X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=wwwroot%2Finc%2Feventz%2Fupload_data_file.inc;h=070d7581127043fa0e9ce0a56b13a2252cc6dfeb;hb=a081a6fd9e8fd6a75cc95c1f1b4062c360f0fc0b;hp=2231b518814360419f8248e099a8fe71bb6fb286;hpb=e909f81b8c7e4413f5788b36d8fbf2409ac11f46;p=mirrors%2FKyberia-bloodline.git

diff --git a/wwwroot/inc/eventz/upload_data_file.inc b/wwwroot/inc/eventz/upload_data_file.inc
index 2231b51..070d758 100644
--- a/wwwroot/inc/eventz/upload_data_file.inc
+++ b/wwwroot/inc/eventz/upload_data_file.inc
@@ -1,70 +1,101 @@
 <?php
-	function upload_data_file() {
 
-		global $db,$error,$node;
 
-if (($node['node_permission']!='owner') && ($node['node_permission']!='master')) {
-$error=$error_messages['EVENT_PERMISSION_ERROR'];
-return false;
-}
 
-		$node_id=$node['node_id'];
-		$node_template=$_POST['node_template'];
-		require(INCLUDE_DIR.'filez.inc');
-		$suffix = array_pop(explode('.', basename($_FILES['data_file']['name'])));
-	        if (!is_dir(FILE_DIR.$_SESSION['user_id'])) {
-       		         mkdir(FILE_DIR.$_SESSION['user_id']);
-       		}
-
-		if ($suffix=='zip' && $_POST['unzip']) {
-			mkdir(TMP."/".$_FILES['data_file']['name']);
-			$cmd="unzip ".$_FILES['data_file']['tmp_name']." -d ".TMP."/".$_FILES['data_file']['name'];
-			shell_exec($cmd);
-			$handle=opendir(TMP."/".$_FILES['data_file']['name']);
-
-			while (($file = readdir($handle))!==false) {
-				if ($file!="." && $file!="..") {
-					$node_params['node_name']=$file;
-					$node_params['node_creator']=$_SESSION['user_id'];
-					if ($_POST['gallery']) $node_params['template_id']="1041658";
-					else $node_params['template_id']=12;
-					$node_params['node_parent']=$node['node_id'];
-
-					$node_params['node_content']=$file;
-					$datanode_id=nodes::addNode($node_params);
-					$file_suffix = array_pop(explode('.', basename($file)));
-					copy(TMP."/".$_FILES['data_file']['name']."/".$file,FILE_DIR.$_SESSION['user_id'].'/'.$datanode_id.".$file_suffix");
-					symlink(FILE_DIR.$_SESSION['user_id'].'/'.$datanode_id.".$file_suffix",SYSTEM_ROOT.'/files/'.$datanode_id);
-					if ($_POST['gallery']) {
-						$image=TMP."/".$_FILES['data_file']['name']."/".$file;
-						$image_name=$file;
-						$width=NODE_IMAGE_WIDTH;
-
-						if (stristr($image_name,".jpg") || stristr($image_name,".jpeg") ){
-		        			        $cmd=UTILZ_DIR."/jpegtopnm  $image |".UTILZ_DIR."/pnmscale -width=$width | ".UTILZ_DIR."ppmquant 256 |".UTILZ_DIR."ppmtogif >".SYSTEM_ROOT."images/nodes/".substr($datanode_id,0,1)."/".substr($datanode_id,1,1)."/".$datanode_id.".gif";
-						}
-					        elseif (stristr($image_name,".gif")) {
-			        		        $cmd=UTILZ_DIR."/gifsicle --resize ".$width."x_ $image > ".SYSTEM_ROOT."images/nodes/".substr($datanode_id,0,1)."/".substr($datanode_id,1,1)."/".$datanode_id.".gif";
-				        	}
-						if ($cmd) {
-							shell_exec($cmd);
-						}
-
-echo $cmd;
+function upload_data_file() {
+	// XXX sec. bug over sec. bug
+
+	global $db,$error,$node;
+
+	require(INCLUDE_DIR.'filez.inc');
+
+	if (($node['node_permission']!='owner') && 
+	    ($node['node_permission']!='master')) {
+		$error=$error_messages['EVENT_PERMISSION_ERROR'];
+		return false;
+	}
+
+	$node_id=$node['node_id'];
+	
+	if ( !filez::filename_secure($_FILES['data_file']['name'])) {
+		$error = 'bad, naughty file type. Cruise missile launched.';
+		return false;
+	}
+
+	if (!is_dir(FILE_DIR.$_SESSION['user_id'])) {
+		 mkdir(FILE_DIR.$_SESSION['user_id']);
+	}
+
+	$suffix = array_pop(explode('.', basename($_FILES['data_file']['name'])));
+
+	if ($suffix=='zip' && $_POST['unzip']) {
+		mkdir(TMP."/".$_FILES['data_file']['name']);
+
+		// directory traversal si dissabled by default from zip v 5.50
+		$cmd="unzip ".$_FILES['data_file']['tmp_name']." -d "
+			.TMP."/".$_FILES['data_file']['name'];
+
+		shell_exec($cmd);
+		$handle=opendir(TMP."/".$_FILES['data_file']['name']);
+
+		// XXX move this mess into a function
+		while (($file = readdir($handle))!==false) {
+			if ($file!="." && $file!="..") {
+
+				// Need to check extenstions of all extracted files
+				if ( !filez::filename_secure($_FILES['data_file']['file'])) {
+					$error = 'ale ale, kto nam to tady loupe pernicek.. ';
+					return false;
 				}
 
+				$node_params['node_name']=$file;
+				$node_params['node_creator']=$_SESSION['user_id'];
+				if ($_POST['gallery']) $node_params['template_id']="1041658";
+				else $node_params['template_id']=12;
+				$node_params['node_parent']=$node['node_id'];
+
+				$node_params['node_content']=$file;
+				$datanode_id=nodes::addNode($node_params);
+				$file_suffix = array_pop(explode('.', basename($file)));
+				copy(TMP."/".$_FILES['data_file']['name']."/".$file,
+				     FILE_DIR.$_SESSION['user_id'].'/'.$datanode_id.".$file_suffix");
+				symlink(FILE_DIR.$_SESSION['user_id'].'/'.$datanode_id.".$file_suffix",
+					SYSTEM_ROOT.'/files/'.$datanode_id);
+				if ($_POST['gallery']) {
+					$image=TMP."/".$_FILES['data_file']['name']."/".$file;
+					$image_name=$file;
+					$width=NODE_IMAGE_WIDTH;
+
+					if (stristr($image_name,".jpg") || 
+					    stristr($image_name,".jpeg") ){
+						
+						/// XXX UTILZ_DIR is not set. remove?
+						$cmd=UTILZ_DIR."/jpegtopnm  $image |".UTILZ_DIR."/pnmscale -width=$width | ".UTILZ_DIR."ppmquant 256 |".UTILZ_DIR."ppmtogif >".SYSTEM_ROOT."images/nodes/".substr($datanode_id,0,1)."/".substr($datanode_id,1,1)."/".$datanode_id.".gif";
+					}
+					elseif (stristr($image_name,".gif")) {
+						$cmd=UTILZ_DIR."/gifsicle --resize ".$width."x_ $image > ".SYSTEM_ROOT."images/nodes/".substr($datanode_id,0,1)."/".substr($datanode_id,1,1)."/".$datanode_id.".gif";
+					}
+					if ($cmd) {
+						shell_exec($cmd);
+					}
+					// XXX WTF
+					echo $cmd;
 				}
+
 			}
-			closedir($handle);
-die();
 		}
+		closedir($handle);
+		die();
+	}
 
-		else {
-			copy($_FILES['data_file']['tmp_name'],FILE_DIR.$_SESSION['user_id'].'/'.$node['node_id'].".$suffix");
-			symlink(FILE_DIR.$_SESSION['user_id'].'/'.$node['node_id'].".$suffix",SYSTEM_ROOT.'/files/'.$node['node_id']);
-		}
+	else {
+		copy($_FILES['data_file']['tmp_name'],
+			FILE_DIR.$_SESSION['user_id'].'/'.$node['node_id'].".$suffix");
+		symlink(FILE_DIR.$_SESSION['user_id'].'/'.$node['node_id'].".$suffix",
+			SYSTEM_ROOT.'/files/'.$node['node_id']);
+	}
 
 
-		}
+}
 
 ?>