XpressEngine Core  1.11.2
 All Classes Namespaces Files Functions Variables Pages
file.controller.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) NAVER <http://www.navercorp.com> */
7 class fileController extends file
8 {
13  function init()
14  {
15  }
16 
26  function procFileUpload()
27  {
29  $file_info = Context::get('Filedata');
30 
31  // An error appears if not a normally uploaded file
32  if(!is_uploaded_file($file_info['tmp_name'])) exit();
33 
34  // Basic variables setting
35  $oFileModel = getModel('file');
36  $editor_sequence = Context::get('editor_sequence');
37  $upload_target_srl = intval(Context::get('uploadTargetSrl'));
38  if(!$upload_target_srl) $upload_target_srl = intval(Context::get('upload_target_srl'));
40  // Exit a session if there is neither upload permission nor information
41  if(!$_SESSION['upload_info'][$editor_sequence]->enabled) exit();
42  // Extract from session information if upload_target_srl is not specified
43  if(!$upload_target_srl) $upload_target_srl = $_SESSION['upload_info'][$editor_sequence]->upload_target_srl;
44  // Create if upload_target_srl is not defined in the session information
45  if(!$upload_target_srl) $_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl = getNextSequence();
46 
47  $output = $this->insertFile($file_info, $module_srl, $upload_target_srl);
49  $this->add('file_srl',$output->get('file_srl'));
50  $this->add('file_size',$output->get('file_size'));
51  $this->add('direct_download',$output->get('direct_download'));
52  $this->add('source_filename',$output->get('source_filename'));
53  $this->add('download_url',$output->get('uploaded_filename'));
54  $this->add('upload_target_srl',$output->get('upload_target_srl'));
55  if($output->error != '0') $this->stop($output->message);
56  }
57 
64  {
65  // Basic variables setting
66  $editor_sequence = Context::get('editor_sequence');
67  $callback = Context::get('callback');
69  $upload_target_srl = intval(Context::get('uploadTargetSrl'));
70  if(!$upload_target_srl) $upload_target_srl = intval(Context::get('upload_target_srl'));
71 
72  // Exit a session if there is neither upload permission nor information
73  if(!$_SESSION['upload_info'][$editor_sequence]->enabled) exit();
74  // Extract from session information if upload_target_srl is not specified
75  if(!$upload_target_srl) $upload_target_srl = $_SESSION['upload_info'][$editor_sequence]->upload_target_srl;
76  // Create if upload_target_srl is not defined in the session information
77  if(!$upload_target_srl) $_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl = getNextSequence();
78 
79  // Delete and then attempt to re-upload if file_srl is requested
80  $file_srl = Context::get('file_srl');
81  if($file_srl)
82  {
83  $oFileModel = getModel('file');
84  $logged_info = Context::get('logged_info');
85  $file_info = $oFileModel->getFile($file_srl);
86  $file_grant = $oFileModel->getFileGrant($file_info, $logged_info);
87  if($file_info->file_srl == $file_srl && $file_grant->is_deletable)
88  {
89  $this->deleteFile($file_srl);
90  }
91  }
92 
93  $file_info = Context::get('Filedata');
94  // An error appears if not a normally uploaded file
95  if(is_uploaded_file($file_info['tmp_name'])) {
96  $output = $this->insertFile($file_info, $module_srl, $upload_target_srl);
97  Context::set('uploaded_fileinfo',$output);
98  }
99 
100  Context::set('layout','none');
101 
102  $this->setTemplatePath($this->module_path.'tpl');
103  $this->setTemplateFile('iframe');
104  }
105 
112  {
113  $file_srl = Context::get('file_srl');
114  $width = Context::get('width');
115  $height = Context::get('height');
116 
117  if(!$file_srl || !$width)
118  {
119  return new BaseObject(-1,'msg_invalid_request');
120  }
121 
122  $oFileModel = getModel('file');
123  $fileInfo = $oFileModel->getFile($file_srl);
124  if(!$fileInfo || $fileInfo->direct_download != 'Y')
125  {
126  return new BaseObject(-1,'msg_invalid_request');
127  }
128 
129  $source_src = $fileInfo->uploaded_filename;
130  $output_src = $source_src . '.resized' . strrchr($source_src,'.');
131 
132  if(!$height) $height = $width-1;
133 
134  if(FileHandler::createImageFile($source_src,$output_src,$width,$height,'','ratio'))
135  {
136  $output = new stdClass();
137  $output->info = getimagesize($output_src);
138  $output->src = $output_src;
139  }
140  else
141  {
142  return new BaseObject(-1,'msg_invalid_request');
143  }
144 
145  $this->add('resized_info',$output);
146  }
147 
179  function procFileDownload()
180  {
181  $oFileModel = getModel('file');
182 
183  if(isset($this->grant->access) && $this->grant->access !== true) return new BaseObject(-1, 'msg_not_permitted');
184 
185  $file_srl = Context::get('file_srl');
186  $sid = Context::get('sid');
187  $logged_info = Context::get('logged_info');
188  // Get file information from the DB
189  $columnList = array('file_srl', 'sid', 'isvalid', 'source_filename', 'module_srl', 'uploaded_filename', 'file_size', 'member_srl', 'upload_target_srl', 'upload_target_type');
190  $file_obj = $oFileModel->getFile($file_srl, $columnList);
191  // If the requested file information is incorrect, an error that file cannot be found appears
192  if($file_obj->file_srl!=$file_srl || $file_obj->sid!=$sid) return $this->stop('msg_file_not_found');
193  // Notify that file download is not allowed when standing-by(Only a top-administrator is permitted)
194  if($logged_info->is_admin != 'Y' && $file_obj->isvalid!='Y') return $this->stop('msg_not_permitted_download');
195  // File name
196  $filename = $file_obj->source_filename;
197  $file_module_config = $oFileModel->getFileModuleConfig($file_obj->module_srl);
198  // Not allow the file outlink
199  if($file_module_config->allow_outlink == 'N')
200  {
201  // Handles extension to allow outlink
202  if($file_module_config->allow_outlink_format)
203  {
204  $allow_outlink_format_array = array();
205  $allow_outlink_format_array = explode(',', $file_module_config->allow_outlink_format);
206  if(!is_array($allow_outlink_format_array)) $allow_outlink_format_array[0] = $file_module_config->allow_outlink_format;
207 
208  foreach($allow_outlink_format_array as $val)
209  {
210  $val = trim($val);
211  if(preg_match("/\.{$val}$/i", $filename))
212  {
213  $file_module_config->allow_outlink = 'Y';
214  break;
215  }
216  }
217  }
218  // Sites that outlink is allowed
219  if($file_module_config->allow_outlink != 'Y')
220  {
221  $referer = parse_url($_SERVER["HTTP_REFERER"]);
222  if($referer['host'] != $_SERVER['HTTP_HOST'])
223  {
224  if($file_module_config->allow_outlink_site)
225  {
226  $allow_outlink_site_array = array();
227  $allow_outlink_site_array = explode("\n", $file_module_config->allow_outlink_site);
228  if(!is_array($allow_outlink_site_array)) $allow_outlink_site_array[0] = $file_module_config->allow_outlink_site;
229 
230  foreach($allow_outlink_site_array as $val)
231  {
232  $site = parse_url(trim($val));
233  if($site['host'] == $referer['host'])
234  {
235  $file_module_config->allow_outlink = 'Y';
236  break;
237  }
238  }
239  }
240  }
241  else $file_module_config->allow_outlink = 'Y';
242  }
243  if($file_module_config->allow_outlink != 'Y') return $this->stop('msg_not_allowed_outlink');
244  }
245 
246  // Check if a permission for file download is granted
247  $downloadGrantCount = 0;
248  if(is_array($file_module_config->download_grant))
249  {
250  foreach($file_module_config->download_grant AS $value)
251  if($value) $downloadGrantCount++;
252  }
253 
254  if(is_array($file_module_config->download_grant) && $downloadGrantCount>0)
255  {
256  if(!Context::get('is_logged')) return $this->stop('msg_not_permitted_download');
257  $logged_info = Context::get('logged_info');
258  if($logged_info->is_admin != 'Y')
259  {
260  $oModuleModel =& getModel('module');
261  $columnList = array('module_srl', 'site_srl');
262  $module_info = $oModuleModel->getModuleInfoByModuleSrl($file_obj->module_srl, $columnList);
263 
264  if(!$oModuleModel->isSiteAdmin($logged_info, $module_info->site_srl))
265  {
266  $oMemberModel =& getModel('member');
267  $member_groups = $oMemberModel->getMemberGroups($logged_info->member_srl, $module_info->site_srl);
268 
269  $is_permitted = false;
270  for($i=0;$i<count($file_module_config->download_grant);$i++)
271  {
272  $group_srl = $file_module_config->download_grant[$i];
273  if($member_groups[$group_srl])
274  {
275  $is_permitted = true;
276  break;
277  }
278  }
279  if(!$is_permitted) return $this->stop('msg_not_permitted_download');
280  }
281  }
282  }
283  // Call a trigger (before)
284  $output = ModuleHandler::triggerCall('file.downloadFile', 'before', $file_obj);
285  if(!$output->toBool()) return $this->stop(($output->message)?$output->message:'msg_not_permitted_download');
286 
287 
288  // 다운로드 후 (가상)
289  // Increase download_count
290  $args = new stdClass();
291  $args->file_srl = $file_srl;
292  executeQuery('file.updateFileDownloadCount', $args);
293  // Call a trigger (after)
294  $output = ModuleHandler::triggerCall('file.downloadFile', 'after', $file_obj);
295 
296  $random = new Password();
297  $file_key = $_SESSION['__XE_FILE_KEY__'][$file_srl] = $random->createSecureSalt(32, 'hex');
298  header('Location: '.getNotEncodedUrl('', 'act', 'procFileOutput','file_srl',$file_srl,'file_key',$file_key));
299  Context::close();
300  exit();
301 
302  }
303 
304  public function procFileOutput()
305  {
306  $oFileModel = getModel('file');
307  $file_srl = Context::get('file_srl');
308  $file_key = Context::get('file_key');
309  if(strstr($_SERVER['HTTP_USER_AGENT'], "Android")) $is_android = true;
310 
311  if($is_android && $_SESSION['__XE_FILE_KEY_AND__'][$file_srl]) $session_key = '__XE_FILE_KEY_AND__';
312  else $session_key = '__XE_FILE_KEY__';
313  $columnList = array('source_filename', 'uploaded_filename', 'file_size');
314  $file_obj = $oFileModel->getFile($file_srl, $columnList);
315 
316  $uploaded_filename = $file_obj->uploaded_filename;
317 
318  if(!file_exists($uploaded_filename)) return $this->stop('msg_file_not_found');
319 
320  if(!$file_key || $_SESSION[$session_key][$file_srl] != $file_key)
321  {
322  unset($_SESSION[$session_key][$file_srl]);
323  return $this->stop('msg_invalid_request');
324  }
325 
326  $file_size = $file_obj->file_size;
327  $filename = $file_obj->source_filename;
328 
329  if(preg_match('#(?:Chrome|Edge)/(\d+)\.#', $_SERVER['HTTP_USER_AGENT'], $matches) && $matches[1] >= 11)
330  {
331  if($is_android && preg_match('#\bwv\b|(?:Version|Browser)/\d+#', $_SERVER['HTTP_USER_AGENT']))
332  {
333  $filename_param = 'filename="' . $filename . '"';
334  }
335  else
336  {
337  $filename_param = sprintf('filename="%s"; filename*=UTF-8\'\'%s', $filename, rawurlencode($filename));
338  }
339  }
340  elseif(preg_match('#(?:Firefox|Safari|Trident)/(\d+)\.#', $_SERVER['HTTP_USER_AGENT'], $matches) && $matches[1] >= 6)
341  {
342  $filename_param = sprintf('filename="%s"; filename*=UTF-8\'\'%s', $filename, rawurlencode($filename));
343  }
344  elseif(strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== FALSE)
345  {
346  $filename = rawurlencode($filename);
347  $filename_param = 'filename="' . preg_replace('/\./', '%2e', $filename, substr_count($filename, '.') - 1) . '"';
348  }
349  else
350  {
351  $filename_param = 'filename="' . $filename . '"';
352  }
353 
354  if($is_android)
355  {
356  if($_SESSION['__XE_FILE_KEY__'][$file_srl]) $_SESSION['__XE_FILE_KEY_AND__'][$file_srl] = $file_key;
357  }
358 
359  unset($_SESSION[$session_key][$file_srl]);
360 
361  Context::close();
362 
363  $fp = fopen($uploaded_filename, 'rb');
364  if(!$fp) return $this->stop('msg_file_not_found');
365 
366  header("Cache-Control: ");
367  header("Pragma: ");
368  header("Content-Type: application/octet-stream");
369  header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
370 
371  header("Content-Length: " .(string)($file_size));
372  header('Content-Disposition: attachment; ' . $filename_param);
373  header("Content-Transfer-Encoding: binary\n");
374 
375  // if file size is lager than 10MB, use fread function (#18675748)
376  if($file_size > 1024 * 1024)
377  {
378  while(!feof($fp)) echo fread($fp, 1024);
379  fclose($fp);
380  }
381  else
382  {
383  fpassthru($fp);
384  }
385 
386  exit();
387  }
388 
394  function procFileDelete()
395  {
396  // Basic variable setting(upload_target_srl and module_srl set)
397  $editor_sequence = Context::get('editor_sequence');
398  $file_srl = Context::get('file_srl');
399  $file_srls = Context::get('file_srls');
400  if($file_srls) $file_srl = $file_srls;
401  // Exit a session if there is neither upload permission nor information
402  if(!$_SESSION['upload_info'][$editor_sequence]->enabled) exit();
403 
404  $upload_target_srl = $_SESSION['upload_info'][$editor_sequence]->upload_target_srl;
405 
406  $logged_info = Context::get('logged_info');
407  $oFileModel = getModel('file');
408 
409  $srls = explode(',',$file_srl);
410  if(!count($srls)) return;
411 
412  for($i=0;$i<count($srls);$i++)
413  {
414  $srl = (int)$srls[$i];
415  if(!$srl) continue;
416 
417  $args = new stdClass;
418  $args->file_srl = $srl;
419  $output = executeQuery('file.getFile', $args);
420  if(!$output->toBool()) continue;
421 
422  $file_info = $output->data;
423  if(!$file_info) continue;
424 
425  $file_grant = $oFileModel->getFileGrant($file_info, $logged_info);
426 
427  if(!$file_grant->is_deletable) continue;
428 
429  if($upload_target_srl && $file_srl) $output = $this->deleteFile($file_srl);
430  }
431  }
432 
438  function procFileGetList()
439  {
440  if(!Context::get('is_logged')) return new BaseObject(-1,'msg_not_permitted');
441 
442  $oModuleModel = getModel('module');
443 
444  $logged_info = Context::get('logged_info');
445  if($logged_info->is_admin !== 'Y' && !$oModuleModel->isSiteAdmin($logged_info))
446  {
447  return new BaseObject(-1, 'msg_not_permitted');
448  }
449 
450  $fileSrls = Context::get('file_srls');
451  if($fileSrls) $fileSrlList = explode(',', $fileSrls);
452 
453  global $lang;
454  if(count($fileSrlList) > 0)
455  {
456  $oFileModel = getModel('file');
457  $fileList = $oFileModel->getFile($fileSrlList);
458  if(!is_array($fileList)) $fileList = array($fileList);
459 
460  if(is_array($fileList))
461  {
462  foreach($fileList AS $key=>$value)
463  {
464  $value->human_file_size = FileHandler::filesize($value->file_size);
465  if($value->isvalid=='Y') $value->validName = $lang->is_valid;
466  else $value->validName = $lang->is_stand_by;
467  }
468  }
469  }
470  else
471  {
472  $fileList = array();
473  $this->setMessage($lang->no_files);
474  }
475 
476  $this->add('file_list', $fileList);
477  }
485  {
486  $document_srl = $obj->document_srl;
487  if(!$document_srl) return new BaseObject();
488  // Get numbers of attachments
489  $oFileModel = getModel('file');
490  $obj->uploaded_count = $oFileModel->getFilesCount($document_srl);
491 
492  return new BaseObject();
493  }
494 
502  {
503  $document_srl = $obj->document_srl;
504  if(!$document_srl) return new BaseObject();
505 
507  if(!$output->toBool()) return $output;
508 
509  return new BaseObject();
510  }
511 
519  {
520  $document_srl = $obj->document_srl;
521  if(!$document_srl) return new BaseObject();
522 
524  return $output;
525  }
526 
534  {
535  $comment_srl = $obj->comment_srl;
536  if(!$comment_srl) return new BaseObject();
537  // Get numbers of attachments
538  $oFileModel = getModel('file');
539  $obj->uploaded_count = $oFileModel->getFilesCount($comment_srl);
540 
541  return new BaseObject();
542  }
543 
551  {
552  $comment_srl = $obj->comment_srl;
553  $uploaded_count = $obj->uploaded_count;
554  if(!$comment_srl || !$uploaded_count) return new BaseObject();
555 
556  $output = $this->setFilesValid($comment_srl);
557  if(!$output->toBool()) return $output;
558 
559  return new BaseObject();
560  }
561 
569  {
570  $comment_srl = $obj->comment_srl;
571  if(!$comment_srl) return new BaseObject();
572 
573  if($obj->isMoveToTrash) return new BaseObject();
574 
575  $output = $this->deleteFiles($comment_srl);
576  return $output;
577  }
578 
586  {
587  $module_srl = $obj->module_srl;
588  if(!$module_srl) return new BaseObject();
589 
590  $oFileController = getAdminController('file');
591  return $oFileController->deleteModuleFiles($module_srl);
592  }
593 
601  function setUploadInfo($editor_sequence, $upload_target_srl=0)
602  {
603  if(!isset($_SESSION['upload_info'][$editor_sequence]))
604  {
605  $_SESSION['upload_info'][$editor_sequence] = new stdClass();
606  }
607  $_SESSION['upload_info'][$editor_sequence]->enabled = true;
608  $_SESSION['upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl;
609  }
610 
618  function setFilesValid($upload_target_srl)
619  {
620  $args = new stdClass();
621  $args->upload_target_srl = $upload_target_srl;
622  return executeQuery('file.updateFileValid', $args);
623  }
624 
656  function insertFile($file_info, $module_srl, $upload_target_srl, $download_count = 0, $manual_insert = false)
657  {
658  // Call a trigger (before)
659  $trigger_obj = new stdClass;
660  $trigger_obj->module_srl = $module_srl;
661  $trigger_obj->upload_target_srl = $upload_target_srl;
662  $output = ModuleHandler::triggerCall('file.insertFile', 'before', $trigger_obj);
663  if(!$output->toBool()) return $output;
664 
665  // A workaround for Firefox upload bug
666  if(preg_match('/^=\?UTF-8\?B\?(.+)\?=$/i', $file_info['name'], $match))
667  {
668  $file_info['name'] = base64_decode(strtr($match[1], ':', '/'));
669  }
670 
671  if(!$manual_insert)
672  {
673  // Get the file configurations
674  $logged_info = Context::get('logged_info');
675  if($logged_info->is_admin != 'Y')
676  {
677  $oFileModel = getModel('file');
678  $config = $oFileModel->getFileConfig($module_srl);
679 
680  // check file type
681  if(isset($config->allowed_filetypes) && $config->allowed_filetypes !== '*.*')
682  {
683  $filetypes = explode(';', $config->allowed_filetypes);
684  $ext = array();
685  foreach($filetypes as $item) {
686  $item = explode('.', $item);
687  $ext[] = strtolower($item[1]);
688  }
689  $uploaded_ext = explode('.', $file_info['name']);
690  $uploaded_ext = strtolower(array_pop($uploaded_ext));
691 
692  if(!in_array($uploaded_ext, $ext))
693  {
694  return $this->stop('msg_not_allowed_filetype');
695  }
696  }
697 
698  $allowed_filesize = $config->allowed_filesize * 1024 * 1024;
699  $allowed_attach_size = $config->allowed_attach_size * 1024 * 1024;
700  // An error appears if file size exceeds a limit
701  if($allowed_filesize < filesize($file_info['tmp_name'])) return new BaseObject(-1, 'msg_exceeds_limit_size');
702  // Get total file size of all attachements (from DB)
703  $size_args = new stdClass;
704  $size_args->upload_target_srl = $upload_target_srl;
705  $output = executeQuery('file.getAttachedFileSize', $size_args);
706  $attached_size = (int)$output->data->attached_size + filesize($file_info['tmp_name']);
707  if($attached_size > $allowed_attach_size) return new BaseObject(-1, 'msg_exceeds_limit_size');
708  }
709  }
710 
711  // https://github.com/xpressengine/xe-core/issues/1713
712  $file_info['name'] = preg_replace('/\.(php|phtm|phar|html?|cgi|pl|exe|jsp|asp|inc)/i', '$0-x',$file_info['name']);
713  $file_info['name'] = removeHackTag($file_info['name']);
714  $file_info['name'] = str_replace(array('<','>'),array('%3C','%3E'),$file_info['name']);
715  $file_info['name'] = str_replace('&amp;', '&', $file_info['name']);
716 
717  // Get random number generator
718  $random = new Password();
719 
720  // Set upload path by checking if the attachement is an image or other kinds of file
721  if(preg_match("/\.(jpe?g|gif|png|wm[va]|mpe?g|avi|flv|mp[1-4]|as[fx]|wav|midi?|moo?v|qt|r[am]{1,2}|m4v)$/i", $file_info['name']))
722  {
723  $path = sprintf("./files/attach/images/%s/%s", $module_srl,getNumberingPath($upload_target_srl,3));
724 
725  // special character to '_'
726  // change to random file name. because window php bug. window php is not recognize unicode character file name - by cherryfilter
727  $ext = substr(strrchr($file_info['name'],'.'),1);
728  //$_filename = preg_replace('/[#$&*?+%"\']/', '_', $file_info['name']);
729  $_filename = $random->createSecureSalt(32, 'hex').'.'.$ext;
730  $filename = $path.$_filename;
731  $idx = 1;
732  while(file_exists($filename))
733  {
734  $filename = $path.preg_replace('/\.([a-z0-9]+)$/i','_'.$idx.'.$1',$_filename);
735  $idx++;
736  }
737  $direct_download = 'Y';
738  }
739  else
740  {
741  $path = sprintf("./files/attach/binaries/%s/%s", $module_srl, getNumberingPath($upload_target_srl,3));
742  $filename = $path.$random->createSecureSalt(32, 'hex');
743  $direct_download = 'N';
744  }
745  // Create a directory
746  if(!FileHandler::makeDir($path)) return new BaseObject(-1,'msg_not_permitted_create');
747 
748  // Check uploaded file
749  if(!$manual_insert && !checkUploadedFile($file_info['tmp_name'])) return new BaseObject(-1,'msg_file_upload_error');
750 
751  // Get random number generator
752  $random = new Password();
753 
754  // Move the file
755  if($manual_insert)
756  {
757  @copy($file_info['tmp_name'], $filename);
758  if(!file_exists($filename))
759  {
760  $filename = $path.$random->createSecureSalt(32, 'hex').'.'.$ext;
761  @copy($file_info['tmp_name'], $filename);
762  }
763  }
764  else
765  {
766  if(!@move_uploaded_file($file_info['tmp_name'], $filename))
767  {
768  $filename = $path.$random->createSecureSalt(32, 'hex').'.'.$ext;
769  if(!@move_uploaded_file($file_info['tmp_name'], $filename)) return new BaseObject(-1,'msg_file_upload_error');
770  }
771  }
772  // Get member information
773  $oMemberModel = getModel('member');
774  $member_srl = $oMemberModel->getLoggedMemberSrl();
775  // List file information
776  $args = new stdClass;
777  $args->file_srl = getNextSequence();
778  $args->upload_target_srl = $upload_target_srl;
779  $args->module_srl = $module_srl;
780  $args->direct_download = $direct_download;
781  $args->source_filename = $file_info['name'];
782  $args->uploaded_filename = $filename;
783  $args->download_count = $download_count;
784  $args->file_size = @filesize($filename);
785  $args->comment = NULL;
786  $args->member_srl = $member_srl;
787  $args->sid = $random->createSecureSalt(32, 'hex');
788 
789  $output = executeQuery('file.insertFile', $args);
790  if(!$output->toBool()) return $output;
791  // Call a trigger (after)
792  $trigger_output = ModuleHandler::triggerCall('file.insertFile', 'after', $args);
793  if(!$trigger_output->toBool()) return $trigger_output;
794 
795  $_SESSION['__XE_UPLOADING_FILES_INFO__'][$args->file_srl] = true;
796 
797  $output->add('file_srl', $args->file_srl);
798  $output->add('file_size', $args->file_size);
799  $output->add('sid', $args->sid);
800  $output->add('direct_download', $args->direct_download);
801  $output->add('source_filename', $args->source_filename);
802  $output->add('upload_target_srl', $upload_target_srl);
803  $output->add('uploaded_filename', $args->uploaded_filename);
804  return $output;
805  }
806 
834  function deleteFile($file_srl)
835  {
836  if(!$file_srl) return;
837 
838  $srls = (is_array($file_srl)) ? $file_srl : explode(',', $file_srl);
839  if(!count($srls)) return;
840 
841  $oDocumentController = getController('document');
842  $documentSrlList = array();
843 
844  foreach($srls as $srl)
845  {
846  $srl = (int)$srl;
847  if(!$srl)
848  {
849  continue;
850  }
851 
852  $args = new stdClass();
853  $args->file_srl = $srl;
854  $output = executeQuery('file.getFile', $args);
855 
856  if(!$output->toBool() || !$output->data)
857  {
858  continue;
859  }
860 
861  $file_info = $output->data;
862 
863  if($file_info->upload_target_srl)
864  {
865  $documentSrlList[] = $file_info->upload_target_srl;
866  }
867 
868  $source_filename = $output->data->source_filename;
869  $uploaded_filename = $output->data->uploaded_filename;
870 
871  // Call a trigger (before)
872  $trigger_obj = $output->data;
873  $output = ModuleHandler::triggerCall('file.deleteFile', 'before', $trigger_obj);
874  if(!$output->toBool()) return $output;
875 
876  // Remove from the DB
877  $output = executeQuery('file.deleteFile', $args);
878  if(!$output->toBool()) return $output;
879 
880  // Call a trigger (after)
881  $trigger_output = ModuleHandler::triggerCall('file.deleteFile', 'after', $trigger_obj);
882  if(!$trigger_output->toBool()) return $trigger_output;
883 
884  // If successfully deleted, remove the file
885  FileHandler::removeFile($uploaded_filename);
886  }
887 
888  $oDocumentController->updateUploaedCount($documentSrlList);
889 
890  return $output;
891  }
892 
899  function deleteFiles($upload_target_srl)
900  {
901  // Get a list of attachements
902  $oFileModel = getModel('file');
903  $columnList = array('file_srl', 'uploaded_filename', 'module_srl');
904  $file_list = $oFileModel->getFiles($upload_target_srl, $columnList);
905  // Success returned if no attachement exists
906  if(!is_array($file_list)||!count($file_list)) return new BaseObject();
907 
908  // Delete the file
909  $path = array();
910  $file_count = count($file_list);
911  for($i=0;$i<$file_count;$i++)
912  {
913  $this->deleteFile($file_list[$i]->file_srl);
914 
915  $uploaded_filename = $file_list[$i]->uploaded_filename;
916  $path_info = pathinfo($uploaded_filename);
917  if(!in_array($path_info['dirname'], $path)) $path[] = $path_info['dirname'];
918  }
919 
920  // Remove from the DB
921  $args = new stdClass();
922  $args->upload_target_srl = $upload_target_srl;
923  $output = executeQuery('file.deleteFiles', $args);
924  if(!$output->toBool()) return $output;
925 
926  // Remove a file directory of the document
927  for($i=0, $c=count($path); $i<$c; $i++)
928  {
929  FileHandler::removeBlankDir($path[$i]);
930  }
931 
932  return $output;
933  }
934 
943  function moveFile($source_srl, $target_module_srl, $target_srl)
944  {
945  if($source_srl == $target_srl) return;
946 
947  $oFileModel = getModel('file');
948  $file_list = $oFileModel->getFiles($source_srl);
949  if(!$file_list) return;
950 
951  $file_count = count($file_list);
952 
953  for($i=0;$i<$file_count;$i++)
954  {
955  unset($file_info);
956  $file_info = $file_list[$i];
957  $old_file = $file_info->uploaded_filename;
958  // Determine the file path by checking if the file is an image or other kinds
959  if(preg_match("/\.(asf|asf|asx|avi|flv|gif|jpeg|jpg|m4a|m4v|mid|midi|moov|mov|mp1|mp2|mp3|mp4|mpeg|mpg|ogg|png|qt|ra|ram|rm|rmm|wav|webm|webp|wma|wmv)$/i", $file_info->source_filename))
960  {
961  $path = sprintf("./files/attach/images/%s/%s/", $target_module_srl,$target_srl);
962  $new_file = $path.$file_info->source_filename;
963  }
964  else
965  {
966  $path = sprintf("./files/attach/binaries/%s/%s/", $target_module_srl, $target_srl);
967  $random = new Password();
968  $new_file = $path.$random->createSecureSalt(32, 'hex');
969  }
970  // Pass if a target document to move is same
971  if($old_file == $new_file) continue;
972  // Create a directory
973  FileHandler::makeDir($path);
974  // Move the file
975  FileHandler::rename($old_file, $new_file);
976  // Update DB information
977  $args = new stdClass;
978  $args->file_srl = $file_info->file_srl;
979  $args->uploaded_filename = $new_file;
980  $args->module_srl = $file_info->module_srl;
981  $args->upload_target_srl = $target_srl;
982  executeQuery('file.updateFile', $args);
983  }
984  }
985 
986  public function procFileSetCoverImage()
987  {
988  $vars = Context::getRequestVars();
989  $logged_info = Context::get('logged_info');
990 
991  if(!$vars->editor_sequence) return new BaseObject(-1, 'msg_invalid_request');
992 
993  $upload_target_srl = $_SESSION['upload_info'][$vars->editor_sequence]->upload_target_srl;
994 
995  $oFileModel = getModel('file');
996  $file_info = $oFileModel->getFile($vars->file_srl);
997 
998  if(!$file_info) return new BaseObject(-1, 'msg_not_founded');
999 
1000  if(!$this->manager && !$file_info->member_srl === $logged_info->member_srl) return new BaseObject(-1, 'msg_not_permitted');
1001 
1002  $args = new stdClass();
1003  $args->file_srl = $vars->file_srl;
1004  $args->upload_target_srl = $upload_target_srl;
1005 
1006  $oDB = &DB::getInstance();
1007  $oDB->begin();
1008 
1009  $args->cover_image = 'N';
1010  $output = executeQuery('file.updateClearCoverImage', $args);
1011  if(!$output->toBool())
1012  {
1013  $oDB->rollback();
1014  return $output;
1015  }
1016 
1017  if($file_info->cover_image != 'Y')
1018  {
1019 
1020  $args->cover_image = 'Y';
1021  $output = executeQuery('file.updateCoverImage', $args);
1022  if(!$output->toBool())
1023  {
1024  $oDB->rollback();
1025  return $output;
1026  }
1027 
1028  }
1029 
1030  $oDB->commit();
1031 
1032  $this->add('is_cover',$args->cover_image);
1033 
1034  // 썸네일 삭제
1035  $thumbnail_path = sprintf('files/thumbnails/%s', getNumberingPath($upload_target_srl, 3));
1036  Filehandler::removeFilesInDir($thumbnail_path);
1037  }
1038 
1047  function printUploadedFileList($editor_sequence, $upload_target_srl)
1048  {
1049  return;
1050  }
1051 
1053  {
1054  $oModuleModel = getModel('module');
1055  $fileConfig = $oModuleModel->getModulePartConfig('file', $obj->originModuleSrl);
1056 
1057  $oModuleController = getController('module');
1058  if(is_array($obj->moduleSrlList))
1059  {
1060  foreach($obj->moduleSrlList AS $key=>$moduleSrl)
1061  {
1062  $oModuleController->insertModulePartConfig('file', $moduleSrl, $fileConfig);
1063  }
1064  }
1065  }
1066 }
1067 /* End of file file.controller.php */
1068 /* Location: ./modules/file/file.controller.php */
1069 
setTemplateFile($filename)
$oModuleModel
Definition: ko.install.php:236
setMessage($message= 'success', $type=NULL)
getController($module_name)
Definition: func.inc.php:90
getNumberingPath($no, $size=3)
Definition: func.inc.php:1081
removeFile($filename)
$obj
Definition: ko.install.php:262
setRequestMethod($type= '')
$output
Definition: ko.install.php:193
add($key, $val)
setUploadInfo($editor_sequence, $upload_target_srl=0)
triggerCommentDeleteAttached(&$obj)
set($key, $val, $set_to_get_vars=0)
getNotEncodedUrl()
Definition: func.inc.php:316
triggerDeleteModuleFiles(&$obj)
triggerCheckAttached(&$obj)
insertFile($file_info, $module_srl, $upload_target_srl, $download_count=0, $manual_insert=false)
triggerCommentCheckAttached(&$obj)
moveFile($source_srl, $target_module_srl, $target_srl)
triggerCommentAttachFiles(&$obj)
$module_srl
integer value to represent a run-time instance of Module (XE Module)
deleteFiles($upload_target_srl)
rename($source, $target)
$args
Definition: ko.install.php:185
$module_info
an object containing the module information
$document_srl
Definition: ko.install.php:279
getInstance($db_type=NULL)
Definition: DB.class.php:142
makeDir($path_string)
removeHackTag($content)
Definition: func.inc.php:1123
createImageFile($source_file, $target_file, $resize_width=0, $resize_height=0, $target_type= '', $thumbnail_type= 'crop', $thumbnail_transparent=FALSE)
$oDocumentController
Definition: ko.install.php:260
getNextSequence()
Definition: func.inc.php:236
triggerDeleteAttached(&$obj)
getModel($module_name)
Definition: func.inc.php:145
setResponseMethod($method= 'HTML')
deleteFile($file_srl)
getAdminController($module_name)
Definition: func.inc.php:101
executeQuery($query_id, $args=NULL, $arg_columns=NULL)
Definition: func.inc.php:203
printUploadedFileList($editor_sequence, $upload_target_srl)
$oModuleController
Definition: ko.install.php:287
setFilesValid($upload_target_srl)
triggerCall($trigger_name, $called_position, &$obj)
if(isset($_REQUEST['encode'])) if(isset($_REQUEST['decode'])) $lang
Definition: example.php:23
checkUploadedFile($file)
Definition: func.inc.php:1165