Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Open sidebar
project
drupal
Commits
6e86d70c
Commit
6e86d70c
authored
Oct 07, 2003
by
Kjartan
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
- Fixing bug
#3499
: File upload tool does not display in 'create image' form
parent
2343a208
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
4 additions
and
126 deletions
+4
-126
includes/common.inc
includes/common.inc
+4
-126
No files found.
includes/common.inc
View file @
6e86d70c
...
...
@@ -509,69 +509,6 @@ function referer_load() {
}
}
/*
** Save a common file
*/
function
drupal_file_save
(
$file
)
{
global
$user
;
// TODO: extend to support filesystem storage
if
(
variable_get
(
"file_save"
,
"database"
))
{
if
(
$file
->
fid
)
{
if
(
$file
->
tmp_name
)
{
$data
=
fread
(
fopen
(
$file
->
tmp_name
,
"rb"
),
$file
->
size
);
db_query
(
"UPDATE
{
file
}
SET uid = %d, filename = '%s', type = '%s', size = %d, counter = %d, data = '%s', temporary = %d WHERE fid = %d"
,
$file
->
uid
,
$file
->
filename
,
$file
->
type
,
$file
->
size
,
$file
->
counter
,
base64_encode
(
$data
),
$file
->
temporary
,
$file
->
fid
);
}
else
{
db_query
(
"UPDATE
{
file
}
SET uid = %d, filename = '%s', type = '%s', size = %d, counter = %d, temporary = %d WHERE fid = %d"
,
$file
->
uid
,
$file
->
filename
,
$file
->
type
,
$file
->
size
,
$file
->
counter
,
$file
->
temporary
,
$file
->
fid
);
}
}
else
{
if
(
$file
->
tmp_name
)
{
$file
->
fid
=
db_next_id
(
"file_fid"
);
$data
=
fread
(
fopen
(
$file
->
tmp_name
,
"rb"
),
$file
->
size
);
db_query
(
"INSERT INTO
{
file
}
SET fid = %d, uid = %d, created = %d, filename = '%s', type = '%s', size = %d, counter = 0, data = '%s', temporary = %d"
,
$file
->
fid
,
$user
->
uid
,
time
(),
$file
->
filename
,
$file
->
type
,
$file
->
size
,
base64_encode
(
$data
),
$file
->
temporary
);
}
else
{
return
0
;
}
}
}
return
$file
->
fid
;
}
/*
** Load a common file
*/
function
drupal_file_load
(
$fid
,
$data
=
0
)
{
// TODO: extend to support filesystem storage
if
(
variable_get
(
"file_save"
,
"database"
))
{
if
(
$data
)
{
$file
=
db_fetch_object
(
db_query
(
"SELECT * FROM
{
file
}
WHERE fid = %d"
,
$fid
));
}
else
{
$file
=
db_fetch_object
(
db_query
(
"SELECT fid, uid, filename, created, type, size, counter, temporary FROM
{
file
}
WHERE fid = %d"
,
$fid
));
}
if
(
$file
->
data
)
{
$file
->
data
=
base64_decode
(
$file
->
data
);
}
return
$file
;
}
}
/*
** Generate the HTTP headers and dump the data
*/
function
drupal_file_send
(
$fid
)
{
if
((
$file
=
drupal_file_load
(
$fid
,
1
)))
{
header
(
"Content-type:
$file->type
"
);
header
(
"Content-length:
$file->size
"
);
header
(
"Content-Disposition: inline; filename=
$file->filename
"
);
print
$file
->
data
;
}
}
function
valid_input_data
(
$data
)
{
if
(
is_array
(
$data
)
||
is_object
(
$data
))
{
...
...
@@ -739,65 +676,9 @@ function check_output($text) {
return
$text
;
}
/**
* Checks if a file is valid and correct.
*
* @param $name the name of the form_file item
* @param $type restrict to mime types
* @param $size restrict file size
* @param $paranoid flag to make sure file belongs to the current user
*
* @returns mixed file object, or error object, or false if there is no file
*/
function
check_file
(
$name
,
$type
=
"/.+/"
,
$size
=
0
)
{
// Make sure we don't have a file stored temporarily
if
(
$_POST
[
"edit"
][
"__file"
][
$name
])
{
$file
=
drupal_file_load
(
$_POST
[
"edit"
][
"__file"
][
$name
]);
if
(
!
$file
->
temporary
)
{
unset
(
$file
);
}
}
// make sure $name exists in $_FILES
if
(
$_FILES
[
"edit"
][
"name"
][
$name
])
{
// populate $file object to make further testing simpler
$file
->
filename
=
$_FILES
[
"edit"
][
"name"
][
$name
];
$file
->
type
=
$_FILES
[
"edit"
][
"type"
][
$name
];
$file
->
tmp_name
=
$_FILES
[
"edit"
][
"tmp_name"
][
$name
];
$file
->
error
=
$_FILES
[
"edit"
][
"error"
][
$name
];
$file
->
size
=
$_FILES
[
"edit"
][
"size"
][
$name
];
if
(
!
valid_input_data
(
$file
))
{
$return
->
error
=
t
(
"possible exploit abuse"
);
}
// make sure the file is a valid upload
if
(
!
is_uploaded_file
(
$file
->
tmp_name
)
||
$file
->
error
==
UPLOAD_ERR_PARTIAL
||
$file
->
error
==
UPLOAD_ERR_NO_FILE
)
{
$return
->
error
=
t
(
"invalid file upload"
);
}
// validate the file type uploaded
if
(
!
preg_match
(
$type
,
$file
->
filename
))
{
$return
->
error
=
t
(
"invalid file type"
);
}
// check the file size to make sure the file isn't too big
if
((
$size
&&
$file
->
size
>
$size
)
||
$file
->
error
==
UPLOAD_ERR_INI_SIZE
||
$file
->
error
==
UPLOAD_ERR_FORM_SIZE
)
{
$return
->
error
=
t
(
"file size too big"
);
}
if
(
!
$return
->
error
)
{
$file
->
temporary
=
1
;
$file
->
fid
=
drupal_file_save
(
$file
);
}
}
if
(
$return
->
error
)
{
return
$return
;
}
return
$file
?
$file
:
false
;
function
check_file
(
$filename
)
{
return
is_uploaded_file
(
$filename
);
}
function
format_rss_channel
(
$title
,
$link
,
$description
,
$items
,
$language
=
"en"
,
$args
=
array
())
{
...
...
@@ -1051,11 +932,8 @@ function form_radios($title, $name, $value, $options, $description = 0) {
}
}
function
form_file
(
$title
,
$name
,
$size
,
$description
=
0
,
$fid
=
0
)
{
if
(
$fid
)
{
// Include file upload in case of preview
$extra
=
form_hidden
(
"__file][
$name
"
,
$fid
);
}
return
$extra
.
form_item
(
$title
,
"<input type=
\"
file
\"
class=
\"
form-file
\"
name=
\"
edit[
$name
]
\"
size=
\"
$size
\"
/>
\n
"
,
$description
);
function
form_file
(
$title
,
$name
,
$size
,
$description
=
0
)
{
return
form_item
(
$title
,
"<input type=
\"
file
\"
class=
\"
form-file
\"
name=
\"
edit[
$name
]
\"
size=
\"
$size
\"
/>
\n
"
,
$description
);
}
function
form_hidden
(
$name
,
$value
)
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment