lib/plugin/UpLoad.php

   1 <?php
   2
   3 /*
   4  * Copyright 2003,2004,2007 $ThePhpWikiProgrammingTeam
   5  * Copyright 2008-2009 Marc-Etienne Vargenau, Alcatel-Lucent
   6  *
   7  * This file is part of PhpWiki.
   8  *
   9  * PhpWiki is free software; you can redistribute it and/or modify
  10  * it under the terms of the GNU General Public License as published by
  11  * the Free Software Foundation; either version 2 of the License, or
  12  * (at your option) any later version.
  13  *
  14  * PhpWiki is distributed in the hope that it will be useful,
  15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  * GNU General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU General Public License along
  20  * with PhpWiki; if not, write to the Free Software Foundation, Inc.,
  21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  22
  23  */
  24
  25 /**
  26  * UpLoad:  Allow Administrator to upload files to a special directory,
  27  *          which should preferably be added to the InterWikiMap
  28  * Usage:   <<UpLoad >>
  29  * Author:  NathanGass <gass@iogram.ch>
  30  * Changes: ReiniUrban <rurban@x-ray.at>,
  31  *          qubit <rtryon@dartmouth.edu>
  32  *          Marc-Etienne Vargenau, Alcatel-Lucent
  33  * Note:    See also Jochen Kalmbach's plugin/UserFileManagement.php
  34  */
  35
  36 class WikiPlugin_UpLoad
  37     extends WikiPlugin
  38 {
  39     public $disallowed_extensions;
  40     // TODO: use PagePerms instead
  41     public $only_authenticated = true; // allow only authenticated users may upload.
  42
  43     function getName()
  44     {
  45         return "UpLoad";
  46     }
  47
  48     function getDescription()
  49     {
  50         return _("Upload files to the local InterWiki Upload:<filename>");
  51     }
  52
  53     function getDefaultArguments()
  54     {
  55         return array('logfile' => 'phpwiki-upload.log',
  56             // add a link of the fresh file automatically to the
  57             // end of the page (or current page)
  58             'autolink' => true,
  59             'page' => '[pagename]',
  60             'size' => 50,
  61             'mode' => 'actionpage', // or edit
  62         );
  63     }
  64
  65     function run($dbi, $argstr, &$request, $basepage)
  66     {
  67         $this->allowed_extensions = explode("\n",
  68             "7z
  69 avi
  70 bmp
  71 bz2
  72 c
  73 cfg
  74 diff
  75 doc
  76 docx
  77 flv
  78 gif
  79 h
  80 ics
  81 ini
  82 jpeg
  83 jpg
  84 kmz
  85 mp3
  86 odg
  87 odp
  88 ods
  89 odt
  90 ogg
  91 patch
  92 pdf
  93 png
  94 ppt
  95 pptx
  96 rar
  97 svg
  98 tar
  99 tar.gz
 100 txt
 101 xls
 102 xlsx
 103 xml
 104 xsd
 105 zip");
 106         $this->disallowed_extensions = explode("\n",
 107             "ad[ep]
 108 asd
 109 ba[st]
 110 chm
 111 cmd
 112 com
 113 cgi
 114 cpl
 115 crt
 116 dll
 117 eml
 118 exe
 119 hlp
 120 hta
 121 in[fs]
 122 isp
 123 jse?
 124 lnk
 125 md[betw]
 126 ms[cipt]
 127 nws
 128 ocx
 129 ops
 130 pcd
 131 p[ir]f
 132 php\d?
 133 phtml
 134 pl
 135 py
 136 reg
 137 sc[frt]
 138 sh[bsm]?
 139 url
 140 vb[esx]?
 141 vxd
 142 ws[cfh]");
 143         //removed "\{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}"
 144
 145         $args = $this->getArgs($argstr, $request);
 146         extract($args);
 147
 148         $file_dir = getUploadFilePath();
 149         $file_dir .= "/";
 150         $form = HTML::form(array('action' => $request->getPostURL(),
 151             'enctype' => 'multipart/form-data',
 152             'method' => 'post'));
 153         $contents = HTML::div(array('class' => 'wikiaction'));
 154         $contents->pushContent(HTML::input(array('type' => 'hidden',
 155             'name' => 'MAX_FILE_SIZE',
 156             'value' => MAX_UPLOAD_SIZE)));
 157         $contents->pushContent(HTML::input(array('name' => 'userfile',
 158             'type' => 'file',
 159             'size' => $size)));
 160         if ($mode == 'edit') {
 161             $contents->pushContent(HTML::input(array('name' => 'action',
 162                 'type' => 'hidden',
 163                 'value' => 'edit')));
 164             $contents->pushContent(HTML::raw(" "));
 165             $contents->pushContent(HTML::input(array('value' => _("Upload"),
 166                 'name' => 'edit[upload]',
 167                 'type' => 'submit')));
 168         } else {
 169             $contents->pushContent(HTML::raw(" "));
 170             $contents->pushContent(HTML::input(array('value' => _("Upload"),
 171                 'type' => 'submit')));
 172         }
 173         $form->pushContent($contents);
 174
 175         $message = HTML();
 176         if ($request->isPost() and $this->only_authenticated) {
 177             // Make sure that the user is logged in.
 178             $user = $request->getUser();
 179             if (!$user->isAuthenticated()) {
 180                 if (defined('FUSIONFORGE') and FUSIONFORGE) {
 181                     $message->pushContent(HTML::div(array('class' => 'error'),
 182                         HTML::p(_("You cannot upload files.")),
 183                         HTML::ul(
 184                             HTML::li(_("Check you are logged in.")),
 185                             HTML::li(_("Check you are in the right project.")),
 186                             HTML::li(_("Check you are a member of the current project."))
 187                         )
 188                     ));
 189                 } else {
 190                     $message->pushContent(HTML::div(array('class' => 'error'),
 191                         HTML::p(_("ACCESS DENIED: You must log in to upload files."))));
 192                 }
 193                 $result = HTML();
 194                 $result->pushContent($form);
 195                 $result->pushContent($message);
 196                 return $result;
 197             }
 198         }
 199
 200         $userfile = $request->getUploadedFile('userfile');
 201         if ($userfile) {
 202             $userfile_name = $userfile->getName();
 203             $userfile_name = trim(basename($userfile_name));
 204             if (UPLOAD_USERDIR) {
 205                 $file_dir .= $request->_user->_userid;
 206                 if (!file_exists($file_dir))
 207                     mkdir($file_dir, 0775);
 208                 $file_dir .= "/";
 209                 $u_userfile = $request->_user->_userid . "/" . $userfile_name;
 210             } else {
 211                 $u_userfile = $userfile_name;
 212             }
 213             $u_userfile = preg_replace("/ /", "%20", $u_userfile);
 214             $userfile_tmpname = $userfile->getTmpName();
 215             $err_header = HTML::div(array('class' => 'error'),
 216                 HTML::p(fmt("ERROR uploading “%s”", $userfile_name)));
 217             if (preg_match("/(\." . join("|\.", $this->disallowed_extensions) . ")(\.|\$)/i",
 218                 $userfile_name)
 219             ) {
 220                 $err_header->pushContent(HTML::p(fmt("Files with extension %s are not allowed.",
 221                     join(", ", $this->disallowed_extensions))));
 222                 $message->pushContent($err_header);
 223             } elseif (!DISABLE_UPLOAD_ONLY_ALLOWED_EXTENSIONS and
 224                 !preg_match("/(\." . join("|\.", $this->allowed_extensions) . ")\$/i",
 225                     $userfile_name)
 226             ) {
 227                 $err_header->pushContent(HTML::p(fmt("Only files with the extension %s are allowed.",
 228                     join(", ", $this->allowed_extensions))));
 229                 $message->pushContent($err_header);
 230             } elseif (preg_match("/[^._a-zA-Z0-9- ]/", strip_accents($userfile_name))) {
 231                 $err_header->pushContent(HTML::p(_("Invalid filename. File names may only contain alphanumeric characters and dot, underscore, space or dash.")));
 232                 $message->pushContent($err_header);
 233             } elseif (file_exists($file_dir . $userfile_name)) {
 234                 $err_header->pushContent(HTML::p(fmt("There is already a file with name %s uploaded.", $u_userfile)));
 235                 $message->pushContent($err_header);
 236             } elseif ($userfile->getSize() > (MAX_UPLOAD_SIZE)) {
 237                 $err_header->pushContent(HTML::p(_("Sorry but this file is too big.")));
 238                 $message->pushContent($err_header);
 239             } elseif (move_uploaded_file($userfile_tmpname, $file_dir . $userfile_name) or
 240                 (IsWindows() and rename($userfile_tmpname, $file_dir . $userfile_name))
 241             ) {
 242                 $interwiki = new PageType_interwikimap();
 243                 $link = $interwiki->link("Upload:$u_userfile");
 244                 $message->pushContent(HTML::div(array('class' => 'feedback'),
 245                     HTML::p(_("File successfully uploaded.")),
 246                     HTML::p($link)));
 247
 248                 // the upload was a success and we need to mark this event in the "upload log"
 249                 if ($logfile) {
 250                     $upload_log = $file_dir . basename($logfile);
 251                     $this->log($userfile, $upload_log, $message);
 252                 }
 253                 if ($autolink) {
 254                     require_once 'lib/loadsave.php';
 255                     $pagehandle = $dbi->getPage($page);
 256                     if ($pagehandle->exists()) { // don't replace default contents
 257                         $current = $pagehandle->getCurrentRevision();
 258                         $version = $current->getVersion();
 259                         $text = $current->getPackedContent();
 260                         $newtext = $text . "\n* Upload:$u_userfile"; // don't inline images
 261                         $meta = $current->_data;
 262                         $meta['summary'] = sprintf(_("uploaded %s"), $u_userfile);
 263                         $pagehandle->save($newtext, $version + 1, $meta);
 264                     }
 265                 }
 266             } else {
 267                 $err_header->pushContent(HTML::p(_("Uploading failed.")));
 268                 $message->pushContent($err_header);
 269             }
 270         } else {
 271             $message->pushContent(HTML::br(), _("No file selected. Please select one."), HTML::br());
 272         }
 273
 274         //$result = HTML::div( array( 'class' => 'wikiaction' ) );
 275         $result = HTML();
 276         $result->pushContent($form);
 277         $result->pushContent($message);
 278         return $result;
 279     }
 280
 281     function log($userfile, $upload_log, &$message)
 282     {
 283         global $WikiTheme;
 284         $user = $GLOBALS['request']->_user;
 285         if (file_exists($upload_log) and (!is_writable($upload_log))) {
 286             trigger_error(_("The upload logfile exists but is not writable."), E_USER_WARNING);
 287         } elseif (!$log_handle = fopen($upload_log, "a")) {
 288             trigger_error(_("Can't open the upload logfile."), E_USER_WARNING);
 289         } else { // file size in KB; precision of 0.1
 290             $file_size = round(($userfile->getSize()) / 1024, 1);
 291             if ($file_size <= 0) {
 292                 $file_size = "&lt; 0.1";
 293             }
 294             $userfile_name = $userfile->getName();
 295             fwrite($log_handle,
 296                 "\n"
 297                     . "<tr><td><a href=\"$userfile_name\">$userfile_name</a></td>"
 298                     . "<td align=\"right\">$file_size kB</td>"
 299                     . "<td>&nbsp;&nbsp;" . $WikiTheme->formatDate(time()) . "</td>"
 300                     . "<td>&nbsp;&nbsp;<em>" . $user->getId() . "</em></td></tr>");
 301             fclose($log_handle);
 302         }
 303         return;
 304     }
 305 }
 306
 307 // Local Variables:
 308 // mode: php
 309 // tab-width: 8
 310 // c-basic-offset: 4
 311 // c-hanging-comment-ender-p: nil
 312 // indent-tabs-mode: nil
 313 // End: