From 351ace3031cf063cef346027ae209d218225242a Mon Sep 17 00:00:00 2001 From: M.Gergo Date: Tue, 24 Mar 2020 15:53:18 +0100 Subject: Rev: 4632 --- .../mayor-base/www/include/share/net/upload.php | 262 ++++++++++++++++++++- .../www/policy/parent/session/download-pre.php | 1 + .../www/policy/parent/session/download.php | 1 + .../www/policy/private/session/download-pre.php | 2 +- 4 files changed, 261 insertions(+), 5 deletions(-) create mode 120000 mayor-orig/mayor-base/www/policy/parent/session/download-pre.php create mode 120000 mayor-orig/mayor-base/www/policy/parent/session/download.php (limited to 'mayor-orig/mayor-base/www') diff --git a/mayor-orig/mayor-base/www/include/share/net/upload.php b/mayor-orig/mayor-base/www/include/share/net/upload.php index bbc90db8..7181c94e 100644 --- a/mayor-orig/mayor-base/www/include/share/net/upload.php +++ b/mayor-orig/mayor-base/www/include/share/net/upload.php @@ -1,6 +1,6 @@ 1000000) { + if ($_FILES['upfile']['size'] > file_upload_max_size()) { throw new RuntimeException('Túl nagy a file!'); } $finfo = new finfo(FILEINFO_MIME_TYPE); + + if ($csakKep===true) { if (false === $ext = array_search( $finfo->file($_FILES['upfile']['tmp_name']), array( @@ -43,16 +45,268 @@ try { )) { throw new RuntimeException('Nem kép!'); } - + } // You should name it uniquely. // DO NOT USE $_FILES['upfile']['name'] WITHOUT ANY VALIDATION !! // On this example, obtain safe unique name from its binary data. - if (!move_uploaded_file($_FILES['upfile']['tmp_name'],$WHERE['subdir'].'/'.$WHERE['filename'])) { + if (!move_uploaded_file($_FILES['upfile']['tmp_name'],$ADAT['subdir'].'/'.$ADAT['filename'])) { throw new RuntimeException('Nem tudtuk átmozgatni. Van jogunk írni a célkönyvtárba?'); } } catch (RuntimeException $e) { $_SESSION['alert'][] = 'info::'.$e->getMessage(); } + return true; + +} + +function file_upload_max_size() { + static $max_size = -1; + + if ($max_size < 0) { + $post_max_size = parse_size(ini_get('post_max_size')); + if ($post_max_size > 0) { + $max_size = $post_max_size; + } + $upload_max = parse_size(ini_get('upload_max_filesize')); + if ($upload_max > 0 && $upload_max < $max_size) { + $max_size = $upload_max; + } + } + return $max_size; +} + +function parse_size($size) { + $unit = preg_replace('/[^bkmgtpezy]/i', '', $size); + $size = preg_replace('/[^0-9\.]/', '', $size); + if ($unit) { + return round($size * pow(1024, stripos('bkmgtpezy', $unit[0]))); + } + else { + return round($size); + } +} + +function human_filesize($bytes, $dec = 2) +{ + $size = array('B', 'kB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB'); + $factor = floor((strlen($bytes) - 1) / 3); + return sprintf("%.{$dec}f", $bytes / pow(1024, $factor)) . @$size[$factor]; +} + +function filename2ext($filename) { + $ext = end(explode('.', $filename)); + $ext = substr(strrchr($filename, '.'), 1); + $ext = substr($filename, strrpos($filename, '.') + 1); + $ext = preg_replace('/^.*\.([^.]+)$/D', '$1', $filename); + $exts = split("[/\\.]", $filename); + $n = count($exts)-1; + $ext = $exts[$n]; + return $ext; +} + +function filemime2ext($mime) { + $mime_map = [ + 'video/3gpp2' => '3g2', + 'video/3gp' => '3gp', + 'video/3gpp' => '3gp', + 'application/x-compressed' => '7zip', + 'audio/x-acc' => 'aac', + 'audio/ac3' => 'ac3', + 'application/postscript' => 'ai', + 'audio/x-aiff' => 'aif', + 'audio/aiff' => 'aif', + 'audio/x-au' => 'au', + 'video/x-msvideo' => 'avi', + 'video/msvideo' => 'avi', + 'video/avi' => 'avi', + 'application/x-troff-msvideo' => 'avi', + 'application/macbinary' => 'bin', + 'application/mac-binary' => 'bin', + 'application/x-binary' => 'bin', + 'application/x-macbinary' => 'bin', + 'image/bmp' => 'bmp', + 'image/x-bmp' => 'bmp', + 'image/x-bitmap' => 'bmp', + 'image/x-xbitmap' => 'bmp', + 'image/x-win-bitmap' => 'bmp', + 'image/x-windows-bmp' => 'bmp', + 'image/ms-bmp' => 'bmp', + 'image/x-ms-bmp' => 'bmp', + 'application/bmp' => 'bmp', + 'application/x-bmp' => 'bmp', + 'application/x-win-bitmap' => 'bmp', + 'application/cdr' => 'cdr', + 'application/coreldraw' => 'cdr', + 'application/x-cdr' => 'cdr', + 'application/x-coreldraw' => 'cdr', + 'image/cdr' => 'cdr', + 'image/x-cdr' => 'cdr', + 'zz-application/zz-winassoc-cdr' => 'cdr', + 'application/mac-compactpro' => 'cpt', + 'application/pkix-crl' => 'crl', + 'application/pkcs-crl' => 'crl', + 'application/x-x509-ca-cert' => 'crt', + 'application/pkix-cert' => 'crt', + 'text/css' => 'css', + 'text/x-comma-separated-values' => 'csv', + 'text/comma-separated-values' => 'csv', + 'application/vnd.msexcel' => 'csv', + 'application/x-director' => 'dcr', + 'application/vnd.openxmlformats-officedocument.wordprocessingml.document' => 'docx', + 'application/x-dvi' => 'dvi', + 'message/rfc822' => 'eml', + 'application/x-msdownload' => 'exe', + 'video/x-f4v' => 'f4v', + 'audio/x-flac' => 'flac', + 'video/x-flv' => 'flv', + 'image/gif' => 'gif', + 'application/gpg-keys' => 'gpg', + 'application/x-gtar' => 'gtar', + 'application/x-gzip' => 'gzip', + 'application/mac-binhex40' => 'hqx', + 'application/mac-binhex' => 'hqx', + 'application/x-binhex40' => 'hqx', + 'application/x-mac-binhex40' => 'hqx', + 'text/html' => 'html', + 'image/x-icon' => 'ico', + 'image/x-ico' => 'ico', + 'image/vnd.microsoft.icon' => 'ico', + 'text/calendar' => 'ics', + 'application/java-archive' => 'jar', + 'application/x-java-application' => 'jar', + 'application/x-jar' => 'jar', + 'image/jp2' => 'jp2', + 'video/mj2' => 'jp2', + 'image/jpx' => 'jp2', + 'image/jpm' => 'jp2', + 'image/jpeg' => 'jpeg', + 'image/pjpeg' => 'jpeg', + 'application/x-javascript' => 'js', + 'application/json' => 'json', + 'text/json' => 'json', + 'application/vnd.google-earth.kml+xml' => 'kml', + 'application/vnd.google-earth.kmz' => 'kmz', + 'text/x-log' => 'log', + 'audio/x-m4a' => 'm4a', + 'audio/mp4' => 'm4a', + 'application/vnd.mpegurl' => 'm4u', + 'audio/midi' => 'mid', + 'application/vnd.mif' => 'mif', + 'video/quicktime' => 'mov', + 'video/x-sgi-movie' => 'movie', + 'audio/mpeg' => 'mp3', + 'audio/mpg' => 'mp3', + 'audio/mpeg3' => 'mp3', + 'audio/mp3' => 'mp3', + 'video/mp4' => 'mp4', + 'video/mpeg' => 'mpeg', + 'application/oda' => 'oda', + 'audio/ogg' => 'ogg', + 'video/ogg' => 'ogg', + 'application/ogg' => 'ogg', + 'application/x-pkcs10' => 'p10', + 'application/pkcs10' => 'p10', + 'application/x-pkcs12' => 'p12', + 'application/x-pkcs7-signature' => 'p7a', + 'application/pkcs7-mime' => 'p7c', + 'application/x-pkcs7-mime' => 'p7c', + 'application/x-pkcs7-certreqresp' => 'p7r', + 'application/pkcs7-signature' => 'p7s', + 'application/pdf' => 'pdf', + 'application/octet-stream' => 'pdf', + 'application/x-x509-user-cert' => 'pem', + 'application/x-pem-file' => 'pem', + 'application/pgp' => 'pgp', + 'application/x-httpd-php' => 'php', + 'application/php' => 'php', + 'application/x-php' => 'php', + 'text/php' => 'php', + 'text/x-php' => 'php', + 'application/x-httpd-php-source' => 'php', + 'image/png' => 'png', + 'image/x-png' => 'png', + 'application/powerpoint' => 'ppt', + 'application/vnd.ms-powerpoint' => 'ppt', + 'application/vnd.ms-office' => 'ppt', + 'application/msword' => 'ppt', + 'application/vnd.openxmlformats-officedocument.presentationml.presentation' => 'pptx', + 'application/x-photoshop' => 'psd', + 'image/vnd.adobe.photoshop' => 'psd', + 'audio/x-realaudio' => 'ra', + 'audio/x-pn-realaudio' => 'ram', + 'application/x-rar' => 'rar', + 'application/rar' => 'rar', + 'application/x-rar-compressed' => 'rar', + 'audio/x-pn-realaudio-plugin' => 'rpm', + 'application/x-pkcs7' => 'rsa', + 'text/rtf' => 'rtf', + 'text/richtext' => 'rtx', + 'video/vnd.rn-realvideo' => 'rv', + 'application/x-stuffit' => 'sit', + 'application/smil' => 'smil', + 'text/srt' => 'srt', + 'image/svg+xml' => 'svg', + 'application/x-shockwave-flash' => 'swf', + 'application/x-tar' => 'tar', + 'application/x-gzip-compressed' => 'tgz', + 'image/tiff' => 'tiff', + 'text/plain' => 'txt', + 'text/x-vcard' => 'vcf', + 'application/videolan' => 'vlc', + 'text/vtt' => 'vtt', + 'audio/x-wav' => 'wav', + 'audio/wave' => 'wav', + 'audio/wav' => 'wav', + 'application/wbxml' => 'wbxml', + 'video/webm' => 'webm', + 'image/webp' => 'webp', + 'audio/x-ms-wma' => 'wma', + 'application/wmlc' => 'wmlc', + 'video/x-ms-wmv' => 'wmv', + 'video/x-ms-asf' => 'wmv', + 'application/xhtml+xml' => 'xhtml', + 'application/excel' => 'xl', + 'application/msexcel' => 'xls', + 'application/x-msexcel' => 'xls', + 'application/x-ms-excel' => 'xls', + 'application/x-excel' => 'xls', + 'application/x-dos_ms_excel' => 'xls', + 'application/xls' => 'xls', + 'application/x-xls' => 'xls', + 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet' => 'xlsx', + 'application/vnd.ms-excel' => 'xlsx', + 'application/xml' => 'xml', + 'text/xml' => 'xml', + 'text/xsl' => 'xsl', + 'application/xspf+xml' => 'xspf', + 'application/x-compress' => 'z', + 'application/x-zip' => 'zip', + 'application/zip' => 'zip', + 'application/x-zip-compressed' => 'zip', + 'application/s-compressed' => 'zip', + 'multipart/x-zip' => 'zip', + 'text/x-scriptzsh' => 'zsh', + ]; + + return isset($mime_map[$mime]) ? $mime_map[$mime] : false; +} + +// --TODO not used +/* +function filenameNorm ($str = '') +{ + $str = strip_tags($str); + $str = preg_replace('/[\r\n\t ]+/', ' ', $str); + $str = preg_replace('/[\"\*\/\:\<\>\?\'\|]+/', ' ', $str); + $str = strtolower($str); + $str = html_entity_decode( $str, ENT_QUOTES, "utf-8" ); + $str = htmlentities($str, ENT_QUOTES, "utf-8"); + $str = preg_replace("/(&)([a-z])([a-z]+;)/i", '$2', $str); + $str = str_replace(' ', '-', $str); + $str = rawurlencode($str); + $str = str_replace('%', '-', $str); + return $str; } +*/ ?> \ No newline at end of file diff --git a/mayor-orig/mayor-base/www/policy/parent/session/download-pre.php b/mayor-orig/mayor-base/www/policy/parent/session/download-pre.php new file mode 120000 index 00000000..2b5f8422 --- /dev/null +++ b/mayor-orig/mayor-base/www/policy/parent/session/download-pre.php @@ -0,0 +1 @@ +../../private/session/download-pre.php \ No newline at end of file diff --git a/mayor-orig/mayor-base/www/policy/parent/session/download.php b/mayor-orig/mayor-base/www/policy/parent/session/download.php new file mode 120000 index 00000000..2cff0143 --- /dev/null +++ b/mayor-orig/mayor-base/www/policy/parent/session/download.php @@ -0,0 +1 @@ +../../private/session/download.php \ No newline at end of file diff --git a/mayor-orig/mayor-base/www/policy/private/session/download-pre.php b/mayor-orig/mayor-base/www/policy/private/session/download-pre.php index 6b396143..1fdd916f 100644 --- a/mayor-orig/mayor-base/www/policy/private/session/download-pre.php +++ b/mayor-orig/mayor-base/www/policy/private/session/download-pre.php @@ -26,7 +26,7 @@ // Jogosultságok ellenőzése dir alapján if (__DIAK===true) { - if (strstr($dir,'naplo/face/')===false) return false; + if (strstr($dir,'naplo/face/')===false && strstr($dir,'naplo/haladasi/hazifeladat')===false) return false; } // Titkarsag, Tanar, Naploadmin letoltheti, amit szeretne -- cgit v1.2.3