Project

General

Profile

1 4 ryan
<?php
2
3 61 stefan
// $Id$
4 4 ryan
5
/*
6
7
 Website Baker Project <http://www.websitebaker.org/>
8 915 Ruebenwurz
 Copyright (C) 2004-2009, Ryan Djurovich
9 4 ryan
10
 Website Baker is free software; you can redistribute it and/or modify
11
 it under the terms of the GNU General Public License as published by
12
 the Free Software Foundation; either version 2 of the License, or
13
 (at your option) any later version.
14
15
 Website Baker is distributed in the hope that it will be useful,
16
 but WITHOUT ANY WARRANTY; without even the implied warranty of
17
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18
 GNU General Public License for more details.
19
20
 You should have received a copy of the GNU General Public License
21
 along with Website Baker; if not, write to the Free Software
22
 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
23
24
*/
25
26
// Target location
27
if(!isset($_POST['target']) OR $_POST['target'] == '') {
28
	header("Location: index.php");
29 286 stefan
	exit(0);
30 4 ryan
} else {
31
	$target = $_POST['target'];
32
}
33
34
// Print admin header
35
require('../../config.php');
36 1041 Ruebenwurz
include_once('resize_img.php');
37
include_once('parameters.php');
38
39 4 ryan
require_once(WB_PATH.'/framework/class.admin.php');
40 1023 Ruebenwurz
require_once(WB_PATH.'/include/pclzip/pclzip.lib.php');	// Required to unzip file.
41 4 ryan
$admin = new admin('Media', 'media_upload');
42
43
// Include the WB functions file
44
require_once(WB_PATH.'/framework/functions.php');
45
46
// Check to see if target contains ../
47
if(strstr($target, '../')) {
48
	$admin->print_error($MESSAGE['MEDIA']['TARGET_DOT_DOT_SLASH']);
49
}
50
51
// Create relative path of the target location for the file
52
$relative = WB_PATH.$target.'/';
53 1102 ruud
$resizepath = str_replace(array('/',' '),'_',$target);
54 4 ryan
55
// Find out whether we should replace files or give an error
56
if($admin->get_post('overwrite') != '') {
57
	$overwrite = true;
58
} else {
59
	$overwrite = false;
60
}
61
62 61 stefan
// Get list of file types to which we're supposed to append 'txt'
63
$get_result=$database->query("SELECT value FROM ".TABLE_PREFIX."settings WHERE name='rename_files_on_upload' LIMIT 1");
64
$file_extension_string='';
65
if ($get_result->numRows()>0) {
66
	$fetch_result=$get_result->fetchRow();
67
	$file_extension_string=$fetch_result['value'];
68
}
69
$file_extensions=explode(",",$file_extension_string);
70
71
72 4 ryan
// Loop through the files
73
$good_uploads = 0;
74
for($count = 1; $count <= 10; $count++) {
75
	// If file was upload to tmp
76
	if(isset($_FILES["file$count"]['name'])) {
77
		// Remove bad characters
78
		$filename = media_filename($_FILES["file$count"]['name']);
79
		// Check if there is still a filename left
80
		if($filename != '') {
81 61 stefan
			// Check for potentially malicious files and append 'txt' to their name
82
			foreach($file_extensions as $file_ext) {
83
				$file_ext_len=strlen($file_ext);
84
				if (substr($filename,-$file_ext_len)==$file_ext) {
85
					$filename.='.txt';
86
				}
87
			}
88 4 ryan
			// Move to relative path (in media folder)
89
			if(file_exists($relative.$filename) AND $overwrite == true) {
90
				if(move_uploaded_file($_FILES["file$count"]['tmp_name'], $relative.$filename)) {
91
					$good_uploads++;
92
					// Chmod the uploaded file
93
					change_mode($relative.$filename, 'file');
94
				}
95
			} elseif(!file_exists($relative.$filename)) {
96
				if(move_uploaded_file($_FILES["file$count"]['tmp_name'], $relative.$filename)) {
97
					$good_uploads++;
98
					// Chmod the uploaded file
99
					change_mode($relative.$filename);
100
				}
101
			}
102 1041 Ruebenwurz
103
			if(file_exists($relative.$filename)) {
104
				if ($pathsettings[$resizepath]['width'] || $pathsettings[$resizepath]['height'] ) {
105
					$rimg=new RESIZEIMAGE($relative.$filename);
106
					$rimg->resize_limitwh($pathsettings[$resizepath]['width'],$pathsettings[$resizepath]['height'],$relative.$filename);
107
					$rimg->close();
108
				}
109
			}
110
111 1023 Ruebenwurz
			// store file name of first file for possible unzip action
112
			if ($count == 1) {
113
				$filename1 = $relative . $filename;
114
			}
115 4 ryan
		}
116
	}
117
}
118
119 1023 Ruebenwurz
// If the user chose to unzip the first file, unzip into the current folder
120
if (isset($_POST['unzip']) && isset($filename1) && file_exists($filename1) ) {
121
	$archive = new PclZip($filename1);
122
	$list = $archive->extract(PCLZIP_OPT_PATH, $relative);
123
	if($list == 0) {
124
		// error while trying to extract the archive (most likely wrong format)
125
		$admin->print_error('UNABLE TO UNZIP FILE' . $archive -> errorInfo(true));
126
	}
127
}
128
129 4 ryan
if($good_uploads == 1) {
130 1023 Ruebenwurz
	$admin->print_success($good_uploads.' '.$MESSAGE['MEDIA']['SINGLE_UPLOADED']);
131
	if (isset($_POST['delzip'])) {
132
		unlink($filename1);
133
	}
134 4 ryan
} else {
135 1023 Ruebenwurz
	$admin->print_success($good_uploads.' '.$MESSAGE['MEDIA']['UPLOADED']);
136 4 ryan
}
137
138
// Print admin
139
$admin->print_footer();
140
141 399 Ruebenwurz
?>