mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-03-14 01:19:44 +01:00
Code Issues Releases Wiki Activity

First cut of modified upload system - uses class-based limits in filetypes.xml

Browse Source
This commit is contained in:
e107steved 2008-04-22 20:32:59 +00:00
parent 7df7e2e6dd
commit 958e68d6a0
9 changed files with 723 additions and 329 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
e107_admin/filetypes_.xml Normal file
View File

@ -0,0 +1,3 @@
<e107Filetypes>
<class name='253' type='zip,gz,jpg,png,gif' maxupload='2M' />
</e107Filetypes>

552
e107_admin/upload.php
View File

@ -11,52 +11,68 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_admin/upload.php,v $
| $Revision: 1.3 $
| $Date: 2007-09-22 12:40:03 $
| $Revision: 1.4 $
| $Date: 2008-04-22 20:32:39 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
require_once("../class2.php");
if (!getperms("V")) {
header("location:".e_BASE."index.php");
exit;
if (!getperms("V"))
{
header("location:".e_BASE."index.php");
exit;
}
$e_sub_cat = 'upload';
if (e_QUERY) {
$tmp = explode(".", e_QUERY);
$action = $tmp[0];
$id = $tmp[1];
$action = 'list'; // Default action
if (e_QUERY)
{
$tmp = explode(".", e_QUERY);
$action = $tmp[0];
$id = varset($tmp[1],0);
}
if ($action == "dis" && isset($_POST['updelete']['upload_'.$id]) ) {
if ($action == "dis" && isset($_POST['updelete']['upload_'.$id]) )
{
$res = $sql -> db_Select("upload", "*", "upload_id='".intval($id)."'");
$row = $sql -> db_Fetch();
if (preg_match("#Binary (.*?)/#", $row['upload_file'], $match)) {
if (preg_match("#Binary (.*?)/#", $row['upload_file'], $match))
{
$sql -> db_Delete("rbinary", "binary_id='".$tp -> toDB($match[1])."'");
} else if ($row['upload_file'] && file_exists(e_FILE."public/".$row['upload_file'])) {
}
else if ($row['upload_file'] && file_exists(e_FILE."public/".$row['upload_file']))
{
unlink(e_FILE."public/".$row['upload_file']);
}
if (preg_match("#Binary (.*?)/#", $row['upload_ss'], $match)) {
if (preg_match("#Binary (.*?)/#", $row['upload_ss'], $match))
{
$sql -> db_Delete("rbinary", "binary_id='".$tp -> toDB($match[1])."'");
} else if ($row['upload_ss'] && file_exists(e_FILE."public/".$row['upload_ss'])) {
}
else if ($row['upload_ss'] && file_exists(e_FILE."public/".$row['upload_ss']))
{
unlink(e_FILE."public/".$row['upload_ss']);
}
$message = ($sql->db_Delete("upload", "upload_id='".intval($id)."'")) ? UPLLAN_1 : LAN_DELETED_FAILED;
}
if ($action == "dlm") {
header("location: ".e_ADMIN."download.php?dlm.".$id);
exit;
if ($action == "dlm")
{
header("location: ".e_ADMIN."download.php?dlm.".$id);
exit;
}
if ($action == "news") {
header("location: ".e_ADMIN."newspost.php?create.upload.".$id);
exit;
if ($action == "news")
{
header("location: ".e_ADMIN."newspost.php?create.upload.".$id);
exit;
}
if ($action == "dl") {
if ($action == "dl")
{
$id = str_replace("%20", " ", $id);
if (preg_match("/Binary\s(.*?)\/.*/", $id, $result)) {
@ -77,23 +93,26 @@ if ($action == "dl") {
}
}
require_once(e_HANDLER.'upload_handler.php');
require_once("auth.php");
require_once(e_HANDLER."userclass_class.php");
$gen = new convert;
require_once(e_HANDLER."form_handler.php");
$rs = new form;
if (isset($_POST['optionsubmit'])) {
if (isset($_POST['optionsubmit']))
{
$pref['upload_storagetype'] = $_POST['upload_storagetype'];
$pref['upload_maxfilesize'] = $_POST['upload_maxfilesize'];
$pref['upload_class'] = $_POST['upload_class'];
$pref['upload_enabled'] = (FILE_UPLOADS ? $_POST['upload_enabled'] : 0);
if ($pref['upload_enabled'] && !$sql->db_Select("links", "*", "link_url='upload.php' ")) {
$sql->db_Insert("links", "0, '".UPLLAN_44."', 'upload.php', '', '', 1,0,0,0,0");
if ($pref['upload_enabled'] && !$sql->db_Select("links", "*", "link_url='upload.php' "))
{
$sql->db_Insert("links", "0, '".UPLLAN_44."', 'upload.php', '', '', 1,0,0,0,0");
}
if (!$pref['upload_enabled'] && $sql->db_Select("links", "*", "link_url='upload.php' ")) {
if (!$pref['upload_enabled'] && $sql->db_Select("links", "*", "link_url='upload.php' "))
{
$sql->db_Delete("links", "link_url='upload.php' ");
}
@ -101,164 +120,150 @@ if (isset($_POST['optionsubmit'])) {
$message = UPLLAN_2;
}
if (isset($message)) {
require_once(e_HANDLER."message_handler.php");
message_handler("ADMIN_MESSAGE", $message);
if (isset($message))
{
require_once(e_HANDLER."message_handler.php");
message_handler("ADMIN_MESSAGE", $message);
}
if (!FILE_UPLOADS) {
message_handler("ADMIN_MESSAGE", UPLLAN_41);
if (!FILE_UPLOADS)
{
message_handler("ADMIN_MESSAGE", UPLLAN_41);
}
// view -------------------------------------------------------------------------------------------------------------------------------------------------------------------
switch ($action)
{
case 'filetypes' :
if(!getperms("0")) exit;
if ($action == "view") {
$sql->db_Select("upload", "*", "upload_id='$id'");
$row = $sql->db_Fetch();
extract($row);
$definition_source = UPLLAN_58;
$source_file = '';
$edit_upload_list = varset($_POST['upload_do_edit'],FALSE);
$post_author_id = substr($upload_poster, 0, strpos($upload_poster, "."));
$post_author_name = substr($upload_poster, (strpos($upload_poster, ".")+1));
$poster = (!$post_author_id ? "<b>".$post_author_name."</b>" : "<a href='".e_BASE."user.php?id.".$post_author_id."'><b>".$post_author_name."</b></a>");
$upload_datestamp = $gen->convert_date($upload_datestamp, "long");
$text = "<div style='text-align:center'>
<table style='".ADMIN_WIDTH."' class='fborder'>
<tr>
<td style='width:30%' class='forumheader3'>".UPLLAN_3."</td>
<td style='width:70%' class='forumheader3'>$upload_id</td>
</tr>
<tr>
<td style='width:30%' class='forumheader3'>".LAN_DATE."</td>
<td style='width:70%' class='forumheader3'>$upload_datestamp</td>
</tr>
<tr>
<td style='width:30%' class='forumheader3'>".UPLLAN_5."</td>
<td style='width:70%' class='forumheader3'>$poster</td>
</tr>
<tr>
<td style='width:30%' class='forumheader3'>".UPLLAN_6."</td>
<td style='width:70%' class='forumheader3'><a href='mailto:$upload_email'>$upload_email</td>
</tr>
<tr>
<td style='width:30%' class='forumheader3'>".UPLLAN_7."</td>
<td style='width:70%' class='forumheader3'>".($upload_website ? "<a href='$upload_website'>$upload_website</a>" : " - ")."</td>
</tr>
<tr>
<td style='width:30%' class='forumheader3'>".UPLLAN_8."</td>
<td style='width:70%' class='forumheader3'>".($upload_name ? $upload_name: " - ")."</td>
</tr>
<tr>
<td style='width:30%' class='forumheader3'>".UPLLAN_9."</td>
<td style='width:70%' class='forumheader3'>".($upload_version ? $upload_version : " - ")."</td>
</tr>
<tr>
<td style='width:30%' class='forumheader3'>".UPLLAN_10."</td>
<td style='width:70%' class='forumheader3'>".(is_numeric($upload_file) ? "Binary file ID ".$upload_file : "<a href='".e_SELF."?dl.$upload_file'>$upload_file</a>")."</td>
</tr>
<tr>
<td style='width:30%' class='forumheader3'>".UPLLAN_11."</td>
<td style='width:70%' class='forumheader3'>".parsesize($upload_filesize)."</td>
</tr>
<tr>
<td style='width:30%' class='forumheader3'>".UPLLAN_12."</td>
<td style='width:70%' class='forumheader3'>".($upload_ss ? "<a href='".e_BASE."request.php?upload.".$upload_id."'>".$upload_ss."</a>" : " - ")."</td>
</tr>
<tr>
<td style='width:30%' class='forumheader3'>".UPLLAN_13."</td>
<td style='width:70%' class='forumheader3'>$upload_description</td>
</tr>
<tr>
<td style='width:30%' class='forumheader3'>".UPLLAN_14."</td>
<td style='width:70%' class='forumheader3'>".($upload_demo ? $upload_demo : " - ")."</td>
</tr>
<tr>
<td style='width:30%' class='forumheader3'>".LAN_OPTIONS."</td>
<td style='width:70%' class='forumheader3'><a href='".e_SELF."?dlm.$upload_id'>".UPLAN_COPYTODLM."</a> | <a href='".e_SELF."?news.$upload_id'>".UPLLAN_16."</a> | <a href='".e_SELF."?dis.$upload_id'>".UPLLAN_17."</a></td>
</tr>
</table>
</div>";
$ns->tablerender(UPLLAN_18, $text);
}
if (isset($_POST['generate_filetypes_xml']))
{ // Write back edited data to filetypes_.xml
$file_text = "<e107Filetypes>\n";
foreach ($_POST['file_class_select'] as $k => $c)
{
if (!isset($_POST['file_line_delete_'.$c]) && varsettrue($_POST['file_type_list'][$k]))
{
// echo "Key: {$k} Class: {$c} Delete: {$_POST['file_line_delete'][$k]} List: {$_POST['file_type_list'][$k]} Size: {$_POST['file_maxupload'][$k]}<br />";
$file_text .= " <class name='{$c}' type='{$_POST['file_type_list'][$k]}' maxupload='".varsettrue($_POST['file_maxupload'][$k],ini_get('upload_max_filesize'))."' />\n";
}
}
$file_text .= "</e107Filetypes>\n";
if ((($handle = fopen(e_UPLOAD_TEMP_DIR.e_SAVE_FILETYPES,'wt')) == FALSE)
|| (fwrite($handle,$file_text) == FALSE)
|| (fclose($handle) == FALSE))
{
$text = UPLLAN_61.e_UPLOAD_TEMP_DIR.e_SAVE_FILETYPES;
}
else
{
$text = '';
$text .= '<br />'.UPLLAN_59.e_UPLOAD_TEMP_DIR.e_SAVE_FILETYPES.'. '.UPLLAN_60.e_ADMIN.e_READ_FILETYPES.'<br />';
}
$ns->tablerender(UPLLAN_49, $text);
}
// list -------------------------------------------------------------------------------------------------------------------------------------------------------------------
$imgd = e_BASE.$IMAGES_DIRECTORY;
$text = "<div style='text-align:center'>
<table style='".ADMIN_WIDTH."' class='fborder'>
<tr>
<td style='width:5%' class='fcaption'>".UPLLAN_22."</td>
<td style='width:10%' class='fcaption'>".LAN_DATE."</td>
<td style='width:20%' class='fcaption'>".UPLLAN_5."</td>
<td style='width:20%' class='fcaption'>".UPLLAN_23."</td>
<td style='width:30%' class='fcaption'>".UPLLAN_24."</td>
<td style='width:18px' class='fcaption'>".UPLLAN_42."</td>
</tr>";
$text .= "<tr><td class='forumheader3' style='text-align:center' colspan='6'>";
if (!$active_uploads = $sql->db_Select("upload", "*", "upload_active=0 ORDER BY upload_id ASC")) {
$text .= UPLLAN_19.".\n</td>\n</tr>";
} else {
$activeUploads = $sql -> db_getList();
$text .= UPLLAN_20." ".($active_uploads == 1 ? UPLAN_IS : UPLAN_ARE).$active_uploads." ".($active_uploads == 1 ? UPLLAN_21 : UPLLAN_27)." ...";
$text .= "</td></tr>";
foreach($activeUploads as $row)
$current_perms = array();
if (($edit_upload_list && is_readable(e_UPLOAD_TEMP_DIR.e_SAVE_FILETYPES)) || (!$edit_upload_list && is_readable(e_ADMIN.e_READ_FILETYPES)))
{
extract($row);
$post_author_id = substr($upload_poster, 0, strpos($upload_poster, "."));
$post_author_name = substr($upload_poster, (strpos($upload_poster, ".")+1));
$poster = (!$post_author_id ? "<b>".$post_author_name."</b>" : "<a href='".e_BASE."user.php?id.".$post_author_id."'><b>".$post_author_name."</b></a>");
$upload_datestamp = $gen->convert_date($upload_datestamp, "short");
$text .= "<tr>
<td style='width:5%' class='forumheader3'>".$upload_id ."</td>
<td style='width:20%' class='forumheader3'>".$upload_datestamp."</td>
<td style='width:15%' class='forumheader3'>".$poster."</td>
<td style='width:20%' class='forumheader3'><a href='".e_SELF."?view.".$upload_id."'>".$upload_name ."</a></td>
<td style='width:20%' class='forumheader3'>".$upload_file ."</td>
<td style='width:50px;white-space:nowrap' class='forumheader3'>
<form action='".e_SELF."?dis.$upload_id' id='uploadform_{$upload_id}' method='post'>
<div><a href='".e_SELF."?dlm.$upload_id'><img src='".e_IMAGE."packs/".$imode."/admin_images/downloads_16.png' alt='".UPLAN_COPYTODLS."' title='".UPLAN_COPYTODLS."' style='border:0' /></a>
<a href='".e_SELF."?news.$upload_id'><img src='".e_IMAGE."packs/".$imode."/admin_images/news_16.png' alt='".UPLLAN_16."' title='".UPLLAN_16."' style='border:0' /></a>
<input type='image' title='".LAN_DELETE."' name='updelete[upload_{$upload_id}]' src='".ADMIN_DELETE_ICON_PATH."' onclick=\"return jsconfirm('".$tp->toJS(UPLLAN_45." [ $upload_name ]")."') \"/>
</div></form></td>
require_once(e_HANDLER.'xml_class.php');
$xml = new xmlClass;
$source_file = $edit_upload_list ? e_UPLOAD_TEMP_DIR.e_SAVE_FILETYPES : e_ADMIN.e_READ_FILETYPES;
$temp_vars = $xml->loadXMLfile($source_file, true, false);
if ($temp_vars === FALSE)
{
echo "Error parsing XML file!";
}
else
{
// echo "<pre>";
// var_dump($temp_vars);
// echo "</pre>";
foreach ($temp_vars['class'] as $v1)
{
$v = $v1['@attributes'];
$current_perms[$v['name']] = array('type' => $v['type'],'maxupload' => $v['maxupload']);
}
}
}
elseif (is_readable(e_ADMIN.'filetypes.php'))
{
$source_file = 'filetypes.php';
$current_perms[e_UC_MEMBER] = array('type' => implode(',',array_keys(get_allowed_filetypes('filetypes.php', ''))),'maxupload' => '2M');
if (is_readable(e_ADMIN.'admin_filetypes.php'))
{
$current_perms[e_UC_ADMIN] = array('type' => implode(',',array_keys(get_allowed_filetypes('admin_filetypes.php', ''))),'maxupload' => '2M');
$source_file .= ' + admin_filetypes.php';
}
}
else
{ // Set a default
$current_perms[e_UC_MEMBER] = array('type' => 'zip,tar,gz,jpg,png','maxupload' => '2M');
}
$text = "<div style='text-align:center'>
<form method='post' action='".e_SELF."?filetypes'>
<table style='".ADMIN_WIDTH."' class='fborder'>
<colgroup>
<col style='width:30%' />
<col style='width:40%' />
<col style='width:25%' />
<col style='width:5%' />
</colgroup>
<tr>
<td class='forumheader3' colspan='4'><input type='hidden' name='upload_do_edit' value='1'>".
str_replace(array('--SOURCE--', '--DEST--'),array(e_UPLOAD_TEMP_DIR.e_SAVE_FILETYPES,e_ADMIN.e_READ_FILETYPES),UPLLAN_52)."</td>
</tr>
<tr>
<td class='forumheader3' colspan='4'>".UPLLAN_57.$source_file."</td>
</tr>
<tr>
<td class='fcaption'>".UPLLAN_53."</td>
<td class='fcaption'>".UPLLAN_54."</td>
<td class='fcaption' style='text-align:center'>".UPLLAN_55."</td>
<td class='fcaption' style='text-align:center'>".UPLAN_DELETE."</td>
</tr>";
foreach ($current_perms as $uclass => $uinfo)
{
$text .= "
<tr>
<td class='forumheader3'><select name='file_class_select[]' class='tbox'>
".$e_userclass->vetted_tree('file_class_select',array($e_userclass,'select'), $uclass,'member,main,classes,admin')."
</select></td>
<td class='forumheader3'><input type='text' name='file_type_list[]' value='{$uinfo['type']}' class='tbox' size='40' /></td>
<td class='forumheader3' style='text-align:center'><input type='text' name='file_maxupload[]' value='{$uinfo['maxupload']}' class='tbox' size='10' /></td>
<td class='forumheader3'><input type='checkbox' value='1' name='file_line_delete_{$uclass}' /></td>
</tr>";
}
}
$text .= "</table>\n</div>";
// Now put up a box to add a new setting
$text .= "
<tr>
<td class='forumheader3'><select name='file_class_select[]' class='tbox'>
".$e_userclass->vetted_tree('file_class_select',array($e_userclass,'select'), '','member,main,classes,admin,blank')."
</select></td>
<td class='forumheader3'><input type='text' name='file_type_list[]' value='' class='tbox' size='40' /></td>
<td class='forumheader3' style='text-align:center'><input type='text' name='file_maxupload[]' value='".ini_get('upload_max_filesize')."' class='tbox' size='10' /></td>
<td class='forumheader3'>&nbsp;</td>
</tr>";
$text .= "
<tr>
<td class='forumheader3' style='text-align:center' colspan='4'>
<input class='button' type='submit' name='generate_filetypes_xml' value='".UPLLAN_56."' />
</td>
</tr>
</table></form>
</div>";
$ns->tablerender(UPLLAN_43, $text);
// options -------------------------------------------------------------------------------------------------------------------------------------------------------------------
if (is_readable(e_ADMIN.'filetypes.php')) {
$allowed_filetypes = trim(file_get_contents(e_ADMIN.'filetypes.php'));
}
$text = "<div style='text-align:center'>
<form method='post' action='".e_SELF."'>
$ns->tablerender(UPLLAN_49, $text);
break;
case 'options' :
if(!getperms("0")) exit;
$text = "<div style='text-align:center'>
<form method='post' action='".e_SELF."?options'>
<table style='".ADMIN_WIDTH."' class='fborder'>
<tr>
<td style='width:50%' class='forumheader3'>".UPLLAN_25."<br />
@ -281,13 +286,6 @@ $text = "<div style='text-align:center'>
</td>
</tr>
<tr>
<td style='width:70%' class='forumheader3'>".UPLLAN_35."<br />
<span class='smalltext'>".UPLLAN_48."</span></td>
<td style='width:30%' class='forumheader3'>".$allowed_filetypes."
</td>
</tr>
<tr>
<td style='width:70%' class='forumheader3'>".UPLLAN_37."<br />
<span class='smalltext'>".UPLLAN_38."</span></td>
@ -303,31 +301,187 @@ $text = "<div style='text-align:center'>
</table>". $rs->form_close()."
</div>";
$ns->tablerender(LAN_OPTIONS, $text);
$ns->tablerender(LAN_OPTIONS, $text);
break;
case 'view' :
$sql->db_Select("upload", "*", "upload_id='{$id}'");
$row = $sql->db_Fetch();
extract($row);
$post_author_id = substr($upload_poster, 0, strpos($upload_poster, "."));
$post_author_name = substr($upload_poster, (strpos($upload_poster, ".")+1));
$poster = (!$post_author_id ? "<b>".$post_author_name."</b>" : "<a href='".e_BASE."user.php?id.".$post_author_id."'><b>".$post_author_name."</b></a>");
$upload_datestamp = $gen->convert_date($upload_datestamp, "long");
$text = "<div style='text-align:center'>
<table style='".ADMIN_WIDTH."' class='fborder'>
<colgroup>
<col style='width:30%' />
<col style='width:70%' />
</colgroup>
<tr>
<td class='forumheader3'>".UPLLAN_3."</td>
<td class='forumheader3'>{$upload_id}</td>
</tr>
<tr>
<td class='forumheader3'>".LAN_DATE."</td>
<td class='forumheader3'>{$upload_datestamp}</td>
</tr>
<tr>
<td class='forumheader3'>".UPLLAN_5."</td>
<td class='forumheader3'>{$poster}</td>
</tr>
<tr>
<td class='forumheader3'>".UPLLAN_6."</td>
<td class='forumheader3'><a href='mailto:{$upload_email}'>{$upload_email}</td>
</tr>
<tr>
<td class='forumheader3'>".UPLLAN_7."</td>
<td class='forumheader3'>".($upload_website ? "<a href='{$upload_website}'>{$upload_website}</a>" : " - ")."</td>
</tr>
<tr>
<td class='forumheader3'>".UPLLAN_8."</td>
<td class='forumheader3'>".($upload_name ? $upload_name: " - ")."</td>
</tr>
<tr>
<td class='forumheader3'>".UPLLAN_9."</td>
<td class='forumheader3'>".($upload_version ? $upload_version : " - ")."</td>
</tr>
<tr>
<td class='forumheader3'>".UPLLAN_10."</td>
<td class='forumheader3'>".(is_numeric($upload_file) ? "Binary file ID ".$upload_file : "<a href='".e_SELF."?dl.{$upload_file}'>$upload_file</a>")."</td>
</tr>
<tr>
<td class='forumheader3'>".UPLLAN_11."</td>
<td class='forumheader3'>".parsesize($upload_filesize)."</td>
</tr>
<tr>
<td class='forumheader3'>".UPLLAN_12."</td>
<td class='forumheader3'>".($upload_ss ? "<a href='".e_BASE."request.php?upload.".$upload_id."'>".$upload_ss."</a>" : " - ")."</td>
</tr>
<tr>
<td class='forumheader3'>".UPLLAN_13."</td>
<td class='forumheader3'>{$upload_description}</td>
</tr>
<tr>
<td class='forumheader3'>".UPLLAN_14."</td>
<td class='forumheader3'>".($upload_demo ? $upload_demo : " - ")."</td>
</tr>
<tr>
<td class='forumheader3'>".LAN_OPTIONS."</td>
<td class='forumheader3'><a href='".e_SELF."?dlm.{$upload_id}'>".UPLAN_COPYTODLM."</a> | <a href='".e_SELF."?news.{$upload_id}'>".UPLLAN_16."</a> | <a href='".e_SELF."?dis.{$upload_id}'>".UPLLAN_17."</a></td>
</tr>
</table>
</div>";
$ns->tablerender(UPLLAN_18, $text);
// Intentionally fall through into list mode
case 'list' :
default :
$imgd = e_BASE.$IMAGES_DIRECTORY;
$text = "<div style='text-align:center'>
<table style='".ADMIN_WIDTH."' class='fborder'>
<colgroup>
<col style='width:5%' />
<col style='width:20%' />
<col style='width:15%' />
<col style='width:20%' />
<col style='width:25%' />
<col style='width:10%' />
<col style='width:50px;white-space:nowrap' />
</colgroup>
<tr>
<td class='fcaption'>".UPLLAN_22."</td>
<td class='fcaption'>".LAN_DATE."</td>
<td class='fcaption'>".UPLLAN_5."</td>
<td class='fcaption'>".UPLLAN_23."</td>
<td class='fcaption'>".UPLLAN_8."</td>
<td class='fcaption'>".UPLLAN_35."</td>
<td class='fcaption'>".UPLLAN_42."</td>
</tr>";
$text .= "<tr><td class='forumheader3' style='text-align:center' colspan='6'>";
if (!$active_uploads = $sql->db_Select("upload", "*", "upload_active=0 ORDER BY upload_id ASC"))
{
$text .= UPLLAN_19.".\n</td>\n</tr>";
}
else
{
$activeUploads = $sql -> db_getList();
$text .= UPLLAN_20." ".($active_uploads == 1 ? UPLAN_IS : UPLAN_ARE).$active_uploads." ".($active_uploads == 1 ? UPLLAN_21 : UPLLAN_27)." ...";
$text .= "</td></tr>";
foreach($activeUploads as $row)
{
extract($row);
$post_author_id = substr($upload_poster, 0, strpos($upload_poster, "."));
$post_author_name = substr($upload_poster, (strpos($upload_poster, ".")+1));
$poster = (!$post_author_id ? "<b>".$post_author_name."</b>" : "<a href='".e_BASE."user.php?id.".$post_author_id."'><b>".$post_author_name."</b></a>");
$upload_datestamp = $gen->convert_date($upload_datestamp, "short");
$text .= "<tr>
<td class='forumheader3'>".$upload_id ."</td>
<td class='forumheader3'>".$upload_datestamp."</td>
<td class='forumheader3'>".$poster."</td>
<td class='forumheader3'><a href='".e_SELF."?view.".$upload_id."'>".$upload_name ."</a></td>
<td class='forumheader3'>".$upload_file ."</td>
<td class='forumheader3'>".parsesize($upload_filesize)."</td>
<td class='forumheader3'>
<form action='".e_SELF."?dis.{$upload_id}' id='uploadform_{$upload_id}' method='post'>
<div><a href='".e_SELF."?dlm.{$upload_id}'><img src='".e_IMAGE."packs/".$imode."/admin_images/downloads_16.png' alt='".UPLAN_COPYTODLS."' title='".UPLAN_COPYTODLS."' style='border:0' /></a>
<a href='".e_SELF."?news.{$upload_id}'><img src='".e_IMAGE."packs/".$imode."/admin_images/news_16.png' alt='".UPLLAN_16."' title='".UPLLAN_16."' style='border:0' /></a>
<input type='image' title='".LAN_DELETE."' name='updelete[upload_{$upload_id}]' src='".ADMIN_DELETE_ICON_PATH."' onclick=\"return jsconfirm('".$tp->toJS(UPLLAN_45." [ {$upload_name} ]")."') \"/>
</div></form></td>
</tr>";
}
}
$text .= "</table>\n</div>";
$ns->tablerender(UPLLAN_43, $text);
} // end - switch($action)
function parsesize($size) {
$kb = 1024;
$mb = 1024 * $kb;
$gb = 1024 * $mb;
$tb = 1024 * $gb;
if ($size < $kb) {
return $size." b";
}
else if($size < $mb) {
return round($size/$kb, 2)." kb";
}
else if($size < $gb) {
return round($size/$mb, 2)." mb";
}
else if($size < $tb) {
return round($size/$gb, 2)." gb";
} else {
return round($size/$tb, 2)." tb";
}
function upload_adminmenu()
{
$action = (e_QUERY) ? e_QUERY : "list";
$var['list']['text'] = UPLLAN_51;
$var['list']['link'] = e_SELF."?list";
$var['list']['perm'] = "V";
if(getperms("0"))
{
$var['filetypes']['text'] = UPLLAN_49;
$var['filetypes']['link'] = e_SELF."?filetypes";
$var['filetypes']['perm'] = "0";
$var['options']['text'] = UPLLAN_50;
$var['options']['link'] = e_SELF."?options";
$var['options']['perm'] = "0";
}
show_admin_menu(UPLLAN_43, $action, $var);
}
require_once("footer.php");
?>

0
e107_files/misc/index.html
View File

0
e107_files/misc/null.txt
View File

375
e107_handlers/upload_handler.php
View File

@ -12,9 +12,20 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_handlers/upload_handler.php,v $
| $Revision: 1.12 $
| $Date: 2008-03-17 20:45:29 $
| $Revision: 1.13 $
| $Date: 2008-04-22 20:32:40 $
| $Author: e107steved $
********** TEST VERSION DOES INTERMEDIATE COPY ***************
Unaltered code to:
V0.7.x File V1.33
V0.8.x File V1.12
To do:
1. Criteria for intermediate copy
2. Make get_file_types compatible with XML counterpart - array of filetype/max size
3. Check sizes - may be different for various file types for non-admin user, for example
+---------------------------------------------------------------+
*/
@ -24,6 +35,14 @@ include_lan(e_LANGUAGEDIR.e_LANGUAGE."/lan_upload_handler.php");
//define("UH_DEBUG",TRUE);
define("UH_DEBUG",FALSE);
define('e_UPLOAD_TEMP_DIR', e_FILE.'temp/'); // Temporary directory
define('e_READ_FILETYPES','filetypes.xml'); // Upload permissions
define('e_SAVE_FILETYPES','filetypes_.xml');
/*
File upload handler - this is the preferred interface for new code
-------------------
@ -43,7 +62,7 @@ Parameters:
$options - an array of supplementary options, all of which will be given appropriate defaults if not defined:
'filetypes' - name of file containing list of valid file types
- Always looks in the admin directory
- defaults to e_ADMIN.admin_filetypes.php for admins (if file exists), otherwise e_ADMIN.filetypes.php for users.
- defaults to e_ADMIN.filetypes.xml, else e_ADMIN.admin_filetypes.php for admins (if file exists), otherwise e_ADMIN.filetypes.php for users.
- FALSE disables this option (which implies that 'extra_file_types' is used)
'file_mask' - comma-separated list of file types which if defined limits the allowed file types to those which are in both this list and the
file specified by the 'filetypes' option. Enables restriction to, for example, image files.
@ -95,7 +114,17 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
global $admin_log;
if (ini_get('open_basedir') != '')
{ // Need to move file to intermediate directory before we can read its contents to check it.
$ul_temp_dir = e_UPLOAD_TEMP_DIR;
}
else
{
$ul_temp_dir = '';
}
if (UH_DEBUG) $admin_log->e_log_event(10,debug_backtrace(),"DEBUG","Upload Handler test","Process uploads to {$uploaddir}, fileinfo ".$fileinfo,FALSE,LOG_TO_ROLLING);
// $admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","Intermediate directory: {$ul_temp_dir} ",FALSE,LOG_TO_ROLLING);
$overwrite = varset($options['overwrite'],FALSE);
@ -112,25 +141,9 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
$file_mask = varset($options['file_mask'],'');
if (isset($options['filetypes']))
{
$allowed_filetypes = get_allowed_filetypes($options['filetypes'], $file_mask);
}
elseif (ADMIN && is_readable(e_ADMIN.'admin_filetypes.php'))
{
$allowed_filetypes = get_allowed_filetypes('admin_filetypes.php', $file_mask);
}
else
{
$allowed_filetypes = get_allowed_filetypes('filetypes.php', $file_mask);
}
$final_chmod = varset($options['final_chmod'],0644);
if (isset($options['file_array_name']))
{
$files = $_FILES[$options['file_array_name']];
@ -154,24 +167,9 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
$uploaded = array();
// Work out maximum allowable file size
if (UH_DEBUG)
{ $admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test",
"File size limits - user set: ".$pref['upload_maxfilesize']." Post_max_size: ".ini_get('post_max_size')." upload_max_size: ".ini_get('upload_max_size'),FALSE,FALSE);
}
$max_upload_size = file_size_decode(ini_get('post_max_size'));
$max_upload_size = file_size_decode(ini_get('upload_max_filesize'), $max_upload_size, 'lt');
if (isset($options['max_upload_size']))
{
$max_upload_size = file_size_decode($options['max_upload_size'], $max_upload_size, 'lt');
}
else
{
if (varset($pref['upload_maxfilesize'],0) > 0) $max_upload_size = file_size_decode($pref['upload_maxfilesize'], $max_upload_size, 'lt');
}
if ($save_to_db) $max_upload_size = min($max_upload_size, 512000); // Approx 500k limit for database saves
if (UH_DEBUG) $admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","Final max upload size: {$max_upload_size}",FALSE,FALSE);
$max_upload_size = calc_max_upload_size(varset($options['max_upload_size'],-1)); // Find overriding maximum upload size
$allowed_filetypes = get_filetypes(varset($options['file_mask'],''), varset($options['filetypes'],''));
$max_upload_size = set_max_size($allowed_filetypes, $max_upload_size);
// That's the basics set up - we can start processing files now
@ -182,81 +180,93 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
$c = 0;
foreach ($files['name'] as $key => $name)
{
if (($name != '') || $files['size'][$key]) // Need this check for things like file manager which allow multiple possible uploads
{
$name = preg_replace("/[^a-z0-9._-]/", "", str_replace(" ", "_", str_replace("%20", "_", strtolower($name))));
$raw_name = $name; // Save 'proper' file name - useful for display
$first_error = FALSE; // Clear error flag
if (($name != '') || $files['size'][$key]) // Need this check for things like file manager which allow multiple possible uploads
{
$name = preg_replace("/[^a-z0-9._-]/", "", str_replace(" ", "_", str_replace("%20", "_", strtolower($name))));
$raw_name = $name; // Save 'proper' file name - useful for display
$file_ext = trim(strtolower(substr(strrchr($name, "."), 1))); // File extension
if (!trim($files['type'][$key])) $files['type'][$key] = 'Unknowm mime-type';
if (!trim($files['type'][$key])) $files['type'][$key] = 'Unknowm mime-type';
if (UH_DEBUG) $admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","Process file {$name}, size ".$files['size'][$key],FALSE,FALSE);
if (UH_DEBUG) $admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","Process file {$name}, size ".$files['size'][$key],FALSE,FALSE);
if ($max_file_count && ($c > $max_file_count))
{
$first_error = 249; // 'Too many files uploaded' error
}
else
{
$first_error = $files['error'][$key]; // Start with whatever error PHP gives us for the file
}
if ($max_file_count && ($c > $max_file_count))
{
$first_error = 249; // 'Too many files uploaded' error
}
else
{
$first_error = $files['error'][$key]; // Start with whatever error PHP gives us for the file
}
if (!$first_error)
{ // Check file size early on
if ($files['size'][$key] == 0)
{
$first_error = 4; // Standard error code for zero size file
if (!$first_error)
{ // Check file size early on
if ($files['size'][$key] == 0)
{
$first_error = 4; // Standard error code for zero size file
}
elseif ($files['size'][$key] > $max_upload_size)
{
$first_error = 254;
}
elseif (isset($allowed_filetypes[$file_ext]) && ($allowed_filetypes[$file_ext] > 0) && ($files['size'][$key] > $allowed_filetypes[$file_ext]))
{ // XML file set limits per extension
$first_error = 254;
}
}
elseif ($files['size'][$key] > $max_upload_size)
{
$first_error = 254;
}
}
if (!$first_error)
{
$uploadfile = $files['tmp_name'][$key]; // Name in temporary directory
if (!$uploadfile) $first_error = 253;
}
if (!$first_error)
{
$uploadfile = $files['tmp_name'][$key]; // Name in temporary directory
if (!$uploadfile) $first_error = 253;
}
if (!$first_error)
{
// Need to support multiple files with the same 'real' name in some cases
if (strpos($fileinfo,"attachment") === 0)
{ // For attachments, add in a prefix plus time and date to give a unique file name
$addbit = explode('+',$fileinfo,2);
$name = time()."_".USERID."_".trim($addbit[1]).$name;
}
elseif (strpos($fileinfo,"prefix") === 0)
{ // For attachments, avatars, photos etc alternatively just add a prefix we've been passed
$addbit = explode('+',$fileinfo,2);
$name = trim($addbit[1]).$name;
}
if (!$first_error)
{
// Need to support multiple files with the same 'real' name in some cases
if (strpos($fileinfo,"attachment") === 0)
{ // For attachments, add in a prefix plus time and date to give a unique file name
$addbit = explode('+',$fileinfo,2);
$name = time()."_".USERID."_".trim($addbit[1]).$name;
}
elseif (strpos($fileinfo,"prefix") === 0)
{ // For attachments, avatars, photos etc alternatively just add a prefix we've been passed
$addbit = explode('+',$fileinfo,2);
$name = trim($addbit[1]).$name;
}
$destination_file = $uploaddir."/".$name;
if ($fileinfo == "unique" && file_exists($destination_file))
{ // Modify destination name to make it unique - but only if target file name exists
$name = time()."_".$name;
$destination_file = $uploaddir."/".$name;
}
if (file_exists($destination_file) && !$overwrite) $first_error = 250; // Invent our own error number - duplicate file
}
if ($fileinfo == "unique" && file_exists($destination_file))
{ // Modify destination name to make it unique - but only if target file name exists
$name = time()."_".$name;
$destination_file = $uploaddir."/".$name;
}
if (file_exists($destination_file) && !$overwrite) $first_error = 250; // Invent our own error number - duplicate file
}
if (!$first_error)
{
$tpos = strrchr($files['name'][$key], "."); // Require uploaded files to have an extension
if ($tpos !== FALSE)
{
$fileext = strtolower($tpos);
$tpos = (($file_status = vet_file($uploadfile, $name, $allowed_filetypes, varset($options['extra_file_types'],FALSE))) === TRUE);
}
if ($tpos === FALSE)
if (!$first_error)
{
$tpos = FALSE;
if ($file_ext != '') // Require any uploaded file to have an extension
{
if ($ul_temp_dir)
{ // Need to move file to our own temporary directory
$tempfilename = $uploadfile;
$uploadfile = $ul_temp_dir.basename($uploadfile);
if (UH_DEBUG) $admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","Move {$tempfilename} to {$uploadfile} ",FALSE,LOG_TO_ROLLING);
@move_uploaded_file($tempfilename,$uploadfile); // This should work on all hosts
}
$tpos = (($file_status = vet_file($uploadfile, $name, $allowed_filetypes, varset($options['extra_file_types'],FALSE))) === TRUE);
}
if ($tpos === FALSE)
{
// File type upload not permitted - error message and abort
$first_error = 251; // Invent our own error number - file type not permitted
$first_error = 251; // Invent our own error number - file type not permitted
}
}
}
if (!$first_error)
@ -271,7 +281,7 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
if ($save_to_db)
{ // Store binary files in the database if selected. Maximum two files this way
// This is really legacy stuff - not seriously changed from the original apart from using the newer file vetting routines
if (UH_DEBUG) $admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","Save to DB {$c}: ".$uploaded[$c]['name'],FALSE,FALSE);
if (UH_DEBUG) $admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","Save to DB {$c}: ".$uploaded[$c]['name'],FALSE,LOG_TO_ROLLING);
set_magic_quotes_runtime(0);
$data = mysql_real_escape_string(fread(fopen($files['tmp_name'][$c], "rb"), filesize($uploadfile)));
set_magic_quotes_runtime(get_magic_quotes_gpc());
@ -289,7 +299,7 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
{ // Store as flat file
// $method = (OPEN_BASEDIR == FALSE ? "copy" : "move_uploaded_file");
// if (@$method($uploadfile, $destination_file))
if (@move_uploaded_file($uploadfile, $destination_file)) // This should work on all hosts
if ((!$ul_temp_dir && @move_uploaded_file($uploadfile, $destination_file)) || ($ul_temp_dir && @rename($uploadfile, $destination_file))) // This should work on all hosts
{
@chmod($destination_file, $final_chmod);
if (UH_DEBUG) $admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","Final chmod() file {$destination_file} to {$final_chmod} ",FALSE,FALSE);
@ -494,6 +504,7 @@ function file_upload($uploaddir, $avatar = FALSE, $fileinfo = "", $overwrite = "
/*
====================================================================
VETTING AND UTILITY ROUTINES
@ -515,7 +526,7 @@ function vet_file($filename, $target_name, $allowed_filetypes = '', $unknown = F
{
// 1. Start by checking against filetypes - that's the easy one!
$file_ext = strtolower(substr(strrchr($target_name, "."), 1));
if (!in_array($file_ext, $allowed_filetypes))
if (!isset($allowed_filetypes[$file_ext]))
{
if (is_bool($unknown)) return 1; // Reject out of hand if no possible alternative extensions
// Otherwise, it could be in the supplementary list
@ -575,6 +586,7 @@ function vet_file($filename, $target_name, $allowed_filetypes = '', $unknown = F
// Get array of file types (file extensions) which are permitted - reads a definition file.
// Key is the file type.
// If $file_mask is a comma-separated list of file types, only those types which are in both the definition file and in $file_mask are added
function get_allowed_filetypes($def_file = FALSE, $file_mask = '')
{
@ -604,13 +616,14 @@ function get_allowed_filetypes($def_file = FALSE, $file_mask = '')
$ftype = strtolower(trim(str_replace('.', '', $ftype)));
if (!$file_mask || in_array($ftype, $file_array))
{
$ret[] = $ftype;
$ret[$ftype] = -1;
}
}
}
return $ret;
}
// Parse a file size string (e.g. 16M) and compute the simple numeric value.
// If $action is empty, return this value.
// If $source evaluates to zero, return the compare value instead
@ -619,6 +632,7 @@ function get_allowed_filetypes($def_file = FALSE, $file_mask = '')
function file_size_decode($source, $compare = 0, $action = '')
{
$source = trim($source);
if (strtolower(substr($source,-1,1)) == 'b') $source = substr($source,0,-1); // Trim a trailing byte indicator
$mult = 1;
$nostrip = FALSE;
if (!$source || is_numeric($source))
@ -652,4 +666,159 @@ function file_size_decode($source, $compare = 0, $action = '')
return 0;
}
function parsesize($size)
{
$kb = 1024;
$mb = 1024 * $kb;
$gb = 1024 * $mb;
$tb = 1024 * $gb;
if ($size < $kb) {
return $size." b";
}
else if($size < $mb) {
return round($size/$kb, 2)." kb";
}
else if($size < $gb) {
return round($size/$mb, 2)." Mb";
}
else if($size < $tb) {
return round($size/$gb, 2)." Gb";
} else {
return round($size/$tb, 2)." Tb";
}
}
// Similar to get_allowed_filetypes(), but expects an XML file
// Returns an array where key is the file extension; value is max upload size
function get_XML_filetypes($def_file = FALSE, $file_mask = '')
{
$ret = array();
if ($def_file === FALSE) return $ret;
if ($file_mask)
{
$file_array = explode(',', $file_mask);
foreach ($file_array as $k => $f)
{
$file_array[$k] = trim($f);
}
}
if ($def_file && is_readable(e_ADMIN.$def_file))
{
require_once(e_HANDLER.'xml_class.php');
$xml = new xmlClass;
$temp_vars = $xml->loadXMLfile(e_ADMIN.$def_file, true, false);
if ($temp_vars === FALSE) return $ret;
foreach ($temp_vars['class'] as $v1)
{
$v = $v1['@attributes'];
if (check_class($v['name']))
{
$current_perms[$v['name']] = array('type' => $v['type'],'maxupload' => $v['maxupload']);
$a_filetypes = explode(',', $v['type']);
foreach ($a_filetypes as $ftype)
{
$ftype = strtolower(trim(str_replace('.', '', $ftype))); // File extension
if (!$file_mask || in_array($ftype, $file_array))
{ // We can load this extension
if (isset($ret[$ftype]))
{
$ret[$ftype] = file_size_decode($v['maxupload'],$ret[$ftype], 'gt'); // Use largest value
}
else
{
$ret[$ftype] = file_size_decode($v['maxupload']);
}
}
}
}
}
}
// echo '<pre>';
// var_dump($ret);
// echo '</pre>';
return $ret;
}
// Calculate 'global' maximum upload size - the maximum before extension-specific restrictions taken into account
function calc_max_upload_size($max_up = -1)
{
global $pref, $admin_log;
// Work out maximum allowable file size
if (UH_DEBUG)
{
$admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test",
"File size limits - user set: ".$pref['upload_maxfilesize']." Post_max_size: ".ini_get('post_max_size')." upload_max_size: ".ini_get('upload_max_size'),FALSE,FALSE);
}
$max_upload_size = file_size_decode(ini_get('post_max_size'));
$max_upload_size = file_size_decode(ini_get('upload_max_filesize'), $max_upload_size, 'lt');
if ($max_up > 0)
{
$max_upload_size = file_size_decode($max_up, $max_upload_size, 'lt');
}
else
{
if (varset($pref['upload_maxfilesize'],0) > 0) $max_upload_size = file_size_decode($pref['upload_maxfilesize'], $max_upload_size, 'lt');
}
if ($save_to_db) $max_upload_size = min($max_upload_size, 512000); // Approx 500k limit for database saves
if (UH_DEBUG) $admin_log->e_log_event(10,__FILE__."|".__FUNCTION__."@".__LINE__,"DEBUG","Upload Handler test","Final max upload size: {$max_upload_size}",FALSE,FALSE);
return $max_upload_size;
}
// Get an array of permitted filetypes according to a set hierarchy.
function get_filetypes($file_mask = FALSE, $filename = '')
{
if ($filename != '')
{
if (strtolower(substr($filename) == '.xml'))
{
return get_allowed_filetypes($filename, $file_mask);
}
return get_allowed_filetypes($filename, $file_mask);
}
if (is_readable(e_ADMIN.e_READ_FILETYPES))
{
return get_XML_filetypes(e_READ_FILETYPES, $file_mask);
}
if (ADMIN && is_readable(e_ADMIN.'admin_filetypes.php'))
{
return get_allowed_filetypes('admin_filetypes.php', $file_mask);
}
if (is_readable(e_ADMIN.'filetypes.php'))
{
return get_allowed_filetypes('filetypes.php', $file_mask);
}
return array(); // Just an empty array
}
// Scans the array of allowed file types, updates allowed max size as appropriate.
// Returns largest allowed file size
function set_max_size(&$allowed_filetypes, $max_upload_size)
{
$new_max = 0;
foreach ($allowed_filetypes as $t => $s)
{
if ($s < 0)
{ // Unspecified max - use the global value
$allowed_filetypes[$t] = $max_upload_size;
}
elseif ($allowed_filetypes[$t] > $max_upload_size) $allowed_filetypes[$t] = $max_upload_size;
if ($allowed_filetypes[$t] > $new_max) $new_max = $allowed_filetypes[$t];
}
return $new_max;
}
?>

27
e107_languages/English/admin/help/upload.php
View File

@ -11,14 +11,33 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/help/upload.php,v $
| $Revision: 1.1.1.1 $
| $Date: 2006-12-02 04:34:43 $
| $Author: mcfly_e107 $
| $Revision: 1.2 $
| $Date: 2008-04-22 20:32:49 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
if (!defined('e107_INIT')) { exit; }
if (e_QUERY) list($action,$junk) = explode('.',e_QUERY); else $action = 'list';
$text = "From here you can allow / disallow the ability for users to upload files and manage those files that have been uploaded.";
switch ($action)
{
case 'filetypes' :
$text = "The file types and maximum file size which can be uploaded are set by user class. This option generates a file called ".e_UPLOAD_TEMP_DIR.e_SAVE_FILETYPES.",
which must be copied or moved to directory ".e_ADMIN_ABS." and renamed to ".e_READ_FILETYPES." before it takes effect.<br />
One definition per class is permitted.<br />
Note that these definitions apply site-wide, even if the public uploads feature is disabled.";
break;
case 'options' :
$text = "The complete public uploads system may be disabled here.<br />
Flatfile storage is generally appropriate (otherwise the maximum file size is hard-limited to 500kb).<br />
The maximum filesize overrides any definitions set in filetypes.xml.<br />
Public uploads may be restricted to a particular user class, but these settings also apply to other areas of the site where uploads may be permitted, such as
news and forms.";
break;
case 'view' :
default :
$text = "This page lists any submitted uploads. You may choose to delete them, transfer them to downloads, or post them to news";
}
$ns -> tablerender("Public Uploads Help", $text);
?>

39
e107_languages/English/admin/lan_upload.php
View File

@ -4,8 +4,8 @@
| e107 website system - Language File.
|
| $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/lan_upload.php,v $
| $Revision: 1.2 $
| $Date: 2007-09-22 12:40:12 $
| $Revision: 1.3 $
| $Date: 2008-04-22 20:32:49 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@ -39,34 +39,57 @@ define("UPLLAN_26", "No public uploads will be permitted if disabled");
define("UPLLAN_27", "unmoderated public uploads");
define("UPLLAN_29", "Storage type");
define("UPLLAN_30", "Choose how to store uploaded files, either as normal files on server or as binary info in database<br /><b>Note</b> binary is only suitable for smaller files under approximately 500kb");
define("UPLLAN_30", "Choose how to store uploaded files, either as normal files on server or as binary info in database<br /><b>Note</b> binary is only suitable for smaller files, and is hard-limited to a maximum of approximately 500kb");
define("UPLLAN_31", "Flatfile");
define("UPLLAN_32", "Binary");
define("UPLLAN_33", "Maximum file size");
define("UPLLAN_34", "Maximum upload size in bytes - leave blank to use settings from php.ini");
define("UPLLAN_35", "Allowed file types");
define("UPLLAN_36", "Please enter one type per line");
define("UPLLAN_34", "Absolute maximum upload size in bytes. Further limited by settings from php.ini, and by the settings in filetypes.xml");
define("UPLLAN_35", 'Size');
//define("UPLLAN_36", "Please enter one type per line");
define("UPLLAN_37", "Permission");
define("UPLLAN_38", "Select to allow only certain users to upload");
define("UPLLAN_39", "Submit");
define("UPLLAN_41", "Please note - file uploads are disabled from your php.ini, it will not be possible to upload files until you set it to On.");
define("UPLLAN_42", "Actions");
define("UPLLAN_43", "Uploads");
define("UPLLAN_44", "Upload");
define("UPLLAN_45", "Are you sure you want to delete the following file...");
define("UPLAN_COPYTODLM", "copy to download manager");
define("UPLAN_IS", "is ");
define("UPLAN_ARE", "are ");
define("UPLAN_COPYTODLS", "Copy to Downloads");
define('UPLAN_DELETE', 'Delete');
/*
define("UPLLAN_48", "For security reasons allowed file types has been moved out of the database into a
flatfile located in your admin directory. To use, rename the file e107_admin/filetypes_.php to e107_admin/filetypes.php
and add a comma delimited list of file type extensions to it. You should not allow the upload of .html, .txt, etc., as an attacker may upload a file of this type which includes malicious javascript. You should also, of course, not allow
the upload of .php files or any other type of executable script.");
*/
define('UPLLAN_49', 'File Types');
define('UPLLAN_50', 'Options');
define('UPLLAN_51', 'List Uploads');
define('UPLLAN_52', 'This page helps you create a file for managing file upload permissions. The file is saved as --SOURCE--, and must be copied to --DEST-- before it takes effect.');
define('UPLLAN_53', 'User Class');
define('UPLLAN_54', 'File Extensions');
define('UPLLAN_55', 'Max upload size');
define('UPLLAN_56', 'Generate file');
define('UPLLAN_57', 'Source for values: ');
define('UPLLAN_58', 'Default');
define('UPLLAN_59', 'Settings written to ');
define('UPLLAN_60', 'Now move this file to ');
define('UPLLAN_61', 'Error writing file: ');
define('UPLLAN_62', '');
define('UPLLAN_63', '');
define('UPLLAN_64', '');
define('UPLLAN_65', '');
define('UPLLAN_66', '');
define('UPLLAN_67', '');
define('UPLLAN_68', '');
define('UPLLAN_69', '');
define('UPLLAN_70', '');
?>

12
e107_languages/English/lan_upload.php
View File

@ -4,8 +4,8 @@
| e107 website system - Language File.
|
| $Source: /cvs_backup/e107_0.8/e107_languages/English/lan_upload.php,v $
| $Revision: 1.2 $
| $Date: 2007-11-23 21:52:44 $
| $Revision: 1.3 $
| $Date: 2008-04-22 20:32:50 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
@ -16,6 +16,12 @@ define('LAN_UL_002', 'You do not have the correct permissions to upload files to
define('LAN_UL_020', 'Error');
define('LAN_UL_021', 'Upload Failure');
define('LAN_UL_022', 'May vary by file type');
define('LAN_UL_023', 'Type');
define('LAN_UL_024', 'Max Size');
define('LAN_UL_025', 'Uploads not allowed ');
define('LAN_UL_026', '');
define('LAN_UL_027', '');
define("LAN_61", "Your Name: ");
define("LAN_112", "Email Address: ");
@ -35,7 +41,7 @@ define("LAN_414", "Working demo");
define("LAN_415", "enter URL to site where demo can be viewed");
define("LAN_416", "Submit and Upload");
define("LAN_417", "Upload File");
define("LAN_418", "Maximum file size: ");
define("LAN_418", "Absolute maximum file size: ");
define("DOWLAN_11", "Category");
define("LAN_419", "Allowed filetypes");
define("LAN_420", "fields are required");

44
upload.php
View File

@ -11,9 +11,9 @@
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/upload.php,v $
| $Revision: 1.4 $
| $Date: 2008-01-10 03:14:09 $
| $Author: e107coders $
| $Revision: 1.5 $
| $Date: 2008-04-22 20:32:40 $
| $Author: e107steved $
+----------------------------------------------------------------------------+
*/
require_once("class2.php");
@ -148,10 +148,10 @@ if ($message)
$text = "<div style='text-align:center'>
<form enctype='multipart/form-data' method='post' action='".e_SELF."'>
<table style='".USER_WIDTH."' class='fborder'>
<colspan>
<colgroup>
<col style='width:30%' />
<col style='width:70%' />
</colspan>
</colgroup>
<tr>
<td class='forumheader3'>".DOWLAN_11.":</td>
<td class='forumheader3'>";
@ -170,19 +170,39 @@ $text .= "
$text .= "<b>".LAN_406."</b><br />".LAN_419.":";
if (is_readable(e_ADMIN.'filetypes.php'))
require_once(e_HANDLER.'upload_handler.php');
$a_filetypes = get_filetypes();
if (count($a_filetypes) == 0)
{
$a_filetypes = trim(file_get_contents(e_ADMIN.'filetypes.php'));
$a_filetypes = explode(',', $a_filetypes);
foreach ($a_filetypes as $ftype)
$text .= LAN_UL_025."</td></tr></table>
</form>
</div>";
$ns->tablerender(LAN_417, $text);
require_once(FOOTERF);
}
$max_upload_size = calc_max_upload_size(-1); // Find overriding maximum upload size
$max_upload_size = set_max_size($a_filetypes, $max_upload_size);
if (ADMIN)
{
$upper_limit = calc_max_upload_size();
$allowed_filetypes = "<table><tr><td>".LAN_UL_023."&nbsp;&nbsp;</td><td style='text-align:right'>".LAN_UL_024."</td></tr>";
foreach ($a_filetypes as $type => $size)
{
$sa_filetypes[] = '.'.trim(str_replace('.', '', $ftype));
$allowed_filetypes .= "<tr><td>{$type}</td><td style='text-align:right'>".parsesize($size)."</td></tr>";
}
$allowed_filetypes = implode(' | ', $sa_filetypes);
$allowed_filetypes .= "</table>";
}
else
{
$a_filetypes = array_keys($a_filetypes);
$allowed_filetypes = implode(' | ', $a_filetypes);
}
$text .= " ".$allowed_filetypes."<br />".LAN_407."<br />
".LAN_418.($pref['upload_maxfilesize'] ? $pref['upload_maxfilesize'] : ini_get('upload_max_filesize'))."<br />";
".LAN_418.parsesize($max_upload_size)." (".LAN_UL_022.")<br />";
$text .= "<span style='text-decoration:underline'>".LAN_408."</span> ".LAN_420."</td>
</tr>";