public override void SendResponse( System.Web.HttpResponse response )
{
int iErrorNumber = 0;
string sFileName = "";
string sFilePath = "";
string sUnsafeFileName = "";
try
{
this.CheckConnector();
this.CheckRequest();
if ( !this.CurrentFolder.CheckAcl( AccessControlRules.FileUpload ) )
{
ConnectorException.Throw( Errors.Unauthorized );
}
HttpPostedFile oFile = HttpContext.Current.Request.Files[HttpContext.Current.Request.Files.AllKeys[0]];
if ( oFile != null )
{
sUnsafeFileName = System.IO.Path.GetFileName(oFile.FileName);
sFileName = Regex.Replace( sUnsafeFileName, @"[\:\*\?\|\/]", "_", RegexOptions.None );
if ( Config.Current.DisallowUnsafeCharacters )
sFileName = sFileName.Replace(";","_");
if ( sFileName != sUnsafeFileName )
iErrorNumber = Errors.UploadedInvalidNameRenamed ;
if ( Connector.CheckFileName( sFileName ) && !Config.Current.CheckIsHiddenFile( sFileName ) )
{
// Replace dots in the name with underscores (only one dot can be there... security issue).
if ( Config.Current.ForceSingleExtension )
sFileName = Regex.Replace( sFileName, @"\.(?![^.]*$)", "_", RegexOptions.None );
if ( !Config.Current.CheckSizeAfterScaling && this.CurrentFolder.ResourceTypeInfo.MaxSize > 0 && oFile.ContentLength > this.CurrentFolder.ResourceTypeInfo.MaxSize )
ConnectorException.Throw( Errors.UploadedTooBig );
string sExtension = System.IO.Path.GetExtension( oFile.FileName );
sExtension = sExtension.TrimStart( '.' );
if ( !this.CurrentFolder.ResourceTypeInfo.CheckExtension( sExtension ) )
ConnectorException.Throw( Errors.InvalidExtension );
if ( Config.Current.CheckIsNonHtmlExtension( sExtension ) && !this.CheckNonHtmlFile( oFile ) )
ConnectorException.Throw( Errors.UploadedWrongHtmlFile );
// Map the virtual path to the local server path.
string sServerDir = this.CurrentFolder.ServerPath;
string sFileNameNoExt = System.IO.Path.GetFileNameWithoutExtension( sFileName );
int iCounter = 0;
while ( true )
{
sFilePath = System.IO.Path.Combine( sServerDir, sFileName );
if ( Achilles.Acme.Storage.IO.File.Exists( sFilePath ) )
{
iCounter++;
sFileName =
sFileNameNoExt +
"(" + iCounter + ")" +
System.IO.Path.GetExtension( oFile.FileName );
iErrorNumber = Errors.UploadedFileRenamed;
}
else
{
System.IO.Stream uploadFileStream = Achilles.Acme.Storage.IO.File.OpenWrite( sFilePath );
try
{
oFile.InputStream.Position = 0;
oFile.InputStream.CopyTo( uploadFileStream );
uploadFileStream.Flush();
}
finally
{
uploadFileStream.Close();
}
if ( Config.Current.SecureImageUploads && ImageTools.IsImageExtension( sExtension ) && !ImageTools.ValidateImage( sFilePath ) )
{
Achilles.Acme.Storage.IO.File.Delete( sFilePath );
ConnectorException.Throw( Errors.UploadedCorrupt );
}
Settings.Images imagesSettings = Config.Current.Images;
if ( imagesSettings.MaxHeight > 0 && imagesSettings.MaxWidth > 0 )
{
// TJT: Review this
//ImageTools.ResizeImage( sFilePath, sFilePath, imagesSettings.MaxWidth, imagesSettings.MaxHeight, true, imagesSettings.Quality );
//if ( Config.Current.CheckSizeAfterScaling && this.CurrentFolder.ResourceTypeInfo.MaxSize > 0 )
//{
// long fileSize = new Achilles.Acme.Storage.IO.FileInfo( sFilePath ).Length;
// if ( fileSize > this.CurrentFolder.ResourceTypeInfo.MaxSize )
// {
// Achilles.Acme.Storage.IO.File.Delete( sFilePath );
// ConnectorException.Throw( Errors.UploadedTooBig );
// }
//}
}
break;
}
}
}
else
ConnectorException.Throw( Errors.InvalidName );
}
else
ConnectorException.Throw( Errors.UploadedCorrupt );
}
catch ( ConnectorException connectorException )
{
iErrorNumber = connectorException.Number;
}
catch ( System.Security.SecurityException )
{
#if DEBUG
throw;
#else
iErrorNumber = Errors.AccessDenied;
#endif
}
catch ( System.UnauthorizedAccessException )
{
#if DEBUG
throw;
#else
iErrorNumber = Errors.AccessDenied;
#endif
}
catch
{
#if DEBUG
throw;
#else
iErrorNumber = Errors.Unknown;
#endif
}
#if DEBUG
if ( iErrorNumber == Errors.None || iErrorNumber == Errors.UploadedFileRenamed || iErrorNumber == Errors.UploadedInvalidNameRenamed )
response.Clear();
#else
response.Clear();
#endif
System.Web.HttpRequest _Request = System.Web.HttpContext.Current.Request;
if ( _Request.QueryString["response_type"] != null && "txt" == _Request.QueryString["response_type"].ToString() )
{
string _errorMsg = "";
if ( iErrorNumber > 0 )
{
_errorMsg = Lang.getErrorMessage( iErrorNumber ).Replace( "%1", sFileName );
if ( iErrorNumber != Errors.UploadedFileRenamed && iErrorNumber != Errors.UploadedInvalidNameRenamed )
sFileName = "";
}
response.Write( sFileName + "|" + _errorMsg );
}
else
{
response.Write("<script type=\"text/javascript\">");
response.Write( this.GetJavaScriptCode( iErrorNumber, sFileName, this.CurrentFolder.Url ) );
response.Write( "</script>" );
}
Connector.CKFinderEvent.ActivateEvent( CKFinderEvent.Hooks.AfterFileUpload, this.CurrentFolder, sFilePath );
response.End();
}