dolibarr  7.0.0-beta
io.php
1 <?php
2 /*
3  * FCKeditor - The text editor for Internet - http://www.fckeditor.net
4  * Copyright (C) 2003-2010 Frederico Caldeira Knabben
5  *
6  * == BEGIN LICENSE ==
7  *
8  * Licensed under the terms of any of the following licenses at your
9  * choice:
10  *
11  * - GNU General Public License Version 2 or later (the "GPL")
12  * http://www.gnu.org/licenses/gpl.html
13  *
14  * - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
15  * http://www.gnu.org/licenses/lgpl.html
16  *
17  * - Mozilla Public License Version 1.1 or later (the "MPL")
18  * http://www.mozilla.org/MPL/MPL-1.1.html
19  *
20  * == END LICENSE ==
21  *
22  * This is the File Manager Connector for PHP.
23  */
24 
32 function CombinePaths( $sBasePath, $sFolder )
33 {
34  return RemoveFromEnd($sBasePath, '/') . '/' . RemoveFromStart($sFolder, '/');
35 }
43 function GetResourceTypePath($resourceType, $sCommand)
44 {
45  global $Config ;
46 
47  if ($sCommand == "QuickUpload")
48  return $Config['QuickUploadPath'][$resourceType] ;
49  else
50  return $Config['FileTypesPath'][$resourceType] ;
51 }
52 
60 function GetResourceTypeDirectory($resourceType, $sCommand)
61 {
62  global $Config ;
63  if ($sCommand == "QuickUpload")
64  {
65  if ( strlen($Config['QuickUploadAbsolutePath'][$resourceType]) > 0)
66  return $Config['QuickUploadAbsolutePath'][$resourceType] ;
67 
68  // Map the "UserFiles" path to a local directory.
69  return Server_MapPath($Config['QuickUploadPath'][$resourceType]);
70  }
71  else
72  {
73  if ( strlen($Config['FileTypesAbsolutePath'][$resourceType]) > 0)
74  return $Config['FileTypesAbsolutePath'][$resourceType] ;
75 
76  // Map the "UserFiles" path to a local directory.
77  return Server_MapPath($Config['FileTypesPath'][$resourceType]);
78  }
79 }
80 
89 function GetUrlFromPath($resourceType, $folderPath, $sCommand)
90 {
91  return CombinePaths(GetResourceTypePath($resourceType, $sCommand), $folderPath);
92 }
93 
100 function RemoveExtension($fileName)
101 {
102  return substr($fileName, 0, strrpos($fileName, '.'));
103 }
112 function ServerMapFolder($resourceType, $folderPath, $sCommand)
113 {
114  // Get the resource type directory.
115  $sResourceTypePath = GetResourceTypeDirectory($resourceType, $sCommand);
116 
117  // Ensure that the directory exists.
118  $sErrorMsg = CreateServerFolder($sResourceTypePath);
119  if ( $sErrorMsg != '' )
120  SendError(1, "Error creating folder \"{$sResourceTypePath}\" ({$sErrorMsg})");
121 
122  // Return the resource type directory combined with the required path.
123  return CombinePaths($sResourceTypePath, $folderPath);
124 }
125 
132 function GetParentFolder($folderPath)
133 {
134  $sPattern = "-[/\\\\][^/\\\\]+[/\\\\]?$-" ;
135  return preg_replace($sPattern, '', $folderPath);
136 }
137 
145 function CreateServerFolder($folderPath, $lastFolder = null)
146 {
147  global $Config ;
148  $sParent = GetParentFolder($folderPath);
149 
150  // Ensure the folder path has no double-slashes, or mkdir may fail on certain platforms
151  while ( strpos($folderPath, '//') !== false )
152  {
153  $folderPath = str_replace('//', '/', $folderPath);
154  }
155 
156  // Check if the parent exists, or create it.
157  if ( !empty($sParent) && !file_exists($sParent))
158  {
159  //prevents agains infinite loop when we can't create root folder
160  if ( !is_null($lastFolder) && $lastFolder === $sParent) {
161  return "Can't create $folderPath directory" ;
162  }
163 
164  $sErrorMsg = CreateServerFolder($sParent, $folderPath);
165  if ( $sErrorMsg != '' )
166  return $sErrorMsg ;
167  }
168 
169  if ( !file_exists($folderPath))
170  {
171  // Turn off all error reporting.
172  error_reporting(0);
173 
174  $php_errormsg = '' ;
175  // Enable error tracking to catch the error.
176  ini_set('track_errors', '1');
177 
178  if ( isset( $Config['ChmodOnFolderCreate'] ) && !$Config['ChmodOnFolderCreate'] )
179  {
180  mkdir($folderPath);
181  }
182  else
183  {
184  $permissions = '0777';
185  if ( isset( $Config['ChmodOnFolderCreate'] ) && $Config['ChmodOnFolderCreate'])
186  {
187  $permissions = (string) $Config['ChmodOnFolderCreate'];
188  }
189  $permissionsdec = octdec($permissions);
190  $permissionsdec |= octdec('0111'); // Set x bit required for directories
191  dol_syslog("io.php permission = ".$permissions." ".$permissionsdec." ".decoct($permissionsdec));
192  // To create the folder with 0777 permissions, we need to set umask to zero.
193  $oldumask = umask(0);
194  mkdir($folderPath, $permissionsdec);
195  umask($oldumask);
196  }
197 
198  $sErrorMsg = $php_errormsg ;
199 
200  // Restore the configurations.
201  ini_restore('track_errors');
202  ini_restore('error_reporting');
203 
204  return $sErrorMsg ;
205  }
206  else
207  return '' ;
208 }
209 
215 function GetRootPath()
216 {
217  if (!isset($_SERVER)) {
218  global $_SERVER;
219  }
220  $sRealPath = realpath('./');
221  // #2124 ensure that no slash is at the end
222  $sRealPath = rtrim($sRealPath,"\\/");
223 
224  $sSelfPath = $_SERVER['PHP_SELF'] ;
225  $sSelfPath = substr($sSelfPath, 0, strrpos($sSelfPath, '/'));
226 
227  $sSelfPath = str_replace('/', DIRECTORY_SEPARATOR, $sSelfPath);
228 
229  $position = strpos($sRealPath, $sSelfPath);
230 
231  // This can check only that this script isn't run from a virtual dir
232  // But it avoids the problems that arise if it isn't checked
233  if ( $position === false || $position <> strlen($sRealPath) - strlen($sSelfPath) )
234  SendError(1, 'Sorry, can\'t map "UserFilesPath" to a physical path. You must set the "UserFilesAbsolutePath" value in "editor/filemanager/connectors/php/config.php".');
235 
236  return substr($sRealPath, 0, $position);
237 }
238 
239 // Emulate the asp Server.mapPath function.
240 // given an url path return the physical directory that it corresponds to
241 function Server_MapPath( $path )
242 {
243  // This function is available only for Apache
244  if (function_exists('apache_lookup_uri')) {
245  $info = apache_lookup_uri($path);
246  return $info->filename . $info->path_info ;
247  }
248 
249  // This isn't correct but for the moment there's no other solution
250  // If this script is under a virtual directory or symlink it will detect the problem and stop
251  return GetRootPath() . $path ;
252 }
253 
261 function IsAllowedExt($sExtension, $resourceType)
262 {
263  global $Config ;
264  // Get the allowed and denied extensions arrays.
265  $arAllowed = $Config['AllowedExtensions'][$resourceType] ;
266  $arDenied = $Config['DeniedExtensions'][$resourceType] ;
267 
268  if ( count($arAllowed) > 0 && !in_array($sExtension, $arAllowed))
269  return false ;
270 
271  if ( count($arDenied) > 0 && in_array($sExtension, $arDenied))
272  return false ;
273 
274  return true ;
275 }
276 
283 function IsAllowedType($resourceType)
284 {
285  global $Config ;
286  if ( !in_array($resourceType, $Config['ConfigAllowedTypes']))
287  return false ;
288 
289  return true ;
290 }
291 
298 function IsAllowedCommand($sCommand)
299 {
300  global $Config ;
301 
302  if (! in_array($sCommand, $Config['ConfigAllowedCommands']))
303  return false ;
304 
305  return true ;
306 }
307 
313 function GetCurrentFolder()
314 {
315  if (!isset($_GET)) {
316  global $_GET;
317  }
318  $sCurrentFolder = isset( $_GET['CurrentFolder'] ) ? GETPOST('CurrentFolder', '', 1) : '/' ;
319 
320  // Check the current folder syntax (must begin and start with a slash).
321  if (!preg_match('|/$|', $sCurrentFolder))
322  $sCurrentFolder .= '/' ;
323  if (strpos($sCurrentFolder, '/') !== 0)
324  $sCurrentFolder = '/' . $sCurrentFolder ;
325 
326  // Ensure the folder path has no double-slashes
327  while ( strpos($sCurrentFolder, '//') !== false ) {
328  $sCurrentFolder = str_replace('//', '/', $sCurrentFolder);
329  }
330 
331  // Check for invalid folder paths (..)
332  if ( strpos($sCurrentFolder, '..') || strpos($sCurrentFolder, "\\"))
333  SendError(102, '');
334 
335  if ( preg_match(",(/\.)|[[:cntrl:]]|(//)|(\\\\)|([\:\*\?\"<>\|]),", $sCurrentFolder))
336  SendError(102, '');
337 
338  return $sCurrentFolder ;
339 }
340 
341 // Do a cleanup of the folder name to avoid possible problems
342 function SanitizeFolderName( $sNewFolderName )
343 {
344  $sNewFolderName = stripslashes($sNewFolderName);
345 
346  // Remove . \ / | : ? * " < >
347  $sNewFolderName = preg_replace('/\\.|\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFolderName);
348 
349  return $sNewFolderName ;
350 }
351 
352 // Do a cleanup of the file name to avoid possible problems
353 function SanitizeFileName( $sNewFileName )
354 {
355  global $Config ;
356 
357  $sNewFileName = stripslashes($sNewFileName);
358 
359  // Replace dots in the name with underscores (only one dot can be there... security issue).
360  if ( $Config['ForceSingleExtension'] )
361  $sNewFileName = preg_replace('/\\.(?![^.]*$)/', '_', $sNewFileName);
362 
363  // Remove \ / | : ? * " < >
364  $sNewFileName = preg_replace('/\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFileName);
365 
366  return $sNewFileName ;
367 }
368 
369 // This is the function that sends the results of the uploading process.
370 function SendUploadResults( $errorNumber, $fileUrl = '', $fileName = '', $customMsg = '' )
371 {
372  // Minified version of the document.domain automatic fix script (#1919).
373  // The original script can be found at _dev/domain_fix_template.js
374  echo <<<EOF
375 <script type="text/javascript">
376 (function(){var d=document.domain;while (true){try{var A=window.parent.document.domain;break;}catch(e) {};d=d.replace(/.*?(?:\.|$)/,'');if (d.length==0) break;try{document.domain=d;}catch (e){break;}}})();
377 EOF;
378 
379  if ($errorNumber && $errorNumber != 201) {
380  $fileUrl = "";
381  $fileName = "";
382  }
383 
384  $rpl = array( '\\' => '\\\\', '"' => '\\"' );
385  echo 'window.parent.OnUploadCompleted(' . $errorNumber . ',"' . strtr($fileUrl, $rpl) . '","' . strtr($fileName, $rpl) . '", "' . strtr($customMsg, $rpl) . '");' ;
386  echo '</script>' ;
387  exit ;
388 }
389 
390 
391 // @CHANGE
392 
393 // This is the function that sends the results of the uploading process to CKE.
402 function SendCKEditorResults ($callback, $sFileUrl, $customMsg = '')
403 {
404  echo '<script type="text/javascript">';
405 
406  $rpl = array( '\\' => '\\\\', '"' => '\\"' );
407 
408  echo 'window.parent.CKEDITOR.tools.callFunction("'. $callback. '","'. strtr($sFileUrl, $rpl). '", "'. strtr($customMsg, $rpl). '");' ;
409 
410  echo '</script>';
411 }
412 
413 
GETPOST($paramname, $check='none', $method=0, $filter=NULL, $options=NULL, $noreplace=0)
Return value of a param into GET or POST supervariable.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='')
Write log message into outputs.
type
Definition: viewcat.php:283