32 if(!is_uploaded_file($file_info[
'tmp_name'])) exit();
37 $upload_target_srl = intval(
Context::get(
'uploadTargetSrl'));
38 if(!$upload_target_srl) $upload_target_srl = intval(
Context::get(
'upload_target_srl'));
41 if(!$_SESSION[
'upload_info'][$editor_sequence]->enabled) exit();
43 if(!$upload_target_srl) $upload_target_srl = $_SESSION[
'upload_info'][$editor_sequence]->upload_target_srl;
45 if(!$upload_target_srl) $_SESSION[
'upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl =
getNextSequence();
49 $this->
add(
'file_srl',
$output->get(
'file_srl'));
50 $this->
add(
'file_size',
$output->get(
'file_size'));
51 $this->
add(
'direct_download',
$output->get(
'direct_download'));
52 $this->
add(
'source_filename',
$output->get(
'source_filename'));
53 $this->
add(
'download_url',
$output->get(
'uploaded_filename'));
54 $this->
add(
'upload_target_srl',
$output->get(
'upload_target_srl'));
69 $upload_target_srl = intval(
Context::get(
'uploadTargetSrl'));
70 if(!$upload_target_srl) $upload_target_srl = intval(
Context::get(
'upload_target_srl'));
73 if(!$_SESSION[
'upload_info'][$editor_sequence]->enabled) exit();
75 if(!$upload_target_srl) $upload_target_srl = $_SESSION[
'upload_info'][$editor_sequence]->upload_target_srl;
77 if(!$upload_target_srl) $_SESSION[
'upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl =
getNextSequence();
85 $file_info = $oFileModel->getFile($file_srl);
86 $file_grant = $oFileModel->getFileGrant($file_info,
$logged_info);
87 if($file_info->file_srl == $file_srl && $file_grant->is_deletable)
95 if(is_uploaded_file($file_info[
'tmp_name'])) {
117 if(!$file_srl || !$width)
119 return new BaseObject(-1,
'msg_invalid_request');
123 $fileInfo = $oFileModel->getFile($file_srl);
124 if(!$fileInfo || $fileInfo->direct_download !=
'Y')
126 return new BaseObject(-1,
'msg_invalid_request');
129 $source_src = $fileInfo->uploaded_filename;
130 $output_src = $source_src .
'.resized' . strrchr($source_src,
'.');
132 if(!$height) $height = $width-1;
137 $output->info = getimagesize($output_src);
142 return new BaseObject(-1,
'msg_invalid_request');
183 if(isset($this->grant->access) && $this->grant->access !==
true)
return new BaseObject(-1,
'msg_not_permitted');
189 $columnList = array(
'file_srl',
'sid',
'isvalid',
'source_filename',
'module_srl',
'uploaded_filename',
'file_size',
'member_srl',
'upload_target_srl',
'upload_target_type');
190 $file_obj = $oFileModel->getFile($file_srl, $columnList);
192 if($file_obj->file_srl!=$file_srl || $file_obj->sid!=$sid)
return $this->
stop(
'msg_file_not_found');
194 if(
$logged_info->is_admin !=
'Y' && $file_obj->isvalid!=
'Y')
return $this->
stop(
'msg_not_permitted_download');
196 $filename = $file_obj->source_filename;
197 $file_module_config = $oFileModel->getFileModuleConfig($file_obj->module_srl);
199 if($file_module_config->allow_outlink ==
'N')
202 if($file_module_config->allow_outlink_format)
204 $allow_outlink_format_array = array();
205 $allow_outlink_format_array = explode(
',', $file_module_config->allow_outlink_format);
206 if(!is_array($allow_outlink_format_array)) $allow_outlink_format_array[0] = $file_module_config->allow_outlink_format;
208 foreach($allow_outlink_format_array as $val)
211 if(preg_match(
"/\.{$val}$/i", $filename))
213 $file_module_config->allow_outlink =
'Y';
219 if($file_module_config->allow_outlink !=
'Y')
221 $referer = parse_url($_SERVER[
"HTTP_REFERER"]);
222 if($referer[
'host'] != $_SERVER[
'HTTP_HOST'])
224 if($file_module_config->allow_outlink_site)
226 $allow_outlink_site_array = array();
227 $allow_outlink_site_array = explode(
"\n", $file_module_config->allow_outlink_site);
228 if(!is_array($allow_outlink_site_array)) $allow_outlink_site_array[0] = $file_module_config->allow_outlink_site;
230 foreach($allow_outlink_site_array as $val)
232 $site = parse_url(trim($val));
233 if($site[
'host'] == $referer[
'host'])
235 $file_module_config->allow_outlink =
'Y';
241 else $file_module_config->allow_outlink =
'Y';
243 if($file_module_config->allow_outlink !=
'Y')
return $this->
stop(
'msg_not_allowed_outlink');
247 $downloadGrantCount = 0;
248 if(is_array($file_module_config->download_grant))
250 foreach($file_module_config->download_grant AS $value)
251 if($value) $downloadGrantCount++;
254 if(is_array($file_module_config->download_grant) && $downloadGrantCount>0)
256 if(!
Context::get(
'is_logged'))
return $this->
stop(
'msg_not_permitted_download');
261 $columnList = array(
'module_srl',
'site_srl');
266 $oMemberModel =&
getModel(
'member');
269 $is_permitted =
false;
270 for($i=0;$i<count($file_module_config->download_grant);$i++)
272 $group_srl = $file_module_config->download_grant[$i];
273 if($member_groups[$group_srl])
275 $is_permitted =
true;
279 if(!$is_permitted)
return $this->
stop(
'msg_not_permitted_download');
290 $args =
new stdClass();
291 $args->file_srl = $file_srl;
297 $file_key = $_SESSION[
'__XE_FILE_KEY__'][$file_srl] = $random->createSecureSalt(32,
'hex');
298 header(
'Location: '.
getNotEncodedUrl(
'',
'act',
'procFileOutput',
'file_srl',$file_srl,
'file_key',$file_key));
309 if(strstr($_SERVER[
'HTTP_USER_AGENT'],
"Android")) $is_android =
true;
311 if($is_android && $_SESSION[
'__XE_FILE_KEY_AND__'][$file_srl]) $session_key =
'__XE_FILE_KEY_AND__';
312 else $session_key =
'__XE_FILE_KEY__';
313 $columnList = array(
'source_filename',
'uploaded_filename',
'file_size');
314 $file_obj = $oFileModel->getFile($file_srl, $columnList);
316 $uploaded_filename = $file_obj->uploaded_filename;
318 if(!file_exists($uploaded_filename))
return $this->
stop(
'msg_file_not_found');
320 if(!$file_key || $_SESSION[$session_key][$file_srl] != $file_key)
322 unset($_SESSION[$session_key][$file_srl]);
323 return $this->
stop(
'msg_invalid_request');
326 $file_size = $file_obj->file_size;
327 $filename = $file_obj->source_filename;
329 if(preg_match(
'#(?:Chrome|Edge)/(\d+)\.#', $_SERVER[
'HTTP_USER_AGENT'], $matches) && $matches[1] >= 11)
331 if($is_android && preg_match(
'#\bwv\b|(?:Version|Browser)/\d+#', $_SERVER[
'HTTP_USER_AGENT']))
333 $filename_param =
'filename="' . $filename .
'"';
337 $filename_param = sprintf(
'filename="%s"; filename*=UTF-8\'\'%s', $filename, rawurlencode($filename));
340 elseif(preg_match(
'#(?:Firefox|Safari|Trident)/(\d+)\.#', $_SERVER[
'HTTP_USER_AGENT'], $matches) && $matches[1] >= 6)
342 $filename_param = sprintf(
'filename="%s"; filename*=UTF-8\'\'%s', $filename, rawurlencode($filename));
344 elseif(strpos($_SERVER[
'HTTP_USER_AGENT'],
'MSIE') !== FALSE)
346 $filename = rawurlencode($filename);
347 $filename_param =
'filename="' . preg_replace(
'/\./',
'%2e', $filename, substr_count($filename,
'.') - 1) .
'"';
351 $filename_param =
'filename="' . $filename .
'"';
356 if($_SESSION[
'__XE_FILE_KEY__'][$file_srl]) $_SESSION[
'__XE_FILE_KEY_AND__'][$file_srl] = $file_key;
359 unset($_SESSION[$session_key][$file_srl]);
363 $fp = fopen($uploaded_filename,
'rb');
364 if(!$fp)
return $this->
stop(
'msg_file_not_found');
366 header(
"Cache-Control: ");
368 header(
"Content-Type: application/octet-stream");
369 header(
"Last-Modified: " . gmdate(
"D, d M Y H:i:s") .
" GMT");
371 header(
"Content-Length: " .(
string)($file_size));
372 header(
'Content-Disposition: attachment; ' . $filename_param);
373 header(
"Content-Transfer-Encoding: binary\n");
376 if($file_size > 1024 * 1024)
378 while(!feof($fp)) echo fread($fp, 1024);
400 if($file_srls) $file_srl = $file_srls;
402 if(!$_SESSION[
'upload_info'][$editor_sequence]->enabled) exit();
404 $upload_target_srl = $_SESSION[
'upload_info'][$editor_sequence]->upload_target_srl;
409 $srls = explode(
',',$file_srl);
410 if(!count($srls))
return;
412 for($i=0;$i<count($srls);$i++)
414 $srl = (int)$srls[$i];
417 $args =
new stdClass;
418 $args->file_srl = $srl;
420 if(!
$output->toBool())
continue;
423 if(!$file_info)
continue;
425 $file_grant = $oFileModel->getFileGrant($file_info,
$logged_info);
427 if(!$file_grant->is_deletable)
continue;
447 return new BaseObject(-1,
'msg_not_permitted');
451 if($fileSrls) $fileSrlList = explode(
',', $fileSrls);
454 if(count($fileSrlList) > 0)
457 $fileList = $oFileModel->getFile($fileSrlList);
458 if(!is_array($fileList)) $fileList = array($fileList);
460 if(is_array($fileList))
462 foreach($fileList AS $key=>$value)
465 if($value->isvalid==
'Y') $value->validName = $lang->is_valid;
466 else $value->validName = $lang->is_stand_by;
476 $this->
add(
'file_list', $fileList);
535 $comment_srl =
$obj->comment_srl;
539 $obj->uploaded_count = $oFileModel->getFilesCount($comment_srl);
552 $comment_srl =
$obj->comment_srl;
553 $uploaded_count =
$obj->uploaded_count;
554 if(!$comment_srl || !$uploaded_count)
return new BaseObject();
570 $comment_srl =
$obj->comment_srl;
591 return $oFileController->deleteModuleFiles(
$module_srl);
603 if(!isset($_SESSION[
'upload_info'][$editor_sequence]))
605 $_SESSION[
'upload_info'][$editor_sequence] =
new stdClass();
607 $_SESSION[
'upload_info'][$editor_sequence]->enabled =
true;
608 $_SESSION[
'upload_info'][$editor_sequence]->upload_target_srl = $upload_target_srl;
620 $args =
new stdClass();
621 $args->upload_target_srl = $upload_target_srl;
659 $trigger_obj =
new stdClass;
661 $trigger_obj->upload_target_srl = $upload_target_srl;
666 if(preg_match(
'/^=\?UTF-8\?B\?(.+)\?=$/i', $file_info[
'name'], $match))
668 $file_info[
'name'] = base64_decode(strtr($match[1],
':',
'/'));
681 if(isset($config->allowed_filetypes) && $config->allowed_filetypes !==
'*.*')
683 $filetypes = explode(
';', $config->allowed_filetypes);
685 foreach($filetypes as $item) {
686 $item = explode(
'.', $item);
687 $ext[] = strtolower($item[1]);
689 $uploaded_ext = explode(
'.', $file_info[
'name']);
690 $uploaded_ext = strtolower(array_pop($uploaded_ext));
692 if(!in_array($uploaded_ext, $ext))
694 return $this->
stop(
'msg_not_allowed_filetype');
698 $allowed_filesize = $config->allowed_filesize * 1024 * 1024;
699 $allowed_attach_size = $config->allowed_attach_size * 1024 * 1024;
701 if($allowed_filesize < filesize($file_info[
'tmp_name']))
return new BaseObject(-1,
'msg_exceeds_limit_size');
703 $size_args =
new stdClass;
704 $size_args->upload_target_srl = $upload_target_srl;
706 $attached_size = (int)
$output->data->attached_size + filesize($file_info[
'tmp_name']);
707 if($attached_size > $allowed_attach_size)
return new BaseObject(-1,
'msg_exceeds_limit_size');
712 $file_info[
'name'] = preg_replace(
'/\.(php|phtm|phar|html?|cgi|pl|exe|jsp|asp|inc)/i',
'$0-x',$file_info[
'name']);
714 $file_info[
'name'] = str_replace(array(
'<',
'>'),array(
'%3C',
'%3E'),$file_info[
'name']);
715 $file_info[
'name'] = str_replace(
'&',
'&', $file_info[
'name']);
721 if(preg_match(
"/\.(jpe?g|gif|png|wm[va]|mpe?g|avi|flv|mp[1-4]|as[fx]|wav|midi?|moo?v|qt|r[am]{1,2}|m4v)$/i", $file_info[
'name']))
727 $ext = substr(strrchr($file_info[
'name'],
'.'),1);
729 $_filename = $random->createSecureSalt(32,
'hex').
'.'.$ext;
730 $filename = $path.$_filename;
732 while(file_exists($filename))
734 $filename = $path.preg_replace(
'/\.([a-z0-9]+)$/i',
'_'.$idx.
'.$1',$_filename);
737 $direct_download =
'Y';
742 $filename = $path.$random->createSecureSalt(32,
'hex');
743 $direct_download =
'N';
757 @copy($file_info[
'tmp_name'], $filename);
758 if(!file_exists($filename))
760 $filename = $path.$random->createSecureSalt(32,
'hex').
'.'.$ext;
761 @copy($file_info[
'tmp_name'], $filename);
766 if(!@move_uploaded_file($file_info[
'tmp_name'], $filename))
768 $filename = $path.$random->createSecureSalt(32,
'hex').
'.'.$ext;
769 if(!@move_uploaded_file($file_info[
'tmp_name'], $filename))
return new BaseObject(-1,
'msg_file_upload_error');
774 $member_srl = $oMemberModel->getLoggedMemberSrl();
776 $args =
new stdClass;
778 $args->upload_target_srl = $upload_target_srl;
780 $args->direct_download = $direct_download;
781 $args->source_filename = $file_info[
'name'];
782 $args->uploaded_filename = $filename;
783 $args->download_count = $download_count;
784 $args->file_size = @filesize($filename);
785 $args->comment = NULL;
786 $args->member_srl = $member_srl;
787 $args->sid = $random->createSecureSalt(32,
'hex');
793 if(!$trigger_output->toBool())
return $trigger_output;
795 $_SESSION[
'__XE_UPLOADING_FILES_INFO__'][
$args->file_srl] =
true;
800 $output->add(
'direct_download',
$args->direct_download);
801 $output->add(
'source_filename',
$args->source_filename);
802 $output->add(
'upload_target_srl', $upload_target_srl);
803 $output->add(
'uploaded_filename',
$args->uploaded_filename);
836 if(!$file_srl)
return;
838 $srls = (is_array($file_srl)) ? $file_srl : explode(
',', $file_srl);
839 if(!count($srls))
return;
842 $documentSrlList = array();
844 foreach($srls as $srl)
852 $args =
new stdClass();
853 $args->file_srl = $srl;
863 if($file_info->upload_target_srl)
865 $documentSrlList[] = $file_info->upload_target_srl;
868 $source_filename =
$output->data->source_filename;
869 $uploaded_filename =
$output->data->uploaded_filename;
882 if(!$trigger_output->toBool())
return $trigger_output;
903 $columnList = array(
'file_srl',
'uploaded_filename',
'module_srl');
904 $file_list = $oFileModel->getFiles($upload_target_srl, $columnList);
906 if(!is_array($file_list)||!count($file_list))
return new BaseObject();
910 $file_count = count($file_list);
911 for($i=0;$i<$file_count;$i++)
915 $uploaded_filename = $file_list[$i]->uploaded_filename;
916 $path_info = pathinfo($uploaded_filename);
917 if(!in_array($path_info[
'dirname'], $path)) $path[] = $path_info[
'dirname'];
921 $args =
new stdClass();
922 $args->upload_target_srl = $upload_target_srl;
927 for($i=0, $c=count($path); $i<$c; $i++)
943 function moveFile($source_srl, $target_module_srl, $target_srl)
945 if($source_srl == $target_srl)
return;
948 $file_list = $oFileModel->getFiles($source_srl);
949 if(!$file_list)
return;
951 $file_count = count($file_list);
953 for($i=0;$i<$file_count;$i++)
956 $file_info = $file_list[$i];
957 $old_file = $file_info->uploaded_filename;
959 if(preg_match(
"/\.(asf|asf|asx|avi|flv|gif|jpeg|jpg|m4a|m4v|mid|midi|moov|mov|mp1|mp2|mp3|mp4|mpeg|mpg|ogg|png|qt|ra|ram|rm|rmm|wav|webm|webp|wma|wmv)$/i", $file_info->source_filename))
961 $path = sprintf(
"./files/attach/images/%s/%s/", $target_module_srl,$target_srl);
962 $new_file = $path.$file_info->source_filename;
966 $path = sprintf(
"./files/attach/binaries/%s/%s/", $target_module_srl, $target_srl);
968 $new_file = $path.$random->createSecureSalt(32,
'hex');
971 if($old_file == $new_file)
continue;
977 $args =
new stdClass;
978 $args->file_srl = $file_info->file_srl;
979 $args->uploaded_filename = $new_file;
980 $args->module_srl = $file_info->module_srl;
981 $args->upload_target_srl = $target_srl;
991 if(!$vars->editor_sequence)
return new BaseObject(-1,
'msg_invalid_request');
993 $upload_target_srl = $_SESSION[
'upload_info'][$vars->editor_sequence]->upload_target_srl;
996 $file_info = $oFileModel->getFile($vars->file_srl);
998 if(!$file_info)
return new BaseObject(-1,
'msg_not_founded');
1000 if(!$this->manager && !$file_info->member_srl ===
$logged_info->member_srl)
return new BaseObject(-1,
'msg_not_permitted');
1002 $args =
new stdClass();
1003 $args->file_srl = $vars->file_srl;
1004 $args->upload_target_srl = $upload_target_srl;
1009 $args->cover_image =
'N';
1017 if($file_info->cover_image !=
'Y')
1020 $args->cover_image =
'Y';
1032 $this->
add(
'is_cover',
$args->cover_image);
1035 $thumbnail_path = sprintf(
'files/thumbnails/%s',
getNumberingPath($upload_target_srl, 3));
1036 Filehandler::removeFilesInDir($thumbnail_path);
1055 $fileConfig =
$oModuleModel->getModulePartConfig(
'file',
$obj->originModuleSrl);
1058 if(is_array(
$obj->moduleSrlList))
1060 foreach(
$obj->moduleSrlList AS $key=>$moduleSrl)
setTemplateFile($filename)
setMessage($message= 'success', $type=NULL)
getController($module_name)
getNumberingPath($no, $size=3)
setRequestMethod($type= '')
setUploadInfo($editor_sequence, $upload_target_srl=0)
triggerCommentDeleteAttached(&$obj)
set($key, $val, $set_to_get_vars=0)
triggerDeleteModuleFiles(&$obj)
triggerAttachFiles(&$obj)
triggerCheckAttached(&$obj)
insertFile($file_info, $module_srl, $upload_target_srl, $download_count=0, $manual_insert=false)
triggerCommentCheckAttached(&$obj)
moveFile($source_srl, $target_module_srl, $target_srl)
triggerCommentAttachFiles(&$obj)
$module_srl
integer value to represent a run-time instance of Module (XE Module)
deleteFiles($upload_target_srl)
$module_info
an object containing the module information
getInstance($db_type=NULL)
createImageFile($source_file, $target_file, $resize_width=0, $resize_height=0, $target_type= '', $thumbnail_type= 'crop', $thumbnail_transparent=FALSE)
triggerDeleteAttached(&$obj)
setResponseMethod($method= 'HTML')
getAdminController($module_name)
executeQuery($query_id, $args=NULL, $arg_columns=NULL)
printUploadedFileList($editor_sequence, $upload_target_srl)
setFilesValid($upload_target_srl)
triggerCall($trigger_name, $called_position, &$obj)
if(isset($_REQUEST['encode'])) if(isset($_REQUEST['decode'])) $lang