2
# FCKeditor - The text editor for Internet - http://www.fckeditor.net
3
# Copyright (C) 2003-2007 Frederico Caldeira Knabben
7
# Licensed under the terms of any of the following licenses at your
10
# - GNU General Public License Version 2 or later (the "GPL")
11
# http://www.gnu.org/licenses/gpl.html
13
# - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
14
# http://www.gnu.org/licenses/lgpl.html
16
# - Mozilla Public License Version 1.1 or later (the "MPL")
17
# http://www.mozilla.org/MPL/MPL-1.1.html
21
# This is the File Manager Connector for Perl.
28
# File size max(unit KB)
29
$MAX_CONTENT_SIZE = 30000;
31
# Filelock (1=use,0=not use)
35
# upload Content-Type list
36
my %UPLOAD_CONTENT_TYPE_LIST = (
37
'image/(x-)?png' => 'png', # PNG image
38
'image/p?jpe?g' => 'jpg', # JPEG image
39
'image/gif' => 'gif', # GIF image
40
'image/x-xbitmap' => 'xbm', # XBM image
42
'image/(x-(MS-)?)?bmp' => 'bmp', # Windows BMP image
43
'image/pict' => 'pict', # Macintosh PICT image
44
'image/tiff' => 'tif', # TIFF image
45
'application/pdf' => 'pdf', # PDF image
46
'application/x-shockwave-flash' => 'swf', # Shockwave Flash
48
'video/(x-)?msvideo' => 'avi', # Microsoft Video
49
'video/quicktime' => 'mov', # QuickTime Video
50
'video/mpeg' => 'mpeg', # MPEG Video
51
'video/x-mpeg2' => 'mpv2', # MPEG2 Video
53
'audio/(x-)?midi?' => 'mid', # MIDI Audio
54
'audio/(x-)?wav' => 'wav', # WAV Audio
55
'audio/basic' => 'au', # ULAW Audio
56
'audio/mpeg' => 'mpga', # MPEG Audio
58
'application/(x-)?zip(-compressed)?' => 'zip', # ZIP Compress
60
'text/html' => 'html', # HTML
61
'text/plain' => 'txt', # TEXT
62
'(?:application|text)/(?:rtf|richtext)' => 'rtf', # RichText
64
'application/msword' => 'doc', # Microsoft Word
65
'application/vnd.ms-excel' => 'xls', # Microsoft Excel
70
# Upload is permitted.
71
# A regular expression is possible.
72
my %UPLOAD_EXT_LIST = (
74
'p?jpe?g|jpe|jfif|pjp' => 'JPEG image',
78
'bmp|dib|rle' => 'Windows BMP image',
79
'pi?ct' => 'Macintosh PICT image',
80
'tiff?' => 'TIFF image',
82
'swf' => 'Shockwave Flash',
84
'avi' => 'Microsoft Video',
85
'moo?v|qt' => 'QuickTime Video',
86
'm(p(e?gv?|e|v)|1v)' => 'MPEG Video',
87
'mp(v2|2v)' => 'MPEG2 Video',
89
'midi?|kar|smf|rmi|mff' => 'MIDI Audio',
90
'wav' => 'WAVE Audio',
91
'au|snd' => 'ULAW Audio',
92
'mp(e?ga|2|a|3)|abs' => 'MPEG Audio',
94
'zip' => 'ZIP Compress',
95
'lzh' => 'LZH Compress',
96
'cab' => 'CAB Compress',
99
'rtf|rtx' => 'RichText',
100
'txt|text' => 'Text',
107
my $CHARCODE = 'sjis';
109
$TRANS_2BYTE_CODE = 0;
111
##############################################################################
119
##############################################################################
122
eval("use File::Copy;");
123
eval("use File::Path;");
128
mkdir($img_dir,0777);
129
chmod(0777,$img_dir);
131
undef $img_data_exists;
133
undef @NEWFNAME_DATA;
135
if($ENV{'CONTENT_LENGTH'} > 10000000 || $ENV{'CONTENT_LENGTH'} > $MAX_CONTENT_SIZE * 1024) {
139
"Transmitting size is too large.MAX <strong>%d KB</strong> Now Size <strong>%d KB</strong>(<strong>%d bytes</strong> Over)",
141
int($ENV{'CONTENT_LENGTH'} / 1024),
142
$ENV{'CONTENT_LENGTH'} - $MAX_CONTENT_SIZE * 1024
148
if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data/) {
150
return unless($ENV{'CONTENT_LENGTH'});
153
# STDIN A pause character is detected.'(MacIE3.0 boundary of $ENV{'CONTENT_TYPE'} cannot be trusted.)
154
my $Boundary = <STDIN>;
155
$Boundary =~ s/\x0D\x0A//;
156
$Boundary = quotemeta($Boundary);
158
if(/^\s*Content-Disposition:/i) {
159
my($name,$ContentType,$FileName);
161
if(/\bname="([^"]+)"/i || /\bname=([^\s:;]+)/i) {
164
$name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
167
if(/\bfilename="([^"]*)"/i || /\bfilename=([^\s:;]*)/i) {
168
$FileName = $1 || 'unknown';
173
if(/^\s*Content-Type:\s*"([^"]+)"/i || /^\s*Content-Type:\s*([^\s:;]+)/i) {
180
last if(/^$Boundary/o);
184
$value =~s /\x0D\x0A$//;
186
if($FileName || $ContentType) {
187
$img_data_exists = 1;
195
) = &CheckContentType(\$value,$FileName,$ContentType);
197
$FORM{$name} = $FileName;
198
$new_fname = $FileName;
199
push(@NEWFNAME_DATA,"$FileName\t$Ext\t$Length\t$ImageWidth\t$ImageHeight\t$ContentName");
201
# Multi-upload correspondence
202
push(@NEWFNAMES,$new_fname);
203
open(OUT,">$img_dir/$new_fname");
205
eval "flock(OUT,2);" if($PM{'flock'} == 1);
207
eval "flock(OUT,8);" if($PM{'flock'} == 1);
212
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
213
&Encode(\$value,'trans');
214
$FORM{$name} .= "\0" if(defined($FORM{$name}));
215
$FORM{$name} .= $value;
219
last if($lastline =~ /^$Boundary\-\-/o);
221
} elsif($ENV{'CONTENT_LENGTH'}) {
222
read(STDIN,$Buffer,$ENV{'CONTENT_LENGTH'});
224
foreach(split(/&/,$Buffer),split(/&/,$ENV{'QUERY_STRING'})) {
225
my($name, $value) = split(/=/);
227
$name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
229
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
232
&Encode(\$value,'trans');
233
$FORM{$name} .= "\0" if(defined($FORM{$name}));
234
$FORM{$name} .= $value;
240
##############################################################################
248
##############################################################################
252
my($DATA,$FileName,$ContentType) = @_;
253
my($Ext,$ImageWidth,$ImageHeight,$ContentName,$Infomation);
254
my $DataLength = length($$DATA);
256
# An unknown file type
261
|| /^application\/(x-)?macbinary$/i
262
|| /^application\/applefile$/i
263
|| /^application\/octet-stream$/i
265
|| /^x-unknown-content-type/i
268
# MacBinary(Mac Unnecessary data are deleted.)
269
if($UnknownType || $ENV{'HTTP_USER_AGENT'} =~ /Macintosh|Mac_/) {
270
if($DataLength > 128 && !unpack("C",substr($$DATA,0,1)) && !unpack("C",substr($$DATA,74,1)) && !unpack("C",substr($$DATA,82,1)) ) {
271
my $MacBinary_ForkLength = unpack("N", substr($$DATA, 83, 4)); # ForkLength Get
272
my $MacBinary_FileName = quotemeta(substr($$DATA, 2, unpack("C",substr($$DATA, 1, 1))));
273
if($MacBinary_FileName && $MacBinary_ForkLength && $DataLength >= $MacBinary_ForkLength + 128
274
&& ($FileName =~ /$MacBinary_FileName/i || substr($$DATA,102,4) eq 'mBIN')) { # DATA TOP 128byte MacBinary!!
275
$$DATA = substr($$DATA,128,$MacBinary_ForkLength);
276
my $ResourceLength = $DataLength - $MacBinary_ForkLength - 128;
277
$DataLength = $MacBinary_ForkLength;
282
# A file name is changed into EUC.
283
# &jcode::convert(\$FileName,'euc',$FormCodeDefault);
284
# &jcode::h2z_euc(\$FileName);
285
$FileName =~ s/^.*\\//; # Windows, Mac
286
$FileName =~ s/^.*\///; # UNIX
287
$FileName =~ s/&/&/g;
288
$FileName =~ s/"/"/g;
289
$FileName =~ s/</</g;
290
$FileName =~ s/>/>/g;
292
# if($CHARCODE ne 'euc') {
293
# &jcode::convert(\$FileName,$CHARCODE,'euc');
296
# An extension is extracted and it changes into a small letter.
298
if($FileName =~ /\.(\w+)$/) {
300
$FileExt =~ tr/A-Z/a-z/;
303
# Executable file detection (ban on upload)
304
if($$DATA =~ /^MZ/) {
308
if(!$Ext && ($UnknownType || $ContentType =~ /^text\//i || $ContentType =~ /^application\/(?:rtf|richtext)$/i || $ContentType =~ /^image\/x-xbitmap$/i)
309
&& ! $$DATA =~ /[\000-\006\177\377]/) {
310
# $$DATA =~ s/\x0D\x0A/\n/g;
311
# $$DATA =~ tr/\x0D\x0A/\n\n/;
314
# $$DATA =~ /<\s*SCRIPT(?:.|\n)*?>/i
315
# || $$DATA =~ /<\s*(?:.|\n)*?\bONLOAD\s*=(?:.|\n)*?>/i
316
# || $$DATA =~ /<\s*(?:.|\n)*?\bONCLICK\s*=(?:.|\n)*?>/i
318
# $Infomation = '(JavaScript contains)';
320
# if($$DATA =~ /<\s*TABLE(?:.|\n)*?>/i
321
# || $$DATA =~ /<\s*BLINK(?:.|\n)*?>/i
322
# || $$DATA =~ /<\s*MARQUEE(?:.|\n)*?>/i
323
# || $$DATA =~ /<\s*OBJECT(?:.|\n)*?>/i
324
# || $$DATA =~ /<\s*EMBED(?:.|\n)*?>/i
325
# || $$DATA =~ /<\s*FRAME(?:.|\n)*?>/i
326
# || $$DATA =~ /<\s*APPLET(?:.|\n)*?>/i
327
# || $$DATA =~ /<\s*FORM(?:.|\n)*?>/i
328
# || $$DATA =~ /<\s*(?:.|\n)*?\bSRC\s*=(?:.|\n)*?>/i
329
# || $$DATA =~ /<\s*(?:.|\n)*?\bDYNSRC\s*=(?:.|\n)*?>/i
331
# $Infomation = '(the HTML tag which is not safe is included)';
334
if($FileExt =~ /^txt$/i || $FileExt =~ /^cgi$/i || $FileExt =~ /^pl$/i) { # Text File
336
} elsif($ContentType =~ /^text\/html$/i || $FileExt =~ /html?/i || $$DATA =~ /<\s*HTML(?:.|\n)*?>/i) { # HTML File
338
} elsif($ContentType =~ /^image\/x-xbitmap$/i || $FileExt =~ /^xbm$/i) { # XBM(x-BitMap) Image
340
my ($XbmWidth, $XbmHeight);
341
if($$DATA =~ /\#define\s*$XbmName\_width\s*(\d+)/i) {
344
if($$DATA =~ /\#define\s*$XbmName\_height\s*(\d+)/i) {
347
if($XbmWidth && $XbmHeight) {
349
$ImageWidth = $XbmWidth;
350
$ImageHeight = $XbmHeight;
358
if(!$Ext && ($UnknownType || $ContentType =~ /^image\//i)) {
360
if($$DATA =~ /^\x89PNG\x0D\x0A\x1A\x0A/) {
361
if(substr($$DATA, 12, 4) eq 'IHDR') {
363
($ImageWidth, $ImageHeight) = unpack("N2", substr($$DATA, 16, 8));
365
} elsif($$DATA =~ /^GIF8(?:9|7)a/) { # GIF89a(modified), GIF89a, GIF87a
367
($ImageWidth, $ImageHeight) = unpack("v2", substr($$DATA, 6, 4));
368
} elsif($$DATA =~ /^II\x2a\x00\x08\x00\x00\x00/ || $$DATA =~ /^MM\x00\x2a\x00\x00\x00\x08/) { # TIFF
370
} elsif($$DATA =~ /^BM/) { # BMP
372
} elsif($$DATA =~ /^\xFF\xD8\xFF/ || $$DATA =~ /JFIF/) { # JPEG
373
my $HeaderPoint = index($$DATA, "\xFF\xD8\xFF", 0);
374
my $Point = $HeaderPoint + 2;
375
while($Point < $DataLength) {
376
my($Maker, $MakerType, $MakerLength) = unpack("C2n",substr($$DATA,$Point,4));
377
if($Maker != 0xFF || $MakerType == 0xd9 || $MakerType == 0xda) {
379
} elsif($MakerType >= 0xC0 && $MakerType <= 0xC3) {
381
($ImageHeight, $ImageWidth) = unpack("n2", substr($$DATA, $Point + 5, 4));
382
if($HeaderPoint > 0) {
383
$$DATA = substr($$DATA, $HeaderPoint);
384
$DataLength = length($$DATA);
388
$Point += $MakerLength + 2;
395
if(!$Ext && ($UnknownType || $ContentType =~ /^audio\//i)) {
397
if($$DATA =~ /^MThd/) {
399
} elsif($$DATA =~ /^\x2esnd/) { # ULAW Audio
401
} elsif($$DATA =~ /^RIFF/ || $$DATA =~ /^ID3/ && $$DATA =~ /RIFF/) {
402
my $HeaderPoint = index($$DATA, "RIFF", 0);
403
$_ = substr($$DATA, $HeaderPoint + 8, 8);
406
if(unpack("V",substr($$DATA, $HeaderPoint + 16, 4)) == 16) {
408
} else { # RIFF WAVE MP3
411
} elsif(/^RMIDdata$/) { # RIFF MIDI
413
} elsif(/^RMP3data$/) { # RIFF MP3
416
if($ContentType =~ /^audio\//i) {
417
$Infomation .= '(RIFF '. substr($$DATA, $HeaderPoint + 8, 4). ')';
425
if($$DATA =~ /^\%PDF/) {
426
# Picture size is not measured.
428
} elsif($$DATA =~ /^FWS/) { # Shockwave Flash
430
} elsif($$DATA =~ /^RIFF/ || $$DATA =~ /^ID3/ && $$DATA =~ /RIFF/) {
431
my $HeaderPoint = index($$DATA, "RIFF", 0);
432
$_ = substr($$DATA,$HeaderPoint + 8, 8);
437
if($ContentType =~ /^video\//i) {
438
$Infomation .= '(RIFF '. substr($$DATA, $HeaderPoint + 8, 4). ')';
440
} elsif($$DATA =~ /^PK/) { # ZIP Compress File
442
} elsif($$DATA =~ /^MSCF/) { # CAB Compress File
444
} elsif($$DATA =~ /^Rar\!/) { # RAR Compress File
446
} elsif(substr($$DATA, 2, 5) =~ /^\-lh(\d+|d)\-$/) { # LHA Compress File
447
$Infomation .= "(lh$1)";
449
} elsif(substr($$DATA, 325, 25) eq "Apple Video Media Handler" || substr($$DATA, 325, 30) eq "Apple \x83\x72\x83\x66\x83\x49\x81\x45\x83\x81\x83\x66\x83\x42\x83\x41\x83\x6E\x83\x93\x83\x68\x83\x89") {
455
# Header analysis failure
457
# It will be followed if it applies for the MIME type from the browser.
458
foreach (keys %UPLOAD_CONTENT_TYPE_LIST) {
460
if($ContentType =~ /^$_$/i) {
461
$Ext = $UPLOAD_CONTENT_TYPE_LIST{$_};
462
$ContentName = &CheckContentExt($Ext);
486
$Infomation .= ' / Header analysis failure';
488
if($Ext ne $FileExt && &CheckContentExt($FileExt) eq $ContentName) {
494
# a MIME type is unknown--It judges from an extension.
496
$ContentName = &CheckContentExt($FileExt);
499
$Infomation .= ' / MIME type is unknown('. $ContentType. ')';
505
# $ContentName = &CheckContentExt($Ext) unless($ContentName);
506
# if($Ext && $ContentName) {
507
# $ContentName .= $Infomation;
511
# "$FileName A not corresponding extension ($Ext)<BR>The extension which can be responded ". join(',', sort values(%UPLOAD_EXT_LIST))
516
# if($Ext =~ /.?html?/ && $$DATA =~ /<\!/) {
525
# $$DATA =~ s/\#\s*$_/\&\#35\;$_/ig
532
int($DataLength / 1024 + 1),
539
##############################################################################
542
# Extension discernment
547
##############################################################################
554
foreach (keys %UPLOAD_EXT_LIST) {
556
if($_ && $Ext =~ /^$_$/) {
557
$ContentName = $UPLOAD_EXT_LIST{$_};
565
##############################################################################
573
##############################################################################
577
my($value,$Trans) = @_;
579
# my $FormCode = &jcode::getcode($value) || $FormCodeDefault;
580
# $FormCodeDefault ||= $FormCode;
582
# if($Trans && $TRANS_2BYTE_CODE) {
583
# if($FormCode ne 'euc') {
584
# &jcode::convert($value, 'euc', $FormCode);
588
# "\xA3\xB0-\xA3\xB9\xA3\xC1-\xA3\xDA\xA3\xE1-\xA3\xFA",
591
# if($CHARCODE ne 'euc') {
592
# &jcode::convert($value,$CHARCODE,'euc');
595
# if($CHARCODE ne $FormCode) {
596
# &jcode::convert($value,$CHARCODE,$FormCode);
599
# if($CHARCODE eq 'euc') {
600
# &jcode::h2z_euc($value);
601
# } elsif($CHARCODE eq 'sjis') {
602
# &jcode::h2z_sjis($value);
607
##############################################################################
615
##############################################################################
620
local($error_message) = $_[0];
621
local($error_message2) = $_[1];
623
print "Content-type: text/html\n\n";
627
<TITLE>Error Message</TITLE></HEAD>
629
<table border="1" cellspacing="10" cellpadding="10">
630
<TR bgcolor="#0000B0">
631
<TD bgcolor="#0000B0" NOWRAP><font size="-1" color="white"><B>Error Message</B></font></TD>
635
<H4> $error_message </H4>
641
&rm_tmp_uploaded_files; # Image Temporary deletion
645
##############################################################################
648
# Image Temporary deletion
653
##############################################################################
655
sub rm_tmp_uploaded_files
657
if($img_data_exists == 1){
659
foreach $fname_list(@NEWFNAMES) {
660
if(-e "$img_dir/$fname_list") {
661
unlink("$img_dir/$fname_list");
2
# FCKeditor - The text editor for Internet - http://www.fckeditor.net
3
# Copyright (C) 2003-2007 Frederico Caldeira Knabben
7
# Licensed under the terms of any of the following licenses at your
10
# - GNU General Public License Version 2 or later (the "GPL")
11
# http://www.gnu.org/licenses/gpl.html
13
# - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
14
# http://www.gnu.org/licenses/lgpl.html
16
# - Mozilla Public License Version 1.1 or later (the "MPL")
17
# http://www.mozilla.org/MPL/MPL-1.1.html
21
# This is the File Manager Connector for Perl.
28
# File size max(unit KB)
29
$MAX_CONTENT_SIZE = 30000;
31
# Filelock (1=use,0=not use)
35
# upload Content-Type list
36
my %UPLOAD_CONTENT_TYPE_LIST = (
37
'image/(x-)?png' => 'png', # PNG image
38
'image/p?jpe?g' => 'jpg', # JPEG image
39
'image/gif' => 'gif', # GIF image
40
'image/x-xbitmap' => 'xbm', # XBM image
42
'image/(x-(MS-)?)?bmp' => 'bmp', # Windows BMP image
43
'image/pict' => 'pict', # Macintosh PICT image
44
'image/tiff' => 'tif', # TIFF image
45
'application/pdf' => 'pdf', # PDF image
46
'application/x-shockwave-flash' => 'swf', # Shockwave Flash
48
'video/(x-)?msvideo' => 'avi', # Microsoft Video
49
'video/quicktime' => 'mov', # QuickTime Video
50
'video/mpeg' => 'mpeg', # MPEG Video
51
'video/x-mpeg2' => 'mpv2', # MPEG2 Video
53
'audio/(x-)?midi?' => 'mid', # MIDI Audio
54
'audio/(x-)?wav' => 'wav', # WAV Audio
55
'audio/basic' => 'au', # ULAW Audio
56
'audio/mpeg' => 'mpga', # MPEG Audio
58
'application/(x-)?zip(-compressed)?' => 'zip', # ZIP Compress
60
'text/html' => 'html', # HTML
61
'text/plain' => 'txt', # TEXT
62
'(?:application|text)/(?:rtf|richtext)' => 'rtf', # RichText
64
'application/msword' => 'doc', # Microsoft Word
65
'application/vnd.ms-excel' => 'xls', # Microsoft Excel
70
# Upload is permitted.
71
# A regular expression is possible.
72
my %UPLOAD_EXT_LIST = (
74
'p?jpe?g|jpe|jfif|pjp' => 'JPEG image',
78
'bmp|dib|rle' => 'Windows BMP image',
79
'pi?ct' => 'Macintosh PICT image',
80
'tiff?' => 'TIFF image',
82
'swf' => 'Shockwave Flash',
84
'avi' => 'Microsoft Video',
85
'moo?v|qt' => 'QuickTime Video',
86
'm(p(e?gv?|e|v)|1v)' => 'MPEG Video',
87
'mp(v2|2v)' => 'MPEG2 Video',
89
'midi?|kar|smf|rmi|mff' => 'MIDI Audio',
90
'wav' => 'WAVE Audio',
91
'au|snd' => 'ULAW Audio',
92
'mp(e?ga|2|a|3)|abs' => 'MPEG Audio',
94
'zip' => 'ZIP Compress',
95
'lzh' => 'LZH Compress',
96
'cab' => 'CAB Compress',
99
'rtf|rtx' => 'RichText',
100
'txt|text' => 'Text',
107
my $CHARCODE = 'sjis';
109
$TRANS_2BYTE_CODE = 0;
111
##############################################################################
119
##############################################################################
122
eval("use File::Copy;");
123
eval("use File::Path;");
128
mkdir($img_dir,0777);
129
chmod(0777,$img_dir);
131
undef $img_data_exists;
133
undef @NEWFNAME_DATA;
135
if($ENV{'CONTENT_LENGTH'} > 10000000 || $ENV{'CONTENT_LENGTH'} > $MAX_CONTENT_SIZE * 1024) {
139
"Transmitting size is too large.MAX <strong>%d KB</strong> Now Size <strong>%d KB</strong>(<strong>%d bytes</strong> Over)",
141
int($ENV{'CONTENT_LENGTH'} / 1024),
142
$ENV{'CONTENT_LENGTH'} - $MAX_CONTENT_SIZE * 1024
148
if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data/) {
150
return unless($ENV{'CONTENT_LENGTH'});
153
# STDIN A pause character is detected.'(MacIE3.0 boundary of $ENV{'CONTENT_TYPE'} cannot be trusted.)
154
my $Boundary = <STDIN>;
155
$Boundary =~ s/\x0D\x0A//;
156
$Boundary = quotemeta($Boundary);
158
if(/^\s*Content-Disposition:/i) {
159
my($name,$ContentType,$FileName);
161
if(/\bname="([^"]+)"/i || /\bname=([^\s:;]+)/i) {
164
$name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
167
if(/\bfilename="([^"]*)"/i || /\bfilename=([^\s:;]*)/i) {
168
$FileName = $1 || 'unknown';
173
if(/^\s*Content-Type:\s*"([^"]+)"/i || /^\s*Content-Type:\s*([^\s:;]+)/i) {
180
last if(/^$Boundary/o);
184
$value =~s /\x0D\x0A$//;
186
if($FileName || $ContentType) {
187
$img_data_exists = 1;
195
) = &CheckContentType(\$value,$FileName,$ContentType);
197
$FORM{$name} = $FileName;
198
$new_fname = $FileName;
199
push(@NEWFNAME_DATA,"$FileName\t$Ext\t$Length\t$ImageWidth\t$ImageHeight\t$ContentName");
201
# Multi-upload correspondence
202
push(@NEWFNAMES,$new_fname);
203
open(OUT,">$img_dir/$new_fname");
205
eval "flock(OUT,2);" if($PM{'flock'} == 1);
207
eval "flock(OUT,8);" if($PM{'flock'} == 1);
212
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
213
&Encode(\$value,'trans');
214
$FORM{$name} .= "\0" if(defined($FORM{$name}));
215
$FORM{$name} .= $value;
219
last if($lastline =~ /^$Boundary\-\-/o);
221
} elsif($ENV{'CONTENT_LENGTH'}) {
222
read(STDIN,$Buffer,$ENV{'CONTENT_LENGTH'});
224
foreach(split(/&/,$Buffer),split(/&/,$ENV{'QUERY_STRING'})) {
225
my($name, $value) = split(/=/);
227
$name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
229
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
232
&Encode(\$value,'trans');
233
$FORM{$name} .= "\0" if(defined($FORM{$name}));
234
$FORM{$name} .= $value;
240
##############################################################################
248
##############################################################################
252
my($DATA,$FileName,$ContentType) = @_;
253
my($Ext,$ImageWidth,$ImageHeight,$ContentName,$Infomation);
254
my $DataLength = length($$DATA);
256
# An unknown file type
261
|| /^application\/(x-)?macbinary$/i
262
|| /^application\/applefile$/i
263
|| /^application\/octet-stream$/i
265
|| /^x-unknown-content-type/i
268
# MacBinary(Mac Unnecessary data are deleted.)
269
if($UnknownType || $ENV{'HTTP_USER_AGENT'} =~ /Macintosh|Mac_/) {
270
if($DataLength > 128 && !unpack("C",substr($$DATA,0,1)) && !unpack("C",substr($$DATA,74,1)) && !unpack("C",substr($$DATA,82,1)) ) {
271
my $MacBinary_ForkLength = unpack("N", substr($$DATA, 83, 4)); # ForkLength Get
272
my $MacBinary_FileName = quotemeta(substr($$DATA, 2, unpack("C",substr($$DATA, 1, 1))));
273
if($MacBinary_FileName && $MacBinary_ForkLength && $DataLength >= $MacBinary_ForkLength + 128
274
&& ($FileName =~ /$MacBinary_FileName/i || substr($$DATA,102,4) eq 'mBIN')) { # DATA TOP 128byte MacBinary!!
275
$$DATA = substr($$DATA,128,$MacBinary_ForkLength);
276
my $ResourceLength = $DataLength - $MacBinary_ForkLength - 128;
277
$DataLength = $MacBinary_ForkLength;
282
# A file name is changed into EUC.
283
# &jcode::convert(\$FileName,'euc',$FormCodeDefault);
284
# &jcode::h2z_euc(\$FileName);
285
$FileName =~ s/^.*\\//; # Windows, Mac
286
$FileName =~ s/^.*\///; # UNIX
287
$FileName =~ s/&/&/g;
288
$FileName =~ s/"/"/g;
289
$FileName =~ s/</</g;
290
$FileName =~ s/>/>/g;
292
# if($CHARCODE ne 'euc') {
293
# &jcode::convert(\$FileName,$CHARCODE,'euc');
296
# An extension is extracted and it changes into a small letter.
298
if($FileName =~ /\.(\w+)$/) {
300
$FileExt =~ tr/A-Z/a-z/;
303
# Executable file detection (ban on upload)
304
if($$DATA =~ /^MZ/) {
308
if(!$Ext && ($UnknownType || $ContentType =~ /^text\//i || $ContentType =~ /^application\/(?:rtf|richtext)$/i || $ContentType =~ /^image\/x-xbitmap$/i)
309
&& ! $$DATA =~ /[\000-\006\177\377]/) {
310
# $$DATA =~ s/\x0D\x0A/\n/g;
311
# $$DATA =~ tr/\x0D\x0A/\n\n/;
314
# $$DATA =~ /<\s*SCRIPT(?:.|\n)*?>/i
315
# || $$DATA =~ /<\s*(?:.|\n)*?\bONLOAD\s*=(?:.|\n)*?>/i
316
# || $$DATA =~ /<\s*(?:.|\n)*?\bONCLICK\s*=(?:.|\n)*?>/i
318
# $Infomation = '(JavaScript contains)';
320
# if($$DATA =~ /<\s*TABLE(?:.|\n)*?>/i
321
# || $$DATA =~ /<\s*BLINK(?:.|\n)*?>/i
322
# || $$DATA =~ /<\s*MARQUEE(?:.|\n)*?>/i
323
# || $$DATA =~ /<\s*OBJECT(?:.|\n)*?>/i
324
# || $$DATA =~ /<\s*EMBED(?:.|\n)*?>/i
325
# || $$DATA =~ /<\s*FRAME(?:.|\n)*?>/i
326
# || $$DATA =~ /<\s*APPLET(?:.|\n)*?>/i
327
# || $$DATA =~ /<\s*FORM(?:.|\n)*?>/i
328
# || $$DATA =~ /<\s*(?:.|\n)*?\bSRC\s*=(?:.|\n)*?>/i
329
# || $$DATA =~ /<\s*(?:.|\n)*?\bDYNSRC\s*=(?:.|\n)*?>/i
331
# $Infomation = '(the HTML tag which is not safe is included)';
334
if($FileExt =~ /^txt$/i || $FileExt =~ /^cgi$/i || $FileExt =~ /^pl$/i) { # Text File
336
} elsif($ContentType =~ /^text\/html$/i || $FileExt =~ /html?/i || $$DATA =~ /<\s*HTML(?:.|\n)*?>/i) { # HTML File
338
} elsif($ContentType =~ /^image\/x-xbitmap$/i || $FileExt =~ /^xbm$/i) { # XBM(x-BitMap) Image
340
my ($XbmWidth, $XbmHeight);
341
if($$DATA =~ /\#define\s*$XbmName\_width\s*(\d+)/i) {
344
if($$DATA =~ /\#define\s*$XbmName\_height\s*(\d+)/i) {
347
if($XbmWidth && $XbmHeight) {
349
$ImageWidth = $XbmWidth;
350
$ImageHeight = $XbmHeight;
358
if(!$Ext && ($UnknownType || $ContentType =~ /^image\//i)) {
360
if($$DATA =~ /^\x89PNG\x0D\x0A\x1A\x0A/) {
361
if(substr($$DATA, 12, 4) eq 'IHDR') {
363
($ImageWidth, $ImageHeight) = unpack("N2", substr($$DATA, 16, 8));
365
} elsif($$DATA =~ /^GIF8(?:9|7)a/) { # GIF89a(modified), GIF89a, GIF87a
367
($ImageWidth, $ImageHeight) = unpack("v2", substr($$DATA, 6, 4));
368
} elsif($$DATA =~ /^II\x2a\x00\x08\x00\x00\x00/ || $$DATA =~ /^MM\x00\x2a\x00\x00\x00\x08/) { # TIFF
370
} elsif($$DATA =~ /^BM/) { # BMP
372
} elsif($$DATA =~ /^\xFF\xD8\xFF/ || $$DATA =~ /JFIF/) { # JPEG
373
my $HeaderPoint = index($$DATA, "\xFF\xD8\xFF", 0);
374
my $Point = $HeaderPoint + 2;
375
while($Point < $DataLength) {
376
my($Maker, $MakerType, $MakerLength) = unpack("C2n",substr($$DATA,$Point,4));
377
if($Maker != 0xFF || $MakerType == 0xd9 || $MakerType == 0xda) {
379
} elsif($MakerType >= 0xC0 && $MakerType <= 0xC3) {
381
($ImageHeight, $ImageWidth) = unpack("n2", substr($$DATA, $Point + 5, 4));
382
if($HeaderPoint > 0) {
383
$$DATA = substr($$DATA, $HeaderPoint);
384
$DataLength = length($$DATA);
388
$Point += $MakerLength + 2;
395
if(!$Ext && ($UnknownType || $ContentType =~ /^audio\//i)) {
397
if($$DATA =~ /^MThd/) {
399
} elsif($$DATA =~ /^\x2esnd/) { # ULAW Audio
401
} elsif($$DATA =~ /^RIFF/ || $$DATA =~ /^ID3/ && $$DATA =~ /RIFF/) {
402
my $HeaderPoint = index($$DATA, "RIFF", 0);
403
$_ = substr($$DATA, $HeaderPoint + 8, 8);
406
if(unpack("V",substr($$DATA, $HeaderPoint + 16, 4)) == 16) {
408
} else { # RIFF WAVE MP3
411
} elsif(/^RMIDdata$/) { # RIFF MIDI
413
} elsif(/^RMP3data$/) { # RIFF MP3
416
if($ContentType =~ /^audio\//i) {
417
$Infomation .= '(RIFF '. substr($$DATA, $HeaderPoint + 8, 4). ')';
425
if($$DATA =~ /^\%PDF/) {
426
# Picture size is not measured.
428
} elsif($$DATA =~ /^FWS/) { # Shockwave Flash
430
} elsif($$DATA =~ /^RIFF/ || $$DATA =~ /^ID3/ && $$DATA =~ /RIFF/) {
431
my $HeaderPoint = index($$DATA, "RIFF", 0);
432
$_ = substr($$DATA,$HeaderPoint + 8, 8);
437
if($ContentType =~ /^video\//i) {
438
$Infomation .= '(RIFF '. substr($$DATA, $HeaderPoint + 8, 4). ')';
440
} elsif($$DATA =~ /^PK/) { # ZIP Compress File
442
} elsif($$DATA =~ /^MSCF/) { # CAB Compress File
444
} elsif($$DATA =~ /^Rar\!/) { # RAR Compress File
446
} elsif(substr($$DATA, 2, 5) =~ /^\-lh(\d+|d)\-$/) { # LHA Compress File
447
$Infomation .= "(lh$1)";
449
} elsif(substr($$DATA, 325, 25) eq "Apple Video Media Handler" || substr($$DATA, 325, 30) eq "Apple \x83\x72\x83\x66\x83\x49\x81\x45\x83\x81\x83\x66\x83\x42\x83\x41\x83\x6E\x83\x93\x83\x68\x83\x89") {
455
# Header analysis failure
457
# It will be followed if it applies for the MIME type from the browser.
458
foreach (keys %UPLOAD_CONTENT_TYPE_LIST) {
460
if($ContentType =~ /^$_$/i) {
461
$Ext = $UPLOAD_CONTENT_TYPE_LIST{$_};
462
$ContentName = &CheckContentExt($Ext);
486
$Infomation .= ' / Header analysis failure';
488
if($Ext ne $FileExt && &CheckContentExt($FileExt) eq $ContentName) {
494
# a MIME type is unknown--It judges from an extension.
496
$ContentName = &CheckContentExt($FileExt);
499
$Infomation .= ' / MIME type is unknown('. $ContentType. ')';
505
# $ContentName = &CheckContentExt($Ext) unless($ContentName);
506
# if($Ext && $ContentName) {
507
# $ContentName .= $Infomation;
511
# "$FileName A not corresponding extension ($Ext)<BR>The extension which can be responded ". join(',', sort values(%UPLOAD_EXT_LIST))
516
# if($Ext =~ /.?html?/ && $$DATA =~ /<\!/) {
525
# $$DATA =~ s/\#\s*$_/\&\#35\;$_/ig
532
int($DataLength / 1024 + 1),
539
##############################################################################
542
# Extension discernment
547
##############################################################################
554
foreach (keys %UPLOAD_EXT_LIST) {
556
if($_ && $Ext =~ /^$_$/) {
557
$ContentName = $UPLOAD_EXT_LIST{$_};
565
##############################################################################
573
##############################################################################
577
my($value,$Trans) = @_;
579
# my $FormCode = &jcode::getcode($value) || $FormCodeDefault;
580
# $FormCodeDefault ||= $FormCode;
582
# if($Trans && $TRANS_2BYTE_CODE) {
583
# if($FormCode ne 'euc') {
584
# &jcode::convert($value, 'euc', $FormCode);
588
# "\xA3\xB0-\xA3\xB9\xA3\xC1-\xA3\xDA\xA3\xE1-\xA3\xFA",
591
# if($CHARCODE ne 'euc') {
592
# &jcode::convert($value,$CHARCODE,'euc');
595
# if($CHARCODE ne $FormCode) {
596
# &jcode::convert($value,$CHARCODE,$FormCode);
599
# if($CHARCODE eq 'euc') {
600
# &jcode::h2z_euc($value);
601
# } elsif($CHARCODE eq 'sjis') {
602
# &jcode::h2z_sjis($value);
607
##############################################################################
615
##############################################################################
620
local($error_message) = $_[0];
621
local($error_message2) = $_[1];
623
print "Content-type: text/html\n\n";
627
<TITLE>Error Message</TITLE></HEAD>
629
<table border="1" cellspacing="10" cellpadding="10">
630
<TR bgcolor="#0000B0">
631
<TD bgcolor="#0000B0" NOWRAP><font size="-1" color="white"><B>Error Message</B></font></TD>
635
<H4> $error_message </H4>
641
&rm_tmp_uploaded_files; # Image Temporary deletion
645
##############################################################################
648
# Image Temporary deletion
653
##############################################################################
655
sub rm_tmp_uploaded_files
657
if($img_data_exists == 1){
659
foreach $fname_list(@NEWFNAMES) {
660
if(-e "$img_dir/$fname_list") {
661
unlink("$img_dir/$fname_list");