/public/filemanager/upload.php
PHP | 277 lines | 229 code | 36 blank | 12 comment | 61 complexity | 31d4b9fdd91134a5663843b743290778 MD5 | raw file
- <?php
- if (!isset($config)){
- $config = include 'config/config.php';
- //TODO switch to array
- extract($config, EXTR_OVERWRITE);
- }
- include 'include/utils.php';
- if ($_SESSION['RF']["verify"] != "RESPONSIVEfilemanager")
- {
- response(trans('forbiden').AddErrorLocation(), 403)->send();
- exit;
- }
- include 'include/mime_type_lib.php';
- if (isset($_POST['path']))
- {
- $storeFolder = $_POST['path'];
- $storeFolderThumb = $_POST['path_thumb'];
- }
- else
- {
- $storeFolder = $current_path.$_POST["fldr"]; // correct for when IE is in Compatibility mode
- $storeFolderThumb = $thumbs_base_path.$_POST["fldr"];
- }
- $ftp=ftp_con($config);
- if($ftp){
- $source_base = $ftp_base_folder.$upload_dir;
- $thumb_base = $ftp_base_folder.$ftp_thumbs_dir;
- $path_pos = strpos($storeFolder,$source_base);
- $thumb_pos = strpos($storeFolderThumb,$thumb_base);
- }else{
- $source_base = $current_path;
- $thumb_base = $thumbs_base_path;
- $path_pos = strpos($storeFolder,$source_base);
- $thumb_pos = strpos($storeFolderThumb,$thumb_base);
- }
- if ($path_pos!==0
- || $thumb_pos !==0
- || strpos($storeFolderThumb,'../',strlen($thumb_base)) !== FALSE
- || strpos($storeFolderThumb,'./',strlen($thumb_base)) !== FALSE
- || strpos($storeFolder,'../',strlen($source_base)) !== FALSE
- || strpos($storeFolder,'./',strlen($source_base)) !== FALSE )
- {
- response(trans('wrong path'.AddErrorLocation()))->send();
- exit;
- }
- $path = $storeFolder;
- $cycle = TRUE;
- $max_cycles = 50;
- $i = 0;
- while ($cycle && $i < $max_cycles)
- {
- $i++;
- if ($path == $current_path) $cycle = FALSE;
- if (file_exists($path."config.php"))
- {
- require_once $path."config.php";
- $cycle = FALSE;
- }
- $path = fix_dirname($path).'/';
- }
- if ( ! empty($_FILES) || isset($_POST['url']))
- {
- if(isset($_POST['url'])){
- $temp = tempnam('/tmp','RF');
- $handle = fopen($temp, "w");
- fwrite($handle, file_get_contents($_POST['url']));
- fclose($handle);
- $_FILES['file']= array(
- 'name' => basename($_POST['url']),
- 'tmp_name' => $temp,
- 'size' => filesize($temp)
- );
- }
- $info = pathinfo($_FILES['file']['name']);
- $mime_type = $_FILES['file']['type'];
- if (function_exists('mime_content_type')){
- $mime_type = mime_content_type($_FILES['file']['tmp_name']);
- }elseif(function_exists('finfo_open')){
- $finfo = finfo_open(FILEINFO_MIME_TYPE);
- $mime_type = finfo_file($finfo, $_FILES['file']['tmp_name']);
- }else{
- include 'include/mime_type_lib.php';
- $mime_type = get_file_mime_type($_FILES['file']['tmp_name']);
- }
- $extension = get_extension_from_mime($mime_type);
- if($extension=='so'){
- $extension = $info['extension'];
- }
- if (in_array(fix_strtolower($extension), $ext))
- {
- $tempFile = $_FILES['file']['tmp_name'];
- $targetPath = $storeFolder;
- $targetPathThumb = $storeFolderThumb;
- $_FILES['file']['name'] = fix_filename($info['filename'].".".$extension,$transliteration,$convert_spaces, $replace_with);
- // LowerCase
- if ($lower_case)
- {
- $_FILES['file']['name'] = fix_strtolower($_FILES['file']['name']);
- }
- // Gen. new file name if exists
- if (file_exists($targetPath.$_FILES['file']['name']))
- {
- $i = 1;
- $info = pathinfo($_FILES['file']['name']);
- // append number
- while(file_exists($targetPath.$info['filename']."_".$i.".".$extension)) {
- $i++;
- }
- $_FILES['file']['name'] = $info['filename']."_".$i.".".$extension;
- }
- $targetFile = $targetPath. $_FILES['file']['name'];
- $targetFileThumb = $targetPathThumb. $_FILES['file']['name'];
- // check if image (and supported)
- if (in_array(fix_strtolower($extension),$ext_img)) $is_img=TRUE;
- else $is_img=FALSE;
- if (!checkresultingsize($_FILES['file']['size'])) {
- response(sprintf(trans('max_size_reached'),$MaxSizeTotal).AddErrorLocation(), 406)->send();
- exit;
- }
- // upload
- if($ftp){
- $targetFile = tempnam('/tmp','RF').$_FILES['file']['name'];
- if ($is_img)
- {
- $targetFileThumb = tempnam('/tmp','RF').$_FILES['file']['name'];
- }
- }
- if(is_uploaded_file($tempFile)){
- move_uploaded_file($tempFile,$targetFile);
- }else{
- copy($tempFile,$targetFile);
- unlink($tempFile);
- }
- chmod($targetFile, $fileFolderPermission);
- if ($is_img)
- {
- if(isset($image_watermark) && $image_watermark){
- require_once('include/php_image_magician.php');
- $magicianObj = new imageLib($targetFile);
- $magicianObj -> addWatermark($image_watermark, $image_watermark_position, $image_watermark_padding);
- $magicianObj -> saveImage($targetFile);
- }
- $memory_error = FALSE;
- if ( ! create_img($targetFile, $targetFileThumb, 122, 91))
- {
- $memory_error = TRUE;
- }
- else
- {
- // TODO something with this long function baaaah...
- if( !$ftp && ! new_thumbnails_creation($targetPath,$targetFile,$_FILES['file']['name'],$current_path,$relative_image_creation,$relative_path_from_current_pos,$relative_image_creation_name_to_prepend,$relative_image_creation_name_to_append,$relative_image_creation_width,$relative_image_creation_height,$relative_image_creation_option,$fixed_image_creation,$fixed_path_from_filemanager,$fixed_image_creation_name_to_prepend,$fixed_image_creation_to_append,$fixed_image_creation_width,$fixed_image_creation_height,$fixed_image_creation_option))
- {
- $memory_error = TRUE;
- }
- else
- {
- $imginfo = getimagesize($targetFile);
- $srcWidth = $imginfo[0];
- $srcHeight = $imginfo[1];
- // resize images if set
- if ($image_resizing)
- {
- if ($image_resizing_width == 0) // if width not set
- {
- if ($image_resizing_height == 0)
- {
- $image_resizing_width = $srcWidth;
- $image_resizing_height = $srcHeight;
- }
- else
- {
- $image_resizing_width = $image_resizing_height*$srcWidth/$srcHeight;
- }
- }
- elseif ($image_resizing_height == 0) // if height not set
- {
- $image_resizing_height = $image_resizing_width*$srcHeight/$srcWidth;
- }
- // new dims and create
- $srcWidth = $image_resizing_width;
- $srcHeight = $image_resizing_height;
- create_img($targetFile, $targetFile, $image_resizing_width, $image_resizing_height, $image_resizing_mode);
- }
- //max resizing limit control
- $resize = FALSE;
- if ($image_max_width != 0 && $srcWidth > $image_max_width && $image_resizing_override === FALSE)
- {
- $resize = TRUE;
- $srcWidth = $image_max_width;
- if ($image_max_height == 0) $srcHeight = $image_max_width*$srcHeight/$srcWidth;
- }
- if ($image_max_height != 0 && $srcHeight > $image_max_height && $image_resizing_override === FALSE){
- $resize = TRUE;
- $srcHeight = $image_max_height;
- if ($image_max_width == 0) $srcWidth = $image_max_height*$srcWidth/$srcHeight;
- }
- if ($resize){ create_img($targetFile, $targetFile, $srcWidth, $srcHeight, $image_max_mode); }
- }
- }
- // not enough memory
- if ($memory_error)
- {
- unlink($targetFile);
- response(trans("Not enought Memory").AddErrorLocation(), 406)->send();
- exit();
- }
- }
- if($ftp){
- $ftp->put($targetPath. $_FILES['file']['name'], $targetFile, FTP_BINARY);
- unlink($targetFile);
- if ($is_img)
- {
- $ftp->put($targetPathThumb. $_FILES['file']['name'], $targetFileThumb, FTP_BINARY);
- unlink($targetFileThumb);
- }
- }
- echo $_FILES['file']['name'];
- }
- else // file ext. is not in the allowed list
- {
- response("Thumbnails creation: ".trans("Error_extension").AddErrorLocation(), 406)->send();
- exit();
- }
- }
- else // no files to upload
- {
- response(trans("no file").AddErrorLocation(), 405)->send();
- exit();
- }
- // redirect
- if (isset($_POST['submit']))
- {
- $query = http_build_query(array(
- 'type' => $_POST['type'],
- 'lang' => $_POST['lang'],
- 'popup' => $_POST['popup'],
- 'field_id' => $_POST['field_id'],
- 'fldr' => $_POST['fldr'],
- ));
- header("location: dialog.php?" . $query);
- }