Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         media
6
 * @author          Ryan Djurovich,WebsiteBaker Project
7
 * @copyright       2009-2013, WebsiteBaker Org. e.V.
8
 * @link            http://www.websitebaker.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id: upload.php 1920 2013-06-07 04:30:29Z Luisehahne $
13
 * @filesource      $HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/admin/media/upload.php $
14
 * @lastmodified    $Date: 2013-06-07 06:30:29 +0200 (Fri, 07 Jun 2013) $
15
 *
16
 */
17

    
18
if(!defined('WB_URL'))
19
{
20
    $config_file = realpath('../../config.php');
21
    if(file_exists($config_file) && !defined('WB_URL'))
22
    {
23
    	require($config_file);
24
    }
25
}
26
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
27

    
28
$modulePath = dirname(__FILE__);
29

    
30
//include_once('resize_img.php');
31
include_once($modulePath.'/parameters.php');
32

    
33
// suppress to print the header, so no new FTAN will be set
34
$admin = new admin('Media', 'media_upload', false);
35

    
36
if( !$admin->checkFTAN() )
37
{
38
	$admin->print_header();
39
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] );
40
}
41
// After check print the header
42
$admin->print_header();
43

    
44
// Target location
45
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
46
$target = (isset(${$requestMethod}['target'])) ? ${$requestMethod}['target'] : '';
47

    
48
// Include the WB functions file
49
if(!function_exists('directory_list')) { require(WB_PATH.'/framework/functions.php'); }
50

    
51
$directory = ($target == '/') ?  '' : $target;
52
$dirlink = 'index.php?dir='.$directory;
53
$rootlink = 'index.php?dir=';
54

    
55
// Check to see if target contains ../
56
if (!check_media_path($target, false))
57
{
58
	$admin->print_error($MESSAGE['MEDIA_TARGET_DOT_DOT_SLASH'] );
59
}
60

    
61
// Create relative path of the target location for the file
62
$relative = WB_PATH.$target.'/';
63
$resizepath = str_replace(array('/',' '),'_',$target);
64

    
65
// Find out whether we should replace files or give an error
66
$overwrite = ($admin->get_post('overwrite') != '') ? true : false;
67

    
68
$file_extension_string = '';
69
// Get list of file types to which we're supposed to append 'txt'
70
$sql = 'SELECT `value` FROM  `'.TABLE_PREFIX. 'settings` '.
71
       'WHERE `name`=\'rename_files_on_upload\'';
72
if( ($file_extension_string = $database->get_one($sql))=='' ) {
73
//    $aResult = $oRes->fetchRow(MYSQL_ASSOC);
74
//    $file_extension_string = $aResult['value'];
75

    
76
}
77

    
78
$file_extensions=explode(",",$file_extension_string);
79
// get from settings and add to forbidden list
80
$forbidden_file_types  = preg_replace( '/\s*[,;\|#]\s*/','|',RENAME_FILES_ON_UPLOAD);
81
// Loop through the files
82
$good_uploads = 0;
83
$sum_dirs = 0;
84
$sum_files = 0;
85

    
86
for($count = 1; $count <= 10; $count++)
87
{
88
	// If file was upload to tmp
89
	if(isset($_FILES["file$count"]['name']))
90
	{
91
		// Remove bad characters
92
		$filename = trim(media_filename($_FILES["file$count"]['name']),'.') ;
93
		// Check if there is still a filename left
94
		// if($filename != '') {
95
		$info = pathinfo($filename);
96
		$ext = isset($info['extension']) ? $info['extension'] : '';
97

    
98
		if ( ($filename != '') && !preg_match("/" . $forbidden_file_types . "$/i", $ext) )
99
		{
100
			// Move to relative path (in media folder)
101
			if(file_exists($relative.$filename) AND $overwrite == true) {
102
				if(move_uploaded_file($_FILES["file$count"]['tmp_name'], $relative.$filename)) {
103
					$good_uploads++;
104
					$sum_files++;
105
					// Chmod the uploaded file
106
					change_mode($relative.$filename);
107
				}
108
			} elseif(!file_exists($relative.$filename)) {
109
				if(move_uploaded_file($_FILES["file$count"]['tmp_name'], $relative.$filename)) {
110
					$good_uploads++;
111
					$sum_files++;
112
					// Chmod the uploaded file
113
					change_mode($relative.$filename);
114
				}
115
			}
116

    
117

    
118
			if(file_exists($relative.$filename)) {
119

    
120
                $ImgWidth  = isset($pathsettings[$resizepath]['width'])  ? intval($pathsettings[$resizepath]['width'])  : null;
121
                $ImgHeigth = isset($pathsettings[$resizepath]['height']) ? intval($pathsettings[$resizepath]['height']) : null;
122

    
123
				if ($ImgWidth!=null || $ImgHeigth!=null ) {
124
                    if(!class_exists('PhpThumbFactory', false)){ include($modulePath.'/inc/ThumbLib.inc.php'); }
125
                	$oImage = PhpThumbFactory::create($relative.$filename);
126
                    $aOldSize = $oImage->getCurrentDimensions();
127
                    $ImgPercent = 50;
128

    
129
    				if ($ImgWidth!=null && $ImgHeigth==null ) {
130
                        $ImgPercent =  $ImgWidth*100/$aOldSize['width'];
131
                        $ImgHeigth = $ImgWidth;
132
                    } elseif( $ImgWidth==null && $ImgHeigth!=null ) {
133
                        $ImgPercent =  $ImgHeigth*100/$aOldSize['height'];
134
                        $ImgWidth = $ImgHeigth;
135
                    } else {
136
                        $ImgPercent = $ImgWidth*100/$aOldSize['width'];
137
                    }
138
                    $oImage->resize($ImgWidth,$ImgHeigth)->save($relative.$filename);
139
//                    $oImage->resizePercent($ImgPercent)->save($relative.$filename);
140
//                    $oImage->adaptiveResize($ImgWidth,$ImgHeigth)->save($relative.$filename);
141
//                    $oImage->save($relative.$filename);
142
				}
143

    
144
			}
145

    
146
			// store file name of first file for possible unzip action
147
			if ($count == 1) {
148
				$filename1 = $relative . $filename;
149
			}
150
		}
151
	}
152
}
153
/*
154
 * Callback function to skip files in black-list
155
 */
156
function pclzipCheckValidFile($p_event, &$p_header)
157
{
158
    //  return 1;
159
// Check for potentially malicious files
160
	$forbidden_file_types  = preg_replace( '/\s*[,;\|#]\s*/','|',RENAME_FILES_ON_UPLOAD);
161
	$info = pathinfo($p_header['filename']);
162
	$ext = isset($info['extension']) ? $info['extension'] : '';
163
	$dots = (substr($info['basename'], 0, 1) == '.') || (substr($info['basename'], -1, 1) == '.');
164
	if( !preg_match('/'.$forbidden_file_types.'$/i', $ext) && $dots != '.' )
165
	{	// ----- allowed file types are extracted
166
	  return 1;
167
	}else
168
	{	// ----- all other files are skiped
169
	  return 0;
170
	}
171
}
172
/* ********************************* */
173

    
174
// If the user chose to unzip the first file, unzip into the current folder
175
if (isset($_POST['unzip']) && isset($filename1) && file_exists($filename1) ) {
176
	// Required to unzip file.
177
	require_once(WB_PATH.'/include/pclzip/pclzip.lib.php');
178
	$archive = new PclZip($filename1);
179
	$list = $archive->extract(PCLZIP_OPT_PATH, $relative,PCLZIP_CB_PRE_EXTRACT, 'pclzipCheckValidFile');
180

    
181
	if($list == 0) {
182
		// error while trying to extract the archive (most likely wrong format)
183
		$admin->print_error('UNABLE TO UNZIP FILE' . $archive -> errorInfo(true));
184
	}
185
	$sum_files = 0;
186
	// rename executable files!
187
	foreach ($list as $key => $val) {
188
	    if( ($val['folder'] ) && change_mode($val['filename']) ) {
189
		   $sum_dirs++;
190
		} elseif( is_writable($val['filename']) && ($val['status'] == 'ok') && change_mode($val['filename']) )  {
191
			$sum_files++;
192
		}
193
	}
194
	if (isset($_POST['delzip'])) { unlink($filename1); }
195
	$dir = dirname($filename1);
196
    if(file_exists($dir)) {
197
		$array = createFolderProtectFile($dir);
198
    }
199
}
200
unset($list);
201

    
202
if($sum_files == 1) {
203
	$admin->print_success($sum_files.' '.$MESSAGE['MEDIA_SINGLE_UPLOADED'] );
204
} elseif($sum_files > 1) {
205
	$admin->print_success($sum_files.' '.$MESSAGE['MEDIA_UPLOADED'] );
206
} else {
207

    
208
	if(file_exists($relative.$filename)) {
209
    	$admin->print_error($MESSAGE['MEDIA_FILE_EXISTS'] );
210
    } else {
211
    	$admin->print_error($MESSAGE['MEDIA_NO_FILE_UPLOADED'] );
212
    }
213
}
214

    
215
// Print admin
216
$admin->print_footer();
(14-14/14)