Project

General

Profile

1 4 ryan
<?php
2
3 61 stefan
// $Id$
4 4 ryan
5
/*
6
7
 Website Baker Project <http://www.websitebaker.org/>
8 915 Ruebenwurz
 Copyright (C) 2004-2009, Ryan Djurovich
9 4 ryan
10
 Website Baker is free software; you can redistribute it and/or modify
11
 it under the terms of the GNU General Public License as published by
12
 the Free Software Foundation; either version 2 of the License, or
13
 (at your option) any later version.
14
15
 Website Baker is distributed in the hope that it will be useful,
16
 but WITHOUT ANY WARRANTY; without even the implied warranty of
17
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18
 GNU General Public License for more details.
19
20
 You should have received a copy of the GNU General Public License
21
 along with Website Baker; if not, write to the Free Software
22
 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
23
24
*/
25
26
// Target location
27
if(!isset($_POST['target']) OR $_POST['target'] == '') {
28
	header("Location: index.php");
29 286 stefan
	exit(0);
30 4 ryan
} else {
31
	$target = $_POST['target'];
32
}
33
34
// Print admin header
35
require('../../config.php');
36
require_once(WB_PATH.'/framework/class.admin.php');
37 1023 Ruebenwurz
require_once(WB_PATH.'/include/pclzip/pclzip.lib.php');	// Required to unzip file.
38 4 ryan
$admin = new admin('Media', 'media_upload');
39
40
// Include the WB functions file
41
require_once(WB_PATH.'/framework/functions.php');
42
43
// Check to see if target contains ../
44
if(strstr($target, '../')) {
45
	$admin->print_error($MESSAGE['MEDIA']['TARGET_DOT_DOT_SLASH']);
46
}
47
48
// Create relative path of the target location for the file
49
$relative = WB_PATH.$target.'/';
50
51
// Find out whether we should replace files or give an error
52
if($admin->get_post('overwrite') != '') {
53
	$overwrite = true;
54
} else {
55
	$overwrite = false;
56
}
57
58 61 stefan
// Get list of file types to which we're supposed to append 'txt'
59
$get_result=$database->query("SELECT value FROM ".TABLE_PREFIX."settings WHERE name='rename_files_on_upload' LIMIT 1");
60
$file_extension_string='';
61
if ($get_result->numRows()>0) {
62
	$fetch_result=$get_result->fetchRow();
63
	$file_extension_string=$fetch_result['value'];
64
}
65
$file_extensions=explode(",",$file_extension_string);
66
67
68 4 ryan
// Loop through the files
69
$good_uploads = 0;
70
for($count = 1; $count <= 10; $count++) {
71
	// If file was upload to tmp
72
	if(isset($_FILES["file$count"]['name'])) {
73
		// Remove bad characters
74
		$filename = media_filename($_FILES["file$count"]['name']);
75
		// Check if there is still a filename left
76
		if($filename != '') {
77 61 stefan
			// Check for potentially malicious files and append 'txt' to their name
78
			foreach($file_extensions as $file_ext) {
79
				$file_ext_len=strlen($file_ext);
80
				if (substr($filename,-$file_ext_len)==$file_ext) {
81
					$filename.='.txt';
82
				}
83
			}
84 4 ryan
			// Move to relative path (in media folder)
85
			if(file_exists($relative.$filename) AND $overwrite == true) {
86
				if(move_uploaded_file($_FILES["file$count"]['tmp_name'], $relative.$filename)) {
87
					$good_uploads++;
88
					// Chmod the uploaded file
89
					change_mode($relative.$filename, 'file');
90
				}
91
			} elseif(!file_exists($relative.$filename)) {
92
				if(move_uploaded_file($_FILES["file$count"]['tmp_name'], $relative.$filename)) {
93
					$good_uploads++;
94
					// Chmod the uploaded file
95
					change_mode($relative.$filename);
96
				}
97
			}
98 1023 Ruebenwurz
			// store file name of first file for possible unzip action
99
			if ($count == 1) {
100
				$filename1 = $relative . $filename;
101
			}
102 4 ryan
		}
103
	}
104
}
105
106 1023 Ruebenwurz
// If the user chose to unzip the first file, unzip into the current folder
107
if (isset($_POST['unzip']) && isset($filename1) && file_exists($filename1) ) {
108
	$archive = new PclZip($filename1);
109
	$list = $archive->extract(PCLZIP_OPT_PATH, $relative);
110
	if($list == 0) {
111
		// error while trying to extract the archive (most likely wrong format)
112
		$admin->print_error('UNABLE TO UNZIP FILE' . $archive -> errorInfo(true));
113
	}
114
}
115
116 4 ryan
if($good_uploads == 1) {
117 1023 Ruebenwurz
	$admin->print_success($good_uploads.' '.$MESSAGE['MEDIA']['SINGLE_UPLOADED']);
118
	if (isset($_POST['delzip'])) {
119
		unlink($filename1);
120
	}
121 4 ryan
} else {
122 1023 Ruebenwurz
	$admin->print_success($good_uploads.' '.$MESSAGE['MEDIA']['UPLOADED']);
123 4 ryan
}
124
125
// Print admin
126
$admin->print_footer();
127
128 399 Ruebenwurz
?>