tiki-edit_draw.php 9.64 KB
Newer Older
1
<?php
changi67's avatar
changi67 committed
2 3 4
/**
 * @package tikiwiki
 */
5
// (c) Copyright 2002-2016 by authors of the Tiki Wiki CMS Groupware Project
6
//
7 8 9
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id$
10 11 12 13 14 15 16

$inputConfiguration = array(
	array( 'staticKeyFilters' => array(
		'data' => 'none',
	))
);

17 18
$section = "draw";
require_once ('tiki-setup.php');
19 20
global $drawFullscreen, $prefs;
$headerlib = TikiLib::lib('header');
21

22
$filegallib = TikiLib::lib('filegal');
23 24

$access->check_feature('feature_draw');
25
$access->check_feature('feature_file_galleries');
26 27 28

include_once ("categorize_list.php");
include_once ('tiki-section_options.php');
29
include_once ('lib/mime/mimetypes.php');
30
global $mimetypes;
31

32 33
ask_ticket('draw');

34 35 36 37
$_REQUEST['fileId'] = (int)$_REQUEST['fileId'];
$smarty->assign('fileId', $_REQUEST['fileId']);

if ($_REQUEST['fileId'] > 0) {
changi67's avatar
changi67 committed
38
	$fileInfo = $filegallib->get_file_info($_REQUEST['fileId']);
39 40 41
	if (empty($_REQUEST['galleryId'])) {
		$_REQUEST['galleryId'] = $fileInfo['galleryId'];
	}
42 43 44
} else {
	$fileInfo = array();
}
45

RobertPlummer's avatar
RobertPlummer committed
46
//This allows the document to be edited, but only the most recent of that group if it is an archive
47 48
if (!empty($fileInfo['archiveId']) && $fileInfo['archiveId'] > 0) {
	$_REQUEST['fileId'] = $fileInfo['archiveId'];
changi67's avatar
changi67 committed
49
	$fileInfo = $filegallib->get_file_info($_REQUEST['fileId']);
50
}
51

changi67's avatar
changi67 committed
52
$gal_info = $filegallib->get_file_gallery($_REQUEST['galleryId']);
53

54 55 56 57 58 59 60 61
if (
	!(
		($fileInfo['filetype'] == $mimetypes["svg"]) ||
		($fileInfo['filetype'] == $mimetypes["gif"]) ||
		($fileInfo['filetype'] == $mimetypes["jpg"]) ||
		($fileInfo['filetype'] == $mimetypes["png"]) ||
		($fileInfo['filetype'] == $mimetypes["tiff"])
	) && $_REQUEST['fileId'] > 0 ) {
sampaioprimo's avatar
sampaioprimo committed
62
	$smarty->assign('msg', tr("Wrong file type, expected %0", $mimetypes["svg"]));
63 64 65 66
	$smarty->display("error.tpl");
	die;
}

67
$perms = TikiLib::lib('tiki')->get_perm_object( $gal_info['galleryId'], 'file gallery', $gal_info );
68

69
//check permissions
70
if ($perms['tiki_p_upload_files'] !== 'y' ) {
71
	$smarty->assign('errortype', 401);
72
	$smarty->assign('msg', tra("You do not have permission to view/edit this file"));
73 74 75 76
	$smarty->display("error.tpl");
	die;
}

77 78 79
if (!empty($_REQUEST['name']) || !empty($fileInfo['name'])) {
	$_REQUEST['name'] = (!empty($_REQUEST['name']) ? $_REQUEST['name'] : $fileInfo['name']);
} else {
80
	$_REQUEST['name'] = (isset($_REQUEST['page']) ? $_REQUEST['page'] : tr("New Svg Image"));
81 82 83 84 85 86 87 88
}

$_REQUEST['name'] = htmlspecialchars(str_replace(".svg", "", $_REQUEST['name']));

//Upload to file gallery
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_REQUEST['data'])) {
	$_REQUEST["galleryId"] = (int)$_REQUEST["galleryId"];
	$_REQUEST["fileId"] = (int)$_REQUEST["fileId"];
89 90 91 92 93 94 95 96 97
	// Sanitize
	$dom = new DOMDocument();
	if (!$dom->loadXML($_REQUEST['data'], LIBXML_NOERROR | LIBXML_NOWARNING | LIBXML_NONET)) {
		// Not good error handling, but no error handling interface is available.
		// If we got here, user is trying to hack the system, this silent error won't happen in
		// normal usage
		die;
	}
	$_REQUEST['data'] = $filegallib->clean_xml($_REQUEST['data'], $_REQUEST['galleryId']);
98 99 100 101 102
	if (isset($_REQUEST['imgParams'])) {
		$_REQUEST['fromFieldId'] = (int)$_REQUEST['imgParams']['fromFieldId'];
		$_REQUEST['fromItemId'] = (int)$_REQUEST['imgParams']['fromItemId'];
	}
	$_REQUEST['description'] = htmlspecialchars(isset($_REQUEST['description']) ? $_REQUEST['description'] : '');
103

104 105
	$type = $mimetypes["svg"];
	$fileId = '';
106 107 108
	$isConversion = $fileInfo['filetype'] != $mimetypes["svg"];

	if (empty($_REQUEST["fileId"]) == false && $_REQUEST["fileId"] > 0 &&
109
			($prefs['feature_draw_separate_base_image'] !== 'y' || !$isConversion)) {
110

111
		//existing file
112 113 114 115 116 117 118 119 120 121 122 123 124 125 126
		$fileId = $filegallib->save_archive(
			$_REQUEST["fileId"],
			$fileInfo['galleryId'],
			0,
			$_REQUEST['name'],
			$fileInfo['description'],
			$_REQUEST['name'].".svg",
			$_REQUEST['data'],
			strlen($_REQUEST['data']),
			$type,
			$fileInfo['user'],
			null,
			null,
			$user
		);
lindonb's avatar
lindonb committed
127
		// this is a conversion from an image other than svg
128
		if ($isConversion && $prefs['fgal_keep_fileId'] == 'y') {
changi67's avatar
changi67 committed
129
			$newFileInfo = $filegallib->get_file_info($fileId);
130

131 132
			$archiveFileId = $tikilib->getOne(
				'SELECT fileId
133 134
				FROM tiki_files
				WHERE archiveId = ?
135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157
				ORDER BY lastModif DESC',
				array($fileId)
			);

			$newFileInfo['data'] = str_replace(
				'?fileId=' . $fileInfo['fileId'] . '#',
				'?fileId=' . $archiveFileId . '#',
				$newFileInfo['data']
			);
			$fileId = $filegallib->save_archive(
				$newFileInfo["fileId"],
				$newFileInfo['galleryId'], 0,
				$newFileInfo['filename'],
				$newFileInfo['description'],
				$newFileInfo['name'].".svg",
				$newFileInfo['data'],
				strlen($newFileInfo['data']),
				$type,
				$newFileInfo['user'],
				null,
				null,
				$user
			);
158
		}
159 160
	} else {
		//new file
161
		if ($isConversion) {
162 163 164 165 166
			$_REQUEST['name'] = preg_replace('/\.(:?jpg|gif|png|tif[f]?)$/', '', $_REQUEST['name']) . tra(' drawing');	// strip extension
		}
		$galleryId = $_REQUEST["galleryId"];
		if ($prefs['feature_draw_in_userfiles'] === 'y') {
			$galleryId = TikiLib::lib('filegal')->get_user_file_gallery();
167
		}
168
		$fileId = $filegallib->insert_file(
169
			$galleryId,
170 171 172 173 174 175 176 177 178
			$_REQUEST['name'],
			$_REQUEST['description'],
			$_REQUEST['name'].".svg",
			$_REQUEST['data'],
			strlen($_REQUEST['data']),
			$type,
			$user,
			null
		);
179
	}
180

181 182 183 184 185 186
	if (!empty($_REQUEST['fromItemId'])) {		// a tracker item, so update the item field
		$item = Tracker_Item::fromId($_REQUEST['fromItemId']);
		if ($item->canModifyField($_REQUEST['fromFieldId'])) {
			$definition = $item->getDefinition();
			$field = $definition->getField($_REQUEST['fromFieldId']);
			$trackerInput = $item->prepareFieldInput($field, array($_REQUEST['fromFieldId'] -> $fileId));
187 188 189 190 191 192 193 194 195 196 197 198 199 200
			$fileIds = explode(',', $trackerInput['value']);
			if (!in_array($fileId, $fileIds)) {
				if (!empty($_REQUEST['fileId']) && $fileId != $_REQUEST['fileId']) {
					$old_index = array_search($_REQUEST['fileId'], $fileIds);			// replacement (id changed when drawn on)
				} else {
					$old_index = false;
				}
				if ($old_index !== false) {
					$fileIds[$old_index] = $fileId;
				} else {
					$fileIds[] = $fileId;
				}
			}
			$trackerInput['value'] = implode(',', $fileIds);
201 202 203 204 205 206

			TikiLib::lib('trk')->replace_item($field['trackerId'], $_REQUEST['fromItemId'], array('data' => array($trackerInput)));
		}

	}

207 208 209 210
	echo $fileId;
	die;
}

211
if ($fileInfo['filetype'] == $mimetypes["svg"]) {
212 213
	$data = $fileInfo["data"];
} else { //we already confirmed that this is an image, here we make it compatible with svg
214
	$src = $tikilib->tikiUrl() . 'tiki-download_file.php?fileId=' . $fileInfo['fileId'];
215 216
	$w = @imagesx($src);		// can't see how this can ever work - imagesx param is a resource not a string url (jb)
	$h = @imagesy($src);
217

218 219 220 221 222
	if (empty($w) || empty($h)) { //go ahead and download the image, it may exist off-site, copywrited content
		$image = imagecreatefromstring(file_get_contents($src));
		$w = imagesx($image);
		$h = imagesy($image);
	}
223

224 225 226 227 228
	if ($w == 0 && $h == 0) {
		$w = 640;
		$h = 480;
	}

lindonb's avatar
lindonb committed
229 230
	$data = '<svg width="' . $w . '" height="' . $h
		. '" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
231 232
	<g>
		<title>Layer 1</title>
RobertPlummer's avatar
RobertPlummer committed
233
		<image x="1" y="1" width="100%" height="100%" id="svg_1" xlink:href="' . $src . '#image"/>
234 235 236 237 238
	</g>
</svg>';
}

//echo $data;die;
changi67's avatar
changi67 committed
239
$smarty->assign("data", $data);
240
//Obtain fileId, DO NOT LET ANYTHING OTHER THAN NUMBERS BY (for injection free code)
241
if (is_numeric($_REQUEST['fileId']) == false) $_REQUEST['fileId'] = 0;
242 243
if (is_numeric($_REQUEST['galleryId']) == false) $_REQUEST['galleryId'] = 0;

244 245
$fileId = htmlspecialchars($_REQUEST['fileId']);
$galleryId = htmlspecialchars($_REQUEST['galleryId']);
246
$name = htmlspecialchars($_REQUEST['name']);
247
$archive = htmlspecialchars($_REQUEST['archive']);
248

249 250
$index = htmlspecialchars($_REQUEST['index']);
$page = htmlspecialchars($_REQUEST['page']);
251 252 253
$label = htmlspecialchars($_REQUEST['label']);
$width = htmlspecialchars($_REQUEST['width']);
$height = htmlspecialchars($_REQUEST['height']);
254

changi67's avatar
changi67 committed
255 256
$smarty->assign("page", $page);
$smarty->assign("isFromPage", isset($page));
257

258
$backLocation = ($page ? "tiki-index.php?page=$page" : "tiki-list_file_gallery.php?galleryId=$galleryId");
259

changi67's avatar
changi67 committed
260 261 262
$smarty->assign("fileId", $fileId);
$smarty->assign("galleryId", $galleryId);
$smarty->assign("width", $width);
263
$smarty->assign("height", $height);
changi67's avatar
changi67 committed
264 265
$smarty->assign("name", $name);
$smarty->assign("archive", $archive);
266

267 268 269 270 271 272 273 274 275 276 277 278 279
$jsTracking = "$.wikiTrackingDraw = {
	index: '$index',
	page: '$page',
	label: '$label',
	type: 'draw',
	content: '',
	params: {
		width: '$width',
		height: '$height',
		id: '$fileId'
	}
};";

280 281 282
if (isset($_REQUEST['raw'])) {
	$jsFunctionality = "";
} else {
283 284
	$prefs['feature_draw_hide_buttons'] = addslashes(htmlentities($prefs['feature_draw_hide_buttons']));

285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307
	$jsFunctionality =
	"$('#drawFullscreen')
		.click(function() {
			$('#tiki_draw').drawFullscreen();
		})
		.click();

	$('#tiki_draw')
		.loadDraw({
			fileId: $('#fileId').val(),
			galleryId: $('#galleryId').val(),
			name: $('#fileName').val(),
			data: $('#fileData').val()
		})
		.bind('renamedDraw', function(e, name) {
			$('#fileName').val(name);
			$('.pagetitle').text(name);
		});

	$('#drawBack').click(function() {
		window.history.back();
	});";
}
308

309 310
if (
	isset($_REQUEST['index']) &&
311
	isset($_REQUEST['page']) &&
312
	isset($_REQUEST['label'])
313
) {
314
	$headerlib->add_jq_onready($jsTracking);
315 316
}

317 318
if ($drawFullscreen == true || isset($_REQUEST['raw'])) {
	echo $headerlib->output_js();
319
	$smarty->assign('drawFullscreen', 'true');
320
	echo $smarty->fetch('tiki-edit_draw.tpl');
321
} else {
322
	$headerlib->add_jq_onready($jsFunctionality);
323 324 325 326 327
	// Display the template
	$smarty->assign('mid', 'tiki-edit_draw.tpl');
	// use tiki_full to include include CSS and JavaScript
	$smarty->display("tiki.tpl");
}