Automad
 All Classes Functions Variables Pages
upload.php
1 <?php
2 /*
3  * ....
4  * .: '':.
5  * :::: ':..
6  * ::. ''..
7  * .:'.. ..':.:::' . :. '':.
8  * :. '' '' '. ::::.. ..:
9  * ::::. ..':.. .'''::::: .
10  * :::::::.. '..:::: :. :::: :
11  * ::'':::::::. ':::.'':.:::: :
12  * :.. ''::::::....': '':: :
13  * :::::. '::::: : .. '' .
14  * .''::::::::... ':::.'' ..'' :.''''.
15  * :..:::''::::: :::::...:'' :..:
16  * ::::::. ':::: :::::::: ..:: .
17  * ::::::::.:::: :::::::: :'':.:: .''
18  * ::: '::::::::.' ''::::: :.' '': :
19  * ::: :::::::::..' :::: ::...' .
20  * ::: .:::::::::: :::: :::: .:'
21  * '::' ''::::::: :::: : :: :
22  * ':::: :::: :'' .:
23  * :::: :::: ..''
24  * :::: ..:::: .:''
25  * '''' '''''
26  *
27  *
28  * AUTOMAD
29  *
30  * Copyright (c) 2014 by Marc Anton Dahmen
31  * http://marcdahmen.de
32  *
33  * Licensed under the MIT license.
34  * http://automad.org/license
35  */
36 
37 
38 namespace Automad\Core;
39 
40 
41 defined('AUTOMAD') or die('Direct access not permitted!');
42 
43 
44 /*
45  * AJAX Upload handler.
46  */
47 
48 
49 $output = array();
50 $output['debug'] = $_POST + $_FILES;
51 
52 
53 // Set path.
54 // If an URL is also posted, use that URL's page path. Without any URL, the /shared path is used.
55 if (isset($_POST['url']) && array_key_exists($_POST['url'], $this->collection)) {
56 
57  $Page = $this->collection[$_POST['url']];
58  $path = AM_BASE_DIR . AM_DIR_PAGES . $Page->path;
59 
60 } else {
61 
62  $path = AM_BASE_DIR . AM_DIR_SHARED . '/';
63 
64 }
65 
66 
67 // Move uploaded files
68 if (isset($_FILES['files']['name'])) {
69 
70  // Check if upload destination is writable.
71  if (is_writable($path)) {
72 
73  $errors = array();
74 
75  // In case the $_FILES array consists of multiple files (IE uploads!).
76  for ($i = 0; $i < count($_FILES['files']['name']); $i++) {
77 
78  // Check if file has a valid filename (allowed file type).
79  if (Parse::isFileName($_FILES['files']['name'][$i])) {
80 
81  $newFile = $path . Parse::sanitize($_FILES['files']['name'][$i]);
82  move_uploaded_file($_FILES['files']['tmp_name'][$i], $newFile);
83 
84  } else {
85 
86  $errors[] = $this->tb['error_file_format'] . ' <strong>' . pathinfo($_FILES['files']['name'][$i], PATHINFO_EXTENSION) . '</strong>';
87 
88  }
89 
90  }
91 
92  // Clear cache to update galleries and sliders.
93  $Cache = new Cache();
94  $Cache->clear();
95 
96  if ($errors) {
97  $output['error'] = implode('<br />', $errors);
98  }
99 
100  } else {
101 
102  $output['error'] = $this->tb['error_permission'] . '<p>' . $path . '</p>';
103 
104  }
105 
106 }
107 
108 
109 echo json_encode($output);
110 
111 
112 ?>
static isFileName($str)
Definition: parse.php:154
static sanitize($str, $removeDots=false)
Definition: parse.php:413