1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
<?php
/*
* FCKeditor - The text editor for internet
* Copyright (C) 2003-2006 Frederico Caldeira Knabben
*
* Licensed under the terms of the GNU Lesser General Public License:
* http://www.opensource.org/licenses/lgpl-license.php
*
* For further information visit:
* http://www.fckeditor.net/
*
* "Support Open Source software. What about a donation today?"
*
* File Name: upload.php
* This is the "File Uploader" for PHP.
*
* File Authors:
* Frederico Caldeira Knabben (fredck@fckeditor.net)
*/
require('config.php') ;
require('util.php') ;
// This is the function that sends the results of the uploading process.
function SendResults( $errorNumber, $fileUrl = '', $fileName = '', $customMsg = '' )
{
echo '<script type="text/javascript">' ;
echo 'window.parent.OnUploadCompleted(' . $errorNumber . ',"' . str_replace( '"', '\\"', $fileUrl ) . '","' . str_replace( '"', '\\"', $fileName ) . '", "' . str_replace( '"', '\\"', $customMsg ) . '") ;' ;
echo '</script>' ;
exit ;
}
// Check if this uploader has been enabled.
if ( !$Config['Enabled'] )
SendResults( '1', '', '', 'This file uploader is disabled. Please check the "editor/filemanager/upload/php/config.php" file' ) ;
// Check if the file has been correctly uploaded.
if ( !isset( $_FILES['NewFile'] ) || is_null( $_FILES['NewFile']['tmp_name'] ) || $_FILES['NewFile']['name'] == '' )
SendResults( '202' ) ;
// Get the posted file.
$oFile = $_FILES['NewFile'] ;
// Get the uploaded file name extension.
$sFileName = $oFile['name'] ;
// Replace dots in the name with underscores (only one dot can be there... security issue).
if ( $Config['ForceSingleExtension'] )
$sFileName = preg_replace( '/\\.(?![^.]*$)/', '_', $sFileName ) ;
$sOriginalFileName = $sFileName ;
// Get the extension.
$sExtension = substr( $sFileName, ( strrpos($sFileName, '.') + 1 ) ) ;
$sExtension = strtolower( $sExtension ) ;
// The the file type (from the QueryString, by default 'File').
$sType = isset( $_GET['Type'] ) ? $_GET['Type'] : 'File' ;
// Check if it is an allowed type.
if ( !in_array( $sType, array('File','Image','Flash','Media') ) )
SendResults( 1, '', '', 'Invalid type specified' ) ;
// Get the allowed and denied extensions arrays.
$arAllowed = $Config['AllowedExtensions'][$sType] ;
$arDenied = $Config['DeniedExtensions'][$sType] ;
// Check if it is an allowed extension.
if ( ( count($arAllowed) > 0 && !in_array( $sExtension, $arAllowed ) ) || ( count($arDenied) > 0 && in_array( $sExtension, $arDenied ) ) )
SendResults( '202' ) ;
$sErrorNumber = '0' ;
$sFileUrl = '' ;
// Initializes the counter used to rename the file, if another one with the same name already exists.
$iCounter = 0 ;
// Get the target directory.
if ( isset( $Config['UserFilesAbsolutePath'] ) && strlen( $Config['UserFilesAbsolutePath'] ) > 0 )
$sServerDir = $Config['UserFilesAbsolutePath'] ;
else
$sServerDir = GetRootPath() . $Config["UserFilesPath"] ;
if ( $Config['UseFileType'] )
$sServerDir .= $sType . '/' ;
while ( true )
{
// Compose the file path.
$sFilePath = $sServerDir . $sFileName ;
// If a file with that name already exists.
if ( is_file( $sFilePath ) )
{
$iCounter++ ;
$sFileName = RemoveExtension( $sOriginalFileName ) . '(' . $iCounter . ').' . $sExtension ;
$sErrorNumber = '201' ;
}
else
{
move_uploaded_file( $oFile['tmp_name'], $sFilePath ) ;
if ( is_file( $sFilePath ) )
{
$oldumask = umask(0) ;
chmod( $sFilePath, 0777 ) ;
umask( $oldumask ) ;
}
if ( $Config['UseFileType'] )
$sFileUrl = $Config["UserFilesPath"] . $sType . '/' . $sFileName ;
else
$sFileUrl = $Config["UserFilesPath"] . $sFileName ;
break ;
}
}
SendResults( $sErrorNumber, $sFileUrl, $sFileName ) ;
?>
|