1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
|
<?php // -*-php-*-
rcs_id('$Id: UpLoad.php,v 1.19 2005/04/11 19:40:15 rurban Exp $');
/*
Copyright 2003, 2004 $ThePhpWikiProgrammingTeam
This file is part of PhpWiki.
PhpWiki is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
PhpWiki is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with PhpWiki; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
* UpLoad: Allow Administrator to upload files to a special directory,
* which should preferably be added to the InterWikiMap
* Usage: <?plugin UpLoad ?>
* Author: NathanGass <gass@iogram.ch>
* Changes: ReiniUrban <rurban@x-ray.at>,
* qubit <rtryon@dartmouth.edu>
* Note: See also Jochen Kalmbach's plugin/UserFileManagement.php
*/
class WikiPlugin_UpLoad
extends WikiPlugin
{
var $disallowed_extensions;
// TODO: use PagePerms instead
var $only_authenticated = true; // allow only authenticated users may upload.
function getName () {
return "UpLoad";
}
function getDescription () {
return _("Upload files to the local InterWiki Upload:<filename>");
}
function getDefaultArguments() {
return array('logfile' => 'phpwiki-upload.log',
// add a link of the fresh file automatically to the
// end of the page (or current page)
'autolink' => true,
'page' => '[pagename]',
);
}
function run($dbi, $argstr, &$request, $basepage) {
$this->disallowed_extensions = explode("\n",
"ad[ep]
asd
ba[st]
chm
cmd
com
cgi
cpl
crt
dll
eml
exe
hlp
hta
in[fs]
isp
jse?
lnk
md[betw]
ms[cipt]
nws
ocx
ops
pcd
p[ir]f
php
pl
py
reg
sc[frt]
sh[bsm]?
swf
url
vb[esx]?
vxd
ws[cfh]");
//removed "\{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}"
$args = $this->getArgs($argstr, $request);
extract($args);
$file_dir = getUploadFilePath();
//$url_prefix = SERVER_NAME . DATA_PATH;
$form = HTML::form(array('action' => $request->getPostURL(),
'enctype' => 'multipart/form-data',
'method' => 'post'));
$contents = HTML::div(array('class' => 'wikiaction'));
$contents->pushContent(HTML::input(array('type' => 'hidden',
'name' => 'MAX_FILE_SIZE',
'value' => MAX_UPLOAD_SIZE)));
$contents->pushContent(HTML::input(array('name' => 'userfile',
'type' => 'file',
'size' => '50')));
$contents->pushContent(HTML::raw(" "));
$contents->pushContent(HTML::input(array('value' => _("Upload"),
'type' => 'submit')));
$form->pushContent($contents);
$message = HTML();
if ($request->isPost() and $this->only_authenticated) {
// Make sure that the user is logged in.
$user = $request->getUser();
if (!$user->isAuthenticated()) {
$message->pushContent(HTML::h2(_("ACCESS DENIED: You must log in to upload files.")),
HTML::br(),HTML::br());
$result = HTML();
$result->pushContent($form);
$result->pushContent($message);
return $result;
}
}
$userfile = $request->getUploadedFile('userfile');
if ($userfile) {
$userfile_name = $userfile->getName();
$userfile_name = trim(basename($userfile_name));
$userfile_tmpname = $userfile->getTmpName();
$err_header = HTML::h2(fmt("ERROR uploading '%s': ", $userfile_name));
if (preg_match("/(\." . join("|\.", $this->disallowed_extensions) . ")\$/",
$userfile_name))
{
$message->pushContent($err_header);
$message->pushContent(fmt("Files with extension %s are not allowed.",
join(", ", $this->disallowed_extensions)),HTML::br(),HTML::br());
}
elseif (preg_match("/[^._a-zA-Z0-9-]/", $userfile_name))
{
$message->pushContent($err_header);
$message->pushContent(_("File names may only contain alphanumeric characters and dot, underscore or dash."),
HTML::br(),HTML::br());
}
elseif (file_exists($file_dir . $userfile_name)) {
$message->pushContent($err_header);
$message->pushContent(fmt("There is already a file with name %s uploaded.",
$userfile_name),HTML::br(),HTML::br());
}
elseif ($userfile->getSize() > (MAX_UPLOAD_SIZE)) {
$message->pushContent($err_header);
$message->pushContent(_("Sorry but this file is too big."),HTML::br(),HTML::br());
}
elseif (move_uploaded_file($userfile_tmpname, $file_dir . $userfile_name) or
(IsWindows() and rename($userfile_tmpname, $file_dir . $userfile_name))
)
{
$interwiki = new PageType_interwikimap();
$link = $interwiki->link("Upload:$userfile_name");
$message->pushContent(HTML::h2(_("File successfully uploaded.")));
$message->pushContent(HTML::ul(HTML::li($link)));
// the upload was a success and we need to mark this event in the "upload log"
if ($logfile) {
$upload_log = $file_dir . basename($logfile);
$this->log($userfile, $upload_log, $message);
}
if ($autolink) {
require_once("lib/loadsave.php");
$pagehandle = $dbi->getPage($page);
if ($pagehandle->exists()) {// don't replace default contents
$current = $pagehandle->getCurrentRevision();
$version = $current->getVersion();
$text = $current->getPackedContent();
$newtext = $text . "\n* [Upload:$userfile_name]";
$meta = $current->_data;
$meta['summary'] = sprintf(_("uploaded %s"),$userfile_name);
$pagehandle->save($newtext, $version + 1, $meta);
}
}
}
else {
$message->pushContent($err_header);
$message->pushContent(HTML::br(),_("Uploading failed."),HTML::br());
}
}
else {
$message->pushContent(HTML::br(),HTML::br());
}
//$result = HTML::div( array( 'class' => 'wikiaction' ) );
$result = HTML();
$result->pushContent($form);
$result->pushContent($message);
return $result;
}
function log ($userfile, $upload_log, &$message) {
global $WikiTheme;
$user = $GLOBALS['request']->_user;
if (!is_writable($upload_log)) {
trigger_error(_("The upload logfile is not writable."), E_USER_WARNING);
}
elseif (!$log_handle = fopen ($upload_log, "a")) {
trigger_error(_("Can't open the upload logfile."), E_USER_WARNING);
}
else { // file size in KB; precision of 0.1
$file_size = round(($userfile->getSize())/1024, 1);
if ($file_size <= 0) {
$file_size = "< 0.1";
}
$userfile_name = $userfile->getName();
fwrite($log_handle,
"\n"
. "<tr><td><a href=\"$userfile_name\">$userfile_name</a></td>"
. "<td align=\"right\">$file_size kB</td>"
. "<td> " . $WikiTheme->formatDate(time()) . "</td>"
. "<td> <em>" . $user->getId() . "</em></td></tr>");
fclose($log_handle);
}
return;
}
}
// $Log: UpLoad.php,v $
// Revision 1.19 2005/04/11 19:40:15 rurban
// Simplify upload. See https://sourceforge.net/forum/message.php?msg_id=3093651
// Improve UpLoad warnings.
// Move auth check before upload.
//
// Revision 1.18 2005/02/12 17:24:24 rurban
// locale update: missing . : fixed. unified strings
// proper linebreaks
//
// Revision 1.17 2004/11/09 08:15:50 rurban
// trim filename
//
// Revision 1.16 2004/10/21 19:03:37 rurban
// Be more stricter with uploads: Filenames may only contain alphanumeric
// characters. Patch #1037825
//
// Revision 1.15 2004/09/22 13:46:26 rurban
// centralize upload paths.
// major WikiPluginCached feature enhancement:
// support _STATIC pages in uploads/ instead of dynamic getimg.php? subrequests.
// mainly for debugging, cache problems and action=pdf
//
// Revision 1.14 2004/06/16 10:38:59 rurban
// Disallow refernces in calls if the declaration is a reference
// ("allow_call_time_pass_reference clean").
// PhpWiki is now allow_call_time_pass_reference = Off clean,
// but several external libraries may not.
// In detail these libs look to be affected (not tested):
// * Pear_DB odbc
// * adodb oracle
//
// Revision 1.13 2004/06/14 11:31:39 rurban
// renamed global $Theme to $WikiTheme (gforge nameclash)
// inherit PageList default options from PageList
// default sortby=pagename
// use options in PageList_Selectable (limit, sortby, ...)
// added action revert, with button at action=diff
// added option regex to WikiAdminSearchReplace
//
// Revision 1.12 2004/06/13 11:34:22 rurban
// fixed bug #969532 (space in uploaded filenames)
// improved upload error messages
//
// Revision 1.11 2004/06/11 09:07:30 rurban
// support theme-specific LinkIconAttr: front or after or none
//
// Revision 1.10 2004/04/12 10:19:18 rurban
// fixed copyright year
//
// Revision 1.9 2004/04/12 10:18:22 rurban
// removed the hairy regex line
//
// Revision 1.8 2004/04/12 09:12:22 rurban
// fix syntax errors
//
// Revision 1.7 2004/04/09 17:49:03 rurban
// Added PhpWiki RssFeed to Sidebar
// sidebar formatting
// some browser dependant fixes (old-browser support)
//
// Revision 1.6 2004/02/27 01:36:51 rurban
// autolink enabled
//
// Revision 1.5 2004/02/27 01:24:43 rurban
// use IntwerWiki links for uploaded file.
// autolink to page prepared, but not yet ready
//
// Revision 1.4 2004/02/21 19:12:59 rurban
// patch by Sascha Carlin
//
// Revision 1.3 2004/02/17 12:11:36 rurban
// added missing 4th basepage arg at plugin->run() to almost all plugins. This caused no harm so far, because it was silently dropped on normal usage. However on plugin internal ->run invocations it failed. (InterWikiSearch, IncludeSiteMap, ...)
//
// Revision 1.2 2004/01/26 09:18:00 rurban
// * changed stored pref representation as before.
// the array of objects is 1) bigger and 2)
// less portable. If we would import packed pref
// objects and the object definition was changed, PHP would fail.
// This doesn't happen with an simple array of non-default values.
// * use $prefs->retrieve and $prefs->store methods, where retrieve
// understands the interim format of array of objects also.
// * simplified $prefs->get() and fixed $prefs->set()
// * added $user->_userid and class '_WikiUser' portability functions
// * fixed $user object ->_level upgrading, mostly using sessions.
// this fixes yesterdays problems with loosing authorization level.
// * fixed WikiUserNew::checkPass to return the _level
// * fixed WikiUserNew::isSignedIn
// * added explodePageList to class PageList, support sortby arg
// * fixed UserPreferences for WikiUserNew
// * fixed WikiPlugin for empty defaults array
// * UnfoldSubpages: added pagename arg, renamed pages arg,
// removed sort arg, support sortby arg
//
// Revision 1.1 2003/11/04 18:41:41 carstenklapp
// New plugin which was submitted to the mailing list some time
// ago. (This is the best UpLoad function I have seen for PhpWiki so
// far. Cleaned up text formatting and typos from the version on the
// mailing list. Still needs a few adjustments.)
// (c-file-style: "gnu")
// Local Variables:
// mode: php
// tab-width: 8
// c-basic-offset: 4
// c-hanging-comment-ender-p: nil
// indent-tabs-mode: nil
// End:
?>
|
