* Fixed various things in file processing, t3lib_extFileFunc et al.
[Packages/TYPO3.CMS.git] / t3lib / class.t3lib_extfilefunc.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2004 Kasper Skaarhoj (kasper@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * extending class to class t3lib_basicFileFunctions
29 *
30 * $Id$
31 * Revised for TYPO3 3.6 May/2004 by Kasper Skaarhoj
32 *
33 * @author Kasper Skaarhoj <kasper@typo3.com>
34 */
35 /**
36 * [CLASS/FUNCTION INDEX of SCRIPT]
37 *
38 *
39 *
40 * 104: class t3lib_extFileFunctions extends t3lib_basicFileFunctions
41 * 148: function start($fileCmds)
42 * 178: function init_actionPerms($setup)
43 * 210: function processData()
44 * 267: function printLogErrorMessages($redirect)
45 * 325: function findRecycler($theFile)
46 * 354: function writeLog($action,$error,$details_nr,$details,$data)
47 *
48 * SECTION: File operation functions
49 * 381: function func_delete($cmds)
50 * 448: function func_copy($cmds)
51 * 538: function func_move($cmds)
52 * 631: function func_rename($cmds)
53 * 677: function func_newfolder($cmds)
54 * 707: function func_newfile($cmds)
55 * 744: function func_edit($cmds)
56 * 776: function func_upload($cmds)
57 * 814: function func_unzip($cmds)
58 *
59 * TOTAL FUNCTIONS: 15
60 * (This index is automatically created/updated by the extension "extdeveval")
61 *
62 */
63
64
65
66
67
68
69
70
71
72
73
74
75
76 /**
77 * Contains functions for performing file operations like copying, pasting, uploading, moving, deleting etc. through the TCE
78 * Extending class to class t3lib_basicFileFunctions.
79 *
80 * see basicFileFunctions
81 * see document "TYPO3 Core API" for syntax
82 *
83 * This class contains functions primarily used by tce_file.php (TYPO3 Core Engine for file manipulation)
84 * Functions include copying, moving, deleting, uploading and so on...
85 *
86 * Important internal variables:
87 *
88 * $filemounts (see basicFileFunctions)
89 * $f_ext (see basicFileFunctions)
90 * ... All fileoperations must be within the filemount-paths. Further the fileextension MUST validate true with the f_ext array
91 *
92 * The unzip-function allows unzip only if the destination path has it's f_ext[]['allow'] set to '*'!!
93 * You are allowed to copy/move folders within the same 'space' (web/ftp).
94 * You are allowed to copy/move folders between spaces (web/ftp) IF the destination has it's f_ext[]['allow'] set to '*'!
95 *
96 * Advice:
97 * You should always exclude php-files from the webspace. This will keep people from uploading, copy/moving and renaming files to the php3/php-extension.
98 * You should never mount a ftp_space 'below' the webspace so that it reaches into the webspace. This is because if somebody unzips a zip-file in the ftp-space so that it reaches out into the webspace this will be a violation of the safety
99 * For example this is a bad idea: you have an ftp-space that is '/www/' and a web-space that is '/www/htdocs/'
100 *
101 * @author Kasper Skaarhoj <kasper@typo3.com>
102 * @package TYPO3
103 * @subpackage t3lib
104 */
105 class t3lib_extFileFunctions extends t3lib_basicFileFunctions {
106
107 // External static variables:
108 // Notice; some of these are overridden in the start() method with values from $GLOBALS['TYPO3_CONF_VARS']['BE']
109 var $maxCopyFileSize = 10000; // max copy size (kb) for files
110 var $maxMoveFileSize = 10000; // max move size (kb) for files
111 var $maxUploadFileSize = 10000; // max upload size (kb) for files. Remember that PHP has an inner limit often set to 2 MB
112 var $unzipPath = ''; // Path to unzip-program (with trailing '/')
113 var $dontCheckForUnique = 0; // If set, the uploaded files will overwrite existing files.
114
115 var $actionPerms = Array( // This array is self-explaning (look in the class below). It grants access to the functions. This could be set from outside in order to enabled functions to users. See also the function init_actionPerms() which takes input directly from the user-record
116 'deleteFile' => 0, // Deleting files physically
117 'deleteFolder' => 0, // Deleting foldes physically
118 'deleteFolderRecursively' => 0, // normally folders are deleted by the PHP-function rmdir(), but with this option a user deletes with 'rm -Rf ....' which is pretty wild!
119 'moveFile' => 0,
120 'moveFolder' => 0,
121 'copyFile' => 0,
122 'copyFolder' => 0,
123 'newFolder' => 0,
124 'newFile' => 0,
125 'editFile' => 0,
126 'unzipFile' => 0,
127 'uploadFile' => 0,
128 'renameFile' => 0,
129 'renameFolder' => 0
130 );
131
132 var $recyclerFN = '_recycler_'; // This is regarded to be the recycler folder
133 var $useRecycler = 1; // 0 = no, 1 = if available, 2 = always
134
135 // Internal, static:
136 var $PHPFileFunctions = 0; // If set, all fileoperations are done by the default PHP-functions. This is necessary under windows! On UNIX the system commands by exec() can be used unless safe_mode is enabled
137 var $dont_use_exec_commands = 0; // This is necessary under windows!
138
139
140
141
142
143 /**
144 * Initialization of the class
145 *
146 * @param array The $file array with the commands to execute. See "TYPO3 Core API" document
147 * @return void
148 */
149 function start($fileCmds) {
150
151 // Configure settings from TYPO3_CONF_VARS:
152 if (TYPO3_OS=='WIN' || $GLOBALS['TYPO3_CONF_VARS']['BE']['disable_exec_function']) {
153 $this->PHPFileFunctions = 1;
154 $this->dont_use_exec_commands = 1;
155 } else {
156 $this->PHPFileFunctions = $GLOBALS['TYPO3_CONF_VARS']['BE']['usePHPFileFunctions'];
157 }
158
159 $this->unzipPath = $GLOBALS['TYPO3_CONF_VARS']['BE']['unzip_path'];
160
161 $maxFileSize = intval($GLOBALS['TYPO3_CONF_VARS']['BE']['maxFileSize']);
162 if ($maxFileSize>0) {
163 $this->maxCopyFileSize = $maxFileSize;
164 $this->maxMoveFileSize = $maxFileSize;
165 $this->maxUploadFileSize = $maxFileSize;
166 }
167
168 // Initializing file processing commands:
169 $this->fileCmdMap = $fileCmds;
170 }
171
172 /**
173 * Sets up permission to perform file/directory operations.
174 * See below or the be_user-table for the significanse of the various bits in $setup ($BE_USER->user['fileoper_perms'])
175 *
176 * @param integer File permission integer from BE_USER object.
177 * @return void
178 */
179 function init_actionPerms($setup) {
180 if (($setup&1)==1) { // Files: Upload,Copy,Move,Delete,Rename
181 $this->actionPerms['uploadFile']=1;
182 $this->actionPerms['copyFile']=1;
183 $this->actionPerms['moveFile']=1;
184 $this->actionPerms['deleteFile']=1;
185 $this->actionPerms['renameFile']=1;
186 $this->actionPerms['editFile']=1;
187 $this->actionPerms['newFile']=1;
188 }
189 if (($setup&2)==2) { // Files: Unzip
190 $this->actionPerms['unzipFile']=1;
191 }
192 if (($setup&4)==4) { // Directory: Move,Delete,Rename,New
193 $this->actionPerms['moveFolder']=1;
194 $this->actionPerms['deleteFolder']=1;
195 $this->actionPerms['renameFolder']=1;
196 $this->actionPerms['newFolder']=1;
197 }
198 if (($setup&8)==8) { // Directory: Copy
199 $this->actionPerms['copyFolder']=1;
200 }
201 if (($setup&16)==16) { // Directory: Delete recursively (rm -Rf)
202 $this->actionPerms['deleteFolderRecursively']=1;
203 }
204 }
205
206 /**
207 * Processing the command array in $this->fileCmdMap
208 *
209 * @return void
210 */
211 function processData() {
212 if (!$this->isInit) return FALSE;
213
214 if (is_array($this->fileCmdMap)) {
215
216 // Traverse each set of actions
217 foreach($this->fileCmdMap as $action => $actionData) {
218
219 // Traverse all action data. More than one file might be affected at the same time.
220 if (is_array($actionData)) {
221 foreach($actionData as $cmdArr) {
222
223 // Clear file stats
224 clearstatcache();
225
226 // Branch out based on command:
227 switch ($action) {
228 case 'delete':
229 $this->func_delete($cmdArr);
230 break;
231 case 'copy':
232 $this->func_copy($cmdArr);
233 break;
234 case 'move':
235 $this->func_move($cmdArr);
236 break;
237 case 'rename':
238 $this->func_rename($cmdArr);
239 break;
240 case 'newfolder':
241 $this->func_newfolder($cmdArr);
242 break;
243 case 'newfile':
244 $this->func_newfile($cmdArr);
245 break;
246 case 'editfile':
247 $this->func_edit($cmdArr);
248 break;
249 case 'upload':
250 $this->func_upload($cmdArr);
251 break;
252 case 'unzip':
253 $this->func_unzip($cmdArr);
254 break;
255 }
256 }
257 }
258 }
259 }
260 }
261
262 /**
263 * Print log error messages from the operations of this script instance
264 *
265 * @param string Redirect URL (for creating link in message)
266 * @return void (Will exit on error)
267 */
268 function printLogErrorMessages($redirect='') {
269
270 $res_log = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
271 '*',
272 'sys_log',
273 'type=2 AND userid='.intval($GLOBALS['BE_USER']->user['uid']).' AND tstamp='.intval($GLOBALS['EXEC_TIME']).' AND error!=0'
274 );
275 $errorJS = array();
276 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res_log)) {
277 $log_data = unserialize($row['log_data']);
278 $errorJS[] = $row[error].': '.sprintf($row['details'], $log_data[0],$log_data[1],$log_data[2],$log_data[3],$log_data[4]);
279 }
280
281 if (count($errorJS)) {
282 $error_doc = t3lib_div::makeInstance('template');
283 $error_doc->backPath = '';
284
285 $content.= $error_doc->startPage('tce_db.php Error output');
286
287 $lines[] = '
288 <tr class="bgColor5">
289 <td colspan="2" align="center"><strong>Errors:</strong></td>
290 </tr>';
291
292 foreach($errorJS as $line) {
293 $lines[] = '
294 <tr class="bgColor4">
295 <td valign="top"><img'.t3lib_iconWorks::skinImg('','gfx/icon_fatalerror.gif','width="18" height="16"').' alt="" /></td>
296 <td>'.htmlspecialchars($line).'</td>
297 </tr>';
298 }
299
300 $lines[] = '
301 <tr>
302 <td colspan="2" align="center"><br />'.
303 '<form action=""><input type="submit" value="Continue" onclick="'.htmlspecialchars('document.location=\''.$redirect.'\';return false;').'" /></form>'.
304 '</td>
305 </tr>';
306
307 $content.= '
308 <br /><br />
309 <table border="0" cellpadding="1" cellspacing="1" width="300" align="center">
310 '.implode('',$lines).'
311 </table>';
312
313 $content.= $error_doc->endPage();
314 echo $content;
315 exit;
316 }
317 }
318
319 /**
320 * Goes back in the path and checks in each directory if a folder named $this->recyclerFN (usually '_recycler_') is present.
321 * If a folder in the tree happens to be a _recycler_-folder (which means that we're deleting something inside a _recycler_-folder) this is ignored
322 *
323 * @param string Takes a valid Path ($theFile)
324 * @return string Returns the path (without trailing slash) of the closest recycle-folder if found. Else false.
325 */
326 function findRecycler($theFile) {
327 if ($this->isPathValid($theFile)) {
328 $theFile = $this->cleanDirectoryName($theFile);
329 $fI = t3lib_div::split_fileref($theFile);
330 $c = 0;
331 while($this->checkPathAgainstMounts($fI['path']) && $c<20) {
332 $rDir = $fI['path'].$this->recyclerFN;
333 if (@is_dir($rDir) && $this->recyclerFN!=$fI['file']) {
334 return $rDir;
335 }
336 $theFile = $fI['path'];
337 $theFile = $this->cleanDirectoryName($theFile);
338 $fI = t3lib_div::split_fileref($theFile);
339 $c++;
340 }
341 }
342 }
343
344 /**
345 * Logging actions
346 *
347 * @param integer The action number. See the functions in the class for a hint. Eg. edit is '9', upload is '1' ...
348 * @param integer The severity: 0 = message, 1 = error, 2 = System Error, 3 = security notice (admin)
349 * @param integer This number is unique for every combination of $type and $action. This is the error-message number, which can later be used to translate error messages.
350 * @param string This is the default, raw error message in english
351 * @param array Array with special information that may go into $details by "%s" marks / sprintf() when the log is shown
352 * @return void
353 * @see class.t3lib_userauthgroup.php
354 */
355 function writeLog($action,$error,$details_nr,$details,$data) {
356 $type = 2; // Type value for tce_file.php
357 if (is_object($GLOBALS['BE_USER'])) {
358 $GLOBALS['BE_USER']->writelog($type,$action,$error,$details_nr,$details,$data);
359 }
360 }
361
362
363
364
365
366
367
368
369
370 /*************************************
371 *
372 * File operation functions
373 *
374 **************************************/
375
376 /**
377 * Deleting files and folders (action=4)
378 *
379 * @param array $cmds['data'] is the the file/folder to delete
380 * @return boolean Returns true upon success
381 */
382 function func_delete($cmds) {
383 if (!$this->isInit) return FALSE;
384
385 // Checking path:
386 $theFile = $cmds['data'];
387 if (!$this->isPathValid($theFile)) {
388 $this->writelog(4,2,101,'Target "%s" had invalid path (".." and "//" is not allowed in path).',Array($theFile));
389 return FALSE;
390 }
391
392 // Recycler moving or not?
393 if ($this->useRecycler && $recyclerPath=$this->findRecycler($theFile)) {
394 // If a recycler is found, the deleted items is moved to the recycler and not just deleted.
395 $newCmds=Array();
396 $newCmds['data']=$theFile;
397 $newCmds['target']=$recyclerPath;
398 $newCmds['altName']=1;
399 $this->func_move($newCmds);
400 $this->writelog(4,0,4,'Item "%s" moved to recycler at "%s"',Array($theFile,$recyclerPath));
401 return TRUE;
402 } elseif ($this->useRecycler != 2) { // if $this->useRecycler==2 then we cannot delete for real!!
403 if (@is_file($theFile)) { // If we are deleting a file...
404 if ($this->actionPerms['deleteFile']) {
405 if ($this->checkPathAgainstMounts($theFile)) {
406 if (@unlink($theFile)) {
407 $this->writelog(4,0,1,'File "%s" deleted',Array($theFile));
408 return TRUE;
409 } else $this->writelog(4,1,110,'Could not delete file "%s". Write-permission problem?', Array($theFile));
410 } else $this->writelog(4,1,111,'Target was not within your mountpoints! T="%s"',Array($theFile));
411 } else $this->writelog(4,1,112,'You are not allowed to delete files','');
412 // FINISHED deleting file
413
414 } elseif (@is_dir($theFile) && !$this->dont_use_exec_commands) { // if we're deleting a folder
415 if ($this->actionPerms['deleteFolder']) {
416 $theFile = $this->is_directory($theFile);
417 if ($theFile) {
418 if ($this->checkPathAgainstMounts($theFile)) { // I choose not to append '/' to $theFile here as this will prevent us from deleting mounts!! (which makes sense to me...)
419 if ($this->actionPerms['deleteFolderRecursively']) {
420 // No way to do this under windows
421 $cmd = 'rm -Rf "'.$theFile.'"';
422 exec($cmd); // This is a quite critical command...
423 clearstatcache();
424 if (!@file_exists($theFile)) {
425 $this->writelog(4,0,2,'Directory "%s" deleted recursively!',Array($theFile));
426 return TRUE;
427 } else $this->writelog(4,2,119,'Directory "%s" WAS NOT deleted recursively! Write-permission problem?',Array($theFile));
428 } else {
429 if (@rmdir($theFile)) {
430 $this->writelog(4,0,3,'Directory "%s" deleted',Array($theFile));
431 return TRUE;
432 } else $this->writelog(4,1,120,'Could not delete directory! Write-permission problem? Is directory "%s" empty? (You are not allowed to delete directories recursively).',Array($theFile));
433 }
434 } else $this->writelog(4,1,121,'Target was not within your mountpoints! T="%s"',Array($theFile));
435 } else $this->writelog(4,2,122,'Target seemed not to be a directory! (Shouldn\'t happen here!)','');
436 } else $this->writelog(4,1,123,'You are not allowed to delete directories','');
437 // FINISHED copying directory
438
439 } else $this->writelog(4,2,130,'The item was not a file or directory! "%s"',Array($theFile));
440 } else $this->writelog(4,1,131,'No recycler found!','');
441 }
442
443 /**
444 * Copying files and folders (action=2)
445 *
446 * @param array $cmds['data'] is the the file/folder to copy. $cmds['target'] is the path where to copy to. $cmds['altName'] (boolean): If set, another filename is found in case the target already exists
447 * @return string Returns the new filename upon success
448 */
449 function func_copy($cmds) {
450 if (!$this->isInit) return FALSE;
451
452 // Initialize and check basic conditions:
453 $theFile = $cmds['data'];
454 $theDest = $this->is_directory($cmds['target']); // Clean up destination directory
455 $altName = $cmds['altName'];
456 if (!$theDest) {
457 $this->writelog(2,2,100,'Destination "%s" was not a directory',Array($cmds['target']));
458 return FALSE;
459 }
460 if (!$this->isPathValid($theFile) || !$this->isPathValid($theDest)) {
461 $this->writelog(2,2,101,'Target or destination had invalid path (".." and "//" is not allowed in path). T="%s", D="%s"',Array($theFile,$theDest));
462 return FALSE;
463 }
464
465 // Processing of file or directory.
466 if (@is_file($theFile)) { // If we are copying a file...
467 if ($this->actionPerms['copyFile']) {
468 if (filesize($theFile) < ($this->maxCopyFileSize*1024)) {
469 $fI = t3lib_div::split_fileref($theFile);
470 if ($altName) { // If altName is set, we're allowed to create a new filename if the file already existed
471 $theDestFile = $this->getUniqueName($fI['file'], $theDest);
472 $fI = t3lib_div::split_fileref($theDestFile);
473 } else {
474 $theDestFile = $theDest.'/'.$fI['file'];
475 }
476 if ($theDestFile && !@file_exists($theDestFile)) {
477 if ($this->checkIfAllowed($fI['fileext'], $theDest, $fI['file'])) {
478 if ($this->checkPathAgainstMounts($theDestFile) && $this->checkPathAgainstMounts($theFile)) {
479 if ($this->PHPFileFunctions) {
480 copy ($theFile,$theDestFile);
481 } else {
482 $cmd = 'cp "'.$theFile.'" "'.$theDestFile.'"';
483 exec($cmd);
484 }
485 clearstatcache();
486 if (@is_file($theDestFile)) {
487 $this->writelog(2,0,1,'File "%s" copied to "%s"',Array($theFile,$theDestFile));
488 return $theDestFile;
489 } else $this->writelog(2,2,109,'File "%s" WAS NOT copied to "%s"! Write-permission problem?',Array($theFile,$theDestFile));
490 } else $this->writelog(2,1,110,'Target or destination was not within your mountpoints! T="%s", D="%s"',Array($theFile,$theDestFile));
491 } else $this->writelog(2,1,111,'Fileextension "%s" is not allowed in "%s"!',Array($fI['fileext'],$theDest.'/'));
492 } else $this->writelog(2,1,112,'File "%s" already exists!',Array($theDestFile));
493 } else $this->writelog(2,1,113,'File "%s" exceeds the size-limit of %s bytes',Array($theFile,$this->maxCopyFileSize*1024));
494 } else $this->writelog(2,1,114,'You are not allowed to copy files','');
495 // FINISHED copying file
496
497 } elseif (@is_dir($theFile) && !$this->dont_use_exec_commands) { // if we're copying a folder
498 if ($this->actionPerms['copyFolder']) {
499 $theFile = $this->is_directory($theFile);
500 if ($theFile) {
501 $fI = t3lib_div::split_fileref($theFile);
502 if ($altName) { // If altName is set, we're allowed to create a new filename if the file already existed
503 $theDestFile = $this->getUniqueName($fI['file'], $theDest);
504 $fI = t3lib_div::split_fileref($theDestFile);
505 } else {
506 $theDestFile = $theDest.'/'.$fI['file'];
507 }
508 if ($theDestFile && !@file_exists($theDestFile)) {
509 if (!t3lib_div::isFirstPartOfStr($theDestFile.'/',$theFile.'/')) { // Check if the one folder is inside the other or on the same level... to target/dest is the same?
510 if ($this->checkIfFullAccess($theDest) || $this->is_webPath($theDestFile)==$this->is_webPath($theFile)) { // no copy of folders between spaces
511 if ($this->checkPathAgainstMounts($theDestFile) && $this->checkPathAgainstMounts($theFile)) {
512 // No way to do this under windows!
513 $cmd = 'cp -R "'.$theFile.'" "'.$theDestFile.'"';
514 exec($cmd);
515 clearstatcache();
516 if (@is_dir($theDestFile)) {
517 $this->writelog(2,0,2,'Directory "%s" copied to "%s"',Array($theFile,$theDestFile));
518 return $theDestFile;
519 } else $this->writelog(2,2,119,'Directory "%s" WAS NOT copied to "%s"! Write-permission problem?',Array($theFile,$theDestFile));
520 } else $this->writelog(2,1,120,'Target or destination was not within your mountpoints! T="%s", D="%s"',Array($theFile,$theDestFile));
521 } else $this->writelog(2,1,121,'You don\'t have full access to the destination directory "%s"!',Array($theDest.'/'));
522 } else $this->writelog(2,1,122,'Destination cannot be inside the target! D="%s", T="%s"',Array($theDestFile.'/',$theFile.'/'));
523 } else $this->writelog(2,1,123,'Target "%s" already exists!',Array($theDestFile));
524 } else $this->writelog(2,2,124,'Target seemed not to be a directory! (Shouldn\'t happen here!)','');
525 } else $this->writelog(2,1,125,'You are not allowed to copy directories','');
526 // FINISHED copying directory
527
528 } else {
529 $this->writelog(2,2,130,'The item "%s" was not a file or directory!',Array($theFile));
530 }
531 }
532
533 /**
534 * Moving files and folders (action=3)
535 *
536 * @param array $cmds['data'] is the the file/folder to move. $cmds['target'] is the path where to move to. $cmds['altName'] (boolean): If set, another filename is found in case the target already exists
537 * @return string Returns the new filename upon success
538 */
539 function func_move($cmds) {
540 if (!$this->isInit) return FALSE;
541
542 // Initialize and check basic conditions:
543 $theFile = $cmds['data'];
544 $theDest = $this->is_directory($cmds['target']); // Clean up destination directory
545 $altName = $cmds['altName'];
546 if (!$theDest) {
547 $this->writelog(3,2,100,'Destination "%s" was not a directory',Array($cmds['target']));
548 return FALSE;
549 }
550 if (!$this->isPathValid($theFile) || !$this->isPathValid($theDest)) {
551 $this->writelog(3,2,101,'Target or destination had invalid path (".." and "//" is not allowed in path). T="%s", D="%s"',Array($theFile,$theDest));
552 return FALSE;
553 }
554
555 // Processing of file or directory:
556 if (@is_file($theFile)) { // If we are moving a file...
557 if ($this->actionPerms['moveFile']) {
558 if (filesize($theFile) < ($this->maxMoveFileSize*1024)) {
559 $fI = t3lib_div::split_fileref($theFile);
560 if ($altName) { // If altName is set, we're allowed to create a new filename if the file already existed
561 $theDestFile = $this->getUniqueName($fI['file'], $theDest);
562 $fI = t3lib_div::split_fileref($theDestFile);
563 } else {
564 $theDestFile = $theDest.'/'.$fI['file'];
565 }
566 if ($theDestFile && !@file_exists($theDestFile)) {
567 if ($this->checkIfAllowed($fI['fileext'], $theDest, $fI['file'])) {
568 if ($this->checkPathAgainstMounts($theDestFile) && $this->checkPathAgainstMounts($theFile)) {
569 if ($this->PHPFileFunctions) {
570 rename($theFile, $theDestFile);
571 } else {
572 $cmd = 'mv "'.$theFile.'" "'.$theDestFile.'"';
573 exec($cmd);
574 }
575 clearstatcache();
576 if (@is_file($theDestFile)) {
577 $this->writelog(3,0,1,'File "%s" moved to "%s"',Array($theFile,$theDestFile));
578 return $theDestFile;
579 } else $this->writelog(3,2,109,'File "%s" WAS NOT moved to "%s"! Write-permission problem?',Array($theFile,$theDestFile));
580 } else $this->writelog(3,1,110,'Target or destination was not within your mountpoints! T="%s", D="%s"',Array($theFile,$theDestFile));
581 } else $this->writelog(3,1,111,'Fileextension "%s" is not allowed in "%s"!',Array($fI['fileext'],$theDest.'/'));
582 } else $this->writelog(3,1,112,'File "%s" already exists!',Array($theDestFile));
583 } else $this->writelog(3,1,113,'File "%s" exceeds the size-limit of %s bytes',Array($theFile,$this->maxMoveFileSize*1024));
584 } else $this->writelog(3,1,114,'You are not allowed to move files','');
585 // FINISHED moving file
586
587 } elseif (@is_dir($theFile)) { // if we're moving a folder
588 if ($this->actionPerms['moveFolder']) {
589 $theFile = $this->is_directory($theFile);
590 if ($theFile) {
591 $fI = t3lib_div::split_fileref($theFile);
592 if ($altName) { // If altName is set, we're allowed to create a new filename if the file already existed
593 $theDestFile = $this->getUniqueName($fI['file'], $theDest);
594 $fI = t3lib_div::split_fileref($theDestFile);
595 } else {
596 $theDestFile = $theDest.'/'.$fI['file'];
597 }
598 if ($theDestFile && !@file_exists($theDestFile)) {
599 if (!t3lib_div::isFirstPartOfStr($theDestFile.'/',$theFile.'/')) { // Check if the one folder is inside the other or on the same level... to target/dest is the same?
600 if ($this->checkIfFullAccess($theDest) || $this->is_webPath($theDestFile)==$this->is_webPath($theFile)) { // // no moving of folders between spaces
601 if ($this->checkPathAgainstMounts($theDestFile) && $this->checkPathAgainstMounts($theFile)) {
602 if ($this->PHPFileFunctions) {
603 rename($theFile, $theDestFile);
604 } else {
605 $cmd = 'mv "'.$theFile.'" "'.$theDestFile.'"';
606 exec($cmd,$errArr,$retVar);
607 }
608 clearstatcache();
609 if (@is_dir($theDestFile)) {
610 $this->writelog(3,0,2,'Directory "%s" moved to "%s"',Array($theFile,$theDestFile));
611 return $theDestFile;
612 } else $this->writelog(3,2,119,'Directory "%s" WAS NOT moved to "%s"! Write-permission problem?',Array($theFile,$theDestFile));
613 } else $this->writelog(3,1,120,'Target or destination was not within your mountpoints! T="%s", D="%s"',Array($theFile,$theDestFile));
614 } else $this->writelog(3,1,121,'You don\'t have full access to the destination directory "%s"!',Array($theDest.'/'));
615 } else $this->writelog(3,1,122,'Destination cannot be inside the target! D="%s", T="%s"',Array($theDestFile.'/',$theFile.'/'));
616 } else $this->writelog(3,1,123,'Target "%s" already exists!',Array($theDestFile));
617 } else $this->writelog(3,2,124,'Target seemed not to be a directory! (Shouldn\'t happen here!)','');
618 } else $this->writelog(3,1,125,'You are not allowed to move directories','');
619 // FINISHED moving directory
620
621 } else {
622 $this->writelog(3,2,130,'The item "%s" was not a file or directory!',Array($theFile));
623 }
624 }
625
626 /**
627 * Renaming files or foldes (action=5)
628 *
629 * @param array $cmds['data'] is the new name. $cmds['target'] is the target (file or dir).
630 * @return string Returns the new filename upon success
631 */
632 function func_rename($cmds) {
633 if (!$this->isInit) return FALSE;
634
635 $theNewName = $this->cleanFileName($cmds['data']);
636 if ($theNewName) {
637 if ($this->checkFileNameLen($theNewName)) {
638 $theTarget = $cmds['target'];
639 $type = filetype($theTarget);
640 if ($type=='file' || $type=='dir') { // $type MUST BE file or dir
641 $fileInfo = t3lib_div::split_fileref($theTarget); // Fetches info about path, name, extention of $theTarget
642 if ($fileInfo['file']!=$theNewName) { // The name should be different from the current. And the filetype must be allowed
643 $theRenameName = $fileInfo['path'].$theNewName;
644 if ($this->checkPathAgainstMounts($fileInfo['path'])) {
645 if (!@file_exists($theRenameName)) {
646 if ($type=='file') {
647 if ($this->actionPerms['renameFile']) {
648 $fI = t3lib_div::split_fileref($theRenameName);
649 if ($this->checkIfAllowed($fI['fileext'], $fileInfo['path'], $fI['file'])) {
650 if (@rename($theTarget, $theRenameName)) {
651 $this->writelog(5,0,1,'File renamed from "%s" to "%s"',Array($fileInfo['file'],$theNewName));
652 return $theRenameName;
653 } else $this->writelog(5,1,100,'File "%s" was not renamed! Write-permission problem in "%s"?',Array($theTarget,$fileInfo['path']));
654 } else $this->writelog(5,1,101,'Fileextension "%s" was not allowed!',Array($fI['fileext']));
655 } else $this->writelog(5,1,102,'You are not allowed to rename files!','');
656 } elseif ($type=='dir') {
657 if ($this->actionPerms['renameFolder']) {
658 if (@rename($theTarget, $theRenameName)) {
659 $this->writelog(5,0,2,'Directory renamed from "%s" to "%s"',Array($fileInfo['file'],$theNewName));
660 return $theRenameName;
661 } else $this->writelog(5,1,110,'Directory "%s" was not renamed! Write-permission problem in "%s"?',Array($theTarget,$fileInfo['path']));
662 } else $this->writelog(5,1,111,'You are not allowed to rename directories!','');
663 }
664 } else $this->writelog(5,1,120,'Destination "%s" existed already!',Array($theRenameName));
665 } else $this->writelog(5,1,121,'Destination path "%s" was not within your mountpoints!',Array($fileInfo['path']));
666 } else $this->writelog(5,1,122,'Old and new name is the same (%s)',Array($theNewName));
667 } else $this->writelog(5,2,123,'Target "%s" was neither a directory nor a file!',Array($theTarget));
668 } else $this->writelog(5,1,124,'New name "%s" was too long (max %s characters)',Array($theNewName,$this->maxInputNameLen));
669 }
670 }
671
672 /**
673 * This creates a new folder. (action=6)
674 *
675 * @param array $cmds['data'] is the foldername. $cmds['target'] is the path where to create it.
676 * @return string Returns the new foldername upon success
677 */
678 function func_newfolder($cmds) {
679 if (!$this->isInit) return FALSE;
680
681 $theFolder = $this->cleanFileName($cmds['data']);
682 if ($theFolder) {
683 if ($this->checkFileNameLen($theFolder)) {
684 $theTarget = $this->is_directory($cmds['target']); // Check the target dir
685 if ($theTarget) {
686 if ($this->actionPerms['newFolder']) {
687 $theNewFolder = $theTarget.'/'.$theFolder;
688 if ($this->checkPathAgainstMounts($theNewFolder)) {
689 if (!@file_exists($theNewFolder)) {
690 if (t3lib_div::mkdir($theNewFolder)){
691 $this->writelog(6,0,1,'Directory "%s" created in "%s"',Array($theFolder,$theTarget.'/'));
692 return $theNewFolder;
693 } else $this->writelog(6,1,100,'Directory "%s" not created. Write-permission problem in "%s"?',Array($theFolder,$theTarget.'/'));
694 } else $this->writelog(6,1,101,'File or directory "%s" existed already!',Array($theNewFolder));
695 } else $this->writelog(6,1,102,'Destination path "%s" was not within your mountpoints!',Array($theTarget.'/'));
696 } else $this->writelog(6,1,103,'You are not allowed to create directories!','');
697 } else $this->writelog(6,2,104,'Destination "%s" was not a directory',Array($cmds['target']));
698 } else $this->writelog(6,1,105,'New name "%s" was too long (max %s characters)',Array($theFolder,$this->maxInputNameLen));
699 }
700 }
701
702 /**
703 * This creates a new file. (action=8)
704 *
705 * @param array $cmds['data'] is the new filename. $cmds['target'] is the path where to create it
706 * @return string Returns the new filename upon success
707 */
708 function func_newfile($cmds) {
709 $extList = $GLOBALS['TYPO3_CONF_VARS']['SYS']['textfile_ext'];
710 if (!$this->isInit) return FALSE;
711 $newName = $this->cleanFileName($cmds['data']);
712 if ($newName) {
713 if ($this->checkFileNameLen($newName)) {
714 $theTarget = $this->is_directory($cmds['target']); // Check the target dir
715 $fileInfo = t3lib_div::split_fileref($theTarget); // Fetches info about path, name, extention of $theTarget
716 if ($theTarget) {
717 if ($this->actionPerms['newFile']) {
718 $theNewFile = $theTarget.'/'.$newName;
719 if ($this->checkPathAgainstMounts($theNewFile)) {
720 if (!@file_exists($theNewFile)) {
721 $fI = t3lib_div::split_fileref($theNewFile);
722 if ($this->checkIfAllowed($fI['fileext'], $fileInfo['path'], $fI['file'])) {
723 if (t3lib_div::inList($extList, $fI['fileext'])) {
724 if (t3lib_div::writeFile($theNewFile,'')) {
725 clearstatcache();
726 $this->writelog(8,0,1,'File created: "%s"',Array($fI['file']));
727 return $theNewFile;
728 } else $this->writelog(8,1,100,'File "%s" was not created! Write-permission problem in "%s"?',Array($fI['file'], $theTarget));
729 } else $this->writelog(8,1,107,'Fileextension "%s" is not a textfile format! (%s)',Array($fI['fileext'], $extList));
730 } else $this->writelog(8,1,106,'Fileextension "%s" was not allowed!',Array($fI['fileext']));
731 } else $this->writelog(8,1,101,'File "%s" existed already!',Array($theNewFile));
732 } else $this->writelog(8,1,102,'Destination path "%s" was not within your mountpoints!',Array($theTarget.'/'));
733 } else $this->writelog(8,1,103,'You are not allowed to create files!','');
734 } else $this->writelog(8,2,104,'Destination "%s" was not a directory',Array($cmds['target']));
735 } else $this->writelog(8,1,105,'New name "%s" was too long (max %s characters)',Array($newName,$this->maxInputNameLen));
736 }
737 }
738
739 /**
740 * Editing textfiles or foldes (action=9)
741 *
742 * @param array $cmds['data'] is the new content. $cmds['target'] is the target (file or dir)
743 * @return boolean Returns true on success
744 */
745 function func_edit($cmds) {
746 if (!$this->isInit) return FALSE;
747 $theTarget = $cmds['target'];
748 $content = $cmds['data'];
749 $extList = $GLOBALS['TYPO3_CONF_VARS']['SYS']['textfile_ext'];
750 $type = filetype($theTarget);
751 if ($type=='file') { // $type MUST BE file
752 $fileInfo = t3lib_div::split_fileref($theTarget); // Fetches info about path, name, extention of $theTarget
753 $fI =$fileInfo;
754 if ($this->checkPathAgainstMounts($fileInfo['path'])) {
755 if ($this->actionPerms['editFile']) {
756 $fI = t3lib_div::split_fileref($theTarget);
757 if ($this->checkIfAllowed($fI['fileext'], $fileInfo['path'], $fI['file'])) {
758 if (t3lib_div::inList($extList, $fileInfo['fileext'])) {
759 if (t3lib_div::writeFile($theTarget,$content)) {
760 clearstatcache();
761 $this->writelog(9,0,1,'File saved to "%s", bytes: %s, MD5: %s ',Array($fileInfo['file'],@filesize($theTarget),md5($content)));
762 return TRUE;
763 } else $this->writelog(9,1,100,'File "%s" was not saved! Write-permission problem in "%s"?',Array($theTarget,$fileInfo['path']));
764 } else $this->writelog(9,1,102,'Fileextension "%s" is not a textfile format! (%s)',Array($fI['fileext'], $extList));
765 } else $this->writelog(9,1,103,'Fileextension "%s" was not allowed!',Array($fI['fileext']));
766 } else $this->writelog(9,1,104,'You are not allowed to edit files!','');
767 } else $this->writelog(9,1,121,'Destination path "%s" was not within your mountpoints!',Array($fileInfo['path']));
768 } else $this->writelog(9,2,123,'Target "%s" was not a file!',Array($theTarget));
769 }
770
771 /**
772 * Upload of files (action=1)
773 *
774 * @param array $cmds['data'] is the ID-number (points to the global var that holds the filename-ref ($GLOBALS['HTTP_POST_FILES']['upload_'.$id]['name']). $cmds['target'] is the target directory
775 * @return string Returns the new filename upon success
776 */
777 function func_upload($cmds) {
778 if (!$this->isInit) return FALSE;
779 $id = $cmds['data'];
780 if ($GLOBALS['HTTP_POST_FILES']['upload_'.$id]['name']) {
781 $theFile = $GLOBALS['HTTP_POST_FILES']['upload_'.$id]['tmp_name']; // filename of the uploaded file
782 $theFileSize = $GLOBALS['HTTP_POST_FILES']['upload_'.$id]['size']; // filesize of the uploaded file
783 $theName = $this->cleanFileName(stripslashes($GLOBALS['HTTP_POST_FILES']['upload_'.$id]['name'])); // The original filename
784 if (is_uploaded_file($theFile) && $theName) { // Check the file
785 if ($this->actionPerms['uploadFile']) {
786 if ($theFileSize<($this->maxUploadFileSize*1024)) {
787 $fI = t3lib_div::split_fileref($theName);
788 $theTarget = $this->is_directory($cmds['target']); // Check the target dir
789 if ($theTarget && $this->checkPathAgainstMounts($theTarget.'/')) {
790 if ($this->checkIfAllowed($fI['fileext'], $theTarget, $fI['file'])) {
791 $theNewFile = $this->getUniqueName($theName, $theTarget, $this->dontCheckForUnique);
792 if ($theNewFile) {
793 t3lib_div::upload_copy_move($theFile,$theNewFile);
794 clearstatcache();
795 if (@is_file($theNewFile)) {
796 $this->writelog(1,0,1,'Uploading file "%s" to "%s"',Array($theName,$theNewFile, $id));
797 return $theNewFile;
798 } else $this->writelog(1,1,100,'Uploaded file could not be moved! Write-permission problem in "%s"?',Array($theTarget.'/'));
799 } else $this->writelog(1,1,101,'No unique filename available in "%s"!',Array($theTarget.'/'));
800 } else $this->writelog(1,1,102,'Fileextension "%s" is not allowed in "%s"!',Array($fI['fileext'],$theTarget.'/'));
801 } else $this->writelog(1,1,103,'Destination path "%s" was not within your mountpoints!',Array($theTarget.'/'));
802 } else $this->writelog(1,1,104,'The uploaded file exceeds the size-limit of %s bytes',Array($this->maxUploadFileSize*1024));
803 } else $this->writelog(1,1,105,'You are not allowed to upload files!','');
804 } else $this->writelog(1,2,106,'The uploaded file did not exist!','');
805 }
806 }
807
808 /**
809 * Unzipping file (action=7)
810 * This is permitted only if the user has fullAccess or if the file resides
811 *
812 * @param array $cmds['data'] is the zip-file. $cmds['target'] is the target directory. If not set we'll default to the same directory as the file is in.
813 * @return boolean Returns true on success
814 */
815 function func_unzip($cmds) {
816 if (!$this->isInit || $this->dont_use_exec_commands) return FALSE;
817
818 $theFile = $cmds['data'];
819 if (@is_file($theFile)) {
820 $fI = t3lib_div::split_fileref($theFile);
821 if (!isset($cmds['target'])) {
822 $cmds['target'] = $fI['path'];
823 }
824 $theDest = $this->is_directory($cmds['target']); // Clean up destination directory
825 if ($theDest) {
826 if ($this->actionPerms['unzipFile']) {
827 if ($fI['fileext']=='zip') {
828 if ($this->checkIfFullAccess($theDest)) {
829 if ($this->checkPathAgainstMounts($theFile) && $this->checkPathAgainstMounts($theDest.'/')) {
830 // No way to do this under windows.
831 $cmd = $this->unzipPath.'unzip -qq "'.$theFile.'" -d "'.$theDest.'"';
832 exec($cmd);
833 $this->writelog(7,0,1,'Unzipping file "%s" in "%s"',Array($theFile,$theDest));
834 return TRUE;
835 } else $this->writelog(7,1,100,'File "%s" or destination "%s" was not within your mountpoints!',Array($theFile,$theDest));
836 } else $this->writelog(7,1,101,'You don\'t have full access to the destination directory "%s"!',Array($theDest));
837 } else $this->writelog(7,1,102,'Fileextension is not "zip"','');
838 } else $this->writelog(7,1,103,'You are not allowed to unzip files','');
839 } else $this->writelog(7,2,104,'Destination "%s" was not a directory',Array($cmds['target']));
840 } else $this->writelog(7,2,105,'The file "%s" did not exist!',Array($theFile));
841 }
842 }
843
844 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_extfilefunc.php']) {
845 include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_extfilefunc.php']);
846 }
847 ?>