nextcloud/apps/files/ajax/upload.php

<?php

// Firefox and Konqueror tries to download application/json for me.  --Arthur
OCP\JSON::setContentTypeHeader('text/plain');

// If a directory token is sent along check if public upload is permitted.
// If not, check the login.
// If no token is sent along, rely on login only

$l = OC_L10N::get('files');
if (empty($_POST['dirToken'])) {
	// The standard case, files are uploaded through logged in users :)
	OCP\JSON::checkLoggedIn();
	$dir = isset($_POST['dir']) ? $_POST['dir'] : "";
	if (!$dir || empty($dir) || $dir === false) {
		OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.')))));
		die();
	}
} else {
	$linkItem = OCP\Share::getShareByToken($_POST['dirToken']);

	if ($linkItem === false) {
		OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Invalid Token')))));
		die();
	}

	if (!($linkItem['permissions'] & OCP\PERMISSION_CREATE)) {
		OCP\JSON::checkLoggedIn();
	} else {

		// The token defines the target directory (security reasons)
		$dir = sprintf(
			"/%s/%s",
			$linkItem['file_target'],
			isset($_POST['subdir']) ? $_POST['subdir'] : ''
		);

		// handle reshare
		if (!empty($linkItem['parent'])) {
			$dir = '/Shared'.$dir;
		}

		if (!$dir || empty($dir) || $dir === false) {
			OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.')))));
			die();
		}
		// Setup FS with owner
		OC_Util::setupFS($linkItem['uid_owner']);
	}
}


OCP\JSON::callCheck();


// get array with current storage stats (e.g. max file size)
$storageStats = \OCA\files\lib\Helper::buildFileStorageStatistics($dir);

if (!isset($_FILES['files'])) {
	OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('No file was uploaded. Unknown error')), $storageStats)));
	exit();
}

foreach ($_FILES['files']['error'] as $error) {
	if ($error != 0) {
		$errors = array(
			UPLOAD_ERR_OK => $l->t('There is no error, the file uploaded with success'),
			UPLOAD_ERR_INI_SIZE => $l->t('The uploaded file exceeds the upload_max_filesize directive in php.ini: ')
			. ini_get('upload_max_filesize'),
			UPLOAD_ERR_FORM_SIZE => $l->t('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form'),
			UPLOAD_ERR_PARTIAL => $l->t('The uploaded file was only partially uploaded'),
			UPLOAD_ERR_NO_FILE => $l->t('No file was uploaded'),
			UPLOAD_ERR_NO_TMP_DIR => $l->t('Missing a temporary folder'),
			UPLOAD_ERR_CANT_WRITE => $l->t('Failed to write to disk'),
		);
		OCP\JSON::error(array('data' => array_merge(array('message' => $errors[$error]), $storageStats)));
		exit();
	}
}
$files = $_FILES['files'];

$error = '';

$maxUploadFilesize = OCP\Util::maxUploadFilesize($dir);
$maxHumanFilesize = OCP\Util::humanFileSize($maxUploadFilesize);

$totalSize = 0;
foreach ($files['size'] as $size) {
	$totalSize += $size;
}
if ($maxUploadFilesize >= 0 and $totalSize > $maxUploadFilesize) {
	OCP\JSON::error(array('data' => array('message' => $l->t('Not enough storage available'),
		'uploadMaxFilesize' => $maxUploadFilesize,
		'maxHumanFilesize' => $maxHumanFilesize)));
	exit();
}

$result = array();
if (strpos($dir, '..') === false) {
	$fileCount = count($files['name']);
	for ($i = 0; $i < $fileCount; $i++) {
		$target = OCP\Files::buildNotExistingFileName(stripslashes($dir), $files['name'][$i]);
		// $path needs to be normalized - this failed within drag'n'drop upload to a sub-folder
		$target = \OC\Files\Filesystem::normalizePath($target);
		if (is_uploaded_file($files['tmp_name'][$i]) and \OC\Files\Filesystem::fromTmpFile($files['tmp_name'][$i], $target)) {
			$meta = \OC\Files\Filesystem::getFileInfo($target);
			// updated max file size after upload
			$storageStats = \OCA\files\lib\Helper::buildFileStorageStatistics($dir);

			$result[] = array('status' => 'success',
				'mime' => $meta['mimetype'],
				'size' => $meta['size'],
				'id' => $meta['fileid'],
				'name' => basename($target),
				'originalname' => $files['name'][$i],
				'uploadMaxFilesize' => $maxUploadFilesize,
				'maxHumanFilesize' => $maxHumanFilesize
			);
		}
	}
	OCP\JSON::encodedPrint($result);
	exit();
} else {
	$error = $l->t('Invalid directory.');
}

OCP\JSON::error(array('data' => array_merge(array('message' => $error), $storageStats)));
i heard, we start to commit all files 2011-04-17 01:18:06 +04:00			`<?php`

			`// Firefox and Konqueror tries to download application/json for me. --Arthur`
ported oc_json 2012-05-03 14:23:29 +04:00			`OCP\JSON::setContentTypeHeader('text/plain');`
i heard, we start to commit all files 2011-04-17 01:18:06 +04:00
Public upload feature 2013-06-25 14:24:14 +04:00			`// If a directory token is sent along check if public upload is permitted.`
			`// If not, check the login.`
			`// If no token is sent along, rely on login only`

introducing class OCA/files/lib/Helper with new function to build an array with storage stats DRYing the code by using \OCA\files\lib\Helper::buildFileStorageStatistics() now returning used space percent on each ajax call 2013-01-19 03:31:09 +04:00			`$l = OC_L10N::get('files');`
fix uploading when ['dirtoken'] is not set 2013-07-01 17:39:11 +04:00			`if (empty($_POST['dirToken'])) {`
code style 2013-07-01 17:37:52 +04:00			`// The standard case, files are uploaded through logged in users :)`
			`OCP\JSON::checkLoggedIn();`
			`$dir = isset($_POST['dir']) ? $_POST['dir'] : "";`
			`if (!$dir \|\| empty($dir) \|\| $dir === false) {`
			`OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.')))));`
			`die();`
			`}`
Public upload feature 2013-06-25 14:24:14 +04:00			`} else {`
code style 2013-07-01 17:37:52 +04:00			`$linkItem = OCP\Share::getShareByToken($_POST['dirToken']);`

			`if ($linkItem === false) {`
			`OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Invalid Token')))));`
			`die();`
			`}`

			`if (!($linkItem['permissions'] & OCP\PERMISSION_CREATE)) {`
			`OCP\JSON::checkLoggedIn();`
			`} else {`

			`// The token defines the target directory (security reasons)`
			`$dir = sprintf(`
			`"/%s/%s",`
			`$linkItem['file_target'],`
			`isset($_POST['subdir']) ? $_POST['subdir'] : ''`
			`);`

handle anonymous upload to reshared folder 2013-07-05 11:58:41 +04:00			`// handle reshare`
			`if (!empty($linkItem['parent'])) {`
			`$dir = '/Shared'.$dir;`
			`}`

code style 2013-07-01 17:37:52 +04:00			`if (!$dir \|\| empty($dir) \|\| $dir === false) {`
			`OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.')))));`
			`die();`
			`}`
			`// Setup FS with owner`
			`OC_Util::setupFS($linkItem['uid_owner']);`
			`}`
Public upload feature 2013-06-25 14:24:14 +04:00			`}`


			`OCP\JSON::callCheck();`
i heard, we start to commit all files 2011-04-17 01:18:06 +04:00
Correct it 2013-02-01 23:29:02 +04:00
introducing class OCA/files/lib/Helper with new function to build an array with storage stats DRYing the code by using \OCA\files\lib\Helper::buildFileStorageStatistics() now returning used space percent on each ajax call 2013-01-19 03:31:09 +04:00			`// get array with current storage stats (e.g. max file size)`
			`$storageStats = \OCA\files\lib\Helper::buildFileStorageStatistics($dir);`
the maximum upload size is now part of the response of the upload and delete operation. the maximum upload size is updated within the browser once an upload or delete operation has been finished 2012-12-20 20:16:01 +04:00
files/ajax: catch upload errors If the file wasn't uploaded successfully bail early. Signed-off-by: Florian Pritz <bluewind@xinu.at> 2011-09-23 22:03:39 +04:00			`if (!isset($_FILES['files'])) {`
introducing class OCA/files/lib/Helper with new function to build an array with storage stats DRYing the code by using \OCA\files\lib\Helper::buildFileStorageStatistics() now returning used space percent on each ajax call 2013-01-19 03:31:09 +04:00			`OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('No file was uploaded. Unknown error')), $storageStats)));`
files/ajax: catch upload errors If the file wasn't uploaded successfully bail early. Signed-off-by: Florian Pritz <bluewind@xinu.at> 2011-09-23 22:03:39 +04:00			`exit();`
			`}`
fixing undefined variable $l 2013-01-03 01:15:43 +04:00
files/ajax: catch upload errors If the file wasn't uploaded successfully bail early. Signed-off-by: Florian Pritz <bluewind@xinu.at> 2011-09-23 22:03:39 +04:00			`foreach ($_FILES['files']['error'] as $error) {`
			`if ($error != 0) {`
			`$errors = array(`
Files: fix sharing newly uploaded files 2013-01-29 00:09:18 +04:00			`UPLOAD_ERR_OK => $l->t('There is no error, the file uploaded with success'),`
			`UPLOAD_ERR_INI_SIZE => $l->t('The uploaded file exceeds the upload_max_filesize directive in php.ini: ')`
code style 2013-07-01 17:37:52 +04:00			`. ini_get('upload_max_filesize'),`
Join split translated strings 2013-02-15 19:04:18 +04:00			`UPLOAD_ERR_FORM_SIZE => $l->t('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form'),`
Files: fix sharing newly uploaded files 2013-01-29 00:09:18 +04:00			`UPLOAD_ERR_PARTIAL => $l->t('The uploaded file was only partially uploaded'),`
			`UPLOAD_ERR_NO_FILE => $l->t('No file was uploaded'),`
introducing class OCA/files/lib/Helper with new function to build an array with storage stats DRYing the code by using \OCA\files\lib\Helper::buildFileStorageStatistics() now returning used space percent on each ajax call 2013-01-19 03:31:09 +04:00			`UPLOAD_ERR_NO_TMP_DIR => $l->t('Missing a temporary folder'),`
			`UPLOAD_ERR_CANT_WRITE => $l->t('Failed to write to disk'),`
files/ajax: catch upload errors If the file wasn't uploaded successfully bail early. Signed-off-by: Florian Pritz <bluewind@xinu.at> 2011-09-23 22:03:39 +04:00			`);`
introducing class OCA/files/lib/Helper with new function to build an array with storage stats DRYing the code by using \OCA\files\lib\Helper::buildFileStorageStatistics() now returning used space percent on each ajax call 2013-01-19 03:31:09 +04:00			`OCP\JSON::error(array('data' => array_merge(array('message' => $errors[$error]), $storageStats)));`
files/ajax: catch upload errors If the file wasn't uploaded successfully bail early. Signed-off-by: Florian Pritz <bluewind@xinu.at> 2011-09-23 22:03:39 +04:00			`exit();`
			`}`
			`}`
introducing class OCA/files/lib/Helper with new function to build an array with storage stats DRYing the code by using \OCA\files\lib\Helper::buildFileStorageStatistics() now returning used space percent on each ajax call 2013-01-19 03:31:09 +04:00			`$files = $_FILES['files'];`
Provide ability to select mutliply files during upload for browsers that support it. 2011-07-19 22:23:33 +04:00
introducing class OCA/files/lib/Helper with new function to build an array with storage stats DRYing the code by using \OCA\files\lib\Helper::buildFileStorageStatistics() now returning used space percent on each ajax call 2013-01-19 03:31:09 +04:00			`$error = '';`
a bit of refactoring for oc_filesystem and implement user quota 2011-08-15 22:37:50 +04:00
Files: fix sharing newly uploaded files 2013-01-29 00:09:18 +04:00			`$maxUploadFilesize = OCP\Util::maxUploadFilesize($dir);`
			`$maxHumanFilesize = OCP\Util::humanFileSize($maxUploadFilesize);`

introducing class OCA/files/lib/Helper with new function to build an array with storage stats DRYing the code by using \OCA\files\lib\Helper::buildFileStorageStatistics() now returning used space percent on each ajax call 2013-01-19 03:31:09 +04:00			`$totalSize = 0;`
			`foreach ($files['size'] as $size) {`
			`$totalSize += $size;`
a bit of refactoring for oc_filesystem and implement user quota 2011-08-15 22:37:50 +04:00			`}`
Improve handeling of unlimited max upload size 2013-03-15 19:31:35 +04:00			`if ($maxUploadFilesize >= 0 and $totalSize > $maxUploadFilesize) {`
Files: rename 'space' to 'storage' in upload.php 2013-02-08 02:59:14 +04:00			`OCP\JSON::error(array('data' => array('message' => $l->t('Not enough storage available'),`
Files: fix sharing newly uploaded files 2013-01-29 00:09:18 +04:00			`'uploadMaxFilesize' => $maxUploadFilesize,`
			`'maxHumanFilesize' => $maxHumanFilesize)));`
a bit of refactoring for oc_filesystem and implement user quota 2011-08-15 22:37:50 +04:00			`exit();`
			`}`

introducing class OCA/files/lib/Helper with new function to build an array with storage stats DRYing the code by using \OCA\files\lib\Helper::buildFileStorageStatistics() now returning used space percent on each ajax call 2013-01-19 03:31:09 +04:00			`$result = array();`
			`if (strpos($dir, '..') === false) {`
			`$fileCount = count($files['name']);`
			`for ($i = 0; $i < $fileCount; $i++) {`
fix checkstyle for files app 2012-11-29 21:30:02 +04:00			`$target = OCP\Files::buildNotExistingFileName(stripslashes($dir), $files['name'][$i]);`
normalize the path once in upload.php is enough - THX Robin for this hint 2012-11-16 14:50:57 +04:00			`// $path needs to be normalized - this failed within drag'n'drop upload to a sub-folder`
merge master into filesystem 2013-01-07 03:16:10 +04:00			`$target = \OC\Files\Filesystem::normalizePath($target);`
Files: fix sharing newly uploaded files 2013-01-29 00:09:18 +04:00			`if (is_uploaded_file($files['tmp_name'][$i]) and \OC\Files\Filesystem::fromTmpFile($files['tmp_name'][$i], $target)) {`
move some stuff to the new api 2012-10-27 01:05:02 +04:00			`$meta = \OC\Files\Filesystem::getFileInfo($target);`
fixing indent 2013-01-18 23:09:03 +04:00			`// updated max file size after upload`
introducing class OCA/files/lib/Helper with new function to build an array with storage stats DRYing the code by using \OCA\files\lib\Helper::buildFileStorageStatistics() now returning used space percent on each ajax call 2013-01-19 03:31:09 +04:00			`$storageStats = \OCA\files\lib\Helper::buildFileStorageStatistics($dir);`
the maximum upload size is now part of the response of the upload and delete operation. the maximum upload size is updated within the browser once an upload or delete operation has been finished 2012-12-20 20:16:01 +04:00
Files: fix sharing newly uploaded files 2013-01-29 00:09:18 +04:00			`$result[] = array('status' => 'success',`
			`'mime' => $meta['mimetype'],`
			`'size' => $meta['size'],`
			`'id' => $meta['fileid'],`
			`'name' => basename($target),`
code style 2013-07-01 17:37:52 +04:00			`'originalname' => $files['name'][$i],`
Files: fix sharing newly uploaded files 2013-01-29 00:09:18 +04:00			`'uploadMaxFilesize' => $maxUploadFilesize,`
			`'maxHumanFilesize' => $maxHumanFilesize`
fixing indent 2013-01-18 23:09:03 +04:00			`);`
Provide ability to select mutliply files during upload for browsers that support it. 2011-07-19 22:23:33 +04:00			`}`
i heard, we start to commit all files 2011-04-17 01:18:06 +04:00			`}`
ported oc_json 2012-05-03 14:23:29 +04:00			`OCP\JSON::encodedPrint($result);`
Provide ability to select mutliply files during upload for browsers that support it. 2011-07-19 22:23:33 +04:00			`exit();`
apply coding style 2012-08-29 02:50:12 +04:00			`} else {`
introducing class OCA/files/lib/Helper with new function to build an array with storage stats DRYing the code by using \OCA\files\lib\Helper::buildFileStorageStatistics() now returning used space percent on each ajax call 2013-01-19 03:31:09 +04:00			`$error = $l->t('Invalid directory.');`
i heard, we start to commit all files 2011-04-17 01:18:06 +04:00			`}`

introducing class OCA/files/lib/Helper with new function to build an array with storage stats DRYing the code by using \OCA\files\lib\Helper::buildFileStorageStatistics() now returning used space percent on each ajax call 2013-01-19 03:31:09 +04:00			`OCP\JSON::error(array('data' => array_merge(array('message' => $error), $storageStats)));`