Browse files

Signed-off-by: Philipp Kiszka <info@o-dyn.de>

  • Loading branch information...
1 parent 6ccbbd9 commit 69a13c2ee7d22ce2b828824af43c2cc5fee1baa4 @philippK-de committed Apr 23, 2012
View
82 include/class.datei.php
@@ -315,7 +315,89 @@ function upload($fname, $ziel, $project, $folder = 0)
return false;
}
}
+ /**
+ * Upload a file
+ * Does filename sanitizing as well as MIME-type determination
+ * Also adds the file to the database using add_file()
+ *
+ * @param string $fname Name of the HTML form field POSTed from
+ * @param string $ziel Destination directory
+ * @param int $project Project ID of the associated project
+ * @return bool
+ */
+ function uploadAsync($name,$tmp_name,$typ,$size,$ziel, $project, $folder = 0)
+ {
+ $visible = "";
+ $visstr = "";
+ $root = CL_ROOT;
+
+ if (empty($name)) {
+ return false;
+ }
+
+ // find the extension
+ $teilnamen = explode(".", $name);
+ $teile = count($teilnamen);
+ $workteile = $teile - 1;
+ $erweiterung = $teilnamen[$workteile];
+ $subname = "";
+ // if its a php file, treat it as plaintext so its not executed when opened in the browser.
+ if (stristr($erweiterung, "php")) {
+ $erweiterung = "txt";
+ $typ = "text/plain";
+ }
+
+ for ($i = 0; $i < $workteile; $i++) {
+ $subname .= $teilnamen[$i];
+ }
+
+ $randval = mt_rand(1, 99999);
+ // only allow a-z , 0-9 in filenames, substitute other chars with _
+ $subname = str_replace("ä", "ae" , $subname);
+ $subname = str_replace("ö", "oe" , $subname);
+ $subname = str_replace("ü", "ue" , $subname);
+ $subname = str_replace("ß", "ss" , $subname);
+ $subname = preg_replace("/[^-_0-9a-zA-Z]/", "_", $subname);
+ // remove whitespace
+ $subname = preg_replace("/\W/", "", $subname);
+ // if filename is longer than 200 chars, cut it.
+ if (strlen($subname) > 200) {
+ $subname = substr($subname, 0, 200);
+ }
+
+ $name = $subname . "_" . $randval . "." . $erweiterung;
+ $datei_final = $root . "/" . $ziel . "/" . $name;
+ $datei_final2 = $ziel . "/" . $name;
+ if (!file_exists($datei_final)) {
+ if (move_uploaded_file($tmp_name, $datei_final)) {
+ // $filesize = filesize($datei_final);
+ if ($project > 0) {
+ /**
+ * file did not already exist, was uploaded, and a project is set
+ * add the file to the database, add the upload event to the log and return the file ID.
+ */
+ chmod($datei_final, 0755);
+ $fid = $this->add_file($name, $desc, $project, 0, "$tags", $datei_final2, "$typ", $title, $folder, $visstr);
+ if (!empty($title)) {
+ $this->mylog->add($title, 'file', 1, $project);
+ } else {
+ $this->mylog->add($name, 'file', 1, $project);
+ }
+ return $fid;
+ } else {
+ // no project means the file is not added to the database wilfully. return file name.
+ return $name;
+ }
+ } else {
+ // file was not uploaded / error occured. return false
+ return false;
+ }
+ } else {
+ // file already exists. return false
+ return false;
+ }
+ }
/**
* Edit a file
*
View
53 managefile.php
@@ -92,7 +92,58 @@
}
$loc = $url .= "managefile.php?action=showproject&id=$id&mode=added";
header("Location: $loc");
-} elseif ($action == "editform") {
+}
+elseif($action == "uploadAsync")
+{
+ if ($upfolder) {
+ $thefolder = $myfile->getFolder($upfolder);
+ $thefolder = $thefolder["name"];
+ $upath = "files/" . CL_CONFIG . "/$id/" . $thefolder;
+ } else {
+ $upath = "files/" . CL_CONFIG . "/$id";
+ $upfolder = 0;
+ }
+ $num = count($_FILES);
+ $chk = 0;
+ foreach($_FILES as $file) {
+ $fid = $myfile->uploadAsync($file["name"],$file["tmp_name"],$file["type"],$file["size"], $upath, $id, $upfolder);
+ $fileprops = $myfile->getFile($fid);
+
+ if ($settings["mailnotify"]) {
+ $sendto = getArrayVal($_POST, "sendto");
+ $usr = (object) new project();
+ $pname = $usr->getProject($id);
+ $users = $usr->getProjectMembers($id, 10000);
+ if ($sendto[0] == "all") {
+ $sendto = $users;
+ $sendto = reduceArray($sendto);
+ } elseif ($sendto[0] == "none") {
+ $sendto = array();
+ }
+ foreach($users as $user) {
+ if (!empty($user["email"])) {
+ if (is_array($sendto)) {
+ if (in_array($user["ID"], $sendto)) {
+ // check if subfolder exists, else root folder
+ $whichfolder = (!empty($thefolder)) ? $thefolder : $langfile["rootdir"];
+ // send email
+ $themail = new emailer($settings);
+ $themail->send_mail($user["email"], $langfile["filecreatedsubject"], $langfile["hello"] . ",<br /><br/>" . $langfile["filecreatedtext"] . "<br /><br />" . $langfile["project"] . ": " . $pname["name"] . "<br />" . $langfile["folder"] . ": " . $whichfolder . "<br />" . $langfile["file"] . ": <a href = \"" . $url . $fileprops["datei"] . "\">" . $url . $fileprops["datei"] . "</a>");
+ }
+ } else {
+ // send email
+ $themail = new emailer($settings);
+ $themail->send_mail($user["email"], $langfile["filecreatedsubject"], "");
+ }
+ }
+ }
+ }
+ }
+ $loc = $url .= "managefile.php?action=showproject&id=$id&mode=added";
+ //header("Location: $loc");
+ echo "UPLOADED";
+}
+elseif ($action == "editform") {
if (!$userpermissions["files"]["edit"]) {
$errtxt = $langfile["nopermission"];
$noperm = $langfile["accessdenied"];
View
2 manageuser.php
@@ -133,7 +133,7 @@
$erweiterung = $teilnamen[$workteile];
$subname = "";
- if (strtolower($erweiterung) != "jpg" and strtolower($erweiterung) != "png" and strtolower($erweiterung) != "gif" and strtolower($erweiterung) != "jpeg") {
+ if ($erweiterung != "image/jpeg" and $erweiterung != "image/png" and $erweiterung != "image/gif" and $erweiterung != "image/pjpeg") {
$loc = $url . "manageuser.php?action=profile&id=$userid";
header("Location: $loc");
die();
View
80 templates/standard/addfileform_new.tpl
@@ -0,0 +1,80 @@
+<div class="block_in_wrapper">
+<script type = "text/javascript" src = "include/js/5up.js"></script>
+
+ <h2>{#addfile#}</h2>
+ {#maxsize#}: {$postmax}<br/><br/>
+ <form novalidate class="main" action="#" method="post" enctype="multipart/form-data">
+ <fieldset>
+ <div class = "row">
+ <label for = "upfolder">{#folder#}:</label>
+ <select name = "upfolder" id = "upfolder">
+ <option value = "">{#rootdir#}</option>
+ {section name=fold loop=$allfolders}
+ <option value = "{$allfolders[fold].ID}">{$allfolders[fold].abspath}</option>
+ {/section}
+ </select>
+ </div>
+
+ <div id = "inputs">
+
+ <div class="row"><label for="file">{#file#}:</label>
+ <div class="fileinput" >
+ <input size = "1" type="file" class = "file" name="userfile1" id="filer" realname="{#file#}" onchange = "uploader.fileInfo();" style = "cursor:pointer;" multiple />
+ <table class = "faux" cellpadding="0" cellspacing="0" border="0" style="padding:0;margin:0;border:none;">
+ <tr>
+ <td class="choose" style = "padding:0px;"><button class="inner" onclick="return false;" style = "float:left;cursor:pointer;">{#chooseone#}</button></td>
+ </tr>
+ </table>
+ </div>
+
+
+ </div>
+
+<div class = "row">
+<label>&nbsp;</label>
+ <div id = "fileInfo1"></div>
+</div>
+
+ </div>
+
+ <div class = "row">
+ <label>{#notify#}:</label>
+ <select name = "sendto[]" multiple style = "height:100px;">
+ <option value = "" disabled style = "color:black;font-weight:bold;">{#general#}</option>
+ <option value = "all" selected>{#all#}</option>
+ <option value = "none" >{#none#}</option>
+ <option value = "" disabled style = "color:black;font-weight:bold;">{#members#}</option>
+ {section name=member loop=$members}
+ <option value = "{$members[member].ID}" >{$members[member].name}</option>
+ {/section}
+ </select>
+ </div>
+
+ <div class = "row" id = "statusrow" style = "display:none;">
+ <label>&nbsp;</label>
+ <br />
+ <div class="statusbar" id = "fakeprogress" style = "width:314px;margin-left:140px;">
+ <div id="completed" class="complete" style="width: 0%;"></div>
+ </div>
+ </div>
+
+ <div class="row-butn-bottom">
+ <label>&nbsp;</label>
+ <div id = "filesubmit" >
+ <button onclick = "$('statusrow').show();uploader.upload();return false;" onfocus="this.blur();">{#addbutton#}</button>
+ </div>
+ </div>
+
+
+ </fieldset>
+ </form>
+{literal}
+<script type="text/javascript">
+ Event.observe(window,"load",function()
+ {
+
+ uploader = new html5up("filer","fileInfo1","completed","managefile.php?action=uploadAsync&id={/literal}{$project.ID}{literal}");
+ });
+ </script>
+{/literal}
+</div> {*block_in_wrapper end*}
View
2 templates/standard/fileview.tpl
@@ -63,7 +63,7 @@
<td class="rightmen" valign="top">
<div class="inmenue">
{if $userpermissions.files.del}
- <a class="del" href="javascript:confirmfunction('{#confirmdel#}','deleteElement(\'fli_{$files[file].ID}\',\'managefile.php?action=delete&amp;id={$project.ID}&amp;file={$files[file].ID}\')');" title="{#delete#}"></a>
+ <a class="del" href="javascript:confirmfunction('{$langfile.confirmdel}','deleteElement(\'fli_{$files[file].ID}\',\'managefile.php?action=delete&amp;id={$project.ID}&amp;file={$files[file].ID}\')');" title="{#delete#}"></a>
{/if}
{if $userpermissions.files.edit}
<a class="edit" href="managefile.php?action=editform&amp;id={$project.ID}&amp;file={$files[file].ID}" title="{#editfile#}"></a>
View
3 templates/standard/header.tpl
@@ -89,7 +89,8 @@ tinyMCE.init({
force_p_newlines : false,
convert_newlines_to_brs : false,
forced_root_block : false,
- external_image_list_url: 'manageajax.php?action=jsonfiles&id={/literal}{$project.ID}{literal}'
+ external_image_list_url: 'manageajax.php?action=jsonfiles&id={/literal}{$project.ID}{literal}',
+ entity_encoding : "raw"
});
View
2 templates/standard/projectfiles.tpl
@@ -63,7 +63,7 @@
{*Add File*}
{if $userpermissions.files.add}
<div id = "form_file" class="addmenue" style = "display:none;">
- {include file="addfileform.tpl" }
+ {include file="addfileform_new.tpl" }
</div>
{/if}

0 comments on commit 69a13c2

Please sign in to comment.