[TASK] Refactor conditions in t3lib_extFileFunc
[Packages/TYPO3.CMS.git] / t3lib / class.t3lib_extfilefunc.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2011 Kasper Skårhøj (kasperYYYY@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * Extending class to class t3lib_basicFileFunctions
29 *
30 * Revised for TYPO3 3.6 May/2004 by Kasper Skårhøj
31 *
32 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
33 */
34 /**
35 * [CLASS/FUNCTION INDEX of SCRIPT]
36 *
37 *
38 *
39 * 105: class t3lib_extFileFunctions extends t3lib_basicFileFunctions
40 * 151: function start($fileCmds)
41 * 181: function init_actionPerms($setup)
42 * 213: function processData()
43 * 270: function printLogErrorMessages($redirect='')
44 * 328: function findRecycler($theFile)
45 * 357: function writeLog($action,$error,$details_nr,$details,$data)
46 *
47 * SECTION: File operation functions
48 * 384: function func_delete($cmds)
49 * 451: function func_copy($cmds)
50 * 542: function func_move($cmds)
51 * 637: function func_rename($cmds)
52 * 683: function func_newfolder($cmds)
53 * 713: function func_newfile($cmds)
54 * 750: function func_edit($cmds)
55 * 782: function func_upload($cmds)
56 * 821: function func_unzip($cmds)
57 *
58 * TOTAL FUNCTIONS: 15
59 * (This index is automatically created/updated by the extension "extdeveval")
60 *
61 */
62
63
64 /**
65 * Contains functions for performing file operations like copying, pasting, uploading, moving, deleting etc. through the TCE
66 * Extending class to class t3lib_basicFileFunctions.
67 *
68 * see basicFileFunctions
69 * see document "TYPO3 Core API" for syntax
70 *
71 * This class contains functions primarily used by tce_file.php (TYPO3 Core Engine for file manipulation)
72 * Functions include copying, moving, deleting, uploading and so on...
73 *
74 * Important internal variables:
75 *
76 * $filemounts (see basicFileFunctions)
77 * $f_ext (see basicFileFunctions)
78 * ... All fileoperations must be within the filemount-paths. Further the fileextension MUST validate TRUE with the f_ext array
79 *
80 * The unzip-function allows unzip only if the destination path has it's f_ext[]['allow'] set to '*'!!
81 * You are allowed to copy/move folders within the same 'space' (web/ftp).
82 * You are allowed to copy/move folders between spaces (web/ftp) IF the destination has it's f_ext[]['allow'] set to '*'!
83 *
84 * Advice:
85 * You should always exclude php-files from the webspace. This will keep people from uploading, copy/moving and renaming files to become executable php scripts.
86 * You should never mount a ftp_space 'below' the webspace so that it reaches into the webspace. This is because if somebody unzips a zip-file in the ftp-space so that it reaches out into the webspace this will be a violation of the safety
87 * For example this is a bad idea: you have an ftp-space that is '/www/' and a web-space that is '/www/htdocs/'
88 *
89 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
90 * @package TYPO3
91 * @subpackage t3lib
92 */
93 class t3lib_extFileFunctions extends t3lib_basicFileFunctions {
94
95 // External static variables:
96 // Notice; some of these are overridden in the start() method with values from $GLOBALS['TYPO3_CONF_VARS']['BE']
97 var $maxCopyFileSize = 10000; // max copy size (kb) for files
98 var $maxMoveFileSize = 10000; // max move size (kb) for files
99 var $maxUploadFileSize = 10000; // max upload size (kb) for files. Remember that PHP has an inner limit often set to 2 MB
100 var $unzipPath = ''; // Path to unzip-program (with trailing '/')
101 var $dontCheckForUnique = 0; // If set, the uploaded files will overwrite existing files.
102
103 var $actionPerms = array( // This array is self-explaning (look in the class below). It grants access to the functions. This could be set from outside in order to enabled functions to users. See also the function init_actionPerms() which takes input directly from the user-record
104 'deleteFile' => 0, // Deleting files physically
105 'deleteFolder' => 0, // Deleting foldes physically
106 'deleteFolderRecursively' => 0, // normally folders are deleted by the PHP-function rmdir(), but with this option a user deletes with 'rm -Rf ....' which is pretty wild!
107 'moveFile' => 0,
108 'moveFolder' => 0,
109 'copyFile' => 0,
110 'copyFolder' => 0,
111 'newFolder' => 0,
112 'newFile' => 0,
113 'editFile' => 0,
114 'unzipFile' => 0,
115 'uploadFile' => 0,
116 'renameFile' => 0,
117 'renameFolder' => 0
118 );
119
120 var $recyclerFN = '_recycler_'; // This is regarded to be the recycler folder
121 var $useRecycler = 1; // 0 = no, 1 = if available, 2 = always
122
123 // Internal, static:
124 var $PHPFileFunctions = 0; // If set, all fileoperations are done by the default PHP-functions. This is necessary under windows! On UNIX the system commands by exec() can be used
125 var $dont_use_exec_commands = 0; // This is necessary under windows!
126
127 // Internal, dynamic:
128 var $internalUploadMap = array(); // Will contain map between upload ID and the final filename
129
130 var $lastError = '';
131
132
133 /**
134 * Initialization of the class
135 *
136 * @param array The $file array with the commands to execute. See "TYPO3 Core API" document
137 * @return void
138 */
139 function start($fileCmds) {
140
141 // Configure settings from TYPO3_CONF_VARS:
142 if (TYPO3_OS == 'WIN' || $GLOBALS['TYPO3_CONF_VARS']['BE']['disable_exec_function']) {
143 $this->PHPFileFunctions = 1;
144 $this->dont_use_exec_commands = 1;
145 } else {
146 $this->PHPFileFunctions = $GLOBALS['TYPO3_CONF_VARS']['BE']['usePHPFileFunctions'];
147 }
148
149 $unzipPath = trim($GLOBALS['TYPO3_CONF_VARS']['BE']['unzip_path']);
150 if (substr($unzipPath, -1) !== '/' && is_dir($unzipPath)) {
151 // Make sure the path ends with a slash
152 $unzipPath.= '/';
153 }
154 $this->unzipPath = $unzipPath;
155
156 $maxFileSize = intval($GLOBALS['TYPO3_CONF_VARS']['BE']['maxFileSize']);
157 if ($maxFileSize > 0) {
158 $this->maxCopyFileSize = $maxFileSize;
159 $this->maxMoveFileSize = $maxFileSize;
160 }
161 $this->maxUploadFileSize = t3lib_div::getMaxUploadFileSize();
162
163 // Initializing file processing commands:
164 $this->fileCmdMap = $fileCmds;
165 }
166
167 /**
168 * Sets up permission to perform file/directory operations.
169 * See below or the be_user-table for the significance of the various bits in $setup.
170 *
171 * @param integer File permission integer from BE_USER OR'ed with permissions of back-end groups this user is a member of
172 * @return void
173 */
174 function init_actionPerms($setup) {
175 if (($setup & 1) == 1) { // Files: Upload,Copy,Move,Delete,Rename
176 $this->actionPerms['uploadFile'] = 1;
177 $this->actionPerms['copyFile'] = 1;
178 $this->actionPerms['moveFile'] = 1;
179 $this->actionPerms['deleteFile'] = 1;
180 $this->actionPerms['renameFile'] = 1;
181 $this->actionPerms['editFile'] = 1;
182 $this->actionPerms['newFile'] = 1;
183 }
184 if (($setup & 2) == 2) { // Files: Unzip
185 $this->actionPerms['unzipFile'] = 1;
186 }
187 if (($setup & 4) == 4) { // Directory: Move,Delete,Rename,New
188 $this->actionPerms['moveFolder'] = 1;
189 $this->actionPerms['deleteFolder'] = 1;
190 $this->actionPerms['renameFolder'] = 1;
191 $this->actionPerms['newFolder'] = 1;
192 }
193 if (($setup & 8) == 8) { // Directory: Copy
194 $this->actionPerms['copyFolder'] = 1;
195 }
196 if (($setup & 16) == 16) { // Directory: Delete recursively (rm -Rf)
197 $this->actionPerms['deleteFolderRecursively'] = 1;
198 }
199 }
200
201 /**
202 * Processing the command array in $this->fileCmdMap
203 *
204 * @return mixed FALSE, if the file functions were not initialized
205 * otherwise returns an array of all the results that are returned
206 * from each command, separated in each action.
207 */
208 function processData() {
209 $result = array();
210 if (!$this->isInit) {
211 return FALSE;
212 }
213
214 if (is_array($this->fileCmdMap)) {
215
216 // Check if there were uploads expected, but no one made
217 if ($this->fileCmdMap['upload']) {
218 $uploads = $this->fileCmdMap['upload'];
219 foreach ($uploads as $upload) {
220 if (!$_FILES['upload_' . $upload['data']]['name']) {
221 unset($this->fileCmdMap['upload'][$upload['data']]);
222 }
223 }
224 if (count($this->fileCmdMap['upload']) == 0) {
225 $this->writelog(1, 1, 108, 'No file was uploaded!', '');
226 }
227 }
228
229 // Traverse each set of actions
230 foreach ($this->fileCmdMap as $action => $actionData) {
231
232 // Traverse all action data. More than one file might be affected at the same time.
233 if (is_array($actionData)) {
234 $result[$action] = array();
235 foreach ($actionData as $cmdArr) {
236
237 // Clear file stats
238 clearstatcache();
239
240 // Branch out based on command:
241 switch ($action) {
242 case 'delete':
243 $result[$action][] = $this->func_delete($cmdArr);
244 break;
245 case 'copy':
246 $result[$action][] = $this->func_copy($cmdArr);
247 break;
248 case 'move':
249 $result[$action][] = $this->func_move($cmdArr);
250 break;
251 case 'rename':
252 $result[$action][] = $this->func_rename($cmdArr);
253 break;
254 case 'newfolder':
255 $result[$action][] = $this->func_newfolder($cmdArr);
256 break;
257 case 'newfile':
258 $result[$action][] = $this->func_newfile($cmdArr);
259 break;
260 case 'editfile':
261 $result[$action][] = $this->func_edit($cmdArr);
262 break;
263 case 'upload':
264 $result[$action][] = $this->func_upload($cmdArr);
265 break;
266 case 'unzip':
267 $result[$action][] = $this->func_unzip($cmdArr);
268 break;
269 }
270
271 // Hook for post-processing the action
272 if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_extfilefunc.php']['processData'])) {
273 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_extfilefunc.php']['processData'] as $classRef) {
274 $hookObject = t3lib_div::getUserObj($classRef);
275
276 if (!($hookObject instanceof t3lib_extFileFunctions_processDataHook)) {
277 throw new UnexpectedValueException('$hookObject must implement interface t3lib_extFileFunctions_processDataHook', 1279719168);
278 }
279
280 $hookObject->processData_postProcessAction($action, $cmdArr, $result[$action], $this);
281 }
282 }
283 }
284 }
285 }
286 }
287 return $result;
288 }
289
290 /**
291 * Adds log error messages from the operations of this script instance to the FlashMessageQueue
292 *
293 * @param string Redirect URL (for creating link in message)
294 * @return void
295 */
296 function printLogErrorMessages($redirect = '') {
297 $this->getErrorMessages();
298 }
299
300
301 /**
302 * Adds log error messages from the previous file operations of this script instance
303 * to the FlashMessageQueue
304 *
305 * @return void
306 */
307 function getErrorMessages() {
308 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
309 '*',
310 'sys_log',
311 'type = 2 AND userid = ' . intval($GLOBALS['BE_USER']->user['uid'])
312 . ' AND tstamp=' . intval($GLOBALS['EXEC_TIME'])
313 . ' AND error != 0'
314 );
315 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
316 $logData = unserialize($row['log_data']);
317 $msg = $row['error'] . ': ' . sprintf($row['details'], $logData[0], $logData[1], $logData[2], $logData[3], $logData[4]);
318 $flashMessage = t3lib_div::makeInstance(
319 't3lib_FlashMessage',
320 $msg,
321 '',
322 t3lib_FlashMessage::ERROR,
323 TRUE
324 );
325 t3lib_FlashMessageQueue::addMessage($flashMessage);
326 }
327 $GLOBALS['TYPO3_DB']->sql_free_result($res);
328 }
329
330
331 /**
332 * Goes back in the path and checks in each directory if a folder named $this->recyclerFN (usually '_recycler_') is present.
333 * If a folder in the tree happens to be a _recycler_-folder (which means that we're deleting something inside a _recycler_-folder) this is ignored
334 *
335 * @param string Takes a valid Path ($theFile)
336 * @return string Returns the path (without trailing slash) of the closest recycle-folder if found. Else FALSE.
337 */
338 function findRecycler($theFile) {
339 if ($this->isPathValid($theFile)) {
340 $theFile = $this->cleanDirectoryName($theFile);
341 $fI = t3lib_div::split_fileref($theFile);
342 $c = 0;
343 while ($this->checkPathAgainstMounts($fI['path']) && $c < 20) {
344 $rDir = $fI['path'] . $this->recyclerFN;
345 if (@is_dir($rDir) && $this->recyclerFN != $fI['file']) {
346 return $rDir;
347 }
348 $theFile = $fI['path'];
349 $theFile = $this->cleanDirectoryName($theFile);
350 $fI = t3lib_div::split_fileref($theFile);
351 $c++;
352 }
353 }
354 }
355
356 /**
357 * Logging file operations
358 *
359 * @param integer The action number. See the functions in the class for a hint. Eg. edit is '9', upload is '1' ...
360 * @param integer The severity: 0 = message, 1 = error, 2 = System Error, 3 = security notice (admin)
361 * @param integer This number is unique for every combination of $type and $action. This is the error-message number, which can later be used to translate error messages.
362 * @param string This is the default, raw error message in english
363 * @param array Array with special information that may go into $details by "%s" marks / sprintf() when the log is shown
364 * @return void
365 * @see class.t3lib_userauthgroup.php
366 */
367 function writeLog($action, $error, $details_nr, $details, $data) {
368 $type = 2; // Type value for tce_file.php
369 if (is_object($GLOBALS['BE_USER'])) {
370 $GLOBALS['BE_USER']->writelog($type, $action, $error, $details_nr, $details, $data);
371 }
372 $this->lastError = vsprintf($details, $data);
373 }
374
375
376 /*************************************
377 *
378 * File operation functions
379 *
380 **************************************/
381
382 /**
383 * Deleting files and folders (action=4)
384 *
385 * @param array $cmds['data'] is the file/folder to delete
386 * @return boolean Returns TRUE upon success
387 */
388 function func_delete($cmds) {
389 if (!$this->isInit) {
390 return FALSE;
391 }
392
393 // Checking path:
394 $theFile = $cmds['data'];
395 if (!$this->isPathValid($theFile)) {
396 $this->writelog(4, 2, 101, 'Target "%s" had invalid path (".." and "//" is not allowed in path).', array($theFile));
397 return FALSE;
398 }
399
400 // Recycler moving or not?
401 if ($this->useRecycler && $recyclerPath = $this->findRecycler($theFile)) {
402 // If a recycler is found, the deleted items is moved to the recycler and not just deleted.
403 $newCmds = array();
404 $newCmds['data'] = $theFile;
405 $newCmds['target'] = $recyclerPath;
406 $newCmds['altName'] = 1;
407 $this->func_move($newCmds);
408 $this->writelog(4, 0, 4, 'Item "%s" moved to recycler at "%s"', array($theFile, $recyclerPath));
409 return TRUE;
410 } elseif ($this->useRecycler != 2) { // if $this->useRecycler==2 then we cannot delete for real!!
411 if (@is_file($theFile)) { // If we are deleting a file...
412 if (!$this->actionPerms['deleteFile']) {
413 $this->writelog(4, 1, 112, 'You are not allowed to delete files', '');
414 return FALSE;
415 }
416 if (!$this->checkPathAgainstMounts($theFile)) {
417 $this->writelog(4, 1, 111, 'Target was not within your mountpoints! T="%s"', array($theFile));
418 return FALSE;
419 }
420 if (@unlink($theFile)) {
421 $this->writelog(4, 0, 1, 'File "%s" deleted', array($theFile));
422 return TRUE;
423 } else {
424 $this->writelog(4, 1, 110, 'Could not delete file "%s". Write-permission problem?', array($theFile));
425 }
426 // FINISHED deleting file
427
428 } elseif (@is_dir($theFile)) { // if we're deleting a folder
429 if (!$this->actionPerms['deleteFolder']) {
430 $this->writelog(4, 1, 123, 'You are not allowed to delete directories', '');
431 return FALSE;
432 }
433
434 $theFile = $this->is_directory($theFile);
435 if (!$theFile) {
436 $this->writelog(4, 2, 122, 'Target seemed not to be a directory! (Shouldn\'t happen here!)', '');
437 return FALSE;
438 }
439 if (!$this->checkPathAgainstMounts($theFile)) {
440 $this->writelog(4, 1, 121, 'Target was not within your mountpoints! T="%s"', array($theFile));
441 return FALSE;
442 }
443 // I choose not to append '/' to $theFile here as this will prevent us from deleting mounts!! (which makes sense to me...)
444 if ($this->actionPerms['deleteFolderRecursively']) {
445 if (t3lib_div::rmdir($theFile, TRUE)) {
446 $this->writelog(4, 0, 2, 'Directory "%s" deleted recursively!', array($theFile));
447 return TRUE;
448 } else {
449 $this->writelog(4, 2, 119, 'Directory "%s" WAS NOT deleted recursively! Write-permission problem?', array($theFile));
450 }
451 } else {
452 if (@rmdir($theFile)) {
453 $this->writelog(4, 0, 3, 'Directory "%s" deleted', array($theFile));
454 return TRUE;
455 } else {
456 $this->writelog(4, 1, 120, 'Could not delete directory! Write-permission problem? Is directory "%s" empty? (You are not allowed to delete directories recursively).', array($theFile));
457 }
458 }
459 // FINISHED copying directory
460
461 } else {
462 $this->writelog(4, 2, 130, 'The item was not a file or directory! "%s"', array($theFile));
463 }
464 } else {
465 $this->writelog(4, 1, 131, 'No recycler found!', '');
466 }
467 }
468
469 /**
470 * Copying files and folders (action=2)
471 *
472 * @param array $cmds['data'] is the file/folder to copy. $cmds['target'] is the path where to copy to. $cmds['altName'] (boolean): If set, another filename is found in case the target already exists
473 * @return string Returns the new filename upon success
474 */
475 function func_copy($cmds) {
476 if (!$this->isInit) {
477 return FALSE;
478 }
479
480 // Initialize and check basic conditions:
481 $theFile = $cmds['data'];
482 $theDest = $this->is_directory($cmds['target']); // Clean up destination directory
483 $altName = $cmds['altName'];
484 if (!$theDest) {
485 $this->writelog(2, 2, 100, 'Destination "%s" was not a directory', array($cmds['target']));
486 return FALSE;
487 }
488 if (!$this->isPathValid($theFile) || !$this->isPathValid($theDest)) {
489 $this->writelog(2, 2, 101, 'Target or destination had invalid path (".." and "//" is not allowed in path). T="%s", D="%s"', array($theFile, $theDest));
490 return FALSE;
491 }
492
493 // Processing of file or directory.
494 if (@is_file($theFile)) { // If we are copying a file...
495 if (!$this->actionPerms['copyFile']) {
496 $this->writelog(2, 1, 114, 'You are not allowed to copy files', '');
497 return FALSE;
498 }
499 if (filesize($theFile) >= ($this->maxCopyFileSize * 1024)) {
500 $this->writelog(2, 1, 113, 'File "%s" exceeds the size-limit of %s bytes', array($theFile, $this->maxCopyFileSize * 1024));
501 return FALSE;
502 }
503 $fI = t3lib_div::split_fileref($theFile);
504 if ($altName) { // If altName is set, we're allowed to create a new filename if the file already existed
505 $theDestFile = $this->getUniqueName($fI['file'], $theDest);
506 $fI = t3lib_div::split_fileref($theDestFile);
507 } else {
508 $theDestFile = $theDest . '/' . $fI['file'];
509 }
510 if (!$theDestFile || file_exists($theDestFile)) {
511 $this->writelog(2, 1, 112, 'File "%s" already exists!', array($theDestFile));
512 return FALSE;
513 }
514 if (!$this->checkIfAllowed($fI['fileext'], $theDest, $fI['file'])) {
515 $this->writelog(2, 1, 111, 'Extension of file name "%s" is not allowed in "%s"!', array($fI['file'], $theDest . '/'));
516 return FALSE;
517 }
518 if (!$this->checkPathAgainstMounts($theDestFile) || !$this->checkPathAgainstMounts($theFile)) {
519 $this->writelog(2, 1, 110, 'Target or destination was not within your mountpoints! T="%s", D="%s"', array($theFile, $theDestFile));
520 return FALSE;
521 }
522 if ($this->PHPFileFunctions) {
523 copy($theFile, $theDestFile);
524 } else {
525 $cmd = 'cp "' . $theFile . '" "' . $theDestFile . '"';
526 t3lib_utility_Command::exec($cmd);
527 }
528 t3lib_div::fixPermissions($theDestFile);
529 clearstatcache();
530 if (@is_file($theDestFile)) {
531 $this->writelog(2, 0, 1, 'File "%s" copied to "%s"', array($theFile, $theDestFile));
532 return $theDestFile;
533 } else {
534 $this->writelog(2, 2, 109, 'File "%s" WAS NOT copied to "%s"! Write-permission problem?', array($theFile, $theDestFile));
535 return FALSE;
536 }
537 // FINISHED copying file
538
539 } elseif (@is_dir($theFile) && !$this->dont_use_exec_commands) { // if we're copying a folder
540 if (!$this->actionPerms['copyFolder']) {
541 $this->writelog(2, 1, 125, 'You are not allowed to copy directories', '');
542 return FALSE;
543 }
544 $theFile = $this->is_directory($theFile);
545 if (!$theFile) {
546 $this->writelog(2, 2, 124, 'Target seemed not to be a directory! (Shouldn\'t happen here!)', '');
547 return FALSE;
548 }
549 $fI = t3lib_div::split_fileref($theFile);
550 if ($altName) { // If altName is set, we're allowed to create a new filename if the file already existed
551 $theDestFile = $this->getUniqueName($fI['file'], $theDest);
552 $fI = t3lib_div::split_fileref($theDestFile);
553 } else {
554 $theDestFile = $theDest . '/' . $fI['file'];
555 }
556 if (!$theDestFile || file_exists($theDestFile)) {
557 $this->writelog(2, 1, 123, 'Target "%s" already exists!', array($theDestFile));
558 return FALSE;
559 }
560 if (!t3lib_div::isFirstPartOfStr($theDestFile . '/', $theFile . '/')) {
561 $this->writelog(2, 1, 122, 'Destination cannot be inside the target! D="%s", T="%s"', array($theDestFile . '/', $theFile . '/'));
562 return FALSE;
563 }
564 // Check if the one folder is inside the other or on the same level... to target/dest is the same?
565 if ($this->checkIfFullAccess($theDest) || $this->is_webPath($theDestFile) == $this->is_webPath($theFile)) { // no copy of folders between spaces
566 $this->writelog(2, 1, 121, 'You don\'t have full access to the destination directory "%s"!', array($theDest . '/'));
567 return FALSE;
568 }
569 if (!$this->checkPathAgainstMounts($theDestFile) || !$this->checkPathAgainstMounts($theFile)) {
570 $this->writelog(2, 1, 120, 'Target or destination was not within your mountpoints! T="%s", D="%s"', array($theFile, $theDestFile));
571 return FALSE;
572 }
573 // No way to do this under windows!
574 $cmd = 'cp -R "' . $theFile . '" "' . $theDestFile . '"';
575 t3lib_utility_Command::exec($cmd);
576 clearstatcache();
577 if (@is_dir($theDestFile)) {
578 $this->writelog(2, 0, 2, 'Directory "%s" copied to "%s"', array($theFile, $theDestFile));
579 return $theDestFile;
580 } else {
581 $this->writelog(2, 2, 119, 'Directory "%s" WAS NOT copied to "%s"! Write-permission problem?', array($theFile, $theDestFile));
582 return FALSE;
583 }
584 // FINISHED copying directory
585
586 } else {
587 $this->writelog(2, 2, 130, 'The item "%s" was not a file or directory!', array($theFile));
588 }
589 }
590
591 /**
592 * Moving files and folders (action=3)
593 *
594 * @param array $cmds['data'] is the file/folder to move. $cmds['target'] is the path where to move to. $cmds['altName'] (boolean): If set, another filename is found in case the target already exists
595 * @return string Returns the new filename upon success
596 */
597 function func_move($cmds) {
598 if (!$this->isInit) {
599 return FALSE;
600 }
601
602 // Initialize and check basic conditions:
603 $theFile = $cmds['data'];
604 $theDest = $this->is_directory($cmds['target']); // Clean up destination directory
605 $altName = $cmds['altName'];
606 if (!$theDest) {
607 $this->writelog(3, 2, 100, 'Destination "%s" was not a directory', array($cmds['target']));
608 return FALSE;
609 }
610 if (!$this->isPathValid($theFile) || !$this->isPathValid($theDest)) {
611 $this->writelog(3, 2, 101, 'Target or destination had invalid path (".." and "//" is not allowed in path). T="%s", D="%s"', array($theFile, $theDest));
612 return FALSE;
613 }
614
615 // Processing of file or directory:
616 if (@is_file($theFile)) { // If we are moving a file...
617 if (!$this->actionPerms['moveFile']) {
618 $this->writelog(3, 1, 114, 'You are not allowed to move files', '');
619 return FALSE;
620 }
621 if (filesize($theFile) >= ($this->maxMoveFileSize * 1024)) {
622 $this->writelog(3, 1, 113, 'File "%s" exceeds the size-limit of %s bytes', array($theFile, $this->maxMoveFileSize * 1024));
623 return FALSE;
624 }
625 $fI = t3lib_div::split_fileref($theFile);
626 if ($altName) { // If altName is set, we're allowed to create a new filename if the file already existed
627 $theDestFile = $this->getUniqueName($fI['file'], $theDest);
628 $fI = t3lib_div::split_fileref($theDestFile);
629 } else {
630 $theDestFile = $theDest . '/' . $fI['file'];
631 }
632 if (!$theDestFile || file_exists($theDestFile)) {
633 $this->writelog(3, 1, 112, 'File "%s" already exists!', array($theDestFile));
634 return FALSE;
635 }
636 if (!$this->checkIfAllowed($fI['fileext'], $theDest, $fI['file'])) {
637 $this->writelog(3, 1, 111, 'Extension of file name "%s" is not allowed in "%s"!', array($fI['file'], $theDest . '/'));
638 return FALSE;
639 }
640 if (!$this->checkPathAgainstMounts($theDestFile) || !$this->checkPathAgainstMounts($theFile)) {
641 $this->writelog(3, 1, 110, 'Target or destination was not within your mountpoints! T="%s", D="%s"', array($theFile, $theDestFile));
642 return FALSE;
643 }
644 if ($this->PHPFileFunctions) {
645 @rename($theFile, $theDestFile);
646 } else {
647 $cmd = 'mv "' . $theFile . '" "' . $theDestFile . '"';
648 t3lib_utility_Command::exec($cmd);
649 }
650 clearstatcache();
651 if (@is_file($theDestFile)) {
652 $this->writelog(3, 0, 1, 'File "%s" moved to "%s"', array($theFile, $theDestFile));
653 return $theDestFile;
654 } else {
655 $this->writelog(3, 2, 109, 'File "%s" WAS NOT moved to "%s"! Write-permission problem?', array($theFile, $theDestFile));
656 return FALSE;
657 }
658 // FINISHED moving file
659
660 } elseif (@is_dir($theFile)) { // if we're moving a folder
661 if (!$this->actionPerms['moveFolder']) {
662 $this->writelog(3, 1, 125, 'You are not allowed to move directories', '');
663 return FALSE;
664 }
665 $theFile = $this->is_directory($theFile);
666 if (!$theFile) {
667 $this->writelog(3, 2, 124, 'Target seemed not to be a directory! (Shouldn\'t happen here!)', '');
668 return FALSE;
669 }
670 $fI = t3lib_div::split_fileref($theFile);
671 if ($altName) { // If altName is set, we're allowed to create a new filename if the file already existed
672 $theDestFile = $this->getUniqueName($fI['file'], $theDest);
673 $fI = t3lib_div::split_fileref($theDestFile);
674 } else {
675 $theDestFile = $theDest . '/' . $fI['file'];
676 }
677 if (!$theDestFile || file_exists($theDestFile)) {
678 $this->writelog(3, 1, 123, 'Target "%s" already exists!', array($theDestFile));
679 return FALSE;
680 }
681 if (t3lib_div::isFirstPartOfStr($theDestFile . '/', $theFile . '/')) { // Check if the one folder is inside the other or on the same level... to target/dest is the same?
682 $this->writelog(3, 1, 122, 'Destination cannot be inside the target! D="%s", T="%s"', array($theDestFile . '/', $theFile . '/'));
683 return FALSE;
684 }
685 if (!$this->checkIfFullAccess($theDest) && $this->is_webPath($theDestFile) != $this->is_webPath($theFile)) { // // no moving of folders between spaces
686 $this->writelog(3, 1, 121, 'You don\'t have full access to the destination directory "%s"!', array($theDest . '/'));
687 return FALSE;
688 }
689 if (!$this->checkPathAgainstMounts($theDestFile) || !$this->checkPathAgainstMounts($theFile)) {
690 $this->writelog(3, 1, 120, 'Target or destination was not within your mountpoints! T="%s", D="%s"', array($theFile, $theDestFile));
691 return FALSE;
692 }
693 if ($this->PHPFileFunctions) {
694 @rename($theFile, $theDestFile);
695 } else {
696 $cmd = 'mv "' . $theFile . '" "' . $theDestFile . '"';
697 $errArr = array();
698 t3lib_utility_Command::exec($cmd, $errArr);
699 }
700 clearstatcache();
701 if (@is_dir($theDestFile)) {
702 $this->writelog(3, 0, 2, 'Directory "%s" moved to "%s"', array($theFile, $theDestFile));
703 return $theDestFile;
704 } else {
705 $this->writelog(3, 2, 119, 'Directory "%s" WAS NOT moved to "%s"! Write-permission problem?', array($theFile, $theDestFile));
706 return FALSE;
707 }
708 // FINISHED moving directory
709
710 } else {
711 $this->writelog(3, 2, 130, 'The item "%s" was not a file or directory!', array($theFile));
712 }
713 }
714
715 /**
716 * Renaming files or foldes (action=5)
717 *
718 * @param array $cmds['data'] is the new name. $cmds['target'] is the target (file or dir).
719 * @return string Returns the new filename upon success
720 */
721 function func_rename($cmds) {
722 if (!$this->isInit) {
723 return FALSE;
724 }
725
726 $theNewName = $this->cleanFileName($cmds['data']);
727 if (!$theNewName) {
728 return FALSE;
729 }
730 if (!$this->checkFileNameLen($theNewName)) {
731 $this->writelog(5, 1, 124, 'New name "%s" was too long (max %s characters)', array($theNewName, $this->maxInputNameLen));
732 return FALSE;
733 }
734 $theTarget = $cmds['target'];
735 $type = filetype($theTarget);
736 if ($type != 'file' && $type != 'dir') { // $type MUST BE file or dir
737 $this->writelog(5, 2, 123, 'Target "%s" was neither a directory nor a file!', array($theTarget));
738 return FALSE;
739 }
740 $fileInfo = t3lib_div::split_fileref($theTarget); // Fetches info about path, name, extention of $theTarget
741 if ($fileInfo['file'] == $theNewName) { // The name should be different from the current. And the filetype must be allowed
742 $this->writelog(5, 1, 122, 'Old and new name is the same (%s)', array($theNewName));
743 return FALSE;
744 }
745 $theRenameName = $fileInfo['path'] . $theNewName;
746 if (!$this->checkPathAgainstMounts($fileInfo['path'])) {
747 $this->writelog(5, 1, 121, 'Destination path "%s" was not within your mountpoints!', array($fileInfo['path']));
748 return FALSE;
749 }
750 if (file_exists($theRenameName)) {
751 $this->writelog(5, 1, 120, 'Destination "%s" existed already!', array($theRenameName));
752 return FALSE;
753 }
754 switch ($type) {
755 case 'file':
756 if (!$this->actionPerms['renameFile']) {
757 $this->writelog(5, 1, 102, 'You are not allowed to rename files!', '');
758 return FALSE;
759 }
760 $fI = t3lib_div::split_fileref($theRenameName);
761 if (!$this->checkIfAllowed($fI['fileext'], $fileInfo['path'], $fI['file'])) {
762 $this->writelog(5, 1, 101, 'Extension of file name "%s" was not allowed!', array($fI['file']));
763 return FALSE;
764 }
765 if (@rename($theTarget, $theRenameName)) {
766 $this->writelog(5, 0, 1, 'File renamed from "%s" to "%s"', array($fileInfo['file'], $theNewName));
767 return $theRenameName;
768 } else {
769 $this->writelog(5, 1, 100, 'File "%s" was not renamed! Write-permission problem in "%s"?', array($theTarget, $fileInfo['path']));
770 return FALSE;
771 }
772
773 break;
774
775 case 'dir':
776 if (!$this->actionPerms['renameFolder']) {
777 $this->writelog(5, 1, 111, 'You are not allowed to rename directories!', '');
778 return FALSE;
779 }
780 if (@rename($theTarget, $theRenameName)) {
781 $this->writelog(5, 0, 2, 'Directory renamed from "%s" to "%s"', array($fileInfo['file'], $theNewName));
782 return $theRenameName;
783 } else {
784 $this->writelog(5, 1, 110, 'Directory "%s" was not renamed! Write-permission problem in "%s"?', array($theTarget, $fileInfo['path']));
785 return FALSE;
786 }
787
788 break;
789 }
790 }
791
792 /**
793 * This creates a new folder. (action=6)
794 *
795 * @param array $cmds['data'] is the foldername. $cmds['target'] is the path where to create it.
796 * @return string Returns the new foldername upon success
797 */
798 function func_newfolder($cmds) {
799 if (!$this->isInit) {
800 return FALSE;
801 }
802
803 $theFolder = $this->cleanFileName($cmds['data']);
804 if (!isset($theFolder) || trim($theFolder) == '') {
805 return FALSE;
806 }
807 if (!$this->checkFileNameLen($theFolder)) {
808 $this->writelog(6, 1, 105, 'New name "%s" was too long (max %s characters)', array($theFolder, $this->maxInputNameLen));
809 return FALSE;
810 }
811 $theTarget = $this->is_directory($cmds['target']); // Check the target dir
812 if (!$theTarget) {
813 $this->writelog(6, 2, 104, 'Destination "%s" was not a directory', array($cmds['target']));
814 return FALSE;
815 }
816 if (!$this->actionPerms['newFolder']) {
817 $this->writelog(6, 1, 103, 'You are not allowed to create directories!', '');
818 return FALSE;
819 }
820 $theNewFolder = $theTarget . '/' . $theFolder;
821 if (!$this->checkPathAgainstMounts($theNewFolder)) {
822 $this->writelog(6, 1, 102, 'Destination path "%s" was not within your mountpoints!', array($theTarget . '/'));
823 return FALSE;
824 }
825 if (file_exists($theNewFolder)) {
826 $this->writelog(6, 1, 101, 'File or directory "%s" existed already!', array($theNewFolder));
827 return FALSE;
828 }
829 if (t3lib_div::mkdir($theNewFolder)) {
830 $this->writelog(6, 0, 1, 'Directory "%s" created in "%s"', array($theFolder, $theTarget . '/'));
831 return $theNewFolder;
832 } else {
833 $this->writelog(6, 1, 100, 'Directory "%s" not created. Write-permission problem in "%s"?', array($theFolder, $theTarget . '/'));
834 return FALSE;
835 }
836 }
837
838 /**
839 * This creates a new file. (action=8)
840 *
841 * @param array $cmds['data'] is the new filename. $cmds['target'] is the path where to create it
842 * @return string Returns the new filename upon success
843 */
844 function func_newfile($cmds) {
845 $extList = $GLOBALS['TYPO3_CONF_VARS']['SYS']['textfile_ext'];
846 if (!$this->isInit) {
847 return FALSE;
848 }
849 $newName = $this->cleanFileName($cmds['data']);
850 if (!$newName) {
851 return FALSE;
852 }
853 if (!$this->checkFileNameLen($newName)) {
854 $this->writelog(8, 1, 105, 'New name "%s" was too long (max %s characters)', array($newName, $this->maxInputNameLen));
855 return FALSE;
856 }
857 $theTarget = $this->is_directory($cmds['target']); // Check the target dir
858 $fileInfo = t3lib_div::split_fileref($theTarget); // Fetches info about path, name, extention of $theTarget
859 if (!$theTarget) {
860 $this->writelog(8, 2, 104, 'Destination "%s" was not a directory', array($cmds['target']));
861 return FALSE;
862 }
863 if (!$this->actionPerms['newFile']) {
864 $this->writelog(8, 1, 103, 'You are not allowed to create files!', '');
865 return FALSE;
866 }
867 $theNewFile = $theTarget . '/' . $newName;
868 if (!$this->checkPathAgainstMounts($theNewFile)) {
869 $this->writelog(8, 1, 102, 'Destination path "%s" was not within your mountpoints!', array($theTarget . '/'));
870 return FALSE;
871 }
872 if (file_exists($theNewFile)) {
873 $this->writelog(8, 1, 101, 'File "%s" existed already!', array($theNewFile));
874 return FALSE;
875 }
876 $fI = t3lib_div::split_fileref($theNewFile);
877 if (!$this->checkIfAllowed($fI['fileext'], $fileInfo['path'], $fI['file'])) {
878 $this->writelog(8, 1, 106, 'Extension of file name "%s" was not allowed!', array($fI['file']));
879 return FALSE;
880 }
881 if (!t3lib_div::inList($extList, $fI['fileext'])) {
882 $this->writelog(8, 1, 107, 'File extension "%s" is not a textfile format! (%s)', array($fI['fileext'], $extList));
883 return FALSE;
884 }
885 if (t3lib_div::writeFile($theNewFile, '')) {
886 clearstatcache();
887 $this->writelog(8, 0, 1, 'File created: "%s"', array($fI['file']));
888 return $theNewFile;
889 } else {
890 $this->writelog(8, 1, 100, 'File "%s" was not created! Write-permission problem in "%s"?', array($fI['file'], $theTarget));
891 return FALSE;
892 }
893 }
894
895 /**
896 * Editing textfiles or folders (action=9)
897 *
898 * @param array $cmds['data'] is the new content. $cmds['target'] is the target (file or dir)
899 * @return boolean Returns TRUE on success
900 */
901 function func_edit($cmds) {
902 if (!$this->isInit) {
903 return FALSE;
904 }
905 $theTarget = $cmds['target'];
906 $content = $cmds['data'];
907 $extList = $GLOBALS['TYPO3_CONF_VARS']['SYS']['textfile_ext'];
908 $type = filetype($theTarget);
909 if ($type != 'file') { // $type MUST BE file
910 $this->writelog(9, 2, 123, 'Target "%s" was not a file!', array($theTarget));
911 return FALSE;
912 }
913 $fileInfo = t3lib_div::split_fileref($theTarget); // Fetches info about path, name, extention of $theTarget
914 $fI = $fileInfo;
915 if (!$this->checkPathAgainstMounts($fileInfo['path'])) {
916 $this->writelog(9, 1, 121, 'Destination path "%s" was not within your mountpoints!', array($fileInfo['path']));
917 return FALSE;
918 }
919 if (!$this->actionPerms['editFile']) {
920 $this->writelog(9, 1, 104, 'You are not allowed to edit files!', '');
921 return FALSE;
922 }
923 $fI = t3lib_div::split_fileref($theTarget);
924 if (!$this->checkIfAllowed($fI['fileext'], $fileInfo['path'], $fI['file'])) {
925 $this->writelog(9, 1, 103, 'Extension of file name "%s" was not allowed!', array($fI['file']));
926 return FALSE;
927 }
928 if (!t3lib_div::inList($extList, $fileInfo['fileext'])) {
929 $this->writelog(9, 1, 102, 'File extension "%s" is not a textfile format! (%s)', array($fI['fileext'], $extList));
930 return FALSE;
931 }
932 if (t3lib_div::writeFile($theTarget, $content)) {
933 clearstatcache();
934 $this->writelog(9, 0, 1, 'File saved to "%s", bytes: %s, MD5: %s ', array($fileInfo['file'], @filesize($theTarget), md5($content)));
935 return TRUE;
936 } else {
937 $this->writelog(9, 1, 100, 'File "%s" was not saved! Write-permission problem in "%s"?', array($theTarget, $fileInfo['path']));
938 return FALSE;
939 }
940 }
941
942 /**
943 * Upload of files (action=1)
944 *
945 * @param array $cmds['data'] is the ID-number (points to the global var that holds the filename-ref ($_FILES['upload_'.$id]['name']). $cmds['target'] is the target directory, $cmds['charset'] is the the character set of the file name (utf-8 is needed for JS-interaction)
946 * @return string Returns the new filename upon success
947 */
948 function func_upload($cmds) {
949 if (!$this->isInit) {
950 return FALSE;
951 }
952 $id = $cmds['data'];
953 if (!$_FILES['upload_' . $id]['name']) {
954 $this->writelog(1, 2, 108, 'No file was uploaded!', '');
955 return FALSE;
956 }
957 $theFile = $_FILES['upload_' . $id]['tmp_name']; // filename of the uploaded file
958 $theFileSize = $_FILES['upload_' . $id]['size']; // filesize of the uploaded file
959 $theName = $this->cleanFileName(stripslashes($_FILES['upload_' . $id]['name']), (isset($cmds['charset']) ? $cmds['charset'] : '')); // The original filename
960 if (!is_uploaded_file($theFile) || !$theName) { // Check the file
961 $this->writelog(1, 2, 106, 'The upload has failed, no uploaded file found!', '');
962 return FALSE;
963 }
964 if (!$this->actionPerms['uploadFile']) {
965 $this->writelog(1, 1, 105, 'You are not allowed to upload files!', '');
966 return FALSE;
967 }
968 if ($theFileSize >= ($this->maxUploadFileSize * 1024)) {
969 $this->writelog(1, 1, 104, 'The uploaded file exceeds the size-limit of %s bytes', array($this->maxUploadFileSize * 1024));
970 return FALSE;
971 }
972 $fI = t3lib_div::split_fileref($theName);
973 $theTarget = $this->is_directory($cmds['target']); // Check the target dir
974 if (!$theTarget || !$this->checkPathAgainstMounts($theTarget . '/')) {
975 $this->writelog(1, 1, 103, 'Destination path "%s" was not within your mountpoints!', array($theTarget . '/'));
976 return FALSE;
977 }
978 if (!$this->checkIfAllowed($fI['fileext'], $theTarget, $fI['file'])) {
979 $this->writelog(1, 1, 102, 'Extension of file name "%s" is not allowed in "%s"!', array($fI['file'], $theTarget . '/'));
980 return FALSE;
981 }
982 $theNewFile = $this->getUniqueName($theName, $theTarget, $this->dontCheckForUnique);
983 if (!$theNewFile) {
984 $this->writelog(1, 1, 101, 'No unique filename available in "%s"!', array($theTarget . '/'));
985 return FALSE;
986 }
987 t3lib_div::upload_copy_move($theFile, $theNewFile);
988 clearstatcache();
989 if (@is_file($theNewFile)) {
990 $this->internalUploadMap[$id] = $theNewFile;
991 $this->writelog(1, 0, 1, 'Uploading file "%s" to "%s"', array($theName, $theNewFile, $id));
992 return $theNewFile;
993 } else {
994 $this->writelog(1, 1, 100, 'Uploaded file could not be moved! Write-permission problem in "%s"?', array($theTarget . '/'));
995 return FALSE;
996 }
997 }
998
999 /**
1000 * Unzipping file (action=7)
1001 * This is permitted only if the user has fullAccess or if the file resides
1002 *
1003 * @param array $cmds['data'] is the zip-file. $cmds['target'] is the target directory. If not set we'll default to the same directory as the file is in.
1004 * @return boolean Returns TRUE on success
1005 */
1006 function func_unzip($cmds) {
1007 if (!$this->isInit || $this->dont_use_exec_commands) {
1008 return FALSE;
1009 }
1010
1011 $theFile = $cmds['data'];
1012 if (!@is_file($theFile)) {
1013 $this->writelog(7, 2, 105, 'The file "%s" did not exist!', array($theFile));
1014 return FALSE;
1015 }
1016 $fI = t3lib_div::split_fileref($theFile);
1017 if (!isset($cmds['target'])) {
1018 $cmds['target'] = $fI['path'];
1019 }
1020 // Clean up destination directory
1021 $theDest = $this->is_directory($cmds['target']);
1022 if (!$theDest) {
1023 $this->writelog(7, 2, 104, 'Destination "%s" was not a directory', array($cmds['target']));
1024 return FALSE;
1025 }
1026 if (!$this->actionPerms['unzipFile']) {
1027 $this->writelog(7, 1, 103, 'You are not allowed to unzip files', '');
1028 return FALSE;
1029 }
1030 if ($fI['fileext'] != 'zip') {
1031 $this->writelog(7, 1, 102, 'File extension is not "zip"', '');
1032 return FALSE;
1033 }
1034 if (!$this->checkIfFullAccess($theDest)) {
1035 $this->writelog(7, 1, 101, 'You don\'t have full access to the destination directory "%s"!', array($theDest));
1036 return FALSE;
1037 }
1038 if ($this->checkPathAgainstMounts($theFile) && $this->checkPathAgainstMounts($theDest . '/')) {
1039 // No way to do this under windows.
1040 $cmd = $this->unzipPath . 'unzip -qq "' . $theFile . '" -d "' . $theDest . '"';
1041 t3lib_utility_Command::exec($cmd);
1042 $this->writelog(7, 0, 1, 'Unzipping file "%s" in "%s"', array($theFile, $theDest));
1043 return TRUE;
1044 } else {
1045 $this->writelog(7, 1, 100, 'File "%s" or destination "%s" was not within your mountpoints!', array($theFile, $theDest));
1046 return FALSE;
1047 }
1048 }
1049 }
1050
1051 if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_extfilefunc.php'])) {
1052 include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_extfilefunc.php']);
1053 }
1054
1055 ?>