public function upload($fp, $dst, $name, $tmpname)
{
if ($this->commandDisabled('upload')) {
return $this->setError(elFinder::ERROR_PERM_DENIED);
}
if (($dir = $this->dir($dst)) == false) {
return $this->setError(elFinder::ERROR_TRGDIR_NOT_FOUND, '#' . $dst);
}
if (!$dir['write']) {
return $this->setError(elFinder::ERROR_PERM_DENIED);
}
if (!$this->nameAccepted($name)) {
return $this->setError(elFinder::ERROR_INVALID_NAME);
}
$mime = $this->mimetype($this->mimeDetect == 'internal' ? $name : $tmpname, $name);
if ($mime == 'unknown' && $this->mimeDetect == 'internal') {
$mime = elFinderVolumeDriver::mimetypeInternalDetect($name);
}
// logic based on http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order
$allow = $this->mimeAccepted($mime, $this->uploadAllow, null);
$deny = $this->mimeAccepted($mime, $this->uploadDeny, null);
$upload = true;
// default to allow
if (strtolower($this->uploadOrder[0]) == 'allow') {
// array('allow', 'deny'), default is to 'deny'
$upload = false;
// default is deny
if (!$deny && $allow === true) {
// match only allow
$upload = true;
}
// else (both match | no match | match only deny) { deny }
} else {
// array('deny', 'allow'), default is to 'allow' - this is the default rule
$upload = true;
// default is allow
if ($deny === true && !$allow) {
// match only deny
$upload = false;
}
// else (both match | no match | match only allow) { allow }
}
if (!$upload) {
return $this->setError(elFinder::ERROR_UPLOAD_FILE_MIME);
}
if ($this->uploadMaxSize > 0 && filesize($tmpname) > $this->uploadMaxSize) {
return $this->setError(elFinder::ERROR_UPLOAD_FILE_SIZE);
}
$dstpath = $this->decode($dst);
$test = $this->_joinPath($dstpath, $name);
$file = $this->stat($test);
$this->clearcache();
if ($file) {
// file exists
if ($this->options['uploadOverwrite']) {
if (!$file['write']) {
return $this->setError(elFinder::ERROR_PERM_DENIED);
} elseif ($file['mime'] == 'directory') {
return $this->setError(elFinder::ERROR_NOT_REPLACE, $name);
}
$this->remove($test);
} else {
$name = $this->uniqueName($dstpath, $name, '-', false);
}
}
$stat = array('mime' => $mime, 'width' => 0, 'height' => 0, 'size' => filesize($tmpname));
// $w = $h = 0;
if (strpos($mime, 'image') === 0 && ($s = getimagesize($tmpname))) {
$stat['width'] = $s[0];
$stat['height'] = $s[1];
}
// $this->clearcache();
if (($path = $this->_save($fp, $dstpath, $name, $stat)) == false) {
return false;
}
return $this->stat($path);
}