本文整理汇总了PHP中FWValidator::is_file_ending_harmless方法的典型用法代码示例。如果您正苦于以下问题:PHP FWValidator::is_file_ending_harmless方法的具体用法?PHP FWValidator::is_file_ending_harmless怎么用?PHP FWValidator::is_file_ending_harmless使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类FWValidator的用法示例。
在下文中一共展示了FWValidator::is_file_ending_harmless方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: handleRequest
/**
* @override
*/
public function handleRequest()
{
// HTTP headers for no cache etc
header('Content-type: text/plain; charset=UTF-8');
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
// Get parameters
$chunk = isset($_REQUEST["chunk"]) ? $_REQUEST["chunk"] : 0;
$chunks = isset($_REQUEST["chunks"]) ? $_REQUEST["chunks"] : 0;
$fileName = isset($_REQUEST["name"]) ? $_REQUEST["name"] : '';
$fileCount = $_GET['files'];
if (\FWValidator::is_file_ending_harmless($fileName)) {
try {
$this->addChunk($fileName, $chunk, $chunks);
} catch (UploaderException $e) {
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "' . $e->getMessage() . '"}, "id" : "id"}');
}
} else {
if ($chunk == 0) {
// only count first chunk
// TODO: there must be a way to cancel the upload process on the client side
$this->addHarmfulFileToResponse($fileName);
}
}
if ($chunk == $chunks - 1) {
//upload finished
$this->handleCallback($fileCount);
}
die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}');
}示例2: handleRequest
/**
* @override
*/
public function handleRequest()
{
global $_FILES;
//get a writable directory
$targetDir = '/upload_' . $this->uploadId;
$tempPath = $_SESSION->getTempPath();
$webTempPath = $_SESSION->getWebTempPath();
//make sure target directory exists
if (!file_exists($tempPath . $targetDir)) {
\Cx\Lib\FileSystem\FileSystem::make_folder($webTempPath . $targetDir);
}
//move all uploaded file to this upload's temp directory
foreach ($_FILES["uploaderFiles"]["error"] as $key => $error) {
if ($error == UPLOAD_ERR_OK) {
$tmpName = $_FILES["uploaderFiles"]["tmp_name"][$key];
$name = $_FILES["uploaderFiles"]["name"][$key];
if (!\FWValidator::is_file_ending_harmless($name)) {
die('Error:' . sprintf('The file %s was refused due to its file extension which is not allowed!', htmlentities($name, ENT_QUOTES, CONTREXX_CHARSET)));
}
//TODO: Uploader::addChunk does this also -> centralize in function
// remember the "raw" file name, we want to store all original
// file names in the session.
$originalFileName = $name;
// Clean the fileName for security reasons
// we're using a-zA-Z0-9 instead of \w because of the umlauts.
// linux excludes them from \w, windows includes them. we do not want different
// behaviours on different operating systems.
$name = preg_replace('/[^a-zA-Z0-9\\._-]+/', '', $name);
$originalFileNames = array();
if (isset($_SESSION['upload']['handlers'][$this->uploadId]['originalFileNames'])) {
$originalFileNames = $_SESSION['upload']['handlers'][$this->uploadId]['originalFileNames'];
}
$originalFileNames[$name] = $originalFileName;
$_SESSION['upload']['handlers'][$this->uploadId]['originalFileNames'] = $originalFileNames;
//end of TODO-region
//move file somewhere we know both the web- and normal path...
@move_uploaded_file($tmpName, ASCMS_TEMP_PATH . '/' . $name);
//...then do a safe-mode-safe (yeah) move operation
\Cx\Lib\FileSystem\FileSystem::move(ASCMS_TEMP_WEB_PATH . '/' . $name, $webTempPath . $targetDir . '/' . $name, true);
}
}
//and call back.
$this->notifyCallback();
//redirect the user where he belongs
$this->redirect();
}示例3: handleRequest
/**
* @override
*/
public function handleRequest()
{
// Get parameters
$chunk = $_POST['partitionIndex'];
$chunks = $_POST['partitionCount'];
$fileName = contrexx_stripslashes($_FILES['file']['name']);
$fileCount = $_GET['files'];
// check if the file has a valid file extension
if (\FWValidator::is_file_ending_harmless($fileName)) {
try {
$this->addChunk($fileName, $chunk, $chunks);
} catch (UploaderException $e) {
die('Error:' . $e->getMessage());
}
if ($chunk == $chunks - 1) {
//upload of current file finished
$this->handleCallback($fileCount);
}
} else {
$this->addHarmfulFileToResponse($fileName);
}
die(0);
}示例4: processFormUpload
/**
* Process upload form
*
* @global array $_ARRAYLANG
* @return boolean true if file uplod successfully and false if it failed
*/
private function processFormUpload()
{
global $_ARRAYLANG;
$objSession = \cmsSession::getInstance();
$uploaderId = isset($_POST['media_upload_file']) ? contrexx_input2raw($_POST['media_upload_file']) : 0;
if (empty($uploaderId)) {
return false;
}
$tempPath = $objSession->getTempPath() . '/' . contrexx_input2raw($uploaderId);
if (!\Cx\Lib\FileSystem\FileSystem::exists($tempPath)) {
return false;
}
$errorMsg = array();
foreach (glob($tempPath . '/*') as $file) {
$i = 0;
$fileName = basename($file);
$path = $tempPath . '/' . $fileName;
$file = $this->path . $fileName;
$arrFile = pathinfo($file);
while (file_exists($file)) {
$suffix = '-' . (time() + ++$i);
$file = $this->path . $arrFile['filename'] . $suffix . '.' . $arrFile['extension'];
}
if (!\FWValidator::is_file_ending_harmless($path)) {
$errorMsg[] = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_EXTENSION_NOT_ALLOWED'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET));
continue;
}
try {
$objFile = new \Cx\Lib\FileSystem\File($path);
$objFile->move($file, false);
$fileObj = new \File();
$fileObj->setChmod($this->path, $this->webPath, basename($file));
} catch (\Cx\Lib\FileSystem\FileSystemException $e) {
\DBG::msg($e->getMessage());
$errorMsg[] = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_UPLOAD_FAILED'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET));
}
}
if (!empty($errorMsg)) {
$this->_strErrorMessage = explode('<br>', $errorMsg);
return false;
}
$this->_strOkMessage = $_ARRAYLANG['TXT_MEDIA_FILE_UPLOADED_SUCESSFULLY'];
return true;
}示例5: uploadMedia
/**
* Copy the Upload the image to the path
* Note: validation should be done before calling this function
*
* @param string $imagePath Temp path of the uploaded media
*
* @return boolean|string relative path of the uploaded file, false otherwise
*/
function uploadMedia($imagePath)
{
if ($imagePath == '' || !\FWValidator::is_file_ending_harmless($imagePath)) {
return false;
}
// get extension
$imageName = basename($imagePath);
$arrImageInfo = pathinfo($imageName);
$imageExtension = !empty($arrImageInfo['extension']) ? '.' . $arrImageInfo['extension'] : '';
$imageBasename = $arrImageInfo['filename'];
$randomSum = rand(10, 99);
// encode filename
if ($this->arrSettings['settingsEncryptFilenames'] == 1) {
$imageName = md5($randomSum . $imageBasename) . $imageExtension;
}
// check filename
if (file_exists($this->imagePath . 'images/' . $imageName)) {
$imageName = $imageBasename . '_' . time() . $imageExtension;
}
// upload file
if (\Cx\Lib\FileSystem\FileSystem::copy_file($imagePath, $this->imagePath . 'images/' . $imageName) === false) {
return false;
}
$imageDimension = getimagesize($this->imagePath . 'images/' . $imageName);
$intNewWidth = $imageDimension[0];
$intNewHeight = $imageDimension[1];
$imageFormat = $imageDimension[0] > $imageDimension[1] ? 1 : 0;
$setNewSize = 0;
if ($imageDimension[0] > 640 && $imageFormat == 1) {
$doubleFactorDimension = 640 / $imageDimension[0];
$intNewWidth = 640;
$intNewHeight = round($doubleFactorDimension * $imageDimension[1], 0);
$setNewSize = 1;
} elseif ($imageDimension[1] > 480) {
$doubleFactorDimension = 480 / $imageDimension[1];
$intNewHeight = 480;
$intNewWidth = round($doubleFactorDimension * $imageDimension[0], 0);
$setNewSize = 1;
}
if ($setNewSize == 1) {
$objImage = new \ImageManager();
$objImage->loadImage($this->imagePath . 'images/' . $imageName);
$objImage->resizeImage($intNewWidth, $intNewHeight, 100);
$objImage->saveNewImage($this->imagePath . 'images/' . $imageName, true);
}
$objFile = new \File();
$objFile->setChmod($this->imagePath, $this->imageWebPath, 'images/' . $imageName);
// create thumbnail
$this->checkThumbnail($this->imageWebPath . 'images/' . $imageName);
return $this->imageWebPath . 'images/' . $imageName;
}示例6: processFormUpload
/**
* Process upload form
*
* @global array $_ARRAYLANG
* @return boolean true if file uplod successfully and false if it failed
*/
private function processFormUpload()
{
global $_ARRAYLANG;
$inputField = 'media_upload_file';
if (!isset($_FILES[$inputField]) || !is_array($_FILES[$inputField])) {
return false;
}
$fileName = !empty($_FILES[$inputField]['name']) ? contrexx_stripslashes($_FILES[$inputField]['name']) : '';
$fileTmpName = !empty($_FILES[$inputField]['tmp_name']) ? $_FILES[$inputField]['tmp_name'] : '';
if (MediaLibrary::isIllegalFileName($fileName)) {
$this->_strErrorMessage = $_ARRAYLANG['TXT_MEDIA_FILE_DONT_CREATE'];
return false;
}
switch ($_FILES[$inputField]['error']) {
case UPLOAD_ERR_INI_SIZE:
$this->_strErrorMessage = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_SIZE_EXCEEDS_LIMIT'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET), $this->getFormatedFileSize(\FWSystem::getMaxUploadFileSize()));
break;
case UPLOAD_ERR_FORM_SIZE:
$this->_strErrorMessage = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_TOO_LARGE'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET));
break;
case UPLOAD_ERR_PARTIAL:
$this->_strErrorMessage = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_CORRUPT'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET));
break;
case UPLOAD_ERR_NO_FILE:
$this->_strErrorMessage = $_ARRAYLANG['TXT_MEDIA_NO_FILE'];
continue;
break;
default:
if (!empty($fileTmpName)) {
$suffix = '';
$file = $this->path . $fileName;
$arrFile = pathinfo($file);
$i = 0;
while (file_exists($file)) {
$suffix = '-' . (time() + ++$i);
$file = $this->path . $arrFile['filename'] . $suffix . '.' . $arrFile['extension'];
}
if (\FWValidator::is_file_ending_harmless($fileName)) {
$fileExtension = $arrFile['extension'];
if (@move_uploaded_file($fileTmpName, $file)) {
$fileName = $arrFile['filename'];
$obj_file = new \File();
$obj_file->setChmod($this->path, $this->webPath, $fileName);
$this->_strOkMessage = $_ARRAYLANG['TXT_MEDIA_FILE_UPLOADED_SUCESSFULLY'];
return true;
} else {
$this->_strErrorMessage = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_UPLOAD_FAILED'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET));
}
} else {
$this->_strErrorMessage = sprintf($_ARRAYLANG['TXT_MEDIA_FILE_EXTENSION_NOT_ALLOWED'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET));
}
}
break;
}
return false;
}示例7: uploadPicture
function uploadPicture()
{
$status = "";
$path = "pictures/";
//check file array
if (isset($_FILES) && !empty($_FILES)) {
//get file info
$tmpFile = $_FILES['pic']['tmp_name'];
$fileName = $_FILES['pic']['name'];
if ($fileName != "" && \FWValidator::is_file_ending_harmless($fileName)) {
//check extension
$info = pathinfo($fileName);
$exte = $info['extension'];
$exte = !empty($exte) ? '.' . $exte : '';
$part1 = substr($fileName, 0, strlen($fileName) - strlen($exte));
$rand = rand(10, 99);
$fileName = md5($rand . $fileName) . $exte;
//check file
// TODO: $x is not defined
$x = 0;
if (file_exists($this->mediaPath . $path . $fileName)) {
$fileName = $rand . $part1 . '_' . (time() + $x) . $exte;
$fileName = md5($fileName) . $exte;
}
//upload file
if (@move_uploaded_file($tmpFile, $this->mediaPath . $path . $fileName)) {
$objFile = new \File();
$objFile->setChmod($this->mediaPath, $this->mediaWebPath, $path . $fileName);
$status = $fileName;
} else {
$status = "error";
}
} else {
$status = "error";
}
}
return $status;
}示例8: _uploadFilesLegacy
/**
* Upload submitted files
*
* Move all files that are allowed to be uploaded in the folder that
* has been specified in the configuration option "File upload deposition path"
* @access private
* @global array
* @param array Files that have been submited
* @see getSettings(), _cleanFileName(), errorMsg, FWSystem::getMaxUploadFileSize()
* @return array A list of files that have been stored successfully in the system
*/
function _uploadFilesLegacy($arrFields)
{
global $_ARRAYLANG;
$arrSettings = $this->getSettings();
$arrFiles = array();
if (isset($_FILES) && is_array($_FILES)) {
foreach (array_keys($_FILES) as $file) {
$fileName = !empty($_FILES[$file]['name']) ? $this->_cleanFileName($_FILES[$file]['name']) : '';
$fileTmpName = !empty($_FILES[$file]['tmp_name']) ? $_FILES[$file]['tmp_name'] : '';
switch ($_FILES[$file]['error']) {
case UPLOAD_ERR_INI_SIZE:
//Die hochgeladene Datei überschreitet die in der Anweisung upload_max_filesize in php.ini festgelegte Grösse.
$this->errorMsg .= sprintf($_ARRAYLANG['TXT_CONTACT_FILE_SIZE_EXCEEDS_LIMIT'], $fileName, \FWSystem::getMaxUploadFileSize()) . '<br />';
break;
case UPLOAD_ERR_FORM_SIZE:
//Die hochgeladene Datei überschreitet die in dem HTML Formular mittels der Anweisung MAX_FILE_SIZE angegebene maximale Dateigrösse.
$this->errorMsg .= sprintf($_ARRAYLANG['TXT_CONTACT_FILE_TOO_LARGE'], $fileName) . '<br />';
break;
case UPLOAD_ERR_PARTIAL:
//Die Datei wurde nur teilweise hochgeladen.
$this->errorMsg .= sprintf($_ARRAYLANG['TXT_CONTACT_FILE_CORRUPT'], $fileName) . '<br />';
break;
case UPLOAD_ERR_NO_FILE:
//Es wurde keine Datei hochgeladen.
continue;
break;
default:
if (!empty($fileTmpName)) {
$arrFile = pathinfo($fileName);
$i = '';
$suffix = '';
$documentRootPath = \Env::get('cx')->getWebsiteDocumentRootPath();
$filePath = $arrSettings['fileUploadDepositionPath'] . '/' . $arrFile['filename'] . $suffix . '.' . $arrFile['extension'];
while (file_exists($documentRootPath . $filePath)) {
$suffix = '-' . ++$i;
$filePath = $arrSettings['fileUploadDepositionPath'] . '/' . $arrFile['filename'] . $suffix . '.' . $arrFile['extension'];
}
$arrMatch = array();
if (\FWValidator::is_file_ending_harmless($fileName)) {
if (@move_uploaded_file($fileTmpName, $documentRootPath . $filePath)) {
$id = intval(substr($file, 17));
$arrFiles[$id] = array('path' => $filePath, 'name' => $fileName);
} else {
$this->errorMsg .= sprintf($_ARRAYLANG['TXT_CONTACT_FILE_UPLOAD_FAILED'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET)) . '<br />';
}
} else {
$this->errorMsg .= sprintf($_ARRAYLANG['TXT_CONTACT_FILE_EXTENSION_NOT_ALLOWED'], htmlentities($fileName, ENT_QUOTES, CONTREXX_CHARSET)) . '<br />';
}
}
break;
}
}
}
return $arrFiles;
}示例9: uploadMedia
/**
* upload media
*
* upload added media
*
* @access public
* @return string $fileName
*/
function uploadMedia($name, $path)
{
//check file array
if (isset($_FILES) && !empty($_FILES)) {
//get file info
$status = "";
$tmpFile = $_FILES[$name]['tmp_name'];
$fileName = $_FILES[$name]['name'];
$fileType = $_FILES[$name]['type'];
$this->fileSize = $_FILES[$name]['size'];
if ($fileName != "" && \FWValidator::is_file_ending_harmless($fileName)) {
//check extension
$info = pathinfo($fileName);
$exte = $info['extension'];
$exte = !empty($exte) ? '.' . $exte : '';
$part1 = substr($fileName, 0, strlen($fileName) - strlen($exte));
$rand = rand(10, 99);
$arrSettings = $this->getSettings();
if ($arrSettings['encodeFilename']['value'] == 1) {
$fileName = md5($rand . $part1) . $exte;
}
//check file
if (file_exists($this->mediaPath . $path . $fileName)) {
// TODO: $x is never set!
// $fileName = $part1 . '_' . (time() + $x) . $exte;
$fileName = $part1 . '_' . time() . $exte;
}
//check extension
$info = pathinfo($fileName);
$exte = $info['extension'];
$exte = !empty($exte) ? '.' . $exte : '';
$part1 = substr($fileName, 0, strlen($fileName) - strlen($exte));
$rand = rand(10, 99);
$arrSettings = $this->getSettings();
if ($arrSettings['encodeFilename']['value'] == 1) {
$fileName = md5($rand . $part1) . $exte;
}
//check file
if (file_exists($this->mediaPath . $path . $fileName)) {
// TODO: $x is never set!
// $fileName = $part1 . '_' . (time() + $x) . $exte;
$fileName = $part1 . '_' . time() . $exte;
}
//upload file
if (@move_uploaded_file($tmpFile, $this->mediaPath . $path . $fileName)) {
$obj_file = new \File();
$obj_file->setChmod($this->mediaPath, $this->mediaWebPath, $path . $fileName);
$status = $fileName;
} else {
$status = "error";
}
//make thumb
if (($fileType == "image/gif" || $fileType == "image/jpeg" || $fileType == "image/jpg" || $fileType == "image/png") && $path != "uploads/") {
$this->createThumb($fileName, $path);
}
} else {
$status = "error";
}
}
return $status;
}示例10: getFileFromWebsiteRepository
/**
* Checks if a customized version of a file exists in the website data
* repository and returns its path if it exists.
*
* @param string $file Path of file to look for a customized
* version for.
* @param boolean $webPath Whether or not to return the relative web
* path instead of the absolute file system
* path (default).
* @param boolean $isWebsite If $isWebsite is provided, then it is set
* to TRUE if the file can be located in the
* website data repository. Otherwise it is
* set to FALSE.
* @return mixed Path (as string) to customized version of
* file or FALSE if none exists.
*/
public function getFileFromWebsiteRepository($file, $webPath = false, &$isWebsite = false)
{
// When the LegacyClassLoader is not initialized you cant load the FWValidator class
// which is needed for the security check following next
if (!$this->legacyClassLoader) {
return false;
}
// Checks if the file is a harmless one, because you can upload anything
// over the ftp which probably not should be executed
if (!\FWValidator::is_file_ending_harmless($file)) {
return false;
}
// check if customized version of file exists
if (!file_exists($this->cx->getWebsiteDocumentRootPath() . $file)) {
return false;
}
// customized version of file found in website's data repository
$isWebsite = true;
return ($webPath ? $this->cx->getWebsiteOffsetPath() : $this->cx->getWebsiteDocumentRootPath()) . $file;
}示例11: uploadCSV
/**
* Upload a Csv File
*
* @param String $name File name
* @param String $path uploading file path
*
* @return String
*/
function uploadCSV($name, $path)
{
//check file array
if (isset($_FILES) && !empty($_FILES)) {
//get file info
$status = "";
$tmpFile = $_FILES[$name]['tmp_name'];
$fileName = $_FILES[$name]['name'];
$fileType = $_FILES[$name]['type'];
$fileSize = $_FILES[$name]['size'];
if ($fileName != "" && \FWValidator::is_file_ending_harmless($fileName)) {
//check extension
$info = pathinfo($fileName);
$exte = $info['extension'];
$exte = !empty($exte) ? '.' . $exte : '';
$fileName = time() . $exte;
//upload file
if (@move_uploaded_file($tmpFile, $path . $fileName)) {
@chmod($path . $fileName, '0777');
$status = $fileName;
} else {
$status = "error";
}
} else {
$status = "error";
}
}
return $status;
}示例12: uploadPicture
/**
* Move the uploaded image to destination path from the temp path
*
* @return mixed $status | false
*/
public function uploadPicture()
{
$status = "";
$path = "pictures/";
//check file array
$uploaderId = isset($_POST['marketUploaderId']) ? contrexx_input2raw($_POST['marketUploaderId']) : 0;
$fileName = isset($_POST['uploadImage']) ? contrexx_input2raw($_POST['uploadImage']) : 0;
if (empty($uploaderId) || empty($fileName)) {
return false;
}
//get file info
$objSession = \cmsSession::getInstance();
$tmpFile = $objSession->getTempPath() . '/' . $uploaderId . '/' . $fileName;
if (!\Cx\Lib\FileSystem\FileSystem::exists($tmpFile)) {
return false;
}
if ($fileName != '' && \FWValidator::is_file_ending_harmless($fileName)) {
//check extension
$info = pathinfo($fileName);
$exte = $info['extension'];
$exte = !empty($exte) ? '.' . $exte : '';
$part1 = substr($fileName, 0, strlen($fileName) - strlen($exte));
$rand = rand(10, 99);
$fileName = md5($rand . $fileName) . $exte;
//check file
// TODO: $x is not defined
$x = 0;
if (file_exists($this->mediaPath . $path . $fileName)) {
$fileName = $rand . $part1 . '_' . (time() + $x) . $exte;
$fileName = md5($fileName) . $exte;
}
//Move the uploaded file to the path specified in the variable $this->mediaPath
try {
$objFile = new \Cx\Lib\FileSystem\File($tmpFile);
if ($objFile->move($this->mediaPath . $path . $fileName, false)) {
$objFile = new \File();
$objFile->setChmod($this->mediaPath, $this->mediaWebPath, $path . $fileName);
$status = $fileName;
} else {
$status = "error";
}
} catch (\Cx\Lib\FileSystem\FileSystemException $e) {
\DBG::msg($e->getMessage());
}
} else {
$status = "error";
}
return $status;
}示例13: addUploadedImagesToProfile
/**
* Move the uploaded images into place and link to the user
*
* @param \User $objUser \User object
* @param array $arrProfile Array profile data
* @param array $arrImages Uploaded images array
* @param string $uploaderId Uploader id
*
* @return boolean TRUE on success false otherwise
*/
protected function addUploadedImagesToProfile($objUser, &$arrProfile, $arrImages, $uploaderId)
{
global $_CORELANG;
$objSession = \cmsSession::getInstance();
$arrErrorMsg = array();
foreach ($arrImages as $attribute => $arrHistories) {
foreach ($arrHistories as $historyId => $data) {
$arrUploadedImages = array();
if ($historyId === 'new') {
foreach ($data as $historyIndex => $filePath) {
$arrUploadedImages[] = array('path' => contrexx_input2raw($filePath), 'history_index' => $historyIndex);
}
} else {
$arrUploadedImages[] = array('path' => contrexx_input2raw($data));
}
foreach ($arrUploadedImages as $arrImage) {
$fileName = basename($arrImage['path']);
$path = $objSession->getTempPath() . '/' . contrexx_input2raw($uploaderId) . '/' . $fileName;
if (!\Cx\Lib\FileSystem\FileSystem::exists($path) || !\FWValidator::is_file_ending_harmless($path)) {
continue;
}
$fileSize = filesize($path);
if (!$this->isImageWithinAllowedSize($fileSize, $attribute == 'picture')) {
$objAttribute = $objUser->objAttribute->getById($attribute);
$arrErrorMsg[] = sprintf($_CORELANG['TXT_ACCESS_PIC_TOO_BIG'], htmlentities($objAttribute->getName(), ENT_QUOTES, CONTREXX_CHARSET));
continue;
}
// resize image and put it into place (ASCMS_ACCESS_PHOTO_IMG_PATH / ASCMS_ACCESS_PROFILE_IMG_PATH)
if (($imageName = $this->moveUploadedImageInToPlace($objUser, $path, $fileName, $attribute == 'picture')) === false) {
continue;
}
// create thumbnail
if ($this->createThumbnailOfImage($imageName, $attribute == 'picture') !== false) {
if ($historyId === 'new') {
$arrProfile[$attribute][$historyId][$arrImage['history_index']] = $imageName;
} else {
$arrProfile[$attribute][$historyId] = $imageName;
}
}
}
}
}
if (count($arrErrorMsg)) {
return $arrErrorMsg;
} else {
return true;
}
}示例14: uploadMedia
/**
* Upload the media files
*
* @param string $fileName name of the media file
* @param string $path folder path
* @param string $uploaderId uploader id
*
* @return string $status name of the uploaded file / error
*/
function uploadMedia($fileName, $path, $uploaderId)
{
if (empty($uploaderId) || empty($fileName)) {
return 'error';
}
$cx = \Cx\Core\Core\Controller\Cx::instanciate();
$objSession = $cx->getComponent('Session')->getSession();
$tempPath = $objSession->getTempPath() . '/' . $uploaderId . '/' . $fileName;
//Check the uploaded file exists in /tmp folder
if (!\Cx\Lib\FileSystem\FileSystem::exists($tempPath)) {
//If the file still exists in the mediaPath then return the filename
if (\Cx\Lib\FileSystem\FileSystem::exists($this->mediaPath . $path . $fileName)) {
return $fileName;
}
return 'error';
}
$info = pathinfo($fileName);
$exte = $info['extension'];
$extension = !empty($exte) ? '.' . $exte : '';
$file = substr($fileName, 0, strlen($fileName) - strlen($extension));
$rand = rand(10, 99);
$arrSettings = $this->getSettings();
if ($arrSettings['encodeFilename']['value'] == 1) {
$fileName = md5($rand . $file) . $extension;
}
//Rename the file if the filename already exists
while (\Cx\Lib\FileSystem\FileSystem::exists($this->mediaPath . $path . $fileName)) {
$fileName = $file . '_' . time() . $extension;
}
$filePath = $this->mediaPath . $path . $fileName;
if (!\FWValidator::is_file_ending_harmless($filePath)) {
return 'error';
}
//Move the file from /tmp folder into mediaPath and set the permission
try {
$objFile = new \Cx\Lib\FileSystem\File($tempPath);
if ($objFile->move($filePath, false)) {
$fileObj = new \File();
$fileObj->setChmod($this->mediaPath, $this->mediaWebPath, $path . $fileName);
$status = $fileName;
}
} catch (\Cx\Lib\FileSystem\FileSystemException $e) {
\DBG::msg($e->getMessage());
$status = 'error';
}
//make the thumb
if (($exte == "gif" || $exte == "jpeg" || $exte == "jpg" || $exte == "png") && $path != "uploads/") {
$this->createThumb($fileName, $path);
}
return $status;
}示例15: uploadFinished
public static function uploadFinished($tempPath, $tempWebPath, $data, $uploadId, $fileInfos)
{
global $objDatabase, $_ARRAYLANG, $_CONFIG;
$originalNames = $fileInfos['originalFileNames'];
$path = $data['path'];
$webPath = $data['webPath'];
$objCategory = Category::getCategory($data['category_id']);
// check for sufficient permissions
if ($objCategory->getAddFilesAccessId() && !\Permission::checkAccess($objCategory->getAddFilesAccessId(), 'dynamic', true) && $objCategory->getOwnerId() != \FWUser::getFWUserObject()->objUser->getId()) {
return;
}
//we remember the names of the uploaded files here. they are stored in the session afterwards,
//so we can later display them highlighted.
$arrFiles = array();
//rename files, delete unwanted
$arrFilesToRename = array();
//used to remember the files we need to rename
$h = opendir($tempPath);
while (false !== ($file = readdir($h))) {
//skip . and ..
if ($file == '.' || $file == '..') {
continue;
}
//delete potentially malicious files
if (!\FWValidator::is_file_ending_harmless($file)) {
@unlink($tempPath . '/' . $file);
continue;
}
$info = pathinfo($file);
$cleanFile = \Cx\Lib\FileSystem\FileSystem::replaceCharacters($file);
if ($cleanFile != $file) {
rename($tempPath . '/' . $file, $tempPath . '/' . $cleanFile);
$file = $cleanFile;
}
//check if file needs to be renamed
$newName = '';
$suffix = '';
if (file_exists($path . '/' . $file)) {
if (empty($_REQUEST['uploadForceOverwrite']) || !intval($_REQUEST['uploadForceOverwrite'] > 0)) {
$suffix = '_' . time();
$newName = $info['filename'] . $suffix . '.' . $info['extension'];
$arrFilesToRename[$file] = $newName;
array_push($arrFiles, $newName);
}
}
if (!isset($arrFilesToRename[$file])) {
//file will keep this name - create thumb
\ImageManager::_createThumb($tempPath . '/', $tempWebPath . '/', $file);
}
$objDownloads = new downloads('');
$objDownloads->addDownloadFromUpload($info['filename'], $info['extension'], $suffix, $objCategory, $objDownloads, $originalNames[$file]);
}
//rename files where needed
foreach ($arrFilesToRename as $oldName => $newName) {
rename($tempPath . '/' . $oldName, $tempPath . '/' . $newName);
//file will keep this name - create thumb
\ImageManager::_createThumb($tempPath . '/', $tempWebPath . '/', $newName);
}
//remeber the uploaded files
$_SESSION['media_upload_files_' . $uploadId] = $arrFiles;
/* unwanted files have been deleted, unallowed filenames corrected.
we can now simply return the desired target path, as only valid
files are present in $tempPath */
return array($path, $webPath);
}