Page Menu
Home
In-Portal Phabricator
Search
Configure Global Search
Log In
Files
F775659
in-portal
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Subscribers
None
File Metadata
Details
File Info
Storage
Attached
Created
Wed, Feb 5, 6:07 PM
Size
16 KB
Mime Type
text/x-diff
Expires
Fri, Feb 7, 6:07 PM (16 h, 50 m)
Engine
blob
Format
Raw Data
Handle
557901
Attached To
rINP In-Portal
in-portal
View Options
Index: branches/5.0.x/core/units/helpers/fck_helper.php
===================================================================
--- branches/5.0.x/core/units/helpers/fck_helper.php (revision 13010)
+++ branches/5.0.x/core/units/helpers/fck_helper.php (revision 13011)
@@ -1,294 +1,294 @@
<?php
/**
* @version $Id$
* @package In-Portal
* @copyright Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
* @license GNU/GPL
* In-Portal is Open Source software.
* This means that this software may have been modified pursuant
* the GNU General Public License, and as distributed it includes
* or is derivative of works licensed under the GNU General Public License
* or other free or open source software licenses.
* See http://www.in-portal.org/license for copyright notices and details.
*/
defined('FULL_PATH') or die('restricted access!');
class fckFCKHelper extends kHelper {
var $Config = Array();
function fckFCKHelper()
{
parent::kHelper();
$this->Config['AllowedExtensions']['Files'] = array('jpg','gif','jpeg','png','swf','fla','jpg','gif','jpeg','png','avi','mpg','mpeg','zip','rar','arj','gz','tar','doc','pdf','ppt','rdp','swf','swt','txt','vsd','xls','csv','odt') ;
$this->Config['DeniedExtensions']['Files'] = array('php','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','dll','reg') ;
$this->Config['AllowedExtensions']['Images'] = array('jpg','gif','jpeg','png', 'bmp') ;
$this->Config['DeniedExtensions']['Images'] = array('php','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','dll','reg');
$this->Config['AllowedExtensions']['Flash'] = array('swf','fla') ;
$this->Config['DeniedExtensions']['Flash'] = array('php','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','dll','reg') ;
$this->Config['AllowedExtensions']['Media'] = array('asf','asx','avi','wav','wax','wma','wm','wmv','m3u','mp2v','mpg','mpeg','m1v','mp2','mp3','mpa','mpe','mpv2','mp4','mid','midi','rmi','qt','aif','aifc','aiff','mov','flv','rm','svcd','swf','vcd') ;
$this->Config['DeniedExtensions']['Media'] = array('php','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','dll','reg');
$this->Config['AllowedExtensions']['Documents'] = array('doc','pdf','ppt','rdp','swf','swt','txt','vsd','xls','csv','zip','odt') ;
$this->Config['DeniedExtensions']['Documents'] = array('php','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','dll','reg');
}
function CreateFolder($folder = '')
{
if (!$folder) {
return false;
}
$folderPath = WRITEABLE . '/user_files/' . $folder;
if (file_exists($folderPath) && is_dir($folderPath)) {
return true;
}
$permissions = defined('FCK_FOLDERS_PERMISSIONS') ? FCK_FOLDERS_PERMISSIONS : '0777';
return mkdir($folderPath); // , $permissions
}
function IsAllowedExtension($folder, $file_name)
{
$base_folder = $this->getBaseFolder($folder);
eregi("(\.[a-zA-Z0-9]{1,10})$", $file_name, $regs);
$ext = strtolower(ltrim($regs[1],"."));
if (isset($this->Config['DeniedExtensions'][$folder])) {
if (in_array($ext, $this->Config['DeniedExtensions'][$folder])) {
return false;
}
}
if (isset($this->Config['AllowedExtensions'][$folder])) {
if (!in_array($ext, $this->Config['AllowedExtensions'][$folder])) {
return false;
}
}
return true;
}
function getBaseFolder($folder)
{
$end = strpos("/", $folder);
if ($end) {
return substr($folder, 0, $end);
}
return $folder;
}
function ReadFolders($files_dir)
{
$aFolders = array();
$oCurrentFolder = opendir($files_dir) ;
$KernelSystemFolders = defined('KERNEL_SYSTEM_FOLDERS') ? KERNEL_SYSTEM_FOLDERS : array('icons', 'CVS', '.svn');
while ( $sFile = readdir( $oCurrentFolder ) )
{
if (is_dir($files_dir . $sFile ) && !in_array($sFile,$KernelSystemFolders) && $sFile != '.' && $sFile != '..') {
$aFolders[] = $sFile;
}
}
closedir( $oCurrentFolder ) ;
return $aFolders;
}
function ReadFiles($files_dir)
{
$aFiles = array();
$oCurrentFolder = opendir($files_dir) ;
while ( $sFile = readdir( $oCurrentFolder ) )
{
if (!is_dir($files_dir . $sFile )) {
$aFiles[] = $sFile;
}
}
closedir( $oCurrentFolder ) ;
return $aFiles;
}
function PrintFolders()
{
$order_by = $this->Application->GetVar('order_by');
$sort_by = $this->Application->GetVar('sort_by');
$folder = $this->Application->GetVar('folder');
$files_dir = WRITEABLE."/user_files/".$folder."/";
$aFolders = $this->ReadFolders($files_dir);
$ret = '';
$order_by = $this->Application->GetVar('order_by');
$sort_by = $this->Application->GetVar('sort_by');
natcasesort($aFolders);
foreach ($aFolders as $k => $v) {
$ret .= '<folder2 path="'.$folder."/".$v.'">'.$v.'</folder2>'."\n";
}
if ($sort_by == 'name' && $order_by == '_desc') {
$aFolders = array_reverse($aFolders);
}
foreach ($aFolders as $k => $v) {
$ret .= '<folder path="'.$folder."/".$v.'">'.$v.'</folder>'."\n";
}
return $ret;
}
function CalculateFileSize($size)
{
if ( $size > 0 ) {
$size = round( $size / 1024 );
$size = ($size < 1)? 1:$size;// round( $iFileSize / 1024 ) ;
}
return $size;
}
function CheckIconType($v)
{
$a_ext = Array('ai','avi','bmp','cs','dll','doc','exe','fla','gif','htm','html','jpg','js','mdb','mp3','pdf','png','ppt','rdp','swf','swt','txt','vsd','xls','xml','zip');
eregi("(\.[a-zA-Z0-9]{1,10})$", $v, $regs);
$ext = strtolower(ltrim($regs[1],"."));
if (in_array($ext, $a_ext))
{
$icon = $ext;
} else {
$icon = 'default.icon';
}
return $icon;
}
function GetXmlString($size,$url,$icon,$date,$file_name)
{
return '<file size="'.$size.'" url="'.$url.'" icon="'.$icon.'" date="'.$date.'">'.$file_name.'</file>'."\n";
}
function PrintFiles()
{
$order_by = $this->Application->GetVar('order_by');
$sort_by = $this->Application->GetVar('sort_by');
$folder = $this->Application->GetVar('folder');
$files_dir = WRITEABLE . "/user_files/" . $folder."/";
- $files_url = BASE_PATH . WRITEBALE_BASE . "/user_files/" . $folder . "/";
+ $files_url = BASE_PATH . str_replace(DIRECTORY_SEPARATOR, '/', WRITEBALE_BASE) . "/user_files/" . $folder . "/";
$aFiles = $this->ReadFiles($files_dir);
$ret = '';
$date_format = "m/d/Y h:i A";
natcasesort($aFiles);
if ($sort_by == 'name' && $order_by == '_desc') {
$aFiles = array_reverse($aFiles,TRUE);
}
foreach ($aFiles as $k => $v)
{
$aFilesSize[$k] = filesize( $files_dir . $v);
$aFilesDate[$k] = filectime( $files_dir . $v);
}
if ($sort_by == 'name') {
foreach ($aFiles as $k => $file) {
$size = $this->CalculateFileSize($aFilesSize[$k]);
$date = date($date_format, $aFilesDate[$k]);
$icon = $this->CheckIconType($file);
$ret .= $this->GetXmlString($size,$files_url.$file,$icon,$date,$file);
}
}
if ($sort_by == 'date') {
asort($aFilesDate);
if($order_by == '_desc') {
$aFilesDate = array_reverse($aFilesDate,TRUE);
}
foreach ($aFilesDate as $k => $date) {
$size = $this->CalculateFileSize($aFilesSize[$k]);
$file = $aFiles[$k];
$date = date($date_format, $date);
$icon = $this->CheckIconType($file);
$ret .= $this->GetXmlString($size,$files_url.$file,$icon,$date,$file);
}
}
if ($sort_by == 'size') {
asort($aFilesSize);
if($order_by == '_desc') {
$aFilesSize = array_reverse($aFilesSize,TRUE);
}
foreach ($aFilesSize as $k => $size) {
$size = $this->CalculateFileSize($size);
$file = $aFiles[$k];
$date = date($date_format, $aFilesDate[$k]);
$icon = $this->CheckIconType($file);
$ret .= $this->GetXmlString($size,$files_url.$file,$icon,$date,$file);
}
}
return $ret;
}
function UploadFile()
{
$Extensions['Allowed']['Files'] = array('jpg','gif','jpeg','png','swf','fla','jpg','gif','jpeg','png','avi','mpg','mpeg','zip','rar','arj','gz','tar','doc','pdf','ppt','rdp','swf','swt','txt','vsd','xls','csv','odt') ;
$Extensions['Allowed']['Images'] = array('jpg','gif','jpeg','png', 'bmp') ;
$Extensions['Allowed']['Flash'] = array('swf','fla') ;
$Extensions['Allowed']['Media'] = array('asf','asx','avi','wav','wax','wma','wm','wmv','m3u','mp2v','mpg','mpeg','m1v','mp2','mp3','mpa','mpe','mpv2','mp4','mid','midi','rmi','qt','aif','aifc','aiff','mov','flv','rm','svcd','swf','vcd') ;
$Extensions['Allowed']['Documents'] = array('doc','pdf','ppt','rdp','swf','swt','txt','vsd','xls','csv','zip','odt') ;
$upload_dir = $this->Application->GetVar('upload_dir');
$type = explode("/",$upload_dir);
$type = $type[0];
$sServerDir = WRITEABLE."/user_files/".$upload_dir."/";
$aUpFile = $_FILES['NewFile'];
$sFileName = $aUpFile['name'];
$sOriginalFileName = $aUpFile['name'];
$sExtension = strtolower(substr( $sFileName, ( strrpos($sFileName, '.') + 1 ) ) );
$sErrorNumber = 0;
if ( isset( $_FILES['NewFile'] ) && !is_null( $_FILES['NewFile']['tmp_name'] ) )
{
if (in_array($sExtension,$Extensions['Allowed'][$type]))
{
if (!$aUpFile['error']) {
$iCounter = 0 ;
while ( true )
{
$sFilePath = $sServerDir . $sFileName ;
if ( is_file( $sFilePath ) )
{
$iCounter++ ;
$sFileName = $this->RemoveExtension( $sOriginalFileName ) . '(' . $iCounter . ').' . $sExtension ;
$sErrorNumber = '201' ;
}
else
{
// Turn off all error reporting.
error_reporting( 0 ) ;
// Enable error tracking to catch the error.
ini_set( 'track_errors', '1' ) ;
move_uploaded_file( $aUpFile['tmp_name'], $sFilePath ) ;
$sErrorMsg = $php_errormsg ;
// Restore the configurations.
ini_restore( 'track_errors' ) ;
ini_restore( 'error_reporting' ) ;
if ( is_file( $sFilePath ) )
{
$oldumask = umask(0) ;
chmod( $sFilePath, 0666 ) ;
umask( $oldumask ) ;
}
break ;
}
}
}
} else {
$sErrorNumber = '203';
}
} else {
$sErrorNumber = '202' ;
}
echo '<script type="text/javascript">' ;
echo 'window.parent.frames["frmUpload"].OnUploadCompleted(' . $sErrorNumber . ',"' . str_replace( '"', '\\"', $sFileName ) . '") ;' ;
echo '</script>' ;
}
function RemoveExtension( $fileName )
{
return substr( $fileName, 0, strrpos( $fileName, '.' ) ) ;
}
}
\ No newline at end of file
Index: branches/5.0.x/core/units/fck/fck_eh.php
===================================================================
--- branches/5.0.x/core/units/fck/fck_eh.php (revision 13010)
+++ branches/5.0.x/core/units/fck/fck_eh.php (revision 13011)
@@ -1,206 +1,207 @@
<?php
/**
* @version $Id$
* @package In-Portal
* @copyright Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
* @license GNU/GPL
* In-Portal is Open Source software.
* This means that this software may have been modified pursuant
* the GNU General Public License, and as distributed it includes
* or is derivative of works licensed under the GNU General Public License
* or other free or open source software licenses.
* See http://www.in-portal.org/license for copyright notices and details.
*/
defined('FULL_PATH') or die('restricted access!');
class FckEventHandler extends kDBEventHandler {
/**
* Checks permissions of user
*
* @param kEvent $event
*/
function CheckPermission(&$event)
{
if ($this->Application->isAdminUser) {
// this limits all event execution only to logged-in users in admin
return true;
}
return parent::CheckPermission($event);
}
function CreateXmlHeader()
{
ob_end_clean() ;
// Prevent the browser from caching the result.
// Date in the past
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT') ;
// always modified
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT') ;
// HTTP/1.1
header('Cache-Control: no-store, no-cache, must-revalidate') ;
header('Cache-Control: post-check=0, pre-check=0', false) ;
// HTTP/1.0
header('Pragma: no-cache') ;
// Set the response format.
header( 'Content-Type: text/xml; charset=utf-8' ) ;
// Create the XML document header.
}
function OnLoadCmsTree(&$event)
{
$event->status = erSTOP;
$this->CreateXmlHeader();
$res = '<?xml version="1.0" encoding="utf-8" ?>'."\n" ;
$res.= "<CmsPages>"."\n";
$lang = $this->Application->GetVar('m_lang');
$st =& $this->Application->recallObject('st.-dummy');
/* @var $st kDBItem */
$st_options = $this->Application->getUnitOption('st'.'.ParentId', 'Fields');
$pages = $st_options['options'];
$page_ids = array_keys($pages);
$sql = 'SELECT NamedParentPath, CategoryId
FROM ' . TABLE_PREFIX . 'Category
WHERE CategoryId IN (' . implode(',', $page_ids) . ')';
$tpls = $this->Application->Conn->GetCol($sql, 'CategoryId');
//$res = '';
foreach ($pages as $id => $title) {
$page_path = preg_replace('/^Content\//i', '', strtolower($tpls[$id]).'.html');
$title = $title.' ('.$page_path.')';
$real_url = $this->Application->HREF($tpls[$id], '_FRONT_END_', array('pass'=>'m'), 'index.php');
$res .= '<CmsPage real_url="'.$real_url.'" path="@@'.$id.'@@" title="'.$prefix.htmlspecialchars($title,ENT_QUOTES).'" st_id="'.$id.'" serverpath="" />'."\n";
}
$res.= "</CmsPages>";
echo $res;
}
function OnRenameFile(&$event)
{
$event->status = erSTOP;
if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) {
return;
}
$old_name = $this->Application->GetVar('old_name');
$new_name = $this->Application->GetVar('new_name');
$folder = $this->Application->GetVar('folder');
$sServerDir = WRITEABLE . '/user_files/' . $folder . '/';
if (!file_exists($sServerDir.$old_name) || !is_file($sServerDir.$old_name)) {
echo 204;
return;
}
$fck_helper =& $this->Application->recallObject('FCKHelper');
/* @var fck_helper fckFCKHelper*/
if (!$fck_helper->IsAllowedExtension($folder, $new_name)) {
echo 203;
return;
}
if (!rename($sServerDir.$old_name,$sServerDir.$new_name)) {
// echo $sServerDir.$old_name.' -> '.$sServerDir.$new_name;
echo 205;
return;
}
echo '0';
}
function OnDeleteFiles(&$event)
{
$event->status = erSTOP;
if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) {
return;
}
$files = trim($this->Application->GetVar('files'),'|');
// echo $files;
$a_files = explode('|', $files);
$folder = $this->Application->GetVar('folder');
$sServerDir = WRITEABLE . '/user_files/' . $folder . '/';
foreach ($a_files AS $file) {
@unlink($sServerDir.$file);
}
// print_r($a_files);
}
function OnGetFoldersFilesList(&$event)
{
$this->CreateXmlHeader();
+
$fck_helper =& $this->Application->recallObject('FCKHelper');
- /* @var fck_helper fckFCKHelper*/
+ /* @var $fck_helper fckFCKHelper */
$ret = '<?xml version="1.0" encoding="utf-8" ?>'."\n" ;
$ret .= "<content>"."\n";
$ret .= $fck_helper->PrintFolders();
$ret .= $fck_helper->PrintFiles();
$ret .= "</content>"."\n";
echo $ret;
exit;
}
function OnCreateFolder(&$event)
{
$event->status = erSTOP;
if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) {
return;
}
$new_folder = $this->Application->GetVar('new_folder');
$current_folder = $this->Application->GetVar('current_folder');
$folderPath = WRITEABLE . '/user_files' . '/' . $current_folder . "/" . $new_folder;
if ( file_exists( $folderPath ) && is_dir($folderPath)) {
echo "101";
}
if ( !file_exists( $folderPath ) )
{
// Turn off all error reporting.
error_reporting( 0 ) ;
// Enable error tracking to catch the error.
ini_set( 'track_errors', '1' ) ;
// To create the folder with 0777 permissions, we need to set umask to zero.
$oldumask = umask(0) ;
mkdir( $folderPath, 0777 ) ;
umask( $oldumask ) ;
$sErrorMsg = $php_errormsg ;
// Restore the configurations.
ini_restore( 'track_errors' ) ;
ini_restore( 'error_reporting' ) ;
if ($sErrorMsg)
echo $sErrorMsg ;
else
echo '0';
}
}
function OnUploadFile(&$event)
{
$event->status = erSTOP;
if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) {
return;
}
$fck_helper =& $this->Application->recallObject('FCKHelper');
/* @var fck_helper fckFCKHelper*/
$fck_helper->UploadFile();
}
}
\ No newline at end of file
Event Timeline
Log In to Comment