| 1925 | jp_milcent | 1 | <?php
 | 
        
           |  |  | 2 | /*
 | 
        
           |  |  | 3 |  * FCKeditor - The text editor for Internet - http://www.fckeditor.net
 | 
        
           |  |  | 4 |  * Copyright (C) 2003-2008 Frederico Caldeira Knabben
 | 
        
           |  |  | 5 |  *
 | 
        
           |  |  | 6 |  * == BEGIN LICENSE ==
 | 
        
           |  |  | 7 |  *
 | 
        
           |  |  | 8 |  * Licensed under the terms of any of the following licenses at your
 | 
        
           |  |  | 9 |  * choice:
 | 
        
           |  |  | 10 |  *
 | 
        
           |  |  | 11 |  *  - GNU General Public License Version 2 or later (the "GPL")
 | 
        
           |  |  | 12 |  *    http://www.gnu.org/licenses/gpl.html
 | 
        
           |  |  | 13 |  *
 | 
        
           |  |  | 14 |  *  - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
 | 
        
           |  |  | 15 |  *    http://www.gnu.org/licenses/lgpl.html
 | 
        
           |  |  | 16 |  *
 | 
        
           |  |  | 17 |  *  - Mozilla Public License Version 1.1 or later (the "MPL")
 | 
        
           |  |  | 18 |  *    http://www.mozilla.org/MPL/MPL-1.1.html
 | 
        
           |  |  | 19 |  *
 | 
        
           |  |  | 20 |  * == END LICENSE ==
 | 
        
           |  |  | 21 |  *
 | 
        
           |  |  | 22 |  * This is the File Manager Connector for PHP.
 | 
        
           |  |  | 23 |  */
 | 
        
           |  |  | 24 | function CombinePaths( $sBasePath, $sFolder )
 | 
        
           |  |  | 25 | {
 | 
        
           |  |  | 26 | 	return RemoveFromEnd( $sBasePath, '/' ) . '/' . RemoveFromStart( $sFolder, '/' ) ;
 | 
        
           |  |  | 27 | }
 | 
        
           |  |  | 28 | function GetResourceTypePath( $resourceType, $sCommand )
 | 
        
           |  |  | 29 | {
 | 
        
           |  |  | 30 | 	global $Config ;
 | 
        
           |  |  | 31 |   | 
        
           |  |  | 32 | 	if ( $sCommand == "QuickUpload")
 | 
        
           |  |  | 33 | 		return $Config['QuickUploadPath'][$resourceType] ;
 | 
        
           |  |  | 34 | 	else
 | 
        
           |  |  | 35 | 		return $Config['FileTypesPath'][$resourceType] ;
 | 
        
           |  |  | 36 | }
 | 
        
           |  |  | 37 |   | 
        
           |  |  | 38 | function GetResourceTypeDirectory( $resourceType, $sCommand )
 | 
        
           |  |  | 39 | {
 | 
        
           |  |  | 40 | 	global $Config ;
 | 
        
           |  |  | 41 | 	if ( $sCommand == "QuickUpload")
 | 
        
           |  |  | 42 | 	{
 | 
        
           |  |  | 43 | 		if ( strlen( $Config['QuickUploadAbsolutePath'][$resourceType] ) > 0 )
 | 
        
           |  |  | 44 | 			return $Config['QuickUploadAbsolutePath'][$resourceType] ;
 | 
        
           |  |  | 45 |   | 
        
           |  |  | 46 | 		// Map the "UserFiles" path to a local directory.
 | 
        
           |  |  | 47 | 		return Server_MapPath( $Config['QuickUploadPath'][$resourceType] ) ;
 | 
        
           |  |  | 48 | 	}
 | 
        
           |  |  | 49 | 	else
 | 
        
           |  |  | 50 | 	{
 | 
        
           |  |  | 51 | 		if ( strlen( $Config['FileTypesAbsolutePath'][$resourceType] ) > 0 )
 | 
        
           |  |  | 52 | 			return $Config['FileTypesAbsolutePath'][$resourceType] ;
 | 
        
           |  |  | 53 |   | 
        
           |  |  | 54 | 		// Map the "UserFiles" path to a local directory.
 | 
        
           |  |  | 55 | 		return Server_MapPath( $Config['FileTypesPath'][$resourceType] ) ;
 | 
        
           |  |  | 56 | 	}
 | 
        
           |  |  | 57 | }
 | 
        
           |  |  | 58 |   | 
        
           |  |  | 59 | function GetUrlFromPath( $resourceType, $folderPath, $sCommand )
 | 
        
           |  |  | 60 | {
 | 
        
           |  |  | 61 | 	return CombinePaths( GetResourceTypePath( $resourceType, $sCommand ), $folderPath ) ;
 | 
        
           |  |  | 62 | }
 | 
        
           |  |  | 63 |   | 
        
           |  |  | 64 | function RemoveExtension( $fileName )
 | 
        
           |  |  | 65 | {
 | 
        
           |  |  | 66 | 	return substr( $fileName, 0, strrpos( $fileName, '.' ) ) ;
 | 
        
           |  |  | 67 | }
 | 
        
           |  |  | 68 |   | 
        
           |  |  | 69 | function ServerMapFolder( $resourceType, $folderPath, $sCommand )
 | 
        
           |  |  | 70 | {
 | 
        
           |  |  | 71 | 	// Get the resource type directory.
 | 
        
           |  |  | 72 | 	$sResourceTypePath = GetResourceTypeDirectory( $resourceType, $sCommand ) ;
 | 
        
           |  |  | 73 |   | 
        
           |  |  | 74 | 	// Ensure that the directory exists.
 | 
        
           |  |  | 75 | 	$sErrorMsg = CreateServerFolder( $sResourceTypePath ) ;
 | 
        
           |  |  | 76 | 	if ( $sErrorMsg != '' )
 | 
        
           |  |  | 77 | 		SendError( 1, "Error creating folder \"{$sResourceTypePath}\" ({$sErrorMsg})" ) ;
 | 
        
           |  |  | 78 |   | 
        
           |  |  | 79 | 	// Return the resource type directory combined with the required path.
 | 
        
           |  |  | 80 | 	return CombinePaths( $sResourceTypePath , $folderPath ) ;
 | 
        
           |  |  | 81 | }
 | 
        
           |  |  | 82 |   | 
        
           |  |  | 83 | function GetParentFolder( $folderPath )
 | 
        
           |  |  | 84 | {
 | 
        
           |  |  | 85 | 	$sPattern = "-[/\\\\][^/\\\\]+[/\\\\]?$-" ;
 | 
        
           |  |  | 86 | 	return preg_replace( $sPattern, '', $folderPath ) ;
 | 
        
           |  |  | 87 | }
 | 
        
           |  |  | 88 |   | 
        
           |  |  | 89 | function CreateServerFolder( $folderPath, $lastFolder = null )
 | 
        
           |  |  | 90 | {
 | 
        
           |  |  | 91 | 	global $Config ;
 | 
        
           |  |  | 92 | 	$sParent = GetParentFolder( $folderPath ) ;
 | 
        
           |  |  | 93 |   | 
        
           |  |  | 94 | 	// Ensure the folder path has no double-slashes, or mkdir may fail on certain platforms
 | 
        
           |  |  | 95 | 	while ( strpos($folderPath, '//') !== false )
 | 
        
           |  |  | 96 | 	{
 | 
        
           |  |  | 97 | 		$folderPath = str_replace( '//', '/', $folderPath ) ;
 | 
        
           |  |  | 98 | 	}
 | 
        
           |  |  | 99 |   | 
        
           |  |  | 100 | 	// Check if the parent exists, or create it.
 | 
        
           |  |  | 101 | 	if ( !file_exists( $sParent ) )
 | 
        
           |  |  | 102 | 	{
 | 
        
           |  |  | 103 | 		//prevents agains infinite loop when we can't create root folder
 | 
        
           |  |  | 104 | 		if ( !is_null( $lastFolder ) && $lastFolder === $sParent) {
 | 
        
           |  |  | 105 | 			return "Can't create $folderPath directory" ;
 | 
        
           |  |  | 106 | 		}
 | 
        
           |  |  | 107 |   | 
        
           |  |  | 108 | 		$sErrorMsg = CreateServerFolder( $sParent, $folderPath ) ;
 | 
        
           |  |  | 109 | 		if ( $sErrorMsg != '' )
 | 
        
           |  |  | 110 | 			return $sErrorMsg ;
 | 
        
           |  |  | 111 | 	}
 | 
        
           |  |  | 112 |   | 
        
           |  |  | 113 | 	if ( !file_exists( $folderPath ) )
 | 
        
           |  |  | 114 | 	{
 | 
        
           |  |  | 115 | 		// Turn off all error reporting.
 | 
        
           |  |  | 116 | 		error_reporting( 0 ) ;
 | 
        
           |  |  | 117 |   | 
        
           |  |  | 118 | 		$php_errormsg = '' ;
 | 
        
           |  |  | 119 | 		// Enable error tracking to catch the error.
 | 
        
           |  |  | 120 | 		ini_set( 'track_errors', '1' ) ;
 | 
        
           |  |  | 121 |   | 
        
           |  |  | 122 | 		if ( isset( $Config['ChmodOnFolderCreate'] ) && !$Config['ChmodOnFolderCreate'] )
 | 
        
           |  |  | 123 | 		{
 | 
        
           |  |  | 124 | 			mkdir( $folderPath ) ;
 | 
        
           |  |  | 125 | 		}
 | 
        
           |  |  | 126 | 		else
 | 
        
           |  |  | 127 | 		{
 | 
        
           |  |  | 128 | 			$permissions = 0777 ;
 | 
        
           |  |  | 129 | 			if ( isset( $Config['ChmodOnFolderCreate'] ) )
 | 
        
           |  |  | 130 | 			{
 | 
        
           |  |  | 131 | 				$permissions = $Config['ChmodOnFolderCreate'] ;
 | 
        
           |  |  | 132 | 			}
 | 
        
           |  |  | 133 | 			// To create the folder with 0777 permissions, we need to set umask to zero.
 | 
        
           |  |  | 134 | 			$oldumask = umask(0) ;
 | 
        
           |  |  | 135 | 			mkdir( $folderPath, $permissions ) ;
 | 
        
           |  |  | 136 | 			umask( $oldumask ) ;
 | 
        
           |  |  | 137 | 		}
 | 
        
           |  |  | 138 |   | 
        
           |  |  | 139 | 		$sErrorMsg = $php_errormsg ;
 | 
        
           |  |  | 140 |   | 
        
           |  |  | 141 | 		// Restore the configurations.
 | 
        
           |  |  | 142 | 		ini_restore( 'track_errors' ) ;
 | 
        
           |  |  | 143 | 		ini_restore( 'error_reporting' ) ;
 | 
        
           |  |  | 144 |   | 
        
           |  |  | 145 | 		return $sErrorMsg ;
 | 
        
           |  |  | 146 | 	}
 | 
        
           |  |  | 147 | 	else
 | 
        
           |  |  | 148 | 		return '' ;
 | 
        
           |  |  | 149 | }
 | 
        
           |  |  | 150 |   | 
        
           |  |  | 151 | function GetRootPath()
 | 
        
           |  |  | 152 | {
 | 
        
           |  |  | 153 | 	if (!isset($_SERVER)) {
 | 
        
           |  |  | 154 | 		global $_SERVER;
 | 
        
           |  |  | 155 | 	}
 | 
        
           |  |  | 156 | 	$sRealPath = realpath( './' ) ;
 | 
        
           |  |  | 157 | 	// #2124 ensure that no slash is at the end
 | 
        
           |  |  | 158 | 	$sRealPath = rtrim($sRealPath,"\\/");
 | 
        
           |  |  | 159 |   | 
        
           |  |  | 160 | 	$sSelfPath = $_SERVER['PHP_SELF'] ;
 | 
        
           |  |  | 161 | 	$sSelfPath = substr( $sSelfPath, 0, strrpos( $sSelfPath, '/' ) ) ;
 | 
        
           |  |  | 162 |   | 
        
           |  |  | 163 | 	$sSelfPath = str_replace( '/', DIRECTORY_SEPARATOR, $sSelfPath ) ;
 | 
        
           |  |  | 164 |   | 
        
           |  |  | 165 | 	$position = strpos( $sRealPath, $sSelfPath ) ;
 | 
        
           |  |  | 166 |   | 
        
           |  |  | 167 | 	// This can check only that this script isn't run from a virtual dir
 | 
        
           |  |  | 168 | 	// But it avoids the problems that arise if it isn't checked
 | 
        
           |  |  | 169 | 	if ( $position === false || $position <> strlen( $sRealPath ) - strlen( $sSelfPath ) )
 | 
        
           |  |  | 170 | 		SendError( 1, 'Sorry, can\'t map "UserFilesPath" to a physical path. You must set the "UserFilesAbsolutePath" value in "editor/filemanager/connectors/php/config.php".' ) ;
 | 
        
           |  |  | 171 |   | 
        
           |  |  | 172 | 	return substr( $sRealPath, 0, $position ) ;
 | 
        
           |  |  | 173 | }
 | 
        
           |  |  | 174 |   | 
        
           |  |  | 175 | // Emulate the asp Server.mapPath function.
 | 
        
           |  |  | 176 | // given an url path return the physical directory that it corresponds to
 | 
        
           |  |  | 177 | function Server_MapPath( $path )
 | 
        
           |  |  | 178 | {
 | 
        
           |  |  | 179 | 	// This function is available only for Apache
 | 
        
           |  |  | 180 | 	if ( function_exists( 'apache_lookup_uri' ) )
 | 
        
           |  |  | 181 | 	{
 | 
        
           |  |  | 182 | 		$info = apache_lookup_uri( $path ) ;
 | 
        
           |  |  | 183 | 		return $info->filename . $info->path_info ;
 | 
        
           |  |  | 184 | 	}
 | 
        
           |  |  | 185 |   | 
        
           |  |  | 186 | 	// This isn't correct but for the moment there's no other solution
 | 
        
           |  |  | 187 | 	// If this script is under a virtual directory or symlink it will detect the problem and stop
 | 
        
           |  |  | 188 | 	return GetRootPath() . $path ;
 | 
        
           |  |  | 189 | }
 | 
        
           |  |  | 190 |   | 
        
           |  |  | 191 | function IsAllowedExt( $sExtension, $resourceType )
 | 
        
           |  |  | 192 | {
 | 
        
           |  |  | 193 | 	global $Config ;
 | 
        
           |  |  | 194 | 	// Get the allowed and denied extensions arrays.
 | 
        
           |  |  | 195 | 	$arAllowed	= $Config['AllowedExtensions'][$resourceType] ;
 | 
        
           |  |  | 196 | 	$arDenied	= $Config['DeniedExtensions'][$resourceType] ;
 | 
        
           |  |  | 197 |   | 
        
           |  |  | 198 | 	if ( count($arAllowed) > 0 && !in_array( $sExtension, $arAllowed ) )
 | 
        
           |  |  | 199 | 		return false ;
 | 
        
           |  |  | 200 |   | 
        
           |  |  | 201 | 	if ( count($arDenied) > 0 && in_array( $sExtension, $arDenied ) )
 | 
        
           |  |  | 202 | 		return false ;
 | 
        
           |  |  | 203 |   | 
        
           |  |  | 204 | 	return true ;
 | 
        
           |  |  | 205 | }
 | 
        
           |  |  | 206 |   | 
        
           |  |  | 207 | function IsAllowedType( $resourceType )
 | 
        
           |  |  | 208 | {
 | 
        
           |  |  | 209 | 	global $Config ;
 | 
        
           |  |  | 210 | 	if ( !in_array( $resourceType, $Config['ConfigAllowedTypes'] ) )
 | 
        
           |  |  | 211 | 		return false ;
 | 
        
           |  |  | 212 |   | 
        
           |  |  | 213 | 	return true ;
 | 
        
           |  |  | 214 | }
 | 
        
           |  |  | 215 |   | 
        
           |  |  | 216 | function IsAllowedCommand( $sCommand )
 | 
        
           |  |  | 217 | {
 | 
        
           |  |  | 218 | 	global $Config ;
 | 
        
           |  |  | 219 |   | 
        
           |  |  | 220 | 	if ( !in_array( $sCommand, $Config['ConfigAllowedCommands'] ) )
 | 
        
           |  |  | 221 | 		return false ;
 | 
        
           |  |  | 222 |   | 
        
           |  |  | 223 | 	return true ;
 | 
        
           |  |  | 224 | }
 | 
        
           |  |  | 225 |   | 
        
           |  |  | 226 | function GetCurrentFolder()
 | 
        
           |  |  | 227 | {
 | 
        
           |  |  | 228 | 	if (!isset($_GET)) {
 | 
        
           |  |  | 229 | 		global $_GET;
 | 
        
           |  |  | 230 | 	}
 | 
        
           |  |  | 231 | 	$sCurrentFolder	= isset( $_GET['CurrentFolder'] ) ? $_GET['CurrentFolder'] : '/' ;
 | 
        
           |  |  | 232 |   | 
        
           |  |  | 233 | 	// Check the current folder syntax (must begin and start with a slash).
 | 
        
           |  |  | 234 | 	if ( !preg_match( '|/$|', $sCurrentFolder ) )
 | 
        
           |  |  | 235 | 		$sCurrentFolder .= '/' ;
 | 
        
           |  |  | 236 | 	if ( strpos( $sCurrentFolder, '/' ) !== 0 )
 | 
        
           |  |  | 237 | 		$sCurrentFolder = '/' . $sCurrentFolder ;
 | 
        
           |  |  | 238 |   | 
        
           |  |  | 239 | 	// Ensure the folder path has no double-slashes
 | 
        
           |  |  | 240 | 	while ( strpos ($sCurrentFolder, '//') !== false ) {
 | 
        
           |  |  | 241 | 		$sCurrentFolder = str_replace ('//', '/', $sCurrentFolder) ;
 | 
        
           |  |  | 242 | 	}
 | 
        
           |  |  | 243 |   | 
        
           |  |  | 244 | 	// Check for invalid folder paths (..)
 | 
        
           |  |  | 245 | 	if ( strpos( $sCurrentFolder, '..' ) || strpos( $sCurrentFolder, "\\" ))
 | 
        
           |  |  | 246 | 		SendError( 102, '' ) ;
 | 
        
           |  |  | 247 |   | 
        
           |  |  | 248 | 	return $sCurrentFolder ;
 | 
        
           |  |  | 249 | }
 | 
        
           |  |  | 250 |   | 
        
           |  |  | 251 | // Do a cleanup of the folder name to avoid possible problems
 | 
        
           |  |  | 252 | function SanitizeFolderName( $sNewFolderName )
 | 
        
           |  |  | 253 | {
 | 
        
           |  |  | 254 | 	$sNewFolderName = stripslashes( $sNewFolderName ) ;
 | 
        
           |  |  | 255 |   | 
        
           |  |  | 256 | 	// Remove . \ / | : ? * " < >
 | 
        
           |  |  | 257 | 	$sNewFolderName = preg_replace( '/\\.|\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFolderName ) ;
 | 
        
           |  |  | 258 |   | 
        
           |  |  | 259 | 	return $sNewFolderName ;
 | 
        
           |  |  | 260 | }
 | 
        
           |  |  | 261 |   | 
        
           |  |  | 262 | // Do a cleanup of the file name to avoid possible problems
 | 
        
           |  |  | 263 | function SanitizeFileName( $sNewFileName )
 | 
        
           |  |  | 264 | {
 | 
        
           |  |  | 265 | 	global $Config ;
 | 
        
           |  |  | 266 |   | 
        
           |  |  | 267 | 	$sNewFileName = stripslashes( $sNewFileName ) ;
 | 
        
           |  |  | 268 |   | 
        
           |  |  | 269 | 	// Replace dots in the name with underscores (only one dot can be there... security issue).
 | 
        
           |  |  | 270 | 	if ( $Config['ForceSingleExtension'] )
 | 
        
           |  |  | 271 | 		$sNewFileName = preg_replace( '/\\.(?![^.]*$)/', '_', $sNewFileName ) ;
 | 
        
           |  |  | 272 |   | 
        
           |  |  | 273 | 	// Remove \ / | : ? * " < >
 | 
        
           |  |  | 274 | 	$sNewFileName = preg_replace( '/\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFileName ) ;
 | 
        
           |  |  | 275 |   | 
        
           |  |  | 276 | 	return $sNewFileName ;
 | 
        
           |  |  | 277 | }
 | 
        
           |  |  | 278 |   | 
        
           |  |  | 279 | // This is the function that sends the results of the uploading process.
 | 
        
           |  |  | 280 | function SendUploadResults( $errorNumber, $fileUrl = '', $fileName = '', $customMsg = '' )
 | 
        
           |  |  | 281 | {
 | 
        
           |  |  | 282 | 	// Minified version of the document.domain automatic fix script (#1919).
 | 
        
           |  |  | 283 | 	// The original script can be found at _dev/domain_fix_template.js
 | 
        
           |  |  | 284 | 	echo <<<EOF
 | 
        
           |  |  | 285 | <script type="text/javascript">
 | 
        
           |  |  | 286 | (function(){var d=document.domain;while (true){try{var A=window.parent.document.domain;break;}catch(e) {};d=d.replace(/.*?(?:\.|$)/,'');if (d.length==0) break;try{document.domain=d;}catch (e){break;}}})();
 | 
        
           |  |  | 287 | EOF;
 | 
        
           |  |  | 288 |   | 
        
           |  |  | 289 | 	$rpl = array( '\\' => '\\\\', '"' => '\\"' ) ;
 | 
        
           |  |  | 290 | 	echo 'window.parent.OnUploadCompleted(' . $errorNumber . ',"' . strtr( $fileUrl, $rpl ) . '","' . strtr( $fileName, $rpl ) . '", "' . strtr( $customMsg, $rpl ) . '") ;' ;
 | 
        
           |  |  | 291 | 	echo '</script>' ;
 | 
        
           |  |  | 292 | 	exit ;
 | 
        
           |  |  | 293 | }
 | 
        
           |  |  | 294 |   | 
        
           |  |  | 295 | ?>
 |