/** * Upload a file. * @return array $error on failure or uploaded file name on success */ public function upload() { // Check for request forgeries WFToken::checkToken() or die; //JError::setErrorHandling(E_ALL, 'callback', array('WFError', 'raiseError')); // check for feature access if (!$this->checkFeature('upload')) { JError::raiseError(403, 'RESTRICTED ACCESS'); } $wf = WFEditor::getInstance(); jimport('joomla.filesystem.file'); // HTTP headers for no cache etc //header('Content-type: text/plain; charset=UTF-8'); header("Expires: Wed, 4 Apr 1984 13:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M_Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); // get uploaded file $file = JRequest::getVar('file', '', 'files', 'array'); // get file name $name = JRequest::getVar('name', $file['name']); // target directory $dir = JRequest::getVar('upload-dir'); // deocode directory $dir = rawurldecode($dir); // check destination path WFUtility::checkPath($dir); // decode name $name = rawurldecode($name); // get extension $ext = WFUtility::getExtension($name); // strip extension $name = WFUtility::stripExtension($name); // make file name 'web safe' $name = WFUtility::makeSafe($name, $this->get('websafe_mode', 'utf-8')); // empty name if ($name == '') { JError::raiseError(403, 'INVALID FILE NAME'); } // check for extension in file name or blank file name if (preg_match('#\\.(php|php(3|4|5)|phtml|pl|py|jsp|asp|htm|shtml|sh|cgi)#i', $name)) { JError::raiseError(403, 'INVALID FILE NAME'); } // create a filesystem result object $result = new WFFileSystemResult(); $filesystem = $this->getFileSystem(); $complete = false; $contentType = JRequest::getVar('CONTENT_TYPE', '', 'SERVER'); // rebuild file name - name + extension $name = $name . '.' . $ext; // Only multipart uploading is supported for now if ($contentType && strpos($contentType, "multipart") !== false) { if (isset($file['tmp_name']) && is_uploaded_file($file['tmp_name'])) { // check for valid extension if (in_array(strtolower($ext), $this->getFileTypes('array')) === false) { $result->state = false; $result->message = WFText::_('WF_MANAGER_UPLOAD_INVALID_EXT_ERROR'); $complete = true; @unlink($file['tmp_name']); } else { if ($this->validateUploadedFile($file, $result) === false) { $complete = true; @unlink($file['tmp_name']); } else { $result = $filesystem->upload('multipart', trim($file['tmp_name']), $dir, $name); if (!$result->state) { $result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR'); $result->code = 103; } @unlink($file['tmp_name']); $complete = true; } } } } else { $result->state = false; $result->code = 103; $result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR'); $complete = true; } // upload finished if ($complete) { if ($result instanceof WFFileSystemResult) { if ($result->state === true) { $path = $result->path; $this->setResult($this->fireEvent('onUpload', array($result->path))); $this->setResult(basename($result->path), 'files'); } else { $this->setResult($result->message, 'error'); } } die(json_encode($this->getResult())); } }
/** * Upload a file. * @return array $error on failure or uploaded file name on success */ public function upload() { // Check for request forgeries WFToken::checkToken() or die; // check for feature access if (!$this->checkFeature('upload')) { JError::raiseError(403, 'Access to this resource is restricted'); } $filesystem = $this->getFileSystem(); jimport('joomla.filesystem.file'); header('Content-Type: text/json;charset=UTF-8'); header("Expires: Wed, 4 Apr 1984 13:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M_Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); // get uploaded file $file = JRequest::getVar('file', '', 'files', 'array'); // validate file data $this->validateUploadedFile($file); // get file name $name = JRequest::getVar('name', $file['name']); // decode name $name = rawurldecode($name); // check name if (WFUtility::validateFileName($name) === false) { throw new InvalidArgumentException('Upload Failed: The file name contains an invalid extension.'); } // check file name WFUtility::checkPath($name); // get extension from file name $ext = WFUtility::getExtension($file['name']); // trim extension $ext = trim($ext); // check extension exists if (empty($ext) || $ext === $file['name']) { throw new InvalidArgumentException('Upload Failed: The file name does not contain a valid extension.'); } // strip extension $name = WFUtility::stripExtension($name); // make file name 'web safe' $name = WFUtility::makeSafe($name, $this->get('websafe_mode', 'utf-8'), $this->get('websafe_spaces'), $this->get('websafe_textcase')); // check name if (WFUtility::validateFileName($name) === false) { throw new InvalidArgumentException('Upload Failed: The file name contains an invalid extension.'); } // target directory $dir = JRequest::getVar('upload-dir'); // deocode directory $dir = rawurldecode($dir); // check destination path WFUtility::checkPath($dir); $upload = $this->get('upload'); // Check file number limits if (!empty($upload['total_files'])) { if ($filesystem->countFiles($dir, true) > $upload['total_files']) { throw new InvalidArgumentException(WFText::_('WF_MANAGER_FILE_LIMIT_ERROR')); } } // Check total file size limit if (!empty($upload['total_size'])) { $size = $filesystem->getTotalSize($dir); if ($size / 1024 / 1024 > $upload['total_size']) { throw new InvalidArgumentException(WFText::_('WF_MANAGER_FILE_SIZE_LIMIT_ERROR')); } } // add random string if ($upload['add_random']) { $name = $name . '_' . substr(md5(uniqid(rand(), 1)), 0, 5); } // rebuild file name - name + extension $name = $name . '.' . $ext; // create a filesystem result object $result = new WFFileSystemResult(); $complete = false; $contentType = JRequest::getVar('CONTENT_TYPE', '', 'SERVER'); // relative path $relative = WFUtility::makePath($dir, $name); // Only multipart uploading is supported for now if ($contentType && strpos($contentType, "multipart") !== false) { $result = $filesystem->upload('multipart', trim($file['tmp_name']), $dir, $name); if (!$result->state) { if (empty($result->message)) { $result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR'); } $result->code = 103; } @unlink($file['tmp_name']); $complete = true; } else { $result->state = false; $result->code = 103; $result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR'); $complete = true; } // upload finished if ($complete) { if ($result instanceof WFFileSystemResult) { if ($result->state === true) { $this->setResult($this->fireEvent('onUpload', array($result->path, $relative))); $this->setResult(basename($result->path), 'files'); } else { $this->setResult($result->message, 'error'); } } die(json_encode($this->getResult())); } }
/** * Upload a file. * @return array $error on failure or uploaded file name on success */ public function upload() { // Check for request forgeries WFToken::checkToken() or die; //JError::setErrorHandling(E_ALL, 'callback', array('WFError', 'raiseError')); // check for feature access if (!$this->checkFeature('upload')) { JError::raiseError(403, 'Access to this resource is restricted'); } jimport('joomla.filesystem.file'); // get uploaded file $file = JRequest::getVar('file', '', 'files', 'array'); // validate file data $this->validateUploadedFile($file); $wf = WFEditor::getInstance(); // HTTP headers for no cache etc //header('Content-type: text/plain; charset=UTF-8'); header('Content-Type: text/json;charset=UTF-8'); header("Expires: Wed, 4 Apr 1984 13:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M_Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); // get file name $name = JRequest::getVar('name', $file['name']); // target directory $dir = JRequest::getVar('upload-dir'); // deocode directory $dir = rawurldecode($dir); // check destination path WFUtility::checkPath($dir); // decode name $name = rawurldecode($name); // check file name WFUtility::checkPath($name); // check for invalid extensions if (preg_match('#\\.(php|phtml|pl|py|jsp|asp|shtml|sh|cgi)$#i', $name)) { throw new InvalidArgumentException('INVALID FILE NAME'); } // get extension $ext = WFUtility::getExtension($name); // strip extension $name = WFUtility::stripExtension($name); // make file name 'web safe' $name = WFUtility::makeSafe($name, $this->get('websafe_mode', 'utf-8'), $this->get('websafe_spaces'), $this->get('websafe_textcase')); // empty name if ($name == '') { throw new InvalidArgumentException('INVALID FILE NAME'); } // check for extension in file name if (preg_match('#\\.(php|php(3|4|5)|phtml|pl|py|jsp|asp|htm|html|shtml|sh|cgi)\\b#i', $name)) { throw new InvalidArgumentException('INVALID FILE NAME'); } $upload = $this->get('upload'); // add random string if ($upload['add_random']) { $name = $name . '_' . substr(md5(uniqid(rand(), 1)), 0, 5); } // rebuild file name - name + extension $name = $name . '.' . $ext; // create a filesystem result object $result = new WFFileSystemResult(); $filesystem = $this->getFileSystem(); $complete = false; $contentType = JRequest::getVar('CONTENT_TYPE', '', 'SERVER'); // Only multipart uploading is supported for now if ($contentType && strpos($contentType, "multipart") !== false) { $result = $filesystem->upload('multipart', trim($file['tmp_name']), $dir, $name); if (!$result->state) { $result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR'); $result->code = 103; } @unlink($file['tmp_name']); $complete = true; } else { $result->state = false; $result->code = 103; $result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR'); $complete = true; } // upload finished if ($complete) { if ($result instanceof WFFileSystemResult) { if ($result->state === true) { $path = $result->path; // get root dir eg: JPATH_SITE $root = substr($filesystem->getBaseDir(), 0, -strlen($filesystem->getRootDir())); // get relative path $relative = substr($path, strlen($root)); // clean $relative = WFUtility::cleanPath($relative, '/'); $this->setResult($this->fireEvent('onUpload', array($result->path, $relative))); $this->setResult(basename($result->path), 'files'); } else { $this->setResult($result->message, 'error'); } } die(json_encode($this->getResult())); } }