Project

General

Profile

1 2 Manuela
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         media
6
 * @author          WebsiteBaker Project
7
 * @copyright       Ryan Djurovich
8
 * @copyright       WebsiteBaker Org. e.V.
9
 * @link            http://websitebaker.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.3
12
 * @requirements    PHP 5.3.6 and higher
13
 * @version         $Id$
14
 * @filesource      $HeadURL$
15
 * @lastmodified    $Date$
16
 *
17
 */
18
if ( !defined( 'WB_PATH' ) ){ require( dirname(dirname((__DIR__))).'/config.php' ); }
19
if ( !class_exists('admin', false) ) { require(WB_PATH.'/framework/class.admin.php'); }
20
// Create admin object
21
$admin = new admin('Media', 'media_rename', false);
22
23
// Include the WB functions file
24
require_once(WB_PATH.'/framework/functions.php');
25
26
// Get the current dir
27
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
28
$directory = (isset(${$requestMethod}['dir'])) ? ${$requestMethod}['dir'] : '';
29
$directory = ($directory == '/') ?  '' : $directory;
30
31
$dirlink = 'browse.php?dir='.$directory;
32
$rootlink = 'browse.php?dir=';
33
// $file_id = intval($admin->get_post('id'));
34
35
// first Check to see if it contains ..
36
if (!check_media_path($directory)) {
37
    $admin->print_error($MESSAGE['MEDIA_DIR_DOT_DOT_SLASH'],$rootlink, false);
38
}
39
40
// Get the temp id
41
$iFileId = $file_id = intval($admin->checkIDKEY('id', false, $_SERVER['REQUEST_METHOD']));
42
if ($file_id===false) {
43
    $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$dirlink, false);
44
}
45
46
$DIR  = array();
47
$FILE = array();
48
// Check for potentially malicious files
49
$forbidden_file_types  = preg_replace( '/\s*[,;\|#]\s*/','|',RENAME_FILES_ON_UPLOAD);
50
// Get home folder not to show
51
$home_folders = get_home_folders();
52
53
// Figure out what folder name the temp id is
54
if($handle = opendir(WB_PATH.MEDIA_DIRECTORY.'/'.$directory)) {
55
    // Loop through the files and dirs an add to list
56
    $temp_id = 0;
57
    while (false !== ($file = readdir($handle))) {
58
        if(substr($file, 0, 1) != '.' AND $file != '.svn' AND $file != 'index.php') {
59
            $info = pathinfo($file);
60
            $ext = isset($info['extension']) ? $info['extension'] : '';
61
            if( !preg_match('/'.$forbidden_file_types.'$/i', $ext) ) {
62
                if(is_dir(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$file)) {
63
                    if(!isset($home_folders[$directory.'/'.$file])) {
64
                        $DIR[] = $file;
65
                    }
66
                } else {
67
                    $FILE[] = $file;
68
                }
69
            }
70
        }
71
    }
72
closedir($handle);
73
}
74
75
    $iSortFlags = ((version_compare(PHP_VERSION, '5.4.0', '<'))?SORT_REGULAR:SORT_NATURAL|SORT_FLAG_CASE);
76
    sort($DIR,  $iSortFlags);
77
    sort($FILE, $iSortFlags);
78
    $aListDir = array_merge($DIR,$FILE);
79
    $temp_id = 0;
80
    if(isset($aListDir)) {
81
//        sort($aListDir, SORT_REGULAR|SORT_FLAG_CASE);
82
        foreach($aListDir AS $name)
83
        {
84
            if(!isset($rename_file)&& ($file_id == $temp_id)) {
85
                $rename_file = $name;
86
                $type = is_dir(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$rename_file)?'folder':'file';
87
            }
88
            $temp_id++;
89
        }
90
    }
91
92
$file_id = $admin->getIDKEY($file_id);
93
94
if(!isset($rename_file)) {
95
    $admin->print_error($MESSAGE['MEDIA_FILE_NOT_FOUND'], $dirlink, false);
96
}
97
98
// Check if they entered a new name
99
if(media_filename($admin->get_post('name')) == "") {
100
    $admin->print_error($MESSAGE['MEDIA_BLANK_NAME'], "rename.php?dir=$directory&id=$file_id", false);
101
} else {
102
    $old_name = $admin->get_post('old_name');
103
    $new_name =  media_filename($admin->get_post('name'));
104
}
105
106
// Check if they entered an extension
107
if($type == 'file') {
108
    if (strstr($new_name,'.')){
109
        $new_name = str_replace('.', '_', $new_name);
110
    }
111
    if(media_filename($admin->get_post('extension')) == "") {
112
        $name = $new_name;
113
    } else {
114
        $extension = media_filename($admin->get_post('extension'));
115
        $name = $new_name.'.'.trim($extension,'.');
116
    }
117
} elseif($type == 'folder') {
118
    $extension = '';
119
    $name = $new_name;
120
}
121
122
// Join new name and extension
123
124
$info = pathinfo(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$name);
125
$ext = isset($info['extension']) ? $info['extension'] : '';
126
$dots = (substr($info['basename'], 0, 1) == '.') || (substr($info['basename'], -1, 1) == '.');
127
128
if( preg_match('/'.$forbidden_file_types.'$/i', $ext) || $dots == '.' ) {
129
    $admin->print_error($MESSAGE['MEDIA_CANNOT_RENAME'], "rename.php?dir=$directory&id=$file_id", false);
130
}
131
132
// Check if the name contains ..
133
if(strstr($name, '..')) {
134
    $admin->print_error($MESSAGE['MEDIA_NAME_DOT_DOT_SLASH'], "rename.php?dir=$directory&id=$file_id", false);
135
}
136
137
// Check if the name is index.php
138
if($name == 'index.php') {
139
    $admin->print_error($MESSAGE['MEDIA_NAME_INDEX_PHP'], "rename.php?dir=$directory&id=$file_id", false);
140
}
141
142
// Check that the name still has a value
143
if($name == '') {
144
    $admin->print_error($MESSAGE['MEDIA_BLANK_NAME'], "rename.php?dir=$directory&id=$file_id", false);
145
}
146
147
$info = pathinfo(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$rename_file);
148
$ext = isset($info['extension']) ? $info['extension'] : '';
149
$dots = (substr($info['basename'], 0, 1) == '.') || (substr($info['basename'], -1, 1) == '.');
150
151
if( preg_match('/'.$forbidden_file_types.'$/i', $ext) || $dots == '.' ) {
152
    $admin->print_error($MESSAGE['MEDIA_CANNOT_RENAME'], "rename.php?dir=$directory&id=$file_id", false);
153
}
154
155
// Check if we should overwrite or not
156
if($admin->get_post('overwrite') != 'yes' AND file_exists(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$name) == true) {
157
    if($type == 'folder') {
158
        $admin->print_error($MESSAGE['MEDIA_DIR_EXISTS'], "rename.php?dir=$directory&id=$file_id", false);
159
    } else {
160
        $admin->print_error($MESSAGE['MEDIA_FILE_EXISTS'], "rename.php?dir=$directory&id=$file_id", false);
161
    }
162
}
163
164
// Try and rename the file/folder
165
if(rename(WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$rename_file, WB_PATH.MEDIA_DIRECTORY.$directory.'/'.$name)) {
166
    $usedFiles = array();
167
    // feature freeze
168
    // require_once(ADMIN_PATH.'/media/dse.php');
169
    $admin->print_success($MESSAGE['MEDIA_RENAMED'], $dirlink);
170
} else {
171
    $admin->print_error($MESSAGE['MEDIA_CANNOT_RENAME'], "rename.php?dir=$directory&id=$file_id", false);
172
}