PageRenderTime 59ms CodeModel.GetById 32ms RepoModel.GetById 0ms app.codeStats 0ms

/wiki/scripts/upload.php

https://github.com/edpanameno/cms
PHP | 336 lines | 296 code | 19 blank | 21 comment | 52 complexity | c95e459ea4795d2f148facfa126202d3 MD5 | raw file
    

  1. <?php if (!defined('PmWiki')) exit();
    2. 

  2. /*  Copyright 2004-2010 Patrick R. Michaud (pmichaud@pobox.com)
    3. 

  3.     This file is part of PmWiki; you can redistribute it and/or modify
    4. 

  4.     it under the terms of the GNU General Public License as published
    5. 

  5.     by the Free Software Foundation; either version 2 of the License, or
    6. 

  6.     (at your option) any later version.  See pmwiki.php for full details.
    7. 

    8. 

  8.     This script adds upload capabilities to PmWiki.  Uploads can be
    9. 

  9.     enabled by setting
    10. 

  10.         $EnableUpload = 1;
    11. 

  11.     in config.php.  In addition, an upload password must be set, as
    12. 

  12.     the default is to lock uploads.  In some configurations it may also
    13. 

  13.     be necessary to set values for $UploadDir and $UploadUrlFmt,
    14. 

  14.     especially if any form of URL rewriting is being performed.
    15. 

  15.     See the PmWiki.UploadsAdmin page for more information.
    16. 

  16. */
    17. 

  17. 

  18. ## $EnableUploadOverwrite determines if we allow previously uploaded
    19. 

  19. ## files to be overwritten.
    20. 

  20. SDV($EnableUploadOverwrite,1);
    21. 

  21. 

  22. ## $UploadExts contains the list of file extensions we're willing to
    23. 

  23. ## accept, along with the Content-Type: value appropriate for each.
    24. 

  24. SDVA($UploadExts,array(
    25. 

  25.   'gif' => 'image/gif', 'jpg' => 'image/jpeg', 'jpeg' => 'image/jpeg',
    26. 

  26.   'png' => 'image/png', 'bmp' => 'image/bmp', 'ico' => 'image/x-icon',
    27. 

  27.   'wbmp' => 'image/vnd.wap.wbmp',
    28. 

  28.   'mp3' => 'audio/mpeg', 'au' => 'audio/basic', 'wav' => 'audio/x-wav',
    29. 

  29.   'mpg' => 'video/mpeg', 'mpeg' => 'video/mpeg',
    30. 

  30.   'mov' => 'video/quicktime', 'qt' => 'video/quicktime',
    31. 

  31.   'wmf' => 'text/plain', 'avi' => 'video/x-msvideo',
    32. 

  32.   'zip' => 'application/zip', '7z' => 'application/x-7z-compressed',
    33. 

  33.   'gz' => 'application/x-gzip', 'tgz' => 'application/x-gzip',
    34. 

  34.   'rpm' => 'application/x-rpm', 
    35. 

  35.   'hqx' => 'application/mac-binhex40', 'sit' => 'application/x-stuffit',
    36. 

  36.   'doc' => 'application/msword', 'ppt' => 'application/vnd.ms-powerpoint',
    37. 

  37.   'xls' => 'application/vnd.ms-excel', 'mdb' => 'text/plain',
    38. 

  38.   'exe' => 'application/octet-stream',
    39. 

  39.   'pdf' => 'application/pdf', 'psd' => 'text/plain', 
    40. 

  40.   'ps' => 'application/postscript', 'ai' => 'application/postscript',
    41. 

  41.   'eps' => 'application/postscript',
    42. 

  42.   'htm' => 'text/html', 'html' => 'text/html', 'css' => 'text/css', 
    43. 

  43.   'fla' => 'application/x-shockwave-flash', 
    44. 

  44.   'swf' => 'application/x-shockwave-flash',
    45. 

  45.   'txt' => 'text/plain', 'rtf' => 'application/rtf', 
    46. 

  46.   'tex' => 'application/x-tex', 'dvi' => 'application/x-dvi',
    47. 

  47.   'odt' => 'application/vnd.oasis.opendocument.text',
    48. 

  48.   'ods' => 'application/vnd.oasis.opendocument.spreadsheet',
    49. 

  49.   'odp' => 'application/vnd.oasis.opendocument.presentation',
    50. 

  50.   'kml' => 'application/vnd.google-earth.kml+xml',
    51. 

  51.   'kmz' => 'application/vnd.google-earth.kmz',
    52. 

  52.   '' => 'text/plain'));
    53. 

  53. 

  54. SDV($UploadMaxSize,50000);
    55. 

  55. SDV($UploadPrefixQuota,0);
    56. 

  56. SDV($UploadDirQuota,0);
    57. 

  57. foreach($UploadExts as $k=>$v) 
    58. 

  58.   if (!isset($UploadExtSize[$k])) $UploadExtSize[$k]=$UploadMaxSize;
    59. 

  59. 

  60. SDV($UploadDir,'uploads');
    61. 

  61. SDV($UploadPrefixFmt,'/$Group');
    62. 

  62. SDV($UploadFileFmt,"$UploadDir$UploadPrefixFmt");
    63. 

  63. $v = preg_replace('#^/(.*/)#', '', $UploadDir);
    64. 

  64. SDV($UploadUrlFmt,preg_replace('#/[^/]*$#', "/$v", $PubDirUrl, 1));
    65. 

  65. SDV($LinkUploadCreateFmt, "<a rel='nofollow' class='createlinktext' href='\$LinkUpload'>\$LinkText</a><a rel='nofollow' class='createlink' href='\$LinkUpload'>&nbsp;&Delta;</a>");
    66. 

  66. SDVA($ActionTitleFmt, array('upload' => '| $[Attach]'));
    67. 

  67. 

  68. SDV($PageUploadFmt,array("
    69. 

  69.   <div id='wikiupload'>
    70. 

  70.   <h2 class='wikiaction'>$[Attachments for] {\$FullName}</h2>
    71. 

  71.   <h3>\$UploadResult</h3>
    72. 

  72.   <form enctype='multipart/form-data' action='{\$PageUrl}' method='post'>
    73. 

  73.   <input type='hidden' name='n' value='{\$FullName}' />
    74. 

  74.   <input type='hidden' name='action' value='postupload' />
    75. 

  75.   <table border='0'>
    76. 

  76.     <tr><td align='right'>$[File to upload:]</td><td><input
    77. 

  77.       name='uploadfile' type='file' /></td></tr>
    78. 

  78.     <tr><td align='right'>$[Name attachment as:]</td>
    79. 

  79.       <td><input type='text' name='upname' value='\$UploadName' /><input 
    80. 

  80.         type='submit' value=' $[Upload] ' /><br />
    81. 

  81.         </td></tr></table></form></div>",
    82. 

  82.   'wiki:$[{$SiteGroup}/UploadQuickReference]'));
    83. 

  83. XLSDV('en',array(
    84. 

  84.   'ULsuccess' => 'successfully uploaded',
    85. 

  85.   'ULbadname' => 'invalid attachment name',
    86. 

  86.   'ULbadtype' => '\'$upext\' is not an allowed file extension',
    87. 

  87.   'ULtoobig' => 'file is larger than maximum allowed by webserver',
    88. 

  88.   'ULtoobigext' => 'file is larger than allowed maximum of $upmax
    89. 

  89.      bytes for \'$upext\' files',
    90. 

  90.   'ULpartial' => 'incomplete file received',
    91. 

  91.   'ULnofile' => 'no file uploaded',
    92. 

  92.   'ULexists' => 'file with that name already exists',
    93. 

  93.   'ULpquota' => 'group quota exceeded',
    94. 

  94.   'ULtquota' => 'upload quota exceeded'));
    95. 

  95. SDV($PageAttributes['passwdupload'],'$[Set new upload password:]');
    96. 

  96. SDV($DefaultPasswords['upload'],'*');
    97. 

  97. SDV($AuthCascade['upload'], 'read');
    98. 

  98. SDV($FmtPV['$PasswdUpload'], 'PasswdVar($pn, "upload")');
    99. 

  99. 

  100. Markup('attachlist', 'directives', 
    101. 

  101.   '/\\(:attachlist\\s*(.*?):\\)/ei',
    102. 

  102.   "Keep('<ul>'.FmtUploadList('$pagename',PSS('$1')).'</ul>')");
    103. 

  103. SDV($GUIButtons['attach'], array(220, 'Attach:', '', '$[file.ext]',
    104. 

  104.   '$GUIButtonDirUrlFmt/attach.gif"$[Attach file]"'));
    105. 

  105. SDV($LinkFunctions['Attach:'], 'LinkUpload');
    106. 

  106. SDV($IMap['Attach:'], '$1');
    107. 

  107. SDVA($HandleActions, array('upload' => 'HandleUpload',
    108. 

  108.   'postupload' => 'HandlePostUpload',
    109. 

  109.   'download' => 'HandleDownload'));
    110. 

  110. SDVA($HandleAuth, array('upload' => 'upload',
    111. 

  111.   'download' => 'read'));
    112. 

  112. SDV($HandleAuth['postupload'], $HandleAuth['upload']);
    113. 

  113. SDV($UploadVerifyFunction, 'UploadVerifyBasic');
    114. 

  114. 

  115. function MakeUploadName($pagename,$x) {
    116. 

  116.   global $UploadNameChars, $MakeUploadNamePatterns;
    117. 

  117.   SDV($UploadNameChars, "-\\w. ");
    118. 

  118.   SDV($MakeUploadNamePatterns, array(
    119. 

  119.     "/[^$UploadNameChars]/" => '',
    120. 

  120.     '/\\.[^.]*$/e' => 'strtolower("$0")',
    121. 

  121.     '/^[^[:alnum:]_]+/' => '',
    122. 

  122.     '/[^[:alnum:]_]+$/' => ''));
    123. 

  123.    return preg_replace(array_keys($MakeUploadNamePatterns),
    124. 

  124.             array_values($MakeUploadNamePatterns), $x);
    125. 

  125. }
    126. 

  126. 

  127. function LinkUpload($pagename, $imap, $path, $alt, $txt, $fmt=NULL) {
    128. 

  128.   global $FmtV, $UploadFileFmt, $LinkUploadCreateFmt, $UploadUrlFmt,
    129. 

  129.     $UploadPrefixFmt, $EnableDirectDownload;
    130. 

  130.   if (preg_match('!^(.*)/([^/]+)$!', $path, $match)) {
    131. 

  131.     $pagename = MakePageName($pagename, $match[1]);
    132. 

  132.     $path = $match[2];
    133. 

  133.   }
    134. 

  134.   $upname = MakeUploadName($pagename, $path);
    135. 

  135.   $filepath = FmtPageName("$UploadFileFmt/$upname", $pagename);
    136. 

  136.   $FmtV['$LinkUpload'] = 
    137. 

  137.     FmtPageName("\$PageUrl?action=upload&amp;upname=$upname", $pagename);
    138. 

  138.   $FmtV['$LinkText'] = $txt;
    139. 

  139.   if (!file_exists($filepath)) 
    140. 

  140.     return FmtPageName($LinkUploadCreateFmt, $pagename);
    141. 

  141.   $path = PUE(FmtPageName(IsEnabled($EnableDirectDownload, 1) 
    142. 

  142.                             ? "$UploadUrlFmt$UploadPrefixFmt/$upname"
    143. 

  143.                             : "{\$PageUrl}?action=download&amp;upname=$upname",
    144. 

  144.                           $pagename));
    145. 

  145.   return LinkIMap($pagename, $imap, $path, $alt, $txt, $fmt);
    146. 

  146. }
    147. 

  147. 

  148. # Authenticate group downloads with the group password
    149. 

  149. function UploadAuth($pagename, $auth, $cache=0){
    150. 

  150.   global $GroupAttributesFmt, $EnableUploadGroupAuth;
    151. 

  151.   if (IsEnabled($EnableUploadGroupAuth,0)){
    152. 

  152.     SDV($GroupAttributesFmt,'$Group/GroupAttributes');
    153. 

  153.     $pn_upload = FmtPageName($GroupAttributesFmt, $pagename);
    154. 

  154.   } else $pn_upload = $pagename;
    155. 

  155.   $page = RetrieveAuthPage($pn_upload, $auth, true, READPAGE_CURRENT);
    156. 

  156.   if(!$page) Abort("?No '$auth' permissions for $pagename");
    157. 

  157.   if($cache) PCache($pn_upload,$page);
    158. 

  158.   return true;
    159. 

  159. }
    160. 

  160. 

  161. function HandleUpload($pagename, $auth = 'upload') {
    162. 

  162.   global $FmtV,$UploadExtMax,
    163. 

  163.     $HandleUploadFmt,$PageStartFmt,$PageEndFmt,$PageUploadFmt;
    164. 

  164.   UploadAuth($pagename, $auth, 1);
    165. 

  165.   $FmtV['$UploadName'] = MakeUploadName($pagename,@$_REQUEST['upname']);
    166. 

  166.   $upresult = htmlspecialchars(@$_REQUEST['upresult']);
    167. 

  167.   $uprname = htmlspecialchars(@$_REQUEST['uprname']);
    168. 

  168.   $FmtV['$upext'] = htmlspecialchars(@$_REQUEST['upext']);
    169. 

  169.   $FmtV['$upmax'] = htmlspecialchars(@$_REQUEST['upmax']);
    170. 

  170.   $FmtV['$UploadResult'] = ($upresult) ?
    171. 

  171.     FmtPageName("<i>$uprname</i>: $[UL$upresult]",$pagename) : '';
    172. 

  172.   SDV($HandleUploadFmt,array(&$PageStartFmt,&$PageUploadFmt,&$PageEndFmt));
    173. 

  173.   PrintFmt($pagename,$HandleUploadFmt);
    174. 

  174. }
    175. 

  175. 

  176. function HandleDownload($pagename, $auth = 'read') {
    177. 

  177.   global $UploadFileFmt, $UploadExts, $DownloadDisposition, $EnableIMSCaching;
    178. 

  178.   SDV($DownloadDisposition, "inline");
    179. 

  179.   UploadAuth($pagename, $auth);
    180. 

  180.   $upname = MakeUploadName($pagename, @$_REQUEST['upname']);
    181. 

  181.   $filepath = FmtPageName("$UploadFileFmt/$upname", $pagename);
    182. 

  182.   if (!$upname || !file_exists($filepath)) {
    183. 

  183.     header("HTTP/1.0 404 Not Found");
    184. 

  184.     Abort("?requested file not found");
    185. 

  185.     exit();
    186. 

  186.   }
    187. 

  187.   if (IsEnabled($EnableIMSCaching, 0)) {
    188. 

  188.     header('Cache-Control: private');
    189. 

  189.     header('Expires: ');
    190. 

  190.     $filelastmod = gmdate('D, d M Y H:i:s \G\M\T', filemtime($filepath));
    191. 

  191.     if (@$_SERVER['HTTP_IF_MODIFIED_SINCE'] == $filelastmod)
    192. 

  192.       { header("HTTP/1.0 304 Not Modified"); exit(); }
    193. 

  193.     header("Last-Modified: $filelastmod");
    194. 

  194.   }
    195. 

  195.   preg_match('/\\.([^.]+)$/',$filepath,$match); 
    196. 

  196.   if ($UploadExts[@$match[1]]) 
    197. 

  197.     header("Content-Type: {$UploadExts[@$match[1]]}");
    198. 

  198.   header("Content-Length: ".filesize($filepath));
    199. 

  199.   header("Content-disposition: $DownloadDisposition; filename=\"$upname\"");
    200. 

  200.   $fp = fopen($filepath, "rb");
    201. 

  201.   if ($fp) {
    202. 

  202.     while (!feof($fp)) echo fread($fp, 4096);
    203. 

  203.     flush();
    204. 

  204.     fclose($fp);
    205. 

  205.   }
    206. 

  206.   exit();
    207. 

  207. }
    208. 

  208. 

  209. function HandlePostUpload($pagename, $auth = 'upload') {
    210. 

  210.   global $UploadVerifyFunction, $UploadFileFmt, $LastModFile, 
    211. 

  211.     $EnableUploadVersions, $Now, $RecentUploadsFmt, $FmtV;
    212. 

  212.   UploadAuth($pagename, $auth);
    213. 

  213.   $uploadfile = $_FILES['uploadfile'];
    214. 

  214.   $upname = $_REQUEST['upname'];
    215. 

  215.   if ($upname=='') $upname=$uploadfile['name'];
    216. 

  216.   $upname = MakeUploadName($pagename,$upname);
    217. 

  217.   if (!function_exists($UploadVerifyFunction))
    218. 

  218.     Abort('?no UploadVerifyFunction available');
    219. 

  219.   $filepath = FmtPageName("$UploadFileFmt/$upname",$pagename);
    220. 

  220.   $result = $UploadVerifyFunction($pagename,$uploadfile,$filepath);
    221. 

  221.   if ($result=='') {
    222. 

  222.     $filedir = preg_replace('#/[^/]*$#','',$filepath);
    223. 

  223.     mkdirp($filedir);
    224. 

  224.     if (IsEnabled($EnableUploadVersions, 0))
    225. 

  225.       @rename($filepath, "$filepath,$Now");
    226. 

  226.     if (!move_uploaded_file($uploadfile['tmp_name'],$filepath))
    227. 

  227.       { Abort("?cannot move uploaded file to $filepath"); return; }
    228. 

  228.     fixperms($filepath,0444);
    229. 

  229.     if ($LastModFile) { touch($LastModFile); fixperms($LastModFile); }
    230. 

  230.     $result = "upresult=success";
    231. 

  231.     if (IsEnabled($RecentUploadsFmt, 0)) {
    232. 

  232.       $FmtV['$upname'] = $upname;
    233. 

  233.       $FmtV['$upsize'] = $uploadfile['size'];
    234. 

  234.       PostRecentChanges($pagename, '', '', $RecentUploadsFmt);
    235. 

  235.     }
    236. 

  236.   }
    237. 

  237.   Redirect($pagename,"{\$PageUrl}?action=upload&uprname=$upname&$result");
    238. 

  238. }
    239. 

  239. 

  240. function UploadVerifyBasic($pagename,$uploadfile,$filepath) {
    241. 

  241.   global $EnableUploadOverwrite,$UploadExtSize,$UploadPrefixQuota,
    242. 

  242.     $UploadDirQuota,$UploadDir;
    243. 

  243.   if (!$EnableUploadOverwrite && file_exists($filepath)) 
    244. 

  244.     return 'upresult=exists';
    245. 

  245.   preg_match('/\\.([^.\\/]+)$/',$filepath,$match); $ext=@$match[1];
    246. 

  246.   $maxsize = $UploadExtSize[$ext];
    247. 

  247.   if ($maxsize<=0) return "upresult=badtype&upext=$ext";
    248. 

  248.   if ($uploadfile['size']>$maxsize) 
    249. 

  249.     return "upresult=toobigext&upext=$ext&upmax=$maxsize";
    250. 

  250.   switch (@$uploadfile['error']) {
    251. 

  251.     case 1: return 'upresult=toobig';
    252. 

  252.     case 2: return 'upresult=toobig';
    253. 

  253.     case 3: return 'upresult=partial';
    254. 

  254.     case 4: return 'upresult=nofile';
    255. 

  255.   }
    256. 

  256.   if (!is_uploaded_file($uploadfile['tmp_name'])) return 'upresult=nofile';
    257. 

  257.   $filedir = preg_replace('#/[^/]*$#','',$filepath);
    258. 

  258.   if ($UploadPrefixQuota && 
    259. 

  259.       (dirsize($filedir)-@filesize($filepath)+$uploadfile['size']) >
    260. 

  260.         $UploadPrefixQuota) return 'upresult=pquota';
    261. 

  261.   if ($UploadDirQuota && 
    262. 

  262.       (dirsize($UploadDir)-@filesize($filepath)+$uploadfile['size']) >
    263. 

  263.         $UploadDirQuota) return 'upresult=tquota';
    264. 

  264.   return '';
    265. 

  265. }
    266. 

  266. 

  267. function dirsize($dir) {
    268. 

  268.   $size = 0;
    269. 

  269.   $dirp = @opendir($dir);
    270. 

  270.   if (!$dirp) return 0;
    271. 

  271.   while (($file=readdir($dirp)) !== false) {
    272. 

  272.     if ($file[0]=='.') continue;
    273. 

  273.     if (is_dir("$dir/$file")) $size+=dirsize("$dir/$file");
    274. 

  274.     else $size+=filesize("$dir/$file");
    275. 

  275.   }
    276. 

  276.   closedir($dirp);
    277. 

  277.   return $size;
    278. 

  278. }
    279. 

  279. 

  280. function FmtUploadList($pagename, $args) {
    281. 

  281.   global $UploadDir, $UploadPrefixFmt, $UploadUrlFmt, $EnableUploadOverwrite,
    282. 

  282.     $TimeFmt, $EnableDirectDownload;
    283. 

  283. 

  284.   $opt = ParseArgs($args);
    285. 

  285.   if (@$opt[''][0]) $pagename = MakePageName($pagename, $opt[''][0]);
    286. 

  286.   if (@$opt['ext']) 
    287. 

  287.     $matchext = '/\\.(' 
    288. 

  288.       . implode('|', preg_split('/\\W+/', $opt['ext'], -1, PREG_SPLIT_NO_EMPTY))
    289. 

  289.       . ')$/i';
    290. 

  290. 

  291.   $uploaddir = FmtPageName("$UploadDir$UploadPrefixFmt", $pagename);
    292. 

  292.   $uploadurl = FmtPageName(IsEnabled($EnableDirectDownload, 1) 
    293. 

  293.                           ? "$UploadUrlFmt$UploadPrefixFmt/"
    294. 

  294.                           : "\$PageUrl?action=download&amp;upname=",
    295. 

  295.                       $pagename);
    296. 

  296. 

  297.   $dirp = @opendir($uploaddir);
    298. 

  298.   if (!$dirp) return '';
    299. 

  299.   $filelist = array();
    300. 

  300.   while (($file=readdir($dirp)) !== false) {
    301. 

  301.     if ($file{0} == '.') continue;
    302. 

  302.     if (@$matchext && !preg_match(@$matchext, $file)) continue;
    303. 

  303.     $filelist[$file] = $file;
    304. 

  304.   }
    305. 

  305.   closedir($dirp);
    306. 

  306.   $out = array();
    307. 

  307.   natcasesort($filelist);
    308. 

  308.   $overwrite = '';
    309. 

  309.   foreach($filelist as $file=>$x) {
    310. 

  310.     $name = PUE("$uploadurl$file");
    311. 

  311.     $stat = stat("$uploaddir/$file");
    312. 

  312.     if ($EnableUploadOverwrite) 
    313. 

  313.       $overwrite = FmtPageName("<a rel='nofollow' class='createlink'
    314. 

  314.         href='\$PageUrl?action=upload&amp;upname=$file'>&nbsp;&Delta;</a>", 
    315. 

  315.         $pagename);
    316. 

  316.     $out[] = "<li> <a href='$name'>$file</a>$overwrite ... ".
    317. 

  317.       number_format($stat['size']) . " bytes ... " . 
    318. 

  318.       strftime($TimeFmt, $stat['mtime']) . "</li>";
    319. 

  319.   }
    320. 

  320.   return implode("\n",$out);
    321. 

  321. }
    322. 

  322. 

  323. # this adds (:if [!]attachments:) to the markup
    324. 

  324. $Conditions['attachments'] = "AttachExist(\$pagename)";
    325. 

  325. function AttachExist($pagename) {
    326. 

  326.   global $UploadDir, $UploadPrefixFmt;
    327. 

  327.   $uploaddir = FmtPageName("$UploadDir$UploadPrefixFmt", $pagename);
    328. 

  328.   $count = 0;
    329. 

  329.   $dirp = @opendir($uploaddir);
    330. 

  330.   if ($dirp) {
    331. 

  331.     while (($file = readdir($dirp)) !== false)
    332. 

  332.       if ($file{0} != '.') $count++;
    333. 

  333.     closedir($dirp);
    334. 

  334.   }
    335. 

  335.   return $count;
    336. 

  336. }
    337. 

  337.