function showNewsRefresh($id, $time, $path) { global $objDatabase; //delete old #01 $query = "SELECT link,\n filename\n FROM " . DBPREFIX . "module_feed_news\n WHERE id = '" . $id . "'"; $objResult = $objDatabase->Execute($query); $old_link = $objResult->fields['link']; $old_filename = $objResult->fields['filename']; if ($old_link != '') { $filename = 'feed_' . $time . '_' . \Cx\Lib\FileSystem\FileSystem::replaceCharacters(basename($old_link)); @copy($old_link, $path . $filename); //rss class $rss = new \XML_RSS($path . $filename); $rss->parse(); $content = ''; foreach ($rss->getStructure() as $array) { $content .= $array; } } if ($old_link == '') { $filename = $old_filename; } $query = "UPDATE " . DBPREFIX . "module_feed_news\n SET filename = '" . $filename . "',\n time = '" . $time . "'\n WHERE id = '" . $id . "'"; $objDatabase->Execute($query); //delete old #02 if ($old_link != '') { @unlink($path . $old_filename); } }
function Create() { $this->content = utf8_decode($this->_ParseHTML($this->content)); $pdf = new HTML2FPDF(); $pdf->ShowNOIMG_GIF(); $pdf->DisplayPreferences('HideWindowUI'); $pdf->AddPage(); $pdf->WriteHTML($this->content); $pdf->Output(\Cx\Lib\FileSystem\FileSystem::replaceCharacters($this->title)); }
function _createNewDir($dirName) { global $_ARRAYLANG, $objTemplate; $dirName = \Cx\Lib\FileSystem\FileSystem::replaceCharacters($dirName); $status = \Cx\Lib\FileSystem\FileSystem::make_folder($this->path . $dirName); if ($status) { $this->highlightName[] = $dirName; $objTemplate->setVariable('CONTENT_OK_MESSAGE', $_ARRAYLANG['TXT_MEDIA_MSG_NEW_DIR']); } else { $objTemplate->setVariable('CONTENT_STATUS_MESSAGE', $_ARRAYLANG['TXT_MEDIA_MSG_ERROR_NEW_DIR']); } }
/** * Sanitizes a filename replacing whitespace with dashes * * Removes special characters that are illegal in filenames on certain * operating systems and special characters requiring special escaping * to manipulate at the command line. Replaces spaces and consecutive * dashes with a single dash. Trim period, dash and underscore from beginning * and end of filename. * * @author WordPress * * @param string $filename The filename to be sanitized * * @return string The sanitized filename */ public static function sanitizeFileName($filename) { FileSystem::replaceCharacters($filename); return $filename; }
/** * this is called as soon as uploads have finished. * takes care of moving them to the right folder * * @return string the directory to move to */ public static function uploadFinished($tempPath, $tempWebPath, $data, $uploadId, $fileInfos) { $path = $data['path']; $webPath = $data['webPath']; //we remember the names of the uploaded files here. they are stored in the session afterwards, //so we can later display them highlighted. $arrFiles = array(); //rename files, delete unwanted $arrFilesToRename = array(); //used to remember the files we need to rename $h = opendir($tempPath); while (false !== ($file = readdir($h))) { $info = pathinfo($file); //skip . and .. if ($file == '.' || $file == '..') { continue; } $file = \Cx\Lib\FileSystem\FileSystem::replaceCharacters($file); //delete potentially malicious files if (!\FWValidator::is_file_ending_harmless($file)) { @unlink($tempPath . '/' . $file); continue; } //check if file needs to be renamed $newName = ''; $suffix = ''; if (file_exists($path . $file)) { $suffix = '_' . time(); if (empty($_REQUEST['uploadForceOverwrite']) || !intval($_REQUEST['uploadForceOverwrite'] > 0)) { $newName = $info['filename'] . $suffix . '.' . $info['extension']; $arrFilesToRename[$file] = $newName; array_push($arrFiles, $newName); } } else { array_push($arrFiles, $file); } } //rename files where needed foreach ($arrFilesToRename as $oldName => $newName) { rename($tempPath . '/' . $oldName, $tempPath . '/' . $newName); } //create thumbnails // foreach($arrFiles as $file) { // $fileType = pathinfo($file); // if ($fileType['extension'] == 'jpg' || $fileType['extension'] == 'jpeg' || $fileType['extension'] == 'png' || $fileType['extension'] == 'gif') { // $objFile = new File(); // $_objImage = new ImageManager(); // $_objImage->_createThumbWhq($tempPath.'/', $tempWebPath.'/', $file, 1e10, 80, 90); // // if ($objFile->setChmod($tempPath, $tempWebPath, ImageManager::getThumbnailFilename($file))) // $this->_pushStatusMessage(sprintf($_ARRAYLANG['TXT_FILEBROWSER_THUMBNAIL_SUCCESSFULLY_CREATED'], $strWebPath.$file)); // } // } //remember the uploaded files if (isset($_SESSION["filebrowser_upload_files_{$uploadId}"])) { //do not overwrite already uploaded files $arrFiles = array_merge($_SESSION["filebrowser_upload_files_{$uploadId}"], $arrFiles); } $_SESSION["filebrowser_upload_files_{$uploadId}"] = $arrFiles; /* unwanted files have been deleted, unallowed filenames corrected. we can now simply return the desired target path, as only valid files are present in $tempPath */ return array($path, $webPath); }
/** * Upload Finished callback * * This is called as soon as uploads have finished. * takes care of moving them to the right folder * * @param string $tempPath Path to the temporary directory containing the files at this moment * @param string $tempWebPath Points to the same folder as tempPath, but relative to the webroot * @param array $data Data given to setData() when creating the uploader * @param string $uploadId unique session id for the current upload * @param array $fileInfos uploaded file informations * @param array $response uploaded status * * @return array path and webpath */ public static function uploadFinished($tempPath, $tempWebPath, $data, $uploadId, $fileInfos, $response) { $path = $data['path']; $webPath = $data['webPath']; $objCategory = Category::getCategory($data['category_id']); // check for sufficient permissions if ($objCategory->getAddFilesAccessId() && !\Permission::checkAccess($objCategory->getAddFilesAccessId(), 'dynamic', true) && $objCategory->getOwnerId() != \FWUser::getFWUserObject()->objUser->getId()) { return; } //we remember the names of the uploaded files here. they are stored in the session afterwards, //so we can later display them highlighted. $arrFiles = array(); $uploadFiles = array(); //rename files, delete unwanted $arrFilesToRename = array(); //used to remember the files we need to rename $h = opendir($tempPath); if (!$h) { return array($path, $webPath); } while (false !== ($file = readdir($h))) { //skip . and .. if ($file == '.' || $file == '..') { continue; } try { //delete potentially malicious files $objTempFile = new \Cx\Lib\FileSystem\File($tempPath . '/' . $file); if (!\FWValidator::is_file_ending_harmless($file)) { $objTempFile->delete(); continue; } $cleanFile = \Cx\Lib\FileSystem\FileSystem::replaceCharacters($file); if ($cleanFile != $file) { $objTempFile->rename($tempPath . '/' . $cleanFile, false); $file = $cleanFile; } $info = pathinfo($file); //check if file needs to be renamed $newName = ''; $suffix = ''; if (file_exists($path . '/' . $file)) { $suffix = '_' . time(); $newName = $info['filename'] . $suffix . '.' . $info['extension']; $arrFilesToRename[$file] = $newName; array_push($arrFiles, $newName); } if (!isset($arrFilesToRename[$file])) { array_push($uploadFiles, $file); } //rename files where needed foreach ($arrFilesToRename as $oldName => $newName) { $objTempFile = new \Cx\Lib\FileSystem\File($tempPath . '/' . $oldName); $objTempFile->rename($tempPath . '/' . $newName, false); array_push($uploadFiles, $newName); } //move file from temp path into target folder $objImage = new \ImageManager(); foreach ($uploadFiles as $fileName) { $objFile = new \Cx\Lib\FileSystem\File($tempPath . '/' . $fileName); $objFile->move($path . '/' . $fileName, false); \Cx\Core\Core\Controller\Cx::instanciate()->getMediaSourceManager()->getThumbnailGenerator()->createThumbnailFromPath($path . '/' . $fileName); } } catch (\Cx\Lib\FileSystem\FileSystemException $e) { \DBG::msg($e->getMessage()); } $objDownloads = new downloads(''); $objDownloads->addDownloadFromUpload($info['filename'], $info['extension'], $suffix, $objCategory, $objDownloads, $fileInfos['name']); } return array($path, $webPath); }
/** * Upload submitted files * * Move all files that are allowed to be uploaded in the folder that * has been specified in the configuration option "File upload deposition path" * @access private * @global array * @param array Files that have been submited * @see getSettings(), errorMsg, FWSystem::getMaxUploadFileSize() * @return array A list of files that have been stored successfully in the system */ function _uploadFilesLegacy($arrFields) { global $_ARRAYLANG; $arrSettings = $this->getSettings(); $arrFiles = array(); if (isset($_FILES) && is_array($_FILES)) { foreach (array_keys($_FILES) as $file) { $fileName = !empty($_FILES[$file]['name']) ? \Cx\Lib\FileSystem\FileSystem::replaceCharacters($_FILES[$file]['name']) : ''; $fileTmpName = !empty($_FILES[$file]['tmp_name']) ? $_FILES[$file]['tmp_name'] : ''; switch ($_FILES[$file]['error']) { case UPLOAD_ERR_INI_SIZE: //Die hochgeladene Datei überschreitet die in der Anweisung upload_max_filesize in php.ini festgelegte Grösse. $this->errorMsg .= sprintf($_ARRAYLANG['TXT_CONTACT_FILE_SIZE_EXCEEDS_LIMIT'], $fileName, \FWSystem::getMaxUploadFileSize()) . '<br />'; break; case UPLOAD_ERR_FORM_SIZE: //Die hochgeladene Datei überschreitet die in dem HTML Formular mittels der Anweisung MAX_FILE_SIZE angegebene maximale Dateigrösse. $this->errorMsg .= sprintf($_ARRAYLANG['TXT_CONTACT_FILE_TOO_LARGE'], $fileName) . '<br />'; break; case UPLOAD_ERR_PARTIAL: //Die Datei wurde nur teilweise hochgeladen. $this->errorMsg .= sprintf($_ARRAYLANG['TXT_CONTACT_FILE_CORRUPT'], $fileName) . '<br />'; break; case UPLOAD_ERR_NO_FILE: //Es wurde keine Datei hochgeladen. continue; break; default: if (!empty($fileTmpName)) { $arrFile = pathinfo($fileName); $i = ''; $suffix = ''; $documentRootPath = \Env::get('cx')->getWebsiteDocumentRootPath(); $filePath = $arrSettings['fileUploadDepositionPath'] . '/' . $arrFile['filename'] . $suffix . '.' . $arrFile['extension']; while (file_exists($documentRootPath . $filePath)) { $suffix = '-' . ++$i; $filePath = $arrSettings['fileUploadDepositionPath'] . '/' . $arrFile['filename'] . $suffix . '.' . $arrFile['extension']; } $arrMatch = array(); if (\FWValidator::is_file_ending_harmless($fileName)) { if (@move_uploaded_file($fileTmpName, $documentRootPath . $filePath)) { $id = intval(substr($file, 17)); $arrFiles[$id][] = array('path' => $filePath, 'name' => $fileName); } else { $this->errorMsg .= sprintf($_ARRAYLANG['TXT_CONTACT_FILE_UPLOAD_FAILED'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET)) . '<br />'; } } else { $this->errorMsg .= sprintf($_ARRAYLANG['TXT_CONTACT_FILE_EXTENSION_NOT_ALLOWED'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET)) . '<br />'; } } break; } } } return $arrFiles; }
/** * Create directory * * @global array $_ARRAYLANG * @param string $dir_name */ function _createDirectory($dir_name) { global $_ARRAYLANG; if (empty($dir_name)) { if (!isset($_GET['highlightFiles'])) { $this->_strErrorMessage = $_ARRAYLANG['TXT_MEDIA_EMPTY_DIR_NAME']; } return; } else { $dir_name = contrexx_stripslashes($dir_name); } if (!$this->uploadAccessGranted()) { $this->_strErrorMessage = $_ARRAYLANG['TXT_MEDIA_DIRCREATION_NOT_ALLOWED']; return; } $obj_file = new \File(); $dir_name = \Cx\Lib\FileSystem\FileSystem::replaceCharacters($dir_name); $creationStatus = $obj_file->mkDir($this->path, $this->webPath, $dir_name); if ($creationStatus != "error") { $this->highlightName[] = $dir_name; $this->_strOkMessage = $_ARRAYLANG['TXT_MEDIA_MSG_NEW_DIR']; } else { $this->_strErrorMessage = $_ARRAYLANG['TXT_MEDIA_MSG_ERROR_NEW_DIR']; } }
/** * Create PDF */ public function Create() { global $_CONFIG; $coreModulePath = \Cx\Core\Core\Controller\Cx::instanciate()->getCodeBaseCoreModulePath(); $this->noImageFile = $coreModulePath . '/Pdf/View/Media/no_picture.gif'; if (empty($this->author)) { $this->SetAuthor($_CONFIG['coreCmsName']); } $this->SetDisplayPreferences('HideWindowUI'); $this->AddPage(); $this->WriteHTML($this->content); if (empty($this->filePath)) { $this->filePath = \Cx\Lib\FileSystem\FileSystem::replaceCharacters($this->title); } $this->Output($this->filePath, $this->destination); }
/** * create new file or folder * * @param array $params supplied arguments from JsonData-request * @return string */ public function newWithin($params) { global $_ARRAYLANG, $objInit; $_ARRAYLANG = $objInit->loadLanguageData('ViewManager'); if (empty($params['post']['theme']) || empty($params['post']['name'])) { return array('status' => 'error', 'message' => $_ARRAYLANG['TXT_THEME_OPERATION_FAILED_FOR_EMPTY_NAME']); } if ($params['post']['isFolder'] && preg_match('/^\\./', trim($params['post']['name']))) { // folder name should not start with dot(.) return array('status' => 'error', 'reload' => false, 'message' => sprintf($_ARRAYLANG['TXT_THEME_FOLDER_NAME_NOT_ALLOWED'], contrexx_input2xhtml($params['post']['name']))); } $matches = null; preg_match('@{([0-9A-Za-z._-]+)(:([_a-zA-Z][A-Za-z_0-9]*))?}@sm', $params['post']['name'], $matches); if (!empty($matches)) { return array('status' => 'error', 'reload' => false, 'message' => sprintf($_ARRAYLANG['TXT_THEME_NAME_NOT_ALLOWED'], contrexx_input2xhtml($params['post']['newName']))); } // Cannot rename the virtual directory $virtualDirs = array('/' . \Cx\Core\Core\Model\Entity\SystemComponent::TYPE_CORE_MODULE, '/' . \Cx\Core\Core\Model\Entity\SystemComponent::TYPE_MODULE, '/' . \Cx\Core\Core\Model\Entity\SystemComponent::TYPE_CORE); $currentThemeFolderDirPath = \Env::get('cx')->getWebsiteThemesPath() . '/' . $params['post']['theme'] . '/'; // Create the theme folder, if it does not exist if (!\Cx\Lib\FileSystem\FileSystem::exists($currentThemeFolderDirPath)) { if (!\Cx\Lib\FileSystem\FileSystem::make_folder($currentThemeFolderDirPath)) { return array('status' => 'error', 'reload' => false, 'message' => $_ARRAYLANG['TXT_THEME_NEWFILE_FAILED']); } } $newFileName = \Cx\Lib\FileSystem\FileSystem::replaceCharacters($params['post']['name']); if (!\FWValidator::is_file_ending_harmless($newFileName)) { return array('status' => 'error', 'reload' => false, 'message' => sprintf($_ARRAYLANG['TXT_THEME_FILE_EXTENSION_NOT_ALLOWED'], contrexx_input2xhtml($newFileName))); } if (in_array('/' . $newFileName, $virtualDirs)) { return array('status' => 'error', 'reload' => false, 'message' => $_ARRAYLANG['TXT_THEME_OPERATION_FAILED_FOR_VIRTUAL_FOLDER']); } if (!\Cx\Lib\FileSystem\FileSystem::exists($currentThemeFolderDirPath . $newFileName)) { if ($params['post']['isFolder']) { $status = \Cx\Lib\FileSystem\FileSystem::make_folder($currentThemeFolderDirPath . $newFileName); $succesMessage = sprintf($_ARRAYLANG['TXT_THEME_FOLDER_CREATE_SUCCESS'], contrexx_input2xhtml($newFileName)); } else { $status = \Cx\Lib\FileSystem\FileSystem::touch($currentThemeFolderDirPath . $newFileName); $succesMessage = sprintf($_ARRAYLANG['TXT_THEME_FILE_CREATE_SUCCESS'], contrexx_input2xhtml($newFileName)); } if (!$status) { return array('status' => 'error', 'message' => $_ARRAYLANG['TXT_THEME_NEWFILE_FAILED']); } return array('status' => 'success', 'reload' => true, 'message' => $succesMessage, 'path' => '/' . $newFileName); } return array('status' => 'error', 'message' => sprintf($_ARRAYLANG['TXT_THEME_OPERATION_FAILED_FOR_FILE_ALREADY_EXITS'], contrexx_input2xhtml($newFileName))); }
public static function uploadFinished($tempPath, $tempWebPath, $data, $uploadId, $fileInfos) { global $objDatabase, $_ARRAYLANG, $_CONFIG; $originalNames = $fileInfos['originalFileNames']; $path = $data['path']; $webPath = $data['webPath']; $objCategory = Category::getCategory($data['category_id']); // check for sufficient permissions if ($objCategory->getAddFilesAccessId() && !\Permission::checkAccess($objCategory->getAddFilesAccessId(), 'dynamic', true) && $objCategory->getOwnerId() != \FWUser::getFWUserObject()->objUser->getId()) { return; } //we remember the names of the uploaded files here. they are stored in the session afterwards, //so we can later display them highlighted. $arrFiles = array(); //rename files, delete unwanted $arrFilesToRename = array(); //used to remember the files we need to rename $h = opendir($tempPath); while (false !== ($file = readdir($h))) { //skip . and .. if ($file == '.' || $file == '..') { continue; } //delete potentially malicious files if (!\FWValidator::is_file_ending_harmless($file)) { @unlink($tempPath . '/' . $file); continue; } $info = pathinfo($file); $cleanFile = \Cx\Lib\FileSystem\FileSystem::replaceCharacters($file); if ($cleanFile != $file) { rename($tempPath . '/' . $file, $tempPath . '/' . $cleanFile); $file = $cleanFile; } //check if file needs to be renamed $newName = ''; $suffix = ''; if (file_exists($path . '/' . $file)) { if (empty($_REQUEST['uploadForceOverwrite']) || !intval($_REQUEST['uploadForceOverwrite'] > 0)) { $suffix = '_' . time(); $newName = $info['filename'] . $suffix . '.' . $info['extension']; $arrFilesToRename[$file] = $newName; array_push($arrFiles, $newName); } } if (!isset($arrFilesToRename[$file])) { //file will keep this name - create thumb \ImageManager::_createThumb($tempPath . '/', $tempWebPath . '/', $file); } $objDownloads = new downloads(''); $objDownloads->addDownloadFromUpload($info['filename'], $info['extension'], $suffix, $objCategory, $objDownloads, $originalNames[$file]); } //rename files where needed foreach ($arrFilesToRename as $oldName => $newName) { rename($tempPath . '/' . $oldName, $tempPath . '/' . $newName); //file will keep this name - create thumb \ImageManager::_createThumb($tempPath . '/', $tempWebPath . '/', $newName); } //remeber the uploaded files $_SESSION['media_upload_files_' . $uploadId] = $arrFiles; /* unwanted files have been deleted, unallowed filenames corrected. we can now simply return the desired target path, as only valid files are present in $tempPath */ return array($path, $webPath); }
/** * create skin folder * @access public */ private function createdir() { global $_ARRAYLANG; \Permission::checkAccess(47, 'static'); $themeName = !empty($_POST['dbName']) && !stristr($_POST['dbName'], '..') ? contrexx_input2raw($_POST['dbName']) : null; $copyFromTheme = !empty($_POST['fromTheme']) && !stristr($_POST['fromTheme'], '..') ? contrexx_input2raw($_POST['fromTheme']) : null; $createFromDatabase = !empty($_POST['fromDB']) && !stristr($_POST['fromDB'], '..') ? contrexx_input2raw($_POST['fromDB']) : null; $dirName = !empty($_POST['dirName']) && !stristr($_POST['dirName'], '..') ? contrexx_input2raw($_POST['dirName']) : null; $dirName = \Cx\Lib\FileSystem\FileSystem::replaceCharacters($dirName); if (!$themeName) { $this->strErrMessage = $_ARRAYLANG['TXT_STATUS_CHECK_INPUTS']; $this->newdir(); return; } $this->validateThemeName($themeName); if (!empty($dirName)) { // ensure that we're creating a new directory and not trying to overwrite an existing one $suffix = ''; while (file_exists($this->path . $dirName . $suffix)) { $suffix++; } $dirName .= $suffix; $theme = new \Cx\Core\View\Model\Entity\Theme(); $theme->setThemesname($themeName); $theme->setFoldername($dirName); switch (true) { case empty($copyFromTheme) && empty($createFromDatabase): // Create new empty theme if (\Cx\Lib\FileSystem\FileSystem::make_folder($this->path . $theme->getFoldername())) { if ($this->createDefaultFiles($theme) && $this->insertSkinIntoDb($theme)) { \Message::add(contrexx_raw2xhtml($themeName) . ' ' . $_ARRAYLANG['TXT_STATUS_SUCCESSFULLY_CREATE']); } else { \Message::add($_ARRAYLANG['TXT_MSG_ERROR_NEW_DIR'], \Message::CLASS_ERROR); $this->newdir(); return; } } break; case !empty($copyFromTheme) && empty($createFromDatabase): //check Whether the folder exists in both codebase if ($this->codeBaseThemesPath != $this->websiteThemesPath && file_exists($this->codeBaseThemesPath . $copyFromTheme)) { if (!\Cx\Lib\FileSystem\FileSystem::copy_folder($this->codeBaseThemesPath . $copyFromTheme, $this->websiteThemesPath . $dirName, true)) { \Message::add($_ARRAYLANG['TXT_MSG_ERROR_NEW_DIR'], \Message::CLASS_ERROR); $this->newdir(); return; } } //check Whether the folder exists in website data repository if (file_exists($this->websiteThemesPath . $copyFromTheme)) { if (!\Cx\Lib\FileSystem\FileSystem::copy_folder($this->websiteThemesPath . $copyFromTheme, $this->websiteThemesPath . $dirName, true)) { \Message::add($_ARRAYLANG['TXT_MSG_ERROR_NEW_DIR'], \Message::CLASS_ERROR); $this->newdir(); return; } } $this->replaceThemeName($copyFromTheme, $dirName, $this->websiteThemesPath . $dirName); //convert theme to component try { $this->themeRepository->loadComponentData($theme); if (!$theme->isComponent()) { // create a new one if no component.yml exists try { $this->themeRepository->convertThemeToComponent($theme); } catch (\Exception $ex) { \DBG::log($ex->getMessage()); \DBG::log($theme->getThemesname() . ' : Unable to convert theme to component'); } $this->themeRepository->loadComponentData($theme); } // change the theme name in component data $themeInformation = $theme->getComponentData(); if ($themeInformation) { $themeInformation['name'] = $theme->getThemesname(); $theme->setComponentData($themeInformation); $this->themeRepository->saveComponentData($theme); } } catch (\Cx\Lib\FileSystem\FileSystemException $e) { \Message::add('Error in coverting component file', \Message::CLASS_ERROR); } if ($this->insertSkinIntoDb($theme)) { \Message::add(contrexx_raw2xhtml($themeName) . ' ' . $_ARRAYLANG['TXT_STATUS_SUCCESSFULLY_CREATE']); } break; case empty($copyFromTheme) && !empty($createFromDatabase): // TODO: remove this function -> migrate all pending themes in the update process // Create new theme from database (migrate existing theme from database to filesystem) if (\Cx\Lib\FileSystem\FileSystem::make_folder($this->path . $dirName)) { $this->insertIntoDb($theme, $createFromDatabase); $this->createFilesFromDB($dirName, intval($createFromDatabase)); } break; default: break; } // Theme build successfully \Cx\Core\Csrf\Controller\Csrf::redirect('index.php?cmd=ViewManager&act=templates&themes=' . $theme->getFoldername()); } else { $this->strErrMessage = $_ARRAYLANG['TXT_STATUS_CHECK_INPUTS']; $this->newdir(); } }
/** * Upload the submitted images * * @global ADONewConnection * @global array * @global array * @param string $tempPath * @param array $paths * @param integer $uploadId */ public static function uploadFinished($tempPath, $tempWebPath, $paths, $uploadId, $fileInfos, $response) { global $objDatabase, $_ARRAYLANG, $_CONFIG, $objInit; $lang = $objInit->loadLanguageData('Gallery'); $objGallery = new GalleryManager(); $path = $paths['path']; $webPath = $paths['webPath']; //we remember the names of the uploaded files here. they are stored in the session afterwards, //so we can later display them highlighted. $arrFiles = array(); //get allowed file types $arrAllowedFileTypes = array(); if (imagetypes() & IMG_GIF) { $arrAllowedFileTypes[] = 'gif'; } if (imagetypes() & IMG_JPG) { $arrAllowedFileTypes[] = 'jpg'; $arrAllowedFileTypes[] = 'jpeg'; } if (imagetypes() & IMG_PNG) { $arrAllowedFileTypes[] = 'png'; } //rename files, delete unwanted $arrFilesToRename = array(); //used to remember the files we need to rename $file = str_replace($tempPath . '/', '', $fileInfos['path']); $info = pathinfo($file); //delete unwanted files if (!in_array(strtolower($info['extension']), $arrAllowedFileTypes)) { unlink($tempPath . '/' . $file); return; } //width of the image is wider than the allowed value. Show Error. $arrImageSize = getimagesize($tempPath . '/' . $file); if (intval($arrImageSize[0]) > intval($objGallery->arrSettings['image_width'])) { $objGallery->strErrMessage = str_replace('{WIDTH}', $objGallery->arrSettings['image_width'], $lang['TXT_GALLERY_UPLOAD_ERROR_WIDTH']); @unlink($tempPath . '/' . $file); } //check if file needs to be renamed $newName = \Cx\Lib\FileSystem\FileSystem::replaceCharacters($file); if (self::fileExists($path . '/' . $newName, false)) { $info = pathinfo($newName); $exte = $info['extension']; $exte = !empty($exte) ? '.' . $exte : ''; $part1 = $info['filename']; if (empty($_REQUEST['uploadForceOverwrite']) || !intval($_REQUEST['uploadForceOverwrite'] > 0)) { $newName = $part1 . '_' . time() . $exte; } } //if the name has changed, the file needs to be renamed afterwards if ($newName != $file) { $arrFilesToRename[$file] = $newName; array_push($arrFiles, $newName); } //create entry in the database for the uploaded image self::insertImage($objGallery, $newName, $newName); //rename files where needed foreach ($arrFilesToRename as $oldName => $newName) { rename($tempPath . '/' . $oldName, $tempPath . '/' . $newName); } /* unwanted files have been deleted, unallowed filenames corrected. we can now simply return the desired target path, as only valid files are present in $tempPath */ return array($path, $webPath, $newName); }
/** * Move pictures from gallery_import to gallery * * @param string $strFile */ function movePicture($strFile) { global $objDatabase, $_ARRAYLANG; //check if file exists $boolChecker = false; $strImportedImageName = \Cx\Lib\FileSystem\FileSystem::replaceCharacters($strFile); while ($boolChecker == false) { if (self::fileExists($this->strImagePath . $strImportedImageName, false)) { $info = pathinfo($strImportedImageName); $exte = $info['extension']; $exte = !empty($exte) ? '.' . $exte : ''; $part1 = $info['filename']; $strImportedImageName = $part1 . '_' . time() . $exte; } else { $boolChecker = true; } } // gets the quality $objResult = $objDatabase->Execute('SELECT value FROM ' . DBPREFIX . 'module_gallery_settings WHERE name = "quality"'); $intQuality = intval($objResult->fields['value']); $intSize = getimagesize($this->strImportPath . $strFile); $intWidth = $intSize[0]; $intHeight = $intSize[1]; if ($intWidth > intval($this->arrSettings['image_width'])) { //Image-Width was bigger than the allowed value. Show Error. $this->strErrMessage = str_replace('{WIDTH}', $this->arrSettings['image_width'], $_ARRAYLANG['TXT_GALLERY_UPLOAD_ERROR_WIDTH']); return; } else { $this->createImages_JPG_GIF_PNG($this->strImportPath, $this->strImagePath, $strFile, $strImportedImageName, $intWidth, $intHeight, $intQuality); //insert image in db $strDatabasePath = $strImportedImageName; self::insertImage($this, $strDatabasePath, $strImportedImageName); //delete imported images if (file_exists($this->strImagePath . $strImportedImageName)) { unlink($this->strImportPath . $strFile); } } }
/** * Sanitizes the filename by adding a .txt file extension to files with * bad extensions and by removing strange characters. * * @param string $filename The filename to be sanitized * * @return string The sanitized filename */ public static function sanitizeFileName($filename) { $filename = FileSystem::replaceCharacters(filter_var($filename, FILTER_SANITIZE_URL)); $fileInfo = pathinfo($filename); if (empty($filename)) { $filename = 'file' . date('Y-m-d H:i:s'); } if (!isset($fileInfo['extension'])) { $filename = $filename . '.txt'; } if (!\FWValidator::is_file_ending_harmless($filename)) { $filename = $filename . '.txt'; } return $filename; }