/src/administrator/components/com_jnewsletter/classes/lib.upload.php
PHP | 360 lines | 315 code | 43 blank | 2 comment | 63 complexity | 9a0901d43003d2c04aa5e897cc8ea6b9 MD5 | raw file
Possible License(s): LGPL-2.1, Apache-2.0, BSD-3-Clause
- <?php
- defined('_JEXEC') OR die('Access Denied!');
- ### Copyright (C) 2006-2010 Joobi Limited. All rights reserved.
- ### License: GNU/GPL version 2 http://www.gnu.org/licenses/gpl-2.0.html
- define('UPLOAD_DEFAULT_CHMOD', 0644);
-
- class upload
- {
- var $files = array();
-
- var $_chmod = UPLOAD_DEFAULT_CHMOD;
-
- function upload()
- {
-
- $ini_size = preg_replace('/m/i', '000000', ini_get('upload_max_filesize'));
-
- if (function_exists('version_compare') &&
- version_compare(phpversion(), '4.1', 'ge'))
- {
- $this->post_files = $_FILES;
- $maxsize = (isset($_POST['MAX_FILE_SIZE'])) ?
- $_POST['MAX_FILE_SIZE'] : null;
- if (isset($_SERVER['CONTENT_TYPE'])) {
- $this->content_type = $_SERVER['CONTENT_TYPE'];
- }
- } else {
- global $POST_FILES, $SERVER_VARS;
- $this->post_files = $POST_FILES;
- $maxsize = (isset($POST_VARS['MAX_FILE_SIZE'])) ?
- $POST_VARS['MAX_FILE_SIZE'] : null;
- if (isset($SERVER_VARS['CONTENT_TYPE'])) {
- $this->content_type = $SERVER_VARS['CONTENT_TYPE'];
- }
- }
-
- if (empty($maxsize) || ($maxsize > $ini_size)) $maxsize = $ini_size;
-
- }
-
- function &getFiles($file = null)
- {
- static $is_built = false;
- if (!$is_built) {
- $files = &$this->_buildFiles();
-
- if (!$files) {
- $this->files['_error'] = &new Upload_File(
- '_error', null,
- null, null,
- null, 'error creating fake file',
- $this->_chmod);
- } else {
- $this->files = $files;
- }
- $is_built = true;
- }
- if ($file !== null) {
- if (is_int($file)) {
- $pos = 0;
- foreach ($this->files as $obj) {
- if ($pos == $file) {
- return $obj;
- }
- $pos++;
- }
- } elseif (is_string($file) && isset($this->files[$file])) {
- return $this->files[$file];
- }
- }
- return $this->files;
- }
-
- function &_buildFiles() {
-
- if (function_exists('version_compare') &&
- version_compare(phpversion(), '4.2.0', 'ge')) {
- $uploadError = array(
- 1 => _JNEWS_TOO_LARGE,
- 2 => _JNEWS_TOO_LARGE,
- 3 => _JNEWS_PARTIAL,
- 4 => _JNEWS_NO_USER_FILE
- );
- }
-
- $files = array();
- foreach ($this->post_files as $userfile => $value) {
- if (is_array($value['name'])) {
- foreach ($value['name'] as $key => $val) {
- $err = $value['error'][$key];
- if (isset($err) && $err !== 0 && isset($uploadError[$err])) {
- $error = $uploadError[$err];
- } else {
- $error = null;
- }
- $name = basename($value['name'][$key]);
- $tmp_name = $value['tmp_name'][$key];
- $size = $value['size'][$key];
- $type = $value['type'][$key];
- $formname = $userfile . "[$key]";
- $files[$formname] = new Upload_File($name, $tmp_name,
- $formname, $type, $size, $error, $this->_chmod);
- }
- } else {
- $err = $value['error'];
- if (isset($err) && $err !== 0 && isset($uploadError[$err])) {
- $error = $uploadError[$err];
- } else {
- $error = null;
- }
- $name = basename($value['name']);
- $tmp_name = $value['tmp_name'];
- $size = $value['size'];
- $type = $value['type'];
- $formname = $userfile;
- $files[$formname] = new Upload_File($name, $tmp_name,
- $formname, $type, $size, $error, $this->_chmod);
- }
- }
- return $files;
- }
-
- function isMissing() {
-
- if (count($this->post_files) < 1) {
- return jnewsletter::printM('error' , _JNEWS_NO_USER_FILE);
- }
- $files = array();
- $size = 0;
- foreach ($this->post_files as $userfile => $value) {
- if (is_array($value['name'])) {
- foreach ($value['name'] as $key => $val) {
- $size += $value['size'][$key];
- }
- } else {
- $size = $value['size'];
- }
- }
- if ($size == 0) {
- jnewsletter::printM('error' ,_JNEWS_NO_USER_FILE);
- }
- return false;
- }
-
- function setChmod($mode)
- {
- $this->_chmod = $mode;
- }
- }
-
- class Upload_File
- {
- var $upload = array();
-
- var $mode_name_selected = false;
-
- var $_extensions_check = array('php', 'phtm', 'phtml', 'php3', 'inc', 'exe', 'dmg');
-
- var $_extensions_mode = 'deny';
-
- var $_chmod = UPLOAD_DEFAULT_CHMOD;
-
- function Upload_File($name = null, $tmp = null, $formname = null,
- $type = null, $size = null, $error = null,
- $chmod = UPLOAD_DEFAULT_CHMOD)
- {
- $ext = null;
-
- if (empty($name) || $size == 0) {
- $error = _JNEWS_NO_USER_FILE;
- } elseif ($tmp == 'none') {
- $error = _JNEWS_TOO_LARGE;
- } else {
- if (($pos = strrpos($name, '.')) !== false) {
- $ext = substr($name, $pos + 1);
- }
- }
-
- if (function_exists('version_compare') &&
- version_compare(phpversion(), '4.1', 'ge')) {
- if (isset($_POST['MAX_FILE_SIZE']) &&
- $size > $_POST['MAX_FILE_SIZE']) {
- $error = _JNEWS_TOO_LARGE;
- }
- } else {
- global $POST_VARS;
- if (isset($POST_VARS['MAX_FILE_SIZE']) &&
- $size > $POST_VARS['MAX_FILE_SIZE']) {
- $error = _JNEWS_TOO_LARGE;
- }
- }
-
- $this->upload = array(
- 'real' => $name,
- 'name' => $name,
- 'form_name' => $formname,
- 'ext' => $ext,
- 'tmp_name' => $tmp,
- 'size' => $size,
- 'type' => $type,
- 'error' => $error
- );
-
- $this->_chmod = $chmod;
- }
-
- function setName($mode, $prepend = null, $append = null)
- {
- switch ($mode) {
- case 'uniq':
- $name = $this->nameToUniq($this->upload['real']);
- $this->upload['ext'] = $this->nameToSafe($this->upload['ext'], 40);
- $name .= '.' . $this->upload['ext'];
- break;
- case 'safe':
- $name = $this->nameToSafe($this->upload['real']);
- if (($pos = strrpos($name, '.')) !== false) {
- $this->upload['ext'] = substr($name, $pos + 1);
- } else {
- $this->upload['ext'] = '';
- }
- break;
- case 'real':
- $name = $this->upload['real'];
- break;
- default:
- $name = $mode;
- }
- $this->upload['name'] = $prepend . $name . $append;
- $this->mode_name_selected = true;
- return $this->upload['name'];
- }
-
- function nameToUniq($name)
- {
- return md5(uniqid( substr(trim('com_jnewsletter'.$name)),0,80 ,time()));
- }
-
- function nameToSafe($name, $maxlen=250)
- {
- $noalpha = 'ÁÉÍÓÚÝáéíóúýÂĘÎÔŰâęîôűŔČĚŇŮŕčěňůÄËĎÖÜäëďöü˙ĂăŐőĹĺŃńÇç@°şŞ';
- $alpha = 'AEIOUYaeiouyAEIOUaeiouAEIOUaeiouAEIOUaeiouyAaOoAaNnCcaooa';
-
- $name = substr($name, 0, $maxlen);
- $name = strtr($name, $noalpha, $alpha);
- return preg_replace('/[^a-zA-Z0-9,._\+\()\-]/', '_', $name);
- }
-
- function isValid()
- {
- if ($this->upload['error'] === null) {
- return true;
- }
- return false;
- }
-
- function isMissing()
- {
- if ($this->upload['error'] == _JNEWS_NO_USER_FILE) {
- return true;
- }
- return false;
- }
-
- function isError()
- {
- if (in_array($this->upload['error'], array(_JNEWS_TOO_LARGE))) {
- return true;
- }
- return false;
- }
-
- function moveTo($dir_dest, $overwrite = true)
- {
- if (!$this->isValid()) {
- return jnewsletter::printM('error' ,$this->upload['error']);
- }
-
- if (!$this->_evalValidExtensions()) {
- return jnewsletter::printM('error' ,_JNEWS_NOT_ALLOWED_EXTENSION);
- }
-
- $err_code = $this->_chk_dir_dest($dir_dest);
- if ($err_code !== false) {
- return jnewsletter::printM('error' ,$err_code);
- }
- if (!$this->mode_name_selected) {
- $this->setName('safe');
- }
-
- $name_dest = $dir_dest . DIRECTORY_SEPARATOR . $this->upload['name'];
-
- if (@is_file($name_dest)) {
- if ($overwrite !== true) {
- return jnewsletter::printM('error' ,_JNEWS_FILE_EXISTS);
- } elseif (!is_writable($name_dest)) {
- return jnewsletter::printM('error' ,_JNEWS_CANNOT_OVERWRITE);
- }
- }
-
- if (!@move_uploaded_file($this->upload['tmp_name'], $name_dest)) {
- return jnewsletter::printM('error' ,_JNEWS_E_FAIL_MOVE);
- }
- @chmod($name_dest, $this->_chmod);
- return $this->getProp('name');
- }
-
- function _chk_dir_dest($dir_dest)
- {
- if (!$dir_dest) {
- return _JNEWS_MISSING_DIR;
- }
- if (!@is_dir($dir_dest)) {
- return _JNEWS_IS_NOT_DIR;
- }
- if (!is_writeable($dir_dest)) {
- return _JNEWS_NO_WRITE_PERMS;
- }
- return false;
- }
- function getProp($name = null)
- {
- if ($name === null) {
- return $this->upload;
- }
- return $this->upload[$name];
- }
-
- function errorMsg()
- {
- return $this->errorCode($this->upload['error']);
- }
-
- function getMessage()
- {
- return $this->errorCode($this->upload['error']);
- }
-
- function setValidExtensions($exts, $mode = 'deny')
- {
- $this->_extensions_check = $exts;
- $this->_extensions_mode = $mode;
- }
-
- function _evalValidExtensions()
- {
- $exts = $this->_extensions_check;
- settype($exts, 'array');
- if ($this->_extensions_mode == 'deny') {
- if (in_array($this->getProp('ext'), $exts)) {
- return false;
- }
- } else {
- if (!in_array($this->getProp('ext'), $exts)) {
- return false;
- }
- }
- return true;
- }
- }