function file($field, $destination, $params = array())
{
$allowed = a::get($params, 'allowed', c::get('upload.allowed', array('image/jpeg', 'image/png', 'image/gif')));
$maxsize = a::get($params, 'maxsize', c::get('upload.maxsize', self::max_size()));
$overwrite = a::get($params, 'overwrite', c::get('upload.overwrite', true));
$sanitize = a::get($params, 'sanitize', true);
$file = a::get($_FILES, $field);
if (empty($file)) {
return array('status' => 'error', 'msg' => l::get('upload.errors.missing-file', 'The file has not been found'));
}
$name = a::get($file, 'name');
$type = a::get($file, 'type');
$tmp_name = a::get($file, 'tmp_name');
$error = a::get($file, 'error');
$size = a::get($file, 'size');
$msg = false;
$extension = self::mime_to_extension($type, 'jpg');
// convert the filename to a save name
$fname = $sanitize ? f::safe_name(f::name($name)) : f::name($name);
// setup the destination
$destination = str_replace('{name}', $fname, $destination);
$destination = str_replace('{extension}', $extension, $destination);
if (file_exists($destination) && $overwrite == false) {
return array('status' => 'error', 'msg' => l::get('upload.errors.file-exists', 'The file exists and cannot be overwritten'));
}
if (empty($tmp_name)) {
return array('status' => 'error', 'msg' => l::get('upload.errors.missing-file', 'The file has not been found'));
}
if ($error != 0) {
return array('status' => 'error', 'msg' => l::get('upload.errors.invalid-upload', 'The upload failed'));
}
if ($size > $maxsize) {
return array('status' => 'error', 'msg' => l::get('upload.errors.too-big', 'The file is too big'));
}
if (!in_array($type, $allowed)) {
return array('status' => 'error', 'msg' => l::get('upload.errors.invalid-file', 'The file type is not allowed') . ': ' . $type);
}
// try to change the permissions for the destination
@chmod(dirname($destination), 0777);
if (!@copy($tmp_name, $destination)) {
return array('status' => 'error', 'msg' => l::get('upload.errors.move-error', 'The file could not be moved to the server'));
}
// try to change the permissions for the final file
@chmod($destination, 0777);
return array('status' => 'success', 'msg' => l::get('upload.success', 'The file has been uploaded'), 'type' => $type, 'extension' => $extension, 'file' => $destination, 'size' => $size, 'name' => f::filename($destination));
}
/**
* A set of sanitizer methods
*
* @param string $string The string to sanitize
* @param string $type The method
* @param string $default The default value if the string will be empty afterwards
* @return string The sanitized string
*/
static function sanitize($string, $type = 'str', $default = null)
{
$string = stripslashes((string) $string);
$string = urldecode($string);
$string = str::utf8($string);
switch ($type) {
case 'int':
$string = (int) $string;
break;
case 'str':
$string = (string) $string;
break;
case 'array':
$string = (array) $string;
break;
case 'nohtml':
$string = self::unhtml($string);
break;
case 'noxml':
$string = self::unxml($string);
break;
case 'enum':
$string = in_array($string, array('y', 'n')) ? $string : $default;
$string = in_array($string, array('y', 'n')) ? $string : 'n';
break;
case 'checkbox':
$string = $string == 'on' ? 'y' : 'n';
break;
case 'url':
$string = v::url($string) ? $string : '';
break;
case 'email':
$string = v::email($string) ? $string : '';
break;
case 'plain':
$string = str::unxml($string);
$string = str::unhtml($string);
$string = str::trim($string);
break;
case 'lower':
$string = str::lower($string);
break;
case 'upper':
$string = str::upper($string);
break;
case 'words':
$string = str::sanitize($string, 'plain');
$string = preg_replace('/[^\\pL]/u', ' ', $string);
case 'tags':
$string = str::sanitize($string, 'plain');
$string = preg_replace('/[^\\pL\\pN]/u', ' ', $string);
$string = str::trim($string);
case 'nobreaks':
$string = str_replace('\\n', '', $string);
$string = str_replace('\\r', '', $string);
$string = str_replace('\\t', '', $string);
break;
case 'url':
$string = self::urlify($string);
break;
case 'filename':
$string = f::safe_name($string);
break;
}
return trim($string);
}
/**
* Upload image
*
* Requirement: Kirby
*
* @param string $name Name POSTNAME
* @return array
* @version 1.0 - 2011-01-12
*/
function secure_upload($options)
{
/*
$options['field'] // (required) source string
$options['path'] // (required) source string
*/
$options['image'] = isset($options['image']) ? $options['image'] : true;
// default true
$options['max_size'] = isset($options['max_size']) ? min($options['max_size'], server_maxupload()) : server_maxupload();
// default server max upload in bytes
if (empty($options['field']) || empty($options['path'])) {
return array('error' => 'Option field and path is required');
}
if (!isset($_FILES[$options['field']])) {
return array('error' => 'No file was selected');
}
// validate path
$upload_path = $options['path'];
$upload_path = rtrim($upload_path, '/') . '/';
if (@realpath($upload_path) !== false) {
$upload_path = str_replace("\\", "/", realpath($upload_path));
}
if (!file_exists($upload_path)) {
if (!@mkdir($upload_path, 0777)) {
return array('error' => 'Directory isnt writable');
}
chmod($upload_path, 0777);
}
if (!@is_dir($upload_path) || !is_writable($upload_path)) {
return array('error' => 'Directory isnt writable');
}
$upload_path = preg_replace("/(.+?)\\/*\$/", "\\1/", $upload_path);
// ?
// Remapping for loop
if (!is_array($_FILES[$options['field']]['tmp_name'])) {
$_FILES[$options['field']] = array_map(function ($item) {
return array($item);
}, $_FILES[$options['field']]);
}
$success = array();
foreach ($_FILES[$options['field']]['tmp_name'] as $key => $value) {
// Get upload info
$error = $_FILES[$options['field']]['error'][$key];
$name = $_FILES[$options['field']]['name'][$key];
$tmp_name = $_FILES[$options['field']]['tmp_name'][$key];
$size = $_FILES[$options['field']]['size'][$key];
$type = $_FILES[$options['field']]['type'][$key];
if (!is_uploaded_file($tmp_name) || $error != UPLOAD_ERR_OK) {
continue;
}
$type = preg_replace("/^(.+?);.*\$/", "\\1", $type);
// ?
$type = strtolower(trim(stripslashes($type), '"'));
$ext = f::extension($name);
$name = f::safe_name(f::name($name));
$name = substr($name, 0, 100);
// Check allowed file type
$image_types = array('gif', 'jpg', 'jpeg', 'png', 'jpe');
if ($options['image']) {
if (!in_array($ext, $image_types) || !is_image($type) || getimagesize($tmp_name) === false) {
continue;
}
}
// Check file size
if ($options['max_size'] < $size) {
continue;
}
// Unique filename
if (file_exists($upload_path . $name . "." . $ext)) {
$number = 1;
while (file_exists($upload_path . $name . $number . "." . $ext)) {
$number++;
}
$name = $name . $number;
}
// save
if (!@move_uploaded_file($tmp_name, $upload_path . $name . "." . $ext)) {
continue;
}
// TODO xss clean
$success[] = array('extension' => $ext, 'filename' => $name . "." . $ext, 'original_filename' => $_FILES[$options['field']]['name'][$key], 'name' => $name, 'size' => $size, 'nice_size' => f::nice_size($size), 'md5' => md5(file_get_contents($upload_path . $name . "." . $ext)));
}
return array('failed' => count($_FILES[$options['field']]['tmp_name']) - count($success), 'success' => $success);
}
$n = 0;
$skipped = array();
$errors = array();
foreach (array_reverse($posts) as $post) {
$n++;
$output = array();
if (empty($post['title']) || empty($post['slug'])) {
$errors[] = $post;
continue;
}
$output[] = 'title: ' . $post['title'];
$output[] = 'date: ' . date($dateformat, $post['date']);
$output[] = 'text: ' . "\n\n" . trim($post['text']);
$output[] = 'tags: ' . $post['tags'];
$output[] = 'categories: ' . $post['cats'];
$name = pad($n, $len) . '-' . f::safe_name($post['slug']);
$dir = $root . '/' . $name;
if (is_dir($dir)) {
$skipped[] = basename($dir);
continue;
}
dir::make($dir);
$content = implode("\n\n" . '----' . "\n\n", $output);
$file = $dir . '/' . $template;
f::write($file, $content);
}
putmessage('Exported ' . $n . ' articles to ' . $root . '<br /><br />');
if (!empty($errors)) {
putmessage(count($errors) . ' article(s) could not be imported<br /><br />');
}
if (!empty($skipped)) {
$n++;
$output = array();
if (empty($post->title) || empty($post->slug)) {
$errors[] = $post;
continue;
}
// collect tags
$tags = array();
foreach ($post->tags as $t) {
$tags[] = $t->name;
}
$output[] = 'title: ' . $post->title;
$output[] = 'date: ' . date($dateformat, strtotime($post->display_date));
$output[] = 'text: ' . "\n\n" . trim($post->body_full);
$output[] = 'tags: ' . implode(', ', $tags);
$name = pad($n, $len) . '-' . f::safe_name(basename($post->slug));
$dir = $root . '/' . $name;
if (is_dir($dir)) {
$skipped[] = basename($dir);
continue;
}
dir::make($dir);
$content = implode("\n\n" . '----' . "\n\n", $output);
$file = $dir . '/' . $template;
f::write($file, $content);
}
putmessage('Exported ' . $n . ' articles to ' . $root . '<br /><br />');
if (!empty($errors)) {
putmessage(count($errors) . ' article(s) could not be imported<br /><br />');
}
if (!empty($skipped)) {
