[mirrors/Kyberia-bloodline.git] / wwwroot / inc / eventz / upload_data_file.inc

<?php

function upload_data_file() {
	// XXX sec. bug over sec. bug

	global $db,$error,$node;

	require(INCLUDE_DIR.'filez.inc');

	if (($node['node_permission']!='owner') && 
	    ($node['node_permission']!='master')) {
		$error=$error_messages['EVENT_PERMISSION_ERROR'];
		return false;
	}

	$node_id=$node['node_id'];
	filez::upload_data_file($node_id);	
/*
	if ($suffix=='zip' && $_POST['unzip']) {
		mkdir(TMP."/".$_FILES['data_file']['name']);

		// directory traversal si dissabled by default from zip v 5.50
		$cmd="unzip ".$_FILES['data_file']['tmp_name']." -d "
			.TMP."/".$_FILES['data_file']['name'];

		shell_exec($cmd);
		$handle=opendir(TMP."/".$_FILES['data_file']['name']);

		// XXX move this mess into a function
		while (($file = readdir($handle))!==false) {
			if ($file!="." && $file!="..") {

				// Need to check extenstions of all extracted files
				if ( !filez::filename_secure($_FILES['data_file']['file'])) {
					$error = 'ale ale, kto nam to tady loupe pernicek.. ';
					return false;
				}

				$node_params['node_name']=$file;
				$node_params['node_creator']=$_SESSION['user_id'];
				$node_params['template_id']=DEF_DATA_TEMPLATE;
				$node_params['node_parent']=$node['node_id'];

				$node_params['node_content']=$file;
				$datanode_id=nodes::addNode($node_params);
				$file_suffix = array_pop(explode('.', basename($file)));
				copy(TMP."/".$_FILES['data_file']['name']."/".$file,
				     FILE_DIR.$_SESSION['user_id'].'/'.$datanode_id.".$file_suffix");
				symlink(FILE_DIR.$_SESSION['user_id'].'/'.$datanode_id.".$file_suffix",
					SYSTEM_ROOT.'/files/'.$datanode_id);

# Removed for now, need complete rewrite

#				if ($_POST['gallery']) {
#					$node_params['template_id']=DEF_GALLERY_TEMPLATE;
#					$image=TMP."/".$_FILES['data_file']['name']."/".$file;
#					$image_name=$file;
#					$width=NODE_IMAGE_WIDTH;
#
#					if (stristr($image_name,".jpg") || 
#					    stristr($image_name,".jpeg") ){
#						
#						/// XXX UTILZ_DIR is not set. remove?
#						$cmd=UTILZ_DIR."/jpegtopnm  $image |".UTILZ_DIR."/pnmscale -width=$width | ".UTILZ_DIR."ppmquant 256 |".UTILZ_DIR."ppmtogif >".SYSTEM_ROOT.SYSTEM_IMAGES.'/nodes/'.substr($datanode_id,0,1)."/".substr($datanode_id,1,1)."/".$datanode_id.".gif";
#					}
#					elseif (stristr($image_name,".gif")) {
#						$cmd=UTILZ_DIR."/gifsicle --resize ".$width."x_ $image > ".SYSTE_ROOT.SYSTEM_IMAGES.'/nodes/'.substr($datanode_id,0,1)."/".substr($datanode_id,1,1)."/".$datanode_id.".gif";
#					}
#					if ($cmd) {
#						shell_exec($cmd);
#					}
#					// XXX WTF
#					echo $cmd;
#				}
			}
		}
		closedir($handle);
		die();
	}

	else {
		copy($_FILES['data_file']['tmp_name'],
			FILE_DIR.$_SESSION['user_id'].'/'.$node['node_id'].".$suffix");
		symlink(FILE_DIR.$_SESSION['user_id'].'/'.$node['node_id'].".$suffix",
			FILE_DIR.'/'.$node['node_id']);
	}
*/
}
?>
Commit	Line	Data
51ff3226	1	<?php
51ff3226	2
33e10d4c	3	function upload_data_file() {
	4	// XXX sec. bug over sec. bug
	5
	6	global $db,$error,$node;
	7
	8	require(INCLUDE_DIR.'filez.inc');
	9
	10	if (($node['node_permission']!='owner') &&
	11	($node['node_permission']!='master')) {
	12	$error=$error_messages['EVENT_PERMISSION_ERROR'];
	13	return false;
	14	}
	15
	16	$node_id=$node['node_id'];
84c1a473 DH	17	filez::upload_data_file($node_id);
84c1a473 DH	18	/*
33e10d4c	19	if ($suffix=='zip' && $_POST['unzip']) {
	20	mkdir(TMP."/".$_FILES['data_file']['name']);
	21
	22	// directory traversal si dissabled by default from zip v 5.50
	23	$cmd="unzip ".$_FILES['data_file']['tmp_name']." -d "
	24	.TMP."/".$_FILES['data_file']['name'];
	25
	26	shell_exec($cmd);
	27	$handle=opendir(TMP."/".$_FILES['data_file']['name']);
	28
	29	// XXX move this mess into a function
	30	while (($file = readdir($handle))!==false) {
	31	if ($file!="." && $file!="..") {
	32
	33	// Need to check extenstions of all extracted files
	34	if ( !filez::filename_secure($_FILES['data_file']['file'])) {
	35	$error = 'ale ale, kto nam to tady loupe pernicek.. ';
	36	return false;
51ff3226	37	}
51ff3226	38
33e10d4c	39	$node_params['node_name']=$file;
33e10d4c	40	$node_params['node_creator']=$_SESSION['user_id'];
233544e1	41	$node_params['template_id']=DEF_DATA_TEMPLATE;
33e10d4c	42	$node_params['node_parent']=$node['node_id'];
	43
	44	$node_params['node_content']=$file;
	45	$datanode_id=nodes::addNode($node_params);
	46	$file_suffix = array_pop(explode('.', basename($file)));
	47	copy(TMP."/".$_FILES['data_file']['name']."/".$file,
	48	FILE_DIR.$_SESSION['user_id'].'/'.$datanode_id.".$file_suffix");
	49	symlink(FILE_DIR.$_SESSION['user_id'].'/'.$datanode_id.".$file_suffix",
	50	SYSTEM_ROOT.'/files/'.$datanode_id);
33e10d4c	51
233544e1	52	# Removed for now, need complete rewrite
	53
	54	# if ($_POST['gallery']) {
	55	# $node_params['template_id']=DEF_GALLERY_TEMPLATE;
	56	# $image=TMP."/".$_FILES['data_file']['name']."/".$file;
	57	# $image_name=$file;
	58	# $width=NODE_IMAGE_WIDTH;
	59	#
	60	# if (stristr($image_name,".jpg") \|\|
	61	# stristr($image_name,".jpeg") ){
	62	#
	63	# /// XXX UTILZ_DIR is not set. remove?
	64	# $cmd=UTILZ_DIR."/jpegtopnm $image \|".UTILZ_DIR."/pnmscale -width=$width \| ".UTILZ_DIR."ppmquant 256 \|".UTILZ_DIR."ppmtogif >".SYSTEM_ROOT.SYSTEM_IMAGES.'/nodes/'.substr($datanode_id,0,1)."/".substr($datanode_id,1,1)."/".$datanode_id.".gif";
	65	# }
	66	# elseif (stristr($image_name,".gif")) {
	67	# $cmd=UTILZ_DIR."/gifsicle --resize ".$width."x_ $image > ".SYSTE_ROOT.SYSTEM_IMAGES.'/nodes/'.substr($datanode_id,0,1)."/".substr($datanode_id,1,1)."/".$datanode_id.".gif";
	68	# }
	69	# if ($cmd) {
	70	# shell_exec($cmd);
	71	# }
	72	# // XXX WTF
	73	# echo $cmd;
	74	# }
51ff3226	75	}
51ff3226	76	}
33e10d4c	77	closedir($handle);
	78	die();
	79	}
51ff3226	80
33e10d4c	81	else {
	82	copy($_FILES['data_file']['tmp_name'],
	83	FILE_DIR.$_SESSION['user_id'].'/'.$node['node_id'].".$suffix");
	84	symlink(FILE_DIR.$_SESSION['user_id'].'/'.$node['node_id'].".$suffix",
84c1a473	85	FILE_DIR.'/'.$node['node_id']);
33e10d4c	86	}
84c1a473	87	*/
33e10d4c	88	}
e909f81b	89	?>