author | Dan |
Sun, 10 May 2009 14:41:51 -0400 | |
changeset 957 | 6b7644fec887 |
parent 953 | 323c4cd1aa37 |
child 960 | e74741b8360b |
permissions | -rw-r--r-- |
0 | 1 |
<?php |
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
2 |
/**!info** |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
3 |
{ |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
4 |
"Plugin Name" : "plugin_specialupdownload_title", |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
5 |
"Plugin URI" : "http://enanocms.org/", |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
6 |
"Description" : "plugin_specialupdownload_desc", |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
7 |
"Author" : "Dan Fuhry", |
685
17ebe24cdf85
Rebranded as 1.1.5 (Caoineag alpha 5) and fixed a couple bugs related to CDN support in template_nodb and installerUI. Updated readme.
Dan
parents:
609
diff
changeset
|
8 |
"Version" : "1.1.5", |
519
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
9 |
"Author URI" : "http://enanocms.org/" |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
10 |
} |
94214ec0871c
Started work on the new plugin manager and associated management code. Very incomplete at this point and not usable.
Dan
parents:
504
diff
changeset
|
11 |
**!*/ |
0 | 12 |
|
13 |
/* |
|
14 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
parents:
721
diff
changeset
|
15 |
* Version 1.1.6 (Caoineag beta 1) |
536 | 16 |
* Copyright (C) 2006-2008 Dan Fuhry |
0 | 17 |
* SpecialUpdownload.php - handles uploading and downloading of user-uploaded files - possibly the most rigorously security-enforcing script in all of Enano, although sessions.php comes in a close second |
18 |
* |
|
19 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
20 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
21 |
* |
|
22 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
23 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
24 |
*/ |
|
25 |
||
26 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
27 |
||
593
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
parents:
590
diff
changeset
|
28 |
// $plugins->attachHook('session_started', 'SpecialUpDownload_paths_init();'); |
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
29 |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
30 |
function SpecialUpDownload_paths_init() |
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
31 |
{ |
0 | 32 |
global $paths; |
590
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
33 |
$paths->add_page(Array( |
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
34 |
'name'=>'specialpage_upload_file', |
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
35 |
'urlname'=>'UploadFile', |
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
36 |
'namespace'=>'Special', |
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
37 |
'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'', |
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
38 |
)); |
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
39 |
|
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
40 |
$paths->add_page(Array( |
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
41 |
'name'=>'specialpage_download_file', |
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
42 |
'urlname'=>'DownloadFile', |
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
43 |
'namespace'=>'Special', |
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
44 |
'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>1,'delvotes'=>0,'delvote_ips'=>'', |
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
45 |
)); |
03a60844c7c5
Several optimization changes including getting rid of a few eval()s. Added placeholder functions for the theme manager, which should be working now
Dan
parents:
564
diff
changeset
|
46 |
} |
0 | 47 |
|
48 |
function page_Special_UploadFile() |
|
49 |
{ |
|
50 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
366 | 51 |
global $lang; |
609
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
parents:
593
diff
changeset
|
52 |
global $cache; |
0 | 53 |
global $mime_types; |
366 | 54 |
if(getConfig('enable_uploads')!='1') { die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('upload_err_disabled_site') . '</p>'); } |
0 | 55 |
if ( !$session->get_permissions('upload_files') ) |
56 |
{ |
|
366 | 57 |
die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('upload_err_disabled_acl') . '</p>'); |
0 | 58 |
} |
59 |
if(isset($_POST['doit'])) |
|
60 |
{ |
|
61 |
if(isset($_FILES['data'])) |
|
62 |
{ |
|
63 |
$file =& $_FILES['data']; |
|
64 |
} |
|
65 |
else |
|
66 |
{ |
|
67 |
$file = false; |
|
68 |
} |
|
192
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
parents:
116
diff
changeset
|
69 |
if ( !is_array($file) ) |
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
parents:
116
diff
changeset
|
70 |
{ |
366 | 71 |
die_friendly($lang->get('upload_err_title'), '<p>' . $lang->get('upload_err_cant_get_file_meta') . '</p>'); |
192
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
parents:
116
diff
changeset
|
72 |
} |
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
73 |
if ( $file['size'] == 0 || $file['size'] > (int)getConfig('max_file_size', '256000') ) |
192
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
parents:
116
diff
changeset
|
74 |
{ |
366 | 75 |
die_friendly($lang->get('upload_err_title'), '<p>' . $lang->get('upload_err_too_big_or_small') . '</p>'); |
192
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
parents:
116
diff
changeset
|
76 |
} |
366 | 77 |
|
0 | 78 |
$types = fetch_allowed_extensions(); |
445 | 79 |
$ext = strtolower(substr($file['name'], strrpos($file['name'], '.')+1, strlen($file['name']))); |
192
9237767a23ae
Implemented cron image into Oxygen and St Patty as promised; fixed way-outdated version numbers in plugins
Dan
parents:
116
diff
changeset
|
80 |
if ( !isset($types[$ext]) || ( isset($types[$ext]) && !$types[$ext] ) ) |
0 | 81 |
{ |
366 | 82 |
die_friendly($lang->get('upload_err_title'), '<p>' . $lang->get('upload_err_banned_ext', array('ext' => htmlspecialchars($ext))) . '</p>'); |
0 | 83 |
} |
84 |
$type = $mime_types[$ext]; |
|
85 |
//$type = explode(';', $type); $type = $type[0]; |
|
86 |
//if(!in_array($type, $allowed_mime_types)) die_friendly('Upload failed', '<p>The file type "'.$type.'" is not allowed.</p>'); |
|
87 |
if($_POST['rename'] != '') |
|
88 |
{ |
|
89 |
$filename = $_POST['rename']; |
|
90 |
} |
|
91 |
else |
|
92 |
{ |
|
93 |
$filename = $file['name']; |
|
94 |
} |
|
95 |
$bad_chars = Array(':', '\\', '/', '<', '>', '|', '*', '?', '"', '#', '+'); |
|
96 |
foreach($bad_chars as $ch) |
|
97 |
{ |
|
366 | 98 |
if(strstr($filename, $ch) || preg_match('/^([ ]+)$/is', $filename)) |
99 |
{ |
|
100 |
die_friendly($lang->get('upload_err_title'), '<p>' . $lang->get('upload_err_banned_chars') . '</p>'); |
|
101 |
} |
|
0 | 102 |
} |
103 |
||
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents:
898
diff
changeset
|
104 |
$ns = namespace_factory($filename, 'File'); |
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents:
898
diff
changeset
|
105 |
$cdata = $ns->get_cdata(); |
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents:
898
diff
changeset
|
106 |
$is_protected = $cdata['really_protected']; |
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents:
898
diff
changeset
|
107 |
|
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents:
898
diff
changeset
|
108 |
if ( isPage($paths->get_pathskey($filename, 'File')) && !isset ( $_POST['update'] ) ) |
0 | 109 |
{ |
366 | 110 |
$upload_link = makeUrlNS('Special', 'UploadFile/'.$filename); |
111 |
die_friendly($lang->get('upload_err_title'), '<p>' . $lang->get('upload_err_already_exists', array('upload_link' => $upload_link)) . '</p>'); |
|
0 | 112 |
} |
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
parents:
898
diff
changeset
|
113 |
else if ( isset($_POST['update']) && $is_protected ) |
0 | 114 |
{ |
366 | 115 |
die_friendly($lang->get('upload_err_title'), '<p>' . $lang->get('upload_err_replace_protected') . '</p>'); |
0 | 116 |
} |
117 |
||
118 |
$utime = time(); |
|
119 |
||
721
bfde4d7402b1
Fixed filename not being sent through sanitize_page_id() during upload. Non-security.
Dan
parents:
685
diff
changeset
|
120 |
$filename = $db->escape(sanitize_page_id($filename)); |
0 | 121 |
$ext = substr($filename, strrpos($filename, '.'), strlen($filename)); |
122 |
$flen = filesize($file['tmp_name']); |
|
123 |
||
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents:
80
diff
changeset
|
124 |
$comments = ( isset($_POST['update']) ) ? $db->escape($_POST['comments']) : $db->escape(RenderMan::preprocess_text($_POST['comments'], false, false)); |
0 | 125 |
$chartag = sha1(microtime()); |
126 |
$urln = str_replace(' ', '_', $filename); |
|
127 |
||
481
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
128 |
$key = md5($filename . '_' . ( function_exists('md5_file') ? md5_file($file['tmp_name']) : file_get_contents($file['tmp_name']))); |
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
129 |
$targetname = ENANO_ROOT . '/files/' . $key . $ext; |
0 | 130 |
|
131 |
if(!@move_uploaded_file($file['tmp_name'], $targetname)) |
|
132 |
{ |
|
366 | 133 |
die_friendly($lang->get('upload_err_title'), '<p>' . $lang->get('upload_err_move_failed') . '</p>'); |
0 | 134 |
} |
135 |
||
136 |
if(getConfig('file_history') != '1') |
|
137 |
{ |
|
138 |
if(!$db->sql_query('DELETE FROM '.table_prefix.'files WHERE filename=\''.$filename.'\' LIMIT 1;')) $db->_die('The old file data could not be deleted.'); |
|
139 |
} |
|
140 |
if(!$db->sql_query('INSERT INTO '.table_prefix.'files(time_id,page_id,filename,size,mimetype,file_extension,file_key) VALUES('.$utime.', \''.$urln.'\', \''.$filename.'\', '.$flen.', \''.$type.'\', \''.$ext.'\', \''.$key.'\')')) $db->_die('The file data entry could not be inserted.'); |
|
141 |
if(!isset($_POST['update'])) |
|
142 |
{ |
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
143 |
if(!$db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.$utime.', \''.enano_date('d M Y h:i a').'\', \'page\', \'create\', \''.$session->username.'\', \''.$filename.'\', \''.'File'.'\');')) $db->_die('The page log could not be updated.'); |
0 | 144 |
if(!$db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,protected,delvotes,delvote_ips) VALUES(\''.$filename.'\', \''.$urln.'\', \'File\', 0, 0, \'\')')) $db->_die('The page listing entry could not be inserted.'); |
145 |
if(!$db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\''.$urln.'\', \'File\', \''.$comments.'\', \''.$chartag.'\')')) $db->_die('The page text entry could not be inserted.'); |
|
146 |
} |
|
147 |
else |
|
148 |
{ |
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
149 |
if(!$db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.$utime.', \''.enano_date('d M Y h:i a').'\', \'page\', \'reupload\', \''.$session->username.'\', \''.$filename.'\', \''.'File'.'\', \''.$comments.'\');')) $db->_die('The page log could not be updated.'); |
0 | 150 |
} |
609
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
parents:
593
diff
changeset
|
151 |
$cache->purge('page_meta'); |
366 | 152 |
die_friendly($lang->get('upload_success_title'), '<p>' . $lang->get('upload_success_body', array('file_link' => makeUrlNS('File', $filename))) . '</p>'); |
0 | 153 |
} |
154 |
else |
|
155 |
{ |
|
156 |
$template->header(); |
|
157 |
$fn = $paths->getParam(0); |
|
158 |
if ( $fn && !$session->get_permissions('upload_new_version') ) |
|
159 |
{ |
|
366 | 160 |
die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('upload_err_replace_denied') . '<p>'); |
0 | 161 |
} |
162 |
?> |
|
366 | 163 |
<p><?php echo $lang->get('upload_intro'); ?></p> |
164 |
<p><?php |
|
0 | 165 |
// Get the max file size, and format it in a way that is user-friendly |
366 | 166 |
|
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents:
801
diff
changeset
|
167 |
$fs = getConfig('max_file_size', '256000'); |
0 | 168 |
$fs = (int)$fs; |
169 |
if($fs >= 1048576) |
|
170 |
{ |
|
171 |
$fs = round($fs / 1048576, 1); |
|
366 | 172 |
$unitized = $fs . ' ' . $lang->get('etc_unit_megabytes_short'); |
0 | 173 |
} |
174 |
elseif($fs >= 1024) |
|
175 |
{ |
|
176 |
$fs = round($fs / 1024, 1); |
|
366 | 177 |
$unitized = $fs . ' ' . $lang->get('etc_unit_kilobytes_short'); |
0 | 178 |
} |
366 | 179 |
|
180 |
echo $lang->get('upload_max_filesize', array( |
|
181 |
'size' => $unitized |
|
182 |
)); |
|
183 |
?></p> |
|
0 | 184 |
<form action="<?php echo makeUrl($paths->page); ?>" method="post" enctype="multipart/form-data"> |
185 |
<table border="0" cellspacing="1" cellpadding="4"> |
|
366 | 186 |
<tr><td><?php echo $lang->get('upload_field_file'); ?></td><td><input name="data" type="file" size="40" /></td></tr> |
187 |
<tr><td><?php echo $lang->get('upload_field_renameto'); ?></td><td><input name="rename" type="text" size="40"<?php if($fn) echo ' value="'.$fn.'" readonly="readonly"'; ?> /></td></tr> |
|
0 | 188 |
<?php |
366 | 189 |
if(!$fn) echo '<tr><td>' . $lang->get('upload_field_comments') . '</td><td><textarea name="comments" rows="20" cols="60"></textarea></td></tr>'; |
190 |
else echo '<tr><td>' . $lang->get('upload_field_reason') . '</td><td><input name="comments" size="50" /></td></tr>'; |
|
0 | 191 |
?> |
192 |
<tr><td colspan="2" style="text-align: center"> |
|
193 |
<?php |
|
194 |
if($fn) |
|
195 |
echo '<input type="hidden" name="update" value="true" />'; |
|
196 |
?> |
|
366 | 197 |
<input type="submit" name="doit" value="<?php echo $lang->get('upload_btn_upload'); ?>" /> |
0 | 198 |
</td></tr> |
199 |
</table> |
|
200 |
</form> |
|
201 |
<?php |
|
202 |
$template->footer(); |
|
203 |
} |
|
242 | 204 |
} |
0 | 205 |
|
206 |
function page_Special_DownloadFile() |
|
207 |
{ |
|
208 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
366 | 209 |
global $lang; |
0 | 210 |
global $do_gzip; |
211 |
$filename = rawurldecode($paths->getParam(0)); |
|
212 |
$timeid = $paths->getParam(1); |
|
292
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
213 |
if ( $timeid && preg_match('#^([0-9]+)$#', (string)$timeid) ) |
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
214 |
{ |
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
215 |
$tid = ' AND time_id='.$timeid; |
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
216 |
} |
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
217 |
else |
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
218 |
{ |
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
219 |
$tid = ''; |
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
220 |
} |
721
bfde4d7402b1
Fixed filename not being sent through sanitize_page_id() during upload. Non-security.
Dan
parents:
685
diff
changeset
|
221 |
$filename = $db->escape(sanitize_page_id($filename)); |
bfde4d7402b1
Fixed filename not being sent through sanitize_page_id() during upload. Non-security.
Dan
parents:
685
diff
changeset
|
222 |
|
0 | 223 |
$q = $db->sql_query('SELECT page_id,size,mimetype,time_id,file_extension,file_key FROM '.table_prefix.'files WHERE filename=\''.$filename.'\''.$tid.' ORDER BY time_id DESC;'); |
292
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
224 |
if ( !$q ) |
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
225 |
{ |
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
226 |
$db->_die('The file data could not be selected.'); |
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
227 |
} |
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
228 |
if ( $db->numrows() < 1 ) |
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
229 |
{ |
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
230 |
header('HTTP/1.1 404 Not Found'); |
366 | 231 |
die_friendly($lang->get('upload_err_not_found_title'), '<p>' . $lang->get('upload_err_not_found_body', array('filename' => htmlspecialchars($filename))) . '</p>'); |
292
b3cfaf0a505c
Fixed highlighting in search results; changed search algorithm to give more score for terms found in page title; hopefully (hackishly) fixed login_key_cache getting too long
Dan
parents:
230
diff
changeset
|
232 |
} |
0 | 233 |
$row = $db->fetchrow(); |
234 |
$db->free_result(); |
|
235 |
||
236 |
// Check permissions |
|
237 |
$perms = $session->fetch_page_acl($row['page_id'], 'File'); |
|
238 |
if ( !$perms->get_permissions('read') ) |
|
239 |
{ |
|
366 | 240 |
die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>'); |
0 | 241 |
} |
242 |
||
481
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
243 |
$fname = ENANO_ROOT . '/files/' . $row['file_key'] . $row['file_extension']; |
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
244 |
if ( !file_exists($fname) ) |
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
245 |
{ |
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
246 |
$fname = ENANO_ROOT . '/files/' . $row['file_key'] . '_' . $row['time_id'] . $row['file_extension']; |
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
247 |
} |
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
248 |
if ( !file_exists($fname) ) |
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
249 |
{ |
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
250 |
die("Uploaded file $fname not found."); |
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
251 |
} |
230
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
252 |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
253 |
if ( isset($_GET['preview']) && substr($row['mimetype'], 0, 6) == 'image/' ) |
0 | 254 |
{ |
230
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
255 |
// Determine appropriate width and height |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
256 |
$width = ( isset($_GET['width']) ) ? intval($_GET['width'] ) : 320; |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
257 |
$height = ( isset($_GET['height']) ) ? intval($_GET['height']) : 320; |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
258 |
$cache_filename = ENANO_ROOT . "/cache/{$filename}-{$row['time_id']}-{$width}x{$height}{$row['file_extension']}"; |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
259 |
if ( file_exists($cache_filename) ) |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
260 |
{ |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
261 |
$fname = $cache_filename; |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
262 |
} |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
263 |
else |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
264 |
{ |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
265 |
$allow_scale = false; |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
266 |
$orig_fname = $fname; |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
267 |
// is caching enabled? |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
268 |
if ( getConfig('cache_thumbs') == '1' ) |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
269 |
{ |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
270 |
$fname = $cache_filename; |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
271 |
if ( is_writeable(dirname($fname)) ) |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
272 |
{ |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
273 |
$allow_scale = true; |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
274 |
} |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
275 |
} |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
276 |
else |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
277 |
{ |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
278 |
// Get a temporary file |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
279 |
// In this case, the file will not be cached and will be scaled each time it's requested |
481
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
458
diff
changeset
|
280 |
$temp_dir = sys_get_temp_dir(); |
230
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
281 |
// if tempnam() cannot use the specified directory name, it will fall back on the system default |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
282 |
$tempname = tempnam($temp_dir, $filename); |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
283 |
if ( $tempname && is_writeable($tempname) ) |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
284 |
{ |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
285 |
$allow_scale = true; |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
286 |
} |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
287 |
} |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
288 |
if ( $allow_scale ) |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
289 |
{ |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
290 |
$result = scale_image($orig_fname, $fname, $width, $height); |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
291 |
if ( !$result ) |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
292 |
$fname = $orig_fname; |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
293 |
} |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
294 |
else |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
295 |
{ |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
296 |
$fname = $orig_fname; |
0 | 297 |
} |
298 |
} |
|
299 |
} |
|
230
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
300 |
$handle = @fopen($fname, 'r'); |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
301 |
if ( !$handle ) |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
302 |
die('Can\'t open output file for reading'); |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
303 |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
304 |
$len = filesize($fname); |
0 | 305 |
header('Content-type: '.$row['mimetype']); |
230
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
306 |
if ( isset($_GET['download']) ) |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
307 |
{ |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
308 |
header('Content-disposition: attachment, filename="' . $filename . '";'); |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
309 |
} |
898
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents:
832
diff
changeset
|
310 |
if ( !@$GLOBALS['do_gzip'] ) |
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents:
832
diff
changeset
|
311 |
header('Content-length: ' . $len); |
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
parents:
832
diff
changeset
|
312 |
|
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents:
343
diff
changeset
|
313 |
header('Last-Modified: '.enano_date('r', $row['time_id'])); |
230
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
314 |
|
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
315 |
// using this method limits RAM consumption |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
316 |
while ( !feof($handle) ) |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
317 |
{ |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
318 |
echo fread($handle, 512000); |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
319 |
} |
3daa715e0f69
Alternate scaling using GD is implemented now; images will be scaled with ImageMagick if enabled and working; else, GD will be used. No UI changes to speak of, but a check in the installer will be added in a later commit
Dan
parents:
192
diff
changeset
|
320 |
fclose($handle); |
0 | 321 |
|
80
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
parents:
23
diff
changeset
|
322 |
gzip_output(); |
0 | 323 |
|
324 |
exit; |
|
325 |
||
326 |
} |
|
327 |
||
328 |
?> |