[239] | 1 | <?php
|
---|
| 2 |
|
---|
| 3 | /** This file is part of KCFinder project
|
---|
| 4 | *
|
---|
| 5 | * @desc Uploader class
|
---|
| 6 | * @package KCFinder
|
---|
| 7 | * @version 2.51
|
---|
| 8 | * @author Pavel Tzonkov <pavelc@users.sourceforge.net>
|
---|
| 9 | * @copyright 2010, 2011 KCFinder Project
|
---|
| 10 | * @license http://www.opensource.org/licenses/gpl-2.0.php GPLv2
|
---|
| 11 | * @license http://www.opensource.org/licenses/lgpl-2.1.php LGPLv2
|
---|
| 12 | * @link http://kcfinder.sunhater.com
|
---|
| 13 | */
|
---|
| 14 |
|
---|
| 15 | class uploader {
|
---|
| 16 |
|
---|
| 17 | /** Release version */
|
---|
| 18 | const VERSION = "2.51";
|
---|
| 19 |
|
---|
| 20 | /** Config session-overrided settings
|
---|
| 21 | * @var array */
|
---|
| 22 | protected $config = array();
|
---|
| 23 |
|
---|
| 24 | /** Opener applocation properties
|
---|
| 25 | * $opener['name'] Got from $_GET['opener'];
|
---|
| 26 | * $opener['CKEditor']['funcNum'] CKEditor function number (got from $_GET)
|
---|
| 27 | * $opener['TinyMCE'] Boolean
|
---|
| 28 | * @var array */
|
---|
| 29 | protected $opener = array();
|
---|
| 30 |
|
---|
| 31 | /** Got from $_GET['type'] or first one $config['types'] array key, if inexistant
|
---|
| 32 | * @var string */
|
---|
| 33 | protected $type;
|
---|
| 34 |
|
---|
| 35 | /** Helper property. Local filesystem path to the Type Directory
|
---|
| 36 | * Equivalent: $config['uploadDir'] . "/" . $type
|
---|
| 37 | * @var string */
|
---|
| 38 | protected $typeDir;
|
---|
| 39 |
|
---|
| 40 | /** Helper property. Web URL to the Type Directory
|
---|
| 41 | * Equivalent: $config['uploadURL'] . "/" . $type
|
---|
| 42 | * @var string */
|
---|
| 43 | protected $typeURL;
|
---|
| 44 |
|
---|
| 45 | /** Linked to $config['types']
|
---|
| 46 | * @var array */
|
---|
| 47 | protected $types = array();
|
---|
| 48 |
|
---|
| 49 | /** Settings which can override default settings if exists as keys in $config['types'][$type] array
|
---|
| 50 | * @var array */
|
---|
| 51 | protected $typeSettings = array('disabled', 'theme', 'dirPerms', 'filePerms', 'denyZipDownload', 'maxImageWidth', 'maxImageHeight', 'thumbWidth', 'thumbHeight', 'jpegQuality', 'access', 'filenameChangeChars', 'dirnameChangeChars', 'denyExtensionRename', 'deniedExts');
|
---|
| 52 |
|
---|
| 53 | /** Got from language file
|
---|
| 54 | * @var string */
|
---|
| 55 | protected $charset;
|
---|
| 56 |
|
---|
| 57 | /** The language got from $_GET['lng'] or $_GET['lang'] or... Please see next property
|
---|
| 58 | * @var string */
|
---|
| 59 | protected $lang = 'en';
|
---|
| 60 |
|
---|
| 61 | /** Possible language $_GET keys
|
---|
| 62 | * @var array */
|
---|
| 63 | protected $langInputNames = array('lang', 'langCode', 'lng', 'language', 'lang_code');
|
---|
| 64 |
|
---|
| 65 | /** Uploaded file(s) info. Linked to first $_FILES element
|
---|
| 66 | * @var array */
|
---|
| 67 | protected $file;
|
---|
| 68 |
|
---|
| 69 | /** Next three properties are got from the current language file
|
---|
| 70 | * @var string */
|
---|
| 71 | protected $dateTimeFull; // Currently not used
|
---|
| 72 | protected $dateTimeMid; // Currently not used
|
---|
| 73 | protected $dateTimeSmall;
|
---|
| 74 |
|
---|
| 75 | /** Contain Specified language labels
|
---|
| 76 | * @var array */
|
---|
| 77 | protected $labels = array();
|
---|
| 78 |
|
---|
| 79 | /** Contain unprocessed $_GET array. Please use this instead of $_GET
|
---|
| 80 | * @var array */
|
---|
| 81 | protected $get;
|
---|
| 82 |
|
---|
| 83 | /** Contain unprocessed $_POST array. Please use this instead of $_POST
|
---|
| 84 | * @var array */
|
---|
| 85 | protected $post;
|
---|
| 86 |
|
---|
| 87 | /** Contain unprocessed $_COOKIE array. Please use this instead of $_COOKIE
|
---|
| 88 | * @var array */
|
---|
| 89 | protected $cookie;
|
---|
| 90 |
|
---|
| 91 | /** Session array. Please use this property instead of $_SESSION
|
---|
| 92 | * @var array */
|
---|
| 93 | protected $session;
|
---|
| 94 |
|
---|
| 95 | /** CMS integration attribute (got from $_GET['cms'])
|
---|
| 96 | * @var string */
|
---|
| 97 | protected $cms = "";
|
---|
| 98 |
|
---|
| 99 | /** Magic method which allows read-only access to protected or private class properties
|
---|
| 100 | * @param string $property
|
---|
| 101 | * @return mixed */
|
---|
| 102 | public function __get($property) {
|
---|
| 103 | return property_exists($this, $property) ? $this->$property : null;
|
---|
| 104 | }
|
---|
| 105 |
|
---|
| 106 | public function __construct() {
|
---|
| 107 |
|
---|
| 108 | // DISABLE MAGIC QUOTES
|
---|
| 109 | if (function_exists('set_magic_quotes_runtime'))
|
---|
| 110 | @set_magic_quotes_runtime(false);
|
---|
| 111 |
|
---|
| 112 | // INPUT INIT
|
---|
| 113 | $input = new input();
|
---|
| 114 | $this->get = &$input->get;
|
---|
| 115 | $this->post = &$input->post;
|
---|
| 116 | $this->cookie = &$input->cookie;
|
---|
| 117 |
|
---|
| 118 | // SET CMS INTEGRATION ATTRIBUTE
|
---|
| 119 | if (isset($this->get['cms']) &&
|
---|
| 120 | in_array($this->get['cms'], array("drupal"))
|
---|
| 121 | )
|
---|
| 122 | $this->cms = $this->get['cms'];
|
---|
| 123 |
|
---|
| 124 | // LINKING UPLOADED FILE
|
---|
| 125 | if (count($_FILES))
|
---|
| 126 | $this->file = &$_FILES[key($_FILES)];
|
---|
| 127 |
|
---|
| 128 | // LOAD DEFAULT CONFIGURATION
|
---|
| 129 | require "config.php";
|
---|
| 130 |
|
---|
| 131 | // SETTING UP SESSION
|
---|
| 132 | if (isset($_CONFIG['_sessionLifetime']))
|
---|
| 133 | ini_set('session.gc_maxlifetime', $_CONFIG['_sessionLifetime'] * 60);
|
---|
| 134 | if (isset($_CONFIG['_sessionDir']))
|
---|
| 135 | ini_set('session.save_path', $_CONFIG['_sessionDir']);
|
---|
| 136 | if (isset($_CONFIG['_sessionDomain']))
|
---|
| 137 | ini_set('session.cookie_domain', $_CONFIG['_sessionDomain']);
|
---|
| 138 | switch ($this->cms) {
|
---|
| 139 | case "drupal": break;
|
---|
| 140 | default: session_start(); break;
|
---|
| 141 | }
|
---|
| 142 |
|
---|
| 143 | // RELOAD DEFAULT CONFIGURATION
|
---|
| 144 | require "config.php";
|
---|
| 145 | $this->config = $_CONFIG;
|
---|
| 146 |
|
---|
| 147 | // LOAD SESSION CONFIGURATION IF EXISTS
|
---|
| 148 | if (isset($_CONFIG['_sessionVar']) &&
|
---|
| 149 | is_array($_CONFIG['_sessionVar'])
|
---|
| 150 | ) {
|
---|
| 151 | foreach ($_CONFIG['_sessionVar'] as $key => $val)
|
---|
| 152 | if ((substr($key, 0, 1) != "_") && isset($_CONFIG[$key]))
|
---|
| 153 | $this->config[$key] = $val;
|
---|
| 154 | if (!isset($this->config['_sessionVar']['self']))
|
---|
| 155 | $this->config['_sessionVar']['self'] = array();
|
---|
| 156 | $this->session = &$this->config['_sessionVar']['self'];
|
---|
| 157 | } else
|
---|
| 158 | $this->session = &$_SESSION;
|
---|
| 159 |
|
---|
| 160 | // GET TYPE DIRECTORY
|
---|
| 161 | $this->types = &$this->config['types'];
|
---|
| 162 | $firstType = array_keys($this->types);
|
---|
| 163 | $firstType = $firstType[0];
|
---|
| 164 | $this->type = (
|
---|
| 165 | isset($this->get['type']) &&
|
---|
| 166 | isset($this->types[$this->get['type']])
|
---|
| 167 | )
|
---|
| 168 | ? $this->get['type'] : $firstType;
|
---|
| 169 |
|
---|
| 170 | // LOAD TYPE DIRECTORY SPECIFIC CONFIGURATION IF EXISTS
|
---|
| 171 | if (is_array($this->types[$this->type])) {
|
---|
| 172 | foreach ($this->types[$this->type] as $key => $val)
|
---|
| 173 | if (in_array($key, $this->typeSettings))
|
---|
| 174 | $this->config[$key] = $val;
|
---|
| 175 | $this->types[$this->type] = isset($this->types[$this->type]['type'])
|
---|
| 176 | ? $this->types[$this->type]['type'] : "";
|
---|
| 177 | }
|
---|
| 178 |
|
---|
| 179 | // COOKIES INIT
|
---|
| 180 | $ip = '(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)';
|
---|
| 181 | $ip = '/^' . implode('\.', array($ip, $ip, $ip, $ip)) . '$/';
|
---|
| 182 | if (preg_match($ip, $_SERVER['HTTP_HOST']) ||
|
---|
| 183 | preg_match('/^[^\.]+$/', $_SERVER['HTTP_HOST'])
|
---|
| 184 | )
|
---|
| 185 | $this->config['cookieDomain'] = "";
|
---|
| 186 | elseif (!strlen($this->config['cookieDomain']))
|
---|
| 187 | $this->config['cookieDomain'] = $_SERVER['HTTP_HOST'];
|
---|
| 188 | if (!strlen($this->config['cookiePath']))
|
---|
| 189 | $this->config['cookiePath'] = "/";
|
---|
| 190 |
|
---|
| 191 | // UPLOAD FOLDER INIT
|
---|
| 192 |
|
---|
| 193 | // FULL URL
|
---|
| 194 | if (preg_match('/^([a-z]+)\:\/\/([^\/^\:]+)(\:(\d+))?\/(.+)\/?$/',
|
---|
| 195 | $this->config['uploadURL'], $patt)
|
---|
| 196 | ) {
|
---|
| 197 | list($unused, $protocol, $domain, $unused, $port, $path) = $patt;
|
---|
| 198 | $path = path::normalize($path);
|
---|
| 199 | $this->config['uploadURL'] = "$protocol://$domain" . (strlen($port) ? ":$port" : "") . "/$path";
|
---|
| 200 | $this->config['uploadDir'] = strlen($this->config['uploadDir'])
|
---|
| 201 | ? path::normalize($this->config['uploadDir'])
|
---|
| 202 | : path::url2fullPath("/$path");
|
---|
| 203 | $this->typeDir = "{$this->config['uploadDir']}/{$this->type}";
|
---|
| 204 | $this->typeURL = "{$this->config['uploadURL']}/{$this->type}";
|
---|
| 205 |
|
---|
| 206 | // SITE ROOT
|
---|
| 207 | } elseif ($this->config['uploadURL'] == "/") {
|
---|
| 208 | $this->config['uploadDir'] = strlen($this->config['uploadDir'])
|
---|
| 209 | ? path::normalize($this->config['uploadDir'])
|
---|
| 210 | : path::normalize($_SERVER['DOCUMENT_ROOT']);
|
---|
| 211 | $this->typeDir = "{$this->config['uploadDir']}/{$this->type}";
|
---|
| 212 | $this->typeURL = "/{$this->type}";
|
---|
| 213 |
|
---|
| 214 | // ABSOLUTE & RELATIVE
|
---|
| 215 | } else {
|
---|
| 216 | $this->config['uploadURL'] = (substr($this->config['uploadURL'], 0, 1) === "/")
|
---|
| 217 | ? path::normalize($this->config['uploadURL'])
|
---|
| 218 | : path::rel2abs_url($this->config['uploadURL']);
|
---|
| 219 | $this->config['uploadDir'] = strlen($this->config['uploadDir'])
|
---|
| 220 | ? path::normalize($this->config['uploadDir'])
|
---|
| 221 | : path::url2fullPath($this->config['uploadURL']);
|
---|
| 222 | $this->typeDir = "{$this->config['uploadDir']}/{$this->type}";
|
---|
| 223 | $this->typeURL = "{$this->config['uploadURL']}/{$this->type}";
|
---|
| 224 | }
|
---|
| 225 | if (!is_dir($this->config['uploadDir']))
|
---|
| 226 | @mkdir($this->config['uploadDir'], $this->config['dirPerms']);
|
---|
| 227 |
|
---|
| 228 | // HOST APPLICATIONS INIT
|
---|
| 229 | if (isset($this->get['CKEditorFuncNum']))
|
---|
| 230 | $this->opener['CKEditor']['funcNum'] = $this->get['CKEditorFuncNum'];
|
---|
| 231 | if (isset($this->get['opener']) &&
|
---|
| 232 | (strtolower($this->get['opener']) == "tinymce") &&
|
---|
| 233 | isset($this->config['_tinyMCEPath']) &&
|
---|
| 234 | strlen($this->config['_tinyMCEPath'])
|
---|
| 235 | )
|
---|
| 236 | $this->opener['TinyMCE'] = true;
|
---|
| 237 |
|
---|
| 238 | // LOCALIZATION
|
---|
| 239 | foreach ($this->langInputNames as $key)
|
---|
| 240 | if (isset($this->get[$key]) &&
|
---|
| 241 | preg_match('/^[a-z][a-z\._\-]*$/i', $this->get[$key]) &&
|
---|
| 242 | file_exists("lang/" . strtolower($this->get[$key]) . ".php")
|
---|
| 243 | ) {
|
---|
| 244 | $this->lang = $this->get[$key];
|
---|
| 245 | break;
|
---|
| 246 | }
|
---|
| 247 | $this->localize($this->lang);
|
---|
| 248 |
|
---|
| 249 | // CHECK & MAKE DEFAULT .htaccess
|
---|
| 250 | if (isset($this->config['_check4htaccess']) &&
|
---|
| 251 | $this->config['_check4htaccess']
|
---|
| 252 | ) {
|
---|
| 253 | $htaccess = "{$this->config['uploadDir']}/.htaccess";
|
---|
| 254 | if (!file_exists($htaccess)) {
|
---|
| 255 | if (!@file_put_contents($htaccess, $this->get_htaccess()))
|
---|
| 256 | $this->backMsg("Cannot write to upload folder. {$this->config['uploadDir']}");
|
---|
| 257 | } else {
|
---|
| 258 | if (false === ($data = @file_get_contents($htaccess)))
|
---|
| 259 | $this->backMsg("Cannot read .htaccess");
|
---|
| 260 | if (($data != $this->get_htaccess()) && !@file_put_contents($htaccess, $data))
|
---|
| 261 | $this->backMsg("Incorrect .htaccess file. Cannot rewrite it!");
|
---|
| 262 | }
|
---|
| 263 | }
|
---|
| 264 |
|
---|
| 265 | // CHECK & CREATE UPLOAD FOLDER
|
---|
| 266 | if (!is_dir($this->typeDir)) {
|
---|
| 267 | if (!mkdir($this->typeDir, $this->config['dirPerms']))
|
---|
| 268 | $this->backMsg("Cannot create {dir} folder.", array('dir' => $this->type));
|
---|
| 269 | } elseif (!is_readable($this->typeDir))
|
---|
| 270 | $this->backMsg("Cannot read upload folder.");
|
---|
| 271 | }
|
---|
| 272 |
|
---|
| 273 | public function upload() {
|
---|
| 274 | $config = &$this->config;
|
---|
| 275 | $file = &$this->file;
|
---|
| 276 | $url = $message = "";
|
---|
| 277 |
|
---|
| 278 | if ($config['disabled'] || !$config['access']['files']['upload']) {
|
---|
| 279 | if (isset($file['tmp_name'])) @unlink($file['tmp_name']);
|
---|
| 280 | $message = $this->label("You don't have permissions to upload files.");
|
---|
| 281 |
|
---|
| 282 | } elseif (true === ($message = $this->checkUploadedFile())) {
|
---|
| 283 | $message = "";
|
---|
| 284 |
|
---|
| 285 | $dir = "{$this->typeDir}/";
|
---|
| 286 | if (isset($this->get['dir']) &&
|
---|
| 287 | (false !== ($gdir = $this->checkInputDir($this->get['dir'])))
|
---|
| 288 | ) {
|
---|
| 289 | $udir = path::normalize("$dir$gdir");
|
---|
| 290 | if (substr($udir, 0, strlen($dir)) !== $dir)
|
---|
| 291 | $message = $this->label("Unknown error.");
|
---|
| 292 | else {
|
---|
| 293 | $l = strlen($dir);
|
---|
| 294 | $dir = "$udir/";
|
---|
| 295 | $udir = substr($udir, $l);
|
---|
| 296 | }
|
---|
| 297 | }
|
---|
| 298 |
|
---|
| 299 | if (!strlen($message)) {
|
---|
| 300 | if (!is_dir(path::normalize($dir)))
|
---|
| 301 | @mkdir(path::normalize($dir), $this->config['dirPerms'], true);
|
---|
| 302 |
|
---|
| 303 | $filename = $this->normalizeFilename($file['name']);
|
---|
| 304 | $target = file::getInexistantFilename($dir . $filename);
|
---|
| 305 |
|
---|
| 306 | if (!@move_uploaded_file($file['tmp_name'], $target) &&
|
---|
| 307 | !@rename($file['tmp_name'], $target) &&
|
---|
| 308 | !@copy($file['tmp_name'], $target)
|
---|
| 309 | )
|
---|
| 310 | $message = $this->label("Cannot move uploaded file to target folder.");
|
---|
| 311 | else {
|
---|
| 312 | if (function_exists('chmod'))
|
---|
| 313 | @chmod($target, $this->config['filePerms']);
|
---|
| 314 | $this->makeThumb($target);
|
---|
| 315 | $url = $this->typeURL;
|
---|
| 316 | if (isset($udir)) $url .= "/$udir";
|
---|
| 317 | $url .= "/" . basename($target);
|
---|
| 318 | if (preg_match('/^([a-z]+)\:\/\/([^\/^\:]+)(\:(\d+))?\/(.+)$/', $url, $patt)) {
|
---|
| 319 | list($unused, $protocol, $domain, $unused, $port, $path) = $patt;
|
---|
| 320 | $base = "$protocol://$domain" . (strlen($port) ? ":$port" : "") . "/";
|
---|
| 321 | $url = $base . path::urlPathEncode($path);
|
---|
| 322 | } else
|
---|
| 323 | $url = path::urlPathEncode($url);
|
---|
| 324 | }
|
---|
| 325 | }
|
---|
| 326 | }
|
---|
| 327 |
|
---|
| 328 | if (strlen($message) &&
|
---|
| 329 | isset($this->file['tmp_name']) &&
|
---|
| 330 | file_exists($this->file['tmp_name'])
|
---|
| 331 | )
|
---|
| 332 | @unlink($this->file['tmp_name']);
|
---|
| 333 |
|
---|
| 334 | if (strlen($message) && method_exists($this, 'errorMsg'))
|
---|
| 335 | $this->errorMsg($message);
|
---|
| 336 | $this->callBack($url, $message);
|
---|
| 337 | }
|
---|
| 338 |
|
---|
| 339 | protected function normalizeFilename($filename) {
|
---|
| 340 | if (isset($this->config['filenameChangeChars']) &&
|
---|
| 341 | is_array($this->config['filenameChangeChars'])
|
---|
| 342 | )
|
---|
| 343 | $filename = strtr($filename, $this->config['filenameChangeChars']);
|
---|
| 344 | return $filename;
|
---|
| 345 | }
|
---|
| 346 |
|
---|
| 347 | protected function normalizeDirname($dirname) {
|
---|
| 348 | if (isset($this->config['dirnameChangeChars']) &&
|
---|
| 349 | is_array($this->config['dirnameChangeChars'])
|
---|
| 350 | )
|
---|
| 351 | $dirname = strtr($dirname, $this->config['dirnameChangeChars']);
|
---|
| 352 | return $dirname;
|
---|
| 353 | }
|
---|
| 354 |
|
---|
| 355 | protected function checkUploadedFile(array $aFile=null) {
|
---|
| 356 | $config = &$this->config;
|
---|
| 357 | $file = ($aFile === null) ? $this->file : $aFile;
|
---|
| 358 |
|
---|
| 359 | if (!is_array($file) || !isset($file['name']))
|
---|
| 360 | return $this->label("Unknown error");
|
---|
| 361 |
|
---|
| 362 | if (is_array($file['name'])) {
|
---|
| 363 | foreach ($file['name'] as $i => $name) {
|
---|
| 364 | $return = $this->checkUploadedFile(array(
|
---|
| 365 | 'name' => $name,
|
---|
| 366 | 'tmp_name' => $file['tmp_name'][$i],
|
---|
| 367 | 'error' => $file['error'][$i]
|
---|
| 368 | ));
|
---|
| 369 | if ($return !== true)
|
---|
| 370 | return "$name: $return";
|
---|
| 371 | }
|
---|
| 372 | return true;
|
---|
| 373 | }
|
---|
| 374 |
|
---|
| 375 | $extension = file::getExtension($file['name']);
|
---|
| 376 | $typePatt = strtolower(text::clearWhitespaces($this->types[$this->type]));
|
---|
| 377 |
|
---|
| 378 | // CHECK FOR UPLOAD ERRORS
|
---|
| 379 | if ($file['error'])
|
---|
| 380 | return
|
---|
| 381 | ($file['error'] == UPLOAD_ERR_INI_SIZE) ?
|
---|
| 382 | $this->label("The uploaded file exceeds {size} bytes.",
|
---|
| 383 | array('size' => ini_get('upload_max_filesize'))) : (
|
---|
| 384 | ($file['error'] == UPLOAD_ERR_FORM_SIZE) ?
|
---|
| 385 | $this->label("The uploaded file exceeds {size} bytes.",
|
---|
| 386 | array('size' => $this->get['MAX_FILE_SIZE'])) : (
|
---|
| 387 | ($file['error'] == UPLOAD_ERR_PARTIAL) ?
|
---|
| 388 | $this->label("The uploaded file was only partially uploaded.") : (
|
---|
| 389 | ($file['error'] == UPLOAD_ERR_NO_FILE) ?
|
---|
| 390 | $this->label("No file was uploaded.") : (
|
---|
| 391 | ($file['error'] == UPLOAD_ERR_NO_TMP_DIR) ?
|
---|
| 392 | $this->label("Missing a temporary folder.") : (
|
---|
| 393 | ($file['error'] == UPLOAD_ERR_CANT_WRITE) ?
|
---|
| 394 | $this->label("Failed to write file.") :
|
---|
| 395 | $this->label("Unknown error.")
|
---|
| 396 | )))));
|
---|
| 397 |
|
---|
| 398 | // HIDDEN FILENAMES CHECK
|
---|
| 399 | elseif (substr($file['name'], 0, 1) == ".")
|
---|
| 400 | return $this->label("File name shouldn't begins with '.'");
|
---|
| 401 |
|
---|
| 402 | // EXTENSION CHECK
|
---|
| 403 | elseif (!$this->validateExtension($extension, $this->type))
|
---|
| 404 | return $this->label("Denied file extension.");
|
---|
| 405 |
|
---|
| 406 | // SPECIAL DIRECTORY TYPES CHECK (e.g. *img)
|
---|
| 407 | elseif (preg_match('/^\*([^ ]+)(.*)?$/s', $typePatt, $patt)) {
|
---|
| 408 | list($typePatt, $type, $params) = $patt;
|
---|
| 409 | if (class_exists("type_$type")) {
|
---|
| 410 | $class = "type_$type";
|
---|
| 411 | $type = new $class();
|
---|
| 412 | $cfg = $config;
|
---|
| 413 | $cfg['filename'] = $file['name'];
|
---|
| 414 | if (strlen($params))
|
---|
| 415 | $cfg['params'] = trim($params);
|
---|
| 416 | $response = $type->checkFile($file['tmp_name'], $cfg);
|
---|
| 417 | if ($response !== true)
|
---|
| 418 | return $this->label($response);
|
---|
| 419 | } else
|
---|
| 420 | return $this->label("Non-existing directory type.");
|
---|
| 421 | }
|
---|
| 422 |
|
---|
| 423 | // IMAGE RESIZE
|
---|
| 424 | $gd = new gd($file['tmp_name']);
|
---|
| 425 | if (!$gd->init_error && !$this->imageResize($gd, $file['tmp_name']))
|
---|
| 426 | return $this->label("The image is too big and/or cannot be resized.");
|
---|
| 427 |
|
---|
| 428 | return true;
|
---|
| 429 | }
|
---|
| 430 |
|
---|
| 431 | protected function checkInputDir($dir, $inclType=true, $existing=true) {
|
---|
| 432 | $dir = path::normalize($dir);
|
---|
| 433 | if (substr($dir, 0, 1) == "/")
|
---|
| 434 | $dir = substr($dir, 1);
|
---|
| 435 |
|
---|
| 436 | if ((substr($dir, 0, 1) == ".") || (substr(basename($dir), 0, 1) == "."))
|
---|
| 437 | return false;
|
---|
| 438 |
|
---|
| 439 | if ($inclType) {
|
---|
| 440 | $first = explode("/", $dir);
|
---|
| 441 | $first = $first[0];
|
---|
| 442 | if ($first != $this->type)
|
---|
| 443 | return false;
|
---|
| 444 | $return = $this->removeTypeFromPath($dir);
|
---|
| 445 | } else {
|
---|
| 446 | $return = $dir;
|
---|
| 447 | $dir = "{$this->type}/$dir";
|
---|
| 448 | }
|
---|
| 449 |
|
---|
| 450 | if (!$existing)
|
---|
| 451 | return $return;
|
---|
| 452 |
|
---|
| 453 | $path = "{$this->config['uploadDir']}/$dir";
|
---|
| 454 | return (is_dir($path) && is_readable($path)) ? $return : false;
|
---|
| 455 | }
|
---|
| 456 |
|
---|
| 457 | protected function validateExtension($ext, $type) {
|
---|
| 458 | $ext = trim(strtolower($ext));
|
---|
| 459 | if (!isset($this->types[$type]))
|
---|
| 460 | return false;
|
---|
| 461 |
|
---|
| 462 | $exts = strtolower(text::clearWhitespaces($this->config['deniedExts']));
|
---|
| 463 | if (strlen($exts)) {
|
---|
| 464 | $exts = explode(" ", $exts);
|
---|
| 465 | if (in_array($ext, $exts))
|
---|
| 466 | return false;
|
---|
| 467 | }
|
---|
| 468 |
|
---|
| 469 | $exts = trim($this->types[$type]);
|
---|
| 470 | if (!strlen($exts) || substr($exts, 0, 1) == "*")
|
---|
| 471 | return true;
|
---|
| 472 |
|
---|
| 473 | if (substr($exts, 0, 1) == "!") {
|
---|
| 474 | $exts = explode(" ", trim(strtolower(substr($exts, 1))));
|
---|
| 475 | return !in_array($ext, $exts);
|
---|
| 476 | }
|
---|
| 477 |
|
---|
| 478 | $exts = explode(" ", trim(strtolower($exts)));
|
---|
| 479 | return in_array($ext, $exts);
|
---|
| 480 | }
|
---|
| 481 |
|
---|
| 482 | protected function getTypeFromPath($path) {
|
---|
| 483 | return preg_match('/^([^\/]*)\/.*$/', $path, $patt)
|
---|
| 484 | ? $patt[1] : $path;
|
---|
| 485 | }
|
---|
| 486 |
|
---|
| 487 | protected function removeTypeFromPath($path) {
|
---|
| 488 | return preg_match('/^[^\/]*\/(.*)$/', $path, $patt)
|
---|
| 489 | ? $patt[1] : "";
|
---|
| 490 | }
|
---|
| 491 |
|
---|
| 492 | protected function imageResize($image, $file=null) {
|
---|
| 493 | if (!($image instanceof gd)) {
|
---|
| 494 | $gd = new gd($image);
|
---|
| 495 | if ($gd->init_error) return false;
|
---|
| 496 | $file = $image;
|
---|
| 497 | } elseif ($file === null)
|
---|
| 498 | return false;
|
---|
| 499 | else
|
---|
| 500 | $gd = $image;
|
---|
| 501 |
|
---|
| 502 | if ((!$this->config['maxImageWidth'] && !$this->config['maxImageHeight']) ||
|
---|
| 503 | (
|
---|
| 504 | ($gd->get_width() <= $this->config['maxImageWidth']) &&
|
---|
| 505 | ($gd->get_height() <= $this->config['maxImageHeight'])
|
---|
| 506 | )
|
---|
| 507 | )
|
---|
| 508 | return true;
|
---|
| 509 |
|
---|
| 510 | if ((!$this->config['maxImageWidth'] || !$this->config['maxImageHeight'])) {
|
---|
| 511 | if ($this->config['maxImageWidth']) {
|
---|
| 512 | if ($this->config['maxImageWidth'] >= $gd->get_width())
|
---|
| 513 | return true;
|
---|
| 514 | $width = $this->config['maxImageWidth'];
|
---|
| 515 | $height = $gd->get_prop_height($width);
|
---|
| 516 | } else {
|
---|
| 517 | if ($this->config['maxImageHeight'] >= $gd->get_height())
|
---|
| 518 | return true;
|
---|
| 519 | $height = $this->config['maxImageHeight'];
|
---|
| 520 | $width = $gd->get_prop_width($height);
|
---|
| 521 | }
|
---|
| 522 | if (!$gd->resize($width, $height))
|
---|
| 523 | return false;
|
---|
| 524 |
|
---|
| 525 | } elseif (!$gd->resize_fit(
|
---|
| 526 | $this->config['maxImageWidth'], $this->config['maxImageHeight']
|
---|
| 527 | ))
|
---|
| 528 | return false;
|
---|
| 529 |
|
---|
| 530 | return $gd->imagejpeg($file, $this->config['jpegQuality']);
|
---|
| 531 | }
|
---|
| 532 |
|
---|
| 533 | protected function makeThumb($file, $overwrite=true) {
|
---|
| 534 | $gd = new gd($file);
|
---|
| 535 |
|
---|
| 536 | // Drop files which are not GD handled images
|
---|
| 537 | if ($gd->init_error)
|
---|
| 538 | return true;
|
---|
| 539 |
|
---|
| 540 | $thumb = substr($file, strlen($this->config['uploadDir']));
|
---|
| 541 | $thumb = $this->config['uploadDir'] . "/" . $this->config['thumbsDir'] . "/" . $thumb;
|
---|
| 542 | $thumb = path::normalize($thumb);
|
---|
| 543 | $thumbDir = dirname($thumb);
|
---|
| 544 | if (!is_dir($thumbDir) && !@mkdir($thumbDir, $this->config['dirPerms'], true))
|
---|
| 545 | return false;
|
---|
| 546 |
|
---|
| 547 | if (!$overwrite && is_file($thumb))
|
---|
| 548 | return true;
|
---|
| 549 |
|
---|
| 550 | // Images with smaller resolutions than thumbnails
|
---|
| 551 | if (($gd->get_width() <= $this->config['thumbWidth']) &&
|
---|
| 552 | ($gd->get_height() <= $this->config['thumbHeight'])
|
---|
| 553 | ) {
|
---|
| 554 | $browsable = array(IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_PNG);
|
---|
| 555 | // Drop only browsable types
|
---|
| 556 | if (in_array($gd->type, $browsable))
|
---|
| 557 | return true;
|
---|
| 558 |
|
---|
| 559 | // Resize image
|
---|
| 560 | } elseif (!$gd->resize_fit($this->config['thumbWidth'], $this->config['thumbHeight']))
|
---|
| 561 | return false;
|
---|
| 562 |
|
---|
| 563 | // Save thumbnail
|
---|
| 564 | return $gd->imagejpeg($thumb, $this->config['jpegQuality']);
|
---|
| 565 | }
|
---|
| 566 |
|
---|
| 567 | protected function localize($langCode) {
|
---|
| 568 | require "lang/{$langCode}.php";
|
---|
| 569 | setlocale(LC_ALL, $lang['_locale']);
|
---|
| 570 | $this->charset = $lang['_charset'];
|
---|
| 571 | $this->dateTimeFull = $lang['_dateTimeFull'];
|
---|
| 572 | $this->dateTimeMid = $lang['_dateTimeMid'];
|
---|
| 573 | $this->dateTimeSmall = $lang['_dateTimeSmall'];
|
---|
| 574 | unset($lang['_locale']);
|
---|
| 575 | unset($lang['_charset']);
|
---|
| 576 | unset($lang['_dateTimeFull']);
|
---|
| 577 | unset($lang['_dateTimeMid']);
|
---|
| 578 | unset($lang['_dateTimeSmall']);
|
---|
| 579 | $this->labels = $lang;
|
---|
| 580 | }
|
---|
| 581 |
|
---|
| 582 | protected function label($string, array $data=null) {
|
---|
| 583 | $return = isset($this->labels[$string]) ? $this->labels[$string] : $string;
|
---|
| 584 | if (is_array($data))
|
---|
| 585 | foreach ($data as $key => $val)
|
---|
| 586 | $return = str_replace("{{$key}}", $val, $return);
|
---|
| 587 | return $return;
|
---|
| 588 | }
|
---|
| 589 |
|
---|
| 590 | protected function backMsg($message, array $data=null) {
|
---|
| 591 | $message = $this->label($message, $data);
|
---|
| 592 | if (isset($this->file['tmp_name']) && file_exists($this->file['tmp_name']))
|
---|
| 593 | @unlink($this->file['tmp_name']);
|
---|
| 594 | $this->callBack("", $message);
|
---|
| 595 | die;
|
---|
| 596 | }
|
---|
| 597 |
|
---|
| 598 | protected function callBack($url, $message="") {
|
---|
| 599 | $message = text::jsValue($message);
|
---|
| 600 | $CKfuncNum = isset($this->opener['CKEditor']['funcNum'])
|
---|
| 601 | ? $this->opener['CKEditor']['funcNum'] : 0;
|
---|
| 602 | if (!$CKfuncNum) $CKfuncNum = 0;
|
---|
| 603 | header("Content-Type: text/html; charset={$this->charset}");
|
---|
| 604 |
|
---|
| 605 | ?><html>
|
---|
| 606 | <body>
|
---|
| 607 | <script type='text/javascript'>
|
---|
| 608 | var kc_CKEditor = (window.parent && window.parent.CKEDITOR)
|
---|
| 609 | ? window.parent.CKEDITOR.tools.callFunction
|
---|
| 610 | : ((window.opener && window.opener.CKEDITOR)
|
---|
| 611 | ? window.opener.CKEDITOR.tools.callFunction
|
---|
| 612 | : false);
|
---|
| 613 | var kc_FCKeditor = (window.opener && window.opener.OnUploadCompleted)
|
---|
| 614 | ? window.opener.OnUploadCompleted
|
---|
| 615 | : ((window.parent && window.parent.OnUploadCompleted)
|
---|
| 616 | ? window.parent.OnUploadCompleted
|
---|
| 617 | : false);
|
---|
| 618 | var kc_Custom = (window.parent && window.parent.KCFinder)
|
---|
| 619 | ? window.parent.KCFinder.callBack
|
---|
| 620 | : ((window.opener && window.opener.KCFinder)
|
---|
| 621 | ? window.opener.KCFinder.callBack
|
---|
| 622 | : false);
|
---|
| 623 | if (kc_CKEditor)
|
---|
| 624 | kc_CKEditor(<?php echo $CKfuncNum ?>, '<?php echo $url ?>', '<?php echo $message ?>');
|
---|
| 625 | if (kc_FCKeditor)
|
---|
| 626 | kc_FCKeditor(<?php echo strlen($message) ? 1 : 0 ?>, '<?php echo $url ?>', '', '<?php echo $message ?>');
|
---|
| 627 | if (kc_Custom) {
|
---|
| 628 | if (<?php echo strlen($message) ?>) alert('<?php echo $message ?>');
|
---|
| 629 | kc_Custom('<?php echo $url ?>');
|
---|
| 630 | }
|
---|
| 631 | if (!kc_CKEditor && !kc_FCKeditor && !kc_Custom)
|
---|
| 632 | alert("<?php echo $message ?>");
|
---|
| 633 | </script>
|
---|
| 634 | </body>
|
---|
| 635 | </html><?php
|
---|
| 636 |
|
---|
| 637 | }
|
---|
| 638 |
|
---|
| 639 | protected function get_htaccess() {
|
---|
| 640 | return "<IfModule mod_php4.c>
|
---|
| 641 | php_value engine off
|
---|
| 642 | </IfModule>
|
---|
| 643 | <IfModule mod_php5.c>
|
---|
| 644 | php_value engine off
|
---|
| 645 | </IfModule>
|
---|
| 646 | ";
|
---|
| 647 | }
|
---|
| 648 | }
|
---|
| 649 |
|
---|
| 650 | ?> |
---|