Fixed bug #9575: use native filter_functions for validate and sanitize
[Packages/TYPO3.CMS.git] / typo3 / file_upload.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2008 Kasper Skaarhoj (kasperYYYY@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * Web>File: Upload of files
29 *
30 * $Id$
31 * Revised for TYPO3 3.6 November/2003 by Kasper Skaarhoj
32 *
33 * @author Kasper Skaarhoj <kasperYYYY@typo3.com>
34 */
35 /**
36 * [CLASS/FUNCTION INDEX of SCRIPT]
37 *
38 *
39 *
40 * 77: class SC_file_upload
41 * 103: function init()
42 * 171: function main()
43 * 241: function printContent()
44 *
45 * TOTAL FUNCTIONS: 3
46 * (This index is automatically created/updated by the extension "extdeveval")
47 *
48 */
49
50
51
52 $BACK_PATH = '';
53 require('init.php');
54 require('template.php');
55 $LANG->includeLLFile('EXT:lang/locallang_misc.xml');
56 require_once(PATH_t3lib.'class.t3lib_basicfilefunc.php');
57 require_once(PATH_t3lib.'class.t3lib_parsehtml.php');
58
59
60
61
62
63
64
65
66
67
68
69
70 /**
71 * Script Class for display up to 10 upload fields
72 *
73 * @author Kasper Skaarhoj <kasperYYYY@typo3.com>
74 * @package TYPO3
75 * @subpackage core
76 */
77 class SC_file_upload {
78
79 // External, static:
80 var $uploadNumber=10;
81
82 // Internal, static:
83 /**
84 * Document template object
85 *
86 * @var smallDoc
87 */
88 var $doc;
89
90 /**
91 * File processing object
92 *
93 * @var t3lib_basicFileFunctions
94 */
95 var $basicff;
96 var $icon; // Will be set to the proper icon for the $target value.
97 var $shortPath; // Relative path to current found filemount
98 var $title; // Name of the filemount
99
100 // Internal, static (GPVar):
101 var $number;
102 var $target; // Set with the target path inputted in &target
103 var $returnUrl; // Return URL of list module.
104
105 // Internal, dynamic:
106 var $content; // Accumulating content
107
108
109 /**
110 * Constructor for initializing the class
111 *
112 * @return void
113 */
114 function init() {
115 global $LANG,$BACK_PATH,$TYPO3_CONF_VARS;
116
117 // Initialize GPvars:
118 $this->number = t3lib_div::_GP('number');
119 $this->target = t3lib_div::_GP('target');
120 $this->returnUrl = t3lib_div::_GP('returnUrl');
121 $this->returnUrl = $this->returnUrl ? $this->returnUrl : t3lib_div::getIndpEnv('TYPO3_SITE_URL').TYPO3_mainDir.'file_list.php?id='.rawurlencode($this->target);
122
123 if (empty($this->number)) {
124 $defaultFileUploads = $GLOBALS['BE_USER']->getTSConfigVal('options.defaultFileUploads');
125 if ($defaultFileUploads) {
126 $this->number = t3lib_div::intInRange($defaultFileUploads,1,$this->uploadNumber);
127 }
128 }
129 // Init basic-file-functions object:
130 $this->basicff = t3lib_div::makeInstance('t3lib_basicFileFunctions');
131 $this->basicff->init($GLOBALS['FILEMOUNTS'],$TYPO3_CONF_VARS['BE']['fileExtensions']);
132
133 // Cleaning and checking target
134 $this->target=$this->basicff->is_directory($this->target); // Cleaning and checking target
135 $key=$this->basicff->checkPathAgainstMounts($this->target.'/');
136 if (!$this->target || !$key) {
137 t3lib_BEfunc::typo3PrintError ('Parameter Error','Target was not a directory!','');
138 exit;
139 }
140
141 // Finding the icon
142 switch($GLOBALS['FILEMOUNTS'][$key]['type']) {
143 case 'user': $this->icon = 'gfx/i/_icon_ftp_user.gif'; break;
144 case 'group': $this->icon = 'gfx/i/_icon_ftp_group.gif'; break;
145 default: $this->icon = 'gfx/i/_icon_ftp.gif'; break;
146 }
147
148 $this->icon = '<img'.t3lib_iconWorks::skinImg($this->backPath,$this->icon,'width="18" height="16"').' title="" alt="" />';
149
150 // Relative path to filemount, $key:
151 $this->shortPath = substr($this->target,strlen($GLOBALS['FILEMOUNTS'][$key]['path']));
152
153 // Setting title:
154 $this->title = $this->icon.$GLOBALS['FILEMOUNTS'][$key]['name'].': '.$this->shortPath;
155
156 // Setting template object
157 $this->doc = t3lib_div::makeInstance('template');
158 $this->doc->setModuleTemplate('templates/file_upload.html');
159 $this->doc->backPath = $BACK_PATH;
160
161 if($GLOBALS['BE_USER']->jsConfirmation(1)) {
162 $confirm = ' && confirm('.$LANG->JScharCode($LANG->sL('LLL:EXT:lang/locallang_core.php:mess.redraw')).')';
163 } else {
164 $confirm = '';
165 }
166 $this->doc->JScode=$this->doc->wrapScriptTags('
167 var path = "'.$this->target.'";
168
169 function reload(a) { //
170 if (!changed || (changed '.$confirm.')) {
171 var params = "&target="+escape(path)+"&number="+a+"&returnUrl='.htmlspecialchars($this->returnUrl).'";
172 window.location.href = "file_upload.php?"+params;
173 }
174 }
175 function backToList() { //
176 top.goToModule("file_list");
177 }
178 var changed = 0;
179 ');
180 }
181
182 /**
183 * Main function, rendering the upload file form fields
184 *
185 * @return void
186 */
187 function main() {
188 global $LANG;
189
190 // Make page header:
191 $this->content = $this->doc->startPage($LANG->sL('LLL:EXT:lang/locallang_core.php:file_upload.php.pagetitle'));
192
193 $pageContent.=$this->doc->header($LANG->sL('LLL:EXT:lang/locallang_core.php:file_upload.php.pagetitle'));
194 $pageContent.=$this->doc->spacer(5);
195 $pageContent.=$this->doc->divider(5);
196
197
198 $code = '<form action="tce_file.php" method="post" name="editform" enctype="'.$GLOBALS['TYPO3_CONF_VARS']['SYS']['form_enctype'].'">';
199 // Making the selector box for the number of concurrent uploads
200 $this->number = t3lib_div::intInRange($this->number,1,10);
201 $code .= '
202 <div id="c-select">
203 <select name="number" onchange="reload(this.options[this.selectedIndex].value);">';
204 for ($a=1;$a<=$this->uploadNumber;$a++) {
205 $code.='
206 <option value="'.$a.'"'.($this->number==$a?' selected="selected"':'').'>'.$a.' '.$LANG->sL('LLL:EXT:lang/locallang_core.php:file_upload.php.files',1).'</option>';
207 }
208 $code.='
209 </select>
210 </div>
211 ';
212
213 // Make checkbox for "overwrite"
214 $code.='
215 <div id="c-override">
216 <input type="checkbox" name="overwriteExistingFiles" id="overwriteExistingFiles" value="1" /> <label for="overwriteExistingFiles">'.$LANG->getLL('overwriteExistingFiles',1).'</label>
217 </div>
218 ';
219
220 // Produce the number of upload-fields needed:
221 $code.='
222 <div id="c-upload">
223 ';
224 for ($a=0;$a<$this->number;$a++) {
225 // Adding 'size="50" ' for the sake of Mozilla!
226 $code.='
227 <input type="file" name="upload_'.$a.'"'.$this->doc->formWidth(35).' size="50" onclick="changed=1;" />
228 <input type="hidden" name="file[upload]['.$a.'][target]" value="'.htmlspecialchars($this->target).'" />
229 <input type="hidden" name="file[upload]['.$a.'][data]" value="'.$a.'" /><br />
230 ';
231 }
232 $code.='
233 </div>
234 ';
235
236 // Submit button:
237 $code.='
238 <div id="c-submit">
239 <input type="submit" value="'.$LANG->sL('LLL:EXT:lang/locallang_core.php:file_upload.php.submit',1).'" />
240 <input type="submit" value="'.$LANG->sL('LLL:EXT:lang/locallang_core.php:labels.cancel',1).'" onclick="backToList(); return false;" />
241 <input type="hidden" name="redirect" value="'.htmlspecialchars($this->returnUrl).'" />
242 </div>
243 ';
244
245 // Add the HTML as a section:
246 $pageContent.= $this->doc->section('',$code);
247
248
249 // Header Buttons
250 $docHeaderButtons = array(
251 'csh' => t3lib_BEfunc::cshItem('xMOD_csh_corebe', 'file_upload', $GLOBALS['BACK_PATH'])
252 );
253
254 $markerArray = array(
255 'CSH' => $docHeaderButtons['csh'],
256 'FUNC_MENU' => t3lib_BEfunc::getFuncMenu($this->id, 'SET[function]', $this->MOD_SETTINGS['function'], $this->MOD_MENU['function']),
257 'CONTENT' => $pageContent,
258 'PATH' => $this->title,
259 );
260
261 $this->content.= $this->doc->moduleBody(array(), $docHeaderButtons, $markerArray);
262 $this->content.= $this->doc->endPage();
263 $this->content = $this->doc->insertStylesAndJS($this->content);
264 }
265
266 /**
267 * Outputting the accumulated content to screen
268 *
269 * @return void
270 */
271 function printContent() {
272 echo $this->content;
273 }
274 }
275
276 // Include extension?
277 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/file_upload.php']) {
278 include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/file_upload.php']);
279 }
280
281
282
283
284
285
286
287
288
289
290
291
292 // Make instance:
293 $SOBE = t3lib_div::makeInstance('SC_file_upload');
294 $SOBE->init();
295 $SOBE->main();
296 $SOBE->printContent();
297 ?>