lib/plugin/UpLoad.php

   1 <?php // -*-php-*-
   2 rcs_id('$Id$');
   3 /*
   4  Copyright 2003,2004,2007 $ThePhpWikiProgrammingTeam
   5  Copyright 2008 Marc-Etienne Vargenau, Alcatel-Lucent
   6
   7  This file is part of PhpWiki.
   8
   9  PhpWiki is free software; you can redistribute it and/or modify
  10  it under the terms of the GNU General Public License as published by
  11  the Free Software Foundation; either version 2 of the License, or
  12  (at your option) any later version.
  13
  14  PhpWiki is distributed in the hope that it will be useful,
  15  but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  GNU General Public License for more details.
  18
  19  You should have received a copy of the GNU General Public License
  20  along with PhpWiki; if not, write to the Free Software
  21  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  22
  23  */
  24
  25 /**
  26  * UpLoad:  Allow Administrator to upload files to a special directory,
  27  *          which should preferably be added to the InterWikiMap
  28  * Usage:   <?plugin UpLoad ?>
  29  * Author:  NathanGass <gass@iogram.ch>
  30  * Changes: ReiniUrban <rurban@x-ray.at>,
  31  *          qubit <rtryon@dartmouth.edu>
  32  *          Marc-Etienne Vargenau, Alcatel-Lucent
  33  * Note:    See also Jochen Kalmbach's plugin/UserFileManagement.php
  34  */
  35
  36 class WikiPlugin_UpLoad
  37 extends WikiPlugin
  38 {
  39     var $disallowed_extensions;
  40     // TODO: use PagePerms instead
  41     var $only_authenticated = true; // allow only authenticated users may upload.
  42
  43     function getName () {
  44         return "UpLoad";
  45     }
  46
  47     function getDescription () {
  48         return _("Upload files to the local InterWiki Upload:<filename>");
  49     }
  50
  51     function getVersion() {
  52         return preg_replace("/[Revision: $]/", '',
  53                             "\$Revision$");
  54     }
  55
  56     function getDefaultArguments() {
  57         return array('logfile'  => 'phpwiki-upload.log',
  58                      // add a link of the fresh file automatically to the
  59                      // end of the page (or current page)
  60                      'autolink' => true,
  61                      'page'     => '[pagename]',
  62                      'size'     => 50,
  63                      'mode'     => 'actionpage', // or edit
  64                      );
  65     }
  66
  67     function run($dbi, $argstr, &$request, $basepage) {
  68         $this->allowed_extensions = explode("\n",
  69 "7z
  70 avi
  71 bmp
  72 bz2
  73 c
  74 cfg
  75 diff
  76 doc
  77 gif
  78 h
  79 ini
  80 jpeg
  81 jpg
  82 kmz
  83 mp3
  84 odg
  85 odp
  86 ods
  87 odt
  88 patch
  89 pdf
  90 png
  91 ppt
  92 rar
  93 tar
  94 tar.gz
  95 txt
  96 xls
  97 xml
  98 xsd
  99 zip");
 100         $this->disallowed_extensions = explode("\n",
 101 "ad[ep]
 102 asd
 103 ba[st]
 104 chm
 105 cmd
 106 com
 107 cgi
 108 cpl
 109 crt
 110 dll
 111 eml
 112 exe
 113 hlp
 114 hta
 115 in[fs]
 116 isp
 117 jse?
 118 lnk
 119 md[betw]
 120 ms[cipt]
 121 nws
 122 ocx
 123 ops
 124 pcd
 125 p[ir]f
 126 php\d?
 127 phtml
 128 pl
 129 py
 130 reg
 131 sc[frt]
 132 sh[bsm]?
 133 swf
 134 url
 135 vb[esx]?
 136 vxd
 137 ws[cfh]");
 138         //removed "\{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}"
 139
 140         $args = $this->getArgs($argstr, $request);
 141         extract($args);
 142
 143         $file_dir = getUploadFilePath();
 144         $file_dir .= "/";
 145         $form = HTML::form(array('action'  => $request->getPostURL(),
 146                                  'enctype' => 'multipart/form-data',
 147                                  'method'  => 'post'));
 148         $contents = HTML::div(array('class' => 'wikiaction'));
 149         $contents->pushContent(HTML::input(array('type' => 'hidden',
 150                                                  'name' => 'MAX_FILE_SIZE',
 151                                                  'value'=> MAX_UPLOAD_SIZE)));
 152         $contents->pushContent(HTML::input(array('name' => 'userfile',
 153                                                  'type' => 'file',
 154                                                  'size' => $size)));
 155         if ($mode == 'edit') {
 156             $contents->pushContent(HTML::input(array('name' => 'action',
 157                                                      'type' => 'hidden',
 158                                                      'value'=> 'edit')));
 159             $contents->pushContent(HTML::raw(" "));
 160             $contents->pushContent(HTML::input(array('value' => _("Upload"),
 161                                                      'name'  => 'edit[upload]',
 162                                                      'type'  => 'submit')));
 163         } else {
 164             $contents->pushContent(HTML::raw(" "));
 165             $contents->pushContent(HTML::input(array('value' => _("Upload"),
 166                                                      'type'  => 'submit')));
 167         }
 168         $form->pushContent($contents);
 169
 170         $message = HTML();
 171         if ($request->isPost() and $this->only_authenticated) {
 172             // Make sure that the user is logged in.
 173             $user = $request->getUser();
 174             if (!$user->isAuthenticated()) {
 175                 global $WikiTheme;
 176                 if (isa($WikiTheme, 'WikiTheme_gforge')) {
 177                     $message->pushContent(HTML::div(array('class' => 'error'),
 178                                             HTML::p(_("You cannot upload files.")),
 179                                             HTML::ul(
 180                                               HTML::li(_("Check you are logged in.")),
 181                                               HTML::li(_("Check you are in the right project.")),
 182                                               HTML::li(_("Check you are a member of the current project."))
 183                                             )
 184                                          ));
 185                 } else {
 186                     $message->pushContent(HTML::div(array('class' => 'error'),
 187                                             HTML::p(_("ACCESS DENIED: You must log in to upload files."))));
 188                 }
 189                 $result = HTML();
 190                 $result->pushContent($form);
 191                 $result->pushContent($message);
 192                 return $result;
 193             }
 194         }
 195
 196         $userfile = $request->getUploadedFile('userfile');
 197         if ($userfile) {
 198             $userfile_name = $userfile->getName();
 199             $userfile_name = trim(basename($userfile_name));
 200             if (UPLOAD_USERDIR) {
 201                 $file_dir .= $request->_user->_userid;
 202                 if (!file_exists($file_dir))
 203                     mkdir($file_dir, 0775);
 204                 $file_dir .= "/";
 205                 $u_userfile = $request->_user->_userid . "/" . $userfile_name;
 206             } else {
 207                 $u_userfile = $userfile_name;
 208             }
 209             $u_userfile = preg_replace("/ /", "%20", $u_userfile);
 210             $userfile_tmpname = $userfile->getTmpName();
 211             $err_header = HTML::div(array('class' => 'error'),
 212                                 HTML::p(fmt("ERROR uploading '%s'", $userfile_name)));
 213             if (preg_match("/(\." . join("|\.", $this->disallowed_extensions) . ")(\.|\$)/i",
 214                            $userfile_name))
 215             {
 216                 $message->pushContent($err_header);
 217                 $message->pushContent(HTML::p(fmt("Files with extension %s are not allowed.",
 218                                               join(", ", $this->disallowed_extensions))));
 219             }
 220             elseif (! DISABLE_UPLOAD_ONLY_ALLOWED_EXTENSIONS and
 221                     ! preg_match("/(\." . join("|\.", $this->allowed_extensions) . ")\$/i",
 222                                $userfile_name))
 223             {
 224                 $message->pushContent($err_header);
 225                 $message->pushContent(HTML::p(fmt("Only files with the extension %s are allowed.",
 226                                               join(", ", $this->allowed_extensions))));
 227             }
 228             elseif (preg_match("/[^._a-zA-Z0-9- ]/", $userfile_name))
 229             {
 230                 $message->pushContent($err_header);
 231                 $message->pushContent(HTML::p(_("Invalid filename. File names may only contain alphanumeric characters and dot, underscore, space or dash.")));
 232             }
 233             elseif (file_exists($file_dir . $userfile_name)) {
 234                 $message->pushContent($err_header);
 235                 $message->pushContent(HTML::p(fmt("There is already a file with name %s uploaded.",
 236                                                   $u_userfile)));
 237             }
 238             elseif ($userfile->getSize() > (MAX_UPLOAD_SIZE)) {
 239                 $message->pushContent($err_header);
 240                 $message->pushContent(HTML::p(_("Sorry but this file is too big.")));
 241             }
 242             elseif (move_uploaded_file($userfile_tmpname, $file_dir . $userfile_name) or
 243                     (IsWindows() and rename($userfile_tmpname, $file_dir . $userfile_name))
 244                     )
 245             {
 246                 $interwiki = new PageType_interwikimap();
 247                 $link = $interwiki->link("Upload:$u_userfile");
 248                 $message->pushContent(HTML::div(array('class' => 'feedback'),
 249                                                 HTML::p(_("File successfully uploaded.")),
 250                                                 HTML::p($link)));
 251
 252                 // the upload was a success and we need to mark this event in the "upload log"
 253                 if ($logfile) {
 254                     $upload_log = $file_dir . basename($logfile);
 255                     $this->log($userfile, $upload_log, $message);
 256                 }
 257                 if ($autolink) {
 258                     require_once("lib/loadsave.php");
 259                     $pagehandle = $dbi->getPage($page);
 260                     if ($pagehandle->exists()) {// don't replace default contents
 261                         $current = $pagehandle->getCurrentRevision();
 262                         $version = $current->getVersion();
 263                         $text = $current->getPackedContent();
 264                         $newtext = $text . "\n* Upload:$u_userfile"; // don't inline images
 265                         $meta = $current->_data;
 266                         $meta['summary'] = sprintf(_("uploaded %s"),$u_userfile);
 267                         $pagehandle->save($newtext, $version + 1, $meta);
 268                     }
 269                 }
 270             } else {
 271                 $message->pushContent($err_header);
 272                 $message->pushContent(HTML::br(),_("Uploading failed."),HTML::br());
 273             }
 274         }
 275         else {
 276             $message->pushContent(HTML::br(),_("No file selected. Please select one."),HTML::br());
 277         }
 278
 279         //$result = HTML::div( array( 'class' => 'wikiaction' ) );
 280         $result = HTML();
 281         $result->pushContent($form);
 282         $result->pushContent($message);
 283         return $result;
 284     }
 285
 286     function log ($userfile, $upload_log, &$message) {
 287         global $WikiTheme;
 288         $user = $GLOBALS['request']->_user;
 289         if (file_exists($upload_log) and (!is_writable($upload_log))) {
 290             trigger_error(_("The upload logfile exists but is not writable."), E_USER_WARNING);
 291         }
 292         elseif (!$log_handle = fopen ($upload_log, "a")) {
 293             trigger_error(_("Can't open the upload logfile."), E_USER_WARNING);
 294         }
 295         else {        // file size in KB; precision of 0.1
 296             $file_size = round(($userfile->getSize())/1024, 1);
 297             if ($file_size <= 0) {
 298                 $file_size = "&lt; 0.1";
 299             }
 300             $userfile_name = $userfile->getName();
 301             fwrite($log_handle,
 302                    "\n"
 303                    . "<tr><td><a href=\"$userfile_name\">$userfile_name</a></td>"
 304                    . "<td align=\"right\">$file_size kB</td>"
 305                    . "<td>&nbsp;&nbsp;" . $WikiTheme->formatDate(time()) . "</td>"
 306                    . "<td>&nbsp;&nbsp;<em>" . $user->getId() . "</em></td></tr>");
 307             fclose($log_handle);
 308         }
 309         return;
 310     }
 311
 312 }
 313
 314 // (c-file-style: "gnu")
 315 // Local Variables:
 316 // mode: php
 317 // tab-width: 8
 318 // c-basic-offset: 4
 319 // c-hanging-comment-ender-p: nil
 320 // indent-tabs-mode: nil
 321 // End:
 322 ?>