[BUGFIX] Using datetime field with datepicker the time information gets lost
[Packages/TYPO3.CMS.git] / t3lib / class.t3lib_extfilefunc.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2011 Kasper Skårhøj (kasperYYYY@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * extending class to class t3lib_basicFileFunctions
29 *
30 * $Id$
31 * Revised for TYPO3 3.6 May/2004 by Kasper Skårhøj
32 *
33 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
34 */
35 /**
36 * [CLASS/FUNCTION INDEX of SCRIPT]
37 *
38 *
39 *
40 * 105: class t3lib_extFileFunctions extends t3lib_basicFileFunctions
41 * 151: function start($fileCmds)
42 * 181: function init_actionPerms($setup)
43 * 213: function processData()
44 * 270: function printLogErrorMessages($redirect='')
45 * 328: function findRecycler($theFile)
46 * 357: function writeLog($action,$error,$details_nr,$details,$data)
47 *
48 * SECTION: File operation functions
49 * 384: function func_delete($cmds)
50 * 451: function func_copy($cmds)
51 * 542: function func_move($cmds)
52 * 637: function func_rename($cmds)
53 * 683: function func_newfolder($cmds)
54 * 713: function func_newfile($cmds)
55 * 750: function func_edit($cmds)
56 * 782: function func_upload($cmds)
57 * 821: function func_unzip($cmds)
58 *
59 * TOTAL FUNCTIONS: 15
60 * (This index is automatically created/updated by the extension "extdeveval")
61 *
62 */
63
64
65 /**
66 * Contains functions for performing file operations like copying, pasting, uploading, moving, deleting etc. through the TCE
67 * Extending class to class t3lib_basicFileFunctions.
68 *
69 * see basicFileFunctions
70 * see document "TYPO3 Core API" for syntax
71 *
72 * This class contains functions primarily used by tce_file.php (TYPO3 Core Engine for file manipulation)
73 * Functions include copying, moving, deleting, uploading and so on...
74 *
75 * Important internal variables:
76 *
77 * $filemounts (see basicFileFunctions)
78 * $f_ext (see basicFileFunctions)
79 * ... All fileoperations must be within the filemount-paths. Further the fileextension MUST validate true with the f_ext array
80 *
81 * The unzip-function allows unzip only if the destination path has it's f_ext[]['allow'] set to '*'!!
82 * You are allowed to copy/move folders within the same 'space' (web/ftp).
83 * You are allowed to copy/move folders between spaces (web/ftp) IF the destination has it's f_ext[]['allow'] set to '*'!
84 *
85 * Advice:
86 * You should always exclude php-files from the webspace. This will keep people from uploading, copy/moving and renaming files to become executable php scripts.
87 * You should never mount a ftp_space 'below' the webspace so that it reaches into the webspace. This is because if somebody unzips a zip-file in the ftp-space so that it reaches out into the webspace this will be a violation of the safety
88 * For example this is a bad idea: you have an ftp-space that is '/www/' and a web-space that is '/www/htdocs/'
89 *
90 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
91 * @package TYPO3
92 * @subpackage t3lib
93 */
94 class t3lib_extFileFunctions extends t3lib_basicFileFunctions {
95
96 // External static variables:
97 // Notice; some of these are overridden in the start() method with values from $GLOBALS['TYPO3_CONF_VARS']['BE']
98 var $maxCopyFileSize = 10000; // max copy size (kb) for files
99 var $maxMoveFileSize = 10000; // max move size (kb) for files
100 var $maxUploadFileSize = 10000; // max upload size (kb) for files. Remember that PHP has an inner limit often set to 2 MB
101 var $unzipPath = ''; // Path to unzip-program (with trailing '/')
102 var $dontCheckForUnique = 0; // If set, the uploaded files will overwrite existing files.
103
104 var $actionPerms = Array( // This array is self-explaning (look in the class below). It grants access to the functions. This could be set from outside in order to enabled functions to users. See also the function init_actionPerms() which takes input directly from the user-record
105 'deleteFile' => 0, // Deleting files physically
106 'deleteFolder' => 0, // Deleting foldes physically
107 'deleteFolderRecursively' => 0, // normally folders are deleted by the PHP-function rmdir(), but with this option a user deletes with 'rm -Rf ....' which is pretty wild!
108 'moveFile' => 0,
109 'moveFolder' => 0,
110 'copyFile' => 0,
111 'copyFolder' => 0,
112 'newFolder' => 0,
113 'newFile' => 0,
114 'editFile' => 0,
115 'unzipFile' => 0,
116 'uploadFile' => 0,
117 'renameFile' => 0,
118 'renameFolder' => 0
119 );
120
121 var $recyclerFN = '_recycler_'; // This is regarded to be the recycler folder
122 var $useRecycler = 1; // 0 = no, 1 = if available, 2 = always
123
124 // Internal, static:
125 var $PHPFileFunctions = 0; // If set, all fileoperations are done by the default PHP-functions. This is necessary under windows! On UNIX the system commands by exec() can be used unless safe_mode is enabled
126 var $dont_use_exec_commands = 0; // This is necessary under windows!
127
128 // Internal, dynamic:
129 var $internalUploadMap = array(); // Will contain map between upload ID and the final filename
130
131 var $lastError = '';
132
133
134 /**
135 * Initialization of the class
136 *
137 * @param array The $file array with the commands to execute. See "TYPO3 Core API" document
138 * @return void
139 */
140 function start($fileCmds) {
141
142 // Configure settings from TYPO3_CONF_VARS:
143 if (TYPO3_OS == 'WIN' || $GLOBALS['TYPO3_CONF_VARS']['BE']['disable_exec_function']) {
144 $this->PHPFileFunctions = 1;
145 $this->dont_use_exec_commands = 1;
146 } else {
147 $this->PHPFileFunctions = $GLOBALS['TYPO3_CONF_VARS']['BE']['usePHPFileFunctions'];
148 }
149
150 $unzipPath = trim($GLOBALS['TYPO3_CONF_VARS']['BE']['unzip_path']);
151 if (substr($unzipPath, -1) !== '/' && is_dir($unzipPath)) {
152 // Make sure the path ends with a slash
153 $unzipPath.= '/';
154 }
155 $this->unzipPath = $unzipPath;
156
157 $maxFileSize = intval($GLOBALS['TYPO3_CONF_VARS']['BE']['maxFileSize']);
158 if ($maxFileSize > 0) {
159 $this->maxCopyFileSize = $maxFileSize;
160 $this->maxMoveFileSize = $maxFileSize;
161 }
162 $this->maxUploadFileSize = t3lib_div::getMaxUploadFileSize();
163
164 // Initializing file processing commands:
165 $this->fileCmdMap = $fileCmds;
166 }
167
168 /**
169 * Sets up permission to perform file/directory operations.
170 * See below or the be_user-table for the significance of the various bits in $setup.
171 *
172 * @param integer File permission integer from BE_USER OR'ed with permissions of back-end groups this user is a member of
173 * @return void
174 */
175 function init_actionPerms($setup) {
176 if (($setup & 1) == 1) { // Files: Upload,Copy,Move,Delete,Rename
177 $this->actionPerms['uploadFile'] = 1;
178 $this->actionPerms['copyFile'] = 1;
179 $this->actionPerms['moveFile'] = 1;
180 $this->actionPerms['deleteFile'] = 1;
181 $this->actionPerms['renameFile'] = 1;
182 $this->actionPerms['editFile'] = 1;
183 $this->actionPerms['newFile'] = 1;
184 }
185 if (($setup & 2) == 2) { // Files: Unzip
186 $this->actionPerms['unzipFile'] = 1;
187 }
188 if (($setup & 4) == 4) { // Directory: Move,Delete,Rename,New
189 $this->actionPerms['moveFolder'] = 1;
190 $this->actionPerms['deleteFolder'] = 1;
191 $this->actionPerms['renameFolder'] = 1;
192 $this->actionPerms['newFolder'] = 1;
193 }
194 if (($setup & 8) == 8) { // Directory: Copy
195 $this->actionPerms['copyFolder'] = 1;
196 }
197 if (($setup & 16) == 16) { // Directory: Delete recursively (rm -Rf)
198 $this->actionPerms['deleteFolderRecursively'] = 1;
199 }
200 }
201
202 /**
203 * Processing the command array in $this->fileCmdMap
204 *
205 * @return mixed false, if the file functions were not initialized
206 * otherwise returns an array of all the results that are returned
207 * from each command, separated in each action.
208 */
209 function processData() {
210 $result = array();
211 if (!$this->isInit) {
212 return FALSE;
213 }
214
215 if (is_array($this->fileCmdMap)) {
216
217 // Check if there were uploads expected, but no one made
218 if ($this->fileCmdMap['upload']) {
219 $uploads = $this->fileCmdMap['upload'];
220 foreach ($uploads as $upload) {
221 if (!$_FILES['upload_' . $upload['data']]['name']) {
222 unset($this->fileCmdMap['upload'][$upload['data']]);
223 }
224 }
225 if (count($this->fileCmdMap['upload']) == 0) {
226 $this->writelog(1, 1, 108, 'No file was uploaded!', '');
227 }
228 }
229
230 // Traverse each set of actions
231 foreach ($this->fileCmdMap as $action => $actionData) {
232
233 // Traverse all action data. More than one file might be affected at the same time.
234 if (is_array($actionData)) {
235 $result[$action] = array();
236 foreach ($actionData as $cmdArr) {
237
238 // Clear file stats
239 clearstatcache();
240
241 // Branch out based on command:
242 switch ($action) {
243 case 'delete':
244 $result[$action][] = $this->func_delete($cmdArr);
245 break;
246 case 'copy':
247 $result[$action][] = $this->func_copy($cmdArr);
248 break;
249 case 'move':
250 $result[$action][] = $this->func_move($cmdArr);
251 break;
252 case 'rename':
253 $result[$action][] = $this->func_rename($cmdArr);
254 break;
255 case 'newfolder':
256 $result[$action][] = $this->func_newfolder($cmdArr);
257 break;
258 case 'newfile':
259 $result[$action][] = $this->func_newfile($cmdArr);
260 break;
261 case 'editfile':
262 $result[$action][] = $this->func_edit($cmdArr);
263 break;
264 case 'upload':
265 $result[$action][] = $this->func_upload($cmdArr);
266 break;
267 case 'unzip':
268 $result[$action][] = $this->func_unzip($cmdArr);
269 break;
270 }
271
272 // Hook for post-processing the action
273 if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_extfilefunc.php']['processData'])) {
274 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_extfilefunc.php']['processData'] as $classRef) {
275 $hookObject = t3lib_div::getUserObj($classRef);
276
277 if (!($hookObject instanceof t3lib_extFileFunctions_processDataHook)) {
278 throw new UnexpectedValueException('$hookObject must implement interface t3lib_extFileFunctions_processDataHook', 1279719168);
279 }
280
281 $hookObject->processData_postProcessAction($action, $cmdArr, $result[$action], $this);
282 }
283 }
284 }
285 }
286 }
287 }
288 return $result;
289 }
290
291 /**
292 * Adds log error messages from the operations of this script instance to the FlashMessageQueue
293 *
294 * @param string Redirect URL (for creating link in message)
295 * @return void
296 */
297 function printLogErrorMessages($redirect = '') {
298 $this->getErrorMessages();
299 }
300
301
302 /**
303 * Adds log error messages from the previous file operations of this script instance
304 * to the FlashMessageQueue
305 *
306 * @return void
307 */
308 function getErrorMessages() {
309 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
310 '*',
311 'sys_log',
312 'type = 2 AND userid = ' . intval($GLOBALS['BE_USER']->user['uid'])
313 . ' AND tstamp=' . intval($GLOBALS['EXEC_TIME'])
314 . ' AND error != 0'
315 );
316 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
317 $logData = unserialize($row['log_data']);
318 $msg = $row['error'] . ': ' . sprintf($row['details'], $logData[0], $logData[1], $logData[2], $logData[3], $logData[4]);
319 $flashMessage = t3lib_div::makeInstance(
320 't3lib_FlashMessage',
321 $msg,
322 '',
323 t3lib_FlashMessage::ERROR,
324 TRUE
325 );
326 t3lib_FlashMessageQueue::addMessage($flashMessage);
327 }
328 $GLOBALS['TYPO3_DB']->sql_free_result($res);
329 }
330
331
332 /**
333 * Goes back in the path and checks in each directory if a folder named $this->recyclerFN (usually '_recycler_') is present.
334 * If a folder in the tree happens to be a _recycler_-folder (which means that we're deleting something inside a _recycler_-folder) this is ignored
335 *
336 * @param string Takes a valid Path ($theFile)
337 * @return string Returns the path (without trailing slash) of the closest recycle-folder if found. Else false.
338 */
339 function findRecycler($theFile) {
340 if ($this->isPathValid($theFile)) {
341 $theFile = $this->cleanDirectoryName($theFile);
342 $fI = t3lib_div::split_fileref($theFile);
343 $c = 0;
344 while ($this->checkPathAgainstMounts($fI['path']) && $c < 20) {
345 $rDir = $fI['path'] . $this->recyclerFN;
346 if (@is_dir($rDir) && $this->recyclerFN != $fI['file']) {
347 return $rDir;
348 }
349 $theFile = $fI['path'];
350 $theFile = $this->cleanDirectoryName($theFile);
351 $fI = t3lib_div::split_fileref($theFile);
352 $c++;
353 }
354 }
355 }
356
357 /**
358 * Logging file operations
359 *
360 * @param integer The action number. See the functions in the class for a hint. Eg. edit is '9', upload is '1' ...
361 * @param integer The severity: 0 = message, 1 = error, 2 = System Error, 3 = security notice (admin)
362 * @param integer This number is unique for every combination of $type and $action. This is the error-message number, which can later be used to translate error messages.
363 * @param string This is the default, raw error message in english
364 * @param array Array with special information that may go into $details by "%s" marks / sprintf() when the log is shown
365 * @return void
366 * @see class.t3lib_userauthgroup.php
367 */
368 function writeLog($action, $error, $details_nr, $details, $data) {
369 $type = 2; // Type value for tce_file.php
370 if (is_object($GLOBALS['BE_USER'])) {
371 $GLOBALS['BE_USER']->writelog($type, $action, $error, $details_nr, $details, $data);
372 }
373 $this->lastError = vsprintf($details, $data);
374 }
375
376
377 /*************************************
378 *
379 * File operation functions
380 *
381 **************************************/
382
383 /**
384 * Deleting files and folders (action=4)
385 *
386 * @param array $cmds['data'] is the file/folder to delete
387 * @return boolean Returns true upon success
388 */
389 function func_delete($cmds) {
390 if (!$this->isInit) {
391 return FALSE;
392 }
393
394 // Checking path:
395 $theFile = $cmds['data'];
396 if (!$this->isPathValid($theFile)) {
397 $this->writelog(4, 2, 101, 'Target "%s" had invalid path (".." and "//" is not allowed in path).', Array($theFile));
398 return FALSE;
399 }
400
401 // Recycler moving or not?
402 if ($this->useRecycler && $recyclerPath = $this->findRecycler($theFile)) {
403 // If a recycler is found, the deleted items is moved to the recycler and not just deleted.
404 $newCmds = Array();
405 $newCmds['data'] = $theFile;
406 $newCmds['target'] = $recyclerPath;
407 $newCmds['altName'] = 1;
408 $this->func_move($newCmds);
409 $this->writelog(4, 0, 4, 'Item "%s" moved to recycler at "%s"', Array($theFile, $recyclerPath));
410 return TRUE;
411 } elseif ($this->useRecycler != 2) { // if $this->useRecycler==2 then we cannot delete for real!!
412 if (@is_file($theFile)) { // If we are deleting a file...
413 if ($this->actionPerms['deleteFile']) {
414 if ($this->checkPathAgainstMounts($theFile)) {
415 if (@unlink($theFile)) {
416 $this->writelog(4, 0, 1, 'File "%s" deleted', Array($theFile));
417 return TRUE;
418 } else {
419 $this->writelog(4, 1, 110, 'Could not delete file "%s". Write-permission problem?', Array($theFile));
420 }
421 } else {
422 $this->writelog(4, 1, 111, 'Target was not within your mountpoints! T="%s"', Array($theFile));
423 }
424 } else {
425 $this->writelog(4, 1, 112, 'You are not allowed to delete files', '');
426 }
427 // FINISHED deleting file
428
429 } elseif (@is_dir($theFile)) { // if we're deleting a folder
430 if ($this->actionPerms['deleteFolder']) {
431 $theFile = $this->is_directory($theFile);
432 if ($theFile) {
433 if ($this->checkPathAgainstMounts($theFile)) { // I choose not to append '/' to $theFile here as this will prevent us from deleting mounts!! (which makes sense to me...)
434 if ($this->actionPerms['deleteFolderRecursively']) {
435 if (t3lib_div::rmdir($theFile, TRUE)) {
436 $this->writelog(4, 0, 2, 'Directory "%s" deleted recursively!', Array($theFile));
437 return TRUE;
438 } else {
439 $this->writelog(4, 2, 119, 'Directory "%s" WAS NOT deleted recursively! Write-permission problem?', Array($theFile));
440 }
441 } else {
442 if (@rmdir($theFile)) {
443 $this->writelog(4, 0, 3, 'Directory "%s" deleted', Array($theFile));
444 return TRUE;
445 } else {
446 $this->writelog(4, 1, 120, 'Could not delete directory! Write-permission problem? Is directory "%s" empty? (You are not allowed to delete directories recursively).', Array($theFile));
447 }
448 }
449 } else {
450 $this->writelog(4, 1, 121, 'Target was not within your mountpoints! T="%s"', Array($theFile));
451 }
452 } else {
453 $this->writelog(4, 2, 122, 'Target seemed not to be a directory! (Shouldn\'t happen here!)', '');
454 }
455 } else {
456 $this->writelog(4, 1, 123, 'You are not allowed to delete directories', '');
457 }
458 // FINISHED copying directory
459
460 } else {
461 $this->writelog(4, 2, 130, 'The item was not a file or directory! "%s"', Array($theFile));
462 }
463 } else {
464 $this->writelog(4, 1, 131, 'No recycler found!', '');
465 }
466 }
467
468 /**
469 * Copying files and folders (action=2)
470 *
471 * @param array $cmds['data'] is the file/folder to copy. $cmds['target'] is the path where to copy to. $cmds['altName'] (boolean): If set, another filename is found in case the target already exists
472 * @return string Returns the new filename upon success
473 */
474 function func_copy($cmds) {
475 if (!$this->isInit) {
476 return FALSE;
477 }
478
479 // Initialize and check basic conditions:
480 $theFile = $cmds['data'];
481 $theDest = $this->is_directory($cmds['target']); // Clean up destination directory
482 $altName = $cmds['altName'];
483 if (!$theDest) {
484 $this->writelog(2, 2, 100, 'Destination "%s" was not a directory', Array($cmds['target']));
485 return FALSE;
486 }
487 if (!$this->isPathValid($theFile) || !$this->isPathValid($theDest)) {
488 $this->writelog(2, 2, 101, 'Target or destination had invalid path (".." and "//" is not allowed in path). T="%s", D="%s"', Array($theFile, $theDest));
489 return FALSE;
490 }
491
492 // Processing of file or directory.
493 if (@is_file($theFile)) { // If we are copying a file...
494 if ($this->actionPerms['copyFile']) {
495 if (filesize($theFile) < ($this->maxCopyFileSize * 1024)) {
496 $fI = t3lib_div::split_fileref($theFile);
497 if ($altName) { // If altName is set, we're allowed to create a new filename if the file already existed
498 $theDestFile = $this->getUniqueName($fI['file'], $theDest);
499 $fI = t3lib_div::split_fileref($theDestFile);
500 } else {
501 $theDestFile = $theDest . '/' . $fI['file'];
502 }
503 if ($theDestFile && !file_exists($theDestFile)) {
504 if ($this->checkIfAllowed($fI['fileext'], $theDest, $fI['file'])) {
505 if ($this->checkPathAgainstMounts($theDestFile) && $this->checkPathAgainstMounts($theFile)) {
506 if ($this->PHPFileFunctions) {
507 copy($theFile, $theDestFile);
508 } else {
509 $cmd = 'cp "' . $theFile . '" "' . $theDestFile . '"';
510 t3lib_utility_Command::exec($cmd);
511 }
512 t3lib_div::fixPermissions($theDestFile);
513 clearstatcache();
514 if (@is_file($theDestFile)) {
515 $this->writelog(2, 0, 1, 'File "%s" copied to "%s"', Array($theFile, $theDestFile));
516 return $theDestFile;
517 } else {
518 $this->writelog(2, 2, 109, 'File "%s" WAS NOT copied to "%s"! Write-permission problem?', Array($theFile, $theDestFile));
519 }
520 } else {
521 $this->writelog(2, 1, 110, 'Target or destination was not within your mountpoints! T="%s", D="%s"', Array($theFile, $theDestFile));
522 }
523 } else {
524 $this->writelog(2, 1, 111, 'Extension of file name "%s" is not allowed in "%s"!', Array($fI['file'], $theDest . '/'));
525 }
526 } else {
527 $this->writelog(2, 1, 112, 'File "%s" already exists!', Array($theDestFile));
528 }
529 } else {
530 $this->writelog(2, 1, 113, 'File "%s" exceeds the size-limit of %s bytes', Array($theFile, $this->maxCopyFileSize * 1024));
531 }
532 } else {
533 $this->writelog(2, 1, 114, 'You are not allowed to copy files', '');
534 }
535 // FINISHED copying file
536
537 } elseif (@is_dir($theFile) && !$this->dont_use_exec_commands) { // if we're copying a folder
538 if ($this->actionPerms['copyFolder']) {
539 $theFile = $this->is_directory($theFile);
540 if ($theFile) {
541 $fI = t3lib_div::split_fileref($theFile);
542 if ($altName) { // If altName is set, we're allowed to create a new filename if the file already existed
543 $theDestFile = $this->getUniqueName($fI['file'], $theDest);
544 $fI = t3lib_div::split_fileref($theDestFile);
545 } else {
546 $theDestFile = $theDest . '/' . $fI['file'];
547 }
548 if ($theDestFile && !file_exists($theDestFile)) {
549 if (!t3lib_div::isFirstPartOfStr($theDestFile . '/', $theFile . '/')) { // Check if the one folder is inside the other or on the same level... to target/dest is the same?
550 if ($this->checkIfFullAccess($theDest) || $this->is_webPath($theDestFile) == $this->is_webPath($theFile)) { // no copy of folders between spaces
551 if ($this->checkPathAgainstMounts($theDestFile) && $this->checkPathAgainstMounts($theFile)) {
552 // No way to do this under windows!
553 $cmd = 'cp -R "' . $theFile . '" "' . $theDestFile . '"';
554 t3lib_utility_Command::exec($cmd);
555 clearstatcache();
556 if (@is_dir($theDestFile)) {
557 $this->writelog(2, 0, 2, 'Directory "%s" copied to "%s"', Array($theFile, $theDestFile));
558 return $theDestFile;
559 } else {
560 $this->writelog(2, 2, 119, 'Directory "%s" WAS NOT copied to "%s"! Write-permission problem?', Array($theFile, $theDestFile));
561 }
562 } else {
563 $this->writelog(2, 1, 120, 'Target or destination was not within your mountpoints! T="%s", D="%s"', Array($theFile, $theDestFile));
564 }
565 } else {
566 $this->writelog(2, 1, 121, 'You don\'t have full access to the destination directory "%s"!', Array($theDest . '/'));
567 }
568 } else {
569 $this->writelog(2, 1, 122, 'Destination cannot be inside the target! D="%s", T="%s"', Array($theDestFile . '/', $theFile . '/'));
570 }
571 } else {
572 $this->writelog(2, 1, 123, 'Target "%s" already exists!', Array($theDestFile));
573 }
574 } else {
575 $this->writelog(2, 2, 124, 'Target seemed not to be a directory! (Shouldn\'t happen here!)', '');
576 }
577 } else {
578 $this->writelog(2, 1, 125, 'You are not allowed to copy directories', '');
579 }
580 // FINISHED copying directory
581
582 } else {
583 $this->writelog(2, 2, 130, 'The item "%s" was not a file or directory!', Array($theFile));
584 }
585 }
586
587 /**
588 * Moving files and folders (action=3)
589 *
590 * @param array $cmds['data'] is the file/folder to move. $cmds['target'] is the path where to move to. $cmds['altName'] (boolean): If set, another filename is found in case the target already exists
591 * @return string Returns the new filename upon success
592 */
593 function func_move($cmds) {
594 if (!$this->isInit) {
595 return FALSE;
596 }
597
598 // Initialize and check basic conditions:
599 $theFile = $cmds['data'];
600 $theDest = $this->is_directory($cmds['target']); // Clean up destination directory
601 $altName = $cmds['altName'];
602 if (!$theDest) {
603 $this->writelog(3, 2, 100, 'Destination "%s" was not a directory', Array($cmds['target']));
604 return FALSE;
605 }
606 if (!$this->isPathValid($theFile) || !$this->isPathValid($theDest)) {
607 $this->writelog(3, 2, 101, 'Target or destination had invalid path (".." and "//" is not allowed in path). T="%s", D="%s"', Array($theFile, $theDest));
608 return FALSE;
609 }
610
611 // Processing of file or directory:
612 if (@is_file($theFile)) { // If we are moving a file...
613 if ($this->actionPerms['moveFile']) {
614 if (filesize($theFile) < ($this->maxMoveFileSize * 1024)) {
615 $fI = t3lib_div::split_fileref($theFile);
616 if ($altName) { // If altName is set, we're allowed to create a new filename if the file already existed
617 $theDestFile = $this->getUniqueName($fI['file'], $theDest);
618 $fI = t3lib_div::split_fileref($theDestFile);
619 } else {
620 $theDestFile = $theDest . '/' . $fI['file'];
621 }
622 if ($theDestFile && !file_exists($theDestFile)) {
623 if ($this->checkIfAllowed($fI['fileext'], $theDest, $fI['file'])) {
624 if ($this->checkPathAgainstMounts($theDestFile) && $this->checkPathAgainstMounts($theFile)) {
625 if ($this->PHPFileFunctions) {
626 @rename($theFile, $theDestFile);
627 } else {
628 $cmd = 'mv "' . $theFile . '" "' . $theDestFile . '"';
629 t3lib_utility_Command::exec($cmd);
630 }
631 clearstatcache();
632 if (@is_file($theDestFile)) {
633 $this->writelog(3, 0, 1, 'File "%s" moved to "%s"', Array($theFile, $theDestFile));
634 return $theDestFile;
635 } else {
636 $this->writelog(3, 2, 109, 'File "%s" WAS NOT moved to "%s"! Write-permission problem?', Array($theFile, $theDestFile));
637 }
638 } else {
639 $this->writelog(3, 1, 110, 'Target or destination was not within your mountpoints! T="%s", D="%s"', Array($theFile, $theDestFile));
640 }
641 } else {
642 $this->writelog(3, 1, 111, 'Extension of file name "%s" is not allowed in "%s"!', Array($fI['file'], $theDest . '/'));
643 }
644 } else {
645 $this->writelog(3, 1, 112, 'File "%s" already exists!', Array($theDestFile));
646 }
647 } else {
648 $this->writelog(3, 1, 113, 'File "%s" exceeds the size-limit of %s bytes', Array($theFile, $this->maxMoveFileSize * 1024));
649 }
650 } else {
651 $this->writelog(3, 1, 114, 'You are not allowed to move files', '');
652 }
653 // FINISHED moving file
654
655 } elseif (@is_dir($theFile)) { // if we're moving a folder
656 if ($this->actionPerms['moveFolder']) {
657 $theFile = $this->is_directory($theFile);
658 if ($theFile) {
659 $fI = t3lib_div::split_fileref($theFile);
660 if ($altName) { // If altName is set, we're allowed to create a new filename if the file already existed
661 $theDestFile = $this->getUniqueName($fI['file'], $theDest);
662 $fI = t3lib_div::split_fileref($theDestFile);
663 } else {
664 $theDestFile = $theDest . '/' . $fI['file'];
665 }
666 if ($theDestFile && !file_exists($theDestFile)) {
667 if (!t3lib_div::isFirstPartOfStr($theDestFile . '/', $theFile . '/')) { // Check if the one folder is inside the other or on the same level... to target/dest is the same?
668 if ($this->checkIfFullAccess($theDest) || $this->is_webPath($theDestFile) == $this->is_webPath($theFile)) { // // no moving of folders between spaces
669 if ($this->checkPathAgainstMounts($theDestFile) && $this->checkPathAgainstMounts($theFile)) {
670 if ($this->PHPFileFunctions) {
671 @rename($theFile, $theDestFile);
672 } else {
673 $cmd = 'mv "' . $theFile . '" "' . $theDestFile . '"';
674 $errArr = array();
675 t3lib_utility_Command::exec($cmd, $errArr);
676 }
677 clearstatcache();
678 if (@is_dir($theDestFile)) {
679 $this->writelog(3, 0, 2, 'Directory "%s" moved to "%s"', Array($theFile, $theDestFile));
680 return $theDestFile;
681 } else {
682 $this->writelog(3, 2, 119, 'Directory "%s" WAS NOT moved to "%s"! Write-permission problem?', Array($theFile, $theDestFile));
683 }
684 } else {
685 $this->writelog(3, 1, 120, 'Target or destination was not within your mountpoints! T="%s", D="%s"', Array($theFile, $theDestFile));
686 }
687 } else {
688 $this->writelog(3, 1, 121, 'You don\'t have full access to the destination directory "%s"!', Array($theDest . '/'));
689 }
690 } else {
691 $this->writelog(3, 1, 122, 'Destination cannot be inside the target! D="%s", T="%s"', Array($theDestFile . '/', $theFile . '/'));
692 }
693 } else {
694 $this->writelog(3, 1, 123, 'Target "%s" already exists!', Array($theDestFile));
695 }
696 } else {
697 $this->writelog(3, 2, 124, 'Target seemed not to be a directory! (Shouldn\'t happen here!)', '');
698 }
699 } else {
700 $this->writelog(3, 1, 125, 'You are not allowed to move directories', '');
701 }
702 // FINISHED moving directory
703
704 } else {
705 $this->writelog(3, 2, 130, 'The item "%s" was not a file or directory!', Array($theFile));
706 }
707 }
708
709 /**
710 * Renaming files or foldes (action=5)
711 *
712 * @param array $cmds['data'] is the new name. $cmds['target'] is the target (file or dir).
713 * @return string Returns the new filename upon success
714 */
715 function func_rename($cmds) {
716 if (!$this->isInit) {
717 return FALSE;
718 }
719
720 $theNewName = $this->cleanFileName($cmds['data']);
721 if ($theNewName) {
722 if ($this->checkFileNameLen($theNewName)) {
723 $theTarget = $cmds['target'];
724 $type = filetype($theTarget);
725 if ($type == 'file' || $type == 'dir') { // $type MUST BE file or dir
726 $fileInfo = t3lib_div::split_fileref($theTarget); // Fetches info about path, name, extention of $theTarget
727 if ($fileInfo['file'] != $theNewName) { // The name should be different from the current. And the filetype must be allowed
728 $theRenameName = $fileInfo['path'] . $theNewName;
729 if ($this->checkPathAgainstMounts($fileInfo['path'])) {
730 if (!file_exists($theRenameName)) {
731 if ($type == 'file') {
732 if ($this->actionPerms['renameFile']) {
733 $fI = t3lib_div::split_fileref($theRenameName);
734 if ($this->checkIfAllowed($fI['fileext'], $fileInfo['path'], $fI['file'])) {
735 if (@rename($theTarget, $theRenameName)) {
736 $this->writelog(5, 0, 1, 'File renamed from "%s" to "%s"', Array($fileInfo['file'], $theNewName));
737 return $theRenameName;
738 } else {
739 $this->writelog(5, 1, 100, 'File "%s" was not renamed! Write-permission problem in "%s"?', Array($theTarget, $fileInfo['path']));
740 }
741 } else {
742 $this->writelog(5, 1, 101, 'Extension of file name "%s" was not allowed!', Array($fI['file']));
743 }
744 } else {
745 $this->writelog(5, 1, 102, 'You are not allowed to rename files!', '');
746 }
747 } elseif ($type == 'dir') {
748 if ($this->actionPerms['renameFolder']) {
749 if (@rename($theTarget, $theRenameName)) {
750 $this->writelog(5, 0, 2, 'Directory renamed from "%s" to "%s"', Array($fileInfo['file'], $theNewName));
751 return $theRenameName;
752 } else {
753 $this->writelog(5, 1, 110, 'Directory "%s" was not renamed! Write-permission problem in "%s"?', Array($theTarget, $fileInfo['path']));
754 }
755 } else {
756 $this->writelog(5, 1, 111, 'You are not allowed to rename directories!', '');
757 }
758 }
759 } else {
760 $this->writelog(5, 1, 120, 'Destination "%s" existed already!', Array($theRenameName));
761 }
762 } else {
763 $this->writelog(5, 1, 121, 'Destination path "%s" was not within your mountpoints!', Array($fileInfo['path']));
764 }
765 } else {
766 $this->writelog(5, 1, 122, 'Old and new name is the same (%s)', Array($theNewName));
767 }
768 } else {
769 $this->writelog(5, 2, 123, 'Target "%s" was neither a directory nor a file!', Array($theTarget));
770 }
771 } else {
772 $this->writelog(5, 1, 124, 'New name "%s" was too long (max %s characters)', Array($theNewName, $this->maxInputNameLen));
773 }
774 }
775 }
776
777 /**
778 * This creates a new folder. (action=6)
779 *
780 * @param array $cmds['data'] is the foldername. $cmds['target'] is the path where to create it.
781 * @return string Returns the new foldername upon success
782 */
783 function func_newfolder($cmds) {
784 if (!$this->isInit) {
785 return FALSE;
786 }
787
788 $theFolder = $this->cleanFileName($cmds['data']);
789 if (isset($theFolder) && trim($theFolder) != '') {
790 if ($this->checkFileNameLen($theFolder)) {
791 $theTarget = $this->is_directory($cmds['target']); // Check the target dir
792 if ($theTarget) {
793 if ($this->actionPerms['newFolder']) {
794 $theNewFolder = $theTarget . '/' . $theFolder;
795 if ($this->checkPathAgainstMounts($theNewFolder)) {
796 if (!file_exists($theNewFolder)) {
797 if (t3lib_div::mkdir($theNewFolder)) {
798 $this->writelog(6, 0, 1, 'Directory "%s" created in "%s"', Array($theFolder, $theTarget . '/'));
799 return $theNewFolder;
800 } else {
801 $this->writelog(6, 1, 100, 'Directory "%s" not created. Write-permission problem in "%s"?', Array($theFolder, $theTarget . '/'));
802 }
803 } else {
804 $this->writelog(6, 1, 101, 'File or directory "%s" existed already!', Array($theNewFolder));
805 }
806 } else {
807 $this->writelog(6, 1, 102, 'Destination path "%s" was not within your mountpoints!', Array($theTarget . '/'));
808 }
809 } else {
810 $this->writelog(6, 1, 103, 'You are not allowed to create directories!', '');
811 }
812 } else {
813 $this->writelog(6, 2, 104, 'Destination "%s" was not a directory', Array($cmds['target']));
814 }
815 } else {
816 $this->writelog(6, 1, 105, 'New name "%s" was too long (max %s characters)', Array($theFolder, $this->maxInputNameLen));
817 }
818 }
819 }
820
821 /**
822 * This creates a new file. (action=8)
823 *
824 * @param array $cmds['data'] is the new filename. $cmds['target'] is the path where to create it
825 * @return string Returns the new filename upon success
826 */
827 function func_newfile($cmds) {
828 $extList = $GLOBALS['TYPO3_CONF_VARS']['SYS']['textfile_ext'];
829 if (!$this->isInit) {
830 return FALSE;
831 }
832 $newName = $this->cleanFileName($cmds['data']);
833 if ($newName) {
834 if ($this->checkFileNameLen($newName)) {
835 $theTarget = $this->is_directory($cmds['target']); // Check the target dir
836 $fileInfo = t3lib_div::split_fileref($theTarget); // Fetches info about path, name, extention of $theTarget
837 if ($theTarget) {
838 if ($this->actionPerms['newFile']) {
839 $theNewFile = $theTarget . '/' . $newName;
840 if ($this->checkPathAgainstMounts($theNewFile)) {
841 if (!file_exists($theNewFile)) {
842 $fI = t3lib_div::split_fileref($theNewFile);
843 if ($this->checkIfAllowed($fI['fileext'], $fileInfo['path'], $fI['file'])) {
844 if (t3lib_div::inList($extList, $fI['fileext'])) {
845 if (t3lib_div::writeFile($theNewFile, '')) {
846 clearstatcache();
847 $this->writelog(8, 0, 1, 'File created: "%s"', Array($fI['file']));
848 return $theNewFile;
849 } else {
850 $this->writelog(8, 1, 100, 'File "%s" was not created! Write-permission problem in "%s"?', Array($fI['file'], $theTarget));
851 }
852 } else {
853 $this->writelog(8, 1, 107, 'File extension "%s" is not a textfile format! (%s)', Array($fI['fileext'], $extList));
854 }
855 } else {
856 $this->writelog(8, 1, 106, 'Extension of file name "%s" was not allowed!', Array($fI['file']));
857 }
858 } else {
859 $this->writelog(8, 1, 101, 'File "%s" existed already!', Array($theNewFile));
860 }
861 } else {
862 $this->writelog(8, 1, 102, 'Destination path "%s" was not within your mountpoints!', Array($theTarget . '/'));
863 }
864 } else {
865 $this->writelog(8, 1, 103, 'You are not allowed to create files!', '');
866 }
867 } else {
868 $this->writelog(8, 2, 104, 'Destination "%s" was not a directory', Array($cmds['target']));
869 }
870 } else {
871 $this->writelog(8, 1, 105, 'New name "%s" was too long (max %s characters)', Array($newName, $this->maxInputNameLen));
872 }
873 }
874 }
875
876 /**
877 * Editing textfiles or folders (action=9)
878 *
879 * @param array $cmds['data'] is the new content. $cmds['target'] is the target (file or dir)
880 * @return boolean Returns true on success
881 */
882 function func_edit($cmds) {
883 if (!$this->isInit) {
884 return FALSE;
885 }
886 $theTarget = $cmds['target'];
887 $content = $cmds['data'];
888 $extList = $GLOBALS['TYPO3_CONF_VARS']['SYS']['textfile_ext'];
889 $type = filetype($theTarget);
890 if ($type == 'file') { // $type MUST BE file
891 $fileInfo = t3lib_div::split_fileref($theTarget); // Fetches info about path, name, extention of $theTarget
892 $fI = $fileInfo;
893 if ($this->checkPathAgainstMounts($fileInfo['path'])) {
894 if ($this->actionPerms['editFile']) {
895 $fI = t3lib_div::split_fileref($theTarget);
896 if ($this->checkIfAllowed($fI['fileext'], $fileInfo['path'], $fI['file'])) {
897 if (t3lib_div::inList($extList, $fileInfo['fileext'])) {
898 if (t3lib_div::writeFile($theTarget, $content)) {
899 clearstatcache();
900 $this->writelog(9, 0, 1, 'File saved to "%s", bytes: %s, MD5: %s ', Array($fileInfo['file'], @filesize($theTarget), md5($content)));
901 return TRUE;
902 } else {
903 $this->writelog(9, 1, 100, 'File "%s" was not saved! Write-permission problem in "%s"?', Array($theTarget, $fileInfo['path']));
904 }
905 } else {
906 $this->writelog(9, 1, 102, 'File extension "%s" is not a textfile format! (%s)', Array($fI['fileext'], $extList));
907 }
908 } else {
909 $this->writelog(9, 1, 103, 'Extension of file name "%s" was not allowed!', Array($fI['file']));
910 }
911 } else {
912 $this->writelog(9, 1, 104, 'You are not allowed to edit files!', '');
913 }
914 } else {
915 $this->writelog(9, 1, 121, 'Destination path "%s" was not within your mountpoints!', Array($fileInfo['path']));
916 }
917 } else {
918 $this->writelog(9, 2, 123, 'Target "%s" was not a file!', Array($theTarget));
919 }
920 }
921
922 /**
923 * Upload of files (action=1)
924 *
925 * @param array $cmds['data'] is the ID-number (points to the global var that holds the filename-ref ($_FILES['upload_'.$id]['name']). $cmds['target'] is the target directory, $cmds['charset'] is the the character set of the file name (utf-8 is needed for JS-interaction)
926 * @return string Returns the new filename upon success
927 */
928 function func_upload($cmds) {
929 if (!$this->isInit) {
930 return FALSE;
931 }
932 $id = $cmds['data'];
933 if ($_FILES['upload_' . $id]['name']) {
934 $theFile = $_FILES['upload_' . $id]['tmp_name']; // filename of the uploaded file
935 $theFileSize = $_FILES['upload_' . $id]['size']; // filesize of the uploaded file
936 $theName = $this->cleanFileName(stripslashes($_FILES['upload_' . $id]['name']), (isset($cmds['charset']) ? $cmds['charset'] : '')); // The original filename
937 if (is_uploaded_file($theFile) && $theName) { // Check the file
938 if ($this->actionPerms['uploadFile']) {
939 if ($theFileSize < ($this->maxUploadFileSize * 1024)) {
940 $fI = t3lib_div::split_fileref($theName);
941 $theTarget = $this->is_directory($cmds['target']); // Check the target dir
942 if ($theTarget && $this->checkPathAgainstMounts($theTarget . '/')) {
943 if ($this->checkIfAllowed($fI['fileext'], $theTarget, $fI['file'])) {
944 $theNewFile = $this->getUniqueName($theName, $theTarget, $this->dontCheckForUnique);
945 if ($theNewFile) {
946 t3lib_div::upload_copy_move($theFile, $theNewFile);
947 clearstatcache();
948 if (@is_file($theNewFile)) {
949 $this->internalUploadMap[$id] = $theNewFile;
950 $this->writelog(1, 0, 1, 'Uploading file "%s" to "%s"', Array($theName, $theNewFile, $id));
951 return $theNewFile;
952 } else {
953 $this->writelog(1, 1, 100, 'Uploaded file could not be moved! Write-permission problem in "%s"?', Array($theTarget . '/'));
954 }
955 } else {
956 $this->writelog(1, 1, 101, 'No unique filename available in "%s"!', Array($theTarget . '/'));
957 }
958 } else {
959 $this->writelog(1, 1, 102, 'Extension of file name "%s" is not allowed in "%s"!', Array($fI['file'], $theTarget . '/'));
960 }
961 } else {
962 $this->writelog(1, 1, 103, 'Destination path "%s" was not within your mountpoints!', Array($theTarget . '/'));
963 }
964 } else {
965 $this->writelog(1, 1, 104, 'The uploaded file exceeds the size-limit of %s bytes', Array($this->maxUploadFileSize * 1024));
966 }
967 } else {
968 $this->writelog(1, 1, 105, 'You are not allowed to upload files!', '');
969 }
970 } else {
971 $this->writelog(1, 2, 106, 'The upload has failed, no uploaded file found!', '');
972 }
973 } else {
974 $this->writelog(1, 2, 108, 'No file was uploaded!', '');
975 }
976 }
977
978 /**
979 * Unzipping file (action=7)
980 * This is permitted only if the user has fullAccess or if the file resides
981 *
982 * @param array $cmds['data'] is the zip-file. $cmds['target'] is the target directory. If not set we'll default to the same directory as the file is in.
983 * @return boolean Returns true on success
984 */
985 function func_unzip($cmds) {
986 if (!$this->isInit || $this->dont_use_exec_commands) {
987 return FALSE;
988 }
989
990 $theFile = $cmds['data'];
991 if (@is_file($theFile)) {
992 $fI = t3lib_div::split_fileref($theFile);
993 if (!isset($cmds['target'])) {
994 $cmds['target'] = $fI['path'];
995 }
996 $theDest = $this->is_directory($cmds['target']); // Clean up destination directory
997 if ($theDest) {
998 if ($this->actionPerms['unzipFile']) {
999 if ($fI['fileext'] == 'zip') {
1000 if ($this->checkIfFullAccess($theDest)) {
1001 if ($this->checkPathAgainstMounts($theFile) && $this->checkPathAgainstMounts($theDest . '/')) {
1002 // No way to do this under windows.
1003 $unzipParameters = ' -qq "' . $theFile . '" -d "' . $theDest . '"';
1004 // for compatiblity reasons, we have to accept the full path of the unzip command
1005 // or the directory containing the unzip binary
1006 if (substr($this->unzipPath, -1) === '/') {
1007 $cmd = $this->unzipPath . 'unzip ' . $unzipParameters;
1008 } else {
1009 $cmd = $this->unzipPath . $unzipParameters;
1010 }
1011 t3lib_utility_Command::exec($cmd);
1012 $this->writelog(7, 0, 1, 'Unzipping file "%s" in "%s"', Array($theFile, $theDest));
1013 return TRUE;
1014 } else {
1015 $this->writelog(7, 1, 100, 'File "%s" or destination "%s" was not within your mountpoints!', Array($theFile, $theDest));
1016 }
1017 } else {
1018 $this->writelog(7, 1, 101, 'You don\'t have full access to the destination directory "%s"!', Array($theDest));
1019 }
1020 } else {
1021 $this->writelog(7, 1, 102, 'File extension is not "zip"', '');
1022 }
1023 } else {
1024 $this->writelog(7, 1, 103, 'You are not allowed to unzip files', '');
1025 }
1026 } else {
1027 $this->writelog(7, 2, 104, 'Destination "%s" was not a directory', Array($cmds['target']));
1028 }
1029 } else {
1030 $this->writelog(7, 2, 105, 'The file "%s" did not exist!', Array($theFile));
1031 }
1032 }
1033 }
1034
1035 if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_extfilefunc.php'])) {
1036 include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_extfilefunc.php']);
1037 }
1038
1039 ?>