PageRenderTime 37ms CodeModel.GetById 15ms app.highlight 16ms RepoModel.GetById 1ms app.codeStats 0ms

/source/Plug-in/fck/editor/filemanager/connectors/php/io.php

http://prosporous.googlecode.com/
PHP | 272 lines | 186 code | 40 blank | 46 comment | 27 complexity | c0d3cf710b90d676e65bf9192344fd2a MD5 | raw file
  1<?php
  2/*
  3 * FCKeditor - The text editor for Internet - http://www.fckeditor.net
  4 * Copyright (C) 2003-2007 Frederico Caldeira Knabben
  5 *
  6 * == BEGIN LICENSE ==
  7 *
  8 * Licensed under the terms of any of the following licenses at your
  9 * choice:
 10 *
 11 *  - GNU General Public License Version 2 or later (the "GPL")
 12 *    http://www.gnu.org/licenses/gpl.html
 13 *
 14 *  - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
 15 *    http://www.gnu.org/licenses/lgpl.html
 16 *
 17 *  - Mozilla Public License Version 1.1 or later (the "MPL")
 18 *    http://www.mozilla.org/MPL/MPL-1.1.html
 19 *
 20 * == END LICENSE ==
 21 *
 22 * This is the File Manager Connector for PHP.
 23 */
 24function CombinePaths( $sBasePath, $sFolder )
 25{
 26	return RemoveFromEnd( $sBasePath, '/' ) . '/' . RemoveFromStart( $sFolder, '/' ) ;
 27}
 28function GetResourceTypePath( $resourceType, $sCommand )
 29{
 30	global $Config ;
 31
 32	if ( $sCommand == "QuickUpload") 
 33		return $Config['QuickUploadPath'][$resourceType] ;
 34	else
 35		return $Config['FileTypesPath'][$resourceType] ;
 36}
 37
 38function GetResourceTypeDirectory( $resourceType, $sCommand )
 39{
 40	global $Config ;
 41	if ( $sCommand == "QuickUpload") 
 42	{
 43		if ( strlen( $Config['QuickUploadAbsolutePath'][$resourceType] ) > 0 )
 44			return $Config['QuickUploadAbsolutePath'][$resourceType] ;
 45
 46		// Map the "UserFiles" path to a local directory.
 47		return Server_MapPath( $Config['QuickUploadPath'][$resourceType] ) ;
 48	}
 49	else
 50	{
 51		if ( strlen( $Config['FileTypesAbsolutePath'][$resourceType] ) > 0 )
 52			return $Config['FileTypesAbsolutePath'][$resourceType] ;
 53
 54		// Map the "UserFiles" path to a local directory.
 55		return Server_MapPath( $Config['FileTypesPath'][$resourceType] ) ;
 56	}
 57}
 58
 59function GetUrlFromPath( $resourceType, $folderPath, $sCommand )
 60{
 61	return CombinePaths( GetResourceTypePath( $resourceType, $sCommand ), $folderPath ) ;
 62}
 63
 64function RemoveExtension( $fileName )
 65{
 66	return substr( $fileName, 0, strrpos( $fileName, '.' ) ) ;
 67}
 68
 69function ServerMapFolder( $resourceType, $folderPath, $sCommand )
 70{
 71	// Get the resource type directory.
 72	$sResourceTypePath = GetResourceTypeDirectory( $resourceType, $sCommand ) ;
 73
 74	// Ensure that the directory exists.
 75	$sErrorMsg = CreateServerFolder( $sResourceTypePath ) ;
 76	if ( $sErrorMsg != '' )
 77		SendError( 1, "Error creating folder \"{$sResourceTypePath}\" ({$sErrorMsg})" ) ;
 78
 79	// Return the resource type directory combined with the required path.
 80	return CombinePaths( $sResourceTypePath , $folderPath ) ;
 81}
 82
 83function GetParentFolder( $folderPath )
 84{
 85	$sPattern = "-[/\\\\][^/\\\\]+[/\\\\]?$-" ;
 86	return preg_replace( $sPattern, '', $folderPath ) ;
 87}
 88
 89function CreateServerFolder( $folderPath, $lastFolder = null )
 90{
 91	$sParent = GetParentFolder( $folderPath ) ;
 92
 93	// Ensure the folder path has no double-slashes, or mkdir may fail on certain platforms
 94	while ( strpos($folderPath, '//') !== false )
 95	{
 96		$folderPath = str_replace( '//', '/', $folderPath ) ;
 97	}
 98
 99	// Check if the parent exists, or create it.
100	if ( !file_exists( $sParent ) )
101	{
102		//prevents agains infinite loop when we can't create root folder
103		if ( !is_null( $lastFolder ) && $lastFolder === $sParent) {
104			return "Can't create $folderPath directory" ;
105		}
106		
107		$sErrorMsg = CreateServerFolder( $sParent, $folderPath ) ;
108		if ( $sErrorMsg != '' )
109			return $sErrorMsg ;
110	}
111
112	if ( !file_exists( $folderPath ) )
113	{
114		// Turn off all error reporting.
115		error_reporting( 0 ) ;
116
117		$php_errormsg = '' ;
118		// Enable error tracking to catch the error.
119		ini_set( 'track_errors', '1' ) ;
120
121		// To create the folder with 0777 permissions, we need to set umask to zero.
122		$oldumask = umask(0) ;
123		mkdir( $folderPath, 0777 ) ;
124		umask( $oldumask ) ;
125
126		$sErrorMsg = $php_errormsg ;
127
128		// Restore the configurations.
129		ini_restore( 'track_errors' ) ;
130		ini_restore( 'error_reporting' ) ;
131
132		return $sErrorMsg ;
133	}
134	else
135		return '' ;
136}
137
138function GetRootPath()
139{
140    if (!isset($_SERVER)) {
141        global $_SERVER;
142    }
143	$sRealPath = realpath( './' ) ;
144
145	$sSelfPath = $_SERVER['PHP_SELF'] ;
146	$sSelfPath = substr( $sSelfPath, 0, strrpos( $sSelfPath, '/' ) ) ;
147
148	$sSelfPath = str_replace( '/', DIRECTORY_SEPARATOR, $sSelfPath ) ;
149	
150	$position = strpos( $sRealPath, $sSelfPath ) ;
151
152	// This can check only that this script isn't run from a virtual dir
153	// But it avoids the problems that arise if it isn't checked
154	if ( $position === false || $position <> strlen( $sRealPath ) - strlen( $sSelfPath ) )
155		SendError( 1, 'Sorry, can\'t map "UserFilesPath" to a physical path. You must set the "UserFilesAbsolutePath" value in "editor/filemanager/connectors/php/config.php".' ) ;
156
157	return substr( $sRealPath, 0, $position ) ;
158}
159
160// Emulate the asp Server.mapPath function.
161// given an url path return the physical directory that it corresponds to
162function Server_MapPath( $path )
163{
164	// This function is available only for Apache
165	if ( function_exists( 'apache_lookup_uri' ) )
166	{
167		$info = apache_lookup_uri( $path ) ;
168		return $info->filename . $info->path_info ;
169	}
170
171	// This isn't correct but for the moment there's no other solution
172	// If this script is under a virtual directory or symlink it will detect the problem and stop
173	return GetRootPath() . $path ;
174}
175
176function IsAllowedExt( $sExtension, $resourceType )
177{
178	global $Config ;
179	// Get the allowed and denied extensions arrays.
180	$arAllowed	= $Config['AllowedExtensions'][$resourceType] ;
181	$arDenied	= $Config['DeniedExtensions'][$resourceType] ;
182
183	if ( count($arAllowed) > 0 && !in_array( $sExtension, $arAllowed ) ) 
184		return false ;
185
186	if ( count($arDenied) > 0 && in_array( $sExtension, $arDenied ) ) 
187		return false ;
188
189	return true ;
190}
191
192function IsAllowedType( $resourceType )
193{
194	global $Config ;
195	if ( !in_array( $resourceType, $Config['ConfigAllowedTypes'] ) )
196		return false ;
197	
198	return true ;
199}
200
201function IsAllowedCommand( $sCommand )
202{
203	global $Config ;
204
205	if ( !in_array( $sCommand, $Config['ConfigAllowedCommands'] ) )
206		return false ;
207	
208	return true ;
209}
210
211function GetCurrentFolder()
212{
213    if (!isset($_GET)) {
214        global $_GET;
215    }
216	$sCurrentFolder	= isset( $_GET['CurrentFolder'] ) ? $_GET['CurrentFolder'] : '/' ;
217
218	// Check the current folder syntax (must begin and start with a slash).
219	if ( ! ereg( '/$', $sCurrentFolder ) ) $sCurrentFolder .= '/' ;
220	if ( strpos( $sCurrentFolder, '/' ) !== 0 ) $sCurrentFolder = '/' . $sCurrentFolder ;
221
222	// Ensure the folder path has no double-slashes
223	while ( strpos ($sCurrentFolder, '//') !== false ) {
224		$sCurrentFolder = str_replace ('//', '/', $sCurrentFolder) ;
225	}
226
227	// Check for invalid folder paths (..)
228	if ( strpos( $sCurrentFolder, '..' ) )
229		SendError( 102, '' ) ;
230
231	return $sCurrentFolder ;
232}
233
234// Do a cleanup of the folder name to avoid possible problems
235function SanitizeFolderName( $sNewFolderName )
236{
237	$sNewFolderName = stripslashes( $sNewFolderName ) ;
238
239	// Remove . \ / | : ? * " < >
240	$sNewFolderName = preg_replace( '/\\.|\\\\|\\/|\\||\\:|\\?|\\*|"|<|>/', '_', $sNewFolderName ) ;
241
242	return $sNewFolderName ;
243}
244
245// Do a cleanup of the file name to avoid possible problems
246function SanitizeFileName( $sNewFileName )
247{
248	global $Config ;
249
250	$sNewFileName = stripslashes( $sNewFileName ) ;
251
252	// Replace dots in the name with underscores (only one dot can be there... security issue).
253	if ( $Config['ForceSingleExtension'] )
254		$sNewFileName = preg_replace( '/\\.(?![^.]*$)/', '_', $sNewFileName ) ;
255
256	// Remove \ / | : ? * " < >
257	$sNewFileName = preg_replace( '/\\\\|\\/|\\||\\:|\\?|\\*|"|<|>/', '_', $sNewFileName ) ;
258
259	return $sNewFileName ;
260}
261
262// This is the function that sends the results of the uploading process.
263function SendUploadResults( $errorNumber, $fileUrl = '', $fileName = '', $customMsg = '' )
264{
265	echo '<script type="text/javascript">' ;
266	$rpl = array( '\\' => '\\\\', '"' => '\\"' ) ;
267	echo 'window.parent.OnUploadCompleted(' . $errorNumber . ',"' . strtr( $fileUrl, $rpl ) . '","' . strtr( $fileName, $rpl ) . '", "' . strtr( $customMsg, $rpl ) . '") ;' ;
268	echo '</script>' ;
269	exit ;
270}
271
272?>