5 function upload_data_file() {
6 // XXX sec. bug over sec. bug
8 global $db,$error,$node;
10 require(INCLUDE_DIR.'filez.inc');
12 if (($node['node_permission']!='owner') &&
13 ($node['node_permission']!='master')) {
14 $error=$error_messages['EVENT_PERMISSION_ERROR'];
18 $node_id=$node['node_id'];
20 if ( !filez::filename_secure($_FILES['data_file']['name'])) {
21 $error = 'bad, naughty file type. Cruise missile launched.';
25 if (!is_dir(FILE_DIR.$_SESSION['user_id'])) {
26 mkdir(FILE_DIR.$_SESSION['user_id']);
29 if ($suffix=='zip' && $_POST['unzip']) {
30 mkdir(TMP."/".$_FILES['data_file']['name']);
32 // directory traversal si dissabled by default from zip v 5.50
33 $cmd="unzip ".$_FILES['data_file']['tmp_name']." -d "
34 .TMP."/".$_FILES['data_file']['name'];
37 $handle=opendir(TMP."/".$_FILES['data_file']['name']);
39 // XXX move this mess into a function
40 while (($file = readdir($handle))!==false) {
41 if ($file!="." && $file!="..") {
43 // Need to check extenstions of all extracted files
44 if ( !filez::filename_secure($_FILES['data_file']['file'])) {
45 $error = 'ale ale, kto nam to tady loupe pernicek.. ';
49 $node_params['node_name']=$file;
50 $node_params['node_creator']=$_SESSION['user_id'];
51 if ($_POST['gallery']) $node_params['template_id']="1041658";
52 else $node_params['template_id']=12;
53 $node_params['node_parent']=$node['node_id'];
55 $node_params['node_content']=$file;
56 $datanode_id=nodes::addNode($node_params);
57 $file_suffix = array_pop(explode('.', basename($file)));
58 copy(TMP."/".$_FILES['data_file']['name']."/".$file,
59 FILE_DIR.$_SESSION['user_id'].'/'.$datanode_id.".$file_suffix");
60 symlink(FILE_DIR.$_SESSION['user_id'].'/'.$datanode_id.".$file_suffix",
61 SYSTEM_ROOT.'/files/'.$datanode_id);
62 if ($_POST['gallery']) {
63 $image=TMP."/".$_FILES['data_file']['name']."/".$file;
65 $width=NODE_IMAGE_WIDTH;
67 if (stristr($image_name,".jpg") ||
68 stristr($image_name,".jpeg") ){
70 /// XXX UTILZ_DIR is not set. remove?
71 $cmd=UTILZ_DIR."/jpegtopnm $image |".UTILZ_DIR."/pnmscale -width=$width | ".UTILZ_DIR."ppmquant 256 |".UTILZ_DIR."ppmtogif >".SYSTEM_ROOT."images/nodes/".substr($datanode_id,0,1)."/".substr($datanode_id,1,1)."/".$datanode_id.".gif";
73 elseif (stristr($image_name,".gif")) {
74 $cmd=UTILZ_DIR."/gifsicle --resize ".$width."x_ $image > ".SYSTEM_ROOT."images/nodes/".substr($datanode_id,0,1)."/".substr($datanode_id,1,1)."/".$datanode_id.".gif";
90 copy($_FILES['data_file']['tmp_name'],
91 FILE_DIR.$_SESSION['user_id'].'/'.$node['node_id'].".$suffix");
92 symlink(FILE_DIR.$_SESSION['user_id'].'/'.$node['node_id'].".$suffix",
93 SYSTEM_ROOT.'/files/'.$node['node_id']);