plugins/SpecialUpdownload.php
changeset 0 902822492a68
child 23 320acf077276
equal deleted inserted replaced
-1:000000000000 0:902822492a68
       
     1 <?php
       
     2 /*
       
     3 Plugin Name: Upload/download frontend
       
     4 Plugin URI: http://enano.homelinux.org/
       
     5 Description: Provides the pages Special:UploadFile and Special:DownloadFile. UploadFile is used to upload files to the site, and DownloadFile fetches the file from the database, creates thumbnails if necessary, and sends the file to the user.
       
     6 Author: Dan Fuhry
       
     7 Version: 1.0
       
     8 Author URI: http://enano.homelinux.org/
       
     9 */
       
    10 
       
    11 /*
       
    12  * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
       
    13  * Version 1.0 release candidate 2
       
    14  * Copyright (C) 2006-2007 Dan Fuhry
       
    15  * SpecialUpdownload.php - handles uploading and downloading of user-uploaded files - possibly the most rigorously security-enforcing script in all of Enano, although sessions.php comes in a close second
       
    16  *
       
    17  * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
       
    18  * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
       
    19  *
       
    20  * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
       
    21  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
       
    22  */
       
    23  
       
    24 global $db, $session, $paths, $template, $plugins; // Common objects
       
    25 
       
    26 $plugins->attachHook('base_classes_initted', '
       
    27   global $paths;
       
    28     $paths->add_page(Array(
       
    29       \'name\'=>\'Upload file\',
       
    30       \'urlname\'=>\'UploadFile\',
       
    31       \'namespace\'=>\'Special\',
       
    32       \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
       
    33       ));
       
    34     
       
    35     $paths->add_page(Array(
       
    36       \'name\'=>\'Download file\',
       
    37       \'urlname\'=>\'DownloadFile\',
       
    38       \'namespace\'=>\'Special\',
       
    39       \'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',
       
    40       ));
       
    41     ');
       
    42 
       
    43 function page_Special_UploadFile()
       
    44 {
       
    45   global $db, $session, $paths, $template, $plugins; // Common objects
       
    46   global $mime_types;
       
    47   if(getConfig('enable_uploads')!='1') { die_friendly('Access denied', '<p>File uploads are disabled this website.</p>'); }
       
    48   if ( !$session->get_permissions('upload_files') )
       
    49   {
       
    50     die_friendly('Access denied', '<p>File uploads are disabled for your user account or group.<p>');
       
    51   }
       
    52   if(isset($_POST['doit']))
       
    53   {
       
    54     if(isset($_FILES['data']))
       
    55     {
       
    56       $file =& $_FILES['data'];
       
    57     }
       
    58     else
       
    59     {
       
    60       $file = false;
       
    61     }
       
    62     if(!is_array($file)) die_friendly('Upload failed', '<p>The server could not retrieve the array $_FILES[\'data\'].</p>');
       
    63     if($file['size'] == 0 || $file['size'] > (int)getConfig('max_file_size')) die_friendly('Upload failed', '<p>The file you uploaded is either too large or 0 bytes in length.</p>');
       
    64     /*
       
    65     $allowed_mime_types = Array(
       
    66         'text/plain',
       
    67         'image/png',
       
    68         'image/jpeg',
       
    69         'image/tiff',
       
    70         'image/gif',
       
    71         'text/html', // Safe because the file is stashed in the database
       
    72         'application/x-bzip2',
       
    73         'application/x-gzip',
       
    74         'text/x-c++'
       
    75       );
       
    76     if(function_exists('finfo_open') && $fi = finfo_open(FILEINFO_MIME, ENANO_ROOT.'/includes/magic')) // First try to use the fileinfo extension, this is the best way to determine the mimetype
       
    77     {
       
    78       if(!$fi) die_friendly('Upload failed', '<p>Enano was unable to determine the format of the uploaded file.</p><p>'.@finfo_file($fi, $file['tmp_name']).'</p>');
       
    79       $type = @finfo_file($fi, $file['tmp_name']);
       
    80       @finfo_close($fi);
       
    81     }
       
    82     elseif(function_exists('mime_content_type'))
       
    83       $type = mime_content_type($file['tmp_name']); // OK, no fileinfo function. Use a (usually) built-in PHP function
       
    84     elseif(isset($file['type']))
       
    85       $type = $file['type']; // LAST RESORT: use the mimetype the browser sent us, though this is likely to be spoofed
       
    86     else // DANG! Not even the browser told us. Bail out.
       
    87       die_friendly('Upload failed', '<p>Enano was unable to determine the format of the uploaded file.</p>');
       
    88     */
       
    89     $types = fetch_allowed_extensions();
       
    90     $ext = substr($file['name'], strrpos($file['name'], '.')+1, strlen($file['name']));
       
    91     if(!isset($types[$ext]) || ( isset($types[$ext]) && !$types[$ext] ) )
       
    92     {
       
    93       die_friendly('Upload failed', '<p>The file type ".'.$ext.'" is not allowed.</p>');
       
    94     }
       
    95     $type = $mime_types[$ext];
       
    96     //$type = explode(';', $type); $type = $type[0];
       
    97     //if(!in_array($type, $allowed_mime_types)) die_friendly('Upload failed', '<p>The file type "'.$type.'" is not allowed.</p>');
       
    98     if($_POST['rename'] != '')
       
    99     {
       
   100       $filename = $_POST['rename'];
       
   101     }
       
   102     else
       
   103     {
       
   104       $filename = $file['name'];
       
   105     }
       
   106     $bad_chars = Array(':', '\\', '/', '<', '>', '|', '*', '?', '"', '#', '+');
       
   107     foreach($bad_chars as $ch)
       
   108     {
       
   109       if(strstr($filename, $ch) || preg_match('/^([ ]+)$/is', $filename)) die_friendly('Upload failed', '<p>The filename contains invalid characters.</p>');
       
   110     }
       
   111     
       
   112     if ( isset ( $paths->pages[ $paths->nslist['File'] . $filename ] ) && !isset ( $_POST['update'] ) )
       
   113     {
       
   114       die_friendly('Upload failed', '<p>The file already exists. You can <a href="'.makeUrlNS('Special', 'UploadFile/'.$filename).'">upload a new version of this file</a>.</p>');
       
   115     }
       
   116     else if ( isset($_POST['update']) && 
       
   117             ( !isset($paths->pages[$paths->nslist['File'].$filename]) ||
       
   118              (isset($paths->pages[$paths->nslist['File'].$filename]) &&
       
   119                $paths->pages[$paths->nslist['File'].$filename]['protected'] == 1 )
       
   120              )
       
   121            )
       
   122     {
       
   123       die_friendly('Upload failed', '<p>Either the file does not exist (and therefore cannot be updated) or the file is protected.</p>');
       
   124     }
       
   125     
       
   126     $utime = time();
       
   127            
       
   128     $filename = $db->escape($filename);
       
   129     $ext = substr($filename, strrpos($filename, '.'), strlen($filename));
       
   130     $flen = filesize($file['tmp_name']);
       
   131     
       
   132     $comments = $db->escape(RenderMan::strip_php($_POST['comments']));
       
   133     $chartag = sha1(microtime());
       
   134     $urln = str_replace(' ', '_', $filename);
       
   135     
       
   136     $key = md5($filename . '_' . file_get_contents($file['tmp_name']));
       
   137     $targetname = ENANO_ROOT . '/files/' . $key . '_' . $utime . $ext;
       
   138     
       
   139     if(!@move_uploaded_file($file['tmp_name'], $targetname))
       
   140     {
       
   141       die_friendly('Upload failed', '<p>Could not move uploaded file to the new location.</p>');
       
   142     }
       
   143     
       
   144     if(getConfig('file_history') != '1')
       
   145     {
       
   146       if(!$db->sql_query('DELETE FROM  '.table_prefix.'files WHERE filename=\''.$filename.'\' LIMIT 1;')) $db->_die('The old file data could not be deleted.');
       
   147     }
       
   148     if(!$db->sql_query('INSERT INTO '.table_prefix.'files(time_id,page_id,filename,size,mimetype,file_extension,file_key) VALUES('.$utime.', \''.$urln.'\', \''.$filename.'\', '.$flen.', \''.$type.'\', \''.$ext.'\', \''.$key.'\')')) $db->_die('The file data entry could not be inserted.');
       
   149     if(!isset($_POST['update']))
       
   150     {
       
   151       if(!$db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.$utime.', \''.date('d M Y h:i a').'\', \'page\', \'create\', \''.$session->username.'\', \''.$filename.'\', \''.'File'.'\');')) $db->_die('The page log could not be updated.');
       
   152       if(!$db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,protected,delvotes,delvote_ips) VALUES(\''.$filename.'\', \''.$urln.'\', \'File\', 0, 0, \'\')')) $db->_die('The page listing entry could not be inserted.');
       
   153       if(!$db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\''.$urln.'\', \'File\', \''.$comments.'\', \''.$chartag.'\')')) $db->_die('The page text entry could not be inserted.');
       
   154     }
       
   155     else
       
   156     {
       
   157       if(!$db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.$utime.', \''.date('d M Y h:i a').'\', \'page\', \'reupload\', \''.$session->username.'\', \''.$filename.'\', \''.'File'.'\', \''.$comments.'\');')) $db->_die('The page log could not be updated.');
       
   158     }
       
   159     die_friendly('Upload complete', '<p>Your file has been uploaded successfully. View the <a href="'.makeUrlNS('File', $filename).'">file\'s page</a>.</p>');
       
   160   }
       
   161   else
       
   162   {
       
   163     $template->header();
       
   164     $fn = $paths->getParam(0);
       
   165     if ( $fn && !$session->get_permissions('upload_new_version') )
       
   166     {
       
   167       die_friendly('Access denied', '<p>Uploading new versions of files has been disabled for your user account or group.<p>');
       
   168     }
       
   169     ?>
       
   170     <p>Using this form you can upload a file to the <?php echo getConfig('site_name'); ?> site.</p>
       
   171     <p>The maximum file size is <?php 
       
   172       // Get the max file size, and format it in a way that is user-friendly
       
   173       $fs = getConfig('max_file_size');
       
   174       echo commatize($fs).' bytes';
       
   175       $fs = (int)$fs;
       
   176       if($fs >= 1048576)
       
   177       {
       
   178         $fs = round($fs / 1048576, 1);
       
   179         echo ' ('.$fs.' MB)';
       
   180       }
       
   181       elseif($fs >= 1024)
       
   182       {
       
   183         $fs = round($fs / 1024, 1);
       
   184         echo ' ('.$fs.' KB)';
       
   185       }
       
   186     ?>.</p>
       
   187     <form action="<?php echo makeUrl($paths->page); ?>" method="post" enctype="multipart/form-data">
       
   188       <table border="0" cellspacing="1" cellpadding="4">
       
   189         <tr><td>File:</td><td><input name="data" type="file" size="40" /></td></tr>
       
   190         <tr><td>Rename to:</td><td><input name="rename" type="text" size="40"<?php if($fn) echo ' value="'.$fn.'" readonly="readonly"'; ?> /></td></tr>
       
   191         <?php
       
   192         if(!$fn) echo '<tr><td>Comments:<br />(can be wiki-formatted)</td><td><textarea name="comments" rows="20" cols="60"></textarea></td></tr>';
       
   193         else echo '<tr><td>Reason for uploading the new version: </td><td><input name="comments" size="50" /></td></tr>';
       
   194         ?>
       
   195         <tr><td colspan="2" style="text-align: center">
       
   196           <?php
       
   197           if($fn)
       
   198             echo '<input type="hidden" name="update" value="true" />';
       
   199           ?>
       
   200           <input type="submit" name="doit" value="Upload file" />
       
   201         </td></tr>
       
   202       </table>
       
   203     </form>
       
   204     <?php
       
   205     $template->footer();
       
   206   }
       
   207 }                                                                                                                                                          
       
   208 
       
   209 function page_Special_DownloadFile()
       
   210 {
       
   211   global $db, $session, $paths, $template, $plugins; // Common objects
       
   212   global $do_gzip;
       
   213   $filename = rawurldecode($paths->getParam(0));
       
   214   $timeid = $paths->getParam(1);
       
   215   if($timeid && preg_match('#^([0-9]+)$#', (string)$timeid)) $tid = ' AND time_id='.$timeid;
       
   216   else $tid = '';
       
   217   $filename = $db->escape($filename);
       
   218   $q = $db->sql_query('SELECT page_id,size,mimetype,time_id,file_extension,file_key FROM '.table_prefix.'files WHERE filename=\''.$filename.'\''.$tid.' ORDER BY time_id DESC;');
       
   219   if(!$q) $db->_die('The file data could not be selected.');
       
   220   if($db->numrows() < 1) { header('HTTP/1.1 404 Not Found'); die_friendly('File not found', '<p>The file "'.$filename.'" cannot be found.</p>'); }
       
   221   $row = $db->fetchrow();
       
   222   $db->free_result();
       
   223   
       
   224   // Check permissions
       
   225   $perms = $session->fetch_page_acl($row['page_id'], 'File');
       
   226   if ( !$perms->get_permissions('read') )
       
   227   {
       
   228     die_friendly('Access denied', '<p>Access to the specified file is denied.</p>');
       
   229   }
       
   230   
       
   231   $fname = ENANO_ROOT . '/files/' . $row['file_key'] . '_' . $row['time_id'] . $row['file_extension'];
       
   232   $data = file_get_contents($fname);
       
   233   if(isset($_GET['preview']) && getConfig('enable_imagemagick')=='1' && file_exists(getConfig('imagemagick_path')) && substr($row['mimetype'], 0, 6) == 'image/')
       
   234   {
       
   235     $nam = tempnam('/tmp', $filename);
       
   236     $h = @fopen($nam, 'w');
       
   237     if(!$h) die('Error opening '.$nam.' for writing');
       
   238     fwrite($h, $data);
       
   239     fclose($h);
       
   240     /* Make sure the request doesn't contain commandline injection - yow! */
       
   241     if(!isset($_GET['width' ]) || (isset($_GET['width'] ) && !preg_match('#^([0-9]+)$#', $_GET['width']  ))) $width  = '320'; else $width  = $_GET['width' ];
       
   242     if(!isset($_GET['height']) || (isset($_GET['height']) && !preg_match('#^([0-9]+)$#', $_GET['height'] ))) $height = '240'; else $height = $_GET['height'];
       
   243     $cache_filename=ENANO_ROOT.'/cache/'.$filename.'-'.$row['time_id'].'-'.$width.'x'.$height.$row['file_extension'];
       
   244     if(getConfig('cache_thumbs')=='1' && file_exists($cache_filename) && is_writable(ENANO_ROOT.'/cache')) {
       
   245       $data = file_get_contents($cache_filename);
       
   246     } elseif(getConfig('enable_imagemagick')=='1' && file_exists(getConfig('imagemagick_path'))) {
       
   247       // Use ImageMagick to convert the image
       
   248       //unlink($nam);
       
   249       error_reporting(E_ALL);
       
   250       $cmd = ''.getConfig('imagemagick_path').' "'.$nam.'" -resize "'.$width.'x'.$height.'>" "'.$nam.'.scaled'.$row['file_extension'].'"';
       
   251       system($cmd, $stat);
       
   252       if(!file_exists($nam.'.scaled'.$row['file_extension'])) die('Failed to call ImageMagick (return value '.$stat.'), command line was:<br />'.$cmd);
       
   253       $data = file_get_contents($nam.'.scaled'.$row['file_extension']);
       
   254       // Be stingy about it - better to re-generate the image hundreds of times than to fail completely
       
   255       if(getConfig('cache_thumbs')=='1' && !file_exists($cache_filename)) {
       
   256         // Write the generated thumbnail to the cache directory
       
   257         $h = @fopen($cache_filename, 'w');
       
   258         if(!$h) die('Error opening cache file "'.$cache_filename.'" for writing.');
       
   259         fwrite($h, $data);
       
   260         fclose($h);
       
   261       }
       
   262     }
       
   263     unlink($nam);
       
   264   }
       
   265   $len = strlen($data);
       
   266   header('Content-type: '.$row['mimetype']);
       
   267   if(isset($_GET['download'])) header('Content-disposition: attachment, filename="'.$filename.'";');
       
   268   header('Content-length: '.$len);
       
   269   header('Last-Modified: '.date('r', $row['time_id']));
       
   270   echo($data);
       
   271   
       
   272   //
       
   273   // Compress buffered output if required and send to browser
       
   274   //
       
   275   if ( $do_gzip )
       
   276   {
       
   277     //
       
   278     // Copied from phpBB, which was in turn borrowed from php.net
       
   279     //
       
   280     $gzip_contents = ob_get_contents();
       
   281     ob_end_clean();
       
   282   
       
   283     $gzip_size = strlen($gzip_contents);
       
   284     $gzip_crc = crc32($gzip_contents);
       
   285   
       
   286     $gzip_contents = gzcompress($gzip_contents, 9);
       
   287     $gzip_contents = substr($gzip_contents, 0, strlen($gzip_contents) - 4);
       
   288   
       
   289     header('Content-encoding: gzip');
       
   290     echo "\x1f\x8b\x08\x00\x00\x00\x00\x00";
       
   291     echo $gzip_contents;
       
   292     echo pack('V', $gzip_crc);
       
   293     echo pack('V', $gzip_size);
       
   294   }
       
   295   
       
   296   exit;
       
   297   
       
   298 }
       
   299 
       
   300 ?>