lib/plugin/UpLoad.php

   1 <?php
   2
   3 /*
   4  * Copyright 2003,2004,2007 $ThePhpWikiProgrammingTeam
   5  * Copyright 2008-2009 Marc-Etienne Vargenau, Alcatel-Lucent
   6  *
   7  * This file is part of PhpWiki.
   8  *
   9  * PhpWiki is free software; you can redistribute it and/or modify
  10  * it under the terms of the GNU General Public License as published by
  11  * the Free Software Foundation; either version 2 of the License, or
  12  * (at your option) any later version.
  13  *
  14  * PhpWiki is distributed in the hope that it will be useful,
  15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  * GNU General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU General Public License along
  20  * with PhpWiki; if not, write to the Free Software Foundation, Inc.,
  21  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  22
  23  */
  24
  25 /**
  26  * UpLoad:  Allow Administrator to upload files to a special directory,
  27  *          which should preferably be added to the InterWikiMap
  28  * Usage:   <<UpLoad >>
  29  * Author:  NathanGass <gass@iogram.ch>
  30  * Changes: ReiniUrban <rurban@x-ray.at>,
  31  *          qubit <rtryon@dartmouth.edu>
  32  *          Marc-Etienne Vargenau, Alcatel-Lucent
  33  * Note:    See also Jochen Kalmbach's plugin/UserFileManagement.php
  34  */
  35
  36 class WikiPlugin_UpLoad
  37 extends WikiPlugin
  38 {
  39     var $disallowed_extensions;
  40     // TODO: use PagePerms instead
  41     var $only_authenticated = true; // allow only authenticated users may upload.
  42
  43     function getName () {
  44         return "UpLoad";
  45     }
  46
  47     function getDescription () {
  48         return _("Upload files to the local InterWiki Upload:<filename>");
  49     }
  50
  51     function getDefaultArguments() {
  52         return array('logfile'  => 'phpwiki-upload.log',
  53                      // add a link of the fresh file automatically to the
  54                      // end of the page (or current page)
  55                      'autolink' => true,
  56                      'page'     => '[pagename]',
  57                      'size'     => 50,
  58                      'mode'     => 'actionpage', // or edit
  59                      );
  60     }
  61
  62     function run($dbi, $argstr, &$request, $basepage) {
  63         $this->allowed_extensions = explode("\n",
  64 "7z
  65 avi
  66 bmp
  67 bz2
  68 c
  69 cfg
  70 diff
  71 doc
  72 docx
  73 flv
  74 gif
  75 h
  76 ics
  77 ini
  78 jpeg
  79 jpg
  80 kmz
  81 mp3
  82 odg
  83 odp
  84 ods
  85 odt
  86 ogg
  87 patch
  88 pdf
  89 png
  90 ppt
  91 pptx
  92 rar
  93 svg
  94 tar
  95 tar.gz
  96 txt
  97 xls
  98 xlsx
  99 xml
 100 xsd
 101 zip");
 102         $this->disallowed_extensions = explode("\n",
 103 "ad[ep]
 104 asd
 105 ba[st]
 106 chm
 107 cmd
 108 com
 109 cgi
 110 cpl
 111 crt
 112 dll
 113 eml
 114 exe
 115 hlp
 116 hta
 117 in[fs]
 118 isp
 119 jse?
 120 lnk
 121 md[betw]
 122 ms[cipt]
 123 nws
 124 ocx
 125 ops
 126 pcd
 127 p[ir]f
 128 php\d?
 129 phtml
 130 pl
 131 py
 132 reg
 133 sc[frt]
 134 sh[bsm]?
 135 url
 136 vb[esx]?
 137 vxd
 138 ws[cfh]");
 139         //removed "\{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}"
 140
 141         $args = $this->getArgs($argstr, $request);
 142         extract($args);
 143
 144         $file_dir = getUploadFilePath();
 145         $file_dir .= "/";
 146         $form = HTML::form(array('action'  => $request->getPostURL(),
 147                                  'enctype' => 'multipart/form-data',
 148                                  'method'  => 'post'));
 149         $contents = HTML::div(array('class' => 'wikiaction'));
 150         $contents->pushContent(HTML::input(array('type' => 'hidden',
 151                                                  'name' => 'MAX_FILE_SIZE',
 152                                                  'value'=> MAX_UPLOAD_SIZE)));
 153         $contents->pushContent(HTML::input(array('name' => 'userfile',
 154                                                  'type' => 'file',
 155                                                  'size' => $size)));
 156         if ($mode == 'edit') {
 157             $contents->pushContent(HTML::input(array('name' => 'action',
 158                                                      'type' => 'hidden',
 159                                                      'value'=> 'edit')));
 160             $contents->pushContent(HTML::raw(" "));
 161             $contents->pushContent(HTML::input(array('value' => _("Upload"),
 162                                                      'name'  => 'edit[upload]',
 163                                                      'type'  => 'submit')));
 164         } else {
 165             $contents->pushContent(HTML::raw(" "));
 166             $contents->pushContent(HTML::input(array('value' => _("Upload"),
 167                                                      'type'  => 'submit')));
 168         }
 169         $form->pushContent($contents);
 170
 171         $message = HTML();
 172         if ($request->isPost() and $this->only_authenticated) {
 173             // Make sure that the user is logged in.
 174             $user = $request->getUser();
 175             if (!$user->isAuthenticated()) {
 176                 if (defined('FUSIONFORGE') and FUSIONFORGE) {
 177                     $message->pushContent(HTML::div(array('class' => 'error'),
 178                                             HTML::p(_("You cannot upload files.")),
 179                                             HTML::ul(
 180                                               HTML::li(_("Check you are logged in.")),
 181                                               HTML::li(_("Check you are in the right project.")),
 182                                               HTML::li(_("Check you are a member of the current project."))
 183                                             )
 184                                          ));
 185                 } else {
 186                     $message->pushContent(HTML::div(array('class' => 'error'),
 187                                             HTML::p(_("ACCESS DENIED: You must log in to upload files."))));
 188                 }
 189                 $result = HTML();
 190                 $result->pushContent($form);
 191                 $result->pushContent($message);
 192                 return $result;
 193             }
 194         }
 195
 196         $userfile = $request->getUploadedFile('userfile');
 197         if ($userfile) {
 198             $userfile_name = $userfile->getName();
 199             $userfile_name = trim(basename($userfile_name));
 200             if (UPLOAD_USERDIR) {
 201                 $file_dir .= $request->_user->_userid;
 202                 if (!file_exists($file_dir))
 203                     mkdir($file_dir, 0775);
 204                 $file_dir .= "/";
 205                 $u_userfile = $request->_user->_userid . "/" . $userfile_name;
 206             } else {
 207                 $u_userfile = $userfile_name;
 208             }
 209             $u_userfile = preg_replace("/ /", "%20", $u_userfile);
 210             $userfile_tmpname = $userfile->getTmpName();
 211             $err_header = HTML::div(array('class' => 'error'),
 212                                 HTML::p(fmt("ERROR uploading '%s'", $userfile_name)));
 213             if (preg_match("/(\." . join("|\.", $this->disallowed_extensions) . ")(\.|\$)/i",
 214                            $userfile_name))
 215             {
 216                     $message->pushContent($err_header);
 217                 $message->pushContent(HTML::p(fmt("Files with extension %s are not allowed.",
 218                                               join(", ", $this->disallowed_extensions))));
 219             }
 220             elseif (! DISABLE_UPLOAD_ONLY_ALLOWED_EXTENSIONS and
 221                     ! preg_match("/(\." . join("|\.", $this->allowed_extensions) . ")\$/i",
 222                                $userfile_name))
 223             {
 224                     $message->pushContent($err_header);
 225                 $message->pushContent(HTML::p(fmt("Only files with the extension %s are allowed.",
 226                                               join(", ", $this->allowed_extensions))));
 227             }
 228             elseif (preg_match("/[^._a-zA-Z0-9- ]/", strip_accents($userfile_name)))
 229             {
 230                     $message->pushContent($err_header);
 231                 $message->pushContent(HTML::p(_("Invalid filename. File names may only contain alphanumeric characters and dot, underscore, space or dash.")));
 232             }
 233             elseif (file_exists($file_dir . $userfile_name)) {
 234                     $message->pushContent($err_header);
 235                 $message->pushContent(HTML::p(fmt("There is already a file with name %s uploaded.",
 236                                                   $u_userfile)));
 237             }
 238             elseif ($userfile->getSize() > (MAX_UPLOAD_SIZE)) {
 239                     $message->pushContent($err_header);
 240                 $message->pushContent(HTML::p(_("Sorry but this file is too big.")));
 241             }
 242             elseif (move_uploaded_file($userfile_tmpname, $file_dir . $userfile_name) or
 243                     (IsWindows() and rename($userfile_tmpname, $file_dir . $userfile_name))
 244                     )
 245             {
 246                     $interwiki = new PageType_interwikimap();
 247                 $link = $interwiki->link("Upload:$u_userfile");
 248                 $message->pushContent(HTML::div(array('class' => 'feedback'),
 249                                                 HTML::p(_("File successfully uploaded.")),
 250                                                 HTML::p($link)));
 251
 252                 // the upload was a success and we need to mark this event in the "upload log"
 253                 if ($logfile) {
 254                     $upload_log = $file_dir . basename($logfile);
 255                     $this->log($userfile, $upload_log, $message);
 256                 }
 257                 if ($autolink) {
 258                     require_once 'lib/loadsave.php';
 259                     $pagehandle = $dbi->getPage($page);
 260                     if ($pagehandle->exists()) {// don't replace default contents
 261                         $current = $pagehandle->getCurrentRevision();
 262                         $version = $current->getVersion();
 263                         $text = $current->getPackedContent();
 264                         $newtext = $text . "\n* Upload:$u_userfile"; // don't inline images
 265                         $meta = $current->_data;
 266                         $meta['summary'] = sprintf(_("uploaded %s"),$u_userfile);
 267                         $pagehandle->save($newtext, $version + 1, $meta);
 268                     }
 269                 }
 270             } else {
 271                     $message->pushContent($err_header);
 272                 $message->pushContent(HTML::br(),_("Uploading failed."),HTML::br());
 273             }
 274         }
 275         else {
 276             $message->pushContent(HTML::br(),_("No file selected. Please select one."),HTML::br());
 277         }
 278
 279         //$result = HTML::div( array( 'class' => 'wikiaction' ) );
 280         $result = HTML();
 281         $result->pushContent($form);
 282         $result->pushContent($message);
 283         return $result;
 284     }
 285
 286     function log ($userfile, $upload_log, &$message) {
 287             global $WikiTheme;
 288             $user = $GLOBALS['request']->_user;
 289         if (file_exists($upload_log) and (!is_writable($upload_log))) {
 290             trigger_error(_("The upload logfile exists but is not writable."), E_USER_WARNING);
 291         }
 292         elseif (!$log_handle = fopen ($upload_log, "a")) {
 293             trigger_error(_("Can't open the upload logfile."), E_USER_WARNING);
 294         }
 295         else {        // file size in KB; precision of 0.1
 296             $file_size = round(($userfile->getSize())/1024, 1);
 297             if ($file_size <= 0) {
 298                 $file_size = "&lt; 0.1";
 299             }
 300             $userfile_name = $userfile->getName();
 301             fwrite($log_handle,
 302                    "\n"
 303                    . "<tr><td><a href=\"$userfile_name\">$userfile_name</a></td>"
 304                    . "<td align=\"right\">$file_size kB</td>"
 305                    . "<td>&nbsp;&nbsp;" . $WikiTheme->formatDate(time()) . "</td>"
 306                    . "<td>&nbsp;&nbsp;<em>" . $user->getId() . "</em></td></tr>");
 307             fclose($log_handle);
 308         }
 309         return;
 310     }
 311
 312 }
 313
 314 // Local Variables:
 315 // mode: php
 316 // tab-width: 8
 317 // c-basic-offset: 4
 318 // c-hanging-comment-ender-p: nil
 319 // indent-tabs-mode: nil
 320 // End: