plugins/SpecialUpdownload.php
changeset 229 97ae8e9d5e29
parent 192 9237767a23ae
child 230 3daa715e0f69
equal deleted inserted replaced
147:d8156d18ac58 229:97ae8e9d5e29
     2 /*
     2 /*
     3 Plugin Name: Upload/download frontend
     3 Plugin Name: Upload/download frontend
     4 Plugin URI: http://enanocms.org/
     4 Plugin URI: http://enanocms.org/
     5 Description: Provides the pages Special:UploadFile and Special:DownloadFile. UploadFile is used to upload files to the site, and DownloadFile fetches the file from the database, creates thumbnails if necessary, and sends the file to the user.
     5 Description: Provides the pages Special:UploadFile and Special:DownloadFile. UploadFile is used to upload files to the site, and DownloadFile fetches the file from the database, creates thumbnails if necessary, and sends the file to the user.
     6 Author: Dan Fuhry
     6 Author: Dan Fuhry
     7 Version: 1.0.1
     7 Version: 1.0.2
     8 Author URI: http://enanocms.org/
     8 Author URI: http://enanocms.org/
     9 */
     9 */
    10 
    10 
    11 /*
    11 /*
    12  * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
    12  * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
    13  * Version 1.0 release candidate 2
    13  * Version 1.0.2
    14  * Copyright (C) 2006-2007 Dan Fuhry
    14  * Copyright (C) 2006-2007 Dan Fuhry
    15  * SpecialUpdownload.php - handles uploading and downloading of user-uploaded files - possibly the most rigorously security-enforcing script in all of Enano, although sessions.php comes in a close second
    15  * SpecialUpdownload.php - handles uploading and downloading of user-uploaded files - possibly the most rigorously security-enforcing script in all of Enano, although sessions.php comes in a close second
    16  *
    16  *
    17  * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
    17  * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
    18  * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
    18  * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
    57     }
    57     }
    58     else
    58     else
    59     {
    59     {
    60       $file = false;
    60       $file = false;
    61     }
    61     }
    62     if(!is_array($file)) die_friendly('Upload failed', '<p>The server could not retrieve the array $_FILES[\'data\'].</p>');
    62     if ( !is_array($file) )
    63     if($file['size'] == 0 || $file['size'] > (int)getConfig('max_file_size')) die_friendly('Upload failed', '<p>The file you uploaded is either too large or 0 bytes in length.</p>');
    63     {
       
    64       die_friendly('Upload failed', '<p>The server could not retrieve the array $_FILES[\'data\'].</p>');
       
    65     }
       
    66     if ( $file['size'] == 0 || $file['size'] > (int)getConfig('max_file_size') )
       
    67     {
       
    68       die_friendly('Upload failed', '<p>The file you uploaded is either too large or 0 bytes in length.</p>');
       
    69     }
    64     /*
    70     /*
    65     $allowed_mime_types = Array(
    71     $allowed_mime_types = Array(
    66         'text/plain',
    72         'text/plain',
    67         'image/png',
    73         'image/png',
    68         'image/jpeg',
    74         'image/jpeg',
    86     else // DANG! Not even the browser told us. Bail out.
    92     else // DANG! Not even the browser told us. Bail out.
    87       die_friendly('Upload failed', '<p>Enano was unable to determine the format of the uploaded file.</p>');
    93       die_friendly('Upload failed', '<p>Enano was unable to determine the format of the uploaded file.</p>');
    88     */
    94     */
    89     $types = fetch_allowed_extensions();
    95     $types = fetch_allowed_extensions();
    90     $ext = substr($file['name'], strrpos($file['name'], '.')+1, strlen($file['name']));
    96     $ext = substr($file['name'], strrpos($file['name'], '.')+1, strlen($file['name']));
    91     if(!isset($types[$ext]) || ( isset($types[$ext]) && !$types[$ext] ) )
    97     if ( !isset($types[$ext]) || ( isset($types[$ext]) && !$types[$ext] ) )
    92     {
    98     {
    93       die_friendly('Upload failed', '<p>The file type ".'.$ext.'" is not allowed.</p>');
    99       die_friendly('Upload failed', '<p>The file type ".'.$ext.'" is not allowed.</p>');
    94     }
   100     }
    95     $type = $mime_types[$ext];
   101     $type = $mime_types[$ext];
    96     //$type = explode(';', $type); $type = $type[0];
   102     //$type = explode(';', $type); $type = $type[0];