wwwroot/inc/eventz/upload_data_file.inc

   1 <?php
   2
   3
   4
   5 function upload_data_file() {
   6         // XXX sec. bug over sec. bug
   7
   8         global $db,$error,$node;
   9
  10         require(INCLUDE_DIR.'filez.inc');
  11
  12         if (($node['node_permission']!='owner') &&
  13             ($node['node_permission']!='master')) {
  14                 $error=$error_messages['EVENT_PERMISSION_ERROR'];
  15                 return false;
  16         }
  17
  18         $node_id=$node['node_id'];
  19
  20         if ( !filez::filename_secure($_FILES['data_file']['name'])) {
  21                 $error = 'bad, naughty file type. Cruise missile launched.';
  22                 return false;
  23         }
  24
  25         if (!is_dir(FILE_DIR.$_SESSION['user_id'])) {
  26                  mkdir(FILE_DIR.$_SESSION['user_id']);
  27         }
  28
  29         if ($suffix=='zip' && $_POST['unzip']) {
  30                 mkdir(TMP."/".$_FILES['data_file']['name']);
  31
  32                 // directory traversal si dissabled by default from zip v 5.50
  33                 $cmd="unzip ".$_FILES['data_file']['tmp_name']." -d "
  34                         .TMP."/".$_FILES['data_file']['name'];
  35
  36                 shell_exec($cmd);
  37                 $handle=opendir(TMP."/".$_FILES['data_file']['name']);
  38
  39                 // XXX move this mess into a function
  40                 while (($file = readdir($handle))!==false) {
  41                         if ($file!="." && $file!="..") {
  42
  43                                 // Need to check extenstions of all extracted files
  44                                 if ( !filez::filename_secure($_FILES['data_file']['file'])) {
  45                                         $error = 'ale ale, kto nam to tady loupe pernicek.. ';
  46                                         return false;
  47                                 }
  48
  49                                 $node_params['node_name']=$file;
  50                                 $node_params['node_creator']=$_SESSION['user_id'];
  51                                 if ($_POST['gallery']) $node_params['template_id']="1041658";
  52                                 else $node_params['template_id']=12;
  53                                 $node_params['node_parent']=$node['node_id'];
  54
  55                                 $node_params['node_content']=$file;
  56                                 $datanode_id=nodes::addNode($node_params);
  57                                 $file_suffix = array_pop(explode('.', basename($file)));
  58                                 copy(TMP."/".$_FILES['data_file']['name']."/".$file,
  59                                      FILE_DIR.$_SESSION['user_id'].'/'.$datanode_id.".$file_suffix");
  60                                 symlink(FILE_DIR.$_SESSION['user_id'].'/'.$datanode_id.".$file_suffix",
  61                                         SYSTEM_ROOT.'/files/'.$datanode_id);
  62                                 if ($_POST['gallery']) {
  63                                         $image=TMP."/".$_FILES['data_file']['name']."/".$file;
  64                                         $image_name=$file;
  65                                         $width=NODE_IMAGE_WIDTH;
  66
  67                                         if (stristr($image_name,".jpg") ||
  68                                             stristr($image_name,".jpeg") ){
  69
  70                                                 /// XXX UTILZ_DIR is not set. remove?
  71                                                 $cmd=UTILZ_DIR."/jpegtopnm  $image |".UTILZ_DIR."/pnmscale -width=$width | ".UTILZ_DIR."ppmquant 256 |".UTILZ_DIR."ppmtogif >".SYSTEM_ROOT."images/nodes/".substr($datanode_id,0,1)."/".substr($datanode_id,1,1)."/".$datanode_id.".gif";
  72                                         }
  73                                         elseif (stristr($image_name,".gif")) {
  74                                                 $cmd=UTILZ_DIR."/gifsicle --resize ".$width."x_ $image > ".SYSTEM_ROOT."images/nodes/".substr($datanode_id,0,1)."/".substr($datanode_id,1,1)."/".$datanode_id.".gif";
  75                                         }
  76                                         if ($cmd) {
  77                                                 shell_exec($cmd);
  78                                         }
  79                                         // XXX WTF
  80                                         echo $cmd;
  81                                 }
  82
  83                         }
  84                 }
  85                 closedir($handle);
  86                 die();
  87         }
  88
  89         else {
  90                 copy($_FILES['data_file']['tmp_name'],
  91                         FILE_DIR.$_SESSION['user_id'].'/'.$node['node_id'].".$suffix");
  92                 symlink(FILE_DIR.$_SESSION['user_id'].'/'.$node['node_id'].".$suffix",
  93                         SYSTEM_ROOT.'/files/'.$node['node_id']);
  94         }
  95
  96
  97 }
  98
  99 ?>