From f3a7bf913f3bb03c1601b105271daf77df4e3bbb Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 19 Jan 2014 14:08:21 -0800 Subject: add the jquery file uploader. Have been suggesting this as a replacement for the valum uploaders for quite some time - as there is client resize ability and no license incompatibilities. It still requires integration. --- library/jqupload/server/gae-go/app.yaml | 12 + library/jqupload/server/gae-go/app/main.go | 296 +++++ library/jqupload/server/gae-go/static/robots.txt | 2 + library/jqupload/server/gae-python/app.yaml | 16 + library/jqupload/server/gae-python/main.py | 170 +++ .../jqupload/server/gae-python/static/robots.txt | 2 + library/jqupload/server/node/.gitignore | 2 + library/jqupload/server/node/package.json | 41 + .../jqupload/server/node/public/files/.gitignore | 2 + library/jqupload/server/node/server.js | 292 +++++ library/jqupload/server/node/tmp/.gitignore | 0 library/jqupload/server/php/UploadHandler.php | 1329 ++++++++++++++++++++ library/jqupload/server/php/files/.gitignore | 3 + library/jqupload/server/php/files/.htaccess | 18 + library/jqupload/server/php/index.php | 15 + 15 files changed, 2200 insertions(+) create mode 100644 library/jqupload/server/gae-go/app.yaml create mode 100644 library/jqupload/server/gae-go/app/main.go create mode 100644 library/jqupload/server/gae-go/static/robots.txt create mode 100644 library/jqupload/server/gae-python/app.yaml create mode 100644 library/jqupload/server/gae-python/main.py create mode 100644 library/jqupload/server/gae-python/static/robots.txt create mode 100644 library/jqupload/server/node/.gitignore create mode 100644 library/jqupload/server/node/package.json create mode 100644 library/jqupload/server/node/public/files/.gitignore create mode 100755 library/jqupload/server/node/server.js create mode 100644 library/jqupload/server/node/tmp/.gitignore create mode 100644 library/jqupload/server/php/UploadHandler.php create mode 100644 library/jqupload/server/php/files/.gitignore create mode 100644 library/jqupload/server/php/files/.htaccess create mode 100644 library/jqupload/server/php/index.php (limited to 'library/jqupload/server') diff --git a/library/jqupload/server/gae-go/app.yaml b/library/jqupload/server/gae-go/app.yaml new file mode 100644 index 000000000..2d09daa56 --- /dev/null +++ b/library/jqupload/server/gae-go/app.yaml @@ -0,0 +1,12 @@ +application: jquery-file-upload +version: 2 +runtime: go +api_version: go1 + +handlers: +- url: /(favicon\.ico|robots\.txt) + static_files: static/\1 + upload: static/(.*) + expiration: '1d' +- url: /.* + script: _go_app diff --git a/library/jqupload/server/gae-go/app/main.go b/library/jqupload/server/gae-go/app/main.go new file mode 100644 index 000000000..f995f73a8 --- /dev/null +++ b/library/jqupload/server/gae-go/app/main.go @@ -0,0 +1,296 @@ +/* + * jQuery File Upload Plugin GAE Go Example 3.1.1 + * https://github.com/blueimp/jQuery-File-Upload + * + * Copyright 2011, Sebastian Tschan + * https://blueimp.net + * + * Licensed under the MIT license: + * http://www.opensource.org/licenses/MIT + */ + +package app + +import ( + "appengine" + "appengine/blobstore" + "appengine/image" + "appengine/taskqueue" + "bytes" + "encoding/json" + "fmt" + "io" + "log" + "mime/multipart" + "net/http" + "net/url" + "regexp" + "strings" + "time" +) + +const ( + WEBSITE = "http://blueimp.github.io/jQuery-File-Upload/" + MIN_FILE_SIZE = 1 // bytes + MAX_FILE_SIZE = 5000000 // bytes + IMAGE_TYPES = "image/(gif|p?jpeg|(x-)?png)" + ACCEPT_FILE_TYPES = IMAGE_TYPES + EXPIRATION_TIME = 300 // seconds + THUMBNAIL_PARAM = "=s80" +) + +var ( + imageTypes = regexp.MustCompile(IMAGE_TYPES) + acceptFileTypes = regexp.MustCompile(ACCEPT_FILE_TYPES) +) + +type FileInfo struct { + Key appengine.BlobKey `json:"-"` + Url string `json:"url,omitempty"` + ThumbnailUrl string `json:"thumbnailUrl,omitempty"` + Name string `json:"name"` + Type string `json:"type"` + Size int64 `json:"size"` + Error string `json:"error,omitempty"` + DeleteUrl string `json:"deleteUrl,omitempty"` + DeleteType string `json:"deleteType,omitempty"` +} + +func (fi *FileInfo) ValidateType() (valid bool) { + if acceptFileTypes.MatchString(fi.Type) { + return true + } + fi.Error = "Filetype not allowed" + return false +} + +func (fi *FileInfo) ValidateSize() (valid bool) { + if fi.Size < MIN_FILE_SIZE { + fi.Error = "File is too small" + } else if fi.Size > MAX_FILE_SIZE { + fi.Error = "File is too big" + } else { + return true + } + return false +} + +func (fi *FileInfo) CreateUrls(r *http.Request, c appengine.Context) { + u := &url.URL{ + Scheme: r.URL.Scheme, + Host: appengine.DefaultVersionHostname(c), + Path: "/", + } + uString := u.String() + fi.Url = uString + escape(string(fi.Key)) + "/" + + escape(string(fi.Name)) + fi.DeleteUrl = fi.Url + "?delete=true" + fi.DeleteType = "DELETE" + if imageTypes.MatchString(fi.Type) { + servingUrl, err := image.ServingURL( + c, + fi.Key, + &image.ServingURLOptions{ + Secure: strings.HasSuffix(u.Scheme, "s"), + Size: 0, + Crop: false, + }, + ) + check(err) + fi.ThumbnailUrl = servingUrl.String() + THUMBNAIL_PARAM + } +} + +func check(err error) { + if err != nil { + panic(err) + } +} + +func escape(s string) string { + return strings.Replace(url.QueryEscape(s), "+", "%20", -1) +} + +func delayedDelete(c appengine.Context, fi *FileInfo) { + if key := string(fi.Key); key != "" { + task := &taskqueue.Task{ + Path: "/" + escape(key) + "/-", + Method: "DELETE", + Delay: time.Duration(EXPIRATION_TIME) * time.Second, + } + taskqueue.Add(c, task, "") + } +} + +func handleUpload(r *http.Request, p *multipart.Part) (fi *FileInfo) { + fi = &FileInfo{ + Name: p.FileName(), + Type: p.Header.Get("Content-Type"), + } + if !fi.ValidateType() { + return + } + defer func() { + if rec := recover(); rec != nil { + log.Println(rec) + fi.Error = rec.(error).Error() + } + }() + lr := &io.LimitedReader{R: p, N: MAX_FILE_SIZE + 1} + context := appengine.NewContext(r) + w, err := blobstore.Create(context, fi.Type) + defer func() { + w.Close() + fi.Size = MAX_FILE_SIZE + 1 - lr.N + fi.Key, err = w.Key() + check(err) + if !fi.ValidateSize() { + err := blobstore.Delete(context, fi.Key) + check(err) + return + } + delayedDelete(context, fi) + fi.CreateUrls(r, context) + }() + check(err) + _, err = io.Copy(w, lr) + return +} + +func getFormValue(p *multipart.Part) string { + var b bytes.Buffer + io.CopyN(&b, p, int64(1<<20)) // Copy max: 1 MiB + return b.String() +} + +func handleUploads(r *http.Request) (fileInfos []*FileInfo) { + fileInfos = make([]*FileInfo, 0) + mr, err := r.MultipartReader() + check(err) + r.Form, err = url.ParseQuery(r.URL.RawQuery) + check(err) + part, err := mr.NextPart() + for err == nil { + if name := part.FormName(); name != "" { + if part.FileName() != "" { + fileInfos = append(fileInfos, handleUpload(r, part)) + } else { + r.Form[name] = append(r.Form[name], getFormValue(part)) + } + } + part, err = mr.NextPart() + } + return +} + +func get(w http.ResponseWriter, r *http.Request) { + if r.URL.Path == "/" { + http.Redirect(w, r, WEBSITE, http.StatusFound) + return + } + parts := strings.Split(r.URL.Path, "/") + if len(parts) == 3 { + if key := parts[1]; key != "" { + blobKey := appengine.BlobKey(key) + bi, err := blobstore.Stat(appengine.NewContext(r), blobKey) + if err == nil { + w.Header().Add("X-Content-Type-Options", "nosniff") + if !imageTypes.MatchString(bi.ContentType) { + w.Header().Add("Content-Type", "application/octet-stream") + w.Header().Add( + "Content-Disposition", + fmt.Sprintf("attachment; filename=\"%s\"", parts[2]), + ) + } + w.Header().Add( + "Cache-Control", + fmt.Sprintf("public,max-age=%d", EXPIRATION_TIME), + ) + blobstore.Send(w, blobKey) + return + } + } + } + http.Error(w, "404 Not Found", http.StatusNotFound) +} + +func post(w http.ResponseWriter, r *http.Request) { + result := make(map[string][]*FileInfo, 1) + result["files"] = handleUploads(r) + b, err := json.Marshal(result) + check(err) + if redirect := r.FormValue("redirect"); redirect != "" { + if strings.Contains(redirect, "%s") { + redirect = fmt.Sprintf( + redirect, + escape(string(b)), + ) + } + http.Redirect(w, r, redirect, http.StatusFound) + return + } + w.Header().Set("Cache-Control", "no-cache") + jsonType := "application/json" + if strings.Index(r.Header.Get("Accept"), jsonType) != -1 { + w.Header().Set("Content-Type", jsonType) + } + fmt.Fprintln(w, string(b)) +} + +func delete(w http.ResponseWriter, r *http.Request) { + parts := strings.Split(r.URL.Path, "/") + if len(parts) != 3 { + return + } + result := make(map[string]bool, 1) + if key := parts[1]; key != "" { + c := appengine.NewContext(r) + blobKey := appengine.BlobKey(key) + err := blobstore.Delete(c, blobKey) + check(err) + err = image.DeleteServingURL(c, blobKey) + check(err) + result[key] = true + } + jsonType := "application/json" + if strings.Index(r.Header.Get("Accept"), jsonType) != -1 { + w.Header().Set("Content-Type", jsonType) + } + b, err := json.Marshal(result) + check(err) + fmt.Fprintln(w, string(b)) +} + +func handle(w http.ResponseWriter, r *http.Request) { + params, err := url.ParseQuery(r.URL.RawQuery) + check(err) + w.Header().Add("Access-Control-Allow-Origin", "*") + w.Header().Add( + "Access-Control-Allow-Methods", + "OPTIONS, HEAD, GET, POST, PUT, DELETE", + ) + w.Header().Add( + "Access-Control-Allow-Headers", + "Content-Type, Content-Range, Content-Disposition", + ) + switch r.Method { + case "OPTIONS": + case "HEAD": + case "GET": + get(w, r) + case "POST": + if len(params["_method"]) > 0 && params["_method"][0] == "DELETE" { + delete(w, r) + } else { + post(w, r) + } + case "DELETE": + delete(w, r) + default: + http.Error(w, "501 Not Implemented", http.StatusNotImplemented) + } +} + +func init() { + http.HandleFunc("/", handle) +} diff --git a/library/jqupload/server/gae-go/static/robots.txt b/library/jqupload/server/gae-go/static/robots.txt new file mode 100644 index 000000000..eb0536286 --- /dev/null +++ b/library/jqupload/server/gae-go/static/robots.txt @@ -0,0 +1,2 @@ +User-agent: * +Disallow: diff --git a/library/jqupload/server/gae-python/app.yaml b/library/jqupload/server/gae-python/app.yaml new file mode 100644 index 000000000..5fe123f59 --- /dev/null +++ b/library/jqupload/server/gae-python/app.yaml @@ -0,0 +1,16 @@ +application: jquery-file-upload +version: 1 +runtime: python27 +api_version: 1 +threadsafe: true + +builtins: +- deferred: on + +handlers: +- url: /(favicon\.ico|robots\.txt) + static_files: static/\1 + upload: static/(.*) + expiration: '1d' +- url: /.* + script: main.app diff --git a/library/jqupload/server/gae-python/main.py b/library/jqupload/server/gae-python/main.py new file mode 100644 index 000000000..37aa44e38 --- /dev/null +++ b/library/jqupload/server/gae-python/main.py @@ -0,0 +1,170 @@ +# -*- coding: utf-8 -*- +# +# jQuery File Upload Plugin GAE Python Example 2.1.1 +# https://github.com/blueimp/jQuery-File-Upload +# +# Copyright 2011, Sebastian Tschan +# https://blueimp.net +# +# Licensed under the MIT license: +# http://www.opensource.org/licenses/MIT +# + +from __future__ import with_statement +from google.appengine.api import files, images +from google.appengine.ext import blobstore, deferred +from google.appengine.ext.webapp import blobstore_handlers +import json +import re +import urllib +import webapp2 + +WEBSITE = 'http://blueimp.github.io/jQuery-File-Upload/' +MIN_FILE_SIZE = 1 # bytes +MAX_FILE_SIZE = 5000000 # bytes +IMAGE_TYPES = re.compile('image/(gif|p?jpeg|(x-)?png)') +ACCEPT_FILE_TYPES = IMAGE_TYPES +THUMBNAIL_MODIFICATOR = '=s80' # max width / height +EXPIRATION_TIME = 300 # seconds + + +def cleanup(blob_keys): + blobstore.delete(blob_keys) + + +class UploadHandler(webapp2.RequestHandler): + + def initialize(self, request, response): + super(UploadHandler, self).initialize(request, response) + self.response.headers['Access-Control-Allow-Origin'] = '*' + self.response.headers[ + 'Access-Control-Allow-Methods' + ] = 'OPTIONS, HEAD, GET, POST, PUT, DELETE' + self.response.headers[ + 'Access-Control-Allow-Headers' + ] = 'Content-Type, Content-Range, Content-Disposition' + + def validate(self, file): + if file['size'] < MIN_FILE_SIZE: + file['error'] = 'File is too small' + elif file['size'] > MAX_FILE_SIZE: + file['error'] = 'File is too big' + elif not ACCEPT_FILE_TYPES.match(file['type']): + file['error'] = 'Filetype not allowed' + else: + return True + return False + + def get_file_size(self, file): + file.seek(0, 2) # Seek to the end of the file + size = file.tell() # Get the position of EOF + file.seek(0) # Reset the file position to the beginning + return size + + def write_blob(self, data, info): + blob = files.blobstore.create( + mime_type=info['type'], + _blobinfo_uploaded_filename=info['name'] + ) + with files.open(blob, 'a') as f: + f.write(data) + files.finalize(blob) + return files.blobstore.get_blob_key(blob) + + def handle_upload(self): + results = [] + blob_keys = [] + for name, fieldStorage in self.request.POST.items(): + if type(fieldStorage) is unicode: + continue + result = {} + result['name'] = re.sub( + r'^.*\\', + '', + fieldStorage.filename + ) + result['type'] = fieldStorage.type + result['size'] = self.get_file_size(fieldStorage.file) + if self.validate(result): + blob_key = str( + self.write_blob(fieldStorage.value, result) + ) + blob_keys.append(blob_key) + result['deleteType'] = 'DELETE' + result['deleteUrl'] = self.request.host_url +\ + '/?key=' + urllib.quote(blob_key, '') + if (IMAGE_TYPES.match(result['type'])): + try: + result['url'] = images.get_serving_url( + blob_key, + secure_url=self.request.host_url.startswith( + 'https' + ) + ) + result['thumbnailUrl'] = result['url'] +\ + THUMBNAIL_MODIFICATOR + except: # Could not get an image serving url + pass + if not 'url' in result: + result['url'] = self.request.host_url +\ + '/' + blob_key + '/' + urllib.quote( + result['name'].encode('utf-8'), '') + results.append(result) + deferred.defer( + cleanup, + blob_keys, + _countdown=EXPIRATION_TIME + ) + return results + + def options(self): + pass + + def head(self): + pass + + def get(self): + self.redirect(WEBSITE) + + def post(self): + if (self.request.get('_method') == 'DELETE'): + return self.delete() + result = {'files': self.handle_upload()} + s = json.dumps(result, separators=(',', ':')) + redirect = self.request.get('redirect') + if redirect: + return self.redirect(str( + redirect.replace('%s', urllib.quote(s, ''), 1) + )) + if 'application/json' in self.request.headers.get('Accept'): + self.response.headers['Content-Type'] = 'application/json' + self.response.write(s) + + def delete(self): + key = self.request.get('key') or '' + blobstore.delete(key) + s = json.dumps({key: True}, separators=(',', ':')) + if 'application/json' in self.request.headers.get('Accept'): + self.response.headers['Content-Type'] = 'application/json' + self.response.write(s) + + +class DownloadHandler(blobstore_handlers.BlobstoreDownloadHandler): + def get(self, key, filename): + if not blobstore.get(key): + self.error(404) + else: + # Prevent browsers from MIME-sniffing the content-type: + self.response.headers['X-Content-Type-Options'] = 'nosniff' + # Cache for the expiration time: + self.response.headers['Cache-Control'] = 'public,max-age=%d' % EXPIRATION_TIME + # Send the file forcing a download dialog: + self.send_blob(key, save_as=filename, content_type='application/octet-stream') + +app = webapp2.WSGIApplication( + [ + ('/', UploadHandler), + ('/([^/]+)/([^/]+)', DownloadHandler) + ], + debug=True +) diff --git a/library/jqupload/server/gae-python/static/robots.txt b/library/jqupload/server/gae-python/static/robots.txt new file mode 100644 index 000000000..eb0536286 --- /dev/null +++ b/library/jqupload/server/gae-python/static/robots.txt @@ -0,0 +1,2 @@ +User-agent: * +Disallow: diff --git a/library/jqupload/server/node/.gitignore b/library/jqupload/server/node/.gitignore new file mode 100644 index 000000000..9daa8247d --- /dev/null +++ b/library/jqupload/server/node/.gitignore @@ -0,0 +1,2 @@ +.DS_Store +node_modules diff --git a/library/jqupload/server/node/package.json b/library/jqupload/server/node/package.json new file mode 100644 index 000000000..dd38c50ca --- /dev/null +++ b/library/jqupload/server/node/package.json @@ -0,0 +1,41 @@ +{ + "name": "blueimp-file-upload-node", + "version": "2.1.0", + "title": "jQuery File Upload Node.js example", + "description": "Node.js implementation example of a file upload handler for jQuery File Upload.", + "keywords": [ + "file", + "upload", + "cross-domain", + "cross-site", + "node" + ], + "homepage": "https://github.com/blueimp/jQuery-File-Upload", + "author": { + "name": "Sebastian Tschan", + "url": "https://blueimp.net" + }, + "maintainers": [ + { + "name": "Sebastian Tschan", + "url": "https://blueimp.net" + } + ], + "repository": { + "type": "git", + "url": "git://github.com/blueimp/jQuery-File-Upload.git" + }, + "bugs": "https://github.com/blueimp/jQuery-File-Upload/issues", + "licenses": [ + { + "type": "MIT", + "url": "http://www.opensource.org/licenses/MIT" + } + ], + "dependencies": { + "formidable": ">=1.0.11", + "node-static": ">=0.6.5", + "imagemagick": ">=0.1.3" + }, + "main": "server.js" +} diff --git a/library/jqupload/server/node/public/files/.gitignore b/library/jqupload/server/node/public/files/.gitignore new file mode 100644 index 000000000..d6b7ef32c --- /dev/null +++ b/library/jqupload/server/node/public/files/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/library/jqupload/server/node/server.js b/library/jqupload/server/node/server.js new file mode 100755 index 000000000..5eb07a6ed --- /dev/null +++ b/library/jqupload/server/node/server.js @@ -0,0 +1,292 @@ +#!/usr/bin/env node +/* + * jQuery File Upload Plugin Node.js Example 2.1.1 + * https://github.com/blueimp/jQuery-File-Upload + * + * Copyright 2012, Sebastian Tschan + * https://blueimp.net + * + * Licensed under the MIT license: + * http://www.opensource.org/licenses/MIT + */ + +/* jshint nomen:false */ +/* global require, __dirname, unescape, console */ + +(function (port) { + 'use strict'; + var path = require('path'), + fs = require('fs'), + // Since Node 0.8, .existsSync() moved from path to fs: + _existsSync = fs.existsSync || path.existsSync, + formidable = require('formidable'), + nodeStatic = require('node-static'), + imageMagick = require('imagemagick'), + options = { + tmpDir: __dirname + '/tmp', + publicDir: __dirname + '/public', + uploadDir: __dirname + '/public/files', + uploadUrl: '/files/', + maxPostSize: 11000000000, // 11 GB + minFileSize: 1, + maxFileSize: 10000000000, // 10 GB + acceptFileTypes: /.+/i, + // Files not matched by this regular expression force a download dialog, + // to prevent executing any scripts in the context of the service domain: + inlineFileTypes: /\.(gif|jpe?g|png)$/i, + imageTypes: /\.(gif|jpe?g|png)$/i, + imageVersions: { + 'thumbnail': { + width: 80, + height: 80 + } + }, + accessControl: { + allowOrigin: '*', + allowMethods: 'OPTIONS, HEAD, GET, POST, PUT, DELETE', + allowHeaders: 'Content-Type, Content-Range, Content-Disposition' + }, + /* Uncomment and edit this section to provide the service via HTTPS: + ssl: { + key: fs.readFileSync('/Applications/XAMPP/etc/ssl.key/server.key'), + cert: fs.readFileSync('/Applications/XAMPP/etc/ssl.crt/server.crt') + }, + */ + nodeStatic: { + cache: 3600 // seconds to cache served files + } + }, + utf8encode = function (str) { + return unescape(encodeURIComponent(str)); + }, + fileServer = new nodeStatic.Server(options.publicDir, options.nodeStatic), + nameCountRegexp = /(?:(?: \(([\d]+)\))?(\.[^.]+))?$/, + nameCountFunc = function (s, index, ext) { + return ' (' + ((parseInt(index, 10) || 0) + 1) + ')' + (ext || ''); + }, + FileInfo = function (file) { + this.name = file.name; + this.size = file.size; + this.type = file.type; + this.deleteType = 'DELETE'; + }, + UploadHandler = function (req, res, callback) { + this.req = req; + this.res = res; + this.callback = callback; + }, + serve = function (req, res) { + res.setHeader( + 'Access-Control-Allow-Origin', + options.accessControl.allowOrigin + ); + res.setHeader( + 'Access-Control-Allow-Methods', + options.accessControl.allowMethods + ); + res.setHeader( + 'Access-Control-Allow-Headers', + options.accessControl.allowHeaders + ); + var handleResult = function (result, redirect) { + if (redirect) { + res.writeHead(302, { + 'Location': redirect.replace( + /%s/, + encodeURIComponent(JSON.stringify(result)) + ) + }); + res.end(); + } else { + res.writeHead(200, { + 'Content-Type': req.headers.accept + .indexOf('application/json') !== -1 ? + 'application/json' : 'text/plain' + }); + res.end(JSON.stringify(result)); + } + }, + setNoCacheHeaders = function () { + res.setHeader('Pragma', 'no-cache'); + res.setHeader('Cache-Control', 'no-store, no-cache, must-revalidate'); + res.setHeader('Content-Disposition', 'inline; filename="files.json"'); + }, + handler = new UploadHandler(req, res, handleResult); + switch (req.method) { + case 'OPTIONS': + res.end(); + break; + case 'HEAD': + case 'GET': + if (req.url === '/') { + setNoCacheHeaders(); + if (req.method === 'GET') { + handler.get(); + } else { + res.end(); + } + } else { + fileServer.serve(req, res); + } + break; + case 'POST': + setNoCacheHeaders(); + handler.post(); + break; + case 'DELETE': + handler.destroy(); + break; + default: + res.statusCode = 405; + res.end(); + } + }; + fileServer.respond = function (pathname, status, _headers, files, stat, req, res, finish) { + // Prevent browsers from MIME-sniffing the content-type: + _headers['X-Content-Type-Options'] = 'nosniff'; + if (!options.inlineFileTypes.test(files[0])) { + // Force a download dialog for unsafe file extensions: + _headers['Content-Type'] = 'application/octet-stream'; + _headers['Content-Disposition'] = 'attachment; filename="' + + utf8encode(path.basename(files[0])) + '"'; + } + nodeStatic.Server.prototype.respond + .call(this, pathname, status, _headers, files, stat, req, res, finish); + }; + FileInfo.prototype.validate = function () { + if (options.minFileSize && options.minFileSize > this.size) { + this.error = 'File is too small'; + } else if (options.maxFileSize && options.maxFileSize < this.size) { + this.error = 'File is too big'; + } else if (!options.acceptFileTypes.test(this.name)) { + this.error = 'Filetype not allowed'; + } + return !this.error; + }; + FileInfo.prototype.safeName = function () { + // Prevent directory traversal and creating hidden system files: + this.name = path.basename(this.name).replace(/^\.+/, ''); + // Prevent overwriting existing files: + while (_existsSync(options.uploadDir + '/' + this.name)) { + this.name = this.name.replace(nameCountRegexp, nameCountFunc); + } + }; + FileInfo.prototype.initUrls = function (req) { + if (!this.error) { + var that = this, + baseUrl = (options.ssl ? 'https:' : 'http:') + + '//' + req.headers.host + options.uploadUrl; + this.url = this.deleteUrl = baseUrl + encodeURIComponent(this.name); + Object.keys(options.imageVersions).forEach(function (version) { + if (_existsSync( + options.uploadDir + '/' + version + '/' + that.name + )) { + that[version + 'Url'] = baseUrl + version + '/' + + encodeURIComponent(that.name); + } + }); + } + }; + UploadHandler.prototype.get = function () { + var handler = this, + files = []; + fs.readdir(options.uploadDir, function (err, list) { + list.forEach(function (name) { + var stats = fs.statSync(options.uploadDir + '/' + name), + fileInfo; + if (stats.isFile() && name[0] !== '.') { + fileInfo = new FileInfo({ + name: name, + size: stats.size + }); + fileInfo.initUrls(handler.req); + files.push(fileInfo); + } + }); + handler.callback({files: files}); + }); + }; + UploadHandler.prototype.post = function () { + var handler = this, + form = new formidable.IncomingForm(), + tmpFiles = [], + files = [], + map = {}, + counter = 1, + redirect, + finish = function () { + counter -= 1; + if (!counter) { + files.forEach(function (fileInfo) { + fileInfo.initUrls(handler.req); + }); + handler.callback({files: files}, redirect); + } + }; + form.uploadDir = options.tmpDir; + form.on('fileBegin', function (name, file) { + tmpFiles.push(file.path); + var fileInfo = new FileInfo(file, handler.req, true); + fileInfo.safeName(); + map[path.basename(file.path)] = fileInfo; + files.push(fileInfo); + }).on('field', function (name, value) { + if (name === 'redirect') { + redirect = value; + } + }).on('file', function (name, file) { + var fileInfo = map[path.basename(file.path)]; + fileInfo.size = file.size; + if (!fileInfo.validate()) { + fs.unlink(file.path); + return; + } + fs.renameSync(file.path, options.uploadDir + '/' + fileInfo.name); + if (options.imageTypes.test(fileInfo.name)) { + Object.keys(options.imageVersions).forEach(function (version) { + counter += 1; + var opts = options.imageVersions[version]; + imageMagick.resize({ + width: opts.width, + height: opts.height, + srcPath: options.uploadDir + '/' + fileInfo.name, + dstPath: options.uploadDir + '/' + version + '/' + + fileInfo.name + }, finish); + }); + } + }).on('aborted', function () { + tmpFiles.forEach(function (file) { + fs.unlink(file); + }); + }).on('error', function (e) { + console.log(e); + }).on('progress', function (bytesReceived) { + if (bytesReceived > options.maxPostSize) { + handler.req.connection.destroy(); + } + }).on('end', finish).parse(handler.req); + }; + UploadHandler.prototype.destroy = function () { + var handler = this, + fileName; + if (handler.req.url.slice(0, options.uploadUrl.length) === options.uploadUrl) { + fileName = path.basename(decodeURIComponent(handler.req.url)); + if (fileName[0] !== '.') { + fs.unlink(options.uploadDir + '/' + fileName, function (ex) { + Object.keys(options.imageVersions).forEach(function (version) { + fs.unlink(options.uploadDir + '/' + version + '/' + fileName); + }); + handler.callback({success: !ex}); + }); + return; + } + } + handler.callback({success: false}); + }; + if (options.ssl) { + require('https').createServer(options.ssl, serve).listen(port); + } else { + require('http').createServer(serve).listen(port); + } +}(8888)); diff --git a/library/jqupload/server/node/tmp/.gitignore b/library/jqupload/server/node/tmp/.gitignore new file mode 100644 index 000000000..e69de29bb diff --git a/library/jqupload/server/php/UploadHandler.php b/library/jqupload/server/php/UploadHandler.php new file mode 100644 index 000000000..66545b12a --- /dev/null +++ b/library/jqupload/server/php/UploadHandler.php @@ -0,0 +1,1329 @@ + 'The uploaded file exceeds the upload_max_filesize directive in php.ini', + 2 => 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form', + 3 => 'The uploaded file was only partially uploaded', + 4 => 'No file was uploaded', + 6 => 'Missing a temporary folder', + 7 => 'Failed to write file to disk', + 8 => 'A PHP extension stopped the file upload', + 'post_max_size' => 'The uploaded file exceeds the post_max_size directive in php.ini', + 'max_file_size' => 'File is too big', + 'min_file_size' => 'File is too small', + 'accept_file_types' => 'Filetype not allowed', + 'max_number_of_files' => 'Maximum number of files exceeded', + 'max_width' => 'Image exceeds maximum width', + 'min_width' => 'Image requires a minimum width', + 'max_height' => 'Image exceeds maximum height', + 'min_height' => 'Image requires a minimum height', + 'abort' => 'File upload aborted', + 'image_resize' => 'Failed to resize image' + ); + + protected $image_objects = array(); + + function __construct($options = null, $initialize = true, $error_messages = null) { + $this->options = array( + 'script_url' => $this->get_full_url().'/', + 'upload_dir' => dirname($this->get_server_var('SCRIPT_FILENAME')).'/files/', + 'upload_url' => $this->get_full_url().'/files/', + 'user_dirs' => false, + 'mkdir_mode' => 0755, + 'param_name' => 'files', + // Set the following option to 'POST', if your server does not support + // DELETE requests. This is a parameter sent to the client: + 'delete_type' => 'DELETE', + 'access_control_allow_origin' => '*', + 'access_control_allow_credentials' => false, + 'access_control_allow_methods' => array( + 'OPTIONS', + 'HEAD', + 'GET', + 'POST', + 'PUT', + 'PATCH', + 'DELETE' + ), + 'access_control_allow_headers' => array( + 'Content-Type', + 'Content-Range', + 'Content-Disposition' + ), + // Enable to provide file downloads via GET requests to the PHP script: + // 1. Set to 1 to download files via readfile method through PHP + // 2. Set to 2 to send a X-Sendfile header for lighttpd/Apache + // 3. Set to 3 to send a X-Accel-Redirect header for nginx + // If set to 2 or 3, adjust the upload_url option to the base path of + // the redirect parameter, e.g. '/files/'. + 'download_via_php' => false, + // Read files in chunks to avoid memory limits when download_via_php + // is enabled, set to 0 to disable chunked reading of files: + 'readfile_chunk_size' => 10 * 1024 * 1024, // 10 MiB + // Defines which files can be displayed inline when downloaded: + 'inline_file_types' => '/\.(gif|jpe?g|png)$/i', + // Defines which files (based on their names) are accepted for upload: + 'accept_file_types' => '/.+$/i', + // The php.ini settings upload_max_filesize and post_max_size + // take precedence over the following max_file_size setting: + 'max_file_size' => null, + 'min_file_size' => 1, + // The maximum number of files for the upload directory: + 'max_number_of_files' => null, + // Defines which files are handled as image files: + 'image_file_types' => '/\.(gif|jpe?g|png)$/i', + // Image resolution restrictions: + 'max_width' => null, + 'max_height' => null, + 'min_width' => 1, + 'min_height' => 1, + // Set the following option to false to enable resumable uploads: + 'discard_aborted_uploads' => true, + // Set to 0 to use the GD library to scale and orient images, + // set to 1 to use imagick (if installed, falls back to GD), + // set to 2 to use the ImageMagick convert binary directly: + 'image_library' => 1, + // Uncomment the following to define an array of resource limits + // for imagick: + /* + 'imagick_resource_limits' => array( + imagick::RESOURCETYPE_MAP => 32, + imagick::RESOURCETYPE_MEMORY => 32 + ), + */ + // Command or path for to the ImageMagick convert binary: + 'convert_bin' => 'convert', + // Uncomment the following to add parameters in front of each + // ImageMagick convert call (the limit constraints seem only + // to have an effect if put in front): + /* + 'convert_params' => '-limit memory 32MiB -limit map 32MiB', + */ + // Command or path for to the ImageMagick identify binary: + 'identify_bin' => 'identify', + 'image_versions' => array( + // The empty image version key defines options for the original image: + '' => array( + // Automatically rotate images based on EXIF meta data: + 'auto_orient' => true + ), + // Uncomment the following to create medium sized images: + /* + 'medium' => array( + 'max_width' => 800, + 'max_height' => 600 + ), + */ + 'thumbnail' => array( + // Uncomment the following to use a defined directory for the thumbnails + // instead of a subdirectory based on the version identifier. + // Make sure that this directory doesn't allow execution of files if you + // don't pose any restrictions on the type of uploaded files, e.g. by + // copying the .htaccess file from the files directory for Apache: + //'upload_dir' => dirname($this->get_server_var('SCRIPT_FILENAME')).'/thumb/', + //'upload_url' => $this->get_full_url().'/thumb/', + // Uncomment the following to force the max + // dimensions and e.g. create square thumbnails: + //'crop' => true, + 'max_width' => 80, + 'max_height' => 80 + ) + ) + ); + if ($options) { + $this->options = $options + $this->options; + } + if ($error_messages) { + $this->error_messages = $error_messages + $this->error_messages; + } + if ($initialize) { + $this->initialize(); + } + } + + protected function initialize() { + switch ($this->get_server_var('REQUEST_METHOD')) { + case 'OPTIONS': + case 'HEAD': + $this->head(); + break; + case 'GET': + $this->get(); + break; + case 'PATCH': + case 'PUT': + case 'POST': + $this->post(); + break; + case 'DELETE': + $this->delete(); + break; + default: + $this->header('HTTP/1.1 405 Method Not Allowed'); + } + } + + protected function get_full_url() { + $https = !empty($_SERVER['HTTPS']) && strcasecmp($_SERVER['HTTPS'], 'on') === 0; + return + ($https ? 'https://' : 'http://'). + (!empty($_SERVER['REMOTE_USER']) ? $_SERVER['REMOTE_USER'].'@' : ''). + (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : ($_SERVER['SERVER_NAME']. + ($https && $_SERVER['SERVER_PORT'] === 443 || + $_SERVER['SERVER_PORT'] === 80 ? '' : ':'.$_SERVER['SERVER_PORT']))). + substr($_SERVER['SCRIPT_NAME'],0, strrpos($_SERVER['SCRIPT_NAME'], '/')); + } + + protected function get_user_id() { + @session_start(); + return session_id(); + } + + protected function get_user_path() { + if ($this->options['user_dirs']) { + return $this->get_user_id().'/'; + } + return ''; + } + + protected function get_upload_path($file_name = null, $version = null) { + $file_name = $file_name ? $file_name : ''; + if (empty($version)) { + $version_path = ''; + } else { + $version_dir = @$this->options['image_versions'][$version]['upload_dir']; + if ($version_dir) { + return $version_dir.$this->get_user_path().$file_name; + } + $version_path = $version.'/'; + } + return $this->options['upload_dir'].$this->get_user_path() + .$version_path.$file_name; + } + + protected function get_query_separator($url) { + return strpos($url, '?') === false ? '?' : '&'; + } + + protected function get_download_url($file_name, $version = null, $direct = false) { + if (!$direct && $this->options['download_via_php']) { + $url = $this->options['script_url'] + .$this->get_query_separator($this->options['script_url']) + .$this->get_singular_param_name() + .'='.rawurlencode($file_name); + if ($version) { + $url .= '&version='.rawurlencode($version); + } + return $url.'&download=1'; + } + if (empty($version)) { + $version_path = ''; + } else { + $version_url = @$this->options['image_versions'][$version]['upload_url']; + if ($version_url) { + return $version_url.$this->get_user_path().rawurlencode($file_name); + } + $version_path = rawurlencode($version).'/'; + } + return $this->options['upload_url'].$this->get_user_path() + .$version_path.rawurlencode($file_name); + } + + protected function set_additional_file_properties($file) { + $file->deleteUrl = $this->options['script_url'] + .$this->get_query_separator($this->options['script_url']) + .$this->get_singular_param_name() + .'='.rawurlencode($file->name); + $file->deleteType = $this->options['delete_type']; + if ($file->deleteType !== 'DELETE') { + $file->deleteUrl .= '&_method=DELETE'; + } + if ($this->options['access_control_allow_credentials']) { + $file->deleteWithCredentials = true; + } + } + + // Fix for overflowing signed 32 bit integers, + // works for sizes up to 2^32-1 bytes (4 GiB - 1): + protected function fix_integer_overflow($size) { + if ($size < 0) { + $size += 2.0 * (PHP_INT_MAX + 1); + } + return $size; + } + + protected function get_file_size($file_path, $clear_stat_cache = false) { + if ($clear_stat_cache) { + if (version_compare(PHP_VERSION, '5.3.0') >= 0) { + clearstatcache(true, $file_path); + } else { + clearstatcache(); + } + } + return $this->fix_integer_overflow(filesize($file_path)); + } + + protected function is_valid_file_object($file_name) { + $file_path = $this->get_upload_path($file_name); + if (is_file($file_path) && $file_name[0] !== '.') { + return true; + } + return false; + } + + protected function get_file_object($file_name) { + if ($this->is_valid_file_object($file_name)) { + $file = new stdClass(); + $file->name = $file_name; + $file->size = $this->get_file_size( + $this->get_upload_path($file_name) + ); + $file->url = $this->get_download_url($file->name); + foreach($this->options['image_versions'] as $version => $options) { + if (!empty($version)) { + if (is_file($this->get_upload_path($file_name, $version))) { + $file->{$version.'Url'} = $this->get_download_url( + $file->name, + $version + ); + } + } + } + $this->set_additional_file_properties($file); + return $file; + } + return null; + } + + protected function get_file_objects($iteration_method = 'get_file_object') { + $upload_dir = $this->get_upload_path(); + if (!is_dir($upload_dir)) { + return array(); + } + return array_values(array_filter(array_map( + array($this, $iteration_method), + scandir($upload_dir) + ))); + } + + protected function count_file_objects() { + return count($this->get_file_objects('is_valid_file_object')); + } + + protected function get_error_message($error) { + return array_key_exists($error, $this->error_messages) ? + $this->error_messages[$error] : $error; + } + + function get_config_bytes($val) { + $val = trim($val); + $last = strtolower($val[strlen($val)-1]); + switch($last) { + case 'g': + $val *= 1024; + case 'm': + $val *= 1024; + case 'k': + $val *= 1024; + } + return $this->fix_integer_overflow($val); + } + + protected function validate($uploaded_file, $file, $error, $index) { + if ($error) { + $file->error = $this->get_error_message($error); + return false; + } + $content_length = $this->fix_integer_overflow(intval( + $this->get_server_var('CONTENT_LENGTH') + )); + $post_max_size = $this->get_config_bytes(ini_get('post_max_size')); + if ($post_max_size && ($content_length > $post_max_size)) { + $file->error = $this->get_error_message('post_max_size'); + return false; + } + if (!preg_match($this->options['accept_file_types'], $file->name)) { + $file->error = $this->get_error_message('accept_file_types'); + return false; + } + if ($uploaded_file && is_uploaded_file($uploaded_file)) { + $file_size = $this->get_file_size($uploaded_file); + } else { + $file_size = $content_length; + } + if ($this->options['max_file_size'] && ( + $file_size > $this->options['max_file_size'] || + $file->size > $this->options['max_file_size']) + ) { + $file->error = $this->get_error_message('max_file_size'); + return false; + } + if ($this->options['min_file_size'] && + $file_size < $this->options['min_file_size']) { + $file->error = $this->get_error_message('min_file_size'); + return false; + } + if (is_int($this->options['max_number_of_files']) && ( + $this->count_file_objects() >= $this->options['max_number_of_files']) + ) { + $file->error = $this->get_error_message('max_number_of_files'); + return false; + } + $max_width = @$this->options['max_width']; + $max_height = @$this->options['max_height']; + $min_width = @$this->options['min_width']; + $min_height = @$this->options['min_height']; + if (($max_width || $max_height || $min_width || $min_height)) { + list($img_width, $img_height) = $this->get_image_size($uploaded_file); + } + if (!empty($img_width)) { + if ($max_width && $img_width > $max_width) { + $file->error = $this->get_error_message('max_width'); + return false; + } + if ($max_height && $img_height > $max_height) { + $file->error = $this->get_error_message('max_height'); + return false; + } + if ($min_width && $img_width < $min_width) { + $file->error = $this->get_error_message('min_width'); + return false; + } + if ($min_height && $img_height < $min_height) { + $file->error = $this->get_error_message('min_height'); + return false; + } + } + return true; + } + + protected function upcount_name_callback($matches) { + $index = isset($matches[1]) ? intval($matches[1]) + 1 : 1; + $ext = isset($matches[2]) ? $matches[2] : ''; + return ' ('.$index.')'.$ext; + } + + protected function upcount_name($name) { + return preg_replace_callback( + '/(?:(?: \(([\d]+)\))?(\.[^.]+))?$/', + array($this, 'upcount_name_callback'), + $name, + 1 + ); + } + + protected function get_unique_filename($file_path, $name, $size, $type, $error, + $index, $content_range) { + while(is_dir($this->get_upload_path($name))) { + $name = $this->upcount_name($name); + } + // Keep an existing filename if this is part of a chunked upload: + $uploaded_bytes = $this->fix_integer_overflow(intval($content_range[1])); + while(is_file($this->get_upload_path($name))) { + if ($uploaded_bytes === $this->get_file_size( + $this->get_upload_path($name))) { + break; + } + $name = $this->upcount_name($name); + } + return $name; + } + + protected function trim_file_name($file_path, $name, $size, $type, $error, + $index, $content_range) { + // Remove path information and dots around the filename, to prevent uploading + // into different directories or replacing hidden system files. + // Also remove control characters and spaces (\x00..\x20) around the filename: + $name = trim(basename(stripslashes($name)), ".\x00..\x20"); + // Use a timestamp for empty filenames: + if (!$name) { + $name = str_replace('.', '-', microtime(true)); + } + // Add missing file extension for known image types: + if (strpos($name, '.') === false && + preg_match('/^image\/(gif|jpe?g|png)/', $type, $matches)) { + $name .= '.'.$matches[1]; + } + if (function_exists('exif_imagetype')) { + switch(@exif_imagetype($file_path)){ + case IMAGETYPE_JPEG: + $extensions = array('jpg', 'jpeg'); + break; + case IMAGETYPE_PNG: + $extensions = array('png'); + break; + case IMAGETYPE_GIF: + $extensions = array('gif'); + break; + } + // Adjust incorrect image file extensions: + if (!empty($extensions)) { + $parts = explode('.', $name); + $extIndex = count($parts) - 1; + $ext = strtolower(@$parts[$extIndex]); + if (!in_array($ext, $extensions)) { + $parts[$extIndex] = $extensions[0]; + $name = implode('.', $parts); + } + } + } + return $name; + } + + protected function get_file_name($file_path, $name, $size, $type, $error, + $index, $content_range) { + return $this->get_unique_filename( + $file_path, + $this->trim_file_name($file_path, $name, $size, $type, $error, + $index, $content_range), + $size, + $type, + $error, + $index, + $content_range + ); + } + + protected function handle_form_data($file, $index) { + // Handle form data, e.g. $_REQUEST['description'][$index] + } + + protected function get_scaled_image_file_paths($file_name, $version) { + $file_path = $this->get_upload_path($file_name); + if (!empty($version)) { + $version_dir = $this->get_upload_path(null, $version); + if (!is_dir($version_dir)) { + mkdir($version_dir, $this->options['mkdir_mode'], true); + } + $new_file_path = $version_dir.'/'.$file_name; + } else { + $new_file_path = $file_path; + } + return array($file_path, $new_file_path); + } + + protected function gd_get_image_object($file_path, $func, $no_cache = false) { + if (empty($this->image_objects[$file_path]) || $no_cache) { + $this->gd_destroy_image_object($file_path); + $this->image_objects[$file_path] = $func($file_path); + } + return $this->image_objects[$file_path]; + } + + protected function gd_set_image_object($file_path, $image) { + $this->gd_destroy_image_object($file_path); + $this->image_objects[$file_path] = $image; + } + + protected function gd_destroy_image_object($file_path) { + $image = @$this->image_objects[$file_path]; + return $image && imagedestroy($image); + } + + protected function gd_imageflip($image, $mode) { + if (function_exists('imageflip')) { + return imageflip($image, $mode); + } + $new_width = $src_width = imagesx($image); + $new_height = $src_height = imagesy($image); + $new_img = imagecreatetruecolor($new_width, $new_height); + $src_x = 0; + $src_y = 0; + switch ($mode) { + case '1': // flip on the horizontal axis + $src_y = $new_height - 1; + $src_height = -$new_height; + break; + case '2': // flip on the vertical axis + $src_x = $new_width - 1; + $src_width = -$new_width; + break; + case '3': // flip on both axes + $src_y = $new_height - 1; + $src_height = -$new_height; + $src_x = $new_width - 1; + $src_width = -$new_width; + break; + default: + return $image; + } + imagecopyresampled( + $new_img, + $image, + 0, + 0, + $src_x, + $src_y, + $new_width, + $new_height, + $src_width, + $src_height + ); + return $new_img; + } + + protected function gd_orient_image($file_path, $src_img) { + if (!function_exists('exif_read_data')) { + return false; + } + $exif = @exif_read_data($file_path); + if ($exif === false) { + return false; + } + $orientation = intval(@$exif['Orientation']); + if ($orientation < 2 || $orientation > 8) { + return false; + } + switch ($orientation) { + case 2: + $new_img = $this->gd_imageflip( + $src_img, + defined('IMG_FLIP_VERTICAL') ? IMG_FLIP_VERTICAL : 2 + ); + break; + case 3: + $new_img = imagerotate($src_img, 180, 0); + break; + case 4: + $new_img = $this->gd_imageflip( + $src_img, + defined('IMG_FLIP_HORIZONTAL') ? IMG_FLIP_HORIZONTAL : 1 + ); + break; + case 5: + $tmp_img = $this->gd_imageflip( + $src_img, + defined('IMG_FLIP_HORIZONTAL') ? IMG_FLIP_HORIZONTAL : 1 + ); + $new_img = imagerotate($tmp_img, 270, 0); + imagedestroy($tmp_img); + break; + case 6: + $new_img = imagerotate($src_img, 270, 0); + break; + case 7: + $tmp_img = $this->gd_imageflip( + $src_img, + defined('IMG_FLIP_VERTICAL') ? IMG_FLIP_VERTICAL : 2 + ); + $new_img = imagerotate($tmp_img, 270, 0); + imagedestroy($tmp_img); + break; + case 8: + $new_img = imagerotate($src_img, 90, 0); + break; + default: + return false; + } + $this->gd_set_image_object($file_path, $new_img); + return true; + } + + protected function gd_create_scaled_image($file_name, $version, $options) { + if (!function_exists('imagecreatetruecolor')) { + error_log('Function not found: imagecreatetruecolor'); + return false; + } + list($file_path, $new_file_path) = + $this->get_scaled_image_file_paths($file_name, $version); + $type = strtolower(substr(strrchr($file_name, '.'), 1)); + switch ($type) { + case 'jpg': + case 'jpeg': + $src_func = 'imagecreatefromjpeg'; + $write_func = 'imagejpeg'; + $image_quality = isset($options['jpeg_quality']) ? + $options['jpeg_quality'] : 75; + break; + case 'gif': + $src_func = 'imagecreatefromgif'; + $write_func = 'imagegif'; + $image_quality = null; + break; + case 'png': + $src_func = 'imagecreatefrompng'; + $write_func = 'imagepng'; + $image_quality = isset($options['png_quality']) ? + $options['png_quality'] : 9; + break; + default: + return false; + } + $src_img = $this->gd_get_image_object( + $file_path, + $src_func, + !empty($options['no_cache']) + ); + $image_oriented = false; + if (!empty($options['auto_orient']) && $this->gd_orient_image( + $file_path, + $src_img + )) { + $image_oriented = true; + $src_img = $this->gd_get_image_object( + $file_path, + $src_func + ); + } + $max_width = $img_width = imagesx($src_img); + $max_height = $img_height = imagesy($src_img); + if (!empty($options['max_width'])) { + $max_width = $options['max_width']; + } + if (!empty($options['max_height'])) { + $max_height = $options['max_height']; + } + $scale = min( + $max_width / $img_width, + $max_height / $img_height + ); + if ($scale >= 1) { + if ($image_oriented) { + return $write_func($src_img, $new_file_path, $image_quality); + } + if ($file_path !== $new_file_path) { + return copy($file_path, $new_file_path); + } + return true; + } + if (empty($options['crop'])) { + $new_width = $img_width * $scale; + $new_height = $img_height * $scale; + $dst_x = 0; + $dst_y = 0; + $new_img = imagecreatetruecolor($new_width, $new_height); + } else { + if (($img_width / $img_height) >= ($max_width / $max_height)) { + $new_width = $img_width / ($img_height / $max_height); + $new_height = $max_height; + } else { + $new_width = $max_width; + $new_height = $img_height / ($img_width / $max_width); + } + $dst_x = 0 - ($new_width - $max_width) / 2; + $dst_y = 0 - ($new_height - $max_height) / 2; + $new_img = imagecreatetruecolor($max_width, $max_height); + } + // Handle transparency in GIF and PNG images: + switch ($type) { + case 'gif': + case 'png': + imagecolortransparent($new_img, imagecolorallocate($new_img, 0, 0, 0)); + case 'png': + imagealphablending($new_img, false); + imagesavealpha($new_img, true); + break; + } + $success = imagecopyresampled( + $new_img, + $src_img, + $dst_x, + $dst_y, + 0, + 0, + $new_width, + $new_height, + $img_width, + $img_height + ) && $write_func($new_img, $new_file_path, $image_quality); + $this->gd_set_image_object($file_path, $new_img); + return $success; + } + + protected function imagick_get_image_object($file_path, $no_cache = false) { + if (empty($this->image_objects[$file_path]) || $no_cache) { + $this->imagick_destroy_image_object($file_path); + $image = new Imagick(); + if (!empty($this->options['imagick_resource_limits'])) { + foreach ($this->options['imagick_resource_limits'] as $type => $limit) { + $image->setResourceLimit($type, $limit); + } + } + $image->readImage($file_path); + $this->image_objects[$file_path] = $image; + } + return $this->image_objects[$file_path]; + } + + protected function imagick_set_image_object($file_path, $image) { + $this->imagick_destroy_image_object($file_path); + $this->image_objects[$file_path] = $image; + } + + protected function imagick_destroy_image_object($file_path) { + $image = @$this->image_objects[$file_path]; + return $image && $image->destroy(); + } + + protected function imagick_orient_image($image) { + $orientation = $image->getImageOrientation(); + $background = new ImagickPixel('none'); + switch ($orientation) { + case imagick::ORIENTATION_TOPRIGHT: // 2 + $image->flopImage(); // horizontal flop around y-axis + break; + case imagick::ORIENTATION_BOTTOMRIGHT: // 3 + $image->rotateImage($background, 180); + break; + case imagick::ORIENTATION_BOTTOMLEFT: // 4 + $image->flipImage(); // vertical flip around x-axis + break; + case imagick::ORIENTATION_LEFTTOP: // 5 + $image->flopImage(); // horizontal flop around y-axis + $image->rotateImage($background, 270); + break; + case imagick::ORIENTATION_RIGHTTOP: // 6 + $image->rotateImage($background, 90); + break; + case imagick::ORIENTATION_RIGHTBOTTOM: // 7 + $image->flipImage(); // vertical flip around x-axis + $image->rotateImage($background, 270); + break; + case imagick::ORIENTATION_LEFTBOTTOM: // 8 + $image->rotateImage($background, 270); + break; + default: + return false; + } + $image->setImageOrientation(imagick::ORIENTATION_TOPLEFT); // 1 + return true; + } + + protected function imagick_create_scaled_image($file_name, $version, $options) { + list($file_path, $new_file_path) = + $this->get_scaled_image_file_paths($file_name, $version); + $image = $this->imagick_get_image_object( + $file_path, + !empty($options['no_cache']) + ); + if ($image->getImageFormat() === 'GIF') { + // Handle animated GIFs: + $images = $image->coalesceImages(); + foreach ($images as $frame) { + $image = $frame; + $this->imagick_set_image_object($file_name, $image); + break; + } + } + $image_oriented = false; + if (!empty($options['auto_orient'])) { + $image_oriented = $this->imagick_orient_image($image); + } + $new_width = $max_width = $img_width = $image->getImageWidth(); + $new_height = $max_height = $img_height = $image->getImageHeight(); + if (!empty($options['max_width'])) { + $new_width = $max_width = $options['max_width']; + } + if (!empty($options['max_height'])) { + $new_height = $max_height = $options['max_height']; + } + if (!($image_oriented || $max_width < $img_width || $max_height < $img_height)) { + if ($file_path !== $new_file_path) { + return copy($file_path, $new_file_path); + } + return true; + } + $crop = !empty($options['crop']); + if ($crop) { + $x = 0; + $y = 0; + if (($img_width / $img_height) >= ($max_width / $max_height)) { + $new_width = 0; // Enables proportional scaling based on max_height + $x = ($img_width / ($img_height / $max_height) - $max_width) / 2; + } else { + $new_height = 0; // Enables proportional scaling based on max_width + $y = ($img_height / ($img_width / $max_width) - $max_height) / 2; + } + } + $success = $image->resizeImage( + $new_width, + $new_height, + isset($options['filter']) ? $options['filter'] : imagick::FILTER_LANCZOS, + isset($options['blur']) ? $options['blur'] : 1, + $new_width && $new_height // fit image into constraints if not to be cropped + ); + if ($success && $crop) { + $success = $image->cropImage( + $max_width, + $max_height, + $x, + $y + ); + if ($success) { + $success = $image->setImagePage($max_width, $max_height, 0, 0); + } + } + $type = strtolower(substr(strrchr($file_name, '.'), 1)); + switch ($type) { + case 'jpg': + case 'jpeg': + if (!empty($options['jpeg_quality'])) { + $image->setImageCompression(Imagick::COMPRESSION_JPEG); + $image->setImageCompressionQuality($options['jpeg_quality']); + } + break; + } + if (!empty($options['strip'])) { + $image->stripImage(); + } + return $success && $image->writeImage($new_file_path); + } + + protected function imagemagick_create_scaled_image($file_name, $version, $options) { + list($file_path, $new_file_path) = + $this->get_scaled_image_file_paths($file_name, $version); + $resize = @$options['max_width'] + .(empty($options['max_height']) ? '' : 'x'.$options['max_height']); + if (!$resize && empty($options['auto_orient'])) { + if ($file_path !== $new_file_path) { + return copy($file_path, $new_file_path); + } + return true; + } + $cmd = $this->options['convert_bin']; + if (!empty($this->options['convert_params'])) { + $cmd .= ' '.$this->options['convert_params']; + } + $cmd .= ' '.escapeshellarg($file_path); + if (!empty($options['auto_orient'])) { + $cmd .= ' -auto-orient'; + } + if ($resize) { + // Handle animated GIFs: + $cmd .= ' -coalesce'; + if (empty($options['crop'])) { + $cmd .= ' -resize '.escapeshellarg($resize.'>'); + } else { + $cmd .= ' -resize '.escapeshellarg($resize.'^'); + $cmd .= ' -gravity center'; + $cmd .= ' -crop '.escapeshellarg($resize.'+0+0'); + } + // Make sure the page dimensions are correct (fixes offsets of animated GIFs): + $cmd .= ' +repage'; + } + if (!empty($options['convert_params'])) { + $cmd .= ' '.$options['convert_params']; + } + $cmd .= ' '.escapeshellarg($new_file_path); + exec($cmd, $output, $error); + if ($error) { + error_log(implode('\n', $output)); + return false; + } + return true; + } + + protected function get_image_size($file_path) { + if ($this->options['image_library']) { + if (extension_loaded('imagick')) { + $image = new Imagick(); + try { + if (@$image->pingImage($file_path)) { + $dimensions = array($image->getImageWidth(), $image->getImageHeight()); + $image->destroy(); + return $dimensions; + } + return false; + } catch (Exception $e) { + error_log($e->getMessage()); + } + } + if ($this->options['image_library'] === 2) { + $cmd = $this->options['identify_bin']; + $cmd .= ' -ping '.escapeshellarg($file_path); + exec($cmd, $output, $error); + if (!$error && !empty($output)) { + // image.jpg JPEG 1920x1080 1920x1080+0+0 8-bit sRGB 465KB 0.000u 0:00.000 + $infos = preg_split('/\s+/', $output[0]); + $dimensions = preg_split('/x/', $infos[2]); + return $dimensions; + } + return false; + } + } + if (!function_exists('getimagesize')) { + error_log('Function not found: getimagesize'); + return false; + } + return @getimagesize($file_path); + } + + protected function create_scaled_image($file_name, $version, $options) { + if ($this->options['image_library'] === 2) { + return $this->imagemagick_create_scaled_image($file_name, $version, $options); + } + if ($this->options['image_library'] && extension_loaded('imagick')) { + return $this->imagick_create_scaled_image($file_name, $version, $options); + } + return $this->gd_create_scaled_image($file_name, $version, $options); + } + + protected function destroy_image_object($file_path) { + if ($this->options['image_library'] && extension_loaded('imagick')) { + return $this->imagick_destroy_image_object($file_path); + } + } + + protected function is_valid_image_file($file_path) { + if (!preg_match($this->options['image_file_types'], $file_path)) { + return false; + } + if (function_exists('exif_imagetype')) { + return @exif_imagetype($file_path); + } + $image_info = $this->get_image_size($file_path); + return $image_info && $image_info[0] && $image_info[1]; + } + + protected function handle_image_file($file_path, $file) { + $failed_versions = array(); + foreach($this->options['image_versions'] as $version => $options) { + if ($this->create_scaled_image($file->name, $version, $options)) { + if (!empty($version)) { + $file->{$version.'Url'} = $this->get_download_url( + $file->name, + $version + ); + } else { + $file->size = $this->get_file_size($file_path, true); + } + } else { + $failed_versions[] = $version ? $version : 'original'; + } + } + if (count($failed_versions)) { + $file->error = $this->get_error_message('image_resize') + .' ('.implode($failed_versions,', ').')'; + } + // Free memory: + $this->destroy_image_object($file_path); + } + + protected function handle_file_upload($uploaded_file, $name, $size, $type, $error, + $index = null, $content_range = null) { + $file = new stdClass(); + $file->name = $this->get_file_name($uploaded_file, $name, $size, $type, $error, + $index, $content_range); + $file->size = $this->fix_integer_overflow(intval($size)); + $file->type = $type; + if ($this->validate($uploaded_file, $file, $error, $index)) { + $this->handle_form_data($file, $index); + $upload_dir = $this->get_upload_path(); + if (!is_dir($upload_dir)) { + mkdir($upload_dir, $this->options['mkdir_mode'], true); + } + $file_path = $this->get_upload_path($file->name); + $append_file = $content_range && is_file($file_path) && + $file->size > $this->get_file_size($file_path); + if ($uploaded_file && is_uploaded_file($uploaded_file)) { + // multipart/formdata uploads (POST method uploads) + if ($append_file) { + file_put_contents( + $file_path, + fopen($uploaded_file, 'r'), + FILE_APPEND + ); + } else { + move_uploaded_file($uploaded_file, $file_path); + } + } else { + // Non-multipart uploads (PUT method support) + file_put_contents( + $file_path, + fopen('php://input', 'r'), + $append_file ? FILE_APPEND : 0 + ); + } + $file_size = $this->get_file_size($file_path, $append_file); + if ($file_size === $file->size) { + $file->url = $this->get_download_url($file->name); + if ($this->is_valid_image_file($file_path)) { + $this->handle_image_file($file_path, $file); + } + } else { + $file->size = $file_size; + if (!$content_range && $this->options['discard_aborted_uploads']) { + unlink($file_path); + $file->error = $this->get_error_message('abort'); + } + } + $this->set_additional_file_properties($file); + } + return $file; + } + + protected function readfile($file_path) { + $file_size = $this->get_file_size($file_path); + $chunk_size = $this->options['readfile_chunk_size']; + if ($chunk_size && $file_size > $chunk_size) { + $handle = fopen($file_path, 'rb'); + while (!feof($handle)) { + echo fread($handle, $chunk_size); + ob_flush(); + flush(); + } + fclose($handle); + return $file_size; + } + return readfile($file_path); + } + + protected function body($str) { + echo $str; + } + + protected function header($str) { + header($str); + } + + protected function get_server_var($id) { + return isset($_SERVER[$id]) ? $_SERVER[$id] : ''; + } + + protected function generate_response($content, $print_response = true) { + if ($print_response) { + $json = json_encode($content); + $redirect = isset($_REQUEST['redirect']) ? + stripslashes($_REQUEST['redirect']) : null; + if ($redirect) { + $this->header('Location: '.sprintf($redirect, rawurlencode($json))); + return; + } + $this->head(); + if ($this->get_server_var('HTTP_CONTENT_RANGE')) { + $files = isset($content[$this->options['param_name']]) ? + $content[$this->options['param_name']] : null; + if ($files && is_array($files) && is_object($files[0]) && $files[0]->size) { + $this->header('Range: 0-'.( + $this->fix_integer_overflow(intval($files[0]->size)) - 1 + )); + } + } + $this->body($json); + } + return $content; + } + + protected function get_version_param() { + return isset($_GET['version']) ? basename(stripslashes($_GET['version'])) : null; + } + + protected function get_singular_param_name() { + return substr($this->options['param_name'], 0, -1); + } + + protected function get_file_name_param() { + $name = $this->get_singular_param_name(); + return isset($_GET[$name]) ? basename(stripslashes($_GET[$name])) : null; + } + + protected function get_file_names_params() { + $params = isset($_GET[$this->options['param_name']]) ? + $_GET[$this->options['param_name']] : array(); + foreach ($params as $key => $value) { + $params[$key] = basename(stripslashes($value)); + } + return $params; + } + + protected function get_file_type($file_path) { + switch (strtolower(pathinfo($file_path, PATHINFO_EXTENSION))) { + case 'jpeg': + case 'jpg': + return 'image/jpeg'; + case 'png': + return 'image/png'; + case 'gif': + return 'image/gif'; + default: + return ''; + } + } + + protected function download() { + switch ($this->options['download_via_php']) { + case 1: + $redirect_header = null; + break; + case 2: + $redirect_header = 'X-Sendfile'; + break; + case 3: + $redirect_header = 'X-Accel-Redirect'; + break; + default: + return $this->header('HTTP/1.1 403 Forbidden'); + } + $file_name = $this->get_file_name_param(); + if (!$this->is_valid_file_object($file_name)) { + return $this->header('HTTP/1.1 404 Not Found'); + } + if ($redirect_header) { + return $this->header( + $redirect_header.': '.$this->get_download_url( + $file_name, + $this->get_version_param(), + true + ) + ); + } + $file_path = $this->get_upload_path($file_name, $this->get_version_param()); + // Prevent browsers from MIME-sniffing the content-type: + $this->header('X-Content-Type-Options: nosniff'); + if (!preg_match($this->options['inline_file_types'], $file_name)) { + $this->header('Content-Type: application/octet-stream'); + $this->header('Content-Disposition: attachment; filename="'.$file_name.'"'); + } else { + $this->header('Content-Type: '.$this->get_file_type($file_path)); + $this->header('Content-Disposition: inline; filename="'.$file_name.'"'); + } + $this->header('Content-Length: '.$this->get_file_size($file_path)); + $this->header('Last-Modified: '.gmdate('D, d M Y H:i:s T', filemtime($file_path))); + $this->readfile($file_path); + } + + protected function send_content_type_header() { + $this->header('Vary: Accept'); + if (strpos($this->get_server_var('HTTP_ACCEPT'), 'application/json') !== false) { + $this->header('Content-type: application/json'); + } else { + $this->header('Content-type: text/plain'); + } + } + + protected function send_access_control_headers() { + $this->header('Access-Control-Allow-Origin: '.$this->options['access_control_allow_origin']); + $this->header('Access-Control-Allow-Credentials: ' + .($this->options['access_control_allow_credentials'] ? 'true' : 'false')); + $this->header('Access-Control-Allow-Methods: ' + .implode(', ', $this->options['access_control_allow_methods'])); + $this->header('Access-Control-Allow-Headers: ' + .implode(', ', $this->options['access_control_allow_headers'])); + } + + public function head() { + $this->header('Pragma: no-cache'); + $this->header('Cache-Control: no-store, no-cache, must-revalidate'); + $this->header('Content-Disposition: inline; filename="files.json"'); + // Prevent Internet Explorer from MIME-sniffing the content-type: + $this->header('X-Content-Type-Options: nosniff'); + if ($this->options['access_control_allow_origin']) { + $this->send_access_control_headers(); + } + $this->send_content_type_header(); + } + + public function get($print_response = true) { + if ($print_response && isset($_GET['download'])) { + return $this->download(); + } + $file_name = $this->get_file_name_param(); + if ($file_name) { + $response = array( + $this->get_singular_param_name() => $this->get_file_object($file_name) + ); + } else { + $response = array( + $this->options['param_name'] => $this->get_file_objects() + ); + } + return $this->generate_response($response, $print_response); + } + + public function post($print_response = true) { + if (isset($_REQUEST['_method']) && $_REQUEST['_method'] === 'DELETE') { + return $this->delete($print_response); + } + $upload = isset($_FILES[$this->options['param_name']]) ? + $_FILES[$this->options['param_name']] : null; + // Parse the Content-Disposition header, if available: + $file_name = $this->get_server_var('HTTP_CONTENT_DISPOSITION') ? + rawurldecode(preg_replace( + '/(^[^"]+")|("$)/', + '', + $this->get_server_var('HTTP_CONTENT_DISPOSITION') + )) : null; + // Parse the Content-Range header, which has the following form: + // Content-Range: bytes 0-524287/2000000 + $content_range = $this->get_server_var('HTTP_CONTENT_RANGE') ? + preg_split('/[^0-9]+/', $this->get_server_var('HTTP_CONTENT_RANGE')) : null; + $size = $content_range ? $content_range[3] : null; + $files = array(); + if ($upload && is_array($upload['tmp_name'])) { + // param_name is an array identifier like "files[]", + // $_FILES is a multi-dimensional array: + foreach ($upload['tmp_name'] as $index => $value) { + $files[] = $this->handle_file_upload( + $upload['tmp_name'][$index], + $file_name ? $file_name : $upload['name'][$index], + $size ? $size : $upload['size'][$index], + $upload['type'][$index], + $upload['error'][$index], + $index, + $content_range + ); + } + } else { + // param_name is a single object identifier like "file", + // $_FILES is a one-dimensional array: + $files[] = $this->handle_file_upload( + isset($upload['tmp_name']) ? $upload['tmp_name'] : null, + $file_name ? $file_name : (isset($upload['name']) ? + $upload['name'] : null), + $size ? $size : (isset($upload['size']) ? + $upload['size'] : $this->get_server_var('CONTENT_LENGTH')), + isset($upload['type']) ? + $upload['type'] : $this->get_server_var('CONTENT_TYPE'), + isset($upload['error']) ? $upload['error'] : null, + null, + $content_range + ); + } + return $this->generate_response( + array($this->options['param_name'] => $files), + $print_response + ); + } + + public function delete($print_response = true) { + $file_names = $this->get_file_names_params(); + if (empty($file_names)) { + $file_names = array($this->get_file_name_param()); + } + $response = array(); + foreach($file_names as $file_name) { + $file_path = $this->get_upload_path($file_name); + $success = is_file($file_path) && $file_name[0] !== '.' && unlink($file_path); + if ($success) { + foreach($this->options['image_versions'] as $version => $options) { + if (!empty($version)) { + $file = $this->get_upload_path($file_name, $version); + if (is_file($file)) { + unlink($file); + } + } + } + } + $response[$file_name] = $success; + } + return $this->generate_response($response, $print_response); + } + +} diff --git a/library/jqupload/server/php/files/.gitignore b/library/jqupload/server/php/files/.gitignore new file mode 100644 index 000000000..e24a60fae --- /dev/null +++ b/library/jqupload/server/php/files/.gitignore @@ -0,0 +1,3 @@ +* +!.gitignore +!.htaccess diff --git a/library/jqupload/server/php/files/.htaccess b/library/jqupload/server/php/files/.htaccess new file mode 100644 index 000000000..56689f0bb --- /dev/null +++ b/library/jqupload/server/php/files/.htaccess @@ -0,0 +1,18 @@ +# The following directives force the content-type application/octet-stream +# and force browsers to display a download dialog for non-image files. +# This prevents the execution of script files in the context of the website: +ForceType application/octet-stream +Header set Content-Disposition attachment + + ForceType none + Header unset Content-Disposition + + +# The following directive prevents browsers from MIME-sniffing the content-type. +# This is an important complement to the ForceType directive above: +Header set X-Content-Type-Options nosniff + +# Uncomment the following lines to prevent unauthorized download of files: +#AuthName "Authorization required" +#AuthType Basic +#require valid-user diff --git a/library/jqupload/server/php/index.php b/library/jqupload/server/php/index.php new file mode 100644 index 000000000..3ae1295ef --- /dev/null +++ b/library/jqupload/server/php/index.php @@ -0,0 +1,15 @@ +