dolibarr  16.0.5
commands.php
1 <?php
2 /*
3  * FCKeditor - The text editor for Internet - http://www.fckeditor.net
4  * Copyright (C) 2003-2010 Frederico Caldeira Knabben
5  *
6  * == BEGIN LICENSE ==
7  *
8  * Licensed under the terms of any of the following licenses at your
9  * choice:
10  *
11  * - GNU General Public License Version 2 or later (the "GPL")
12  * https://www.gnu.org/licenses/gpl.html
13  *
14  * - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
15  * https://www.gnu.org/licenses/lgpl.html
16  *
17  * - Mozilla Public License Version 1.1 or later (the "MPL")
18  * http://www.mozilla.org/MPL/MPL-1.1.html
19  *
20  * == END LICENSE ==
21  *
22  * This is the File Manager Connector for PHP.
23  */
24 
32 function GetFolders($resourceType, $currentFolder)
33 {
34  // Map the virtual path to the local server path.
35  $sServerDir = ServerMapFolder($resourceType, $currentFolder, 'GetFolders');
36 
37  // Array that will hold the folders names.
38  $aFolders = array();
39 
40  $oCurrentFolder = @opendir($sServerDir);
41 
42  if ($oCurrentFolder !== false) {
43  while ($sFile = readdir($oCurrentFolder)) {
44  if ($sFile != '.' && $sFile != '..' && is_dir($sServerDir.$sFile)) {
45  $aFolders[] = '<Folder name="'.ConvertToXmlAttribute($sFile).'" />';
46  }
47  }
48  closedir($oCurrentFolder);
49  }
50 
51  // Open the "Folders" node.
52  echo "<Folders>";
53 
54  natcasesort($aFolders);
55  foreach ($aFolders as $sFolder) {
56  echo $sFolder;
57  }
58 
59  // Close the "Folders" node.
60  echo "</Folders>";
61 }
62 
70 function GetFoldersAndFiles($resourceType, $currentFolder)
71 {
72  // Map the virtual path to the local server path.
73  $sServerDir = ServerMapFolder($resourceType, $currentFolder, 'GetFoldersAndFiles');
74 
75  // Arrays that will hold the folders and files names.
76  $aFolders = array();
77  $aFiles = array();
78 
79  $oCurrentFolder = @opendir($sServerDir);
80 
81  if ($oCurrentFolder !== false) {
82  while ($sFile = readdir($oCurrentFolder)) {
83  if ($sFile != '.' && $sFile != '..') {
84  if (is_dir($sServerDir.$sFile)) {
85  $aFolders[] = '<Folder name="'.ConvertToXmlAttribute($sFile).'" />';
86  } else {
87  $iFileSize = @filesize($sServerDir.$sFile);
88  if (!$iFileSize) {
89  $iFileSize = 0;
90  }
91  if ($iFileSize > 0) {
92  $iFileSize = round($iFileSize / 1024);
93  if ($iFileSize < 1) {
94  $iFileSize = 1;
95  }
96  }
97 
98  $aFiles[] = '<File name="'.ConvertToXmlAttribute($sFile).'" size="'.$iFileSize.'" />';
99  }
100  }
101  }
102  closedir($oCurrentFolder);
103  }
104 
105  // Send the folders
106  natcasesort($aFolders);
107  echo '<Folders>';
108 
109  foreach ($aFolders as $sFolder) {
110  echo $sFolder;
111  }
112 
113  echo '</Folders>';
114 
115  // Send the files
116  natcasesort($aFiles);
117  echo '<Files>';
118 
119  foreach ($aFiles as $sFiles) {
120  echo $sFiles;
121  }
122 
123  echo '</Files>';
124 }
125 
133 function CreateFolder($resourceType, $currentFolder)
134 {
135  if (!isset($_GET)) {
136  global $_GET;
137  }
138  $sErrorNumber = '0';
139  $sErrorMsg = '';
140 
141  if (isset($_GET['NewFolderName'])) {
142  $sNewFolderName = $_GET['NewFolderName'];
143  $sNewFolderName = SanitizeFolderName($sNewFolderName);
144 
145  if (strpos($sNewFolderName, '..') !== false) {
146  $sErrorNumber = '102'; // Invalid folder name.
147  } else {
148  // Map the virtual path to the local server path of the current folder.
149  $sServerDir = ServerMapFolder($resourceType, $currentFolder, 'CreateFolder');
150 
151  if (is_writable($sServerDir)) {
152  $sServerDir .= $sNewFolderName;
153 
154  $sErrorMsg = CreateServerFolder($sServerDir);
155 
156  switch ($sErrorMsg) {
157  case '':
158  $sErrorNumber = '0';
159  break;
160  case 'Invalid argument':
161  case 'No such file or directory':
162  $sErrorNumber = '102'; // Path too long.
163  break;
164  default:
165  $sErrorNumber = '110';
166  break;
167  }
168  } else {
169  $sErrorNumber = '103';
170  }
171  }
172  } else {
173  $sErrorNumber = '102';
174  }
175 
176  // Create the "Error" node.
177  echo '<Error number="'.$sErrorNumber.'" />';
178 }
179 
180 // @CHANGE
181 //function FileUpload( $resourceType, $currentFolder, $sCommand )
191 function FileUpload($resourceType, $currentFolder, $sCommand, $CKEcallback = '')
192 {
193  if (!isset($_FILES)) {
194  global $_FILES;
195  }
196  $sErrorNumber = '0';
197  $sFileName = '';
198 
199  if (isset($_FILES['NewFile']) && !is_null($_FILES['NewFile']['tmp_name'])
200  // This is for the QuickUpload tab box
201  or (isset($_FILES['upload']) && !is_null($_FILES['upload']['tmp_name']))) {
202  global $Config;
203 
204  $oFile = isset($_FILES['NewFile']) ? $_FILES['NewFile'] : $_FILES['upload'];
205 
206  // $resourceType should be 'Image';
207  $detectHtml = 0;
208 
209  // Map the virtual path to the local server path.
210  $sServerDir = ServerMapFolder($resourceType, $currentFolder, $sCommand);
211 
212  // Get the uploaded file name.
213  $sFileName = $oFile['name'];
214 
215  //$sFileName = SanitizeFileName($sFileName);
216  $sFileName = dol_sanitizeFileName($sFileName);
217 
218  $sOriginalFileName = $sFileName;
219 
220  // Get the extension.
221  $sExtension = substr($sFileName, (strrpos($sFileName, '.') + 1));
222  $sExtension = strtolower($sExtension);
223 
224  //var_dump($Config);
225  /*
226  if (isset($Config['SecureImageUploads'])) {
227  if (($isImageValid = IsImageValid($oFile['tmp_name'], $sExtension)) === false) {
228  $sErrorNumber = '202';
229  }
230  }
231 
232  if (isset($Config['HtmlExtensions'])) {
233  if (!IsHtmlExtension($sExtension, $Config['HtmlExtensions']) &&
234  ($detectHtml = DetectHtml($oFile['tmp_name'])) === true) {
235  $sErrorNumber = '202';
236  }
237  }
238  */
239 
240 
241  include_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php';
242  //var_dump($sFileName); var_dump(image_format_supported($sFileName));exit;
243  $isImageValid = (image_format_supported($sFileName) >= 0 ? true : false);
244  if (!$isImageValid) {
245  $sErrorNumber = '202';
246  }
247 
248 
249  // Check if it is an allowed extension.
250  if (!$sErrorNumber) {
251  if (IsAllowedExt($sExtension, $resourceType)) {
252  $iCounter = 0;
253 
254  while (true) {
255  $sFilePath = $sServerDir.$sFileName;
256 
257  if (is_file($sFilePath)) {
258  $iCounter++;
259  $sFileName = RemoveExtension($sOriginalFileName).'('.$iCounter.').'.$sExtension;
260  $sErrorNumber = '201';
261  } else {
262  include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
263  dol_move_uploaded_file($oFile['tmp_name'], $sFilePath, 0, 0);
264 
265  if (is_file($sFilePath)) {
266  if (isset($Config['ChmodOnUpload']) && !$Config['ChmodOnUpload']) {
267  break;
268  }
269 
270  $permissions = '0777';
271  if (isset($Config['ChmodOnUpload']) && $Config['ChmodOnUpload']) {
272  $permissions = (string) $Config['ChmodOnUpload'];
273  }
274  $permissionsdec = octdec($permissions);
275  dol_syslog("commands.php permission = ".$permissions." ".$permissionsdec." ".decoct($permissionsdec));
276  $oldumask = umask(0);
277  chmod($sFilePath, $permissionsdec);
278  umask($oldumask);
279  }
280 
281  break;
282  }
283  }
284 
285  if (file_exists($sFilePath)) {
286  //previous checks failed, try once again
287  if (isset($isImageValid) && $isImageValid === -1 && IsImageValid($sFilePath, $sExtension) === false) {
288  dol_syslog("commands.php IsImageValid is ko");
289  @unlink($sFilePath);
290  $sErrorNumber = '202';
291  } elseif (isset($detectHtml) && $detectHtml === -1 && DetectHtml($sFilePath) === true) {
292  dol_syslog("commands.php DetectHtml is ko");
293  @unlink($sFilePath);
294  $sErrorNumber = '202';
295  }
296  }
297  } else {
298  $sErrorNumber = '202';
299  }
300  }
301  } else {
302  $sErrorNumber = '203';
303  }
304 
305 
306  $sFileUrl = CombinePaths(GetResourceTypePath($resourceType, $sCommand), $currentFolder);
307  $sFileUrl = CombinePaths($sFileUrl, $sFileName);
308 
309 
310  // @CHANGE
311  //SendUploadResults( $sErrorNumber, $sFileUrl, $sFileName );
312  if ($CKEcallback == '') {
313  // this line already exists so wrap the if block around it
314  SendUploadResults($sErrorNumber, $sFileUrl, $sFileName);
315  } else {
316  //issue the CKEditor Callback
317  SendCKEditorResults(
318  $CKEcallback,
319  $sFileUrl,
320  ($sErrorNumber != 0 ? 'Error '.$sErrorNumber.' upload failed.' : 'Upload Successful')
321  );
322  }
323 
324  exit;
325 }
FileUpload
This class is used to manage file upload using ajax.
Definition: fileupload.class.php:31
dol_sanitizeFileName
dol_sanitizeFileName($str, $newstr='_', $unaccent=1)
Clean a string to use it as a file name.
Definition: functions.lib.php:1226
image_format_supported
image_format_supported($file, $acceptsvg=0)
Return if a filename is file name of a supported image format.
Definition: images.lib.php:80
dol_move_uploaded_file
dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite, $disablevirusscan=0, $uploaderrorcode=0, $nohook=0, $varfiles='addedfile', $upload_dir='')
Make control on an uploaded file from an GUI page and move it to final destination.
Definition: files.lib.php:1092
dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition: functions.lib.php:1603
Generated on Sun Feb 4 2024 01:01:08 for dolibarr by Doxygen 1.8.17