?? upload_fck.pl
字號:
#####
# FCKeditor - The text editor for Internet - http://www.fckeditor.net
# Copyright (C) 2003-2007 Frederico Caldeira Knabben
#
# == BEGIN LICENSE ==
#
# Licensed under the terms of any of the following licenses at your
# choice:
#
# - GNU General Public License Version 2 or later (the "GPL")
# http://www.gnu.org/licenses/gpl.html
#
# - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
# http://www.gnu.org/licenses/lgpl.html
#
# - Mozilla Public License Version 1.1 or later (the "MPL")
# http://www.mozilla.org/MPL/MPL-1.1.html
#
# == END LICENSE ==
#
# This is the File Manager Connector for Perl.
#####
# image data save dir
$img_dir = './temp/';
# File size max(unit KB)
$MAX_CONTENT_SIZE = 30000;
# Filelock (1=use,0=not use)
$PM{'flock'} = '1';
# upload Content-Type list
my %UPLOAD_CONTENT_TYPE_LIST = (
'image/(x-)?png' => 'png', # PNG image
'image/p?jpe?g' => 'jpg', # JPEG image
'image/gif' => 'gif', # GIF image
'image/x-xbitmap' => 'xbm', # XBM image
'image/(x-(MS-)?)?bmp' => 'bmp', # Windows BMP image
'image/pict' => 'pict', # Macintosh PICT image
'image/tiff' => 'tif', # TIFF image
'application/pdf' => 'pdf', # PDF image
'application/x-shockwave-flash' => 'swf', # Shockwave Flash
'video/(x-)?msvideo' => 'avi', # Microsoft Video
'video/quicktime' => 'mov', # QuickTime Video
'video/mpeg' => 'mpeg', # MPEG Video
'video/x-mpeg2' => 'mpv2', # MPEG2 Video
'audio/(x-)?midi?' => 'mid', # MIDI Audio
'audio/(x-)?wav' => 'wav', # WAV Audio
'audio/basic' => 'au', # ULAW Audio
'audio/mpeg' => 'mpga', # MPEG Audio
'application/(x-)?zip(-compressed)?' => 'zip', # ZIP Compress
'text/html' => 'html', # HTML
'text/plain' => 'txt', # TEXT
'(?:application|text)/(?:rtf|richtext)' => 'rtf', # RichText
'application/msword' => 'doc', # Microsoft Word
'application/vnd.ms-excel' => 'xls', # Microsoft Excel
''
);
# Upload is permitted.
# A regular expression is possible.
my %UPLOAD_EXT_LIST = (
'png' => 'PNG image',
'p?jpe?g|jpe|jfif|pjp' => 'JPEG image',
'gif' => 'GIF image',
'xbm' => 'XBM image',
'bmp|dib|rle' => 'Windows BMP image',
'pi?ct' => 'Macintosh PICT image',
'tiff?' => 'TIFF image',
'pdf' => 'PDF image',
'swf' => 'Shockwave Flash',
'avi' => 'Microsoft Video',
'moo?v|qt' => 'QuickTime Video',
'm(p(e?gv?|e|v)|1v)' => 'MPEG Video',
'mp(v2|2v)' => 'MPEG2 Video',
'midi?|kar|smf|rmi|mff' => 'MIDI Audio',
'wav' => 'WAVE Audio',
'au|snd' => 'ULAW Audio',
'mp(e?ga|2|a|3)|abs' => 'MPEG Audio',
'zip' => 'ZIP Compress',
'lzh' => 'LZH Compress',
'cab' => 'CAB Compress',
'd?html?' => 'HTML',
'rtf|rtx' => 'RichText',
'txt|text' => 'Text',
''
);
# sjis or euc
my $CHARCODE = 'sjis';
$TRANS_2BYTE_CODE = 0;
##############################################################################
# Summary
#
# Form Read input
#
# Parameters
# Returns
# Memo
##############################################################################
sub read_input
{
eval("use File::Copy;");
eval("use File::Path;");
my ($FORM) = @_;
mkdir($img_dir,0777);
chmod(0777,$img_dir);
undef $img_data_exists;
undef @NEWFNAMES;
undef @NEWFNAME_DATA;
if($ENV{'CONTENT_LENGTH'} > 10000000 || $ENV{'CONTENT_LENGTH'} > $MAX_CONTENT_SIZE * 1024) {
&upload_error(
'Size Error',
sprintf(
"Transmitting size is too large.MAX <strong>%d KB</strong> Now Size <strong>%d KB</strong>(<strong>%d bytes</strong> Over)",
$MAX_CONTENT_SIZE,
int($ENV{'CONTENT_LENGTH'} / 1024),
$ENV{'CONTENT_LENGTH'} - $MAX_CONTENT_SIZE * 1024
)
);
}
my $Buffer;
if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data/) {
# METHOD POST only
return unless($ENV{'CONTENT_LENGTH'});
binmode(STDIN);
# STDIN A pause character is detected.'(MacIE3.0 boundary of $ENV{'CONTENT_TYPE'} cannot be trusted.)
my $Boundary = <STDIN>;
$Boundary =~ s/\x0D\x0A//;
$Boundary = quotemeta($Boundary);
while(<STDIN>) {
if(/^\s*Content-Disposition:/i) {
my($name,$ContentType,$FileName);
# form data get
if(/\bname="([^"]+)"/i || /\bname=([^\s:;]+)/i) {
$name = $1;
$name =~ tr/+/ /;
$name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
&Encode(\$name);
}
if(/\bfilename="([^"]*)"/i || /\bfilename=([^\s:;]*)/i) {
$FileName = $1 || 'unknown';
}
# head read
while(<STDIN>) {
last if(! /\w/);
if(/^\s*Content-Type:\s*"([^"]+)"/i || /^\s*Content-Type:\s*([^\s:;]+)/i) {
$ContentType = $1;
}
}
# body read
$value = "";
while(<STDIN>) {
last if(/^$Boundary/o);
$value .= $_;
};
$lastline = $_;
$value =~s /\x0D\x0A$//;
if($value ne '') {
if($FileName || $ContentType) {
$img_data_exists = 1;
(
$FileName, #
$Ext, #
$Length, #
$ImageWidth, #
$ImageHeight, #
$ContentName #
) = &CheckContentType(\$value,$FileName,$ContentType);
$FORM{$name} = $FileName;
$new_fname = $FileName;
push(@NEWFNAME_DATA,"$FileName\t$Ext\t$Length\t$ImageWidth\t$ImageHeight\t$ContentName");
# Multi-upload correspondence
push(@NEWFNAMES,$new_fname);
open(OUT,">$img_dir/$new_fname");
binmode(OUT);
eval "flock(OUT,2);" if($PM{'flock'} == 1);
print OUT $value;
eval "flock(OUT,8);" if($PM{'flock'} == 1);
close(OUT);
} elsif($name) {
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
&Encode(\$value,'trans');
$FORM{$name} .= "\0" if(defined($FORM{$name}));
$FORM{$name} .= $value;
}
}
};
last if($lastline =~ /^$Boundary\-\-/o);
}
} elsif($ENV{'CONTENT_LENGTH'}) {
read(STDIN,$Buffer,$ENV{'CONTENT_LENGTH'});
}
foreach(split(/&/,$Buffer),split(/&/,$ENV{'QUERY_STRING'})) {
my($name, $value) = split(/=/);
$name =~ tr/+/ /;
$name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
&Encode(\$name);
&Encode(\$value,'trans');
$FORM{$name} .= "\0" if(defined($FORM{$name}));
$FORM{$name} .= $value;
}
}
##############################################################################
# Summary
#
# CheckContentType
#
# Parameters
# Returns
# Memo
##############################################################################
sub CheckContentType
{
my($DATA,$FileName,$ContentType) = @_;
my($Ext,$ImageWidth,$ImageHeight,$ContentName,$Infomation);
my $DataLength = length($$DATA);
# An unknown file type
$_ = $ContentType;
my $UnknownType = (
!$_
|| /^application\/(x-)?macbinary$/i
|| /^application\/applefile$/i
|| /^application\/octet-stream$/i
|| /^text\/plane$/i
|| /^x-unknown-content-type/i
);
# MacBinary(Mac Unnecessary data are deleted.)
if($UnknownType || $ENV{'HTTP_USER_AGENT'} =~ /Macintosh|Mac_/) {
if($DataLength > 128 && !unpack("C",substr($$DATA,0,1)) && !unpack("C",substr($$DATA,74,1)) && !unpack("C",substr($$DATA,82,1)) ) {
my $MacBinary_ForkLength = unpack("N", substr($$DATA, 83, 4)); # ForkLength Get
my $MacBinary_FileName = quotemeta(substr($$DATA, 2, unpack("C",substr($$DATA, 1, 1))));
if($MacBinary_FileName && $MacBinary_ForkLength && $DataLength >= $MacBinary_ForkLength + 128
&& ($FileName =~ /$MacBinary_FileName/i || substr($$DATA,102,4) eq 'mBIN')) { # DATA TOP 128byte MacBinary!!
$$DATA = substr($$DATA,128,$MacBinary_ForkLength);
my $ResourceLength = $DataLength - $MacBinary_ForkLength - 128;
$DataLength = $MacBinary_ForkLength;
}
}
}
# A file name is changed into EUC.
# &jcode::convert(\$FileName,'euc',$FormCodeDefault);
# &jcode::h2z_euc(\$FileName);
$FileName =~ s/^.*\\//; # Windows, Mac
$FileName =~ s/^.*\///; # UNIX
$FileName =~ s/&/&/g;
$FileName =~ s/"/"/g;
$FileName =~ s/</</g;
$FileName =~ s/>/>/g;
#
# if($CHARCODE ne 'euc') {
# &jcode::convert(\$FileName,$CHARCODE,'euc');
# }
# An extension is extracted and it changes into a small letter.
my $FileExt;
if($FileName =~ /\.(\w+)$/) {
$FileExt = $1;
$FileExt =~ tr/A-Z/a-z/;
}
# Executable file detection (ban on upload)
if($$DATA =~ /^MZ/) {
$Ext = 'exe';
}
# text
if(!$Ext && ($UnknownType || $ContentType =~ /^text\//i || $ContentType =~ /^application\/(?:rtf|richtext)$/i || $ContentType =~ /^image\/x-xbitmap$/i)
&& ! $$DATA =~ /[\000-\006\177\377]/) {
# $$DATA =~ s/\x0D\x0A/\n/g;
# $$DATA =~ tr/\x0D\x0A/\n\n/;
#
# if(
# $$DATA =~ /<\s*SCRIPT(?:.|\n)*?>/i
# || $$DATA =~ /<\s*(?:.|\n)*?\bONLOAD\s*=(?:.|\n)*?>/i
# || $$DATA =~ /<\s*(?:.|\n)*?\bONCLICK\s*=(?:.|\n)*?>/i
# ) {
# $Infomation = '(JavaScript contains)';
# }
# if($$DATA =~ /<\s*TABLE(?:.|\n)*?>/i
# || $$DATA =~ /<\s*BLINK(?:.|\n)*?>/i
# || $$DATA =~ /<\s*MARQUEE(?:.|\n)*?>/i
# || $$DATA =~ /<\s*OBJECT(?:.|\n)*?>/i
# || $$DATA =~ /<\s*EMBED(?:.|\n)*?>/i
# || $$DATA =~ /<\s*FRAME(?:.|\n)*?>/i
# || $$DATA =~ /<\s*APPLET(?:.|\n)*?>/i
# || $$DATA =~ /<\s*FORM(?:.|\n)*?>/i
# || $$DATA =~ /<\s*(?:.|\n)*?\bSRC\s*=(?:.|\n)*?>/i
# || $$DATA =~ /<\s*(?:.|\n)*?\bDYNSRC\s*=(?:.|\n)*?>/i
# ) {
# $Infomation = '(the HTML tag which is not safe is included)';
# }
if($FileExt =~ /^txt$/i || $FileExt =~ /^cgi$/i || $FileExt =~ /^pl$/i) { # Text File
?? 快捷鍵說明
復(fù)制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -