. */ namespace Fisharebest\Webtrees; /** * Defined in session.php * * @global Tree $WT_TREE */ global $WT_TREE; use Fisharebest\Webtrees\Controller\PageController; use Fisharebest\Webtrees\Functions\Functions; use Fisharebest\Webtrees\Query\QueryMedia; define('WT_SCRIPT_NAME', 'admin_media_upload.php'); require './includes/session.php'; $MEDIA_DIRECTORY = $WT_TREE->getPreference('MEDIA_DIRECTORY'); $controller = new PageController; $controller ->restrictAccess(Auth::isManager($WT_TREE)) ->setPageTitle(I18N::translate('Upload media files')); $action = Filter::post('action'); if ($action == "upload") { for ($i = 1; $i < 6; $i++) { if (!empty($_FILES['mediafile' . $i]["name"]) || !empty($_FILES['thumbnail' . $i]["name"])) { $folder = Filter::post('folder' . $i); // Validate the media folder $folderName = str_replace('\\', '/', $folder); $folderName = trim($folderName, '/'); if ($folderName == '.') { $folderName = ''; } if ($folderName) { $folderName .= '/'; // Not allowed to use “../” if (strpos('/' . $folderName, '/../') !== false) { FlashMessages::addMessage('Folder names are not allowed to include “../”'); break; } } // Make sure the media folder exists if (!is_dir(WT_DATA_DIR . $MEDIA_DIRECTORY)) { if (File::mkdir(WT_DATA_DIR . $MEDIA_DIRECTORY)) { FlashMessages::addMessage(I18N::translate('The folder %s has been created.', Html::filename(WT_DATA_DIR . $MEDIA_DIRECTORY))); } else { FlashMessages::addMessage(I18N::translate('The folder %s does not exist, and it could not be created.', Html::filename(WT_DATA_DIR . $MEDIA_DIRECTORY)), 'danger'); break; } } // Managers can create new media paths (subfolders). Users must use existing folders. if ($folderName && !is_dir(WT_DATA_DIR . $MEDIA_DIRECTORY . $folderName)) { if (Auth::isManager($WT_TREE)) { if (File::mkdir(WT_DATA_DIR . $MEDIA_DIRECTORY . $folderName)) { FlashMessages::addMessage(I18N::translate('The folder %s has been created.', Html::filename(WT_DATA_DIR . $MEDIA_DIRECTORY . $folderName))); } else { FlashMessages::addMessage(I18N::translate('The folder %s does not exist, and it could not be created.', Html::filename(WT_DATA_DIR . $MEDIA_DIRECTORY . $folderName)), 'danger'); break; } } else { // Regular users should not have seen this option - so no need for an error message. break; } } // The media folder exists. Now create a thumbnail folder to match it. if (!is_dir(WT_DATA_DIR . $MEDIA_DIRECTORY . 'thumbs/' . $folderName)) { if (!File::mkdir(WT_DATA_DIR . $MEDIA_DIRECTORY . 'thumbs/' . $folderName)) { FlashMessages::addMessage(I18N::translate('The folder %s does not exist, and it could not be created.', Html::filename(WT_DATA_DIR . $MEDIA_DIRECTORY . 'thumbs/' . $folderName))); break; } } // A thumbnail file with no main image? if (!empty($_FILES['thumbnail' . $i]['name']) && empty($_FILES['mediafile' . $i]['name'])) { // Assume the user used the wrong field, and treat this as a main image $_FILES['mediafile' . $i] = $_FILES['thumbnail' . $i]; unset($_FILES['thumbnail' . $i]); } // Thumbnail files must contain images. if (!empty($_FILES['thumbnail' . $i]['name']) && !preg_match('/^image\/(png|gif|jpeg)/', $_FILES['thumbnail' . $i]['type'])) { FlashMessages::addMessage(I18N::translate('Thumbnail files must contain images.')); break; } // User-specified filename? $filename = Filter::post('filename' . $i); // Use the name of the uploaded file? if (!$filename && !empty($_FILES['mediafile' . $i]['name'])) { $filename = $_FILES['mediafile' . $i]['name']; } // Validate the media path and filename if (preg_match('/([\/\\\\<>])/', $filename, $match)) { // Local media files cannot contain certain special characters FlashMessages::addMessage(I18N::translate('Filenames are not allowed to contain the character “%s”.', $match[1])); $filename = ''; break; } elseif (preg_match('/(\.(php|pl|cgi|bash|sh|bat|exe|com|htm|html|shtml))$/i', $filename, $match)) { // Do not allow obvious script files. FlashMessages::addMessage(I18N::translate('Filenames are not allowed to have the extension “%s”.', $match[1])); $filename = ''; break; } elseif (!$filename) { FlashMessages::addMessage(I18N::translate('No media file was provided.')); break; } else { $fileName = $filename; } // Now copy the file to the correct location. if (!empty($_FILES['mediafile' . $i]['name'])) { $serverFileName = WT_DATA_DIR . $MEDIA_DIRECTORY . $folderName . $fileName; if (file_exists($serverFileName)) { FlashMessages::addMessage(I18N::translate('The file %s already exists. Use another filename.', $folderName . $fileName)); $filename = ''; break; } if (move_uploaded_file($_FILES['mediafile' . $i]['tmp_name'], $serverFileName)) { FlashMessages::addMessage(I18N::translate('The file %s has been uploaded.', Html::filename($serverFileName))); Log::addMediaLog('Media file ' . $serverFileName . ' uploaded'); } else { FlashMessages::addMessage( I18N::translate('There was an error uploading your file.') . '
' . Functions::fileUploadErrorText($_FILES['mediafile' . $i]['error']) ); $filename = ''; break; } // Now copy the (optional thumbnail) if (!empty($_FILES['thumbnail' . $i]['name']) && preg_match('/^image\/(png|gif|jpeg)/', $_FILES['thumbnail' . $i]['type'], $match)) { $extension = $match[1]; $thumbFile = preg_replace('/\.[a-z0-9]{3,5}$/', '.' . $extension, $fileName); $serverFileName = WT_DATA_DIR . $MEDIA_DIRECTORY . 'thumbs/' . $folderName . $thumbFile; if (move_uploaded_file($_FILES['thumbnail' . $i]['tmp_name'], $serverFileName)) { FlashMessages::addMessage(I18N::translate('The file %s has been uploaded.', Html::filename($serverFileName))); Log::addMediaLog('Thumbnail file ' . $serverFileName . ' uploaded'); } } } } } } $controller->pageHeader(); $mediaFolders = QueryMedia::folderListAll(); // Determine file size limit $filesize = ini_get('upload_max_filesize'); if (empty($filesize)) { $filesize = "2M"; } ?>
  2. getPageTitle(); ?>

getPageTitle(); ?>

'; echo ''; // Print 5 forms for uploading images for ($i = 1; $i < 6; $i++) { echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; if (Auth::isManager($WT_TREE)) { echo ''; echo ''; } else { echo ''; } if (Auth::isManager($WT_TREE)) { echo ''; echo ''; } else { echo ''; } echo '
', I18N::translate('Media file'), ' ', $i, '
'; echo I18N::translate('Media file to upload'); echo ''; echo ''; echo '
'; echo I18N::translate('Thumbnail to upload'); echo ''; echo ''; if ($i === 1) { echo '

', I18N::translate('Choose the thumbnail image that you want to upload. Although thumbnails can be generated automatically for images, you may wish to generate your own thumbnail, especially for other media types. For example, you can provide a still image from a video, or a photograph of the individual who made an audio recording.'), '

'; } echo '
'; echo I18N::translate('Filename on server'); echo ''; echo ''; if ($i == 1) { echo '

', I18N::translate('Do not change to keep original filename.'), "

"; echo '

', I18N::translate('The media file you are uploading can be, and probably should be, named differently on the server than it is on your local computer. This is so because often the local filename has meaning to you but is much less meaningful to others visiting this website. Consider also the possibility that you and someone else both try to upload different files called “granny.jpg“.

In this field, you specify the new name of the file you are uploading. The name you enter here will also be used to name the thumbnail, which can be uploaded separately or generated automatically. You do not need to enter the filename extension (jpg, gif, pdf, doc, etc.)

Leave this field blank to keep the original name of the file you have uploaded from your local computer.'), '

'; } echo '
'; echo I18N::translate('Folder name on server'); echo ''; echo '"; if (Auth::isAdmin()) { echo '
'; } else { echo ''; } if ($i === 1) { echo '

', I18N::translate('If you have a large number of media files, you can organize them into folders and subfolders.'), '

'; } echo '
'; } // Print the Submit button for uploading the media echo ''; echo '';