当前位置: 首页>>代码示例>>PHP>>正文


PHP JFile::makesafe方法代码示例

本文整理汇总了PHP中JFile::makesafe方法的典型用法代码示例。如果您正苦于以下问题:PHP JFile::makesafe方法的具体用法?PHP JFile::makesafe怎么用?PHP JFile::makesafe使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在JFile的用法示例。


在下文中一共展示了JFile::makesafe方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: getValue

 function getValue($field, $source_array)
 {
     jimport('joomla.filesystem.file');
     $upload_path = $field->getParam('upload_path', 'media' . DS . APP_EXTENSION . DS . 'files' . DS . $field->db_name);
     $allowed_extensions = explode(',', $field->getParam('file_extensions', 'jpg,gif,jpeg,png'));
     $delete_file = JArrayHelper::getValue($source_array, "{$field->db_name}_delete", 0, "INT");
     if ($delete_file) {
         return "";
     }
     $file = JRequest::getVar($field->db_name . '_replace', null, 'files');
     if (!$file['name']) {
         $file = JRequest::getVar($field->db_name, null, 'files');
     }
     $fname = $file['name'];
     if (!is_uploaded_file($file['tmp_name'])) {
         return null;
     }
     $ext = strtolower(JFile::getExt($fname));
     if (!in_array($ext, $allowed_extensions)) {
         return null;
     }
     $file_name = JFile::makesafe('custom-' . trim($field->db_name) . '-' . time() . ".{$ext}");
     JFile::upload($file['tmp_name'], $upload_path . DS . $file_name);
     return $file_name;
 }
开发者ID:kosmosby,项目名称:medicine-prof,代码行数:25,代码来源:image.php

示例2: template_update_upload

 function template_update_upload()
 {
     require_once JPATH_COMPONENT . DS . 'assets' . DS . 'export_helper.php';
     jimport('joomla.filesystem.file');
     $file = "";
     $msg = '';
     foreach ($_FILES as $k => $v) {
         // $msg .= 'key: '.$k.'<br />';
         // $msg .= 'val: '.$v.'<br />';
         if (strpos($k, 'uploadedupdatefile_') !== false && !empty($_FILES[$k]['name'])) {
             $file = $k;
         }
     }
     $arr = explode('_', $file);
     if (count($arr) > 1) {
         $tid = $arr[1];
         if (!is_numeric($tid)) {
             return "Error!";
         }
         // get previous file
         $ehelper = new OnepageTemplateHelper();
         $tt = $ehelper->getTemplate($tid);
         $target_path = JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_onepage' . DS . 'export' . DS . 'templates' . DS;
         $newname = JFile::makesafe(basename($_FILES['uploadedupdatefile_' . $tid]['name']));
         if (file_exists($target_path . $newname) && $tt['file'] != $newname) {
             $msg = 'Another theme is using the same filename';
         } else {
             if (file_exists($target_path . $tt['file'])) {
                 if (!JFile::delete($target_path . $tt['file'])) {
                     $msg .= 'Could not remove old template file: ' . $tt['file'] . '<br />';
                 }
             }
             $msg .= $ehelper->updateFileName($tid, $newname);
             if (!empty($msg)) {
                 //$userfile = JRequest::getVar('uploadedupdatefile_'.$tid, null, 'files');
                 //var_dump($userfile); die();
                 $target_path = $target_path . $newname;
                 //echo $target_path.'<br />'; var_dump($_FILES); die();
                 if (JFile::upload($_FILES[$file]['tmp_name'], $target_path)) {
                     $msg .= "The template file " . $newname . " has been uploaded";
                 } else {
                     $msg .= "There was an error uploading the file, please try again! file: " . $newname;
                 }
             }
         }
     }
     if (empty($msg)) {
         $msg = 'O.K.';
     }
     //JFile::delete($_FILES[$file]['tmp_name']);
     $link = 'index.php?option=com_onepage&view=order_export';
     $this->setRedirect($link, $msg);
     return $msg;
     //die('som tu');
 }
开发者ID:aldegtyarev,项目名称:stelsvelo,代码行数:55,代码来源:order_export.php

示例3: canUpload

 /**
  * Upload Form
  *
  * @param   string  $file      POST File
  * 
  * @param   string  &$err      Message Error
  * 
  * @param   string  $settings  $Setting
  * 
  * @return boolean 
  */
 public static function canUpload($file, &$err, $settings)
 {
     if (empty($file['name'])) {
         $err = JText::_('JSN_UNIFORM_ERROR_UPLOAD_INPUT');
         return false;
     }
     $params = JComponentHelper::getParams('com_media');
     if (empty($settings->options->limitFileExtensions) || $settings->options->limitFileExtensions != 1) {
         $settings->options->allowedExtensions = $params->get('upload_extensions');
     }
     if (empty($settings->options->limitFileSize) || $settings->options->limitFileSize != 1) {
         $settings->options->maxSize = $params->get('upload_maxsize');
         $settings->options->maxSizeUnit = 'MB';
     }
     jimport('joomla.filesystem.file');
     if ($file['name'] !== JFile::makesafe($file['name'])) {
         $err = JText::_('JSN_UNIFORM_ERROR_WARNFILENAME');
         return false;
     }
     $format = strtolower(JFile::getExt($file['name']));
     $allowedExtensions = str_replace(" ", "", $settings->options->allowedExtensions);
     $allowable = explode(',', $allowedExtensions);
     switch ($settings->options->maxSizeUnit) {
         case 'KB':
             $uploadMaxSize = $settings->options->maxSize * 1024;
             break;
         case 'MB':
             $uploadMaxSize = $settings->options->maxSize * 1024 * 1024;
             break;
         case 'GB':
             $uploadMaxSize = $settings->options->maxSize * 1024 * 1024 * 1024;
             break;
     }
     if ($uploadMaxSize > (int) ini_get('upload_max_filesize') * 1024 * 1024) {
         if ((int) $file['size'] == 0 && (int) $file['error'] == 1 && empty($file['tmp_name'])) {
             $err = JText::sprintf('JSN_UNIFORM_POST_UPLOAD_SIZE', (int) ini_get('upload_max_filesize') . " MB");
             return false;
         }
     }
     if (!in_array($format, $allowable) || in_array($format, array('php', 'phps', 'php3', 'php4', 'phtml', 'pl', 'py', 'jsp', 'asp', 'htm', 'shtml', 'sh', 'cgi', 'htaccess', 'exe', 'dll'))) {
         $err = JText::sprintf('JSN_UNIFORM_ERROR_WARNFILETYPE', "." . $format);
         return false;
     }
     if ((int) $file['size'] > $uploadMaxSize) {
         $err = JText::sprintf('JSN_UNIFORM_POST_UPLOAD_SIZE', $settings->options->maxSize . " " . $settings->options->maxSizeUnit);
         return false;
     } else {
         if ((int) $file['size'] == 0 && (int) $file['error'] == 1 && empty($file['tmp_name'])) {
             $err = JText::sprintf('JSN_UNIFORM_POST_UPLOAD_SIZE', $settings->options->maxSize . " " . $settings->options->maxSizeUnit);
             return false;
         }
     }
     return true;
 }
开发者ID:NallelyFlores89,项目名称:basvec,代码行数:65,代码来源:form.php

示例4: canUpload

 /**
  * Checks if the file can be uploaded
  *
  * @param array File information
  * @param string An error message to be returned
  * @return boolean
  */
 public static function canUpload($file, &$err)
 {
     //$params = &JComponentHelper::getParams( 'com_media' );
     $params = EasyBlogHelper::getConfig();
     if (empty($file['name'])) {
         $err = 'COM_EASYBLOG_WARNEMPTYFILE';
         return false;
     }
     jimport('joomla.filesystem.file');
     if ($file['name'] !== JFile::makesafe($file['name'])) {
         $err = 'COM_EASYBLOG_WARNFILENAME';
         return false;
     }
     $format = strtolower(JFile::getExt($file['name']));
     if (!EasyImageHelper::isImage($file['name'])) {
         $err = 'COM_EASYBLOG_WARNINVALIDIMG';
         return false;
     }
     $maxWidth = 160;
     $maxHeight = 160;
     // maxsize should get from eblog config
     //$maxSize	= 2000000; //2MB
     //$maxSize	= 200000; //200KB
     // 1 megabyte == 1048576 byte
     $byte = 1048576;
     $uploadMaxsize = (double) $params->get('main_upload_image_size', 0);
     $maxSize = $uploadMaxsize * $byte;
     if ($maxSize > 0 && (double) $file['size'] > $maxSize) {
         $err = 'COM_EASYBLOG_WARNFILETOOLARGE';
         return false;
     }
     $user = JFactory::getUser();
     $imginfo = null;
     if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) {
         $err = 'COM_EASYBLOG_WARNINVALIDIMG';
         return false;
     }
     return true;
 }
开发者ID:Tommar,项目名称:vino2,代码行数:46,代码来源:image.php

示例5: canUpload

 /**
  * Checks if the file can be uploaded
  *
  * @param array File information
  * @param string An error message to be returned
  * @return boolean
  */
 public static function canUpload($file, &$err)
 {
     //$params = JComponentHelper::getParams( 'com_media' );
     $config = DiscussHelper::getConfig();
     $maxSize = $config->get('main_upload_maxsize');
     // Convert MB to B
     $maxSize = $maxSize * 1024 * 1024;
     if (empty($file['name'])) {
         $err = JText::_('COM_EASYDISCUSS_EMPTY_FILENAME');
         return false;
     }
     jimport('joomla.filesystem.file');
     if ($file['name'] !== JFile::makesafe($file['name'])) {
         $err = JText::_('COM_EASYDISCUSS_INVALID_FILENAME');
         return false;
     }
     $format = strtolower(JFile::getExt($file['name']));
     if (!DiscussImageHelper::isImage($file['name'])) {
         $err = JText::_('COM_EASYDISCUSS_INVALID_IMG');
         return false;
     }
     $maxWidth = 160;
     $maxHeight = 160;
     // maxsize should get from eblog config
     //$maxSize	= 2000000; //2MB
     //$maxSize	= 200000; //200KB
     //$maxSize = (int) $params->get( 'main_upload_maxsize', 0 );
     if ($maxSize > 0 && (int) $file['size'] > $maxSize) {
         $err = JText::_('COM_EASYDISCUSS_FILE_TOO_LARGE');
         return false;
     }
     $user = JFactory::getUser();
     $imginfo = null;
     if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) {
         $err = JText::_('COM_EASYDISCUSS_IMAGE_CORRUPT');
         return false;
     }
     return true;
 }
开发者ID:BetterBetterBetter,项目名称:B3App,代码行数:46,代码来源:image.php

示例6: check

 /**
  * Checks uploaded file
  *
  * @param string $file The file name
  * @param string $err  Set (return) the error string in it
  * @param string $file view 's parameters
  * @return string The file extension
  * @since 1.5
  */
 static function check(&$file, &$err, &$params)
 {
     if (!$params) {
         $params = JComponentHelper::getParams('com_flexicontent');
     }
     if (empty($file['name'])) {
         $err = 'FLEXI_PLEASE_INPUT_A_FILE';
         return false;
     }
     jimport('joomla.filesystem.file');
     $file['altname'] = $file['name'];
     if ($file['name'] !== JFile::makesafe($file['name'])) {
         //$err = JText::_('FLEXI_WARNFILENAME').','.$file['name'].'|'.JFile::makesafe($file['name'])."<br/>";
         //return false;
         $file['name'] = date('Y-m-d-H-i-s') . "." . flexicontent_upload::getExt($file['name']);
     }
     // ***************************************
     // Check if the image file type is allowed
     // ***************************************
     $format = strtolower(flexicontent_upload::getExt($file['name']));
     $allowed_exts = $params->get('upload_extensions', 'bmp,csv,doc,docx,gif,ico,jpg,jpeg,odg,odp,ods,odt,pdf,png,ppt,pptx,swf,txt,xcf,xls,xlsx,zip,ics');
     $allowed_exts = preg_split("/[\\s]*,[\\s]*/", $allowed_exts);
     foreach ($allowed_exts as $a => $allowed_ext) {
         $allowed_exts[$a] = strtolower($allowed_ext);
     }
     $ignored = explode(',', $params->get('ignore_extensions'));
     foreach ($ignored as $a => $ignored_ext) {
         $ignored[$a] = strtolower($ignored_ext);
     }
     if (!in_array($format, $allowed_exts) && !in_array($format, $ignored)) {
         $err = 'FLEXI_WARNFILETYPE';
         return false;
     }
     // **************
     // Check filesize
     // **************
     $maxSize = (int) $params->get('upload_maxsize', 0);
     if ($maxSize > 0 && (int) $file['size'] > $maxSize) {
         $err = 'FLEXI_WARNFILETOOLARGE';
         return false;
     }
     $imginfo = null;
     $images = explode(',', $params->get('image_extensions'));
     if ($params->get('restrict_uploads', 1)) {
         if (in_array($format, $images)) {
             // if its an image run it through getimagesize
             if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) {
                 $err = 'FLEXI_WARNINVALIDIMG';
                 return false;
             }
         } else {
             if (!in_array($format, $ignored)) {
                 // if its not an image...and we're not ignoring it
                 $allowed_mime = explode(',', $params->get('upload_mime'));
                 $illegal_mime = explode(',', $params->get('upload_mime_illegal'));
                 if (function_exists('finfo_open') && $params->get('check_mime', 1)) {
                     // We have fileinfo
                     $finfo = finfo_open(FILEINFO_MIME);
                     $type = finfo_file($finfo, $file['tmp_name']);
                     if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
                         $err = 'FLEXI_WARNINVALIDMIME';
                         return false;
                     }
                     finfo_close($finfo);
                 } else {
                     if (function_exists('mime_content_type') && $params->get('check_mime', 1)) {
                         // we have mime magic
                         $type = mime_content_type($file['tmp_name']);
                         if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
                             $err = 'FLEXI_WARNINVALIDMIME';
                             return false;
                         }
                     }
                 }
             }
         }
     }
     // ***************************
     // Check fof XSS safe contents
     // ***************************
     $xss_check = JFile::read($file['tmp_name'], false, 256);
     $html_tags = array('abbr', 'acronym', 'address', 'applet', 'area', 'audioscope', 'base', 'basefont', 'bdo', 'bgsound', 'big', 'blackface', 'blink', 'blockquote', 'body', 'bq', 'br', 'button', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'comment', 'custom', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'embed', 'fieldset', 'fn', 'font', 'form', 'frame', 'frameset', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'hr', 'html', 'iframe', 'ilayer', 'img', 'input', 'ins', 'isindex', 'keygen', 'kbd', 'label', 'layer', 'legend', 'li', 'limittext', 'link', 'listing', 'map', 'marquee', 'menu', 'meta', 'multicol', 'nobr', 'noembed', 'noframes', 'noscript', 'nosmartquotes', 'object', 'ol', 'optgroup', 'option', 'param', 'plaintext', 'pre', 'rt', 'ruby', 's', 'samp', 'script', 'select', 'server', 'shadow', 'sidebar', 'small', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'title', 'tr', 'tt', 'ul', 'var', 'wbr', 'xml', 'xmp', '!DOCTYPE', '!--');
     foreach ($html_tags as $tag) {
         // A tag is '<tagname ', so we need to add < and a space or '<tagname>'
         if (stristr($xss_check, '<' . $tag . ' ') || stristr($xss_check, '<' . $tag . '>')) {
             $err = 'FLEXI_WARNIEXSS';
             return false;
         }
     }
     return true;
 }
开发者ID:nettdotkomm,项目名称:flexicontent-cck,代码行数:100,代码来源:flexicontent.helper.php

示例7:

        case 2:
            $err = 'FILE TO LARGE THAN HTML FORM ALLOWS';
            break;
        case 3:
            $err = 'ERROR PARTIAL UPLOAD';
            break;
        case 4:
            return;
            break;
            // NO FILE
        // NO FILE
        default:
            $err = '';
            break;
    }
    if (!$err) {
        // validation passed, move the file
        $fileTemp = $_FILES[$fieldName]['tmp_name'];
        $newFileName = JFile::makesafe($_FILES[$fieldName]['name']);
        $uploadPath = $folder . '/' . $newFileName;
        if (!JFile::upload($fileTemp, $uploadPath)) {
            $err = 'ERROR MOVING FILE';
        }
    }
    if ($err) {
        // Error found
        $lang = JFactory::getLanguage();
        $lang->load('com_media');
        echo '<strong style="color:#ff0000">ERROR:&nbsp;' . JText::_($err) . '</strong>';
    }
}
开发者ID:jputz12,项目名称:OneNow-Vshop,代码行数:31,代码来源:getuploads.php

示例8: getVM2en

 function getVM2en()
 {
     $this->flushTable();
     $tr_from = JRequest::getVar('tr_fromlang', 'en-GB');
     $to = JRequest::getVar('tr_tolang', 'en-GB');
     $tr_type = JRequest::getVar('tr_type', 'site');
     $xt = JRequest::getVar('tr_ext', '');
     //echo $xt;
     //die('x:'.rand());
     if (empty($xt)) {
         JRequest::setVar('format', 'html');
         return;
     }
     $xt = str_replace('.ini', '', $xt);
     jimport('joomla.filesystem.folder');
     jimport('joomla.filesystem.file');
     $tr_type = JFile::makesafe($tr_type);
     $xt = JFile::makesafe($xt);
     $to = JFile::makesafe($to);
     $tr_from = JFile::makesafe($tr_from);
     $arr1 = $this->getIni($tr_from, $tr_type, $xt);
     $arr2 = $this->getIni($to, $tr_type, $xt);
     $arr2o = unserialize(serialize($arr2));
     // get rid of the reference
     $arr1o = unserialize(serialize($arr1));
     if (!empty($arr2o)) {
         foreach ($arr2o as $k => $a2) {
             // if sk['text'] en['text'] = sk['text']
             if (!empty($arr2[$k])) {
                 $arr1[$k] = $arr2[$k];
             }
             if (!empty($arr3[$k])) {
                 $arr2[$k] = $arr3[$k];
                 $arr1[$k] = $arr3[$k];
             }
         }
     } else {
         // translat to file does not exists
         /*
         foreach ($arr1o as $k=>$a2)
         {
         	//var_dump($arr1o); 
         	//var_dump($arr3); die(); 
         	 if (!empty($arr3[$k])) 
         	{
           
         		$arr2[$k] = $arr3[$k]; 
         		//$arr1[$k] = $arr3[$k]; 
         	}
         }
         */
         //die();
     }
     $user = JFactory::getUser();
     $username = $user->username;
     if (!$this->checkDB($xt, $tr_type, $tr_from)) {
         $this->fillDB($xt, $tr_type, $tr_from, $arr1, $username);
         $this->getTranlations($xt, $tr_type, $tr_from, $arr1);
     } else {
         $this->getTranlations($xt, $tr_type, $tr_from, $arr1);
     }
     $ret[$tr_type][$tr_from] = $arr1;
     $arr2 = $this->getIni($to, $tr_type, $xt);
     // if absolutely no language file exists for target language
     if (empty($arr2)) {
         $arr2 = $this->getIni($tr_from, $tr_type, $xt);
     }
     // we need to check if it contains at least the same fields as the original language
     foreach ($arr1o as $kk => $vv) {
         if (!is_array($vv)) {
             if (!isset($arr2[$kk])) {
                 $arr2[$kk] = $vv;
             }
         }
     }
     // vm2.0.22+ new lang files:
     if (stripos($xt, 'com_virtuemart') !== false) {
         $arr3 = $this->getIni($to, $tr_type, 'com_virtuemart');
     }
     foreach ($arr1o as $k => $a2) {
         //var_dump($arr1o);
         //var_dump($arr3); die();
         if (!empty($arr3[$k])) {
             $arr2[$k] = $arr3[$k];
             //$arr1[$k] = $arr3[$k];
         }
     }
     unset($arr1);
     if (!$this->checkDB($xt, $tr_type, $to)) {
         $this->fillDB($xt, $tr_type, $to, $arr2, $username);
         $this->getTranlations($xt, $tr_type, $to, $arr2, $arr1o);
         unset($arr1o);
     } else {
         $this->getTranlations($xt, $tr_type, $to, $arr2, $arr1o);
         unset($arr1o);
     }
     // ret['site']['to_language'] = ...
     $ret[$tr_type][$to] = $arr2;
     unset($arr2);
     //var_dump($ret); die();
//.........这里部分代码省略.........
开发者ID:aldegtyarev,项目名称:stelsvelo,代码行数:101,代码来源:edit.php

示例9: canUpload

 /**
  * Checks if the file can be uploaded
  *
  * @param array File information
  * @param string An error message to be returned
  * @return  boolean
  */
 public static function canUpload($file, &$err)
 {
     $params = JComponentHelper::getParams('com_media');
     if (empty($file['name'])) {
         $err = 'COM_MEDIA_ERROR_UPLOAD_INPUT';
         return false;
     }
     jimport('joomla.filesystem.file');
     if ($file['name'] !== JFile::makesafe($file['name'])) {
         $err = 'COM_MEDIA_ERROR_WARNFILENAME';
         return false;
     }
     $format = strtolower(JFile::getExt($file['name']));
     // Media file names should never have executable extensions buried in them.
     $executable = array('php', 'js', 'exe', 'phtml', 'java', 'perl', 'py', 'asp', 'dll', 'go', 'ade', 'adp', 'bat', 'chm', 'cmd', 'com', 'cpl', 'hta', 'ins', 'isp', 'jse', 'lib', 'mde', 'msc', 'msp', 'mst', 'pif', 'scr', 'sct', 'shb', 'sys', 'vb', 'vbe', 'vbs', 'vxd', 'wsc', 'wsf', 'wsh');
     $explodedFileName = explode('.', $file['name']);
     if (count($explodedFileName > 2)) {
         foreach ($executable as $extensionName) {
             if (in_array($extensionName, $explodedFileName)) {
                 $app->enqueueMessage(JText::_('JLIB_MEDIA_ERROR_WARNFILETYPE'), 'notice');
                 return false;
             }
         }
     }
     $allowable = explode(',', $params->get('upload_extensions'));
     $ignored = explode(',', $params->get('ignore_extensions'));
     if ($format == '' || $format == false || !in_array($format, $allowable) && !in_array($format, $ignored)) {
         $err = 'COM_MEDIA_ERROR_WARNFILETYPE';
         return false;
     }
     $maxSize = (int) ($params->get('upload_maxsize', 0) * 1024 * 1024);
     if ($maxSize > 0 && (int) $file['size'] > $maxSize) {
         $err = 'COM_MEDIA_ERROR_WARNFILETOOLARGE';
         return false;
     }
     $user = JFactory::getUser();
     $imginfo = null;
     if ($params->get('restrict_uploads', 1)) {
         $images = explode(',', $params->get('image_extensions'));
         if (in_array($format, $images)) {
             // if its an image run it through getimagesize
             // if tmp_name is empty, then the file was bigger than the PHP limit
             if (!empty($file['tmp_name'])) {
                 if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) {
                     $err = 'COM_MEDIA_ERROR_WARNINVALID_IMG';
                     return false;
                 }
             } else {
                 $err = 'COM_MEDIA_ERROR_WARNFILETOOLARGE';
                 return false;
             }
         } elseif (!in_array($format, $ignored)) {
             // if its not an image...and we're not ignoring it
             $allowed_mime = explode(',', $params->get('upload_mime'));
             $illegal_mime = explode(',', $params->get('upload_mime_illegal'));
             if (function_exists('finfo_open') && $params->get('check_mime', 1)) {
                 // We have fileinfo
                 $finfo = finfo_open(FILEINFO_MIME);
                 $type = finfo_file($finfo, $file['tmp_name']);
                 if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
                     $err = 'COM_MEDIA_ERROR_WARNINVALID_MIME';
                     return false;
                 }
                 finfo_close($finfo);
             } elseif (function_exists('mime_content_type') && $params->get('check_mime', 1)) {
                 // we have mime magic
                 $type = mime_content_type($file['tmp_name']);
                 if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
                     $err = 'COM_MEDIA_ERROR_WARNINVALID_MIME';
                     return false;
                 }
             } elseif (!$user->authorise('core.manage')) {
                 $err = 'COM_MEDIA_ERROR_WARNNOTADMIN';
                 return false;
             }
         }
     }
     $xss_check = JFile::read($file['tmp_name'], false, 256);
     $html_tags = array('abbr', 'acronym', 'address', 'applet', 'area', 'audioscope', 'base', 'basefont', 'bdo', 'bgsound', 'big', 'blackface', 'blink', 'blockquote', 'body', 'bq', 'br', 'button', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'comment', 'custom', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'embed', 'fieldset', 'fn', 'font', 'form', 'frame', 'frameset', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'hr', 'html', 'iframe', 'ilayer', 'img', 'input', 'ins', 'isindex', 'keygen', 'kbd', 'label', 'layer', 'legend', 'li', 'limittext', 'link', 'listing', 'map', 'marquee', 'menu', 'meta', 'multicol', 'nobr', 'noembed', 'noframes', 'noscript', 'nosmartquotes', 'object', 'ol', 'optgroup', 'option', 'param', 'plaintext', 'pre', 'rt', 'ruby', 's', 'samp', 'script', 'select', 'server', 'shadow', 'sidebar', 'small', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'title', 'tr', 'tt', 'ul', 'var', 'wbr', 'xml', 'xmp', '!DOCTYPE', '!--');
     foreach ($html_tags as $tag) {
         // A tag is '<tagname ', so we need to add < and a space or '<tagname>'
         if (stristr($xss_check, '<' . $tag . ' ') || stristr($xss_check, '<' . $tag . '>')) {
             $err = 'COM_MEDIA_ERROR_WARNIEXSS';
             return false;
         }
     }
     return true;
 }
开发者ID:joomline,项目名称:Joomla2.5.999,代码行数:95,代码来源:media.php

示例10: saveFile

 /**
  * function_description
  *
  * @return boolean
  */
 function saveFile()
 {
     $mainframe = JFactory::getApplication();
     jimport('joomla.filesystem.file');
     jimport('joomla.filesystem.folder');
     $db = JFactory::getDBO();
     $user = JFactory::getUser();
     $cache = JFactory::getCache('com_jtg');
     // Get the post data
     $catid = JFactory::getApplication()->input->get('catid', null, 'array');
     $catid = $catid ? implode(',', $catid) : '';
     $level = JFactory::getApplication()->input->get('level', 0, 'integer');
     $title = JFactory::getApplication()->input->get('title', '', 'string');
     $terrain = JFactory::getApplication()->input->get('terrain', null, 'array');
     $terrain = $terrain ? implode(', ', $terrain) : '';
     $desc = $db->escape(implode(' ', JFactory::getApplication()->input->get('description', '', 'array')));
     $file = JFactory::getApplication()->input->files->get('file');
     $uid = $user->get('id');
     $date = date("Y-m-d");
     $jInput = JFactory::getApplication()->input;
     $jFileInput = new jInput($_FILES);
     $images = $jFileInput->get('images', array(), 'array');
     $access = JRequest::getInt('access', 0);
     $hidden = JRequest::getInt('hidden', 0);
     $published = JRequest::getInt('published', 0);
     // Upload the file
     $upload_dir = JPATH_SITE . '/images/jtrackgallery/uploaded_tracks/';
     $filename = strtolower(JFile::makeSafe($file['name']));
     $newfile = $upload_dir . strtolower($filename);
     if (JFile::exists($newfile)) {
         $alert_text = json_encode(JText::sprintf("COM_JTG_FILE_ALREADY_EXISTS", $filename));
         die("<script type='text/javascript' charset='UTF-8'>alert({$alert_text});window.history.back(-1);</script>");
     }
     if (!JFile::upload($file['tmp_name'], $newfile)) {
         $alert_text = json_encode(JText::_('COM_JTG_UPLOAD_FAILS'));
         die("<script type='text/javascript'>alert({$alert_text});window.history.back(-1);</script>");
     } else {
         chmod($newfile, 0777);
     }
     // Get the start coordinates..
     // Default unit
     $gpsData = new GpsDataClass("Kilometer");
     $gpsData = $cache->get(array($gpsData, 'loadFileAndData'), array($newfile, strtolower($filename)), "Kilometer");
     $errors = $gpsData->displayErrors();
     if ($errors) {
         $map = "";
         $coords = "";
         $distance_float = 0;
         $distance = 0;
         // Try to delete the file
         if (JFile::exists($upload_dir . strtolower($filename))) {
             JFile::delete($upload_dir . strtolower($filename));
         }
         $alert_text = json_encode(JText::_('COM_JTG_NO_SUPPORT') . '\\n' . $errors);
         echo "<script type='text/javascript'>alert({$alert_text});window.history.back(-1);</script>";
         exit;
     }
     $start_n = $gpsData->start[1];
     $start_e = $gpsData->start[0];
     $coords = $gpsData->allCoords;
     $isTrack = $gpsData->isTrack;
     $isWaypoint = $gpsData->isWaypoint;
     $isRoute = 0;
     $isCache = 0;
     $distance = $gpsData->distance;
     $query = "INSERT INTO #__jtg_files SET" . "\n uid='" . $uid . "'," . "\n catid='" . $catid . "'," . "\n title='" . $title . "'," . "\n file='" . strtolower($filename) . "'," . "\n terrain='" . $terrain . "'," . "\n description='" . $desc . "'," . "\n published='" . $published . "'," . "\n date='" . $date . "'," . "\n start_n='" . $start_n . "'," . "\n start_e='" . $start_e . "'," . "\n distance='" . $distance . "'," . "\n ele_asc='" . round($gpsData->totalAscent, 0) . "'," . "\n ele_desc='" . round($gpsData->totalDescent, 0) . "'," . "\n level='" . $level . "'," . "\n access='" . $access . "'," . "\n hidden='" . $hidden . "'," . "\n istrack='" . $isTrack . "'," . "\n iswp='" . $isWaypoint . "'," . "\n isroute='" . $isRoute . "'," . "\n iscache='" . $isCache . "'";
     $db->setQuery($query);
     $db->execute();
     if ($db->getErrorNum()) {
         echo $db->stderr();
         return false;
     }
     $query = "SELECT id FROM #__jtg_files WHERE file='" . strtolower($filename) . "'";
     $db->setQuery($query);
     $rows = $db->loadObject();
     // Images upload part
     $cfg = JtgHelper::getConfig();
     $types = explode(',', $cfg->type);
     if (count($images) > 0) {
         $img_dir = JPATH_SITE . '/images/jtrackgallery/uploaded_tracks_images/track_' . $rows->id . '/';
         JFolder::create($img_dir, 0777);
         foreach ($images['name'] as $key => $value) {
             if ($value != "") {
                 $imgfilename = JFile::makesafe($value);
                 $ext = JFile::getExt($images['name'][$key]);
                 if (in_array(strtolower($ext), $types)) {
                     JtgHelper::createimageandthumbs($images['tmp_name'][$key], $ext, $img_dir, $imgfilename);
                 }
             }
         }
     }
     return true;
 }
开发者ID:hogeh,项目名称:htraininglogs,代码行数:98,代码来源:showtracks.php

示例11: getPhpExportThemes

 function getPhpExportThemes()
 {
     $path = JPATH_SITE . DS . 'components' . DS . 'com_onepage' . DS . 'xmlexport' . DS . 'php';
     if (!file_exists($path)) {
         return array();
     }
     jimport('joomla.filesystem.folder');
     jimport('joomla.filesystem.file');
     $files = JFolder::files($path, $filter = '.php', false, true);
     $arr = array();
     foreach ($files as $f) {
         $pi = pathinfo($f);
         $file = $pi['filename'];
         $jf = JFile::makesafe($file);
         // security here:
         if ($jf != $file) {
             continue;
         }
         $path = JPATH_SITE . DS . 'components' . DS . 'com_onepage' . DS . 'xmlexport' . DS . 'php' . DS . $file . '.xml';
         if (!file_exists($path)) {
             continue;
         }
         $arr[] = $file;
     }
     return $arr;
 }
开发者ID:aldegtyarev,项目名称:stelsvelo,代码行数:26,代码来源:xmlexport.php

示例12: canUpload

 /**
  * can Upload
  *
  * @param array $file
  * @param string $errorUploadMsg
  * @param int $frontEnd - if it is called from frontend or backend (1  - category view, 2 user control panel)
  * @param boolean $chunkMethod - if chunk method is used (multiple upload) then there are special rules
  * @param string $realSize - if chunk method is used we get info about real size of file (not only the part)
  * @return boolean True on success
  * @since 1.5
  */
 public static function canUpload($file, &$errUploadMsg, $frontEnd = 0, $chunkEnabled = 0, $realSize = 0)
 {
     $params = JComponentHelper::getParams('com_phocagallery');
     $paramsL = array();
     $paramsL['upload_extensions'] = 'gif,jpg,png,jpeg';
     $paramsL['image_extensions'] = 'gif,jpg,png,jpeg';
     $paramsL['upload_mime'] = 'image/jpeg,image/gif,image/png';
     $paramsL['upload_mime_illegal'] = 'application/x-shockwave-flash,application/msword,application/excel,application/pdf,application/powerpoint,text/plain,application/x-zip,text/html';
     // The file doesn't exist
     if (empty($file['name'])) {
         $errUploadMsg = 'COM_PHOCAGALLERY_ERROR_UNABLE_TO_UPLOAD_FILE';
         return false;
     }
     // Not safe file
     jimport('joomla.filesystem.file');
     if ($file['name'] !== JFile::makesafe($file['name'])) {
         $errUploadMsg = 'COM_PHOCAGALLERY_WARNING_FILENAME';
         return false;
     }
     $format = strtolower(JFile::getExt($file['name']));
     // Allowable extension
     $allowable = explode(',', $paramsL['upload_extensions']);
     if ($format == '' || $format == false || !in_array($format, $allowable)) {
         //if (!in_array($format, $allowable)) {
         $errUploadMsg = 'COM_PHOCAGALLERY_WARNING_FILETYPE';
         return false;
     }
     // 'COM_PHOCAGALLERY_MAX_RESOLUTION'
     $imgSize = PhocaGalleryImage::getImageSize($file['tmp_name']);
     $maxResWidth = $params->get('upload_maxres_width', 3072);
     $maxResHeight = $params->get('upload_maxres_height', 2304);
     if ((int) $maxResWidth > 0 && (int) $maxResHeight > 0 && ((int) $imgSize[0] > (int) $maxResWidth || (int) $imgSize[1] > (int) $maxResHeight)) {
         $errUploadMsg = 'COM_PHOCAGALLERY_WARNING_FILE_TOOLARGE_RESOLUTION';
         return false;
     }
     // User (only in ucp) - Check the size of all images by users
     if ($frontEnd == 2) {
         $user = JFactory::getUser();
         $maxUserImageSize = (int) $params->get('user_images_max_size', 20971520);
         if ($chunkEnabled == 1) {
             $fileSize = $realSize;
         } else {
             $fileSize = $file['size'];
         }
         $allFileSize = PhocaGalleryFileUploadFront::getSizeAllOriginalImages($fileSize, $user->id);
         if ((int) $maxUserImageSize > 0 && (int) $allFileSize > $maxUserImageSize) {
             $errUploadMsg = JText::_('COM_PHOCAGALLERY_WARNING_USERIMAGES_TOOLARGE');
             return false;
         }
     }
     // Max size of image
     // If chunk method is used, we need to get computed size
     $maxSize = $params->get('upload_maxsize', 3145728);
     if ($chunkEnabled == 1) {
         if ((int) $maxSize > 0 && (int) $realSize > (int) $maxSize) {
             $errUploadMsg = 'COM_PHOCAGALLERY_WARNING_FILE_TOOLARGE';
             return false;
         }
     } else {
         if ((int) $maxSize > 0 && (int) $file['size'] > (int) $maxSize) {
             $errUploadMsg = 'COM_PHOCAGALLERY_WARNING_FILE_TOOLARGE';
             return false;
         }
     }
     $user = JFactory::getUser();
     $imginfo = null;
     // Image check
     $images = explode(',', $paramsL['image_extensions']);
     if (in_array($format, $images)) {
         // if its an image run it through getimagesize
         if ($chunkEnabled != 1) {
             if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) {
                 $errUploadMsg = 'COM_PHOCAGALLERY_WARNING_INVALIDIMG';
                 return false;
             }
         }
     } else {
         if (!in_array($format, $images)) {
             // if its not an image...and we're not ignoring it
             $allowed_mime = explode(',', $paramsL['upload_mime']);
             $illegal_mime = explode(',', $paramsL['upload_mime_illegal']);
             if (function_exists('finfo_open')) {
                 // We have fileinfo
                 $finfo = finfo_open(FILEINFO_MIME);
                 $type = finfo_file($finfo, $file['tmp_name']);
                 if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
                     $errUploadMsg = 'COM_PHOCAGALLERY_WARNING_INVALIDMIME';
                     return false;
                 }
//.........这里部分代码省略.........
开发者ID:scarsroga,项目名称:blog-soa,代码行数:101,代码来源:fileupload.php

示例13: canUpload

	public static function canUpload( $file, &$err, $manager = '', $frontEnd = 0, $chunkEnabled = 0, $realSize = 0) {
		
		$paramsC 	= JComponentHelper::getParams( 'com_phocadownload' );
		
		if ($frontEnd == 1) {
			$aft = $paramsC->get( 'allowed_file_types_upload', PhocaDownloadSettings::getDefaultAllowedMimeTypesUpload() );
			$dft = $paramsC->get( 'disallowed_file_types_upload', '' );
			$allowedMimeType 	= PhocaDownloadFile::getMimeTypeString($aft);
			$disallowedMimeType = PhocaDownloadFile::getMimeTypeString($dft);
			
			$ignoreUploadCh = 0;
			$ignoreUploadCheck = $params->get( 'ignore_file_types_check', 2 );
			if ($ignoreUploadCheck == 1 || $ignoreUploadCheck == 4 ) {
				$ignoreUploadCh = 1;
			}
			
		} else {
		
			$aft = $paramsC->get( 'allowed_file_types_download', PhocaDownloadSettings::getDefaultAllowedMimeTypesDownload() );
			$dft = $paramsC->get( 'disallowed_file_types_download', '' );
			$allowedMimeType 	= PhocaDownloadFile::getMimeTypeString($aft);
			$disallowedMimeType = PhocaDownloadFile::getMimeTypeString($dft);
			
			$ignoreUploadCh = 0;
			$ignoreUploadCheck = $paramsC->get( 'ignore_file_types_check', 2 );
			if ($ignoreUploadCheck == 5 || $ignoreUploadCheck == 5 ) {
				$ignoreUploadCh = 1;
			}
		}
		
		
		
		$paramsL = array();
		$group = PhocaDownloadSettings::getManagerGroup($manager);
		if ($group['f'] == 2) {
			$paramsL['upload_extensions'] 	= 'gif,jpg,png,jpeg';
			$paramsL['image_extensions'] 	= 'gif,jpg,png,jpeg';
			$paramsL['upload_mime']			= 'image/jpeg,image/gif,image/png';
			$paramsL['upload_mime_illegal']	='application/x-shockwave-flash,application/msword,application/excel,application/pdf,application/powerpoint,text/plain,application/x-zip,text/html';
			$paramsL['upload_ext_illegal']	= $disallowedMimeType['ext'];
		} else {
			$paramsL['upload_extensions'] 	= $allowedMimeType['ext'];
			$paramsL['image_extensions'] 	= 'bmp,gif,jpg,png,jpeg';
			$paramsL['upload_mime']			= $allowedMimeType['mime'];
			$paramsL['upload_mime_illegal']	= $disallowedMimeType['mime'];
			$paramsL['upload_ext_illegal']	= $disallowedMimeType['ext'];
		}
		

		// The file doesn't exist
		if(empty($file['name'])) {
			$err = 'COM_PHOCADOWNLOAD_WARNING_INPUT_FILE_UPLOAD';
			return false;
		}
		// Not safe file
		jimport('joomla.filesystem.file');
		if ($file['name'] !== JFile::makesafe($file['name'])) {
			$err = 'COM_PHOCADOWNLOAD_WARNFILENAME';
			return false;
		}

		$format 		= strtolower(JFile::getExt($file['name']));
		if ($ignoreUploadCh == 1) {
		
		} else {
		
			$allowable 		= explode( ',', $paramsL['upload_extensions']);
			$notAllowable 	= explode( ',', $paramsL['upload_ext_illegal']);
			if(in_array($format, $notAllowable)) {
				$err = 'COM_PHOCADOWNLOAD_WARNFILETYPE_DISALLOWED';
				return false;
			}
			
			
			//if (!in_array($format, $allowable)) {
			if ($format == '' || $format == false || (!in_array($format, $allowable))) {
				$err = 'COM_PHOCADOWNLOAD_WARNFILETYPE_NOT_ALLOWED';
				return false;
			}
		}

		
		// Max size of image
		// If chunk method is used, we need to get computed size
		$maxSize = $paramsC->get( 'upload_maxsize', 3145728 );
		if ((int)$frontEnd > 0) {
			$maxSize = $paramsC->get( 'user_file_upload_size', 3145728 );
		} else {
			$maxSize = $paramsC->get( 'upload_maxsize', 3145728 );
		}
		
		if ($chunkEnabled == 1) {
			if ((int)$maxSize > 0 && (int)$realSize > (int)$maxSize) {
				$err = 'COM_PHOCADOWNLOAD_WARNFILETOOLARGE';
				
				return false;
			}
		} else {
			if ((int)$maxSize > 0 && (int)$file['size'] > (int)$maxSize) {
				$err = 'COM_PHOCADOWNLOAD_WARNFILETOOLARGE';
//.........这里部分代码省略.........
开发者ID:BillVGN,项目名称:PortalPRP,代码行数:101,代码来源:fileupload.php

示例14: prepareDirectory

 function prepareDirectory($tid)
 {
     jimport('joomla.filesystem.file');
     $tname = $tid;
     $tname = JFile::makesafe($tname);
     $ex = JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_onepage' . DS . 'export' . DS;
     $exf = $ex . $tname;
     if (file_exists($exf)) {
         return $exf;
     } else {
         JFolder::create($exf);
         JFile::copy($ex . '.htaccess', $exf . DS . '.htaccess');
         return $exf;
     }
 }
开发者ID:aldegtyarev,项目名称:stelsvelo,代码行数:15,代码来源:export_helper.php

示例15: template_update_upload

 function template_update_upload()
 {
     return false;
     jimport('joomla.filesystem.file');
     $file = "";
     $msg = '';
     foreach ($_FILES as $k => $v) {
         // $msg .= 'key: '.$k.'<br />';
         // $msg .= 'val: '.$v.'<br />';
         if (strpos($k, 'uploadedupdatefile_') !== false && !empty($_FILES[$k]['name'])) {
             $file = $k;
         }
     }
     $arr = explode('_', $file);
     if (count($arr) > 1) {
         $tid = $arr[1];
         if (!is_numeric($tid)) {
             return "Error!";
         }
         // get previous file
         $ehelper = new OnepageTemplateHelper();
         $tt = $ehelper->getTemplate($tid);
         $target_path = JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_onepage' . DS . 'export' . DS;
         if (file_exists($target_path . $tt['file'])) {
             if (!JFile::delete($target_path . $tt['file'])) {
                 $msg .= 'Could not remove old template file: ' . $tt['file'];
             }
         }
         $newname = JFile::makesafe(basename($_FILES['uploadedupdatefile_' . $tid]['name']));
         $msg .= $ehelper->updateFileName($tid, $newname);
         //$userfile = JRequest::getVar('uploadedupdatefile_'.$tid, null, 'files');
         //var_dump($userfile); die();
         $target_path = $target_path . $newname;
         if (JFile::upload($_FILES[$file]['tmp_name'], $target_path)) {
             $msg .= "The template file " . $newname . " has been uploaded";
         } else {
             $msg .= "There was an error uploading the file, please try again! file: " . $newname;
         }
     } else {
         $msg .= "There was an error uploading the file, please try again! ";
     }
     return $msg;
 }
开发者ID:aldegtyarev,项目名称:stelsvelo,代码行数:43,代码来源:config.php


注:本文中的JFile::makesafe方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。