source: admin/media.php @ 2320:89c91e538879

Visit:

Revision 2320:89c91e538879, 17.8 KB checked in by Nicolas <nikrou77@…>, 12 years ago (diff)
Fix invalid html for media page (in attachment context) because of nested form. Closes #1761

Line
1	<?php
2	# -- BEGIN LICENSE BLOCK ---------------------------------------
3	#
4	# This file is part of Dotclear 2.
5	#
6	# Copyright (c) 2003-2013 Olivier Meunier & Association Dotclear
7	# Licensed under the GPL version 2.0 license.
8	# See LICENSE file or
9	# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
10	#
11	# -- END LICENSE BLOCK -----------------------------------------
12
13	/* HTML page
14	-------------------------------------------------------- */
15	require dirname(__FILE__).'/../inc/admin/prepend.php';
16
17	dcPage::check('media,media_admin');
18
19	$post_id = !empty($_GET['post_id']) ? (integer) $_GET['post_id'] : null;
20	if ($post_id) {
21	$post = $core->blog->getPosts(array('post_id'=>$post_id,'post_type'=>''));
22	if ($post->isEmpty()) {
23	$post_id = null;
24	}
25	$post_title = $post->post_title;
26	$post_type = $post->post_type;
27	unset($post);
28	}
29	$d = isset($_REQUEST['d']) ? $_REQUEST['d'] : null;
30	$dir = null;
31
32	$page = !empty($_GET['page']) ? max(1,(integer) $_GET['page']) : 1;
33	$nb_per_page = ((integer) $core->auth->user_prefs->interface->media_by_page ? (integer) $core->auth->user_prefs->interface->media_by_page : 30);
34
35	# We are on home not comming from media manager
36	if ($d === null && isset($_SESSION['media_manager_dir'])) {
37	# We get session information
38	$d = $_SESSION['media_manager_dir'];
39	}
40
41	if (!isset($_GET['page']) && isset($_SESSION['media_manager_page'])) {
42	$page = $_SESSION['media_manager_page'];
43	}
44
45	# We set session information about directory and page
46	if ($d) {
47	$_SESSION['media_manager_dir'] = $d;
48	} else {
49	unset($_SESSION['media_manager_dir']);
50	}
51	if ($page != 1) {
52	$_SESSION['media_manager_page'] = $page;
53	} else {
54	unset($_SESSION['media_manager_page']);
55	}
56
57	# Sort combo
58	$sort_combo = array(
59	__('By names, in ascending order') => 'name-asc',
60	__('By names, in descending order') => 'name-desc',
61	__('By dates, in ascending order') => 'date-asc',
62	__('By dates, in descending order') => 'date-desc'
63	);
64
65	if (!empty($_GET['file_sort']) && in_array($_GET['file_sort'],$sort_combo)) {
66	$_SESSION['media_file_sort'] = $_GET['file_sort'];
67	}
68	$file_sort = !empty($_SESSION['media_file_sort']) ? $_SESSION['media_file_sort'] : null;
69	$nb_per_page = !empty($_SESSION['nb_per_page']) ? (integer)$_SESSION['nb_per_page'] : $nb_per_page;
70	if (!empty($_GET['nb_per_page']) && (integer)$_GET['nb_per_page'] > 0) {
71	$nb_per_page = $_SESSION['nb_per_page'] = (integer)$_GET['nb_per_page'];
72	}
73
74	$popup = (integer) !empty($_GET['popup']);
75
76	$page_url = 'media.php?popup='.$popup.'&post_id='.$post_id;
77
78	if ($popup) {
79	$open_f = array('dcPage','openPopup');
80	$close_f = array('dcPage','closePopup');
81	} else {
82	$open_f = array('dcPage','open');
83	$close_f = create_function('',"dcPage::helpBlock('core_media'); dcPage::close();");
84	}
85
86	$core_media_writable = false;
87	try {
88	$core->media = new dcMedia($core);
89	if ($file_sort) {
90	$core->media->setFileSort($file_sort);
91	}
92	$core->media->chdir($d);
93	$core->media->getDir();
94	$core_media_writable = $core->media->writable();
95	$dir =& $core->media->dir;
96	if (!$core_media_writable) {
97	// throw new Exception('you do not have sufficient permissions to write to this folder: ');
98	}
99	} catch (Exception $e) {
100	$core->error->add($e->getMessage());
101	}
102
103	# Zip download
104	if (!empty($_GET['zipdl']) && $core->auth->check('media_admin',$core->blog->id))
105	{
106	try
107	{
108	@set_time_limit(300);
109	$fp = fopen('php://output','wb');
110	$zip = new fileZip($fp);
111	$zip->addExclusion('#(^\|/).(.*?)_(m\|s\|sq\|t).jpg$#');
112	$zip->addDirectory($core->media->root.'/'.$d,'',true);
113
114	header('Content-Disposition: attachment;filename='.($d ? $d : 'media').'.zip');
115	header('Content-Type: application/x-zip');
116	$zip->write();
117	unset($zip);
118	exit;
119	}
120	catch (Exception $e)
121	{
122	$core->error->add($e->getMessage());
123	}
124	}
125
126	# New directory
127	if ($dir && !empty($_POST['newdir']))
128	{
129	try {
130	$core->media->makeDir($_POST['newdir']);
131	dcPage::addSuccessNotice(sprintf(
132	__('Directory "%s" has been successfully created.'),
133	html::escapeHTML($_POST['newdir']))
134	);
135	http::redirect($page_url.'&d='.rawurlencode($d));
136	} catch (Exception $e) {
137	$core->error->add($e->getMessage());
138	}
139	}
140
141	# Adding a file
142	if ($dir && !empty($_FILES['upfile'])) {
143	// only one file per request : @see option singleFileUploads in admin/js/jsUpload/jquery.fileupload
144	$upfile = array('name' => $_FILES['upfile']['name'][0],
145	'type' => $_FILES['upfile']['type'][0],
146	'tmp_name' => $_FILES['upfile']['tmp_name'][0],
147	'error' => $_FILES['upfile']['error'][0],
148	'size' => $_FILES['upfile']['size'][0]
149	);
150
151	if (!empty($_SERVER['HTTP_X_REQUESTED_WITH'])) {
152	header('Content-type: application/json');
153	$message = array();
154
155	try {
156	files::uploadStatus($upfile);
157	$new_file_id = $core->media->uploadFile($upfile['tmp_name'], $upfile['name']);
158
159	$message['files'][] = array('name' => $upfile['name'],
160	'size' => $upfile['size'],
161	'html' => mediaItemLine($core->media->getFile($new_file_id), 1)
162	);
163	} catch (Exception $e) {
164	$message['files'][] = array('name' => $upfile['name'],
165	'size' => $upfile['size'],
166	'error' => $e->getMessage()
167	);
168	}
169	echo json_encode($message);
170	exit();
171	} else {
172	try {
173	files::uploadStatus($upfile);
174
175	$f_title = (isset($_POST['upfiletitle']) ? $_POST['upfiletitle'] : '');
176	$f_private = (isset($_POST['upfilepriv']) ? $_POST['upfilepriv'] : false);
177
178	$core->media->uploadFile($upfile['tmp_name'], $upfile['name'], $f_title, $f_private);
179
180	dcPage::addSuccessNotice(__('Files have been successfully uploaded.'));
181	http::redirect($page_url.'&d='.rawurlencode($d));
182	} catch (Exception $e) {
183	$core->error->add($e->getMessage());
184	}
185	}
186	}
187
188	# Removing items
189	if ($dir && !empty($_POST['medias']) && !empty($_POST['delete_medias'])) {
190	try {
191	foreach ($_POST['medias'] as $media) {
192	$core->media->removeItem(rawurldecode($media));
193	}
194	dcPage::addSuccessNotice(
195	sprintf(__('Successfully delete one media.',
196	'Successfully delete %d medias.',
197	count($_POST['medias'])
198	),
199	count($_POST['medias'])
200	)
201	);
202	http::redirect($page_url.'&d='.rawurlencode($d));
203	} catch (Exception $e) {
204	$core->error->add($e->getMessage());
205	}
206	}
207
208	# Removing item from popup only
209	if ($dir && !empty($_POST['rmyes']) && !empty($_POST['remove']))
210	{
211	$_POST['remove'] = rawurldecode($_POST['remove']);
212
213	try {
214	$core->media->removeItem($_POST['remove']);
215
216	dcPage::addSuccessNotice(__('File has been successfully removed.'));
217	http::redirect($page_url.'&d='.rawurlencode($d));
218	} catch (Exception $e) {
219	$core->error->add($e->getMessage());
220	}
221	}
222
223	# Rebuild directory
224	if ($dir && $core->auth->isSuperAdmin() && !empty($_POST['rebuild']))
225	{
226	try {
227	$core->media->rebuild($d);
228
229	dcPage::success(sprintf(
230	__('Directory "%s" has been successfully rebuilt.'),
231	html::escapeHTML($d))
232	);
233	http::redirect($page_url.'&d='.rawurlencode($d));
234	} catch (Exception $e) {
235	$core->error->add($e->getMessage());
236	}
237	}
238
239	# DISPLAY confirm page for rmdir & rmfile
240	if ($dir && !empty($_GET['remove']) && empty($_GET['noconfirm']))
241	{
242	call_user_func($open_f,__('Media manager'),'',
243	dcPage::breadcrumb(
244	array(
245	html::escapeHTML($core->blog->name) => '',
246	__('Media manager') => '',
247	__('confirm removal') => ''
248	),
249	array('home_link' => !$popup)
250	)
251	);
252
253	echo
254	'<form action="'.html::escapeURL($page_url).'" method="post">'.
255	'<p>'.sprintf(__('Are you sure you want to remove %s?'),
256	html::escapeHTML($_GET['remove'])).'</p>'.
257	'<p><input type="submit" value="'.__('Cancel').'" /> '.
258	'   <input type="submit" name="rmyes" value="'.__('Yes').'" />'.
259	form::hidden('d',$d).
260	$core->formNonce().
261	form::hidden('remove',html::escapeHTML($_GET['remove'])).'</p>'.
262	'</form>';
263
264	call_user_func($close_f);
265	exit;
266	}
267
268	/* DISPLAY Main page
269	-------------------------------------------------------- */
270	$core->auth->user_prefs->addWorkspace('interface');
271	$user_ui_enhanceduploader = $core->auth->user_prefs->interface->enhanceduploader;
272
273	if (!isset($core->media)) {
274	$breadcrumb = dcPage::breadcrumb(
275	array(
276	html::escapeHTML($core->blog->name) => '',
277	__('Media manager') => ''
278	),
279	array('home_link' => !$popup)
280	);
281	} else {
282	$breadcrumb_media = $core->media->breadCrumb(html::escapeURL($page_url).'&d=%s','<span class="page-title">%s</span>');
283	if ($breadcrumb_media == '') {
284	$breadcrumb = dcPage::breadcrumb(
285	array(
286	html::escapeHTML($core->blog->name) => '',
287	__('Media manager') => ''
288	),
289	array('home_link' => !$popup)
290	);
291	} else {
292	$breadcrumb = dcPage::breadcrumb(
293	array(
294	html::escapeHTML($core->blog->name) => '',
295	__('Media manager') => html::escapeURL($page_url.'&d='),
296	$breadcrumb_media => ''
297	),
298	array(
299	'home_link' => !$popup,
300	'hl' => false
301	)
302	);
303	}
304	}
305
306	call_user_func($open_f,__('Media manager'),
307	dcPage::jsLoad('js/_media.js').
308	($core_media_writable ? dcPage::jsUpload(array('d='.$d)) : ''),
309	$breadcrumb
310	);
311
312	if (!$core_media_writable) {
313	dcPage::warning(__('You do not have sufficient permissions to write to this folder.'));
314	}
315
316	if (!empty($_GET['mkdok'])) {
317	dcPage::success(__('Directory has been successfully created.'));
318	}
319
320	if (!empty($_GET['upok'])) {
321	dcPage::success(__('Files have been successfully uploaded.'));
322	}
323
324	if (!empty($_GET['rmfok'])) {
325	dcPage::success(__('File has been successfully removed.'));
326	}
327
328	if (!empty($_GET['rmdok'])) {
329	dcPage::success(__('Directory has been successfully removed.'));
330	}
331
332	if (!empty($_GET['rebuildok'])) {
333	dcPage::success(__('Directory has been successfully rebuilt.'));
334	}
335
336	if (!empty($_GET['unzipok'])) {
337	dcPage::success(__('Zip file has been successfully extracted.'));
338	}
339
340	if (!$dir) {
341	call_user_func($close_f);
342	exit;
343	}
344
345	if ($post_id) {
346	echo '<p class="form-note info">'.sprintf(__('Choose a file to attach to entry %s by clicking on %s.'),
347	'<a href="'.$core->getPostAdminURL($post_type,$post_id).'">'.html::escapeHTML($post_title).'</a>',
348	'<img src="images/plus.png" alt="'.__('Attach this file to entry').'" />').'</p>';
349	}
350	if ($popup) {
351	echo '<div class="info"><p>'.sprintf(__('Choose a file to insert into entry by clicking on %s.'),
352	'<img src="images/plus.png" alt="'.__('Attach this file to entry').'" />').'</p></div>';
353	}
354
355	$items = array_values(array_merge($dir['dirs'],$dir['files']));
356
357	$fmt_form_media = '<form action="media.php" method="post" id="form-medias">'.
358	'<div class="files-group">%s</div>'.
359	'<p class="hidden">'.$core->formNonce() . form::hidden(array('d'),$d).'</p>';
360
361	if (!$popup) {
362	$fmt_form_media .=
363	'<div class="medias-delete%s">'.
364	'<p class="checkboxes-helpers"></p>'.
365	'<p><input type="submit" class="delete" name="delete_medias" value="'.__('Remove selected medias').'"/></p>'.
366	'</div>';
367	}
368	$fmt_form_media .=
369	'</form>';
370
371	echo '<div class="media-list">';
372	if (count($items) == 0)
373	{
374	echo
375	'<p>'.__('No file.').'</p>'.
376	sprintf($fmt_form_media,'',' hide'); // need for jsUpload to append new media
377	}
378	else
379	{
380	$pager = new dcPager($page,count($items),$nb_per_page,10);
381
382	echo
383	'<form action="media.php" method="get" id="filters-form">'.
384	'<p class="two-boxes"><label for="file_sort" class="classic">'.__('Sort files:').'</label> '.
385	form::combo('file_sort',$sort_combo,$file_sort).'</p>'.
386	'<p class="two-boxes"><label for="nb_per_page" class="classic">'.__('Number of elements displayed per page:').'</label> '.
387	form::field('nb_per_page',5,3,(integer) $nb_per_page).' '.
388	'<input type="submit" value="'.__('OK').'" />'.
389	form::hidden(array('popup'),$popup).
390	form::hidden(array('post_id'),$post_id).
391	'</p>'.
392	'</form>'.
393	$pager->getLinks();
394
395	$dgroup = '';
396	$fgroup = '';
397	for ($i=$pager->index_start, $j=0; $i<=$pager->index_end; $i++,$j++)
398	{
399	if ($items[$i]->d) {
400	$dgroup .= mediaItemLine($items[$i],$j);
401	} else {
402	$fgroup .= mediaItemLine($items[$i],$j);
403	}
404	}
405
406	echo
407	($dgroup != '' ? '<div class="folders-group">'.$dgroup.'</div>' : '').
408	sprintf($fmt_form_media,$fgroup,'');
409
410	echo $pager->getLinks();
411	}
412	if (!isset($pager)) {
413	echo
414	'<p class="clear"></p>';
415	}
416	echo
417	'</div>';
418
419	if ($core_media_writable \|\| $core_media_archivable) {
420	echo
421	'<div class="vertical-separator">'.
422	'<h3 class="out-of-screen-if-js">'.sprintf(__('In %s:'),($d == '' ? '“'.__('Media manager').'”' : '“'.$d.'”')).'</h3>';
423	}
424
425	$core_media_archivable = $core->auth->check('media_admin',$core->blog->id) &&
426	!(count($items) == 0 \|\| (count($items) == 1 && $items[0]->parent));
427
428	if ($core_media_writable \|\| $core_media_archivable) {
429	echo
430	'<div class="two-boxes odd">';
431
432	# Create directory
433	if ($core_media_writable)
434	{
435	echo
436	'<form action="'.html::escapeURL($page_url).'" method="post" class="fieldset">'.
437	'<div id="new-dir-f">'.
438	'<h4 class="pretty-title">'.__('Create new directory').'</h4>'.
439	$core->formNonce().
440	'<p><label for="newdir">'.__('Directory Name:').'</label>'.
441	form::field(array('newdir','newdir'),35,255).'</p>'.
442	'<p><input type="submit" value="'.__('Create').'" />'.
443	form::hidden(array('d'),html::escapeHTML($d)).'</p>'.
444	'</div>'.
445	'</form>';
446	}
447
448	# Get zip directory
449	if ($core_media_archivable && !$popup)
450	{
451	echo
452	'<div class="fieldset">'.
453	'<h4 class="pretty-title">'.sprintf(__('Backup content of %s'),($d == '' ? '“'.__('Media manager').'”' : '“'.$d.'”')).'</h4>'.
454	'<p><a class="button submit" href="'.html::escapeURL($page_url).'&zipdl=1">'.
455	__('Download zip file').'</a></p>'.
456	'</div>';
457	}
458
459	echo
460	'</div>';
461	}
462
463	if ($core_media_writable)
464	{
465	echo
466	'<div class="two-boxes fieldset even">';
467	if ($user_ui_enhanceduploader) {
468	echo
469	'<div class="enhanced_uploader">';
470	} else {
471	echo
472	'<div>';
473	}
474
475	echo
476	'<h4>'.__('Add files').'</h4>'.
477	'<p>'.__('Please take care to publish media that you own and that are not protected by copyright.').'</p>'.
478	'<form id="fileupload" action="'.html::escapeURL($page_url).'" method="post" enctype="multipart/form-data" aria-disabled="false">'.
479	'<p>'.form::hidden(array('MAX_FILE_SIZE'),DC_MAX_UPLOAD_SIZE).
480	$core->formNonce().'</p>'.
481	'<div class="fileupload-ctrl"><p class="queue-message"></p><ul class="files"></ul></div>';
482
483	echo
484	'<div class="fileupload-buttonbar clear">';
485
486	echo
487	'<p><label for="upfile">'.'<span class="add-label one-file">'.__('Choose file').'</span>'.'</label>'.
488	'<button class="button choose_files">'.__('Choose files').'</button>'.
489	'<input type="file" id="upfile" name="upfile[]"'.($user_ui_enhanceduploader?' multiple="mutiple"':'').' data-url="'.html::escapeURL($page_url).'" /></p>';
490
491	echo
492	'<p class="max-sizer form-note"> '.__('Maximum file size allowed:').' '.files::size(DC_MAX_UPLOAD_SIZE).'</p>';
493
494	echo
495	'<p class="one-file"><label for="upfiletitle">'.__('Title:').'</label>'.form::field(array('upfiletitle','upfiletitle'),35,255).'</p>'.
496	'<p class="one-file"><label for="upfilepriv" class="classic">'.__('Private').'</label> '.
497	form::checkbox(array('upfilepriv','upfilepriv'),1).'</p>';
498
499	if (!$user_ui_enhanceduploader) {
500	echo
501	'<p class="one-file form-help info">'.__('To send several files at the same time, you can activate the enhanced uploader in').
502	' <a href="preferences.php?tab=user-options">'.__('My preferences').'</a></p>';
503	}
504
505	echo
506	'<p class="clear"><button class="button clean">'.__('Refresh').'</button>'.
507	'<input class="button cancel one-file" type="reset" value="'.__('Clear all').'"/>'.
508	'<input class="button start" type="submit" value="'.__('Upload').'"/></p>'.
509	'</div>';
510
511	echo
512	'<p style="clear:both;">'.form::hidden(array('d'),$d).'</p>'.
513	'</form>'.
514	'</div>'.
515	'</div>';
516	}
517
518	# Empty remove form (for javascript actions)
519	echo
520	'<form id="media-remove-hide" action="'.html::escapeURL($page_url).'" method="post" class="hidden">'.
521	'<div>'.
522	form::hidden('rmyes',1).form::hidden('d',html::escapeHTML($d)).
523	form::hidden('remove','').
524	$core->formNonce().
525	'</div>'.
526	'</form>';
527
528	if ($core_media_writable \|\| $core_media_archivable) {
529	echo
530	'</div>';
531	}
532
533	if (!$popup) {
534	echo '<div class="info"><p>'.sprintf(__('Current settings for medias and images are defined in %s'),
535	'<a href="blog_pref.php#medias-settings">'.__('Blog parameters').'</a>').'</p></div>';
536	}
537
538	call_user_func($close_f);
539
540	/* ----------------------------------------------------- */
541	function mediaItemLine($f,$i)
542	{
543	global $core, $page_url, $popup, $post_id;
544
545	$fname = $f->basename;
546
547	$class = 'media-item media-col-'.($i%2);
548
549	if ($f->d) {
550	$link = html::escapeURL($page_url).'&d='.html::sanitizeURL($f->relname);
551	if ($f->parent) {
552	$fname = '..';
553	$class .= ' media-folder-up';
554	} else {
555	$class .= ' media-folder';
556	}
557	} else {
558	$link =
559	'media_item.php?id='.$f->media_id.'&popup='.$popup.'&post_id='.$post_id;
560	}
561
562	$maxchars = 36;
563	if (strlen($fname) > $maxchars) {
564	$fname = substr($fname, 0, $maxchars-4).'...'.($f->d ? '' : files::getExtension($fname));
565	}
566	$res =
567	'<div class="'.$class.'"><p><a class="media-icon media-link" href="'.$link.'">'.
568	'<img src="'.$f->media_icon.'" alt="" />'.$fname.'</a></p>';
569
570	$lst = '';
571
572	if (!$f->d) {
573	$lst .=
574	'<li>'.$f->media_title.'</li>'.
575	'<li>'.
576	$f->media_dtstr.' - '.
577	files::size($f->size).' - '.
578	'<a href="'.$f->file_url.'">'.__('open').'</a>'.
579	'</li>';
580	}
581
582	$act = '';
583
584	if ($post_id && !$f->d) {
585	$act .=
586	'<a class="attach-media" title="'.__('Attach this file to entry').'" href="post_media.php?media_id='.$f->media_id.
587	'&post_id='.$post_id.'&attach=1">'.
588	'<img src="images/plus.png" alt="'.__('Attach this file to entry').'"/>'.
589	'</a>';
590	}
591
592	if ($popup && !$f->d) {
593	$act .= '<a href="'.$link.'"><img src="images/plus.png" alt="'.__('Insert this file into entry').'" '.
594	'title="'.__('Insert this file into entry').'" /></a> ';
595	}
596
597	if ($f->del) {
598	if (!$popup && !$f->d) {
599	$act .= form::checkbox(array('medias[]', 'media_'.rawurlencode($f->basename)),rawurlencode($f->basename));
600	} else {
601	$act .= '<a class="media-remove" '.
602	'href="'.html::escapeURL($page_url).'&d='.
603	rawurlencode($GLOBALS['d']).'&remove='.rawurlencode($f->basename).'">'.
604	'<img src="images/trash.png" alt="'.__('Delete').'" title="'.__('delete').'" /></a>';
605	}
606	}
607
608	$lst .= ($act != '' ? '<li class="media-action"> '.$act.'</li>' : '');
609
610	if ($f->type == 'audio/mpeg3') {
611	$lst .= '<li>'.dcMedia::mp3player($f->file_url,'index.php?pf=player_mp3.swf').'</li>';
612	}
613
614	$res .= ($lst != '' ? '<ul>'.$lst.'</ul>' : '');
615
616	$res .= '</div>';
617
618	return $res;
619	}

Note: See TracBrowser for help on using the repository browser.

Dotclear

Context Navigation

source: admin/media.php @ 2320:89c91e538879

Download in other formats:

Sites map