| author | Dan |
| Sun, 10 May 2009 14:44:37 -0400 | |
| changeset 960 | e74741b8360b |
| parent 953 | 323c4cd1aa37 |
| child 1059 | f5d2bca33bb8 |
| permissions | -rw-r--r-- |
| 0 | 1 |
<?php |
|
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
2 |
/**!info** |
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
3 |
{
|
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
4 |
"Plugin Name" : "plugin_specialupdownload_title", |
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
5 |
"Plugin URI" : "http://enanocms.org/", |
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
6 |
"Description" : "plugin_specialupdownload_desc", |
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
7 |
"Author" : "Dan Fuhry", |
|
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
8 |
"Version" : "1.1.6", |
|
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
9 |
"Author URI" : "http://enanocms.org/" |
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
10 |
} |
|
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
11 |
**!*/ |
| 0 | 12 |
|
13 |
/* |
|
14 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
721
diff
changeset
|
15 |
* Version 1.1.6 (Caoineag beta 1) |
| 536 | 16 |
* Copyright (C) 2006-2008 Dan Fuhry |
| 0 | 17 |
* SpecialUpdownload.php - handles uploading and downloading of user-uploaded files - possibly the most rigorously security-enforcing script in all of Enano, although sessions.php comes in a close second |
18 |
* |
|
19 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
20 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
21 |
* |
|
22 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
23 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
24 |
*/ |
|
25 |
||
26 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
27 |
||
|
593
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
parents:
590
diff
changeset
|
28 |
// $plugins->attachHook('session_started', 'SpecialUpDownload_paths_init();');
|
|
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
29 |
|
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
30 |
function SpecialUpDownload_paths_init() |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
31 |
{
|
|
960
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
32 |
register_special_page('UploadFile', 'specialpage_upload_file');
|
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
33 |
register_special_page('DownloadFile', 'specialpage_download_file');
|
|
e74741b8360b
Added register_special_page() function, to make it much easier to create special pages. Also, rewrote Special:Memberlist to use more efficient fetch method and not use an unbuffered whole-table query.
Dan
parents:
953
diff
changeset
|
34 |
} |
|
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
35 |
|
| 0 | 36 |
function page_Special_UploadFile() |
37 |
{
|
|
38 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
| 366 | 39 |
global $lang; |
|
609
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
parents:
593
diff
changeset
|
40 |
global $cache; |
| 0 | 41 |
global $mime_types; |
| 366 | 42 |
if(getConfig('enable_uploads')!='1') { die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('upload_err_disabled_site') . '</p>'); }
|
| 0 | 43 |
if ( !$session->get_permissions('upload_files') )
|
44 |
{
|
|
| 366 | 45 |
die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('upload_err_disabled_acl') . '</p>');
|
| 0 | 46 |
} |
47 |
if(isset($_POST['doit'])) |
|
48 |
{
|
|
49 |
if(isset($_FILES['data'])) |
|
50 |
{
|
|
51 |
$file =& $_FILES['data']; |
|
52 |
} |
|
53 |
else |
|
54 |
{
|
|
55 |
$file = false; |
|
56 |
} |
|
|
192
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
parents:
116
diff
changeset
|
57 |
if ( !is_array($file) ) |
|
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
parents:
116
diff
changeset
|
58 |
{
|
| 366 | 59 |
die_friendly($lang->get('upload_err_title'), '<p>' . $lang->get('upload_err_cant_get_file_meta') . '</p>');
|
|
192
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
parents:
116
diff
changeset
|
60 |
} |
|
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
61 |
if ( $file['size'] == 0 || $file['size'] > (int)getConfig('max_file_size', '256000') )
|
|
192
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
parents:
116
diff
changeset
|
62 |
{
|
| 366 | 63 |
die_friendly($lang->get('upload_err_title'), '<p>' . $lang->get('upload_err_too_big_or_small') . '</p>');
|
|
192
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
parents:
116
diff
changeset
|
64 |
} |
| 366 | 65 |
|
| 0 | 66 |
$types = fetch_allowed_extensions(); |
| 445 | 67 |
$ext = strtolower(substr($file['name'], strrpos($file['name'], '.')+1, strlen($file['name']))); |
|
192
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
parents:
116
diff
changeset
|
68 |
if ( !isset($types[$ext]) || ( isset($types[$ext]) && !$types[$ext] ) ) |
| 0 | 69 |
{
|
| 366 | 70 |
die_friendly($lang->get('upload_err_title'), '<p>' . $lang->get('upload_err_banned_ext', array('ext' => htmlspecialchars($ext))) . '</p>');
|
| 0 | 71 |
} |
72 |
$type = $mime_types[$ext]; |
|
73 |
//$type = explode(';', $type); $type = $type[0];
|
|
74 |
//if(!in_array($type, $allowed_mime_types)) die_friendly('Upload failed', '<p>The file type "'.$type.'" is not allowed.</p>');
|
|
75 |
if($_POST['rename'] != '') |
|
76 |
{
|
|
77 |
$filename = $_POST['rename']; |
|
78 |
} |
|
79 |
else |
|
80 |
{
|
|
81 |
$filename = $file['name']; |
|
82 |
} |
|
83 |
$bad_chars = Array(':', '\\', '/', '<', '>', '|', '*', '?', '"', '#', '+');
|
|
84 |
foreach($bad_chars as $ch) |
|
85 |
{
|
|
| 366 | 86 |
if(strstr($filename, $ch) || preg_match('/^([ ]+)$/is', $filename))
|
87 |
{
|
|
88 |
die_friendly($lang->get('upload_err_title'), '<p>' . $lang->get('upload_err_banned_chars') . '</p>');
|
|
89 |
} |
|
| 0 | 90 |
} |
91 |
||
|
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents:
898
diff
changeset
|
92 |
$ns = namespace_factory($filename, 'File'); |
|
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents:
898
diff
changeset
|
93 |
$cdata = $ns->get_cdata(); |
|
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents:
898
diff
changeset
|
94 |
$is_protected = $cdata['really_protected']; |
|
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents:
898
diff
changeset
|
95 |
|
|
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents:
898
diff
changeset
|
96 |
if ( isPage($paths->get_pathskey($filename, 'File')) && !isset ( $_POST['update'] ) ) |
| 0 | 97 |
{
|
| 366 | 98 |
$upload_link = makeUrlNS('Special', 'UploadFile/'.$filename);
|
99 |
die_friendly($lang->get('upload_err_title'), '<p>' . $lang->get('upload_err_already_exists', array('upload_link' => $upload_link)) . '</p>');
|
|
| 0 | 100 |
} |
|
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents:
898
diff
changeset
|
101 |
else if ( isset($_POST['update']) && $is_protected ) |
| 0 | 102 |
{
|
| 366 | 103 |
die_friendly($lang->get('upload_err_title'), '<p>' . $lang->get('upload_err_replace_protected') . '</p>');
|
| 0 | 104 |
} |
105 |
||
106 |
$utime = time(); |
|
107 |
||
|
721
bfde4d7402b1
Fixed filename not being sent through sanitize_page_id() during upload. Non-security.
Dan
parents:
685
diff
changeset
|
108 |
$filename = $db->escape(sanitize_page_id($filename)); |
| 0 | 109 |
$ext = substr($filename, strrpos($filename, '.'), strlen($filename)); |
110 |
$flen = filesize($file['tmp_name']); |
|
111 |
||
|
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
112 |
$comments = ( isset($_POST['update']) ) ? $db->escape($_POST['comments']) : $db->escape(RenderMan::preprocess_text($_POST['comments'], false, false)); |
| 0 | 113 |
$chartag = sha1(microtime()); |
114 |
$urln = str_replace(' ', '_', $filename);
|
|
115 |
||
|
481
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
116 |
$key = md5($filename . '_' . ( function_exists('md5_file') ? md5_file($file['tmp_name']) : file_get_contents($file['tmp_name'])));
|
|
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
117 |
$targetname = ENANO_ROOT . '/files/' . $key . $ext; |
| 0 | 118 |
|
119 |
if(!@move_uploaded_file($file['tmp_name'], $targetname)) |
|
120 |
{
|
|
| 366 | 121 |
die_friendly($lang->get('upload_err_title'), '<p>' . $lang->get('upload_err_move_failed') . '</p>');
|
| 0 | 122 |
} |
123 |
||
124 |
if(getConfig('file_history') != '1')
|
|
125 |
{
|
|
126 |
if(!$db->sql_query('DELETE FROM '.table_prefix.'files WHERE filename=\''.$filename.'\' LIMIT 1;')) $db->_die('The old file data could not be deleted.');
|
|
127 |
} |
|
128 |
if(!$db->sql_query('INSERT INTO '.table_prefix.'files(time_id,page_id,filename,size,mimetype,file_extension,file_key) VALUES('.$utime.', \''.$urln.'\', \''.$filename.'\', '.$flen.', \''.$type.'\', \''.$ext.'\', \''.$key.'\')')) $db->_die('The file data entry could not be inserted.');
|
|
129 |
if(!isset($_POST['update'])) |
|
130 |
{
|
|
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
131 |
if(!$db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.$utime.', \''.enano_date('d M Y h:i a').'\', \'page\', \'create\', \''.$session->username.'\', \''.$filename.'\', \''.'File'.'\');')) $db->_die('The page log could not be updated.');
|
| 0 | 132 |
if(!$db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,protected,delvotes,delvote_ips) VALUES(\''.$filename.'\', \''.$urln.'\', \'File\', 0, 0, \'\')')) $db->_die('The page listing entry could not be inserted.');
|
133 |
if(!$db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\''.$urln.'\', \'File\', \''.$comments.'\', \''.$chartag.'\')')) $db->_die('The page text entry could not be inserted.');
|
|
134 |
} |
|
135 |
else |
|
136 |
{
|
|
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
137 |
if(!$db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.$utime.', \''.enano_date('d M Y h:i a').'\', \'page\', \'reupload\', \''.$session->username.'\', \''.$filename.'\', \''.'File'.'\', \''.$comments.'\');')) $db->_die('The page log could not be updated.');
|
| 0 | 138 |
} |
|
609
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
parents:
593
diff
changeset
|
139 |
$cache->purge('page_meta');
|
| 366 | 140 |
die_friendly($lang->get('upload_success_title'), '<p>' . $lang->get('upload_success_body', array('file_link' => makeUrlNS('File', $filename))) . '</p>');
|
| 0 | 141 |
} |
142 |
else |
|
143 |
{
|
|
144 |
$template->header(); |
|
145 |
$fn = $paths->getParam(0); |
|
146 |
if ( $fn && !$session->get_permissions('upload_new_version') )
|
|
147 |
{
|
|
| 366 | 148 |
die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('upload_err_replace_denied') . '<p>');
|
| 0 | 149 |
} |
150 |
?> |
|
| 366 | 151 |
<p><?php echo $lang->get('upload_intro'); ?></p>
|
152 |
<p><?php |
|
| 0 | 153 |
// Get the max file size, and format it in a way that is user-friendly |
| 366 | 154 |
|
|
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
155 |
$fs = getConfig('max_file_size', '256000');
|
| 0 | 156 |
$fs = (int)$fs; |
157 |
if($fs >= 1048576) |
|
158 |
{
|
|
159 |
$fs = round($fs / 1048576, 1); |
|
| 366 | 160 |
$unitized = $fs . ' ' . $lang->get('etc_unit_megabytes_short');
|
| 0 | 161 |
} |
162 |
elseif($fs >= 1024) |
|
163 |
{
|
|
164 |
$fs = round($fs / 1024, 1); |
|
| 366 | 165 |
$unitized = $fs . ' ' . $lang->get('etc_unit_kilobytes_short');
|
| 0 | 166 |
} |
| 366 | 167 |
|
168 |
echo $lang->get('upload_max_filesize', array(
|
|
169 |
'size' => $unitized |
|
170 |
)); |
|
171 |
?></p> |
|
| 0 | 172 |
<form action="<?php echo makeUrl($paths->page); ?>" method="post" enctype="multipart/form-data"> |
173 |
<table border="0" cellspacing="1" cellpadding="4"> |
|
| 366 | 174 |
<tr><td><?php echo $lang->get('upload_field_file'); ?></td><td><input name="data" type="file" size="40" /></td></tr>
|
175 |
<tr><td><?php echo $lang->get('upload_field_renameto'); ?></td><td><input name="rename" type="text" size="40"<?php if($fn) echo ' value="'.$fn.'" readonly="readonly"'; ?> /></td></tr>
|
|
| 0 | 176 |
<?php |
| 366 | 177 |
if(!$fn) echo '<tr><td>' . $lang->get('upload_field_comments') . '</td><td><textarea name="comments" rows="20" cols="60"></textarea></td></tr>';
|
178 |
else echo '<tr><td>' . $lang->get('upload_field_reason') . '</td><td><input name="comments" size="50" /></td></tr>';
|
|
| 0 | 179 |
?> |
180 |
<tr><td colspan="2" style="text-align: center"> |
|
181 |
<?php |
|
182 |
if($fn) |
|
183 |
echo '<input type="hidden" name="update" value="true" />'; |
|
184 |
?> |
|
| 366 | 185 |
<input type="submit" name="doit" value="<?php echo $lang->get('upload_btn_upload'); ?>" />
|
| 0 | 186 |
</td></tr> |
187 |
</table> |
|
188 |
</form> |
|
189 |
<?php |
|
190 |
$template->footer(); |
|
191 |
} |
|
| 242 | 192 |
} |
| 0 | 193 |
|
194 |
function page_Special_DownloadFile() |
|
195 |
{
|
|
196 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
| 366 | 197 |
global $lang; |
| 0 | 198 |
global $do_gzip; |
199 |
$filename = rawurldecode($paths->getParam(0)); |
|
200 |
$timeid = $paths->getParam(1); |
|
|
292
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
201 |
if ( $timeid && preg_match('#^([0-9]+)$#', (string)$timeid) )
|
|
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
202 |
{
|
|
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
203 |
$tid = ' AND time_id='.$timeid; |
|
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
204 |
} |
|
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
205 |
else |
|
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
206 |
{
|
|
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
207 |
$tid = ''; |
|
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
208 |
} |
|
721
bfde4d7402b1
Fixed filename not being sent through sanitize_page_id() during upload. Non-security.
Dan
parents:
685
diff
changeset
|
209 |
$filename = $db->escape(sanitize_page_id($filename)); |
|
bfde4d7402b1
Fixed filename not being sent through sanitize_page_id() during upload. Non-security.
Dan
parents:
685
diff
changeset
|
210 |
|
| 0 | 211 |
$q = $db->sql_query('SELECT page_id,size,mimetype,time_id,file_extension,file_key FROM '.table_prefix.'files WHERE filename=\''.$filename.'\''.$tid.' ORDER BY time_id DESC;');
|
|
292
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
212 |
if ( !$q ) |
|
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
213 |
{
|
|
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
214 |
$db->_die('The file data could not be selected.');
|
|
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
215 |
} |
|
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
216 |
if ( $db->numrows() < 1 ) |
|
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
217 |
{
|
|
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
218 |
header('HTTP/1.1 404 Not Found');
|
| 366 | 219 |
die_friendly($lang->get('upload_err_not_found_title'), '<p>' . $lang->get('upload_err_not_found_body', array('filename' => htmlspecialchars($filename))) . '</p>');
|
|
292
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
220 |
} |
| 0 | 221 |
$row = $db->fetchrow(); |
222 |
$db->free_result(); |
|
223 |
||
224 |
// Check permissions |
|
225 |
$perms = $session->fetch_page_acl($row['page_id'], 'File'); |
|
226 |
if ( !$perms->get_permissions('read') )
|
|
227 |
{
|
|
| 366 | 228 |
die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>');
|
| 0 | 229 |
} |
230 |
||
|
481
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
231 |
$fname = ENANO_ROOT . '/files/' . $row['file_key'] . $row['file_extension']; |
|
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
232 |
if ( !file_exists($fname) ) |
|
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
233 |
{
|
|
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
234 |
$fname = ENANO_ROOT . '/files/' . $row['file_key'] . '_' . $row['time_id'] . $row['file_extension']; |
|
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
235 |
} |
|
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
236 |
if ( !file_exists($fname) ) |
|
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
237 |
{
|
|
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
238 |
die("Uploaded file $fname not found.");
|
|
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
239 |
} |
|
230
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
240 |
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
241 |
if ( isset($_GET['preview']) && substr($row['mimetype'], 0, 6) == 'image/' ) |
| 0 | 242 |
{
|
|
230
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
243 |
// Determine appropriate width and height |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
244 |
$width = ( isset($_GET['width']) ) ? intval($_GET['width'] ) : 320; |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
245 |
$height = ( isset($_GET['height']) ) ? intval($_GET['height']) : 320; |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
246 |
$cache_filename = ENANO_ROOT . "/cache/{$filename}-{$row['time_id']}-{$width}x{$height}{$row['file_extension']}";
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
247 |
if ( file_exists($cache_filename) ) |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
248 |
{
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
249 |
$fname = $cache_filename; |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
250 |
} |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
251 |
else |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
252 |
{
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
253 |
$allow_scale = false; |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
254 |
$orig_fname = $fname; |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
255 |
// is caching enabled? |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
256 |
if ( getConfig('cache_thumbs') == '1' )
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
257 |
{
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
258 |
$fname = $cache_filename; |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
259 |
if ( is_writeable(dirname($fname)) ) |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
260 |
{
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
261 |
$allow_scale = true; |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
262 |
} |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
263 |
} |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
264 |
else |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
265 |
{
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
266 |
// Get a temporary file |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
267 |
// In this case, the file will not be cached and will be scaled each time it's requested |
|
481
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
268 |
$temp_dir = sys_get_temp_dir(); |
|
230
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
269 |
// if tempnam() cannot use the specified directory name, it will fall back on the system default |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
270 |
$tempname = tempnam($temp_dir, $filename); |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
271 |
if ( $tempname && is_writeable($tempname) ) |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
272 |
{
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
273 |
$allow_scale = true; |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
274 |
} |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
275 |
} |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
276 |
if ( $allow_scale ) |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
277 |
{
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
278 |
$result = scale_image($orig_fname, $fname, $width, $height); |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
279 |
if ( !$result ) |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
280 |
$fname = $orig_fname; |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
281 |
} |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
282 |
else |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
283 |
{
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
284 |
$fname = $orig_fname; |
| 0 | 285 |
} |
286 |
} |
|
287 |
} |
|
|
230
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
288 |
$handle = @fopen($fname, 'r'); |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
289 |
if ( !$handle ) |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
290 |
die('Can\'t open output file for reading');
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
291 |
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
292 |
$len = filesize($fname); |
| 0 | 293 |
header('Content-type: '.$row['mimetype']);
|
|
230
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
294 |
if ( isset($_GET['download']) ) |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
295 |
{
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
296 |
header('Content-disposition: attachment, filename="' . $filename . '";');
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
297 |
} |
|
898
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents:
832
diff
changeset
|
298 |
if ( !@$GLOBALS['do_gzip'] ) |
|
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents:
832
diff
changeset
|
299 |
header('Content-length: ' . $len);
|
|
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents:
832
diff
changeset
|
300 |
|
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
301 |
header('Last-Modified: '.enano_date('r', $row['time_id']));
|
|
230
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
302 |
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
303 |
// using this method limits RAM consumption |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
304 |
while ( !feof($handle) ) |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
305 |
{
|
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
306 |
echo fread($handle, 512000); |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
307 |
} |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
308 |
fclose($handle); |
| 0 | 309 |
|
|
80
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
23
diff
changeset
|
310 |
gzip_output(); |
| 0 | 311 |
|
312 |
exit; |
|
313 |
||
314 |
} |
|
315 |
||
316 |
?> |