PageRenderTime 46ms CodeModel.GetById 19ms RepoModel.GetById 0ms app.codeStats 0ms

/administrator/popups/uploadimage.php

https://bitbucket.org/dgough/annamaria-daneswood-25102012
PHP | 179 lines | 124 code | 32 blank | 23 comment | 49 complexity | d21f0c09e2e723983211a6dd4a232e62 MD5 | raw file
Possible License(s): GPL-2.0, LGPL-2.1 
    

  1. <?php
    2. 

  2. /**
    3. 

  3. * @version $Id: uploadimage.php 10002 2008-02-08 10:56:57Z willebil $
    4. 

  4. * @package Joomla
    5. 

  5. * @copyright Copyright (C) 2005 Open Source Matters. All rights reserved.
    6. 

  6. * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
    7. 

  7. * Joomla! is free software. This version may have been modified pursuant
    8. 

  8. * to the GNU General Public License, and as distributed it includes or
    9. 

  9. * is derivative of works licensed under the GNU General Public License or
    10. 

  10. * other free or open source software licenses.
    11. 

  11. * See COPYRIGHT.php for copyright notices and details.
    12. 

  12. */
    13. 

  13. 

  14. // Set flag that this is a parent file
    15. 

  15. define( "_VALID_MOS", 1 );
    16. 

  16. 

  17. /** security check */
    18. 

  18. require( '../includes/auth.php' );
    19. 

  19. include_once ( $mosConfig_absolute_path . '/language/' . $mosConfig_lang . '.php' );
    20. 

  20. 

  21. /*
    22. 

  22. * Stops file upload below /images/stories directory
    23. 

  23. * Added 1.0.11
    24. 

  24. */
    25. 

  25. function limitDirectory( &$directory ) {
    26. 

  26. 	if ( strpos($directory, '../') !== false ) {
    27. 

  27. 		$directory = str_replace('../', '', $directory);
    28. 

  28. 	}
    29. 

  29. 

  30. 	if ( strpos($directory, '..\\') !== false ) {
    31. 

  31. 		$directory = str_replace('..\\', '', $directory);
    32. 

  32. 	}
    33. 

  33. 

  34. 	if ( strpos($directory, ':') !== false ) {
    35. 

  35. 		$directory = str_replace(':', '', $directory);
    36. 

  36. 	}
    37. 

  37. 

  38. 	return $directory;
    39. 

  39. }
    40. 

  40. 

  41. // limit access to functionality
    42. 

  42. $option = strval( mosGetParam( $_SESSION, 'option', '' ) );
    43. 

  43. $task 	= strval( mosGetParam( $_SESSION, 'task', '' ) );
    44. 

  44. 

  45. switch ($option) {
    46. 

  46. 	case 'com_banners':
    47. 

  47. 		break;
    48. 

  48. 

  49. 	case 'com_categories':
    50. 

  50. 	case 'com_content':
    51. 

  51. 	case 'com_sections':
    52. 

  52. 	case 'com_typedcontent':
    53. 

  53. 		if ( $task != 'edit' && $task != 'editA' && $task != 'new' ) {
    54. 

  54. 			echo _NOT_AUTH;
    55. 

  55. 			return;
    56. 

  56. 		}
    57. 

  57. 		break;
    58. 

  58. 

  59. 	default:
    60. 

  60. 		echo _NOT_AUTH;
    61. 

  61. 		return;
    62. 

  62. 		break;
    63. 

  63. }
    64. 

  64. 

  65. // mainframe is an API workhorse, lots of 'core' interaction routines
    66. 

  66. $mainframe = new mosMainFrame( $database, $option, $mosConfig_absolute_path, true );
    67. 

  67. 

  68. $directory	= mosGetParam( $_REQUEST, 'directory', '');
    69. 

  69. $css 		= mosGetParam( $_REQUEST, 't','');
    70. 

  70. 

  71. $media_path	= $mosConfig_absolute_path.'/media/';
    72. 

  72. 

  73. $userfile2		= (isset($_FILES['userfile']['tmp_name']) ? $_FILES['userfile']['tmp_name'] : "");
    74. 

  74. $userfile_name	= (isset($_FILES['userfile']['name']) ? $_FILES['userfile']['name'] : "");
    75. 

  75. 

  76. limitDirectory( $directory );
    77. 

  77. 

  78. // check to see if directory exists
    79. 

  79. if ( $directory != 'banners' && $directory != '' && !is_dir($mosConfig_absolute_path .'/images/stories/'. $directory)) {
    80. 

  80. 	$directory 	= '';
    81. 

  81. }
    82. 

  82. 

  83. $action = "window.location.href = 'uploadimage.php?directory=$directory&amp;t=$css'";
    84. 

  84. 

  85. if (isset($_FILES['userfile'])) {
    86. 

  86. 	if ($directory == 'banners') {
    87. 

  87. 		$base_Dir = "../../images/banners/";
    88. 

  88. 	} else if ( $directory != '' ) {
    89. 

  89. 		$base_Dir = '../../images/stories/'. $directory;
    90. 

  90. 

  91. 		if (!is_dir($mosConfig_absolute_path .'/images/stories/'. $directory)) {
    92. 

  92. 			$base_Dir 	= '../../images/stories/';
    93. 

  93. 			$directory 	= '';
    94. 

  94. 		}
    95. 

  95. 	} else {
    96. 

  96. 		$base_Dir = '../../images/stories/';
    97. 

  97. 	}
    98. 

  98. 

  99. 	if (empty($userfile_name)) {
    100. 

  100. 		mosErrorAlert("Please select an image to upload", $action);
    101. 

  101. 	}
    102. 

  102. 

  103. 	$filename = split("\.", $userfile_name);
    104. 

  104. 

  105. 	if (eregi("[^0-9a-zA-Z_]", $filename[0])) {
    106. 

  106. 		mosErrorAlert('File must only contain alphanumeric characters and no spaces please.', $action );
    107. 

  107. 	}
    108. 

  108. 

  109. 	if (file_exists($base_Dir.$userfile_name)) {
    110. 

  110. 		mosErrorAlert('Image '.$userfile_name.' already exists.', $action );
    111. 

  111. 	}
    112. 

  112. 

  113. 	if ((strcasecmp(substr($userfile_name,-4),'.gif')) && (strcasecmp(substr($userfile_name,-4),'.jpg')) && (strcasecmp(substr($userfile_name,-4),'.png')) && (strcasecmp(substr($userfile_name,-4),'.bmp')) &&(strcasecmp(substr($userfile_name,-4),'.doc')) && (strcasecmp(substr($userfile_name,-4),'.xls')) && (strcasecmp(substr($userfile_name,-4),'.ppt')) && (strcasecmp(substr($userfile_name,-4),'.swf')) && (strcasecmp(substr($userfile_name,-4),'.pdf'))) {
    114. 

  114. 		mosErrorAlert('The file must be gif, png, jpg, bmp, swf, doc, xls or ppt', $action);
    115. 

  115. 	}
    116. 

  116. 

  117. 

  118. 	if (eregi('.pdf', $userfile_name) || eregi('.doc', $userfile_name) || eregi('.xls', $userfile_name) || eregi('.ppt', $userfile_name)) {
    119. 

  119. 		if (!move_uploaded_file ($_FILES['userfile']['tmp_name'],$media_path.$_FILES['userfile']['name']) || !mosChmod($media_path.$_FILES['userfile']['name'])) {
    120. 

  120. 			mosErrorAlert('Upload of '.$userfile_name.' failed', $action);
    121. 

  121. 		} else {
    122. 

  122. 			mosErrorAlert('Upload of '.$userfile_name.' to '.$base_Dir.' successful', "window.close()");
    123. 

  123. 		}
    124. 

  124. 	} elseif (!move_uploaded_file ($_FILES['userfile']['tmp_name'],$base_Dir.$_FILES['userfile']['name']) || !mosChmod($base_Dir.$_FILES['userfile']['name'])) {
    125. 

  125. 		mosErrorAlert('Upload of '.$userfile_name.' failed', $action);
    126. 

  126. 	} else {
    127. 

  127. 		mosErrorAlert('Upload of '.$userfile_name.' to '.$base_Dir.' successful', "window.close()");
    128. 

  128. 	}
    129. 

  129. 		echo $base_Dir.$_FILES['userfile']['name'];
    130. 

  130. }
    131. 

  131. 

  132. // css file handling
    133. 

  133. // check to see if template exists
    134. 

  134. if ( $css != '' && !is_dir($mosConfig_absolute_path .'/administrator/templates/'. $css .'/css/template_css.css' )) {
    135. 

  135. 	$css 	= 'joomla_admin';
    136. 

  136. } else if ( $css == '' ) {
    137. 

  137. 	$css 	= 'joomla_admin';
    138. 

  138. }
    139. 

  139. 

  140. $iso = split( '=', _ISO );
    141. 

  141. // xml prolog
    142. 

  142. echo '<?xml version="1.0" encoding="'. $iso[1] .'"?' .'>';
    143. 

  143. ?>
    144. 

  144. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    145. 

  145. <html xmlns="http://www.w3.org/1999/xhtml">
    146. 

  146. <head>
    147. 

  147. <title>Upload a file</title>
    148. 

  148. <meta http-equiv="Content-Type" content="text/html; <?php echo _ISO; ?>" />
    149. 

  149. </head>
    150. 

  150. <body>
    151. 

  151. 

  152. <link rel="stylesheet" href="../templates/<?php echo $css; ?>/css/template_css.css" type="text/css" />
    153. 

  153. <form method="post" action="uploadimage.php" enctype="multipart/form-data" name="filename">
    154. 

  154. 

  155. <table class="adminform">
    156. 

  156. <tr>
    157. 

  157. 	<th class="title">
    158. 

  158. 		File Upload : <?php echo $directory; ?>
    159. 

  159. 	</th>
    160. 

  160. </tr>
    161. 

  161. <tr>
    162. 

  162. 	<td align="center">
    163. 

  163. 		<input class="inputbox" name="userfile" type="file" />
    164. 

  164. 	</td>
    165. 

  165. </tr>
    166. 

  166. <tr>
    167. 

  167. 	<td>
    168. 

  168. 		<input class="button" type="submit" value="Upload" name="fileupload" />
    169. 

  169. 		Max size = <?php echo ini_get( 'post_max_size' );?>
    170. 

  170. 	</td>
    171. 

  171. </tr>
    172. 

  172. </table>
    173. 

  173. 

  174. <input type="hidden" name="directory" value="<?php echo $directory;?>" />
    175. 

  175. <input type="hidden" name="<?php echo josSpoofValue(); ?>" value="1" />
    176. 

  176. 		</form>
    177. 

  177. 

  178. </body>
    179. 

  179. </html>
    180. 

  180.