io.php

<?php
/*
 * FCKeditor - The text editor for Internet - http://www.fckeditor.net
 * Copyright (C) 2003-2010 Frederico Caldeira Knabben
 *
 * == BEGIN LICENSE ==
 *
 * Licensed under the terms of any of the following licenses at your
 * choice:
 *
 *  - GNU General Public License Version 2 or later (the "GPL")
 *    https://www.gnu.org/licenses/gpl.html
 *
 *  - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
 *    https://www.gnu.org/licenses/lgpl.html
 *
 *  - Mozilla Public License Version 1.1 or later (the "MPL")
 *    http://www.mozilla.org/MPL/MPL-1.1.html
 *
 * == END LICENSE ==
 *
 * This is the File Manager Connector for PHP.
 */

function CombinePaths($sBasePath, $sFolder)
{
  return RemoveFromEnd($sBasePath, '/').'/'.RemoveFromStart($sFolder, '/');
}
function GetResourceTypePath($resourceType, $sCommand)
{
  global $Config;

  if ($sCommand == "QuickUpload")
    return $Config['QuickUploadPath'][$resourceType];
  else return $Config['FileTypesPath'][$resourceType];
}

function GetResourceTypeDirectory($resourceType, $sCommand)
{
  global $Config;
  if ($sCommand == "QuickUpload")
  {
    if (strlen($Config['QuickUploadAbsolutePath'][$resourceType]) > 0)
      return $Config['QuickUploadAbsolutePath'][$resourceType];

    // Map the "UserFiles" path to a local directory.
    return Server_MapPath($Config['QuickUploadPath'][$resourceType]);
  } else {
    if (strlen($Config['FileTypesAbsolutePath'][$resourceType]) > 0)
      return $Config['FileTypesAbsolutePath'][$resourceType];

    // Map the "UserFiles" path to a local directory.
    return Server_MapPath($Config['FileTypesPath'][$resourceType]);
  }
}

function GetUrlFromPath($resourceType, $folderPath, $sCommand)
{
  return CombinePaths(GetResourceTypePath($resourceType, $sCommand), $folderPath);
}

function RemoveExtension($fileName)
{
  return substr($fileName, 0, strrpos($fileName, '.'));
}
function ServerMapFolder($resourceType, $folderPath, $sCommand)
{
  // Get the resource type directory.
  $sResourceTypePath = GetResourceTypeDirectory($resourceType, $sCommand);

  // Ensure that the directory exists.
  $sErrorMsg = CreateServerFolder($sResourceTypePath);
  if ($sErrorMsg != '')
    SendError(1, "Error creating folder \"{$sResourceTypePath}\" ({$sErrorMsg})");

  // Return the resource type directory combined with the required path.
  return CombinePaths($sResourceTypePath, $folderPath);
}

function GetParentFolder($folderPath)
{
  $sPattern = "-[/\\\\][^/\\\\]+[/\\\\]?$-";
  return preg_replace($sPattern, '', $folderPath);
}

function CreateServerFolder($folderPath, $lastFolder = null)
{
  global $Config;
  $sParent = GetParentFolder($folderPath);

  // Ensure the folder path has no double-slashes, or mkdir may fail on certain platforms
  while (strpos($folderPath, '//') !== false)
  {
    $folderPath = str_replace('//', '/', $folderPath);
  }

  // Check if the parent exists, or create it.
  if (!empty($sParent) && !file_exists($sParent))
  {
    //prevents agains infinite loop when we can't create root folder
    if (!is_null($lastFolder) && $lastFolder === $sParent) {
      return "Can't create $folderPath directory";
    }

    $sErrorMsg = CreateServerFolder($sParent, $folderPath);
    if ($sErrorMsg != '')
      return $sErrorMsg;
  }

  if (!file_exists($folderPath))
  {
    // Turn off all error reporting.
    error_reporting(0);

    $php_errormsg = '';
    // Enable error tracking to catch the error.
    ini_set('track_errors', '1');

    if (isset($Config['ChmodOnFolderCreate']) && !$Config['ChmodOnFolderCreate'])
    {
      mkdir($folderPath);
    } else {
      $permissions = '0777';
      if (isset($Config['ChmodOnFolderCreate']) && $Config['ChmodOnFolderCreate'])
      {
        $permissions = (string) $Config['ChmodOnFolderCreate'];
      }
      $permissionsdec = octdec($permissions);
      $permissionsdec |= octdec('0111'); // Set x bit required for directories
      dol_syslog("io.php permission = ".$permissions." ".$permissionsdec." ".decoct($permissionsdec));
      // To create the folder with 0777 permissions, we need to set umask to zero.
      $oldumask = umask(0);
      mkdir($folderPath, $permissionsdec);
      umask($oldumask);
    }

    $sErrorMsg = $php_errormsg;

    // Restore the configurations.
    ini_restore('track_errors');
    ini_restore('error_reporting');

    return $sErrorMsg;
  } else return '';
}

function GetRootPath()
{
  if (!isset($_SERVER)) {
    global $_SERVER;
  }
  $sRealPath = realpath('./');
  // #2124 ensure that no slash is at the end
  $sRealPath = rtrim($sRealPath, "\\/");

  $sSelfPath = $_SERVER['PHP_SELF'];
  $sSelfPath = substr($sSelfPath, 0, strrpos($sSelfPath, '/'));

  $sSelfPath = str_replace('/', DIRECTORY_SEPARATOR, $sSelfPath);

  $position = strpos($sRealPath, $sSelfPath);

  // This can check only that this script isn't run from a virtual dir
  // But it avoids the problems that arise if it isn't checked
  if ($position === false || $position <> strlen($sRealPath) - strlen($sSelfPath))
    SendError(1, 'Sorry, can\'t map "UserFilesPath" to a physical path. You must set the "UserFilesAbsolutePath" value in "editor/filemanager/connectors/php/config.php".');

  return substr($sRealPath, 0, $position);
}

function Server_MapPath($path)
{
  // This function is available only for Apache
  if (function_exists('apache_lookup_uri')) {
    $info = apache_lookup_uri($path);
    return $info->filename.$info->path_info;
  }

  // This isn't correct but for the moment there's no other solution
  // If this script is under a virtual directory or symlink it will detect the problem and stop
  return GetRootPath().$path;
}

function IsAllowedExt($sExtension, $resourceType)
{
  global $Config;
  // Get the allowed and denied extensions arrays.
  $arAllowed = $Config['AllowedExtensions'][$resourceType];
  $arDenied = $Config['DeniedExtensions'][$resourceType];

  if (count($arAllowed) > 0 && !in_array($sExtension, $arAllowed))
    return false;

  if (count($arDenied) > 0 && in_array($sExtension, $arDenied))
    return false;

  return true;
}

function IsAllowedType($resourceType)
{
  global $Config;
  if (!in_array($resourceType, $Config['ConfigAllowedTypes']))
    return false;

  return true;
}

function IsAllowedCommand($sCommand)
{
  global $Config;

  if (!in_array($sCommand, $Config['ConfigAllowedCommands']))
    return false;

  return true;
}

function GetCurrentFolder()
{
  if (!isset($_GET)) {
    global $_GET;
  }
  $sCurrentFolder = isset($_GET['CurrentFolder']) ? GETPOST('CurrentFolder', '', 1) : '/';

  // Check the current folder syntax (must begin and start with a slash).
  if (!preg_match('|/$|', $sCurrentFolder))
    $sCurrentFolder .= '/';
  if (strpos($sCurrentFolder, '/') !== 0)
    $sCurrentFolder = '/'.$sCurrentFolder;

  // Ensure the folder path has no double-slashes
  while (strpos($sCurrentFolder, '//') !== false) {
    $sCurrentFolder = str_replace('//', '/', $sCurrentFolder);
  }

  // Check for invalid folder paths (..)
  if (strpos($sCurrentFolder, '..') || strpos($sCurrentFolder, "\\"))
    SendError(102, '');

  if (preg_match(",(/\.)|[[:cntrl:]]|(//)|(\\\\)|([\:\*\?\"<>\|]),", $sCurrentFolder))
    SendError(102, '');

  return $sCurrentFolder;
}

function SanitizeFolderName($sNewFolderName)
{
  $sNewFolderName = stripslashes($sNewFolderName);

  // Remove . \ / | : ? * " < >
  $sNewFolderName = preg_replace('/\\.|\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFolderName);

  return $sNewFolderName;
}

function SanitizeFileName($sNewFileName)
{
  global $Config;

  $sNewFileName = stripslashes($sNewFileName);

  // Replace dots in the name with underscores (only one dot can be there... security issue).
  if ($Config['ForceSingleExtension'])
    $sNewFileName = preg_replace('/\\.(?![^.]*$)/', '_', $sNewFileName);

  // Remove \ / | : ? * " < >
  $sNewFileName = preg_replace('/\\\\|\\/|\\||\\:|\\?|\\*|"|<|>|[[:cntrl:]]/', '_', $sNewFileName);

  return $sNewFileName;
}

function SendUploadResults($errorNumber, $fileUrl = '', $fileName = '', $customMsg = '')
{
  // Minified version of the document.domain automatic fix script (#1919).
  // The original script can be found at _dev/domain_fix_template.js
  echo <<<EOF
<script type="text/javascript">
(function(){var d=document.domain;while (true){try{var A=window.parent.document.domain;break;}catch(e) {};d=d.replace(/.*?(?:\.|$)/,'');if (d.length==0) break;try{document.domain=d;}catch (e){break;}}})();
EOF;

  if ($errorNumber && $errorNumber != 201) {
    $fileUrl = "";
    $fileName = "";
  }

  $rpl = array('\\' => '\\\\', '"' => '\\"');
  echo 'window.parent.OnUploadCompleted('.$errorNumber.',"'.strtr($fileUrl, $rpl).'","'.strtr($fileName, $rpl).'", "'.strtr($customMsg, $rpl).'");';
  echo '</script>';
  exit;
}


// @CHANGE

// This is the function that sends the results of the uploading process to CKE.
function SendCKEditorResults($callback, $sFileUrl, $customMsg = '')
{
  echo '<script type="text/javascript">';

  $rpl = array('\\' => '\\\\', '"' => '\\"');

  echo 'window.parent.CKEDITOR.tools.callFunction("'.$callback.'","'.strtr($sFileUrl, $rpl).'", "'.strtr($customMsg, $rpl).'");';

  echo '</script>';
}