Index: branches/5.1.x/core/editor/editor/filemanager/connectors/php/io.php =================================================================== diff -u -N -r13086 -r14241 --- branches/5.1.x/core/editor/editor/filemanager/connectors/php/io.php (.../io.php) (revision 13086) +++ branches/5.1.x/core/editor/editor/filemanager/connectors/php/io.php (.../io.php) (revision 14241) @@ -1,293 +1,293 @@ - 0 ) - return $Config['QuickUploadAbsolutePath'][$resourceType] ; - - // Map the "UserFiles" path to a local directory. - return Server_MapPath( $Config['QuickUploadPath'][$resourceType] ) ; - } - else - { - if ( strlen( $Config['FileTypesAbsolutePath'][$resourceType] ) > 0 ) - return $Config['FileTypesAbsolutePath'][$resourceType] ; - - // Map the "UserFiles" path to a local directory. - return Server_MapPath( $Config['FileTypesPath'][$resourceType] ) ; - } -} - -function GetUrlFromPath( $resourceType, $folderPath, $sCommand ) -{ - return CombinePaths( GetResourceTypePath( $resourceType, $sCommand ), $folderPath ) ; -} - -function RemoveExtension( $fileName ) -{ - return substr( $fileName, 0, strrpos( $fileName, '.' ) ) ; -} - -function ServerMapFolder( $resourceType, $folderPath, $sCommand ) -{ - // Get the resource type directory. - $sResourceTypePath = GetResourceTypeDirectory( $resourceType, $sCommand ) ; - - // Ensure that the directory exists. - $sErrorMsg = CreateServerFolder( $sResourceTypePath ) ; - if ( $sErrorMsg != '' ) - SendError( 1, "Error creating folder \"{$sResourceTypePath}\" ({$sErrorMsg})" ) ; - - // Return the resource type directory combined with the required path. - return CombinePaths( $sResourceTypePath , $folderPath ) ; -} - -function GetParentFolder( $folderPath ) -{ - $sPattern = "-[/\\\\][^/\\\\]+[/\\\\]?$-" ; - return preg_replace( $sPattern, '', $folderPath ) ; -} - -function CreateServerFolder( $folderPath, $lastFolder = null ) -{ - global $Config ; - $sParent = GetParentFolder( $folderPath ) ; - - // Ensure the folder path has no double-slashes, or mkdir may fail on certain platforms - while ( strpos($folderPath, '//') !== false ) - { - $folderPath = str_replace( '//', '/', $folderPath ) ; - } - - // Check if the parent exists, or create it. - if ( !file_exists( $sParent ) ) - { - //prevents agains infinite loop when we can't create root folder - if ( !is_null( $lastFolder ) && $lastFolder === $sParent) { - return "Can't create $folderPath directory" ; - } - - $sErrorMsg = CreateServerFolder( $sParent, $folderPath ) ; - if ( $sErrorMsg != '' ) - return $sErrorMsg ; - } - - if ( !file_exists( $folderPath ) ) - { - // Turn off all error reporting. - error_reporting( 0 ) ; - - $php_errormsg = '' ; - // Enable error tracking to catch the error. - ini_set( 'track_errors', '1' ) ; - - if ( isset( $Config['ChmodOnFolderCreate'] ) && !$Config['ChmodOnFolderCreate'] ) - { - mkdir( $folderPath ) ; - } - else - { - $permissions = 0777 ; - if ( isset( $Config['ChmodOnFolderCreate'] ) ) - { - $permissions = $Config['ChmodOnFolderCreate'] ; - } - // To create the folder with 0777 permissions, we need to set umask to zero. - $oldumask = umask(0) ; - mkdir( $folderPath, $permissions ) ; - umask( $oldumask ) ; - } - - $sErrorMsg = $php_errormsg ; - - // Restore the configurations. - ini_restore( 'track_errors' ) ; - ini_restore( 'error_reporting' ) ; - - return $sErrorMsg ; - } - else - return '' ; -} - -function GetRootPath() -{ - if (!isset($_SERVER)) { - global $_SERVER; - } - $sRealPath = realpath( './' ) ; - // #2124 ensure that no slash is at the end - $sRealPath = rtrim($sRealPath,"\\/"); - - $sSelfPath = $_SERVER['PHP_SELF'] ; - $sSelfPath = substr( $sSelfPath, 0, strrpos( $sSelfPath, '/' ) ) ; - - $sSelfPath = str_replace( '/', DIRECTORY_SEPARATOR, $sSelfPath ) ; - - $position = strpos( $sRealPath, $sSelfPath ) ; - - // This can check only that this script isn't run from a virtual dir - // But it avoids the problems that arise if it isn't checked - if ( $position === false || $position <> strlen( $sRealPath ) - strlen( $sSelfPath ) ) - SendError( 1, 'Sorry, can\'t map "UserFilesPath" to a physical path. You must set the "UserFilesAbsolutePath" value in "editor/filemanager/connectors/php/config.php".' ) ; - - return substr( $sRealPath, 0, $position ) ; -} - -// Emulate the asp Server.mapPath function. -// given an url path return the physical directory that it corresponds to -function Server_MapPath( $path ) -{ - // This function is available only for Apache - /*if ( function_exists( 'apache_lookup_uri' ) ) - { - $info = apache_lookup_uri( $path ) ; - return $info->filename . $info->path_info ; - }*/ - - // This isn't correct but for the moment there's no other solution - // If this script is under a virtual directory or symlink it will detect the problem and stop - return GetRootPath() . $path ; -} - -function IsAllowedExt( $sExtension, $resourceType ) -{ - global $Config ; - // Get the allowed and denied extensions arrays. - $arAllowed = $Config['AllowedExtensions'][$resourceType] ; - $arDenied = $Config['DeniedExtensions'][$resourceType] ; - - if ( count($arAllowed) > 0 && !in_array( $sExtension, $arAllowed ) ) - return false ; - - if ( count($arDenied) > 0 && in_array( $sExtension, $arDenied ) ) - return false ; - - return true ; -} - -function IsAllowedType( $resourceType ) -{ - global $Config ; - if ( !in_array( $resourceType, $Config['ConfigAllowedTypes'] ) ) - return false ; - - return true ; -} - -function IsAllowedCommand( $sCommand ) -{ - global $Config ; - - if ( !in_array( $sCommand, $Config['ConfigAllowedCommands'] ) ) - return false ; - - return true ; -} - -function GetCurrentFolder() -{ - if (!isset($_GET)) { - global $_GET; - } - $sCurrentFolder = isset( $_GET['CurrentFolder'] ) ? $_GET['CurrentFolder'] : '/' ; - - // Check the current folder syntax (must begin and start with a slash). - if ( !preg_match( '|/$|', $sCurrentFolder ) ) - $sCurrentFolder .= '/' ; - if ( strpos( $sCurrentFolder, '/' ) !== 0 ) - $sCurrentFolder = '/' . $sCurrentFolder ; - - // Ensure the folder path has no double-slashes - while ( strpos ($sCurrentFolder, '//') !== false ) { - $sCurrentFolder = str_replace ('//', '/', $sCurrentFolder) ; - } - - // Check for invalid folder paths (..) - if ( strpos( $sCurrentFolder, '..' ) || strpos( $sCurrentFolder, "\\" )) - SendError( 102, '' ) ; - - return $sCurrentFolder ; -} - -// Do a cleanup of the folder name to avoid possible problems -function SanitizeFolderName( $sNewFolderName ) -{ - $sNewFolderName = stripslashes( $sNewFolderName ) ; - - // Remove . \ / | : ? * " < > - $sNewFolderName = preg_replace( '/\\.|\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFolderName ) ; - - return $sNewFolderName ; -} - -// Do a cleanup of the file name to avoid possible problems -function SanitizeFileName( $sNewFileName ) -{ - global $Config ; - - $sNewFileName = stripslashes( $sNewFileName ) ; - - // Replace dots in the name with underscores (only one dot can be there... security issue). - if ( $Config['ForceSingleExtension'] ) - $sNewFileName = preg_replace( '/\\.(?![^.]*$)/', '_', $sNewFileName ) ; - - // Remove \ / | : ? * " < > - $sNewFileName = preg_replace( '/\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFileName ) ; - - return $sNewFileName ; -} - -// This is the function that sends the results of the uploading process. -function SendUploadResults( $errorNumber, $fileUrl = '', $fileName = '', $customMsg = '' ) -{ - // Minified version of the document.domain automatic fix script (#1919). - // The original script can be found at _dev/domain_fix_template.js - echo << -(function(){var d=document.domain;while (true){try{var A=window.parent.document.domain;break;}catch(e) {};d=d.replace(/.*?(?:\.|$)/,'');if (d.length==0) break;try{document.domain=d;}catch (e){break;}}})(); -EOF; - - $rpl = array( '\\' => '\\\\', '"' => '\\"' ) ; - echo 'window.parent.OnUploadCompleted(' . $errorNumber . ',"' . strtr( $fileUrl, $rpl ) . '","' . strtr( $fileName, $rpl ) . '", "' . strtr( $customMsg, $rpl ) . '") ;' ; - echo '' ; - exit ; + 0 ) + return $Config['QuickUploadAbsolutePath'][$resourceType] ; + + // Map the "UserFiles" path to a local directory. + return Server_MapPath( $Config['QuickUploadPath'][$resourceType] ) ; + } + else + { + if ( strlen( $Config['FileTypesAbsolutePath'][$resourceType] ) > 0 ) + return $Config['FileTypesAbsolutePath'][$resourceType] ; + + // Map the "UserFiles" path to a local directory. + return Server_MapPath( $Config['FileTypesPath'][$resourceType] ) ; + } +} + +function GetUrlFromPath( $resourceType, $folderPath, $sCommand ) +{ + return CombinePaths( GetResourceTypePath( $resourceType, $sCommand ), $folderPath ) ; +} + +function RemoveExtension( $fileName ) +{ + return substr( $fileName, 0, strrpos( $fileName, '.' ) ) ; +} + +function ServerMapFolder( $resourceType, $folderPath, $sCommand ) +{ + // Get the resource type directory. + $sResourceTypePath = GetResourceTypeDirectory( $resourceType, $sCommand ) ; + + // Ensure that the directory exists. + $sErrorMsg = CreateServerFolder( $sResourceTypePath ) ; + if ( $sErrorMsg != '' ) + SendError( 1, "Error creating folder \"{$sResourceTypePath}\" ({$sErrorMsg})" ) ; + + // Return the resource type directory combined with the required path. + return CombinePaths( $sResourceTypePath , $folderPath ) ; +} + +function GetParentFolder( $folderPath ) +{ + $sPattern = "-[/\\\\][^/\\\\]+[/\\\\]?$-" ; + return preg_replace( $sPattern, '', $folderPath ) ; +} + +function CreateServerFolder( $folderPath, $lastFolder = null ) +{ + global $Config ; + $sParent = GetParentFolder( $folderPath ) ; + + // Ensure the folder path has no double-slashes, or mkdir may fail on certain platforms + while ( strpos($folderPath, '//') !== false ) + { + $folderPath = str_replace( '//', '/', $folderPath ) ; + } + + // Check if the parent exists, or create it. + if ( !file_exists( $sParent ) ) + { + //prevents agains infinite loop when we can't create root folder + if ( !is_null( $lastFolder ) && $lastFolder === $sParent) { + return "Can't create $folderPath directory" ; + } + + $sErrorMsg = CreateServerFolder( $sParent, $folderPath ) ; + if ( $sErrorMsg != '' ) + return $sErrorMsg ; + } + + if ( !file_exists( $folderPath ) ) + { + // Turn off all error reporting. + error_reporting( 0 ) ; + + $php_errormsg = '' ; + // Enable error tracking to catch the error. + ini_set( 'track_errors', '1' ) ; + + if ( isset( $Config['ChmodOnFolderCreate'] ) && !$Config['ChmodOnFolderCreate'] ) + { + mkdir( $folderPath ) ; + } + else + { + $permissions = 0777 ; + if ( isset( $Config['ChmodOnFolderCreate'] ) ) + { + $permissions = $Config['ChmodOnFolderCreate'] ; + } + // To create the folder with 0777 permissions, we need to set umask to zero. + $oldumask = umask(0) ; + mkdir( $folderPath, $permissions ) ; + umask( $oldumask ) ; + } + + $sErrorMsg = $php_errormsg ; + + // Restore the configurations. + ini_restore( 'track_errors' ) ; + ini_restore( 'error_reporting' ) ; + + return $sErrorMsg ; + } + else + return '' ; +} + +function GetRootPath() +{ + if (!isset($_SERVER)) { + global $_SERVER; + } + $sRealPath = realpath( './' ) ; + // #2124 ensure that no slash is at the end + $sRealPath = rtrim($sRealPath,"\\/"); + + $sSelfPath = $_SERVER['PHP_SELF'] ; + $sSelfPath = substr( $sSelfPath, 0, strrpos( $sSelfPath, '/' ) ) ; + + $sSelfPath = str_replace( '/', DIRECTORY_SEPARATOR, $sSelfPath ) ; + + $position = strpos( $sRealPath, $sSelfPath ) ; + + // This can check only that this script isn't run from a virtual dir + // But it avoids the problems that arise if it isn't checked + if ( $position === false || $position <> strlen( $sRealPath ) - strlen( $sSelfPath ) ) + SendError( 1, 'Sorry, can\'t map "UserFilesPath" to a physical path. You must set the "UserFilesAbsolutePath" value in "editor/filemanager/connectors/php/config.php".' ) ; + + return substr( $sRealPath, 0, $position ) ; +} + +// Emulate the asp Server.mapPath function. +// given an url path return the physical directory that it corresponds to +function Server_MapPath( $path ) +{ + // This function is available only for Apache + /*if ( function_exists( 'apache_lookup_uri' ) ) + { + $info = apache_lookup_uri( $path ) ; + return $info->filename . $info->path_info ; + }*/ + + // This isn't correct but for the moment there's no other solution + // If this script is under a virtual directory or symlink it will detect the problem and stop + return GetRootPath() . $path ; +} + +function IsAllowedExt( $sExtension, $resourceType ) +{ + global $Config ; + // Get the allowed and denied extensions arrays. + $arAllowed = $Config['AllowedExtensions'][$resourceType] ; + $arDenied = $Config['DeniedExtensions'][$resourceType] ; + + if ( count($arAllowed) > 0 && !in_array( $sExtension, $arAllowed ) ) + return false ; + + if ( count($arDenied) > 0 && in_array( $sExtension, $arDenied ) ) + return false ; + + return true ; +} + +function IsAllowedType( $resourceType ) +{ + global $Config ; + if ( !in_array( $resourceType, $Config['ConfigAllowedTypes'] ) ) + return false ; + + return true ; +} + +function IsAllowedCommand( $sCommand ) +{ + global $Config ; + + if ( !in_array( $sCommand, $Config['ConfigAllowedCommands'] ) ) + return false ; + + return true ; +} + +function GetCurrentFolder() +{ + if (!isset($_GET)) { + global $_GET; + } + $sCurrentFolder = isset( $_GET['CurrentFolder'] ) ? $_GET['CurrentFolder'] : '/' ; + + // Check the current folder syntax (must begin and start with a slash). + if ( !preg_match( '|/$|', $sCurrentFolder ) ) + $sCurrentFolder .= '/' ; + if ( strpos( $sCurrentFolder, '/' ) !== 0 ) + $sCurrentFolder = '/' . $sCurrentFolder ; + + // Ensure the folder path has no double-slashes + while ( strpos ($sCurrentFolder, '//') !== false ) { + $sCurrentFolder = str_replace ('//', '/', $sCurrentFolder) ; + } + + // Check for invalid folder paths (..) + if ( strpos( $sCurrentFolder, '..' ) || strpos( $sCurrentFolder, "\\" )) + SendError( 102, '' ) ; + + return $sCurrentFolder ; +} + +// Do a cleanup of the folder name to avoid possible problems +function SanitizeFolderName( $sNewFolderName ) +{ + $sNewFolderName = stripslashes( $sNewFolderName ) ; + + // Remove . \ / | : ? * " < > + $sNewFolderName = preg_replace( '/\\.|\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFolderName ) ; + + return $sNewFolderName ; +} + +// Do a cleanup of the file name to avoid possible problems +function SanitizeFileName( $sNewFileName ) +{ + global $Config ; + + $sNewFileName = stripslashes( $sNewFileName ) ; + + // Replace dots in the name with underscores (only one dot can be there... security issue). + if ( $Config['ForceSingleExtension'] ) + $sNewFileName = preg_replace( '/\\.(?![^.]*$)/', '_', $sNewFileName ) ; + + // Remove \ / | : ? * " < > + $sNewFileName = preg_replace( '/\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFileName ) ; + + return $sNewFileName ; +} + +// This is the function that sends the results of the uploading process. +function SendUploadResults( $errorNumber, $fileUrl = '', $fileName = '', $customMsg = '' ) +{ + // Minified version of the document.domain automatic fix script (#1919). + // The original script can be found at _dev/domain_fix_template.js + echo << +(function(){var d=document.domain;while (true){try{var A=window.parent.document.domain;break;}catch(e) {};d=d.replace(/.*?(?:\.|$)/,'');if (d.length==0) break;try{document.domain=d;}catch (e){break;}}})(); +EOF; + + $rpl = array( '\\' => '\\\\', '"' => '\\"' ) ; + echo 'window.parent.OnUploadCompleted(' . $errorNumber . ',"' . strtr( $fileUrl, $rpl ) . '","' . strtr( $fileName, $rpl ) . '", "' . strtr( $customMsg, $rpl ) . '") ;' ; + echo '' ; + exit ; } \ No newline at end of file