本文整理汇总了PHP中JFile::makesafe方法的典型用法代码示例。如果您正苦于以下问题:PHP JFile::makesafe方法的具体用法?PHP JFile::makesafe怎么用?PHP JFile::makesafe使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类JFile
的用法示例。
在下文中一共展示了JFile::makesafe方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: getValue
function getValue($field, $source_array)
{
jimport('joomla.filesystem.file');
$upload_path = $field->getParam('upload_path', 'media' . DS . APP_EXTENSION . DS . 'files' . DS . $field->db_name);
$allowed_extensions = explode(',', $field->getParam('file_extensions', 'jpg,gif,jpeg,png'));
$delete_file = JArrayHelper::getValue($source_array, "{$field->db_name}_delete", 0, "INT");
if ($delete_file) {
return "";
}
$file = JRequest::getVar($field->db_name . '_replace', null, 'files');
if (!$file['name']) {
$file = JRequest::getVar($field->db_name, null, 'files');
}
$fname = $file['name'];
if (!is_uploaded_file($file['tmp_name'])) {
return null;
}
$ext = strtolower(JFile::getExt($fname));
if (!in_array($ext, $allowed_extensions)) {
return null;
}
$file_name = JFile::makesafe('custom-' . trim($field->db_name) . '-' . time() . ".{$ext}");
JFile::upload($file['tmp_name'], $upload_path . DS . $file_name);
return $file_name;
}
示例2: template_update_upload
function template_update_upload()
{
require_once JPATH_COMPONENT . DS . 'assets' . DS . 'export_helper.php';
jimport('joomla.filesystem.file');
$file = "";
$msg = '';
foreach ($_FILES as $k => $v) {
// $msg .= 'key: '.$k.'<br />';
// $msg .= 'val: '.$v.'<br />';
if (strpos($k, 'uploadedupdatefile_') !== false && !empty($_FILES[$k]['name'])) {
$file = $k;
}
}
$arr = explode('_', $file);
if (count($arr) > 1) {
$tid = $arr[1];
if (!is_numeric($tid)) {
return "Error!";
}
// get previous file
$ehelper = new OnepageTemplateHelper();
$tt = $ehelper->getTemplate($tid);
$target_path = JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_onepage' . DS . 'export' . DS . 'templates' . DS;
$newname = JFile::makesafe(basename($_FILES['uploadedupdatefile_' . $tid]['name']));
if (file_exists($target_path . $newname) && $tt['file'] != $newname) {
$msg = 'Another theme is using the same filename';
} else {
if (file_exists($target_path . $tt['file'])) {
if (!JFile::delete($target_path . $tt['file'])) {
$msg .= 'Could not remove old template file: ' . $tt['file'] . '<br />';
}
}
$msg .= $ehelper->updateFileName($tid, $newname);
if (!empty($msg)) {
//$userfile = JRequest::getVar('uploadedupdatefile_'.$tid, null, 'files');
//var_dump($userfile); die();
$target_path = $target_path . $newname;
//echo $target_path.'<br />'; var_dump($_FILES); die();
if (JFile::upload($_FILES[$file]['tmp_name'], $target_path)) {
$msg .= "The template file " . $newname . " has been uploaded";
} else {
$msg .= "There was an error uploading the file, please try again! file: " . $newname;
}
}
}
}
if (empty($msg)) {
$msg = 'O.K.';
}
//JFile::delete($_FILES[$file]['tmp_name']);
$link = 'index.php?option=com_onepage&view=order_export';
$this->setRedirect($link, $msg);
return $msg;
//die('som tu');
}
示例3: canUpload
/**
* Upload Form
*
* @param string $file POST File
*
* @param string &$err Message Error
*
* @param string $settings $Setting
*
* @return boolean
*/
public static function canUpload($file, &$err, $settings)
{
if (empty($file['name'])) {
$err = JText::_('JSN_UNIFORM_ERROR_UPLOAD_INPUT');
return false;
}
$params = JComponentHelper::getParams('com_media');
if (empty($settings->options->limitFileExtensions) || $settings->options->limitFileExtensions != 1) {
$settings->options->allowedExtensions = $params->get('upload_extensions');
}
if (empty($settings->options->limitFileSize) || $settings->options->limitFileSize != 1) {
$settings->options->maxSize = $params->get('upload_maxsize');
$settings->options->maxSizeUnit = 'MB';
}
jimport('joomla.filesystem.file');
if ($file['name'] !== JFile::makesafe($file['name'])) {
$err = JText::_('JSN_UNIFORM_ERROR_WARNFILENAME');
return false;
}
$format = strtolower(JFile::getExt($file['name']));
$allowedExtensions = str_replace(" ", "", $settings->options->allowedExtensions);
$allowable = explode(',', $allowedExtensions);
switch ($settings->options->maxSizeUnit) {
case 'KB':
$uploadMaxSize = $settings->options->maxSize * 1024;
break;
case 'MB':
$uploadMaxSize = $settings->options->maxSize * 1024 * 1024;
break;
case 'GB':
$uploadMaxSize = $settings->options->maxSize * 1024 * 1024 * 1024;
break;
}
if ($uploadMaxSize > (int) ini_get('upload_max_filesize') * 1024 * 1024) {
if ((int) $file['size'] == 0 && (int) $file['error'] == 1 && empty($file['tmp_name'])) {
$err = JText::sprintf('JSN_UNIFORM_POST_UPLOAD_SIZE', (int) ini_get('upload_max_filesize') . " MB");
return false;
}
}
if (!in_array($format, $allowable) || in_array($format, array('php', 'phps', 'php3', 'php4', 'phtml', 'pl', 'py', 'jsp', 'asp', 'htm', 'shtml', 'sh', 'cgi', 'htaccess', 'exe', 'dll'))) {
$err = JText::sprintf('JSN_UNIFORM_ERROR_WARNFILETYPE', "." . $format);
return false;
}
if ((int) $file['size'] > $uploadMaxSize) {
$err = JText::sprintf('JSN_UNIFORM_POST_UPLOAD_SIZE', $settings->options->maxSize . " " . $settings->options->maxSizeUnit);
return false;
} else {
if ((int) $file['size'] == 0 && (int) $file['error'] == 1 && empty($file['tmp_name'])) {
$err = JText::sprintf('JSN_UNIFORM_POST_UPLOAD_SIZE', $settings->options->maxSize . " " . $settings->options->maxSizeUnit);
return false;
}
}
return true;
}
示例4: canUpload
/**
* Checks if the file can be uploaded
*
* @param array File information
* @param string An error message to be returned
* @return boolean
*/
public static function canUpload($file, &$err)
{
//$params = &JComponentHelper::getParams( 'com_media' );
$params = EasyBlogHelper::getConfig();
if (empty($file['name'])) {
$err = 'COM_EASYBLOG_WARNEMPTYFILE';
return false;
}
jimport('joomla.filesystem.file');
if ($file['name'] !== JFile::makesafe($file['name'])) {
$err = 'COM_EASYBLOG_WARNFILENAME';
return false;
}
$format = strtolower(JFile::getExt($file['name']));
if (!EasyImageHelper::isImage($file['name'])) {
$err = 'COM_EASYBLOG_WARNINVALIDIMG';
return false;
}
$maxWidth = 160;
$maxHeight = 160;
// maxsize should get from eblog config
//$maxSize = 2000000; //2MB
//$maxSize = 200000; //200KB
// 1 megabyte == 1048576 byte
$byte = 1048576;
$uploadMaxsize = (double) $params->get('main_upload_image_size', 0);
$maxSize = $uploadMaxsize * $byte;
if ($maxSize > 0 && (double) $file['size'] > $maxSize) {
$err = 'COM_EASYBLOG_WARNFILETOOLARGE';
return false;
}
$user = JFactory::getUser();
$imginfo = null;
if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) {
$err = 'COM_EASYBLOG_WARNINVALIDIMG';
return false;
}
return true;
}
示例5: canUpload
/**
* Checks if the file can be uploaded
*
* @param array File information
* @param string An error message to be returned
* @return boolean
*/
public static function canUpload($file, &$err)
{
//$params = JComponentHelper::getParams( 'com_media' );
$config = DiscussHelper::getConfig();
$maxSize = $config->get('main_upload_maxsize');
// Convert MB to B
$maxSize = $maxSize * 1024 * 1024;
if (empty($file['name'])) {
$err = JText::_('COM_EASYDISCUSS_EMPTY_FILENAME');
return false;
}
jimport('joomla.filesystem.file');
if ($file['name'] !== JFile::makesafe($file['name'])) {
$err = JText::_('COM_EASYDISCUSS_INVALID_FILENAME');
return false;
}
$format = strtolower(JFile::getExt($file['name']));
if (!DiscussImageHelper::isImage($file['name'])) {
$err = JText::_('COM_EASYDISCUSS_INVALID_IMG');
return false;
}
$maxWidth = 160;
$maxHeight = 160;
// maxsize should get from eblog config
//$maxSize = 2000000; //2MB
//$maxSize = 200000; //200KB
//$maxSize = (int) $params->get( 'main_upload_maxsize', 0 );
if ($maxSize > 0 && (int) $file['size'] > $maxSize) {
$err = JText::_('COM_EASYDISCUSS_FILE_TOO_LARGE');
return false;
}
$user = JFactory::getUser();
$imginfo = null;
if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) {
$err = JText::_('COM_EASYDISCUSS_IMAGE_CORRUPT');
return false;
}
return true;
}
示例6: check
/**
* Checks uploaded file
*
* @param string $file The file name
* @param string $err Set (return) the error string in it
* @param string $file view 's parameters
* @return string The file extension
* @since 1.5
*/
static function check(&$file, &$err, &$params)
{
if (!$params) {
$params = JComponentHelper::getParams('com_flexicontent');
}
if (empty($file['name'])) {
$err = 'FLEXI_PLEASE_INPUT_A_FILE';
return false;
}
jimport('joomla.filesystem.file');
$file['altname'] = $file['name'];
if ($file['name'] !== JFile::makesafe($file['name'])) {
//$err = JText::_('FLEXI_WARNFILENAME').','.$file['name'].'|'.JFile::makesafe($file['name'])."<br/>";
//return false;
$file['name'] = date('Y-m-d-H-i-s') . "." . flexicontent_upload::getExt($file['name']);
}
// ***************************************
// Check if the image file type is allowed
// ***************************************
$format = strtolower(flexicontent_upload::getExt($file['name']));
$allowed_exts = $params->get('upload_extensions', 'bmp,csv,doc,docx,gif,ico,jpg,jpeg,odg,odp,ods,odt,pdf,png,ppt,pptx,swf,txt,xcf,xls,xlsx,zip,ics');
$allowed_exts = preg_split("/[\\s]*,[\\s]*/", $allowed_exts);
foreach ($allowed_exts as $a => $allowed_ext) {
$allowed_exts[$a] = strtolower($allowed_ext);
}
$ignored = explode(',', $params->get('ignore_extensions'));
foreach ($ignored as $a => $ignored_ext) {
$ignored[$a] = strtolower($ignored_ext);
}
if (!in_array($format, $allowed_exts) && !in_array($format, $ignored)) {
$err = 'FLEXI_WARNFILETYPE';
return false;
}
// **************
// Check filesize
// **************
$maxSize = (int) $params->get('upload_maxsize', 0);
if ($maxSize > 0 && (int) $file['size'] > $maxSize) {
$err = 'FLEXI_WARNFILETOOLARGE';
return false;
}
$imginfo = null;
$images = explode(',', $params->get('image_extensions'));
if ($params->get('restrict_uploads', 1)) {
if (in_array($format, $images)) {
// if its an image run it through getimagesize
if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) {
$err = 'FLEXI_WARNINVALIDIMG';
return false;
}
} else {
if (!in_array($format, $ignored)) {
// if its not an image...and we're not ignoring it
$allowed_mime = explode(',', $params->get('upload_mime'));
$illegal_mime = explode(',', $params->get('upload_mime_illegal'));
if (function_exists('finfo_open') && $params->get('check_mime', 1)) {
// We have fileinfo
$finfo = finfo_open(FILEINFO_MIME);
$type = finfo_file($finfo, $file['tmp_name']);
if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
$err = 'FLEXI_WARNINVALIDMIME';
return false;
}
finfo_close($finfo);
} else {
if (function_exists('mime_content_type') && $params->get('check_mime', 1)) {
// we have mime magic
$type = mime_content_type($file['tmp_name']);
if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
$err = 'FLEXI_WARNINVALIDMIME';
return false;
}
}
}
}
}
}
// ***************************
// Check fof XSS safe contents
// ***************************
$xss_check = JFile::read($file['tmp_name'], false, 256);
$html_tags = array('abbr', 'acronym', 'address', 'applet', 'area', 'audioscope', 'base', 'basefont', 'bdo', 'bgsound', 'big', 'blackface', 'blink', 'blockquote', 'body', 'bq', 'br', 'button', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'comment', 'custom', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'embed', 'fieldset', 'fn', 'font', 'form', 'frame', 'frameset', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'hr', 'html', 'iframe', 'ilayer', 'img', 'input', 'ins', 'isindex', 'keygen', 'kbd', 'label', 'layer', 'legend', 'li', 'limittext', 'link', 'listing', 'map', 'marquee', 'menu', 'meta', 'multicol', 'nobr', 'noembed', 'noframes', 'noscript', 'nosmartquotes', 'object', 'ol', 'optgroup', 'option', 'param', 'plaintext', 'pre', 'rt', 'ruby', 's', 'samp', 'script', 'select', 'server', 'shadow', 'sidebar', 'small', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'title', 'tr', 'tt', 'ul', 'var', 'wbr', 'xml', 'xmp', '!DOCTYPE', '!--');
foreach ($html_tags as $tag) {
// A tag is '<tagname ', so we need to add < and a space or '<tagname>'
if (stristr($xss_check, '<' . $tag . ' ') || stristr($xss_check, '<' . $tag . '>')) {
$err = 'FLEXI_WARNIEXSS';
return false;
}
}
return true;
}
示例7:
case 2:
$err = 'FILE TO LARGE THAN HTML FORM ALLOWS';
break;
case 3:
$err = 'ERROR PARTIAL UPLOAD';
break;
case 4:
return;
break;
// NO FILE
// NO FILE
default:
$err = '';
break;
}
if (!$err) {
// validation passed, move the file
$fileTemp = $_FILES[$fieldName]['tmp_name'];
$newFileName = JFile::makesafe($_FILES[$fieldName]['name']);
$uploadPath = $folder . '/' . $newFileName;
if (!JFile::upload($fileTemp, $uploadPath)) {
$err = 'ERROR MOVING FILE';
}
}
if ($err) {
// Error found
$lang = JFactory::getLanguage();
$lang->load('com_media');
echo '<strong style="color:#ff0000">ERROR: ' . JText::_($err) . '</strong>';
}
}
示例8: getVM2en
function getVM2en()
{
$this->flushTable();
$tr_from = JRequest::getVar('tr_fromlang', 'en-GB');
$to = JRequest::getVar('tr_tolang', 'en-GB');
$tr_type = JRequest::getVar('tr_type', 'site');
$xt = JRequest::getVar('tr_ext', '');
//echo $xt;
//die('x:'.rand());
if (empty($xt)) {
JRequest::setVar('format', 'html');
return;
}
$xt = str_replace('.ini', '', $xt);
jimport('joomla.filesystem.folder');
jimport('joomla.filesystem.file');
$tr_type = JFile::makesafe($tr_type);
$xt = JFile::makesafe($xt);
$to = JFile::makesafe($to);
$tr_from = JFile::makesafe($tr_from);
$arr1 = $this->getIni($tr_from, $tr_type, $xt);
$arr2 = $this->getIni($to, $tr_type, $xt);
$arr2o = unserialize(serialize($arr2));
// get rid of the reference
$arr1o = unserialize(serialize($arr1));
if (!empty($arr2o)) {
foreach ($arr2o as $k => $a2) {
// if sk['text'] en['text'] = sk['text']
if (!empty($arr2[$k])) {
$arr1[$k] = $arr2[$k];
}
if (!empty($arr3[$k])) {
$arr2[$k] = $arr3[$k];
$arr1[$k] = $arr3[$k];
}
}
} else {
// translat to file does not exists
/*
foreach ($arr1o as $k=>$a2)
{
//var_dump($arr1o);
//var_dump($arr3); die();
if (!empty($arr3[$k]))
{
$arr2[$k] = $arr3[$k];
//$arr1[$k] = $arr3[$k];
}
}
*/
//die();
}
$user = JFactory::getUser();
$username = $user->username;
if (!$this->checkDB($xt, $tr_type, $tr_from)) {
$this->fillDB($xt, $tr_type, $tr_from, $arr1, $username);
$this->getTranlations($xt, $tr_type, $tr_from, $arr1);
} else {
$this->getTranlations($xt, $tr_type, $tr_from, $arr1);
}
$ret[$tr_type][$tr_from] = $arr1;
$arr2 = $this->getIni($to, $tr_type, $xt);
// if absolutely no language file exists for target language
if (empty($arr2)) {
$arr2 = $this->getIni($tr_from, $tr_type, $xt);
}
// we need to check if it contains at least the same fields as the original language
foreach ($arr1o as $kk => $vv) {
if (!is_array($vv)) {
if (!isset($arr2[$kk])) {
$arr2[$kk] = $vv;
}
}
}
// vm2.0.22+ new lang files:
if (stripos($xt, 'com_virtuemart') !== false) {
$arr3 = $this->getIni($to, $tr_type, 'com_virtuemart');
}
foreach ($arr1o as $k => $a2) {
//var_dump($arr1o);
//var_dump($arr3); die();
if (!empty($arr3[$k])) {
$arr2[$k] = $arr3[$k];
//$arr1[$k] = $arr3[$k];
}
}
unset($arr1);
if (!$this->checkDB($xt, $tr_type, $to)) {
$this->fillDB($xt, $tr_type, $to, $arr2, $username);
$this->getTranlations($xt, $tr_type, $to, $arr2, $arr1o);
unset($arr1o);
} else {
$this->getTranlations($xt, $tr_type, $to, $arr2, $arr1o);
unset($arr1o);
}
// ret['site']['to_language'] = ...
$ret[$tr_type][$to] = $arr2;
unset($arr2);
//var_dump($ret); die();
//.........这里部分代码省略.........
示例9: canUpload
/**
* Checks if the file can be uploaded
*
* @param array File information
* @param string An error message to be returned
* @return boolean
*/
public static function canUpload($file, &$err)
{
$params = JComponentHelper::getParams('com_media');
if (empty($file['name'])) {
$err = 'COM_MEDIA_ERROR_UPLOAD_INPUT';
return false;
}
jimport('joomla.filesystem.file');
if ($file['name'] !== JFile::makesafe($file['name'])) {
$err = 'COM_MEDIA_ERROR_WARNFILENAME';
return false;
}
$format = strtolower(JFile::getExt($file['name']));
// Media file names should never have executable extensions buried in them.
$executable = array('php', 'js', 'exe', 'phtml', 'java', 'perl', 'py', 'asp', 'dll', 'go', 'ade', 'adp', 'bat', 'chm', 'cmd', 'com', 'cpl', 'hta', 'ins', 'isp', 'jse', 'lib', 'mde', 'msc', 'msp', 'mst', 'pif', 'scr', 'sct', 'shb', 'sys', 'vb', 'vbe', 'vbs', 'vxd', 'wsc', 'wsf', 'wsh');
$explodedFileName = explode('.', $file['name']);
if (count($explodedFileName > 2)) {
foreach ($executable as $extensionName) {
if (in_array($extensionName, $explodedFileName)) {
$app->enqueueMessage(JText::_('JLIB_MEDIA_ERROR_WARNFILETYPE'), 'notice');
return false;
}
}
}
$allowable = explode(',', $params->get('upload_extensions'));
$ignored = explode(',', $params->get('ignore_extensions'));
if ($format == '' || $format == false || !in_array($format, $allowable) && !in_array($format, $ignored)) {
$err = 'COM_MEDIA_ERROR_WARNFILETYPE';
return false;
}
$maxSize = (int) ($params->get('upload_maxsize', 0) * 1024 * 1024);
if ($maxSize > 0 && (int) $file['size'] > $maxSize) {
$err = 'COM_MEDIA_ERROR_WARNFILETOOLARGE';
return false;
}
$user = JFactory::getUser();
$imginfo = null;
if ($params->get('restrict_uploads', 1)) {
$images = explode(',', $params->get('image_extensions'));
if (in_array($format, $images)) {
// if its an image run it through getimagesize
// if tmp_name is empty, then the file was bigger than the PHP limit
if (!empty($file['tmp_name'])) {
if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) {
$err = 'COM_MEDIA_ERROR_WARNINVALID_IMG';
return false;
}
} else {
$err = 'COM_MEDIA_ERROR_WARNFILETOOLARGE';
return false;
}
} elseif (!in_array($format, $ignored)) {
// if its not an image...and we're not ignoring it
$allowed_mime = explode(',', $params->get('upload_mime'));
$illegal_mime = explode(',', $params->get('upload_mime_illegal'));
if (function_exists('finfo_open') && $params->get('check_mime', 1)) {
// We have fileinfo
$finfo = finfo_open(FILEINFO_MIME);
$type = finfo_file($finfo, $file['tmp_name']);
if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
$err = 'COM_MEDIA_ERROR_WARNINVALID_MIME';
return false;
}
finfo_close($finfo);
} elseif (function_exists('mime_content_type') && $params->get('check_mime', 1)) {
// we have mime magic
$type = mime_content_type($file['tmp_name']);
if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
$err = 'COM_MEDIA_ERROR_WARNINVALID_MIME';
return false;
}
} elseif (!$user->authorise('core.manage')) {
$err = 'COM_MEDIA_ERROR_WARNNOTADMIN';
return false;
}
}
}
$xss_check = JFile::read($file['tmp_name'], false, 256);
$html_tags = array('abbr', 'acronym', 'address', 'applet', 'area', 'audioscope', 'base', 'basefont', 'bdo', 'bgsound', 'big', 'blackface', 'blink', 'blockquote', 'body', 'bq', 'br', 'button', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'comment', 'custom', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'embed', 'fieldset', 'fn', 'font', 'form', 'frame', 'frameset', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'hr', 'html', 'iframe', 'ilayer', 'img', 'input', 'ins', 'isindex', 'keygen', 'kbd', 'label', 'layer', 'legend', 'li', 'limittext', 'link', 'listing', 'map', 'marquee', 'menu', 'meta', 'multicol', 'nobr', 'noembed', 'noframes', 'noscript', 'nosmartquotes', 'object', 'ol', 'optgroup', 'option', 'param', 'plaintext', 'pre', 'rt', 'ruby', 's', 'samp', 'script', 'select', 'server', 'shadow', 'sidebar', 'small', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'title', 'tr', 'tt', 'ul', 'var', 'wbr', 'xml', 'xmp', '!DOCTYPE', '!--');
foreach ($html_tags as $tag) {
// A tag is '<tagname ', so we need to add < and a space or '<tagname>'
if (stristr($xss_check, '<' . $tag . ' ') || stristr($xss_check, '<' . $tag . '>')) {
$err = 'COM_MEDIA_ERROR_WARNIEXSS';
return false;
}
}
return true;
}
示例10: saveFile
/**
* function_description
*
* @return boolean
*/
function saveFile()
{
$mainframe = JFactory::getApplication();
jimport('joomla.filesystem.file');
jimport('joomla.filesystem.folder');
$db = JFactory::getDBO();
$user = JFactory::getUser();
$cache = JFactory::getCache('com_jtg');
// Get the post data
$catid = JFactory::getApplication()->input->get('catid', null, 'array');
$catid = $catid ? implode(',', $catid) : '';
$level = JFactory::getApplication()->input->get('level', 0, 'integer');
$title = JFactory::getApplication()->input->get('title', '', 'string');
$terrain = JFactory::getApplication()->input->get('terrain', null, 'array');
$terrain = $terrain ? implode(', ', $terrain) : '';
$desc = $db->escape(implode(' ', JFactory::getApplication()->input->get('description', '', 'array')));
$file = JFactory::getApplication()->input->files->get('file');
$uid = $user->get('id');
$date = date("Y-m-d");
$jInput = JFactory::getApplication()->input;
$jFileInput = new jInput($_FILES);
$images = $jFileInput->get('images', array(), 'array');
$access = JRequest::getInt('access', 0);
$hidden = JRequest::getInt('hidden', 0);
$published = JRequest::getInt('published', 0);
// Upload the file
$upload_dir = JPATH_SITE . '/images/jtrackgallery/uploaded_tracks/';
$filename = strtolower(JFile::makeSafe($file['name']));
$newfile = $upload_dir . strtolower($filename);
if (JFile::exists($newfile)) {
$alert_text = json_encode(JText::sprintf("COM_JTG_FILE_ALREADY_EXISTS", $filename));
die("<script type='text/javascript' charset='UTF-8'>alert({$alert_text});window.history.back(-1);</script>");
}
if (!JFile::upload($file['tmp_name'], $newfile)) {
$alert_text = json_encode(JText::_('COM_JTG_UPLOAD_FAILS'));
die("<script type='text/javascript'>alert({$alert_text});window.history.back(-1);</script>");
} else {
chmod($newfile, 0777);
}
// Get the start coordinates..
// Default unit
$gpsData = new GpsDataClass("Kilometer");
$gpsData = $cache->get(array($gpsData, 'loadFileAndData'), array($newfile, strtolower($filename)), "Kilometer");
$errors = $gpsData->displayErrors();
if ($errors) {
$map = "";
$coords = "";
$distance_float = 0;
$distance = 0;
// Try to delete the file
if (JFile::exists($upload_dir . strtolower($filename))) {
JFile::delete($upload_dir . strtolower($filename));
}
$alert_text = json_encode(JText::_('COM_JTG_NO_SUPPORT') . '\\n' . $errors);
echo "<script type='text/javascript'>alert({$alert_text});window.history.back(-1);</script>";
exit;
}
$start_n = $gpsData->start[1];
$start_e = $gpsData->start[0];
$coords = $gpsData->allCoords;
$isTrack = $gpsData->isTrack;
$isWaypoint = $gpsData->isWaypoint;
$isRoute = 0;
$isCache = 0;
$distance = $gpsData->distance;
$query = "INSERT INTO #__jtg_files SET" . "\n uid='" . $uid . "'," . "\n catid='" . $catid . "'," . "\n title='" . $title . "'," . "\n file='" . strtolower($filename) . "'," . "\n terrain='" . $terrain . "'," . "\n description='" . $desc . "'," . "\n published='" . $published . "'," . "\n date='" . $date . "'," . "\n start_n='" . $start_n . "'," . "\n start_e='" . $start_e . "'," . "\n distance='" . $distance . "'," . "\n ele_asc='" . round($gpsData->totalAscent, 0) . "'," . "\n ele_desc='" . round($gpsData->totalDescent, 0) . "'," . "\n level='" . $level . "'," . "\n access='" . $access . "'," . "\n hidden='" . $hidden . "'," . "\n istrack='" . $isTrack . "'," . "\n iswp='" . $isWaypoint . "'," . "\n isroute='" . $isRoute . "'," . "\n iscache='" . $isCache . "'";
$db->setQuery($query);
$db->execute();
if ($db->getErrorNum()) {
echo $db->stderr();
return false;
}
$query = "SELECT id FROM #__jtg_files WHERE file='" . strtolower($filename) . "'";
$db->setQuery($query);
$rows = $db->loadObject();
// Images upload part
$cfg = JtgHelper::getConfig();
$types = explode(',', $cfg->type);
if (count($images) > 0) {
$img_dir = JPATH_SITE . '/images/jtrackgallery/uploaded_tracks_images/track_' . $rows->id . '/';
JFolder::create($img_dir, 0777);
foreach ($images['name'] as $key => $value) {
if ($value != "") {
$imgfilename = JFile::makesafe($value);
$ext = JFile::getExt($images['name'][$key]);
if (in_array(strtolower($ext), $types)) {
JtgHelper::createimageandthumbs($images['tmp_name'][$key], $ext, $img_dir, $imgfilename);
}
}
}
}
return true;
}
示例11: getPhpExportThemes
function getPhpExportThemes()
{
$path = JPATH_SITE . DS . 'components' . DS . 'com_onepage' . DS . 'xmlexport' . DS . 'php';
if (!file_exists($path)) {
return array();
}
jimport('joomla.filesystem.folder');
jimport('joomla.filesystem.file');
$files = JFolder::files($path, $filter = '.php', false, true);
$arr = array();
foreach ($files as $f) {
$pi = pathinfo($f);
$file = $pi['filename'];
$jf = JFile::makesafe($file);
// security here:
if ($jf != $file) {
continue;
}
$path = JPATH_SITE . DS . 'components' . DS . 'com_onepage' . DS . 'xmlexport' . DS . 'php' . DS . $file . '.xml';
if (!file_exists($path)) {
continue;
}
$arr[] = $file;
}
return $arr;
}
示例12: canUpload
/**
* can Upload
*
* @param array $file
* @param string $errorUploadMsg
* @param int $frontEnd - if it is called from frontend or backend (1 - category view, 2 user control panel)
* @param boolean $chunkMethod - if chunk method is used (multiple upload) then there are special rules
* @param string $realSize - if chunk method is used we get info about real size of file (not only the part)
* @return boolean True on success
* @since 1.5
*/
public static function canUpload($file, &$errUploadMsg, $frontEnd = 0, $chunkEnabled = 0, $realSize = 0)
{
$params = JComponentHelper::getParams('com_phocagallery');
$paramsL = array();
$paramsL['upload_extensions'] = 'gif,jpg,png,jpeg';
$paramsL['image_extensions'] = 'gif,jpg,png,jpeg';
$paramsL['upload_mime'] = 'image/jpeg,image/gif,image/png';
$paramsL['upload_mime_illegal'] = 'application/x-shockwave-flash,application/msword,application/excel,application/pdf,application/powerpoint,text/plain,application/x-zip,text/html';
// The file doesn't exist
if (empty($file['name'])) {
$errUploadMsg = 'COM_PHOCAGALLERY_ERROR_UNABLE_TO_UPLOAD_FILE';
return false;
}
// Not safe file
jimport('joomla.filesystem.file');
if ($file['name'] !== JFile::makesafe($file['name'])) {
$errUploadMsg = 'COM_PHOCAGALLERY_WARNING_FILENAME';
return false;
}
$format = strtolower(JFile::getExt($file['name']));
// Allowable extension
$allowable = explode(',', $paramsL['upload_extensions']);
if ($format == '' || $format == false || !in_array($format, $allowable)) {
//if (!in_array($format, $allowable)) {
$errUploadMsg = 'COM_PHOCAGALLERY_WARNING_FILETYPE';
return false;
}
// 'COM_PHOCAGALLERY_MAX_RESOLUTION'
$imgSize = PhocaGalleryImage::getImageSize($file['tmp_name']);
$maxResWidth = $params->get('upload_maxres_width', 3072);
$maxResHeight = $params->get('upload_maxres_height', 2304);
if ((int) $maxResWidth > 0 && (int) $maxResHeight > 0 && ((int) $imgSize[0] > (int) $maxResWidth || (int) $imgSize[1] > (int) $maxResHeight)) {
$errUploadMsg = 'COM_PHOCAGALLERY_WARNING_FILE_TOOLARGE_RESOLUTION';
return false;
}
// User (only in ucp) - Check the size of all images by users
if ($frontEnd == 2) {
$user = JFactory::getUser();
$maxUserImageSize = (int) $params->get('user_images_max_size', 20971520);
if ($chunkEnabled == 1) {
$fileSize = $realSize;
} else {
$fileSize = $file['size'];
}
$allFileSize = PhocaGalleryFileUploadFront::getSizeAllOriginalImages($fileSize, $user->id);
if ((int) $maxUserImageSize > 0 && (int) $allFileSize > $maxUserImageSize) {
$errUploadMsg = JText::_('COM_PHOCAGALLERY_WARNING_USERIMAGES_TOOLARGE');
return false;
}
}
// Max size of image
// If chunk method is used, we need to get computed size
$maxSize = $params->get('upload_maxsize', 3145728);
if ($chunkEnabled == 1) {
if ((int) $maxSize > 0 && (int) $realSize > (int) $maxSize) {
$errUploadMsg = 'COM_PHOCAGALLERY_WARNING_FILE_TOOLARGE';
return false;
}
} else {
if ((int) $maxSize > 0 && (int) $file['size'] > (int) $maxSize) {
$errUploadMsg = 'COM_PHOCAGALLERY_WARNING_FILE_TOOLARGE';
return false;
}
}
$user = JFactory::getUser();
$imginfo = null;
// Image check
$images = explode(',', $paramsL['image_extensions']);
if (in_array($format, $images)) {
// if its an image run it through getimagesize
if ($chunkEnabled != 1) {
if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) {
$errUploadMsg = 'COM_PHOCAGALLERY_WARNING_INVALIDIMG';
return false;
}
}
} else {
if (!in_array($format, $images)) {
// if its not an image...and we're not ignoring it
$allowed_mime = explode(',', $paramsL['upload_mime']);
$illegal_mime = explode(',', $paramsL['upload_mime_illegal']);
if (function_exists('finfo_open')) {
// We have fileinfo
$finfo = finfo_open(FILEINFO_MIME);
$type = finfo_file($finfo, $file['tmp_name']);
if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) {
$errUploadMsg = 'COM_PHOCAGALLERY_WARNING_INVALIDMIME';
return false;
}
//.........这里部分代码省略.........
示例13: canUpload
public static function canUpload( $file, &$err, $manager = '', $frontEnd = 0, $chunkEnabled = 0, $realSize = 0) {
$paramsC = JComponentHelper::getParams( 'com_phocadownload' );
if ($frontEnd == 1) {
$aft = $paramsC->get( 'allowed_file_types_upload', PhocaDownloadSettings::getDefaultAllowedMimeTypesUpload() );
$dft = $paramsC->get( 'disallowed_file_types_upload', '' );
$allowedMimeType = PhocaDownloadFile::getMimeTypeString($aft);
$disallowedMimeType = PhocaDownloadFile::getMimeTypeString($dft);
$ignoreUploadCh = 0;
$ignoreUploadCheck = $params->get( 'ignore_file_types_check', 2 );
if ($ignoreUploadCheck == 1 || $ignoreUploadCheck == 4 ) {
$ignoreUploadCh = 1;
}
} else {
$aft = $paramsC->get( 'allowed_file_types_download', PhocaDownloadSettings::getDefaultAllowedMimeTypesDownload() );
$dft = $paramsC->get( 'disallowed_file_types_download', '' );
$allowedMimeType = PhocaDownloadFile::getMimeTypeString($aft);
$disallowedMimeType = PhocaDownloadFile::getMimeTypeString($dft);
$ignoreUploadCh = 0;
$ignoreUploadCheck = $paramsC->get( 'ignore_file_types_check', 2 );
if ($ignoreUploadCheck == 5 || $ignoreUploadCheck == 5 ) {
$ignoreUploadCh = 1;
}
}
$paramsL = array();
$group = PhocaDownloadSettings::getManagerGroup($manager);
if ($group['f'] == 2) {
$paramsL['upload_extensions'] = 'gif,jpg,png,jpeg';
$paramsL['image_extensions'] = 'gif,jpg,png,jpeg';
$paramsL['upload_mime'] = 'image/jpeg,image/gif,image/png';
$paramsL['upload_mime_illegal'] ='application/x-shockwave-flash,application/msword,application/excel,application/pdf,application/powerpoint,text/plain,application/x-zip,text/html';
$paramsL['upload_ext_illegal'] = $disallowedMimeType['ext'];
} else {
$paramsL['upload_extensions'] = $allowedMimeType['ext'];
$paramsL['image_extensions'] = 'bmp,gif,jpg,png,jpeg';
$paramsL['upload_mime'] = $allowedMimeType['mime'];
$paramsL['upload_mime_illegal'] = $disallowedMimeType['mime'];
$paramsL['upload_ext_illegal'] = $disallowedMimeType['ext'];
}
// The file doesn't exist
if(empty($file['name'])) {
$err = 'COM_PHOCADOWNLOAD_WARNING_INPUT_FILE_UPLOAD';
return false;
}
// Not safe file
jimport('joomla.filesystem.file');
if ($file['name'] !== JFile::makesafe($file['name'])) {
$err = 'COM_PHOCADOWNLOAD_WARNFILENAME';
return false;
}
$format = strtolower(JFile::getExt($file['name']));
if ($ignoreUploadCh == 1) {
} else {
$allowable = explode( ',', $paramsL['upload_extensions']);
$notAllowable = explode( ',', $paramsL['upload_ext_illegal']);
if(in_array($format, $notAllowable)) {
$err = 'COM_PHOCADOWNLOAD_WARNFILETYPE_DISALLOWED';
return false;
}
//if (!in_array($format, $allowable)) {
if ($format == '' || $format == false || (!in_array($format, $allowable))) {
$err = 'COM_PHOCADOWNLOAD_WARNFILETYPE_NOT_ALLOWED';
return false;
}
}
// Max size of image
// If chunk method is used, we need to get computed size
$maxSize = $paramsC->get( 'upload_maxsize', 3145728 );
if ((int)$frontEnd > 0) {
$maxSize = $paramsC->get( 'user_file_upload_size', 3145728 );
} else {
$maxSize = $paramsC->get( 'upload_maxsize', 3145728 );
}
if ($chunkEnabled == 1) {
if ((int)$maxSize > 0 && (int)$realSize > (int)$maxSize) {
$err = 'COM_PHOCADOWNLOAD_WARNFILETOOLARGE';
return false;
}
} else {
if ((int)$maxSize > 0 && (int)$file['size'] > (int)$maxSize) {
$err = 'COM_PHOCADOWNLOAD_WARNFILETOOLARGE';
//.........这里部分代码省略.........
示例14: prepareDirectory
function prepareDirectory($tid)
{
jimport('joomla.filesystem.file');
$tname = $tid;
$tname = JFile::makesafe($tname);
$ex = JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_onepage' . DS . 'export' . DS;
$exf = $ex . $tname;
if (file_exists($exf)) {
return $exf;
} else {
JFolder::create($exf);
JFile::copy($ex . '.htaccess', $exf . DS . '.htaccess');
return $exf;
}
}
示例15: template_update_upload
function template_update_upload()
{
return false;
jimport('joomla.filesystem.file');
$file = "";
$msg = '';
foreach ($_FILES as $k => $v) {
// $msg .= 'key: '.$k.'<br />';
// $msg .= 'val: '.$v.'<br />';
if (strpos($k, 'uploadedupdatefile_') !== false && !empty($_FILES[$k]['name'])) {
$file = $k;
}
}
$arr = explode('_', $file);
if (count($arr) > 1) {
$tid = $arr[1];
if (!is_numeric($tid)) {
return "Error!";
}
// get previous file
$ehelper = new OnepageTemplateHelper();
$tt = $ehelper->getTemplate($tid);
$target_path = JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_onepage' . DS . 'export' . DS;
if (file_exists($target_path . $tt['file'])) {
if (!JFile::delete($target_path . $tt['file'])) {
$msg .= 'Could not remove old template file: ' . $tt['file'];
}
}
$newname = JFile::makesafe(basename($_FILES['uploadedupdatefile_' . $tid]['name']));
$msg .= $ehelper->updateFileName($tid, $newname);
//$userfile = JRequest::getVar('uploadedupdatefile_'.$tid, null, 'files');
//var_dump($userfile); die();
$target_path = $target_path . $newname;
if (JFile::upload($_FILES[$file]['tmp_name'], $target_path)) {
$msg .= "The template file " . $newname . " has been uploaded";
} else {
$msg .= "There was an error uploading the file, please try again! file: " . $newname;
}
} else {
$msg .= "There was an error uploading the file, please try again! ";
}
return $msg;
}