lib/plugin/UpLoad.php

   1 <?php // -*-php-*-
   2 rcs_id('$Id$');
   3 /*
   4  * Copyright 2003,2004,2007 $ThePhpWikiProgrammingTeam
   5  * Copyright 2008-2009 Marc-Etienne Vargenau, Alcatel-Lucent
   6  *
   7  * This file is part of PhpWiki.
   8  *
   9  * PhpWiki is free software; you can redistribute it and/or modify
  10  * it under the terms of the GNU General Public License as published by
  11  * the Free Software Foundation; either version 2 of the License, or
  12  * (at your option) any later version.
  13  *
  14  * PhpWiki is distributed in the hope that it will be useful,
  15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  * GNU General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU General Public License
  20  * along with PhpWiki; if not, write to the Free Software
  21  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  22
  23  */
  24
  25 /**
  26  * UpLoad:  Allow Administrator to upload files to a special directory,
  27  *          which should preferably be added to the InterWikiMap
  28  * Usage:   <?plugin UpLoad ?>
  29  * Author:  NathanGass <gass@iogram.ch>
  30  * Changes: ReiniUrban <rurban@x-ray.at>,
  31  *          qubit <rtryon@dartmouth.edu>
  32  *          Marc-Etienne Vargenau, Alcatel-Lucent
  33  * Note:    See also Jochen Kalmbach's plugin/UserFileManagement.php
  34  */
  35
  36 class WikiPlugin_UpLoad
  37 extends WikiPlugin
  38 {
  39     var $disallowed_extensions;
  40     // TODO: use PagePerms instead
  41     var $only_authenticated = true; // allow only authenticated users may upload.
  42
  43     function getName () {
  44         return "UpLoad";
  45     }
  46
  47     function getDescription () {
  48         return _("Upload files to the local InterWiki Upload:<filename>");
  49     }
  50
  51     function getDefaultArguments() {
  52         return array('logfile'  => 'phpwiki-upload.log',
  53                      // add a link of the fresh file automatically to the
  54                      // end of the page (or current page)
  55                      'autolink' => true,
  56                      'page'     => '[pagename]',
  57                      'size'     => 50,
  58                      'mode'     => 'actionpage', // or edit
  59                      );
  60     }
  61
  62     function run($dbi, $argstr, &$request, $basepage) {
  63         $this->allowed_extensions = explode("\n",
  64 "7z
  65 avi
  66 bmp
  67 bz2
  68 c
  69 cfg
  70 diff
  71 doc
  72 docx
  73 flv
  74 gif
  75 h
  76 ics
  77 ini
  78 jpeg
  79 jpg
  80 kmz
  81 mp3
  82 odg
  83 odp
  84 ods
  85 odt
  86 ogg
  87 patch
  88 pdf
  89 png
  90 ppt
  91 pptx
  92 rar
  93 svg
  94 tar
  95 tar.gz
  96 txt
  97 xls
  98 xlsx
  99 xml
 100 xsd
 101 zip");
 102         $this->disallowed_extensions = explode("\n",
 103 "ad[ep]
 104 asd
 105 ba[st]
 106 chm
 107 cmd
 108 com
 109 cgi
 110 cpl
 111 crt
 112 dll
 113 eml
 114 exe
 115 hlp
 116 hta
 117 in[fs]
 118 isp
 119 jse?
 120 lnk
 121 md[betw]
 122 ms[cipt]
 123 nws
 124 ocx
 125 ops
 126 pcd
 127 p[ir]f
 128 php\d?
 129 phtml
 130 pl
 131 py
 132 reg
 133 sc[frt]
 134 sh[bsm]?
 135 swf
 136 url
 137 vb[esx]?
 138 vxd
 139 ws[cfh]");
 140         //removed "\{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}"
 141
 142         $args = $this->getArgs($argstr, $request);
 143         extract($args);
 144
 145         $file_dir = getUploadFilePath();
 146         $file_dir .= "/";
 147         $form = HTML::form(array('action'  => $request->getPostURL(),
 148                                  'enctype' => 'multipart/form-data',
 149                                  'method'  => 'post'));
 150         $contents = HTML::div(array('class' => 'wikiaction'));
 151         $contents->pushContent(HTML::input(array('type' => 'hidden',
 152                                                  'name' => 'MAX_FILE_SIZE',
 153                                                  'value'=> MAX_UPLOAD_SIZE)));
 154         $contents->pushContent(HTML::input(array('name' => 'userfile',
 155                                                  'type' => 'file',
 156                                                  'size' => $size)));
 157         if ($mode == 'edit') {
 158             $contents->pushContent(HTML::input(array('name' => 'action',
 159                                                      'type' => 'hidden',
 160                                                      'value'=> 'edit')));
 161             $contents->pushContent(HTML::raw(" "));
 162             $contents->pushContent(HTML::input(array('value' => _("Upload"),
 163                                                      'name'  => 'edit[upload]',
 164                                                      'type'  => 'submit')));
 165         } else {
 166             $contents->pushContent(HTML::raw(" "));
 167             $contents->pushContent(HTML::input(array('value' => _("Upload"),
 168                                                      'type'  => 'submit')));
 169         }
 170         $form->pushContent($contents);
 171
 172         $message = HTML();
 173         if ($request->isPost() and $this->only_authenticated) {
 174             // Make sure that the user is logged in.
 175             $user = $request->getUser();
 176             if (!$user->isAuthenticated()) {
 177                 if (defined('GFORGE') and GFORGE) {
 178                     $message->pushContent(HTML::div(array('class' => 'error'),
 179                                             HTML::p(_("You cannot upload files.")),
 180                                             HTML::ul(
 181                                               HTML::li(_("Check you are logged in.")),
 182                                               HTML::li(_("Check you are in the right project.")),
 183                                               HTML::li(_("Check you are a member of the current project."))
 184                                             )
 185                                          ));
 186                 } else {
 187                     $message->pushContent(HTML::div(array('class' => 'error'),
 188                                             HTML::p(_("ACCESS DENIED: You must log in to upload files."))));
 189                 }
 190                 $result = HTML();
 191                 $result->pushContent($form);
 192                 $result->pushContent($message);
 193                 return $result;
 194             }
 195         }
 196
 197         $userfile = $request->getUploadedFile('userfile');
 198         if ($userfile) {
 199             $userfile_name = $userfile->getName();
 200             $userfile_name = trim(basename($userfile_name));
 201             if (UPLOAD_USERDIR) {
 202                 $file_dir .= $request->_user->_userid;
 203                 if (!file_exists($file_dir))
 204                     mkdir($file_dir, 0775);
 205                 $file_dir .= "/";
 206                 $u_userfile = $request->_user->_userid . "/" . $userfile_name;
 207             } else {
 208                 $u_userfile = $userfile_name;
 209             }
 210             $u_userfile = preg_replace("/ /", "%20", $u_userfile);
 211             $userfile_tmpname = $userfile->getTmpName();
 212             $err_header = HTML::div(array('class' => 'error'),
 213                                 HTML::p(fmt("ERROR uploading '%s'", $userfile_name)));
 214             if (preg_match("/(\." . join("|\.", $this->disallowed_extensions) . ")(\.|\$)/i",
 215                            $userfile_name))
 216             {
 217                     $message->pushContent($err_header);
 218                 $message->pushContent(HTML::p(fmt("Files with extension %s are not allowed.",
 219                                               join(", ", $this->disallowed_extensions))));
 220             }
 221             elseif (! DISABLE_UPLOAD_ONLY_ALLOWED_EXTENSIONS and
 222                     ! preg_match("/(\." . join("|\.", $this->allowed_extensions) . ")\$/i",
 223                                $userfile_name))
 224             {
 225                     $message->pushContent($err_header);
 226                 $message->pushContent(HTML::p(fmt("Only files with the extension %s are allowed.",
 227                                               join(", ", $this->allowed_extensions))));
 228             }
 229             elseif (preg_match("/[^._a-zA-Z0-9- ]/", strip_accents($userfile_name)))
 230             {
 231                     $message->pushContent($err_header);
 232                 $message->pushContent(HTML::p(_("Invalid filename. File names may only contain alphanumeric characters and dot, underscore, space or dash.")));
 233             }
 234             elseif (file_exists($file_dir . $userfile_name)) {
 235                     $message->pushContent($err_header);
 236                 $message->pushContent(HTML::p(fmt("There is already a file with name %s uploaded.",
 237                                                   $u_userfile)));
 238             }
 239             elseif ($userfile->getSize() > (MAX_UPLOAD_SIZE)) {
 240                     $message->pushContent($err_header);
 241                 $message->pushContent(HTML::p(_("Sorry but this file is too big.")));
 242             }
 243             elseif (move_uploaded_file($userfile_tmpname, $file_dir . $userfile_name) or
 244                     (IsWindows() and rename($userfile_tmpname, $file_dir . $userfile_name))
 245                     )
 246             {
 247                     $interwiki = new PageType_interwikimap();
 248                 $link = $interwiki->link("Upload:$u_userfile");
 249                 $message->pushContent(HTML::div(array('class' => 'feedback'),
 250                                                 HTML::p(_("File successfully uploaded.")),
 251                                                 HTML::p($link)));
 252
 253                 // the upload was a success and we need to mark this event in the "upload log"
 254                 if ($logfile) {
 255                     $upload_log = $file_dir . basename($logfile);
 256                     $this->log($userfile, $upload_log, $message);
 257                 }
 258                 if ($autolink) {
 259                     require_once("lib/loadsave.php");
 260                     $pagehandle = $dbi->getPage($page);
 261                     if ($pagehandle->exists()) {// don't replace default contents
 262                         $current = $pagehandle->getCurrentRevision();
 263                         $version = $current->getVersion();
 264                         $text = $current->getPackedContent();
 265                         $newtext = $text . "\n* Upload:$u_userfile"; // don't inline images
 266                         $meta = $current->_data;
 267                         $meta['summary'] = sprintf(_("uploaded %s"),$u_userfile);
 268                         $pagehandle->save($newtext, $version + 1, $meta);
 269                     }
 270                 }
 271             } else {
 272                     $message->pushContent($err_header);
 273                 $message->pushContent(HTML::br(),_("Uploading failed."),HTML::br());
 274             }
 275         }
 276         else {
 277             $message->pushContent(HTML::br(),_("No file selected. Please select one."),HTML::br());
 278         }
 279
 280         //$result = HTML::div( array( 'class' => 'wikiaction' ) );
 281         $result = HTML();
 282         $result->pushContent($form);
 283         $result->pushContent($message);
 284         return $result;
 285     }
 286
 287     function log ($userfile, $upload_log, &$message) {
 288             global $WikiTheme;
 289             $user = $GLOBALS['request']->_user;
 290         if (file_exists($upload_log) and (!is_writable($upload_log))) {
 291             trigger_error(_("The upload logfile exists but is not writable."), E_USER_WARNING);
 292         }
 293         elseif (!$log_handle = fopen ($upload_log, "a")) {
 294             trigger_error(_("Can't open the upload logfile."), E_USER_WARNING);
 295         }
 296         else {        // file size in KB; precision of 0.1
 297             $file_size = round(($userfile->getSize())/1024, 1);
 298             if ($file_size <= 0) {
 299                 $file_size = "&lt; 0.1";
 300             }
 301             $userfile_name = $userfile->getName();
 302             fwrite($log_handle,
 303                    "\n"
 304                    . "<tr><td><a href=\"$userfile_name\">$userfile_name</a></td>"
 305                    . "<td align=\"right\">$file_size kB</td>"
 306                    . "<td>&nbsp;&nbsp;" . $WikiTheme->formatDate(time()) . "</td>"
 307                    . "<td>&nbsp;&nbsp;<em>" . $user->getId() . "</em></td></tr>");
 308             fclose($log_handle);
 309         }
 310         return;
 311     }
 312
 313 }
 314
 315 // (c-file-style: "gnu")
 316 // Local Variables:
 317 // mode: php
 318 // tab-width: 8
 319 // c-basic-offset: 4
 320 // c-hanging-comment-ender-p: nil
 321 // indent-tabs-mode: nil
 322 // End:
 323 ?>