| [ Index ] |
|
Code source de Typo3 4.1.3 |
1 <?php 2 /*************************************************************** 3 * Copyright notice 4 * 5 * (c) 1999-2006 Kasper Skaarhoj (kasperYYYY@typo3.com) 6 * All rights reserved 7 * 8 * This script is part of the TYPO3 project. The TYPO3 project is 9 * free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License as published by 11 * the Free Software Foundation; either version 2 of the License, or 12 * (at your option) any later version. 13 * 14 * The GNU General Public License can be found at 15 * http://www.gnu.org/copyleft/gpl.html. 16 * A copy is found in the textfile GPL.txt and important notices to the license 17 * from the author is found in LICENSE.txt distributed with these scripts. 18 * 19 * 20 * This script is distributed in the hope that it will be useful, 21 * but WITHOUT ANY WARRANTY; without even the implied warranty of 22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 * GNU General Public License for more details. 24 * 25 * This copyright notice MUST APPEAR in all copies of the script! 26 ***************************************************************/ 27 /** 28 * extending class to class t3lib_basicFileFunctions 29 * 30 * $Id: class.t3lib_extfilefunc.php 1706 2006-08-31 18:24:51Z baschny $ 31 * Revised for TYPO3 3.6 May/2004 by Kasper Skaarhoj 32 * 33 * @author Kasper Skaarhoj <kasperYYYY@typo3.com> 34 */ 35 /** 36 * [CLASS/FUNCTION INDEX of SCRIPT] 37 * 38 * 39 * 40 * 105: class t3lib_extFileFunctions extends t3lib_basicFileFunctions 41 * 151: function start($fileCmds) 42 * 181: function init_actionPerms($setup) 43 * 213: function processData() 44 * 270: function printLogErrorMessages($redirect='') 45 * 328: function findRecycler($theFile) 46 * 357: function writeLog($action,$error,$details_nr,$details,$data) 47 * 48 * SECTION: File operation functions 49 * 384: function func_delete($cmds) 50 * 451: function func_copy($cmds) 51 * 542: function func_move($cmds) 52 * 637: function func_rename($cmds) 53 * 683: function func_newfolder($cmds) 54 * 713: function func_newfile($cmds) 55 * 750: function func_edit($cmds) 56 * 782: function func_upload($cmds) 57 * 821: function func_unzip($cmds) 58 * 59 * TOTAL FUNCTIONS: 15 60 * (This index is automatically created/updated by the extension "extdeveval") 61 * 62 */ 63 64 65 66 67 68 69 70 71 72 73 74 75 76 /** 77 * Contains functions for performing file operations like copying, pasting, uploading, moving, deleting etc. through the TCE 78 * Extending class to class t3lib_basicFileFunctions. 79 * 80 * see basicFileFunctions 81 * see document "TYPO3 Core API" for syntax 82 * 83 * This class contains functions primarily used by tce_file.php (TYPO3 Core Engine for file manipulation) 84 * Functions include copying, moving, deleting, uploading and so on... 85 * 86 * Important internal variables: 87 * 88 * $filemounts (see basicFileFunctions) 89 * $f_ext (see basicFileFunctions) 90 * ... All fileoperations must be within the filemount-paths. Further the fileextension MUST validate true with the f_ext array 91 * 92 * The unzip-function allows unzip only if the destination path has it's f_ext[]['allow'] set to '*'!! 93 * You are allowed to copy/move folders within the same 'space' (web/ftp). 94 * You are allowed to copy/move folders between spaces (web/ftp) IF the destination has it's f_ext[]['allow'] set to '*'! 95 * 96 * Advice: 97 * You should always exclude php-files from the webspace. This will keep people from uploading, copy/moving and renaming files to the php3/php-extension. 98 * You should never mount a ftp_space 'below' the webspace so that it reaches into the webspace. This is because if somebody unzips a zip-file in the ftp-space so that it reaches out into the webspace this will be a violation of the safety 99 * For example this is a bad idea: you have an ftp-space that is '/www/' and a web-space that is '/www/htdocs/' 100 * 101 * @author Kasper Skaarhoj <kasperYYYY@typo3.com> 102 * @package TYPO3 103 * @subpackage t3lib 104 */ 105 class t3lib_extFileFunctions extends t3lib_basicFileFunctions { 106 107 // External static variables: 108 // Notice; some of these are overridden in the start() method with values from $GLOBALS['TYPO3_CONF_VARS']['BE'] 109 var $maxCopyFileSize = 10000; // max copy size (kb) for files 110 var $maxMoveFileSize = 10000; // max move size (kb) for files 111 var $maxUploadFileSize = 10000; // max upload size (kb) for files. Remember that PHP has an inner limit often set to 2 MB 112 var $unzipPath = ''; // Path to unzip-program (with trailing '/') 113 var $dontCheckForUnique = 0; // If set, the uploaded files will overwrite existing files. 114 115 var $actionPerms = Array( // This array is self-explaning (look in the class below). It grants access to the functions. This could be set from outside in order to enabled functions to users. See also the function init_actionPerms() which takes input directly from the user-record 116 'deleteFile' => 0, // Deleting files physically 117 'deleteFolder' => 0, // Deleting foldes physically 118 'deleteFolderRecursively' => 0, // normally folders are deleted by the PHP-function rmdir(), but with this option a user deletes with 'rm -Rf ....' which is pretty wild! 119 'moveFile' => 0, 120 'moveFolder' => 0, 121 'copyFile' => 0, 122 'copyFolder' => 0, 123 'newFolder' => 0, 124 'newFile' => 0, 125 'editFile' => 0, 126 'unzipFile' => 0, 127 'uploadFile' => 0, 128 'renameFile' => 0, 129 'renameFolder' => 0 130 ); 131 132 var $recyclerFN = '_recycler_'; // This is regarded to be the recycler folder 133 var $useRecycler = 1; // 0 = no, 1 = if available, 2 = always 134 135 // Internal, static: 136 var $PHPFileFunctions = 0; // If set, all fileoperations are done by the default PHP-functions. This is necessary under windows! On UNIX the system commands by exec() can be used unless safe_mode is enabled 137 var $dont_use_exec_commands = 0; // This is necessary under windows! 138 139 // Internal, dynamic: 140 var $internalUploadMap = array(); // Will contain map between upload ID and the final filename 141 142 var $lastError = ''; 143 144 145 146 147 /** 148 * Initialization of the class 149 * 150 * @param array The $file array with the commands to execute. See "TYPO3 Core API" document 151 * @return void 152 */ 153 function start($fileCmds) { 154 155 // Configure settings from TYPO3_CONF_VARS: 156 if (TYPO3_OS=='WIN' || $GLOBALS['TYPO3_CONF_VARS']['BE']['disable_exec_function']) { 157 $this->PHPFileFunctions = 1; 158 $this->dont_use_exec_commands = 1; 159 } else { 160 $this->PHPFileFunctions = $GLOBALS['TYPO3_CONF_VARS']['BE']['usePHPFileFunctions']; 161 } 162 163 $this->unzipPath = $GLOBALS['TYPO3_CONF_VARS']['BE']['unzip_path']; 164 165 $maxFileSize = intval($GLOBALS['TYPO3_CONF_VARS']['BE']['maxFileSize']); 166 if ($maxFileSize>0) { 167 $this->maxCopyFileSize = $maxFileSize; 168 $this->maxMoveFileSize = $maxFileSize; 169 $this->maxUploadFileSize = $maxFileSize; 170 } 171 172 // Initializing file processing commands: 173 $this->fileCmdMap = $fileCmds; 174 } 175 176 /** 177 * Sets up permission to perform file/directory operations. 178 * See below or the be_user-table for the significanse of the various bits in $setup ($BE_USER->user['fileoper_perms']) 179 * 180 * @param integer File permission integer from BE_USER object. 181 * @return void 182 */ 183 function init_actionPerms($setup) { 184 if (($setup&1)==1) { // Files: Upload,Copy,Move,Delete,Rename 185 $this->actionPerms['uploadFile']=1; 186 $this->actionPerms['copyFile']=1; 187 $this->actionPerms['moveFile']=1; 188 $this->actionPerms['deleteFile']=1; 189 $this->actionPerms['renameFile']=1; 190 $this->actionPerms['editFile']=1; 191 $this->actionPerms['newFile']=1; 192 } 193 if (($setup&2)==2) { // Files: Unzip 194 $this->actionPerms['unzipFile']=1; 195 } 196 if (($setup&4)==4) { // Directory: Move,Delete,Rename,New 197 $this->actionPerms['moveFolder']=1; 198 $this->actionPerms['deleteFolder']=1; 199 $this->actionPerms['renameFolder']=1; 200 $this->actionPerms['newFolder']=1; 201 } 202 if (($setup&8)==8) { // Directory: Copy 203 $this->actionPerms['copyFolder']=1; 204 } 205 if (($setup&16)==16) { // Directory: Delete recursively (rm -Rf) 206 $this->actionPerms['deleteFolderRecursively']=1; 207 } 208 } 209 210 /** 211 * Processing the command array in $this->fileCmdMap 212 * 213 * @return void 214 */ 215 function processData() { 216 if (!$this->isInit) return FALSE; 217 218 if (is_array($this->fileCmdMap)) { 219 220 // Check if there were uploads expected, but no one made 221 if ($this->fileCmdMap['upload']) { 222 $uploads = $this->fileCmdMap['upload']; 223 foreach ($uploads as $arr) { 224 if (!$_FILES['upload_'.$arr['data']]['name']) { 225 unset($this->fileCmdMap['upload'][$arr['data']]); 226 } 227 } 228 if (count($this->fileCmdMap['upload']) == 0) { 229 $this->writelog(1,1,108,'No file was uploaded!',''); 230 } 231 } 232 233 // Traverse each set of actions 234 foreach($this->fileCmdMap as $action => $actionData) { 235 236 // Traverse all action data. More than one file might be affected at the same time. 237 if (is_array($actionData)) { 238 foreach($actionData as $cmdArr) { 239 240 // Clear file stats 241 clearstatcache(); 242 243 // Branch out based on command: 244 switch ($action) { 245 case 'delete': 246 $this->func_delete($cmdArr); 247 break; 248 case 'copy': 249 $this->func_copy($cmdArr); 250 break; 251 case 'move': 252 $this->func_move($cmdArr); 253 break; 254 case 'rename': 255 $this->func_rename($cmdArr); 256 break; 257 case 'newfolder': 258 $this->func_newfolder($cmdArr); 259 break; 260 case 'newfile': 261 $this->func_newfile($cmdArr); 262 break; 263 case 'editfile': 264 $this->func_edit($cmdArr); 265 break; 266 case 'upload': 267 $this->func_upload($cmdArr); 268 break; 269 case 'unzip': 270 $this->func_unzip($cmdArr); 271 break; 272 } 273 } 274 } 275 } 276 } 277 } 278 279 /** 280 * Print log error messages from the operations of this script instance 281 * 282 * @param string Redirect URL (for creating link in message) 283 * @return void (Will exit on error) 284 */ 285 function printLogErrorMessages($redirect='') { 286 287 $res_log = $GLOBALS['TYPO3_DB']->exec_SELECTquery( 288 '*', 289 'sys_log', 290 'type=2 AND userid='.intval($GLOBALS['BE_USER']->user['uid']).' AND tstamp='.intval($GLOBALS['EXEC_TIME']).' AND error!=0' 291 ); 292 $errorJS = array(); 293 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res_log)) { 294 $log_data = unserialize($row['log_data']); 295 $errorJS[] = $row[error].': '.sprintf($row['details'], $log_data[0],$log_data[1],$log_data[2],$log_data[3],$log_data[4]); 296 } 297 298 if (count($errorJS)) { 299 $error_doc = t3lib_div::makeInstance('template'); 300 $error_doc->backPath = ''; 301 302 $content.= $error_doc->startPage('tce_db.php Error output'); 303 304 $lines[] = ' 305 <tr class="bgColor5"> 306 <td colspan="2" align="center"><strong>Errors:</strong></td> 307 </tr>'; 308 309 foreach($errorJS as $line) { 310 $lines[] = ' 311 <tr class="bgColor4"> 312 <td valign="top"><img'.t3lib_iconWorks::skinImg('','gfx/icon_fatalerror.gif','width="18" height="16"').' alt="" /></td> 313 <td>'.htmlspecialchars($line).'</td> 314 </tr>'; 315 } 316 317 $lines[] = ' 318 <tr> 319 <td colspan="2" align="center"><br />'. 320 '<form action=""><input type="submit" value="Continue" onclick="'.htmlspecialchars('window.location.href=\''.$redirect.'\';return false;').'" /></form>'. 321 '</td> 322 </tr>'; 323 324 $content.= ' 325 <br /><br /> 326 <table border="0" cellpadding="1" cellspacing="1" width="300" align="center"> 327 '.implode('',$lines).' 328 </table>'; 329 330 $content.= $error_doc->endPage(); 331 echo $content; 332 exit; 333 } 334 } 335 336 /** 337 * Goes back in the path and checks in each directory if a folder named $this->recyclerFN (usually '_recycler_') is present. 338 * If a folder in the tree happens to be a _recycler_-folder (which means that we're deleting something inside a _recycler_-folder) this is ignored 339 * 340 * @param string Takes a valid Path ($theFile) 341 * @return string Returns the path (without trailing slash) of the closest recycle-folder if found. Else false. 342 */ 343 function findRecycler($theFile) { 344 if ($this->isPathValid($theFile)) { 345 $theFile = $this->cleanDirectoryName($theFile); 346 $fI = t3lib_div::split_fileref($theFile); 347 $c = 0; 348 while($this->checkPathAgainstMounts($fI['path']) && $c<20) { 349 $rDir = $fI['path'].$this->recyclerFN; 350 if (@is_dir($rDir) && $this->recyclerFN!=$fI['file']) { 351 return $rDir; 352 } 353 $theFile = $fI['path']; 354 $theFile = $this->cleanDirectoryName($theFile); 355 $fI = t3lib_div::split_fileref($theFile); 356 $c++; 357 } 358 } 359 } 360 361 /** 362 * Logging file operations 363 * 364 * @param integer The action number. See the functions in the class for a hint. Eg. edit is '9', upload is '1' ... 365 * @param integer The severity: 0 = message, 1 = error, 2 = System Error, 3 = security notice (admin) 366 * @param integer This number is unique for every combination of $type and $action. This is the error-message number, which can later be used to translate error messages. 367 * @param string This is the default, raw error message in english 368 * @param array Array with special information that may go into $details by "%s" marks / sprintf() when the log is shown 369 * @return void 370 * @see class.t3lib_userauthgroup.php 371 */ 372 function writeLog($action,$error,$details_nr,$details,$data) { 373 $type = 2; // Type value for tce_file.php 374 if (is_object($GLOBALS['BE_USER'])) { 375 $GLOBALS['BE_USER']->writelog($type,$action,$error,$details_nr,$details,$data); 376 } 377 $this->lastError = vsprintf($details, $data); 378 } 379 380 381 382 383 384 385 386 387 388 /************************************* 389 * 390 * File operation functions 391 * 392 **************************************/ 393 394 /** 395 * Deleting files and folders (action=4) 396 * 397 * @param array $cmds['data'] is the file/folder to delete 398 * @return boolean Returns true upon success 399 */ 400 function func_delete($cmds) { 401 if (!$this->isInit) return FALSE; 402 403 // Checking path: 404 $theFile = $cmds['data']; 405 if (!$this->isPathValid($theFile)) { 406 $this->writelog(4,2,101,'Target "%s" had invalid path (".." and "//" is not allowed in path).',Array($theFile)); 407 return FALSE; 408 } 409 410 // Recycler moving or not? 411 if ($this->useRecycler && $recyclerPath=$this->findRecycler($theFile)) { 412 // If a recycler is found, the deleted items is moved to the recycler and not just deleted. 413 $newCmds=Array(); 414 $newCmds['data']=$theFile; 415 $newCmds['target']=$recyclerPath; 416 $newCmds['altName']=1; 417 $this->func_move($newCmds); 418 $this->writelog(4,0,4,'Item "%s" moved to recycler at "%s"',Array($theFile,$recyclerPath)); 419 return TRUE; 420 } elseif ($this->useRecycler != 2) { // if $this->useRecycler==2 then we cannot delete for real!! 421 if (@is_file($theFile)) { // If we are deleting a file... 422 if ($this->actionPerms['deleteFile']) { 423 if ($this->checkPathAgainstMounts($theFile)) { 424 if (@unlink($theFile)) { 425 $this->writelog(4,0,1,'File "%s" deleted',Array($theFile)); 426 return TRUE; 427 } else $this->writelog(4,1,110,'Could not delete file "%s". Write-permission problem?', Array($theFile)); 428 } else $this->writelog(4,1,111,'Target was not within your mountpoints! T="%s"',Array($theFile)); 429 } else $this->writelog(4,1,112,'You are not allowed to delete files',''); 430 // FINISHED deleting file 431 432 } elseif (@is_dir($theFile)) { // if we're deleting a folder 433 if ($this->actionPerms['deleteFolder']) { 434 $theFile = $this->is_directory($theFile); 435 if ($theFile) { 436 if ($this->checkPathAgainstMounts($theFile)) { // I choose not to append '/' to $theFile here as this will prevent us from deleting mounts!! (which makes sense to me...) 437 if ($this->actionPerms['deleteFolderRecursively'] && !$this->dont_use_exec_commands) { 438 // No way to do this under windows 439 $cmd = 'rm -Rf "'.$theFile.'"'; 440 exec($cmd); // This is a quite critical command... 441 clearstatcache(); 442 if (!@file_exists($theFile)) { 443 $this->writelog(4,0,2,'Directory "%s" deleted recursively!',Array($theFile)); 444 return TRUE; 445 } else $this->writelog(4,2,119,'Directory "%s" WAS NOT deleted recursively! Write-permission problem?',Array($theFile)); 446 } else { 447 if (@rmdir($theFile)) { 448 $this->writelog(4,0,3,'Directory "%s" deleted',Array($theFile)); 449 return TRUE; 450 } else $this->writelog(4,1,120,'Could not delete directory! Write-permission problem? Is directory "%s" empty? (You are not allowed to delete directories recursively).',Array($theFile)); 451 } 452 } else $this->writelog(4,1,121,'Target was not within your mountpoints! T="%s"',Array($theFile)); 453 } else $this->writelog(4,2,122,'Target seemed not to be a directory! (Shouldn\'t happen here!)',''); 454 } else $this->writelog(4,1,123,'You are not allowed to delete directories',''); 455 // FINISHED copying directory 456 457 } else $this->writelog(4,2,130,'The item was not a file or directory! "%s"',Array($theFile)); 458 } else $this->writelog(4,1,131,'No recycler found!',''); 459 } 460 461 /** 462 * Copying files and folders (action=2) 463 * 464 * @param array $cmds['data'] is the file/folder to copy. $cmds['target'] is the path where to copy to. $cmds['altName'] (boolean): If set, another filename is found in case the target already exists 465 * @return string Returns the new filename upon success 466 */ 467 function func_copy($cmds) { 468 if (!$this->isInit) return FALSE; 469 470 // Initialize and check basic conditions: 471 $theFile = $cmds['data']; 472 $theDest = $this->is_directory($cmds['target']); // Clean up destination directory 473 $altName = $cmds['altName']; 474 if (!$theDest) { 475 $this->writelog(2,2,100,'Destination "%s" was not a directory',Array($cmds['target'])); 476 return FALSE; 477 } 478 if (!$this->isPathValid($theFile) || !$this->isPathValid($theDest)) { 479 $this->writelog(2,2,101,'Target or destination had invalid path (".." and "//" is not allowed in path). T="%s", D="%s"',Array($theFile,$theDest)); 480 return FALSE; 481 } 482 483 // Processing of file or directory. 484 if (@is_file($theFile)) { // If we are copying a file... 485 if ($this->actionPerms['copyFile']) { 486 if (filesize($theFile) < ($this->maxCopyFileSize*1024)) { 487 $fI = t3lib_div::split_fileref($theFile); 488 if ($altName) { // If altName is set, we're allowed to create a new filename if the file already existed 489 $theDestFile = $this->getUniqueName($fI['file'], $theDest); 490 $fI = t3lib_div::split_fileref($theDestFile); 491 } else { 492 $theDestFile = $theDest.'/'.$fI['file']; 493 } 494 if ($theDestFile && !@file_exists($theDestFile)) { 495 if ($this->checkIfAllowed($fI['fileext'], $theDest, $fI['file'])) { 496 if ($this->checkPathAgainstMounts($theDestFile) && $this->checkPathAgainstMounts($theFile)) { 497 if ($this->PHPFileFunctions) { 498 copy ($theFile,$theDestFile); 499 } else { 500 $cmd = 'cp "'.$theFile.'" "'.$theDestFile.'"'; 501 exec($cmd); 502 } 503 t3lib_div::fixPermissions($theDestFile); 504 clearstatcache(); 505 if (@is_file($theDestFile)) { 506 $this->writelog(2,0,1,'File "%s" copied to "%s"',Array($theFile,$theDestFile)); 507 return $theDestFile; 508 } else $this->writelog(2,2,109,'File "%s" WAS NOT copied to "%s"! Write-permission problem?',Array($theFile,$theDestFile)); 509 } else $this->writelog(2,1,110,'Target or destination was not within your mountpoints! T="%s", D="%s"',Array($theFile,$theDestFile)); 510 } else $this->writelog(2,1,111,'Fileextension "%s" is not allowed in "%s"!',Array($fI['fileext'],$theDest.'/')); 511 } else $this->writelog(2,1,112,'File "%s" already exists!',Array($theDestFile)); 512 } else $this->writelog(2,1,113,'File "%s" exceeds the size-limit of %s bytes',Array($theFile,$this->maxCopyFileSize*1024)); 513 } else $this->writelog(2,1,114,'You are not allowed to copy files',''); 514 // FINISHED copying file 515 516 } elseif (@is_dir($theFile) && !$this->dont_use_exec_commands) { // if we're copying a folder 517 if ($this->actionPerms['copyFolder']) { 518 $theFile = $this->is_directory($theFile); 519 if ($theFile) { 520 $fI = t3lib_div::split_fileref($theFile); 521 if ($altName) { // If altName is set, we're allowed to create a new filename if the file already existed 522 $theDestFile = $this->getUniqueName($fI['file'], $theDest); 523 $fI = t3lib_div::split_fileref($theDestFile); 524 } else { 525 $theDestFile = $theDest.'/'.$fI['file']; 526 } 527 if ($theDestFile && !@file_exists($theDestFile)) { 528 if (!t3lib_div::isFirstPartOfStr($theDestFile.'/',$theFile.'/')) { // Check if the one folder is inside the other or on the same level... to target/dest is the same? 529 if ($this->checkIfFullAccess($theDest) || $this->is_webPath($theDestFile)==$this->is_webPath($theFile)) { // no copy of folders between spaces 530 if ($this->checkPathAgainstMounts($theDestFile) && $this->checkPathAgainstMounts($theFile)) { 531 // No way to do this under windows! 532 $cmd = 'cp -R "'.$theFile.'" "'.$theDestFile.'"'; 533 exec($cmd); 534 clearstatcache(); 535 if (@is_dir($theDestFile)) { 536 $this->writelog(2,0,2,'Directory "%s" copied to "%s"',Array($theFile,$theDestFile)); 537 return $theDestFile; 538 } else $this->writelog(2,2,119,'Directory "%s" WAS NOT copied to "%s"! Write-permission problem?',Array($theFile,$theDestFile)); 539 } else $this->writelog(2,1,120,'Target or destination was not within your mountpoints! T="%s", D="%s"',Array($theFile,$theDestFile)); 540 } else $this->writelog(2,1,121,'You don\'t have full access to the destination directory "%s"!',Array($theDest.'/')); 541 } else $this->writelog(2,1,122,'Destination cannot be inside the target! D="%s", T="%s"',Array($theDestFile.'/',$theFile.'/')); 542 } else $this->writelog(2,1,123,'Target "%s" already exists!',Array($theDestFile)); 543 } else $this->writelog(2,2,124,'Target seemed not to be a directory! (Shouldn\'t happen here!)',''); 544 } else $this->writelog(2,1,125,'You are not allowed to copy directories',''); 545 // FINISHED copying directory 546 547 } else { 548 $this->writelog(2,2,130,'The item "%s" was not a file or directory!',Array($theFile)); 549 } 550 } 551 552 /** 553 * Moving files and folders (action=3) 554 * 555 * @param array $cmds['data'] is the file/folder to move. $cmds['target'] is the path where to move to. $cmds['altName'] (boolean): If set, another filename is found in case the target already exists 556 * @return string Returns the new filename upon success 557 */ 558 function func_move($cmds) { 559 if (!$this->isInit) return FALSE; 560 561 // Initialize and check basic conditions: 562 $theFile = $cmds['data']; 563 $theDest = $this->is_directory($cmds['target']); // Clean up destination directory 564 $altName = $cmds['altName']; 565 if (!$theDest) { 566 $this->writelog(3,2,100,'Destination "%s" was not a directory',Array($cmds['target'])); 567 return FALSE; 568 } 569 if (!$this->isPathValid($theFile) || !$this->isPathValid($theDest)) { 570 $this->writelog(3,2,101,'Target or destination had invalid path (".." and "//" is not allowed in path). T="%s", D="%s"',Array($theFile,$theDest)); 571 return FALSE; 572 } 573 574 // Processing of file or directory: 575 if (@is_file($theFile)) { // If we are moving a file... 576 if ($this->actionPerms['moveFile']) { 577 if (filesize($theFile) < ($this->maxMoveFileSize*1024)) { 578 $fI = t3lib_div::split_fileref($theFile); 579 if ($altName) { // If altName is set, we're allowed to create a new filename if the file already existed 580 $theDestFile = $this->getUniqueName($fI['file'], $theDest); 581 $fI = t3lib_div::split_fileref($theDestFile); 582 } else { 583 $theDestFile = $theDest.'/'.$fI['file']; 584 } 585 if ($theDestFile && !@file_exists($theDestFile)) { 586 if ($this->checkIfAllowed($fI['fileext'], $theDest, $fI['file'])) { 587 if ($this->checkPathAgainstMounts($theDestFile) && $this->checkPathAgainstMounts($theFile)) { 588 if ($this->PHPFileFunctions) { 589 rename($theFile, $theDestFile); 590 } else { 591 $cmd = 'mv "'.$theFile.'" "'.$theDestFile.'"'; 592 exec($cmd); 593 } 594 clearstatcache(); 595 if (@is_file($theDestFile)) { 596 $this->writelog(3,0,1,'File "%s" moved to "%s"',Array($theFile,$theDestFile)); 597 return $theDestFile; 598 } else $this->writelog(3,2,109,'File "%s" WAS NOT moved to "%s"! Write-permission problem?',Array($theFile,$theDestFile)); 599 } else $this->writelog(3,1,110,'Target or destination was not within your mountpoints! T="%s", D="%s"',Array($theFile,$theDestFile)); 600 } else $this->writelog(3,1,111,'Fileextension "%s" is not allowed in "%s"!',Array($fI['fileext'],$theDest.'/')); 601 } else $this->writelog(3,1,112,'File "%s" already exists!',Array($theDestFile)); 602 } else $this->writelog(3,1,113,'File "%s" exceeds the size-limit of %s bytes',Array($theFile,$this->maxMoveFileSize*1024)); 603 } else $this->writelog(3,1,114,'You are not allowed to move files',''); 604 // FINISHED moving file 605 606 } elseif (@is_dir($theFile)) { // if we're moving a folder 607 if ($this->actionPerms['moveFolder']) { 608 $theFile = $this->is_directory($theFile); 609 if ($theFile) { 610 $fI = t3lib_div::split_fileref($theFile); 611 if ($altName) { // If altName is set, we're allowed to create a new filename if the file already existed 612 $theDestFile = $this->getUniqueName($fI['file'], $theDest); 613 $fI = t3lib_div::split_fileref($theDestFile); 614 } else { 615 $theDestFile = $theDest.'/'.$fI['file']; 616 } 617 if ($theDestFile && !@file_exists($theDestFile)) { 618 if (!t3lib_div::isFirstPartOfStr($theDestFile.'/',$theFile.'/')) { // Check if the one folder is inside the other or on the same level... to target/dest is the same? 619 if ($this->checkIfFullAccess($theDest) || $this->is_webPath($theDestFile)==$this->is_webPath($theFile)) { // // no moving of folders between spaces 620 if ($this->checkPathAgainstMounts($theDestFile) && $this->checkPathAgainstMounts($theFile)) { 621 if ($this->PHPFileFunctions) { 622 rename($theFile, $theDestFile); 623 } else { 624 $cmd = 'mv "'.$theFile.'" "'.$theDestFile.'"'; 625 $errArr = array(); 626 $retVar = 0; 627 exec($cmd,$errArr,$retVar); 628 } 629 clearstatcache(); 630 if (@is_dir($theDestFile)) { 631 $this->writelog(3,0,2,'Directory "%s" moved to "%s"',Array($theFile,$theDestFile)); 632 return $theDestFile; 633 } else $this->writelog(3,2,119,'Directory "%s" WAS NOT moved to "%s"! Write-permission problem?',Array($theFile,$theDestFile)); 634 } else $this->writelog(3,1,120,'Target or destination was not within your mountpoints! T="%s", D="%s"',Array($theFile,$theDestFile)); 635 } else $this->writelog(3,1,121,'You don\'t have full access to the destination directory "%s"!',Array($theDest.'/')); 636 } else $this->writelog(3,1,122,'Destination cannot be inside the target! D="%s", T="%s"',Array($theDestFile.'/',$theFile.'/')); 637 } else $this->writelog(3,1,123,'Target "%s" already exists!',Array($theDestFile)); 638 } else $this->writelog(3,2,124,'Target seemed not to be a directory! (Shouldn\'t happen here!)',''); 639 } else $this->writelog(3,1,125,'You are not allowed to move directories',''); 640 // FINISHED moving directory 641 642 } else { 643 $this->writelog(3,2,130,'The item "%s" was not a file or directory!',Array($theFile)); 644 } 645 } 646 647 /** 648 * Renaming files or foldes (action=5) 649 * 650 * @param array $cmds['data'] is the new name. $cmds['target'] is the target (file or dir). 651 * @return string Returns the new filename upon success 652 */ 653 function func_rename($cmds) { 654 if (!$this->isInit) return FALSE; 655 656 $theNewName = $this->cleanFileName($cmds['data']); 657 if ($theNewName) { 658 if ($this->checkFileNameLen($theNewName)) { 659 $theTarget = $cmds['target']; 660 $type = filetype($theTarget); 661 if ($type=='file' || $type=='dir') { // $type MUST BE file or dir 662 $fileInfo = t3lib_div::split_fileref($theTarget); // Fetches info about path, name, extention of $theTarget 663 if ($fileInfo['file']!=$theNewName) { // The name should be different from the current. And the filetype must be allowed 664 $theRenameName = $fileInfo['path'].$theNewName; 665 if ($this->checkPathAgainstMounts($fileInfo['path'])) { 666 if (!@file_exists($theRenameName)) { 667 if ($type=='file') { 668 if ($this->actionPerms['renameFile']) { 669 $fI = t3lib_div::split_fileref($theRenameName); 670 if ($this->checkIfAllowed($fI['fileext'], $fileInfo['path'], $fI['file'])) { 671 if (@rename($theTarget, $theRenameName)) { 672 $this->writelog(5,0,1,'File renamed from "%s" to "%s"',Array($fileInfo['file'],$theNewName)); 673 return $theRenameName; 674 } else $this->writelog(5,1,100,'File "%s" was not renamed! Write-permission problem in "%s"?',Array($theTarget,$fileInfo['path'])); 675 } else $this->writelog(5,1,101,'Fileextension "%s" was not allowed!',Array($fI['fileext'])); 676 } else $this->writelog(5,1,102,'You are not allowed to rename files!',''); 677 } elseif ($type=='dir') { 678 if ($this->actionPerms['renameFolder']) { 679 if (@rename($theTarget, $theRenameName)) { 680 $this->writelog(5,0,2,'Directory renamed from "%s" to "%s"',Array($fileInfo['file'],$theNewName)); 681 return $theRenameName; 682 } else $this->writelog(5,1,110,'Directory "%s" was not renamed! Write-permission problem in "%s"?',Array($theTarget,$fileInfo['path'])); 683 } else $this->writelog(5,1,111,'You are not allowed to rename directories!',''); 684 } 685 } else $this->writelog(5,1,120,'Destination "%s" existed already!',Array($theRenameName)); 686 } else $this->writelog(5,1,121,'Destination path "%s" was not within your mountpoints!',Array($fileInfo['path'])); 687 } else $this->writelog(5,1,122,'Old and new name is the same (%s)',Array($theNewName)); 688 } else $this->writelog(5,2,123,'Target "%s" was neither a directory nor a file!',Array($theTarget)); 689 } else $this->writelog(5,1,124,'New name "%s" was too long (max %s characters)',Array($theNewName,$this->maxInputNameLen)); 690 } 691 } 692 693 /** 694 * This creates a new folder. (action=6) 695 * 696 * @param array $cmds['data'] is the foldername. $cmds['target'] is the path where to create it. 697 * @return string Returns the new foldername upon success 698 */ 699 function func_newfolder($cmds) { 700 if (!$this->isInit) return FALSE; 701 702 $theFolder = $this->cleanFileName($cmds['data']); 703 if ($theFolder) { 704 if ($this->checkFileNameLen($theFolder)) { 705 $theTarget = $this->is_directory($cmds['target']); // Check the target dir 706 if ($theTarget) { 707 if ($this->actionPerms['newFolder']) { 708 $theNewFolder = $theTarget.'/'.$theFolder; 709 if ($this->checkPathAgainstMounts($theNewFolder)) { 710 if (!@file_exists($theNewFolder)) { 711 if (t3lib_div::mkdir($theNewFolder)){ 712 $this->writelog(6,0,1,'Directory "%s" created in "%s"',Array($theFolder,$theTarget.'/')); 713 return $theNewFolder; 714 } else $this->writelog(6,1,100,'Directory "%s" not created. Write-permission problem in "%s"?',Array($theFolder,$theTarget.'/')); 715 } else $this->writelog(6,1,101,'File or directory "%s" existed already!',Array($theNewFolder)); 716 } else $this->writelog(6,1,102,'Destination path "%s" was not within your mountpoints!',Array($theTarget.'/')); 717 } else $this->writelog(6,1,103,'You are not allowed to create directories!',''); 718 } else $this->writelog(6,2,104,'Destination "%s" was not a directory',Array($cmds['target'])); 719 } else $this->writelog(6,1,105,'New name "%s" was too long (max %s characters)',Array($theFolder,$this->maxInputNameLen)); 720 } 721 } 722 723 /** 724 * This creates a new file. (action=8) 725 * 726 * @param array $cmds['data'] is the new filename. $cmds['target'] is the path where to create it 727 * @return string Returns the new filename upon success 728 */ 729 function func_newfile($cmds) { 730 $extList = $GLOBALS['TYPO3_CONF_VARS']['SYS']['textfile_ext']; 731 if (!$this->isInit) return FALSE; 732 $newName = $this->cleanFileName($cmds['data']); 733 if ($newName) { 734 if ($this->checkFileNameLen($newName)) { 735 $theTarget = $this->is_directory($cmds['target']); // Check the target dir 736 $fileInfo = t3lib_div::split_fileref($theTarget); // Fetches info about path, name, extention of $theTarget 737 if ($theTarget) { 738 if ($this->actionPerms['newFile']) { 739 $theNewFile = $theTarget.'/'.$newName; 740 if ($this->checkPathAgainstMounts($theNewFile)) { 741 if (!@file_exists($theNewFile)) { 742 $fI = t3lib_div::split_fileref($theNewFile); 743 if ($this->checkIfAllowed($fI['fileext'], $fileInfo['path'], $fI['file'])) { 744 if (t3lib_div::inList($extList, $fI['fileext'])) { 745 if (t3lib_div::writeFile($theNewFile,'')) { 746 clearstatcache(); 747 $this->writelog(8,0,1,'File created: "%s"',Array($fI['file'])); 748 return $theNewFile; 749 } else $this->writelog(8,1,100,'File "%s" was not created! Write-permission problem in "%s"?',Array($fI['file'], $theTarget)); 750 } else $this->writelog(8,1,107,'Fileextension "%s" is not a textfile format! (%s)',Array($fI['fileext'], $extList)); 751 } else $this->writelog(8,1,106,'Fileextension "%s" was not allowed!',Array($fI['fileext'])); 752 } else $this->writelog(8,1,101,'File "%s" existed already!',Array($theNewFile)); 753 } else $this->writelog(8,1,102,'Destination path "%s" was not within your mountpoints!',Array($theTarget.'/')); 754 } else $this->writelog(8,1,103,'You are not allowed to create files!',''); 755 } else $this->writelog(8,2,104,'Destination "%s" was not a directory',Array($cmds['target'])); 756 } else $this->writelog(8,1,105,'New name "%s" was too long (max %s characters)',Array($newName,$this->maxInputNameLen)); 757 } 758 } 759 760 /** 761 * Editing textfiles or folders (action=9) 762 * 763 * @param array $cmds['data'] is the new content. $cmds['target'] is the target (file or dir) 764 * @return boolean Returns true on success 765 */ 766 function func_edit($cmds) { 767 if (!$this->isInit) return FALSE; 768 $theTarget = $cmds['target']; 769 $content = $cmds['data']; 770 $extList = $GLOBALS['TYPO3_CONF_VARS']['SYS']['textfile_ext']; 771 $type = filetype($theTarget); 772 if ($type=='file') { // $type MUST BE file 773 $fileInfo = t3lib_div::split_fileref($theTarget); // Fetches info about path, name, extention of $theTarget 774 $fI =$fileInfo; 775 if ($this->checkPathAgainstMounts($fileInfo['path'])) { 776 if ($this->actionPerms['editFile']) { 777 $fI = t3lib_div::split_fileref($theTarget); 778 if ($this->checkIfAllowed($fI['fileext'], $fileInfo['path'], $fI['file'])) { 779 if (t3lib_div::inList($extList, $fileInfo['fileext'])) { 780 if (t3lib_div::writeFile($theTarget,$content)) { 781 clearstatcache(); 782 $this->writelog(9,0,1,'File saved to "%s", bytes: %s, MD5: %s ',Array($fileInfo['file'],@filesize($theTarget),md5($content))); 783 return TRUE; 784 } else $this->writelog(9,1,100,'File "%s" was not saved! Write-permission problem in "%s"?',Array($theTarget,$fileInfo['path'])); 785 } else $this->writelog(9,1,102,'Fileextension "%s" is not a textfile format! (%s)',Array($fI['fileext'], $extList)); 786 } else $this->writelog(9,1,103,'Fileextension "%s" was not allowed!',Array($fI['fileext'])); 787 } else $this->writelog(9,1,104,'You are not allowed to edit files!',''); 788 } else $this->writelog(9,1,121,'Destination path "%s" was not within your mountpoints!',Array($fileInfo['path'])); 789 } else $this->writelog(9,2,123,'Target "%s" was not a file!',Array($theTarget)); 790 } 791 792 /** 793 * Upload of files (action=1) 794 * 795 * @param array $cmds['data'] is the ID-number (points to the global var that holds the filename-ref ($_FILES['upload_'.$id]['name']). $cmds['target'] is the target directory 796 * @return string Returns the new filename upon success 797 */ 798 function func_upload($cmds) { 799 if (!$this->isInit) return FALSE; 800 $id = $cmds['data']; 801 if ($_FILES['upload_'.$id]['name']) { 802 $theFile = $_FILES['upload_'.$id]['tmp_name']; // filename of the uploaded file 803 $theFileSize = $_FILES['upload_'.$id]['size']; // filesize of the uploaded file 804 $theName = $this->cleanFileName(stripslashes($_FILES['upload_'.$id]['name'])); // The original filename 805 if (is_uploaded_file($theFile) && $theName) { // Check the file 806 if ($this->actionPerms['uploadFile']) { 807 if ($theFileSize<($this->maxUploadFileSize*1024)) { 808 $fI = t3lib_div::split_fileref($theName); 809 $theTarget = $this->is_directory($cmds['target']); // Check the target dir 810 if ($theTarget && $this->checkPathAgainstMounts($theTarget.'/')) { 811 if ($this->checkIfAllowed($fI['fileext'], $theTarget, $fI['file'])) { 812 $theNewFile = $this->getUniqueName($theName, $theTarget, $this->dontCheckForUnique); 813 if ($theNewFile) { 814 t3lib_div::upload_copy_move($theFile,$theNewFile); 815 clearstatcache(); 816 if (@is_file($theNewFile)) { 817 $this->internalUploadMap[$id] = $theNewFile; 818 $this->writelog(1,0,1,'Uploading file "%s" to "%s"',Array($theName,$theNewFile, $id)); 819 return $theNewFile; 820 } else $this->writelog(1,1,100,'Uploaded file could not be moved! Write-permission problem in "%s"?',Array($theTarget.'/')); 821 } else $this->writelog(1,1,101,'No unique filename available in "%s"!',Array($theTarget.'/')); 822 } else $this->writelog(1,1,102,'Fileextension "%s" is not allowed in "%s"!',Array($fI['fileext'],$theTarget.'/')); 823 } else $this->writelog(1,1,103,'Destination path "%s" was not within your mountpoints!',Array($theTarget.'/')); 824 } else $this->writelog(1,1,104,'The uploaded file exceeds the size-limit of %s bytes',Array($this->maxUploadFileSize*1024)); 825 } else $this->writelog(1,1,105,'You are not allowed to upload files!',''); 826 } else $this->writelog(1,2,106,'The uploaded file did not exist!',''); 827 } else $this->writelog(1,2,108,'No file was uploaded!',''); 828 } 829 830 /** 831 * Unzipping file (action=7) 832 * This is permitted only if the user has fullAccess or if the file resides 833 * 834 * @param array $cmds['data'] is the zip-file. $cmds['target'] is the target directory. If not set we'll default to the same directory as the file is in. 835 * @return boolean Returns true on success 836 */ 837 function func_unzip($cmds) { 838 if (!$this->isInit || $this->dont_use_exec_commands) return FALSE; 839 840 $theFile = $cmds['data']; 841 if (@is_file($theFile)) { 842 $fI = t3lib_div::split_fileref($theFile); 843 if (!isset($cmds['target'])) { 844 $cmds['target'] = $fI['path']; 845 } 846 $theDest = $this->is_directory($cmds['target']); // Clean up destination directory 847 if ($theDest) { 848 if ($this->actionPerms['unzipFile']) { 849 if ($fI['fileext']=='zip') { 850 if ($this->checkIfFullAccess($theDest)) { 851 if ($this->checkPathAgainstMounts($theFile) && $this->checkPathAgainstMounts($theDest.'/')) { 852 // No way to do this under windows. 853 $cmd = $this->unzipPath.'unzip -qq "'.$theFile.'" -d "'.$theDest.'"'; 854 exec($cmd); 855 $this->writelog(7,0,1,'Unzipping file "%s" in "%s"',Array($theFile,$theDest)); 856 return TRUE; 857 } else $this->writelog(7,1,100,'File "%s" or destination "%s" was not within your mountpoints!',Array($theFile,$theDest)); 858 } else $this->writelog(7,1,101,'You don\'t have full access to the destination directory "%s"!',Array($theDest)); 859 } else $this->writelog(7,1,102,'Fileextension is not "zip"',''); 860 } else $this->writelog(7,1,103,'You are not allowed to unzip files',''); 861 } else $this->writelog(7,2,104,'Destination "%s" was not a directory',Array($cmds['target'])); 862 } else $this->writelog(7,2,105,'The file "%s" did not exist!',Array($theFile)); 863 } 864 } 865 866 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_extfilefunc.php']) { 867 include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_extfilefunc.php']); 868 } 869 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Nov 25 17:13:16 2007 | par Balluche grâce à PHPXref 0.7 |
|
|