| [ Index ] | PHP Cross Reference of Mambo 4.6.5 |
|
| [ Variables ] [ Functions ] [ Classes ] [ Constants ] [ Statistics ] | ||
[Summary view] [Print] [Text view]
1 <?php 2 /* 3 * FCKeditor - The text editor for internet 4 * Copyright (C) 2003-2005 Frederico Caldeira Knabben 5 * 6 * Licensed under the terms of the GNU Lesser General Public License: 7 * http://www.opensource.org/licenses/lgpl-license.php 8 * 9 * For further information visit: 10 * http://www.fckeditor.net/ 11 * 12 * File Name: FileUpload.php 13 * Implements the FileUpload command, 14 * Checks the file uploaded is allowed, 15 * then moves it to the user data area. 16 * 17 * File Authors: 18 * Grant French (grant@mcpuk.net) 19 */ 20 21 class FileUpload { 22 var $fckphp_config; 23 var $type; 24 var $cwd; 25 var $actual_cwd; 26 var $newfolder; 27 28 function FileUpload($fckphp_config,$type,$cwd) { 29 $this->fckphp_config=$fckphp_config; 30 $this->type=$type; 31 $this->raw_cwd=$cwd; 32 $this->actual_cwd=str_replace("//","/",($this->fckphp_config['UserFilesPath']."/$type/".$this->raw_cwd)); 33 $this->real_cwd=str_replace("//","/",($this->fckphp_config['basedir']."/".$this->actual_cwd)); 34 } 35 36 function cleanFilename($filename) { 37 $n_filename=""; 38 39 //Check that it only contains valid characters 40 for($i=0;$i<strlen($filename);$i++) if (in_array(substr($filename,$i,1),$this->fckphp_config['FileNameAllowedChars'])) $n_filename.=substr($filename,$i,1); 41 42 //If it got this far all is ok 43 return $n_filename; 44 } 45 46 function run() { 47 //If using CGI Upload script, get file info and insert into $_FILE array 48 if ( 49 (sizeof($_FILES)==0) && 50 isset($_GET['file']) && 51 isset($_GET['file']['NewFile']) && 52 is_array($_GET['file']['NewFile']) 53 ) { 54 if (isset($_GET['file']['NewFile']['name'])&&$_GET['file']['NewFile']['size']&&$_GET['file']['NewFile']['tmp_name']) { 55 $_FILES['NewFile']['name']=basename(str_replace("\\","/",$_GET['file']['NewFile']['name'])); 56 $_FILES['NewFile']['size']=$_GET['file']['NewFile']['size']; 57 $_FILES['NewFile']['tmp_name']=$this->real_cwd.basename($_GET['file']['NewFile']['tmp_name']); 58 if ( (!file_exists($_FILES['NewFile']['name']) ) || (!file_exists($_FILES['NewFile']['tmp_name'])) ) { 59 die(); //bad file (possible hack attempt) 60 } 61 } else { 62 $disp="202,'Incomplete file information from upload CGI'"; 63 } 64 } 65 66 // if (isset($_FILES['NewFile'])&&isset($_FILES['NewFile']['name'])&&($_FILES['NewFile']['name']!="")) 67 // $_FILES['NewFile']['name']=$_FILES['NewFile']['name']; //$this->cleanFilename($_FILES['NewFile']['name']); 68 69 $typeconfig=$this->fckphp_config['ResourceAreas'][$this->type]; 70 71 header ("content-type: text/html"); 72 if (sizeof($_FILES)>0) { 73 if (array_key_exists("NewFile",$_FILES)) { 74 if ($_FILES['NewFile']['size']<($typeconfig['MaxSize']*1024)) { 75 76 $filename=basename(str_replace("\\","/",$_FILES['NewFile']['name'])); 77 78 $lastdot=strrpos($filename,"."); 79 80 if ($lastdot!==false) { 81 $ext=substr($filename,($lastdot+1)); 82 $filename=substr($filename,0,$lastdot); 83 84 if (in_array(strtolower($ext),$typeconfig['AllowedExtensions'])) { 85 86 $test=0; 87 $dirSizes=array(); 88 $globalSize=0; 89 $failSizeCheck=false; 90 if ($this->fckphp_config['DiskQuota']['Global']!=-1) { 91 foreach ($this->fckphp_config['ResourceTypes'] as $resType) { 92 93 $dirSizes[$resType]= 94 $this->getDirSize( 95 $this->fckphp_config['basedir']."/".$this->fckphp_config['UserFilesPath']."/$resType"); 96 97 if ($dirSizes[$resType]===false) { 98 //Failed to stat a directory, fall out 99 $failSizeCheck=true; 100 $msg="\\nUnable to determine the size of a folder."; 101 break; 102 } 103 $globalSize+=$dirSizes[$resType]; 104 } 105 106 $globalSize+=$_FILES['NewFile']['size']; 107 108 if (!$failSizeCheck) { 109 if ($globalSize>($this->fckphp_config['DiskQuota']['Global']*1048576)) { 110 $failSizeCheck=true; 111 $msg="\\nYou are over the global disk quota."; 112 } 113 } 114 } 115 116 if (($typeconfig['DiskQuota']!=-1)&&(!$failSizeCheck)) { 117 if ($this->fckphp_config['DiskQuota']['Global']==-1) { 118 $dirSizes[$this->type]= 119 $this->getDirSize( 120 $this->fckphp_config['basedir']."/".$this->fckphp_config['UserFilesPath']."/".$this->type); 121 } 122 123 if (($dirSizes[$this->type]+$_FILES['NewFile']['size'])> 124 ($typeconfig['DiskQuota']*1048576)) { 125 $failSizeCheck=true; 126 $msg="\\nYou are over the disk quota for this resource type."; 127 } 128 } 129 130 if ((($this->fckphp_config['DiskQuota']['Global']!=-1)||($typeconfig['DiskQuota']!=-1))&&$failSizeCheck) { 131 //Disk Quota over 132 $disp="202,'Over disk quota, ".$msg."'"; 133 } else { 134 135 if (file_exists($this->real_cwd."/$filename.$ext")) { 136 $taskDone=false; 137 138 //File already exists, try renaming 139 //If there are more than 200 files with 140 // the same name giveup 141 for ($i=1;(($i<200)&&($taskDone==false));$i++) { 142 if (!file_exists($this->real_cwd."/$filename($i).$ext")) { 143 if (is_uploaded_file($_FILES['NewFile']['tmp_name'])) { 144 if 145 (move_uploaded_file($_FILES['NewFile']['tmp_name'],($this->real_cwd."/$filename($i).$ext"))) { 146 chmod(($this->real_cwd."/$filename($i).$ext"),0777); 147 $disp="201,'..$filename($i).$ext'"; 148 } else { 149 $disp="202,'Failed to upload file, internal error.'"; 150 } 151 } else { 152 if 153 (rename($_FILES['NewFile']['tmp_name'],($this->real_cwd."/$filename($i).$ext"))) { 154 chmod(($this->real_cwd."/$filename($i).$ext"),0777); 155 $disp="201,'$filename($i).$ext'"; 156 } else { 157 $disp="202,'Failed to upload file, internal error.'"; 158 } 159 } 160 $taskDone=true; 161 } 162 } 163 if ($taskDone==false) { 164 $disp="202,'Failed to upload file, internal error..'"; 165 } 166 } else { 167 //Upload file 168 if (is_uploaded_file($_FILES['NewFile']['tmp_name'])) { 169 if (move_uploaded_file($_FILES['NewFile']['tmp_name'],($this->real_cwd."/$filename.$ext"))) { 170 chmod(($this->real_cwd."/$filename.$ext"),0777); 171 $disp="0"; 172 } else { 173 $disp="202,'Failed to upload file, internal error...'"; 174 } 175 } else { 176 if (rename($_FILES['NewFile']['tmp_name'],($this->real_cwd."/$filename.$ext"))) { 177 chmod(($this->real_cwd."/$filename.$ext"),0777); 178 $disp="0"; 179 } else { 180 $disp="202,'Failed to upload file, internal error...'"; 181 } 182 } 183 } 184 } 185 } else { 186 //Disallowed file extension 187 $disp="202,'Disallowed file type.'"; 188 } 189 190 } else { 191 //No file extension to check 192 $disp="202,'Unable to determine file type of file'"; 193 } 194 195 } else { 196 //Too big 197 $disp="202,'This file exceeds the maximum upload size.'"; 198 } 199 } else { 200 //No file uploaded with field name NewFile 201 $disp="202,'Unable to find uploaded file.'"; 202 } 203 } else { 204 //No files uploaded 205 206 //Should really send something back saying 207 //invalid file, but this breaks the filemanager 208 //with firefox, so for now we'll just exit 209 exit(0); 210 //$disp="202"; 211 } 212 213 ?> 214 <html> 215 <head> 216 <title>Upload Complete</title> 217 </head> 218 <body> 219 <script type="text/javascript"> 220 window.parent.frames['frmUpload'].OnUploadCompleted(<?php echo $disp; ?>) ; 221 </script> 222 </body> 223 </html> 224 <?php 225 226 } 227 228 function getDirSize($dir) { 229 $dirSize=0; 230 if ($dh=@opendir($dir)) { 231 while ($file=@readdir($dh)) { 232 if (($file!=".")&&($file!="..")) { 233 if (is_dir($dir."/".$file)) { 234 $tmp_dirSize=$this->getDirSize($dir."/".$file); 235 if ($tmp_dirSize!==false) $dirSize+=$tmp_dirSize; 236 } else { 237 $dirSize+=filesize($dir."/".$file); 238 } 239 } 240 } 241 @closedir($dh); 242 } else { 243 return false; 244 } 245 246 return $dirSize; 247 } 248 } 249 250 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Feb 8 00:05:01 2012 | Cross-referenced by PHPXref 0.7 |
| Mambo API: Mambo is Free software released under the GNU/General Public License, Version 2 |