| 1 | <?php |
|---|
| 2 | /* |
|---|
| 3 | * FCKeditor - The text editor for internet |
|---|
| 4 | * Copyright (C) 2003-2006 Frederico Caldeira Knabben |
|---|
| 5 | * |
|---|
| 6 | * Licensed under the terms of the GNU Lesser General Public License: |
|---|
| 7 | * http://www.opensource.org/licenses/lgpl-license.php |
|---|
| 8 | * |
|---|
| 9 | * For further information visit: |
|---|
| 10 | * http://www.fckeditor.net/ |
|---|
| 11 | * |
|---|
| 12 | * "Support Open Source software. What about a donation today?" |
|---|
| 13 | * |
|---|
| 14 | * File Name: upload.php |
|---|
| 15 | * This is the "File Uploader" for PHP. |
|---|
| 16 | * |
|---|
| 17 | * File Authors: |
|---|
| 18 | * Frederico Caldeira Knabben (fredck@fckeditor.net) |
|---|
| 19 | */ |
|---|
| 20 | |
|---|
| 21 | require('config.php') ; |
|---|
| 22 | require('util.php') ; |
|---|
| 23 | |
|---|
| 24 | // This is the function that sends the results of the uploading process. |
|---|
| 25 | function SendResults( $errorNumber, $fileUrl = '', $fileName = '', $customMsg = '' ) |
|---|
| 26 | { |
|---|
| 27 | echo '<script type="text/javascript">' ; |
|---|
| 28 | echo 'window.parent.OnUploadCompleted(' . $errorNumber . ',"' . str_replace( '"', '\\"', $fileUrl ) . '","' . str_replace( '"', '\\"', $fileName ) . '", "' . str_replace( '"', '\\"', $customMsg ) . '") ;' ; |
|---|
| 29 | echo '</script>' ; |
|---|
| 30 | exit ; |
|---|
| 31 | } |
|---|
| 32 | |
|---|
| 33 | // Check if this uploader has been enabled. |
|---|
| 34 | if ( !$Config['Enabled'] ) |
|---|
| 35 | SendResults( '1', '', '', 'This file uploader is disabled. Please check the "editor/filemanager/upload/php/config.php" file' ) ; |
|---|
| 36 | |
|---|
| 37 | // Check if the file has been correctly uploaded. |
|---|
| 38 | if ( !isset( $_FILES['NewFile'] ) || is_null( $_FILES['NewFile']['tmp_name'] ) || $_FILES['NewFile']['name'] == '' ) |
|---|
| 39 | SendResults( '202' ) ; |
|---|
| 40 | |
|---|
| 41 | // Check for error |
|---|
| 42 | if(isset($_FILES['NewFile']['error']) && !empty($_FILES['NewFile']['error'])) |
|---|
| 43 | { |
|---|
| 44 | switch($_FILES['NewFile']['error']) |
|---|
| 45 | { |
|---|
| 46 | case 1: |
|---|
| 47 | SendResults('1','','',"Upload error: " . $_FILES['NewFile']['name'] . " exceeds the the size set on the webserver"); |
|---|
| 48 | break; |
|---|
| 49 | |
|---|
| 50 | case 2: |
|---|
| 51 | SendResults('1','','',"Upload error: " . $_FILES['NewFile']['name'] . " exceeds the the size set by the upload script"); |
|---|
| 52 | break; |
|---|
| 53 | |
|---|
| 54 | case 3: |
|---|
| 55 | SendResults('1','','',"Upload error: The uploaded file was only partially uploaded"); |
|---|
| 56 | break; |
|---|
| 57 | |
|---|
| 58 | case 4: |
|---|
| 59 | SendResults('1','','',"Upload error: No file was uploaded"); |
|---|
| 60 | break; |
|---|
| 61 | |
|---|
| 62 | case 6: |
|---|
| 63 | SendResults('1','','',"Upload error: Missing a temporary folder"); |
|---|
| 64 | break; |
|---|
| 65 | |
|---|
| 66 | case 7: |
|---|
| 67 | SendResults('1','','',"Upload error: Failed to write file to disk"); |
|---|
| 68 | break; |
|---|
| 69 | } |
|---|
| 70 | } |
|---|
| 71 | |
|---|
| 72 | |
|---|
| 73 | // Get the posted file. |
|---|
| 74 | $oFile = $_FILES['NewFile'] ; |
|---|
| 75 | |
|---|
| 76 | // Get the uploaded file name and extension. |
|---|
| 77 | $sFileName = $oFile['name'] ; |
|---|
| 78 | $sOriginalFileName = $sFileName ; |
|---|
| 79 | $sExtension = substr( $sFileName, ( strrpos($sFileName, '.') + 1 ) ) ; |
|---|
| 80 | $sExtension = strtolower( $sExtension ) ; |
|---|
| 81 | |
|---|
| 82 | // The the file type (from the QueryString, by default 'File'). |
|---|
| 83 | $sType = isset( $_GET['Type'] ) ? $_GET['Type'] : 'File' ; |
|---|
| 84 | |
|---|
| 85 | // Check if it is an allowed type. |
|---|
| 86 | if ( !in_array( $sType, array('File','Image','Flash','Media') ) ) |
|---|
| 87 | SendResults( 1, '', '', 'Invalid type specified' ) ; |
|---|
| 88 | |
|---|
| 89 | // Get the allowed and denied extensions arrays. |
|---|
| 90 | $arAllowed = $Config['AllowedExtensions'][$sType] ; |
|---|
| 91 | $arDenied = $Config['DeniedExtensions'][$sType] ; |
|---|
| 92 | |
|---|
| 93 | // Check if it is an allowed extension. |
|---|
| 94 | if ( ( count($arAllowed) > 0 && !in_array( $sExtension, $arAllowed ) ) || ( count($arDenied) > 0 && in_array( $sExtension, $arDenied ) ) ) |
|---|
| 95 | SendResults( '202' ) ; |
|---|
| 96 | |
|---|
| 97 | $sErrorNumber = '0' ; |
|---|
| 98 | $sFileUrl = '' ; |
|---|
| 99 | |
|---|
| 100 | // Initializes the counter used to rename the file, if another one with the same name already exists. |
|---|
| 101 | $iCounter = 0 ; |
|---|
| 102 | |
|---|
| 103 | // The the target directory. |
|---|
| 104 | if ( isset( $Config['UserFilesAbsolutePath'] ) ) |
|---|
| 105 | $sServerDir = $Config['UserFilesAbsolutePath'] ; |
|---|
| 106 | else |
|---|
| 107 | $sServerDir = GetRootPath() . $Config["UserFilesPath"] ; |
|---|
| 108 | |
|---|
| 109 | while ( true ) |
|---|
| 110 | { |
|---|
| 111 | // Compose the file path. |
|---|
| 112 | $sFilePath = $sServerDir . "/" . $sType . "/" . $sFileName ; |
|---|
| 113 | |
|---|
| 114 | // If a file with that name already exists. |
|---|
| 115 | if ( is_file( $sFilePath ) ) |
|---|
| 116 | { |
|---|
| 117 | $iCounter++ ; |
|---|
| 118 | $sFileName = RemoveExtension( $sOriginalFileName ) . '(' . $iCounter . ').' . $sExtension ; |
|---|
| 119 | $sErrorNumber = '201' ; |
|---|
| 120 | } |
|---|
| 121 | else |
|---|
| 122 | { |
|---|
| 123 | move_uploaded_file( $oFile['tmp_name'], $sFilePath ) ; |
|---|
| 124 | |
|---|
| 125 | if ( is_file( $sFilePath ) ) |
|---|
| 126 | { |
|---|
| 127 | $oldumask = umask(0) ; |
|---|
| 128 | chmod( $sFilePath, 0777 ) ; |
|---|
| 129 | umask( $oldumask ) ; |
|---|
| 130 | } |
|---|
| 131 | |
|---|
| 132 | $sFileUrl = $Config["UserFilesPath"] . $sType . "/" . $sFileName ; |
|---|
| 133 | |
|---|
| 134 | break ; |
|---|
| 135 | } |
|---|
| 136 | } |
|---|
| 137 | print $sFileName; |
|---|
| 138 | SendResults( $sErrorNumber, $sFileUrl, $sFileName,"xxx" ) ; |
|---|
| 139 | ?> |
|---|
