/** * Add file for the image manager */ function imanager_addfile() { if (!empty($_POST)) foreach ($_POST as $k => $v) ${$k} = StopXSS($v); if (!icms::$security->check()) { redirect_header($_SERVER['SCRIPT_NAME'] . '?op=list&target=' . $target . '&type=' . $type, 3, implode('<br />', icms::$security->getErrors())); } $imgcat_handler = icms::handler('icms_image_category'); $imagecategory =& $imgcat_handler->get($imgcat_id); if (!is_object($imagecategory)) { redirect_header($_SERVER['SCRIPT_NAME'] . '?op=list&target=' . $target . '&type=' . $type, 1); } $categ_path = $imgcat_handler->getCategFolder($imagecategory); if ($imagecategory->getVar('imgcat_storetype') == 'db') { $updir = ICMS_IMANAGER_FOLDER_PATH; } else { $updir = $categ_path; } $uploader = new icms_file_MediaUploadHandler($updir, array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png', 'image/png', 'image/bmp'), $imagecategory->getVar('imgcat_maxsize'), $imagecategory->getVar('imgcat_maxwidth'), $imagecategory->getVar('imgcat_maxheight')); $uploader->setPrefix('img'); $err = array(); $ucount = count($_POST['xoops_upload_file']); for ($i = 0; $i < $ucount; $i++) { if ($uploader->fetchMedia($_POST['xoops_upload_file'][$i])) { if (!$uploader->upload()) { $err[] = $uploader->getErrors(); } else { $image_handler = icms::handler('icms_image'); $image =& $image_handler->create(); $image->setVar('image_name', $uploader->getSavedFileName()); $image->setVar('image_nicename', $image_nicename); $image->setVar('image_mimetype', $uploader->getMediaType()); $image->setVar('image_created', time()); $image_display = empty($image_display) ? 0 : 1; $image->setVar('image_display', $image_display); $image->setVar('image_weight', $image_weight); $image->setVar('imgcat_id', $imgcat_id); if ($imagecategory->getVar('imgcat_storetype') == 'db') { $fp = @fopen($uploader->getSavedDestination(), 'rb'); $fbinary = @fread($fp, filesize($uploader->getSavedDestination())); @fclose($fp); $image->setVar('image_body', $fbinary, TRUE); @unlink($uploader->getSavedDestination()); } if (!$image_handler->insert($image)) { $err[] = sprintf(_FAILSAVEIMG, $image->getVar('image_nicename')); } } } else { $err[] = sprintf(_FAILFETCHIMG, $i); $err = array_merge($err, $uploader->getErrors(FALSE)); } } if (count($err) > 0) { icmsPopupHeader(); icms_core_Message::error($err); icmsPopupFooter(); exit(); } if (isset($imgcat_id)) { $redir = '?op=listimg&imgcat_id=' . $imgcat_id . '&target=' . $target . '&type=' . $type; } else { $redir = '?op=list&target=' . $target . '&type=' . $type; } redirect_header($_SERVER['SCRIPT_NAME'] . $redir, 2, _ICMS_DBUPDATED); }
/** * Returns a value ready to be saved in the database * * @param mixed $value Value to format * @param mixed $oldvalue old value * * @return mixed */ public function getValueForSave($value, $oldvalue) { switch ($this->getVar('field_type')) { default: case "textbox": case "textarea": case "dhtml": case "yesno": case "timezone": case "theme": case "language": case "select": case "radio": case "select_multi": case "checkbox": case "group": case "group_multi": case "longdate": return $value; case "date": if ($value != "") { return strtotime($value); } return $value; break; case "datetime": if ($value != "") { return strtotime($value['date']) + $value['time']; } return $value; break; case "image": if (!isset($_FILES[$_POST['xoops_upload_file'][0]])) { return $oldvalue; } $options = unserialize($this->getVar('field_options', 'n')); $dirname = ICMS_UPLOAD_PATH . '/' . basename(dirname(dirname(__FILE__))); if (!is_dir($dirname)) { mkdir($dirname); } $uploader = new icms_file_MediaUploadHandler($dirname, array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png', 'image/png'), $options['maxsize'] * 1024, $options['maxwidth'], $options['maxheight']); if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) { $uploader->setPrefix('image'); if ($uploader->upload()) { @unlink($dirname . '/' . $oldvalue); return $uploader->getSavedFileName(); } else { echo $uploader->getErrors(); return $oldvalue; } } else { echo $uploader->getErrors(); return $oldvalue; } break; } }
} if ($op == 'addfile') { if (!icms::$security->check()) { redirect_header('admin.php?fct=avatars', 3, implode('<br />', icms::$security->getErrors())); } $uploader = new icms_file_MediaUploadHandler(ICMS_UPLOAD_PATH, array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png', 'image/png'), $icmsConfigUser['avatar_maxsize'], $icmsConfigUser['avatar_width'], $icmsConfigUser['avatar_height']); $uploader->setPrefix('savt'); $err = array(); if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) { if (!$uploader->upload()) { $err[] = $uploader->getErrors(); } else { $avt_handler = icms::handler('icms_data_avatar'); $avatar =& $avt_handler->create(); $avatar->setVar('avatar_file', $uploader->getSavedFileName()); $avatar->setVar('avatar_name', $avatar_name); $avatar->setVar('avatar_mimetype', $uploader->getMediaType()); $avatar_display = empty($avatar_display) ? 0 : 1; $avatar->setVar('avatar_display', $avatar_display); $avatar->setVar('avatar_weight', $avatar_weight); $avatar->setVar('avatar_type', 'S'); if (!$avt_handler->insert($avatar)) { $err[] = sprintf(_FAILSAVEIMG, $avatar->getVar('avatar_name')); } } } else { $err = array_merge($err, $uploader->getErrors(FALSE)); } if (count($err) > 0) { icms_cp_header();
} $uid = 0; if (!empty($_POST['uid'])) { $uid = (int) $_POST['uid']; } if (empty($uid) || icms::$user->getVar('uid') != $uid) { redirect_header('index.php', 3, _MD_PROFILE_NOEDITRIGHT); } if ($icmsConfigUser['avatar_allow_upload'] == 1 && icms::$user->getVar('posts') >= $icmsConfigUser['avatar_minposts']) { $uploader = new icms_file_MediaUploadHandler(ICMS_UPLOAD_PATH, array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png', 'image/png'), $icmsConfigUser['avatar_maxsize'], $icmsConfigUser['avatar_width'], $icmsConfigUser['avatar_height']); if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) { $uploader->setPrefix('cavt'); if ($uploader->upload()) { $avt_handler = icms::handler('icms_data_avatar'); $avatar = $avt_handler->create(); $avatar->setVar('avatar_file', $uploader->getSavedFileName()); $avatar->setVar('avatar_name', icms::$user->getVar('uname')); $avatar->setVar('avatar_mimetype', $uploader->getMediaType()); $avatar->setVar('avatar_display', 1); $avatar->setVar('avatar_type', 'C'); if (!$avt_handler->insert($avatar)) { @unlink($uploader->getSavedDestination()); } else { $oldavatar = icms::$user->getVar('user_avatar'); if (!empty($oldavatar) && $oldavatar != 'blank.gif' && !preg_match("/^savt/", strtolower($oldavatar))) { $avatars = $avt_handler->getObjects(new icms_db_criteria_Item('avatar_file', $oldavatar)); $avt_handler->delete($avatars[0]); $oldavatar_path = str_replace("\\", "/", realpath(ICMS_UPLOAD_PATH . '/' . $oldavatar)); if (0 === strpos($oldavatar_path, ICMS_UPLOAD_PATH) && is_file($oldavatar_path)) { unlink($oldavatar_path); }
/** * * @param obj $icmsObj Object * @param int $objectid * @param str $created_success_msg Message to display on successful creation * @param str $modified_success_msg Message to display on successful modification * @param bool $redirect_page Whether to redirect afterwards, or not * @param bool $debug Whether to display debug information, or not */ public function &doStoreFromDefaultForm(&$icmsObj, $objectid, $created_success_msg, $modified_success_msg, $redirect_page = false, $debug = false) { global $impresscms; $this->postDataToObject($icmsObj); if ($icmsObj->isNew()) { $redirect_msg = $created_success_msg; } else { $redirect_msg = $modified_success_msg; } // Check if there were uploaded files $uploaderResult = true; if (isset($_POST['icms_upload_image']) || isset($_POST['icms_upload_file'])) { $uploaderObj = new icms_file_MediaUploadHandler($icmsObj->getImageDir(true), $this->handler->_allowedMimeTypes, $this->handler->_maxFileSize, $this->handler->_maxWidth, $this->handler->_maxHeight); foreach ($_FILES as $name => $file_array) { if (isset($file_array['name']) && $file_array['name'] != "" && in_array(str_replace('upload_', '', $name), array_keys($icmsObj->vars))) { if ($uploaderObj->fetchMedia($name)) { $uploaderObj->setTargetFileName(time() . "_" . $uploaderObj->getMediaName()); if ($uploaderObj->upload()) { $uploaderResult = $uploaderResult && true; // Find the related field in the icms_ipf_Object $related_field = str_replace('upload_', '', $name); $uploadedArray[] = $related_field; // if it's a richfile if ($icmsObj->vars[$related_field]['data_type'] == XOBJ_DTYPE_FILE) { $object_fileurl = $icmsObj->getUploadDir(); $fileObj = $icmsObj->getFileObj($related_field); $fileObj->setVar('url', $object_fileurl . $uploaderObj->getSavedFileName()); $fileObj->setVar('mid', $_POST['mid_' . $related_field]); $fileObj->setVar('caption', $_POST['caption_' . $related_field]); $fileObj->setVar('description', $_POST['desc_' . $related_field]); $icmsObj->storeFileObj($fileObj); $icmsObj->setVar($related_field, $fileObj->getVar('fileid')); } else { $eventResult = $this->handler->executeEvent('beforeFileUnlink', $icmsObj); if (!$eventResult) { $icmsObj->setErrors("An error occured during the beforeFileUnlink event"); $uploaderResult = $uploaderResult && false; } $old_file = $icmsObj->getUploadDir(true) . $icmsObj->getVar($related_field); if (is_file($old_file)) { unlink($old_file); } $icmsObj->setVar($related_field, $uploaderObj->getSavedFileName()); $eventResult = $this->handler->executeEvent('afterFileUnlink', $icmsObj); if (!$eventResult) { $icmsObj->setErrors("An error occured during the afterFileUnlink event"); $uploaderResult = $uploaderResult && false; } } } else { $icmsObj->setErrors($uploaderObj->getErrors(false)); $uploaderResult = $uploaderResult && false; } } else { $icmsObj->setErrors($uploaderObj->getErrors(false)); $uploaderResult = $uploaderResult && false; } } } } if ($uploaderResult) { if ($debug) { $storeResult = $this->handler->insertD($icmsObj); } else { $storeResult = $this->handler->insert($icmsObj); } } else { $storeResult = false; } if ($storeResult) { if ($this->handler->getPermissions()) { $icmspermissions_handler = new icms_ipf_permission_Handler($this->handler); $icmspermissions_handler->storeAllPermissionsForId($icmsObj->id()); } } if ($redirect_page === null) { return $icmsObj; } else { if (!$storeResult) { redirect_header($impresscms->urls['previouspage'], 3, _CO_ICMS_SAVE_ERROR . $icmsObj->getHtmlErrors()); } else { $redirect_page = $redirect_page ? $redirect_page : icms_get_page_before_form(); redirect_header($redirect_page, 2, $redirect_msg); } } }
$id = isset($_POST['id']) ? (int) $_POST['id'] : 0; if ($id <= 0 | !icms::$security->check()) { redirect_header('admin.php?fct=smilies', 3, implode('<br />', icms::$security->getErrors())); } $smile_code = icms_core_DataFilter::stripSlashesGPC($_POST['smile_code']); $smile_desc = icms_core_DataFilter::stripSlashesGPC($_POST['smile_desc']); $smile_display = (int) $_POST['smile_display'] > 0 ? 1 : 0; $db =& icms_db_Factory::instance(); if ($_FILES['smile_url']['name'] != "") { $uploader = new icms_file_MediaUploadHandler(ICMS_UPLOAD_PATH, array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png'), 100000, 120, 120); $uploader->setPrefix('smil'); if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) { if (!$uploader->upload()) { $err = $uploader->getErrors(); } else { $smile_url = $uploader->getSavedFileName(); if (!$db->query(sprintf("UPDATE %s SET code = %s, smile_url = %s, emotion = %s, display = %d WHERE id = '%d'", $db->prefix('smiles'), $db->quoteString($smile_code), $db->quoteString($smile_url), $db->quoteString($smile_desc), $smile_display, $id))) { $err = 'Failed storing smiley data into the database'; } else { $oldsmile_path = str_replace("\\", "/", realpath(ICMS_UPLOAD_PATH . '/' . trim($_POST['old_smile']))); if (0 === strpos($oldsmile_path, ICMS_UPLOAD_PATH) && is_file($oldsmile_path)) { unlink($oldsmile_path); } } } } else { $err = $uploader->getErrors(); } } else { $sql = sprintf("UPDATE %s SET code = %s, emotion = %s, display = '%d' WHERE id = '%d'", $db->prefix('smiles'), $db->quoteString($smile_code), $db->quoteString($smile_desc), $smile_display, $id); if (!$db->query($sql)) {