XOOPS  2.6.0
upload.php
Go to the documentation of this file.
1 <?php
2 include('config/config.php');
3 if($_SESSION['RF']["verify"] != "RESPONSIVEfilemanager") die('forbiden');
4 include('include/utils.php');
5 
6 
7 $storeFolder = $_POST['path'];
8 $storeFolderThumb = $_POST['path_thumb'];
9 
11 $thumb_pos=strpos($_POST['path_thumb'],$thumbs_base_path);
12 if($path_pos!==0
13  || $thumb_pos !==0
14  || strpos($storeFolderThumb,'../',strlen($thumbs_base_path))!==FALSE
15  || strpos($storeFolderThumb,'./',strlen($thumbs_base_path))!==FALSE
16  || strpos($storeFolder,'../',strlen($current_path))!==FALSE
17  || strpos($storeFolder,'./',strlen($current_path))!==FALSE )
18  die('wrong path');
19 
20 
22 $cycle=true;
24 $i=0;
25 while($cycle && $i<$max_cycles){
26  $i++;
27  if($path==$current_path) $cycle=false;
28  if(file_exists($path."config.php")){
29  require_once($path."config.php");
30  $cycle=false;
31  }
32  $path=fix_dirname($path).'/';
33 }
34 
35 
36 if (!empty($_FILES)) {
37  $info=pathinfo($_FILES['file']['name']);
38  if(in_array(fix_strtolower($info['extension']), $ext)){
39  $tempFile = $_FILES['file']['tmp_name'];
40 
41  $targetPath = $storeFolder;
42  $targetPathThumb = $storeFolderThumb;
43  $_FILES['file']['name'] = fix_filename($_FILES['file']['name'],$transliteration);
44 
45  if(file_exists($targetPath.$_FILES['file']['name'])){
46  $i = 1;
47  $info=pathinfo($_FILES['file']['name']);
48  while(file_exists($targetPath.$info['filename']."_".$i.".".$info['extension'])) {
49  $i++;
50  }
51  $_FILES['file']['name']=$info['filename']."_".$i.".".$info['extension'];
52  }
53  $targetFile = $targetPath. $_FILES['file']['name'];
54  $targetFileThumb = $targetPathThumb. $_FILES['file']['name'];
55 
56  if(in_array(fix_strtolower($info['extension']),$ext_img)) $is_img=true;
57  else $is_img=false;
58 
59 
60  move_uploaded_file($tempFile,$targetFile);
61  chmod($targetFile, 0755);
62 
63  if($is_img){
64  $memory_error=false;
65  if(!create_img_gd($targetFile, $targetFileThumb, 122, 91)){
66  $memory_error=false;
67  }else{
69  $memory_error=false;
70  }else{
71  $imginfo =getimagesize($targetFile);
72  $srcWidth = $imginfo[0];
73  $srcHeight = $imginfo[1];
74 
75  if($image_resizing){
76  if($image_resizing_width==0){
78  $image_resizing_width=$srcWidth;
79  $image_resizing_height =$srcHeight;
80  }else{
81  $image_resizing_width=$image_resizing_height*$srcWidth/$srcHeight;
82  }
83  }elseif($image_resizing_height==0){
84  $image_resizing_height =$image_resizing_width*$srcHeight/$srcWidth;
85  }
86  $srcWidth=$image_resizing_width;
87  $srcHeight=$image_resizing_height;
89  }
90  //max resizing limit control
91  $resize=false;
92  if($image_max_width!=0 && $srcWidth >$image_max_width){
93  $resize=true;
94  $srcHeight=$image_max_width*$srcHeight/$srcWidth;
95  $srcWidth=$image_max_width;
96  }
97  if($image_max_height!=0 && $srcHeight >$image_max_height){
98  $resize=true;
99  $srcWidth =$image_max_height*$srcWidth/$srcHeight;
100  $srcHeight =$image_max_height;
101  }
102  if($resize)
103  create_img_gd($targetFile, $targetFile, $srcWidth, $srcHeight);
104  }
105  }
106  if($memory_error){
107  //error
108  unlink($targetFile);
109  header('HTTP/1.1 406 Not enought Memory',true,406);
110  exit();
111  }
112  }
113  }else{
114  header('HTTP/1.1 406 file not permitted',true,406);
115  exit();
116  }
117 }else{
118  header('HTTP/1.1 405 Bad Request', true, 405);
119  exit();
120 }
121 if(isset($_POST['submit'])){
122  $query = http_build_query(array(
123  'type' => $_POST['type'],
124  'lang' => $_POST['lang'],
125  'popup' => $_POST['popup'],
126  'field_id' => $_POST['field_id'],
127  'fldr' => $_POST['fldr'],
128  ));
129  header("location: dialog.php?" . $query);
130 }
131 
132 ?>
$current_path
Definition: config.php:3
$fixed_image_creation_height
Definition: config.php:220
$relative_image_creation_name_to_prepend
Definition: config.php:229
$_SESSION['RF']["verify"]
Definition: dialog.php:4
$cycle
Definition: upload.php:22
$image_max_height
Definition: config.php:94
$thumbs_base_path
Definition: config.php:67
$relative_image_creation_height
Definition: config.php:232
new_thumbnails_creation($targetPath, $targetFile, $name, $current_path, $relative_image_creation, $relative_path_from_current_pos, $relative_image_creation_name_to_prepend, $relative_image_creation_name_to_append, $relative_image_creation_width, $relative_image_creation_height, $fixed_image_creation, $fixed_path_from_filemanager, $fixed_image_creation_name_to_prepend, $fixed_image_creation_to_append, $fixed_image_creation_width, $fixed_image_creation_height)
Definition: utils.php:275
$image_max_width
Definition: config.php:93
create_img_gd($imgfile, $imgthumb, $newwidth, $newheight="")
Definition: utils.php:43
$query
Definition: index.php:37
$ext_img
Definition: config.php:162
$image_resizing_height
Definition: config.php:102
$relative_path_from_current_pos
Definition: config.php:228
$storeFolderThumb
Definition: upload.php:8
$image_resizing
Definition: config.php:100
$path_pos
Definition: upload.php:10
exit
Definition: browse.php:104
$image_resizing_width
Definition: config.php:101
$fixed_image_creation
Definition: config.php:215
fix_strtolower($str)
Definition: utils.php:203
$thumb_pos
Definition: upload.php:11
$max_cycles
Definition: upload.php:23
$relative_image_creation_name_to_append
Definition: config.php:230
$fixed_image_creation_name_to_prepend
Definition: config.php:217
$fixed_image_creation_to_append
Definition: config.php:218
if(isset($_POST['name'])) $info
Definition: execute.php:57
$ext
Definition: browse.php:87
$relative_image_creation_width
Definition: config.php:231
$relative_image_creation
Definition: config.php:227
fix_filename($str, $transliteration)
Definition: utils.php:163
fix_dirname($str)
Definition: utils.php:191
$fixed_path_from_filemanager
Definition: config.php:216
$transliteration
Definition: config.php:84
$i
Definition: upload.php:24
$storeFolder
Definition: upload.php:7
$path
Definition: upload.php:21
$fixed_image_creation_width
Definition: config.php:219