[brlcad-commits] SF.net SVN: brlcad:[34731] web/trunk/htdocs/more/sites/all/modules/ filefield/file
Open Source Solid Modeling CAD
Brought to you by:
brlcad
From: <eb...@us...> - 2009-06-17 15:57:14
|
Revision: 34731 http://brlcad.svn.sourceforge.net/brlcad/?rev=34731&view=rev Author: ebautu Date: 2009-06-17 15:57:11 +0000 (Wed, 17 Jun 2009) Log Message: ----------- Add handler to filefield fields to select local files (required for ftp model uploading) Modified Paths: -------------- web/trunk/htdocs/more/sites/all/modules/filefield/filefield.module Modified: web/trunk/htdocs/more/sites/all/modules/filefield/filefield.module =================================================================== --- web/trunk/htdocs/more/sites/all/modules/filefield/filefield.module 2009-06-17 15:18:38 UTC (rev 34730) +++ web/trunk/htdocs/more/sites/all/modules/filefield/filefield.module 2009-06-17 15:57:11 UTC (rev 34731) @@ -408,6 +408,39 @@ if (!count($_POST)) { filefield_clear_session(); } + // if a file upload was not attempted and a local file name was specified + if ((false === file_check_upload($fieldname . '_upload')) && !empty($_POST[$fieldname . '_local_file'])) { + // Code "borrowed" from file_check_upload + // Begin building file object. + + $localfile = $_POST[$fieldname . '_local_file']; // @todo make localfile absolute and add security check + + $file = new stdClass(); + $file->filename = trim(basename($localfile), '.'); + $file->filepath = $localfile; + $file->filemime = file_get_mimetype($file->filename); + $file->filesize = filesize($localfile); + $file->source = $fieldname . '_upload'; + + // Rename potentially executable files, to help prevent exploits. + if (preg_match('/\.(php|pl|py|cgi|asp|js)$/i', $file->filename) && (substr($file->filename, -4) != '.txt')) { + $file->filemime = 'text/plain'; + $file->filepath .= '.txt'; + $file->filename .= '.txt'; + } + + // Move uploaded files from php's upload_tmp_dir to Drupal's file temp. + // This overcomes open_basedir restrictions for future file operations. + if (!move_uploaded_file($_FILES["files"]["tmp_name"][$source], $file->filepath)) { + drupal_set_message(t('File upload error. Could not move uploaded file.')); + watchdog('file', t('Upload Error. Could not move uploaded file (%file) to destination (%destination).', array('%file' => $_FILES["files"]["tmp_name"][$source], '%destination' => $file->filepath))); + return FALSE; + } + // fake a previous upload in order to make file_check_upload return this file + $_SESSION['file_uploads'][$file->source] = $file; + unset($_FILES["files"]["tmp_name"][$file->source]); + } + // Attach new files if ($file = file_check_upload($fieldname . '_upload')) { $file = (array)$file; @@ -534,7 +567,7 @@ '#weight' => 10, ); - $form[$fieldname]['new']['local_file'] = array( + $form[$fieldname]['new'][$fieldname .'_local_file'] = array( '#type' => 'textfield', '#title' => t('Or select one of the local files.'), '#weight' => 11, This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |