addExternalJavascript(WT_STATIC_URL . 'js/autocomplete.js')
->addInlineJavascript('autocomplete();')
->restrictAccess(Auth::isMember());
$disp = true;
$media = WT_Media::getInstance($pid);
if ($media) {
$disp = $media->canShow();
}
if ($action=='update' || $action=='create') {
if ($linktoid) {
$disp = WT_GedcomRecord::getInstance($linktoid)->canShow();
}
}
if (!WT_USER_CAN_EDIT || !$disp) {
$controller
->pageHeader()
->addInlineJavascript('closePopupAndReloadParent();');
exit;
}
// TODO - there is a lot of common code in the create and update cases....
// .... and also in the admin_media_upload.php script
switch ($action) {
case 'create': // Save the information from the “showcreateform” action
$controller->setPageTitle(WT_I18N::translate('Create a new media object'));
// Validate the media folder
$folderName = str_replace('\\', '/', $folder);
$folderName = trim($folderName, '/');
if ($folderName == '.') {
$folderName = '';
}
if ($folderName) {
$folderName .= '/';
// Not allowed to use “../”
if (strpos('/' . $folderName, '/../')!==false) {
WT_FlashMessages::addMessage('Folder names are not allowed to include “../”');
break;
}
}
// Make sure the media folder exists
if (!is_dir(WT_DATA_DIR . $MEDIA_DIRECTORY)) {
if (WT_File::mkdir(WT_DATA_DIR . $MEDIA_DIRECTORY)) {
WT_FlashMessages::addMessage(WT_I18N::translate('The folder %s was created.', '' . WT_DATA_DIR . $MEDIA_DIRECTORY . ''));
} else {
WT_FlashMessages::addMessage(WT_I18N::translate('The folder %s does not exist, and it could not be created.', '' . WT_DATA_DIR . $MEDIA_DIRECTORY . ''));
break;
}
}
// Managers can create new media paths (subfolders). Users must use existing folders.
if ($folderName && !is_dir(WT_DATA_DIR . $MEDIA_DIRECTORY . $folderName)) {
if (WT_USER_GEDCOM_ADMIN) {
if (WT_File::mkdir(WT_DATA_DIR . $MEDIA_DIRECTORY . $folderName)) {
WT_FlashMessages::addMessage(WT_I18N::translate('The folder %s was created.', '' . WT_DATA_DIR . $MEDIA_DIRECTORY . $folderName . ''));
} else {
WT_FlashMessages::addMessage(WT_I18N::translate('The folder %s does not exist, and it could not be created.', '' . WT_DATA_DIR . $MEDIA_DIRECTORY . $folderName . ''));
break;
}
} else {
// Regular users should not have seen this option - so no need for an error message.
break;
}
}
// The media folder exists. Now create a thumbnail folder to match it.
if (!is_dir(WT_DATA_DIR . $MEDIA_DIRECTORY . 'thumbs/' . $folderName)) {
if (!WT_File::mkdir(WT_DATA_DIR . $MEDIA_DIRECTORY . 'thumbs/' . $folderName)) {
WT_FlashMessages::addMessage(WT_I18N::translate('The folder %s does not exist, and it could not be created.', '' . WT_DATA_DIR . $MEDIA_DIRECTORY . 'thumbs/' . $folderName . ''));
break;
}
}
// A thumbnail file with no main image?
if (!empty($_FILES['thumbnail']['name']) && empty($_FILES['mediafile']['name'])) {
// Assume the user used the wrong field, and treat this as a main image
$_FILES['mediafile'] = $_FILES['thumbnail'];
unset($_FILES['thumbnail']);
}
// Thumbnails must be images.
if (!empty($_FILES['thumbnail']['name']) && !preg_match('/^image/', $_FILES['thumbnail']['type'])) {
WT_FlashMessages::addMessage(WT_I18N::translate('Thumbnails must be images.'));
break;
}
// User-specified filename?
if ($tag[0]=='FILE' && $text[0]) {
$filename = $text[0];
}
// Use the name of the uploaded file?
// If no filename specified, use the name of the uploaded file?
if (!$filename && !empty($_FILES['mediafile']['name'])) {
$filename = $_FILES['mediafile']['name'];
}
// Validate the media path and filename
if (preg_match('/^https?:\/\//i', $text[0], $match)) {
// External media needs no further validation
$fileName = $filename;
$folderName = '';
unset($_FILES['mediafile'], $_FILES['thumbnail']);
} elseif (preg_match('/([\/\\\\<>])/', $filename, $match)) {
// Local media files cannot contain certain special characters
WT_FlashMessages::addMessage(WT_I18N::translate('Filenames are not allowed to contain the character “%s”.', $match[1]));
$filename = '';
break;
} elseif (preg_match('/(\.(php|pl|cgi|bash|sh|bat|exe|com|htm|html|shtml))$/i', $filename, $match)) {
// Do not allow obvious script files.
WT_FlashMessages::addMessage(WT_I18N::translate('Filenames are not allowed to have the extension “%s”.', $match[1]));
$filename = '';
break;
} elseif (!$filename) {
WT_FlashMessages::addMessage(WT_I18N::translate('No media file was provided.'));
break;
} else {
$fileName = $filename;
}
// Now copy the file to the correct location.
if (!empty($_FILES['mediafile']['name'])) {
$serverFileName = WT_DATA_DIR . $MEDIA_DIRECTORY . $folderName . $fileName;
if (file_exists($serverFileName)) {
WT_FlashMessages::addMessage(WT_I18N::translate('The file %s already exists. Use another filename.', $folderName . $fileName));
$filename = '';
break;
}
if (move_uploaded_file($_FILES['mediafile']['tmp_name'], $serverFileName)) {
Log::addMediaLog('Media file ' . $serverFileName . ' uploaded');
} else {
WT_FlashMessages::addMessage(
WT_I18N::translate('There was an error uploading your file.') .
'
' .
file_upload_error_text($_FILES['mediafile']['error'])
);
$filename = '';
break;
}
// Now copy the (optional) thumbnail
if (!empty($_FILES['thumbnail']['name']) && preg_match('/^image\/(png|gif|jpeg)/', $_FILES['thumbnail']['type'], $match)) {
// Thumbnails have either
// (a) the same filename as the main image
// (b) the same filename as the main image - but with a .png extension
if ($match[1]=='png' && !preg_match('/\.(png)$/i', $fileName)) {
$thumbFile = preg_replace('/\.[a-z0-9]{3,5}$/', '.png', $fileName);
} else {
$thumbFile = $fileName;
}
$serverFileName = WT_DATA_DIR . $MEDIA_DIRECTORY . 'thumbs/' . $folderName . $thumbFile;
if (move_uploaded_file($_FILES['thumbnail']['tmp_name'], $serverFileName)) {
Log::addMediaLog('Thumbnail file ' . $serverFileName . ' uploaded');
}
}
}
$controller->pageHeader();
// Build the gedcom record
$newged = "0 @new@ OBJE";
if ($tag[0]=='FILE') {
// The admin has an edit field to change the file name
$text[0] = $folderName . $fileName;
} else {
// Users keep the original filename
$newged .= "\n1 FILE " . $folderName . $fileName;
}
$newged = handle_updates($newged);
$media = WT_GedcomRecord::createRecord($newged, WT_GED_ID);
if ($linktoid) {
$record = WT_GedcomRecord::getInstance($linktoid);
$record->createFact('1 OBJE @' . $media->getXref() . '@', true);
Log::addEditLog('Media ID '.$media->getXref()." successfully added to $linktoid.");
$controller->addInlineJavascript('closePopupAndReloadParent();');
} else {
Log::addEditLog('Media ID '.$media->getXref().' successfully added.');
$controller->addInlineJavascript('openerpasteid("' . $media->getXref() . '");');
}
echo '';
exit;
case 'update': // Save the information from the “editmedia” action
$controller->setPageTitle(WT_I18N::translate('Edit media object'));
// Validate the media folder
$folderName = str_replace('\\', '/', $folder);
$folderName = trim($folderName, '/');
if ($folderName == '.') {
$folderName = '';
}
if ($folderName) {
$folderName .= '/';
// Not allowed to use “../”
if (strpos('/' . $folderName, '/../')!==false) {
WT_FlashMessages::addMessage('Folder names are not allowed to include “../”');
break;
}
}
// Make sure the media folder exists
if (!is_dir(WT_DATA_DIR . $MEDIA_DIRECTORY)) {
if (WT_File::mkdir(WT_DATA_DIR . $MEDIA_DIRECTORY)) {
WT_FlashMessages::addMessage(WT_I18N::translate('The folder %s was created.', '' . WT_DATA_DIR . $MEDIA_DIRECTORY . ''));
} else {
WT_FlashMessages::addMessage(WT_I18N::translate('The folder %s does not exist, and it could not be created.', '' . WT_DATA_DIR . $MEDIA_DIRECTORY . ''));
break;
}
}
// Managers can create new media paths (subfolders). Users must use existing folders.
if ($folderName && !is_dir(WT_DATA_DIR . $MEDIA_DIRECTORY . $folderName)) {
if (WT_USER_GEDCOM_ADMIN) {
if (WT_File::mkdir(WT_DATA_DIR . $MEDIA_DIRECTORY . $folderName)) {
WT_FlashMessages::addMessage(WT_I18N::translate('The folder %s was created.', '' . WT_DATA_DIR . $MEDIA_DIRECTORY . $folderName . ''));
} else {
WT_FlashMessages::addMessage(WT_I18N::translate('The folder %s does not exist, and it could not be created.', '' . WT_DATA_DIR . $MEDIA_DIRECTORY . $folderName . ''));
break;
}
} else {
// Regular users should not have seen this option - so no need for an error message.
break;
}
}
// The media folder exists. Now create a thumbnail folder to match it.
if (!is_dir(WT_DATA_DIR . $MEDIA_DIRECTORY . 'thumbs/' . $folderName)) {
if (!WT_File::mkdir(WT_DATA_DIR . $MEDIA_DIRECTORY . 'thumbs/' . $folderName)) {
WT_FlashMessages::addMessage(WT_I18N::translate('The folder %s does not exist, and it could not be created.', '' . WT_DATA_DIR . $MEDIA_DIRECTORY . 'thumbs/' . $folderName . ''));
break;
}
}
// Validate the media path and filename
if (preg_match('/^https?:\/\//i', $filename, $match)) {
// External media needs no further validation
$fileName = $filename;
$folderName = '';
unset($_FILES['mediafile'], $_FILES['thumbnail']);
} elseif (preg_match('/([\/\\\\<>])/', $filename, $match)) {
// Local media files cannot contain certain special characters
WT_FlashMessages::addMessage(WT_I18N::translate('Filenames are not allowed to contain the character “%s”.', $match[1]));
$filename = '';
break;
} elseif (preg_match('/(\.(php|pl|cgi|bash|sh|bat|exe|com|htm|html|shtml))$/i', $filename, $match)) {
// Do not allow obvious script files.
WT_FlashMessages::addMessage(WT_I18N::translate('Filenames are not allowed to have the extension “%s”.', $match[1]));
$filename = '';
break;
} elseif (!$filename) {
WT_FlashMessages::addMessage(WT_I18N::translate('No media file was provided.'));
break;
} else {
$fileName = $filename;
}
$oldFilename = $media->getFilename();
$newFilename = $folderName . $fileName;
// Cannot rename local to external or vice-versa
if (isFileExternal($oldFilename) != isFileExternal($filename)) {
WT_FlashMessages::addMessage(WT_I18N::translate('Media file %1$s could not be renamed to %2$s.', ''.$oldFilename.'', ''.$newFilename.''));
break;
}
$messages = false;
// Move files on disk (if we can) to reflect the change to the GEDCOM data
if (!$media->isExternal()) {
$oldServerFile = $media->getServerFilename('main');
$oldServerThumb = $media->getServerFilename('thumb');
$newmedia = new WT_Media("xxx", "0 @xxx@ OBJE\n1 FILE " . $newFilename, null, WT_GED_ID);
$newServerFile = $newmedia->getServerFilename('main');
$newServerThumb = $newmedia->getServerFilename('thumb');
// We could be either renaming an existing file, or updating a record (with no valid file) to point to a new file
if ($oldServerFile != $newServerFile) {
//-- check if the file is used in more than one gedcom
//-- do not allow it to be moved or renamed if it is
if (!$media->isExternal() && is_media_used_in_other_gedcom($media->getFilename(), WT_GED_ID)) {
WT_FlashMessages::addMessage(WT_I18N::translate('This file is linked to another genealogical database on this server. It cannot be deleted, moved, or renamed until these links have been removed.'));
break;
}
if (!file_exists($newServerFile) || @md5_file($oldServerFile)==md5_file($newServerFile)) {
if (@rename($oldServerFile, $newServerFile)) {
WT_FlashMessages::addMessage(WT_I18N::translate('Media file %1$s successfully renamed to %2$s.', ''.$oldFilename.'', ''.$newFilename.''));
} else {
WT_FlashMessages::addMessage(WT_I18N::translate('Media file %1$s could not be renamed to %2$s.', ''.$oldFilename.'', ''.$newFilename.''));
}
$messages = true;
}
if (!file_exists($newServerFile)) {
WT_FlashMessages::addMessage(WT_I18N::translate('Media file %s does not exist.', ''.$newFilename.''));
$messages = true;
}
}
if ($oldServerThumb != $newServerThumb) {
if (!file_exists($newServerThumb) || @md5_file($oldServerFile)==md5_file($newServerThumb)) {
if (@rename($oldServerThumb, $newServerThumb)) {
WT_FlashMessages::addMessage(WT_I18N::translate('Thumbnail file %1$s successfully renamed to %2$s.', ''.$oldFilename.'', ''.$newFilename.''));
} else {
WT_FlashMessages::addMessage(WT_I18N::translate('Thumbnail file %1$s could not be renamed to %2$s.', ''.$oldFilename.'', ''.$newFilename.''));
}
$messages = true;
}
if (!file_exists($newServerThumb)) {
WT_FlashMessages::addMessage(WT_I18N::translate('Thumbnail file %s does not exist.', ''.$newFilename.''));
$messages = true;
}
}
}
// Insert the 1 FILE xxx record into the arrays used by function handle_updates()
$glevels = array_merge(array('1'), $glevels);
$tag = array_merge(array('FILE'), $tag);
$islink = array_merge(array(0), $islink);
$text = array_merge(array($newFilename), $text);
$record = WT_GedcomRecord::getInstance($pid);
$newrec = "0 @$pid@ OBJE\n";
$newrec = handle_updates($newrec);
$record->updateRecord($newrec, $update_CHAN);
if ($pid && $linktoid) {
$record = WT_GedcomRecord::getInstance($linktoid);
$record->createFact('1 OBJE @' . $pid . '@', true);
Log::addEditLog('Media ID '.$pid." successfully added to $linktoid.");
}
$controller->pageHeader();
if ($messages) {
echo '';
} else {
$controller->addInlineJavascript('closePopupAndReloadParent();');
}
exit;
case 'showmediaform':
$controller->setPageTitle(WT_I18N::translate('Create a new media object'));
$action='create';
break;
case 'editmedia':
$controller->setPageTitle(WT_I18N::translate('Edit media object'));
$action='update';
break;
default:
throw new Exception('Bad $action (' . $action . ') in addmedia.php');
}
$controller->pageHeader();
echo '