Index: branches/5.0.x/core/units/helpers/fck_helper.php
===================================================================
--- branches/5.0.x/core/units/helpers/fck_helper.php (revision 13010)
+++ branches/5.0.x/core/units/helpers/fck_helper.php (revision 13011)
@@ -1,294 +1,294 @@
<?php
/**
* @version $Id$
* @package In-Portal
* @copyright Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
* @license GNU/GPL
* In-Portal is Open Source software.
* This means that this software may have been modified pursuant
* the GNU General Public License, and as distributed it includes
* or is derivative of works licensed under the GNU General Public License
* or other free or open source software licenses.
* See http://www.in-portal.org/license for copyright notices and details.
*/
defined('FULL_PATH') or die('restricted access!');
class fckFCKHelper extends kHelper {
var $Config = Array();
function fckFCKHelper()
{
parent::kHelper();
$this->Config['AllowedExtensions']['Files'] = array('jpg','gif','jpeg','png','swf','fla','jpg','gif','jpeg','png','avi','mpg','mpeg','zip','rar','arj','gz','tar','doc','pdf','ppt','rdp','swf','swt','txt','vsd','xls','csv','odt') ;
$this->Config['DeniedExtensions']['Files'] = array('php','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','dll','reg') ;
$this->Config['AllowedExtensions']['Images'] = array('jpg','gif','jpeg','png', 'bmp') ;
$this->Config['DeniedExtensions']['Images'] = array('php','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','dll','reg');
$this->Config['AllowedExtensions']['Flash'] = array('swf','fla') ;
$this->Config['DeniedExtensions']['Flash'] = array('php','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','dll','reg') ;
$this->Config['AllowedExtensions']['Media'] = array('asf','asx','avi','wav','wax','wma','wm','wmv','m3u','mp2v','mpg','mpeg','m1v','mp2','mp3','mpa','mpe','mpv2','mp4','mid','midi','rmi','qt','aif','aifc','aiff','mov','flv','rm','svcd','swf','vcd') ;
$this->Config['DeniedExtensions']['Media'] = array('php','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','dll','reg');
$this->Config['AllowedExtensions']['Documents'] = array('doc','pdf','ppt','rdp','swf','swt','txt','vsd','xls','csv','zip','odt') ;
$this->Config['DeniedExtensions']['Documents'] = array('php','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','dll','reg');
}
function CreateFolder($folder = '')
{
if (!$folder) {
return false;
}
$folderPath = WRITEABLE . '/user_files/' . $folder;
if (file_exists($folderPath) && is_dir($folderPath)) {
return true;
}
$permissions = defined('FCK_FOLDERS_PERMISSIONS') ? FCK_FOLDERS_PERMISSIONS : '0777';
return mkdir($folderPath); // , $permissions
}
function IsAllowedExtension($folder, $file_name)
{
$base_folder = $this->getBaseFolder($folder);
eregi("(\.[a-zA-Z0-9]{1,10})$", $file_name, $regs);
$ext = strtolower(ltrim($regs[1],"."));
if (isset($this->Config['DeniedExtensions'][$folder])) {
if (in_array($ext, $this->Config['DeniedExtensions'][$folder])) {
return false;
}
}
if (isset($this->Config['AllowedExtensions'][$folder])) {
if (!in_array($ext, $this->Config['AllowedExtensions'][$folder])) {
return false;
}
}
return true;
}
function getBaseFolder($folder)
{
$end = strpos("/", $folder);
if ($end) {
return substr($folder, 0, $end);
}
return $folder;
}
function ReadFolders($files_dir)
{
$aFolders = array();
$oCurrentFolder = opendir($files_dir) ;
$KernelSystemFolders = defined('KERNEL_SYSTEM_FOLDERS') ? KERNEL_SYSTEM_FOLDERS : array('icons', 'CVS', '.svn');
while ( $sFile = readdir( $oCurrentFolder ) )
{
if (is_dir($files_dir . $sFile ) && !in_array($sFile,$KernelSystemFolders) && $sFile != '.' && $sFile != '..') {
$aFolders[] = $sFile;
}
}
closedir( $oCurrentFolder ) ;
return $aFolders;
}
function ReadFiles($files_dir)
{
$aFiles = array();
$oCurrentFolder = opendir($files_dir) ;
while ( $sFile = readdir( $oCurrentFolder ) )
{
if (!is_dir($files_dir . $sFile )) {
$aFiles[] = $sFile;
}
}
closedir( $oCurrentFolder ) ;
return $aFiles;
}
function PrintFolders()
{
$order_by = $this->Application->GetVar('order_by');
$sort_by = $this->Application->GetVar('sort_by');
$folder = $this->Application->GetVar('folder');
$files_dir = WRITEABLE."/user_files/".$folder."/";
$aFolders = $this->ReadFolders($files_dir);
$ret = '';
$order_by = $this->Application->GetVar('order_by');
$sort_by = $this->Application->GetVar('sort_by');
natcasesort($aFolders);
foreach ($aFolders as $k => $v) {
$ret .= '<folder2 path="'.$folder."/".$v.'">'.$v.'</folder2>'."\n";
}
if ($sort_by == 'name' && $order_by == '_desc') {
$aFolders = array_reverse($aFolders);
}
foreach ($aFolders as $k => $v) {
$ret .= '<folder path="'.$folder."/".$v.'">'.$v.'</folder>'."\n";
}
return $ret;
}
function CalculateFileSize($size)
{
if ( $size > 0 ) {
$size = round( $size / 1024 );
$size = ($size < 1)? 1:$size;// round( $iFileSize / 1024 ) ;
}
return $size;
}
function CheckIconType($v)
{
$a_ext = Array('ai','avi','bmp','cs','dll','doc','exe','fla','gif','htm','html','jpg','js','mdb','mp3','pdf','png','ppt','rdp','swf','swt','txt','vsd','xls','xml','zip');
eregi("(\.[a-zA-Z0-9]{1,10})$", $v, $regs);
$ext = strtolower(ltrim($regs[1],"."));
if (in_array($ext, $a_ext))
{
$icon = $ext;
} else {
$icon = 'default.icon';
}
return $icon;
}
function GetXmlString($size,$url,$icon,$date,$file_name)
{
return '<file size="'.$size.'" url="'.$url.'" icon="'.$icon.'" date="'.$date.'">'.$file_name.'</file>'."\n";
}
function PrintFiles()
{
$order_by = $this->Application->GetVar('order_by');
$sort_by = $this->Application->GetVar('sort_by');
$folder = $this->Application->GetVar('folder');
$files_dir = WRITEABLE . "/user_files/" . $folder."/";
- $files_url = BASE_PATH . WRITEBALE_BASE . "/user_files/" . $folder . "/";
+ $files_url = BASE_PATH . str_replace(DIRECTORY_SEPARATOR, '/', WRITEBALE_BASE) . "/user_files/" . $folder . "/";
$aFiles = $this->ReadFiles($files_dir);
$ret = '';
$date_format = "m/d/Y h:i A";
natcasesort($aFiles);
if ($sort_by == 'name' && $order_by == '_desc') {
$aFiles = array_reverse($aFiles,TRUE);
}
foreach ($aFiles as $k => $v)
{
$aFilesSize[$k] = filesize( $files_dir . $v);
$aFilesDate[$k] = filectime( $files_dir . $v);
}
if ($sort_by == 'name') {
foreach ($aFiles as $k => $file) {
$size = $this->CalculateFileSize($aFilesSize[$k]);
$date = date($date_format, $aFilesDate[$k]);
$icon = $this->CheckIconType($file);
$ret .= $this->GetXmlString($size,$files_url.$file,$icon,$date,$file);
}
}
if ($sort_by == 'date') {
asort($aFilesDate);
if($order_by == '_desc') {
$aFilesDate = array_reverse($aFilesDate,TRUE);
}
foreach ($aFilesDate as $k => $date) {
$size = $this->CalculateFileSize($aFilesSize[$k]);
$file = $aFiles[$k];
$date = date($date_format, $date);
$icon = $this->CheckIconType($file);
$ret .= $this->GetXmlString($size,$files_url.$file,$icon,$date,$file);
}
}
if ($sort_by == 'size') {
asort($aFilesSize);
if($order_by == '_desc') {
$aFilesSize = array_reverse($aFilesSize,TRUE);
}
foreach ($aFilesSize as $k => $size) {
$size = $this->CalculateFileSize($size);
$file = $aFiles[$k];
$date = date($date_format, $aFilesDate[$k]);
$icon = $this->CheckIconType($file);
$ret .= $this->GetXmlString($size,$files_url.$file,$icon,$date,$file);
}
}
return $ret;
}
function UploadFile()
{
$Extensions['Allowed']['Files'] = array('jpg','gif','jpeg','png','swf','fla','jpg','gif','jpeg','png','avi','mpg','mpeg','zip','rar','arj','gz','tar','doc','pdf','ppt','rdp','swf','swt','txt','vsd','xls','csv','odt') ;
$Extensions['Allowed']['Images'] = array('jpg','gif','jpeg','png', 'bmp') ;
$Extensions['Allowed']['Flash'] = array('swf','fla') ;
$Extensions['Allowed']['Media'] = array('asf','asx','avi','wav','wax','wma','wm','wmv','m3u','mp2v','mpg','mpeg','m1v','mp2','mp3','mpa','mpe','mpv2','mp4','mid','midi','rmi','qt','aif','aifc','aiff','mov','flv','rm','svcd','swf','vcd') ;
$Extensions['Allowed']['Documents'] = array('doc','pdf','ppt','rdp','swf','swt','txt','vsd','xls','csv','zip','odt') ;
$upload_dir = $this->Application->GetVar('upload_dir');
$type = explode("/",$upload_dir);
$type = $type[0];
$sServerDir = WRITEABLE."/user_files/".$upload_dir."/";
$aUpFile = $_FILES['NewFile'];
$sFileName = $aUpFile['name'];
$sOriginalFileName = $aUpFile['name'];
$sExtension = strtolower(substr( $sFileName, ( strrpos($sFileName, '.') + 1 ) ) );
$sErrorNumber = 0;
if ( isset( $_FILES['NewFile'] ) && !is_null( $_FILES['NewFile']['tmp_name'] ) )
{
if (in_array($sExtension,$Extensions['Allowed'][$type]))
{
if (!$aUpFile['error']) {
$iCounter = 0 ;
while ( true )
{
$sFilePath = $sServerDir . $sFileName ;
if ( is_file( $sFilePath ) )
{
$iCounter++ ;
$sFileName = $this->RemoveExtension( $sOriginalFileName ) . '(' . $iCounter . ').' . $sExtension ;
$sErrorNumber = '201' ;
}
else
{
// Turn off all error reporting.
error_reporting( 0 ) ;
// Enable error tracking to catch the error.
ini_set( 'track_errors', '1' ) ;
move_uploaded_file( $aUpFile['tmp_name'], $sFilePath ) ;
$sErrorMsg = $php_errormsg ;
// Restore the configurations.
ini_restore( 'track_errors' ) ;
ini_restore( 'error_reporting' ) ;
if ( is_file( $sFilePath ) )
{
$oldumask = umask(0) ;
chmod( $sFilePath, 0666 ) ;
umask( $oldumask ) ;
}
break ;
}
}
}
} else {
$sErrorNumber = '203';
}
} else {
$sErrorNumber = '202' ;
}
echo '<script type="text/javascript">' ;
echo 'window.parent.frames["frmUpload"].OnUploadCompleted(' . $sErrorNumber . ',"' . str_replace( '"', '\\"', $sFileName ) . '") ;' ;
echo '</script>' ;
}
function RemoveExtension( $fileName )
{
return substr( $fileName, 0, strrpos( $fileName, '.' ) ) ;
}
}
\ No newline at end of file
Index: branches/5.0.x/core/units/fck/fck_eh.php
===================================================================
--- branches/5.0.x/core/units/fck/fck_eh.php (revision 13010)
+++ branches/5.0.x/core/units/fck/fck_eh.php (revision 13011)
@@ -1,206 +1,207 @@
<?php
/**
* @version $Id$
* @package In-Portal
* @copyright Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
* @license GNU/GPL
* In-Portal is Open Source software.
* This means that this software may have been modified pursuant
* the GNU General Public License, and as distributed it includes
* or is derivative of works licensed under the GNU General Public License
* or other free or open source software licenses.
* See http://www.in-portal.org/license for copyright notices and details.
*/
defined('FULL_PATH') or die('restricted access!');
class FckEventHandler extends kDBEventHandler {
/**
* Checks permissions of user
*
* @param kEvent $event
*/
function CheckPermission(&$event)
{
if ($this->Application->isAdminUser) {
// this limits all event execution only to logged-in users in admin
return true;
}
return parent::CheckPermission($event);
}
function CreateXmlHeader()
{
ob_end_clean() ;
// Prevent the browser from caching the result.
// Date in the past
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT') ;
// always modified
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT') ;
// HTTP/1.1
header('Cache-Control: no-store, no-cache, must-revalidate') ;
header('Cache-Control: post-check=0, pre-check=0', false) ;
// HTTP/1.0
header('Pragma: no-cache') ;
// Set the response format.
header( 'Content-Type: text/xml; charset=utf-8' ) ;
// Create the XML document header.
}
function OnLoadCmsTree(&$event)
{
$event->status = erSTOP;
$this->CreateXmlHeader();
$res = '<?xml version="1.0" encoding="utf-8" ?>'."\n" ;
$res.= "<CmsPages>"."\n";
$lang = $this->Application->GetVar('m_lang');
$st =& $this->Application->recallObject('st.-dummy');
/* @var $st kDBItem */
$st_options = $this->Application->getUnitOption('st'.'.ParentId', 'Fields');
$pages = $st_options['options'];
$page_ids = array_keys($pages);
$sql = 'SELECT NamedParentPath, CategoryId
FROM ' . TABLE_PREFIX . 'Category
WHERE CategoryId IN (' . implode(',', $page_ids) . ')';
$tpls = $this->Application->Conn->GetCol($sql, 'CategoryId');
//$res = '';
foreach ($pages as $id => $title) {
$page_path = preg_replace('/^Content\//i', '', strtolower($tpls[$id]).'.html');
$title = $title.' ('.$page_path.')';
$real_url = $this->Application->HREF($tpls[$id], '_FRONT_END_', array('pass'=>'m'), 'index.php');
$res .= '<CmsPage real_url="'.$real_url.'" path="@@'.$id.'@@" title="'.$prefix.htmlspecialchars($title,ENT_QUOTES).'" st_id="'.$id.'" serverpath="" />'."\n";
}
$res.= "</CmsPages>";
echo $res;
}
function OnRenameFile(&$event)
{
$event->status = erSTOP;
if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) {
return;
}
$old_name = $this->Application->GetVar('old_name');
$new_name = $this->Application->GetVar('new_name');
$folder = $this->Application->GetVar('folder');
$sServerDir = WRITEABLE . '/user_files/' . $folder . '/';
if (!file_exists($sServerDir.$old_name) || !is_file($sServerDir.$old_name)) {
echo 204;
return;
}
$fck_helper =& $this->Application->recallObject('FCKHelper');
/* @var fck_helper fckFCKHelper*/
if (!$fck_helper->IsAllowedExtension($folder, $new_name)) {
echo 203;
return;
}
if (!rename($sServerDir.$old_name,$sServerDir.$new_name)) {
// echo $sServerDir.$old_name.' -> '.$sServerDir.$new_name;
echo 205;
return;
}
echo '0';
}
function OnDeleteFiles(&$event)
{
$event->status = erSTOP;
if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) {
return;
}
$files = trim($this->Application->GetVar('files'),'|');
// echo $files;
$a_files = explode('|', $files);
$folder = $this->Application->GetVar('folder');
$sServerDir = WRITEABLE . '/user_files/' . $folder . '/';
foreach ($a_files AS $file) {
@unlink($sServerDir.$file);
}
// print_r($a_files);
}
function OnGetFoldersFilesList(&$event)
{
$this->CreateXmlHeader();
+
$fck_helper =& $this->Application->recallObject('FCKHelper');
- /* @var fck_helper fckFCKHelper*/
+ /* @var $fck_helper fckFCKHelper */
$ret = '<?xml version="1.0" encoding="utf-8" ?>'."\n" ;
$ret .= "<content>"."\n";
$ret .= $fck_helper->PrintFolders();
$ret .= $fck_helper->PrintFiles();
$ret .= "</content>"."\n";
echo $ret;
exit;
}
function OnCreateFolder(&$event)
{
$event->status = erSTOP;
if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) {
return;
}
$new_folder = $this->Application->GetVar('new_folder');
$current_folder = $this->Application->GetVar('current_folder');
$folderPath = WRITEABLE . '/user_files' . '/' . $current_folder . "/" . $new_folder;
if ( file_exists( $folderPath ) && is_dir($folderPath)) {
echo "101";
}
if ( !file_exists( $folderPath ) )
{
// Turn off all error reporting.
error_reporting( 0 ) ;
// Enable error tracking to catch the error.
ini_set( 'track_errors', '1' ) ;
// To create the folder with 0777 permissions, we need to set umask to zero.
$oldumask = umask(0) ;
mkdir( $folderPath, 0777 ) ;
umask( $oldumask ) ;
$sErrorMsg = $php_errormsg ;
// Restore the configurations.
ini_restore( 'track_errors' ) ;
ini_restore( 'error_reporting' ) ;
if ($sErrorMsg)
echo $sErrorMsg ;
else
echo '0';
}
}
function OnUploadFile(&$event)
{
$event->status = erSTOP;
if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) {
return;
}
$fck_helper =& $this->Application->recallObject('FCKHelper');
/* @var fck_helper fckFCKHelper*/
$fck_helper->UploadFile();
}
}
\ No newline at end of file