1 <?php |
|
2 /* |
|
3 Plugin Name: Upload/download frontend |
|
4 Plugin URI: http://enano.homelinux.org/ |
|
5 Description: Provides the pages Special:UploadFile and Special:DownloadFile. UploadFile is used to upload files to the site, and DownloadFile fetches the file from the database, creates thumbnails if necessary, and sends the file to the user. |
|
6 Author: Dan Fuhry |
|
7 Version: 1.0 |
|
8 Author URI: http://enano.homelinux.org/ |
|
9 */ |
|
10 |
|
11 /* |
|
12 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
13 * Version 1.0 release candidate 2 |
|
14 * Copyright (C) 2006-2007 Dan Fuhry |
|
15 * SpecialUpdownload.php - handles uploading and downloading of user-uploaded files - possibly the most rigorously security-enforcing script in all of Enano, although sessions.php comes in a close second |
|
16 * |
|
17 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
18 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
19 * |
|
20 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
21 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
22 */ |
|
23 |
|
24 global $db, $session, $paths, $template, $plugins; // Common objects |
|
25 |
|
26 $plugins->attachHook('base_classes_initted', ' |
|
27 global $paths; |
|
28 $paths->add_page(Array( |
|
29 \'name\'=>\'Upload file\', |
|
30 \'urlname\'=>\'UploadFile\', |
|
31 \'namespace\'=>\'Special\', |
|
32 \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', |
|
33 )); |
|
34 |
|
35 $paths->add_page(Array( |
|
36 \'name\'=>\'Download file\', |
|
37 \'urlname\'=>\'DownloadFile\', |
|
38 \'namespace\'=>\'Special\', |
|
39 \'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', |
|
40 )); |
|
41 '); |
|
42 |
|
43 function page_Special_UploadFile() |
|
44 { |
|
45 global $db, $session, $paths, $template, $plugins; // Common objects |
|
46 global $mime_types; |
|
47 if(getConfig('enable_uploads')!='1') { die_friendly('Access denied', '<p>File uploads are disabled this website.</p>'); } |
|
48 if ( !$session->get_permissions('upload_files') ) |
|
49 { |
|
50 die_friendly('Access denied', '<p>File uploads are disabled for your user account or group.<p>'); |
|
51 } |
|
52 if(isset($_POST['doit'])) |
|
53 { |
|
54 if(isset($_FILES['data'])) |
|
55 { |
|
56 $file =& $_FILES['data']; |
|
57 } |
|
58 else |
|
59 { |
|
60 $file = false; |
|
61 } |
|
62 if(!is_array($file)) die_friendly('Upload failed', '<p>The server could not retrieve the array $_FILES[\'data\'].</p>'); |
|
63 if($file['size'] == 0 || $file['size'] > (int)getConfig('max_file_size')) die_friendly('Upload failed', '<p>The file you uploaded is either too large or 0 bytes in length.</p>'); |
|
64 /* |
|
65 $allowed_mime_types = Array( |
|
66 'text/plain', |
|
67 'image/png', |
|
68 'image/jpeg', |
|
69 'image/tiff', |
|
70 'image/gif', |
|
71 'text/html', // Safe because the file is stashed in the database |
|
72 'application/x-bzip2', |
|
73 'application/x-gzip', |
|
74 'text/x-c++' |
|
75 ); |
|
76 if(function_exists('finfo_open') && $fi = finfo_open(FILEINFO_MIME, ENANO_ROOT.'/includes/magic')) // First try to use the fileinfo extension, this is the best way to determine the mimetype |
|
77 { |
|
78 if(!$fi) die_friendly('Upload failed', '<p>Enano was unable to determine the format of the uploaded file.</p><p>'.@finfo_file($fi, $file['tmp_name']).'</p>'); |
|
79 $type = @finfo_file($fi, $file['tmp_name']); |
|
80 @finfo_close($fi); |
|
81 } |
|
82 elseif(function_exists('mime_content_type')) |
|
83 $type = mime_content_type($file['tmp_name']); // OK, no fileinfo function. Use a (usually) built-in PHP function |
|
84 elseif(isset($file['type'])) |
|
85 $type = $file['type']; // LAST RESORT: use the mimetype the browser sent us, though this is likely to be spoofed |
|
86 else // DANG! Not even the browser told us. Bail out. |
|
87 die_friendly('Upload failed', '<p>Enano was unable to determine the format of the uploaded file.</p>'); |
|
88 */ |
|
89 $types = fetch_allowed_extensions(); |
|
90 $ext = substr($file['name'], strrpos($file['name'], '.')+1, strlen($file['name'])); |
|
91 if(!isset($types[$ext]) || ( isset($types[$ext]) && !$types[$ext] ) ) |
|
92 { |
|
93 die_friendly('Upload failed', '<p>The file type ".'.$ext.'" is not allowed.</p>'); |
|
94 } |
|
95 $type = $mime_types[$ext]; |
|
96 //$type = explode(';', $type); $type = $type[0]; |
|
97 //if(!in_array($type, $allowed_mime_types)) die_friendly('Upload failed', '<p>The file type "'.$type.'" is not allowed.</p>'); |
|
98 if($_POST['rename'] != '') |
|
99 { |
|
100 $filename = $_POST['rename']; |
|
101 } else { |
|
102 $filename = $file['name']; |
|
103 } |
|
104 $bad_chars = Array(':', '\\', '/', '<', '>', '|', '*', '?', '"', '#', '+'); |
|
105 foreach($bad_chars as $ch) |
|
106 { |
|
107 if(strstr($filename, $ch) || preg_match('/^([ ]+)$/is', $filename)) die_friendly('Upload failed', '<p>The filename contains invalid characters.</p>'); |
|
108 } |
|
109 |
|
110 if(isset($paths->pages[$paths->nslist['File'].$filename]) && !isset($_POST['update'])) die_friendly('Upload failed', '<p>The file already exists. You can <a href="'.makeUrlNS('Special', 'UploadFile/'.$filename).'">upload a new version of this file</a>.</p>'); |
|
111 elseif( isset($_POST['update']) && |
|
112 (!isset($paths->pages[$paths->nslist['File'].$filename]) || |
|
113 (isset($paths->pages[$paths->nslist['File'].$filename]) && |
|
114 $paths->pages[$paths->nslist['File'].$filename]['protected']==1) |
|
115 ) |
|
116 ) |
|
117 die_friendly('Upload failed', '<p>Either the file does not exist (and therefore cannot be updated) or the file is protected.</p>'); |
|
118 |
|
119 $utime = time(); |
|
120 |
|
121 $filename = $db->escape($filename); |
|
122 $ext = substr($filename, strrpos($filename, '.'), strlen($filename)); |
|
123 $flen = filesize($file['tmp_name']); |
|
124 |
|
125 $comments = $db->escape(RenderMan::strip_php($_POST['comments'])); |
|
126 $chartag = sha1(microtime()); |
|
127 $urln = str_replace(' ', '_', $filename); |
|
128 |
|
129 $key = md5($filename . '_' . file_get_contents($file['tmp_name'])); |
|
130 $targetname = ENANO_ROOT . '/files/' . $key . '_' . $utime . $ext; |
|
131 |
|
132 if(!@move_uploaded_file($file['tmp_name'], $targetname)) |
|
133 { |
|
134 die_friendly('Upload failed', '<p>Could not move uploaded file to the new location.</p>'); |
|
135 } |
|
136 |
|
137 if(getConfig('file_history') != '1') |
|
138 if(!$db->sql_query('DELETE FROM '.table_prefix.'files WHERE filename=\''.$filename.'\' LIMIT 1;')) $db->_die('The old file data could not be deleted.'); |
|
139 if(!$db->sql_query('INSERT INTO '.table_prefix.'files(time_id,page_id,filename,size,mimetype,file_extension,file_key) VALUES('.$utime.', \''.$urln.'\', \''.$filename.'\', '.$flen.', \''.$type.'\', \''.$ext.'\', \''.$key.'\')')) $db->_die('The file data entry could not be inserted.'); |
|
140 if(!isset($_POST['update'])) |
|
141 { |
|
142 if(!$db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.$utime.', \''.date('d M Y h:i a').'\', \'page\', \'create\', \''.$session->username.'\', \''.$filename.'\', \''.'File'.'\');')) $db->_die('The page log could not be updated.'); |
|
143 if(!$db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,protected,delvotes,delvote_ips) VALUES(\''.$filename.'\', \''.$urln.'\', \'File\', 0, 0, \'\')')) $db->_die('The page listing entry could not be inserted.'); |
|
144 if(!$db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\''.$urln.'\', \'File\', \''.$comments.'\', \''.$chartag.'\')')) $db->_die('The page text entry could not be inserted.'); |
|
145 } else { |
|
146 if(!$db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.$utime.', \''.date('d M Y h:i a').'\', \'page\', \'reupload\', \''.$session->username.'\', \''.$filename.'\', \''.'File'.'\', \''.$comments.'\');')) $db->_die('The page log could not be updated.'); |
|
147 } |
|
148 die_friendly('Upload complete', '<p>Your file has been uploaded successfully. View the <a href="'.makeUrlNS('File', $filename).'">file\'s page</a>.</p>'); |
|
149 } else { |
|
150 $template->header(); |
|
151 $fn = $paths->getParam(0); |
|
152 if ( $fn && !$session->get_permissions('upload_new_version') ) |
|
153 { |
|
154 die_friendly('Access denied', '<p>Uploading new versions of files has been disabled for your user account or group.<p>'); |
|
155 } |
|
156 ?> |
|
157 <p>Using this form you can upload a file to the <?php echo getConfig('site_name'); ?> site.</p> |
|
158 <p>The maximum file size is <?php |
|
159 // Get the max file size, and format it in a way that is user-friendly |
|
160 $fs = getConfig('max_file_size'); |
|
161 echo $fs.' bytes'; |
|
162 $fs = (int)$fs; |
|
163 if($fs >= 1048576) |
|
164 { |
|
165 $fs = round($fs / 1048576, 1); |
|
166 echo ' ('.$fs.' MB)'; |
|
167 } elseif($fs >= 1024) { |
|
168 $fs = round($fs / 1024, 1); |
|
169 echo ' ('.$fs.' KB)'; |
|
170 } |
|
171 ?>.</p> |
|
172 <form action="<?php echo makeUrl($paths->page); ?>" method="post" enctype="multipart/form-data"> |
|
173 <table border="0" cellspacing="1" cellpadding="4"> |
|
174 <tr><td>File:</td><td><input name="data" type="file" size="40" /></td></tr> |
|
175 <tr><td>Rename to:</td><td><input name="rename" type="text" size="40"<?php if($fn) echo ' value="'.$fn.'" readonly="readonly"'; ?> /></td></tr> |
|
176 <?php |
|
177 if(!$fn) echo '<tr><td>Comments:<br />(can be wiki-formatted)</td><td><textarea name="comments" rows="20" cols="60"></textarea></td></tr>'; |
|
178 else echo '<tr><td>Reason for uploading the new version: </td><td><input name="comments" size="50" /></td></tr>'; |
|
179 ?> |
|
180 <tr><td colspan="2" style="text-align: center"> |
|
181 <?php |
|
182 if($fn) |
|
183 echo '<input type="hidden" name="update" value="true" />'; |
|
184 ?> |
|
185 <input type="submit" name="doit" value="Upload file" /> |
|
186 </td></tr> |
|
187 </table> |
|
188 </form> |
|
189 <?php |
|
190 $template->footer(); |
|
191 } |
|
192 } |
|
193 |
|
194 function page_Special_DownloadFile() |
|
195 { |
|
196 global $db, $session, $paths, $template, $plugins; // Common objects |
|
197 global $do_gzip; |
|
198 $filename = rawurldecode($paths->getParam(0)); |
|
199 $timeid = $paths->getParam(1); |
|
200 if($timeid && preg_match('#^([0-9]+)$#', (string)$timeid)) $tid = ' AND time_id='.$timeid; |
|
201 else $tid = ''; |
|
202 $filename = $db->escape($filename); |
|
203 $q = $db->sql_query('SELECT page_id,size,mimetype,time_id,file_extension,file_key FROM '.table_prefix.'files WHERE filename=\''.$filename.'\''.$tid.' ORDER BY time_id DESC;'); |
|
204 if(!$q) $db->_die('The file data could not be selected.'); |
|
205 if($db->numrows() < 1) { header('HTTP/1.1 404 Not Found'); die_friendly('File not found', '<p>The file "'.$filename.'" cannot be found.</p>'); } |
|
206 $row = $db->fetchrow(); |
|
207 $db->free_result(); |
|
208 |
|
209 // Check permissions |
|
210 $perms = $session->fetch_page_acl($row['page_id'], 'File'); |
|
211 if ( !$perms->get_permissions('read') ) |
|
212 { |
|
213 die_friendly('Access denied', '<p>Access to the specified file is denied.</p>'); |
|
214 } |
|
215 |
|
216 $fname = ENANO_ROOT . '/files/' . $row['file_key'] . '_' . $row['time_id'] . $row['file_extension']; |
|
217 $data = file_get_contents($fname); |
|
218 if(isset($_GET['preview']) && getConfig('enable_imagemagick')=='1' && file_exists(getConfig('imagemagick_path')) && substr($row['mimetype'], 0, 6) == 'image/') |
|
219 { |
|
220 $nam = tempnam('/tmp', $filename); |
|
221 $h = @fopen($nam, 'w'); |
|
222 if(!$h) die('Error opening '.$nam.' for writing'); |
|
223 fwrite($h, $data); |
|
224 fclose($h); |
|
225 /* Make sure the request doesn't contain commandline injection - yow! */ |
|
226 if(!isset($_GET['width' ]) || (isset($_GET['width'] ) && !preg_match('#^([0-9]+)$#', $_GET['width'] ))) $width = '320'; else $width = $_GET['width' ]; |
|
227 if(!isset($_GET['height']) || (isset($_GET['height']) && !preg_match('#^([0-9]+)$#', $_GET['height'] ))) $height = '240'; else $height = $_GET['height']; |
|
228 $cache_filename=ENANO_ROOT.'/cache/'.$filename.'-'.$row['time_id'].'-'.$width.'x'.$height.$row['file_extension']; |
|
229 if(getConfig('cache_thumbs')=='1' && file_exists($cache_filename) && is_writable(ENANO_ROOT.'/cache')) { |
|
230 $data = file_get_contents($cache_filename); |
|
231 } elseif(getConfig('enable_imagemagick')=='1' && file_exists(getConfig('imagemagick_path'))) { |
|
232 // Use ImageMagick to convert the image |
|
233 //unlink($nam); |
|
234 error_reporting(E_ALL); |
|
235 $cmd = ''.getConfig('imagemagick_path').' "'.$nam.'" -resize "'.$width.'x'.$height.'>" "'.$nam.'.scaled'.$row['file_extension'].'"'; |
|
236 system($cmd, $stat); |
|
237 if(!file_exists($nam.'.scaled'.$row['file_extension'])) die('Failed to call ImageMagick (return value '.$stat.'), command line was:<br />'.$cmd); |
|
238 $data = file_get_contents($nam.'.scaled'.$row['file_extension']); |
|
239 // Be stingy about it - better to re-generate the image hundreds of times than to fail completely |
|
240 if(getConfig('cache_thumbs')=='1' && !file_exists($cache_filename)) { |
|
241 // Write the generated thumbnail to the cache directory |
|
242 $h = @fopen($cache_filename, 'w'); |
|
243 if(!$h) die('Error opening cache file "'.$cache_filename.'" for writing.'); |
|
244 fwrite($h, $data); |
|
245 fclose($h); |
|
246 } |
|
247 } |
|
248 unlink($nam); |
|
249 } |
|
250 $len = strlen($data); |
|
251 header('Content-type: '.$row['mimetype']); |
|
252 if(isset($_GET['download'])) header('Content-disposition: attachment, filename="'.$filename.'";'); |
|
253 header('Content-length: '.$len); |
|
254 header('Last-Modified: '.date('r', $row['time_id'])); |
|
255 echo($data); |
|
256 |
|
257 // |
|
258 // Compress buffered output if required and send to browser |
|
259 // |
|
260 if ( $do_gzip ) |
|
261 { |
|
262 // |
|
263 // Copied from phpBB, which was in turn borrowed from php.net |
|
264 // |
|
265 $gzip_contents = ob_get_contents(); |
|
266 ob_end_clean(); |
|
267 |
|
268 $gzip_size = strlen($gzip_contents); |
|
269 $gzip_crc = crc32($gzip_contents); |
|
270 |
|
271 $gzip_contents = gzcompress($gzip_contents, 9); |
|
272 $gzip_contents = substr($gzip_contents, 0, strlen($gzip_contents) - 4); |
|
273 |
|
274 header('Content-encoding: gzip'); |
|
275 echo "\x1f\x8b\x08\x00\x00\x00\x00\x00"; |
|
276 echo $gzip_contents; |
|
277 echo pack('V', $gzip_crc); |
|
278 echo pack('V', $gzip_size); |
|
279 } |
|
280 |
|
281 exit; |
|
282 |
|
283 } |
|
284 |
|
285 ?> |
|