protected function canAccess() { $cp = \FilePermissions::getGlobal(); if ($cp->canSearchFiles()) { return true; } return false; }
public function displayItem() { $u = new User(); if ($u->isRegistered()) { $fp = FilePermissions::getGlobal(); if ($fp->canSearchFiles() && $u->config('UI_FILEMANAGER')) { return true; } } return false; }
public function canImport($file) { $cf = Loader::helper("file"); $fp = FilePermissions::getGlobal(); if (!$fp->canAddFiles()) { $message = FileImporter::getErrorMessage(FileImporter::E_PHP_FILE_ERROR_DEFAULT); return $message; } if (!$fp->canAddFileType($cf->getExtension($file))) { $message = FileImporter::getErrorMessage(FileImporter::E_FILE_INVALID_EXTENSION); return $message; } return true; }
public function submit() { $requestSets = array(); if (is_array($this->request->request->get('fsID'))) { $requestSets = $this->request->request->get('fsID'); } $fsp = \FilePermissions::getGlobal(); if ($this->validateAction()) { $sets = Set::getMySets(); foreach ($sets as $set) { if (in_array($set->getFileSetID(), $requestSets) && $fsp->canAddFile($this->file) && !$this->file->inFileSet($set)) { // This was checked and it wasn't in the file set previously $set->addFileToSet($this->file); } if ($this->file->inFileSet($set) && !in_array($set->getFileSetID(), $requestSets) && $fsp->canAddFile($this->file)) { // This was not checked but it used to be in the set. $set->removeFileFromSet($this->file); } } } $fsNew = $this->request->request->get('fsNew'); $fsNewShare = $this->request->request->get('fsNewShare'); if (is_array($fsNew)) { foreach ($fsNew as $i => $name) { if ($name) { $type = $fsNewShare[$i] == 1 ? Set::TYPE_PUBLIC : Set::TYPE_PRIVATE; $fs = Set::createAndGetSet($fsNew[$i], $type); $fs->addFileToSet($this->file); } } } $response = new EditResponse(); $response->setFile($this->file); $response->setMessage(t('File sets updated successfully.')); $response->outputJSON(); }
<?php defined('C5_EXECUTE') or die("Access Denied."); $u = new User(); $ch = Loader::helper('concrete/file'); $h = Loader::helper('concrete/interface'); $form = Loader::helper('form'); $fp = FilePermissions::getGlobal(); if (!$fp->canAddFiles()) { die(t("Unable to add files.")); } $types = $fp->getAllowedFileExtensions(); $searchInstance = Loader::helper('text')->entities($_REQUEST['searchInstance']); $ocID = 0; if (Loader::helper('validation/numbers')->integer($_REQUEST['ocID'])) { $ocID = $_REQUEST['ocID']; } $types = $ch->serializeUploadFileExtensions($types); $valt = Loader::helper('validation/token'); ?> <div class="ccm-ui"> <ul class="tabs" id="ccm-file-import-tabs"> <li class="active"><a href="javascript:void(0)" id="ccm-file-add-multiple"><?php echo t('Upload Multiple'); ?> </a></li> <li><a href="javascript:void(0)" id="ccm-file-add-incoming"><?php echo t('Add Incoming'); ?> </a></li> <li><a href="javascript:void(0)" id="ccm-file-add-remote"><?php
protected function setupFilePermissions() { $u = new User(); if ($this->permissionLevel == false || $u->isSuperUser()) { return false; } $vs = FileSetPermissions::getOverriddenSets($this->permissionLevel, FilePermissions::PTYPE_ALL); $nvs = FileSetPermissions::getOverriddenSets($this->permissionLevel, FilePermissions::PTYPE_NONE); $vsm = FileSetPermissions::getOverriddenSets($this->permissionLevel, FilePermissions::PTYPE_MINE); // we remove all the items from nonviewableSets that appear in viewableSets because viewing trumps non-viewing for ($i = 0; $i < count($nvs); $i++) { if (in_array($nvs[$i], $vs)) { unset($nvs[$i]); } } // we have $nvs, which is an array of sets of files that we CANNOT see // first, we add -1 so that we are always dealing with an array that at least has one value, just for // query writing sanity sake $nvs[] = -1; $vs[] = -1; $vsm[] = -1; //$this->debug(); // this excludes all file that are found in sets that I can't find $this->filter(false, '((select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $nvs) . ')) = 0)'); $uID = $u->isRegistered() ? $u->getUserID() : 0; // This excludes all files found in sets where I may only read mine, and I did not upload the file $this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $vsm) . ')) = 0)'); $fp = FilePermissions::getGlobal(); if ($fp->getFileSearchLevel() == FilePermissions::PTYPE_MINE) { // this means that we're only allowed to read files we've uploaded (unless, of course, those files are in previously covered sets) $this->filter(false, '(f.uID = ' . $uID . ' or (select count(fID) from FileSetFiles where FileSetFiles.fID = f.fID and fsID in (' . implode(',', $vs) . ')) > 0)'); } // now we filter out files we directly don't have access to $groups = $u->getUserGroups(); $groupIDs = array(); foreach ($groups as $key => $value) { $groupIDs[] = $key; } $uID = -1; if ($u->isRegistered()) { $uID = $u->getUserID(); } if (PERMISSIONS_MODEL != 'simple') { // There is a really stupid MySQL bug that, if the subquery returns null, the entire query is nullified // So I have to do this query OUTSIDE of MySQL and give it to mysql $db = Loader::db(); $fIDs = $db->GetCol("select Files.fID from Files inner join FilePermissions on FilePermissions.fID = Files.fID where fOverrideSetPermissions = 1 and (FilePermissions.gID in (" . implode(',', $groupIDs) . ") or FilePermissions.uID = {$uID}) having max(" . $this->permissionLevel . ") = 0"); if (count($fIDs) > 0) { $this->filter(false, "(f.fID not in (" . implode(',', $fIDs) . "))"); } } }
function importFile($fileUrl) { $u = new User(); $cf = Loader::helper('file'); $fp = FilePermissions::getGlobal(); if (!$fp->canAddFiles()) { die(t("Unable to add files.")); } //$valt = Loader::helper('validation/token'); Loader::library("file/importer"); Loader::library('3rdparty/Zend/Http/Client'); Loader::library('3rdparty/Zend/Uri/Http'); $file = Loader::helper('file'); Loader::helper('mime'); $error = array(); // load all the incoming fields into an array $this_url = $fileUrl; // validate URL if (Zend_Uri_Http::check($this_url)) { // URL appears to be good... add it $incoming_urls[] = $this_url; } else { $errors[] = '"' . $this_url . '"' . t(' is not a valid URL.'); } //} //if (!$valt->validate('import_remote')) { // $errors[] = $valt->getErrorMessage(); //} if (count($incoming_urls) < 1) { $errors[] = t('You must specify at least one valid URL.'); } $import_responses = array(); // if we haven't gotten any errors yet then try to process the form if (count($errors) < 1) { // itterate over each incoming URL adding if relevant foreach ($incoming_urls as $this_url) { // try to D/L the provided file // This all sets up the CURL actions to check the page $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this_url); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_NOBODY, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_MAXREDIRS, 10); //follow up to 10 redirections - avoids loops $data = curl_exec($ch); $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); // Get the HTTP Code // Get final redirected URL, will be the same if URL is not redirected $new_url = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL); curl_close($ch); // Array of HTTP status codes. Trim down if you would like to. $codes = array(0 => 'Domain Not Found', 100 => 'Continue', 101 => 'Switching Protocols', 200 => 'OK', 201 => 'Created', 202 => 'Accepted', 203 => 'Non-Authoritative Information', 204 => 'No Content', 205 => 'Reset Content', 206 => 'Partial Content', 300 => 'Multiple Choices', 301 => 'Moved Permanently', 302 => 'Found', 303 => 'See Other', 304 => 'Not Modified', 305 => 'Use Proxy', 307 => 'Temporary Redirect', 400 => 'Bad Request', 401 => 'Unauthorized', 402 => 'Payment Required', 403 => 'Forbidden', 404 => 'Not Found', 405 => 'Method Not Allowed', 406 => 'Not Acceptable', 407 => 'Proxy Authentication Required', 408 => 'Request Timeout', 409 => 'Conflict', 410 => 'Gone', 411 => 'Length Required', 412 => 'Precondition Failed', 413 => 'Request Entity Too Large', 414 => 'Request-URI Too Long', 415 => 'Unsupported Media Type', 416 => 'Requested Range Not Satisfiable', 417 => 'Expectation Failed', 500 => 'Internal Server Error', 501 => 'Not Implemented', 502 => 'Bad Gateway', 503 => 'Service Unavailable', 504 => 'Gateway Timeout', 505 => 'HTTP Version Not Supported'); if (isset($codes[$http_code])) { if ($codes[$http_code] == "OK") { $client = new Zend_Http_Client($this_url); $response = $client->request(); if ($response->isSuccessful()) { $uri = Zend_Uri_Http::fromString($this_url); $fname = ''; $fpath = $file->getTemporaryDirectory(); // figure out a filename based on filename, mimetype, ??? if (preg_match('/^.+?[\\/]([-\\w%]+\\.[-\\w%]+)$/', $uri->getPath(), $matches)) { // got a filename (with extension)... use it $fname = $matches[1]; } else { if (!is_null($response->getHeader('Content-Type'))) { // use mimetype from http response $fextension = MimeHelper::mimeToExtension($response->getHeader('Content-Type')); if ($fextension === false) { $errors[] = t('Unknown mime-type: ') . $response->getHeader('Content-Type'); } else { // make sure we're coming up with a unique filename do { // make up a filename based on the current date/time, a random int, and the extension from the mime-type $fname = date('d-m-Y_H:i_') . mt_rand(100, 999) . '.' . $fextension; } while (file_exists($fpath . '/' . $fname)); } } } //else { // if we can't get the filename from the file itself OR from the mime-type I'm not sure there's much else we can do //} if (strlen($fname)) { // write the downloaded file to a temporary location on disk $handle = fopen($fpath . '/' . $fname, "w"); fwrite($handle, $response->getBody()); fclose($handle); // import the file into concrete if ($fp->canAddFileType($cf->getExtension($fname))) { $fi = new FileImporter(); $resp = $fi->import($fpath . '/' . $fname, $fname, $fr); } else { $resp = FileImporter::E_FILE_INVALID_EXTENSION; } if (!$resp instanceof FileVersion) { $errors[] .= $fname . ': ' . FileImporter::getErrorMessage($resp) . "\n"; } else { $import_responses[] = $resp; } // clean up the file unlink($fpath . '/' . $fname); } else { // could not figure out a file name $errors[] = t('Could not determine the name of the file at ') . $this_url; } } else { // warn that we couldn't download the file $errors[] = t('There was an error downloading ') . $this_url; } } } else { $errors[] = t("Error connecting to file's server, file skipped"); } } } //print_r($errors); if ($resp instanceof FileVersion) { return $resp; } }
public function upload_files() { $files = array(); if ($this->token->validate('upload_files')) { $r = $this->entityManager->getRepository('\\PortlandLabs\\Concrete5\\MigrationTool\\Entity\\Import\\Batch'); $batch = $r->findOneById($this->request->request('id')); if (is_object($batch)) { $cf = \Core::make('helper/file'); $fp = \FilePermissions::getGlobal(); if (isset($_FILES['file']) && is_uploaded_file($_FILES['file']['tmp_name'])) { if (!$fp->canAddFileType($cf->getExtension($_FILES['file']['name']))) { throw new \Exception(Importer::getErrorMessage(Importer::E_FILE_INVALID_EXTENSION)); } else { $ih = new Importer(); $response = $ih->import($_FILES['file']['tmp_name'], $_FILES['file']['name']); if (!$response instanceof \Concrete\Core\File\Version) { throw new \Exception(Importer::getErrorMessage($response)); } else { $file = $response->getFile(); $fs = Set::getByName($batch->getID()); if (!is_object($fs)) { $fs = Set::createAndGetSet($batch->getID(), Set::TYPE_PRIVATE); } $fs->addFileToSet($file); $files[] = $file; } } } } } $this->flash('success', t('File(s) uploaded successfully')); $r = new \Concrete\Core\File\EditResponse(); $r->setFiles($files); $r->outputJSON(); }