igor/Metadata_PHP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Первая копия

Browse Source
This commit is contained in:
Igor
2020-02-27 00:28:43 +06:00
commit 925cac4752
1125 changed files with 198979 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
metadata/include/kcfinder/core/.htaccess Normal file
View File

@ -0,0 +1,4 @@
<Files *>
Order allow,deny
Deny from all
</Files>

41
metadata/include/kcfinder/core/autoload.php Normal file
View File

@ -0,0 +1,41 @@
<?php
/** This file is part of KCFinder project
*
* @desc Autoload Classes
* @package KCFinder
* @version 3.12
* @author Pavel Tzonkov <sunhater@sunhater.com>
* @copyright 2010-2014 KCFinder Project
* @license http://opensource.org/licenses/GPL-3.0 GPLv3
* @license http://opensource.org/licenses/LGPL-3.0 LGPLv3
* @link http://kcfinder.sunhater.com
*/
spl_autoload_register(function($path) {
$path = explode("\\", $path);
if (count($path) == 1)
return;
list($ns, $class) = $path;
if ($ns == "kcfinder") {
if ($class == "uploader")
require "core/class/uploader.php";
elseif ($class == "browser")
require "core/class/browser.php";
elseif ($class == "minifier")
require "core/class/minifier.php";
elseif (file_exists("core/types/$class.php"))
require "core/types/$class.php";
elseif (file_exists("lib/class_$class.php"))
require "lib/class_$class.php";
elseif (file_exists("lib/helper_$class.php"))
require "lib/helper_$class.php";
}
});
?>

181
metadata/include/kcfinder/core/bootstrap.php Normal file
View File

@ -0,0 +1,181 @@
<?php
/** This file is part of KCFinder project
*
* @desc This file is included first, before each other
* @package KCFinder
* @version 3.12
* @author Pavel Tzonkov <sunhater@sunhater.com>
* @copyright 2010-2014 KCFinder Project
* @license http://opensource.org/licenses/GPL-3.0 GPLv3
* @license http://opensource.org/licenses/LGPL-3.0 LGPLv3
* @link http://kcfinder.sunhater.com
*
* This file is the place you can put any code (at the end of the file),
* which will be executed before any other. Suitable for:
* 1. Set PHP ini settings using ini_set()
* 2. Custom session save handler with session_set_save_handler()
* 3. Any custom integration code. If you use any global variables
* here, they can be accessed in conf/config.php via $GLOBALS
* array. It's recommended to use constants instead.
*/
// PHP VERSION CHECK
if (!preg_match('/^(\d+\.\d+)/', PHP_VERSION, $ver) || ($ver[1] < 5.3))
die("You are using PHP " . PHP_VERSION . " when KCFinder require at least version 5.3.0! Some systems has an option to change the active PHP version. Please refer to your hosting provider or upgrade your PHP distribution.");
// SAFE MODE CHECK
if (ini_get("safe_mode"))
die("The \"safe_mode\" PHP ini setting is turned on! You cannot run KCFinder in safe mode.");
// CMS INTEGRATION
if (isset($_GET['cms']) &&
(basename($_GET['cms']) == $_GET['cms']) &&
is_file("integration/{$_GET['cms']}.php")
)
require "integration/{$_GET['cms']}.php";
// REGISTER AUTOLOAD FUNCTION
require "core/autoload.php";
// json_encode() IMPLEMENTATION IF JSON EXTENSION IS MISSING
if (!function_exists("json_encode")) {
function json_encode($data) {
if (is_array($data)) {
$ret = array();
// OBJECT
if (array_keys($data) !== range(0, count($data) - 1)) {
foreach ($data as $key => $val)
$ret[] = json_encode((string) $key) . ':' . json_encode($val);
return "{" . implode(",", $ret) . "}";
// ARRAY
} else {
foreach ($data as $val)
$ret[] = json_encode($val);
return "[" . implode(",", $ret) . "]";
}
// BOOLEAN OR NULL
} elseif (is_bool($data) || ($data === null))
return ($data === null)
? "null"
: ($data ? "true" : "false");
// FLOAT
elseif (is_float($data))
return rtrim(rtrim(number_format($data, 14, ".", ""), "0"), ".");
// INTEGER
elseif (is_int($data))
return $data;
// STRING
return '"' .
str_replace('/', "\\/",
str_replace("\t", "\\t",
str_replace("\r", "\\r",
str_replace("\n", "\\n",
str_replace('"', "\\\"",
str_replace("\\", "\\\\",
$data)))))) . '"';
}
}
// CUSTOM SESSION SAVE HANDLER CLASS EXAMPLE
//
// Uncomment & edit it if the application you want to integrate with, have
// its own session save handler. It's not even needed to save instances of
// this class in variables. Just add a row:
// new SessionSaveHandler();
// and your handler will rule the sessions ;-)
/*
class SessionSaveHandler {
protected $savePath;
protected $sessionName;
public function __construct() {
session_set_save_handler(
array($this, "open"),
array($this, "close"),
array($this, "read"),
array($this, "write"),
array($this, "destroy"),
array($this, "gc")
);
}
// Open function, this works like a constructor in classes and is
// executed when the session is being opened. The open function expects
// two parameters, where the first is the save path and the second is the
// session name.
public function open($savePath, $sessionName) {
$this->savePath = $savePath;
$this->sessionName = $sessionName;
return true;
}
// Close function, this works like a destructor in classes and is
// executed when the session operation is done.
public function close() {
return true;
}
// Read function must return string value always to make save handler
// work as expected. Return empty string if there is no data to read.
// Return values from other handlers are converted to boolean expression.
// TRUE for success, FALSE for failure.
public function read($id) {
$file = $this->savePath . "/sess_$id";
return (string) @file_get_contents($file);
}
// Write function that is called when session data is to be saved. This
// function expects two parameters: an identifier and the data associated
// with it.
public function write($id, $data) {
$file = $this->savePath . "/sess_$id";
if (false !== ($fp = @fopen($file, "w"))) {
$return = fwrite($fp, $data);
fclose($fp);
return $return;
} else
return false;
}
// The destroy handler, this is executed when a session is destroyed with
// session_destroy() and takes the session id as its only parameter.
public function destroy($id) {
$file = $this->savePath . "/sess_$id";
return @unlink($file);
}
// The garbage collector, this is executed when the session garbage
// collector is executed and takes the max session lifetime as its only
// parameter.
public function gc($maxlifetime) {
foreach (glob($this->savePath . "/sess_*") as $file)
if (filemtime($file) + $maxlifetime < time())
@unlink($file);
return true;
}
}
new SessionSaveHandler();
*/
// PUT YOUR ADDITIONAL CODE HERE
?>

922
metadata/include/kcfinder/core/class/browser.php Normal file
View File

@ -0,0 +1,922 @@
<?php
/** This file is part of KCFinder project
*
* @desc Browser actions class
* @package KCFinder
* @version 3.12
* @author Pavel Tzonkov <sunhater@sunhater.com>
* @copyright 2010-2014 KCFinder Project
* @license http://opensource.org/licenses/GPL-3.0 GPLv3
* @license http://opensource.org/licenses/LGPL-3.0 LGPLv3
* @link http://kcfinder.sunhater.com
*/
namespace kcfinder;
class browser extends uploader {
protected $action;
protected $thumbsDir;
protected $thumbsTypeDir;
public function __construct() {
parent::__construct();
// SECURITY CHECK INPUT DIRECTORY
if (isset($_POST['dir'])) {
$dir = $this->checkInputDir($_POST['dir'], true, false);
if ($dir === false) unset($_POST['dir']);
$_POST['dir'] = $dir;
}
if (isset($_GET['dir'])) {
$dir = $this->checkInputDir($_GET['dir'], true, false);
if ($dir === false) unset($_GET['dir']);
$_GET['dir'] = $dir;
}
$thumbsDir = $this->config['uploadDir'] . "/" . $this->config['thumbsDir'];
if (!$this->config['disabled'] &&
(
(
!is_dir($thumbsDir) &&
!@mkdir($thumbsDir, $this->config['dirPerms'])
) ||
!is_readable($thumbsDir) ||
!dir::isWritable($thumbsDir) ||
(
!is_dir("$thumbsDir/{$this->type}") &&
!@mkdir("$thumbsDir/{$this->type}", $this->config['dirPerms'])
)
)
)
$this->errorMsg("Cannot access or create thumbnails folder.");
$this->thumbsDir = $thumbsDir;
$this->thumbsTypeDir = "$thumbsDir/{$this->type}";
// Remove temporary zip downloads if exists
if (!$this->config['disabled']) {
$files = dir::content($this->config['uploadDir'], array(
'types' => "file",
'pattern' => '/^.*\.zip$/i'
));
if (is_array($files) && count($files)) {
$time = time();
foreach ($files as $file)
if (is_file($file) && ($time - filemtime($file) > 3600))
unlink($file);
}
}
if (isset($_GET['theme']) &&
$this->checkFilename($_GET['theme']) &&
is_dir("themes/{$_GET['theme']}")
)
$this->config['theme'] = $_GET['theme'];
}
public function action() {
$act = isset($_GET['act']) ? $_GET['act'] : "browser";
if (!method_exists($this, "act_$act"))
$act = "browser";
$this->action = $act;
$method = "act_$act";
if ($this->config['disabled']) {
$message = $this->label("You don't have permissions to browse server.");
if (in_array($act, array("browser", "upload")) ||
(substr($act, 0, 8) == "download")
)
$this->backMsg($message);
else {
header("Content-Type: text/plain; charset={$this->charset}");
die(json_encode(array('error' => $message)));
}
}
if (!isset($this->session['dir']))
$this->session['dir'] = $this->type;
else {
$type = $this->getTypeFromPath($this->session['dir']);
$dir = $this->config['uploadDir'] . "/" . $this->session['dir'];
if (($type != $this->type) || !is_dir($dir) || !is_readable($dir))
$this->session['dir'] = $this->type;
}
$this->session['dir'] = path::normalize($this->session['dir']);
// Render the browser
if ($act == "browser") {
header("X-UA-Compatible: chrome=1");
header("Content-Type: text/html; charset={$this->charset}");
// Ajax requests
} elseif (
(substr($act, 0, 8) != "download") &&
!in_array($act, array("thumb", "upload"))
)
header("Content-Type: text/plain; charset={$this->charset}");
$return = $this->$method();
echo ($return === true)
? '{}'
: $return;
}
protected function act_browser() {
if (isset($_GET['dir'])) {
$dir = "{$this->typeDir}/{$_GET['dir']}";
if ($this->checkFilePath($dir) && is_dir($dir) && is_readable($dir))
$this->session['dir'] = path::normalize("{$this->type}/{$_GET['dir']}");
}
return $this->output();
}
protected function act_init() {
$tree = $this->getDirInfo($this->typeDir);
$tree['dirs'] = $this->getTree($this->session['dir']);
if (!is_array($tree['dirs']) || !count($tree['dirs']))
unset($tree['dirs']);
$files = $this->getFiles($this->session['dir']);
$dirWritable = dir::isWritable("{$this->config['uploadDir']}/{$this->session['dir']}");
$data = array(
'tree' => &$tree,
'files' => &$files,
'dirWritable' => $dirWritable
);
return json_encode($data);
}
protected function act_thumb() {
if (!isset($_GET['file']) ||
!isset($_GET['dir']) ||
!$this->checkFilename($_GET['file'])
)
$this->sendDefaultThumb();
$dir = $this->getDir();
$file = "{$this->thumbsTypeDir}/{$_GET['dir']}/${_GET['file']}";
// Create thumbnail
if (!is_file($file) || !is_readable($file)) {
$file = "$dir/{$_GET['file']}";
if (!is_file($file) || !is_readable($file))
$this->sendDefaultThumb($file);
$image = image::factory($this->imageDriver, $file);
if ($image->initError)
$this->sendDefaultThumb($file);
$img = new fastImage($file);
$type = $img->getType();
$img->close();
if (in_array($type, array("gif", "jpeg", "png")) &&
($image->width <= $this->config['thumbWidth']) &&
($image->height <= $this->config['thumbHeight'])
) {
$mime = "image/$type";
httpCache::file($file, $mime);
} else
$this->sendDefaultThumb($file);
// Get type from already-existing thumbnail
} else {
$img = new fastImage($file);
$type = $img->getType();
$img->close();
}
httpCache::file($file, "image/$type");
}
protected function act_expand() {
return json_encode(array('dirs' => $this->getDirs($this->postDir())));
}
protected function act_chDir() {
$this->postDir(); // Just for existing check
$this->session['dir'] = "{$this->type}/{$_POST['dir']}";
$dirWritable = dir::isWritable("{$this->config['uploadDir']}/{$this->session['dir']}");
return json_encode(array(
'files' => $this->getFiles($this->session['dir']),
'dirWritable' => $dirWritable
));
}
protected function act_newDir() {
if (!$this->config['access']['dirs']['create'] ||
!isset($_POST['dir']) ||
!isset($_POST['newDir']) ||
!$this->checkFilename($_POST['newDir'])
)
$this->errorMsg("Unknown error.");
$dir = $this->postDir();
$newDir = $this->normalizeDirname(trim($_POST['newDir']));
if (!strlen($newDir))
$this->errorMsg("Please enter new folder name.");
if (preg_match('/[\/\\\\]/s', $newDir))
$this->errorMsg("Unallowable characters in folder name.");
if (substr($newDir, 0, 1) == ".")
$this->errorMsg("Folder name shouldn't begins with '.'");
if (file_exists("$dir/$newDir"))
$this->errorMsg("A file or folder with that name already exists.");
if (!@mkdir("$dir/$newDir", $this->config['dirPerms']))
$this->errorMsg("Cannot create {dir} folder.", array('dir' => $this->htmlData($newDir)));
return true;
}
protected function act_renameDir() {
if (!$this->config['access']['dirs']['rename'] ||
!isset($_POST['dir']) ||
!strlen(rtrim(rtrim(trim($_POST['dir']), "/"), "\\")) ||
!isset($_POST['newName']) ||
!$this->checkFilename($_POST['newName'])
)
$this->errorMsg("Unknown error.");
$dir = $this->postDir();
$newName = $this->normalizeDirname(trim($_POST['newName']));
if (!strlen($newName))
$this->errorMsg("Please enter new folder name.");
if (preg_match('/[\/\\\\]/s', $newName))
$this->errorMsg("Unallowable characters in folder name.");
if (substr($newName, 0, 1) == ".")
$this->errorMsg("Folder name shouldn't begins with '.'");
if (!@rename($dir, dirname($dir) . "/$newName"))
$this->errorMsg("Cannot rename the folder.");
$thumbDir = "$this->thumbsTypeDir/{$_POST['dir']}";
if (is_dir($thumbDir))
@rename($thumbDir, dirname($thumbDir) . "/$newName");
return json_encode(array('name' => $newName));
}
protected function act_deleteDir() {
if (!$this->config['access']['dirs']['delete'] ||
!isset($_POST['dir']) ||
!strlen(rtrim(rtrim(trim($_POST['dir']), "/"), "\\"))
)
$this->errorMsg("Unknown error.");
$dir = $this->postDir();
if (!dir::isWritable($dir))
$this->errorMsg("Cannot delete the folder.");
$result = !dir::prune($dir, false);
if (is_array($result) && count($result))
$this->errorMsg("Failed to delete {count} files/folders.",
array('count' => count($result)));
$thumbDir = "$this->thumbsTypeDir/{$_POST['dir']}";
if (is_dir($thumbDir)) dir::prune($thumbDir);
return true;
}
protected function act_upload() {
header("Content-Type: text/plain; charset={$this->charset}");
if (!$this->config['access']['files']['upload'] ||
!isset($_POST['dir'])
)
$this->errorMsg("Unknown error.");
$dir = $this->postDir();
if (!dir::isWritable($dir))
$this->errorMsg("Cannot access or write to upload folder.");
if (is_array($this->file['name'])) {
$return = array();
foreach ($this->file['name'] as $i => $name) {
$return[] = $this->moveUploadFile(array(
'name' => $name,
'tmp_name' => $this->file['tmp_name'][$i],
'error' => $this->file['error'][$i]
), $dir);
}
return implode("\n", $return);
} else
return $this->moveUploadFile($this->file, $dir);
}
protected function act_download() {
$dir = $this->postDir();
if (!isset($_POST['dir']) ||
!isset($_POST['file']) ||
!$this->checkFilename($_POST['file']) ||
(false === ($file = "$dir/{$_POST['file']}")) ||
!file_exists($file) || !is_readable($file)
)
$this->errorMsg("Unknown error.");
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private", false);
header("Content-Type: application/octet-stream");
header('Content-Disposition: attachment; filename="' . str_replace('"', "_", $_POST['file']) . '"');
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . filesize($file));
readfile($file);
die;
}
protected function act_rename() {
$dir = $this->postDir();
if (!$this->config['access']['files']['rename'] ||
!isset($_POST['dir']) ||
!isset($_POST['file']) ||
!isset($_POST['newName']) ||
!$this->checkFilename($_POST['file']) ||
!$this->checkFilename($_POST['newName']) ||
(false === ($file = "$dir/{$_POST['file']}")) ||
!file_exists($file) || !is_readable($file) || !file::isWritable($file)
)
$this->errorMsg("Unknown error.");
if (isset($this->config['denyExtensionRename']) &&
$this->config['denyExtensionRename'] &&
(file::getExtension($_POST['file'], true) !==
file::getExtension($_POST['newName'], true)
)
)
$this->errorMsg("You cannot rename the extension of files!");
$newName = $this->normalizeFilename(trim($_POST['newName']));
if (!strlen($newName))
$this->errorMsg("Please enter new file name.");
if (preg_match('/[\/\\\\]/s', $newName))
$this->errorMsg("Unallowable characters in file name.");
if (substr($newName, 0, 1) == ".")
$this->errorMsg("File name shouldn't begins with '.'");
$newName = "$dir/$newName";
if (file_exists($newName))
$this->errorMsg("A file or folder with that name already exists.");
$ext = file::getExtension($newName);
if (!$this->validateExtension($ext, $this->type))
$this->errorMsg("Denied file extension.");
if (!@rename($file, $newName))
$this->errorMsg("Unknown error.");
$thumbDir = "{$this->thumbsTypeDir}/{$_POST['dir']}";
$thumbFile = "$thumbDir/{$_POST['file']}";
if (file_exists($thumbFile))
@rename($thumbFile, "$thumbDir/" . basename($newName));
return true;
}
protected function act_delete() {
$dir = $this->postDir();
if (!$this->config['access']['files']['delete'] ||
!isset($_POST['dir']) ||
!isset($_POST['file']) ||
!$this->checkFilename($_POST['file']) ||
(false === ($file = "$dir/{$_POST['file']}")) ||
!file_exists($file) || !is_readable($file) || !file::isWritable($file) ||
!@unlink($file)
)
$this->errorMsg("Unknown error.");
$thumb = "{$this->thumbsTypeDir}/{$_POST['dir']}/{$_POST['file']}";
if (file_exists($thumb)) @unlink($thumb);
return true;
}
protected function act_cp_cbd() {
$dir = $this->postDir();
if (!$this->config['access']['files']['copy'] ||
!isset($_POST['dir']) ||
!is_dir($dir) || !is_readable($dir) || !dir::isWritable($dir) ||
!isset($_POST['files']) || !is_array($_POST['files']) ||
!count($_POST['files'])
)
$this->errorMsg("Unknown error.");
$error = array();
foreach($_POST['files'] as $file) {
$file = path::normalize($file);
if (substr($file, 0, 1) == ".") continue;
$type = explode("/", $file);
$type = $type[0];
if ($type != $this->type) continue;
$path = "{$this->config['uploadDir']}/$file";
if (!$this->checkFilePath($path)) continue;
$base = basename($file);
$replace = array('file' => $this->htmlData($base));
$ext = file::getExtension($base);
if (!file_exists($path))
$error[] = $this->label("The file '{file}' does not exist.", $replace);
elseif (substr($base, 0, 1) == ".")
$error[] = $this->htmlData($base) . ": " . $this->label("File name shouldn't begins with '.'");
elseif (!$this->validateExtension($ext, $type))
$error[] = $this->htmlData($base) . ": " . $this->label("Denied file extension.");
elseif (file_exists("$dir/$base"))
$error[] = $this->htmlData($base) . ": " . $this->label("A file or folder with that name already exists.");
elseif (!is_readable($path) || !is_file($path))
$error[] = $this->label("Cannot read '{file}'.", $replace);
elseif (!@copy($path, "$dir/$base"))
$error[] = $this->label("Cannot copy '{file}'.", $replace);
else {
if (function_exists("chmod"))
@chmod("$dir/$base", $this->config['filePerms']);
$fromThumb = "{$this->thumbsDir}/$file";
if (is_file($fromThumb) && is_readable($fromThumb)) {
$toThumb = "{$this->thumbsTypeDir}/{$_POST['dir']}";
if (!is_dir($toThumb))
@mkdir($toThumb, $this->config['dirPerms'], true);
$toThumb .= "/$base";
@copy($fromThumb, $toThumb);
}
}
}
if (count($error))
return json_encode(array('error' => $error));
return true;
}
protected function act_mv_cbd() {
$dir = $this->postDir();
if (!$this->config['access']['files']['move'] ||
!isset($_POST['dir']) ||
!is_dir($dir) || !is_readable($dir) || !dir::isWritable($dir) ||
!isset($_POST['files']) || !is_array($_POST['files']) ||
!count($_POST['files'])
)
$this->errorMsg("Unknown error.");
$error = array();
foreach($_POST['files'] as $file) {
$file = path::normalize($file);
if (substr($file, 0, 1) == ".") continue;
$type = explode("/", $file);
$type = $type[0];
if ($type != $this->type) continue;
$path = "{$this->config['uploadDir']}/$file";
if (!$this->checkFilePath($path)) continue;
$base = basename($file);
$replace = array('file' => $this->htmlData($base));
$ext = file::getExtension($base);
if (!file_exists($path))
$error[] = $this->label("The file '{file}' does not exist.", $replace);
elseif (substr($base, 0, 1) == ".")
$error[] = $this->htmlData($base) . ": " . $this->label("File name shouldn't begins with '.'");
elseif (!$this->validateExtension($ext, $type))
$error[] = $this->htmlData($base) . ": " . $this->label("Denied file extension.");
elseif (file_exists("$dir/$base"))
$error[] = $this->htmlData($base) . ": " . $this->label("A file or folder with that name already exists.");
elseif (!is_readable($path) || !is_file($path))
$error[] = $this->label("Cannot read '{file}'.", $replace);
elseif (!file::isWritable($path) || !@rename($path, "$dir/$base"))
$error[] = $this->label("Cannot move '{file}'.", $replace);
else {
if (function_exists("chmod"))
@chmod("$dir/$base", $this->config['filePerms']);
$fromThumb = "{$this->thumbsDir}/$file";
if (is_file($fromThumb) && is_readable($fromThumb)) {
$toThumb = "{$this->thumbsTypeDir}/{$_POST['dir']}";
if (!is_dir($toThumb))
@mkdir($toThumb, $this->config['dirPerms'], true);
$toThumb .= "/$base";
@rename($fromThumb, $toThumb);
}
}
}
if (count($error))
return json_encode(array('error' => $error));
return true;
}
protected function act_rm_cbd() {
if (!$this->config['access']['files']['delete'] ||
!isset($_POST['files']) ||
!is_array($_POST['files']) ||
!count($_POST['files'])
)
$this->errorMsg("Unknown error.");
$error = array();
foreach($_POST['files'] as $file) {
$file = path::normalize($file);
if (substr($file, 0, 1) == ".") continue;
$type = explode("/", $file);
$type = $type[0];
if ($type != $this->type) continue;
$path = "{$this->config['uploadDir']}/$file";
if (!$this->checkFilePath($path)) continue;
$base = basename($file);
$replace = array('file' => $this->htmlData($base));
if (!is_file($path))
$error[] = $this->label("The file '{file}' does not exist.", $replace);
elseif (!@unlink($path))
$error[] = $this->label("Cannot delete '{file}'.", $replace);
else {
$thumb = "{$this->thumbsDir}/$file";
if (is_file($thumb)) @unlink($thumb);
}
}
if (count($error))
return json_encode(array('error' => $error));
return true;
}
protected function act_downloadDir() {
$dir = $this->postDir();
if (!isset($_POST['dir']) || $this->config['denyZipDownload'])
$this->errorMsg("Unknown error.");
$filename = basename($dir) . ".zip";
do {
$file = md5(time() . session_id());
$file = "{$this->config['uploadDir']}/$file.zip";
} while (file_exists($file));
new zipFolder($file, $dir);
header("Content-Type: application/x-zip");
header('Content-Disposition: attachment; filename="' . str_replace('"', "_", $filename) . '"');
header("Content-Length: " . filesize($file));
readfile($file);
unlink($file);
die;
}
protected function act_downloadSelected() {
$dir = $this->postDir();
if (!isset($_POST['dir']) ||
!isset($_POST['files']) ||
!is_array($_POST['files']) ||
$this->config['denyZipDownload']
)
$this->errorMsg("Unknown error.");
$zipFiles = array();
foreach ($_POST['files'] as $file) {
$file = path::normalize($file);
if ((substr($file, 0, 1) == ".") || (strpos($file, '/') !== false))
continue;
$file = "$dir/$file";
if (!is_file($file) || !is_readable($file) || !$this->checkFilePath($file))
continue;
$zipFiles[] = $file;
}
do {
$file = md5(time() . session_id());
$file = "{$this->config['uploadDir']}/$file.zip";
} while (file_exists($file));
$zip = new \ZipArchive();
$res = $zip->open($file, \ZipArchive::CREATE);
if ($res === TRUE) {
foreach ($zipFiles as $cfile)
$zip->addFile($cfile, basename($cfile));
$zip->close();
}
header("Content-Type: application/x-zip");
header('Content-Disposition: attachment; filename="selected_files_' . basename($file) . '"');
header("Content-Length: " . filesize($file));
readfile($file);
unlink($file);
die;
}
protected function act_downloadClipboard() {
if (!isset($_POST['files']) ||
!is_array($_POST['files']) ||
$this->config['denyZipDownload']
)
$this->errorMsg("Unknown error.");
$zipFiles = array();
foreach ($_POST['files'] as $file) {
$file = path::normalize($file);
if ((substr($file, 0, 1) == "."))
continue;
$type = explode("/", $file);
$type = $type[0];
if ($type != $this->type)
continue;
$file = $this->config['uploadDir'] . "/$file";
if (!is_file($file) || !is_readable($file) || !$this->checkFilePath($file))
continue;
$zipFiles[] = $file;
}
do {
$file = md5(time() . session_id());
$file = "{$this->config['uploadDir']}/$file.zip";
} while (file_exists($file));
$zip = new \ZipArchive();
$res = $zip->open($file, \ZipArchive::CREATE);
if ($res === TRUE) {
foreach ($zipFiles as $cfile)
$zip->addFile($cfile, basename($cfile));
$zip->close();
}
header("Content-Type: application/x-zip");
header('Content-Disposition: attachment; filename="clipboard_' . basename($file) . '"');
header("Content-Length: " . filesize($file));
readfile($file);
unlink($file);
die;
}
protected function act_check4Update() {
if ($this->config['denyUpdateCheck'])
return json_encode(array('version' => false));
// Caching HTTP request for 6 hours
if (isset($this->session['checkVersion']) &&
isset($this->session['checkVersionTime']) &&
((time() - $this->session['checkVersionTime']) < 21600)
)
return json_encode(array('version' => $this->session['checkVersion']));
$protocol = "http";
$host = "kcfinder.sunhater.com";
$port = 80;
$path = "/checkVersion.php";
$url = "$protocol://$host:$port$path";
$pattern = '/^\d+\.\d+$/';
$responsePattern = '/^[A-Z]+\/\d+\.\d+\s+\d+\s+OK\s*([a-zA-Z0-9\-]+\:\s*[^\n]*\n)*\s*(.*)\s*$/';
// file_get_contents()
if (ini_get("allow_url_fopen") &&
(false !== ($ver = file_get_contents($url))) &&
preg_match($pattern, $ver)
// HTTP extension
) {} elseif (
function_exists("http_get") &&
(false !== ($ver = @http_get($url))) &&
(
(
preg_match($responsePattern, $ver, $match) &&
false !== ($ver = $match[2])
) || true
) &&
preg_match($pattern, $ver)
// Curl extension
) {} elseif (
function_exists("curl_init") &&
(false !== ( $curl = @curl_init($url) )) &&
( @ob_start() || (@curl_close($curl) && false)) &&
( @curl_exec($curl) || (@curl_close($curl) && false)) &&
((false !== ( $ver = @ob_get_clean() )) || (@curl_close($curl) && false)) &&
( @curl_close($curl) || true ) &&
preg_match($pattern, $ver)
// Socket extension
) {} elseif (function_exists('socket_create')) {
$cmd =
"GET $path " . strtoupper($protocol) . "/1.1\r\n" .
"Host: $host\r\n" .
"Connection: Close\r\n\r\n";
if ((false !== ( $socket = @socket_create(AF_INET, SOCK_STREAM, SOL_TCP) )) &&
(false !== @socket_connect($socket, $host, $port) ) &&
(false !== @socket_write($socket, $cmd, strlen($cmd)) ) &&
(false !== ( $ver = @socket_read($socket, 2048) )) &&
preg_match($responsePattern, $ver, $match)
)
$ver = $match[2];
if (isset($socket) && is_resource($socket))
@socket_close($socket);
}
if (isset($ver) && preg_match($pattern, $ver)) {
$this->session['checkVersion'] = $ver;
$this->session['checkVersionTime'] = time();
return json_encode(array('version' => $ver));
} else
return json_encode(array('version' => false));
}
protected function moveUploadFile($file, $dir) {
$message = $this->checkUploadedFile($file);
if ($message !== true) {
if (isset($file['tmp_name']))
@unlink($file['tmp_name']);
return "{$file['name']}: $message";
}
$filename = $this->normalizeFilename($file['name']);
$target = "$dir/" . file::getInexistantFilename($filename, $dir);
if (!@move_uploaded_file($file['tmp_name'], $target) &&
!@rename($file['tmp_name'], $target) &&
!@copy($file['tmp_name'], $target)
) {
@unlink($file['tmp_name']);
return $this->htmlData($file['name']) . ": " . $this->label("Cannot move uploaded file to target folder.");
} elseif (function_exists('chmod'))
chmod($target, $this->config['filePerms']);
$this->makeThumb($target);
return "/" . basename($target);
}
protected function sendDefaultThumb($file=null) {
if ($file !== null) {
$ext = file::getExtension($file);
$thumb = "themes/{$this->config['theme']}/img/files/big/$ext.png";
}
if (!isset($thumb) || !file_exists($thumb))
$thumb = "themes/{$this->config['theme']}/img/files/big/..png";
header("Content-Type: image/png");
readfile($thumb);
die;
}
protected function getFiles($dir) {
$thumbDir = "{$this->config['uploadDir']}/{$this->config['thumbsDir']}/$dir";
$dir = "{$this->config['uploadDir']}/$dir";
$return = array();
$files = dir::content($dir, array('types' => "file"));
if ($files === false)
return $return;
foreach ($files as $file) {
$img = new fastImage($file);
$type = $img->getType();
if ($type !== false) {
$size = $img->getSize($file);
if (is_array($size) && count($size)) {
$thumb_file = "$thumbDir/" . basename($file);
if (!is_file($thumb_file))
$this->makeThumb($file, false);
$smallThumb =
($size[0] <= $this->config['thumbWidth']) &&
($size[1] <= $this->config['thumbHeight']) &&
in_array($type, array("gif", "jpeg", "png"));
} else
$smallThumb = false;
} else
$smallThumb = false;
$img->close();
$stat = stat($file);
if ($stat === false) continue;
$name = basename($file);
$ext = file::getExtension($file);
$bigIcon = file_exists("themes/{$this->config['theme']}/img/files/big/$ext.png");
$smallIcon = file_exists("themes/{$this->config['theme']}/img/files/small/$ext.png");
$thumb = file_exists("$thumbDir/$name");
$return[] = array(
'name' => stripcslashes($name),
'size' => $stat['size'],
'mtime' => $stat['mtime'],
'date' => @strftime($this->dateTimeSmall, $stat['mtime']),
'readable' => is_readable($file),
'writable' => file::isWritable($file),
'bigIcon' => $bigIcon,
'smallIcon' => $smallIcon,
'thumb' => $thumb,
'smallThumb' => $smallThumb
);
}
return $return;
}
protected function getTree($dir, $index=0) {
$path = explode("/", $dir);
$pdir = "";
for ($i = 0; ($i <= $index && $i < count($path)); $i++)
$pdir .= "/{$path[$i]}";
if (strlen($pdir))
$pdir = substr($pdir, 1);
$fdir = "{$this->config['uploadDir']}/$pdir";
$dirs = $this->getDirs($fdir);
if (is_array($dirs) && count($dirs) && ($index <= count($path) - 1)) {
foreach ($dirs as $i => $cdir) {
if ($cdir['hasDirs'] &&
(
($index == count($path) - 1) ||
($cdir['name'] == $path[$index + 1])
)
) {
$dirs[$i]['dirs'] = $this->getTree($dir, $index + 1);
if (!is_array($dirs[$i]['dirs']) || !count($dirs[$i]['dirs'])) {
unset($dirs[$i]['dirs']);
continue;
}
}
}
} else
return false;
return $dirs;
}
protected function postDir($existent=true) {
$dir = $this->typeDir;
if (isset($_POST['dir']))
$dir .= "/" . $_POST['dir'];
if (!$this->checkFilePath($dir))
$this->errorMsg("Unknown error.");
if ($existent && (!is_dir($dir) || !is_readable($dir)))
$this->errorMsg("Inexistant or inaccessible folder.");
return $dir;
}
protected function getDir($existent=true) {
$dir = $this->typeDir;
if (isset($_GET['dir']))
$dir .= "/" . $_GET['dir'];
if (!$this->checkFilePath($dir))
$this->errorMsg("Unknown error.");
if ($existent && (!is_dir($dir) || !is_readable($dir)))
$this->errorMsg("Inexistant or inaccessible folder.");
return $dir;
}
protected function getDirs($dir) {
$dirs = dir::content($dir, array('types' => "dir"));
$return = array();
if (is_array($dirs)) {
$writable = dir::isWritable($dir);
foreach ($dirs as $cdir) {
$info = $this->getDirInfo($cdir);
if ($info === false) continue;
$info['removable'] = $writable && $info['writable'];
$return[] = $info;
}
}
return $return;
}
protected function getDirInfo($dir, $removable=false) {
if ((substr(basename($dir), 0, 1) == ".") || !is_dir($dir) || !is_readable($dir))
return false;
$dirs = dir::content($dir, array('types' => "dir"));
if (is_array($dirs)) {
foreach ($dirs as $key => $cdir)
if (substr(basename($cdir), 0, 1) == ".")
unset($dirs[$key]);
$hasDirs = count($dirs) ? true : false;
} else
$hasDirs = false;
$writable = dir::isWritable($dir);
$info = array(
'name' => stripslashes(basename($dir)),
'readable' => is_readable($dir),
'writable' => $writable,
'removable' => $removable && $writable && dir::isWritable(dirname($dir)),
'hasDirs' => $hasDirs
);
if ($dir == "{$this->config['uploadDir']}/{$this->session['dir']}")
$info['current'] = true;
return $info;
}
protected function output($data=null, $template=null) {
if (!is_array($data)) $data = array();
if ($template === null)
$template = $this->action;
if (file_exists("tpl/tpl_$template.php")) {
ob_start();
$eval = "unset(\$data);unset(\$template);unset(\$eval);";
$_ = $data;
foreach (array_keys($data) as $key)
if (preg_match('/^[a-z\d_]+$/i', $key))
$eval .= "\$$key=\$_['$key'];";
$eval .= "unset(\$_);require \"tpl/tpl_$template.php\";";
eval($eval);
return ob_get_clean();
}
return "";
}
protected function errorMsg($message, array $data=null) {
if (in_array($this->action, array("thumb", "upload", "download", "downloadDir")))
die($this->label($message, $data));
if (($this->action === null) || ($this->action == "browser"))
$this->backMsg($message, $data);
else {
$message = $this->label($message, $data);
die(json_encode(array('error' => $message)));
}
}
protected function htmlData($str) {
return htmlentities($str, null, strtoupper($this->charset));
}
}
?>

114
metadata/include/kcfinder/core/class/minifier.php Normal file
View File

@ -0,0 +1,114 @@
<?php
/** This file is part of KCFinder project
*
* @desc Minify JS & CSS
* @package KCFinder
* @version 3.12
* @author Pavel Tzonkov <sunhater@sunhater.com>
* @copyright 2010-2014 KCFinder Project
* @license http://opensource.org/licenses/GPL-3.0 GPLv3
* @license http://opensource.org/licenses/LGPL-3.0 LGPLv3
* @link http://kcfinder.sunhater.com
*/
namespace kcfinder;
class minifier {
protected $config;
protected $type = "js";
protected $minCmd = "";
protected $mime = array(
'js' => "text/javascript",
'css' => "text/css"
);
public function __construct($type=null) {
require "conf/config.php";
$this->config = $_CONFIG;
$type = strtolower($type);
if (isset($this->mime[$type]))
$this->type = $type;
if (isset($_CONFIG["_{$this->type}MinCmd"]))
$this->minCmd = $_CONFIG["_{$this->type}MinCmd"];
}
public function minify($cacheFile=null, $dir=null) {
if ($dir === null)
$dir = dirname($_SERVER['SCRIPT_FILENAME']);
// MODIFICATION TIME FILES
$mtFiles = array(
__FILE__,
$_SERVER['SCRIPT_FILENAME'],
"conf/config.php"
);
// GET SOURCE CODE FILES
$files = dir::content($dir, array(
'types' => "file",
'pattern' => '/^.*\.' . $this->type . '$/'
));
// GET NEWEST MODIFICATION TIME
$mtime = 0;
foreach (array_merge($mtFiles, $files) as $file) {
$fmtime = filemtime($file);
if ($fmtime > $mtime)
$mtime = $fmtime;
}
$header = "Content-Type: {$this->mime[$this->type]}";
// GET SOURCE CODE FROM CLIENT HTTP CACHE IF EXISTS
httpCache::checkMTime($mtime, $header);
// OUTPUT SOURCE CODE
header($header);
// GET SOURCE CODE FROM SERVER-SIDE CACHE
if (($cacheFile !== null) &&
file_exists($cacheFile) &&
(
(filemtime($cacheFile) >= $mtime) ||
!is_writable($cacheFile) // if cache file cannot be modified
) // the script will output it always
) { // with its distribution content
readfile($cacheFile);
die;
}
// MINIFY AND JOIN SOURCE CODE
$source = "";
foreach ($files as $file) {
if (strlen($this->minCmd) && (substr($file, 4, 1) != "_")) {
$cmd = str_replace("{file}", $file, $this->minCmd);
$source .= `$cmd`;
} else
$source .= file_get_contents($file);
}
// UPDATE SERVER-SIDE CACHE
if (($cacheFile !== null) &&
(
is_writable($cacheFile) ||
(
!file_exists($cacheFile) &&
dir::isWritable(dirname($cacheFile))
)
)
) {
file_put_contents($cacheFile, $source);
touch($cacheFile, $mtime);
}
// OUTPUT SOURCE CODE
echo $source;
}
}
?>

817
metadata/include/kcfinder/core/class/uploader.php Normal file
View File

@ -0,0 +1,817 @@
<?php
/** This file is part of KCFinder project
*
* @desc Uploader class
* @package KCFinder
* @version 3.12
* @author Pavel Tzonkov <sunhater@sunhater.com>
* @copyright 2010-2014 KCFinder Project
* @license http://opensource.org/licenses/GPL-3.0 GPLv3
* @license http://opensource.org/licenses/LGPL-3.0 LGPLv3
* @link http://kcfinder.sunhater.com
*/
namespace kcfinder;
class uploader {
/** Release version */
const VERSION = "3.12";
/** Config session-overrided settings
* @var array */
protected $config = array();
/** Default image driver
* @var string */
protected $imageDriver = "gd";
/** Opener applocation properties
* @var array */
protected $opener = array();
/** Got from $_GET['type'] or first one $config['types'] array key, if inexistant
* @var string */
protected $type;
/** Helper property. Local filesystem path to the Type Directory
* Equivalent: $config['uploadDir'] . "/" . $type
* @var string */
protected $typeDir;
/** Helper property. Web URL to the Type Directory
* Equivalent: $config['uploadURL'] . "/" . $type
* @var string */
protected $typeURL;
/** Linked to $config['types']
* @var array */
protected $types = array();
/** Settings which can override default settings if exists as keys in $config['types'][$type] array
* @var array */
protected $typeSettings = array('disabled', 'theme', 'dirPerms', 'filePerms', 'denyZipDownload', 'maxImageWidth', 'maxImageHeight', 'thumbWidth', 'thumbHeight', 'jpegQuality', 'access', 'filenameChangeChars', 'dirnameChangeChars', 'denyExtensionRename', 'deniedExts', 'watermark');
/** Got from language file
* @var string */
protected $charset;
/** The language got from $_GET['lng'] or $_GET['lang'] or... Please see next property
* @var string */
protected $lang = "en";
/** Possible language $_GET keys
* @var array */
protected $langInputNames = array('lang', 'langCode', 'lng', 'language', 'lang_code');
/** Uploaded file(s) info. Linked to first $_FILES element
* @var array */
protected $file;
/** Next three properties are got from the current language file
* @var string */
protected $dateTimeFull; // Currently not used
protected $dateTimeMid; // Currently not used
protected $dateTimeSmall;
/** Contain Specified language labels
* @var array */
protected $labels = array();
/** Session array. Please use this property instead of $_SESSION
* @var array */
protected $session;
/** CMS integration property (got from $_GET['cms'])
* @var string */
protected $cms = "";
/** Magic method which allows read-only access to protected or private class properties
* @param string $property
* @return mixed */
public function __get($property) {
return property_exists($this, $property) ? $this->$property : null;
}
public function __construct() {
// SET CMS INTEGRATION PROPERTY
if (isset($_GET['cms']) &&
$this->checkFilename($_GET['cms']) &&
is_file("integration/{$_GET['cms']}.php")
)
$this->cms = $_GET['cms'];
// LINKING UPLOADED FILE
if (count($_FILES))
$this->file = &$_FILES[key($_FILES)];
// LOAD DEFAULT CONFIGURATION
require "conf/config.php";
// SETTING UP SESSION
if (!session_id()) {
if (isset($_CONFIG['_sessionLifetime']))
ini_set('session.gc_maxlifetime', $_CONFIG['_sessionLifetime'] * 60);
if (isset($_CONFIG['_sessionDir']))
ini_set('session.save_path', $_CONFIG['_sessionDir']);
if (isset($_CONFIG['_sessionDomain']))
ini_set('session.cookie_domain', $_CONFIG['_sessionDomain']);
session_start();
}
// LOAD SESSION CONFIGURATION IF EXISTS
$this->config = $_CONFIG;
$sessVar = "_sessionVar";
if (isset($_CONFIG[$sessVar])) {
$sessVar = $_CONFIG[$sessVar];
if (!isset($_SESSION[$sessVar]))
$_SESSION[$sessVar] = array();
$sessVar = &$_SESSION[$sessVar];
if (!is_array($sessVar))
$sessVar = array();
foreach ($sessVar as $key => $val)
if ((substr($key, 0, 1) != "_") && isset($_CONFIG[$key]))
$this->config[$key] = $val;
if (!isset($sessVar['self']))
$sessVar['self'] = array();
$this->session = &$sessVar['self'];
} else
$this->session = &$_SESSION;
// SECURING THE SESSION
$stamp = array(
'ip' => $_SERVER['REMOTE_ADDR'],
'agent' => md5($_SERVER['HTTP_USER_AGENT'])
);
if (!isset($this->session['stamp']))
$this->session['stamp'] = $stamp;
elseif (!is_array($this->session['stamp']) || ($this->session['stamp'] !== $stamp)) {
if ($this->session['stamp']['ip'] === $stamp['ip'])
session_destroy();
die;
}
// IMAGE DRIVER INIT
if (isset($this->config['imageDriversPriority'])) {
$this->config['imageDriversPriority'] =
text::clearWhitespaces($this->config['imageDriversPriority']);
$driver = image::getDriver(explode(' ', $this->config['imageDriversPriority']));
if ($driver !== false)
$this->imageDriver = $driver;
}
if ((!isset($driver) || ($driver === false)) &&
(image::getDriver(array($this->imageDriver)) === false)
)
die("Cannot find any of the supported PHP image extensions!");
// WATERMARK INIT
if (isset($this->config['watermark']) && is_string($this->config['watermark']))
$this->config['watermark'] = array('file' => $this->config['watermark']);
// GET TYPE DIRECTORY
$this->types = &$this->config['types'];
$firstType = array_keys($this->types);
$firstType = $firstType[0];
$this->type = (
isset($_GET['type']) &&
isset($this->types[$_GET['type']])
)
? $_GET['type'] : $firstType;
// LOAD TYPE DIRECTORY SPECIFIC CONFIGURATION IF EXISTS
if (is_array($this->types[$this->type])) {
foreach ($this->types[$this->type] as $key => $val)
if (in_array($key, $this->typeSettings))
$this->config[$key] = $val;
$this->types[$this->type] = isset($this->types[$this->type]['type'])
? $this->types[$this->type]['type'] : "";
}
// COOKIES INIT
$ip = '(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)';
$ip = '/^' . implode('\.', array($ip, $ip, $ip, $ip)) . '$/';
if (preg_match($ip, $_SERVER['HTTP_HOST']) ||
preg_match('/^[^\.]+$/', $_SERVER['HTTP_HOST'])
)
$this->config['cookieDomain'] = "";
elseif (!strlen($this->config['cookieDomain']))
$this->config['cookieDomain'] = $_SERVER['HTTP_HOST'];
if (!strlen($this->config['cookiePath']))
$this->config['cookiePath'] = "/";
// UPLOAD FOLDER INIT
// FULL URL
if (preg_match('/^([a-z]+)\:\/\/([^\/^\:]+)(\:(\d+))?\/(.+)\/?$/',
$this->config['uploadURL'], $patt)
) {
list($unused, $protocol, $domain, $unused, $port, $path) = $patt;
$path = path::normalize($path);
$this->config['uploadURL'] = "$protocol://$domain" . (strlen($port) ? ":$port" : "") . "/$path";
$this->config['uploadDir'] = strlen($this->config['uploadDir'])
? path::normalize($this->config['uploadDir'])
: path::url2fullPath("/$path");
$this->typeDir = "{$this->config['uploadDir']}/{$this->type}";
$this->typeURL = "{$this->config['uploadURL']}/{$this->type}";
// SITE ROOT
} elseif ($this->config['uploadURL'] == "/") {
$this->config['uploadDir'] = strlen($this->config['uploadDir'])
? path::normalize($this->config['uploadDir'])
: path::normalize($_SERVER['DOCUMENT_ROOT']);
$this->typeDir = "{$this->config['uploadDir']}/{$this->type}";
$this->typeURL = "/{$this->type}";
// ABSOLUTE & RELATIVE
} else {
$this->config['uploadURL'] = (substr($this->config['uploadURL'], 0, 1) === "/")
? path::normalize($this->config['uploadURL'])
: path::rel2abs_url($this->config['uploadURL']);
$this->config['uploadDir'] = strlen($this->config['uploadDir'])
? path::normalize($this->config['uploadDir'])
: path::url2fullPath($this->config['uploadURL']);
$this->typeDir = "{$this->config['uploadDir']}/{$this->type}";
$this->typeURL = "{$this->config['uploadURL']}/{$this->type}";
}
// HOST APPLICATIONS INIT
if (isset($_GET['CKEditorFuncNum'])) {
$this->opener['name'] = "ckeditor";
$this->opener['CKEditor'] = array('funcNum' => $_GET['CKEditorFuncNum']);
} elseif (isset($_GET['opener'])) {
$this->opener['name'] = $_GET['opener'];
if ($_GET['opener'] == "tinymce") {
if (!isset($this->config['_tinyMCEPath']) || !strlen($this->config['_tinyMCEPath']))
$this->opener['name'] = false;
} elseif ($_GET['opener'] == "tinymce4") {
if (!isset($_GET['field']))
$this->opener['name'] = false;
else
$this->opener['TinyMCE'] = array('field' => $_GET['field']);
}
} else
$this->opener['name'] = false;
// LOCALIZATION
foreach ($this->langInputNames as $key)
if (isset($_GET[$key]) &&
preg_match('/^[a-z][a-z\._\-]*$/i', $_GET[$key]) &&
file_exists("lang/" . strtolower($_GET[$key]) . ".php")
) {
$this->lang = $_GET[$key];
break;
}
$this->localize($this->lang);
// IF BROWSER IS ENABLED
if (!$this->config['disabled']) {
// TRY TO CREATE UPLOAD DIRECTORY IF NOT EXISTS
if (!$this->config['disabled'] && !is_dir($this->config['uploadDir']))
@mkdir($this->config['uploadDir'], $this->config['dirPerms']);
// CHECK & MAKE DEFAULT .htaccess
if (isset($this->config['_check4htaccess']) &&
$this->config['_check4htaccess']
) {
$htaccess = "{$this->config['uploadDir']}/.htaccess";
$original = $this->get_htaccess();
if (!file_exists($htaccess)) {
if (!@file_put_contents($htaccess, $original))
$this->backMsg("Cannot write to upload folder. {$this->config['uploadDir']}");
} else {
if (false === ($data = @file_get_contents($htaccess)))
$this->backMsg("Cannot read .htaccess");
if (($data != $original) && !@file_put_contents($htaccess, $original))
$this->backMsg("Incorrect .htaccess file. Cannot rewrite it!");
}
}
// CHECK & CREATE UPLOAD FOLDER
if (!is_dir($this->typeDir)) {
if (!mkdir($this->typeDir, $this->config['dirPerms']))
$this->backMsg("Cannot create {dir} folder.", array('dir' => $this->type));
} elseif (!is_readable($this->typeDir))
$this->backMsg("Cannot read upload folder.");
}
}
public function upload() {
$config = &$this->config;
$file = &$this->file;
$url = $message = "";
if ($config['disabled'] || !$config['access']['files']['upload']) {
if (isset($file['tmp_name'])) @unlink($file['tmp_name']);
$message = $this->label("You don't have permissions to upload files.");
} elseif (true === ($message = $this->checkUploadedFile())) {
$message = "";
$dir = "{$this->typeDir}/";
if (isset($_GET['dir']) &&
(false !== ($gdir = $this->checkInputDir($_GET['dir'])))
) {
$udir = path::normalize("$dir$gdir");
if (substr($udir, 0, strlen($dir)) !== $dir)
$message = $this->label("Unknown error.");
else {
$l = strlen($dir);
$dir = "$udir/";
$udir = substr($udir, $l);
}
}
if (!strlen($message)) {
if (!is_dir(path::normalize($dir)))
@mkdir(path::normalize($dir), $this->config['dirPerms'], true);
$filename = $this->normalizeFilename($file['name']);
$target = file::getInexistantFilename($dir . $filename);
if (!@move_uploaded_file($file['tmp_name'], $target) &&
!@rename($file['tmp_name'], $target) &&
!@copy($file['tmp_name'], $target)
)
$message = $this->label("Cannot move uploaded file to target folder.");
else {
if (function_exists('chmod'))
@chmod($target, $this->config['filePerms']);
$this->makeThumb($target);
$url = $this->typeURL;
if (isset($udir)) $url .= "/$udir";
$url .= "/" . basename($target);
if (preg_match('/^([a-z]+)\:\/\/([^\/^\:]+)(\:(\d+))?\/(.+)$/', $url, $patt)) {
list($unused, $protocol, $domain, $unused, $port, $path) = $patt;
$base = "$protocol://$domain" . (strlen($port) ? ":$port" : "") . "/";
$url = $base . path::urlPathEncode($path);
} else
$url = path::urlPathEncode($url);
}
}
}
if (strlen($message) &&
isset($this->file['tmp_name']) &&
file_exists($this->file['tmp_name'])
)
@unlink($this->file['tmp_name']);
if (strlen($message) && method_exists($this, 'errorMsg'))
$this->errorMsg($message);
else
$this->callBack($url, $message);
}
protected function normalizeFilename($filename) {
if (isset($this->config['filenameChangeChars']) &&
is_array($this->config['filenameChangeChars'])
)
$filename = strtr($filename, $this->config['filenameChangeChars']);
if (isset($this->config['_normalizeFilenames']) && $this->config['_normalizeFilenames'])
$filename = file::normalizeFilename($filename);
return $filename;
}
protected function normalizeDirname($dirname) {
if (isset($this->config['dirnameChangeChars']) &&
is_array($this->config['dirnameChangeChars'])
)
$dirname = strtr($dirname, $this->config['dirnameChangeChars']);
if (isset($this->config['_normalizeFilenames']) && $this->config['_normalizeFilenames'])
$dirname = file::normalizeFilename($dirname);
return $dirname;
}
protected function checkFilePath($file) {
$rPath = realpath($file);
if (strtoupper(substr(PHP_OS, 0, 3)) == "WIN")
$rPath = str_replace("\\", "/", $rPath);
return (substr($rPath, 0, strlen($this->typeDir)) === $this->typeDir);
}
protected function checkFilename($file) {
if ((basename($file) !== $file) ||
(
isset($this->config['_normalizeFilenames']) &&
$this->config['_normalizeFilenames'] &&
preg_match('/[^0-9a-z\.\- _]/si', $file)
)
)
return false;
return true;
}
protected function checkUploadedFile(array $aFile=null) {
$config = &$this->config;
$file = ($aFile === null) ? $this->file : $aFile;
if (!is_array($file) || !isset($file['name']))
return $this->label("Unknown error");
if (is_array($file['name'])) {
foreach ($file['name'] as $i => $name) {
$return = $this->checkUploadedFile(array(
'name' => $name,
'tmp_name' => $file['tmp_name'][$i],
'error' => $file['error'][$i]
));
if ($return !== true)
return "$name: $return";
}
return true;
}
$extension = file::getExtension($file['name']);
$typePatt = strtolower(text::clearWhitespaces($this->types[$this->type]));
// CHECK FOR UPLOAD ERRORS
if ($file['error'])
return
($file['error'] == UPLOAD_ERR_INI_SIZE) ?
$this->label("The uploaded file exceeds {size} bytes.",
array('size' => ini_get('upload_max_filesize'))) : (
($file['error'] == UPLOAD_ERR_FORM_SIZE) ?
$this->label("The uploaded file exceeds {size} bytes.",
array('size' => $_GET['MAX_FILE_SIZE'])) : (
($file['error'] == UPLOAD_ERR_PARTIAL) ?
$this->label("The uploaded file was only partially uploaded.") : (
($file['error'] == UPLOAD_ERR_NO_FILE) ?
$this->label("No file was uploaded.") : (
($file['error'] == UPLOAD_ERR_NO_TMP_DIR) ?
$this->label("Missing a temporary folder.") : (
($file['error'] == UPLOAD_ERR_CANT_WRITE) ?
$this->label("Failed to write file.") :
$this->label("Unknown error.")
)))));
// HIDDEN FILENAMES CHECK
elseif (substr($file['name'], 0, 1) == ".")
return $this->label("File name shouldn't begins with '.'");
// EXTENSION CHECK
elseif (
(substr($file['name'], -1) == ".") ||
!$this->validateExtension($extension, $this->type)
)
return $this->label("Denied file extension.");
// SPECIAL DIRECTORY TYPES CHECK (e.g. *img)
elseif (preg_match('/^\*([^ ]+)(.*)?$/s', $typePatt, $patt)) {
list($typePatt, $type, $params) = $patt;
$class = __NAMESPACE__ . "\\type_$type";
if (class_exists($class)) {
$type = new $class();
$cfg = $config;
$cfg['filename'] = $file['name'];
if (strlen($params))
$cfg['params'] = trim($params);
$response = $type->checkFile($file['tmp_name'], $cfg);
if ($response !== true)
return $this->label($response);
} else
return $this->label("Non-existing directory type.");
}
// IMAGE RESIZE
$img = image::factory($this->imageDriver, $file['tmp_name']);
if (!$img->initError && !$this->imageResize($img, $file['tmp_name']))
return $this->label("The image is too big and/or cannot be resized.");
return true;
}
protected function checkInputDir($dir, $inclType=true, $existing=true) {
$dir = path::normalize($dir);
if (substr($dir, 0, 1) == "/")
$dir = substr($dir, 1);
if ((substr($dir, 0, 1) == ".") || (substr(basename($dir), 0, 1) == "."))
return false;
if ($inclType) {
$first = explode("/", $dir);
$first = $first[0];
if ($first != $this->type)
return false;
$return = $this->removeTypeFromPath($dir);
} else {
$return = $dir;
$dir = "{$this->type}/$dir";
}
if (!$existing)
return $return;
$path = "{$this->config['uploadDir']}/$dir";
return (is_dir($path) && is_readable($path)) ? $return : false;
}
protected function validateExtension($ext, $type) {
$ext = trim(strtolower($ext));
if (!isset($this->types[$type]))
return false;
$exts = strtolower(text::clearWhitespaces($this->config['deniedExts']));
if (strlen($exts)) {
$exts = explode(" ", $exts);
if (in_array($ext, $exts))
return false;
}
$exts = trim($this->types[$type]);
if (!strlen($exts) || substr($exts, 0, 1) == "*")
return true;
if (substr($exts, 0, 1) == "!") {
$exts = explode(" ", trim(strtolower(substr($exts, 1))));
return !in_array($ext, $exts);
}
$exts = explode(" ", trim(strtolower($exts)));
return in_array($ext, $exts);
}
protected function getTypeFromPath($path) {
return preg_match('/^([^\/]*)\/.*$/', $path, $patt)
? $patt[1] : $path;
}
protected function removeTypeFromPath($path) {
return preg_match('/^[^\/]*\/(.*)$/', $path, $patt)
? $patt[1] : "";
}
protected function imageResize($image, $file=null) {
if (!($image instanceof image)) {
$img = image::factory($this->imageDriver, $image);
if ($img->initError) return false;
$file = $image;
} elseif ($file === null)
return false;
else
$img = $image;
$orientation = 1;
if (function_exists("exif_read_data")) {
$orientation = @exif_read_data($file);
$orientation = isset($orientation['Orientation']) ? $orientation['Orientation'] : 1;
}
// IMAGE WILL NOT BE RESIZED WHEN NO WATERMARK AND SIZE IS ACCEPTABLE
if ((
!isset($this->config['watermark']['file']) ||
(!strlen(trim($this->config['watermark']['file'])))
) && (
(
!$this->config['maxImageWidth'] &&
!$this->config['maxImageHeight']
) || (
($img->width <= $this->config['maxImageWidth']) &&
($img->height <= $this->config['maxImageHeight'])
)
) &&
($orientation == 1)
)
return true;
// PROPORTIONAL RESIZE
if ((!$this->config['maxImageWidth'] || !$this->config['maxImageHeight'])) {
if ($this->config['maxImageWidth'] &&
($this->config['maxImageWidth'] < $img->width)
) {
$width = $this->config['maxImageWidth'];
$height = $img->getPropHeight($width);
} elseif (
$this->config['maxImageHeight'] &&
($this->config['maxImageHeight'] < $img->height)
) {
$height = $this->config['maxImageHeight'];
$width = $img->getPropWidth($height);
}
if (isset($width) && isset($height) && !$img->resize($width, $height))
return false;
// RESIZE TO FIT
} elseif (
$this->config['maxImageWidth'] && $this->config['maxImageHeight'] &&
!$img->resizeFit($this->config['maxImageWidth'], $this->config['maxImageHeight'])
)
return false;
// AUTO FLIP AND ROTATE FROM EXIF
if ((($orientation == 2) && !$img->flipHorizontal()) ||
(($orientation == 3) && !$img->rotate(180)) ||
(($orientation == 4) && !$img->flipVertical()) ||
(($orientation == 5) && (!$img->flipVertical() || !$img->rotate(90))) ||
(($orientation == 6) && !$img->rotate(90)) ||
(($orientation == 7) && (!$img->flipHorizontal() || !$img->rotate(90))) ||
(($orientation == 8) && !$img->rotate(270))
)
return false;
if (($orientation >= 2) && ($orientation <= 8) && ($this->imageDriver == "imagick"))
try {
$img->image->setImageProperty('exif:Orientation', "1");
} catch (\Exception $e) {}
// WATERMARK
if (isset($this->config['watermark']['file']) &&
is_file($this->config['watermark']['file'])
) {
$left = isset($this->config['watermark']['left'])
? $this->config['watermark']['left'] : false;
$top = isset($this->config['watermark']['top'])
? $this->config['watermark']['top'] : false;
$img->watermark($this->config['watermark']['file'], $left, $top);
}
// WRITE TO FILE
return $img->output("jpeg", array(
'file' => $file,
'quality' => $this->config['jpegQuality']
));
}
protected function makeThumb($file, $overwrite=true) {
$img = image::factory($this->imageDriver, $file);
// Drop files which are not images
if ($img->initError)
return true;
$fimg = new fastImage($file);
$type = $fimg->getType();
$fimg->close();
if ($type === false)
return true;
$thumb = substr($file, strlen($this->config['uploadDir']));
$thumb = $this->config['uploadDir'] . "/" . $this->config['thumbsDir'] . "/" . $thumb;
$thumb = path::normalize($thumb);
$thumbDir = dirname($thumb);
if (!is_dir($thumbDir) && !@mkdir($thumbDir, $this->config['dirPerms'], true))
return false;
if (!$overwrite && is_file($thumb))
return true;
// Images with smaller resolutions than thumbnails
if (($img->width <= $this->config['thumbWidth']) &&
($img->height <= $this->config['thumbHeight'])
) {
// Drop only browsable types
if (in_array($type, array("gif", "jpeg", "png")))
return true;
// Resize image
} elseif (!$img->resizeFit($this->config['thumbWidth'], $this->config['thumbHeight']))
return false;
// Save thumbnail
$options = array('file' => $thumb);
if ($type == "gif")
$type = "jpeg";
if ($type == "jpeg")
$options['quality'] = $this->config['jpegQuality'];
return $img->output($type, $options);
}
protected function localize($langCode) {
require "lang/{$langCode}.php";
setlocale(LC_ALL, $lang['_locale']);
$this->charset = $lang['_charset'];
$this->dateTimeFull = $lang['_dateTimeFull'];
$this->dateTimeMid = $lang['_dateTimeMid'];
$this->dateTimeSmall = $lang['_dateTimeSmall'];
unset($lang['_locale']);
unset($lang['_charset']);
unset($lang['_dateTimeFull']);
unset($lang['_dateTimeMid']);
unset($lang['_dateTimeSmall']);
$this->labels = $lang;
}
protected function label($string, array $data=null) {
$return = isset($this->labels[$string]) ? $this->labels[$string] : $string;
if (is_array($data))
foreach ($data as $key => $val)
$return = str_replace("{{$key}}", $val, $return);
return $return;
}
protected function backMsg($message, array $data=null) {
$message = $this->label($message, $data);
$tmp_name = isset($this->file['tmp_name']) ? $this->file['tmp_name'] : false;
if ($tmp_name) {
$tmp_name = (is_array($tmp_name) && isset($tmp_name[0]))
? $tmp_name[0]
: $tmp_name;
if (file_exists($tmp_name))
@unlink($tmp_name);
}
$this->callBack("", $message);
die;
}
protected function callBack($url, $message="") {
$message = text::jsValue($message);
if ((get_class($this) == "kcfinder\\browser") && ($this->action != "browser"))
return;
if (isset($this->opener['name'])) {
$method = "callBack_{$this->opener['name']}";
if (method_exists($this, $method))
$js = $this->$method($url, $message);
}
if (!isset($js))
$js = $this->callBack_default($url, $message);
header("Content-Type: text/html; charset={$this->charset}");
echo "<html><body>$js</body></html>";
}
protected function callBack_ckeditor($url, $message) {
$CKfuncNum = isset($this->opener['CKEditor']['funcNum']) ? $this->opener['CKEditor']['funcNum'] : 0;
if (!$CKfuncNum) $CKfuncNum = 0;
return "<script type='text/javascript'>
var par = window.parent,
op = window.opener,
o = (par && par.CKEDITOR) ? par : ((op && op.CKEDITOR) ? op : false);
if (o !== false) {
if (op) window.close();
o.CKEDITOR.tools.callFunction($CKfuncNum, '$url', '$message');
} else {
alert('$message');
if (op) window.close();
}
</script>";
}
protected function callBack_fckeditor($url, $message) {
$n = strlen($message) ? 1 : 0;
return "<script type='text/javascript'>
var par = window.parent,
op = window.opener,
o = (op && op.OnUploadCompleted) ? op.OnUploadCompleted : ((par && par.OnUploadCompleted) ? par.OnUploadCompleted : false);
if (o !== false) {
if (op) window.close();
o($n, '$url', '', '$message');
} else {
alert('$message');
if (op) window.close();
}
</script>";
}
protected function callBack_tinymce($url, $message) {
return $this->callBack_default($url, $message);
}
protected function callBack_tinymce4($url, $message) {
return $this->callBack_default($url, $message);
}
protected function callBack_default($url, $message) {
return "<script type='text/javascript'>
alert('$message');
if (window.opener) window.close();
</script>";
}
protected function get_htaccess() {
return file_get_contents("conf/upload.htaccess");
}
}
?>

33
metadata/include/kcfinder/core/types/type_img.php Normal file
View File

@ -0,0 +1,33 @@
<?php
/** This file is part of KCFinder project
*
* @desc Image detection class
* @package KCFinder
* @version 3.12
* @author Pavel Tzonkov <sunhater@sunhater.com>
* @copyright 2010-2014 KCFinder Project
* @license http://opensource.org/licenses/GPL-3.0 GPLv3
* @license http://opensource.org/licenses/LGPL-3.0 LGPLv3
* @link http://kcfinder.sunhater.com
*/
namespace kcfinder;
class type_img {
public function checkFile($file, array $config) {
$driver = isset($config['imageDriversPriority'])
? image::getDriver(explode(" ", $config['imageDriversPriority'])) : "gd";
$img = image::factory($driver, $file);
if ($img->initError)
return "Unknown image format/encoding.";
return true;
}
}
?>

49
metadata/include/kcfinder/core/types/type_mime.php Normal file
View File

@ -0,0 +1,49 @@
<?php
/** This file is part of KCFinder project
*
* @desc MIME type detection class
* @package KCFinder
* @version 3.12
* @author Pavel Tzonkov <sunhater@sunhater.com>
* @copyright 2010-2014 KCFinder Project
* @license http://opensource.org/licenses/GPL-3.0 GPLv3
* @license http://opensource.org/licenses/LGPL-3.0 LGPLv3
* @link http://kcfinder.sunhater.com
*/
namespace kcfinder;
class type_mime {
public function checkFile($file, array $config) {
if (!class_exists("finfo"))
return "Fileinfo PECL extension is missing.";
if (!isset($config['params']))
return "Undefined MIME types.";
$finfo = strlen($config['mime_magic'])
? new \finfo(FILEINFO_MIME, $config['mime_magic'])
: new \finfo(FILEINFO_MIME);
if (!$finfo)
return "Opening fileinfo database failed.";
$type = $finfo->file($file);
$type = substr($type, 0, strrpos($type, ";"));
$mimes = $config['params'];
if (substr($mimes, 0, 1) == "!") {
$mimes = trim(substr($mimes, 1));
return in_array($type , explode(" ", $mimes))
? "You can't upload such files."
: true;
}
return !in_array($type , explode(" ", $mimes))
? "You can't upload such files."
: true;
}
}
?>