tiki-upload_file.php 7.42 KB
Newer Older
lrargerich's avatar
lrargerich committed
1
<?php
changi67's avatar
changi67 committed
2 3 4
/**
 * @package tikiwiki
 */
5
// (c) Copyright 2002-2015 by authors of the Tiki Wiki CMS Groupware Project
6
//
changi67's avatar
changi67 committed
7 8
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
changi67's avatar
changi67 committed
9 10
// $Id$

11
$section = 'file_galleries';
12 13 14 15 16 17 18 19
$isUpload = false;

if ( isset($_GET['upload']) or isset($_REQUEST['upload']) ) {
	$isUpload = true;
	unset($_GET['upload']);
	unset($_REQUEST['upload']);
}

20
if ( isset($_POST['PHPSESSID']) && $_POST['PHPSESSID'] != '' ) {
21 22 23
	session_id($_POST['PHPSESSID']);
}

24
require_once ('tiki-setup.php');
25
if ($prefs['feature_categories'] == 'y') {
26
	$categlib = TikiLib::lib('categ');
27
}
28 29 30

$access->check_feature('feature_file_galleries');

31
$filegallib = TikiLib::lib('filegal');
32
if ($prefs['feature_groupalert'] == 'y') {
33
	$groupalertlib = TikiLib::lib('groupalert');
34
}
35
@ini_set('max_execution_time', 0); //will not work in safe_mode is on
36
$auto_query_args = array('galleryId', 'fileId', 'filegals_manager', 'view', 'simpleMode', 'insertion_syntax');
37

sylvieg's avatar
sylvieg committed
38
if ( $prefs['auth_token_access'] == 'y' && !empty($token) ) {
39 40
	$smarty->assign('token_id', $token);
}
41

42
$requestGalleryId = null;
43
if ( isset( $_REQUEST['galleryId'] ) && ! is_array($_REQUEST['galleryId']) ) {
44 45
	$requestGalleryId = $_REQUEST['galleryId'];
	$_REQUEST['galleryId'] = array( $requestGalleryId );
46 47 48 49 50 51 52
}

$fileInfo = null;
$fileId = null;
if ( ! empty( $_REQUEST['fileId'] ) ) {
	$fileId = $_REQUEST['fileId'];

53
	if ( ! ( $fileInfo = $filegallib->get_file_info($fileId) ) ) {
54 55 56 57
		$smarty->assign('msg', tra("Incorrect param"));
		$smarty->display('error.tpl');
		die;
	}
58 59 60
	if (empty($_REQUEST['galleryId'][0])) {
		$_REQUEST['galleryId'][0] = $fileInfo['galleryId'];
	} elseif ($_REQUEST['galleryId'][0] != $fileInfo['galleryId']) {
61 62 63 64
		$smarty->assign('msg', tra("Could not find the file requested"));
		$smarty->display('error.tpl');
		die;
	}
65 66 67 68
	include_once ('lib/mime/mimetypes.php');
	global $mimetypes;
	asort($mimetypes);
	$smarty->assign_by_ref('mimetypes', $mimetypes);
changi67's avatar
changi67 committed
69
}
70

71
if (isset($_REQUEST['galleryId'][0])) {
72
	$gal_info = $filegallib->get_file_gallery((int)$_REQUEST['galleryId'][0]);
73 74 75 76 77
	if (empty($gal_info)) {
		$smarty->assign('msg', tra('Incorrect file gallery'));
		$smarty->display('error.tpl');
		die;
	}
78
	$tikilib->get_perm_object($_REQUEST['galleryId'][0], 'file gallery', $gal_info, true);
79
	$smarty->assign_by_ref('gal_info', $gal_info);
80
}
81

82
if ( empty( $fileId ) && $tiki_p_upload_files != 'y' && $tiki_p_admin_file_galleries != 'y') {
83 84 85 86 87 88
	$smarty->assign('errortype', 401);
	$smarty->assign('msg', tra("Permission denied"));
	$smarty->display('error.tpl');
	die;
}
if (isset($_REQUEST['galleryId'][1])) {
89
	foreach ($_REQUEST['galleryId'] as $i => $gal) {
changi67's avatar
changi67 committed
90
		if (!$i) continue;
91
		// TODO get the good gal_info
92
		$perms = $tikilib->get_perm_object($_REQUEST['galleryId'][$i], 'file gallery', $gal_info, false);
93
		$access->check_permission('tiki_p_upload_files');
94
	}
lrargerich's avatar
lrargerich committed
95
}
96
if ( ! empty( $fileId ) ) {
97 98 99 100 101
	if (!empty($fileInfo['lockedby']) && $fileInfo['lockedby'] != $user && $tiki_p_admin_file_galleries != 'y') { // if locked must be the locker
		$smarty->assign('msg', tra(sprintf('The file is locked by %s', $fileInfo['lockedby'])));
		$smarty->display('error.tpl');
		die;
	}
changi67's avatar
changi67 committed
102
	if (!((!empty($user) && ($user == $fileInfo['user'] || $user == $fileInfo['lockedby'])) || $tiki_p_edit_gallery_file == 'y')) { // must be the owner or the locker or have the perms
103
		$smarty->assign('errortype', 401);
104
		$smarty->assign('msg', tra("You do not have permission to edit this file"));
105 106 107
		$smarty->display('error.tpl');
		die;
	}
108
	if ($gal_info['backlinkPerms'] == 'y' && $filegallib->hasOnlyPrivateBacklinks($fileId) ) {
109
		$smarty->assign('errortype', 401);
110
		$smarty->assign('msg', tra("You do not have permission to edit this file"));
111 112
		$smarty->display('error.tpl');
		die;
113
	}
114
	if (isset($_REQUEST['lockedby']) && $fileInfo['lockedby'] != $_REQUEST['lockedby']) {
115 116
		if (empty($fileInfo['lockedby'])) {
			$smarty->assign('msg', tra(sprintf('The file has been unlocked meanwhile')));
117
		} else {
118 119
			$smarty->assign('msg', tra(sprintf('The file is locked by %s', $fileInfo['lockedby'])));
		}
120 121 122
		$smarty->display('error.tpl');
		die;
	}
123 124 125 126 127
	if ($gal_info['lockable'] == 'y' && empty($fileInfo['lockedby']) && $tiki_p_admin_file_galleries != 'y') {
		$smarty->assign('msg', tra('You must lock the file before editing it'));
		$smarty->display('error.tpl');
		die;
	}
128
}
129

130
$smarty->assign('show', 'n');
131
if (!empty($_REQUEST['galleryId'][0]) && $prefs['feature_groupalert'] == 'y') {
changi67's avatar
changi67 committed
132 133 134 135 136
	$groupforalert = $groupalertlib->GetGroup('file gallery', (int)$_REQUEST['galleryId'][0]);
	if ($groupforalert != '') {
		$showeachuser = $groupalertlib->GetShowEachUser('file gallery', (int)$_REQUEST['galleryId'][0], $groupforalert);
		$listusertoalert = $userlib->get_users(0, -1, 'login_asc', '', '', false, $groupforalert, '');
		$smarty->assign_by_ref('listusertoalert', $listusertoalert['data']);
137
	}
changi67's avatar
changi67 committed
138 139
	$smarty->assign_by_ref('groupforalert', $groupforalert);
	$smarty->assign_by_ref('showeachuser', $showeachuser);
140
}
141

142 143 144
if (empty($_REQUEST['returnUrl'])) {
	include ('lib/filegals/max_upload_size.php');
}
sylvieg's avatar
sylvieg committed
145

lrargerich's avatar
lrargerich committed
146
// Process an upload here
147
if ( $isUpload ) {
148
	check_ticket('upload-file');
149

150 151 152 153 154 155 156 157 158 159 160 161
	$optionalRequestParams = array(
		'fileId',
		'name',
		'user',
		'description',
		'author',
		'comment',
		'returnUrl',
		'isbatch',
		'deleteAfter',
		'deleteAfter_unit',
		'hit_limit',
162
		'listtoalert',
163 164
		'insertion_syntax',
		'filetype',
165 166 167 168 169 170 171 172 173 174
	);

	$uploadParams = array(
		'fileInfo' => $fileInfo,
		'galleryId' => $_REQUEST['galleryId'],
	);

	foreach ( $optionalRequestParams as $p ) {
		if ( isset( $_REQUEST[ $p ] ) ) {
			$uploadParams[ $p ] = $_REQUEST[ $p ];
175
		}
176
	}
177

178
	if ( $fileInfo = $filegallib->actionHandler('uploadFile', $uploadParams) ) {
179
		$fileId = $fileInfo['fileId'];
180
	}
181
}
182 183 184 185

$smarty->assign_by_ref('fileInfo', $fileInfo);
$smarty->assign('editFileId', (int) $fileId);

lrargerich's avatar
lrargerich committed
186
// Get the list of galleries to display the select box in the template
187
$smarty->assign('galleryId', empty( $_REQUEST['galleryId'][0] ) ? '' : $_REQUEST['galleryId'][0]);
188 189

if ( empty( $fileId ) ) {
190 191 192 193 194
	if ($gal_info['type'] == 'user') {
		$galleries = $filegallib->getSubGalleries($requestGalleryId, true, 'userfiles');
	} else {
		$galleries = $filegallib->getSubGalleries($requestGalleryId, true, 'upload_files');
	}
195
	$smarty->assign_by_ref('galleries', $galleries["data"]);
196
	$smarty->assign('treeRootId', $galleries['parentId']);
197

198
}
199 200

if ( $prefs['fgal_limit_hits_per_file'] == 'y' ) {
201
	$smarty->assign('hit_limit', $filegallib->get_download_limit($fileId));
202
}
203

204
if (!empty($fileInfo['fileId'])) {
205
	$smarty->assign('metarray', $filegallib->metadataAction($fileInfo['fileId']), 'get_array');
206 207
}

208 209
$is_iis = TikiInit::isIIS();
$smarty->assign('is_iis', $is_iis);
210

211
$cat_type = 'file';
212
$cat_objid = (int) $fileId;
changi67's avatar
changi67 committed
213
include_once ('categorize_list.php');
214

215
include_once ('tiki-section_options.php');
216

217
ask_ticket('upload-file');
218

219 220
// disallow robots to index page:
$smarty->assign('metatag_robots', 'NOINDEX, NOFOLLOW');
221

lrargerich's avatar
lrargerich committed
222
// Display the template
223
if ( $prefs['javascript_enabled'] != 'y' or ! $isUpload ) {
224 225 226
	if ($prefs['file_galleries_use_jquery_upload'] !== 'y') {
		$headerlib->add_jsfile('vendor/jquery/plugins/form/jquery.form.js');
	}
changi67's avatar
changi67 committed
227
	$smarty->assign('mid', 'tiki-upload_file.tpl');
228
	if ( ! empty( $_REQUEST['filegals_manager'] ) ) {
229
		$smarty->assign('filegals_manager', $_REQUEST['filegals_manager']);
230
		$smarty->assign('insertion_syntax', isset($_REQUEST['insertion_syntax']) ? $_REQUEST['insertion_syntax'] : '');
231
		$smarty->display("tiki_full.tpl");
changi67's avatar
changi67 committed
232
	} else {
233 234
		$smarty->display("tiki.tpl");
	}
235
}
236