51ff3226 |
1 | <?php |
51ff3226 |
2 | |
33e10d4c |
3 | function upload_data_file() { |
4 | // XXX sec. bug over sec. bug |
5 | |
6 | global $db,$error,$node; |
7 | |
8 | require(INCLUDE_DIR.'filez.inc'); |
9 | |
10 | if (($node['node_permission']!='owner') && |
11 | ($node['node_permission']!='master')) { |
12 | $error=$error_messages['EVENT_PERMISSION_ERROR']; |
13 | return false; |
14 | } |
15 | |
16 | $node_id=$node['node_id']; |
17 | |
233544e1 |
18 | if ( !filez::upload_filename_secure($_FILES['data_file']['name'])) { |
33e10d4c |
19 | $error = 'bad, naughty file type. Cruise missile launched.'; |
20 | return false; |
21 | } |
22 | |
23 | if (!is_dir(FILE_DIR.$_SESSION['user_id'])) { |
24 | mkdir(FILE_DIR.$_SESSION['user_id']); |
25 | } |
26 | |
a081a6fd |
27 | $suffix = array_pop(explode('.', basename($_FILES['data_file']['name']))); |
28 | |
33e10d4c |
29 | if ($suffix=='zip' && $_POST['unzip']) { |
30 | mkdir(TMP."/".$_FILES['data_file']['name']); |
31 | |
32 | // directory traversal si dissabled by default from zip v 5.50 |
33 | $cmd="unzip ".$_FILES['data_file']['tmp_name']." -d " |
34 | .TMP."/".$_FILES['data_file']['name']; |
35 | |
36 | shell_exec($cmd); |
37 | $handle=opendir(TMP."/".$_FILES['data_file']['name']); |
38 | |
39 | // XXX move this mess into a function |
40 | while (($file = readdir($handle))!==false) { |
41 | if ($file!="." && $file!="..") { |
42 | |
43 | // Need to check extenstions of all extracted files |
44 | if ( !filez::filename_secure($_FILES['data_file']['file'])) { |
45 | $error = 'ale ale, kto nam to tady loupe pernicek.. '; |
46 | return false; |
51ff3226 |
47 | } |
48 | |
33e10d4c |
49 | $node_params['node_name']=$file; |
50 | $node_params['node_creator']=$_SESSION['user_id']; |
233544e1 |
51 | $node_params['template_id']=DEF_DATA_TEMPLATE; |
33e10d4c |
52 | $node_params['node_parent']=$node['node_id']; |
53 | |
54 | $node_params['node_content']=$file; |
55 | $datanode_id=nodes::addNode($node_params); |
56 | $file_suffix = array_pop(explode('.', basename($file))); |
57 | copy(TMP."/".$_FILES['data_file']['name']."/".$file, |
58 | FILE_DIR.$_SESSION['user_id'].'/'.$datanode_id.".$file_suffix"); |
59 | symlink(FILE_DIR.$_SESSION['user_id'].'/'.$datanode_id.".$file_suffix", |
60 | SYSTEM_ROOT.'/files/'.$datanode_id); |
33e10d4c |
61 | |
233544e1 |
62 | # Removed for now, need complete rewrite |
63 | |
64 | # if ($_POST['gallery']) { |
65 | # $node_params['template_id']=DEF_GALLERY_TEMPLATE; |
66 | # $image=TMP."/".$_FILES['data_file']['name']."/".$file; |
67 | # $image_name=$file; |
68 | # $width=NODE_IMAGE_WIDTH; |
69 | # |
70 | # if (stristr($image_name,".jpg") || |
71 | # stristr($image_name,".jpeg") ){ |
72 | # |
73 | # /// XXX UTILZ_DIR is not set. remove? |
74 | # $cmd=UTILZ_DIR."/jpegtopnm $image |".UTILZ_DIR."/pnmscale -width=$width | ".UTILZ_DIR."ppmquant 256 |".UTILZ_DIR."ppmtogif >".SYSTEM_ROOT.SYSTEM_IMAGES.'/nodes/'.substr($datanode_id,0,1)."/".substr($datanode_id,1,1)."/".$datanode_id.".gif"; |
75 | # } |
76 | # elseif (stristr($image_name,".gif")) { |
77 | # $cmd=UTILZ_DIR."/gifsicle --resize ".$width."x_ $image > ".SYSTE_ROOT.SYSTEM_IMAGES.'/nodes/'.substr($datanode_id,0,1)."/".substr($datanode_id,1,1)."/".$datanode_id.".gif"; |
78 | # } |
79 | # if ($cmd) { |
80 | # shell_exec($cmd); |
81 | # } |
82 | # // XXX WTF |
83 | # echo $cmd; |
84 | # } |
51ff3226 |
85 | } |
51ff3226 |
86 | } |
33e10d4c |
87 | closedir($handle); |
88 | die(); |
89 | } |
51ff3226 |
90 | |
33e10d4c |
91 | else { |
92 | copy($_FILES['data_file']['tmp_name'], |
93 | FILE_DIR.$_SESSION['user_id'].'/'.$node['node_id'].".$suffix"); |
94 | symlink(FILE_DIR.$_SESSION['user_id'].'/'.$node['node_id'].".$suffix", |
95 | SYSTEM_ROOT.'/files/'.$node['node_id']); |
96 | } |
33e10d4c |
97 | } |
e909f81b |
98 | ?> |