示例#1
0
 /**
  * Upload a file.
  * @return array $error on failure or uploaded file name on success
  */
 public function upload()
 {
     // Check for request forgeries
     WFToken::checkToken() or die;
     //JError::setErrorHandling(E_ALL, 'callback', array('WFError', 'raiseError'));
     // check for feature access
     if (!$this->checkFeature('upload')) {
         JError::raiseError(403, 'RESTRICTED ACCESS');
     }
     $wf = WFEditor::getInstance();
     jimport('joomla.filesystem.file');
     // HTTP headers for no cache etc
     //header('Content-type: text/plain; charset=UTF-8');
     header("Expires: Wed, 4 Apr 1984 13:00:00 GMT");
     header("Last-Modified: " . gmdate("D, d M_Y H:i:s") . " GMT");
     header("Cache-Control: no-store, no-cache, must-revalidate");
     header("Cache-Control: post-check=0, pre-check=0", false);
     header("Pragma: no-cache");
     // get uploaded file
     $file = JRequest::getVar('file', '', 'files', 'array');
     // get file name
     $name = JRequest::getVar('name', $file['name']);
     // target directory
     $dir = JRequest::getVar('upload-dir');
     // deocode directory
     $dir = rawurldecode($dir);
     // check destination path
     WFUtility::checkPath($dir);
     // decode name
     $name = rawurldecode($name);
     // get extension
     $ext = WFUtility::getExtension($name);
     // strip extension
     $name = WFUtility::stripExtension($name);
     // make file name 'web safe'
     $name = WFUtility::makeSafe($name, $this->get('websafe_mode', 'utf-8'));
     // empty name
     if ($name == '') {
         JError::raiseError(403, 'INVALID FILE NAME');
     }
     // check for extension in file name or blank file name
     if (preg_match('#\\.(php|php(3|4|5)|phtml|pl|py|jsp|asp|htm|shtml|sh|cgi)#i', $name)) {
         JError::raiseError(403, 'INVALID FILE NAME');
     }
     // create a filesystem result object
     $result = new WFFileSystemResult();
     $filesystem = $this->getFileSystem();
     $complete = false;
     $contentType = JRequest::getVar('CONTENT_TYPE', '', 'SERVER');
     // rebuild file name - name + extension
     $name = $name . '.' . $ext;
     // Only multipart uploading is supported for now
     if ($contentType && strpos($contentType, "multipart") !== false) {
         if (isset($file['tmp_name']) && is_uploaded_file($file['tmp_name'])) {
             // check for valid extension
             if (in_array(strtolower($ext), $this->getFileTypes('array')) === false) {
                 $result->state = false;
                 $result->message = WFText::_('WF_MANAGER_UPLOAD_INVALID_EXT_ERROR');
                 $complete = true;
                 @unlink($file['tmp_name']);
             } else {
                 if ($this->validateUploadedFile($file, $result) === false) {
                     $complete = true;
                     @unlink($file['tmp_name']);
                 } else {
                     $result = $filesystem->upload('multipart', trim($file['tmp_name']), $dir, $name);
                     if (!$result->state) {
                         $result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR');
                         $result->code = 103;
                     }
                     @unlink($file['tmp_name']);
                     $complete = true;
                 }
             }
         }
     } else {
         $result->state = false;
         $result->code = 103;
         $result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR');
         $complete = true;
     }
     // upload finished
     if ($complete) {
         if ($result instanceof WFFileSystemResult) {
             if ($result->state === true) {
                 $path = $result->path;
                 $this->setResult($this->fireEvent('onUpload', array($result->path)));
                 $this->setResult(basename($result->path), 'files');
             } else {
                 $this->setResult($result->message, 'error');
             }
         }
         die(json_encode($this->getResult()));
     }
 }
示例#2
0
文件: browser.php 项目: grlf/eyedock
 /**
  * Upload a file.
  * @return array $error on failure or uploaded file name on success
  */
 public function upload()
 {
     // Check for request forgeries
     WFToken::checkToken() or die;
     // check for feature access
     if (!$this->checkFeature('upload')) {
         JError::raiseError(403, 'Access to this resource is restricted');
     }
     $filesystem = $this->getFileSystem();
     jimport('joomla.filesystem.file');
     header('Content-Type: text/json;charset=UTF-8');
     header("Expires: Wed, 4 Apr 1984 13:00:00 GMT");
     header("Last-Modified: " . gmdate("D, d M_Y H:i:s") . " GMT");
     header("Cache-Control: no-store, no-cache, must-revalidate");
     header("Cache-Control: post-check=0, pre-check=0", false);
     header("Pragma: no-cache");
     // get uploaded file
     $file = JRequest::getVar('file', '', 'files', 'array');
     // validate file data
     $this->validateUploadedFile($file);
     // get file name
     $name = JRequest::getVar('name', $file['name']);
     // decode name
     $name = rawurldecode($name);
     // check name
     if (WFUtility::validateFileName($name) === false) {
         throw new InvalidArgumentException('Upload Failed: The file name contains an invalid extension.');
     }
     // check file name
     WFUtility::checkPath($name);
     // get extension from file name
     $ext = WFUtility::getExtension($file['name']);
     // trim extension
     $ext = trim($ext);
     // check extension exists
     if (empty($ext) || $ext === $file['name']) {
         throw new InvalidArgumentException('Upload Failed: The file name does not contain a valid extension.');
     }
     // strip extension
     $name = WFUtility::stripExtension($name);
     // make file name 'web safe'
     $name = WFUtility::makeSafe($name, $this->get('websafe_mode', 'utf-8'), $this->get('websafe_spaces'), $this->get('websafe_textcase'));
     // check name
     if (WFUtility::validateFileName($name) === false) {
         throw new InvalidArgumentException('Upload Failed: The file name contains an invalid extension.');
     }
     // target directory
     $dir = JRequest::getVar('upload-dir');
     // deocode directory
     $dir = rawurldecode($dir);
     // check destination path
     WFUtility::checkPath($dir);
     $upload = $this->get('upload');
     // Check file number limits
     if (!empty($upload['total_files'])) {
         if ($filesystem->countFiles($dir, true) > $upload['total_files']) {
             throw new InvalidArgumentException(WFText::_('WF_MANAGER_FILE_LIMIT_ERROR'));
         }
     }
     // Check total file size limit
     if (!empty($upload['total_size'])) {
         $size = $filesystem->getTotalSize($dir);
         if ($size / 1024 / 1024 > $upload['total_size']) {
             throw new InvalidArgumentException(WFText::_('WF_MANAGER_FILE_SIZE_LIMIT_ERROR'));
         }
     }
     // add random string
     if ($upload['add_random']) {
         $name = $name . '_' . substr(md5(uniqid(rand(), 1)), 0, 5);
     }
     // rebuild file name - name + extension
     $name = $name . '.' . $ext;
     // create a filesystem result object
     $result = new WFFileSystemResult();
     $complete = false;
     $contentType = JRequest::getVar('CONTENT_TYPE', '', 'SERVER');
     // relative path
     $relative = WFUtility::makePath($dir, $name);
     // Only multipart uploading is supported for now
     if ($contentType && strpos($contentType, "multipart") !== false) {
         $result = $filesystem->upload('multipart', trim($file['tmp_name']), $dir, $name);
         if (!$result->state) {
             if (empty($result->message)) {
                 $result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR');
             }
             $result->code = 103;
         }
         @unlink($file['tmp_name']);
         $complete = true;
     } else {
         $result->state = false;
         $result->code = 103;
         $result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR');
         $complete = true;
     }
     // upload finished
     if ($complete) {
         if ($result instanceof WFFileSystemResult) {
             if ($result->state === true) {
                 $this->setResult($this->fireEvent('onUpload', array($result->path, $relative)));
                 $this->setResult(basename($result->path), 'files');
             } else {
                 $this->setResult($result->message, 'error');
             }
         }
         die(json_encode($this->getResult()));
     }
 }
 /**
  * Upload a file.
  * @return array $error on failure or uploaded file name on success
  */
 public function upload()
 {
     // Check for request forgeries
     WFToken::checkToken() or die;
     //JError::setErrorHandling(E_ALL, 'callback', array('WFError', 'raiseError'));
     // check for feature access
     if (!$this->checkFeature('upload')) {
         JError::raiseError(403, 'Access to this resource is restricted');
     }
     jimport('joomla.filesystem.file');
     // get uploaded file
     $file = JRequest::getVar('file', '', 'files', 'array');
     // validate file data
     $this->validateUploadedFile($file);
     $wf = WFEditor::getInstance();
     // HTTP headers for no cache etc
     //header('Content-type: text/plain; charset=UTF-8');
     header('Content-Type: text/json;charset=UTF-8');
     header("Expires: Wed, 4 Apr 1984 13:00:00 GMT");
     header("Last-Modified: " . gmdate("D, d M_Y H:i:s") . " GMT");
     header("Cache-Control: no-store, no-cache, must-revalidate");
     header("Cache-Control: post-check=0, pre-check=0", false);
     header("Pragma: no-cache");
     // get file name
     $name = JRequest::getVar('name', $file['name']);
     // target directory
     $dir = JRequest::getVar('upload-dir');
     // deocode directory
     $dir = rawurldecode($dir);
     // check destination path
     WFUtility::checkPath($dir);
     // decode name
     $name = rawurldecode($name);
     // check file name
     WFUtility::checkPath($name);
     // check for invalid extensions
     if (preg_match('#\\.(php|phtml|pl|py|jsp|asp|shtml|sh|cgi)$#i', $name)) {
         throw new InvalidArgumentException('INVALID FILE NAME');
     }
     // get extension
     $ext = WFUtility::getExtension($name);
     // strip extension
     $name = WFUtility::stripExtension($name);
     // make file name 'web safe'
     $name = WFUtility::makeSafe($name, $this->get('websafe_mode', 'utf-8'), $this->get('websafe_spaces'), $this->get('websafe_textcase'));
     // empty name
     if ($name == '') {
         throw new InvalidArgumentException('INVALID FILE NAME');
     }
     // check for extension in file name
     if (preg_match('#\\.(php|php(3|4|5)|phtml|pl|py|jsp|asp|htm|html|shtml|sh|cgi)\\b#i', $name)) {
         throw new InvalidArgumentException('INVALID FILE NAME');
     }
     $upload = $this->get('upload');
     // add random string
     if ($upload['add_random']) {
         $name = $name . '_' . substr(md5(uniqid(rand(), 1)), 0, 5);
     }
     // rebuild file name - name + extension
     $name = $name . '.' . $ext;
     // create a filesystem result object
     $result = new WFFileSystemResult();
     $filesystem = $this->getFileSystem();
     $complete = false;
     $contentType = JRequest::getVar('CONTENT_TYPE', '', 'SERVER');
     // Only multipart uploading is supported for now
     if ($contentType && strpos($contentType, "multipart") !== false) {
         $result = $filesystem->upload('multipart', trim($file['tmp_name']), $dir, $name);
         if (!$result->state) {
             $result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR');
             $result->code = 103;
         }
         @unlink($file['tmp_name']);
         $complete = true;
     } else {
         $result->state = false;
         $result->code = 103;
         $result->message = WFText::_('WF_MANAGER_UPLOAD_ERROR');
         $complete = true;
     }
     // upload finished
     if ($complete) {
         if ($result instanceof WFFileSystemResult) {
             if ($result->state === true) {
                 $path = $result->path;
                 // get root dir eg: JPATH_SITE
                 $root = substr($filesystem->getBaseDir(), 0, -strlen($filesystem->getRootDir()));
                 // get relative path
                 $relative = substr($path, strlen($root));
                 // clean
                 $relative = WFUtility::cleanPath($relative, '/');
                 $this->setResult($this->fireEvent('onUpload', array($result->path, $relative)));
                 $this->setResult(basename($result->path), 'files');
             } else {
                 $this->setResult($result->message, 'error');
             }
         }
         die(json_encode($this->getResult()));
     }
 }