private function onAdd() { $form = $this->formAdd(); if (false !== ($error = $form->validate($this->module))) { return $error . $this->templateAdd(); } $file = $form->getVar('file'); $tmp = $file['tmp_name']; $postid = $this->post->getID(); $userid = GWF_Session::getUserID(); $options = 0; $options |= isset($_POST['guest_view']) ? GWF_ForumAttachment::GUEST_VISIBLE : 0; $options |= isset($_POST['guest_down']) ? GWF_ForumAttachment::GUEST_DOWNLOAD : 0; # Put in db $attach = new GWF_ForumAttachment(array('fatt_aid' => 0, 'fatt_uid' => $userid, 'fatt_pid' => $postid, 'fatt_mime' => GWF_Upload::getMimeType($tmp), 'fatt_size' => filesize($tmp), 'fatt_downloads' => 0, 'fatt_filename' => $file['name'], 'fatt_options' => $options, 'fatt_date' => GWF_Time::getDate(GWF_Date::LEN_SECOND))); if (false === $attach->insert()) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } $aid = $attach->getID(); # Copy file $path = $attach->dbimgPath(); if (false === GWF_Upload::moveTo($file, $path)) { @unlink($tmp); return GWF_HTML::err('ERR_WRITE_FILE', $path); } @unlink($tmp); $this->post->increase('post_attachments', 1); return $this->module->message('msg_attach_added', array($this->post->getShowHREF())); }
public static function onUpload(Module_PageBuilder $module) { if (false !== ($error = GWF_Form::validateCSRF_WeakS())) { return $error; } if (false === ($file = GWF_Upload::getFile('file'))) { return GWF_HTML::err('ERR_MISSING_UPLOAD'); } $back = ''; # TODO: There are more unsafe languages! # But we want to keep the file extension. # Not really a big deal, unless you have malicious admin users. $name = $file['name']; // $name = str_replace(array('/', '\\'), '', $name); // $forbidden = array('.php',/* '.pl', '.py', '.asp'*/); // foreach ($forbidden as $ext) // { // if (Common::endsWith($name, $ext)) // if (Common::endsWith($name, '.php')) // { // $name .= '.html'; // $back .= $module->error('err_file_ext'); // return $back; // } // } # This is evil, sometimes even with foo.php.html if (stripos($name, '.php') !== false) { return $module->error('err_file_ext'); } # We do a sanity check here if (!preg_match('#^[a-z0-9_][a-z0-9_\\.]{0,62}$#iD', $name)) { $back .= $module->error('err_file_name'); return $back; } # Copy the file $path = 'dbimg/content/' . $name; $epath = htmlspecialchars($path); if (Common::isFile($path)) { return $back . $module->error('err_upload_exists'); } if (false === GWF_Upload::moveTo($file, $path)) { return $back . GWF_HTML::err('ERR_WRITE_FILE', array($epath)); } # Is bbcode mode? $bbcode = (Common::getPostInt('type', 0) & (GWF_Page::HTML | GWF_Page::SMARTY)) === 0; # Append to page content as image or anchor. $_POST['content'] .= self::fileToContent($name, $path, $bbcode); return $module->message('msg_file_upped', array($epath)); }
private function onReup(GWF_Download $dl) { $form = $this->getFormReup($dl); if (false !== ($err = $form->validate($this->module))) { return $err . $this->templateEdit($dl); } if (false === ($file = $form->getVar('file'))) { return $this->module->error('err_file') . $this->templateEdit($dl); } if ($this->module->isModerated($this->module)) { return GWF_HTML::err('ERR_NO_PERMISSION') . $this->templateEdit($dl); } $tempname = 'dbimg/dl/' . $dl->getVar('dl_id'); if (false === ($file = GWF_Upload::moveTo($file, $tempname))) { return GWF_HTML::err('ERR_WRITE_FILE', array($tempname)) . $this->templateEdit($dl); } if (false === $dl->saveVars(array('dl_uid' => GWF_Session::getUserID(), 'dl_mime' => GWF_Upload::getMimeType($file['tmp_name']), 'dl_date' => GWF_Time::getDate(GWF_Date::LEN_SECOND)))) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } return $this->module->message('msg_uploaded') . $this->templateEdit($dl); }
private function uploadedFile(GWF_Form $form) { if (false === ($file = $form->getVar('file'))) { // echo $this->module->error('err_file'); return; } $tempname = 'dbimg/dl/' . basename($file['tmp_name']); if (false === ($file = GWF_Upload::moveTo($file, $tempname))) { echo GWF_HTML::err('ERR_WRITE_FILE', array($tempname)); } GWF_Session::set(self::SESS_FILE, $file); }
public function onSetLogo(WC_Site $site, $is_admin) { $form = $this->getFormLogo($site, $is_admin); if (false !== ($errors = $form->validate($this->module))) { return $errors; } # Upload Icon if (false === ($file = $form->getVar('new_logo'))) { return $this->module->error('err_no_logo'); } // if (!(GWF_Upload::isImageFile($file))) { // return $this->module->error('err_no_logo'); // } if (false === GWF_Upload::resizeImage($file, 32, 32, 32, 32)) { return $this->module->error('err_no_logo'); } $sid = $site->getID(); $filename = 'dbimg/logo/' . $sid; if (false === ($file = GWF_Upload::moveTo($file, $filename))) { return $this->module->error('err_write_logo', array($filename)); } # Convert to GIF if (false === ($img = imagecreatefromstring(file_get_contents($filename)))) { return $this->module->error('err_no_logo'); } $filenamegif = 'dbimg/logo_gif/' . $sid . '.gif'; if (false === imagegif($img, $filenamegif)) { return $this->module->error('err_write_logo', array($filenamegif)); } imagedestroy($img); $site->increase('site_logo_v', 1); $site->saveOption(WC_Site::HAS_LOGO); }
private function unReUpload(array $file, GWF_ForumAttachment $attach) { $temp = $file['tmp_name']; $target = $attach->dbimgPath(); $success = GWF_Upload::moveTo($file, $target); @unlink($temp); if (!$success) { return GWF_HTML::err('ERR_WRITE_FILE', $target); } if (false === $attach->saveVars(array('fatt_mime' => GWF_Upload::getMimeType($target), 'fatt_size' => filesize($target), 'fatt_downloads' => 0, 'fatt_filename' => $file['name'], 'fatt_date' => GWF_Time::getDate(GWF_Date::LEN_SECOND)))) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } return false; }
public function onUpload(WC_Challenge $chall) { $module = Module_WeChall::instance(); $form = $this->getForm($chall); if (false === ($file = $form->getVar('image'))) { return GWF_HTML::error('Smile', array($chall->lang('err_no_image'))); } if (!GWF_Upload::isImageFile($file)) { return GWF_HTML::error('Smile', array($chall->lang('err_no_image'))); } if (false === GWF_Upload::resizeImage($file, 64, 64, 16, 16)) { return GWF_HTML::error('Smile', array($chall->lang('err_no_image'))); } $whitelist = array('.jpg', '.jpeg', '.gif', '.png'); $filename = $file['name']; $allowed = false; foreach ($whitelist as $allow) { if (Common::endsWith($filename, $allow)) { $allowed = true; break; } } if (strpos($filename, '.php') !== false) { $allowed = false; } if (!preg_match('/^[\\x00-\\x7f]+$/D', $filename)) { return GWF_HTML::error('Smile Path', array($chall->lang('err_ascii'))); } if (!$allowed) { return GWF_HTML::error('Smile', array($chall->lang('err_no_image'))); } $fullpath = "challenge/livinskull/smile/smiles/{$filename}"; $efp = htmlspecialchars($fullpath); if (false === ($file = GWF_Upload::moveTo($file, $fullpath))) { return GWF_HTML::err('ERR_WRITE_FILE', array($efp)); } $efp = htmlspecialchars($fullpath); $rule = htmlspecialchars("<img src=\"/{$efp}\" />"); return GWF_HTML::message('Smile', $chall->lang('msg_uploaded', array($rule))); }
private function saveAvatar(array $file) { if (!GWF_Upload::isImageFile($file)) { return $this->module->error('err_no_image'); } if (false === GWF_Upload::resizeImage($file, $this->module->cfgAvatarMaxWidth(), $this->module->cfgAvatarMaxHeight(), $this->module->cfgAvatarMinWidth(), $this->module->cfgAvatarMinHeight())) { return $this->module->error('err_no_image'); } $user = GWF_Session::getUser(); $uid = $user->getID(); if (false === ($file = GWF_Upload::moveTo($file, 'dbimg/avatar/' . $uid))) { return $this->module->error('err_write_avatar'); } $user->saveOption(GWF_User::HAS_AVATAR, true); $user->increase('user_avatar_v', 1); return $this->module->message('msg_avatar_saved'); }