Project

General

Profile

1 4 ryan
<?php
2 1400 FrankH
/**
3
 *
4
 * @category        admin
5 1476 Luisehahne
 * @package         media
6 1726 Luisehahne
 * @author          Ryan Djurovich,WebsiteBaker Project
7
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
8 1400 FrankH
 * @link			http://www.websitebaker2.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id$
13 1726 Luisehahne
 * @filesource		$HeadURL$
14
 * @lastmodified    $Date$
15 1400 FrankH
 *
16
 */
17 4 ryan
18
// Print admin header
19
require('../../config.php');
20 1041 Ruebenwurz
include_once('resize_img.php');
21
include_once('parameters.php');
22
23 4 ryan
require_once(WB_PATH.'/framework/class.admin.php');
24 1475 Luisehahne
// require_once(WB_PATH.'/include/pclzip/pclzip.lib.php');	// Required to unzip file.
25 1457 Luisehahne
// suppress to print the header, so no new FTAN will be set
26
$admin = new admin('Media', 'media_upload', false);
27 4 ryan
28 1457 Luisehahne
if( !$admin->checkFTAN() )
29 1400 FrankH
{
30 1457 Luisehahne
	$admin->print_header();
31
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] );
32 1400 FrankH
}
33 1457 Luisehahne
// After check print the header
34
$admin->print_header();
35 1400 FrankH
36 1457 Luisehahne
// Target location
37
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
38
$target = (isset(${$requestMethod}['target'])) ? ${$requestMethod}['target'] : '';
39
40 4 ryan
// Include the WB functions file
41
require_once(WB_PATH.'/framework/functions.php');
42
43 1476 Luisehahne
$directory = ($target == '/') ?  '' : $target;
44
$dirlink = 'index.php?dir='.$directory;
45
$rootlink = 'index.php?dir=';
46
47 4 ryan
// Check to see if target contains ../
48 1425 Luisehahne
if (!check_media_path($target, false))
49
{
50 1726 Luisehahne
	$admin->print_error($MESSAGE['MEDIA_TARGET_DOT_DOT_SLASH'] );
51 4 ryan
}
52
53
// Create relative path of the target location for the file
54
$relative = WB_PATH.$target.'/';
55 1102 ruud
$resizepath = str_replace(array('/',' '),'_',$target);
56 4 ryan
57
// Find out whether we should replace files or give an error
58 1475 Luisehahne
$overwrite = ($admin->get_post('overwrite') != '') ? true : false;
59 4 ryan
60 61 stefan
// Get list of file types to which we're supposed to append 'txt'
61
$get_result=$database->query("SELECT value FROM ".TABLE_PREFIX."settings WHERE name='rename_files_on_upload' LIMIT 1");
62
$file_extension_string='';
63
if ($get_result->numRows()>0) {
64
	$fetch_result=$get_result->fetchRow();
65
	$file_extension_string=$fetch_result['value'];
66
}
67 1475 Luisehahne
68 61 stefan
$file_extensions=explode(",",$file_extension_string);
69 1460 Luisehahne
// get from settings and add to forbidden list
70 1476 Luisehahne
$forbidden_file_types  = preg_replace( '/\s*[,;\|#]\s*/','|',RENAME_FILES_ON_UPLOAD);
71 4 ryan
// Loop through the files
72
$good_uploads = 0;
73 1468 Luisehahne
$sum_dirs = 0;
74
$sum_files = 0;
75
76 1476 Luisehahne
for($count = 1; $count <= 10; $count++)
77
{
78 4 ryan
	// If file was upload to tmp
79 1476 Luisehahne
	if(isset($_FILES["file$count"]['name']))
80
	{
81 4 ryan
		// Remove bad characters
82 1460 Luisehahne
		$filename = trim(media_filename($_FILES["file$count"]['name']),'.') ;
83 4 ryan
		// Check if there is still a filename left
84 1460 Luisehahne
		// if($filename != '') {
85
		$info = pathinfo($filename);
86
		$ext = isset($info['extension']) ? $info['extension'] : '';
87
88 1484 Luisehahne
		if ( ($filename != '') && !preg_match("/" . $forbidden_file_types . "$/i", $ext) )
89 1476 Luisehahne
		{
90 4 ryan
			// Move to relative path (in media folder)
91 1460 Luisehahne
			if(file_exists($relative.$filename) AND $overwrite == true) {
92 4 ryan
				if(move_uploaded_file($_FILES["file$count"]['tmp_name'], $relative.$filename)) {
93
					$good_uploads++;
94 1468 Luisehahne
					$sum_files++;
95 4 ryan
					// Chmod the uploaded file
96 1460 Luisehahne
					change_mode($relative.$filename);
97 4 ryan
				}
98
			} elseif(!file_exists($relative.$filename)) {
99
				if(move_uploaded_file($_FILES["file$count"]['tmp_name'], $relative.$filename)) {
100
					$good_uploads++;
101 1468 Luisehahne
					$sum_files++;
102 4 ryan
					// Chmod the uploaded file
103
					change_mode($relative.$filename);
104
				}
105
			}
106 1460 Luisehahne
107 1041 Ruebenwurz
			if(file_exists($relative.$filename)) {
108
				if ($pathsettings[$resizepath]['width'] || $pathsettings[$resizepath]['height'] ) {
109
					$rimg=new RESIZEIMAGE($relative.$filename);
110
					$rimg->resize_limitwh($pathsettings[$resizepath]['width'],$pathsettings[$resizepath]['height'],$relative.$filename);
111
					$rimg->close();
112
				}
113
			}
114 1460 Luisehahne
115 1023 Ruebenwurz
			// store file name of first file for possible unzip action
116
			if ($count == 1) {
117
				$filename1 = $relative . $filename;
118
			}
119 4 ryan
		}
120
	}
121
}
122 1460 Luisehahne
/*
123
 * Callback function to skip files in black-list
124
 */
125
function pclzipCheckValidFile($p_event, &$p_header)
126
{
127 1476 Luisehahne
    //  return 1;
128
// Check for potentially malicious files
129
	$forbidden_file_types  = preg_replace( '/\s*[,;\|#]\s*/','|',RENAME_FILES_ON_UPLOAD);
130 1460 Luisehahne
	$info = pathinfo($p_header['filename']);
131 1468 Luisehahne
	$ext = isset($info['extension']) ? $info['extension'] : '';
132
	$dots = (substr($info['basename'], 0, 1) == '.') || (substr($info['basename'], -1, 1) == '.');
133 1460 Luisehahne
	if( !preg_match('/'.$forbidden_file_types.'$/i', $ext) && $dots != '.' )
134
	{	// ----- allowed file types are extracted
135
	  return 1;
136
	}else
137
	{	// ----- all other files are skiped
138
	  return 0;
139
	}
140
}
141
/* ********************************* */
142 4 ryan
143 1023 Ruebenwurz
// If the user chose to unzip the first file, unzip into the current folder
144
if (isset($_POST['unzip']) && isset($filename1) && file_exists($filename1) ) {
145 1476 Luisehahne
	// Required to unzip file.
146
	require_once(WB_PATH.'/include/pclzip/pclzip.lib.php');
147 1023 Ruebenwurz
	$archive = new PclZip($filename1);
148 1460 Luisehahne
	$list = $archive->extract(PCLZIP_OPT_PATH, $relative,PCLZIP_CB_PRE_EXTRACT, 'pclzipCheckValidFile');
149
150 1023 Ruebenwurz
	if($list == 0) {
151
		// error while trying to extract the archive (most likely wrong format)
152
		$admin->print_error('UNABLE TO UNZIP FILE' . $archive -> errorInfo(true));
153
	}
154 1460 Luisehahne
	$sum_files = 0;
155 1407 FrankH
	// rename executable files!
156 1460 Luisehahne
	foreach ($list as $key => $val) {
157
	    if( ($val['folder'] ) && change_mode($val['filename']) ) {
158
		   $sum_dirs++;
159
		} elseif( is_writable($val['filename']) && ($val['status'] == 'ok') && change_mode($val['filename']) )  {
160
			$sum_files++;
161 1407 FrankH
		}
162
	}
163 1460 Luisehahne
	if (isset($_POST['delzip'])) { unlink($filename1); }
164 1601 Luisehahne
	$dir = dirname($filename1);
165
    if(file_exists($dir)) {
166
		$array = createFolderProtectFile($dir);
167
    }
168 1023 Ruebenwurz
}
169 1460 Luisehahne
unset($list);
170 1601 Luisehahne
171 1468 Luisehahne
if($sum_files == 1) {
172 1726 Luisehahne
	$admin->print_success($sum_files.' '.$MESSAGE['MEDIA_SINGLE_UPLOADED'] );
173 1476 Luisehahne
} elseif($sum_files > 1) {
174 1726 Luisehahne
	$admin->print_success($sum_files.' '.$MESSAGE['MEDIA_UPLOADED'] );
175 4 ryan
} else {
176 1726 Luisehahne
177
	if(file_exists($relative.$filename)) {
178
    	$admin->print_error($MESSAGE['MEDIA_FILE_EXISTS'] );
179
    } else {
180
    	$admin->print_error($MESSAGE['MEDIA_NO_FILE_UPLOADED'] );
181
    }
182 4 ryan
}
183
184 1468 Luisehahne
// Print admin
185 4 ryan
$admin->print_footer();