| author | Dan |
| Mon, 16 Feb 2009 16:17:25 -0500 | |
| changeset 832 | 7152ca0a0ce9 |
| parent 801 | eb8b23f11744 |
| child 898 | c75754f5b1da |
| permissions | -rw-r--r-- |
| 0 | 1 |
<?php |
|
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
2 |
/**!info** |
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
3 |
{
|
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
4 |
"Plugin Name" : "plugin_specialupdownload_title", |
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
5 |
"Plugin URI" : "http://enanocms.org/", |
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
6 |
"Description" : "plugin_specialupdownload_desc", |
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
7 |
"Author" : "Dan Fuhry", |
|
685
17ebe24cdf85
Rebranded as 1.1.5 (Caoineag alpha 5) and fixed a couple bugs related to CDN support in template_nodb and installerUI. Updated readme.
Dan
parents:
609
diff
changeset
|
8 |
"Version" : "1.1.5", |
|
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
9 |
"Author URI" : "http://enanocms.org/" |
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
10 |
} |
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
11 |
**!*/ |
| 0 | 12 |
|
13 |
/* |
|
14 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
721
diff
changeset
|
15 |
* Version 1.1.6 (Caoineag beta 1) |
| 536 | 16 |
* Copyright (C) 2006-2008 Dan Fuhry |
| 0 | 17 |
* SpecialUpdownload.php - handles uploading and downloading of user-uploaded files - possibly the most rigorously security-enforcing script in all of Enano, although sessions.php comes in a close second |
18 |
* |
|
19 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
20 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
21 |
* |
|
22 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
23 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
24 |
*/ |
|
25 |
||
26 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
27 |
||
|
593
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
parents:
590
diff
changeset
|
28 |
// $plugins->attachHook('session_started', 'SpecialUpDownload_paths_init();');
|
|
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
29 |
|
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
30 |
function SpecialUpDownload_paths_init() |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
31 |
{
|
| 0 | 32 |
global $paths; |
|
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
33 |
$paths->add_page(Array( |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
34 |
'name'=>'specialpage_upload_file', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
35 |
'urlname'=>'UploadFile', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
36 |
'namespace'=>'Special', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
37 |
'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
38 |
)); |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
39 |
|
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
40 |
$paths->add_page(Array( |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
41 |
'name'=>'specialpage_download_file', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
42 |
'urlname'=>'DownloadFile', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
43 |
'namespace'=>'Special', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
44 |
'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'', |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
45 |
)); |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
46 |
} |
| 0 | 47 |
|
48 |
function page_Special_UploadFile() |
|
49 |
{
|
|
50 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
| 366 | 51 |
global $lang; |
|
609
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
parents:
593
diff
changeset
|
52 |
global $cache; |
| 0 | 53 |
global $mime_types; |
| 366 | 54 |
if(getConfig('enable_uploads')!='1') { die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('upload_err_disabled_site') . '</p>'); }
|
| 0 | 55 |
if ( !$session->get_permissions('upload_files') )
|
56 |
{
|
|
| 366 | 57 |
die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('upload_err_disabled_acl') . '</p>');
|
| 0 | 58 |
} |
59 |
if(isset($_POST['doit'])) |
|
60 |
{
|
|
61 |
if(isset($_FILES['data'])) |
|
62 |
{
|
|
63 |
$file =& $_FILES['data']; |
|
64 |
} |
|
65 |
else |
|
66 |
{
|
|
67 |
$file = false; |
|
68 |
} |
|
|
192
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
parents:
116
diff
changeset
|
69 |
if ( !is_array($file) ) |
|
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
parents:
116
diff
changeset
|
70 |
{
|
| 366 | 71 |
die_friendly($lang->get('upload_err_title'), '<p>' . $lang->get('upload_err_cant_get_file_meta') . '</p>');
|
|
192
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
parents:
116
diff
changeset
|
72 |
} |
|
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
73 |
if ( $file['size'] == 0 || $file['size'] > (int)getConfig('max_file_size', '256000') )
|
|
192
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
parents:
116
diff
changeset
|
74 |
{
|
| 366 | 75 |
die_friendly($lang->get('upload_err_title'), '<p>' . $lang->get('upload_err_too_big_or_small') . '</p>');
|
|
192
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
parents:
116
diff
changeset
|
76 |
} |
| 366 | 77 |
|
| 0 | 78 |
$types = fetch_allowed_extensions(); |
| 445 | 79 |
$ext = strtolower(substr($file['name'], strrpos($file['name'], '.')+1, strlen($file['name']))); |
|
192
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
parents:
116
diff
changeset
|
80 |
if ( !isset($types[$ext]) || ( isset($types[$ext]) && !$types[$ext] ) ) |
| 0 | 81 |
{
|
| 366 | 82 |
die_friendly($lang->get('upload_err_title'), '<p>' . $lang->get('upload_err_banned_ext', array('ext' => htmlspecialchars($ext))) . '</p>');
|
| 0 | 83 |
} |
84 |
$type = $mime_types[$ext]; |
|
85 |
//$type = explode(';', $type); $type = $type[0];
|
|
86 |
//if(!in_array($type, $allowed_mime_types)) die_friendly('Upload failed', '<p>The file type "'.$type.'" is not allowed.</p>');
|
|
87 |
if($_POST['rename'] != '') |
|
88 |
{
|
|
89 |
$filename = $_POST['rename']; |
|
90 |
} |
|
91 |
else |
|
92 |
{
|
|
93 |
$filename = $file['name']; |
|
94 |
} |
|
95 |
$bad_chars = Array(':', '\\', '/', '<', '>', '|', '*', '?', '"', '#', '+');
|
|
96 |
foreach($bad_chars as $ch) |
|
97 |
{
|
|
| 366 | 98 |
if(strstr($filename, $ch) || preg_match('/^([ ]+)$/is', $filename))
|
99 |
{
|
|
100 |
die_friendly($lang->get('upload_err_title'), '<p>' . $lang->get('upload_err_banned_chars') . '</p>');
|
|
101 |
} |
|
| 0 | 102 |
} |
103 |
||
104 |
if ( isset ( $paths->pages[ $paths->nslist['File'] . $filename ] ) && !isset ( $_POST['update'] ) ) |
|
105 |
{
|
|
| 366 | 106 |
$upload_link = makeUrlNS('Special', 'UploadFile/'.$filename);
|
107 |
die_friendly($lang->get('upload_err_title'), '<p>' . $lang->get('upload_err_already_exists', array('upload_link' => $upload_link)) . '</p>');
|
|
| 0 | 108 |
} |
109 |
else if ( isset($_POST['update']) && |
|
110 |
( !isset($paths->pages[$paths->nslist['File'].$filename]) || |
|
111 |
(isset($paths->pages[$paths->nslist['File'].$filename]) && |
|
112 |
$paths->pages[$paths->nslist['File'].$filename]['protected'] == 1 ) |
|
113 |
) |
|
114 |
) |
|
115 |
{
|
|
| 366 | 116 |
die_friendly($lang->get('upload_err_title'), '<p>' . $lang->get('upload_err_replace_protected') . '</p>');
|
| 0 | 117 |
} |
118 |
||
119 |
$utime = time(); |
|
120 |
||
|
721
bfde4d7402b1
Fixed filename not being sent through sanitize_page_id() during upload. Non-security.
Dan
parents:
685
diff
changeset
|
121 |
$filename = $db->escape(sanitize_page_id($filename)); |
| 0 | 122 |
$ext = substr($filename, strrpos($filename, '.'), strlen($filename)); |
123 |
$flen = filesize($file['tmp_name']); |
|
124 |
||
|
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
125 |
$comments = ( isset($_POST['update']) ) ? $db->escape($_POST['comments']) : $db->escape(RenderMan::preprocess_text($_POST['comments'], false, false)); |
| 0 | 126 |
$chartag = sha1(microtime()); |
127 |
$urln = str_replace(' ', '_', $filename);
|
|
128 |
||
|
481
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
129 |
$key = md5($filename . '_' . ( function_exists('md5_file') ? md5_file($file['tmp_name']) : file_get_contents($file['tmp_name'])));
|
|
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
130 |
$targetname = ENANO_ROOT . '/files/' . $key . $ext; |
| 0 | 131 |
|
132 |
if(!@move_uploaded_file($file['tmp_name'], $targetname)) |
|
133 |
{
|
|
| 366 | 134 |
die_friendly($lang->get('upload_err_title'), '<p>' . $lang->get('upload_err_move_failed') . '</p>');
|
| 0 | 135 |
} |
136 |
||
137 |
if(getConfig('file_history') != '1')
|
|
138 |
{
|
|
139 |
if(!$db->sql_query('DELETE FROM '.table_prefix.'files WHERE filename=\''.$filename.'\' LIMIT 1;')) $db->_die('The old file data could not be deleted.');
|
|
140 |
} |
|
141 |
if(!$db->sql_query('INSERT INTO '.table_prefix.'files(time_id,page_id,filename,size,mimetype,file_extension,file_key) VALUES('.$utime.', \''.$urln.'\', \''.$filename.'\', '.$flen.', \''.$type.'\', \''.$ext.'\', \''.$key.'\')')) $db->_die('The file data entry could not be inserted.');
|
|
142 |
if(!isset($_POST['update'])) |
|
143 |
{
|
|
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
144 |
if(!$db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.$utime.', \''.enano_date('d M Y h:i a').'\', \'page\', \'create\', \''.$session->username.'\', \''.$filename.'\', \''.'File'.'\');')) $db->_die('The page log could not be updated.');
|
| 0 | 145 |
if(!$db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,protected,delvotes,delvote_ips) VALUES(\''.$filename.'\', \''.$urln.'\', \'File\', 0, 0, \'\')')) $db->_die('The page listing entry could not be inserted.');
|
146 |
if(!$db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\''.$urln.'\', \'File\', \''.$comments.'\', \''.$chartag.'\')')) $db->_die('The page text entry could not be inserted.');
|
|
147 |
} |
|
148 |
else |
|
149 |
{
|
|
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
150 |
if(!$db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.$utime.', \''.enano_date('d M Y h:i a').'\', \'page\', \'reupload\', \''.$session->username.'\', \''.$filename.'\', \''.'File'.'\', \''.$comments.'\');')) $db->_die('The page log could not be updated.');
|
| 0 | 151 |
} |
|
609
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
parents:
593
diff
changeset
|
152 |
$cache->purge('page_meta');
|
| 366 | 153 |
die_friendly($lang->get('upload_success_title'), '<p>' . $lang->get('upload_success_body', array('file_link' => makeUrlNS('File', $filename))) . '</p>');
|
| 0 | 154 |
} |
155 |
else |
|
156 |
{
|
|
157 |
$template->header(); |
|
158 |
$fn = $paths->getParam(0); |
|
159 |
if ( $fn && !$session->get_permissions('upload_new_version') )
|
|
160 |
{
|
|
| 366 | 161 |
die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('upload_err_replace_denied') . '<p>');
|
| 0 | 162 |
} |
163 |
?> |
|
| 366 | 164 |
<p><?php echo $lang->get('upload_intro'); ?></p>
|
165 |
<p><?php |
|
| 0 | 166 |
// Get the max file size, and format it in a way that is user-friendly |
| 366 | 167 |
|
|
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
168 |
$fs = getConfig('max_file_size', '256000');
|
| 0 | 169 |
$fs = (int)$fs; |
170 |
if($fs >= 1048576) |
|
171 |
{
|
|
172 |
$fs = round($fs / 1048576, 1); |
|
| 366 | 173 |
$unitized = $fs . ' ' . $lang->get('etc_unit_megabytes_short');
|
| 0 | 174 |
} |
175 |
elseif($fs >= 1024) |
|
176 |
{
|
|
177 |
$fs = round($fs / 1024, 1); |
|
| 366 | 178 |
$unitized = $fs . ' ' . $lang->get('etc_unit_kilobytes_short');
|
| 0 | 179 |
} |
| 366 | 180 |
|
181 |
echo $lang->get('upload_max_filesize', array(
|
|
182 |
'size' => $unitized |
|
183 |
)); |
|
184 |
?></p> |
|
| 0 | 185 |
<form action="<?php echo makeUrl($paths->page); ?>" method="post" enctype="multipart/form-data"> |
186 |
<table border="0" cellspacing="1" cellpadding="4"> |
|
| 366 | 187 |
<tr><td><?php echo $lang->get('upload_field_file'); ?></td><td><input name="data" type="file" size="40" /></td></tr>
|
188 |
<tr><td><?php echo $lang->get('upload_field_renameto'); ?></td><td><input name="rename" type="text" size="40"<?php if($fn) echo ' value="'.$fn.'" readonly="readonly"'; ?> /></td></tr>
|
|
| 0 | 189 |
<?php |
| 366 | 190 |
if(!$fn) echo '<tr><td>' . $lang->get('upload_field_comments') . '</td><td><textarea name="comments" rows="20" cols="60"></textarea></td></tr>';
|
191 |
else echo '<tr><td>' . $lang->get('upload_field_reason') . '</td><td><input name="comments" size="50" /></td></tr>';
|
|
| 0 | 192 |
?> |
193 |
<tr><td colspan="2" style="text-align: center"> |
|
194 |
<?php |
|
195 |
if($fn) |
|
196 |
echo '<input type="hidden" name="update" value="true" />'; |
|
197 |
?> |
|
| 366 | 198 |
<input type="submit" name="doit" value="<?php echo $lang->get('upload_btn_upload'); ?>" />
|
| 0 | 199 |
</td></tr> |
200 |
</table> |
|
201 |
</form> |
|
202 |
<?php |
|
203 |
$template->footer(); |
|
204 |
} |
|
| 242 | 205 |
} |
| 0 | 206 |
|
207 |
function page_Special_DownloadFile() |
|
208 |
{
|
|
209 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
| 366 | 210 |
global $lang; |
| 0 | 211 |
global $do_gzip; |
212 |
$filename = rawurldecode($paths->getParam(0)); |
|
213 |
$timeid = $paths->getParam(1); |
|
|
292
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
214 |
if ( $timeid && preg_match('#^([0-9]+)$#', (string)$timeid) )
|
|
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
215 |
{
|
|
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
216 |
$tid = ' AND time_id='.$timeid; |
|
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
217 |
} |
|
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
218 |
else |
|
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
219 |
{
|
|
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
220 |
$tid = ''; |
|
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
221 |
} |
|
721
bfde4d7402b1
Fixed filename not being sent through sanitize_page_id() during upload. Non-security.
Dan
parents:
685
diff
changeset
|
222 |
$filename = $db->escape(sanitize_page_id($filename)); |
|
bfde4d7402b1
Fixed filename not being sent through sanitize_page_id() during upload. Non-security.
Dan
parents:
685
diff
changeset
|
223 |
|
| 0 | 224 |
$q = $db->sql_query('SELECT page_id,size,mimetype,time_id,file_extension,file_key FROM '.table_prefix.'files WHERE filename=\''.$filename.'\''.$tid.' ORDER BY time_id DESC;');
|
|
292
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
225 |
if ( !$q ) |
|
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
226 |
{
|
|
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
227 |
$db->_die('The file data could not be selected.');
|
|
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
228 |
} |
|
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
229 |
if ( $db->numrows() < 1 ) |
|
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
230 |
{
|
|
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
231 |
header('HTTP/1.1 404 Not Found');
|
| 366 | 232 |
die_friendly($lang->get('upload_err_not_found_title'), '<p>' . $lang->get('upload_err_not_found_body', array('filename' => htmlspecialchars($filename))) . '</p>');
|
|
292
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
233 |
} |
| 0 | 234 |
$row = $db->fetchrow(); |
235 |
$db->free_result(); |
|
236 |
||
237 |
// Check permissions |
|
238 |
$perms = $session->fetch_page_acl($row['page_id'], 'File'); |
|
239 |
if ( !$perms->get_permissions('read') )
|
|
240 |
{
|
|
| 366 | 241 |
die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>');
|
| 0 | 242 |
} |
243 |
||
|
481
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
244 |
$fname = ENANO_ROOT . '/files/' . $row['file_key'] . $row['file_extension']; |
|
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
245 |
if ( !file_exists($fname) ) |
|
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
246 |
{
|
|
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
247 |
$fname = ENANO_ROOT . '/files/' . $row['file_key'] . '_' . $row['time_id'] . $row['file_extension']; |
|
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
248 |
} |
|
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
249 |
if ( !file_exists($fname) ) |
|
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
250 |
{
|
|
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
251 |
die("Uploaded file $fname not found.");
|
|
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
252 |
} |
|
230
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
253 |
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
254 |
if ( isset($_GET['preview']) && substr($row['mimetype'], 0, 6) == 'image/' ) |
| 0 | 255 |
{
|
|
230
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
256 |
// Determine appropriate width and height |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
257 |
$width = ( isset($_GET['width']) ) ? intval($_GET['width'] ) : 320; |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
258 |
$height = ( isset($_GET['height']) ) ? intval($_GET['height']) : 320; |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
259 |
$cache_filename = ENANO_ROOT . "/cache/{$filename}-{$row['time_id']}-{$width}x{$height}{$row['file_extension']}";
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
260 |
if ( file_exists($cache_filename) ) |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
261 |
{
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
262 |
$fname = $cache_filename; |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
263 |
} |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
264 |
else |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
265 |
{
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
266 |
$allow_scale = false; |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
267 |
$orig_fname = $fname; |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
268 |
// is caching enabled? |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
269 |
if ( getConfig('cache_thumbs') == '1' )
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
270 |
{
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
271 |
$fname = $cache_filename; |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
272 |
if ( is_writeable(dirname($fname)) ) |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
273 |
{
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
274 |
$allow_scale = true; |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
275 |
} |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
276 |
} |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
277 |
else |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
278 |
{
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
279 |
// Get a temporary file |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
280 |
// In this case, the file will not be cached and will be scaled each time it's requested |
|
481
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
281 |
$temp_dir = sys_get_temp_dir(); |
|
230
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
282 |
// if tempnam() cannot use the specified directory name, it will fall back on the system default |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
283 |
$tempname = tempnam($temp_dir, $filename); |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
284 |
if ( $tempname && is_writeable($tempname) ) |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
285 |
{
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
286 |
$allow_scale = true; |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
287 |
} |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
288 |
} |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
289 |
if ( $allow_scale ) |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
290 |
{
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
291 |
$result = scale_image($orig_fname, $fname, $width, $height); |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
292 |
if ( !$result ) |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
293 |
$fname = $orig_fname; |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
294 |
} |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
295 |
else |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
296 |
{
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
297 |
$fname = $orig_fname; |
| 0 | 298 |
} |
299 |
} |
|
300 |
} |
|
|
230
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
301 |
$handle = @fopen($fname, 'r'); |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
302 |
if ( !$handle ) |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
303 |
die('Can\'t open output file for reading');
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
304 |
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
305 |
$len = filesize($fname); |
| 0 | 306 |
header('Content-type: '.$row['mimetype']);
|
|
230
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
307 |
if ( isset($_GET['download']) ) |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
308 |
{
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
309 |
header('Content-disposition: attachment, filename="' . $filename . '";');
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
310 |
} |
| 0 | 311 |
header('Content-length: '.$len);
|
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
312 |
header('Last-Modified: '.enano_date('r', $row['time_id']));
|
|
230
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
313 |
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
314 |
// using this method limits RAM consumption |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
315 |
while ( !feof($handle) ) |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
316 |
{
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
317 |
echo fread($handle, 512000); |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
318 |
} |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
319 |
fclose($handle); |
| 0 | 320 |
|
|
80
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
23
diff
changeset
|
321 |
gzip_output(); |
| 0 | 322 |
|
323 |
exit; |
|
324 |
||
325 |
} |
|
326 |
||
327 |
?> |