3 * FCKeditor - The text editor for internet
4 * Copyright (C) 2003-2006 Frederico Caldeira Knabben
6 * Licensed under the terms of the GNU Lesser General Public License:
7 * http://www.opensource.org/licenses/lgpl-license.php
9 * For further information visit:
10 * http://www.fckeditor.net/
12 * "Support Open Source software. What about a donation today?"
14 * File Name: upload.php
15 * This is the "File Uploader" for PHP.
18 * Frederico Caldeira Knabben (fredck@fckeditor.net)
24 // This is the function that sends the results of the uploading process.
25 function SendResults( $errorNumber, $fileUrl = '', $fileName = '', $customMsg = '' )
27 echo '<script type="text/javascript">' ;
28 echo 'window.parent.OnUploadCompleted(' . $errorNumber . ',"' . str_replace( '"', '\\"', $fileUrl ) . '","' . str_replace( '"', '\\"', $fileName ) . '", "' . str_replace( '"', '\\"', $customMsg ) . '") ;' ;
33 // Check if this uploader has been enabled.
34 if ( !$Config['Enabled'] )
35 SendResults( '1', '', '', 'This file uploader is disabled. Please check the "editor/filemanager/upload/php/config.php" file' ) ;
37 // Check if the file has been correctly uploaded.
38 if ( !isset( $_FILES['NewFile'] ) || is_null( $_FILES['NewFile']['tmp_name'] ) || $_FILES['NewFile']['name'] == '' )
39 SendResults( '202' ) ;
41 // Get the posted file.
42 $oFile = $_FILES['NewFile'] ;
44 // Get the uploaded file name extension.
45 $sFileName = $oFile['name'] ;
47 // Replace dots in the name with underscores (only one dot can be there... security issue).
48 if ( $Config['ForceSingleExtension'] )
49 $sFileName = preg_replace( '/\\.(?![^.]*$)/', '_', $sFileName ) ;
51 $sOriginalFileName = $sFileName ;
54 $sExtension = substr( $sFileName, ( strrpos($sFileName, '.') + 1 ) ) ;
55 $sExtension = strtolower( $sExtension ) ;
57 // The the file type (from the QueryString, by default 'File').
58 $sType = isset( $_GET['Type'] ) ? $_GET['Type'] : 'File' ;
60 // Check if it is an allowed type.
61 if ( !in_array( $sType, array('File','Image','Flash','Media') ) )
62 SendResults( 1, '', '', 'Invalid type specified' ) ;
64 // Get the allowed and denied extensions arrays.
65 $arAllowed = $Config['AllowedExtensions'][$sType] ;
66 $arDenied = $Config['DeniedExtensions'][$sType] ;
68 // Check if it is an allowed extension.
69 if ( ( count($arAllowed) > 0 && !in_array( $sExtension, $arAllowed ) ) || ( count($arDenied) > 0 && in_array( $sExtension, $arDenied ) ) )
70 SendResults( '202' ) ;
75 // Initializes the counter used to rename the file, if another one with the same name already exists.
78 // The the target directory.
79 if ( isset( $Config['UserFilesAbsolutePath'] ) && strlen( $Config['UserFilesAbsolutePath'] ) > 0 )
80 $sServerDir = $Config['UserFilesAbsolutePath'] ;
82 $sServerDir = GetRootPath() . $Config["UserFilesPath"] ;
86 // Compose the file path.
87 $sFilePath = $sServerDir . $sFileName ;
89 // If a file with that name already exists.
90 if ( is_file( $sFilePath ) )
93 $sFileName = RemoveExtension( $sOriginalFileName ) . '(' . $iCounter . ').' . $sExtension ;
94 $sErrorNumber = '201' ;
98 move_uploaded_file( $oFile['tmp_name'], $sFilePath ) ;
100 if ( is_file( $sFilePath ) )
102 $oldumask = umask(0) ;
103 chmod( $sFilePath, 0777 ) ;
107 $sFileUrl = $Config["UserFilesPath"] . $sFileName ;
113 SendResults( $sErrorNumber, $sFileUrl, $sFileName ) ;