3 function upload_data_file() {
4 // XXX sec. bug over sec. bug
6 global $db,$error,$node;
8 require(INCLUDE_DIR.'filez.inc');
10 if (($node['node_permission']!='owner') &&
11 ($node['node_permission']!='master')) {
12 $error=$error_messages['EVENT_PERMISSION_ERROR'];
16 $node_id=$node['node_id'];
18 if ( !filez::upload_filename_secure($_FILES['data_file']['name'])) {
19 $error = 'bad, naughty file type. Cruise missile launched.';
23 if (!is_dir(FILE_DIR.$_SESSION['user_id'])) {
24 mkdir(FILE_DIR.$_SESSION['user_id']);
27 $suffix = array_pop(explode('.', basename($_FILES['data_file']['name'])));
29 if ($suffix=='zip' && $_POST['unzip']) {
30 mkdir(TMP."/".$_FILES['data_file']['name']);
32 // directory traversal si dissabled by default from zip v 5.50
33 $cmd="unzip ".$_FILES['data_file']['tmp_name']." -d "
34 .TMP."/".$_FILES['data_file']['name'];
37 $handle=opendir(TMP."/".$_FILES['data_file']['name']);
39 // XXX move this mess into a function
40 while (($file = readdir($handle))!==false) {
41 if ($file!="." && $file!="..") {
43 // Need to check extenstions of all extracted files
44 if ( !filez::filename_secure($_FILES['data_file']['file'])) {
45 $error = 'ale ale, kto nam to tady loupe pernicek.. ';
49 $node_params['node_name']=$file;
50 $node_params['node_creator']=$_SESSION['user_id'];
51 $node_params['template_id']=DEF_DATA_TEMPLATE;
52 $node_params['node_parent']=$node['node_id'];
54 $node_params['node_content']=$file;
55 $datanode_id=nodes::addNode($node_params);
56 $file_suffix = array_pop(explode('.', basename($file)));
57 copy(TMP."/".$_FILES['data_file']['name']."/".$file,
58 FILE_DIR.$_SESSION['user_id'].'/'.$datanode_id.".$file_suffix");
59 symlink(FILE_DIR.$_SESSION['user_id'].'/'.$datanode_id.".$file_suffix",
60 SYSTEM_ROOT.'/files/'.$datanode_id);
62 # Removed for now, need complete rewrite
64 # if ($_POST['gallery']) {
65 # $node_params['template_id']=DEF_GALLERY_TEMPLATE;
66 # $image=TMP."/".$_FILES['data_file']['name']."/".$file;
68 # $width=NODE_IMAGE_WIDTH;
70 # if (stristr($image_name,".jpg") ||
71 # stristr($image_name,".jpeg") ){
73 # /// XXX UTILZ_DIR is not set. remove?
74 # $cmd=UTILZ_DIR."/jpegtopnm $image |".UTILZ_DIR."/pnmscale -width=$width | ".UTILZ_DIR."ppmquant 256 |".UTILZ_DIR."ppmtogif >".SYSTEM_ROOT.SYSTEM_IMAGES.'/nodes/'.substr($datanode_id,0,1)."/".substr($datanode_id,1,1)."/".$datanode_id.".gif";
76 # elseif (stristr($image_name,".gif")) {
77 # $cmd=UTILZ_DIR."/gifsicle --resize ".$width."x_ $image > ".SYSTE_ROOT.SYSTEM_IMAGES.'/nodes/'.substr($datanode_id,0,1)."/".substr($datanode_id,1,1)."/".$datanode_id.".gif";
92 copy($_FILES['data_file']['tmp_name'],
93 FILE_DIR.$_SESSION['user_id'].'/'.$node['node_id'].".$suffix");
94 symlink(FILE_DIR.$_SESSION['user_id'].'/'.$node['node_id'].".$suffix",
95 SYSTEM_ROOT.'/files/'.$node['node_id']);