GIT.Harvie.CZ / mirrors / Kyberia-bloodline.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Debugged upload_data_file method unified for upload_data_file & add eventz and moved...
[mirrors/Kyberia-bloodline.git] / wwwroot / inc / eventz / upload_data_file.inc
1 <?php
2
3 function upload_data_file() {
4 // XXX sec. bug over sec. bug
5
6 global $db,$error,$node;
7
8 require(INCLUDE_DIR.'filez.inc');
9
10 if (($node['node_permission']!='owner') &&
11 ($node['node_permission']!='master')) {
12 $error=$error_messages['EVENT_PERMISSION_ERROR'];
13 return false;
14 }
15
16 $node_id=$node['node_id'];
17 filez::upload_data_file($node_id);
18 /*
19 if ($suffix=='zip' && $_POST['unzip']) {
20 mkdir(TMP."/".$_FILES['data_file']['name']);
21
22 // directory traversal si dissabled by default from zip v 5.50
23 $cmd="unzip ".$_FILES['data_file']['tmp_name']." -d "
24 .TMP."/".$_FILES['data_file']['name'];
25
26 shell_exec($cmd);
27 $handle=opendir(TMP."/".$_FILES['data_file']['name']);
28
29 // XXX move this mess into a function
30 while (($file = readdir($handle))!==false) {
31 if ($file!="." && $file!="..") {
32
33 // Need to check extenstions of all extracted files
34 if ( !filez::filename_secure($_FILES['data_file']['file'])) {
35 $error = 'ale ale, kto nam to tady loupe pernicek.. ';
36 return false;
37 }
38
39 $node_params['node_name']=$file;
40 $node_params['node_creator']=$_SESSION['user_id'];
41 $node_params['template_id']=DEF_DATA_TEMPLATE;
42 $node_params['node_parent']=$node['node_id'];
43
44 $node_params['node_content']=$file;
45 $datanode_id=nodes::addNode($node_params);
46 $file_suffix = array_pop(explode('.', basename($file)));
47 copy(TMP."/".$_FILES['data_file']['name']."/".$file,
48 FILE_DIR.$_SESSION['user_id'].'/'.$datanode_id.".$file_suffix");
49 symlink(FILE_DIR.$_SESSION['user_id'].'/'.$datanode_id.".$file_suffix",
50 SYSTEM_ROOT.'/files/'.$datanode_id);
51
52 # Removed for now, need complete rewrite
53
54 # if ($_POST['gallery']) {
55 # $node_params['template_id']=DEF_GALLERY_TEMPLATE;
56 # $image=TMP."/".$_FILES['data_file']['name']."/".$file;
57 # $image_name=$file;
58 # $width=NODE_IMAGE_WIDTH;
59 #
60 # if (stristr($image_name,".jpg") ||
61 # stristr($image_name,".jpeg") ){
62 #
63 # /// XXX UTILZ_DIR is not set. remove?
64 # $cmd=UTILZ_DIR."/jpegtopnm $image |".UTILZ_DIR."/pnmscale -width=$width | ".UTILZ_DIR."ppmquant 256 |".UTILZ_DIR."ppmtogif >".SYSTEM_ROOT.SYSTEM_IMAGES.'/nodes/'.substr($datanode_id,0,1)."/".substr($datanode_id,1,1)."/".$datanode_id.".gif";
65 # }
66 # elseif (stristr($image_name,".gif")) {
67 # $cmd=UTILZ_DIR."/gifsicle --resize ".$width."x_ $image > ".SYSTE_ROOT.SYSTEM_IMAGES.'/nodes/'.substr($datanode_id,0,1)."/".substr($datanode_id,1,1)."/".$datanode_id.".gif";
68 # }
69 # if ($cmd) {
70 # shell_exec($cmd);
71 # }
72 # // XXX WTF
73 # echo $cmd;
74 # }
75 }
76 }
77 closedir($handle);
78 die();
79 }
80
81 else {
82 copy($_FILES['data_file']['tmp_name'],
83 FILE_DIR.$_SESSION['user_id'].'/'.$node['node_id'].".$suffix");
84 symlink(FILE_DIR.$_SESSION['user_id'].'/'.$node['node_id'].".$suffix",
85 FILE_DIR.'/'.$node['node_id']);
86 }
87 */
88 }
89 ?>
https://github.com/Kyberia/Kyberia-bloodline.git (mirrored @ Fri, 17 May 2024 12:30:09 +0200)
This page took 0.260466 seconds and 4 git commands to generate.