public static function decodeSecureMagic($data, $sanitizeLevel = self::SANITIZE_HTML)
{
xapp_import('xapp.Utils.SystemTextEncoding');
return XApp_SystemTextEncoding::fromUTF8(self::sanitizeEx(self::securePath(XApp_SystemTextEncoding::magicDequote($data)), $sanitizeLevel));
}
/**
* @return array
* @throws Xapp_XFile_Exception
*/
public function put()
{
xapp_import('xapp.Path.Utils');
xapp_import('xapp.Utils.SystemTextEncoding');
$vars = array_merge($_GET, $_POST);
$dstIn = '/';
$mount = '/';
if (array_key_exists('dstDir', $vars)) {
$dstIn = XApp_Path_Utils::decodeSecureMagic($vars['dstDir']);
}
if (array_key_exists('mount', $vars)) {
$mount = preg_replace('@[/\\\\]@', '', XApp_Path_Utils::decodeSecureMagic($vars['mount']));
}
if ($dstIn === '.') {
$dstIn = '/';
}
$vfs = $this->getFileSystem($mount);
$destination = $vfs->toRealPath(XApp_Path_Utils::normalizePath($mount . DIRECTORY_SEPARATOR . $dstIn));
$errors = array();
if (!$this->isLocal($mount, $this->getFSResources())) {
return $this->putRemote($mount, $destination);
}
//writable check
if (!is_writable($destination)) {
throw new Xapp_XFile_Exception(XAPP_TEXT_FORMATTED('DIRECTORY_NOT_WRITEABLE', array($destination), 55100));
}
//parse files
$fileVars = $_FILES;
foreach ($fileVars as $boxName => $boxData) {
if (substr($boxName, 0, 9) != "userfile_") {
continue;
}
$err = self::parseFileDataErrors($boxData);
if ($err != null) {
$errorMessage = $err[1];
$errors[] = XAPP_TEXT_FORMATTED('Error with upload %s', array($errorMessage));
continue;
}
//basic sanitize
$userfile_name = $boxData["name"];
$userfile_name = XApp_Path_Utils::sanitizeEx(XApp_SystemTextEncoding::fromPostedFileName($userfile_name), XApp_Path_Utils::SANITIZE_HTML_STRICT);
$userfile_name = substr($userfile_name, 0, 128);
//rename if needed!
$autorename = xapp_get_option(self::AUTO_RENAME);
if ($autorename) {
$userfile_name = self::autoRenameForDest($destination, $userfile_name);
}
/***
* file extension check
*/
$ext = pathinfo(strtolower($userfile_name), PATHINFO_EXTENSION);
$allowable = explode(',', xapp_get_option(self::UPLOAD_EXTENSIONS, $this));
if ($ext == '' || $ext == false || !in_array($ext, $allowable)) {
$errors[] = XAPP_TEXT_FORMATTED('UPLOAD_EXTENSIONS_NOT_ALLOWED', array($userfile_name, $ext));
xapp_clog('file not allowed');
continue;
}
try {
//no need anymore
if (file_exists($destination . "/" . $userfile_name)) {
}
} catch (Exception $e) {
$errorMessage = $e->getMessage();
$errors[] = XAPP_TEXT_FORMATTED('UPLOAD_UNKOWN_ERROR', array($userfile_name, $errorMessage));
break;
}
if (isset($boxData["input_upload"])) {
try {
$input = fopen("php://input", "r");
$output = fopen("{$destination}/" . $userfile_name, "w");
$sizeRead = 0;
while ($sizeRead < intval($boxData["size"])) {
$chunk = fread($input, 4096);
$sizeRead += strlen($chunk);
fwrite($output, $chunk, strlen($chunk));
}
fclose($input);
fclose($output);
} catch (Exception $e) {
$errorMessage = $e->getMessage();
$errors[] = XAPP_TEXT_FORMATTED('UPLOAD_UNKOWN_ERROR', array($userfile_name, $errorMessage));
break;
}
} else {
$result = @move_uploaded_file($boxData["tmp_name"], "{$destination}/" . $userfile_name);
if (!$result) {
$realPath = $destination . DIRECTORY_SEPARATOR . $userfile_name;
$result = move_uploaded_file($boxData["tmp_name"], $realPath);
}
if (!$result) {
$errors[] = XAPP_TEXT_FORMATTED('UPLOAD_UNKOWN_ERROR', array($userfile_name));
break;
}
}
}
return $errors;
}
/**
*
* Copies $srcDir into $dstDirectory across multiple mount points
*
* @param $srcDir : expects sanitized absolute directory
* @param $dstDirectory : expects sanitized absolute directory, if it doesn't exists, create it!
* @param array $options : [recursive (true/false) default true, timeout (seconds) default 60, overwriteModus : XAPP_XFILE_OVERWRITE_NONE | XAPP_XFILE_OVERWRITE_ALL | XAPP_XFILE_OVERWRITE_IF_SIZE_DIFFERS
* @param array|string $inclusionMask : null means all, if its a string : it must compatible to a scandir query, if its a string its a regular expression
* @param array|string $exclusionMask : null means all, otherwise it must compatible to a scandir query,if its a string its a regular expression
* @param $error : a pointer to an array reference, please track all errors and don't abort! Check __copyOrMoveFile below how to write the error messages right!
* @param $success : track all copied items here
*/
public function copy($selection, $dst, $options = array(), $inclusionMask = array(), $exclusionMask = array(), &$error, &$success, $mode)
{
if ($this->isRemoteOperation($selection[0], $dst)) {
}
$dstDirectory = $this->toRealPath($dst);
if (file_exists($dstDirectory) && !is_writable($dstDirectory)) {
throw new Xapp_XFile_Exception(XAPP_TEXT_FORMATTED('DIRECTORY_NOT_WRITEABLE', array($dstDirectory), 55100));
}
foreach ($selection as $selectedFile) {
$itemPath = $this->toRealPath($selectedFile);
if (is_dir($itemPath)) {
$dstFile = $dstDirectory . DIRECTORY_SEPARATOR . basename($itemPath);
XApp_File_Utils::copyDirectory(XApp_Directory_Utils::normalizePath($itemPath, false), XApp_Directory_Utils::normalizePath($dstFile, false), array(XApp_File_Utils::OPTION_RECURSIVE => true, XApp_File_Utils::OPTION_CONFLICT_MODUS => $mode), $inclusionMask, $exclusionMask, $error, $success);
} else {
if (is_file($itemPath)) {
$destFile = $dstDirectory . DIRECTORY_SEPARATOR . basename($itemPath);
if (!is_readable($itemPath)) {
$error[] = XAPP_TEXT_FORMATTED('CAN_NOT_READ_FILE', array(basename($itemPath)));
continue;
}
// auto rename file
if (file_exists($destFile)) {
$base = basename($destFile);
$ext = '';
$dotPos = strrpos($base, ".");
if ($dotPos > -1) {
$radic = substr($base, 0, $dotPos);
$ext = substr($base, $dotPos);
}
$i = 1;
$newName = $base;
while (file_exists($dstDirectory . "/" . $newName)) {
$suffix = "-{$i}";
if (isset($radic)) {
$newName = $radic . $suffix . $ext;
} else {
$newName = $base . $suffix;
}
$i++;
}
$destFile = $dstDirectory . "/" . $newName;
}
if (!file_exists($dstDirectory)) {
$error[] = XAPP_TEXT_FORMATTED('DIRECTORY_DOES_NOT_EXISTS', array(basename($dstDirectory)));
continue;
}
try {
copy($itemPath, $destFile);
// Like `cp`, preserve executable permission bits
@chmod($destFile, fileperms($destFile) | fileperms($itemPath) & 0111);
} catch (Exception $e) {
$error[] = $e->getMessage();
return $error;
}
$success[] = XAPP_TEXT('THE_FILE') . " " . XApp_SystemTextEncoding::toUTF8(basename($itemPath)) . " " . XAPP_TEXT('HAS_BEEN_COPIED') . " " . XApp_SystemTextEncoding::toUTF8($dst);
}
}
}
return $error;
}
/**
* Transform a string from current charset to utf8
* @static
* @param string $filesystemElement
* @param bool $test Test if it's already UTF8 or not, to avoid double-encoding
* @return string
*/
static function toUTF8($filesystemElement, $test = true)
{
if ($test && XApp_SystemTextEncoding::isUtf8($filesystemElement)) {
return $filesystemElement;
}
$enc = XApp_SystemTextEncoding::getEncoding();
return XApp_SystemTextEncoding::changeCharset($enc, "UTF-8", $filesystemElement);
}
