Index: branches/5.2.x/core/kernel/db/db_event_handler.php =================================================================== diff -u -N -r15727 -r15729 --- branches/5.2.x/core/kernel/db/db_event_handler.php (.../db_event_handler.php) (revision 15727) +++ branches/5.2.x/core/kernel/db/db_event_handler.php (.../db_event_handler.php) (revision 15729) @@ -1,6 +1,6 @@ Prefix . '_changes_' . $this->Application->GetTopmostWid($this->Prefix); $this->Application->RemoveVar($changes_var_name); - foreach ($ids as $id) { - $object->resetUploads($id); - } - $temp_handler = $this->Application->recallObject($event->getPrefixSpecial() . '_TempHandler', 'kTempTablesHandler', Array ('parent_event' => $event)); /* @var $temp_handler kTempTablesHandler */ @@ -2170,8 +2166,6 @@ $this->Application->SetVar($event->getPrefixSpecial() . '_id', 0); $this->Application->SetVar($event->getPrefixSpecial() . '_PreCreate', 1); - $object->resetUploads(); - $changes_var_name = $this->Prefix . '_changes_' . $this->Application->GetTopmostWid($this->Prefix); $this->Application->RemoveVar($changes_var_name); @@ -2606,19 +2600,6 @@ $object = $event->getObject(); /* @var $object kDBItem */ - if ( $object->getUploaderFields() ) { - // this would prevent SQL error when loading "*-ci" prefix object - if ( $event->Name == 'OnAfterCopyToLive' ) { - $object->SwitchToLive(); - $object->Load($event->getEventParam('id')); - - $object->processUploads($event->getEventParam('temp_id')); - } - else { - $object->processUploads(); - } - } - $var_name = $object->getPendingActionVariableName(); $schedule = $this->Application->RecallVar($var_name); @@ -3263,20 +3244,21 @@ protected function OnDeleteFile(kEvent $event) { $event->status = kEvent::erSTOP; - $filename = $this->_getUploadedFileInfo($event, 'full_path'); + $filename = $this->_getSafeFilename(); - if ( $filename === false ) { + if ( !$filename ) { return; } $object = $event->getObject(Array ('skip_autoload' => true)); /* @var $object kDBItem */ + $upload_dir = $object->GetFieldOption($this->Application->GetVar('field'), 'upload_dir'); + $var_name = $object->getPendingActionVariableName(); $schedule = $this->Application->RecallVar($var_name); $schedule = $schedule ? unserialize($schedule) : Array (); - $schedule[] = Array ('action' => 'delete', 'file' => $filename); - + $schedule[] = Array ('action' => 'delete', 'file' => FULL_PATH . $upload_dir . $filename); $this->Application->StoreVar($var_name, serialize($schedule)); } @@ -3290,21 +3272,37 @@ protected function OnViewFile(kEvent $event) { $event->status = kEvent::erSTOP; + $filename = $this->_getSafeFilename(); - if ( $this->Application->GetVar('thumb') ) { - $object = $event->getObject(Array ('skip_autoload' => true)); - /* @var $object kDBItem */ + if ( !$filename ) { + return; + } - $field = $this->Application->GetVar('field'); - $url = $this->_getUploadedFileInfo($event, $object->GetFieldOption($field, 'thumb_format')); + $object = $event->getObject(Array ('skip_autoload' => true)); + /* @var $object kDBItem */ + + $field = $this->Application->GetVar('field'); + $options = $object->GetFieldOptions($field); + + // set current uploaded file + if ( $this->Application->GetVar('tmp') ) { + $options['upload_dir'] = WRITEBALE_BASE . '/tmp/'; + unset($options['include_path']); + $object->SetFieldOptions($field, $options); + + $object->SetDBField($field, $this->Application->GetVar('id') . '_' . $filename); } else { - $url = $this->_getUploadedFileInfo($event, 'full_url'); + $object->SetDBField($field, $filename); } - if ( $url === false ) { - return; + // get url to uploaded file + if ( $this->Application->GetVar('thumb') ) { + $url = $object->GetField($field, $options['thumb_format']); } + else { + $url = $object->GetField($field, 'full_url'); // don't use "file_urls" format to prevent recursion + } $file_helper = $this->Application->recallObject('FileHelper'); /* @var $file_helper FileHelper */ @@ -3317,51 +3315,31 @@ header('Content-Length: ' . filesize($path)); $this->Application->setContentType(kUtil::mimeContentType($path), false); - header('Content-Disposition: inline; filename="' . basename($path) . '"'); + header('Content-Disposition: inline; filename="' . $filename . '"'); readfile($path); } /** - * Returns information about uploaded file + * Returns safe version of filename specified in url * - * @param kEvent $event - * @param string $format - * @return bool + * @return bool|string * @access protected */ - protected function _getUploadedFileInfo(kEvent $event, $format) + protected function _getSafeFilename() { - $file = $this->Application->GetVar('file'); + $filename = $this->Application->GetVar('file'); if ( !$this->Application->isAdmin ) { - $file = htmlspecialchars_decode($file); + $filename = htmlspecialchars_decode($filename); } - if ( (strpos($file, '../') !== false) || (trim($file) !== $file) ) { + if ( (strpos($filename, '../') !== false) || (trim($filename) !== $filename) ) { // when relative paths or special chars are found template names from url, then it's hacking attempt return false; } - $object = $event->getObject(Array ('skip_autoload' => true)); - /* @var $object kDBItem */ - - $field = $this->Application->GetVar('field'); - $options = $object->GetFieldOptions($field); - - // set current uploaded file - if ( $this->Application->GetVar('tmp') ) { - $options['upload_dir'] = WRITEBALE_BASE . '/tmp/'; - unset($options['include_path']); - $object->SetFieldOptions($field, $options); - - $object->SetDBField($field, $this->Application->GetVar('id') . '_' . $file); - } - else { - $object->SetDBField($field, $file); - } - - return $object->GetField($field, $format); + return $filename; } /**