443 lines
12 KiB
PHP
443 lines
12 KiB
PHP
|
<?php
|
||
|
// ensure this file is being included by a parent file
|
||
|
if( !defined( '_JEXEC' ) && !defined( '_VALID_MOS' ) ) die( 'Restricted access' );
|
||
|
/**
|
||
|
* @version $Id: transfer.php 242 2015-08-19 06:29:26Z soeren $
|
||
|
* @package eXtplorer
|
||
|
* @copyright soeren 2007-2015
|
||
|
* @author The eXtplorer project (http://extplorer.net)
|
||
|
* @license
|
||
|
* The contents of this file are subject to the Mozilla Public License
|
||
|
* Version 1.1 (the "License"); you may not use this file except in
|
||
|
* compliance with the License. You may obtain a copy of the License at
|
||
|
* http://www.mozilla.org/MPL/
|
||
|
*
|
||
|
* Software distributed under the License is distributed on an "AS IS"
|
||
|
* basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
|
||
|
* License for the specific language governing rights and limitations
|
||
|
* under the License.
|
||
|
*
|
||
|
* Alternatively, the contents of this file may be used under the terms
|
||
|
* of the GNU General Public License Version 2 or later (the "GPL"), in
|
||
|
* which case the provisions of the GPL are applicable instead of
|
||
|
* those above. If you wish to allow use of your version of this file only
|
||
|
* under the terms of the GPL and not to allow others to use
|
||
|
* your version of this file under the MPL, indicate your decision by
|
||
|
* deleting the provisions above and replace them with the notice and
|
||
|
* other provisions required by the GPL. If you do not delete
|
||
|
* the provisions above, a recipient may use your version of this file
|
||
|
* under either the MPL or the GPL."
|
||
|
*
|
||
|
*/
|
||
|
/**
|
||
|
* Transfer file(s) from another server to this one
|
||
|
*
|
||
|
*/
|
||
|
|
||
|
class ext_Transfer extends ext_Action {
|
||
|
var $_downloadMethods;
|
||
|
|
||
|
function execAction( $dir, $item="" ) {
|
||
|
|
||
|
if(($GLOBALS["permissions"]&01)!=01) {
|
||
|
ext_Result::sendResult('upload', false, $GLOBALS["error_msg"]["accessfunc"]);
|
||
|
}
|
||
|
$this->_downloadMethods = array(
|
||
|
new CurlDownloader(),
|
||
|
new WgetDownloader(),
|
||
|
new FopenDownloader(),
|
||
|
new FsockopenDownloader()
|
||
|
);
|
||
|
//DEBUG ext_Result::sendResult('transfer', false, $dir );
|
||
|
// Execute
|
||
|
if(isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"]=="true") {
|
||
|
// CSRF Security Check
|
||
|
if( !ext_checkToken($GLOBALS['__POST']["token"]) ) {
|
||
|
ext_Result::sendResult('tokencheck', false, 'Request failed: Security Token not valid.');
|
||
|
}
|
||
|
$cnt=count($GLOBALS['__POST']['userfile']);
|
||
|
$err=false;
|
||
|
foreach($this->_downloadMethods as $method ) {
|
||
|
if( $method->isSupported()) {
|
||
|
$downloader =& $method;
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
// upload files & check for errors
|
||
|
for($i=0;$i<$cnt;$i++) {
|
||
|
if( empty($GLOBALS['__POST']['userfile'][$i])) continue;
|
||
|
$errors[$i]=NULL;
|
||
|
|
||
|
$data = array(
|
||
|
'url' => $GLOBALS['__POST']['userfile'][$i]
|
||
|
);
|
||
|
|
||
|
$validated = InputFilter::is_valid($data, array(
|
||
|
'url' => 'required|valid_url'
|
||
|
));
|
||
|
|
||
|
if($validated !== true) {
|
||
|
$errors[$i]=$GLOBALS['__POST']['userfile'][$i].' is not a valid URL!';
|
||
|
$err=true; continue;
|
||
|
}
|
||
|
$items[$i] = stripslashes(basename($GLOBALS['__POST']['userfile'][$i]));
|
||
|
|
||
|
$abs = get_abs_item($dir,$items[$i]);
|
||
|
|
||
|
if($items[$i]=="") continue;
|
||
|
if(@file_exists($abs) && empty( $_REQUEST['overwrite_files'])) {
|
||
|
$errors[$i]=$GLOBALS["error_msg"]["itemdoesexist"];
|
||
|
$err=true; continue;
|
||
|
}
|
||
|
// Upload
|
||
|
$ok = $downloader->download($GLOBALS['__POST']['userfile'][$i], $abs);
|
||
|
if($ok===true ) {
|
||
|
$mode = ext_isFTPMode() ? 644 : 0644;
|
||
|
@$GLOBALS['ext_File']->chmod( $abs, $mode );
|
||
|
}
|
||
|
else {
|
||
|
$errors[$i]=$ok;
|
||
|
$err=true; continue;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if($err) { // there were errors
|
||
|
$err_msg="";
|
||
|
for($i=0;$i<$cnt;$i++) {
|
||
|
if($errors[$i]==NULL) continue;
|
||
|
$err_msg .= $items[$i]." : ".$errors[$i]."\n";
|
||
|
}
|
||
|
ext_Result::sendResult('transfer', false, $err_msg);
|
||
|
}
|
||
|
|
||
|
ext_Result::sendResult('transfer', true, ext_Lang::msg('transfer_completed'));
|
||
|
return;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
/**
|
||
|
* Abstract DownloadMethod Class for implementing special types
|
||
|
* @abstract
|
||
|
*
|
||
|
*/
|
||
|
class DownloadMethod {
|
||
|
function download($url, $outputFile) {
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
function isSupported() {
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
function getName() {
|
||
|
return '';
|
||
|
}
|
||
|
}
|
||
|
|
||
|
class WgetDownloader extends DownloadMethod {
|
||
|
function download($url, $outputFile) {
|
||
|
$status = 0;
|
||
|
$output = array();
|
||
|
$wget = getBinaryPath('wget');
|
||
|
$url = escapeshellcmd( $url );
|
||
|
exec("$wget -O$outputFile $url ", $output, $status);
|
||
|
if ($status) {
|
||
|
$msg = 'exec returned an error status ';
|
||
|
$msg .= is_array($output) ? implode('<br>', $output) : '';
|
||
|
return $msg;
|
||
|
}
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
function isSupported() {
|
||
|
return isBinaryAvailable('wget');
|
||
|
}
|
||
|
|
||
|
function getName() {
|
||
|
return 'Download with Wget';
|
||
|
}
|
||
|
}
|
||
|
|
||
|
class FopenDownloader extends DownloadMethod {
|
||
|
function download($url, $outputFile) {
|
||
|
if (!is_writable( dirname( $outputFile ))) {
|
||
|
return 'Unable to write to current working directory';
|
||
|
}
|
||
|
$start =time();
|
||
|
|
||
|
@set_time_limit( 900 );
|
||
|
|
||
|
$fh = @fopen($url, 'rb');
|
||
|
if (empty($fh)) {
|
||
|
return 'Unable to open url';
|
||
|
}
|
||
|
$ofh = @fopen($outputFile, 'wb');
|
||
|
if (!$ofh) {
|
||
|
fclose($fh);
|
||
|
return 'Unable to open output file in writing mode';
|
||
|
}
|
||
|
|
||
|
$failed = $results = false;
|
||
|
while (!feof($fh) && !$failed) {
|
||
|
$buf = fread($fh, 4096);
|
||
|
if (!$buf) {
|
||
|
$results = 'Error during download';
|
||
|
$failed = true;
|
||
|
break;
|
||
|
}
|
||
|
if (fwrite($ofh, $buf) != strlen($buf)) {
|
||
|
$failed = true;
|
||
|
$results = 'Error during writing';
|
||
|
break;
|
||
|
}
|
||
|
if (time() - $start > 55) {
|
||
|
|
||
|
$start = time();
|
||
|
}
|
||
|
}
|
||
|
fclose($ofh);
|
||
|
fclose($fh);
|
||
|
if ($failed) {
|
||
|
return $results;
|
||
|
}
|
||
|
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
function isSupported() {
|
||
|
$actual = ini_get('allow_url_fopen');
|
||
|
if (in_array($actual, array(1, 'On', 'on')) && isPhpFunctionSupported('fopen')) {
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
function getName() {
|
||
|
return 'Download with PHP fopen()';
|
||
|
}
|
||
|
}
|
||
|
|
||
|
class FsockopenDownloader extends DownloadMethod {
|
||
|
function download($url, $outputFile, $maxRedirects=10) {
|
||
|
/* Code from WebHelper_simple.class */
|
||
|
|
||
|
if ($maxRedirects < 0) {
|
||
|
return "Error too many redirects. Last URL: $url";
|
||
|
}
|
||
|
|
||
|
$components = parse_url($url);
|
||
|
$port = empty($components['port']) ? 80 : $components['port'];
|
||
|
|
||
|
$errno = $errstr = null;
|
||
|
$fd = @fsockopen($components['host'], $port, $errno, $errstr, 2);
|
||
|
if (empty($fd)) {
|
||
|
return "Error $errno: '$errstr' retrieving $url";
|
||
|
}
|
||
|
|
||
|
$get = $components['path'];
|
||
|
if (!empty($components['query'])) {
|
||
|
$get .= '?' . $components['query'];
|
||
|
}
|
||
|
|
||
|
$start = time();
|
||
|
|
||
|
/* Read the web file into a buffer */
|
||
|
$ok = fwrite($fd, sprintf("GET %s HTTP/1.0\r\n" .
|
||
|
"Host: %s\r\n" .
|
||
|
"\r\n",
|
||
|
$get,
|
||
|
$components['host']));
|
||
|
if (!$ok) {
|
||
|
return 'Download request failed (fwrite)';
|
||
|
}
|
||
|
$ok = fflush($fd);
|
||
|
if (!$ok) {
|
||
|
return 'Download request failed (fflush)';
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Read the response code. fgets stops after newlines.
|
||
|
* The first line contains only the status code (200, 404, etc.).
|
||
|
*/
|
||
|
$headers = array();
|
||
|
$response = trim(fgets($fd, 4096));
|
||
|
|
||
|
/* Jump over the headers but follow redirects */
|
||
|
while (!feof($fd)) {
|
||
|
$line = trim(fgets($fd, 4096));
|
||
|
if (empty($line)) {
|
||
|
break;
|
||
|
}
|
||
|
|
||
|
/* Normalize the line endings */
|
||
|
$line = str_replace("\r", '', $line);
|
||
|
list ($key, $value) = explode(':', $line, 2);
|
||
|
if (trim($key) == 'Location') {
|
||
|
fclose($fd);
|
||
|
return $this->download(trim($value), $outputFile, --$maxRedirects);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
$success = false;
|
||
|
$ofd = fopen($outputFile, 'wb');
|
||
|
if ($ofd) {
|
||
|
/* Read the body */
|
||
|
$failed = false;
|
||
|
while (!feof($fd) && !$failed) {
|
||
|
$buf = fread($fd, 4096);
|
||
|
if (fwrite($ofd, $buf) != strlen($buf)) {
|
||
|
$failed = true;
|
||
|
break;
|
||
|
}
|
||
|
if (time() - $start > 55) {
|
||
|
set_time_limit(600);
|
||
|
$start = time();
|
||
|
}
|
||
|
}
|
||
|
fclose($ofd);
|
||
|
if (!$failed) {
|
||
|
$success = true;
|
||
|
}
|
||
|
} else {
|
||
|
return "Could not open $outputFile in write mode";
|
||
|
}
|
||
|
fclose($fd);
|
||
|
|
||
|
/* if the HTTP response code did not begin with a 2 this request was not successful */
|
||
|
if (!preg_match("/^HTTP\/\d+\.\d+\s2\d{2}/", $response)) {
|
||
|
return "Download failed with HTTP status: $response";
|
||
|
}
|
||
|
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
function isSupported() {
|
||
|
return isPhpFunctionSupported('fsockopen');
|
||
|
}
|
||
|
|
||
|
function getName() {
|
||
|
return 'Download with PHP fsockopen()';
|
||
|
}
|
||
|
}
|
||
|
|
||
|
class CurlDownloader extends DownloadMethod {
|
||
|
function download($url, $outputFile) {
|
||
|
$ch = curl_init();
|
||
|
$ofh = fopen($outputFile, 'wb');
|
||
|
if (!$ofh) {
|
||
|
fclose($ch);
|
||
|
return 'Unable to open output file in writing mode';
|
||
|
}
|
||
|
|
||
|
curl_setopt($ch, CURLOPT_URL, $url);
|
||
|
curl_setopt($ch, CURLOPT_FILE, $ofh);
|
||
|
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
|
||
|
curl_setopt($ch, CURLOPT_FAILONERROR, true);
|
||
|
curl_setopt($ch, CURLOPT_HEADER, false);
|
||
|
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
|
||
|
curl_setopt($ch, CURLOPT_MAXREDIRS, 10);
|
||
|
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
|
||
|
|
||
|
curl_exec($ch);
|
||
|
|
||
|
$errorString = curl_error($ch);
|
||
|
$errorNumber = curl_errno($ch);
|
||
|
curl_close($ch);
|
||
|
|
||
|
if ($errorNumber != 0) {
|
||
|
if (!empty($errorString)) {
|
||
|
return $errorString;
|
||
|
} else {
|
||
|
return 'CURL download failed';
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
function isSupported() {
|
||
|
foreach (array('curl_init', 'curl_setopt', 'curl_exec', 'curl_close', 'curl_error') as $functionName) {
|
||
|
if (!isPhpFunctionSupported($functionName)) {
|
||
|
return false;
|
||
|
}
|
||
|
}
|
||
|
if( ini_get('open_basedir') != '' || strtolower(ini_get('safe_mode')) == 'on') {
|
||
|
return false;
|
||
|
}
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
function getName() {
|
||
|
return 'Download with PHP cURL()';
|
||
|
}
|
||
|
}
|
||
|
function isPhpFunctionSupported($functionName) {
|
||
|
if (in_array($functionName, explode(',\s*', ini_get('disable_functions'))) || !function_exists($functionName)) {
|
||
|
return false;
|
||
|
} else {
|
||
|
return true;
|
||
|
}
|
||
|
}
|
||
|
/* Check if a specific command line tool is available */
|
||
|
function isBinaryAvailable($binaryName) {
|
||
|
$binaryPath = getBinaryPath($binaryName);
|
||
|
return !empty($binaryPath);
|
||
|
}
|
||
|
|
||
|
/* Return the path to a binary or false if it's not available */
|
||
|
function getBinaryPath($binaryName) {
|
||
|
if (!isPhpFunctionSupported('exec')) {
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
/* First try 'which' */
|
||
|
$ret = array();
|
||
|
exec('which ' . $binaryName, $ret);
|
||
|
if (strpos(join(' ',$ret), $binaryName) !== false && @is_executable(join('',$ret))) {
|
||
|
return $binaryName; // it's in the path
|
||
|
}
|
||
|
|
||
|
/* Try a bunch of likely seeming paths to see if any of them work. */
|
||
|
$paths = array();
|
||
|
if (!strncasecmp(PHP_OS, 'win', 3)) {
|
||
|
$separator = ';';
|
||
|
$slash = "\\";
|
||
|
$extension = '.exe';
|
||
|
$paths[] = "C:\\Program Files\\$binaryName\\";
|
||
|
$paths[] = "C:\\apps\$binaryName\\";
|
||
|
$paths[] = "C:\\$binaryName\\";
|
||
|
} else {
|
||
|
$separator = ':';
|
||
|
$slash = "/";
|
||
|
$extension = '';
|
||
|
$paths[] = '/usr/bin/';
|
||
|
$paths[] = '/usr/local/bin/';
|
||
|
$paths[] = '/bin/';
|
||
|
$paths[] = '/sw/bin/';
|
||
|
}
|
||
|
$paths[] = './';
|
||
|
|
||
|
foreach (explode($separator, getenv('PATH')) as $path) {
|
||
|
$path = trim($path);
|
||
|
if (empty($path)) {
|
||
|
continue;
|
||
|
}
|
||
|
if ($path{strlen($path)-1} != $slash) {
|
||
|
$path .= $slash;
|
||
|
}
|
||
|
$paths[] = $path;
|
||
|
}
|
||
|
|
||
|
/* Now try each path in turn to see which ones work */
|
||
|
foreach ($paths as $path) {
|
||
|
$execPath = $path . $binaryName . $extension;
|
||
|
if (@file_exists($execPath) && @is_executable($execPath)) {
|
||
|
/* We have a winner */
|
||
|
return $execPath;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return false;
|
||
|
}
|
||
|
?>
|