1 | <?php
|
---|
2 | /*
|
---|
3 | * FCKeditor - The text editor for internet
|
---|
4 | * Copyright (C) 2003-2006 Frederico Caldeira Knabben
|
---|
5 | *
|
---|
6 | * Licensed under the terms of the GNU Lesser General Public License:
|
---|
7 | * http://www.opensource.org/licenses/lgpl-license.php
|
---|
8 | *
|
---|
9 | * For further information visit:
|
---|
10 | * http://www.fckeditor.net/
|
---|
11 | *
|
---|
12 | * "Support Open Source software. What about a donation today?"
|
---|
13 | *
|
---|
14 | * File Name: upload.php
|
---|
15 | * This is the "File Uploader" for PHP.
|
---|
16 | *
|
---|
17 | * File Authors:
|
---|
18 | * Frederico Caldeira Knabben (fredck@fckeditor.net)
|
---|
19 | */
|
---|
20 |
|
---|
21 | require('config.php') ;
|
---|
22 | require('util.php') ;
|
---|
23 |
|
---|
24 | // This is the function that sends the results of the uploading process.
|
---|
25 | function SendResults( $errorNumber, $fileUrl = '', $fileName = '', $customMsg = '' )
|
---|
26 | {
|
---|
27 | echo '<script type="text/javascript">' ;
|
---|
28 | echo 'window.parent.OnUploadCompleted(' . $errorNumber . ',"' . str_replace( '"', '\\"', $fileUrl ) . '","' . str_replace( '"', '\\"', $fileName ) . '", "' . str_replace( '"', '\\"', $customMsg ) . '") ;' ;
|
---|
29 | echo '</script>' ;
|
---|
30 | exit ;
|
---|
31 | }
|
---|
32 |
|
---|
33 | // Check if this uploader has been enabled.
|
---|
34 | if ( !$Config['Enabled'] )
|
---|
35 | SendResults( '1', '', '', 'This file uploader is disabled. Please check the "editor/filemanager/upload/php/config.php" file' ) ;
|
---|
36 |
|
---|
37 | // Check if the file has been correctly uploaded.
|
---|
38 | if ( !isset( $_FILES['NewFile'] ) || is_null( $_FILES['NewFile']['tmp_name'] ) || $_FILES['NewFile']['name'] == '' )
|
---|
39 | SendResults( '202' ) ;
|
---|
40 |
|
---|
41 | // Get the posted file.
|
---|
42 | $oFile = $_FILES['NewFile'] ;
|
---|
43 |
|
---|
44 | // Get the uploaded file name extension.
|
---|
45 | $sFileName = $oFile['name'] ;
|
---|
46 |
|
---|
47 | // Replace dots in the name with underscores (only one dot can be there... security issue).
|
---|
48 | if ( $Config['ForceSingleExtension'] )
|
---|
49 | $sFileName = preg_replace( '/\\.(?![^.]*$)/', '_', $sFileName ) ;
|
---|
50 |
|
---|
51 | $sOriginalFileName = $sFileName ;
|
---|
52 |
|
---|
53 | // Get the extension.
|
---|
54 | $sExtension = substr( $sFileName, ( strrpos($sFileName, '.') + 1 ) ) ;
|
---|
55 | $sExtension = strtolower( $sExtension ) ;
|
---|
56 |
|
---|
57 | // The the file type (from the QueryString, by default 'File').
|
---|
58 | $sType = isset( $_GET['Type'] ) ? $_GET['Type'] : 'File' ;
|
---|
59 |
|
---|
60 | // Check if it is an allowed type.
|
---|
61 | if ( !in_array( $sType, array('File','Image','Flash','Media') ) )
|
---|
62 | SendResults( 1, '', '', 'Invalid type specified' ) ;
|
---|
63 |
|
---|
64 | // Get the allowed and denied extensions arrays.
|
---|
65 | $arAllowed = $Config['AllowedExtensions'][$sType] ;
|
---|
66 | $arDenied = $Config['DeniedExtensions'][$sType] ;
|
---|
67 |
|
---|
68 | // Check if it is an allowed extension.
|
---|
69 | if ( ( count($arAllowed) > 0 && !in_array( $sExtension, $arAllowed ) ) || ( count($arDenied) > 0 && in_array( $sExtension, $arDenied ) ) )
|
---|
70 | SendResults( '202' ) ;
|
---|
71 |
|
---|
72 | $sErrorNumber = '0' ;
|
---|
73 | $sFileUrl = '' ;
|
---|
74 |
|
---|
75 | // Initializes the counter used to rename the file, if another one with the same name already exists.
|
---|
76 | $iCounter = 0 ;
|
---|
77 |
|
---|
78 | // Get the target directory.
|
---|
79 | if ( isset( $Config['UserFilesAbsolutePath'] ) && strlen( $Config['UserFilesAbsolutePath'] ) > 0 )
|
---|
80 | $sServerDir = $Config['UserFilesAbsolutePath'] ;
|
---|
81 | else
|
---|
82 | $sServerDir = GetRootPath() . $Config["UserFilesPath"] ;
|
---|
83 |
|
---|
84 | if ( $Config['UseFileType'] )
|
---|
85 | $sServerDir .= $sType . '/' ;
|
---|
86 |
|
---|
87 | while ( true )
|
---|
88 | {
|
---|
89 | // Compose the file path.
|
---|
90 | $sFilePath = $sServerDir . $sFileName ;
|
---|
91 |
|
---|
92 | // If a file with that name already exists.
|
---|
93 | if ( is_file( $sFilePath ) )
|
---|
94 | {
|
---|
95 | $iCounter++ ;
|
---|
96 | $sFileName = RemoveExtension( $sOriginalFileName ) . '(' . $iCounter . ').' . $sExtension ;
|
---|
97 | $sErrorNumber = '201' ;
|
---|
98 | }
|
---|
99 | else
|
---|
100 | {
|
---|
101 | move_uploaded_file( $oFile['tmp_name'], $sFilePath ) ;
|
---|
102 |
|
---|
103 | if ( is_file( $sFilePath ) )
|
---|
104 | {
|
---|
105 | $oldumask = umask(0) ;
|
---|
106 | chmod( $sFilePath, 0777 ) ;
|
---|
107 | umask( $oldumask ) ;
|
---|
108 | }
|
---|
109 |
|
---|
110 | if ( $Config['UseFileType'] )
|
---|
111 | $sFileUrl = $Config["UserFilesPath"] . $sType . '/' . $sFileName ;
|
---|
112 | else
|
---|
113 | $sFileUrl = $Config["UserFilesPath"] . $sFileName ;
|
---|
114 |
|
---|
115 | break ;
|
---|
116 | }
|
---|
117 | }
|
---|
118 |
|
---|
119 | SendResults( $sErrorNumber, $sFileUrl, $sFileName ) ;
|
---|
120 | ?> |
---|