mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-01 20:30:39 +02:00
Code Issues Releases Wiki Activity

More code cleanup

Browse Source
This commit is contained in:
Cameron
2016-12-02 13:14:50 -08:00
parent e22eb860f1
commit 4f4021a517
3 changed files with 165 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
e107_admin/image.php
View File

@@ -1864,6 +1864,7 @@ class media_admin_ui extends e_admin_ui
$sql = e107::getDb(); $sql = e107::getDb();
$mes = e107::getMessage(); $mes = e107::getMessage();
$tp = e107::getParser();
if(!empty($_POST['multiaction'])) if(!empty($_POST['multiaction']))
{ {
@@ -1887,7 +1888,7 @@ class media_admin_ui extends e_admin_ui
} }
//delete it from server //delete it from server
$deletePath = e_AVATAR.$path; $deletePath = e_AVATAR.$tp->filter($path);
if(@unlink($deletePath)) if(@unlink($deletePath))
{ {
$mes->addDebug('Deleted: '.$deletePath); $mes->addDebug('Deleted: '.$deletePath);
@@ -2619,7 +2620,7 @@ class media_admin_ui extends e_admin_ui
foreach($_POST['batch_selected'] as $key=>$file) foreach($_POST['batch_selected'] as $key=>$file)
{ {
$oldpath = e_IMPORT.$file; $oldpath = e_IMPORT.$tp->filter($file, 'w');
if($_POST['batch_category'] == '_avatars_public' || $_POST['batch_category'] == '_avatars_private') if($_POST['batch_category'] == '_avatars_public' || $_POST['batch_category'] == '_avatars_private')
{ {

2
e107_plugins/forum/forum_uploads.php
View File

@@ -33,7 +33,7 @@ if(is_array($_POST['delete']))
$f = explode("_", $fname); $f = explode("_", $fname);
if($f[1] == USERID) if($f[1] == USERID)
{ {
$path = e_UPLOAD.$fname; $path = e_UPLOAD.e107::getParser()->filter($fname,'w');
if(unlink($path) == TRUE) if(unlink($path) == TRUE)
{ {
$msg = LAN_FORUM_7002.": $path"; $msg = LAN_FORUM_7002.": $path";

280
e107_web/js/plupload/upload.php
View File

@@ -1,165 +1,207 @@
<?php <?php
/** /**
* upload.php * upload.php
* *
* Copyright 2009, Moxiecode Systems AB * Copyright 2009, Moxiecode Systems AB
* Released under GPL License. * Released under GPL License.
* *
* License: http://www.plupload.com/license * License: http://www.plupload.com/license
* Contributing: http://www.plupload.com/contributing * Contributing: http://www.plupload.com/contributing
*/ */
// HTTP headers for no cache etc // HTTP headers for no cache etc
$_E107['no_online'] = true; $_E107['no_online'] = true;
define('e_MINIMAL', true); define('e_MINIMAL', true);
define('FLOODPROTECT', false); define('FLOODPROTECT', false);
require_once("../../../class2.php"); require_once("../../../class2.php");
if(!ADMIN) if(!ADMIN)
{ {
exit; exit;
} }
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false); header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache"); header("Pragma: no-cache");
// Settings // Settings
// $targetDir = ini_get("upload_tmp_dir") . DIRECTORY_SEPARATOR . "plupload"; // $targetDir = ini_get("upload_tmp_dir") . DIRECTORY_SEPARATOR . "plupload";
$targetDir = e_IMPORT; $targetDir = e_IMPORT;
//$targetDir = 'uploads'; //$targetDir = 'uploads';
$cleanupTargetDir = true; // Remove old files $cleanupTargetDir = true; // Remove old files
$maxFileAge = 5 * 3600; // Temp file age in seconds $maxFileAge = 5 * 3600; // Temp file age in seconds
// 5 minutes execution time // 5 minutes execution time
@set_time_limit(5 * 60); @set_time_limit(5 * 60);
// Uncomment this one to fake upload time // Uncomment this one to fake upload time
// usleep(5000); // usleep(5000);
// Get parameters // Get parameters
$chunk = isset($_REQUEST["chunk"]) ? intval($_REQUEST["chunk"]) : 0; $chunk = isset($_REQUEST["chunk"]) ? intval($_REQUEST["chunk"]) : 0;
$chunks = isset($_REQUEST["chunks"]) ? intval($_REQUEST["chunks"]) : 0; $chunks = isset($_REQUEST["chunks"]) ? intval($_REQUEST["chunks"]) : 0;
$fileName = isset($_REQUEST["name"]) ? $_REQUEST["name"] : ''; $fileName = isset($_REQUEST["name"]) ? $_REQUEST["name"] : '';
// Clean the fileName for security reasons // Clean the fileName for security reasons
$fileName = preg_replace('/[^\w\._]+/', '_', $fileName); $fileName = preg_replace('/[^\w\._]+/', '_', $fileName);
// Make sure the fileName is unique but only if chunking is disabled // Make sure the fileName is unique but only if chunking is disabled
if ($chunks < 2 && file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName)) { if($chunks < 2 && file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName))
$ext = strrpos($fileName, '.'); {
$fileName_a = substr($fileName, 0, $ext); $ext = strrpos($fileName, '.');
$fileName_b = substr($fileName, $ext); $fileName_a = substr($fileName, 0, $ext);
$fileName_b = substr($fileName, $ext);
$count = 1; $count = 1;
while (file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName_a . '_' . $count . $fileName_b)) while(file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName_a . '_' . $count . $fileName_b))
$count++; {
$count++;
}
$fileName = $fileName_a . '_' . $count . $fileName_b; $fileName = $fileName_a . '_' . $count . $fileName_b;
} }
$filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName; $filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName;
// Create target dir // Create target dir
if (!file_exists($targetDir)) if(!file_exists($targetDir))
@mkdir($targetDir); {
@mkdir($targetDir);
}
// Remove old temp files // Remove old temp files
if ($cleanupTargetDir && is_dir($targetDir) && ($dir = opendir($targetDir))) { if($cleanupTargetDir && is_dir($targetDir) && ($dir = opendir($targetDir)))
while (($file = readdir($dir)) !== false) { {
$tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file; while(($file = readdir($dir)) !== false)
{
$tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file;
// Remove temp file if it is older than the max age and is not the current file // Remove temp file if it is older than the max age and is not the current file
if (preg_match('/\.part$/', $file) && (filemtime($tmpfilePath) < time() - $maxFileAge) && ($tmpfilePath != "{$filePath}.part")) { if(preg_match('/\.part$/', $file) && (filemtime($tmpfilePath) < time() - $maxFileAge) && ($tmpfilePath != "{$filePath}.part"))
@unlink($tmpfilePath); {
@unlink($tmpfilePath);
}
}
closedir($dir);
}
else
{
die('{"jsonrpc" : "2.0", "error" : {"code": 100, "message": "Failed to open temp directory."}, "id" : "id"}');
}
// Look for the content type header
if(isset($_SERVER["HTTP_CONTENT_TYPE"]))
{
$contentType = $_SERVER["HTTP_CONTENT_TYPE"];
}
if(isset($_SERVER["CONTENT_TYPE"]))
{
$contentType = $_SERVER["CONTENT_TYPE"];
}
// Handle non multipart uploads older WebKit versions didn't support multipart in HTML5
if(strpos($contentType, "multipart") !== false)
{
if(isset($_FILES['file']['tmp_name']) && is_uploaded_file($_FILES['file']['tmp_name']))
{
// Open temp file
$out = fopen("{$filePath}.part", $chunk == 0 ? "wb" : "ab");
if($out)
{
// Read binary input stream and append it to temp file
$tmpName = e107::getParser()->filter($_FILES['file']['tmp_name'],'w');
$in = fopen($tmpName, "rb");
if($in)
{
while($buff = fread($in, 4096))
{
fwrite($out, $buff);
}
}
else
{
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
}
fclose($in);
fclose($out);
@unlink($tmpName);
}
else
{
die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
}
}
else
{
die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}');
}
}
else
{
// Open temp file
$out = fopen("{$filePath}.part", $chunk == 0 ? "wb" : "ab");
if($out)
{
// Read binary input stream and append it to temp file
$in = fopen("php://input", "rb");
if($in)
{
while($buff = fread($in, 4096))
{
fwrite($out, $buff);
}
}
else
{
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
}
fclose($in);
fclose($out);
}
else
{
die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
} }
} }
closedir($dir);
} else
die('{"jsonrpc" : "2.0", "error" : {"code": 100, "message": "Failed to open temp directory."}, "id" : "id"}');
// Look for the content type header
if (isset($_SERVER["HTTP_CONTENT_TYPE"]))
$contentType = $_SERVER["HTTP_CONTENT_TYPE"];
if (isset($_SERVER["CONTENT_TYPE"]))
$contentType = $_SERVER["CONTENT_TYPE"];
// Handle non multipart uploads older WebKit versions didn't support multipart in HTML5
if (strpos($contentType, "multipart") !== false) {
if (isset($_FILES['file']['tmp_name']) && is_uploaded_file($_FILES['file']['tmp_name'])) {
// Open temp file
$out = fopen("{$filePath}.part", $chunk == 0 ? "wb" : "ab");
if ($out) {
// Read binary input stream and append it to temp file
$in = fopen($_FILES['file']['tmp_name'], "rb");
if ($in) {
while ($buff = fread($in, 4096))
fwrite($out, $buff);
} else
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
fclose($in);
fclose($out);
@unlink($_FILES['file']['tmp_name']);
} else
die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
} else
die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}');
} else {
// Open temp file
$out = fopen("{$filePath}.part", $chunk == 0 ? "wb" : "ab");
if ($out) {
// Read binary input stream and append it to temp file
$in = fopen("php://input", "rb");
if ($in) {
while ($buff = fread($in, 4096))
fwrite($out, $buff);
} else
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
fclose($in);
fclose($out);
} else
die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
}
// Check if file has been uploaded // Check if file has been uploaded
if (!$chunks || $chunk == $chunks - 1) { if(!$chunks || $chunk == $chunks - 1)
// Strip the temp .part suffix off {
rename("{$filePath}.part", $filePath); // Strip the temp .part suffix off
} rename("{$filePath}.part", $filePath);
}
// rename($targetDir.$fileName,e_MEDIA."images/2012-05/",$fileName); // rename($targetDir.$fileName,e_MEDIA."images/2012-05/",$fileName);
if($_GET['for'] !='') // leave in upload directory if no category given. if($_GET['for'] != '') // leave in upload directory if no category given.
{ {
$result = e107::getMedia()->importFile($fileName,$_GET['for']); $result = e107::getMedia()->importFile($fileName, $_GET['for']);
} }
$log = $_GET; $log = $_GET;
$log['filepath'] = $filePath; $log['filepath'] = $filePath;
$log['filename'] = $fileName; $log['filename'] = $fileName;
$log['status'] = ($result) ? 'ok' : 'failed'; $log['status'] = ($result) ? 'ok' : 'failed';
$type = ($result) ? E_LOG_INFORMATIVE : E_LOG_WARNING; $type = ($result) ? E_LOG_INFORMATIVE : E_LOG_WARNING;
e107::getLog()->add('Media Upload', print_r($log,true), $type, MEDIA_01); e107::getLog()->add('Media Upload', print_r($log, true), $type, MEDIA_01);
$array = array("jsonrpc"=>"2.0", "result"=>$result,"id"=>"id"); $array = array("jsonrpc" => "2.0", "result" => $result, "id" => "id");
echo json_encode($array); echo json_encode($array);
// Return JSON-RPC response // Return JSON-RPC response
// die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}'); // die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}');