Home Explore Help
Register Sign In
OSInet
/
phpgtk__legacy
2
0
Fork 0
Files Pull Requests 0
Branch: master
Branches Tags
phpgtk__legacy
/
wiki
/
scripts
/
upload.php

upload.php 13 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305 
  1. <?php if (!defined('PmWiki')) exit();
    2. 

  2. /*  Copyright 2004-2006 Patrick R. Michaud (pmichaud@pobox.com)
    3. 

  3.     This file is part of PmWiki; you can redistribute it and/or modify
    4. 

  4.     it under the terms of the GNU General Public License as published
    5. 

  5.     by the Free Software Foundation; either version 2 of the License, or
    6. 

  6.     (at your option) any later version.  See pmwiki.php for full details.
    7. 

  7. 

  8.     This script adds upload capabilities to PmWiki.  Uploads can be
    9. 

  9.     enabled by setting
    10. 

  10.         $EnableUpload = 1;
    11. 

  11.     in config.php.  In addition, an upload password must be set, as
    12. 

  12.     the default is to lock uploads.  In some configurations it may also
    13. 

  13.     be necessary to set values for $UploadDir and $UploadUrlFmt,
    14. 

  14.     especially if any form of URL rewriting is being performed.
    15. 

  15.     See the PmWiki.UploadsAdmin page for more information.
    16. 

  16. */
    17. 

  17. 

  18. ## $EnableUploadOverwrite determines if we allow previously uploaded
    19. 

  19. ## files to be overwritten.
    20. 

  20. SDV($EnableUploadOverwrite,1);
    21. 

  21. 

  22. ## $UploadExts contains the list of file extensions we're willing to
    23. 

  23. ## accept, along with the Content-Type: value appropriate for each.
    24. 

  24. SDVA($UploadExts,array(
    25. 

  25.   'gif' => 'image/gif', 'jpg' => 'image/jpeg', 'jpeg' => 'image/jpeg',
    26. 

  26.   'png' => 'image/png', 'bmp' => 'image/bmp', 'ico' => 'image/x-icon',
    27. 

  27.   'wbmp' => 'image/vnd.wap.wbmp',
    28. 

  28.   'mp3' => 'audio/mpeg', 'au' => 'audio/basic', 'wav' => 'audio/x-wav',
    29. 

  29.   'mpg' => 'video/mpeg', 'mpeg' => 'video/mpeg',
    30. 

  30.   'mov' => 'video/quicktime', 'qt' => 'video/quicktime',
    31. 

  31.   'wmf' => 'text/plain', 'avi' => 'video/x-msvideo',
    32. 

  32.   'zip' => 'application/zip', 
    33. 

  33.   'gz' => 'application/x-gzip', 'tgz' => 'application/x-gzip',
    34. 

  34.   'rpm' => 'application/x-rpm', 
    35. 

  35.   'hqx' => 'application/mac-binhex40', 'sit' => 'application/x-stuffit',
    36. 

  36.   'doc' => 'application/msword', 'ppt' => 'application/vnd.ms-powerpoint',
    37. 

  37.   'xls' => 'application/vnd.ms-excel', 'mdb' => 'text/plain',
    38. 

  38.   'exe' => 'application/octet-stream',
    39. 

  39.   'pdf' => 'application/pdf', 'psd' => 'text/plain', 
    40. 

  40.   'ps' => 'application/postscript', 'ai' => 'application/postscript',
    41. 

  41.   'eps' => 'application/postscript',
    42. 

  42.   'htm' => 'text/html', 'html' => 'text/html', 'css' => 'text/css', 
    43. 

  43.   'fla' => 'application/x-shockwave-flash', 
    44. 

  44.   'swf' => 'application/x-shockwave-flash',
    45. 

  45.   'txt' => 'text/plain', 'rtf' => 'application/rtf', 
    46. 

  46.   'tex' => 'application/x-tex', 'dvi' => 'application/x-dvi',
    47. 

  47.   '' => 'text/plain'));
    48. 

  48. 

  49. SDV($UploadMaxSize,50000);
    50. 

  50. SDV($UploadPrefixQuota,0);
    51. 

  51. SDV($UploadDirQuota,0);
    52. 

  52. foreach($UploadExts as $k=>$v) 
    53. 

  53.   if (!isset($UploadExtSize[$k])) $UploadExtSize[$k]=$UploadMaxSize;
    54. 

  54. 

  55. SDV($UploadDir,'uploads');
    56. 

  56. SDV($UploadPrefixFmt,'/$Group');
    57. 

  57. SDV($UploadFileFmt,"$UploadDir$UploadPrefixFmt");
    58. 

  58. $v = preg_replace('#^/(.*/)#', '', $UploadDir);
    59. 

  59. SDV($UploadUrlFmt,preg_replace('#/[^/]*$#', "/$v", $PubDirUrl, 1));
    60. 

  60. SDV($LinkUploadCreateFmt, "<a class='createlinktext' href='\$LinkUpload'>\$LinkText</a><a class='createlink' href='\$LinkUpload'>&nbsp;&Delta;</a>");
    61. 

  61. 

  62. SDV($PageUploadFmt,array("
    63. 

  63.   <div id='wikiupload'>
    64. 

  64.   <h2 class='wikiaction'>$[Attachments for] {\$FullName}</h2>
    65. 

  65.   <h3>\$UploadResult</h3>
    66. 

  66.   <form enctype='multipart/form-data' action='{\$PageUrl}' method='post'>
    67. 

  67.   <input type='hidden' name='n' value='{\$FullName}' />
    68. 

  68.   <input type='hidden' name='action' value='postupload' />
    69. 

  69.   <table border='0'>
    70. 

  70.     <tr><td align='right'>$[File to upload:]</td><td><input
    71. 

  71.       name='uploadfile' type='file' /></td></tr>
    72. 

  72.     <tr><td align='right'>$[Name attachment as:]</td>
    73. 

  73.       <td><input type='text' name='upname' value='\$UploadName' /><input 
    74. 

  74.         type='submit' value=' $[Upload] ' /><br />
    75. 

  75.         </td></tr></table></form></div>",
    76. 

  76.   'wiki:$[{$SiteGroup}/UploadQuickReference]'));
    77. 

  77. XLSDV('en',array(
    78. 

  78.   'ULsuccess' => 'successfully uploaded',
    79. 

  79.   'ULbadname' => 'invalid attachment name',
    80. 

  80.   'ULbadtype' => '\'$upext\' is not an allowed file extension',
    81. 

  81.   'ULtoobig' => 'file is larger than maximum allowed by webserver',
    82. 

  82.   'ULtoobigext' => 'file is larger than allowed maximum of $upmax
    83. 

  83.      bytes for \'$upext\' files',
    84. 

  84.   'ULpartial' => 'incomplete file received',
    85. 

  85.   'ULnofile' => 'no file uploaded',
    86. 

  86.   'ULexists' => 'file with that name already exists',
    87. 

  87.   'ULpquota' => 'group quota exceeded',
    88. 

  88.   'ULtquota' => 'upload quota exceeded'));
    89. 

  89. SDV($PageAttributes['passwdupload'],'$[Set new upload password:]');
    90. 

  90. SDV($DefaultPasswords['upload'],'*');
    91. 

  91. SDV($AuthCascade['upload'], 'read');
    92. 

  92. 

  93. Markup('attachlist', 'directives', 
    94. 

  94.   '/\\(:attachlist\\s*(.*?):\\)/ei',
    95. 

  95.   "Keep('<ul>'.FmtUploadList('$pagename',PSS('$1')).'</ul>')");
    96. 

  96. SDV($GUIButtons['attach'], array(220, 'Attach:', '', '$[file.ext]',
    97. 

  97.   '$GUIButtonDirUrlFmt/attach.gif"$[Attach file]"'));
    98. 

  98. SDV($LinkFunctions['Attach:'], 'LinkUpload');
    99. 

  99. SDV($IMap['Attach:'], '$1');
    100. 

  100. SDVA($HandleActions, array('upload' => 'HandleUpload',
    101. 

  101.   'postupload' => 'HandlePostUpload',
    102. 

  102.   'download' => 'HandleDownload'));
    103. 

  103. SDVA($HandleAuth, array('upload' => 'upload',
    104. 

  104.   'postupload' => 'upload',
    105. 

  105.   'download' => 'read'));
    106. 

  106. SDV($UploadVerifyFunction, 'UploadVerifyBasic');
    107. 

  107. 

  108. function MakeUploadName($pagename,$x) {
    109. 

  109.   global $UploadNameChars;
    110. 

  110.   SDV($UploadNameChars, "-\\w. ");
    111. 

  111.   $x = preg_replace("/[^$UploadNameChars]/", '', $x);
    112. 

  112.   $x = preg_replace('/\\.[^.]*$/e', "strtolower('$0')", $x);
    113. 

  113.   $x = preg_replace('/^[^[:alnum:]]+/', '', $x);
    114. 

  114.   return preg_replace('/[^[:alnum:]_]+$/', '', $x);
    115. 

  115. }
    116. 

  116. 

  117. function LinkUpload($pagename, $imap, $path, $title, $txt, $fmt=NULL) {
    118. 

  118.   global $FmtV, $UploadFileFmt, $LinkUploadCreateFmt, $UploadUrlFmt,
    119. 

  119.     $UploadPrefixFmt, $EnableDirectDownload;
    120. 

  120.   if (preg_match('!^(.*)/([^/]+)$!', $path, $match)) {
    121. 

  121.     $pagename = MakePageName($pagename, $match[1]);
    122. 

  122.     $path = $match[2];
    123. 

  123.   }
    124. 

  124.   $upname = MakeUploadName($pagename, $path);
    125. 

  125.   $filepath = FmtPageName("$UploadFileFmt/$upname", $pagename);
    126. 

  126.   $FmtV['$LinkUpload'] = 
    127. 

  127.     FmtPageName("\$PageUrl?action=upload&amp;upname=$upname", $pagename);
    128. 

  128.   $FmtV['$LinkText'] = $txt;
    129. 

  129.   if (!file_exists($filepath)) 
    130. 

  130.     return FmtPageName($LinkUploadCreateFmt, $pagename);
    131. 

  131.   $path = PUE(FmtPageName(IsEnabled($EnableDirectDownload, 1) 
    132. 

  132.                             ? "$UploadUrlFmt$UploadPrefixFmt/$upname"
    133. 

  133.                             : "{\$PageUrl}?action=download&amp;upname=$upname",
    134. 

  134.                           $pagename));
    135. 

  135.   return LinkIMap($pagename, $imap, $path, $title, $txt, $fmt);
    136. 

  136. }
    137. 

  137. 

  138. function HandleUpload($pagename, $auth = 'upload') {
    139. 

  139.   global $FmtV,$UploadExtMax,
    140. 

  140.     $HandleUploadFmt,$PageStartFmt,$PageEndFmt,$PageUploadFmt;
    141. 

  141.   $page = RetrieveAuthPage($pagename, $auth, true, READPAGE_CURRENT);
    142. 

  142.   if (!$page) Abort("?cannot upload to $pagename");
    143. 

  143.   PCache($pagename,$page);
    144. 

  144.   $FmtV['$UploadName'] = MakeUploadName($pagename,@$_REQUEST['upname']);
    145. 

  145.   $upresult = htmlspecialchars(@$_REQUEST['upresult']);
    146. 

  146.   $uprname = htmlspecialchars(@$_REQUEST['uprname']);
    147. 

  147.   $FmtV['$upext'] = htmlspecialchars(@$_REQUEST['upext']);
    148. 

  148.   $FmtV['$upmax'] = htmlspecialchars(@$_REQUEST['upmax']);
    149. 

  149.   $FmtV['$UploadResult'] = ($upresult) ?
    150. 

  150.     FmtPageName("<i>$uprname</i>: $[UL$upresult]",$pagename) : '';
    151. 

  151.   SDV($HandleUploadFmt,array(&$PageStartFmt,&$PageUploadFmt,&$PageEndFmt));
    152. 

  152.   PrintFmt($pagename,$HandleUploadFmt);
    153. 

  153. }
    154. 

  154. 

  155. function HandleDownload($pagename, $auth = 'read') {
    156. 

  156.   global $UploadFileFmt, $UploadExts, $DownloadDisposition;
    157. 

  157.   SDV($DownloadDisposition, "inline");
    158. 

  158.   $page = RetrieveAuthPage($pagename, $auth, true, READPAGE_CURRENT);
    159. 

  159.   if (!$page) Abort("?cannot read $pagename");
    160. 

  160.   $upname = MakeUploadName($pagename, @$_REQUEST['upname']);
    161. 

  161.   $filepath = FmtPageName("$UploadFileFmt/$upname", $pagename);
    162. 

  162.   if (!$upname || !file_exists($filepath)) {
    163. 

  163.     header("HTTP/1.0 404 Not Found");
    164. 

  164.     Abort("?requested file not found");
    165. 

  165.     exit();
    166. 

  166.   }
    167. 

  167.   preg_match('/\\.([^.]+)$/',$filepath,$match); 
    168. 

  168.   if ($UploadExts[@$match[1]]) 
    169. 

  169.     header("Content-Type: {$UploadExts[@$match[1]]}");
    170. 

  170.   header("Content-Length: ".filesize($filepath));
    171. 

  171.   header("Content-disposition: $DownloadDisposition; filename=$upname");
    172. 

  172.   $fp = fopen($filepath, "r");
    173. 

  173.   if ($fp) {
    174. 

  174.     while (!feof($fp)) echo fread($fp, 4096);
    175. 

  175.     fclose($fp);
    176. 

  176.   }
    177. 

  177.   exit();
    178. 

  178. }  
    179. 

  179.  
    180. 

  180. function HandlePostUpload($pagename, $auth = 'upload') {
    181. 

  181.   global $UploadVerifyFunction, $UploadFileFmt, $LastModFile, 
    182. 

  182.     $EnableUploadVersions, $Now;
    183. 

  183.   $page = RetrieveAuthPage($pagename, $auth, true, READPAGE_CURRENT);
    184. 

  184.   if (!$page) Abort("?cannot upload to $pagename");
    185. 

  185.   $uploadfile = $_FILES['uploadfile'];
    186. 

  186.   $upname = $_REQUEST['upname'];
    187. 

  187.   if ($upname=='') $upname=$uploadfile['name'];
    188. 

  188.   $upname = MakeUploadName($pagename,$upname);
    189. 

  189.   if (!function_exists($UploadVerifyFunction))
    190. 

  190.     Abort('?no UploadVerifyFunction available');
    191. 

  191.   $filepath = FmtPageName("$UploadFileFmt/$upname",$pagename);
    192. 

  192.   $result = $UploadVerifyFunction($pagename,$uploadfile,$filepath);
    193. 

  193.   if ($result=='') {
    194. 

  194.     $filedir = preg_replace('#/[^/]*$#','',$filepath);
    195. 

  195.     mkdirp($filedir);
    196. 

  196.     if (IsEnabled($EnableUploadVersions, 0))
    197. 

  197.       @rename($filepath, "$filepath,$Now");
    198. 

  198.     if (!move_uploaded_file($uploadfile['tmp_name'],$filepath))
    199. 

  199.       { Abort("?cannot move uploaded file to $filepath"); return; }
    200. 

  200.     fixperms($filepath,0444);
    201. 

  201.     if ($LastModFile) { touch($LastModFile); fixperms($LastModFile); }
    202. 

  202.     $result = "upresult=success";
    203. 

  203.   }
    204. 

  204.   Redirect($pagename,"{\$PageUrl}?action=upload&uprname=$upname&$result");
    205. 

  205. }
    206. 

  206. 

  207. function UploadVerifyBasic($pagename,$uploadfile,$filepath) {
    208. 

  208.   global $EnableUploadOverwrite,$UploadExtSize,$UploadPrefixQuota,
    209. 

  209.     $UploadDirQuota,$UploadDir;
    210. 

  210.   if (!$EnableUploadOverwrite && file_exists($filepath)) 
    211. 

  211.     return 'upresult=exists';
    212. 

  212.   preg_match('/\\.([^.\\/]+)$/',$filepath,$match); $ext=@$match[1];
    213. 

  213.   $maxsize = $UploadExtSize[$ext];
    214. 

  214.   if ($maxsize<=0) return "upresult=badtype&upext=$ext";
    215. 

  215.   if ($uploadfile['size']>$maxsize) 
    216. 

  216.     return "upresult=toobigext&upext=$ext&upmax=$maxsize";
    217. 

  217.   switch (@$uploadfile['error']) {
    218. 

  218.     case 1: return 'upresult=toobig';
    219. 

  219.     case 2: return 'upresult=toobig';
    220. 

  220.     case 3: return 'upresult=partial';
    221. 

  221.     case 4: return 'upresult=nofile';
    222. 

  222.   }
    223. 

  223.   if (!is_uploaded_file($uploadfile['tmp_name'])) return 'upresult=nofile';
    224. 

  224.   $filedir = preg_replace('#/[^/]*$#','',$filepath);
    225. 

  225.   if ($UploadPrefixQuota && 
    226. 

  226.       (dirsize($filedir)-@filesize($filepath)+$uploadfile['size']) >
    227. 

  227.         $UploadPrefixQuota) return 'upresult=pquota';
    228. 

  228.   if ($UploadDirQuota && 
    229. 

  229.       (dirsize($UploadDir)-@filesize($filepath)+$uploadfile['size']) >
    230. 

  230.         $UploadDirQuota) return 'upresult=tquota';
    231. 

  231.   return '';
    232. 

  232. }
    233. 

  233. 

  234. function dirsize($dir) {
    235. 

  235.   $size = 0;
    236. 

  236.   $dirp = @opendir($dir);
    237. 

  237.   if (!$dirp) return 0;
    238. 

  238.   while (($file=readdir($dirp)) !== false) {
    239. 

  239.     if ($file[0]=='.') continue;
    240. 

  240.     if (is_dir("$dir/$file")) $size+=dirsize("$dir/$file");
    241. 

  241.     else $size+=filesize("$dir/$file");
    242. 

  242.   }
    243. 

  243.   closedir($dirp);
    244. 

  244.   return $size;
    245. 

  245. }
    246. 

  246. 

  247. function FmtUploadList($pagename, $args) {
    248. 

  248.   global $UploadDir, $UploadPrefixFmt, $UploadUrlFmt, $EnableUploadOverwrite,
    249. 

  249.     $TimeFmt, $EnableDirectDownload;
    250. 

  250. 

  251.   $opt = ParseArgs($args);
    252. 

  252.   if (@$opt[''][0]) $pagename = MakePageName($pagename, $opt[''][0]);
    253. 

  253.   if (@$opt['ext']) 
    254. 

  254.     $matchext = '/\\.(' 
    255. 

  255.       . implode('|', preg_split('/\\W+/', $opt['ext'], -1, PREG_SPLIT_NO_EMPTY))
    256. 

  256.       . ')$/i';
    257. 

  257. 

  258.   $uploaddir = FmtPageName("$UploadDir$UploadPrefixFmt", $pagename);
    259. 

  259.   $uploadurl = FmtPageName(IsEnabled($EnableDirectDownload, 1) 
    260. 

  260.                           ? "$UploadUrlFmt$UploadPrefixFmt/"
    261. 

  261.                           : "\$PageUrl?action=download&amp;upname=",
    262. 

  262.                       $pagename);
    263. 

  263. 

  264.   $dirp = @opendir($uploaddir);
    265. 

  265.   if (!$dirp) return '';
    266. 

  266.   $filelist = array();
    267. 

  267.   while (($file=readdir($dirp)) !== false) {
    268. 

  268.     if ($file{0} == '.') continue;
    269. 

  269.     if (@$matchext && !preg_match(@$matchext, $file)) continue;
    270. 

  270.     $filelist[$file] = $file;
    271. 

  271.   }
    272. 

  272.   closedir($dirp);
    273. 

  273.   $out = array();
    274. 

  274.   natcasesort($filelist);
    275. 

  275.   $overwrite = '';
    276. 

  276.   foreach($filelist as $file=>$x) {
    277. 

  277.     $name = PUE("$uploadurl$file");
    278. 

  278.     $stat = stat("$uploaddir/$file");
    279. 

  279.     if ($EnableUploadOverwrite) 
    280. 

  280.       $overwrite = FmtPageName("<a class='createlink'
    281. 

  281.         href='\$PageUrl?action=upload&amp;upname=$file'>&nbsp;&Delta;</a>", 
    282. 

  282.         $pagename);
    283. 

  283.     $out[] = "<li> <a href='$name'>$file</a>$overwrite ... ".
    284. 

  284.       number_format($stat['size']) . " bytes ... " . 
    285. 

  285.       strftime($TimeFmt, $stat['mtime']) . "</li>";
    286. 

  286.   }
    287. 

  287.   return implode("\n",$out);
    288. 

  288. }
    289. 

  289. 

  290. # this adds (:if [!]attachments:) to the markup
    291. 

  291. $Conditions['attachments'] = "AttachExist(\$pagename)";
    292. 

  292. function AttachExist($pagename) {
    293. 

  293.   global $UploadDir, $UploadPrefixFmt;
    294. 

  294.   $uploaddir = FmtPageName("$UploadDir$UploadPrefixFmt", $pagename);
    295. 

  295.   $count = 0;
    296. 

  296.   $dirp = @opendir($uploaddir);
    297. 

  297.   if ($dirp) {
    298. 

  298.     while (($file = readdir($dirp)) !== false) 
    299. 

  299.       if ($file{0} != '.') $count++;
    300. 

  300.     closedir($dirp);
    301. 

  301.   }
    302. 

  302.   return $count;
    303. 

  303. }
    304. 

  304. 

  305.