lib/plugin/UpLoad.php

   1 <?php // -*-php-*-
   2 rcs_id('$Id$');
   3 /*
   4  Copyright 2003,2004,2007 $ThePhpWikiProgrammingTeam
   5  Copyright 2008-2009 Marc-Etienne Vargenau, Alcatel-Lucent
   6
   7  This file is part of PhpWiki.
   8
   9  PhpWiki is free software; you can redistribute it and/or modify
  10  it under the terms of the GNU General Public License as published by
  11  the Free Software Foundation; either version 2 of the License, or
  12  (at your option) any later version.
  13
  14  PhpWiki is distributed in the hope that it will be useful,
  15  but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  GNU General Public License for more details.
  18
  19  You should have received a copy of the GNU General Public License
  20  along with PhpWiki; if not, write to the Free Software
  21  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  22
  23  */
  24
  25 /**
  26  * UpLoad:  Allow Administrator to upload files to a special directory,
  27  *          which should preferably be added to the InterWikiMap
  28  * Usage:   <?plugin UpLoad ?>
  29  * Author:  NathanGass <gass@iogram.ch>
  30  * Changes: ReiniUrban <rurban@x-ray.at>,
  31  *          qubit <rtryon@dartmouth.edu>
  32  *          Marc-Etienne Vargenau, Alcatel-Lucent
  33  * Note:    See also Jochen Kalmbach's plugin/UserFileManagement.php
  34  */
  35
  36 class WikiPlugin_UpLoad
  37 extends WikiPlugin
  38 {
  39     var $disallowed_extensions;
  40     // TODO: use PagePerms instead
  41     var $only_authenticated = true; // allow only authenticated users may upload.
  42
  43     function getName () {
  44         return "UpLoad";
  45     }
  46
  47     function getDescription () {
  48         return _("Upload files to the local InterWiki Upload:<filename>");
  49     }
  50
  51     function getVersion() {
  52         return preg_replace("/[Revision: $]/", '',
  53                             "\$Revision$");
  54     }
  55
  56     function getDefaultArguments() {
  57         return array('logfile'  => 'phpwiki-upload.log',
  58                      // add a link of the fresh file automatically to the
  59                      // end of the page (or current page)
  60                      'autolink' => true,
  61                      'page'     => '[pagename]',
  62                      'size'     => 50,
  63                      'mode'     => 'actionpage', // or edit
  64                      );
  65     }
  66
  67     function run($dbi, $argstr, &$request, $basepage) {
  68         $this->allowed_extensions = explode("\n",
  69 "7z
  70 avi
  71 bmp
  72 bz2
  73 c
  74 cfg
  75 diff
  76 doc
  77 docx
  78 flv
  79 gif
  80 h
  81 ics
  82 ini
  83 jpeg
  84 jpg
  85 kmz
  86 mp3
  87 odg
  88 odp
  89 ods
  90 odt
  91 patch
  92 pdf
  93 png
  94 ppt
  95 pptx
  96 rar
  97 tar
  98 tar.gz
  99 txt
 100 xls
 101 xlsx
 102 xml
 103 xsd
 104 zip");
 105         $this->disallowed_extensions = explode("\n",
 106 "ad[ep]
 107 asd
 108 ba[st]
 109 chm
 110 cmd
 111 com
 112 cgi
 113 cpl
 114 crt
 115 dll
 116 eml
 117 exe
 118 hlp
 119 hta
 120 in[fs]
 121 isp
 122 jse?
 123 lnk
 124 md[betw]
 125 ms[cipt]
 126 nws
 127 ocx
 128 ops
 129 pcd
 130 p[ir]f
 131 php\d?
 132 phtml
 133 pl
 134 py
 135 reg
 136 sc[frt]
 137 sh[bsm]?
 138 swf
 139 url
 140 vb[esx]?
 141 vxd
 142 ws[cfh]");
 143         //removed "\{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}"
 144
 145         $args = $this->getArgs($argstr, $request);
 146         extract($args);
 147
 148         $file_dir = getUploadFilePath();
 149         $file_dir .= "/";
 150         $form = HTML::form(array('action'  => $request->getPostURL(),
 151                                  'enctype' => 'multipart/form-data',
 152                                  'method'  => 'post'));
 153         $contents = HTML::div(array('class' => 'wikiaction'));
 154         $contents->pushContent(HTML::input(array('type' => 'hidden',
 155                                                  'name' => 'MAX_FILE_SIZE',
 156                                                  'value'=> MAX_UPLOAD_SIZE)));
 157         $contents->pushContent(HTML::input(array('name' => 'userfile',
 158                                                  'type' => 'file',
 159                                                  'size' => $size)));
 160         if ($mode == 'edit') {
 161             $contents->pushContent(HTML::input(array('name' => 'action',
 162                                                      'type' => 'hidden',
 163                                                      'value'=> 'edit')));
 164             $contents->pushContent(HTML::raw(" "));
 165             $contents->pushContent(HTML::input(array('value' => _("Upload"),
 166                                                      'name'  => 'edit[upload]',
 167                                                      'type'  => 'submit')));
 168         } else {
 169             $contents->pushContent(HTML::raw(" "));
 170             $contents->pushContent(HTML::input(array('value' => _("Upload"),
 171                                                      'type'  => 'submit')));
 172         }
 173         $form->pushContent($contents);
 174
 175         $message = HTML();
 176         if ($request->isPost() and $this->only_authenticated) {
 177             // Make sure that the user is logged in.
 178             $user = $request->getUser();
 179             if (!$user->isAuthenticated()) {
 180                 global $WikiTheme;
 181                 if (isa($WikiTheme, 'WikiTheme_gforge')) {
 182                     $message->pushContent(HTML::div(array('class' => 'error'),
 183                                             HTML::p(_("You cannot upload files.")),
 184                                             HTML::ul(
 185                                               HTML::li(_("Check you are logged in.")),
 186                                               HTML::li(_("Check you are in the right project.")),
 187                                               HTML::li(_("Check you are a member of the current project."))
 188                                             )
 189                                          ));
 190                 } else {
 191                     $message->pushContent(HTML::div(array('class' => 'error'),
 192                                             HTML::p(_("ACCESS DENIED: You must log in to upload files."))));
 193                 }
 194                 $result = HTML();
 195                 $result->pushContent($form);
 196                 $result->pushContent($message);
 197                 return $result;
 198             }
 199         }
 200
 201         $userfile = $request->getUploadedFile('userfile');
 202         if ($userfile) {
 203             $userfile_name = $userfile->getName();
 204             $userfile_name = trim(basename($userfile_name));
 205             if (UPLOAD_USERDIR) {
 206                 $file_dir .= $request->_user->_userid;
 207                 if (!file_exists($file_dir))
 208                     mkdir($file_dir, 0775);
 209                 $file_dir .= "/";
 210                 $u_userfile = $request->_user->_userid . "/" . $userfile_name;
 211             } else {
 212                 $u_userfile = $userfile_name;
 213             }
 214             $u_userfile = preg_replace("/ /", "%20", $u_userfile);
 215             $userfile_tmpname = $userfile->getTmpName();
 216             $err_header = HTML::div(array('class' => 'error'),
 217                                 HTML::p(fmt("ERROR uploading '%s'", $userfile_name)));
 218             if (preg_match("/(\." . join("|\.", $this->disallowed_extensions) . ")(\.|\$)/i",
 219                            $userfile_name))
 220             {
 221                 $message->pushContent($err_header);
 222                 $message->pushContent(HTML::p(fmt("Files with extension %s are not allowed.",
 223                                               join(", ", $this->disallowed_extensions))));
 224             }
 225             elseif (! DISABLE_UPLOAD_ONLY_ALLOWED_EXTENSIONS and
 226                     ! preg_match("/(\." . join("|\.", $this->allowed_extensions) . ")\$/i",
 227                                $userfile_name))
 228             {
 229                 $message->pushContent($err_header);
 230                 $message->pushContent(HTML::p(fmt("Only files with the extension %s are allowed.",
 231                                               join(", ", $this->allowed_extensions))));
 232             }
 233             elseif (preg_match("/[^._a-zA-Z0-9- ]/", strip_accents($userfile_name)))
 234             {
 235                 $message->pushContent($err_header);
 236                 $message->pushContent(HTML::p(_("Invalid filename. File names may only contain alphanumeric characters and dot, underscore, space or dash.")));
 237             }
 238             elseif (file_exists($file_dir . $userfile_name)) {
 239                 $message->pushContent($err_header);
 240                 $message->pushContent(HTML::p(fmt("There is already a file with name %s uploaded.",
 241                                                   $u_userfile)));
 242             }
 243             elseif ($userfile->getSize() > (MAX_UPLOAD_SIZE)) {
 244                 $message->pushContent($err_header);
 245                 $message->pushContent(HTML::p(_("Sorry but this file is too big.")));
 246             }
 247             elseif (move_uploaded_file($userfile_tmpname, $file_dir . $userfile_name) or
 248                     (IsWindows() and rename($userfile_tmpname, $file_dir . $userfile_name))
 249                     )
 250             {
 251                 $interwiki = new PageType_interwikimap();
 252                 $link = $interwiki->link("Upload:$u_userfile");
 253                 $message->pushContent(HTML::div(array('class' => 'feedback'),
 254                                                 HTML::p(_("File successfully uploaded.")),
 255                                                 HTML::p($link)));
 256
 257                 // the upload was a success and we need to mark this event in the "upload log"
 258                 if ($logfile) {
 259                     $upload_log = $file_dir . basename($logfile);
 260                     $this->log($userfile, $upload_log, $message);
 261                 }
 262                 if ($autolink) {
 263                     require_once("lib/loadsave.php");
 264                     $pagehandle = $dbi->getPage($page);
 265                     if ($pagehandle->exists()) {// don't replace default contents
 266                         $current = $pagehandle->getCurrentRevision();
 267                         $version = $current->getVersion();
 268                         $text = $current->getPackedContent();
 269                         $newtext = $text . "\n* Upload:$u_userfile"; // don't inline images
 270                         $meta = $current->_data;
 271                         $meta['summary'] = sprintf(_("uploaded %s"),$u_userfile);
 272                         $pagehandle->save($newtext, $version + 1, $meta);
 273                     }
 274                 }
 275             } else {
 276                 $message->pushContent($err_header);
 277                 $message->pushContent(HTML::br(),_("Uploading failed."),HTML::br());
 278             }
 279         }
 280         else {
 281             $message->pushContent(HTML::br(),_("No file selected. Please select one."),HTML::br());
 282         }
 283
 284         //$result = HTML::div( array( 'class' => 'wikiaction' ) );
 285         $result = HTML();
 286         $result->pushContent($form);
 287         $result->pushContent($message);
 288         return $result;
 289     }
 290
 291     function log ($userfile, $upload_log, &$message) {
 292         global $WikiTheme;
 293         $user = $GLOBALS['request']->_user;
 294         if (file_exists($upload_log) and (!is_writable($upload_log))) {
 295             trigger_error(_("The upload logfile exists but is not writable."), E_USER_WARNING);
 296         }
 297         elseif (!$log_handle = fopen ($upload_log, "a")) {
 298             trigger_error(_("Can't open the upload logfile."), E_USER_WARNING);
 299         }
 300         else {        // file size in KB; precision of 0.1
 301             $file_size = round(($userfile->getSize())/1024, 1);
 302             if ($file_size <= 0) {
 303                 $file_size = "&lt; 0.1";
 304             }
 305             $userfile_name = $userfile->getName();
 306             fwrite($log_handle,
 307                    "\n"
 308                    . "<tr><td><a href=\"$userfile_name\">$userfile_name</a></td>"
 309                    . "<td align=\"right\">$file_size kB</td>"
 310                    . "<td>&nbsp;&nbsp;" . $WikiTheme->formatDate(time()) . "</td>"
 311                    . "<td>&nbsp;&nbsp;<em>" . $user->getId() . "</em></td></tr>");
 312             fclose($log_handle);
 313         }
 314         return;
 315     }
 316
 317 }
 318
 319 // (c-file-style: "gnu")
 320 // Local Variables:
 321 // mode: php
 322 // tab-width: 8
 323 // c-basic-offset: 4
 324 // c-hanging-comment-ender-p: nil
 325 // indent-tabs-mode: nil
 326 // End:
 327 ?>