fix some quotation, both of which are not the same.

[nucleus-jp/nucleus-jp-ancient.git] / utf8 / nucleus / media.php

diff --git a/utf8/nucleus/media.php b/utf8/nucleus/media.php
index 29c33b4..95cf2e7 100755 (executable)
--- a/utf8/nucleus/media.php
+++ b/utf8/nucleus/media.php
@@ -1,7 +1,7 @@
 <?php
 /*
  * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
- * Copyright (C) 2002-2009 The Nucleus Group
+ * Copyright (C) 2002-2011 The Nucleus Group
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -20,7 +20,7 @@
  *     passed through to the add-item form (linkto, popupimg or inline img)
  *
  * @license http://nucleuscms.org/license.txt GNU General Public License
- * @copyright Copyright (C) 2002-2009 The Nucleus Group
+ * @copyright Copyright (C) 2002-2011 The Nucleus Group
  * @version $Id$
  * $NucleusJP: media.php,v 1.8.2.1 2007/09/07 07:36:44 kimitake Exp $
  *
@@ -34,8 +34,10 @@ $CONF = array();
 $CONF['MediaPerPage'] = 10;
 
 // include all classes and config data
-require('../config.php');
-include($DIR_LIBS . 'MEDIA.php');      // media classes
+$DIR_LIBS = '';
+require_once('../config.php');
+//include($DIR_LIBS . 'MEDIA.php');    // media classes
+include_libs('MEDIA.php',false,false);
 
 sendContentType('application/xhtml+xml', 'media');
 
@@ -48,7 +50,7 @@ if (!$member->isLoggedIn()) {
 // check if member is on at least one teamlist
 $query = 'SELECT * FROM ' . sql_table('team'). ' WHERE tmember=' . $member->getID();
 $teams = sql_query($query);
-if (sql_num_rows($teams) == 0)
+if (sql_num_rows($teams) == 0 && !$member->isAdmin())
        media_doError(_ERROR_DISALLOWEDUPLOAD);
 
 // get action
@@ -279,8 +281,15 @@ function media_choose() {
                <input name="collection" type="hidden" value="<?php echo htmlspecialchars(requestVar('collection'))?>" />
        <?php           } // if sizeof
        ?>
-         <br /><br />
-         <input type="submit" value="<?php echo _UPLOAD_BUTTON?>" />
+       <br /><br />
+       <?php
+       $manager->notify(
+               'MediaUploadFormExtras',
+               array()
+       );
+       ?>
+       <br /><br />
+       <input type="submit" value="<?php echo _UPLOAD_BUTTON?>" />
        </div>
        </form>
 
@@ -294,15 +303,20 @@ function media_choose() {
   */
 function media_upload() {
        global $DIR_MEDIA, $member, $CONF;
-
+       
        $uploadInfo = postFileInfo('uploadfile');
-
+       
        $filename = $uploadInfo['name'];
        $filetype = $uploadInfo['type'];
        $filesize = $uploadInfo['size'];
        $filetempname = $uploadInfo['tmp_name'];
        $fileerror = intval($uploadInfo['error']);
-
+       
+       // clean filename of characters that may cause trouble in a filename using cleanFileName() function from globalfunctions.php
+       $filename = cleanFileName($filename);
+       if ($filename === false) 
+               media_doError(_ERROR_BADFILETYPE);
+       
        switch ($fileerror)
        {
                case 0: // = UPLOAD_ERR_OK
@@ -319,20 +333,23 @@ function media_upload() {
                        // (see http://www.php.net/manual/en/features.file-upload.errors.php)
                        media_doError(_ERROR_BADREQUEST . ' (' . $fileerror . ')');
        }
-
+       
        if ($filesize > $CONF['MaxUploadSize'])
                media_doError(_ERROR_FILE_TOO_BIG);
-
+       
        // check file type against allowed types
        $ok = 0;
        $allowedtypes = explode (',', $CONF['AllowedTypes']);
        foreach ( $allowedtypes as $type )
-               if (eregi("\." .$type. "$",$filename)) $ok = 1;
+       {
+               //if (eregi("\." .$type. "$",$filename)) $ok = 1;
+               if (preg_match("#\." .$type. "$#i",$filename)) $ok = 1;
+       }
        if (!$ok) media_doError(_ERROR_BADFILETYPE);
-
+       
        if (!is_uploaded_file($filetempname))
                media_doError(_ERROR_BADREQUEST);
-
+       
        // prefix filename with current date (YYYY-MM-DD-)
        // this to avoid nameclashes
        if ($CONF['MediaPrefix'])
@@ -357,8 +374,8 @@ function media_loginAndPassThrough() {
                <div>
                        <input name="action" value="login" type="hidden" />
                        <input name="collection" value="<?php echo htmlspecialchars(requestVar('collection'))?>" type="hidden" />
-                       <?php echo _LOGINFORM_NAME?> <input name="login" />
-                       <br /><?php echo _LOGINFORM_PWD?> <input name="password" type="password" />
+                       <?php echo _LOGINFORM_NAME?>: <input name="login" />
+                       <br /><?php echo _LOGINFORM_PWD?>: <input name="password" type="password" />
                        <br /><input type="submit" value="<?php echo _LOGIN?>" />
                </div>
                </form>
@@ -372,7 +389,7 @@ function media_doError($msg) {
        ?>
        <h1><?php echo _ERROR?></h1>
        <p><?php echo $msg?></p>
-       <p><a href="media.php" onclick="history.back()"><?php echo _BACK?></a></p>
+       <p><a href="media.php" onclick="history.back(); return false;"><?php echo _BACK?></a></p>
        <?php   media_foot();
        exit;
 }