aboutsummaryrefslogtreecommitdiffstats
path: root/mayor-orig/mayor-base/www
diff options
context:
space:
mode:
Diffstat (limited to 'mayor-orig/mayor-base/www')
-rw-r--r--mayor-orig/mayor-base/www/include/share/net/upload.php262
l---------mayor-orig/mayor-base/www/policy/parent/session/download-pre.php1
l---------mayor-orig/mayor-base/www/policy/parent/session/download.php1
-rw-r--r--mayor-orig/mayor-base/www/policy/private/session/download-pre.php2
4 files changed, 261 insertions, 5 deletions
diff --git a/mayor-orig/mayor-base/www/include/share/net/upload.php b/mayor-orig/mayor-base/www/include/share/net/upload.php
index bbc90db8..7181c94e 100644
--- a/mayor-orig/mayor-base/www/include/share/net/upload.php
+++ b/mayor-orig/mayor-base/www/include/share/net/upload.php
@@ -1,6 +1,6 @@
<?php
-function mayorFileUpload($WHERE) {
+function mayorFileUpload($ADAT,$csakKep=true) {
try {
@@ -27,11 +27,13 @@ try {
}
// You should also check filesize here.
- if ($_FILES['upfile']['size'] > 1000000) {
+ if ($_FILES['upfile']['size'] > file_upload_max_size()) {
throw new RuntimeException('Túl nagy a file!');
}
$finfo = new finfo(FILEINFO_MIME_TYPE);
+
+ if ($csakKep===true) {
if (false === $ext = array_search(
$finfo->file($_FILES['upfile']['tmp_name']),
array(
@@ -43,16 +45,268 @@ try {
)) {
throw new RuntimeException('Nem kép!');
}
-
+ }
// You should name it uniquely.
// DO NOT USE $_FILES['upfile']['name'] WITHOUT ANY VALIDATION !!
// On this example, obtain safe unique name from its binary data.
- if (!move_uploaded_file($_FILES['upfile']['tmp_name'],$WHERE['subdir'].'/'.$WHERE['filename'])) {
+ if (!move_uploaded_file($_FILES['upfile']['tmp_name'],$ADAT['subdir'].'/'.$ADAT['filename'])) {
throw new RuntimeException('Nem tudtuk átmozgatni. Van jogunk írni a célkönyvtárba?');
}
} catch (RuntimeException $e) {
$_SESSION['alert'][] = 'info::'.$e->getMessage();
}
+ return true;
+
+}
+
+function file_upload_max_size() {
+ static $max_size = -1;
+
+ if ($max_size < 0) {
+ $post_max_size = parse_size(ini_get('post_max_size'));
+ if ($post_max_size > 0) {
+ $max_size = $post_max_size;
+ }
+ $upload_max = parse_size(ini_get('upload_max_filesize'));
+ if ($upload_max > 0 && $upload_max < $max_size) {
+ $max_size = $upload_max;
+ }
+ }
+ return $max_size;
+}
+
+function parse_size($size) {
+ $unit = preg_replace('/[^bkmgtpezy]/i', '', $size);
+ $size = preg_replace('/[^0-9\.]/', '', $size);
+ if ($unit) {
+ return round($size * pow(1024, stripos('bkmgtpezy', $unit[0])));
+ }
+ else {
+ return round($size);
+ }
+}
+
+function human_filesize($bytes, $dec = 2)
+{
+ $size = array('B', 'kB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB');
+ $factor = floor((strlen($bytes) - 1) / 3);
+ return sprintf("%.{$dec}f", $bytes / pow(1024, $factor)) . @$size[$factor];
+}
+
+function filename2ext($filename) {
+ $ext = end(explode('.', $filename));
+ $ext = substr(strrchr($filename, '.'), 1);
+ $ext = substr($filename, strrpos($filename, '.') + 1);
+ $ext = preg_replace('/^.*\.([^.]+)$/D', '$1', $filename);
+ $exts = split("[/\\.]", $filename);
+ $n = count($exts)-1;
+ $ext = $exts[$n];
+ return $ext;
+}
+
+function filemime2ext($mime) {
+ $mime_map = [
+ 'video/3gpp2' => '3g2',
+ 'video/3gp' => '3gp',
+ 'video/3gpp' => '3gp',
+ 'application/x-compressed' => '7zip',
+ 'audio/x-acc' => 'aac',
+ 'audio/ac3' => 'ac3',
+ 'application/postscript' => 'ai',
+ 'audio/x-aiff' => 'aif',
+ 'audio/aiff' => 'aif',
+ 'audio/x-au' => 'au',
+ 'video/x-msvideo' => 'avi',
+ 'video/msvideo' => 'avi',
+ 'video/avi' => 'avi',
+ 'application/x-troff-msvideo' => 'avi',
+ 'application/macbinary' => 'bin',
+ 'application/mac-binary' => 'bin',
+ 'application/x-binary' => 'bin',
+ 'application/x-macbinary' => 'bin',
+ 'image/bmp' => 'bmp',
+ 'image/x-bmp' => 'bmp',
+ 'image/x-bitmap' => 'bmp',
+ 'image/x-xbitmap' => 'bmp',
+ 'image/x-win-bitmap' => 'bmp',
+ 'image/x-windows-bmp' => 'bmp',
+ 'image/ms-bmp' => 'bmp',
+ 'image/x-ms-bmp' => 'bmp',
+ 'application/bmp' => 'bmp',
+ 'application/x-bmp' => 'bmp',
+ 'application/x-win-bitmap' => 'bmp',
+ 'application/cdr' => 'cdr',
+ 'application/coreldraw' => 'cdr',
+ 'application/x-cdr' => 'cdr',
+ 'application/x-coreldraw' => 'cdr',
+ 'image/cdr' => 'cdr',
+ 'image/x-cdr' => 'cdr',
+ 'zz-application/zz-winassoc-cdr' => 'cdr',
+ 'application/mac-compactpro' => 'cpt',
+ 'application/pkix-crl' => 'crl',
+ 'application/pkcs-crl' => 'crl',
+ 'application/x-x509-ca-cert' => 'crt',
+ 'application/pkix-cert' => 'crt',
+ 'text/css' => 'css',
+ 'text/x-comma-separated-values' => 'csv',
+ 'text/comma-separated-values' => 'csv',
+ 'application/vnd.msexcel' => 'csv',
+ 'application/x-director' => 'dcr',
+ 'application/vnd.openxmlformats-officedocument.wordprocessingml.document' => 'docx',
+ 'application/x-dvi' => 'dvi',
+ 'message/rfc822' => 'eml',
+ 'application/x-msdownload' => 'exe',
+ 'video/x-f4v' => 'f4v',
+ 'audio/x-flac' => 'flac',
+ 'video/x-flv' => 'flv',
+ 'image/gif' => 'gif',
+ 'application/gpg-keys' => 'gpg',
+ 'application/x-gtar' => 'gtar',
+ 'application/x-gzip' => 'gzip',
+ 'application/mac-binhex40' => 'hqx',
+ 'application/mac-binhex' => 'hqx',
+ 'application/x-binhex40' => 'hqx',
+ 'application/x-mac-binhex40' => 'hqx',
+ 'text/html' => 'html',
+ 'image/x-icon' => 'ico',
+ 'image/x-ico' => 'ico',
+ 'image/vnd.microsoft.icon' => 'ico',
+ 'text/calendar' => 'ics',
+ 'application/java-archive' => 'jar',
+ 'application/x-java-application' => 'jar',
+ 'application/x-jar' => 'jar',
+ 'image/jp2' => 'jp2',
+ 'video/mj2' => 'jp2',
+ 'image/jpx' => 'jp2',
+ 'image/jpm' => 'jp2',
+ 'image/jpeg' => 'jpeg',
+ 'image/pjpeg' => 'jpeg',
+ 'application/x-javascript' => 'js',
+ 'application/json' => 'json',
+ 'text/json' => 'json',
+ 'application/vnd.google-earth.kml+xml' => 'kml',
+ 'application/vnd.google-earth.kmz' => 'kmz',
+ 'text/x-log' => 'log',
+ 'audio/x-m4a' => 'm4a',
+ 'audio/mp4' => 'm4a',
+ 'application/vnd.mpegurl' => 'm4u',
+ 'audio/midi' => 'mid',
+ 'application/vnd.mif' => 'mif',
+ 'video/quicktime' => 'mov',
+ 'video/x-sgi-movie' => 'movie',
+ 'audio/mpeg' => 'mp3',
+ 'audio/mpg' => 'mp3',
+ 'audio/mpeg3' => 'mp3',
+ 'audio/mp3' => 'mp3',
+ 'video/mp4' => 'mp4',
+ 'video/mpeg' => 'mpeg',
+ 'application/oda' => 'oda',
+ 'audio/ogg' => 'ogg',
+ 'video/ogg' => 'ogg',
+ 'application/ogg' => 'ogg',
+ 'application/x-pkcs10' => 'p10',
+ 'application/pkcs10' => 'p10',
+ 'application/x-pkcs12' => 'p12',
+ 'application/x-pkcs7-signature' => 'p7a',
+ 'application/pkcs7-mime' => 'p7c',
+ 'application/x-pkcs7-mime' => 'p7c',
+ 'application/x-pkcs7-certreqresp' => 'p7r',
+ 'application/pkcs7-signature' => 'p7s',
+ 'application/pdf' => 'pdf',
+ 'application/octet-stream' => 'pdf',
+ 'application/x-x509-user-cert' => 'pem',
+ 'application/x-pem-file' => 'pem',
+ 'application/pgp' => 'pgp',
+ 'application/x-httpd-php' => 'php',
+ 'application/php' => 'php',
+ 'application/x-php' => 'php',
+ 'text/php' => 'php',
+ 'text/x-php' => 'php',
+ 'application/x-httpd-php-source' => 'php',
+ 'image/png' => 'png',
+ 'image/x-png' => 'png',
+ 'application/powerpoint' => 'ppt',
+ 'application/vnd.ms-powerpoint' => 'ppt',
+ 'application/vnd.ms-office' => 'ppt',
+ 'application/msword' => 'ppt',
+ 'application/vnd.openxmlformats-officedocument.presentationml.presentation' => 'pptx',
+ 'application/x-photoshop' => 'psd',
+ 'image/vnd.adobe.photoshop' => 'psd',
+ 'audio/x-realaudio' => 'ra',
+ 'audio/x-pn-realaudio' => 'ram',
+ 'application/x-rar' => 'rar',
+ 'application/rar' => 'rar',
+ 'application/x-rar-compressed' => 'rar',
+ 'audio/x-pn-realaudio-plugin' => 'rpm',
+ 'application/x-pkcs7' => 'rsa',
+ 'text/rtf' => 'rtf',
+ 'text/richtext' => 'rtx',
+ 'video/vnd.rn-realvideo' => 'rv',
+ 'application/x-stuffit' => 'sit',
+ 'application/smil' => 'smil',
+ 'text/srt' => 'srt',
+ 'image/svg+xml' => 'svg',
+ 'application/x-shockwave-flash' => 'swf',
+ 'application/x-tar' => 'tar',
+ 'application/x-gzip-compressed' => 'tgz',
+ 'image/tiff' => 'tiff',
+ 'text/plain' => 'txt',
+ 'text/x-vcard' => 'vcf',
+ 'application/videolan' => 'vlc',
+ 'text/vtt' => 'vtt',
+ 'audio/x-wav' => 'wav',
+ 'audio/wave' => 'wav',
+ 'audio/wav' => 'wav',
+ 'application/wbxml' => 'wbxml',
+ 'video/webm' => 'webm',
+ 'image/webp' => 'webp',
+ 'audio/x-ms-wma' => 'wma',
+ 'application/wmlc' => 'wmlc',
+ 'video/x-ms-wmv' => 'wmv',
+ 'video/x-ms-asf' => 'wmv',
+ 'application/xhtml+xml' => 'xhtml',
+ 'application/excel' => 'xl',
+ 'application/msexcel' => 'xls',
+ 'application/x-msexcel' => 'xls',
+ 'application/x-ms-excel' => 'xls',
+ 'application/x-excel' => 'xls',
+ 'application/x-dos_ms_excel' => 'xls',
+ 'application/xls' => 'xls',
+ 'application/x-xls' => 'xls',
+ 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet' => 'xlsx',
+ 'application/vnd.ms-excel' => 'xlsx',
+ 'application/xml' => 'xml',
+ 'text/xml' => 'xml',
+ 'text/xsl' => 'xsl',
+ 'application/xspf+xml' => 'xspf',
+ 'application/x-compress' => 'z',
+ 'application/x-zip' => 'zip',
+ 'application/zip' => 'zip',
+ 'application/x-zip-compressed' => 'zip',
+ 'application/s-compressed' => 'zip',
+ 'multipart/x-zip' => 'zip',
+ 'text/x-scriptzsh' => 'zsh',
+ ];
+
+ return isset($mime_map[$mime]) ? $mime_map[$mime] : false;
+}
+
+// --TODO not used
+/*
+function filenameNorm ($str = '')
+{
+ $str = strip_tags($str);
+ $str = preg_replace('/[\r\n\t ]+/', ' ', $str);
+ $str = preg_replace('/[\"\*\/\:\<\>\?\'\|]+/', ' ', $str);
+ $str = strtolower($str);
+ $str = html_entity_decode( $str, ENT_QUOTES, "utf-8" );
+ $str = htmlentities($str, ENT_QUOTES, "utf-8");
+ $str = preg_replace("/(&)([a-z])([a-z]+;)/i", '$2', $str);
+ $str = str_replace(' ', '-', $str);
+ $str = rawurlencode($str);
+ $str = str_replace('%', '-', $str);
+ return $str;
}
+*/
?> \ No newline at end of file
diff --git a/mayor-orig/mayor-base/www/policy/parent/session/download-pre.php b/mayor-orig/mayor-base/www/policy/parent/session/download-pre.php
new file mode 120000
index 00000000..2b5f8422
--- /dev/null
+++ b/mayor-orig/mayor-base/www/policy/parent/session/download-pre.php
@@ -0,0 +1 @@
+../../private/session/download-pre.php \ No newline at end of file
diff --git a/mayor-orig/mayor-base/www/policy/parent/session/download.php b/mayor-orig/mayor-base/www/policy/parent/session/download.php
new file mode 120000
index 00000000..2cff0143
--- /dev/null
+++ b/mayor-orig/mayor-base/www/policy/parent/session/download.php
@@ -0,0 +1 @@
+../../private/session/download.php \ No newline at end of file
diff --git a/mayor-orig/mayor-base/www/policy/private/session/download-pre.php b/mayor-orig/mayor-base/www/policy/private/session/download-pre.php
index 6b396143..1fdd916f 100644
--- a/mayor-orig/mayor-base/www/policy/private/session/download-pre.php
+++ b/mayor-orig/mayor-base/www/policy/private/session/download-pre.php
@@ -26,7 +26,7 @@
// Jogosultságok ellenőzése dir alapján
if (__DIAK===true) {
- if (strstr($dir,'naplo/face/')===false) return false;
+ if (strstr($dir,'naplo/face/')===false && strstr($dir,'naplo/haladasi/hazifeladat')===false) return false;
}
// Titkarsag, Tanar, Naploadmin letoltheti, amit szeretne