Sure, here is the code I am running:
function BOLTXupload($value, $field, $args='') {
global $pageLink,$BOLTid;
if (BOLTauth($pageLink, $BOLTid, 'uploads') == false) return BOLTabort(
'upload_fail_auth');
$types = BOLTconfig('uploadImgTypes', 'gif,jpg,jpeg,png,svg');
$types .= ','.BOLTconfig('uploadFileTypes', 'txt,pdf');
$a_types = BOLTinit($types, $args['types']);
$size = BOLTconfig('uploadSize', 100000);
$a_size = BOLTinit($size, $args['size']);
$case = BOLTconfig('uploadCase', false);
$a_case = BOLTinit($case, $args['case']);
$dir = BOLTinit('files', $args['dir']);
$field = BOLTinit($field, $args['file']);
$current_filename = $_FILES[$field]['name'];
if (trim($current_filename) === '') return BOLTabort(
"upload_no_file::$field");
// checks file name
if (strpos($current_filename, '.') === false) return BOLTabort(
"upload_no_ext");
$type = strtolower(substr($current_filename, strrpos($current_filename,
'.') + 1));
if (! inlist($type, $types) || ! inlist ($type, $a_types)) return
BOLTabort("upload_fail_type::$type");
$new_filename = BOLTinit($current_filename, $args['name']);
if ($a_case !== 'true') $new_filename = strtolower($new_filename);
$dotIndex = strrpos($new_filename, '.');
if($dotIndex === FALSE) {
$newtype = $type;
$new_filename = $new_filename.'.'.$type;
}
else $newtype = strtolower(substr($new_filename, $dotIndex + 1));
// checks new name
if (inlist($newtype, 'jpg,jpeg') && ! inlist($type, 'jpg,jpeg')) return
BOLTabort("upload_error::$new_filename"); //jpg and jpeg are the same
elseif ($newtype != $type) return BOLTabort(
"upload_error::$new_filename");
if (BOLTconfig('uploadsStrict', 'true') == 'true') {
if (BOLTfilter($current_filename, 'uploads') == '' || BOLTfilter(
$new_filename, 'uploads') == '') return BOLTabort(
"upload_error::$new_filename");
}
if ($dir != 'files') {
$check = BOLTfilter($dir, '-_a-z0-9');
if ($check == '') return BOLTabort("upload_fail_dir::$dir");
$dir = "files/$check";
}
BOLTfixdir($dir, false);
if ($_FILES[$field]['error'] != UPLOAD_ERR_OK) return BOLTabort(
"upload_error::$new_filename");
if ($_FILES[$field]['size'] > $size || $_FILES[$field]['size'] >
$a_size ) return BOLTabort("upload_fail_size::$new_filename");
$success = move_uploaded_file($_FILES[$field]['tmp_name'],
"$dir/$new_filename");
if ($success) {
chmod("$dir/$new_filename", 0644);
BOLTmessage("upload_success::$new_filename", $args);
}
else BOLTmessage("upload_fail::$new_filename", $args);
clearstatcache();
$_POST[$field] = $new_filename;
}
Cheers,
Tiffany
Le dimanche 24 mai 2015 11:48:14 UTC+2, Dan a écrit :
>
> Tiffany, could you post the full upload function with all these changes
> together--that would be easier than me piecing together the improvements
> you have made. Thanks for these suggestions. Will be good to have this in
> BoltWire 5!
>
> Cheers,
> Dan
>
> On Sat, May 23, 2015 at 11:10 PM Tiffany Grenier <[email protected]
> <javascript:>> wrote:
>
>> Oh, I forgot to mention one necessary change:
>> you should also add
>> $field = BOLTinit($field, $args['file']);
>> before
>> $current_filename = $_FILES[$field]['name'];
>> And when you think about it, you cannot save the filepath of the image in
>> a data var, or you will not be able to use the data var to display the
>> image. The directory has to be supposed a known piece of information
>> (always the same for this data var).
>> Thus, you should only put at the end:
>> $_POST[$field] = $new_filename;
>> Cheers,
>> Tiffany
>>
>>
>> Le samedi 23 mai 2015 14:17:02 UTC+2, Tiffany Grenier a écrit :
>>>
>>> The main difference I was thinking if between name and rawname is that
>>> rawname contains no extension. For example, newname would be "sth.jpg" wile
>>> rawnewname would be only "sth" (and then the extension would be the one of
>>> the uploaded file).
>>>
>>> Anyway, after a nice week of vacations and some busy day back to work, I
>>> have solved this problem and heer is the code changes I suggest to achieve
>>> what I wanted:
>>> Replace
>>> $newtype = strtolower(substr($new_filename, strrpos($new_filename, '.')
>>> + 1));
>>> by
>>> $dotIndex = strrpos($new_filename, '.');
>>> if($dotIndex === FALSE) {
>>> $newtype = $type;
>>> $new_filename = $new_filename.'.'.$type;
>>> }
>>> else $newtype = strtolower(substr($new_filename, $dotIndex + 1));
>>>
>>> and add at the end of the function the following line (in order to be
>>> able to save the newly created file name (with the implicit extension, and
>>> potentially custom location)) with savedata:
>>> $_POST[$field] = "$dir/$new_filename";
>>>
>>> With these changes, the following form works well on my website:
>>> [form]
>>> big pic: [file avatar]
>>> basic pic: [file upload]
>>> [submit UPLOAD]
>>> [command upload dir=members]
>>> [command upload name={id} file=avatar dir=members]
>>> [command savedata upload,avatar page="member.{id}"]
>>> [form]
>>>
>>>
>>>
>>> Also, I suggest that you replace
>>> function BOLTXupload($value, $field, $args='') {
>>> global $pageLink;
>>> [...]
>>> if (BOLTauth($pageLink, $BOLTid, 'uploads') == false) return BOLTabort(
>>> 'upload_fail_auth');
>>> by
>>> function BOLTXupload($value, $field, $args='') {
>>> global $pageLink,$BOLTid;
>>> if (BOLTauth($pageLink, $BOLTid, 'uploads') == false) return BOLTabort(
>>> 'upload_fail_auth');
>>> [...]
>>>
>>> because at the moment, your auth check is worth nothing since
>>> - $BOLTid is not declared global and is thus empty
>>> - what is the point in doing any processing of data if we are going to
>>> abort anyway?
>>>
>>>
>>> Cheers,
>>> Tiffany/Maelite
>>>
>>>
>>> Le mardi 19 mai 2015 18:13:45 UTC+2, Dan a écrit :
>>>>
>>>> The changes you suggested look very good. I changed the names of the
>>>> vars slightly to uploadImgTypes and uploadFileTypes to match with the img:
>>>> and file: markups. Users will have to remember to update their config
>>>> files
>>>> from uploadTypes to the two new config settings. This will be in the next
>>>> release.
>>>>
>>>> As for uploading multiple files, what changes would we need to make to
>>>> the core to make that happen? I guess we need to specify somehow which
>>>> file
>>>> upload goes with each which command? The command looks like it is already
>>>> set. Perhaps we need to specify something in the file input field, like an
>>>> id or name? Let me know and I can add it to the core. Or I can dig into it
>>>> when I find some time...
>>>>
>>>> You should already be able to rename the uploaded file putting
>>>> name='newname' in the upload command (rather than rawname). Does this not
>>>> work?
>>>>
>>>> Cheers,
>>>> Dan
>>>>
>>>> PS. Thanks again for all your great suggestions.
>>>>
>>>> On Mon, May 11, 2015 at 1:40 AM Tiffany Grenier <[email protected]>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> After my suggestions a few months ago to add svg to the allowed file
>>>>> types, I started thinking about making this more dynamic, and I have come
>>>>> with the idea of introducing the following configuration items:
>>>>> *uploadImagesTypes* (by default,, gif,jpg,jpeg,png,svg) and
>>>>> *uploadOtherTypes* (by default, pdf,txt) instead of the current
>>>>> *uploadTypes*, and getting rid of hardcoded file types in the code.
>>>>>
>>>>> -in commands.php, replace:
>>>>> $types = BOLTconfig('uploadTypes', 'gif,jpg,jpeg,png,txt,pdf,svg');
>>>>> by
>>>>> $types = BOLTconfig('uploadImagesTypes', 'gif,jpg,jpeg,png,svg');
>>>>> $types .= ','.BOLTconfig('uploadOtherTypes', 'pdf,txt');
>>>>>
>>>>> - in markups.php, replace
>>>>> MarkUp('links', 'image',
>>>>> '/(img|link)\:(([-_a-zA-Z0-9\/\:\.]+)\.(gif|jpg|jpeg|png|svg|pdf))/e',
>>>>> "BOLTMuploads('$2')"); // img:file.gif
>>>>> by
>>>>> $uploadImagesTypes = BOLTconfig('uploadImagesTypes',
>>>>> 'gif,jpg,jpeg,png,svg');
>>>>> $uploadImagesTypes = str_replace(',','|',$uploadImagesTypes);
>>>>> MarkUp('links', 'image', '/(img|link)\:(([-_a-zA-Z0-9\/\:\.]+)\.('.
>>>>> $uploadImagesTypes.'))/e', "BOLTMuploads('$2')"); // img:file.gif
>>>>> $uploadOtherTypes = BOLTconfig('uploadOtherTypes', 'pdf,txt');
>>>>> $uploadOtherTypes = str_replace(',','|',$uploadOtherTypes);
>>>>> MarkUp('links', 'files', '/(file|link)\:(([-_a-zA-Z0-9\/\:\.]+)\.('.$
>>>>> uploadOtherTypes.'))/e', "BOLTMuploads('$2')"); // file:file.pdf
>>>>>
>>>>> - in markups.php, replace
>>>>> if (inlist(substr($file, strrpos($file, '.') + 1),
>>>>> 'jpg,gif,png,jpeg,svg')) $type = 'img';
>>>>> by
>>>>> if (inlist(substr($file, strrpos($file, '.') + 1), BOLTconfig(
>>>>> 'uploadImagesTypes', 'gif,jpg,jpeg,png,svg'))) $type = 'img';
>>>>>
>>>>> and
>>>>> if (strpos('jpg,gif,png,jpeg,svg', substr(strrchr($file, "."), 1)) !==
>>>>> false) {
>>>>> by
>>>>> if (strpos(BOLTconfig('uploadImagesTypes', 'gif,jpg,jpeg,png,svg'),
>>>>> substr(strrchr($file, "."), 1)) !== false) {
>>>>>
>>>>>
>>>>> I would also suggest the possibility to upload more than one file at
>>>>> once, and to rename a file during upload while keeping its current file
>>>>> extension.
>>>>> Then I could do
>>>>> [file smallpic]
>>>>> [file bigpic]
>>>>> [command upload smallpic dir=members rawname={id}]
>>>>> [command upload bigpic dir=members]
>>>>> [command savedata smallpic,bigpic page=member.{id}]
>>>>>
>>>>> Any remark, idea, comment?
>>>>>
>>>>> Cheers,
>>>>> Tiffany
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "BoltWire" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to [email protected].
>>>>> To post to this group, send email to [email protected].
>>>>> Visit this group at http://groups.google.com/group/boltwire.
>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>
>>>> --
>> You received this message because you are subscribed to the Google Groups
>> "BoltWire" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> To post to this group, send email to [email protected]
>> <javascript:>.
>> Visit this group at http://groups.google.com/group/boltwire.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
--
You received this message because you are subscribed to the Google Groups
"BoltWire" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/boltwire.
For more options, visit https://groups.google.com/d/optout.
