Skip to content

Commit

Permalink
Fixed issue #6083 : Uploading a file takes me to upload template Zip …
Browse files Browse the repository at this point in the history 
…archive
  • Loading branch information
@Shnoulle
Shnoulle committed May 17, 2012
1 parent f43d536 commit d5b531d
Show file tree
Hide file tree
Showing 4 changed files with 84 additions and 25 deletions.
56 changes: 52 additions & 4 deletions application/controllers/admin/templates.php
View file
Expand Up @@ -76,8 +76,7 @@ public function upload()
$aViewUrls = $this->_initialise('default', 'welcome', 'startpage.pstpl', FALSE);
$lid = returnGlobal('lid');
$action = returnGlobal('action');



if ($action == 'templateupload') {
if (Yii::app()->getConfig('demoMode'))
$this->getController()->error($clang->gT("Demo mode: Uploading templates is disabled."));
Expand Down Expand Up @@ -168,7 +167,57 @@ public function upload()

$this->_renderWrappedTemplate('templates', $aViewUrls, $aData);
}

/**
* Responsible to import a template file.
*
* @access public
* @return void
*/
public function uploadfile()
{
$clang = $this->getController()->lang;
$action = returnGlobal('action');
$editfile = returnGlobal('editfile');
$templatename = returnGlobal('templatename');
$screenname = returnGlobal('screenname');
$files = $this->_initfiles($templatename);
$cssfiles = $this->_initcssfiles();
$basedestdir = Yii::app()->getConfig('usertemplaterootdir');
$tempdir = Yii::app()->getConfig('tempdir');
$allowedtemplateuploads=Yii::app()->getConfig('allowedtemplateuploads');
$filename=sanitize_filename($_FILES['upload_file']['name'],false,false);// Don't force lowercase or alphanumeric
$fullfilepath=$basedestdir."/".$templatename . "/" . $filename;

if($action=="templateuploadfile")
{
if(Yii::app()->getConfig('demoMode'))
{
$uploadresult = $clang->gT("Demo mode: Uploading template files is disabled.");
}
elseif($filename!=$_FILES['upload_file']['name'])
{
$uploadresult = $clang->gT("This filename is not allowed to be uploaded.");
}
elseif(!in_array(substr(strrchr($filename, '.'),1),explode ( "," , $allowedtemplateuploads )))
{

$uploadresult = $clang->gT("This file type is not allowed to be uploaded.");
}
else
{
//Uploads the file into the appropriate directory
if (!@move_uploaded_file($_FILES['upload_file']['tmp_name'], $fullfilepath)) {
$uploadresult = sprintf($clang->gT("An error occurred uploading your file. This may be caused by incorrect permissions in your %s folder."),$tempdir);
}
else
{
$uploadresult = sprintf($clang->gT("File %s uploaded"),$filename);
}
}
Yii::app()->session['flashmessage'] = $uploadresult;
}
$this->getController()->redirect(array("admin/templates/view/editfile/" . $editfile . "/screenname/" . $screenname . "/templatename/" . $templatename));
}
/**
* Generates a random temp directory
*
Expand Down Expand Up @@ -227,7 +276,6 @@ public function index($editfile = 'startpage.pstpl', $screenname = 'welcome', $t
$this->getController()->_css_admin_includes(Yii::app()->getConfig('adminscripts') . 'codemirror_ui/lib/CodeMirror-2.0/mode/xml/xml.css');
$this->getController()->_css_admin_includes(Yii::app()->getConfig('adminscripts') . 'codemirror_ui/css/codemirror-ui.css');


$this->_renderWrappedTemplate('templates', $aViewUrls);

if ($screenname != 'welcome')
Expand Down
4 changes: 4 additions & 0 deletions application/helpers/sanitize_helper.php
View file
Expand Up @@ -116,9 +116,13 @@ function sanitize_filename($string, $force_lowercase = true, $alphanumeric = fal
$strip = array("~", "`", "!", "@", "#", "$", "%", "^", "&", "*", "(", ")", "_", "=", "+", "[", "{", "]",
"}", "\\", "|", ";", ":", "\"", "'", "‘", "’", "“", "”", "–", "—",
"", "", ",", "<", ".", ">", "/", "?");
$lastdot=strrpos($string, ".");
$clean = trim(str_replace($strip, "_", strip_tags($string)));
$clean = preg_replace('/\s+/', "-", $clean);
$clean = ($alphanumeric) ? preg_replace("/[^a-zA-Z0-9]/", "", $clean) : $clean ;
if ($lastdot !== false) {
$clean= substr_replace ( $clean , '.' , $lastdot , 1 );
}
return ($force_lowercase) ?
(function_exists('mb_strtolower')) ?
mb_strtolower($clean, 'UTF-8') :
Expand Down
43 changes: 25 additions & 18 deletions application/views/admin/templates/templateeditorbar_view.php
View file
Expand Up @@ -11,31 +11,38 @@ function copyprompt(text, defvalue, copydirectory, action)
sendPost('<?php echo $this->createUrl('admin/templates/template'); ?>'+action,'<?php echo Yii::app()->session['checksessionpost']; ?>',new Array('action','newname','copydir'),new Array('template'+action,newtemplatename,copydirectory));
}
}
function checkuploadfiletype(filename)
{
var allowedtypes=',<?php echo Yii::app()->getConfig('allowedtemplateuploads'); ?>,';
var lastdotpos=-1;
var ext='';
if ((lastdotpos=filename.lastIndexOf('.')) < 0)
{
alert('<?php $clang->eT('This file type is not allowed to be uploaded.','js'); ?>');
return false;
}
else
{
ext = ',' + filename.substr(lastdotpos+1) + ',';
ext = ext.toLowerCase();
if (allowedtypes.indexOf(ext) < 0)

$(document).ready(function(){
$("#importtemplatefile").submit(function(){

filename = $("#upload_file").val();
if(filename==""){
return false; // False click
}
var allowedtypes=',<?php echo Yii::app()->getConfig('allowedtemplateuploads'); ?>,';
var lastdotpos=-1;
var ext='';
if ((lastdotpos=filename.lastIndexOf('.')) < 0)
{
alert('<?php $clang->eT('This file type is not allowed to be uploaded.','js'); ?>');
return false;
}
else
{
return true;
ext = ',' + filename.substr(lastdotpos+1) + ',';
ext = ext.toLowerCase();
if (allowedtypes.indexOf(ext) < 0)
{
alert('<?php $clang->eT('This file type is not allowed to be uploaded.','js'); ?>');
return false;
}
else
{
return true;
}
}
}
}
});
});
//-->
</script>
<div class='menubar'>
Expand Down
6 changes: 3 additions & 3 deletions application/views/admin/templates/templatesummary_view.php
View file
Expand Up @@ -38,7 +38,7 @@
<input type='hidden' name='editfile' value='<?php echo $editfile; ?>' />
<input type='hidden' name='action' value='templatesavechanges' />

<textarea name='changes' id='changes' rows='20' cols='40' class='codepress html <?php echo $templateclasseditormode; ?>'>
<textarea name='changes' id='changes' rows='20' cols='40' class='codepress html <?php echo $templateclasseditormode; ?>' style='width:100%'>
<?php if (isset($editfile)) {
echo textarea_encode(filetext($templatename,$editfile,$templates));
} ?>
Expand Down Expand Up @@ -77,8 +77,8 @@
</form>
</div>
<div style='margin-top:1em;'>
<form enctype='multipart/form-data' name='importtemplatefile' action='<?php echo $this->createUrl('admin/templates/upload/') ?>' method='post' onsubmit='return checkuploadfiletype(this.the_file.value);'>
<?php $clang->eT("Upload a file:"); ?><br><input style='width:50px;' size=10 name="the_file" type="file" /><br />
<form enctype='multipart/form-data' name='importtemplatefile' id='importtemplatefile' action='<?php echo $this->createUrl('admin/templates/uploadfile') ?>' method='post'>
<?php $clang->eT("Upload a file:"); ?><br><input style='width:50px;' size=10 name='upload_file' id="upload_file" type="file" /><br />
<input type='submit' value='<?php $clang->eT("Upload"); ?>'
<?php if (!is_template_editable($templatename)) { ?>
disabled='disabled'
Expand Down

0 comments on commit d5b531d

Please sign in to comment.