Project

General

Profile

1 4 ryan
<?php
2 1400 FrankH
/**
3
 *
4
 * @category        admin
5
 * @package         admintools
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8
 * @copyright       2009-2011, Website Baker Org. e.V.
9
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12
 * @requirements    PHP 5.2.2 and higher
13
 * @version         $Id$
14
 * @filesource		$HeadURL:  $
15
 * @lastmodified    $Date:  $
16
 *
17
 */
18 4 ryan
19
// Target location
20
if(!isset($_POST['target']) OR $_POST['target'] == '') {
21
	header("Location: index.php");
22 286 stefan
	exit(0);
23 4 ryan
} else {
24
	$target = $_POST['target'];
25
}
26
27
// Print admin header
28
require('../../config.php');
29 1041 Ruebenwurz
include_once('resize_img.php');
30
include_once('parameters.php');
31
32 4 ryan
require_once(WB_PATH.'/framework/class.admin.php');
33 1023 Ruebenwurz
require_once(WB_PATH.'/include/pclzip/pclzip.lib.php');	// Required to unzip file.
34 4 ryan
$admin = new admin('Media', 'media_upload');
35
36 1400 FrankH
if (!$admin->checkFTAN())
37
{
38
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], WB_URL);
39
	exit();
40
}
41
42 4 ryan
// Include the WB functions file
43
require_once(WB_PATH.'/framework/functions.php');
44
45
// Check to see if target contains ../
46 1400 FrankH
if (!check_media_path($target, false)) {
47 4 ryan
	$admin->print_error($MESSAGE['MEDIA']['TARGET_DOT_DOT_SLASH']);
48
}
49
50
// Create relative path of the target location for the file
51
$relative = WB_PATH.$target.'/';
52 1102 ruud
$resizepath = str_replace(array('/',' '),'_',$target);
53 4 ryan
54
// Find out whether we should replace files or give an error
55
if($admin->get_post('overwrite') != '') {
56
	$overwrite = true;
57
} else {
58
	$overwrite = false;
59
}
60
61 61 stefan
// Get list of file types to which we're supposed to append 'txt'
62
$get_result=$database->query("SELECT value FROM ".TABLE_PREFIX."settings WHERE name='rename_files_on_upload' LIMIT 1");
63
$file_extension_string='';
64
if ($get_result->numRows()>0) {
65
	$fetch_result=$get_result->fetchRow();
66
	$file_extension_string=$fetch_result['value'];
67
}
68
$file_extensions=explode(",",$file_extension_string);
69
70
71 4 ryan
// Loop through the files
72
$good_uploads = 0;
73
for($count = 1; $count <= 10; $count++) {
74
	// If file was upload to tmp
75
	if(isset($_FILES["file$count"]['name'])) {
76
		// Remove bad characters
77
		$filename = media_filename($_FILES["file$count"]['name']);
78
		// Check if there is still a filename left
79
		if($filename != '') {
80 61 stefan
			// Check for potentially malicious files and append 'txt' to their name
81
			foreach($file_extensions as $file_ext) {
82
				$file_ext_len=strlen($file_ext);
83
				if (substr($filename,-$file_ext_len)==$file_ext) {
84
					$filename.='.txt';
85
				}
86
			}
87 4 ryan
			// Move to relative path (in media folder)
88
			if(file_exists($relative.$filename) AND $overwrite == true) {
89
				if(move_uploaded_file($_FILES["file$count"]['tmp_name'], $relative.$filename)) {
90
					$good_uploads++;
91
					// Chmod the uploaded file
92
					change_mode($relative.$filename, 'file');
93
				}
94
			} elseif(!file_exists($relative.$filename)) {
95
				if(move_uploaded_file($_FILES["file$count"]['tmp_name'], $relative.$filename)) {
96
					$good_uploads++;
97
					// Chmod the uploaded file
98
					change_mode($relative.$filename);
99
				}
100
			}
101 1041 Ruebenwurz
102
			if(file_exists($relative.$filename)) {
103
				if ($pathsettings[$resizepath]['width'] || $pathsettings[$resizepath]['height'] ) {
104
					$rimg=new RESIZEIMAGE($relative.$filename);
105
					$rimg->resize_limitwh($pathsettings[$resizepath]['width'],$pathsettings[$resizepath]['height'],$relative.$filename);
106
					$rimg->close();
107
				}
108
			}
109
110 1023 Ruebenwurz
			// store file name of first file for possible unzip action
111
			if ($count == 1) {
112
				$filename1 = $relative . $filename;
113
			}
114 4 ryan
		}
115
	}
116
}
117
118 1023 Ruebenwurz
// If the user chose to unzip the first file, unzip into the current folder
119
if (isset($_POST['unzip']) && isset($filename1) && file_exists($filename1) ) {
120
	$archive = new PclZip($filename1);
121
	$list = $archive->extract(PCLZIP_OPT_PATH, $relative);
122
	if($list == 0) {
123
		// error while trying to extract the archive (most likely wrong format)
124
		$admin->print_error('UNABLE TO UNZIP FILE' . $archive -> errorInfo(true));
125
	}
126
}
127
128 4 ryan
if($good_uploads == 1) {
129 1023 Ruebenwurz
	$admin->print_success($good_uploads.' '.$MESSAGE['MEDIA']['SINGLE_UPLOADED']);
130
	if (isset($_POST['delzip'])) {
131
		unlink($filename1);
132
	}
133 4 ryan
} else {
134 1023 Ruebenwurz
	$admin->print_success($good_uploads.' '.$MESSAGE['MEDIA']['UPLOADED']);
135 4 ryan
}
136
137
// Print admin
138
$admin->print_footer();
139
140 399 Ruebenwurz
?>