/**
* accepts a file for upload
*/
function media_upload()
{
global $DIR_MEDIA, $member, $CONF, $funcNum, $responseType;
$uploadInfo = postFileInfo('upload');
$filename = $uploadInfo['name'];
$filetype = $uploadInfo['type'];
$filesize = $uploadInfo['size'];
$filetempname = $uploadInfo['tmp_name'];
$fileerror = intval($uploadInfo['error']);
// clean filename of characters that may cause trouble in a filename using cleanFileName() function from globalfunctions.php
$filename = cleanFileName($filename);
if ($filename === false) {
upload_doError(_ERROR_BADFILETYPE . $filename);
}
switch ($fileerror) {
case 0:
// = UPLOAD_ERR_OK
break;
case 1:
// = UPLOAD_ERR_INI_SIZE
// = UPLOAD_ERR_INI_SIZE
case 2:
// = UPLOAD_ERR_FORM_SIZE
upload_doError(_ERROR_FILE_TOO_BIG);
case 3:
// = UPLOAD_ERR_PARTIAL
// = UPLOAD_ERR_PARTIAL
case 4:
// = UPLOAD_ERR_NO_FILE
// = UPLOAD_ERR_NO_FILE
case 6:
// = UPLOAD_ERR_NO_TMP_DIR
// = UPLOAD_ERR_NO_TMP_DIR
case 7:
// = UPLOAD_ERR_CANT_WRITE
// = UPLOAD_ERR_CANT_WRITE
default:
// include error code for debugging
// (see http://www.php.net/manual/en/features.file-upload.errors.php)
upload_doError(_ERROR_BADREQUEST . ' (' . $fileerror . ')');
}
if ($filesize > $CONF['MaxUploadSize']) {
upload_doError(_ERROR_FILE_TOO_BIG);
}
// check file type against allowed types
$ok = 0;
$allowedtypes = explode(',', $CONF['AllowedTypes']);
foreach ($allowedtypes as $type) {
if (preg_match("#\\." . $type . "\$#i", $filename)) {
$ok = 1;
}
}
if (!$ok) {
upload_doError(_ERROR_BADFILETYPE . $filename);
}
if (!is_uploaded_file($filetempname)) {
upload_doError(_ERROR_BADREQUEST);
}
// prefix filename with current date (YYYYMMDD-HHMMSS-)
// this to avoid nameclashes
if ($CONF['MediaPrefix']) {
$filename = strftime("%Y%m%d-%H%M%S-", time()) . $filename;
}
// currently selected collection
$collection = requestVar('collection');
if (!$collection || !@is_dir($DIR_MEDIA . $collection)) {
$collection = $member->getID();
}
// avoid directory travarsal and accessing invalid directory
if (!MEDIA::isValidCollection($collection)) {
media_doError(_ERROR_DISALLOWED);
}
$res = MEDIA::addMediaObject($collection, $filetempname, $filename);
if ($res != '') {
upload_doError($res);
}
$url = $CONF['MediaURL'] . $collection . '/' . $filename;
if ($responseType != 'json') {
echo "<script type='text/javascript'>window.parent.CKEDITOR.tools.callFunction(" . $funcNum . ", '" . $url . "', '');</script>";
} else {
$arr = array('uploaded' => 1, 'fileName' => $filename, 'url' => $url);
header("Content-Type: application/json; charset=utf-8");
echo json_encode($arr);
}
}
function media_select()
{
global $member, $CONF, $DIR_MEDIA, $manager;
// show 10 files + navigation buttons
// show msg when no files
// show upload form
// files sorted according to last modification date
// currently selected collection
$currentCollection = requestVar('collection');
if (!$currentCollection || !@is_dir($DIR_MEDIA . $currentCollection)) {
$tinymce = $manager->getPlugin('NP_TinyMCE');
switch ($tinymce->getOption('def_dir_mode')) {
case 'fix':
$currentCollection = $tinymce->getOption('def_dir');
break;
default:
$currentCollection = $member->getID();
}
}
// avoid directory travarsal and accessing invalid directory
if (!MEDIA::isValidCollection($currentCollection)) {
media_doError(_ERROR_DISALLOWED);
}
media_head();
// get collection list
$collections = MEDIA::getCollectionList();
if (sizeof($collections) > 1) {
?>
<form method="post" action="media.php"><div>
<label for="media_collection"><?php
echo htmlspecialchars(_MEDIA_COLLECTION_LABEL);
?>
</label>
<select name="collection" id="media_collection" onchange="return form.submit()">
<?php
foreach ($collections as $dirname => $description) {
echo '<option value="', htmlspecialchars($dirname), '"';
if ($dirname == $currentCollection) {
echo ' selected="selected"';
}
echo '>', htmlspecialchars($description), '</option>';
}
?>
</select>
<input type="submit" name="action" value="<?php
echo htmlspecialchars(_MEDIA_UPLOAD_TO);
?>
" title="<?php
echo htmlspecialchars(_MEDIA_UPLOADLINK);
?>
" class="button" />
<?php
$manager->addTicketHidden();
?>
</div></form>
<?php
} else {
?>
<form method="post" action="media.php" style="float:right"><div>
<input type="hidden" name="collection" value="<?php
echo htmlspecialchars($currentCollection);
?>
" />
<input type="submit" name="action" value="<?php
echo htmlspecialchars(_MEDIA_UPLOAD_NEW);
?>
" title="<?php
echo htmlspecialchars(_MEDIA_UPLOADLINK);
?>
" class="button" />
<?php
$manager->addTicketHidden();
?>
</div></form>
<?php
}
// if sizeof
$filter = requestVar('filter');
$offset = intRequestVar('offset');
$arr = MEDIA::getMediaListByCollection($currentCollection, $filter);
?>
<form method="post" action="media.php"><div>
<label for="media_filter"><?php
echo htmlspecialchars(_MEDIA_FILTER_LABEL);
?>
</label>
<input id="media_filter" type="text" name="filter" value="<?php
echo htmlspecialchars($filter);
?>
" />
<input type="submit" name="action" value="<?php
echo htmlspecialchars(_MEDIA_FILTER_APPLY);
?>
" class="button" />
<input type="hidden" name="collection" value="<?php
echo htmlspecialchars($currentCollection);
?>
" />
<input type="hidden" name="offset" value="<?php
echo intval($offset);
?>
" />
</div></form>
<?php
?>
<table width="100%">
<caption><?php
echo _MEDIA_COLLECTION_LABEL . htmlspecialchars($collections[$currentCollection]);
?>
</caption>
<tr>
<th><?php
echo _MEDIA_MODIFIED;
?>
</th><th><?php
echo _MEDIA_FILENAME;
?>
</th><th><?php
echo _MEDIA_DIMENSIONS;
?>
</th>
</tr>
<?php
if (sizeof($arr) > 0) {
if ($offset + $CONF['MediaPerPage'] >= sizeof($arr)) {
$offset = sizeof($arr) - $CONF['MediaPerPage'];
}
if ($offset < 0) {
$offset = 0;
}
$idxStart = $offset;
$idxEnd = $offset + $CONF['MediaPerPage'];
$idxNext = $idxEnd;
$idxPrev = $idxStart - $CONF['MediaPerPage'];
if ($idxPrev < 0) {
$idxPrev = 0;
}
if ($idxEnd > sizeof($arr)) {
$idxEnd = sizeof($arr);
}
for ($i = $idxStart; $i < $idxEnd; $i++) {
$obj = $arr[$i];
$filename = $DIR_MEDIA . $currentCollection . '/' . $obj->filename;
$old_level = error_reporting(0);
$size = @GetImageSize($filename);
error_reporting($old_level);
$width = $size[0];
$height = $size[1];
$filetype = $size[2];
echo "<tr>";
echo "<td>" . date("Y-m-d", $obj->timestamp) . "</td>";
// strings for javascript
$jsCurrentCollection = str_replace("'", "\\'", $currentCollection);
$jsFileName = str_replace("'", "\\'", $obj->filename);
if ($filetype != 0) {
// image (gif/jpg/png/swf)
echo "<td><span style=\"cursor:pointer;\" onclick=\"chooseImage('", htmlspecialchars($jsCurrentCollection), "','", htmlspecialchars($jsFileName), "'," . "'", htmlspecialchars($width), "','", htmlspecialchars($height), "'" . ")\" title=\"" . htmlspecialchars($obj->filename) . "\">" . htmlspecialchars(shorten($obj->filename, 25, '...')) . "</span>";
echo ' (<a href="', htmlspecialchars($CONF['MediaURL'] . $currentCollection . '/' . $obj->filename), '" onclick="window.open(this.href); return false;" title="', htmlspecialchars(_MEDIA_VIEW_TT), '">', _MEDIA_VIEW, '</a>)';
echo "</td>";
} else {
// no image (e.g. mpg)
echo "<td><span style=\"cursor:pointer;\" onclick=\"chooseOther('", htmlspecialchars($jsCurrentCollection), "','", htmlspecialchars($jsFileName), "'" . ")\" title=\"" . htmlspecialchars($obj->filename) . "\">" . htmlspecialchars(shorten($obj->filename, 30, '...')) . "</span></td>";
}
echo '<td>', htmlspecialchars($width), 'x', htmlspecialchars($height), '</td>';
echo '</tr>';
}
}
// if (sizeof($arr)>0)
?>
</table>
<?php
if ($idxStart > 0) {
echo "<a href='media.php?offset={$idxPrev}&collection=" . urlencode($currentCollection) . "'>" . _LISTS_PREV . "</a> ";
}
if ($idxEnd < sizeof($arr)) {
echo "<a href='media.php?offset={$idxNext}&collection=" . urlencode($currentCollection) . "'>" . _LISTS_NEXT . "</a> ";
}
?>
<input id="typeradio0" type="radio" name="typeradio" onclick="setType(0);" checked="checked" class="radio" /><label for="typeradio0"><?php
echo _MEDIA_INLINE;
?>
</label>
<input id="typeradio1" type="radio" name="typeradio" onclick="setType(1);" class="radio" /><label for="typeradio1"><?php
echo _MEDIA_POPUP;
?>
</label>
<?php
media_foot();
}
/**
* Adds an uploaded file to the media archive
*
* @param collection
* collection
* @param uploadfile
* the postFileInfo(..) array
* @param filename
* the filename that should be used to save the file as
* (date prefix should be already added here)
*/
function addMediaObject($collection, $uploadfile, $filename)
{
global $DIR_MEDIA, $manager;
// clean filename of characters that may cause trouble in a filename using cleanFileName() function from globalfunctions.php
$filename = cleanFileName($filename);
// should already have tested for allowable types before calling this method. This will only catch files with no extension at all
if ($filename === false) {
return _ERROR_BADFILETYPE;
}
$manager->notify('PreMediaUpload', array('collection' => &$collection, 'uploadfile' => $uploadfile, 'filename' => &$filename));
// don't allow uploads to unknown or forbidden collections
$exceptReadOnly = true;
if (!MEDIA::isValidCollection($collection, $exceptReadOnly)) {
return _ERROR_DISALLOWED;
}
// check dir permissions (try to create dir if it does not exist)
$mediadir = $DIR_MEDIA . $collection;
// try to create new private media directories if needed
if (!@is_dir($mediadir) && is_numeric($collection)) {
$oldumask = umask(00);
if (!@mkdir($mediadir, 0777)) {
return _ERROR_BADPERMISSIONS;
}
umask($oldumask);
}
// if dir still not exists, the action is disallowed
if (!@is_dir($mediadir)) {
return _ERROR_DISALLOWED;
}
if (!is_writeable($mediadir)) {
return _ERROR_BADPERMISSIONS;
}
// add trailing slash (don't add it earlier since it causes mkdir to fail on some systems)
$mediadir .= '/';
if (file_exists($mediadir . $filename)) {
return _ERROR_UPLOADDUPLICATE;
}
// move file to directory
if (is_uploaded_file($uploadfile)) {
if (!@move_uploaded_file($uploadfile, $mediadir . $filename)) {
return _ERROR_UPLOADMOVEP;
}
} else {
if (!copy($uploadfile, $mediadir . $filename)) {
return _ERROR_UPLOADCOPY;
}
}
// chmod uploaded file
$oldumask = umask(00);
@chmod($mediadir . $filename, 0644);
umask($oldumask);
$manager->notify('PostMediaUpload', array('collection' => $collection, 'mediadir' => $mediadir, 'filename' => $filename));
return '';
}
