exte; $fileName = $part1 . '_' . time() . $exte; } //check extension $info = pathinfo($fileName); $exte = $info['extension']; $exte = !empty($exte) ? '.' . $exte : ''; $part1 = substr($fileName, 0, strlen($fileName) - strlen($exte)); $rand = rand(10, 99); $arrSettings = $this->getSettings(); if ($arrSettings['encodeFilename']['value'] == 1) { $fileName = md5($rand . $part1) . $exte; } //check file if (file_exists($this->mediaPath . $path . $fileName)) { // TODO: $x is never set! // $fileName = $part1 . '_' . (time() + $x) . $exte; $fileName = $part1 . '_' . time() . $exte; } //upload file if (@move_uploaded_file($tmpFile, $this->mediaPath . $path . $fileName)) { $obj_file = new \File(); $obj_file->setChmod($this->mediaPath, $this->mediaWebPath, $path . $fileName); $status = $fileName; } else { $status = "error"; } //make thumb if (($fileType == "image/gif" || $fileType == "image/jpeg" || $fileType == "image/jpg" || $fileType == "image/png") && $path != "uploads/") { $this->createThumb($fileName, $path); } } else { $status = "error"; } } return $status; }
/** * Checks if a customized version of a file exists in the website data * repository and returns its path if it exists. * * @param string $file Path of file to look for a customized * version for. * @param boolean $webPath Whether or not to return the relative web * path instead of the absolute file system * path (default). * @param boolean $isWebsite If $isWebsite is provided, then it is set * to TRUE if the file can be located in the * website data repository. Otherwise it is * set to FALSE. * @return mixed Path (as string) to customized version of * file or FALSE if none exists. */ public function getFileFromWebsiteRepository($file, $webPath = false, &$isWebsite = false) { // When the LegacyClassLoader is not initialized you cant load the FWValidator class // which is needed for the security check following next if (!$this->legacyClassLoader) { return false; } // Checks if the file is a harmless one, because you can upload anything // over the ftp which probably not should be executed if (!\FWValidator::is_file_ending_harmless($file)) { return false; } // check if customized version of file exists if (!file_exists($this->cx->getWebsiteDocumentRootPath() . $file)) { return false; } // customized version of file found in website's data repository $isWebsite = true; return ($webPath ? $this->cx->getWebsiteOffsetPath() : $this->cx->getWebsiteDocumentRootPath()) . $file; }
/** * Upload a Csv File * * @param String $name File name * @param String $path uploading file path * * @return String */ function uploadCSV($name, $path) { //check file array if (isset($_FILES) && !empty($_FILES)) { //get file info $status = ""; $tmpFile = $_FILES[$name]['tmp_name']; $fileName = $_FILES[$name]['name']; $fileType = $_FILES[$name]['type']; $fileSize = $_FILES[$name]['size']; if ($fileName != "" && \FWValidator::is_file_ending_harmless($fileName)) { //check extension $info = pathinfo($fileName); $exte = $info['extension']; $exte = !empty($exte) ? '.' . $exte : ''; $fileName = time() . $exte; //upload file if (@move_uploaded_file($tmpFile, $path . $fileName)) { @chmod($path . $fileName, '0777'); $status = $fileName; } else { $status = "error"; } } else { $status = "error"; } } return $status; }
/** * Move the uploaded image to destination path from the temp path * * @return mixed $status | false */ public function uploadPicture() { $status = ""; $path = "pictures/"; //check file array $uploaderId = isset($_POST['marketUploaderId']) ? contrexx_input2raw($_POST['marketUploaderId']) : 0; $fileName = isset($_POST['uploadImage']) ? contrexx_input2raw($_POST['uploadImage']) : 0; if (empty($uploaderId) || empty($fileName)) { return false; } //get file info $objSession = \cmsSession::getInstance(); $tmpFile = $objSession->getTempPath() . '/' . $uploaderId . '/' . $fileName; if (!\Cx\Lib\FileSystem\FileSystem::exists($tmpFile)) { return false; } if ($fileName != '' && \FWValidator::is_file_ending_harmless($fileName)) { //check extension $info = pathinfo($fileName); $exte = $info['extension']; $exte = !empty($exte) ? '.' . $exte : ''; $part1 = substr($fileName, 0, strlen($fileName) - strlen($exte)); $rand = rand(10, 99); $fileName = md5($rand . $fileName) . $exte; //check file // TODO: $x is not defined $x = 0; if (file_exists($this->mediaPath . $path . $fileName)) { $fileName = $rand . $part1 . '_' . (time() + $x) . $exte; $fileName = md5($fileName) . $exte; } //Move the uploaded file to the path specified in the variable $this->mediaPath try { $objFile = new \Cx\Lib\FileSystem\File($tmpFile); if ($objFile->move($this->mediaPath . $path . $fileName, false)) { $objFile = new \File(); $objFile->setChmod($this->mediaPath, $this->mediaWebPath, $path . $fileName); $status = $fileName; } else { $status = "error"; } } catch (\Cx\Lib\FileSystem\FileSystemException $e) { \DBG::msg($e->getMessage()); } } else { $status = "error"; } return $status; }
/** * Move the uploaded images into place and link to the user * * @param \User $objUser \User object * @param array $arrProfile Array profile data * @param array $arrImages Uploaded images array * @param string $uploaderId Uploader id * * @return boolean TRUE on success false otherwise */ protected function addUploadedImagesToProfile($objUser, &$arrProfile, $arrImages, $uploaderId) { global $_CORELANG; $objSession = \cmsSession::getInstance(); $arrErrorMsg = array(); foreach ($arrImages as $attribute => $arrHistories) { foreach ($arrHistories as $historyId => $data) { $arrUploadedImages = array(); if ($historyId === 'new') { foreach ($data as $historyIndex => $filePath) { $arrUploadedImages[] = array('path' => contrexx_input2raw($filePath), 'history_index' => $historyIndex); } } else { $arrUploadedImages[] = array('path' => contrexx_input2raw($data)); } foreach ($arrUploadedImages as $arrImage) { $fileName = basename($arrImage['path']); $path = $objSession->getTempPath() . '/' . contrexx_input2raw($uploaderId) . '/' . $fileName; if (!\Cx\Lib\FileSystem\FileSystem::exists($path) || !\FWValidator::is_file_ending_harmless($path)) { continue; } $fileSize = filesize($path); if (!$this->isImageWithinAllowedSize($fileSize, $attribute == 'picture')) { $objAttribute = $objUser->objAttribute->getById($attribute); $arrErrorMsg[] = sprintf($_CORELANG['TXT_ACCESS_PIC_TOO_BIG'], htmlentities($objAttribute->getName(), ENT_QUOTES, CONTREXX_CHARSET)); continue; } // resize image and put it into place (ASCMS_ACCESS_PHOTO_IMG_PATH / ASCMS_ACCESS_PROFILE_IMG_PATH) if (($imageName = $this->moveUploadedImageInToPlace($objUser, $path, $fileName, $attribute == 'picture')) === false) { continue; } // create thumbnail if ($this->createThumbnailOfImage($imageName, $attribute == 'picture') !== false) { if ($historyId === 'new') { $arrProfile[$attribute][$historyId][$arrImage['history_index']] = $imageName; } else { $arrProfile[$attribute][$historyId] = $imageName; } } } } } if (count($arrErrorMsg)) { return $arrErrorMsg; } else { return true; } }
/** * Upload the media files * * @param string $fileName name of the media file * @param string $path folder path * @param string $uploaderId uploader id * * @return string $status name of the uploaded file / error */ function uploadMedia($fileName, $path, $uploaderId) { if (empty($uploaderId) || empty($fileName)) { return 'error'; } $cx = \Cx\Core\Core\Controller\Cx::instanciate(); $objSession = $cx->getComponent('Session')->getSession(); $tempPath = $objSession->getTempPath() . '/' . $uploaderId . '/' . $fileName; //Check the uploaded file exists in /tmp folder if (!\Cx\Lib\FileSystem\FileSystem::exists($tempPath)) { //If the file still exists in the mediaPath then return the filename if (\Cx\Lib\FileSystem\FileSystem::exists($this->mediaPath . $path . $fileName)) { return $fileName; } return 'error'; } $info = pathinfo($fileName); $exte = $info['extension']; $extension = !empty($exte) ? '.' . $exte : ''; $file = substr($fileName, 0, strlen($fileName) - strlen($extension)); $rand = rand(10, 99); $arrSettings = $this->getSettings(); if ($arrSettings['encodeFilename']['value'] == 1) { $fileName = md5($rand . $file) . $extension; } //Rename the file if the filename already exists while (\Cx\Lib\FileSystem\FileSystem::exists($this->mediaPath . $path . $fileName)) { $fileName = $file . '_' . time() . $extension; } $filePath = $this->mediaPath . $path . $fileName; if (!\FWValidator::is_file_ending_harmless($filePath)) { return 'error'; } //Move the file from /tmp folder into mediaPath and set the permission try { $objFile = new \Cx\Lib\FileSystem\File($tempPath); if ($objFile->move($filePath, false)) { $fileObj = new \File(); $fileObj->setChmod($this->mediaPath, $this->mediaWebPath, $path . $fileName); $status = $fileName; } } catch (\Cx\Lib\FileSystem\FileSystemException $e) { \DBG::msg($e->getMessage()); $status = 'error'; } //make the thumb if (($exte == "gif" || $exte == "jpeg" || $exte == "jpg" || $exte == "png") && $path != "uploads/") { $this->createThumb($fileName, $path); } return $status; }
public static function uploadFinished($tempPath, $tempWebPath, $data, $uploadId, $fileInfos) { global $objDatabase, $_ARRAYLANG, $_CONFIG; $originalNames = $fileInfos['originalFileNames']; $path = $data['path']; $webPath = $data['webPath']; $objCategory = Category::getCategory($data['category_id']); // check for sufficient permissions if ($objCategory->getAddFilesAccessId() && !\Permission::checkAccess($objCategory->getAddFilesAccessId(), 'dynamic', true) && $objCategory->getOwnerId() != \FWUser::getFWUserObject()->objUser->getId()) { return; } //we remember the names of the uploaded files here. they are stored in the session afterwards, //so we can later display them highlighted. $arrFiles = array(); //rename files, delete unwanted $arrFilesToRename = array(); //used to remember the files we need to rename $h = opendir($tempPath); while (false !== ($file = readdir($h))) { //skip . and .. if ($file == '.' || $file == '..') { continue; } //delete potentially malicious files if (!\FWValidator::is_file_ending_harmless($file)) { @unlink($tempPath . '/' . $file); continue; } $info = pathinfo($file); $cleanFile = \Cx\Lib\FileSystem\FileSystem::replaceCharacters($file); if ($cleanFile != $file) { rename($tempPath . '/' . $file, $tempPath . '/' . $cleanFile); $file = $cleanFile; } //check if file needs to be renamed $newName = ''; $suffix = ''; if (file_exists($path . '/' . $file)) { if (empty($_REQUEST['uploadForceOverwrite']) || !intval($_REQUEST['uploadForceOverwrite'] > 0)) { $suffix = '_' . time(); $newName = $info['filename'] . $suffix . '.' . $info['extension']; $arrFilesToRename[$file] = $newName; array_push($arrFiles, $newName); } } if (!isset($arrFilesToRename[$file])) { //file will keep this name - create thumb \ImageManager::_createThumb($tempPath . '/', $tempWebPath . '/', $file); } $objDownloads = new downloads(''); $objDownloads->addDownloadFromUpload($info['filename'], $info['extension'], $suffix, $objCategory, $objDownloads, $originalNames[$file]); } //rename files where needed foreach ($arrFilesToRename as $oldName => $newName) { rename($tempPath . '/' . $oldName, $tempPath . '/' . $newName); //file will keep this name - create thumb \ImageManager::_createThumb($tempPath . '/', $tempWebPath . '/', $newName); } //remeber the uploaded files $_SESSION['media_upload_files_' . $uploadId] = $arrFiles; /* unwanted files have been deleted, unallowed filenames corrected. we can now simply return the desired target path, as only valid files are present in $tempPath */ return array($path, $webPath); }
public function moveFile(File $file, $destination) { global $_ARRAYLANG; if (!empty($destination) || !\FWValidator::is_file_ending_harmless($destination)) { if (is_dir($this->getFullPath($file) . $file->getFullName())) { $fileName = $this->getFullPath($file) . $file->getFullName(); $destinationFileName = $this->getFullPath($file) . $destination; } else { $fileName = $this->getFullPath($file) . $file->getFullName(); $destinationFileName = $this->getFullPath($file) . $destination . '.' . $file->getExtension(); } if ($fileName == $destinationFileName) { return sprintf($_ARRAYLANG['TXT_FILEBROWSER_FILE_SUCCESSFULLY_RENAMED'], $file->getName()); } $destinationFolder = realpath(pathinfo($this->getFullPath($file) . $destination, PATHINFO_DIRNAME)); if (!MediaSourceManager::isSubdirectory($this->rootPath, $destinationFolder)) { return sprintf($_ARRAYLANG['TXT_FILEBROWSER_FILE_UNSUCCESSFULLY_RENAMED'], $file->getName()); } $this->removeThumbnails($file); if (!\Cx\Lib\FileSystem\FileSystem::move($fileName, $destinationFileName, false)) { return sprintf($_ARRAYLANG['TXT_FILEBROWSER_FILE_UNSUCCESSFULLY_RENAMED'], $file->getName()); } return sprintf($_ARRAYLANG['TXT_FILEBROWSER_FILE_SUCCESSFULLY_RENAMED'], $file->getName()); } else { return sprintf($_ARRAYLANG['TXT_FILEBROWSER_FILE_UNSUCCESSFULLY_RENAMED'], $file->getName()); } }
/** * Upload Finished callback * * This is called as soon as uploads have finished. * takes care of moving them to the right folder * * @param string $tempPath Path to the temporary directory containing the files at this moment * @param string $tempWebPath Points to the same folder as tempPath, but relative to the webroot * @param array $data Data given to setData() when creating the uploader * @param string $uploadId unique session id for the current upload * @param array $fileInfos uploaded file informations * @param array $response uploaded status * * @return array path and webpath */ public static function uploadFinished($tempPath, $tempWebPath, $data, $uploadId, $fileInfos, $response) { $path = $data['path']; $webPath = $data['webPath']; $objCategory = Category::getCategory($data['category_id']); // check for sufficient permissions if ($objCategory->getAddFilesAccessId() && !\Permission::checkAccess($objCategory->getAddFilesAccessId(), 'dynamic', true) && $objCategory->getOwnerId() != \FWUser::getFWUserObject()->objUser->getId()) { return; } //we remember the names of the uploaded files here. they are stored in the session afterwards, //so we can later display them highlighted. $arrFiles = array(); $uploadFiles = array(); //rename files, delete unwanted $arrFilesToRename = array(); //used to remember the files we need to rename $h = opendir($tempPath); if (!$h) { return array($path, $webPath); } while (false !== ($file = readdir($h))) { //skip . and .. if ($file == '.' || $file == '..') { continue; } try { //delete potentially malicious files $objTempFile = new \Cx\Lib\FileSystem\File($tempPath . '/' . $file); if (!\FWValidator::is_file_ending_harmless($file)) { $objTempFile->delete(); continue; } $cleanFile = \Cx\Lib\FileSystem\FileSystem::replaceCharacters($file); if ($cleanFile != $file) { $objTempFile->rename($tempPath . '/' . $cleanFile, false); $file = $cleanFile; } $info = pathinfo($file); //check if file needs to be renamed $newName = ''; $suffix = ''; if (file_exists($path . '/' . $file)) { $suffix = '_' . time(); $newName = $info['filename'] . $suffix . '.' . $info['extension']; $arrFilesToRename[$file] = $newName; array_push($arrFiles, $newName); } if (!isset($arrFilesToRename[$file])) { array_push($uploadFiles, $file); } //rename files where needed foreach ($arrFilesToRename as $oldName => $newName) { $objTempFile = new \Cx\Lib\FileSystem\File($tempPath . '/' . $oldName); $objTempFile->rename($tempPath . '/' . $newName, false); array_push($uploadFiles, $newName); } //move file from temp path into target folder $objImage = new \ImageManager(); foreach ($uploadFiles as $fileName) { $objFile = new \Cx\Lib\FileSystem\File($tempPath . '/' . $fileName); $objFile->move($path . '/' . $fileName, false); \Cx\Core\Core\Controller\Cx::instanciate()->getMediaSourceManager()->getThumbnailGenerator()->createThumbnailFromPath($path . '/' . $fileName); } } catch (\Cx\Lib\FileSystem\FileSystemException $e) { \DBG::msg($e->getMessage()); } $objDownloads = new downloads(''); $objDownloads->addDownloadFromUpload($info['filename'], $info['extension'], $suffix, $objCategory, $objDownloads, $fileInfos['name']); } return array($path, $webPath); }
/** * create new file or folder * * @param array $params supplied arguments from JsonData-request * @return string */ public function newWithin($params) { global $_ARRAYLANG, $objInit; $_ARRAYLANG = $objInit->loadLanguageData('ViewManager'); if (empty($params['post']['theme']) || empty($params['post']['name'])) { return array('status' => 'error', 'message' => $_ARRAYLANG['TXT_THEME_OPERATION_FAILED_FOR_EMPTY_NAME']); } if ($params['post']['isFolder'] && preg_match('/^\\./', trim($params['post']['name']))) { // folder name should not start with dot(.) return array('status' => 'error', 'reload' => false, 'message' => sprintf($_ARRAYLANG['TXT_THEME_FOLDER_NAME_NOT_ALLOWED'], contrexx_input2xhtml($params['post']['name']))); } $matches = null; preg_match('@{([0-9A-Za-z._-]+)(:([_a-zA-Z][A-Za-z_0-9]*))?}@sm', $params['post']['name'], $matches); if (!empty($matches)) { return array('status' => 'error', 'reload' => false, 'message' => sprintf($_ARRAYLANG['TXT_THEME_NAME_NOT_ALLOWED'], contrexx_input2xhtml($params['post']['newName']))); } // Cannot rename the virtual directory $virtualDirs = array('/' . \Cx\Core\Core\Model\Entity\SystemComponent::TYPE_CORE_MODULE, '/' . \Cx\Core\Core\Model\Entity\SystemComponent::TYPE_MODULE, '/' . \Cx\Core\Core\Model\Entity\SystemComponent::TYPE_CORE); $currentThemeFolderDirPath = \Env::get('cx')->getWebsiteThemesPath() . '/' . $params['post']['theme'] . '/'; // Create the theme folder, if it does not exist if (!\Cx\Lib\FileSystem\FileSystem::exists($currentThemeFolderDirPath)) { if (!\Cx\Lib\FileSystem\FileSystem::make_folder($currentThemeFolderDirPath)) { return array('status' => 'error', 'reload' => false, 'message' => $_ARRAYLANG['TXT_THEME_NEWFILE_FAILED']); } } $newFileName = \Cx\Lib\FileSystem\FileSystem::replaceCharacters($params['post']['name']); if (!\FWValidator::is_file_ending_harmless($newFileName)) { return array('status' => 'error', 'reload' => false, 'message' => sprintf($_ARRAYLANG['TXT_THEME_FILE_EXTENSION_NOT_ALLOWED'], contrexx_input2xhtml($newFileName))); } if (in_array('/' . $newFileName, $virtualDirs)) { return array('status' => 'error', 'reload' => false, 'message' => $_ARRAYLANG['TXT_THEME_OPERATION_FAILED_FOR_VIRTUAL_FOLDER']); } if (!\Cx\Lib\FileSystem\FileSystem::exists($currentThemeFolderDirPath . $newFileName)) { if ($params['post']['isFolder']) { $status = \Cx\Lib\FileSystem\FileSystem::make_folder($currentThemeFolderDirPath . $newFileName); $succesMessage = sprintf($_ARRAYLANG['TXT_THEME_FOLDER_CREATE_SUCCESS'], contrexx_input2xhtml($newFileName)); } else { $status = \Cx\Lib\FileSystem\FileSystem::touch($currentThemeFolderDirPath . $newFileName); $succesMessage = sprintf($_ARRAYLANG['TXT_THEME_FILE_CREATE_SUCCESS'], contrexx_input2xhtml($newFileName)); } if (!$status) { return array('status' => 'error', 'message' => $_ARRAYLANG['TXT_THEME_NEWFILE_FAILED']); } return array('status' => 'success', 'reload' => true, 'message' => $succesMessage, 'path' => '/' . $newFileName); } return array('status' => 'error', 'message' => sprintf($_ARRAYLANG['TXT_THEME_OPERATION_FAILED_FOR_FILE_ALREADY_EXITS'], contrexx_input2xhtml($newFileName))); }
/** * this is called as soon as uploads have finished. * takes care of moving them to the right folder * * @return string the directory to move to */ public static function uploadFinished($tempPath, $tempWebPath, $data, $uploadId, $fileInfos) { $path = $data['path']; $webPath = $data['webPath']; //we remember the names of the uploaded files here. they are stored in the session afterwards, //so we can later display them highlighted. $arrFiles = array(); //rename files, delete unwanted $arrFilesToRename = array(); //used to remember the files we need to rename $h = opendir($tempPath); while (false !== ($file = readdir($h))) { $info = pathinfo($file); //skip . and .. if ($file == '.' || $file == '..') { continue; } $file = \Cx\Lib\FileSystem\FileSystem::replaceCharacters($file); //delete potentially malicious files if (!\FWValidator::is_file_ending_harmless($file)) { @unlink($tempPath . '/' . $file); continue; } //check if file needs to be renamed $newName = ''; $suffix = ''; if (file_exists($path . $file)) { $suffix = '_' . time(); if (empty($_REQUEST['uploadForceOverwrite']) || !intval($_REQUEST['uploadForceOverwrite'] > 0)) { $newName = $info['filename'] . $suffix . '.' . $info['extension']; $arrFilesToRename[$file] = $newName; array_push($arrFiles, $newName); } } else { array_push($arrFiles, $file); } } //rename files where needed foreach ($arrFilesToRename as $oldName => $newName) { rename($tempPath . '/' . $oldName, $tempPath . '/' . $newName); } //create thumbnails // foreach($arrFiles as $file) { // $fileType = pathinfo($file); // if ($fileType['extension'] == 'jpg' || $fileType['extension'] == 'jpeg' || $fileType['extension'] == 'png' || $fileType['extension'] == 'gif') { // $objFile = new File(); // $_objImage = new ImageManager(); // $_objImage->_createThumbWhq($tempPath.'/', $tempWebPath.'/', $file, 1e10, 80, 90); // // if ($objFile->setChmod($tempPath, $tempWebPath, ImageManager::getThumbnailFilename($file))) // $this->_pushStatusMessage(sprintf($_ARRAYLANG['TXT_FILEBROWSER_THUMBNAIL_SUCCESSFULLY_CREATED'], $strWebPath.$file)); // } // } //remember the uploaded files if (isset($_SESSION["filebrowser_upload_files_{$uploadId}"])) { //do not overwrite already uploaded files $arrFiles = array_merge($_SESSION["filebrowser_upload_files_{$uploadId}"], $arrFiles); } $_SESSION["filebrowser_upload_files_{$uploadId}"] = $arrFiles; /* unwanted files have been deleted, unallowed filenames corrected. we can now simply return the desired target path, as only valid files are present in $tempPath */ return array($path, $webPath); }
/** * this is called as soon as uploads have finished. * takes care of moving them to the right folder * * @return string the directory to move to */ public static function uploadFinished($tempPath, $tempWebPath, $data, $uploadId, $fileInfos, $response) { $path = $data['path']; $webPath = $data['webPath']; //we remember the names of the uploaded files here. they are stored in the session afterwards, //so we can later display them highlighted. $arrFiles = array(); //rename files, delete unwanted $arrFilesToRename = array(); //used to remember the files we need to rename $h = opendir($tempPath); if ($h) { while (false !== ($file = readdir($h))) { //delete potentially malicious files // TODO: this is probably an overhead, because the uploader might already to this. doesn't it? if (!\FWValidator::is_file_ending_harmless($file)) { @unlink($file); continue; } if (self::isIllegalFileName($file)) { $response->addMessage(\Cx\Core_Modules\Upload\Controller\UploadResponse::STATUS_ERROR, "You are not able to create the requested file."); \Cx\Lib\FileSystem\FileSystem::delete_file($tempPath . '/' . $file); continue; } //skip . and .. if ($file == '.' || $file == '..') { continue; } //clean file name $newName = $file; \Cx\Lib\FileSystem\FileSystem::clean_path($newName); //check if file needs to be renamed if (file_exists($path . $newName)) { $info = pathinfo($newName); $exte = $info['extension']; $exte = !empty($exte) ? '.' . $exte : ''; $part1 = $info['filename']; if (empty($_REQUEST['uploadForceOverwrite']) || !intval($_REQUEST['uploadForceOverwrite'] > 0)) { $newName = $part1 . '_' . time() . $exte; } } //if the name has changed, the file needs to be renamed afterwards if ($newName != $file) { $arrFilesToRename[$file] = $newName; } array_push($arrFiles, $newName); } } //rename files where needed foreach ($arrFilesToRename as $oldName => $newName) { rename($tempPath . '/' . $oldName, $tempPath . '/' . $newName); } //remeber the uploaded files $files = $_SESSION["media_upload_files_{$uploadId}"]; $_SESSION["media_upload_files_{$uploadId}"] = array_merge($arrFiles, $files ? $files->toArray() : []); /* unwanted files have been deleted, unallowed filenames corrected. we can now simply return the desired target path, as only valid files are present in $tempPath */ return array($data['path'], $data['webPath']); }
/** * Copy the Upload the image to the path * Note: validation should be done before calling this function * * @param string $filePath Temp path of the uploaded media * * @return boolean|string relative path of the uploaded file, false otherwise */ function uploadMedia($filePath) { if ($filePath == '' || !\FWValidator::is_file_ending_harmless($filePath)) { return false; } $fileName = basename($filePath); //get extension $arrFileInfo = pathinfo($fileName); $fileExtension = !empty($arrFileInfo['extension']) ? '.' . $arrFileInfo['extension'] : ''; $fileBasename = $arrFileInfo['filename']; $randomSum = rand(10, 99); //encode filename if ($this->arrSettings['settingsEncryptFilenames'] == 1) { $fileName = md5($randomSum . $fileBasename) . $fileExtension; } //check filename if (file_exists($this->imagePath . 'uploads/' . $fileName)) { $fileName = $fileBasename . '_' . time() . $fileExtension; } //upload file if (\Cx\Lib\FileSystem\FileSystem::copy_file($filePath, $this->imagePath . 'uploads/' . $fileName) !== false) { $objFile = new \File(); $objFile->setChmod($this->imagePath, $this->imageWebPath, 'uploads/' . $fileName); return $this->imageWebPath . 'uploads/' . $fileName; } else { return false; } }
/** * Sanitizes the filename by adding a .txt file extension to files with * bad extensions and by removing strange characters. * * @param string $filename The filename to be sanitized * * @return string The sanitized filename */ public static function sanitizeFileName($filename) { $filename = FileSystem::replaceCharacters(filter_var($filename, FILTER_SANITIZE_URL)); $fileInfo = pathinfo($filename); if (empty($filename)) { $filename = 'file' . date('Y-m-d H:i:s'); } if (!isset($fileInfo['extension'])) { $filename = $filename . '.txt'; } if (!\FWValidator::is_file_ending_harmless($filename)) { $filename = $filename . '.txt'; } return $filename; }