forked from LimeSurvey/LimeSurvey
-
Notifications
You must be signed in to change notification settings - Fork 3
/
uploader.php
139 lines (125 loc) · 5.32 KB
/
uploader.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
<?php
require_once(dirname(__FILE__).'/classes/core/startup.php');
require_once(dirname(__FILE__).'/config-defaults.php');
require_once(dirname(__FILE__).'/common.php');
require_once($homedir.'/classes/core/class.progressbar.php');
require_once(dirname(__FILE__).'/classes/core/language.php');
if (!isset($surveyid))
{
$surveyid=returnglobal('sid');
}
else
{
//This next line ensures that the $surveyid value is never anything but a number.
$surveyid=sanitize_int($surveyid);
}
// Compute the Session name
// Session name is based:
// * on this specific limesurvey installation (Value SessionName in DB)
// * on the surveyid (from Get or Post param). If no surveyid is given we are on the public surveys portal
$usquery = "SELECT stg_value FROM ".db_table_name("settings_global")." where stg_name='SessionName'";
$usresult = db_execute_assoc($usquery,'',true); //Checked
if ($usresult)
{
$usrow = $usresult->FetchRow();
$stg_SessionName=$usrow['stg_value'];
if ($surveyid)
{
if (isset($_GET['preview']) && $_GET['preview'] == 1)
{
@session_name($stg_SessionName);
}
else
{
@session_name($stg_SessionName.'-runtime-'.$surveyid);
}
}
else
{
@session_name($stg_SessionName.'-runtime-publicportal');
}
}
else
{
session_name("LimeSurveyRuntime-$surveyid");
}
session_set_cookie_params(0,$relativeurl.'/');
@session_start();
if (empty($_SESSION) || !isset($_SESSION['fieldname']))
{
die("You don't have a valid session !");
}
if (isset($_GET['filegetcontents']))
{
$sFileName=sanitize_filename($_GET['filegetcontents']);
if (substr($sFileName,0,6)=='futmp_')
{
$sFileDir = $tempdir.'/upload/';
}
elseif(substr($sFileName,0,3)=='fu_'){
$sFileDir = "{$uploaddir}/surveys/{$surveyid}/files/";
}
readfile($sFileDir.$sFileName);
exit();
}
$meta = '<script type="text/javascript">
var surveyid = "'.$surveyid.'";
var fieldname = "'.$_GET['fieldname'].'";
var questgrppreview = '.$_GET['preview'].';
var rooturl ="'.$rooturl.'";
</script>';
$meta .='<script type="text/javascript" src="scripts/ajaxupload.js"></script>
<script type="text/javascript" src="scripts/uploader.js"></script>
<link type="text/css" href="scripts/uploader.css" rel="stylesheet" />';
if (isset($_SESSION['s_lang']))
{
$language = $_SESSION['s_lang'];
}
else
{
$language = GetBaseLanguageFromSurveyID($surveyid);
}
$clang = new limesurvey_lang($language);
$header = getHeader($meta);
echo $header;
echo "<script type='text/javascript'>
var translt = {
titleFld: '" . $clang->gT('Title','js') . "',
commentFld: '" . $clang->gT('Comment','js') . "',
errorNoMoreFiles: '" . $clang->gT('Sorry, no more files can be uploaded!','js') . "',
errorOnlyAllowed: '" . $clang->gT('Sorry, only %s files can be uploaded for this question!','js') . "',
uploading: '" . $clang->gT('Uploading','js') . "',
selectfile: '" . $clang->gT('Select file','js') . "',
errorNeedMore: '" . $clang->gT('Please upload %s more file(s).','js') . "',
errorMoreAllowed: '" . $clang->gT('If you wish, you may upload %s more file(s); else you may return back to survey.','js') . "',
errorMaxReached: '" . $clang->gT('The maximum number of files has been uploaded. You may return back to survey.','js') . "',
errorTooMuch: '" . $clang->gT('The maximum number of files has been uploaded. You may return back to survey.','js') . "',
errorNeedMoreConfirm: '" . $clang->gT("You need to upload %s more files for this question.\nAre you sure you want to exit?",'js') . "'
};
</script>\n";
$fn = $_GET['fieldname'];
$qid = $_GET['qid'];
$qidattributes=getQuestionAttributes($qid);
$body = '
<div id="notice"></div>
<input type="hidden" id="ia" value="'.$fn.'" />
<input type="hidden" id="'.$fn.'_minfiles" value="'.$qidattributes['min_num_of_files'].'" />
<input type="hidden" id="'.$fn.'_maxfiles" value="'.$qidattributes['max_num_of_files'].'" />
<input type="hidden" id="'.$fn.'_maxfilesize" value="'.$qidattributes['max_filesize'].'" />
<input type="hidden" id="'.$fn.'_allowed_filetypes" value="'.$qidattributes['allowed_filetypes'].'" />
<input type="hidden" id="preview" value="'.$_SESSION['preview'].'" />
<input type="hidden" id="'.$fn.'_show_comment" value="'.$qidattributes['show_comment'].'" />
<input type="hidden" id="'.$fn.'_show_title" value="'.$qidattributes['show_title'].'" />
<input type="hidden" id="'.$fn.'_licount" value="0" />
<input type="hidden" id="'.$fn.'_filecount" value="0" />
<!-- The upload button -->
<div align="center" class="upload-div">
<button id="button1" class="upload-button" type="button" >'.$clang->gT("Select file").'</button>
</div>
<p class="uploadmsg">'.sprintf($clang->gT("You can upload %s under %s KB each.",'js'),$qidattributes['allowed_filetypes'],$qidattributes['max_filesize']).'</p>
<div class="uploadstatus" id="uploadstatus"></div>
<!-- The list of uploaded files -->
<ul id="'.$fn.'_listfiles"></ul>
</body>
</html>';
echo $body;