Commit | Line | Data |
---|---|---|
51ff3226 | 1 | <?php |
51ff3226 | 2 | |
33e10d4c | 3 | function upload_data_file() { |
4 | // XXX sec. bug over sec. bug | |
5 | ||
6 | global $db,$error,$node; | |
7 | ||
8 | require(INCLUDE_DIR.'filez.inc'); | |
9 | ||
10 | if (($node['node_permission']!='owner') && | |
11 | ($node['node_permission']!='master')) { | |
12 | $error=$error_messages['EVENT_PERMISSION_ERROR']; | |
13 | return false; | |
14 | } | |
15 | ||
16 | $node_id=$node['node_id']; | |
84c1a473 DH |
17 | filez::upload_data_file($node_id); |
18 | /* | |
33e10d4c | 19 | if ($suffix=='zip' && $_POST['unzip']) { |
20 | mkdir(TMP."/".$_FILES['data_file']['name']); | |
21 | ||
22 | // directory traversal si dissabled by default from zip v 5.50 | |
23 | $cmd="unzip ".$_FILES['data_file']['tmp_name']." -d " | |
24 | .TMP."/".$_FILES['data_file']['name']; | |
25 | ||
26 | shell_exec($cmd); | |
27 | $handle=opendir(TMP."/".$_FILES['data_file']['name']); | |
28 | ||
29 | // XXX move this mess into a function | |
30 | while (($file = readdir($handle))!==false) { | |
31 | if ($file!="." && $file!="..") { | |
32 | ||
33 | // Need to check extenstions of all extracted files | |
34 | if ( !filez::filename_secure($_FILES['data_file']['file'])) { | |
35 | $error = 'ale ale, kto nam to tady loupe pernicek.. '; | |
36 | return false; | |
51ff3226 | 37 | } |
38 | ||
33e10d4c | 39 | $node_params['node_name']=$file; |
40 | $node_params['node_creator']=$_SESSION['user_id']; | |
233544e1 | 41 | $node_params['template_id']=DEF_DATA_TEMPLATE; |
33e10d4c | 42 | $node_params['node_parent']=$node['node_id']; |
43 | ||
44 | $node_params['node_content']=$file; | |
45 | $datanode_id=nodes::addNode($node_params); | |
46 | $file_suffix = array_pop(explode('.', basename($file))); | |
47 | copy(TMP."/".$_FILES['data_file']['name']."/".$file, | |
48 | FILE_DIR.$_SESSION['user_id'].'/'.$datanode_id.".$file_suffix"); | |
49 | symlink(FILE_DIR.$_SESSION['user_id'].'/'.$datanode_id.".$file_suffix", | |
50 | SYSTEM_ROOT.'/files/'.$datanode_id); | |
33e10d4c | 51 | |
233544e1 | 52 | # Removed for now, need complete rewrite |
53 | ||
54 | # if ($_POST['gallery']) { | |
55 | # $node_params['template_id']=DEF_GALLERY_TEMPLATE; | |
56 | # $image=TMP."/".$_FILES['data_file']['name']."/".$file; | |
57 | # $image_name=$file; | |
58 | # $width=NODE_IMAGE_WIDTH; | |
59 | # | |
60 | # if (stristr($image_name,".jpg") || | |
61 | # stristr($image_name,".jpeg") ){ | |
62 | # | |
63 | # /// XXX UTILZ_DIR is not set. remove? | |
64 | # $cmd=UTILZ_DIR."/jpegtopnm $image |".UTILZ_DIR."/pnmscale -width=$width | ".UTILZ_DIR."ppmquant 256 |".UTILZ_DIR."ppmtogif >".SYSTEM_ROOT.SYSTEM_IMAGES.'/nodes/'.substr($datanode_id,0,1)."/".substr($datanode_id,1,1)."/".$datanode_id.".gif"; | |
65 | # } | |
66 | # elseif (stristr($image_name,".gif")) { | |
67 | # $cmd=UTILZ_DIR."/gifsicle --resize ".$width."x_ $image > ".SYSTE_ROOT.SYSTEM_IMAGES.'/nodes/'.substr($datanode_id,0,1)."/".substr($datanode_id,1,1)."/".$datanode_id.".gif"; | |
68 | # } | |
69 | # if ($cmd) { | |
70 | # shell_exec($cmd); | |
71 | # } | |
72 | # // XXX WTF | |
73 | # echo $cmd; | |
74 | # } | |
51ff3226 | 75 | } |
51ff3226 | 76 | } |
33e10d4c | 77 | closedir($handle); |
78 | die(); | |
79 | } | |
51ff3226 | 80 | |
33e10d4c | 81 | else { |
82 | copy($_FILES['data_file']['tmp_name'], | |
83 | FILE_DIR.$_SESSION['user_id'].'/'.$node['node_id'].".$suffix"); | |
84 | symlink(FILE_DIR.$_SESSION['user_id'].'/'.$node['node_id'].".$suffix", | |
84c1a473 | 85 | FILE_DIR.'/'.$node['node_id']); |
33e10d4c | 86 | } |
84c1a473 | 87 | */ |
33e10d4c | 88 | } |
e909f81b | 89 | ?> |