diff -r 0931d60f5bdb -r 2b2084ca1e60 plugins/SpecialUpdownload.php~ --- a/plugins/SpecialUpdownload.php~ Wed Jun 13 16:32:27 2007 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,285 +0,0 @@ -attachHook('base_classes_initted', ' - global $paths; - $paths->add_page(Array( - \'name\'=>\'Upload file\', - \'urlname\'=>\'UploadFile\', - \'namespace\'=>\'Special\', - \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', - )); - - $paths->add_page(Array( - \'name\'=>\'Download file\', - \'urlname\'=>\'DownloadFile\', - \'namespace\'=>\'Special\', - \'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', - )); - '); - -function page_Special_UploadFile() -{ - global $db, $session, $paths, $template, $plugins; // Common objects - global $mime_types; - if(getConfig('enable_uploads')!='1') { die_friendly('Access denied', '

File uploads are disabled this website.

'); } - if ( !$session->get_permissions('upload_files') ) - { - die_friendly('Access denied', '

File uploads are disabled for your user account or group.

'); - } - if(isset($_POST['doit'])) - { - if(isset($_FILES['data'])) - { - $file =& $_FILES['data']; - } - else - { - $file = false; - } - if(!is_array($file)) die_friendly('Upload failed', '

The server could not retrieve the array $_FILES[\'data\'].

'); - if($file['size'] == 0 || $file['size'] > (int)getConfig('max_file_size')) die_friendly('Upload failed', '

The file you uploaded is either too large or 0 bytes in length.

'); - /* - $allowed_mime_types = Array( - 'text/plain', - 'image/png', - 'image/jpeg', - 'image/tiff', - 'image/gif', - 'text/html', // Safe because the file is stashed in the database - 'application/x-bzip2', - 'application/x-gzip', - 'text/x-c++' - ); - if(function_exists('finfo_open') && $fi = finfo_open(FILEINFO_MIME, ENANO_ROOT.'/includes/magic')) // First try to use the fileinfo extension, this is the best way to determine the mimetype - { - if(!$fi) die_friendly('Upload failed', '

Enano was unable to determine the format of the uploaded file.

'.@finfo_file($fi, $file['tmp_name']).'

'); - $type = @finfo_file($fi, $file['tmp_name']); - @finfo_close($fi); - } - elseif(function_exists('mime_content_type')) - $type = mime_content_type($file['tmp_name']); // OK, no fileinfo function. Use a (usually) built-in PHP function - elseif(isset($file['type'])) - $type = $file['type']; // LAST RESORT: use the mimetype the browser sent us, though this is likely to be spoofed - else // DANG! Not even the browser told us. Bail out. - die_friendly('Upload failed', '

Enano was unable to determine the format of the uploaded file.

'); - */ - $types = fetch_allowed_extensions(); - $ext = substr($file['name'], strrpos($file['name'], '.')+1, strlen($file['name'])); - if(!isset($types[$ext]) || ( isset($types[$ext]) && !$types[$ext] ) ) - { - die_friendly('Upload failed', '

The file type ".'.$ext.'" is not allowed.

'); - } - $type = $mime_types[$ext]; - //$type = explode(';', $type); $type = $type[0]; - //if(!in_array($type, $allowed_mime_types)) die_friendly('Upload failed', '

The file type "'.$type.'" is not allowed.

'); - if($_POST['rename'] != '') - { - $filename = $_POST['rename']; - } else { - $filename = $file['name']; - } - $bad_chars = Array(':', '\\', '/', '<', '>', '|', '*', '?', '"', '#', '+'); - foreach($bad_chars as $ch) - { - if(strstr($filename, $ch) || preg_match('/^([ ]+)$/is', $filename)) die_friendly('Upload failed', '

The filename contains invalid characters.

'); - } - - if(isset($paths->pages[$paths->nslist['File'].$filename]) && !isset($_POST['update'])) die_friendly('Upload failed', '

The file already exists. You can upload a new version of this file.

'); - elseif( isset($_POST['update']) && - (!isset($paths->pages[$paths->nslist['File'].$filename]) || - (isset($paths->pages[$paths->nslist['File'].$filename]) && - $paths->pages[$paths->nslist['File'].$filename]['protected']==1) - ) - ) - die_friendly('Upload failed', '

Either the file does not exist (and therefore cannot be updated) or the file is protected.

'); - - $utime = time(); - - $filename = $db->escape($filename); - $ext = substr($filename, strrpos($filename, '.'), strlen($filename)); - $flen = filesize($file['tmp_name']); - - $comments = $db->escape(RenderMan::strip_php($_POST['comments'])); - $chartag = sha1(microtime()); - $urln = str_replace(' ', '_', $filename); - - $key = md5($filename . '_' . file_get_contents($file['tmp_name'])); - $targetname = ENANO_ROOT . '/files/' . $key . '_' . $utime . $ext; - - if(!@move_uploaded_file($file['tmp_name'], $targetname)) - { - die_friendly('Upload failed', '

Could not move uploaded file to the new location.

'); - } - - if(getConfig('file_history') != '1') - if(!$db->sql_query('DELETE FROM '.table_prefix.'files WHERE filename=\''.$filename.'\' LIMIT 1;')) $db->_die('The old file data could not be deleted.'); - if(!$db->sql_query('INSERT INTO '.table_prefix.'files(time_id,page_id,filename,size,mimetype,file_extension,file_key) VALUES('.$utime.', \''.$urln.'\', \''.$filename.'\', '.$flen.', \''.$type.'\', \''.$ext.'\', \''.$key.'\')')) $db->_die('The file data entry could not be inserted.'); - if(!isset($_POST['update'])) - { - if(!$db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.$utime.', \''.date('d M Y h:i a').'\', \'page\', \'create\', \''.$session->username.'\', \''.$filename.'\', \''.'File'.'\');')) $db->_die('The page log could not be updated.'); - if(!$db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,protected,delvotes,delvote_ips) VALUES(\''.$filename.'\', \''.$urln.'\', \'File\', 0, 0, \'\')')) $db->_die('The page listing entry could not be inserted.'); - if(!$db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\''.$urln.'\', \'File\', \''.$comments.'\', \''.$chartag.'\')')) $db->_die('The page text entry could not be inserted.'); - } else { - if(!$db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.$utime.', \''.date('d M Y h:i a').'\', \'page\', \'reupload\', \''.$session->username.'\', \''.$filename.'\', \''.'File'.'\', \''.$comments.'\');')) $db->_die('The page log could not be updated.'); - } - die_friendly('Upload complete', '

Your file has been uploaded successfully. View the file\'s page.

'); - } else { - $template->header(); - $fn = $paths->getParam(0); - if ( $fn && !$session->get_permissions('upload_new_version') ) - { - die_friendly('Access denied', '

Uploading new versions of files has been disabled for your user account or group.

'); - } - ?> -

Using this form you can upload a file to the site.

-

The maximum file size is = 1048576) - { - $fs = round($fs / 1048576, 1); - echo ' ('.$fs.' MB)'; - } elseif($fs >= 1024) { - $fs = round($fs / 1024, 1); - echo ' ('.$fs.' KB)'; - } - ?>.

-
- - - - '; - else echo ''; - ?> - -
File:
Rename to: />
Comments:
(can be wiki-formatted)
Reason for uploading the new version:
- '; - ?> - -
-
- footer(); - } -} - -function page_Special_DownloadFile() -{ - global $db, $session, $paths, $template, $plugins; // Common objects - global $do_gzip; - $filename = rawurldecode($paths->getParam(0)); - $timeid = $paths->getParam(1); - if($timeid && preg_match('#^([0-9]+)$#', (string)$timeid)) $tid = ' AND time_id='.$timeid; - else $tid = ''; - $filename = $db->escape($filename); - $q = $db->sql_query('SELECT page_id,size,mimetype,time_id,file_extension,file_key FROM '.table_prefix.'files WHERE filename=\''.$filename.'\''.$tid.' ORDER BY time_id DESC;'); - if(!$q) $db->_die('The file data could not be selected.'); - if($db->numrows() < 1) { header('HTTP/1.1 404 Not Found'); die_friendly('File not found', '

The file "'.$filename.'" cannot be found.

'); } - $row = $db->fetchrow(); - $db->free_result(); - - // Check permissions - $perms = $session->fetch_page_acl($row['page_id'], 'File'); - if ( !$perms->get_permissions('read') ) - { - die_friendly('Access denied', '

Access to the specified file is denied.

'); - } - - $fname = ENANO_ROOT . '/files/' . $row['file_key'] . '_' . $row['time_id'] . $row['file_extension']; - $data = file_get_contents($fname); - if(isset($_GET['preview']) && getConfig('enable_imagemagick')=='1' && file_exists(getConfig('imagemagick_path')) && substr($row['mimetype'], 0, 6) == 'image/') - { - $nam = tempnam('/tmp', $filename); - $h = @fopen($nam, 'w'); - if(!$h) die('Error opening '.$nam.' for writing'); - fwrite($h, $data); - fclose($h); - /* Make sure the request doesn't contain commandline injection - yow! */ - if(!isset($_GET['width' ]) || (isset($_GET['width'] ) && !preg_match('#^([0-9]+)$#', $_GET['width'] ))) $width = '320'; else $width = $_GET['width' ]; - if(!isset($_GET['height']) || (isset($_GET['height']) && !preg_match('#^([0-9]+)$#', $_GET['height'] ))) $height = '240'; else $height = $_GET['height']; - $cache_filename=ENANO_ROOT.'/cache/'.$filename.'-'.$row['time_id'].'-'.$width.'x'.$height.$row['file_extension']; - if(getConfig('cache_thumbs')=='1' && file_exists($cache_filename) && is_writable(ENANO_ROOT.'/cache')) { - $data = file_get_contents($cache_filename); - } elseif(getConfig('enable_imagemagick')=='1' && file_exists(getConfig('imagemagick_path'))) { - // Use ImageMagick to convert the image - //unlink($nam); - error_reporting(E_ALL); - $cmd = ''.getConfig('imagemagick_path').' "'.$nam.'" -resize "'.$width.'x'.$height.'>" "'.$nam.'.scaled'.$row['file_extension'].'"'; - system($cmd, $stat); - if(!file_exists($nam.'.scaled'.$row['file_extension'])) die('Failed to call ImageMagick (return value '.$stat.'), command line was:
'.$cmd); - $data = file_get_contents($nam.'.scaled'.$row['file_extension']); - // Be stingy about it - better to re-generate the image hundreds of times than to fail completely - if(getConfig('cache_thumbs')=='1' && !file_exists($cache_filename)) { - // Write the generated thumbnail to the cache directory - $h = @fopen($cache_filename, 'w'); - if(!$h) die('Error opening cache file "'.$cache_filename.'" for writing.'); - fwrite($h, $data); - fclose($h); - } - } - unlink($nam); - } - $len = strlen($data); - header('Content-type: '.$row['mimetype']); - if(isset($_GET['download'])) header('Content-disposition: attachment, filename="'.$filename.'";'); - header('Content-length: '.$len); - header('Last-Modified: '.date('r', $row['time_id'])); - echo($data); - - // - // Compress buffered output if required and send to browser - // - if ( $do_gzip ) - { - // - // Copied from phpBB, which was in turn borrowed from php.net - // - $gzip_contents = ob_get_contents(); - ob_end_clean(); - - $gzip_size = strlen($gzip_contents); - $gzip_crc = crc32($gzip_contents); - - $gzip_contents = gzcompress($gzip_contents, 9); - $gzip_contents = substr($gzip_contents, 0, strlen($gzip_contents) - 4); - - header('Content-encoding: gzip'); - echo "\x1f\x8b\x08\x00\x00\x00\x00\x00"; - echo $gzip_contents; - echo pack('V', $gzip_crc); - echo pack('V', $gzip_size); - } - - exit; - -} - -?> \ No newline at end of file