/** * @return array * @throws Xapp_XFile_Exception */ public function put() { xapp_import('xapp.Path.Utils'); xapp_import('xapp.Utils.SystemTextEncoding'); $vars = array_merge($_GET, $_POST); $dstIn = '/'; $mount = '/'; if (array_key_exists('dstDir', $vars)) { $dstIn = XApp_Path_Utils::decodeSecureMagic($vars['dstDir']); } if (array_key_exists('mount', $vars)) { $mount = preg_replace('@[/\\\\]@', '', XApp_Path_Utils::decodeSecureMagic($vars['mount'])); } if ($dstIn === '.') { $dstIn = '/'; } $vfs = $this->getFileSystem($mount); $destination = $vfs->toRealPath(XApp_Path_Utils::normalizePath($mount . DIRECTORY_SEPARATOR . $dstIn)); $errors = array(); if (!$this->isLocal($mount, $this->getFSResources())) { return $this->putRemote($mount, $destination); } //writable check if (!is_writable($destination)) { throw new Xapp_XFile_Exception(XAPP_TEXT_FORMATTED('DIRECTORY_NOT_WRITEABLE', array($destination), 55100)); } //parse files $fileVars = $_FILES; foreach ($fileVars as $boxName => $boxData) { if (substr($boxName, 0, 9) != "userfile_") { continue; } $err = self::parseFileDataErrors($boxData); if ($err != null) { $errorMessage = $err[1]; $errors[] = XAPP_TEXT_FORMATTED('Error with upload %s', array($errorMessage)); continue; } //basic sanitize $userfile_name = $boxData["name"]; $userfile_name = XApp_Path_Utils::sanitizeEx(XApp_SystemTextEncoding::fromPostedFileName($userfile_name), XApp_Path_Utils::SANITIZE_HTML_STRICT); $userfile_name = substr($userfile_name, 0, 128); //rename if needed! $autorename = xapp_get_option(self::AUTO_RENAME); if ($autorename) { $userfile_name = self::autoRenameForDest($destination, $userfile_name); } /*** * file extension check */ $ext = pathinfo(strtolower($userfile_name), PATHINFO_EXTENSION); $allowable = explode(',', xapp_get_option(self::UPLOAD_EXTENSIONS, $this)); if ($ext == '' || $ext == false || !in_array($ext, $allowable)) { $errors[] = XAPP_TEXT_FORMATTED('UPLOAD_EXTENSIONS_NOT_ALLOWED', array($userfile_name, $ext)); xapp_clog('file not allowed'); continue; } try { //no need anymore if (file_exists($destination . "/" . $userfile_name)) { } } catch (Exception $e) { $errorMessage = $e->getMessage(); $errors[] = XAPP_TEXT_FORMATTED('UPLOAD_UNKOWN_ERROR', array($userfile_name, $errorMessage)); break; } if (isset($boxData["input_upload"])) { try { $input = fopen("php://input", "r"); $output = fopen("{$destination}/" . $userfile_name, "w"); $sizeRead = 0; while ($sizeRead < intval($boxData["size"])) { $chunk = fread($input, 4096); $sizeRead += strlen($chunk); fwrite($output, $chunk, strlen($chunk)); } fclose($input); fclose($output); } catch (Exception $e) { $errorMessage = $e->getMessage(); $errors[] = XAPP_TEXT_FORMATTED('UPLOAD_UNKOWN_ERROR', array($userfile_name, $errorMessage)); break; } } else { $result = @move_uploaded_file($boxData["tmp_name"], "{$destination}/" . $userfile_name); if (!$result) { $realPath = $destination . DIRECTORY_SEPARATOR . $userfile_name; $result = move_uploaded_file($boxData["tmp_name"], $realPath); } if (!$result) { $errors[] = XAPP_TEXT_FORMATTED('UPLOAD_UNKOWN_ERROR', array($userfile_name)); break; } } } return $errors; }