0
+ − 1
<?php
+ − 2
/*
+ − 3
Plugin Name: Upload/download frontend
+ − 4
Plugin URI: http://enano.homelinux.org/
+ − 5
Description: Provides the pages Special:UploadFile and Special:DownloadFile. UploadFile is used to upload files to the site, and DownloadFile fetches the file from the database, creates thumbnails if necessary, and sends the file to the user.
+ − 6
Author: Dan Fuhry
+ − 7
Version: 1.0
+ − 8
Author URI: http://enano.homelinux.org/
+ − 9
*/
+ − 10
+ − 11
/*
+ − 12
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
+ − 13
* Version 1.0 release candidate 2
+ − 14
* Copyright (C) 2006-2007 Dan Fuhry
+ − 15
* SpecialUpdownload.php - handles uploading and downloading of user-uploaded files - possibly the most rigorously security-enforcing script in all of Enano, although sessions.php comes in a close second
+ − 16
*
+ − 17
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 18
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 19
*
+ − 20
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 21
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 22
*/
+ − 23
+ − 24
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 25
+ − 26
$plugins->attachHook('base_classes_initted', '
+ − 27
global $paths;
+ − 28
$paths->add_page(Array(
+ − 29
\'name\'=>\'Upload file\',
+ − 30
\'urlname\'=>\'UploadFile\',
+ − 31
\'namespace\'=>\'Special\',
+ − 32
\'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 33
));
+ − 34
+ − 35
$paths->add_page(Array(
+ − 36
\'name\'=>\'Download file\',
+ − 37
\'urlname\'=>\'DownloadFile\',
+ − 38
\'namespace\'=>\'Special\',
+ − 39
\'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
+ − 40
));
+ − 41
');
+ − 42
+ − 43
function page_Special_UploadFile()
+ − 44
{
+ − 45
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 46
global $mime_types;
+ − 47
if(getConfig('enable_uploads')!='1') { die_friendly('Access denied', '<p>File uploads are disabled this website.</p>'); }
+ − 48
if ( !$session->get_permissions('upload_files') )
+ − 49
{
+ − 50
die_friendly('Access denied', '<p>File uploads are disabled for your user account or group.<p>');
+ − 51
}
+ − 52
if(isset($_POST['doit']))
+ − 53
{
+ − 54
if(isset($_FILES['data']))
+ − 55
{
+ − 56
$file =& $_FILES['data'];
+ − 57
}
+ − 58
else
+ − 59
{
+ − 60
$file = false;
+ − 61
}
+ − 62
if(!is_array($file)) die_friendly('Upload failed', '<p>The server could not retrieve the array $_FILES[\'data\'].</p>');
+ − 63
if($file['size'] == 0 || $file['size'] > (int)getConfig('max_file_size')) die_friendly('Upload failed', '<p>The file you uploaded is either too large or 0 bytes in length.</p>');
+ − 64
/*
+ − 65
$allowed_mime_types = Array(
+ − 66
'text/plain',
+ − 67
'image/png',
+ − 68
'image/jpeg',
+ − 69
'image/tiff',
+ − 70
'image/gif',
+ − 71
'text/html', // Safe because the file is stashed in the database
+ − 72
'application/x-bzip2',
+ − 73
'application/x-gzip',
+ − 74
'text/x-c++'
+ − 75
);
+ − 76
if(function_exists('finfo_open') && $fi = finfo_open(FILEINFO_MIME, ENANO_ROOT.'/includes/magic')) // First try to use the fileinfo extension, this is the best way to determine the mimetype
+ − 77
{
+ − 78
if(!$fi) die_friendly('Upload failed', '<p>Enano was unable to determine the format of the uploaded file.</p><p>'.@finfo_file($fi, $file['tmp_name']).'</p>');
+ − 79
$type = @finfo_file($fi, $file['tmp_name']);
+ − 80
@finfo_close($fi);
+ − 81
}
+ − 82
elseif(function_exists('mime_content_type'))
+ − 83
$type = mime_content_type($file['tmp_name']); // OK, no fileinfo function. Use a (usually) built-in PHP function
+ − 84
elseif(isset($file['type']))
+ − 85
$type = $file['type']; // LAST RESORT: use the mimetype the browser sent us, though this is likely to be spoofed
+ − 86
else // DANG! Not even the browser told us. Bail out.
+ − 87
die_friendly('Upload failed', '<p>Enano was unable to determine the format of the uploaded file.</p>');
+ − 88
*/
+ − 89
$types = fetch_allowed_extensions();
+ − 90
$ext = substr($file['name'], strrpos($file['name'], '.')+1, strlen($file['name']));
+ − 91
if(!isset($types[$ext]) || ( isset($types[$ext]) && !$types[$ext] ) )
+ − 92
{
+ − 93
die_friendly('Upload failed', '<p>The file type ".'.$ext.'" is not allowed.</p>');
+ − 94
}
+ − 95
$type = $mime_types[$ext];
+ − 96
//$type = explode(';', $type); $type = $type[0];
+ − 97
//if(!in_array($type, $allowed_mime_types)) die_friendly('Upload failed', '<p>The file type "'.$type.'" is not allowed.</p>');
+ − 98
if($_POST['rename'] != '')
+ − 99
{
+ − 100
$filename = $_POST['rename'];
+ − 101
}
+ − 102
else
+ − 103
{
+ − 104
$filename = $file['name'];
+ − 105
}
+ − 106
$bad_chars = Array(':', '\\', '/', '<', '>', '|', '*', '?', '"', '#', '+');
+ − 107
foreach($bad_chars as $ch)
+ − 108
{
+ − 109
if(strstr($filename, $ch) || preg_match('/^([ ]+)$/is', $filename)) die_friendly('Upload failed', '<p>The filename contains invalid characters.</p>');
+ − 110
}
+ − 111
+ − 112
if ( isset ( $paths->pages[ $paths->nslist['File'] . $filename ] ) && !isset ( $_POST['update'] ) )
+ − 113
{
+ − 114
die_friendly('Upload failed', '<p>The file already exists. You can <a href="'.makeUrlNS('Special', 'UploadFile/'.$filename).'">upload a new version of this file</a>.</p>');
+ − 115
}
+ − 116
else if ( isset($_POST['update']) &&
+ − 117
( !isset($paths->pages[$paths->nslist['File'].$filename]) ||
+ − 118
(isset($paths->pages[$paths->nslist['File'].$filename]) &&
+ − 119
$paths->pages[$paths->nslist['File'].$filename]['protected'] == 1 )
+ − 120
)
+ − 121
)
+ − 122
{
+ − 123
die_friendly('Upload failed', '<p>Either the file does not exist (and therefore cannot be updated) or the file is protected.</p>');
+ − 124
}
+ − 125
+ − 126
$utime = time();
+ − 127
+ − 128
$filename = $db->escape($filename);
+ − 129
$ext = substr($filename, strrpos($filename, '.'), strlen($filename));
+ − 130
$flen = filesize($file['tmp_name']);
+ − 131
+ − 132
$comments = $db->escape(RenderMan::strip_php($_POST['comments']));
+ − 133
$chartag = sha1(microtime());
+ − 134
$urln = str_replace(' ', '_', $filename);
+ − 135
+ − 136
$key = md5($filename . '_' . file_get_contents($file['tmp_name']));
+ − 137
$targetname = ENANO_ROOT . '/files/' . $key . '_' . $utime . $ext;
+ − 138
+ − 139
if(!@move_uploaded_file($file['tmp_name'], $targetname))
+ − 140
{
+ − 141
die_friendly('Upload failed', '<p>Could not move uploaded file to the new location.</p>');
+ − 142
}
+ − 143
+ − 144
if(getConfig('file_history') != '1')
+ − 145
{
+ − 146
if(!$db->sql_query('DELETE FROM '.table_prefix.'files WHERE filename=\''.$filename.'\' LIMIT 1;')) $db->_die('The old file data could not be deleted.');
+ − 147
}
+ − 148
if(!$db->sql_query('INSERT INTO '.table_prefix.'files(time_id,page_id,filename,size,mimetype,file_extension,file_key) VALUES('.$utime.', \''.$urln.'\', \''.$filename.'\', '.$flen.', \''.$type.'\', \''.$ext.'\', \''.$key.'\')')) $db->_die('The file data entry could not be inserted.');
+ − 149
if(!isset($_POST['update']))
+ − 150
{
+ − 151
if(!$db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.$utime.', \''.date('d M Y h:i a').'\', \'page\', \'create\', \''.$session->username.'\', \''.$filename.'\', \''.'File'.'\');')) $db->_die('The page log could not be updated.');
+ − 152
if(!$db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,protected,delvotes,delvote_ips) VALUES(\''.$filename.'\', \''.$urln.'\', \'File\', 0, 0, \'\')')) $db->_die('The page listing entry could not be inserted.');
+ − 153
if(!$db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\''.$urln.'\', \'File\', \''.$comments.'\', \''.$chartag.'\')')) $db->_die('The page text entry could not be inserted.');
+ − 154
}
+ − 155
else
+ − 156
{
+ − 157
if(!$db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.$utime.', \''.date('d M Y h:i a').'\', \'page\', \'reupload\', \''.$session->username.'\', \''.$filename.'\', \''.'File'.'\', \''.$comments.'\');')) $db->_die('The page log could not be updated.');
+ − 158
}
+ − 159
die_friendly('Upload complete', '<p>Your file has been uploaded successfully. View the <a href="'.makeUrlNS('File', $filename).'">file\'s page</a>.</p>');
+ − 160
}
+ − 161
else
+ − 162
{
+ − 163
$template->header();
+ − 164
$fn = $paths->getParam(0);
+ − 165
if ( $fn && !$session->get_permissions('upload_new_version') )
+ − 166
{
+ − 167
die_friendly('Access denied', '<p>Uploading new versions of files has been disabled for your user account or group.<p>');
+ − 168
}
+ − 169
?>
+ − 170
<p>Using this form you can upload a file to the <?php echo getConfig('site_name'); ?> site.</p>
+ − 171
<p>The maximum file size is <?php
+ − 172
// Get the max file size, and format it in a way that is user-friendly
+ − 173
$fs = getConfig('max_file_size');
+ − 174
echo commatize($fs).' bytes';
+ − 175
$fs = (int)$fs;
+ − 176
if($fs >= 1048576)
+ − 177
{
+ − 178
$fs = round($fs / 1048576, 1);
+ − 179
echo ' ('.$fs.' MB)';
+ − 180
}
+ − 181
elseif($fs >= 1024)
+ − 182
{
+ − 183
$fs = round($fs / 1024, 1);
+ − 184
echo ' ('.$fs.' KB)';
+ − 185
}
+ − 186
?>.</p>
+ − 187
<form action="<?php echo makeUrl($paths->page); ?>" method="post" enctype="multipart/form-data">
+ − 188
<table border="0" cellspacing="1" cellpadding="4">
+ − 189
<tr><td>File:</td><td><input name="data" type="file" size="40" /></td></tr>
+ − 190
<tr><td>Rename to:</td><td><input name="rename" type="text" size="40"<?php if($fn) echo ' value="'.$fn.'" readonly="readonly"'; ?> /></td></tr>
+ − 191
<?php
+ − 192
if(!$fn) echo '<tr><td>Comments:<br />(can be wiki-formatted)</td><td><textarea name="comments" rows="20" cols="60"></textarea></td></tr>';
+ − 193
else echo '<tr><td>Reason for uploading the new version: </td><td><input name="comments" size="50" /></td></tr>';
+ − 194
?>
+ − 195
<tr><td colspan="2" style="text-align: center">
+ − 196
<?php
+ − 197
if($fn)
+ − 198
echo '<input type="hidden" name="update" value="true" />';
+ − 199
?>
+ − 200
<input type="submit" name="doit" value="Upload file" />
+ − 201
</td></tr>
+ − 202
</table>
+ − 203
</form>
+ − 204
<?php
+ − 205
$template->footer();
+ − 206
}
+ − 207
}
+ − 208
+ − 209
function page_Special_DownloadFile()
+ − 210
{
+ − 211
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 212
global $do_gzip;
+ − 213
$filename = rawurldecode($paths->getParam(0));
+ − 214
$timeid = $paths->getParam(1);
+ − 215
if($timeid && preg_match('#^([0-9]+)$#', (string)$timeid)) $tid = ' AND time_id='.$timeid;
+ − 216
else $tid = '';
+ − 217
$filename = $db->escape($filename);
+ − 218
$q = $db->sql_query('SELECT page_id,size,mimetype,time_id,file_extension,file_key FROM '.table_prefix.'files WHERE filename=\''.$filename.'\''.$tid.' ORDER BY time_id DESC;');
+ − 219
if(!$q) $db->_die('The file data could not be selected.');
+ − 220
if($db->numrows() < 1) { header('HTTP/1.1 404 Not Found'); die_friendly('File not found', '<p>The file "'.$filename.'" cannot be found.</p>'); }
+ − 221
$row = $db->fetchrow();
+ − 222
$db->free_result();
+ − 223
+ − 224
// Check permissions
+ − 225
$perms = $session->fetch_page_acl($row['page_id'], 'File');
+ − 226
if ( !$perms->get_permissions('read') )
+ − 227
{
+ − 228
die_friendly('Access denied', '<p>Access to the specified file is denied.</p>');
+ − 229
}
+ − 230
+ − 231
$fname = ENANO_ROOT . '/files/' . $row['file_key'] . '_' . $row['time_id'] . $row['file_extension'];
+ − 232
$data = file_get_contents($fname);
+ − 233
if(isset($_GET['preview']) && getConfig('enable_imagemagick')=='1' && file_exists(getConfig('imagemagick_path')) && substr($row['mimetype'], 0, 6) == 'image/')
+ − 234
{
+ − 235
$nam = tempnam('/tmp', $filename);
+ − 236
$h = @fopen($nam, 'w');
+ − 237
if(!$h) die('Error opening '.$nam.' for writing');
+ − 238
fwrite($h, $data);
+ − 239
fclose($h);
+ − 240
/* Make sure the request doesn't contain commandline injection - yow! */
+ − 241
if(!isset($_GET['width' ]) || (isset($_GET['width'] ) && !preg_match('#^([0-9]+)$#', $_GET['width'] ))) $width = '320'; else $width = $_GET['width' ];
+ − 242
if(!isset($_GET['height']) || (isset($_GET['height']) && !preg_match('#^([0-9]+)$#', $_GET['height'] ))) $height = '240'; else $height = $_GET['height'];
+ − 243
$cache_filename=ENANO_ROOT.'/cache/'.$filename.'-'.$row['time_id'].'-'.$width.'x'.$height.$row['file_extension'];
+ − 244
if(getConfig('cache_thumbs')=='1' && file_exists($cache_filename) && is_writable(ENANO_ROOT.'/cache')) {
+ − 245
$data = file_get_contents($cache_filename);
+ − 246
} elseif(getConfig('enable_imagemagick')=='1' && file_exists(getConfig('imagemagick_path'))) {
+ − 247
// Use ImageMagick to convert the image
+ − 248
//unlink($nam);
+ − 249
error_reporting(E_ALL);
+ − 250
$cmd = ''.getConfig('imagemagick_path').' "'.$nam.'" -resize "'.$width.'x'.$height.'>" "'.$nam.'.scaled'.$row['file_extension'].'"';
+ − 251
system($cmd, $stat);
+ − 252
if(!file_exists($nam.'.scaled'.$row['file_extension'])) die('Failed to call ImageMagick (return value '.$stat.'), command line was:<br />'.$cmd);
+ − 253
$data = file_get_contents($nam.'.scaled'.$row['file_extension']);
+ − 254
// Be stingy about it - better to re-generate the image hundreds of times than to fail completely
+ − 255
if(getConfig('cache_thumbs')=='1' && !file_exists($cache_filename)) {
+ − 256
// Write the generated thumbnail to the cache directory
+ − 257
$h = @fopen($cache_filename, 'w');
+ − 258
if(!$h) die('Error opening cache file "'.$cache_filename.'" for writing.');
+ − 259
fwrite($h, $data);
+ − 260
fclose($h);
+ − 261
}
+ − 262
}
+ − 263
unlink($nam);
+ − 264
}
+ − 265
$len = strlen($data);
+ − 266
header('Content-type: '.$row['mimetype']);
+ − 267
if(isset($_GET['download'])) header('Content-disposition: attachment, filename="'.$filename.'";');
+ − 268
header('Content-length: '.$len);
+ − 269
header('Last-Modified: '.date('r', $row['time_id']));
+ − 270
echo($data);
+ − 271
+ − 272
//
+ − 273
// Compress buffered output if required and send to browser
+ − 274
//
+ − 275
if ( $do_gzip )
+ − 276
{
+ − 277
//
+ − 278
// Copied from phpBB, which was in turn borrowed from php.net
+ − 279
//
+ − 280
$gzip_contents = ob_get_contents();
+ − 281
ob_end_clean();
+ − 282
+ − 283
$gzip_size = strlen($gzip_contents);
+ − 284
$gzip_crc = crc32($gzip_contents);
+ − 285
+ − 286
$gzip_contents = gzcompress($gzip_contents, 9);
+ − 287
$gzip_contents = substr($gzip_contents, 0, strlen($gzip_contents) - 4);
+ − 288
+ − 289
header('Content-encoding: gzip');
+ − 290
echo "\x1f\x8b\x08\x00\x00\x00\x00\x00";
+ − 291
echo $gzip_contents;
+ − 292
echo pack('V', $gzip_crc);
+ − 293
echo pack('V', $gzip_size);
+ − 294
}
+ − 295
+ − 296
exit;
+ − 297
+ − 298
}
+ − 299
+ − 300
?>