1 | <?php |
---|
2 | /* |
---|
3 | * FCKeditor - The text editor for Internet - http://www.fckeditor.net |
---|
4 | * Copyright (C) 2003-2007 Frederico Caldeira Knabben |
---|
5 | * |
---|
6 | * == BEGIN LICENSE == |
---|
7 | * |
---|
8 | * Licensed under the terms of any of the following licenses at your |
---|
9 | * choice: |
---|
10 | * |
---|
11 | * - GNU General Public License Version 2 or later (the "GPL") |
---|
12 | * http://www.gnu.org/licenses/gpl.html |
---|
13 | * |
---|
14 | * - GNU Lesser General Public License Version 2.1 or later (the "LGPL") |
---|
15 | * http://www.gnu.org/licenses/lgpl.html |
---|
16 | * |
---|
17 | * - Mozilla Public License Version 1.1 or later (the "MPL") |
---|
18 | * http://www.mozilla.org/MPL/MPL-1.1.html |
---|
19 | * |
---|
20 | * == END LICENSE == |
---|
21 | * |
---|
22 | * This is the "File Uploader" for PHP. |
---|
23 | */ |
---|
24 | |
---|
25 | require('config.php') ; |
---|
26 | require('util.php') ; |
---|
27 | |
---|
28 | // This is the function that sends the results of the uploading process. |
---|
29 | function SendResults( $errorNumber, $fileUrl = '', $fileName = '', $customMsg = '' ) |
---|
30 | { |
---|
31 | echo '<script type="text/javascript">' ; |
---|
32 | echo 'window.parent.OnUploadCompleted(' . $errorNumber . ',"' . str_replace( '"', '\\"', $fileUrl ) . '","' . str_replace( '"', '\\"', $fileName ) . '", "' . str_replace( '"', '\\"', $customMsg ) . '") ;' ; |
---|
33 | echo '</script>' ; |
---|
34 | exit ; |
---|
35 | } |
---|
36 | |
---|
37 | // Check if this uploader has been enabled. |
---|
38 | if ( !$Config['Enabled'] ) |
---|
39 | SendResults( '1', '', '', 'This file uploader is disabled. Please check the "editor/filemanager/upload/php/config.php" file' ) ; |
---|
40 | |
---|
41 | // Check if the file has been correctly uploaded. |
---|
42 | if ( !isset( $_FILES['NewFile'] ) || is_null( $_FILES['NewFile']['tmp_name'] ) || $_FILES['NewFile']['name'] == '' ) |
---|
43 | SendResults( '202' ) ; |
---|
44 | |
---|
45 | // Get the posted file. |
---|
46 | $oFile = $_FILES['NewFile'] ; |
---|
47 | |
---|
48 | // Get the uploaded file name extension. |
---|
49 | $sFileName = $oFile['name'] ; |
---|
50 | |
---|
51 | // Replace dots in the name with underscores (only one dot can be there... security issue). |
---|
52 | if ( $Config['ForceSingleExtension'] ) |
---|
53 | $sFileName = preg_replace( '/\\.(?![^.]*$)/', '_', $sFileName ) ; |
---|
54 | |
---|
55 | $sOriginalFileName = $sFileName ; |
---|
56 | |
---|
57 | // Get the extension. |
---|
58 | $sExtension = substr( $sFileName, ( strrpos($sFileName, '.') + 1 ) ) ; |
---|
59 | $sExtension = strtolower( $sExtension ) ; |
---|
60 | |
---|
61 | // The the file type (from the QueryString, by default 'File'). |
---|
62 | $sType = isset( $_GET['Type'] ) ? $_GET['Type'] : 'File' ; |
---|
63 | |
---|
64 | // Check if it is an allowed type. |
---|
65 | if ( !in_array( $sType, array('File','Image','Flash','Media') ) ) |
---|
66 | SendResults( 1, '', '', 'Invalid type specified' ) ; |
---|
67 | |
---|
68 | // Get the allowed and denied extensions arrays. |
---|
69 | $arAllowed = $Config['AllowedExtensions'][$sType] ; |
---|
70 | $arDenied = $Config['DeniedExtensions'][$sType] ; |
---|
71 | |
---|
72 | // Check if it is an allowed extension. |
---|
73 | if ( ( count($arAllowed) > 0 && !in_array( $sExtension, $arAllowed ) ) || ( count($arDenied) > 0 && in_array( $sExtension, $arDenied ) ) ) |
---|
74 | SendResults( '202' ) ; |
---|
75 | |
---|
76 | $sErrorNumber = '0' ; |
---|
77 | $sFileUrl = '' ; |
---|
78 | |
---|
79 | // Initializes the counter used to rename the file, if another one with the same name already exists. |
---|
80 | $iCounter = 0 ; |
---|
81 | |
---|
82 | // Get the target directory. |
---|
83 | if ( isset( $Config['UserFilesAbsolutePath'] ) && strlen( $Config['UserFilesAbsolutePath'] ) > 0 ) |
---|
84 | $sServerDir = $Config['UserFilesAbsolutePath'] ; |
---|
85 | else |
---|
86 | $sServerDir = GetRootPath() . $Config["UserFilesPath"] ; |
---|
87 | |
---|
88 | if ( $Config['UseFileType'] ) |
---|
89 | $sServerDir .= $sType . '/' ; |
---|
90 | |
---|
91 | while ( true ) |
---|
92 | { |
---|
93 | // Compose the file path. |
---|
94 | $sFilePath = $sServerDir . $sFileName ; |
---|
95 | |
---|
96 | // If a file with that name already exists. |
---|
97 | if ( is_file( $sFilePath ) ) |
---|
98 | { |
---|
99 | $iCounter++ ; |
---|
100 | $sFileName = RemoveExtension( $sOriginalFileName ) . '(' . $iCounter . ').' . $sExtension ; |
---|
101 | $sErrorNumber = '201' ; |
---|
102 | } |
---|
103 | else |
---|
104 | { |
---|
105 | move_uploaded_file( $oFile['tmp_name'], $sFilePath ) ; |
---|
106 | |
---|
107 | if ( is_file( $sFilePath ) ) |
---|
108 | { |
---|
109 | $oldumask = umask(0) ; |
---|
110 | chmod( $sFilePath, 0777 ) ; |
---|
111 | umask( $oldumask ) ; |
---|
112 | } |
---|
113 | |
---|
114 | if ( $Config['UseFileType'] ) |
---|
115 | $sFileUrl = $Config["UserFilesPath"] . $sType . '/' . $sFileName ; |
---|
116 | else |
---|
117 | $sFileUrl = $Config["UserFilesPath"] . $sFileName ; |
---|
118 | |
---|
119 | break ; |
---|
120 | } |
---|
121 | } |
---|
122 | |
---|
123 | SendResults( $sErrorNumber, $sFileUrl, $sFileName ) ; |
---|
124 | ?> |
---|