mirror of
https://github.com/ACSPRI/queXS
synced 2024-04-02 12:12:16 +00:00
190 lines
6.7 KiB
PHP
190 lines
6.7 KiB
PHP
<?php
|
|
|
|
require_once(dirname(__FILE__).'/classes/core/startup.php');
|
|
require_once(dirname(__FILE__).'/config-defaults.php');
|
|
require_once(dirname(__FILE__).'/common.php');
|
|
require_once(dirname(__FILE__).'/common_functions.php');
|
|
require_once($homedir.'/classes/core/class.progressbar.php');
|
|
require_once(dirname(__FILE__).'/classes/core/language.php');
|
|
|
|
if (!isset($surveyid))
|
|
{
|
|
$surveyid=returnglobal('sid');
|
|
}
|
|
else
|
|
{
|
|
//This next line ensures that the $surveyid value is never anything but a number.
|
|
$surveyid=sanitize_int($surveyid);
|
|
}
|
|
|
|
|
|
// Compute the Session name
|
|
// Session name is based:
|
|
// * on this specific limesurvey installation (Value SessionName in DB)
|
|
// * on the surveyid (from Get or Post param). If no surveyid is given we are on the public surveys portal
|
|
$usquery = "SELECT stg_value FROM ".db_table_name("settings_global")." where stg_name='SessionName'";
|
|
$usresult = db_execute_assoc($usquery,'',true); //Checked
|
|
if ($usresult)
|
|
{
|
|
$usrow = $usresult->FetchRow();
|
|
$stg_SessionName=$usrow['stg_value'];
|
|
if ($surveyid)
|
|
{
|
|
if (isset($_GET['preview']) && $_GET['preview'] == 1)
|
|
{
|
|
@session_name($stg_SessionName);
|
|
}
|
|
else
|
|
{
|
|
@session_name($stg_SessionName.'-runtime-'.$surveyid);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
@session_name($stg_SessionName.'-runtime-publicportal');
|
|
}
|
|
}
|
|
else
|
|
{
|
|
session_name("LimeSurveyRuntime-$surveyid");
|
|
}
|
|
session_set_cookie_params(0,$relativeurl.'/admin/');
|
|
@session_start();
|
|
|
|
if (empty($_SESSION) || !isset($_SESSION['fieldname']))
|
|
{
|
|
die("You don't have a valid session !");
|
|
}
|
|
|
|
$baselang = GetBaseLanguageFromSurveyID($surveyid);
|
|
$clang = new limesurvey_lang($baselang);
|
|
|
|
$randfilename = 'futmp_'.sRandomChars(15);
|
|
$sTempUploadDir = $tempdir.'/upload/';
|
|
$randfileloc = $sTempUploadDir . $randfilename;
|
|
$filename = $_FILES['uploadfile']['name'];
|
|
$size = 0.001 * $_FILES['uploadfile']['size'];
|
|
$valid_extensions = strtolower($_POST['valid_extensions']);
|
|
$maxfilesize = (int) $_POST['max_filesize'];
|
|
$preview = $_POST['preview'];
|
|
$fieldname = $_POST['fieldname'];
|
|
$aFieldMap=createFieldMap($surveyid);
|
|
if (!isset($aFieldMap[$fieldname])) die();
|
|
$aAttributes=getQuestionAttributes($aFieldMap[$fieldname]['qid'],$aFieldMap[$fieldname]['type']);
|
|
|
|
$valid_extensions_array = explode(",", $aAttributes['allowed_filetypes']);
|
|
$valid_extensions_array = array_map('trim',$valid_extensions_array);
|
|
|
|
$pathinfo = pathinfo($_FILES['uploadfile']['name']);
|
|
$ext = $pathinfo['extension'];
|
|
|
|
// check to see that this file type is allowed
|
|
// it is also checked at the client side, but jst double checking
|
|
if (!in_array(strtolower($ext), $valid_extensions_array))
|
|
{
|
|
$return = array(
|
|
"success" => false,
|
|
"msg" => sprintf($clang->gT("Sorry, this file extension (%s) is not allowed!"),$ext)
|
|
);
|
|
|
|
echo ls_json_encode($return);
|
|
exit ();
|
|
}
|
|
|
|
// If this is just a preview, don't save the file
|
|
if ($preview)
|
|
{
|
|
if ($size > $maxfilesize)
|
|
{
|
|
$return = array(
|
|
"success" => false,
|
|
"msg" => sprintf($clang->gT("Sorry, this file is too large. Only files upto %s KB are allowed."), $maxfilesize)
|
|
);
|
|
echo ls_json_encode($return);
|
|
}
|
|
|
|
else if (move_uploaded_file($_FILES['uploadfile']['tmp_name'], $randfileloc))
|
|
{
|
|
|
|
$return = array(
|
|
"success" => true,
|
|
"size" => $size,
|
|
"name" => rawurlencode(basename($filename)),
|
|
"ext" => $ext,
|
|
"filename" => $randfilename,
|
|
"msg" => $clang->gT("The file has been successfuly uploaded.")
|
|
);
|
|
echo ls_json_encode($return);
|
|
|
|
// TODO : unlink this file since this is just a preview
|
|
// unlink($randfileloc);
|
|
}
|
|
}
|
|
else
|
|
{ // if everything went fine and the file was uploaded successfuly,
|
|
// send the file related info back to the client
|
|
if ($size > $maxfilesize)
|
|
{
|
|
$return = array(
|
|
"success" => false,
|
|
"msg" => sprintf($clang->gT("Sorry, this file is too large. Only files up to %s KB are allowed.",'unescaped'), $maxfilesize)
|
|
);
|
|
echo ls_json_encode($return);
|
|
}
|
|
elseif ($iFileUploadTotalSpaceMB>0 && ((fCalculateTotalFileUploadUsage()+($size/1024/1024))>$iFileUploadTotalSpaceMB))
|
|
{
|
|
$return = array(
|
|
"success" => false,
|
|
"msg" => $clang->gT("We are sorry but there was a system error and your file was not saved. An email has been dispatched to notify the survey administrator.",'unescaped')
|
|
);
|
|
echo ls_json_encode($return);
|
|
}
|
|
elseif (move_uploaded_file($_FILES['uploadfile']['tmp_name'], $randfileloc))
|
|
{
|
|
|
|
|
|
$return = array(
|
|
"success" => true,
|
|
"size" => $size,
|
|
"name" => rawurlencode(basename($filename)),
|
|
"ext" => $ext,
|
|
"filename" => $randfilename,
|
|
"msg" => $clang->gT("The file has been successfuly uploaded.")
|
|
);
|
|
|
|
echo ls_json_encode($return);
|
|
}
|
|
// if there was some error, report error message
|
|
else
|
|
{
|
|
// check for upload error
|
|
if ($_FILES['uploadfile']['error'] > 2)
|
|
{
|
|
$return = array(
|
|
"success" => false,
|
|
"msg" => $clang->gT("Sorry, there was an error uploading your file")
|
|
);
|
|
|
|
echo ls_json_encode($return);
|
|
}
|
|
// check to ensure that the file does not cross the maximum file size
|
|
else if ( $_FILES['uploadfile']['error'] == 1 || $_FILES['uploadfile']['error'] == 2 || $size > $maxfilesize)
|
|
{
|
|
$return = array(
|
|
"success" => false,
|
|
"msg" => sprintf($clang->gT("Sorry, this file is too large. Only files upto %s KB are allowed."), $maxfilesize)
|
|
);
|
|
|
|
echo ls_json_encode($return);
|
|
}
|
|
else
|
|
{
|
|
$return = array(
|
|
"success" => false,
|
|
"msg" => $clang->gT("Unknown error")
|
|
);
|
|
echo ls_json_encode($return);
|
|
}
|
|
}
|
|
}
|
|
?>
|