query('START TRANSACTION'); // GESTIONE UPLOAD if (filter('op') == 'link_file' || filter('op') == 'unlink_file') { // Controllo sui permessi di scrittura per il modulo if (Modules::getPermission($id_module) != 'rw') { $_SESSION['errors'][] = str_replace('_MODULE_', '"'.Modules::getModule($id_module)['name'].'"', _('Non hai permessi di scrittura per il modulo _MODULE_')); } // Controllo sui permessi di scrittura per il file system elseif ((!is_dir($upload_dir) && !mkdir($upload_dir)) || (is_dir($upload_dir) && !is_writable($upload_dir))) { $_SESSION['errors'][] = str_replace('_DIR_', '"files"', _('Non hai i permessi di scrittura nella cartella _DIR_!')); } // Gestione delle operazioni else { // UPLOAD if (filter('op') == 'link_file' && !empty($_FILES) && !empty($_FILES['blob']['name'])) { $nome = filter('nome_allegato'); $src = $_FILES['blob']['tmp_name']; $f = pathinfo($_FILES['blob']['name']); /* $allowed = [ // Image formats 'jpg' => 'image/jpeg', 'jpeg' => 'image/jpeg', 'jpe' => 'image/jpeg', 'gif' => 'image/gif', 'png' => 'image/png', 'bmp' => 'image/bmp', 'tif' => 'image/tiff', 'tiff' => 'image/tiff', 'ico' => 'image/x-icon', // Video formats 'asx' => 'video/asf', 'asf' => 'video/asf', 'wax' => 'video/asf', 'wmv' => 'video/asf', 'wmx' => 'video/asf', 'avi' => 'video/avi', 'divx' => 'video/divx', 'flv' => 'video/x-flv', 'mov' => 'video/quicktime', 'qt' => 'video/quicktime', 'mpg' => 'video/mpeg', 'mpeg' => 'video/mpeg', 'mpe' => 'video/mpeg', 'mp4' => 'video/mp4', 'm4v' => 'video/mp4', 'ogv' => 'video/ogg', 'mkv' => 'video/x-matroska', // Text formats 'txt' => 'text/plain', 'csv' => 'text/csv', 'tsv' => 'text/tab-separated-values', 'ics' => 'text/calendar', 'rtx' => 'text/richtext', 'css' => 'text/css', 'htm' => 'text/html', 'html' => 'text/html', // Audio formats 'mp3' => 'audio/mpeg', 'm4a' => 'audio/mpeg', 'm4b' => 'audio/mpeg', 'mp' => 'audio/mpeg', 'm4b' => 'audio/mpeg', 'ra' => 'audio/x-realaudio', 'ram' => 'audio/x-realaudio', 'wav' => 'audio/wav', 'ogg' => 'audio/ogg', 'oga' => 'audio/ogg', 'mid' => 'audio/midi', 'midi' => 'audio/midi', 'wma' => 'audio/wma', 'mka' => 'audio/x-matroska', // Misc application formats 'rtf' => 'application/rtf', 'js' => 'application/javascript', 'pdf' => 'application/pdf', 'swf' => 'application/x-shockwave-flash', 'class' => 'application/java', 'tar' => 'application/x-tar', 'zip' => 'application/zip', 'gz' => 'application/x-gzip', 'gzip' => 'application/x-gzip', 'rar' => 'application/rar', '7z' => 'application/x-7z-compressed', // MS Office formats 'doc' => 'application/msword', 'pot' => 'application/vnd.ms-powerpoint', 'pps' => 'application/vnd.ms-powerpoint', 'ppt' => 'application/vnd.ms-powerpoint', 'wri' => 'application/vnd.ms-write', 'xla' => 'application/vnd.ms-excel', 'xls' => 'application/vnd.ms-excel', 'xlt' => 'application/vnd.ms-excel', 'xlw' => 'application/vnd.ms-excel', 'mdb' => 'application/vnd.ms-access', 'mpp' => 'application/vnd.ms-project', 'docx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document', 'docm' => 'application/vnd.ms-word.document.macroEnabled.12', 'dotx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.template', 'dotm' => 'application/vnd.ms-word.template.macroEnabled.12', 'xlsx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 'xlsm' => 'application/vnd.ms-excel.sheet.macroEnabled.12', 'xlsb' => 'application/vnd.ms-excel.sheet.binary.macroEnabled.12', 'xltx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.template', 'xltm' => 'application/vnd.ms-excel.template.macroEnabled.12', 'xlam' => 'application/vnd.ms-excel.addin.macroEnabled.12', 'pptx' => 'application/vnd.openxmlformats-officedocument.presentationml.presentation', 'pptm' => 'application/vnd.ms-powerpoint.presentation.macroEnabled.12', 'ppsx' => 'application/vnd.openxmlformats-officedocument.presentationml.slideshow', 'ppsm' => 'application/vnd.ms-powerpoint.slideshow.macroEnabled.12', 'potx' => 'application/vnd.openxmlformats-officedocument.presentationml.template', 'potm' => 'application/vnd.ms-powerpoint.template.macroEnabled.12', 'ppam' => 'application/vnd.ms-powerpoint.addin.macroEnabled.12', 'sldx' => 'application/vnd.openxmlformats-officedocument.presentationml.slide', 'sldm' => 'application/vnd.ms-powerpoint.slide.macroEnabled.12', 'onetoc' => 'application/onenote', 'onetoc2' => 'application/onenote', 'onetmp' => 'application/onenote', 'onepkg' => 'application/onenote', // OpenOffice formats 'odt' => 'application/vnd.oasis.opendocument.text', 'odp' => 'application/vnd.oasis.opendocument.presentation', 'ods' => 'application/vnd.oasis.opendocument.spreadsheet', 'odg' => 'application/vnd.oasis.opendocument.graphics', 'odc' => 'application/vnd.oasis.opendocument.chart', 'odb' => 'application/vnd.oasis.opendocument.database', 'odf' => 'application/vnd.oasis.opendocument.formula', // WordPerfect formats 'wp' => 'application/wordperfect', 'wpd' => 'application/wordperfect', ]; if (in_array($f['extension'], array_keys($allowed))) { */ do { $filename = random_string().'.'.$f['extension']; } while (file_exists($upload_dir.'/'.$filename)); // Creazione file fisico if (move_uploaded_file($src, $upload_dir.'/'.$filename)) { $dbo->insert('zz_files', [ 'nome' => $nome, 'filename' => $filename, 'original' => $_FILES['blob']['name'], 'id_module' => $id_module, 'id_record' => $id_record, ]); $_SESSION['infos'][] = _('File caricato correttamente!'); } else { $_SESSION['errors'][] = _('Errore durante il caricamento del file!'); } /* } else { $_SESSION['errors'][] = _('Tipologia di file non permessa!'); } */ } // DELETE elseif (filter('op') == 'unlink_file' && filter('filename') !== null) { $filename = filter('filename'); $rs = $dbo->fetchArray('SELECT * FROM zz_files WHERE id_module='.prepare($id_module).' AND id='.prepare(filter('id')).' AND filename='.prepare($filename)); if (unlink($upload_dir.'/'.$filename)) { $query = 'DELETE FROM zz_files WHERE id_module='.prepare($id_module).' AND id='.prepare(filter('id')).' AND filename='.prepare($filename); if ($dbo->query($query)) { $_SESSION['infos'][] = str_replace('_FILE_', '"'.$rs[0]['nome'].'"', _('File _FILE_ eliminato!')); } } else { $_SESSION['errors'][] = str_replace(['_FILE_', '_DIR_'], ['"'.$filename.'"', '"files/'.$module_dir.'/"'], _("Errore durante l'eliminazione del file _FILE_ in _DIR_!")); } } redirect(ROOTDIR.'/editor.php?id_module='.$id_module.'&id_record='.$id_record); } } elseif (filter('op') == 'download_file') { $rs = $dbo->fetchArray('SELECT * FROM zz_files WHERE id_module='.prepare($id_module).' AND id='.prepare(filter('id')).' AND filename='.prepare(filter('filename'))); force_download($rs[0]['original'], $upload_dir.'/'.$rs[0]['filename']); } if (Modules::getPermission($permesso) == 'rw') { if (!empty($info['script'])) { // Inclusione di eventuale plugin personalizzato if (file_exists($docroot.'/modules/'.$info['module_dir'].'/plugins/custom/'.$info['script'])) { include $docroot.'/modules/'.$info['module_dir'].'/plugins/custom/'.$info['script']; } elseif (file_exists($docroot.'/modules/'.$info['module_dir'].'/plugins/'.$info['script'])) { include $docroot.'/modules/'.$info['module_dir'].'/plugins/'.$info['script']; } return; } // Caricamento helper modulo (verifico se ci sono helper personalizzati) if (file_exists($docroot.$directory.'/custom/modutil.php')) { include_once $docroot.$directory.'/custom/modutil.php'; } elseif (file_exists($docroot.$directory.'/modutil.php')) { include_once $docroot.$directory.'/modutil.php'; } // Lettura risultato query del modulo if (file_exists($docroot.$directory.'/custom/init.php')) { include $docroot.$directory.'/custom/init.php'; } elseif (file_exists($docroot.$directory.'/init.php')) { include $docroot.$directory.'/init.php'; } // Esecuzione delle operazioni di gruppo $id_records = post('id_records'); $id_records = is_array($id_records) ? $id_records : explode(',', $id_records); $bulk = null; if (file_exists($docroot.$directory.'/custom/bulk.php')) { $bulk = include $docroot.$directory.'/custom/bulk.php'; } elseif (file_exists($docroot.$directory.'/bulk.php')) { $bulk = include $docroot.$directory.'/bulk.php'; } $bulk = (array) $bulk; if (in_array(post('op'), $bulk)) { redirect(ROOTDIR.'/controller.php?id_module='.$id_module, 'js'); } else { // Esecuzione delle operazioni del modulo if (file_exists($docroot.$directory.'/custom/actions.php')) { include $docroot.$directory.'/custom/actions.php'; } elseif (file_exists($docroot.$directory.'/actions.php')) { include $docroot.$directory.'/actions.php'; } } } $dbo->query('COMMIT');