diff options
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/media.php | 125 |
1 files changed, 74 insertions, 51 deletions
diff --git a/inc/media.php b/inc/media.php index c63bea5a9..3c9340d51 100644 --- a/inc/media.php +++ b/inc/media.php @@ -212,27 +212,13 @@ function media_delete($id,$auth){ /** * Handles media file uploads * - * This generates an action event and delegates to _media_upload_action(). - * Action plugins are allowed to pre/postprocess the uploaded file. - * (The triggered event is preventable.) - * - * Event data: - * $data[0] fn_tmp: the temporary file name (read from $_FILES) - * $data[1] fn: the file name of the uploaded file - * $data[2] id: the future directory id of the uploaded file - * $data[3] imime: the mimetype of the uploaded file - * $data[4] overwrite: if an existing file is going to be overwritten - * - * @triggers MEDIA_UPLOAD_FINISH * @author Andreas Gohr <andi@splitbrain.org> * @author Michael Klier <chi@chimeric.de> * @return mixed false on error, id of the new file on success */ function media_upload($ns,$auth){ - if($auth < AUTH_UPLOAD) return false; if(!checkSecurityToken()) return false; global $lang; - global $conf; // get file and id $id = $_POST['id']; @@ -254,8 +240,50 @@ function media_upload($ns,$auth){ msg(sprintf($lang['mediaextchange'],$fext,$iext)); } + $res = media_save(array('name' => $file['tmp_name'], + 'mime' => $imime, + 'ext' => $iext), $ns.':'.$id, + $_REQUEST['ow'], $auth, 'move_uploaded_file'); + if (is_array($res)) { + msg($res[0], $res[1]); + return false; + } + return $res; +} + +/** + * This generates an action event and delegates to _media_upload_action(). + * Action plugins are allowed to pre/postprocess the uploaded file. + * (The triggered event is preventable.) + * + * Event data: + * $data[0] fn_tmp: the temporary file name (read from $_FILES) + * $data[1] fn: the file name of the uploaded file + * $data[2] id: the future directory id of the uploaded file + * $data[3] imime: the mimetype of the uploaded file + * $data[4] overwrite: if an existing file is going to be overwritten + * + * @triggers MEDIA_UPLOAD_FINISH + */ +function media_save($file, $id, $ow, $auth, $move) { + if($auth < AUTH_UPLOAD) { + return array("You don't have permissions to upload files.", -1); + } + + if (!isset($file['mime']) || !isset($file['ext'])) { + list($ext, $mime) = mimetype($id); + if (!isset($file['mime'])) { + $file['mime'] = $mime; + } + if (!isset($file['ext'])) { + $file['ext'] = $ext; + } + } + + global $lang; + // get filename - $id = cleanID($ns.':'.$id,false,true); + $id = cleanID($id,false,true); $fn = mediaFN($id); // get filetype regexp @@ -264,40 +292,35 @@ function media_upload($ns,$auth){ $regex = join('|',$types); // because a temp file was created already - if(preg_match('/\.('.$regex.')$/i',$fn)){ - //check for overwrite - $overwrite = @file_exists($fn); - if($overwrite && (!$_REQUEST['ow'] || $auth < AUTH_DELETE)){ - msg($lang['uploadexist'],0); - return false; - } - // check for valid content - $ok = media_contentcheck($file['tmp_name'],$imime); - if($ok == -1){ - msg(sprintf($lang['uploadbadcontent'],".$iext"),-1); - return false; - }elseif($ok == -2){ - msg($lang['uploadspam'],-1); - return false; - }elseif($ok == -3){ - msg($lang['uploadxss'],-1); - return false; - } + if(!preg_match('/\.('.$regex.')$/i',$fn)) { + return array($lang['uploadwrong'],-1); + } - // prepare event data - $data[0] = $file['tmp_name']; - $data[1] = $fn; - $data[2] = $id; - $data[3] = $imime; - $data[4] = $overwrite; + //check for overwrite + $overwrite = @file_exists($fn); + if($overwrite && (!$ow || $auth < AUTH_DELETE)) { + return array($lang['uploadexist'], 0); + } + // check for valid content + $ok = media_contentcheck($file['name'], $file['mime']); + if($ok == -1){ + return array(sprintf($lang['uploadbadcontent'],'.' . $file['ext']),-1); + }elseif($ok == -2){ + return array($lang['uploadspam'],-1); + }elseif($ok == -3){ + return array($lang['uploadxss'],-1); + } - // trigger event - return trigger_event('MEDIA_UPLOAD_FINISH', $data, '_media_upload_action', true); + // prepare event data + $data[0] = $file['name']; + $data[1] = $fn; + $data[2] = $id; + $data[3] = $file['mime']; + $data[4] = $overwrite; + $data[5] = $move; - }else{ - msg($lang['uploadwrong'],-1); - } - return false; + // trigger event + return trigger_event('MEDIA_UPLOAD_FINISH', $data, '_media_upload_action', true); } /** @@ -306,8 +329,8 @@ function media_upload($ns,$auth){ */ function _media_upload_action($data) { // fixme do further sanity tests of given data? - if(is_array($data) && count($data)===5) { - return media_upload_finish($data[0], $data[1], $data[2], $data[3], $data[4]); + if(is_array($data) && count($data)===6) { + return media_upload_finish($data[0], $data[1], $data[2], $data[3], $data[4], $data[5]); } else { return false; //callback error } @@ -319,14 +342,14 @@ function _media_upload_action($data) { * @author Andreas Gohr <andi@splitbrain.org> * @author Michael Klier <chi@chimeric.de> */ -function media_upload_finish($fn_tmp, $fn, $id, $imime, $overwrite) { +function media_upload_finish($fn_tmp, $fn, $id, $imime, $overwrite, $move = 'move_uploaded_file') { global $conf; global $lang; // prepare directory io_createNamespace($id, 'media'); - if(move_uploaded_file($fn_tmp, $fn)) { + if($move($fn_tmp, $fn)) { // Set the correct permission here. // Always chmod media because they may be saved with different permissions than expected from the php umask. // (Should normally chmod to $conf['fperm'] only if $conf['fperm'] is set.) @@ -341,7 +364,7 @@ function media_upload_finish($fn_tmp, $fn, $id, $imime, $overwrite) { } return $id; }else{ - msg($lang['uploadfail'],-1); + return array($lang['uploadfail'],-1); } } |