Index: trunk/core/kernel/db/db_tag_processor.php =================================================================== diff -u -N -r8104 -r8178 --- trunk/core/kernel/db/db_tag_processor.php (.../db_tag_processor.php) (revision 8104) +++ trunk/core/kernel/db/db_tag_processor.php (.../db_tag_processor.php) (revision 8178) @@ -751,6 +751,15 @@ return getArrayValue($options,'required'); } + function FieldOption($params) + { + $object =& $this->getObject($params);; + $options = $object->GetFieldOptions($params['field']); + $ret = isset($options[$params['option']]) ? $options[$params['option']] : ''; + if (isset($params['as_label']) && $params['as_label']) $ret = $this->Application->ReplaceLanguageTags($ret); + return $ret; + } + function PredefinedOptions($params) { $field = $params['field']; Index: trunk/core/kernel/utility/formatters/upload_formatter.php =================================================================== diff -u -N -r8074 -r8178 --- trunk/core/kernel/utility/formatters/upload_formatter.php (.../upload_formatter.php) (revision 8074) +++ trunk/core/kernel/utility/formatters/upload_formatter.php (.../upload_formatter.php) (revision 8178) @@ -15,7 +15,14 @@ } -//function Parse($value, $options, &$errors) + /** + * Enter description here... + * + * @param mixed $value + * @param string $field_name + * @param kDBItem $object + * @return unknown + */ function Parse($value, $field_name, &$object) { $ret = ''; @@ -27,6 +34,51 @@ $this->FullPath = FULL_PATH.$this->DestinationPath; } + // SWF Uploader + if (is_array($value) && isset($value['tmp_ids'])) { + if ($value['tmp_deleted']) { + $deleted = explode('|', $value['tmp_deleted']); + $upload = explode('|', $value['upload']); + $n_upload = array(); +// $n_ids = array(); + foreach ($upload as $name) { + if (in_array($name, $deleted)) continue; + $n_upload[] = $name; +// $n_ids[] = $name; + } + $value['upload'] = implode('|', $n_upload); +// $value['tmp_ids'] = implode('|', $n_ids); + } + if (!$value['tmp_ids']) { + return getArrayValue($value, 'upload'); + } + $swf_uploaded_ids = explode('|', $value['tmp_ids']); + $swf_uploaded_names = explode('|', $value['tmp_names']); + $existing = $value['upload'] ? explode('|', $value['upload']) : array(); + if (isset($options['multiple'])) { + $max_files = $options['multiple'] == false ? 1 : $options['multiple']; + } + else { + $max_files = 1; + } + $fret = array(); + for ($i=0; $iValidateFileName($this->FullPath, $real_name); + $file_name = $this->FullPath.$real_name; + + $tmp_file = WRITEABLE.'/tmp/'.$swf_uploaded_ids[$i].'_'.$swf_uploaded_names[$i]; + rename($tmp_file, $file_name); + + @chmod($file_name, 0666); + $fret[] = getArrayValue($options, 'upload_dir') ? $real_name : $this->DestinationPath.$real_name; + } + $fret = array_merge($existing, $fret); + return implode('|', $fret); + } + + // SWF Uploader END + if (getArrayValue($value, 'upload') && getArrayValue($value, 'error') == UPLOAD_ERR_NO_FILE) { // file was not uploaded this time, but was uploaded before, then use previously uploaded file (from db) return getArrayValue($value, 'upload'); @@ -72,7 +124,7 @@ $object->SetDBField($options['content_type_field'], $value['type']); } $ret = getArrayValue($options, 'upload_dir') ? $real_name : $this->DestinationPath.$real_name; - + // delete previous file, when new file is uploaded under same field /*$previous_file = isset($value['upload']) ? $value['upload'] : false; if ($previous_file && file_exists($this->FullPath.$previous_file)) { @@ -101,19 +153,40 @@ return $ret; } - + function Format($value, $field_name, &$object, $format=null) { if ( is_null($value) ) return ''; $options = $object->GetFieldOptions($field_name); if ( isset($format) ) $options['format'] = $format; + + if ($format == 'file_urls' || $format == 'file_names' || $format == 'file_sizes') { + $upload_dir = isset($options['upload_dir']) ? $options['upload_dir'] : $this->DestinationPath; + $files = explode('|', $value); + $urls = array(); + $names = array(); + if ($value) { // if value string was not empty + foreach ($files as $a_file) { + $urls[] = rtrim($this->Application->BaseURL(), '/').$upload_dir.$a_file; + $names[] = $a_file; + $sizes[] = filesize(FULL_PATH.$upload_dir.$a_file); + } + } + switch ($format) { + case 'file_urls': return implode('|', $urls); + case 'file_names': return implode('|', $names); + case 'file_sizes': return implode('|', $sizes); + } + return implode('|', $format == 'file_urls' ? $urls : $names); + } + $tc_value = $this->TypeCast($value, $options); if( ($tc_value === false) || ($tc_value != $value) ) return $value; // for leaving badly formatted date on the form - + return $this->GetFormatted($tc_value, $options); } - + function GetFormatted($tc_value, &$options) { if (isset($options['format'])) { @@ -122,7 +195,7 @@ $upload_dir = isset($options['upload_dir']) ? $options['upload_dir'] : $this->DestinationPath; return rtrim($this->Application->BaseURL(), '/').$upload_dir.$tc_value; break; - + default: return sprintf($options['format'], $tc_value); break; @@ -161,17 +234,17 @@ $this->DestinationPath = IMAGES_PENDING_PATH; parent::kUploadFormatter(); } - + function GetFormatted($tc_value, &$options) { if (isset($options['format']) && ($options['format'] == 'img_size')) { $upload_dir = isset($options['upload_dir']) ? $options['upload_dir'] : $this->DestinationPath; $img_path = FULL_PATH.'/'.$upload_dir.$tc_value; - + $image_info = @getimagesize($img_path); return ' width="'.$image_info[0].'" height="'.$image_info[1].'"'; } - + return parent::GetFormatted($tc_value, $options); } Index: trunk/core/kernel/application.php =================================================================== diff -u -N -r8104 -r8178 --- trunk/core/kernel/application.php (.../application.php) (revision 8104) +++ trunk/core/kernel/application.php (.../application.php) (revision 8178) @@ -1590,7 +1590,7 @@ // that's why $this->Session may be not defined here $session =& $this->Application->recallObject('Session'); /* @var $session Session */ - + $session->SaveData(); exit; } @@ -1674,7 +1674,7 @@ if ($res) { $this->Caches['PhraseList'] = $res['PhraseList'] ? explode(',', $res['PhraseList']) : array(); - + $config_ids = $res['ConfigVariables'] ? explode(',', $res['ConfigVariables']) : array(); if (isset($this->Caches['ConfigVariables'])) { $config_ids = array_diff($config_ids, $this->Caches['ConfigVariables']); @@ -2381,7 +2381,7 @@ if ($time_zone == 'GMT') { return (-1) * adodb_date('Z'); } - + $target_zone = isset($time_zone) ? $time_zone : $this->ConfigValue('Config_Site_Time'); return 3600 * ($target_zone - $this->ConfigValue('Config_Server_Time')); } @@ -2423,8 +2423,8 @@ } return $user_groups; } - + /** * Allows to detect if page is browsed by spider (293 agents supported) * @@ -2433,7 +2433,7 @@ function IsSpider() { static $is_spider = null; - + if (!isset($is_spider)) { $user_agent = trim($_SERVER['HTTP_USER_AGENT']); $robots = file(FULL_PATH.'/core/robots_list.txt'); @@ -2445,10 +2445,10 @@ } } } - + return $is_spider; } - + /** * Allows to detect table's presense in database * @@ -2473,10 +2473,10 @@ { $count_helper =& $this->Application->recallObject('CountHelper'); /* @var $count_helper kCountHelper */ - + return $count_helper->getCounter($name, $params, $query_name, $multiple_results); } - + /** * Resets counter, whitch are affected by one of specified tables * @@ -2486,7 +2486,7 @@ { $count_helper =& $this->Application->recallObject('CountHelper'); /* @var $count_helper kCountHelper */ - + return $count_helper->resetCounters($tables); } } Index: trunk/core/admin_templates/js/uploader.js =================================================================== diff -u -N -r8174 -r8178 --- trunk/core/admin_templates/js/uploader.js (.../uploader.js) (revision 8174) +++ trunk/core/admin_templates/js/uploader.js (.../uploader.js) (revision 8178) @@ -425,8 +425,8 @@ } } -UploadsManager.CancelUpload = function(mov) +UploadsManager.CancelUpload = function(id) { - document.getElementById(mov+'_swf').cancelQueue(); + this.Uploaders[id].flash.cancelQueue(); this.uploadCancelled = true; } \ No newline at end of file Index: trunk/core/kernel/utility/http_query.php =================================================================== diff -u -N -r8041 -r8178 --- trunk/core/kernel/utility/http_query.php (.../http_query.php) (revision 8041) +++ trunk/core/kernel/utility/http_query.php (.../http_query.php) (revision 8178) @@ -339,7 +339,7 @@ $t = array_shift($parts); } - + // Save Template Name $vars['t'] = $this->getDefaultTemplate($t); return $vars; @@ -352,7 +352,7 @@ * desired application variables. * * @param string $env_var enviroment string value - * + * * @access public */ function processQueryString($env_var, $pass_name = 'passed') @@ -378,7 +378,7 @@ $t = $this->getTemplateName('index'); $vars['t'] = $t; } - + return $vars; } @@ -399,7 +399,7 @@ $prefix_special = array_shift($mixed_part); // l.pick, l $query_map = $this->Application->EventManager->setQueryMap($prefix_special); - + $vars = Array (); $vars[$pass_name] = implode(',', array_keys($this->Application->EventManager->queryMaps)); @@ -412,7 +412,7 @@ $vars[$prefix_special.'_'.$var_name] = $val; } } - + return $vars; } @@ -429,7 +429,7 @@ // template name is passed directly in url (GET method) $t = $this->Get['t']; } - + if (is_numeric($t)) { $sql = 'SELECT CONCAT(FilePath, \'/\', FileName) FROM '.TABLE_PREFIX.'ThemeFiles @@ -524,6 +524,10 @@ if ($this->Post) { $data .= "_POST:\n".print_r($this->Post, true); } + + if ($this->Cookie) { + $data .= "_COOKIE:\n".print_r($this->Cookie, true); + } $data .= str_repeat('=', 100)."\n"; fwrite($fp, $data); Index: trunk/core/kernel/db/db_event_handler.php =================================================================== diff -u -N -r8104 -r8178 --- trunk/core/kernel/db/db_event_handler.php (.../db_event_handler.php) (revision 8104) +++ trunk/core/kernel/db/db_event_handler.php (.../db_event_handler.php) (revision 8178) @@ -144,6 +144,11 @@ 'OnSearchReset' => Array('self' => true, 'subitem' => true), 'OnGoBack' => Array('self' => true, 'subitem' => true), + + // it checks permission itself since flash uploader does not send cookies + 'OnUploadFile' => Array('self'=>true, 'subitem'=>true), + + 'OnViewFile' => Array('self'=>true, 'subitem'=>true), ); $this->permMapping = array_merge($this->permMapping, $permissions); } @@ -2045,6 +2050,78 @@ } } + function OnUploadFile(&$event) + { + // Flash uploader does NOT send correct cookies, so we need to make our own check + $cookie_name = 'adm_'.$this->Application->ConfigValue('SessionCookieName'); + $this->Application->HttpQuery->Cookie['cookies_on'] = 1; + $this->Application->HttpQuery->Cookie[$cookie_name] = $this->Application->GetVar('flashsid'); + + $admin_ses =& $this->Application->recallObject('Session.admin'); + /* @var $admin_ses Session */ + $user = $admin_ses->RecallVar('user_id'); + $perm_helper =& $this->Application->recallObject('PermissionsHelper'); + /* @var $perm_helper kPermissionsHelper */ + $section = $event->getSection(); + if (!$perm_helper->CheckUserPermission($user, $section.'.add') && !$perm_helper->CheckUserPermission($user, $section.'.edit')) { + $event->status = erPERM_FAIL; + return; + } + + if (!$cookie_name) $cookie_name = 'sid'; + + $value = $this->Application->GetVar('Filedata'); + if (!$value) return ; + $tmp_path = WRITEABLE.'/tmp/'; + $fname = $value['name']; + $id = $this->Application->GetVar('id'); + if ($id) $fname = $id.'_'.$fname; + + move_uploaded_file($value['tmp_name'], $tmp_path.$fname); + exit; + } + + /** + * Enter description here... + * + * @param kEvent $event + */ + function OnDeleteFile(&$event) + { + $var_name = $event->getPrefixSpecial().'_file_pending_actions'; + $schedule = $this->Application->RecallVar($var_name); + $schedule = $schedule ? unserialize($schedule) : array(); + $schedule[] = array('action'=>'delete', 'file'=>$this->Application->GetVar('file')); + $this->Application->StoreVar($var_name, serialize($schedule)); + exit; + } + + /** + * Enter description here... + * + * @param kEvent $event + */ + function OnViewFile(&$event) + { + if ($this->Application->GetVar('tmp')) { + $path = WRITEABLE.'/tmp/'.$this->Application->GetVar('id').'_'.$this->Application->GetVar('file'); + } + else { + $object =& $event->getObject(array('skip_autoload'=>true)); + $options = $object->GetFieldOptions($this->Application->GetVar('field')); + + $path = FULL_PATH.$options['upload_dir'].$this->Application->GetVar('file'); + } + + $type = mime_content_type($path); + + header('Content-Length: '.filesize($path)); + header('Content-Type: '.$type); + + readfile($path); + exit(); + } + } Index: trunk/core/units/admin/admin_tag_processor.php =================================================================== diff -u -N -r8104 -r8178 --- trunk/core/units/admin/admin_tag_processor.php (.../admin_tag_processor.php) (revision 8104) +++ trunk/core/units/admin/admin_tag_processor.php (.../admin_tag_processor.php) (revision 8178) @@ -259,12 +259,12 @@ $debug_mode = $this->Application->isDebugMode(); $super_admin_mode = $this->Application->RecallVar('super_admin'); - + ksort($section_data['children'], SORT_NUMERIC); foreach ($section_data['children'] as $section_name) { $params['section_name'] = $section_name; $section_data =& $sections_helper->getSectionData($section_name); - + if (isset($section_data['show_mode'])) { $show_mode = $section_data['show_mode']; // if super admin section -> show in super admin mode & debug mode @@ -698,7 +698,7 @@ $debug_mode = isset($params['debug_mode']) && $params['debug_mode'] ? $this->Application->isDebugMode() : true; return $debug_mode && constOn($constant_name); } - + /** * Builds link to last template in main frame of admin * @@ -711,18 +711,18 @@ if (!$last_template) { return false; } - + list(, $env) = explode('|', $last_template); $vars = $this->Application->HttpQuery->processQueryString($env, 'pass'); if ($vars['t'] == 'login' || $vars['t'] == 'index') { // prevents redirect recursion OR old in-portal pages return false; } - + $vars = array_merge_recursive2($vars, $params); $t = $vars['t']; unset($vars['t']); - + return $this->Application->HREF($t, '', $vars); } } Index: trunk/core/kernel/processors/main_processor.php =================================================================== diff -u -N -r8099 -r8178 --- trunk/core/kernel/processors/main_processor.php (.../main_processor.php) (revision 8099) +++ trunk/core/kernel/processors/main_processor.php (.../main_processor.php) (revision 8178) @@ -132,18 +132,18 @@ { $pass_category = true; $category_id = $this->Application->GetVar('m_cat_id'); - + if ($category_id > 0) { $category = $this->Application->recallObject('c'); /* @var $category kDBItem */ - + $t = $this->Application->GetVar('t'); if (preg_match('/Content\/'.preg_quote($t, '/').'/i', $category->GetDBField('NamedParentPath'))) { // category name matches template name -> Proj-CMS/In-Edit tricks $pass_category = false; } } - + $params['pass'] = 'all,m'; if ($pass_category) { $params['pass_category'] = 1; @@ -964,7 +964,7 @@ { $esender =& $application->recallObject('EmailSender'.(isset($params['special']) ? '.'.$params['special'] : '')); /* @var $esender kEmailSendingHelper */ - + $path = FULL_PATH.'/'.$params['path']; if (file_exists($path)) { $esender->AddAttachment($path); @@ -981,4 +981,9 @@ true ); } + + function SID($params) + { + return $this->Application->GetSID(); + } }