file.inc 16.1 KB
Newer Older
Dries's avatar
 
Dries committed
1
<?php
Kjartan's avatar
Kjartan committed
2 3
/* $Id$ */

Dries's avatar
 
Dries committed
4 5 6 7 8
/**
 * @file
 * API for handling file uploads and server file management.
 */

Kjartan's avatar
Kjartan committed
9
/**
Kjartan's avatar
Kjartan committed
10
 * @defgroup file File interface
Kjartan's avatar
Kjartan committed
11
 * @{
Dries's avatar
 
Dries committed
12
 * Common file handling functions.
Dries's avatar
 
Dries committed
13 14
 */

Dries's avatar
 
Dries committed
15
define('IS_WINDOWS', substr(PHP_OS, 0, 3) == 'WIN');
Dries's avatar
 
Dries committed
16 17
define('FILE_DOWNLOADS_PUBLIC', 1);
define('FILE_DOWNLOADS_PRIVATE', 2);
Dries's avatar
 
Dries committed
18 19
define('FILE_CREATE_DIRECTORY', 1);
define('FILE_MODIFY_PERMISSIONS', 2);
Dries's avatar
 
Dries committed
20
define('FILE_DIRECTORY_TEMP', IS_WINDOWS ? 'c:\\windows\\temp' : '/tmp');
Dries's avatar
 
Dries committed
21 22 23
define('FILE_EXISTS_RENAME', 0);
define('FILE_EXISTS_REPLACE', 1);
define('FILE_EXISTS_ERROR', 2);
Dries's avatar
 
Dries committed
24 25 26

/**
 * Create the download path to a file.
Dries's avatar
 
Dries committed
27 28 29
 *
 * @param $path Path to the file to generate URL for
 * @return URL pointing to the file
Dries's avatar
 
Dries committed
30 31
 */
function file_create_url($path) {
Kjartan's avatar
Kjartan committed
32 33 34
  if (strpos($path, variable_get('file_directory_path', 'files')) !== false) {
    $path = trim(substr($path, strlen(variable_get('file_directory_path', 'files'))), '\\/');
  }
35
  switch (variable_get('file_downloads', FILE_DOWNLOADS_PUBLIC)) {
Dries's avatar
 
Dries committed
36
    case FILE_DOWNLOADS_PUBLIC:
Dries's avatar
 
Dries committed
37
      return $GLOBALS['base_url'] .'/'. variable_get('file_directory_path', 'files') .'/'. str_replace('\\', '/', $path);
Dries's avatar
 
Dries committed
38 39 40 41 42 43
    case FILE_DOWNLOADS_PRIVATE:
      return url('system/files', 'file='. $path);
  }
}

/**
Dries's avatar
 
Dries committed
44 45
 * Make sure the destination is a complete path and resides in the
 * file system directory, if it is not prepend the
Dries's avatar
 
Dries committed
46
 * file system directory.
Dries's avatar
 
Dries committed
47
 *
48
 * @param $dest Path to verify
Dries's avatar
 
Dries committed
49
 * @return Path to file with file system directory appended if necessary.
Dries's avatar
 
Dries committed
50 51 52 53 54 55
 */
function file_create_path($dest = 0) {
  if (!$dest) {
    return variable_get('file_directory_path', 'files');
  }

Dries's avatar
 
Dries committed
56
  $regex = (IS_WINDOWS ? '.?:\\\\' : '/');
Dries's avatar
 
Dries committed
57
  if (!file_check_location($dest, variable_get('file_directory_path', 'files')) && !preg_match("|^$regex|", $dest)) {
Steven Wittens's avatar
Steven Wittens committed
58
    return variable_get('file_directory_path', 'files') .'/'. trim($dest, '\\/');
Dries's avatar
 
Dries committed
59 60 61 62 63 64 65 66 67 68
  }
  else {
    return $dest;
  }
}

/**
 * Check that directory exists and is writable.
 *
 * @param $directory Path to extract and verify directory for.
Dries's avatar
 
Dries committed
69 70
 * @param $mode Try to create the directory if it does not exist.
 * @param $form_item Optional name for a field item to attach potential errors to.
Dries's avatar
 
Dries committed
71 72
 * @return False when directory not found, or true when directory exists.
 */
Dries's avatar
 
Dries committed
73
function file_check_directory(&$directory, $mode = 0, $form_item = NULL) {
Dries's avatar
 
Dries committed
74
  $directory = rtrim($directory, '/\\');
Dries's avatar
 
Dries committed
75 76 77

  // Check if directory exists.
  if (!is_dir($directory)) {
Steven Wittens's avatar
Steven Wittens committed
78
    if (($mode & FILE_CREATE_DIRECTORY) && @mkdir($directory, 0760)) {
Dries's avatar
 
Dries committed
79
      drupal_set_message(t('Created directory %directory.', array('%directory' => "<em>$directory</em>")));
Dries's avatar
 
Dries committed
80 81 82
    }
    else {
      if ($form_item) {
Dries's avatar
 
Dries committed
83
        form_set_error($form_item, t('The directory %directory does not exist.', array('%directory' => "<em>$directory</em>")));
Dries's avatar
 
Dries committed
84 85 86 87 88 89 90
      }
      return false;
    }
  }

  // Check to see if the directory is writable.
  if (!is_writable($directory)) {
Steven Wittens's avatar
Steven Wittens committed
91
    if (($mode & FILE_MODIFY_PERMISSIONS) && @chmod($directory, 0760)) {
Dries's avatar
 
Dries committed
92
      drupal_set_message(t('Modified permissions on directory %directory.', array('%directory' => "<em>$directory</em>")));
Dries's avatar
 
Dries committed
93 94
    }
    else {
Dries's avatar
 
Dries committed
95
      form_set_error($form_item, t('The directory %directory is not writable.', array('%directory' => "<em>$directory</em>")));
Dries's avatar
 
Dries committed
96 97 98 99 100
      return false;
    }
  }

  return true;
Dries's avatar
 
Dries committed
101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129
}

/**
 * Checks path to see if it is a directory, or a dir/file.
 *
 * @param $path
 */
function file_check_path(&$path) {
  // Check if path is a directory.
  if (file_check_directory($path)) {
    return '';
  }

  // Check if path is a possible dir/file.
  $filename = basename($path);
  $path = dirname($path);
  if (file_check_directory($path)) {
    return $filename;
  }

  return false;
}

/**
 * Check if $source is a valid file upload.
 *
 * @param $source
 */
function file_check_upload($source) {
130
  if (is_object($source)) {
Dries's avatar
 
Dries committed
131
    if (is_file($source->filepath)) {
132 133 134 135
      return $source;
    }
  }
  elseif ($_FILES["edit"]["name"][$source] && is_uploaded_file($_FILES["edit"]["tmp_name"][$source])) {
136
    $file = new stdClass();
Dries's avatar
 
Dries committed
137 138 139
    $file->filename = trim(basename($_FILES["edit"]["name"][$source]), '.');
    $file->filemime = $_FILES["edit"]["type"][$source];
    $file->filepath = $_FILES["edit"]["tmp_name"][$source];
Dries's avatar
 
Dries committed
140
    $file->error = $_FILES["edit"]["error"][$source];
Dries's avatar
 
Dries committed
141 142
    $file->filesize = $_FILES["edit"]["size"][$source];
    $file->source = $source;
Dries's avatar
 
Dries committed
143 144
    return $file;
  }
Dries's avatar
 
Dries committed
145 146 147 148 149 150
  else {
    // In case of previews return previous file object.
    if (file_exists($_SESSION['file_uploads'][$source]->filepath)) {
      return $_SESSION['file_uploads'][$source];
    }
  }
Dries's avatar
 
Dries committed
151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168
}

/**
 * Check if a file is really located inside $directory. Should be used to make
 * sure a file specified is really located within the directory to prevent
 * exploits.
 *
 * @code
 *   // Returns false:
 *   file_check_location('/www/example.com/files/../../../etc/passwd', '/www/example.com/files');
 * @endcode
 *
 * @param $source A string set to the file to check.
 * @param $directory A string where the file should be located.
 * @return 0 for invalid path or the real path of the source.
 */
function file_check_location($source, $directory = 0) {
  $source = realpath($source);
169
  $directory = realpath($directory);
Dries's avatar
 
Dries committed
170 171 172 173 174 175 176
  if ($directory && strpos($source, $directory) !== 0) {
    return 0;
  }
  return $source;
}

/**
Dries's avatar
 
Dries committed
177
 * Copies a file to a new location. This is a powerful function that in many ways
Dries's avatar
 
Dries committed
178 179 180
 * performs like an advanced version of copy().
 * - Checks if $source and $dest are valid and readable/writable.
 * - Performs a file copy if $source is not equal to $dest.
Dries's avatar
 
Dries committed
181 182
 * - If file already exists in $dest either the call will error out, replace the
 *   file or rename the file based on the $replace parameter.
Dries's avatar
 
Dries committed
183 184 185 186 187
 *
 * @param $source A string specifying the file location of the original file.
 *   This parameter will contain the resulting destination filename in case of
 *   success.
 * @param $dest A string containing the directory $source should be copied to.
Dries's avatar
 
Dries committed
188 189 190 191
 * @param $replace Replace behavior when the destination file already exists.
 *   - FILE_EXISTS_REPLACE - Replace the existing file
 *   - FILE_EXISTS_RENAME - Append _{incrementing number} until the filename is unique
 *   - FILE_EXISTS_ERROR - Do nothing and return false.
Dries's avatar
 
Dries committed
192 193
 * @return True for success, false for failure.
 */
Dries's avatar
 
Dries committed
194
function file_copy(&$source, $dest = 0, $replace = FILE_EXISTS_RENAME) {
Dries's avatar
 
Dries committed
195 196 197 198 199 200 201
  $dest = file_create_path($dest);

  $directory = $dest;
  $basename = file_check_path($directory);

  // Make sure we at least have a valid directory.
  if ($basename === false) {
Dries's avatar
 
Dries committed
202
    drupal_set_message(t('File copy failed: no directory configured, or it could not be accessed.'), 'error');
Dries's avatar
 
Dries committed
203 204 205 206 207 208
    return 0;
  }

  // Process a file upload object.
  if (is_object($source)) {
    $file = $source;
Dries's avatar
 
Dries committed
209
    $source = $file->filepath;
Dries's avatar
 
Dries committed
210
    if (!$basename) {
Dries's avatar
 
Dries committed
211
      $basename = $file->filename;
Dries's avatar
 
Dries committed
212 213 214 215 216
    }
  }

  $source = realpath($source);
  if (!file_exists($source)) {
Dries's avatar
 
Dries committed
217
    drupal_set_message(t('File copy failed: source file does not exist.'), 'error');
Dries's avatar
 
Dries committed
218 219 220 221 222
    return 0;
  }

  // If destination file is not specified then use filename of source file.
  $basename = $basename ? $basename : basename($source);
Steven Wittens's avatar
Steven Wittens committed
223
  $dest = $directory .'/'. $basename;
Dries's avatar
 
Dries committed
224

Dries's avatar
 
Dries committed
225 226 227 228
  // Make sure source and destination filenames are not the same, makes no sense
  // to copy it if they are. In fact copying the file will most likely result in
  // a 0 byte file. Which is bad. Real bad.
  if ($source != realpath($dest)) {
Dries's avatar
 
Dries committed
229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250
    if (file_exists($dest)) {
      switch ($replace) {
        case FILE_EXISTS_RENAME:
          // Destination file already exists and we can't replace is so we try and
          // and find a new filename.
          if ($pos = strrpos($basename, '.')) {
            $name = substr($basename, 0, $pos);
            $ext = substr($basename, $pos);
          }
          else {
            $name = $basename;
          }

          $counter = 0;
          do {
            $dest = $directory .'/'. $name .'_'. $counter++ . $ext;
          } while (file_exists($dest));
          break;

        case FILE_EXISTS_ERROR:
          drupal_set_message(t('File copy failed. File already exists.'), 'error');
          return 0;
Kjartan's avatar
Kjartan committed
251

Dries's avatar
 
Dries committed
252 253 254
        case FILE_EXISTS_REPLACE:
          // Leave $dest where it is for replace.
      }
Dries's avatar
 
Dries committed
255
    }
Dries's avatar
 
Dries committed
256

257
    if (!@copy($source, $dest)) {
Dries's avatar
 
Dries committed
258 259 260
      drupal_set_message(t('File copy failed.'), 'error');
      return 0;
    }
Dries's avatar
 
Dries committed
261 262 263
  }

  if (is_object($file)) {
Dries's avatar
 
Dries committed
264 265
    $file->filename = $basename;
    $file->filepath = $dest;
Dries's avatar
 
Dries committed
266 267 268 269 270
    $source = $file;
  }
  else {
    $source = $dest;
  }
Dries's avatar
 
Dries committed
271

Dries's avatar
 
Dries committed
272 273 274
  return 1; // Everything went ok.
}

Dries's avatar
 
Dries committed
275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292
/**
 * Moves a file to a new location.
 * - Checks if $source and $dest are valid and readable/writable.
 * - Performs a file move if $source is not equal to $dest.
 * - If file already exists in $dest either the call will error out, replace the
 *   file or rename the file based on the $replace parameter.
 *
 * @param $source A string specifying the file location of the original file.
 *   This parameter will contain the resulting destination filename in case of
 *   success.
 * @param $dest A string containing the directory $source should be copied to.
 * @param $replace Replace behavior when the destination file already exists.
 *   - FILE_EXISTS_REPLACE - Replace the existing file
 *   - FILE_EXISTS_RENAME - Append _{incrementing number} until the filename is unique
 *   - FILE_EXISTS_ERROR - Do nothing and return false.
 * @return True for success, false for failure.
 */
function file_move(&$source, $dest = 0, $replace = FILE_EXISTS_RENAME) {
Dries's avatar
 
Dries committed
293 294 295

  $path_original = is_object($source) ? $source->filepath : $source;

Dries's avatar
 
Dries committed
296
  if (file_copy($source, $dest, $replace)) {
Dries's avatar
 
Dries committed
297 298 299
    $path_current = is_object($source) ? $source->filepath : $source;

    if ($path_original == $path_current || file_delete($path_original)) {
Dries's avatar
 
Dries committed
300 301
      return 1;
    }
Dries's avatar
 
Dries committed
302
    drupal_set_message(t('Removing original file failed.'), 'error');
Dries's avatar
 
Dries committed
303 304 305 306
  }
  return 0;
}

Dries's avatar
 
Dries committed
307
function file_create_filename($basename, $directory) {
Steven Wittens's avatar
Steven Wittens committed
308
  $dest = $directory .'/'. $basename;
Dries's avatar
 
Dries committed
309 310 311 312 313 314 315 316 317 318 319 320 321

  if (file_exists($dest)) {
    // Destination file already exists, generate an alternative.
    if ($pos = strrpos($basename, '.')) {
      $name = substr($basename, 0, $pos);
      $ext = substr($basename, $pos);
    }
    else {
      $name = $basename;
    }

    $counter = 0;
    do {
Steven Wittens's avatar
Steven Wittens committed
322
      $dest = $directory .'/'. $name .'_'. $counter++ . $ext;
Dries's avatar
 
Dries committed
323 324 325 326 327 328
    } while (file_exists($dest));
  }

  return $dest;
}

329 330
function file_delete($path) {
  if (is_file($path)) {
Dries's avatar
 
Dries committed
331
    return unlink($path);
332
  }
Dries's avatar
 
Dries committed
333 334 335 336 337 338 339 340 341 342 343
}

/**
 * Saves a file upload to a new location. The source file is validated as a
 * proper upload and handled as such.
 *
 * @param $source A string specifying the name of the upload field to save.
 *   This parameter will contain the resulting destination filename in case of
 *   success.
 * @param $dest A string containing the directory $source should be copied to,
 *   will use the temporary directory in case no other value is set.
Kjartan's avatar
Kjartan committed
344
 * @param $replace A boolean, set to true if the destination should be replaced
Dries's avatar
 
Dries committed
345 346 347
 *   when in use, but when false append a _X to the filename.
 * @return An object containing file info or 0 in case of error.
 */
Dries's avatar
 
Dries committed
348
function file_save_upload($source, $dest = 0, $replace = FILE_EXISTS_RENAME) {
Dries's avatar
 
Dries committed
349 350
  // Make sure $source exists in $_FILES.
  if ($file = file_check_upload($source)) {
351
    if (!$dest) {
Steven Wittens's avatar
Steven Wittens committed
352
      $dest = variable_get('file_directory_temp', FILE_DIRECTORY_TEMP);
Dries's avatar
 
Dries committed
353
      $temporary = 1;
Dries's avatar
 
Dries committed
354
      if (is_file($file->filepath)) {
Dries's avatar
 
Dries committed
355 356 357 358 359
        // If this file was uploaded by this user before replace the temporary copy.
        $replace = 1;
      }
    }

360
    if (!user_access('bypass input data check') && !valid_input_data($file)) {
Dries's avatar
 
Dries committed
361
      watchdog('error', t('Possible exploit abuse: invalid data.'));
Dries's avatar
 
Dries committed
362
      drupal_set_message(t('File upload failed: invalid data.'), 'error');
Dries's avatar
 
Dries committed
363 364 365 366 367
      return 0;
    }

    // Check for file upload errors.
    switch ($file->error) {
Kjartan's avatar
Kjartan committed
368 369 370 371
      case 0: // UPLOAD_ERR_OK
        break;
      case 1: // UPLOAD_ERR_INI_SIZE
      case 2: // UPLOAD_ERR_FORM_SIZE
Dries's avatar
 
Dries committed
372
        drupal_set_message(t('File upload failed: file size too big.'), 'error');
Kjartan's avatar
Kjartan committed
373 374 375
        return 0;
      case 3: // UPLOAD_ERR_PARTIAL
      case 4: // UPLOAD_ERR_NO_FILE
Dries's avatar
 
Dries committed
376
        drupal_set_message(t('File upload failed: incomplete upload.'), 'error');
Dries's avatar
 
Dries committed
377
        return 0;
Kjartan's avatar
Kjartan committed
378
      default: // Unknown error
Dries's avatar
 
Dries committed
379
        drupal_set_message(t('File upload failed: unknown error.'), 'error');
Dries's avatar
 
Dries committed
380 381 382
        return 0;
    }

383
    unset($_SESSION['file_uploads'][is_object($source) ? $source->source : $source]);
Dries's avatar
 
Dries committed
384 385
    if (file_move($file, $dest, $replace)) {
      if ($temporary) {
Dries's avatar
 
Dries committed
386
        $_SESSION['file_uploads'][is_object($source) ? $source->source : $source] = $file;
Dries's avatar
 
Dries committed
387 388 389 390 391 392 393 394
      }
      return $file;
    }
    return 0;
  }
  return 0;
}

395 396 397 398 399 400 401 402
/**
 * Save a string to the specified destination
 *
 * @param $data A string containing the contents of the file
 * @param $dest A string containing the destination location
 *
 * @return A string containing the resulting filename or 0 on error
 */
403
function file_save_data($data, $dest, $replace = FILE_EXISTS_RENAME) {
404
  if (!user_access('bypass input data check') && !valid_input_data($data)) {
405
    watchdog('error', t('Possible exploit abuse: invalid data.'));
Dries's avatar
 
Dries committed
406
    drupal_set_message(t('File upload failed: invalid data.'), 'error');
407 408 409
    return 0;
  }

Steven Wittens's avatar
Steven Wittens committed
410
  $temp = variable_get('file_directory_temp', FILE_DIRECTORY_TEMP);
411
  $file = tempnam($temp, 'file');
Dries's avatar
 
Dries committed
412
  if (!$fp = fopen($file, 'wb')) {
Dries's avatar
 
Dries committed
413
    drupal_set_message(t('Unable to create file.'), 'error');
414 415 416 417 418
    return 0;
  }
  fwrite($fp, $data);
  fclose($fp);

419
  if (!file_move($file, $dest, $replace)) {
420 421 422 423 424 425
    return 0;
  }

  return $file;
}

Dries's avatar
 
Dries committed
426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444
/**
 * Transfer file using http to client. Pipes a file through Drupal to the
 * client.
 *
 * @param $source File to transfer.
 * @param $headers An array of http headers to send along with file.
 */
function file_transfer($source, $headers) {
  ob_end_clean();

  foreach ($headers as $header) {
    header($header);
  }

  $source = file_create_path($source);

  // Transfer file in 1024 byte chunks to save memory usage.
  $fd = fopen($source, 'rb');
  while (!feof($fd)) {
Dries's avatar
 
Dries committed
445
    print fread($fd, 1024);
Dries's avatar
 
Dries committed
446 447 448 449 450 451 452 453 454 455 456 457 458 459 460
  }
  fclose($fd);
  exit();
}

/**
 * Call modules to find out if a file is accessible for a given user.
 */
function file_download() {
  $file = $_GET['file'];
  if (file_exists(file_create_path($file))) {
    $list = module_list();
    foreach ($list as $module) {
      $headers = module_invoke($module, 'file_download', $file);
      if ($headers === -1) {
Dries's avatar
 
Dries committed
461
        drupal_access_denied();
Dries's avatar
 
Dries committed
462 463 464 465 466 467
      }
      elseif (is_array($headers)) {
        file_transfer($file, $headers);
      }
    }
  }
Kjartan's avatar
Kjartan committed
468
  drupal_not_found();
Dries's avatar
 
Dries committed
469 470 471
}

/**
Dries's avatar
Dries committed
472 473
 * Finds all files that match a given mask in a given
 * directory.
Dries's avatar
 
Dries committed
474
 *
Dries's avatar
Dries committed
475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495
 * @param $dir
 *   The base directory for the scan.
 * @param $mask
 *   The regular expression of the files to find.
 * @param $nomask
 *   An array of files/directories to ignore.
 * @param $callback
 *   The callback function to call for each match.
 * @param $recurse
 *   When TRUE, the directory scan will recurse the entire tree
 *   starting at the provided directory.
 * @param $key
 *   The key to be used for the returned array of files.  Possible
 *   values are "filename", for the path starting with $dir,
 *   "basename", for the basename of the file, and "name" for the name
 *   of the file without an extension.
 *
 * @return
 *   An associative array (keyed on the provided key) of objects with
 *   "path", "basename", and "name" members corresponding to the
 *   matching files.
Dries's avatar
 
Dries committed
496
 */
Dries's avatar
Dries committed
497 498
function file_scan_directory($dir, $mask, $nomask = array('.', '..', 'CVS'), $callback = 0, $recurse = TRUE, $key = 'filename') {
  $key = (in_array($key, array('filename', 'basename', 'name')) ? $key : 'filename');
Dries's avatar
 
Dries committed
499
  $files = array();
Dries's avatar
Dries committed
500

Dries's avatar
 
Dries committed
501 502 503
  if (is_dir($dir) && $handle = opendir($dir)) {
    while ($file = readdir($handle)) {
      if (!in_array($file, $nomask)) {
Dries's avatar
 
Dries committed
504
        if (is_dir("$dir/$file") && $recurse) {
Dries's avatar
Dries committed
505
          $files = array_merge($files, file_scan_directory("$dir/$file", $mask, $nomask, $callback, $recurse, $key));
Dries's avatar
 
Dries committed
506 507
        }
        elseif (ereg($mask, $file)) {
Dries's avatar
Dries committed
508 509 510 511 512 513 514
          $filename = "$dir/$file";
          $basename = basename($file);
          $name = substr($basename, 0, strrpos($basename, '.'));
          $files[$$key] = new stdClass();
          $files[$$key]->filename = $filename;
          $files[$$key]->basename = $basename;
          $files[$$key]->name = $name;
Dries's avatar
 
Dries committed
515
          if ($callback) {
Dries's avatar
Dries committed
516
            $callback($filename);
Dries's avatar
 
Dries committed
517 518 519 520
          }
        }
      }
    }
Dries's avatar
Dries committed
521

Dries's avatar
 
Dries committed
522 523
    closedir($handle);
  }
Dries's avatar
Dries committed
524

Dries's avatar
 
Dries committed
525 526 527 528
  return $files;
}

?>