1<?php
2/*
3 * FCKeditor - The text editor for Internet - http://www.fckeditor.net
4 * Copyright (C) 2003-2009 Frederico Caldeira Knabben
5 *
6 * == BEGIN LICENSE ==
7 *
8 * Licensed under the terms of any of the following licenses at your
9 * choice:
10 *
11 *  - GNU General Public License Version 2 or later (the "GPL")
12 *    http://www.gnu.org/licenses/gpl.html
13 *
14 *  - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
15 *    http://www.gnu.org/licenses/lgpl.html
16 *
17 *  - Mozilla Public License Version 1.1 or later (the "MPL")
18 *    http://www.mozilla.org/MPL/MPL-1.1.html
19 *
20 * == END LICENSE ==
21 *
22 * This is the File Manager Connector for PHP.
23 */
24function CombinePaths( $sBasePath, $sFolder )
25{
26	return RemoveFromEnd( $sBasePath, '/' ) . '/' . RemoveFromStart( $sFolder, '/' ) ;
27}
28function GetResourceTypePath( $resourceType, $sCommand )
29{
30	global $Config ;
31
32	if ( $sCommand == "QuickUpload")
33		return $Config['QuickUploadPath'][$resourceType] ;
34	else
35		return $Config['FileTypesPath'][$resourceType] ;
36}
37
38function GetResourceTypeDirectory( $resourceType, $sCommand )
39{
40	global $Config ;
41	if ( $sCommand == "QuickUpload")
42	{
43		if ( strlen( $Config['QuickUploadAbsolutePath'][$resourceType] ) > 0 )
44			return $Config['QuickUploadAbsolutePath'][$resourceType] ;
45
46		// Map the "UserFiles" path to a local directory.
47		return Server_MapPath( $Config['QuickUploadPath'][$resourceType] ) ;
48	}
49	else
50	{
51		if ( strlen( $Config['FileTypesAbsolutePath'][$resourceType] ) > 0 )
52			return $Config['FileTypesAbsolutePath'][$resourceType] ;
53
54		// Map the "UserFiles" path to a local directory.
55		return Server_MapPath( $Config['FileTypesPath'][$resourceType] ) ;
56	}
57}
58
59function GetUrlFromPath( $resourceType, $folderPath, $sCommand )
60{
61	return CombinePaths( GetResourceTypePath( $resourceType, $sCommand ), $folderPath ) ;
62}
63
64function RemoveExtension( $fileName )
65{
66	return substr( $fileName, 0, strrpos( $fileName, '.' ) ) ;
67}
68
69function ServerMapFolder( $resourceType, $folderPath, $sCommand )
70{
71	// Get the resource type directory.
72	$sResourceTypePath = GetResourceTypeDirectory( $resourceType, $sCommand ) ;
73
74	// Ensure that the directory exists.
75	$sErrorMsg = CreateServerFolder( $sResourceTypePath ) ;
76	if ( $sErrorMsg != '' )
77		SendError( 1, "Error creating folder \"{$sResourceTypePath}\" ({$sErrorMsg})" ) ;
78
79	// Return the resource type directory combined with the required path.
80	return CombinePaths( $sResourceTypePath , $folderPath ) ;
81}
82
83function GetParentFolder( $folderPath )
84{
85	$sPattern = "-[/\\\\][^/\\\\]+[/\\\\]?$-" ;
86	return preg_replace( $sPattern, '', $folderPath ) ;
87}
88
89function CreateServerFolder( $folderPath, $lastFolder = null )
90{
91	global $Config ;
92	$sParent = GetParentFolder( $folderPath ) ;
93
94	// Ensure the folder path has no double-slashes, or mkdir may fail on certain platforms
95	while ( strpos($folderPath, '//') !== false )
96	{
97		$folderPath = str_replace( '//', '/', $folderPath ) ;
98                $sParent = str_replace( '//', '/', $sParent ) ;
99	}
100
101	// Check if the parent exists, or create it.
102	if ( !file_exists( $sParent ) )
103	{
104		//prevents agains infinite loop when we can't create root folder
105		if ( !is_null( $lastFolder ) && $lastFolder === $sParent) {
106			return "Can't create $folderPath directory" ;
107		}
108
109		$sErrorMsg = CreateServerFolder( $sParent, $folderPath ) ;
110		if ( $sErrorMsg != '' )
111			return $sErrorMsg ;
112	}
113
114	if ( !file_exists( $folderPath ) )
115	{
116		// Turn off all error reporting.
117		error_reporting( 0 ) ;
118
119		$php_errormsg = '' ;
120		// Enable error tracking to catch the error.
121		ini_set( 'track_errors', '1' ) ;
122
123		if ( isset( $Config['ChmodOnFolderCreate'] ) && !$Config['ChmodOnFolderCreate'] )
124		{
125			mkdir( $folderPath ) ;
126		}
127		else
128		{
129			$permissions = 0777 ;
130			if ( isset( $Config['ChmodOnFolderCreate'] ) )
131			{
132				$permissions = $Config['ChmodOnFolderCreate'] ;
133			}
134			// To create the folder with 0777 permissions, we need to set umask to zero.
135			$oldumask = umask(0) ;
136			mkdir( $folderPath, $permissions ) ;
137			umask( $oldumask ) ;
138		}
139
140		$sErrorMsg = $php_errormsg ;
141
142		// Restore the configurations.
143		ini_restore( 'track_errors' ) ;
144		ini_restore( 'error_reporting' ) ;
145
146		return $sErrorMsg ;
147	}
148	else
149		return '' ;
150}
151
152function GetRootPath()
153{
154	if (!isset($_SERVER)) {
155		global $_SERVER;
156	}
157	$sRealPath = realpath( './' ) ;
158	// #2124 ensure that no slash is at the end
159	$sRealPath = rtrim($sRealPath,"\\/");
160
161	$sSelfPath = $_SERVER['PHP_SELF'] ;
162	$sSelfPath = substr( $sSelfPath, 0, strrpos( $sSelfPath, '/' ) ) ;
163
164	$sSelfPath = str_replace( '/', DIRECTORY_SEPARATOR, $sSelfPath ) ;
165
166	$position = strpos( $sRealPath, $sSelfPath ) ;
167
168	// This can check only that this script isn't run from a virtual dir
169	// But it avoids the problems that arise if it isn't checked
170	if ( $position === false || $position <> strlen( $sRealPath ) - strlen( $sSelfPath ) )
171		SendError( 1, 'Sorry, can\'t map "UserFilesPath" to a physical path. You must set the "UserFilesAbsolutePath" value in "editor/filemanager/connectors/php/config.php".' ) ;
172
173	return substr( $sRealPath, 0, $position ) ;
174}
175
176// Emulate the asp Server.mapPath function.
177// given an url path return the physical directory that it corresponds to
178function Server_MapPath( $path )
179{
180	// This function is available only for Apache
181	if ( function_exists( 'apache_lookup_uri' ) )
182	{
183		$info = apache_lookup_uri( $path ) ;
184		return $info->filename . $info->path_info ;
185	}
186
187	// This isn't correct but for the moment there's no other solution
188	// If this script is under a virtual directory or symlink it will detect the problem and stop
189	return GetRootPath() . $path ;
190}
191
192function IsAllowedExt( $sExtension, $resourceType )
193{
194	global $Config ;
195	// Get the allowed and denied extensions arrays.
196	$arAllowed	= $Config['AllowedExtensions'][$resourceType] ;
197	$arDenied	= $Config['DeniedExtensions'][$resourceType] ;
198
199	if ( count($arAllowed) > 0 && !in_array( $sExtension, $arAllowed ) )
200		return false ;
201
202	if ( count($arDenied) > 0 && in_array( $sExtension, $arDenied ) )
203		return false ;
204
205	return true ;
206}
207
208function IsAllowedType( $resourceType )
209{
210	global $Config ;
211	if ( !in_array( $resourceType, $Config['ConfigAllowedTypes'] ) )
212		return false ;
213
214	return true ;
215}
216
217function IsAllowedCommand( $sCommand )
218{
219	global $Config ;
220
221	if ( !in_array( $sCommand, $Config['ConfigAllowedCommands'] ) )
222		return false ;
223
224	return true ;
225}
226
227function GetCurrentFolder()
228{
229	if (!isset($_GET)) {
230		global $_GET;
231	}
232	$sCurrentFolder	= isset( $_GET['CurrentFolder'] ) ? $_GET['CurrentFolder'] : '/' ;
233
234	// Check the current folder syntax (must begin and start with a slash).
235	if ( !preg_match( '|/$|', $sCurrentFolder ) )
236		$sCurrentFolder .= '/' ;
237	if ( strpos( $sCurrentFolder, '/' ) !== 0 )
238		$sCurrentFolder = '/' . $sCurrentFolder ;
239
240	// Ensure the folder path has no double-slashes
241	while ( strpos ($sCurrentFolder, '//') !== false ) {
242		$sCurrentFolder = str_replace ('//', '/', $sCurrentFolder) ;
243	}
244
245	// Check for invalid folder paths (..)
246	// if ( $sCurrentFolder == '..' ) SendError( 102, '' ) ;
247	if ( preg_match(",(/\.)|(//)|(\\\\)|([\:\*\?\"\<\>\|]),", $sCurrentFolder))
248		SendError( 102, '' ) ;
249
250    return $sCurrentFolder ;
251
252
253
254}
255
256// Do a cleanup of the folder name to avoid possible problems
257function SanitizeFolderName( $sNewFolderName )
258{
259	$sNewFolderName = stripslashes( $sNewFolderName ) ;
260
261	// Remove . \ / | : ? * " < >
262	$sNewFolderName = preg_replace( '/\\.|\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFolderName ) ;
263
264	return $sNewFolderName ;
265}
266
267// Do a cleanup of the file name to avoid possible problems
268function SanitizeFileName( $sNewFileName )
269{
270	global $Config ;
271
272	$sNewFileName = stripslashes( $sNewFileName ) ;
273
274	// Replace dots in the name with underscores (only one dot can be there... security issue).
275	if ( $Config['ForceSingleExtension'] )
276		$sNewFileName = preg_replace( '/\\.(?![^.]*$)/', '_', $sNewFileName ) ;
277
278	// Remove \ / | : ? * " < >
279	$sNewFileName = preg_replace( '/\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFileName ) ;
280
281	return $sNewFileName ;
282}
283
284// This is the function that sends the results of the uploading process.
285function SendUploadResults( $errorNumber, $fileUrl = '', $fileName = '', $customMsg = '' )
286{
287	// Minified version of the document.domain automatic fix script (#1919).
288	// The original script can be found at _dev/domain_fix_template.js
289	echo <<<EOF
290<script type="text/javascript">
291(function(){var d=document.domain;while (true){try{var A=window.parent.document.domain;break;}catch(e) {};d=d.replace(/.*?(?:\.|$)/,'');if (d.length==0) break;try{document.domain=d;}catch (e){break;}}})();
292EOF;
293
294	if ($errorNumber && $errorNumber != 201) {
295		$fileUrl = "";
296		$fileName = "";
297	}
298
299	$rpl = array( '\\' => '\\\\', '"' => '\\"' ) ;
300	echo 'window.parent.OnUploadCompleted(' . $errorNumber . ',"' . strtr( $fileUrl, $rpl ) . '","' . strtr( $fileName, $rpl ) . '", "' . strtr( $customMsg, $rpl ) . '") ;' ;
301	echo '</script>' ;
302	exit ;
303}
304
305?>
306