/home/bjcompany/domains/benjabhorn.com/public_html/BJconcrete/control/filemanager/upload.php

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132

<?php
include('config/config.php');
if($_SESSION['RF']["verify"] != "RESPONSIVEfilemanager") die('forbiden');
include('include/utils.php');


$storeFolder $_POST['path'];
$storeFolderThumb $_POST['path_thumb'];

$path_pos=strpos($storeFolder,$current_path);
$thumb_pos=strpos($_POST['path_thumb'],$thumbs_base_path);
if($path_pos!==
    || $thumb_pos !==0
    || strpos($storeFolderThumb,'../',strlen($thumbs_base_path))!==FALSE
    || strpos($storeFolderThumb,'./',strlen($thumbs_base_path))!==FALSE
    || strpos($storeFolder,'../',strlen($current_path))!==FALSE
    || strpos($storeFolder,'./',strlen($current_path))!==FALSE )
    die('wrong path');


$path=$storeFolder;
$cycle=true;
$max_cycles=50;
$i=0;
while($cycle && $i<$max_cycles){
    $i++;
    if($path==$current_path)  $cycle=false;
    if(file_exists($path."config.php")){
    require_once($path."config.php");
    $cycle=false;
    }
    $path=fix_dirname($path).'/';
}


if (!empty($_FILES)) {
    $info=pathinfo($_FILES['file']['name']);
    if(in_array(fix_strtolower($info['extension']), $ext)){
    $tempFile $_FILES['file']['tmp_name'];   
      
    $targetPath $storeFolder;
    $targetPathThumb $storeFolderThumb;
    $_FILES['file']['name'] = fix_filename($_FILES['file']['name'],$transliteration,$convert_spaces);
     
    if(file_exists($targetPath.$_FILES['file']['name'])){
        $i 1;
        $info=pathinfo($_FILES['file']['name']);
        while(file_exists($targetPath.$info['filename']."_".$i.".".$info['extension'])) {
            $i++;
        }
        $_FILES['file']['name']=$info['filename']."_".$i.".".$info['extension'];
    }
    $targetFile =  $targetPath$_FILES['file']['name']; 
    $targetFileThumb =  $targetPathThumb$_FILES['file']['name'];
    
    if(in_array(fix_strtolower($info['extension']),$ext_img)) $is_img=true;
    else $is_img=false;
    
    
    move_uploaded_file($tempFile,$targetFile);
    chmod($targetFile0755);
    
    if($is_img){
        $memory_error=false;
        if(!create_img_gd($targetFile$targetFileThumb12291)){
        $memory_error=false;
        }else{
        if(!new_thumbnails_creation($targetPath,$targetFile,$_FILES['file']['name'],$current_path,$relative_image_creation,$relative_path_from_current_pos,$relative_image_creation_name_to_prepend,$relative_image_creation_name_to_append,$relative_image_creation_width,$relative_image_creation_height,$relative_image_creation_option,$fixed_image_creation,$fixed_path_from_filemanager,$fixed_image_creation_name_to_prepend,$fixed_image_creation_to_append,$fixed_image_creation_width,$fixed_image_creation_height,$fixed_image_creation_option)){
            $memory_error=false;
        }else{            
            $imginfo =getimagesize($targetFile);
            $srcWidth $imginfo[0];
            $srcHeight $imginfo[1];
            
            if($image_resizing){
            if($image_resizing_width==0){
                if($image_resizing_height==0){
                $image_resizing_width=$srcWidth;
                $image_resizing_height =$srcHeight;
                }else{
                $image_resizing_width=$image_resizing_height*$srcWidth/$srcHeight;
            }
            }elseif($image_resizing_height==0){
                $image_resizing_height =$image_resizing_width*$srcHeight/$srcWidth;
            }
            $srcWidth=$image_resizing_width;
            $srcHeight=$image_resizing_height;
            create_img_gd($targetFile$targetFile$image_resizing_width$image_resizing_height);
            }
            //max resizing limit control
            $resize=false;
            if($image_max_width!=&& $srcWidth >$image_max_width){
            $resize=true;
            $srcHeight=$image_max_width*$srcHeight/$srcWidth;
            $srcWidth=$image_max_width;
            }
            if($image_max_height!=&& $srcHeight >$image_max_height){
            $resize=true;
            $srcWidth =$image_max_height*$srcWidth/$srcHeight;
            $srcHeight =$image_max_height;
            }
            if($resize)
            create_img_gd($targetFile$targetFile$srcWidth$srcHeight);
        }
        }        
        if($memory_error){
        //error
        unlink($targetFile);
        header('HTTP/1.1 406 Not enought Memory',true,406);
        exit();
        }
    }
    }else{
    header('HTTP/1.1 406 file not permitted',true,406);
    exit();
    }
}else{
    header('HTTP/1.1 405 Bad Request'true405);
    exit();
}
if(isset($_POST['submit'])){
    $query http_build_query(array(
        'type'      => $_POST['type'],
        'lang'      => $_POST['lang'],
        'popup'     => $_POST['popup'],
        'field_id'  => $_POST['field_id'],
        'fldr'      => $_POST['fldr'],
    ));
    header("location: dialog.php?" $query);
}

?>