/** * Uploads a file and generates a database entry for that item * * @param $listdir Sub-directory to upload files to * @return string Key to use in comment bodies (parsed into links or img tags) */ public function uploadTask($listdir, $comment = 0) { // Incoming $description = Request::getVar('description', ''); if (!$listdir) { $this->setError(Lang::txt('COM_SUPPORT_ERROR_NO_ID')); return ''; } // Incoming file $file = Request::getVar('upload', '', 'files', 'array'); if (!is_array($file) || !isset($file['name']) || !$file['name']) { $this->setError(Lang::txt('COM_SUPPORT_ERROR_NO_FILE')); return ''; } // Construct our file path $file_path = PATH_APP . DS . trim($this->config->get('webpath', '/site/tickets'), DS) . DS . $listdir; if (!is_dir($file_path)) { if (!Filesystem::makeDirectory($file_path)) { $this->setError(Lang::txt('COM_SUPPORT_ERROR_UNABLE_TO_CREATE_UPLOAD_PATH')); return ''; } } // Make the filename safe $file['name'] = Filesystem::clean($file['name']); $file['name'] = str_replace(' ', '_', $file['name']); $ext = strtolower(Filesystem::extension($file['name'])); $filename = Filesystem::name($file['name']); while (file_exists($file_path . DS . $filename . '.' . $ext)) { $filename .= rand(10, 99); } $finalfile = $file_path . DS . $filename . '.' . $ext; // Perform the upload if (!Filesystem::upload($file['tmp_name'], $finalfile)) { $this->setError(Lang::txt('COM_SUPPORT_ERROR_UPLOADING')); return ''; } else { // Scan for viruses //$path = $file_path . DS . $file['name']; //PATH_CORE . DS . 'virustest'; if (!Filesystem::isSafe($finalfile)) { if (Filesystem::delete($finalfile)) { $this->setError(Lang::txt('COM_SUPPORT_ERROR_FAILED_SECURITY_SCAN')); return ''; } } // File was uploaded // Create database entry $description = htmlspecialchars($description); $row = new Tables\Attachment($this->database); $row->bind(array('id' => 0, 'ticket' => $listdir, 'comment_id' => $comment, 'filename' => $filename . '.' . $ext, 'description' => $description)); if (!$row->check()) { $this->setError($row->getError()); } if (!$row->store()) { $this->setError($row->getError()); } if (!$row->id) { $row->getID(); } return '{attachment#' . $row->id . '}'; } }
/** * Uploads a file to a given directory and returns an attachment string * that is appended to report/comment bodies * * @param string $listdir Directory to upload files to * @return string A string that gets appended to messages */ public function uploadTask($listdir, $comment_id = 0) { if (!$listdir) { $this->setError(Lang::txt('COM_SUPPORT_ERROR_MISSING_UPLOAD_DIRECTORY')); return ''; } // Construct our file path $path = PATH_APP . DS . trim($this->config->get('webpath', '/site/tickets'), DS) . DS . $listdir; $row = new Tables\Attachment($this->database); // Rename temp directories if ($tmp = Request::getInt('tmp_dir')) { $tmpPath = PATH_APP . DS . trim($this->config->get('webpath', '/site/tickets'), DS) . DS . $tmp; if (is_dir($tmpPath)) { if (!\Filesystem::move($tmpPath, $path)) { $this->setError(Lang::txt('COM_SUPPORT_ERROR_UNABLE_TO_MOVE_UPLOAD_PATH')); throw new Exception(Lang::txt('COM_SUPPORT_ERROR_UNABLE_TO_MOVE_UPLOAD_PATH'), 500); return ''; } $row->updateTicketId($tmp, $listdir); } } // Incoming file $file = Request::getVar('upload', '', 'files', 'array'); if (!isset($file['name']) || !$file['name']) { //$this->setError(Lang::txt('SUPPORT_NO_FILE')); return ''; } // Incoming $description = Request::getVar('description', ''); // Build the path if it doesn't exist if (!is_dir($path)) { if (!Filesystem::makeDirectory($path)) { $this->setError(Lang::txt('COM_SUPPORT_ERROR_UNABLE_TO_CREATE_UPLOAD_PATH')); return ''; } } // Make the filename safe $file['name'] = Filesystem::clean($file['name']); $file['name'] = str_replace(' ', '_', $file['name']); $ext = strtolower(Filesystem::extension($file['name'])); //make sure that file is acceptable type if (!in_array($ext, explode(',', $this->config->get('file_ext')))) { $this->setError(Lang::txt('COM_SUPPORT_ERROR_INCORRECT_FILE_TYPE')); return Lang::txt('COM_SUPPORT_ERROR_INCORRECT_FILE_TYPE'); } $filename = Filesystem::name($file['name']); while (file_exists($path . DS . $filename . '.' . $ext)) { $filename .= rand(10, 99); } $finalfile = $path . DS . $filename . '.' . $ext; // Perform the upload if (!Filesystem::upload($file['tmp_name'], $finalfile)) { $this->setError(Lang::txt('COM_SUPPORT_ERROR_UPLOADING')); return ''; } else { // Scan for viruses if (!\Filesystem::isSafe($finalfile)) { if (\Filesystem::delete($finalfile)) { $this->setError(Lang::txt('COM_SUPPORT_ERROR_FAILED_VIRUS_SCAN')); return Lang::txt('COM_SUPPORT_ERROR_FAILED_VIRUS_SCAN'); } } // File was uploaded // Create database entry $description = htmlspecialchars($description); $row->bind(array('id' => 0, 'ticket' => $listdir, 'comment_id' => $comment_id, 'filename' => $filename . '.' . $ext, 'description' => $description)); if (!$row->check()) { $this->setError($row->getError()); } if (!$row->store()) { $this->setError($row->getError()); } if (!$row->id) { $row->getID(); } return '{attachment#' . $row->id . '}'; } }