Linux lhjmq-records 5.15.0-118-generic #128-Ubuntu SMP Fri Jul 5 09:28:59 UTC 2024 x86_64
Your IP : 18.220.7.116
<?php
/** This file is part of KCFinder project
*
* @desc Uploader class
* @package KCFinder
* @version 2.51
* @author Pavel Tzonkov <pavelc@users.sourceforge.net>
* @copyright 2010, 2011 KCFinder Project
* @license http://www.opensource.org/licenses/gpl-2.0.php GPLv2
* @license http://www.opensource.org/licenses/lgpl-2.1.php LGPLv2
* @link http://kcfinder.sunhater.com
*/
class uploader {
/** Release version */
const VERSION = "2.51";
/** Config session-overrided settings
* @var array */
protected $config = array();
/** Opener applocation properties
* $opener['name'] Got from $_GET['opener'];
* $opener['CKEditor']['funcNum'] CKEditor function number (got from $_GET)
* $opener['TinyMCE'] Boolean
* @var array */
protected $opener = array();
/** Got from $_GET['type'] or first one $config['types'] array key, if inexistant
* @var string */
protected $type;
/** Helper property. Local filesystem path to the Type Directory
* Equivalent: $config['uploadDir'] . "/" . $type
* @var string */
protected $typeDir;
/** Helper property. Web URL to the Type Directory
* Equivalent: $config['uploadURL'] . "/" . $type
* @var string */
protected $typeURL;
/** Linked to $config['types']
* @var array */
protected $types = array();
/** Settings which can override default settings if exists as keys in $config['types'][$type] array
* @var array */
protected $typeSettings = array('disabled', 'theme', 'dirPerms', 'filePerms', 'denyZipDownload', 'maxImageWidth', 'maxImageHeight', 'thumbWidth', 'thumbHeight', 'jpegQuality', 'access', 'filenameChangeChars', 'dirnameChangeChars', 'denyExtensionRename', 'deniedExts');
/** Got from language file
* @var string */
protected $charset;
/** The language got from $_GET['lng'] or $_GET['lang'] or... Please see next property
* @var string */
protected $lang = 'en';
/** Possible language $_GET keys
* @var array */
protected $langInputNames = array('lang', 'langCode', 'lng', 'language', 'lang_code');
/** Uploaded file(s) info. Linked to first $_FILES element
* @var array */
protected $file;
/** Next three properties are got from the current language file
* @var string */
protected $dateTimeFull; // Currently not used
protected $dateTimeMid; // Currently not used
protected $dateTimeSmall;
/** Contain Specified language labels
* @var array */
protected $labels = array();
/** Contain unprocessed $_GET array. Please use this instead of $_GET
* @var array */
protected $get;
/** Contain unprocessed $_POST array. Please use this instead of $_POST
* @var array */
protected $post;
/** Contain unprocessed $_COOKIE array. Please use this instead of $_COOKIE
* @var array */
protected $cookie;
/** Session array. Please use this property instead of $_SESSION
* @var array */
protected $session;
/** CMS integration attribute (got from $_GET['cms'])
* @var string */
protected $cms = "";
/** Magic method which allows read-only access to protected or private class properties
* @param string $property
* @return mixed */
public function __get($property) {
return property_exists($this, $property) ? $this->$property : null;
}
public function __construct() {
// DISABLE MAGIC QUOTES
if (function_exists('set_magic_quotes_runtime'))
@set_magic_quotes_runtime(false);
// INPUT INIT
$input = new input();
$this->get = &$input->get;
$this->post = &$input->post;
$this->cookie = &$input->cookie;
// SET CMS INTEGRATION ATTRIBUTE
if (isset($this->get['cms']) &&
in_array($this->get['cms'], array("drupal"))
)
$this->cms = $this->get['cms'];
// LINKING UPLOADED FILE
if (count($_FILES))
$this->file = &$_FILES[key($_FILES)];
// LOAD DEFAULT CONFIGURATION
require "config.php";
// SETTING UP SESSION
if (isset($_CONFIG['_sessionLifetime']))
ini_set('session.gc_maxlifetime', $_CONFIG['_sessionLifetime'] * 60);
if (isset($_CONFIG['_sessionDir']))
ini_set('session.save_path', $_CONFIG['_sessionDir']);
if (isset($_CONFIG['_sessionDomain']))
ini_set('session.cookie_domain', $_CONFIG['_sessionDomain']);
switch ($this->cms) {
case "drupal": break;
default: session_start(); break;
}
// RELOAD DEFAULT CONFIGURATION
require "config.php";
$this->config = $_CONFIG;
// LOAD SESSION CONFIGURATION IF EXISTS
if (isset($_CONFIG['_sessionVar']) &&
is_array($_CONFIG['_sessionVar'])
) {
foreach ($_CONFIG['_sessionVar'] as $key => $val)
if ((substr($key, 0, 1) != "_") && isset($_CONFIG[$key]))
$this->config[$key] = $val;
if (!isset($this->config['_sessionVar']['self']))
$this->config['_sessionVar']['self'] = array();
$this->session = &$this->config['_sessionVar']['self'];
} else
$this->session = &$_SESSION;
// GET TYPE DIRECTORY
$this->types = &$this->config['types'];
$firstType = array_keys($this->types);
$firstType = $firstType[0];
$this->type = (
isset($this->get['type']) &&
isset($this->types[$this->get['type']])
)
? $this->get['type'] : $firstType;
// LOAD TYPE DIRECTORY SPECIFIC CONFIGURATION IF EXISTS
if (is_array($this->types[$this->type])) {
foreach ($this->types[$this->type] as $key => $val)
if (in_array($key, $this->typeSettings))
$this->config[$key] = $val;
$this->types[$this->type] = isset($this->types[$this->type]['type'])
? $this->types[$this->type]['type'] : "";
}
// COOKIES INIT
$ip = '(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)';
$ip = '/^' . implode('\.', array($ip, $ip, $ip, $ip)) . '$/';
if (preg_match($ip, $_SERVER['HTTP_HOST']) ||
preg_match('/^[^\.]+$/', $_SERVER['HTTP_HOST'])
)
$this->config['cookieDomain'] = "";
elseif (!strlen($this->config['cookieDomain']))
$this->config['cookieDomain'] = $_SERVER['HTTP_HOST'];
if (!strlen($this->config['cookiePath']))
$this->config['cookiePath'] = "/";
// UPLOAD FOLDER INIT
// FULL URL
if (preg_match('/^([a-z]+)\:\/\/([^\/^\:]+)(\:(\d+))?\/(.+)\/?$/',
$this->config['uploadURL'], $patt)
) {
list($unused, $protocol, $domain, $unused, $port, $path) = $patt;
$path = path::normalize($path);
$this->config['uploadURL'] = "$protocol://$domain" . (strlen($port) ? ":$port" : "") . "/$path";
$this->config['uploadDir'] = strlen($this->config['uploadDir'])
? path::normalize($this->config['uploadDir'])
: path::url2fullPath("/$path");
$this->typeDir = "{$this->config['uploadDir']}/{$this->type}";
$this->typeURL = "{$this->config['uploadURL']}/{$this->type}";
// SITE ROOT
} elseif ($this->config['uploadURL'] == "/") {
$this->config['uploadDir'] = strlen($this->config['uploadDir'])
? path::normalize($this->config['uploadDir'])
: path::normalize($_SERVER['DOCUMENT_ROOT']);
$this->typeDir = "{$this->config['uploadDir']}/{$this->type}";
$this->typeURL = "/{$this->type}";
// ABSOLUTE & RELATIVE
} else {
$this->config['uploadURL'] = (substr($this->config['uploadURL'], 0, 1) === "/")
? path::normalize($this->config['uploadURL'])
: path::rel2abs_url($this->config['uploadURL']);
$this->config['uploadDir'] = strlen($this->config['uploadDir'])
? path::normalize($this->config['uploadDir'])
: path::url2fullPath($this->config['uploadURL']);
$this->typeDir = "{$this->config['uploadDir']}/{$this->type}";
$this->typeURL = "{$this->config['uploadURL']}/{$this->type}";
}
if (!is_dir($this->config['uploadDir']))
@mkdir($this->config['uploadDir'], $this->config['dirPerms']);
// HOST APPLICATIONS INIT
if (isset($this->get['CKEditorFuncNum']))
$this->opener['CKEditor']['funcNum'] = $this->get['CKEditorFuncNum'];
if (isset($this->get['opener']) &&
(strtolower($this->get['opener']) == "tinymce") &&
isset($this->config['_tinyMCEPath']) &&
strlen($this->config['_tinyMCEPath'])
)
$this->opener['TinyMCE'] = true;
// LOCALIZATION
foreach ($this->langInputNames as $key)
if (isset($this->get[$key]) &&
preg_match('/^[a-z][a-z\._\-]*$/i', $this->get[$key]) &&
file_exists("lang/" . strtolower($this->get[$key]) . ".php")
) {
$this->lang = $this->get[$key];
break;
}
$this->localize($this->lang);
// CHECK & MAKE DEFAULT .htaccess
if (isset($this->config['_check4htaccess']) &&
$this->config['_check4htaccess']
) {
$htaccess = "{$this->config['uploadDir']}/.htaccess";
if (!file_exists($htaccess)) {
if (!@file_put_contents($htaccess, $this->get_htaccess()))
$this->backMsg("Cannot write to upload folder. {$this->config['uploadDir']}");
} else {
if (false === ($data = @file_get_contents($htaccess)))
$this->backMsg("Cannot read .htaccess");
if (($data != $this->get_htaccess()) && !@file_put_contents($htaccess, $data))
$this->backMsg("Incorrect .htaccess file. Cannot rewrite it!");
}
}
// CHECK & CREATE UPLOAD FOLDER
if (!is_dir($this->typeDir)) {
if (!mkdir($this->typeDir, $this->config['dirPerms']))
$this->backMsg("Cannot create {dir} folder.", array('dir' => $this->type));
} elseif (!is_readable($this->typeDir))
$this->backMsg("Cannot read upload folder.");
}
public function upload() {
$config = &$this->config;
$file = &$this->file;
$url = $message = "";
if ($config['disabled'] || !$config['access']['files']['upload']) {
if (isset($file['tmp_name'])) @unlink($file['tmp_name']);
$message = $this->label("You don't have permissions to upload files.");
} elseif (true === ($message = $this->checkUploadedFile())) {
$message = "";
$dir = "{$this->typeDir}/";
if (isset($this->get['dir']) &&
(false !== ($gdir = $this->checkInputDir($this->get['dir'])))
) {
$udir = path::normalize("$dir$gdir");
if (substr($udir, 0, strlen($dir)) !== $dir)
$message = $this->label("Unknown error.");
else {
$l = strlen($dir);
$dir = "$udir/";
$udir = substr($udir, $l);
}
}
if (!strlen($message)) {
if (!is_dir(path::normalize($dir)))
@mkdir(path::normalize($dir), $this->config['dirPerms'], true);
$filename = $this->normalizeFilename($file['name']);
$target = file::getInexistantFilename($dir . $filename);
if (!@move_uploaded_file($file['tmp_name'], $target) &&
!@rename($file['tmp_name'], $target) &&
!@copy($file['tmp_name'], $target)
)
$message = $this->label("Cannot move uploaded file to target folder.");
else {
if (function_exists('chmod'))
@chmod($target, $this->config['filePerms']);
$this->makeThumb($target);
$url = $this->typeURL;
if (isset($udir)) $url .= "/$udir";
$url .= "/" . basename($target);
if (preg_match('/^([a-z]+)\:\/\/([^\/^\:]+)(\:(\d+))?\/(.+)$/', $url, $patt)) {
list($unused, $protocol, $domain, $unused, $port, $path) = $patt;
$base = "$protocol://$domain" . (strlen($port) ? ":$port" : "") . "/";
$url = $base . path::urlPathEncode($path);
} else
$url = path::urlPathEncode($url);
}
}
}
if (strlen($message) &&
isset($this->file['tmp_name']) &&
file_exists($this->file['tmp_name'])
)
@unlink($this->file['tmp_name']);
if (strlen($message) && method_exists($this, 'errorMsg'))
$this->errorMsg($message);
$this->callBack($url, $message);
}
protected function normalizeFilename($filename) {
if (isset($this->config['filenameChangeChars']) &&
is_array($this->config['filenameChangeChars'])
)
$filename = strtr($filename, $this->config['filenameChangeChars']);
return $filename;
}
protected function normalizeDirname($dirname) {
if (isset($this->config['dirnameChangeChars']) &&
is_array($this->config['dirnameChangeChars'])
)
$dirname = strtr($dirname, $this->config['dirnameChangeChars']);
return $dirname;
}
protected function checkUploadedFile(array $aFile=null) {
$config = &$this->config;
$file = ($aFile === null) ? $this->file : $aFile;
if (!is_array($file) || !isset($file['name']))
return $this->label("Unknown error");
if (is_array($file['name'])) {
foreach ($file['name'] as $i => $name) {
$return = $this->checkUploadedFile(array(
'name' => $name,
'tmp_name' => $file['tmp_name'][$i],
'error' => $file['error'][$i]
));
if ($return !== true)
return "$name: $return";
}
return true;
}
$extension = file::getExtension($file['name']);
$typePatt = strtolower(text::clearWhitespaces($this->types[$this->type]));
// CHECK FOR UPLOAD ERRORS
if ($file['error'])
return
($file['error'] == UPLOAD_ERR_INI_SIZE) ?
$this->label("The uploaded file exceeds {size} bytes.",
array('size' => ini_get('upload_max_filesize'))) : (
($file['error'] == UPLOAD_ERR_FORM_SIZE) ?
$this->label("The uploaded file exceeds {size} bytes.",
array('size' => $this->get['MAX_FILE_SIZE'])) : (
($file['error'] == UPLOAD_ERR_PARTIAL) ?
$this->label("The uploaded file was only partially uploaded.") : (
($file['error'] == UPLOAD_ERR_NO_FILE) ?
$this->label("No file was uploaded.") : (
($file['error'] == UPLOAD_ERR_NO_TMP_DIR) ?
$this->label("Missing a temporary folder.") : (
($file['error'] == UPLOAD_ERR_CANT_WRITE) ?
$this->label("Failed to write file.") :
$this->label("Unknown error.")
)))));
// HIDDEN FILENAMES CHECK
elseif (substr($file['name'], 0, 1) == ".")
return $this->label("File name shouldn't begins with '.'");
// EXTENSION CHECK
elseif (!$this->validateExtension($extension, $this->type))
return $this->label("Denied file extension.");
// SPECIAL DIRECTORY TYPES CHECK (e.g. *img)
elseif (preg_match('/^\*([^ ]+)(.*)?$/s', $typePatt, $patt)) {
list($typePatt, $type, $params) = $patt;
if (class_exists("type_$type")) {
$class = "type_$type";
$type = new $class();
$cfg = $config;
$cfg['filename'] = $file['name'];
if (strlen($params))
$cfg['params'] = trim($params);
$response = $type->checkFile($file['tmp_name'], $cfg);
if ($response !== true)
return $this->label($response);
} else
return $this->label("Non-existing directory type.");
}
// IMAGE RESIZE
$gd = new gd($file['tmp_name']);
if (!$gd->init_error && !$this->imageResize($gd, $file['tmp_name']))
return $this->label("The image is too big and/or cannot be resized.");
return true;
}
protected function checkInputDir($dir, $inclType=true, $existing=true) {
$dir = path::normalize($dir);
if (substr($dir, 0, 1) == "/")
$dir = substr($dir, 1);
if ((substr($dir, 0, 1) == ".") || (substr(basename($dir), 0, 1) == "."))
return false;
if ($inclType) {
$first = explode("/", $dir);
$first = $first[0];
if ($first != $this->type)
return false;
$return = $this->removeTypeFromPath($dir);
} else {
$return = $dir;
$dir = "{$this->type}/$dir";
}
if (!$existing)
return $return;
$path = "{$this->config['uploadDir']}/$dir";
return (is_dir($path) && is_readable($path)) ? $return : false;
}
protected function validateExtension($ext, $type) {
$ext = trim(strtolower($ext));
if (!isset($this->types[$type]))
return false;
$exts = strtolower(text::clearWhitespaces($this->config['deniedExts']));
if (strlen($exts)) {
$exts = explode(" ", $exts);
if (in_array($ext, $exts))
return false;
}
$exts = trim($this->types[$type]);
if (!strlen($exts) || substr($exts, 0, 1) == "*")
return true;
if (substr($exts, 0, 1) == "!") {
$exts = explode(" ", trim(strtolower(substr($exts, 1))));
return !in_array($ext, $exts);
}
$exts = explode(" ", trim(strtolower($exts)));
return in_array($ext, $exts);
}
protected function getTypeFromPath($path) {
return preg_match('/^([^\/]*)\/.*$/', $path, $patt)
? $patt[1] : $path;
}
protected function removeTypeFromPath($path) {
return preg_match('/^[^\/]*\/(.*)$/', $path, $patt)
? $patt[1] : "";
}
protected function imageResize($image, $file=null) {
if (!($image instanceof gd)) {
$gd = new gd($image);
if ($gd->init_error) return false;
$file = $image;
} elseif ($file === null)
return false;
else
$gd = $image;
if ((!$this->config['maxImageWidth'] && !$this->config['maxImageHeight']) ||
(
($gd->get_width() <= $this->config['maxImageWidth']) &&
($gd->get_height() <= $this->config['maxImageHeight'])
)
)
return true;
if ((!$this->config['maxImageWidth'] || !$this->config['maxImageHeight'])) {
if ($this->config['maxImageWidth']) {
if ($this->config['maxImageWidth'] >= $gd->get_width())
return true;
$width = $this->config['maxImageWidth'];
$height = $gd->get_prop_height($width);
} else {
if ($this->config['maxImageHeight'] >= $gd->get_height())
return true;
$height = $this->config['maxImageHeight'];
$width = $gd->get_prop_width($height);
}
if (!$gd->resize($width, $height))
return false;
} elseif (!$gd->resize_fit(
$this->config['maxImageWidth'], $this->config['maxImageHeight']
))
return false;
return $gd->imagejpeg($file, $this->config['jpegQuality']);
}
protected function makeThumb($file, $overwrite=true) {
$gd = new gd($file);
// Drop files which are not GD handled images
if ($gd->init_error)
return true;
$thumb = substr($file, strlen($this->config['uploadDir']));
$thumb = $this->config['uploadDir'] . "/" . $this->config['thumbsDir'] . "/" . $thumb;
$thumb = path::normalize($thumb);
$thumbDir = dirname($thumb);
if (!is_dir($thumbDir) && !@mkdir($thumbDir, $this->config['dirPerms'], true))
return false;
if (!$overwrite && is_file($thumb))
return true;
// Images with smaller resolutions than thumbnails
if (($gd->get_width() <= $this->config['thumbWidth']) &&
($gd->get_height() <= $this->config['thumbHeight'])
) {
$browsable = array(IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_PNG);
// Drop only browsable types
if (in_array($gd->type, $browsable))
return true;
// Resize image
} elseif (!$gd->resize_fit($this->config['thumbWidth'], $this->config['thumbHeight']))
return false;
// Save thumbnail
return $gd->imagejpeg($thumb, $this->config['jpegQuality']);
}
protected function localize($langCode) {
require "lang/{$langCode}.php";
setlocale(LC_ALL, $lang['_locale']);
$this->charset = $lang['_charset'];
$this->dateTimeFull = $lang['_dateTimeFull'];
$this->dateTimeMid = $lang['_dateTimeMid'];
$this->dateTimeSmall = $lang['_dateTimeSmall'];
unset($lang['_locale']);
unset($lang['_charset']);
unset($lang['_dateTimeFull']);
unset($lang['_dateTimeMid']);
unset($lang['_dateTimeSmall']);
$this->labels = $lang;
}
protected function label($string, array $data=null) {
$return = isset($this->labels[$string]) ? $this->labels[$string] : $string;
if (is_array($data))
foreach ($data as $key => $val)
$return = str_replace("{{$key}}", $val, $return);
return $return;
}
protected function backMsg($message, array $data=null) {
$message = $this->label($message, $data);
if (isset($this->file['tmp_name']) && file_exists($this->file['tmp_name']))
@unlink($this->file['tmp_name']);
$this->callBack("", $message);
die;
}
protected function callBack($url, $message="") {
$message = text::jsValue($message);
$CKfuncNum = isset($this->opener['CKEditor']['funcNum'])
? $this->opener['CKEditor']['funcNum'] : 0;
if (!$CKfuncNum) $CKfuncNum = 0;
header("Content-Type: text/html; charset={$this->charset}");
?><html>
<body>
<script type='text/javascript'>
var kc_CKEditor = (window.parent && window.parent.CKEDITOR)
? window.parent.CKEDITOR.tools.callFunction
: ((window.opener && window.opener.CKEDITOR)
? window.opener.CKEDITOR.tools.callFunction
: false);
var kc_FCKeditor = (window.opener && window.opener.OnUploadCompleted)
? window.opener.OnUploadCompleted
: ((window.parent && window.parent.OnUploadCompleted)
? window.parent.OnUploadCompleted
: false);
var kc_Custom = (window.parent && window.parent.KCFinder)
? window.parent.KCFinder.callBack
: ((window.opener && window.opener.KCFinder)
? window.opener.KCFinder.callBack
: false);
if (kc_CKEditor)
kc_CKEditor(<?php echo $CKfuncNum ?>, '<?php echo $url ?>', '<?php echo $message ?>');
if (kc_FCKeditor)
kc_FCKeditor(<?php echo strlen($message) ? 1 : 0 ?>, '<?php echo $url ?>', '', '<?php echo $message ?>');
if (kc_Custom) {
if (<?php echo strlen($message) ?>) alert('<?php echo $message ?>');
kc_Custom('<?php echo $url ?>');
}
if (!kc_CKEditor && !kc_FCKeditor && !kc_Custom)
alert("<?php echo $message ?>");
</script>
</body>
</html><?php
}
protected function get_htaccess() {
return "<IfModule mod_php4.c>
php_value engine off
</IfModule>
<IfModule mod_php5.c>
php_value engine off
</IfModule>
";
}
}
?>
|