mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-05 14:17:49 +02:00
Code Issues Releases Wiki Activity

upload handler XML troubles - switched to new xml parse method

Browse Source
This commit is contained in:
secretr
2010-01-12 09:56:57 +00:00
parent b56a380e86
commit 2c1c818e23
1 changed files with 69 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

140
e107_handlers/upload_handler.php
View File

@@ -1,4 +1,4 @@
<?php <?php
/* /*
* e107 website system * e107 website system
* *
@@ -9,9 +9,9 @@
* File Upload Handler * File Upload Handler
* *
* $Source: /cvs_backup/e107_0.8/e107_handlers/upload_handler.php,v $ * $Source: /cvs_backup/e107_0.8/e107_handlers/upload_handler.php,v $
* $Revision: 1.28 $ * $Revision: 1.29 $
* $Date: 2010-01-11 21:32:01 $ * $Date: 2010-01-12 09:56:57 $
* $Author: e107steved $ * $Author: secretr $
*/ */
@@ -20,7 +20,7 @@
* *
* @package e107 * @package e107
* @subpackage e107_handlers * @subpackage e107_handlers
* @version $Id: upload_handler.php,v 1.28 2010-01-11 21:32:01 e107steved Exp $; * @version $Id: upload_handler.php,v 1.29 2010-01-12 09:56:57 secretr Exp $;
* *
* @todo - option to restrict by total size irrespective of number of uploads * @todo - option to restrict by total size irrespective of number of uploads
*/ */
@@ -46,18 +46,18 @@ define('e_SAVE_FILETYPES', 'filetypes_.xml');
function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = array()) function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = array())
Parameters: Parameters:
@param string $uploaddir - target directory (checked that it exists, but path not otherwise changed) @param string $uploaddir - target directory (checked that it exists, but path not otherwise changed)
@param string $fileinfo - determines any special handling of file name (combines previous $fileinfo and $avatar parameters): @param string $fileinfo - determines any special handling of file name (combines previous $fileinfo and $avatar parameters):
FALSE - default option; no processing FALSE - default option; no processing
"attachment+extra_text" - indicates an attachment (related to forum post or PM), and specifies some optional text which is "attachment+extra_text" - indicates an attachment (related to forum post or PM), and specifies some optional text which is
incorporated into the final file name (the original $fileinfo parameter). incorporated into the final file name (the original $fileinfo parameter).
"prefix+extra_text" - indicates an attachment or file, and specifies some optional text which is prefixed to the file name "prefix+extra_text" - indicates an attachment or file, and specifies some optional text which is prefixed to the file name
"unique" "unique"
- if the proposed destination file doesn't exist, saved under given name - if the proposed destination file doesn't exist, saved under given name
- if the proposed destination file does exist, prepends time() to the file name to make it unique - if the proposed destination file does exist, prepends time() to the file name to make it unique
'avatar' 'avatar'
- indicates an avatar is being uploaded (not used - options must be set elsewhere) - indicates an avatar is being uploaded (not used - options must be set elsewhere)
@param array $options - an array of supplementary options, all of which will be given appropriate defaults if not defined: @param array $options - an array of supplementary options, all of which will be given appropriate defaults if not defined:
'filetypes' - name of file containing list of valid file types 'filetypes' - name of file containing list of valid file types
- Always looks in the admin directory - Always looks in the admin directory
@@ -81,7 +81,7 @@ define('e_SAVE_FILETYPES', 'filetypes_.xml');
@return boolean|array @return boolean|array
Returns FALSE if the upload directory doesn't exist, or various other errors occurred which restrict the amount of meaningful information. Returns FALSE if the upload directory doesn't exist, or various other errors occurred which restrict the amount of meaningful information.
Returns an array, with one set of entries per uploaded file, regardless of whether saved or Returns an array, with one set of entries per uploaded file, regardless of whether saved or
discarded (not all fields always present) - $c is array index: discarded (not all fields always present) - $c is array index:
$uploaded[$c]['name'] - file name - as saved to disc $uploaded[$c]['name'] - file name - as saved to disc
$uploaded[$c]['rawname'] - original file name, prior to any addition of identifiers etc (useful for display purposes) $uploaded[$c]['rawname'] - original file name, prior to any addition of identifiers etc (useful for display purposes)
@@ -92,9 +92,9 @@ define('e_SAVE_FILETYPES', 'filetypes_.xml');
$uploaded[$c]['message'] - text of displayed message relating to file $uploaded[$c]['message'] - text of displayed message relating to file
$uploaded[$c]['line'] - only if an error occurred, has line number (from __LINE__) $uploaded[$c]['line'] - only if an error occurred, has line number (from __LINE__)
$uploaded[$c]['file'] - only if an error occurred, has file name (from __FILE__) $uploaded[$c]['file'] - only if an error occurred, has file name (from __FILE__)
On exit, uploaded files should all have been removed from the temporary directory. On exit, uploaded files should all have been removed from the temporary directory.
No messages displayed - its caller's responsibility to handle errors and display info to No messages displayed - its caller's responsibility to handle errors and display info to
user (or can use handle_upload_messages() from this module) user (or can use handle_upload_messages() from this module)
Details of uploaded files are in $_FILES['file_userfile'] (or other array name as set) on entry. Details of uploaded files are in $_FILES['file_userfile'] (or other array name as set) on entry.
@@ -110,20 +110,20 @@ define('e_SAVE_FILETYPES', 'filetypes_.xml');
function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL) function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
{ {
global $admin_log; global $admin_log;
$ul_temp_dir = ''; $ul_temp_dir = '';
if (ini_get('open_basedir') != '') if (ini_get('open_basedir') != '')
{ // Need to move file to intermediate directory before we can read its contents to check it. { // Need to move file to intermediate directory before we can read its contents to check it.
$ul_temp_dir = e_UPLOAD_TEMP_DIR; $ul_temp_dir = e_UPLOAD_TEMP_DIR;
} }
if (UH_DEBUG) if (UH_DEBUG)
$admin_log-> $admin_log->
e_log_event(10, debug_backtrace(), "DEBUG", "Upload Handler test", "Process uploads to {$uploaddir}, fileinfo ".$fileinfo, FALSE, LOG_TO_ROLLING); e_log_event(10, debug_backtrace(), "DEBUG", "Upload Handler test", "Process uploads to {$uploaddir}, fileinfo ".$fileinfo, FALSE, LOG_TO_ROLLING);
// $admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","Intermediate directory: {$ul_temp_dir} ",FALSE,LOG_TO_ROLLING); // $admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","Intermediate directory: {$ul_temp_dir} ",FALSE,LOG_TO_ROLLING);
$overwrite = varset($options['overwrite'], FALSE); $overwrite = varset($options['overwrite'], FALSE);
$uploaddir = realpath($uploaddir); // Mostly to get rid of the grot that might be passed in from legacy code. Also strips any trailing '/' $uploaddir = realpath($uploaddir); // Mostly to get rid of the grot that might be passed in from legacy code. Also strips any trailing '/'
if (!is_dir($uploaddir)) if (!is_dir($uploaddir))
{ {
@@ -135,9 +135,9 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
if (UH_DEBUG) if (UH_DEBUG)
$admin_log-> $admin_log->
e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Destination directory: ".$uploaddir, FALSE, FALSE); e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Destination directory: ".$uploaddir, FALSE, FALSE);
$final_chmod = varset($options['final_chmod'], 0644); $final_chmod = varset($options['final_chmod'], 0644);
if (isset($options['file_array_name'])) if (isset($options['file_array_name']))
{ {
$files = $_FILES[$options['file_array_name']]; $files = $_FILES[$options['file_array_name']];
@@ -146,9 +146,9 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
{ {
$files = $_FILES['file_userfile']; $files = $_FILES['file_userfile'];
} }
$max_file_count = varset($options['max_file_count'], 0); $max_file_count = varset($options['max_file_count'], 0);
if (!is_array($files)) if (!is_array($files))
{ {
if (UH_DEBUG) if (UH_DEBUG)
@@ -156,20 +156,20 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "No files uploaded", FALSE, FALSE); e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "No files uploaded", FALSE, FALSE);
return FALSE; return FALSE;
} }
$uploaded = array( $uploaded = array(
); );
$max_upload_size = calc_max_upload_size(varset($options['max_upload_size'], -1)); // Find overriding maximum upload size $max_upload_size = calc_max_upload_size(varset($options['max_upload_size'], -1)); // Find overriding maximum upload size
$allowed_filetypes = get_filetypes(varset($options['file_mask'], ''), varset($options['filetypes'], '')); $allowed_filetypes = get_filetypes(varset($options['file_mask'], ''), varset($options['filetypes'], ''));
$max_upload_size = set_max_size($allowed_filetypes, $max_upload_size); $max_upload_size = set_max_size($allowed_filetypes, $max_upload_size);
// That's the basics set up - we can start processing files now // That's the basics set up - we can start processing files now
if (UH_DEBUG) if (UH_DEBUG)
$admin_log-> $admin_log->
e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Start individual files: ".count($files['name'])." Max upload: ".$max_upload_size, FALSE, FALSE); e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Start individual files: ".count($files['name'])." Max upload: ".$max_upload_size, FALSE, FALSE);
$c = 0; $c = 0;
foreach ($files['name'] as $key=>$name) foreach ($files['name'] as $key=>$name)
{ {
@@ -179,14 +179,14 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
$name = preg_replace("/[^a-z0-9._-]/", '', str_replace(' ', '_', str_replace('%20', '_', strtolower($name)))); $name = preg_replace("/[^a-z0-9._-]/", '', str_replace(' ', '_', str_replace('%20', '_', strtolower($name))));
$raw_name = $name; // Save 'proper' file name - useful for display $raw_name = $name; // Save 'proper' file name - useful for display
$file_ext = trim(strtolower(substr(strrchr($name, "."), 1))); // File extension - forced to lower case internally $file_ext = trim(strtolower(substr(strrchr($name, "."), 1))); // File extension - forced to lower case internally
if (!trim($files['type'][$key])) if (!trim($files['type'][$key]))
$files['type'][$key] = 'Unknowm mime-type'; $files['type'][$key] = 'Unknowm mime-type';
if (UH_DEBUG) if (UH_DEBUG)
$admin_log-> $admin_log->
e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Process file {$name}, size ".$files['size'][$key], FALSE, FALSE); e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Process file {$name}, size ".$files['size'][$key], FALSE, FALSE);
if ($max_file_count && ($c > $max_file_count)) if ($max_file_count && ($c > $max_file_count))
{ {
$first_error = 249; // 'Too many files uploaded' error $first_error = 249; // 'Too many files uploaded' error
@@ -195,7 +195,7 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
{ {
$first_error = $files['error'][$key]; // Start with whatever error PHP gives us for the file $first_error = $files['error'][$key]; // Start with whatever error PHP gives us for the file
} }
if (!$first_error) if (!$first_error)
{ // Check file size early on { // Check file size early on
if ($files['size'][$key] == 0) if ($files['size'][$key] == 0)
@@ -211,14 +211,14 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
$first_error = 254; $first_error = 254;
} }
} }
if (!$first_error) if (!$first_error)
{ {
$uploadfile = $files['tmp_name'][$key]; // Name in temporary directory $uploadfile = $files['tmp_name'][$key]; // Name in temporary directory
if (!$uploadfile) if (!$uploadfile)
$first_error = 253; $first_error = 253;
} }
if (!$first_error) if (!$first_error)
{ {
// Need to support multiple files with the same 'real' name in some cases // Need to support multiple files with the same 'real' name in some cases
@@ -232,19 +232,19 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
$addbit = explode('+', $fileinfo, 2); $addbit = explode('+', $fileinfo, 2);
$name = trim($addbit[1]).$name; $name = trim($addbit[1]).$name;
} }
$destination_file = $uploaddir."/".$name; $destination_file = $uploaddir."/".$name;
if ($fileinfo == "unique" && file_exists($destination_file)) if ($fileinfo == "unique" && file_exists($destination_file))
{ // Modify destination name to make it unique - but only if target file name exists { // Modify destination name to make it unique - but only if target file name exists
$name = time()."_".$name; $name = time()."_".$name;
$destination_file = $uploaddir."/".$name; $destination_file = $uploaddir."/".$name;
} }
if (file_exists($destination_file) && !$overwrite) if (file_exists($destination_file) && !$overwrite)
$first_error = 250; // Invent our own error number - duplicate file $first_error = 250; // Invent our own error number - duplicate file
} }
if (!$first_error) if (!$first_error)
{ {
$tpos = FALSE; $tpos = FALSE;
@@ -267,7 +267,7 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
$first_error = 251; // Invent our own error number - file type not permitted $first_error = 251; // Invent our own error number - file type not permitted
} }
} }
if (!$first_error) if (!$first_error)
{ // All tests passed - can store it somewhere { // All tests passed - can store it somewhere
$uploaded[$c]['name'] = $name; $uploaded[$c]['name'] = $name;
@@ -275,7 +275,7 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
$uploaded[$c]['type'] = $files['type'][$key]; $uploaded[$c]['type'] = $files['type'][$key];
$uploaded[$c]['size'] = 0; $uploaded[$c]['size'] = 0;
$uploaded[$c]['index'] = $key; // Store the actual index from the file_userfile array $uploaded[$c]['index'] = $key; // Store the actual index from the file_userfile array
// Store as flat file // Store as flat file
if ((!$ul_temp_dir && @move_uploaded_file($uploadfile, $destination_file)) || ($ul_temp_dir && @rename($uploadfile, $destination_file))) // This should work on all hosts if ((!$ul_temp_dir && @move_uploaded_file($uploadfile, $destination_file)) || ($ul_temp_dir && @rename($uploadfile, $destination_file))) // This should work on all hosts
{ {
@@ -283,7 +283,7 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
if (UH_DEBUG) if (UH_DEBUG)
$admin_log-> $admin_log->
e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Final chmod() file {$destination_file} to {$final_chmod} ", FALSE, FALSE); e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Final chmod() file {$destination_file} to {$final_chmod} ", FALSE, FALSE);
$uploaded[$c]['size'] = $files['size'][$key]; $uploaded[$c]['size'] = $files['size'][$key];
if (UH_DEBUG) if (UH_DEBUG)
$admin_log-> $admin_log->
@@ -294,7 +294,7 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
$first_error = 252; // Error - "couldn't save destination" $first_error = 252; // Error - "couldn't save destination"
} }
} }
if (!$first_error) if (!$first_error)
{ // This file succeeded { // This file succeeded
$uploaded[$c]['message'] = LANUPLOAD_3." '".$raw_name."'"; $uploaded[$c]['message'] = LANUPLOAD_3." '".$raw_name."'";
@@ -351,7 +351,7 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
default: // Shouldn't happen - but at least try and make it obvious if it does! default: // Shouldn't happen - but at least try and make it obvious if it does!
$error = LANUPLOAD_16; $error = LANUPLOAD_16;
} }
$uploaded[$c]['message'] = LANUPLOAD_11." '".$name."' <br />".LANUPLOAD_12.": ".$error; $uploaded[$c]['message'] = LANUPLOAD_11." '".$name."' <br />".LANUPLOAD_12.": ".$error;
$uploaded[$c]['line'] = __LINE__; $uploaded[$c]['line'] = __LINE__;
$uploaded[$c]['file'] = __FILE__; $uploaded[$c]['file'] = __FILE__;
@@ -432,7 +432,7 @@ function file_upload($uploaddir, $avatar = FALSE, $fileinfo = "", $overwrite = "
$options = array( $options = array(
'extra_file_types'=>TRUE 'extra_file_types'=>TRUE
); // As default, allow any filetype enabled in filetypes.php ); // As default, allow any filetype enabled in filetypes.php
if (!$uploaddir) if (!$uploaddir)
{ {
$uploaddir = e_UPLOAD; $uploaddir = e_UPLOAD;
@@ -456,13 +456,13 @@ function file_upload($uploaddir, $avatar = FALSE, $fileinfo = "", $overwrite = "
$options['overwrite'] = TRUE; // Allow update of avatar with same file name $options['overwrite'] = TRUE; // Allow update of avatar with same file name
break; break;
} }
if (UH_DEBUG) if (UH_DEBUG)
$admin_log-> $admin_log->
e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Legacy call, directory ".$uploaddir, FALSE, FALSE); e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Legacy call, directory ".$uploaddir, FALSE, FALSE);
$ret = process_uploaded_files(getcwd()."/".$uploaddir, $avatar, $options); // Well, that's the way it was done before $ret = process_uploaded_files(getcwd()."/".$uploaddir, $avatar, $options); // Well, that's the way it was done before
if ($ret === FALSE) if ($ret === FALSE)
{ {
if (UH_DEBUG) if (UH_DEBUG)
@@ -470,13 +470,13 @@ function file_upload($uploaddir, $avatar = FALSE, $fileinfo = "", $overwrite = "
e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Legacy return FALSE", FALSE, FALSE); e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Legacy return FALSE", FALSE, FALSE);
return FALSE; return FALSE;
} }
if (UH_DEBUG) if (UH_DEBUG)
$admin_log-> $admin_log->
e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Legacy return with ".count($ret)." files", FALSE, FALSE); e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Legacy return with ".count($ret)." files", FALSE, FALSE);
$messages = handle_upload_messages($ret, FALSE, TRUE); // Show all the error and acknowledgment messages $messages = handle_upload_messages($ret, FALSE, TRUE); // Show all the error and acknowledgment messages
define(F_MESSAGE, $messages); define(F_MESSAGE, $messages);
if (count($ret) == 1) if (count($ret) == 1)
{ {
if ($ret[0]['error'] != 0) if ($ret[0]['error'] != 0)
@@ -532,7 +532,7 @@ function vet_file($filename, $target_name, $allowed_filetypes = '', $unknown = F
if (!in_array($file_ext, $tmp)) if (!in_array($file_ext, $tmp))
return 6; return 6;
} }
// 2. For all files, read the first little bit to check for any flags etc // 2. For all files, read the first little bit to check for any flags etc
$res = fopen($filename, 'rb'); $res = fopen($filename, 'rb');
$tstr = fread($res, 100); $tstr = fread($res, 100);
@@ -552,7 +552,7 @@ function vet_file($filename, $target_name, $allowed_filetypes = '', $unknown = F
return 7; return 7;
} }
} }
// 3. Now do what we can based on file extension // 3. Now do what we can based on file extension
switch ($file_ext) switch ($file_ext)
{ {
@@ -568,7 +568,7 @@ function vet_file($filename, $target_name, $allowed_filetypes = '', $unknown = F
if (($ret[0] == 0) || ($ret[1] == 0)) if (($ret[0] == 0) || ($ret[1] == 0))
return 5; // Zero size picture or bad file format return 5; // Zero size picture or bad file format
break; break;
case 'zip': case 'zip':
case 'gzip': case 'gzip':
case 'gz': case 'gz':
@@ -585,21 +585,21 @@ function vet_file($filename, $target_name, $allowed_filetypes = '', $unknown = F
case 'mov': //media case 'mov': //media
case 'avi': //media case 'avi': //media
break; // Just accept these break; // Just accept these
case 'php': case 'php':
case 'htm': case 'htm':
case 'html': case 'html':
case 'cgi': case 'cgi':
case 'pl': case 'pl':
return 9; // Never accept these! Whatever the user thinks! return 9; // Never accept these! Whatever the user thinks!
default: default:
if (is_bool($unknown)) if (is_bool($unknown))
return ($unknown ? TRUE : 8); return ($unknown ? TRUE : 8);
} }
return TRUE; // Accepted here return TRUE; // Accepted here
} }
/** /**
@@ -617,7 +617,7 @@ function vet_file($filename, $target_name, $allowed_filetypes = '', $unknown = F
); );
if ($def_file === FALSE) if ($def_file === FALSE)
return $ret; return $ret;
if ($file_mask) if ($file_mask)
{ {
$file_array = explode(',', $file_mask); $file_array = explode(',', $file_mask);
@@ -626,7 +626,7 @@ function vet_file($filename, $target_name, $allowed_filetypes = '', $unknown = F
$file_array[$k] = trim($f); $file_array[$k] = trim($f);
} }
} }
if ($def_file && is_readable(e_ADMIN.$def_file)) if ($def_file && is_readable(e_ADMIN.$def_file))
{ {
$a_filetypes = trim(file_get_contents(e_ADMIN.$def_file)); $a_filetypes = trim(file_get_contents(e_ADMIN.$def_file));
@@ -646,7 +646,7 @@ function vet_file($filename, $target_name, $allowed_filetypes = '', $unknown = F
} }
return $ret; return $ret;
} }
@@ -706,7 +706,7 @@ function vet_file($filename, $target_name, $allowed_filetypes = '', $unknown = F
} }
/** /**
* Get array of file types (file extensions) which are permitted - reads an XML-formatted definition file. * Get array of file types (file extensions) which are permitted - reads an XML-formatted definition file.
* (Similar to @See{get_allowed_filetypes()}, but expects an XML file) * (Similar to @See{get_allowed_filetypes()}, but expects an XML file)
@@ -722,7 +722,7 @@ function vet_file($filename, $target_name, $allowed_filetypes = '', $unknown = F
); );
if ($def_file === FALSE) if ($def_file === FALSE)
return $ret; return $ret;
if ($file_mask) if ($file_mask)
{ {
$file_array = explode(',', $file_mask); $file_array = explode(',', $file_mask);
@@ -731,22 +731,18 @@ function vet_file($filename, $target_name, $allowed_filetypes = '', $unknown = F
$file_array[$k] = trim($f); $file_array[$k] = trim($f);
} }
} }
if ($def_file && is_readable(e_ADMIN.$def_file)) if ($def_file && is_readable(e_ADMIN.$def_file))
{ {
$xml = e107::getXml(); $xml = e107::getXml();
$temp_vars = $xml->loadXMLfile(e_ADMIN.$def_file, true, false); // class tag should be always array
$xml->setOptArrayTags('class');
$temp_vars = $xml->loadXMLfile(e_ADMIN.$def_file, 'filetypes', false);
if ($temp_vars === FALSE) if ($temp_vars === FALSE)
{ {
echo "Error reading XML file: {$def_file}<br />"; echo "Error reading XML file: {$def_file}<br />";
return $ret; return $ret;
} }
if (count($temp_vars['class']) == 1)
{
$temp_vars['class'] = array(
$temp_vars['class']
);
}
foreach ($temp_vars['class'] as $v1) foreach ($temp_vars['class'] as $v1)
{ {
$v = $v1['@attributes']; $v = $v1['@attributes'];
@@ -759,6 +755,7 @@ function vet_file($filename, $target_name, $allowed_filetypes = '', $unknown = F
foreach ($a_filetypes as $ftype) foreach ($a_filetypes as $ftype)
{ {
$ftype = strtolower(trim(str_replace('.', '', $ftype))); // File extension $ftype = strtolower(trim(str_replace('.', '', $ftype))); // File extension
if (!$file_mask || in_array($ftype, $file_array)) if (!$file_mask || in_array($ftype, $file_array))
{ // We can load this extension { // We can load this extension
if (isset($ret[$ftype])) if (isset($ret[$ftype]))
@@ -774,6 +771,7 @@ function vet_file($filename, $target_name, $allowed_filetypes = '', $unknown = F
} }
} }
} }
return $ret; return $ret;
} }
@@ -811,7 +809,7 @@ function vet_file($filename, $target_name, $allowed_filetypes = '', $unknown = F
e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Final max upload size: {$max_upload_size}", FALSE, FALSE); e_log_event(10, __FILE__."|".__FUNCTION__."@".__LINE__, "DEBUG", "Upload Handler test", "Final max upload size: {$max_upload_size}", FALSE, FALSE);
return $max_upload_size; return $max_upload_size;
} }
/** /**
@@ -833,17 +831,17 @@ function vet_file($filename, $target_name, $allowed_filetypes = '', $unknown = F
} }
return get_allowed_filetypes($filename, $file_mask); return get_allowed_filetypes($filename, $file_mask);
} }
if (is_readable(e_ADMIN.e_READ_FILETYPES)) if (is_readable(e_ADMIN.e_READ_FILETYPES))
{ {
return get_XML_filetypes(e_READ_FILETYPES, $file_mask); return get_XML_filetypes(e_READ_FILETYPES, $file_mask);
} }
if (ADMIN && is_readable(e_ADMIN.'admin_filetypes.php')) if (ADMIN && is_readable(e_ADMIN.'admin_filetypes.php'))
{ {
return get_allowed_filetypes('admin_filetypes.php', $file_mask); return get_allowed_filetypes('admin_filetypes.php', $file_mask);
} }
if (is_readable(e_ADMIN.'filetypes.php')) if (is_readable(e_ADMIN.'filetypes.php'))
{ {
return get_allowed_filetypes('filetypes.php', $file_mask); return get_allowed_filetypes('filetypes.php', $file_mask);
@@ -855,7 +853,7 @@ function vet_file($filename, $target_name, $allowed_filetypes = '', $unknown = F
/** /**
* Scans the array of allowed file types, updates allowed max size as appropriate. * Scans the array of allowed file types, updates allowed max size as appropriate.
* If the value is larger than the site-wide maximum, reduces it. * If the value is larger than the site-wide maximum, reduces it.
* *
* @param array $allowed_filetypes - key is file type (extension), value is maximum size allowed * @param array $allowed_filetypes - key is file type (extension), value is maximum size allowed
* @param int $max_upload_size - site-wide maximum file upload size * @param int $max_upload_size - site-wide maximum file upload size
@@ -895,5 +893,5 @@ function vet_file($filename, $target_name, $allowed_filetypes = '', $unknown = F
$max_upload_size = set_max_size($a_filetypes, $max_upload_size); $max_upload_size = set_max_size($a_filetypes, $max_upload_size);
return $max_upload_size; return $max_upload_size;
} }
?> ?>