| [ Index ] |
|
Code source de XOOPS 2.0.17.1 |
1 <?php 2 // $Id: uploader.php 1070 2007-10-01 02:18:40Z phppp $ 3 // ------------------------------------------------------------------------ // 4 // XOOPS - PHP Content Management System // 5 // Copyright (c) 2000 XOOPS.org // 6 // <http://www.xoops.org/> // 7 // ------------------------------------------------------------------------ // 8 // This program is free software; you can redistribute it and/or modify // 9 // it under the terms of the GNU General Public License as published by // 10 // the Free Software Foundation; either version 2 of the License, or // 11 // (at your option) any later version. // 12 // // 13 // You may not change or alter any portion of this comment or credits // 14 // of supporting developers from this source code or any supporting // 15 // source code which is considered copyrighted (c) material of the // 16 // original comment or credit authors. // 17 // // 18 // This program is distributed in the hope that it will be useful, // 19 // but WITHOUT ANY WARRANTY; without even the implied warranty of // 20 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // 21 // GNU General Public License for more details. // 22 // // 23 // You should have received a copy of the GNU General Public License // 24 // along with this program; if not, write to the Free Software // 25 // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA // 26 // ------------------------------------------------------------------------ // 27 // Author: Kazumi Ono (AKA onokazu) // 28 // URL: http://www.myweb.ne.jp/, http://www.xoops.org/, http://jp.xoops.org/ // 29 // Project: The XOOPS Project // 30 // ------------------------------------------------------------------------- // 31 /*! 32 Example 33 34 include_once 'uploader.php'; 35 $allowed_mimetypes = array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png'); 36 $maxfilesize = 50000; 37 $maxfilewidth = 120; 38 $maxfileheight = 120; 39 $uploader = new XoopsMediaUploader('/home/xoops/uploads', $allowed_mimetypes, $maxfilesize, $maxfilewidth, $maxfileheight); 40 if ($uploader->fetchMedia($_POST['uploade_file_name'])) { 41 if (!$uploader->upload()) { 42 echo $uploader->getErrors(); 43 } else { 44 echo '<h4>File uploaded successfully!</h4>' 45 echo 'Saved as: ' . $uploader->getSavedFileName() . '<br />'; 46 echo 'Full path: ' . $uploader->getSavedDestination(); 47 } 48 } else { 49 echo $uploader->getErrors(); 50 } 51 52 */ 53 54 /** 55 * Upload Media files 56 * 57 * Example of usage: 58 * <code> 59 * include_once 'uploader.php'; 60 * $allowed_mimetypes = array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png'); 61 * $maxfilesize = 50000; 62 * $maxfilewidth = 120; 63 * $maxfileheight = 120; 64 * $uploader = new XoopsMediaUploader('/home/xoops/uploads', $allowed_mimetypes, $maxfilesize, $maxfilewidth, $maxfileheight); 65 * if ($uploader->fetchMedia($_POST['uploade_file_name'])) { 66 * if (!$uploader->upload()) { 67 * echo $uploader->getErrors(); 68 * } else { 69 * echo '<h4>File uploaded successfully!</h4>' 70 * echo 'Saved as: ' . $uploader->getSavedFileName() . '<br />'; 71 * echo 'Full path: ' . $uploader->getSavedDestination(); 72 * } 73 * } else { 74 * echo $uploader->getErrors(); 75 * } 76 * </code> 77 * 78 * @package kernel 79 * @subpackage core 80 * 81 * @author Kazumi Ono <onokazu@xoops.org> 82 * @author phppp 83 * @copyright The Xoops Project 84 */ 85 class XoopsMediaUploader 86 { 87 /** 88 * Flag indicating if unrecognized mimetypes should be allowed (use with precaution ! may lead to security issues ) 89 **/ 90 var $allowUnknownTypes = false; 91 92 var $mediaName; 93 var $mediaType; 94 var $mediaSize; 95 var $mediaTmpName; 96 var $mediaError; 97 var $mediaRealType = ''; 98 99 var $uploadDir = ''; 100 101 var $allowedMimeTypes = array(); 102 var $deniedMimeTypes = array("application/x-httpd-php"); 103 104 var $maxFileSize = 0; 105 var $maxWidth; 106 var $maxHeight; 107 108 var $targetFileName; 109 110 var $prefix; 111 112 var $errors = array(); 113 114 var $savedDestination; 115 116 var $savedFileName; 117 118 var $extensionToMime = array(); 119 var $checkImageType = true; 120 121 var $extensionsToBeSanitized = array( 'php' , 'phtml' , 'phtm' , 'php3' , 'php4' , 'cgi' , 'pl' , 'asp', 'php5' ); 122 // extensions needed image check (anti-IE Content-Type XSS) 123 var $imageExtensions = array( 1 => 'gif', 2 => 'jpg', 3 => 'png', 4 => 'swf', 5 => 'psd', 6 => 'bmp', 7 => 'tif', 8 => 'tif', 9 => 'jpc', 10 => 'jp2', 11 => 'jpx', 12 => 'jb2', 13 => 'swc', 14 => 'iff', 15 => 'wbmp', 16 => 'xbm' ); 124 125 /** 126 * Constructor 127 * 128 * @param string $uploadDir 129 * @param array $allowedMimeTypes 130 * @param int $maxFileSize 131 * @param int $maxWidth 132 * @param int $maxHeight 133 * @param int $cmodvalue 134 **/ 135 function XoopsMediaUploader($uploadDir, $allowedMimeTypes, $maxFileSize=0, $maxWidth=null, $maxHeight=null) 136 { 137 @$this->extensionToMime = include( XOOPS_ROOT_PATH . '/class/mimetypes.inc.php' ); 138 if ( !is_array( $this->extensionToMime ) ) { 139 $this->extensionToMime = array(); 140 return false; 141 } 142 if (is_array($allowedMimeTypes)) { 143 $this->allowedMimeTypes =& $allowedMimeTypes; 144 } 145 $this->uploadDir = $uploadDir; 146 $this->maxFileSize = intval($maxFileSize); 147 if(isset($maxWidth)) { 148 $this->maxWidth = intval($maxWidth); 149 } 150 if(isset($maxHeight)) { 151 $this->maxHeight = intval($maxHeight); 152 } 153 154 if ( ! @ include_once XOOPS_ROOT_PATH."/language/".$GLOBALS['xoopsConfig']['language']."/uploader.php" ) { 155 include_once XOOPS_ROOT_PATH."/language/english/uploader.php"; 156 } 157 } 158 159 /** 160 * Fetch the uploaded file 161 * 162 * @param string $media_name Name of the file field 163 * @param int $index Index of the file (if more than one uploaded under that name) 164 * @return bool 165 **/ 166 function fetchMedia($media_name, $index = null) 167 { 168 if ( empty( $this->extensionToMime ) ) { 169 $this->setErrors( _ER_UP_MIMETYPELOAD ); 170 return false; 171 } 172 if (!isset($_FILES[$media_name])) { 173 $this->setErrors(_ER_UP_FILENOTFOUND); 174 return false; 175 } elseif (is_array($_FILES[$media_name]['name']) && isset($index)) { 176 $index = intval($index); 177 $this->mediaName = (get_magic_quotes_gpc()) ? stripslashes($_FILES[$media_name]['name'][$index]) : $_FILES[$media_name]['name'][$index]; 178 $this->mediaType = $_FILES[$media_name]['type'][$index]; 179 $this->mediaSize = $_FILES[$media_name]['size'][$index]; 180 $this->mediaTmpName = $_FILES[$media_name]['tmp_name'][$index]; 181 $this->mediaError = !empty($_FILES[$media_name]['error'][$index]) ? $_FILES[$media_name]['error'][$index] : 0; 182 } else { 183 $media_name =& $_FILES[$media_name]; 184 $this->mediaName = (get_magic_quotes_gpc()) ? stripslashes($media_name['name']) : $media_name['name']; 185 $this->mediaName = $media_name['name']; 186 $this->mediaType = $media_name['type']; 187 $this->mediaSize = $media_name['size']; 188 $this->mediaTmpName = $media_name['tmp_name']; 189 $this->mediaError = !empty($media_name['error']) ? $media_name['error'] : 0; 190 } 191 if ( ($ext = strrpos( $this->mediaName, '.' )) !== false ) { 192 $ext = strtolower(substr( $this->mediaName, $ext + 1 )); 193 if ( isset( $this->extensionToMime[$ext] ) ) { 194 $this->mediaRealType = $this->extensionToMime[$ext]; 195 } 196 } 197 $this->errors = array(); 198 if (intval($this->mediaSize) < 0) { 199 $this->setErrors(_ER_UP_INVALIDFILESIZE); 200 return false; 201 } 202 if ($this->mediaName == '') { 203 $this->setErrors( _ER_UP_FILENAMEEMPTY); 204 return false; 205 } 206 if ($this->mediaTmpName == 'none' || !is_uploaded_file($this->mediaTmpName)) { 207 $this->setErrors(_ER_UP_NOFILEUPLOADED); 208 return false; 209 } 210 if ($this->mediaError > 0) { 211 $this->setErrors(sprintf(_ER_UP_ERROROCCURRED, $this->mediaError)); 212 return false; 213 } 214 return true; 215 } 216 217 /** 218 * Set the target filename 219 * 220 * @param string $value 221 **/ 222 function setTargetFileName($value){ 223 $this->targetFileName = strval(trim($value)); 224 } 225 226 /** 227 * Set the prefix 228 * 229 * @param string $value 230 **/ 231 function setPrefix($value){ 232 $this->prefix = strval(trim($value)); 233 } 234 235 /** 236 * Get the uploaded filename 237 * 238 * @return string 239 **/ 240 function getMediaName() 241 { 242 return $this->mediaName; 243 } 244 245 /** 246 * Get the type of the uploaded file 247 * 248 * @return string 249 **/ 250 function getMediaType() 251 { 252 return $this->mediaType; 253 } 254 255 /** 256 * Get the size of the uploaded file 257 * 258 * @return int 259 **/ 260 function getMediaSize() 261 { 262 return $this->mediaSize; 263 } 264 265 /** 266 * Get the temporary name that the uploaded file was stored under 267 * 268 * @return string 269 **/ 270 function getMediaTmpName() 271 { 272 return $this->mediaTmpName; 273 } 274 275 /** 276 * Get the saved filename 277 * 278 * @return string 279 **/ 280 function getSavedFileName(){ 281 return $this->savedFileName; 282 } 283 284 /** 285 * Get the destination the file is saved to 286 * 287 * @return string 288 **/ 289 function getSavedDestination(){ 290 return $this->savedDestination; 291 } 292 293 /** 294 * Check the file and copy it to the destination 295 * 296 * @return bool 297 **/ 298 function upload($chmod = 0644) 299 { 300 if ($this->uploadDir == '') { 301 $this->setErrors(_ER_UP_UPLOADDIRNOTSET); 302 return false; 303 } 304 if (!is_dir($this->uploadDir)) { 305 $this->setErrors(sprintf(_ER_UP_FAILEDOPENDIR, $this->uploadDir)); 306 return false; 307 } 308 if (!is_writeable($this->uploadDir)) { 309 $this->setErrors(sprintf(_ER_UP_FAILEDOPENDIRWRITE, $this->uploadDir)); 310 return false; 311 } 312 $this->sanitizeMultipleExtensions(); 313 314 if (!$this->checkMaxFileSize()) { 315 return false; 316 } 317 if (!$this->checkMaxWidth()) { 318 return false; 319 } 320 if (!$this->checkMaxHeight()) { 321 return false; 322 } 323 if (!$this->checkMimeType()) { 324 return false; 325 } 326 if (!$this->checkImageType()) { 327 return false; 328 } 329 if (count($this->errors) > 0) { 330 return false; 331 } 332 return $this->_copyFile($chmod); 333 } 334 335 /** 336 * Copy the file to its destination 337 * 338 * @return bool 339 **/ 340 function _copyFile($chmod) 341 { 342 $matched = array(); 343 if (!preg_match("/\.([a-zA-Z0-9]+)$/", $this->mediaName, $matched)) { 344 $this->setErrors(sprintf(_ER_UP_INVALIDFILENAME, $this->mediaName)); 345 return false; 346 } 347 if (isset($this->targetFileName)) { 348 $this->savedFileName = $this->targetFileName; 349 } elseif (isset($this->prefix)) { 350 $this->savedFileName = uniqid($this->prefix).'.'.strtolower($matched[1]); 351 } else { 352 $this->savedFileName = strtolower($this->mediaName); 353 } 354 $this->savedDestination = $this->uploadDir.'/'.$this->savedFileName; 355 if (!move_uploaded_file($this->mediaTmpName, $this->savedDestination)) { 356 $this->setErrors(sprintf(_ER_UP_FAILEDSAVEFILE, $this->savedDestination)); 357 return false; 358 } 359 // Check IE XSS before returning success 360 $ext = strtolower( substr( strrchr( $this->savedDestination , '.' ) , 1 ) ) ; 361 if( in_array( $ext , $this->imageExtensions ) ) { 362 $info = @getimagesize( $this->savedDestination ) ; 363 if( $info === false || $this->imageExtensions[ (int)$info[2] ] != $ext ) { 364 $this->setErrors( _ER_UP_SUSPICIOUSREFUSED ); 365 @unlink( $this->savedDestination ); 366 return false; 367 } 368 } 369 @chmod($this->savedDestination, $chmod); 370 return true; 371 } 372 373 /** 374 * Is the file the right size? 375 * 376 * @return bool 377 **/ 378 function checkMaxFileSize() 379 { 380 if (!isset($this->maxFileSize)) { 381 return true; 382 } 383 if ($this->mediaSize > $this->maxFileSize) { 384 $this->setErrors(sprintf(_ER_UP_FILESIZETOOLARGE, $this->maxFileSize, $this->mediaSize)); 385 return false; 386 } 387 return true; 388 } 389 390 /** 391 * Is the picture the right width? 392 * 393 * @return bool 394 **/ 395 function checkMaxWidth() 396 { 397 if (!isset($this->maxWidth)) { 398 return true; 399 } 400 if (false !== $dimension = getimagesize($this->mediaTmpName)) { 401 if ($dimension[0] > $this->maxWidth) { 402 $this->setErrors(sprintf(_ER_UP_FILEWIDTHTOOLARGE, $this->maxWidth, $dimension[0])); 403 return false; 404 } 405 } else { 406 trigger_error(sprintf(_ER_UP_FAILEDFETCHIMAGESIZE, $this->mediaTmpName), E_USER_WARNING); 407 } 408 return true; 409 } 410 411 /** 412 * Is the picture the right height? 413 * 414 * @return bool 415 **/ 416 function checkMaxHeight() 417 { 418 if (!isset($this->maxHeight)) { 419 return true; 420 } 421 if (false !== $dimension = getimagesize($this->mediaTmpName)) { 422 if ($dimension[1] > $this->maxHeight) { 423 $this->setErrors(sprintf(_ER_UP_FILEHEIGHTTOOLARGE, $this->maxHeight, $dimension[1])); 424 return false; 425 } 426 } else { 427 trigger_error(sprintf(_ER_UP_FAILEDFETCHIMAGESIZE, $this->mediaTmpName), E_USER_WARNING); 428 } 429 return true; 430 } 431 432 /** 433 * Check whether or not the uploaded file type is allowed 434 * 435 * @return bool 436 **/ 437 function checkMimeType() 438 { 439 if ( empty( $this->mediaRealType ) && empty($this->allowUnknownTypes) ) { 440 $this->setErrors( _ER_UP_UNKNOWNFILETYPEREJECTED ); 441 return false; 442 } 443 444 if ( ( !empty($this->allowedMimeTypes) && !in_array($this->mediaRealType, $this->allowedMimeTypes) ) 445 || ( !empty($this->deniedMimeTypes) && in_array($this->mediaRealType, $this->deniedMimeTypes) ) ) { 446 $this->setErrors(sprintf(_ER_UP_MIMETYPENOTALLOWED, $this->mediaType)); 447 return false; 448 } 449 450 return true; 451 } 452 453 /** 454 * Check whether or not the uploaded image type is valid 455 * 456 * @return bool 457 **/ 458 function checkImageType() 459 { 460 if(empty($this->checkImageType)) return true; 461 462 if( ("image" == substr($this->mediaType, 0, strpos($this->mediaType, "/"))) || 463 (!empty($this->mediaRealType) && "image" == substr($this->mediaRealType, 0, strpos($this->mediaRealType, "/"))) 464 ){ 465 if ( ! ( $info = @getimagesize( $this->mediaTmpName ) ) ) { 466 $this->setErrors(_ER_UP_INVALIDIMAGEFILE); 467 return false; 468 } 469 } 470 return true; 471 } 472 473 /** 474 * Sanitize executable filename with multiple extensions 475 * 476 **/ 477 function sanitizeMultipleExtensions() 478 { 479 if(empty($this->extensionsToBeSanitized)) return; 480 $patterns = array(); 481 $replaces = array(); 482 foreach($this->extensionsToBeSanitized as $ext){ 483 $patterns[] = "/\.".preg_quote($ext)."\./i"; 484 $replaces[] = "_".$ext."."; 485 } 486 $this->mediaName = preg_replace($patterns, $replaces, $this->mediaName); 487 } 488 489 /** 490 * Add an error 491 * 492 * @param string $error 493 **/ 494 function setErrors($error) 495 { 496 $this->errors[] = trim($error); 497 } 498 499 /** 500 * Get generated errors 501 * 502 * @param bool $ashtml Format using HTML? 503 * 504 * @return array|string Array of array messages OR HTML string 505 */ 506 function &getErrors($ashtml = true) 507 { 508 if (!$ashtml) { 509 return $this->errors; 510 } else { 511 $ret = ''; 512 if (count($this->errors) > 0) { 513 $ret = '<h4>'._ER_UP_ERRORSRETURNED.'</h4>'; 514 foreach ($this->errors as $error) { 515 $ret .= $error.'<br />'; 516 } 517 } 518 return $ret; 519 } 520 } 521 } 522 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Nov 25 11:44:32 2007 | par Balluche grâce à PHPXref 0.7 |
|
|