Joomla 1.0.13 : /administrator/popups/uploadimage.php source

[Sommaire] [Imprimer]
   1  <?php
   2  /**
   3  * @version $Id: uploadimage.php 5932 2006-12-06 06:27:58Z rmdstudio $
   4  * @package Joomla
   5  * @copyright Copyright (C) 2005 Open Source Matters. All rights reserved.
   6  * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
   7  * Joomla! is free software. This version may have been modified pursuant
   8  * to the GNU General Public License, and as distributed it includes or
   9  * is derivative of works licensed under the GNU General Public License or
  10  * other free or open source software licenses.
  11  * See COPYRIGHT.php for copyright notices and details.
  12  */
  13  
  14  // Set flag that this is a parent file
  15  define( "_VALID_MOS", 1 );
  16  
  17  /** security check */
  18  require ( '../includes/auth.php' );
  19  include_once ( $mosConfig_absolute_path . '/language/' . $mosConfig_lang . '.php' );
  20  
  21  /*
  22  * Stops file upload below /images/stories directory
  23  * Added 1.0.11
  24  */
  25  function limitDirectory( &$directory ) {
  26      if ( strpos($directory, '../') !== false ) {
  27          $directory = str_replace('../', '', $directory);
  28      }
  29  
  30      if ( strpos($directory, '..\\') !== false ) {
  31          $directory = str_replace('..\\', '', $directory);
  32      }
  33  
  34      if ( strpos($directory, ':') !== false ) {
  35          $directory = str_replace(':', '', $directory);
  36      }
  37  
  38      return $directory;
  39  }
  40  
  41  // limit access to functionality
  42  $option = strval( mosGetParam( $_SESSION, 'option', '' ) );
  43  $task     = strval( mosGetParam( $_SESSION, 'task', '' ) );
  44  
  45  switch ($option) {
  46      case 'com_banners':
  47          break;
  48  
  49      case 'com_categories':
  50      case 'com_content':
  51      case 'com_sections':
  52      case 'com_typedcontent':
  53          if ( $task != 'edit' && $task != 'editA' && $task != 'new' ) {
  54              echo _NOT_AUTH;
  55              return;
  56          }
  57          break;
  58  
  59      default:
  60          echo _NOT_AUTH;
  61          return;
  62          break;
  63  }
  64  
  65  $directory    = mosGetParam( $_REQUEST, 'directory', '');
  66  $css         = mosGetParam( $_REQUEST, 't','');
  67  
  68  $media_path    = $mosConfig_absolute_path.'/media/';
  69  
  70  $userfile2        = (isset($_FILES['userfile']['tmp_name']) ? $_FILES['userfile']['tmp_name'] : "");
  71  $userfile_name    = (isset($_FILES['userfile']['name']) ? $_FILES['userfile']['name'] : "");
  72  
  73  limitDirectory( $directory );
  74  
  75  // check to see if directory exists
  76  if ( $directory != 'banners' && $directory != '' && !is_dir($mosConfig_absolute_path .'/images/stories/'. $directory)) {
  77      $directory     = '';
  78  }
  79  
  80  $action = "window.location.href = 'uploadimage.php?directory=$directory&amp;t=$css'";
  81  
  82  if (isset($_FILES['userfile'])) {
  83      if ($directory == 'banners') {
  84          $base_Dir = "../../images/banners/";
  85      } else if ( $directory != '' ) {
  86          $base_Dir = '../../images/stories/'. $directory;
  87  
  88          if (!is_dir($mosConfig_absolute_path .'/images/stories/'. $directory)) {
  89              $base_Dir     = '../../images/stories/';
  90              $directory     = '';
  91          }
  92      } else {
  93          $base_Dir = '../../images/stories/';
  94      }
  95  
  96      if (empty($userfile_name)) {
  97          mosErrorAlert("Please select an image to upload", $action);
  98      }
  99  
 100      $filename = split("\.", $userfile_name);
 101  
 102      if (eregi("[^0-9a-zA-Z_]", $filename[0])) {
 103          mosErrorAlert('File must only contain alphanumeric characters and no spaces please.', $action );
 104      }
 105  
 106      if (file_exists($base_Dir.$userfile_name)) {
 107          mosErrorAlert('Image '.$userfile_name.' already exists.', $action );
 108      }
 109  
 110      if ((strcasecmp(substr($userfile_name,-4),'.gif')) && (strcasecmp(substr($userfile_name,-4),'.jpg')) && (strcasecmp(substr($userfile_name,-4),'.png')) && (strcasecmp(substr($userfile_name,-4),'.bmp')) &&(strcasecmp(substr($userfile_name,-4),'.doc')) && (strcasecmp(substr($userfile_name,-4),'.xls')) && (strcasecmp(substr($userfile_name,-4),'.ppt')) && (strcasecmp(substr($userfile_name,-4),'.swf')) && (strcasecmp(substr($userfile_name,-4),'.pdf'))) {
 111          mosErrorAlert('The file must be gif, png, jpg, bmp, swf, doc, xls or ppt', $action);
 112      }
 113  
 114  
 115      if (eregi('.pdf', $userfile_name) || eregi('.doc', $userfile_name) || eregi('.xls', $userfile_name) || eregi('.ppt', $userfile_name)) {
 116          if (!move_uploaded_file ($_FILES['userfile']['tmp_name'],$media_path.$_FILES['userfile']['name']) || !mosChmod($media_path.$_FILES['userfile']['name'])) {
 117              mosErrorAlert('Upload of '.$userfile_name.' failed', $action);
 118          } else {
 119              mosErrorAlert('Upload of '.$userfile_name.' to '.$base_Dir.' successful', "window.close()");
 120          }
 121      } elseif (!move_uploaded_file ($_FILES['userfile']['tmp_name'],$base_Dir.$_FILES['userfile']['name']) || !mosChmod($base_Dir.$_FILES['userfile']['name'])) {
 122          mosErrorAlert('Upload of '.$userfile_name.' failed', $action);
 123      } else {
 124          mosErrorAlert('Upload of '.$userfile_name.' to '.$base_Dir.' successful', "window.close()");
 125      }
 126          echo $base_Dir.$_FILES['userfile']['name'];
 127  }
 128  
 129  // css file handling
 130  // check to see if template exists
 131  if ( $css != '' && !is_dir($mosConfig_absolute_path .'/administrator/templates/'. $css .'/css/template_css.css' )) {
 132      $css     = 'joomla_admin';
 133  } else if ( $css == '' ) {
 134      $css     = 'joomla_admin';
 135  }
 136  
 137  $iso = split( '=', _ISO );
 138  // xml prolog
 139  echo '<?xml version="1.0" encoding="'. $iso[1] .'"?' .'>';
 140  ?>
 141  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 142  <html xmlns="http://www.w3.org/1999/xhtml">
 143  <head>
 144  <title>Upload a file</title>
 145  <meta http-equiv="Content-Type" content="text/html; <?php echo _ISO; ?>" />
 146  </head>
 147  <body>
 148  
 149  <link rel="stylesheet" href="../templates/<?php echo $css; ?>/css/template_css.css" type="text/css" />
 150  <form method="post" action="uploadimage.php" enctype="multipart/form-data" name="filename">
 151  
 152  <table class="adminform">
 153  <tr>
 154      <th class="title">
 155          File Upload : <?php echo $directory; ?>
 156      </th>
 157  </tr>
 158  <tr>
 159      <td align="center">
 160          <input class="inputbox" name="userfile" type="file" />
 161      </td>
 162  </tr>
 163  <tr>
 164      <td>
 165          <input class="button" type="submit" value="Upload" name="fileupload" />
 166          Max size = <?php echo ini_get( 'post_max_size' );?>
 167      </td>
 168  </tr>
 169  </table>
 170  
 171  <input type="hidden" name="directory" value="<?php echo $directory;?>" />
 172  </form>
 173  
 174  </body>
 175  </html>
Code source de Joomla 1.0.13

/administrator/popups/ -> uploadimage.php (source)

Généré le : Wed Nov 21 14:43:32 2007	par Balluche grâce à PHPXref 0.7