projects / Packages / TYPO3.CMS.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Initial revision
[Packages/TYPO3.CMS.git] / t3lib / class.t3lib_extfilefunc.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2003 Kasper Skårhøj (kasper@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * extending class to class t3lib_basicFileFunctions
29 *
30
31
32 COMMENT:
33
34 see basicFileFunctions
35 see tce_file.php for SYNTAX!!!
36
37 This class contains functions primarily used by tce_file.php (Typo Core Engine for filemanipulation)
38 Functions include copying, moving, deleting, uploading and so on...
39
40
41
42
43
44 Important internal variables:
45
46 $filemounts (see basicFileFunctions)
47 $f_ext (see basicFileFunctions)
48 ... All fileoperations must be within the filemount-paths. Further the fileextension MUST validate true with the f_ext array
49
50 $actionPerms : This array is self-explaning (look in the class below). It grants access to the functions. This could be set from outside in order to enabled functions to users. see also the function init_actionPerms() which takes input directly from the user-record
51 $maxCopyFileSize = 10000; // max copy size for files
52 $maxMoveFileSize = 10000; // max move size for files
53 $maxUploadFileSize = 10000; // max upload size for files. Remember that PHP has an inner limit often set to 2 MB
54
55 $recyclerFN='_recycler_' : This is regarded to be the recycler folder
56
57
58
59 The unzip-function allows unzip only if the destination path has it's f_ext[]['allow'] set to '*'!!
60 You are allowed to copy/move folders within the same 'space' (web/ftp).
61 You are allowed to copy/move folders between spaces (web/ftp) IF the destination has it's f_ext[]['allow'] set to '*'!
62
63
64
65
66 Advice:
67 You should always exclude php-files from the webspace. This will keep people from uploading, copy/moving and renaming files to the php3/php-extension.
68 You should never mount a ftp_space 'below' the webspace so that it reaches into the webspace. This is because if somebody unzips a zip-file in the ftp-space so that it reaches out into the webspace this will be a violation of the safety
69 Eg. THIS IS A BAD IDEA: you have an ftp-space that is '/www/' and a web-space that is '/www/htdocs/'
70
71
72
73
74
75
76
77 Dependencies:
78 t3lib_div
79 t3lib_basicfilefunctions
80
81 *
82 * @author Kasper Skårhøj <kasper@typo3.com>
83 * @package TYPO3
84 * @subpackage t3lib
85 */
86
87 class t3lib_extFileFunctions extends t3lib_basicFileFunctions {
88 var $maxCopyFileSize = 10000; // kb
89 var $maxMoveFileSize = 10000; // kb
90 var $maxUploadFileSize = 10000; // kb
91 var $unzipPath = ''; // Path to unzip-program (with trailing '/')
92 var $dontCheckForUnique=0; // If set, the uploaded files will overwrite existing files.
93
94 var $actionPerms = Array(
95 'deleteFile' => 0, // Deleting files physically
96 'deleteFolder' => 0, // Deleting foldes physically
97 'deleteFolderRecursively' => 0, // normally folders are deleted by the PHP-function rmdir(), but with this option a user deletes with 'rm -Rf ....' which is pretty wild!
98 'moveFile' => 0,
99 'moveFolder' => 0,
100 'copyFile' => 0,
101 'copyFolder' => 0,
102 'newFolder' => 0,
103 'newFile' => 0,
104 'editFile' => 0,
105 'unzipFile' => 0,
106 'uploadFile' => 0,
107 'renameFile' => 0,
108 'renameFolder' => 0
109 );
110
111 var $recyclerFN = '_recycler_';
112 var $useRecycler = 1; // 0 = no, 1 = if available, 2 = always
113 var $PHPFileFunctions=0; // If set, all fileoperations are done by the default PHP-functions. This is necessary under windows! On UNIX the system commands by exec() can be used unless safe_mode is enabled
114 var $dont_use_exec_commands=0; // This is necessary under windows!
115
116
117 /**
118 *
119 */
120 function start($data) {
121 if (TYPO3_OS=='WIN' || $GLOBALS['TYPO3_CONF_VARS']['BE']['disable_exec_function']) {
122 $this->PHPFileFunctions=1;
123 $this->dont_use_exec_commands=1;
124 } else {
125 $this->PHPFileFunctions = $GLOBALS['TYPO3_CONF_VARS']['BE']['usePHPFileFunctions'];
126 }
127 $this->data = $data;
128 $this->datamap = $this->mapData($this->data);
129 $this->unzipPath = $GLOBALS['TYPO3_CONF_VARS']['BE']['unzip_path'];
130
131 $maxFileSize=intval($GLOBALS['TYPO3_CONF_VARS']['BE']['maxFileSize']);
132 if ($maxFileSize>0) {
133 $this->maxCopyFileSize = $maxFileSize;
134 $this->maxMoveFileSize = $maxFileSize;
135 $this->maxUploadFileSize = $maxFileSize;
136 }
137 }
138
139 /**
140 * Sets up permission to perform file/directory operations.
141 * See below or the be_user-table for the significanse of the various bits in $setup ($BE_USER->user['fileoper_perms'])
142 */
143 function init_actionPerms($setup) {
144 if (($setup&1)==1) { // Files: Upload,Copy,Move,Delete,Rename
145 $this->actionPerms['uploadFile']=1;
146 $this->actionPerms['copyFile']=1;
147 $this->actionPerms['moveFile']=1;
148 $this->actionPerms['deleteFile']=1;
149 $this->actionPerms['renameFile']=1;
150 $this->actionPerms['editFile']=1;
151 $this->actionPerms['newFile']=1;
152 }
153 if (($setup&2)==2) { // Files: Unzip
154 $this->actionPerms['unzipFile']=1;
155 }
156 if (($setup&4)==4) { // Directory: Move,Delete,Rename,New
157 $this->actionPerms['moveFolder']=1;
158 $this->actionPerms['deleteFolder']=1;
159 $this->actionPerms['renameFolder']=1;
160 $this->actionPerms['newFolder']=1;
161 }
162 if (($setup&8)==8) { // Directory: Copy
163 $this->actionPerms['copyFolder']=1;
164 }
165 if (($setup&16)==16) { // Directory: Delete recursively (rm -Rf)
166 $this->actionPerms['deleteFolderRecursively']=1;
167 }
168 }
169
170 /**
171 * If PHP4 then we just set the incoming data to the arrays as PHP4 submits multidimensional arrays
172 */
173 function mapData($inputArray) {
174 if (is_array($inputArray)) {
175 return $inputArray;
176 }
177 }
178
179 /**
180 *
181 */
182 function processData() {
183 if (!$this->isInit) return false;
184 if (is_array($this->datamap)) {
185 reset($this->datamap);
186 while (list($action, $content) = each($this->datamap)) {
187 if (is_array($content)) {
188 while(list($id, $cmdArr) = each($content)) {
189 clearstatcache();
190 switch ($action) {
191 case 'delete':
192 $this->func_delete($cmdArr);
193 break;
194 case 'copy':
195 $this->func_copy($cmdArr);
196 break;
197 case 'move':
198 $this->func_move($cmdArr);
199 break;
200 case 'rename':
201 $this->func_rename($cmdArr);
202 break;
203 case 'newfolder':
204 $this->func_newfolder($cmdArr);
205 break;
206 case 'newfile':
207 $this->func_newfile($cmdArr);
208 break;
209 case 'editfile':
210 $this->func_edit($cmdArr);
211 break;
212 case 'upload':
213 $this->func_upload($cmdArr);
214 break;
215 case 'unzip':
216 $this->func_unzip($cmdArr);
217 break;
218 }
219 }
220 }
221 }
222 }
223 }
224
225 /**
226 * Takes a valid Path ($theFile)
227 * Goes back in the path and checks in each directory if a folder named $this->recyclerFN (usually '_recycler_') is present.
228 * Returns the path (without trailing slash) of the closest recycle-folder if found. Else false.
229 * If a folder in the tree happens to be a _recycler_-folder (which means that we're deleting something inside a _recycler_-folder) this is ignored
230 */
231 function findRecycler($theFile) {
232 if ($this->isPathValid($theFile)) {
233 $theFile=$this->cleanDirectoryName($theFile);
234 $fI=t3lib_div::split_fileref($theFile);
235 $c=0;
236 while($this->checkPathAgainstMounts($fI['path']) && $c<20) {
237 $rDir = $fI['path'].$this->recyclerFN;
238 if (@is_dir($rDir) && $this->recyclerFN!=$fI['file']) {
239 return $rDir;
240 }
241 $theFile=$fI['path'];
242 $theFile=$this->cleanDirectoryName($theFile);
243 $fI=t3lib_div::split_fileref($theFile);
244 $c++;
245 }
246 }
247 }
248
249
250
251
252
253
254
255
256
257
258 // *************************************
259 // File operation functions
260 // *************************************
261
262 /**
263 * Upload of files (action=1)
264 * $cmds['data'] is the ID-number (points to the global var that holds the filename-ref ($GLOBALS['HTTP_POST_FILES']['upload_'.$id]['name'])
265 * $cmds['target'] is the target directory
266 * Returns the new filename upon success
267 */
268 function func_upload($cmds) {
269 if (!$this->isInit) return false;
270 $id = $cmds['data'];
271 if ($GLOBALS['HTTP_POST_FILES']['upload_'.$id]['name']) {
272 $theFile = $GLOBALS['HTTP_POST_FILES']['upload_'.$id]['tmp_name']; // filename of the uploaded file
273 $theName = $this->cleanFileName(stripslashes($GLOBALS['HTTP_POST_FILES']['upload_'.$id]['name'])); // The original filename
274 if (@is_file($theFile) && $theName) { // Check the file
275 if ($this->actionPerms['uploadFile']) {
276 if (filesize($theFile)<($this->maxUploadFileSize*1024)) {
277 $fI = t3lib_div::split_fileref($theName);
278 $theTarget = $this->is_directory($cmds['target']); // Check the target dir
279 if ($theTarget && $this->checkPathAgainstMounts($theTarget.'/')) {
280 if ($this->checkIfAllowed($fI['fileext'], $theTarget, $fI['file'])) {
281 $theNewFile = $this->getUniqueName($theName, $theTarget, $this->dontCheckForUnique);
282 if ($theNewFile) {
283 t3lib_div::upload_copy_move($theFile,$theNewFile);
284
285 clearstatcache();
286 if (@is_file($theNewFile)) {
287 $this->writelog(1,0,1,"Uploading file '%s' to '%s'",Array($theName,$theNewFile, $id));
288 return $theNewFile;
289 } else $this->writelog(1,1,100,"Uploaded file could not be moved! Write-permission problem in '%s'?",Array($theTarget.'/'));
290 } else $this->writelog(1,1,101,"No unique filename available in '%s'!",Array($theTarget.'/'));
291 } else $this->writelog(1,1,102,"Fileextension '%s' is not allowed in '%s'!",Array($fI['fileext'],$theTarget.'/'));
292 } else $this->writelog(1,1,103,"Destination path '%s' was not within your mountpoints!",Array($theTarget.'/'));
293 } else $this->writelog(1,1,104,"The uploaded file exceeds the size-limit of %s bytes",Array($this->maxUploadFileSize*1024));
294 } else $this->writelog(1,1,105,"You are not allowed to upload files!",'');
295 } else $this->writelog(1,2,106,'The uploaded file did not exist!','');
296 }
297 }
298
299 /**
300 * Copying files and folders (action=2)
301 * $cmds['data'] is the the file/folder to copy
302 * $cmds['target'] is the path where to copy to
303 * $cmds['altName'] (boolean): If set, another filename is found in case the target already exists
304 * Returns the new filename upon success
305 */
306 function func_copy($cmds) {
307 if (!$this->isInit) return false;
308 $theFile = $cmds['data'];
309 $theDest = $this->is_directory($cmds['target']); // Clean up destination directory
310 $altName = $cmds['altName'];
311 if (!$theDest) {
312 $this->writelog(2,2,100,"Destination '%s' was not a directory",Array($cmds['target']));
313 return false;
314 }
315 if (!$this->isPathValid($theFile) || !$this->isPathValid($theDest)) {
316 $this->writelog(2,2,101,"Target or destination had invalid path ('..' and '//' is not allowed in path). T='%s', D='%s'",Array($theFile,$theDest));
317 return false;
318 }
319 if (@is_file($theFile)) { // If we are copying a file...
320 if ($this->actionPerms['copyFile']) {
321 if (filesize($theFile) < ($this->maxCopyFileSize*1024)) {
322 $fI=t3lib_div::split_fileref($theFile);
323 if ($altName) { // If altName is set, we're allowed to create a new filename if the file already existed
324 $theDestFile=$this->getUniqueName($fI['file'], $theDest);
325 $fI=t3lib_div::split_fileref($theDestFile);
326 } else {
327 $theDestFile=$theDest.'/'.$fI['file'];
328 }
329 if ($theDestFile && !@file_exists($theDestFile)) {
330 if ($this->checkIfAllowed($fI['fileext'], $theDest, $fI['file'])) {
331 if ($this->checkPathAgainstMounts($theDestFile) && $this->checkPathAgainstMounts($theFile)) {
332 if ($this->PHPFileFunctions) {
333 copy ($theFile,$theDestFile);
334 } else {
335 $cmd = 'cp "'.$theFile.'" "'.$theDestFile.'"';
336 exec($cmd);
337 }
338 clearstatcache();
339 if (@is_file($theDestFile)) {
340 $this->writelog(2,0,1,"File '%s' copied to '%s'",Array($theFile,$theDestFile));
341 return $theDestFile;
342 } else $this->writelog(2,2,109,"File '%s' WAS NOT copied to '%s'! Write-permission problem?",Array($theFile,$theDestFile));
343 } else $this->writelog(2,1,110,"Target or destination was not within your mountpoints! T='%s', D='%s'",Array($theFile,$theDestFile));
344 } else $this->writelog(2,1,111,"Fileextension '%s' is not allowed in '%s'!",Array($fI['fileext'],$theDest.'/'));
345 } else $this->writelog(2,1,112,"File '%s' already exists!",Array($theDestFile));
346 } else $this->writelog(2,1,113,"File '%s' exceeds the size-limit of %s bytes",Array($theFile,$this->maxCopyFileSize*1024));
347 } else $this->writelog(2,1,114,"You are not allowed to copy files",'');
348 // FINISHED copying file
349
350 } elseif (@is_dir($theFile) && !$this->dont_use_exec_commands) { // if we're copying a folder
351 if ($this->actionPerms['copyFolder']) {
352 $theFile = $this->is_directory($theFile);
353 if ($theFile) {
354 $fI=t3lib_div::split_fileref($theFile);
355 if ($altName) { // If altName is set, we're allowed to create a new filename if the file already existed
356 $theDestFile=$this->getUniqueName($fI['file'], $theDest);
357 $fI=t3lib_div::split_fileref($theDestFile);
358 } else {
359 $theDestFile=$theDest.'/'.$fI['file'];
360 }
361 if ($theDestFile && !@file_exists($theDestFile)) {
362 if (!t3lib_div::isFirstPartOfStr($theDestFile.'/',$theFile.'/')) { // Check if the one folder is inside the other or on the same level... to target/dest is the same?
363 if ($this->checkIfFullAccess($theDest) || $this->is_webPath($theDestFile)==$this->is_webPath($theFile)) { // no copy of folders between spaces
364 if ($this->checkPathAgainstMounts($theDestFile) && $this->checkPathAgainstMounts($theFile)) {
365 // No way to do this under windows!
366 $cmd = 'cp -R "'.$theFile.'" "'.$theDestFile.'"';
367 exec($cmd);
368 clearstatcache();
369 if (@is_dir($theDestFile)) {
370 $this->writelog(2,0,2,"Directory '%s' copied to '%s'",Array($theFile,$theDestFile));
371 return $theDestFile;
372 } else $this->writelog(2,2,119,"Directory '%s' WAS NOT copied to '%s'! Write-permission problem?",Array($theFile,$theDestFile));
373 } else $this->writelog(2,1,120,"Target or destination was not within your mountpoints! T='%s', D='%s'",Array($theFile,$theDestFile));
374 } else $this->writelog(2,1,121,"You don't have full access to the destination directory '%s'!",Array($theDest.'/'));
375 } else $this->writelog(2,1,122,"Destination cannot be inside the target! D='%s', T='%s'",Array($theDestFile.'/',$theFile.'/'));
376 } else $this->writelog(2,1,123,"Target '%s' already exists!",Array($theDestFile));
377 } else $this->writelog(2,2,124,"Target seemed not to be a directory! (Shouldn't happen here!)",'');
378 } else $this->writelog(2,1,125,"You are not allowed to copy directories",'');
379 // FINISHED copying directory
380
381 } else {
382 $this->writelog(2,2,130,"The item '%s' was not a file or directory!",Array($theFile));
383 }
384 }
385
386 /**
387 * Moving files and folders (action=3)
388 * $cmds['data'] is the the file/folder to move
389 * $cmds['target'] is the path where to move to
390 * $cmds['altName'] (boolean): If set, another filename is found in case the target already exists
391 * Returns the new filename upon success
392 */
393 function func_move($cmds) {
394 if (!$this->isInit) return false;
395 $theFile = $cmds['data'];
396 $theDest = $this->is_directory($cmds['target']); // Clean up destination directory
397 $altName = $cmds['altName'];
398 if (!$theDest) {
399 $this->writelog(3,2,100,"Destination '%s' was not a directory",Array($cmds['target']));
400 return false;
401 }
402 if (!$this->isPathValid($theFile) || !$this->isPathValid($theDest)) {
403 $this->writelog(3,2,101,"Target or destination had invalid path ('..' and '//' is not allowed in path). T='%s', D='%s'",Array($theFile,$theDest));
404 return false;
405 }
406 if (@is_file($theFile)) { // If we are moving a file...
407 if ($this->actionPerms['moveFile']) {
408 if (filesize($theFile) < ($this->maxMoveFileSize*1024)) {
409 $fI=t3lib_div::split_fileref($theFile);
410 if ($altName) { // If altName is set, we're allowed to create a new filename if the file already existed
411 $theDestFile=$this->getUniqueName($fI['file'], $theDest);
412 $fI=t3lib_div::split_fileref($theDestFile);
413 } else {
414 $theDestFile=$theDest.'/'.$fI['file'];
415 }
416 if ($theDestFile && !@file_exists($theDestFile)) {
417 if ($this->checkIfAllowed($fI['fileext'], $theDest, $fI['file'])) {
418 if ($this->checkPathAgainstMounts($theDestFile) && $this->checkPathAgainstMounts($theFile)) {
419 if ($this->PHPFileFunctions) {
420 rename($theFile, $theDestFile);
421 } else {
422 $cmd = 'mv "'.$theFile.'" "'.$theDestFile.'"';
423 exec($cmd);
424 }
425 clearstatcache();
426 if (@is_file($theDestFile)) {
427 $this->writelog(3,0,1,"File '%s' moved to '%s'",Array($theFile,$theDestFile));
428 return $theDestFile;
429 } else $this->writelog(3,2,109,"File '%s' WAS NOT moved to '%s'! Write-permission problem?",Array($theFile,$theDestFile));
430 } else $this->writelog(3,1,110,"Target or destination was not within your mountpoints! T='%s', D='%s'",Array($theFile,$theDestFile));
431 } else $this->writelog(3,1,111,"Fileextension '%s' is not allowed in '%s'!",Array($fI['fileext'],$theDest.'/'));
432 } else $this->writelog(3,1,112,"File '%s' already exists!",Array($theDestFile));
433 } else $this->writelog(3,1,113,"File '%s' exceeds the size-limit of %s bytes",Array($theFile,$this->maxMoveFileSize*1024));
434 } else $this->writelog(3,1,114,"You are not allowed to move files",'');
435 // FINISHED moving file
436
437 } elseif (@is_dir($theFile)) { // if we're moving a folder
438 if ($this->actionPerms['moveFolder']) {
439 $theFile = $this->is_directory($theFile);
440 if ($theFile) {
441 $fI=t3lib_div::split_fileref($theFile);
442 if ($altName) { // If altName is set, we're allowed to create a new filename if the file already existed
443 $theDestFile=$this->getUniqueName($fI['file'], $theDest);
444 $fI=t3lib_div::split_fileref($theDestFile);
445 } else {
446 $theDestFile=$theDest.'/'.$fI['file'];
447 }
448 if ($theDestFile && !@file_exists($theDestFile)) {
449 if (!t3lib_div::isFirstPartOfStr($theDestFile.'/',$theFile.'/')) { // Check if the one folder is inside the other or on the same level... to target/dest is the same?
450 if ($this->checkIfFullAccess($theDest) || $this->is_webPath($theDestFile)==$this->is_webPath($theFile)) { // // no moving of folders between spaces
451 if ($this->checkPathAgainstMounts($theDestFile) && $this->checkPathAgainstMounts($theFile)) {
452 if ($this->PHPFileFunctions) {
453 rename($theFile, $theDestFile);
454 } else {
455 $cmd = 'mv "'.$theFile.'" "'.$theDestFile.'"';
456 exec($cmd,$errArr,$retVar);
457 }
458 clearstatcache();
459 if (@is_dir($theDestFile)) {
460 $this->writelog(3,0,2,"Directory '%s' moved to '%s'",Array($theFile,$theDestFile));
461 return $theDestFile;
462 } else $this->writelog(3,2,119,"Directory '%s' WAS NOT moved to '%s'! Write-permission problem?",Array($theFile,$theDestFile));
463 } else $this->writelog(3,1,120,"Target or destination was not within your mountpoints! T='%s', D='%s'",Array($theFile,$theDestFile));
464 } else $this->writelog(3,1,121,"You don't have full access to the destination directory '%s'!",Array($theDest.'/'));
465 } else $this->writelog(3,1,122,"Destination cannot be inside the target! D='%s', T='%s'",Array($theDestFile.'/',$theFile.'/'));
466 } else $this->writelog(3,1,123,"Target '%s' already exists!",Array($theDestFile));
467 } else $this->writelog(3,2,124,"Target seemed not to be a directory! (Shouldn't happen here!)",'');
468 } else $this->writelog(3,1,125,"You are not allowed to move directories",'');
469 // FINISHED moving directory
470
471 } else {
472 $this->writelog(3,2,130,"The item '%s' was not a file or directory!",Array($theFile));
473 }
474 }
475
476 /**
477 * Deleting files and folders (action=4)
478 * $cmds['data'] is the the file/folder to delete
479 * Returns true upon success
480 */
481 function func_delete($cmds) {
482 if (!$this->isInit) return false;
483 $theFile = $cmds['data'];
484 if (!$this->isPathValid($theFile)) {
485 $this->writelog(4,2,101,"Target '%s' had invalid path ('..' and '//' is not allowed in path).",Array($theFile));
486 return false;
487 }
488 if ($this->useRecycler && $recyclerPath=$this->findRecycler($theFile)) {
489 // If a recycler is found, the deleted items is moved to the recycler and not just deleted.
490 $newCmds=Array();
491 $newCmds['data']=$theFile;
492 $newCmds['target']=$recyclerPath;
493 $newCmds['altName']=1;
494 $this->func_move($newCmds);
495 $this->writelog(4,0,4,"Item '%s' moved to recycler at '%s'",Array($theFile,$recyclerPath));
496 return true;
497 } elseif ($this->useRecycler != 2) { // if $this->useRecycler==2 then we cannot delete for real!!
498 if (@is_file($theFile)) { // If we are deleting a file...
499 if ($this->actionPerms['deleteFile']) {
500 if ($this->checkPathAgainstMounts($theFile)) {
501 if (@unlink($theFile)) {
502 $this->writelog(4,0,1,"File '%s' deleted",Array($theFile));
503 return true;
504 } else $this->writelog(4,1,110,"Could not delete file '%s'. Write-permission problem?", Array($theFile));
505 } else $this->writelog(4,1,111,"Target was not within your mountpoints! T='%s'",Array($theFile));
506 } else $this->writelog(4,1,112,"You are not allowed to delete files",'');
507 // FINISHED deleting file
508
509 } elseif (@is_dir($theFile) && !$this->dont_use_exec_commands) { // if we're deleting a folder
510 if ($this->actionPerms['deleteFolder']) {
511 $theFile = $this->is_directory($theFile);
512 if ($theFile) {
513 if ($this->checkPathAgainstMounts($theFile)) { // I choose not to append '/' to $theFile here as this will prevent us from deleting mounts!! (which makes sense to me...)
514 if ($this->actionPerms['deleteFolderRecursively']) {
515 // No way to do this under windows
516 $cmd = 'rm -Rf "'.$theFile.'"';
517 exec($cmd); // This is a quite critical command...
518 clearstatcache();
519 if (!@file_exists($theFile)) {
520 $this->writelog(4,0,2,"Directory '%s' deleted recursively!",Array($theFile));
521 return true;
522 } else $this->writelog(4,2,119,"Directory '%s' WAS NOT deleted recursively! Write-permission problem?",Array($theFile));
523 } else {
524 if (@rmdir($theFile)) {
525 $this->writelog(4,0,3,"Directory '%s' deleted",Array($theFile));
526 return true;
527 } else $this->writelog(4,1,120,"Could not delete directory! Write-permission problem? Is directory '%s' empty?",Array($theFile));
528 }
529 } else $this->writelog(4,1,121,"Target was not within your mountpoints! T='%s'",Array($theFile));
530 } else $this->writelog(4,2,122,"Target seemed not to be a directory! (Shouldn't happen here!)",'');
531 } else $this->writelog(4,1,123,"You are not allowed to delete directories",'');
532 // FINISHED copying directory
533
534 } else $this->writelog(4,2,130,"The item was not a file or directory! '%s'",Array($theFile));
535 } else $this->writelog(4,1,131,"No recycler found!",'');
536 }
537
538 /**
539 * Renaming files or foldes (action=5)
540 * $cmds['data'] is the new name
541 * $cmds['target'] is the target (file or dir)
542 * Returns the new filename upon success
543 */
544 function func_rename($cmds) {
545 if (!$this->isInit) return false;
546 $theNewName = $this->cleanFileName($cmds['data']);
547 if ($theNewName) {
548 if ($this->checkFileNameLen($theNewName)) {
549 $theTarget = $cmds['target'];
550 $type = filetype($theTarget);
551 if ($type=='file' || $type=='dir') { // $type MUST BE file or dir
552 $fileInfo = t3lib_div::split_fileref($theTarget); // Fetches info about path, name, extention of $theTarget
553 if ($fileInfo['file']!=$theNewName) { // The name should be different from the current. And the filetype must be allowed
554 $theRenameName = $fileInfo['path'].$theNewName;
555 if ($this->checkPathAgainstMounts($fileInfo['path'])) {
556 if (!@file_exists($theRenameName)) {
557 if ($type=='file') {
558 if ($this->actionPerms['renameFile']) {
559 $fI = t3lib_div::split_fileref($theRenameName);
560 if ($this->checkIfAllowed($fI['fileext'], $fileInfo['path'], $fI['file'])) {
561 if (@rename($theTarget, $theRenameName)) {
562 $this->writelog(5,0,1,"File renamed from '%s' to '%s'",Array($fileInfo['file'],$theNewName));
563 return $theRenameName;
564 } else $this->writelog(5,1,100,"File '%s' was not renamed! Write-permission problem in '%s'?",Array($theTarget,$fileInfo['path']));
565 } else $this->writelog(5,1,101,"Fileextension '%s' was not allowed!",Array($fI['fileext']));
566 } else $this->writelog(5,1,102,"You are not allowed to rename files!",'');
567 } elseif ($type=='dir') {
568 if ($this->actionPerms['renameFolder']) {
569 if (@rename($theTarget, $theRenameName)) {
570 $this->writelog(5,0,2,"Directory renamed from '%s' to '%s'",Array($fileInfo['file'],$theNewName));
571 return $theRenameName;
572 } else $this->writelog(5,1,110,"Directory '%s' was not renamed! Write-permission problem in '%s'?",Array($theTarget,$fileInfo['path']));
573 } else $this->writelog(5,1,111,"You are not allowed to rename directories!",'');
574 }
575 } else $this->writelog(5,1,120,"Destination '%s' existed already!",Array($theRenameName));
576 } else $this->writelog(5,1,121,"Destination path '%s' was not within your mountpoints!",Array($fileInfo['path']));
577 } else $this->writelog(5,1,122,"Old and new name is the same (%s)",Array($theNewName));
578 } else $this->writelog(5,2,123,"Target '%s' was neither a directory nor a file!",Array($theTarget));
579 } else $this->writelog(5,1,124,"New name '%s' was too long (max %s characters)",Array($theNewName,$this->maxInputNameLen));
580 }
581 }
582
583 /**
584 * This creates a new folder. (action=6)
585 * $cmds['data'] is the foldername
586 * $cmds['target'] is the path where to create it
587 * Returns the new foldername upon success
588 */
589 function func_newfolder($cmds) {
590 if (!$this->isInit) return false;
591 $theFolder = $this->cleanFileName($cmds['data']);
592 if ($theFolder) {
593 if ($this->checkFileNameLen($theFolder)) {
594 $theTarget = $this->is_directory($cmds['target']); // Check the target dir
595 if ($theTarget) {
596 if ($this->actionPerms['newFolder']) {
597 $theNewFolder = $theTarget.'/'.$theFolder;
598 if ($this->checkPathAgainstMounts($theNewFolder)) {
599 if (!@file_exists($theNewFolder)) {
600 if (@mkdir($theNewFolder, 0755)) {
601 $this->writelog(6,0,1,"Directory '%s' created in '%s'",Array($theFolder,$theTarget.'/'));
602 return $theNewFolder;
603 } else $this->writelog(6,1,100,"Directory '%s' not created. Write-permission problem in '%s'?",Array($theFolder,$theTarget.'/'));
604 } else $this->writelog(6,1,101,"File or directory '%s' existed already!",Array($theNewFolder));
605 } else $this->writelog(6,1,102,"Destination path '%s' was not within your mountpoints!",Array($theTarget.'/'));
606 } else $this->writelog(6,1,103,"You are not allowed to create directories!",'');
607 } else $this->writelog(6,2,104,"Destination '%s' was not a directory",Array($cmds['target']));
608 } else $this->writelog(6,1,105,"New name '%s' was too long (max %s characters)",Array($theFolder,$this->maxInputNameLen));
609 }
610 }
611
612 /**
613 * Unzipping file (action=7)
614 * This is permitted only if the user has fullAccess or if the file resides
615 * $cmds['data'] is the zip-file
616 * $cmds['target'] is the target directory. If not set we'll default to the same directory as the file is in
617 * If target is not supplied the target will be the current directory
618 */
619 function func_unzip($cmds) {
620 if (!$this->isInit || $this->dont_use_exec_commands) return false;
621 $theFile = $cmds['data'];
622 if (@is_file($theFile)) {
623 $fI=t3lib_div::split_fileref($theFile);
624 if (!isset($cmds['target'])) {
625 $cmds['target'] = $fI['path'];
626 }
627 $theDest = $this->is_directory($cmds['target']); // Clean up destination directory
628 if ($theDest) {
629 if ($this->actionPerms['unzipFile']) {
630 if ($fI['fileext']=='zip') {
631 if ($this->checkIfFullAccess($theDest)) {
632 if ($this->checkPathAgainstMounts($theFile) && $this->checkPathAgainstMounts($theDest.'/')) {
633 // No way to do this under windows.
634 $cmd = $this->unzipPath.'unzip -qq "'.$theFile.'" -d "'.$theDest.'"';
635 exec($cmd);
636 $this->writelog(7,0,1,"Unzipping file '%s' in '%s'",Array($theFile,$theDest));
637 } else $this->writelog(7,1,100,"File '%s' or destination '%s' was not within your mountpoints!",Array($theFile,$theDest));
638 } else $this->writelog(7,1,101,"You don't have full access to the destination directory '%s'!",Array($theDest));
639 } else $this->writelog(7,1,102,"Fileextension is not 'zip'",'');
640 } else $this->writelog(7,1,103,"You are not allowed to unzip files",'');
641 } else $this->writelog(7,2,104,"Destination '%s' was not a directory",Array($cmds['target']));
642 } else $this->writelog(7,2,105,"The file '%s' did not exist!",Array($theFile));
643 }
644
645 /**
646 * This creates a new file. (action=8)
647 * $cmds['data'] is the new filename
648 * $cmds['target'] is the path where to create it
649 * Returns the new filename upon success
650 */
651 function func_newfile($cmds) {
652 $extList = $GLOBALS['TYPO3_CONF_VARS']['SYS']['textfile_ext'];
653 if (!$this->isInit) return false;
654 $newName = $this->cleanFileName($cmds['data']);
655 if ($newName) {
656 if ($this->checkFileNameLen($newName)) {
657 $theTarget = $this->is_directory($cmds['target']); // Check the target dir
658 $fileInfo = t3lib_div::split_fileref($theTarget); // Fetches info about path, name, extention of $theTarget
659 if ($theTarget) {
660 if ($this->actionPerms['newFile']) {
661 $theNewFile = $theTarget.'/'.$newName;
662 if ($this->checkPathAgainstMounts($theNewFile)) {
663 if (!@file_exists($theNewFile)) {
664 $fI = t3lib_div::split_fileref($theNewFile);
665 if ($this->checkIfAllowed($fI['fileext'], $fileInfo['path'], $fI['file'])) {
666 if (t3lib_div::inList($extList, $fI['fileext'])) {
667 if (t3lib_div::writeFile($theNewFile,'')) {
668 clearstatcache();
669 $this->writelog(8,0,1,"File created: '%s'",Array($fI['file']));
670 } else $this->writelog(8,1,100,"File '%s' was not created! Write-permission problem in '%s'?",Array($fI['file'], $theTarget));
671 } else $this->writelog(8,1,107,"Fileextension '%s' is not a textfile format! (%s)",Array($fI['fileext'], $extList));
672 } else $this->writelog(8,1,106,"Fileextension '%s' was not allowed!",Array($fI['fileext']));
673 } else $this->writelog(8,1,101,"File '%s' existed already!",Array($theNewFile));
674 } else $this->writelog(8,1,102,"Destination path '%s' was not within your mountpoints!",Array($theTarget.'/'));
675 } else $this->writelog(8,1,103,"You are not allowed to create files!",'');
676 } else $this->writelog(8,2,104,"Destination '%s' was not a directory",Array($cmds['target']));
677 } else $this->writelog(8,1,105,"New name '%s' was too long (max %s characters)",Array($newName,$this->maxInputNameLen));
678 }
679 }
680
681 /**
682 * Editing textfiles or foldes (action=9)
683 * $cmds['data'] is the new content
684 * $cmds['target'] is the target (file or dir)
685 */
686 function func_edit($cmds) {
687 if (!$this->isInit) return false;
688 $theTarget = $cmds['target'];
689 $content = stripslashes($cmds['data']);
690 $extList = $GLOBALS['TYPO3_CONF_VARS']['SYS']['textfile_ext'];
691 $type = filetype($theTarget);
692 if ($type=='file') { // $type MUST BE file
693 $fileInfo = t3lib_div::split_fileref($theTarget); // Fetches info about path, name, extention of $theTarget
694 $fI =$fileInfo;
695 if ($this->checkPathAgainstMounts($fileInfo['path'])) {
696 if ($this->actionPerms['editFile']) {
697 $fI = t3lib_div::split_fileref($theTarget);
698 if ($this->checkIfAllowed($fI['fileext'], $fileInfo['path'], $fI['file'])) {
699 if (t3lib_div::inList($extList, $fileInfo['fileext'])) {
700 if (t3lib_div::writeFile($theTarget,$content)) {
701 clearstatcache();
702 $this->writelog(9,0,1,"File saved to '%s', bytes: %s, MD5: %s ",Array($fileInfo['file'],@filesize($theTarget),md5($content)));
703 } else $this->writelog(9,1,100,"File '%s' was not saved! Write-permission problem in '%s'?",Array($theTarget,$fileInfo['path']));
704 } else $this->writelog(9,1,102,"Fileextension '%s' is not a textfile format! (%s)",Array($fI['fileext'], $extList));
705 } else $this->writelog(9,1,103,"Fileextension '%s' was not allowed!",Array($fI['fileext']));
706 } else $this->writelog(9,1,104,'You are not allowed to edit files!','');
707 } else $this->writelog(9,1,121,"Destination path '%s' was not within your mountpoints!",Array($fileInfo['path']));
708 } else $this->writelog(9,2,123,"Target '%s' was not a file!",Array($theTarget));
709 }
710
711 /**
712 * Logging actions
713 *
714 * $action: The action number. See the functions in the class for a hint. Eg. edit is '9', upload is '1' ...
715 * $error: The severity: 0 = message, 1 = error, 2 = System Error, 3 = security notice (admin)
716 * $details_nr: This number is unique for every combination of $type and $action. This is the error-message number, which can later be used to translate error messages.
717 * $details: This is the default, raw error message in english
718 * $data: Array with special information that may go into $details by '%s' marks / sprintf() when the log is shown
719 *
720 * @see class.t3lib_userauthgroup.php
721 */
722 function writeLog($action,$error,$details_nr,$details,$data) {
723 $type=2; // Type value for tce_file.php
724 $GLOBALS['BE_USER']->writelog($type,$action,$error,$details_nr,$details,$data);
725 }
726 }
727
728
729 /*
730 Log messages:
731 [action]-[details_nr.]
732
733 REMEMBER to UPDATE the real messages set in tools/log/localconf_log.php
734
735 9-1: File saved to '%s', bytes: %s, MD5: %s
736
737 */
738
739
740 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_extfilefunc.php']) {
741 include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_extfilefunc.php']);
742 }
743
744 ?>
TYPO3 CMS Core Development