1<?php 2/* 3 * FCKeditor - The text editor for Internet - http://www.fckeditor.net 4 * Copyright (C) 2003-2007 Frederico Caldeira Knabben 5 * 6 * == BEGIN LICENSE == 7 * 8 * Licensed under the terms of any of the following licenses at your 9 * choice: 10 * 11 * - GNU General Public License Version 2 or later (the "GPL") 12 * http://www.gnu.org/licenses/gpl.html 13 * 14 * - GNU Lesser General Public License Version 2.1 or later (the "LGPL") 15 * http://www.gnu.org/licenses/lgpl.html 16 * 17 * - Mozilla Public License Version 1.1 or later (the "MPL") 18 * http://www.mozilla.org/MPL/MPL-1.1.html 19 * 20 * == END LICENSE == 21 * 22 * This is the "File Uploader" for PHP. 23 */ 24 25require('config.php') ; 26require('util.php') ; 27 28// This is the function that sends the results of the uploading process. 29function SendResults( $errorNumber, $fileUrl = '', $fileName = '', $customMsg = '' ) 30{ 31 echo '<script type="text/javascript">' ; 32 echo 'window.parent.OnUploadCompleted(' . $errorNumber . ',"' . str_replace( '"', '\\"', $fileUrl ) . '","' . str_replace( '"', '\\"', $fileName ) . '", "' . str_replace( '"', '\\"', $customMsg ) . '") ;' ; 33 echo '</script>' ; 34 exit ; 35} 36 37// Check if this uploader has been enabled. 38if ( !$Config['Enabled'] ) 39 SendResults( '1', '', '', 'This file uploader is disabled. Please check the "editor/filemanager/upload/php/config.php" file' ) ; 40 41// Check if the file has been correctly uploaded. 42if ( !isset( $_FILES['NewFile'] ) || is_null( $_FILES['NewFile']['tmp_name'] ) || $_FILES['NewFile']['name'] == '' ) 43 SendResults( '202' ) ; 44 45// Get the posted file. 46$oFile = $_FILES['NewFile'] ; 47 48// Get the uploaded file name extension. 49$sFileName = $oFile['name'] ; 50 51// Replace dots in the name with underscores (only one dot can be there... security issue). 52if ( $Config['ForceSingleExtension'] ) 53 $sFileName = preg_replace( '/\\.(?![^.]*$)/', '_', $sFileName ) ; 54 55$sOriginalFileName = $sFileName ; 56 57// Get the extension. 58$sExtension = substr( $sFileName, ( strrpos($sFileName, '.') + 1 ) ) ; 59$sExtension = strtolower( $sExtension ) ; 60 61// The the file type (from the QueryString, by default 'File'). 62$sType = isset( $_GET['Type'] ) ? $_GET['Type'] : 'File' ; 63 64// Check if it is an allowed type. 65if ( !in_array( $sType, array('File','Image','Flash','Media') ) ) 66 SendResults( 1, '', '', 'Invalid type specified' ) ; 67 68// Get the allowed and denied extensions arrays. 69$arAllowed = $Config['AllowedExtensions'][$sType] ; 70$arDenied = $Config['DeniedExtensions'][$sType] ; 71 72// Check if it is an allowed extension. 73if ( ( count($arAllowed) > 0 && !in_array( $sExtension, $arAllowed ) ) || ( count($arDenied) > 0 && in_array( $sExtension, $arDenied ) ) ) 74 SendResults( '202' ) ; 75 76$sErrorNumber = '0' ; 77$sFileUrl = '' ; 78 79// Initializes the counter used to rename the file, if another one with the same name already exists. 80$iCounter = 0 ; 81 82// Get the target directory. 83if ( isset( $Config['UserFilesAbsolutePath'] ) && strlen( $Config['UserFilesAbsolutePath'] ) > 0 ) 84 $sServerDir = $Config['UserFilesAbsolutePath'] ; 85else 86 $sServerDir = GetRootPath() . $Config["UserFilesPath"] ; 87 88if ( $Config['UseFileType'] ) 89 $sServerDir .= $sType . '/' ; 90 91while ( true ) 92{ 93 // Compose the file path. 94 $sFilePath = $sServerDir . $sFileName ; 95 96 // If a file with that name already exists. 97 if ( is_file( $sFilePath ) ) 98 { 99 $iCounter++ ; 100 $sFileName = RemoveExtension( $sOriginalFileName ) . '(' . $iCounter . ').' . $sExtension ; 101 $sErrorNumber = '201' ; 102 } 103 else 104 { 105 move_uploaded_file( $oFile['tmp_name'], $sFilePath ) ; 106 107 if ( is_file( $sFilePath ) ) 108 { 109 $oldumask = umask(0) ; 110 chmod( $sFilePath, 0777 ) ; 111 umask( $oldumask ) ; 112 } 113 114 if ( $Config['UseFileType'] ) 115 $sFileUrl = $Config["UserFilesPath"] . $sType . '/' . $sFileName ; 116 else 117 $sFileUrl = $Config["UserFilesPath"] . $sFileName ; 118 119 break ; 120 } 121} 122 123SendResults( $sErrorNumber, $sFileUrl, $sFileName ) ; 124?>